• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* apps/apps.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  *
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  *
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  *
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  *
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  *
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 /* ====================================================================
59  * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
60  *
61  * Redistribution and use in source and binary forms, with or without
62  * modification, are permitted provided that the following conditions
63  * are met:
64  *
65  * 1. Redistributions of source code must retain the above copyright
66  *    notice, this list of conditions and the following disclaimer.
67  *
68  * 2. Redistributions in binary form must reproduce the above copyright
69  *    notice, this list of conditions and the following disclaimer in
70  *    the documentation and/or other materials provided with the
71  *    distribution.
72  *
73  * 3. All advertising materials mentioning features or use of this
74  *    software must display the following acknowledgment:
75  *    "This product includes software developed by the OpenSSL Project
76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77  *
78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79  *    endorse or promote products derived from this software without
80  *    prior written permission. For written permission, please contact
81  *    openssl-core@openssl.org.
82  *
83  * 5. Products derived from this software may not be called "OpenSSL"
84  *    nor may "OpenSSL" appear in their names without prior written
85  *    permission of the OpenSSL Project.
86  *
87  * 6. Redistributions of any form whatsoever must retain the following
88  *    acknowledgment:
89  *    "This product includes software developed by the OpenSSL Project
90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91  *
92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103  * OF THE POSSIBILITY OF SUCH DAMAGE.
104  * ====================================================================
105  *
106  * This product includes cryptographic software written by Eric Young
107  * (eay@cryptsoft.com).  This product includes software written by Tim
108  * Hudson (tjh@cryptsoft.com).
109  *
110  */
111 
112 #ifndef _POSIX_C_SOURCE
113 #define _POSIX_C_SOURCE 2	/* On VMS, you need to define this to get
114 				   the declaration of fileno().  The value
115 				   2 is to make sure no function defined
116 				   in POSIX-2 is left undefined. */
117 #endif
118 #include <stdio.h>
119 #include <stdlib.h>
120 #include <string.h>
121 #if !defined(OPENSSL_SYSNAME_WIN32) && !defined(NETWARE_CLIB)
122 #include <strings.h>
123 #endif
124 #include <sys/types.h>
125 #include <ctype.h>
126 #include <errno.h>
127 #include <assert.h>
128 #include <openssl/err.h>
129 #include <openssl/x509.h>
130 #include <openssl/x509v3.h>
131 #include <openssl/pem.h>
132 #include <openssl/pkcs12.h>
133 #include <openssl/ui.h>
134 #include <openssl/safestack.h>
135 #ifndef OPENSSL_NO_ENGINE
136 #include <openssl/engine.h>
137 #endif
138 #ifndef OPENSSL_NO_RSA
139 #include <openssl/rsa.h>
140 #endif
141 #include <openssl/bn.h>
142 #ifndef OPENSSL_NO_JPAKE
143 #include <openssl/jpake.h>
144 #endif
145 
146 #define NON_MAIN
147 #include "apps.h"
148 #undef NON_MAIN
149 
150 #ifdef _WIN32
151 static int WIN32_rename(const char *from, const char *to);
152 #define rename(from,to) WIN32_rename((from),(to))
153 #endif
154 
155 typedef struct {
156 	const char *name;
157 	unsigned long flag;
158 	unsigned long mask;
159 } NAME_EX_TBL;
160 
161 static UI_METHOD *ui_method = NULL;
162 
163 static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
164 static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
165 
166 #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
167 /* Looks like this stuff is worth moving into separate function */
168 static EVP_PKEY *
169 load_netscape_key(BIO *err, BIO *key, const char *file,
170 		const char *key_descrip, int format);
171 #endif
172 
173 int app_init(long mesgwin);
174 #ifdef undef /* never finished - probably never will be :-) */
args_from_file(char * file,int * argc,char ** argv[])175 int args_from_file(char *file, int *argc, char **argv[])
176 	{
177 	FILE *fp;
178 	int num,i;
179 	unsigned int len;
180 	static char *buf=NULL;
181 	static char **arg=NULL;
182 	char *p;
183 
184 	fp=fopen(file,"r");
185 	if (fp == NULL)
186 		return(0);
187 
188 	if (fseek(fp,0,SEEK_END)==0)
189 		len=ftell(fp), rewind(fp);
190 	else	len=-1;
191 	if (len<=0)
192 		{
193 		fclose(fp);
194 		return(0);
195 		}
196 
197 	*argc=0;
198 	*argv=NULL;
199 
200 	if (buf != NULL) OPENSSL_free(buf);
201 	buf=(char *)OPENSSL_malloc(len+1);
202 	if (buf == NULL) return(0);
203 
204 	len=fread(buf,1,len,fp);
205 	if (len <= 1) return(0);
206 	buf[len]='\0';
207 
208 	i=0;
209 	for (p=buf; *p; p++)
210 		if (*p == '\n') i++;
211 	if (arg != NULL) OPENSSL_free(arg);
212 	arg=(char **)OPENSSL_malloc(sizeof(char *)*(i*2));
213 
214 	*argv=arg;
215 	num=0;
216 	p=buf;
217 	for (;;)
218 		{
219 		if (!*p) break;
220 		if (*p == '#') /* comment line */
221 			{
222 			while (*p && (*p != '\n')) p++;
223 			continue;
224 			}
225 		/* else we have a line */
226 		*(arg++)=p;
227 		num++;
228 		while (*p && ((*p != ' ') && (*p != '\t') && (*p != '\n')))
229 			p++;
230 		if (!*p) break;
231 		if (*p == '\n')
232 			{
233 			*(p++)='\0';
234 			continue;
235 			}
236 		/* else it is a tab or space */
237 		p++;
238 		while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
239 			p++;
240 		if (!*p) break;
241 		if (*p == '\n')
242 			{
243 			p++;
244 			continue;
245 			}
246 		*(arg++)=p++;
247 		num++;
248 		while (*p && (*p != '\n')) p++;
249 		if (!*p) break;
250 		/* else *p == '\n' */
251 		*(p++)='\0';
252 		}
253 	*argc=num;
254 	return(1);
255 	}
256 #endif
257 
str2fmt(char * s)258 int str2fmt(char *s)
259 	{
260 	if 	((*s == 'D') || (*s == 'd'))
261 		return(FORMAT_ASN1);
262 	else if ((*s == 'T') || (*s == 't'))
263 		return(FORMAT_TEXT);
264   	else if ((*s == 'N') || (*s == 'n'))
265   		return(FORMAT_NETSCAPE);
266   	else if ((*s == 'S') || (*s == 's'))
267   		return(FORMAT_SMIME);
268  	else if ((*s == 'M') || (*s == 'm'))
269  		return(FORMAT_MSBLOB);
270 	else if ((*s == '1')
271 		|| (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
272 		|| (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
273 		return(FORMAT_PKCS12);
274 	else if ((*s == 'E') || (*s == 'e'))
275 		return(FORMAT_ENGINE);
276 	else if ((*s == 'P') || (*s == 'p'))
277  		{
278  		if (s[1] == 'V' || s[1] == 'v')
279  			return FORMAT_PVK;
280  		else
281   			return(FORMAT_PEM);
282  		}
283 	else
284 		return(FORMAT_UNDEF);
285 	}
286 
287 #if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_NETWARE)
program_name(char * in,char * out,int size)288 void program_name(char *in, char *out, int size)
289 	{
290 	int i,n;
291 	char *p=NULL;
292 
293 	n=strlen(in);
294 	/* find the last '/', '\' or ':' */
295 	for (i=n-1; i>0; i--)
296 		{
297 		if ((in[i] == '/') || (in[i] == '\\') || (in[i] == ':'))
298 			{
299 			p= &(in[i+1]);
300 			break;
301 			}
302 		}
303 	if (p == NULL)
304 		p=in;
305 	n=strlen(p);
306 
307 #if defined(OPENSSL_SYS_NETWARE)
308    /* strip off trailing .nlm if present. */
309    if ((n > 4) && (p[n-4] == '.') &&
310       ((p[n-3] == 'n') || (p[n-3] == 'N')) &&
311       ((p[n-2] == 'l') || (p[n-2] == 'L')) &&
312       ((p[n-1] == 'm') || (p[n-1] == 'M')))
313       n-=4;
314 #else
315 	/* strip off trailing .exe if present. */
316 	if ((n > 4) && (p[n-4] == '.') &&
317 		((p[n-3] == 'e') || (p[n-3] == 'E')) &&
318 		((p[n-2] == 'x') || (p[n-2] == 'X')) &&
319 		((p[n-1] == 'e') || (p[n-1] == 'E')))
320 		n-=4;
321 #endif
322 
323 	if (n > size-1)
324 		n=size-1;
325 
326 	for (i=0; i<n; i++)
327 		{
328 		if ((p[i] >= 'A') && (p[i] <= 'Z'))
329 			out[i]=p[i]-'A'+'a';
330 		else
331 			out[i]=p[i];
332 		}
333 	out[n]='\0';
334 	}
335 #else
336 #ifdef OPENSSL_SYS_VMS
program_name(char * in,char * out,int size)337 void program_name(char *in, char *out, int size)
338 	{
339 	char *p=in, *q;
340 	char *chars=":]>";
341 
342 	while(*chars != '\0')
343 		{
344 		q=strrchr(p,*chars);
345 		if (q > p)
346 			p = q + 1;
347 		chars++;
348 		}
349 
350 	q=strrchr(p,'.');
351 	if (q == NULL)
352 		q = p + strlen(p);
353 	strncpy(out,p,size-1);
354 	if (q-p >= size)
355 		{
356 		out[size-1]='\0';
357 		}
358 	else
359 		{
360 		out[q-p]='\0';
361 		}
362 	}
363 #else
program_name(char * in,char * out,int size)364 void program_name(char *in, char *out, int size)
365 	{
366 	char *p;
367 
368 	p=strrchr(in,'/');
369 	if (p != NULL)
370 		p++;
371 	else
372 		p=in;
373 	BUF_strlcpy(out,p,size);
374 	}
375 #endif
376 #endif
377 
chopup_args(ARGS * arg,char * buf,int * argc,char ** argv[])378 int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
379 	{
380 	int num,len,i;
381 	char *p;
382 
383 	*argc=0;
384 	*argv=NULL;
385 
386 	len=strlen(buf);
387 	i=0;
388 	if (arg->count == 0)
389 		{
390 		arg->count=20;
391 		arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count);
392 		}
393 	for (i=0; i<arg->count; i++)
394 		arg->data[i]=NULL;
395 
396 	num=0;
397 	p=buf;
398 	for (;;)
399 		{
400 		/* first scan over white space */
401 		if (!*p) break;
402 		while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
403 			p++;
404 		if (!*p) break;
405 
406 		/* The start of something good :-) */
407 		if (num >= arg->count)
408 			{
409 			char **tmp_p;
410 			int tlen = arg->count + 20;
411 			tmp_p = (char **)OPENSSL_realloc(arg->data,
412 				sizeof(char *)*tlen);
413 			if (tmp_p == NULL)
414 				return 0;
415 			arg->data  = tmp_p;
416 			arg->count = tlen;
417 			/* initialize newly allocated data */
418 			for (i = num; i < arg->count; i++)
419 				arg->data[i] = NULL;
420 			}
421 		arg->data[num++]=p;
422 
423 		/* now look for the end of this */
424 		if ((*p == '\'') || (*p == '\"')) /* scan for closing quote */
425 			{
426 			i= *(p++);
427 			arg->data[num-1]++; /* jump over quote */
428 			while (*p && (*p != i))
429 				p++;
430 			*p='\0';
431 			}
432 		else
433 			{
434 			while (*p && ((*p != ' ') &&
435 				(*p != '\t') && (*p != '\n')))
436 				p++;
437 
438 			if (*p == '\0')
439 				p--;
440 			else
441 				*p='\0';
442 			}
443 		p++;
444 		}
445 	*argc=num;
446 	*argv=arg->data;
447 	return(1);
448 	}
449 
450 #ifndef APP_INIT
app_init(long mesgwin)451 int app_init(long mesgwin)
452 	{
453 	return(1);
454 	}
455 #endif
456 
457 
dump_cert_text(BIO * out,X509 * x)458 int dump_cert_text (BIO *out, X509 *x)
459 {
460 	char *p;
461 
462 	p=X509_NAME_oneline(X509_get_subject_name(x),NULL,0);
463 	BIO_puts(out,"subject=");
464 	BIO_puts(out,p);
465 	OPENSSL_free(p);
466 
467 	p=X509_NAME_oneline(X509_get_issuer_name(x),NULL,0);
468 	BIO_puts(out,"\nissuer=");
469 	BIO_puts(out,p);
470 	BIO_puts(out,"\n");
471 	OPENSSL_free(p);
472 
473 	return 0;
474 }
475 
ui_open(UI * ui)476 static int ui_open(UI *ui)
477 	{
478 	return UI_method_get_opener(UI_OpenSSL())(ui);
479 	}
ui_read(UI * ui,UI_STRING * uis)480 static int ui_read(UI *ui, UI_STRING *uis)
481 	{
482 	if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
483 		&& UI_get0_user_data(ui))
484 		{
485 		switch(UI_get_string_type(uis))
486 			{
487 		case UIT_PROMPT:
488 		case UIT_VERIFY:
489 			{
490 			const char *password =
491 				((PW_CB_DATA *)UI_get0_user_data(ui))->password;
492 			if (password && password[0] != '\0')
493 				{
494 				UI_set_result(ui, uis, password);
495 				return 1;
496 				}
497 			}
498 		default:
499 			break;
500 			}
501 		}
502 	return UI_method_get_reader(UI_OpenSSL())(ui, uis);
503 	}
ui_write(UI * ui,UI_STRING * uis)504 static int ui_write(UI *ui, UI_STRING *uis)
505 	{
506 	if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
507 		&& UI_get0_user_data(ui))
508 		{
509 		switch(UI_get_string_type(uis))
510 			{
511 		case UIT_PROMPT:
512 		case UIT_VERIFY:
513 			{
514 			const char *password =
515 				((PW_CB_DATA *)UI_get0_user_data(ui))->password;
516 			if (password && password[0] != '\0')
517 				return 1;
518 			}
519 		default:
520 			break;
521 			}
522 		}
523 	return UI_method_get_writer(UI_OpenSSL())(ui, uis);
524 	}
ui_close(UI * ui)525 static int ui_close(UI *ui)
526 	{
527 	return UI_method_get_closer(UI_OpenSSL())(ui);
528 	}
setup_ui_method(void)529 int setup_ui_method(void)
530 	{
531 	ui_method = UI_create_method("OpenSSL application user interface");
532 	UI_method_set_opener(ui_method, ui_open);
533 	UI_method_set_reader(ui_method, ui_read);
534 	UI_method_set_writer(ui_method, ui_write);
535 	UI_method_set_closer(ui_method, ui_close);
536 	return 0;
537 	}
destroy_ui_method(void)538 void destroy_ui_method(void)
539 	{
540 	if(ui_method)
541 		{
542 		UI_destroy_method(ui_method);
543 		ui_method = NULL;
544 		}
545 	}
password_callback(char * buf,int bufsiz,int verify,PW_CB_DATA * cb_tmp)546 int password_callback(char *buf, int bufsiz, int verify,
547 	PW_CB_DATA *cb_tmp)
548 	{
549 	UI *ui = NULL;
550 	int res = 0;
551 	const char *prompt_info = NULL;
552 	const char *password = NULL;
553 	PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;
554 
555 	if (cb_data)
556 		{
557 		if (cb_data->password)
558 			password = cb_data->password;
559 		if (cb_data->prompt_info)
560 			prompt_info = cb_data->prompt_info;
561 		}
562 
563 	if (password)
564 		{
565 		res = strlen(password);
566 		if (res > bufsiz)
567 			res = bufsiz;
568 		memcpy(buf, password, res);
569 		return res;
570 		}
571 
572 	ui = UI_new_method(ui_method);
573 	if (ui)
574 		{
575 		int ok = 0;
576 		char *buff = NULL;
577 		int ui_flags = 0;
578 		char *prompt = NULL;
579 
580 		prompt = UI_construct_prompt(ui, "pass phrase",
581 			prompt_info);
582 
583 		ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
584 		UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
585 
586 		if (ok >= 0)
587 			ok = UI_add_input_string(ui,prompt,ui_flags,buf,
588 				PW_MIN_LENGTH,BUFSIZ-1);
589 		if (ok >= 0 && verify)
590 			{
591 			buff = (char *)OPENSSL_malloc(bufsiz);
592 			ok = UI_add_verify_string(ui,prompt,ui_flags,buff,
593 				PW_MIN_LENGTH,BUFSIZ-1, buf);
594 			}
595 		if (ok >= 0)
596 			do
597 				{
598 				ok = UI_process(ui);
599 				}
600 			while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
601 
602 		if (buff)
603 			{
604 			OPENSSL_cleanse(buff,(unsigned int)bufsiz);
605 			OPENSSL_free(buff);
606 			}
607 
608 		if (ok >= 0)
609 			res = strlen(buf);
610 		if (ok == -1)
611 			{
612 			BIO_printf(bio_err, "User interface error\n");
613 			ERR_print_errors(bio_err);
614 			OPENSSL_cleanse(buf,(unsigned int)bufsiz);
615 			res = 0;
616 			}
617 		if (ok == -2)
618 			{
619 			BIO_printf(bio_err,"aborted!\n");
620 			OPENSSL_cleanse(buf,(unsigned int)bufsiz);
621 			res = 0;
622 			}
623 		UI_free(ui);
624 		OPENSSL_free(prompt);
625 		}
626 	return res;
627 	}
628 
629 static char *app_get_pass(BIO *err, char *arg, int keepbio);
630 
app_passwd(BIO * err,char * arg1,char * arg2,char ** pass1,char ** pass2)631 int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2)
632 {
633 	int same;
634 	if(!arg2 || !arg1 || strcmp(arg1, arg2)) same = 0;
635 	else same = 1;
636 	if(arg1) {
637 		*pass1 = app_get_pass(err, arg1, same);
638 		if(!*pass1) return 0;
639 	} else if(pass1) *pass1 = NULL;
640 	if(arg2) {
641 		*pass2 = app_get_pass(err, arg2, same ? 2 : 0);
642 		if(!*pass2) return 0;
643 	} else if(pass2) *pass2 = NULL;
644 	return 1;
645 }
646 
app_get_pass(BIO * err,char * arg,int keepbio)647 static char *app_get_pass(BIO *err, char *arg, int keepbio)
648 {
649 	char *tmp, tpass[APP_PASS_LEN];
650 	static BIO *pwdbio = NULL;
651 	int i;
652 	if(!strncmp(arg, "pass:", 5)) return BUF_strdup(arg + 5);
653 	if(!strncmp(arg, "env:", 4)) {
654 		tmp = getenv(arg + 4);
655 		if(!tmp) {
656 			BIO_printf(err, "Can't read environment variable %s\n", arg + 4);
657 			return NULL;
658 		}
659 		return BUF_strdup(tmp);
660 	}
661 	if(!keepbio || !pwdbio) {
662 		if(!strncmp(arg, "file:", 5)) {
663 			pwdbio = BIO_new_file(arg + 5, "r");
664 			if(!pwdbio) {
665 				BIO_printf(err, "Can't open file %s\n", arg + 5);
666 				return NULL;
667 			}
668 #if !defined(_WIN32)
669 		/*
670 		 * Under _WIN32, which covers even Win64 and CE, file
671 		 * descriptors referenced by BIO_s_fd are not inherited
672 		 * by child process and therefore below is not an option.
673 		 * It could have been an option if bss_fd.c was operating
674 		 * on real Windows descriptors, such as those obtained
675 		 * with CreateFile.
676 		 */
677 		} else if(!strncmp(arg, "fd:", 3)) {
678 			BIO *btmp;
679 			i = atoi(arg + 3);
680 			if(i >= 0) pwdbio = BIO_new_fd(i, BIO_NOCLOSE);
681 			if((i < 0) || !pwdbio) {
682 				BIO_printf(err, "Can't access file descriptor %s\n", arg + 3);
683 				return NULL;
684 			}
685 			/* Can't do BIO_gets on an fd BIO so add a buffering BIO */
686 			btmp = BIO_new(BIO_f_buffer());
687 			pwdbio = BIO_push(btmp, pwdbio);
688 #endif
689 		} else if(!strcmp(arg, "stdin")) {
690 			pwdbio = BIO_new_fp(stdin, BIO_NOCLOSE);
691 			if(!pwdbio) {
692 				BIO_printf(err, "Can't open BIO for stdin\n");
693 				return NULL;
694 			}
695 		} else {
696 			BIO_printf(err, "Invalid password argument \"%s\"\n", arg);
697 			return NULL;
698 		}
699 	}
700 	i = BIO_gets(pwdbio, tpass, APP_PASS_LEN);
701 	if(keepbio != 1) {
702 		BIO_free_all(pwdbio);
703 		pwdbio = NULL;
704 	}
705 	if(i <= 0) {
706 		BIO_printf(err, "Error reading password from BIO\n");
707 		return NULL;
708 	}
709 	tmp = strchr(tpass, '\n');
710 	if(tmp) *tmp = 0;
711 	return BUF_strdup(tpass);
712 }
713 
add_oid_section(BIO * err,CONF * conf)714 int add_oid_section(BIO *err, CONF *conf)
715 {
716 	char *p;
717 	STACK_OF(CONF_VALUE) *sktmp;
718 	CONF_VALUE *cnf;
719 	int i;
720 	if(!(p=NCONF_get_string(conf,NULL,"oid_section")))
721 		{
722 		ERR_clear_error();
723 		return 1;
724 		}
725 	if(!(sktmp = NCONF_get_section(conf, p))) {
726 		BIO_printf(err, "problem loading oid section %s\n", p);
727 		return 0;
728 	}
729 	for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
730 		cnf = sk_CONF_VALUE_value(sktmp, i);
731 		if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
732 			BIO_printf(err, "problem creating object %s=%s\n",
733 							 cnf->name, cnf->value);
734 			return 0;
735 		}
736 	}
737 	return 1;
738 }
739 
load_pkcs12(BIO * err,BIO * in,const char * desc,pem_password_cb * pem_cb,void * cb_data,EVP_PKEY ** pkey,X509 ** cert,STACK_OF (X509)** ca)740 static int load_pkcs12(BIO *err, BIO *in, const char *desc,
741 		pem_password_cb *pem_cb,  void *cb_data,
742 		EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
743 	{
744  	const char *pass;
745 	char tpass[PEM_BUFSIZE];
746 	int len, ret = 0;
747 	PKCS12 *p12;
748 	p12 = d2i_PKCS12_bio(in, NULL);
749 	if (p12 == NULL)
750 		{
751 		BIO_printf(err, "Error loading PKCS12 file for %s\n", desc);
752 		goto die;
753 		}
754 	/* See if an empty password will do */
755 	if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0))
756 		pass = "";
757 	else
758 		{
759 		if (!pem_cb)
760 			pem_cb = (pem_password_cb *)password_callback;
761 		len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data);
762 		if (len < 0)
763 			{
764 			BIO_printf(err, "Passpharse callback error for %s\n",
765 					desc);
766 			goto die;
767 			}
768 		if (len < PEM_BUFSIZE)
769 			tpass[len] = 0;
770 		if (!PKCS12_verify_mac(p12, tpass, len))
771 			{
772 			BIO_printf(err,
773 	"Mac verify error (wrong password?) in PKCS12 file for %s\n", desc);
774 			goto die;
775 			}
776 		pass = tpass;
777 		}
778 	ret = PKCS12_parse(p12, pass, pkey, cert, ca);
779 	die:
780 	if (p12)
781 		PKCS12_free(p12);
782 	return ret;
783 	}
784 
load_cert(BIO * err,const char * file,int format,const char * pass,ENGINE * e,const char * cert_descrip)785 X509 *load_cert(BIO *err, const char *file, int format,
786 	const char *pass, ENGINE *e, const char *cert_descrip)
787 	{
788 	X509 *x=NULL;
789 	BIO *cert;
790 
791 	if ((cert=BIO_new(BIO_s_file())) == NULL)
792 		{
793 		ERR_print_errors(err);
794 		goto end;
795 		}
796 
797 	if (file == NULL)
798 		{
799 #ifdef _IONBF
800 		setvbuf(stdin, NULL, _IONBF, 0);
801 #endif
802 		BIO_set_fp(cert,stdin,BIO_NOCLOSE);
803 		}
804 	else
805 		{
806 		if (BIO_read_filename(cert,file) <= 0)
807 			{
808 			BIO_printf(err, "Error opening %s %s\n",
809 				cert_descrip, file);
810 			ERR_print_errors(err);
811 			goto end;
812 			}
813 		}
814 
815 	if 	(format == FORMAT_ASN1)
816 		x=d2i_X509_bio(cert,NULL);
817 	else if (format == FORMAT_NETSCAPE)
818 		{
819 		NETSCAPE_X509 *nx;
820 		nx=ASN1_item_d2i_bio(ASN1_ITEM_rptr(NETSCAPE_X509),cert,NULL);
821 		if (nx == NULL)
822 				goto end;
823 
824 		if ((strncmp(NETSCAPE_CERT_HDR,(char *)nx->header->data,
825 			nx->header->length) != 0))
826 			{
827 			NETSCAPE_X509_free(nx);
828 			BIO_printf(err,"Error reading header on certificate\n");
829 			goto end;
830 			}
831 		x=nx->cert;
832 		nx->cert = NULL;
833 		NETSCAPE_X509_free(nx);
834 		}
835 	else if (format == FORMAT_PEM)
836 		x=PEM_read_bio_X509_AUX(cert,NULL,
837 			(pem_password_cb *)password_callback, NULL);
838 	else if (format == FORMAT_PKCS12)
839 		{
840 		if (!load_pkcs12(err, cert,cert_descrip, NULL, NULL,
841 					NULL, &x, NULL))
842 			goto end;
843 		}
844 	else	{
845 		BIO_printf(err,"bad input format specified for %s\n",
846 			cert_descrip);
847 		goto end;
848 		}
849 end:
850 	if (x == NULL)
851 		{
852 		BIO_printf(err,"unable to load certificate\n");
853 		ERR_print_errors(err);
854 		}
855 	if (cert != NULL) BIO_free(cert);
856 	return(x);
857 	}
858 
load_key(BIO * err,const char * file,int format,int maybe_stdin,const char * pass,ENGINE * e,const char * key_descrip)859 EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
860 	const char *pass, ENGINE *e, const char *key_descrip)
861 	{
862 	BIO *key=NULL;
863 	EVP_PKEY *pkey=NULL;
864 	PW_CB_DATA cb_data;
865 
866 	cb_data.password = pass;
867 	cb_data.prompt_info = file;
868 
869 	if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE))
870 		{
871 		BIO_printf(err,"no keyfile specified\n");
872 		goto end;
873 		}
874 #ifndef OPENSSL_NO_ENGINE
875 	if (format == FORMAT_ENGINE)
876 		{
877 		if (!e)
878 			BIO_printf(err,"no engine specified\n");
879 		else
880 			{
881 			pkey = ENGINE_load_private_key(e, file,
882 				ui_method, &cb_data);
883 			if (!pkey)
884 				{
885 				BIO_printf(err,"cannot load %s from engine\n",key_descrip);
886 				ERR_print_errors(err);
887 				}
888 			}
889 		goto end;
890 		}
891 #endif
892 	key=BIO_new(BIO_s_file());
893 	if (key == NULL)
894 		{
895 		ERR_print_errors(err);
896 		goto end;
897 		}
898 	if (file == NULL && maybe_stdin)
899 		{
900 #ifdef _IONBF
901 		setvbuf(stdin, NULL, _IONBF, 0);
902 #endif
903 		BIO_set_fp(key,stdin,BIO_NOCLOSE);
904 		}
905 	else
906 		if (BIO_read_filename(key,file) <= 0)
907 			{
908 			BIO_printf(err, "Error opening %s %s\n",
909 				key_descrip, file);
910 			ERR_print_errors(err);
911 			goto end;
912 			}
913 	if (format == FORMAT_ASN1)
914 		{
915 		pkey=d2i_PrivateKey_bio(key, NULL);
916 		}
917 	else if (format == FORMAT_PEM)
918 		{
919 		pkey=PEM_read_bio_PrivateKey(key,NULL,
920 			(pem_password_cb *)password_callback, &cb_data);
921 		}
922 #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
923 	else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
924 		pkey = load_netscape_key(err, key, file, key_descrip, format);
925 #endif
926 	else if (format == FORMAT_PKCS12)
927 		{
928 		if (!load_pkcs12(err, key, key_descrip,
929 				(pem_password_cb *)password_callback, &cb_data,
930 				&pkey, NULL, NULL))
931 			goto end;
932 		}
933 #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) && !defined (OPENSSL_NO_RC4)
934 	else if (format == FORMAT_MSBLOB)
935 		pkey = b2i_PrivateKey_bio(key);
936 	else if (format == FORMAT_PVK)
937 		pkey = b2i_PVK_bio(key, (pem_password_cb *)password_callback,
938 								&cb_data);
939 #endif
940 	else
941 		{
942 		BIO_printf(err,"bad input format specified for key file\n");
943 		goto end;
944 		}
945  end:
946 	if (key != NULL) BIO_free(key);
947 	if (pkey == NULL)
948 		{
949 		BIO_printf(err,"unable to load %s\n", key_descrip);
950 		ERR_print_errors(err);
951 		}
952 	return(pkey);
953 	}
954 
load_pubkey(BIO * err,const char * file,int format,int maybe_stdin,const char * pass,ENGINE * e,const char * key_descrip)955 EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
956 	const char *pass, ENGINE *e, const char *key_descrip)
957 	{
958 	BIO *key=NULL;
959 	EVP_PKEY *pkey=NULL;
960 	PW_CB_DATA cb_data;
961 
962 	cb_data.password = pass;
963 	cb_data.prompt_info = file;
964 
965 	if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE))
966 		{
967 		BIO_printf(err,"no keyfile specified\n");
968 		goto end;
969 		}
970 #ifndef OPENSSL_NO_ENGINE
971 	if (format == FORMAT_ENGINE)
972 		{
973 		if (!e)
974 			BIO_printf(bio_err,"no engine specified\n");
975 		else
976 			pkey = ENGINE_load_public_key(e, file,
977 				ui_method, &cb_data);
978 		goto end;
979 		}
980 #endif
981 	key=BIO_new(BIO_s_file());
982 	if (key == NULL)
983 		{
984 		ERR_print_errors(err);
985 		goto end;
986 		}
987 	if (file == NULL && maybe_stdin)
988 		{
989 #ifdef _IONBF
990 		setvbuf(stdin, NULL, _IONBF, 0);
991 #endif
992 		BIO_set_fp(key,stdin,BIO_NOCLOSE);
993 		}
994 	else
995 		if (BIO_read_filename(key,file) <= 0)
996 			{
997 			BIO_printf(err, "Error opening %s %s\n",
998 				key_descrip, file);
999 			ERR_print_errors(err);
1000 			goto end;
1001 		}
1002 	if (format == FORMAT_ASN1)
1003 		{
1004 		pkey=d2i_PUBKEY_bio(key, NULL);
1005 		}
1006 #ifndef OPENSSL_NO_RSA
1007 	else if (format == FORMAT_ASN1RSA)
1008 		{
1009 		RSA *rsa;
1010 		rsa = d2i_RSAPublicKey_bio(key, NULL);
1011 		if (rsa)
1012 			{
1013 			pkey = EVP_PKEY_new();
1014 			if (pkey)
1015 				EVP_PKEY_set1_RSA(pkey, rsa);
1016 			RSA_free(rsa);
1017 			}
1018 		else
1019 			pkey = NULL;
1020 		}
1021 	else if (format == FORMAT_PEMRSA)
1022 		{
1023 		RSA *rsa;
1024 		rsa = PEM_read_bio_RSAPublicKey(key, NULL,
1025 			(pem_password_cb *)password_callback, &cb_data);
1026 		if (rsa)
1027 			{
1028 			pkey = EVP_PKEY_new();
1029 			if (pkey)
1030 				EVP_PKEY_set1_RSA(pkey, rsa);
1031 			RSA_free(rsa);
1032 			}
1033 		else
1034 			pkey = NULL;
1035 		}
1036 #endif
1037 	else if (format == FORMAT_PEM)
1038 		{
1039 		pkey=PEM_read_bio_PUBKEY(key,NULL,
1040 			(pem_password_cb *)password_callback, &cb_data);
1041 		}
1042 #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
1043 	else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
1044 		pkey = load_netscape_key(err, key, file, key_descrip, format);
1045 #endif
1046 #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
1047 	else if (format == FORMAT_MSBLOB)
1048 		pkey = b2i_PublicKey_bio(key);
1049 #endif
1050 	else
1051 		{
1052 		BIO_printf(err,"bad input format specified for key file\n");
1053 		goto end;
1054 		}
1055  end:
1056 	if (key != NULL) BIO_free(key);
1057 	if (pkey == NULL)
1058 		BIO_printf(err,"unable to load %s\n", key_descrip);
1059 	return(pkey);
1060 	}
1061 
1062 #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
1063 static EVP_PKEY *
load_netscape_key(BIO * err,BIO * key,const char * file,const char * key_descrip,int format)1064 load_netscape_key(BIO *err, BIO *key, const char *file,
1065 		const char *key_descrip, int format)
1066 	{
1067 	EVP_PKEY *pkey;
1068 	BUF_MEM *buf;
1069 	RSA	*rsa;
1070 	const unsigned char *p;
1071 	int size, i;
1072 
1073 	buf=BUF_MEM_new();
1074 	pkey = EVP_PKEY_new();
1075 	size = 0;
1076 	if (buf == NULL || pkey == NULL)
1077 		goto error;
1078 	for (;;)
1079 		{
1080 		if (!BUF_MEM_grow_clean(buf,size+1024*10))
1081 			goto error;
1082 		i = BIO_read(key, &(buf->data[size]), 1024*10);
1083 		size += i;
1084 		if (i == 0)
1085 			break;
1086 		if (i < 0)
1087 			{
1088 				BIO_printf(err, "Error reading %s %s",
1089 					key_descrip, file);
1090 				goto error;
1091 			}
1092 		}
1093 	p=(unsigned char *)buf->data;
1094 	rsa = d2i_RSA_NET(NULL,&p,(long)size,NULL,
1095 		(format == FORMAT_IISSGC ? 1 : 0));
1096 	if (rsa == NULL)
1097 		goto error;
1098 	BUF_MEM_free(buf);
1099 	EVP_PKEY_set1_RSA(pkey, rsa);
1100 	return pkey;
1101 error:
1102 	BUF_MEM_free(buf);
1103 	EVP_PKEY_free(pkey);
1104 	return NULL;
1105 	}
1106 #endif /* ndef OPENSSL_NO_RC4 */
1107 
load_certs_crls(BIO * err,const char * file,int format,const char * pass,ENGINE * e,const char * desc,STACK_OF (X509)** pcerts,STACK_OF (X509_CRL)** pcrls)1108 static int load_certs_crls(BIO *err, const char *file, int format,
1109 	const char *pass, ENGINE *e, const char *desc,
1110 	STACK_OF(X509) **pcerts, STACK_OF(X509_CRL) **pcrls)
1111 	{
1112 	int i;
1113 	BIO *bio;
1114 	STACK_OF(X509_INFO) *xis = NULL;
1115 	X509_INFO *xi;
1116 	PW_CB_DATA cb_data;
1117 	int rv = 0;
1118 
1119 	cb_data.password = pass;
1120 	cb_data.prompt_info = file;
1121 
1122 	if (format != FORMAT_PEM)
1123 		{
1124 		BIO_printf(err,"bad input format specified for %s\n", desc);
1125 		return 0;
1126 		}
1127 
1128 	if (file == NULL)
1129 		bio = BIO_new_fp(stdin,BIO_NOCLOSE);
1130 	else
1131 		bio = BIO_new_file(file, "r");
1132 
1133 	if (bio == NULL)
1134 		{
1135 		BIO_printf(err, "Error opening %s %s\n",
1136 				desc, file ? file : "stdin");
1137 		ERR_print_errors(err);
1138 		return 0;
1139 		}
1140 
1141 	xis = PEM_X509_INFO_read_bio(bio, NULL,
1142 				(pem_password_cb *)password_callback, &cb_data);
1143 
1144 	BIO_free(bio);
1145 
1146 	if (pcerts)
1147 		{
1148 		*pcerts = sk_X509_new_null();
1149 		if (!*pcerts)
1150 			goto end;
1151 		}
1152 
1153 	if (pcrls)
1154 		{
1155 		*pcrls = sk_X509_CRL_new_null();
1156 		if (!*pcrls)
1157 			goto end;
1158 		}
1159 
1160 	for(i = 0; i < sk_X509_INFO_num(xis); i++)
1161 		{
1162 		xi = sk_X509_INFO_value (xis, i);
1163 		if (xi->x509 && pcerts)
1164 			{
1165 			if (!sk_X509_push(*pcerts, xi->x509))
1166 				goto end;
1167 			xi->x509 = NULL;
1168 			}
1169 		if (xi->crl && pcrls)
1170 			{
1171 			if (!sk_X509_CRL_push(*pcrls, xi->crl))
1172 				goto end;
1173 			xi->crl = NULL;
1174 			}
1175 		}
1176 
1177 	if (pcerts && sk_X509_num(*pcerts) > 0)
1178 		rv = 1;
1179 
1180 	if (pcrls && sk_X509_CRL_num(*pcrls) > 0)
1181 		rv = 1;
1182 
1183 	end:
1184 
1185 	if (xis)
1186 		sk_X509_INFO_pop_free(xis, X509_INFO_free);
1187 
1188 	if (rv == 0)
1189 		{
1190 		if (pcerts)
1191 			{
1192 			sk_X509_pop_free(*pcerts, X509_free);
1193 			*pcerts = NULL;
1194 			}
1195 		if (pcrls)
1196 			{
1197 			sk_X509_CRL_pop_free(*pcrls, X509_CRL_free);
1198 			*pcrls = NULL;
1199 			}
1200 		BIO_printf(err,"unable to load %s\n",
1201 				pcerts ? "certificates" : "CRLs");
1202 		ERR_print_errors(err);
1203 		}
1204 	return rv;
1205 	}
1206 
STACK_OF(X509)1207 STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
1208 	const char *pass, ENGINE *e, const char *desc)
1209 	{
1210 	STACK_OF(X509) *certs;
1211 	load_certs_crls(err, file, format, pass, e, desc, &certs, NULL);
1212 	return certs;
1213 	}
1214 
STACK_OF(X509_CRL)1215 STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format,
1216 	const char *pass, ENGINE *e, const char *desc)
1217 	{
1218 	STACK_OF(X509_CRL) *crls;
1219 	load_certs_crls(err, file, format, pass, e, desc, NULL, &crls);
1220 	return crls;
1221 	}
1222 
1223 #define X509V3_EXT_UNKNOWN_MASK		(0xfL << 16)
1224 /* Return error for unknown extensions */
1225 #define X509V3_EXT_DEFAULT		0
1226 /* Print error for unknown extensions */
1227 #define X509V3_EXT_ERROR_UNKNOWN	(1L << 16)
1228 /* ASN1 parse unknown extensions */
1229 #define X509V3_EXT_PARSE_UNKNOWN	(2L << 16)
1230 /* BIO_dump unknown extensions */
1231 #define X509V3_EXT_DUMP_UNKNOWN		(3L << 16)
1232 
1233 #define X509_FLAG_CA (X509_FLAG_NO_ISSUER | X509_FLAG_NO_PUBKEY | \
1234 			 X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION)
1235 
set_cert_ex(unsigned long * flags,const char * arg)1236 int set_cert_ex(unsigned long *flags, const char *arg)
1237 {
1238 	static const NAME_EX_TBL cert_tbl[] = {
1239 		{ "compatible", X509_FLAG_COMPAT, 0xffffffffl},
1240 		{ "ca_default", X509_FLAG_CA, 0xffffffffl},
1241 		{ "no_header", X509_FLAG_NO_HEADER, 0},
1242 		{ "no_version", X509_FLAG_NO_VERSION, 0},
1243 		{ "no_serial", X509_FLAG_NO_SERIAL, 0},
1244 		{ "no_signame", X509_FLAG_NO_SIGNAME, 0},
1245 		{ "no_validity", X509_FLAG_NO_VALIDITY, 0},
1246 		{ "no_subject", X509_FLAG_NO_SUBJECT, 0},
1247 		{ "no_issuer", X509_FLAG_NO_ISSUER, 0},
1248 		{ "no_pubkey", X509_FLAG_NO_PUBKEY, 0},
1249 		{ "no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
1250 		{ "no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
1251 		{ "no_aux", X509_FLAG_NO_AUX, 0},
1252 		{ "no_attributes", X509_FLAG_NO_ATTRIBUTES, 0},
1253 		{ "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
1254 		{ "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
1255 		{ "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
1256 		{ "ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
1257 		{ NULL, 0, 0}
1258 	};
1259 	return set_multi_opts(flags, arg, cert_tbl);
1260 }
1261 
set_name_ex(unsigned long * flags,const char * arg)1262 int set_name_ex(unsigned long *flags, const char *arg)
1263 {
1264 	static const NAME_EX_TBL ex_tbl[] = {
1265 		{ "esc_2253", ASN1_STRFLGS_ESC_2253, 0},
1266 		{ "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
1267 		{ "esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
1268 		{ "use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
1269 		{ "utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},
1270 		{ "ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},
1271 		{ "show_type", ASN1_STRFLGS_SHOW_TYPE, 0},
1272 		{ "dump_all", ASN1_STRFLGS_DUMP_ALL, 0},
1273 		{ "dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},
1274 		{ "dump_der", ASN1_STRFLGS_DUMP_DER, 0},
1275 		{ "compat", XN_FLAG_COMPAT, 0xffffffffL},
1276 		{ "sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},
1277 		{ "sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},
1278 		{ "sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},
1279 		{ "sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},
1280 		{ "dn_rev", XN_FLAG_DN_REV, 0},
1281 		{ "nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
1282 		{ "sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
1283 		{ "lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
1284 		{ "align", XN_FLAG_FN_ALIGN, 0},
1285 		{ "oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
1286 		{ "space_eq", XN_FLAG_SPC_EQ, 0},
1287 		{ "dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
1288 		{ "RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
1289 		{ "oneline", XN_FLAG_ONELINE, 0xffffffffL},
1290 		{ "multiline", XN_FLAG_MULTILINE, 0xffffffffL},
1291 		{ "ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
1292 		{ NULL, 0, 0}
1293 	};
1294 	return set_multi_opts(flags, arg, ex_tbl);
1295 }
1296 
set_ext_copy(int * copy_type,const char * arg)1297 int set_ext_copy(int *copy_type, const char *arg)
1298 {
1299 	if (!strcasecmp(arg, "none"))
1300 		*copy_type = EXT_COPY_NONE;
1301 	else if (!strcasecmp(arg, "copy"))
1302 		*copy_type = EXT_COPY_ADD;
1303 	else if (!strcasecmp(arg, "copyall"))
1304 		*copy_type = EXT_COPY_ALL;
1305 	else
1306 		return 0;
1307 	return 1;
1308 }
1309 
copy_extensions(X509 * x,X509_REQ * req,int copy_type)1310 int copy_extensions(X509 *x, X509_REQ *req, int copy_type)
1311 {
1312 	STACK_OF(X509_EXTENSION) *exts = NULL;
1313 	X509_EXTENSION *ext, *tmpext;
1314 	ASN1_OBJECT *obj;
1315 	int i, idx, ret = 0;
1316 	if (!x || !req || (copy_type == EXT_COPY_NONE))
1317 		return 1;
1318 	exts = X509_REQ_get_extensions(req);
1319 
1320 	for(i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
1321 		ext = sk_X509_EXTENSION_value(exts, i);
1322 		obj = X509_EXTENSION_get_object(ext);
1323 		idx = X509_get_ext_by_OBJ(x, obj, -1);
1324 		/* Does extension exist? */
1325 		if (idx != -1) {
1326 			/* If normal copy don't override existing extension */
1327 			if (copy_type == EXT_COPY_ADD)
1328 				continue;
1329 			/* Delete all extensions of same type */
1330 			do {
1331 				tmpext = X509_get_ext(x, idx);
1332 				X509_delete_ext(x, idx);
1333 				X509_EXTENSION_free(tmpext);
1334 				idx = X509_get_ext_by_OBJ(x, obj, -1);
1335 			} while (idx != -1);
1336 		}
1337 		if (!X509_add_ext(x, ext, -1))
1338 			goto end;
1339 	}
1340 
1341 	ret = 1;
1342 
1343 	end:
1344 
1345 	sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
1346 
1347 	return ret;
1348 }
1349 
1350 
1351 
1352 
set_multi_opts(unsigned long * flags,const char * arg,const NAME_EX_TBL * in_tbl)1353 static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
1354 {
1355 	STACK_OF(CONF_VALUE) *vals;
1356 	CONF_VALUE *val;
1357 	int i, ret = 1;
1358 	if(!arg) return 0;
1359 	vals = X509V3_parse_list(arg);
1360 	for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
1361 		val = sk_CONF_VALUE_value(vals, i);
1362 		if (!set_table_opts(flags, val->name, in_tbl))
1363 			ret = 0;
1364 	}
1365 	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
1366 	return ret;
1367 }
1368 
set_table_opts(unsigned long * flags,const char * arg,const NAME_EX_TBL * in_tbl)1369 static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
1370 {
1371 	char c;
1372 	const NAME_EX_TBL *ptbl;
1373 	c = arg[0];
1374 
1375 	if(c == '-') {
1376 		c = 0;
1377 		arg++;
1378 	} else if (c == '+') {
1379 		c = 1;
1380 		arg++;
1381 	} else c = 1;
1382 
1383 	for(ptbl = in_tbl; ptbl->name; ptbl++) {
1384 		if(!strcasecmp(arg, ptbl->name)) {
1385 			*flags &= ~ptbl->mask;
1386 			if(c) *flags |= ptbl->flag;
1387 			else *flags &= ~ptbl->flag;
1388 			return 1;
1389 		}
1390 	}
1391 	return 0;
1392 }
1393 
print_name(BIO * out,const char * title,X509_NAME * nm,unsigned long lflags)1394 void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags)
1395 {
1396 	char *buf;
1397 	char mline = 0;
1398 	int indent = 0;
1399 
1400 	if(title) BIO_puts(out, title);
1401 	if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
1402 		mline = 1;
1403 		indent = 4;
1404 	}
1405 	if(lflags == XN_FLAG_COMPAT) {
1406 		buf = X509_NAME_oneline(nm, 0, 0);
1407 		BIO_puts(out, buf);
1408 		BIO_puts(out, "\n");
1409 		OPENSSL_free(buf);
1410 	} else {
1411 		if(mline) BIO_puts(out, "\n");
1412 		X509_NAME_print_ex(out, nm, indent, lflags);
1413 		BIO_puts(out, "\n");
1414 	}
1415 }
1416 
setup_verify(BIO * bp,char * CAfile,char * CApath)1417 X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath)
1418 {
1419 	X509_STORE *store;
1420 	X509_LOOKUP *lookup;
1421 	if(!(store = X509_STORE_new())) goto end;
1422 	lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
1423 	if (lookup == NULL) goto end;
1424 	if (CAfile) {
1425 		if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) {
1426 			BIO_printf(bp, "Error loading file %s\n", CAfile);
1427 			goto end;
1428 		}
1429 	} else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
1430 
1431 	lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
1432 	if (lookup == NULL) goto end;
1433 	if (CApath) {
1434 		if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) {
1435 			BIO_printf(bp, "Error loading directory %s\n", CApath);
1436 			goto end;
1437 		}
1438 	} else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
1439 
1440 	ERR_clear_error();
1441 	return store;
1442 	end:
1443 	X509_STORE_free(store);
1444 	return NULL;
1445 }
1446 
1447 #ifndef OPENSSL_NO_ENGINE
1448 /* Try to load an engine in a shareable library */
try_load_engine(BIO * err,const char * engine,int debug)1449 static ENGINE *try_load_engine(BIO *err, const char *engine, int debug)
1450 	{
1451 	ENGINE *e = ENGINE_by_id("dynamic");
1452 	if (e)
1453 		{
1454 		if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0)
1455 			|| !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
1456 			{
1457 			ENGINE_free(e);
1458 			e = NULL;
1459 			}
1460 		}
1461 	return e;
1462 	}
1463 
setup_engine(BIO * err,const char * engine,int debug)1464 ENGINE *setup_engine(BIO *err, const char *engine, int debug)
1465         {
1466         ENGINE *e = NULL;
1467 
1468         if (engine)
1469                 {
1470 		if(strcmp(engine, "auto") == 0)
1471 			{
1472 			BIO_printf(err,"enabling auto ENGINE support\n");
1473 			ENGINE_register_all_complete();
1474 			return NULL;
1475 			}
1476 		if((e = ENGINE_by_id(engine)) == NULL
1477 			&& (e = try_load_engine(err, engine, debug)) == NULL)
1478 			{
1479 			BIO_printf(err,"invalid engine \"%s\"\n", engine);
1480 			ERR_print_errors(err);
1481 			return NULL;
1482 			}
1483 		if (debug)
1484 			{
1485 			ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
1486 				0, err, 0);
1487 			}
1488                 ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);
1489 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
1490 			{
1491 			BIO_printf(err,"can't use that engine\n");
1492 			ERR_print_errors(err);
1493 			ENGINE_free(e);
1494 			return NULL;
1495 			}
1496 
1497 		BIO_printf(err,"engine \"%s\" set.\n", ENGINE_get_id(e));
1498 
1499 		/* Free our "structural" reference. */
1500 		ENGINE_free(e);
1501 		}
1502         return e;
1503         }
1504 #endif
1505 
load_config(BIO * err,CONF * cnf)1506 int load_config(BIO *err, CONF *cnf)
1507 	{
1508 	static int load_config_called = 0;
1509 	if (load_config_called)
1510 		return 1;
1511 	load_config_called = 1;
1512 	if (!cnf)
1513 		cnf = config;
1514 	if (!cnf)
1515 		return 1;
1516 
1517 	OPENSSL_load_builtin_modules();
1518 
1519 	if (CONF_modules_load(cnf, NULL, 0) <= 0)
1520 		{
1521 		BIO_printf(err, "Error configuring OpenSSL\n");
1522 		ERR_print_errors(err);
1523 		return 0;
1524 		}
1525 	return 1;
1526 	}
1527 
make_config_name()1528 char *make_config_name()
1529 	{
1530 	const char *t=X509_get_default_cert_area();
1531 	size_t len;
1532 	char *p;
1533 
1534 	len=strlen(t)+strlen(OPENSSL_CONF)+2;
1535 	p=OPENSSL_malloc(len);
1536 	BUF_strlcpy(p,t,len);
1537 #ifndef OPENSSL_SYS_VMS
1538 	BUF_strlcat(p,"/",len);
1539 #endif
1540 	BUF_strlcat(p,OPENSSL_CONF,len);
1541 
1542 	return p;
1543 	}
1544 
index_serial_hash(const OPENSSL_CSTRING * a)1545 static unsigned long index_serial_hash(const OPENSSL_CSTRING *a)
1546 	{
1547 	const char *n;
1548 
1549 	n=a[DB_serial];
1550 	while (*n == '0') n++;
1551 	return(lh_strhash(n));
1552 	}
1553 
index_serial_cmp(const OPENSSL_CSTRING * a,const OPENSSL_CSTRING * b)1554 static int index_serial_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
1555 	{
1556 	const char *aa,*bb;
1557 
1558 	for (aa=a[DB_serial]; *aa == '0'; aa++);
1559 	for (bb=b[DB_serial]; *bb == '0'; bb++);
1560 	return(strcmp(aa,bb));
1561 	}
1562 
index_name_qual(char ** a)1563 static int index_name_qual(char **a)
1564 	{ return(a[0][0] == 'V'); }
1565 
index_name_hash(const OPENSSL_CSTRING * a)1566 static unsigned long index_name_hash(const OPENSSL_CSTRING *a)
1567 	{ return(lh_strhash(a[DB_name])); }
1568 
index_name_cmp(const OPENSSL_CSTRING * a,const OPENSSL_CSTRING * b)1569 int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
1570 	{ return(strcmp(a[DB_name], b[DB_name])); }
1571 
IMPLEMENT_LHASH_HASH_FN(index_serial,OPENSSL_CSTRING)1572 static IMPLEMENT_LHASH_HASH_FN(index_serial, OPENSSL_CSTRING)
1573 static IMPLEMENT_LHASH_COMP_FN(index_serial, OPENSSL_CSTRING)
1574 static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING)
1575 static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING)
1576 
1577 #undef BSIZE
1578 #define BSIZE 256
1579 
1580 BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai)
1581 	{
1582 	BIO *in=NULL;
1583 	BIGNUM *ret=NULL;
1584 	MS_STATIC char buf[1024];
1585 	ASN1_INTEGER *ai=NULL;
1586 
1587 	ai=ASN1_INTEGER_new();
1588 	if (ai == NULL) goto err;
1589 
1590 	if ((in=BIO_new(BIO_s_file())) == NULL)
1591 		{
1592 		ERR_print_errors(bio_err);
1593 		goto err;
1594 		}
1595 
1596 	if (BIO_read_filename(in,serialfile) <= 0)
1597 		{
1598 		if (!create)
1599 			{
1600 			perror(serialfile);
1601 			goto err;
1602 			}
1603 		else
1604 			{
1605 			ret=BN_new();
1606 			if (ret == NULL || !rand_serial(ret, ai))
1607 				BIO_printf(bio_err, "Out of memory\n");
1608 			}
1609 		}
1610 	else
1611 		{
1612 		if (!a2i_ASN1_INTEGER(in,ai,buf,1024))
1613 			{
1614 			BIO_printf(bio_err,"unable to load number from %s\n",
1615 				serialfile);
1616 			goto err;
1617 			}
1618 		ret=ASN1_INTEGER_to_BN(ai,NULL);
1619 		if (ret == NULL)
1620 			{
1621 			BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");
1622 			goto err;
1623 			}
1624 		}
1625 
1626 	if (ret && retai)
1627 		{
1628 		*retai = ai;
1629 		ai = NULL;
1630 		}
1631  err:
1632 	if (in != NULL) BIO_free(in);
1633 	if (ai != NULL) ASN1_INTEGER_free(ai);
1634 	return(ret);
1635 	}
1636 
save_serial(char * serialfile,char * suffix,BIGNUM * serial,ASN1_INTEGER ** retai)1637 int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai)
1638 	{
1639 	char buf[1][BSIZE];
1640 	BIO *out = NULL;
1641 	int ret=0;
1642 	ASN1_INTEGER *ai=NULL;
1643 	int j;
1644 
1645 	if (suffix == NULL)
1646 		j = strlen(serialfile);
1647 	else
1648 		j = strlen(serialfile) + strlen(suffix) + 1;
1649 	if (j >= BSIZE)
1650 		{
1651 		BIO_printf(bio_err,"file name too long\n");
1652 		goto err;
1653 		}
1654 
1655 	if (suffix == NULL)
1656 		BUF_strlcpy(buf[0], serialfile, BSIZE);
1657 	else
1658 		{
1659 #ifndef OPENSSL_SYS_VMS
1660 		j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix);
1661 #else
1662 		j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);
1663 #endif
1664 		}
1665 #ifdef RL_DEBUG
1666 	BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
1667 #endif
1668 	out=BIO_new(BIO_s_file());
1669 	if (out == NULL)
1670 		{
1671 		ERR_print_errors(bio_err);
1672 		goto err;
1673 		}
1674 	if (BIO_write_filename(out,buf[0]) <= 0)
1675 		{
1676 		perror(serialfile);
1677 		goto err;
1678 		}
1679 
1680 	if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL)
1681 		{
1682 		BIO_printf(bio_err,"error converting serial to ASN.1 format\n");
1683 		goto err;
1684 		}
1685 	i2a_ASN1_INTEGER(out,ai);
1686 	BIO_puts(out,"\n");
1687 	ret=1;
1688 	if (retai)
1689 		{
1690 		*retai = ai;
1691 		ai = NULL;
1692 		}
1693 err:
1694 	if (out != NULL) BIO_free_all(out);
1695 	if (ai != NULL) ASN1_INTEGER_free(ai);
1696 	return(ret);
1697 	}
1698 
rotate_serial(char * serialfile,char * new_suffix,char * old_suffix)1699 int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
1700 	{
1701 	char buf[5][BSIZE];
1702 	int i,j;
1703 
1704 	i = strlen(serialfile) + strlen(old_suffix);
1705 	j = strlen(serialfile) + strlen(new_suffix);
1706 	if (i > j) j = i;
1707 	if (j + 1 >= BSIZE)
1708 		{
1709 		BIO_printf(bio_err,"file name too long\n");
1710 		goto err;
1711 		}
1712 
1713 #ifndef OPENSSL_SYS_VMS
1714 	j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",
1715 		serialfile, new_suffix);
1716 #else
1717 	j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",
1718 		serialfile, new_suffix);
1719 #endif
1720 #ifndef OPENSSL_SYS_VMS
1721 	j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",
1722 		serialfile, old_suffix);
1723 #else
1724 	j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
1725 		serialfile, old_suffix);
1726 #endif
1727 #ifdef RL_DEBUG
1728 	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
1729 		serialfile, buf[1]);
1730 #endif
1731 	if (rename(serialfile,buf[1]) < 0 && errno != ENOENT
1732 #ifdef ENOTDIR
1733 			&& errno != ENOTDIR
1734 #endif
1735 	   )		{
1736 			BIO_printf(bio_err,
1737 				"unable to rename %s to %s\n",
1738 				serialfile, buf[1]);
1739 			perror("reason");
1740 			goto err;
1741 			}
1742 #ifdef RL_DEBUG
1743 	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
1744 		buf[0],serialfile);
1745 #endif
1746 	if (rename(buf[0],serialfile) < 0)
1747 		{
1748 		BIO_printf(bio_err,
1749 			"unable to rename %s to %s\n",
1750 			buf[0],serialfile);
1751 		perror("reason");
1752 		rename(buf[1],serialfile);
1753 		goto err;
1754 		}
1755 	return 1;
1756  err:
1757 	return 0;
1758 	}
1759 
rand_serial(BIGNUM * b,ASN1_INTEGER * ai)1760 int rand_serial(BIGNUM *b, ASN1_INTEGER *ai)
1761 	{
1762 	BIGNUM *btmp;
1763 	int ret = 0;
1764 	if (b)
1765 		btmp = b;
1766 	else
1767 		btmp = BN_new();
1768 
1769 	if (!btmp)
1770 		return 0;
1771 
1772 	if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0))
1773 		goto error;
1774 	if (ai && !BN_to_ASN1_INTEGER(btmp, ai))
1775 		goto error;
1776 
1777 	ret = 1;
1778 
1779 	error:
1780 
1781 	if (!b)
1782 		BN_free(btmp);
1783 
1784 	return ret;
1785 	}
1786 
load_index(char * dbfile,DB_ATTR * db_attr)1787 CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
1788 	{
1789 	CA_DB *retdb = NULL;
1790 	TXT_DB *tmpdb = NULL;
1791 	BIO *in = BIO_new(BIO_s_file());
1792 	CONF *dbattr_conf = NULL;
1793 	char buf[1][BSIZE];
1794 	long errorline= -1;
1795 
1796 	if (in == NULL)
1797 		{
1798 		ERR_print_errors(bio_err);
1799 		goto err;
1800 		}
1801 	if (BIO_read_filename(in,dbfile) <= 0)
1802 		{
1803 		perror(dbfile);
1804 		BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
1805 		goto err;
1806 		}
1807 	if ((tmpdb = TXT_DB_read(in,DB_NUMBER)) == NULL)
1808 		goto err;
1809 
1810 #ifndef OPENSSL_SYS_VMS
1811 	BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile);
1812 #else
1813 	BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile);
1814 #endif
1815 	dbattr_conf = NCONF_new(NULL);
1816 	if (NCONF_load(dbattr_conf,buf[0],&errorline) <= 0)
1817 		{
1818 		if (errorline > 0)
1819 			{
1820 			BIO_printf(bio_err,
1821 				"error on line %ld of db attribute file '%s'\n"
1822 				,errorline,buf[0]);
1823 			goto err;
1824 			}
1825 		else
1826 			{
1827 			NCONF_free(dbattr_conf);
1828 			dbattr_conf = NULL;
1829 			}
1830 		}
1831 
1832 	if ((retdb = OPENSSL_malloc(sizeof(CA_DB))) == NULL)
1833 		{
1834 		fprintf(stderr, "Out of memory\n");
1835 		goto err;
1836 		}
1837 
1838 	retdb->db = tmpdb;
1839 	tmpdb = NULL;
1840 	if (db_attr)
1841 		retdb->attributes = *db_attr;
1842 	else
1843 		{
1844 		retdb->attributes.unique_subject = 1;
1845 		}
1846 
1847 	if (dbattr_conf)
1848 		{
1849 		char *p = NCONF_get_string(dbattr_conf,NULL,"unique_subject");
1850 		if (p)
1851 			{
1852 #ifdef RL_DEBUG
1853 			BIO_printf(bio_err, "DEBUG[load_index]: unique_subject = \"%s\"\n", p);
1854 #endif
1855 			retdb->attributes.unique_subject = parse_yesno(p,1);
1856 			}
1857 		}
1858 
1859  err:
1860 	if (dbattr_conf) NCONF_free(dbattr_conf);
1861 	if (tmpdb) TXT_DB_free(tmpdb);
1862 	if (in) BIO_free_all(in);
1863 	return retdb;
1864 	}
1865 
index_index(CA_DB * db)1866 int index_index(CA_DB *db)
1867 	{
1868 	if (!TXT_DB_create_index(db->db, DB_serial, NULL,
1869 				LHASH_HASH_FN(index_serial),
1870 				LHASH_COMP_FN(index_serial)))
1871 		{
1872 		BIO_printf(bio_err,
1873 		  "error creating serial number index:(%ld,%ld,%ld)\n",
1874 		  			db->db->error,db->db->arg1,db->db->arg2);
1875 			return 0;
1876 		}
1877 
1878 	if (db->attributes.unique_subject
1879 		&& !TXT_DB_create_index(db->db, DB_name, index_name_qual,
1880 			LHASH_HASH_FN(index_name),
1881 			LHASH_COMP_FN(index_name)))
1882 		{
1883 		BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
1884 			db->db->error,db->db->arg1,db->db->arg2);
1885 		return 0;
1886 		}
1887 	return 1;
1888 	}
1889 
save_index(const char * dbfile,const char * suffix,CA_DB * db)1890 int save_index(const char *dbfile, const char *suffix, CA_DB *db)
1891 	{
1892 	char buf[3][BSIZE];
1893 	BIO *out = BIO_new(BIO_s_file());
1894 	int j;
1895 
1896 	if (out == NULL)
1897 		{
1898 		ERR_print_errors(bio_err);
1899 		goto err;
1900 		}
1901 
1902 	j = strlen(dbfile) + strlen(suffix);
1903 	if (j + 6 >= BSIZE)
1904 		{
1905 		BIO_printf(bio_err,"file name too long\n");
1906 		goto err;
1907 		}
1908 
1909 #ifndef OPENSSL_SYS_VMS
1910 	j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
1911 #else
1912 	j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
1913 #endif
1914 #ifndef OPENSSL_SYS_VMS
1915 	j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
1916 #else
1917 	j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
1918 #endif
1919 #ifndef OPENSSL_SYS_VMS
1920 	j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
1921 #else
1922 	j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);
1923 #endif
1924 #ifdef RL_DEBUG
1925 	BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
1926 #endif
1927 	if (BIO_write_filename(out,buf[0]) <= 0)
1928 		{
1929 		perror(dbfile);
1930 		BIO_printf(bio_err,"unable to open '%s'\n", dbfile);
1931 		goto err;
1932 		}
1933 	j=TXT_DB_write(out,db->db);
1934 	if (j <= 0) goto err;
1935 
1936 	BIO_free(out);
1937 
1938 	out = BIO_new(BIO_s_file());
1939 #ifdef RL_DEBUG
1940 	BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[1]);
1941 #endif
1942 	if (BIO_write_filename(out,buf[1]) <= 0)
1943 		{
1944 		perror(buf[2]);
1945 		BIO_printf(bio_err,"unable to open '%s'\n", buf[2]);
1946 		goto err;
1947 		}
1948 	BIO_printf(out,"unique_subject = %s\n",
1949 		db->attributes.unique_subject ? "yes" : "no");
1950 	BIO_free(out);
1951 
1952 	return 1;
1953  err:
1954 	return 0;
1955 	}
1956 
rotate_index(const char * dbfile,const char * new_suffix,const char * old_suffix)1957 int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix)
1958 	{
1959 	char buf[5][BSIZE];
1960 	int i,j;
1961 
1962 	i = strlen(dbfile) + strlen(old_suffix);
1963 	j = strlen(dbfile) + strlen(new_suffix);
1964 	if (i > j) j = i;
1965 	if (j + 6 >= BSIZE)
1966 		{
1967 		BIO_printf(bio_err,"file name too long\n");
1968 		goto err;
1969 		}
1970 
1971 #ifndef OPENSSL_SYS_VMS
1972 	j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
1973 #else
1974 	j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
1975 #endif
1976 #ifndef OPENSSL_SYS_VMS
1977 	j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s",
1978 		dbfile, new_suffix);
1979 #else
1980 	j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s",
1981 		dbfile, new_suffix);
1982 #endif
1983 #ifndef OPENSSL_SYS_VMS
1984 	j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",
1985 		dbfile, new_suffix);
1986 #else
1987 	j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",
1988 		dbfile, new_suffix);
1989 #endif
1990 #ifndef OPENSSL_SYS_VMS
1991 	j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",
1992 		dbfile, old_suffix);
1993 #else
1994 	j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
1995 		dbfile, old_suffix);
1996 #endif
1997 #ifndef OPENSSL_SYS_VMS
1998 	j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s",
1999 		dbfile, old_suffix);
2000 #else
2001 	j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s",
2002 		dbfile, old_suffix);
2003 #endif
2004 #ifdef RL_DEBUG
2005 	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
2006 		dbfile, buf[1]);
2007 #endif
2008 	if (rename(dbfile,buf[1]) < 0 && errno != ENOENT
2009 #ifdef ENOTDIR
2010 		&& errno != ENOTDIR
2011 #endif
2012 	   )		{
2013 			BIO_printf(bio_err,
2014 				"unable to rename %s to %s\n",
2015 				dbfile, buf[1]);
2016 			perror("reason");
2017 			goto err;
2018 			}
2019 #ifdef RL_DEBUG
2020 	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
2021 		buf[0],dbfile);
2022 #endif
2023 	if (rename(buf[0],dbfile) < 0)
2024 		{
2025 		BIO_printf(bio_err,
2026 			"unable to rename %s to %s\n",
2027 			buf[0],dbfile);
2028 		perror("reason");
2029 		rename(buf[1],dbfile);
2030 		goto err;
2031 		}
2032 #ifdef RL_DEBUG
2033 	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
2034 		buf[4],buf[3]);
2035 #endif
2036 	if (rename(buf[4],buf[3]) < 0 && errno != ENOENT
2037 #ifdef ENOTDIR
2038 		&& errno != ENOTDIR
2039 #endif
2040 	   )		{
2041 			BIO_printf(bio_err,
2042 				"unable to rename %s to %s\n",
2043 				buf[4], buf[3]);
2044 			perror("reason");
2045 			rename(dbfile,buf[0]);
2046 			rename(buf[1],dbfile);
2047 			goto err;
2048 			}
2049 #ifdef RL_DEBUG
2050 	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
2051 		buf[2],buf[4]);
2052 #endif
2053 	if (rename(buf[2],buf[4]) < 0)
2054 		{
2055 		BIO_printf(bio_err,
2056 			"unable to rename %s to %s\n",
2057 			buf[2],buf[4]);
2058 		perror("reason");
2059 		rename(buf[3],buf[4]);
2060 		rename(dbfile,buf[0]);
2061 		rename(buf[1],dbfile);
2062 		goto err;
2063 		}
2064 	return 1;
2065  err:
2066 	return 0;
2067 	}
2068 
free_index(CA_DB * db)2069 void free_index(CA_DB *db)
2070 	{
2071 	if (db)
2072 		{
2073 		if (db->db) TXT_DB_free(db->db);
2074 		OPENSSL_free(db);
2075 		}
2076 	}
2077 
parse_yesno(const char * str,int def)2078 int parse_yesno(const char *str, int def)
2079 	{
2080 	int ret = def;
2081 	if (str)
2082 		{
2083 		switch (*str)
2084 			{
2085 		case 'f': /* false */
2086 		case 'F': /* FALSE */
2087 		case 'n': /* no */
2088 		case 'N': /* NO */
2089 		case '0': /* 0 */
2090 			ret = 0;
2091 			break;
2092 		case 't': /* true */
2093 		case 'T': /* TRUE */
2094 		case 'y': /* yes */
2095 		case 'Y': /* YES */
2096 		case '1': /* 1 */
2097 			ret = 1;
2098 			break;
2099 		default:
2100 			ret = def;
2101 			break;
2102 			}
2103 		}
2104 	return ret;
2105 	}
2106 
2107 /*
2108  * subject is expected to be in the format /type0=value0/type1=value1/type2=...
2109  * where characters may be escaped by \
2110  */
parse_name(char * subject,long chtype,int multirdn)2111 X509_NAME *parse_name(char *subject, long chtype, int multirdn)
2112 	{
2113 	size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */
2114 	char *buf = OPENSSL_malloc(buflen);
2115 	size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */
2116 	char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *));
2117 	char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *));
2118 	int *mval = OPENSSL_malloc (max_ne * sizeof (int));
2119 
2120 	char *sp = subject, *bp = buf;
2121 	int i, ne_num = 0;
2122 
2123 	X509_NAME *n = NULL;
2124 	int nid;
2125 
2126 	if (!buf || !ne_types || !ne_values)
2127 		{
2128 		BIO_printf(bio_err, "malloc error\n");
2129 		goto error;
2130 		}
2131 
2132 	if (*subject != '/')
2133 		{
2134 		BIO_printf(bio_err, "Subject does not start with '/'.\n");
2135 		goto error;
2136 		}
2137 	sp++; /* skip leading / */
2138 
2139 	/* no multivalued RDN by default */
2140 	mval[ne_num] = 0;
2141 
2142 	while (*sp)
2143 		{
2144 		/* collect type */
2145 		ne_types[ne_num] = bp;
2146 		while (*sp)
2147 			{
2148 			if (*sp == '\\') /* is there anything to escape in the type...? */
2149 				{
2150 				if (*++sp)
2151 					*bp++ = *sp++;
2152 				else
2153 					{
2154 					BIO_printf(bio_err, "escape character at end of string\n");
2155 					goto error;
2156 					}
2157 				}
2158 			else if (*sp == '=')
2159 				{
2160 				sp++;
2161 				*bp++ = '\0';
2162 				break;
2163 				}
2164 			else
2165 				*bp++ = *sp++;
2166 			}
2167 		if (!*sp)
2168 			{
2169 			BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num);
2170 			goto error;
2171 			}
2172 		ne_values[ne_num] = bp;
2173 		while (*sp)
2174 			{
2175 			if (*sp == '\\')
2176 				{
2177 				if (*++sp)
2178 					*bp++ = *sp++;
2179 				else
2180 					{
2181 					BIO_printf(bio_err, "escape character at end of string\n");
2182 					goto error;
2183 					}
2184 				}
2185 			else if (*sp == '/')
2186 				{
2187 				sp++;
2188 				/* no multivalued RDN by default */
2189 				mval[ne_num+1] = 0;
2190 				break;
2191 				}
2192 			else if (*sp == '+' && multirdn)
2193 				{
2194 				/* a not escaped + signals a mutlivalued RDN */
2195 				sp++;
2196 				mval[ne_num+1] = -1;
2197 				break;
2198 				}
2199 			else
2200 				*bp++ = *sp++;
2201 			}
2202 		*bp++ = '\0';
2203 		ne_num++;
2204 		}
2205 
2206 	if (!(n = X509_NAME_new()))
2207 		goto error;
2208 
2209 	for (i = 0; i < ne_num; i++)
2210 		{
2211 		if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef)
2212 			{
2213 			BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]);
2214 			continue;
2215 			}
2216 
2217 		if (!*ne_values[i])
2218 			{
2219 			BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]);
2220 			continue;
2221 			}
2222 
2223 		if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,mval[i]))
2224 			goto error;
2225 		}
2226 
2227 	OPENSSL_free(ne_values);
2228 	OPENSSL_free(ne_types);
2229 	OPENSSL_free(buf);
2230 	return n;
2231 
2232 error:
2233 	X509_NAME_free(n);
2234 	if (ne_values)
2235 		OPENSSL_free(ne_values);
2236 	if (ne_types)
2237 		OPENSSL_free(ne_types);
2238 	if (buf)
2239 		OPENSSL_free(buf);
2240 	return NULL;
2241 }
2242 
args_verify(char *** pargs,int * pargc,int * badarg,BIO * err,X509_VERIFY_PARAM ** pm)2243 int args_verify(char ***pargs, int *pargc,
2244 			int *badarg, BIO *err, X509_VERIFY_PARAM **pm)
2245 	{
2246 	ASN1_OBJECT *otmp = NULL;
2247 	unsigned long flags = 0;
2248 	int i;
2249 	int purpose = 0, depth = -1;
2250 	char **oldargs = *pargs;
2251 	char *arg = **pargs, *argn = (*pargs)[1];
2252 	if (!strcmp(arg, "-policy"))
2253 		{
2254 		if (!argn)
2255 			*badarg = 1;
2256 		else
2257 			{
2258 			otmp = OBJ_txt2obj(argn, 0);
2259 			if (!otmp)
2260 				{
2261 				BIO_printf(err, "Invalid Policy \"%s\"\n",
2262 									argn);
2263 				*badarg = 1;
2264 				}
2265 			}
2266 		(*pargs)++;
2267 		}
2268 	else if (strcmp(arg,"-purpose") == 0)
2269 		{
2270 		X509_PURPOSE *xptmp;
2271 		if (!argn)
2272 			*badarg = 1;
2273 		else
2274 			{
2275 			i = X509_PURPOSE_get_by_sname(argn);
2276 			if(i < 0)
2277 				{
2278 				BIO_printf(err, "unrecognized purpose\n");
2279 				*badarg = 1;
2280 				}
2281 			else
2282 				{
2283 				xptmp = X509_PURPOSE_get0(i);
2284 				purpose = X509_PURPOSE_get_id(xptmp);
2285 				}
2286 			}
2287 		(*pargs)++;
2288 		}
2289 	else if (strcmp(arg,"-verify_depth") == 0)
2290 		{
2291 		if (!argn)
2292 			*badarg = 1;
2293 		else
2294 			{
2295 			depth = atoi(argn);
2296 			if(depth < 0)
2297 				{
2298 				BIO_printf(err, "invalid depth\n");
2299 				*badarg = 1;
2300 				}
2301 			}
2302 		(*pargs)++;
2303 		}
2304 	else if (!strcmp(arg, "-ignore_critical"))
2305 		flags |= X509_V_FLAG_IGNORE_CRITICAL;
2306 	else if (!strcmp(arg, "-issuer_checks"))
2307 		flags |= X509_V_FLAG_CB_ISSUER_CHECK;
2308 	else if (!strcmp(arg, "-crl_check"))
2309 		flags |=  X509_V_FLAG_CRL_CHECK;
2310 	else if (!strcmp(arg, "-crl_check_all"))
2311 		flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
2312 	else if (!strcmp(arg, "-policy_check"))
2313 		flags |= X509_V_FLAG_POLICY_CHECK;
2314 	else if (!strcmp(arg, "-explicit_policy"))
2315 		flags |= X509_V_FLAG_EXPLICIT_POLICY;
2316 	else if (!strcmp(arg, "-inhibit_any"))
2317 		flags |= X509_V_FLAG_INHIBIT_ANY;
2318 	else if (!strcmp(arg, "-inhibit_map"))
2319 		flags |= X509_V_FLAG_INHIBIT_MAP;
2320 	else if (!strcmp(arg, "-x509_strict"))
2321 		flags |= X509_V_FLAG_X509_STRICT;
2322 	else if (!strcmp(arg, "-extended_crl"))
2323 		flags |= X509_V_FLAG_EXTENDED_CRL_SUPPORT;
2324 	else if (!strcmp(arg, "-use_deltas"))
2325 		flags |= X509_V_FLAG_USE_DELTAS;
2326 	else if (!strcmp(arg, "-policy_print"))
2327 		flags |= X509_V_FLAG_NOTIFY_POLICY;
2328 	else if (!strcmp(arg, "-check_ss_sig"))
2329 		flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
2330 	else
2331 		return 0;
2332 
2333 	if (*badarg)
2334 		{
2335 		if (*pm)
2336 			X509_VERIFY_PARAM_free(*pm);
2337 		*pm = NULL;
2338 		goto end;
2339 		}
2340 
2341 	if (!*pm && !(*pm = X509_VERIFY_PARAM_new()))
2342 		{
2343 		*badarg = 1;
2344 		goto end;
2345 		}
2346 
2347 	if (otmp)
2348 		X509_VERIFY_PARAM_add0_policy(*pm, otmp);
2349 	if (flags)
2350 		X509_VERIFY_PARAM_set_flags(*pm, flags);
2351 
2352 	if (purpose)
2353 		X509_VERIFY_PARAM_set_purpose(*pm, purpose);
2354 
2355 	if (depth >= 0)
2356 		X509_VERIFY_PARAM_set_depth(*pm, depth);
2357 
2358 	end:
2359 
2360 	(*pargs)++;
2361 
2362 	if (pargc)
2363 		*pargc -= *pargs - oldargs;
2364 
2365 	return 1;
2366 
2367 	}
2368 
2369 /* Read whole contents of a BIO into an allocated memory buffer and
2370  * return it.
2371  */
2372 
bio_to_mem(unsigned char ** out,int maxlen,BIO * in)2373 int bio_to_mem(unsigned char **out, int maxlen, BIO *in)
2374 	{
2375 	BIO *mem;
2376 	int len, ret;
2377 	unsigned char tbuf[1024];
2378 	mem = BIO_new(BIO_s_mem());
2379 	if (!mem)
2380 		return -1;
2381 	for(;;)
2382 		{
2383 		if ((maxlen != -1) && maxlen < 1024)
2384 			len = maxlen;
2385 		else
2386 			len = 1024;
2387 		len = BIO_read(in, tbuf, len);
2388 		if (len <= 0)
2389 			break;
2390 		if (BIO_write(mem, tbuf, len) != len)
2391 			{
2392 			BIO_free(mem);
2393 			return -1;
2394 			}
2395 		maxlen -= len;
2396 
2397 		if (maxlen == 0)
2398 			break;
2399 		}
2400 	ret = BIO_get_mem_data(mem, (char **)out);
2401 	BIO_set_flags(mem, BIO_FLAGS_MEM_RDONLY);
2402 	BIO_free(mem);
2403 	return ret;
2404 	}
2405 
pkey_ctrl_string(EVP_PKEY_CTX * ctx,char * value)2406 int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value)
2407 	{
2408 	int rv;
2409 	char *stmp, *vtmp = NULL;
2410 	stmp = BUF_strdup(value);
2411 	if (!stmp)
2412 		return -1;
2413 	vtmp = strchr(stmp, ':');
2414 	if (vtmp)
2415 		{
2416 		*vtmp = 0;
2417 		vtmp++;
2418 		}
2419 	rv = EVP_PKEY_CTX_ctrl_str(ctx, stmp, vtmp);
2420 	OPENSSL_free(stmp);
2421 	return rv;
2422 	}
2423 
nodes_print(BIO * out,const char * name,STACK_OF (X509_POLICY_NODE)* nodes)2424 static void nodes_print(BIO *out, const char *name,
2425 	STACK_OF(X509_POLICY_NODE) *nodes)
2426 	{
2427 	X509_POLICY_NODE *node;
2428 	int i;
2429 	BIO_printf(out, "%s Policies:", name);
2430 	if (nodes)
2431 		{
2432 		BIO_puts(out, "\n");
2433 		for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++)
2434 			{
2435 			node = sk_X509_POLICY_NODE_value(nodes, i);
2436 			X509_POLICY_NODE_print(out, node, 2);
2437 			}
2438 		}
2439 	else
2440 		BIO_puts(out, " <empty>\n");
2441 	}
2442 
policies_print(BIO * out,X509_STORE_CTX * ctx)2443 void policies_print(BIO *out, X509_STORE_CTX *ctx)
2444 	{
2445 	X509_POLICY_TREE *tree;
2446 	int explicit_policy;
2447 	int free_out = 0;
2448 	if (out == NULL)
2449 		{
2450 		out = BIO_new_fp(stderr, BIO_NOCLOSE);
2451 		free_out = 1;
2452 		}
2453 	tree = X509_STORE_CTX_get0_policy_tree(ctx);
2454 	explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx);
2455 
2456 	BIO_printf(out, "Require explicit Policy: %s\n",
2457 				explicit_policy ? "True" : "False");
2458 
2459 	nodes_print(out, "Authority", X509_policy_tree_get0_policies(tree));
2460 	nodes_print(out, "User", X509_policy_tree_get0_user_policies(tree));
2461 	if (free_out)
2462 		BIO_free(out);
2463 	}
2464 
2465 #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
2466 
jpake_init(const char * us,const char * them,const char * secret)2467 static JPAKE_CTX *jpake_init(const char *us, const char *them,
2468 							 const char *secret)
2469 	{
2470 	BIGNUM *p = NULL;
2471 	BIGNUM *g = NULL;
2472 	BIGNUM *q = NULL;
2473 	BIGNUM *bnsecret = BN_new();
2474 	JPAKE_CTX *ctx;
2475 
2476 	/* Use a safe prime for p (that we found earlier) */
2477 	BN_hex2bn(&p, "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F");
2478 	g = BN_new();
2479 	BN_set_word(g, 2);
2480 	q = BN_new();
2481 	BN_rshift1(q, p);
2482 
2483 	BN_bin2bn((const unsigned char *)secret, strlen(secret), bnsecret);
2484 
2485 	ctx = JPAKE_CTX_new(us, them, p, g, q, bnsecret);
2486 	BN_free(bnsecret);
2487 	BN_free(q);
2488 	BN_free(g);
2489 	BN_free(p);
2490 
2491 	return ctx;
2492 	}
2493 
jpake_send_part(BIO * conn,const JPAKE_STEP_PART * p)2494 static void jpake_send_part(BIO *conn, const JPAKE_STEP_PART *p)
2495 	{
2496 	BN_print(conn, p->gx);
2497 	BIO_puts(conn, "\n");
2498 	BN_print(conn, p->zkpx.gr);
2499 	BIO_puts(conn, "\n");
2500 	BN_print(conn, p->zkpx.b);
2501 	BIO_puts(conn, "\n");
2502 	}
2503 
jpake_send_step1(BIO * bconn,JPAKE_CTX * ctx)2504 static void jpake_send_step1(BIO *bconn, JPAKE_CTX *ctx)
2505 	{
2506 	JPAKE_STEP1 s1;
2507 
2508 	JPAKE_STEP1_init(&s1);
2509 	JPAKE_STEP1_generate(&s1, ctx);
2510 	jpake_send_part(bconn, &s1.p1);
2511 	jpake_send_part(bconn, &s1.p2);
2512 	(void)BIO_flush(bconn);
2513 	JPAKE_STEP1_release(&s1);
2514 	}
2515 
jpake_send_step2(BIO * bconn,JPAKE_CTX * ctx)2516 static void jpake_send_step2(BIO *bconn, JPAKE_CTX *ctx)
2517 	{
2518 	JPAKE_STEP2 s2;
2519 
2520 	JPAKE_STEP2_init(&s2);
2521 	JPAKE_STEP2_generate(&s2, ctx);
2522 	jpake_send_part(bconn, &s2);
2523 	(void)BIO_flush(bconn);
2524 	JPAKE_STEP2_release(&s2);
2525 	}
2526 
jpake_send_step3a(BIO * bconn,JPAKE_CTX * ctx)2527 static void jpake_send_step3a(BIO *bconn, JPAKE_CTX *ctx)
2528 	{
2529 	JPAKE_STEP3A s3a;
2530 
2531 	JPAKE_STEP3A_init(&s3a);
2532 	JPAKE_STEP3A_generate(&s3a, ctx);
2533 	BIO_write(bconn, s3a.hhk, sizeof s3a.hhk);
2534 	(void)BIO_flush(bconn);
2535 	JPAKE_STEP3A_release(&s3a);
2536 	}
2537 
jpake_send_step3b(BIO * bconn,JPAKE_CTX * ctx)2538 static void jpake_send_step3b(BIO *bconn, JPAKE_CTX *ctx)
2539 	{
2540 	JPAKE_STEP3B s3b;
2541 
2542 	JPAKE_STEP3B_init(&s3b);
2543 	JPAKE_STEP3B_generate(&s3b, ctx);
2544 	BIO_write(bconn, s3b.hk, sizeof s3b.hk);
2545 	(void)BIO_flush(bconn);
2546 	JPAKE_STEP3B_release(&s3b);
2547 	}
2548 
readbn(BIGNUM ** bn,BIO * bconn)2549 static void readbn(BIGNUM **bn, BIO *bconn)
2550 	{
2551 	char buf[10240];
2552 	int l;
2553 
2554 	l = BIO_gets(bconn, buf, sizeof buf);
2555 	assert(l > 0);
2556 	assert(buf[l-1] == '\n');
2557 	buf[l-1] = '\0';
2558 	BN_hex2bn(bn, buf);
2559 	}
2560 
jpake_receive_part(JPAKE_STEP_PART * p,BIO * bconn)2561 static void jpake_receive_part(JPAKE_STEP_PART *p, BIO *bconn)
2562 	{
2563 	readbn(&p->gx, bconn);
2564 	readbn(&p->zkpx.gr, bconn);
2565 	readbn(&p->zkpx.b, bconn);
2566 	}
2567 
jpake_receive_step1(JPAKE_CTX * ctx,BIO * bconn)2568 static void jpake_receive_step1(JPAKE_CTX *ctx, BIO *bconn)
2569 	{
2570 	JPAKE_STEP1 s1;
2571 
2572 	JPAKE_STEP1_init(&s1);
2573 	jpake_receive_part(&s1.p1, bconn);
2574 	jpake_receive_part(&s1.p2, bconn);
2575 	if(!JPAKE_STEP1_process(ctx, &s1))
2576 		{
2577 		ERR_print_errors(bio_err);
2578 		exit(1);
2579 		}
2580 	JPAKE_STEP1_release(&s1);
2581 	}
2582 
jpake_receive_step2(JPAKE_CTX * ctx,BIO * bconn)2583 static void jpake_receive_step2(JPAKE_CTX *ctx, BIO *bconn)
2584 	{
2585 	JPAKE_STEP2 s2;
2586 
2587 	JPAKE_STEP2_init(&s2);
2588 	jpake_receive_part(&s2, bconn);
2589 	if(!JPAKE_STEP2_process(ctx, &s2))
2590 		{
2591 		ERR_print_errors(bio_err);
2592 		exit(1);
2593 		}
2594 	JPAKE_STEP2_release(&s2);
2595 	}
2596 
jpake_receive_step3a(JPAKE_CTX * ctx,BIO * bconn)2597 static void jpake_receive_step3a(JPAKE_CTX *ctx, BIO *bconn)
2598 	{
2599 	JPAKE_STEP3A s3a;
2600 	int l;
2601 
2602 	JPAKE_STEP3A_init(&s3a);
2603 	l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk);
2604 	assert(l == sizeof s3a.hhk);
2605 	if(!JPAKE_STEP3A_process(ctx, &s3a))
2606 		{
2607 		ERR_print_errors(bio_err);
2608 		exit(1);
2609 		}
2610 	JPAKE_STEP3A_release(&s3a);
2611 	}
2612 
jpake_receive_step3b(JPAKE_CTX * ctx,BIO * bconn)2613 static void jpake_receive_step3b(JPAKE_CTX *ctx, BIO *bconn)
2614 	{
2615 	JPAKE_STEP3B s3b;
2616 	int l;
2617 
2618 	JPAKE_STEP3B_init(&s3b);
2619 	l = BIO_read(bconn, s3b.hk, sizeof s3b.hk);
2620 	assert(l == sizeof s3b.hk);
2621 	if(!JPAKE_STEP3B_process(ctx, &s3b))
2622 		{
2623 		ERR_print_errors(bio_err);
2624 		exit(1);
2625 		}
2626 	JPAKE_STEP3B_release(&s3b);
2627 	}
2628 
jpake_client_auth(BIO * out,BIO * conn,const char * secret)2629 void jpake_client_auth(BIO *out, BIO *conn, const char *secret)
2630 	{
2631 	JPAKE_CTX *ctx;
2632 	BIO *bconn;
2633 
2634 	BIO_puts(out, "Authenticating with JPAKE\n");
2635 
2636 	ctx = jpake_init("client", "server", secret);
2637 
2638 	bconn = BIO_new(BIO_f_buffer());
2639 	BIO_push(bconn, conn);
2640 
2641 	jpake_send_step1(bconn, ctx);
2642 	jpake_receive_step1(ctx, bconn);
2643 	jpake_send_step2(bconn, ctx);
2644 	jpake_receive_step2(ctx, bconn);
2645 	jpake_send_step3a(bconn, ctx);
2646 	jpake_receive_step3b(ctx, bconn);
2647 
2648 	BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
2649 
2650 	psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
2651 
2652 	BIO_pop(bconn);
2653 	BIO_free(bconn);
2654 
2655 	JPAKE_CTX_free(ctx);
2656 	}
2657 
jpake_server_auth(BIO * out,BIO * conn,const char * secret)2658 void jpake_server_auth(BIO *out, BIO *conn, const char *secret)
2659 	{
2660 	JPAKE_CTX *ctx;
2661 	BIO *bconn;
2662 
2663 	BIO_puts(out, "Authenticating with JPAKE\n");
2664 
2665 	ctx = jpake_init("server", "client", secret);
2666 
2667 	bconn = BIO_new(BIO_f_buffer());
2668 	BIO_push(bconn, conn);
2669 
2670 	jpake_receive_step1(ctx, bconn);
2671 	jpake_send_step1(bconn, ctx);
2672 	jpake_receive_step2(ctx, bconn);
2673 	jpake_send_step2(bconn, ctx);
2674 	jpake_receive_step3a(ctx, bconn);
2675 	jpake_send_step3b(bconn, ctx);
2676 
2677 	BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
2678 
2679 	psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
2680 
2681 	BIO_pop(bconn);
2682 	BIO_free(bconn);
2683 
2684 	JPAKE_CTX_free(ctx);
2685 	}
2686 
2687 #endif
2688 
2689 /*
2690  * Platform-specific sections
2691  */
2692 #if defined(_WIN32)
2693 # ifdef fileno
2694 #  undef fileno
2695 #  define fileno(a) (int)_fileno(a)
2696 # endif
2697 
2698 # include <windows.h>
2699 # include <tchar.h>
2700 
WIN32_rename(const char * from,const char * to)2701 static int WIN32_rename(const char *from, const char *to)
2702 	{
2703 	TCHAR  *tfrom=NULL,*tto;
2704 	DWORD	err;
2705 	int	ret=0;
2706 
2707 	if (sizeof(TCHAR) == 1)
2708 		{
2709 		tfrom = (TCHAR *)from;
2710 		tto   = (TCHAR *)to;
2711 		}
2712 	else	/* UNICODE path */
2713 		{
2714 		size_t i,flen=strlen(from)+1,tlen=strlen(to)+1;
2715 		tfrom = (TCHAR *)malloc(sizeof(TCHAR)*(flen+tlen));
2716 		if (tfrom==NULL) goto err;
2717 		tto=tfrom+flen;
2718 #if !defined(_WIN32_WCE) || _WIN32_WCE>=101
2719 		if (!MultiByteToWideChar(CP_ACP,0,from,flen,(WCHAR *)tfrom,flen))
2720 #endif
2721 			for (i=0;i<flen;i++)	tfrom[i]=(TCHAR)from[i];
2722 #if !defined(_WIN32_WCE) || _WIN32_WCE>=101
2723 		if (!MultiByteToWideChar(CP_ACP,0,to,  tlen,(WCHAR *)tto,  tlen))
2724 #endif
2725 			for (i=0;i<tlen;i++)	tto[i]  =(TCHAR)to[i];
2726 		}
2727 
2728 	if (MoveFile(tfrom,tto))	goto ok;
2729 	err=GetLastError();
2730 	if (err==ERROR_ALREADY_EXISTS || err==ERROR_FILE_EXISTS)
2731 		{
2732 		if (DeleteFile(tto) && MoveFile(tfrom,tto))
2733 			goto ok;
2734 		err=GetLastError();
2735 		}
2736 	if (err==ERROR_FILE_NOT_FOUND || err==ERROR_PATH_NOT_FOUND)
2737 		errno = ENOENT;
2738 	else if (err==ERROR_ACCESS_DENIED)
2739 		errno = EACCES;
2740 	else
2741 		errno = EINVAL;	/* we could map more codes... */
2742 err:
2743 	ret=-1;
2744 ok:
2745 	if (tfrom!=NULL && tfrom!=(TCHAR *)from)	free(tfrom);
2746 	return ret;
2747 	}
2748 #endif
2749 
2750 /* app_tminterval section */
2751 #if defined(_WIN32)
app_tminterval(int stop,int usertime)2752 double app_tminterval(int stop,int usertime)
2753 	{
2754 	FILETIME		now;
2755 	double			ret=0;
2756 	static ULARGE_INTEGER	tmstart;
2757 	static int		warning=1;
2758 #ifdef _WIN32_WINNT
2759 	static HANDLE		proc=NULL;
2760 
2761 	if (proc==NULL)
2762 		{
2763 		if (GetVersion() < 0x80000000)
2764 			proc = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,
2765 						GetCurrentProcessId());
2766 		if (proc==NULL) proc = (HANDLE)-1;
2767 		}
2768 
2769 	if (usertime && proc!=(HANDLE)-1)
2770 		{
2771 		FILETIME junk;
2772 		GetProcessTimes(proc,&junk,&junk,&junk,&now);
2773 		}
2774 	else
2775 #endif
2776 		{
2777 		SYSTEMTIME systime;
2778 
2779 		if (usertime && warning)
2780 			{
2781 			BIO_printf(bio_err,"To get meaningful results, run "
2782 					   "this program on idle system.\n");
2783 			warning=0;
2784 			}
2785 		GetSystemTime(&systime);
2786 		SystemTimeToFileTime(&systime,&now);
2787 		}
2788 
2789 	if (stop==TM_START)
2790 		{
2791 		tmstart.u.LowPart  = now.dwLowDateTime;
2792 		tmstart.u.HighPart = now.dwHighDateTime;
2793 		}
2794 	else	{
2795 		ULARGE_INTEGER tmstop;
2796 
2797 		tmstop.u.LowPart   = now.dwLowDateTime;
2798 		tmstop.u.HighPart  = now.dwHighDateTime;
2799 
2800 		ret = (__int64)(tmstop.QuadPart - tmstart.QuadPart)*1e-7;
2801 		}
2802 
2803 	return (ret);
2804 	}
2805 
2806 #elif defined(OPENSSL_SYS_NETWARE)
2807 #include <time.h>
2808 
app_tminterval(int stop,int usertime)2809 double app_tminterval(int stop,int usertime)
2810 	{
2811 	double		ret=0;
2812 	static clock_t	tmstart;
2813 	static int	warning=1;
2814 
2815 	if (usertime && warning)
2816 		{
2817 		BIO_printf(bio_err,"To get meaningful results, run "
2818 				   "this program on idle system.\n");
2819 		warning=0;
2820 		}
2821 
2822 	if (stop==TM_START)	tmstart = clock();
2823 	else			ret     = (clock()-tmstart)/(double)CLOCKS_PER_SEC;
2824 
2825 	return (ret);
2826 	}
2827 
2828 #elif defined(OPENSSL_SYSTEM_VXWORKS)
2829 #include <time.h>
2830 
app_tminterval(int stop,int usertime)2831 double app_tminterval(int stop,int usertime)
2832 	{
2833 	double ret=0;
2834 #ifdef CLOCK_REALTIME
2835 	static struct timespec	tmstart;
2836 	struct timespec		now;
2837 #else
2838 	static unsigned long	tmstart;
2839 	unsigned long		now;
2840 #endif
2841 	static int warning=1;
2842 
2843 	if (usertime && warning)
2844 		{
2845 		BIO_printf(bio_err,"To get meaningful results, run "
2846 				   "this program on idle system.\n");
2847 		warning=0;
2848 		}
2849 
2850 #ifdef CLOCK_REALTIME
2851 	clock_gettime(CLOCK_REALTIME,&now);
2852 	if (stop==TM_START)	tmstart = now;
2853 	else	ret = ( (now.tv_sec+now.tv_nsec*1e-9)
2854 			- (tmstart.tv_sec+tmstart.tv_nsec*1e-9) );
2855 #else
2856 	now = tickGet();
2857 	if (stop==TM_START)	tmstart = now;
2858 	else			ret = (now - tmstart)/(double)sysClkRateGet();
2859 #endif
2860 	return (ret);
2861 	}
2862 
2863 #elif defined(OPENSSL_SYSTEM_VMS)
2864 #include <time.h>
2865 #include <times.h>
2866 
app_tminterval(int stop,int usertime)2867 double app_tminterval(int stop,int usertime)
2868 	{
2869 	static clock_t	tmstart;
2870 	double		ret = 0;
2871 	clock_t		now;
2872 #ifdef __TMS
2873 	struct tms	rus;
2874 
2875 	now = times(&rus);
2876 	if (usertime)	now = rus.tms_utime;
2877 #else
2878 	if (usertime)
2879 		now = clock(); /* sum of user and kernel times */
2880 	else	{
2881 		struct timeval tv;
2882 		gettimeofday(&tv,NULL);
2883 		now = (clock_t)(
2884 			(unsigned long long)tv.tv_sec*CLK_TCK +
2885 			(unsigned long long)tv.tv_usec*(1000000/CLK_TCK)
2886 			);
2887 		}
2888 #endif
2889 	if (stop==TM_START)	tmstart = now;
2890 	else			ret = (now - tmstart)/(double)(CLK_TCK);
2891 
2892 	return (ret);
2893 	}
2894 
2895 #elif defined(_SC_CLK_TCK)	/* by means of unistd.h */
2896 #include <sys/times.h>
2897 
app_tminterval(int stop,int usertime)2898 double app_tminterval(int stop,int usertime)
2899 	{
2900 	double		ret = 0;
2901 	struct tms	rus;
2902 	clock_t		now = times(&rus);
2903 	static clock_t	tmstart;
2904 
2905 	if (usertime)		now = rus.tms_utime;
2906 
2907 	if (stop==TM_START)	tmstart = now;
2908 	else
2909 		{
2910 		long int tck = sysconf(_SC_CLK_TCK);
2911 		ret = (now - tmstart)/(double)tck;
2912 		}
2913 
2914 	return (ret);
2915 	}
2916 
2917 #else
2918 #include <sys/time.h>
2919 #include <sys/resource.h>
2920 
app_tminterval(int stop,int usertime)2921 double app_tminterval(int stop,int usertime)
2922 	{
2923 	double		ret = 0;
2924 	struct rusage	rus;
2925 	struct timeval	now;
2926 	static struct timeval tmstart;
2927 
2928 	if (usertime)		getrusage(RUSAGE_SELF,&rus), now = rus.ru_utime;
2929 	else			gettimeofday(&now,NULL);
2930 
2931 	if (stop==TM_START)	tmstart = now;
2932 	else			ret = ( (now.tv_sec+now.tv_usec*1e-6)
2933 					- (tmstart.tv_sec+tmstart.tv_usec*1e-6) );
2934 
2935 	return ret;
2936 	}
2937 #endif
2938 
2939 /* app_isdir section */
2940 #ifdef _WIN32
app_isdir(const char * name)2941 int app_isdir(const char *name)
2942 	{
2943 	HANDLE		hList;
2944 	WIN32_FIND_DATA	FileData;
2945 #if defined(UNICODE) || defined(_UNICODE)
2946 	size_t i, len_0 = strlen(name)+1;
2947 
2948 	if (len_0 > sizeof(FileData.cFileName)/sizeof(FileData.cFileName[0]))
2949 		return -1;
2950 
2951 #if !defined(_WIN32_WCE) || _WIN32_WCE>=101
2952 	if (!MultiByteToWideChar(CP_ACP,0,name,len_0,FileData.cFileName,len_0))
2953 #endif
2954 		for (i=0;i<len_0;i++)
2955 			FileData.cFileName[i] = (WCHAR)name[i];
2956 
2957 	hList = FindFirstFile(FileData.cFileName,&FileData);
2958 #else
2959 	hList = FindFirstFile(name,&FileData);
2960 #endif
2961 	if (hList == INVALID_HANDLE_VALUE)	return -1;
2962 	FindClose(hList);
2963 	return ((FileData.dwFileAttributes&FILE_ATTRIBUTE_DIRECTORY)!=0);
2964 	}
2965 #else
2966 #include <sys/stat.h>
2967 #ifndef S_ISDIR
2968 # if defined(_S_IFMT) && defined(_S_IFDIR)
2969 #  define S_ISDIR(a)   (((a) & _S_IFMT) == _S_IFDIR)
2970 # else
2971 #  define S_ISDIR(a)   (((a) & S_IFMT) == S_IFDIR)
2972 # endif
2973 #endif
2974 
app_isdir(const char * name)2975 int app_isdir(const char *name)
2976 	{
2977 #if defined(S_ISDIR)
2978 	struct stat st;
2979 
2980 	if (stat(name,&st)==0)	return S_ISDIR(st.st_mode);
2981 	else			return -1;
2982 #else
2983 	return -1;
2984 #endif
2985 	}
2986 #endif
2987 
2988 /* raw_read|write section */
2989 #if defined(_WIN32) && defined(STD_INPUT_HANDLE)
raw_read_stdin(void * buf,int siz)2990 int raw_read_stdin(void *buf,int siz)
2991 	{
2992 	DWORD n;
2993 	if (ReadFile(GetStdHandle(STD_INPUT_HANDLE),buf,siz,&n,NULL))
2994 		return (n);
2995 	else	return (-1);
2996 	}
2997 #else
raw_read_stdin(void * buf,int siz)2998 int raw_read_stdin(void *buf,int siz)
2999 	{	return read(fileno(stdin),buf,siz);	}
3000 #endif
3001 
3002 #if defined(_WIN32) && defined(STD_OUTPUT_HANDLE)
raw_write_stdout(const void * buf,int siz)3003 int raw_write_stdout(const void *buf,int siz)
3004 	{
3005 	DWORD n;
3006 	if (WriteFile(GetStdHandle(STD_OUTPUT_HANDLE),buf,siz,&n,NULL))
3007 		return (n);
3008 	else	return (-1);
3009 	}
3010 #else
raw_write_stdout(const void * buf,int siz)3011 int raw_write_stdout(const void *buf,int siz)
3012 	{	return write(fileno(stdout),buf,siz);	}
3013 #endif
3014