Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(67)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: openssl/apps/apps.c

Issue 9254031: Upgrade chrome's OpenSSL to same version Android ships with. (Closed) Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/
Patch Set: '' Created 8 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « openssl/apps/apps.h ('k') | openssl/apps/asn1pars.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* apps/apps.c */ 1 /* apps/apps.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
(...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE. 103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ==================================================================== 104 * ====================================================================
105 * 105 *
106 * This product includes cryptographic software written by Eric Young 106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim 107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com). 108 * Hudson (tjh@cryptsoft.com).
109 * 109 *
110 */ 110 */
111 111
112 #ifndef _POSIX_C_SOURCE
113 #define _POSIX_C_SOURCE 2 /* On VMS, you need to define this to get
114 the declaration of fileno(). The value
115 2 is to make sure no function defined
116 in POSIX-2 is left undefined. */
117 #endif
112 #include <stdio.h> 118 #include <stdio.h>
113 #include <stdlib.h> 119 #include <stdlib.h>
114 #include <string.h> 120 #include <string.h>
121 #if !defined(OPENSSL_SYSNAME_WIN32) && !defined(NETWARE_CLIB)
122 #include <strings.h>
123 #endif
115 #include <sys/types.h> 124 #include <sys/types.h>
116 #include <sys/stat.h>
117 #include <ctype.h> 125 #include <ctype.h>
126 #include <errno.h>
118 #include <assert.h> 127 #include <assert.h>
119 #include <openssl/err.h> 128 #include <openssl/err.h>
120 #include <openssl/x509.h> 129 #include <openssl/x509.h>
121 #include <openssl/x509v3.h> 130 #include <openssl/x509v3.h>
122 #include <openssl/pem.h> 131 #include <openssl/pem.h>
123 #include <openssl/pkcs12.h> 132 #include <openssl/pkcs12.h>
124 #include <openssl/ui.h> 133 #include <openssl/ui.h>
125 #include <openssl/safestack.h> 134 #include <openssl/safestack.h>
126 #ifndef OPENSSL_NO_ENGINE 135 #ifndef OPENSSL_NO_ENGINE
127 #include <openssl/engine.h> 136 #include <openssl/engine.h>
128 #endif 137 #endif
129 #ifndef OPENSSL_NO_RSA 138 #ifndef OPENSSL_NO_RSA
130 #include <openssl/rsa.h> 139 #include <openssl/rsa.h>
131 #endif 140 #endif
132 #include <openssl/bn.h> 141 #include <openssl/bn.h>
133 #ifndef OPENSSL_NO_JPAKE 142 #ifndef OPENSSL_NO_JPAKE
134 #include <openssl/jpake.h> 143 #include <openssl/jpake.h>
135 #endif 144 #endif
136 145
137 #define NON_MAIN 146 #define NON_MAIN
138 #include "apps.h" 147 #include "apps.h"
139 #undef NON_MAIN 148 #undef NON_MAIN
140 149
150 #ifdef _WIN32
151 static int WIN32_rename(const char *from, const char *to);
152 #define rename(from,to) WIN32_rename((from),(to))
153 #endif
154
141 typedef struct { 155 typedef struct {
142 const char *name; 156 const char *name;
143 unsigned long flag; 157 unsigned long flag;
144 unsigned long mask; 158 unsigned long mask;
145 } NAME_EX_TBL; 159 } NAME_EX_TBL;
146 160
147 static UI_METHOD *ui_method = NULL; 161 static UI_METHOD *ui_method = NULL;
148 162
149 static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_T BL *in_tbl); 163 static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_T BL *in_tbl);
150 static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_T BL *in_tbl); 164 static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_T BL *in_tbl);
151 165
152 #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) 166 #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
153 /* Looks like this stuff is worth moving into separate function */ 167 /* Looks like this stuff is worth moving into separate function */
154 static EVP_PKEY * 168 static EVP_PKEY *
155 load_netscape_key(BIO *err, BIO *key, const char *file, 169 load_netscape_key(BIO *err, BIO *key, const char *file,
156 const char *key_descrip, int format); 170 const char *key_descrip, int format);
157 #endif 171 #endif
158 172
159 int app_init(long mesgwin); 173 int app_init(long mesgwin);
160 #ifdef undef /* never finished - probably never will be :-) */ 174 #ifdef undef /* never finished - probably never will be :-) */
161 int args_from_file(char *file, int *argc, char **argv[]) 175 int args_from_file(char *file, int *argc, char **argv[])
162 { 176 {
163 FILE *fp; 177 FILE *fp;
164 int num,i; 178 int num,i;
165 unsigned int len; 179 unsigned int len;
166 static char *buf=NULL; 180 static char *buf=NULL;
167 static char **arg=NULL; 181 static char **arg=NULL;
168 char *p; 182 char *p;
169 struct stat stbuf;
170
171 if (stat(file,&stbuf) < 0) return(0);
172 183
173 fp=fopen(file,"r"); 184 fp=fopen(file,"r");
174 if (fp == NULL) 185 if (fp == NULL)
175 return(0); 186 return(0);
176 187
188 if (fseek(fp,0,SEEK_END)==0)
189 len=ftell(fp), rewind(fp);
190 else len=-1;
191 if (len<=0)
192 {
193 fclose(fp);
194 return(0);
195 }
196
177 *argc=0; 197 *argc=0;
178 *argv=NULL; 198 *argv=NULL;
179 199
180 len=(unsigned int)stbuf.st_size;
181 if (buf != NULL) OPENSSL_free(buf); 200 if (buf != NULL) OPENSSL_free(buf);
182 buf=(char *)OPENSSL_malloc(len+1); 201 buf=(char *)OPENSSL_malloc(len+1);
183 if (buf == NULL) return(0); 202 if (buf == NULL) return(0);
184 203
185 len=fread(buf,1,len,fp); 204 len=fread(buf,1,len,fp);
186 if (len <= 1) return(0); 205 if (len <= 1) return(0);
187 buf[len]='\0'; 206 buf[len]='\0';
188 207
189 i=0; 208 i=0;
190 for (p=buf; *p; p++) 209 for (p=buf; *p; p++)
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after
231 /* else *p == '\n' */ 250 /* else *p == '\n' */
232 *(p++)='\0'; 251 *(p++)='\0';
233 } 252 }
234 *argc=num; 253 *argc=num;
235 return(1); 254 return(1);
236 } 255 }
237 #endif 256 #endif
238 257
239 int str2fmt(char *s) 258 int str2fmt(char *s)
240 { 259 {
260 if (s == NULL)
261 return FORMAT_UNDEF;
241 if ((*s == 'D') || (*s == 'd')) 262 if ((*s == 'D') || (*s == 'd'))
242 return(FORMAT_ASN1); 263 return(FORMAT_ASN1);
243 else if ((*s == 'T') || (*s == 't')) 264 else if ((*s == 'T') || (*s == 't'))
244 return(FORMAT_TEXT); 265 return(FORMAT_TEXT);
245 » else if ((*s == 'P') || (*s == 'p')) 266 » else if ((*s == 'N') || (*s == 'n'))
246 » » return(FORMAT_PEM); 267 » » return(FORMAT_NETSCAPE);
247 » else if ((*s == 'N') || (*s == 'n')) 268 » else if ((*s == 'S') || (*s == 's'))
248 » » return(FORMAT_NETSCAPE); 269 » » return(FORMAT_SMIME);
249 » else if ((*s == 'S') || (*s == 's')) 270 » else if ((*s == 'M') || (*s == 'm'))
250 » » return(FORMAT_SMIME); 271 » » return(FORMAT_MSBLOB);
251 else if ((*s == '1') 272 else if ((*s == '1')
252 || (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0) 273 || (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
253 || (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0)) 274 || (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
254 return(FORMAT_PKCS12); 275 return(FORMAT_PKCS12);
255 else if ((*s == 'E') || (*s == 'e')) 276 else if ((*s == 'E') || (*s == 'e'))
256 return(FORMAT_ENGINE); 277 return(FORMAT_ENGINE);
278 else if ((*s == 'P') || (*s == 'p'))
279 {
280 if (s[1] == 'V' || s[1] == 'v')
281 return FORMAT_PVK;
282 else
283 return(FORMAT_PEM);
284 }
257 else 285 else
258 return(FORMAT_UNDEF); 286 return(FORMAT_UNDEF);
259 } 287 }
260 288
261 #if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_ SYS_WIN16) || defined(OPENSSL_SYS_NETWARE) 289 #if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_ SYS_WIN16) || defined(OPENSSL_SYS_NETWARE)
262 void program_name(char *in, char *out, int size) 290 void program_name(char *in, char *out, int size)
263 { 291 {
264 int i,n; 292 int i,n;
265 char *p=NULL; 293 char *p=NULL;
266 294
(...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after
344 p++; 372 p++;
345 else 373 else
346 p=in; 374 p=in;
347 BUF_strlcpy(out,p,size); 375 BUF_strlcpy(out,p,size);
348 } 376 }
349 #endif 377 #endif
350 #endif 378 #endif
351 379
352 int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[]) 380 int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
353 { 381 {
354 » int num,len,i; 382 » int num,i;
355 char *p; 383 char *p;
356 384
357 *argc=0; 385 *argc=0;
358 *argv=NULL; 386 *argv=NULL;
359 387
360 len=strlen(buf);
361 i=0; 388 i=0;
362 if (arg->count == 0) 389 if (arg->count == 0)
363 { 390 {
364 arg->count=20; 391 arg->count=20;
365 arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count); 392 arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count);
366 } 393 }
367 for (i=0; i<arg->count; i++) 394 for (i=0; i<arg->count; i++)
368 arg->data[i]=NULL; 395 arg->data[i]=NULL;
369 396
370 num=0; 397 num=0;
(...skipping 261 matching lines...) Expand 10 before | Expand all | Expand 10 after
632 } 659 }
633 return BUF_strdup(tmp); 660 return BUF_strdup(tmp);
634 } 661 }
635 if(!keepbio || !pwdbio) { 662 if(!keepbio || !pwdbio) {
636 if(!strncmp(arg, "file:", 5)) { 663 if(!strncmp(arg, "file:", 5)) {
637 pwdbio = BIO_new_file(arg + 5, "r"); 664 pwdbio = BIO_new_file(arg + 5, "r");
638 if(!pwdbio) { 665 if(!pwdbio) {
639 BIO_printf(err, "Can't open file %s\n", arg + 5) ; 666 BIO_printf(err, "Can't open file %s\n", arg + 5) ;
640 return NULL; 667 return NULL;
641 } 668 }
669 #if !defined(_WIN32)
670 /*
671 * Under _WIN32, which covers even Win64 and CE, file
672 * descriptors referenced by BIO_s_fd are not inherited
673 * by child process and therefore below is not an option.
674 * It could have been an option if bss_fd.c was operating
675 * on real Windows descriptors, such as those obtained
676 * with CreateFile.
677 */
642 } else if(!strncmp(arg, "fd:", 3)) { 678 } else if(!strncmp(arg, "fd:", 3)) {
643 BIO *btmp; 679 BIO *btmp;
644 i = atoi(arg + 3); 680 i = atoi(arg + 3);
645 if(i >= 0) pwdbio = BIO_new_fd(i, BIO_NOCLOSE); 681 if(i >= 0) pwdbio = BIO_new_fd(i, BIO_NOCLOSE);
646 if((i < 0) || !pwdbio) { 682 if((i < 0) || !pwdbio) {
647 BIO_printf(err, "Can't access file descriptor %s \n", arg + 3); 683 BIO_printf(err, "Can't access file descriptor %s \n", arg + 3);
648 return NULL; 684 return NULL;
649 } 685 }
650 /* Can't do BIO_gets on an fd BIO so add a buffering BIO */ 686 /* Can't do BIO_gets on an fd BIO so add a buffering BIO */
651 btmp = BIO_new(BIO_f_buffer()); 687 btmp = BIO_new(BIO_f_buffer());
652 pwdbio = BIO_push(btmp, pwdbio); 688 pwdbio = BIO_push(btmp, pwdbio);
689 #endif
653 } else if(!strcmp(arg, "stdin")) { 690 } else if(!strcmp(arg, "stdin")) {
654 pwdbio = BIO_new_fp(stdin, BIO_NOCLOSE); 691 pwdbio = BIO_new_fp(stdin, BIO_NOCLOSE);
655 if(!pwdbio) { 692 if(!pwdbio) {
656 BIO_printf(err, "Can't open BIO for stdin\n"); 693 BIO_printf(err, "Can't open BIO for stdin\n");
657 return NULL; 694 return NULL;
658 } 695 }
659 } else { 696 } else {
660 BIO_printf(err, "Invalid password argument \"%s\"\n", ar g); 697 BIO_printf(err, "Invalid password argument \"%s\"\n", ar g);
661 return NULL; 698 return NULL;
662 } 699 }
(...skipping 79 matching lines...) Expand 10 before | Expand all | Expand 10 after
742 ret = PKCS12_parse(p12, pass, pkey, cert, ca); 779 ret = PKCS12_parse(p12, pass, pkey, cert, ca);
743 die: 780 die:
744 if (p12) 781 if (p12)
745 PKCS12_free(p12); 782 PKCS12_free(p12);
746 return ret; 783 return ret;
747 } 784 }
748 785
749 X509 *load_cert(BIO *err, const char *file, int format, 786 X509 *load_cert(BIO *err, const char *file, int format,
750 const char *pass, ENGINE *e, const char *cert_descrip) 787 const char *pass, ENGINE *e, const char *cert_descrip)
751 { 788 {
752 ASN1_HEADER *ah=NULL;
753 BUF_MEM *buf=NULL;
754 X509 *x=NULL; 789 X509 *x=NULL;
755 BIO *cert; 790 BIO *cert;
756 791
757 if ((cert=BIO_new(BIO_s_file())) == NULL) 792 if ((cert=BIO_new(BIO_s_file())) == NULL)
758 { 793 {
759 ERR_print_errors(err); 794 ERR_print_errors(err);
760 goto end; 795 goto end;
761 } 796 }
762 797
763 if (file == NULL) 798 if (file == NULL)
764 { 799 {
800 #ifdef _IONBF
801 # ifndef OPENSSL_NO_SETVBUF_IONBF
765 setvbuf(stdin, NULL, _IONBF, 0); 802 setvbuf(stdin, NULL, _IONBF, 0);
803 # endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
804 #endif
766 BIO_set_fp(cert,stdin,BIO_NOCLOSE); 805 BIO_set_fp(cert,stdin,BIO_NOCLOSE);
767 } 806 }
768 else 807 else
769 { 808 {
770 if (BIO_read_filename(cert,file) <= 0) 809 if (BIO_read_filename(cert,file) <= 0)
771 { 810 {
772 BIO_printf(err, "Error opening %s %s\n", 811 BIO_printf(err, "Error opening %s %s\n",
773 cert_descrip, file); 812 cert_descrip, file);
774 ERR_print_errors(err); 813 ERR_print_errors(err);
775 goto end; 814 goto end;
776 } 815 }
777 } 816 }
778 817
779 if (format == FORMAT_ASN1) 818 if (format == FORMAT_ASN1)
780 x=d2i_X509_bio(cert,NULL); 819 x=d2i_X509_bio(cert,NULL);
781 else if (format == FORMAT_NETSCAPE) 820 else if (format == FORMAT_NETSCAPE)
782 { 821 {
783 » » const unsigned char *p,*op; 822 » » NETSCAPE_X509 *nx;
784 » » int size=0,i; 823 » » nx=ASN1_item_d2i_bio(ASN1_ITEM_rptr(NETSCAPE_X509),cert,NULL);
824 » » if (nx == NULL)
825 » » » » goto end;
785 826
786 » » /* We sort of have to do it this way because it is sort of nice 827 » » if ((strncmp(NETSCAPE_CERT_HDR,(char *)nx->header->data,
787 » » * to read the header first and check it, then 828 » » » nx->header->length) != 0))
788 » » * try to read the certificate */
789 » » buf=BUF_MEM_new();
790 » » for (;;)
791 { 829 {
792 » » » if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10))) 830 » » » NETSCAPE_X509_free(nx);
793 » » » » goto end;
794 » » » i=BIO_read(cert,&(buf->data[size]),1024*10);
795 » » » size+=i;
796 » » » if (i == 0) break;
797 » » » if (i < 0)
798 » » » » {
799 » » » » perror("reading certificate");
800 » » » » goto end;
801 » » » » }
802 » » » }
803 » » p=(unsigned char *)buf->data;
804 » » op=p;
805
806 » » /* First load the header */
807 » » if ((ah=d2i_ASN1_HEADER(NULL,&p,(long)size)) == NULL)
808 » » » goto end;
809 » » if ((ah->header == NULL) || (ah->header->data == NULL) ||
810 » » » (strncmp(NETSCAPE_CERT_HDR,(char *)ah->header->data,
811 » » » ah->header->length) != 0))
812 » » » {
813 BIO_printf(err,"Error reading header on certificate\n"); 831 BIO_printf(err,"Error reading header on certificate\n");
814 goto end; 832 goto end;
815 } 833 }
816 » » /* header is ok, so now read the object */ 834 » » x=nx->cert;
817 » » p=op; 835 » » nx->cert = NULL;
818 » » ah->meth=X509_asn1_meth(); 836 » » NETSCAPE_X509_free(nx);
819 » » if ((ah=d2i_ASN1_HEADER(&ah,&p,(long)size)) == NULL)
820 » » » goto end;
821 » » x=(X509 *)ah->data;
822 » » ah->data=NULL;
823 } 837 }
824 else if (format == FORMAT_PEM) 838 else if (format == FORMAT_PEM)
825 x=PEM_read_bio_X509_AUX(cert,NULL, 839 x=PEM_read_bio_X509_AUX(cert,NULL,
826 (pem_password_cb *)password_callback, NULL); 840 (pem_password_cb *)password_callback, NULL);
827 else if (format == FORMAT_PKCS12) 841 else if (format == FORMAT_PKCS12)
828 { 842 {
829 if (!load_pkcs12(err, cert,cert_descrip, NULL, NULL, 843 if (!load_pkcs12(err, cert,cert_descrip, NULL, NULL,
830 NULL, &x, NULL)) 844 NULL, &x, NULL))
831 goto end; 845 goto end;
832 } 846 }
833 else { 847 else {
834 BIO_printf(err,"bad input format specified for %s\n", 848 BIO_printf(err,"bad input format specified for %s\n",
835 cert_descrip); 849 cert_descrip);
836 goto end; 850 goto end;
837 } 851 }
838 end: 852 end:
839 if (x == NULL) 853 if (x == NULL)
840 { 854 {
841 BIO_printf(err,"unable to load certificate\n"); 855 BIO_printf(err,"unable to load certificate\n");
842 ERR_print_errors(err); 856 ERR_print_errors(err);
843 } 857 }
844 if (ah != NULL) ASN1_HEADER_free(ah);
845 if (cert != NULL) BIO_free(cert); 858 if (cert != NULL) BIO_free(cert);
846 if (buf != NULL) BUF_MEM_free(buf);
847 return(x); 859 return(x);
848 } 860 }
849 861
850 EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin, 862 EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
851 const char *pass, ENGINE *e, const char *key_descrip) 863 const char *pass, ENGINE *e, const char *key_descrip)
852 { 864 {
853 BIO *key=NULL; 865 BIO *key=NULL;
854 EVP_PKEY *pkey=NULL; 866 EVP_PKEY *pkey=NULL;
855 PW_CB_DATA cb_data; 867 PW_CB_DATA cb_data;
856 868
(...skipping 24 matching lines...) Expand all
881 } 893 }
882 #endif 894 #endif
883 key=BIO_new(BIO_s_file()); 895 key=BIO_new(BIO_s_file());
884 if (key == NULL) 896 if (key == NULL)
885 { 897 {
886 ERR_print_errors(err); 898 ERR_print_errors(err);
887 goto end; 899 goto end;
888 } 900 }
889 if (file == NULL && maybe_stdin) 901 if (file == NULL && maybe_stdin)
890 { 902 {
903 #ifdef _IONBF
904 # ifndef OPENSSL_NO_SETVBUF_IONBF
891 setvbuf(stdin, NULL, _IONBF, 0); 905 setvbuf(stdin, NULL, _IONBF, 0);
906 # endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
907 #endif
892 BIO_set_fp(key,stdin,BIO_NOCLOSE); 908 BIO_set_fp(key,stdin,BIO_NOCLOSE);
893 } 909 }
894 else 910 else
895 if (BIO_read_filename(key,file) <= 0) 911 if (BIO_read_filename(key,file) <= 0)
896 { 912 {
897 BIO_printf(err, "Error opening %s %s\n", 913 BIO_printf(err, "Error opening %s %s\n",
898 key_descrip, file); 914 key_descrip, file);
899 ERR_print_errors(err); 915 ERR_print_errors(err);
900 goto end; 916 goto end;
901 } 917 }
(...skipping 10 matching lines...) Expand all
912 else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC) 928 else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
913 pkey = load_netscape_key(err, key, file, key_descrip, format); 929 pkey = load_netscape_key(err, key, file, key_descrip, format);
914 #endif 930 #endif
915 else if (format == FORMAT_PKCS12) 931 else if (format == FORMAT_PKCS12)
916 { 932 {
917 if (!load_pkcs12(err, key, key_descrip, 933 if (!load_pkcs12(err, key, key_descrip,
918 (pem_password_cb *)password_callback, &cb_data, 934 (pem_password_cb *)password_callback, &cb_data,
919 &pkey, NULL, NULL)) 935 &pkey, NULL, NULL))
920 goto end; 936 goto end;
921 } 937 }
938 #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) && !defined (OPENSSL_NO _RC4)
939 else if (format == FORMAT_MSBLOB)
940 pkey = b2i_PrivateKey_bio(key);
941 else if (format == FORMAT_PVK)
942 pkey = b2i_PVK_bio(key, (pem_password_cb *)password_callback,
943 &cb_data);
944 #endif
922 else 945 else
923 { 946 {
924 BIO_printf(err,"bad input format specified for key file\n"); 947 BIO_printf(err,"bad input format specified for key file\n");
925 goto end; 948 goto end;
926 } 949 }
927 end: 950 end:
928 if (key != NULL) BIO_free(key); 951 if (key != NULL) BIO_free(key);
929 if (pkey == NULL) 952 if (pkey == NULL)
930 { 953 {
931 BIO_printf(err,"unable to load %s\n", key_descrip); 954 BIO_printf(err,"unable to load %s\n", key_descrip);
(...skipping 29 matching lines...) Expand all
961 } 984 }
962 #endif 985 #endif
963 key=BIO_new(BIO_s_file()); 986 key=BIO_new(BIO_s_file());
964 if (key == NULL) 987 if (key == NULL)
965 { 988 {
966 ERR_print_errors(err); 989 ERR_print_errors(err);
967 goto end; 990 goto end;
968 } 991 }
969 if (file == NULL && maybe_stdin) 992 if (file == NULL && maybe_stdin)
970 { 993 {
994 #ifdef _IONBF
995 # ifndef OPENSSL_NO_SETVBUF_IONBF
971 setvbuf(stdin, NULL, _IONBF, 0); 996 setvbuf(stdin, NULL, _IONBF, 0);
997 # endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
998 #endif
972 BIO_set_fp(key,stdin,BIO_NOCLOSE); 999 BIO_set_fp(key,stdin,BIO_NOCLOSE);
973 } 1000 }
974 else 1001 else
975 if (BIO_read_filename(key,file) <= 0) 1002 if (BIO_read_filename(key,file) <= 0)
976 { 1003 {
977 BIO_printf(err, "Error opening %s %s\n", 1004 BIO_printf(err, "Error opening %s %s\n",
978 key_descrip, file); 1005 key_descrip, file);
979 ERR_print_errors(err); 1006 ERR_print_errors(err);
980 goto end; 1007 goto end;
981 } 1008 }
982 if (format == FORMAT_ASN1) 1009 if (format == FORMAT_ASN1)
983 { 1010 {
984 pkey=d2i_PUBKEY_bio(key, NULL); 1011 pkey=d2i_PUBKEY_bio(key, NULL);
985 } 1012 }
1013 #ifndef OPENSSL_NO_RSA
1014 else if (format == FORMAT_ASN1RSA)
1015 {
1016 RSA *rsa;
1017 rsa = d2i_RSAPublicKey_bio(key, NULL);
1018 if (rsa)
1019 {
1020 pkey = EVP_PKEY_new();
1021 if (pkey)
1022 EVP_PKEY_set1_RSA(pkey, rsa);
1023 RSA_free(rsa);
1024 }
1025 else
1026 pkey = NULL;
1027 }
1028 else if (format == FORMAT_PEMRSA)
1029 {
1030 RSA *rsa;
1031 rsa = PEM_read_bio_RSAPublicKey(key, NULL,
1032 (pem_password_cb *)password_callback, &cb_data);
1033 if (rsa)
1034 {
1035 pkey = EVP_PKEY_new();
1036 if (pkey)
1037 EVP_PKEY_set1_RSA(pkey, rsa);
1038 RSA_free(rsa);
1039 }
1040 else
1041 pkey = NULL;
1042 }
1043 #endif
986 else if (format == FORMAT_PEM) 1044 else if (format == FORMAT_PEM)
987 { 1045 {
988 pkey=PEM_read_bio_PUBKEY(key,NULL, 1046 pkey=PEM_read_bio_PUBKEY(key,NULL,
989 (pem_password_cb *)password_callback, &cb_data); 1047 (pem_password_cb *)password_callback, &cb_data);
990 } 1048 }
991 #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) 1049 #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
992 else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC) 1050 else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
993 pkey = load_netscape_key(err, key, file, key_descrip, format); 1051 pkey = load_netscape_key(err, key, file, key_descrip, format);
994 #endif 1052 #endif
1053 #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
1054 else if (format == FORMAT_MSBLOB)
1055 pkey = b2i_PublicKey_bio(key);
1056 #endif
995 else 1057 else
996 { 1058 {
997 BIO_printf(err,"bad input format specified for key file\n"); 1059 BIO_printf(err,"bad input format specified for key file\n");
998 goto end; 1060 goto end;
999 } 1061 }
1000 end: 1062 end:
1001 if (key != NULL) BIO_free(key); 1063 if (key != NULL) BIO_free(key);
1002 if (pkey == NULL) 1064 if (pkey == NULL)
1003 BIO_printf(err,"unable to load %s\n", key_descrip); 1065 BIO_printf(err,"unable to load %s\n", key_descrip);
1004 return(pkey); 1066 return(pkey);
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after
1043 BUF_MEM_free(buf); 1105 BUF_MEM_free(buf);
1044 EVP_PKEY_set1_RSA(pkey, rsa); 1106 EVP_PKEY_set1_RSA(pkey, rsa);
1045 return pkey; 1107 return pkey;
1046 error: 1108 error:
1047 BUF_MEM_free(buf); 1109 BUF_MEM_free(buf);
1048 EVP_PKEY_free(pkey); 1110 EVP_PKEY_free(pkey);
1049 return NULL; 1111 return NULL;
1050 } 1112 }
1051 #endif /* ndef OPENSSL_NO_RC4 */ 1113 #endif /* ndef OPENSSL_NO_RC4 */
1052 1114
1053 STACK_OF(X509) *load_certs(BIO *err, const char *file, int format, 1115 static int load_certs_crls(BIO *err, const char *file, int format,
1054 » const char *pass, ENGINE *e, const char *cert_descrip) 1116 » const char *pass, ENGINE *e, const char *desc,
1117 » STACK_OF(X509) **pcerts, STACK_OF(X509_CRL) **pcrls)
1055 { 1118 {
1056 BIO *certs;
1057 int i; 1119 int i;
1058 » STACK_OF(X509) *othercerts = NULL; 1120 » BIO *bio;
1059 » STACK_OF(X509_INFO) *allcerts = NULL; 1121 » STACK_OF(X509_INFO) *xis = NULL;
1060 X509_INFO *xi; 1122 X509_INFO *xi;
1061 PW_CB_DATA cb_data; 1123 PW_CB_DATA cb_data;
1124 int rv = 0;
1062 1125
1063 cb_data.password = pass; 1126 cb_data.password = pass;
1064 cb_data.prompt_info = file; 1127 cb_data.prompt_info = file;
1065 1128
1066 » if((certs = BIO_new(BIO_s_file())) == NULL) 1129 » if (format != FORMAT_PEM)
1067 { 1130 {
1068 » » ERR_print_errors(err); 1131 » » BIO_printf(err,"bad input format specified for %s\n", desc);
1069 » » goto end; 1132 » » return 0;
1070 } 1133 }
1071 1134
1072 if (file == NULL) 1135 if (file == NULL)
1073 » » BIO_set_fp(certs,stdin,BIO_NOCLOSE); 1136 » » bio = BIO_new_fp(stdin,BIO_NOCLOSE);
1074 else 1137 else
1138 bio = BIO_new_file(file, "r");
1139
1140 if (bio == NULL)
1075 { 1141 {
1076 » » if (BIO_read_filename(certs,file) <= 0) 1142 » » BIO_printf(err, "Error opening %s %s\n",
1143 » » » » desc, file ? file : "stdin");
1144 » » ERR_print_errors(err);
1145 » » return 0;
1146 » » }
1147
1148 » xis = PEM_X509_INFO_read_bio(bio, NULL,
1149 » » » » (pem_password_cb *)password_callback, &cb_data);
1150
1151 » BIO_free(bio);
1152
1153 » if (pcerts)
1154 » » {
1155 » » *pcerts = sk_X509_new_null();
1156 » » if (!*pcerts)
1157 » » » goto end;
1158 » » }
1159
1160 » if (pcrls)
1161 » » {
1162 » » *pcrls = sk_X509_CRL_new_null();
1163 » » if (!*pcrls)
1164 » » » goto end;
1165 » » }
1166
1167 » for(i = 0; i < sk_X509_INFO_num(xis); i++)
1168 » » {
1169 » » xi = sk_X509_INFO_value (xis, i);
1170 » » if (xi->x509 && pcerts)
1077 { 1171 {
1078 » » » BIO_printf(err, "Error opening %s %s\n", 1172 » » » if (!sk_X509_push(*pcerts, xi->x509))
1079 » » » » cert_descrip, file); 1173 » » » » goto end;
1080 » » » ERR_print_errors(err); 1174 » » » xi->x509 = NULL;
1081 » » » goto end; 1175 » » » }
1176 » » if (xi->crl && pcrls)
1177 » » » {
1178 » » » if (!sk_X509_CRL_push(*pcrls, xi->crl))
1179 » » » » goto end;
1180 » » » xi->crl = NULL;
1082 } 1181 }
1083 } 1182 }
1084 1183
1085 » if (format == FORMAT_PEM) 1184 » if (pcerts && sk_X509_num(*pcerts) > 0)
1185 » » rv = 1;
1186
1187 » if (pcrls && sk_X509_CRL_num(*pcrls) > 0)
1188 » » rv = 1;
1189
1190 » end:
1191
1192 » if (xis)
1193 » » sk_X509_INFO_pop_free(xis, X509_INFO_free);
1194
1195 » if (rv == 0)
1086 { 1196 {
1087 » » othercerts = sk_X509_new_null(); 1197 » » if (pcerts)
1088 » » if(!othercerts)
1089 { 1198 {
1090 » » » sk_X509_free(othercerts); 1199 » » » sk_X509_pop_free(*pcerts, X509_free);
1091 » » » othercerts = NULL; 1200 » » » *pcerts = NULL;
1092 » » » goto end;
1093 } 1201 }
1094 » » allcerts = PEM_X509_INFO_read_bio(certs, NULL, 1202 » » if (pcrls)
1095 » » » » (pem_password_cb *)password_callback, &cb_data);
1096 » » for(i = 0; i < sk_X509_INFO_num(allcerts); i++)
1097 { 1203 {
1098 » » » xi = sk_X509_INFO_value (allcerts, i); 1204 » » » sk_X509_CRL_pop_free(*pcrls, X509_CRL_free);
1099 » » » if (xi->x509) 1205 » » » *pcrls = NULL;
1100 » » » » {
1101 » » » » sk_X509_push(othercerts, xi->x509);
1102 » » » » xi->x509 = NULL;
1103 » » » » }
1104 } 1206 }
1105 » » goto end; 1207 » » BIO_printf(err,"unable to load %s\n",
1106 » » } 1208 » » » » pcerts ? "certificates" : "CRLs");
1107 » else» {
1108 » » BIO_printf(err,"bad input format specified for %s\n",
1109 » » » cert_descrip);
1110 » » goto end;
1111 » » }
1112 end:
1113 » if (othercerts == NULL)
1114 » » {
1115 » » BIO_printf(err,"unable to load certificates\n");
1116 ERR_print_errors(err); 1209 ERR_print_errors(err);
1117 } 1210 }
1118 » if (allcerts) sk_X509_INFO_pop_free(allcerts, X509_INFO_free); 1211 » return rv;
1119 » if (certs != NULL) BIO_free(certs);
1120 » return(othercerts);
1121 } 1212 }
1122 1213
1214 STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
1215 const char *pass, ENGINE *e, const char *desc)
1216 {
1217 STACK_OF(X509) *certs;
1218 load_certs_crls(err, file, format, pass, e, desc, &certs, NULL);
1219 return certs;
1220 }
1221
1222 STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format,
1223 const char *pass, ENGINE *e, const char *desc)
1224 {
1225 STACK_OF(X509_CRL) *crls;
1226 load_certs_crls(err, file, format, pass, e, desc, NULL, &crls);
1227 return crls;
1228 }
1123 1229
1124 #define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) 1230 #define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
1125 /* Return error for unknown extensions */ 1231 /* Return error for unknown extensions */
1126 #define X509V3_EXT_DEFAULT 0 1232 #define X509V3_EXT_DEFAULT 0
1127 /* Print error for unknown extensions */ 1233 /* Print error for unknown extensions */
1128 #define X509V3_EXT_ERROR_UNKNOWN (1L << 16) 1234 #define X509V3_EXT_ERROR_UNKNOWN (1L << 16)
1129 /* ASN1 parse unknown extensions */ 1235 /* ASN1 parse unknown extensions */
1130 #define X509V3_EXT_PARSE_UNKNOWN (2L << 16) 1236 #define X509V3_EXT_PARSE_UNKNOWN (2L << 16)
1131 /* BIO_dump unknown extensions */ 1237 /* BIO_dump unknown extensions */
1132 #define X509V3_EXT_DUMP_UNKNOWN (3L << 16) 1238 #define X509V3_EXT_DUMP_UNKNOWN (3L << 16)
(...skipping 266 matching lines...) Expand 10 before | Expand all | Expand 10 after
1399 1505
1400 /* Free our "structural" reference. */ 1506 /* Free our "structural" reference. */
1401 ENGINE_free(e); 1507 ENGINE_free(e);
1402 } 1508 }
1403 return e; 1509 return e;
1404 } 1510 }
1405 #endif 1511 #endif
1406 1512
1407 int load_config(BIO *err, CONF *cnf) 1513 int load_config(BIO *err, CONF *cnf)
1408 { 1514 {
1515 static int load_config_called = 0;
1516 if (load_config_called)
1517 return 1;
1518 load_config_called = 1;
1409 if (!cnf) 1519 if (!cnf)
1410 cnf = config; 1520 cnf = config;
1411 if (!cnf) 1521 if (!cnf)
1412 return 1; 1522 return 1;
1413 1523
1414 OPENSSL_load_builtin_modules(); 1524 OPENSSL_load_builtin_modules();
1415 1525
1416 if (CONF_modules_load(cnf, NULL, 0) <= 0) 1526 if (CONF_modules_load(cnf, NULL, 0) <= 0)
1417 { 1527 {
1418 BIO_printf(err, "Error configuring OpenSSL\n"); 1528 BIO_printf(err, "Error configuring OpenSSL\n");
(...skipping 13 matching lines...) Expand all
1432 p=OPENSSL_malloc(len); 1542 p=OPENSSL_malloc(len);
1433 BUF_strlcpy(p,t,len); 1543 BUF_strlcpy(p,t,len);
1434 #ifndef OPENSSL_SYS_VMS 1544 #ifndef OPENSSL_SYS_VMS
1435 BUF_strlcat(p,"/",len); 1545 BUF_strlcat(p,"/",len);
1436 #endif 1546 #endif
1437 BUF_strlcat(p,OPENSSL_CONF,len); 1547 BUF_strlcat(p,OPENSSL_CONF,len);
1438 1548
1439 return p; 1549 return p;
1440 } 1550 }
1441 1551
1442 static unsigned long index_serial_hash(const char **a) 1552 static unsigned long index_serial_hash(const OPENSSL_CSTRING *a)
1443 { 1553 {
1444 const char *n; 1554 const char *n;
1445 1555
1446 n=a[DB_serial]; 1556 n=a[DB_serial];
1447 while (*n == '0') n++; 1557 while (*n == '0') n++;
1448 return(lh_strhash(n)); 1558 return(lh_strhash(n));
1449 } 1559 }
1450 1560
1451 static int index_serial_cmp(const char **a, const char **b) 1561 static int index_serial_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
1452 { 1562 {
1453 const char *aa,*bb; 1563 const char *aa,*bb;
1454 1564
1455 for (aa=a[DB_serial]; *aa == '0'; aa++); 1565 for (aa=a[DB_serial]; *aa == '0'; aa++);
1456 for (bb=b[DB_serial]; *bb == '0'; bb++); 1566 for (bb=b[DB_serial]; *bb == '0'; bb++);
1457 return(strcmp(aa,bb)); 1567 return(strcmp(aa,bb));
1458 } 1568 }
1459 1569
1460 static int index_name_qual(char **a) 1570 static int index_name_qual(char **a)
1461 { return(a[0][0] == 'V'); } 1571 { return(a[0][0] == 'V'); }
1462 1572
1463 static unsigned long index_name_hash(const char **a) 1573 static unsigned long index_name_hash(const OPENSSL_CSTRING *a)
1464 { return(lh_strhash(a[DB_name])); } 1574 { return(lh_strhash(a[DB_name])); }
1465 1575
1466 int index_name_cmp(const char **a, const char **b) 1576 int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
1467 » { return(strcmp(a[DB_name], 1577 » { return(strcmp(a[DB_name], b[DB_name])); }
1468 » b[DB_name])); }
1469 1578
1470 static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **) 1579 static IMPLEMENT_LHASH_HASH_FN(index_serial, OPENSSL_CSTRING)
1471 static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **) 1580 static IMPLEMENT_LHASH_COMP_FN(index_serial, OPENSSL_CSTRING)
1472 static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **) 1581 static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING)
1473 static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **) 1582 static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING)
1474 1583
1475 #undef BSIZE 1584 #undef BSIZE
1476 #define BSIZE 256 1585 #define BSIZE 256
1477 1586
1478 BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai) 1587 BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai)
1479 { 1588 {
1480 BIO *in=NULL; 1589 BIO *in=NULL;
1481 BIGNUM *ret=NULL; 1590 BIGNUM *ret=NULL;
1482 MS_STATIC char buf[1024]; 1591 MS_STATIC char buf[1024];
1483 ASN1_INTEGER *ai=NULL; 1592 ASN1_INTEGER *ai=NULL;
(...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after
1591 err: 1700 err:
1592 if (out != NULL) BIO_free_all(out); 1701 if (out != NULL) BIO_free_all(out);
1593 if (ai != NULL) ASN1_INTEGER_free(ai); 1702 if (ai != NULL) ASN1_INTEGER_free(ai);
1594 return(ret); 1703 return(ret);
1595 } 1704 }
1596 1705
1597 int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix) 1706 int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
1598 { 1707 {
1599 char buf[5][BSIZE]; 1708 char buf[5][BSIZE];
1600 int i,j; 1709 int i,j;
1601 struct stat sb;
1602 1710
1603 i = strlen(serialfile) + strlen(old_suffix); 1711 i = strlen(serialfile) + strlen(old_suffix);
1604 j = strlen(serialfile) + strlen(new_suffix); 1712 j = strlen(serialfile) + strlen(new_suffix);
1605 if (i > j) j = i; 1713 if (i > j) j = i;
1606 if (j + 1 >= BSIZE) 1714 if (j + 1 >= BSIZE)
1607 { 1715 {
1608 BIO_printf(bio_err,"file name too long\n"); 1716 BIO_printf(bio_err,"file name too long\n");
1609 goto err; 1717 goto err;
1610 } 1718 }
1611 1719
1612 #ifndef OPENSSL_SYS_VMS 1720 #ifndef OPENSSL_SYS_VMS
1613 j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", 1721 j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",
1614 serialfile, new_suffix); 1722 serialfile, new_suffix);
1615 #else 1723 #else
1616 j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", 1724 j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",
1617 serialfile, new_suffix); 1725 serialfile, new_suffix);
1618 #endif 1726 #endif
1619 #ifndef OPENSSL_SYS_VMS 1727 #ifndef OPENSSL_SYS_VMS
1620 j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", 1728 j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",
1621 serialfile, old_suffix); 1729 serialfile, old_suffix);
1622 #else 1730 #else
1623 j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", 1731 j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
1624 serialfile, old_suffix); 1732 serialfile, old_suffix);
1625 #endif 1733 #endif
1626 » if (stat(serialfile,&sb) < 0) 1734 #ifdef RL_DEBUG
1627 » » { 1735 » BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
1628 » » if (errno != ENOENT 1736 » » serialfile, buf[1]);
1737 #endif
1738 » if (rename(serialfile,buf[1]) < 0 && errno != ENOENT
1629 #ifdef ENOTDIR 1739 #ifdef ENOTDIR
1630 && errno != ENOTDIR 1740 && errno != ENOTDIR
1631 #endif 1741 #endif
1632 » » ) 1742 » )» » {
1633 » » » goto err;
1634 » » }
1635 » else
1636 » » {
1637 #ifdef RL_DEBUG
1638 » » BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
1639 » » » serialfile, buf[1]);
1640 #endif
1641 » » if (rename(serialfile,buf[1]) < 0)
1642 » » » {
1643 BIO_printf(bio_err, 1743 BIO_printf(bio_err,
1644 "unable to rename %s to %s\n", 1744 "unable to rename %s to %s\n",
1645 serialfile, buf[1]); 1745 serialfile, buf[1]);
1646 perror("reason"); 1746 perror("reason");
1647 goto err; 1747 goto err;
1648 } 1748 }
1649 }
1650 #ifdef RL_DEBUG 1749 #ifdef RL_DEBUG
1651 BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", 1750 BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
1652 buf[0],serialfile); 1751 buf[0],serialfile);
1653 #endif 1752 #endif
1654 if (rename(buf[0],serialfile) < 0) 1753 if (rename(buf[0],serialfile) < 0)
1655 { 1754 {
1656 BIO_printf(bio_err, 1755 BIO_printf(bio_err,
1657 "unable to rename %s to %s\n", 1756 "unable to rename %s to %s\n",
1658 buf[0],serialfile); 1757 buf[0],serialfile);
1659 perror("reason"); 1758 perror("reason");
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after
1706 ERR_print_errors(bio_err); 1805 ERR_print_errors(bio_err);
1707 goto err; 1806 goto err;
1708 } 1807 }
1709 if (BIO_read_filename(in,dbfile) <= 0) 1808 if (BIO_read_filename(in,dbfile) <= 0)
1710 { 1809 {
1711 perror(dbfile); 1810 perror(dbfile);
1712 BIO_printf(bio_err,"unable to open '%s'\n",dbfile); 1811 BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
1713 goto err; 1812 goto err;
1714 } 1813 }
1715 if ((tmpdb = TXT_DB_read(in,DB_NUMBER)) == NULL) 1814 if ((tmpdb = TXT_DB_read(in,DB_NUMBER)) == NULL)
1716 {
1717 if (tmpdb != NULL) TXT_DB_free(tmpdb);
1718 goto err; 1815 goto err;
1719 }
1720 1816
1721 #ifndef OPENSSL_SYS_VMS 1817 #ifndef OPENSSL_SYS_VMS
1722 BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile); 1818 BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile);
1723 #else 1819 #else
1724 BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile); 1820 BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile);
1725 #endif 1821 #endif
1726 dbattr_conf = NCONF_new(NULL); 1822 dbattr_conf = NCONF_new(NULL);
1727 if (NCONF_load(dbattr_conf,buf[0],&errorline) <= 0) 1823 if (NCONF_load(dbattr_conf,buf[0],&errorline) <= 0)
1728 { 1824 {
1729 if (errorline > 0) 1825 if (errorline > 0)
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after
1770 err: 1866 err:
1771 if (dbattr_conf) NCONF_free(dbattr_conf); 1867 if (dbattr_conf) NCONF_free(dbattr_conf);
1772 if (tmpdb) TXT_DB_free(tmpdb); 1868 if (tmpdb) TXT_DB_free(tmpdb);
1773 if (in) BIO_free_all(in); 1869 if (in) BIO_free_all(in);
1774 return retdb; 1870 return retdb;
1775 } 1871 }
1776 1872
1777 int index_index(CA_DB *db) 1873 int index_index(CA_DB *db)
1778 { 1874 {
1779 if (!TXT_DB_create_index(db->db, DB_serial, NULL, 1875 if (!TXT_DB_create_index(db->db, DB_serial, NULL,
1780 » » » » LHASH_HASH_FN(index_serial_hash), 1876 » » » » LHASH_HASH_FN(index_serial),
1781 » » » » LHASH_COMP_FN(index_serial_cmp))) 1877 » » » » LHASH_COMP_FN(index_serial)))
1782 { 1878 {
1783 BIO_printf(bio_err, 1879 BIO_printf(bio_err,
1784 "error creating serial number index:(%ld,%ld,%ld)\n", 1880 "error creating serial number index:(%ld,%ld,%ld)\n",
1785 db->db->error,db->db->arg1,db->db->arg2) ; 1881 db->db->error,db->db->arg1,db->db->arg2) ;
1786 return 0; 1882 return 0;
1787 } 1883 }
1788 1884
1789 if (db->attributes.unique_subject 1885 if (db->attributes.unique_subject
1790 && !TXT_DB_create_index(db->db, DB_name, index_name_qual, 1886 && !TXT_DB_create_index(db->db, DB_name, index_name_qual,
1791 » » » LHASH_HASH_FN(index_name_hash), 1887 » » » LHASH_HASH_FN(index_name),
1792 » » » LHASH_COMP_FN(index_name_cmp))) 1888 » » » LHASH_COMP_FN(index_name)))
1793 { 1889 {
1794 BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n", 1890 BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
1795 db->db->error,db->db->arg1,db->db->arg2); 1891 db->db->error,db->db->arg1,db->db->arg2);
1796 return 0; 1892 return 0;
1797 } 1893 }
1798 return 1; 1894 return 1;
1799 } 1895 }
1800 1896
1801 int save_index(const char *dbfile, const char *suffix, CA_DB *db) 1897 int save_index(const char *dbfile, const char *suffix, CA_DB *db)
1802 { 1898 {
(...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after
1862 1958
1863 return 1; 1959 return 1;
1864 err: 1960 err:
1865 return 0; 1961 return 0;
1866 } 1962 }
1867 1963
1868 int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suf fix) 1964 int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suf fix)
1869 { 1965 {
1870 char buf[5][BSIZE]; 1966 char buf[5][BSIZE];
1871 int i,j; 1967 int i,j;
1872 struct stat sb;
1873 1968
1874 i = strlen(dbfile) + strlen(old_suffix); 1969 i = strlen(dbfile) + strlen(old_suffix);
1875 j = strlen(dbfile) + strlen(new_suffix); 1970 j = strlen(dbfile) + strlen(new_suffix);
1876 if (i > j) j = i; 1971 if (i > j) j = i;
1877 if (j + 6 >= BSIZE) 1972 if (j + 6 >= BSIZE)
1878 { 1973 {
1879 BIO_printf(bio_err,"file name too long\n"); 1974 BIO_printf(bio_err,"file name too long\n");
1880 goto err; 1975 goto err;
1881 } 1976 }
1882 1977
(...skipping 23 matching lines...) Expand all
1906 j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", 2001 j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
1907 dbfile, old_suffix); 2002 dbfile, old_suffix);
1908 #endif 2003 #endif
1909 #ifndef OPENSSL_SYS_VMS 2004 #ifndef OPENSSL_SYS_VMS
1910 j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s", 2005 j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s",
1911 dbfile, old_suffix); 2006 dbfile, old_suffix);
1912 #else 2007 #else
1913 j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s", 2008 j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s",
1914 dbfile, old_suffix); 2009 dbfile, old_suffix);
1915 #endif 2010 #endif
1916 » if (stat(dbfile,&sb) < 0) 2011 #ifdef RL_DEBUG
1917 » » { 2012 » BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
1918 » » if (errno != ENOENT 2013 » » dbfile, buf[1]);
2014 #endif
2015 » if (rename(dbfile,buf[1]) < 0 && errno != ENOENT
1919 #ifdef ENOTDIR 2016 #ifdef ENOTDIR
1920 » » » && errno != ENOTDIR 2017 » » && errno != ENOTDIR
1921 #endif 2018 #endif
1922 » » ) 2019 » )» » {
1923 » » » goto err;
1924 » » }
1925 » else
1926 » » {
1927 #ifdef RL_DEBUG
1928 » » BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
1929 » » » dbfile, buf[1]);
1930 #endif
1931 » » if (rename(dbfile,buf[1]) < 0)
1932 » » » {
1933 BIO_printf(bio_err, 2020 BIO_printf(bio_err,
1934 "unable to rename %s to %s\n", 2021 "unable to rename %s to %s\n",
1935 dbfile, buf[1]); 2022 dbfile, buf[1]);
1936 perror("reason"); 2023 perror("reason");
1937 goto err; 2024 goto err;
1938 } 2025 }
1939 }
1940 #ifdef RL_DEBUG 2026 #ifdef RL_DEBUG
1941 BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", 2027 BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
1942 buf[0],dbfile); 2028 buf[0],dbfile);
1943 #endif 2029 #endif
1944 if (rename(buf[0],dbfile) < 0) 2030 if (rename(buf[0],dbfile) < 0)
1945 { 2031 {
1946 BIO_printf(bio_err, 2032 BIO_printf(bio_err,
1947 "unable to rename %s to %s\n", 2033 "unable to rename %s to %s\n",
1948 buf[0],dbfile); 2034 buf[0],dbfile);
1949 perror("reason"); 2035 perror("reason");
1950 rename(buf[1],dbfile); 2036 rename(buf[1],dbfile);
1951 goto err; 2037 goto err;
1952 } 2038 }
1953 » if (stat(buf[4],&sb) < 0) 2039 #ifdef RL_DEBUG
1954 » » { 2040 » BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
1955 » » if (errno != ENOENT 2041 » » buf[4],buf[3]);
2042 #endif
2043 » if (rename(buf[4],buf[3]) < 0 && errno != ENOENT
1956 #ifdef ENOTDIR 2044 #ifdef ENOTDIR
1957 » » » && errno != ENOTDIR 2045 » » && errno != ENOTDIR
1958 #endif 2046 #endif
1959 » » ) 2047 » )» » {
1960 » » » goto err;
1961 » » }
1962 » else
1963 » » {
1964 #ifdef RL_DEBUG
1965 » » BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
1966 » » » buf[4],buf[3]);
1967 #endif
1968 » » if (rename(buf[4],buf[3]) < 0)
1969 » » » {
1970 BIO_printf(bio_err, 2048 BIO_printf(bio_err,
1971 "unable to rename %s to %s\n", 2049 "unable to rename %s to %s\n",
1972 buf[4], buf[3]); 2050 buf[4], buf[3]);
1973 perror("reason"); 2051 perror("reason");
1974 rename(dbfile,buf[0]); 2052 rename(dbfile,buf[0]);
1975 rename(buf[1],dbfile); 2053 rename(buf[1],dbfile);
1976 goto err; 2054 goto err;
1977 } 2055 }
1978 }
1979 #ifdef RL_DEBUG 2056 #ifdef RL_DEBUG
1980 BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", 2057 BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
1981 buf[2],buf[4]); 2058 buf[2],buf[4]);
1982 #endif 2059 #endif
1983 if (rename(buf[2],buf[4]) < 0) 2060 if (rename(buf[2],buf[4]) < 0)
1984 { 2061 {
1985 BIO_printf(bio_err, 2062 BIO_printf(bio_err,
1986 "unable to rename %s to %s\n", 2063 "unable to rename %s to %s\n",
1987 buf[2],buf[4]); 2064 buf[2],buf[4]);
1988 perror("reason"); 2065 perror("reason");
(...skipping 174 matching lines...) Expand 10 before | Expand all | Expand 10 after
2163 X509_NAME_free(n); 2240 X509_NAME_free(n);
2164 if (ne_values) 2241 if (ne_values)
2165 OPENSSL_free(ne_values); 2242 OPENSSL_free(ne_values);
2166 if (ne_types) 2243 if (ne_types)
2167 OPENSSL_free(ne_types); 2244 OPENSSL_free(ne_types);
2168 if (buf) 2245 if (buf)
2169 OPENSSL_free(buf); 2246 OPENSSL_free(buf);
2170 return NULL; 2247 return NULL;
2171 } 2248 }
2172 2249
2173 /* This code MUST COME AFTER anything that uses rename() */
2174 #ifdef OPENSSL_SYS_WIN32
2175 int WIN32_rename(const char *from, const char *to)
2176 {
2177 #ifndef OPENSSL_SYS_WINCE
2178 /* Windows rename gives an error if 'to' exists, so delete it
2179 * first and ignore file not found errror
2180 */
2181 if((remove(to) != 0) && (errno != ENOENT))
2182 return -1;
2183 #undef rename
2184 return rename(from, to);
2185 #else
2186 /* convert strings to UNICODE */
2187 {
2188 BOOL result = FALSE;
2189 WCHAR* wfrom;
2190 WCHAR* wto;
2191 int i;
2192 wfrom = malloc((strlen(from)+1)*2);
2193 wto = malloc((strlen(to)+1)*2);
2194 if (wfrom != NULL && wto != NULL)
2195 {
2196 for (i=0; i<(int)strlen(from)+1; i++)
2197 wfrom[i] = (short)from[i];
2198 for (i=0; i<(int)strlen(to)+1; i++)
2199 wto[i] = (short)to[i];
2200 result = MoveFile(wfrom, wto);
2201 }
2202 if (wfrom != NULL)
2203 free(wfrom);
2204 if (wto != NULL)
2205 free(wto);
2206 return result;
2207 }
2208 #endif
2209 }
2210 #endif
2211
2212 int args_verify(char ***pargs, int *pargc, 2250 int args_verify(char ***pargs, int *pargc,
2213 int *badarg, BIO *err, X509_VERIFY_PARAM **pm) 2251 int *badarg, BIO *err, X509_VERIFY_PARAM **pm)
2214 { 2252 {
2215 ASN1_OBJECT *otmp = NULL; 2253 ASN1_OBJECT *otmp = NULL;
2216 unsigned long flags = 0; 2254 unsigned long flags = 0;
2217 int i; 2255 int i;
2218 » int purpose = 0; 2256 » int purpose = 0, depth = -1;
2219 char **oldargs = *pargs; 2257 char **oldargs = *pargs;
2220 char *arg = **pargs, *argn = (*pargs)[1]; 2258 char *arg = **pargs, *argn = (*pargs)[1];
2221 if (!strcmp(arg, "-policy")) 2259 if (!strcmp(arg, "-policy"))
2222 { 2260 {
2223 if (!argn) 2261 if (!argn)
2224 *badarg = 1; 2262 *badarg = 1;
2225 else 2263 else
2226 { 2264 {
2227 otmp = OBJ_txt2obj(argn, 0); 2265 otmp = OBJ_txt2obj(argn, 0);
2228 if (!otmp) 2266 if (!otmp)
(...skipping 19 matching lines...) Expand all
2248 *badarg = 1; 2286 *badarg = 1;
2249 } 2287 }
2250 else 2288 else
2251 { 2289 {
2252 xptmp = X509_PURPOSE_get0(i); 2290 xptmp = X509_PURPOSE_get0(i);
2253 purpose = X509_PURPOSE_get_id(xptmp); 2291 purpose = X509_PURPOSE_get_id(xptmp);
2254 } 2292 }
2255 } 2293 }
2256 (*pargs)++; 2294 (*pargs)++;
2257 } 2295 }
2296 else if (strcmp(arg,"-verify_depth") == 0)
2297 {
2298 if (!argn)
2299 *badarg = 1;
2300 else
2301 {
2302 depth = atoi(argn);
2303 if(depth < 0)
2304 {
2305 BIO_printf(err, "invalid depth\n");
2306 *badarg = 1;
2307 }
2308 }
2309 (*pargs)++;
2310 }
2258 else if (!strcmp(arg, "-ignore_critical")) 2311 else if (!strcmp(arg, "-ignore_critical"))
2259 flags |= X509_V_FLAG_IGNORE_CRITICAL; 2312 flags |= X509_V_FLAG_IGNORE_CRITICAL;
2260 else if (!strcmp(arg, "-issuer_checks")) 2313 else if (!strcmp(arg, "-issuer_checks"))
2261 flags |= X509_V_FLAG_CB_ISSUER_CHECK; 2314 flags |= X509_V_FLAG_CB_ISSUER_CHECK;
2262 else if (!strcmp(arg, "-crl_check")) 2315 else if (!strcmp(arg, "-crl_check"))
2263 flags |= X509_V_FLAG_CRL_CHECK; 2316 flags |= X509_V_FLAG_CRL_CHECK;
2264 else if (!strcmp(arg, "-crl_check_all")) 2317 else if (!strcmp(arg, "-crl_check_all"))
2265 flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL; 2318 flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
2266 else if (!strcmp(arg, "-policy_check")) 2319 else if (!strcmp(arg, "-policy_check"))
2267 flags |= X509_V_FLAG_POLICY_CHECK; 2320 flags |= X509_V_FLAG_POLICY_CHECK;
2268 else if (!strcmp(arg, "-explicit_policy")) 2321 else if (!strcmp(arg, "-explicit_policy"))
2269 flags |= X509_V_FLAG_EXPLICIT_POLICY; 2322 flags |= X509_V_FLAG_EXPLICIT_POLICY;
2323 else if (!strcmp(arg, "-inhibit_any"))
2324 flags |= X509_V_FLAG_INHIBIT_ANY;
2325 else if (!strcmp(arg, "-inhibit_map"))
2326 flags |= X509_V_FLAG_INHIBIT_MAP;
2270 else if (!strcmp(arg, "-x509_strict")) 2327 else if (!strcmp(arg, "-x509_strict"))
2271 flags |= X509_V_FLAG_X509_STRICT; 2328 flags |= X509_V_FLAG_X509_STRICT;
2329 else if (!strcmp(arg, "-extended_crl"))
2330 flags |= X509_V_FLAG_EXTENDED_CRL_SUPPORT;
2331 else if (!strcmp(arg, "-use_deltas"))
2332 flags |= X509_V_FLAG_USE_DELTAS;
2272 else if (!strcmp(arg, "-policy_print")) 2333 else if (!strcmp(arg, "-policy_print"))
2273 flags |= X509_V_FLAG_NOTIFY_POLICY; 2334 flags |= X509_V_FLAG_NOTIFY_POLICY;
2274 else if (!strcmp(arg, "-check_ss_sig")) 2335 else if (!strcmp(arg, "-check_ss_sig"))
2275 flags |= X509_V_FLAG_CHECK_SS_SIGNATURE; 2336 flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
2276 else 2337 else
2277 return 0; 2338 return 0;
2278 2339
2279 if (*badarg) 2340 if (*badarg)
2280 { 2341 {
2281 if (*pm) 2342 if (*pm)
2282 X509_VERIFY_PARAM_free(*pm); 2343 X509_VERIFY_PARAM_free(*pm);
2283 *pm = NULL; 2344 *pm = NULL;
2284 goto end; 2345 goto end;
2285 } 2346 }
2286 2347
2287 if (!*pm && !(*pm = X509_VERIFY_PARAM_new())) 2348 if (!*pm && !(*pm = X509_VERIFY_PARAM_new()))
2288 { 2349 {
2289 *badarg = 1; 2350 *badarg = 1;
2290 goto end; 2351 goto end;
2291 } 2352 }
2292 2353
2293 if (otmp) 2354 if (otmp)
2294 X509_VERIFY_PARAM_add0_policy(*pm, otmp); 2355 X509_VERIFY_PARAM_add0_policy(*pm, otmp);
2295 if (flags) 2356 if (flags)
2296 X509_VERIFY_PARAM_set_flags(*pm, flags); 2357 X509_VERIFY_PARAM_set_flags(*pm, flags);
2297 2358
2298 if (purpose) 2359 if (purpose)
2299 X509_VERIFY_PARAM_set_purpose(*pm, purpose); 2360 X509_VERIFY_PARAM_set_purpose(*pm, purpose);
2300 2361
2362 if (depth >= 0)
2363 X509_VERIFY_PARAM_set_depth(*pm, depth);
2364
2301 end: 2365 end:
2302 2366
2303 (*pargs)++; 2367 (*pargs)++;
2304 2368
2305 if (pargc) 2369 if (pargc)
2306 *pargc -= *pargs - oldargs; 2370 *pargc -= *pargs - oldargs;
2307 2371
2308 return 1; 2372 return 1;
2309 2373
2310 } 2374 }
2311 2375
2376 /* Read whole contents of a BIO into an allocated memory buffer and
2377 * return it.
2378 */
2379
2380 int bio_to_mem(unsigned char **out, int maxlen, BIO *in)
2381 {
2382 BIO *mem;
2383 int len, ret;
2384 unsigned char tbuf[1024];
2385 mem = BIO_new(BIO_s_mem());
2386 if (!mem)
2387 return -1;
2388 for(;;)
2389 {
2390 if ((maxlen != -1) && maxlen < 1024)
2391 len = maxlen;
2392 else
2393 len = 1024;
2394 len = BIO_read(in, tbuf, len);
2395 if (len <= 0)
2396 break;
2397 if (BIO_write(mem, tbuf, len) != len)
2398 {
2399 BIO_free(mem);
2400 return -1;
2401 }
2402 maxlen -= len;
2403
2404 if (maxlen == 0)
2405 break;
2406 }
2407 ret = BIO_get_mem_data(mem, (char **)out);
2408 BIO_set_flags(mem, BIO_FLAGS_MEM_RDONLY);
2409 BIO_free(mem);
2410 return ret;
2411 }
2412
2413 int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value)
2414 {
2415 int rv;
2416 char *stmp, *vtmp = NULL;
2417 stmp = BUF_strdup(value);
2418 if (!stmp)
2419 return -1;
2420 vtmp = strchr(stmp, ':');
2421 if (vtmp)
2422 {
2423 *vtmp = 0;
2424 vtmp++;
2425 }
2426 rv = EVP_PKEY_CTX_ctrl_str(ctx, stmp, vtmp);
2427 OPENSSL_free(stmp);
2428 return rv;
2429 }
2430
2312 static void nodes_print(BIO *out, const char *name, 2431 static void nodes_print(BIO *out, const char *name,
2313 STACK_OF(X509_POLICY_NODE) *nodes) 2432 STACK_OF(X509_POLICY_NODE) *nodes)
2314 { 2433 {
2315 X509_POLICY_NODE *node; 2434 X509_POLICY_NODE *node;
2316 int i; 2435 int i;
2317 BIO_printf(out, "%s Policies:", name); 2436 BIO_printf(out, "%s Policies:", name);
2318 if (nodes) 2437 if (nodes)
2319 { 2438 {
2320 BIO_puts(out, "\n"); 2439 BIO_puts(out, "\n");
2321 for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++) 2440 for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++)
(...skipping 21 matching lines...) Expand all
2343 2462
2344 BIO_printf(out, "Require explicit Policy: %s\n", 2463 BIO_printf(out, "Require explicit Policy: %s\n",
2345 explicit_policy ? "True" : "False"); 2464 explicit_policy ? "True" : "False");
2346 2465
2347 nodes_print(out, "Authority", X509_policy_tree_get0_policies(tree)); 2466 nodes_print(out, "Authority", X509_policy_tree_get0_policies(tree));
2348 nodes_print(out, "User", X509_policy_tree_get0_user_policies(tree)); 2467 nodes_print(out, "User", X509_policy_tree_get0_user_policies(tree));
2349 if (free_out) 2468 if (free_out)
2350 BIO_free(out); 2469 BIO_free(out);
2351 } 2470 }
2352 2471
2353 #ifndef OPENSSL_NO_JPAKE 2472 #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
2354 2473
2355 static JPAKE_CTX *jpake_init(const char *us, const char *them, 2474 static JPAKE_CTX *jpake_init(const char *us, const char *them,
2356 const char *secret) 2475 const char *secret)
2357 { 2476 {
2358 BIGNUM *p = NULL; 2477 BIGNUM *p = NULL;
2359 BIGNUM *g = NULL; 2478 BIGNUM *g = NULL;
2360 BIGNUM *q = NULL; 2479 BIGNUM *q = NULL;
2361 BIGNUM *bnsecret = BN_new(); 2480 BIGNUM *bnsecret = BN_new();
2362 JPAKE_CTX *ctx; 2481 JPAKE_CTX *ctx;
2363 2482
(...skipping 162 matching lines...) Expand 10 before | Expand all | Expand 10 after
2526 bconn = BIO_new(BIO_f_buffer()); 2645 bconn = BIO_new(BIO_f_buffer());
2527 BIO_push(bconn, conn); 2646 BIO_push(bconn, conn);
2528 2647
2529 jpake_send_step1(bconn, ctx); 2648 jpake_send_step1(bconn, ctx);
2530 jpake_receive_step1(ctx, bconn); 2649 jpake_receive_step1(ctx, bconn);
2531 jpake_send_step2(bconn, ctx); 2650 jpake_send_step2(bconn, ctx);
2532 jpake_receive_step2(ctx, bconn); 2651 jpake_receive_step2(ctx, bconn);
2533 jpake_send_step3a(bconn, ctx); 2652 jpake_send_step3a(bconn, ctx);
2534 jpake_receive_step3b(ctx, bconn); 2653 jpake_receive_step3b(ctx, bconn);
2535 2654
2536 » /* 2655 » BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
2537 » * The problem is that you must use the derived key in the 2656
2538 » * session key or you are subject to man-in-the-middle 2657 » psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
2539 » * attacks.
2540 » */
2541 » BIO_puts(out, "JPAKE authentication succeeded (N.B. This version can"
2542 » » " be MitMed. See the version in HEAD for how to do it"
2543 » » " properly)\n");
2544 2658
2545 BIO_pop(bconn); 2659 BIO_pop(bconn);
2546 BIO_free(bconn); 2660 BIO_free(bconn);
2661
2662 JPAKE_CTX_free(ctx);
2547 } 2663 }
2548 2664
2549 void jpake_server_auth(BIO *out, BIO *conn, const char *secret) 2665 void jpake_server_auth(BIO *out, BIO *conn, const char *secret)
2550 { 2666 {
2551 JPAKE_CTX *ctx; 2667 JPAKE_CTX *ctx;
2552 BIO *bconn; 2668 BIO *bconn;
2553 2669
2554 BIO_puts(out, "Authenticating with JPAKE\n"); 2670 BIO_puts(out, "Authenticating with JPAKE\n");
2555 2671
2556 ctx = jpake_init("server", "client", secret); 2672 ctx = jpake_init("server", "client", secret);
2557 2673
2558 bconn = BIO_new(BIO_f_buffer()); 2674 bconn = BIO_new(BIO_f_buffer());
2559 BIO_push(bconn, conn); 2675 BIO_push(bconn, conn);
2560 2676
2561 jpake_receive_step1(ctx, bconn); 2677 jpake_receive_step1(ctx, bconn);
2562 jpake_send_step1(bconn, ctx); 2678 jpake_send_step1(bconn, ctx);
2563 jpake_receive_step2(ctx, bconn); 2679 jpake_receive_step2(ctx, bconn);
2564 jpake_send_step2(bconn, ctx); 2680 jpake_send_step2(bconn, ctx);
2565 jpake_receive_step3a(ctx, bconn); 2681 jpake_receive_step3a(ctx, bconn);
2566 jpake_send_step3b(bconn, ctx); 2682 jpake_send_step3b(bconn, ctx);
2567 2683
2568 » /* 2684 » BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
2569 » * The problem is that you must use the derived key in the 2685
2570 » * session key or you are subject to man-in-the-middle 2686 » psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
2571 » * attacks.
2572 » */
2573 » BIO_puts(out, "JPAKE authentication succeeded (N.B. This version can"
2574 » » " be MitMed. See the version in HEAD for how to do it"
2575 » » " properly)\n");
2576 2687
2577 BIO_pop(bconn); 2688 BIO_pop(bconn);
2578 BIO_free(bconn); 2689 BIO_free(bconn);
2579 » } 2690
2580 2691 » JPAKE_CTX_free(ctx);
2581 #endif 2692 » }
2582 2693
2694 #endif
2695
2696 /*
2697 * Platform-specific sections
2698 */
2699 #if defined(_WIN32)
2700 # ifdef fileno
2701 # undef fileno
2702 # define fileno(a) (int)_fileno(a)
2703 # endif
2704
2705 # include <windows.h>
2706 # include <tchar.h>
2707
2708 static int WIN32_rename(const char *from, const char *to)
2709 » {
2710 » TCHAR *tfrom=NULL,*tto;
2711 » DWORD» err;
2712 » int» ret=0;
2713
2714 » if (sizeof(TCHAR) == 1)
2715 » » {
2716 » » tfrom = (TCHAR *)from;
2717 » » tto = (TCHAR *)to;
2718 » » }
2719 » else» /* UNICODE path */
2720 » » {
2721 » » size_t i,flen=strlen(from)+1,tlen=strlen(to)+1;
2722 » » tfrom = (TCHAR *)malloc(sizeof(TCHAR)*(flen+tlen));
2723 » » if (tfrom==NULL) goto err;
2724 » » tto=tfrom+flen;
2725 #if !defined(_WIN32_WCE) || _WIN32_WCE>=101
2726 » » if (!MultiByteToWideChar(CP_ACP,0,from,flen,(WCHAR *)tfrom,flen) )
2727 #endif
2728 » » » for (i=0;i<flen;i++)» tfrom[i]=(TCHAR)from[i];
2729 #if !defined(_WIN32_WCE) || _WIN32_WCE>=101
2730 » » if (!MultiByteToWideChar(CP_ACP,0,to, tlen,(WCHAR *)tto, tlen) )
2731 #endif
2732 » » » for (i=0;i<tlen;i++)» tto[i] =(TCHAR)to[i];
2733 » » }
2734
2735 » if (MoveFile(tfrom,tto))» goto ok;
2736 » err=GetLastError();
2737 » if (err==ERROR_ALREADY_EXISTS || err==ERROR_FILE_EXISTS)
2738 » » {
2739 » » if (DeleteFile(tto) && MoveFile(tfrom,tto))
2740 » » » goto ok;
2741 » » err=GetLastError();
2742 » » }
2743 » if (err==ERROR_FILE_NOT_FOUND || err==ERROR_PATH_NOT_FOUND)
2744 » » errno = ENOENT;
2745 » else if (err==ERROR_ACCESS_DENIED)
2746 » » errno = EACCES;
2747 » else
2748 » » errno = EINVAL;»/* we could map more codes... */
2749 err:
2750 » ret=-1;
2751 ok:
2752 » if (tfrom!=NULL && tfrom!=(TCHAR *)from)» free(tfrom);
2753 » return ret;
2754 » }
2755 #endif
2756
2757 /* app_tminterval section */
2758 #if defined(_WIN32)
2759 double app_tminterval(int stop,int usertime)
2760 » {
2761 » FILETIME» » now;
2762 » double» » » ret=0;
2763 » static ULARGE_INTEGER» tmstart;
2764 » static int» » warning=1;
2765 #ifdef _WIN32_WINNT
2766 » static HANDLE» » proc=NULL;
2767
2768 » if (proc==NULL)
2769 » » {
2770 » » if (GetVersion() < 0x80000000)
2771 » » » proc = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,
2772 » » » » » » GetCurrentProcessId());
2773 » » if (proc==NULL) proc = (HANDLE)-1;
2774 » » }
2775
2776 » if (usertime && proc!=(HANDLE)-1)
2777 » » {
2778 » » FILETIME junk;
2779 » » GetProcessTimes(proc,&junk,&junk,&junk,&now);
2780 » » }
2781 » else
2782 #endif
2783 » » {
2784 » » SYSTEMTIME systime;
2785
2786 » » if (usertime && warning)
2787 » » » {
2788 » » » BIO_printf(bio_err,"To get meaningful results, run "
2789 » » » » » "this program on idle system.\n");
2790 » » » warning=0;
2791 » » » }
2792 » » GetSystemTime(&systime);
2793 » » SystemTimeToFileTime(&systime,&now);
2794 » » }
2795
2796 » if (stop==TM_START)
2797 » » {
2798 » » tmstart.u.LowPart = now.dwLowDateTime;
2799 » » tmstart.u.HighPart = now.dwHighDateTime;
2800 » » }
2801 » else» {
2802 » » ULARGE_INTEGER tmstop;
2803
2804 » » tmstop.u.LowPart = now.dwLowDateTime;
2805 » » tmstop.u.HighPart = now.dwHighDateTime;
2806
2807 » » ret = (__int64)(tmstop.QuadPart - tmstart.QuadPart)*1e-7;
2808 » » }
2809
2810 » return (ret);
2811 » }
2812
2813 #elif defined(OPENSSL_SYS_NETWARE)
2814 #include <time.h>
2815
2816 double app_tminterval(int stop,int usertime)
2817 » {
2818 » double» » ret=0;
2819 » static clock_t» tmstart;
2820 » static int» warning=1;
2821
2822 » if (usertime && warning)
2823 » » {
2824 » » BIO_printf(bio_err,"To get meaningful results, run "
2825 » » » » "this program on idle system.\n");
2826 » » warning=0;
2827 » » }
2828
2829 » if (stop==TM_START)» tmstart = clock();
2830 » else» » » ret = (clock()-tmstart)/(double)CLOCKS_PER_S EC;
2831
2832 » return (ret);
2833 » }
2834
2835 #elif defined(OPENSSL_SYSTEM_VXWORKS)
2836 #include <time.h>
2837
2838 double app_tminterval(int stop,int usertime)
2839 » {
2840 » double ret=0;
2841 #ifdef CLOCK_REALTIME
2842 » static struct timespec» tmstart;
2843 » struct timespec»» now;
2844 #else
2845 » static unsigned long» tmstart;
2846 » unsigned long» » now;
2847 #endif
2848 » static int warning=1;
2849
2850 » if (usertime && warning)
2851 » » {
2852 » » BIO_printf(bio_err,"To get meaningful results, run "
2853 » » » » "this program on idle system.\n");
2854 » » warning=0;
2855 » » }
2856
2857 #ifdef CLOCK_REALTIME
2858 » clock_gettime(CLOCK_REALTIME,&now);
2859 » if (stop==TM_START)» tmstart = now;
2860 » else» ret = ( (now.tv_sec+now.tv_nsec*1e-9)
2861 » » » - (tmstart.tv_sec+tmstart.tv_nsec*1e-9) );
2862 #else
2863 » now = tickGet();
2864 » if (stop==TM_START)» tmstart = now;
2865 » else» » » ret = (now - tmstart)/(double)sysClkRateGet();
2866 #endif
2867 » return (ret);
2868 » }
2869
2870 #elif defined(OPENSSL_SYSTEM_VMS)
2871 #include <time.h>
2872 #include <times.h>
2873
2874 double app_tminterval(int stop,int usertime)
2875 » {
2876 » static clock_t» tmstart;
2877 » double» » ret = 0;
2878 » clock_t»» now;
2879 #ifdef __TMS
2880 » struct tms» rus;
2881
2882 » now = times(&rus);
2883 » if (usertime)» now = rus.tms_utime;
2884 #else
2885 » if (usertime)
2886 » » now = clock(); /* sum of user and kernel times */
2887 » else» {
2888 » » struct timeval tv;
2889 » » gettimeofday(&tv,NULL);
2890 » » now = (clock_t)(
2891 » » » (unsigned long long)tv.tv_sec*CLK_TCK +
2892 » » » (unsigned long long)tv.tv_usec*(1000000/CLK_TCK)
2893 » » » );
2894 » » }
2895 #endif
2896 » if (stop==TM_START)» tmstart = now;
2897 » else» » » ret = (now - tmstart)/(double)(CLK_TCK);
2898
2899 » return (ret);
2900 » }
2901
2902 #elif defined(_SC_CLK_TCK)» /* by means of unistd.h */
2903 #include <sys/times.h>
2904
2905 double app_tminterval(int stop,int usertime)
2906 » {
2907 » double» » ret = 0;
2908 » struct tms» rus;
2909 » clock_t»» now = times(&rus);
2910 » static clock_t» tmstart;
2911
2912 » if (usertime)» » now = rus.tms_utime;
2913
2914 » if (stop==TM_START)» tmstart = now;
2915 » else
2916 » » {
2917 » » long int tck = sysconf(_SC_CLK_TCK);
2918 » » ret = (now - tmstart)/(double)tck;
2919 » » }
2920
2921 » return (ret);
2922 » }
2923
2924 #else
2925 #include <sys/time.h>
2926 #include <sys/resource.h>
2927
2928 double app_tminterval(int stop,int usertime)
2929 » {
2930 » double» » ret = 0;
2931 » struct rusage» rus;
2932 » struct timeval» now;
2933 » static struct timeval tmstart;
2934
2935 » if (usertime)» » getrusage(RUSAGE_SELF,&rus), now = rus.ru_utime;
2936 » else» » » gettimeofday(&now,NULL);
2937
2938 » if (stop==TM_START)» tmstart = now;
2939 » else» » » ret = ( (now.tv_sec+now.tv_usec*1e-6)
2940 » » » » » - (tmstart.tv_sec+tmstart.tv_usec*1e-6) );
2941
2942 » return ret;
2943 » }
2944 #endif
2945
2946 /* app_isdir section */
2947 #ifdef _WIN32
2948 int app_isdir(const char *name)
2949 » {
2950 » HANDLE» » hList;
2951 » WIN32_FIND_DATA»FileData;
2952 #if defined(UNICODE) || defined(_UNICODE)
2953 » size_t i, len_0 = strlen(name)+1;
2954
2955 » if (len_0 > sizeof(FileData.cFileName)/sizeof(FileData.cFileName[0]))
2956 » » return -1;
2957
2958 #if !defined(_WIN32_WCE) || _WIN32_WCE>=101
2959 » if (!MultiByteToWideChar(CP_ACP,0,name,len_0,FileData.cFileName,len_0))
2960 #endif
2961 » » for (i=0;i<len_0;i++)
2962 » » » FileData.cFileName[i] = (WCHAR)name[i];
2963
2964 » hList = FindFirstFile(FileData.cFileName,&FileData);
2965 #else
2966 » hList = FindFirstFile(name,&FileData);
2967 #endif
2968 » if (hList == INVALID_HANDLE_VALUE)» return -1;
2969 » FindClose(hList);
2970 » return ((FileData.dwFileAttributes&FILE_ATTRIBUTE_DIRECTORY)!=0);
2971 » }
2972 #else
2973 #include <sys/stat.h>
2974 #ifndef S_ISDIR
2975 # if defined(_S_IFMT) && defined(_S_IFDIR)
2976 # define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR)
2977 # else
2978 # define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
2979 # endif
2980 #endif
2981
2982 int app_isdir(const char *name)
2983 » {
2984 #if defined(S_ISDIR)
2985 » struct stat st;
2986
2987 » if (stat(name,&st)==0)» return S_ISDIR(st.st_mode);
2988 » else» » » return -1;
2989 #else
2990 » return -1;
2991 #endif
2992 » }
2993 #endif
2994
2995 /* raw_read|write section */
2996 #if defined(_WIN32) && defined(STD_INPUT_HANDLE)
2997 int raw_read_stdin(void *buf,int siz)
2998 » {
2999 » DWORD n;
3000 » if (ReadFile(GetStdHandle(STD_INPUT_HANDLE),buf,siz,&n,NULL))
3001 » » return (n);
3002 » else» return (-1);
3003 » }
3004 #else
3005 int raw_read_stdin(void *buf,int siz)
3006 » {» return read(fileno(stdin),buf,siz);» }
3007 #endif
3008
3009 #if defined(_WIN32) && defined(STD_OUTPUT_HANDLE)
3010 int raw_write_stdout(const void *buf,int siz)
3011 » {
3012 » DWORD n;
3013 » if (WriteFile(GetStdHandle(STD_OUTPUT_HANDLE),buf,siz,&n,NULL))
3014 » » return (n);
3015 » else» return (-1);
3016 » }
3017 #else
3018 int raw_write_stdout(const void *buf,int siz)
3019 » {» return write(fileno(stdout),buf,siz);» }
3020 #endif
3021
3022 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
2583 /* next_protos_parse parses a comma separated list of strings into a string 3023 /* next_protos_parse parses a comma separated list of strings into a string
2584 * in a format suitable for passing to SSL_CTX_set_next_protos_advertised. 3024 * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
2585 * outlen: (output) set to the length of the resulting buffer on success. 3025 * outlen: (output) set to the length of the resulting buffer on success.
2586 * err: (maybe NULL) on failure, an error message line is written to this BIO.
2587 * in: a NUL termianted string like "abc,def,ghi" 3026 * in: a NUL termianted string like "abc,def,ghi"
2588 * 3027 *
2589 * returns: a malloced buffer 3028 * returns: a malloced buffer or NULL on failure.
2590 */ 3029 */
2591 unsigned char *next_protos_parse(unsigned short *outlen, const char *in) 3030 unsigned char *next_protos_parse(unsigned short *outlen, const char *in)
2592 { 3031 {
2593 size_t len; 3032 size_t len;
2594 unsigned char *out; 3033 unsigned char *out;
2595 size_t i, start = 0; 3034 size_t i, start = 0;
2596 3035
2597 len = strlen(in); 3036 len = strlen(in);
2598 » if (len > 65535) 3037 » if (len >= 65535)
2599 return NULL; 3038 return NULL;
2600 3039
2601 out = OPENSSL_malloc(strlen(in) + 1); 3040 out = OPENSSL_malloc(strlen(in) + 1);
2602 if (!out) 3041 if (!out)
2603 return NULL; 3042 return NULL;
2604 3043
2605 for (i = 0; i <= len; ++i) 3044 for (i = 0; i <= len; ++i)
2606 { 3045 {
2607 if (i == len || in[i] == ',') 3046 if (i == len || in[i] == ',')
2608 { 3047 {
2609 if (i - start > 255) 3048 if (i - start > 255)
2610 { 3049 {
2611 OPENSSL_free(out); 3050 OPENSSL_free(out);
2612 return NULL; 3051 return NULL;
2613 } 3052 }
2614 out[start] = i - start; 3053 out[start] = i - start;
2615 start = i + 1; 3054 start = i + 1;
2616 } 3055 }
2617 else 3056 else
2618 out[i+1] = in[i]; 3057 out[i+1] = in[i];
2619 } 3058 }
2620 3059
2621 *outlen = len + 1; 3060 *outlen = len + 1;
2622 return out; 3061 return out;
2623 } 3062 }
3063 #endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */
OLDNEW
« no previous file with comments | « openssl/apps/apps.h ('k') | openssl/apps/asn1pars.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698