[ViewVC] Diff of: src/trunk/crypto/openssl/apps/apps.c

Comparing trunk/crypto/openssl/apps/apps.c (file contents):
Revision 12146 by laffer1, Sun Jul 8 16:40:18 2018 UTC vs.
Revision 12147 by laffer1, Sun Jan 20 05:34:05 2019 UTC

#	Line 56 \| Line 56
56		* [including the GNU Public Licence.]
57		*/
58		/* ====================================================================
59	<	* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
59	>	* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
60		*
61		* Redistribution and use in source and binary forms, with or without
62		* modification, are permitted provided that the following conditions
#	Line 148 \| Line 148
148		#ifdef _WIN32
149		static int WIN32_rename(const char from, const char to);
150		# define rename(from,to) WIN32_rename((from),(to))
151	+	# ifdef fileno
152	+	# undef fileno
153	+	# endif
154	+	# define fileno(a) (int)_fileno(a)
155		#endif
156
157		typedef struct {
#	Line 215 \| Line 219 \| *int args_from_file(char file, int argc, char argv[*
219		if (arg != NULL)
220		OPENSSL_free(arg);
221		arg = (char *)OPENSSL_malloc(sizeof(char ) * (i * 2));
222	<
222	>	if (arg == NULL)
223	>	return 0;
224		*argv = arg;
225		num = 0;
226		p = buf;
#	Line 282 \| Line 287 \| *int str2fmt(char s)**
287		return (FORMAT_PKCS12);
288		else if ((s == 'E') \|\| (s == 'e'))
289		return (FORMAT_ENGINE);
290	+	else if ((s == 'H') \|\| (s == 'h'))
291	+	return FORMAT_HTTP;
292		else if ((s == 'P') \|\| (s == 'p')) {
293		if (s[1] == 'V' \|\| s[1] == 'v')
294		return FORMAT_PVK;
#	Line 784 \| Line 791 \| static int load_pkcs12(BIO err, BIO in, const char *
791		return ret;
792		}
793
794	+	int load_cert_crl_http(const char url, BIO err,
795	+	X509 pcert, X509_CRL pcrl)
796	+	{
797	+	char host = NULL, port = NULL, *path = NULL;
798	+	BIO *bio = NULL;
799	+	OCSP_REQ_CTX *rctx = NULL;
800	+	int use_ssl, rv = 0;
801	+	if (!OCSP_parse_url(url, &host, &port, &path, &use_ssl))
802	+	goto err;
803	+	if (use_ssl) {
804	+	if (err)
805	+	BIO_puts(err, "https not supported\n");
806	+	goto err;
807	+	}
808	+	bio = BIO_new_connect(host);
809	+	if (!bio \|\| !BIO_set_conn_port(bio, port))
810	+	goto err;
811	+	rctx = OCSP_REQ_CTX_new(bio, 1024);
812	+	if (!rctx)
813	+	goto err;
814	+	if (!OCSP_REQ_CTX_http(rctx, "GET", path))
815	+	goto err;
816	+	if (!OCSP_REQ_CTX_add1_header(rctx, "Host", host))
817	+	goto err;
818	+	if (pcert) {
819	+	do {
820	+	rv = X509_http_nbio(rctx, pcert);
821	+	}
822	+	while (rv == -1);
823	+	} else {
824	+	do {
825	+	rv = X509_CRL_http_nbio(rctx, pcrl);
826	+	} while (rv == -1);
827	+	}
828	+
829	+	err:
830	+	if (host)
831	+	OPENSSL_free(host);
832	+	if (path)
833	+	OPENSSL_free(path);
834	+	if (port)
835	+	OPENSSL_free(port);
836	+	if (bio)
837	+	BIO_free_all(bio);
838	+	if (rctx)
839	+	OCSP_REQ_CTX_free(rctx);
840	+	if (rv != 1) {
841	+	if (bio && err)
842	+	BIO_printf(bio_err, "Error loading %s from %s\n",
843	+	pcert ? "certificate" : "CRL", url);
844	+	ERR_print_errors(bio_err);
845	+	}
846	+	return rv;
847	+	}
848	+
849		X509 load_cert(BIO err, const char *file, int format,
850		const char pass, ENGINE e, const char *cert_descrip)
851		{
852		X509 *x = NULL;
853		BIO *cert;
854
855	+	if (format == FORMAT_HTTP) {
856	+	load_cert_crl_http(file, err, &x, NULL);
857	+	return x;
858	+	}
859	+
860		if ((cert = BIO_new(BIO_s_file())) == NULL) {
861		ERR_print_errors(err);
862		goto end;
#	Line 847 \| Line 914 \| *X509 load_cert(BIO err, const char file, int format**
914		return (x);
915		}
916
917	+	X509_CRL load_crl(const char infile, int format)
918	+	{
919	+	X509_CRL *x = NULL;
920	+	BIO *in = NULL;
921	+
922	+	if (format == FORMAT_HTTP) {
923	+	load_cert_crl_http(infile, bio_err, NULL, &x);
924	+	return x;
925	+	}
926	+
927	+	in = BIO_new(BIO_s_file());
928	+	if (in == NULL) {
929	+	ERR_print_errors(bio_err);
930	+	goto end;
931	+	}
932	+
933	+	if (infile == NULL)
934	+	BIO_set_fp(in, stdin, BIO_NOCLOSE);
935	+	else {
936	+	if (BIO_read_filename(in, infile) <= 0) {
937	+	perror(infile);
938	+	goto end;
939	+	}
940	+	}
941	+	if (format == FORMAT_ASN1)
942	+	x = d2i_X509_CRL_bio(in, NULL);
943	+	else if (format == FORMAT_PEM)
944	+	x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
945	+	else {
946	+	BIO_printf(bio_err, "bad input format specified for input crl\n");
947	+	goto end;
948	+	}
949	+	if (x == NULL) {
950	+	BIO_printf(bio_err, "unable to load CRL\n");
951	+	ERR_print_errors(bio_err);
952	+	goto end;
953	+	}
954	+
955	+	end:
956	+	BIO_free(in);
957	+	return (x);
958	+	}
959	+
960		EVP_PKEY load_key(BIO err, const char *file, int format, int maybe_stdin,
961		const char pass, ENGINE e, const char *key_descrip)
962		{
#	Line 866 \| Line 976 \| *EVP_PKEY load_key(BIO err, const char file, int for**
976		if (!e)
977		BIO_printf(err, "no engine specified\n");
978		else {
979	<	pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data);
979	>	if (ENGINE_init(e)) {
980	>	pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data);
981	>	ENGINE_finish(e);
982	>	}
983		if (!pkey) {
984		BIO_printf(err, "cannot load %s from engine\n", key_descrip);
985		ERR_print_errors(err);
#	Line 1246 \| Line 1359 \| *int set_name_ex(unsigned long flags, const char arg)*
1359		};
1360		if (set_multi_opts(flags, arg, ex_tbl) == 0)
1361		return 0;
1362	<	if ((*flags & XN_FLAG_SEP_MASK) == 0)
1362	>	if (*flags != XN_FLAG_COMPAT
1363	>	&& (*flags & XN_FLAG_SEP_MASK) == 0)
1364		*flags \|= XN_FLAG_SEP_CPLUS_SPC;
1365		return 1;
1366		}
#	Line 1426 \| Line 1540 \| *static ENGINE try_load_engine(BIO err, const char e**
1540		}
1541		return e;
1542		}
1543	+	#endif
1544
1545		ENGINE setup_engine(BIO err, const char *engine, int debug)
1546		{
1547		ENGINE *e = NULL;
1548
1549	+	#ifndef OPENSSL_NO_ENGINE
1550		if (engine) {
1551		if (strcmp(engine, "auto") == 0) {
1552		BIO_printf(err, "enabling auto ENGINE support\n");
#	Line 1455 \| Line 1571 \| *ENGINE setup_engine(BIO err, const char engine, int**
1571		}
1572
1573		BIO_printf(err, "engine \"%s\" set.\n", ENGINE_get_id(e));
1458	–
1459	–	/* Free our "structural" reference. */
1460	–	ENGINE_free(e);
1574		}
1575	+	#endif
1576		return e;
1577		}
1578	+
1579	+	void release_engine(ENGINE *e)
1580	+	{
1581	+	#ifndef OPENSSL_NO_ENGINE
1582	+	if (e != NULL)
1583	+	/* Free our "structural" reference. */
1584	+	ENGINE_free(e);
1585		#endif
1586	+	}
1587
1588		int load_config(BIO err, CONF cnf)
1589		{
#	Line 1617 \| Line 1739 \| *int save_serial(char serialfile, char suffix, BIGNUM*
1739		BUF_strlcpy(buf[0], serialfile, BSIZE);
1740		else {
1741		#ifndef OPENSSL_SYS_VMS
1742	<	j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix);
1742	>	j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, suffix);
1743		#else
1744	<	j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);
1744	>	j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, suffix);
1745		#endif
1746		}
1747		#ifdef RL_DEBUG
#	Line 1668 \| Line 1790 \| *int rotate_serial(char serialfile, char new_suffix,*
1790		goto err;
1791		}
1792		#ifndef OPENSSL_SYS_VMS
1793	<	j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, new_suffix);
1793	>	j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, new_suffix);
1794		#else
1795	<	j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, new_suffix);
1795	>	j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, new_suffix);
1796		#endif
1797		#ifndef OPENSSL_SYS_VMS
1798	<	j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", serialfile, old_suffix);
1798	>	j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", serialfile, old_suffix);
1799		#else
1800	<	j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", serialfile, old_suffix);
1800	>	j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", serialfile, old_suffix);
1801		#endif
1802		#ifdef RL_DEBUG
1803		BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
#	Line 1756 \| Line 1878 \| *CA_DB load_index(char dbfile, DB_ATTR db_attr)**
1878		goto err;
1879
1880		#ifndef OPENSSL_SYS_VMS
1881	<	BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile);
1881	>	BIO_snprintf(buf[0], sizeof(buf[0]), "%s.attr", dbfile);
1882		#else
1883	<	BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile);
1883	>	BIO_snprintf(buf[0], sizeof(buf[0]), "%s-attr", dbfile);
1884		#endif
1885		dbattr_conf = NCONF_new(NULL);
1886		if (NCONF_load(dbattr_conf, buf[0], &errorline) <= 0) {
#	Line 1846 \| Line 1968 \| *int save_index(const char dbfile, const char suffix,*
1968		goto err;
1969		}
1970		#ifndef OPENSSL_SYS_VMS
1971	<	j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
1971	>	j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr", dbfile);
1972		#else
1973	<	j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
1973	>	j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr", dbfile);
1974		#endif
1975		#ifndef OPENSSL_SYS_VMS
1976	<	j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
1976	>	j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.attr.%s", dbfile, suffix);
1977		#else
1978	<	j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
1978	>	j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-attr-%s", dbfile, suffix);
1979		#endif
1980		#ifndef OPENSSL_SYS_VMS
1981	<	j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
1981	>	j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, suffix);
1982		#else
1983	<	j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);
1983	>	j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, suffix);
1984		#endif
1985		#ifdef RL_DEBUG
1986		BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
#	Line 1907 \| Line 2029 \| *int rotate_index(const char dbfile, const char new_s*
2029		goto err;
2030		}
2031		#ifndef OPENSSL_SYS_VMS
2032	<	j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
2032	>	j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s.attr", dbfile);
2033		#else
2034	<	j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
2034	>	j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s-attr", dbfile);
2035		#endif
2036		#ifndef OPENSSL_SYS_VMS
2037	<	j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s", dbfile, new_suffix);
2037	>	j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr.%s", dbfile, new_suffix);
2038		#else
2039	<	j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s", dbfile, new_suffix);
2039	>	j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr-%s", dbfile, new_suffix);
2040		#endif
2041		#ifndef OPENSSL_SYS_VMS
2042	<	j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, new_suffix);
2042	>	j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, new_suffix);
2043		#else
2044	<	j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, new_suffix);
2044	>	j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, new_suffix);
2045		#endif
2046		#ifndef OPENSSL_SYS_VMS
2047	<	j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", dbfile, old_suffix);
2047	>	j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", dbfile, old_suffix);
2048		#else
2049	<	j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", dbfile, old_suffix);
2049	>	j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", dbfile, old_suffix);
2050		#endif
2051		#ifndef OPENSSL_SYS_VMS
2052	<	j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s", dbfile, old_suffix);
2052	>	j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s.attr.%s", dbfile, old_suffix);
2053		#else
2054	<	j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s", dbfile, old_suffix);
2054	>	j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s-attr-%s", dbfile, old_suffix);
2055		#endif
2056		#ifdef RL_DEBUG
2057		BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", dbfile, buf[1]);
#	Line 2160 \| Line 2282 \| int args_verify(char pargs, int pargc,**
2282		char *oldargs = pargs;
2283		char arg = pargs, argn = (*pargs)[1];
2284		time_t at_time = 0;
2285	+	char *hostname = NULL;
2286	+	char *email = NULL;
2287	+	char *ipasc = NULL;
2288		if (!strcmp(arg, "-policy")) {
2289		if (!argn)
2290		*badarg = 1;
#	Line 2213 \| Line 2338 \| int args_verify(char pargs, int pargc,**
2338		at_time = (time_t)timestamp;
2339		}
2340		(*pargs)++;
2341	+	} else if (strcmp(arg, "-verify_hostname") == 0) {
2342	+	if (!argn)
2343	+	*badarg = 1;
2344	+	hostname = argn;
2345	+	(*pargs)++;
2346	+	} else if (strcmp(arg, "-verify_email") == 0) {
2347	+	if (!argn)
2348	+	*badarg = 1;
2349	+	email = argn;
2350	+	(*pargs)++;
2351	+	} else if (strcmp(arg, "-verify_ip") == 0) {
2352	+	if (!argn)
2353	+	*badarg = 1;
2354	+	ipasc = argn;
2355	+	(*pargs)++;
2356		} else if (!strcmp(arg, "-ignore_critical"))
2357		flags \|= X509_V_FLAG_IGNORE_CRITICAL;
2358		else if (!strcmp(arg, "-issuer_checks"))
#	Line 2239 \| Line 2379 \| int args_verify(char pargs, int pargc,**
2379		flags \|= X509_V_FLAG_NOTIFY_POLICY;
2380		else if (!strcmp(arg, "-check_ss_sig"))
2381		flags \|= X509_V_FLAG_CHECK_SS_SIGNATURE;
2382	+	else if (!strcmp(arg, "-trusted_first"))
2383	+	flags \|= X509_V_FLAG_TRUSTED_FIRST;
2384	+	else if (!strcmp(arg, "-suiteB_128_only"))
2385	+	flags \|= X509_V_FLAG_SUITEB_128_LOS_ONLY;
2386	+	else if (!strcmp(arg, "-suiteB_128"))
2387	+	flags \|= X509_V_FLAG_SUITEB_128_LOS;
2388	+	else if (!strcmp(arg, "-suiteB_192"))
2389	+	flags \|= X509_V_FLAG_SUITEB_192_LOS;
2390	+	else if (!strcmp(arg, "-partial_chain"))
2391	+	flags \|= X509_V_FLAG_PARTIAL_CHAIN;
2392		else if (!strcmp(arg, "-no_alt_chains"))
2393		flags \|= X509_V_FLAG_NO_ALT_CHAINS;
2394		else if (!strcmp(arg, "-allow_proxy_certs"))
#	Line 2272 \| Line 2422 \| int args_verify(char pargs, int pargc,**
2422		if (at_time)
2423		X509_VERIFY_PARAM_set_time(*pm, at_time);
2424
2425	+	if (hostname && !X509_VERIFY_PARAM_set1_host(*pm, hostname, 0))
2426	+	*badarg = 1;
2427	+
2428	+	if (email && !X509_VERIFY_PARAM_set1_email(*pm, email, 0))
2429	+	*badarg = 1;
2430	+
2431	+	if (ipasc && !X509_VERIFY_PARAM_set1_ip_asc(*pm, ipasc))
2432	+	*badarg = 1;
2433	+
2434		end:
2435
2436		(*pargs)++;
#	Line 2302 \| Line 2461 \| int bio_to_mem(unsigned char out, int maxlen, BIO i*
2461		else
2462		len = 1024;
2463		len = BIO_read(in, tbuf, len);
2464	<	if (len <= 0)
2464	>	if (len < 0) {
2465	>	BIO_free(mem);
2466	>	return -1;
2467	>	}
2468	>	if (len == 0)
2469		break;
2470		if (BIO_write(mem, tbuf, len) != len) {
2471		BIO_free(mem);
#	Line 2319 \| Line 2482 \| int bio_to_mem(unsigned char out, int maxlen, BIO i*
2482		return ret;
2483		}
2484
2485	<	int pkey_ctrl_string(EVP_PKEY_CTX ctx, char value)
2485	>	int pkey_ctrl_string(EVP_PKEY_CTX ctx, const char value)
2486		{
2487		int rv;
2488		char stmp, vtmp = NULL;
#	Line 2442 \| Line 2605 \| *static void jpake_send_step3a(BIO bconn, JPAKE_CTX c*
2605
2606		JPAKE_STEP3A_init(&s3a);
2607		JPAKE_STEP3A_generate(&s3a, ctx);
2608	<	BIO_write(bconn, s3a.hhk, sizeof s3a.hhk);
2608	>	BIO_write(bconn, s3a.hhk, sizeof(s3a.hhk));
2609		(void)BIO_flush(bconn);
2610		JPAKE_STEP3A_release(&s3a);
2611		}
#	Line 2453 \| Line 2616 \| *static void jpake_send_step3b(BIO bconn, JPAKE_CTX c*
2616
2617		JPAKE_STEP3B_init(&s3b);
2618		JPAKE_STEP3B_generate(&s3b, ctx);
2619	<	BIO_write(bconn, s3b.hk, sizeof s3b.hk);
2619	>	BIO_write(bconn, s3b.hk, sizeof(s3b.hk));
2620		(void)BIO_flush(bconn);
2621		JPAKE_STEP3B_release(&s3b);
2622		}
#	Line 2463 \| Line 2626 \| static void readbn(BIGNUM bn, BIO bconn)*
2626		char buf[10240];
2627		int l;
2628
2629	<	l = BIO_gets(bconn, buf, sizeof buf);
2629	>	l = BIO_gets(bconn, buf, sizeof(buf));
2630		assert(l > 0);
2631		assert(buf[l - 1] == '\n');
2632		buf[l - 1] = '\0';
#	Line 2510 \| Line 2673 \| static void jpake_receive_step3a(JPAKE_CTX ctx, BIO
2673		int l;
2674
2675		JPAKE_STEP3A_init(&s3a);
2676	<	l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk);
2677	<	assert(l == sizeof s3a.hhk);
2676	>	l = BIO_read(bconn, s3a.hhk, sizeof(s3a.hhk));
2677	>	assert(l == sizeof(s3a.hhk));
2678		if (!JPAKE_STEP3A_process(ctx, &s3a)) {
2679		ERR_print_errors(bio_err);
2680		exit(1);
#	Line 2525 \| Line 2688 \| static void jpake_receive_step3b(JPAKE_CTX ctx, BIO
2688		int l;
2689
2690		JPAKE_STEP3B_init(&s3b);
2691	<	l = BIO_read(bconn, s3b.hk, sizeof s3b.hk);
2692	<	assert(l == sizeof s3b.hk);
2691	>	l = BIO_read(bconn, s3b.hk, sizeof(s3b.hk));
2692	>	assert(l == sizeof(s3b.hk));
2693		if (!JPAKE_STEP3B_process(ctx, &s3b)) {
2694		ERR_print_errors(bio_err);
2695		exit(1);
#	Line 2555 \| Line 2718 \| *void jpake_client_auth(BIO out, BIO conn, const char*
2718
2719		BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
2720
2721	+	if (psk_key)
2722	+	OPENSSL_free(psk_key);
2723	+
2724		psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
2725
2726		BIO_pop(bconn);
#	Line 2584 \| Line 2750 \| *void jpake_server_auth(BIO out, BIO conn, const char*
2750
2751		BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
2752
2753	+	if (psk_key)
2754	+	OPENSSL_free(psk_key);
2755	+
2756		psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
2757
2758		BIO_pop(bconn);
#	Line 2594 \| Line 2763 \| *void jpake_server_auth(BIO out, BIO conn, const char*
2763
2764		#endif
2765
2766	<	#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
2766	>	#ifndef OPENSSL_NO_TLSEXT
2767		/*-
2768		* next_protos_parse parses a comma separated list of strings into a string
2769		* in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
#	Line 2624 \| Line 2793 \| *unsigned char next_protos_parse(unsigned short outle*
2793		OPENSSL_free(out);
2794		return NULL;
2795		}
2796	<	out[start] = i - start;
2796	>	out[start] = (unsigned char)(i - start);
2797		start = i + 1;
2798		} else
2799		out[i + 1] = in[i];
2800		}
2801
2802	<	*outlen = len + 1;
2802	>	*outlen = (unsigned char)(len + 1);
2803		return out;
2804		}
2805	<	#endif /* !OPENSSL_NO_TLSEXT &&
2637	<	* !OPENSSL_NO_NEXTPROTONEG */
2805	>	#endif /* ndef OPENSSL_NO_TLSEXT */
2806
2807	+	void print_cert_checks(BIO bio, X509 x,
2808	+	const char *checkhost,
2809	+	const char checkemail, const char checkip)
2810	+	{
2811	+	if (x == NULL)
2812	+	return;
2813	+	if (checkhost) {
2814	+	BIO_printf(bio, "Hostname %s does%s match certificate\n",
2815	+	checkhost, X509_check_host(x, checkhost, 0, 0, NULL) == 1
2816	+	? "" : " NOT");
2817	+	}
2818	+
2819	+	if (checkemail) {
2820	+	BIO_printf(bio, "Email %s does%s match certificate\n",
2821	+	checkemail, X509_check_email(x, checkemail, 0,
2822	+	0) ? "" : " NOT");
2823	+	}
2824	+
2825	+	if (checkip) {
2826	+	BIO_printf(bio, "IP %s does%s match certificate\n",
2827	+	checkip, X509_check_ip_asc(x, checkip, 0) ? "" : " NOT");
2828	+	}
2829	+	}
2830	+
2831	+	/* Get first http URL from a DIST_POINT structure */
2832	+
2833	+	static const char get_dp_url(DIST_POINT dp)
2834	+	{
2835	+	GENERAL_NAMES *gens;
2836	+	GENERAL_NAME *gen;
2837	+	int i, gtype;
2838	+	ASN1_STRING *uri;
2839	+	if (!dp->distpoint \|\| dp->distpoint->type != 0)
2840	+	return NULL;
2841	+	gens = dp->distpoint->name.fullname;
2842	+	for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
2843	+	gen = sk_GENERAL_NAME_value(gens, i);
2844	+	uri = GENERAL_NAME_get0_value(gen, &gtype);
2845	+	if (gtype == GEN_URI && ASN1_STRING_length(uri) > 6) {
2846	+	char uptr = (char )ASN1_STRING_data(uri);
2847	+	if (!strncmp(uptr, "http://", 7))
2848	+	return uptr;
2849	+	}
2850	+	}
2851	+	return NULL;
2852	+	}
2853	+
2854		/*
2855	+	* Look through a CRLDP structure and attempt to find an http URL to
2856	+	* downloads a CRL from.
2857	+	*/
2858	+
2859	+	static X509_CRL load_crl_crldp(STACK_OF(DIST_POINT) crldp)
2860	+	{
2861	+	int i;
2862	+	const char *urlptr = NULL;
2863	+	for (i = 0; i < sk_DIST_POINT_num(crldp); i++) {
2864	+	DIST_POINT *dp = sk_DIST_POINT_value(crldp, i);
2865	+	urlptr = get_dp_url(dp);
2866	+	if (urlptr)
2867	+	return load_crl(urlptr, FORMAT_HTTP);
2868	+	}
2869	+	return NULL;
2870	+	}
2871	+
2872	+	/*
2873	+	* Example of downloading CRLs from CRLDP: not usable for real world as it
2874	+	* always downloads, doesn't support non-blocking I/O and doesn't cache
2875	+	* anything.
2876	+	*/
2877	+
2878	+	static STACK_OF(X509_CRL) crls_http_cb(X509_STORE_CTX ctx, X509_NAME *nm)
2879	+	{
2880	+	X509 *x;
2881	+	STACK_OF(X509_CRL) *crls = NULL;
2882	+	X509_CRL *crl;
2883	+	STACK_OF(DIST_POINT) *crldp;
2884	+	x = X509_STORE_CTX_get_current_cert(ctx);
2885	+	crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL);
2886	+	crl = load_crl_crldp(crldp);
2887	+	sk_DIST_POINT_pop_free(crldp, DIST_POINT_free);
2888	+	if (!crl)
2889	+	return NULL;
2890	+	crls = sk_X509_CRL_new_null();
2891	+	sk_X509_CRL_push(crls, crl);
2892	+	/* Try to download delta CRL */
2893	+	crldp = X509_get_ext_d2i(x, NID_freshest_crl, NULL, NULL);
2894	+	crl = load_crl_crldp(crldp);
2895	+	sk_DIST_POINT_pop_free(crldp, DIST_POINT_free);
2896	+	if (crl)
2897	+	sk_X509_CRL_push(crls, crl);
2898	+	return crls;
2899	+	}
2900	+
2901	+	void store_setup_crl_download(X509_STORE *st)
2902	+	{
2903	+	X509_STORE_set_lookup_crls_cb(st, crls_http_cb);
2904	+	}
2905	+
2906	+	/*
2907		* Platform-specific sections
2908		*/
2909		#if defined(_WIN32)
#	Line 2947 \| Line 3214 \| *int app_isdir(const char name)**
3214		#endif
3215
3216		/* raw_read\|write section */
3217	+	#if defined(__VMS)
3218	+	# include "vms_term_sock.h"
3219	+	static int stdin_sock = -1;
3220	+
3221	+	static void close_stdin_sock(void)
3222	+	{
3223	+	TerminalSocket (TERM_SOCK_DELETE, &stdin_sock);
3224	+	}
3225	+
3226	+	int fileno_stdin(void)
3227	+	{
3228	+	if (stdin_sock == -1) {
3229	+	TerminalSocket(TERM_SOCK_CREATE, &stdin_sock);
3230	+	atexit(close_stdin_sock);
3231	+	}
3232	+
3233	+	return stdin_sock;
3234	+	}
3235	+	#else
3236	+	int fileno_stdin(void)
3237	+	{
3238	+	return fileno(stdin);
3239	+	}
3240	+	#endif
3241	+
3242	+	int fileno_stdout(void)
3243	+	{
3244	+	return fileno(stdout);
3245	+	}
3246	+
3247		#if defined(_WIN32) && defined(STD_INPUT_HANDLE)
3248		int raw_read_stdin(void *buf, int siz)
3249		{
#	Line 2956 \| Line 3253 \| *int raw_read_stdin(void buf, int siz)**
3253		else
3254		return (-1);
3255		}
3256	+	#elif defined(__VMS)
3257	+	#include <sys/socket.h>
3258	+
3259	+	int raw_read_stdin(void *buf, int siz)
3260	+	{
3261	+	return recv(fileno_stdin(), buf, siz, 0);
3262	+	}
3263		#else
3264		int raw_read_stdin(void *buf, int siz)
3265		{
3266	<	return read(fileno(stdin), buf, siz);
3266	>	return read(fileno_stdin(), buf, siz);
3267		}
3268		#endif
3269
#	Line 2975 \| Line 3279 \| *int raw_write_stdout(const void buf, int siz)**
3279		#else
3280		int raw_write_stdout(const void *buf, int siz)
3281		{
3282	<	return write(fileno(stdout), buf, siz);
3282	>	return write(fileno_stdout(), buf, siz);
3283		}
3284		#endif

Diff Legend

-–
+Removed lines
-+
+Added lines
-<
+Changed lines
->
+Changed lines

Comparing trunk/crypto/openssl/apps/apps.c (file contents): Revision 12146 by laffer1, Sun Jul 8 16:40:18 2018 UTC vs. Revision 12147 by laffer1, Sun Jan 20 05:34:05 2019 UTC

Diff Legend

Comparing trunk/crypto/openssl/apps/apps.c (file contents):
Revision 12146 by laffer1, Sun Jul 8 16:40:18 2018 UTC vs.
Revision 12147 by laffer1, Sun Jan 20 05:34:05 2019 UTC