File: | out/../deps/openssl/openssl/apps/lib/apps.c |
Warning: | line 1727, column 5 Value stored to 'j' is never read |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* |
2 | * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at |
7 | * https://www.openssl.org/source/license.html |
8 | */ |
9 | |
10 | #if !defined(_POSIX_C_SOURCE200809L) && defined(OPENSSL_SYS_VMS) |
11 | /* |
12 | * On VMS, you need to define this to get the declaration of fileno(). The |
13 | * value 2 is to make sure no function defined in POSIX-2 is left undefined. |
14 | */ |
15 | # define _POSIX_C_SOURCE200809L 2 |
16 | #endif |
17 | |
18 | #ifndef OPENSSL_NO_ENGINE |
19 | /* We need to use some deprecated APIs */ |
20 | # define OPENSSL_SUPPRESS_DEPRECATED |
21 | # include <openssl/engine.h> |
22 | #endif |
23 | |
24 | #include <stdio.h> |
25 | #include <stdlib.h> |
26 | #include <string.h> |
27 | #include <sys/types.h> |
28 | #ifndef OPENSSL_NO_POSIX_IO |
29 | # include <sys/stat.h> |
30 | # include <fcntl.h> |
31 | #endif |
32 | #include <ctype.h> |
33 | #include <errno(*__errno_location ()).h> |
34 | #include <openssl/err.h> |
35 | #include <openssl/x509.h> |
36 | #include <openssl/x509v3.h> |
37 | #include <openssl/http.h> |
38 | #include <openssl/pem.h> |
39 | #include <openssl/store.h> |
40 | #include <openssl/pkcs12.h> |
41 | #include <openssl/ui.h> |
42 | #include <openssl/safestack.h> |
43 | #include <openssl/rsa.h> |
44 | #include <openssl/rand.h> |
45 | #include <openssl/bn.h> |
46 | #include <openssl/ssl.h> |
47 | #include <openssl/store.h> |
48 | #include <openssl/core_names.h> |
49 | #include "s_apps.h" |
50 | #include "apps.h" |
51 | |
52 | #ifdef _WIN32 |
53 | static int WIN32_rename(const char *from, const char *to); |
54 | # define rename(from,to) WIN32_rename((from),(to)) |
55 | #endif |
56 | |
57 | #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) |
58 | # include <conio.h> |
59 | #endif |
60 | |
61 | #if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32) || defined(__BORLANDC__) |
62 | # define _kbhit kbhit |
63 | #endif |
64 | |
65 | static BIO *bio_open_default_(const char *filename, char mode, int format, |
66 | int quiet); |
67 | |
68 | #define PASS_SOURCE_SIZE_MAX4 4 |
69 | |
70 | DEFINE_STACK_OF(CONF)struct stack_st_CONF; typedef int (*sk_CONF_compfunc)(const CONF * const *a, const CONF *const *b); typedef void (*sk_CONF_freefunc )(CONF *a); typedef CONF * (*sk_CONF_copyfunc)(const CONF *a) ; static __attribute__((unused)) inline int sk_CONF_num(const struct stack_st_CONF *sk) { return OPENSSL_sk_num((const OPENSSL_STACK *)sk); } static __attribute__((unused)) inline CONF *sk_CONF_value (const struct stack_st_CONF *sk, int idx) { return (CONF *)OPENSSL_sk_value ((const OPENSSL_STACK *)sk, idx); } static __attribute__((unused )) inline struct stack_st_CONF *sk_CONF_new(sk_CONF_compfunc compare ) { return (struct stack_st_CONF *)OPENSSL_sk_new((OPENSSL_sk_compfunc )compare); } static __attribute__((unused)) inline struct stack_st_CONF *sk_CONF_new_null(void) { return (struct stack_st_CONF *)OPENSSL_sk_new_null (); } static __attribute__((unused)) inline struct stack_st_CONF *sk_CONF_new_reserve(sk_CONF_compfunc compare, int n) { return (struct stack_st_CONF *)OPENSSL_sk_new_reserve((OPENSSL_sk_compfunc )compare, n); } static __attribute__((unused)) inline int sk_CONF_reserve (struct stack_st_CONF *sk, int n) { return OPENSSL_sk_reserve ((OPENSSL_STACK *)sk, n); } static __attribute__((unused)) inline void sk_CONF_free(struct stack_st_CONF *sk) { OPENSSL_sk_free ((OPENSSL_STACK *)sk); } static __attribute__((unused)) inline void sk_CONF_zero(struct stack_st_CONF *sk) { OPENSSL_sk_zero ((OPENSSL_STACK *)sk); } static __attribute__((unused)) inline CONF *sk_CONF_delete(struct stack_st_CONF *sk, int i) { return (CONF *)OPENSSL_sk_delete((OPENSSL_STACK *)sk, i); } static __attribute__ ((unused)) inline CONF *sk_CONF_delete_ptr(struct stack_st_CONF *sk, CONF *ptr) { return (CONF *)OPENSSL_sk_delete_ptr((OPENSSL_STACK *)sk, (const void *)ptr); } static __attribute__((unused)) inline int sk_CONF_push(struct stack_st_CONF *sk, CONF *ptr) { return OPENSSL_sk_push((OPENSSL_STACK *)sk, (const void *)ptr); } static __attribute__((unused)) inline int sk_CONF_unshift(struct stack_st_CONF *sk, CONF *ptr) { return OPENSSL_sk_unshift((OPENSSL_STACK * )sk, (const void *)ptr); } static __attribute__((unused)) inline CONF *sk_CONF_pop(struct stack_st_CONF *sk) { return (CONF * )OPENSSL_sk_pop((OPENSSL_STACK *)sk); } static __attribute__( (unused)) inline CONF *sk_CONF_shift(struct stack_st_CONF *sk ) { return (CONF *)OPENSSL_sk_shift((OPENSSL_STACK *)sk); } static __attribute__((unused)) inline void sk_CONF_pop_free(struct stack_st_CONF *sk, sk_CONF_freefunc freefunc) { OPENSSL_sk_pop_free((OPENSSL_STACK *)sk, (OPENSSL_sk_freefunc)freefunc); } static __attribute__ ((unused)) inline int sk_CONF_insert(struct stack_st_CONF *sk , CONF *ptr, int idx) { return OPENSSL_sk_insert((OPENSSL_STACK *)sk, (const void *)ptr, idx); } static __attribute__((unused )) inline CONF *sk_CONF_set(struct stack_st_CONF *sk, int idx , CONF *ptr) { return (CONF *)OPENSSL_sk_set((OPENSSL_STACK * )sk, idx, (const void *)ptr); } static __attribute__((unused) ) inline int sk_CONF_find(struct stack_st_CONF *sk, CONF *ptr ) { return OPENSSL_sk_find((OPENSSL_STACK *)sk, (const void * )ptr); } static __attribute__((unused)) inline int sk_CONF_find_ex (struct stack_st_CONF *sk, CONF *ptr) { return OPENSSL_sk_find_ex ((OPENSSL_STACK *)sk, (const void *)ptr); } static __attribute__ ((unused)) inline int sk_CONF_find_all(struct stack_st_CONF * sk, CONF *ptr, int *pnum) { return OPENSSL_sk_find_all((OPENSSL_STACK *)sk, (const void *)ptr, pnum); } static __attribute__((unused )) inline void sk_CONF_sort(struct stack_st_CONF *sk) { OPENSSL_sk_sort ((OPENSSL_STACK *)sk); } static __attribute__((unused)) inline int sk_CONF_is_sorted(const struct stack_st_CONF *sk) { return OPENSSL_sk_is_sorted((const OPENSSL_STACK *)sk); } static __attribute__ ((unused)) inline struct stack_st_CONF * sk_CONF_dup(const struct stack_st_CONF *sk) { return (struct stack_st_CONF *)OPENSSL_sk_dup ((const OPENSSL_STACK *)sk); } static __attribute__((unused)) inline struct stack_st_CONF *sk_CONF_deep_copy(const struct stack_st_CONF *sk, sk_CONF_copyfunc copyfunc, sk_CONF_freefunc freefunc) { return (struct stack_st_CONF *)OPENSSL_sk_deep_copy((const OPENSSL_STACK *)sk, (OPENSSL_sk_copyfunc)copyfunc, (OPENSSL_sk_freefunc)freefunc ); } static __attribute__((unused)) inline sk_CONF_compfunc sk_CONF_set_cmp_func (struct stack_st_CONF *sk, sk_CONF_compfunc compare) { return (sk_CONF_compfunc)OPENSSL_sk_set_cmp_func((OPENSSL_STACK *)sk , (OPENSSL_sk_compfunc)compare); } |
71 | |
72 | typedef struct { |
73 | const char *name; |
74 | unsigned long flag; |
75 | unsigned long mask; |
76 | } NAME_EX_TBL; |
77 | |
78 | static int set_table_opts(unsigned long *flags, const char *arg, |
79 | const NAME_EX_TBL * in_tbl); |
80 | static int set_multi_opts(unsigned long *flags, const char *arg, |
81 | const NAME_EX_TBL * in_tbl); |
82 | static |
83 | int load_key_certs_crls_suppress(const char *uri, int format, int maybe_stdin, |
84 | const char *pass, const char *desc, |
85 | EVP_PKEY **ppkey, EVP_PKEY **ppubkey, |
86 | EVP_PKEY **pparams, |
87 | X509 **pcert, STACK_OF(X509)struct stack_st_X509 **pcerts, |
88 | X509_CRL **pcrl, STACK_OF(X509_CRL)struct stack_st_X509_CRL **pcrls, |
89 | int suppress_decode_errors); |
90 | |
91 | int app_init(long mesgwin); |
92 | |
93 | int chopup_args(ARGS *arg, char *buf) |
94 | { |
95 | int quoted; |
96 | char c = '\0', *p = NULL((void*)0); |
97 | |
98 | arg->argc = 0; |
99 | if (arg->size == 0) { |
100 | arg->size = 20; |
101 | arg->argv = app_malloc(sizeof(*arg->argv) * arg->size, "argv space"); |
102 | } |
103 | |
104 | for (p = buf;;) { |
105 | /* Skip whitespace. */ |
106 | while (*p && isspace(_UC(*p))((*__ctype_b_loc ())[(int) ((((unsigned char)(*p))))] & ( unsigned short int) _ISspace)) |
107 | p++; |
108 | if (*p == '\0') |
109 | break; |
110 | |
111 | /* The start of something good :-) */ |
112 | if (arg->argc >= arg->size) { |
113 | char **tmp; |
114 | arg->size += 20; |
115 | tmp = OPENSSL_realloc(arg->argv, sizeof(*arg->argv) * arg->size)CRYPTO_realloc(arg->argv, sizeof(*arg->argv) * arg-> size, "../deps/openssl/openssl/apps/lib/apps.c", 115); |
116 | if (tmp == NULL((void*)0)) |
117 | return 0; |
118 | arg->argv = tmp; |
119 | } |
120 | quoted = *p == '\'' || *p == '"'; |
121 | if (quoted) |
122 | c = *p++; |
123 | arg->argv[arg->argc++] = p; |
124 | |
125 | /* now look for the end of this */ |
126 | if (quoted) { |
127 | while (*p && *p != c) |
128 | p++; |
129 | *p++ = '\0'; |
130 | } else { |
131 | while (*p && !isspace(_UC(*p))((*__ctype_b_loc ())[(int) ((((unsigned char)(*p))))] & ( unsigned short int) _ISspace)) |
132 | p++; |
133 | if (*p) |
134 | *p++ = '\0'; |
135 | } |
136 | } |
137 | arg->argv[arg->argc] = NULL((void*)0); |
138 | return 1; |
139 | } |
140 | |
141 | #ifndef APP_INIT |
142 | int app_init(long mesgwin) |
143 | { |
144 | return 1; |
145 | } |
146 | #endif |
147 | |
148 | int ctx_set_verify_locations(SSL_CTX *ctx, |
149 | const char *CAfile, int noCAfile, |
150 | const char *CApath, int noCApath, |
151 | const char *CAstore, int noCAstore) |
152 | { |
153 | if (CAfile == NULL((void*)0) && CApath == NULL((void*)0) && CAstore == NULL((void*)0)) { |
154 | if (!noCAfile && SSL_CTX_set_default_verify_file(ctx) <= 0) |
155 | return 0; |
156 | if (!noCApath && SSL_CTX_set_default_verify_dir(ctx) <= 0) |
157 | return 0; |
158 | if (!noCAstore && SSL_CTX_set_default_verify_store(ctx) <= 0) |
159 | return 0; |
160 | |
161 | return 1; |
162 | } |
163 | |
164 | if (CAfile != NULL((void*)0) && !SSL_CTX_load_verify_file(ctx, CAfile)) |
165 | return 0; |
166 | if (CApath != NULL((void*)0) && !SSL_CTX_load_verify_dir(ctx, CApath)) |
167 | return 0; |
168 | if (CAstore != NULL((void*)0) && !SSL_CTX_load_verify_store(ctx, CAstore)) |
169 | return 0; |
170 | return 1; |
171 | } |
172 | |
173 | #ifndef OPENSSL_NO_CT |
174 | |
175 | int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path) |
176 | { |
177 | if (path == NULL((void*)0)) |
178 | return SSL_CTX_set_default_ctlog_list_file(ctx); |
179 | |
180 | return SSL_CTX_set_ctlog_list_file(ctx, path); |
181 | } |
182 | |
183 | #endif |
184 | |
185 | static unsigned long nmflag = 0; |
186 | static char nmflag_set = 0; |
187 | |
188 | int set_nameopt(const char *arg) |
189 | { |
190 | int ret = set_name_ex(&nmflag, arg); |
191 | |
192 | if (ret) |
193 | nmflag_set = 1; |
194 | |
195 | return ret; |
196 | } |
197 | |
198 | unsigned long get_nameopt(void) |
199 | { |
200 | return (nmflag_set) ? nmflag : XN_FLAG_ONELINE((1 | 2 | 4 | 0x10 | 0x100 | 0x200) | 8 | (2 << 16) | ( 1 << 23) | 0); |
201 | } |
202 | |
203 | void dump_cert_text(BIO *out, X509 *x) |
204 | { |
205 | print_name(out, "subject=", X509_get_subject_name(x)); |
206 | print_name(out, "issuer=", X509_get_issuer_name(x)); |
207 | } |
208 | |
209 | int wrap_password_callback(char *buf, int bufsiz, int verify, void *userdata) |
210 | { |
211 | return password_callback(buf, bufsiz, verify, (PW_CB_DATA *)userdata); |
212 | } |
213 | |
214 | |
215 | static char *app_get_pass(const char *arg, int keepbio); |
216 | |
217 | char *get_passwd(const char *pass, const char *desc) |
218 | { |
219 | char *result = NULL((void*)0); |
220 | |
221 | if (desc == NULL((void*)0)) |
222 | desc = "<unknown>"; |
223 | if (!app_passwd(pass, NULL((void*)0), &result, NULL((void*)0))) |
224 | BIO_printf(bio_err, "Error getting password for %s\n", desc); |
225 | if (pass != NULL((void*)0) && result == NULL((void*)0)) { |
226 | BIO_printf(bio_err, |
227 | "Trying plain input string (better precede with 'pass:')\n"); |
228 | result = OPENSSL_strdup(pass)CRYPTO_strdup(pass, "../deps/openssl/openssl/apps/lib/apps.c" , 228); |
229 | if (result == NULL((void*)0)) |
230 | BIO_printf(bio_err, "Out of memory getting password for %s\n", desc); |
231 | } |
232 | return result; |
233 | } |
234 | |
235 | int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2) |
236 | { |
237 | int same = arg1 != NULL((void*)0) && arg2 != NULL((void*)0) && strcmp(arg1, arg2) == 0; |
238 | |
239 | if (arg1 != NULL((void*)0)) { |
240 | *pass1 = app_get_pass(arg1, same); |
241 | if (*pass1 == NULL((void*)0)) |
242 | return 0; |
243 | } else if (pass1 != NULL((void*)0)) { |
244 | *pass1 = NULL((void*)0); |
245 | } |
246 | if (arg2 != NULL((void*)0)) { |
247 | *pass2 = app_get_pass(arg2, same ? 2 : 0); |
248 | if (*pass2 == NULL((void*)0)) |
249 | return 0; |
250 | } else if (pass2 != NULL((void*)0)) { |
251 | *pass2 = NULL((void*)0); |
252 | } |
253 | return 1; |
254 | } |
255 | |
256 | static char *app_get_pass(const char *arg, int keepbio) |
257 | { |
258 | static BIO *pwdbio = NULL((void*)0); |
259 | char *tmp, tpass[APP_PASS_LEN1024]; |
260 | int i; |
261 | |
262 | /* PASS_SOURCE_SIZE_MAX = max number of chars before ':' in below strings */ |
263 | if (strncmp(arg, "pass:", 5) == 0) |
264 | return OPENSSL_strdup(arg + 5)CRYPTO_strdup(arg + 5, "../deps/openssl/openssl/apps/lib/apps.c" , 264); |
265 | if (strncmp(arg, "env:", 4) == 0) { |
266 | tmp = getenv(arg + 4); |
267 | if (tmp == NULL((void*)0)) { |
268 | BIO_printf(bio_err, "No environment variable %s\n", arg + 4); |
269 | return NULL((void*)0); |
270 | } |
271 | return OPENSSL_strdup(tmp)CRYPTO_strdup(tmp, "../deps/openssl/openssl/apps/lib/apps.c", 271); |
272 | } |
273 | if (!keepbio || pwdbio == NULL((void*)0)) { |
274 | if (strncmp(arg, "file:", 5) == 0) { |
275 | pwdbio = BIO_new_file(arg + 5, "r"); |
276 | if (pwdbio == NULL((void*)0)) { |
277 | BIO_printf(bio_err, "Can't open file %s\n", arg + 5); |
278 | return NULL((void*)0); |
279 | } |
280 | #if !defined(_WIN32) |
281 | /* |
282 | * Under _WIN32, which covers even Win64 and CE, file |
283 | * descriptors referenced by BIO_s_fd are not inherited |
284 | * by child process and therefore below is not an option. |
285 | * It could have been an option if bss_fd.c was operating |
286 | * on real Windows descriptors, such as those obtained |
287 | * with CreateFile. |
288 | */ |
289 | } else if (strncmp(arg, "fd:", 3) == 0) { |
290 | BIO *btmp; |
291 | i = atoi(arg + 3); |
292 | if (i >= 0) |
293 | pwdbio = BIO_new_fd(i, BIO_NOCLOSE0x00); |
294 | if ((i < 0) || pwdbio == NULL((void*)0)) { |
295 | BIO_printf(bio_err, "Can't access file descriptor %s\n", arg + 3); |
296 | return NULL((void*)0); |
297 | } |
298 | /* |
299 | * Can't do BIO_gets on an fd BIO so add a buffering BIO |
300 | */ |
301 | btmp = BIO_new(BIO_f_buffer()); |
302 | if (btmp == NULL((void*)0)) { |
303 | BIO_free_all(pwdbio); |
304 | pwdbio = NULL((void*)0); |
305 | BIO_printf(bio_err, "Out of memory\n"); |
306 | return NULL((void*)0); |
307 | } |
308 | pwdbio = BIO_push(btmp, pwdbio); |
309 | #endif |
310 | } else if (strcmp(arg, "stdin") == 0) { |
311 | pwdbio = dup_bio_in(FORMAT_TEXT(1 | 0x8000)); |
312 | if (pwdbio == NULL((void*)0)) { |
313 | BIO_printf(bio_err, "Can't open BIO for stdin\n"); |
314 | return NULL((void*)0); |
315 | } |
316 | } else { |
317 | /* argument syntax error; do not reveal too much about arg */ |
318 | tmp = strchr(arg, ':'); |
319 | if (tmp == NULL((void*)0) || tmp - arg > PASS_SOURCE_SIZE_MAX4) |
320 | BIO_printf(bio_err, |
321 | "Invalid password argument, missing ':' within the first %d chars\n", |
322 | PASS_SOURCE_SIZE_MAX4 + 1); |
323 | else |
324 | BIO_printf(bio_err, |
325 | "Invalid password argument, starting with \"%.*s\"\n", |
326 | (int)(tmp - arg + 1), arg); |
327 | return NULL((void*)0); |
328 | } |
329 | } |
330 | i = BIO_gets(pwdbio, tpass, APP_PASS_LEN1024); |
331 | if (keepbio != 1) { |
332 | BIO_free_all(pwdbio); |
333 | pwdbio = NULL((void*)0); |
334 | } |
335 | if (i <= 0) { |
336 | BIO_printf(bio_err, "Error reading password from BIO\n"); |
337 | return NULL((void*)0); |
338 | } |
339 | tmp = strchr(tpass, '\n'); |
340 | if (tmp != NULL((void*)0)) |
341 | *tmp = 0; |
342 | return OPENSSL_strdup(tpass)CRYPTO_strdup(tpass, "../deps/openssl/openssl/apps/lib/apps.c" , 342); |
343 | } |
344 | |
345 | CONF *app_load_config_bio(BIO *in, const char *filename) |
346 | { |
347 | long errorline = -1; |
348 | CONF *conf; |
349 | int i; |
350 | |
351 | conf = NCONF_new_ex(app_get0_libctx(), NULL((void*)0)); |
352 | i = NCONF_load_bio(conf, in, &errorline); |
353 | if (i > 0) |
354 | return conf; |
355 | |
356 | if (errorline <= 0) { |
357 | BIO_printf(bio_err, "%s: Can't load ", opt_getprog()); |
358 | } else { |
359 | BIO_printf(bio_err, "%s: Error on line %ld of ", opt_getprog(), |
360 | errorline); |
361 | } |
362 | if (filename != NULL((void*)0)) |
363 | BIO_printf(bio_err, "config file \"%s\"\n", filename); |
364 | else |
365 | BIO_printf(bio_err, "config input"); |
366 | |
367 | NCONF_free(conf); |
368 | return NULL((void*)0); |
369 | } |
370 | |
371 | CONF *app_load_config_verbose(const char *filename, int verbose) |
372 | { |
373 | if (verbose) { |
374 | if (*filename == '\0') |
375 | BIO_printf(bio_err, "No configuration used\n"); |
376 | else |
377 | BIO_printf(bio_err, "Using configuration from %s\n", filename); |
378 | } |
379 | return app_load_config_internal(filename, 0); |
380 | } |
381 | |
382 | CONF *app_load_config_internal(const char *filename, int quiet) |
383 | { |
384 | BIO *in; |
385 | CONF *conf; |
386 | |
387 | if (filename == NULL((void*)0) || *filename != '\0') { |
388 | if ((in = bio_open_default_(filename, 'r', FORMAT_TEXT(1 | 0x8000), quiet)) == NULL((void*)0)) |
389 | return NULL((void*)0); |
390 | conf = app_load_config_bio(in, filename); |
391 | BIO_free(in); |
392 | } else { |
393 | /* Return empty config if filename is empty string. */ |
394 | conf = NCONF_new_ex(app_get0_libctx(), NULL((void*)0)); |
395 | } |
396 | return conf; |
397 | } |
398 | |
399 | int app_load_modules(const CONF *config) |
400 | { |
401 | CONF *to_free = NULL((void*)0); |
402 | |
403 | if (config == NULL((void*)0)) |
404 | config = to_free = app_load_config_quiet(default_config_file)app_load_config_internal(default_config_file, 1); |
405 | if (config == NULL((void*)0)) |
406 | return 1; |
407 | |
408 | if (CONF_modules_load(config, NULL((void*)0), 0) <= 0) { |
409 | BIO_printf(bio_err, "Error configuring OpenSSL modules\n"); |
410 | ERR_print_errors(bio_err); |
411 | NCONF_free(to_free); |
412 | return 0; |
413 | } |
414 | NCONF_free(to_free); |
415 | return 1; |
416 | } |
417 | |
418 | int add_oid_section(CONF *conf) |
419 | { |
420 | char *p; |
421 | STACK_OF(CONF_VALUE)struct stack_st_CONF_VALUE *sktmp; |
422 | CONF_VALUE *cnf; |
423 | int i; |
424 | |
425 | if ((p = NCONF_get_string(conf, NULL((void*)0), "oid_section")) == NULL((void*)0)) { |
426 | ERR_clear_error(); |
427 | return 1; |
428 | } |
429 | if ((sktmp = NCONF_get_section(conf, p)) == NULL((void*)0)) { |
430 | BIO_printf(bio_err, "problem loading oid section %s\n", p); |
431 | return 0; |
432 | } |
433 | for (i = 0; i < sk_CONF_VALUE_num(sktmp)OPENSSL_sk_num(ossl_check_const_CONF_VALUE_sk_type(sktmp)); i++) { |
434 | cnf = sk_CONF_VALUE_value(sktmp, i)((CONF_VALUE *)OPENSSL_sk_value(ossl_check_const_CONF_VALUE_sk_type (sktmp), (i))); |
435 | if (OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef0) { |
436 | BIO_printf(bio_err, "problem creating object %s=%s\n", |
437 | cnf->name, cnf->value); |
438 | return 0; |
439 | } |
440 | } |
441 | return 1; |
442 | } |
443 | |
444 | CONF *app_load_config_modules(const char *configfile) |
445 | { |
446 | CONF *conf = NULL((void*)0); |
447 | |
448 | if (configfile != NULL((void*)0)) { |
449 | if ((conf = app_load_config_verbose(configfile, 1)) == NULL((void*)0)) |
450 | return NULL((void*)0); |
451 | if (configfile != default_config_file && !app_load_modules(conf)) { |
452 | NCONF_free(conf); |
453 | conf = NULL((void*)0); |
454 | } |
455 | } |
456 | return conf; |
457 | } |
458 | |
459 | #define IS_HTTP(uri)((uri) != ((void*)0) && strncmp(uri, "http""://", strlen ("http""://")) == 0) ((uri) != NULL((void*)0) \ |
460 | && strncmp(uri, OSSL_HTTP_PREFIX"http""://", strlen(OSSL_HTTP_PREFIX"http""://")) == 0) |
461 | #define IS_HTTPS(uri)((uri) != ((void*)0) && strncmp(uri, "https""://", strlen ("https""://")) == 0) ((uri) != NULL((void*)0) \ |
462 | && strncmp(uri, OSSL_HTTPS_PREFIX"https""://", strlen(OSSL_HTTPS_PREFIX"https""://")) == 0) |
463 | |
464 | X509 *load_cert_pass(const char *uri, int format, int maybe_stdin, |
465 | const char *pass, const char *desc) |
466 | { |
467 | X509 *cert = NULL((void*)0); |
468 | |
469 | if (desc == NULL((void*)0)) |
470 | desc = "certificate"; |
471 | if (IS_HTTPS(uri)((uri) != ((void*)0) && strncmp(uri, "https""://", strlen ("https""://")) == 0)) |
472 | BIO_printf(bio_err, "Loading %s over HTTPS is unsupported\n", desc); |
473 | else if (IS_HTTP(uri)((uri) != ((void*)0) && strncmp(uri, "http""://", strlen ("http""://")) == 0)) |
474 | cert = X509_load_http(uri, NULL((void*)0), NULL((void*)0), 0 /* timeout */); |
475 | else |
476 | (void)load_key_certs_crls(uri, format, maybe_stdin, pass, desc, |
477 | NULL((void*)0), NULL((void*)0), NULL((void*)0), &cert, NULL((void*)0), NULL((void*)0), NULL((void*)0)); |
478 | if (cert == NULL((void*)0)) { |
479 | BIO_printf(bio_err, "Unable to load %s\n", desc); |
480 | ERR_print_errors(bio_err); |
481 | } |
482 | return cert; |
483 | } |
484 | |
485 | X509_CRL *load_crl(const char *uri, int format, int maybe_stdin, |
486 | const char *desc) |
487 | { |
488 | X509_CRL *crl = NULL((void*)0); |
489 | |
490 | if (desc == NULL((void*)0)) |
491 | desc = "CRL"; |
492 | if (IS_HTTPS(uri)((uri) != ((void*)0) && strncmp(uri, "https""://", strlen ("https""://")) == 0)) |
493 | BIO_printf(bio_err, "Loading %s over HTTPS is unsupported\n", desc); |
494 | else if (IS_HTTP(uri)((uri) != ((void*)0) && strncmp(uri, "http""://", strlen ("http""://")) == 0)) |
495 | crl = X509_CRL_load_http(uri, NULL((void*)0), NULL((void*)0), 0 /* timeout */); |
496 | else |
497 | (void)load_key_certs_crls(uri, format, maybe_stdin, NULL((void*)0), desc, |
498 | NULL((void*)0), NULL((void*)0), NULL((void*)0), NULL((void*)0), NULL((void*)0), &crl, NULL((void*)0)); |
499 | if (crl == NULL((void*)0)) { |
500 | BIO_printf(bio_err, "Unable to load %s\n", desc); |
501 | ERR_print_errors(bio_err); |
502 | } |
503 | return crl; |
504 | } |
505 | |
506 | X509_REQ *load_csr(const char *file, int format, const char *desc) |
507 | { |
508 | X509_REQ *req = NULL((void*)0); |
509 | BIO *in; |
510 | |
511 | if (format == FORMAT_UNDEF0) |
512 | format = FORMAT_PEM(5 | 0x8000); |
513 | if (desc == NULL((void*)0)) |
514 | desc = "CSR"; |
515 | in = bio_open_default(file, 'r', format); |
516 | if (in == NULL((void*)0)) |
517 | goto end; |
518 | |
519 | if (format == FORMAT_ASN14) |
520 | req = d2i_X509_REQ_bio(in, NULL((void*)0)); |
521 | else if (format == FORMAT_PEM(5 | 0x8000)) |
522 | req = PEM_read_bio_X509_REQ(in, NULL((void*)0), NULL((void*)0), NULL((void*)0)); |
523 | else |
524 | print_format_error(format, OPT_FMT_PEMDER(1L << 1)); |
525 | |
526 | end: |
527 | if (req == NULL((void*)0)) { |
528 | BIO_printf(bio_err, "Unable to load %s\n", desc); |
529 | ERR_print_errors(bio_err); |
530 | } |
531 | BIO_free(in); |
532 | return req; |
533 | } |
534 | |
535 | void cleanse(char *str) |
536 | { |
537 | if (str != NULL((void*)0)) |
538 | OPENSSL_cleanse(str, strlen(str)); |
539 | } |
540 | |
541 | void clear_free(char *str) |
542 | { |
543 | if (str != NULL((void*)0)) |
544 | OPENSSL_clear_free(str, strlen(str))CRYPTO_clear_free(str, strlen(str), "../deps/openssl/openssl/apps/lib/apps.c" , 544); |
545 | } |
546 | |
547 | EVP_PKEY *load_key(const char *uri, int format, int may_stdin, |
548 | const char *pass, ENGINE *e, const char *desc) |
549 | { |
550 | EVP_PKEY *pkey = NULL((void*)0); |
551 | char *allocated_uri = NULL((void*)0); |
552 | |
553 | if (desc == NULL((void*)0)) |
554 | desc = "private key"; |
555 | |
556 | if (format == FORMAT_ENGINE8) { |
557 | uri = allocated_uri = make_engine_uri(e, uri, desc); |
558 | } |
559 | (void)load_key_certs_crls(uri, format, may_stdin, pass, desc, |
560 | &pkey, NULL((void*)0), NULL((void*)0), NULL((void*)0), NULL((void*)0), NULL((void*)0), NULL((void*)0)); |
561 | |
562 | OPENSSL_free(allocated_uri)CRYPTO_free(allocated_uri, "../deps/openssl/openssl/apps/lib/apps.c" , 562); |
563 | return pkey; |
564 | } |
565 | |
566 | EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin, |
567 | const char *pass, ENGINE *e, const char *desc) |
568 | { |
569 | EVP_PKEY *pkey = NULL((void*)0); |
570 | char *allocated_uri = NULL((void*)0); |
571 | |
572 | if (desc == NULL((void*)0)) |
573 | desc = "public key"; |
574 | |
575 | if (format == FORMAT_ENGINE8) { |
576 | uri = allocated_uri = make_engine_uri(e, uri, desc); |
577 | } |
578 | (void)load_key_certs_crls(uri, format, maybe_stdin, pass, desc, |
579 | NULL((void*)0), &pkey, NULL((void*)0), NULL((void*)0), NULL((void*)0), NULL((void*)0), NULL((void*)0)); |
580 | |
581 | OPENSSL_free(allocated_uri)CRYPTO_free(allocated_uri, "../deps/openssl/openssl/apps/lib/apps.c" , 581); |
582 | return pkey; |
583 | } |
584 | |
585 | EVP_PKEY *load_keyparams_suppress(const char *uri, int format, int maybe_stdin, |
586 | const char *keytype, const char *desc, |
587 | int suppress_decode_errors) |
588 | { |
589 | EVP_PKEY *params = NULL((void*)0); |
590 | |
591 | if (desc == NULL((void*)0)) |
592 | desc = "key parameters"; |
593 | |
594 | (void)load_key_certs_crls_suppress(uri, format, maybe_stdin, NULL((void*)0), desc, |
595 | NULL((void*)0), NULL((void*)0), ¶ms, NULL((void*)0), NULL((void*)0), NULL((void*)0), |
596 | NULL((void*)0), suppress_decode_errors); |
597 | if (params != NULL((void*)0) && keytype != NULL((void*)0) && !EVP_PKEY_is_a(params, keytype)) { |
598 | if (!suppress_decode_errors) { |
599 | BIO_printf(bio_err, |
600 | "Unable to load %s from %s (unexpected parameters type)\n", |
601 | desc, uri); |
602 | ERR_print_errors(bio_err); |
603 | } |
604 | EVP_PKEY_free(params); |
605 | params = NULL((void*)0); |
606 | } |
607 | return params; |
608 | } |
609 | |
610 | EVP_PKEY *load_keyparams(const char *uri, int format, int maybe_stdin, |
611 | const char *keytype, const char *desc) |
612 | { |
613 | return load_keyparams_suppress(uri, format, maybe_stdin, keytype, desc, 0); |
614 | } |
615 | |
616 | void app_bail_out(char *fmt, ...) |
617 | { |
618 | va_list args; |
619 | |
620 | va_start(args, fmt)__builtin_va_start(args, fmt); |
621 | BIO_vprintf(bio_err, fmt, args); |
622 | va_end(args)__builtin_va_end(args); |
623 | ERR_print_errors(bio_err); |
624 | exit(EXIT_FAILURE1); |
625 | } |
626 | |
627 | void *app_malloc(size_t sz, const char *what) |
628 | { |
629 | void *vp = OPENSSL_malloc(sz)CRYPTO_malloc(sz, "../deps/openssl/openssl/apps/lib/apps.c", 629 ); |
630 | |
631 | if (vp == NULL((void*)0)) |
632 | app_bail_out("%s: Could not allocate %zu bytes for %s\n", |
633 | opt_getprog(), sz, what); |
634 | return vp; |
635 | } |
636 | |
637 | char *next_item(char *opt) /* in list separated by comma and/or space */ |
638 | { |
639 | /* advance to separator (comma or whitespace), if any */ |
640 | while (*opt != ',' && !isspace(*opt)((*__ctype_b_loc ())[(int) ((*opt))] & (unsigned short int ) _ISspace) && *opt != '\0') |
641 | opt++; |
642 | if (*opt != '\0') { |
643 | /* terminate current item */ |
644 | *opt++ = '\0'; |
645 | /* skip over any whitespace after separator */ |
646 | while (isspace(*opt)((*__ctype_b_loc ())[(int) ((*opt))] & (unsigned short int ) _ISspace)) |
647 | opt++; |
648 | } |
649 | return *opt == '\0' ? NULL((void*)0) : opt; /* NULL indicates end of input */ |
650 | } |
651 | |
652 | static void warn_cert_msg(const char *uri, X509 *cert, const char *msg) |
653 | { |
654 | char *subj = X509_NAME_oneline(X509_get_subject_name(cert), NULL((void*)0), 0); |
655 | |
656 | BIO_printf(bio_err, "Warning: certificate from '%s' with subject '%s' %s\n", |
657 | uri, subj, msg); |
658 | OPENSSL_free(subj)CRYPTO_free(subj, "../deps/openssl/openssl/apps/lib/apps.c", 658 ); |
659 | } |
660 | |
661 | static void warn_cert(const char *uri, X509 *cert, int warn_EE, |
662 | X509_VERIFY_PARAM *vpm) |
663 | { |
664 | uint32_t ex_flags = X509_get_extension_flags(cert); |
665 | int res = X509_cmp_timeframe(vpm, X509_get0_notBefore(cert), |
666 | X509_get0_notAfter(cert)); |
667 | |
668 | if (res != 0) |
669 | warn_cert_msg(uri, cert, res > 0 ? "has expired" : "not yet valid"); |
670 | if (warn_EE && (ex_flags & EXFLAG_V10x40) == 0 && (ex_flags & EXFLAG_CA0x10) == 0) |
671 | warn_cert_msg(uri, cert, "is not a CA cert"); |
672 | } |
673 | |
674 | static void warn_certs(const char *uri, STACK_OF(X509)struct stack_st_X509 *certs, int warn_EE, |
675 | X509_VERIFY_PARAM *vpm) |
676 | { |
677 | int i; |
678 | |
679 | for (i = 0; i < sk_X509_num(certs)OPENSSL_sk_num(ossl_check_const_X509_sk_type(certs)); i++) |
680 | warn_cert(uri, sk_X509_value(certs, i)((X509 *)OPENSSL_sk_value(ossl_check_const_X509_sk_type(certs ), (i))), warn_EE, vpm); |
681 | } |
682 | |
683 | int load_cert_certs(const char *uri, |
684 | X509 **pcert, STACK_OF(X509)struct stack_st_X509 **pcerts, |
685 | int exclude_http, const char *pass, const char *desc, |
686 | X509_VERIFY_PARAM *vpm) |
687 | { |
688 | int ret = 0; |
689 | char *pass_string; |
690 | |
691 | if (exclude_http && (OPENSSL_strncasecmp(uri, "http://", 7) == 0 |
692 | || OPENSSL_strncasecmp(uri, "https://", 8) == 0)) { |
693 | BIO_printf(bio_err, "error: HTTP retrieval not allowed for %s\n", desc); |
694 | return ret; |
695 | } |
696 | pass_string = get_passwd(pass, desc); |
697 | ret = load_key_certs_crls(uri, FORMAT_UNDEF0, 0, pass_string, desc, |
698 | NULL((void*)0), NULL((void*)0), NULL((void*)0), |
699 | pcert, pcerts, NULL((void*)0), NULL((void*)0)); |
700 | clear_free(pass_string); |
701 | |
702 | if (ret) { |
703 | if (pcert != NULL((void*)0)) |
704 | warn_cert(uri, *pcert, 0, vpm); |
705 | if (pcerts != NULL((void*)0)) |
706 | warn_certs(uri, *pcerts, 1, vpm); |
707 | } else { |
708 | if (pcerts != NULL((void*)0)) { |
709 | sk_X509_pop_free(*pcerts, X509_free)OPENSSL_sk_pop_free(ossl_check_X509_sk_type(*pcerts),ossl_check_X509_freefunc_type (X509_free)); |
710 | *pcerts = NULL((void*)0); |
711 | } |
712 | } |
713 | return ret; |
714 | } |
715 | |
716 | STACK_OF(X509)struct stack_st_X509 *load_certs_multifile(char *files, const char *pass, |
717 | const char *desc, X509_VERIFY_PARAM *vpm) |
718 | { |
719 | STACK_OF(X509)struct stack_st_X509 *certs = NULL((void*)0); |
720 | STACK_OF(X509)struct stack_st_X509 *result = sk_X509_new_null()((struct stack_st_X509 *)OPENSSL_sk_new_null()); |
721 | |
722 | if (files == NULL((void*)0)) |
723 | goto err; |
724 | if (result == NULL((void*)0)) |
725 | goto oom; |
726 | |
727 | while (files != NULL((void*)0)) { |
728 | char *next = next_item(files); |
729 | |
730 | if (!load_cert_certs(files, NULL((void*)0), &certs, 0, pass, desc, vpm)) |
731 | goto err; |
732 | if (!X509_add_certs(result, certs, |
733 | X509_ADD_FLAG_UP_REF0x1 | X509_ADD_FLAG_NO_DUP0x4)) |
734 | goto oom; |
735 | sk_X509_pop_free(certs, X509_free)OPENSSL_sk_pop_free(ossl_check_X509_sk_type(certs),ossl_check_X509_freefunc_type (X509_free)); |
736 | certs = NULL((void*)0); |
737 | files = next; |
738 | } |
739 | return result; |
740 | |
741 | oom: |
742 | BIO_printf(bio_err, "out of memory\n"); |
743 | err: |
744 | sk_X509_pop_free(certs, X509_free)OPENSSL_sk_pop_free(ossl_check_X509_sk_type(certs),ossl_check_X509_freefunc_type (X509_free)); |
745 | sk_X509_pop_free(result, X509_free)OPENSSL_sk_pop_free(ossl_check_X509_sk_type(result),ossl_check_X509_freefunc_type (X509_free)); |
746 | return NULL((void*)0); |
747 | } |
748 | |
749 | static X509_STORE *sk_X509_to_store(X509_STORE *store /* may be NULL */, |
750 | const STACK_OF(X509)struct stack_st_X509 *certs /* may NULL */) |
751 | { |
752 | int i; |
753 | |
754 | if (store == NULL((void*)0)) |
755 | store = X509_STORE_new(); |
756 | if (store == NULL((void*)0)) |
757 | return NULL((void*)0); |
758 | for (i = 0; i < sk_X509_num(certs)OPENSSL_sk_num(ossl_check_const_X509_sk_type(certs)); i++) { |
759 | if (!X509_STORE_add_cert(store, sk_X509_value(certs, i)((X509 *)OPENSSL_sk_value(ossl_check_const_X509_sk_type(certs ), (i))))) { |
760 | X509_STORE_free(store); |
761 | return NULL((void*)0); |
762 | } |
763 | } |
764 | return store; |
765 | } |
766 | |
767 | /* |
768 | * Create cert store structure with certificates read from given file(s). |
769 | * Returns pointer to created X509_STORE on success, NULL on error. |
770 | */ |
771 | X509_STORE *load_certstore(char *input, const char *pass, const char *desc, |
772 | X509_VERIFY_PARAM *vpm) |
773 | { |
774 | X509_STORE *store = NULL((void*)0); |
775 | STACK_OF(X509)struct stack_st_X509 *certs = NULL((void*)0); |
776 | |
777 | while (input != NULL((void*)0)) { |
778 | char *next = next_item(input); |
779 | int ok; |
780 | |
781 | if (!load_cert_certs(input, NULL((void*)0), &certs, 1, pass, desc, vpm)) { |
782 | X509_STORE_free(store); |
783 | return NULL((void*)0); |
784 | } |
785 | ok = (store = sk_X509_to_store(store, certs)) != NULL((void*)0); |
786 | sk_X509_pop_free(certs, X509_free)OPENSSL_sk_pop_free(ossl_check_X509_sk_type(certs),ossl_check_X509_freefunc_type (X509_free)); |
787 | certs = NULL((void*)0); |
788 | if (!ok) |
789 | return NULL((void*)0); |
790 | input = next; |
791 | } |
792 | return store; |
793 | } |
794 | |
795 | /* |
796 | * Initialize or extend, if *certs != NULL, a certificate stack. |
797 | * The caller is responsible for freeing *certs if its value is left not NULL. |
798 | */ |
799 | int load_certs(const char *uri, int maybe_stdin, STACK_OF(X509)struct stack_st_X509 **certs, |
800 | const char *pass, const char *desc) |
801 | { |
802 | int was_NULL = *certs == NULL((void*)0); |
803 | int ret = load_key_certs_crls(uri, FORMAT_UNDEF0, maybe_stdin, |
804 | pass, desc, NULL((void*)0), NULL((void*)0), |
805 | NULL((void*)0), NULL((void*)0), certs, NULL((void*)0), NULL((void*)0)); |
806 | |
807 | if (!ret && was_NULL) { |
808 | sk_X509_pop_free(*certs, X509_free)OPENSSL_sk_pop_free(ossl_check_X509_sk_type(*certs),ossl_check_X509_freefunc_type (X509_free)); |
809 | *certs = NULL((void*)0); |
810 | } |
811 | return ret; |
812 | } |
813 | |
814 | /* |
815 | * Initialize or extend, if *crls != NULL, a certificate stack. |
816 | * The caller is responsible for freeing *crls if its value is left not NULL. |
817 | */ |
818 | int load_crls(const char *uri, STACK_OF(X509_CRL)struct stack_st_X509_CRL **crls, |
819 | const char *pass, const char *desc) |
820 | { |
821 | int was_NULL = *crls == NULL((void*)0); |
822 | int ret = load_key_certs_crls(uri, FORMAT_UNDEF0, 0, pass, desc, |
823 | NULL((void*)0), NULL((void*)0), NULL((void*)0), |
824 | NULL((void*)0), NULL((void*)0), NULL((void*)0), crls); |
825 | |
826 | if (!ret && was_NULL) { |
827 | sk_X509_CRL_pop_free(*crls, X509_CRL_free)OPENSSL_sk_pop_free(ossl_check_X509_CRL_sk_type(*crls),ossl_check_X509_CRL_freefunc_type (X509_CRL_free)); |
828 | *crls = NULL((void*)0); |
829 | } |
830 | return ret; |
831 | } |
832 | |
833 | static const char *format2string(int format) |
834 | { |
835 | switch(format) { |
836 | case FORMAT_PEM(5 | 0x8000): |
837 | return "PEM"; |
838 | case FORMAT_ASN14: |
839 | return "DER"; |
840 | } |
841 | return NULL((void*)0); |
842 | } |
843 | |
844 | /* Set type expectation, but clear it if objects of different types expected. */ |
845 | #define SET_EXPECT(expect, val)((expect) = (expect) < 0 ? (val) : ((expect) == (val) ? (val ) : 0)) ((expect) = (expect) < 0 ? (val) : ((expect) == (val) ? (val) : 0)) |
846 | /* |
847 | * Load those types of credentials for which the result pointer is not NULL. |
848 | * Reads from stdio if uri is NULL and maybe_stdin is nonzero. |
849 | * For non-NULL ppkey, pcert, and pcrl the first suitable value found is loaded. |
850 | * If pcerts is non-NULL and *pcerts == NULL then a new cert list is allocated. |
851 | * If pcerts is non-NULL then all available certificates are appended to *pcerts |
852 | * except any certificate assigned to *pcert. |
853 | * If pcrls is non-NULL and *pcrls == NULL then a new list of CRLs is allocated. |
854 | * If pcrls is non-NULL then all available CRLs are appended to *pcerts |
855 | * except any CRL assigned to *pcrl. |
856 | * In any case (also on error) the caller is responsible for freeing all members |
857 | * of *pcerts and *pcrls (as far as they are not NULL). |
858 | */ |
859 | static |
860 | int load_key_certs_crls_suppress(const char *uri, int format, int maybe_stdin, |
861 | const char *pass, const char *desc, |
862 | EVP_PKEY **ppkey, EVP_PKEY **ppubkey, |
863 | EVP_PKEY **pparams, |
864 | X509 **pcert, STACK_OF(X509)struct stack_st_X509 **pcerts, |
865 | X509_CRL **pcrl, STACK_OF(X509_CRL)struct stack_st_X509_CRL **pcrls, |
866 | int suppress_decode_errors) |
867 | { |
868 | PW_CB_DATA uidata; |
869 | OSSL_STORE_CTX *ctx = NULL((void*)0); |
870 | OSSL_LIB_CTX *libctx = app_get0_libctx(); |
871 | const char *propq = app_get0_propq(); |
872 | int ncerts = 0; |
873 | int ncrls = 0; |
874 | const char *failed = |
875 | ppkey != NULL((void*)0) ? "key" : ppubkey != NULL((void*)0) ? "public key" : |
876 | pparams != NULL((void*)0) ? "params" : pcert != NULL((void*)0) ? "cert" : |
877 | pcrl != NULL((void*)0) ? "CRL" : pcerts != NULL((void*)0) ? "certs" : |
878 | pcrls != NULL((void*)0) ? "CRLs" : NULL((void*)0); |
879 | int cnt_expectations = 0; |
880 | int expect = -1; |
881 | const char *input_type; |
882 | OSSL_PARAM itp[2]; |
883 | const OSSL_PARAM *params = NULL((void*)0); |
884 | |
885 | if (ppkey != NULL((void*)0)) { |
886 | *ppkey = NULL((void*)0); |
887 | cnt_expectations++; |
888 | SET_EXPECT(expect, OSSL_STORE_INFO_PKEY)((expect) = (expect) < 0 ? (4) : ((expect) == (4) ? (4) : 0 )); |
889 | } |
890 | if (ppubkey != NULL((void*)0)) { |
891 | *ppubkey = NULL((void*)0); |
892 | cnt_expectations++; |
893 | SET_EXPECT(expect, OSSL_STORE_INFO_PUBKEY)((expect) = (expect) < 0 ? (3) : ((expect) == (3) ? (3) : 0 )); |
894 | } |
895 | if (pparams != NULL((void*)0)) { |
896 | *pparams = NULL((void*)0); |
897 | cnt_expectations++; |
898 | SET_EXPECT(expect, OSSL_STORE_INFO_PARAMS)((expect) = (expect) < 0 ? (2) : ((expect) == (2) ? (2) : 0 )); |
899 | } |
900 | if (pcert != NULL((void*)0)) { |
901 | *pcert = NULL((void*)0); |
902 | cnt_expectations++; |
903 | SET_EXPECT(expect, OSSL_STORE_INFO_CERT)((expect) = (expect) < 0 ? (5) : ((expect) == (5) ? (5) : 0 )); |
904 | } |
905 | if (pcerts != NULL((void*)0)) { |
906 | if (*pcerts == NULL((void*)0) && (*pcerts = sk_X509_new_null()((struct stack_st_X509 *)OPENSSL_sk_new_null())) == NULL((void*)0)) { |
907 | BIO_printf(bio_err, "Out of memory loading"); |
908 | goto end; |
909 | } |
910 | cnt_expectations++; |
911 | SET_EXPECT(expect, OSSL_STORE_INFO_CERT)((expect) = (expect) < 0 ? (5) : ((expect) == (5) ? (5) : 0 )); |
912 | } |
913 | if (pcrl != NULL((void*)0)) { |
914 | *pcrl = NULL((void*)0); |
915 | cnt_expectations++; |
916 | SET_EXPECT(expect, OSSL_STORE_INFO_CRL)((expect) = (expect) < 0 ? (6) : ((expect) == (6) ? (6) : 0 )); |
917 | } |
918 | if (pcrls != NULL((void*)0)) { |
919 | if (*pcrls == NULL((void*)0) && (*pcrls = sk_X509_CRL_new_null()((struct stack_st_X509_CRL *)OPENSSL_sk_new_null())) == NULL((void*)0)) { |
920 | BIO_printf(bio_err, "Out of memory loading"); |
921 | goto end; |
922 | } |
923 | cnt_expectations++; |
924 | SET_EXPECT(expect, OSSL_STORE_INFO_CRL)((expect) = (expect) < 0 ? (6) : ((expect) == (6) ? (6) : 0 )); |
925 | } |
926 | if (cnt_expectations == 0) { |
927 | BIO_printf(bio_err, "Internal error: nothing to load from %s\n", |
928 | uri != NULL((void*)0) ? uri : "<stdin>"); |
929 | return 0; |
930 | } |
931 | |
932 | uidata.password = pass; |
933 | uidata.prompt_info = uri; |
934 | |
935 | if ((input_type = format2string(format)) != NULL((void*)0)) { |
936 | itp[0] = OSSL_PARAM_construct_utf8_string(OSSL_STORE_PARAM_INPUT_TYPE"input-type", |
937 | (char *)input_type, 0); |
938 | itp[1] = OSSL_PARAM_construct_end(); |
939 | params = itp; |
940 | } |
941 | |
942 | if (uri == NULL((void*)0)) { |
943 | BIO *bio; |
944 | |
945 | if (!maybe_stdin) { |
946 | BIO_printf(bio_err, "No filename or uri specified for loading"); |
947 | goto end; |
948 | } |
949 | uri = "<stdin>"; |
950 | unbuffer(stdinstdin); |
951 | bio = BIO_new_fp(stdinstdin, 0); |
952 | if (bio != NULL((void*)0)) { |
953 | ctx = OSSL_STORE_attach(bio, "file", libctx, propq, |
954 | get_ui_method(), &uidata, params, |
955 | NULL((void*)0), NULL((void*)0)); |
956 | BIO_free(bio); |
957 | } |
958 | } else { |
959 | ctx = OSSL_STORE_open_ex(uri, libctx, propq, get_ui_method(), &uidata, |
960 | params, NULL((void*)0), NULL((void*)0)); |
961 | } |
962 | if (ctx == NULL((void*)0)) { |
963 | BIO_printf(bio_err, "Could not open file or uri for loading"); |
964 | goto end; |
965 | } |
966 | if (expect > 0 && !OSSL_STORE_expect(ctx, expect)) |
967 | goto end; |
968 | |
969 | failed = NULL((void*)0); |
970 | while (cnt_expectations > 0 && !OSSL_STORE_eof(ctx)) { |
971 | OSSL_STORE_INFO *info = OSSL_STORE_load(ctx); |
972 | int type, ok = 1; |
973 | |
974 | /* |
975 | * This can happen (for example) if we attempt to load a file with |
976 | * multiple different types of things in it - but the thing we just |
977 | * tried to load wasn't one of the ones we wanted, e.g. if we're trying |
978 | * to load a certificate but the file has both the private key and the |
979 | * certificate in it. We just retry until eof. |
980 | */ |
981 | if (info == NULL((void*)0)) { |
982 | continue; |
983 | } |
984 | |
985 | type = OSSL_STORE_INFO_get_type(info); |
986 | switch (type) { |
987 | case OSSL_STORE_INFO_PKEY4: |
988 | if (ppkey != NULL((void*)0) && *ppkey == NULL((void*)0)) { |
989 | ok = (*ppkey = OSSL_STORE_INFO_get1_PKEY(info)) != NULL((void*)0); |
990 | cnt_expectations -= ok; |
991 | } |
992 | /* |
993 | * An EVP_PKEY with private parts also holds the public parts, |
994 | * so if the caller asked for a public key, and we got a private |
995 | * key, we can still pass it back. |
996 | */ |
997 | if (ok && ppubkey != NULL((void*)0) && *ppubkey == NULL((void*)0)) { |
998 | ok = ((*ppubkey = OSSL_STORE_INFO_get1_PKEY(info)) != NULL((void*)0)); |
999 | cnt_expectations -= ok; |
1000 | } |
1001 | break; |
1002 | case OSSL_STORE_INFO_PUBKEY3: |
1003 | if (ppubkey != NULL((void*)0) && *ppubkey == NULL((void*)0)) { |
1004 | ok = ((*ppubkey = OSSL_STORE_INFO_get1_PUBKEY(info)) != NULL((void*)0)); |
1005 | cnt_expectations -= ok; |
1006 | } |
1007 | break; |
1008 | case OSSL_STORE_INFO_PARAMS2: |
1009 | if (pparams != NULL((void*)0) && *pparams == NULL((void*)0)) { |
1010 | ok = ((*pparams = OSSL_STORE_INFO_get1_PARAMS(info)) != NULL((void*)0)); |
1011 | cnt_expectations -= ok; |
1012 | } |
1013 | break; |
1014 | case OSSL_STORE_INFO_CERT5: |
1015 | if (pcert != NULL((void*)0) && *pcert == NULL((void*)0)) { |
1016 | ok = (*pcert = OSSL_STORE_INFO_get1_CERT(info)) != NULL((void*)0); |
1017 | cnt_expectations -= ok; |
1018 | } |
1019 | else if (pcerts != NULL((void*)0)) |
1020 | ok = X509_add_cert(*pcerts, |
1021 | OSSL_STORE_INFO_get1_CERT(info), |
1022 | X509_ADD_FLAG_DEFAULT0); |
1023 | ncerts += ok; |
1024 | break; |
1025 | case OSSL_STORE_INFO_CRL6: |
1026 | if (pcrl != NULL((void*)0) && *pcrl == NULL((void*)0)) { |
1027 | ok = (*pcrl = OSSL_STORE_INFO_get1_CRL(info)) != NULL((void*)0); |
1028 | cnt_expectations -= ok; |
1029 | } |
1030 | else if (pcrls != NULL((void*)0)) |
1031 | ok = sk_X509_CRL_push(*pcrls, OSSL_STORE_INFO_get1_CRL(info))OPENSSL_sk_push(ossl_check_X509_CRL_sk_type(*pcrls), ossl_check_X509_CRL_type (OSSL_STORE_INFO_get1_CRL(info))); |
1032 | ncrls += ok; |
1033 | break; |
1034 | default: |
1035 | /* skip any other type */ |
1036 | break; |
1037 | } |
1038 | OSSL_STORE_INFO_free(info); |
1039 | if (!ok) { |
1040 | failed = info == NULL((void*)0) ? NULL((void*)0) : OSSL_STORE_INFO_type_string(type); |
1041 | BIO_printf(bio_err, "Error reading"); |
1042 | break; |
1043 | } |
1044 | } |
1045 | |
1046 | end: |
1047 | OSSL_STORE_close(ctx); |
1048 | if (failed == NULL((void*)0)) { |
1049 | int any = 0; |
1050 | |
1051 | if ((ppkey != NULL((void*)0) && *ppkey == NULL((void*)0)) |
1052 | || (ppubkey != NULL((void*)0) && *ppubkey == NULL((void*)0))) { |
1053 | failed = "key"; |
1054 | } else if (pparams != NULL((void*)0) && *pparams == NULL((void*)0)) { |
1055 | failed = "params"; |
1056 | } else if ((pcert != NULL((void*)0) || pcerts != NULL((void*)0)) && ncerts == 0) { |
1057 | if (pcert == NULL((void*)0)) |
1058 | any = 1; |
1059 | failed = "cert"; |
1060 | } else if ((pcrl != NULL((void*)0) || pcrls != NULL((void*)0)) && ncrls == 0) { |
1061 | if (pcrl == NULL((void*)0)) |
1062 | any = 1; |
1063 | failed = "CRL"; |
1064 | } |
1065 | if (!suppress_decode_errors) { |
1066 | if (failed != NULL((void*)0)) |
1067 | BIO_printf(bio_err, "Could not read"); |
1068 | if (any) |
1069 | BIO_printf(bio_err, " any"); |
1070 | } |
1071 | } |
1072 | if (!suppress_decode_errors && failed != NULL((void*)0)) { |
1073 | if (desc != NULL((void*)0) && strstr(desc, failed) != NULL((void*)0)) { |
1074 | BIO_printf(bio_err, " %s", desc); |
1075 | } else { |
1076 | BIO_printf(bio_err, " %s", failed); |
1077 | if (desc != NULL((void*)0)) |
1078 | BIO_printf(bio_err, " of %s", desc); |
1079 | } |
1080 | if (uri != NULL((void*)0)) |
1081 | BIO_printf(bio_err, " from %s", uri); |
1082 | BIO_printf(bio_err, "\n"); |
1083 | ERR_print_errors(bio_err); |
1084 | } |
1085 | if (suppress_decode_errors || failed == NULL((void*)0)) |
1086 | /* clear any spurious errors */ |
1087 | ERR_clear_error(); |
1088 | return failed == NULL((void*)0); |
1089 | } |
1090 | |
1091 | int load_key_certs_crls(const char *uri, int format, int maybe_stdin, |
1092 | const char *pass, const char *desc, |
1093 | EVP_PKEY **ppkey, EVP_PKEY **ppubkey, |
1094 | EVP_PKEY **pparams, |
1095 | X509 **pcert, STACK_OF(X509)struct stack_st_X509 **pcerts, |
1096 | X509_CRL **pcrl, STACK_OF(X509_CRL)struct stack_st_X509_CRL **pcrls) |
1097 | { |
1098 | return load_key_certs_crls_suppress(uri, format, maybe_stdin, pass, desc, |
1099 | ppkey, ppubkey, pparams, pcert, pcerts, |
1100 | pcrl, pcrls, 0); |
1101 | } |
1102 | |
1103 | #define X509V3_EXT_UNKNOWN_MASK(0xfL << 16) (0xfL << 16) |
1104 | /* Return error for unknown extensions */ |
1105 | #define X509V3_EXT_DEFAULT0 0 |
1106 | /* Print error for unknown extensions */ |
1107 | #define X509V3_EXT_ERROR_UNKNOWN(1L << 16) (1L << 16) |
1108 | /* ASN1 parse unknown extensions */ |
1109 | #define X509V3_EXT_PARSE_UNKNOWN(2L << 16) (2L << 16) |
1110 | /* BIO_dump unknown extensions */ |
1111 | #define X509V3_EXT_DUMP_UNKNOWN(3L << 16) (3L << 16) |
1112 | |
1113 | #define X509_FLAG_CA((1L << 4) | (1L << 7) | 1L | (1L << 1)) (X509_FLAG_NO_ISSUER(1L << 4) | X509_FLAG_NO_PUBKEY(1L << 7) | \ |
1114 | X509_FLAG_NO_HEADER1L | X509_FLAG_NO_VERSION(1L << 1)) |
1115 | |
1116 | int set_cert_ex(unsigned long *flags, const char *arg) |
1117 | { |
1118 | static const NAME_EX_TBL cert_tbl[] = { |
1119 | {"compatible", X509_FLAG_COMPAT0, 0xffffffffl}, |
1120 | {"ca_default", X509_FLAG_CA((1L << 4) | (1L << 7) | 1L | (1L << 1)), 0xffffffffl}, |
1121 | {"no_header", X509_FLAG_NO_HEADER1L, 0}, |
1122 | {"no_version", X509_FLAG_NO_VERSION(1L << 1), 0}, |
1123 | {"no_serial", X509_FLAG_NO_SERIAL(1L << 2), 0}, |
1124 | {"no_signame", X509_FLAG_NO_SIGNAME(1L << 3), 0}, |
1125 | {"no_validity", X509_FLAG_NO_VALIDITY(1L << 5), 0}, |
1126 | {"no_subject", X509_FLAG_NO_SUBJECT(1L << 6), 0}, |
1127 | {"no_issuer", X509_FLAG_NO_ISSUER(1L << 4), 0}, |
1128 | {"no_pubkey", X509_FLAG_NO_PUBKEY(1L << 7), 0}, |
1129 | {"no_extensions", X509_FLAG_NO_EXTENSIONS(1L << 8), 0}, |
1130 | {"no_sigdump", X509_FLAG_NO_SIGDUMP(1L << 9), 0}, |
1131 | {"no_aux", X509_FLAG_NO_AUX(1L << 10), 0}, |
1132 | {"no_attributes", X509_FLAG_NO_ATTRIBUTES(1L << 11), 0}, |
1133 | {"ext_default", X509V3_EXT_DEFAULT0, X509V3_EXT_UNKNOWN_MASK(0xfL << 16)}, |
1134 | {"ext_error", X509V3_EXT_ERROR_UNKNOWN(1L << 16), X509V3_EXT_UNKNOWN_MASK(0xfL << 16)}, |
1135 | {"ext_parse", X509V3_EXT_PARSE_UNKNOWN(2L << 16), X509V3_EXT_UNKNOWN_MASK(0xfL << 16)}, |
1136 | {"ext_dump", X509V3_EXT_DUMP_UNKNOWN(3L << 16), X509V3_EXT_UNKNOWN_MASK(0xfL << 16)}, |
1137 | {NULL((void*)0), 0, 0} |
1138 | }; |
1139 | return set_multi_opts(flags, arg, cert_tbl); |
1140 | } |
1141 | |
1142 | int set_name_ex(unsigned long *flags, const char *arg) |
1143 | { |
1144 | static const NAME_EX_TBL ex_tbl[] = { |
1145 | {"esc_2253", ASN1_STRFLGS_ESC_22531, 0}, |
1146 | {"esc_2254", ASN1_STRFLGS_ESC_22540x400, 0}, |
1147 | {"esc_ctrl", ASN1_STRFLGS_ESC_CTRL2, 0}, |
1148 | {"esc_msb", ASN1_STRFLGS_ESC_MSB4, 0}, |
1149 | {"use_quote", ASN1_STRFLGS_ESC_QUOTE8, 0}, |
1150 | {"utf8", ASN1_STRFLGS_UTF8_CONVERT0x10, 0}, |
1151 | {"ignore_type", ASN1_STRFLGS_IGNORE_TYPE0x20, 0}, |
1152 | {"show_type", ASN1_STRFLGS_SHOW_TYPE0x40, 0}, |
1153 | {"dump_all", ASN1_STRFLGS_DUMP_ALL0x80, 0}, |
1154 | {"dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN0x100, 0}, |
1155 | {"dump_der", ASN1_STRFLGS_DUMP_DER0x200, 0}, |
1156 | {"compat", XN_FLAG_COMPAT0, 0xffffffffL}, |
1157 | {"sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS(1 << 16), XN_FLAG_SEP_MASK(0xf << 16)}, |
1158 | {"sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC(2 << 16), XN_FLAG_SEP_MASK(0xf << 16)}, |
1159 | {"sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC(3 << 16), XN_FLAG_SEP_MASK(0xf << 16)}, |
1160 | {"sep_multiline", XN_FLAG_SEP_MULTILINE(4 << 16), XN_FLAG_SEP_MASK(0xf << 16)}, |
1161 | {"dn_rev", XN_FLAG_DN_REV(1 << 20), 0}, |
1162 | {"nofname", XN_FLAG_FN_NONE(3 << 21), XN_FLAG_FN_MASK(0x3 << 21)}, |
1163 | {"sname", XN_FLAG_FN_SN0, XN_FLAG_FN_MASK(0x3 << 21)}, |
1164 | {"lname", XN_FLAG_FN_LN(1 << 21), XN_FLAG_FN_MASK(0x3 << 21)}, |
1165 | {"align", XN_FLAG_FN_ALIGN(1 << 25), 0}, |
1166 | {"oid", XN_FLAG_FN_OID(2 << 21), XN_FLAG_FN_MASK(0x3 << 21)}, |
1167 | {"space_eq", XN_FLAG_SPC_EQ(1 << 23), 0}, |
1168 | {"dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS(1 << 24), 0}, |
1169 | {"RFC2253", XN_FLAG_RFC2253((1 | 2 | 4 | 0x10 | 0x100 | 0x200) | (1 << 16) | (1 << 20) | 0 | (1 << 24)), 0xffffffffL}, |
1170 | {"oneline", XN_FLAG_ONELINE((1 | 2 | 4 | 0x10 | 0x100 | 0x200) | 8 | (2 << 16) | ( 1 << 23) | 0), 0xffffffffL}, |
1171 | {"multiline", XN_FLAG_MULTILINE(2 | 4 | (4 << 16) | (1 << 23) | (1 << 21) | (1 << 25)), 0xffffffffL}, |
1172 | {"ca_default", XN_FLAG_MULTILINE(2 | 4 | (4 << 16) | (1 << 23) | (1 << 21) | (1 << 25)), 0xffffffffL}, |
1173 | {NULL((void*)0), 0, 0} |
1174 | }; |
1175 | if (set_multi_opts(flags, arg, ex_tbl) == 0) |
1176 | return 0; |
1177 | if (*flags != XN_FLAG_COMPAT0 |
1178 | && (*flags & XN_FLAG_SEP_MASK(0xf << 16)) == 0) |
1179 | *flags |= XN_FLAG_SEP_CPLUS_SPC(2 << 16); |
1180 | return 1; |
1181 | } |
1182 | |
1183 | int set_dateopt(unsigned long *dateopt, const char *arg) |
1184 | { |
1185 | if (OPENSSL_strcasecmp(arg, "rfc_822") == 0) |
1186 | *dateopt = ASN1_DTFLGS_RFC8220x00UL; |
1187 | else if (OPENSSL_strcasecmp(arg, "iso_8601") == 0) |
1188 | *dateopt = ASN1_DTFLGS_ISO86010x01UL; |
1189 | else |
1190 | return 0; |
1191 | return 1; |
1192 | } |
1193 | |
1194 | int set_ext_copy(int *copy_type, const char *arg) |
1195 | { |
1196 | if (OPENSSL_strcasecmp(arg, "none") == 0) |
1197 | *copy_type = EXT_COPY_NONE0; |
1198 | else if (OPENSSL_strcasecmp(arg, "copy") == 0) |
1199 | *copy_type = EXT_COPY_ADD1; |
1200 | else if (OPENSSL_strcasecmp(arg, "copyall") == 0) |
1201 | *copy_type = EXT_COPY_ALL2; |
1202 | else |
1203 | return 0; |
1204 | return 1; |
1205 | } |
1206 | |
1207 | int copy_extensions(X509 *x, X509_REQ *req, int copy_type) |
1208 | { |
1209 | STACK_OF(X509_EXTENSION)struct stack_st_X509_EXTENSION *exts; |
1210 | int i, ret = 0; |
1211 | |
1212 | if (x == NULL((void*)0) || req == NULL((void*)0)) |
1213 | return 0; |
1214 | if (copy_type == EXT_COPY_NONE0) |
1215 | return 1; |
1216 | exts = X509_REQ_get_extensions(req); |
1217 | |
1218 | for (i = 0; i < sk_X509_EXTENSION_num(exts)OPENSSL_sk_num(ossl_check_const_X509_EXTENSION_sk_type(exts)); i++) { |
1219 | X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i)((X509_EXTENSION *)OPENSSL_sk_value(ossl_check_const_X509_EXTENSION_sk_type (exts), (i))); |
1220 | ASN1_OBJECT *obj = X509_EXTENSION_get_object(ext); |
1221 | int idx = X509_get_ext_by_OBJ(x, obj, -1); |
1222 | |
1223 | /* Does extension exist in target? */ |
1224 | if (idx != -1) { |
1225 | /* If normal copy don't override existing extension */ |
1226 | if (copy_type == EXT_COPY_ADD1) |
1227 | continue; |
1228 | /* Delete all extensions of same type */ |
1229 | do { |
1230 | X509_EXTENSION_free(X509_delete_ext(x, idx)); |
1231 | idx = X509_get_ext_by_OBJ(x, obj, -1); |
1232 | } while (idx != -1); |
1233 | } |
1234 | if (!X509_add_ext(x, ext, -1)) |
1235 | goto end; |
1236 | } |
1237 | ret = 1; |
1238 | |
1239 | end: |
1240 | sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free)OPENSSL_sk_pop_free(ossl_check_X509_EXTENSION_sk_type(exts),ossl_check_X509_EXTENSION_freefunc_type (X509_EXTENSION_free)); |
1241 | return ret; |
1242 | } |
1243 | |
1244 | static int set_multi_opts(unsigned long *flags, const char *arg, |
1245 | const NAME_EX_TBL * in_tbl) |
1246 | { |
1247 | STACK_OF(CONF_VALUE)struct stack_st_CONF_VALUE *vals; |
1248 | CONF_VALUE *val; |
1249 | int i, ret = 1; |
1250 | if (!arg) |
1251 | return 0; |
1252 | vals = X509V3_parse_list(arg); |
1253 | for (i = 0; i < sk_CONF_VALUE_num(vals)OPENSSL_sk_num(ossl_check_const_CONF_VALUE_sk_type(vals)); i++) { |
1254 | val = sk_CONF_VALUE_value(vals, i)((CONF_VALUE *)OPENSSL_sk_value(ossl_check_const_CONF_VALUE_sk_type (vals), (i))); |
1255 | if (!set_table_opts(flags, val->name, in_tbl)) |
1256 | ret = 0; |
1257 | } |
1258 | sk_CONF_VALUE_pop_free(vals, X509V3_conf_free)OPENSSL_sk_pop_free(ossl_check_CONF_VALUE_sk_type(vals),ossl_check_CONF_VALUE_freefunc_type (X509V3_conf_free)); |
1259 | return ret; |
1260 | } |
1261 | |
1262 | static int set_table_opts(unsigned long *flags, const char *arg, |
1263 | const NAME_EX_TBL * in_tbl) |
1264 | { |
1265 | char c; |
1266 | const NAME_EX_TBL *ptbl; |
1267 | c = arg[0]; |
1268 | |
1269 | if (c == '-') { |
1270 | c = 0; |
1271 | arg++; |
1272 | } else if (c == '+') { |
1273 | c = 1; |
1274 | arg++; |
1275 | } else { |
1276 | c = 1; |
1277 | } |
1278 | |
1279 | for (ptbl = in_tbl; ptbl->name; ptbl++) { |
1280 | if (OPENSSL_strcasecmp(arg, ptbl->name) == 0) { |
1281 | *flags &= ~ptbl->mask; |
1282 | if (c) |
1283 | *flags |= ptbl->flag; |
1284 | else |
1285 | *flags &= ~ptbl->flag; |
1286 | return 1; |
1287 | } |
1288 | } |
1289 | return 0; |
1290 | } |
1291 | |
1292 | void print_name(BIO *out, const char *title, const X509_NAME *nm) |
1293 | { |
1294 | char *buf; |
1295 | char mline = 0; |
1296 | int indent = 0; |
1297 | unsigned long lflags = get_nameopt(); |
1298 | |
1299 | if (out == NULL((void*)0)) |
1300 | return; |
1301 | if (title != NULL((void*)0)) |
1302 | BIO_puts(out, title); |
1303 | if ((lflags & XN_FLAG_SEP_MASK(0xf << 16)) == XN_FLAG_SEP_MULTILINE(4 << 16)) { |
1304 | mline = 1; |
1305 | indent = 4; |
1306 | } |
1307 | if (lflags == XN_FLAG_COMPAT0) { |
1308 | buf = X509_NAME_oneline(nm, 0, 0); |
1309 | BIO_puts(out, buf); |
1310 | BIO_puts(out, "\n"); |
1311 | OPENSSL_free(buf)CRYPTO_free(buf, "../deps/openssl/openssl/apps/lib/apps.c", 1311 ); |
1312 | } else { |
1313 | if (mline) |
1314 | BIO_puts(out, "\n"); |
1315 | X509_NAME_print_ex(out, nm, indent, lflags); |
1316 | BIO_puts(out, "\n"); |
1317 | } |
1318 | } |
1319 | |
1320 | void print_bignum_var(BIO *out, const BIGNUM *in, const char *var, |
1321 | int len, unsigned char *buffer) |
1322 | { |
1323 | BIO_printf(out, " static unsigned char %s_%d[] = {", var, len); |
1324 | if (BN_is_zero(in)) { |
1325 | BIO_printf(out, "\n 0x00"); |
1326 | } else { |
1327 | int i, l; |
1328 | |
1329 | l = BN_bn2bin(in, buffer); |
1330 | for (i = 0; i < l; i++) { |
1331 | BIO_printf(out, (i % 10) == 0 ? "\n " : " "); |
1332 | if (i < l - 1) |
1333 | BIO_printf(out, "0x%02X,", buffer[i]); |
1334 | else |
1335 | BIO_printf(out, "0x%02X", buffer[i]); |
1336 | } |
1337 | } |
1338 | BIO_printf(out, "\n };\n"); |
1339 | } |
1340 | |
1341 | void print_array(BIO *out, const char* title, int len, const unsigned char* d) |
1342 | { |
1343 | int i; |
1344 | |
1345 | BIO_printf(out, "unsigned char %s[%d] = {", title, len); |
1346 | for (i = 0; i < len; i++) { |
1347 | if ((i % 10) == 0) |
1348 | BIO_printf(out, "\n "); |
1349 | if (i < len - 1) |
1350 | BIO_printf(out, "0x%02X, ", d[i]); |
1351 | else |
1352 | BIO_printf(out, "0x%02X", d[i]); |
1353 | } |
1354 | BIO_printf(out, "\n};\n"); |
1355 | } |
1356 | |
1357 | X509_STORE *setup_verify(const char *CAfile, int noCAfile, |
1358 | const char *CApath, int noCApath, |
1359 | const char *CAstore, int noCAstore) |
1360 | { |
1361 | X509_STORE *store = X509_STORE_new(); |
1362 | X509_LOOKUP *lookup; |
1363 | OSSL_LIB_CTX *libctx = app_get0_libctx(); |
1364 | const char *propq = app_get0_propq(); |
1365 | |
1366 | if (store == NULL((void*)0)) |
1367 | goto end; |
1368 | |
1369 | if (CAfile != NULL((void*)0) || !noCAfile) { |
1370 | lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); |
1371 | if (lookup == NULL((void*)0)) |
1372 | goto end; |
1373 | if (CAfile != NULL((void*)0)) { |
1374 | if (X509_LOOKUP_load_file_ex(lookup, CAfile, X509_FILETYPE_PEM,X509_LOOKUP_ctrl_ex((lookup), 1, (CAfile), (long)(1), ((void* )0), (libctx), (propq)) |
1375 | libctx, propq)X509_LOOKUP_ctrl_ex((lookup), 1, (CAfile), (long)(1), ((void* )0), (libctx), (propq)) <= 0) { |
1376 | BIO_printf(bio_err, "Error loading file %s\n", CAfile); |
1377 | goto end; |
1378 | } |
1379 | } else { |
1380 | X509_LOOKUP_load_file_ex(lookup, NULL, X509_FILETYPE_DEFAULT,X509_LOOKUP_ctrl_ex((lookup), 1, (((void*)0)), (long)(3), ((void *)0), (libctx), (propq)) |
1381 | libctx, propq)X509_LOOKUP_ctrl_ex((lookup), 1, (((void*)0)), (long)(3), ((void *)0), (libctx), (propq)); |
1382 | } |
1383 | } |
1384 | |
1385 | if (CApath != NULL((void*)0) || !noCApath) { |
1386 | lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()); |
1387 | if (lookup == NULL((void*)0)) |
1388 | goto end; |
1389 | if (CApath != NULL((void*)0)) { |
1390 | if (X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM)X509_LOOKUP_ctrl((lookup),2,(CApath),(long)(1),((void*)0)) <= 0) { |
1391 | BIO_printf(bio_err, "Error loading directory %s\n", CApath); |
1392 | goto end; |
1393 | } |
1394 | } else { |
1395 | X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT)X509_LOOKUP_ctrl((lookup),2,(((void*)0)),(long)(3),((void*)0) ); |
1396 | } |
1397 | } |
1398 | |
1399 | if (CAstore != NULL((void*)0) || !noCAstore) { |
1400 | lookup = X509_STORE_add_lookup(store, X509_LOOKUP_store()); |
1401 | if (lookup == NULL((void*)0)) |
1402 | goto end; |
1403 | if (!X509_LOOKUP_add_store_ex(lookup, CAstore, libctx, propq)X509_LOOKUP_ctrl_ex((lookup), 3, (CAstore), 0, ((void*)0), (libctx ), (propq))) { |
1404 | if (CAstore != NULL((void*)0)) |
1405 | BIO_printf(bio_err, "Error loading store URI %s\n", CAstore); |
1406 | goto end; |
1407 | } |
1408 | } |
1409 | |
1410 | ERR_clear_error(); |
1411 | return store; |
1412 | end: |
1413 | ERR_print_errors(bio_err); |
1414 | X509_STORE_free(store); |
1415 | return NULL((void*)0); |
1416 | } |
1417 | |
1418 | static unsigned long index_serial_hash(const OPENSSL_CSTRING *a) |
1419 | { |
1420 | const char *n; |
1421 | |
1422 | n = a[DB_serial3]; |
1423 | while (*n == '0') |
1424 | n++; |
1425 | return OPENSSL_LH_strhash(n); |
1426 | } |
1427 | |
1428 | static int index_serial_cmp(const OPENSSL_CSTRING *a, |
1429 | const OPENSSL_CSTRING *b) |
1430 | { |
1431 | const char *aa, *bb; |
1432 | |
1433 | for (aa = a[DB_serial3]; *aa == '0'; aa++) ; |
1434 | for (bb = b[DB_serial3]; *bb == '0'; bb++) ; |
1435 | return strcmp(aa, bb); |
1436 | } |
1437 | |
1438 | static int index_name_qual(char **a) |
1439 | { |
1440 | return (a[0][0] == 'V'); |
1441 | } |
1442 | |
1443 | static unsigned long index_name_hash(const OPENSSL_CSTRING *a) |
1444 | { |
1445 | return OPENSSL_LH_strhash(a[DB_name5]); |
1446 | } |
1447 | |
1448 | int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b) |
1449 | { |
1450 | return strcmp(a[DB_name5], b[DB_name5]); |
1451 | } |
1452 | |
1453 | static IMPLEMENT_LHASH_HASH_FN(index_serial, OPENSSL_CSTRING)unsigned long index_serial_LHASH_HASH(const void *arg) { const OPENSSL_CSTRING *a = arg; return index_serial_hash(a); } |
1454 | static IMPLEMENT_LHASH_COMP_FN(index_serial, OPENSSL_CSTRING)int index_serial_LHASH_COMP(const void *arg1, const void *arg2 ) { const OPENSSL_CSTRING *a = arg1; const OPENSSL_CSTRING *b = arg2; return index_serial_cmp(a,b); } |
1455 | static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING)unsigned long index_name_LHASH_HASH(const void *arg) { const OPENSSL_CSTRING *a = arg; return index_name_hash(a); } |
1456 | static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING)int index_name_LHASH_COMP(const void *arg1, const void *arg2) { const OPENSSL_CSTRING *a = arg1; const OPENSSL_CSTRING *b = arg2; return index_name_cmp(a,b); } |
1457 | #undef BSIZE256 |
1458 | #define BSIZE256 256 |
1459 | BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai) |
1460 | { |
1461 | BIO *in = NULL((void*)0); |
1462 | BIGNUM *ret = NULL((void*)0); |
1463 | char buf[1024]; |
1464 | ASN1_INTEGER *ai = NULL((void*)0); |
1465 | |
1466 | ai = ASN1_INTEGER_new(); |
1467 | if (ai == NULL((void*)0)) |
1468 | goto err; |
1469 | |
1470 | in = BIO_new_file(serialfile, "r"); |
1471 | if (in == NULL((void*)0)) { |
1472 | if (!create) { |
1473 | perror(serialfile); |
1474 | goto err; |
1475 | } |
1476 | ERR_clear_error(); |
1477 | ret = BN_new(); |
1478 | if (ret == NULL((void*)0) || !rand_serial(ret, ai)) |
1479 | BIO_printf(bio_err, "Out of memory\n"); |
1480 | } else { |
1481 | if (!a2i_ASN1_INTEGER(in, ai, buf, 1024)) { |
1482 | BIO_printf(bio_err, "Unable to load number from %s\n", |
1483 | serialfile); |
1484 | goto err; |
1485 | } |
1486 | ret = ASN1_INTEGER_to_BN(ai, NULL((void*)0)); |
1487 | if (ret == NULL((void*)0)) { |
1488 | BIO_printf(bio_err, "Error converting number from bin to BIGNUM\n"); |
1489 | goto err; |
1490 | } |
1491 | } |
1492 | |
1493 | if (ret && retai) { |
1494 | *retai = ai; |
1495 | ai = NULL((void*)0); |
1496 | } |
1497 | err: |
1498 | ERR_print_errors(bio_err); |
1499 | BIO_free(in); |
1500 | ASN1_INTEGER_free(ai); |
1501 | return ret; |
1502 | } |
1503 | |
1504 | int save_serial(const char *serialfile, const char *suffix, const BIGNUM *serial, |
1505 | ASN1_INTEGER **retai) |
1506 | { |
1507 | char buf[1][BSIZE256]; |
1508 | BIO *out = NULL((void*)0); |
1509 | int ret = 0; |
1510 | ASN1_INTEGER *ai = NULL((void*)0); |
1511 | int j; |
1512 | |
1513 | if (suffix == NULL((void*)0)) |
1514 | j = strlen(serialfile); |
1515 | else |
1516 | j = strlen(serialfile) + strlen(suffix) + 1; |
1517 | if (j >= BSIZE256) { |
1518 | BIO_printf(bio_err, "File name too long\n"); |
1519 | goto err; |
1520 | } |
1521 | |
1522 | if (suffix == NULL((void*)0)) |
1523 | OPENSSL_strlcpy(buf[0], serialfile, BSIZE256); |
1524 | else { |
1525 | #ifndef OPENSSL_SYS_VMS |
1526 | j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, suffix); |
1527 | #else |
1528 | j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, suffix); |
1529 | #endif |
1530 | } |
1531 | out = BIO_new_file(buf[0], "w"); |
1532 | if (out == NULL((void*)0)) { |
1533 | goto err; |
1534 | } |
1535 | |
1536 | if ((ai = BN_to_ASN1_INTEGER(serial, NULL((void*)0))) == NULL((void*)0)) { |
1537 | BIO_printf(bio_err, "error converting serial to ASN.1 format\n"); |
1538 | goto err; |
1539 | } |
1540 | i2a_ASN1_INTEGER(out, ai); |
1541 | BIO_puts(out, "\n"); |
1542 | ret = 1; |
1543 | if (retai) { |
1544 | *retai = ai; |
1545 | ai = NULL((void*)0); |
1546 | } |
1547 | err: |
1548 | if (!ret) |
1549 | ERR_print_errors(bio_err); |
1550 | BIO_free_all(out); |
1551 | ASN1_INTEGER_free(ai); |
1552 | return ret; |
1553 | } |
1554 | |
1555 | int rotate_serial(const char *serialfile, const char *new_suffix, |
1556 | const char *old_suffix) |
1557 | { |
1558 | char buf[2][BSIZE256]; |
1559 | int i, j; |
1560 | |
1561 | i = strlen(serialfile) + strlen(old_suffix); |
1562 | j = strlen(serialfile) + strlen(new_suffix); |
1563 | if (i > j) |
1564 | j = i; |
1565 | if (j + 1 >= BSIZE256) { |
1566 | BIO_printf(bio_err, "File name too long\n"); |
1567 | goto err; |
1568 | } |
1569 | #ifndef OPENSSL_SYS_VMS |
1570 | j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, new_suffix); |
1571 | j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", serialfile, old_suffix); |
1572 | #else |
1573 | j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, new_suffix); |
1574 | j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", serialfile, old_suffix); |
1575 | #endif |
1576 | if (rename(serialfile, buf[1]) < 0 && errno(*__errno_location ()) != ENOENT2 |
1577 | #ifdef ENOTDIR20 |
1578 | && errno(*__errno_location ()) != ENOTDIR20 |
1579 | #endif |
1580 | ) { |
1581 | BIO_printf(bio_err, |
1582 | "Unable to rename %s to %s\n", serialfile, buf[1]); |
1583 | perror("reason"); |
1584 | goto err; |
1585 | } |
1586 | if (rename(buf[0], serialfile) < 0) { |
1587 | BIO_printf(bio_err, |
1588 | "Unable to rename %s to %s\n", buf[0], serialfile); |
1589 | perror("reason"); |
1590 | rename(buf[1], serialfile); |
1591 | goto err; |
1592 | } |
1593 | return 1; |
1594 | err: |
1595 | ERR_print_errors(bio_err); |
1596 | return 0; |
1597 | } |
1598 | |
1599 | int rand_serial(BIGNUM *b, ASN1_INTEGER *ai) |
1600 | { |
1601 | BIGNUM *btmp; |
1602 | int ret = 0; |
1603 | |
1604 | btmp = b == NULL((void*)0) ? BN_new() : b; |
1605 | if (btmp == NULL((void*)0)) |
1606 | return 0; |
1607 | |
1608 | if (!BN_rand(btmp, SERIAL_RAND_BITS159, BN_RAND_TOP_ANY-1, BN_RAND_BOTTOM_ANY0)) |
1609 | goto error; |
1610 | if (ai && !BN_to_ASN1_INTEGER(btmp, ai)) |
1611 | goto error; |
1612 | |
1613 | ret = 1; |
1614 | |
1615 | error: |
1616 | |
1617 | if (btmp != b) |
1618 | BN_free(btmp); |
1619 | |
1620 | return ret; |
1621 | } |
1622 | |
1623 | CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr) |
1624 | { |
1625 | CA_DB *retdb = NULL((void*)0); |
1626 | TXT_DB *tmpdb = NULL((void*)0); |
1627 | BIO *in; |
1628 | CONF *dbattr_conf = NULL((void*)0); |
1629 | char buf[BSIZE256]; |
1630 | #ifndef OPENSSL_NO_POSIX_IO |
1631 | FILE *dbfp; |
1632 | struct stat dbst; |
1633 | #endif |
1634 | |
1635 | in = BIO_new_file(dbfile, "r"); |
1636 | if (in == NULL((void*)0)) |
1637 | goto err; |
1638 | |
1639 | #ifndef OPENSSL_NO_POSIX_IO |
1640 | BIO_get_fp(in, &dbfp)BIO_ctrl(in,107,0,(char *)(&dbfp)); |
1641 | if (fstat(fileno(dbfp), &dbst) == -1) { |
1642 | ERR_raise_data(ERR_new(), ERR_set_debug("../deps/openssl/openssl/apps/lib/apps.c" ,1642,__func__), ERR_set_error)(ERR_LIB_SYS2, errno(*__errno_location ()), |
1643 | "calling fstat(%s)", dbfile); |
1644 | goto err; |
1645 | } |
1646 | #endif |
1647 | |
1648 | if ((tmpdb = TXT_DB_read(in, DB_NUMBER6)) == NULL((void*)0)) |
1649 | goto err; |
1650 | |
1651 | #ifndef OPENSSL_SYS_VMS |
1652 | BIO_snprintf(buf, sizeof(buf), "%s.attr", dbfile); |
1653 | #else |
1654 | BIO_snprintf(buf, sizeof(buf), "%s-attr", dbfile); |
1655 | #endif |
1656 | dbattr_conf = app_load_config_quiet(buf)app_load_config_internal(buf, 1); |
1657 | |
1658 | retdb = app_malloc(sizeof(*retdb), "new DB"); |
1659 | retdb->db = tmpdb; |
1660 | tmpdb = NULL((void*)0); |
1661 | if (db_attr) |
1662 | retdb->attributes = *db_attr; |
1663 | else { |
1664 | retdb->attributes.unique_subject = 1; |
1665 | } |
1666 | |
1667 | if (dbattr_conf) { |
1668 | char *p = NCONF_get_string(dbattr_conf, NULL((void*)0), "unique_subject"); |
1669 | if (p) { |
1670 | retdb->attributes.unique_subject = parse_yesno(p, 1); |
1671 | } |
1672 | } |
1673 | |
1674 | retdb->dbfname = OPENSSL_strdup(dbfile)CRYPTO_strdup(dbfile, "../deps/openssl/openssl/apps/lib/apps.c" , 1674); |
1675 | #ifndef OPENSSL_NO_POSIX_IO |
1676 | retdb->dbst = dbst; |
1677 | #endif |
1678 | |
1679 | err: |
1680 | ERR_print_errors(bio_err); |
1681 | NCONF_free(dbattr_conf); |
1682 | TXT_DB_free(tmpdb); |
1683 | BIO_free_all(in); |
1684 | return retdb; |
1685 | } |
1686 | |
1687 | /* |
1688 | * Returns > 0 on success, <= 0 on error |
1689 | */ |
1690 | int index_index(CA_DB *db) |
1691 | { |
1692 | if (!TXT_DB_create_index(db->db, DB_serial3, NULL((void*)0), |
1693 | LHASH_HASH_FN(index_serial)index_serial_LHASH_HASH, |
1694 | LHASH_COMP_FN(index_serial)index_serial_LHASH_COMP)) { |
1695 | BIO_printf(bio_err, |
1696 | "Error creating serial number index:(%ld,%ld,%ld)\n", |
1697 | db->db->error, db->db->arg1, db->db->arg2); |
1698 | goto err; |
1699 | } |
1700 | |
1701 | if (db->attributes.unique_subject |
1702 | && !TXT_DB_create_index(db->db, DB_name5, index_name_qual, |
1703 | LHASH_HASH_FN(index_name)index_name_LHASH_HASH, |
1704 | LHASH_COMP_FN(index_name)index_name_LHASH_COMP)) { |
1705 | BIO_printf(bio_err, "Error creating name index:(%ld,%ld,%ld)\n", |
1706 | db->db->error, db->db->arg1, db->db->arg2); |
1707 | goto err; |
1708 | } |
1709 | return 1; |
1710 | err: |
1711 | ERR_print_errors(bio_err); |
1712 | return 0; |
1713 | } |
1714 | |
1715 | int save_index(const char *dbfile, const char *suffix, CA_DB *db) |
1716 | { |
1717 | char buf[3][BSIZE256]; |
1718 | BIO *out; |
1719 | int j; |
1720 | |
1721 | j = strlen(dbfile) + strlen(suffix); |
1722 | if (j + 6 >= BSIZE256) { |
1723 | BIO_printf(bio_err, "File name too long\n"); |
1724 | goto err; |
1725 | } |
1726 | #ifndef OPENSSL_SYS_VMS |
1727 | j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr", dbfile); |
Value stored to 'j' is never read | |
1728 | j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.attr.%s", dbfile, suffix); |
1729 | j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, suffix); |
1730 | #else |
1731 | j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr", dbfile); |
1732 | j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-attr-%s", dbfile, suffix); |
1733 | j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, suffix); |
1734 | #endif |
1735 | out = BIO_new_file(buf[0], "w"); |
1736 | if (out == NULL((void*)0)) { |
1737 | perror(dbfile); |
1738 | BIO_printf(bio_err, "Unable to open '%s'\n", dbfile); |
1739 | goto err; |
1740 | } |
1741 | j = TXT_DB_write(out, db->db); |
1742 | BIO_free(out); |
1743 | if (j <= 0) |
1744 | goto err; |
1745 | |
1746 | out = BIO_new_file(buf[1], "w"); |
1747 | if (out == NULL((void*)0)) { |
1748 | perror(buf[2]); |
1749 | BIO_printf(bio_err, "Unable to open '%s'\n", buf[2]); |
1750 | goto err; |
1751 | } |
1752 | BIO_printf(out, "unique_subject = %s\n", |
1753 | db->attributes.unique_subject ? "yes" : "no"); |
1754 | BIO_free(out); |
1755 | |
1756 | return 1; |
1757 | err: |
1758 | ERR_print_errors(bio_err); |
1759 | return 0; |
1760 | } |
1761 | |
1762 | int rotate_index(const char *dbfile, const char *new_suffix, |
1763 | const char *old_suffix) |
1764 | { |
1765 | char buf[5][BSIZE256]; |
1766 | int i, j; |
1767 | |
1768 | i = strlen(dbfile) + strlen(old_suffix); |
1769 | j = strlen(dbfile) + strlen(new_suffix); |
1770 | if (i > j) |
1771 | j = i; |
1772 | if (j + 6 >= BSIZE256) { |
1773 | BIO_printf(bio_err, "File name too long\n"); |
1774 | goto err; |
1775 | } |
1776 | #ifndef OPENSSL_SYS_VMS |
1777 | j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s.attr", dbfile); |
1778 | j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s.attr.%s", dbfile, old_suffix); |
1779 | j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr.%s", dbfile, new_suffix); |
1780 | j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", dbfile, old_suffix); |
1781 | j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, new_suffix); |
1782 | #else |
1783 | j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s-attr", dbfile); |
1784 | j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s-attr-%s", dbfile, old_suffix); |
1785 | j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr-%s", dbfile, new_suffix); |
1786 | j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", dbfile, old_suffix); |
1787 | j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, new_suffix); |
1788 | #endif |
1789 | if (rename(dbfile, buf[1]) < 0 && errno(*__errno_location ()) != ENOENT2 |
1790 | #ifdef ENOTDIR20 |
1791 | && errno(*__errno_location ()) != ENOTDIR20 |
1792 | #endif |
1793 | ) { |
1794 | BIO_printf(bio_err, "Unable to rename %s to %s\n", dbfile, buf[1]); |
1795 | perror("reason"); |
1796 | goto err; |
1797 | } |
1798 | if (rename(buf[0], dbfile) < 0) { |
1799 | BIO_printf(bio_err, "Unable to rename %s to %s\n", buf[0], dbfile); |
1800 | perror("reason"); |
1801 | rename(buf[1], dbfile); |
1802 | goto err; |
1803 | } |
1804 | if (rename(buf[4], buf[3]) < 0 && errno(*__errno_location ()) != ENOENT2 |
1805 | #ifdef ENOTDIR20 |
1806 | && errno(*__errno_location ()) != ENOTDIR20 |
1807 | #endif |
1808 | ) { |
1809 | BIO_printf(bio_err, "Unable to rename %s to %s\n", buf[4], buf[3]); |
1810 | perror("reason"); |
1811 | rename(dbfile, buf[0]); |
1812 | rename(buf[1], dbfile); |
1813 | goto err; |
1814 | } |
1815 | if (rename(buf[2], buf[4]) < 0) { |
1816 | BIO_printf(bio_err, "Unable to rename %s to %s\n", buf[2], buf[4]); |
1817 | perror("reason"); |
1818 | rename(buf[3], buf[4]); |
1819 | rename(dbfile, buf[0]); |
1820 | rename(buf[1], dbfile); |
1821 | goto err; |
1822 | } |
1823 | return 1; |
1824 | err: |
1825 | ERR_print_errors(bio_err); |
1826 | return 0; |
1827 | } |
1828 | |
1829 | void free_index(CA_DB *db) |
1830 | { |
1831 | if (db) { |
1832 | TXT_DB_free(db->db); |
1833 | OPENSSL_free(db->dbfname)CRYPTO_free(db->dbfname, "../deps/openssl/openssl/apps/lib/apps.c" , 1833); |
1834 | OPENSSL_free(db)CRYPTO_free(db, "../deps/openssl/openssl/apps/lib/apps.c", 1834 ); |
1835 | } |
1836 | } |
1837 | |
1838 | int parse_yesno(const char *str, int def) |
1839 | { |
1840 | if (str) { |
1841 | switch (*str) { |
1842 | case 'f': /* false */ |
1843 | case 'F': /* FALSE */ |
1844 | case 'n': /* no */ |
1845 | case 'N': /* NO */ |
1846 | case '0': /* 0 */ |
1847 | return 0; |
1848 | case 't': /* true */ |
1849 | case 'T': /* TRUE */ |
1850 | case 'y': /* yes */ |
1851 | case 'Y': /* YES */ |
1852 | case '1': /* 1 */ |
1853 | return 1; |
1854 | } |
1855 | } |
1856 | return def; |
1857 | } |
1858 | |
1859 | /* |
1860 | * name is expected to be in the format /type0=value0/type1=value1/type2=... |
1861 | * where + can be used instead of / to form multi-valued RDNs if canmulti |
1862 | * and characters may be escaped by \ |
1863 | */ |
1864 | X509_NAME *parse_name(const char *cp, int chtype, int canmulti, |
1865 | const char *desc) |
1866 | { |
1867 | int nextismulti = 0; |
1868 | char *work; |
1869 | X509_NAME *n; |
1870 | |
1871 | if (*cp++ != '/') { |
1872 | BIO_printf(bio_err, |
1873 | "%s: %s name is expected to be in the format " |
1874 | "/type0=value0/type1=value1/type2=... where characters may " |
1875 | "be escaped by \\. This name is not in that format: '%s'\n", |
1876 | opt_getprog(), desc, --cp); |
1877 | return NULL((void*)0); |
1878 | } |
1879 | |
1880 | n = X509_NAME_new(); |
1881 | if (n == NULL((void*)0)) { |
1882 | BIO_printf(bio_err, "%s: Out of memory\n", opt_getprog()); |
1883 | return NULL((void*)0); |
1884 | } |
1885 | work = OPENSSL_strdup(cp)CRYPTO_strdup(cp, "../deps/openssl/openssl/apps/lib/apps.c", 1885 ); |
1886 | if (work == NULL((void*)0)) { |
1887 | BIO_printf(bio_err, "%s: Error copying %s name input\n", |
1888 | opt_getprog(), desc); |
1889 | goto err; |
1890 | } |
1891 | |
1892 | while (*cp != '\0') { |
1893 | char *bp = work; |
1894 | char *typestr = bp; |
1895 | unsigned char *valstr; |
1896 | int nid; |
1897 | int ismulti = nextismulti; |
1898 | nextismulti = 0; |
1899 | |
1900 | /* Collect the type */ |
1901 | while (*cp != '\0' && *cp != '=') |
1902 | *bp++ = *cp++; |
1903 | *bp++ = '\0'; |
1904 | if (*cp == '\0') { |
1905 | BIO_printf(bio_err, |
1906 | "%s: Missing '=' after RDN type string '%s' in %s name string\n", |
1907 | opt_getprog(), typestr, desc); |
1908 | goto err; |
1909 | } |
1910 | ++cp; |
1911 | |
1912 | /* Collect the value. */ |
1913 | valstr = (unsigned char *)bp; |
1914 | for (; *cp != '\0' && *cp != '/'; *bp++ = *cp++) { |
1915 | /* unescaped '+' symbol string signals further member of multiRDN */ |
1916 | if (canmulti && *cp == '+') { |
1917 | nextismulti = 1; |
1918 | break; |
1919 | } |
1920 | if (*cp == '\\' && *++cp == '\0') { |
1921 | BIO_printf(bio_err, |
1922 | "%s: Escape character at end of %s name string\n", |
1923 | opt_getprog(), desc); |
1924 | goto err; |
1925 | } |
1926 | } |
1927 | *bp++ = '\0'; |
1928 | |
1929 | /* If not at EOS (must be + or /), move forward. */ |
1930 | if (*cp != '\0') |
1931 | ++cp; |
1932 | |
1933 | /* Parse */ |
1934 | nid = OBJ_txt2nid(typestr); |
1935 | if (nid == NID_undef0) { |
1936 | BIO_printf(bio_err, |
1937 | "%s: Skipping unknown %s name attribute \"%s\"\n", |
1938 | opt_getprog(), desc, typestr); |
1939 | if (ismulti) |
1940 | BIO_printf(bio_err, |
1941 | "Hint: a '+' in a value string needs be escaped using '\\' else a new member of a multi-valued RDN is expected\n"); |
1942 | continue; |
1943 | } |
1944 | if (*valstr == '\0') { |
1945 | BIO_printf(bio_err, |
1946 | "%s: No value provided for %s name attribute \"%s\", skipped\n", |
1947 | opt_getprog(), desc, typestr); |
1948 | continue; |
1949 | } |
1950 | if (!X509_NAME_add_entry_by_NID(n, nid, chtype, |
1951 | valstr, strlen((char *)valstr), |
1952 | -1, ismulti ? -1 : 0)) { |
1953 | ERR_print_errors(bio_err); |
1954 | BIO_printf(bio_err, |
1955 | "%s: Error adding %s name attribute \"/%s=%s\"\n", |
1956 | opt_getprog(), desc, typestr ,valstr); |
1957 | goto err; |
1958 | } |
1959 | } |
1960 | |
1961 | OPENSSL_free(work)CRYPTO_free(work, "../deps/openssl/openssl/apps/lib/apps.c", 1961 ); |
1962 | return n; |
1963 | |
1964 | err: |
1965 | X509_NAME_free(n); |
1966 | OPENSSL_free(work)CRYPTO_free(work, "../deps/openssl/openssl/apps/lib/apps.c", 1966 ); |
1967 | return NULL((void*)0); |
1968 | } |
1969 | |
1970 | /* |
1971 | * Read whole contents of a BIO into an allocated memory buffer and return |
1972 | * it. |
1973 | */ |
1974 | |
1975 | int bio_to_mem(unsigned char **out, int maxlen, BIO *in) |
1976 | { |
1977 | BIO *mem; |
1978 | int len, ret; |
1979 | unsigned char tbuf[1024]; |
1980 | |
1981 | mem = BIO_new(BIO_s_mem()); |
1982 | if (mem == NULL((void*)0)) |
1983 | return -1; |
1984 | for (;;) { |
1985 | if ((maxlen != -1) && maxlen < 1024) |
1986 | len = maxlen; |
1987 | else |
1988 | len = 1024; |
1989 | len = BIO_read(in, tbuf, len); |
1990 | if (len < 0) { |
1991 | BIO_free(mem); |
1992 | return -1; |
1993 | } |
1994 | if (len == 0) |
1995 | break; |
1996 | if (BIO_write(mem, tbuf, len) != len) { |
1997 | BIO_free(mem); |
1998 | return -1; |
1999 | } |
2000 | maxlen -= len; |
2001 | |
2002 | if (maxlen == 0) |
2003 | break; |
2004 | } |
2005 | ret = BIO_get_mem_data(mem, (char **)out)BIO_ctrl(mem,3,0,(char *)((char **)out)); |
2006 | BIO_set_flags(mem, BIO_FLAGS_MEM_RDONLY0x200); |
2007 | BIO_free(mem); |
2008 | return ret; |
2009 | } |
2010 | |
2011 | int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value) |
2012 | { |
2013 | int rv = 0; |
2014 | char *stmp, *vtmp = NULL((void*)0); |
2015 | |
2016 | stmp = OPENSSL_strdup(value)CRYPTO_strdup(value, "../deps/openssl/openssl/apps/lib/apps.c" , 2016); |
2017 | if (stmp == NULL((void*)0)) |
2018 | return -1; |
2019 | vtmp = strchr(stmp, ':'); |
2020 | if (vtmp == NULL((void*)0)) |
2021 | goto err; |
2022 | |
2023 | *vtmp = 0; |
2024 | vtmp++; |
2025 | rv = EVP_PKEY_CTX_ctrl_str(ctx, stmp, vtmp); |
2026 | |
2027 | err: |
2028 | OPENSSL_free(stmp)CRYPTO_free(stmp, "../deps/openssl/openssl/apps/lib/apps.c", 2028 ); |
2029 | return rv; |
2030 | } |
2031 | |
2032 | static void nodes_print(const char *name, STACK_OF(X509_POLICY_NODE)struct stack_st_X509_POLICY_NODE *nodes) |
2033 | { |
2034 | X509_POLICY_NODE *node; |
2035 | int i; |
2036 | |
2037 | BIO_printf(bio_err, "%s Policies:", name); |
2038 | if (nodes) { |
2039 | BIO_puts(bio_err, "\n"); |
2040 | for (i = 0; i < sk_X509_POLICY_NODE_num(nodes)OPENSSL_sk_num(ossl_check_const_X509_POLICY_NODE_sk_type(nodes )); i++) { |
2041 | node = sk_X509_POLICY_NODE_value(nodes, i)((X509_POLICY_NODE *)OPENSSL_sk_value(ossl_check_const_X509_POLICY_NODE_sk_type (nodes), (i))); |
2042 | X509_POLICY_NODE_print(bio_err, node, 2); |
2043 | } |
2044 | } else { |
2045 | BIO_puts(bio_err, " <empty>\n"); |
2046 | } |
2047 | } |
2048 | |
2049 | void policies_print(X509_STORE_CTX *ctx) |
2050 | { |
2051 | X509_POLICY_TREE *tree; |
2052 | int explicit_policy; |
2053 | tree = X509_STORE_CTX_get0_policy_tree(ctx); |
2054 | explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx); |
2055 | |
2056 | BIO_printf(bio_err, "Require explicit Policy: %s\n", |
2057 | explicit_policy ? "True" : "False"); |
2058 | |
2059 | nodes_print("Authority", X509_policy_tree_get0_policies(tree)); |
2060 | nodes_print("User", X509_policy_tree_get0_user_policies(tree)); |
2061 | } |
2062 | |
2063 | /*- |
2064 | * next_protos_parse parses a comma separated list of strings into a string |
2065 | * in a format suitable for passing to SSL_CTX_set_next_protos_advertised. |
2066 | * outlen: (output) set to the length of the resulting buffer on success. |
2067 | * err: (maybe NULL) on failure, an error message line is written to this BIO. |
2068 | * in: a NUL terminated string like "abc,def,ghi" |
2069 | * |
2070 | * returns: a malloc'd buffer or NULL on failure. |
2071 | */ |
2072 | unsigned char *next_protos_parse(size_t *outlen, const char *in) |
2073 | { |
2074 | size_t len; |
2075 | unsigned char *out; |
2076 | size_t i, start = 0; |
2077 | size_t skipped = 0; |
2078 | |
2079 | len = strlen(in); |
2080 | if (len == 0 || len >= 65535) |
2081 | return NULL((void*)0); |
2082 | |
2083 | out = app_malloc(len + 1, "NPN buffer"); |
2084 | for (i = 0; i <= len; ++i) { |
2085 | if (i == len || in[i] == ',') { |
2086 | /* |
2087 | * Zero-length ALPN elements are invalid on the wire, we could be |
2088 | * strict and reject the entire string, but just ignoring extra |
2089 | * commas seems harmless and more friendly. |
2090 | * |
2091 | * Every comma we skip in this way puts the input buffer another |
2092 | * byte ahead of the output buffer, so all stores into the output |
2093 | * buffer need to be decremented by the number commas skipped. |
2094 | */ |
2095 | if (i == start) { |
2096 | ++start; |
2097 | ++skipped; |
2098 | continue; |
2099 | } |
2100 | if (i - start > 255) { |
2101 | OPENSSL_free(out)CRYPTO_free(out, "../deps/openssl/openssl/apps/lib/apps.c", 2101 ); |
2102 | return NULL((void*)0); |
2103 | } |
2104 | out[start-skipped] = (unsigned char)(i - start); |
2105 | start = i + 1; |
2106 | } else { |
2107 | out[i + 1 - skipped] = in[i]; |
2108 | } |
2109 | } |
2110 | |
2111 | if (len <= skipped) { |
2112 | OPENSSL_free(out)CRYPTO_free(out, "../deps/openssl/openssl/apps/lib/apps.c", 2112 ); |
2113 | return NULL((void*)0); |
2114 | } |
2115 | |
2116 | *outlen = len + 1 - skipped; |
2117 | return out; |
2118 | } |
2119 | |
2120 | void print_cert_checks(BIO *bio, X509 *x, |
2121 | const char *checkhost, |
2122 | const char *checkemail, const char *checkip) |
2123 | { |
2124 | if (x == NULL((void*)0)) |
2125 | return; |
2126 | if (checkhost) { |
2127 | BIO_printf(bio, "Hostname %s does%s match certificate\n", |
2128 | checkhost, |
2129 | X509_check_host(x, checkhost, 0, 0, NULL((void*)0)) == 1 |
2130 | ? "" : " NOT"); |
2131 | } |
2132 | |
2133 | if (checkemail) { |
2134 | BIO_printf(bio, "Email %s does%s match certificate\n", |
2135 | checkemail, X509_check_email(x, checkemail, 0, 0) |
2136 | ? "" : " NOT"); |
2137 | } |
2138 | |
2139 | if (checkip) { |
2140 | BIO_printf(bio, "IP %s does%s match certificate\n", |
2141 | checkip, X509_check_ip_asc(x, checkip, 0) ? "" : " NOT"); |
2142 | } |
2143 | } |
2144 | |
2145 | static int do_pkey_ctx_init(EVP_PKEY_CTX *pkctx, STACK_OF(OPENSSL_STRING)struct stack_st_OPENSSL_STRING *opts) |
2146 | { |
2147 | int i; |
2148 | |
2149 | if (opts == NULL((void*)0)) |
2150 | return 1; |
2151 | |
2152 | for (i = 0; i < sk_OPENSSL_STRING_num(opts)OPENSSL_sk_num(ossl_check_const_OPENSSL_STRING_sk_type(opts)); i++) { |
2153 | char *opt = sk_OPENSSL_STRING_value(opts, i)((char *)OPENSSL_sk_value(ossl_check_const_OPENSSL_STRING_sk_type (opts), (i))); |
2154 | if (pkey_ctrl_string(pkctx, opt) <= 0) { |
2155 | BIO_printf(bio_err, "parameter error \"%s\"\n", opt); |
2156 | ERR_print_errors(bio_err); |
2157 | return 0; |
2158 | } |
2159 | } |
2160 | |
2161 | return 1; |
2162 | } |
2163 | |
2164 | static int do_x509_init(X509 *x, STACK_OF(OPENSSL_STRING)struct stack_st_OPENSSL_STRING *opts) |
2165 | { |
2166 | int i; |
2167 | |
2168 | if (opts == NULL((void*)0)) |
2169 | return 1; |
2170 | |
2171 | for (i = 0; i < sk_OPENSSL_STRING_num(opts)OPENSSL_sk_num(ossl_check_const_OPENSSL_STRING_sk_type(opts)); i++) { |
2172 | char *opt = sk_OPENSSL_STRING_value(opts, i)((char *)OPENSSL_sk_value(ossl_check_const_OPENSSL_STRING_sk_type (opts), (i))); |
2173 | if (x509_ctrl_string(x, opt) <= 0) { |
2174 | BIO_printf(bio_err, "parameter error \"%s\"\n", opt); |
2175 | ERR_print_errors(bio_err); |
2176 | return 0; |
2177 | } |
2178 | } |
2179 | |
2180 | return 1; |
2181 | } |
2182 | |
2183 | static int do_x509_req_init(X509_REQ *x, STACK_OF(OPENSSL_STRING)struct stack_st_OPENSSL_STRING *opts) |
2184 | { |
2185 | int i; |
2186 | |
2187 | if (opts == NULL((void*)0)) |
2188 | return 1; |
2189 | |
2190 | for (i = 0; i < sk_OPENSSL_STRING_num(opts)OPENSSL_sk_num(ossl_check_const_OPENSSL_STRING_sk_type(opts)); i++) { |
2191 | char *opt = sk_OPENSSL_STRING_value(opts, i)((char *)OPENSSL_sk_value(ossl_check_const_OPENSSL_STRING_sk_type (opts), (i))); |
2192 | if (x509_req_ctrl_string(x, opt) <= 0) { |
2193 | BIO_printf(bio_err, "parameter error \"%s\"\n", opt); |
2194 | ERR_print_errors(bio_err); |
2195 | return 0; |
2196 | } |
2197 | } |
2198 | |
2199 | return 1; |
2200 | } |
2201 | |
2202 | static int do_sign_init(EVP_MD_CTX *ctx, EVP_PKEY *pkey, |
2203 | const char *md, STACK_OF(OPENSSL_STRING)struct stack_st_OPENSSL_STRING *sigopts) |
2204 | { |
2205 | EVP_PKEY_CTX *pkctx = NULL((void*)0); |
2206 | char def_md[80]; |
2207 | |
2208 | if (ctx == NULL((void*)0)) |
2209 | return 0; |
2210 | /* |
2211 | * EVP_PKEY_get_default_digest_name() returns 2 if the digest is mandatory |
2212 | * for this algorithm. |
2213 | */ |
2214 | if (EVP_PKEY_get_default_digest_name(pkey, def_md, sizeof(def_md)) == 2 |
2215 | && strcmp(def_md, "UNDEF") == 0) { |
2216 | /* The signing algorithm requires there to be no digest */ |
2217 | md = NULL((void*)0); |
2218 | } |
2219 | |
2220 | return EVP_DigestSignInit_ex(ctx, &pkctx, md, app_get0_libctx(), |
2221 | app_get0_propq(), pkey, NULL((void*)0)) |
2222 | && do_pkey_ctx_init(pkctx, sigopts); |
2223 | } |
2224 | |
2225 | static int adapt_keyid_ext(X509 *cert, X509V3_CTX *ext_ctx, |
2226 | const char *name, const char *value, int add_default) |
2227 | { |
2228 | const STACK_OF(X509_EXTENSION)struct stack_st_X509_EXTENSION *exts = X509_get0_extensions(cert); |
2229 | X509_EXTENSION *new_ext = X509V3_EXT_nconf(NULL((void*)0), ext_ctx, name, value); |
2230 | int idx, rv = 0; |
2231 | |
2232 | if (new_ext == NULL((void*)0)) |
2233 | return rv; |
2234 | |
2235 | idx = X509v3_get_ext_by_OBJ(exts, X509_EXTENSION_get_object(new_ext), -1); |
2236 | if (idx >= 0) { |
2237 | X509_EXTENSION *found_ext = X509v3_get_ext(exts, idx); |
2238 | ASN1_OCTET_STRING *data = X509_EXTENSION_get_data(found_ext); |
2239 | int disabled = ASN1_STRING_length(data) <= 2; /* config said "none" */ |
2240 | |
2241 | if (disabled) { |
2242 | X509_delete_ext(cert, idx); |
2243 | X509_EXTENSION_free(found_ext); |
2244 | } /* else keep existing key identifier, which might be outdated */ |
2245 | rv = 1; |
2246 | } else { |
2247 | rv = !add_default || X509_add_ext(cert, new_ext, -1); |
2248 | } |
2249 | X509_EXTENSION_free(new_ext); |
2250 | return rv; |
2251 | } |
2252 | |
2253 | /* Ensure RFC 5280 compliance, adapt keyIDs as needed, and sign the cert info */ |
2254 | int do_X509_sign(X509 *cert, EVP_PKEY *pkey, const char *md, |
2255 | STACK_OF(OPENSSL_STRING)struct stack_st_OPENSSL_STRING *sigopts, X509V3_CTX *ext_ctx) |
2256 | { |
2257 | const STACK_OF(X509_EXTENSION)struct stack_st_X509_EXTENSION *exts = X509_get0_extensions(cert); |
2258 | EVP_MD_CTX *mctx = EVP_MD_CTX_new(); |
2259 | int self_sign; |
2260 | int rv = 0; |
2261 | |
2262 | if (sk_X509_EXTENSION_num(exts /* may be NULL */)OPENSSL_sk_num(ossl_check_const_X509_EXTENSION_sk_type(exts)) > 0) { |
2263 | /* Prevent X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3 */ |
2264 | if (!X509_set_version(cert, X509_VERSION_32)) |
2265 | goto end; |
2266 | |
2267 | /* |
2268 | * Add default SKID before such that default AKID can make use of it |
2269 | * in case the certificate is self-signed |
2270 | */ |
2271 | /* Prevent X509_V_ERR_MISSING_SUBJECT_KEY_IDENTIFIER */ |
2272 | if (!adapt_keyid_ext(cert, ext_ctx, "subjectKeyIdentifier", "hash", 1)) |
2273 | goto end; |
2274 | /* Prevent X509_V_ERR_MISSING_AUTHORITY_KEY_IDENTIFIER */ |
2275 | ERR_set_mark(); |
2276 | self_sign = X509_check_private_key(cert, pkey); |
2277 | ERR_pop_to_mark(); |
2278 | if (!adapt_keyid_ext(cert, ext_ctx, "authorityKeyIdentifier", |
2279 | "keyid, issuer", !self_sign)) |
2280 | goto end; |
2281 | } |
2282 | |
2283 | if (mctx != NULL((void*)0) && do_sign_init(mctx, pkey, md, sigopts) > 0) |
2284 | rv = (X509_sign_ctx(cert, mctx) > 0); |
2285 | end: |
2286 | EVP_MD_CTX_free(mctx); |
2287 | return rv; |
2288 | } |
2289 | |
2290 | /* Sign the certificate request info */ |
2291 | int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const char *md, |
2292 | STACK_OF(OPENSSL_STRING)struct stack_st_OPENSSL_STRING *sigopts) |
2293 | { |
2294 | int rv = 0; |
2295 | EVP_MD_CTX *mctx = EVP_MD_CTX_new(); |
2296 | |
2297 | if (do_sign_init(mctx, pkey, md, sigopts) > 0) |
2298 | rv = (X509_REQ_sign_ctx(x, mctx) > 0); |
2299 | EVP_MD_CTX_free(mctx); |
2300 | return rv; |
2301 | } |
2302 | |
2303 | /* Sign the CRL info */ |
2304 | int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const char *md, |
2305 | STACK_OF(OPENSSL_STRING)struct stack_st_OPENSSL_STRING *sigopts) |
2306 | { |
2307 | int rv = 0; |
2308 | EVP_MD_CTX *mctx = EVP_MD_CTX_new(); |
2309 | |
2310 | if (do_sign_init(mctx, pkey, md, sigopts) > 0) |
2311 | rv = (X509_CRL_sign_ctx(x, mctx) > 0); |
2312 | EVP_MD_CTX_free(mctx); |
2313 | return rv; |
2314 | } |
2315 | |
2316 | /* |
2317 | * do_X509_verify returns 1 if the signature is valid, |
2318 | * 0 if the signature check fails, or -1 if error occurs. |
2319 | */ |
2320 | int do_X509_verify(X509 *x, EVP_PKEY *pkey, STACK_OF(OPENSSL_STRING)struct stack_st_OPENSSL_STRING *vfyopts) |
2321 | { |
2322 | int rv = 0; |
2323 | |
2324 | if (do_x509_init(x, vfyopts) > 0) |
2325 | rv = X509_verify(x, pkey); |
2326 | else |
2327 | rv = -1; |
2328 | return rv; |
2329 | } |
2330 | |
2331 | /* |
2332 | * do_X509_REQ_verify returns 1 if the signature is valid, |
2333 | * 0 if the signature check fails, or -1 if error occurs. |
2334 | */ |
2335 | int do_X509_REQ_verify(X509_REQ *x, EVP_PKEY *pkey, |
2336 | STACK_OF(OPENSSL_STRING)struct stack_st_OPENSSL_STRING *vfyopts) |
2337 | { |
2338 | int rv = 0; |
2339 | |
2340 | if (do_x509_req_init(x, vfyopts) > 0) |
2341 | rv = X509_REQ_verify_ex(x, pkey, |
2342 | app_get0_libctx(), app_get0_propq()); |
2343 | else |
2344 | rv = -1; |
2345 | return rv; |
2346 | } |
2347 | |
2348 | /* Get first http URL from a DIST_POINT structure */ |
2349 | |
2350 | static const char *get_dp_url(DIST_POINT *dp) |
2351 | { |
2352 | GENERAL_NAMES *gens; |
2353 | GENERAL_NAME *gen; |
2354 | int i, gtype; |
2355 | ASN1_STRING *uri; |
2356 | if (!dp->distpoint || dp->distpoint->type != 0) |
2357 | return NULL((void*)0); |
2358 | gens = dp->distpoint->name.fullname; |
2359 | for (i = 0; i < sk_GENERAL_NAME_num(gens)OPENSSL_sk_num(ossl_check_const_GENERAL_NAME_sk_type(gens)); i++) { |
2360 | gen = sk_GENERAL_NAME_value(gens, i)((GENERAL_NAME *)OPENSSL_sk_value(ossl_check_const_GENERAL_NAME_sk_type (gens), (i))); |
2361 | uri = GENERAL_NAME_get0_value(gen, >ype); |
2362 | if (gtype == GEN_URI6 && ASN1_STRING_length(uri) > 6) { |
2363 | const char *uptr = (const char *)ASN1_STRING_get0_data(uri); |
2364 | |
2365 | if (IS_HTTP(uptr)((uptr) != ((void*)0) && strncmp(uptr, "http""://", strlen ("http""://")) == 0)) /* can/should not use HTTPS here */ |
2366 | return uptr; |
2367 | } |
2368 | } |
2369 | return NULL((void*)0); |
2370 | } |
2371 | |
2372 | /* |
2373 | * Look through a CRLDP structure and attempt to find an http URL to |
2374 | * downloads a CRL from. |
2375 | */ |
2376 | |
2377 | static X509_CRL *load_crl_crldp(STACK_OF(DIST_POINT)struct stack_st_DIST_POINT *crldp) |
2378 | { |
2379 | int i; |
2380 | const char *urlptr = NULL((void*)0); |
2381 | for (i = 0; i < sk_DIST_POINT_num(crldp)OPENSSL_sk_num(ossl_check_const_DIST_POINT_sk_type(crldp)); i++) { |
2382 | DIST_POINT *dp = sk_DIST_POINT_value(crldp, i)((DIST_POINT *)OPENSSL_sk_value(ossl_check_const_DIST_POINT_sk_type (crldp), (i))); |
2383 | urlptr = get_dp_url(dp); |
2384 | if (urlptr != NULL((void*)0)) |
2385 | return load_crl(urlptr, FORMAT_UNDEF0, 0, "CRL via CDP"); |
2386 | } |
2387 | return NULL((void*)0); |
2388 | } |
2389 | |
2390 | /* |
2391 | * Example of downloading CRLs from CRLDP: |
2392 | * not usable for real world as it always downloads and doesn't cache anything. |
2393 | */ |
2394 | |
2395 | static STACK_OF(X509_CRL)struct stack_st_X509_CRL *crls_http_cb(const X509_STORE_CTX *ctx, |
2396 | const X509_NAME *nm) |
2397 | { |
2398 | X509 *x; |
2399 | STACK_OF(X509_CRL)struct stack_st_X509_CRL *crls = NULL((void*)0); |
2400 | X509_CRL *crl; |
2401 | STACK_OF(DIST_POINT)struct stack_st_DIST_POINT *crldp; |
2402 | |
2403 | crls = sk_X509_CRL_new_null()((struct stack_st_X509_CRL *)OPENSSL_sk_new_null()); |
2404 | if (!crls) |
2405 | return NULL((void*)0); |
2406 | x = X509_STORE_CTX_get_current_cert(ctx); |
2407 | crldp = X509_get_ext_d2i(x, NID_crl_distribution_points103, NULL((void*)0), NULL((void*)0)); |
2408 | crl = load_crl_crldp(crldp); |
2409 | sk_DIST_POINT_pop_free(crldp, DIST_POINT_free)OPENSSL_sk_pop_free(ossl_check_DIST_POINT_sk_type(crldp),ossl_check_DIST_POINT_freefunc_type (DIST_POINT_free)); |
2410 | if (!crl) { |
2411 | sk_X509_CRL_free(crls)OPENSSL_sk_free(ossl_check_X509_CRL_sk_type(crls)); |
2412 | return NULL((void*)0); |
2413 | } |
2414 | sk_X509_CRL_push(crls, crl)OPENSSL_sk_push(ossl_check_X509_CRL_sk_type(crls), ossl_check_X509_CRL_type (crl)); |
2415 | /* Try to download delta CRL */ |
2416 | crldp = X509_get_ext_d2i(x, NID_freshest_crl857, NULL((void*)0), NULL((void*)0)); |
2417 | crl = load_crl_crldp(crldp); |
2418 | sk_DIST_POINT_pop_free(crldp, DIST_POINT_free)OPENSSL_sk_pop_free(ossl_check_DIST_POINT_sk_type(crldp),ossl_check_DIST_POINT_freefunc_type (DIST_POINT_free)); |
2419 | if (crl) |
2420 | sk_X509_CRL_push(crls, crl)OPENSSL_sk_push(ossl_check_X509_CRL_sk_type(crls), ossl_check_X509_CRL_type (crl)); |
2421 | return crls; |
2422 | } |
2423 | |
2424 | void store_setup_crl_download(X509_STORE *st) |
2425 | { |
2426 | X509_STORE_set_lookup_crls_cb(st, crls_http_cb)X509_STORE_set_lookup_crls((st), (crls_http_cb)); |
2427 | } |
2428 | |
2429 | #ifndef OPENSSL_NO_SOCK |
2430 | static const char *tls_error_hint(void) |
2431 | { |
2432 | unsigned long err = ERR_peek_error(); |
2433 | |
2434 | if (ERR_GET_LIB(err) != ERR_LIB_SSL20) |
2435 | err = ERR_peek_last_error(); |
2436 | if (ERR_GET_LIB(err) != ERR_LIB_SSL20) |
2437 | return NULL((void*)0); |
2438 | |
2439 | switch (ERR_GET_REASON(err)) { |
2440 | case SSL_R_WRONG_VERSION_NUMBER267: |
2441 | return "The server does not support (a suitable version of) TLS"; |
2442 | case SSL_R_UNKNOWN_PROTOCOL252: |
2443 | return "The server does not support HTTPS"; |
2444 | case SSL_R_CERTIFICATE_VERIFY_FAILED134: |
2445 | return "Cannot authenticate server via its TLS certificate, likely due to mismatch with our trusted TLS certs or missing revocation status"; |
2446 | case SSL_AD_REASON_OFFSET1000 + TLS1_AD_UNKNOWN_CA48: |
2447 | return "Server did not accept our TLS certificate, likely due to mismatch with server's trust anchor or missing revocation status"; |
2448 | case SSL_AD_REASON_OFFSET1000 + SSL3_AD_HANDSHAKE_FAILURE40: |
2449 | return "TLS handshake failure. Possibly the server requires our TLS certificate but did not receive it"; |
2450 | default: /* no error or no hint available for error */ |
2451 | return NULL((void*)0); |
2452 | } |
2453 | } |
2454 | |
2455 | /* HTTP callback function that supports TLS connection also via HTTPS proxy */ |
2456 | BIO *app_http_tls_cb(BIO *bio, void *arg, int connect, int detail) |
2457 | { |
2458 | APP_HTTP_TLS_INFO *info = (APP_HTTP_TLS_INFO *)arg; |
2459 | SSL_CTX *ssl_ctx = info->ssl_ctx; |
2460 | |
2461 | if (connect && detail) { /* connecting with TLS */ |
2462 | SSL *ssl; |
2463 | BIO *sbio = NULL((void*)0); |
2464 | |
2465 | /* adapt after fixing callback design flaw, see #17088 */ |
2466 | if ((info->use_proxy |
2467 | && !OSSL_HTTP_proxy_connect(bio, info->server, info->port, |
2468 | NULL((void*)0), NULL((void*)0), /* no proxy credentials */ |
2469 | info->timeout, bio_err, opt_getprog())) |
2470 | || (sbio = BIO_new(BIO_f_ssl())) == NULL((void*)0)) { |
2471 | return NULL((void*)0); |
2472 | } |
2473 | if (ssl_ctx == NULL((void*)0) || (ssl = SSL_new(ssl_ctx)) == NULL((void*)0)) { |
2474 | BIO_free(sbio); |
2475 | return NULL((void*)0); |
2476 | } |
2477 | |
2478 | /* adapt after fixing callback design flaw, see #17088 */ |
2479 | SSL_set_tlsext_host_name(ssl, info->server)SSL_ctrl(ssl,55,0, (void *)info->server); /* not critical to do */ |
2480 | |
2481 | SSL_set_connect_state(ssl); |
2482 | BIO_set_ssl(sbio, ssl, BIO_CLOSE)BIO_ctrl(sbio,109,0x01,(char *)(ssl)); |
2483 | |
2484 | bio = BIO_push(sbio, bio); |
2485 | } |
2486 | if (!connect) { |
2487 | const char *hint; |
2488 | BIO *cbio; |
2489 | |
2490 | if (!detail) { /* disconnecting after error */ |
2491 | hint = tls_error_hint(); |
2492 | if (hint != NULL((void*)0)) |
2493 | ERR_add_error_data(2, " : ", hint); |
2494 | } |
2495 | if (ssl_ctx != NULL((void*)0)) { |
2496 | (void)ERR_set_mark(); |
2497 | BIO_ssl_shutdown(bio); |
2498 | cbio = BIO_pop(bio); /* connect+HTTP BIO */ |
2499 | BIO_free(bio); /* SSL BIO */ |
2500 | (void)ERR_pop_to_mark(); /* hide SSL_R_READ_BIO_NOT_SET etc. */ |
2501 | bio = cbio; |
2502 | } |
2503 | } |
2504 | return bio; |
2505 | } |
2506 | |
2507 | void APP_HTTP_TLS_INFO_free(APP_HTTP_TLS_INFO *info) |
2508 | { |
2509 | if (info != NULL((void*)0)) { |
2510 | SSL_CTX_free(info->ssl_ctx); |
2511 | OPENSSL_free(info)CRYPTO_free(info, "../deps/openssl/openssl/apps/lib/apps.c", 2511 ); |
2512 | } |
2513 | } |
2514 | |
2515 | ASN1_VALUE *app_http_get_asn1(const char *url, const char *proxy, |
2516 | const char *no_proxy, SSL_CTX *ssl_ctx, |
2517 | const STACK_OF(CONF_VALUE)struct stack_st_CONF_VALUE *headers, |
2518 | long timeout, const char *expected_content_type, |
2519 | const ASN1_ITEM *it) |
2520 | { |
2521 | APP_HTTP_TLS_INFO info; |
2522 | char *server; |
2523 | char *port; |
2524 | int use_ssl; |
2525 | BIO *mem; |
2526 | ASN1_VALUE *resp = NULL((void*)0); |
2527 | |
2528 | if (url == NULL((void*)0) || it == NULL((void*)0)) { |
2529 | ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/apps/lib/apps.c" ,2529,__func__), ERR_set_error)((61),((258|((0x1 << 18L )|(0x2 << 18L)))),((void*)0)); |
2530 | return NULL((void*)0); |
2531 | } |
2532 | |
2533 | if (!OSSL_HTTP_parse_url(url, &use_ssl, NULL((void*)0) /* userinfo */, &server, &port, |
2534 | NULL((void*)0) /* port_num, */, NULL((void*)0), NULL((void*)0), NULL((void*)0))) |
2535 | return NULL((void*)0); |
2536 | if (use_ssl && ssl_ctx == NULL((void*)0)) { |
2537 | ERR_raise_data(ERR_new(), ERR_set_debug("../deps/openssl/openssl/apps/lib/apps.c" ,2537,__func__), ERR_set_error)(ERR_LIB_HTTP61, ERR_R_PASSED_NULL_PARAMETER(258|((0x1 << 18L)|(0x2 << 18L))), |
2538 | "missing SSL_CTX"); |
2539 | goto end; |
2540 | } |
2541 | |
2542 | info.server = server; |
2543 | info.port = port; |
2544 | info.use_proxy = /* workaround for callback design flaw, see #17088 */ |
2545 | OSSL_HTTP_adapt_proxy(proxy, no_proxy, server, use_ssl) != NULL((void*)0); |
2546 | info.timeout = timeout; |
2547 | info.ssl_ctx = ssl_ctx; |
2548 | mem = OSSL_HTTP_get(url, proxy, no_proxy, NULL((void*)0) /* bio */, NULL((void*)0) /* rbio */, |
2549 | app_http_tls_cb, &info, 0 /* buf_size */, headers, |
2550 | expected_content_type, 1 /* expect_asn1 */, |
2551 | OSSL_HTTP_DEFAULT_MAX_RESP_LEN(100 * 1024), timeout); |
2552 | resp = ASN1_item_d2i_bio(it, mem, NULL((void*)0)); |
2553 | BIO_free(mem); |
2554 | |
2555 | end: |
2556 | OPENSSL_free(server)CRYPTO_free(server, "../deps/openssl/openssl/apps/lib/apps.c" , 2556); |
2557 | OPENSSL_free(port)CRYPTO_free(port, "../deps/openssl/openssl/apps/lib/apps.c", 2557 ); |
2558 | return resp; |
2559 | |
2560 | } |
2561 | |
2562 | ASN1_VALUE *app_http_post_asn1(const char *host, const char *port, |
2563 | const char *path, const char *proxy, |
2564 | const char *no_proxy, SSL_CTX *ssl_ctx, |
2565 | const STACK_OF(CONF_VALUE)struct stack_st_CONF_VALUE *headers, |
2566 | const char *content_type, |
2567 | ASN1_VALUE *req, const ASN1_ITEM *req_it, |
2568 | const char *expected_content_type, |
2569 | long timeout, const ASN1_ITEM *rsp_it) |
2570 | { |
2571 | int use_ssl = ssl_ctx != NULL((void*)0); |
2572 | APP_HTTP_TLS_INFO info; |
2573 | BIO *rsp, *req_mem = ASN1_item_i2d_mem_bio(req_it, req); |
2574 | ASN1_VALUE *res; |
2575 | |
2576 | if (req_mem == NULL((void*)0)) |
2577 | return NULL((void*)0); |
2578 | |
2579 | info.server = host; |
2580 | info.port = port; |
2581 | info.use_proxy = /* workaround for callback design flaw, see #17088 */ |
2582 | OSSL_HTTP_adapt_proxy(proxy, no_proxy, host, use_ssl) != NULL((void*)0); |
2583 | info.timeout = timeout; |
2584 | info.ssl_ctx = ssl_ctx; |
2585 | rsp = OSSL_HTTP_transfer(NULL((void*)0), host, port, path, use_ssl, |
2586 | proxy, no_proxy, NULL((void*)0) /* bio */, NULL((void*)0) /* rbio */, |
2587 | app_http_tls_cb, &info, |
2588 | 0 /* buf_size */, headers, content_type, req_mem, |
2589 | expected_content_type, 1 /* expect_asn1 */, |
2590 | OSSL_HTTP_DEFAULT_MAX_RESP_LEN(100 * 1024), timeout, |
2591 | 0 /* keep_alive */); |
2592 | BIO_free(req_mem); |
2593 | res = ASN1_item_d2i_bio(rsp_it, rsp, NULL((void*)0)); |
2594 | BIO_free(rsp); |
2595 | return res; |
2596 | } |
2597 | |
2598 | #endif |
2599 | |
2600 | /* |
2601 | * Platform-specific sections |
2602 | */ |
2603 | #if defined(_WIN32) |
2604 | # ifdef fileno |
2605 | # undef fileno |
2606 | # define fileno(a) (int)_fileno(a) |
2607 | # endif |
2608 | |
2609 | # include <windows.h> |
2610 | # include <tchar.h> |
2611 | |
2612 | static int WIN32_rename(const char *from, const char *to) |
2613 | { |
2614 | TCHAR *tfrom = NULL((void*)0), *tto; |
2615 | DWORD err; |
2616 | int ret = 0; |
2617 | |
2618 | if (sizeof(TCHAR) == 1) { |
2619 | tfrom = (TCHAR *)from; |
2620 | tto = (TCHAR *)to; |
2621 | } else { /* UNICODE path */ |
2622 | |
2623 | size_t i, flen = strlen(from) + 1, tlen = strlen(to) + 1; |
2624 | tfrom = malloc(sizeof(*tfrom) * (flen + tlen)); |
2625 | if (tfrom == NULL((void*)0)) |
2626 | goto err; |
2627 | tto = tfrom + flen; |
2628 | # if !defined(_WIN32_WCE) || _WIN32_WCE>=101 |
2629 | if (!MultiByteToWideChar(CP_ACP, 0, from, flen, (WCHAR *)tfrom, flen)) |
2630 | # endif |
2631 | for (i = 0; i < flen; i++) |
2632 | tfrom[i] = (TCHAR)from[i]; |
2633 | # if !defined(_WIN32_WCE) || _WIN32_WCE>=101 |
2634 | if (!MultiByteToWideChar(CP_ACP, 0, to, tlen, (WCHAR *)tto, tlen)) |
2635 | # endif |
2636 | for (i = 0; i < tlen; i++) |
2637 | tto[i] = (TCHAR)to[i]; |
2638 | } |
2639 | |
2640 | if (MoveFile(tfrom, tto)) |
2641 | goto ok; |
2642 | err = GetLastError(); |
2643 | if (err == ERROR_ALREADY_EXISTS || err == ERROR_FILE_EXISTS) { |
2644 | if (DeleteFile(tto) && MoveFile(tfrom, tto)) |
2645 | goto ok; |
2646 | err = GetLastError(); |
2647 | } |
2648 | if (err == ERROR_FILE_NOT_FOUND || err == ERROR_PATH_NOT_FOUND) |
2649 | errno(*__errno_location ()) = ENOENT2; |
2650 | else if (err == ERROR_ACCESS_DENIED) |
2651 | errno(*__errno_location ()) = EACCES13; |
2652 | else |
2653 | errno(*__errno_location ()) = EINVAL22; /* we could map more codes... */ |
2654 | err: |
2655 | ret = -1; |
2656 | ok: |
2657 | if (tfrom != NULL((void*)0) && tfrom != (TCHAR *)from) |
2658 | free(tfrom); |
2659 | return ret; |
2660 | } |
2661 | #endif |
2662 | |
2663 | /* app_tminterval section */ |
2664 | #if defined(_WIN32) |
2665 | double app_tminterval(int stop, int usertime) |
2666 | { |
2667 | FILETIME now; |
2668 | double ret = 0; |
2669 | static ULARGE_INTEGER tmstart; |
2670 | static int warning = 1; |
2671 | # ifdef _WIN32_WINNT |
2672 | static HANDLE proc = NULL((void*)0); |
2673 | |
2674 | if (proc == NULL((void*)0)) { |
2675 | if (check_winnt()) |
2676 | proc = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, |
2677 | GetCurrentProcessId()); |
2678 | if (proc == NULL((void*)0)) |
2679 | proc = (HANDLE) - 1; |
2680 | } |
2681 | |
2682 | if (usertime && proc != (HANDLE) - 1) { |
2683 | FILETIME junk; |
2684 | GetProcessTimes(proc, &junk, &junk, &junk, &now); |
2685 | } else |
2686 | # endif |
2687 | { |
2688 | SYSTEMTIME systime; |
2689 | |
2690 | if (usertime && warning) { |
2691 | BIO_printf(bio_err, "To get meaningful results, run " |
2692 | "this program on idle system.\n"); |
2693 | warning = 0; |
2694 | } |
2695 | GetSystemTime(&systime); |
2696 | SystemTimeToFileTime(&systime, &now); |
2697 | } |
2698 | |
2699 | if (stop == TM_START0) { |
2700 | tmstart.u.LowPart = now.dwLowDateTime; |
2701 | tmstart.u.HighPart = now.dwHighDateTime; |
2702 | } else { |
2703 | ULARGE_INTEGER tmstop; |
2704 | |
2705 | tmstop.u.LowPart = now.dwLowDateTime; |
2706 | tmstop.u.HighPart = now.dwHighDateTime; |
2707 | |
2708 | ret = (__int64)(tmstop.QuadPart - tmstart.QuadPart) * 1e-7; |
2709 | } |
2710 | |
2711 | return ret; |
2712 | } |
2713 | #elif defined(OPENSSL_SYS_VXWORKS) |
2714 | # include <time.h> |
2715 | |
2716 | double app_tminterval(int stop, int usertime) |
2717 | { |
2718 | double ret = 0; |
2719 | # ifdef CLOCK_REALTIME0 |
2720 | static struct timespec tmstart; |
2721 | struct timespec now; |
2722 | # else |
2723 | static unsigned long tmstart; |
2724 | unsigned long now; |
2725 | # endif |
2726 | static int warning = 1; |
2727 | |
2728 | if (usertime && warning) { |
2729 | BIO_printf(bio_err, "To get meaningful results, run " |
2730 | "this program on idle system.\n"); |
2731 | warning = 0; |
2732 | } |
2733 | # ifdef CLOCK_REALTIME0 |
2734 | clock_gettime(CLOCK_REALTIME0, &now); |
2735 | if (stop == TM_START0) |
2736 | tmstart = now; |
2737 | else |
2738 | ret = ((now.tv_sec + now.tv_nsec * 1e-9) |
2739 | - (tmstart.tv_sec + tmstart.tv_nsec * 1e-9)); |
2740 | # else |
2741 | now = tickGet(); |
2742 | if (stop == TM_START0) |
2743 | tmstart = now; |
2744 | else |
2745 | ret = (now - tmstart) / (double)sysClkRateGet(); |
2746 | # endif |
2747 | return ret; |
2748 | } |
2749 | |
2750 | #elif defined(_SC_CLK_TCK_SC_CLK_TCK) /* by means of unistd.h */ |
2751 | # include <sys/times.h> |
2752 | |
2753 | double app_tminterval(int stop, int usertime) |
2754 | { |
2755 | double ret = 0; |
2756 | struct tms rus; |
2757 | clock_t now = times(&rus); |
2758 | static clock_t tmstart; |
2759 | |
2760 | if (usertime) |
2761 | now = rus.tms_utime; |
2762 | |
2763 | if (stop == TM_START0) { |
2764 | tmstart = now; |
2765 | } else { |
2766 | long int tck = sysconf(_SC_CLK_TCK_SC_CLK_TCK); |
2767 | ret = (now - tmstart) / (double)tck; |
2768 | } |
2769 | |
2770 | return ret; |
2771 | } |
2772 | |
2773 | #else |
2774 | # include <sys/time.h> |
2775 | # include <sys/resource.h> |
2776 | |
2777 | double app_tminterval(int stop, int usertime) |
2778 | { |
2779 | double ret = 0; |
2780 | struct rusage rus; |
2781 | struct timeval now; |
2782 | static struct timeval tmstart; |
2783 | |
2784 | if (usertime) |
2785 | getrusage(RUSAGE_SELF, &rus), now = rus.ru_utime; |
2786 | else |
2787 | gettimeofday(&now, NULL((void*)0)); |
2788 | |
2789 | if (stop == TM_START0) |
2790 | tmstart = now; |
2791 | else |
2792 | ret = ((now.tv_sec + now.tv_usec * 1e-6) |
2793 | - (tmstart.tv_sec + tmstart.tv_usec * 1e-6)); |
2794 | |
2795 | return ret; |
2796 | } |
2797 | #endif |
2798 | |
2799 | int app_access(const char* name, int flag) |
2800 | { |
2801 | #ifdef _WIN32 |
2802 | return _access(name, flag); |
2803 | #else |
2804 | return access(name, flag); |
2805 | #endif |
2806 | } |
2807 | |
2808 | int app_isdir(const char *name) |
2809 | { |
2810 | return opt_isdir(name); |
2811 | } |
2812 | |
2813 | /* raw_read|write section */ |
2814 | #if defined(__VMS) |
2815 | # include "vms_term_sock.h" |
2816 | static int stdin_sock = -1; |
2817 | |
2818 | static void close_stdin_sock(void) |
2819 | { |
2820 | TerminalSocket (TERM_SOCK_DELETE, &stdin_sock); |
2821 | } |
2822 | |
2823 | int fileno_stdin(void) |
2824 | { |
2825 | if (stdin_sock == -1) { |
2826 | TerminalSocket(TERM_SOCK_CREATE, &stdin_sock); |
2827 | atexit(close_stdin_sock); |
2828 | } |
2829 | |
2830 | return stdin_sock; |
2831 | } |
2832 | #else |
2833 | int fileno_stdin(void) |
2834 | { |
2835 | return fileno(stdinstdin); |
2836 | } |
2837 | #endif |
2838 | |
2839 | int fileno_stdout(void) |
2840 | { |
2841 | return fileno(stdoutstdout); |
2842 | } |
2843 | |
2844 | #if defined(_WIN32) && defined(STD_INPUT_HANDLE) |
2845 | int raw_read_stdin(void *buf, int siz) |
2846 | { |
2847 | DWORD n; |
2848 | if (ReadFile(GetStdHandle(STD_INPUT_HANDLE), buf, siz, &n, NULL((void*)0))) |
2849 | return n; |
2850 | else |
2851 | return -1; |
2852 | } |
2853 | #elif defined(__VMS) |
2854 | # include <sys/socket.h> |
2855 | |
2856 | int raw_read_stdin(void *buf, int siz) |
2857 | { |
2858 | return recv(fileno_stdin(), buf, siz, 0); |
2859 | } |
2860 | #else |
2861 | # if defined(__TANDEM) |
2862 | # if defined(OPENSSL_TANDEM_FLOSS) |
2863 | # include <floss.h(floss_read)> |
2864 | # endif |
2865 | # endif |
2866 | int raw_read_stdin(void *buf, int siz) |
2867 | { |
2868 | return read(fileno_stdin(), buf, siz); |
2869 | } |
2870 | #endif |
2871 | |
2872 | #if defined(_WIN32) && defined(STD_OUTPUT_HANDLE) |
2873 | int raw_write_stdout(const void *buf, int siz) |
2874 | { |
2875 | DWORD n; |
2876 | if (WriteFile(GetStdHandle(STD_OUTPUT_HANDLE), buf, siz, &n, NULL((void*)0))) |
2877 | return n; |
2878 | else |
2879 | return -1; |
2880 | } |
2881 | #elif defined(OPENSSL_SYS_TANDEM) && defined(OPENSSL_THREADS1) && defined(_SPT_MODEL_) |
2882 | # if defined(__TANDEM) |
2883 | # if defined(OPENSSL_TANDEM_FLOSS) |
2884 | # include <floss.h(floss_write)> |
2885 | # endif |
2886 | # endif |
2887 | int raw_write_stdout(const void *buf,int siz) |
2888 | { |
2889 | return write(fileno(stdoutstdout),(void*)buf,siz); |
2890 | } |
2891 | #else |
2892 | # if defined(__TANDEM) |
2893 | # if defined(OPENSSL_TANDEM_FLOSS) |
2894 | # include <floss.h(floss_write)> |
2895 | # endif |
2896 | # endif |
2897 | int raw_write_stdout(const void *buf, int siz) |
2898 | { |
2899 | return write(fileno_stdout(), buf, siz); |
2900 | } |
2901 | #endif |
2902 | |
2903 | /* |
2904 | * Centralized handling of input and output files with format specification |
2905 | * The format is meant to show what the input and output is supposed to be, |
2906 | * and is therefore a show of intent more than anything else. However, it |
2907 | * does impact behavior on some platforms, such as differentiating between |
2908 | * text and binary input/output on non-Unix platforms |
2909 | */ |
2910 | BIO *dup_bio_in(int format) |
2911 | { |
2912 | return BIO_new_fp(stdinstdin, |
2913 | BIO_NOCLOSE0x00 | (FMT_istext(format) ? BIO_FP_TEXT0x10 : 0)); |
2914 | } |
2915 | |
2916 | BIO *dup_bio_out(int format) |
2917 | { |
2918 | BIO *b = BIO_new_fp(stdoutstdout, |
2919 | BIO_NOCLOSE0x00 | (FMT_istext(format) ? BIO_FP_TEXT0x10 : 0)); |
2920 | void *prefix = NULL((void*)0); |
2921 | |
2922 | #ifdef OPENSSL_SYS_VMS |
2923 | if (FMT_istext(format)) |
2924 | b = BIO_push(BIO_new(BIO_f_linebuffer()), b); |
2925 | #endif |
2926 | |
2927 | if (FMT_istext(format) |
2928 | && (prefix = getenv("HARNESS_OSSL_PREFIX")) != NULL((void*)0)) { |
2929 | b = BIO_push(BIO_new(BIO_f_prefix()), b); |
2930 | BIO_set_prefix(b, prefix)BIO_ctrl((b), 79, 0, (void *)(prefix)); |
2931 | } |
2932 | |
2933 | return b; |
2934 | } |
2935 | |
2936 | BIO *dup_bio_err(int format) |
2937 | { |
2938 | BIO *b = BIO_new_fp(stderrstderr, |
2939 | BIO_NOCLOSE0x00 | (FMT_istext(format) ? BIO_FP_TEXT0x10 : 0)); |
2940 | #ifdef OPENSSL_SYS_VMS |
2941 | if (FMT_istext(format)) |
2942 | b = BIO_push(BIO_new(BIO_f_linebuffer()), b); |
2943 | #endif |
2944 | return b; |
2945 | } |
2946 | |
2947 | void unbuffer(FILE *fp) |
2948 | { |
2949 | /* |
2950 | * On VMS, setbuf() will only take 32-bit pointers, and a compilation |
2951 | * with /POINTER_SIZE=64 will give off a MAYLOSEDATA2 warning here. |
2952 | * However, we trust that the C RTL will never give us a FILE pointer |
2953 | * above the first 4 GB of memory, so we simply turn off the warning |
2954 | * temporarily. |
2955 | */ |
2956 | #if defined(OPENSSL_SYS_VMS) && defined(__DECC) |
2957 | # pragma environment save |
2958 | # pragma message disable maylosedata2 |
2959 | #endif |
2960 | setbuf(fp, NULL((void*)0)); |
2961 | #if defined(OPENSSL_SYS_VMS) && defined(__DECC) |
2962 | # pragma environment restore |
2963 | #endif |
2964 | } |
2965 | |
2966 | static const char *modestr(char mode, int format) |
2967 | { |
2968 | OPENSSL_assert(mode == 'a' || mode == 'r' || mode == 'w')(void)((mode == 'a' || mode == 'r' || mode == 'w') ? 0 : (OPENSSL_die ("assertion failed: " "mode == 'a' || mode == 'r' || mode == 'w'" , "../deps/openssl/openssl/apps/lib/apps.c", 2968), 1)); |
2969 | |
2970 | switch (mode) { |
2971 | case 'a': |
2972 | return FMT_istext(format) ? "a" : "ab"; |
2973 | case 'r': |
2974 | return FMT_istext(format) ? "r" : "rb"; |
2975 | case 'w': |
2976 | return FMT_istext(format) ? "w" : "wb"; |
2977 | } |
2978 | /* The assert above should make sure we never reach this point */ |
2979 | return NULL((void*)0); |
2980 | } |
2981 | |
2982 | static const char *modeverb(char mode) |
2983 | { |
2984 | switch (mode) { |
2985 | case 'a': |
2986 | return "appending"; |
2987 | case 'r': |
2988 | return "reading"; |
2989 | case 'w': |
2990 | return "writing"; |
2991 | } |
2992 | return "(doing something)"; |
2993 | } |
2994 | |
2995 | /* |
2996 | * Open a file for writing, owner-read-only. |
2997 | */ |
2998 | BIO *bio_open_owner(const char *filename, int format, int private) |
2999 | { |
3000 | FILE *fp = NULL((void*)0); |
3001 | BIO *b = NULL((void*)0); |
3002 | int textmode, bflags; |
3003 | #ifndef OPENSSL_NO_POSIX_IO |
3004 | int fd = -1, mode; |
3005 | #endif |
3006 | |
3007 | if (!private || filename == NULL((void*)0) || strcmp(filename, "-") == 0) |
3008 | return bio_open_default(filename, 'w', format); |
3009 | |
3010 | textmode = FMT_istext(format); |
3011 | #ifndef OPENSSL_NO_POSIX_IO |
3012 | mode = O_WRONLY01; |
3013 | # ifdef O_CREAT0100 |
3014 | mode |= O_CREAT0100; |
3015 | # endif |
3016 | # ifdef O_TRUNC01000 |
3017 | mode |= O_TRUNC01000; |
3018 | # endif |
3019 | if (!textmode) { |
3020 | # ifdef O_BINARY |
3021 | mode |= O_BINARY; |
3022 | # elif defined(_O_BINARY) |
3023 | mode |= _O_BINARY; |
3024 | # endif |
3025 | } |
3026 | |
3027 | # ifdef OPENSSL_SYS_VMS |
3028 | /* VMS doesn't have O_BINARY, it just doesn't make sense. But, |
3029 | * it still needs to know that we're going binary, or fdopen() |
3030 | * will fail with "invalid argument"... so we tell VMS what the |
3031 | * context is. |
3032 | */ |
3033 | if (!textmode) |
3034 | fd = open(filename, mode, 0600, "ctx=bin"); |
3035 | else |
3036 | # endif |
3037 | fd = open(filename, mode, 0600); |
3038 | if (fd < 0) |
3039 | goto err; |
3040 | fp = fdopen(fd, modestr('w', format)); |
3041 | #else /* OPENSSL_NO_POSIX_IO */ |
3042 | /* Have stdio but not Posix IO, do the best we can */ |
3043 | fp = fopen(filename, modestr('w', format)); |
3044 | #endif /* OPENSSL_NO_POSIX_IO */ |
3045 | if (fp == NULL((void*)0)) |
3046 | goto err; |
3047 | bflags = BIO_CLOSE0x01; |
3048 | if (textmode) |
3049 | bflags |= BIO_FP_TEXT0x10; |
3050 | b = BIO_new_fp(fp, bflags); |
3051 | if (b != NULL((void*)0)) |
3052 | return b; |
3053 | |
3054 | err: |
3055 | BIO_printf(bio_err, "%s: Can't open \"%s\" for writing, %s\n", |
3056 | opt_getprog(), filename, strerror(errno(*__errno_location ()))); |
3057 | ERR_print_errors(bio_err); |
3058 | /* If we have fp, then fdopen took over fd, so don't close both. */ |
3059 | if (fp != NULL((void*)0)) |
3060 | fclose(fp); |
3061 | #ifndef OPENSSL_NO_POSIX_IO |
3062 | else if (fd >= 0) |
3063 | close(fd); |
3064 | #endif |
3065 | return NULL((void*)0); |
3066 | } |
3067 | |
3068 | static BIO *bio_open_default_(const char *filename, char mode, int format, |
3069 | int quiet) |
3070 | { |
3071 | BIO *ret; |
3072 | |
3073 | if (filename == NULL((void*)0) || strcmp(filename, "-") == 0) { |
3074 | ret = mode == 'r' ? dup_bio_in(format) : dup_bio_out(format); |
3075 | if (quiet) { |
3076 | ERR_clear_error(); |
3077 | return ret; |
3078 | } |
3079 | if (ret != NULL((void*)0)) |
3080 | return ret; |
3081 | BIO_printf(bio_err, |
3082 | "Can't open %s, %s\n", |
3083 | mode == 'r' ? "stdin" : "stdout", strerror(errno(*__errno_location ()))); |
3084 | } else { |
3085 | ret = BIO_new_file(filename, modestr(mode, format)); |
3086 | if (quiet) { |
3087 | ERR_clear_error(); |
3088 | return ret; |
3089 | } |
3090 | if (ret != NULL((void*)0)) |
3091 | return ret; |
3092 | BIO_printf(bio_err, |
3093 | "Can't open \"%s\" for %s, %s\n", |
3094 | filename, modeverb(mode), strerror(errno(*__errno_location ()))); |
3095 | } |
3096 | ERR_print_errors(bio_err); |
3097 | return NULL((void*)0); |
3098 | } |
3099 | |
3100 | BIO *bio_open_default(const char *filename, char mode, int format) |
3101 | { |
3102 | return bio_open_default_(filename, mode, format, 0); |
3103 | } |
3104 | |
3105 | BIO *bio_open_default_quiet(const char *filename, char mode, int format) |
3106 | { |
3107 | return bio_open_default_(filename, mode, format, 1); |
3108 | } |
3109 | |
3110 | void wait_for_async(SSL *s) |
3111 | { |
3112 | /* On Windows select only works for sockets, so we simply don't wait */ |
3113 | #ifndef OPENSSL_SYS_WINDOWS |
3114 | int width = 0; |
3115 | fd_set asyncfds; |
3116 | OSSL_ASYNC_FDint *fds; |
3117 | size_t numfds; |
3118 | size_t i; |
3119 | |
3120 | if (!SSL_get_all_async_fds(s, NULL((void*)0), &numfds)) |
3121 | return; |
3122 | if (numfds == 0) |
3123 | return; |
3124 | fds = app_malloc(sizeof(OSSL_ASYNC_FDint) * numfds, "allocate async fds"); |
3125 | if (!SSL_get_all_async_fds(s, fds, &numfds)) { |
3126 | OPENSSL_free(fds)CRYPTO_free(fds, "../deps/openssl/openssl/apps/lib/apps.c", 3126 ); |
3127 | return; |
3128 | } |
3129 | |
3130 | FD_ZERO(&asyncfds)do { int __d0, __d1; __asm__ __volatile__ ("cld; rep; " "stosq" : "=c" (__d0), "=D" (__d1) : "a" (0), "0" (sizeof (fd_set) / sizeof (__fd_mask)), "1" (&((&asyncfds)->__fds_bits )[0]) : "memory"); } while (0); |
3131 | for (i = 0; i < numfds; i++) { |
3132 | if (width <= (int)fds[i]) |
3133 | width = (int)fds[i] + 1; |
3134 | openssl_fdset((int)fds[i], &asyncfds)((void) (((&asyncfds)->__fds_bits)[(((int)fds[i]) / (8 * (int) sizeof (__fd_mask)))] |= ((__fd_mask) (1UL << ( ((int)fds[i]) % (8 * (int) sizeof (__fd_mask))))))); |
3135 | } |
3136 | select(width, (void *)&asyncfds, NULL((void*)0), NULL((void*)0), NULL((void*)0)); |
3137 | OPENSSL_free(fds)CRYPTO_free(fds, "../deps/openssl/openssl/apps/lib/apps.c", 3137 ); |
3138 | #endif |
3139 | } |
3140 | |
3141 | /* if OPENSSL_SYS_WINDOWS is defined then so is OPENSSL_SYS_MSDOS */ |
3142 | #if defined(OPENSSL_SYS_MSDOS) |
3143 | int has_stdin_waiting(void) |
3144 | { |
3145 | # if defined(OPENSSL_SYS_WINDOWS) |
3146 | HANDLE inhand = GetStdHandle(STD_INPUT_HANDLE); |
3147 | DWORD events = 0; |
3148 | INPUT_RECORD inputrec; |
3149 | DWORD insize = 1; |
3150 | BOOL peeked; |
3151 | |
3152 | if (inhand == INVALID_HANDLE_VALUE) { |
3153 | return 0; |
3154 | } |
3155 | |
3156 | peeked = PeekConsoleInput(inhand, &inputrec, insize, &events); |
3157 | if (!peeked) { |
3158 | /* Probably redirected input? _kbhit() does not work in this case */ |
3159 | if (!feof(stdinstdin)) { |
3160 | return 1; |
3161 | } |
3162 | return 0; |
3163 | } |
3164 | # endif |
3165 | return _kbhit(); |
3166 | } |
3167 | #endif |
3168 | |
3169 | /* Corrupt a signature by modifying final byte */ |
3170 | void corrupt_signature(const ASN1_STRING *signature) |
3171 | { |
3172 | unsigned char *s = signature->data; |
3173 | s[signature->length - 1] ^= 0x1; |
3174 | } |
3175 | |
3176 | int set_cert_times(X509 *x, const char *startdate, const char *enddate, |
3177 | int days) |
3178 | { |
3179 | if (startdate == NULL((void*)0) || strcmp(startdate, "today") == 0) { |
3180 | if (X509_gmtime_adj(X509_getm_notBefore(x), 0) == NULL((void*)0)) |
3181 | return 0; |
3182 | } else { |
3183 | if (!ASN1_TIME_set_string_X509(X509_getm_notBefore(x), startdate)) |
3184 | return 0; |
3185 | } |
3186 | if (enddate == NULL((void*)0)) { |
3187 | if (X509_time_adj_ex(X509_getm_notAfter(x), days, 0, NULL((void*)0)) |
3188 | == NULL((void*)0)) |
3189 | return 0; |
3190 | } else if (!ASN1_TIME_set_string_X509(X509_getm_notAfter(x), enddate)) { |
3191 | return 0; |
3192 | } |
3193 | return 1; |
3194 | } |
3195 | |
3196 | int set_crl_lastupdate(X509_CRL *crl, const char *lastupdate) |
3197 | { |
3198 | int ret = 0; |
3199 | ASN1_TIME *tm = ASN1_TIME_new(); |
3200 | |
3201 | if (tm == NULL((void*)0)) |
3202 | goto end; |
3203 | |
3204 | if (lastupdate == NULL((void*)0)) { |
3205 | if (X509_gmtime_adj(tm, 0) == NULL((void*)0)) |
3206 | goto end; |
3207 | } else { |
3208 | if (!ASN1_TIME_set_string_X509(tm, lastupdate)) |
3209 | goto end; |
3210 | } |
3211 | |
3212 | if (!X509_CRL_set1_lastUpdate(crl, tm)) |
3213 | goto end; |
3214 | |
3215 | ret = 1; |
3216 | end: |
3217 | ASN1_TIME_free(tm); |
3218 | return ret; |
3219 | } |
3220 | |
3221 | int set_crl_nextupdate(X509_CRL *crl, const char *nextupdate, |
3222 | long days, long hours, long secs) |
3223 | { |
3224 | int ret = 0; |
3225 | ASN1_TIME *tm = ASN1_TIME_new(); |
3226 | |
3227 | if (tm == NULL((void*)0)) |
3228 | goto end; |
3229 | |
3230 | if (nextupdate == NULL((void*)0)) { |
3231 | if (X509_time_adj_ex(tm, days, hours * 60 * 60 + secs, NULL((void*)0)) == NULL((void*)0)) |
3232 | goto end; |
3233 | } else { |
3234 | if (!ASN1_TIME_set_string_X509(tm, nextupdate)) |
3235 | goto end; |
3236 | } |
3237 | |
3238 | if (!X509_CRL_set1_nextUpdate(crl, tm)) |
3239 | goto end; |
3240 | |
3241 | ret = 1; |
3242 | end: |
3243 | ASN1_TIME_free(tm); |
3244 | return ret; |
3245 | } |
3246 | |
3247 | void make_uppercase(char *string) |
3248 | { |
3249 | int i; |
3250 | |
3251 | for (i = 0; string[i] != '\0'; i++) |
3252 | string[i] = toupper((unsigned char)string[i])(__extension__ ({ int __res; if (sizeof ((unsigned char)string [i]) > 1) { if (__builtin_constant_p ((unsigned char)string [i])) { int __c = ((unsigned char)string[i]); __res = __c < -128 || __c > 255 ? __c : (*__ctype_toupper_loc ())[__c]; } else __res = toupper ((unsigned char)string[i]); } else __res = (*__ctype_toupper_loc ())[(int) ((unsigned char)string[i]) ]; __res; })); |
3253 | } |
3254 | |
3255 | /* This function is defined here due to visibility of bio_err */ |
3256 | int opt_printf_stderr(const char *fmt, ...) |
3257 | { |
3258 | va_list ap; |
3259 | int ret; |
3260 | |
3261 | va_start(ap, fmt)__builtin_va_start(ap, fmt); |
3262 | ret = BIO_vprintf(bio_err, fmt, ap); |
3263 | va_end(ap)__builtin_va_end(ap); |
3264 | return ret; |
3265 | } |
3266 | |
3267 | OSSL_PARAM *app_params_new_from_opts(STACK_OF(OPENSSL_STRING)struct stack_st_OPENSSL_STRING *opts, |
3268 | const OSSL_PARAM *paramdefs) |
3269 | { |
3270 | OSSL_PARAM *params = NULL((void*)0); |
3271 | size_t sz = (size_t)sk_OPENSSL_STRING_num(opts)OPENSSL_sk_num(ossl_check_const_OPENSSL_STRING_sk_type(opts)); |
3272 | size_t params_n; |
3273 | char *opt = "", *stmp, *vtmp = NULL((void*)0); |
3274 | int found = 1; |
3275 | |
3276 | if (opts == NULL((void*)0)) |
3277 | return NULL((void*)0); |
3278 | |
3279 | params = OPENSSL_zalloc(sizeof(OSSL_PARAM) * (sz + 1))CRYPTO_zalloc(sizeof(OSSL_PARAM) * (sz + 1), "../deps/openssl/openssl/apps/lib/apps.c" , 3279); |
3280 | if (params == NULL((void*)0)) |
3281 | return NULL((void*)0); |
3282 | |
3283 | for (params_n = 0; params_n < sz; params_n++) { |
3284 | opt = sk_OPENSSL_STRING_value(opts, (int)params_n)((char *)OPENSSL_sk_value(ossl_check_const_OPENSSL_STRING_sk_type (opts), ((int)params_n))); |
3285 | if ((stmp = OPENSSL_strdup(opt)CRYPTO_strdup(opt, "../deps/openssl/openssl/apps/lib/apps.c", 3285)) == NULL((void*)0) |
3286 | || (vtmp = strchr(stmp, ':')) == NULL((void*)0)) |
3287 | goto err; |
3288 | /* Replace ':' with 0 to terminate the string pointed to by stmp */ |
3289 | *vtmp = 0; |
3290 | /* Skip over the separator so that vmtp points to the value */ |
3291 | vtmp++; |
3292 | if (!OSSL_PARAM_allocate_from_text(¶ms[params_n], paramdefs, |
3293 | stmp, vtmp, strlen(vtmp), &found)) |
3294 | goto err; |
3295 | OPENSSL_free(stmp)CRYPTO_free(stmp, "../deps/openssl/openssl/apps/lib/apps.c", 3295 ); |
3296 | } |
3297 | params[params_n] = OSSL_PARAM_construct_end(); |
3298 | return params; |
3299 | err: |
3300 | OPENSSL_free(stmp)CRYPTO_free(stmp, "../deps/openssl/openssl/apps/lib/apps.c", 3300 ); |
3301 | BIO_printf(bio_err, "Parameter %s '%s'\n", found ? "error" : "unknown", |
3302 | opt); |
3303 | ERR_print_errors(bio_err); |
3304 | app_params_free(params); |
3305 | return NULL((void*)0); |
3306 | } |
3307 | |
3308 | void app_params_free(OSSL_PARAM *params) |
3309 | { |
3310 | int i; |
3311 | |
3312 | if (params != NULL((void*)0)) { |
3313 | for (i = 0; params[i].key != NULL((void*)0); ++i) |
3314 | OPENSSL_free(params[i].data)CRYPTO_free(params[i].data, "../deps/openssl/openssl/apps/lib/apps.c" , 3314); |
3315 | OPENSSL_free(params)CRYPTO_free(params, "../deps/openssl/openssl/apps/lib/apps.c" , 3315); |
3316 | } |
3317 | } |
3318 | |
3319 | EVP_PKEY *app_keygen(EVP_PKEY_CTX *ctx, const char *alg, int bits, int verbose) |
3320 | { |
3321 | EVP_PKEY *res = NULL((void*)0); |
3322 | |
3323 | if (verbose && alg != NULL((void*)0)) { |
3324 | BIO_printf(bio_err, "Generating %s key", alg); |
3325 | if (bits > 0) |
3326 | BIO_printf(bio_err, " with %d bits\n", bits); |
3327 | else |
3328 | BIO_printf(bio_err, "\n"); |
3329 | } |
3330 | if (!RAND_status()) |
3331 | BIO_printf(bio_err, "Warning: generating random key material may take a long time\n" |
3332 | "if the system has a poor entropy source\n"); |
3333 | if (EVP_PKEY_keygen(ctx, &res) <= 0) |
3334 | app_bail_out("%s: Error generating %s key\n", opt_getprog(), |
3335 | alg != NULL((void*)0) ? alg : "asymmetric"); |
3336 | return res; |
3337 | } |
3338 | |
3339 | EVP_PKEY *app_paramgen(EVP_PKEY_CTX *ctx, const char *alg) |
3340 | { |
3341 | EVP_PKEY *res = NULL((void*)0); |
3342 | |
3343 | if (!RAND_status()) |
3344 | BIO_printf(bio_err, "Warning: generating random key parameters may take a long time\n" |
3345 | "if the system has a poor entropy source\n"); |
3346 | if (EVP_PKEY_paramgen(ctx, &res) <= 0) |
3347 | app_bail_out("%s: Generating %s key parameters failed\n", |
3348 | opt_getprog(), alg != NULL((void*)0) ? alg : "asymmetric"); |
3349 | return res; |
3350 | } |
3351 | |
3352 | /* |
3353 | * Return non-zero if the legacy path is still an option. |
3354 | * This decision is based on the global command line operations and the |
3355 | * behaviour thus far. |
3356 | */ |
3357 | int opt_legacy_okay(void) |
3358 | { |
3359 | int provider_options = opt_provider_option_given(); |
3360 | int libctx = app_get0_libctx() != NULL((void*)0) || app_get0_propq() != NULL((void*)0); |
3361 | #ifndef OPENSSL_NO_ENGINE |
3362 | ENGINE *e = ENGINE_get_first(); |
3363 | |
3364 | if (e != NULL((void*)0)) { |
3365 | ENGINE_free(e); |
3366 | return 1; |
3367 | } |
3368 | #endif |
3369 | /* |
3370 | * Having a provider option specified or a custom library context or |
3371 | * property query, is a sure sign we're not using legacy. |
3372 | */ |
3373 | if (provider_options || libctx) |
3374 | return 0; |
3375 | return 1; |
3376 | } |