aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--CHANGES356
-rwxr-xr-xConfigure104
-rw-r--r--FREEBSD-upgrade4
-rw-r--r--Makefile2
-rw-r--r--NEWS79
-rw-r--r--README2
-rw-r--r--apps/app_rand.c188
-rw-r--r--apps/apps.c5085
-rw-r--r--apps/apps.h354
-rw-r--r--apps/asn1pars.c693
-rw-r--r--apps/ca.c5555
-rw-r--r--apps/ciphers.c300
-rw-r--r--apps/cms.c2438
-rw-r--r--apps/crl.c678
-rw-r--r--apps/crl2p7.c469
-rw-r--r--apps/dgst.c1070
-rw-r--r--apps/dh.c518
-rw-r--r--apps/dhparam.c842
-rw-r--r--apps/dsa.c570
-rw-r--r--apps/dsaparam.c781
-rw-r--r--apps/ec.c569
-rw-r--r--apps/ecparam.c1180
-rw-r--r--apps/enc.c1220
-rw-r--r--apps/engine.c886
-rw-r--r--apps/errstr.c101
-rw-r--r--apps/gendh.c345
-rw-r--r--apps/gendsa.c418
-rw-r--r--apps/genpkey.c655
-rw-r--r--apps/genrsa.c515
-rw-r--r--apps/nseq.c181
-rw-r--r--apps/ocsp.c2560
-rw-r--r--apps/openssl.c1038
-rw-r--r--apps/passwd.c938
-rw-r--r--apps/pkcs12.c1658
-rw-r--r--apps/pkcs7.c414
-rw-r--r--apps/pkcs8.c637
-rw-r--r--apps/pkey.c381
-rw-r--r--apps/pkeyparam.c211
-rw-r--r--apps/pkeyutl.c899
-rw-r--r--apps/prime.c159
-rw-r--r--apps/progs.h352
-rw-r--r--apps/rand.c298
-rw-r--r--apps/req.c3224
-rw-r--r--apps/rsa.c747
-rw-r--r--apps/rsautl.c560
-rw-r--r--apps/s_apps.h76
-rw-r--r--apps/s_cb.c1509
-rw-r--r--apps/s_client.c3558
-rw-r--r--apps/s_server.c4845
-rw-r--r--apps/s_socket.c986
-rw-r--r--apps/s_time.c803
-rw-r--r--apps/sess_id.c434
-rw-r--r--apps/smime.c1381
-rw-r--r--apps/speed.c5176
-rw-r--r--apps/spkac.c404
-rw-r--r--apps/srp.c1350
-rw-r--r--apps/testdsa.h430
-rw-r--r--apps/testrsa.h924
-rw-r--r--apps/timeouts.h14
-rw-r--r--apps/ts.c1908
-rw-r--r--apps/verify.c539
-rw-r--r--apps/version.c139
-rw-r--r--apps/x509.c2262
-rw-r--r--crypto/LPdir_unix.c123
-rw-r--r--crypto/aes/aes.h100
-rw-r--r--crypto/aes/aes_cbc.c17
-rw-r--r--crypto/aes/aes_cfb.c40
-rw-r--r--crypto/aes/aes_core.c805
-rw-r--r--crypto/aes/aes_ctr.c14
-rw-r--r--crypto/aes/aes_ecb.c18
-rw-r--r--crypto/aes/aes_ige.c454
-rw-r--r--crypto/aes/aes_locl.h50
-rw-r--r--crypto/aes/aes_misc.c33
-rw-r--r--crypto/aes/aes_ofb.c9
-rw-r--r--crypto/aes/aes_wrap.c365
-rw-r--r--crypto/aes/aes_x86core.c1035
-rw-r--r--crypto/arm_arch.h72
-rw-r--r--crypto/armcap.c93
-rw-r--r--crypto/asn1/a_bitstr.c369
-rw-r--r--crypto/asn1/a_bool.c97
-rw-r--r--crypto/asn1/a_bytes.c444
-rw-r--r--crypto/asn1/a_d2i_fp.c378
-rw-r--r--crypto/asn1/a_digest.c70
-rw-r--r--crypto/asn1/a_dup.c88
-rw-r--r--crypto/asn1/a_enum.c213
-rw-r--r--crypto/asn1/a_gentm.c353
-rw-r--r--crypto/asn1/a_i2d_fp.c168
-rw-r--r--crypto/asn1/a_int.c718
-rw-r--r--crypto/asn1/a_mbstr.c553
-rw-r--r--crypto/asn1/a_object.c615
-rw-r--r--crypto/asn1/a_octet.c31
-rw-r--r--crypto/asn1/a_print.c126
-rw-r--r--crypto/asn1/a_set.c321
-rw-r--r--crypto/asn1/a_sign.c386
-rw-r--r--crypto/asn1/a_strex.c919
-rw-r--r--crypto/asn1/a_strnid.c323
-rw-r--r--crypto/asn1/a_time.c230
-rw-r--r--crypto/asn1/a_type.c174
-rw-r--r--crypto/asn1/a_utctm.c488
-rw-r--r--crypto/asn1/a_utf8.c294
-rw-r--r--crypto/asn1/a_verify.c327
-rw-r--r--crypto/asn1/ameth_lib.c679
-rw-r--r--crypto/asn1/asn1.h1899
-rw-r--r--crypto/asn1/asn1_err.c540
-rw-r--r--crypto/asn1/asn1_gen.c1475
-rw-r--r--crypto/asn1/asn1_lib.c746
-rw-r--r--crypto/asn1/asn1_locl.h147
-rw-r--r--crypto/asn1/asn1_mac.h973
-rw-r--r--crypto/asn1/asn1_par.c672
-rw-r--r--crypto/asn1/asn1t.h1207
-rw-r--r--crypto/asn1/asn_mime.c1512
-rw-r--r--crypto/asn1/asn_moid.c149
-rw-r--r--crypto/asn1/asn_pack.c192
-rw-r--r--crypto/asn1/bio_asn1.c780
-rw-r--r--crypto/asn1/bio_ndef.c295
-rw-r--r--crypto/asn1/charmap.h22
-rw-r--r--crypto/asn1/d2i_pr.c186
-rw-r--r--crypto/asn1/d2i_pu.c125
-rw-r--r--crypto/asn1/evp_asn1.c262
-rw-r--r--crypto/asn1/f_enum.c274
-rw-r--r--crypto/asn1/f_int.c294
-rw-r--r--crypto/asn1/f_string.c281
-rw-r--r--crypto/asn1/i2d_pr.c40
-rw-r--r--crypto/asn1/i2d_pu.c46
-rw-r--r--crypto/asn1/n_pkey.c516
-rw-r--r--crypto/asn1/nsseq.c25
-rw-r--r--crypto/asn1/p5_pbe.c141
-rw-r--r--crypto/asn1/p5_pbev2.c362
-rw-r--r--crypto/asn1/p8_pkey.c154
-rw-r--r--crypto/asn1/t_bitst.c65
-rw-r--r--crypto/asn1/t_crl.c109
-rw-r--r--crypto/asn1/t_pkey.c103
-rw-r--r--crypto/asn1/t_req.c360
-rw-r--r--crypto/asn1/t_spki.c73
-rw-r--r--crypto/asn1/t_x509.c866
-rw-r--r--crypto/asn1/t_x509a.c93
-rw-r--r--crypto/asn1/tasn_dec.c2339
-rw-r--r--crypto/asn1/tasn_enc.c1153
-rw-r--r--crypto/asn1/tasn_fre.c375
-rw-r--r--crypto/asn1/tasn_new.c566
-rw-r--r--crypto/asn1/tasn_prn.c948
-rw-r--r--crypto/asn1/tasn_typ.c15
-rw-r--r--crypto/asn1/tasn_utl.c342
-rw-r--r--crypto/asn1/x_algor.c135
-rw-r--r--crypto/asn1/x_attrib.c82
-rw-r--r--crypto/asn1/x_bignum.c111
-rw-r--r--crypto/asn1/x_crl.c785
-rw-r--r--crypto/asn1/x_exten.c17
-rw-r--r--crypto/asn1/x_info.c89
-rw-r--r--crypto/asn1/x_long.c193
-rw-r--r--crypto/asn1/x_name.c776
-rw-r--r--crypto/asn1/x_nx509.c12
-rw-r--r--crypto/asn1/x_pkey.c150
-rw-r--r--crypto/asn1/x_pubkey.c562
-rw-r--r--crypto/asn1/x_req.c53
-rw-r--r--crypto/asn1/x_sig.c16
-rw-r--r--crypto/asn1/x_spki.c27
-rw-r--r--crypto/asn1/x_val.c16
-rw-r--r--crypto/asn1/x_x509.c202
-rw-r--r--crypto/asn1/x_x509a.c153
-rw-r--r--crypto/bf/bf_cbc.c164
-rw-r--r--crypto/bf/bf_cfb64.c128
-rw-r--r--crypto/bf/bf_ecb.c62
-rw-r--r--crypto/bf/bf_enc.c434
-rw-r--r--crypto/bf/bf_locl.h238
-rw-r--r--crypto/bf/bf_ofb64.c106
-rw-r--r--crypto/bf/bf_opts.c383
-rw-r--r--crypto/bf/bf_pi.h800
-rw-r--r--crypto/bf/bf_skey.c105
-rw-r--r--crypto/bf/bfspeed.c306
-rw-r--r--crypto/bf/bftest.c920
-rw-r--r--crypto/bf/blowfish.h81
-rw-r--r--crypto/bio/b_dump.c203
-rw-r--r--crypto/bio/b_print.c379
-rw-r--r--crypto/bio/b_sock.c1697
-rw-r--r--crypto/bio/bf_buff.c863
-rw-r--r--crypto/bio/bf_lbuf.c580
-rw-r--r--crypto/bio/bf_nbio.c322
-rw-r--r--crypto/bio/bf_null.c206
-rw-r--r--crypto/bio/bio.h1194
-rw-r--r--crypto/bio/bio_cb.c158
-rw-r--r--crypto/bio/bio_err.c164
-rw-r--r--crypto/bio/bio_lcl.h60
-rw-r--r--crypto/bio/bio_lib.c844
-rw-r--r--crypto/bio/bss_acpt.c727
-rw-r--r--crypto/bio/bss_bio.c1476
-rw-r--r--crypto/bio/bss_conn.c1047
-rw-r--r--crypto/bio/bss_dgram.c3592
-rw-r--r--crypto/bio/bss_fd.c383
-rw-r--r--crypto/bio/bss_file.c758
-rw-r--r--crypto/bio/bss_log.c588
-rw-r--r--crypto/bio/bss_mem.c436
-rw-r--r--crypto/bio/bss_null.c139
-rw-r--r--crypto/bio/bss_rtcp.c297
-rw-r--r--crypto/bio/bss_sock.c373
-rw-r--r--crypto/bn/asm/x86_64-gcc.c1090
-rw-r--r--crypto/bn/bn.h1214
-rw-r--r--crypto/bn/bn_add.c430
-rw-r--r--crypto/bn/bn_asm.c1860
-rw-r--r--crypto/bn/bn_blind.c482
-rwxr-xr-xcrypto/bn/bn_const.c807
-rw-r--r--crypto/bn/bn_ctx.c592
-rw-r--r--crypto/bn/bn_depr.c85
-rw-r--r--crypto/bn/bn_div.c757
-rw-r--r--crypto/bn/bn_err.c152
-rw-r--r--crypto/bn/bn_exp.c1888
-rw-r--r--crypto/bn/bn_exp2.c365
-rw-r--r--crypto/bn/bn_gcd.c1117
-rw-r--r--crypto/bn/bn_gf2m.c2110
-rw-r--r--crypto/bn/bn_kron.c246
-rw-r--r--crypto/bn/bn_lcl.h625
-rw-r--r--crypto/bn/bn_lib.c1437
-rw-r--r--crypto/bn/bn_mod.c353
-rw-r--r--crypto/bn/bn_mont.c762
-rw-r--r--crypto/bn/bn_mpi.c130
-rw-r--r--crypto/bn/bn_mul.c2004
-rw-r--r--crypto/bn/bn_nist.c2039
-rw-r--r--crypto/bn/bn_prime.c745
-rw-r--r--crypto/bn/bn_prime.h535
-rw-r--r--crypto/bn/bn_print.c593
-rw-r--r--crypto/bn/bn_rand.c316
-rw-r--r--crypto/bn/bn_recp.c329
-rw-r--r--crypto/bn/bn_shift.c291
-rw-r--r--crypto/bn/bn_sqr.c369
-rw-r--r--crypto/bn/bn_sqrt.c678
-rw-r--r--crypto/bn/bn_word.c319
-rw-r--r--crypto/bn/bn_x931p.c334
-rw-r--r--crypto/bn/bnspeed.c245
-rw-r--r--crypto/bn/bntest.c3932
-rw-r--r--crypto/bn/divtest.c37
-rw-r--r--crypto/bn/exp.c105
-rw-r--r--crypto/bn/expspeed.c396
-rw-r--r--crypto/bn/exptest.c354
-rw-r--r--crypto/buffer/buf_err.c48
-rw-r--r--crypto/buffer/buf_str.c100
-rw-r--r--crypto/buffer/buffer.c248
-rw-r--r--crypto/buffer/buffer.h69
-rw-r--r--crypto/camellia/camellia.c842
-rw-r--r--crypto/camellia/camellia.h92
-rw-r--r--crypto/camellia/cmll_cbc.c20
-rw-r--r--crypto/camellia/cmll_cfb.c56
-rw-r--r--crypto/camellia/cmll_ctr.c18
-rw-r--r--crypto/camellia/cmll_ecb.c21
-rw-r--r--crypto/camellia/cmll_locl.h32
-rw-r--r--crypto/camellia/cmll_misc.c40
-rw-r--r--crypto/camellia/cmll_ofb.c29
-rw-r--r--crypto/camellia/cmll_utl.c14
-rw-r--r--crypto/cast/c_cfb64.c126
-rw-r--r--crypto/cast/c_ecb.c44
-rw-r--r--crypto/cast/c_enc.c276
-rw-r--r--crypto/cast/c_ofb64.c104
-rw-r--r--crypto/cast/c_skey.c192
-rw-r--r--crypto/cast/cast.h64
-rw-r--r--crypto/cast/cast_lcl.h240
-rw-r--r--crypto/cast/cast_s.h1075
-rw-r--r--crypto/cast/cast_spd.c304
-rw-r--r--crypto/cast/castopts.c384
-rw-r--r--crypto/cast/casttest.c312
-rw-r--r--crypto/cmac/cm_ameth.c61
-rw-r--r--crypto/cmac/cm_pmeth.c292
-rw-r--r--crypto/cmac/cmac.c424
-rw-r--r--crypto/cmac/cmac.h14
-rw-r--r--crypto/cms/cms.h568
-rw-r--r--crypto/cms/cms_asn1.c364
-rw-r--r--crypto/cms/cms_att.c112
-rw-r--r--crypto/cms/cms_cd.c104
-rw-r--r--crypto/cms/cms_dd.c139
-rw-r--r--crypto/cms/cms_enc.c382
-rw-r--r--crypto/cms/cms_env.c1400
-rw-r--r--crypto/cms/cms_err.c390
-rw-r--r--crypto/cms/cms_ess.c605
-rw-r--r--crypto/cms/cms_io.c114
-rw-r--r--crypto/cms/cms_lcl.h626
-rw-r--r--crypto/cms/cms_lib.c911
-rw-r--r--crypto/cms/cms_pwri.c740
-rw-r--r--crypto/cms/cms_sd.c1619
-rw-r--r--crypto/cms/cms_smime.c1405
-rw-r--r--crypto/comp/c_rle.c91
-rw-r--r--crypto/comp/c_zlib.c1317
-rw-r--r--crypto/comp/comp.h89
-rw-r--r--crypto/comp/comp_err.c50
-rw-r--r--crypto/comp/comp_lib.c104
-rw-r--r--crypto/conf/cnf_save.c76
-rw-r--r--crypto/conf/conf.h246
-rw-r--r--crypto/conf/conf_api.c408
-rw-r--r--crypto/conf/conf_api.h26
-rw-r--r--crypto/conf/conf_def.c1171
-rw-r--r--crypto/conf/conf_def.h241
-rw-r--r--crypto/conf/conf_err.c116
-rw-r--r--crypto/conf/conf_lib.c550
-rw-r--r--crypto/conf/conf_mall.c22
-rw-r--r--crypto/conf/conf_mod.c878
-rw-r--r--crypto/conf/conf_sap.c59
-rw-r--r--crypto/conf/test.c63
-rw-r--r--crypto/constant_time_locl.h119
-rw-r--r--crypto/constant_time_test.c474
-rw-r--r--crypto/cpt_err.c61
-rw-r--r--crypto/cryptlib.c1419
-rw-r--r--crypto/cryptlib.h70
-rw-r--r--crypto/crypto.h742
-rw-r--r--crypto/cversion.c67
-rw-r--r--crypto/des/cbc3_enc.c80
-rw-r--r--crypto/des/cbc_cksm.c97
-rw-r--r--crypto/des/cbc_enc.c14
-rw-r--r--crypto/des/cfb64ede.c363
-rw-r--r--crypto/des/cfb64enc.c127
-rw-r--r--crypto/des/cfb_enc.c244
-rw-r--r--crypto/des/des.c1562
-rw-r--r--crypto/des/des.h315
-rw-r--r--crypto/des/des_enc.c611
-rw-r--r--crypto/des/des_locl.h715
-rw-r--r--crypto/des/des_old.c446
-rw-r--r--crypto/des/des_old.h655
-rw-r--r--crypto/des/des_old2.c36
-rw-r--r--crypto/des/des_opts.c913
-rw-r--r--crypto/des/des_ver.h18
-rw-r--r--crypto/des/destest.c1699
-rw-r--r--crypto/des/ecb3_enc.c53
-rw-r--r--crypto/des/ecb_enc.c100
-rw-r--r--crypto/des/ede_cbcm_enc.c250
-rw-r--r--crypto/des/enc_read.c321
-rw-r--r--crypto/des/enc_writ.c190
-rw-r--r--crypto/des/fcrypt.c265
-rw-r--r--crypto/des/fcrypt_b.c123
-rw-r--r--crypto/des/ncbc_enc.c164
-rw-r--r--crypto/des/ofb64ede.c126
-rw-r--r--crypto/des/ofb64enc.c105
-rw-r--r--crypto/des/ofb_enc.c146
-rw-r--r--crypto/des/pcbc_enc.c124
-rw-r--r--crypto/des/qud_cksm.c136
-rw-r--r--crypto/des/rand_key.c19
-rw-r--r--crypto/des/read2pwd.c54
-rw-r--r--crypto/des/read_pwd.c726
-rw-r--r--crypto/des/rpc_des.h63
-rw-r--r--crypto/des/rpc_enc.c72
-rw-r--r--crypto/des/rpw.c75
-rw-r--r--crypto/des/set_key.c644
-rw-r--r--crypto/des/speed.c349
-rw-r--r--crypto/des/spr.h312
-rw-r--r--crypto/des/str2key.c192
-rw-r--r--crypto/des/xcbc_enc.c279
-rw-r--r--crypto/dh/dh.h349
-rw-r--r--crypto/dh/dh_ameth.c783
-rw-r--r--crypto/dh/dh_asn1.c42
-rw-r--r--crypto/dh/dh_check.c139
-rw-r--r--crypto/dh/dh_depr.c29
-rw-r--r--crypto/dh/dh_err.c94
-rw-r--r--crypto/dh/dh_gen.c206
-rw-r--r--crypto/dh/dh_key.c359
-rw-r--r--crypto/dh/dh_lib.c301
-rw-r--r--crypto/dh/dh_pmeth.c343
-rw-r--r--crypto/dh/dh_prn.c37
-rw-r--r--crypto/dh/dhtest.c303
-rw-r--r--crypto/dh/p1024.c62
-rw-r--r--crypto/dh/p192.c38
-rw-r--r--crypto/dh/p512.c48
-rw-r--r--crypto/dsa/dsa.h420
-rw-r--r--crypto/dsa/dsa_ameth.c1144
-rw-r--r--crypto/dsa/dsa_asn1.c192
-rw-r--r--crypto/dsa/dsa_depr.c81
-rw-r--r--crypto/dsa/dsa_err.c112
-rw-r--r--crypto/dsa/dsa_gen.c622
-rw-r--r--crypto/dsa/dsa_key.c145
-rw-r--r--crypto/dsa/dsa_lib.c416
-rw-r--r--crypto/dsa/dsa_locl.h9
-rw-r--r--crypto/dsa/dsa_ossl.c646
-rw-r--r--crypto/dsa/dsa_pmeth.c460
-rw-r--r--crypto/dsa/dsa_prn.c98
-rw-r--r--crypto/dsa/dsa_sign.c86
-rw-r--r--crypto/dsa/dsa_vrf.c31
-rw-r--r--crypto/dsa/dsagen.c82
-rw-r--r--crypto/dsa/dsatest.c319
-rw-r--r--crypto/dso/dso.h582
-rw-r--r--crypto/dso/dso_beos.c333
-rw-r--r--crypto/dso/dso_dl.c549
-rw-r--r--crypto/dso/dso_dlfcn.c695
-rw-r--r--crypto/dso/dso_err.c169
-rw-r--r--crypto/dso/dso_lib.c718
-rw-r--r--crypto/dso/dso_null.c50
-rw-r--r--crypto/dso/dso_openssl.c26
-rw-r--r--crypto/ebcdic.c343
-rw-r--r--crypto/ebcdic.h12
-rw-r--r--crypto/ec/ec.h726
-rw-r--r--crypto/ec/ec2_mult.c630
-rw-r--r--crypto/ec/ec2_oct.c620
-rw-r--r--crypto/ec/ec2_smpl.c1241
-rw-r--r--crypto/ec/ec_ameth.c1068
-rw-r--r--crypto/ec/ec_asn1.c2410
-rw-r--r--crypto/ec/ec_check.c115
-rw-r--r--crypto/ec/ec_curve.c4441
-rw-r--r--crypto/ec/ec_cvt.c180
-rw-r--r--crypto/ec/ec_err.c447
-rw-r--r--crypto/ec/ec_key.c855
-rw-r--r--crypto/ec/ec_lcl.h641
-rw-r--r--crypto/ec/ec_lib.c1730
-rw-r--r--crypto/ec/ec_mult.c1572
-rw-r--r--crypto/ec/ec_oct.c223
-rw-r--r--crypto/ec/ec_pmeth.c491
-rw-r--r--crypto/ec/ec_print.c216
-rw-r--r--crypto/ec/eck_prn.c587
-rw-r--r--crypto/ec/ecp_mont.c457
-rw-r--r--crypto/ec/ecp_nist.c264
-rw-r--r--crypto/ec/ecp_nistp224.c2953
-rw-r--r--crypto/ec/ecp_nistp256.c3865
-rw-r--r--crypto/ec/ecp_nistp521.c3637
-rw-r--r--crypto/ec/ecp_nistputil.c191
-rw-r--r--crypto/ec/ecp_oct.c719
-rw-r--r--crypto/ec/ecp_smpl.c2489
-rw-r--r--crypto/ec/ectest.c3170
-rw-r--r--crypto/ecdh/ecdh.h58
-rw-r--r--crypto/ecdh/ecdhtest.c582
-rw-r--r--crypto/ecdh/ech_err.c50
-rw-r--r--crypto/ecdh/ech_key.c15
-rw-r--r--crypto/ecdh/ech_lib.c268
-rw-r--r--crypto/ecdh/ech_locl.h58
-rw-r--r--crypto/ecdh/ech_ossl.c231
-rw-r--r--crypto/ecdsa/ecdsa.h122
-rw-r--r--crypto/ecdsa/ecdsatest.c908
-rw-r--r--crypto/ecdsa/ecs_asn1.c6
-rw-r--r--crypto/ecdsa/ecs_err.c64
-rw-r--r--crypto/ecdsa/ecs_lib.c278
-rw-r--r--crypto/ecdsa/ecs_locl.h65
-rw-r--r--crypto/ecdsa/ecs_ossl.c721
-rw-r--r--crypto/ecdsa/ecs_sign.c62
-rw-r--r--crypto/ecdsa/ecs_vrf.c75
-rw-r--r--crypto/engine/eng_all.c130
-rw-r--r--crypto/engine/eng_cnf.c331
-rw-r--r--crypto/engine/eng_cryptodev.c2210
-rw-r--r--crypto/engine/eng_ctrl.c620
-rw-r--r--crypto/engine/eng_dyn.c917
-rw-r--r--crypto/engine/eng_err.c206
-rw-r--r--crypto/engine/eng_fat.c177
-rw-r--r--crypto/engine/eng_init.c171
-rw-r--r--crypto/engine/eng_int.h220
-rw-r--r--crypto/engine/eng_lib.c427
-rw-r--r--crypto/engine/eng_list.c618
-rw-r--r--crypto/engine/eng_openssl.c494
-rw-r--r--crypto/engine/eng_pkey.c226
-rw-r--r--crypto/engine/eng_rdrand.c142
-rw-r--r--crypto/engine/eng_rsax.c867
-rw-r--r--crypto/engine/eng_table.c471
-rw-r--r--crypto/engine/engine.h1161
-rw-r--r--crypto/engine/enginetest.c406
-rw-r--r--crypto/engine/tb_asnmth.c302
-rw-r--r--crypto/engine/tb_cipher.c124
-rw-r--r--crypto/engine/tb_dh.c84
-rw-r--r--crypto/engine/tb_digest.c124
-rw-r--r--crypto/engine/tb_dsa.c84
-rw-r--r--crypto/engine/tb_ecdh.c84
-rw-r--r--crypto/engine/tb_ecdsa.c84
-rw-r--r--crypto/engine/tb_pkmeth.c161
-rw-r--r--crypto/engine/tb_rand.c84
-rw-r--r--crypto/engine/tb_rsa.c84
-rw-r--r--crypto/engine/tb_store.c84
-rw-r--r--crypto/err/err.c1647
-rw-r--r--crypto/err/err.h435
-rw-r--r--crypto/err/err_all.c146
-rw-r--r--crypto/err/err_prn.c87
-rw-r--r--crypto/evp/Makefile2
-rw-r--r--crypto/evp/bio_b64.c1006
-rw-r--r--crypto/evp/bio_enc.c682
-rw-r--r--crypto/evp/bio_md.c349
-rw-r--r--crypto/evp/bio_ok.c1061
-rw-r--r--crypto/evp/c_all.c44
-rw-r--r--crypto/evp/c_allc.c282
-rw-r--r--crypto/evp/c_alld.c74
-rw-r--r--crypto/evp/digest.c459
-rw-r--r--crypto/evp/e_aes.c2268
-rw-r--r--crypto/evp/e_aes_cbc_hmac_sha1.c981
-rw-r--r--crypto/evp/e_bf.c47
-rw-r--r--crypto/evp/e_camellia.c100
-rw-r--r--crypto/evp/e_cast.c51
-rw-r--r--crypto/evp/e_des.c261
-rw-r--r--crypto/evp/e_des3.c403
-rw-r--r--crypto/evp/e_dsa.c24
-rw-r--r--crypto/evp/e_idea.c87
-rw-r--r--crypto/evp/e_null.c71
-rw-r--r--crypto/evp/e_old.c129
-rw-r--r--crypto/evp/e_rc2.c303
-rw-r--r--crypto/evp/e_rc4.c122
-rw-r--r--crypto/evp/e_rc4_hmac_md5.c450
-rw-r--r--crypto/evp/e_rc5.c102
-rw-r--r--crypto/evp/e_seed.c35
-rw-r--r--crypto/evp/e_xcbc_d.c122
-rw-r--r--crypto/evp/encode.c696
-rw-r--r--crypto/evp/evp.h1905
-rw-r--r--crypto/evp/evp_acnf.c22
-rw-r--r--crypto/evp/evp_cnf.c95
-rw-r--r--crypto/evp/evp_enc.c1072
-rw-r--r--crypto/evp/evp_err.c343
-rw-r--r--crypto/evp/evp_extra_test.c489
-rw-r--r--crypto/evp/evp_fips.c311
-rw-r--r--crypto/evp/evp_key.c236
-rw-r--r--crypto/evp/evp_lib.c361
-rw-r--r--crypto/evp/evp_locl.h483
-rw-r--r--crypto/evp/evp_pbe.c418
-rw-r--r--crypto/evp/evp_pkey.c235
-rw-r--r--crypto/evp/evp_test.c538
-rw-r--r--crypto/evp/m_dss.c69
-rw-r--r--crypto/evp/m_dss1.c79
-rw-r--r--crypto/evp/m_ecdsa.c69
-rw-r--r--crypto/evp/m_md2.c77
-rw-r--r--crypto/evp/m_md4.c79
-rw-r--r--crypto/evp/m_md5.c79
-rw-r--r--crypto/evp/m_mdc2.c79
-rw-r--r--crypto/evp/m_null.c65
-rw-r--r--crypto/evp/m_ripemd.c79
-rw-r--r--crypto/evp/m_sha.c77
-rw-r--r--crypto/evp/m_sha1.c280
-rw-r--r--crypto/evp/m_sigver.c239
-rw-r--r--crypto/evp/m_wp.c67
-rw-r--r--crypto/evp/names.c269
-rw-r--r--crypto/evp/openbsd_hw.c527
-rw-r--r--crypto/evp/p5_crpt.c142
-rw-r--r--crypto/evp/p5_crpt2.c508
-rw-r--r--crypto/evp/p_dec.c40
-rw-r--r--crypto/evp/p_enc.c43
-rw-r--r--crypto/evp/p_lib.c571
-rw-r--r--crypto/evp/p_open.c111
-rw-r--r--crypto/evp/p_seal.c90
-rw-r--r--crypto/evp/p_sign.c138
-rw-r--r--crypto/evp/p_verify.c111
-rw-r--r--crypto/evp/pmeth_fn.c516
-rw-r--r--crypto/evp/pmeth_gn.c268
-rw-r--r--crypto/evp/pmeth_lib.c832
-rw-r--r--crypto/ex_data.c848
-rw-r--r--crypto/fips_err.h284
-rw-r--r--crypto/fips_ers.c2
-rw-r--r--crypto/hmac/hm_ameth.c157
-rw-r--r--crypto/hmac/hm_pmeth.c373
-rw-r--r--crypto/hmac/hmac.c318
-rw-r--r--crypto/hmac/hmac.h59
-rw-r--r--crypto/hmac/hmactest.c188
-rw-r--r--crypto/idea/i_cbc.c209
-rw-r--r--crypto/idea/i_cfb64.c127
-rw-r--r--crypto/idea/i_ecb.c51
-rw-r--r--crypto/idea/i_ofb64.c105
-rw-r--r--crypto/idea/i_skey.c191
-rw-r--r--crypto/idea/idea.h56
-rw-r--r--crypto/idea/idea_lcl.h247
-rw-r--r--crypto/idea/idea_spd.c336
-rw-r--r--crypto/idea/ideatest.c313
-rw-r--r--crypto/jpake/jpake.c360
-rw-r--r--crypto/jpake/jpake.h93
-rw-r--r--crypto/jpake/jpake_err.c67
-rw-r--r--crypto/jpake/jpaketest.c131
-rw-r--r--crypto/krb5/krb5_asn.c95
-rw-r--r--crypto/krb5/krb5_asn.h268
-rw-r--r--crypto/lhash/lh_stats.c322
-rw-r--r--crypto/lhash/lh_test.c54
-rw-r--r--crypto/lhash/lhash.c677
-rw-r--r--crypto/lhash/lhash.h255
-rw-r--r--crypto/md2/md2.c105
-rw-r--r--crypto/md2/md2.h47
-rw-r--r--crypto/md2/md2_dgst.c303
-rw-r--r--crypto/md2/md2_one.c64
-rw-r--r--crypto/md2/md2test.c135
-rw-r--r--crypto/md32_common.h453
-rw-r--r--crypto/md4/md4.c106
-rw-r--r--crypto/md4/md4.h69
-rw-r--r--crypto/md4/md4_dgst.c224
-rw-r--r--crypto/md4/md4_locl.h75
-rw-r--r--crypto/md4/md4_one.c61
-rw-r--r--crypto/md4/md4test.c119
-rw-r--r--crypto/md5/md5.c106
-rw-r--r--crypto/md5/md5.h67
-rw-r--r--crypto/md5/md5_dgst.c257
-rw-r--r--crypto/md5/md5_locl.h89
-rw-r--r--crypto/md5/md5_one.c61
-rw-r--r--crypto/md5/md5test.c128
-rw-r--r--crypto/mdc2/mdc2.h48
-rw-r--r--crypto/mdc2/mdc2_one.c36
-rw-r--r--crypto/mdc2/mdc2dgst.c240
-rw-r--r--crypto/mdc2/mdc2test.c137
-rw-r--r--crypto/mem.c647
-rw-r--r--crypto/mem_clr.c32
-rw-r--r--crypto/mem_dbg.c1230
-rw-r--r--crypto/modes/cbc128.c250
-rw-r--r--crypto/modes/ccm128.c682
-rw-r--r--crypto/modes/cfb128.c292
-rw-r--r--crypto/modes/ctr128.c354
-rw-r--r--crypto/modes/cts128.c707
-rw-r--r--crypto/modes/gcm128.c3400
-rw-r--r--crypto/modes/modes.h184
-rw-r--r--crypto/modes/modes_lcl.h159
-rw-r--r--crypto/modes/ofb128.c105
-rw-r--r--crypto/modes/xts128.c243
-rw-r--r--crypto/o_dir.c25
-rw-r--r--crypto/o_dir.h20
-rw-r--r--crypto/o_dir_test.c34
-rw-r--r--crypto/o_fips.c58
-rw-r--r--crypto/o_init.c37
-rw-r--r--crypto/o_str.c75
-rw-r--r--crypto/o_str.h13
-rw-r--r--crypto/o_time.c518
-rw-r--r--crypto/o_time.h11
-rw-r--r--crypto/objects/o_names.c582
-rw-r--r--crypto/objects/obj_dat.c1308
-rw-r--r--crypto/objects/obj_err.c54
-rw-r--r--crypto/objects/obj_lib.c134
-rw-r--r--crypto/objects/obj_mac.h7369
-rw-r--r--crypto/objects/obj_xref.c276
-rw-r--r--crypto/objects/obj_xref.h140
-rw-r--r--crypto/objects/objects.h1775
-rw-r--r--crypto/objects/objects.pl44
-rwxr-xr-xcrypto/objects/objxref.pl37
-rw-r--r--crypto/ocsp/ocsp.h633
-rw-r--r--crypto/ocsp/ocsp_asn.c97
-rwxr-xr-xcrypto/ocsp/ocsp_cl.c536
-rw-r--r--crypto/ocsp/ocsp_err.c143
-rwxr-xr-xcrypto/ocsp/ocsp_ext.c744
-rw-r--r--crypto/ocsp/ocsp_ht.c770
-rwxr-xr-xcrypto/ocsp/ocsp_lib.c399
-rw-r--r--crypto/ocsp/ocsp_prn.c428
-rwxr-xr-xcrypto/ocsp/ocsp_srv.c365
-rw-r--r--crypto/ocsp/ocsp_vfy.c736
-rw-r--r--crypto/opensslv.h55
-rw-r--r--crypto/ossl_typ.h90
-rw-r--r--crypto/pem/pem.h898
-rw-r--r--crypto/pem/pem2.h2
-rw-r--r--crypto/pem/pem_all.c451
-rw-r--r--crypto/pem/pem_err.c179
-rw-r--r--crypto/pem/pem_info.c598
-rw-r--r--crypto/pem/pem_lib.c1445
-rw-r--r--crypto/pem/pem_oth.c42
-rw-r--r--crypto/pem/pem_pk8.c259
-rw-r--r--crypto/pem/pem_pkey.c325
-rw-r--r--crypto/pem/pem_seal.c254
-rw-r--r--crypto/pem/pem_sign.c71
-rw-r--r--crypto/pem/pem_x509.c8
-rw-r--r--crypto/pem/pem_xaux.c10
-rw-r--r--crypto/pem/pvkfmt.c1566
-rw-r--r--crypto/pkcs12/p12_add.c265
-rw-r--r--crypto/pkcs12/p12_asn.c56
-rw-r--r--crypto/pkcs12/p12_attr.c110
-rw-r--r--crypto/pkcs12/p12_crpt.c86
-rw-r--r--crypto/pkcs12/p12_crt.c516
-rw-r--r--crypto/pkcs12/p12_decr.c220
-rw-r--r--crypto/pkcs12/p12_init.c56
-rw-r--r--crypto/pkcs12/p12_key.c275
-rw-r--r--crypto/pkcs12/p12_kiss.c425
-rw-r--r--crypto/pkcs12/p12_mutl.c222
-rw-r--r--crypto/pkcs12/p12_npas.c268
-rw-r--r--crypto/pkcs12/p12_p8d.c16
-rw-r--r--crypto/pkcs12/p12_p8e.c66
-rw-r--r--crypto/pkcs12/p12_utl.c103
-rw-r--r--crypto/pkcs12/pk12err.c145
-rw-r--r--crypto/pkcs12/pkcs12.h339
-rw-r--r--crypto/pkcs7/bio_pk7.c15
-rw-r--r--crypto/pkcs7/pk7_asn1.c200
-rw-r--r--crypto/pkcs7/pk7_attr.c166
-rw-r--r--crypto/pkcs7/pk7_dgst.c13
-rw-r--r--crypto/pkcs7/pk7_doit.c2327
-rw-r--r--crypto/pkcs7/pk7_enc.c21
-rw-r--r--crypto/pkcs7/pk7_lib.c1117
-rw-r--r--crypto/pkcs7/pk7_mime.c53
-rw-r--r--crypto/pkcs7/pk7_smime.c974
-rw-r--r--crypto/pkcs7/pkcs7.h613
-rw-r--r--crypto/pkcs7/pkcs7err.c247
-rw-r--r--crypto/ppccap.c189
-rw-r--r--crypto/pqueue/pq_test.c53
-rw-r--r--crypto/pqueue/pqueue.c359
-rw-r--r--crypto/pqueue/pqueue.h35
-rw-r--r--crypto/rand/md_rand.c839
-rw-r--r--crypto/rand/rand.h104
-rw-r--r--crypto/rand/rand_egd.c359
-rw-r--r--crypto/rand/rand_err.c53
-rwxr-xr-xcrypto/rand/rand_lcl.h93
-rw-r--r--crypto/rand/rand_lib.c359
-rw-r--r--crypto/rand/rand_unix.c622
-rw-r--r--crypto/rand/randfile.c394
-rw-r--r--crypto/rand/randtest.c278
-rw-r--r--crypto/rc2/rc2.h64
-rw-r--r--crypto/rc2/rc2_cbc.c334
-rw-r--r--crypto/rc2/rc2_ecb.c48
-rw-r--r--crypto/rc2/rc2_locl.h153
-rw-r--r--crypto/rc2/rc2_skey.c162
-rw-r--r--crypto/rc2/rc2cfb64.c127
-rw-r--r--crypto/rc2/rc2ofb64.c105
-rw-r--r--crypto/rc2/rc2speed.c305
-rw-r--r--crypto/rc2/rc2test.c366
-rw-r--r--crypto/rc2/tab.c160
-rw-r--r--crypto/rc4/rc4.c232
-rw-r--r--crypto/rc4/rc4.h36
-rw-r--r--crypto/rc4/rc4_enc.c491
-rw-r--r--crypto/rc4/rc4_locl.h6
-rw-r--r--crypto/rc4/rc4_skey.c86
-rw-r--r--crypto/rc4/rc4_utl.c10
-rw-r--r--crypto/rc4/rc4speed.c284
-rw-r--r--crypto/rc4/rc4test.c327
-rw-r--r--crypto/rc5/rc5.h79
-rw-r--r--crypto/rc5/rc5_ecb.c45
-rw-r--r--crypto/rc5/rc5_enc.c292
-rw-r--r--crypto/rc5/rc5_locl.h221
-rw-r--r--crypto/rc5/rc5_skey.c103
-rw-r--r--crypto/rc5/rc5cfb64.c127
-rw-r--r--crypto/rc5/rc5ofb64.c105
-rw-r--r--crypto/rc5/rc5speed.c306
-rw-r--r--crypto/rc5/rc5test.c585
-rw-r--r--crypto/ripemd/ripemd.h66
-rw-r--r--crypto/ripemd/rmd160.c106
-rw-r--r--crypto/ripemd/rmd_dgst.c470
-rw-r--r--crypto/ripemd/rmd_locl.h75
-rw-r--r--crypto/ripemd/rmd_one.c39
-rw-r--r--crypto/ripemd/rmdconst.h13
-rw-r--r--crypto/ripemd/rmdtest.c138
-rw-r--r--crypto/rsa/rsa.h879
-rw-r--r--crypto/rsa/rsa_ameth.c1123
-rw-r--r--crypto/rsa/rsa_asn1.c72
-rw-r--r--crypto/rsa/rsa_chk.c292
-rw-r--r--crypto/rsa/rsa_crpt.c316
-rw-r--r--crypto/rsa/rsa_depr.c64
-rw-r--r--crypto/rsa/rsa_eay.c1523
-rw-r--r--crypto/rsa/rsa_err.c293
-rw-r--r--crypto/rsa/rsa_gen.c346
-rw-r--r--crypto/rsa/rsa_lib.c421
-rw-r--r--crypto/rsa/rsa_locl.h8
-rw-r--r--crypto/rsa/rsa_none.c64
-rw-r--r--crypto/rsa/rsa_null.c122
-rw-r--r--crypto/rsa/rsa_oaep.c478
-rw-r--r--crypto/rsa/rsa_pk1.c410
-rw-r--r--crypto/rsa/rsa_pmeth.c1154
-rw-r--r--crypto/rsa/rsa_prn.c53
-rw-r--r--crypto/rsa/rsa_pss.c400
-rw-r--r--crypto/rsa/rsa_saos.c158
-rw-r--r--crypto/rsa/rsa_sign.c464
-rw-r--r--crypto/rsa/rsa_ssl.c161
-rw-r--r--crypto/rsa/rsa_test.c423
-rw-r--r--crypto/rsa/rsa_x931.c198
-rw-r--r--crypto/s390xcap.c52
-rw-r--r--crypto/seed/seed.c943
-rw-r--r--crypto/seed/seed.h84
-rw-r--r--crypto/seed/seed_cbc.c16
-rw-r--r--crypto/seed/seed_cfb.c24
-rw-r--r--crypto/seed/seed_ecb.c17
-rw-r--r--crypto/seed/seed_locl.h33
-rw-r--r--crypto/seed/seed_ofb.c21
-rw-r--r--crypto/sha/sha.c106
-rw-r--r--crypto/sha/sha.h208
-rw-r--r--crypto/sha/sha1.c106
-rw-r--r--crypto/sha/sha1_one.c35
-rw-r--r--crypto/sha/sha1dgst.c23
-rw-r--r--crypto/sha/sha1test.c206
-rw-r--r--crypto/sha/sha256.c583
-rw-r--r--crypto/sha/sha256t.c241
-rw-r--r--crypto/sha/sha512.c1131
-rw-r--r--crypto/sha/sha512t.c312
-rw-r--r--crypto/sha/sha_dgst.c23
-rw-r--r--crypto/sha/sha_locl.h703
-rw-r--r--crypto/sha/sha_one.c35
-rw-r--r--crypto/sha/shatest.c206
-rw-r--r--crypto/sparcv9cap.c412
-rw-r--r--crypto/srp/srp.h147
-rw-r--r--crypto/srp/srp_grps.h947
-rw-r--r--crypto/srp/srp_lcl.h23
-rw-r--r--crypto/srp/srp_lib.c566
-rw-r--r--crypto/srp/srp_vfy.c1032
-rw-r--r--crypto/srp/srptest.c290
-rw-r--r--crypto/stack/safestack.h4883
-rw-r--r--crypto/stack/stack.c454
-rw-r--r--crypto/stack/stack.h42
-rw-r--r--crypto/store/store.h833
-rw-r--r--crypto/store/str_err.c321
-rw-r--r--crypto/store/str_lib.c3086
-rw-r--r--crypto/store/str_locl.h113
-rw-r--r--crypto/store/str_mem.c558
-rw-r--r--crypto/store/str_meth.c378
-rw-r--r--crypto/symhacks.h729
-rw-r--r--crypto/threads/mttest.c2024
-rw-r--r--crypto/threads/th-lock.c490
-rw-r--r--crypto/ts/ts.h844
-rw-r--r--crypto/ts/ts_asn1.c314
-rw-r--r--crypto/ts/ts_conf.c750
-rw-r--r--crypto/ts/ts_err.c219
-rw-r--r--crypto/ts/ts_lib.c128
-rw-r--r--crypto/ts/ts_req_print.c60
-rw-r--r--crypto/ts/ts_req_utils.c250
-rw-r--r--crypto/ts/ts_rsp_print.c410
-rw-r--r--crypto/ts/ts_rsp_sign.c1697
-rw-r--r--crypto/ts/ts_rsp_utils.c523
-rw-r--r--crypto/ts/ts_rsp_verify.c1171
-rw-r--r--crypto/ts/ts_verify_ctx.c169
-rw-r--r--crypto/txt_db/txt_db.c593
-rw-r--r--crypto/txt_db/txt_db.h72
-rw-r--r--crypto/ui/ui.h384
-rw-r--r--crypto/ui/ui_compat.c20
-rw-r--r--crypto/ui/ui_compat.h33
-rw-r--r--crypto/ui/ui_err.c75
-rw-r--r--crypto/ui/ui_lib.c1490
-rw-r--r--crypto/ui/ui_locl.h182
-rw-r--r--crypto/ui/ui_openssl.c813
-rw-r--r--crypto/ui/ui_util.c62
-rw-r--r--crypto/uid.c35
-rwxr-xr-xcrypto/vms_rms.h13
-rw-r--r--crypto/whrlpool/whrlpool.h50
-rw-r--r--crypto/whrlpool/wp_block.c1233
-rw-r--r--crypto/whrlpool/wp_dgst.c370
-rw-r--r--crypto/whrlpool/wp_locl.h2
-rw-r--r--crypto/whrlpool/wp_test.c389
-rw-r--r--crypto/x509/by_dir.c720
-rw-r--r--crypto/x509/by_file.c405
-rw-r--r--crypto/x509/x509.h1727
-rw-r--r--crypto/x509/x509_att.c463
-rw-r--r--crypto/x509/x509_cmp.c430
-rw-r--r--crypto/x509/x509_d2.c82
-rw-r--r--crypto/x509/x509_def.c39
-rw-r--r--crypto/x509/x509_err.c194
-rw-r--r--crypto/x509/x509_ext.c163
-rw-r--r--crypto/x509/x509_lu.c1154
-rw-r--r--crypto/x509/x509_obj.c278
-rw-r--r--crypto/x509/x509_r2x.c89
-rw-r--r--crypto/x509/x509_req.c360
-rw-r--r--crypto/x509/x509_set.c147
-rw-r--r--crypto/x509/x509_trs.c324
-rw-r--r--crypto/x509/x509_txt.c248
-rw-r--r--crypto/x509/x509_v3.c356
-rw-r--r--crypto/x509/x509_vfy.c3723
-rw-r--r--crypto/x509/x509_vfy.h708
-rw-r--r--crypto/x509/x509_vpm.c563
-rw-r--r--crypto/x509/x509cset.c179
-rw-r--r--crypto/x509/x509name.c574
-rw-r--r--crypto/x509/x509rset.c40
-rw-r--r--crypto/x509/x509spki.c92
-rw-r--r--crypto/x509/x509type.c129
-rw-r--r--crypto/x509/x_all.c621
-rw-r--r--crypto/x509v3/ext_dat.h97
-rw-r--r--crypto/x509v3/pcy_cache.c359
-rw-r--r--crypto/x509v3/pcy_data.c120
-rw-r--r--crypto/x509v3/pcy_int.h185
-rw-r--r--crypto/x509v3/pcy_lib.c172
-rw-r--r--crypto/x509v3/pcy_map.c124
-rw-r--r--crypto/x509v3/pcy_node.c227
-rw-r--r--crypto/x509v3/pcy_tree.c1377
-rw-r--r--crypto/x509v3/tabtest.c48
-rw-r--r--crypto/x509v3/v3_addr.c1862
-rw-r--r--crypto/x509v3/v3_akey.c255
-rw-r--r--crypto/x509v3/v3_akeya.c13
-rw-r--r--crypto/x509v3/v3_alt.c995
-rw-r--r--crypto/x509v3/v3_asid.c1202
-rw-r--r--crypto/x509v3/v3_bcons.c100
-rw-r--r--crypto/x509v3/v3_bitst.c137
-rw-r--r--crypto/x509v3/v3_conf.c749
-rw-r--r--crypto/x509v3/v3_cpols.c672
-rw-r--r--crypto/x509v3/v3_crld.c940
-rw-r--r--crypto/x509v3/v3_enum.c67
-rw-r--r--crypto/x509v3/v3_extku.c129
-rw-r--r--crypto/x509v3/v3_genn.c316
-rw-r--r--crypto/x509v3/v3_ia5.c93
-rw-r--r--crypto/x509v3/v3_info.c237
-rw-r--r--crypto/x509v3/v3_int.c57
-rw-r--r--crypto/x509v3/v3_lib.c374
-rw-r--r--crypto/x509v3/v3_ncons.c712
-rw-r--r--crypto/x509v3/v3_ocsp.c315
-rw-r--r--crypto/x509v3/v3_pci.c523
-rw-r--r--crypto/x509v3/v3_pcia.c17
-rw-r--r--crypto/x509v3/v3_pcons.c119
-rw-r--r--crypto/x509v3/v3_pku.c58
-rw-r--r--crypto/x509v3/v3_pmaps.c147
-rw-r--r--crypto/x509v3/v3_prn.c311
-rw-r--r--crypto/x509v3/v3_purp.c1139
-rw-r--r--crypto/x509v3/v3_skey.c147
-rw-r--r--crypto/x509v3/v3_sxnet.c271
-rw-r--r--crypto/x509v3/v3_utl.c1335
-rw-r--r--crypto/x509v3/v3conf.c114
-rw-r--r--crypto/x509v3/v3err.c324
-rw-r--r--crypto/x509v3/v3prin.c70
-rw-r--r--crypto/x509v3/x509v3.h1050
-rw-r--r--doc/apps/ciphers.pod4
-rw-r--r--doc/apps/config.pod22
-rw-r--r--doc/apps/ocsp.pod10
-rw-r--r--doc/crypto/CMS_get0_type.pod22
-rw-r--r--doc/crypto/CONF_modules_load_file.pod87
-rw-r--r--doc/crypto/OPENSSL_config.pod31
-rw-r--r--doc/crypto/d2i_CMS_ContentInfo.pod29
-rw-r--r--doc/crypto/d2i_ECPrivateKey.pod67
-rw-r--r--doc/crypto/d2i_X509.pod12
-rw-r--r--doc/ssl/SSL_CTX_set_read_ahead.pod51
-rw-r--r--doc/ssl/SSL_pending.pod8
-rw-r--r--doc/ssl/ssl.pod7
-rw-r--r--e_os.h1021
-rw-r--r--e_os2.h405
-rw-r--r--engines/ccgost/e_gost_err.c256
-rw-r--r--engines/ccgost/e_gost_err.h161
-rw-r--r--engines/ccgost/gost2001.c562
-rw-r--r--engines/ccgost/gost2001_keyx.c514
-rw-r--r--engines/ccgost/gost2001_keyx.h16
-rw-r--r--engines/ccgost/gost89.c894
-rw-r--r--engines/ccgost/gost89.h104
-rw-r--r--engines/ccgost/gost94_keyx.c487
-rw-r--r--engines/ccgost/gost_ameth.c1734
-rw-r--r--engines/ccgost/gost_asn1.c31
-rw-r--r--engines/ccgost/gost_crypt.c1111
-rw-r--r--engines/ccgost/gost_ctl.c138
-rw-r--r--engines/ccgost/gost_eng.c453
-rw-r--r--engines/ccgost/gost_keywrap.c155
-rw-r--r--engines/ccgost/gost_keywrap.h60
-rw-r--r--engines/ccgost/gost_lcl.h265
-rw-r--r--engines/ccgost/gost_md.c107
-rw-r--r--engines/ccgost/gost_params.c371
-rw-r--r--engines/ccgost/gost_params.h28
-rw-r--r--engines/ccgost/gost_pmeth.c1099
-rw-r--r--engines/ccgost/gost_sign.c479
-rw-r--r--engines/ccgost/gosthash.c404
-rw-r--r--engines/ccgost/gosthash.h54
-rw-r--r--engines/ccgost/gostsum.c349
-rw-r--r--engines/e_4758cca.c1673
-rw-r--r--engines/e_4758cca_err.c130
-rw-r--r--engines/e_4758cca_err.h43
-rw-r--r--engines/e_aep.c1881
-rw-r--r--engines/e_aep_err.c144
-rw-r--r--engines/e_aep_err.h59
-rw-r--r--engines/e_atalla.c961
-rw-r--r--engines/e_atalla_err.c118
-rw-r--r--engines/e_atalla_err.h35
-rw-r--r--engines/e_capi.c3162
-rw-r--r--engines/e_capi_err.c195
-rw-r--r--engines/e_capi_err.h105
-rw-r--r--engines/e_chil.c2245
-rw-r--r--engines/e_chil_err.c141
-rw-r--r--engines/e_chil_err.h57
-rw-r--r--engines/e_cswift.c1862
-rw-r--r--engines/e_cswift_err.c128
-rw-r--r--engines/e_cswift_err.h45
-rw-r--r--engines/e_gmp.c718
-rw-r--r--engines/e_gmp_err.c98
-rw-r--r--engines/e_gmp_err.h19
-rw-r--r--engines/e_nuron.c638
-rw-r--r--engines/e_nuron_err.c112
-rw-r--r--engines/e_nuron_err.h29
-rw-r--r--engines/e_padlock.c1935
-rw-r--r--engines/e_sureware.c1719
-rw-r--r--engines/e_sureware_err.c136
-rw-r--r--engines/e_sureware_err.h56
-rw-r--r--engines/e_ubsec.c1748
-rw-r--r--engines/e_ubsec_err.c135
-rw-r--r--engines/e_ubsec_err.h51
-rw-r--r--engines/vendor_defns/aep.h233
-rw-r--r--engines/vendor_defns/atalla.h70
-rw-r--r--engines/vendor_defns/cswift.h391
-rw-r--r--engines/vendor_defns/hw_4758_cca.h233
-rw-r--r--engines/vendor_defns/hw_ubsec.h108
-rw-r--r--engines/vendor_defns/hwcryptohook.h382
-rw-r--r--engines/vendor_defns/sureware.h347
-rw-r--r--ssl/bio_ssl.c982
-rw-r--r--ssl/d1_both.c2855
-rw-r--r--ssl/d1_clnt.c2912
-rw-r--r--ssl/d1_enc.c240
-rw-r--r--ssl/d1_lib.c724
-rw-r--r--ssl/d1_meth.c23
-rw-r--r--ssl/d1_pkt.c3199
-rw-r--r--ssl/d1_srtp.c658
-rw-r--r--ssl/d1_srvr.c2958
-rw-r--r--ssl/dtls1.h394
-rw-r--r--ssl/heartbeat_test.c762
-rw-r--r--ssl/kssl.c3921
-rw-r--r--ssl/kssl.h203
-rw-r--r--ssl/kssl_lcl.h19
-rw-r--r--ssl/s23_clnt.c1257
-rw-r--r--ssl/s23_lib.c211
-rw-r--r--ssl/s23_meth.c49
-rw-r--r--ssl/s23_pkt.c96
-rw-r--r--ssl/s23_srvr.c1027
-rw-r--r--ssl/s2_clnt.c1929
-rw-r--r--ssl/s2_enc.c266
-rw-r--r--ssl/s2_lib.c769
-rw-r--r--ssl/s2_meth.c37
-rw-r--r--ssl/s2_pkt.c1183
-rw-r--r--ssl/s2_srvr.c2021
-rw-r--r--ssl/s3_both.c1254
-rw-r--r--ssl/s3_cbc.c1242
-rw-r--r--ssl/s3_clnt.c6142
-rw-r--r--ssl/s3_enc.c1421
-rw-r--r--ssl/s3_lib.c7729
-rw-r--r--ssl/s3_meth.c28
-rw-r--r--ssl/s3_pkt.c2726
-rw-r--r--ssl/s3_srvr.c6527
-rw-r--r--ssl/srtp.h45
-rw-r--r--ssl/ssl.h4407
-rw-r--r--ssl/ssl2.h359
-rw-r--r--ssl/ssl23.h33
-rw-r--r--ssl/ssl3.h1100
-rw-r--r--ssl/ssl_algs.c121
-rw-r--r--ssl/ssl_asn1.c1007
-rw-r--r--ssl/ssl_cert.c1111
-rw-r--r--ssl/ssl_ciph.c3251
-rw-r--r--ssl/ssl_err.c1254
-rw-r--r--ssl/ssl_err2.c21
-rw-r--r--ssl/ssl_lib.c5360
-rw-r--r--ssl/ssl_locl.h1521
-rw-r--r--ssl/ssl_rsa.c1267
-rw-r--r--ssl/ssl_sess.c1785
-rw-r--r--ssl/ssl_stat.c1370
-rw-r--r--ssl/ssl_task.c376
-rw-r--r--ssl/ssl_txt.c302
-rw-r--r--ssl/ssl_utst.c25
-rw-r--r--ssl/ssltest.c4373
-rw-r--r--ssl/t1_clnt.c50
-rw-r--r--ssl/t1_enc.c2113
-rw-r--r--ssl/t1_lib.c4910
-rw-r--r--ssl/t1_meth.c47
-rw-r--r--ssl/t1_reneg.c226
-rw-r--r--ssl/t1_srvr.c50
-rw-r--r--ssl/tls1.h954
-rw-r--r--ssl/tls_srp.c878
-rwxr-xr-xutil/ck_errf.pl2
-rw-r--r--util/indent.pro751
-rwxr-xr-xutil/libeay.num1
-rw-r--r--util/mkerr.pl134
-rwxr-xr-xutil/openssl-format-source148
-rwxr-xr-xutil/su-filter.pl260
1010 files changed, 272049 insertions, 268253 deletions
diff --git a/CHANGES b/CHANGES
index d4700d9d799e..74179ab8723f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,83 @@
OpenSSL CHANGES
_______________
+ Changes between 1.0.1l and 1.0.1m [19 Mar 2015]
+
+ *) Segmentation fault in ASN1_TYPE_cmp fix
+
+ The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is
+ made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check
+ certificate signature algorithm consistency this can be used to crash any
+ certificate verification operation and exploited in a DoS attack. Any
+ application which performs certificate verification is vulnerable including
+ OpenSSL clients and servers which enable client authentication.
+ (CVE-2015-0286)
+ [Stephen Henson]
+
+ *) ASN.1 structure reuse memory corruption fix
+
+ Reusing a structure in ASN.1 parsing may allow an attacker to cause
+ memory corruption via an invalid write. Such reuse is and has been
+ strongly discouraged and is believed to be rare.
+
+ Applications that parse structures containing CHOICE or ANY DEFINED BY
+ components may be affected. Certificate parsing (d2i_X509 and related
+ functions) are however not affected. OpenSSL clients and servers are
+ not affected.
+ (CVE-2015-0287)
+ [Stephen Henson]
+
+ *) PKCS7 NULL pointer dereferences fix
+
+ The PKCS#7 parsing code does not handle missing outer ContentInfo
+ correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with
+ missing content and trigger a NULL pointer dereference on parsing.
+
+ Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or
+ otherwise parse PKCS#7 structures from untrusted sources are
+ affected. OpenSSL clients and servers are not affected.
+
+ This issue was reported to OpenSSL by Michal Zalewski (Google).
+ (CVE-2015-0289)
+ [Emilia Käsper]
+
+ *) DoS via reachable assert in SSLv2 servers fix
+
+ A malicious client can trigger an OPENSSL_assert (i.e., an abort) in
+ servers that both support SSLv2 and enable export cipher suites by sending
+ a specially crafted SSLv2 CLIENT-MASTER-KEY message.
+
+ This issue was discovered by Sean Burford (Google) and Emilia Käsper
+ (OpenSSL development team).
+ (CVE-2015-0293)
+ [Emilia Käsper]
+
+ *) Use After Free following d2i_ECPrivatekey error fix
+
+ A malformed EC private key file consumed via the d2i_ECPrivateKey function
+ could cause a use after free condition. This, in turn, could cause a double
+ free in several private key parsing functions (such as d2i_PrivateKey
+ or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption
+ for applications that receive EC private keys from untrusted
+ sources. This scenario is considered rare.
+
+ This issue was discovered by the BoringSSL project and fixed in their
+ commit 517073cd4b.
+ (CVE-2015-0209)
+ [Matt Caswell]
+
+ *) X509_to_X509_REQ NULL pointer deref fix
+
+ The function X509_to_X509_REQ will crash with a NULL pointer dereference if
+ the certificate key is invalid. This function is rarely used in practice.
+
+ This issue was discovered by Brian Carpenter.
+ (CVE-2015-0288)
+ [Stephen Henson]
+
+ *) Removed the export ciphers from the DEFAULT ciphers
+ [Kurt Roeckx]
+
Changes between 1.0.1k and 1.0.1l [15 Jan 2015]
*) Build fixes for the Windows and OpenVMS platforms
@@ -771,63 +848,6 @@
Add command line options to s_client/s_server.
[Steve Henson]
- Changes between 1.0.0j and 1.0.0k [5 Feb 2013]
-
- *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
-
- This addresses the flaw in CBC record processing discovered by
- Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
- at: http://www.isg.rhul.ac.uk/tls/
-
- Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
- Security Group at Royal Holloway, University of London
- (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
- Emilia Käsper for the initial patch.
- (CVE-2013-0169)
- [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
-
- *) Return an error when checking OCSP signatures when key is NULL.
- This fixes a DoS attack. (CVE-2013-0166)
- [Steve Henson]
-
- *) Call OCSP Stapling callback after ciphersuite has been chosen, so
- the right response is stapled. Also change SSL_get_certificate()
- so it returns the certificate actually sent.
- See http://rt.openssl.org/Ticket/Display.html?id=2836.
- (This is a backport)
- [Rob Stradling <rob.stradling@comodo.com>]
-
- *) Fix possible deadlock when decoding public keys.
- [Steve Henson]
-
- Changes between 1.0.0i and 1.0.0j [10 May 2012]
-
- [NB: OpenSSL 1.0.0i and later 1.0.0 patch levels were released after
- OpenSSL 1.0.1.]
-
- *) Sanity check record length before skipping explicit IV in DTLS
- to fix DoS attack.
-
- Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
- fuzzing as a service testing platform.
- (CVE-2012-2333)
- [Steve Henson]
-
- *) Initialise tkeylen properly when encrypting CMS messages.
- Thanks to Solar Designer of Openwall for reporting this issue.
- [Steve Henson]
-
- Changes between 1.0.0h and 1.0.0i [19 Apr 2012]
-
- *) Check for potentially exploitable overflows in asn1_d2i_read_bio
- BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
- in CRYPTO_realloc_clean.
-
- Thanks to Tavis Ormandy, Google Security Team, for discovering this
- issue and to Adam Langley <agl@chromium.org> for fixing it.
- (CVE-2012-2110)
- [Adam Langley (Google), Tavis Ormandy, Google Security Team]
-
Changes between 1.0.0g and 1.0.0h [12 Mar 2012]
*) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
@@ -1818,228 +1838,6 @@
*) Change 'Configure' script to enable Camellia by default.
[NTT]
- Changes between 0.9.8x and 0.9.8y [5 Feb 2013]
-
- *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
-
- This addresses the flaw in CBC record processing discovered by
- Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
- at: http://www.isg.rhul.ac.uk/tls/
-
- Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
- Security Group at Royal Holloway, University of London
- (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
- Emilia Käsper for the initial patch.
- (CVE-2013-0169)
- [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
-
- *) Return an error when checking OCSP signatures when key is NULL.
- This fixes a DoS attack. (CVE-2013-0166)
- [Steve Henson]
-
- *) Call OCSP Stapling callback after ciphersuite has been chosen, so
- the right response is stapled. Also change SSL_get_certificate()
- so it returns the certificate actually sent.
- See http://rt.openssl.org/Ticket/Display.html?id=2836.
- (This is a backport)
- [Rob Stradling <rob.stradling@comodo.com>]
-
- *) Fix possible deadlock when decoding public keys.
- [Steve Henson]
-
- Changes between 0.9.8w and 0.9.8x [10 May 2012]
-
- *) Sanity check record length before skipping explicit IV in DTLS
- to fix DoS attack.
-
- Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
- fuzzing as a service testing platform.
- (CVE-2012-2333)
- [Steve Henson]
-
- *) Initialise tkeylen properly when encrypting CMS messages.
- Thanks to Solar Designer of Openwall for reporting this issue.
- [Steve Henson]
-
- Changes between 0.9.8v and 0.9.8w [23 Apr 2012]
-
- *) The fix for CVE-2012-2110 did not take into account that the
- 'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
- int in OpenSSL 0.9.8, making it still vulnerable. Fix by
- rejecting negative len parameter. (CVE-2012-2131)
- [Tomas Hoger <thoger@redhat.com>]
-
- Changes between 0.9.8u and 0.9.8v [19 Apr 2012]
-
- *) Check for potentially exploitable overflows in asn1_d2i_read_bio
- BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
- in CRYPTO_realloc_clean.
-
- Thanks to Tavis Ormandy, Google Security Team, for discovering this
- issue and to Adam Langley <agl@chromium.org> for fixing it.
- (CVE-2012-2110)
- [Adam Langley (Google), Tavis Ormandy, Google Security Team]
-
- Changes between 0.9.8t and 0.9.8u [12 Mar 2012]
-
- *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
- in CMS and PKCS7 code. When RSA decryption fails use a random key for
- content decryption and always return the same error. Note: this attack
- needs on average 2^20 messages so it only affects automated senders. The
- old behaviour can be reenabled in the CMS code by setting the
- CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
- an MMA defence is not necessary.
- Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
- this issue. (CVE-2012-0884)
- [Steve Henson]
-
- *) Fix CVE-2011-4619: make sure we really are receiving a
- client hello before rejecting multiple SGC restarts. Thanks to
- Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this bug.
- [Steve Henson]
-
- Changes between 0.9.8s and 0.9.8t [18 Jan 2012]
-
- *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
- Thanks to Antonio Martin, Enterprise Secure Access Research and
- Development, Cisco Systems, Inc. for discovering this bug and
- preparing a fix. (CVE-2012-0050)
- [Antonio Martin]
-
- Changes between 0.9.8r and 0.9.8s [4 Jan 2012]
-
- *) Nadhem Alfardan and Kenny Paterson have discovered an extension
- of the Vaudenay padding oracle attack on CBC mode encryption
- which enables an efficient plaintext recovery attack against
- the OpenSSL implementation of DTLS. Their attack exploits timing
- differences arising during decryption processing. A research
- paper describing this attack can be found at:
- http://www.isg.rhul.ac.uk/~kp/dtls.pdf
- Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
- Security Group at Royal Holloway, University of London
- (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann
- <seggelmann@fh-muenster.de> and Michael Tuexen <tuexen@fh-muenster.de>
- for preparing the fix. (CVE-2011-4108)
- [Robin Seggelmann, Michael Tuexen]
-
- *) Stop policy check failure freeing same buffer twice. (CVE-2011-4109)
- [Ben Laurie, Kasper <ekasper@google.com>]
-
- *) Clear bytes used for block padding of SSL 3.0 records.
- (CVE-2011-4576)
- [Adam Langley (Google)]
-
- *) Only allow one SGC handshake restart for SSL/TLS. Thanks to George
- Kadianakis <desnacked@gmail.com> for discovering this issue and
- Adam Langley for preparing the fix. (CVE-2011-4619)
- [Adam Langley (Google)]
-
- *) Prevent malformed RFC3779 data triggering an assertion failure.
- Thanks to Andrew Chi, BBN Technologies, for discovering the flaw
- and Rob Austein <sra@hactrn.net> for fixing it. (CVE-2011-4577)
- [Rob Austein <sra@hactrn.net>]
-
- *) Fix ssl_ciph.c set-up race.
- [Adam Langley (Google)]
-
- *) Fix spurious failures in ecdsatest.c.
- [Emilia Käsper (Google)]
-
- *) Fix the BIO_f_buffer() implementation (which was mixing different
- interpretations of the '..._len' fields).
- [Adam Langley (Google)]
-
- *) Fix handling of BN_BLINDING: now BN_BLINDING_invert_ex (rather than
- BN_BLINDING_invert_ex) calls BN_BLINDING_update, ensuring that concurrent
- threads won't reuse the same blinding coefficients.
-
- This also avoids the need to obtain the CRYPTO_LOCK_RSA_BLINDING
- lock to call BN_BLINDING_invert_ex, and avoids one use of
- BN_BLINDING_update for each BN_BLINDING structure (previously,
- the last update always remained unused).
- [Emilia Käsper (Google)]
-
- *) Fix SSL memory handling for (EC)DH ciphersuites, in particular
- for multi-threaded use of ECDH.
- [Adam Langley (Google)]
-
- *) Fix x509_name_ex_d2i memory leak on bad inputs.
- [Bodo Moeller]
-
- *) Add protection against ECDSA timing attacks as mentioned in the paper
- by Billy Bob Brumley and Nicola Tuveri, see:
-
- http://eprint.iacr.org/2011/232.pdf
-
- [Billy Bob Brumley and Nicola Tuveri]
-
- Changes between 0.9.8q and 0.9.8r [8 Feb 2011]
-
- *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014
- [Neel Mehta, Adam Langley, Bodo Moeller (Google)]
-
- *) Fix bug in string printing code: if *any* escaping is enabled we must
- escape the escape character (backslash) or the resulting string is
- ambiguous.
- [Steve Henson]
-
- Changes between 0.9.8p and 0.9.8q [2 Dec 2010]
-
- *) Disable code workaround for ancient and obsolete Netscape browsers
- and servers: an attacker can use it in a ciphersuite downgrade attack.
- Thanks to Martin Rex for discovering this bug. CVE-2010-4180
- [Steve Henson]
-
- *) Fixed J-PAKE implementation error, originally discovered by
- Sebastien Martini, further info and confirmation from Stefan
- Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252
- [Ben Laurie]
-
- Changes between 0.9.8o and 0.9.8p [16 Nov 2010]
-
- *) Fix extension code to avoid race conditions which can result in a buffer
- overrun vulnerability: resumed sessions must not be modified as they can
- be shared by multiple threads. CVE-2010-3864
- [Steve Henson]
-
- *) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
- [Steve Henson]
-
- *) Don't reencode certificate when calculating signature: cache and use
- the original encoding instead. This makes signature verification of
- some broken encodings work correctly.
- [Steve Henson]
-
- *) ec2_GF2m_simple_mul bugfix: compute correct result if the output EC_POINT
- is also one of the inputs.
- [Emilia Käsper <emilia.kasper@esat.kuleuven.be> (Google)]
-
- *) Don't repeatedly append PBE algorithms to table if they already exist.
- Sort table on each new add. This effectively makes the table read only
- after all algorithms are added and subsequent calls to PKCS12_pbe_add
- etc are non-op.
- [Steve Henson]
-
- Changes between 0.9.8n and 0.9.8o [01 Jun 2010]
-
- [NB: OpenSSL 0.9.8o and later 0.9.8 patch levels were released after
- OpenSSL 1.0.0.]
-
- *) Correct a typo in the CMS ASN1 module which can result in invalid memory
- access or freeing data twice (CVE-2010-0742)
- [Steve Henson, Ronald Moesbergen <intercommit@gmail.com>]
-
- *) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more
- common in certificates and some applications which only call
- SSL_library_init and not OpenSSL_add_all_algorithms() will fail.
- [Steve Henson]
-
- *) VMS fixes:
- Reduce copying into .apps and .test in makevms.com
- Don't try to use blank CA certificate in CA.com
- Allow use of C files from original directories in maketests.com
- [Steven M. Schweda" <sms@antinode.info>]
-
Changes between 0.9.8m and 0.9.8n [24 Mar 2010]
*) When rejecting SSL/TLS records due to an incorrect version number, never
diff --git a/Configure b/Configure
index 541be9ec57d8..d7ecf973c0a6 100755
--- a/Configure
+++ b/Configure
@@ -185,18 +185,18 @@ my %table=(
"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-geoff32","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-geoff64","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
"dist", "cc:-O::(unknown)::::::",
# Basic configs that should work on any (32 and less bit) box
@@ -256,16 +256,16 @@ my %table=(
#### IRIX 5.x configs
# -mips2 flag is added by ./config when appropriate.
-"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-gcc","gcc:-O3 -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-cc", "cc:-O2 -use_readonly_const -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### IRIX 6.x configs
# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
# './Configure irix-cc -o32' manually.
-"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
-"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
+"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
+"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
# N64 ABI builds.
-"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
#### Unified HP-UX ANSI C configs.
# Special notes:
@@ -345,23 +345,23 @@ my %table=(
####
# *-generic* is endian-neutral target, but ./config is free to
# throw in -D[BL]_ENDIAN, whichever appropriate...
-"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ppc", "gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# It's believed that majority of ARM toolchains predefine appropriate -march.
# If you compiler does not, do complement config command line with one!
-"linux-armv4", "gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-armv4", "gcc:-O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### IA-32 targets...
-"linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
+"linux-ia32-icc", "icc:-DL_ENDIAN -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-aout", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
####
-"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-generic64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ppc64", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-ia64", "gcc:-DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64-ecc","ecc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
#### So called "highgprs" target for z/Architecture CPUs
# "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
# /proc/cpuinfo. The idea is to preserve most significant bits of
@@ -375,16 +375,16 @@ my %table=(
# ldconfig and run-time linker to autodiscover. Unfortunately it
# doesn't work just yet, because of couple of bugs in glibc
# sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1...
-"linux32-s390x", "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs",
+"linux32-s390x", "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs",
#### SPARC Linux setups
# Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
# assisted with debugging of following two configs.
-"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# it's a real mess with -mcpu=ultrasparc option under Linux, but
# -Wa,-Av8plus should do the trick no matter what.
-"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# GCC 3.1 is a requirement
-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
#### Alpha Linux with GNU C and Compaq C setups
# Special notes:
# - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
@@ -398,30 +398,30 @@ my %table=(
#
# <appro@fy.chalmers.se>
#
-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
-"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
-# Android: linux-* but without -DTERMIO and pointers to headers and libs.
+# Android: linux-* but without pointers to headers and libs.
"android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### *BSD [do see comment about ${BSDthreads} above!]
-"BSD-generic32","gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-x86-elf", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-BSD-x86-elf", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-sparcv8", "gcc:-DB_ENDIAN -DTERMIOS -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-generic32","gcc:-O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-sparcv8", "gcc:-DB_ENDIAN -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-generic64","gcc:-DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-generic64","gcc:-O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# -DMD32_REG_T=int doesn't actually belong in sparc64 target, it
# simply *happens* to work around a compiler bug in gcc 3.3.3,
# triggered by RIPEMD160 code.
-"BSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-ia64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-x86_64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-sparc64", "gcc:-DB_ENDIAN -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-ia64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-x86_64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -433,8 +433,8 @@ my %table=(
# QNX
"qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:",
-"QNX6", "gcc:-DTERMIOS::::-lsocket::${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"QNX6-i386", "gcc:-DL_ENDIAN -DTERMIOS -O2 -Wall::::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"QNX6", "gcc:::::-lsocket::${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"QNX6-i386", "gcc:-DL_ENDIAN -O2 -Wall::::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# BeOS
"beos-x86-r5", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT:BEOS:-lbe -lnet:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:beos:beos-shared:-fPIC -DPIC:-shared:.so",
@@ -507,7 +507,7 @@ my %table=(
"SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown)::-lucb:RC4_INDEX RC4_CHAR:::",
# SIEMENS BS2000/OSD: an EBCDIC-based mainframe
-"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
+"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
# OS/390 Unix an EBCDIC-based Unix system on IBM mainframe
# You need to compile using the c89.sh wrapper in the tools directory, because the
@@ -567,7 +567,7 @@ my %table=(
"netware-libc-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::",
# DJGPP
-"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:",
+"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIO -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:",
# Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
"ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::",
@@ -593,7 +593,7 @@ my %table=(
"newsos4-gcc","gcc:-O -DB_ENDIAN::(unknown):NEWS4:-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",
##### GNU Hurd
-"hurd-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",
+"hurd-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",
##### OS/2 EMX
"OS2-EMX", "gcc::::::::",
diff --git a/FREEBSD-upgrade b/FREEBSD-upgrade
index f73d1e5f3515..d67c981e4545 100644
--- a/FREEBSD-upgrade
+++ b/FREEBSD-upgrade
@@ -11,8 +11,8 @@ First, read http://wiki.freebsd.org/SubversionPrimer/VendorImports
# Xlist
setenv XLIST /FreeBSD/work/openssl/svn-FREEBSD-files/FREEBSD-Xlist
setenv FSVN "svn+ssh://svn.freebsd.org/base"
-setenv OSSLVER 1.0.1l
-# OSSLTAG format: v1_0_1l
+setenv OSSLVER 1.0.1m
+# OSSLTAG format: v1_0_1m
###setenv OSSLTAG v`echo ${OSSLVER} | tr . _`
diff --git a/Makefile b/Makefile
index f68eab69676a..d3f31f0764c8 100644
--- a/Makefile
+++ b/Makefile
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=1.0.1l
+VERSION=1.0.1m
MAJOR=1
MINOR=0.1
SHLIB_VERSION_NUMBER=1.0.0
diff --git a/NEWS b/NEWS
index 4ff27753ea7d..12616d2c1ff5 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,16 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.1m [19 Mar 2015]
+
+ o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
+ o ASN.1 structure reuse memory corruption fix (CVE-2015-0287)
+ o PKCS7 NULL pointer dereferences fix (CVE-2015-0289)
+ o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293)
+ o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209)
+ o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288)
+ o Removed the export ciphers from the DEFAULT ciphers
+
Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015]
o Build fixes for the Windows and OpenVMS platforms
@@ -103,19 +113,6 @@
o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
o SRP support.
- Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013]:
-
- o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
- o Fix OCSP bad key DoS attack CVE-2013-0166
-
- Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j [10 May 2012]:
-
- o Fix DTLS record length checking bug CVE-2012-2333
-
- Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i [19 Apr 2012]:
-
- o Fix for ASN1 overflow bug CVE-2012-2110
-
Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]:
o Fix for CMS/PKCS#7 MMA CVE-2012-0884
@@ -188,62 +185,6 @@
o Opaque PRF Input TLS extension support.
o Updated time routines to avoid OS limitations.
- Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y [5 Feb 2013]:
-
- o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
- o Fix OCSP bad key DoS attack CVE-2013-0166
-
- Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x [10 May 2012]:
-
- o Fix DTLS record length checking bug CVE-2012-2333
-
- Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w [23 Apr 2012]:
-
- o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110)
-
- Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v [19 Apr 2012]:
-
- o Fix for ASN1 overflow bug CVE-2012-2110
-
- Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u [12 Mar 2012]:
-
- o Fix for CMS/PKCS#7 MMA CVE-2012-0884
- o Corrected fix for CVE-2011-4619
- o Various DTLS fixes.
-
- Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t [18 Jan 2012]:
-
- o Fix for DTLS DoS issue CVE-2012-0050
-
- Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s [4 Jan 2012]:
-
- o Fix for DTLS plaintext recovery attack CVE-2011-4108
- o Fix policy check double free error CVE-2011-4109
- o Clear block padding bytes of SSL 3.0 records CVE-2011-4576
- o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619
- o Check for malformed RFC3779 data CVE-2011-4577
-
- Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r [8 Feb 2011]:
-
- o Fix for security issue CVE-2011-0014
-
- Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q [2 Dec 2010]:
-
- o Fix for security issue CVE-2010-4180
- o Fix for CVE-2010-4252
-
- Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p [16 Nov 2010]:
-
- o Fix for security issue CVE-2010-3864.
-
- Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o [1 Jun 2010]:
-
- o Fix for security issue CVE-2010-0742.
- o Various DTLS fixes.
- o Recognise SHA2 certificates if only SSL algorithms added.
- o Fix for no-rc4 compilation.
- o Chil ENGINE unload workaround.
-
Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010]:
o CFB cipher definition fixes.
diff --git a/README b/README
index ef7eec7a2b7c..ecdcfb2370d1 100644
--- a/README
+++ b/README
@@ -1,5 +1,5 @@
- OpenSSL 1.0.1l 15 Jan 2015
+ OpenSSL 1.0.1m 19 Mar 2015
Copyright (c) 1998-2011 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/apps/app_rand.c b/apps/app_rand.c
index b7b6128c1eb9..595fc7821c85 100644
--- a/apps/app_rand.c
+++ b/apps/app_rand.c
@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -63,7 +63,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -115,104 +115,106 @@
#include <openssl/bio.h>
#include <openssl/rand.h>
-
static int seeded = 0;
static int egdsocket = 0;
int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
- {
- int consider_randfile = (file == NULL);
- char buffer[200];
-
+{
+ int consider_randfile = (file == NULL);
+ char buffer[200];
+
#ifdef OPENSSL_SYS_WINDOWS
- BIO_printf(bio_e,"Loading 'screen' into random state -");
- BIO_flush(bio_e);
- RAND_screen();
- BIO_printf(bio_e," done\n");
+ BIO_printf(bio_e, "Loading 'screen' into random state -");
+ BIO_flush(bio_e);
+ RAND_screen();
+ BIO_printf(bio_e, " done\n");
#endif
- if (file == NULL)
- file = RAND_file_name(buffer, sizeof buffer);
- else if (RAND_egd(file) > 0)
- {
- /* we try if the given filename is an EGD socket.
- if it is, we don't write anything back to the file. */
- egdsocket = 1;
- return 1;
- }
- if (file == NULL || !RAND_load_file(file, -1))
- {
- if (RAND_status() == 0)
- {
- if (!dont_warn)
- {
- BIO_printf(bio_e,"unable to load 'random state'\n");
- BIO_printf(bio_e,"This means that the random number generator has not been seeded\n");
- BIO_printf(bio_e,"with much random data.\n");
- if (consider_randfile) /* explanation does not apply when a file is explicitly named */
- {
- BIO_printf(bio_e,"Consider setting the RANDFILE environment variable to point at a file that\n");
- BIO_printf(bio_e,"'random' data can be kept in (the file will be overwritten).\n");
- }
- }
- return 0;
- }
- }
- seeded = 1;
- return 1;
- }
+ if (file == NULL)
+ file = RAND_file_name(buffer, sizeof buffer);
+ else if (RAND_egd(file) > 0) {
+ /*
+ * we try if the given filename is an EGD socket. if it is, we don't
+ * write anything back to the file.
+ */
+ egdsocket = 1;
+ return 1;
+ }
+ if (file == NULL || !RAND_load_file(file, -1)) {
+ if (RAND_status() == 0) {
+ if (!dont_warn) {
+ BIO_printf(bio_e, "unable to load 'random state'\n");
+ BIO_printf(bio_e,
+ "This means that the random number generator has not been seeded\n");
+ BIO_printf(bio_e, "with much random data.\n");
+ if (consider_randfile) { /* explanation does not apply when a
+ * file is explicitly named */
+ BIO_printf(bio_e,
+ "Consider setting the RANDFILE environment variable to point at a file that\n");
+ BIO_printf(bio_e,
+ "'random' data can be kept in (the file will be overwritten).\n");
+ }
+ }
+ return 0;
+ }
+ }
+ seeded = 1;
+ return 1;
+}
long app_RAND_load_files(char *name)
- {
- char *p,*n;
- int last;
- long tot=0;
- int egd;
-
- for (;;)
- {
- last=0;
- for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++);
- if (*p == '\0') last=1;
- *p='\0';
- n=name;
- name=p+1;
- if (*n == '\0') break;
+{
+ char *p, *n;
+ int last;
+ long tot = 0;
+ int egd;
- egd=RAND_egd(n);
- if (egd > 0)
- tot+=egd;
- else
- tot+=RAND_load_file(n,-1);
- if (last) break;
- }
- if (tot > 512)
- app_RAND_allow_write_file();
- return(tot);
- }
+ for (;;) {
+ last = 0;
+ for (p = name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++) ;
+ if (*p == '\0')
+ last = 1;
+ *p = '\0';
+ n = name;
+ name = p + 1;
+ if (*n == '\0')
+ break;
+
+ egd = RAND_egd(n);
+ if (egd > 0)
+ tot += egd;
+ else
+ tot += RAND_load_file(n, -1);
+ if (last)
+ break;
+ }
+ if (tot > 512)
+ app_RAND_allow_write_file();
+ return (tot);
+}
int app_RAND_write_file(const char *file, BIO *bio_e)
- {
- char buffer[200];
-
- if (egdsocket || !seeded)
- /* If we did not manage to read the seed file,
- * we should not write a low-entropy seed file back --
- * it would suppress a crucial warning the next time
- * we want to use it. */
- return 0;
+{
+ char buffer[200];
+
+ if (egdsocket || !seeded)
+ /*
+ * If we did not manage to read the seed file, we should not write a
+ * low-entropy seed file back -- it would suppress a crucial warning
+ * the next time we want to use it.
+ */
+ return 0;
- if (file == NULL)
- file = RAND_file_name(buffer, sizeof buffer);
- if (file == NULL || !RAND_write_file(file))
- {
- BIO_printf(bio_e,"unable to write 'random state'\n");
- return 0;
- }
- return 1;
- }
+ if (file == NULL)
+ file = RAND_file_name(buffer, sizeof buffer);
+ if (file == NULL || !RAND_write_file(file)) {
+ BIO_printf(bio_e, "unable to write 'random state'\n");
+ return 0;
+ }
+ return 1;
+}
void app_RAND_allow_write_file(void)
- {
- seeded = 1;
- }
+{
+ seeded = 1;
+}
diff --git a/apps/apps.c b/apps/apps.c
index 3e18289a4b5b..9862afde3a77 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -63,7 +63,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -110,16 +110,17 @@
*/
#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
-#define _POSIX_C_SOURCE 2 /* On VMS, you need to define this to get
- the declaration of fileno(). The value
- 2 is to make sure no function defined
- in POSIX-2 is left undefined. */
+/*
+ * On VMS, you need to define this to get the declaration of fileno(). The
+ * value 2 is to make sure no function defined in POSIX-2 is left undefined.
+ */
+# define _POSIX_C_SOURCE 2
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#if !defined(OPENSSL_SYSNAME_WIN32) && !defined(NETWARE_CLIB)
-#include <strings.h>
+# include <strings.h>
#endif
#include <sys/types.h>
#include <ctype.h>
@@ -133,14 +134,14 @@
#include <openssl/ui.h>
#include <openssl/safestack.h>
#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
+# include <openssl/engine.h>
#endif
#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
+# include <openssl/rsa.h>
#endif
#include <openssl/bn.h>
#ifndef OPENSSL_NO_JPAKE
-#include <openssl/jpake.h>
+# include <openssl/jpake.h>
#endif
#define NON_MAIN
@@ -149,2586 +150,2448 @@
#ifdef _WIN32
static int WIN32_rename(const char *from, const char *to);
-#define rename(from,to) WIN32_rename((from),(to))
+# define rename(from,to) WIN32_rename((from),(to))
#endif
typedef struct {
- const char *name;
- unsigned long flag;
- unsigned long mask;
+ const char *name;
+ unsigned long flag;
+ unsigned long mask;
} NAME_EX_TBL;
static UI_METHOD *ui_method = NULL;
-static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
-static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
+static int set_table_opts(unsigned long *flags, const char *arg,
+ const NAME_EX_TBL * in_tbl);
+static int set_multi_opts(unsigned long *flags, const char *arg,
+ const NAME_EX_TBL * in_tbl);
#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
/* Looks like this stuff is worth moving into separate function */
-static EVP_PKEY *
-load_netscape_key(BIO *err, BIO *key, const char *file,
- const char *key_descrip, int format);
+static EVP_PKEY *load_netscape_key(BIO *err, BIO *key, const char *file,
+ const char *key_descrip, int format);
#endif
int app_init(long mesgwin);
-#ifdef undef /* never finished - probably never will be :-) */
+#ifdef undef /* never finished - probably never will be
+ * :-) */
int args_from_file(char *file, int *argc, char **argv[])
- {
- FILE *fp;
- int num,i;
- unsigned int len;
- static char *buf=NULL;
- static char **arg=NULL;
- char *p;
-
- fp=fopen(file,"r");
- if (fp == NULL)
- return(0);
-
- if (fseek(fp,0,SEEK_END)==0)
- len=ftell(fp), rewind(fp);
- else len=-1;
- if (len<=0)
- {
- fclose(fp);
- return(0);
- }
-
- *argc=0;
- *argv=NULL;
-
- if (buf != NULL) OPENSSL_free(buf);
- buf=(char *)OPENSSL_malloc(len+1);
- if (buf == NULL) return(0);
-
- len=fread(buf,1,len,fp);
- if (len <= 1) return(0);
- buf[len]='\0';
-
- i=0;
- for (p=buf; *p; p++)
- if (*p == '\n') i++;
- if (arg != NULL) OPENSSL_free(arg);
- arg=(char **)OPENSSL_malloc(sizeof(char *)*(i*2));
-
- *argv=arg;
- num=0;
- p=buf;
- for (;;)
- {
- if (!*p) break;
- if (*p == '#') /* comment line */
- {
- while (*p && (*p != '\n')) p++;
- continue;
- }
- /* else we have a line */
- *(arg++)=p;
- num++;
- while (*p && ((*p != ' ') && (*p != '\t') && (*p != '\n')))
- p++;
- if (!*p) break;
- if (*p == '\n')
- {
- *(p++)='\0';
- continue;
- }
- /* else it is a tab or space */
- p++;
- while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
- p++;
- if (!*p) break;
- if (*p == '\n')
- {
- p++;
- continue;
- }
- *(arg++)=p++;
- num++;
- while (*p && (*p != '\n')) p++;
- if (!*p) break;
- /* else *p == '\n' */
- *(p++)='\0';
- }
- *argc=num;
- return(1);
- }
+{
+ FILE *fp;
+ int num, i;
+ unsigned int len;
+ static char *buf = NULL;
+ static char **arg = NULL;
+ char *p;
+
+ fp = fopen(file, "r");
+ if (fp == NULL)
+ return (0);
+
+ if (fseek(fp, 0, SEEK_END) == 0)
+ len = ftell(fp), rewind(fp);
+ else
+ len = -1;
+ if (len <= 0) {
+ fclose(fp);
+ return (0);
+ }
+
+ *argc = 0;
+ *argv = NULL;
+
+ if (buf != NULL)
+ OPENSSL_free(buf);
+ buf = (char *)OPENSSL_malloc(len + 1);
+ if (buf == NULL)
+ return (0);
+
+ len = fread(buf, 1, len, fp);
+ if (len <= 1)
+ return (0);
+ buf[len] = '\0';
+
+ i = 0;
+ for (p = buf; *p; p++)
+ if (*p == '\n')
+ i++;
+ if (arg != NULL)
+ OPENSSL_free(arg);
+ arg = (char **)OPENSSL_malloc(sizeof(char *) * (i * 2));
+
+ *argv = arg;
+ num = 0;
+ p = buf;
+ for (;;) {
+ if (!*p)
+ break;
+ if (*p == '#') { /* comment line */
+ while (*p && (*p != '\n'))
+ p++;
+ continue;
+ }
+ /* else we have a line */
+ *(arg++) = p;
+ num++;
+ while (*p && ((*p != ' ') && (*p != '\t') && (*p != '\n')))
+ p++;
+ if (!*p)
+ break;
+ if (*p == '\n') {
+ *(p++) = '\0';
+ continue;
+ }
+ /* else it is a tab or space */
+ p++;
+ while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
+ p++;
+ if (!*p)
+ break;
+ if (*p == '\n') {
+ p++;
+ continue;
+ }
+ *(arg++) = p++;
+ num++;
+ while (*p && (*p != '\n'))
+ p++;
+ if (!*p)
+ break;
+ /* else *p == '\n' */
+ *(p++) = '\0';
+ }
+ *argc = num;
+ return (1);
+}
#endif
int str2fmt(char *s)
- {
- if (s == NULL)
- return FORMAT_UNDEF;
- if ((*s == 'D') || (*s == 'd'))
- return(FORMAT_ASN1);
- else if ((*s == 'T') || (*s == 't'))
- return(FORMAT_TEXT);
- else if ((*s == 'N') || (*s == 'n'))
- return(FORMAT_NETSCAPE);
- else if ((*s == 'S') || (*s == 's'))
- return(FORMAT_SMIME);
- else if ((*s == 'M') || (*s == 'm'))
- return(FORMAT_MSBLOB);
- else if ((*s == '1')
- || (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
- || (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
- return(FORMAT_PKCS12);
- else if ((*s == 'E') || (*s == 'e'))
- return(FORMAT_ENGINE);
- else if ((*s == 'P') || (*s == 'p'))
- {
- if (s[1] == 'V' || s[1] == 'v')
- return FORMAT_PVK;
- else
- return(FORMAT_PEM);
- }
- else
- return(FORMAT_UNDEF);
- }
+{
+ if (s == NULL)
+ return FORMAT_UNDEF;
+ if ((*s == 'D') || (*s == 'd'))
+ return (FORMAT_ASN1);
+ else if ((*s == 'T') || (*s == 't'))
+ return (FORMAT_TEXT);
+ else if ((*s == 'N') || (*s == 'n'))
+ return (FORMAT_NETSCAPE);
+ else if ((*s == 'S') || (*s == 's'))
+ return (FORMAT_SMIME);
+ else if ((*s == 'M') || (*s == 'm'))
+ return (FORMAT_MSBLOB);
+ else if ((*s == '1')
+ || (strcmp(s, "PKCS12") == 0) || (strcmp(s, "pkcs12") == 0)
+ || (strcmp(s, "P12") == 0) || (strcmp(s, "p12") == 0))
+ return (FORMAT_PKCS12);
+ else if ((*s == 'E') || (*s == 'e'))
+ return (FORMAT_ENGINE);
+ else if ((*s == 'P') || (*s == 'p')) {
+ if (s[1] == 'V' || s[1] == 'v')
+ return FORMAT_PVK;
+ else
+ return (FORMAT_PEM);
+ } else
+ return (FORMAT_UNDEF);
+}
#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_NETWARE)
void program_name(char *in, char *out, int size)
- {
- int i,n;
- char *p=NULL;
-
- n=strlen(in);
- /* find the last '/', '\' or ':' */
- for (i=n-1; i>0; i--)
- {
- if ((in[i] == '/') || (in[i] == '\\') || (in[i] == ':'))
- {
- p= &(in[i+1]);
- break;
- }
- }
- if (p == NULL)
- p=in;
- n=strlen(p);
-
-#if defined(OPENSSL_SYS_NETWARE)
- /* strip off trailing .nlm if present. */
- if ((n > 4) && (p[n-4] == '.') &&
- ((p[n-3] == 'n') || (p[n-3] == 'N')) &&
- ((p[n-2] == 'l') || (p[n-2] == 'L')) &&
- ((p[n-1] == 'm') || (p[n-1] == 'M')))
- n-=4;
-#else
- /* strip off trailing .exe if present. */
- if ((n > 4) && (p[n-4] == '.') &&
- ((p[n-3] == 'e') || (p[n-3] == 'E')) &&
- ((p[n-2] == 'x') || (p[n-2] == 'X')) &&
- ((p[n-1] == 'e') || (p[n-1] == 'E')))
- n-=4;
-#endif
+{
+ int i, n;
+ char *p = NULL;
+
+ n = strlen(in);
+ /* find the last '/', '\' or ':' */
+ for (i = n - 1; i > 0; i--) {
+ if ((in[i] == '/') || (in[i] == '\\') || (in[i] == ':')) {
+ p = &(in[i + 1]);
+ break;
+ }
+ }
+ if (p == NULL)
+ p = in;
+ n = strlen(p);
+
+# if defined(OPENSSL_SYS_NETWARE)
+ /* strip off trailing .nlm if present. */
+ if ((n > 4) && (p[n - 4] == '.') &&
+ ((p[n - 3] == 'n') || (p[n - 3] == 'N')) &&
+ ((p[n - 2] == 'l') || (p[n - 2] == 'L')) &&
+ ((p[n - 1] == 'm') || (p[n - 1] == 'M')))
+ n -= 4;
+# else
+ /* strip off trailing .exe if present. */
+ if ((n > 4) && (p[n - 4] == '.') &&
+ ((p[n - 3] == 'e') || (p[n - 3] == 'E')) &&
+ ((p[n - 2] == 'x') || (p[n - 2] == 'X')) &&
+ ((p[n - 1] == 'e') || (p[n - 1] == 'E')))
+ n -= 4;
+# endif
- if (n > size-1)
- n=size-1;
-
- for (i=0; i<n; i++)
- {
- if ((p[i] >= 'A') && (p[i] <= 'Z'))
- out[i]=p[i]-'A'+'a';
- else
- out[i]=p[i];
- }
- out[n]='\0';
- }
+ if (n > size - 1)
+ n = size - 1;
+
+ for (i = 0; i < n; i++) {
+ if ((p[i] >= 'A') && (p[i] <= 'Z'))
+ out[i] = p[i] - 'A' + 'a';
+ else
+ out[i] = p[i];
+ }
+ out[n] = '\0';
+}
#else
-#ifdef OPENSSL_SYS_VMS
+# ifdef OPENSSL_SYS_VMS
void program_name(char *in, char *out, int size)
- {
- char *p=in, *q;
- char *chars=":]>";
-
- while(*chars != '\0')
- {
- q=strrchr(p,*chars);
- if (q > p)
- p = q + 1;
- chars++;
- }
-
- q=strrchr(p,'.');
- if (q == NULL)
- q = p + strlen(p);
- strncpy(out,p,size-1);
- if (q-p >= size)
- {
- out[size-1]='\0';
- }
- else
- {
- out[q-p]='\0';
- }
- }
-#else
+{
+ char *p = in, *q;
+ char *chars = ":]>";
+
+ while (*chars != '\0') {
+ q = strrchr(p, *chars);
+ if (q > p)
+ p = q + 1;
+ chars++;
+ }
+
+ q = strrchr(p, '.');
+ if (q == NULL)
+ q = p + strlen(p);
+ strncpy(out, p, size - 1);
+ if (q - p >= size) {
+ out[size - 1] = '\0';
+ } else {
+ out[q - p] = '\0';
+ }
+}
+# else
void program_name(char *in, char *out, int size)
- {
- char *p;
-
- p=strrchr(in,'/');
- if (p != NULL)
- p++;
- else
- p=in;
- BUF_strlcpy(out,p,size);
- }
-#endif
+{
+ char *p;
+
+ p = strrchr(in, '/');
+ if (p != NULL)
+ p++;
+ else
+ p = in;
+ BUF_strlcpy(out, p, size);
+}
+# endif
#endif
int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
- {
- int num,i;
- char *p;
-
- *argc=0;
- *argv=NULL;
-
- i=0;
- if (arg->count == 0)
- {
- arg->count=20;
- arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count);
- if (arg->data == NULL)
- return 0;
- }
- for (i=0; i<arg->count; i++)
- arg->data[i]=NULL;
-
- num=0;
- p=buf;
- for (;;)
- {
- /* first scan over white space */
- if (!*p) break;
- while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
- p++;
- if (!*p) break;
-
- /* The start of something good :-) */
- if (num >= arg->count)
- {
- char **tmp_p;
- int tlen = arg->count + 20;
- tmp_p = (char **)OPENSSL_realloc(arg->data,
- sizeof(char *)*tlen);
- if (tmp_p == NULL)
- return 0;
- arg->data = tmp_p;
- arg->count = tlen;
- /* initialize newly allocated data */
- for (i = num; i < arg->count; i++)
- arg->data[i] = NULL;
- }
- arg->data[num++]=p;
-
- /* now look for the end of this */
- if ((*p == '\'') || (*p == '\"')) /* scan for closing quote */
- {
- i= *(p++);
- arg->data[num-1]++; /* jump over quote */
- while (*p && (*p != i))
- p++;
- *p='\0';
- }
- else
- {
- while (*p && ((*p != ' ') &&
- (*p != '\t') && (*p != '\n')))
- p++;
-
- if (*p == '\0')
- p--;
- else
- *p='\0';
- }
- p++;
- }
- *argc=num;
- *argv=arg->data;
- return(1);
- }
+{
+ int num, i;
+ char *p;
+
+ *argc = 0;
+ *argv = NULL;
+
+ i = 0;
+ if (arg->count == 0) {
+ arg->count = 20;
+ arg->data = (char **)OPENSSL_malloc(sizeof(char *) * arg->count);
+ if (arg->data == NULL)
+ return 0;
+ }
+ for (i = 0; i < arg->count; i++)
+ arg->data[i] = NULL;
+
+ num = 0;
+ p = buf;
+ for (;;) {
+ /* first scan over white space */
+ if (!*p)
+ break;
+ while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
+ p++;
+ if (!*p)
+ break;
+
+ /* The start of something good :-) */
+ if (num >= arg->count) {
+ char **tmp_p;
+ int tlen = arg->count + 20;
+ tmp_p = (char **)OPENSSL_realloc(arg->data,
+ sizeof(char *) * tlen);
+ if (tmp_p == NULL)
+ return 0;
+ arg->data = tmp_p;
+ arg->count = tlen;
+ /* initialize newly allocated data */
+ for (i = num; i < arg->count; i++)
+ arg->data[i] = NULL;
+ }
+ arg->data[num++] = p;
+
+ /* now look for the end of this */
+ if ((*p == '\'') || (*p == '\"')) { /* scan for closing quote */
+ i = *(p++);
+ arg->data[num - 1]++; /* jump over quote */
+ while (*p && (*p != i))
+ p++;
+ *p = '\0';
+ } else {
+ while (*p && ((*p != ' ') && (*p != '\t') && (*p != '\n')))
+ p++;
+
+ if (*p == '\0')
+ p--;
+ else
+ *p = '\0';
+ }
+ p++;
+ }
+ *argc = num;
+ *argv = arg->data;
+ return (1);
+}
#ifndef APP_INIT
int app_init(long mesgwin)
- {
- return(1);
- }
+{
+ return (1);
+}
#endif
-
-int dump_cert_text (BIO *out, X509 *x)
+int dump_cert_text(BIO *out, X509 *x)
{
- char *p;
+ char *p;
- p=X509_NAME_oneline(X509_get_subject_name(x),NULL,0);
- BIO_puts(out,"subject=");
- BIO_puts(out,p);
- OPENSSL_free(p);
+ p = X509_NAME_oneline(X509_get_subject_name(x), NULL, 0);
+ BIO_puts(out, "subject=");
+ BIO_puts(out, p);
+ OPENSSL_free(p);
- p=X509_NAME_oneline(X509_get_issuer_name(x),NULL,0);
- BIO_puts(out,"\nissuer=");
- BIO_puts(out,p);
- BIO_puts(out,"\n");
- OPENSSL_free(p);
+ p = X509_NAME_oneline(X509_get_issuer_name(x), NULL, 0);
+ BIO_puts(out, "\nissuer=");
+ BIO_puts(out, p);
+ BIO_puts(out, "\n");
+ OPENSSL_free(p);
- return 0;
+ return 0;
}
static int ui_open(UI *ui)
- {
- return UI_method_get_opener(UI_OpenSSL())(ui);
- }
+{
+ return UI_method_get_opener(UI_OpenSSL())(ui);
+}
+
static int ui_read(UI *ui, UI_STRING *uis)
- {
- if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
- && UI_get0_user_data(ui))
- {
- switch(UI_get_string_type(uis))
- {
- case UIT_PROMPT:
- case UIT_VERIFY:
- {
- const char *password =
- ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
- if (password && password[0] != '\0')
- {
- UI_set_result(ui, uis, password);
- return 1;
- }
- }
- default:
- break;
- }
- }
- return UI_method_get_reader(UI_OpenSSL())(ui, uis);
- }
+{
+ if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
+ && UI_get0_user_data(ui)) {
+ switch (UI_get_string_type(uis)) {
+ case UIT_PROMPT:
+ case UIT_VERIFY:
+ {
+ const char *password =
+ ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
+ if (password && password[0] != '\0') {
+ UI_set_result(ui, uis, password);
+ return 1;
+ }
+ }
+ default:
+ break;
+ }
+ }
+ return UI_method_get_reader(UI_OpenSSL())(ui, uis);
+}
+
static int ui_write(UI *ui, UI_STRING *uis)
- {
- if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
- && UI_get0_user_data(ui))
- {
- switch(UI_get_string_type(uis))
- {
- case UIT_PROMPT:
- case UIT_VERIFY:
- {
- const char *password =
- ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
- if (password && password[0] != '\0')
- return 1;
- }
- default:
- break;
- }
- }
- return UI_method_get_writer(UI_OpenSSL())(ui, uis);
- }
+{
+ if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
+ && UI_get0_user_data(ui)) {
+ switch (UI_get_string_type(uis)) {
+ case UIT_PROMPT:
+ case UIT_VERIFY:
+ {
+ const char *password =
+ ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
+ if (password && password[0] != '\0')
+ return 1;
+ }
+ default:
+ break;
+ }
+ }
+ return UI_method_get_writer(UI_OpenSSL())(ui, uis);
+}
+
static int ui_close(UI *ui)
- {
- return UI_method_get_closer(UI_OpenSSL())(ui);
- }
+{
+ return UI_method_get_closer(UI_OpenSSL())(ui);
+}
+
int setup_ui_method(void)
- {
- ui_method = UI_create_method("OpenSSL application user interface");
- UI_method_set_opener(ui_method, ui_open);
- UI_method_set_reader(ui_method, ui_read);
- UI_method_set_writer(ui_method, ui_write);
- UI_method_set_closer(ui_method, ui_close);
- return 0;
- }
+{
+ ui_method = UI_create_method("OpenSSL application user interface");
+ UI_method_set_opener(ui_method, ui_open);
+ UI_method_set_reader(ui_method, ui_read);
+ UI_method_set_writer(ui_method, ui_write);
+ UI_method_set_closer(ui_method, ui_close);
+ return 0;
+}
+
void destroy_ui_method(void)
- {
- if(ui_method)
- {
- UI_destroy_method(ui_method);
- ui_method = NULL;
- }
- }
-int password_callback(char *buf, int bufsiz, int verify,
- PW_CB_DATA *cb_tmp)
- {
- UI *ui = NULL;
- int res = 0;
- const char *prompt_info = NULL;
- const char *password = NULL;
- PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;
-
- if (cb_data)
- {
- if (cb_data->password)
- password = cb_data->password;
- if (cb_data->prompt_info)
- prompt_info = cb_data->prompt_info;
- }
-
- if (password)
- {
- res = strlen(password);
- if (res > bufsiz)
- res = bufsiz;
- memcpy(buf, password, res);
- return res;
- }
-
- ui = UI_new_method(ui_method);
- if (ui)
- {
- int ok = 0;
- char *buff = NULL;
- int ui_flags = 0;
- char *prompt = NULL;
-
- prompt = UI_construct_prompt(ui, "pass phrase",
- prompt_info);
-
- ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
- UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
-
- if (ok >= 0)
- ok = UI_add_input_string(ui,prompt,ui_flags,buf,
- PW_MIN_LENGTH,bufsiz-1);
- if (ok >= 0 && verify)
- {
- buff = (char *)OPENSSL_malloc(bufsiz);
- ok = UI_add_verify_string(ui,prompt,ui_flags,buff,
- PW_MIN_LENGTH,bufsiz-1, buf);
- }
- if (ok >= 0)
- do
- {
- ok = UI_process(ui);
- }
- while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
-
- if (buff)
- {
- OPENSSL_cleanse(buff,(unsigned int)bufsiz);
- OPENSSL_free(buff);
- }
-
- if (ok >= 0)
- res = strlen(buf);
- if (ok == -1)
- {
- BIO_printf(bio_err, "User interface error\n");
- ERR_print_errors(bio_err);
- OPENSSL_cleanse(buf,(unsigned int)bufsiz);
- res = 0;
- }
- if (ok == -2)
- {
- BIO_printf(bio_err,"aborted!\n");
- OPENSSL_cleanse(buf,(unsigned int)bufsiz);
- res = 0;
- }
- UI_free(ui);
- OPENSSL_free(prompt);
- }
- return res;
- }
+{
+ if (ui_method) {
+ UI_destroy_method(ui_method);
+ ui_method = NULL;
+ }
+}
+
+int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
+{
+ UI *ui = NULL;
+ int res = 0;
+ const char *prompt_info = NULL;
+ const char *password = NULL;
+ PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;
+
+ if (cb_data) {
+ if (cb_data->password)
+ password = cb_data->password;
+ if (cb_data->prompt_info)
+ prompt_info = cb_data->prompt_info;
+ }
+
+ if (password) {
+ res = strlen(password);
+ if (res > bufsiz)
+ res = bufsiz;
+ memcpy(buf, password, res);
+ return res;
+ }
+
+ ui = UI_new_method(ui_method);
+ if (ui) {
+ int ok = 0;
+ char *buff = NULL;
+ int ui_flags = 0;
+ char *prompt = NULL;
+
+ prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
+ if(!prompt) {
+ BIO_printf(bio_err, "Out of memory\n");
+ UI_free(ui);
+ return 0;
+ }
+
+ ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
+ UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
+
+ if (ok >= 0)
+ ok = UI_add_input_string(ui, prompt, ui_flags, buf,
+ PW_MIN_LENGTH, bufsiz - 1);
+ if (ok >= 0 && verify) {
+ buff = (char *)OPENSSL_malloc(bufsiz);
+ if(!buff) {
+ BIO_printf(bio_err, "Out of memory\n");
+ UI_free(ui);
+ OPENSSL_free(prompt);
+ return 0;
+ }
+ ok = UI_add_verify_string(ui, prompt, ui_flags, buff,
+ PW_MIN_LENGTH, bufsiz - 1, buf);
+ }
+ if (ok >= 0)
+ do {
+ ok = UI_process(ui);
+ }
+ while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
+
+ if (buff) {
+ OPENSSL_cleanse(buff, (unsigned int)bufsiz);
+ OPENSSL_free(buff);
+ }
+
+ if (ok >= 0)
+ res = strlen(buf);
+ if (ok == -1) {
+ BIO_printf(bio_err, "User interface error\n");
+ ERR_print_errors(bio_err);
+ OPENSSL_cleanse(buf, (unsigned int)bufsiz);
+ res = 0;
+ }
+ if (ok == -2) {
+ BIO_printf(bio_err, "aborted!\n");
+ OPENSSL_cleanse(buf, (unsigned int)bufsiz);
+ res = 0;
+ }
+ UI_free(ui);
+ OPENSSL_free(prompt);
+ }
+ return res;
+}
static char *app_get_pass(BIO *err, char *arg, int keepbio);
int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2)
{
- int same;
- if(!arg2 || !arg1 || strcmp(arg1, arg2)) same = 0;
- else same = 1;
- if(arg1) {
- *pass1 = app_get_pass(err, arg1, same);
- if(!*pass1) return 0;
- } else if(pass1) *pass1 = NULL;
- if(arg2) {
- *pass2 = app_get_pass(err, arg2, same ? 2 : 0);
- if(!*pass2) return 0;
- } else if(pass2) *pass2 = NULL;
- return 1;
+ int same;
+ if (!arg2 || !arg1 || strcmp(arg1, arg2))
+ same = 0;
+ else
+ same = 1;
+ if (arg1) {
+ *pass1 = app_get_pass(err, arg1, same);
+ if (!*pass1)
+ return 0;
+ } else if (pass1)
+ *pass1 = NULL;
+ if (arg2) {
+ *pass2 = app_get_pass(err, arg2, same ? 2 : 0);
+ if (!*pass2)
+ return 0;
+ } else if (pass2)
+ *pass2 = NULL;
+ return 1;
}
static char *app_get_pass(BIO *err, char *arg, int keepbio)
{
- char *tmp, tpass[APP_PASS_LEN];
- static BIO *pwdbio = NULL;
- int i;
- if(!strncmp(arg, "pass:", 5)) return BUF_strdup(arg + 5);
- if(!strncmp(arg, "env:", 4)) {
- tmp = getenv(arg + 4);
- if(!tmp) {
- BIO_printf(err, "Can't read environment variable %s\n", arg + 4);
- return NULL;
- }
- return BUF_strdup(tmp);
- }
- if(!keepbio || !pwdbio) {
- if(!strncmp(arg, "file:", 5)) {
- pwdbio = BIO_new_file(arg + 5, "r");
- if(!pwdbio) {
- BIO_printf(err, "Can't open file %s\n", arg + 5);
- return NULL;
- }
+ char *tmp, tpass[APP_PASS_LEN];
+ static BIO *pwdbio = NULL;
+ int i;
+ if (!strncmp(arg, "pass:", 5))
+ return BUF_strdup(arg + 5);
+ if (!strncmp(arg, "env:", 4)) {
+ tmp = getenv(arg + 4);
+ if (!tmp) {
+ BIO_printf(err, "Can't read environment variable %s\n", arg + 4);
+ return NULL;
+ }
+ return BUF_strdup(tmp);
+ }
+ if (!keepbio || !pwdbio) {
+ if (!strncmp(arg, "file:", 5)) {
+ pwdbio = BIO_new_file(arg + 5, "r");
+ if (!pwdbio) {
+ BIO_printf(err, "Can't open file %s\n", arg + 5);
+ return NULL;
+ }
#if !defined(_WIN32)
- /*
- * Under _WIN32, which covers even Win64 and CE, file
- * descriptors referenced by BIO_s_fd are not inherited
- * by child process and therefore below is not an option.
- * It could have been an option if bss_fd.c was operating
- * on real Windows descriptors, such as those obtained
- * with CreateFile.
- */
- } else if(!strncmp(arg, "fd:", 3)) {
- BIO *btmp;
- i = atoi(arg + 3);
- if(i >= 0) pwdbio = BIO_new_fd(i, BIO_NOCLOSE);
- if((i < 0) || !pwdbio) {
- BIO_printf(err, "Can't access file descriptor %s\n", arg + 3);
- return NULL;
- }
- /* Can't do BIO_gets on an fd BIO so add a buffering BIO */
- btmp = BIO_new(BIO_f_buffer());
- pwdbio = BIO_push(btmp, pwdbio);
-#endif
- } else if(!strcmp(arg, "stdin")) {
- pwdbio = BIO_new_fp(stdin, BIO_NOCLOSE);
- if(!pwdbio) {
- BIO_printf(err, "Can't open BIO for stdin\n");
- return NULL;
- }
- } else {
- BIO_printf(err, "Invalid password argument \"%s\"\n", arg);
- return NULL;
- }
- }
- i = BIO_gets(pwdbio, tpass, APP_PASS_LEN);
- if(keepbio != 1) {
- BIO_free_all(pwdbio);
- pwdbio = NULL;
- }
- if(i <= 0) {
- BIO_printf(err, "Error reading password from BIO\n");
- return NULL;
- }
- tmp = strchr(tpass, '\n');
- if(tmp) *tmp = 0;
- return BUF_strdup(tpass);
+ /*
+ * Under _WIN32, which covers even Win64 and CE, file
+ * descriptors referenced by BIO_s_fd are not inherited
+ * by child process and therefore below is not an option.
+ * It could have been an option if bss_fd.c was operating
+ * on real Windows descriptors, such as those obtained
+ * with CreateFile.
+ */
+ } else if (!strncmp(arg, "fd:", 3)) {
+ BIO *btmp;
+ i = atoi(arg + 3);
+ if (i >= 0)
+ pwdbio = BIO_new_fd(i, BIO_NOCLOSE);
+ if ((i < 0) || !pwdbio) {
+ BIO_printf(err, "Can't access file descriptor %s\n", arg + 3);
+ return NULL;
+ }
+ /*
+ * Can't do BIO_gets on an fd BIO so add a buffering BIO
+ */
+ btmp = BIO_new(BIO_f_buffer());
+ pwdbio = BIO_push(btmp, pwdbio);
+#endif
+ } else if (!strcmp(arg, "stdin")) {
+ pwdbio = BIO_new_fp(stdin, BIO_NOCLOSE);
+ if (!pwdbio) {
+ BIO_printf(err, "Can't open BIO for stdin\n");
+ return NULL;
+ }
+ } else {
+ BIO_printf(err, "Invalid password argument \"%s\"\n", arg);
+ return NULL;
+ }
+ }
+ i = BIO_gets(pwdbio, tpass, APP_PASS_LEN);
+ if (keepbio != 1) {
+ BIO_free_all(pwdbio);
+ pwdbio = NULL;
+ }
+ if (i <= 0) {
+ BIO_printf(err, "Error reading password from BIO\n");
+ return NULL;
+ }
+ tmp = strchr(tpass, '\n');
+ if (tmp)
+ *tmp = 0;
+ return BUF_strdup(tpass);
}
int add_oid_section(BIO *err, CONF *conf)
-{
- char *p;
- STACK_OF(CONF_VALUE) *sktmp;
- CONF_VALUE *cnf;
- int i;
- if(!(p=NCONF_get_string(conf,NULL,"oid_section")))
- {
- ERR_clear_error();
- return 1;
- }
- if(!(sktmp = NCONF_get_section(conf, p))) {
- BIO_printf(err, "problem loading oid section %s\n", p);
- return 0;
- }
- for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
- cnf = sk_CONF_VALUE_value(sktmp, i);
- if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
- BIO_printf(err, "problem creating object %s=%s\n",
- cnf->name, cnf->value);
- return 0;
- }
- }
- return 1;
+{
+ char *p;
+ STACK_OF(CONF_VALUE) *sktmp;
+ CONF_VALUE *cnf;
+ int i;
+ if (!(p = NCONF_get_string(conf, NULL, "oid_section"))) {
+ ERR_clear_error();
+ return 1;
+ }
+ if (!(sktmp = NCONF_get_section(conf, p))) {
+ BIO_printf(err, "problem loading oid section %s\n", p);
+ return 0;
+ }
+ for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
+ cnf = sk_CONF_VALUE_value(sktmp, i);
+ if (OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
+ BIO_printf(err, "problem creating object %s=%s\n",
+ cnf->name, cnf->value);
+ return 0;
+ }
+ }
+ return 1;
}
static int load_pkcs12(BIO *err, BIO *in, const char *desc,
- pem_password_cb *pem_cb, void *cb_data,
- EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
- {
- const char *pass;
- char tpass[PEM_BUFSIZE];
- int len, ret = 0;
- PKCS12 *p12;
- p12 = d2i_PKCS12_bio(in, NULL);
- if (p12 == NULL)
- {
- BIO_printf(err, "Error loading PKCS12 file for %s\n", desc);
- goto die;
- }
- /* See if an empty password will do */
- if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0))
- pass = "";
- else
- {
- if (!pem_cb)
- pem_cb = (pem_password_cb *)password_callback;
- len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data);
- if (len < 0)
- {
- BIO_printf(err, "Passpharse callback error for %s\n",
- desc);
- goto die;
- }
- if (len < PEM_BUFSIZE)
- tpass[len] = 0;
- if (!PKCS12_verify_mac(p12, tpass, len))
- {
- BIO_printf(err,
- "Mac verify error (wrong password?) in PKCS12 file for %s\n", desc);
- goto die;
- }
- pass = tpass;
- }
- ret = PKCS12_parse(p12, pass, pkey, cert, ca);
- die:
- if (p12)
- PKCS12_free(p12);
- return ret;
- }
+ pem_password_cb *pem_cb, void *cb_data,
+ EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
+{
+ const char *pass;
+ char tpass[PEM_BUFSIZE];
+ int len, ret = 0;
+ PKCS12 *p12;
+ p12 = d2i_PKCS12_bio(in, NULL);
+ if (p12 == NULL) {
+ BIO_printf(err, "Error loading PKCS12 file for %s\n", desc);
+ goto die;
+ }
+ /* See if an empty password will do */
+ if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0))
+ pass = "";
+ else {
+ if (!pem_cb)
+ pem_cb = (pem_password_cb *)password_callback;
+ len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data);
+ if (len < 0) {
+ BIO_printf(err, "Passpharse callback error for %s\n", desc);
+ goto die;
+ }
+ if (len < PEM_BUFSIZE)
+ tpass[len] = 0;
+ if (!PKCS12_verify_mac(p12, tpass, len)) {
+ BIO_printf(err,
+ "Mac verify error (wrong password?) in PKCS12 file for %s\n",
+ desc);
+ goto die;
+ }
+ pass = tpass;
+ }
+ ret = PKCS12_parse(p12, pass, pkey, cert, ca);
+ die:
+ if (p12)
+ PKCS12_free(p12);
+ return ret;
+}
X509 *load_cert(BIO *err, const char *file, int format,
- const char *pass, ENGINE *e, const char *cert_descrip)
- {
- X509 *x=NULL;
- BIO *cert;
-
- if ((cert=BIO_new(BIO_s_file())) == NULL)
- {
- ERR_print_errors(err);
- goto end;
- }
-
- if (file == NULL)
- {
+ const char *pass, ENGINE *e, const char *cert_descrip)
+{
+ X509 *x = NULL;
+ BIO *cert;
+
+ if ((cert = BIO_new(BIO_s_file())) == NULL) {
+ ERR_print_errors(err);
+ goto end;
+ }
+
+ if (file == NULL) {
#ifdef _IONBF
# ifndef OPENSSL_NO_SETVBUF_IONBF
- setvbuf(stdin, NULL, _IONBF, 0);
-# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
-#endif
- BIO_set_fp(cert,stdin,BIO_NOCLOSE);
- }
- else
- {
- if (BIO_read_filename(cert,file) <= 0)
- {
- BIO_printf(err, "Error opening %s %s\n",
- cert_descrip, file);
- ERR_print_errors(err);
- goto end;
- }
- }
-
- if (format == FORMAT_ASN1)
- x=d2i_X509_bio(cert,NULL);
- else if (format == FORMAT_NETSCAPE)
- {
- NETSCAPE_X509 *nx;
- nx=ASN1_item_d2i_bio(ASN1_ITEM_rptr(NETSCAPE_X509),cert,NULL);
- if (nx == NULL)
- goto end;
-
- if ((strncmp(NETSCAPE_CERT_HDR,(char *)nx->header->data,
- nx->header->length) != 0))
- {
- NETSCAPE_X509_free(nx);
- BIO_printf(err,"Error reading header on certificate\n");
- goto end;
- }
- x=nx->cert;
- nx->cert = NULL;
- NETSCAPE_X509_free(nx);
- }
- else if (format == FORMAT_PEM)
- x=PEM_read_bio_X509_AUX(cert,NULL,
- (pem_password_cb *)password_callback, NULL);
- else if (format == FORMAT_PKCS12)
- {
- if (!load_pkcs12(err, cert,cert_descrip, NULL, NULL,
- NULL, &x, NULL))
- goto end;
- }
- else {
- BIO_printf(err,"bad input format specified for %s\n",
- cert_descrip);
- goto end;
- }
-end:
- if (x == NULL)
- {
- BIO_printf(err,"unable to load certificate\n");
- ERR_print_errors(err);
- }
- if (cert != NULL) BIO_free(cert);
- return(x);
- }
+ setvbuf(stdin, NULL, _IONBF, 0);
+# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
+#endif
+ BIO_set_fp(cert, stdin, BIO_NOCLOSE);
+ } else {
+ if (BIO_read_filename(cert, file) <= 0) {
+ BIO_printf(err, "Error opening %s %s\n", cert_descrip, file);
+ ERR_print_errors(err);
+ goto end;
+ }
+ }
+
+ if (format == FORMAT_ASN1)
+ x = d2i_X509_bio(cert, NULL);
+ else if (format == FORMAT_NETSCAPE) {
+ NETSCAPE_X509 *nx;
+ nx = ASN1_item_d2i_bio(ASN1_ITEM_rptr(NETSCAPE_X509), cert, NULL);
+ if (nx == NULL)
+ goto end;
+
+ if ((strncmp(NETSCAPE_CERT_HDR, (char *)nx->header->data,
+ nx->header->length) != 0)) {
+ NETSCAPE_X509_free(nx);
+ BIO_printf(err, "Error reading header on certificate\n");
+ goto end;
+ }
+ x = nx->cert;
+ nx->cert = NULL;
+ NETSCAPE_X509_free(nx);
+ } else if (format == FORMAT_PEM)
+ x = PEM_read_bio_X509_AUX(cert, NULL,
+ (pem_password_cb *)password_callback, NULL);
+ else if (format == FORMAT_PKCS12) {
+ if (!load_pkcs12(err, cert, cert_descrip, NULL, NULL, NULL, &x, NULL))
+ goto end;
+ } else {
+ BIO_printf(err, "bad input format specified for %s\n", cert_descrip);
+ goto end;
+ }
+ end:
+ if (x == NULL) {
+ BIO_printf(err, "unable to load certificate\n");
+ ERR_print_errors(err);
+ }
+ if (cert != NULL)
+ BIO_free(cert);
+ return (x);
+}
EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
- const char *pass, ENGINE *e, const char *key_descrip)
- {
- BIO *key=NULL;
- EVP_PKEY *pkey=NULL;
- PW_CB_DATA cb_data;
-
- cb_data.password = pass;
- cb_data.prompt_info = file;
-
- if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE))
- {
- BIO_printf(err,"no keyfile specified\n");
- goto end;
- }
+ const char *pass, ENGINE *e, const char *key_descrip)
+{
+ BIO *key = NULL;
+ EVP_PKEY *pkey = NULL;
+ PW_CB_DATA cb_data;
+
+ cb_data.password = pass;
+ cb_data.prompt_info = file;
+
+ if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE)) {
+ BIO_printf(err, "no keyfile specified\n");
+ goto end;
+ }
#ifndef OPENSSL_NO_ENGINE
- if (format == FORMAT_ENGINE)
- {
- if (!e)
- BIO_printf(err,"no engine specified\n");
- else
- {
- pkey = ENGINE_load_private_key(e, file,
- ui_method, &cb_data);
- if (!pkey)
- {
- BIO_printf(err,"cannot load %s from engine\n",key_descrip);
- ERR_print_errors(err);
- }
- }
- goto end;
- }
-#endif
- key=BIO_new(BIO_s_file());
- if (key == NULL)
- {
- ERR_print_errors(err);
- goto end;
- }
- if (file == NULL && maybe_stdin)
- {
+ if (format == FORMAT_ENGINE) {
+ if (!e)
+ BIO_printf(err, "no engine specified\n");
+ else {
+ pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data);
+ if (!pkey) {
+ BIO_printf(err, "cannot load %s from engine\n", key_descrip);
+ ERR_print_errors(err);
+ }
+ }
+ goto end;
+ }
+#endif
+ key = BIO_new(BIO_s_file());
+ if (key == NULL) {
+ ERR_print_errors(err);
+ goto end;
+ }
+ if (file == NULL && maybe_stdin) {
#ifdef _IONBF
# ifndef OPENSSL_NO_SETVBUF_IONBF
- setvbuf(stdin, NULL, _IONBF, 0);
-# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
-#endif
- BIO_set_fp(key,stdin,BIO_NOCLOSE);
- }
- else
- if (BIO_read_filename(key,file) <= 0)
- {
- BIO_printf(err, "Error opening %s %s\n",
- key_descrip, file);
- ERR_print_errors(err);
- goto end;
- }
- if (format == FORMAT_ASN1)
- {
- pkey=d2i_PrivateKey_bio(key, NULL);
- }
- else if (format == FORMAT_PEM)
- {
- pkey=PEM_read_bio_PrivateKey(key,NULL,
- (pem_password_cb *)password_callback, &cb_data);
- }
+ setvbuf(stdin, NULL, _IONBF, 0);
+# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
+#endif
+ BIO_set_fp(key, stdin, BIO_NOCLOSE);
+ } else if (BIO_read_filename(key, file) <= 0) {
+ BIO_printf(err, "Error opening %s %s\n", key_descrip, file);
+ ERR_print_errors(err);
+ goto end;
+ }
+ if (format == FORMAT_ASN1) {
+ pkey = d2i_PrivateKey_bio(key, NULL);
+ } else if (format == FORMAT_PEM) {
+ pkey = PEM_read_bio_PrivateKey(key, NULL,
+ (pem_password_cb *)password_callback,
+ &cb_data);
+ }
#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
- else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
- pkey = load_netscape_key(err, key, file, key_descrip, format);
-#endif
- else if (format == FORMAT_PKCS12)
- {
- if (!load_pkcs12(err, key, key_descrip,
- (pem_password_cb *)password_callback, &cb_data,
- &pkey, NULL, NULL))
- goto end;
- }
+ else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
+ pkey = load_netscape_key(err, key, file, key_descrip, format);
+#endif
+ else if (format == FORMAT_PKCS12) {
+ if (!load_pkcs12(err, key, key_descrip,
+ (pem_password_cb *)password_callback, &cb_data,
+ &pkey, NULL, NULL))
+ goto end;
+ }
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) && !defined (OPENSSL_NO_RC4)
- else if (format == FORMAT_MSBLOB)
- pkey = b2i_PrivateKey_bio(key);
- else if (format == FORMAT_PVK)
- pkey = b2i_PVK_bio(key, (pem_password_cb *)password_callback,
- &cb_data);
-#endif
- else
- {
- BIO_printf(err,"bad input format specified for key file\n");
- goto end;
- }
+ else if (format == FORMAT_MSBLOB)
+ pkey = b2i_PrivateKey_bio(key);
+ else if (format == FORMAT_PVK)
+ pkey = b2i_PVK_bio(key, (pem_password_cb *)password_callback,
+ &cb_data);
+#endif
+ else {
+ BIO_printf(err, "bad input format specified for key file\n");
+ goto end;
+ }
end:
- if (key != NULL) BIO_free(key);
- if (pkey == NULL)
- {
- BIO_printf(err,"unable to load %s\n", key_descrip);
- ERR_print_errors(err);
- }
- return(pkey);
- }
+ if (key != NULL)
+ BIO_free(key);
+ if (pkey == NULL) {
+ BIO_printf(err, "unable to load %s\n", key_descrip);
+ ERR_print_errors(err);
+ }
+ return (pkey);
+}
EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
- const char *pass, ENGINE *e, const char *key_descrip)
- {
- BIO *key=NULL;
- EVP_PKEY *pkey=NULL;
- PW_CB_DATA cb_data;
-
- cb_data.password = pass;
- cb_data.prompt_info = file;
-
- if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE))
- {
- BIO_printf(err,"no keyfile specified\n");
- goto end;
- }
+ const char *pass, ENGINE *e, const char *key_descrip)
+{
+ BIO *key = NULL;
+ EVP_PKEY *pkey = NULL;
+ PW_CB_DATA cb_data;
+
+ cb_data.password = pass;
+ cb_data.prompt_info = file;
+
+ if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE)) {
+ BIO_printf(err, "no keyfile specified\n");
+ goto end;
+ }
#ifndef OPENSSL_NO_ENGINE
- if (format == FORMAT_ENGINE)
- {
- if (!e)
- BIO_printf(bio_err,"no engine specified\n");
- else
- pkey = ENGINE_load_public_key(e, file,
- ui_method, &cb_data);
- goto end;
- }
-#endif
- key=BIO_new(BIO_s_file());
- if (key == NULL)
- {
- ERR_print_errors(err);
- goto end;
- }
- if (file == NULL && maybe_stdin)
- {
+ if (format == FORMAT_ENGINE) {
+ if (!e)
+ BIO_printf(bio_err, "no engine specified\n");
+ else
+ pkey = ENGINE_load_public_key(e, file, ui_method, &cb_data);
+ goto end;
+ }
+#endif
+ key = BIO_new(BIO_s_file());
+ if (key == NULL) {
+ ERR_print_errors(err);
+ goto end;
+ }
+ if (file == NULL && maybe_stdin) {
#ifdef _IONBF
# ifndef OPENSSL_NO_SETVBUF_IONBF
- setvbuf(stdin, NULL, _IONBF, 0);
-# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
-#endif
- BIO_set_fp(key,stdin,BIO_NOCLOSE);
- }
- else
- if (BIO_read_filename(key,file) <= 0)
- {
- BIO_printf(err, "Error opening %s %s\n",
- key_descrip, file);
- ERR_print_errors(err);
- goto end;
- }
- if (format == FORMAT_ASN1)
- {
- pkey=d2i_PUBKEY_bio(key, NULL);
- }
+ setvbuf(stdin, NULL, _IONBF, 0);
+# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
+#endif
+ BIO_set_fp(key, stdin, BIO_NOCLOSE);
+ } else if (BIO_read_filename(key, file) <= 0) {
+ BIO_printf(err, "Error opening %s %s\n", key_descrip, file);
+ ERR_print_errors(err);
+ goto end;
+ }
+ if (format == FORMAT_ASN1) {
+ pkey = d2i_PUBKEY_bio(key, NULL);
+ }
#ifndef OPENSSL_NO_RSA
- else if (format == FORMAT_ASN1RSA)
- {
- RSA *rsa;
- rsa = d2i_RSAPublicKey_bio(key, NULL);
- if (rsa)
- {
- pkey = EVP_PKEY_new();
- if (pkey)
- EVP_PKEY_set1_RSA(pkey, rsa);
- RSA_free(rsa);
- }
- else
- pkey = NULL;
- }
- else if (format == FORMAT_PEMRSA)
- {
- RSA *rsa;
- rsa = PEM_read_bio_RSAPublicKey(key, NULL,
- (pem_password_cb *)password_callback, &cb_data);
- if (rsa)
- {
- pkey = EVP_PKEY_new();
- if (pkey)
- EVP_PKEY_set1_RSA(pkey, rsa);
- RSA_free(rsa);
- }
- else
- pkey = NULL;
- }
-#endif
- else if (format == FORMAT_PEM)
- {
- pkey=PEM_read_bio_PUBKEY(key,NULL,
- (pem_password_cb *)password_callback, &cb_data);
- }
+ else if (format == FORMAT_ASN1RSA) {
+ RSA *rsa;
+ rsa = d2i_RSAPublicKey_bio(key, NULL);
+ if (rsa) {
+ pkey = EVP_PKEY_new();
+ if (pkey)
+ EVP_PKEY_set1_RSA(pkey, rsa);
+ RSA_free(rsa);
+ } else
+ pkey = NULL;
+ } else if (format == FORMAT_PEMRSA) {
+ RSA *rsa;
+ rsa = PEM_read_bio_RSAPublicKey(key, NULL,
+ (pem_password_cb *)password_callback,
+ &cb_data);
+ if (rsa) {
+ pkey = EVP_PKEY_new();
+ if (pkey)
+ EVP_PKEY_set1_RSA(pkey, rsa);
+ RSA_free(rsa);
+ } else
+ pkey = NULL;
+ }
+#endif
+ else if (format == FORMAT_PEM) {
+ pkey = PEM_read_bio_PUBKEY(key, NULL,
+ (pem_password_cb *)password_callback,
+ &cb_data);
+ }
#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
- else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
- pkey = load_netscape_key(err, key, file, key_descrip, format);
+ else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
+ pkey = load_netscape_key(err, key, file, key_descrip, format);
#endif
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
- else if (format == FORMAT_MSBLOB)
- pkey = b2i_PublicKey_bio(key);
+ else if (format == FORMAT_MSBLOB)
+ pkey = b2i_PublicKey_bio(key);
#endif
- else
- {
- BIO_printf(err,"bad input format specified for key file\n");
- goto end;
- }
+ else {
+ BIO_printf(err, "bad input format specified for key file\n");
+ goto end;
+ }
end:
- if (key != NULL) BIO_free(key);
- if (pkey == NULL)
- BIO_printf(err,"unable to load %s\n", key_descrip);
- return(pkey);
- }
+ if (key != NULL)
+ BIO_free(key);
+ if (pkey == NULL)
+ BIO_printf(err, "unable to load %s\n", key_descrip);
+ return (pkey);
+}
#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
-static EVP_PKEY *
-load_netscape_key(BIO *err, BIO *key, const char *file,
- const char *key_descrip, int format)
- {
- EVP_PKEY *pkey;
- BUF_MEM *buf;
- RSA *rsa;
- const unsigned char *p;
- int size, i;
-
- buf=BUF_MEM_new();
- pkey = EVP_PKEY_new();
- size = 0;
- if (buf == NULL || pkey == NULL)
- goto error;
- for (;;)
- {
- if (!BUF_MEM_grow_clean(buf,size+1024*10))
- goto error;
- i = BIO_read(key, &(buf->data[size]), 1024*10);
- size += i;
- if (i == 0)
- break;
- if (i < 0)
- {
- BIO_printf(err, "Error reading %s %s",
- key_descrip, file);
- goto error;
- }
- }
- p=(unsigned char *)buf->data;
- rsa = d2i_RSA_NET(NULL,&p,(long)size,NULL,
- (format == FORMAT_IISSGC ? 1 : 0));
- if (rsa == NULL)
- goto error;
- BUF_MEM_free(buf);
- EVP_PKEY_set1_RSA(pkey, rsa);
- return pkey;
-error:
- BUF_MEM_free(buf);
- EVP_PKEY_free(pkey);
- return NULL;
- }
-#endif /* ndef OPENSSL_NO_RC4 */
+static EVP_PKEY *load_netscape_key(BIO *err, BIO *key, const char *file,
+ const char *key_descrip, int format)
+{
+ EVP_PKEY *pkey;
+ BUF_MEM *buf;
+ RSA *rsa;
+ const unsigned char *p;
+ int size, i;
+
+ buf = BUF_MEM_new();
+ pkey = EVP_PKEY_new();
+ size = 0;
+ if (buf == NULL || pkey == NULL)
+ goto error;
+ for (;;) {
+ if (!BUF_MEM_grow_clean(buf, size + 1024 * 10))
+ goto error;
+ i = BIO_read(key, &(buf->data[size]), 1024 * 10);
+ size += i;
+ if (i == 0)
+ break;
+ if (i < 0) {
+ BIO_printf(err, "Error reading %s %s", key_descrip, file);
+ goto error;
+ }
+ }
+ p = (unsigned char *)buf->data;
+ rsa = d2i_RSA_NET(NULL, &p, (long)size, NULL,
+ (format == FORMAT_IISSGC ? 1 : 0));
+ if (rsa == NULL)
+ goto error;
+ BUF_MEM_free(buf);
+ EVP_PKEY_set1_RSA(pkey, rsa);
+ return pkey;
+ error:
+ BUF_MEM_free(buf);
+ EVP_PKEY_free(pkey);
+ return NULL;
+}
+#endif /* ndef OPENSSL_NO_RC4 */
static int load_certs_crls(BIO *err, const char *file, int format,
- const char *pass, ENGINE *e, const char *desc,
- STACK_OF(X509) **pcerts, STACK_OF(X509_CRL) **pcrls)
- {
- int i;
- BIO *bio;
- STACK_OF(X509_INFO) *xis = NULL;
- X509_INFO *xi;
- PW_CB_DATA cb_data;
- int rv = 0;
-
- cb_data.password = pass;
- cb_data.prompt_info = file;
-
- if (format != FORMAT_PEM)
- {
- BIO_printf(err,"bad input format specified for %s\n", desc);
- return 0;
- }
-
- if (file == NULL)
- bio = BIO_new_fp(stdin,BIO_NOCLOSE);
- else
- bio = BIO_new_file(file, "r");
-
- if (bio == NULL)
- {
- BIO_printf(err, "Error opening %s %s\n",
- desc, file ? file : "stdin");
- ERR_print_errors(err);
- return 0;
- }
-
- xis = PEM_X509_INFO_read_bio(bio, NULL,
- (pem_password_cb *)password_callback, &cb_data);
-
- BIO_free(bio);
-
- if (pcerts)
- {
- *pcerts = sk_X509_new_null();
- if (!*pcerts)
- goto end;
- }
-
- if (pcrls)
- {
- *pcrls = sk_X509_CRL_new_null();
- if (!*pcrls)
- goto end;
- }
-
- for(i = 0; i < sk_X509_INFO_num(xis); i++)
- {
- xi = sk_X509_INFO_value (xis, i);
- if (xi->x509 && pcerts)
- {
- if (!sk_X509_push(*pcerts, xi->x509))
- goto end;
- xi->x509 = NULL;
- }
- if (xi->crl && pcrls)
- {
- if (!sk_X509_CRL_push(*pcrls, xi->crl))
- goto end;
- xi->crl = NULL;
- }
- }
-
- if (pcerts && sk_X509_num(*pcerts) > 0)
- rv = 1;
-
- if (pcrls && sk_X509_CRL_num(*pcrls) > 0)
- rv = 1;
-
- end:
-
- if (xis)
- sk_X509_INFO_pop_free(xis, X509_INFO_free);
-
- if (rv == 0)
- {
- if (pcerts)
- {
- sk_X509_pop_free(*pcerts, X509_free);
- *pcerts = NULL;
- }
- if (pcrls)
- {
- sk_X509_CRL_pop_free(*pcrls, X509_CRL_free);
- *pcrls = NULL;
- }
- BIO_printf(err,"unable to load %s\n",
- pcerts ? "certificates" : "CRLs");
- ERR_print_errors(err);
- }
- return rv;
- }
+ const char *pass, ENGINE *e, const char *desc,
+ STACK_OF(X509) **pcerts,
+ STACK_OF(X509_CRL) **pcrls)
+{
+ int i;
+ BIO *bio;
+ STACK_OF(X509_INFO) *xis = NULL;
+ X509_INFO *xi;
+ PW_CB_DATA cb_data;
+ int rv = 0;
+
+ cb_data.password = pass;
+ cb_data.prompt_info = file;
+
+ if (format != FORMAT_PEM) {
+ BIO_printf(err, "bad input format specified for %s\n", desc);
+ return 0;
+ }
+
+ if (file == NULL)
+ bio = BIO_new_fp(stdin, BIO_NOCLOSE);
+ else
+ bio = BIO_new_file(file, "r");
+
+ if (bio == NULL) {
+ BIO_printf(err, "Error opening %s %s\n", desc, file ? file : "stdin");
+ ERR_print_errors(err);
+ return 0;
+ }
+
+ xis = PEM_X509_INFO_read_bio(bio, NULL,
+ (pem_password_cb *)password_callback,
+ &cb_data);
+
+ BIO_free(bio);
+
+ if (pcerts) {
+ *pcerts = sk_X509_new_null();
+ if (!*pcerts)
+ goto end;
+ }
+
+ if (pcrls) {
+ *pcrls = sk_X509_CRL_new_null();
+ if (!*pcrls)
+ goto end;
+ }
+
+ for (i = 0; i < sk_X509_INFO_num(xis); i++) {
+ xi = sk_X509_INFO_value(xis, i);
+ if (xi->x509 && pcerts) {
+ if (!sk_X509_push(*pcerts, xi->x509))
+ goto end;
+ xi->x509 = NULL;
+ }
+ if (xi->crl && pcrls) {
+ if (!sk_X509_CRL_push(*pcrls, xi->crl))
+ goto end;
+ xi->crl = NULL;
+ }
+ }
+
+ if (pcerts && sk_X509_num(*pcerts) > 0)
+ rv = 1;
+
+ if (pcrls && sk_X509_CRL_num(*pcrls) > 0)
+ rv = 1;
+
+ end:
+
+ if (xis)
+ sk_X509_INFO_pop_free(xis, X509_INFO_free);
+
+ if (rv == 0) {
+ if (pcerts) {
+ sk_X509_pop_free(*pcerts, X509_free);
+ *pcerts = NULL;
+ }
+ if (pcrls) {
+ sk_X509_CRL_pop_free(*pcrls, X509_CRL_free);
+ *pcrls = NULL;
+ }
+ BIO_printf(err, "unable to load %s\n",
+ pcerts ? "certificates" : "CRLs");
+ ERR_print_errors(err);
+ }
+ return rv;
+}
STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
- const char *pass, ENGINE *e, const char *desc)
- {
- STACK_OF(X509) *certs;
- if (!load_certs_crls(err, file, format, pass, e, desc, &certs, NULL))
- return NULL;
- return certs;
- }
+ const char *pass, ENGINE *e, const char *desc)
+{
+ STACK_OF(X509) *certs;
+ if (!load_certs_crls(err, file, format, pass, e, desc, &certs, NULL))
+ return NULL;
+ return certs;
+}
STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format,
- const char *pass, ENGINE *e, const char *desc)
- {
- STACK_OF(X509_CRL) *crls;
- if (!load_certs_crls(err, file, format, pass, e, desc, NULL, &crls))
- return NULL;
- return crls;
- }
-
-#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
+ const char *pass, ENGINE *e, const char *desc)
+{
+ STACK_OF(X509_CRL) *crls;
+ if (!load_certs_crls(err, file, format, pass, e, desc, NULL, &crls))
+ return NULL;
+ return crls;
+}
+
+#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
/* Return error for unknown extensions */
-#define X509V3_EXT_DEFAULT 0
+#define X509V3_EXT_DEFAULT 0
/* Print error for unknown extensions */
-#define X509V3_EXT_ERROR_UNKNOWN (1L << 16)
+#define X509V3_EXT_ERROR_UNKNOWN (1L << 16)
/* ASN1 parse unknown extensions */
-#define X509V3_EXT_PARSE_UNKNOWN (2L << 16)
+#define X509V3_EXT_PARSE_UNKNOWN (2L << 16)
/* BIO_dump unknown extensions */
-#define X509V3_EXT_DUMP_UNKNOWN (3L << 16)
+#define X509V3_EXT_DUMP_UNKNOWN (3L << 16)
#define X509_FLAG_CA (X509_FLAG_NO_ISSUER | X509_FLAG_NO_PUBKEY | \
- X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION)
+ X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION)
int set_cert_ex(unsigned long *flags, const char *arg)
{
- static const NAME_EX_TBL cert_tbl[] = {
- { "compatible", X509_FLAG_COMPAT, 0xffffffffl},
- { "ca_default", X509_FLAG_CA, 0xffffffffl},
- { "no_header", X509_FLAG_NO_HEADER, 0},
- { "no_version", X509_FLAG_NO_VERSION, 0},
- { "no_serial", X509_FLAG_NO_SERIAL, 0},
- { "no_signame", X509_FLAG_NO_SIGNAME, 0},
- { "no_validity", X509_FLAG_NO_VALIDITY, 0},
- { "no_subject", X509_FLAG_NO_SUBJECT, 0},
- { "no_issuer", X509_FLAG_NO_ISSUER, 0},
- { "no_pubkey", X509_FLAG_NO_PUBKEY, 0},
- { "no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
- { "no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
- { "no_aux", X509_FLAG_NO_AUX, 0},
- { "no_attributes", X509_FLAG_NO_ATTRIBUTES, 0},
- { "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
- { "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
- { "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
- { "ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
- { NULL, 0, 0}
- };
- return set_multi_opts(flags, arg, cert_tbl);
+ static const NAME_EX_TBL cert_tbl[] = {
+ {"compatible", X509_FLAG_COMPAT, 0xffffffffl},
+ {"ca_default", X509_FLAG_CA, 0xffffffffl},
+ {"no_header", X509_FLAG_NO_HEADER, 0},
+ {"no_version", X509_FLAG_NO_VERSION, 0},
+ {"no_serial", X509_FLAG_NO_SERIAL, 0},
+ {"no_signame", X509_FLAG_NO_SIGNAME, 0},
+ {"no_validity", X509_FLAG_NO_VALIDITY, 0},
+ {"no_subject", X509_FLAG_NO_SUBJECT, 0},
+ {"no_issuer", X509_FLAG_NO_ISSUER, 0},
+ {"no_pubkey", X509_FLAG_NO_PUBKEY, 0},
+ {"no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
+ {"no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
+ {"no_aux", X509_FLAG_NO_AUX, 0},
+ {"no_attributes", X509_FLAG_NO_ATTRIBUTES, 0},
+ {"ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
+ {"ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+ {"ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+ {"ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+ {NULL, 0, 0}
+ };
+ return set_multi_opts(flags, arg, cert_tbl);
}
int set_name_ex(unsigned long *flags, const char *arg)
{
- static const NAME_EX_TBL ex_tbl[] = {
- { "esc_2253", ASN1_STRFLGS_ESC_2253, 0},
- { "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
- { "esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
- { "use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
- { "utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},
- { "ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},
- { "show_type", ASN1_STRFLGS_SHOW_TYPE, 0},
- { "dump_all", ASN1_STRFLGS_DUMP_ALL, 0},
- { "dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},
- { "dump_der", ASN1_STRFLGS_DUMP_DER, 0},
- { "compat", XN_FLAG_COMPAT, 0xffffffffL},
- { "sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},
- { "sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},
- { "sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},
- { "sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},
- { "dn_rev", XN_FLAG_DN_REV, 0},
- { "nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
- { "sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
- { "lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
- { "align", XN_FLAG_FN_ALIGN, 0},
- { "oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
- { "space_eq", XN_FLAG_SPC_EQ, 0},
- { "dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
- { "RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
- { "oneline", XN_FLAG_ONELINE, 0xffffffffL},
- { "multiline", XN_FLAG_MULTILINE, 0xffffffffL},
- { "ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
- { NULL, 0, 0}
- };
- return set_multi_opts(flags, arg, ex_tbl);
+ static const NAME_EX_TBL ex_tbl[] = {
+ {"esc_2253", ASN1_STRFLGS_ESC_2253, 0},
+ {"esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
+ {"esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
+ {"use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
+ {"utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},
+ {"ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},
+ {"show_type", ASN1_STRFLGS_SHOW_TYPE, 0},
+ {"dump_all", ASN1_STRFLGS_DUMP_ALL, 0},
+ {"dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},
+ {"dump_der", ASN1_STRFLGS_DUMP_DER, 0},
+ {"compat", XN_FLAG_COMPAT, 0xffffffffL},
+ {"sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},
+ {"sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},
+ {"sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},
+ {"sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},
+ {"dn_rev", XN_FLAG_DN_REV, 0},
+ {"nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
+ {"sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
+ {"lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
+ {"align", XN_FLAG_FN_ALIGN, 0},
+ {"oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
+ {"space_eq", XN_FLAG_SPC_EQ, 0},
+ {"dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
+ {"RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
+ {"oneline", XN_FLAG_ONELINE, 0xffffffffL},
+ {"multiline", XN_FLAG_MULTILINE, 0xffffffffL},
+ {"ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
+ {NULL, 0, 0}
+ };
+ return set_multi_opts(flags, arg, ex_tbl);
}
int set_ext_copy(int *copy_type, const char *arg)
{
- if (!strcasecmp(arg, "none"))
- *copy_type = EXT_COPY_NONE;
- else if (!strcasecmp(arg, "copy"))
- *copy_type = EXT_COPY_ADD;
- else if (!strcasecmp(arg, "copyall"))
- *copy_type = EXT_COPY_ALL;
- else
- return 0;
- return 1;
+ if (!strcasecmp(arg, "none"))
+ *copy_type = EXT_COPY_NONE;
+ else if (!strcasecmp(arg, "copy"))
+ *copy_type = EXT_COPY_ADD;
+ else if (!strcasecmp(arg, "copyall"))
+ *copy_type = EXT_COPY_ALL;
+ else
+ return 0;
+ return 1;
}
int copy_extensions(X509 *x, X509_REQ *req, int copy_type)
{
- STACK_OF(X509_EXTENSION) *exts = NULL;
- X509_EXTENSION *ext, *tmpext;
- ASN1_OBJECT *obj;
- int i, idx, ret = 0;
- if (!x || !req || (copy_type == EXT_COPY_NONE))
- return 1;
- exts = X509_REQ_get_extensions(req);
-
- for(i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
- ext = sk_X509_EXTENSION_value(exts, i);
- obj = X509_EXTENSION_get_object(ext);
- idx = X509_get_ext_by_OBJ(x, obj, -1);
- /* Does extension exist? */
- if (idx != -1) {
- /* If normal copy don't override existing extension */
- if (copy_type == EXT_COPY_ADD)
- continue;
- /* Delete all extensions of same type */
- do {
- tmpext = X509_get_ext(x, idx);
- X509_delete_ext(x, idx);
- X509_EXTENSION_free(tmpext);
- idx = X509_get_ext_by_OBJ(x, obj, -1);
- } while (idx != -1);
- }
- if (!X509_add_ext(x, ext, -1))
- goto end;
- }
-
- ret = 1;
-
- end:
-
- sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
-
- return ret;
-}
-
-
-
-
-static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
-{
- STACK_OF(CONF_VALUE) *vals;
- CONF_VALUE *val;
- int i, ret = 1;
- if(!arg) return 0;
- vals = X509V3_parse_list(arg);
- for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
- val = sk_CONF_VALUE_value(vals, i);
- if (!set_table_opts(flags, val->name, in_tbl))
- ret = 0;
- }
- sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
- return ret;
-}
-
-static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
-{
- char c;
- const NAME_EX_TBL *ptbl;
- c = arg[0];
-
- if(c == '-') {
- c = 0;
- arg++;
- } else if (c == '+') {
- c = 1;
- arg++;
- } else c = 1;
-
- for(ptbl = in_tbl; ptbl->name; ptbl++) {
- if(!strcasecmp(arg, ptbl->name)) {
- *flags &= ~ptbl->mask;
- if(c) *flags |= ptbl->flag;
- else *flags &= ~ptbl->flag;
- return 1;
- }
- }
- return 0;
-}
-
-void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags)
-{
- char *buf;
- char mline = 0;
- int indent = 0;
-
- if(title) BIO_puts(out, title);
- if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
- mline = 1;
- indent = 4;
- }
- if(lflags == XN_FLAG_COMPAT) {
- buf = X509_NAME_oneline(nm, 0, 0);
- BIO_puts(out, buf);
- BIO_puts(out, "\n");
- OPENSSL_free(buf);
- } else {
- if(mline) BIO_puts(out, "\n");
- X509_NAME_print_ex(out, nm, indent, lflags);
- BIO_puts(out, "\n");
- }
+ STACK_OF(X509_EXTENSION) *exts = NULL;
+ X509_EXTENSION *ext, *tmpext;
+ ASN1_OBJECT *obj;
+ int i, idx, ret = 0;
+ if (!x || !req || (copy_type == EXT_COPY_NONE))
+ return 1;
+ exts = X509_REQ_get_extensions(req);
+
+ for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
+ ext = sk_X509_EXTENSION_value(exts, i);
+ obj = X509_EXTENSION_get_object(ext);
+ idx = X509_get_ext_by_OBJ(x, obj, -1);
+ /* Does extension exist? */
+ if (idx != -1) {
+ /* If normal copy don't override existing extension */
+ if (copy_type == EXT_COPY_ADD)
+ continue;
+ /* Delete all extensions of same type */
+ do {
+ tmpext = X509_get_ext(x, idx);
+ X509_delete_ext(x, idx);
+ X509_EXTENSION_free(tmpext);
+ idx = X509_get_ext_by_OBJ(x, obj, -1);
+ } while (idx != -1);
+ }
+ if (!X509_add_ext(x, ext, -1))
+ goto end;
+ }
+
+ ret = 1;
+
+ end:
+
+ sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+
+ return ret;
+}
+
+static int set_multi_opts(unsigned long *flags, const char *arg,
+ const NAME_EX_TBL * in_tbl)
+{
+ STACK_OF(CONF_VALUE) *vals;
+ CONF_VALUE *val;
+ int i, ret = 1;
+ if (!arg)
+ return 0;
+ vals = X509V3_parse_list(arg);
+ for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
+ val = sk_CONF_VALUE_value(vals, i);
+ if (!set_table_opts(flags, val->name, in_tbl))
+ ret = 0;
+ }
+ sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
+ return ret;
+}
+
+static int set_table_opts(unsigned long *flags, const char *arg,
+ const NAME_EX_TBL * in_tbl)
+{
+ char c;
+ const NAME_EX_TBL *ptbl;
+ c = arg[0];
+
+ if (c == '-') {
+ c = 0;
+ arg++;
+ } else if (c == '+') {
+ c = 1;
+ arg++;
+ } else
+ c = 1;
+
+ for (ptbl = in_tbl; ptbl->name; ptbl++) {
+ if (!strcasecmp(arg, ptbl->name)) {
+ *flags &= ~ptbl->mask;
+ if (c)
+ *flags |= ptbl->flag;
+ else
+ *flags &= ~ptbl->flag;
+ return 1;
+ }
+ }
+ return 0;
+}
+
+void print_name(BIO *out, const char *title, X509_NAME *nm,
+ unsigned long lflags)
+{
+ char *buf;
+ char mline = 0;
+ int indent = 0;
+
+ if (title)
+ BIO_puts(out, title);
+ if ((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+ mline = 1;
+ indent = 4;
+ }
+ if (lflags == XN_FLAG_COMPAT) {
+ buf = X509_NAME_oneline(nm, 0, 0);
+ BIO_puts(out, buf);
+ BIO_puts(out, "\n");
+ OPENSSL_free(buf);
+ } else {
+ if (mline)
+ BIO_puts(out, "\n");
+ X509_NAME_print_ex(out, nm, indent, lflags);
+ BIO_puts(out, "\n");
+ }
}
X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath)
{
- X509_STORE *store;
- X509_LOOKUP *lookup;
- if(!(store = X509_STORE_new())) goto end;
- lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
- if (lookup == NULL) goto end;
- if (CAfile) {
- if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) {
- BIO_printf(bp, "Error loading file %s\n", CAfile);
- goto end;
- }
- } else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
-
- lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
- if (lookup == NULL) goto end;
- if (CApath) {
- if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) {
- BIO_printf(bp, "Error loading directory %s\n", CApath);
- goto end;
- }
- } else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
-
- ERR_clear_error();
- return store;
- end:
- X509_STORE_free(store);
- return NULL;
+ X509_STORE *store;
+ X509_LOOKUP *lookup;
+ if (!(store = X509_STORE_new()))
+ goto end;
+ lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
+ if (lookup == NULL)
+ goto end;
+ if (CAfile) {
+ if (!X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM)) {
+ BIO_printf(bp, "Error loading file %s\n", CAfile);
+ goto end;
+ }
+ } else
+ X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
+
+ lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
+ if (lookup == NULL)
+ goto end;
+ if (CApath) {
+ if (!X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM)) {
+ BIO_printf(bp, "Error loading directory %s\n", CApath);
+ goto end;
+ }
+ } else
+ X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
+
+ ERR_clear_error();
+ return store;
+ end:
+ X509_STORE_free(store);
+ return NULL;
}
#ifndef OPENSSL_NO_ENGINE
/* Try to load an engine in a shareable library */
static ENGINE *try_load_engine(BIO *err, const char *engine, int debug)
- {
- ENGINE *e = ENGINE_by_id("dynamic");
- if (e)
- {
- if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0)
- || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
- {
- ENGINE_free(e);
- e = NULL;
- }
- }
- return e;
- }
+{
+ ENGINE *e = ENGINE_by_id("dynamic");
+ if (e) {
+ if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0)
+ || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)) {
+ ENGINE_free(e);
+ e = NULL;
+ }
+ }
+ return e;
+}
ENGINE *setup_engine(BIO *err, const char *engine, int debug)
- {
- ENGINE *e = NULL;
-
- if (engine)
- {
- if(strcmp(engine, "auto") == 0)
- {
- BIO_printf(err,"enabling auto ENGINE support\n");
- ENGINE_register_all_complete();
- return NULL;
- }
- if((e = ENGINE_by_id(engine)) == NULL
- && (e = try_load_engine(err, engine, debug)) == NULL)
- {
- BIO_printf(err,"invalid engine \"%s\"\n", engine);
- ERR_print_errors(err);
- return NULL;
- }
- if (debug)
- {
- ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
- 0, err, 0);
- }
- ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);
- if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
- {
- BIO_printf(err,"can't use that engine\n");
- ERR_print_errors(err);
- ENGINE_free(e);
- return NULL;
- }
-
- BIO_printf(err,"engine \"%s\" set.\n", ENGINE_get_id(e));
-
- /* Free our "structural" reference. */
- ENGINE_free(e);
- }
- return e;
+{
+ ENGINE *e = NULL;
+
+ if (engine) {
+ if (strcmp(engine, "auto") == 0) {
+ BIO_printf(err, "enabling auto ENGINE support\n");
+ ENGINE_register_all_complete();
+ return NULL;
+ }
+ if ((e = ENGINE_by_id(engine)) == NULL
+ && (e = try_load_engine(err, engine, debug)) == NULL) {
+ BIO_printf(err, "invalid engine \"%s\"\n", engine);
+ ERR_print_errors(err);
+ return NULL;
+ }
+ if (debug) {
+ ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM, 0, err, 0);
}
+ ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);
+ if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
+ BIO_printf(err, "can't use that engine\n");
+ ERR_print_errors(err);
+ ENGINE_free(e);
+ return NULL;
+ }
+
+ BIO_printf(err, "engine \"%s\" set.\n", ENGINE_get_id(e));
+
+ /* Free our "structural" reference. */
+ ENGINE_free(e);
+ }
+ return e;
+}
#endif
int load_config(BIO *err, CONF *cnf)
- {
- static int load_config_called = 0;
- if (load_config_called)
- return 1;
- load_config_called = 1;
- if (!cnf)
- cnf = config;
- if (!cnf)
- return 1;
-
- OPENSSL_load_builtin_modules();
-
- if (CONF_modules_load(cnf, NULL, 0) <= 0)
- {
- BIO_printf(err, "Error configuring OpenSSL\n");
- ERR_print_errors(err);
- return 0;
- }
- return 1;
- }
+{
+ static int load_config_called = 0;
+ if (load_config_called)
+ return 1;
+ load_config_called = 1;
+ if (!cnf)
+ cnf = config;
+ if (!cnf)
+ return 1;
+
+ OPENSSL_load_builtin_modules();
+
+ if (CONF_modules_load(cnf, NULL, 0) <= 0) {
+ BIO_printf(err, "Error configuring OpenSSL\n");
+ ERR_print_errors(err);
+ return 0;
+ }
+ return 1;
+}
char *make_config_name()
- {
- const char *t=X509_get_default_cert_area();
- size_t len;
- char *p;
-
- len=strlen(t)+strlen(OPENSSL_CONF)+2;
- p=OPENSSL_malloc(len);
- if (p == NULL)
- return NULL;
- BUF_strlcpy(p,t,len);
+{
+ const char *t = X509_get_default_cert_area();
+ size_t len;
+ char *p;
+
+ len = strlen(t) + strlen(OPENSSL_CONF) + 2;
+ p = OPENSSL_malloc(len);
+ if (p == NULL)
+ return NULL;
+ BUF_strlcpy(p, t, len);
#ifndef OPENSSL_SYS_VMS
- BUF_strlcat(p,"/",len);
+ BUF_strlcat(p, "/", len);
#endif
- BUF_strlcat(p,OPENSSL_CONF,len);
+ BUF_strlcat(p, OPENSSL_CONF, len);
- return p;
- }
+ return p;
+}
static unsigned long index_serial_hash(const OPENSSL_CSTRING *a)
- {
- const char *n;
+{
+ const char *n;
- n=a[DB_serial];
- while (*n == '0') n++;
- return(lh_strhash(n));
- }
+ n = a[DB_serial];
+ while (*n == '0')
+ n++;
+ return (lh_strhash(n));
+}
-static int index_serial_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
- {
- const char *aa,*bb;
+static int index_serial_cmp(const OPENSSL_CSTRING *a,
+ const OPENSSL_CSTRING *b)
+{
+ const char *aa, *bb;
- for (aa=a[DB_serial]; *aa == '0'; aa++);
- for (bb=b[DB_serial]; *bb == '0'; bb++);
- return(strcmp(aa,bb));
- }
+ for (aa = a[DB_serial]; *aa == '0'; aa++) ;
+ for (bb = b[DB_serial]; *bb == '0'; bb++) ;
+ return (strcmp(aa, bb));
+}
static int index_name_qual(char **a)
- { return(a[0][0] == 'V'); }
+{
+ return (a[0][0] == 'V');
+}
static unsigned long index_name_hash(const OPENSSL_CSTRING *a)
- { return(lh_strhash(a[DB_name])); }
+{
+ return (lh_strhash(a[DB_name]));
+}
int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
- { return(strcmp(a[DB_name], b[DB_name])); }
+{
+ return (strcmp(a[DB_name], b[DB_name]));
+}
static IMPLEMENT_LHASH_HASH_FN(index_serial, OPENSSL_CSTRING)
static IMPLEMENT_LHASH_COMP_FN(index_serial, OPENSSL_CSTRING)
static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING)
static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING)
-
#undef BSIZE
#define BSIZE 256
-
BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai)
- {
- BIO *in=NULL;
- BIGNUM *ret=NULL;
- MS_STATIC char buf[1024];
- ASN1_INTEGER *ai=NULL;
-
- ai=ASN1_INTEGER_new();
- if (ai == NULL) goto err;
-
- if ((in=BIO_new(BIO_s_file())) == NULL)
- {
- ERR_print_errors(bio_err);
- goto err;
- }
-
- if (BIO_read_filename(in,serialfile) <= 0)
- {
- if (!create)
- {
- perror(serialfile);
- goto err;
- }
- else
- {
- ret=BN_new();
- if (ret == NULL || !rand_serial(ret, ai))
- BIO_printf(bio_err, "Out of memory\n");
- }
- }
- else
- {
- if (!a2i_ASN1_INTEGER(in,ai,buf,1024))
- {
- BIO_printf(bio_err,"unable to load number from %s\n",
- serialfile);
- goto err;
- }
- ret=ASN1_INTEGER_to_BN(ai,NULL);
- if (ret == NULL)
- {
- BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");
- goto err;
- }
- }
-
- if (ret && retai)
- {
- *retai = ai;
- ai = NULL;
- }
+{
+ BIO *in = NULL;
+ BIGNUM *ret = NULL;
+ MS_STATIC char buf[1024];
+ ASN1_INTEGER *ai = NULL;
+
+ ai = ASN1_INTEGER_new();
+ if (ai == NULL)
+ goto err;
+
+ if ((in = BIO_new(BIO_s_file())) == NULL) {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ if (BIO_read_filename(in, serialfile) <= 0) {
+ if (!create) {
+ perror(serialfile);
+ goto err;
+ } else {
+ ret = BN_new();
+ if (ret == NULL || !rand_serial(ret, ai))
+ BIO_printf(bio_err, "Out of memory\n");
+ }
+ } else {
+ if (!a2i_ASN1_INTEGER(in, ai, buf, 1024)) {
+ BIO_printf(bio_err, "unable to load number from %s\n",
+ serialfile);
+ goto err;
+ }
+ ret = ASN1_INTEGER_to_BN(ai, NULL);
+ if (ret == NULL) {
+ BIO_printf(bio_err,
+ "error converting number from bin to BIGNUM\n");
+ goto err;
+ }
+ }
+
+ if (ret && retai) {
+ *retai = ai;
+ ai = NULL;
+ }
err:
- if (in != NULL) BIO_free(in);
- if (ai != NULL) ASN1_INTEGER_free(ai);
- return(ret);
- }
-
-int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai)
- {
- char buf[1][BSIZE];
- BIO *out = NULL;
- int ret=0;
- ASN1_INTEGER *ai=NULL;
- int j;
-
- if (suffix == NULL)
- j = strlen(serialfile);
- else
- j = strlen(serialfile) + strlen(suffix) + 1;
- if (j >= BSIZE)
- {
- BIO_printf(bio_err,"file name too long\n");
- goto err;
- }
-
- if (suffix == NULL)
- BUF_strlcpy(buf[0], serialfile, BSIZE);
- else
- {
+ if (in != NULL)
+ BIO_free(in);
+ if (ai != NULL)
+ ASN1_INTEGER_free(ai);
+ return (ret);
+}
+
+int save_serial(char *serialfile, char *suffix, BIGNUM *serial,
+ ASN1_INTEGER **retai)
+{
+ char buf[1][BSIZE];
+ BIO *out = NULL;
+ int ret = 0;
+ ASN1_INTEGER *ai = NULL;
+ int j;
+
+ if (suffix == NULL)
+ j = strlen(serialfile);
+ else
+ j = strlen(serialfile) + strlen(suffix) + 1;
+ if (j >= BSIZE) {
+ BIO_printf(bio_err, "file name too long\n");
+ goto err;
+ }
+
+ if (suffix == NULL)
+ BUF_strlcpy(buf[0], serialfile, BSIZE);
+ else {
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix);
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix);
#else
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);
#endif
- }
+ }
#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
-#endif
- out=BIO_new(BIO_s_file());
- if (out == NULL)
- {
- ERR_print_errors(bio_err);
- goto err;
- }
- if (BIO_write_filename(out,buf[0]) <= 0)
- {
- perror(serialfile);
- goto err;
- }
-
- if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL)
- {
- BIO_printf(bio_err,"error converting serial to ASN.1 format\n");
- goto err;
- }
- i2a_ASN1_INTEGER(out,ai);
- BIO_puts(out,"\n");
- ret=1;
- if (retai)
- {
- *retai = ai;
- ai = NULL;
- }
-err:
- if (out != NULL) BIO_free_all(out);
- if (ai != NULL) ASN1_INTEGER_free(ai);
- return(ret);
- }
+ BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
+#endif
+ out = BIO_new(BIO_s_file());
+ if (out == NULL) {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+ if (BIO_write_filename(out, buf[0]) <= 0) {
+ perror(serialfile);
+ goto err;
+ }
+
+ if ((ai = BN_to_ASN1_INTEGER(serial, NULL)) == NULL) {
+ BIO_printf(bio_err, "error converting serial to ASN.1 format\n");
+ goto err;
+ }
+ i2a_ASN1_INTEGER(out, ai);
+ BIO_puts(out, "\n");
+ ret = 1;
+ if (retai) {
+ *retai = ai;
+ ai = NULL;
+ }
+ err:
+ if (out != NULL)
+ BIO_free_all(out);
+ if (ai != NULL)
+ ASN1_INTEGER_free(ai);
+ return (ret);
+}
int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
- {
- char buf[5][BSIZE];
- int i,j;
-
- i = strlen(serialfile) + strlen(old_suffix);
- j = strlen(serialfile) + strlen(new_suffix);
- if (i > j) j = i;
- if (j + 1 >= BSIZE)
- {
- BIO_printf(bio_err,"file name too long\n");
- goto err;
- }
-
+{
+ char buf[5][BSIZE];
+ int i, j;
+
+ i = strlen(serialfile) + strlen(old_suffix);
+ j = strlen(serialfile) + strlen(new_suffix);
+ if (i > j)
+ j = i;
+ if (j + 1 >= BSIZE) {
+ BIO_printf(bio_err, "file name too long\n");
+ goto err;
+ }
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",
- serialfile, new_suffix);
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, new_suffix);
#else
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",
- serialfile, new_suffix);
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, new_suffix);
#endif
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",
- serialfile, old_suffix);
+ j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", serialfile, old_suffix);
#else
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
- serialfile, old_suffix);
+ j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", serialfile, old_suffix);
#endif
#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
- serialfile, buf[1]);
+ BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
+ serialfile, buf[1]);
#endif
- if (rename(serialfile,buf[1]) < 0 && errno != ENOENT
+ if (rename(serialfile, buf[1]) < 0 && errno != ENOENT
#ifdef ENOTDIR
- && errno != ENOTDIR
-#endif
- ) {
- BIO_printf(bio_err,
- "unable to rename %s to %s\n",
- serialfile, buf[1]);
- perror("reason");
- goto err;
- }
+ && errno != ENOTDIR
+#endif
+ ) {
+ BIO_printf(bio_err,
+ "unable to rename %s to %s\n", serialfile, buf[1]);
+ perror("reason");
+ goto err;
+ }
#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
- buf[0],serialfile);
-#endif
- if (rename(buf[0],serialfile) < 0)
- {
- BIO_printf(bio_err,
- "unable to rename %s to %s\n",
- buf[0],serialfile);
- perror("reason");
- rename(buf[1],serialfile);
- goto err;
- }
- return 1;
+ BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
+ buf[0], serialfile);
+#endif
+ if (rename(buf[0], serialfile) < 0) {
+ BIO_printf(bio_err,
+ "unable to rename %s to %s\n", buf[0], serialfile);
+ perror("reason");
+ rename(buf[1], serialfile);
+ goto err;
+ }
+ return 1;
err:
- return 0;
- }
+ return 0;
+}
int rand_serial(BIGNUM *b, ASN1_INTEGER *ai)
- {
- BIGNUM *btmp;
- int ret = 0;
- if (b)
- btmp = b;
- else
- btmp = BN_new();
-
- if (!btmp)
- return 0;
-
- if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0))
- goto error;
- if (ai && !BN_to_ASN1_INTEGER(btmp, ai))
- goto error;
-
- ret = 1;
-
- error:
-
- if (!b)
- BN_free(btmp);
-
- return ret;
- }
+{
+ BIGNUM *btmp;
+ int ret = 0;
+ if (b)
+ btmp = b;
+ else
+ btmp = BN_new();
+
+ if (!btmp)
+ return 0;
+
+ if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0))
+ goto error;
+ if (ai && !BN_to_ASN1_INTEGER(btmp, ai))
+ goto error;
+
+ ret = 1;
+
+ error:
+
+ if (!b)
+ BN_free(btmp);
+
+ return ret;
+}
CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
- {
- CA_DB *retdb = NULL;
- TXT_DB *tmpdb = NULL;
- BIO *in = BIO_new(BIO_s_file());
- CONF *dbattr_conf = NULL;
- char buf[1][BSIZE];
- long errorline= -1;
-
- if (in == NULL)
- {
- ERR_print_errors(bio_err);
- goto err;
- }
- if (BIO_read_filename(in,dbfile) <= 0)
- {
- perror(dbfile);
- BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
- goto err;
- }
- if ((tmpdb = TXT_DB_read(in,DB_NUMBER)) == NULL)
- goto err;
+{
+ CA_DB *retdb = NULL;
+ TXT_DB *tmpdb = NULL;
+ BIO *in = BIO_new(BIO_s_file());
+ CONF *dbattr_conf = NULL;
+ char buf[1][BSIZE];
+ long errorline = -1;
+
+ if (in == NULL) {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+ if (BIO_read_filename(in, dbfile) <= 0) {
+ perror(dbfile);
+ BIO_printf(bio_err, "unable to open '%s'\n", dbfile);
+ goto err;
+ }
+ if ((tmpdb = TXT_DB_read(in, DB_NUMBER)) == NULL)
+ goto err;
#ifndef OPENSSL_SYS_VMS
- BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile);
+ BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile);
#else
- BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile);
-#endif
- dbattr_conf = NCONF_new(NULL);
- if (NCONF_load(dbattr_conf,buf[0],&errorline) <= 0)
- {
- if (errorline > 0)
- {
- BIO_printf(bio_err,
- "error on line %ld of db attribute file '%s'\n"
- ,errorline,buf[0]);
- goto err;
- }
- else
- {
- NCONF_free(dbattr_conf);
- dbattr_conf = NULL;
- }
- }
-
- if ((retdb = OPENSSL_malloc(sizeof(CA_DB))) == NULL)
- {
- fprintf(stderr, "Out of memory\n");
- goto err;
- }
-
- retdb->db = tmpdb;
- tmpdb = NULL;
- if (db_attr)
- retdb->attributes = *db_attr;
- else
- {
- retdb->attributes.unique_subject = 1;
- }
-
- if (dbattr_conf)
- {
- char *p = NCONF_get_string(dbattr_conf,NULL,"unique_subject");
- if (p)
- {
+ BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile);
+#endif
+ dbattr_conf = NCONF_new(NULL);
+ if (NCONF_load(dbattr_conf, buf[0], &errorline) <= 0) {
+ if (errorline > 0) {
+ BIO_printf(bio_err,
+ "error on line %ld of db attribute file '%s'\n",
+ errorline, buf[0]);
+ goto err;
+ } else {
+ NCONF_free(dbattr_conf);
+ dbattr_conf = NULL;
+ }
+ }
+
+ if ((retdb = OPENSSL_malloc(sizeof(CA_DB))) == NULL) {
+ fprintf(stderr, "Out of memory\n");
+ goto err;
+ }
+
+ retdb->db = tmpdb;
+ tmpdb = NULL;
+ if (db_attr)
+ retdb->attributes = *db_attr;
+ else {
+ retdb->attributes.unique_subject = 1;
+ }
+
+ if (dbattr_conf) {
+ char *p = NCONF_get_string(dbattr_conf, NULL, "unique_subject");
+ if (p) {
#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG[load_index]: unique_subject = \"%s\"\n", p);
+ BIO_printf(bio_err,
+ "DEBUG[load_index]: unique_subject = \"%s\"\n", p);
#endif
- retdb->attributes.unique_subject = parse_yesno(p,1);
- }
- }
+ retdb->attributes.unique_subject = parse_yesno(p, 1);
+ }
+ }
err:
- if (dbattr_conf) NCONF_free(dbattr_conf);
- if (tmpdb) TXT_DB_free(tmpdb);
- if (in) BIO_free_all(in);
- return retdb;
- }
+ if (dbattr_conf)
+ NCONF_free(dbattr_conf);
+ if (tmpdb)
+ TXT_DB_free(tmpdb);
+ if (in)
+ BIO_free_all(in);
+ return retdb;
+}
int index_index(CA_DB *db)
- {
- if (!TXT_DB_create_index(db->db, DB_serial, NULL,
- LHASH_HASH_FN(index_serial),
- LHASH_COMP_FN(index_serial)))
- {
- BIO_printf(bio_err,
- "error creating serial number index:(%ld,%ld,%ld)\n",
- db->db->error,db->db->arg1,db->db->arg2);
- return 0;
- }
-
- if (db->attributes.unique_subject
- && !TXT_DB_create_index(db->db, DB_name, index_name_qual,
- LHASH_HASH_FN(index_name),
- LHASH_COMP_FN(index_name)))
- {
- BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
- db->db->error,db->db->arg1,db->db->arg2);
- return 0;
- }
- return 1;
- }
+{
+ if (!TXT_DB_create_index(db->db, DB_serial, NULL,
+ LHASH_HASH_FN(index_serial),
+ LHASH_COMP_FN(index_serial))) {
+ BIO_printf(bio_err,
+ "error creating serial number index:(%ld,%ld,%ld)\n",
+ db->db->error, db->db->arg1, db->db->arg2);
+ return 0;
+ }
+
+ if (db->attributes.unique_subject
+ && !TXT_DB_create_index(db->db, DB_name, index_name_qual,
+ LHASH_HASH_FN(index_name),
+ LHASH_COMP_FN(index_name))) {
+ BIO_printf(bio_err, "error creating name index:(%ld,%ld,%ld)\n",
+ db->db->error, db->db->arg1, db->db->arg2);
+ return 0;
+ }
+ return 1;
+}
int save_index(const char *dbfile, const char *suffix, CA_DB *db)
- {
- char buf[3][BSIZE];
- BIO *out = BIO_new(BIO_s_file());
- int j;
-
- if (out == NULL)
- {
- ERR_print_errors(bio_err);
- goto err;
- }
-
- j = strlen(dbfile) + strlen(suffix);
- if (j + 6 >= BSIZE)
- {
- BIO_printf(bio_err,"file name too long\n");
- goto err;
- }
-
+{
+ char buf[3][BSIZE];
+ BIO *out = BIO_new(BIO_s_file());
+ int j;
+
+ if (out == NULL) {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ j = strlen(dbfile) + strlen(suffix);
+ if (j + 6 >= BSIZE) {
+ BIO_printf(bio_err, "file name too long\n");
+ goto err;
+ }
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
+ j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
#else
- j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
+ j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
#endif
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
+ j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
#else
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
+ j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
#endif
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
#else
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);
#endif
#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
+ BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
#endif
- if (BIO_write_filename(out,buf[0]) <= 0)
- {
- perror(dbfile);
- BIO_printf(bio_err,"unable to open '%s'\n", dbfile);
- goto err;
- }
- j=TXT_DB_write(out,db->db);
- if (j <= 0) goto err;
-
- BIO_free(out);
-
- out = BIO_new(BIO_s_file());
+ if (BIO_write_filename(out, buf[0]) <= 0) {
+ perror(dbfile);
+ BIO_printf(bio_err, "unable to open '%s'\n", dbfile);
+ goto err;
+ }
+ j = TXT_DB_write(out, db->db);
+ if (j <= 0)
+ goto err;
+
+ BIO_free(out);
+
+ out = BIO_new(BIO_s_file());
#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[1]);
-#endif
- if (BIO_write_filename(out,buf[1]) <= 0)
- {
- perror(buf[2]);
- BIO_printf(bio_err,"unable to open '%s'\n", buf[2]);
- goto err;
- }
- BIO_printf(out,"unique_subject = %s\n",
- db->attributes.unique_subject ? "yes" : "no");
- BIO_free(out);
-
- return 1;
+ BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[1]);
+#endif
+ if (BIO_write_filename(out, buf[1]) <= 0) {
+ perror(buf[2]);
+ BIO_printf(bio_err, "unable to open '%s'\n", buf[2]);
+ goto err;
+ }
+ BIO_printf(out, "unique_subject = %s\n",
+ db->attributes.unique_subject ? "yes" : "no");
+ BIO_free(out);
+
+ return 1;
err:
- return 0;
- }
-
-int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix)
- {
- char buf[5][BSIZE];
- int i,j;
-
- i = strlen(dbfile) + strlen(old_suffix);
- j = strlen(dbfile) + strlen(new_suffix);
- if (i > j) j = i;
- if (j + 6 >= BSIZE)
- {
- BIO_printf(bio_err,"file name too long\n");
- goto err;
- }
+ return 0;
+}
+int rotate_index(const char *dbfile, const char *new_suffix,
+ const char *old_suffix)
+{
+ char buf[5][BSIZE];
+ int i, j;
+
+ i = strlen(dbfile) + strlen(old_suffix);
+ j = strlen(dbfile) + strlen(new_suffix);
+ if (i > j)
+ j = i;
+ if (j + 6 >= BSIZE) {
+ BIO_printf(bio_err, "file name too long\n");
+ goto err;
+ }
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
+ j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
#else
- j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
+ j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
#endif
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s",
- dbfile, new_suffix);
+ j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s", dbfile, new_suffix);
#else
- j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s",
- dbfile, new_suffix);
+ j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s", dbfile, new_suffix);
#endif
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",
- dbfile, new_suffix);
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, new_suffix);
#else
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",
- dbfile, new_suffix);
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, new_suffix);
#endif
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",
- dbfile, old_suffix);
+ j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", dbfile, old_suffix);
#else
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
- dbfile, old_suffix);
+ j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", dbfile, old_suffix);
#endif
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s",
- dbfile, old_suffix);
+ j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s", dbfile, old_suffix);
#else
- j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s",
- dbfile, old_suffix);
+ j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s", dbfile, old_suffix);
#endif
#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
- dbfile, buf[1]);
+ BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", dbfile, buf[1]);
#endif
- if (rename(dbfile,buf[1]) < 0 && errno != ENOENT
+ if (rename(dbfile, buf[1]) < 0 && errno != ENOENT
#ifdef ENOTDIR
- && errno != ENOTDIR
+ && errno != ENOTDIR
#endif
- ) {
- BIO_printf(bio_err,
- "unable to rename %s to %s\n",
- dbfile, buf[1]);
- perror("reason");
- goto err;
- }
+ ) {
+ BIO_printf(bio_err, "unable to rename %s to %s\n", dbfile, buf[1]);
+ perror("reason");
+ goto err;
+ }
#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
- buf[0],dbfile);
-#endif
- if (rename(buf[0],dbfile) < 0)
- {
- BIO_printf(bio_err,
- "unable to rename %s to %s\n",
- buf[0],dbfile);
- perror("reason");
- rename(buf[1],dbfile);
- goto err;
- }
+ BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[0], dbfile);
+#endif
+ if (rename(buf[0], dbfile) < 0) {
+ BIO_printf(bio_err, "unable to rename %s to %s\n", buf[0], dbfile);
+ perror("reason");
+ rename(buf[1], dbfile);
+ goto err;
+ }
#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
- buf[4],buf[3]);
+ BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[4], buf[3]);
#endif
- if (rename(buf[4],buf[3]) < 0 && errno != ENOENT
+ if (rename(buf[4], buf[3]) < 0 && errno != ENOENT
#ifdef ENOTDIR
- && errno != ENOTDIR
-#endif
- ) {
- BIO_printf(bio_err,
- "unable to rename %s to %s\n",
- buf[4], buf[3]);
- perror("reason");
- rename(dbfile,buf[0]);
- rename(buf[1],dbfile);
- goto err;
- }
+ && errno != ENOTDIR
+#endif
+ ) {
+ BIO_printf(bio_err, "unable to rename %s to %s\n", buf[4], buf[3]);
+ perror("reason");
+ rename(dbfile, buf[0]);
+ rename(buf[1], dbfile);
+ goto err;
+ }
#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
- buf[2],buf[4]);
-#endif
- if (rename(buf[2],buf[4]) < 0)
- {
- BIO_printf(bio_err,
- "unable to rename %s to %s\n",
- buf[2],buf[4]);
- perror("reason");
- rename(buf[3],buf[4]);
- rename(dbfile,buf[0]);
- rename(buf[1],dbfile);
- goto err;
- }
- return 1;
+ BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[2], buf[4]);
+#endif
+ if (rename(buf[2], buf[4]) < 0) {
+ BIO_printf(bio_err, "unable to rename %s to %s\n", buf[2], buf[4]);
+ perror("reason");
+ rename(buf[3], buf[4]);
+ rename(dbfile, buf[0]);
+ rename(buf[1], dbfile);
+ goto err;
+ }
+ return 1;
err:
- return 0;
- }
+ return 0;
+}
void free_index(CA_DB *db)
- {
- if (db)
- {
- if (db->db) TXT_DB_free(db->db);
- OPENSSL_free(db);
- }
- }
+{
+ if (db) {
+ if (db->db)
+ TXT_DB_free(db->db);
+ OPENSSL_free(db);
+ }
+}
int parse_yesno(const char *str, int def)
- {
- int ret = def;
- if (str)
- {
- switch (*str)
- {
- case 'f': /* false */
- case 'F': /* FALSE */
- case 'n': /* no */
- case 'N': /* NO */
- case '0': /* 0 */
- ret = 0;
- break;
- case 't': /* true */
- case 'T': /* TRUE */
- case 'y': /* yes */
- case 'Y': /* YES */
- case '1': /* 1 */
- ret = 1;
- break;
- default:
- ret = def;
- break;
- }
- }
- return ret;
- }
+{
+ int ret = def;
+ if (str) {
+ switch (*str) {
+ case 'f': /* false */
+ case 'F': /* FALSE */
+ case 'n': /* no */
+ case 'N': /* NO */
+ case '0': /* 0 */
+ ret = 0;
+ break;
+ case 't': /* true */
+ case 'T': /* TRUE */
+ case 'y': /* yes */
+ case 'Y': /* YES */
+ case '1': /* 1 */
+ ret = 1;
+ break;
+ default:
+ ret = def;
+ break;
+ }
+ }
+ return ret;
+}
/*
* subject is expected to be in the format /type0=value0/type1=value1/type2=...
* where characters may be escaped by \
*/
X509_NAME *parse_name(char *subject, long chtype, int multirdn)
- {
- size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */
- char *buf = OPENSSL_malloc(buflen);
- size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */
- char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *));
- char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *));
- int *mval = OPENSSL_malloc (max_ne * sizeof (int));
-
- char *sp = subject, *bp = buf;
- int i, ne_num = 0;
-
- X509_NAME *n = NULL;
- int nid;
-
- if (!buf || !ne_types || !ne_values || !mval)
- {
- BIO_printf(bio_err, "malloc error\n");
- goto error;
- }
-
- if (*subject != '/')
- {
- BIO_printf(bio_err, "Subject does not start with '/'.\n");
- goto error;
- }
- sp++; /* skip leading / */
-
- /* no multivalued RDN by default */
- mval[ne_num] = 0;
-
- while (*sp)
- {
- /* collect type */
- ne_types[ne_num] = bp;
- while (*sp)
- {
- if (*sp == '\\') /* is there anything to escape in the type...? */
- {
- if (*++sp)
- *bp++ = *sp++;
- else
- {
- BIO_printf(bio_err, "escape character at end of string\n");
- goto error;
- }
- }
- else if (*sp == '=')
- {
- sp++;
- *bp++ = '\0';
- break;
- }
- else
- *bp++ = *sp++;
- }
- if (!*sp)
- {
- BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num);
- goto error;
- }
- ne_values[ne_num] = bp;
- while (*sp)
- {
- if (*sp == '\\')
- {
- if (*++sp)
- *bp++ = *sp++;
- else
- {
- BIO_printf(bio_err, "escape character at end of string\n");
- goto error;
- }
- }
- else if (*sp == '/')
- {
- sp++;
- /* no multivalued RDN by default */
- mval[ne_num+1] = 0;
- break;
- }
- else if (*sp == '+' && multirdn)
- {
- /* a not escaped + signals a mutlivalued RDN */
- sp++;
- mval[ne_num+1] = -1;
- break;
- }
- else
- *bp++ = *sp++;
- }
- *bp++ = '\0';
- ne_num++;
- }
-
- if (!(n = X509_NAME_new()))
- goto error;
-
- for (i = 0; i < ne_num; i++)
- {
- if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef)
- {
- BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]);
- continue;
- }
-
- if (!*ne_values[i])
- {
- BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]);
- continue;
- }
-
- if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,mval[i]))
- goto error;
- }
-
- OPENSSL_free(ne_values);
- OPENSSL_free(ne_types);
- OPENSSL_free(buf);
- OPENSSL_free(mval);
- return n;
-
-error:
- X509_NAME_free(n);
- if (ne_values)
- OPENSSL_free(ne_values);
- if (ne_types)
- OPENSSL_free(ne_types);
- if (mval)
- OPENSSL_free(mval);
- if (buf)
- OPENSSL_free(buf);
- return NULL;
+{
+ size_t buflen = strlen(subject) + 1; /* to copy the types and values
+ * into. due to escaping, the copy
+ * can only become shorter */
+ char *buf = OPENSSL_malloc(buflen);
+ size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */
+ char **ne_types = OPENSSL_malloc(max_ne * sizeof(char *));
+ char **ne_values = OPENSSL_malloc(max_ne * sizeof(char *));
+ int *mval = OPENSSL_malloc(max_ne * sizeof(int));
+
+ char *sp = subject, *bp = buf;
+ int i, ne_num = 0;
+
+ X509_NAME *n = NULL;
+ int nid;
+
+ if (!buf || !ne_types || !ne_values || !mval) {
+ BIO_printf(bio_err, "malloc error\n");
+ goto error;
+ }
+
+ if (*subject != '/') {
+ BIO_printf(bio_err, "Subject does not start with '/'.\n");
+ goto error;
+ }
+ sp++; /* skip leading / */
+
+ /* no multivalued RDN by default */
+ mval[ne_num] = 0;
+
+ while (*sp) {
+ /* collect type */
+ ne_types[ne_num] = bp;
+ while (*sp) {
+ if (*sp == '\\') { /* is there anything to escape in the
+ * type...? */
+ if (*++sp)
+ *bp++ = *sp++;
+ else {
+ BIO_printf(bio_err,
+ "escape character at end of string\n");
+ goto error;
+ }
+ } else if (*sp == '=') {
+ sp++;
+ *bp++ = '\0';
+ break;
+ } else
+ *bp++ = *sp++;
+ }
+ if (!*sp) {
+ BIO_printf(bio_err,
+ "end of string encountered while processing type of subject name element #%d\n",
+ ne_num);
+ goto error;
+ }
+ ne_values[ne_num] = bp;
+ while (*sp) {
+ if (*sp == '\\') {
+ if (*++sp)
+ *bp++ = *sp++;
+ else {
+ BIO_printf(bio_err,
+ "escape character at end of string\n");
+ goto error;
+ }
+ } else if (*sp == '/') {
+ sp++;
+ /* no multivalued RDN by default */
+ mval[ne_num + 1] = 0;
+ break;
+ } else if (*sp == '+' && multirdn) {
+ /*
+ * a not escaped + signals a mutlivalued RDN
+ */
+ sp++;
+ mval[ne_num + 1] = -1;
+ break;
+ } else
+ *bp++ = *sp++;
+ }
+ *bp++ = '\0';
+ ne_num++;
+ }
+
+ if (!(n = X509_NAME_new()))
+ goto error;
+
+ for (i = 0; i < ne_num; i++) {
+ if ((nid = OBJ_txt2nid(ne_types[i])) == NID_undef) {
+ BIO_printf(bio_err,
+ "Subject Attribute %s has no known NID, skipped\n",
+ ne_types[i]);
+ continue;
+ }
+
+ if (!*ne_values[i]) {
+ BIO_printf(bio_err,
+ "No value provided for Subject Attribute %s, skipped\n",
+ ne_types[i]);
+ continue;
+ }
+
+ if (!X509_NAME_add_entry_by_NID
+ (n, nid, chtype, (unsigned char *)ne_values[i], -1, -1, mval[i]))
+ goto error;
+ }
+
+ OPENSSL_free(ne_values);
+ OPENSSL_free(ne_types);
+ OPENSSL_free(buf);
+ OPENSSL_free(mval);
+ return n;
+
+ error:
+ X509_NAME_free(n);
+ if (ne_values)
+ OPENSSL_free(ne_values);
+ if (ne_types)
+ OPENSSL_free(ne_types);
+ if (mval)
+ OPENSSL_free(mval);
+ if (buf)
+ OPENSSL_free(buf);
+ return NULL;
}
int args_verify(char ***pargs, int *pargc,
- int *badarg, BIO *err, X509_VERIFY_PARAM **pm)
- {
- ASN1_OBJECT *otmp = NULL;
- unsigned long flags = 0;
- int i;
- int purpose = 0, depth = -1;
- char **oldargs = *pargs;
- char *arg = **pargs, *argn = (*pargs)[1];
- time_t at_time = 0;
- if (!strcmp(arg, "-policy"))
- {
- if (!argn)
- *badarg = 1;
- else
- {
- otmp = OBJ_txt2obj(argn, 0);
- if (!otmp)
- {
- BIO_printf(err, "Invalid Policy \"%s\"\n",
- argn);
- *badarg = 1;
- }
- }
- (*pargs)++;
- }
- else if (strcmp(arg,"-purpose") == 0)
- {
- X509_PURPOSE *xptmp;
- if (!argn)
- *badarg = 1;
- else
- {
- i = X509_PURPOSE_get_by_sname(argn);
- if(i < 0)
- {
- BIO_printf(err, "unrecognized purpose\n");
- *badarg = 1;
- }
- else
- {
- xptmp = X509_PURPOSE_get0(i);
- purpose = X509_PURPOSE_get_id(xptmp);
- }
- }
- (*pargs)++;
- }
- else if (strcmp(arg,"-verify_depth") == 0)
- {
- if (!argn)
- *badarg = 1;
- else
- {
- depth = atoi(argn);
- if(depth < 0)
- {
- BIO_printf(err, "invalid depth\n");
- *badarg = 1;
- }
- }
- (*pargs)++;
- }
- else if (strcmp(arg,"-attime") == 0)
- {
- if (!argn)
- *badarg = 1;
- else
- {
- long timestamp;
- /* interpret the -attime argument as seconds since
- * Epoch */
- if (sscanf(argn, "%li", &timestamp) != 1)
- {
- BIO_printf(bio_err,
- "Error parsing timestamp %s\n",
- argn);
- *badarg = 1;
- }
- /* on some platforms time_t may be a float */
- at_time = (time_t) timestamp;
- }
- (*pargs)++;
- }
- else if (!strcmp(arg, "-ignore_critical"))
- flags |= X509_V_FLAG_IGNORE_CRITICAL;
- else if (!strcmp(arg, "-issuer_checks"))
- flags |= X509_V_FLAG_CB_ISSUER_CHECK;
- else if (!strcmp(arg, "-crl_check"))
- flags |= X509_V_FLAG_CRL_CHECK;
- else if (!strcmp(arg, "-crl_check_all"))
- flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
- else if (!strcmp(arg, "-policy_check"))
- flags |= X509_V_FLAG_POLICY_CHECK;
- else if (!strcmp(arg, "-explicit_policy"))
- flags |= X509_V_FLAG_EXPLICIT_POLICY;
- else if (!strcmp(arg, "-inhibit_any"))
- flags |= X509_V_FLAG_INHIBIT_ANY;
- else if (!strcmp(arg, "-inhibit_map"))
- flags |= X509_V_FLAG_INHIBIT_MAP;
- else if (!strcmp(arg, "-x509_strict"))
- flags |= X509_V_FLAG_X509_STRICT;
- else if (!strcmp(arg, "-extended_crl"))
- flags |= X509_V_FLAG_EXTENDED_CRL_SUPPORT;
- else if (!strcmp(arg, "-use_deltas"))
- flags |= X509_V_FLAG_USE_DELTAS;
- else if (!strcmp(arg, "-policy_print"))
- flags |= X509_V_FLAG_NOTIFY_POLICY;
- else if (!strcmp(arg, "-check_ss_sig"))
- flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
- else
- return 0;
-
- if (*badarg)
- {
- if (*pm)
- X509_VERIFY_PARAM_free(*pm);
- *pm = NULL;
- goto end;
- }
-
- if (!*pm && !(*pm = X509_VERIFY_PARAM_new()))
- {
- *badarg = 1;
- goto end;
- }
-
- if (otmp)
- X509_VERIFY_PARAM_add0_policy(*pm, otmp);
- if (flags)
- X509_VERIFY_PARAM_set_flags(*pm, flags);
-
- if (purpose)
- X509_VERIFY_PARAM_set_purpose(*pm, purpose);
-
- if (depth >= 0)
- X509_VERIFY_PARAM_set_depth(*pm, depth);
-
- if (at_time)
- X509_VERIFY_PARAM_set_time(*pm, at_time);
-
- end:
-
- (*pargs)++;
-
- if (pargc)
- *pargc -= *pargs - oldargs;
-
- return 1;
-
- }
-
-/* Read whole contents of a BIO into an allocated memory buffer and
- * return it.
+ int *badarg, BIO *err, X509_VERIFY_PARAM **pm)
+{
+ ASN1_OBJECT *otmp = NULL;
+ unsigned long flags = 0;
+ int i;
+ int purpose = 0, depth = -1;
+ char **oldargs = *pargs;
+ char *arg = **pargs, *argn = (*pargs)[1];
+ time_t at_time = 0;
+ if (!strcmp(arg, "-policy")) {
+ if (!argn)
+ *badarg = 1;
+ else {
+ otmp = OBJ_txt2obj(argn, 0);
+ if (!otmp) {
+ BIO_printf(err, "Invalid Policy \"%s\"\n", argn);
+ *badarg = 1;
+ }
+ }
+ (*pargs)++;
+ } else if (strcmp(arg, "-purpose") == 0) {
+ X509_PURPOSE *xptmp;
+ if (!argn)
+ *badarg = 1;
+ else {
+ i = X509_PURPOSE_get_by_sname(argn);
+ if (i < 0) {
+ BIO_printf(err, "unrecognized purpose\n");
+ *badarg = 1;
+ } else {
+ xptmp = X509_PURPOSE_get0(i);
+ purpose = X509_PURPOSE_get_id(xptmp);
+ }
+ }
+ (*pargs)++;
+ } else if (strcmp(arg, "-verify_depth") == 0) {
+ if (!argn)
+ *badarg = 1;
+ else {
+ depth = atoi(argn);
+ if (depth < 0) {
+ BIO_printf(err, "invalid depth\n");
+ *badarg = 1;
+ }
+ }
+ (*pargs)++;
+ } else if (strcmp(arg, "-attime") == 0) {
+ if (!argn)
+ *badarg = 1;
+ else {
+ long timestamp;
+ /*
+ * interpret the -attime argument as seconds since Epoch
+ */
+ if (sscanf(argn, "%li", &timestamp) != 1) {
+ BIO_printf(bio_err, "Error parsing timestamp %s\n", argn);
+ *badarg = 1;
+ }
+ /* on some platforms time_t may be a float */
+ at_time = (time_t)timestamp;
+ }
+ (*pargs)++;
+ } else if (!strcmp(arg, "-ignore_critical"))
+ flags |= X509_V_FLAG_IGNORE_CRITICAL;
+ else if (!strcmp(arg, "-issuer_checks"))
+ flags |= X509_V_FLAG_CB_ISSUER_CHECK;
+ else if (!strcmp(arg, "-crl_check"))
+ flags |= X509_V_FLAG_CRL_CHECK;
+ else if (!strcmp(arg, "-crl_check_all"))
+ flags |= X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL;
+ else if (!strcmp(arg, "-policy_check"))
+ flags |= X509_V_FLAG_POLICY_CHECK;
+ else if (!strcmp(arg, "-explicit_policy"))
+ flags |= X509_V_FLAG_EXPLICIT_POLICY;
+ else if (!strcmp(arg, "-inhibit_any"))
+ flags |= X509_V_FLAG_INHIBIT_ANY;
+ else if (!strcmp(arg, "-inhibit_map"))
+ flags |= X509_V_FLAG_INHIBIT_MAP;
+ else if (!strcmp(arg, "-x509_strict"))
+ flags |= X509_V_FLAG_X509_STRICT;
+ else if (!strcmp(arg, "-extended_crl"))
+ flags |= X509_V_FLAG_EXTENDED_CRL_SUPPORT;
+ else if (!strcmp(arg, "-use_deltas"))
+ flags |= X509_V_FLAG_USE_DELTAS;
+ else if (!strcmp(arg, "-policy_print"))
+ flags |= X509_V_FLAG_NOTIFY_POLICY;
+ else if (!strcmp(arg, "-check_ss_sig"))
+ flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
+ else
+ return 0;
+
+ if (*badarg) {
+ if (*pm)
+ X509_VERIFY_PARAM_free(*pm);
+ *pm = NULL;
+ goto end;
+ }
+
+ if (!*pm && !(*pm = X509_VERIFY_PARAM_new())) {
+ *badarg = 1;
+ goto end;
+ }
+
+ if (otmp)
+ X509_VERIFY_PARAM_add0_policy(*pm, otmp);
+ if (flags)
+ X509_VERIFY_PARAM_set_flags(*pm, flags);
+
+ if (purpose)
+ X509_VERIFY_PARAM_set_purpose(*pm, purpose);
+
+ if (depth >= 0)
+ X509_VERIFY_PARAM_set_depth(*pm, depth);
+
+ if (at_time)
+ X509_VERIFY_PARAM_set_time(*pm, at_time);
+
+ end:
+
+ (*pargs)++;
+
+ if (pargc)
+ *pargc -= *pargs - oldargs;
+
+ return 1;
+
+}
+
+/*
+ * Read whole contents of a BIO into an allocated memory buffer and return
+ * it.
*/
int bio_to_mem(unsigned char **out, int maxlen, BIO *in)
- {
- BIO *mem;
- int len, ret;
- unsigned char tbuf[1024];
- mem = BIO_new(BIO_s_mem());
- if (!mem)
- return -1;
- for(;;)
- {
- if ((maxlen != -1) && maxlen < 1024)
- len = maxlen;
- else
- len = 1024;
- len = BIO_read(in, tbuf, len);
- if (len <= 0)
- break;
- if (BIO_write(mem, tbuf, len) != len)
- {
- BIO_free(mem);
- return -1;
- }
- maxlen -= len;
-
- if (maxlen == 0)
- break;
- }
- ret = BIO_get_mem_data(mem, (char **)out);
- BIO_set_flags(mem, BIO_FLAGS_MEM_RDONLY);
- BIO_free(mem);
- return ret;
- }
+{
+ BIO *mem;
+ int len, ret;
+ unsigned char tbuf[1024];
+ mem = BIO_new(BIO_s_mem());
+ if (!mem)
+ return -1;
+ for (;;) {
+ if ((maxlen != -1) && maxlen < 1024)
+ len = maxlen;
+ else
+ len = 1024;
+ len = BIO_read(in, tbuf, len);
+ if (len <= 0)
+ break;
+ if (BIO_write(mem, tbuf, len) != len) {
+ BIO_free(mem);
+ return -1;
+ }
+ maxlen -= len;
+
+ if (maxlen == 0)
+ break;
+ }
+ ret = BIO_get_mem_data(mem, (char **)out);
+ BIO_set_flags(mem, BIO_FLAGS_MEM_RDONLY);
+ BIO_free(mem);
+ return ret;
+}
int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value)
- {
- int rv;
- char *stmp, *vtmp = NULL;
- stmp = BUF_strdup(value);
- if (!stmp)
- return -1;
- vtmp = strchr(stmp, ':');
- if (vtmp)
- {
- *vtmp = 0;
- vtmp++;
- }
- rv = EVP_PKEY_CTX_ctrl_str(ctx, stmp, vtmp);
- OPENSSL_free(stmp);
- return rv;
- }
+{
+ int rv;
+ char *stmp, *vtmp = NULL;
+ stmp = BUF_strdup(value);
+ if (!stmp)
+ return -1;
+ vtmp = strchr(stmp, ':');
+ if (vtmp) {
+ *vtmp = 0;
+ vtmp++;
+ }
+ rv = EVP_PKEY_CTX_ctrl_str(ctx, stmp, vtmp);
+ OPENSSL_free(stmp);
+ return rv;
+}
static void nodes_print(BIO *out, const char *name,
- STACK_OF(X509_POLICY_NODE) *nodes)
- {
- X509_POLICY_NODE *node;
- int i;
- BIO_printf(out, "%s Policies:", name);
- if (nodes)
- {
- BIO_puts(out, "\n");
- for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++)
- {
- node = sk_X509_POLICY_NODE_value(nodes, i);
- X509_POLICY_NODE_print(out, node, 2);
- }
- }
- else
- BIO_puts(out, " <empty>\n");
- }
+ STACK_OF(X509_POLICY_NODE) *nodes)
+{
+ X509_POLICY_NODE *node;
+ int i;
+ BIO_printf(out, "%s Policies:", name);
+ if (nodes) {
+ BIO_puts(out, "\n");
+ for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++) {
+ node = sk_X509_POLICY_NODE_value(nodes, i);
+ X509_POLICY_NODE_print(out, node, 2);
+ }
+ } else
+ BIO_puts(out, " <empty>\n");
+}
void policies_print(BIO *out, X509_STORE_CTX *ctx)
- {
- X509_POLICY_TREE *tree;
- int explicit_policy;
- int free_out = 0;
- if (out == NULL)
- {
- out = BIO_new_fp(stderr, BIO_NOCLOSE);
- free_out = 1;
- }
- tree = X509_STORE_CTX_get0_policy_tree(ctx);
- explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx);
-
- BIO_printf(out, "Require explicit Policy: %s\n",
- explicit_policy ? "True" : "False");
-
- nodes_print(out, "Authority", X509_policy_tree_get0_policies(tree));
- nodes_print(out, "User", X509_policy_tree_get0_user_policies(tree));
- if (free_out)
- BIO_free(out);
- }
+{
+ X509_POLICY_TREE *tree;
+ int explicit_policy;
+ int free_out = 0;
+ if (out == NULL) {
+ out = BIO_new_fp(stderr, BIO_NOCLOSE);
+ free_out = 1;
+ }
+ tree = X509_STORE_CTX_get0_policy_tree(ctx);
+ explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx);
+
+ BIO_printf(out, "Require explicit Policy: %s\n",
+ explicit_policy ? "True" : "False");
+
+ nodes_print(out, "Authority", X509_policy_tree_get0_policies(tree));
+ nodes_print(out, "User", X509_policy_tree_get0_user_policies(tree));
+ if (free_out)
+ BIO_free(out);
+}
#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
static JPAKE_CTX *jpake_init(const char *us, const char *them,
- const char *secret)
- {
- BIGNUM *p = NULL;
- BIGNUM *g = NULL;
- BIGNUM *q = NULL;
- BIGNUM *bnsecret = BN_new();
- JPAKE_CTX *ctx;
-
- /* Use a safe prime for p (that we found earlier) */
- BN_hex2bn(&p, "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F");
- g = BN_new();
- BN_set_word(g, 2);
- q = BN_new();
- BN_rshift1(q, p);
-
- BN_bin2bn((const unsigned char *)secret, strlen(secret), bnsecret);
-
- ctx = JPAKE_CTX_new(us, them, p, g, q, bnsecret);
- BN_free(bnsecret);
- BN_free(q);
- BN_free(g);
- BN_free(p);
-
- return ctx;
- }
+ const char *secret)
+{
+ BIGNUM *p = NULL;
+ BIGNUM *g = NULL;
+ BIGNUM *q = NULL;
+ BIGNUM *bnsecret = BN_new();
+ JPAKE_CTX *ctx;
+
+ /* Use a safe prime for p (that we found earlier) */
+ BN_hex2bn(&p,
+ "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F");
+ g = BN_new();
+ BN_set_word(g, 2);
+ q = BN_new();
+ BN_rshift1(q, p);
+
+ BN_bin2bn((const unsigned char *)secret, strlen(secret), bnsecret);
+
+ ctx = JPAKE_CTX_new(us, them, p, g, q, bnsecret);
+ BN_free(bnsecret);
+ BN_free(q);
+ BN_free(g);
+ BN_free(p);
+
+ return ctx;
+}
static void jpake_send_part(BIO *conn, const JPAKE_STEP_PART *p)
- {
- BN_print(conn, p->gx);
- BIO_puts(conn, "\n");
- BN_print(conn, p->zkpx.gr);
- BIO_puts(conn, "\n");
- BN_print(conn, p->zkpx.b);
- BIO_puts(conn, "\n");
- }
+{
+ BN_print(conn, p->gx);
+ BIO_puts(conn, "\n");
+ BN_print(conn, p->zkpx.gr);
+ BIO_puts(conn, "\n");
+ BN_print(conn, p->zkpx.b);
+ BIO_puts(conn, "\n");
+}
static void jpake_send_step1(BIO *bconn, JPAKE_CTX *ctx)
- {
- JPAKE_STEP1 s1;
-
- JPAKE_STEP1_init(&s1);
- JPAKE_STEP1_generate(&s1, ctx);
- jpake_send_part(bconn, &s1.p1);
- jpake_send_part(bconn, &s1.p2);
- (void)BIO_flush(bconn);
- JPAKE_STEP1_release(&s1);
- }
+{
+ JPAKE_STEP1 s1;
+
+ JPAKE_STEP1_init(&s1);
+ JPAKE_STEP1_generate(&s1, ctx);
+ jpake_send_part(bconn, &s1.p1);
+ jpake_send_part(bconn, &s1.p2);
+ (void)BIO_flush(bconn);
+ JPAKE_STEP1_release(&s1);
+}
static void jpake_send_step2(BIO *bconn, JPAKE_CTX *ctx)
- {
- JPAKE_STEP2 s2;
+{
+ JPAKE_STEP2 s2;
- JPAKE_STEP2_init(&s2);
- JPAKE_STEP2_generate(&s2, ctx);
- jpake_send_part(bconn, &s2);
- (void)BIO_flush(bconn);
- JPAKE_STEP2_release(&s2);
- }
+ JPAKE_STEP2_init(&s2);
+ JPAKE_STEP2_generate(&s2, ctx);
+ jpake_send_part(bconn, &s2);
+ (void)BIO_flush(bconn);
+ JPAKE_STEP2_release(&s2);
+}
static void jpake_send_step3a(BIO *bconn, JPAKE_CTX *ctx)
- {
- JPAKE_STEP3A s3a;
+{
+ JPAKE_STEP3A s3a;
- JPAKE_STEP3A_init(&s3a);
- JPAKE_STEP3A_generate(&s3a, ctx);
- BIO_write(bconn, s3a.hhk, sizeof s3a.hhk);
- (void)BIO_flush(bconn);
- JPAKE_STEP3A_release(&s3a);
- }
+ JPAKE_STEP3A_init(&s3a);
+ JPAKE_STEP3A_generate(&s3a, ctx);
+ BIO_write(bconn, s3a.hhk, sizeof s3a.hhk);
+ (void)BIO_flush(bconn);
+ JPAKE_STEP3A_release(&s3a);
+}
static void jpake_send_step3b(BIO *bconn, JPAKE_CTX *ctx)
- {
- JPAKE_STEP3B s3b;
+{
+ JPAKE_STEP3B s3b;
- JPAKE_STEP3B_init(&s3b);
- JPAKE_STEP3B_generate(&s3b, ctx);
- BIO_write(bconn, s3b.hk, sizeof s3b.hk);
- (void)BIO_flush(bconn);
- JPAKE_STEP3B_release(&s3b);
- }
+ JPAKE_STEP3B_init(&s3b);
+ JPAKE_STEP3B_generate(&s3b, ctx);
+ BIO_write(bconn, s3b.hk, sizeof s3b.hk);
+ (void)BIO_flush(bconn);
+ JPAKE_STEP3B_release(&s3b);
+}
static void readbn(BIGNUM **bn, BIO *bconn)
- {
- char buf[10240];
- int l;
-
- l = BIO_gets(bconn, buf, sizeof buf);
- assert(l > 0);
- assert(buf[l-1] == '\n');
- buf[l-1] = '\0';
- BN_hex2bn(bn, buf);
- }
+{
+ char buf[10240];
+ int l;
+
+ l = BIO_gets(bconn, buf, sizeof buf);
+ assert(l > 0);
+ assert(buf[l - 1] == '\n');
+ buf[l - 1] = '\0';
+ BN_hex2bn(bn, buf);
+}
static void jpake_receive_part(JPAKE_STEP_PART *p, BIO *bconn)
- {
- readbn(&p->gx, bconn);
- readbn(&p->zkpx.gr, bconn);
- readbn(&p->zkpx.b, bconn);
- }
+{
+ readbn(&p->gx, bconn);
+ readbn(&p->zkpx.gr, bconn);
+ readbn(&p->zkpx.b, bconn);
+}
static void jpake_receive_step1(JPAKE_CTX *ctx, BIO *bconn)
- {
- JPAKE_STEP1 s1;
-
- JPAKE_STEP1_init(&s1);
- jpake_receive_part(&s1.p1, bconn);
- jpake_receive_part(&s1.p2, bconn);
- if(!JPAKE_STEP1_process(ctx, &s1))
- {
- ERR_print_errors(bio_err);
- exit(1);
- }
- JPAKE_STEP1_release(&s1);
- }
+{
+ JPAKE_STEP1 s1;
+
+ JPAKE_STEP1_init(&s1);
+ jpake_receive_part(&s1.p1, bconn);
+ jpake_receive_part(&s1.p2, bconn);
+ if (!JPAKE_STEP1_process(ctx, &s1)) {
+ ERR_print_errors(bio_err);
+ exit(1);
+ }
+ JPAKE_STEP1_release(&s1);
+}
static void jpake_receive_step2(JPAKE_CTX *ctx, BIO *bconn)
- {
- JPAKE_STEP2 s2;
-
- JPAKE_STEP2_init(&s2);
- jpake_receive_part(&s2, bconn);
- if(!JPAKE_STEP2_process(ctx, &s2))
- {
- ERR_print_errors(bio_err);
- exit(1);
- }
- JPAKE_STEP2_release(&s2);
- }
+{
+ JPAKE_STEP2 s2;
+
+ JPAKE_STEP2_init(&s2);
+ jpake_receive_part(&s2, bconn);
+ if (!JPAKE_STEP2_process(ctx, &s2)) {
+ ERR_print_errors(bio_err);
+ exit(1);
+ }
+ JPAKE_STEP2_release(&s2);
+}
static void jpake_receive_step3a(JPAKE_CTX *ctx, BIO *bconn)
- {
- JPAKE_STEP3A s3a;
- int l;
-
- JPAKE_STEP3A_init(&s3a);
- l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk);
- assert(l == sizeof s3a.hhk);
- if(!JPAKE_STEP3A_process(ctx, &s3a))
- {
- ERR_print_errors(bio_err);
- exit(1);
- }
- JPAKE_STEP3A_release(&s3a);
- }
+{
+ JPAKE_STEP3A s3a;
+ int l;
+
+ JPAKE_STEP3A_init(&s3a);
+ l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk);
+ assert(l == sizeof s3a.hhk);
+ if (!JPAKE_STEP3A_process(ctx, &s3a)) {
+ ERR_print_errors(bio_err);
+ exit(1);
+ }
+ JPAKE_STEP3A_release(&s3a);
+}
static void jpake_receive_step3b(JPAKE_CTX *ctx, BIO *bconn)
- {
- JPAKE_STEP3B s3b;
- int l;
-
- JPAKE_STEP3B_init(&s3b);
- l = BIO_read(bconn, s3b.hk, sizeof s3b.hk);
- assert(l == sizeof s3b.hk);
- if(!JPAKE_STEP3B_process(ctx, &s3b))
- {
- ERR_print_errors(bio_err);
- exit(1);
- }
- JPAKE_STEP3B_release(&s3b);
- }
+{
+ JPAKE_STEP3B s3b;
+ int l;
+
+ JPAKE_STEP3B_init(&s3b);
+ l = BIO_read(bconn, s3b.hk, sizeof s3b.hk);
+ assert(l == sizeof s3b.hk);
+ if (!JPAKE_STEP3B_process(ctx, &s3b)) {
+ ERR_print_errors(bio_err);
+ exit(1);
+ }
+ JPAKE_STEP3B_release(&s3b);
+}
void jpake_client_auth(BIO *out, BIO *conn, const char *secret)
- {
- JPAKE_CTX *ctx;
- BIO *bconn;
+{
+ JPAKE_CTX *ctx;
+ BIO *bconn;
- BIO_puts(out, "Authenticating with JPAKE\n");
+ BIO_puts(out, "Authenticating with JPAKE\n");
- ctx = jpake_init("client", "server", secret);
+ ctx = jpake_init("client", "server", secret);
- bconn = BIO_new(BIO_f_buffer());
- BIO_push(bconn, conn);
+ bconn = BIO_new(BIO_f_buffer());
+ BIO_push(bconn, conn);
- jpake_send_step1(bconn, ctx);
- jpake_receive_step1(ctx, bconn);
- jpake_send_step2(bconn, ctx);
- jpake_receive_step2(ctx, bconn);
- jpake_send_step3a(bconn, ctx);
- jpake_receive_step3b(ctx, bconn);
+ jpake_send_step1(bconn, ctx);
+ jpake_receive_step1(ctx, bconn);
+ jpake_send_step2(bconn, ctx);
+ jpake_receive_step2(ctx, bconn);
+ jpake_send_step3a(bconn, ctx);
+ jpake_receive_step3b(ctx, bconn);
- BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
+ BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
- psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
+ psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
- BIO_pop(bconn);
- BIO_free(bconn);
+ BIO_pop(bconn);
+ BIO_free(bconn);
- JPAKE_CTX_free(ctx);
- }
+ JPAKE_CTX_free(ctx);
+}
void jpake_server_auth(BIO *out, BIO *conn, const char *secret)
- {
- JPAKE_CTX *ctx;
- BIO *bconn;
+{
+ JPAKE_CTX *ctx;
+ BIO *bconn;
- BIO_puts(out, "Authenticating with JPAKE\n");
+ BIO_puts(out, "Authenticating with JPAKE\n");
- ctx = jpake_init("server", "client", secret);
+ ctx = jpake_init("server", "client", secret);
- bconn = BIO_new(BIO_f_buffer());
- BIO_push(bconn, conn);
+ bconn = BIO_new(BIO_f_buffer());
+ BIO_push(bconn, conn);
- jpake_receive_step1(ctx, bconn);
- jpake_send_step1(bconn, ctx);
- jpake_receive_step2(ctx, bconn);
- jpake_send_step2(bconn, ctx);
- jpake_receive_step3a(ctx, bconn);
- jpake_send_step3b(bconn, ctx);
+ jpake_receive_step1(ctx, bconn);
+ jpake_send_step1(bconn, ctx);
+ jpake_receive_step2(ctx, bconn);
+ jpake_send_step2(bconn, ctx);
+ jpake_receive_step3a(ctx, bconn);
+ jpake_send_step3b(bconn, ctx);
- BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
+ BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
- psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
+ psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
- BIO_pop(bconn);
- BIO_free(bconn);
+ BIO_pop(bconn);
+ BIO_free(bconn);
- JPAKE_CTX_free(ctx);
- }
+ JPAKE_CTX_free(ctx);
+}
#endif
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
-/* next_protos_parse parses a comma separated list of strings into a string
+/*-
+ * next_protos_parse parses a comma separated list of strings into a string
* in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
* outlen: (output) set to the length of the resulting buffer on success.
* err: (maybe NULL) on failure, an error message line is written to this BIO.
@@ -2737,39 +2600,36 @@ void jpake_server_auth(BIO *out, BIO *conn, const char *secret)
* returns: a malloced buffer or NULL on failure.
*/
unsigned char *next_protos_parse(unsigned short *outlen, const char *in)
- {
- size_t len;
- unsigned char *out;
- size_t i, start = 0;
-
- len = strlen(in);
- if (len >= 65535)
- return NULL;
-
- out = OPENSSL_malloc(strlen(in) + 1);
- if (!out)
- return NULL;
-
- for (i = 0; i <= len; ++i)
- {
- if (i == len || in[i] == ',')
- {
- if (i - start > 255)
- {
- OPENSSL_free(out);
- return NULL;
- }
- out[start] = i - start;
- start = i + 1;
- }
- else
- out[i+1] = in[i];
- }
-
- *outlen = len + 1;
- return out;
- }
-#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */
+{
+ size_t len;
+ unsigned char *out;
+ size_t i, start = 0;
+
+ len = strlen(in);
+ if (len >= 65535)
+ return NULL;
+
+ out = OPENSSL_malloc(strlen(in) + 1);
+ if (!out)
+ return NULL;
+
+ for (i = 0; i <= len; ++i) {
+ if (i == len || in[i] == ',') {
+ if (i - start > 255) {
+ OPENSSL_free(out);
+ return NULL;
+ }
+ out[start] = i - start;
+ start = i + 1;
+ } else
+ out[i + 1] = in[i];
+ }
+
+ *outlen = len + 1;
+ return out;
+}
+#endif /* !OPENSSL_NO_TLSEXT &&
+ * !OPENSSL_NO_NEXTPROTONEG */
/*
* Platform-specific sections
@@ -2784,315 +2644,332 @@ unsigned char *next_protos_parse(unsigned short *outlen, const char *in)
# include <tchar.h>
static int WIN32_rename(const char *from, const char *to)
- {
- TCHAR *tfrom=NULL,*tto;
- DWORD err;
- int ret=0;
-
- if (sizeof(TCHAR) == 1)
- {
- tfrom = (TCHAR *)from;
- tto = (TCHAR *)to;
- }
- else /* UNICODE path */
- {
- size_t i,flen=strlen(from)+1,tlen=strlen(to)+1;
- tfrom = (TCHAR *)malloc(sizeof(TCHAR)*(flen+tlen));
- if (tfrom==NULL) goto err;
- tto=tfrom+flen;
-#if !defined(_WIN32_WCE) || _WIN32_WCE>=101
- if (!MultiByteToWideChar(CP_ACP,0,from,flen,(WCHAR *)tfrom,flen))
-#endif
- for (i=0;i<flen;i++) tfrom[i]=(TCHAR)from[i];
-#if !defined(_WIN32_WCE) || _WIN32_WCE>=101
- if (!MultiByteToWideChar(CP_ACP,0,to, tlen,(WCHAR *)tto, tlen))
-#endif
- for (i=0;i<tlen;i++) tto[i] =(TCHAR)to[i];
- }
-
- if (MoveFile(tfrom,tto)) goto ok;
- err=GetLastError();
- if (err==ERROR_ALREADY_EXISTS || err==ERROR_FILE_EXISTS)
- {
- if (DeleteFile(tto) && MoveFile(tfrom,tto))
- goto ok;
- err=GetLastError();
- }
- if (err==ERROR_FILE_NOT_FOUND || err==ERROR_PATH_NOT_FOUND)
- errno = ENOENT;
- else if (err==ERROR_ACCESS_DENIED)
- errno = EACCES;
- else
- errno = EINVAL; /* we could map more codes... */
-err:
- ret=-1;
-ok:
- if (tfrom!=NULL && tfrom!=(TCHAR *)from) free(tfrom);
- return ret;
- }
+{
+ TCHAR *tfrom = NULL, *tto;
+ DWORD err;
+ int ret = 0;
+
+ if (sizeof(TCHAR) == 1) {
+ tfrom = (TCHAR *)from;
+ tto = (TCHAR *)to;
+ } else { /* UNICODE path */
+
+ size_t i, flen = strlen(from) + 1, tlen = strlen(to) + 1;
+ tfrom = (TCHAR *)malloc(sizeof(TCHAR) * (flen + tlen));
+ if (tfrom == NULL)
+ goto err;
+ tto = tfrom + flen;
+# if !defined(_WIN32_WCE) || _WIN32_WCE>=101
+ if (!MultiByteToWideChar(CP_ACP, 0, from, flen, (WCHAR *)tfrom, flen))
+# endif
+ for (i = 0; i < flen; i++)
+ tfrom[i] = (TCHAR)from[i];
+# if !defined(_WIN32_WCE) || _WIN32_WCE>=101
+ if (!MultiByteToWideChar(CP_ACP, 0, to, tlen, (WCHAR *)tto, tlen))
+# endif
+ for (i = 0; i < tlen; i++)
+ tto[i] = (TCHAR)to[i];
+ }
+
+ if (MoveFile(tfrom, tto))
+ goto ok;
+ err = GetLastError();
+ if (err == ERROR_ALREADY_EXISTS || err == ERROR_FILE_EXISTS) {
+ if (DeleteFile(tto) && MoveFile(tfrom, tto))
+ goto ok;
+ err = GetLastError();
+ }
+ if (err == ERROR_FILE_NOT_FOUND || err == ERROR_PATH_NOT_FOUND)
+ errno = ENOENT;
+ else if (err == ERROR_ACCESS_DENIED)
+ errno = EACCES;
+ else
+ errno = EINVAL; /* we could map more codes... */
+ err:
+ ret = -1;
+ ok:
+ if (tfrom != NULL && tfrom != (TCHAR *)from)
+ free(tfrom);
+ return ret;
+}
#endif
/* app_tminterval section */
#if defined(_WIN32)
-double app_tminterval(int stop,int usertime)
- {
- FILETIME now;
- double ret=0;
- static ULARGE_INTEGER tmstart;
- static int warning=1;
-#ifdef _WIN32_WINNT
- static HANDLE proc=NULL;
-
- if (proc==NULL)
- {
- if (check_winnt())
- proc = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,
- GetCurrentProcessId());
- if (proc==NULL) proc = (HANDLE)-1;
- }
-
- if (usertime && proc!=(HANDLE)-1)
- {
- FILETIME junk;
- GetProcessTimes(proc,&junk,&junk,&junk,&now);
- }
- else
-#endif
- {
- SYSTEMTIME systime;
-
- if (usertime && warning)
- {
- BIO_printf(bio_err,"To get meaningful results, run "
- "this program on idle system.\n");
- warning=0;
- }
- GetSystemTime(&systime);
- SystemTimeToFileTime(&systime,&now);
- }
-
- if (stop==TM_START)
- {
- tmstart.u.LowPart = now.dwLowDateTime;
- tmstart.u.HighPart = now.dwHighDateTime;
- }
- else {
- ULARGE_INTEGER tmstop;
-
- tmstop.u.LowPart = now.dwLowDateTime;
- tmstop.u.HighPart = now.dwHighDateTime;
-
- ret = (__int64)(tmstop.QuadPart - tmstart.QuadPart)*1e-7;
- }
-
- return (ret);
- }
-
-#elif defined(OPENSSL_SYS_NETWARE)
-#include <time.h>
-
-double app_tminterval(int stop,int usertime)
- {
- double ret=0;
- static clock_t tmstart;
- static int warning=1;
+double app_tminterval(int stop, int usertime)
+{
+ FILETIME now;
+ double ret = 0;
+ static ULARGE_INTEGER tmstart;
+ static int warning = 1;
+# ifdef _WIN32_WINNT
+ static HANDLE proc = NULL;
+
+ if (proc == NULL) {
+ if (check_winnt())
+ proc = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE,
+ GetCurrentProcessId());
+ if (proc == NULL)
+ proc = (HANDLE) - 1;
+ }
+
+ if (usertime && proc != (HANDLE) - 1) {
+ FILETIME junk;
+ GetProcessTimes(proc, &junk, &junk, &junk, &now);
+ } else
+# endif
+ {
+ SYSTEMTIME systime;
- if (usertime && warning)
- {
- BIO_printf(bio_err,"To get meaningful results, run "
- "this program on idle system.\n");
- warning=0;
- }
+ if (usertime && warning) {
+ BIO_printf(bio_err, "To get meaningful results, run "
+ "this program on idle system.\n");
+ warning = 0;
+ }
+ GetSystemTime(&systime);
+ SystemTimeToFileTime(&systime, &now);
+ }
- if (stop==TM_START) tmstart = clock();
- else ret = (clock()-tmstart)/(double)CLOCKS_PER_SEC;
+ if (stop == TM_START) {
+ tmstart.u.LowPart = now.dwLowDateTime;
+ tmstart.u.HighPart = now.dwHighDateTime;
+ } else {
+ ULARGE_INTEGER tmstop;
- return (ret);
- }
+ tmstop.u.LowPart = now.dwLowDateTime;
+ tmstop.u.HighPart = now.dwHighDateTime;
-#elif defined(OPENSSL_SYSTEM_VXWORKS)
-#include <time.h>
-
-double app_tminterval(int stop,int usertime)
- {
- double ret=0;
-#ifdef CLOCK_REALTIME
- static struct timespec tmstart;
- struct timespec now;
-#else
- static unsigned long tmstart;
- unsigned long now;
-#endif
- static int warning=1;
-
- if (usertime && warning)
- {
- BIO_printf(bio_err,"To get meaningful results, run "
- "this program on idle system.\n");
- warning=0;
- }
-
-#ifdef CLOCK_REALTIME
- clock_gettime(CLOCK_REALTIME,&now);
- if (stop==TM_START) tmstart = now;
- else ret = ( (now.tv_sec+now.tv_nsec*1e-9)
- - (tmstart.tv_sec+tmstart.tv_nsec*1e-9) );
-#else
- now = tickGet();
- if (stop==TM_START) tmstart = now;
- else ret = (now - tmstart)/(double)sysClkRateGet();
-#endif
- return (ret);
- }
+ ret = (__int64)(tmstop.QuadPart - tmstart.QuadPart) * 1e-7;
+ }
-#elif defined(OPENSSL_SYSTEM_VMS)
-#include <time.h>
-#include <times.h>
-
-double app_tminterval(int stop,int usertime)
- {
- static clock_t tmstart;
- double ret = 0;
- clock_t now;
-#ifdef __TMS
- struct tms rus;
-
- now = times(&rus);
- if (usertime) now = rus.tms_utime;
-#else
- if (usertime)
- now = clock(); /* sum of user and kernel times */
- else {
- struct timeval tv;
- gettimeofday(&tv,NULL);
- now = (clock_t)(
- (unsigned long long)tv.tv_sec*CLK_TCK +
- (unsigned long long)tv.tv_usec*(1000000/CLK_TCK)
- );
- }
-#endif
- if (stop==TM_START) tmstart = now;
- else ret = (now - tmstart)/(double)(CLK_TCK);
+ return (ret);
+}
- return (ret);
- }
+#elif defined(OPENSSL_SYS_NETWARE)
+# include <time.h>
-#elif defined(_SC_CLK_TCK) /* by means of unistd.h */
-#include <sys/times.h>
+double app_tminterval(int stop, int usertime)
+{
+ double ret = 0;
+ static clock_t tmstart;
+ static int warning = 1;
+
+ if (usertime && warning) {
+ BIO_printf(bio_err, "To get meaningful results, run "
+ "this program on idle system.\n");
+ warning = 0;
+ }
+
+ if (stop == TM_START)
+ tmstart = clock();
+ else
+ ret = (clock() - tmstart) / (double)CLOCKS_PER_SEC;
+
+ return (ret);
+}
-double app_tminterval(int stop,int usertime)
- {
- double ret = 0;
- struct tms rus;
- clock_t now = times(&rus);
- static clock_t tmstart;
+#elif defined(OPENSSL_SYSTEM_VXWORKS)
+# include <time.h>
- if (usertime) now = rus.tms_utime;
+double app_tminterval(int stop, int usertime)
+{
+ double ret = 0;
+# ifdef CLOCK_REALTIME
+ static struct timespec tmstart;
+ struct timespec now;
+# else
+ static unsigned long tmstart;
+ unsigned long now;
+# endif
+ static int warning = 1;
+
+ if (usertime && warning) {
+ BIO_printf(bio_err, "To get meaningful results, run "
+ "this program on idle system.\n");
+ warning = 0;
+ }
+# ifdef CLOCK_REALTIME
+ clock_gettime(CLOCK_REALTIME, &now);
+ if (stop == TM_START)
+ tmstart = now;
+ else
+ ret = ((now.tv_sec + now.tv_nsec * 1e-9)
+ - (tmstart.tv_sec + tmstart.tv_nsec * 1e-9));
+# else
+ now = tickGet();
+ if (stop == TM_START)
+ tmstart = now;
+ else
+ ret = (now - tmstart) / (double)sysClkRateGet();
+# endif
+ return (ret);
+}
- if (stop==TM_START) tmstart = now;
- else
- {
- long int tck = sysconf(_SC_CLK_TCK);
- ret = (now - tmstart)/(double)tck;
- }
+#elif defined(OPENSSL_SYSTEM_VMS)
+# include <time.h>
+# include <times.h>
- return (ret);
- }
+double app_tminterval(int stop, int usertime)
+{
+ static clock_t tmstart;
+ double ret = 0;
+ clock_t now;
+# ifdef __TMS
+ struct tms rus;
+
+ now = times(&rus);
+ if (usertime)
+ now = rus.tms_utime;
+# else
+ if (usertime)
+ now = clock(); /* sum of user and kernel times */
+ else {
+ struct timeval tv;
+ gettimeofday(&tv, NULL);
+ now = (clock_t)((unsigned long long)tv.tv_sec * CLK_TCK +
+ (unsigned long long)tv.tv_usec * (1000000 / CLK_TCK)
+ );
+ }
+# endif
+ if (stop == TM_START)
+ tmstart = now;
+ else
+ ret = (now - tmstart) / (double)(CLK_TCK);
-#else
-#include <sys/time.h>
-#include <sys/resource.h>
+ return (ret);
+}
-double app_tminterval(int stop,int usertime)
- {
- double ret = 0;
- struct rusage rus;
- struct timeval now;
- static struct timeval tmstart;
+#elif defined(_SC_CLK_TCK) /* by means of unistd.h */
+# include <sys/times.h>
- if (usertime) getrusage(RUSAGE_SELF,&rus), now = rus.ru_utime;
- else gettimeofday(&now,NULL);
+double app_tminterval(int stop, int usertime)
+{
+ double ret = 0;
+ struct tms rus;
+ clock_t now = times(&rus);
+ static clock_t tmstart;
+
+ if (usertime)
+ now = rus.tms_utime;
+
+ if (stop == TM_START)
+ tmstart = now;
+ else {
+ long int tck = sysconf(_SC_CLK_TCK);
+ ret = (now - tmstart) / (double)tck;
+ }
+
+ return (ret);
+}
- if (stop==TM_START) tmstart = now;
- else ret = ( (now.tv_sec+now.tv_usec*1e-6)
- - (tmstart.tv_sec+tmstart.tv_usec*1e-6) );
+#else
+# include <sys/time.h>
+# include <sys/resource.h>
- return ret;
- }
+double app_tminterval(int stop, int usertime)
+{
+ double ret = 0;
+ struct rusage rus;
+ struct timeval now;
+ static struct timeval tmstart;
+
+ if (usertime)
+ getrusage(RUSAGE_SELF, &rus), now = rus.ru_utime;
+ else
+ gettimeofday(&now, NULL);
+
+ if (stop == TM_START)
+ tmstart = now;
+ else
+ ret = ((now.tv_sec + now.tv_usec * 1e-6)
+ - (tmstart.tv_sec + tmstart.tv_usec * 1e-6));
+
+ return ret;
+}
#endif
/* app_isdir section */
#ifdef _WIN32
int app_isdir(const char *name)
- {
- HANDLE hList;
- WIN32_FIND_DATA FileData;
-#if defined(UNICODE) || defined(_UNICODE)
- size_t i, len_0 = strlen(name)+1;
-
- if (len_0 > sizeof(FileData.cFileName)/sizeof(FileData.cFileName[0]))
- return -1;
-
-#if !defined(_WIN32_WCE) || _WIN32_WCE>=101
- if (!MultiByteToWideChar(CP_ACP,0,name,len_0,FileData.cFileName,len_0))
-#endif
- for (i=0;i<len_0;i++)
- FileData.cFileName[i] = (WCHAR)name[i];
-
- hList = FindFirstFile(FileData.cFileName,&FileData);
-#else
- hList = FindFirstFile(name,&FileData);
-#endif
- if (hList == INVALID_HANDLE_VALUE) return -1;
- FindClose(hList);
- return ((FileData.dwFileAttributes&FILE_ATTRIBUTE_DIRECTORY)!=0);
- }
+{
+ HANDLE hList;
+ WIN32_FIND_DATA FileData;
+# if defined(UNICODE) || defined(_UNICODE)
+ size_t i, len_0 = strlen(name) + 1;
+
+ if (len_0 > sizeof(FileData.cFileName) / sizeof(FileData.cFileName[0]))
+ return -1;
+
+# if !defined(_WIN32_WCE) || _WIN32_WCE>=101
+ if (!MultiByteToWideChar
+ (CP_ACP, 0, name, len_0, FileData.cFileName, len_0))
+# endif
+ for (i = 0; i < len_0; i++)
+ FileData.cFileName[i] = (WCHAR)name[i];
+
+ hList = FindFirstFile(FileData.cFileName, &FileData);
+# else
+ hList = FindFirstFile(name, &FileData);
+# endif
+ if (hList == INVALID_HANDLE_VALUE)
+ return -1;
+ FindClose(hList);
+ return ((FileData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) != 0);
+}
#else
-#include <sys/stat.h>
-#ifndef S_ISDIR
-# if defined(_S_IFMT) && defined(_S_IFDIR)
-# define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR)
-# else
-# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
-# endif
-#endif
+# include <sys/stat.h>
+# ifndef S_ISDIR
+# if defined(_S_IFMT) && defined(_S_IFDIR)
+# define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR)
+# else
+# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
+# endif
+# endif
int app_isdir(const char *name)
- {
-#if defined(S_ISDIR)
- struct stat st;
-
- if (stat(name,&st)==0) return S_ISDIR(st.st_mode);
- else return -1;
-#else
- return -1;
-#endif
- }
+{
+# if defined(S_ISDIR)
+ struct stat st;
+
+ if (stat(name, &st) == 0)
+ return S_ISDIR(st.st_mode);
+ else
+ return -1;
+# else
+ return -1;
+# endif
+}
#endif
/* raw_read|write section */
#if defined(_WIN32) && defined(STD_INPUT_HANDLE)
-int raw_read_stdin(void *buf,int siz)
- {
- DWORD n;
- if (ReadFile(GetStdHandle(STD_INPUT_HANDLE),buf,siz,&n,NULL))
- return (n);
- else return (-1);
- }
+int raw_read_stdin(void *buf, int siz)
+{
+ DWORD n;
+ if (ReadFile(GetStdHandle(STD_INPUT_HANDLE), buf, siz, &n, NULL))
+ return (n);
+ else
+ return (-1);
+}
#else
-int raw_read_stdin(void *buf,int siz)
- { return read(fileno(stdin),buf,siz); }
+int raw_read_stdin(void *buf, int siz)
+{
+ return read(fileno(stdin), buf, siz);
+}
#endif
#if defined(_WIN32) && defined(STD_OUTPUT_HANDLE)
-int raw_write_stdout(const void *buf,int siz)
- {
- DWORD n;
- if (WriteFile(GetStdHandle(STD_OUTPUT_HANDLE),buf,siz,&n,NULL))
- return (n);
- else return (-1);
- }
+int raw_write_stdout(const void *buf, int siz)
+{
+ DWORD n;
+ if (WriteFile(GetStdHandle(STD_OUTPUT_HANDLE), buf, siz, &n, NULL))
+ return (n);
+ else
+ return (-1);
+}
#else
-int raw_write_stdout(const void *buf,int siz)
- { return write(fileno(stdout),buf,siz); }
+int raw_write_stdout(const void *buf, int siz)
+{
+ return write(fileno(stdout), buf, siz);
+}
#endif
diff --git a/apps/apps.h b/apps/apps.h
index 3aeb46c4e299..33b293e5b215 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -63,7 +63,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -110,122 +110,119 @@
*/
#ifndef HEADER_APPS_H
-#define HEADER_APPS_H
-
-#include "e_os.h"
-
-#include <openssl/bio.h>
-#include <openssl/x509.h>
-#include <openssl/lhash.h>
-#include <openssl/conf.h>
-#include <openssl/txt_db.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#ifndef OPENSSL_NO_OCSP
-#include <openssl/ocsp.h>
-#endif
-#include <openssl/ossl_typ.h>
+# define HEADER_APPS_H
+
+# include "e_os.h"
+
+# include <openssl/bio.h>
+# include <openssl/x509.h>
+# include <openssl/lhash.h>
+# include <openssl/conf.h>
+# include <openssl/txt_db.h>
+# ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+# endif
+# ifndef OPENSSL_NO_OCSP
+# include <openssl/ocsp.h>
+# endif
+# include <openssl/ossl_typ.h>
int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
int app_RAND_write_file(const char *file, BIO *bio_e);
-/* When `file' is NULL, use defaults.
- * `bio_e' is for error messages. */
+/*
+ * When `file' is NULL, use defaults. `bio_e' is for error messages.
+ */
void app_RAND_allow_write_file(void);
long app_RAND_load_files(char *file); /* `file' is a list of files to read,
* separated by LIST_SEPARATOR_CHAR
* (see e_os.h). The string is
* destroyed! */
-#ifndef MONOLITH
+# ifndef MONOLITH
-#define MAIN(a,v) main(a,v)
+# define MAIN(a,v) main(a,v)
-#ifndef NON_MAIN
-CONF *config=NULL;
-BIO *bio_err=NULL;
-#else
+# ifndef NON_MAIN
+CONF *config = NULL;
+BIO *bio_err = NULL;
+# else
extern CONF *config;
extern BIO *bio_err;
-#endif
+# endif
-#else
+# else
-#define MAIN(a,v) PROG(a,v)
+# define MAIN(a,v) PROG(a,v)
extern CONF *config;
extern char *default_config_file;
extern BIO *bio_err;
-#endif
+# endif
-#ifndef OPENSSL_SYS_NETWARE
-#include <signal.h>
-#endif
+# ifndef OPENSSL_SYS_NETWARE
+# include <signal.h>
+# endif
-#ifdef SIGPIPE
-#define do_pipe_sig() signal(SIGPIPE,SIG_IGN)
-#else
-#define do_pipe_sig()
-#endif
+# ifdef SIGPIPE
+# define do_pipe_sig() signal(SIGPIPE,SIG_IGN)
+# else
+# define do_pipe_sig()
+# endif
-#ifdef OPENSSL_NO_COMP
-#define zlib_cleanup()
-#else
-#define zlib_cleanup() COMP_zlib_cleanup()
-#endif
+# ifdef OPENSSL_NO_COMP
+# define zlib_cleanup()
+# else
+# define zlib_cleanup() COMP_zlib_cleanup()
+# endif
-#if defined(MONOLITH) && !defined(OPENSSL_C)
+# if defined(MONOLITH) && !defined(OPENSSL_C)
# define apps_startup() \
- do_pipe_sig()
+ do_pipe_sig()
# define apps_shutdown()
-#else
+# else
# ifndef OPENSSL_NO_ENGINE
-# define apps_startup() \
- do { do_pipe_sig(); CRYPTO_malloc_init(); \
- ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
- ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
-# define apps_shutdown() \
- do { CONF_modules_unload(1); destroy_ui_method(); \
- OBJ_cleanup(); EVP_cleanup(); ENGINE_cleanup(); \
- CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \
- RAND_cleanup(); \
- ERR_free_strings(); zlib_cleanup();} while(0)
+# define apps_startup() \
+ do { do_pipe_sig(); CRYPTO_malloc_init(); \
+ ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+ ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
+# define apps_shutdown() \
+ do { CONF_modules_unload(1); destroy_ui_method(); \
+ OBJ_cleanup(); EVP_cleanup(); ENGINE_cleanup(); \
+ CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \
+ RAND_cleanup(); \
+ ERR_free_strings(); zlib_cleanup();} while(0)
# else
-# define apps_startup() \
- do { do_pipe_sig(); CRYPTO_malloc_init(); \
- ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
- setup_ui_method(); } while(0)
-# define apps_shutdown() \
- do { CONF_modules_unload(1); destroy_ui_method(); \
- OBJ_cleanup(); EVP_cleanup(); \
- CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \
- RAND_cleanup(); \
- ERR_free_strings(); zlib_cleanup(); } while(0)
+# define apps_startup() \
+ do { do_pipe_sig(); CRYPTO_malloc_init(); \
+ ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+ setup_ui_method(); } while(0)
+# define apps_shutdown() \
+ do { CONF_modules_unload(1); destroy_ui_method(); \
+ OBJ_cleanup(); EVP_cleanup(); \
+ CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \
+ RAND_cleanup(); \
+ ERR_free_strings(); zlib_cleanup(); } while(0)
# endif
-#endif
+# endif
-#ifdef OPENSSL_SYSNAME_WIN32
+# ifdef OPENSSL_SYSNAME_WIN32
# define openssl_fdset(a,b) FD_SET((unsigned int)a, b)
-#else
+# else
# define openssl_fdset(a,b) FD_SET(a, b)
-#endif
+# endif
+typedef struct args_st {
+ char **data;
+ int count;
+} ARGS;
-typedef struct args_st
- {
- char **data;
- int count;
- } ARGS;
+# define PW_MIN_LENGTH 4
+typedef struct pw_cb_data {
+ const void *password;
+ const char *prompt_info;
+} PW_CB_DATA;
-#define PW_MIN_LENGTH 4
-typedef struct pw_cb_data
- {
- const void *password;
- const char *prompt_info;
- } PW_CB_DATA;
-
-int password_callback(char *buf, int bufsiz, int verify,
- PW_CB_DATA *cb_data);
+int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data);
int setup_ui_method(void);
void destroy_ui_method(void);
@@ -233,12 +230,13 @@ void destroy_ui_method(void);
int should_retry(int i);
int args_from_file(char *file, int *argc, char **argv[]);
int str2fmt(char *s);
-void program_name(char *in,char *out,int size);
-int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
-#ifdef HEADER_X509_H
+void program_name(char *in, char *out, int size);
+int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[]);
+# ifdef HEADER_X509_H
int dump_cert_text(BIO *out, X509 *x);
-void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags);
-#endif
+void print_name(BIO *out, const char *title, X509_NAME *nm,
+ unsigned long lflags);
+# endif
int set_cert_ex(unsigned long *flags, const char *arg);
int set_name_ex(unsigned long *flags, const char *arg);
int set_ext_copy(int *copy_type, const char *arg);
@@ -246,130 +244,134 @@ int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
int add_oid_section(BIO *err, CONF *conf);
X509 *load_cert(BIO *err, const char *file, int format,
- const char *pass, ENGINE *e, const char *cert_descrip);
+ const char *pass, ENGINE *e, const char *cert_descrip);
EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
- const char *pass, ENGINE *e, const char *key_descrip);
+ const char *pass, ENGINE *e, const char *key_descrip);
EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
- const char *pass, ENGINE *e, const char *key_descrip);
+ const char *pass, ENGINE *e, const char *key_descrip);
STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
- const char *pass, ENGINE *e, const char *cert_descrip);
+ const char *pass, ENGINE *e,
+ const char *cert_descrip);
STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format,
- const char *pass, ENGINE *e, const char *cert_descrip);
+ const char *pass, ENGINE *e,
+ const char *cert_descrip);
X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
-#ifndef OPENSSL_NO_ENGINE
+# ifndef OPENSSL_NO_ENGINE
ENGINE *setup_engine(BIO *err, const char *engine, int debug);
-#endif
+# endif
-#ifndef OPENSSL_NO_OCSP
+# ifndef OPENSSL_NO_OCSP
OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
- char *host, char *path, char *port, int use_ssl,
- STACK_OF(CONF_VALUE) *headers,
- int req_timeout);
-#endif
+ char *host, char *path, char *port,
+ int use_ssl, STACK_OF(CONF_VALUE) *headers,
+ int req_timeout);
+# endif
int load_config(BIO *err, CONF *cnf);
char *make_config_name(void);
/* Functions defined in ca.c and also used in ocsp.c */
int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
- ASN1_GENERALIZEDTIME **pinvtm, const char *str);
-
-#define DB_type 0
-#define DB_exp_date 1
-#define DB_rev_date 2
-#define DB_serial 3 /* index - unique */
-#define DB_file 4
-#define DB_name 5 /* index - unique when active and not disabled */
-#define DB_NUMBER 6
-
-#define DB_TYPE_REV 'R'
-#define DB_TYPE_EXP 'E'
-#define DB_TYPE_VAL 'V'
-
-typedef struct db_attr_st
- {
- int unique_subject;
- } DB_ATTR;
-typedef struct ca_db_st
- {
- DB_ATTR attributes;
- TXT_DB *db;
- } CA_DB;
+ ASN1_GENERALIZEDTIME **pinvtm, const char *str);
+
+# define DB_type 0
+# define DB_exp_date 1
+# define DB_rev_date 2
+# define DB_serial 3 /* index - unique */
+# define DB_file 4
+# define DB_name 5 /* index - unique when active and not
+ * disabled */
+# define DB_NUMBER 6
+
+# define DB_TYPE_REV 'R'
+# define DB_TYPE_EXP 'E'
+# define DB_TYPE_VAL 'V'
+
+typedef struct db_attr_st {
+ int unique_subject;
+} DB_ATTR;
+typedef struct ca_db_st {
+ DB_ATTR attributes;
+ TXT_DB *db;
+} CA_DB;
BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai);
-int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai);
+int save_serial(char *serialfile, char *suffix, BIGNUM *serial,
+ ASN1_INTEGER **retai);
int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix);
int rand_serial(BIGNUM *b, ASN1_INTEGER *ai);
CA_DB *load_index(char *dbfile, DB_ATTR *dbattr);
int index_index(CA_DB *db);
int save_index(const char *dbfile, const char *suffix, CA_DB *db);
-int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix);
+int rotate_index(const char *dbfile, const char *new_suffix,
+ const char *old_suffix);
void free_index(CA_DB *db);
-#define index_name_cmp_noconst(a, b) \
- index_name_cmp((const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, a), \
- (const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, b))
+# define index_name_cmp_noconst(a, b) \
+ index_name_cmp((const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, a), \
+ (const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, b))
int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b);
int parse_yesno(const char *str, int def);
X509_NAME *parse_name(char *str, long chtype, int multirdn);
int args_verify(char ***pargs, int *pargc,
- int *badarg, BIO *err, X509_VERIFY_PARAM **pm);
+ int *badarg, BIO *err, X509_VERIFY_PARAM **pm);
void policies_print(BIO *out, X509_STORE_CTX *ctx);
int bio_to_mem(unsigned char **out, int maxlen, BIO *in);
int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value);
int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
- const char *algname, ENGINE *e, int do_param);
+ const char *algname, ENGINE *e, int do_param);
int do_X509_sign(BIO *err, X509 *x, EVP_PKEY *pkey, const EVP_MD *md,
- STACK_OF(OPENSSL_STRING) *sigopts);
+ STACK_OF(OPENSSL_STRING) *sigopts);
int do_X509_REQ_sign(BIO *err, X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md,
- STACK_OF(OPENSSL_STRING) *sigopts);
+ STACK_OF(OPENSSL_STRING) *sigopts);
int do_X509_CRL_sign(BIO *err, X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
- STACK_OF(OPENSSL_STRING) *sigopts);
-#ifndef OPENSSL_NO_PSK
+ STACK_OF(OPENSSL_STRING) *sigopts);
+# ifndef OPENSSL_NO_PSK
extern char *psk_key;
-#endif
-#ifndef OPENSSL_NO_JPAKE
+# endif
+# ifndef OPENSSL_NO_JPAKE
void jpake_client_auth(BIO *out, BIO *conn, const char *secret);
void jpake_server_auth(BIO *out, BIO *conn, const char *secret);
-#endif
+# endif
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
+# if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
unsigned char *next_protos_parse(unsigned short *outlen, const char *in);
-#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */
-
-#define FORMAT_UNDEF 0
-#define FORMAT_ASN1 1
-#define FORMAT_TEXT 2
-#define FORMAT_PEM 3
-#define FORMAT_NETSCAPE 4
-#define FORMAT_PKCS12 5
-#define FORMAT_SMIME 6
-#define FORMAT_ENGINE 7
-#define FORMAT_IISSGC 8 /* XXX this stupid macro helps us to avoid
- * adding yet another param to load_*key() */
-#define FORMAT_PEMRSA 9 /* PEM RSAPubicKey format */
-#define FORMAT_ASN1RSA 10 /* DER RSAPubicKey format */
-#define FORMAT_MSBLOB 11 /* MS Key blob format */
-#define FORMAT_PVK 12 /* MS PVK file format */
-
-#define EXT_COPY_NONE 0
-#define EXT_COPY_ADD 1
-#define EXT_COPY_ALL 2
-
-#define NETSCAPE_CERT_HDR "certificate"
-
-#define APP_PASS_LEN 1024
-
-#define SERIAL_RAND_BITS 64
+# endif /* !OPENSSL_NO_TLSEXT &&
+ * !OPENSSL_NO_NEXTPROTONEG */
+
+# define FORMAT_UNDEF 0
+# define FORMAT_ASN1 1
+# define FORMAT_TEXT 2
+# define FORMAT_PEM 3
+# define FORMAT_NETSCAPE 4
+# define FORMAT_PKCS12 5
+# define FORMAT_SMIME 6
+# define FORMAT_ENGINE 7
+# define FORMAT_IISSGC 8 /* XXX this stupid macro helps us to avoid
+ * adding yet another param to load_*key() */
+# define FORMAT_PEMRSA 9 /* PEM RSAPubicKey format */
+# define FORMAT_ASN1RSA 10 /* DER RSAPubicKey format */
+# define FORMAT_MSBLOB 11 /* MS Key blob format */
+# define FORMAT_PVK 12 /* MS PVK file format */
+
+# define EXT_COPY_NONE 0
+# define EXT_COPY_ADD 1
+# define EXT_COPY_ALL 2
+
+# define NETSCAPE_CERT_HDR "certificate"
+
+# define APP_PASS_LEN 1024
+
+# define SERIAL_RAND_BITS 64
int app_isdir(const char *);
-int raw_read_stdin(void *,int);
-int raw_write_stdout(const void *,int);
+int raw_read_stdin(void *, int);
+int raw_write_stdout(const void *, int);
-#define TM_START 0
-#define TM_STOP 1
-double app_tminterval (int stop,int usertime);
+# define TM_START 0
+# define TM_STOP 1
+double app_tminterval(int stop, int usertime);
-#define OPENSSL_NO_SSL_INTERN
+# define OPENSSL_NO_SSL_INTERN
#endif
diff --git a/apps/asn1pars.c b/apps/asn1pars.c
index 0d6607071fe6..7a0f1694328e 100644
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,15 +49,16 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
-/* A nice addition from Dr Stephen Henson <steve@openssl.org> to
- * add the -strparse option which parses nested binary structures
+/*
+ * A nice addition from Dr Stephen Henson <steve@openssl.org> to add the
+ * -strparse option which parses nested binary structures
*/
#include <stdio.h>
@@ -69,377 +70,361 @@
#include <openssl/x509.h>
#include <openssl/pem.h>
-/* -inform arg - input format - default PEM (DER or PEM)
- * -in arg - input file - default stdin
- * -i - indent the details by depth
- * -offset - where in the file to start
- * -length - how many bytes to use
- * -oid file - extra oid description file
+/*-
+ * -inform arg - input format - default PEM (DER or PEM)
+ * -in arg - input file - default stdin
+ * -i - indent the details by depth
+ * -offset - where in the file to start
+ * -length - how many bytes to use
+ * -oid file - extra oid description file
*/
#undef PROG
-#define PROG asn1parse_main
+#define PROG asn1parse_main
int MAIN(int, char **);
static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf);
int MAIN(int argc, char **argv)
- {
- int i,badops=0,offset=0,ret=1,j;
- unsigned int length=0;
- long num,tmplen;
- BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL;
- int informat,indent=0, noout = 0, dump = 0;
- char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL;
- char *genstr=NULL, *genconf=NULL;
- unsigned char *tmpbuf;
- const unsigned char *ctmpbuf;
- BUF_MEM *buf=NULL;
- STACK_OF(OPENSSL_STRING) *osk=NULL;
- ASN1_TYPE *at=NULL;
-
- informat=FORMAT_PEM;
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- prog=argv[0];
- argc--;
- argv++;
- if ((osk=sk_OPENSSL_STRING_new_null()) == NULL)
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto end;
- }
- while (argc >= 1)
- {
- if (strcmp(*argv,"-inform") == 0)
- {
- if (--argc < 1) goto bad;
- informat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- derfile= *(++argv);
- }
- else if (strcmp(*argv,"-i") == 0)
- {
- indent=1;
- }
- else if (strcmp(*argv,"-noout") == 0) noout = 1;
- else if (strcmp(*argv,"-oid") == 0)
- {
- if (--argc < 1) goto bad;
- oidfile= *(++argv);
- }
- else if (strcmp(*argv,"-offset") == 0)
- {
- if (--argc < 1) goto bad;
- offset= atoi(*(++argv));
- }
- else if (strcmp(*argv,"-length") == 0)
- {
- if (--argc < 1) goto bad;
- length= atoi(*(++argv));
- if (length == 0) goto bad;
- }
- else if (strcmp(*argv,"-dump") == 0)
- {
- dump= -1;
- }
- else if (strcmp(*argv,"-dlimit") == 0)
- {
- if (--argc < 1) goto bad;
- dump= atoi(*(++argv));
- if (dump <= 0) goto bad;
- }
- else if (strcmp(*argv,"-strparse") == 0)
- {
- if (--argc < 1) goto bad;
- sk_OPENSSL_STRING_push(osk,*(++argv));
- }
- else if (strcmp(*argv,"-genstr") == 0)
- {
- if (--argc < 1) goto bad;
- genstr= *(++argv);
- }
- else if (strcmp(*argv,"-genconf") == 0)
- {
- if (--argc < 1) goto bad;
- genconf= *(++argv);
- }
- else
- {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badops=1;
- break;
- }
- argc--;
- argv++;
- }
-
- if (badops)
- {
-bad:
- BIO_printf(bio_err,"%s [options] <infile\n",prog);
- BIO_printf(bio_err,"where options are\n");
- BIO_printf(bio_err," -inform arg input format - one of DER PEM\n");
- BIO_printf(bio_err," -in arg input file\n");
- BIO_printf(bio_err," -out arg output file (output format is always DER\n");
- BIO_printf(bio_err," -noout arg don't produce any output\n");
- BIO_printf(bio_err," -offset arg offset into file\n");
- BIO_printf(bio_err," -length arg length of section in file\n");
- BIO_printf(bio_err," -i indent entries\n");
- BIO_printf(bio_err," -dump dump unknown data in hex form\n");
- BIO_printf(bio_err," -dlimit arg dump the first arg bytes of unknown data in hex form\n");
- BIO_printf(bio_err," -oid file file of extra oid definitions\n");
- BIO_printf(bio_err," -strparse offset\n");
- BIO_printf(bio_err," a series of these can be used to 'dig' into multiple\n");
- BIO_printf(bio_err," ASN1 blob wrappings\n");
- BIO_printf(bio_err," -genstr str string to generate ASN1 structure from\n");
- BIO_printf(bio_err," -genconf file file to generate ASN1 structure from\n");
- goto end;
- }
-
- ERR_load_crypto_strings();
-
- in=BIO_new(BIO_s_file());
- out=BIO_new(BIO_s_file());
- if ((in == NULL) || (out == NULL))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
+{
+ int i, badops = 0, offset = 0, ret = 1, j;
+ unsigned int length = 0;
+ long num, tmplen;
+ BIO *in = NULL, *out = NULL, *b64 = NULL, *derout = NULL;
+ int informat, indent = 0, noout = 0, dump = 0;
+ char *infile = NULL, *str = NULL, *prog, *oidfile = NULL, *derfile = NULL;
+ char *genstr = NULL, *genconf = NULL;
+ unsigned char *tmpbuf;
+ const unsigned char *ctmpbuf;
+ BUF_MEM *buf = NULL;
+ STACK_OF(OPENSSL_STRING) *osk = NULL;
+ ASN1_TYPE *at = NULL;
+
+ informat = FORMAT_PEM;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ prog = argv[0];
+ argc--;
+ argv++;
+ if ((osk = sk_OPENSSL_STRING_new_null()) == NULL) {
+ BIO_printf(bio_err, "Memory allocation failure\n");
+ goto end;
+ }
+ while (argc >= 1) {
+ if (strcmp(*argv, "-inform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ informat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-in") == 0) {
+ if (--argc < 1)
+ goto bad;
+ infile = *(++argv);
+ } else if (strcmp(*argv, "-out") == 0) {
+ if (--argc < 1)
+ goto bad;
+ derfile = *(++argv);
+ } else if (strcmp(*argv, "-i") == 0) {
+ indent = 1;
+ } else if (strcmp(*argv, "-noout") == 0)
+ noout = 1;
+ else if (strcmp(*argv, "-oid") == 0) {
+ if (--argc < 1)
+ goto bad;
+ oidfile = *(++argv);
+ } else if (strcmp(*argv, "-offset") == 0) {
+ if (--argc < 1)
+ goto bad;
+ offset = atoi(*(++argv));
+ } else if (strcmp(*argv, "-length") == 0) {
+ if (--argc < 1)
+ goto bad;
+ length = atoi(*(++argv));
+ if (length == 0)
+ goto bad;
+ } else if (strcmp(*argv, "-dump") == 0) {
+ dump = -1;
+ } else if (strcmp(*argv, "-dlimit") == 0) {
+ if (--argc < 1)
+ goto bad;
+ dump = atoi(*(++argv));
+ if (dump <= 0)
+ goto bad;
+ } else if (strcmp(*argv, "-strparse") == 0) {
+ if (--argc < 1)
+ goto bad;
+ sk_OPENSSL_STRING_push(osk, *(++argv));
+ } else if (strcmp(*argv, "-genstr") == 0) {
+ if (--argc < 1)
+ goto bad;
+ genstr = *(++argv);
+ } else if (strcmp(*argv, "-genconf") == 0) {
+ if (--argc < 1)
+ goto bad;
+ genconf = *(++argv);
+ } else {
+ BIO_printf(bio_err, "unknown option %s\n", *argv);
+ badops = 1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops) {
+ bad:
+ BIO_printf(bio_err, "%s [options] <infile\n", prog);
+ BIO_printf(bio_err, "where options are\n");
+ BIO_printf(bio_err, " -inform arg input format - one of DER PEM\n");
+ BIO_printf(bio_err, " -in arg input file\n");
+ BIO_printf(bio_err,
+ " -out arg output file (output format is always DER\n");
+ BIO_printf(bio_err, " -noout arg don't produce any output\n");
+ BIO_printf(bio_err, " -offset arg offset into file\n");
+ BIO_printf(bio_err, " -length arg length of section in file\n");
+ BIO_printf(bio_err, " -i indent entries\n");
+ BIO_printf(bio_err, " -dump dump unknown data in hex form\n");
+ BIO_printf(bio_err,
+ " -dlimit arg dump the first arg bytes of unknown data in hex form\n");
+ BIO_printf(bio_err, " -oid file file of extra oid definitions\n");
+ BIO_printf(bio_err, " -strparse offset\n");
+ BIO_printf(bio_err,
+ " a series of these can be used to 'dig' into multiple\n");
+ BIO_printf(bio_err, " ASN1 blob wrappings\n");
+ BIO_printf(bio_err,
+ " -genstr str string to generate ASN1 structure from\n");
+ BIO_printf(bio_err,
+ " -genconf file file to generate ASN1 structure from\n");
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+
+ in = BIO_new(BIO_s_file());
+ out = BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL)) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
#endif
- if (oidfile != NULL)
- {
- if (BIO_read_filename(in,oidfile) <= 0)
- {
- BIO_printf(bio_err,"problems opening %s\n",oidfile);
- ERR_print_errors(bio_err);
- goto end;
- }
- OBJ_create_objects(in);
- }
-
- if (infile == NULL)
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(in,infile) <= 0)
- {
- perror(infile);
- goto end;
- }
- }
-
- if (derfile) {
- if(!(derout = BIO_new_file(derfile, "wb"))) {
- BIO_printf(bio_err,"problems opening %s\n",derfile);
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-
- if ((buf=BUF_MEM_new()) == NULL) goto end;
- if (!BUF_MEM_grow(buf,BUFSIZ*8)) goto end; /* Pre-allocate :-) */
-
- if (genstr || genconf)
- {
- num = do_generate(bio_err, genstr, genconf, buf);
- if (num < 0)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-
- else
- {
-
- if (informat == FORMAT_PEM)
- {
- BIO *tmp;
-
- if ((b64=BIO_new(BIO_f_base64())) == NULL)
- goto end;
- BIO_push(b64,in);
- tmp=in;
- in=b64;
- b64=tmp;
- }
-
- num=0;
- for (;;)
- {
- if (!BUF_MEM_grow(buf,(int)num+BUFSIZ)) goto end;
- i=BIO_read(in,&(buf->data[num]),BUFSIZ);
- if (i <= 0) break;
- num+=i;
- }
- }
- str=buf->data;
-
- /* If any structs to parse go through in sequence */
-
- if (sk_OPENSSL_STRING_num(osk))
- {
- tmpbuf=(unsigned char *)str;
- tmplen=num;
- for (i=0; i<sk_OPENSSL_STRING_num(osk); i++)
- {
- ASN1_TYPE *atmp;
- int typ;
- j=atoi(sk_OPENSSL_STRING_value(osk,i));
- if (j == 0)
- {
- BIO_printf(bio_err,"'%s' is an invalid number\n",sk_OPENSSL_STRING_value(osk,i));
- continue;
- }
- tmpbuf+=j;
- tmplen-=j;
- atmp = at;
- ctmpbuf = tmpbuf;
- at = d2i_ASN1_TYPE(NULL,&ctmpbuf,tmplen);
- ASN1_TYPE_free(atmp);
- if(!at)
- {
- BIO_printf(bio_err,"Error parsing structure\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- typ = ASN1_TYPE_get(at);
- if ((typ == V_ASN1_OBJECT)
- || (typ == V_ASN1_NULL))
- {
- BIO_printf(bio_err, "Can't parse %s type\n",
- typ == V_ASN1_NULL ? "NULL" : "OBJECT");
- ERR_print_errors(bio_err);
- goto end;
- }
- /* hmm... this is a little evil but it works */
- tmpbuf=at->value.asn1_string->data;
- tmplen=at->value.asn1_string->length;
- }
- str=(char *)tmpbuf;
- num=tmplen;
- }
-
- if (offset >= num)
- {
- BIO_printf(bio_err, "Error: offset too large\n");
- goto end;
- }
-
- num -= offset;
-
- if ((length == 0) || ((long)length > num)) length=(unsigned int)num;
- if(derout) {
- if(BIO_write(derout, str + offset, length) != (int)length) {
- BIO_printf(bio_err, "Error writing output\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- }
- if (!noout &&
- !ASN1_parse_dump(out,(unsigned char *)&(str[offset]),length,
- indent,dump))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- ret=0;
-end:
- BIO_free(derout);
- if (in != NULL) BIO_free(in);
- if (out != NULL) BIO_free_all(out);
- if (b64 != NULL) BIO_free(b64);
- if (ret != 0)
- ERR_print_errors(bio_err);
- if (buf != NULL) BUF_MEM_free(buf);
- if (at != NULL) ASN1_TYPE_free(at);
- if (osk != NULL) sk_OPENSSL_STRING_free(osk);
- OBJ_cleanup();
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
+ if (oidfile != NULL) {
+ if (BIO_read_filename(in, oidfile) <= 0) {
+ BIO_printf(bio_err, "problems opening %s\n", oidfile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ OBJ_create_objects(in);
+ }
+
+ if (infile == NULL)
+ BIO_set_fp(in, stdin, BIO_NOCLOSE);
+ else {
+ if (BIO_read_filename(in, infile) <= 0) {
+ perror(infile);
+ goto end;
+ }
+ }
+
+ if (derfile) {
+ if (!(derout = BIO_new_file(derfile, "wb"))) {
+ BIO_printf(bio_err, "problems opening %s\n", derfile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if ((buf = BUF_MEM_new()) == NULL)
+ goto end;
+ if (!BUF_MEM_grow(buf, BUFSIZ * 8))
+ goto end; /* Pre-allocate :-) */
+
+ if (genstr || genconf) {
+ num = do_generate(bio_err, genstr, genconf, buf);
+ if (num < 0) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ else {
+
+ if (informat == FORMAT_PEM) {
+ BIO *tmp;
+
+ if ((b64 = BIO_new(BIO_f_base64())) == NULL)
+ goto end;
+ BIO_push(b64, in);
+ tmp = in;
+ in = b64;
+ b64 = tmp;
+ }
+
+ num = 0;
+ for (;;) {
+ if (!BUF_MEM_grow(buf, (int)num + BUFSIZ))
+ goto end;
+ i = BIO_read(in, &(buf->data[num]), BUFSIZ);
+ if (i <= 0)
+ break;
+ num += i;
+ }
+ }
+ str = buf->data;
+
+ /* If any structs to parse go through in sequence */
+
+ if (sk_OPENSSL_STRING_num(osk)) {
+ tmpbuf = (unsigned char *)str;
+ tmplen = num;
+ for (i = 0; i < sk_OPENSSL_STRING_num(osk); i++) {
+ ASN1_TYPE *atmp;
+ int typ;
+ j = atoi(sk_OPENSSL_STRING_value(osk, i));
+ if (j == 0) {
+ BIO_printf(bio_err, "'%s' is an invalid number\n",
+ sk_OPENSSL_STRING_value(osk, i));
+ continue;
+ }
+ tmpbuf += j;
+ tmplen -= j;
+ atmp = at;
+ ctmpbuf = tmpbuf;
+ at = d2i_ASN1_TYPE(NULL, &ctmpbuf, tmplen);
+ ASN1_TYPE_free(atmp);
+ if (!at) {
+ BIO_printf(bio_err, "Error parsing structure\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ typ = ASN1_TYPE_get(at);
+ if ((typ == V_ASN1_OBJECT)
+ || (typ == V_ASN1_NULL)) {
+ BIO_printf(bio_err, "Can't parse %s type\n",
+ typ == V_ASN1_NULL ? "NULL" : "OBJECT");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ /* hmm... this is a little evil but it works */
+ tmpbuf = at->value.asn1_string->data;
+ tmplen = at->value.asn1_string->length;
+ }
+ str = (char *)tmpbuf;
+ num = tmplen;
+ }
+
+ if (offset >= num) {
+ BIO_printf(bio_err, "Error: offset too large\n");
+ goto end;
+ }
+
+ num -= offset;
+
+ if ((length == 0) || ((long)length > num))
+ length = (unsigned int)num;
+ if (derout) {
+ if (BIO_write(derout, str + offset, length) != (int)length) {
+ BIO_printf(bio_err, "Error writing output\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+ if (!noout &&
+ !ASN1_parse_dump(out, (unsigned char *)&(str[offset]), length,
+ indent, dump)) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ ret = 0;
+ end:
+ BIO_free(derout);
+ if (in != NULL)
+ BIO_free(in);
+ if (out != NULL)
+ BIO_free_all(out);
+ if (b64 != NULL)
+ BIO_free(b64);
+ if (ret != 0)
+ ERR_print_errors(bio_err);
+ if (buf != NULL)
+ BUF_MEM_free(buf);
+ if (at != NULL)
+ ASN1_TYPE_free(at);
+ if (osk != NULL)
+ sk_OPENSSL_STRING_free(osk);
+ OBJ_cleanup();
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+}
static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
- {
- CONF *cnf = NULL;
- int len;
- long errline;
- unsigned char *p;
- ASN1_TYPE *atyp = NULL;
+{
+ CONF *cnf = NULL;
+ int len;
+ long errline;
+ unsigned char *p;
+ ASN1_TYPE *atyp = NULL;
- if (genconf)
- {
- cnf = NCONF_new(NULL);
- if (!NCONF_load(cnf, genconf, &errline))
- goto conferr;
- if (!genstr)
- genstr = NCONF_get_string(cnf, "default", "asn1");
- if (!genstr)
- {
- BIO_printf(bio, "Can't find 'asn1' in '%s'\n", genconf);
- goto err;
- }
- }
+ if (genconf) {
+ cnf = NCONF_new(NULL);
+ if (!NCONF_load(cnf, genconf, &errline))
+ goto conferr;
+ if (!genstr)
+ genstr = NCONF_get_string(cnf, "default", "asn1");
+ if (!genstr) {
+ BIO_printf(bio, "Can't find 'asn1' in '%s'\n", genconf);
+ goto err;
+ }
+ }
- atyp = ASN1_generate_nconf(genstr, cnf);
- NCONF_free(cnf);
- cnf = NULL;
+ atyp = ASN1_generate_nconf(genstr, cnf);
+ NCONF_free(cnf);
+ cnf = NULL;
- if (!atyp)
- return -1;
+ if (!atyp)
+ return -1;
- len = i2d_ASN1_TYPE(atyp, NULL);
+ len = i2d_ASN1_TYPE(atyp, NULL);
- if (len <= 0)
- goto err;
+ if (len <= 0)
+ goto err;
- if (!BUF_MEM_grow(buf,len))
- goto err;
+ if (!BUF_MEM_grow(buf, len))
+ goto err;
- p=(unsigned char *)buf->data;
+ p = (unsigned char *)buf->data;
- i2d_ASN1_TYPE(atyp, &p);
+ i2d_ASN1_TYPE(atyp, &p);
- ASN1_TYPE_free(atyp);
- return len;
+ ASN1_TYPE_free(atyp);
+ return len;
- conferr:
+ conferr:
- if (errline > 0)
- BIO_printf(bio, "Error on line %ld of config file '%s'\n",
- errline, genconf);
- else
- BIO_printf(bio, "Error loading config file '%s'\n", genconf);
+ if (errline > 0)
+ BIO_printf(bio, "Error on line %ld of config file '%s'\n",
+ errline, genconf);
+ else
+ BIO_printf(bio, "Error loading config file '%s'\n", genconf);
- err:
- NCONF_free(cnf);
- ASN1_TYPE_free(atyp);
+ err:
+ NCONF_free(cnf);
+ ASN1_TYPE_free(atyp);
- return -1;
+ return -1;
- }
+}
diff --git a/apps/ca.c b/apps/ca.c
index 613f5bee5cc3..5d29a64c57a0 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -76,117 +76,117 @@
#include <openssl/pem.h>
#ifndef W_OK
-# ifdef OPENSSL_SYS_VMS
-# if defined(__DECC)
-# include <unistd.h>
-# else
-# include <unixlib.h>
-# endif
-# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_NETWARE)
-# include <sys/file.h>
+# ifdef OPENSSL_SYS_VMS
+# if defined(__DECC)
+# include <unistd.h>
+# else
+# include <unixlib.h>
# endif
+# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_NETWARE)
+# include <sys/file.h>
+# endif
#endif
#include "apps.h"
#ifndef W_OK
-# define F_OK 0
-# define X_OK 1
-# define W_OK 2
-# define R_OK 4
+# define F_OK 0
+# define X_OK 1
+# define W_OK 2
+# define R_OK 4
#endif
#undef PROG
#define PROG ca_main
-#define BASE_SECTION "ca"
+#define BASE_SECTION "ca"
#define CONFIG_FILE "openssl.cnf"
-#define ENV_DEFAULT_CA "default_ca"
-
-#define STRING_MASK "string_mask"
-#define UTF8_IN "utf8"
-
-#define ENV_DIR "dir"
-#define ENV_CERTS "certs"
-#define ENV_CRL_DIR "crl_dir"
-#define ENV_CA_DB "CA_DB"
-#define ENV_NEW_CERTS_DIR "new_certs_dir"
-#define ENV_CERTIFICATE "certificate"
-#define ENV_SERIAL "serial"
-#define ENV_CRLNUMBER "crlnumber"
-#define ENV_CRL "crl"
-#define ENV_PRIVATE_KEY "private_key"
-#define ENV_RANDFILE "RANDFILE"
-#define ENV_DEFAULT_DAYS "default_days"
-#define ENV_DEFAULT_STARTDATE "default_startdate"
-#define ENV_DEFAULT_ENDDATE "default_enddate"
-#define ENV_DEFAULT_CRL_DAYS "default_crl_days"
-#define ENV_DEFAULT_CRL_HOURS "default_crl_hours"
-#define ENV_DEFAULT_MD "default_md"
-#define ENV_DEFAULT_EMAIL_DN "email_in_dn"
-#define ENV_PRESERVE "preserve"
-#define ENV_POLICY "policy"
-#define ENV_EXTENSIONS "x509_extensions"
-#define ENV_CRLEXT "crl_extensions"
-#define ENV_MSIE_HACK "msie_hack"
-#define ENV_NAMEOPT "name_opt"
-#define ENV_CERTOPT "cert_opt"
-#define ENV_EXTCOPY "copy_extensions"
-#define ENV_UNIQUE_SUBJECT "unique_subject"
-
-#define ENV_DATABASE "database"
+#define ENV_DEFAULT_CA "default_ca"
+
+#define STRING_MASK "string_mask"
+#define UTF8_IN "utf8"
+
+#define ENV_DIR "dir"
+#define ENV_CERTS "certs"
+#define ENV_CRL_DIR "crl_dir"
+#define ENV_CA_DB "CA_DB"
+#define ENV_NEW_CERTS_DIR "new_certs_dir"
+#define ENV_CERTIFICATE "certificate"
+#define ENV_SERIAL "serial"
+#define ENV_CRLNUMBER "crlnumber"
+#define ENV_CRL "crl"
+#define ENV_PRIVATE_KEY "private_key"
+#define ENV_RANDFILE "RANDFILE"
+#define ENV_DEFAULT_DAYS "default_days"
+#define ENV_DEFAULT_STARTDATE "default_startdate"
+#define ENV_DEFAULT_ENDDATE "default_enddate"
+#define ENV_DEFAULT_CRL_DAYS "default_crl_days"
+#define ENV_DEFAULT_CRL_HOURS "default_crl_hours"
+#define ENV_DEFAULT_MD "default_md"
+#define ENV_DEFAULT_EMAIL_DN "email_in_dn"
+#define ENV_PRESERVE "preserve"
+#define ENV_POLICY "policy"
+#define ENV_EXTENSIONS "x509_extensions"
+#define ENV_CRLEXT "crl_extensions"
+#define ENV_MSIE_HACK "msie_hack"
+#define ENV_NAMEOPT "name_opt"
+#define ENV_CERTOPT "cert_opt"
+#define ENV_EXTCOPY "copy_extensions"
+#define ENV_UNIQUE_SUBJECT "unique_subject"
+
+#define ENV_DATABASE "database"
/* Additional revocation information types */
-#define REV_NONE 0 /* No addditional information */
-#define REV_CRL_REASON 1 /* Value is CRL reason code */
-#define REV_HOLD 2 /* Value is hold instruction */
-#define REV_KEY_COMPROMISE 3 /* Value is cert key compromise time */
-#define REV_CA_COMPROMISE 4 /* Value is CA key compromise time */
-
-static const char *ca_usage[]={
-"usage: ca args\n",
-"\n",
-" -verbose - Talk alot while doing things\n",
-" -config file - A config file\n",
-" -name arg - The particular CA definition to use\n",
-" -gencrl - Generate a new CRL\n",
-" -crldays days - Days is when the next CRL is due\n",
-" -crlhours hours - Hours is when the next CRL is due\n",
-" -startdate YYMMDDHHMMSSZ - certificate validity notBefore\n",
-" -enddate YYMMDDHHMMSSZ - certificate validity notAfter (overrides -days)\n",
-" -days arg - number of days to certify the certificate for\n",
-" -md arg - md to use, one of md2, md5, sha or sha1\n",
-" -policy arg - The CA 'policy' to support\n",
-" -keyfile arg - private key file\n",
-" -keyform arg - private key file format (PEM or ENGINE)\n",
-" -key arg - key to decode the private key if it is encrypted\n",
-" -cert file - The CA certificate\n",
-" -selfsign - sign a certificate with the key associated with it\n",
-" -in file - The input PEM encoded certificate request(s)\n",
-" -out file - Where to put the output file(s)\n",
-" -outdir dir - Where to put output certificates\n",
-" -infiles .... - The last argument, requests to process\n",
-" -spkac file - File contains DN and signed public key and challenge\n",
-" -ss_cert file - File contains a self signed cert to sign\n",
-" -preserveDN - Don't re-order the DN\n",
-" -noemailDN - Don't add the EMAIL field into certificate' subject\n",
-" -batch - Don't ask questions\n",
-" -msie_hack - msie modifications to handle all those universal strings\n",
-" -revoke file - Revoke a certificate (given in file)\n",
-" -subj arg - Use arg instead of request's subject\n",
-" -utf8 - input characters are UTF8 (default ASCII)\n",
-" -multivalue-rdn - enable support for multivalued RDNs\n",
-" -extensions .. - Extension section (override value in config file)\n",
-" -extfile file - Configuration file with X509v3 extentions to add\n",
-" -crlexts .. - CRL extension section (override value in config file)\n",
+#define REV_NONE 0 /* No addditional information */
+#define REV_CRL_REASON 1 /* Value is CRL reason code */
+#define REV_HOLD 2 /* Value is hold instruction */
+#define REV_KEY_COMPROMISE 3 /* Value is cert key compromise time */
+#define REV_CA_COMPROMISE 4 /* Value is CA key compromise time */
+
+static const char *ca_usage[] = {
+ "usage: ca args\n",
+ "\n",
+ " -verbose - Talk alot while doing things\n",
+ " -config file - A config file\n",
+ " -name arg - The particular CA definition to use\n",
+ " -gencrl - Generate a new CRL\n",
+ " -crldays days - Days is when the next CRL is due\n",
+ " -crlhours hours - Hours is when the next CRL is due\n",
+ " -startdate YYMMDDHHMMSSZ - certificate validity notBefore\n",
+ " -enddate YYMMDDHHMMSSZ - certificate validity notAfter (overrides -days)\n",
+ " -days arg - number of days to certify the certificate for\n",
+ " -md arg - md to use, one of md2, md5, sha or sha1\n",
+ " -policy arg - The CA 'policy' to support\n",
+ " -keyfile arg - private key file\n",
+ " -keyform arg - private key file format (PEM or ENGINE)\n",
+ " -key arg - key to decode the private key if it is encrypted\n",
+ " -cert file - The CA certificate\n",
+ " -selfsign - sign a certificate with the key associated with it\n",
+ " -in file - The input PEM encoded certificate request(s)\n",
+ " -out file - Where to put the output file(s)\n",
+ " -outdir dir - Where to put output certificates\n",
+ " -infiles .... - The last argument, requests to process\n",
+ " -spkac file - File contains DN and signed public key and challenge\n",
+ " -ss_cert file - File contains a self signed cert to sign\n",
+ " -preserveDN - Don't re-order the DN\n",
+ " -noemailDN - Don't add the EMAIL field into certificate' subject\n",
+ " -batch - Don't ask questions\n",
+ " -msie_hack - msie modifications to handle all those universal strings\n",
+ " -revoke file - Revoke a certificate (given in file)\n",
+ " -subj arg - Use arg instead of request's subject\n",
+ " -utf8 - input characters are UTF8 (default ASCII)\n",
+ " -multivalue-rdn - enable support for multivalued RDNs\n",
+ " -extensions .. - Extension section (override value in config file)\n",
+ " -extfile file - Configuration file with X509v3 extentions to add\n",
+ " -crlexts .. - CRL extension section (override value in config file)\n",
#ifndef OPENSSL_NO_ENGINE
-" -engine e - use engine e, possibly a hardware device.\n",
+ " -engine e - use engine e, possibly a hardware device.\n",
#endif
-" -status serial - Shows certificate status given the serial number\n",
-" -updatedb - Updates db for expired certificates\n",
-NULL
+ " -status serial - Shows certificate status given the serial number\n",
+ " -updatedb - Updates db for expired certificates\n",
+ NULL
};
#ifdef EFENCE
@@ -196,36 +196,42 @@ extern int EF_ALIGNMENT;
#endif
static void lookup_fail(const char *name, const char *tag);
-static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
- const EVP_MD *dgst,STACK_OF(OPENSSL_STRING) *sigopts,
- STACK_OF(CONF_VALUE) *policy,CA_DB *db,
- BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate,
- char *enddate, long days, int batch, char *ext_sect, CONF *conf,
- int verbose, unsigned long certopt, unsigned long nameopt,
- int default_op, int ext_copy, int selfsign);
-static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
- const EVP_MD *dgst,STACK_OF(OPENSSL_STRING) *sigopts,
- STACK_OF(CONF_VALUE) *policy,
- CA_DB *db, BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn,
- char *startdate, char *enddate, long days, int batch,
- char *ext_sect, CONF *conf,int verbose, unsigned long certopt,
- unsigned long nameopt, int default_op, int ext_copy,
- ENGINE *e);
-static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
- const EVP_MD *dgst,STACK_OF(OPENSSL_STRING) *sigopts,
- STACK_OF(CONF_VALUE) *policy,
- CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn, int email_dn,
- char *startdate, char *enddate, long days, char *ext_sect,
- CONF *conf, int verbose, unsigned long certopt,
- unsigned long nameopt, int default_op, int ext_copy);
-static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
-static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
- STACK_OF(OPENSSL_STRING) *sigopts,
- STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn,
- int email_dn, char *startdate, char *enddate, long days, int batch,
- int verbose, X509_REQ *req, char *ext_sect, CONF *conf,
- unsigned long certopt, unsigned long nameopt, int default_op,
- int ext_copy, int selfsign);
+static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
+ const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
+ STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+ BIGNUM *serial, char *subj, unsigned long chtype,
+ int multirdn, int email_dn, char *startdate, char *enddate,
+ long days, int batch, char *ext_sect, CONF *conf,
+ int verbose, unsigned long certopt, unsigned long nameopt,
+ int default_op, int ext_copy, int selfsign);
+static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
+ const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
+ STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+ BIGNUM *serial, char *subj, unsigned long chtype,
+ int multirdn, int email_dn, char *startdate,
+ char *enddate, long days, int batch, char *ext_sect,
+ CONF *conf, int verbose, unsigned long certopt,
+ unsigned long nameopt, int default_op, int ext_copy,
+ ENGINE *e);
+static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey,
+ X509 *x509, const EVP_MD *dgst,
+ STACK_OF(OPENSSL_STRING) *sigopts,
+ STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+ BIGNUM *serial, char *subj, unsigned long chtype,
+ int multirdn, int email_dn, char *startdate,
+ char *enddate, long days, char *ext_sect, CONF *conf,
+ int verbose, unsigned long certopt,
+ unsigned long nameopt, int default_op, int ext_copy);
+static void write_new_certificate(BIO *bp, X509 *x, int output_der,
+ int notext);
+static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
+ const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
+ STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,
+ char *subj, unsigned long chtype, int multirdn,
+ int email_dn, char *startdate, char *enddate, long days,
+ int batch, int verbose, X509_REQ *req, char *ext_sect,
+ CONF *conf, unsigned long certopt, unsigned long nameopt,
+ int default_op, int ext_copy, int selfsign);
static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval);
static int get_certificate_status(const char *ser_status, CA_DB *db);
static int do_updatedb(CA_DB *db);
@@ -233,2783 +239,2668 @@ static int check_time_format(const char *str);
char *make_revocation_str(int rev_type, char *rev_arg);
int make_revoked(X509_REVOKED *rev, const char *str);
int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str);
-static CONF *conf=NULL;
-static CONF *extconf=NULL;
-static char *section=NULL;
-
-static int preserve=0;
-static int msie_hack=0;
+static CONF *conf = NULL;
+static CONF *extconf = NULL;
+static char *section = NULL;
+static int preserve = 0;
+static int msie_hack = 0;
int MAIN(int, char **);
int MAIN(int argc, char **argv)
- {
- ENGINE *e = NULL;
- char *key=NULL,*passargin=NULL;
- int create_ser = 0;
- int free_key = 0;
- int total=0;
- int total_done=0;
- int badops=0;
- int ret=1;
- int email_dn=1;
- int req=0;
- int verbose=0;
- int gencrl=0;
- int dorevoke=0;
- int doupdatedb=0;
- long crldays=0;
- long crlhours=0;
- long crlsec=0;
- long errorline= -1;
- char *configfile=NULL;
- char *md=NULL;
- char *policy=NULL;
- char *keyfile=NULL;
- char *certfile=NULL;
- int keyform=FORMAT_PEM;
- char *infile=NULL;
- char *spkac_file=NULL;
- char *ss_cert_file=NULL;
- char *ser_status=NULL;
- EVP_PKEY *pkey=NULL;
- int output_der = 0;
- char *outfile=NULL;
- char *outdir=NULL;
- char *serialfile=NULL;
- char *crlnumberfile=NULL;
- char *extensions=NULL;
- char *extfile=NULL;
- char *subj=NULL;
- unsigned long chtype = MBSTRING_ASC;
- int multirdn = 0;
- char *tmp_email_dn=NULL;
- char *crl_ext=NULL;
- int rev_type = REV_NONE;
- char *rev_arg = NULL;
- BIGNUM *serial=NULL;
- BIGNUM *crlnumber=NULL;
- char *startdate=NULL;
- char *enddate=NULL;
- long days=0;
- int batch=0;
- int notext=0;
- unsigned long nameopt = 0, certopt = 0;
- int default_op = 1;
- int ext_copy = EXT_COPY_NONE;
- int selfsign = 0;
- X509 *x509=NULL, *x509p = NULL;
- X509 *x=NULL;
- BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL;
- char *dbfile=NULL;
- CA_DB *db=NULL;
- X509_CRL *crl=NULL;
- X509_REVOKED *r=NULL;
- ASN1_TIME *tmptm;
- ASN1_INTEGER *tmpser;
- char *f;
- const char *p;
- char * const *pp;
- int i,j;
- const EVP_MD *dgst=NULL;
- STACK_OF(CONF_VALUE) *attribs=NULL;
- STACK_OF(X509) *cert_sk=NULL;
- STACK_OF(OPENSSL_STRING) *sigopts = NULL;
+{
+ ENGINE *e = NULL;
+ char *key = NULL, *passargin = NULL;
+ int create_ser = 0;
+ int free_key = 0;
+ int total = 0;
+ int total_done = 0;
+ int badops = 0;
+ int ret = 1;
+ int email_dn = 1;
+ int req = 0;
+ int verbose = 0;
+ int gencrl = 0;
+ int dorevoke = 0;
+ int doupdatedb = 0;
+ long crldays = 0;
+ long crlhours = 0;
+ long crlsec = 0;
+ long errorline = -1;
+ char *configfile = NULL;
+ char *md = NULL;
+ char *policy = NULL;
+ char *keyfile = NULL;
+ char *certfile = NULL;
+ int keyform = FORMAT_PEM;
+ char *infile = NULL;
+ char *spkac_file = NULL;
+ char *ss_cert_file = NULL;
+ char *ser_status = NULL;
+ EVP_PKEY *pkey = NULL;
+ int output_der = 0;
+ char *outfile = NULL;
+ char *outdir = NULL;
+ char *serialfile = NULL;
+ char *crlnumberfile = NULL;
+ char *extensions = NULL;
+ char *extfile = NULL;
+ char *subj = NULL;
+ unsigned long chtype = MBSTRING_ASC;
+ int multirdn = 0;
+ char *tmp_email_dn = NULL;
+ char *crl_ext = NULL;
+ int rev_type = REV_NONE;
+ char *rev_arg = NULL;
+ BIGNUM *serial = NULL;
+ BIGNUM *crlnumber = NULL;
+ char *startdate = NULL;
+ char *enddate = NULL;
+ long days = 0;
+ int batch = 0;
+ int notext = 0;
+ unsigned long nameopt = 0, certopt = 0;
+ int default_op = 1;
+ int ext_copy = EXT_COPY_NONE;
+ int selfsign = 0;
+ X509 *x509 = NULL, *x509p = NULL;
+ X509 *x = NULL;
+ BIO *in = NULL, *out = NULL, *Sout = NULL, *Cout = NULL;
+ char *dbfile = NULL;
+ CA_DB *db = NULL;
+ X509_CRL *crl = NULL;
+ X509_REVOKED *r = NULL;
+ ASN1_TIME *tmptm;
+ ASN1_INTEGER *tmpser;
+ char *f;
+ const char *p;
+ char *const *pp;
+ int i, j;
+ const EVP_MD *dgst = NULL;
+ STACK_OF(CONF_VALUE) *attribs = NULL;
+ STACK_OF(X509) *cert_sk = NULL;
+ STACK_OF(OPENSSL_STRING) *sigopts = NULL;
#undef BSIZE
#define BSIZE 256
- MS_STATIC char buf[3][BSIZE];
- char *randfile=NULL;
+ MS_STATIC char buf[3][BSIZE];
+ char *randfile = NULL;
#ifndef OPENSSL_NO_ENGINE
- char *engine = NULL;
+ char *engine = NULL;
#endif
- char *tofree=NULL;
- DB_ATTR db_attr;
+ char *tofree = NULL;
+ DB_ATTR db_attr;
#ifdef EFENCE
-EF_PROTECT_FREE=1;
-EF_PROTECT_BELOW=1;
-EF_ALIGNMENT=0;
+ EF_PROTECT_FREE = 1;
+ EF_PROTECT_BELOW = 1;
+ EF_ALIGNMENT = 0;
#endif
- apps_startup();
-
- conf = NULL;
- key = NULL;
- section = NULL;
-
- preserve=0;
- msie_hack=0;
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- argc--;
- argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-verbose") == 0)
- verbose=1;
- else if (strcmp(*argv,"-config") == 0)
- {
- if (--argc < 1) goto bad;
- configfile= *(++argv);
- }
- else if (strcmp(*argv,"-name") == 0)
- {
- if (--argc < 1) goto bad;
- section= *(++argv);
- }
- else if (strcmp(*argv,"-subj") == 0)
- {
- if (--argc < 1) goto bad;
- subj= *(++argv);
- /* preserve=1; */
- }
- else if (strcmp(*argv,"-utf8") == 0)
- chtype = MBSTRING_UTF8;
- else if (strcmp(*argv,"-create_serial") == 0)
- create_ser = 1;
- else if (strcmp(*argv,"-multivalue-rdn") == 0)
- multirdn=1;
- else if (strcmp(*argv,"-startdate") == 0)
- {
- if (--argc < 1) goto bad;
- startdate= *(++argv);
- }
- else if (strcmp(*argv,"-enddate") == 0)
- {
- if (--argc < 1) goto bad;
- enddate= *(++argv);
- }
- else if (strcmp(*argv,"-days") == 0)
- {
- if (--argc < 1) goto bad;
- days=atoi(*(++argv));
- }
- else if (strcmp(*argv,"-md") == 0)
- {
- if (--argc < 1) goto bad;
- md= *(++argv);
- }
- else if (strcmp(*argv,"-policy") == 0)
- {
- if (--argc < 1) goto bad;
- policy= *(++argv);
- }
- else if (strcmp(*argv,"-keyfile") == 0)
- {
- if (--argc < 1) goto bad;
- keyfile= *(++argv);
- }
- else if (strcmp(*argv,"-keyform") == 0)
- {
- if (--argc < 1) goto bad;
- keyform=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-passin") == 0)
- {
- if (--argc < 1) goto bad;
- passargin= *(++argv);
- }
- else if (strcmp(*argv,"-key") == 0)
- {
- if (--argc < 1) goto bad;
- key= *(++argv);
- }
- else if (strcmp(*argv,"-cert") == 0)
- {
- if (--argc < 1) goto bad;
- certfile= *(++argv);
- }
- else if (strcmp(*argv,"-selfsign") == 0)
- selfsign=1;
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- req=1;
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
- else if (strcmp(*argv,"-outdir") == 0)
- {
- if (--argc < 1) goto bad;
- outdir= *(++argv);
- }
- else if (strcmp(*argv,"-sigopt") == 0)
- {
- if (--argc < 1)
- goto bad;
- if (!sigopts)
- sigopts = sk_OPENSSL_STRING_new_null();
- if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
- goto bad;
- }
- else if (strcmp(*argv,"-notext") == 0)
- notext=1;
- else if (strcmp(*argv,"-batch") == 0)
- batch=1;
- else if (strcmp(*argv,"-preserveDN") == 0)
- preserve=1;
- else if (strcmp(*argv,"-noemailDN") == 0)
- email_dn=0;
- else if (strcmp(*argv,"-gencrl") == 0)
- gencrl=1;
- else if (strcmp(*argv,"-msie_hack") == 0)
- msie_hack=1;
- else if (strcmp(*argv,"-crldays") == 0)
- {
- if (--argc < 1) goto bad;
- crldays= atol(*(++argv));
- }
- else if (strcmp(*argv,"-crlhours") == 0)
- {
- if (--argc < 1) goto bad;
- crlhours= atol(*(++argv));
- }
- else if (strcmp(*argv,"-crlsec") == 0)
- {
- if (--argc < 1) goto bad;
- crlsec = atol(*(++argv));
- }
- else if (strcmp(*argv,"-infiles") == 0)
- {
- argc--;
- argv++;
- req=1;
- break;
- }
- else if (strcmp(*argv, "-ss_cert") == 0)
- {
- if (--argc < 1) goto bad;
- ss_cert_file = *(++argv);
- req=1;
- }
- else if (strcmp(*argv, "-spkac") == 0)
- {
- if (--argc < 1) goto bad;
- spkac_file = *(++argv);
- req=1;
- }
- else if (strcmp(*argv,"-revoke") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- dorevoke=1;
- }
- else if (strcmp(*argv,"-extensions") == 0)
- {
- if (--argc < 1) goto bad;
- extensions= *(++argv);
- }
- else if (strcmp(*argv,"-extfile") == 0)
- {
- if (--argc < 1) goto bad;
- extfile= *(++argv);
- }
- else if (strcmp(*argv,"-status") == 0)
- {
- if (--argc < 1) goto bad;
- ser_status= *(++argv);
- }
- else if (strcmp(*argv,"-updatedb") == 0)
- {
- doupdatedb=1;
- }
- else if (strcmp(*argv,"-crlexts") == 0)
- {
- if (--argc < 1) goto bad;
- crl_ext= *(++argv);
- }
- else if (strcmp(*argv,"-crl_reason") == 0)
- {
- if (--argc < 1) goto bad;
- rev_arg = *(++argv);
- rev_type = REV_CRL_REASON;
- }
- else if (strcmp(*argv,"-crl_hold") == 0)
- {
- if (--argc < 1) goto bad;
- rev_arg = *(++argv);
- rev_type = REV_HOLD;
- }
- else if (strcmp(*argv,"-crl_compromise") == 0)
- {
- if (--argc < 1) goto bad;
- rev_arg = *(++argv);
- rev_type = REV_KEY_COMPROMISE;
- }
- else if (strcmp(*argv,"-crl_CA_compromise") == 0)
- {
- if (--argc < 1) goto bad;
- rev_arg = *(++argv);
- rev_type = REV_CA_COMPROMISE;
- }
+ apps_startup();
+
+ conf = NULL;
+ key = NULL;
+ section = NULL;
+
+ preserve = 0;
+ msie_hack = 0;
+ if (bio_err == NULL)
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+ argc--;
+ argv++;
+ while (argc >= 1) {
+ if (strcmp(*argv, "-verbose") == 0)
+ verbose = 1;
+ else if (strcmp(*argv, "-config") == 0) {
+ if (--argc < 1)
+ goto bad;
+ configfile = *(++argv);
+ } else if (strcmp(*argv, "-name") == 0) {
+ if (--argc < 1)
+ goto bad;
+ section = *(++argv);
+ } else if (strcmp(*argv, "-subj") == 0) {
+ if (--argc < 1)
+ goto bad;
+ subj = *(++argv);
+ /* preserve=1; */
+ } else if (strcmp(*argv, "-utf8") == 0)
+ chtype = MBSTRING_UTF8;
+ else if (strcmp(*argv, "-create_serial") == 0)
+ create_ser = 1;
+ else if (strcmp(*argv, "-multivalue-rdn") == 0)
+ multirdn = 1;
+ else if (strcmp(*argv, "-startdate") == 0) {
+ if (--argc < 1)
+ goto bad;
+ startdate = *(++argv);
+ } else if (strcmp(*argv, "-enddate") == 0) {
+ if (--argc < 1)
+ goto bad;
+ enddate = *(++argv);
+ } else if (strcmp(*argv, "-days") == 0) {
+ if (--argc < 1)
+ goto bad;
+ days = atoi(*(++argv));
+ } else if (strcmp(*argv, "-md") == 0) {
+ if (--argc < 1)
+ goto bad;
+ md = *(++argv);
+ } else if (strcmp(*argv, "-policy") == 0) {
+ if (--argc < 1)
+ goto bad;
+ policy = *(++argv);
+ } else if (strcmp(*argv, "-keyfile") == 0) {
+ if (--argc < 1)
+ goto bad;
+ keyfile = *(++argv);
+ } else if (strcmp(*argv, "-keyform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ keyform = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-passin") == 0) {
+ if (--argc < 1)
+ goto bad;
+ passargin = *(++argv);
+ } else if (strcmp(*argv, "-key") == 0) {
+ if (--argc < 1)
+ goto bad;
+ key = *(++argv);
+ } else if (strcmp(*argv, "-cert") == 0) {
+ if (--argc < 1)
+ goto bad;
+ certfile = *(++argv);
+ } else if (strcmp(*argv, "-selfsign") == 0)
+ selfsign = 1;
+ else if (strcmp(*argv, "-in") == 0) {
+ if (--argc < 1)
+ goto bad;
+ infile = *(++argv);
+ req = 1;
+ } else if (strcmp(*argv, "-out") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outfile = *(++argv);
+ } else if (strcmp(*argv, "-outdir") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outdir = *(++argv);
+ } else if (strcmp(*argv, "-sigopt") == 0) {
+ if (--argc < 1)
+ goto bad;
+ if (!sigopts)
+ sigopts = sk_OPENSSL_STRING_new_null();
+ if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
+ goto bad;
+ } else if (strcmp(*argv, "-notext") == 0)
+ notext = 1;
+ else if (strcmp(*argv, "-batch") == 0)
+ batch = 1;
+ else if (strcmp(*argv, "-preserveDN") == 0)
+ preserve = 1;
+ else if (strcmp(*argv, "-noemailDN") == 0)
+ email_dn = 0;
+ else if (strcmp(*argv, "-gencrl") == 0)
+ gencrl = 1;
+ else if (strcmp(*argv, "-msie_hack") == 0)
+ msie_hack = 1;
+ else if (strcmp(*argv, "-crldays") == 0) {
+ if (--argc < 1)
+ goto bad;
+ crldays = atol(*(++argv));
+ } else if (strcmp(*argv, "-crlhours") == 0) {
+ if (--argc < 1)
+ goto bad;
+ crlhours = atol(*(++argv));
+ } else if (strcmp(*argv, "-crlsec") == 0) {
+ if (--argc < 1)
+ goto bad;
+ crlsec = atol(*(++argv));
+ } else if (strcmp(*argv, "-infiles") == 0) {
+ argc--;
+ argv++;
+ req = 1;
+ break;
+ } else if (strcmp(*argv, "-ss_cert") == 0) {
+ if (--argc < 1)
+ goto bad;
+ ss_cert_file = *(++argv);
+ req = 1;
+ } else if (strcmp(*argv, "-spkac") == 0) {
+ if (--argc < 1)
+ goto bad;
+ spkac_file = *(++argv);
+ req = 1;
+ } else if (strcmp(*argv, "-revoke") == 0) {
+ if (--argc < 1)
+ goto bad;
+ infile = *(++argv);
+ dorevoke = 1;
+ } else if (strcmp(*argv, "-extensions") == 0) {
+ if (--argc < 1)
+ goto bad;
+ extensions = *(++argv);
+ } else if (strcmp(*argv, "-extfile") == 0) {
+ if (--argc < 1)
+ goto bad;
+ extfile = *(++argv);
+ } else if (strcmp(*argv, "-status") == 0) {
+ if (--argc < 1)
+ goto bad;
+ ser_status = *(++argv);
+ } else if (strcmp(*argv, "-updatedb") == 0) {
+ doupdatedb = 1;
+ } else if (strcmp(*argv, "-crlexts") == 0) {
+ if (--argc < 1)
+ goto bad;
+ crl_ext = *(++argv);
+ } else if (strcmp(*argv, "-crl_reason") == 0) {
+ if (--argc < 1)
+ goto bad;
+ rev_arg = *(++argv);
+ rev_type = REV_CRL_REASON;
+ } else if (strcmp(*argv, "-crl_hold") == 0) {
+ if (--argc < 1)
+ goto bad;
+ rev_arg = *(++argv);
+ rev_type = REV_HOLD;
+ } else if (strcmp(*argv, "-crl_compromise") == 0) {
+ if (--argc < 1)
+ goto bad;
+ rev_arg = *(++argv);
+ rev_type = REV_KEY_COMPROMISE;
+ } else if (strcmp(*argv, "-crl_CA_compromise") == 0) {
+ if (--argc < 1)
+ goto bad;
+ rev_arg = *(++argv);
+ rev_type = REV_CA_COMPROMISE;
+ }
#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine= *(++argv);
- }
+ else if (strcmp(*argv, "-engine") == 0) {
+ if (--argc < 1)
+ goto bad;
+ engine = *(++argv);
+ }
#endif
- else
- {
-bad:
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badops=1;
- break;
- }
- argc--;
- argv++;
- }
-
- if (badops)
- {
- const char **pp2;
-
- for (pp2=ca_usage; (*pp2 != NULL); pp2++)
- BIO_printf(bio_err,"%s",*pp2);
- goto err;
- }
-
- ERR_load_crypto_strings();
-
- /*****************************************************************/
- tofree=NULL;
- if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
- if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
- if (configfile == NULL)
- {
- const char *s=X509_get_default_cert_area();
- size_t len;
+ else {
+ bad:
+ BIO_printf(bio_err, "unknown option %s\n", *argv);
+ badops = 1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops) {
+ const char **pp2;
+
+ for (pp2 = ca_usage; (*pp2 != NULL); pp2++)
+ BIO_printf(bio_err, "%s", *pp2);
+ goto err;
+ }
+
+ ERR_load_crypto_strings();
+
+ /*****************************************************************/
+ tofree = NULL;
+ if (configfile == NULL)
+ configfile = getenv("OPENSSL_CONF");
+ if (configfile == NULL)
+ configfile = getenv("SSLEAY_CONF");
+ if (configfile == NULL) {
+ const char *s = X509_get_default_cert_area();
+ size_t len;
#ifdef OPENSSL_SYS_VMS
- len = strlen(s)+sizeof(CONFIG_FILE);
- tofree=OPENSSL_malloc(len);
- strcpy(tofree,s);
+ len = strlen(s) + sizeof(CONFIG_FILE);
+ tofree = OPENSSL_malloc(len);
+ if(!tofree) {
+ BIO_printf(bio_err, "Out of memory\n");
+ goto err;
+ }
+ strcpy(tofree, s);
#else
- len = strlen(s)+sizeof(CONFIG_FILE)+1;
- tofree=OPENSSL_malloc(len);
- BUF_strlcpy(tofree,s,len);
- BUF_strlcat(tofree,"/",len);
+ len = strlen(s) + sizeof(CONFIG_FILE) + 1;
+ tofree = OPENSSL_malloc(len);
+ if(!tofree) {
+ BIO_printf(bio_err, "Out of memory\n");
+ goto err;
+ }
+ BUF_strlcpy(tofree, s, len);
+ BUF_strlcat(tofree, "/", len);
#endif
- BUF_strlcat(tofree,CONFIG_FILE,len);
- configfile=tofree;
- }
-
- BIO_printf(bio_err,"Using configuration from %s\n",configfile);
- conf = NCONF_new(NULL);
- if (NCONF_load(conf,configfile,&errorline) <= 0)
- {
- if (errorline <= 0)
- BIO_printf(bio_err,"error loading the config file '%s'\n",
- configfile);
- else
- BIO_printf(bio_err,"error on line %ld of config file '%s'\n"
- ,errorline,configfile);
- goto err;
- }
- if(tofree)
- {
- OPENSSL_free(tofree);
- tofree = NULL;
- }
-
- if (!load_config(bio_err, conf))
- goto err;
+ BUF_strlcat(tofree, CONFIG_FILE, len);
+ configfile = tofree;
+ }
+
+ BIO_printf(bio_err, "Using configuration from %s\n", configfile);
+ conf = NCONF_new(NULL);
+ if (NCONF_load(conf, configfile, &errorline) <= 0) {
+ if (errorline <= 0)
+ BIO_printf(bio_err, "error loading the config file '%s'\n",
+ configfile);
+ else
+ BIO_printf(bio_err, "error on line %ld of config file '%s'\n",
+ errorline, configfile);
+ goto err;
+ }
+ if (tofree) {
+ OPENSSL_free(tofree);
+ tofree = NULL;
+ }
+
+ if (!load_config(bio_err, conf))
+ goto err;
#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
+ e = setup_engine(bio_err, engine, 0);
#endif
- /* Lets get the config section we are using */
- if (section == NULL)
- {
- section=NCONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA);
- if (section == NULL)
- {
- lookup_fail(BASE_SECTION,ENV_DEFAULT_CA);
- goto err;
- }
- }
-
- if (conf != NULL)
- {
- p=NCONF_get_string(conf,NULL,"oid_file");
- if (p == NULL)
- ERR_clear_error();
- if (p != NULL)
- {
- BIO *oid_bio;
-
- oid_bio=BIO_new_file(p,"r");
- if (oid_bio == NULL)
- {
- /*
- BIO_printf(bio_err,"problems opening %s for extra oid's\n",p);
- ERR_print_errors(bio_err);
- */
- ERR_clear_error();
- }
- else
- {
- OBJ_create_objects(oid_bio);
- BIO_free(oid_bio);
- }
- }
- if (!add_oid_section(bio_err,conf))
- {
- ERR_print_errors(bio_err);
- goto err;
- }
- }
-
- randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
- if (randfile == NULL)
- ERR_clear_error();
- app_RAND_load_file(randfile, bio_err, 0);
-
- f = NCONF_get_string(conf, section, STRING_MASK);
- if (!f)
- ERR_clear_error();
-
- if(f && !ASN1_STRING_set_default_mask_asc(f)) {
- BIO_printf(bio_err, "Invalid global string mask setting %s\n", f);
- goto err;
- }
-
- if (chtype != MBSTRING_UTF8){
- f = NCONF_get_string(conf, section, UTF8_IN);
- if (!f)
- ERR_clear_error();
- else if (!strcmp(f, "yes"))
- chtype = MBSTRING_UTF8;
- }
-
- db_attr.unique_subject = 1;
- p = NCONF_get_string(conf, section, ENV_UNIQUE_SUBJECT);
- if (p)
- {
+ /* Lets get the config section we are using */
+ if (section == NULL) {
+ section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_CA);
+ if (section == NULL) {
+ lookup_fail(BASE_SECTION, ENV_DEFAULT_CA);
+ goto err;
+ }
+ }
+
+ if (conf != NULL) {
+ p = NCONF_get_string(conf, NULL, "oid_file");
+ if (p == NULL)
+ ERR_clear_error();
+ if (p != NULL) {
+ BIO *oid_bio;
+
+ oid_bio = BIO_new_file(p, "r");
+ if (oid_bio == NULL) {
+ /*-
+ BIO_printf(bio_err,"problems opening %s for extra oid's\n",p);
+ ERR_print_errors(bio_err);
+ */
+ ERR_clear_error();
+ } else {
+ OBJ_create_objects(oid_bio);
+ BIO_free(oid_bio);
+ }
+ }
+ if (!add_oid_section(bio_err, conf)) {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+ }
+
+ randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
+ if (randfile == NULL)
+ ERR_clear_error();
+ app_RAND_load_file(randfile, bio_err, 0);
+
+ f = NCONF_get_string(conf, section, STRING_MASK);
+ if (!f)
+ ERR_clear_error();
+
+ if (f && !ASN1_STRING_set_default_mask_asc(f)) {
+ BIO_printf(bio_err, "Invalid global string mask setting %s\n", f);
+ goto err;
+ }
+
+ if (chtype != MBSTRING_UTF8) {
+ f = NCONF_get_string(conf, section, UTF8_IN);
+ if (!f)
+ ERR_clear_error();
+ else if (!strcmp(f, "yes"))
+ chtype = MBSTRING_UTF8;
+ }
+
+ db_attr.unique_subject = 1;
+ p = NCONF_get_string(conf, section, ENV_UNIQUE_SUBJECT);
+ if (p) {
#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: unique_subject = \"%s\"\n", p);
+ BIO_printf(bio_err, "DEBUG: unique_subject = \"%s\"\n", p);
#endif
- db_attr.unique_subject = parse_yesno(p,1);
- }
- else
- ERR_clear_error();
+ db_attr.unique_subject = parse_yesno(p, 1);
+ } else
+ ERR_clear_error();
#ifdef RL_DEBUG
- if (!p)
- BIO_printf(bio_err, "DEBUG: unique_subject undefined\n");
+ if (!p)
+ BIO_printf(bio_err, "DEBUG: unique_subject undefined\n");
#endif
#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: configured unique_subject is %d\n",
- db_attr.unique_subject);
+ BIO_printf(bio_err, "DEBUG: configured unique_subject is %d\n",
+ db_attr.unique_subject);
#endif
-
- in=BIO_new(BIO_s_file());
- out=BIO_new(BIO_s_file());
- Sout=BIO_new(BIO_s_file());
- Cout=BIO_new(BIO_s_file());
- if ((in == NULL) || (out == NULL) || (Sout == NULL) || (Cout == NULL))
- {
- ERR_print_errors(bio_err);
- goto err;
- }
-
- /*****************************************************************/
- /* report status of cert with serial number given on command line */
- if (ser_status)
- {
- if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
- {
- lookup_fail(section,ENV_DATABASE);
- goto err;
- }
- db = load_index(dbfile,&db_attr);
- if (db == NULL) goto err;
-
- if (!index_index(db)) goto err;
-
- if (get_certificate_status(ser_status,db) != 1)
- BIO_printf(bio_err,"Error verifying serial %s!\n",
- ser_status);
- goto err;
- }
-
- /*****************************************************************/
- /* we definitely need a private key, so let's get it */
-
- if ((keyfile == NULL) && ((keyfile=NCONF_get_string(conf,
- section,ENV_PRIVATE_KEY)) == NULL))
- {
- lookup_fail(section,ENV_PRIVATE_KEY);
- goto err;
- }
- if (!key)
- {
- free_key = 1;
- if (!app_passwd(bio_err, passargin, NULL, &key, NULL))
- {
- BIO_printf(bio_err,"Error getting password\n");
- goto err;
- }
- }
- pkey = load_key(bio_err, keyfile, keyform, 0, key, e,
- "CA private key");
- if (key) OPENSSL_cleanse(key,strlen(key));
- if (pkey == NULL)
- {
- /* load_key() has already printed an appropriate message */
- goto err;
- }
-
- /*****************************************************************/
- /* we need a certificate */
- if (!selfsign || spkac_file || ss_cert_file || gencrl)
- {
- if ((certfile == NULL)
- && ((certfile=NCONF_get_string(conf,
- section,ENV_CERTIFICATE)) == NULL))
- {
- lookup_fail(section,ENV_CERTIFICATE);
- goto err;
- }
- x509=load_cert(bio_err, certfile, FORMAT_PEM, NULL, e,
- "CA certificate");
- if (x509 == NULL)
- goto err;
-
- if (!X509_check_private_key(x509,pkey))
- {
- BIO_printf(bio_err,"CA certificate and CA private key do not match\n");
- goto err;
- }
- }
- if (!selfsign) x509p = x509;
-
- f=NCONF_get_string(conf,BASE_SECTION,ENV_PRESERVE);
- if (f == NULL)
- ERR_clear_error();
- if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
- preserve=1;
- f=NCONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK);
- if (f == NULL)
- ERR_clear_error();
- if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
- msie_hack=1;
-
- f=NCONF_get_string(conf,section,ENV_NAMEOPT);
-
- if (f)
- {
- if (!set_name_ex(&nameopt, f))
- {
- BIO_printf(bio_err, "Invalid name options: \"%s\"\n", f);
- goto err;
- }
- default_op = 0;
- }
- else
- ERR_clear_error();
-
- f=NCONF_get_string(conf,section,ENV_CERTOPT);
-
- if (f)
- {
- if (!set_cert_ex(&certopt, f))
- {
- BIO_printf(bio_err, "Invalid certificate options: \"%s\"\n", f);
- goto err;
- }
- default_op = 0;
- }
- else
- ERR_clear_error();
-
- f=NCONF_get_string(conf,section,ENV_EXTCOPY);
-
- if (f)
- {
- if (!set_ext_copy(&ext_copy, f))
- {
- BIO_printf(bio_err, "Invalid extension copy option: \"%s\"\n", f);
- goto err;
- }
- }
- else
- ERR_clear_error();
-
- /*****************************************************************/
- /* lookup where to write new certificates */
- if ((outdir == NULL) && (req))
- {
-
- if ((outdir=NCONF_get_string(conf,section,ENV_NEW_CERTS_DIR))
- == NULL)
- {
- BIO_printf(bio_err,"there needs to be defined a directory for new certificate to be placed in\n");
- goto err;
- }
+
+ in = BIO_new(BIO_s_file());
+ out = BIO_new(BIO_s_file());
+ Sout = BIO_new(BIO_s_file());
+ Cout = BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL) || (Sout == NULL) || (Cout == NULL)) {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ /*****************************************************************/
+ /* report status of cert with serial number given on command line */
+ if (ser_status) {
+ if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) {
+ lookup_fail(section, ENV_DATABASE);
+ goto err;
+ }
+ db = load_index(dbfile, &db_attr);
+ if (db == NULL)
+ goto err;
+
+ if (!index_index(db))
+ goto err;
+
+ if (get_certificate_status(ser_status, db) != 1)
+ BIO_printf(bio_err, "Error verifying serial %s!\n", ser_status);
+ goto err;
+ }
+
+ /*****************************************************************/
+ /* we definitely need a private key, so let's get it */
+
+ if ((keyfile == NULL) && ((keyfile = NCONF_get_string(conf,
+ section,
+ ENV_PRIVATE_KEY)) ==
+ NULL)) {
+ lookup_fail(section, ENV_PRIVATE_KEY);
+ goto err;
+ }
+ if (!key) {
+ free_key = 1;
+ if (!app_passwd(bio_err, passargin, NULL, &key, NULL)) {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto err;
+ }
+ }
+ pkey = load_key(bio_err, keyfile, keyform, 0, key, e, "CA private key");
+ if (key)
+ OPENSSL_cleanse(key, strlen(key));
+ if (pkey == NULL) {
+ /* load_key() has already printed an appropriate message */
+ goto err;
+ }
+
+ /*****************************************************************/
+ /* we need a certificate */
+ if (!selfsign || spkac_file || ss_cert_file || gencrl) {
+ if ((certfile == NULL)
+ && ((certfile = NCONF_get_string(conf,
+ section,
+ ENV_CERTIFICATE)) == NULL)) {
+ lookup_fail(section, ENV_CERTIFICATE);
+ goto err;
+ }
+ x509 = load_cert(bio_err, certfile, FORMAT_PEM, NULL, e,
+ "CA certificate");
+ if (x509 == NULL)
+ goto err;
+
+ if (!X509_check_private_key(x509, pkey)) {
+ BIO_printf(bio_err,
+ "CA certificate and CA private key do not match\n");
+ goto err;
+ }
+ }
+ if (!selfsign)
+ x509p = x509;
+
+ f = NCONF_get_string(conf, BASE_SECTION, ENV_PRESERVE);
+ if (f == NULL)
+ ERR_clear_error();
+ if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
+ preserve = 1;
+ f = NCONF_get_string(conf, BASE_SECTION, ENV_MSIE_HACK);
+ if (f == NULL)
+ ERR_clear_error();
+ if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
+ msie_hack = 1;
+
+ f = NCONF_get_string(conf, section, ENV_NAMEOPT);
+
+ if (f) {
+ if (!set_name_ex(&nameopt, f)) {
+ BIO_printf(bio_err, "Invalid name options: \"%s\"\n", f);
+ goto err;
+ }
+ default_op = 0;
+ } else
+ ERR_clear_error();
+
+ f = NCONF_get_string(conf, section, ENV_CERTOPT);
+
+ if (f) {
+ if (!set_cert_ex(&certopt, f)) {
+ BIO_printf(bio_err, "Invalid certificate options: \"%s\"\n", f);
+ goto err;
+ }
+ default_op = 0;
+ } else
+ ERR_clear_error();
+
+ f = NCONF_get_string(conf, section, ENV_EXTCOPY);
+
+ if (f) {
+ if (!set_ext_copy(&ext_copy, f)) {
+ BIO_printf(bio_err, "Invalid extension copy option: \"%s\"\n", f);
+ goto err;
+ }
+ } else
+ ERR_clear_error();
+
+ /*****************************************************************/
+ /* lookup where to write new certificates */
+ if ((outdir == NULL) && (req)) {
+
+ if ((outdir = NCONF_get_string(conf, section, ENV_NEW_CERTS_DIR))
+ == NULL) {
+ BIO_printf(bio_err,
+ "there needs to be defined a directory for new certificate to be placed in\n");
+ goto err;
+ }
#ifndef OPENSSL_SYS_VMS
- /* outdir is a directory spec, but access() for VMS demands a
- filename. In any case, stat(), below, will catch the problem
- if outdir is not a directory spec, and the fopen() or open()
- will catch an error if there is no write access.
-
- Presumably, this problem could also be solved by using the DEC
- C routines to convert the directory syntax to Unixly, and give
- that to access(). However, time's too short to do that just
- now.
- */
-#ifndef _WIN32
- if (access(outdir,R_OK|W_OK|X_OK) != 0)
-#else
- if (_access(outdir,R_OK|W_OK|X_OK) != 0)
-#endif
- {
- BIO_printf(bio_err,"I am unable to access the %s directory\n",outdir);
- perror(outdir);
- goto err;
- }
-
- if (app_isdir(outdir)<=0)
- {
- BIO_printf(bio_err,"%s need to be a directory\n",outdir);
- perror(outdir);
- goto err;
- }
+ /*
+ * outdir is a directory spec, but access() for VMS demands a
+ * filename. In any case, stat(), below, will catch the problem if
+ * outdir is not a directory spec, and the fopen() or open() will
+ * catch an error if there is no write access.
+ *
+ * Presumably, this problem could also be solved by using the DEC C
+ * routines to convert the directory syntax to Unixly, and give that
+ * to access(). However, time's too short to do that just now.
+ */
+# ifndef _WIN32
+ if (access(outdir, R_OK | W_OK | X_OK) != 0)
+# else
+ if (_access(outdir, R_OK | W_OK | X_OK) != 0)
+# endif
+ {
+ BIO_printf(bio_err, "I am unable to access the %s directory\n",
+ outdir);
+ perror(outdir);
+ goto err;
+ }
+
+ if (app_isdir(outdir) <= 0) {
+ BIO_printf(bio_err, "%s need to be a directory\n", outdir);
+ perror(outdir);
+ goto err;
+ }
#endif
- }
-
- /*****************************************************************/
- /* we need to load the database file */
- if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
- {
- lookup_fail(section,ENV_DATABASE);
- goto err;
- }
- db = load_index(dbfile, &db_attr);
- if (db == NULL) goto err;
-
- /* Lets check some fields */
- for (i=0; i<sk_OPENSSL_PSTRING_num(db->db->data); i++)
- {
- pp=sk_OPENSSL_PSTRING_value(db->db->data,i);
- if ((pp[DB_type][0] != DB_TYPE_REV) &&
- (pp[DB_rev_date][0] != '\0'))
- {
- BIO_printf(bio_err,"entry %d: not revoked yet, but has a revocation date\n",i+1);
- goto err;
- }
- if ((pp[DB_type][0] == DB_TYPE_REV) &&
- !make_revoked(NULL, pp[DB_rev_date]))
- {
- BIO_printf(bio_err," in entry %d\n", i+1);
- goto err;
- }
- if (!check_time_format((char *)pp[DB_exp_date]))
- {
- BIO_printf(bio_err,"entry %d: invalid expiry date\n",i+1);
- goto err;
- }
- p=pp[DB_serial];
- j=strlen(p);
- if (*p == '-')
- {
- p++;
- j--;
- }
- if ((j&1) || (j < 2))
- {
- BIO_printf(bio_err,"entry %d: bad serial number length (%d)\n",i+1,j);
- goto err;
- }
- while (*p)
- {
- if (!( ((*p >= '0') && (*p <= '9')) ||
- ((*p >= 'A') && (*p <= 'F')) ||
- ((*p >= 'a') && (*p <= 'f'))) )
- {
- BIO_printf(bio_err,"entry %d: bad serial number characters, char pos %ld, char is '%c'\n",i+1,(long)(p-pp[DB_serial]),*p);
- goto err;
- }
- p++;
- }
- }
- if (verbose)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail */
+ }
+
+ /*****************************************************************/
+ /* we need to load the database file */
+ if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) {
+ lookup_fail(section, ENV_DATABASE);
+ goto err;
+ }
+ db = load_index(dbfile, &db_attr);
+ if (db == NULL)
+ goto err;
+
+ /* Lets check some fields */
+ for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+ pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
+ if ((pp[DB_type][0] != DB_TYPE_REV) && (pp[DB_rev_date][0] != '\0')) {
+ BIO_printf(bio_err,
+ "entry %d: not revoked yet, but has a revocation date\n",
+ i + 1);
+ goto err;
+ }
+ if ((pp[DB_type][0] == DB_TYPE_REV) &&
+ !make_revoked(NULL, pp[DB_rev_date])) {
+ BIO_printf(bio_err, " in entry %d\n", i + 1);
+ goto err;
+ }
+ if (!check_time_format((char *)pp[DB_exp_date])) {
+ BIO_printf(bio_err, "entry %d: invalid expiry date\n", i + 1);
+ goto err;
+ }
+ p = pp[DB_serial];
+ j = strlen(p);
+ if (*p == '-') {
+ p++;
+ j--;
+ }
+ if ((j & 1) || (j < 2)) {
+ BIO_printf(bio_err, "entry %d: bad serial number length (%d)\n",
+ i + 1, j);
+ goto err;
+ }
+ while (*p) {
+ if (!(((*p >= '0') && (*p <= '9')) ||
+ ((*p >= 'A') && (*p <= 'F')) ||
+ ((*p >= 'a') && (*p <= 'f')))) {
+ BIO_printf(bio_err,
+ "entry %d: bad serial number characters, char pos %ld, char is '%c'\n",
+ i + 1, (long)(p - pp[DB_serial]), *p);
+ goto err;
+ }
+ p++;
+ }
+ }
+ if (verbose) {
+ BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); /* cannot fail */
#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
#endif
- TXT_DB_write(out,db->db);
- BIO_printf(bio_err,"%d entries loaded from the database\n",
- sk_OPENSSL_PSTRING_num(db->db->data));
- BIO_printf(bio_err,"generating index\n");
- }
-
- if (!index_index(db)) goto err;
-
- /*****************************************************************/
- /* Update the db file for expired certificates */
- if (doupdatedb)
- {
- if (verbose)
- BIO_printf(bio_err, "Updating %s ...\n",
- dbfile);
-
- i = do_updatedb(db);
- if (i == -1)
- {
- BIO_printf(bio_err,"Malloc failure\n");
- goto err;
- }
- else if (i == 0)
- {
- if (verbose) BIO_printf(bio_err,
- "No entries found to mark expired\n");
- }
- else
- {
- if (!save_index(dbfile,"new",db)) goto err;
-
- if (!rotate_index(dbfile,"new","old")) goto err;
-
- if (verbose) BIO_printf(bio_err,
- "Done. %d entries marked as expired\n",i);
- }
- }
-
- /*****************************************************************/
- /* Read extentions config file */
- if (extfile)
- {
- extconf = NCONF_new(NULL);
- if (NCONF_load(extconf,extfile,&errorline) <= 0)
- {
- if (errorline <= 0)
- BIO_printf(bio_err, "ERROR: loading the config file '%s'\n",
- extfile);
- else
- BIO_printf(bio_err, "ERROR: on line %ld of config file '%s'\n",
- errorline,extfile);
- ret = 1;
- goto err;
- }
-
- if (verbose)
- BIO_printf(bio_err, "Successfully loaded extensions file %s\n", extfile);
-
- /* We can have sections in the ext file */
- if (!extensions && !(extensions = NCONF_get_string(extconf, "default", "extensions")))
- extensions = "default";
- }
-
- /*****************************************************************/
- if (req || gencrl)
- {
- if (outfile != NULL)
- {
- if (BIO_write_filename(Sout,outfile) <= 0)
- {
- perror(outfile);
- goto err;
- }
- }
- else
- {
- BIO_set_fp(Sout,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
+ TXT_DB_write(out, db->db);
+ BIO_printf(bio_err, "%d entries loaded from the database\n",
+ sk_OPENSSL_PSTRING_num(db->db->data));
+ BIO_printf(bio_err, "generating index\n");
+ }
+
+ if (!index_index(db))
+ goto err;
+
+ /*****************************************************************/
+ /* Update the db file for expired certificates */
+ if (doupdatedb) {
+ if (verbose)
+ BIO_printf(bio_err, "Updating %s ...\n", dbfile);
+
+ i = do_updatedb(db);
+ if (i == -1) {
+ BIO_printf(bio_err, "Malloc failure\n");
+ goto err;
+ } else if (i == 0) {
+ if (verbose)
+ BIO_printf(bio_err, "No entries found to mark expired\n");
+ } else {
+ if (!save_index(dbfile, "new", db))
+ goto err;
+
+ if (!rotate_index(dbfile, "new", "old"))
+ goto err;
+
+ if (verbose)
+ BIO_printf(bio_err,
+ "Done. %d entries marked as expired\n", i);
+ }
+ }
+
+ /*****************************************************************/
+ /* Read extentions config file */
+ if (extfile) {
+ extconf = NCONF_new(NULL);
+ if (NCONF_load(extconf, extfile, &errorline) <= 0) {
+ if (errorline <= 0)
+ BIO_printf(bio_err, "ERROR: loading the config file '%s'\n",
+ extfile);
+ else
+ BIO_printf(bio_err,
+ "ERROR: on line %ld of config file '%s'\n",
+ errorline, extfile);
+ ret = 1;
+ goto err;
+ }
+
+ if (verbose)
+ BIO_printf(bio_err, "Successfully loaded extensions file %s\n",
+ extfile);
+
+ /* We can have sections in the ext file */
+ if (!extensions
+ && !(extensions =
+ NCONF_get_string(extconf, "default", "extensions")))
+ extensions = "default";
+ }
+
+ /*****************************************************************/
+ if (req || gencrl) {
+ if (outfile != NULL) {
+ if (BIO_write_filename(Sout, outfile) <= 0) {
+ perror(outfile);
+ goto err;
+ }
+ } else {
+ BIO_set_fp(Sout, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- Sout = BIO_push(tmpbio, Sout);
- }
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ Sout = BIO_push(tmpbio, Sout);
+ }
#endif
- }
- }
-
- if ((md == NULL) && ((md=NCONF_get_string(conf,
- section,ENV_DEFAULT_MD)) == NULL))
- {
- lookup_fail(section,ENV_DEFAULT_MD);
- goto err;
- }
-
- if (!strcmp(md, "default"))
- {
- int def_nid;
- if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0)
- {
- BIO_puts(bio_err,"no default digest\n");
- goto err;
- }
- md = (char *)OBJ_nid2sn(def_nid);
- }
-
- if ((dgst=EVP_get_digestbyname(md)) == NULL)
- {
- BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
- goto err;
- }
-
- if (req)
- {
- if ((email_dn == 1) && ((tmp_email_dn=NCONF_get_string(conf,
- section,ENV_DEFAULT_EMAIL_DN)) != NULL ))
- {
- if(strcmp(tmp_email_dn,"no") == 0)
- email_dn=0;
- }
- if (verbose)
- BIO_printf(bio_err,"message digest is %s\n",
- OBJ_nid2ln(dgst->type));
- if ((policy == NULL) && ((policy=NCONF_get_string(conf,
- section,ENV_POLICY)) == NULL))
- {
- lookup_fail(section,ENV_POLICY);
- goto err;
- }
- if (verbose)
- BIO_printf(bio_err,"policy is %s\n",policy);
-
- if ((serialfile=NCONF_get_string(conf,section,ENV_SERIAL))
- == NULL)
- {
- lookup_fail(section,ENV_SERIAL);
- goto err;
- }
-
- if (!extconf)
- {
- /* no '-extfile' option, so we look for extensions
- * in the main configuration file */
- if (!extensions)
- {
- extensions=NCONF_get_string(conf,section,
- ENV_EXTENSIONS);
- if (!extensions)
- ERR_clear_error();
- }
- if (extensions)
- {
- /* Check syntax of file */
- X509V3_CTX ctx;
- X509V3_set_ctx_test(&ctx);
- X509V3_set_nconf(&ctx, conf);
- if (!X509V3_EXT_add_nconf(conf, &ctx, extensions,
- NULL))
- {
- BIO_printf(bio_err,
- "Error Loading extension section %s\n",
- extensions);
- ret = 1;
- goto err;
- }
- }
- }
-
- if (startdate == NULL)
- {
- startdate=NCONF_get_string(conf,section,
- ENV_DEFAULT_STARTDATE);
- if (startdate == NULL)
- ERR_clear_error();
- }
- if (startdate && !ASN1_TIME_set_string(NULL, startdate))
- {
- BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
- goto err;
- }
- if (startdate == NULL) startdate="today";
-
- if (enddate == NULL)
- {
- enddate=NCONF_get_string(conf,section,
- ENV_DEFAULT_ENDDATE);
- if (enddate == NULL)
- ERR_clear_error();
- }
- if (enddate && !ASN1_TIME_set_string(NULL, enddate))
- {
- BIO_printf(bio_err,"end date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
- goto err;
- }
-
- if (days == 0)
- {
- if(!NCONF_get_number(conf,section, ENV_DEFAULT_DAYS, &days))
- days = 0;
- }
- if (!enddate && (days == 0))
- {
- BIO_printf(bio_err,"cannot lookup how many days to certify for\n");
- goto err;
- }
-
- if ((serial=load_serial(serialfile, create_ser, NULL)) == NULL)
- {
- BIO_printf(bio_err,"error while loading serial number\n");
- goto err;
- }
- if (verbose)
- {
- if (BN_is_zero(serial))
- BIO_printf(bio_err,"next serial number is 00\n");
- else
- {
- if ((f=BN_bn2hex(serial)) == NULL) goto err;
- BIO_printf(bio_err,"next serial number is %s\n",f);
- OPENSSL_free(f);
- }
- }
-
- if ((attribs=NCONF_get_section(conf,policy)) == NULL)
- {
- BIO_printf(bio_err,"unable to find 'section' for %s\n",policy);
- goto err;
- }
-
- if ((cert_sk=sk_X509_new_null()) == NULL)
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto err;
- }
- if (spkac_file != NULL)
- {
- total++;
- j=certify_spkac(&x,spkac_file,pkey,x509,dgst,sigopts,
- attribs,db, serial,subj,chtype,multirdn,
- email_dn,startdate,enddate,days,extensions,
- conf,verbose,certopt,nameopt,default_op,ext_copy);
- if (j < 0) goto err;
- if (j > 0)
- {
- total_done++;
- BIO_printf(bio_err,"\n");
- if (!BN_add_word(serial,1)) goto err;
- if (!sk_X509_push(cert_sk,x))
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto err;
- }
- if (outfile)
- {
- output_der = 1;
- batch = 1;
- }
- }
- }
- if (ss_cert_file != NULL)
- {
- total++;
- j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,sigopts,
- attribs,
- db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch,
- extensions,conf,verbose, certopt, nameopt,
- default_op, ext_copy, e);
- if (j < 0) goto err;
- if (j > 0)
- {
- total_done++;
- BIO_printf(bio_err,"\n");
- if (!BN_add_word(serial,1)) goto err;
- if (!sk_X509_push(cert_sk,x))
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto err;
- }
- }
- }
- if (infile != NULL)
- {
- total++;
- j=certify(&x,infile,pkey,x509p,dgst,sigopts, attribs,db,
- serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch,
- extensions,conf,verbose, certopt, nameopt,
- default_op, ext_copy, selfsign);
- if (j < 0) goto err;
- if (j > 0)
- {
- total_done++;
- BIO_printf(bio_err,"\n");
- if (!BN_add_word(serial,1)) goto err;
- if (!sk_X509_push(cert_sk,x))
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto err;
- }
- }
- }
- for (i=0; i<argc; i++)
- {
- total++;
- j=certify(&x,argv[i],pkey,x509p,dgst,sigopts,attribs,db,
- serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch,
- extensions,conf,verbose, certopt, nameopt,
- default_op, ext_copy, selfsign);
- if (j < 0) goto err;
- if (j > 0)
- {
- total_done++;
- BIO_printf(bio_err,"\n");
- if (!BN_add_word(serial,1)) goto err;
- if (!sk_X509_push(cert_sk,x))
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto err;
- }
- }
- }
- /* we have a stack of newly certified certificates
- * and a data base and serial number that need
- * updating */
-
- if (sk_X509_num(cert_sk) > 0)
- {
- if (!batch)
- {
- BIO_printf(bio_err,"\n%d out of %d certificate requests certified, commit? [y/n]",total_done,total);
- (void)BIO_flush(bio_err);
- buf[0][0]='\0';
- if (!fgets(buf[0],10,stdin))
- {
- BIO_printf(bio_err,"CERTIFICATION CANCELED: I/O error\n");
- ret=0;
- goto err;
- }
- if ((buf[0][0] != 'y') && (buf[0][0] != 'Y'))
- {
- BIO_printf(bio_err,"CERTIFICATION CANCELED\n");
- ret=0;
- goto err;
- }
- }
-
- BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk));
-
- if (!save_serial(serialfile,"new",serial,NULL)) goto err;
-
- if (!save_index(dbfile, "new", db)) goto err;
- }
-
- if (verbose)
- BIO_printf(bio_err,"writing new certificates\n");
- for (i=0; i<sk_X509_num(cert_sk); i++)
- {
- int k;
- char *n;
-
- x=sk_X509_value(cert_sk,i);
-
- j=x->cert_info->serialNumber->length;
- p=(const char *)x->cert_info->serialNumber->data;
-
- if(strlen(outdir) >= (size_t)(j ? BSIZE-j*2-6 : BSIZE-8))
- {
- BIO_printf(bio_err,"certificate file name too long\n");
- goto err;
- }
-
- strcpy(buf[2],outdir);
+ }
+ }
+
+ if ((md == NULL) && ((md = NCONF_get_string(conf,
+ section,
+ ENV_DEFAULT_MD)) == NULL)) {
+ lookup_fail(section, ENV_DEFAULT_MD);
+ goto err;
+ }
+
+ if (!strcmp(md, "default")) {
+ int def_nid;
+ if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) {
+ BIO_puts(bio_err, "no default digest\n");
+ goto err;
+ }
+ md = (char *)OBJ_nid2sn(def_nid);
+ }
+
+ if ((dgst = EVP_get_digestbyname(md)) == NULL) {
+ BIO_printf(bio_err, "%s is an unsupported message digest type\n", md);
+ goto err;
+ }
+
+ if (req) {
+ if ((email_dn == 1) && ((tmp_email_dn = NCONF_get_string(conf,
+ section,
+ ENV_DEFAULT_EMAIL_DN))
+ != NULL)) {
+ if (strcmp(tmp_email_dn, "no") == 0)
+ email_dn = 0;
+ }
+ if (verbose)
+ BIO_printf(bio_err, "message digest is %s\n",
+ OBJ_nid2ln(dgst->type));
+ if ((policy == NULL) && ((policy = NCONF_get_string(conf,
+ section,
+ ENV_POLICY)) ==
+ NULL)) {
+ lookup_fail(section, ENV_POLICY);
+ goto err;
+ }
+ if (verbose)
+ BIO_printf(bio_err, "policy is %s\n", policy);
+
+ if ((serialfile = NCONF_get_string(conf, section, ENV_SERIAL))
+ == NULL) {
+ lookup_fail(section, ENV_SERIAL);
+ goto err;
+ }
+
+ if (!extconf) {
+ /*
+ * no '-extfile' option, so we look for extensions in the main
+ * configuration file
+ */
+ if (!extensions) {
+ extensions = NCONF_get_string(conf, section, ENV_EXTENSIONS);
+ if (!extensions)
+ ERR_clear_error();
+ }
+ if (extensions) {
+ /* Check syntax of file */
+ X509V3_CTX ctx;
+ X509V3_set_ctx_test(&ctx);
+ X509V3_set_nconf(&ctx, conf);
+ if (!X509V3_EXT_add_nconf(conf, &ctx, extensions, NULL)) {
+ BIO_printf(bio_err,
+ "Error Loading extension section %s\n",
+ extensions);
+ ret = 1;
+ goto err;
+ }
+ }
+ }
+
+ if (startdate == NULL) {
+ startdate = NCONF_get_string(conf, section,
+ ENV_DEFAULT_STARTDATE);
+ if (startdate == NULL)
+ ERR_clear_error();
+ }
+ if (startdate && !ASN1_TIME_set_string(NULL, startdate)) {
+ BIO_printf(bio_err,
+ "start date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
+ goto err;
+ }
+ if (startdate == NULL)
+ startdate = "today";
+
+ if (enddate == NULL) {
+ enddate = NCONF_get_string(conf, section, ENV_DEFAULT_ENDDATE);
+ if (enddate == NULL)
+ ERR_clear_error();
+ }
+ if (enddate && !ASN1_TIME_set_string(NULL, enddate)) {
+ BIO_printf(bio_err,
+ "end date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
+ goto err;
+ }
+
+ if (days == 0) {
+ if (!NCONF_get_number(conf, section, ENV_DEFAULT_DAYS, &days))
+ days = 0;
+ }
+ if (!enddate && (days == 0)) {
+ BIO_printf(bio_err,
+ "cannot lookup how many days to certify for\n");
+ goto err;
+ }
+
+ if ((serial = load_serial(serialfile, create_ser, NULL)) == NULL) {
+ BIO_printf(bio_err, "error while loading serial number\n");
+ goto err;
+ }
+ if (verbose) {
+ if (BN_is_zero(serial))
+ BIO_printf(bio_err, "next serial number is 00\n");
+ else {
+ if ((f = BN_bn2hex(serial)) == NULL)
+ goto err;
+ BIO_printf(bio_err, "next serial number is %s\n", f);
+ OPENSSL_free(f);
+ }
+ }
+
+ if ((attribs = NCONF_get_section(conf, policy)) == NULL) {
+ BIO_printf(bio_err, "unable to find 'section' for %s\n", policy);
+ goto err;
+ }
+
+ if ((cert_sk = sk_X509_new_null()) == NULL) {
+ BIO_printf(bio_err, "Memory allocation failure\n");
+ goto err;
+ }
+ if (spkac_file != NULL) {
+ total++;
+ j = certify_spkac(&x, spkac_file, pkey, x509, dgst, sigopts,
+ attribs, db, serial, subj, chtype, multirdn,
+ email_dn, startdate, enddate, days, extensions,
+ conf, verbose, certopt, nameopt, default_op,
+ ext_copy);
+ if (j < 0)
+ goto err;
+ if (j > 0) {
+ total_done++;
+ BIO_printf(bio_err, "\n");
+ if (!BN_add_word(serial, 1))
+ goto err;
+ if (!sk_X509_push(cert_sk, x)) {
+ BIO_printf(bio_err, "Memory allocation failure\n");
+ goto err;
+ }
+ if (outfile) {
+ output_der = 1;
+ batch = 1;
+ }
+ }
+ }
+ if (ss_cert_file != NULL) {
+ total++;
+ j = certify_cert(&x, ss_cert_file, pkey, x509, dgst, sigopts,
+ attribs,
+ db, serial, subj, chtype, multirdn, email_dn,
+ startdate, enddate, days, batch, extensions,
+ conf, verbose, certopt, nameopt, default_op,
+ ext_copy, e);
+ if (j < 0)
+ goto err;
+ if (j > 0) {
+ total_done++;
+ BIO_printf(bio_err, "\n");
+ if (!BN_add_word(serial, 1))
+ goto err;
+ if (!sk_X509_push(cert_sk, x)) {
+ BIO_printf(bio_err, "Memory allocation failure\n");
+ goto err;
+ }
+ }
+ }
+ if (infile != NULL) {
+ total++;
+ j = certify(&x, infile, pkey, x509p, dgst, sigopts, attribs, db,
+ serial, subj, chtype, multirdn, email_dn, startdate,
+ enddate, days, batch, extensions, conf, verbose,
+ certopt, nameopt, default_op, ext_copy, selfsign);
+ if (j < 0)
+ goto err;
+ if (j > 0) {
+ total_done++;
+ BIO_printf(bio_err, "\n");
+ if (!BN_add_word(serial, 1))
+ goto err;
+ if (!sk_X509_push(cert_sk, x)) {
+ BIO_printf(bio_err, "Memory allocation failure\n");
+ goto err;
+ }
+ }
+ }
+ for (i = 0; i < argc; i++) {
+ total++;
+ j = certify(&x, argv[i], pkey, x509p, dgst, sigopts, attribs, db,
+ serial, subj, chtype, multirdn, email_dn, startdate,
+ enddate, days, batch, extensions, conf, verbose,
+ certopt, nameopt, default_op, ext_copy, selfsign);
+ if (j < 0)
+ goto err;
+ if (j > 0) {
+ total_done++;
+ BIO_printf(bio_err, "\n");
+ if (!BN_add_word(serial, 1))
+ goto err;
+ if (!sk_X509_push(cert_sk, x)) {
+ BIO_printf(bio_err, "Memory allocation failure\n");
+ goto err;
+ }
+ }
+ }
+ /*
+ * we have a stack of newly certified certificates and a data base
+ * and serial number that need updating
+ */
+
+ if (sk_X509_num(cert_sk) > 0) {
+ if (!batch) {
+ BIO_printf(bio_err,
+ "\n%d out of %d certificate requests certified, commit? [y/n]",
+ total_done, total);
+ (void)BIO_flush(bio_err);
+ buf[0][0] = '\0';
+ if (!fgets(buf[0], 10, stdin)) {
+ BIO_printf(bio_err,
+ "CERTIFICATION CANCELED: I/O error\n");
+ ret = 0;
+ goto err;
+ }
+ if ((buf[0][0] != 'y') && (buf[0][0] != 'Y')) {
+ BIO_printf(bio_err, "CERTIFICATION CANCELED\n");
+ ret = 0;
+ goto err;
+ }
+ }
+
+ BIO_printf(bio_err, "Write out database with %d new entries\n",
+ sk_X509_num(cert_sk));
+
+ if (!save_serial(serialfile, "new", serial, NULL))
+ goto err;
+
+ if (!save_index(dbfile, "new", db))
+ goto err;
+ }
+
+ if (verbose)
+ BIO_printf(bio_err, "writing new certificates\n");
+ for (i = 0; i < sk_X509_num(cert_sk); i++) {
+ int k;
+ char *n;
+
+ x = sk_X509_value(cert_sk, i);
+
+ j = x->cert_info->serialNumber->length;
+ p = (const char *)x->cert_info->serialNumber->data;
+
+ if (strlen(outdir) >= (size_t)(j ? BSIZE - j * 2 - 6 : BSIZE - 8)) {
+ BIO_printf(bio_err, "certificate file name too long\n");
+ goto err;
+ }
+
+ strcpy(buf[2], outdir);
#ifndef OPENSSL_SYS_VMS
- BUF_strlcat(buf[2],"/",sizeof(buf[2]));
+ BUF_strlcat(buf[2], "/", sizeof(buf[2]));
#endif
- n=(char *)&(buf[2][strlen(buf[2])]);
- if (j > 0)
- {
- for (k=0; k<j; k++)
- {
- if (n >= &(buf[2][sizeof(buf[2])]))
- break;
- BIO_snprintf(n,
- &buf[2][0] + sizeof(buf[2]) - n,
- "%02X",(unsigned char)*(p++));
- n+=2;
- }
- }
- else
- {
- *(n++)='0';
- *(n++)='0';
- }
- *(n++)='.'; *(n++)='p'; *(n++)='e'; *(n++)='m';
- *n='\0';
- if (verbose)
- BIO_printf(bio_err,"writing %s\n",buf[2]);
-
- if (BIO_write_filename(Cout,buf[2]) <= 0)
- {
- perror(buf[2]);
- goto err;
- }
- write_new_certificate(Cout,x, 0, notext);
- write_new_certificate(Sout,x, output_der, notext);
- }
-
- if (sk_X509_num(cert_sk))
- {
- /* Rename the database and the serial file */
- if (!rotate_serial(serialfile,"new","old")) goto err;
-
- if (!rotate_index(dbfile,"new","old")) goto err;
-
- BIO_printf(bio_err,"Data Base Updated\n");
- }
- }
-
- /*****************************************************************/
- if (gencrl)
- {
- int crl_v2 = 0;
- if (!crl_ext)
- {
- crl_ext=NCONF_get_string(conf,section,ENV_CRLEXT);
- if (!crl_ext)
- ERR_clear_error();
- }
- if (crl_ext)
- {
- /* Check syntax of file */
- X509V3_CTX ctx;
- X509V3_set_ctx_test(&ctx);
- X509V3_set_nconf(&ctx, conf);
- if (!X509V3_EXT_add_nconf(conf, &ctx, crl_ext, NULL))
- {
- BIO_printf(bio_err,
- "Error Loading CRL extension section %s\n",
- crl_ext);
- ret = 1;
- goto err;
- }
- }
-
- if ((crlnumberfile=NCONF_get_string(conf,section,ENV_CRLNUMBER))
- != NULL)
- if ((crlnumber=load_serial(crlnumberfile,0,NULL)) == NULL)
- {
- BIO_printf(bio_err,"error while loading CRL number\n");
- goto err;
- }
-
- if (!crldays && !crlhours && !crlsec)
- {
- if (!NCONF_get_number(conf,section,
- ENV_DEFAULT_CRL_DAYS, &crldays))
- crldays = 0;
- if (!NCONF_get_number(conf,section,
- ENV_DEFAULT_CRL_HOURS, &crlhours))
- crlhours = 0;
- ERR_clear_error();
- }
- if ((crldays == 0) && (crlhours == 0) && (crlsec == 0))
- {
- BIO_printf(bio_err,"cannot lookup how long until the next CRL is issued\n");
- goto err;
- }
-
- if (verbose) BIO_printf(bio_err,"making CRL\n");
- if ((crl=X509_CRL_new()) == NULL) goto err;
- if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509))) goto err;
-
- tmptm = ASN1_TIME_new();
- if (!tmptm) goto err;
- X509_gmtime_adj(tmptm,0);
- X509_CRL_set_lastUpdate(crl, tmptm);
- if (!X509_time_adj_ex(tmptm, crldays, crlhours*60*60 + crlsec,
- NULL))
- {
- BIO_puts(bio_err, "error setting CRL nextUpdate\n");
- goto err;
- }
- X509_CRL_set_nextUpdate(crl, tmptm);
-
- ASN1_TIME_free(tmptm);
-
- for (i=0; i<sk_OPENSSL_PSTRING_num(db->db->data); i++)
- {
- pp=sk_OPENSSL_PSTRING_value(db->db->data,i);
- if (pp[DB_type][0] == DB_TYPE_REV)
- {
- if ((r=X509_REVOKED_new()) == NULL) goto err;
- j = make_revoked(r, pp[DB_rev_date]);
- if (!j) goto err;
- if (j == 2) crl_v2 = 1;
- if (!BN_hex2bn(&serial, pp[DB_serial]))
- goto err;
- tmpser = BN_to_ASN1_INTEGER(serial, NULL);
- BN_free(serial);
- serial = NULL;
- if (!tmpser)
- goto err;
- X509_REVOKED_set_serialNumber(r, tmpser);
- ASN1_INTEGER_free(tmpser);
- X509_CRL_add0_revoked(crl,r);
- }
- }
-
- /* sort the data so it will be written in serial
- * number order */
- X509_CRL_sort(crl);
-
- /* we now have a CRL */
- if (verbose) BIO_printf(bio_err,"signing CRL\n");
-
- /* Add any extensions asked for */
-
- if (crl_ext || crlnumberfile != NULL)
- {
- X509V3_CTX crlctx;
- X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
- X509V3_set_nconf(&crlctx, conf);
-
- if (crl_ext)
- if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
- crl_ext, crl)) goto err;
- if (crlnumberfile != NULL)
- {
- tmpser = BN_to_ASN1_INTEGER(crlnumber, NULL);
- if (!tmpser) goto err;
- X509_CRL_add1_ext_i2d(crl,NID_crl_number,tmpser,0,0);
- ASN1_INTEGER_free(tmpser);
- crl_v2 = 1;
- if (!BN_add_word(crlnumber,1)) goto err;
- }
- }
- if (crl_ext || crl_v2)
- {
- if (!X509_CRL_set_version(crl, 1))
- goto err; /* version 2 CRL */
- }
-
-
- if (crlnumberfile != NULL) /* we have a CRL number that need updating */
- if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) goto err;
-
- if (crlnumber)
- {
- BN_free(crlnumber);
- crlnumber = NULL;
- }
-
- if (!do_X509_CRL_sign(bio_err,crl,pkey,dgst,sigopts)) goto err;
-
- PEM_write_bio_X509_CRL(Sout,crl);
-
- if (crlnumberfile != NULL) /* Rename the crlnumber file */
- if (!rotate_serial(crlnumberfile,"new","old")) goto err;
-
- }
- /*****************************************************************/
- if (dorevoke)
- {
- if (infile == NULL)
- {
- BIO_printf(bio_err,"no input files\n");
- goto err;
- }
- else
- {
- X509 *revcert;
- revcert=load_cert(bio_err, infile, FORMAT_PEM,
- NULL, e, infile);
- if (revcert == NULL)
- goto err;
- j=do_revoke(revcert,db, rev_type, rev_arg);
- if (j <= 0) goto err;
- X509_free(revcert);
-
- if (!save_index(dbfile, "new", db)) goto err;
-
- if (!rotate_index(dbfile, "new", "old")) goto err;
-
- BIO_printf(bio_err,"Data Base Updated\n");
- }
- }
- /*****************************************************************/
- ret=0;
-err:
- if(tofree)
- OPENSSL_free(tofree);
- BIO_free_all(Cout);
- BIO_free_all(Sout);
- BIO_free_all(out);
- BIO_free_all(in);
-
- if (cert_sk)
- sk_X509_pop_free(cert_sk,X509_free);
-
- if (ret) ERR_print_errors(bio_err);
- app_RAND_write_file(randfile, bio_err);
- if (free_key && key)
- OPENSSL_free(key);
- BN_free(serial);
- BN_free(crlnumber);
- free_index(db);
- if (sigopts)
- sk_OPENSSL_STRING_free(sigopts);
- EVP_PKEY_free(pkey);
- if (x509) X509_free(x509);
- X509_CRL_free(crl);
- NCONF_free(conf);
- NCONF_free(extconf);
- OBJ_cleanup();
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
+ n = (char *)&(buf[2][strlen(buf[2])]);
+ if (j > 0) {
+ for (k = 0; k < j; k++) {
+ if (n >= &(buf[2][sizeof(buf[2])]))
+ break;
+ BIO_snprintf(n,
+ &buf[2][0] + sizeof(buf[2]) - n,
+ "%02X", (unsigned char)*(p++));
+ n += 2;
+ }
+ } else {
+ *(n++) = '0';
+ *(n++) = '0';
+ }
+ *(n++) = '.';
+ *(n++) = 'p';
+ *(n++) = 'e';
+ *(n++) = 'm';
+ *n = '\0';
+ if (verbose)
+ BIO_printf(bio_err, "writing %s\n", buf[2]);
+
+ if (BIO_write_filename(Cout, buf[2]) <= 0) {
+ perror(buf[2]);
+ goto err;
+ }
+ write_new_certificate(Cout, x, 0, notext);
+ write_new_certificate(Sout, x, output_der, notext);
+ }
+
+ if (sk_X509_num(cert_sk)) {
+ /* Rename the database and the serial file */
+ if (!rotate_serial(serialfile, "new", "old"))
+ goto err;
+
+ if (!rotate_index(dbfile, "new", "old"))
+ goto err;
+
+ BIO_printf(bio_err, "Data Base Updated\n");
+ }
+ }
+
+ /*****************************************************************/
+ if (gencrl) {
+ int crl_v2 = 0;
+ if (!crl_ext) {
+ crl_ext = NCONF_get_string(conf, section, ENV_CRLEXT);
+ if (!crl_ext)
+ ERR_clear_error();
+ }
+ if (crl_ext) {
+ /* Check syntax of file */
+ X509V3_CTX ctx;
+ X509V3_set_ctx_test(&ctx);
+ X509V3_set_nconf(&ctx, conf);
+ if (!X509V3_EXT_add_nconf(conf, &ctx, crl_ext, NULL)) {
+ BIO_printf(bio_err,
+ "Error Loading CRL extension section %s\n",
+ crl_ext);
+ ret = 1;
+ goto err;
+ }
+ }
+
+ if ((crlnumberfile = NCONF_get_string(conf, section, ENV_CRLNUMBER))
+ != NULL)
+ if ((crlnumber = load_serial(crlnumberfile, 0, NULL)) == NULL) {
+ BIO_printf(bio_err, "error while loading CRL number\n");
+ goto err;
+ }
+
+ if (!crldays && !crlhours && !crlsec) {
+ if (!NCONF_get_number(conf, section,
+ ENV_DEFAULT_CRL_DAYS, &crldays))
+ crldays = 0;
+ if (!NCONF_get_number(conf, section,
+ ENV_DEFAULT_CRL_HOURS, &crlhours))
+ crlhours = 0;
+ ERR_clear_error();
+ }
+ if ((crldays == 0) && (crlhours == 0) && (crlsec == 0)) {
+ BIO_printf(bio_err,
+ "cannot lookup how long until the next CRL is issued\n");
+ goto err;
+ }
+
+ if (verbose)
+ BIO_printf(bio_err, "making CRL\n");
+ if ((crl = X509_CRL_new()) == NULL)
+ goto err;
+ if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509)))
+ goto err;
+
+ tmptm = ASN1_TIME_new();
+ if (!tmptm)
+ goto err;
+ X509_gmtime_adj(tmptm, 0);
+ X509_CRL_set_lastUpdate(crl, tmptm);
+ if (!X509_time_adj_ex(tmptm, crldays, crlhours * 60 * 60 + crlsec,
+ NULL)) {
+ BIO_puts(bio_err, "error setting CRL nextUpdate\n");
+ goto err;
+ }
+ X509_CRL_set_nextUpdate(crl, tmptm);
+
+ ASN1_TIME_free(tmptm);
+
+ for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+ pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
+ if (pp[DB_type][0] == DB_TYPE_REV) {
+ if ((r = X509_REVOKED_new()) == NULL)
+ goto err;
+ j = make_revoked(r, pp[DB_rev_date]);
+ if (!j)
+ goto err;
+ if (j == 2)
+ crl_v2 = 1;
+ if (!BN_hex2bn(&serial, pp[DB_serial]))
+ goto err;
+ tmpser = BN_to_ASN1_INTEGER(serial, NULL);
+ BN_free(serial);
+ serial = NULL;
+ if (!tmpser)
+ goto err;
+ X509_REVOKED_set_serialNumber(r, tmpser);
+ ASN1_INTEGER_free(tmpser);
+ X509_CRL_add0_revoked(crl, r);
+ }
+ }
+
+ /*
+ * sort the data so it will be written in serial number order
+ */
+ X509_CRL_sort(crl);
+
+ /* we now have a CRL */
+ if (verbose)
+ BIO_printf(bio_err, "signing CRL\n");
+
+ /* Add any extensions asked for */
+
+ if (crl_ext || crlnumberfile != NULL) {
+ X509V3_CTX crlctx;
+ X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
+ X509V3_set_nconf(&crlctx, conf);
+
+ if (crl_ext)
+ if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx, crl_ext, crl))
+ goto err;
+ if (crlnumberfile != NULL) {
+ tmpser = BN_to_ASN1_INTEGER(crlnumber, NULL);
+ if (!tmpser)
+ goto err;
+ X509_CRL_add1_ext_i2d(crl, NID_crl_number, tmpser, 0, 0);
+ ASN1_INTEGER_free(tmpser);
+ crl_v2 = 1;
+ if (!BN_add_word(crlnumber, 1))
+ goto err;
+ }
+ }
+ if (crl_ext || crl_v2) {
+ if (!X509_CRL_set_version(crl, 1))
+ goto err; /* version 2 CRL */
+ }
+
+ /* we have a CRL number that need updating */
+ if (crlnumberfile != NULL)
+ if (!save_serial(crlnumberfile, "new", crlnumber, NULL))
+ goto err;
+
+ if (crlnumber) {
+ BN_free(crlnumber);
+ crlnumber = NULL;
+ }
+
+ if (!do_X509_CRL_sign(bio_err, crl, pkey, dgst, sigopts))
+ goto err;
+
+ PEM_write_bio_X509_CRL(Sout, crl);
+
+ if (crlnumberfile != NULL) /* Rename the crlnumber file */
+ if (!rotate_serial(crlnumberfile, "new", "old"))
+ goto err;
+
+ }
+ /*****************************************************************/
+ if (dorevoke) {
+ if (infile == NULL) {
+ BIO_printf(bio_err, "no input files\n");
+ goto err;
+ } else {
+ X509 *revcert;
+ revcert = load_cert(bio_err, infile, FORMAT_PEM, NULL, e, infile);
+ if (revcert == NULL)
+ goto err;
+ j = do_revoke(revcert, db, rev_type, rev_arg);
+ if (j <= 0)
+ goto err;
+ X509_free(revcert);
+
+ if (!save_index(dbfile, "new", db))
+ goto err;
+
+ if (!rotate_index(dbfile, "new", "old"))
+ goto err;
+
+ BIO_printf(bio_err, "Data Base Updated\n");
+ }
+ }
+ /*****************************************************************/
+ ret = 0;
+ err:
+ if (tofree)
+ OPENSSL_free(tofree);
+ BIO_free_all(Cout);
+ BIO_free_all(Sout);
+ BIO_free_all(out);
+ BIO_free_all(in);
+
+ if (cert_sk)
+ sk_X509_pop_free(cert_sk, X509_free);
+
+ if (ret)
+ ERR_print_errors(bio_err);
+ app_RAND_write_file(randfile, bio_err);
+ if (free_key && key)
+ OPENSSL_free(key);
+ BN_free(serial);
+ BN_free(crlnumber);
+ free_index(db);
+ if (sigopts)
+ sk_OPENSSL_STRING_free(sigopts);
+ EVP_PKEY_free(pkey);
+ if (x509)
+ X509_free(x509);
+ X509_CRL_free(crl);
+ NCONF_free(conf);
+ NCONF_free(extconf);
+ OBJ_cleanup();
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+}
static void lookup_fail(const char *name, const char *tag)
- {
- BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
- }
+{
+ BIO_printf(bio_err, "variable lookup failed for %s::%s\n", name, tag);
+}
static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
- const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
- STACK_OF(CONF_VALUE) *policy, CA_DB *db,
- BIGNUM *serial, char *subj,unsigned long chtype, int multirdn,
- int email_dn, char *startdate, char *enddate,
- long days, int batch, char *ext_sect, CONF *lconf, int verbose,
- unsigned long certopt, unsigned long nameopt, int default_op,
- int ext_copy, int selfsign)
- {
- X509_REQ *req=NULL;
- BIO *in=NULL;
- EVP_PKEY *pktmp=NULL;
- int ok= -1,i;
-
- in=BIO_new(BIO_s_file());
-
- if (BIO_read_filename(in,infile) <= 0)
- {
- perror(infile);
- goto err;
- }
- if ((req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL)) == NULL)
- {
- BIO_printf(bio_err,"Error reading certificate request in %s\n",
- infile);
- goto err;
- }
- if (verbose)
- X509_REQ_print(bio_err,req);
-
- BIO_printf(bio_err,"Check that the request matches the signature\n");
-
- if (selfsign && !X509_REQ_check_private_key(req,pkey))
- {
- BIO_printf(bio_err,"Certificate request and CA private key do not match\n");
- ok=0;
- goto err;
- }
- if ((pktmp=X509_REQ_get_pubkey(req)) == NULL)
- {
- BIO_printf(bio_err,"error unpacking public key\n");
- goto err;
- }
- i=X509_REQ_verify(req,pktmp);
- EVP_PKEY_free(pktmp);
- if (i < 0)
- {
- ok=0;
- BIO_printf(bio_err,"Signature verification problems....\n");
- ERR_print_errors(bio_err);
- goto err;
- }
- if (i == 0)
- {
- ok=0;
- BIO_printf(bio_err,"Signature did not match the certificate request\n");
- ERR_print_errors(bio_err);
- goto err;
- }
- else
- BIO_printf(bio_err,"Signature ok\n");
-
- ok=do_body(xret,pkey,x509,dgst,sigopts, policy,db,serial,subj,chtype,
- multirdn, email_dn,
- startdate,enddate,days,batch,verbose,req,ext_sect,lconf,
- certopt, nameopt, default_op, ext_copy, selfsign);
-
-err:
- if (req != NULL) X509_REQ_free(req);
- if (in != NULL) BIO_free(in);
- return(ok);
- }
+ const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
+ STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+ BIGNUM *serial, char *subj, unsigned long chtype,
+ int multirdn, int email_dn, char *startdate, char *enddate,
+ long days, int batch, char *ext_sect, CONF *lconf,
+ int verbose, unsigned long certopt, unsigned long nameopt,
+ int default_op, int ext_copy, int selfsign)
+{
+ X509_REQ *req = NULL;
+ BIO *in = NULL;
+ EVP_PKEY *pktmp = NULL;
+ int ok = -1, i;
+
+ in = BIO_new(BIO_s_file());
+
+ if (BIO_read_filename(in, infile) <= 0) {
+ perror(infile);
+ goto err;
+ }
+ if ((req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL)) == NULL) {
+ BIO_printf(bio_err, "Error reading certificate request in %s\n",
+ infile);
+ goto err;
+ }
+ if (verbose)
+ X509_REQ_print(bio_err, req);
+
+ BIO_printf(bio_err, "Check that the request matches the signature\n");
+
+ if (selfsign && !X509_REQ_check_private_key(req, pkey)) {
+ BIO_printf(bio_err,
+ "Certificate request and CA private key do not match\n");
+ ok = 0;
+ goto err;
+ }
+ if ((pktmp = X509_REQ_get_pubkey(req)) == NULL) {
+ BIO_printf(bio_err, "error unpacking public key\n");
+ goto err;
+ }
+ i = X509_REQ_verify(req, pktmp);
+ EVP_PKEY_free(pktmp);
+ if (i < 0) {
+ ok = 0;
+ BIO_printf(bio_err, "Signature verification problems....\n");
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+ if (i == 0) {
+ ok = 0;
+ BIO_printf(bio_err,
+ "Signature did not match the certificate request\n");
+ ERR_print_errors(bio_err);
+ goto err;
+ } else
+ BIO_printf(bio_err, "Signature ok\n");
+
+ ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj,
+ chtype, multirdn, email_dn, startdate, enddate, days, batch,
+ verbose, req, ext_sect, lconf, certopt, nameopt, default_op,
+ ext_copy, selfsign);
+
+ err:
+ if (req != NULL)
+ X509_REQ_free(req);
+ if (in != NULL)
+ BIO_free(in);
+ return (ok);
+}
static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
- const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
- STACK_OF(CONF_VALUE) *policy, CA_DB *db,
- BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate,
- long days, int batch, char *ext_sect, CONF *lconf, int verbose,
- unsigned long certopt, unsigned long nameopt, int default_op,
- int ext_copy, ENGINE *e)
- {
- X509 *req=NULL;
- X509_REQ *rreq=NULL;
- EVP_PKEY *pktmp=NULL;
- int ok= -1,i;
-
- if ((req=load_cert(bio_err, infile, FORMAT_PEM, NULL, e, infile)) == NULL)
- goto err;
- if (verbose)
- X509_print(bio_err,req);
-
- BIO_printf(bio_err,"Check that the request matches the signature\n");
-
- if ((pktmp=X509_get_pubkey(req)) == NULL)
- {
- BIO_printf(bio_err,"error unpacking public key\n");
- goto err;
- }
- i=X509_verify(req,pktmp);
- EVP_PKEY_free(pktmp);
- if (i < 0)
- {
- ok=0;
- BIO_printf(bio_err,"Signature verification problems....\n");
- goto err;
- }
- if (i == 0)
- {
- ok=0;
- BIO_printf(bio_err,"Signature did not match the certificate\n");
- goto err;
- }
- else
- BIO_printf(bio_err,"Signature ok\n");
-
- if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL)
- goto err;
-
- ok=do_body(xret,pkey,x509,dgst,sigopts,policy,db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,
- days,batch,verbose,rreq,ext_sect,lconf, certopt, nameopt, default_op,
- ext_copy, 0);
-
-err:
- if (rreq != NULL) X509_REQ_free(rreq);
- if (req != NULL) X509_free(req);
- return(ok);
- }
-
-static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
- STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy,
- CA_DB *db, BIGNUM *serial, char *subj,
- unsigned long chtype, int multirdn,
- int email_dn, char *startdate, char *enddate, long days, int batch,
- int verbose, X509_REQ *req, char *ext_sect, CONF *lconf,
- unsigned long certopt, unsigned long nameopt, int default_op,
- int ext_copy, int selfsign)
- {
- X509_NAME *name=NULL,*CAname=NULL,*subject=NULL, *dn_subject=NULL;
- ASN1_UTCTIME *tm,*tmptm;
- ASN1_STRING *str,*str2;
- ASN1_OBJECT *obj;
- X509 *ret=NULL;
- X509_CINF *ci;
- X509_NAME_ENTRY *ne;
- X509_NAME_ENTRY *tne,*push;
- EVP_PKEY *pktmp;
- int ok= -1,i,j,last,nid;
- const char *p;
- CONF_VALUE *cv;
- OPENSSL_STRING row[DB_NUMBER];
- OPENSSL_STRING *irow=NULL;
- OPENSSL_STRING *rrow=NULL;
- char buf[25];
-
- tmptm=ASN1_UTCTIME_new();
- if (tmptm == NULL)
- {
- BIO_printf(bio_err,"malloc error\n");
- return(0);
- }
-
- for (i=0; i<DB_NUMBER; i++)
- row[i]=NULL;
-
- if (subj)
- {
- X509_NAME *n = parse_name(subj, chtype, multirdn);
-
- if (!n)
- {
- ERR_print_errors(bio_err);
- goto err;
- }
- X509_REQ_set_subject_name(req,n);
- req->req_info->enc.modified = 1;
- X509_NAME_free(n);
- }
-
- if (default_op)
- BIO_printf(bio_err,"The Subject's Distinguished Name is as follows\n");
-
- name=X509_REQ_get_subject_name(req);
- for (i=0; i<X509_NAME_entry_count(name); i++)
- {
- ne= X509_NAME_get_entry(name,i);
- str=X509_NAME_ENTRY_get_data(ne);
- obj=X509_NAME_ENTRY_get_object(ne);
-
- if (msie_hack)
- {
- /* assume all type should be strings */
- nid=OBJ_obj2nid(ne->object);
-
- if (str->type == V_ASN1_UNIVERSALSTRING)
- ASN1_UNIVERSALSTRING_to_string(str);
-
- if ((str->type == V_ASN1_IA5STRING) &&
- (nid != NID_pkcs9_emailAddress))
- str->type=V_ASN1_T61STRING;
-
- if ((nid == NID_pkcs9_emailAddress) &&
- (str->type == V_ASN1_PRINTABLESTRING))
- str->type=V_ASN1_IA5STRING;
- }
-
- /* If no EMAIL is wanted in the subject */
- if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) && (!email_dn))
- continue;
-
- /* check some things */
- if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) &&
- (str->type != V_ASN1_IA5STRING))
- {
- BIO_printf(bio_err,"\nemailAddress type needs to be of type IA5STRING\n");
- goto err;
- }
- if ((str->type != V_ASN1_BMPSTRING) && (str->type != V_ASN1_UTF8STRING))
- {
- j=ASN1_PRINTABLE_type(str->data,str->length);
- if ( ((j == V_ASN1_T61STRING) &&
- (str->type != V_ASN1_T61STRING)) ||
- ((j == V_ASN1_IA5STRING) &&
- (str->type == V_ASN1_PRINTABLESTRING)))
- {
- BIO_printf(bio_err,"\nThe string contains characters that are illegal for the ASN.1 type\n");
- goto err;
- }
- }
-
- if (default_op)
- old_entry_print(bio_err, obj, str);
- }
-
- /* Ok, now we check the 'policy' stuff. */
- if ((subject=X509_NAME_new()) == NULL)
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto err;
- }
-
- /* take a copy of the issuer name before we mess with it. */
- if (selfsign)
- CAname=X509_NAME_dup(name);
- else
- CAname=X509_NAME_dup(x509->cert_info->subject);
- if (CAname == NULL) goto err;
- str=str2=NULL;
-
- for (i=0; i<sk_CONF_VALUE_num(policy); i++)
- {
- cv=sk_CONF_VALUE_value(policy,i); /* get the object id */
- if ((j=OBJ_txt2nid(cv->name)) == NID_undef)
- {
- BIO_printf(bio_err,"%s:unknown object type in 'policy' configuration\n",cv->name);
- goto err;
- }
- obj=OBJ_nid2obj(j);
-
- last= -1;
- for (;;)
- {
- /* lookup the object in the supplied name list */
- j=X509_NAME_get_index_by_OBJ(name,obj,last);
- if (j < 0)
- {
- if (last != -1) break;
- tne=NULL;
- }
- else
- {
- tne=X509_NAME_get_entry(name,j);
- }
- last=j;
-
- /* depending on the 'policy', decide what to do. */
- push=NULL;
- if (strcmp(cv->value,"optional") == 0)
- {
- if (tne != NULL)
- push=tne;
- }
- else if (strcmp(cv->value,"supplied") == 0)
- {
- if (tne == NULL)
- {
- BIO_printf(bio_err,"The %s field needed to be supplied and was missing\n",cv->name);
- goto err;
- }
- else
- push=tne;
- }
- else if (strcmp(cv->value,"match") == 0)
- {
- int last2;
-
- if (tne == NULL)
- {
- BIO_printf(bio_err,"The mandatory %s field was missing\n",cv->name);
- goto err;
- }
-
- last2= -1;
-
-again2:
- j=X509_NAME_get_index_by_OBJ(CAname,obj,last2);
- if ((j < 0) && (last2 == -1))
- {
- BIO_printf(bio_err,"The %s field does not exist in the CA certificate,\nthe 'policy' is misconfigured\n",cv->name);
- goto err;
- }
- if (j >= 0)
- {
- push=X509_NAME_get_entry(CAname,j);
- str=X509_NAME_ENTRY_get_data(tne);
- str2=X509_NAME_ENTRY_get_data(push);
- last2=j;
- if (ASN1_STRING_cmp(str,str2) != 0)
- goto again2;
- }
- if (j < 0)
- {
- BIO_printf(bio_err,"The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n",cv->name,((str2 == NULL)?"NULL":(char *)str2->data),((str == NULL)?"NULL":(char *)str->data));
- goto err;
- }
- }
- else
- {
- BIO_printf(bio_err,"%s:invalid type in 'policy' configuration\n",cv->value);
- goto err;
- }
-
- if (push != NULL)
- {
- if (!X509_NAME_add_entry(subject,push, -1, 0))
- {
- if (push != NULL)
- X509_NAME_ENTRY_free(push);
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto err;
- }
- }
- if (j < 0) break;
- }
- }
-
- if (preserve)
- {
- X509_NAME_free(subject);
- /* subject=X509_NAME_dup(X509_REQ_get_subject_name(req)); */
- subject=X509_NAME_dup(name);
- if (subject == NULL) goto err;
- }
-
- if (verbose)
- BIO_printf(bio_err,"The subject name appears to be ok, checking data base for clashes\n");
-
- /* Build the correct Subject if no e-mail is wanted in the subject */
- /* and add it later on because of the method extensions are added (altName) */
-
- if (email_dn)
- dn_subject = subject;
- else
- {
- X509_NAME_ENTRY *tmpne;
- /* Its best to dup the subject DN and then delete any email
- * addresses because this retains its structure.
- */
- if (!(dn_subject = X509_NAME_dup(subject)))
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto err;
- }
- while((i = X509_NAME_get_index_by_NID(dn_subject,
- NID_pkcs9_emailAddress, -1)) >= 0)
- {
- tmpne = X509_NAME_get_entry(dn_subject, i);
- X509_NAME_delete_entry(dn_subject, i);
- X509_NAME_ENTRY_free(tmpne);
- }
- }
-
- if (BN_is_zero(serial))
- row[DB_serial]=BUF_strdup("00");
- else
- row[DB_serial]=BN_bn2hex(serial);
- if (row[DB_serial] == NULL)
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto err;
- }
-
- if (db->attributes.unique_subject)
- {
- OPENSSL_STRING *crow=row;
-
- rrow=TXT_DB_get_by_index(db->db,DB_name,crow);
- if (rrow != NULL)
- {
- BIO_printf(bio_err,
- "ERROR:There is already a certificate for %s\n",
- row[DB_name]);
- }
- }
- if (rrow == NULL)
- {
- rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
- if (rrow != NULL)
- {
- BIO_printf(bio_err,"ERROR:Serial number %s has already been issued,\n",
- row[DB_serial]);
- BIO_printf(bio_err," check the database/serial_file for corruption\n");
- }
- }
-
- if (rrow != NULL)
- {
- BIO_printf(bio_err,
- "The matching entry has the following details\n");
- if (rrow[DB_type][0] == 'E')
- p="Expired";
- else if (rrow[DB_type][0] == 'R')
- p="Revoked";
- else if (rrow[DB_type][0] == 'V')
- p="Valid";
- else
- p="\ninvalid type, Data base error\n";
- BIO_printf(bio_err,"Type :%s\n",p);;
- if (rrow[DB_type][0] == 'R')
- {
- p=rrow[DB_exp_date]; if (p == NULL) p="undef";
- BIO_printf(bio_err,"Was revoked on:%s\n",p);
- }
- p=rrow[DB_exp_date]; if (p == NULL) p="undef";
- BIO_printf(bio_err,"Expires on :%s\n",p);
- p=rrow[DB_serial]; if (p == NULL) p="undef";
- BIO_printf(bio_err,"Serial Number :%s\n",p);
- p=rrow[DB_file]; if (p == NULL) p="undef";
- BIO_printf(bio_err,"File name :%s\n",p);
- p=rrow[DB_name]; if (p == NULL) p="undef";
- BIO_printf(bio_err,"Subject Name :%s\n",p);
- ok= -1; /* This is now a 'bad' error. */
- goto err;
- }
-
- /* We are now totally happy, lets make and sign the certificate */
- if (verbose)
- BIO_printf(bio_err,"Everything appears to be ok, creating and signing the certificate\n");
-
- if ((ret=X509_new()) == NULL) goto err;
- ci=ret->cert_info;
+ const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
+ STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+ BIGNUM *serial, char *subj, unsigned long chtype,
+ int multirdn, int email_dn, char *startdate,
+ char *enddate, long days, int batch, char *ext_sect,
+ CONF *lconf, int verbose, unsigned long certopt,
+ unsigned long nameopt, int default_op, int ext_copy,
+ ENGINE *e)
+{
+ X509 *req = NULL;
+ X509_REQ *rreq = NULL;
+ EVP_PKEY *pktmp = NULL;
+ int ok = -1, i;
+
+ if ((req =
+ load_cert(bio_err, infile, FORMAT_PEM, NULL, e, infile)) == NULL)
+ goto err;
+ if (verbose)
+ X509_print(bio_err, req);
+
+ BIO_printf(bio_err, "Check that the request matches the signature\n");
+
+ if ((pktmp = X509_get_pubkey(req)) == NULL) {
+ BIO_printf(bio_err, "error unpacking public key\n");
+ goto err;
+ }
+ i = X509_verify(req, pktmp);
+ EVP_PKEY_free(pktmp);
+ if (i < 0) {
+ ok = 0;
+ BIO_printf(bio_err, "Signature verification problems....\n");
+ goto err;
+ }
+ if (i == 0) {
+ ok = 0;
+ BIO_printf(bio_err, "Signature did not match the certificate\n");
+ goto err;
+ } else
+ BIO_printf(bio_err, "Signature ok\n");
+
+ if ((rreq = X509_to_X509_REQ(req, NULL, EVP_md5())) == NULL)
+ goto err;
+
+ ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj,
+ chtype, multirdn, email_dn, startdate, enddate, days, batch,
+ verbose, rreq, ext_sect, lconf, certopt, nameopt, default_op,
+ ext_copy, 0);
+
+ err:
+ if (rreq != NULL)
+ X509_REQ_free(rreq);
+ if (req != NULL)
+ X509_free(req);
+ return (ok);
+}
+
+static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
+ const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
+ STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,
+ char *subj, unsigned long chtype, int multirdn,
+ int email_dn, char *startdate, char *enddate, long days,
+ int batch, int verbose, X509_REQ *req, char *ext_sect,
+ CONF *lconf, unsigned long certopt, unsigned long nameopt,
+ int default_op, int ext_copy, int selfsign)
+{
+ X509_NAME *name = NULL, *CAname = NULL, *subject = NULL, *dn_subject =
+ NULL;
+ ASN1_UTCTIME *tm, *tmptm;
+ ASN1_STRING *str, *str2;
+ ASN1_OBJECT *obj;
+ X509 *ret = NULL;
+ X509_CINF *ci;
+ X509_NAME_ENTRY *ne;
+ X509_NAME_ENTRY *tne, *push;
+ EVP_PKEY *pktmp;
+ int ok = -1, i, j, last, nid;
+ const char *p;
+ CONF_VALUE *cv;
+ OPENSSL_STRING row[DB_NUMBER];
+ OPENSSL_STRING *irow = NULL;
+ OPENSSL_STRING *rrow = NULL;
+ char buf[25];
+
+ tmptm = ASN1_UTCTIME_new();
+ if (tmptm == NULL) {
+ BIO_printf(bio_err, "malloc error\n");
+ return (0);
+ }
+
+ for (i = 0; i < DB_NUMBER; i++)
+ row[i] = NULL;
+
+ if (subj) {
+ X509_NAME *n = parse_name(subj, chtype, multirdn);
+
+ if (!n) {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+ X509_REQ_set_subject_name(req, n);
+ req->req_info->enc.modified = 1;
+ X509_NAME_free(n);
+ }
+
+ if (default_op)
+ BIO_printf(bio_err,
+ "The Subject's Distinguished Name is as follows\n");
+
+ name = X509_REQ_get_subject_name(req);
+ for (i = 0; i < X509_NAME_entry_count(name); i++) {
+ ne = X509_NAME_get_entry(name, i);
+ str = X509_NAME_ENTRY_get_data(ne);
+ obj = X509_NAME_ENTRY_get_object(ne);
+
+ if (msie_hack) {
+ /* assume all type should be strings */
+ nid = OBJ_obj2nid(ne->object);
+
+ if (str->type == V_ASN1_UNIVERSALSTRING)
+ ASN1_UNIVERSALSTRING_to_string(str);
+
+ if ((str->type == V_ASN1_IA5STRING) &&
+ (nid != NID_pkcs9_emailAddress))
+ str->type = V_ASN1_T61STRING;
+
+ if ((nid == NID_pkcs9_emailAddress) &&
+ (str->type == V_ASN1_PRINTABLESTRING))
+ str->type = V_ASN1_IA5STRING;
+ }
+
+ /* If no EMAIL is wanted in the subject */
+ if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) && (!email_dn))
+ continue;
+
+ /* check some things */
+ if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) &&
+ (str->type != V_ASN1_IA5STRING)) {
+ BIO_printf(bio_err,
+ "\nemailAddress type needs to be of type IA5STRING\n");
+ goto err;
+ }
+ if ((str->type != V_ASN1_BMPSTRING)
+ && (str->type != V_ASN1_UTF8STRING)) {
+ j = ASN1_PRINTABLE_type(str->data, str->length);
+ if (((j == V_ASN1_T61STRING) &&
+ (str->type != V_ASN1_T61STRING)) ||
+ ((j == V_ASN1_IA5STRING) &&
+ (str->type == V_ASN1_PRINTABLESTRING))) {
+ BIO_printf(bio_err,
+ "\nThe string contains characters that are illegal for the ASN.1 type\n");
+ goto err;
+ }
+ }
+
+ if (default_op)
+ old_entry_print(bio_err, obj, str);
+ }
+
+ /* Ok, now we check the 'policy' stuff. */
+ if ((subject = X509_NAME_new()) == NULL) {
+ BIO_printf(bio_err, "Memory allocation failure\n");
+ goto err;
+ }
+
+ /* take a copy of the issuer name before we mess with it. */
+ if (selfsign)
+ CAname = X509_NAME_dup(name);
+ else
+ CAname = X509_NAME_dup(x509->cert_info->subject);
+ if (CAname == NULL)
+ goto err;
+ str = str2 = NULL;
+
+ for (i = 0; i < sk_CONF_VALUE_num(policy); i++) {
+ cv = sk_CONF_VALUE_value(policy, i); /* get the object id */
+ if ((j = OBJ_txt2nid(cv->name)) == NID_undef) {
+ BIO_printf(bio_err,
+ "%s:unknown object type in 'policy' configuration\n",
+ cv->name);
+ goto err;
+ }