]> git.ipfire.org Git - thirdparty/openssl.git/blame - apps/apps.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Don't use select on Windows
[thirdparty/openssl.git] / apps / apps.c
CommitLineData
58964a49 1/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
d02b48c6
RE		 2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
0f113f3e 7 *
d02b48c6
RE		 8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
0f113f3e 14 *
d02b48c6
RE		 15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
0f113f3e 21 *
d02b48c6
RE		 22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
0f113f3e 36 * 4. If you include any Windows specific code (or a derivative thereof) from
d02b48c6
RE		 37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
0f113f3e 39 *
d02b48c6
RE		 40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
0f113f3e 51 *
d02b48c6
RE		 52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.]
56 */
a661b653
BM		 57/* ====================================================================
58 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
59 *
60 * Redistribution and use in source and binary forms, with or without
61 * modification, are permitted provided that the following conditions
62 * are met:
63 *
64 * 1. Redistributions of source code must retain the above copyright
0f113f3e 65 * notice, this list of conditions and the following disclaimer.
a661b653
BM		 66 *
67 * 2. Redistributions in binary form must reproduce the above copyright
68 * notice, this list of conditions and the following disclaimer in
69 * the documentation and/or other materials provided with the
70 * distribution.
71 *
72 * 3. All advertising materials mentioning features or use of this
73 * software must display the following acknowledgment:
74 * "This product includes software developed by the OpenSSL Project
75 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
76 *
77 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78 * endorse or promote products derived from this software without
79 * prior written permission. For written permission, please contact
80 * openssl-core@openssl.org.
81 *
82 * 5. Products derived from this software may not be called "OpenSSL"
83 * nor may "OpenSSL" appear in their names without prior written
84 * permission of the OpenSSL Project.
85 *
86 * 6. Redistributions of any form whatsoever must retain the following
87 * acknowledgment:
88 * "This product includes software developed by the OpenSSL Project
89 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
90 *
91 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102 * OF THE POSSIBILITY OF SUCH DAMAGE.
103 * ====================================================================
104 *
105 * This product includes cryptographic software written by Eric Young
106 * (eay@cryptsoft.com). This product includes software written by Tim
107 * Hudson (tjh@cryptsoft.com).
108 *
109 */
d02b48c6 110
fc7dae52 111#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
0f113f3e
MC		 112/*
113 * On VMS, you need to define this to get the declaration of fileno(). The
114 * value 2 is to make sure no function defined in POSIX-2 is left undefined.
68d39f3c 115 */
0f113f3e 116# define _POSIX_C_SOURCE 2
83d8fa7d 117#endif
d02b48c6
RE		 118#include <stdio.h>
119#include <stdlib.h>
120#include <string.h>
a412b891
RL		 121#ifndef NO_SYS_TYPES_H
122# include <sys/types.h>
123#endif
124#ifndef OPENSSL_NO_POSIX_IO
125# include <sys/stat.h>
126# include <fcntl.h>
127#endif
d652a095 128#include <ctype.h>
a1ad253f 129#include <errno.h>
90ae4673
RL		 130#include <openssl/err.h>
131#include <openssl/x509.h>
535d79da 132#include <openssl/x509v3.h>
90ae4673
RL		 133#include <openssl/pem.h>
134#include <openssl/pkcs12.h>
2fe5adc3 135#include <openssl/ui.h>
90ae4673 136#include <openssl/safestack.h>
0b13e9f0 137#ifndef OPENSSL_NO_ENGINE
0f113f3e 138# include <openssl/engine.h>
0b13e9f0 139#endif
3eeaab4b 140#ifndef OPENSSL_NO_RSA
0f113f3e 141# include <openssl/rsa.h>
3eeaab4b 142#endif
f0eae953 143#include <openssl/bn.h>
7e1b7485 144#include <openssl/ssl.h>
d02b48c6 145
d610d27f 146#include "apps.h"
d610d27f 147
a1ad253f
AP		 148#ifdef _WIN32
149static int WIN32_rename(const char *from, const char *to);
0f113f3e 150# define rename(from,to) WIN32_rename((from),(to))
a1ad253f
AP		 151#endif
152
8ca533e3 153typedef struct {
0f113f3e
MC		 154 const char *name;
155 unsigned long flag;
156 unsigned long mask;
8ca533e3
DSH		 157} NAME_EX_TBL;
158
2fe5adc3
RL		 159static UI_METHOD *ui_method = NULL;
160
0f113f3e
MC		 161static int set_table_opts(unsigned long *flags, const char *arg,
162 const NAME_EX_TBL * in_tbl);
163static int set_multi_opts(unsigned long *flags, const char *arg,
164 const NAME_EX_TBL * in_tbl);
8ca533e3 165
d02b48c6 166int app_init(long mesgwin);
0f113f3e 167
7e1b7485 168int chopup_args(ARGS *arg, char *buf)
0f113f3e 169{
7e1b7485 170 int quoted;
4c9b0a03 171 char c = '\0', *p = NULL;
0f113f3e 172
7e1b7485
RS		 173 arg->argc = 0;
174 if (arg->size == 0) {
175 arg->size = 20;
b4faea50 176 arg->argv = app_malloc(sizeof(*arg->argv) * arg->size, "argv space");
7e1b7485 177 if (arg->argv == NULL)
0f113f3e
MC		 178 return 0;
179 }
0f113f3e 180
7e1b7485
RS		 181 for (p = buf;;) {
182 /* Skip whitespace. */
18295f0c 183 while (*p && isspace(_UC(*p)))
0f113f3e
MC		 184 p++;
185 if (!*p)
186 break;
187
188 /* The start of something good :-) */
7e1b7485
RS		 189 if (arg->argc >= arg->size) {
190 arg->size += 20;
b4faea50
RS		 191 arg->argv = OPENSSL_realloc(arg->argv,
192 sizeof(*arg->argv) * arg->size);
7e1b7485 193 if (arg->argv == NULL)
0f113f3e 194 return 0;
0f113f3e 195 }
7e1b7485
RS		 196 quoted = *p == '\'' || *p == '"';
197 if (quoted)
198 c = *p++;
199 arg->argv[arg->argc++] = p;
0f113f3e
MC		 200
201 /* now look for the end of this */
7e1b7485
RS		 202 if (quoted) {
203 while (*p && *p != c)
0f113f3e 204 p++;
7e1b7485 205 *p++ = '\0';
0f113f3e 206 } else {
18295f0c 207 while (*p && !isspace(_UC(*p)))
0f113f3e 208 p++;
7e1b7485
RS		 209 if (*p)
210 *p++ = '\0';
0f113f3e 211 }
0f113f3e 212 }
7e1b7485 213 arg->argv[arg->argc] = NULL;
0f113f3e
MC		 214 return (1);
215}
d02b48c6
RE		 216
217#ifndef APP_INIT
6b691a5c 218int app_init(long mesgwin)
0f113f3e
MC		 219{
220 return (1);
221}
d02b48c6 222#endif
53b1899e 223
2b6bcb70
MC		 224int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile,
225 const char *CApath, int noCAfile, int noCApath)
7e1b7485 226{
2b6bcb70
MC		 227 if (CAfile == NULL && CApath == NULL) {
228 if (!noCAfile && SSL_CTX_set_default_verify_file(ctx) <= 0)
229 return 0;
230 if (!noCApath && SSL_CTX_set_default_verify_dir(ctx) <= 0)
231 return 0;
232
233 return 1;
234 }
7e1b7485
RS		 235 return SSL_CTX_load_verify_locations(ctx, CAfile, CApath);
236}
237
b5369582
RP		 238#ifndef OPENSSL_NO_CT
239
dd696a55
RP		 240int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path)
241{
242 if (path == NULL) {
328f36c5 243 return SSL_CTX_set_default_ctlog_list_file(ctx);
dd696a55
RP		 244 }
245
246 return SSL_CTX_set_ctlog_list_file(ctx, path);
247}
248
b5369582
RP		 249#endif
250
0f113f3e 251int dump_cert_text(BIO *out, X509 *x)
954ef7ef 252{
0f113f3e 253 char *p;
54a656ef 254
0f113f3e
MC		 255 p = X509_NAME_oneline(X509_get_subject_name(x), NULL, 0);
256 BIO_puts(out, "subject=");
257 BIO_puts(out, p);
258 OPENSSL_free(p);
954ef7ef 259
0f113f3e
MC		 260 p = X509_NAME_oneline(X509_get_issuer_name(x), NULL, 0);
261 BIO_puts(out, "\nissuer=");
262 BIO_puts(out, p);
263 BIO_puts(out, "\n");
264 OPENSSL_free(p);
54a656ef 265
0f113f3e 266 return 0;
954ef7ef 267}
a3fe382e 268
923b1857 269#ifndef OPENSSL_NO_UI
2fe5adc3 270static int ui_open(UI *ui)
0f113f3e
MC		 271{
272 return UI_method_get_opener(UI_OpenSSL())(ui);
273}
274
2fe5adc3 275static int ui_read(UI *ui, UI_STRING *uis)
0f113f3e
MC		 276{
277 if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
278 && UI_get0_user_data(ui)) {
279 switch (UI_get_string_type(uis)) {
280 case UIT_PROMPT:
281 case UIT_VERIFY:
282 {
283 const char *password =
284 ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
285 if (password && password[0] != '\0') {
286 UI_set_result(ui, uis, password);
287 return 1;
288 }
289 }
290 default:
291 break;
292 }
293 }
294 return UI_method_get_reader(UI_OpenSSL())(ui, uis);
295}
296
2fe5adc3 297static int ui_write(UI *ui, UI_STRING *uis)
0f113f3e
MC		 298{
299 if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
300 && UI_get0_user_data(ui)) {
301 switch (UI_get_string_type(uis)) {
302 case UIT_PROMPT:
303 case UIT_VERIFY:
304 {
305 const char *password =
306 ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
307 if (password && password[0] != '\0')
308 return 1;
309 }
310 default:
311 break;
312 }
313 }
314 return UI_method_get_writer(UI_OpenSSL())(ui, uis);
315}
316
2fe5adc3 317static int ui_close(UI *ui)
0f113f3e
MC		 318{
319 return UI_method_get_closer(UI_OpenSSL())(ui);
320}
321
40889b9c 322int setup_ui_method(void)
0f113f3e
MC		 323{
324 ui_method = UI_create_method("OpenSSL application user interface");
325 UI_method_set_opener(ui_method, ui_open);
326 UI_method_set_reader(ui_method, ui_read);
327 UI_method_set_writer(ui_method, ui_write);
328 UI_method_set_closer(ui_method, ui_close);
329 return 0;
330}
331
40889b9c 332void destroy_ui_method(void)
0f113f3e
MC		 333{
334 if (ui_method) {
335 UI_destroy_method(ui_method);
336 ui_method = NULL;
337 }
338}
923b1857 339#endif
0f113f3e
MC		 340
341int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
342{
0f113f3e 343 int res = 0;
923b1857
RL		 344#ifndef OPENSSL_NO_UI
345 UI *ui = NULL;
0f113f3e 346 const char *prompt_info = NULL;
923b1857 347#endif
0f113f3e
MC		 348 const char *password = NULL;
349 PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;
350
351 if (cb_data) {
352 if (cb_data->password)
353 password = cb_data->password;
923b1857 354#ifndef OPENSSL_NO_UI
0f113f3e
MC		 355 if (cb_data->prompt_info)
356 prompt_info = cb_data->prompt_info;
923b1857 357#endif
0f113f3e
MC		 358 }
359
360 if (password) {
361 res = strlen(password);
362 if (res > bufsiz)
363 res = bufsiz;
364 memcpy(buf, password, res);
365 return res;
366 }
367
923b1857 368#ifndef OPENSSL_NO_UI
0f113f3e
MC		 369 ui = UI_new_method(ui_method);
370 if (ui) {
371 int ok = 0;
372 char *buff = NULL;
373 int ui_flags = 0;
7e1b7485 374 char *prompt;
0f113f3e
MC		 375
376 prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
61986d32 377 if (!prompt) {
918bb865
MC		 378 BIO_printf(bio_err, "Out of memory\n");
379 UI_free(ui);
380 return 0;
381 }
0f113f3e
MC		 382
383 ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
384 UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
385
386 if (ok >= 0)
387 ok = UI_add_input_string(ui, prompt, ui_flags, buf,
388 PW_MIN_LENGTH, bufsiz - 1);
389 if (ok >= 0 && verify) {
68dc6824 390 buff = app_malloc(bufsiz, "password buffer");
0f113f3e
MC		 391 ok = UI_add_verify_string(ui, prompt, ui_flags, buff,
392 PW_MIN_LENGTH, bufsiz - 1, buf);
393 }
394 if (ok >= 0)
395 do {
396 ok = UI_process(ui);
397 }
398 while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
399
4b45c6e5 400 OPENSSL_clear_free(buff, (unsigned int)bufsiz);
0f113f3e
MC		 401
402 if (ok >= 0)
403 res = strlen(buf);
404 if (ok == -1) {
405 BIO_printf(bio_err, "User interface error\n");
406 ERR_print_errors(bio_err);
407 OPENSSL_cleanse(buf, (unsigned int)bufsiz);
408 res = 0;
409 }
410 if (ok == -2) {
411 BIO_printf(bio_err, "aborted!\n");
412 OPENSSL_cleanse(buf, (unsigned int)bufsiz);
413 res = 0;
414 }
415 UI_free(ui);
416 OPENSSL_free(prompt);
417 }
923b1857 418#endif
0f113f3e
MC		 419 return res;
420}
30b4c272 421
7e1b7485 422static char *app_get_pass(char *arg, int keepbio);
a3fe382e 423
7e1b7485 424int app_passwd(char *arg1, char *arg2, char **pass1, char **pass2)
a3fe382e 425{
0f113f3e
MC		 426 int same;
427 if (!arg2 || !arg1 || strcmp(arg1, arg2))
428 same = 0;
429 else
430 same = 1;
431 if (arg1) {
7e1b7485 432 *pass1 = app_get_pass(arg1, same);
0f113f3e
MC		 433 if (!*pass1)
434 return 0;
435 } else if (pass1)
436 *pass1 = NULL;
437 if (arg2) {
7e1b7485 438 *pass2 = app_get_pass(arg2, same ? 2 : 0);
0f113f3e
MC		 439 if (!*pass2)
440 return 0;
441 } else if (pass2)
442 *pass2 = NULL;
443 return 1;
a3fe382e
DSH		 444}
445
7e1b7485 446static char *app_get_pass(char *arg, int keepbio)
a3fe382e 447{
0f113f3e
MC		 448 char *tmp, tpass[APP_PASS_LEN];
449 static BIO *pwdbio = NULL;
450 int i;
86885c28
RS		 451
452 if (strncmp(arg, "pass:", 5) == 0)
7644a9ae 453 return OPENSSL_strdup(arg + 5);
86885c28 454 if (strncmp(arg, "env:", 4) == 0) {
0f113f3e
MC		 455 tmp = getenv(arg + 4);
456 if (!tmp) {
7e1b7485 457 BIO_printf(bio_err, "Can't read environment variable %s\n", arg + 4);
0f113f3e
MC		 458 return NULL;
459 }
7644a9ae 460 return OPENSSL_strdup(tmp);
0f113f3e
MC		 461 }
462 if (!keepbio || !pwdbio) {
86885c28 463 if (strncmp(arg, "file:", 5) == 0) {
0f113f3e
MC		 464 pwdbio = BIO_new_file(arg + 5, "r");
465 if (!pwdbio) {
7e1b7485 466 BIO_printf(bio_err, "Can't open file %s\n", arg + 5);
0f113f3e
MC		 467 return NULL;
468 }
eff7cb41 469#if !defined(_WIN32)
0f113f3e
MC		 470 /*
471 * Under _WIN32, which covers even Win64 and CE, file
472 * descriptors referenced by BIO_s_fd are not inherited
473 * by child process and therefore below is not an option.
474 * It could have been an option if bss_fd.c was operating
475 * on real Windows descriptors, such as those obtained
476 * with CreateFile.
477 */
86885c28 478 } else if (strncmp(arg, "fd:", 3) == 0) {
0f113f3e
MC		 479 BIO *btmp;
480 i = atoi(arg + 3);
481 if (i >= 0)
482 pwdbio = BIO_new_fd(i, BIO_NOCLOSE);
483 if ((i < 0) || !pwdbio) {
7e1b7485 484 BIO_printf(bio_err, "Can't access file descriptor %s\n", arg + 3);
0f113f3e
MC		 485 return NULL;
486 }
487 /*
488 * Can't do BIO_gets on an fd BIO so add a buffering BIO
489 */
490 btmp = BIO_new(BIO_f_buffer());
491 pwdbio = BIO_push(btmp, pwdbio);
492#endif
86885c28 493 } else if (strcmp(arg, "stdin") == 0) {
a60994df 494 pwdbio = dup_bio_in(FORMAT_TEXT);
0f113f3e 495 if (!pwdbio) {
7e1b7485 496 BIO_printf(bio_err, "Can't open BIO for stdin\n");
0f113f3e
MC		 497 return NULL;
498 }
499 } else {
7e1b7485 500 BIO_printf(bio_err, "Invalid password argument \"%s\"\n", arg);
0f113f3e
MC		 501 return NULL;
502 }
503 }
504 i = BIO_gets(pwdbio, tpass, APP_PASS_LEN);
505 if (keepbio != 1) {
506 BIO_free_all(pwdbio);
507 pwdbio = NULL;
508 }
509 if (i <= 0) {
7e1b7485 510 BIO_printf(bio_err, "Error reading password from BIO\n");
0f113f3e
MC		 511 return NULL;
512 }
513 tmp = strchr(tpass, '\n');
514 if (tmp)
515 *tmp = 0;
7644a9ae 516 return OPENSSL_strdup(tpass);
a3fe382e 517}
90ae4673 518
296f54ee 519static CONF *app_load_config_(BIO *in, const char *filename)
cc01d217
RS		 520{
521 long errorline = -1;
522 CONF *conf;
523 int i;
cc01d217
RS		 524
525 conf = NCONF_new(NULL);
526 i = NCONF_load_bio(conf, in, &errorline);
cc01d217
RS		 527 if (i > 0)
528 return conf;
529
530 if (errorline <= 0)
531 BIO_printf(bio_err, "%s: Can't load config file \"%s\"\n",
532 opt_getprog(), filename);
533 else
534 BIO_printf(bio_err, "%s: Error on line %ld of config file \"%s\"\n",
535 opt_getprog(), errorline, filename);
536 NCONF_free(conf);
537 return NULL;
538}
296f54ee
RL		 539CONF *app_load_config(const char *filename)
540{
541 BIO *in;
542 CONF *conf;
543
bdd58d98 544 in = bio_open_default(filename, 'r', FORMAT_TEXT);
296f54ee
RL		 545 if (in == NULL)
546 return NULL;
547
548 conf = app_load_config_(in, filename);
549 BIO_free(in);
550 return conf;
551}
552CONF *app_load_config_quiet(const char *filename)
553{
554 BIO *in;
555 CONF *conf;
556
bdd58d98 557 in = bio_open_default_quiet(filename, 'r', FORMAT_TEXT);
296f54ee
RL		 558 if (in == NULL)
559 return NULL;
560
561 conf = app_load_config_(in, filename);
562 BIO_free(in);
563 return conf;
564}
565
566int app_load_modules(const CONF *config)
567{
568 CONF *to_free = NULL;
569
570 if (config == NULL)
571 config = to_free = app_load_config_quiet(default_config_file);
572 if (config == NULL)
573 return 1;
574
575 if (CONF_modules_load(config, NULL, 0) <= 0) {
576 BIO_printf(bio_err, "Error configuring OpenSSL modules\n");
577 ERR_print_errors(bio_err);
578 NCONF_free(to_free);
579 return 0;
580 }
581 NCONF_free(to_free);
582 return 1;
583}
cc01d217 584
7e1b7485 585int add_oid_section(CONF *conf)
0f113f3e
MC		 586{
587 char *p;
588 STACK_OF(CONF_VALUE) *sktmp;
589 CONF_VALUE *cnf;
590 int i;
75ebbd9a
RS		 591
592 if ((p = NCONF_get_string(conf, NULL, "oid_section")) == NULL) {
0f113f3e
MC		 593 ERR_clear_error();
594 return 1;
595 }
75ebbd9a 596 if ((sktmp = NCONF_get_section(conf, p)) == NULL) {
7e1b7485 597 BIO_printf(bio_err, "problem loading oid section %s\n", p);
0f113f3e
MC		 598 return 0;
599 }
600 for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
601 cnf = sk_CONF_VALUE_value(sktmp, i);
602 if (OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
7e1b7485 603 BIO_printf(bio_err, "problem creating object %s=%s\n",
0f113f3e
MC		 604 cnf->name, cnf->value);
605 return 0;
606 }
607 }
608 return 1;
431b0cce
RL		 609}
610
7e1b7485 611static int load_pkcs12(BIO *in, const char *desc,
0f113f3e
MC		 612 pem_password_cb *pem_cb, void *cb_data,
613 EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
614{
615 const char *pass;
616 char tpass[PEM_BUFSIZE];
617 int len, ret = 0;
618 PKCS12 *p12;
619 p12 = d2i_PKCS12_bio(in, NULL);
620 if (p12 == NULL) {
7e1b7485 621 BIO_printf(bio_err, "Error loading PKCS12 file for %s\n", desc);
0f113f3e
MC		 622 goto die;
623 }
624 /* See if an empty password will do */
625 if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0))
626 pass = "";
627 else {
628 if (!pem_cb)
629 pem_cb = (pem_password_cb *)password_callback;
630 len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data);
631 if (len < 0) {
7e1b7485 632 BIO_printf(bio_err, "Passphrase callback error for %s\n", desc);
0f113f3e
MC		 633 goto die;
634 }
635 if (len < PEM_BUFSIZE)
636 tpass[len] = 0;
637 if (!PKCS12_verify_mac(p12, tpass, len)) {
7e1b7485 638 BIO_printf(bio_err,
0f113f3e
MC		 639 "Mac verify error (wrong password?) in PKCS12 file for %s\n",
640 desc);
641 goto die;
642 }
643 pass = tpass;
644 }
645 ret = PKCS12_parse(p12, pass, pkey, cert, ca);
646 die:
e0e920b1 647 PKCS12_free(p12);
0f113f3e
MC		 648 return ret;
649}
e90fadda 650
f9e55034 651#if !defined(OPENSSL_NO_OCSP) && !defined(OPENSSL_NO_SOCK)
5d322287 652static int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl)
0f113f3e
MC		 653{
654 char *host = NULL, *port = NULL, *path = NULL;
655 BIO *bio = NULL;
656 OCSP_REQ_CTX *rctx = NULL;
657 int use_ssl, rv = 0;
658 if (!OCSP_parse_url(url, &host, &port, &path, &use_ssl))
659 goto err;
660 if (use_ssl) {
7e1b7485 661 BIO_puts(bio_err, "https not supported\n");
0f113f3e
MC		 662 goto err;
663 }
664 bio = BIO_new_connect(host);
665 if (!bio || !BIO_set_conn_port(bio, port))
666 goto err;
667 rctx = OCSP_REQ_CTX_new(bio, 1024);
96487cdd 668 if (rctx == NULL)
0f113f3e
MC		 669 goto err;
670 if (!OCSP_REQ_CTX_http(rctx, "GET", path))
671 goto err;
672 if (!OCSP_REQ_CTX_add1_header(rctx, "Host", host))
673 goto err;
674 if (pcert) {
675 do {
676 rv = X509_http_nbio(rctx, pcert);
7e1b7485 677 } while (rv == -1);
0f113f3e
MC		 678 } else {
679 do {
680 rv = X509_CRL_http_nbio(rctx, pcrl);
681 } while (rv == -1);
682 }
683
684 err:
25aaa98a
RS		 685 OPENSSL_free(host);
686 OPENSSL_free(path);
687 OPENSSL_free(port);
0f113f3e
MC		 688 if (bio)
689 BIO_free_all(bio);
895cba19 690 OCSP_REQ_CTX_free(rctx);
0f113f3e 691 if (rv != 1) {
7e1b7485
RS		 692 BIO_printf(bio_err, "Error loading %s from %s\n",
693 pcert ? "certificate" : "CRL", url);
0f113f3e
MC		 694 ERR_print_errors(bio_err);
695 }
696 return rv;
697}
5d322287 698#endif
95ea5318 699
a773b52a 700X509 *load_cert(const char *file, int format, const char *cert_descrip)
0f113f3e
MC		 701{
702 X509 *x = NULL;
703 BIO *cert;
704
705 if (format == FORMAT_HTTP) {
f9e55034 706#if !defined(OPENSSL_NO_OCSP) && !defined(OPENSSL_NO_SOCK)
7e1b7485 707 load_cert_crl_http(file, &x, NULL);
5d322287 708#endif
0f113f3e
MC		 709 return x;
710 }
711
0f113f3e 712 if (file == NULL) {
7e1b7485 713 unbuffer(stdin);
a60994df 714 cert = dup_bio_in(format);
7e1b7485 715 } else
bdd58d98 716 cert = bio_open_default(file, 'r', format);
7e1b7485
RS		 717 if (cert == NULL)
718 goto end;
0f113f3e
MC		 719
720 if (format == FORMAT_ASN1)
721 x = d2i_X509_bio(cert, NULL);
0bc2f365 722 else if (format == FORMAT_PEM)
0f113f3e
MC		 723 x = PEM_read_bio_X509_AUX(cert, NULL,
724 (pem_password_cb *)password_callback, NULL);
725 else if (format == FORMAT_PKCS12) {
7e1b7485 726 if (!load_pkcs12(cert, cert_descrip, NULL, NULL, NULL, &x, NULL))
0f113f3e
MC		 727 goto end;
728 } else {
7e1b7485 729 BIO_printf(bio_err, "bad input format specified for %s\n", cert_descrip);
0f113f3e
MC		 730 goto end;
731 }
732 end:
733 if (x == NULL) {
7e1b7485
RS		 734 BIO_printf(bio_err, "unable to load certificate\n");
735 ERR_print_errors(bio_err);
0f113f3e 736 }
25aaa98a 737 BIO_free(cert);
0f113f3e
MC		 738 return (x);
739}
90ae4673 740
0090a686 741X509_CRL *load_crl(const char *infile, int format)
0f113f3e
MC		 742{
743 X509_CRL *x = NULL;
744 BIO *in = NULL;
745
746 if (format == FORMAT_HTTP) {
f9e55034 747#if !defined(OPENSSL_NO_OCSP) && !defined(OPENSSL_NO_SOCK)
7e1b7485 748 load_cert_crl_http(infile, NULL, &x);
5d322287 749#endif
0f113f3e
MC		 750 return x;
751 }
752
bdd58d98 753 in = bio_open_default(infile, 'r', format);
7e1b7485 754 if (in == NULL)
0f113f3e 755 goto end;
0f113f3e
MC		 756 if (format == FORMAT_ASN1)
757 x = d2i_X509_CRL_bio(in, NULL);
758 else if (format == FORMAT_PEM)
759 x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
760 else {
761 BIO_printf(bio_err, "bad input format specified for input crl\n");
762 goto end;
763 }
764 if (x == NULL) {
765 BIO_printf(bio_err, "unable to load CRL\n");
766 ERR_print_errors(bio_err);
767 goto end;
768 }
fdb78f3d 769
0f113f3e
MC		 770 end:
771 BIO_free(in);
772 return (x);
773}
fdb78f3d 774
7e1b7485 775EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
0f113f3e
MC		 776 const char *pass, ENGINE *e, const char *key_descrip)
777{
778 BIO *key = NULL;
779 EVP_PKEY *pkey = NULL;
780 PW_CB_DATA cb_data;
781
782 cb_data.password = pass;
783 cb_data.prompt_info = file;
784
785 if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE)) {
7e1b7485 786 BIO_printf(bio_err, "no keyfile specified\n");
0f113f3e
MC		 787 goto end;
788 }
0f113f3e 789 if (format == FORMAT_ENGINE) {
0c20802c 790 if (e == NULL)
7e1b7485 791 BIO_printf(bio_err, "no engine specified\n");
0f113f3e 792 else {
0c20802c 793#ifndef OPENSSL_NO_ENGINE
0f113f3e 794 pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data);
0c20802c 795 if (pkey == NULL) {
7e1b7485
RS		 796 BIO_printf(bio_err, "cannot load %s from engine\n", key_descrip);
797 ERR_print_errors(bio_err);
0f113f3e 798 }
0c20802c
VD		 799#else
800 BIO_printf(bio_err, "engines not supported\n");
801#endif
0f113f3e
MC		 802 }
803 goto end;
804 }
0f113f3e 805 if (file == NULL && maybe_stdin) {
7e1b7485 806 unbuffer(stdin);
a60994df 807 key = dup_bio_in(format);
7e1b7485 808 } else
bdd58d98 809 key = bio_open_default(file, 'r', format);
7e1b7485 810 if (key == NULL)
0f113f3e 811 goto end;
0f113f3e
MC		 812 if (format == FORMAT_ASN1) {
813 pkey = d2i_PrivateKey_bio(key, NULL);
814 } else if (format == FORMAT_PEM) {
815 pkey = PEM_read_bio_PrivateKey(key, NULL,
816 (pem_password_cb *)password_callback,
817 &cb_data);
818 }
0f113f3e 819 else if (format == FORMAT_PKCS12) {
7e1b7485 820 if (!load_pkcs12(key, key_descrip,
0f113f3e
MC		 821 (pem_password_cb *)password_callback, &cb_data,
822 &pkey, NULL, NULL))
823 goto end;
824 }
00a37b5a 825#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) && !defined (OPENSSL_NO_RC4)
0f113f3e
MC		 826 else if (format == FORMAT_MSBLOB)
827 pkey = b2i_PrivateKey_bio(key);
828 else if (format == FORMAT_PVK)
829 pkey = b2i_PVK_bio(key, (pem_password_cb *)password_callback,
830 &cb_data);
831#endif
832 else {
7e1b7485 833 BIO_printf(bio_err, "bad input format specified for key file\n");
0f113f3e
MC		 834 goto end;
835 }
90ae4673 836 end:
25aaa98a 837 BIO_free(key);
0f113f3e 838 if (pkey == NULL) {
7e1b7485
RS		 839 BIO_printf(bio_err, "unable to load %s\n", key_descrip);
840 ERR_print_errors(bio_err);
0f113f3e
MC		 841 }
842 return (pkey);
843}
90ae4673 844
7e1b7485 845EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
0f113f3e
MC		 846 const char *pass, ENGINE *e, const char *key_descrip)
847{
848 BIO *key = NULL;
849 EVP_PKEY *pkey = NULL;
850 PW_CB_DATA cb_data;
851
852 cb_data.password = pass;
853 cb_data.prompt_info = file;
854
855 if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE)) {
7e1b7485 856 BIO_printf(bio_err, "no keyfile specified\n");
0f113f3e
MC		 857 goto end;
858 }
0f113f3e 859 if (format == FORMAT_ENGINE) {
0c20802c 860 if (e == NULL)
0f113f3e 861 BIO_printf(bio_err, "no engine specified\n");
0c20802c
VD		 862 else {
863#ifndef OPENSSL_NO_ENGINE
0f113f3e 864 pkey = ENGINE_load_public_key(e, file, ui_method, &cb_data);
0c20802c
VD		 865 if (pkey == NULL) {
866 BIO_printf(bio_err, "cannot load %s from engine\n", key_descrip);
867 ERR_print_errors(bio_err);
868 }
869#else
870 BIO_printf(bio_err, "engines not supported\n");
871#endif
872 }
0f113f3e
MC		 873 goto end;
874 }
0f113f3e 875 if (file == NULL && maybe_stdin) {
7e1b7485 876 unbuffer(stdin);
a60994df 877 key = dup_bio_in(format);
7e1b7485 878 } else
bdd58d98 879 key = bio_open_default(file, 'r', format);
7e1b7485 880 if (key == NULL)
0f113f3e 881 goto end;
0f113f3e
MC		 882 if (format == FORMAT_ASN1) {
883 pkey = d2i_PUBKEY_bio(key, NULL);
884 }
0f113f3e 885 else if (format == FORMAT_ASN1RSA) {
0c20802c 886#ifndef OPENSSL_NO_RSA
0f113f3e
MC		 887 RSA *rsa;
888 rsa = d2i_RSAPublicKey_bio(key, NULL);
889 if (rsa) {
890 pkey = EVP_PKEY_new();
96487cdd 891 if (pkey != NULL)
0f113f3e
MC		 892 EVP_PKEY_set1_RSA(pkey, rsa);
893 RSA_free(rsa);
894 } else
0c20802c
VD		 895#else
896 BIO_printf(bio_err, "RSA keys not supported\n");
897#endif
0f113f3e
MC		 898 pkey = NULL;
899 } else if (format == FORMAT_PEMRSA) {
0c20802c 900#ifndef OPENSSL_NO_RSA
0f113f3e
MC		 901 RSA *rsa;
902 rsa = PEM_read_bio_RSAPublicKey(key, NULL,
903 (pem_password_cb *)password_callback,
904 &cb_data);
96487cdd 905 if (rsa != NULL) {
0f113f3e 906 pkey = EVP_PKEY_new();
96487cdd 907 if (pkey != NULL)
0f113f3e
MC		 908 EVP_PKEY_set1_RSA(pkey, rsa);
909 RSA_free(rsa);
910 } else
0c20802c
VD		 911#else
912 BIO_printf(bio_err, "RSA keys not supported\n");
913#endif
0f113f3e
MC		 914 pkey = NULL;
915 }
0f113f3e
MC		 916 else if (format == FORMAT_PEM) {
917 pkey = PEM_read_bio_PUBKEY(key, NULL,
918 (pem_password_cb *)password_callback,
919 &cb_data);
920 }
d4f0339c 921#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
0f113f3e
MC		 922 else if (format == FORMAT_MSBLOB)
923 pkey = b2i_PublicKey_bio(key);
d4f0339c 924#endif
bd08a2bd 925 end:
25aaa98a 926 BIO_free(key);
0f113f3e 927 if (pkey == NULL)
7e1b7485 928 BIO_printf(bio_err, "unable to load %s\n", key_descrip);
0f113f3e
MC		 929 return (pkey);
930}
bd08a2bd 931
7e1b7485 932static int load_certs_crls(const char *file, int format,
a773b52a 933 const char *pass, const char *desc,
0f113f3e
MC		 934 STACK_OF(X509) **pcerts,
935 STACK_OF(X509_CRL) **pcrls)
936{
937 int i;
938 BIO *bio;
939 STACK_OF(X509_INFO) *xis = NULL;
940 X509_INFO *xi;
941 PW_CB_DATA cb_data;
942 int rv = 0;
943
944 cb_data.password = pass;
945 cb_data.prompt_info = file;
946
947 if (format != FORMAT_PEM) {
7e1b7485 948 BIO_printf(bio_err, "bad input format specified for %s\n", desc);
0f113f3e
MC		 949 return 0;
950 }
951
bdd58d98 952 bio = bio_open_default(file, 'r', FORMAT_PEM);
7e1b7485 953 if (bio == NULL)
0f113f3e 954 return 0;
0f113f3e
MC		 955
956 xis = PEM_X509_INFO_read_bio(bio, NULL,
957 (pem_password_cb *)password_callback,
958 &cb_data);
959
960 BIO_free(bio);
961
0996dc54 962 if (pcerts && *pcerts == NULL) {
0f113f3e
MC		 963 *pcerts = sk_X509_new_null();
964 if (!*pcerts)
965 goto end;
966 }
967
0996dc54 968 if (pcrls && *pcrls == NULL) {
0f113f3e
MC		 969 *pcrls = sk_X509_CRL_new_null();
970 if (!*pcrls)
971 goto end;
972 }
973
974 for (i = 0; i < sk_X509_INFO_num(xis); i++) {
975 xi = sk_X509_INFO_value(xis, i);
976 if (xi->x509 && pcerts) {
977 if (!sk_X509_push(*pcerts, xi->x509))
978 goto end;
979 xi->x509 = NULL;
980 }
981 if (xi->crl && pcrls) {
982 if (!sk_X509_CRL_push(*pcrls, xi->crl))
983 goto end;
984 xi->crl = NULL;
985 }
986 }
987
988 if (pcerts && sk_X509_num(*pcerts) > 0)
989 rv = 1;
990
991 if (pcrls && sk_X509_CRL_num(*pcrls) > 0)
992 rv = 1;
993
994 end:
995
222561fe 996 sk_X509_INFO_pop_free(xis, X509_INFO_free);
0f113f3e
MC		 997
998 if (rv == 0) {
999 if (pcerts) {
1000 sk_X509_pop_free(*pcerts, X509_free);
1001 *pcerts = NULL;
1002 }
1003 if (pcrls) {
1004 sk_X509_CRL_pop_free(*pcrls, X509_CRL_free);
1005 *pcrls = NULL;
1006 }
7e1b7485 1007 BIO_printf(bio_err, "unable to load %s\n",
0f113f3e 1008 pcerts ? "certificates" : "CRLs");
7e1b7485 1009 ERR_print_errors(bio_err);
0f113f3e
MC		 1010 }
1011 return rv;
1012}
90ae4673 1013
68dc6824
RS		 1014void* app_malloc(int sz, const char *what)
1015{
1016 void *vp = OPENSSL_malloc(sz);
1017
1018 if (vp == NULL) {
1019 BIO_printf(bio_err, "%s: Could not allocate %d bytes for %s\n",
1020 opt_getprog(), sz, what);
1021 ERR_print_errors(bio_err);
1022 exit(1);
1023 }
1024 return vp;
1025}
1026
0996dc54
VD		 1027/*
1028 * Initialize or extend, if *certs != NULL, a certificate stack.
1029 */
1030int load_certs(const char *file, STACK_OF(X509) **certs, int format,
a773b52a 1031 const char *pass, const char *desc)
0f113f3e 1032{
a773b52a 1033 return load_certs_crls(file, format, pass, desc, certs, NULL);
0f113f3e 1034}
245d2ee3 1035
0996dc54
VD		 1036/*
1037 * Initialize or extend, if *crls != NULL, a certificate stack.
1038 */
1039int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format,
a773b52a 1040 const char *pass, const char *desc)
0f113f3e 1041{
a773b52a 1042 return load_certs_crls(file, format, pass, desc, NULL, crls);
0f113f3e
MC		 1043}
1044
1045#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
8ca533e3 1046/* Return error for unknown extensions */
0f113f3e 1047#define X509V3_EXT_DEFAULT 0
8ca533e3 1048/* Print error for unknown extensions */
0f113f3e 1049#define X509V3_EXT_ERROR_UNKNOWN (1L << 16)
8ca533e3 1050/* ASN1 parse unknown extensions */
0f113f3e 1051#define X509V3_EXT_PARSE_UNKNOWN (2L << 16)
8ca533e3 1052/* BIO_dump unknown extensions */
0f113f3e 1053#define X509V3_EXT_DUMP_UNKNOWN (3L << 16)
8ca533e3 1054
535d79da 1055#define X509_FLAG_CA (X509_FLAG_NO_ISSUER | X509_FLAG_NO_PUBKEY | \
0f113f3e 1056 X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION)
535d79da 1057
8ca533e3
DSH		 1058int set_cert_ex(unsigned long *flags, const char *arg)
1059{
0f113f3e
MC		 1060 static const NAME_EX_TBL cert_tbl[] = {
1061 {"compatible", X509_FLAG_COMPAT, 0xffffffffl},
1062 {"ca_default", X509_FLAG_CA, 0xffffffffl},
1063 {"no_header", X509_FLAG_NO_HEADER, 0},
1064 {"no_version", X509_FLAG_NO_VERSION, 0},
1065 {"no_serial", X509_FLAG_NO_SERIAL, 0},
1066 {"no_signame", X509_FLAG_NO_SIGNAME, 0},
1067 {"no_validity", X509_FLAG_NO_VALIDITY, 0},
1068 {"no_subject", X509_FLAG_NO_SUBJECT, 0},
1069 {"no_issuer", X509_FLAG_NO_ISSUER, 0},
1070 {"no_pubkey", X509_FLAG_NO_PUBKEY, 0},
1071 {"no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
1072 {"no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
1073 {"no_aux", X509_FLAG_NO_AUX, 0},
1074 {"no_attributes", X509_FLAG_NO_ATTRIBUTES, 0},
1075 {"ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
1076 {"ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
1077 {"ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
1078 {"ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
1079 {NULL, 0, 0}
1080 };
1081 return set_multi_opts(flags, arg, cert_tbl);
8ca533e3 1082}
a657546f
DSH		 1083
1084int set_name_ex(unsigned long *flags, const char *arg)
1085{
0f113f3e
MC		 1086 static const NAME_EX_TBL ex_tbl[] = {
1087 {"esc_2253", ASN1_STRFLGS_ESC_2253, 0},
1088 {"esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
1089 {"esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
1090 {"use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
1091 {"utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},
1092 {"ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},
1093 {"show_type", ASN1_STRFLGS_SHOW_TYPE, 0},
1094 {"dump_all", ASN1_STRFLGS_DUMP_ALL, 0},
1095 {"dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},
1096 {"dump_der", ASN1_STRFLGS_DUMP_DER, 0},
1097 {"compat", XN_FLAG_COMPAT, 0xffffffffL},
1098 {"sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},
1099 {"sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},
1100 {"sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},
1101 {"sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},
1102 {"dn_rev", XN_FLAG_DN_REV, 0},
1103 {"nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
1104 {"sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
1105 {"lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
1106 {"align", XN_FLAG_FN_ALIGN, 0},
1107 {"oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
1108 {"space_eq", XN_FLAG_SPC_EQ, 0},
1109 {"dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
1110 {"RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
1111 {"oneline", XN_FLAG_ONELINE, 0xffffffffL},
1112 {"multiline", XN_FLAG_MULTILINE, 0xffffffffL},
1113 {"ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
1114 {NULL, 0, 0}
1115 };
03706afa
DSH		 1116 if (set_multi_opts(flags, arg, ex_tbl) == 0)
1117 return 0;
1118 if ((*flags & XN_FLAG_SEP_MASK) == 0)
1119 *flags |= XN_FLAG_SEP_CPLUS_SPC;
1120 return 1;
535d79da
DSH		 1121}
1122
791bd0cd
DSH		 1123int set_ext_copy(int *copy_type, const char *arg)
1124{
86885c28 1125 if (strcasecmp(arg, "none") == 0)
0f113f3e 1126 *copy_type = EXT_COPY_NONE;
86885c28 1127 else if (strcasecmp(arg, "copy") == 0)
0f113f3e 1128 *copy_type = EXT_COPY_ADD;
86885c28 1129 else if (strcasecmp(arg, "copyall") == 0)
0f113f3e
MC		 1130 *copy_type = EXT_COPY_ALL;
1131 else
1132 return 0;
1133 return 1;
791bd0cd
DSH		 1134}
1135
1136int copy_extensions(X509 *x, X509_REQ *req, int copy_type)
1137{
0f113f3e
MC		 1138 STACK_OF(X509_EXTENSION) *exts = NULL;
1139 X509_EXTENSION *ext, *tmpext;
1140 ASN1_OBJECT *obj;
1141 int i, idx, ret = 0;
1142 if (!x || !req || (copy_type == EXT_COPY_NONE))
1143 return 1;
1144 exts = X509_REQ_get_extensions(req);
1145
1146 for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
1147 ext = sk_X509_EXTENSION_value(exts, i);
1148 obj = X509_EXTENSION_get_object(ext);
1149 idx = X509_get_ext_by_OBJ(x, obj, -1);
1150 /* Does extension exist? */
1151 if (idx != -1) {
1152 /* If normal copy don't override existing extension */
1153 if (copy_type == EXT_COPY_ADD)
1154 continue;
1155 /* Delete all extensions of same type */
1156 do {
1157 tmpext = X509_get_ext(x, idx);
1158 X509_delete_ext(x, idx);
1159 X509_EXTENSION_free(tmpext);
1160 idx = X509_get_ext_by_OBJ(x, obj, -1);
1161 } while (idx != -1);
1162 }
1163 if (!X509_add_ext(x, ext, -1))
1164 goto end;
1165 }
1166
1167 ret = 1;
1168
1169 end:
1170
1171 sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
1172
1173 return ret;
1174}
1175
1176static int set_multi_opts(unsigned long *flags, const char *arg,
1177 const NAME_EX_TBL * in_tbl)
1178{
1179 STACK_OF(CONF_VALUE) *vals;
1180 CONF_VALUE *val;
1181 int i, ret = 1;
1182 if (!arg)
1183 return 0;
1184 vals = X509V3_parse_list(arg);
1185 for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
1186 val = sk_CONF_VALUE_value(vals, i);
1187 if (!set_table_opts(flags, val->name, in_tbl))
1188 ret = 0;
1189 }
1190 sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
1191 return ret;
1192}
1193
1194static int set_table_opts(unsigned long *flags, const char *arg,
1195 const NAME_EX_TBL * in_tbl)
1196{
1197 char c;
1198 const NAME_EX_TBL *ptbl;
1199 c = arg[0];
1200
1201 if (c == '-') {
1202 c = 0;
1203 arg++;
1204 } else if (c == '+') {
1205 c = 1;
1206 arg++;
1207 } else
1208 c = 1;
1209
1210 for (ptbl = in_tbl; ptbl->name; ptbl++) {
86885c28 1211 if (strcasecmp(arg, ptbl->name) == 0) {
0f113f3e
MC		 1212 *flags &= ~ptbl->mask;
1213 if (c)
1214 *flags |= ptbl->flag;
1215 else
1216 *flags &= ~ptbl->flag;
1217 return 1;
1218 }
1219 }
1220 return 0;
1221}
1222
1223void print_name(BIO *out, const char *title, X509_NAME *nm,
1224 unsigned long lflags)
1225{
1226 char *buf;
1227 char mline = 0;
1228 int indent = 0;
1229
1230 if (title)
1231 BIO_puts(out, title);
1232 if ((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
1233 mline = 1;
1234 indent = 4;
1235 }
1236 if (lflags == XN_FLAG_COMPAT) {
1237 buf = X509_NAME_oneline(nm, 0, 0);
1238 BIO_puts(out, buf);
1239 BIO_puts(out, "\n");
1240 OPENSSL_free(buf);
1241 } else {
1242 if (mline)
1243 BIO_puts(out, "\n");
1244 X509_NAME_print_ex(out, nm, indent, lflags);
1245 BIO_puts(out, "\n");
1246 }
a657546f
DSH		 1247}
1248
7e1b7485
RS		 1249void print_bignum_var(BIO *out, BIGNUM *in, const char *var,
1250 int len, unsigned char *buffer)
81f169e9 1251{
7e1b7485
RS		 1252 BIO_printf(out, " static unsigned char %s_%d[] = {", var, len);
1253 if (BN_is_zero(in))
1254 BIO_printf(out, "\n\t0x00");
1255 else {
1256 int i, l;
1257
1258 l = BN_bn2bin(in, buffer);
1259 for (i = 0; i < l; i++) {
1260 if ((i % 10) == 0)
1261 BIO_printf(out, "\n\t");
1262 if (i < l - 1)
1263 BIO_printf(out, "0x%02X, ", buffer[i]);
1264 else
1265 BIO_printf(out, "0x%02X", buffer[i]);
1266 }
1267 }
1268 BIO_printf(out, "\n };\n");
1269}
1270void print_array(BIO *out, const char* title, int len, const unsigned char* d)
1271{
1272 int i;
1273
1274 BIO_printf(out, "unsigned char %s[%d] = {", title, len);
1275 for (i = 0; i < len; i++) {
1276 if ((i % 10) == 0)
1277 BIO_printf(out, "\n ");
1278 if (i < len - 1)
1279 BIO_printf(out, "0x%02X, ", d[i]);
1280 else
1281 BIO_printf(out, "0x%02X", d[i]);
1282 }
1283 BIO_printf(out, "\n};\n");
1284}
1285
2b6bcb70 1286X509_STORE *setup_verify(char *CAfile, char *CApath, int noCAfile, int noCApath)
7e1b7485
RS		 1287{
1288 X509_STORE *store = X509_STORE_new();
0f113f3e 1289 X509_LOOKUP *lookup;
7e1b7485 1290
96487cdd 1291 if (store == NULL)
0f113f3e 1292 goto end;
2b6bcb70
MC		 1293
1294 if(CAfile != NULL || !noCAfile) {
1295 lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
1296 if (lookup == NULL)
0f113f3e 1297 goto end;
2b6bcb70
MC		 1298 if (CAfile) {
1299 if (!X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM)) {
1300 BIO_printf(bio_err, "Error loading file %s\n", CAfile);
1301 goto end;
1302 }
1303 } else
1304 X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
1305 }
0f113f3e 1306
2b6bcb70
MC		 1307 if(CApath != NULL || !noCApath) {
1308 lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
1309 if (lookup == NULL)
0f113f3e 1310 goto end;
2b6bcb70
MC		 1311 if (CApath) {
1312 if (!X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM)) {
1313 BIO_printf(bio_err, "Error loading directory %s\n", CApath);
1314 goto end;
1315 }
1316 } else
1317 X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
1318 }
0f113f3e
MC		 1319
1320 ERR_clear_error();
1321 return store;
1322 end:
1323 X509_STORE_free(store);
1324 return NULL;
81f169e9 1325}
531d630b 1326
0b13e9f0 1327#ifndef OPENSSL_NO_ENGINE
e1a00d7d 1328/* Try to load an engine in a shareable library */
a773b52a 1329static ENGINE *try_load_engine(const char *engine)
0f113f3e
MC		 1330{
1331 ENGINE *e = ENGINE_by_id("dynamic");
1332 if (e) {
1333 if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0)
1334 || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)) {
1335 ENGINE_free(e);
1336 e = NULL;
1337 }
1338 }
1339 return e;
1340}
e1a00d7d 1341
7e1b7485 1342ENGINE *setup_engine(const char *engine, int debug)
0f113f3e
MC		 1343{
1344 ENGINE *e = NULL;
1345
1346 if (engine) {
1347 if (strcmp(engine, "auto") == 0) {
7e1b7485 1348 BIO_printf(bio_err, "enabling auto ENGINE support\n");
0f113f3e
MC		 1349 ENGINE_register_all_complete();
1350 return NULL;
1351 }
1352 if ((e = ENGINE_by_id(engine)) == NULL
a773b52a 1353 && (e = try_load_engine(engine)) == NULL) {
7e1b7485
RS		 1354 BIO_printf(bio_err, "invalid engine \"%s\"\n", engine);
1355 ERR_print_errors(bio_err);
0f113f3e
MC		 1356 return NULL;
1357 }
1358 if (debug) {
7e1b7485 1359 ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM, 0, bio_err, 0);
531d630b 1360 }
0f113f3e
MC		 1361 ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);
1362 if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
7e1b7485
RS		 1363 BIO_printf(bio_err, "can't use that engine\n");
1364 ERR_print_errors(bio_err);
0f113f3e
MC		 1365 ENGINE_free(e);
1366 return NULL;
1367 }
1368
7e1b7485 1369 BIO_printf(bio_err, "engine \"%s\" set.\n", ENGINE_get_id(e));
0f113f3e
MC		 1370
1371 /* Free our "structural" reference. */
1372 ENGINE_free(e);
1373 }
1374 return e;
1375}
0b13e9f0 1376#endif
3647bee2 1377
c869da88 1378static unsigned long index_serial_hash(const OPENSSL_CSTRING *a)
0f113f3e
MC		 1379{
1380 const char *n;
f85b68cd 1381
0f113f3e
MC		 1382 n = a[DB_serial];
1383 while (*n == '0')
1384 n++;
1385 return (lh_strhash(n));
1386}
f85b68cd 1387
0f113f3e
MC		 1388static int index_serial_cmp(const OPENSSL_CSTRING *a,
1389 const OPENSSL_CSTRING *b)
1390{
1391 const char *aa, *bb;
f85b68cd 1392
0f113f3e
MC		 1393 for (aa = a[DB_serial]; *aa == '0'; aa++) ;
1394 for (bb = b[DB_serial]; *bb == '0'; bb++) ;
1395 return (strcmp(aa, bb));
1396}
f85b68cd
RL		 1397
1398static int index_name_qual(char **a)
0f113f3e
MC		 1399{
1400 return (a[0][0] == 'V');
1401}
f85b68cd 1402
c869da88 1403static unsigned long index_name_hash(const OPENSSL_CSTRING *a)
0f113f3e
MC		 1404{
1405 return (lh_strhash(a[DB_name]));
1406}
f85b68cd 1407
c869da88 1408int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
0f113f3e
MC		 1409{
1410 return (strcmp(a[DB_name], b[DB_name]));
1411}
f85b68cd 1412
c869da88
DSH		 1413static IMPLEMENT_LHASH_HASH_FN(index_serial, OPENSSL_CSTRING)
1414static IMPLEMENT_LHASH_COMP_FN(index_serial, OPENSSL_CSTRING)
1415static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING)
1416static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING)
f85b68cd
RL		 1417#undef BSIZE
1418#define BSIZE 256
f85b68cd 1419BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai)
0f113f3e
MC		 1420{
1421 BIO *in = NULL;
1422 BIGNUM *ret = NULL;
68b00c23 1423 char buf[1024];
0f113f3e
MC		 1424 ASN1_INTEGER *ai = NULL;
1425
1426 ai = ASN1_INTEGER_new();
1427 if (ai == NULL)
1428 goto err;
1429
7e1b7485
RS		 1430 in = BIO_new_file(serialfile, "r");
1431 if (in == NULL) {
0f113f3e
MC		 1432 if (!create) {
1433 perror(serialfile);
1434 goto err;
0f113f3e 1435 }
7e1b7485
RS		 1436 ERR_clear_error();
1437 ret = BN_new();
1438 if (ret == NULL || !rand_serial(ret, ai))
1439 BIO_printf(bio_err, "Out of memory\n");
0f113f3e
MC		 1440 } else {
1441 if (!a2i_ASN1_INTEGER(in, ai, buf, 1024)) {
1442 BIO_printf(bio_err, "unable to load number from %s\n",
1443 serialfile);
1444 goto err;
1445 }
1446 ret = ASN1_INTEGER_to_BN(ai, NULL);
1447 if (ret == NULL) {
1448 BIO_printf(bio_err,
1449 "error converting number from bin to BIGNUM\n");
1450 goto err;
1451 }
1452 }
1453
1454 if (ret && retai) {
1455 *retai = ai;
1456 ai = NULL;
1457 }
f85b68cd 1458 err:
ca3a82c3 1459 BIO_free(in);
2ace7450 1460 ASN1_INTEGER_free(ai);
0f113f3e
MC		 1461 return (ret);
1462}
1463
1464int save_serial(char *serialfile, char *suffix, BIGNUM *serial,
1465 ASN1_INTEGER **retai)
1466{
1467 char buf[1][BSIZE];
1468 BIO *out = NULL;
1469 int ret = 0;
1470 ASN1_INTEGER *ai = NULL;
1471 int j;
1472
1473 if (suffix == NULL)
1474 j = strlen(serialfile);
1475 else
1476 j = strlen(serialfile) + strlen(suffix) + 1;
1477 if (j >= BSIZE) {
1478 BIO_printf(bio_err, "file name too long\n");
1479 goto err;
1480 }
1481
1482 if (suffix == NULL)
7644a9ae 1483 OPENSSL_strlcpy(buf[0], serialfile, BSIZE);
0f113f3e 1484 else {
4c771796 1485#ifndef OPENSSL_SYS_VMS
0f113f3e 1486 j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix);
4c771796 1487#else
0f113f3e 1488 j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);
4c771796 1489#endif
0f113f3e 1490 }
7e1b7485 1491 out = BIO_new_file(buf[0], "w");
0f113f3e
MC		 1492 if (out == NULL) {
1493 ERR_print_errors(bio_err);
1494 goto err;
1495 }
0f113f3e
MC		 1496
1497 if ((ai = BN_to_ASN1_INTEGER(serial, NULL)) == NULL) {
1498 BIO_printf(bio_err, "error converting serial to ASN.1 format\n");
1499 goto err;
1500 }
1501 i2a_ASN1_INTEGER(out, ai);
1502 BIO_puts(out, "\n");
1503 ret = 1;
1504 if (retai) {
1505 *retai = ai;
1506 ai = NULL;
1507 }
1508 err:
ca3a82c3 1509 BIO_free_all(out);
2ace7450 1510 ASN1_INTEGER_free(ai);
0f113f3e
MC		 1511 return (ret);
1512}
f85b68cd 1513
4c771796 1514int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
0f113f3e
MC		 1515{
1516 char buf[5][BSIZE];
1517 int i, j;
1518
1519 i = strlen(serialfile) + strlen(old_suffix);
1520 j = strlen(serialfile) + strlen(new_suffix);
1521 if (i > j)
1522 j = i;
1523 if (j + 1 >= BSIZE) {
1524 BIO_printf(bio_err, "file name too long\n");
1525 goto err;
1526 }
4c771796 1527#ifndef OPENSSL_SYS_VMS
0f113f3e 1528 j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, new_suffix);
0f113f3e 1529 j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", serialfile, old_suffix);
4c771796 1530#else
d63a5e5e 1531 j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, new_suffix);
0f113f3e 1532 j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", serialfile, old_suffix);
a1ad253f 1533#endif
0f113f3e 1534 if (rename(serialfile, buf[1]) < 0 && errno != ENOENT
4c771796 1535#ifdef ENOTDIR
0f113f3e
MC		 1536 && errno != ENOTDIR
1537#endif
1538 ) {
1539 BIO_printf(bio_err,
1540 "unable to rename %s to %s\n", serialfile, buf[1]);
1541 perror("reason");
1542 goto err;
1543 }
0f113f3e
MC		 1544 if (rename(buf[0], serialfile) < 0) {
1545 BIO_printf(bio_err,
1546 "unable to rename %s to %s\n", buf[0], serialfile);
1547 perror("reason");
1548 rename(buf[1], serialfile);
1549 goto err;
1550 }
1551 return 1;
4c771796 1552 err:
0f113f3e
MC		 1553 return 0;
1554}
4c771796 1555
64674bcc 1556int rand_serial(BIGNUM *b, ASN1_INTEGER *ai)
0f113f3e
MC		 1557{
1558 BIGNUM *btmp;
1559 int ret = 0;
23a1d5e9 1560
0f113f3e
MC		 1561 if (b)
1562 btmp = b;
1563 else
1564 btmp = BN_new();
1565
96487cdd 1566 if (btmp == NULL)
0f113f3e
MC		 1567 return 0;
1568
1569 if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0))
1570 goto error;
1571 if (ai && !BN_to_ASN1_INTEGER(btmp, ai))
1572 goto error;
1573
1574 ret = 1;
1575
1576 error:
1577
23a1d5e9 1578 if (btmp != b)
0f113f3e
MC		 1579 BN_free(btmp);
1580
1581 return ret;
1582}
64674bcc 1583
f85b68cd 1584CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
0f113f3e
MC		 1585{
1586 CA_DB *retdb = NULL;
1587 TXT_DB *tmpdb = NULL;
7e1b7485 1588 BIO *in;
0f113f3e 1589 CONF *dbattr_conf = NULL;
cc01d217 1590 char buf[BSIZE];
0f113f3e 1591
7e1b7485 1592 in = BIO_new_file(dbfile, "r");
0f113f3e
MC		 1593 if (in == NULL) {
1594 ERR_print_errors(bio_err);
1595 goto err;
1596 }
0f113f3e
MC		 1597 if ((tmpdb = TXT_DB_read(in, DB_NUMBER)) == NULL)
1598 goto err;
f85b68cd
RL		 1599
1600#ifndef OPENSSL_SYS_VMS
cc01d217 1601 BIO_snprintf(buf, sizeof buf, "%s.attr", dbfile);
f85b68cd 1602#else
cc01d217 1603 BIO_snprintf(buf, sizeof buf, "%s-attr", dbfile);
0f113f3e 1604#endif
cc01d217 1605 dbattr_conf = app_load_config(buf);
0f113f3e 1606
b4faea50 1607 retdb = app_malloc(sizeof(*retdb), "new DB");
0f113f3e
MC		 1608 retdb->db = tmpdb;
1609 tmpdb = NULL;
1610 if (db_attr)
1611 retdb->attributes = *db_attr;
1612 else {
1613 retdb->attributes.unique_subject = 1;
1614 }
1615
1616 if (dbattr_conf) {
1617 char *p = NCONF_get_string(dbattr_conf, NULL, "unique_subject");
1618 if (p) {
0f113f3e
MC		 1619 retdb->attributes.unique_subject = parse_yesno(p, 1);
1620 }
1621 }
f85b68cd
RL		 1622
1623 err:
efa7dd64 1624 NCONF_free(dbattr_conf);
895cba19 1625 TXT_DB_free(tmpdb);
ca3a82c3 1626 BIO_free_all(in);
0f113f3e
MC		 1627 return retdb;
1628}
f85b68cd
RL		 1629
1630int index_index(CA_DB *db)
0f113f3e
MC		 1631{
1632 if (!TXT_DB_create_index(db->db, DB_serial, NULL,
1633 LHASH_HASH_FN(index_serial),
1634 LHASH_COMP_FN(index_serial))) {
1635 BIO_printf(bio_err,
1636 "error creating serial number index:(%ld,%ld,%ld)\n",
1637 db->db->error, db->db->arg1, db->db->arg2);
1638 return 0;
1639 }
1640
1641 if (db->attributes.unique_subject
1642 && !TXT_DB_create_index(db->db, DB_name, index_name_qual,
1643 LHASH_HASH_FN(index_name),
1644 LHASH_COMP_FN(index_name))) {
1645 BIO_printf(bio_err, "error creating name index:(%ld,%ld,%ld)\n",
1646 db->db->error, db->db->arg1, db->db->arg2);
1647 return 0;
1648 }
1649 return 1;
1650}
f85b68cd 1651
7d727231 1652int save_index(const char *dbfile, const char *suffix, CA_DB *db)
0f113f3e
MC		 1653{
1654 char buf[3][BSIZE];
7e1b7485 1655 BIO *out;
0f113f3e
MC		 1656 int j;
1657
0f113f3e
MC		 1658 j = strlen(dbfile) + strlen(suffix);
1659 if (j + 6 >= BSIZE) {
1660 BIO_printf(bio_err, "file name too long\n");
1661 goto err;
1662 }
f85b68cd 1663#ifndef OPENSSL_SYS_VMS
0f113f3e 1664 j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
0f113f3e 1665 j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
0f113f3e 1666 j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
f85b68cd 1667#else
d63a5e5e
RS		 1668 j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
1669 j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
0f113f3e 1670 j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);
63b6fe2b 1671#endif
7e1b7485
RS		 1672 out = BIO_new_file(buf[0], "w");
1673 if (out == NULL) {
0f113f3e
MC		 1674 perror(dbfile);
1675 BIO_printf(bio_err, "unable to open '%s'\n", dbfile);
1676 goto err;
1677 }
1678 j = TXT_DB_write(out, db->db);
7e1b7485 1679 BIO_free(out);
0f113f3e
MC		 1680 if (j <= 0)
1681 goto err;
1682
7e1b7485 1683 out = BIO_new_file(buf[1], "w");
7e1b7485 1684 if (out == NULL) {
0f113f3e
MC		 1685 perror(buf[2]);
1686 BIO_printf(bio_err, "unable to open '%s'\n", buf[2]);
1687 goto err;
1688 }
1689 BIO_printf(out, "unique_subject = %s\n",
1690 db->attributes.unique_subject ? "yes" : "no");
1691 BIO_free(out);
1692
1693 return 1;
f85b68cd 1694 err:
0f113f3e
MC		 1695 return 0;
1696}
f85b68cd 1697
0f113f3e
MC		 1698int rotate_index(const char *dbfile, const char *new_suffix,
1699 const char *old_suffix)
1700{
1701 char buf[5][BSIZE];
1702 int i, j;
1703
1704 i = strlen(dbfile) + strlen(old_suffix);
1705 j = strlen(dbfile) + strlen(new_suffix);
1706 if (i > j)
1707 j = i;
1708 if (j + 6 >= BSIZE) {
1709 BIO_printf(bio_err, "file name too long\n");
1710 goto err;
1711 }
f85b68cd 1712#ifndef OPENSSL_SYS_VMS
0f113f3e 1713 j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
d63a5e5e 1714 j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s", dbfile, old_suffix);
0f113f3e 1715 j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s", dbfile, new_suffix);
0f113f3e 1716 j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", dbfile, old_suffix);
d63a5e5e 1717 j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, new_suffix);
f85b68cd 1718#else
d63a5e5e 1719 j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
0f113f3e 1720 j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s", dbfile, old_suffix);
d63a5e5e
RS		 1721 j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s", dbfile, new_suffix);
1722 j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", dbfile, old_suffix);
1723 j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, new_suffix);
63b6fe2b 1724#endif
0f113f3e 1725 if (rename(dbfile, buf[1]) < 0 && errno != ENOENT
a1ad253f 1726#ifdef ENOTDIR
0f113f3e 1727 && errno != ENOTDIR
a1ad253f 1728#endif
0f113f3e
MC		 1729 ) {
1730 BIO_printf(bio_err, "unable to rename %s to %s\n", dbfile, buf[1]);
1731 perror("reason");
1732 goto err;
1733 }
0f113f3e
MC		 1734 if (rename(buf[0], dbfile) < 0) {
1735 BIO_printf(bio_err, "unable to rename %s to %s\n", buf[0], dbfile);
1736 perror("reason");
1737 rename(buf[1], dbfile);
1738 goto err;
1739 }
0f113f3e 1740 if (rename(buf[4], buf[3]) < 0 && errno != ENOENT
a1ad253f 1741#ifdef ENOTDIR
0f113f3e
MC		 1742 && errno != ENOTDIR
1743#endif
1744 ) {
1745 BIO_printf(bio_err, "unable to rename %s to %s\n", buf[4], buf[3]);
1746 perror("reason");
1747 rename(dbfile, buf[0]);
1748 rename(buf[1], dbfile);
1749 goto err;
1750 }
0f113f3e
MC		 1751 if (rename(buf[2], buf[4]) < 0) {
1752 BIO_printf(bio_err, "unable to rename %s to %s\n", buf[2], buf[4]);
1753 perror("reason");
1754 rename(buf[3], buf[4]);
1755 rename(dbfile, buf[0]);
1756 rename(buf[1], dbfile);
1757 goto err;
1758 }
1759 return 1;
f85b68cd 1760 err:
0f113f3e
MC		 1761 return 0;
1762}
f85b68cd
RL		 1763
1764void free_index(CA_DB *db)
0f113f3e
MC		 1765{
1766 if (db) {
895cba19 1767 TXT_DB_free(db->db);
0f113f3e
MC		 1768 OPENSSL_free(db);
1769 }
1770}
6d5ffb59 1771
ff990440 1772int parse_yesno(const char *str, int def)
0f113f3e 1773{
0f113f3e
MC		 1774 if (str) {
1775 switch (*str) {
1776 case 'f': /* false */
1777 case 'F': /* FALSE */
1778 case 'n': /* no */
1779 case 'N': /* NO */
1780 case '0': /* 0 */
1bb2daea 1781 return 0;
0f113f3e
MC		 1782 case 't': /* true */
1783 case 'T': /* TRUE */
1784 case 'y': /* yes */
1785 case 'Y': /* YES */
1786 case '1': /* 1 */
1bb2daea 1787 return 1;
0f113f3e
MC		 1788 }
1789 }
1bb2daea 1790 return def;
0f113f3e 1791}
03ddbdd9 1792
6d5ffb59 1793/*
db4c08f0 1794 * name is expected to be in the format /type0=value0/type1=value1/type2=...
6d5ffb59
RL		 1795 * where characters may be escaped by \
1796 */
db4c08f0 1797X509_NAME *parse_name(const char *cp, long chtype, int canmulti)
0f113f3e 1798{
db4c08f0
RS		 1799 int nextismulti = 0;
1800 char *work;
1801 X509_NAME *n;
0f113f3e 1802
db4c08f0
RS		 1803 if (*cp++ != '/')
1804 return NULL;
1805
1806 n = X509_NAME_new();
1807 if (n == NULL)
1808 return NULL;
a3ed492f 1809 work = OPENSSL_strdup(cp);
db4c08f0
RS		 1810 if (work == NULL)
1811 goto err;
1812
1813 while (*cp) {
1814 char *bp = work;
1815 char *typestr = bp;
1816 unsigned char *valstr;
1817 int nid;
1818 int ismulti = nextismulti;
1819 nextismulti = 0;
1820
1821 /* Collect the type */
1822 while (*cp && *cp != '=')
1823 *bp++ = *cp++;
1824 if (*cp == '\0') {
0f113f3e 1825 BIO_printf(bio_err,
db4c08f0
RS		 1826 "%s: Hit end of string before finding the equals.\n",
1827 opt_getprog());
1828 goto err;
0f113f3e 1829 }
db4c08f0
RS		 1830 *bp++ = '\0';
1831 ++cp;
1832
1833 /* Collect the value. */
1834 valstr = (unsigned char *)bp;
1835 for (; *cp && *cp != '/'; *bp++ = *cp++) {
1836 if (canmulti && *cp == '+') {
1837 nextismulti = 1;
0f113f3e 1838 break;
db4c08f0
RS		 1839 }
1840 if (*cp == '\\' && *++cp == '\0') {
1841 BIO_printf(bio_err,
1842 "%s: escape character at end of string\n",
1843 opt_getprog());
1844 goto err;
1845 }
0f113f3e
MC		 1846 }
1847 *bp++ = '\0';
0f113f3e 1848
db4c08f0
RS		 1849 /* If not at EOS (must be + or /), move forward. */
1850 if (*cp)
1851 ++cp;
0f113f3e 1852
db4c08f0
RS		 1853 /* Parse */
1854 nid = OBJ_txt2nid(typestr);
1855 if (nid == NID_undef) {
1856 BIO_printf(bio_err, "%s: Skipping unknown attribute \"%s\"\n",
1857 opt_getprog(), typestr);
0f113f3e
MC		 1858 continue;
1859 }
db4c08f0
RS		 1860 if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
1861 valstr, strlen((char *)valstr),
1862 -1, ismulti ? -1 : 0))
1863 goto err;
0f113f3e
MC		 1864 }
1865
a3ed492f 1866 OPENSSL_free(work);
0f113f3e
MC		 1867 return n;
1868
db4c08f0 1869 err:
0f113f3e 1870 X509_NAME_free(n);
a3ed492f 1871 OPENSSL_free(work);
0f113f3e 1872 return NULL;
6d5ffb59
RL		 1873}
1874
0f113f3e
MC		 1875/*
1876 * Read whole contents of a BIO into an allocated memory buffer and return
1877 * it.
a9164153
DSH		 1878 */
1879
1880int bio_to_mem(unsigned char **out, int maxlen, BIO *in)
0f113f3e
MC		 1881{
1882 BIO *mem;
1883 int len, ret;
1884 unsigned char tbuf[1024];
1885 mem = BIO_new(BIO_s_mem());
96487cdd 1886 if (mem == NULL)
0f113f3e
MC		 1887 return -1;
1888 for (;;) {
1889 if ((maxlen != -1) && maxlen < 1024)
1890 len = maxlen;
1891 else
1892 len = 1024;
1893 len = BIO_read(in, tbuf, len);
0c20802c
VD		 1894 if (len < 0) {
1895 BIO_free(mem);
1896 return -1;
1897 }
1898 if (len == 0)
0f113f3e
MC		 1899 break;
1900 if (BIO_write(mem, tbuf, len) != len) {
1901 BIO_free(mem);
1902 return -1;
1903 }
1904 maxlen -= len;
1905
1906 if (maxlen == 0)
1907 break;
1908 }
1909 ret = BIO_get_mem_data(mem, (char **)out);
1910 BIO_set_flags(mem, BIO_FLAGS_MEM_RDONLY);
1911 BIO_free(mem);
1912 return ret;
1913}
a9164153 1914
0c20802c 1915int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value)
0f113f3e
MC		 1916{
1917 int rv;
1918 char *stmp, *vtmp = NULL;
7644a9ae 1919 stmp = OPENSSL_strdup(value);
0f113f3e
MC		 1920 if (!stmp)
1921 return -1;
1922 vtmp = strchr(stmp, ':');
1923 if (vtmp) {
1924 *vtmp = 0;
1925 vtmp++;
1926 }
1927 rv = EVP_PKEY_CTX_ctrl_str(ctx, stmp, vtmp);
1928 OPENSSL_free(stmp);
1929 return rv;
1930}
a2318e86 1931
ecf3a1fb 1932static void nodes_print(const char *name, STACK_OF(X509_POLICY_NODE) *nodes)
0f113f3e
MC		 1933{
1934 X509_POLICY_NODE *node;
1935 int i;
ecf3a1fb
RS		 1936
1937 BIO_printf(bio_err, "%s Policies:", name);
0f113f3e 1938 if (nodes) {
ecf3a1fb 1939 BIO_puts(bio_err, "\n");
0f113f3e
MC		 1940 for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++) {
1941 node = sk_X509_POLICY_NODE_value(nodes, i);
ecf3a1fb 1942 X509_POLICY_NODE_print(bio_err, node, 2);
0f113f3e
MC		 1943 }
1944 } else
ecf3a1fb 1945 BIO_puts(bio_err, " <empty>\n");
0f113f3e 1946}
c431798e 1947
ecf3a1fb 1948void policies_print(X509_STORE_CTX *ctx)
0f113f3e
MC		 1949{
1950 X509_POLICY_TREE *tree;
1951 int explicit_policy;
0f113f3e
MC		 1952 tree = X509_STORE_CTX_get0_policy_tree(ctx);
1953 explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx);
1954
ecf3a1fb 1955 BIO_printf(bio_err, "Require explicit Policy: %s\n",
0f113f3e
MC		 1956 explicit_policy ? "True" : "False");
1957
ecf3a1fb
RS		 1958 nodes_print("Authority", X509_policy_tree_get0_policies(tree));
1959 nodes_print("User", X509_policy_tree_get0_user_policies(tree));
0f113f3e 1960}
ffa10187 1961
3a83462d
MC		 1962/*-
1963 * next_protos_parse parses a comma separated list of strings into a string
71fa4513
BL		 1964 * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
1965 * outlen: (output) set to the length of the resulting buffer on success.
1966 * err: (maybe NULL) on failure, an error message line is written to this BIO.
e771eea6 1967 * in: a NUL termianted string like "abc,def,ghi"
71fa4513 1968 *
e771eea6 1969 * returns: a malloced buffer or NULL on failure.
71fa4513 1970 */
817cd0d5 1971unsigned char *next_protos_parse(size_t *outlen, const char *in)
0f113f3e
MC		 1972{
1973 size_t len;
1974 unsigned char *out;
1975 size_t i, start = 0;
1976
1977 len = strlen(in);
1978 if (len >= 65535)
1979 return NULL;
1980
68dc6824 1981 out = app_malloc(strlen(in) + 1, "NPN buffer");
0f113f3e
MC		 1982 for (i = 0; i <= len; ++i) {
1983 if (i == len || in[i] == ',') {
1984 if (i - start > 255) {
1985 OPENSSL_free(out);
1986 return NULL;
1987 }
1988 out[start] = i - start;
1989 start = i + 1;
1990 } else
1991 out[i + 1] = in[i];
1992 }
1993
1994 *outlen = len + 1;
1995 return out;
1996}
71fa4513 1997
a70da5b3 1998void print_cert_checks(BIO *bio, X509 *x,
0f113f3e
MC		 1999 const char *checkhost,
2000 const char *checkemail, const char *checkip)
2001{
2002 if (x == NULL)
2003 return;
2004 if (checkhost) {
2005 BIO_printf(bio, "Hostname %s does%s match certificate\n",
7e1b7485
RS		 2006 checkhost,
2007 X509_check_host(x, checkhost, 0, 0, NULL) == 1
2008 ? "" : " NOT");
0f113f3e
MC		 2009 }
2010
2011 if (checkemail) {
2012 BIO_printf(bio, "Email %s does%s match certificate\n",
7e1b7485
RS		 2013 checkemail, X509_check_email(x, checkemail, 0, 0)
2014 ? "" : " NOT");
0f113f3e
MC		 2015 }
2016
2017 if (checkip) {
2018 BIO_printf(bio, "IP %s does%s match certificate\n",
2019 checkip, X509_check_ip_asc(x, checkip, 0) ? "" : " NOT");
2020 }
2021}
a70da5b3 2022
0090a686
DSH		 2023/* Get first http URL from a DIST_POINT structure */
2024
2025static const char *get_dp_url(DIST_POINT *dp)
0f113f3e
MC		 2026{
2027 GENERAL_NAMES *gens;
2028 GENERAL_NAME *gen;
2029 int i, gtype;
2030 ASN1_STRING *uri;
2031 if (!dp->distpoint || dp->distpoint->type != 0)
2032 return NULL;
2033 gens = dp->distpoint->name.fullname;
2034 for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
2035 gen = sk_GENERAL_NAME_value(gens, i);
2036 uri = GENERAL_NAME_get0_value(gen, &gtype);
2037 if (gtype == GEN_URI && ASN1_STRING_length(uri) > 6) {
2038 char *uptr = (char *)ASN1_STRING_data(uri);
86885c28 2039 if (strncmp(uptr, "http://", 7) == 0)
0f113f3e
MC		 2040 return uptr;
2041 }
2042 }
2043 return NULL;
2044}
2045
2046/*
2047 * Look through a CRLDP structure and attempt to find an http URL to
2048 * downloads a CRL from.
0090a686
DSH		 2049 */
2050
2051static X509_CRL *load_crl_crldp(STACK_OF(DIST_POINT) *crldp)
0f113f3e
MC		 2052{
2053 int i;
2054 const char *urlptr = NULL;
2055 for (i = 0; i < sk_DIST_POINT_num(crldp); i++) {
2056 DIST_POINT *dp = sk_DIST_POINT_value(crldp, i);
2057 urlptr = get_dp_url(dp);
2058 if (urlptr)
2059 return load_crl(urlptr, FORMAT_HTTP);
2060 }
2061 return NULL;
2062}
2063
2064/*
2065 * Example of downloading CRLs from CRLDP: not usable for real world as it
2066 * always downloads, doesn't support non-blocking I/O and doesn't cache
2067 * anything.
0090a686
DSH		 2068 */
2069
2070static STACK_OF(X509_CRL) *crls_http_cb(X509_STORE_CTX *ctx, X509_NAME *nm)
0f113f3e
MC		 2071{
2072 X509 *x;
2073 STACK_OF(X509_CRL) *crls = NULL;
2074 X509_CRL *crl;
2075 STACK_OF(DIST_POINT) *crldp;
7e1b7485
RS		 2076
2077 crls = sk_X509_CRL_new_null();
2078 if (!crls)
2079 return NULL;
0f113f3e
MC		 2080 x = X509_STORE_CTX_get_current_cert(ctx);
2081 crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL);
2082 crl = load_crl_crldp(crldp);
2083 sk_DIST_POINT_pop_free(crldp, DIST_POINT_free);
2084 if (!crl)
2085 return NULL;
0f113f3e
MC		 2086 sk_X509_CRL_push(crls, crl);
2087 /* Try to download delta CRL */
2088 crldp = X509_get_ext_d2i(x, NID_freshest_crl, NULL, NULL);
2089 crl = load_crl_crldp(crldp);
2090 sk_DIST_POINT_pop_free(crldp, DIST_POINT_free);
2091 if (crl)
2092 sk_X509_CRL_push(crls, crl);
2093 return crls;
2094}
0090a686
DSH		 2095
2096void store_setup_crl_download(X509_STORE *st)
0f113f3e
MC		 2097{
2098 X509_STORE_set_lookup_crls_cb(st, crls_http_cb);
2099}
0090a686 2100
0a39d8f2
AP		 2101/*
2102 * Platform-specific sections
2103 */
ffa10187 2104#if defined(_WIN32)
a1ad253f
AP		 2105# ifdef fileno
2106# undef fileno
2107# define fileno(a) (int)_fileno(a)
2108# endif
2109
2110# include <windows.h>
2111# include <tchar.h>
2112
2113static int WIN32_rename(const char *from, const char *to)
0f113f3e
MC		 2114{
2115 TCHAR *tfrom = NULL, *tto;
2116 DWORD err;
2117 int ret = 0;
2118
2119 if (sizeof(TCHAR) == 1) {
2120 tfrom = (TCHAR *)from;
2121 tto = (TCHAR *)to;
2122 } else { /* UNICODE path */
2123
2124 size_t i, flen = strlen(from) + 1, tlen = strlen(to) + 1;
b1ad95e3 2125 tfrom = malloc(sizeof(*tfrom) * (flen + tlen));
0f113f3e
MC		 2126 if (tfrom == NULL)
2127 goto err;
2128 tto = tfrom + flen;
2129# if !defined(_WIN32_WCE) || _WIN32_WCE>=101
2130 if (!MultiByteToWideChar(CP_ACP, 0, from, flen, (WCHAR *)tfrom, flen))
2131# endif
2132 for (i = 0; i < flen; i++)
2133 tfrom[i] = (TCHAR)from[i];
2134# if !defined(_WIN32_WCE) || _WIN32_WCE>=101
2135 if (!MultiByteToWideChar(CP_ACP, 0, to, tlen, (WCHAR *)tto, tlen))
2136# endif
2137 for (i = 0; i < tlen; i++)
2138 tto[i] = (TCHAR)to[i];
2139 }
2140
2141 if (MoveFile(tfrom, tto))
2142 goto ok;
2143 err = GetLastError();
2144 if (err == ERROR_ALREADY_EXISTS || err == ERROR_FILE_EXISTS) {
2145 if (DeleteFile(tto) && MoveFile(tfrom, tto))
2146 goto ok;
2147 err = GetLastError();
2148 }
2149 if (err == ERROR_FILE_NOT_FOUND || err == ERROR_PATH_NOT_FOUND)
2150 errno = ENOENT;
2151 else if (err == ERROR_ACCESS_DENIED)
2152 errno = EACCES;
2153 else
2154 errno = EINVAL; /* we could map more codes... */
2155 err:
2156 ret = -1;
2157 ok:
2158 if (tfrom != NULL && tfrom != (TCHAR *)from)
2159 free(tfrom);
2160 return ret;
2161}
0a39d8f2
AP		 2162#endif
2163
2164/* app_tminterval section */
2165#if defined(_WIN32)
0f113f3e
MC		 2166double app_tminterval(int stop, int usertime)
2167{
2168 FILETIME now;
2169 double ret = 0;
2170 static ULARGE_INTEGER tmstart;
2171 static int warning = 1;
2172# ifdef _WIN32_WINNT
2173 static HANDLE proc = NULL;
2174
2175 if (proc == NULL) {
2176 if (check_winnt())
2177 proc = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE,
2178 GetCurrentProcessId());
2179 if (proc == NULL)
2180 proc = (HANDLE) - 1;
2181 }
2182
2183 if (usertime && proc != (HANDLE) - 1) {
2184 FILETIME junk;
2185 GetProcessTimes(proc, &junk, &junk, &junk, &now);
2186 } else
2187# endif
2188 {
2189 SYSTEMTIME systime;
9135fddb 2190
0f113f3e
MC		 2191 if (usertime && warning) {
2192 BIO_printf(bio_err, "To get meaningful results, run "
2193 "this program on idle system.\n");
2194 warning = 0;
2195 }
2196 GetSystemTime(&systime);
2197 SystemTimeToFileTime(&systime, &now);
2198 }
9135fddb 2199
0f113f3e
MC		 2200 if (stop == TM_START) {
2201 tmstart.u.LowPart = now.dwLowDateTime;
2202 tmstart.u.HighPart = now.dwHighDateTime;
2203 } else {
2204 ULARGE_INTEGER tmstop;
9135fddb 2205
0f113f3e
MC		 2206 tmstop.u.LowPart = now.dwLowDateTime;
2207 tmstop.u.HighPart = now.dwHighDateTime;
9135fddb 2208
0f113f3e
MC		 2209 ret = (__int64)(tmstop.QuadPart - tmstart.QuadPart) * 1e-7;
2210 }
9135fddb 2211
0f113f3e
MC		 2212 return (ret);
2213}
0f113f3e
MC		 2214#elif defined(OPENSSL_SYSTEM_VXWORKS)
2215# include <time.h>
0a39d8f2 2216
0f113f3e
MC		 2217double app_tminterval(int stop, int usertime)
2218{
2219 double ret = 0;
2220# ifdef CLOCK_REALTIME
2221 static struct timespec tmstart;
2222 struct timespec now;
2223# else
2224 static unsigned long tmstart;
2225 unsigned long now;
2226# endif
2227 static int warning = 1;
2228
2229 if (usertime && warning) {
2230 BIO_printf(bio_err, "To get meaningful results, run "
2231 "this program on idle system.\n");
2232 warning = 0;
2233 }
2234# ifdef CLOCK_REALTIME
2235 clock_gettime(CLOCK_REALTIME, &now);
2236 if (stop == TM_START)
2237 tmstart = now;
2238 else
2239 ret = ((now.tv_sec + now.tv_nsec * 1e-9)
2240 - (tmstart.tv_sec + tmstart.tv_nsec * 1e-9));
2241# else
2242 now = tickGet();
2243 if (stop == TM_START)
2244 tmstart = now;
2245 else
2246 ret = (now - tmstart) / (double)sysClkRateGet();
2247# endif
2248 return (ret);
2249}
0a39d8f2 2250
0f113f3e
MC		 2251#elif defined(OPENSSL_SYSTEM_VMS)
2252# include <time.h>
2253# include <times.h>
0a39d8f2 2254
0f113f3e
MC		 2255double app_tminterval(int stop, int usertime)
2256{
2257 static clock_t tmstart;
2258 double ret = 0;
2259 clock_t now;
2260# ifdef __TMS
2261 struct tms rus;
2262
2263 now = times(&rus);
2264 if (usertime)
2265 now = rus.tms_utime;
2266# else
2267 if (usertime)
2268 now = clock(); /* sum of user and kernel times */
2269 else {
2270 struct timeval tv;
2271 gettimeofday(&tv, NULL);
2272 now = (clock_t)((unsigned long long)tv.tv_sec * CLK_TCK +
2273 (unsigned long long)tv.tv_usec * (1000000 / CLK_TCK)
2274 );
2275 }
2276# endif
2277 if (stop == TM_START)
2278 tmstart = now;
2279 else
2280 ret = (now - tmstart) / (double)(CLK_TCK);
0a39d8f2 2281
0f113f3e
MC		 2282 return (ret);
2283}
0a39d8f2 2284
0f113f3e
MC		 2285#elif defined(_SC_CLK_TCK) /* by means of unistd.h */
2286# include <sys/times.h>
0a39d8f2 2287
0f113f3e
MC		 2288double app_tminterval(int stop, int usertime)
2289{
2290 double ret = 0;
2291 struct tms rus;
2292 clock_t now = times(&rus);
2293 static clock_t tmstart;
2294
2295 if (usertime)
2296 now = rus.tms_utime;
2297
2298 if (stop == TM_START)
2299 tmstart = now;
2300 else {
2301 long int tck = sysconf(_SC_CLK_TCK);
2302 ret = (now - tmstart) / (double)tck;
2303 }
2304
2305 return (ret);
2306}
0a39d8f2 2307
0f113f3e
MC		 2308#else
2309# include <sys/time.h>
2310# include <sys/resource.h>
0a39d8f2 2311
0f113f3e
MC		 2312double app_tminterval(int stop, int usertime)
2313{
2314 double ret = 0;
2315 struct rusage rus;
2316 struct timeval now;
2317 static struct timeval tmstart;
2318
2319 if (usertime)
2320 getrusage(RUSAGE_SELF, &rus), now = rus.ru_utime;
2321 else
2322 gettimeofday(&now, NULL);
2323
2324 if (stop == TM_START)
2325 tmstart = now;
2326 else
2327 ret = ((now.tv_sec + now.tv_usec * 1e-6)
2328 - (tmstart.tv_sec + tmstart.tv_usec * 1e-6));
2329
2330 return ret;
2331}
0a39d8f2 2332#endif
a1ad253f 2333
7e1b7485
RS		 2334int app_access(const char* name, int flag)
2335{
2336#ifdef _WIN32
2337 return _access(name, flag);
2338#else
2339 return access(name, flag);
2340#endif
2341}
2342
0a39d8f2
AP		 2343/* app_isdir section */
2344#ifdef _WIN32
ffa10187 2345int app_isdir(const char *name)
0f113f3e
MC		 2346{
2347 HANDLE hList;
2348 WIN32_FIND_DATA FileData;
2349# if defined(UNICODE) || defined(_UNICODE)
2350 size_t i, len_0 = strlen(name) + 1;
2351
bdcb1a2c 2352 if (len_0 > OSSL_NELEM(FileData.cFileName))
0f113f3e
MC		 2353 return -1;
2354
2355# if !defined(_WIN32_WCE) || _WIN32_WCE>=101
2356 if (!MultiByteToWideChar
2357 (CP_ACP, 0, name, len_0, FileData.cFileName, len_0))
2358# endif
2359 for (i = 0; i < len_0; i++)
2360 FileData.cFileName[i] = (WCHAR)name[i];
2361
2362 hList = FindFirstFile(FileData.cFileName, &FileData);
2363# else
2364 hList = FindFirstFile(name, &FileData);
2365# endif
2366 if (hList == INVALID_HANDLE_VALUE)
2367 return -1;
2368 FindClose(hList);
2369 return ((FileData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) != 0);
2370}
ffa10187 2371#else
0f113f3e
MC		 2372# include <sys/stat.h>
2373# ifndef S_ISDIR
2374# if defined(_S_IFMT) && defined(_S_IFDIR)
2375# define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR)
2376# else
2377# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
2378# endif
2379# endif
ffa10187
AP		 2380
2381int app_isdir(const char *name)
0f113f3e
MC		 2382{
2383# if defined(S_ISDIR)
2384 struct stat st;
2385
2386 if (stat(name, &st) == 0)
2387 return S_ISDIR(st.st_mode);
2388 else
2389 return -1;
2390# else
2391 return -1;
2392# endif
2393}
ffa10187
AP		 2394#endif
2395
0a39d8f2 2396/* raw_read|write section */
ffa10187 2397#if defined(_WIN32) && defined(STD_INPUT_HANDLE)
0f113f3e
MC		 2398int raw_read_stdin(void *buf, int siz)
2399{
2400 DWORD n;
2401 if (ReadFile(GetStdHandle(STD_INPUT_HANDLE), buf, siz, &n, NULL))
2402 return (n);
2403 else
2404 return (-1);
2405}
ffa10187 2406#else
0f113f3e
MC		 2407int raw_read_stdin(void *buf, int siz)
2408{
2409 return read(fileno(stdin), buf, siz);
2410}
ffa10187
AP		 2411#endif
2412
2413#if defined(_WIN32) && defined(STD_OUTPUT_HANDLE)
0f113f3e
MC		 2414int raw_write_stdout(const void *buf, int siz)
2415{
2416 DWORD n;
2417 if (WriteFile(GetStdHandle(STD_OUTPUT_HANDLE), buf, siz, &n, NULL))
2418 return (n);
2419 else
2420 return (-1);
2421}
ffa10187 2422#else
0f113f3e
MC		 2423int raw_write_stdout(const void *buf, int siz)
2424{
2425 return write(fileno(stdout), buf, siz);
2426}
ffa10187 2427#endif
a412b891
RL		 2428
2429/*
2430 * Centralized handling if input and output files with format specification
2431 * The format is meant to show what the input and output is supposed to be,
2432 * and is therefore a show of intent more than anything else. However, it
2433 * does impact behavior on some platform, such as differentiating between
2434 * text and binary input/output on non-Unix platforms
2435 */
496f4f9d 2436static int istext(int format)
a412b891 2437{
a60994df 2438 return (format & B_FORMAT_TEXT) == B_FORMAT_TEXT;
a412b891
RL		 2439}
2440
a60994df 2441BIO *dup_bio_in(int format)
a412b891 2442{
a60994df
RL		 2443 return BIO_new_fp(stdin,
2444 BIO_NOCLOSE | (istext(format) ? BIO_FP_TEXT : 0));
2445}
2446
2447BIO *dup_bio_out(int format)
2448{
2449 BIO *b = BIO_new_fp(stdout,
2450 BIO_NOCLOSE | (istext(format) ? BIO_FP_TEXT : 0));
a412b891 2451#ifdef OPENSSL_SYS_VMS
a60994df
RL		 2452 if (istext(format))
2453 b = BIO_push(BIO_new(BIO_f_linebuffer()), b);
149bd5d6
RL		 2454#endif
2455 return b;
2456}
2457
2458BIO *dup_bio_err(int format)
2459{
2460 BIO *b = BIO_new_fp(stderr,
2461 BIO_NOCLOSE | (istext(format) ? BIO_FP_TEXT : 0));
2462#ifdef OPENSSL_SYS_VMS
2463 if (istext(format))
2464 b = BIO_push(BIO_new(BIO_f_linebuffer()), b);
a412b891
RL		 2465#endif
2466 return b;
2467}
2468
2469void unbuffer(FILE *fp)
2470{
90dbd250
RL		 2471/*
2472 * On VMS, setbuf() will only take 32-bit pointers, and a compilation
2473 * with /POINTER_SIZE=64 will give off a MAYLOSEDATA2 warning here.
2474 * However, we trust that the C RTL will never give us a FILE pointer
2475 * above the first 4 GB of memory, so we simply turn off the warning
2476 * temporarily.
2477 */
2478#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
2479# pragma environment save
2480# pragma message disable maylosedata2
2481#endif
a412b891 2482 setbuf(fp, NULL);
90dbd250
RL		 2483#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
2484# pragma environment restore
2485#endif
a412b891
RL		 2486}
2487
2488static const char *modestr(char mode, int format)
2489{
2490 OPENSSL_assert(mode == 'a' || mode == 'r' || mode == 'w');
2491
2492 switch (mode) {
2493 case 'a':
a60994df 2494 return istext(format) ? "a" : "ab";
a412b891 2495 case 'r':
a60994df 2496 return istext(format) ? "r" : "rb";
a412b891 2497 case 'w':
a60994df 2498 return istext(format) ? "w" : "wb";
a412b891
RL		 2499 }
2500 /* The assert above should make sure we never reach this point */
2501 return NULL;
2502}
2503
2504static const char *modeverb(char mode)
2505{
2506 switch (mode) {
2507 case 'a':
2508 return "appending";
2509 case 'r':
2510 return "reading";
2511 case 'w':
2512 return "writing";
2513 }
2514 return "(doing something)";
2515}
2516
2517/*
2518 * Open a file for writing, owner-read-only.
2519 */
2520BIO *bio_open_owner(const char *filename, int format, int private)
2521{
2522 FILE *fp = NULL;
2523 BIO *b = NULL;
1cd5cc36 2524 int fd = -1, bflags, mode, textmode;
a412b891
RL		 2525
2526 if (!private || filename == NULL || strcmp(filename, "-") == 0)
2527 return bio_open_default(filename, 'w', format);
2528
2529 mode = O_WRONLY;
2530#ifdef O_CREAT
2531 mode |= O_CREAT;
2532#endif
2533#ifdef O_TRUNC
2534 mode |= O_TRUNC;
2535#endif
1cd5cc36
RL		 2536 textmode = istext(format);
2537 if (!textmode) {
a412b891
RL		 2538#ifdef O_BINARY
2539 mode |= O_BINARY;
2540#elif defined(_O_BINARY)
2541 mode |= _O_BINARY;
2542#endif
2543 }
2544
fbd03b09
RL		 2545#ifdef OPENSSL_SYS_VMS
2546 /* VMS doesn't have O_BINARY, it just doesn't make sense. But,
2547 * it still needs to know that we're going binary, or fdopen()
2548 * will fail with "invalid argument"... so we tell VMS what the
2549 * context is.
2550 */
2551 if (!textmode)
2552 fd = open(filename, mode, 0600, "ctx=bin");
2553 else
2554#endif
2555 fd = open(filename, mode, 0600);
a412b891
RL		 2556 if (fd < 0)
2557 goto err;
2558 fp = fdopen(fd, modestr('w', format));
2559 if (fp == NULL)
2560 goto err;
2561 bflags = BIO_CLOSE;
1cd5cc36 2562 if (textmode)
a412b891
RL		 2563 bflags |= BIO_FP_TEXT;
2564 b = BIO_new_fp(fp, bflags);
2565 if (b)
2566 return b;
2567
2568 err:
2569 BIO_printf(bio_err, "%s: Can't open \"%s\" for writing, %s\n",
2570 opt_getprog(), filename, strerror(errno));
2571 ERR_print_errors(bio_err);
2572 /* If we have fp, then fdopen took over fd, so don't close both. */
2573 if (fp)
2574 fclose(fp);
2575 else if (fd >= 0)
2576 close(fd);
2577 return NULL;
2578}
2579
2580static BIO *bio_open_default_(const char *filename, char mode, int format,
2581 int quiet)
2582{
2583 BIO *ret;
2584
2585 if (filename == NULL || strcmp(filename, "-") == 0) {
a60994df 2586 ret = mode == 'r' ? dup_bio_in(format) : dup_bio_out(format);
a412b891
RL		 2587 if (quiet) {
2588 ERR_clear_error();
2589 return ret;
2590 }
2591 if (ret != NULL)
2592 return ret;
2593 BIO_printf(bio_err,
2594 "Can't open %s, %s\n",
2595 mode == 'r' ? "stdin" : "stdout", strerror(errno));
2596 } else {
2597 ret = BIO_new_file(filename, modestr(mode, format));
2598 if (quiet) {
2599 ERR_clear_error();
2600 return ret;
2601 }
2602 if (ret != NULL)
2603 return ret;
2604 BIO_printf(bio_err,
2605 "Can't open %s for %s, %s\n",
2606 filename, modeverb(mode), strerror(errno));
2607 }
2608 ERR_print_errors(bio_err);
2609 return NULL;
2610}
2611
2612BIO *bio_open_default(const char *filename, char mode, int format)
2613{
2614 return bio_open_default_(filename, mode, format, 0);
2615}
2616
2617BIO *bio_open_default_quiet(const char *filename, char mode, int format)
2618{
2619 return bio_open_default_(filename, mode, format, 1);
2620}
2621
e1b9840e
MC		 2622void wait_for_async(SSL *s)
2623{
d6e03b70
MC		 2624 /* On Windows select only works for sockets, so we simply don't wait */
2625#ifndef OPENSSL_SYS_WINDOWS
ff75a257 2626 int width = 0;
e1b9840e 2627 fd_set asyncfds;
ff75a257
MC		 2628 OSSL_ASYNC_FD *fds;
2629 size_t numfds;
e1b9840e 2630
ff75a257
MC		 2631 if (!SSL_get_all_async_fds(s, NULL, &numfds))
2632 return;
2633 if (numfds == 0)
e1b9840e 2634 return;
ff75a257
MC		 2635 fds = OPENSSL_malloc(sizeof(OSSL_ASYNC_FD) * numfds);
2636 if (!SSL_get_all_async_fds(s, fds, &numfds)) {
2637 OPENSSL_free(fds);
2638 }
e1b9840e 2639
e1b9840e 2640 FD_ZERO(&asyncfds);
ff75a257
MC		 2641 while (numfds > 0) {
2642 if (width <= (int)*fds)
2643 width = (int)*fds + 1;
2644 openssl_fdset((int)*fds, &asyncfds);
2645 numfds--;
2646 fds++;
2647 }
e1b9840e 2648 select(width, (void *)&asyncfds, NULL, NULL, NULL);
d6e03b70 2649#endif
e1b9840e 2650}
A mirror of the official openssl repository