apps.c 68.9 KB
Newer Older
1
/* apps/apps.c */
2
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110
/* ====================================================================
 * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
111

D
Dr. Stephen Henson 已提交
112
#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
113 114 115 116
#define _POSIX_C_SOURCE 2	/* On VMS, you need to define this to get
				   the declaration of fileno().  The value
				   2 is to make sure no function defined
				   in POSIX-2 is left undefined. */
D
Dr. Stephen Henson 已提交
117
#endif
118 119 120
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
D
Dr. Stephen Henson 已提交
121
#if !defined(OPENSSL_SYSNAME_WIN32) && !defined(NETWARE_CLIB)
B
Ben Laurie 已提交
122
#include <strings.h>
123
#endif
124
#include <sys/types.h>
R
Richard Levitte 已提交
125
#include <ctype.h>
126
#include <errno.h>
B
Ben Laurie 已提交
127
#include <assert.h>
128 129
#include <openssl/err.h>
#include <openssl/x509.h>
D
 
Dr. Stephen Henson 已提交
130
#include <openssl/x509v3.h>
131 132
#include <openssl/pem.h>
#include <openssl/pkcs12.h>
133
#include <openssl/ui.h>
134
#include <openssl/safestack.h>
135
#ifndef OPENSSL_NO_ENGINE
136
#include <openssl/engine.h>
137
#endif
N
make  
Nils Larsch 已提交
138
#ifndef OPENSSL_NO_RSA
G
Geoff Thorpe 已提交
139
#include <openssl/rsa.h>
N
make  
Nils Larsch 已提交
140
#endif
141
#include <openssl/bn.h>
D
Dr. Stephen Henson 已提交
142
#ifndef OPENSSL_NO_JPAKE
B
Ben Laurie 已提交
143
#include <openssl/jpake.h>
D
Dr. Stephen Henson 已提交
144
#endif
145

146 147 148 149
#define NON_MAIN
#include "apps.h"
#undef NON_MAIN

150 151 152 153 154
#ifdef _WIN32
static int WIN32_rename(const char *from, const char *to);
#define rename(from,to) WIN32_rename((from),(to))
#endif

155
typedef struct {
N
Nils Larsch 已提交
156
	const char *name;
157 158 159 160
	unsigned long flag;
	unsigned long mask;
} NAME_EX_TBL;

161 162
static UI_METHOD *ui_method = NULL;

163
static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
D
 
Dr. Stephen Henson 已提交
164
static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
165

166
#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
167 168 169 170 171 172
/* Looks like this stuff is worth moving into separate function */
static EVP_PKEY *
load_netscape_key(BIO *err, BIO *key, const char *file,
		const char *key_descrip, int format);
#endif

173 174
int app_init(long mesgwin);
#ifdef undef /* never finished - probably never will be :-) */
U
Ulf Möller 已提交
175
int args_from_file(char *file, int *argc, char **argv[])
176 177 178 179 180 181 182 183 184 185 186 187
	{
	FILE *fp;
	int num,i;
	unsigned int len;
	static char *buf=NULL;
	static char **arg=NULL;
	char *p;

	fp=fopen(file,"r");
	if (fp == NULL)
		return(0);

188 189 190 191 192 193 194 195 196
	if (fseek(fp,0,SEEK_END)==0)
		len=ftell(fp), rewind(fp);
	else	len=-1;
	if (len<=0)
		{
		fclose(fp);
		return(0);
		}

197 198 199
	*argc=0;
	*argv=NULL;

200 201
	if (buf != NULL) OPENSSL_free(buf);
	buf=(char *)OPENSSL_malloc(len+1);
202 203 204 205 206 207 208 209 210
	if (buf == NULL) return(0);

	len=fread(buf,1,len,fp);
	if (len <= 1) return(0);
	buf[len]='\0';

	i=0;
	for (p=buf; *p; p++)
		if (*p == '\n') i++;
211 212
	if (arg != NULL) OPENSSL_free(arg);
	arg=(char **)OPENSSL_malloc(sizeof(char *)*(i*2));
213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257

	*argv=arg;
	num=0;
	p=buf;
	for (;;)
		{
		if (!*p) break;
		if (*p == '#') /* comment line */
			{
			while (*p && (*p != '\n')) p++;
			continue;
			}
		/* else we have a line */
		*(arg++)=p;
		num++;
		while (*p && ((*p != ' ') && (*p != '\t') && (*p != '\n')))
			p++;
		if (!*p) break;
		if (*p == '\n')
			{
			*(p++)='\0';
			continue;
			}
		/* else it is a tab or space */
		p++;
		while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
			p++;
		if (!*p) break;
		if (*p == '\n')
			{
			p++;
			continue;
			}
		*(arg++)=p++;
		num++;
		while (*p && (*p != '\n')) p++;
		if (!*p) break;
		/* else *p == '\n' */
		*(p++)='\0';
		}
	*argc=num;
	return(1);
	}
#endif

U
Ulf Möller 已提交
258
int str2fmt(char *s)
259
	{
D
Dr. Stephen Henson 已提交
260 261
	if (s == NULL)
		return FORMAT_UNDEF;
262 263 264 265
	if 	((*s == 'D') || (*s == 'd'))
		return(FORMAT_ASN1);
	else if ((*s == 'T') || (*s == 't'))
		return(FORMAT_TEXT);
266 267 268 269 270 271
  	else if ((*s == 'N') || (*s == 'n'))
  		return(FORMAT_NETSCAPE);
  	else if ((*s == 'S') || (*s == 's'))
  		return(FORMAT_SMIME);
 	else if ((*s == 'M') || (*s == 'm'))
 		return(FORMAT_MSBLOB);
272 273 274 275
	else if ((*s == '1')
		|| (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
		|| (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
		return(FORMAT_PKCS12);
276 277
	else if ((*s == 'E') || (*s == 'e'))
		return(FORMAT_ENGINE);
D
Dr. Stephen Henson 已提交
278 279 280 281 282 283 284
	else if ((*s == 'P') || (*s == 'p'))
 		{
 		if (s[1] == 'V' || s[1] == 'v')
 			return FORMAT_PVK;
 		else
  			return(FORMAT_PEM);
 		}
285 286 287 288
	else
		return(FORMAT_UNDEF);
	}

R
Richard Levitte 已提交
289
#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_NETWARE)
U
Ulf Möller 已提交
290
void program_name(char *in, char *out, int size)
291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307
	{
	int i,n;
	char *p=NULL;

	n=strlen(in);
	/* find the last '/', '\' or ':' */
	for (i=n-1; i>0; i--)
		{
		if ((in[i] == '/') || (in[i] == '\\') || (in[i] == ':'))
			{
			p= &(in[i+1]);
			break;
			}
		}
	if (p == NULL)
		p=in;
	n=strlen(p);
R
Richard Levitte 已提交
308 309 310 311 312 313 314 315 316

#if defined(OPENSSL_SYS_NETWARE)
   /* strip off trailing .nlm if present. */
   if ((n > 4) && (p[n-4] == '.') &&
      ((p[n-3] == 'n') || (p[n-3] == 'N')) &&
      ((p[n-2] == 'l') || (p[n-2] == 'L')) &&
      ((p[n-1] == 'm') || (p[n-1] == 'M')))
      n-=4;
#else
317 318 319 320 321 322
	/* strip off trailing .exe if present. */
	if ((n > 4) && (p[n-4] == '.') &&
		((p[n-3] == 'e') || (p[n-3] == 'E')) &&
		((p[n-2] == 'x') || (p[n-2] == 'X')) &&
		((p[n-1] == 'e') || (p[n-1] == 'E')))
		n-=4;
R
Richard Levitte 已提交
323 324
#endif

325 326 327 328 329 330 331 332 333 334 335 336 337
	if (n > size-1)
		n=size-1;

	for (i=0; i<n; i++)
		{
		if ((p[i] >= 'A') && (p[i] <= 'Z'))
			out[i]=p[i]-'A'+'a';
		else
			out[i]=p[i];
		}
	out[n]='\0';
	}
#else
338
#ifdef OPENSSL_SYS_VMS
U
Ulf Möller 已提交
339 340 341 342 343 344 345 346 347 348 349 350 351 352 353
void program_name(char *in, char *out, int size)
	{
	char *p=in, *q;
	char *chars=":]>";

	while(*chars != '\0')
		{
		q=strrchr(p,*chars);
		if (q > p)
			p = q + 1;
		chars++;
		}

	q=strrchr(p,'.');
	if (q == NULL)
354 355 356 357 358 359 360 361 362 363
		q = p + strlen(p);
	strncpy(out,p,size-1);
	if (q-p >= size)
		{
		out[size-1]='\0';
		}
	else
		{
		out[q-p]='\0';
		}
U
Ulf Möller 已提交
364 365
	}
#else
U
Ulf Möller 已提交
366
void program_name(char *in, char *out, int size)
367 368 369 370 371 372 373 374
	{
	char *p;

	p=strrchr(in,'/');
	if (p != NULL)
		p++;
	else
		p=in;
375
	BUF_strlcpy(out,p,size);
376 377
	}
#endif
U
Ulf Möller 已提交
378
#endif
379

U
Ulf Möller 已提交
380
int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
381
	{
B
Ben Laurie 已提交
382
	int num,i;
383 384 385 386 387 388 389 390 391
	char *p;

	*argc=0;
	*argv=NULL;

	i=0;
	if (arg->count == 0)
		{
		arg->count=20;
392
		arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count);
393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409
		}
	for (i=0; i<arg->count; i++)
		arg->data[i]=NULL;

	num=0;
	p=buf;
	for (;;)
		{
		/* first scan over white space */
		if (!*p) break;
		while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
			p++;
		if (!*p) break;

		/* The start of something good :-) */
		if (num >= arg->count)
			{
N
Nils Larsch 已提交
410 411 412 413 414 415 416 417 418 419 420
			char **tmp_p;
			int tlen = arg->count + 20;
			tmp_p = (char **)OPENSSL_realloc(arg->data,
				sizeof(char *)*tlen);
			if (tmp_p == NULL)
				return 0;
			arg->data  = tmp_p;
			arg->count = tlen;
			/* initialize newly allocated data */
			for (i = num; i < arg->count; i++)
				arg->data[i] = NULL;
421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451
			}
		arg->data[num++]=p;

		/* now look for the end of this */
		if ((*p == '\'') || (*p == '\"')) /* scan for closing quote */
			{
			i= *(p++);
			arg->data[num-1]++; /* jump over quote */
			while (*p && (*p != i))
				p++;
			*p='\0';
			}
		else
			{
			while (*p && ((*p != ' ') &&
				(*p != '\t') && (*p != '\n')))
				p++;

			if (*p == '\0')
				p--;
			else
				*p='\0';
			}
		p++;
		}
	*argc=num;
	*argv=arg->data;
	return(1);
	}

#ifndef APP_INIT
U
Ulf Möller 已提交
452
int app_init(long mesgwin)
453 454 455 456
	{
	return(1);
	}
#endif
457

D
Dr. Stephen Henson 已提交
458

D
 
Dr. Stephen Henson 已提交
459 460
int dump_cert_text (BIO *out, X509 *x)
{
461 462 463
	char *p;

	p=X509_NAME_oneline(X509_get_subject_name(x),NULL,0);
D
 
Dr. Stephen Henson 已提交
464
	BIO_puts(out,"subject=");
465 466
	BIO_puts(out,p);
	OPENSSL_free(p);
D
 
Dr. Stephen Henson 已提交
467

468 469 470
	p=X509_NAME_oneline(X509_get_issuer_name(x),NULL,0);
	BIO_puts(out,"\nissuer=");
	BIO_puts(out,p);
D
 
Dr. Stephen Henson 已提交
471
	BIO_puts(out,"\n");
472 473 474
	OPENSSL_free(p);

	return 0;
D
 
Dr. Stephen Henson 已提交
475
}
D
Dr. Stephen Henson 已提交
476

477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492
static int ui_open(UI *ui)
	{
	return UI_method_get_opener(UI_OpenSSL())(ui);
	}
static int ui_read(UI *ui, UI_STRING *uis)
	{
	if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
		&& UI_get0_user_data(ui))
		{
		switch(UI_get_string_type(uis))
			{
		case UIT_PROMPT:
		case UIT_VERIFY:
			{
			const char *password =
				((PW_CB_DATA *)UI_get0_user_data(ui))->password;
493
			if (password && password[0] != '\0')
494
				{
495
				UI_set_result(ui, uis, password);
496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516
				return 1;
				}
			}
		default:
			break;
			}
		}
	return UI_method_get_reader(UI_OpenSSL())(ui, uis);
	}
static int ui_write(UI *ui, UI_STRING *uis)
	{
	if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
		&& UI_get0_user_data(ui))
		{
		switch(UI_get_string_type(uis))
			{
		case UIT_PROMPT:
		case UIT_VERIFY:
			{
			const char *password =
				((PW_CB_DATA *)UI_get0_user_data(ui))->password;
517
			if (password && password[0] != '\0')
518 519 520 521 522 523 524 525 526 527 528 529
				return 1;
			}
		default:
			break;
			}
		}
	return UI_method_get_writer(UI_OpenSSL())(ui, uis);
	}
static int ui_close(UI *ui)
	{
	return UI_method_get_closer(UI_OpenSSL())(ui);
	}
L
Lutz Jänicke 已提交
530
int setup_ui_method(void)
531 532 533 534 535 536 537 538
	{
	ui_method = UI_create_method("OpenSSL application user interface");
	UI_method_set_opener(ui_method, ui_open);
	UI_method_set_reader(ui_method, ui_read);
	UI_method_set_writer(ui_method, ui_write);
	UI_method_set_closer(ui_method, ui_close);
	return 0;
	}
L
Lutz Jänicke 已提交
539
void destroy_ui_method(void)
D
Dr. Stephen Henson 已提交
540 541 542 543 544 545 546
	{
	if(ui_method)
		{
		UI_destroy_method(ui_method);
		ui_method = NULL;
		}
	}
547
int password_callback(char *buf, int bufsiz, int verify,
548
	PW_CB_DATA *cb_tmp)
549
	{
550 551
	UI *ui = NULL;
	int res = 0;
552 553
	const char *prompt_info = NULL;
	const char *password = NULL;
554
	PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;
555 556 557 558 559 560 561 562 563

	if (cb_data)
		{
		if (cb_data->password)
			password = cb_data->password;
		if (cb_data->prompt_info)
			prompt_info = cb_data->prompt_info;
		}

D
 
Dr. Stephen Henson 已提交
564 565 566 567 568 569 570 571 572
	if (password)
		{
		res = strlen(password);
		if (res > bufsiz)
			res = bufsiz;
		memcpy(buf, password, res);
		return res;
		}

573 574 575 576 577 578 579
	ui = UI_new_method(ui_method);
	if (ui)
		{
		int ok = 0;
		char *buff = NULL;
		int ui_flags = 0;
		char *prompt = NULL;
580

581
		prompt = UI_construct_prompt(ui, "pass phrase",
D
PR: 940  
Dr. Stephen Henson 已提交
582
			prompt_info);
583

584
		ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
585
		UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
586 587

		if (ok >= 0)
588 589
			ok = UI_add_input_string(ui,prompt,ui_flags,buf,
				PW_MIN_LENGTH,BUFSIZ-1);
590 591 592
		if (ok >= 0 && verify)
			{
			buff = (char *)OPENSSL_malloc(bufsiz);
593 594
			ok = UI_add_verify_string(ui,prompt,ui_flags,buff,
				PW_MIN_LENGTH,BUFSIZ-1, buf);
595 596
			}
		if (ok >= 0)
597
			do
598
				{
599
				ok = UI_process(ui);
600
				}
601 602
			while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));

603
		if (buff)
604
			{
605
			OPENSSL_cleanse(buff,(unsigned int)bufsiz);
606
			OPENSSL_free(buff);
607
			}
608

609 610
		if (ok >= 0)
			res = strlen(buf);
611
		if (ok == -1)
612
			{
613 614
			BIO_printf(bio_err, "User interface error\n");
			ERR_print_errors(bio_err);
615
			OPENSSL_cleanse(buf,(unsigned int)bufsiz);
616
			res = 0;
617
			}
618 619 620
		if (ok == -2)
			{
			BIO_printf(bio_err,"aborted!\n");
621
			OPENSSL_cleanse(buf,(unsigned int)bufsiz);
622 623 624
			res = 0;
			}
		UI_free(ui);
625
		OPENSSL_free(prompt);
626
		}
627
	return res;
628 629
	}

D
Dr. Stephen Henson 已提交
630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668
static char *app_get_pass(BIO *err, char *arg, int keepbio);

int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2)
{
	int same;
	if(!arg2 || !arg1 || strcmp(arg1, arg2)) same = 0;
	else same = 1;
	if(arg1) {
		*pass1 = app_get_pass(err, arg1, same);
		if(!*pass1) return 0;
	} else if(pass1) *pass1 = NULL;
	if(arg2) {
		*pass2 = app_get_pass(err, arg2, same ? 2 : 0);
		if(!*pass2) return 0;
	} else if(pass2) *pass2 = NULL;
	return 1;
}

static char *app_get_pass(BIO *err, char *arg, int keepbio)
{
	char *tmp, tpass[APP_PASS_LEN];
	static BIO *pwdbio = NULL;
	int i;
	if(!strncmp(arg, "pass:", 5)) return BUF_strdup(arg + 5);
	if(!strncmp(arg, "env:", 4)) {
		tmp = getenv(arg + 4);
		if(!tmp) {
			BIO_printf(err, "Can't read environment variable %s\n", arg + 4);
			return NULL;
		}
		return BUF_strdup(tmp);
	}
	if(!keepbio || !pwdbio) {
		if(!strncmp(arg, "file:", 5)) {
			pwdbio = BIO_new_file(arg + 5, "r");
			if(!pwdbio) {
				BIO_printf(err, "Can't open file %s\n", arg + 5);
				return NULL;
			}
669 670 671 672 673 674 675 676 677
#if !defined(_WIN32)
		/*
		 * Under _WIN32, which covers even Win64 and CE, file
		 * descriptors referenced by BIO_s_fd are not inherited
		 * by child process and therefore below is not an option.
		 * It could have been an option if bss_fd.c was operating
		 * on real Windows descriptors, such as those obtained
		 * with CreateFile.
		 */
D
Dr. Stephen Henson 已提交
678 679 680 681 682 683 684 685 686 687 688
		} else if(!strncmp(arg, "fd:", 3)) {
			BIO *btmp;
			i = atoi(arg + 3);
			if(i >= 0) pwdbio = BIO_new_fd(i, BIO_NOCLOSE);
			if((i < 0) || !pwdbio) {
				BIO_printf(err, "Can't access file descriptor %s\n", arg + 3);
				return NULL;
			}
			/* Can't do BIO_gets on an fd BIO so add a buffering BIO */
			btmp = BIO_new(BIO_f_buffer());
			pwdbio = BIO_push(btmp, pwdbio);
689
#endif
D
Dr. Stephen Henson 已提交
690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713
		} else if(!strcmp(arg, "stdin")) {
			pwdbio = BIO_new_fp(stdin, BIO_NOCLOSE);
			if(!pwdbio) {
				BIO_printf(err, "Can't open BIO for stdin\n");
				return NULL;
			}
		} else {
			BIO_printf(err, "Invalid password argument \"%s\"\n", arg);
			return NULL;
		}
	}
	i = BIO_gets(pwdbio, tpass, APP_PASS_LEN);
	if(keepbio != 1) {
		BIO_free_all(pwdbio);
		pwdbio = NULL;
	}
	if(i <= 0) {
		BIO_printf(err, "Error reading password from BIO\n");
		return NULL;
	}
	tmp = strchr(tpass, '\n');
	if(tmp) *tmp = 0;
	return BUF_strdup(tpass);
}
714

D
 
Dr. Stephen Henson 已提交
715
int add_oid_section(BIO *err, CONF *conf)
716 717 718 719 720
{	
	char *p;
	STACK_OF(CONF_VALUE) *sktmp;
	CONF_VALUE *cnf;
	int i;
D
 
Dr. Stephen Henson 已提交
721
	if(!(p=NCONF_get_string(conf,NULL,"oid_section")))
722 723 724 725
		{
		ERR_clear_error();
		return 1;
		}
D
 
Dr. Stephen Henson 已提交
726
	if(!(sktmp = NCONF_get_section(conf, p))) {
727 728 729 730 731 732 733 734 735 736 737 738 739 740
		BIO_printf(err, "problem loading oid section %s\n", p);
		return 0;
	}
	for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
		cnf = sk_CONF_VALUE_value(sktmp, i);
		if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
			BIO_printf(err, "problem creating object %s=%s\n",
							 cnf->name, cnf->value);
			return 0;
		}
	}
	return 1;
}

741 742 743 744 745 746 747 748 749 750 751 752
static int load_pkcs12(BIO *err, BIO *in, const char *desc,
		pem_password_cb *pem_cb,  void *cb_data,
		EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
	{
 	const char *pass;
	char tpass[PEM_BUFSIZE];
	int len, ret = 0;
	PKCS12 *p12;
	p12 = d2i_PKCS12_bio(in, NULL);
	if (p12 == NULL)
		{
		BIO_printf(err, "Error loading PKCS12 file for %s\n", desc);	
753
		goto die;
754 755 756 757 758 759 760 761 762 763 764 765 766
		}
	/* See if an empty password will do */
	if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0))
		pass = "";
	else
		{
		if (!pem_cb)
			pem_cb = (pem_password_cb *)password_callback;
		len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data);
		if (len < 0) 
			{
			BIO_printf(err, "Passpharse callback error for %s\n",
					desc);
767
			goto die;
768 769 770 771 772 773 774
			}
		if (len < PEM_BUFSIZE)
			tpass[len] = 0;
		if (!PKCS12_verify_mac(p12, tpass, len))
			{
			BIO_printf(err,
	"Mac verify error (wrong password?) in PKCS12 file for %s\n", desc);	
775
			goto die;
776 777 778 779
			}
		pass = tpass;
		}
	ret = PKCS12_parse(p12, pass, pkey, cert, ca);
780
	die:
781 782 783 784 785
	if (p12)
		PKCS12_free(p12);
	return ret;
	}

786 787
X509 *load_cert(BIO *err, const char *file, int format,
	const char *pass, ENGINE *e, const char *cert_descrip)
788 789 790 791 792 793
	{
	X509 *x=NULL;
	BIO *cert;

	if ((cert=BIO_new(BIO_s_file())) == NULL)
		{
794
		ERR_print_errors(err);
795 796 797 798
		goto end;
		}

	if (file == NULL)
799
		{
800
#ifdef _IONBF
801
# ifndef OPENSSL_NO_SETVBUF_IONBF
802
		setvbuf(stdin, NULL, _IONBF, 0);
803
# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
804
#endif
805
		BIO_set_fp(cert,stdin,BIO_NOCLOSE);
806
		}
807 808 809 810
	else
		{
		if (BIO_read_filename(cert,file) <= 0)
			{
811 812 813
			BIO_printf(err, "Error opening %s %s\n",
				cert_descrip, file);
			ERR_print_errors(err);
814 815 816 817 818 819 820 821
			goto end;
			}
		}

	if 	(format == FORMAT_ASN1)
		x=d2i_X509_bio(cert,NULL);
	else if (format == FORMAT_NETSCAPE)
		{
822 823 824
		NETSCAPE_X509 *nx;
		nx=ASN1_item_d2i_bio(ASN1_ITEM_rptr(NETSCAPE_X509),cert,NULL);
		if (nx == NULL)
825 826
				goto end;

827 828
		if ((strncmp(NETSCAPE_CERT_HDR,(char *)nx->header->data,
			nx->header->length) != 0))
829
			{
830
			NETSCAPE_X509_free(nx);
831
			BIO_printf(err,"Error reading header on certificate\n");
832 833
			goto end;
			}
834 835 836
		x=nx->cert;
		nx->cert = NULL;
		NETSCAPE_X509_free(nx);
837 838
		}
	else if (format == FORMAT_PEM)
839 840
		x=PEM_read_bio_X509_AUX(cert,NULL,
			(pem_password_cb *)password_callback, NULL);
841 842
	else if (format == FORMAT_PKCS12)
		{
843 844 845
		if (!load_pkcs12(err, cert,cert_descrip, NULL, NULL,
					NULL, &x, NULL))
			goto end;
846 847
		}
	else	{
848 849
		BIO_printf(err,"bad input format specified for %s\n",
			cert_descrip);
850 851 852 853 854
		goto end;
		}
end:
	if (x == NULL)
		{
855 856
		BIO_printf(err,"unable to load certificate\n");
		ERR_print_errors(err);
857 858 859 860 861
		}
	if (cert != NULL) BIO_free(cert);
	return(x);
	}

862
EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
863
	const char *pass, ENGINE *e, const char *key_descrip)
864 865 866
	{
	BIO *key=NULL;
	EVP_PKEY *pkey=NULL;
867 868 869 870
	PW_CB_DATA cb_data;

	cb_data.password = pass;
	cb_data.prompt_info = file;
871

872
	if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE))
873
		{
874
		BIO_printf(err,"no keyfile specified\n");
875 876
		goto end;
		}
877
#ifndef OPENSSL_NO_ENGINE
878 879 880
	if (format == FORMAT_ENGINE)
		{
		if (!e)
D
Dr. Stephen Henson 已提交
881
			BIO_printf(err,"no engine specified\n");
882
		else
D
Dr. Stephen Henson 已提交
883
			{
884
			pkey = ENGINE_load_private_key(e, file,
885
				ui_method, &cb_data);
D
Dr. Stephen Henson 已提交
886 887 888 889 890 891
			if (!pkey) 
				{
				BIO_printf(err,"cannot load %s from engine\n",key_descrip);
				ERR_print_errors(err);
				}	
			}
892 893
		goto end;
		}
894
#endif
895 896 897
	key=BIO_new(BIO_s_file());
	if (key == NULL)
		{
898
		ERR_print_errors(err);
899 900
		goto end;
		}
901
	if (file == NULL && maybe_stdin)
902
		{
903
#ifdef _IONBF
904
# ifndef OPENSSL_NO_SETVBUF_IONBF
905
		setvbuf(stdin, NULL, _IONBF, 0);
906
# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
907
#endif
908
		BIO_set_fp(key,stdin,BIO_NOCLOSE);
909
		}
910 911 912 913 914 915 916 917
	else
		if (BIO_read_filename(key,file) <= 0)
			{
			BIO_printf(err, "Error opening %s %s\n",
				key_descrip, file);
			ERR_print_errors(err);
			goto end;
			}
918 919 920 921 922 923
	if (format == FORMAT_ASN1)
		{
		pkey=d2i_PrivateKey_bio(key, NULL);
		}
	else if (format == FORMAT_PEM)
		{
924 925
		pkey=PEM_read_bio_PrivateKey(key,NULL,
			(pem_password_cb *)password_callback, &cb_data);
926
		}
927
#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
928 929 930
	else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
		pkey = load_netscape_key(err, key, file, key_descrip, format);
#endif
931 932
	else if (format == FORMAT_PKCS12)
		{
933 934 935 936
		if (!load_pkcs12(err, key, key_descrip,
				(pem_password_cb *)password_callback, &cb_data,
				&pkey, NULL, NULL))
			goto end;
937
		}
D
Dr. Stephen Henson 已提交
938
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) && !defined (OPENSSL_NO_RC4)
939 940 941 942 943
	else if (format == FORMAT_MSBLOB)
		pkey = b2i_PrivateKey_bio(key);
	else if (format == FORMAT_PVK)
		pkey = b2i_PVK_bio(key, (pem_password_cb *)password_callback,
								&cb_data);
D
Dr. Stephen Henson 已提交
944
#endif
945 946
	else
		{
947
		BIO_printf(err,"bad input format specified for key file\n");
948 949 950 951
		goto end;
		}
 end:
	if (key != NULL) BIO_free(key);
D
Dr. Stephen Henson 已提交
952 953
	if (pkey == NULL) 
		{
954
		BIO_printf(err,"unable to load %s\n", key_descrip);
D
Dr. Stephen Henson 已提交
955 956
		ERR_print_errors(err);
		}	
957 958 959
	return(pkey);
	}

960
EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
961
	const char *pass, ENGINE *e, const char *key_descrip)
962 963 964
	{
	BIO *key=NULL;
	EVP_PKEY *pkey=NULL;
965 966 967 968
	PW_CB_DATA cb_data;

	cb_data.password = pass;
	cb_data.prompt_info = file;
969

970
	if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE))
971 972 973 974
		{
		BIO_printf(err,"no keyfile specified\n");
		goto end;
		}
975
#ifndef OPENSSL_NO_ENGINE
976 977 978 979 980
	if (format == FORMAT_ENGINE)
		{
		if (!e)
			BIO_printf(bio_err,"no engine specified\n");
		else
981
			pkey = ENGINE_load_public_key(e, file,
982
				ui_method, &cb_data);
983 984
		goto end;
		}
985
#endif
986 987 988 989 990 991
	key=BIO_new(BIO_s_file());
	if (key == NULL)
		{
		ERR_print_errors(err);
		goto end;
		}
992
	if (file == NULL && maybe_stdin)
993
		{
994
#ifdef _IONBF
995
# ifndef OPENSSL_NO_SETVBUF_IONBF
996
		setvbuf(stdin, NULL, _IONBF, 0);
997
# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
998
#endif
999 1000 1001 1002 1003 1004 1005 1006 1007
		BIO_set_fp(key,stdin,BIO_NOCLOSE);
		}
	else
		if (BIO_read_filename(key,file) <= 0)
			{
			BIO_printf(err, "Error opening %s %s\n",
				key_descrip, file);
			ERR_print_errors(err);
			goto end;
1008 1009 1010 1011 1012
		}
	if (format == FORMAT_ASN1)
		{
		pkey=d2i_PUBKEY_bio(key, NULL);
		}
D
Dr. Stephen Henson 已提交
1013
#ifndef OPENSSL_NO_RSA
1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042
	else if (format == FORMAT_ASN1RSA)
		{
		RSA *rsa;
		rsa = d2i_RSAPublicKey_bio(key, NULL);
		if (rsa)
			{
			pkey = EVP_PKEY_new();
			if (pkey)
				EVP_PKEY_set1_RSA(pkey, rsa);
			RSA_free(rsa);
			}
		else
			pkey = NULL;
		}
	else if (format == FORMAT_PEMRSA)
		{
		RSA *rsa;
		rsa = PEM_read_bio_RSAPublicKey(key, NULL, 
			(pem_password_cb *)password_callback, &cb_data);
		if (rsa)
			{
			pkey = EVP_PKEY_new();
			if (pkey)
				EVP_PKEY_set1_RSA(pkey, rsa);
			RSA_free(rsa);
			}
		else
			pkey = NULL;
		}
D
Dr. Stephen Henson 已提交
1043
#endif
1044 1045
	else if (format == FORMAT_PEM)
		{
1046 1047
		pkey=PEM_read_bio_PUBKEY(key,NULL,
			(pem_password_cb *)password_callback, &cb_data);
1048
		}
1049
#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
1050 1051 1052
	else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
		pkey = load_netscape_key(err, key, file, key_descrip, format);
#endif
D
Dr. Stephen Henson 已提交
1053
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
1054 1055
	else if (format == FORMAT_MSBLOB)
		pkey = b2i_PublicKey_bio(key);
D
Dr. Stephen Henson 已提交
1056
#endif
1057 1058
	else
		{
1059
		BIO_printf(err,"bad input format specified for key file\n");
1060 1061 1062 1063 1064
		goto end;
		}
 end:
	if (key != NULL) BIO_free(key);
	if (pkey == NULL)
1065
		BIO_printf(err,"unable to load %s\n", key_descrip);
1066 1067 1068
	return(pkey);
	}

1069
#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
L
Lutz Jänicke 已提交
1070
static EVP_PKEY *
1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086
load_netscape_key(BIO *err, BIO *key, const char *file,
		const char *key_descrip, int format)
	{
	EVP_PKEY *pkey;
	BUF_MEM *buf;
	RSA	*rsa;
	const unsigned char *p;
	int size, i;

	buf=BUF_MEM_new();
	pkey = EVP_PKEY_new();
	size = 0;
	if (buf == NULL || pkey == NULL)
		goto error;
	for (;;)
		{
1087
		if (!BUF_MEM_grow_clean(buf,size+1024*10))
1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114
			goto error;
		i = BIO_read(key, &(buf->data[size]), 1024*10);
		size += i;
		if (i == 0)
			break;
		if (i < 0)
			{
				BIO_printf(err, "Error reading %s %s",
					key_descrip, file);
				goto error;
			}
		}
	p=(unsigned char *)buf->data;
	rsa = d2i_RSA_NET(NULL,&p,(long)size,NULL,
		(format == FORMAT_IISSGC ? 1 : 0));
	if (rsa == NULL)
		goto error;
	BUF_MEM_free(buf);
	EVP_PKEY_set1_RSA(pkey, rsa);
	return pkey;
error:
	BUF_MEM_free(buf);
	EVP_PKEY_free(pkey);
	return NULL;
	}
#endif /* ndef OPENSSL_NO_RC4 */

1115 1116 1117
static int load_certs_crls(BIO *err, const char *file, int format,
	const char *pass, ENGINE *e, const char *desc,
	STACK_OF(X509) **pcerts, STACK_OF(X509_CRL) **pcrls)
1118 1119
	{
	int i;
1120 1121
	BIO *bio;
	STACK_OF(X509_INFO) *xis = NULL;
1122
	X509_INFO *xi;
1123
	PW_CB_DATA cb_data;
1124
	int rv = 0;
1125 1126 1127

	cb_data.password = pass;
	cb_data.prompt_info = file;
1128

1129
	if (format != FORMAT_PEM)
1130
		{
1131 1132
		BIO_printf(err,"bad input format specified for %s\n", desc);
		return 0;
1133 1134 1135
		}

	if (file == NULL)
1136
		bio = BIO_new_fp(stdin,BIO_NOCLOSE);
1137
	else
1138 1139 1140
		bio = BIO_new_file(file, "r");

	if (bio == NULL)
1141
		{
1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156
		BIO_printf(err, "Error opening %s %s\n",
				desc, file ? file : "stdin");
		ERR_print_errors(err);
		return 0;
		}

	xis = PEM_X509_INFO_read_bio(bio, NULL,
				(pem_password_cb *)password_callback, &cb_data);

	BIO_free(bio);

	if (pcerts)
		{
		*pcerts = sk_X509_new_null();
		if (!*pcerts)
1157 1158 1159
			goto end;
		}

1160
	if (pcrls)
1161
		{
1162 1163
		*pcrls = sk_X509_CRL_new_null();
		if (!*pcrls)
1164
			goto end;
1165 1166 1167 1168 1169 1170 1171 1172 1173 1174
		}

	for(i = 0; i < sk_X509_INFO_num(xis); i++)
		{
		xi = sk_X509_INFO_value (xis, i);
		if (xi->x509 && pcerts)
			{
			if (!sk_X509_push(*pcerts, xi->x509))
				goto end;
			xi->x509 = NULL;
1175
			}
1176
		if (xi->crl && pcrls)
1177
			{
1178 1179 1180
			if (!sk_X509_CRL_push(*pcrls, xi->crl))
				goto end;
			xi->crl = NULL;
1181 1182
			}
		}
1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195

	if (pcerts && sk_X509_num(*pcerts) > 0)
		rv = 1;

	if (pcrls && sk_X509_CRL_num(*pcrls) > 0)
		rv = 1;

	end:

	if (xis)
		sk_X509_INFO_pop_free(xis, X509_INFO_free);

	if (rv == 0)
1196
		{
1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208
		if (pcerts)
			{
			sk_X509_pop_free(*pcerts, X509_free);
			*pcerts = NULL;
			}
		if (pcrls)
			{
			sk_X509_CRL_pop_free(*pcrls, X509_CRL_free);
			*pcrls = NULL;
			}
		BIO_printf(err,"unable to load %s\n",
				pcerts ? "certificates" : "CRLs");
1209
		ERR_print_errors(err);
1210
		}
1211
	return rv;
1212 1213
	}

1214 1215 1216 1217
STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
	const char *pass, ENGINE *e, const char *desc)
	{
	STACK_OF(X509) *certs;
D
Dr. Stephen Henson 已提交
1218 1219
	if (!load_certs_crls(err, file, format, pass, e, desc, &certs, NULL))
		return NULL;
1220 1221 1222 1223 1224 1225 1226
	return certs;
	}	

STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format,
	const char *pass, ENGINE *e, const char *desc)
	{
	STACK_OF(X509_CRL) *crls;
D
Dr. Stephen Henson 已提交
1227 1228
	if (!load_certs_crls(err, file, format, pass, e, desc, NULL, &crls))
		return NULL;
1229 1230
	return crls;
	}	
1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241

#define X509V3_EXT_UNKNOWN_MASK		(0xfL << 16)
/* Return error for unknown extensions */
#define X509V3_EXT_DEFAULT		0
/* Print error for unknown extensions */
#define X509V3_EXT_ERROR_UNKNOWN	(1L << 16)
/* ASN1 parse unknown extensions */
#define X509V3_EXT_PARSE_UNKNOWN	(2L << 16)
/* BIO_dump unknown extensions */
#define X509V3_EXT_DUMP_UNKNOWN		(3L << 16)

D
 
Dr. Stephen Henson 已提交
1242 1243 1244
#define X509_FLAG_CA (X509_FLAG_NO_ISSUER | X509_FLAG_NO_PUBKEY | \
			 X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION)

1245 1246 1247 1248
int set_cert_ex(unsigned long *flags, const char *arg)
{
	static const NAME_EX_TBL cert_tbl[] = {
		{ "compatible", X509_FLAG_COMPAT, 0xffffffffl},
D
 
Dr. Stephen Henson 已提交
1249
		{ "ca_default", X509_FLAG_CA, 0xffffffffl},
1250 1251 1252 1253 1254 1255
		{ "no_header", X509_FLAG_NO_HEADER, 0},
		{ "no_version", X509_FLAG_NO_VERSION, 0},
		{ "no_serial", X509_FLAG_NO_SERIAL, 0},
		{ "no_signame", X509_FLAG_NO_SIGNAME, 0},
		{ "no_validity", X509_FLAG_NO_VALIDITY, 0},
		{ "no_subject", X509_FLAG_NO_SUBJECT, 0},
D
 
Dr. Stephen Henson 已提交
1256
		{ "no_issuer", X509_FLAG_NO_ISSUER, 0},
1257 1258 1259 1260
		{ "no_pubkey", X509_FLAG_NO_PUBKEY, 0},
		{ "no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
		{ "no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
		{ "no_aux", X509_FLAG_NO_AUX, 0},
D
 
Dr. Stephen Henson 已提交
1261
		{ "no_attributes", X509_FLAG_NO_ATTRIBUTES, 0},
1262 1263 1264 1265 1266 1267
		{ "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
		{ "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
		{ "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
		{ "ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
		{ NULL, 0, 0}
	};
D
 
Dr. Stephen Henson 已提交
1268
	return set_multi_opts(flags, arg, cert_tbl);
1269
}
D
 
Dr. Stephen Henson 已提交
1270 1271 1272

int set_name_ex(unsigned long *flags, const char *arg)
{
1273
	static const NAME_EX_TBL ex_tbl[] = {
D
 
Dr. Stephen Henson 已提交
1274 1275 1276 1277 1278
		{ "esc_2253", ASN1_STRFLGS_ESC_2253, 0},
		{ "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
		{ "esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
		{ "use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
		{ "utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},
D
 
Dr. Stephen Henson 已提交
1279 1280
		{ "ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},
		{ "show_type", ASN1_STRFLGS_SHOW_TYPE, 0},
D
 
Dr. Stephen Henson 已提交
1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292
		{ "dump_all", ASN1_STRFLGS_DUMP_ALL, 0},
		{ "dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},
		{ "dump_der", ASN1_STRFLGS_DUMP_DER, 0},
		{ "compat", XN_FLAG_COMPAT, 0xffffffffL},
		{ "sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},
		{ "sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},
		{ "sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},
		{ "sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},
		{ "dn_rev", XN_FLAG_DN_REV, 0},
		{ "nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
		{ "sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
		{ "lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
1293
		{ "align", XN_FLAG_FN_ALIGN, 0},
D
 
Dr. Stephen Henson 已提交
1294 1295 1296 1297 1298 1299
		{ "oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
		{ "space_eq", XN_FLAG_SPC_EQ, 0},
		{ "dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
		{ "RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
		{ "oneline", XN_FLAG_ONELINE, 0xffffffffL},
		{ "multiline", XN_FLAG_MULTILINE, 0xffffffffL},
D
 
Dr. Stephen Henson 已提交
1300
		{ "ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
D
 
Dr. Stephen Henson 已提交
1301 1302
		{ NULL, 0, 0}
	};
D
 
Dr. Stephen Henson 已提交
1303 1304 1305
	return set_multi_opts(flags, arg, ex_tbl);
}

1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361
int set_ext_copy(int *copy_type, const char *arg)
{
	if (!strcasecmp(arg, "none"))
		*copy_type = EXT_COPY_NONE;
	else if (!strcasecmp(arg, "copy"))
		*copy_type = EXT_COPY_ADD;
	else if (!strcasecmp(arg, "copyall"))
		*copy_type = EXT_COPY_ALL;
	else
		return 0;
	return 1;
}

int copy_extensions(X509 *x, X509_REQ *req, int copy_type)
{
	STACK_OF(X509_EXTENSION) *exts = NULL;
	X509_EXTENSION *ext, *tmpext;
	ASN1_OBJECT *obj;
	int i, idx, ret = 0;
	if (!x || !req || (copy_type == EXT_COPY_NONE))
		return 1;
	exts = X509_REQ_get_extensions(req);

	for(i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
		ext = sk_X509_EXTENSION_value(exts, i);
		obj = X509_EXTENSION_get_object(ext);
		idx = X509_get_ext_by_OBJ(x, obj, -1);
		/* Does extension exist? */
		if (idx != -1) {
			/* If normal copy don't override existing extension */
			if (copy_type == EXT_COPY_ADD)
				continue;
			/* Delete all extensions of same type */
			do {
				tmpext = X509_get_ext(x, idx);
				X509_delete_ext(x, idx);
				X509_EXTENSION_free(tmpext);
				idx = X509_get_ext_by_OBJ(x, obj, -1);
			} while (idx != -1);
		}
		if (!X509_add_ext(x, ext, -1))
			goto end;
	}

	ret = 1;

	end:

	sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);

	return ret;
}
		
		
			

D
 
Dr. Stephen Henson 已提交
1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375
static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
{
	STACK_OF(CONF_VALUE) *vals;
	CONF_VALUE *val;
	int i, ret = 1;
	if(!arg) return 0;
	vals = X509V3_parse_list(arg);
	for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
		val = sk_CONF_VALUE_value(vals, i);
		if (!set_table_opts(flags, val->name, in_tbl))
			ret = 0;
	}
	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
	return ret;
1376
}
D
 
Dr. Stephen Henson 已提交
1377

1378 1379 1380 1381
static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
{
	char c;
	const NAME_EX_TBL *ptbl;
D
 
Dr. Stephen Henson 已提交
1382 1383 1384 1385 1386 1387 1388 1389 1390 1391
	c = arg[0];

	if(c == '-') {
		c = 0;
		arg++;
	} else if (c == '+') {
		c = 1;
		arg++;
	} else c = 1;

1392
	for(ptbl = in_tbl; ptbl->name; ptbl++) {
1393
		if(!strcasecmp(arg, ptbl->name)) {
D
 
Dr. Stephen Henson 已提交
1394 1395 1396 1397 1398 1399 1400 1401 1402
			*flags &= ~ptbl->mask;
			if(c) *flags |= ptbl->flag;
			else *flags &= ~ptbl->flag;
			return 1;
		}
	}
	return 0;
}

N
Nils Larsch 已提交
1403
void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags)
D
 
Dr. Stephen Henson 已提交
1404
{
1405
	char *buf;
D
 
Dr. Stephen Henson 已提交
1406 1407
	char mline = 0;
	int indent = 0;
1408

D
 
Dr. Stephen Henson 已提交
1409 1410 1411 1412 1413 1414
	if(title) BIO_puts(out, title);
	if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
		mline = 1;
		indent = 4;
	}
	if(lflags == XN_FLAG_COMPAT) {
1415 1416
		buf = X509_NAME_oneline(nm, 0, 0);
		BIO_puts(out, buf);
D
 
Dr. Stephen Henson 已提交
1417
		BIO_puts(out, "\n");
1418
		OPENSSL_free(buf);
D
 
Dr. Stephen Henson 已提交
1419 1420 1421 1422 1423 1424 1425
	} else {
		if(mline) BIO_puts(out, "\n");
		X509_NAME_print_ex(out, nm, indent, lflags);
		BIO_puts(out, "\n");
	}
}

D
 
Dr. Stephen Henson 已提交
1426 1427 1428 1429 1430 1431 1432 1433 1434 1435 1436 1437 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454
X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath)
{
	X509_STORE *store;
	X509_LOOKUP *lookup;
	if(!(store = X509_STORE_new())) goto end;
	lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
	if (lookup == NULL) goto end;
	if (CAfile) {
		if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) {
			BIO_printf(bp, "Error loading file %s\n", CAfile);
			goto end;
		}
	} else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
		
	lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
	if (lookup == NULL) goto end;
	if (CApath) {
		if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) {
			BIO_printf(bp, "Error loading directory %s\n", CApath);
			goto end;
		}
	} else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);

	ERR_clear_error();
	return store;
	end:
	X509_STORE_free(store);
	return NULL;
}
1455

1456
#ifndef OPENSSL_NO_ENGINE
1457
/* Try to load an engine in a shareable library */
L
Lutz Jänicke 已提交
1458
static ENGINE *try_load_engine(BIO *err, const char *engine, int debug)
1459 1460 1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 1471 1472
	{
	ENGINE *e = ENGINE_by_id("dynamic");
	if (e)
		{
		if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0)
			|| !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
			{
			ENGINE_free(e);
			e = NULL;
			}
		}
	return e;
	}

1473 1474 1475 1476 1477 1478
ENGINE *setup_engine(BIO *err, const char *engine, int debug)
        {
        ENGINE *e = NULL;

        if (engine)
                {
1479 1480 1481 1482 1483 1484
		if(strcmp(engine, "auto") == 0)
			{
			BIO_printf(err,"enabling auto ENGINE support\n");
			ENGINE_register_all_complete();
			return NULL;
			}
1485 1486
		if((e = ENGINE_by_id(engine)) == NULL
			&& (e = try_load_engine(err, engine, debug)) == NULL)
1487 1488
			{
			BIO_printf(err,"invalid engine \"%s\"\n", engine);
1489
			ERR_print_errors(err);
1490 1491 1492 1493 1494 1495 1496
			return NULL;
			}
		if (debug)
			{
			ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
				0, err, 0);
			}
1497
                ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);
1498 1499 1500
		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
			{
			BIO_printf(err,"can't use that engine\n");
1501
			ERR_print_errors(err);
1502
			ENGINE_free(e);
1503 1504
			return NULL;
			}
1505

1506
		BIO_printf(err,"engine \"%s\" set.\n", ENGINE_get_id(e));
1507

1508 1509 1510 1511 1512
		/* Free our "structural" reference. */
		ENGINE_free(e);
		}
        return e;
        }
1513
#endif
D
Dr. Stephen Henson 已提交
1514 1515 1516

int load_config(BIO *err, CONF *cnf)
	{
1517 1518 1519 1520
	static int load_config_called = 0;
	if (load_config_called)
		return 1;
	load_config_called = 1;
D
Dr. Stephen Henson 已提交
1521 1522 1523 1524 1525 1526 1527 1528 1529 1530 1531 1532 1533 1534 1535
	if (!cnf)
		cnf = config;
	if (!cnf)
		return 1;

	OPENSSL_load_builtin_modules();

	if (CONF_modules_load(cnf, NULL, 0) <= 0)
		{
		BIO_printf(err, "Error configuring OpenSSL\n");
		ERR_print_errors(err);
		return 0;
		}
	return 1;
	}
1536 1537 1538 1539

char *make_config_name()
	{
	const char *t=X509_get_default_cert_area();
1540
	size_t len;
1541 1542
	char *p;

1543 1544 1545
	len=strlen(t)+strlen(OPENSSL_CONF)+2;
	p=OPENSSL_malloc(len);
	BUF_strlcpy(p,t,len);
1546
#ifndef OPENSSL_SYS_VMS
1547
	BUF_strlcat(p,"/",len);
1548
#endif
1549
	BUF_strlcat(p,OPENSSL_CONF,len);
1550 1551 1552

	return p;
	}
1553

D
Dr. Stephen Henson 已提交
1554
static unsigned long index_serial_hash(const OPENSSL_CSTRING *a)
1555 1556 1557 1558 1559 1560 1561 1562
	{
	const char *n;

	n=a[DB_serial];
	while (*n == '0') n++;
	return(lh_strhash(n));
	}

D
Dr. Stephen Henson 已提交
1563
static int index_serial_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
1564 1565 1566 1567 1568 1569 1570 1571 1572 1573 1574
	{
	const char *aa,*bb;

	for (aa=a[DB_serial]; *aa == '0'; aa++);
	for (bb=b[DB_serial]; *bb == '0'; bb++);
	return(strcmp(aa,bb));
	}

static int index_name_qual(char **a)
	{ return(a[0][0] == 'V'); }

D
Dr. Stephen Henson 已提交
1575
static unsigned long index_name_hash(const OPENSSL_CSTRING *a)
1576 1577
	{ return(lh_strhash(a[DB_name])); }

D
Dr. Stephen Henson 已提交
1578
int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
B
Ben Laurie 已提交
1579
	{ return(strcmp(a[DB_name], b[DB_name])); }
1580

D
Dr. Stephen Henson 已提交
1581 1582 1583 1584
static IMPLEMENT_LHASH_HASH_FN(index_serial, OPENSSL_CSTRING)
static IMPLEMENT_LHASH_COMP_FN(index_serial, OPENSSL_CSTRING)
static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING)
static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING)
1585 1586 1587 1588 1589 1590 1591 1592 1593 1594 1595 1596 1597 1598 1599 1600 1601 1602 1603 1604 1605 1606 1607 1608 1609 1610 1611 1612 1613 1614

#undef BSIZE
#define BSIZE 256

BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai)
	{
	BIO *in=NULL;
	BIGNUM *ret=NULL;
	MS_STATIC char buf[1024];
	ASN1_INTEGER *ai=NULL;

	ai=ASN1_INTEGER_new();
	if (ai == NULL) goto err;

	if ((in=BIO_new(BIO_s_file())) == NULL)
		{
		ERR_print_errors(bio_err);
		goto err;
		}

	if (BIO_read_filename(in,serialfile) <= 0)
		{
		if (!create)
			{
			perror(serialfile);
			goto err;
			}
		else
			{
			ret=BN_new();
1615
			if (ret == NULL || !rand_serial(ret, ai))
1616 1617 1618 1619 1620 1621 1622 1623 1624 1625 1626 1627 1628 1629 1630 1631 1632 1633 1634 1635 1636 1637 1638 1639 1640 1641 1642 1643 1644 1645
				BIO_printf(bio_err, "Out of memory\n");
			}
		}
	else
		{
		if (!a2i_ASN1_INTEGER(in,ai,buf,1024))
			{
			BIO_printf(bio_err,"unable to load number from %s\n",
				serialfile);
			goto err;
			}
		ret=ASN1_INTEGER_to_BN(ai,NULL);
		if (ret == NULL)
			{
			BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");
			goto err;
			}
		}

	if (ret && retai)
		{
		*retai = ai;
		ai = NULL;
		}
 err:
	if (in != NULL) BIO_free(in);
	if (ai != NULL) ASN1_INTEGER_free(ai);
	return(ret);
	}

1646
int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai)
1647
	{
1648 1649
	char buf[1][BSIZE];
	BIO *out = NULL;
1650 1651
	int ret=0;
	ASN1_INTEGER *ai=NULL;
1652 1653 1654 1655 1656 1657 1658 1659 1660 1661 1662
	int j;

	if (suffix == NULL)
		j = strlen(serialfile);
	else
		j = strlen(serialfile) + strlen(suffix) + 1;
	if (j >= BSIZE)
		{
		BIO_printf(bio_err,"file name too long\n");
		goto err;
		}
1663

1664 1665 1666 1667 1668 1669 1670 1671 1672 1673 1674 1675 1676
	if (suffix == NULL)
		BUF_strlcpy(buf[0], serialfile, BSIZE);
	else
		{
#ifndef OPENSSL_SYS_VMS
		j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix);
#else
		j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);
#endif
		}
#ifdef RL_DEBUG
	BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
#endif
1677 1678 1679 1680 1681 1682
	out=BIO_new(BIO_s_file());
	if (out == NULL)
		{
		ERR_print_errors(bio_err);
		goto err;
		}
1683
	if (BIO_write_filename(out,buf[0]) <= 0)
1684 1685 1686 1687 1688 1689 1690 1691 1692 1693 1694 1695 1696 1697 1698 1699 1700 1701 1702 1703 1704 1705 1706 1707
		{
		perror(serialfile);
		goto err;
		}

	if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL)
		{
		BIO_printf(bio_err,"error converting serial to ASN.1 format\n");
		goto err;
		}
	i2a_ASN1_INTEGER(out,ai);
	BIO_puts(out,"\n");
	ret=1;
	if (retai)
		{
		*retai = ai;
		ai = NULL;
		}
err:
	if (out != NULL) BIO_free_all(out);
	if (ai != NULL) ASN1_INTEGER_free(ai);
	return(ret);
	}

1708 1709 1710 1711 1712 1713 1714 1715 1716 1717 1718 1719 1720 1721 1722 1723 1724 1725 1726 1727 1728 1729 1730 1731 1732 1733 1734 1735
int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
	{
	char buf[5][BSIZE];
	int i,j;

	i = strlen(serialfile) + strlen(old_suffix);
	j = strlen(serialfile) + strlen(new_suffix);
	if (i > j) j = i;
	if (j + 1 >= BSIZE)
		{
		BIO_printf(bio_err,"file name too long\n");
		goto err;
		}

#ifndef OPENSSL_SYS_VMS
	j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",
		serialfile, new_suffix);
#else
	j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",
		serialfile, new_suffix);
#endif
#ifndef OPENSSL_SYS_VMS
	j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",
		serialfile, old_suffix);
#else
	j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
		serialfile, old_suffix);
#endif
1736 1737 1738 1739 1740
#ifdef RL_DEBUG
	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
		serialfile, buf[1]);
#endif
	if (rename(serialfile,buf[1]) < 0 && errno != ENOENT
1741
#ifdef ENOTDIR
A
Andy Polyakov 已提交
1742
			&& errno != ENOTDIR
1743
#endif
1744
	   )		{
1745 1746 1747 1748 1749 1750 1751 1752 1753 1754 1755 1756 1757 1758 1759 1760 1761 1762 1763 1764 1765 1766 1767 1768
			BIO_printf(bio_err,
				"unable to rename %s to %s\n",
				serialfile, buf[1]);
			perror("reason");
			goto err;
			}
#ifdef RL_DEBUG
	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
		buf[0],serialfile);
#endif
	if (rename(buf[0],serialfile) < 0)
		{
		BIO_printf(bio_err,
			"unable to rename %s to %s\n",
			buf[0],serialfile);
		perror("reason");
		rename(buf[1],serialfile);
		goto err;
		}
	return 1;
 err:
	return 0;
	}

1769 1770 1771 1772 1773 1774 1775 1776 1777 1778 1779 1780 1781 1782 1783 1784 1785 1786 1787 1788 1789 1790 1791 1792 1793 1794 1795
int rand_serial(BIGNUM *b, ASN1_INTEGER *ai)
	{
	BIGNUM *btmp;
	int ret = 0;
	if (b)
		btmp = b;
	else
		btmp = BN_new();

	if (!btmp)
		return 0;

	if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0))
		goto error;
	if (ai && !BN_to_ASN1_INTEGER(btmp, ai))
		goto error;

	ret = 1;
	
	error:

	if (!b)
		BN_free(btmp);
	
	return ret;
	}

1796 1797 1798 1799 1800 1801 1802 1803 1804 1805 1806 1807 1808 1809 1810 1811 1812 1813 1814 1815 1816 1817 1818 1819 1820 1821 1822 1823 1824 1825 1826 1827 1828 1829 1830 1831 1832 1833 1834 1835 1836 1837 1838 1839 1840 1841 1842 1843 1844 1845 1846 1847 1848 1849 1850 1851 1852 1853 1854 1855 1856 1857 1858 1859 1860
CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
	{
	CA_DB *retdb = NULL;
	TXT_DB *tmpdb = NULL;
	BIO *in = BIO_new(BIO_s_file());
	CONF *dbattr_conf = NULL;
	char buf[1][BSIZE];
	long errorline= -1;

	if (in == NULL)
		{
		ERR_print_errors(bio_err);
		goto err;
		}
	if (BIO_read_filename(in,dbfile) <= 0)
		{
		perror(dbfile);
		BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
		goto err;
		}
	if ((tmpdb = TXT_DB_read(in,DB_NUMBER)) == NULL)
		goto err;

#ifndef OPENSSL_SYS_VMS
	BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile);
#else
	BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile);
#endif
	dbattr_conf = NCONF_new(NULL);
	if (NCONF_load(dbattr_conf,buf[0],&errorline) <= 0)
		{
		if (errorline > 0)
			{
			BIO_printf(bio_err,
				"error on line %ld of db attribute file '%s'\n"
				,errorline,buf[0]);
			goto err;
			}
		else
			{
			NCONF_free(dbattr_conf);
			dbattr_conf = NULL;
			}
		}

	if ((retdb = OPENSSL_malloc(sizeof(CA_DB))) == NULL)
		{
		fprintf(stderr, "Out of memory\n");
		goto err;
		}

	retdb->db = tmpdb;
	tmpdb = NULL;
	if (db_attr)
		retdb->attributes = *db_attr;
	else
		{
		retdb->attributes.unique_subject = 1;
		}

	if (dbattr_conf)
		{
		char *p = NCONF_get_string(dbattr_conf,NULL,"unique_subject");
		if (p)
			{
1861
#ifdef RL_DEBUG
1862
			BIO_printf(bio_err, "DEBUG[load_index]: unique_subject = \"%s\"\n", p);
1863
#endif
1864
			retdb->attributes.unique_subject = parse_yesno(p,1);
1865 1866 1867 1868 1869 1870 1871 1872 1873 1874 1875 1876 1877
			}
		}

 err:
	if (dbattr_conf) NCONF_free(dbattr_conf);
	if (tmpdb) TXT_DB_free(tmpdb);
	if (in) BIO_free_all(in);
	return retdb;
	}

int index_index(CA_DB *db)
	{
	if (!TXT_DB_create_index(db->db, DB_serial, NULL,
B
Ben Laurie 已提交
1878 1879
				LHASH_HASH_FN(index_serial),
				LHASH_COMP_FN(index_serial)))
1880 1881 1882 1883 1884 1885 1886 1887 1888
		{
		BIO_printf(bio_err,
		  "error creating serial number index:(%ld,%ld,%ld)\n",
		  			db->db->error,db->db->arg1,db->db->arg2);
			return 0;
		}

	if (db->attributes.unique_subject
		&& !TXT_DB_create_index(db->db, DB_name, index_name_qual,
B
Ben Laurie 已提交
1889 1890
			LHASH_HASH_FN(index_name),
			LHASH_COMP_FN(index_name)))
1891 1892 1893 1894 1895 1896 1897 1898
		{
		BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
			db->db->error,db->db->arg1,db->db->arg2);
		return 0;
		}
	return 1;
	}

N
Nils Larsch 已提交
1899
int save_index(const char *dbfile, const char *suffix, CA_DB *db)
1900 1901 1902 1903 1904 1905 1906 1907 1908 1909 1910 1911 1912 1913 1914 1915 1916 1917 1918 1919 1920 1921 1922 1923 1924 1925 1926 1927 1928 1929 1930 1931 1932
	{
	char buf[3][BSIZE];
	BIO *out = BIO_new(BIO_s_file());
	int j;

	if (out == NULL)
		{
		ERR_print_errors(bio_err);
		goto err;
		}

	j = strlen(dbfile) + strlen(suffix);
	if (j + 6 >= BSIZE)
		{
		BIO_printf(bio_err,"file name too long\n");
		goto err;
		}

#ifndef OPENSSL_SYS_VMS
	j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
#else
	j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
#endif
#ifndef OPENSSL_SYS_VMS
	j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
#else
	j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
#endif
#ifndef OPENSSL_SYS_VMS
	j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
#else
	j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);
#endif
1933
#ifdef RL_DEBUG
1934
	BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
1935
#endif
1936 1937 1938 1939 1940 1941 1942 1943 1944 1945 1946 1947
	if (BIO_write_filename(out,buf[0]) <= 0)
		{
		perror(dbfile);
		BIO_printf(bio_err,"unable to open '%s'\n", dbfile);
		goto err;
		}
	j=TXT_DB_write(out,db->db);
	if (j <= 0) goto err;
			
	BIO_free(out);

	out = BIO_new(BIO_s_file());
1948
#ifdef RL_DEBUG
1949
	BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[1]);
1950
#endif
1951 1952 1953 1954 1955 1956 1957 1958 1959 1960 1961 1962 1963 1964 1965
	if (BIO_write_filename(out,buf[1]) <= 0)
		{
		perror(buf[2]);
		BIO_printf(bio_err,"unable to open '%s'\n", buf[2]);
		goto err;
		}
	BIO_printf(out,"unique_subject = %s\n",
		db->attributes.unique_subject ? "yes" : "no");
	BIO_free(out);

	return 1;
 err:
	return 0;
	}

N
Nils Larsch 已提交
1966
int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix)
1967 1968 1969 1970 1971 1972 1973 1974 1975 1976 1977 1978 1979 1980 1981 1982 1983 1984 1985 1986 1987 1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012
	{
	char buf[5][BSIZE];
	int i,j;

	i = strlen(dbfile) + strlen(old_suffix);
	j = strlen(dbfile) + strlen(new_suffix);
	if (i > j) j = i;
	if (j + 6 >= BSIZE)
		{
		BIO_printf(bio_err,"file name too long\n");
		goto err;
		}

#ifndef OPENSSL_SYS_VMS
	j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
#else
	j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
#endif
#ifndef OPENSSL_SYS_VMS
	j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s",
		dbfile, new_suffix);
#else
	j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s",
		dbfile, new_suffix);
#endif
#ifndef OPENSSL_SYS_VMS
	j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",
		dbfile, new_suffix);
#else
	j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",
		dbfile, new_suffix);
#endif
#ifndef OPENSSL_SYS_VMS
	j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",
		dbfile, old_suffix);
#else
	j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
		dbfile, old_suffix);
#endif
#ifndef OPENSSL_SYS_VMS
	j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s",
		dbfile, old_suffix);
#else
	j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s",
		dbfile, old_suffix);
#endif
2013
#ifdef RL_DEBUG
2014 2015
	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
		dbfile, buf[1]);
2016
#endif
2017 2018 2019 2020 2021
	if (rename(dbfile,buf[1]) < 0 && errno != ENOENT
#ifdef ENOTDIR
		&& errno != ENOTDIR
#endif
	   )		{
2022 2023 2024 2025 2026 2027
			BIO_printf(bio_err,
				"unable to rename %s to %s\n",
				dbfile, buf[1]);
			perror("reason");
			goto err;
			}
2028
#ifdef RL_DEBUG
2029 2030
	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
		buf[0],dbfile);
2031
#endif
2032 2033 2034 2035 2036 2037 2038 2039 2040
	if (rename(buf[0],dbfile) < 0)
		{
		BIO_printf(bio_err,
			"unable to rename %s to %s\n",
			buf[0],dbfile);
		perror("reason");
		rename(buf[1],dbfile);
		goto err;
		}
2041
#ifdef RL_DEBUG
2042 2043
	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
		buf[4],buf[3]);
2044
#endif
2045 2046 2047 2048 2049
	if (rename(buf[4],buf[3]) < 0 && errno != ENOENT
#ifdef ENOTDIR
		&& errno != ENOTDIR
#endif
	   )		{
2050 2051 2052 2053 2054 2055 2056 2057
			BIO_printf(bio_err,
				"unable to rename %s to %s\n",
				buf[4], buf[3]);
			perror("reason");
			rename(dbfile,buf[0]);
			rename(buf[1],dbfile);
			goto err;
			}
2058
#ifdef RL_DEBUG
2059 2060
	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
		buf[2],buf[4]);
2061
#endif
2062 2063 2064 2065 2066 2067 2068 2069 2070 2071 2072 2073 2074 2075 2076 2077 2078 2079
	if (rename(buf[2],buf[4]) < 0)
		{
		BIO_printf(bio_err,
			"unable to rename %s to %s\n",
			buf[2],buf[4]);
		perror("reason");
		rename(buf[3],buf[4]);
		rename(dbfile,buf[0]);
		rename(buf[1],dbfile);
		goto err;
		}
	return 1;
 err:
	return 0;
	}

void free_index(CA_DB *db)
	{
2080 2081 2082 2083 2084
	if (db)
		{
		if (db->db) TXT_DB_free(db->db);
		OPENSSL_free(db);
		}
2085
	}
2086

N
Nils Larsch 已提交
2087
int parse_yesno(const char *str, int def)
2088 2089 2090 2091 2092 2093 2094 2095 2096 2097 2098 2099 2100 2101 2102 2103 2104 2105
	{
	int ret = def;
	if (str)
		{
		switch (*str)
			{
		case 'f': /* false */
		case 'F': /* FALSE */
		case 'n': /* no */
		case 'N': /* NO */
		case '0': /* 0 */
			ret = 0;
			break;
		case 't': /* true */
		case 'T': /* TRUE */
		case 'y': /* yes */
		case 'Y': /* YES */
		case '1': /* 1 */
2106
			ret = 1;
2107 2108 2109 2110 2111 2112 2113 2114 2115
			break;
		default:
			ret = def;
			break;
			}
		}
	return ret;
	}

2116 2117 2118 2119 2120 2121 2122 2123 2124 2125 2126 2127 2128 2129 2130 2131 2132 2133 2134 2135 2136 2137 2138 2139 2140 2141 2142 2143 2144 2145 2146 2147 2148 2149 2150 2151 2152 2153 2154 2155 2156 2157 2158 2159 2160 2161 2162 2163 2164 2165 2166 2167 2168 2169 2170 2171 2172 2173 2174 2175 2176 2177 2178 2179 2180 2181 2182 2183 2184 2185 2186 2187 2188 2189 2190 2191 2192 2193 2194 2195 2196 2197 2198 2199 2200 2201 2202 2203 2204 2205 2206 2207 2208 2209 2210 2211 2212 2213 2214 2215 2216 2217 2218 2219 2220 2221 2222 2223 2224 2225 2226 2227 2228 2229 2230 2231 2232 2233 2234 2235 2236 2237 2238 2239 2240 2241 2242 2243 2244 2245 2246 2247 2248 2249 2250 2251
/*
 * subject is expected to be in the format /type0=value0/type1=value1/type2=...
 * where characters may be escaped by \
 */
X509_NAME *parse_name(char *subject, long chtype, int multirdn)
	{
	size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */
	char *buf = OPENSSL_malloc(buflen);
	size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */
	char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *));
	char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *));
	int *mval = OPENSSL_malloc (max_ne * sizeof (int));

	char *sp = subject, *bp = buf;
	int i, ne_num = 0;

	X509_NAME *n = NULL;
	int nid;

	if (!buf || !ne_types || !ne_values)
		{
		BIO_printf(bio_err, "malloc error\n");
		goto error;
		}	

	if (*subject != '/')
		{
		BIO_printf(bio_err, "Subject does not start with '/'.\n");
		goto error;
		}
	sp++; /* skip leading / */

	/* no multivalued RDN by default */
	mval[ne_num] = 0;

	while (*sp)
		{
		/* collect type */
		ne_types[ne_num] = bp;
		while (*sp)
			{
			if (*sp == '\\') /* is there anything to escape in the type...? */
				{
				if (*++sp)
					*bp++ = *sp++;
				else	
					{
					BIO_printf(bio_err, "escape character at end of string\n");
					goto error;
					}
				}	
			else if (*sp == '=')
				{
				sp++;
				*bp++ = '\0';
				break;
				}
			else
				*bp++ = *sp++;
			}
		if (!*sp)
			{
			BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num);
			goto error;
			}
		ne_values[ne_num] = bp;
		while (*sp)
			{
			if (*sp == '\\')
				{
				if (*++sp)
					*bp++ = *sp++;
				else
					{
					BIO_printf(bio_err, "escape character at end of string\n");
					goto error;
					}
				}
			else if (*sp == '/')
				{
				sp++;
				/* no multivalued RDN by default */
				mval[ne_num+1] = 0;
				break;
				}
			else if (*sp == '+' && multirdn)
				{
				/* a not escaped + signals a mutlivalued RDN */
				sp++;
				mval[ne_num+1] = -1;
				break;
				}
			else
				*bp++ = *sp++;
			}
		*bp++ = '\0';
		ne_num++;
		}	

	if (!(n = X509_NAME_new()))
		goto error;

	for (i = 0; i < ne_num; i++)
		{
		if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef)
			{
			BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]);
			continue;
			}

		if (!*ne_values[i])
			{
			BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]);
			continue;
			}

		if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,mval[i]))
			goto error;
		}

	OPENSSL_free(ne_values);
	OPENSSL_free(ne_types);
	OPENSSL_free(buf);
	return n;

error:
	X509_NAME_free(n);
	if (ne_values)
		OPENSSL_free(ne_values);
	if (ne_types)
		OPENSSL_free(ne_types);
	if (buf)
		OPENSSL_free(buf);
	return NULL;
}

D
Dr. Stephen Henson 已提交
2252 2253
int args_verify(char ***pargs, int *pargc,
			int *badarg, BIO *err, X509_VERIFY_PARAM **pm)
2254 2255 2256
	{
	ASN1_OBJECT *otmp = NULL;
	unsigned long flags = 0;
D
Dr. Stephen Henson 已提交
2257
	int i;
2258
	int purpose = 0, depth = -1;
D
Dr. Stephen Henson 已提交
2259
	char **oldargs = *pargs;
2260
	char *arg = **pargs, *argn = (*pargs)[1];
2261
	const X509_VERIFY_PARAM *vpm = NULL;
2262
	time_t at_time = 0;
2263 2264 2265 2266 2267 2268 2269 2270 2271 2272 2273 2274 2275 2276 2277 2278
	if (!strcmp(arg, "-policy"))
		{
		if (!argn)
			*badarg = 1;
		else
			{
			otmp = OBJ_txt2obj(argn, 0);
			if (!otmp)
				{
				BIO_printf(err, "Invalid Policy \"%s\"\n",
									argn);
				*badarg = 1;
				}
			}
		(*pargs)++;
		}
D
Dr. Stephen Henson 已提交
2279 2280 2281 2282 2283 2284 2285 2286 2287 2288 2289 2290 2291 2292 2293 2294 2295 2296 2297 2298 2299
	else if (strcmp(arg,"-purpose") == 0)
		{
		X509_PURPOSE *xptmp;
		if (!argn)
			*badarg = 1;
		else
			{
			i = X509_PURPOSE_get_by_sname(argn);
			if(i < 0)
				{
				BIO_printf(err, "unrecognized purpose\n");
				*badarg = 1;
				}
			else
				{
				xptmp = X509_PURPOSE_get0(i);
				purpose = X509_PURPOSE_get_id(xptmp);
				}
			}
		(*pargs)++;
		}
2300 2301 2302 2303 2304 2305 2306 2307 2308 2309 2310 2311 2312 2313 2314
	else if (strcmp(arg,"-verify_name") == 0)
		{
		if (!argn)
			*badarg = 1;
		else
			{
			vpm = X509_VERIFY_PARAM_lookup(argn);
			if(!vpm)
				{
				BIO_printf(err, "unrecognized verify name\n");
				*badarg = 1;
				}
			}
		(*pargs)++;
		}
2315 2316 2317 2318 2319 2320 2321 2322 2323 2324 2325 2326 2327 2328 2329
	else if (strcmp(arg,"-verify_depth") == 0)
		{
		if (!argn)
			*badarg = 1;
		else
			{
			depth = atoi(argn);
			if(depth < 0)
				{
				BIO_printf(err, "invalid depth\n");
				*badarg = 1;
				}
			}
		(*pargs)++;
		}
2330 2331 2332 2333 2334 2335 2336 2337 2338 2339 2340 2341 2342 2343 2344 2345 2346 2347 2348 2349
	else if (strcmp(arg,"-attime") == 0)
		{
		if (!argn)
			*badarg = 1;
		else
			{
			long timestamp;
			/* interpret argument as seconds since Epoch */
			if (sscanf(argn, "%li", &timestamp) != 1)
				{
				BIO_printf(bio_err,
						"Error parsing timestamp %s\n",
					   	argn);
				*badarg = 1;
				}
			/* on some platforms time_t may be a float */
			at_time = (time_t) timestamp;
			}
		(*pargs)++;
		}
2350 2351 2352 2353 2354 2355 2356 2357 2358 2359 2360 2361
	else if (!strcmp(arg, "-ignore_critical"))
		flags |= X509_V_FLAG_IGNORE_CRITICAL;
	else if (!strcmp(arg, "-issuer_checks"))
		flags |= X509_V_FLAG_CB_ISSUER_CHECK;
	else if (!strcmp(arg, "-crl_check"))
		flags |=  X509_V_FLAG_CRL_CHECK;
	else if (!strcmp(arg, "-crl_check_all"))
		flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
	else if (!strcmp(arg, "-policy_check"))
		flags |= X509_V_FLAG_POLICY_CHECK;
	else if (!strcmp(arg, "-explicit_policy"))
		flags |= X509_V_FLAG_EXPLICIT_POLICY;
2362 2363
	else if (!strcmp(arg, "-inhibit_any"))
		flags |= X509_V_FLAG_INHIBIT_ANY;
2364 2365
	else if (!strcmp(arg, "-inhibit_map"))
		flags |= X509_V_FLAG_INHIBIT_MAP;
2366 2367
	else if (!strcmp(arg, "-x509_strict"))
		flags |= X509_V_FLAG_X509_STRICT;
2368 2369
	else if (!strcmp(arg, "-extended_crl"))
		flags |= X509_V_FLAG_EXTENDED_CRL_SUPPORT;
2370 2371
	else if (!strcmp(arg, "-use_deltas"))
		flags |= X509_V_FLAG_USE_DELTAS;
2372 2373
	else if (!strcmp(arg, "-policy_print"))
		flags |= X509_V_FLAG_NOTIFY_POLICY;
D
Dr. Stephen Henson 已提交
2374 2375
	else if (!strcmp(arg, "-check_ss_sig"))
		flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
2376 2377
	else if (!strcmp(arg, "-trusted_first"))
		flags |= X509_V_FLAG_TRUSTED_FIRST;
2378 2379 2380 2381 2382 2383 2384 2385
	else
		return 0;

	if (*badarg)
		{
		if (*pm)
			X509_VERIFY_PARAM_free(*pm);
		*pm = NULL;
D
Dr. Stephen Henson 已提交
2386
		goto end;
2387 2388 2389 2390 2391
		}

	if (!*pm && !(*pm = X509_VERIFY_PARAM_new()))
		{
		*badarg = 1;
D
Dr. Stephen Henson 已提交
2392
		goto end;
2393 2394
		}

2395 2396 2397
	if (vpm)
		X509_VERIFY_PARAM_set1(*pm, vpm);

2398 2399 2400 2401 2402
	if (otmp)
		X509_VERIFY_PARAM_add0_policy(*pm, otmp);
	if (flags)
		X509_VERIFY_PARAM_set_flags(*pm, flags);

D
Dr. Stephen Henson 已提交
2403 2404 2405
	if (purpose)
		X509_VERIFY_PARAM_set_purpose(*pm, purpose);

2406 2407 2408
	if (depth >= 0)
		X509_VERIFY_PARAM_set_depth(*pm, depth);

2409 2410 2411
	if (at_time) 
		X509_VERIFY_PARAM_set_time(*pm, at_time);

D
Dr. Stephen Henson 已提交
2412 2413
	end:

2414 2415
	(*pargs)++;

D
Dr. Stephen Henson 已提交
2416 2417 2418
	if (pargc)
		*pargc -= *pargs - oldargs;

2419 2420 2421
	return 1;

	}
D
Dr. Stephen Henson 已提交
2422

2423 2424 2425 2426 2427 2428 2429 2430 2431 2432 2433 2434 2435 2436 2437 2438 2439 2440 2441 2442 2443 2444 2445 2446 2447 2448 2449 2450 2451 2452 2453 2454 2455 2456 2457 2458 2459
/* Read whole contents of a BIO into an allocated memory buffer and
 * return it.
 */

int bio_to_mem(unsigned char **out, int maxlen, BIO *in)
	{
	BIO *mem;
	int len, ret;
	unsigned char tbuf[1024];
	mem = BIO_new(BIO_s_mem());
	if (!mem)
		return -1;
	for(;;)
		{
		if ((maxlen != -1) && maxlen < 1024)
			len = maxlen;
		else
			len = 1024;
		len = BIO_read(in, tbuf, len);
		if (len <= 0)
			break;
		if (BIO_write(mem, tbuf, len) != len)
			{
			BIO_free(mem);
			return -1;
			}
		maxlen -= len;

		if (maxlen == 0)
			break;
		}
	ret = BIO_get_mem_data(mem, (char **)out);
	BIO_set_flags(mem, BIO_FLAGS_MEM_RDONLY);
	BIO_free(mem);
	return ret;
	}

2460
int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value)
2461
	{
2462
	int rv;
2463 2464 2465 2466 2467 2468 2469 2470 2471 2472 2473 2474 2475 2476 2477
	char *stmp, *vtmp = NULL;
	stmp = BUF_strdup(value);
	if (!stmp)
		return -1;
	vtmp = strchr(stmp, ':');
	if (vtmp)
		{
		*vtmp = 0;
		vtmp++;
		}
	rv = EVP_PKEY_CTX_ctrl_str(ctx, stmp, vtmp);
	OPENSSL_free(stmp);
	return rv;
	}

N
Nils Larsch 已提交
2478 2479
static void nodes_print(BIO *out, const char *name,
	STACK_OF(X509_POLICY_NODE) *nodes)
D
Dr. Stephen Henson 已提交
2480 2481 2482 2483 2484 2485 2486 2487 2488 2489 2490 2491 2492 2493 2494 2495 2496 2497 2498 2499 2500 2501 2502 2503 2504 2505 2506 2507 2508 2509 2510 2511 2512 2513 2514 2515 2516 2517
	{
	X509_POLICY_NODE *node;
	int i;
	BIO_printf(out, "%s Policies:", name);
	if (nodes)
		{
		BIO_puts(out, "\n");
		for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++)
			{
			node = sk_X509_POLICY_NODE_value(nodes, i);
			X509_POLICY_NODE_print(out, node, 2);
			}
		}
	else
		BIO_puts(out, " <empty>\n");
	}

void policies_print(BIO *out, X509_STORE_CTX *ctx)
	{
	X509_POLICY_TREE *tree;
	int explicit_policy;
	int free_out = 0;
	if (out == NULL)
		{
		out = BIO_new_fp(stderr, BIO_NOCLOSE);
		free_out = 1;
		}
	tree = X509_STORE_CTX_get0_policy_tree(ctx);
	explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx);

	BIO_printf(out, "Require explicit Policy: %s\n",
				explicit_policy ? "True" : "False");

	nodes_print(out, "Authority", X509_policy_tree_get0_policies(tree));
	nodes_print(out, "User", X509_policy_tree_get0_user_policies(tree));
	if (free_out)
		BIO_free(out);
	}
2518

D
Dr. Stephen Henson 已提交
2519
#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
D
Dr. Stephen Henson 已提交
2520

B
Ben Laurie 已提交
2521 2522 2523 2524 2525 2526 2527 2528 2529
static JPAKE_CTX *jpake_init(const char *us, const char *them,
							 const char *secret)
	{
	BIGNUM *p = NULL;
	BIGNUM *g = NULL;
	BIGNUM *q = NULL;
	BIGNUM *bnsecret = BN_new();
	JPAKE_CTX *ctx;

2530
	/* Use a safe prime for p (that we found earlier) */
B
Ben Laurie 已提交
2531 2532 2533 2534 2535 2536
	BN_hex2bn(&p, "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F");
	g = BN_new();
	BN_set_word(g, 2);
	q = BN_new();
	BN_rshift1(q, p);

2537
	BN_bin2bn((const unsigned char *)secret, strlen(secret), bnsecret);
B
Ben Laurie 已提交
2538 2539 2540 2541 2542 2543 2544 2545 2546 2547 2548 2549 2550 2551 2552 2553 2554 2555 2556 2557 2558 2559 2560 2561 2562 2563 2564 2565

	ctx = JPAKE_CTX_new(us, them, p, g, q, bnsecret);
	BN_free(bnsecret);
	BN_free(q);
	BN_free(g);
	BN_free(p);

	return ctx;
	}

static void jpake_send_part(BIO *conn, const JPAKE_STEP_PART *p)
	{
	BN_print(conn, p->gx);
	BIO_puts(conn, "\n");
	BN_print(conn, p->zkpx.gr);
	BIO_puts(conn, "\n");
	BN_print(conn, p->zkpx.b);
	BIO_puts(conn, "\n");
	}

static void jpake_send_step1(BIO *bconn, JPAKE_CTX *ctx)
	{
	JPAKE_STEP1 s1;

	JPAKE_STEP1_init(&s1);
	JPAKE_STEP1_generate(&s1, ctx);
	jpake_send_part(bconn, &s1.p1);
	jpake_send_part(bconn, &s1.p2);
2566
	(void)BIO_flush(bconn);
B
Ben Laurie 已提交
2567 2568 2569 2570 2571 2572 2573 2574 2575 2576
	JPAKE_STEP1_release(&s1);
	}

static void jpake_send_step2(BIO *bconn, JPAKE_CTX *ctx)
	{
	JPAKE_STEP2 s2;

	JPAKE_STEP2_init(&s2);
	JPAKE_STEP2_generate(&s2, ctx);
	jpake_send_part(bconn, &s2);
2577
	(void)BIO_flush(bconn);
B
Ben Laurie 已提交
2578 2579 2580 2581 2582 2583 2584 2585 2586 2587
	JPAKE_STEP2_release(&s2);
	}

static void jpake_send_step3a(BIO *bconn, JPAKE_CTX *ctx)
	{
	JPAKE_STEP3A s3a;

	JPAKE_STEP3A_init(&s3a);
	JPAKE_STEP3A_generate(&s3a, ctx);
	BIO_write(bconn, s3a.hhk, sizeof s3a.hhk);
2588
	(void)BIO_flush(bconn);
B
Ben Laurie 已提交
2589 2590 2591 2592 2593 2594 2595 2596 2597 2598
	JPAKE_STEP3A_release(&s3a);
	}

static void jpake_send_step3b(BIO *bconn, JPAKE_CTX *ctx)
	{
	JPAKE_STEP3B s3b;

	JPAKE_STEP3B_init(&s3b);
	JPAKE_STEP3B_generate(&s3b, ctx);
	BIO_write(bconn, s3b.hk, sizeof s3b.hk);
2599
	(void)BIO_flush(bconn);
B
Ben Laurie 已提交
2600 2601 2602 2603 2604 2605 2606 2607 2608
	JPAKE_STEP3B_release(&s3b);
	}

static void readbn(BIGNUM **bn, BIO *bconn)
	{
	char buf[10240];
	int l;

	l = BIO_gets(bconn, buf, sizeof buf);
D
Dr. Stephen Henson 已提交
2609
	assert(l > 0);
B
Ben Laurie 已提交
2610 2611 2612 2613 2614 2615 2616 2617 2618 2619 2620 2621 2622 2623 2624 2625 2626 2627 2628 2629 2630 2631 2632 2633 2634 2635 2636 2637 2638 2639 2640 2641 2642 2643 2644 2645 2646 2647 2648 2649 2650 2651 2652 2653 2654 2655 2656 2657 2658 2659 2660 2661 2662 2663 2664 2665 2666 2667 2668 2669 2670 2671 2672 2673 2674 2675 2676 2677 2678 2679 2680 2681 2682 2683 2684 2685 2686 2687 2688 2689 2690 2691 2692 2693 2694 2695 2696 2697 2698 2699 2700 2701
	assert(buf[l-1] == '\n');
	buf[l-1] = '\0';
	BN_hex2bn(bn, buf);
	}

static void jpake_receive_part(JPAKE_STEP_PART *p, BIO *bconn)
	{
	readbn(&p->gx, bconn);
	readbn(&p->zkpx.gr, bconn);
	readbn(&p->zkpx.b, bconn);
	}

static void jpake_receive_step1(JPAKE_CTX *ctx, BIO *bconn)
	{
	JPAKE_STEP1 s1;

	JPAKE_STEP1_init(&s1);
	jpake_receive_part(&s1.p1, bconn);
	jpake_receive_part(&s1.p2, bconn);
	if(!JPAKE_STEP1_process(ctx, &s1))
		{
		ERR_print_errors(bio_err);
		exit(1);
		}
	JPAKE_STEP1_release(&s1);
	}

static void jpake_receive_step2(JPAKE_CTX *ctx, BIO *bconn)
	{
	JPAKE_STEP2 s2;

	JPAKE_STEP2_init(&s2);
	jpake_receive_part(&s2, bconn);
	if(!JPAKE_STEP2_process(ctx, &s2))
		{
		ERR_print_errors(bio_err);
		exit(1);
		}
	JPAKE_STEP2_release(&s2);
	}

static void jpake_receive_step3a(JPAKE_CTX *ctx, BIO *bconn)
	{
	JPAKE_STEP3A s3a;
	int l;

	JPAKE_STEP3A_init(&s3a);
	l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk);
	assert(l == sizeof s3a.hhk);
	if(!JPAKE_STEP3A_process(ctx, &s3a))
		{
		ERR_print_errors(bio_err);
		exit(1);
		}
	JPAKE_STEP3A_release(&s3a);
	}

static void jpake_receive_step3b(JPAKE_CTX *ctx, BIO *bconn)
	{
	JPAKE_STEP3B s3b;
	int l;

	JPAKE_STEP3B_init(&s3b);
	l = BIO_read(bconn, s3b.hk, sizeof s3b.hk);
	assert(l == sizeof s3b.hk);
	if(!JPAKE_STEP3B_process(ctx, &s3b))
		{
		ERR_print_errors(bio_err);
		exit(1);
		}
	JPAKE_STEP3B_release(&s3b);
	}

void jpake_client_auth(BIO *out, BIO *conn, const char *secret)
	{
	JPAKE_CTX *ctx;
	BIO *bconn;

	BIO_puts(out, "Authenticating with JPAKE\n");

	ctx = jpake_init("client", "server", secret);

	bconn = BIO_new(BIO_f_buffer());
	BIO_push(bconn, conn);

	jpake_send_step1(bconn, ctx);
	jpake_receive_step1(ctx, bconn);
	jpake_send_step2(bconn, ctx);
	jpake_receive_step2(ctx, bconn);
	jpake_send_step3a(bconn, ctx);
	jpake_receive_step3b(ctx, bconn);

2702 2703 2704
	BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");

	psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
B
Ben Laurie 已提交
2705 2706 2707

	BIO_pop(bconn);
	BIO_free(bconn);
2708 2709

	JPAKE_CTX_free(ctx);
B
Ben Laurie 已提交
2710 2711 2712 2713 2714 2715 2716 2717 2718 2719 2720 2721 2722 2723 2724 2725 2726 2727 2728 2729 2730
	}

void jpake_server_auth(BIO *out, BIO *conn, const char *secret)
	{
	JPAKE_CTX *ctx;
	BIO *bconn;

	BIO_puts(out, "Authenticating with JPAKE\n");

	ctx = jpake_init("server", "client", secret);

	bconn = BIO_new(BIO_f_buffer());
	BIO_push(bconn, conn);

	jpake_receive_step1(ctx, bconn);
	jpake_send_step1(bconn, ctx);
	jpake_receive_step2(ctx, bconn);
	jpake_send_step2(bconn, ctx);
	jpake_receive_step3a(ctx, bconn);
	jpake_send_step3b(bconn, ctx);

2731 2732 2733
	BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");

	psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
B
Ben Laurie 已提交
2734 2735 2736

	BIO_pop(bconn);
	BIO_free(bconn);
2737 2738

	JPAKE_CTX_free(ctx);
B
Ben Laurie 已提交
2739 2740
	}

D
Dr. Stephen Henson 已提交
2741 2742
#endif

2743 2744 2745
/*
 * Platform-specific sections
 */
2746
#if defined(_WIN32)
2747 2748 2749 2750 2751 2752 2753 2754 2755 2756 2757 2758 2759 2760 2761 2762 2763 2764 2765 2766 2767 2768 2769 2770 2771 2772 2773 2774 2775 2776 2777 2778 2779 2780 2781 2782 2783 2784 2785 2786 2787 2788 2789 2790 2791 2792 2793 2794 2795 2796 2797 2798 2799 2800 2801
# ifdef fileno
#  undef fileno
#  define fileno(a) (int)_fileno(a)
# endif

# include <windows.h>
# include <tchar.h>

static int WIN32_rename(const char *from, const char *to)
	{
	TCHAR  *tfrom=NULL,*tto;
	DWORD	err;
	int	ret=0;

	if (sizeof(TCHAR) == 1)
		{
		tfrom = (TCHAR *)from;
		tto   = (TCHAR *)to;
		}
	else	/* UNICODE path */
		{
		size_t i,flen=strlen(from)+1,tlen=strlen(to)+1;
		tfrom = (TCHAR *)malloc(sizeof(TCHAR)*(flen+tlen));
		if (tfrom==NULL) goto err;
		tto=tfrom+flen;
#if !defined(_WIN32_WCE) || _WIN32_WCE>=101
		if (!MultiByteToWideChar(CP_ACP,0,from,flen,(WCHAR *)tfrom,flen))
#endif
			for (i=0;i<flen;i++)	tfrom[i]=(TCHAR)from[i];
#if !defined(_WIN32_WCE) || _WIN32_WCE>=101
		if (!MultiByteToWideChar(CP_ACP,0,to,  tlen,(WCHAR *)tto,  tlen))
#endif
			for (i=0;i<tlen;i++)	tto[i]  =(TCHAR)to[i];
		}

	if (MoveFile(tfrom,tto))	goto ok;
	err=GetLastError();
	if (err==ERROR_ALREADY_EXISTS || err==ERROR_FILE_EXISTS)
		{
		if (DeleteFile(tto) && MoveFile(tfrom,tto))
			goto ok;
		err=GetLastError();
		}
	if (err==ERROR_FILE_NOT_FOUND || err==ERROR_PATH_NOT_FOUND)
		errno = ENOENT;
	else if (err==ERROR_ACCESS_DENIED)
		errno = EACCES;
	else
		errno = EINVAL;	/* we could map more codes... */
err:
	ret=-1;
ok:
	if (tfrom!=NULL && tfrom!=(TCHAR *)from)	free(tfrom);
	return ret;
	}
2802 2803 2804 2805 2806 2807 2808 2809 2810
#endif

/* app_tminterval section */
#if defined(_WIN32)
double app_tminterval(int stop,int usertime)
	{
	FILETIME		now;
	double			ret=0;
	static ULARGE_INTEGER	tmstart;
2811
	static int		warning=1;
2812 2813 2814 2815 2816 2817 2818 2819 2820 2821 2822 2823 2824 2825 2826 2827 2828 2829 2830
#ifdef _WIN32_WINNT
	static HANDLE		proc=NULL;

	if (proc==NULL)
		{
		if (GetVersion() < 0x80000000)
			proc = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,
						GetCurrentProcessId());
		if (proc==NULL) proc = (HANDLE)-1;
		}

	if (usertime && proc!=(HANDLE)-1)
		{
		FILETIME junk;
		GetProcessTimes(proc,&junk,&junk,&junk,&now);
		}
	else
#endif
		{
2831 2832
		SYSTEMTIME systime;

2833 2834 2835
		if (usertime && warning)
			{
			BIO_printf(bio_err,"To get meaningful results, run "
2836
					   "this program on idle system.\n");
A
Andy Polyakov 已提交
2837
			warning=0;
2838
			}
2839 2840 2841 2842 2843 2844 2845 2846 2847 2848 2849 2850 2851 2852 2853
		GetSystemTime(&systime);
		SystemTimeToFileTime(&systime,&now);
		}

	if (stop==TM_START)
		{
		tmstart.u.LowPart  = now.dwLowDateTime;
		tmstart.u.HighPart = now.dwHighDateTime;
		}
	else	{
		ULARGE_INTEGER tmstop;

		tmstop.u.LowPart   = now.dwLowDateTime;
		tmstop.u.HighPart  = now.dwHighDateTime;

A
Andy Polyakov 已提交
2854
		ret = (__int64)(tmstop.QuadPart - tmstart.QuadPart)*1e-7;
2855 2856 2857 2858 2859
		}

	return (ret);
	}

D
Dr. Stephen Henson 已提交
2860
#elif defined(OPENSSL_SYS_NETWARE)
A
Andy Polyakov 已提交
2861 2862 2863 2864 2865 2866 2867 2868 2869 2870 2871 2872 2873 2874 2875 2876 2877 2878 2879 2880 2881
#include <time.h>

double app_tminterval(int stop,int usertime)
	{
	double		ret=0;
	static clock_t	tmstart;
	static int	warning=1;

	if (usertime && warning)
		{
		BIO_printf(bio_err,"To get meaningful results, run "
				   "this program on idle system.\n");
		warning=0;
		}

	if (stop==TM_START)	tmstart = clock();
	else			ret     = (clock()-tmstart)/(double)CLOCKS_PER_SEC;

	return (ret);
	}

A
Andy Polyakov 已提交
2882 2883 2884 2885 2886 2887 2888 2889 2890 2891 2892 2893 2894 2895 2896 2897 2898 2899 2900 2901 2902 2903 2904 2905 2906 2907 2908 2909 2910 2911 2912 2913 2914 2915 2916
#elif defined(OPENSSL_SYSTEM_VXWORKS)
#include <time.h>

double app_tminterval(int stop,int usertime)
	{
	double ret=0;
#ifdef CLOCK_REALTIME
	static struct timespec	tmstart;
	struct timespec		now;
#else
	static unsigned long	tmstart;
	unsigned long		now;
#endif
	static int warning=1;

	if (usertime && warning)
		{
		BIO_printf(bio_err,"To get meaningful results, run "
				   "this program on idle system.\n");
		warning=0;
		}

#ifdef CLOCK_REALTIME
	clock_gettime(CLOCK_REALTIME,&now);
	if (stop==TM_START)	tmstart = now;
	else	ret = ( (now.tv_sec+now.tv_nsec*1e-9)
			- (tmstart.tv_sec+tmstart.tv_nsec*1e-9) );
#else
	now = tickGet();
	if (stop==TM_START)	tmstart = now;
	else			ret = (now - tmstart)/(double)sysClkRateGet();
#endif
	return (ret);
	}

A
Andy Polyakov 已提交
2917 2918 2919 2920 2921 2922 2923 2924 2925 2926 2927 2928 2929 2930 2931 2932 2933 2934 2935 2936 2937 2938 2939 2940 2941 2942 2943 2944 2945 2946 2947 2948
#elif defined(OPENSSL_SYSTEM_VMS)
#include <time.h>
#include <times.h>

double app_tminterval(int stop,int usertime)
	{
	static clock_t	tmstart;
	double		ret = 0;
	clock_t		now;
#ifdef __TMS
	struct tms	rus;

	now = times(&rus);
	if (usertime)	now = rus.tms_utime;
#else
	if (usertime)
		now = clock(); /* sum of user and kernel times */
	else	{
		struct timeval tv;
		gettimeofday(&tv,NULL);
		now = (clock_t)(
			(unsigned long long)tv.tv_sec*CLK_TCK +
			(unsigned long long)tv.tv_usec*(1000000/CLK_TCK)
			);
		}
#endif
	if (stop==TM_START)	tmstart = now;
	else			ret = (now - tmstart)/(double)(CLK_TCK);

	return (ret);
	}

2949 2950 2951 2952 2953 2954 2955 2956 2957 2958 2959 2960
#elif defined(_SC_CLK_TCK)	/* by means of unistd.h */
#include <sys/times.h>

double app_tminterval(int stop,int usertime)
	{
	double		ret = 0;
	struct tms	rus;
	clock_t		now = times(&rus);
	static clock_t	tmstart;

	if (usertime)		now = rus.tms_utime;

2961
	if (stop==TM_START)	tmstart = now;
2962 2963 2964 2965 2966
	else
		{
		long int tck = sysconf(_SC_CLK_TCK);
		ret = (now - tmstart)/(double)tck;
		}
2967 2968 2969 2970 2971 2972 2973 2974 2975 2976 2977 2978 2979 2980 2981

	return (ret);
	}

#else
#include <sys/time.h>
#include <sys/resource.h>

double app_tminterval(int stop,int usertime)
	{
	double		ret = 0;
	struct rusage	rus;
	struct timeval	now;
	static struct timeval tmstart;

B
Ben Laurie 已提交
2982
	if (usertime)		getrusage(RUSAGE_SELF,&rus), now = rus.ru_utime;
2983 2984
	else			gettimeofday(&now,NULL);

2985
	if (stop==TM_START)	tmstart = now;
2986 2987 2988 2989 2990 2991
	else			ret = ( (now.tv_sec+now.tv_usec*1e-6)
					- (tmstart.tv_sec+tmstart.tv_usec*1e-6) );

	return ret;
	}
#endif
2992

2993 2994
/* app_isdir section */
#ifdef _WIN32
2995 2996 2997 2998 2999 3000 3001 3002 3003 3004 3005 3006 3007 3008 3009 3010 3011 3012 3013 3014 3015 3016 3017 3018 3019 3020 3021 3022 3023 3024 3025 3026 3027 3028 3029 3030 3031 3032 3033 3034 3035 3036 3037 3038 3039 3040 3041
int app_isdir(const char *name)
	{
	HANDLE		hList;
	WIN32_FIND_DATA	FileData;
#if defined(UNICODE) || defined(_UNICODE)
	size_t i, len_0 = strlen(name)+1;

	if (len_0 > sizeof(FileData.cFileName)/sizeof(FileData.cFileName[0]))
		return -1;

#if !defined(_WIN32_WCE) || _WIN32_WCE>=101
	if (!MultiByteToWideChar(CP_ACP,0,name,len_0,FileData.cFileName,len_0))
#endif
		for (i=0;i<len_0;i++)
			FileData.cFileName[i] = (WCHAR)name[i];

	hList = FindFirstFile(FileData.cFileName,&FileData);
#else
	hList = FindFirstFile(name,&FileData);
#endif
	if (hList == INVALID_HANDLE_VALUE)	return -1;
	FindClose(hList);
	return ((FileData.dwFileAttributes&FILE_ATTRIBUTE_DIRECTORY)!=0);
	}
#else
#include <sys/stat.h>
#ifndef S_ISDIR
# if defined(_S_IFMT) && defined(_S_IFDIR)
#  define S_ISDIR(a)   (((a) & _S_IFMT) == _S_IFDIR)
# else 
#  define S_ISDIR(a)   (((a) & S_IFMT) == S_IFDIR)
# endif 
#endif 

int app_isdir(const char *name)
	{
#if defined(S_ISDIR)
	struct stat st;

	if (stat(name,&st)==0)	return S_ISDIR(st.st_mode);
	else			return -1;
#else
	return -1;
#endif
	}
#endif

3042
/* raw_read|write section */
3043 3044 3045 3046 3047 3048 3049 3050 3051 3052 3053 3054 3055 3056
#if defined(_WIN32) && defined(STD_INPUT_HANDLE)
int raw_read_stdin(void *buf,int siz)
	{
	DWORD n;
	if (ReadFile(GetStdHandle(STD_INPUT_HANDLE),buf,siz,&n,NULL))
		return (n);
	else	return (-1);
	}
#else
int raw_read_stdin(void *buf,int siz)
	{	return read(fileno(stdin),buf,siz);	}
#endif

#if defined(_WIN32) && defined(STD_OUTPUT_HANDLE)
U
Ulf Möller 已提交
3057
int raw_write_stdout(const void *buf,int siz)
3058 3059 3060 3061 3062 3063 3064 3065 3066 3067
	{
	DWORD n;
	if (WriteFile(GetStdHandle(STD_OUTPUT_HANDLE),buf,siz,&n,NULL))
		return (n);
	else	return (-1);
	}
#else
int raw_write_stdout(const void *buf,int siz)
	{	return write(fileno(stdout),buf,siz);	}
#endif
B
Ben Laurie 已提交
3068

B
Ben Laurie 已提交
3069
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
B
Ben Laurie 已提交
3070 3071 3072 3073 3074 3075 3076 3077 3078 3079 3080 3081 3082 3083
/* next_protos_parse parses a comma separated list of strings into a string
 * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
 *   outlen: (output) set to the length of the resulting buffer on success.
 *   in: a NUL termianted string like "abc,def,ghi"
 *
 *   returns: a malloced buffer or NULL on failure.
 */
unsigned char *next_protos_parse(unsigned short *outlen, const char *in)
	{
	size_t len;
	unsigned char *out;
	size_t i, start = 0;

	len = strlen(in);
B
Ben Laurie 已提交
3084
	if (len >= 65535)
B
Ben Laurie 已提交
3085 3086 3087 3088 3089 3090 3091 3092 3093 3094 3095 3096 3097 3098 3099 3100 3101 3102 3103 3104 3105 3106 3107 3108 3109
		return NULL;

	out = OPENSSL_malloc(strlen(in) + 1);
	if (!out)
		return NULL;

	for (i = 0; i <= len; ++i)
		{
		if (i == len || in[i] == ',')
			{
			if (i - start > 255)
				{
				OPENSSL_free(out);
				return NULL;
				}
			out[start] = i - start;
			start = i + 1;
			}
		else
			out[i+1] = in[i];
		}

	*outlen = len + 1;
	return out;
	}
B
Ben Laurie 已提交
3110
#endif  /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */