Bug Summary

File:out/../deps/openssl/openssl/apps/lib/apps.c
Warning:line 1571, column 5
Value stored to 'j' is never read

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-unknown-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name apps.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 2 -pic-is-pie -mframe-pointer=all -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/home/maurizio/node-v18.6.0/out -resource-dir /usr/local/lib/clang/16.0.0 -D V8_DEPRECATION_WARNINGS -D V8_IMMINENT_DEPRECATION_WARNINGS -D _GLIBCXX_USE_CXX11_ABI=1 -D NODE_OPENSSL_CONF_NAME=nodejs_conf -D NODE_OPENSSL_HAS_QUIC -D __STDC_FORMAT_MACROS -D OPENSSL_NO_PINSHARED -D OPENSSL_THREADS -D OPENSSL_API_COMPAT=0x10100001L -D NDEBUG -D OPENSSL_USE_NODELETE -D L_ENDIAN -D OPENSSL_BUILDING_OPENSSL -D AES_ASM -D BSAES_ASM -D CMLL_ASM -D ECP_NISTZ256_ASM -D GHASH_ASM -D KECCAK1600_ASM -D MD5_ASM -D OPENSSL_BN_ASM_GF2m -D OPENSSL_BN_ASM_MONT -D OPENSSL_BN_ASM_MONT5 -D OPENSSL_CPUID_OBJ -D OPENSSL_IA32_SSE2 -D PADLOCK_ASM -D POLY1305_ASM -D SHA1_ASM -D SHA256_ASM -D SHA512_ASM -D VPAES_ASM -D WHIRLPOOL_ASM -D X25519_ASM -D OPENSSL_PIC -D OPENSSLDIR="/etc/ssl" -D ENGINESDIR="/dev/null" -D TERMIOS -I ../deps/openssl/openssl/apps/include -I ../deps/openssl/openssl -I ../deps/openssl/openssl/include -I ../deps/openssl/openssl/crypto -I ../deps/openssl/openssl/crypto/include -I ../deps/openssl/openssl/crypto/modes -I ../deps/openssl/openssl/crypto/ec/curve448 -I ../deps/openssl/openssl/crypto/ec/curve448/arch_32 -I ../deps/openssl/openssl/providers/common/include -I ../deps/openssl/openssl/providers/implementations/include -I ../deps/openssl/config -I ../deps/openssl/config/archs/linux-x86_64/asm/include -I ../deps/openssl/openssl/include -I ../deps/openssl/openssl/crypto/include -I ../deps/openssl/config/archs/linux-x86_64/asm -internal-isystem /usr/local/lib/clang/16.0.0/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-redhat-linux/8/../../../../x86_64-redhat-linux/include -internal-externc-isystem /include -internal-externc-isystem /usr/include -O3 -Wno-unused-parameter -Wno-missing-field-initializers -Wno-old-style-declaration -fdebug-compilation-dir=/home/maurizio/node-v18.6.0/out -ferror-limit 19 -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/scan-build-2022-08-22-142216-507842-1 -x c ../deps/openssl/openssl/apps/lib/apps.c
1/*
2 * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#if !defined(_POSIX_C_SOURCE200809L) && defined(OPENSSL_SYS_VMS)
11/*
12 * On VMS, you need to define this to get the declaration of fileno(). The
13 * value 2 is to make sure no function defined in POSIX-2 is left undefined.
14 */
15# define _POSIX_C_SOURCE200809L 2
16#endif
17
18#ifndef OPENSSL_NO_ENGINE
19/* We need to use some deprecated APIs */
20# define OPENSSL_SUPPRESS_DEPRECATED
21# include <openssl/engine.h>
22#endif
23
24#include <stdio.h>
25#include <stdlib.h>
26#include <string.h>
27#include <sys/types.h>
28#ifndef OPENSSL_NO_POSIX_IO
29# include <sys/stat.h>
30# include <fcntl.h>
31#endif
32#include <ctype.h>
33#include <errno(*__errno_location ()).h>
34#include <openssl/err.h>
35#include <openssl/x509.h>
36#include <openssl/x509v3.h>
37#include <openssl/http.h>
38#include <openssl/pem.h>
39#include <openssl/store.h>
40#include <openssl/pkcs12.h>
41#include <openssl/ui.h>
42#include <openssl/safestack.h>
43#include <openssl/rsa.h>
44#include <openssl/rand.h>
45#include <openssl/bn.h>
46#include <openssl/ssl.h>
47#include <openssl/store.h>
48#include <openssl/core_names.h>
49#include "s_apps.h"
50#include "apps.h"
51
52#ifdef _WIN32
53static int WIN32_rename(const char *from, const char *to);
54# define rename(from,to) WIN32_rename((from),(to))
55#endif
56
57#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
58# include <conio.h>
59#endif
60
61#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32) || defined(__BORLANDC__)
62# define _kbhit kbhit
63#endif
64
65static BIO *bio_open_default_(const char *filename, char mode, int format,
66 int quiet);
67
68#define PASS_SOURCE_SIZE_MAX4 4
69
70DEFINE_STACK_OF(CONF)struct stack_st_CONF; typedef int (*sk_CONF_compfunc)(const CONF
* const *a, const CONF *const *b); typedef void (*sk_CONF_freefunc
)(CONF *a); typedef CONF * (*sk_CONF_copyfunc)(const CONF *a)
; static __attribute__((unused)) inline int sk_CONF_num(const
struct stack_st_CONF *sk) { return OPENSSL_sk_num((const OPENSSL_STACK
*)sk); } static __attribute__((unused)) inline CONF *sk_CONF_value
(const struct stack_st_CONF *sk, int idx) { return (CONF *)OPENSSL_sk_value
((const OPENSSL_STACK *)sk, idx); } static __attribute__((unused
)) inline struct stack_st_CONF *sk_CONF_new(sk_CONF_compfunc compare
) { return (struct stack_st_CONF *)OPENSSL_sk_new((OPENSSL_sk_compfunc
)compare); } static __attribute__((unused)) inline struct stack_st_CONF
*sk_CONF_new_null(void) { return (struct stack_st_CONF *)OPENSSL_sk_new_null
(); } static __attribute__((unused)) inline struct stack_st_CONF
*sk_CONF_new_reserve(sk_CONF_compfunc compare, int n) { return
(struct stack_st_CONF *)OPENSSL_sk_new_reserve((OPENSSL_sk_compfunc
)compare, n); } static __attribute__((unused)) inline int sk_CONF_reserve
(struct stack_st_CONF *sk, int n) { return OPENSSL_sk_reserve
((OPENSSL_STACK *)sk, n); } static __attribute__((unused)) inline
void sk_CONF_free(struct stack_st_CONF *sk) { OPENSSL_sk_free
((OPENSSL_STACK *)sk); } static __attribute__((unused)) inline
void sk_CONF_zero(struct stack_st_CONF *sk) { OPENSSL_sk_zero
((OPENSSL_STACK *)sk); } static __attribute__((unused)) inline
CONF *sk_CONF_delete(struct stack_st_CONF *sk, int i) { return
(CONF *)OPENSSL_sk_delete((OPENSSL_STACK *)sk, i); } static __attribute__
((unused)) inline CONF *sk_CONF_delete_ptr(struct stack_st_CONF
*sk, CONF *ptr) { return (CONF *)OPENSSL_sk_delete_ptr((OPENSSL_STACK
*)sk, (const void *)ptr); } static __attribute__((unused)) inline
int sk_CONF_push(struct stack_st_CONF *sk, CONF *ptr) { return
OPENSSL_sk_push((OPENSSL_STACK *)sk, (const void *)ptr); } static
__attribute__((unused)) inline int sk_CONF_unshift(struct stack_st_CONF
*sk, CONF *ptr) { return OPENSSL_sk_unshift((OPENSSL_STACK *
)sk, (const void *)ptr); } static __attribute__((unused)) inline
CONF *sk_CONF_pop(struct stack_st_CONF *sk) { return (CONF *
)OPENSSL_sk_pop((OPENSSL_STACK *)sk); } static __attribute__(
(unused)) inline CONF *sk_CONF_shift(struct stack_st_CONF *sk
) { return (CONF *)OPENSSL_sk_shift((OPENSSL_STACK *)sk); } static
__attribute__((unused)) inline void sk_CONF_pop_free(struct stack_st_CONF
*sk, sk_CONF_freefunc freefunc) { OPENSSL_sk_pop_free((OPENSSL_STACK
*)sk, (OPENSSL_sk_freefunc)freefunc); } static __attribute__
((unused)) inline int sk_CONF_insert(struct stack_st_CONF *sk
, CONF *ptr, int idx) { return OPENSSL_sk_insert((OPENSSL_STACK
*)sk, (const void *)ptr, idx); } static __attribute__((unused
)) inline CONF *sk_CONF_set(struct stack_st_CONF *sk, int idx
, CONF *ptr) { return (CONF *)OPENSSL_sk_set((OPENSSL_STACK *
)sk, idx, (const void *)ptr); } static __attribute__((unused)
) inline int sk_CONF_find(struct stack_st_CONF *sk, CONF *ptr
) { return OPENSSL_sk_find((OPENSSL_STACK *)sk, (const void *
)ptr); } static __attribute__((unused)) inline int sk_CONF_find_ex
(struct stack_st_CONF *sk, CONF *ptr) { return OPENSSL_sk_find_ex
((OPENSSL_STACK *)sk, (const void *)ptr); } static __attribute__
((unused)) inline int sk_CONF_find_all(struct stack_st_CONF *
sk, CONF *ptr, int *pnum) { return OPENSSL_sk_find_all((OPENSSL_STACK
*)sk, (const void *)ptr, pnum); } static __attribute__((unused
)) inline void sk_CONF_sort(struct stack_st_CONF *sk) { OPENSSL_sk_sort
((OPENSSL_STACK *)sk); } static __attribute__((unused)) inline
int sk_CONF_is_sorted(const struct stack_st_CONF *sk) { return
OPENSSL_sk_is_sorted((const OPENSSL_STACK *)sk); } static __attribute__
((unused)) inline struct stack_st_CONF * sk_CONF_dup(const struct
stack_st_CONF *sk) { return (struct stack_st_CONF *)OPENSSL_sk_dup
((const OPENSSL_STACK *)sk); } static __attribute__((unused))
inline struct stack_st_CONF *sk_CONF_deep_copy(const struct stack_st_CONF
*sk, sk_CONF_copyfunc copyfunc, sk_CONF_freefunc freefunc) {
return (struct stack_st_CONF *)OPENSSL_sk_deep_copy((const OPENSSL_STACK
*)sk, (OPENSSL_sk_copyfunc)copyfunc, (OPENSSL_sk_freefunc)freefunc
); } static __attribute__((unused)) inline sk_CONF_compfunc sk_CONF_set_cmp_func
(struct stack_st_CONF *sk, sk_CONF_compfunc compare) { return
(sk_CONF_compfunc)OPENSSL_sk_set_cmp_func((OPENSSL_STACK *)sk
, (OPENSSL_sk_compfunc)compare); }
71
72typedef struct {
73 const char *name;
74 unsigned long flag;
75 unsigned long mask;
76} NAME_EX_TBL;
77
78static int set_table_opts(unsigned long *flags, const char *arg,
79 const NAME_EX_TBL * in_tbl);
80static int set_multi_opts(unsigned long *flags, const char *arg,
81 const NAME_EX_TBL * in_tbl);
82static
83int load_key_certs_crls_suppress(const char *uri, int format, int maybe_stdin,
84 const char *pass, const char *desc,
85 EVP_PKEY **ppkey, EVP_PKEY **ppubkey,
86 EVP_PKEY **pparams,
87 X509 **pcert, STACK_OF(X509)struct stack_st_X509 **pcerts,
88 X509_CRL **pcrl, STACK_OF(X509_CRL)struct stack_st_X509_CRL **pcrls,
89 int suppress_decode_errors);
90
91int app_init(long mesgwin);
92
93int chopup_args(ARGS *arg, char *buf)
94{
95 int quoted;
96 char c = '\0', *p = NULL((void*)0);
97
98 arg->argc = 0;
99 if (arg->size == 0) {
100 arg->size = 20;
101 arg->argv = app_malloc(sizeof(*arg->argv) * arg->size, "argv space");
102 }
103
104 for (p = buf;;) {
105 /* Skip whitespace. */
106 while (*p && isspace(_UC(*p))((*__ctype_b_loc ())[(int) ((((unsigned char)(*p))))] & (
unsigned short int) _ISspace)
)
107 p++;
108 if (*p == '\0')
109 break;
110
111 /* The start of something good :-) */
112 if (arg->argc >= arg->size) {
113 char **tmp;
114 arg->size += 20;
115 tmp = OPENSSL_realloc(arg->argv, sizeof(*arg->argv) * arg->size)CRYPTO_realloc(arg->argv, sizeof(*arg->argv) * arg->
size, "../deps/openssl/openssl/apps/lib/apps.c", 115)
;
116 if (tmp == NULL((void*)0))
117 return 0;
118 arg->argv = tmp;
119 }
120 quoted = *p == '\'' || *p == '"';
121 if (quoted)
122 c = *p++;
123 arg->argv[arg->argc++] = p;
124
125 /* now look for the end of this */
126 if (quoted) {
127 while (*p && *p != c)
128 p++;
129 *p++ = '\0';
130 } else {
131 while (*p && !isspace(_UC(*p))((*__ctype_b_loc ())[(int) ((((unsigned char)(*p))))] & (
unsigned short int) _ISspace)
)
132 p++;
133 if (*p)
134 *p++ = '\0';
135 }
136 }
137 arg->argv[arg->argc] = NULL((void*)0);
138 return 1;
139}
140
141#ifndef APP_INIT
142int app_init(long mesgwin)
143{
144 return 1;
145}
146#endif
147
148int ctx_set_verify_locations(SSL_CTX *ctx,
149 const char *CAfile, int noCAfile,
150 const char *CApath, int noCApath,
151 const char *CAstore, int noCAstore)
152{
153 if (CAfile == NULL((void*)0) && CApath == NULL((void*)0) && CAstore == NULL((void*)0)) {
154 if (!noCAfile && SSL_CTX_set_default_verify_file(ctx) <= 0)
155 return 0;
156 if (!noCApath && SSL_CTX_set_default_verify_dir(ctx) <= 0)
157 return 0;
158 if (!noCAstore && SSL_CTX_set_default_verify_store(ctx) <= 0)
159 return 0;
160
161 return 1;
162 }
163
164 if (CAfile != NULL((void*)0) && !SSL_CTX_load_verify_file(ctx, CAfile))
165 return 0;
166 if (CApath != NULL((void*)0) && !SSL_CTX_load_verify_dir(ctx, CApath))
167 return 0;
168 if (CAstore != NULL((void*)0) && !SSL_CTX_load_verify_store(ctx, CAstore))
169 return 0;
170 return 1;
171}
172
173#ifndef OPENSSL_NO_CT
174
175int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path)
176{
177 if (path == NULL((void*)0))
178 return SSL_CTX_set_default_ctlog_list_file(ctx);
179
180 return SSL_CTX_set_ctlog_list_file(ctx, path);
181}
182
183#endif
184
185static unsigned long nmflag = 0;
186static char nmflag_set = 0;
187
188int set_nameopt(const char *arg)
189{
190 int ret = set_name_ex(&nmflag, arg);
191
192 if (ret)
193 nmflag_set = 1;
194
195 return ret;
196}
197
198unsigned long get_nameopt(void)
199{
200 return (nmflag_set) ? nmflag : XN_FLAG_ONELINE((1 | 2 | 4 | 0x10 | 0x100 | 0x200) | 8 | (2 << 16) | (
1 << 23) | 0)
;
201}
202
203void dump_cert_text(BIO *out, X509 *x)
204{
205 print_name(out, "subject=", X509_get_subject_name(x));
206 print_name(out, "issuer=", X509_get_issuer_name(x));
207}
208
209int wrap_password_callback(char *buf, int bufsiz, int verify, void *userdata)
210{
211 return password_callback(buf, bufsiz, verify, (PW_CB_DATA *)userdata);
212}
213
214
215static char *app_get_pass(const char *arg, int keepbio);
216
217char *get_passwd(const char *pass, const char *desc)
218{
219 char *result = NULL((void*)0);
220
221 if (desc == NULL((void*)0))
222 desc = "<unknown>";
223 if (!app_passwd(pass, NULL((void*)0), &result, NULL((void*)0)))
224 BIO_printf(bio_err, "Error getting password for %s\n", desc);
225 if (pass != NULL((void*)0) && result == NULL((void*)0)) {
226 BIO_printf(bio_err,
227 "Trying plain input string (better precede with 'pass:')\n");
228 result = OPENSSL_strdup(pass)CRYPTO_strdup(pass, "../deps/openssl/openssl/apps/lib/apps.c"
, 228)
;
229 if (result == NULL((void*)0))
230 BIO_printf(bio_err, "Out of memory getting password for %s\n", desc);
231 }
232 return result;
233}
234
235int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2)
236{
237 int same = arg1 != NULL((void*)0) && arg2 != NULL((void*)0) && strcmp(arg1, arg2) == 0;
238
239 if (arg1 != NULL((void*)0)) {
240 *pass1 = app_get_pass(arg1, same);
241 if (*pass1 == NULL((void*)0))
242 return 0;
243 } else if (pass1 != NULL((void*)0)) {
244 *pass1 = NULL((void*)0);
245 }
246 if (arg2 != NULL((void*)0)) {
247 *pass2 = app_get_pass(arg2, same ? 2 : 0);
248 if (*pass2 == NULL((void*)0))
249 return 0;
250 } else if (pass2 != NULL((void*)0)) {
251 *pass2 = NULL((void*)0);
252 }
253 return 1;
254}
255
256static char *app_get_pass(const char *arg, int keepbio)
257{
258 static BIO *pwdbio = NULL((void*)0);
259 char *tmp, tpass[APP_PASS_LEN1024];
260 int i;
261
262 /* PASS_SOURCE_SIZE_MAX = max number of chars before ':' in below strings */
263 if (strncmp(arg, "pass:", 5) == 0)
264 return OPENSSL_strdup(arg + 5)CRYPTO_strdup(arg + 5, "../deps/openssl/openssl/apps/lib/apps.c"
, 264)
;
265 if (strncmp(arg, "env:", 4) == 0) {
266 tmp = getenv(arg + 4);
267 if (tmp == NULL((void*)0)) {
268 BIO_printf(bio_err, "No environment variable %s\n", arg + 4);
269 return NULL((void*)0);
270 }
271 return OPENSSL_strdup(tmp)CRYPTO_strdup(tmp, "../deps/openssl/openssl/apps/lib/apps.c",
271)
;
272 }
273 if (!keepbio || pwdbio == NULL((void*)0)) {
274 if (strncmp(arg, "file:", 5) == 0) {
275 pwdbio = BIO_new_file(arg + 5, "r");
276 if (pwdbio == NULL((void*)0)) {
277 BIO_printf(bio_err, "Can't open file %s\n", arg + 5);
278 return NULL((void*)0);
279 }
280#if !defined(_WIN32)
281 /*
282 * Under _WIN32, which covers even Win64 and CE, file
283 * descriptors referenced by BIO_s_fd are not inherited
284 * by child process and therefore below is not an option.
285 * It could have been an option if bss_fd.c was operating
286 * on real Windows descriptors, such as those obtained
287 * with CreateFile.
288 */
289 } else if (strncmp(arg, "fd:", 3) == 0) {
290 BIO *btmp;
291 i = atoi(arg + 3);
292 if (i >= 0)
293 pwdbio = BIO_new_fd(i, BIO_NOCLOSE0x00);
294 if ((i < 0) || pwdbio == NULL((void*)0)) {
295 BIO_printf(bio_err, "Can't access file descriptor %s\n", arg + 3);
296 return NULL((void*)0);
297 }
298 /*
299 * Can't do BIO_gets on an fd BIO so add a buffering BIO
300 */
301 btmp = BIO_new(BIO_f_buffer());
302 if (btmp == NULL((void*)0)) {
303 BIO_free_all(pwdbio);
304 pwdbio = NULL((void*)0);
305 BIO_printf(bio_err, "Out of memory\n");
306 return NULL((void*)0);
307 }
308 pwdbio = BIO_push(btmp, pwdbio);
309#endif
310 } else if (strcmp(arg, "stdin") == 0) {
311 pwdbio = dup_bio_in(FORMAT_TEXT(1 | 0x8000));
312 if (pwdbio == NULL((void*)0)) {
313 BIO_printf(bio_err, "Can't open BIO for stdin\n");
314 return NULL((void*)0);
315 }
316 } else {
317 /* argument syntax error; do not reveal too much about arg */
318 tmp = strchr(arg, ':');
319 if (tmp == NULL((void*)0) || tmp - arg > PASS_SOURCE_SIZE_MAX4)
320 BIO_printf(bio_err,
321 "Invalid password argument, missing ':' within the first %d chars\n",
322 PASS_SOURCE_SIZE_MAX4 + 1);
323 else
324 BIO_printf(bio_err,
325 "Invalid password argument, starting with \"%.*s\"\n",
326 (int)(tmp - arg + 1), arg);
327 return NULL((void*)0);
328 }
329 }
330 i = BIO_gets(pwdbio, tpass, APP_PASS_LEN1024);
331 if (keepbio != 1) {
332 BIO_free_all(pwdbio);
333 pwdbio = NULL((void*)0);
334 }
335 if (i <= 0) {
336 BIO_printf(bio_err, "Error reading password from BIO\n");
337 return NULL((void*)0);
338 }
339 tmp = strchr(tpass, '\n');
340 if (tmp != NULL((void*)0))
341 *tmp = 0;
342 return OPENSSL_strdup(tpass)CRYPTO_strdup(tpass, "../deps/openssl/openssl/apps/lib/apps.c"
, 342)
;
343}
344
345CONF *app_load_config_bio(BIO *in, const char *filename)
346{
347 long errorline = -1;
348 CONF *conf;
349 int i;
350
351 conf = NCONF_new_ex(app_get0_libctx(), NULL((void*)0));
352 i = NCONF_load_bio(conf, in, &errorline);
353 if (i > 0)
354 return conf;
355
356 if (errorline <= 0) {
357 BIO_printf(bio_err, "%s: Can't load ", opt_getprog());
358 } else {
359 BIO_printf(bio_err, "%s: Error on line %ld of ", opt_getprog(),
360 errorline);
361 }
362 if (filename != NULL((void*)0))
363 BIO_printf(bio_err, "config file \"%s\"\n", filename);
364 else
365 BIO_printf(bio_err, "config input");
366
367 NCONF_free(conf);
368 return NULL((void*)0);
369}
370
371CONF *app_load_config_verbose(const char *filename, int verbose)
372{
373 if (verbose) {
374 if (*filename == '\0')
375 BIO_printf(bio_err, "No configuration used\n");
376 else
377 BIO_printf(bio_err, "Using configuration from %s\n", filename);
378 }
379 return app_load_config_internal(filename, 0);
380}
381
382CONF *app_load_config_internal(const char *filename, int quiet)
383{
384 BIO *in;
385 CONF *conf;
386
387 if (filename == NULL((void*)0) || *filename != '\0') {
388 if ((in = bio_open_default_(filename, 'r', FORMAT_TEXT(1 | 0x8000), quiet)) == NULL((void*)0))
389 return NULL((void*)0);
390 conf = app_load_config_bio(in, filename);
391 BIO_free(in);
392 } else {
393 /* Return empty config if filename is empty string. */
394 conf = NCONF_new_ex(app_get0_libctx(), NULL((void*)0));
395 }
396 return conf;
397}
398
399int app_load_modules(const CONF *config)
400{
401 CONF *to_free = NULL((void*)0);
402
403 if (config == NULL((void*)0))
404 config = to_free = app_load_config_quiet(default_config_file)app_load_config_internal(default_config_file, 1);
405 if (config == NULL((void*)0))
406 return 1;
407
408 if (CONF_modules_load(config, NULL((void*)0), 0) <= 0) {
409 BIO_printf(bio_err, "Error configuring OpenSSL modules\n");
410 ERR_print_errors(bio_err);
411 NCONF_free(to_free);
412 return 0;
413 }
414 NCONF_free(to_free);
415 return 1;
416}
417
418int add_oid_section(CONF *conf)
419{
420 char *p;
421 STACK_OF(CONF_VALUE)struct stack_st_CONF_VALUE *sktmp;
422 CONF_VALUE *cnf;
423 int i;
424
425 if ((p = NCONF_get_string(conf, NULL((void*)0), "oid_section")) == NULL((void*)0)) {
426 ERR_clear_error();
427 return 1;
428 }
429 if ((sktmp = NCONF_get_section(conf, p)) == NULL((void*)0)) {
430 BIO_printf(bio_err, "problem loading oid section %s\n", p);
431 return 0;
432 }
433 for (i = 0; i < sk_CONF_VALUE_num(sktmp)OPENSSL_sk_num(ossl_check_const_CONF_VALUE_sk_type(sktmp)); i++) {
434 cnf = sk_CONF_VALUE_value(sktmp, i)((CONF_VALUE *)OPENSSL_sk_value(ossl_check_const_CONF_VALUE_sk_type
(sktmp), (i)))
;
435 if (OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef0) {
436 BIO_printf(bio_err, "problem creating object %s=%s\n",
437 cnf->name, cnf->value);
438 return 0;
439 }
440 }
441 return 1;
442}
443
444CONF *app_load_config_modules(const char *configfile)
445{
446 CONF *conf = NULL((void*)0);
447
448 if (configfile != NULL((void*)0)) {
449 if ((conf = app_load_config_verbose(configfile, 1)) == NULL((void*)0))
450 return NULL((void*)0);
451 if (configfile != default_config_file && !app_load_modules(conf)) {
452 NCONF_free(conf);
453 conf = NULL((void*)0);
454 }
455 }
456 return conf;
457}
458
459#define IS_HTTP(uri)((uri) != ((void*)0) && strncmp(uri, "http""://", strlen
("http""://")) == 0)
((uri) != NULL((void*)0) \
460 && strncmp(uri, OSSL_HTTP_PREFIX"http""://", strlen(OSSL_HTTP_PREFIX"http""://")) == 0)
461#define IS_HTTPS(uri)((uri) != ((void*)0) && strncmp(uri, "https""://", strlen
("https""://")) == 0)
((uri) != NULL((void*)0) \
462 && strncmp(uri, OSSL_HTTPS_PREFIX"https""://", strlen(OSSL_HTTPS_PREFIX"https""://")) == 0)
463
464X509 *load_cert_pass(const char *uri, int format, int maybe_stdin,
465 const char *pass, const char *desc)
466{
467 X509 *cert = NULL((void*)0);
468
469 if (desc == NULL((void*)0))
470 desc = "certificate";
471 if (IS_HTTPS(uri)((uri) != ((void*)0) && strncmp(uri, "https""://", strlen
("https""://")) == 0)
)
472 BIO_printf(bio_err, "Loading %s over HTTPS is unsupported\n", desc);
473 else if (IS_HTTP(uri)((uri) != ((void*)0) && strncmp(uri, "http""://", strlen
("http""://")) == 0)
)
474 cert = X509_load_http(uri, NULL((void*)0), NULL((void*)0), 0 /* timeout */);
475 else
476 (void)load_key_certs_crls(uri, format, maybe_stdin, pass, desc,
477 NULL((void*)0), NULL((void*)0), NULL((void*)0), &cert, NULL((void*)0), NULL((void*)0), NULL((void*)0));
478 if (cert == NULL((void*)0)) {
479 BIO_printf(bio_err, "Unable to load %s\n", desc);
480 ERR_print_errors(bio_err);
481 }
482 return cert;
483}
484
485X509_CRL *load_crl(const char *uri, int format, int maybe_stdin,
486 const char *desc)
487{
488 X509_CRL *crl = NULL((void*)0);
489
490 if (desc == NULL((void*)0))
491 desc = "CRL";
492 if (IS_HTTPS(uri)((uri) != ((void*)0) && strncmp(uri, "https""://", strlen
("https""://")) == 0)
)
493 BIO_printf(bio_err, "Loading %s over HTTPS is unsupported\n", desc);
494 else if (IS_HTTP(uri)((uri) != ((void*)0) && strncmp(uri, "http""://", strlen
("http""://")) == 0)
)
495 crl = X509_CRL_load_http(uri, NULL((void*)0), NULL((void*)0), 0 /* timeout */);
496 else
497 (void)load_key_certs_crls(uri, format, maybe_stdin, NULL((void*)0), desc,
498 NULL((void*)0), NULL((void*)0), NULL((void*)0), NULL((void*)0), NULL((void*)0), &crl, NULL((void*)0));
499 if (crl == NULL((void*)0)) {
500 BIO_printf(bio_err, "Unable to load %s\n", desc);
501 ERR_print_errors(bio_err);
502 }
503 return crl;
504}
505
506X509_REQ *load_csr(const char *file, int format, const char *desc)
507{
508 X509_REQ *req = NULL((void*)0);
509 BIO *in;
510
511 if (format == FORMAT_UNDEF0)
512 format = FORMAT_PEM(5 | 0x8000);
513 if (desc == NULL((void*)0))
514 desc = "CSR";
515 in = bio_open_default(file, 'r', format);
516 if (in == NULL((void*)0))
517 goto end;
518
519 if (format == FORMAT_ASN14)
520 req = d2i_X509_REQ_bio(in, NULL((void*)0));
521 else if (format == FORMAT_PEM(5 | 0x8000))
522 req = PEM_read_bio_X509_REQ(in, NULL((void*)0), NULL((void*)0), NULL((void*)0));
523 else
524 print_format_error(format, OPT_FMT_PEMDER(1L << 1));
525
526 end:
527 if (req == NULL((void*)0)) {
528 BIO_printf(bio_err, "Unable to load %s\n", desc);
529 ERR_print_errors(bio_err);
530 }
531 BIO_free(in);
532 return req;
533}
534
535void cleanse(char *str)
536{
537 if (str != NULL((void*)0))
538 OPENSSL_cleanse(str, strlen(str));
539}
540
541void clear_free(char *str)
542{
543 if (str != NULL((void*)0))
544 OPENSSL_clear_free(str, strlen(str))CRYPTO_clear_free(str, strlen(str), "../deps/openssl/openssl/apps/lib/apps.c"
, 544)
;
545}
546
547EVP_PKEY *load_key(const char *uri, int format, int may_stdin,
548 const char *pass, ENGINE *e, const char *desc)
549{
550 EVP_PKEY *pkey = NULL((void*)0);
551 char *allocated_uri = NULL((void*)0);
552
553 if (desc == NULL((void*)0))
554 desc = "private key";
555
556 if (format == FORMAT_ENGINE8) {
557 uri = allocated_uri = make_engine_uri(e, uri, desc);
558 }
559 (void)load_key_certs_crls(uri, format, may_stdin, pass, desc,
560 &pkey, NULL((void*)0), NULL((void*)0), NULL((void*)0), NULL((void*)0), NULL((void*)0), NULL((void*)0));
561
562 OPENSSL_free(allocated_uri)CRYPTO_free(allocated_uri, "../deps/openssl/openssl/apps/lib/apps.c"
, 562)
;
563 return pkey;
564}
565
566EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin,
567 const char *pass, ENGINE *e, const char *desc)
568{
569 EVP_PKEY *pkey = NULL((void*)0);
570 char *allocated_uri = NULL((void*)0);
571
572 if (desc == NULL((void*)0))
573 desc = "public key";
574
575 if (format == FORMAT_ENGINE8) {
576 uri = allocated_uri = make_engine_uri(e, uri, desc);
577 }
578 (void)load_key_certs_crls(uri, format, maybe_stdin, pass, desc,
579 NULL((void*)0), &pkey, NULL((void*)0), NULL((void*)0), NULL((void*)0), NULL((void*)0), NULL((void*)0));
580
581 OPENSSL_free(allocated_uri)CRYPTO_free(allocated_uri, "../deps/openssl/openssl/apps/lib/apps.c"
, 581)
;
582 return pkey;
583}
584
585EVP_PKEY *load_keyparams_suppress(const char *uri, int format, int maybe_stdin,
586 const char *keytype, const char *desc,
587 int suppress_decode_errors)
588{
589 EVP_PKEY *params = NULL((void*)0);
590
591 if (desc == NULL((void*)0))
592 desc = "key parameters";
593
594 (void)load_key_certs_crls_suppress(uri, format, maybe_stdin, NULL((void*)0), desc,
595 NULL((void*)0), NULL((void*)0), &params, NULL((void*)0), NULL((void*)0), NULL((void*)0),
596 NULL((void*)0), suppress_decode_errors);
597 if (params != NULL((void*)0) && keytype != NULL((void*)0) && !EVP_PKEY_is_a(params, keytype)) {
598 if (!suppress_decode_errors) {
599 BIO_printf(bio_err,
600 "Unable to load %s from %s (unexpected parameters type)\n",
601 desc, uri);
602 ERR_print_errors(bio_err);
603 }
604 EVP_PKEY_free(params);
605 params = NULL((void*)0);
606 }
607 return params;
608}
609
610EVP_PKEY *load_keyparams(const char *uri, int format, int maybe_stdin,
611 const char *keytype, const char *desc)
612{
613 return load_keyparams_suppress(uri, format, maybe_stdin, keytype, desc, 0);
614}
615
616void app_bail_out(char *fmt, ...)
617{
618 va_list args;
619
620 va_start(args, fmt)__builtin_va_start(args, fmt);
621 BIO_vprintf(bio_err, fmt, args);
622 va_end(args)__builtin_va_end(args);
623 ERR_print_errors(bio_err);
624 exit(EXIT_FAILURE1);
625}
626
627void *app_malloc(size_t sz, const char *what)
628{
629 void *vp = OPENSSL_malloc(sz)CRYPTO_malloc(sz, "../deps/openssl/openssl/apps/lib/apps.c", 629
)
;
630
631 if (vp == NULL((void*)0))
632 app_bail_out("%s: Could not allocate %zu bytes for %s\n",
633 opt_getprog(), sz, what);
634 return vp;
635}
636
637char *next_item(char *opt) /* in list separated by comma and/or space */
638{
639 /* advance to separator (comma or whitespace), if any */
640 while (*opt != ',' && !isspace(*opt)((*__ctype_b_loc ())[(int) ((*opt))] & (unsigned short int
) _ISspace)
&& *opt != '\0')
641 opt++;
642 if (*opt != '\0') {
643 /* terminate current item */
644 *opt++ = '\0';
645 /* skip over any whitespace after separator */
646 while (isspace(*opt)((*__ctype_b_loc ())[(int) ((*opt))] & (unsigned short int
) _ISspace)
)
647 opt++;
648 }
649 return *opt == '\0' ? NULL((void*)0) : opt; /* NULL indicates end of input */
650}
651
652static void warn_cert_msg(const char *uri, X509 *cert, const char *msg)
653{
654 char *subj = X509_NAME_oneline(X509_get_subject_name(cert), NULL((void*)0), 0);
655
656 BIO_printf(bio_err, "Warning: certificate from '%s' with subject '%s' %s\n",
657 uri, subj, msg);
658 OPENSSL_free(subj)CRYPTO_free(subj, "../deps/openssl/openssl/apps/lib/apps.c", 658
)
;
659}
660
661static void warn_cert(const char *uri, X509 *cert, int warn_EE,
662 X509_VERIFY_PARAM *vpm)
663{
664 uint32_t ex_flags = X509_get_extension_flags(cert);
665 int res = X509_cmp_timeframe(vpm, X509_get0_notBefore(cert),
666 X509_get0_notAfter(cert));
667
668 if (res != 0)
669 warn_cert_msg(uri, cert, res > 0 ? "has expired" : "not yet valid");
670 if (warn_EE && (ex_flags & EXFLAG_V10x40) == 0 && (ex_flags & EXFLAG_CA0x10) == 0)
671 warn_cert_msg(uri, cert, "is not a CA cert");
672}
673
674static void warn_certs(const char *uri, STACK_OF(X509)struct stack_st_X509 *certs, int warn_EE,
675 X509_VERIFY_PARAM *vpm)
676{
677 int i;
678
679 for (i = 0; i < sk_X509_num(certs)OPENSSL_sk_num(ossl_check_const_X509_sk_type(certs)); i++)
680 warn_cert(uri, sk_X509_value(certs, i)((X509 *)OPENSSL_sk_value(ossl_check_const_X509_sk_type(certs
), (i)))
, warn_EE, vpm);
681}
682
683int load_cert_certs(const char *uri,
684 X509 **pcert, STACK_OF(X509)struct stack_st_X509 **pcerts,
685 int exclude_http, const char *pass, const char *desc,
686 X509_VERIFY_PARAM *vpm)
687{
688 int ret = 0;
689 char *pass_string;
690
691 if (exclude_http && (OPENSSL_strncasecmp(uri, "http://", 7) == 0
692 || OPENSSL_strncasecmp(uri, "https://", 8) == 0)) {
693 BIO_printf(bio_err, "error: HTTP retrieval not allowed for %s\n", desc);
694 return ret;
695 }
696 pass_string = get_passwd(pass, desc);
697 ret = load_key_certs_crls(uri, FORMAT_UNDEF0, 0, pass_string, desc,
698 NULL((void*)0), NULL((void*)0), NULL((void*)0),
699 pcert, pcerts, NULL((void*)0), NULL((void*)0));
700 clear_free(pass_string);
701
702 if (ret) {
703 if (pcert != NULL((void*)0))
704 warn_cert(uri, *pcert, 0, vpm);
705 if (pcerts != NULL((void*)0))
706 warn_certs(uri, *pcerts, 1, vpm);
707 } else {
708 if (pcerts != NULL((void*)0)) {
709 sk_X509_pop_free(*pcerts, X509_free)OPENSSL_sk_pop_free(ossl_check_X509_sk_type(*pcerts),ossl_check_X509_freefunc_type
(X509_free))
;
710 *pcerts = NULL((void*)0);
711 }
712 }
713 return ret;
714}
715
716STACK_OF(X509)struct stack_st_X509 *load_certs_multifile(char *files, const char *pass,
717 const char *desc, X509_VERIFY_PARAM *vpm)
718{
719 STACK_OF(X509)struct stack_st_X509 *certs = NULL((void*)0);
720 STACK_OF(X509)struct stack_st_X509 *result = sk_X509_new_null()((struct stack_st_X509 *)OPENSSL_sk_new_null());
721
722 if (files == NULL((void*)0))
723 goto err;
724 if (result == NULL((void*)0))
725 goto oom;
726
727 while (files != NULL((void*)0)) {
728 char *next = next_item(files);
729
730 if (!load_cert_certs(files, NULL((void*)0), &certs, 0, pass, desc, vpm))
731 goto err;
732 if (!X509_add_certs(result, certs,
733 X509_ADD_FLAG_UP_REF0x1 | X509_ADD_FLAG_NO_DUP0x4))
734 goto oom;
735 sk_X509_pop_free(certs, X509_free)OPENSSL_sk_pop_free(ossl_check_X509_sk_type(certs),ossl_check_X509_freefunc_type
(X509_free))
;
736 certs = NULL((void*)0);
737 files = next;
738 }
739 return result;
740
741 oom:
742 BIO_printf(bio_err, "out of memory\n");
743 err:
744 sk_X509_pop_free(certs, X509_free)OPENSSL_sk_pop_free(ossl_check_X509_sk_type(certs),ossl_check_X509_freefunc_type
(X509_free))
;
745 sk_X509_pop_free(result, X509_free)OPENSSL_sk_pop_free(ossl_check_X509_sk_type(result),ossl_check_X509_freefunc_type
(X509_free))
;
746 return NULL((void*)0);
747}
748
749static X509_STORE *sk_X509_to_store(X509_STORE *store /* may be NULL */,
750 const STACK_OF(X509)struct stack_st_X509 *certs /* may NULL */)
751{
752 int i;
753
754 if (store == NULL((void*)0))
755 store = X509_STORE_new();
756 if (store == NULL((void*)0))
757 return NULL((void*)0);
758 for (i = 0; i < sk_X509_num(certs)OPENSSL_sk_num(ossl_check_const_X509_sk_type(certs)); i++) {
759 if (!X509_STORE_add_cert(store, sk_X509_value(certs, i)((X509 *)OPENSSL_sk_value(ossl_check_const_X509_sk_type(certs
), (i)))
)) {
760 X509_STORE_free(store);
761 return NULL((void*)0);
762 }
763 }
764 return store;
765}
766
767/*
768 * Create cert store structure with certificates read from given file(s).
769 * Returns pointer to created X509_STORE on success, NULL on error.
770 */
771X509_STORE *load_certstore(char *input, const char *pass, const char *desc,
772 X509_VERIFY_PARAM *vpm)
773{
774 X509_STORE *store = NULL((void*)0);
775 STACK_OF(X509)struct stack_st_X509 *certs = NULL((void*)0);
776
777 while (input != NULL((void*)0)) {
778 char *next = next_item(input);
779 int ok;
780
781 if (!load_cert_certs(input, NULL((void*)0), &certs, 1, pass, desc, vpm)) {
782 X509_STORE_free(store);
783 return NULL((void*)0);
784 }
785 ok = (store = sk_X509_to_store(store, certs)) != NULL((void*)0);
786 sk_X509_pop_free(certs, X509_free)OPENSSL_sk_pop_free(ossl_check_X509_sk_type(certs),ossl_check_X509_freefunc_type
(X509_free))
;
787 certs = NULL((void*)0);
788 if (!ok)
789 return NULL((void*)0);
790 input = next;
791 }
792 return store;
793}
794
795/*
796 * Initialize or extend, if *certs != NULL, a certificate stack.
797 * The caller is responsible for freeing *certs if its value is left not NULL.
798 */
799int load_certs(const char *uri, int maybe_stdin, STACK_OF(X509)struct stack_st_X509 **certs,
800 const char *pass, const char *desc)
801{
802 int was_NULL = *certs == NULL((void*)0);
803 int ret = load_key_certs_crls(uri, FORMAT_UNDEF0, maybe_stdin,
804 pass, desc, NULL((void*)0), NULL((void*)0),
805 NULL((void*)0), NULL((void*)0), certs, NULL((void*)0), NULL((void*)0));
806
807 if (!ret && was_NULL) {
808 sk_X509_pop_free(*certs, X509_free)OPENSSL_sk_pop_free(ossl_check_X509_sk_type(*certs),ossl_check_X509_freefunc_type
(X509_free))
;
809 *certs = NULL((void*)0);
810 }
811 return ret;
812}
813
814/*
815 * Initialize or extend, if *crls != NULL, a certificate stack.
816 * The caller is responsible for freeing *crls if its value is left not NULL.
817 */
818int load_crls(const char *uri, STACK_OF(X509_CRL)struct stack_st_X509_CRL **crls,
819 const char *pass, const char *desc)
820{
821 int was_NULL = *crls == NULL((void*)0);
822 int ret = load_key_certs_crls(uri, FORMAT_UNDEF0, 0, pass, desc,
823 NULL((void*)0), NULL((void*)0), NULL((void*)0),
824 NULL((void*)0), NULL((void*)0), NULL((void*)0), crls);
825
826 if (!ret && was_NULL) {
827 sk_X509_CRL_pop_free(*crls, X509_CRL_free)OPENSSL_sk_pop_free(ossl_check_X509_CRL_sk_type(*crls),ossl_check_X509_CRL_freefunc_type
(X509_CRL_free))
;
828 *crls = NULL((void*)0);
829 }
830 return ret;
831}
832
833static const char *format2string(int format)
834{
835 switch(format) {
836 case FORMAT_PEM(5 | 0x8000):
837 return "PEM";
838 case FORMAT_ASN14:
839 return "DER";
840 }
841 return NULL((void*)0);
842}
843
844/* Set type expectation, but clear it if objects of different types expected. */
845#define SET_EXPECT(expect, val)((expect) = (expect) < 0 ? (val) : ((expect) == (val) ? (val
) : 0))
((expect) = (expect) < 0 ? (val) : ((expect) == (val) ? (val) : 0))
846/*
847 * Load those types of credentials for which the result pointer is not NULL.
848 * Reads from stdio if uri is NULL and maybe_stdin is nonzero.
849 * For non-NULL ppkey, pcert, and pcrl the first suitable value found is loaded.
850 * If pcerts is non-NULL and *pcerts == NULL then a new cert list is allocated.
851 * If pcerts is non-NULL then all available certificates are appended to *pcerts
852 * except any certificate assigned to *pcert.
853 * If pcrls is non-NULL and *pcrls == NULL then a new list of CRLs is allocated.
854 * If pcrls is non-NULL then all available CRLs are appended to *pcerts
855 * except any CRL assigned to *pcrl.
856 * In any case (also on error) the caller is responsible for freeing all members
857 * of *pcerts and *pcrls (as far as they are not NULL).
858 */
859static
860int load_key_certs_crls_suppress(const char *uri, int format, int maybe_stdin,
861 const char *pass, const char *desc,
862 EVP_PKEY **ppkey, EVP_PKEY **ppubkey,
863 EVP_PKEY **pparams,
864 X509 **pcert, STACK_OF(X509)struct stack_st_X509 **pcerts,
865 X509_CRL **pcrl, STACK_OF(X509_CRL)struct stack_st_X509_CRL **pcrls,
866 int suppress_decode_errors)
867{
868 PW_CB_DATA uidata;
869 OSSL_STORE_CTX *ctx = NULL((void*)0);
870 OSSL_LIB_CTX *libctx = app_get0_libctx();
871 const char *propq = app_get0_propq();
872 int ncerts = 0;
873 int ncrls = 0;
874 const char *failed =
875 ppkey != NULL((void*)0) ? "key" : ppubkey != NULL((void*)0) ? "public key" :
876 pparams != NULL((void*)0) ? "params" : pcert != NULL((void*)0) ? "cert" :
877 pcrl != NULL((void*)0) ? "CRL" : pcerts != NULL((void*)0) ? "certs" :
878 pcrls != NULL((void*)0) ? "CRLs" : NULL((void*)0);
879 int cnt_expectations = 0;
880 int expect = -1;
881 const char *input_type;
882 OSSL_PARAM itp[2];
883 const OSSL_PARAM *params = NULL((void*)0);
884
885 if (ppkey != NULL((void*)0)) {
886 *ppkey = NULL((void*)0);
887 cnt_expectations++;
888 SET_EXPECT(expect, OSSL_STORE_INFO_PKEY)((expect) = (expect) < 0 ? (4) : ((expect) == (4) ? (4) : 0
))
;
889 }
890 if (ppubkey != NULL((void*)0)) {
891 *ppubkey = NULL((void*)0);
892 cnt_expectations++;
893 SET_EXPECT(expect, OSSL_STORE_INFO_PUBKEY)((expect) = (expect) < 0 ? (3) : ((expect) == (3) ? (3) : 0
))
;
894 }
895 if (pparams != NULL((void*)0)) {
896 *pparams = NULL((void*)0);
897 cnt_expectations++;
898 SET_EXPECT(expect, OSSL_STORE_INFO_PARAMS)((expect) = (expect) < 0 ? (2) : ((expect) == (2) ? (2) : 0
))
;
899 }
900 if (pcert != NULL((void*)0)) {
901 *pcert = NULL((void*)0);
902 cnt_expectations++;
903 SET_EXPECT(expect, OSSL_STORE_INFO_CERT)((expect) = (expect) < 0 ? (5) : ((expect) == (5) ? (5) : 0
))
;
904 }
905 if (pcerts != NULL((void*)0)) {
906 if (*pcerts == NULL((void*)0) && (*pcerts = sk_X509_new_null()((struct stack_st_X509 *)OPENSSL_sk_new_null())) == NULL((void*)0)) {
907 BIO_printf(bio_err, "Out of memory loading");
908 goto end;
909 }
910 cnt_expectations++;
911 SET_EXPECT(expect, OSSL_STORE_INFO_CERT)((expect) = (expect) < 0 ? (5) : ((expect) == (5) ? (5) : 0
))
;
912 }
913 if (pcrl != NULL((void*)0)) {
914 *pcrl = NULL((void*)0);
915 cnt_expectations++;
916 SET_EXPECT(expect, OSSL_STORE_INFO_CRL)((expect) = (expect) < 0 ? (6) : ((expect) == (6) ? (6) : 0
))
;
917 }
918 if (pcrls != NULL((void*)0)) {
919 if (*pcrls == NULL((void*)0) && (*pcrls = sk_X509_CRL_new_null()((struct stack_st_X509_CRL *)OPENSSL_sk_new_null())) == NULL((void*)0)) {
920 BIO_printf(bio_err, "Out of memory loading");
921 goto end;
922 }
923 cnt_expectations++;
924 SET_EXPECT(expect, OSSL_STORE_INFO_CRL)((expect) = (expect) < 0 ? (6) : ((expect) == (6) ? (6) : 0
))
;
925 }
926 if (cnt_expectations == 0) {
927 BIO_printf(bio_err, "Internal error: nothing to load from %s\n",
928 uri != NULL((void*)0) ? uri : "<stdin>");
929 return 0;
930 }
931
932 uidata.password = pass;
933 uidata.prompt_info = uri;
934
935 if ((input_type = format2string(format)) != NULL((void*)0)) {
936 itp[0] = OSSL_PARAM_construct_utf8_string(OSSL_STORE_PARAM_INPUT_TYPE"input-type",
937 (char *)input_type, 0);
938 itp[1] = OSSL_PARAM_construct_end();
939 params = itp;
940 }
941
942 if (uri == NULL((void*)0)) {
943 BIO *bio;
944
945 if (!maybe_stdin) {
946 BIO_printf(bio_err, "No filename or uri specified for loading");
947 goto end;
948 }
949 uri = "<stdin>";
950 unbuffer(stdinstdin);
951 bio = BIO_new_fp(stdinstdin, 0);
952 if (bio != NULL((void*)0)) {
953 ctx = OSSL_STORE_attach(bio, "file", libctx, propq,
954 get_ui_method(), &uidata, params,
955 NULL((void*)0), NULL((void*)0));
956 BIO_free(bio);
957 }
958 } else {
959 ctx = OSSL_STORE_open_ex(uri, libctx, propq, get_ui_method(), &uidata,
960 params, NULL((void*)0), NULL((void*)0));
961 }
962 if (ctx == NULL((void*)0)) {
963 BIO_printf(bio_err, "Could not open file or uri for loading");
964 goto end;
965 }
966 if (expect > 0 && !OSSL_STORE_expect(ctx, expect))
967 goto end;
968
969 failed = NULL((void*)0);
970 while (cnt_expectations > 0 && !OSSL_STORE_eof(ctx)) {
971 OSSL_STORE_INFO *info = OSSL_STORE_load(ctx);
972 int type, ok = 1;
973
974 /*
975 * This can happen (for example) if we attempt to load a file with
976 * multiple different types of things in it - but the thing we just
977 * tried to load wasn't one of the ones we wanted, e.g. if we're trying
978 * to load a certificate but the file has both the private key and the
979 * certificate in it. We just retry until eof.
980 */
981 if (info == NULL((void*)0)) {
982 continue;
983 }
984
985 type = OSSL_STORE_INFO_get_type(info);
986 switch (type) {
987 case OSSL_STORE_INFO_PKEY4:
988 if (ppkey != NULL((void*)0) && *ppkey == NULL((void*)0)) {
989 ok = (*ppkey = OSSL_STORE_INFO_get1_PKEY(info)) != NULL((void*)0);
990 cnt_expectations -= ok;
991 }
992 /*
993 * An EVP_PKEY with private parts also holds the public parts,
994 * so if the caller asked for a public key, and we got a private
995 * key, we can still pass it back.
996 */
997 if (ok && ppubkey != NULL((void*)0) && *ppubkey == NULL((void*)0)) {
998 ok = ((*ppubkey = OSSL_STORE_INFO_get1_PKEY(info)) != NULL((void*)0));
999 cnt_expectations -= ok;
1000 }
1001 break;
1002 case OSSL_STORE_INFO_PUBKEY3:
1003 if (ppubkey != NULL((void*)0) && *ppubkey == NULL((void*)0)) {
1004 ok = ((*ppubkey = OSSL_STORE_INFO_get1_PUBKEY(info)) != NULL((void*)0));
1005 cnt_expectations -= ok;
1006 }
1007 break;
1008 case OSSL_STORE_INFO_PARAMS2:
1009 if (pparams != NULL((void*)0) && *pparams == NULL((void*)0)) {
1010 ok = ((*pparams = OSSL_STORE_INFO_get1_PARAMS(info)) != NULL((void*)0));
1011 cnt_expectations -= ok;
1012 }
1013 break;
1014 case OSSL_STORE_INFO_CERT5:
1015 if (pcert != NULL((void*)0) && *pcert == NULL((void*)0)) {
1016 ok = (*pcert = OSSL_STORE_INFO_get1_CERT(info)) != NULL((void*)0);
1017 cnt_expectations -= ok;
1018 }
1019 else if (pcerts != NULL((void*)0))
1020 ok = X509_add_cert(*pcerts,
1021 OSSL_STORE_INFO_get1_CERT(info),
1022 X509_ADD_FLAG_DEFAULT0);
1023 ncerts += ok;
1024 break;
1025 case OSSL_STORE_INFO_CRL6:
1026 if (pcrl != NULL((void*)0) && *pcrl == NULL((void*)0)) {
1027 ok = (*pcrl = OSSL_STORE_INFO_get1_CRL(info)) != NULL((void*)0);
1028 cnt_expectations -= ok;
1029 }
1030 else if (pcrls != NULL((void*)0))
1031 ok = sk_X509_CRL_push(*pcrls, OSSL_STORE_INFO_get1_CRL(info))OPENSSL_sk_push(ossl_check_X509_CRL_sk_type(*pcrls), ossl_check_X509_CRL_type
(OSSL_STORE_INFO_get1_CRL(info)))
;
1032 ncrls += ok;
1033 break;
1034 default:
1035 /* skip any other type */
1036 break;
1037 }
1038 OSSL_STORE_INFO_free(info);
1039 if (!ok) {
1040 failed = info == NULL((void*)0) ? NULL((void*)0) : OSSL_STORE_INFO_type_string(type);
1041 BIO_printf(bio_err, "Error reading");
1042 break;
1043 }
1044 }
1045
1046 end:
1047 OSSL_STORE_close(ctx);
1048 if (failed == NULL((void*)0)) {
1049 int any = 0;
1050
1051 if ((ppkey != NULL((void*)0) && *ppkey == NULL((void*)0))
1052 || (ppubkey != NULL((void*)0) && *ppubkey == NULL((void*)0))) {
1053 failed = "key";
1054 } else if (pparams != NULL((void*)0) && *pparams == NULL((void*)0)) {
1055 failed = "params";
1056 } else if ((pcert != NULL((void*)0) || pcerts != NULL((void*)0)) && ncerts == 0) {
1057 if (pcert == NULL((void*)0))
1058 any = 1;
1059 failed = "cert";
1060 } else if ((pcrl != NULL((void*)0) || pcrls != NULL((void*)0)) && ncrls == 0) {
1061 if (pcrl == NULL((void*)0))
1062 any = 1;
1063 failed = "CRL";
1064 }
1065 if (!suppress_decode_errors) {
1066 if (failed != NULL((void*)0))
1067 BIO_printf(bio_err, "Could not read");
1068 if (any)
1069 BIO_printf(bio_err, " any");
1070 }
1071 }
1072 if (!suppress_decode_errors && failed != NULL((void*)0)) {
1073 if (desc != NULL((void*)0) && strstr(desc, failed) != NULL((void*)0)) {
1074 BIO_printf(bio_err, " %s", desc);
1075 } else {
1076 BIO_printf(bio_err, " %s", failed);
1077 if (desc != NULL((void*)0))
1078 BIO_printf(bio_err, " of %s", desc);
1079 }
1080 if (uri != NULL((void*)0))
1081 BIO_printf(bio_err, " from %s", uri);
1082 BIO_printf(bio_err, "\n");
1083 ERR_print_errors(bio_err);
1084 }
1085 if (suppress_decode_errors || failed == NULL((void*)0))
1086 /* clear any spurious errors */
1087 ERR_clear_error();
1088 return failed == NULL((void*)0);
1089}
1090
1091int load_key_certs_crls(const char *uri, int format, int maybe_stdin,
1092 const char *pass, const char *desc,
1093 EVP_PKEY **ppkey, EVP_PKEY **ppubkey,
1094 EVP_PKEY **pparams,
1095 X509 **pcert, STACK_OF(X509)struct stack_st_X509 **pcerts,
1096 X509_CRL **pcrl, STACK_OF(X509_CRL)struct stack_st_X509_CRL **pcrls)
1097{
1098 return load_key_certs_crls_suppress(uri, format, maybe_stdin, pass, desc,
1099 ppkey, ppubkey, pparams, pcert, pcerts,
1100 pcrl, pcrls, 0);
1101}
1102
1103#define X509V3_EXT_UNKNOWN_MASK(0xfL << 16) (0xfL << 16)
1104/* Return error for unknown extensions */
1105#define X509V3_EXT_DEFAULT0 0
1106/* Print error for unknown extensions */
1107#define X509V3_EXT_ERROR_UNKNOWN(1L << 16) (1L << 16)
1108/* ASN1 parse unknown extensions */
1109#define X509V3_EXT_PARSE_UNKNOWN(2L << 16) (2L << 16)
1110/* BIO_dump unknown extensions */
1111#define X509V3_EXT_DUMP_UNKNOWN(3L << 16) (3L << 16)
1112
1113#define X509_FLAG_CA((1L << 4) | (1L << 7) | 1L | (1L << 1)) (X509_FLAG_NO_ISSUER(1L << 4) | X509_FLAG_NO_PUBKEY(1L << 7) | \
1114 X509_FLAG_NO_HEADER1L | X509_FLAG_NO_VERSION(1L << 1))
1115
1116int set_cert_ex(unsigned long *flags, const char *arg)
1117{
1118 static const NAME_EX_TBL cert_tbl[] = {
1119 {"compatible", X509_FLAG_COMPAT0, 0xffffffffl},
1120 {"ca_default", X509_FLAG_CA((1L << 4) | (1L << 7) | 1L | (1L << 1)), 0xffffffffl},
1121 {"no_header", X509_FLAG_NO_HEADER1L, 0},
1122 {"no_version", X509_FLAG_NO_VERSION(1L << 1), 0},
1123 {"no_serial", X509_FLAG_NO_SERIAL(1L << 2), 0},
1124 {"no_signame", X509_FLAG_NO_SIGNAME(1L << 3), 0},
1125 {"no_validity", X509_FLAG_NO_VALIDITY(1L << 5), 0},
1126 {"no_subject", X509_FLAG_NO_SUBJECT(1L << 6), 0},
1127 {"no_issuer", X509_FLAG_NO_ISSUER(1L << 4), 0},
1128 {"no_pubkey", X509_FLAG_NO_PUBKEY(1L << 7), 0},
1129 {"no_extensions", X509_FLAG_NO_EXTENSIONS(1L << 8), 0},
1130 {"no_sigdump", X509_FLAG_NO_SIGDUMP(1L << 9), 0},
1131 {"no_aux", X509_FLAG_NO_AUX(1L << 10), 0},
1132 {"no_attributes", X509_FLAG_NO_ATTRIBUTES(1L << 11), 0},
1133 {"ext_default", X509V3_EXT_DEFAULT0, X509V3_EXT_UNKNOWN_MASK(0xfL << 16)},
1134 {"ext_error", X509V3_EXT_ERROR_UNKNOWN(1L << 16), X509V3_EXT_UNKNOWN_MASK(0xfL << 16)},
1135 {"ext_parse", X509V3_EXT_PARSE_UNKNOWN(2L << 16), X509V3_EXT_UNKNOWN_MASK(0xfL << 16)},
1136 {"ext_dump", X509V3_EXT_DUMP_UNKNOWN(3L << 16), X509V3_EXT_UNKNOWN_MASK(0xfL << 16)},
1137 {NULL((void*)0), 0, 0}
1138 };
1139 return set_multi_opts(flags, arg, cert_tbl);
1140}
1141
1142int set_name_ex(unsigned long *flags, const char *arg)
1143{
1144 static const NAME_EX_TBL ex_tbl[] = {
1145 {"esc_2253", ASN1_STRFLGS_ESC_22531, 0},
1146 {"esc_2254", ASN1_STRFLGS_ESC_22540x400, 0},
1147 {"esc_ctrl", ASN1_STRFLGS_ESC_CTRL2, 0},
1148 {"esc_msb", ASN1_STRFLGS_ESC_MSB4, 0},
1149 {"use_quote", ASN1_STRFLGS_ESC_QUOTE8, 0},
1150 {"utf8", ASN1_STRFLGS_UTF8_CONVERT0x10, 0},
1151 {"ignore_type", ASN1_STRFLGS_IGNORE_TYPE0x20, 0},
1152 {"show_type", ASN1_STRFLGS_SHOW_TYPE0x40, 0},
1153 {"dump_all", ASN1_STRFLGS_DUMP_ALL0x80, 0},
1154 {"dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN0x100, 0},
1155 {"dump_der", ASN1_STRFLGS_DUMP_DER0x200, 0},
1156 {"compat", XN_FLAG_COMPAT0, 0xffffffffL},
1157 {"sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS(1 << 16), XN_FLAG_SEP_MASK(0xf << 16)},
1158 {"sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC(2 << 16), XN_FLAG_SEP_MASK(0xf << 16)},
1159 {"sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC(3 << 16), XN_FLAG_SEP_MASK(0xf << 16)},
1160 {"sep_multiline", XN_FLAG_SEP_MULTILINE(4 << 16), XN_FLAG_SEP_MASK(0xf << 16)},
1161 {"dn_rev", XN_FLAG_DN_REV(1 << 20), 0},
1162 {"nofname", XN_FLAG_FN_NONE(3 << 21), XN_FLAG_FN_MASK(0x3 << 21)},
1163 {"sname", XN_FLAG_FN_SN0, XN_FLAG_FN_MASK(0x3 << 21)},
1164 {"lname", XN_FLAG_FN_LN(1 << 21), XN_FLAG_FN_MASK(0x3 << 21)},
1165 {"align", XN_FLAG_FN_ALIGN(1 << 25), 0},
1166 {"oid", XN_FLAG_FN_OID(2 << 21), XN_FLAG_FN_MASK(0x3 << 21)},
1167 {"space_eq", XN_FLAG_SPC_EQ(1 << 23), 0},
1168 {"dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS(1 << 24), 0},
1169 {"RFC2253", XN_FLAG_RFC2253((1 | 2 | 4 | 0x10 | 0x100 | 0x200) | (1 << 16) | (1 <<
20) | 0 | (1 << 24))
, 0xffffffffL},
1170 {"oneline", XN_FLAG_ONELINE((1 | 2 | 4 | 0x10 | 0x100 | 0x200) | 8 | (2 << 16) | (
1 << 23) | 0)
, 0xffffffffL},
1171 {"multiline", XN_FLAG_MULTILINE(2 | 4 | (4 << 16) | (1 << 23) | (1 << 21) |
(1 << 25))
, 0xffffffffL},
1172 {"ca_default", XN_FLAG_MULTILINE(2 | 4 | (4 << 16) | (1 << 23) | (1 << 21) |
(1 << 25))
, 0xffffffffL},
1173 {NULL((void*)0), 0, 0}
1174 };
1175 if (set_multi_opts(flags, arg, ex_tbl) == 0)
1176 return 0;
1177 if (*flags != XN_FLAG_COMPAT0
1178 && (*flags & XN_FLAG_SEP_MASK(0xf << 16)) == 0)
1179 *flags |= XN_FLAG_SEP_CPLUS_SPC(2 << 16);
1180 return 1;
1181}
1182
1183int set_dateopt(unsigned long *dateopt, const char *arg)
1184{
1185 if (OPENSSL_strcasecmp(arg, "rfc_822") == 0)
1186 *dateopt = ASN1_DTFLGS_RFC8220x00UL;
1187 else if (OPENSSL_strcasecmp(arg, "iso_8601") == 0)
1188 *dateopt = ASN1_DTFLGS_ISO86010x01UL;
1189 else
1190 return 0;
1191 return 1;
1192}
1193
1194int set_ext_copy(int *copy_type, const char *arg)
1195{
1196 if (OPENSSL_strcasecmp(arg, "none") == 0)
1197 *copy_type = EXT_COPY_NONE0;
1198 else if (OPENSSL_strcasecmp(arg, "copy") == 0)
1199 *copy_type = EXT_COPY_ADD1;
1200 else if (OPENSSL_strcasecmp(arg, "copyall") == 0)
1201 *copy_type = EXT_COPY_ALL2;
1202 else
1203 return 0;
1204 return 1;
1205}
1206
1207int copy_extensions(X509 *x, X509_REQ *req, int copy_type)
1208{
1209 STACK_OF(X509_EXTENSION)struct stack_st_X509_EXTENSION *exts;
1210 int i, ret = 0;
1211
1212 if (x == NULL((void*)0) || req == NULL((void*)0))
1213 return 0;
1214 if (copy_type == EXT_COPY_NONE0)
1215 return 1;
1216 exts = X509_REQ_get_extensions(req);
1217
1218 for (i = 0; i < sk_X509_EXTENSION_num(exts)OPENSSL_sk_num(ossl_check_const_X509_EXTENSION_sk_type(exts)); i++) {
1219 X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i)((X509_EXTENSION *)OPENSSL_sk_value(ossl_check_const_X509_EXTENSION_sk_type
(exts), (i)))
;
1220 ASN1_OBJECT *obj = X509_EXTENSION_get_object(ext);
1221 int idx = X509_get_ext_by_OBJ(x, obj, -1);
1222
1223 /* Does extension exist in target? */
1224 if (idx != -1) {
1225 /* If normal copy don't override existing extension */
1226 if (copy_type == EXT_COPY_ADD1)
1227 continue;
1228 /* Delete all extensions of same type */
1229 do {
1230 X509_EXTENSION_free(X509_delete_ext(x, idx));
1231 idx = X509_get_ext_by_OBJ(x, obj, -1);
1232 } while (idx != -1);
1233 }
1234 if (!X509_add_ext(x, ext, -1))
1235 goto end;
1236 }
1237 ret = 1;
1238
1239 end:
1240 sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free)OPENSSL_sk_pop_free(ossl_check_X509_EXTENSION_sk_type(exts),ossl_check_X509_EXTENSION_freefunc_type
(X509_EXTENSION_free))
;
1241 return ret;
1242}
1243
1244static int set_multi_opts(unsigned long *flags, const char *arg,
1245 const NAME_EX_TBL * in_tbl)
1246{
1247 STACK_OF(CONF_VALUE)struct stack_st_CONF_VALUE *vals;
1248 CONF_VALUE *val;
1249 int i, ret = 1;
1250 if (!arg)
1251 return 0;
1252 vals = X509V3_parse_list(arg);
1253 for (i = 0; i < sk_CONF_VALUE_num(vals)OPENSSL_sk_num(ossl_check_const_CONF_VALUE_sk_type(vals)); i++) {
1254 val = sk_CONF_VALUE_value(vals, i)((CONF_VALUE *)OPENSSL_sk_value(ossl_check_const_CONF_VALUE_sk_type
(vals), (i)))
;
1255 if (!set_table_opts(flags, val->name, in_tbl))
1256 ret = 0;
1257 }
1258 sk_CONF_VALUE_pop_free(vals, X509V3_conf_free)OPENSSL_sk_pop_free(ossl_check_CONF_VALUE_sk_type(vals),ossl_check_CONF_VALUE_freefunc_type
(X509V3_conf_free))
;
1259 return ret;
1260}
1261
1262static int set_table_opts(unsigned long *flags, const char *arg,
1263 const NAME_EX_TBL * in_tbl)
1264{
1265 char c;
1266 const NAME_EX_TBL *ptbl;
1267 c = arg[0];
1268
1269 if (c == '-') {
1270 c = 0;
1271 arg++;
1272 } else if (c == '+') {
1273 c = 1;
1274 arg++;
1275 } else {
1276 c = 1;
1277 }
1278
1279 for (ptbl = in_tbl; ptbl->name; ptbl++) {
1280 if (OPENSSL_strcasecmp(arg, ptbl->name) == 0) {
1281 *flags &= ~ptbl->mask;
1282 if (c)
1283 *flags |= ptbl->flag;
1284 else
1285 *flags &= ~ptbl->flag;
1286 return 1;
1287 }
1288 }
1289 return 0;
1290}
1291
1292void print_name(BIO *out, const char *title, const X509_NAME *nm)
1293{
1294 char *buf;
1295 char mline = 0;
1296 int indent = 0;
1297 unsigned long lflags = get_nameopt();
1298
1299 if (out == NULL((void*)0))
1300 return;
1301 if (title != NULL((void*)0))
1302 BIO_puts(out, title);
1303 if ((lflags & XN_FLAG_SEP_MASK(0xf << 16)) == XN_FLAG_SEP_MULTILINE(4 << 16)) {
1304 mline = 1;
1305 indent = 4;
1306 }
1307 if (lflags == XN_FLAG_COMPAT0) {
1308 buf = X509_NAME_oneline(nm, 0, 0);
1309 BIO_puts(out, buf);
1310 BIO_puts(out, "\n");
1311 OPENSSL_free(buf)CRYPTO_free(buf, "../deps/openssl/openssl/apps/lib/apps.c", 1311
)
;
1312 } else {
1313 if (mline)
1314 BIO_puts(out, "\n");
1315 X509_NAME_print_ex(out, nm, indent, lflags);
1316 BIO_puts(out, "\n");
1317 }
1318}
1319
1320void print_bignum_var(BIO *out, const BIGNUM *in, const char *var,
1321 int len, unsigned char *buffer)
1322{
1323 BIO_printf(out, " static unsigned char %s_%d[] = {", var, len);
1324 if (BN_is_zero(in)) {
1325 BIO_printf(out, "\n 0x00");
1326 } else {
1327 int i, l;
1328
1329 l = BN_bn2bin(in, buffer);
1330 for (i = 0; i < l; i++) {
1331 BIO_printf(out, (i % 10) == 0 ? "\n " : " ");
1332 if (i < l - 1)
1333 BIO_printf(out, "0x%02X,", buffer[i]);
1334 else
1335 BIO_printf(out, "0x%02X", buffer[i]);
1336 }
1337 }
1338 BIO_printf(out, "\n };\n");
1339}
1340
1341void print_array(BIO *out, const char* title, int len, const unsigned char* d)
1342{
1343 int i;
1344
1345 BIO_printf(out, "unsigned char %s[%d] = {", title, len);
1346 for (i = 0; i < len; i++) {
1347 if ((i % 10) == 0)
1348 BIO_printf(out, "\n ");
1349 if (i < len - 1)
1350 BIO_printf(out, "0x%02X, ", d[i]);
1351 else
1352 BIO_printf(out, "0x%02X", d[i]);
1353 }
1354 BIO_printf(out, "\n};\n");
1355}
1356
1357X509_STORE *setup_verify(const char *CAfile, int noCAfile,
1358 const char *CApath, int noCApath,
1359 const char *CAstore, int noCAstore)
1360{
1361 X509_STORE *store = X509_STORE_new();
1362 X509_LOOKUP *lookup;
1363 OSSL_LIB_CTX *libctx = app_get0_libctx();
1364 const char *propq = app_get0_propq();
1365
1366 if (store == NULL((void*)0))
1367 goto end;
1368
1369 if (CAfile != NULL((void*)0) || !noCAfile) {
1370 lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
1371 if (lookup == NULL((void*)0))
1372 goto end;
1373 if (CAfile != NULL((void*)0)) {
1374 if (X509_LOOKUP_load_file_ex(lookup, CAfile, X509_FILETYPE_PEM,X509_LOOKUP_ctrl_ex((lookup), 1, (CAfile), (long)(1), ((void*
)0), (libctx), (propq))
1375 libctx, propq)X509_LOOKUP_ctrl_ex((lookup), 1, (CAfile), (long)(1), ((void*
)0), (libctx), (propq))
<= 0) {
1376 BIO_printf(bio_err, "Error loading file %s\n", CAfile);
1377 goto end;
1378 }
1379 } else {
1380 X509_LOOKUP_load_file_ex(lookup, NULL, X509_FILETYPE_DEFAULT,X509_LOOKUP_ctrl_ex((lookup), 1, (((void*)0)), (long)(3), ((void
*)0), (libctx), (propq))
1381 libctx, propq)X509_LOOKUP_ctrl_ex((lookup), 1, (((void*)0)), (long)(3), ((void
*)0), (libctx), (propq))
;
1382 }
1383 }
1384
1385 if (CApath != NULL((void*)0) || !noCApath) {
1386 lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
1387 if (lookup == NULL((void*)0))
1388 goto end;
1389 if (CApath != NULL((void*)0)) {
1390 if (X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM)X509_LOOKUP_ctrl((lookup),2,(CApath),(long)(1),((void*)0)) <= 0) {
1391 BIO_printf(bio_err, "Error loading directory %s\n", CApath);
1392 goto end;
1393 }
1394 } else {
1395 X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT)X509_LOOKUP_ctrl((lookup),2,(((void*)0)),(long)(3),((void*)0)
)
;
1396 }
1397 }
1398
1399 if (CAstore != NULL((void*)0) || !noCAstore) {
1400 lookup = X509_STORE_add_lookup(store, X509_LOOKUP_store());
1401 if (lookup == NULL((void*)0))
1402 goto end;
1403 if (!X509_LOOKUP_add_store_ex(lookup, CAstore, libctx, propq)X509_LOOKUP_ctrl_ex((lookup), 3, (CAstore), 0, ((void*)0), (libctx
), (propq))
) {
1404 if (CAstore != NULL((void*)0))
1405 BIO_printf(bio_err, "Error loading store URI %s\n", CAstore);
1406 goto end;
1407 }
1408 }
1409
1410 ERR_clear_error();
1411 return store;
1412 end:
1413 ERR_print_errors(bio_err);
1414 X509_STORE_free(store);
1415 return NULL((void*)0);
1416}
1417
1418static unsigned long index_serial_hash(const OPENSSL_CSTRING *a)
1419{
1420 const char *n;
1421
1422 n = a[DB_serial3];
1423 while (*n == '0')
1424 n++;
1425 return OPENSSL_LH_strhash(n);
1426}
1427
1428static int index_serial_cmp(const OPENSSL_CSTRING *a,
1429 const OPENSSL_CSTRING *b)
1430{
1431 const char *aa, *bb;
1432
1433 for (aa = a[DB_serial3]; *aa == '0'; aa++) ;
1434 for (bb = b[DB_serial3]; *bb == '0'; bb++) ;
1435 return strcmp(aa, bb);
1436}
1437
1438static int index_name_qual(char **a)
1439{
1440 return (a[0][0] == 'V');
1441}
1442
1443static unsigned long index_name_hash(const OPENSSL_CSTRING *a)
1444{
1445 return OPENSSL_LH_strhash(a[DB_name5]);
1446}
1447
1448int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
1449{
1450 return strcmp(a[DB_name5], b[DB_name5]);
1451}
1452
1453static IMPLEMENT_LHASH_HASH_FN(index_serial, OPENSSL_CSTRING)unsigned long index_serial_LHASH_HASH(const void *arg) { const
OPENSSL_CSTRING *a = arg; return index_serial_hash(a); }
1454static IMPLEMENT_LHASH_COMP_FN(index_serial, OPENSSL_CSTRING)int index_serial_LHASH_COMP(const void *arg1, const void *arg2
) { const OPENSSL_CSTRING *a = arg1; const OPENSSL_CSTRING *b
= arg2; return index_serial_cmp(a,b); }
1455static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING)unsigned long index_name_LHASH_HASH(const void *arg) { const OPENSSL_CSTRING
*a = arg; return index_name_hash(a); }
1456static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING)int index_name_LHASH_COMP(const void *arg1, const void *arg2)
{ const OPENSSL_CSTRING *a = arg1; const OPENSSL_CSTRING *b =
arg2; return index_name_cmp(a,b); }
1457#undef BSIZE256
1458#define BSIZE256 256
1459BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai)
1460{
1461 BIO *in = NULL((void*)0);
1462 BIGNUM *ret = NULL((void*)0);
1463 char buf[1024];
1464 ASN1_INTEGER *ai = NULL((void*)0);
1465
1466 ai = ASN1_INTEGER_new();
1467 if (ai == NULL((void*)0))
1468 goto err;
1469
1470 in = BIO_new_file(serialfile, "r");
1471 if (in == NULL((void*)0)) {
1472 if (!create) {
1473 perror(serialfile);
1474 goto err;
1475 }
1476 ERR_clear_error();
1477 ret = BN_new();
1478 if (ret == NULL((void*)0) || !rand_serial(ret, ai))
1479 BIO_printf(bio_err, "Out of memory\n");
1480 } else {
1481 if (!a2i_ASN1_INTEGER(in, ai, buf, 1024)) {
1482 BIO_printf(bio_err, "Unable to load number from %s\n",
1483 serialfile);
1484 goto err;
1485 }
1486 ret = ASN1_INTEGER_to_BN(ai, NULL((void*)0));
1487 if (ret == NULL((void*)0)) {
1488 BIO_printf(bio_err, "Error converting number from bin to BIGNUM\n");
1489 goto err;
1490 }
1491 }
1492
1493 if (ret && retai) {
1494 *retai = ai;
1495 ai = NULL((void*)0);
1496 }
1497 err:
1498 ERR_print_errors(bio_err);
1499 BIO_free(in);
1500 ASN1_INTEGER_free(ai);
1501 return ret;
1502}
1503
1504int save_serial(const char *serialfile, const char *suffix, const BIGNUM *serial,
1505 ASN1_INTEGER **retai)
1506{
1507 char buf[1][BSIZE256];
1508 BIO *out = NULL((void*)0);
1509 int ret = 0;
1510 ASN1_INTEGER *ai = NULL((void*)0);
1511 int j;
1512
1513 if (suffix == NULL((void*)0))
1514 j = strlen(serialfile);
1515 else
1516 j = strlen(serialfile) + strlen(suffix) + 1;
1517 if (j >= BSIZE256) {
1518 BIO_printf(bio_err, "File name too long\n");
1519 goto err;
1520 }
1521
1522 if (suffix == NULL((void*)0))
1523 OPENSSL_strlcpy(buf[0], serialfile, BSIZE256);
1524 else {
1525#ifndef OPENSSL_SYS_VMS
1526 j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, suffix);
1527#else
1528 j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, suffix);
1529#endif
1530 }
1531 out = BIO_new_file(buf[0], "w");
1532 if (out == NULL((void*)0)) {
1533 goto err;
1534 }
1535
1536 if ((ai = BN_to_ASN1_INTEGER(serial, NULL((void*)0))) == NULL((void*)0)) {
1537 BIO_printf(bio_err, "error converting serial to ASN.1 format\n");
1538 goto err;
1539 }
1540 i2a_ASN1_INTEGER(out, ai);
1541 BIO_puts(out, "\n");
1542 ret = 1;
1543 if (retai) {
1544 *retai = ai;
1545 ai = NULL((void*)0);
1546 }
1547 err:
1548 if (!ret)
1549 ERR_print_errors(bio_err);
1550 BIO_free_all(out);
1551 ASN1_INTEGER_free(ai);
1552 return ret;
1553}
1554
1555int rotate_serial(const char *serialfile, const char *new_suffix,
1556 const char *old_suffix)
1557{
1558 char buf[2][BSIZE256];
1559 int i, j;
1560
1561 i = strlen(serialfile) + strlen(old_suffix);
1562 j = strlen(serialfile) + strlen(new_suffix);
1563 if (i > j)
1564 j = i;
1565 if (j + 1 >= BSIZE256) {
1566 BIO_printf(bio_err, "File name too long\n");
1567 goto err;
1568 }
1569#ifndef OPENSSL_SYS_VMS
1570 j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, new_suffix);
1571 j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", serialfile, old_suffix);
Value stored to 'j' is never read
1572#else
1573 j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, new_suffix);
1574 j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", serialfile, old_suffix);
1575#endif
1576 if (rename(serialfile, buf[1]) < 0 && errno(*__errno_location ()) != ENOENT2
1577#ifdef ENOTDIR20
1578 && errno(*__errno_location ()) != ENOTDIR20
1579#endif
1580 ) {
1581 BIO_printf(bio_err,
1582 "Unable to rename %s to %s\n", serialfile, buf[1]);
1583 perror("reason");
1584 goto err;
1585 }
1586 if (rename(buf[0], serialfile) < 0) {
1587 BIO_printf(bio_err,
1588 "Unable to rename %s to %s\n", buf[0], serialfile);
1589 perror("reason");
1590 rename(buf[1], serialfile);
1591 goto err;
1592 }
1593 return 1;
1594 err:
1595 ERR_print_errors(bio_err);
1596 return 0;
1597}
1598
1599int rand_serial(BIGNUM *b, ASN1_INTEGER *ai)
1600{
1601 BIGNUM *btmp;
1602 int ret = 0;
1603
1604 btmp = b == NULL((void*)0) ? BN_new() : b;
1605 if (btmp == NULL((void*)0))
1606 return 0;
1607
1608 if (!BN_rand(btmp, SERIAL_RAND_BITS159, BN_RAND_TOP_ANY-1, BN_RAND_BOTTOM_ANY0))
1609 goto error;
1610 if (ai && !BN_to_ASN1_INTEGER(btmp, ai))
1611 goto error;
1612
1613 ret = 1;
1614
1615 error:
1616
1617 if (btmp != b)
1618 BN_free(btmp);
1619
1620 return ret;
1621}
1622
1623CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr)
1624{
1625 CA_DB *retdb = NULL((void*)0);
1626 TXT_DB *tmpdb = NULL((void*)0);
1627 BIO *in;
1628 CONF *dbattr_conf = NULL((void*)0);
1629 char buf[BSIZE256];
1630#ifndef OPENSSL_NO_POSIX_IO
1631 FILE *dbfp;
1632 struct stat dbst;
1633#endif
1634
1635 in = BIO_new_file(dbfile, "r");
1636 if (in == NULL((void*)0))
1637 goto err;
1638
1639#ifndef OPENSSL_NO_POSIX_IO
1640 BIO_get_fp(in, &dbfp)BIO_ctrl(in,107,0,(char *)(&dbfp));
1641 if (fstat(fileno(dbfp), &dbst) == -1) {
1642 ERR_raise_data(ERR_new(), ERR_set_debug("../deps/openssl/openssl/apps/lib/apps.c"
,1642,__func__), ERR_set_error)
(ERR_LIB_SYS2, errno(*__errno_location ()),
1643 "calling fstat(%s)", dbfile);
1644 goto err;
1645 }
1646#endif
1647
1648 if ((tmpdb = TXT_DB_read(in, DB_NUMBER6)) == NULL((void*)0))
1649 goto err;
1650
1651#ifndef OPENSSL_SYS_VMS
1652 BIO_snprintf(buf, sizeof(buf), "%s.attr", dbfile);
1653#else
1654 BIO_snprintf(buf, sizeof(buf), "%s-attr", dbfile);
1655#endif
1656 dbattr_conf = app_load_config_quiet(buf)app_load_config_internal(buf, 1);
1657
1658 retdb = app_malloc(sizeof(*retdb), "new DB");
1659 retdb->db = tmpdb;
1660 tmpdb = NULL((void*)0);
1661 if (db_attr)
1662 retdb->attributes = *db_attr;
1663 else {
1664 retdb->attributes.unique_subject = 1;
1665 }
1666
1667 if (dbattr_conf) {
1668 char *p = NCONF_get_string(dbattr_conf, NULL((void*)0), "unique_subject");
1669 if (p) {
1670 retdb->attributes.unique_subject = parse_yesno(p, 1);
1671 }
1672 }
1673
1674 retdb->dbfname = OPENSSL_strdup(dbfile)CRYPTO_strdup(dbfile, "../deps/openssl/openssl/apps/lib/apps.c"
, 1674)
;
1675#ifndef OPENSSL_NO_POSIX_IO
1676 retdb->dbst = dbst;
1677#endif
1678
1679 err:
1680 ERR_print_errors(bio_err);
1681 NCONF_free(dbattr_conf);
1682 TXT_DB_free(tmpdb);
1683 BIO_free_all(in);
1684 return retdb;
1685}
1686
1687/*
1688 * Returns > 0 on success, <= 0 on error
1689 */
1690int index_index(CA_DB *db)
1691{
1692 if (!TXT_DB_create_index(db->db, DB_serial3, NULL((void*)0),
1693 LHASH_HASH_FN(index_serial)index_serial_LHASH_HASH,
1694 LHASH_COMP_FN(index_serial)index_serial_LHASH_COMP)) {
1695 BIO_printf(bio_err,
1696 "Error creating serial number index:(%ld,%ld,%ld)\n",
1697 db->db->error, db->db->arg1, db->db->arg2);
1698 goto err;
1699 }
1700
1701 if (db->attributes.unique_subject
1702 && !TXT_DB_create_index(db->db, DB_name5, index_name_qual,
1703 LHASH_HASH_FN(index_name)index_name_LHASH_HASH,
1704 LHASH_COMP_FN(index_name)index_name_LHASH_COMP)) {
1705 BIO_printf(bio_err, "Error creating name index:(%ld,%ld,%ld)\n",
1706 db->db->error, db->db->arg1, db->db->arg2);
1707 goto err;
1708 }
1709 return 1;
1710 err:
1711 ERR_print_errors(bio_err);
1712 return 0;
1713}
1714
1715int save_index(const char *dbfile, const char *suffix, CA_DB *db)
1716{
1717 char buf[3][BSIZE256];
1718 BIO *out;
1719 int j;
1720
1721 j = strlen(dbfile) + strlen(suffix);
1722 if (j + 6 >= BSIZE256) {
1723 BIO_printf(bio_err, "File name too long\n");
1724 goto err;
1725 }
1726#ifndef OPENSSL_SYS_VMS
1727 j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr", dbfile);
1728 j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.attr.%s", dbfile, suffix);
1729 j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, suffix);
1730#else
1731 j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr", dbfile);
1732 j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-attr-%s", dbfile, suffix);
1733 j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, suffix);
1734#endif
1735 out = BIO_new_file(buf[0], "w");
1736 if (out == NULL((void*)0)) {
1737 perror(dbfile);
1738 BIO_printf(bio_err, "Unable to open '%s'\n", dbfile);
1739 goto err;
1740 }
1741 j = TXT_DB_write(out, db->db);
1742 BIO_free(out);
1743 if (j <= 0)
1744 goto err;
1745
1746 out = BIO_new_file(buf[1], "w");
1747 if (out == NULL((void*)0)) {
1748 perror(buf[2]);
1749 BIO_printf(bio_err, "Unable to open '%s'\n", buf[2]);
1750 goto err;
1751 }
1752 BIO_printf(out, "unique_subject = %s\n",
1753 db->attributes.unique_subject ? "yes" : "no");
1754 BIO_free(out);
1755
1756 return 1;
1757 err:
1758 ERR_print_errors(bio_err);
1759 return 0;
1760}
1761
1762int rotate_index(const char *dbfile, const char *new_suffix,
1763 const char *old_suffix)
1764{
1765 char buf[5][BSIZE256];
1766 int i, j;
1767
1768 i = strlen(dbfile) + strlen(old_suffix);
1769 j = strlen(dbfile) + strlen(new_suffix);
1770 if (i > j)
1771 j = i;
1772 if (j + 6 >= BSIZE256) {
1773 BIO_printf(bio_err, "File name too long\n");
1774 goto err;
1775 }
1776#ifndef OPENSSL_SYS_VMS
1777 j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s.attr", dbfile);
1778 j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s.attr.%s", dbfile, old_suffix);
1779 j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr.%s", dbfile, new_suffix);
1780 j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", dbfile, old_suffix);
1781 j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, new_suffix);
1782#else
1783 j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s-attr", dbfile);
1784 j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s-attr-%s", dbfile, old_suffix);
1785 j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr-%s", dbfile, new_suffix);
1786 j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", dbfile, old_suffix);
1787 j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, new_suffix);
1788#endif
1789 if (rename(dbfile, buf[1]) < 0 && errno(*__errno_location ()) != ENOENT2
1790#ifdef ENOTDIR20
1791 && errno(*__errno_location ()) != ENOTDIR20
1792#endif
1793 ) {
1794 BIO_printf(bio_err, "Unable to rename %s to %s\n", dbfile, buf[1]);
1795 perror("reason");
1796 goto err;
1797 }
1798 if (rename(buf[0], dbfile) < 0) {
1799 BIO_printf(bio_err, "Unable to rename %s to %s\n", buf[0], dbfile);
1800 perror("reason");
1801 rename(buf[1], dbfile);
1802 goto err;
1803 }
1804 if (rename(buf[4], buf[3]) < 0 && errno(*__errno_location ()) != ENOENT2
1805#ifdef ENOTDIR20
1806 && errno(*__errno_location ()) != ENOTDIR20
1807#endif
1808 ) {
1809 BIO_printf(bio_err, "Unable to rename %s to %s\n", buf[4], buf[3]);
1810 perror("reason");
1811 rename(dbfile, buf[0]);
1812 rename(buf[1], dbfile);
1813 goto err;
1814 }
1815 if (rename(buf[2], buf[4]) < 0) {
1816 BIO_printf(bio_err, "Unable to rename %s to %s\n", buf[2], buf[4]);
1817 perror("reason");
1818 rename(buf[3], buf[4]);
1819 rename(dbfile, buf[0]);
1820 rename(buf[1], dbfile);
1821 goto err;
1822 }
1823 return 1;
1824 err:
1825 ERR_print_errors(bio_err);
1826 return 0;
1827}
1828
1829void free_index(CA_DB *db)
1830{
1831 if (db) {
1832 TXT_DB_free(db->db);
1833 OPENSSL_free(db->dbfname)CRYPTO_free(db->dbfname, "../deps/openssl/openssl/apps/lib/apps.c"
, 1833)
;
1834 OPENSSL_free(db)CRYPTO_free(db, "../deps/openssl/openssl/apps/lib/apps.c", 1834
)
;
1835 }
1836}
1837
1838int parse_yesno(const char *str, int def)
1839{
1840 if (str) {
1841 switch (*str) {
1842 case 'f': /* false */
1843 case 'F': /* FALSE */
1844 case 'n': /* no */
1845 case 'N': /* NO */
1846 case '0': /* 0 */
1847 return 0;
1848 case 't': /* true */
1849 case 'T': /* TRUE */
1850 case 'y': /* yes */
1851 case 'Y': /* YES */
1852 case '1': /* 1 */
1853 return 1;
1854 }
1855 }
1856 return def;
1857}
1858
1859/*
1860 * name is expected to be in the format /type0=value0/type1=value1/type2=...
1861 * where + can be used instead of / to form multi-valued RDNs if canmulti
1862 * and characters may be escaped by \
1863 */
1864X509_NAME *parse_name(const char *cp, int chtype, int canmulti,
1865 const char *desc)
1866{
1867 int nextismulti = 0;
1868 char *work;
1869 X509_NAME *n;
1870
1871 if (*cp++ != '/') {
1872 BIO_printf(bio_err,
1873 "%s: %s name is expected to be in the format "
1874 "/type0=value0/type1=value1/type2=... where characters may "
1875 "be escaped by \\. This name is not in that format: '%s'\n",
1876 opt_getprog(), desc, --cp);
1877 return NULL((void*)0);
1878 }
1879
1880 n = X509_NAME_new();
1881 if (n == NULL((void*)0)) {
1882 BIO_printf(bio_err, "%s: Out of memory\n", opt_getprog());
1883 return NULL((void*)0);
1884 }
1885 work = OPENSSL_strdup(cp)CRYPTO_strdup(cp, "../deps/openssl/openssl/apps/lib/apps.c", 1885
)
;
1886 if (work == NULL((void*)0)) {
1887 BIO_printf(bio_err, "%s: Error copying %s name input\n",
1888 opt_getprog(), desc);
1889 goto err;
1890 }
1891
1892 while (*cp != '\0') {
1893 char *bp = work;
1894 char *typestr = bp;
1895 unsigned char *valstr;
1896 int nid;
1897 int ismulti = nextismulti;
1898 nextismulti = 0;
1899
1900 /* Collect the type */
1901 while (*cp != '\0' && *cp != '=')
1902 *bp++ = *cp++;
1903 *bp++ = '\0';
1904 if (*cp == '\0') {
1905 BIO_printf(bio_err,
1906 "%s: Missing '=' after RDN type string '%s' in %s name string\n",
1907 opt_getprog(), typestr, desc);
1908 goto err;
1909 }
1910 ++cp;
1911
1912 /* Collect the value. */
1913 valstr = (unsigned char *)bp;
1914 for (; *cp != '\0' && *cp != '/'; *bp++ = *cp++) {
1915 /* unescaped '+' symbol string signals further member of multiRDN */
1916 if (canmulti && *cp == '+') {
1917 nextismulti = 1;
1918 break;
1919 }
1920 if (*cp == '\\' && *++cp == '\0') {
1921 BIO_printf(bio_err,
1922 "%s: Escape character at end of %s name string\n",
1923 opt_getprog(), desc);
1924 goto err;
1925 }
1926 }
1927 *bp++ = '\0';
1928
1929 /* If not at EOS (must be + or /), move forward. */
1930 if (*cp != '\0')
1931 ++cp;
1932
1933 /* Parse */
1934 nid = OBJ_txt2nid(typestr);
1935 if (nid == NID_undef0) {
1936 BIO_printf(bio_err,
1937 "%s: Skipping unknown %s name attribute \"%s\"\n",
1938 opt_getprog(), desc, typestr);
1939 if (ismulti)
1940 BIO_printf(bio_err,
1941 "Hint: a '+' in a value string needs be escaped using '\\' else a new member of a multi-valued RDN is expected\n");
1942 continue;
1943 }
1944 if (*valstr == '\0') {
1945 BIO_printf(bio_err,
1946 "%s: No value provided for %s name attribute \"%s\", skipped\n",
1947 opt_getprog(), desc, typestr);
1948 continue;
1949 }
1950 if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
1951 valstr, strlen((char *)valstr),
1952 -1, ismulti ? -1 : 0)) {
1953 ERR_print_errors(bio_err);
1954 BIO_printf(bio_err,
1955 "%s: Error adding %s name attribute \"/%s=%s\"\n",
1956 opt_getprog(), desc, typestr ,valstr);
1957 goto err;
1958 }
1959 }
1960
1961 OPENSSL_free(work)CRYPTO_free(work, "../deps/openssl/openssl/apps/lib/apps.c", 1961
)
;
1962 return n;
1963
1964 err:
1965 X509_NAME_free(n);
1966 OPENSSL_free(work)CRYPTO_free(work, "../deps/openssl/openssl/apps/lib/apps.c", 1966
)
;
1967 return NULL((void*)0);
1968}
1969
1970/*
1971 * Read whole contents of a BIO into an allocated memory buffer and return
1972 * it.
1973 */
1974
1975int bio_to_mem(unsigned char **out, int maxlen, BIO *in)
1976{
1977 BIO *mem;
1978 int len, ret;
1979 unsigned char tbuf[1024];
1980
1981 mem = BIO_new(BIO_s_mem());
1982 if (mem == NULL((void*)0))
1983 return -1;
1984 for (;;) {
1985 if ((maxlen != -1) && maxlen < 1024)
1986 len = maxlen;
1987 else
1988 len = 1024;
1989 len = BIO_read(in, tbuf, len);
1990 if (len < 0) {
1991 BIO_free(mem);
1992 return -1;
1993 }
1994 if (len == 0)
1995 break;
1996 if (BIO_write(mem, tbuf, len) != len) {
1997 BIO_free(mem);
1998 return -1;
1999 }
2000 maxlen -= len;
2001
2002 if (maxlen == 0)
2003 break;
2004 }
2005 ret = BIO_get_mem_data(mem, (char **)out)BIO_ctrl(mem,3,0,(char *)((char **)out));
2006 BIO_set_flags(mem, BIO_FLAGS_MEM_RDONLY0x200);
2007 BIO_free(mem);
2008 return ret;
2009}
2010
2011int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value)
2012{
2013 int rv = 0;
2014 char *stmp, *vtmp = NULL((void*)0);
2015
2016 stmp = OPENSSL_strdup(value)CRYPTO_strdup(value, "../deps/openssl/openssl/apps/lib/apps.c"
, 2016)
;
2017 if (stmp == NULL((void*)0))
2018 return -1;
2019 vtmp = strchr(stmp, ':');
2020 if (vtmp == NULL((void*)0))
2021 goto err;
2022
2023 *vtmp = 0;
2024 vtmp++;
2025 rv = EVP_PKEY_CTX_ctrl_str(ctx, stmp, vtmp);
2026
2027 err:
2028 OPENSSL_free(stmp)CRYPTO_free(stmp, "../deps/openssl/openssl/apps/lib/apps.c", 2028
)
;
2029 return rv;
2030}
2031
2032static void nodes_print(const char *name, STACK_OF(X509_POLICY_NODE)struct stack_st_X509_POLICY_NODE *nodes)
2033{
2034 X509_POLICY_NODE *node;
2035 int i;
2036
2037 BIO_printf(bio_err, "%s Policies:", name);
2038 if (nodes) {
2039 BIO_puts(bio_err, "\n");
2040 for (i = 0; i < sk_X509_POLICY_NODE_num(nodes)OPENSSL_sk_num(ossl_check_const_X509_POLICY_NODE_sk_type(nodes
))
; i++) {
2041 node = sk_X509_POLICY_NODE_value(nodes, i)((X509_POLICY_NODE *)OPENSSL_sk_value(ossl_check_const_X509_POLICY_NODE_sk_type
(nodes), (i)))
;
2042 X509_POLICY_NODE_print(bio_err, node, 2);
2043 }
2044 } else {
2045 BIO_puts(bio_err, " <empty>\n");
2046 }
2047}
2048
2049void policies_print(X509_STORE_CTX *ctx)
2050{
2051 X509_POLICY_TREE *tree;
2052 int explicit_policy;
2053 tree = X509_STORE_CTX_get0_policy_tree(ctx);
2054 explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx);
2055
2056 BIO_printf(bio_err, "Require explicit Policy: %s\n",
2057 explicit_policy ? "True" : "False");
2058
2059 nodes_print("Authority", X509_policy_tree_get0_policies(tree));
2060 nodes_print("User", X509_policy_tree_get0_user_policies(tree));
2061}
2062
2063/*-
2064 * next_protos_parse parses a comma separated list of strings into a string
2065 * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
2066 * outlen: (output) set to the length of the resulting buffer on success.
2067 * err: (maybe NULL) on failure, an error message line is written to this BIO.
2068 * in: a NUL terminated string like "abc,def,ghi"
2069 *
2070 * returns: a malloc'd buffer or NULL on failure.
2071 */
2072unsigned char *next_protos_parse(size_t *outlen, const char *in)
2073{
2074 size_t len;
2075 unsigned char *out;
2076 size_t i, start = 0;
2077 size_t skipped = 0;
2078
2079 len = strlen(in);
2080 if (len == 0 || len >= 65535)
2081 return NULL((void*)0);
2082
2083 out = app_malloc(len + 1, "NPN buffer");
2084 for (i = 0; i <= len; ++i) {
2085 if (i == len || in[i] == ',') {
2086 /*
2087 * Zero-length ALPN elements are invalid on the wire, we could be
2088 * strict and reject the entire string, but just ignoring extra
2089 * commas seems harmless and more friendly.
2090 *
2091 * Every comma we skip in this way puts the input buffer another
2092 * byte ahead of the output buffer, so all stores into the output
2093 * buffer need to be decremented by the number commas skipped.
2094 */
2095 if (i == start) {
2096 ++start;
2097 ++skipped;
2098 continue;
2099 }
2100 if (i - start > 255) {
2101 OPENSSL_free(out)CRYPTO_free(out, "../deps/openssl/openssl/apps/lib/apps.c", 2101
)
;
2102 return NULL((void*)0);
2103 }
2104 out[start-skipped] = (unsigned char)(i - start);
2105 start = i + 1;
2106 } else {
2107 out[i + 1 - skipped] = in[i];
2108 }
2109 }
2110
2111 if (len <= skipped) {
2112 OPENSSL_free(out)CRYPTO_free(out, "../deps/openssl/openssl/apps/lib/apps.c", 2112
)
;
2113 return NULL((void*)0);
2114 }
2115
2116 *outlen = len + 1 - skipped;
2117 return out;
2118}
2119
2120void print_cert_checks(BIO *bio, X509 *x,
2121 const char *checkhost,
2122 const char *checkemail, const char *checkip)
2123{
2124 if (x == NULL((void*)0))
2125 return;
2126 if (checkhost) {
2127 BIO_printf(bio, "Hostname %s does%s match certificate\n",
2128 checkhost,
2129 X509_check_host(x, checkhost, 0, 0, NULL((void*)0)) == 1
2130 ? "" : " NOT");
2131 }
2132
2133 if (checkemail) {
2134 BIO_printf(bio, "Email %s does%s match certificate\n",
2135 checkemail, X509_check_email(x, checkemail, 0, 0)
2136 ? "" : " NOT");
2137 }
2138
2139 if (checkip) {
2140 BIO_printf(bio, "IP %s does%s match certificate\n",
2141 checkip, X509_check_ip_asc(x, checkip, 0) ? "" : " NOT");
2142 }
2143}
2144
2145static int do_pkey_ctx_init(EVP_PKEY_CTX *pkctx, STACK_OF(OPENSSL_STRING)struct stack_st_OPENSSL_STRING *opts)
2146{
2147 int i;
2148
2149 if (opts == NULL((void*)0))
2150 return 1;
2151
2152 for (i = 0; i < sk_OPENSSL_STRING_num(opts)OPENSSL_sk_num(ossl_check_const_OPENSSL_STRING_sk_type(opts)); i++) {
2153 char *opt = sk_OPENSSL_STRING_value(opts, i)((char *)OPENSSL_sk_value(ossl_check_const_OPENSSL_STRING_sk_type
(opts), (i)))
;
2154 if (pkey_ctrl_string(pkctx, opt) <= 0) {
2155 BIO_printf(bio_err, "parameter error \"%s\"\n", opt);
2156 ERR_print_errors(bio_err);
2157 return 0;
2158 }
2159 }
2160
2161 return 1;
2162}
2163
2164static int do_x509_init(X509 *x, STACK_OF(OPENSSL_STRING)struct stack_st_OPENSSL_STRING *opts)
2165{
2166 int i;
2167
2168 if (opts == NULL((void*)0))
2169 return 1;
2170
2171 for (i = 0; i < sk_OPENSSL_STRING_num(opts)OPENSSL_sk_num(ossl_check_const_OPENSSL_STRING_sk_type(opts)); i++) {
2172 char *opt = sk_OPENSSL_STRING_value(opts, i)((char *)OPENSSL_sk_value(ossl_check_const_OPENSSL_STRING_sk_type
(opts), (i)))
;
2173 if (x509_ctrl_string(x, opt) <= 0) {
2174 BIO_printf(bio_err, "parameter error \"%s\"\n", opt);
2175 ERR_print_errors(bio_err);
2176 return 0;
2177 }
2178 }
2179
2180 return 1;
2181}
2182
2183static int do_x509_req_init(X509_REQ *x, STACK_OF(OPENSSL_STRING)struct stack_st_OPENSSL_STRING *opts)
2184{
2185 int i;
2186
2187 if (opts == NULL((void*)0))
2188 return 1;
2189
2190 for (i = 0; i < sk_OPENSSL_STRING_num(opts)OPENSSL_sk_num(ossl_check_const_OPENSSL_STRING_sk_type(opts)); i++) {
2191 char *opt = sk_OPENSSL_STRING_value(opts, i)((char *)OPENSSL_sk_value(ossl_check_const_OPENSSL_STRING_sk_type
(opts), (i)))
;
2192 if (x509_req_ctrl_string(x, opt) <= 0) {
2193 BIO_printf(bio_err, "parameter error \"%s\"\n", opt);
2194 ERR_print_errors(bio_err);
2195 return 0;
2196 }
2197 }
2198
2199 return 1;
2200}
2201
2202static int do_sign_init(EVP_MD_CTX *ctx, EVP_PKEY *pkey,
2203 const char *md, STACK_OF(OPENSSL_STRING)struct stack_st_OPENSSL_STRING *sigopts)
2204{
2205 EVP_PKEY_CTX *pkctx = NULL((void*)0);
2206 char def_md[80];
2207
2208 if (ctx == NULL((void*)0))
2209 return 0;
2210 /*
2211 * EVP_PKEY_get_default_digest_name() returns 2 if the digest is mandatory
2212 * for this algorithm.
2213 */
2214 if (EVP_PKEY_get_default_digest_name(pkey, def_md, sizeof(def_md)) == 2
2215 && strcmp(def_md, "UNDEF") == 0) {
2216 /* The signing algorithm requires there to be no digest */
2217 md = NULL((void*)0);
2218 }
2219
2220 return EVP_DigestSignInit_ex(ctx, &pkctx, md, app_get0_libctx(),
2221 app_get0_propq(), pkey, NULL((void*)0))
2222 && do_pkey_ctx_init(pkctx, sigopts);
2223}
2224
2225static int adapt_keyid_ext(X509 *cert, X509V3_CTX *ext_ctx,
2226 const char *name, const char *value, int add_default)
2227{
2228 const STACK_OF(X509_EXTENSION)struct stack_st_X509_EXTENSION *exts = X509_get0_extensions(cert);
2229 X509_EXTENSION *new_ext = X509V3_EXT_nconf(NULL((void*)0), ext_ctx, name, value);
2230 int idx, rv = 0;
2231
2232 if (new_ext == NULL((void*)0))
2233 return rv;
2234
2235 idx = X509v3_get_ext_by_OBJ(exts, X509_EXTENSION_get_object(new_ext), -1);
2236 if (idx >= 0) {
2237 X509_EXTENSION *found_ext = X509v3_get_ext(exts, idx);
2238 ASN1_OCTET_STRING *data = X509_EXTENSION_get_data(found_ext);
2239 int disabled = ASN1_STRING_length(data) <= 2; /* config said "none" */
2240
2241 if (disabled) {
2242 X509_delete_ext(cert, idx);
2243 X509_EXTENSION_free(found_ext);
2244 } /* else keep existing key identifier, which might be outdated */
2245 rv = 1;
2246 } else {
2247 rv = !add_default || X509_add_ext(cert, new_ext, -1);
2248 }
2249 X509_EXTENSION_free(new_ext);
2250 return rv;
2251}
2252
2253/* Ensure RFC 5280 compliance, adapt keyIDs as needed, and sign the cert info */
2254int do_X509_sign(X509 *cert, EVP_PKEY *pkey, const char *md,
2255 STACK_OF(OPENSSL_STRING)struct stack_st_OPENSSL_STRING *sigopts, X509V3_CTX *ext_ctx)
2256{
2257 const STACK_OF(X509_EXTENSION)struct stack_st_X509_EXTENSION *exts = X509_get0_extensions(cert);
2258 EVP_MD_CTX *mctx = EVP_MD_CTX_new();
2259 int self_sign;
2260 int rv = 0;
2261
2262 if (sk_X509_EXTENSION_num(exts /* may be NULL */)OPENSSL_sk_num(ossl_check_const_X509_EXTENSION_sk_type(exts)) > 0) {
2263 /* Prevent X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3 */
2264 if (!X509_set_version(cert, X509_VERSION_32))
2265 goto end;
2266
2267 /*
2268 * Add default SKID before such that default AKID can make use of it
2269 * in case the certificate is self-signed
2270 */
2271 /* Prevent X509_V_ERR_MISSING_SUBJECT_KEY_IDENTIFIER */
2272 if (!adapt_keyid_ext(cert, ext_ctx, "subjectKeyIdentifier", "hash", 1))
2273 goto end;
2274 /* Prevent X509_V_ERR_MISSING_AUTHORITY_KEY_IDENTIFIER */
2275 ERR_set_mark();
2276 self_sign = X509_check_private_key(cert, pkey);
2277 ERR_pop_to_mark();
2278 if (!adapt_keyid_ext(cert, ext_ctx, "authorityKeyIdentifier",
2279 "keyid, issuer", !self_sign))
2280 goto end;
2281 }
2282
2283 if (mctx != NULL((void*)0) && do_sign_init(mctx, pkey, md, sigopts) > 0)
2284 rv = (X509_sign_ctx(cert, mctx) > 0);
2285 end:
2286 EVP_MD_CTX_free(mctx);
2287 return rv;
2288}
2289
2290/* Sign the certificate request info */
2291int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const char *md,
2292 STACK_OF(OPENSSL_STRING)struct stack_st_OPENSSL_STRING *sigopts)
2293{
2294 int rv = 0;
2295 EVP_MD_CTX *mctx = EVP_MD_CTX_new();
2296
2297 if (do_sign_init(mctx, pkey, md, sigopts) > 0)
2298 rv = (X509_REQ_sign_ctx(x, mctx) > 0);
2299 EVP_MD_CTX_free(mctx);
2300 return rv;
2301}
2302
2303/* Sign the CRL info */
2304int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const char *md,
2305 STACK_OF(OPENSSL_STRING)struct stack_st_OPENSSL_STRING *sigopts)
2306{
2307 int rv = 0;
2308 EVP_MD_CTX *mctx = EVP_MD_CTX_new();
2309
2310 if (do_sign_init(mctx, pkey, md, sigopts) > 0)
2311 rv = (X509_CRL_sign_ctx(x, mctx) > 0);
2312 EVP_MD_CTX_free(mctx);
2313 return rv;
2314}
2315
2316/*
2317 * do_X509_verify returns 1 if the signature is valid,
2318 * 0 if the signature check fails, or -1 if error occurs.
2319 */
2320int do_X509_verify(X509 *x, EVP_PKEY *pkey, STACK_OF(OPENSSL_STRING)struct stack_st_OPENSSL_STRING *vfyopts)
2321{
2322 int rv = 0;
2323
2324 if (do_x509_init(x, vfyopts) > 0)
2325 rv = X509_verify(x, pkey);
2326 else
2327 rv = -1;
2328 return rv;
2329}
2330
2331/*
2332 * do_X509_REQ_verify returns 1 if the signature is valid,
2333 * 0 if the signature check fails, or -1 if error occurs.
2334 */
2335int do_X509_REQ_verify(X509_REQ *x, EVP_PKEY *pkey,
2336 STACK_OF(OPENSSL_STRING)struct stack_st_OPENSSL_STRING *vfyopts)
2337{
2338 int rv = 0;
2339
2340 if (do_x509_req_init(x, vfyopts) > 0)
2341 rv = X509_REQ_verify_ex(x, pkey,
2342 app_get0_libctx(), app_get0_propq());
2343 else
2344 rv = -1;
2345 return rv;
2346}
2347
2348/* Get first http URL from a DIST_POINT structure */
2349
2350static const char *get_dp_url(DIST_POINT *dp)
2351{
2352 GENERAL_NAMES *gens;
2353 GENERAL_NAME *gen;
2354 int i, gtype;
2355 ASN1_STRING *uri;
2356 if (!dp->distpoint || dp->distpoint->type != 0)
2357 return NULL((void*)0);
2358 gens = dp->distpoint->name.fullname;
2359 for (i = 0; i < sk_GENERAL_NAME_num(gens)OPENSSL_sk_num(ossl_check_const_GENERAL_NAME_sk_type(gens)); i++) {
2360 gen = sk_GENERAL_NAME_value(gens, i)((GENERAL_NAME *)OPENSSL_sk_value(ossl_check_const_GENERAL_NAME_sk_type
(gens), (i)))
;
2361 uri = GENERAL_NAME_get0_value(gen, &gtype);
2362 if (gtype == GEN_URI6 && ASN1_STRING_length(uri) > 6) {
2363 const char *uptr = (const char *)ASN1_STRING_get0_data(uri);
2364
2365 if (IS_HTTP(uptr)((uptr) != ((void*)0) && strncmp(uptr, "http""://", strlen
("http""://")) == 0)
) /* can/should not use HTTPS here */
2366 return uptr;
2367 }
2368 }
2369 return NULL((void*)0);
2370}
2371
2372/*
2373 * Look through a CRLDP structure and attempt to find an http URL to
2374 * downloads a CRL from.
2375 */
2376
2377static X509_CRL *load_crl_crldp(STACK_OF(DIST_POINT)struct stack_st_DIST_POINT *crldp)
2378{
2379 int i;
2380 const char *urlptr = NULL((void*)0);
2381 for (i = 0; i < sk_DIST_POINT_num(crldp)OPENSSL_sk_num(ossl_check_const_DIST_POINT_sk_type(crldp)); i++) {
2382 DIST_POINT *dp = sk_DIST_POINT_value(crldp, i)((DIST_POINT *)OPENSSL_sk_value(ossl_check_const_DIST_POINT_sk_type
(crldp), (i)))
;
2383 urlptr = get_dp_url(dp);
2384 if (urlptr != NULL((void*)0))
2385 return load_crl(urlptr, FORMAT_UNDEF0, 0, "CRL via CDP");
2386 }
2387 return NULL((void*)0);
2388}
2389
2390/*
2391 * Example of downloading CRLs from CRLDP:
2392 * not usable for real world as it always downloads and doesn't cache anything.
2393 */
2394
2395static STACK_OF(X509_CRL)struct stack_st_X509_CRL *crls_http_cb(const X509_STORE_CTX *ctx,
2396 const X509_NAME *nm)
2397{
2398 X509 *x;
2399 STACK_OF(X509_CRL)struct stack_st_X509_CRL *crls = NULL((void*)0);
2400 X509_CRL *crl;
2401 STACK_OF(DIST_POINT)struct stack_st_DIST_POINT *crldp;
2402
2403 crls = sk_X509_CRL_new_null()((struct stack_st_X509_CRL *)OPENSSL_sk_new_null());
2404 if (!crls)
2405 return NULL((void*)0);
2406 x = X509_STORE_CTX_get_current_cert(ctx);
2407 crldp = X509_get_ext_d2i(x, NID_crl_distribution_points103, NULL((void*)0), NULL((void*)0));
2408 crl = load_crl_crldp(crldp);
2409 sk_DIST_POINT_pop_free(crldp, DIST_POINT_free)OPENSSL_sk_pop_free(ossl_check_DIST_POINT_sk_type(crldp),ossl_check_DIST_POINT_freefunc_type
(DIST_POINT_free))
;
2410 if (!crl) {
2411 sk_X509_CRL_free(crls)OPENSSL_sk_free(ossl_check_X509_CRL_sk_type(crls));
2412 return NULL((void*)0);
2413 }
2414 sk_X509_CRL_push(crls, crl)OPENSSL_sk_push(ossl_check_X509_CRL_sk_type(crls), ossl_check_X509_CRL_type
(crl))
;
2415 /* Try to download delta CRL */
2416 crldp = X509_get_ext_d2i(x, NID_freshest_crl857, NULL((void*)0), NULL((void*)0));
2417 crl = load_crl_crldp(crldp);
2418 sk_DIST_POINT_pop_free(crldp, DIST_POINT_free)OPENSSL_sk_pop_free(ossl_check_DIST_POINT_sk_type(crldp),ossl_check_DIST_POINT_freefunc_type
(DIST_POINT_free))
;
2419 if (crl)
2420 sk_X509_CRL_push(crls, crl)OPENSSL_sk_push(ossl_check_X509_CRL_sk_type(crls), ossl_check_X509_CRL_type
(crl))
;
2421 return crls;
2422}
2423
2424void store_setup_crl_download(X509_STORE *st)
2425{
2426 X509_STORE_set_lookup_crls_cb(st, crls_http_cb)X509_STORE_set_lookup_crls((st), (crls_http_cb));
2427}
2428
2429#ifndef OPENSSL_NO_SOCK
2430static const char *tls_error_hint(void)
2431{
2432 unsigned long err = ERR_peek_error();
2433
2434 if (ERR_GET_LIB(err) != ERR_LIB_SSL20)
2435 err = ERR_peek_last_error();
2436 if (ERR_GET_LIB(err) != ERR_LIB_SSL20)
2437 return NULL((void*)0);
2438
2439 switch (ERR_GET_REASON(err)) {
2440 case SSL_R_WRONG_VERSION_NUMBER267:
2441 return "The server does not support (a suitable version of) TLS";
2442 case SSL_R_UNKNOWN_PROTOCOL252:
2443 return "The server does not support HTTPS";
2444 case SSL_R_CERTIFICATE_VERIFY_FAILED134:
2445 return "Cannot authenticate server via its TLS certificate, likely due to mismatch with our trusted TLS certs or missing revocation status";
2446 case SSL_AD_REASON_OFFSET1000 + TLS1_AD_UNKNOWN_CA48:
2447 return "Server did not accept our TLS certificate, likely due to mismatch with server's trust anchor or missing revocation status";
2448 case SSL_AD_REASON_OFFSET1000 + SSL3_AD_HANDSHAKE_FAILURE40:
2449 return "TLS handshake failure. Possibly the server requires our TLS certificate but did not receive it";
2450 default: /* no error or no hint available for error */
2451 return NULL((void*)0);
2452 }
2453}
2454
2455/* HTTP callback function that supports TLS connection also via HTTPS proxy */
2456BIO *app_http_tls_cb(BIO *bio, void *arg, int connect, int detail)
2457{
2458 APP_HTTP_TLS_INFO *info = (APP_HTTP_TLS_INFO *)arg;
2459 SSL_CTX *ssl_ctx = info->ssl_ctx;
2460
2461 if (connect && detail) { /* connecting with TLS */
2462 SSL *ssl;
2463 BIO *sbio = NULL((void*)0);
2464
2465 /* adapt after fixing callback design flaw, see #17088 */
2466 if ((info->use_proxy
2467 && !OSSL_HTTP_proxy_connect(bio, info->server, info->port,
2468 NULL((void*)0), NULL((void*)0), /* no proxy credentials */
2469 info->timeout, bio_err, opt_getprog()))
2470 || (sbio = BIO_new(BIO_f_ssl())) == NULL((void*)0)) {
2471 return NULL((void*)0);
2472 }
2473 if (ssl_ctx == NULL((void*)0) || (ssl = SSL_new(ssl_ctx)) == NULL((void*)0)) {
2474 BIO_free(sbio);
2475 return NULL((void*)0);
2476 }
2477
2478 /* adapt after fixing callback design flaw, see #17088 */
2479 SSL_set_tlsext_host_name(ssl, info->server)SSL_ctrl(ssl,55,0, (void *)info->server); /* not critical to do */
2480
2481 SSL_set_connect_state(ssl);
2482 BIO_set_ssl(sbio, ssl, BIO_CLOSE)BIO_ctrl(sbio,109,0x01,(char *)(ssl));
2483
2484 bio = BIO_push(sbio, bio);
2485 }
2486 if (!connect) {
2487 const char *hint;
2488 BIO *cbio;
2489
2490 if (!detail) { /* disconnecting after error */
2491 hint = tls_error_hint();
2492 if (hint != NULL((void*)0))
2493 ERR_add_error_data(2, " : ", hint);
2494 }
2495 if (ssl_ctx != NULL((void*)0)) {
2496 (void)ERR_set_mark();
2497 BIO_ssl_shutdown(bio);
2498 cbio = BIO_pop(bio); /* connect+HTTP BIO */
2499 BIO_free(bio); /* SSL BIO */
2500 (void)ERR_pop_to_mark(); /* hide SSL_R_READ_BIO_NOT_SET etc. */
2501 bio = cbio;
2502 }
2503 }
2504 return bio;
2505}
2506
2507void APP_HTTP_TLS_INFO_free(APP_HTTP_TLS_INFO *info)
2508{
2509 if (info != NULL((void*)0)) {
2510 SSL_CTX_free(info->ssl_ctx);
2511 OPENSSL_free(info)CRYPTO_free(info, "../deps/openssl/openssl/apps/lib/apps.c", 2511
)
;
2512 }
2513}
2514
2515ASN1_VALUE *app_http_get_asn1(const char *url, const char *proxy,
2516 const char *no_proxy, SSL_CTX *ssl_ctx,
2517 const STACK_OF(CONF_VALUE)struct stack_st_CONF_VALUE *headers,
2518 long timeout, const char *expected_content_type,
2519 const ASN1_ITEM *it)
2520{
2521 APP_HTTP_TLS_INFO info;
2522 char *server;
2523 char *port;
2524 int use_ssl;
2525 BIO *mem;
2526 ASN1_VALUE *resp = NULL((void*)0);
2527
2528 if (url == NULL((void*)0) || it == NULL((void*)0)) {
2529 ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/apps/lib/apps.c"
,2529,__func__), ERR_set_error)((61),((258|((0x1 << 18L
)|(0x2 << 18L)))),((void*)0))
;
2530 return NULL((void*)0);
2531 }
2532
2533 if (!OSSL_HTTP_parse_url(url, &use_ssl, NULL((void*)0) /* userinfo */, &server, &port,
2534 NULL((void*)0) /* port_num, */, NULL((void*)0), NULL((void*)0), NULL((void*)0)))
2535 return NULL((void*)0);
2536 if (use_ssl && ssl_ctx == NULL((void*)0)) {
2537 ERR_raise_data(ERR_new(), ERR_set_debug("../deps/openssl/openssl/apps/lib/apps.c"
,2537,__func__), ERR_set_error)
(ERR_LIB_HTTP61, ERR_R_PASSED_NULL_PARAMETER(258|((0x1 << 18L)|(0x2 << 18L))),
2538 "missing SSL_CTX");
2539 goto end;
2540 }
2541
2542 info.server = server;
2543 info.port = port;
2544 info.use_proxy = /* workaround for callback design flaw, see #17088 */
2545 OSSL_HTTP_adapt_proxy(proxy, no_proxy, server, use_ssl) != NULL((void*)0);
2546 info.timeout = timeout;
2547 info.ssl_ctx = ssl_ctx;
2548 mem = OSSL_HTTP_get(url, proxy, no_proxy, NULL((void*)0) /* bio */, NULL((void*)0) /* rbio */,
2549 app_http_tls_cb, &info, 0 /* buf_size */, headers,
2550 expected_content_type, 1 /* expect_asn1 */,
2551 OSSL_HTTP_DEFAULT_MAX_RESP_LEN(100 * 1024), timeout);
2552 resp = ASN1_item_d2i_bio(it, mem, NULL((void*)0));
2553 BIO_free(mem);
2554
2555 end:
2556 OPENSSL_free(server)CRYPTO_free(server, "../deps/openssl/openssl/apps/lib/apps.c"
, 2556)
;
2557 OPENSSL_free(port)CRYPTO_free(port, "../deps/openssl/openssl/apps/lib/apps.c", 2557
)
;
2558 return resp;
2559
2560}
2561
2562ASN1_VALUE *app_http_post_asn1(const char *host, const char *port,
2563 const char *path, const char *proxy,
2564 const char *no_proxy, SSL_CTX *ssl_ctx,
2565 const STACK_OF(CONF_VALUE)struct stack_st_CONF_VALUE *headers,
2566 const char *content_type,
2567 ASN1_VALUE *req, const ASN1_ITEM *req_it,
2568 const char *expected_content_type,
2569 long timeout, const ASN1_ITEM *rsp_it)
2570{
2571 int use_ssl = ssl_ctx != NULL((void*)0);
2572 APP_HTTP_TLS_INFO info;
2573 BIO *rsp, *req_mem = ASN1_item_i2d_mem_bio(req_it, req);
2574 ASN1_VALUE *res;
2575
2576 if (req_mem == NULL((void*)0))
2577 return NULL((void*)0);
2578
2579 info.server = host;
2580 info.port = port;
2581 info.use_proxy = /* workaround for callback design flaw, see #17088 */
2582 OSSL_HTTP_adapt_proxy(proxy, no_proxy, host, use_ssl) != NULL((void*)0);
2583 info.timeout = timeout;
2584 info.ssl_ctx = ssl_ctx;
2585 rsp = OSSL_HTTP_transfer(NULL((void*)0), host, port, path, use_ssl,
2586 proxy, no_proxy, NULL((void*)0) /* bio */, NULL((void*)0) /* rbio */,
2587 app_http_tls_cb, &info,
2588 0 /* buf_size */, headers, content_type, req_mem,
2589 expected_content_type, 1 /* expect_asn1 */,
2590 OSSL_HTTP_DEFAULT_MAX_RESP_LEN(100 * 1024), timeout,
2591 0 /* keep_alive */);
2592 BIO_free(req_mem);
2593 res = ASN1_item_d2i_bio(rsp_it, rsp, NULL((void*)0));
2594 BIO_free(rsp);
2595 return res;
2596}
2597
2598#endif
2599
2600/*
2601 * Platform-specific sections
2602 */
2603#if defined(_WIN32)
2604# ifdef fileno
2605# undef fileno
2606# define fileno(a) (int)_fileno(a)
2607# endif
2608
2609# include <windows.h>
2610# include <tchar.h>
2611
2612static int WIN32_rename(const char *from, const char *to)
2613{
2614 TCHAR *tfrom = NULL((void*)0), *tto;
2615 DWORD err;
2616 int ret = 0;
2617
2618 if (sizeof(TCHAR) == 1) {
2619 tfrom = (TCHAR *)from;
2620 tto = (TCHAR *)to;
2621 } else { /* UNICODE path */
2622
2623 size_t i, flen = strlen(from) + 1, tlen = strlen(to) + 1;
2624 tfrom = malloc(sizeof(*tfrom) * (flen + tlen));
2625 if (tfrom == NULL((void*)0))
2626 goto err;
2627 tto = tfrom + flen;
2628# if !defined(_WIN32_WCE) || _WIN32_WCE>=101
2629 if (!MultiByteToWideChar(CP_ACP, 0, from, flen, (WCHAR *)tfrom, flen))
2630# endif
2631 for (i = 0; i < flen; i++)
2632 tfrom[i] = (TCHAR)from[i];
2633# if !defined(_WIN32_WCE) || _WIN32_WCE>=101
2634 if (!MultiByteToWideChar(CP_ACP, 0, to, tlen, (WCHAR *)tto, tlen))
2635# endif
2636 for (i = 0; i < tlen; i++)
2637 tto[i] = (TCHAR)to[i];
2638 }
2639
2640 if (MoveFile(tfrom, tto))
2641 goto ok;
2642 err = GetLastError();
2643 if (err == ERROR_ALREADY_EXISTS || err == ERROR_FILE_EXISTS) {
2644 if (DeleteFile(tto) && MoveFile(tfrom, tto))
2645 goto ok;
2646 err = GetLastError();
2647 }
2648 if (err == ERROR_FILE_NOT_FOUND || err == ERROR_PATH_NOT_FOUND)
2649 errno(*__errno_location ()) = ENOENT2;
2650 else if (err == ERROR_ACCESS_DENIED)
2651 errno(*__errno_location ()) = EACCES13;
2652 else
2653 errno(*__errno_location ()) = EINVAL22; /* we could map more codes... */
2654 err:
2655 ret = -1;
2656 ok:
2657 if (tfrom != NULL((void*)0) && tfrom != (TCHAR *)from)
2658 free(tfrom);
2659 return ret;
2660}
2661#endif
2662
2663/* app_tminterval section */
2664#if defined(_WIN32)
2665double app_tminterval(int stop, int usertime)
2666{
2667 FILETIME now;
2668 double ret = 0;
2669 static ULARGE_INTEGER tmstart;
2670 static int warning = 1;
2671# ifdef _WIN32_WINNT
2672 static HANDLE proc = NULL((void*)0);
2673
2674 if (proc == NULL((void*)0)) {
2675 if (check_winnt())
2676 proc = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE,
2677 GetCurrentProcessId());
2678 if (proc == NULL((void*)0))
2679 proc = (HANDLE) - 1;
2680 }
2681
2682 if (usertime && proc != (HANDLE) - 1) {
2683 FILETIME junk;
2684 GetProcessTimes(proc, &junk, &junk, &junk, &now);
2685 } else
2686# endif
2687 {
2688 SYSTEMTIME systime;
2689
2690 if (usertime && warning) {
2691 BIO_printf(bio_err, "To get meaningful results, run "
2692 "this program on idle system.\n");
2693 warning = 0;
2694 }
2695 GetSystemTime(&systime);
2696 SystemTimeToFileTime(&systime, &now);
2697 }
2698
2699 if (stop == TM_START0) {
2700 tmstart.u.LowPart = now.dwLowDateTime;
2701 tmstart.u.HighPart = now.dwHighDateTime;
2702 } else {
2703 ULARGE_INTEGER tmstop;
2704
2705 tmstop.u.LowPart = now.dwLowDateTime;
2706 tmstop.u.HighPart = now.dwHighDateTime;
2707
2708 ret = (__int64)(tmstop.QuadPart - tmstart.QuadPart) * 1e-7;
2709 }
2710
2711 return ret;
2712}
2713#elif defined(OPENSSL_SYS_VXWORKS)
2714# include <time.h>
2715
2716double app_tminterval(int stop, int usertime)
2717{
2718 double ret = 0;
2719# ifdef CLOCK_REALTIME0
2720 static struct timespec tmstart;
2721 struct timespec now;
2722# else
2723 static unsigned long tmstart;
2724 unsigned long now;
2725# endif
2726 static int warning = 1;
2727
2728 if (usertime && warning) {
2729 BIO_printf(bio_err, "To get meaningful results, run "
2730 "this program on idle system.\n");
2731 warning = 0;
2732 }
2733# ifdef CLOCK_REALTIME0
2734 clock_gettime(CLOCK_REALTIME0, &now);
2735 if (stop == TM_START0)
2736 tmstart = now;
2737 else
2738 ret = ((now.tv_sec + now.tv_nsec * 1e-9)
2739 - (tmstart.tv_sec + tmstart.tv_nsec * 1e-9));
2740# else
2741 now = tickGet();
2742 if (stop == TM_START0)
2743 tmstart = now;
2744 else
2745 ret = (now - tmstart) / (double)sysClkRateGet();
2746# endif
2747 return ret;
2748}
2749
2750#elif defined(_SC_CLK_TCK_SC_CLK_TCK) /* by means of unistd.h */
2751# include <sys/times.h>
2752
2753double app_tminterval(int stop, int usertime)
2754{
2755 double ret = 0;
2756 struct tms rus;
2757 clock_t now = times(&rus);
2758 static clock_t tmstart;
2759
2760 if (usertime)
2761 now = rus.tms_utime;
2762
2763 if (stop == TM_START0) {
2764 tmstart = now;
2765 } else {
2766 long int tck = sysconf(_SC_CLK_TCK_SC_CLK_TCK);
2767 ret = (now - tmstart) / (double)tck;
2768 }
2769
2770 return ret;
2771}
2772
2773#else
2774# include <sys/time.h>
2775# include <sys/resource.h>
2776
2777double app_tminterval(int stop, int usertime)
2778{
2779 double ret = 0;
2780 struct rusage rus;
2781 struct timeval now;
2782 static struct timeval tmstart;
2783
2784 if (usertime)
2785 getrusage(RUSAGE_SELF, &rus), now = rus.ru_utime;
2786 else
2787 gettimeofday(&now, NULL((void*)0));
2788
2789 if (stop == TM_START0)
2790 tmstart = now;
2791 else
2792 ret = ((now.tv_sec + now.tv_usec * 1e-6)
2793 - (tmstart.tv_sec + tmstart.tv_usec * 1e-6));
2794
2795 return ret;
2796}
2797#endif
2798
2799int app_access(const char* name, int flag)
2800{
2801#ifdef _WIN32
2802 return _access(name, flag);
2803#else
2804 return access(name, flag);
2805#endif
2806}
2807
2808int app_isdir(const char *name)
2809{
2810 return opt_isdir(name);
2811}
2812
2813/* raw_read|write section */
2814#if defined(__VMS)
2815# include "vms_term_sock.h"
2816static int stdin_sock = -1;
2817
2818static void close_stdin_sock(void)
2819{
2820 TerminalSocket (TERM_SOCK_DELETE, &stdin_sock);
2821}
2822
2823int fileno_stdin(void)
2824{
2825 if (stdin_sock == -1) {
2826 TerminalSocket(TERM_SOCK_CREATE, &stdin_sock);
2827 atexit(close_stdin_sock);
2828 }
2829
2830 return stdin_sock;
2831}
2832#else
2833int fileno_stdin(void)
2834{
2835 return fileno(stdinstdin);
2836}
2837#endif
2838
2839int fileno_stdout(void)
2840{
2841 return fileno(stdoutstdout);
2842}
2843
2844#if defined(_WIN32) && defined(STD_INPUT_HANDLE)
2845int raw_read_stdin(void *buf, int siz)
2846{
2847 DWORD n;
2848 if (ReadFile(GetStdHandle(STD_INPUT_HANDLE), buf, siz, &n, NULL((void*)0)))
2849 return n;
2850 else
2851 return -1;
2852}
2853#elif defined(__VMS)
2854# include <sys/socket.h>
2855
2856int raw_read_stdin(void *buf, int siz)
2857{
2858 return recv(fileno_stdin(), buf, siz, 0);
2859}
2860#else
2861# if defined(__TANDEM)
2862# if defined(OPENSSL_TANDEM_FLOSS)
2863# include <floss.h(floss_read)>
2864# endif
2865# endif
2866int raw_read_stdin(void *buf, int siz)
2867{
2868 return read(fileno_stdin(), buf, siz);
2869}
2870#endif
2871
2872#if defined(_WIN32) && defined(STD_OUTPUT_HANDLE)
2873int raw_write_stdout(const void *buf, int siz)
2874{
2875 DWORD n;
2876 if (WriteFile(GetStdHandle(STD_OUTPUT_HANDLE), buf, siz, &n, NULL((void*)0)))
2877 return n;
2878 else
2879 return -1;
2880}
2881#elif defined(OPENSSL_SYS_TANDEM) && defined(OPENSSL_THREADS1) && defined(_SPT_MODEL_)
2882# if defined(__TANDEM)
2883# if defined(OPENSSL_TANDEM_FLOSS)
2884# include <floss.h(floss_write)>
2885# endif
2886# endif
2887int raw_write_stdout(const void *buf,int siz)
2888{
2889 return write(fileno(stdoutstdout),(void*)buf,siz);
2890}
2891#else
2892# if defined(__TANDEM)
2893# if defined(OPENSSL_TANDEM_FLOSS)
2894# include <floss.h(floss_write)>
2895# endif
2896# endif
2897int raw_write_stdout(const void *buf, int siz)
2898{
2899 return write(fileno_stdout(), buf, siz);
2900}
2901#endif
2902
2903/*
2904 * Centralized handling of input and output files with format specification
2905 * The format is meant to show what the input and output is supposed to be,
2906 * and is therefore a show of intent more than anything else. However, it
2907 * does impact behavior on some platforms, such as differentiating between
2908 * text and binary input/output on non-Unix platforms
2909 */
2910BIO *dup_bio_in(int format)
2911{
2912 return BIO_new_fp(stdinstdin,
2913 BIO_NOCLOSE0x00 | (FMT_istext(format) ? BIO_FP_TEXT0x10 : 0));
2914}
2915
2916BIO *dup_bio_out(int format)
2917{
2918 BIO *b = BIO_new_fp(stdoutstdout,
2919 BIO_NOCLOSE0x00 | (FMT_istext(format) ? BIO_FP_TEXT0x10 : 0));
2920 void *prefix = NULL((void*)0);
2921
2922#ifdef OPENSSL_SYS_VMS
2923 if (FMT_istext(format))
2924 b = BIO_push(BIO_new(BIO_f_linebuffer()), b);
2925#endif
2926
2927 if (FMT_istext(format)
2928 && (prefix = getenv("HARNESS_OSSL_PREFIX")) != NULL((void*)0)) {
2929 b = BIO_push(BIO_new(BIO_f_prefix()), b);
2930 BIO_set_prefix(b, prefix)BIO_ctrl((b), 79, 0, (void *)(prefix));
2931 }
2932
2933 return b;
2934}
2935
2936BIO *dup_bio_err(int format)
2937{
2938 BIO *b = BIO_new_fp(stderrstderr,
2939 BIO_NOCLOSE0x00 | (FMT_istext(format) ? BIO_FP_TEXT0x10 : 0));
2940#ifdef OPENSSL_SYS_VMS
2941 if (FMT_istext(format))
2942 b = BIO_push(BIO_new(BIO_f_linebuffer()), b);
2943#endif
2944 return b;
2945}
2946
2947void unbuffer(FILE *fp)
2948{
2949/*
2950 * On VMS, setbuf() will only take 32-bit pointers, and a compilation
2951 * with /POINTER_SIZE=64 will give off a MAYLOSEDATA2 warning here.
2952 * However, we trust that the C RTL will never give us a FILE pointer
2953 * above the first 4 GB of memory, so we simply turn off the warning
2954 * temporarily.
2955 */
2956#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
2957# pragma environment save
2958# pragma message disable maylosedata2
2959#endif
2960 setbuf(fp, NULL((void*)0));
2961#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
2962# pragma environment restore
2963#endif
2964}
2965
2966static const char *modestr(char mode, int format)
2967{
2968 OPENSSL_assert(mode == 'a' || mode == 'r' || mode == 'w')(void)((mode == 'a' || mode == 'r' || mode == 'w') ? 0 : (OPENSSL_die
("assertion failed: " "mode == 'a' || mode == 'r' || mode == 'w'"
, "../deps/openssl/openssl/apps/lib/apps.c", 2968), 1))
;
2969
2970 switch (mode) {
2971 case 'a':
2972 return FMT_istext(format) ? "a" : "ab";
2973 case 'r':
2974 return FMT_istext(format) ? "r" : "rb";
2975 case 'w':
2976 return FMT_istext(format) ? "w" : "wb";
2977 }
2978 /* The assert above should make sure we never reach this point */
2979 return NULL((void*)0);
2980}
2981
2982static const char *modeverb(char mode)
2983{
2984 switch (mode) {
2985 case 'a':
2986 return "appending";
2987 case 'r':
2988 return "reading";
2989 case 'w':
2990 return "writing";
2991 }
2992 return "(doing something)";
2993}
2994
2995/*
2996 * Open a file for writing, owner-read-only.
2997 */
2998BIO *bio_open_owner(const char *filename, int format, int private)
2999{
3000 FILE *fp = NULL((void*)0);
3001 BIO *b = NULL((void*)0);
3002 int textmode, bflags;
3003#ifndef OPENSSL_NO_POSIX_IO
3004 int fd = -1, mode;
3005#endif
3006
3007 if (!private || filename == NULL((void*)0) || strcmp(filename, "-") == 0)
3008 return bio_open_default(filename, 'w', format);
3009
3010 textmode = FMT_istext(format);
3011#ifndef OPENSSL_NO_POSIX_IO
3012 mode = O_WRONLY01;
3013# ifdef O_CREAT0100
3014 mode |= O_CREAT0100;
3015# endif
3016# ifdef O_TRUNC01000
3017 mode |= O_TRUNC01000;
3018# endif
3019 if (!textmode) {
3020# ifdef O_BINARY
3021 mode |= O_BINARY;
3022# elif defined(_O_BINARY)
3023 mode |= _O_BINARY;
3024# endif
3025 }
3026
3027# ifdef OPENSSL_SYS_VMS
3028 /* VMS doesn't have O_BINARY, it just doesn't make sense. But,
3029 * it still needs to know that we're going binary, or fdopen()
3030 * will fail with "invalid argument"... so we tell VMS what the
3031 * context is.
3032 */
3033 if (!textmode)
3034 fd = open(filename, mode, 0600, "ctx=bin");
3035 else
3036# endif
3037 fd = open(filename, mode, 0600);
3038 if (fd < 0)
3039 goto err;
3040 fp = fdopen(fd, modestr('w', format));
3041#else /* OPENSSL_NO_POSIX_IO */
3042 /* Have stdio but not Posix IO, do the best we can */
3043 fp = fopen(filename, modestr('w', format));
3044#endif /* OPENSSL_NO_POSIX_IO */
3045 if (fp == NULL((void*)0))
3046 goto err;
3047 bflags = BIO_CLOSE0x01;
3048 if (textmode)
3049 bflags |= BIO_FP_TEXT0x10;
3050 b = BIO_new_fp(fp, bflags);
3051 if (b != NULL((void*)0))
3052 return b;
3053
3054 err:
3055 BIO_printf(bio_err, "%s: Can't open \"%s\" for writing, %s\n",
3056 opt_getprog(), filename, strerror(errno(*__errno_location ())));
3057 ERR_print_errors(bio_err);
3058 /* If we have fp, then fdopen took over fd, so don't close both. */
3059 if (fp != NULL((void*)0))
3060 fclose(fp);
3061#ifndef OPENSSL_NO_POSIX_IO
3062 else if (fd >= 0)
3063 close(fd);
3064#endif
3065 return NULL((void*)0);
3066}
3067
3068static BIO *bio_open_default_(const char *filename, char mode, int format,
3069 int quiet)
3070{
3071 BIO *ret;
3072
3073 if (filename == NULL((void*)0) || strcmp(filename, "-") == 0) {
3074 ret = mode == 'r' ? dup_bio_in(format) : dup_bio_out(format);
3075 if (quiet) {
3076 ERR_clear_error();
3077 return ret;
3078 }
3079 if (ret != NULL((void*)0))
3080 return ret;
3081 BIO_printf(bio_err,
3082 "Can't open %s, %s\n",
3083 mode == 'r' ? "stdin" : "stdout", strerror(errno(*__errno_location ())));
3084 } else {
3085 ret = BIO_new_file(filename, modestr(mode, format));
3086 if (quiet) {
3087 ERR_clear_error();
3088 return ret;
3089 }
3090 if (ret != NULL((void*)0))
3091 return ret;
3092 BIO_printf(bio_err,
3093 "Can't open \"%s\" for %s, %s\n",
3094 filename, modeverb(mode), strerror(errno(*__errno_location ())));
3095 }
3096 ERR_print_errors(bio_err);
3097 return NULL((void*)0);
3098}
3099
3100BIO *bio_open_default(const char *filename, char mode, int format)
3101{
3102 return bio_open_default_(filename, mode, format, 0);
3103}
3104
3105BIO *bio_open_default_quiet(const char *filename, char mode, int format)
3106{
3107 return bio_open_default_(filename, mode, format, 1);
3108}
3109
3110void wait_for_async(SSL *s)
3111{
3112 /* On Windows select only works for sockets, so we simply don't wait */
3113#ifndef OPENSSL_SYS_WINDOWS
3114 int width = 0;
3115 fd_set asyncfds;
3116 OSSL_ASYNC_FDint *fds;
3117 size_t numfds;
3118 size_t i;
3119
3120 if (!SSL_get_all_async_fds(s, NULL((void*)0), &numfds))
3121 return;
3122 if (numfds == 0)
3123 return;
3124 fds = app_malloc(sizeof(OSSL_ASYNC_FDint) * numfds, "allocate async fds");
3125 if (!SSL_get_all_async_fds(s, fds, &numfds)) {
3126 OPENSSL_free(fds)CRYPTO_free(fds, "../deps/openssl/openssl/apps/lib/apps.c", 3126
)
;
3127 return;
3128 }
3129
3130 FD_ZERO(&asyncfds)do { int __d0, __d1; __asm__ __volatile__ ("cld; rep; " "stosq"
: "=c" (__d0), "=D" (__d1) : "a" (0), "0" (sizeof (fd_set) /
sizeof (__fd_mask)), "1" (&((&asyncfds)->__fds_bits
)[0]) : "memory"); } while (0)
;
3131 for (i = 0; i < numfds; i++) {
3132 if (width <= (int)fds[i])
3133 width = (int)fds[i] + 1;
3134 openssl_fdset((int)fds[i], &asyncfds)((void) (((&asyncfds)->__fds_bits)[(((int)fds[i]) / (8
* (int) sizeof (__fd_mask)))] |= ((__fd_mask) (1UL << (
((int)fds[i]) % (8 * (int) sizeof (__fd_mask)))))))
;
3135 }
3136 select(width, (void *)&asyncfds, NULL((void*)0), NULL((void*)0), NULL((void*)0));
3137 OPENSSL_free(fds)CRYPTO_free(fds, "../deps/openssl/openssl/apps/lib/apps.c", 3137
)
;
3138#endif
3139}
3140
3141/* if OPENSSL_SYS_WINDOWS is defined then so is OPENSSL_SYS_MSDOS */
3142#if defined(OPENSSL_SYS_MSDOS)
3143int has_stdin_waiting(void)
3144{
3145# if defined(OPENSSL_SYS_WINDOWS)
3146 HANDLE inhand = GetStdHandle(STD_INPUT_HANDLE);
3147 DWORD events = 0;
3148 INPUT_RECORD inputrec;
3149 DWORD insize = 1;
3150 BOOL peeked;
3151
3152 if (inhand == INVALID_HANDLE_VALUE) {
3153 return 0;
3154 }
3155
3156 peeked = PeekConsoleInput(inhand, &inputrec, insize, &events);
3157 if (!peeked) {
3158 /* Probably redirected input? _kbhit() does not work in this case */
3159 if (!feof(stdinstdin)) {
3160 return 1;
3161 }
3162 return 0;
3163 }
3164# endif
3165 return _kbhit();
3166}
3167#endif
3168
3169/* Corrupt a signature by modifying final byte */
3170void corrupt_signature(const ASN1_STRING *signature)
3171{
3172 unsigned char *s = signature->data;
3173 s[signature->length - 1] ^= 0x1;
3174}
3175
3176int set_cert_times(X509 *x, const char *startdate, const char *enddate,
3177 int days)
3178{
3179 if (startdate == NULL((void*)0) || strcmp(startdate, "today") == 0) {
3180 if (X509_gmtime_adj(X509_getm_notBefore(x), 0) == NULL((void*)0))
3181 return 0;
3182 } else {
3183 if (!ASN1_TIME_set_string_X509(X509_getm_notBefore(x), startdate))
3184 return 0;
3185 }
3186 if (enddate == NULL((void*)0)) {
3187 if (X509_time_adj_ex(X509_getm_notAfter(x), days, 0, NULL((void*)0))
3188 == NULL((void*)0))
3189 return 0;
3190 } else if (!ASN1_TIME_set_string_X509(X509_getm_notAfter(x), enddate)) {
3191 return 0;
3192 }
3193 return 1;
3194}
3195
3196int set_crl_lastupdate(X509_CRL *crl, const char *lastupdate)
3197{
3198 int ret = 0;
3199 ASN1_TIME *tm = ASN1_TIME_new();
3200
3201 if (tm == NULL((void*)0))
3202 goto end;
3203
3204 if (lastupdate == NULL((void*)0)) {
3205 if (X509_gmtime_adj(tm, 0) == NULL((void*)0))
3206 goto end;
3207 } else {
3208 if (!ASN1_TIME_set_string_X509(tm, lastupdate))
3209 goto end;
3210 }
3211
3212 if (!X509_CRL_set1_lastUpdate(crl, tm))
3213 goto end;
3214
3215 ret = 1;
3216end:
3217 ASN1_TIME_free(tm);
3218 return ret;
3219}
3220
3221int set_crl_nextupdate(X509_CRL *crl, const char *nextupdate,
3222 long days, long hours, long secs)
3223{
3224 int ret = 0;
3225 ASN1_TIME *tm = ASN1_TIME_new();
3226
3227 if (tm == NULL((void*)0))
3228 goto end;
3229
3230 if (nextupdate == NULL((void*)0)) {
3231 if (X509_time_adj_ex(tm, days, hours * 60 * 60 + secs, NULL((void*)0)) == NULL((void*)0))
3232 goto end;
3233 } else {
3234 if (!ASN1_TIME_set_string_X509(tm, nextupdate))
3235 goto end;
3236 }
3237
3238 if (!X509_CRL_set1_nextUpdate(crl, tm))
3239 goto end;
3240
3241 ret = 1;
3242end:
3243 ASN1_TIME_free(tm);
3244 return ret;
3245}
3246
3247void make_uppercase(char *string)
3248{
3249 int i;
3250
3251 for (i = 0; string[i] != '\0'; i++)
3252 string[i] = toupper((unsigned char)string[i])(__extension__ ({ int __res; if (sizeof ((unsigned char)string
[i]) > 1) { if (__builtin_constant_p ((unsigned char)string
[i])) { int __c = ((unsigned char)string[i]); __res = __c <
-128 || __c > 255 ? __c : (*__ctype_toupper_loc ())[__c];
} else __res = toupper ((unsigned char)string[i]); } else __res
= (*__ctype_toupper_loc ())[(int) ((unsigned char)string[i])
]; __res; }))
;
3253}
3254
3255/* This function is defined here due to visibility of bio_err */
3256int opt_printf_stderr(const char *fmt, ...)
3257{
3258 va_list ap;
3259 int ret;
3260
3261 va_start(ap, fmt)__builtin_va_start(ap, fmt);
3262 ret = BIO_vprintf(bio_err, fmt, ap);
3263 va_end(ap)__builtin_va_end(ap);
3264 return ret;
3265}
3266
3267OSSL_PARAM *app_params_new_from_opts(STACK_OF(OPENSSL_STRING)struct stack_st_OPENSSL_STRING *opts,
3268 const OSSL_PARAM *paramdefs)
3269{
3270 OSSL_PARAM *params = NULL((void*)0);
3271 size_t sz = (size_t)sk_OPENSSL_STRING_num(opts)OPENSSL_sk_num(ossl_check_const_OPENSSL_STRING_sk_type(opts));
3272 size_t params_n;
3273 char *opt = "", *stmp, *vtmp = NULL((void*)0);
3274 int found = 1;
3275
3276 if (opts == NULL((void*)0))
3277 return NULL((void*)0);
3278
3279 params = OPENSSL_zalloc(sizeof(OSSL_PARAM) * (sz + 1))CRYPTO_zalloc(sizeof(OSSL_PARAM) * (sz + 1), "../deps/openssl/openssl/apps/lib/apps.c"
, 3279)
;
3280 if (params == NULL((void*)0))
3281 return NULL((void*)0);
3282
3283 for (params_n = 0; params_n < sz; params_n++) {
3284 opt = sk_OPENSSL_STRING_value(opts, (int)params_n)((char *)OPENSSL_sk_value(ossl_check_const_OPENSSL_STRING_sk_type
(opts), ((int)params_n)))
;
3285 if ((stmp = OPENSSL_strdup(opt)CRYPTO_strdup(opt, "../deps/openssl/openssl/apps/lib/apps.c",
3285)
) == NULL((void*)0)
3286 || (vtmp = strchr(stmp, ':')) == NULL((void*)0))
3287 goto err;
3288 /* Replace ':' with 0 to terminate the string pointed to by stmp */
3289 *vtmp = 0;
3290 /* Skip over the separator so that vmtp points to the value */
3291 vtmp++;
3292 if (!OSSL_PARAM_allocate_from_text(&params[params_n], paramdefs,
3293 stmp, vtmp, strlen(vtmp), &found))
3294 goto err;
3295 OPENSSL_free(stmp)CRYPTO_free(stmp, "../deps/openssl/openssl/apps/lib/apps.c", 3295
)
;
3296 }
3297 params[params_n] = OSSL_PARAM_construct_end();
3298 return params;
3299err:
3300 OPENSSL_free(stmp)CRYPTO_free(stmp, "../deps/openssl/openssl/apps/lib/apps.c", 3300
)
;
3301 BIO_printf(bio_err, "Parameter %s '%s'\n", found ? "error" : "unknown",
3302 opt);
3303 ERR_print_errors(bio_err);
3304 app_params_free(params);
3305 return NULL((void*)0);
3306}
3307
3308void app_params_free(OSSL_PARAM *params)
3309{
3310 int i;
3311
3312 if (params != NULL((void*)0)) {
3313 for (i = 0; params[i].key != NULL((void*)0); ++i)
3314 OPENSSL_free(params[i].data)CRYPTO_free(params[i].data, "../deps/openssl/openssl/apps/lib/apps.c"
, 3314)
;
3315 OPENSSL_free(params)CRYPTO_free(params, "../deps/openssl/openssl/apps/lib/apps.c"
, 3315)
;
3316 }
3317}
3318
3319EVP_PKEY *app_keygen(EVP_PKEY_CTX *ctx, const char *alg, int bits, int verbose)
3320{
3321 EVP_PKEY *res = NULL((void*)0);
3322
3323 if (verbose && alg != NULL((void*)0)) {
3324 BIO_printf(bio_err, "Generating %s key", alg);
3325 if (bits > 0)
3326 BIO_printf(bio_err, " with %d bits\n", bits);
3327 else
3328 BIO_printf(bio_err, "\n");
3329 }
3330 if (!RAND_status())
3331 BIO_printf(bio_err, "Warning: generating random key material may take a long time\n"
3332 "if the system has a poor entropy source\n");
3333 if (EVP_PKEY_keygen(ctx, &res) <= 0)
3334 app_bail_out("%s: Error generating %s key\n", opt_getprog(),
3335 alg != NULL((void*)0) ? alg : "asymmetric");
3336 return res;
3337}
3338
3339EVP_PKEY *app_paramgen(EVP_PKEY_CTX *ctx, const char *alg)
3340{
3341 EVP_PKEY *res = NULL((void*)0);
3342
3343 if (!RAND_status())
3344 BIO_printf(bio_err, "Warning: generating random key parameters may take a long time\n"
3345 "if the system has a poor entropy source\n");
3346 if (EVP_PKEY_paramgen(ctx, &res) <= 0)
3347 app_bail_out("%s: Generating %s key parameters failed\n",
3348 opt_getprog(), alg != NULL((void*)0) ? alg : "asymmetric");
3349 return res;
3350}
3351
3352/*
3353 * Return non-zero if the legacy path is still an option.
3354 * This decision is based on the global command line operations and the
3355 * behaviour thus far.
3356 */
3357int opt_legacy_okay(void)
3358{
3359 int provider_options = opt_provider_option_given();
3360 int libctx = app_get0_libctx() != NULL((void*)0) || app_get0_propq() != NULL((void*)0);
3361#ifndef OPENSSL_NO_ENGINE
3362 ENGINE *e = ENGINE_get_first();
3363
3364 if (e != NULL((void*)0)) {
3365 ENGINE_free(e);
3366 return 1;
3367 }
3368#endif
3369 /*
3370 * Having a provider option specified or a custom library context or
3371 * property query, is a sure sign we're not using legacy.
3372 */
3373 if (provider_options || libctx)
3374 return 0;
3375 return 1;
3376}