apps.c 70.5 KB
Newer Older
R
Rich Salz 已提交
1
/*
2
 * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
3
 *
R
Rich Salz 已提交
4 5 6 7
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
8
 */
9

D
Dr. Stephen Henson 已提交
10
#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
11 12 13
/*
 * On VMS, you need to define this to get the declaration of fileno().  The
 * value 2 is to make sure no function defined in POSIX-2 is left undefined.
14
 */
15
# define _POSIX_C_SOURCE 2
D
Dr. Stephen Henson 已提交
16
#endif
17

18 19 20
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
21 22 23 24 25 26 27
#ifndef NO_SYS_TYPES_H
# include <sys/types.h>
#endif
#ifndef OPENSSL_NO_POSIX_IO
# include <sys/stat.h>
# include <fcntl.h>
#endif
R
Richard Levitte 已提交
28
#include <ctype.h>
29
#include <errno.h>
30 31
#include <openssl/err.h>
#include <openssl/x509.h>
D
 
Dr. Stephen Henson 已提交
32
#include <openssl/x509v3.h>
33 34
#include <openssl/pem.h>
#include <openssl/pkcs12.h>
35
#include <openssl/ui.h>
36
#include <openssl/safestack.h>
37
#ifndef OPENSSL_NO_ENGINE
38
# include <openssl/engine.h>
39
#endif
N
make  
Nils Larsch 已提交
40
#ifndef OPENSSL_NO_RSA
41
# include <openssl/rsa.h>
N
make  
Nils Larsch 已提交
42
#endif
43
#include <openssl/bn.h>
44
#include <openssl/ssl.h>
45
#include "s_apps.h"
46 47
#include "apps.h"

48 49
#ifdef _WIN32
static int WIN32_rename(const char *from, const char *to);
50
# define rename(from,to) WIN32_rename((from),(to))
51 52
#endif

53
typedef struct {
54 55 56
    const char *name;
    unsigned long flag;
    unsigned long mask;
57 58
} NAME_EX_TBL;

59
static UI_METHOD *ui_method = NULL;
60
static const UI_METHOD *ui_fallback_method = NULL;
61

62 63 64 65
static int set_table_opts(unsigned long *flags, const char *arg,
                          const NAME_EX_TBL * in_tbl);
static int set_multi_opts(unsigned long *flags, const char *arg,
                          const NAME_EX_TBL * in_tbl);
66

67
int app_init(long mesgwin);
68

69
int chopup_args(ARGS *arg, char *buf)
70
{
71
    int quoted;
72
    char c = '\0', *p = NULL;
73

74 75 76
    arg->argc = 0;
    if (arg->size == 0) {
        arg->size = 20;
R
Rich Salz 已提交
77
        arg->argv = app_malloc(sizeof(*arg->argv) * arg->size, "argv space");
78 79
    }

80 81
    for (p = buf;;) {
        /* Skip whitespace. */
82
        while (*p && isspace(_UC(*p)))
83 84 85 86 87
            p++;
        if (!*p)
            break;

        /* The start of something good :-) */
88
        if (arg->argc >= arg->size) {
89
            char **tmp;
90
            arg->size += 20;
91 92
            tmp = OPENSSL_realloc(arg->argv, sizeof(*arg->argv) * arg->size);
            if (tmp == NULL)
93
                return 0;
94
            arg->argv = tmp;
95
        }
96 97 98 99
        quoted = *p == '\'' || *p == '"';
        if (quoted)
            c = *p++;
        arg->argv[arg->argc++] = p;
100 101

        /* now look for the end of this */
102 103
        if (quoted) {
            while (*p && *p != c)
104
                p++;
105
            *p++ = '\0';
106
        } else {
107
            while (*p && !isspace(_UC(*p)))
108
                p++;
109 110
            if (*p)
                *p++ = '\0';
111 112
        }
    }
113
    arg->argv[arg->argc] = NULL;
114 115
    return (1);
}
116 117

#ifndef APP_INIT
U
Ulf Möller 已提交
118
int app_init(long mesgwin)
119 120 121
{
    return (1);
}
122
#endif
123

124 125
int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile,
                             const char *CApath, int noCAfile, int noCApath)
126
{
127 128 129 130 131 132 133 134
    if (CAfile == NULL && CApath == NULL) {
        if (!noCAfile && SSL_CTX_set_default_verify_file(ctx) <= 0)
            return 0;
        if (!noCApath && SSL_CTX_set_default_verify_dir(ctx) <= 0)
            return 0;

        return 1;
    }
135 136 137
    return SSL_CTX_load_verify_locations(ctx, CAfile, CApath);
}

138 139
#ifndef OPENSSL_NO_CT

140 141
int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path)
{
142
    if (path == NULL)
143
        return SSL_CTX_set_default_ctlog_list_file(ctx);
144 145 146 147

    return SSL_CTX_set_ctlog_list_file(ctx, path);
}

148 149
#endif

150 151 152 153
static unsigned long nmflag = 0;
static char nmflag_set = 0;

int set_nameopt(const char *arg)
D
 
Dr. Stephen Henson 已提交
154
{
155 156 157 158 159 160 161
    int ret = set_name_ex(&nmflag, arg);

    if (ret)
        nmflag_set = 1;

    return ret;
}
162

163 164 165 166
unsigned long get_nameopt(void)
{
    return (nmflag_set) ? nmflag : XN_FLAG_ONELINE;
}
D
 
Dr. Stephen Henson 已提交
167

168 169 170 171 172
int dump_cert_text(BIO *out, X509 *x)
{
    print_name(out, "subject=", X509_get_subject_name(x), get_nameopt());
    BIO_puts(out, "\n");
    print_name(out, "issuer=", X509_get_issuer_name(x), get_nameopt());
173
    BIO_puts(out, "\n");
174

175
    return 0;
D
 
Dr. Stephen Henson 已提交
176
}
D
Dr. Stephen Henson 已提交
177

178
static int ui_open(UI *ui)
179
{
180 181 182 183 184
    int (*opener)(UI *ui) = UI_method_get_opener(ui_fallback_method);

    if (opener)
        return opener(ui);
    return 1;
185 186
}

187
static int ui_read(UI *ui, UI_STRING *uis)
188
{
189 190
    int (*reader)(UI *ui, UI_STRING *uis) = NULL;

191 192 193 194 195 196 197 198 199 200 201 202 203
    if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
        && UI_get0_user_data(ui)) {
        switch (UI_get_string_type(uis)) {
        case UIT_PROMPT:
        case UIT_VERIFY:
            {
                const char *password =
                    ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
                if (password && password[0] != '\0') {
                    UI_set_result(ui, uis, password);
                    return 1;
                }
            }
R
Rich Salz 已提交
204 205 206 207 208
            break;
        case UIT_NONE:
        case UIT_BOOLEAN:
        case UIT_INFO:
        case UIT_ERROR:
209 210 211
            break;
        }
    }
212 213 214 215 216

    reader = UI_method_get_reader(ui_fallback_method);
    if (reader)
        return reader(ui, uis);
    return 1;
217 218
}

219
static int ui_write(UI *ui, UI_STRING *uis)
220
{
221 222
    int (*writer)(UI *ui, UI_STRING *uis) = NULL;

223 224 225 226 227 228 229 230 231 232 233
    if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
        && UI_get0_user_data(ui)) {
        switch (UI_get_string_type(uis)) {
        case UIT_PROMPT:
        case UIT_VERIFY:
            {
                const char *password =
                    ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
                if (password && password[0] != '\0')
                    return 1;
            }
R
Rich Salz 已提交
234 235 236 237 238
            break;
        case UIT_NONE:
        case UIT_BOOLEAN:
        case UIT_INFO:
        case UIT_ERROR:
239 240 241
            break;
        }
    }
242 243 244 245 246

    writer = UI_method_get_reader(ui_fallback_method);
    if (writer)
        return writer(ui, uis);
    return 1;
247 248
}

249
static int ui_close(UI *ui)
250
{
251 252 253 254 255
    int (*closer)(UI *ui) = UI_method_get_closer(ui_fallback_method);

    if (closer)
        return closer(ui);
    return 1;
256 257
}

L
Lutz Jänicke 已提交
258
int setup_ui_method(void)
259
{
260 261 262 263
    ui_fallback_method = UI_null();
#ifndef OPENSSL_NO_UI_CONSOLE
    ui_fallback_method = UI_OpenSSL();
#endif
264 265 266 267 268 269 270 271
    ui_method = UI_create_method("OpenSSL application user interface");
    UI_method_set_opener(ui_method, ui_open);
    UI_method_set_reader(ui_method, ui_read);
    UI_method_set_writer(ui_method, ui_write);
    UI_method_set_closer(ui_method, ui_close);
    return 0;
}

L
Lutz Jänicke 已提交
272
void destroy_ui_method(void)
273 274 275 276 277 278
{
    if (ui_method) {
        UI_destroy_method(ui_method);
        ui_method = NULL;
    }
}
279 280 281 282 283

const UI_METHOD *get_ui_method(void)
{
    return ui_method;
}
284 285 286 287

int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
{
    int res = 0;
R
Richard Levitte 已提交
288
    UI *ui = NULL;
289 290 291 292 293 294 295
    PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;

    ui = UI_new_method(ui_method);
    if (ui) {
        int ok = 0;
        char *buff = NULL;
        int ui_flags = 0;
296
        const char *prompt_info = NULL;
297
        char *prompt;
298

299 300
        if (cb_data != NULL && cb_data->prompt_info != NULL)
            prompt_info = cb_data->prompt_info;
301
        prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
V
Viktor Dukhovni 已提交
302
        if (!prompt) {
M
Matt Caswell 已提交
303 304 305 306
            BIO_printf(bio_err, "Out of memory\n");
            UI_free(ui);
            return 0;
        }
307 308 309 310

        ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
        UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);

311 312 313
        /* We know that there is no previous user data to return to us */
        (void)UI_add_user_data(ui, cb_data);

314 315 316
        ok = UI_add_input_string(ui, prompt, ui_flags, buf,
                                 PW_MIN_LENGTH, bufsiz - 1);

317
        if (ok >= 0 && verify) {
R
Rich Salz 已提交
318
            buff = app_malloc(bufsiz, "password buffer");
319 320 321 322 323 324
            ok = UI_add_verify_string(ui, prompt, ui_flags, buff,
                                      PW_MIN_LENGTH, bufsiz - 1, buf);
        }
        if (ok >= 0)
            do {
                ok = UI_process(ui);
325
            } while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
326

R
Rich Salz 已提交
327
        OPENSSL_clear_free(buff, (unsigned int)bufsiz);
328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346

        if (ok >= 0)
            res = strlen(buf);
        if (ok == -1) {
            BIO_printf(bio_err, "User interface error\n");
            ERR_print_errors(bio_err);
            OPENSSL_cleanse(buf, (unsigned int)bufsiz);
            res = 0;
        }
        if (ok == -2) {
            BIO_printf(bio_err, "aborted!\n");
            OPENSSL_cleanse(buf, (unsigned int)bufsiz);
            res = 0;
        }
        UI_free(ui);
        OPENSSL_free(prompt);
    }
    return res;
}
347

348
static char *app_get_pass(const char *arg, int keepbio);
D
Dr. Stephen Henson 已提交
349

350
int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2)
D
Dr. Stephen Henson 已提交
351
{
352
    int same;
353
    if (arg2 == NULL || arg1 == NULL || strcmp(arg1, arg2))
354 355 356
        same = 0;
    else
        same = 1;
357
    if (arg1 != NULL) {
358
        *pass1 = app_get_pass(arg1, same);
359
        if (*pass1 == NULL)
360
            return 0;
361
    } else if (pass1 != NULL) {
362
        *pass1 = NULL;
363 364
    }
    if (arg2 != NULL) {
365
        *pass2 = app_get_pass(arg2, same ? 2 : 0);
366
        if (*pass2 == NULL)
367
            return 0;
368
    } else if (pass2 != NULL) {
369
        *pass2 = NULL;
370
    }
371
    return 1;
D
Dr. Stephen Henson 已提交
372 373
}

374
static char *app_get_pass(const char *arg, int keepbio)
D
Dr. Stephen Henson 已提交
375
{
376 377 378
    char *tmp, tpass[APP_PASS_LEN];
    static BIO *pwdbio = NULL;
    int i;
R
Rich Salz 已提交
379 380

    if (strncmp(arg, "pass:", 5) == 0)
R
Rich Salz 已提交
381
        return OPENSSL_strdup(arg + 5);
R
Rich Salz 已提交
382
    if (strncmp(arg, "env:", 4) == 0) {
383
        tmp = getenv(arg + 4);
384
        if (tmp == NULL) {
385
            BIO_printf(bio_err, "Can't read environment variable %s\n", arg + 4);
386 387
            return NULL;
        }
R
Rich Salz 已提交
388
        return OPENSSL_strdup(tmp);
389
    }
390
    if (!keepbio || pwdbio == NULL) {
R
Rich Salz 已提交
391
        if (strncmp(arg, "file:", 5) == 0) {
392
            pwdbio = BIO_new_file(arg + 5, "r");
393
            if (pwdbio == NULL) {
394
                BIO_printf(bio_err, "Can't open file %s\n", arg + 5);
395 396
                return NULL;
            }
397
#if !defined(_WIN32)
398 399 400 401 402 403 404 405
            /*
             * Under _WIN32, which covers even Win64 and CE, file
             * descriptors referenced by BIO_s_fd are not inherited
             * by child process and therefore below is not an option.
             * It could have been an option if bss_fd.c was operating
             * on real Windows descriptors, such as those obtained
             * with CreateFile.
             */
R
Rich Salz 已提交
406
        } else if (strncmp(arg, "fd:", 3) == 0) {
407 408 409 410 411
            BIO *btmp;
            i = atoi(arg + 3);
            if (i >= 0)
                pwdbio = BIO_new_fd(i, BIO_NOCLOSE);
            if ((i < 0) || !pwdbio) {
412
                BIO_printf(bio_err, "Can't access file descriptor %s\n", arg + 3);
413 414 415 416 417 418 419 420
                return NULL;
            }
            /*
             * Can't do BIO_gets on an fd BIO so add a buffering BIO
             */
            btmp = BIO_new(BIO_f_buffer());
            pwdbio = BIO_push(btmp, pwdbio);
#endif
R
Rich Salz 已提交
421
        } else if (strcmp(arg, "stdin") == 0) {
422
            pwdbio = dup_bio_in(FORMAT_TEXT);
423
            if (!pwdbio) {
424
                BIO_printf(bio_err, "Can't open BIO for stdin\n");
425 426 427
                return NULL;
            }
        } else {
428
            BIO_printf(bio_err, "Invalid password argument \"%s\"\n", arg);
429 430 431 432 433 434 435 436 437
            return NULL;
        }
    }
    i = BIO_gets(pwdbio, tpass, APP_PASS_LEN);
    if (keepbio != 1) {
        BIO_free_all(pwdbio);
        pwdbio = NULL;
    }
    if (i <= 0) {
438
        BIO_printf(bio_err, "Error reading password from BIO\n");
439 440 441
        return NULL;
    }
    tmp = strchr(tpass, '\n');
442
    if (tmp != NULL)
443
        *tmp = 0;
R
Rich Salz 已提交
444
    return OPENSSL_strdup(tpass);
D
Dr. Stephen Henson 已提交
445
}
446

R
Richard Levitte 已提交
447
static CONF *app_load_config_(BIO *in, const char *filename)
R
Rich Salz 已提交
448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466
{
    long errorline = -1;
    CONF *conf;
    int i;

    conf = NCONF_new(NULL);
    i = NCONF_load_bio(conf, in, &errorline);
    if (i > 0)
        return conf;

    if (errorline <= 0)
        BIO_printf(bio_err, "%s: Can't load config file \"%s\"\n",
                   opt_getprog(), filename);
    else
        BIO_printf(bio_err, "%s: Error on line %ld of config file \"%s\"\n",
                   opt_getprog(), errorline, filename);
    NCONF_free(conf);
    return NULL;
}
467

R
Richard Levitte 已提交
468 469 470 471 472
CONF *app_load_config(const char *filename)
{
    BIO *in;
    CONF *conf;

473
    in = bio_open_default(filename, 'r', FORMAT_TEXT);
R
Richard Levitte 已提交
474 475 476 477 478 479 480
    if (in == NULL)
        return NULL;

    conf = app_load_config_(in, filename);
    BIO_free(in);
    return conf;
}
481

R
Richard Levitte 已提交
482 483 484 485 486
CONF *app_load_config_quiet(const char *filename)
{
    BIO *in;
    CONF *conf;

487
    in = bio_open_default_quiet(filename, 'r', FORMAT_TEXT);
R
Richard Levitte 已提交
488 489 490 491 492 493 494 495 496 497 498 499 500
    if (in == NULL)
        return NULL;

    conf = app_load_config_(in, filename);
    BIO_free(in);
    return conf;
}

int app_load_modules(const CONF *config)
{
    CONF *to_free = NULL;

    if (config == NULL)
F
FdaSilvaYY 已提交
501
        config = to_free = app_load_config_quiet(default_config_file);
R
Richard Levitte 已提交
502
    if (config == NULL)
F
FdaSilvaYY 已提交
503
        return 1;
R
Richard Levitte 已提交
504 505 506 507 508 509 510 511 512 513

    if (CONF_modules_load(config, NULL, 0) <= 0) {
        BIO_printf(bio_err, "Error configuring OpenSSL modules\n");
        ERR_print_errors(bio_err);
        NCONF_free(to_free);
        return 0;
    }
    NCONF_free(to_free);
    return 1;
}
R
Rich Salz 已提交
514

515
int add_oid_section(CONF *conf)
516 517 518 519 520
{
    char *p;
    STACK_OF(CONF_VALUE) *sktmp;
    CONF_VALUE *cnf;
    int i;
521 522

    if ((p = NCONF_get_string(conf, NULL, "oid_section")) == NULL) {
523 524 525
        ERR_clear_error();
        return 1;
    }
526
    if ((sktmp = NCONF_get_section(conf, p)) == NULL) {
527
        BIO_printf(bio_err, "problem loading oid section %s\n", p);
528 529 530 531 532
        return 0;
    }
    for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
        cnf = sk_CONF_VALUE_value(sktmp, i);
        if (OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
533
            BIO_printf(bio_err, "problem creating object %s=%s\n",
534 535 536 537 538
                       cnf->name, cnf->value);
            return 0;
        }
    }
    return 1;
539 540
}

541
static int load_pkcs12(BIO *in, const char *desc,
542 543 544 545 546 547 548 549 550
                       pem_password_cb *pem_cb, void *cb_data,
                       EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
{
    const char *pass;
    char tpass[PEM_BUFSIZE];
    int len, ret = 0;
    PKCS12 *p12;
    p12 = d2i_PKCS12_bio(in, NULL);
    if (p12 == NULL) {
551
        BIO_printf(bio_err, "Error loading PKCS12 file for %s\n", desc);
552 553 554
        goto die;
    }
    /* See if an empty password will do */
555
    if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0)) {
556
        pass = "";
557
    } else {
558 559 560 561
        if (!pem_cb)
            pem_cb = (pem_password_cb *)password_callback;
        len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data);
        if (len < 0) {
562
            BIO_printf(bio_err, "Passphrase callback error for %s\n", desc);
563 564 565 566 567
            goto die;
        }
        if (len < PEM_BUFSIZE)
            tpass[len] = 0;
        if (!PKCS12_verify_mac(p12, tpass, len)) {
568
            BIO_printf(bio_err,
569 570 571 572 573 574 575 576
                       "Mac verify error (wrong password?) in PKCS12 file for %s\n",
                       desc);
            goto die;
        }
        pass = tpass;
    }
    ret = PKCS12_parse(p12, pass, pkey, cert, ca);
 die:
R
Rich Salz 已提交
577
    PKCS12_free(p12);
578 579
    return ret;
}
580

M
Matt Caswell 已提交
581
#if !defined(OPENSSL_NO_OCSP) && !defined(OPENSSL_NO_SOCK)
R
Rich Salz 已提交
582
static int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl)
583 584 585 586 587 588 589 590
{
    char *host = NULL, *port = NULL, *path = NULL;
    BIO *bio = NULL;
    OCSP_REQ_CTX *rctx = NULL;
    int use_ssl, rv = 0;
    if (!OCSP_parse_url(url, &host, &port, &path, &use_ssl))
        goto err;
    if (use_ssl) {
591
        BIO_puts(bio_err, "https not supported\n");
592 593 594 595 596 597
        goto err;
    }
    bio = BIO_new_connect(host);
    if (!bio || !BIO_set_conn_port(bio, port))
        goto err;
    rctx = OCSP_REQ_CTX_new(bio, 1024);
598
    if (rctx == NULL)
599 600 601 602 603 604 605 606
        goto err;
    if (!OCSP_REQ_CTX_http(rctx, "GET", path))
        goto err;
    if (!OCSP_REQ_CTX_add1_header(rctx, "Host", host))
        goto err;
    if (pcert) {
        do {
            rv = X509_http_nbio(rctx, pcert);
607
        } while (rv == -1);
608 609 610 611 612 613 614
    } else {
        do {
            rv = X509_CRL_http_nbio(rctx, pcrl);
        } while (rv == -1);
    }

 err:
R
Rich Salz 已提交
615 616 617
    OPENSSL_free(host);
    OPENSSL_free(path);
    OPENSSL_free(port);
618
    BIO_free_all(bio);
R
Rich Salz 已提交
619
    OCSP_REQ_CTX_free(rctx);
620
    if (rv != 1) {
621 622
        BIO_printf(bio_err, "Error loading %s from %s\n",
                   pcert ? "certificate" : "CRL", url);
623 624 625 626
        ERR_print_errors(bio_err);
    }
    return rv;
}
R
Rich Salz 已提交
627
#endif
628

629
X509 *load_cert(const char *file, int format, const char *cert_descrip)
630 631 632 633 634
{
    X509 *x = NULL;
    BIO *cert;

    if (format == FORMAT_HTTP) {
M
Matt Caswell 已提交
635
#if !defined(OPENSSL_NO_OCSP) && !defined(OPENSSL_NO_SOCK)
636
        load_cert_crl_http(file, &x, NULL);
R
Rich Salz 已提交
637
#endif
638 639 640 641
        return x;
    }

    if (file == NULL) {
642
        unbuffer(stdin);
643
        cert = dup_bio_in(format);
644
    } else {
645
        cert = bio_open_default(file, 'r', format);
646
    }
647 648
    if (cert == NULL)
        goto end;
649

650
    if (format == FORMAT_ASN1) {
651
        x = d2i_X509_bio(cert, NULL);
652
    } else if (format == FORMAT_PEM) {
653 654
        x = PEM_read_bio_X509_AUX(cert, NULL,
                                  (pem_password_cb *)password_callback, NULL);
655
    } else if (format == FORMAT_PKCS12) {
656
        if (!load_pkcs12(cert, cert_descrip, NULL, NULL, NULL, &x, NULL))
657 658
            goto end;
    } else {
659
        BIO_printf(bio_err, "bad input format specified for %s\n", cert_descrip);
660 661 662 663
        goto end;
    }
 end:
    if (x == NULL) {
664 665
        BIO_printf(bio_err, "unable to load certificate\n");
        ERR_print_errors(bio_err);
666
    }
R
Rich Salz 已提交
667
    BIO_free(cert);
668 669
    return (x);
}
670

671
X509_CRL *load_crl(const char *infile, int format)
672 673 674 675 676
{
    X509_CRL *x = NULL;
    BIO *in = NULL;

    if (format == FORMAT_HTTP) {
M
Matt Caswell 已提交
677
#if !defined(OPENSSL_NO_OCSP) && !defined(OPENSSL_NO_SOCK)
678
        load_cert_crl_http(infile, NULL, &x);
R
Rich Salz 已提交
679
#endif
680 681 682
        return x;
    }

683
    in = bio_open_default(infile, 'r', format);
684
    if (in == NULL)
685
        goto end;
686
    if (format == FORMAT_ASN1) {
687
        x = d2i_X509_CRL_bio(in, NULL);
688
    } else if (format == FORMAT_PEM) {
689
        x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
690
    } else {
691 692 693 694 695 696 697 698
        BIO_printf(bio_err, "bad input format specified for input crl\n");
        goto end;
    }
    if (x == NULL) {
        BIO_printf(bio_err, "unable to load CRL\n");
        ERR_print_errors(bio_err);
        goto end;
    }
699

700 701 702 703
 end:
    BIO_free(in);
    return (x);
}
704

705
EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
706 707 708 709 710 711 712 713 714 715
                   const char *pass, ENGINE *e, const char *key_descrip)
{
    BIO *key = NULL;
    EVP_PKEY *pkey = NULL;
    PW_CB_DATA cb_data;

    cb_data.password = pass;
    cb_data.prompt_info = file;

    if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE)) {
716
        BIO_printf(bio_err, "no keyfile specified\n");
717 718 719
        goto end;
    }
    if (format == FORMAT_ENGINE) {
720
        if (e == NULL) {
721
            BIO_printf(bio_err, "no engine specified\n");
722
        } else {
723
#ifndef OPENSSL_NO_ENGINE
724 725 726 727
            if (ENGINE_init(e)) {
                pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data);
                ENGINE_finish(e);
            }
728
            if (pkey == NULL) {
729 730
                BIO_printf(bio_err, "cannot load %s from engine\n", key_descrip);
                ERR_print_errors(bio_err);
731
            }
732 733 734
#else
            BIO_printf(bio_err, "engines not supported\n");
#endif
735 736 737 738
        }
        goto end;
    }
    if (file == NULL && maybe_stdin) {
739
        unbuffer(stdin);
740
        key = dup_bio_in(format);
741
    } else {
742
        key = bio_open_default(file, 'r', format);
743
    }
744
    if (key == NULL)
745 746 747 748 749 750 751
        goto end;
    if (format == FORMAT_ASN1) {
        pkey = d2i_PrivateKey_bio(key, NULL);
    } else if (format == FORMAT_PEM) {
        pkey = PEM_read_bio_PrivateKey(key, NULL,
                                       (pem_password_cb *)password_callback,
                                       &cb_data);
752
    } else if (format == FORMAT_PKCS12) {
753
        if (!load_pkcs12(key, key_descrip,
754 755 756
                         (pem_password_cb *)password_callback, &cb_data,
                         &pkey, NULL, NULL))
            goto end;
D
Dr. Stephen Henson 已提交
757
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) && !defined (OPENSSL_NO_RC4)
758
    } else if (format == FORMAT_MSBLOB) {
759
        pkey = b2i_PrivateKey_bio(key);
760
    } else if (format == FORMAT_PVK) {
761 762 763
        pkey = b2i_PVK_bio(key, (pem_password_cb *)password_callback,
                           &cb_data);
#endif
764
    } else {
765
        BIO_printf(bio_err, "bad input format specified for key file\n");
766 767
        goto end;
    }
768
 end:
R
Rich Salz 已提交
769
    BIO_free(key);
770
    if (pkey == NULL) {
771 772
        BIO_printf(bio_err, "unable to load %s\n", key_descrip);
        ERR_print_errors(bio_err);
773 774 775
    }
    return (pkey);
}
776

777
EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
778 779 780 781 782 783 784 785 786 787
                      const char *pass, ENGINE *e, const char *key_descrip)
{
    BIO *key = NULL;
    EVP_PKEY *pkey = NULL;
    PW_CB_DATA cb_data;

    cb_data.password = pass;
    cb_data.prompt_info = file;

    if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE)) {
788
        BIO_printf(bio_err, "no keyfile specified\n");
789 790 791
        goto end;
    }
    if (format == FORMAT_ENGINE) {
792
        if (e == NULL) {
793
            BIO_printf(bio_err, "no engine specified\n");
794
        } else {
795
#ifndef OPENSSL_NO_ENGINE
796
            pkey = ENGINE_load_public_key(e, file, ui_method, &cb_data);
797 798 799 800 801 802 803 804
            if (pkey == NULL) {
                BIO_printf(bio_err, "cannot load %s from engine\n", key_descrip);
                ERR_print_errors(bio_err);
            }
#else
            BIO_printf(bio_err, "engines not supported\n");
#endif
        }
805 806 807
        goto end;
    }
    if (file == NULL && maybe_stdin) {
808
        unbuffer(stdin);
809
        key = dup_bio_in(format);
810
    } else {
811
        key = bio_open_default(file, 'r', format);
812
    }
813
    if (key == NULL)
814 815 816
        goto end;
    if (format == FORMAT_ASN1) {
        pkey = d2i_PUBKEY_bio(key, NULL);
817
    } else if (format == FORMAT_ASN1RSA) {
818
#ifndef OPENSSL_NO_RSA
819 820 821 822
        RSA *rsa;
        rsa = d2i_RSAPublicKey_bio(key, NULL);
        if (rsa) {
            pkey = EVP_PKEY_new();
823
            if (pkey != NULL)
824 825 826
                EVP_PKEY_set1_RSA(pkey, rsa);
            RSA_free(rsa);
        } else
827 828 829
#else
        BIO_printf(bio_err, "RSA keys not supported\n");
#endif
830 831
            pkey = NULL;
    } else if (format == FORMAT_PEMRSA) {
832
#ifndef OPENSSL_NO_RSA
833 834 835 836
        RSA *rsa;
        rsa = PEM_read_bio_RSAPublicKey(key, NULL,
                                        (pem_password_cb *)password_callback,
                                        &cb_data);
837
        if (rsa != NULL) {
838
            pkey = EVP_PKEY_new();
839
            if (pkey != NULL)
840 841 842
                EVP_PKEY_set1_RSA(pkey, rsa);
            RSA_free(rsa);
        } else
843 844 845
#else
        BIO_printf(bio_err, "RSA keys not supported\n");
#endif
846
            pkey = NULL;
847
    } else if (format == FORMAT_PEM) {
848 849 850
        pkey = PEM_read_bio_PUBKEY(key, NULL,
                                   (pem_password_cb *)password_callback,
                                   &cb_data);
D
Dr. Stephen Henson 已提交
851
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
852
    } else if (format == FORMAT_MSBLOB) {
853
        pkey = b2i_PublicKey_bio(key);
D
Dr. Stephen Henson 已提交
854
#endif
855
    }
856
 end:
R
Rich Salz 已提交
857
    BIO_free(key);
858
    if (pkey == NULL)
859
        BIO_printf(bio_err, "unable to load %s\n", key_descrip);
860 861
    return (pkey);
}
862

863
static int load_certs_crls(const char *file, int format,
864
                           const char *pass, const char *desc,
865 866 867 868 869 870 871 872 873 874 875 876 877 878
                           STACK_OF(X509) **pcerts,
                           STACK_OF(X509_CRL) **pcrls)
{
    int i;
    BIO *bio;
    STACK_OF(X509_INFO) *xis = NULL;
    X509_INFO *xi;
    PW_CB_DATA cb_data;
    int rv = 0;

    cb_data.password = pass;
    cb_data.prompt_info = file;

    if (format != FORMAT_PEM) {
879
        BIO_printf(bio_err, "bad input format specified for %s\n", desc);
880 881 882
        return 0;
    }

883
    bio = bio_open_default(file, 'r', FORMAT_PEM);
884
    if (bio == NULL)
885 886 887 888 889 890 891 892
        return 0;

    xis = PEM_X509_INFO_read_bio(bio, NULL,
                                 (pem_password_cb *)password_callback,
                                 &cb_data);

    BIO_free(bio);

893
    if (pcerts != NULL && *pcerts == NULL) {
894
        *pcerts = sk_X509_new_null();
895
        if (*pcerts == NULL)
896 897 898
            goto end;
    }

899
    if (pcrls != NULL && *pcrls == NULL) {
900
        *pcrls = sk_X509_CRL_new_null();
901
        if (*pcrls == NULL)
902 903 904 905 906
            goto end;
    }

    for (i = 0; i < sk_X509_INFO_num(xis); i++) {
        xi = sk_X509_INFO_value(xis, i);
907
        if (xi->x509 != NULL && pcerts != NULL) {
908 909 910 911
            if (!sk_X509_push(*pcerts, xi->x509))
                goto end;
            xi->x509 = NULL;
        }
912
        if (xi->crl != NULL && pcrls != NULL) {
913 914 915 916 917 918
            if (!sk_X509_CRL_push(*pcrls, xi->crl))
                goto end;
            xi->crl = NULL;
        }
    }

919
    if (pcerts != NULL && sk_X509_num(*pcerts) > 0)
920 921
        rv = 1;

922
    if (pcrls != NULL && sk_X509_CRL_num(*pcrls) > 0)
923 924 925 926
        rv = 1;

 end:

R
Rich Salz 已提交
927
    sk_X509_INFO_pop_free(xis, X509_INFO_free);
928 929

    if (rv == 0) {
930
        if (pcerts != NULL) {
931 932 933
            sk_X509_pop_free(*pcerts, X509_free);
            *pcerts = NULL;
        }
934
        if (pcrls != NULL) {
935 936 937
            sk_X509_CRL_pop_free(*pcrls, X509_CRL_free);
            *pcrls = NULL;
        }
938
        BIO_printf(bio_err, "unable to load %s\n",
939
                   pcerts ? "certificates" : "CRLs");
940
        ERR_print_errors(bio_err);
941 942 943
    }
    return rv;
}
944

R
Rich Salz 已提交
945 946 947 948 949 950 951 952 953 954 955 956 957
void* app_malloc(int sz, const char *what)
{
    void *vp = OPENSSL_malloc(sz);

    if (vp == NULL) {
        BIO_printf(bio_err, "%s: Could not allocate %d bytes for %s\n",
                opt_getprog(), sz, what);
        ERR_print_errors(bio_err);
        exit(1);
    }
    return vp;
}

958
/*
F
FdaSilvaYY 已提交
959
 * Initialize or extend, if *certs != NULL, a certificate stack.
960 961
 */
int load_certs(const char *file, STACK_OF(X509) **certs, int format,
962
               const char *pass, const char *desc)
963
{
964
    return load_certs_crls(file, format, pass, desc, certs, NULL);
965
}
966

967
/*
F
FdaSilvaYY 已提交
968
 * Initialize or extend, if *crls != NULL, a certificate stack.
969 970
 */
int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format,
971
              const char *pass, const char *desc)
972
{
973
    return load_certs_crls(file, format, pass, desc, NULL, crls);
974 975 976
}

#define X509V3_EXT_UNKNOWN_MASK         (0xfL << 16)
977
/* Return error for unknown extensions */
978
#define X509V3_EXT_DEFAULT              0
979
/* Print error for unknown extensions */
980
#define X509V3_EXT_ERROR_UNKNOWN        (1L << 16)
981
/* ASN1 parse unknown extensions */
982
#define X509V3_EXT_PARSE_UNKNOWN        (2L << 16)
983
/* BIO_dump unknown extensions */
984
#define X509V3_EXT_DUMP_UNKNOWN         (3L << 16)
985

D
 
Dr. Stephen Henson 已提交
986
#define X509_FLAG_CA (X509_FLAG_NO_ISSUER | X509_FLAG_NO_PUBKEY | \
987
                         X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION)
D
 
Dr. Stephen Henson 已提交
988

989 990
int set_cert_ex(unsigned long *flags, const char *arg)
{
991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012
    static const NAME_EX_TBL cert_tbl[] = {
        {"compatible", X509_FLAG_COMPAT, 0xffffffffl},
        {"ca_default", X509_FLAG_CA, 0xffffffffl},
        {"no_header", X509_FLAG_NO_HEADER, 0},
        {"no_version", X509_FLAG_NO_VERSION, 0},
        {"no_serial", X509_FLAG_NO_SERIAL, 0},
        {"no_signame", X509_FLAG_NO_SIGNAME, 0},
        {"no_validity", X509_FLAG_NO_VALIDITY, 0},
        {"no_subject", X509_FLAG_NO_SUBJECT, 0},
        {"no_issuer", X509_FLAG_NO_ISSUER, 0},
        {"no_pubkey", X509_FLAG_NO_PUBKEY, 0},
        {"no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
        {"no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
        {"no_aux", X509_FLAG_NO_AUX, 0},
        {"no_attributes", X509_FLAG_NO_ATTRIBUTES, 0},
        {"ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
        {"ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
        {"ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
        {"ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
        {NULL, 0, 0}
    };
    return set_multi_opts(flags, arg, cert_tbl);
1013
}
D
 
Dr. Stephen Henson 已提交
1014 1015 1016

int set_name_ex(unsigned long *flags, const char *arg)
{
1017 1018
    static const NAME_EX_TBL ex_tbl[] = {
        {"esc_2253", ASN1_STRFLGS_ESC_2253, 0},
1019
        {"esc_2254", ASN1_STRFLGS_ESC_2254, 0},
1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047
        {"esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
        {"esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
        {"use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
        {"utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},
        {"ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},
        {"show_type", ASN1_STRFLGS_SHOW_TYPE, 0},
        {"dump_all", ASN1_STRFLGS_DUMP_ALL, 0},
        {"dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},
        {"dump_der", ASN1_STRFLGS_DUMP_DER, 0},
        {"compat", XN_FLAG_COMPAT, 0xffffffffL},
        {"sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},
        {"sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},
        {"sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},
        {"sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},
        {"dn_rev", XN_FLAG_DN_REV, 0},
        {"nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
        {"sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
        {"lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
        {"align", XN_FLAG_FN_ALIGN, 0},
        {"oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
        {"space_eq", XN_FLAG_SPC_EQ, 0},
        {"dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
        {"RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
        {"oneline", XN_FLAG_ONELINE, 0xffffffffL},
        {"multiline", XN_FLAG_MULTILINE, 0xffffffffL},
        {"ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
        {NULL, 0, 0}
    };
1048 1049 1050 1051 1052
    if (set_multi_opts(flags, arg, ex_tbl) == 0)
        return 0;
    if ((*flags & XN_FLAG_SEP_MASK) == 0)
        *flags |= XN_FLAG_SEP_CPLUS_SPC;
    return 1;
D
 
Dr. Stephen Henson 已提交
1053 1054
}

1055 1056
int set_ext_copy(int *copy_type, const char *arg)
{
R
Rich Salz 已提交
1057
    if (strcasecmp(arg, "none") == 0)
1058
        *copy_type = EXT_COPY_NONE;
R
Rich Salz 已提交
1059
    else if (strcasecmp(arg, "copy") == 0)
1060
        *copy_type = EXT_COPY_ADD;
R
Rich Salz 已提交
1061
    else if (strcasecmp(arg, "copyall") == 0)
1062 1063 1064 1065
        *copy_type = EXT_COPY_ALL;
    else
        return 0;
    return 1;
1066 1067 1068 1069
}

int copy_extensions(X509 *x, X509_REQ *req, int copy_type)
{
1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138
    STACK_OF(X509_EXTENSION) *exts = NULL;
    X509_EXTENSION *ext, *tmpext;
    ASN1_OBJECT *obj;
    int i, idx, ret = 0;
    if (!x || !req || (copy_type == EXT_COPY_NONE))
        return 1;
    exts = X509_REQ_get_extensions(req);

    for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
        ext = sk_X509_EXTENSION_value(exts, i);
        obj = X509_EXTENSION_get_object(ext);
        idx = X509_get_ext_by_OBJ(x, obj, -1);
        /* Does extension exist? */
        if (idx != -1) {
            /* If normal copy don't override existing extension */
            if (copy_type == EXT_COPY_ADD)
                continue;
            /* Delete all extensions of same type */
            do {
                tmpext = X509_get_ext(x, idx);
                X509_delete_ext(x, idx);
                X509_EXTENSION_free(tmpext);
                idx = X509_get_ext_by_OBJ(x, obj, -1);
            } while (idx != -1);
        }
        if (!X509_add_ext(x, ext, -1))
            goto end;
    }

    ret = 1;

 end:

    sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);

    return ret;
}

static int set_multi_opts(unsigned long *flags, const char *arg,
                          const NAME_EX_TBL * in_tbl)
{
    STACK_OF(CONF_VALUE) *vals;
    CONF_VALUE *val;
    int i, ret = 1;
    if (!arg)
        return 0;
    vals = X509V3_parse_list(arg);
    for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
        val = sk_CONF_VALUE_value(vals, i);
        if (!set_table_opts(flags, val->name, in_tbl))
            ret = 0;
    }
    sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
    return ret;
}

static int set_table_opts(unsigned long *flags, const char *arg,
                          const NAME_EX_TBL * in_tbl)
{
    char c;
    const NAME_EX_TBL *ptbl;
    c = arg[0];

    if (c == '-') {
        c = 0;
        arg++;
    } else if (c == '+') {
        c = 1;
        arg++;
1139
    } else {
1140
        c = 1;
1141
    }
1142 1143

    for (ptbl = in_tbl; ptbl->name; ptbl++) {
R
Rich Salz 已提交
1144
        if (strcasecmp(arg, ptbl->name) == 0) {
1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179
            *flags &= ~ptbl->mask;
            if (c)
                *flags |= ptbl->flag;
            else
                *flags &= ~ptbl->flag;
            return 1;
        }
    }
    return 0;
}

void print_name(BIO *out, const char *title, X509_NAME *nm,
                unsigned long lflags)
{
    char *buf;
    char mline = 0;
    int indent = 0;

    if (title)
        BIO_puts(out, title);
    if ((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
        mline = 1;
        indent = 4;
    }
    if (lflags == XN_FLAG_COMPAT) {
        buf = X509_NAME_oneline(nm, 0, 0);
        BIO_puts(out, buf);
        BIO_puts(out, "\n");
        OPENSSL_free(buf);
    } else {
        if (mline)
            BIO_puts(out, "\n");
        X509_NAME_print_ex(out, nm, indent, lflags);
        BIO_puts(out, "\n");
    }
D
 
Dr. Stephen Henson 已提交
1180 1181
}

1182
void print_bignum_var(BIO *out, const BIGNUM *in, const char *var,
1183
                      int len, unsigned char *buffer)
D
 
Dr. Stephen Henson 已提交
1184
{
1185
    BIO_printf(out, "    static unsigned char %s_%d[] = {", var, len);
1186
    if (BN_is_zero(in)) {
1187
        BIO_printf(out, "\n\t0x00");
1188
    } else {
1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202
        int i, l;

        l = BN_bn2bin(in, buffer);
        for (i = 0; i < l; i++) {
            if ((i % 10) == 0)
                BIO_printf(out, "\n\t");
            if (i < l - 1)
                BIO_printf(out, "0x%02X, ", buffer[i]);
            else
                BIO_printf(out, "0x%02X", buffer[i]);
        }
    }
    BIO_printf(out, "\n    };\n");
}
1203

1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219
void print_array(BIO *out, const char* title, int len, const unsigned char* d)
{
    int i;

    BIO_printf(out, "unsigned char %s[%d] = {", title, len);
    for (i = 0; i < len; i++) {
        if ((i % 10) == 0)
            BIO_printf(out, "\n    ");
        if (i < len - 1)
            BIO_printf(out, "0x%02X, ", d[i]);
        else
            BIO_printf(out, "0x%02X", d[i]);
    }
    BIO_printf(out, "\n};\n");
}

1220
X509_STORE *setup_verify(const char *CAfile, const char *CApath, int noCAfile, int noCApath)
1221 1222
{
    X509_STORE *store = X509_STORE_new();
1223
    X509_LOOKUP *lookup;
1224

1225
    if (store == NULL)
1226
        goto end;
1227

1228
    if (CAfile != NULL || !noCAfile) {
1229 1230
        lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
        if (lookup == NULL)
1231
            goto end;
1232 1233 1234 1235 1236
        if (CAfile) {
            if (!X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM)) {
                BIO_printf(bio_err, "Error loading file %s\n", CAfile);
                goto end;
            }
1237
        } else {
1238
            X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
1239
        }
1240
    }
1241

1242
    if (CApath != NULL || !noCApath) {
1243 1244
        lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
        if (lookup == NULL)
1245
            goto end;
1246 1247 1248 1249 1250
        if (CApath) {
            if (!X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM)) {
                BIO_printf(bio_err, "Error loading directory %s\n", CApath);
                goto end;
            }
1251
        } else {
1252
            X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
1253
        }
1254
    }
1255 1256 1257 1258 1259 1260

    ERR_clear_error();
    return store;
 end:
    X509_STORE_free(store);
    return NULL;
D
 
Dr. Stephen Henson 已提交
1261
}
1262

1263
#ifndef OPENSSL_NO_ENGINE
1264
/* Try to load an engine in a shareable library */
1265
static ENGINE *try_load_engine(const char *engine)
1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276
{
    ENGINE *e = ENGINE_by_id("dynamic");
    if (e) {
        if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0)
            || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)) {
            ENGINE_free(e);
            e = NULL;
        }
    }
    return e;
}
1277
#endif
1278

1279
ENGINE *setup_engine(const char *engine, int debug)
1280 1281 1282
{
    ENGINE *e = NULL;

1283
#ifndef OPENSSL_NO_ENGINE
1284
    if (engine != NULL) {
1285
        if (strcmp(engine, "auto") == 0) {
1286
            BIO_printf(bio_err, "enabling auto ENGINE support\n");
1287 1288 1289 1290
            ENGINE_register_all_complete();
            return NULL;
        }
        if ((e = ENGINE_by_id(engine)) == NULL
1291
            && (e = try_load_engine(engine)) == NULL) {
1292 1293
            BIO_printf(bio_err, "invalid engine \"%s\"\n", engine);
            ERR_print_errors(bio_err);
1294 1295 1296
            return NULL;
        }
        if (debug) {
1297
            ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM, 0, bio_err, 0);
1298
        }
1299
        ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);
1300
        if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
1301 1302
            BIO_printf(bio_err, "can't use that engine\n");
            ERR_print_errors(bio_err);
1303 1304 1305 1306
            ENGINE_free(e);
            return NULL;
        }

1307
        BIO_printf(bio_err, "engine \"%s\" set.\n", ENGINE_get_id(e));
1308
    }
1309
#endif
1310 1311
    return e;
}
D
Dr. Stephen Henson 已提交
1312

1313 1314 1315 1316 1317 1318 1319 1320 1321
void release_engine(ENGINE *e)
{
#ifndef OPENSSL_NO_ENGINE
    if (e != NULL)
        /* Free our "structural" reference. */
        ENGINE_free(e);
#endif
}

D
Dr. Stephen Henson 已提交
1322
static unsigned long index_serial_hash(const OPENSSL_CSTRING *a)
1323 1324
{
    const char *n;
1325

1326 1327 1328
    n = a[DB_serial];
    while (*n == '0')
        n++;
1329
    return OPENSSL_LH_strhash(n);
1330
}
1331

1332 1333 1334 1335
static int index_serial_cmp(const OPENSSL_CSTRING *a,
                            const OPENSSL_CSTRING *b)
{
    const char *aa, *bb;
1336

1337 1338 1339 1340
    for (aa = a[DB_serial]; *aa == '0'; aa++) ;
    for (bb = b[DB_serial]; *bb == '0'; bb++) ;
    return (strcmp(aa, bb));
}
1341 1342

static int index_name_qual(char **a)
1343 1344 1345
{
    return (a[0][0] == 'V');
}
1346

D
Dr. Stephen Henson 已提交
1347
static unsigned long index_name_hash(const OPENSSL_CSTRING *a)
1348
{
1349
    return OPENSSL_LH_strhash(a[DB_name]);
1350
}
1351

D
Dr. Stephen Henson 已提交
1352
int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
1353 1354 1355
{
    return (strcmp(a[DB_name], b[DB_name]));
}
1356

D
Dr. Stephen Henson 已提交
1357 1358 1359 1360
static IMPLEMENT_LHASH_HASH_FN(index_serial, OPENSSL_CSTRING)
static IMPLEMENT_LHASH_COMP_FN(index_serial, OPENSSL_CSTRING)
static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING)
static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING)
1361 1362
#undef BSIZE
#define BSIZE 256
1363
BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai)
1364 1365 1366
{
    BIO *in = NULL;
    BIGNUM *ret = NULL;
1367
    char buf[1024];
1368 1369 1370 1371 1372 1373
    ASN1_INTEGER *ai = NULL;

    ai = ASN1_INTEGER_new();
    if (ai == NULL)
        goto err;

1374 1375
    in = BIO_new_file(serialfile, "r");
    if (in == NULL) {
1376 1377 1378 1379
        if (!create) {
            perror(serialfile);
            goto err;
        }
1380 1381 1382 1383
        ERR_clear_error();
        ret = BN_new();
        if (ret == NULL || !rand_serial(ret, ai))
            BIO_printf(bio_err, "Out of memory\n");
1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401
    } else {
        if (!a2i_ASN1_INTEGER(in, ai, buf, 1024)) {
            BIO_printf(bio_err, "unable to load number from %s\n",
                       serialfile);
            goto err;
        }
        ret = ASN1_INTEGER_to_BN(ai, NULL);
        if (ret == NULL) {
            BIO_printf(bio_err,
                       "error converting number from bin to BIGNUM\n");
            goto err;
        }
    }

    if (ret && retai) {
        *retai = ai;
        ai = NULL;
    }
1402
 err:
R
Rich Salz 已提交
1403
    BIO_free(in);
R
Rich Salz 已提交
1404
    ASN1_INTEGER_free(ai);
1405 1406 1407
    return (ret);
}

1408
int save_serial(const char *serialfile, const char *suffix, const BIGNUM *serial,
1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 1419 1420 1421 1422 1423 1424 1425 1426
                ASN1_INTEGER **retai)
{
    char buf[1][BSIZE];
    BIO *out = NULL;
    int ret = 0;
    ASN1_INTEGER *ai = NULL;
    int j;

    if (suffix == NULL)
        j = strlen(serialfile);
    else
        j = strlen(serialfile) + strlen(suffix) + 1;
    if (j >= BSIZE) {
        BIO_printf(bio_err, "file name too long\n");
        goto err;
    }

    if (suffix == NULL)
R
Rich Salz 已提交
1427
        OPENSSL_strlcpy(buf[0], serialfile, BSIZE);
1428
    else {
1429
#ifndef OPENSSL_SYS_VMS
1430
        j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix);
1431
#else
1432
        j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);
1433
#endif
1434
    }
1435
    out = BIO_new_file(buf[0], "w");
1436 1437 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 1452
    if (out == NULL) {
        ERR_print_errors(bio_err);
        goto err;
    }

    if ((ai = BN_to_ASN1_INTEGER(serial, NULL)) == NULL) {
        BIO_printf(bio_err, "error converting serial to ASN.1 format\n");
        goto err;
    }
    i2a_ASN1_INTEGER(out, ai);
    BIO_puts(out, "\n");
    ret = 1;
    if (retai) {
        *retai = ai;
        ai = NULL;
    }
 err:
R
Rich Salz 已提交
1453
    BIO_free_all(out);
R
Rich Salz 已提交
1454
    ASN1_INTEGER_free(ai);
1455 1456
    return (ret);
}
1457

1458 1459
int rotate_serial(const char *serialfile, const char *new_suffix,
                  const char *old_suffix)
1460
{
1461
    char buf[2][BSIZE];
1462 1463 1464 1465 1466 1467 1468 1469 1470 1471
    int i, j;

    i = strlen(serialfile) + strlen(old_suffix);
    j = strlen(serialfile) + strlen(new_suffix);
    if (i > j)
        j = i;
    if (j + 1 >= BSIZE) {
        BIO_printf(bio_err, "file name too long\n");
        goto err;
    }
1472
#ifndef OPENSSL_SYS_VMS
1473 1474
    j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, new_suffix);
    j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", serialfile, old_suffix);
1475
#else
R
Rich Salz 已提交
1476
    j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, new_suffix);
1477
    j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", serialfile, old_suffix);
1478
#endif
1479
    if (rename(serialfile, buf[1]) < 0 && errno != ENOENT
1480
#ifdef ENOTDIR
1481 1482 1483 1484 1485 1486 1487 1488 1489 1490 1491 1492 1493 1494 1495 1496
        && errno != ENOTDIR
#endif
        ) {
        BIO_printf(bio_err,
                   "unable to rename %s to %s\n", serialfile, buf[1]);
        perror("reason");
        goto err;
    }
    if (rename(buf[0], serialfile) < 0) {
        BIO_printf(bio_err,
                   "unable to rename %s to %s\n", buf[0], serialfile);
        perror("reason");
        rename(buf[1], serialfile);
        goto err;
    }
    return 1;
1497
 err:
1498 1499
    return 0;
}
1500

1501
int rand_serial(BIGNUM *b, ASN1_INTEGER *ai)
1502 1503 1504
{
    BIGNUM *btmp;
    int ret = 0;
R
Rich Salz 已提交
1505

1506 1507 1508 1509 1510
    if (b)
        btmp = b;
    else
        btmp = BN_new();

1511
    if (btmp == NULL)
1512 1513
        return 0;

R
Rich Salz 已提交
1514
    if (!BN_rand(btmp, SERIAL_RAND_BITS, 0, 0))
1515 1516 1517 1518 1519 1520 1521 1522
        goto error;
    if (ai && !BN_to_ASN1_INTEGER(btmp, ai))
        goto error;

    ret = 1;

 error:

R
Rich Salz 已提交
1523
    if (btmp != b)
1524 1525 1526 1527
        BN_free(btmp);

    return ret;
}
1528

1529
CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr)
1530 1531 1532
{
    CA_DB *retdb = NULL;
    TXT_DB *tmpdb = NULL;
1533
    BIO *in;
1534
    CONF *dbattr_conf = NULL;
R
Rich Salz 已提交
1535
    char buf[BSIZE];
1536

1537
    in = BIO_new_file(dbfile, "r");
1538 1539 1540 1541 1542 1543
    if (in == NULL) {
        ERR_print_errors(bio_err);
        goto err;
    }
    if ((tmpdb = TXT_DB_read(in, DB_NUMBER)) == NULL)
        goto err;
1544 1545

#ifndef OPENSSL_SYS_VMS
R
Rich Salz 已提交
1546
    BIO_snprintf(buf, sizeof buf, "%s.attr", dbfile);
1547
#else
R
Rich Salz 已提交
1548
    BIO_snprintf(buf, sizeof buf, "%s-attr", dbfile);
1549
#endif
R
Rich Salz 已提交
1550
    dbattr_conf = app_load_config(buf);
1551

R
Rich Salz 已提交
1552
    retdb = app_malloc(sizeof(*retdb), "new DB");
1553 1554 1555 1556 1557 1558 1559 1560 1561 1562 1563 1564 1565 1566
    retdb->db = tmpdb;
    tmpdb = NULL;
    if (db_attr)
        retdb->attributes = *db_attr;
    else {
        retdb->attributes.unique_subject = 1;
    }

    if (dbattr_conf) {
        char *p = NCONF_get_string(dbattr_conf, NULL, "unique_subject");
        if (p) {
            retdb->attributes.unique_subject = parse_yesno(p, 1);
        }
    }
1567 1568

 err:
R
Rich Salz 已提交
1569
    NCONF_free(dbattr_conf);
R
Rich Salz 已提交
1570
    TXT_DB_free(tmpdb);
R
Rich Salz 已提交
1571
    BIO_free_all(in);
1572 1573
    return retdb;
}
1574 1575

int index_index(CA_DB *db)
1576 1577 1578 1579 1580 1581 1582 1583 1584 1585 1586 1587 1588 1589 1590 1591 1592 1593 1594 1595
{
    if (!TXT_DB_create_index(db->db, DB_serial, NULL,
                             LHASH_HASH_FN(index_serial),
                             LHASH_COMP_FN(index_serial))) {
        BIO_printf(bio_err,
                   "error creating serial number index:(%ld,%ld,%ld)\n",
                   db->db->error, db->db->arg1, db->db->arg2);
        return 0;
    }

    if (db->attributes.unique_subject
        && !TXT_DB_create_index(db->db, DB_name, index_name_qual,
                                LHASH_HASH_FN(index_name),
                                LHASH_COMP_FN(index_name))) {
        BIO_printf(bio_err, "error creating name index:(%ld,%ld,%ld)\n",
                   db->db->error, db->db->arg1, db->db->arg2);
        return 0;
    }
    return 1;
}
1596

N
Nils Larsch 已提交
1597
int save_index(const char *dbfile, const char *suffix, CA_DB *db)
1598 1599
{
    char buf[3][BSIZE];
1600
    BIO *out;
1601 1602 1603 1604 1605 1606 1607
    int j;

    j = strlen(dbfile) + strlen(suffix);
    if (j + 6 >= BSIZE) {
        BIO_printf(bio_err, "file name too long\n");
        goto err;
    }
1608
#ifndef OPENSSL_SYS_VMS
1609 1610 1611
    j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
    j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
    j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
1612
#else
R
Rich Salz 已提交
1613 1614
    j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
    j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
1615
    j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);
1616
#endif
1617 1618
    out = BIO_new_file(buf[0], "w");
    if (out == NULL) {
1619 1620 1621 1622 1623
        perror(dbfile);
        BIO_printf(bio_err, "unable to open '%s'\n", dbfile);
        goto err;
    }
    j = TXT_DB_write(out, db->db);
1624
    BIO_free(out);
1625 1626 1627
    if (j <= 0)
        goto err;

1628 1629
    out = BIO_new_file(buf[1], "w");
    if (out == NULL) {
1630 1631 1632 1633 1634 1635 1636 1637 1638
        perror(buf[2]);
        BIO_printf(bio_err, "unable to open '%s'\n", buf[2]);
        goto err;
    }
    BIO_printf(out, "unique_subject = %s\n",
               db->attributes.unique_subject ? "yes" : "no");
    BIO_free(out);

    return 1;
1639
 err:
1640 1641
    return 0;
}
1642

1643 1644 1645 1646 1647 1648 1649 1650 1651 1652 1653 1654 1655 1656
int rotate_index(const char *dbfile, const char *new_suffix,
                 const char *old_suffix)
{
    char buf[5][BSIZE];
    int i, j;

    i = strlen(dbfile) + strlen(old_suffix);
    j = strlen(dbfile) + strlen(new_suffix);
    if (i > j)
        j = i;
    if (j + 6 >= BSIZE) {
        BIO_printf(bio_err, "file name too long\n");
        goto err;
    }
1657
#ifndef OPENSSL_SYS_VMS
1658
    j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
R
Rich Salz 已提交
1659
    j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s", dbfile, old_suffix);
1660 1661
    j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s", dbfile, new_suffix);
    j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", dbfile, old_suffix);
R
Rich Salz 已提交
1662
    j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, new_suffix);
1663
#else
R
Rich Salz 已提交
1664
    j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
1665
    j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s", dbfile, old_suffix);
R
Rich Salz 已提交
1666 1667 1668
    j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s", dbfile, new_suffix);
    j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", dbfile, old_suffix);
    j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, new_suffix);
1669
#endif
1670
    if (rename(dbfile, buf[1]) < 0 && errno != ENOENT
1671
#ifdef ENOTDIR
1672
        && errno != ENOTDIR
1673
#endif
1674 1675 1676 1677 1678 1679 1680 1681 1682 1683 1684 1685
        ) {
        BIO_printf(bio_err, "unable to rename %s to %s\n", dbfile, buf[1]);
        perror("reason");
        goto err;
    }
    if (rename(buf[0], dbfile) < 0) {
        BIO_printf(bio_err, "unable to rename %s to %s\n", buf[0], dbfile);
        perror("reason");
        rename(buf[1], dbfile);
        goto err;
    }
    if (rename(buf[4], buf[3]) < 0 && errno != ENOENT
1686
#ifdef ENOTDIR
1687 1688 1689 1690 1691 1692 1693 1694 1695 1696 1697 1698 1699 1700 1701 1702 1703 1704
        && errno != ENOTDIR
#endif
        ) {
        BIO_printf(bio_err, "unable to rename %s to %s\n", buf[4], buf[3]);
        perror("reason");
        rename(dbfile, buf[0]);
        rename(buf[1], dbfile);
        goto err;
    }
    if (rename(buf[2], buf[4]) < 0) {
        BIO_printf(bio_err, "unable to rename %s to %s\n", buf[2], buf[4]);
        perror("reason");
        rename(buf[3], buf[4]);
        rename(dbfile, buf[0]);
        rename(buf[1], dbfile);
        goto err;
    }
    return 1;
1705
 err:
1706 1707
    return 0;
}
1708 1709

void free_index(CA_DB *db)
1710 1711
{
    if (db) {
R
Rich Salz 已提交
1712
        TXT_DB_free(db->db);
1713 1714 1715
        OPENSSL_free(db);
    }
}
1716

N
Nils Larsch 已提交
1717
int parse_yesno(const char *str, int def)
1718 1719 1720 1721 1722 1723 1724 1725
{
    if (str) {
        switch (*str) {
        case 'f':              /* false */
        case 'F':              /* FALSE */
        case 'n':              /* no */
        case 'N':              /* NO */
        case '0':              /* 0 */
1726
            return 0;
1727 1728 1729 1730 1731
        case 't':              /* true */
        case 'T':              /* TRUE */
        case 'y':              /* yes */
        case 'Y':              /* YES */
        case '1':              /* 1 */
1732
            return 1;
1733 1734
        }
    }
1735
    return def;
1736
}
1737

1738
/*
R
Rich Salz 已提交
1739
 * name is expected to be in the format /type0=value0/type1=value1/type2=...
1740 1741
 * where characters may be escaped by \
 */
R
Rich Salz 已提交
1742
X509_NAME *parse_name(const char *cp, long chtype, int canmulti)
1743
{
R
Rich Salz 已提交
1744 1745 1746
    int nextismulti = 0;
    char *work;
    X509_NAME *n;
1747

R
Rich Salz 已提交
1748 1749 1750 1751 1752 1753
    if (*cp++ != '/')
        return NULL;

    n = X509_NAME_new();
    if (n == NULL)
        return NULL;
M
Matt Caswell 已提交
1754
    work = OPENSSL_strdup(cp);
R
Rich Salz 已提交
1755 1756 1757 1758 1759 1760 1761 1762 1763 1764 1765 1766 1767 1768 1769
    if (work == NULL)
        goto err;

    while (*cp) {
        char *bp = work;
        char *typestr = bp;
        unsigned char *valstr;
        int nid;
        int ismulti = nextismulti;
        nextismulti = 0;

        /* Collect the type */
        while (*cp && *cp != '=')
            *bp++ = *cp++;
        if (*cp == '\0') {
1770
            BIO_printf(bio_err,
R
Rich Salz 已提交
1771 1772 1773
                    "%s: Hit end of string before finding the equals.\n",
                    opt_getprog());
            goto err;
1774
        }
R
Rich Salz 已提交
1775 1776 1777 1778 1779 1780 1781 1782
        *bp++ = '\0';
        ++cp;

        /* Collect the value. */
        valstr = (unsigned char *)bp;
        for (; *cp && *cp != '/'; *bp++ = *cp++) {
            if (canmulti && *cp == '+') {
                nextismulti = 1;
1783
                break;
R
Rich Salz 已提交
1784 1785 1786 1787 1788 1789 1790
            }
            if (*cp == '\\' && *++cp == '\0') {
                BIO_printf(bio_err,
                        "%s: escape character at end of string\n",
                        opt_getprog());
                goto err;
            }
1791 1792 1793
        }
        *bp++ = '\0';

R
Rich Salz 已提交
1794 1795 1796
        /* If not at EOS (must be + or /), move forward. */
        if (*cp)
            ++cp;
1797

R
Rich Salz 已提交
1798 1799 1800 1801 1802
        /* Parse */
        nid = OBJ_txt2nid(typestr);
        if (nid == NID_undef) {
            BIO_printf(bio_err, "%s: Skipping unknown attribute \"%s\"\n",
                      opt_getprog(), typestr);
1803 1804
            continue;
        }
R
Rich Salz 已提交
1805 1806 1807 1808
        if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
                                        valstr, strlen((char *)valstr),
                                        -1, ismulti ? -1 : 0))
            goto err;
1809 1810
    }

M
Matt Caswell 已提交
1811
    OPENSSL_free(work);
1812 1813
    return n;

R
Rich Salz 已提交
1814
 err:
1815
    X509_NAME_free(n);
M
Matt Caswell 已提交
1816
    OPENSSL_free(work);
1817
    return NULL;
1818 1819
}

1820 1821 1822
/*
 * Read whole contents of a BIO into an allocated memory buffer and return
 * it.
1823 1824 1825
 */

int bio_to_mem(unsigned char **out, int maxlen, BIO *in)
1826 1827 1828 1829
{
    BIO *mem;
    int len, ret;
    unsigned char tbuf[1024];
1830

1831
    mem = BIO_new(BIO_s_mem());
1832
    if (mem == NULL)
1833 1834 1835 1836 1837 1838 1839
        return -1;
    for (;;) {
        if ((maxlen != -1) && maxlen < 1024)
            len = maxlen;
        else
            len = 1024;
        len = BIO_read(in, tbuf, len);
1840 1841 1842 1843 1844
        if (len < 0) {
            BIO_free(mem);
            return -1;
        }
        if (len == 0)
1845 1846 1847 1848 1849 1850 1851 1852 1853 1854 1855 1856 1857 1858 1859
            break;
        if (BIO_write(mem, tbuf, len) != len) {
            BIO_free(mem);
            return -1;
        }
        maxlen -= len;

        if (maxlen == 0)
            break;
    }
    ret = BIO_get_mem_data(mem, (char **)out);
    BIO_set_flags(mem, BIO_FLAGS_MEM_RDONLY);
    BIO_free(mem);
    return ret;
}
1860

1861
int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value)
1862 1863 1864
{
    int rv;
    char *stmp, *vtmp = NULL;
R
Rich Salz 已提交
1865
    stmp = OPENSSL_strdup(value);
1866 1867 1868 1869 1870 1871 1872 1873 1874 1875 1876
    if (!stmp)
        return -1;
    vtmp = strchr(stmp, ':');
    if (vtmp) {
        *vtmp = 0;
        vtmp++;
    }
    rv = EVP_PKEY_CTX_ctrl_str(ctx, stmp, vtmp);
    OPENSSL_free(stmp);
    return rv;
}
1877

R
Rich Salz 已提交
1878
static void nodes_print(const char *name, STACK_OF(X509_POLICY_NODE) *nodes)
1879 1880 1881
{
    X509_POLICY_NODE *node;
    int i;
R
Rich Salz 已提交
1882 1883

    BIO_printf(bio_err, "%s Policies:", name);
1884
    if (nodes) {
R
Rich Salz 已提交
1885
        BIO_puts(bio_err, "\n");
1886 1887
        for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++) {
            node = sk_X509_POLICY_NODE_value(nodes, i);
R
Rich Salz 已提交
1888
            X509_POLICY_NODE_print(bio_err, node, 2);
1889
        }
1890
    } else {
R
Rich Salz 已提交
1891
        BIO_puts(bio_err, " <empty>\n");
1892
    }
1893
}
D
Dr. Stephen Henson 已提交
1894

R
Rich Salz 已提交
1895
void policies_print(X509_STORE_CTX *ctx)
1896 1897 1898 1899 1900 1901
{
    X509_POLICY_TREE *tree;
    int explicit_policy;
    tree = X509_STORE_CTX_get0_policy_tree(ctx);
    explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx);

R
Rich Salz 已提交
1902
    BIO_printf(bio_err, "Require explicit Policy: %s\n",
1903 1904
               explicit_policy ? "True" : "False");

R
Rich Salz 已提交
1905 1906
    nodes_print("Authority", X509_policy_tree_get0_policies(tree));
    nodes_print("User", X509_policy_tree_get0_user_policies(tree));
1907
}
1908

1909 1910
/*-
 * next_protos_parse parses a comma separated list of strings into a string
1911 1912 1913
 * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
 *   outlen: (output) set to the length of the resulting buffer on success.
 *   err: (maybe NULL) on failure, an error message line is written to this BIO.
F
FdaSilvaYY 已提交
1914
 *   in: a NUL terminated string like "abc,def,ghi"
1915
 *
F
FdaSilvaYY 已提交
1916
 *   returns: a malloc'd buffer or NULL on failure.
1917
 */
T
Todd Short 已提交
1918
unsigned char *next_protos_parse(size_t *outlen, const char *in)
1919 1920 1921 1922 1923 1924 1925 1926 1927
{
    size_t len;
    unsigned char *out;
    size_t i, start = 0;

    len = strlen(in);
    if (len >= 65535)
        return NULL;

R
Rich Salz 已提交
1928
    out = app_malloc(strlen(in) + 1, "NPN buffer");
1929 1930 1931 1932 1933 1934 1935 1936
    for (i = 0; i <= len; ++i) {
        if (i == len || in[i] == ',') {
            if (i - start > 255) {
                OPENSSL_free(out);
                return NULL;
            }
            out[start] = i - start;
            start = i + 1;
1937
        } else {
1938
            out[i + 1] = in[i];
1939
        }
1940 1941 1942 1943 1944
    }

    *outlen = len + 1;
    return out;
}
1945

1946
void print_cert_checks(BIO *bio, X509 *x,
1947 1948 1949 1950 1951 1952 1953
                       const char *checkhost,
                       const char *checkemail, const char *checkip)
{
    if (x == NULL)
        return;
    if (checkhost) {
        BIO_printf(bio, "Hostname %s does%s match certificate\n",
1954 1955 1956
                   checkhost,
                   X509_check_host(x, checkhost, 0, 0, NULL) == 1
                       ? "" : " NOT");
1957 1958 1959 1960
    }

    if (checkemail) {
        BIO_printf(bio, "Email %s does%s match certificate\n",
1961 1962
                   checkemail, X509_check_email(x, checkemail, 0, 0)
                   ? "" : " NOT");
1963 1964 1965 1966 1967 1968 1969
    }

    if (checkip) {
        BIO_printf(bio, "IP %s does%s match certificate\n",
                   checkip, X509_check_ip_asc(x, checkip, 0) ? "" : " NOT");
    }
}
1970

1971 1972 1973
/* Get first http URL from a DIST_POINT structure */

static const char *get_dp_url(DIST_POINT *dp)
1974 1975 1976 1977 1978 1979 1980 1981 1982 1983 1984 1985
{
    GENERAL_NAMES *gens;
    GENERAL_NAME *gen;
    int i, gtype;
    ASN1_STRING *uri;
    if (!dp->distpoint || dp->distpoint->type != 0)
        return NULL;
    gens = dp->distpoint->name.fullname;
    for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
        gen = sk_GENERAL_NAME_value(gens, i);
        uri = GENERAL_NAME_get0_value(gen, &gtype);
        if (gtype == GEN_URI && ASN1_STRING_length(uri) > 6) {
1986
            const char *uptr = (const char *)ASN1_STRING_get0_data(uri);
R
Rich Salz 已提交
1987
            if (strncmp(uptr, "http://", 7) == 0)
1988 1989 1990 1991 1992 1993 1994 1995 1996
                return uptr;
        }
    }
    return NULL;
}

/*
 * Look through a CRLDP structure and attempt to find an http URL to
 * downloads a CRL from.
1997 1998 1999
 */

static X509_CRL *load_crl_crldp(STACK_OF(DIST_POINT) *crldp)
2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015
{
    int i;
    const char *urlptr = NULL;
    for (i = 0; i < sk_DIST_POINT_num(crldp); i++) {
        DIST_POINT *dp = sk_DIST_POINT_value(crldp, i);
        urlptr = get_dp_url(dp);
        if (urlptr)
            return load_crl(urlptr, FORMAT_HTTP);
    }
    return NULL;
}

/*
 * Example of downloading CRLs from CRLDP: not usable for real world as it
 * always downloads, doesn't support non-blocking I/O and doesn't cache
 * anything.
2016 2017 2018
 */

static STACK_OF(X509_CRL) *crls_http_cb(X509_STORE_CTX *ctx, X509_NAME *nm)
2019 2020 2021 2022 2023
{
    X509 *x;
    STACK_OF(X509_CRL) *crls = NULL;
    X509_CRL *crl;
    STACK_OF(DIST_POINT) *crldp;
2024 2025 2026 2027

    crls = sk_X509_CRL_new_null();
    if (!crls)
        return NULL;
2028 2029 2030 2031
    x = X509_STORE_CTX_get_current_cert(ctx);
    crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL);
    crl = load_crl_crldp(crldp);
    sk_DIST_POINT_pop_free(crldp, DIST_POINT_free);
M
Matt Caswell 已提交
2032 2033
    if (!crl) {
        sk_X509_CRL_free(crls);
2034
        return NULL;
M
Matt Caswell 已提交
2035
    }
2036 2037 2038 2039 2040 2041 2042 2043 2044
    sk_X509_CRL_push(crls, crl);
    /* Try to download delta CRL */
    crldp = X509_get_ext_d2i(x, NID_freshest_crl, NULL, NULL);
    crl = load_crl_crldp(crldp);
    sk_DIST_POINT_pop_free(crldp, DIST_POINT_free);
    if (crl)
        sk_X509_CRL_push(crls, crl);
    return crls;
}
2045 2046

void store_setup_crl_download(X509_STORE *st)
2047 2048 2049
{
    X509_STORE_set_lookup_crls_cb(st, crls_http_cb);
}
2050

2051 2052 2053
/*
 * Platform-specific sections
 */
2054
#if defined(_WIN32)
2055 2056 2057 2058 2059 2060 2061 2062 2063
# ifdef fileno
#  undef fileno
#  define fileno(a) (int)_fileno(a)
# endif

# include <windows.h>
# include <tchar.h>

static int WIN32_rename(const char *from, const char *to)
2064 2065 2066 2067 2068 2069 2070 2071 2072 2073 2074
{
    TCHAR *tfrom = NULL, *tto;
    DWORD err;
    int ret = 0;

    if (sizeof(TCHAR) == 1) {
        tfrom = (TCHAR *)from;
        tto = (TCHAR *)to;
    } else {                    /* UNICODE path */

        size_t i, flen = strlen(from) + 1, tlen = strlen(to) + 1;
M
Matt Caswell 已提交
2075
        tfrom = malloc(sizeof(*tfrom) * (flen + tlen));
2076 2077 2078 2079 2080 2081 2082 2083 2084 2085 2086 2087 2088 2089 2090 2091 2092 2093 2094 2095 2096 2097 2098 2099 2100 2101 2102 2103 2104 2105 2106 2107 2108 2109 2110 2111
        if (tfrom == NULL)
            goto err;
        tto = tfrom + flen;
# if !defined(_WIN32_WCE) || _WIN32_WCE>=101
        if (!MultiByteToWideChar(CP_ACP, 0, from, flen, (WCHAR *)tfrom, flen))
# endif
            for (i = 0; i < flen; i++)
                tfrom[i] = (TCHAR)from[i];
# if !defined(_WIN32_WCE) || _WIN32_WCE>=101
        if (!MultiByteToWideChar(CP_ACP, 0, to, tlen, (WCHAR *)tto, tlen))
# endif
            for (i = 0; i < tlen; i++)
                tto[i] = (TCHAR)to[i];
    }

    if (MoveFile(tfrom, tto))
        goto ok;
    err = GetLastError();
    if (err == ERROR_ALREADY_EXISTS || err == ERROR_FILE_EXISTS) {
        if (DeleteFile(tto) && MoveFile(tfrom, tto))
            goto ok;
        err = GetLastError();
    }
    if (err == ERROR_FILE_NOT_FOUND || err == ERROR_PATH_NOT_FOUND)
        errno = ENOENT;
    else if (err == ERROR_ACCESS_DENIED)
        errno = EACCES;
    else
        errno = EINVAL;         /* we could map more codes... */
 err:
    ret = -1;
 ok:
    if (tfrom != NULL && tfrom != (TCHAR *)from)
        free(tfrom);
    return ret;
}
2112 2113 2114 2115
#endif

/* app_tminterval section */
#if defined(_WIN32)
2116 2117 2118 2119 2120 2121 2122 2123 2124 2125 2126 2127 2128 2129 2130 2131 2132 2133 2134 2135 2136 2137 2138 2139
double app_tminterval(int stop, int usertime)
{
    FILETIME now;
    double ret = 0;
    static ULARGE_INTEGER tmstart;
    static int warning = 1;
# ifdef _WIN32_WINNT
    static HANDLE proc = NULL;

    if (proc == NULL) {
        if (check_winnt())
            proc = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE,
                               GetCurrentProcessId());
        if (proc == NULL)
            proc = (HANDLE) - 1;
    }

    if (usertime && proc != (HANDLE) - 1) {
        FILETIME junk;
        GetProcessTimes(proc, &junk, &junk, &junk, &now);
    } else
# endif
    {
        SYSTEMTIME systime;
A
Andy Polyakov 已提交
2140

2141 2142 2143 2144 2145 2146 2147 2148
        if (usertime && warning) {
            BIO_printf(bio_err, "To get meaningful results, run "
                       "this program on idle system.\n");
            warning = 0;
        }
        GetSystemTime(&systime);
        SystemTimeToFileTime(&systime, &now);
    }
A
Andy Polyakov 已提交
2149

2150 2151 2152 2153 2154
    if (stop == TM_START) {
        tmstart.u.LowPart = now.dwLowDateTime;
        tmstart.u.HighPart = now.dwHighDateTime;
    } else {
        ULARGE_INTEGER tmstop;
A
Andy Polyakov 已提交
2155

2156 2157
        tmstop.u.LowPart = now.dwLowDateTime;
        tmstop.u.HighPart = now.dwHighDateTime;
A
Andy Polyakov 已提交
2158

2159 2160
        ret = (__int64)(tmstop.QuadPart - tmstart.QuadPart) * 1e-7;
    }
A
Andy Polyakov 已提交
2161

2162 2163 2164 2165
    return (ret);
}
#elif defined(OPENSSL_SYSTEM_VXWORKS)
# include <time.h>
2166

2167 2168 2169 2170 2171 2172 2173 2174 2175 2176 2177 2178 2179 2180 2181 2182 2183 2184 2185 2186 2187 2188 2189 2190 2191 2192 2193 2194 2195 2196 2197 2198 2199
double app_tminterval(int stop, int usertime)
{
    double ret = 0;
# ifdef CLOCK_REALTIME
    static struct timespec tmstart;
    struct timespec now;
# else
    static unsigned long tmstart;
    unsigned long now;
# endif
    static int warning = 1;

    if (usertime && warning) {
        BIO_printf(bio_err, "To get meaningful results, run "
                   "this program on idle system.\n");
        warning = 0;
    }
# ifdef CLOCK_REALTIME
    clock_gettime(CLOCK_REALTIME, &now);
    if (stop == TM_START)
        tmstart = now;
    else
        ret = ((now.tv_sec + now.tv_nsec * 1e-9)
               - (tmstart.tv_sec + tmstart.tv_nsec * 1e-9));
# else
    now = tickGet();
    if (stop == TM_START)
        tmstart = now;
    else
        ret = (now - tmstart) / (double)sysClkRateGet();
# endif
    return (ret);
}
2200

2201 2202 2203
#elif defined(OPENSSL_SYSTEM_VMS)
# include <time.h>
# include <times.h>
2204

2205 2206 2207 2208 2209 2210 2211 2212 2213 2214 2215 2216 2217 2218 2219 2220 2221 2222 2223 2224 2225 2226 2227 2228 2229 2230
double app_tminterval(int stop, int usertime)
{
    static clock_t tmstart;
    double ret = 0;
    clock_t now;
# ifdef __TMS
    struct tms rus;

    now = times(&rus);
    if (usertime)
        now = rus.tms_utime;
# else
    if (usertime)
        now = clock();          /* sum of user and kernel times */
    else {
        struct timeval tv;
        gettimeofday(&tv, NULL);
        now = (clock_t)((unsigned long long)tv.tv_sec * CLK_TCK +
                        (unsigned long long)tv.tv_usec * (1000000 / CLK_TCK)
            );
    }
# endif
    if (stop == TM_START)
        tmstart = now;
    else
        ret = (now - tmstart) / (double)(CLK_TCK);
2231

2232 2233
    return (ret);
}
2234

2235 2236
#elif defined(_SC_CLK_TCK)      /* by means of unistd.h */
# include <sys/times.h>
2237

2238 2239 2240 2241 2242 2243 2244 2245 2246 2247
double app_tminterval(int stop, int usertime)
{
    double ret = 0;
    struct tms rus;
    clock_t now = times(&rus);
    static clock_t tmstart;

    if (usertime)
        now = rus.tms_utime;

2248
    if (stop == TM_START) {
2249
        tmstart = now;
2250
    } else {
2251 2252 2253 2254 2255 2256
        long int tck = sysconf(_SC_CLK_TCK);
        ret = (now - tmstart) / (double)tck;
    }

    return (ret);
}
2257

2258 2259 2260
#else
# include <sys/time.h>
# include <sys/resource.h>
2261

2262 2263 2264 2265 2266 2267 2268 2269 2270 2271 2272 2273 2274 2275 2276 2277 2278 2279 2280 2281
double app_tminterval(int stop, int usertime)
{
    double ret = 0;
    struct rusage rus;
    struct timeval now;
    static struct timeval tmstart;

    if (usertime)
        getrusage(RUSAGE_SELF, &rus), now = rus.ru_utime;
    else
        gettimeofday(&now, NULL);

    if (stop == TM_START)
        tmstart = now;
    else
        ret = ((now.tv_sec + now.tv_usec * 1e-6)
               - (tmstart.tv_sec + tmstart.tv_usec * 1e-6));

    return ret;
}
2282
#endif
2283

2284 2285 2286 2287 2288 2289 2290 2291 2292
int app_access(const char* name, int flag)
{
#ifdef _WIN32
    return _access(name, flag);
#else
    return access(name, flag);
#endif
}

2293 2294
/* app_isdir section */
#ifdef _WIN32
2295
int app_isdir(const char *name)
2296 2297 2298 2299 2300 2301
{
    HANDLE hList;
    WIN32_FIND_DATA FileData;
# if defined(UNICODE) || defined(_UNICODE)
    size_t i, len_0 = strlen(name) + 1;

D
Dr. Stephen Henson 已提交
2302
    if (len_0 > OSSL_NELEM(FileData.cFileName))
2303 2304 2305 2306 2307 2308 2309 2310 2311 2312 2313 2314 2315 2316 2317 2318 2319 2320
        return -1;

#  if !defined(_WIN32_WCE) || _WIN32_WCE>=101
    if (!MultiByteToWideChar
        (CP_ACP, 0, name, len_0, FileData.cFileName, len_0))
#  endif
        for (i = 0; i < len_0; i++)
            FileData.cFileName[i] = (WCHAR)name[i];

    hList = FindFirstFile(FileData.cFileName, &FileData);
# else
    hList = FindFirstFile(name, &FileData);
# endif
    if (hList == INVALID_HANDLE_VALUE)
        return -1;
    FindClose(hList);
    return ((FileData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) != 0);
}
2321
#else
2322 2323 2324 2325 2326 2327 2328 2329
# include <sys/stat.h>
# ifndef S_ISDIR
#  if defined(_S_IFMT) && defined(_S_IFDIR)
#   define S_ISDIR(a)   (((a) & _S_IFMT) == _S_IFDIR)
#  else
#   define S_ISDIR(a)   (((a) & S_IFMT) == S_IFDIR)
#  endif
# endif
2330 2331

int app_isdir(const char *name)
2332 2333 2334 2335 2336 2337 2338 2339 2340 2341 2342 2343
{
# if defined(S_ISDIR)
    struct stat st;

    if (stat(name, &st) == 0)
        return S_ISDIR(st.st_mode);
    else
        return -1;
# else
    return -1;
# endif
}
2344 2345
#endif

2346
/* raw_read|write section */
2347 2348 2349 2350 2351 2352 2353 2354 2355 2356 2357 2358 2359 2360 2361 2362 2363 2364 2365 2366 2367 2368 2369 2370 2371 2372 2373 2374 2375 2376
#if defined(__VMS)
# include "vms_term_sock.h"
static int stdin_sock = -1;

static void close_stdin_sock(void)
{
    TerminalSocket (TERM_SOCK_DELETE, &stdin_sock);
}

int fileno_stdin(void)
{
    if (stdin_sock == -1) {
        TerminalSocket(TERM_SOCK_CREATE, &stdin_sock);
        atexit(close_stdin_sock);
    }

    return stdin_sock;
}
#else
int fileno_stdin(void)
{
    return fileno(stdin);
}
#endif

int fileno_stdout(void)
{
    return fileno(stdout);
}

2377
#if defined(_WIN32) && defined(STD_INPUT_HANDLE)
2378 2379 2380 2381 2382 2383 2384 2385
int raw_read_stdin(void *buf, int siz)
{
    DWORD n;
    if (ReadFile(GetStdHandle(STD_INPUT_HANDLE), buf, siz, &n, NULL))
        return (n);
    else
        return (-1);
}
2386
#elif defined(__VMS)
2387
# include <sys/socket.h>
2388

2389 2390 2391 2392
int raw_read_stdin(void *buf, int siz)
{
    return recv(fileno_stdin(), buf, siz, 0);
}
2393
#else
2394 2395
int raw_read_stdin(void *buf, int siz)
{
2396
    return read(fileno_stdin(), buf, siz);
2397
}
2398 2399 2400
#endif

#if defined(_WIN32) && defined(STD_OUTPUT_HANDLE)
2401 2402 2403 2404 2405 2406 2407 2408
int raw_write_stdout(const void *buf, int siz)
{
    DWORD n;
    if (WriteFile(GetStdHandle(STD_OUTPUT_HANDLE), buf, siz, &n, NULL))
        return (n);
    else
        return (-1);
}
2409
#else
2410 2411
int raw_write_stdout(const void *buf, int siz)
{
2412
    return write(fileno_stdout(), buf, siz);
2413
}
2414
#endif
2415 2416 2417 2418 2419 2420 2421 2422

/*
 * Centralized handling if input and output files with format specification
 * The format is meant to show what the input and output is supposed to be,
 * and is therefore a show of intent more than anything else.  However, it
 * does impact behavior on some platform, such as differentiating between
 * text and binary input/output on non-Unix platforms
 */
R
Richard Levitte 已提交
2423
static int istext(int format)
2424
{
2425
    return (format & B_FORMAT_TEXT) == B_FORMAT_TEXT;
2426 2427
}

2428
BIO *dup_bio_in(int format)
2429
{
2430 2431 2432 2433 2434 2435 2436 2437
    return BIO_new_fp(stdin,
                      BIO_NOCLOSE | (istext(format) ? BIO_FP_TEXT : 0));
}

BIO *dup_bio_out(int format)
{
    BIO *b = BIO_new_fp(stdout,
                        BIO_NOCLOSE | (istext(format) ? BIO_FP_TEXT : 0));
2438
#ifdef OPENSSL_SYS_VMS
2439 2440
    if (istext(format))
        b = BIO_push(BIO_new(BIO_f_linebuffer()), b);
2441 2442 2443 2444 2445 2446 2447 2448 2449 2450 2451
#endif
    return b;
}

BIO *dup_bio_err(int format)
{
    BIO *b = BIO_new_fp(stderr,
                        BIO_NOCLOSE | (istext(format) ? BIO_FP_TEXT : 0));
#ifdef OPENSSL_SYS_VMS
    if (istext(format))
        b = BIO_push(BIO_new(BIO_f_linebuffer()), b);
2452 2453 2454 2455 2456 2457
#endif
    return b;
}

void unbuffer(FILE *fp)
{
2458 2459 2460 2461 2462 2463 2464 2465 2466 2467 2468
/*
 * On VMS, setbuf() will only take 32-bit pointers, and a compilation
 * with /POINTER_SIZE=64 will give off a MAYLOSEDATA2 warning here.
 * However, we trust that the C RTL will never give us a FILE pointer
 * above the first 4 GB of memory, so we simply turn off the warning
 * temporarily.
 */
#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
# pragma environment save
# pragma message disable maylosedata2
#endif
2469
    setbuf(fp, NULL);
2470 2471 2472
#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
# pragma environment restore
#endif
2473 2474 2475 2476 2477 2478 2479 2480
}

static const char *modestr(char mode, int format)
{
    OPENSSL_assert(mode == 'a' || mode == 'r' || mode == 'w');

    switch (mode) {
    case 'a':
2481
        return istext(format) ? "a" : "ab";
2482
    case 'r':
2483
        return istext(format) ? "r" : "rb";
2484
    case 'w':
2485
        return istext(format) ? "w" : "wb";
2486 2487 2488 2489 2490 2491 2492 2493 2494 2495 2496 2497 2498 2499 2500 2501 2502 2503 2504 2505 2506 2507 2508 2509 2510
    }
    /* The assert above should make sure we never reach this point */
    return NULL;
}

static const char *modeverb(char mode)
{
    switch (mode) {
    case 'a':
        return "appending";
    case 'r':
        return "reading";
    case 'w':
        return "writing";
    }
    return "(doing something)";
}

/*
 * Open a file for writing, owner-read-only.
 */
BIO *bio_open_owner(const char *filename, int format, int private)
{
    FILE *fp = NULL;
    BIO *b = NULL;
2511
    int fd = -1, bflags, mode, textmode;
2512 2513 2514 2515 2516 2517 2518 2519 2520 2521 2522

    if (!private || filename == NULL || strcmp(filename, "-") == 0)
        return bio_open_default(filename, 'w', format);

    mode = O_WRONLY;
#ifdef O_CREAT
    mode |= O_CREAT;
#endif
#ifdef O_TRUNC
    mode |= O_TRUNC;
#endif
2523 2524
    textmode = istext(format);
    if (!textmode) {
2525 2526 2527 2528 2529 2530 2531
#ifdef O_BINARY
        mode |= O_BINARY;
#elif defined(_O_BINARY)
        mode |= _O_BINARY;
#endif
    }

2532 2533 2534 2535 2536 2537 2538 2539 2540 2541 2542
#ifdef OPENSSL_SYS_VMS
    /* VMS doesn't have O_BINARY, it just doesn't make sense.  But,
     * it still needs to know that we're going binary, or fdopen()
     * will fail with "invalid argument"...  so we tell VMS what the
     * context is.
     */
    if (!textmode)
        fd = open(filename, mode, 0600, "ctx=bin");
    else
#endif
        fd = open(filename, mode, 0600);
2543 2544 2545 2546 2547 2548
    if (fd < 0)
        goto err;
    fp = fdopen(fd, modestr('w', format));
    if (fp == NULL)
        goto err;
    bflags = BIO_CLOSE;
2549
    if (textmode)
2550 2551 2552 2553 2554 2555 2556 2557 2558 2559 2560 2561 2562 2563 2564 2565 2566 2567 2568 2569 2570 2571 2572
        bflags |= BIO_FP_TEXT;
    b = BIO_new_fp(fp, bflags);
    if (b)
        return b;

 err:
    BIO_printf(bio_err, "%s: Can't open \"%s\" for writing, %s\n",
               opt_getprog(), filename, strerror(errno));
    ERR_print_errors(bio_err);
    /* If we have fp, then fdopen took over fd, so don't close both. */
    if (fp)
        fclose(fp);
    else if (fd >= 0)
        close(fd);
    return NULL;
}

static BIO *bio_open_default_(const char *filename, char mode, int format,
                              int quiet)
{
    BIO *ret;

    if (filename == NULL || strcmp(filename, "-") == 0) {
2573
        ret = mode == 'r' ? dup_bio_in(format) : dup_bio_out(format);
2574 2575 2576 2577 2578 2579 2580 2581 2582 2583 2584 2585 2586 2587 2588 2589 2590 2591 2592 2593 2594 2595 2596 2597 2598 2599 2600 2601 2602 2603 2604 2605 2606 2607 2608
        if (quiet) {
            ERR_clear_error();
            return ret;
        }
        if (ret != NULL)
            return ret;
        BIO_printf(bio_err,
                   "Can't open %s, %s\n",
                   mode == 'r' ? "stdin" : "stdout", strerror(errno));
    } else {
        ret = BIO_new_file(filename, modestr(mode, format));
        if (quiet) {
            ERR_clear_error();
            return ret;
        }
        if (ret != NULL)
            return ret;
        BIO_printf(bio_err,
                   "Can't open %s for %s, %s\n",
                   filename, modeverb(mode), strerror(errno));
    }
    ERR_print_errors(bio_err);
    return NULL;
}

BIO *bio_open_default(const char *filename, char mode, int format)
{
    return bio_open_default_(filename, mode, format, 0);
}

BIO *bio_open_default_quiet(const char *filename, char mode, int format)
{
    return bio_open_default_(filename, mode, format, 1);
}

2609 2610
void wait_for_async(SSL *s)
{
M
Matt Caswell 已提交
2611 2612
    /* On Windows select only works for sockets, so we simply don't wait  */
#ifndef OPENSSL_SYS_WINDOWS
M
Matt Caswell 已提交
2613
    int width = 0;
2614
    fd_set asyncfds;
M
Matt Caswell 已提交
2615 2616
    OSSL_ASYNC_FD *fds;
    size_t numfds;
2617

M
Matt Caswell 已提交
2618 2619 2620
    if (!SSL_get_all_async_fds(s, NULL, &numfds))
        return;
    if (numfds == 0)
2621
        return;
R
Rich Salz 已提交
2622
    fds = app_malloc(sizeof(OSSL_ASYNC_FD) * numfds, "allocate async fds");
M
Matt Caswell 已提交
2623 2624 2625
    if (!SSL_get_all_async_fds(s, fds, &numfds)) {
        OPENSSL_free(fds);
    }
2626 2627

    FD_ZERO(&asyncfds);
M
Matt Caswell 已提交
2628 2629 2630 2631 2632 2633 2634
    while (numfds > 0) {
        if (width <= (int)*fds)
            width = (int)*fds + 1;
        openssl_fdset((int)*fds, &asyncfds);
        numfds--;
        fds++;
    }
2635
    select(width, (void *)&asyncfds, NULL, NULL, NULL);
M
Matt Caswell 已提交
2636
#endif
2637
}
2638 2639 2640 2641 2642 2643 2644 2645 2646 2647 2648 2649 2650 2651 2652 2653 2654 2655 2656 2657 2658 2659 2660 2661 2662 2663 2664 2665

/* if OPENSSL_SYS_WINDOWS is defined then so is OPENSSL_SYS_MSDOS */
#if defined(OPENSSL_SYS_MSDOS)
int has_stdin_waiting(void)
{
# if defined(OPENSSL_SYS_WINDOWS)
    HANDLE inhand = GetStdHandle(STD_INPUT_HANDLE);
    DWORD events = 0;
    INPUT_RECORD inputrec;
    DWORD insize = 1;
    BOOL peeked;

    if (inhand == INVALID_HANDLE_VALUE) {
        return 0;
    }

    peeked = PeekConsoleInput(inhand, &inputrec, insize, &events);
    if (!peeked) {
        /* Probably redirected input? _kbhit() does not work in this case */
        if (!feof(stdin)) {
            return 1;
        }
        return 0;
    }
# endif
    return _kbhit();
}
#endif
2666 2667

/* Corrupt a signature by modifying final byte */
D
Dr. Stephen Henson 已提交
2668
void corrupt_signature(const ASN1_STRING *signature)
2669
{
D
Dr. Stephen Henson 已提交
2670 2671
        unsigned char *s = signature->data;
        s[signature->length - 1] ^= 0x1;
2672
}
2673 2674 2675 2676 2677

int set_cert_times(X509 *x, const char *startdate, const char *enddate,
                   int days)
{
    if (startdate == NULL || strcmp(startdate, "today") == 0) {
2678 2679 2680
        if (X509_gmtime_adj(X509_getm_notBefore(x), 0) == NULL)
            return 0;
    } else {
2681
        if (!ASN1_TIME_set_string_X509(X509_getm_notBefore(x), startdate))
2682
            return 0;
2683 2684
    }
    if (enddate == NULL) {
2685 2686 2687
        if (X509_time_adj_ex(X509_getm_notAfter(x), days, 0, NULL)
            == NULL)
            return 0;
2688
    } else if (!ASN1_TIME_set_string_X509(X509_getm_notAfter(x), enddate)) {
2689
        return 0;
2690
    }
2691
    return 1;
2692
}
2693 2694 2695 2696 2697 2698 2699 2700

void make_uppercase(char *string)
{
    int i;

    for (i = 0; string[i] != '\0'; i++)
        string[i] = toupper((unsigned char)string[i]);
}