• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* apps/apps.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  *
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  *
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  *
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  *
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  *
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 /* ====================================================================
59  * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
60  *
61  * Redistribution and use in source and binary forms, with or without
62  * modification, are permitted provided that the following conditions
63  * are met:
64  *
65  * 1. Redistributions of source code must retain the above copyright
66  *    notice, this list of conditions and the following disclaimer.
67  *
68  * 2. Redistributions in binary form must reproduce the above copyright
69  *    notice, this list of conditions and the following disclaimer in
70  *    the documentation and/or other materials provided with the
71  *    distribution.
72  *
73  * 3. All advertising materials mentioning features or use of this
74  *    software must display the following acknowledgment:
75  *    "This product includes software developed by the OpenSSL Project
76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77  *
78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79  *    endorse or promote products derived from this software without
80  *    prior written permission. For written permission, please contact
81  *    openssl-core@openssl.org.
82  *
83  * 5. Products derived from this software may not be called "OpenSSL"
84  *    nor may "OpenSSL" appear in their names without prior written
85  *    permission of the OpenSSL Project.
86  *
87  * 6. Redistributions of any form whatsoever must retain the following
88  *    acknowledgment:
89  *    "This product includes software developed by the OpenSSL Project
90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91  *
92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103  * OF THE POSSIBILITY OF SUCH DAMAGE.
104  * ====================================================================
105  *
106  * This product includes cryptographic software written by Eric Young
107  * (eay@cryptsoft.com).  This product includes software written by Tim
108  * Hudson (tjh@cryptsoft.com).
109  *
110  */
111 
112 #if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
113 #define _POSIX_C_SOURCE 2	/* On VMS, you need to define this to get
114 				   the declaration of fileno().  The value
115 				   2 is to make sure no function defined
116 				   in POSIX-2 is left undefined. */
117 #endif
118 #include <stdio.h>
119 #include <stdlib.h>
120 #include <string.h>
121 #if !defined(OPENSSL_SYSNAME_WIN32) && !defined(NETWARE_CLIB)
122 #include <strings.h>
123 #endif
124 #include <sys/types.h>
125 #include <ctype.h>
126 #include <errno.h>
127 #include <assert.h>
128 #include <openssl/err.h>
129 #include <openssl/x509.h>
130 #include <openssl/x509v3.h>
131 #include <openssl/pem.h>
132 #include <openssl/pkcs12.h>
133 #include <openssl/ui.h>
134 #include <openssl/safestack.h>
135 #ifndef OPENSSL_NO_ENGINE
136 #include <openssl/engine.h>
137 #endif
138 #ifndef OPENSSL_NO_RSA
139 #include <openssl/rsa.h>
140 #endif
141 #include <openssl/bn.h>
142 #ifndef OPENSSL_NO_JPAKE
143 #include <openssl/jpake.h>
144 #endif
145 
146 #define NON_MAIN
147 #include "apps.h"
148 #undef NON_MAIN
149 
150 #ifdef _WIN32
151 static int WIN32_rename(const char *from, const char *to);
152 #define rename(from,to) WIN32_rename((from),(to))
153 #endif
154 
155 typedef struct {
156 	const char *name;
157 	unsigned long flag;
158 	unsigned long mask;
159 } NAME_EX_TBL;
160 
161 static UI_METHOD *ui_method = NULL;
162 
163 static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
164 static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
165 
166 #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
167 /* Looks like this stuff is worth moving into separate function */
168 static EVP_PKEY *
169 load_netscape_key(BIO *err, BIO *key, const char *file,
170 		const char *key_descrip, int format);
171 #endif
172 
173 int app_init(long mesgwin);
174 #ifdef undef /* never finished - probably never will be :-) */
args_from_file(char * file,int * argc,char ** argv[])175 int args_from_file(char *file, int *argc, char **argv[])
176 	{
177 	FILE *fp;
178 	int num,i;
179 	unsigned int len;
180 	static char *buf=NULL;
181 	static char **arg=NULL;
182 	char *p;
183 
184 	fp=fopen(file,"r");
185 	if (fp == NULL)
186 		return(0);
187 
188 	if (fseek(fp,0,SEEK_END)==0)
189 		len=ftell(fp), rewind(fp);
190 	else	len=-1;
191 	if (len<=0)
192 		{
193 		fclose(fp);
194 		return(0);
195 		}
196 
197 	*argc=0;
198 	*argv=NULL;
199 
200 	if (buf != NULL) OPENSSL_free(buf);
201 	buf=(char *)OPENSSL_malloc(len+1);
202 	if (buf == NULL) return(0);
203 
204 	len=fread(buf,1,len,fp);
205 	if (len <= 1) return(0);
206 	buf[len]='\0';
207 
208 	i=0;
209 	for (p=buf; *p; p++)
210 		if (*p == '\n') i++;
211 	if (arg != NULL) OPENSSL_free(arg);
212 	arg=(char **)OPENSSL_malloc(sizeof(char *)*(i*2));
213 
214 	*argv=arg;
215 	num=0;
216 	p=buf;
217 	for (;;)
218 		{
219 		if (!*p) break;
220 		if (*p == '#') /* comment line */
221 			{
222 			while (*p && (*p != '\n')) p++;
223 			continue;
224 			}
225 		/* else we have a line */
226 		*(arg++)=p;
227 		num++;
228 		while (*p && ((*p != ' ') && (*p != '\t') && (*p != '\n')))
229 			p++;
230 		if (!*p) break;
231 		if (*p == '\n')
232 			{
233 			*(p++)='\0';
234 			continue;
235 			}
236 		/* else it is a tab or space */
237 		p++;
238 		while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
239 			p++;
240 		if (!*p) break;
241 		if (*p == '\n')
242 			{
243 			p++;
244 			continue;
245 			}
246 		*(arg++)=p++;
247 		num++;
248 		while (*p && (*p != '\n')) p++;
249 		if (!*p) break;
250 		/* else *p == '\n' */
251 		*(p++)='\0';
252 		}
253 	*argc=num;
254 	return(1);
255 	}
256 #endif
257 
str2fmt(char * s)258 int str2fmt(char *s)
259 	{
260 	if (s == NULL)
261 		return FORMAT_UNDEF;
262 	if 	((*s == 'D') || (*s == 'd'))
263 		return(FORMAT_ASN1);
264 	else if ((*s == 'T') || (*s == 't'))
265 		return(FORMAT_TEXT);
266   	else if ((*s == 'N') || (*s == 'n'))
267   		return(FORMAT_NETSCAPE);
268   	else if ((*s == 'S') || (*s == 's'))
269   		return(FORMAT_SMIME);
270  	else if ((*s == 'M') || (*s == 'm'))
271  		return(FORMAT_MSBLOB);
272 	else if ((*s == '1')
273 		|| (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
274 		|| (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
275 		return(FORMAT_PKCS12);
276 	else if ((*s == 'E') || (*s == 'e'))
277 		return(FORMAT_ENGINE);
278 	else if ((*s == 'P') || (*s == 'p'))
279  		{
280  		if (s[1] == 'V' || s[1] == 'v')
281  			return FORMAT_PVK;
282  		else
283   			return(FORMAT_PEM);
284  		}
285 	else
286 		return(FORMAT_UNDEF);
287 	}
288 
289 #if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_NETWARE)
program_name(char * in,char * out,int size)290 void program_name(char *in, char *out, int size)
291 	{
292 	int i,n;
293 	char *p=NULL;
294 
295 	n=strlen(in);
296 	/* find the last '/', '\' or ':' */
297 	for (i=n-1; i>0; i--)
298 		{
299 		if ((in[i] == '/') || (in[i] == '\\') || (in[i] == ':'))
300 			{
301 			p= &(in[i+1]);
302 			break;
303 			}
304 		}
305 	if (p == NULL)
306 		p=in;
307 	n=strlen(p);
308 
309 #if defined(OPENSSL_SYS_NETWARE)
310    /* strip off trailing .nlm if present. */
311    if ((n > 4) && (p[n-4] == '.') &&
312       ((p[n-3] == 'n') || (p[n-3] == 'N')) &&
313       ((p[n-2] == 'l') || (p[n-2] == 'L')) &&
314       ((p[n-1] == 'm') || (p[n-1] == 'M')))
315       n-=4;
316 #else
317 	/* strip off trailing .exe if present. */
318 	if ((n > 4) && (p[n-4] == '.') &&
319 		((p[n-3] == 'e') || (p[n-3] == 'E')) &&
320 		((p[n-2] == 'x') || (p[n-2] == 'X')) &&
321 		((p[n-1] == 'e') || (p[n-1] == 'E')))
322 		n-=4;
323 #endif
324 
325 	if (n > size-1)
326 		n=size-1;
327 
328 	for (i=0; i<n; i++)
329 		{
330 		if ((p[i] >= 'A') && (p[i] <= 'Z'))
331 			out[i]=p[i]-'A'+'a';
332 		else
333 			out[i]=p[i];
334 		}
335 	out[n]='\0';
336 	}
337 #else
338 #ifdef OPENSSL_SYS_VMS
program_name(char * in,char * out,int size)339 void program_name(char *in, char *out, int size)
340 	{
341 	char *p=in, *q;
342 	char *chars=":]>";
343 
344 	while(*chars != '\0')
345 		{
346 		q=strrchr(p,*chars);
347 		if (q > p)
348 			p = q + 1;
349 		chars++;
350 		}
351 
352 	q=strrchr(p,'.');
353 	if (q == NULL)
354 		q = p + strlen(p);
355 	strncpy(out,p,size-1);
356 	if (q-p >= size)
357 		{
358 		out[size-1]='\0';
359 		}
360 	else
361 		{
362 		out[q-p]='\0';
363 		}
364 	}
365 #else
program_name(char * in,char * out,int size)366 void program_name(char *in, char *out, int size)
367 	{
368 	char *p;
369 
370 	p=strrchr(in,'/');
371 	if (p != NULL)
372 		p++;
373 	else
374 		p=in;
375 	BUF_strlcpy(out,p,size);
376 	}
377 #endif
378 #endif
379 
chopup_args(ARGS * arg,char * buf,int * argc,char ** argv[])380 int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
381 	{
382 	int num,i;
383 	char *p;
384 
385 	*argc=0;
386 	*argv=NULL;
387 
388 	i=0;
389 	if (arg->count == 0)
390 		{
391 		arg->count=20;
392 		arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count);
393 		}
394 	for (i=0; i<arg->count; i++)
395 		arg->data[i]=NULL;
396 
397 	num=0;
398 	p=buf;
399 	for (;;)
400 		{
401 		/* first scan over white space */
402 		if (!*p) break;
403 		while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
404 			p++;
405 		if (!*p) break;
406 
407 		/* The start of something good :-) */
408 		if (num >= arg->count)
409 			{
410 			char **tmp_p;
411 			int tlen = arg->count + 20;
412 			tmp_p = (char **)OPENSSL_realloc(arg->data,
413 				sizeof(char *)*tlen);
414 			if (tmp_p == NULL)
415 				return 0;
416 			arg->data  = tmp_p;
417 			arg->count = tlen;
418 			/* initialize newly allocated data */
419 			for (i = num; i < arg->count; i++)
420 				arg->data[i] = NULL;
421 			}
422 		arg->data[num++]=p;
423 
424 		/* now look for the end of this */
425 		if ((*p == '\'') || (*p == '\"')) /* scan for closing quote */
426 			{
427 			i= *(p++);
428 			arg->data[num-1]++; /* jump over quote */
429 			while (*p && (*p != i))
430 				p++;
431 			*p='\0';
432 			}
433 		else
434 			{
435 			while (*p && ((*p != ' ') &&
436 				(*p != '\t') && (*p != '\n')))
437 				p++;
438 
439 			if (*p == '\0')
440 				p--;
441 			else
442 				*p='\0';
443 			}
444 		p++;
445 		}
446 	*argc=num;
447 	*argv=arg->data;
448 	return(1);
449 	}
450 
451 #ifndef APP_INIT
app_init(long mesgwin)452 int app_init(long mesgwin)
453 	{
454 	return(1);
455 	}
456 #endif
457 
458 
dump_cert_text(BIO * out,X509 * x)459 int dump_cert_text (BIO *out, X509 *x)
460 {
461 	char *p;
462 
463 	p=X509_NAME_oneline(X509_get_subject_name(x),NULL,0);
464 	BIO_puts(out,"subject=");
465 	BIO_puts(out,p);
466 	OPENSSL_free(p);
467 
468 	p=X509_NAME_oneline(X509_get_issuer_name(x),NULL,0);
469 	BIO_puts(out,"\nissuer=");
470 	BIO_puts(out,p);
471 	BIO_puts(out,"\n");
472 	OPENSSL_free(p);
473 
474 	return 0;
475 }
476 
ui_open(UI * ui)477 static int ui_open(UI *ui)
478 	{
479 	return UI_method_get_opener(UI_OpenSSL())(ui);
480 	}
ui_read(UI * ui,UI_STRING * uis)481 static int ui_read(UI *ui, UI_STRING *uis)
482 	{
483 	if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
484 		&& UI_get0_user_data(ui))
485 		{
486 		switch(UI_get_string_type(uis))
487 			{
488 		case UIT_PROMPT:
489 		case UIT_VERIFY:
490 			{
491 			const char *password =
492 				((PW_CB_DATA *)UI_get0_user_data(ui))->password;
493 			if (password && password[0] != '\0')
494 				{
495 				UI_set_result(ui, uis, password);
496 				return 1;
497 				}
498 			}
499 		default:
500 			break;
501 			}
502 		}
503 	return UI_method_get_reader(UI_OpenSSL())(ui, uis);
504 	}
ui_write(UI * ui,UI_STRING * uis)505 static int ui_write(UI *ui, UI_STRING *uis)
506 	{
507 	if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
508 		&& UI_get0_user_data(ui))
509 		{
510 		switch(UI_get_string_type(uis))
511 			{
512 		case UIT_PROMPT:
513 		case UIT_VERIFY:
514 			{
515 			const char *password =
516 				((PW_CB_DATA *)UI_get0_user_data(ui))->password;
517 			if (password && password[0] != '\0')
518 				return 1;
519 			}
520 		default:
521 			break;
522 			}
523 		}
524 	return UI_method_get_writer(UI_OpenSSL())(ui, uis);
525 	}
ui_close(UI * ui)526 static int ui_close(UI *ui)
527 	{
528 	return UI_method_get_closer(UI_OpenSSL())(ui);
529 	}
setup_ui_method(void)530 int setup_ui_method(void)
531 	{
532 	ui_method = UI_create_method("OpenSSL application user interface");
533 	UI_method_set_opener(ui_method, ui_open);
534 	UI_method_set_reader(ui_method, ui_read);
535 	UI_method_set_writer(ui_method, ui_write);
536 	UI_method_set_closer(ui_method, ui_close);
537 	return 0;
538 	}
destroy_ui_method(void)539 void destroy_ui_method(void)
540 	{
541 	if(ui_method)
542 		{
543 		UI_destroy_method(ui_method);
544 		ui_method = NULL;
545 		}
546 	}
password_callback(char * buf,int bufsiz,int verify,PW_CB_DATA * cb_tmp)547 int password_callback(char *buf, int bufsiz, int verify,
548 	PW_CB_DATA *cb_tmp)
549 	{
550 	UI *ui = NULL;
551 	int res = 0;
552 	const char *prompt_info = NULL;
553 	const char *password = NULL;
554 	PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;
555 
556 	if (cb_data)
557 		{
558 		if (cb_data->password)
559 			password = cb_data->password;
560 		if (cb_data->prompt_info)
561 			prompt_info = cb_data->prompt_info;
562 		}
563 
564 	if (password)
565 		{
566 		res = strlen(password);
567 		if (res > bufsiz)
568 			res = bufsiz;
569 		memcpy(buf, password, res);
570 		return res;
571 		}
572 
573 	ui = UI_new_method(ui_method);
574 	if (ui)
575 		{
576 		int ok = 0;
577 		char *buff = NULL;
578 		int ui_flags = 0;
579 		char *prompt = NULL;
580 
581 		prompt = UI_construct_prompt(ui, "pass phrase",
582 			prompt_info);
583 
584 		ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
585 		UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
586 
587 		if (ok >= 0)
588 			ok = UI_add_input_string(ui,prompt,ui_flags,buf,
589 				PW_MIN_LENGTH,BUFSIZ-1);
590 		if (ok >= 0 && verify)
591 			{
592 			buff = (char *)OPENSSL_malloc(bufsiz);
593 			ok = UI_add_verify_string(ui,prompt,ui_flags,buff,
594 				PW_MIN_LENGTH,BUFSIZ-1, buf);
595 			}
596 		if (ok >= 0)
597 			do
598 				{
599 				ok = UI_process(ui);
600 				}
601 			while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
602 
603 		if (buff)
604 			{
605 			OPENSSL_cleanse(buff,(unsigned int)bufsiz);
606 			OPENSSL_free(buff);
607 			}
608 
609 		if (ok >= 0)
610 			res = strlen(buf);
611 		if (ok == -1)
612 			{
613 			BIO_printf(bio_err, "User interface error\n");
614 			ERR_print_errors(bio_err);
615 			OPENSSL_cleanse(buf,(unsigned int)bufsiz);
616 			res = 0;
617 			}
618 		if (ok == -2)
619 			{
620 			BIO_printf(bio_err,"aborted!\n");
621 			OPENSSL_cleanse(buf,(unsigned int)bufsiz);
622 			res = 0;
623 			}
624 		UI_free(ui);
625 		OPENSSL_free(prompt);
626 		}
627 	return res;
628 	}
629 
630 static char *app_get_pass(BIO *err, char *arg, int keepbio);
631 
app_passwd(BIO * err,char * arg1,char * arg2,char ** pass1,char ** pass2)632 int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2)
633 {
634 	int same;
635 	if(!arg2 || !arg1 || strcmp(arg1, arg2)) same = 0;
636 	else same = 1;
637 	if(arg1) {
638 		*pass1 = app_get_pass(err, arg1, same);
639 		if(!*pass1) return 0;
640 	} else if(pass1) *pass1 = NULL;
641 	if(arg2) {
642 		*pass2 = app_get_pass(err, arg2, same ? 2 : 0);
643 		if(!*pass2) return 0;
644 	} else if(pass2) *pass2 = NULL;
645 	return 1;
646 }
647 
app_get_pass(BIO * err,char * arg,int keepbio)648 static char *app_get_pass(BIO *err, char *arg, int keepbio)
649 {
650 	char *tmp, tpass[APP_PASS_LEN];
651 	static BIO *pwdbio = NULL;
652 	int i;
653 	if(!strncmp(arg, "pass:", 5)) return BUF_strdup(arg + 5);
654 	if(!strncmp(arg, "env:", 4)) {
655 		tmp = getenv(arg + 4);
656 		if(!tmp) {
657 			BIO_printf(err, "Can't read environment variable %s\n", arg + 4);
658 			return NULL;
659 		}
660 		return BUF_strdup(tmp);
661 	}
662 	if(!keepbio || !pwdbio) {
663 		if(!strncmp(arg, "file:", 5)) {
664 			pwdbio = BIO_new_file(arg + 5, "r");
665 			if(!pwdbio) {
666 				BIO_printf(err, "Can't open file %s\n", arg + 5);
667 				return NULL;
668 			}
669 #if !defined(_WIN32)
670 		/*
671 		 * Under _WIN32, which covers even Win64 and CE, file
672 		 * descriptors referenced by BIO_s_fd are not inherited
673 		 * by child process and therefore below is not an option.
674 		 * It could have been an option if bss_fd.c was operating
675 		 * on real Windows descriptors, such as those obtained
676 		 * with CreateFile.
677 		 */
678 		} else if(!strncmp(arg, "fd:", 3)) {
679 			BIO *btmp;
680 			i = atoi(arg + 3);
681 			if(i >= 0) pwdbio = BIO_new_fd(i, BIO_NOCLOSE);
682 			if((i < 0) || !pwdbio) {
683 				BIO_printf(err, "Can't access file descriptor %s\n", arg + 3);
684 				return NULL;
685 			}
686 			/* Can't do BIO_gets on an fd BIO so add a buffering BIO */
687 			btmp = BIO_new(BIO_f_buffer());
688 			pwdbio = BIO_push(btmp, pwdbio);
689 #endif
690 		} else if(!strcmp(arg, "stdin")) {
691 			pwdbio = BIO_new_fp(stdin, BIO_NOCLOSE);
692 			if(!pwdbio) {
693 				BIO_printf(err, "Can't open BIO for stdin\n");
694 				return NULL;
695 			}
696 		} else {
697 			BIO_printf(err, "Invalid password argument \"%s\"\n", arg);
698 			return NULL;
699 		}
700 	}
701 	i = BIO_gets(pwdbio, tpass, APP_PASS_LEN);
702 	if(keepbio != 1) {
703 		BIO_free_all(pwdbio);
704 		pwdbio = NULL;
705 	}
706 	if(i <= 0) {
707 		BIO_printf(err, "Error reading password from BIO\n");
708 		return NULL;
709 	}
710 	tmp = strchr(tpass, '\n');
711 	if(tmp) *tmp = 0;
712 	return BUF_strdup(tpass);
713 }
714 
add_oid_section(BIO * err,CONF * conf)715 int add_oid_section(BIO *err, CONF *conf)
716 {
717 	char *p;
718 	STACK_OF(CONF_VALUE) *sktmp;
719 	CONF_VALUE *cnf;
720 	int i;
721 	if(!(p=NCONF_get_string(conf,NULL,"oid_section")))
722 		{
723 		ERR_clear_error();
724 		return 1;
725 		}
726 	if(!(sktmp = NCONF_get_section(conf, p))) {
727 		BIO_printf(err, "problem loading oid section %s\n", p);
728 		return 0;
729 	}
730 	for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
731 		cnf = sk_CONF_VALUE_value(sktmp, i);
732 		if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
733 			BIO_printf(err, "problem creating object %s=%s\n",
734 							 cnf->name, cnf->value);
735 			return 0;
736 		}
737 	}
738 	return 1;
739 }
740 
load_pkcs12(BIO * err,BIO * in,const char * desc,pem_password_cb * pem_cb,void * cb_data,EVP_PKEY ** pkey,X509 ** cert,STACK_OF (X509)** ca)741 static int load_pkcs12(BIO *err, BIO *in, const char *desc,
742 		pem_password_cb *pem_cb,  void *cb_data,
743 		EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
744 	{
745  	const char *pass;
746 	char tpass[PEM_BUFSIZE];
747 	int len, ret = 0;
748 	PKCS12 *p12;
749 	p12 = d2i_PKCS12_bio(in, NULL);
750 	if (p12 == NULL)
751 		{
752 		BIO_printf(err, "Error loading PKCS12 file for %s\n", desc);
753 		goto die;
754 		}
755 	/* See if an empty password will do */
756 	if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0))
757 		pass = "";
758 	else
759 		{
760 		if (!pem_cb)
761 			pem_cb = (pem_password_cb *)password_callback;
762 		len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data);
763 		if (len < 0)
764 			{
765 			BIO_printf(err, "Passpharse callback error for %s\n",
766 					desc);
767 			goto die;
768 			}
769 		if (len < PEM_BUFSIZE)
770 			tpass[len] = 0;
771 		if (!PKCS12_verify_mac(p12, tpass, len))
772 			{
773 			BIO_printf(err,
774 	"Mac verify error (wrong password?) in PKCS12 file for %s\n", desc);
775 			goto die;
776 			}
777 		pass = tpass;
778 		}
779 	ret = PKCS12_parse(p12, pass, pkey, cert, ca);
780 	die:
781 	if (p12)
782 		PKCS12_free(p12);
783 	return ret;
784 	}
785 
load_cert(BIO * err,const char * file,int format,const char * pass,ENGINE * e,const char * cert_descrip)786 X509 *load_cert(BIO *err, const char *file, int format,
787 	const char *pass, ENGINE *e, const char *cert_descrip)
788 	{
789 	X509 *x=NULL;
790 	BIO *cert;
791 
792 	if ((cert=BIO_new(BIO_s_file())) == NULL)
793 		{
794 		ERR_print_errors(err);
795 		goto end;
796 		}
797 
798 	if (file == NULL)
799 		{
800 #ifdef _IONBF
801 # ifndef OPENSSL_NO_SETVBUF_IONBF
802 		setvbuf(stdin, NULL, _IONBF, 0);
803 # endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
804 #endif
805 		BIO_set_fp(cert,stdin,BIO_NOCLOSE);
806 		}
807 	else
808 		{
809 		if (BIO_read_filename(cert,file) <= 0)
810 			{
811 			BIO_printf(err, "Error opening %s %s\n",
812 				cert_descrip, file);
813 			ERR_print_errors(err);
814 			goto end;
815 			}
816 		}
817 
818 	if 	(format == FORMAT_ASN1)
819 		x=d2i_X509_bio(cert,NULL);
820 	else if (format == FORMAT_NETSCAPE)
821 		{
822 		NETSCAPE_X509 *nx;
823 		nx=ASN1_item_d2i_bio(ASN1_ITEM_rptr(NETSCAPE_X509),cert,NULL);
824 		if (nx == NULL)
825 				goto end;
826 
827 		if ((strncmp(NETSCAPE_CERT_HDR,(char *)nx->header->data,
828 			nx->header->length) != 0))
829 			{
830 			NETSCAPE_X509_free(nx);
831 			BIO_printf(err,"Error reading header on certificate\n");
832 			goto end;
833 			}
834 		x=nx->cert;
835 		nx->cert = NULL;
836 		NETSCAPE_X509_free(nx);
837 		}
838 	else if (format == FORMAT_PEM)
839 		x=PEM_read_bio_X509_AUX(cert,NULL,
840 			(pem_password_cb *)password_callback, NULL);
841 	else if (format == FORMAT_PKCS12)
842 		{
843 		if (!load_pkcs12(err, cert,cert_descrip, NULL, NULL,
844 					NULL, &x, NULL))
845 			goto end;
846 		}
847 	else	{
848 		BIO_printf(err,"bad input format specified for %s\n",
849 			cert_descrip);
850 		goto end;
851 		}
852 end:
853 	if (x == NULL)
854 		{
855 		BIO_printf(err,"unable to load certificate\n");
856 		ERR_print_errors(err);
857 		}
858 	if (cert != NULL) BIO_free(cert);
859 	return(x);
860 	}
861 
load_key(BIO * err,const char * file,int format,int maybe_stdin,const char * pass,ENGINE * e,const char * key_descrip)862 EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
863 	const char *pass, ENGINE *e, const char *key_descrip)
864 	{
865 	BIO *key=NULL;
866 	EVP_PKEY *pkey=NULL;
867 	PW_CB_DATA cb_data;
868 
869 	cb_data.password = pass;
870 	cb_data.prompt_info = file;
871 
872 	if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE))
873 		{
874 		BIO_printf(err,"no keyfile specified\n");
875 		goto end;
876 		}
877 #ifndef OPENSSL_NO_ENGINE
878 	if (format == FORMAT_ENGINE)
879 		{
880 		if (!e)
881 			BIO_printf(err,"no engine specified\n");
882 		else
883 			{
884 			pkey = ENGINE_load_private_key(e, file,
885 				ui_method, &cb_data);
886 			if (!pkey)
887 				{
888 				BIO_printf(err,"cannot load %s from engine\n",key_descrip);
889 				ERR_print_errors(err);
890 				}
891 			}
892 		goto end;
893 		}
894 #endif
895 	key=BIO_new(BIO_s_file());
896 	if (key == NULL)
897 		{
898 		ERR_print_errors(err);
899 		goto end;
900 		}
901 	if (file == NULL && maybe_stdin)
902 		{
903 #ifdef _IONBF
904 # ifndef OPENSSL_NO_SETVBUF_IONBF
905 		setvbuf(stdin, NULL, _IONBF, 0);
906 # endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
907 #endif
908 		BIO_set_fp(key,stdin,BIO_NOCLOSE);
909 		}
910 	else
911 		if (BIO_read_filename(key,file) <= 0)
912 			{
913 			BIO_printf(err, "Error opening %s %s\n",
914 				key_descrip, file);
915 			ERR_print_errors(err);
916 			goto end;
917 			}
918 	if (format == FORMAT_ASN1)
919 		{
920 		pkey=d2i_PrivateKey_bio(key, NULL);
921 		}
922 	else if (format == FORMAT_PEM)
923 		{
924 		pkey=PEM_read_bio_PrivateKey(key,NULL,
925 			(pem_password_cb *)password_callback, &cb_data);
926 		}
927 #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
928 	else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
929 		pkey = load_netscape_key(err, key, file, key_descrip, format);
930 #endif
931 	else if (format == FORMAT_PKCS12)
932 		{
933 		if (!load_pkcs12(err, key, key_descrip,
934 				(pem_password_cb *)password_callback, &cb_data,
935 				&pkey, NULL, NULL))
936 			goto end;
937 		}
938 #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) && !defined (OPENSSL_NO_RC4)
939 	else if (format == FORMAT_MSBLOB)
940 		pkey = b2i_PrivateKey_bio(key);
941 	else if (format == FORMAT_PVK)
942 		pkey = b2i_PVK_bio(key, (pem_password_cb *)password_callback,
943 								&cb_data);
944 #endif
945 	else
946 		{
947 		BIO_printf(err,"bad input format specified for key file\n");
948 		goto end;
949 		}
950  end:
951 	if (key != NULL) BIO_free(key);
952 	if (pkey == NULL)
953 		{
954 		BIO_printf(err,"unable to load %s\n", key_descrip);
955 		ERR_print_errors(err);
956 		}
957 	return(pkey);
958 	}
959 
load_pubkey(BIO * err,const char * file,int format,int maybe_stdin,const char * pass,ENGINE * e,const char * key_descrip)960 EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
961 	const char *pass, ENGINE *e, const char *key_descrip)
962 	{
963 	BIO *key=NULL;
964 	EVP_PKEY *pkey=NULL;
965 	PW_CB_DATA cb_data;
966 
967 	cb_data.password = pass;
968 	cb_data.prompt_info = file;
969 
970 	if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE))
971 		{
972 		BIO_printf(err,"no keyfile specified\n");
973 		goto end;
974 		}
975 #ifndef OPENSSL_NO_ENGINE
976 	if (format == FORMAT_ENGINE)
977 		{
978 		if (!e)
979 			BIO_printf(bio_err,"no engine specified\n");
980 		else
981 			pkey = ENGINE_load_public_key(e, file,
982 				ui_method, &cb_data);
983 		goto end;
984 		}
985 #endif
986 	key=BIO_new(BIO_s_file());
987 	if (key == NULL)
988 		{
989 		ERR_print_errors(err);
990 		goto end;
991 		}
992 	if (file == NULL && maybe_stdin)
993 		{
994 #ifdef _IONBF
995 # ifndef OPENSSL_NO_SETVBUF_IONBF
996 		setvbuf(stdin, NULL, _IONBF, 0);
997 # endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
998 #endif
999 		BIO_set_fp(key,stdin,BIO_NOCLOSE);
1000 		}
1001 	else
1002 		if (BIO_read_filename(key,file) <= 0)
1003 			{
1004 			BIO_printf(err, "Error opening %s %s\n",
1005 				key_descrip, file);
1006 			ERR_print_errors(err);
1007 			goto end;
1008 		}
1009 	if (format == FORMAT_ASN1)
1010 		{
1011 		pkey=d2i_PUBKEY_bio(key, NULL);
1012 		}
1013 #ifndef OPENSSL_NO_RSA
1014 	else if (format == FORMAT_ASN1RSA)
1015 		{
1016 		RSA *rsa;
1017 		rsa = d2i_RSAPublicKey_bio(key, NULL);
1018 		if (rsa)
1019 			{
1020 			pkey = EVP_PKEY_new();
1021 			if (pkey)
1022 				EVP_PKEY_set1_RSA(pkey, rsa);
1023 			RSA_free(rsa);
1024 			}
1025 		else
1026 			pkey = NULL;
1027 		}
1028 	else if (format == FORMAT_PEMRSA)
1029 		{
1030 		RSA *rsa;
1031 		rsa = PEM_read_bio_RSAPublicKey(key, NULL,
1032 			(pem_password_cb *)password_callback, &cb_data);
1033 		if (rsa)
1034 			{
1035 			pkey = EVP_PKEY_new();
1036 			if (pkey)
1037 				EVP_PKEY_set1_RSA(pkey, rsa);
1038 			RSA_free(rsa);
1039 			}
1040 		else
1041 			pkey = NULL;
1042 		}
1043 #endif
1044 	else if (format == FORMAT_PEM)
1045 		{
1046 		pkey=PEM_read_bio_PUBKEY(key,NULL,
1047 			(pem_password_cb *)password_callback, &cb_data);
1048 		}
1049 #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
1050 	else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
1051 		pkey = load_netscape_key(err, key, file, key_descrip, format);
1052 #endif
1053 #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
1054 	else if (format == FORMAT_MSBLOB)
1055 		pkey = b2i_PublicKey_bio(key);
1056 #endif
1057 	else
1058 		{
1059 		BIO_printf(err,"bad input format specified for key file\n");
1060 		goto end;
1061 		}
1062  end:
1063 	if (key != NULL) BIO_free(key);
1064 	if (pkey == NULL)
1065 		BIO_printf(err,"unable to load %s\n", key_descrip);
1066 	return(pkey);
1067 	}
1068 
1069 #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
1070 static EVP_PKEY *
load_netscape_key(BIO * err,BIO * key,const char * file,const char * key_descrip,int format)1071 load_netscape_key(BIO *err, BIO *key, const char *file,
1072 		const char *key_descrip, int format)
1073 	{
1074 	EVP_PKEY *pkey;
1075 	BUF_MEM *buf;
1076 	RSA	*rsa;
1077 	const unsigned char *p;
1078 	int size, i;
1079 
1080 	buf=BUF_MEM_new();
1081 	pkey = EVP_PKEY_new();
1082 	size = 0;
1083 	if (buf == NULL || pkey == NULL)
1084 		goto error;
1085 	for (;;)
1086 		{
1087 		if (!BUF_MEM_grow_clean(buf,size+1024*10))
1088 			goto error;
1089 		i = BIO_read(key, &(buf->data[size]), 1024*10);
1090 		size += i;
1091 		if (i == 0)
1092 			break;
1093 		if (i < 0)
1094 			{
1095 				BIO_printf(err, "Error reading %s %s",
1096 					key_descrip, file);
1097 				goto error;
1098 			}
1099 		}
1100 	p=(unsigned char *)buf->data;
1101 	rsa = d2i_RSA_NET(NULL,&p,(long)size,NULL,
1102 		(format == FORMAT_IISSGC ? 1 : 0));
1103 	if (rsa == NULL)
1104 		goto error;
1105 	BUF_MEM_free(buf);
1106 	EVP_PKEY_set1_RSA(pkey, rsa);
1107 	return pkey;
1108 error:
1109 	BUF_MEM_free(buf);
1110 	EVP_PKEY_free(pkey);
1111 	return NULL;
1112 	}
1113 #endif /* ndef OPENSSL_NO_RC4 */
1114 
load_certs_crls(BIO * err,const char * file,int format,const char * pass,ENGINE * e,const char * desc,STACK_OF (X509)** pcerts,STACK_OF (X509_CRL)** pcrls)1115 static int load_certs_crls(BIO *err, const char *file, int format,
1116 	const char *pass, ENGINE *e, const char *desc,
1117 	STACK_OF(X509) **pcerts, STACK_OF(X509_CRL) **pcrls)
1118 	{
1119 	int i;
1120 	BIO *bio;
1121 	STACK_OF(X509_INFO) *xis = NULL;
1122 	X509_INFO *xi;
1123 	PW_CB_DATA cb_data;
1124 	int rv = 0;
1125 
1126 	cb_data.password = pass;
1127 	cb_data.prompt_info = file;
1128 
1129 	if (format != FORMAT_PEM)
1130 		{
1131 		BIO_printf(err,"bad input format specified for %s\n", desc);
1132 		return 0;
1133 		}
1134 
1135 	if (file == NULL)
1136 		bio = BIO_new_fp(stdin,BIO_NOCLOSE);
1137 	else
1138 		bio = BIO_new_file(file, "r");
1139 
1140 	if (bio == NULL)
1141 		{
1142 		BIO_printf(err, "Error opening %s %s\n",
1143 				desc, file ? file : "stdin");
1144 		ERR_print_errors(err);
1145 		return 0;
1146 		}
1147 
1148 	xis = PEM_X509_INFO_read_bio(bio, NULL,
1149 				(pem_password_cb *)password_callback, &cb_data);
1150 
1151 	BIO_free(bio);
1152 
1153 	if (pcerts)
1154 		{
1155 		*pcerts = sk_X509_new_null();
1156 		if (!*pcerts)
1157 			goto end;
1158 		}
1159 
1160 	if (pcrls)
1161 		{
1162 		*pcrls = sk_X509_CRL_new_null();
1163 		if (!*pcrls)
1164 			goto end;
1165 		}
1166 
1167 	for(i = 0; i < sk_X509_INFO_num(xis); i++)
1168 		{
1169 		xi = sk_X509_INFO_value (xis, i);
1170 		if (xi->x509 && pcerts)
1171 			{
1172 			if (!sk_X509_push(*pcerts, xi->x509))
1173 				goto end;
1174 			xi->x509 = NULL;
1175 			}
1176 		if (xi->crl && pcrls)
1177 			{
1178 			if (!sk_X509_CRL_push(*pcrls, xi->crl))
1179 				goto end;
1180 			xi->crl = NULL;
1181 			}
1182 		}
1183 
1184 	if (pcerts && sk_X509_num(*pcerts) > 0)
1185 		rv = 1;
1186 
1187 	if (pcrls && sk_X509_CRL_num(*pcrls) > 0)
1188 		rv = 1;
1189 
1190 	end:
1191 
1192 	if (xis)
1193 		sk_X509_INFO_pop_free(xis, X509_INFO_free);
1194 
1195 	if (rv == 0)
1196 		{
1197 		if (pcerts)
1198 			{
1199 			sk_X509_pop_free(*pcerts, X509_free);
1200 			*pcerts = NULL;
1201 			}
1202 		if (pcrls)
1203 			{
1204 			sk_X509_CRL_pop_free(*pcrls, X509_CRL_free);
1205 			*pcrls = NULL;
1206 			}
1207 		BIO_printf(err,"unable to load %s\n",
1208 				pcerts ? "certificates" : "CRLs");
1209 		ERR_print_errors(err);
1210 		}
1211 	return rv;
1212 	}
1213 
STACK_OF(X509)1214 STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
1215 	const char *pass, ENGINE *e, const char *desc)
1216 	{
1217 	STACK_OF(X509) *certs;
1218 	if (!load_certs_crls(err, file, format, pass, e, desc, &certs, NULL))
1219 		return NULL;
1220 	return certs;
1221 	}
1222 
STACK_OF(X509_CRL)1223 STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format,
1224 	const char *pass, ENGINE *e, const char *desc)
1225 	{
1226 	STACK_OF(X509_CRL) *crls;
1227 	if (!load_certs_crls(err, file, format, pass, e, desc, NULL, &crls))
1228 		return NULL;
1229 	return crls;
1230 	}
1231 
1232 #define X509V3_EXT_UNKNOWN_MASK		(0xfL << 16)
1233 /* Return error for unknown extensions */
1234 #define X509V3_EXT_DEFAULT		0
1235 /* Print error for unknown extensions */
1236 #define X509V3_EXT_ERROR_UNKNOWN	(1L << 16)
1237 /* ASN1 parse unknown extensions */
1238 #define X509V3_EXT_PARSE_UNKNOWN	(2L << 16)
1239 /* BIO_dump unknown extensions */
1240 #define X509V3_EXT_DUMP_UNKNOWN		(3L << 16)
1241 
1242 #define X509_FLAG_CA (X509_FLAG_NO_ISSUER | X509_FLAG_NO_PUBKEY | \
1243 			 X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION)
1244 
set_cert_ex(unsigned long * flags,const char * arg)1245 int set_cert_ex(unsigned long *flags, const char *arg)
1246 {
1247 	static const NAME_EX_TBL cert_tbl[] = {
1248 		{ "compatible", X509_FLAG_COMPAT, 0xffffffffl},
1249 		{ "ca_default", X509_FLAG_CA, 0xffffffffl},
1250 		{ "no_header", X509_FLAG_NO_HEADER, 0},
1251 		{ "no_version", X509_FLAG_NO_VERSION, 0},
1252 		{ "no_serial", X509_FLAG_NO_SERIAL, 0},
1253 		{ "no_signame", X509_FLAG_NO_SIGNAME, 0},
1254 		{ "no_validity", X509_FLAG_NO_VALIDITY, 0},
1255 		{ "no_subject", X509_FLAG_NO_SUBJECT, 0},
1256 		{ "no_issuer", X509_FLAG_NO_ISSUER, 0},
1257 		{ "no_pubkey", X509_FLAG_NO_PUBKEY, 0},
1258 		{ "no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
1259 		{ "no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
1260 		{ "no_aux", X509_FLAG_NO_AUX, 0},
1261 		{ "no_attributes", X509_FLAG_NO_ATTRIBUTES, 0},
1262 		{ "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
1263 		{ "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
1264 		{ "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
1265 		{ "ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
1266 		{ NULL, 0, 0}
1267 	};
1268 	return set_multi_opts(flags, arg, cert_tbl);
1269 }
1270 
set_name_ex(unsigned long * flags,const char * arg)1271 int set_name_ex(unsigned long *flags, const char *arg)
1272 {
1273 	static const NAME_EX_TBL ex_tbl[] = {
1274 		{ "esc_2253", ASN1_STRFLGS_ESC_2253, 0},
1275 		{ "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
1276 		{ "esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
1277 		{ "use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
1278 		{ "utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},
1279 		{ "ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},
1280 		{ "show_type", ASN1_STRFLGS_SHOW_TYPE, 0},
1281 		{ "dump_all", ASN1_STRFLGS_DUMP_ALL, 0},
1282 		{ "dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},
1283 		{ "dump_der", ASN1_STRFLGS_DUMP_DER, 0},
1284 		{ "compat", XN_FLAG_COMPAT, 0xffffffffL},
1285 		{ "sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},
1286 		{ "sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},
1287 		{ "sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},
1288 		{ "sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},
1289 		{ "dn_rev", XN_FLAG_DN_REV, 0},
1290 		{ "nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
1291 		{ "sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
1292 		{ "lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
1293 		{ "align", XN_FLAG_FN_ALIGN, 0},
1294 		{ "oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
1295 		{ "space_eq", XN_FLAG_SPC_EQ, 0},
1296 		{ "dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
1297 		{ "RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
1298 		{ "oneline", XN_FLAG_ONELINE, 0xffffffffL},
1299 		{ "multiline", XN_FLAG_MULTILINE, 0xffffffffL},
1300 		{ "ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
1301 		{ NULL, 0, 0}
1302 	};
1303 	return set_multi_opts(flags, arg, ex_tbl);
1304 }
1305 
set_ext_copy(int * copy_type,const char * arg)1306 int set_ext_copy(int *copy_type, const char *arg)
1307 {
1308 	if (!strcasecmp(arg, "none"))
1309 		*copy_type = EXT_COPY_NONE;
1310 	else if (!strcasecmp(arg, "copy"))
1311 		*copy_type = EXT_COPY_ADD;
1312 	else if (!strcasecmp(arg, "copyall"))
1313 		*copy_type = EXT_COPY_ALL;
1314 	else
1315 		return 0;
1316 	return 1;
1317 }
1318 
copy_extensions(X509 * x,X509_REQ * req,int copy_type)1319 int copy_extensions(X509 *x, X509_REQ *req, int copy_type)
1320 {
1321 	STACK_OF(X509_EXTENSION) *exts = NULL;
1322 	X509_EXTENSION *ext, *tmpext;
1323 	ASN1_OBJECT *obj;
1324 	int i, idx, ret = 0;
1325 	if (!x || !req || (copy_type == EXT_COPY_NONE))
1326 		return 1;
1327 	exts = X509_REQ_get_extensions(req);
1328 
1329 	for(i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
1330 		ext = sk_X509_EXTENSION_value(exts, i);
1331 		obj = X509_EXTENSION_get_object(ext);
1332 		idx = X509_get_ext_by_OBJ(x, obj, -1);
1333 		/* Does extension exist? */
1334 		if (idx != -1) {
1335 			/* If normal copy don't override existing extension */
1336 			if (copy_type == EXT_COPY_ADD)
1337 				continue;
1338 			/* Delete all extensions of same type */
1339 			do {
1340 				tmpext = X509_get_ext(x, idx);
1341 				X509_delete_ext(x, idx);
1342 				X509_EXTENSION_free(tmpext);
1343 				idx = X509_get_ext_by_OBJ(x, obj, -1);
1344 			} while (idx != -1);
1345 		}
1346 		if (!X509_add_ext(x, ext, -1))
1347 			goto end;
1348 	}
1349 
1350 	ret = 1;
1351 
1352 	end:
1353 
1354 	sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
1355 
1356 	return ret;
1357 }
1358 
1359 
1360 
1361 
set_multi_opts(unsigned long * flags,const char * arg,const NAME_EX_TBL * in_tbl)1362 static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
1363 {
1364 	STACK_OF(CONF_VALUE) *vals;
1365 	CONF_VALUE *val;
1366 	int i, ret = 1;
1367 	if(!arg) return 0;
1368 	vals = X509V3_parse_list(arg);
1369 	for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
1370 		val = sk_CONF_VALUE_value(vals, i);
1371 		if (!set_table_opts(flags, val->name, in_tbl))
1372 			ret = 0;
1373 	}
1374 	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
1375 	return ret;
1376 }
1377 
set_table_opts(unsigned long * flags,const char * arg,const NAME_EX_TBL * in_tbl)1378 static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
1379 {
1380 	char c;
1381 	const NAME_EX_TBL *ptbl;
1382 	c = arg[0];
1383 
1384 	if(c == '-') {
1385 		c = 0;
1386 		arg++;
1387 	} else if (c == '+') {
1388 		c = 1;
1389 		arg++;
1390 	} else c = 1;
1391 
1392 	for(ptbl = in_tbl; ptbl->name; ptbl++) {
1393 		if(!strcasecmp(arg, ptbl->name)) {
1394 			*flags &= ~ptbl->mask;
1395 			if(c) *flags |= ptbl->flag;
1396 			else *flags &= ~ptbl->flag;
1397 			return 1;
1398 		}
1399 	}
1400 	return 0;
1401 }
1402 
print_name(BIO * out,const char * title,X509_NAME * nm,unsigned long lflags)1403 void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags)
1404 {
1405 	char *buf;
1406 	char mline = 0;
1407 	int indent = 0;
1408 
1409 	if(title) BIO_puts(out, title);
1410 	if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
1411 		mline = 1;
1412 		indent = 4;
1413 	}
1414 	if(lflags == XN_FLAG_COMPAT) {
1415 		buf = X509_NAME_oneline(nm, 0, 0);
1416 		BIO_puts(out, buf);
1417 		BIO_puts(out, "\n");
1418 		OPENSSL_free(buf);
1419 	} else {
1420 		if(mline) BIO_puts(out, "\n");
1421 		X509_NAME_print_ex(out, nm, indent, lflags);
1422 		BIO_puts(out, "\n");
1423 	}
1424 }
1425 
setup_verify(BIO * bp,char * CAfile,char * CApath)1426 X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath)
1427 {
1428 	X509_STORE *store;
1429 	X509_LOOKUP *lookup;
1430 	if(!(store = X509_STORE_new())) goto end;
1431 	lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
1432 	if (lookup == NULL) goto end;
1433 	if (CAfile) {
1434 		if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) {
1435 			BIO_printf(bp, "Error loading file %s\n", CAfile);
1436 			goto end;
1437 		}
1438 	} else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
1439 
1440 	lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
1441 	if (lookup == NULL) goto end;
1442 	if (CApath) {
1443 		if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) {
1444 			BIO_printf(bp, "Error loading directory %s\n", CApath);
1445 			goto end;
1446 		}
1447 	} else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
1448 
1449 	ERR_clear_error();
1450 	return store;
1451 	end:
1452 	X509_STORE_free(store);
1453 	return NULL;
1454 }
1455 
1456 #ifndef OPENSSL_NO_ENGINE
1457 /* Try to load an engine in a shareable library */
try_load_engine(BIO * err,const char * engine,int debug)1458 static ENGINE *try_load_engine(BIO *err, const char *engine, int debug)
1459 	{
1460 	ENGINE *e = ENGINE_by_id("dynamic");
1461 	if (e)
1462 		{
1463 		if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0)
1464 			|| !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
1465 			{
1466 			ENGINE_free(e);
1467 			e = NULL;
1468 			}
1469 		}
1470 	return e;
1471 	}
1472 
setup_engine(BIO * err,const char * engine,int debug)1473 ENGINE *setup_engine(BIO *err, const char *engine, int debug)
1474         {
1475         ENGINE *e = NULL;
1476 
1477         if (engine)
1478                 {
1479 		if(strcmp(engine, "auto") == 0)
1480 			{
1481 			BIO_printf(err,"enabling auto ENGINE support\n");
1482 			ENGINE_register_all_complete();
1483 			return NULL;
1484 			}
1485 		if((e = ENGINE_by_id(engine)) == NULL
1486 			&& (e = try_load_engine(err, engine, debug)) == NULL)
1487 			{
1488 			BIO_printf(err,"invalid engine \"%s\"\n", engine);
1489 			ERR_print_errors(err);
1490 			return NULL;
1491 			}
1492 		if (debug)
1493 			{
1494 			ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
1495 				0, err, 0);
1496 			}
1497                 ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);
1498 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
1499 			{
1500 			BIO_printf(err,"can't use that engine\n");
1501 			ERR_print_errors(err);
1502 			ENGINE_free(e);
1503 			return NULL;
1504 			}
1505 
1506 		BIO_printf(err,"engine \"%s\" set.\n", ENGINE_get_id(e));
1507 
1508 		/* Free our "structural" reference. */
1509 		ENGINE_free(e);
1510 		}
1511         return e;
1512         }
1513 #endif
1514 
load_config(BIO * err,CONF * cnf)1515 int load_config(BIO *err, CONF *cnf)
1516 	{
1517 	static int load_config_called = 0;
1518 	if (load_config_called)
1519 		return 1;
1520 	load_config_called = 1;
1521 	if (!cnf)
1522 		cnf = config;
1523 	if (!cnf)
1524 		return 1;
1525 
1526 	OPENSSL_load_builtin_modules();
1527 
1528 	if (CONF_modules_load(cnf, NULL, 0) <= 0)
1529 		{
1530 		BIO_printf(err, "Error configuring OpenSSL\n");
1531 		ERR_print_errors(err);
1532 		return 0;
1533 		}
1534 	return 1;
1535 	}
1536 
make_config_name()1537 char *make_config_name()
1538 	{
1539 	const char *t=X509_get_default_cert_area();
1540 	size_t len;
1541 	char *p;
1542 
1543 	len=strlen(t)+strlen(OPENSSL_CONF)+2;
1544 	p=OPENSSL_malloc(len);
1545 	BUF_strlcpy(p,t,len);
1546 #ifndef OPENSSL_SYS_VMS
1547 	BUF_strlcat(p,"/",len);
1548 #endif
1549 	BUF_strlcat(p,OPENSSL_CONF,len);
1550 
1551 	return p;
1552 	}
1553 
index_serial_hash(const OPENSSL_CSTRING * a)1554 static unsigned long index_serial_hash(const OPENSSL_CSTRING *a)
1555 	{
1556 	const char *n;
1557 
1558 	n=a[DB_serial];
1559 	while (*n == '0') n++;
1560 	return(lh_strhash(n));
1561 	}
1562 
index_serial_cmp(const OPENSSL_CSTRING * a,const OPENSSL_CSTRING * b)1563 static int index_serial_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
1564 	{
1565 	const char *aa,*bb;
1566 
1567 	for (aa=a[DB_serial]; *aa == '0'; aa++);
1568 	for (bb=b[DB_serial]; *bb == '0'; bb++);
1569 	return(strcmp(aa,bb));
1570 	}
1571 
index_name_qual(char ** a)1572 static int index_name_qual(char **a)
1573 	{ return(a[0][0] == 'V'); }
1574 
index_name_hash(const OPENSSL_CSTRING * a)1575 static unsigned long index_name_hash(const OPENSSL_CSTRING *a)
1576 	{ return(lh_strhash(a[DB_name])); }
1577 
index_name_cmp(const OPENSSL_CSTRING * a,const OPENSSL_CSTRING * b)1578 int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
1579 	{ return(strcmp(a[DB_name], b[DB_name])); }
1580 
IMPLEMENT_LHASH_HASH_FN(index_serial,OPENSSL_CSTRING)1581 static IMPLEMENT_LHASH_HASH_FN(index_serial, OPENSSL_CSTRING)
1582 static IMPLEMENT_LHASH_COMP_FN(index_serial, OPENSSL_CSTRING)
1583 static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING)
1584 static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING)
1585 
1586 #undef BSIZE
1587 #define BSIZE 256
1588 
1589 BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai)
1590 	{
1591 	BIO *in=NULL;
1592 	BIGNUM *ret=NULL;
1593 	MS_STATIC char buf[1024];
1594 	ASN1_INTEGER *ai=NULL;
1595 
1596 	ai=ASN1_INTEGER_new();
1597 	if (ai == NULL) goto err;
1598 
1599 	if ((in=BIO_new(BIO_s_file())) == NULL)
1600 		{
1601 		ERR_print_errors(bio_err);
1602 		goto err;
1603 		}
1604 
1605 	if (BIO_read_filename(in,serialfile) <= 0)
1606 		{
1607 		if (!create)
1608 			{
1609 			perror(serialfile);
1610 			goto err;
1611 			}
1612 		else
1613 			{
1614 			ret=BN_new();
1615 			if (ret == NULL || !rand_serial(ret, ai))
1616 				BIO_printf(bio_err, "Out of memory\n");
1617 			}
1618 		}
1619 	else
1620 		{
1621 		if (!a2i_ASN1_INTEGER(in,ai,buf,1024))
1622 			{
1623 			BIO_printf(bio_err,"unable to load number from %s\n",
1624 				serialfile);
1625 			goto err;
1626 			}
1627 		ret=ASN1_INTEGER_to_BN(ai,NULL);
1628 		if (ret == NULL)
1629 			{
1630 			BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");
1631 			goto err;
1632 			}
1633 		}
1634 
1635 	if (ret && retai)
1636 		{
1637 		*retai = ai;
1638 		ai = NULL;
1639 		}
1640  err:
1641 	if (in != NULL) BIO_free(in);
1642 	if (ai != NULL) ASN1_INTEGER_free(ai);
1643 	return(ret);
1644 	}
1645 
save_serial(char * serialfile,char * suffix,BIGNUM * serial,ASN1_INTEGER ** retai)1646 int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai)
1647 	{
1648 	char buf[1][BSIZE];
1649 	BIO *out = NULL;
1650 	int ret=0;
1651 	ASN1_INTEGER *ai=NULL;
1652 	int j;
1653 
1654 	if (suffix == NULL)
1655 		j = strlen(serialfile);
1656 	else
1657 		j = strlen(serialfile) + strlen(suffix) + 1;
1658 	if (j >= BSIZE)
1659 		{
1660 		BIO_printf(bio_err,"file name too long\n");
1661 		goto err;
1662 		}
1663 
1664 	if (suffix == NULL)
1665 		BUF_strlcpy(buf[0], serialfile, BSIZE);
1666 	else
1667 		{
1668 #ifndef OPENSSL_SYS_VMS
1669 		j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix);
1670 #else
1671 		j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);
1672 #endif
1673 		}
1674 #ifdef RL_DEBUG
1675 	BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
1676 #endif
1677 	out=BIO_new(BIO_s_file());
1678 	if (out == NULL)
1679 		{
1680 		ERR_print_errors(bio_err);
1681 		goto err;
1682 		}
1683 	if (BIO_write_filename(out,buf[0]) <= 0)
1684 		{
1685 		perror(serialfile);
1686 		goto err;
1687 		}
1688 
1689 	if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL)
1690 		{
1691 		BIO_printf(bio_err,"error converting serial to ASN.1 format\n");
1692 		goto err;
1693 		}
1694 	i2a_ASN1_INTEGER(out,ai);
1695 	BIO_puts(out,"\n");
1696 	ret=1;
1697 	if (retai)
1698 		{
1699 		*retai = ai;
1700 		ai = NULL;
1701 		}
1702 err:
1703 	if (out != NULL) BIO_free_all(out);
1704 	if (ai != NULL) ASN1_INTEGER_free(ai);
1705 	return(ret);
1706 	}
1707 
rotate_serial(char * serialfile,char * new_suffix,char * old_suffix)1708 int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
1709 	{
1710 	char buf[5][BSIZE];
1711 	int i,j;
1712 
1713 	i = strlen(serialfile) + strlen(old_suffix);
1714 	j = strlen(serialfile) + strlen(new_suffix);
1715 	if (i > j) j = i;
1716 	if (j + 1 >= BSIZE)
1717 		{
1718 		BIO_printf(bio_err,"file name too long\n");
1719 		goto err;
1720 		}
1721 
1722 #ifndef OPENSSL_SYS_VMS
1723 	j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",
1724 		serialfile, new_suffix);
1725 #else
1726 	j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",
1727 		serialfile, new_suffix);
1728 #endif
1729 #ifndef OPENSSL_SYS_VMS
1730 	j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",
1731 		serialfile, old_suffix);
1732 #else
1733 	j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
1734 		serialfile, old_suffix);
1735 #endif
1736 #ifdef RL_DEBUG
1737 	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
1738 		serialfile, buf[1]);
1739 #endif
1740 	if (rename(serialfile,buf[1]) < 0 && errno != ENOENT
1741 #ifdef ENOTDIR
1742 			&& errno != ENOTDIR
1743 #endif
1744 	   )		{
1745 			BIO_printf(bio_err,
1746 				"unable to rename %s to %s\n",
1747 				serialfile, buf[1]);
1748 			perror("reason");
1749 			goto err;
1750 			}
1751 #ifdef RL_DEBUG
1752 	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
1753 		buf[0],serialfile);
1754 #endif
1755 	if (rename(buf[0],serialfile) < 0)
1756 		{
1757 		BIO_printf(bio_err,
1758 			"unable to rename %s to %s\n",
1759 			buf[0],serialfile);
1760 		perror("reason");
1761 		rename(buf[1],serialfile);
1762 		goto err;
1763 		}
1764 	return 1;
1765  err:
1766 	return 0;
1767 	}
1768 
rand_serial(BIGNUM * b,ASN1_INTEGER * ai)1769 int rand_serial(BIGNUM *b, ASN1_INTEGER *ai)
1770 	{
1771 	BIGNUM *btmp;
1772 	int ret = 0;
1773 	if (b)
1774 		btmp = b;
1775 	else
1776 		btmp = BN_new();
1777 
1778 	if (!btmp)
1779 		return 0;
1780 
1781 	if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0))
1782 		goto error;
1783 	if (ai && !BN_to_ASN1_INTEGER(btmp, ai))
1784 		goto error;
1785 
1786 	ret = 1;
1787 
1788 	error:
1789 
1790 	if (!b)
1791 		BN_free(btmp);
1792 
1793 	return ret;
1794 	}
1795 
load_index(char * dbfile,DB_ATTR * db_attr)1796 CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
1797 	{
1798 	CA_DB *retdb = NULL;
1799 	TXT_DB *tmpdb = NULL;
1800 	BIO *in = BIO_new(BIO_s_file());
1801 	CONF *dbattr_conf = NULL;
1802 	char buf[1][BSIZE];
1803 	long errorline= -1;
1804 
1805 	if (in == NULL)
1806 		{
1807 		ERR_print_errors(bio_err);
1808 		goto err;
1809 		}
1810 	if (BIO_read_filename(in,dbfile) <= 0)
1811 		{
1812 		perror(dbfile);
1813 		BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
1814 		goto err;
1815 		}
1816 	if ((tmpdb = TXT_DB_read(in,DB_NUMBER)) == NULL)
1817 		goto err;
1818 
1819 #ifndef OPENSSL_SYS_VMS
1820 	BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile);
1821 #else
1822 	BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile);
1823 #endif
1824 	dbattr_conf = NCONF_new(NULL);
1825 	if (NCONF_load(dbattr_conf,buf[0],&errorline) <= 0)
1826 		{
1827 		if (errorline > 0)
1828 			{
1829 			BIO_printf(bio_err,
1830 				"error on line %ld of db attribute file '%s'\n"
1831 				,errorline,buf[0]);
1832 			goto err;
1833 			}
1834 		else
1835 			{
1836 			NCONF_free(dbattr_conf);
1837 			dbattr_conf = NULL;
1838 			}
1839 		}
1840 
1841 	if ((retdb = OPENSSL_malloc(sizeof(CA_DB))) == NULL)
1842 		{
1843 		fprintf(stderr, "Out of memory\n");
1844 		goto err;
1845 		}
1846 
1847 	retdb->db = tmpdb;
1848 	tmpdb = NULL;
1849 	if (db_attr)
1850 		retdb->attributes = *db_attr;
1851 	else
1852 		{
1853 		retdb->attributes.unique_subject = 1;
1854 		}
1855 
1856 	if (dbattr_conf)
1857 		{
1858 		char *p = NCONF_get_string(dbattr_conf,NULL,"unique_subject");
1859 		if (p)
1860 			{
1861 #ifdef RL_DEBUG
1862 			BIO_printf(bio_err, "DEBUG[load_index]: unique_subject = \"%s\"\n", p);
1863 #endif
1864 			retdb->attributes.unique_subject = parse_yesno(p,1);
1865 			}
1866 		}
1867 
1868  err:
1869 	if (dbattr_conf) NCONF_free(dbattr_conf);
1870 	if (tmpdb) TXT_DB_free(tmpdb);
1871 	if (in) BIO_free_all(in);
1872 	return retdb;
1873 	}
1874 
index_index(CA_DB * db)1875 int index_index(CA_DB *db)
1876 	{
1877 	if (!TXT_DB_create_index(db->db, DB_serial, NULL,
1878 				LHASH_HASH_FN(index_serial),
1879 				LHASH_COMP_FN(index_serial)))
1880 		{
1881 		BIO_printf(bio_err,
1882 		  "error creating serial number index:(%ld,%ld,%ld)\n",
1883 		  			db->db->error,db->db->arg1,db->db->arg2);
1884 			return 0;
1885 		}
1886 
1887 	if (db->attributes.unique_subject
1888 		&& !TXT_DB_create_index(db->db, DB_name, index_name_qual,
1889 			LHASH_HASH_FN(index_name),
1890 			LHASH_COMP_FN(index_name)))
1891 		{
1892 		BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
1893 			db->db->error,db->db->arg1,db->db->arg2);
1894 		return 0;
1895 		}
1896 	return 1;
1897 	}
1898 
save_index(const char * dbfile,const char * suffix,CA_DB * db)1899 int save_index(const char *dbfile, const char *suffix, CA_DB *db)
1900 	{
1901 	char buf[3][BSIZE];
1902 	BIO *out = BIO_new(BIO_s_file());
1903 	int j;
1904 
1905 	if (out == NULL)
1906 		{
1907 		ERR_print_errors(bio_err);
1908 		goto err;
1909 		}
1910 
1911 	j = strlen(dbfile) + strlen(suffix);
1912 	if (j + 6 >= BSIZE)
1913 		{
1914 		BIO_printf(bio_err,"file name too long\n");
1915 		goto err;
1916 		}
1917 
1918 #ifndef OPENSSL_SYS_VMS
1919 	j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
1920 #else
1921 	j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
1922 #endif
1923 #ifndef OPENSSL_SYS_VMS
1924 	j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
1925 #else
1926 	j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
1927 #endif
1928 #ifndef OPENSSL_SYS_VMS
1929 	j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
1930 #else
1931 	j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);
1932 #endif
1933 #ifdef RL_DEBUG
1934 	BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
1935 #endif
1936 	if (BIO_write_filename(out,buf[0]) <= 0)
1937 		{
1938 		perror(dbfile);
1939 		BIO_printf(bio_err,"unable to open '%s'\n", dbfile);
1940 		goto err;
1941 		}
1942 	j=TXT_DB_write(out,db->db);
1943 	if (j <= 0) goto err;
1944 
1945 	BIO_free(out);
1946 
1947 	out = BIO_new(BIO_s_file());
1948 #ifdef RL_DEBUG
1949 	BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[1]);
1950 #endif
1951 	if (BIO_write_filename(out,buf[1]) <= 0)
1952 		{
1953 		perror(buf[2]);
1954 		BIO_printf(bio_err,"unable to open '%s'\n", buf[2]);
1955 		goto err;
1956 		}
1957 	BIO_printf(out,"unique_subject = %s\n",
1958 		db->attributes.unique_subject ? "yes" : "no");
1959 	BIO_free(out);
1960 
1961 	return 1;
1962  err:
1963 	return 0;
1964 	}
1965 
rotate_index(const char * dbfile,const char * new_suffix,const char * old_suffix)1966 int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix)
1967 	{
1968 	char buf[5][BSIZE];
1969 	int i,j;
1970 
1971 	i = strlen(dbfile) + strlen(old_suffix);
1972 	j = strlen(dbfile) + strlen(new_suffix);
1973 	if (i > j) j = i;
1974 	if (j + 6 >= BSIZE)
1975 		{
1976 		BIO_printf(bio_err,"file name too long\n");
1977 		goto err;
1978 		}
1979 
1980 #ifndef OPENSSL_SYS_VMS
1981 	j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
1982 #else
1983 	j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
1984 #endif
1985 #ifndef OPENSSL_SYS_VMS
1986 	j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s",
1987 		dbfile, new_suffix);
1988 #else
1989 	j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s",
1990 		dbfile, new_suffix);
1991 #endif
1992 #ifndef OPENSSL_SYS_VMS
1993 	j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",
1994 		dbfile, new_suffix);
1995 #else
1996 	j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",
1997 		dbfile, new_suffix);
1998 #endif
1999 #ifndef OPENSSL_SYS_VMS
2000 	j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",
2001 		dbfile, old_suffix);
2002 #else
2003 	j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
2004 		dbfile, old_suffix);
2005 #endif
2006 #ifndef OPENSSL_SYS_VMS
2007 	j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s",
2008 		dbfile, old_suffix);
2009 #else
2010 	j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s",
2011 		dbfile, old_suffix);
2012 #endif
2013 #ifdef RL_DEBUG
2014 	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
2015 		dbfile, buf[1]);
2016 #endif
2017 	if (rename(dbfile,buf[1]) < 0 && errno != ENOENT
2018 #ifdef ENOTDIR
2019 		&& errno != ENOTDIR
2020 #endif
2021 	   )		{
2022 			BIO_printf(bio_err,
2023 				"unable to rename %s to %s\n",
2024 				dbfile, buf[1]);
2025 			perror("reason");
2026 			goto err;
2027 			}
2028 #ifdef RL_DEBUG
2029 	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
2030 		buf[0],dbfile);
2031 #endif
2032 	if (rename(buf[0],dbfile) < 0)
2033 		{
2034 		BIO_printf(bio_err,
2035 			"unable to rename %s to %s\n",
2036 			buf[0],dbfile);
2037 		perror("reason");
2038 		rename(buf[1],dbfile);
2039 		goto err;
2040 		}
2041 #ifdef RL_DEBUG
2042 	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
2043 		buf[4],buf[3]);
2044 #endif
2045 	if (rename(buf[4],buf[3]) < 0 && errno != ENOENT
2046 #ifdef ENOTDIR
2047 		&& errno != ENOTDIR
2048 #endif
2049 	   )		{
2050 			BIO_printf(bio_err,
2051 				"unable to rename %s to %s\n",
2052 				buf[4], buf[3]);
2053 			perror("reason");
2054 			rename(dbfile,buf[0]);
2055 			rename(buf[1],dbfile);
2056 			goto err;
2057 			}
2058 #ifdef RL_DEBUG
2059 	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
2060 		buf[2],buf[4]);
2061 #endif
2062 	if (rename(buf[2],buf[4]) < 0)
2063 		{
2064 		BIO_printf(bio_err,
2065 			"unable to rename %s to %s\n",
2066 			buf[2],buf[4]);
2067 		perror("reason");
2068 		rename(buf[3],buf[4]);
2069 		rename(dbfile,buf[0]);
2070 		rename(buf[1],dbfile);
2071 		goto err;
2072 		}
2073 	return 1;
2074  err:
2075 	return 0;
2076 	}
2077 
free_index(CA_DB * db)2078 void free_index(CA_DB *db)
2079 	{
2080 	if (db)
2081 		{
2082 		if (db->db) TXT_DB_free(db->db);
2083 		OPENSSL_free(db);
2084 		}
2085 	}
2086 
parse_yesno(const char * str,int def)2087 int parse_yesno(const char *str, int def)
2088 	{
2089 	int ret = def;
2090 	if (str)
2091 		{
2092 		switch (*str)
2093 			{
2094 		case 'f': /* false */
2095 		case 'F': /* FALSE */
2096 		case 'n': /* no */
2097 		case 'N': /* NO */
2098 		case '0': /* 0 */
2099 			ret = 0;
2100 			break;
2101 		case 't': /* true */
2102 		case 'T': /* TRUE */
2103 		case 'y': /* yes */
2104 		case 'Y': /* YES */
2105 		case '1': /* 1 */
2106 			ret = 1;
2107 			break;
2108 		default:
2109 			ret = def;
2110 			break;
2111 			}
2112 		}
2113 	return ret;
2114 	}
2115 
2116 /*
2117  * subject is expected to be in the format /type0=value0/type1=value1/type2=...
2118  * where characters may be escaped by \
2119  */
parse_name(char * subject,long chtype,int multirdn)2120 X509_NAME *parse_name(char *subject, long chtype, int multirdn)
2121 	{
2122 	size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */
2123 	char *buf = OPENSSL_malloc(buflen);
2124 	size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */
2125 	char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *));
2126 	char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *));
2127 	int *mval = OPENSSL_malloc (max_ne * sizeof (int));
2128 
2129 	char *sp = subject, *bp = buf;
2130 	int i, ne_num = 0;
2131 
2132 	X509_NAME *n = NULL;
2133 	int nid;
2134 
2135 	if (!buf || !ne_types || !ne_values || !mval)
2136 		{
2137 		BIO_printf(bio_err, "malloc error\n");
2138 		goto error;
2139 		}
2140 
2141 	if (*subject != '/')
2142 		{
2143 		BIO_printf(bio_err, "Subject does not start with '/'.\n");
2144 		goto error;
2145 		}
2146 	sp++; /* skip leading / */
2147 
2148 	/* no multivalued RDN by default */
2149 	mval[ne_num] = 0;
2150 
2151 	while (*sp)
2152 		{
2153 		/* collect type */
2154 		ne_types[ne_num] = bp;
2155 		while (*sp)
2156 			{
2157 			if (*sp == '\\') /* is there anything to escape in the type...? */
2158 				{
2159 				if (*++sp)
2160 					*bp++ = *sp++;
2161 				else
2162 					{
2163 					BIO_printf(bio_err, "escape character at end of string\n");
2164 					goto error;
2165 					}
2166 				}
2167 			else if (*sp == '=')
2168 				{
2169 				sp++;
2170 				*bp++ = '\0';
2171 				break;
2172 				}
2173 			else
2174 				*bp++ = *sp++;
2175 			}
2176 		if (!*sp)
2177 			{
2178 			BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num);
2179 			goto error;
2180 			}
2181 		ne_values[ne_num] = bp;
2182 		while (*sp)
2183 			{
2184 			if (*sp == '\\')
2185 				{
2186 				if (*++sp)
2187 					*bp++ = *sp++;
2188 				else
2189 					{
2190 					BIO_printf(bio_err, "escape character at end of string\n");
2191 					goto error;
2192 					}
2193 				}
2194 			else if (*sp == '/')
2195 				{
2196 				sp++;
2197 				/* no multivalued RDN by default */
2198 				mval[ne_num+1] = 0;
2199 				break;
2200 				}
2201 			else if (*sp == '+' && multirdn)
2202 				{
2203 				/* a not escaped + signals a mutlivalued RDN */
2204 				sp++;
2205 				mval[ne_num+1] = -1;
2206 				break;
2207 				}
2208 			else
2209 				*bp++ = *sp++;
2210 			}
2211 		*bp++ = '\0';
2212 		ne_num++;
2213 		}
2214 
2215 	if (!(n = X509_NAME_new()))
2216 		goto error;
2217 
2218 	for (i = 0; i < ne_num; i++)
2219 		{
2220 		if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef)
2221 			{
2222 			BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]);
2223 			continue;
2224 			}
2225 
2226 		if (!*ne_values[i])
2227 			{
2228 			BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]);
2229 			continue;
2230 			}
2231 
2232 		if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,mval[i]))
2233 			goto error;
2234 		}
2235 
2236 	OPENSSL_free(ne_values);
2237 	OPENSSL_free(ne_types);
2238 	OPENSSL_free(buf);
2239 	OPENSSL_free(mval);
2240 	return n;
2241 
2242 error:
2243 	X509_NAME_free(n);
2244 	if (ne_values)
2245 		OPENSSL_free(ne_values);
2246 	if (ne_types)
2247 		OPENSSL_free(ne_types);
2248 	if (mval)
2249 		OPENSSL_free(mval);
2250 	if (buf)
2251 		OPENSSL_free(buf);
2252 	return NULL;
2253 }
2254 
args_verify(char *** pargs,int * pargc,int * badarg,BIO * err,X509_VERIFY_PARAM ** pm)2255 int args_verify(char ***pargs, int *pargc,
2256 			int *badarg, BIO *err, X509_VERIFY_PARAM **pm)
2257 	{
2258 	ASN1_OBJECT *otmp = NULL;
2259 	unsigned long flags = 0;
2260 	int i;
2261 	int purpose = 0, depth = -1;
2262 	char **oldargs = *pargs;
2263 	char *arg = **pargs, *argn = (*pargs)[1];
2264 	time_t at_time = 0;
2265 	if (!strcmp(arg, "-policy"))
2266 		{
2267 		if (!argn)
2268 			*badarg = 1;
2269 		else
2270 			{
2271 			otmp = OBJ_txt2obj(argn, 0);
2272 			if (!otmp)
2273 				{
2274 				BIO_printf(err, "Invalid Policy \"%s\"\n",
2275 									argn);
2276 				*badarg = 1;
2277 				}
2278 			}
2279 		(*pargs)++;
2280 		}
2281 	else if (strcmp(arg,"-purpose") == 0)
2282 		{
2283 		X509_PURPOSE *xptmp;
2284 		if (!argn)
2285 			*badarg = 1;
2286 		else
2287 			{
2288 			i = X509_PURPOSE_get_by_sname(argn);
2289 			if(i < 0)
2290 				{
2291 				BIO_printf(err, "unrecognized purpose\n");
2292 				*badarg = 1;
2293 				}
2294 			else
2295 				{
2296 				xptmp = X509_PURPOSE_get0(i);
2297 				purpose = X509_PURPOSE_get_id(xptmp);
2298 				}
2299 			}
2300 		(*pargs)++;
2301 		}
2302 	else if (strcmp(arg,"-verify_depth") == 0)
2303 		{
2304 		if (!argn)
2305 			*badarg = 1;
2306 		else
2307 			{
2308 			depth = atoi(argn);
2309 			if(depth < 0)
2310 				{
2311 				BIO_printf(err, "invalid depth\n");
2312 				*badarg = 1;
2313 				}
2314 			}
2315 		(*pargs)++;
2316 		}
2317 	else if (strcmp(arg,"-attime") == 0)
2318 		{
2319 		if (!argn)
2320 			*badarg = 1;
2321 		else
2322 			{
2323 			long timestamp;
2324 			/* interpret the -attime argument as seconds since
2325 			 * Epoch */
2326 			if (sscanf(argn, "%li", &timestamp) != 1)
2327 				{
2328 				BIO_printf(bio_err,
2329 						"Error parsing timestamp %s\n",
2330 					   	argn);
2331 				*badarg = 1;
2332 				}
2333 			/* on some platforms time_t may be a float */
2334 			at_time = (time_t) timestamp;
2335 			}
2336 		(*pargs)++;
2337 		}
2338 	else if (!strcmp(arg, "-ignore_critical"))
2339 		flags |= X509_V_FLAG_IGNORE_CRITICAL;
2340 	else if (!strcmp(arg, "-issuer_checks"))
2341 		flags |= X509_V_FLAG_CB_ISSUER_CHECK;
2342 	else if (!strcmp(arg, "-crl_check"))
2343 		flags |=  X509_V_FLAG_CRL_CHECK;
2344 	else if (!strcmp(arg, "-crl_check_all"))
2345 		flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
2346 	else if (!strcmp(arg, "-policy_check"))
2347 		flags |= X509_V_FLAG_POLICY_CHECK;
2348 	else if (!strcmp(arg, "-explicit_policy"))
2349 		flags |= X509_V_FLAG_EXPLICIT_POLICY;
2350 	else if (!strcmp(arg, "-inhibit_any"))
2351 		flags |= X509_V_FLAG_INHIBIT_ANY;
2352 	else if (!strcmp(arg, "-inhibit_map"))
2353 		flags |= X509_V_FLAG_INHIBIT_MAP;
2354 	else if (!strcmp(arg, "-x509_strict"))
2355 		flags |= X509_V_FLAG_X509_STRICT;
2356 	else if (!strcmp(arg, "-extended_crl"))
2357 		flags |= X509_V_FLAG_EXTENDED_CRL_SUPPORT;
2358 	else if (!strcmp(arg, "-use_deltas"))
2359 		flags |= X509_V_FLAG_USE_DELTAS;
2360 	else if (!strcmp(arg, "-policy_print"))
2361 		flags |= X509_V_FLAG_NOTIFY_POLICY;
2362 	else if (!strcmp(arg, "-check_ss_sig"))
2363 		flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
2364 	else
2365 		return 0;
2366 
2367 	if (*badarg)
2368 		{
2369 		if (*pm)
2370 			X509_VERIFY_PARAM_free(*pm);
2371 		*pm = NULL;
2372 		goto end;
2373 		}
2374 
2375 	if (!*pm && !(*pm = X509_VERIFY_PARAM_new()))
2376 		{
2377 		*badarg = 1;
2378 		goto end;
2379 		}
2380 
2381 	if (otmp)
2382 		X509_VERIFY_PARAM_add0_policy(*pm, otmp);
2383 	if (flags)
2384 		X509_VERIFY_PARAM_set_flags(*pm, flags);
2385 
2386 	if (purpose)
2387 		X509_VERIFY_PARAM_set_purpose(*pm, purpose);
2388 
2389 	if (depth >= 0)
2390 		X509_VERIFY_PARAM_set_depth(*pm, depth);
2391 
2392 	if (at_time)
2393 		X509_VERIFY_PARAM_set_time(*pm, at_time);
2394 
2395 	end:
2396 
2397 	(*pargs)++;
2398 
2399 	if (pargc)
2400 		*pargc -= *pargs - oldargs;
2401 
2402 	return 1;
2403 
2404 	}
2405 
2406 /* Read whole contents of a BIO into an allocated memory buffer and
2407  * return it.
2408  */
2409 
bio_to_mem(unsigned char ** out,int maxlen,BIO * in)2410 int bio_to_mem(unsigned char **out, int maxlen, BIO *in)
2411 	{
2412 	BIO *mem;
2413 	int len, ret;
2414 	unsigned char tbuf[1024];
2415 	mem = BIO_new(BIO_s_mem());
2416 	if (!mem)
2417 		return -1;
2418 	for(;;)
2419 		{
2420 		if ((maxlen != -1) && maxlen < 1024)
2421 			len = maxlen;
2422 		else
2423 			len = 1024;
2424 		len = BIO_read(in, tbuf, len);
2425 		if (len <= 0)
2426 			break;
2427 		if (BIO_write(mem, tbuf, len) != len)
2428 			{
2429 			BIO_free(mem);
2430 			return -1;
2431 			}
2432 		maxlen -= len;
2433 
2434 		if (maxlen == 0)
2435 			break;
2436 		}
2437 	ret = BIO_get_mem_data(mem, (char **)out);
2438 	BIO_set_flags(mem, BIO_FLAGS_MEM_RDONLY);
2439 	BIO_free(mem);
2440 	return ret;
2441 	}
2442 
pkey_ctrl_string(EVP_PKEY_CTX * ctx,char * value)2443 int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value)
2444 	{
2445 	int rv;
2446 	char *stmp, *vtmp = NULL;
2447 	stmp = BUF_strdup(value);
2448 	if (!stmp)
2449 		return -1;
2450 	vtmp = strchr(stmp, ':');
2451 	if (vtmp)
2452 		{
2453 		*vtmp = 0;
2454 		vtmp++;
2455 		}
2456 	rv = EVP_PKEY_CTX_ctrl_str(ctx, stmp, vtmp);
2457 	OPENSSL_free(stmp);
2458 	return rv;
2459 	}
2460 
nodes_print(BIO * out,const char * name,STACK_OF (X509_POLICY_NODE)* nodes)2461 static void nodes_print(BIO *out, const char *name,
2462 	STACK_OF(X509_POLICY_NODE) *nodes)
2463 	{
2464 	X509_POLICY_NODE *node;
2465 	int i;
2466 	BIO_printf(out, "%s Policies:", name);
2467 	if (nodes)
2468 		{
2469 		BIO_puts(out, "\n");
2470 		for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++)
2471 			{
2472 			node = sk_X509_POLICY_NODE_value(nodes, i);
2473 			X509_POLICY_NODE_print(out, node, 2);
2474 			}
2475 		}
2476 	else
2477 		BIO_puts(out, " <empty>\n");
2478 	}
2479 
policies_print(BIO * out,X509_STORE_CTX * ctx)2480 void policies_print(BIO *out, X509_STORE_CTX *ctx)
2481 	{
2482 	X509_POLICY_TREE *tree;
2483 	int explicit_policy;
2484 	int free_out = 0;
2485 	if (out == NULL)
2486 		{
2487 		out = BIO_new_fp(stderr, BIO_NOCLOSE);
2488 		free_out = 1;
2489 		}
2490 	tree = X509_STORE_CTX_get0_policy_tree(ctx);
2491 	explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx);
2492 
2493 	BIO_printf(out, "Require explicit Policy: %s\n",
2494 				explicit_policy ? "True" : "False");
2495 
2496 	nodes_print(out, "Authority", X509_policy_tree_get0_policies(tree));
2497 	nodes_print(out, "User", X509_policy_tree_get0_user_policies(tree));
2498 	if (free_out)
2499 		BIO_free(out);
2500 	}
2501 
2502 #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
2503 
jpake_init(const char * us,const char * them,const char * secret)2504 static JPAKE_CTX *jpake_init(const char *us, const char *them,
2505 							 const char *secret)
2506 	{
2507 	BIGNUM *p = NULL;
2508 	BIGNUM *g = NULL;
2509 	BIGNUM *q = NULL;
2510 	BIGNUM *bnsecret = BN_new();
2511 	JPAKE_CTX *ctx;
2512 
2513 	/* Use a safe prime for p (that we found earlier) */
2514 	BN_hex2bn(&p, "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F");
2515 	g = BN_new();
2516 	BN_set_word(g, 2);
2517 	q = BN_new();
2518 	BN_rshift1(q, p);
2519 
2520 	BN_bin2bn((const unsigned char *)secret, strlen(secret), bnsecret);
2521 
2522 	ctx = JPAKE_CTX_new(us, them, p, g, q, bnsecret);
2523 	BN_free(bnsecret);
2524 	BN_free(q);
2525 	BN_free(g);
2526 	BN_free(p);
2527 
2528 	return ctx;
2529 	}
2530 
jpake_send_part(BIO * conn,const JPAKE_STEP_PART * p)2531 static void jpake_send_part(BIO *conn, const JPAKE_STEP_PART *p)
2532 	{
2533 	BN_print(conn, p->gx);
2534 	BIO_puts(conn, "\n");
2535 	BN_print(conn, p->zkpx.gr);
2536 	BIO_puts(conn, "\n");
2537 	BN_print(conn, p->zkpx.b);
2538 	BIO_puts(conn, "\n");
2539 	}
2540 
jpake_send_step1(BIO * bconn,JPAKE_CTX * ctx)2541 static void jpake_send_step1(BIO *bconn, JPAKE_CTX *ctx)
2542 	{
2543 	JPAKE_STEP1 s1;
2544 
2545 	JPAKE_STEP1_init(&s1);
2546 	JPAKE_STEP1_generate(&s1, ctx);
2547 	jpake_send_part(bconn, &s1.p1);
2548 	jpake_send_part(bconn, &s1.p2);
2549 	(void)BIO_flush(bconn);
2550 	JPAKE_STEP1_release(&s1);
2551 	}
2552 
jpake_send_step2(BIO * bconn,JPAKE_CTX * ctx)2553 static void jpake_send_step2(BIO *bconn, JPAKE_CTX *ctx)
2554 	{
2555 	JPAKE_STEP2 s2;
2556 
2557 	JPAKE_STEP2_init(&s2);
2558 	JPAKE_STEP2_generate(&s2, ctx);
2559 	jpake_send_part(bconn, &s2);
2560 	(void)BIO_flush(bconn);
2561 	JPAKE_STEP2_release(&s2);
2562 	}
2563 
jpake_send_step3a(BIO * bconn,JPAKE_CTX * ctx)2564 static void jpake_send_step3a(BIO *bconn, JPAKE_CTX *ctx)
2565 	{
2566 	JPAKE_STEP3A s3a;
2567 
2568 	JPAKE_STEP3A_init(&s3a);
2569 	JPAKE_STEP3A_generate(&s3a, ctx);
2570 	BIO_write(bconn, s3a.hhk, sizeof s3a.hhk);
2571 	(void)BIO_flush(bconn);
2572 	JPAKE_STEP3A_release(&s3a);
2573 	}
2574 
jpake_send_step3b(BIO * bconn,JPAKE_CTX * ctx)2575 static void jpake_send_step3b(BIO *bconn, JPAKE_CTX *ctx)
2576 	{
2577 	JPAKE_STEP3B s3b;
2578 
2579 	JPAKE_STEP3B_init(&s3b);
2580 	JPAKE_STEP3B_generate(&s3b, ctx);
2581 	BIO_write(bconn, s3b.hk, sizeof s3b.hk);
2582 	(void)BIO_flush(bconn);
2583 	JPAKE_STEP3B_release(&s3b);
2584 	}
2585 
readbn(BIGNUM ** bn,BIO * bconn)2586 static void readbn(BIGNUM **bn, BIO *bconn)
2587 	{
2588 	char buf[10240];
2589 	int l;
2590 
2591 	l = BIO_gets(bconn, buf, sizeof buf);
2592 	assert(l > 0);
2593 	assert(buf[l-1] == '\n');
2594 	buf[l-1] = '\0';
2595 	BN_hex2bn(bn, buf);
2596 	}
2597 
jpake_receive_part(JPAKE_STEP_PART * p,BIO * bconn)2598 static void jpake_receive_part(JPAKE_STEP_PART *p, BIO *bconn)
2599 	{
2600 	readbn(&p->gx, bconn);
2601 	readbn(&p->zkpx.gr, bconn);
2602 	readbn(&p->zkpx.b, bconn);
2603 	}
2604 
jpake_receive_step1(JPAKE_CTX * ctx,BIO * bconn)2605 static void jpake_receive_step1(JPAKE_CTX *ctx, BIO *bconn)
2606 	{
2607 	JPAKE_STEP1 s1;
2608 
2609 	JPAKE_STEP1_init(&s1);
2610 	jpake_receive_part(&s1.p1, bconn);
2611 	jpake_receive_part(&s1.p2, bconn);
2612 	if(!JPAKE_STEP1_process(ctx, &s1))
2613 		{
2614 		ERR_print_errors(bio_err);
2615 		exit(1);
2616 		}
2617 	JPAKE_STEP1_release(&s1);
2618 	}
2619 
jpake_receive_step2(JPAKE_CTX * ctx,BIO * bconn)2620 static void jpake_receive_step2(JPAKE_CTX *ctx, BIO *bconn)
2621 	{
2622 	JPAKE_STEP2 s2;
2623 
2624 	JPAKE_STEP2_init(&s2);
2625 	jpake_receive_part(&s2, bconn);
2626 	if(!JPAKE_STEP2_process(ctx, &s2))
2627 		{
2628 		ERR_print_errors(bio_err);
2629 		exit(1);
2630 		}
2631 	JPAKE_STEP2_release(&s2);
2632 	}
2633 
jpake_receive_step3a(JPAKE_CTX * ctx,BIO * bconn)2634 static void jpake_receive_step3a(JPAKE_CTX *ctx, BIO *bconn)
2635 	{
2636 	JPAKE_STEP3A s3a;
2637 	int l;
2638 
2639 	JPAKE_STEP3A_init(&s3a);
2640 	l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk);
2641 	assert(l == sizeof s3a.hhk);
2642 	if(!JPAKE_STEP3A_process(ctx, &s3a))
2643 		{
2644 		ERR_print_errors(bio_err);
2645 		exit(1);
2646 		}
2647 	JPAKE_STEP3A_release(&s3a);
2648 	}
2649 
jpake_receive_step3b(JPAKE_CTX * ctx,BIO * bconn)2650 static void jpake_receive_step3b(JPAKE_CTX *ctx, BIO *bconn)
2651 	{
2652 	JPAKE_STEP3B s3b;
2653 	int l;
2654 
2655 	JPAKE_STEP3B_init(&s3b);
2656 	l = BIO_read(bconn, s3b.hk, sizeof s3b.hk);
2657 	assert(l == sizeof s3b.hk);
2658 	if(!JPAKE_STEP3B_process(ctx, &s3b))
2659 		{
2660 		ERR_print_errors(bio_err);
2661 		exit(1);
2662 		}
2663 	JPAKE_STEP3B_release(&s3b);
2664 	}
2665 
jpake_client_auth(BIO * out,BIO * conn,const char * secret)2666 void jpake_client_auth(BIO *out, BIO *conn, const char *secret)
2667 	{
2668 	JPAKE_CTX *ctx;
2669 	BIO *bconn;
2670 
2671 	BIO_puts(out, "Authenticating with JPAKE\n");
2672 
2673 	ctx = jpake_init("client", "server", secret);
2674 
2675 	bconn = BIO_new(BIO_f_buffer());
2676 	BIO_push(bconn, conn);
2677 
2678 	jpake_send_step1(bconn, ctx);
2679 	jpake_receive_step1(ctx, bconn);
2680 	jpake_send_step2(bconn, ctx);
2681 	jpake_receive_step2(ctx, bconn);
2682 	jpake_send_step3a(bconn, ctx);
2683 	jpake_receive_step3b(ctx, bconn);
2684 
2685 	BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
2686 
2687 	psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
2688 
2689 	BIO_pop(bconn);
2690 	BIO_free(bconn);
2691 
2692 	JPAKE_CTX_free(ctx);
2693 	}
2694 
jpake_server_auth(BIO * out,BIO * conn,const char * secret)2695 void jpake_server_auth(BIO *out, BIO *conn, const char *secret)
2696 	{
2697 	JPAKE_CTX *ctx;
2698 	BIO *bconn;
2699 
2700 	BIO_puts(out, "Authenticating with JPAKE\n");
2701 
2702 	ctx = jpake_init("server", "client", secret);
2703 
2704 	bconn = BIO_new(BIO_f_buffer());
2705 	BIO_push(bconn, conn);
2706 
2707 	jpake_receive_step1(ctx, bconn);
2708 	jpake_send_step1(bconn, ctx);
2709 	jpake_receive_step2(ctx, bconn);
2710 	jpake_send_step2(bconn, ctx);
2711 	jpake_receive_step3a(ctx, bconn);
2712 	jpake_send_step3b(bconn, ctx);
2713 
2714 	BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
2715 
2716 	psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
2717 
2718 	BIO_pop(bconn);
2719 	BIO_free(bconn);
2720 
2721 	JPAKE_CTX_free(ctx);
2722 	}
2723 
2724 #endif
2725 
2726 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
2727 /* next_protos_parse parses a comma separated list of strings into a string
2728  * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
2729  *   outlen: (output) set to the length of the resulting buffer on success.
2730  *   err: (maybe NULL) on failure, an error message line is written to this BIO.
2731  *   in: a NUL termianted string like "abc,def,ghi"
2732  *
2733  *   returns: a malloced buffer or NULL on failure.
2734  */
next_protos_parse(unsigned short * outlen,const char * in)2735 unsigned char *next_protos_parse(unsigned short *outlen, const char *in)
2736 	{
2737 	size_t len;
2738 	unsigned char *out;
2739 	size_t i, start = 0;
2740 
2741 	len = strlen(in);
2742 	if (len >= 65535)
2743 		return NULL;
2744 
2745 	out = OPENSSL_malloc(strlen(in) + 1);
2746 	if (!out)
2747 		return NULL;
2748 
2749 	for (i = 0; i <= len; ++i)
2750 		{
2751 		if (i == len || in[i] == ',')
2752 			{
2753 			if (i - start > 255)
2754 				{
2755 				OPENSSL_free(out);
2756 				return NULL;
2757 				}
2758 			out[start] = i - start;
2759 			start = i + 1;
2760 			}
2761 		else
2762 			out[i+1] = in[i];
2763 		}
2764 
2765 	*outlen = len + 1;
2766 	return out;
2767 	}
2768 #endif  /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */
2769 
2770 /*
2771  * Platform-specific sections
2772  */
2773 #if defined(_WIN32)
2774 # ifdef fileno
2775 #  undef fileno
2776 #  define fileno(a) (int)_fileno(a)
2777 # endif
2778 
2779 # include <windows.h>
2780 # include <tchar.h>
2781 
WIN32_rename(const char * from,const char * to)2782 static int WIN32_rename(const char *from, const char *to)
2783 	{
2784 	TCHAR  *tfrom=NULL,*tto;
2785 	DWORD	err;
2786 	int	ret=0;
2787 
2788 	if (sizeof(TCHAR) == 1)
2789 		{
2790 		tfrom = (TCHAR *)from;
2791 		tto   = (TCHAR *)to;
2792 		}
2793 	else	/* UNICODE path */
2794 		{
2795 		size_t i,flen=strlen(from)+1,tlen=strlen(to)+1;
2796 		tfrom = (TCHAR *)malloc(sizeof(TCHAR)*(flen+tlen));
2797 		if (tfrom==NULL) goto err;
2798 		tto=tfrom+flen;
2799 #if !defined(_WIN32_WCE) || _WIN32_WCE>=101
2800 		if (!MultiByteToWideChar(CP_ACP,0,from,flen,(WCHAR *)tfrom,flen))
2801 #endif
2802 			for (i=0;i<flen;i++)	tfrom[i]=(TCHAR)from[i];
2803 #if !defined(_WIN32_WCE) || _WIN32_WCE>=101
2804 		if (!MultiByteToWideChar(CP_ACP,0,to,  tlen,(WCHAR *)tto,  tlen))
2805 #endif
2806 			for (i=0;i<tlen;i++)	tto[i]  =(TCHAR)to[i];
2807 		}
2808 
2809 	if (MoveFile(tfrom,tto))	goto ok;
2810 	err=GetLastError();
2811 	if (err==ERROR_ALREADY_EXISTS || err==ERROR_FILE_EXISTS)
2812 		{
2813 		if (DeleteFile(tto) && MoveFile(tfrom,tto))
2814 			goto ok;
2815 		err=GetLastError();
2816 		}
2817 	if (err==ERROR_FILE_NOT_FOUND || err==ERROR_PATH_NOT_FOUND)
2818 		errno = ENOENT;
2819 	else if (err==ERROR_ACCESS_DENIED)
2820 		errno = EACCES;
2821 	else
2822 		errno = EINVAL;	/* we could map more codes... */
2823 err:
2824 	ret=-1;
2825 ok:
2826 	if (tfrom!=NULL && tfrom!=(TCHAR *)from)	free(tfrom);
2827 	return ret;
2828 	}
2829 #endif
2830 
2831 /* app_tminterval section */
2832 #if defined(_WIN32)
app_tminterval(int stop,int usertime)2833 double app_tminterval(int stop,int usertime)
2834 	{
2835 	FILETIME		now;
2836 	double			ret=0;
2837 	static ULARGE_INTEGER	tmstart;
2838 	static int		warning=1;
2839 #ifdef _WIN32_WINNT
2840 	static HANDLE		proc=NULL;
2841 
2842 	if (proc==NULL)
2843 		{
2844 		if (GetVersion() < 0x80000000)
2845 			proc = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,
2846 						GetCurrentProcessId());
2847 		if (proc==NULL) proc = (HANDLE)-1;
2848 		}
2849 
2850 	if (usertime && proc!=(HANDLE)-1)
2851 		{
2852 		FILETIME junk;
2853 		GetProcessTimes(proc,&junk,&junk,&junk,&now);
2854 		}
2855 	else
2856 #endif
2857 		{
2858 		SYSTEMTIME systime;
2859 
2860 		if (usertime && warning)
2861 			{
2862 			BIO_printf(bio_err,"To get meaningful results, run "
2863 					   "this program on idle system.\n");
2864 			warning=0;
2865 			}
2866 		GetSystemTime(&systime);
2867 		SystemTimeToFileTime(&systime,&now);
2868 		}
2869 
2870 	if (stop==TM_START)
2871 		{
2872 		tmstart.u.LowPart  = now.dwLowDateTime;
2873 		tmstart.u.HighPart = now.dwHighDateTime;
2874 		}
2875 	else	{
2876 		ULARGE_INTEGER tmstop;
2877 
2878 		tmstop.u.LowPart   = now.dwLowDateTime;
2879 		tmstop.u.HighPart  = now.dwHighDateTime;
2880 
2881 		ret = (__int64)(tmstop.QuadPart - tmstart.QuadPart)*1e-7;
2882 		}
2883 
2884 	return (ret);
2885 	}
2886 
2887 #elif defined(OPENSSL_SYS_NETWARE)
2888 #include <time.h>
2889 
app_tminterval(int stop,int usertime)2890 double app_tminterval(int stop,int usertime)
2891 	{
2892 	double		ret=0;
2893 	static clock_t	tmstart;
2894 	static int	warning=1;
2895 
2896 	if (usertime && warning)
2897 		{
2898 		BIO_printf(bio_err,"To get meaningful results, run "
2899 				   "this program on idle system.\n");
2900 		warning=0;
2901 		}
2902 
2903 	if (stop==TM_START)	tmstart = clock();
2904 	else			ret     = (clock()-tmstart)/(double)CLOCKS_PER_SEC;
2905 
2906 	return (ret);
2907 	}
2908 
2909 #elif defined(OPENSSL_SYSTEM_VXWORKS)
2910 #include <time.h>
2911 
app_tminterval(int stop,int usertime)2912 double app_tminterval(int stop,int usertime)
2913 	{
2914 	double ret=0;
2915 #ifdef CLOCK_REALTIME
2916 	static struct timespec	tmstart;
2917 	struct timespec		now;
2918 #else
2919 	static unsigned long	tmstart;
2920 	unsigned long		now;
2921 #endif
2922 	static int warning=1;
2923 
2924 	if (usertime && warning)
2925 		{
2926 		BIO_printf(bio_err,"To get meaningful results, run "
2927 				   "this program on idle system.\n");
2928 		warning=0;
2929 		}
2930 
2931 #ifdef CLOCK_REALTIME
2932 	clock_gettime(CLOCK_REALTIME,&now);
2933 	if (stop==TM_START)	tmstart = now;
2934 	else	ret = ( (now.tv_sec+now.tv_nsec*1e-9)
2935 			- (tmstart.tv_sec+tmstart.tv_nsec*1e-9) );
2936 #else
2937 	now = tickGet();
2938 	if (stop==TM_START)	tmstart = now;
2939 	else			ret = (now - tmstart)/(double)sysClkRateGet();
2940 #endif
2941 	return (ret);
2942 	}
2943 
2944 #elif defined(OPENSSL_SYSTEM_VMS)
2945 #include <time.h>
2946 #include <times.h>
2947 
app_tminterval(int stop,int usertime)2948 double app_tminterval(int stop,int usertime)
2949 	{
2950 	static clock_t	tmstart;
2951 	double		ret = 0;
2952 	clock_t		now;
2953 #ifdef __TMS
2954 	struct tms	rus;
2955 
2956 	now = times(&rus);
2957 	if (usertime)	now = rus.tms_utime;
2958 #else
2959 	if (usertime)
2960 		now = clock(); /* sum of user and kernel times */
2961 	else	{
2962 		struct timeval tv;
2963 		gettimeofday(&tv,NULL);
2964 		now = (clock_t)(
2965 			(unsigned long long)tv.tv_sec*CLK_TCK +
2966 			(unsigned long long)tv.tv_usec*(1000000/CLK_TCK)
2967 			);
2968 		}
2969 #endif
2970 	if (stop==TM_START)	tmstart = now;
2971 	else			ret = (now - tmstart)/(double)(CLK_TCK);
2972 
2973 	return (ret);
2974 	}
2975 
2976 #elif defined(_SC_CLK_TCK)	/* by means of unistd.h */
2977 #include <sys/times.h>
2978 
app_tminterval(int stop,int usertime)2979 double app_tminterval(int stop,int usertime)
2980 	{
2981 	double		ret = 0;
2982 	struct tms	rus;
2983 	clock_t		now = times(&rus);
2984 	static clock_t	tmstart;
2985 
2986 	if (usertime)		now = rus.tms_utime;
2987 
2988 	if (stop==TM_START)	tmstart = now;
2989 	else
2990 		{
2991 		long int tck = sysconf(_SC_CLK_TCK);
2992 		ret = (now - tmstart)/(double)tck;
2993 		}
2994 
2995 	return (ret);
2996 	}
2997 
2998 #else
2999 #include <sys/time.h>
3000 #include <sys/resource.h>
3001 
app_tminterval(int stop,int usertime)3002 double app_tminterval(int stop,int usertime)
3003 	{
3004 	double		ret = 0;
3005 	struct rusage	rus;
3006 	struct timeval	now;
3007 	static struct timeval tmstart;
3008 
3009 	if (usertime)		getrusage(RUSAGE_SELF,&rus), now = rus.ru_utime;
3010 	else			gettimeofday(&now,NULL);
3011 
3012 	if (stop==TM_START)	tmstart = now;
3013 	else			ret = ( (now.tv_sec+now.tv_usec*1e-6)
3014 					- (tmstart.tv_sec+tmstart.tv_usec*1e-6) );
3015 
3016 	return ret;
3017 	}
3018 #endif
3019 
3020 /* app_isdir section */
3021 #ifdef _WIN32
app_isdir(const char * name)3022 int app_isdir(const char *name)
3023 	{
3024 	HANDLE		hList;
3025 	WIN32_FIND_DATA	FileData;
3026 #if defined(UNICODE) || defined(_UNICODE)
3027 	size_t i, len_0 = strlen(name)+1;
3028 
3029 	if (len_0 > sizeof(FileData.cFileName)/sizeof(FileData.cFileName[0]))
3030 		return -1;
3031 
3032 #if !defined(_WIN32_WCE) || _WIN32_WCE>=101
3033 	if (!MultiByteToWideChar(CP_ACP,0,name,len_0,FileData.cFileName,len_0))
3034 #endif
3035 		for (i=0;i<len_0;i++)
3036 			FileData.cFileName[i] = (WCHAR)name[i];
3037 
3038 	hList = FindFirstFile(FileData.cFileName,&FileData);
3039 #else
3040 	hList = FindFirstFile(name,&FileData);
3041 #endif
3042 	if (hList == INVALID_HANDLE_VALUE)	return -1;
3043 	FindClose(hList);
3044 	return ((FileData.dwFileAttributes&FILE_ATTRIBUTE_DIRECTORY)!=0);
3045 	}
3046 #else
3047 #include <sys/stat.h>
3048 #ifndef S_ISDIR
3049 # if defined(_S_IFMT) && defined(_S_IFDIR)
3050 #  define S_ISDIR(a)   (((a) & _S_IFMT) == _S_IFDIR)
3051 # else
3052 #  define S_ISDIR(a)   (((a) & S_IFMT) == S_IFDIR)
3053 # endif
3054 #endif
3055 
app_isdir(const char * name)3056 int app_isdir(const char *name)
3057 	{
3058 #if defined(S_ISDIR)
3059 	struct stat st;
3060 
3061 	if (stat(name,&st)==0)	return S_ISDIR(st.st_mode);
3062 	else			return -1;
3063 #else
3064 	return -1;
3065 #endif
3066 	}
3067 #endif
3068 
3069 /* raw_read|write section */
3070 #if defined(_WIN32) && defined(STD_INPUT_HANDLE)
raw_read_stdin(void * buf,int siz)3071 int raw_read_stdin(void *buf,int siz)
3072 	{
3073 	DWORD n;
3074 	if (ReadFile(GetStdHandle(STD_INPUT_HANDLE),buf,siz,&n,NULL))
3075 		return (n);
3076 	else	return (-1);
3077 	}
3078 #else
raw_read_stdin(void * buf,int siz)3079 int raw_read_stdin(void *buf,int siz)
3080 	{	return read(fileno(stdin),buf,siz);	}
3081 #endif
3082 
3083 #if defined(_WIN32) && defined(STD_OUTPUT_HANDLE)
raw_write_stdout(const void * buf,int siz)3084 int raw_write_stdout(const void *buf,int siz)
3085 	{
3086 	DWORD n;
3087 	if (WriteFile(GetStdHandle(STD_OUTPUT_HANDLE),buf,siz,&n,NULL))
3088 		return (n);
3089 	else	return (-1);
3090 	}
3091 #else
raw_write_stdout(const void * buf,int siz)3092 int raw_write_stdout(const void *buf,int siz)
3093 	{	return write(fileno(stdout),buf,siz);	}
3094 #endif
3095