56 |
|
* [including the GNU Public Licence.] |
57 |
|
*/ |
58 |
|
/* ==================================================================== |
59 |
< |
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. |
59 |
> |
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. |
60 |
|
* |
61 |
|
* Redistribution and use in source and binary forms, with or without |
62 |
|
* modification, are permitted provided that the following conditions |
148 |
|
#ifdef _WIN32 |
149 |
|
static int WIN32_rename(const char *from, const char *to); |
150 |
|
# define rename(from,to) WIN32_rename((from),(to)) |
151 |
+ |
# ifdef fileno |
152 |
+ |
# undef fileno |
153 |
+ |
# endif |
154 |
+ |
# define fileno(a) (int)_fileno(a) |
155 |
|
#endif |
156 |
|
|
157 |
|
typedef struct { |
219 |
|
if (arg != NULL) |
220 |
|
OPENSSL_free(arg); |
221 |
|
arg = (char **)OPENSSL_malloc(sizeof(char *) * (i * 2)); |
222 |
< |
|
222 |
> |
if (arg == NULL) |
223 |
> |
return 0; |
224 |
|
*argv = arg; |
225 |
|
num = 0; |
226 |
|
p = buf; |
287 |
|
return (FORMAT_PKCS12); |
288 |
|
else if ((*s == 'E') || (*s == 'e')) |
289 |
|
return (FORMAT_ENGINE); |
290 |
+ |
else if ((*s == 'H') || (*s == 'h')) |
291 |
+ |
return FORMAT_HTTP; |
292 |
|
else if ((*s == 'P') || (*s == 'p')) { |
293 |
|
if (s[1] == 'V' || s[1] == 'v') |
294 |
|
return FORMAT_PVK; |
791 |
|
return ret; |
792 |
|
} |
793 |
|
|
794 |
+ |
int load_cert_crl_http(const char *url, BIO *err, |
795 |
+ |
X509 **pcert, X509_CRL **pcrl) |
796 |
+ |
{ |
797 |
+ |
char *host = NULL, *port = NULL, *path = NULL; |
798 |
+ |
BIO *bio = NULL; |
799 |
+ |
OCSP_REQ_CTX *rctx = NULL; |
800 |
+ |
int use_ssl, rv = 0; |
801 |
+ |
if (!OCSP_parse_url(url, &host, &port, &path, &use_ssl)) |
802 |
+ |
goto err; |
803 |
+ |
if (use_ssl) { |
804 |
+ |
if (err) |
805 |
+ |
BIO_puts(err, "https not supported\n"); |
806 |
+ |
goto err; |
807 |
+ |
} |
808 |
+ |
bio = BIO_new_connect(host); |
809 |
+ |
if (!bio || !BIO_set_conn_port(bio, port)) |
810 |
+ |
goto err; |
811 |
+ |
rctx = OCSP_REQ_CTX_new(bio, 1024); |
812 |
+ |
if (!rctx) |
813 |
+ |
goto err; |
814 |
+ |
if (!OCSP_REQ_CTX_http(rctx, "GET", path)) |
815 |
+ |
goto err; |
816 |
+ |
if (!OCSP_REQ_CTX_add1_header(rctx, "Host", host)) |
817 |
+ |
goto err; |
818 |
+ |
if (pcert) { |
819 |
+ |
do { |
820 |
+ |
rv = X509_http_nbio(rctx, pcert); |
821 |
+ |
} |
822 |
+ |
while (rv == -1); |
823 |
+ |
} else { |
824 |
+ |
do { |
825 |
+ |
rv = X509_CRL_http_nbio(rctx, pcrl); |
826 |
+ |
} while (rv == -1); |
827 |
+ |
} |
828 |
+ |
|
829 |
+ |
err: |
830 |
+ |
if (host) |
831 |
+ |
OPENSSL_free(host); |
832 |
+ |
if (path) |
833 |
+ |
OPENSSL_free(path); |
834 |
+ |
if (port) |
835 |
+ |
OPENSSL_free(port); |
836 |
+ |
if (bio) |
837 |
+ |
BIO_free_all(bio); |
838 |
+ |
if (rctx) |
839 |
+ |
OCSP_REQ_CTX_free(rctx); |
840 |
+ |
if (rv != 1) { |
841 |
+ |
if (bio && err) |
842 |
+ |
BIO_printf(bio_err, "Error loading %s from %s\n", |
843 |
+ |
pcert ? "certificate" : "CRL", url); |
844 |
+ |
ERR_print_errors(bio_err); |
845 |
+ |
} |
846 |
+ |
return rv; |
847 |
+ |
} |
848 |
+ |
|
849 |
|
X509 *load_cert(BIO *err, const char *file, int format, |
850 |
|
const char *pass, ENGINE *e, const char *cert_descrip) |
851 |
|
{ |
852 |
|
X509 *x = NULL; |
853 |
|
BIO *cert; |
854 |
|
|
855 |
+ |
if (format == FORMAT_HTTP) { |
856 |
+ |
load_cert_crl_http(file, err, &x, NULL); |
857 |
+ |
return x; |
858 |
+ |
} |
859 |
+ |
|
860 |
|
if ((cert = BIO_new(BIO_s_file())) == NULL) { |
861 |
|
ERR_print_errors(err); |
862 |
|
goto end; |
914 |
|
return (x); |
915 |
|
} |
916 |
|
|
917 |
+ |
X509_CRL *load_crl(const char *infile, int format) |
918 |
+ |
{ |
919 |
+ |
X509_CRL *x = NULL; |
920 |
+ |
BIO *in = NULL; |
921 |
+ |
|
922 |
+ |
if (format == FORMAT_HTTP) { |
923 |
+ |
load_cert_crl_http(infile, bio_err, NULL, &x); |
924 |
+ |
return x; |
925 |
+ |
} |
926 |
+ |
|
927 |
+ |
in = BIO_new(BIO_s_file()); |
928 |
+ |
if (in == NULL) { |
929 |
+ |
ERR_print_errors(bio_err); |
930 |
+ |
goto end; |
931 |
+ |
} |
932 |
+ |
|
933 |
+ |
if (infile == NULL) |
934 |
+ |
BIO_set_fp(in, stdin, BIO_NOCLOSE); |
935 |
+ |
else { |
936 |
+ |
if (BIO_read_filename(in, infile) <= 0) { |
937 |
+ |
perror(infile); |
938 |
+ |
goto end; |
939 |
+ |
} |
940 |
+ |
} |
941 |
+ |
if (format == FORMAT_ASN1) |
942 |
+ |
x = d2i_X509_CRL_bio(in, NULL); |
943 |
+ |
else if (format == FORMAT_PEM) |
944 |
+ |
x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL); |
945 |
+ |
else { |
946 |
+ |
BIO_printf(bio_err, "bad input format specified for input crl\n"); |
947 |
+ |
goto end; |
948 |
+ |
} |
949 |
+ |
if (x == NULL) { |
950 |
+ |
BIO_printf(bio_err, "unable to load CRL\n"); |
951 |
+ |
ERR_print_errors(bio_err); |
952 |
+ |
goto end; |
953 |
+ |
} |
954 |
+ |
|
955 |
+ |
end: |
956 |
+ |
BIO_free(in); |
957 |
+ |
return (x); |
958 |
+ |
} |
959 |
+ |
|
960 |
|
EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin, |
961 |
|
const char *pass, ENGINE *e, const char *key_descrip) |
962 |
|
{ |
976 |
|
if (!e) |
977 |
|
BIO_printf(err, "no engine specified\n"); |
978 |
|
else { |
979 |
< |
pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data); |
979 |
> |
if (ENGINE_init(e)) { |
980 |
> |
pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data); |
981 |
> |
ENGINE_finish(e); |
982 |
> |
} |
983 |
|
if (!pkey) { |
984 |
|
BIO_printf(err, "cannot load %s from engine\n", key_descrip); |
985 |
|
ERR_print_errors(err); |
1359 |
|
}; |
1360 |
|
if (set_multi_opts(flags, arg, ex_tbl) == 0) |
1361 |
|
return 0; |
1362 |
< |
if ((*flags & XN_FLAG_SEP_MASK) == 0) |
1362 |
> |
if (*flags != XN_FLAG_COMPAT |
1363 |
> |
&& (*flags & XN_FLAG_SEP_MASK) == 0) |
1364 |
|
*flags |= XN_FLAG_SEP_CPLUS_SPC; |
1365 |
|
return 1; |
1366 |
|
} |
1540 |
|
} |
1541 |
|
return e; |
1542 |
|
} |
1543 |
+ |
#endif |
1544 |
|
|
1545 |
|
ENGINE *setup_engine(BIO *err, const char *engine, int debug) |
1546 |
|
{ |
1547 |
|
ENGINE *e = NULL; |
1548 |
|
|
1549 |
+ |
#ifndef OPENSSL_NO_ENGINE |
1550 |
|
if (engine) { |
1551 |
|
if (strcmp(engine, "auto") == 0) { |
1552 |
|
BIO_printf(err, "enabling auto ENGINE support\n"); |
1571 |
|
} |
1572 |
|
|
1573 |
|
BIO_printf(err, "engine \"%s\" set.\n", ENGINE_get_id(e)); |
1458 |
– |
|
1459 |
– |
/* Free our "structural" reference. */ |
1460 |
– |
ENGINE_free(e); |
1574 |
|
} |
1575 |
+ |
#endif |
1576 |
|
return e; |
1577 |
|
} |
1578 |
+ |
|
1579 |
+ |
void release_engine(ENGINE *e) |
1580 |
+ |
{ |
1581 |
+ |
#ifndef OPENSSL_NO_ENGINE |
1582 |
+ |
if (e != NULL) |
1583 |
+ |
/* Free our "structural" reference. */ |
1584 |
+ |
ENGINE_free(e); |
1585 |
|
#endif |
1586 |
+ |
} |
1587 |
|
|
1588 |
|
int load_config(BIO *err, CONF *cnf) |
1589 |
|
{ |
1739 |
|
BUF_strlcpy(buf[0], serialfile, BSIZE); |
1740 |
|
else { |
1741 |
|
#ifndef OPENSSL_SYS_VMS |
1742 |
< |
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix); |
1742 |
> |
j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, suffix); |
1743 |
|
#else |
1744 |
< |
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix); |
1744 |
> |
j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, suffix); |
1745 |
|
#endif |
1746 |
|
} |
1747 |
|
#ifdef RL_DEBUG |
1790 |
|
goto err; |
1791 |
|
} |
1792 |
|
#ifndef OPENSSL_SYS_VMS |
1793 |
< |
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, new_suffix); |
1793 |
> |
j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, new_suffix); |
1794 |
|
#else |
1795 |
< |
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, new_suffix); |
1795 |
> |
j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, new_suffix); |
1796 |
|
#endif |
1797 |
|
#ifndef OPENSSL_SYS_VMS |
1798 |
< |
j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", serialfile, old_suffix); |
1798 |
> |
j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", serialfile, old_suffix); |
1799 |
|
#else |
1800 |
< |
j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", serialfile, old_suffix); |
1800 |
> |
j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", serialfile, old_suffix); |
1801 |
|
#endif |
1802 |
|
#ifdef RL_DEBUG |
1803 |
|
BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", |
1878 |
|
goto err; |
1879 |
|
|
1880 |
|
#ifndef OPENSSL_SYS_VMS |
1881 |
< |
BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile); |
1881 |
> |
BIO_snprintf(buf[0], sizeof(buf[0]), "%s.attr", dbfile); |
1882 |
|
#else |
1883 |
< |
BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile); |
1883 |
> |
BIO_snprintf(buf[0], sizeof(buf[0]), "%s-attr", dbfile); |
1884 |
|
#endif |
1885 |
|
dbattr_conf = NCONF_new(NULL); |
1886 |
|
if (NCONF_load(dbattr_conf, buf[0], &errorline) <= 0) { |
1968 |
|
goto err; |
1969 |
|
} |
1970 |
|
#ifndef OPENSSL_SYS_VMS |
1971 |
< |
j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile); |
1971 |
> |
j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr", dbfile); |
1972 |
|
#else |
1973 |
< |
j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile); |
1973 |
> |
j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr", dbfile); |
1974 |
|
#endif |
1975 |
|
#ifndef OPENSSL_SYS_VMS |
1976 |
< |
j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix); |
1976 |
> |
j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.attr.%s", dbfile, suffix); |
1977 |
|
#else |
1978 |
< |
j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix); |
1978 |
> |
j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-attr-%s", dbfile, suffix); |
1979 |
|
#endif |
1980 |
|
#ifndef OPENSSL_SYS_VMS |
1981 |
< |
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix); |
1981 |
> |
j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, suffix); |
1982 |
|
#else |
1983 |
< |
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix); |
1983 |
> |
j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, suffix); |
1984 |
|
#endif |
1985 |
|
#ifdef RL_DEBUG |
1986 |
|
BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]); |
2029 |
|
goto err; |
2030 |
|
} |
2031 |
|
#ifndef OPENSSL_SYS_VMS |
2032 |
< |
j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile); |
2032 |
> |
j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s.attr", dbfile); |
2033 |
|
#else |
2034 |
< |
j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile); |
2034 |
> |
j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s-attr", dbfile); |
2035 |
|
#endif |
2036 |
|
#ifndef OPENSSL_SYS_VMS |
2037 |
< |
j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s", dbfile, new_suffix); |
2037 |
> |
j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr.%s", dbfile, new_suffix); |
2038 |
|
#else |
2039 |
< |
j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s", dbfile, new_suffix); |
2039 |
> |
j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr-%s", dbfile, new_suffix); |
2040 |
|
#endif |
2041 |
|
#ifndef OPENSSL_SYS_VMS |
2042 |
< |
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, new_suffix); |
2042 |
> |
j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, new_suffix); |
2043 |
|
#else |
2044 |
< |
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, new_suffix); |
2044 |
> |
j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, new_suffix); |
2045 |
|
#endif |
2046 |
|
#ifndef OPENSSL_SYS_VMS |
2047 |
< |
j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", dbfile, old_suffix); |
2047 |
> |
j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", dbfile, old_suffix); |
2048 |
|
#else |
2049 |
< |
j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", dbfile, old_suffix); |
2049 |
> |
j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", dbfile, old_suffix); |
2050 |
|
#endif |
2051 |
|
#ifndef OPENSSL_SYS_VMS |
2052 |
< |
j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s", dbfile, old_suffix); |
2052 |
> |
j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s.attr.%s", dbfile, old_suffix); |
2053 |
|
#else |
2054 |
< |
j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s", dbfile, old_suffix); |
2054 |
> |
j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s-attr-%s", dbfile, old_suffix); |
2055 |
|
#endif |
2056 |
|
#ifdef RL_DEBUG |
2057 |
|
BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", dbfile, buf[1]); |
2282 |
|
char **oldargs = *pargs; |
2283 |
|
char *arg = **pargs, *argn = (*pargs)[1]; |
2284 |
|
time_t at_time = 0; |
2285 |
+ |
char *hostname = NULL; |
2286 |
+ |
char *email = NULL; |
2287 |
+ |
char *ipasc = NULL; |
2288 |
|
if (!strcmp(arg, "-policy")) { |
2289 |
|
if (!argn) |
2290 |
|
*badarg = 1; |
2338 |
|
at_time = (time_t)timestamp; |
2339 |
|
} |
2340 |
|
(*pargs)++; |
2341 |
+ |
} else if (strcmp(arg, "-verify_hostname") == 0) { |
2342 |
+ |
if (!argn) |
2343 |
+ |
*badarg = 1; |
2344 |
+ |
hostname = argn; |
2345 |
+ |
(*pargs)++; |
2346 |
+ |
} else if (strcmp(arg, "-verify_email") == 0) { |
2347 |
+ |
if (!argn) |
2348 |
+ |
*badarg = 1; |
2349 |
+ |
email = argn; |
2350 |
+ |
(*pargs)++; |
2351 |
+ |
} else if (strcmp(arg, "-verify_ip") == 0) { |
2352 |
+ |
if (!argn) |
2353 |
+ |
*badarg = 1; |
2354 |
+ |
ipasc = argn; |
2355 |
+ |
(*pargs)++; |
2356 |
|
} else if (!strcmp(arg, "-ignore_critical")) |
2357 |
|
flags |= X509_V_FLAG_IGNORE_CRITICAL; |
2358 |
|
else if (!strcmp(arg, "-issuer_checks")) |
2379 |
|
flags |= X509_V_FLAG_NOTIFY_POLICY; |
2380 |
|
else if (!strcmp(arg, "-check_ss_sig")) |
2381 |
|
flags |= X509_V_FLAG_CHECK_SS_SIGNATURE; |
2382 |
+ |
else if (!strcmp(arg, "-trusted_first")) |
2383 |
+ |
flags |= X509_V_FLAG_TRUSTED_FIRST; |
2384 |
+ |
else if (!strcmp(arg, "-suiteB_128_only")) |
2385 |
+ |
flags |= X509_V_FLAG_SUITEB_128_LOS_ONLY; |
2386 |
+ |
else if (!strcmp(arg, "-suiteB_128")) |
2387 |
+ |
flags |= X509_V_FLAG_SUITEB_128_LOS; |
2388 |
+ |
else if (!strcmp(arg, "-suiteB_192")) |
2389 |
+ |
flags |= X509_V_FLAG_SUITEB_192_LOS; |
2390 |
+ |
else if (!strcmp(arg, "-partial_chain")) |
2391 |
+ |
flags |= X509_V_FLAG_PARTIAL_CHAIN; |
2392 |
|
else if (!strcmp(arg, "-no_alt_chains")) |
2393 |
|
flags |= X509_V_FLAG_NO_ALT_CHAINS; |
2394 |
|
else if (!strcmp(arg, "-allow_proxy_certs")) |
2422 |
|
if (at_time) |
2423 |
|
X509_VERIFY_PARAM_set_time(*pm, at_time); |
2424 |
|
|
2425 |
+ |
if (hostname && !X509_VERIFY_PARAM_set1_host(*pm, hostname, 0)) |
2426 |
+ |
*badarg = 1; |
2427 |
+ |
|
2428 |
+ |
if (email && !X509_VERIFY_PARAM_set1_email(*pm, email, 0)) |
2429 |
+ |
*badarg = 1; |
2430 |
+ |
|
2431 |
+ |
if (ipasc && !X509_VERIFY_PARAM_set1_ip_asc(*pm, ipasc)) |
2432 |
+ |
*badarg = 1; |
2433 |
+ |
|
2434 |
|
end: |
2435 |
|
|
2436 |
|
(*pargs)++; |
2461 |
|
else |
2462 |
|
len = 1024; |
2463 |
|
len = BIO_read(in, tbuf, len); |
2464 |
< |
if (len <= 0) |
2464 |
> |
if (len < 0) { |
2465 |
> |
BIO_free(mem); |
2466 |
> |
return -1; |
2467 |
> |
} |
2468 |
> |
if (len == 0) |
2469 |
|
break; |
2470 |
|
if (BIO_write(mem, tbuf, len) != len) { |
2471 |
|
BIO_free(mem); |
2482 |
|
return ret; |
2483 |
|
} |
2484 |
|
|
2485 |
< |
int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value) |
2485 |
> |
int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value) |
2486 |
|
{ |
2487 |
|
int rv; |
2488 |
|
char *stmp, *vtmp = NULL; |
2605 |
|
|
2606 |
|
JPAKE_STEP3A_init(&s3a); |
2607 |
|
JPAKE_STEP3A_generate(&s3a, ctx); |
2608 |
< |
BIO_write(bconn, s3a.hhk, sizeof s3a.hhk); |
2608 |
> |
BIO_write(bconn, s3a.hhk, sizeof(s3a.hhk)); |
2609 |
|
(void)BIO_flush(bconn); |
2610 |
|
JPAKE_STEP3A_release(&s3a); |
2611 |
|
} |
2616 |
|
|
2617 |
|
JPAKE_STEP3B_init(&s3b); |
2618 |
|
JPAKE_STEP3B_generate(&s3b, ctx); |
2619 |
< |
BIO_write(bconn, s3b.hk, sizeof s3b.hk); |
2619 |
> |
BIO_write(bconn, s3b.hk, sizeof(s3b.hk)); |
2620 |
|
(void)BIO_flush(bconn); |
2621 |
|
JPAKE_STEP3B_release(&s3b); |
2622 |
|
} |
2626 |
|
char buf[10240]; |
2627 |
|
int l; |
2628 |
|
|
2629 |
< |
l = BIO_gets(bconn, buf, sizeof buf); |
2629 |
> |
l = BIO_gets(bconn, buf, sizeof(buf)); |
2630 |
|
assert(l > 0); |
2631 |
|
assert(buf[l - 1] == '\n'); |
2632 |
|
buf[l - 1] = '\0'; |
2673 |
|
int l; |
2674 |
|
|
2675 |
|
JPAKE_STEP3A_init(&s3a); |
2676 |
< |
l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk); |
2677 |
< |
assert(l == sizeof s3a.hhk); |
2676 |
> |
l = BIO_read(bconn, s3a.hhk, sizeof(s3a.hhk)); |
2677 |
> |
assert(l == sizeof(s3a.hhk)); |
2678 |
|
if (!JPAKE_STEP3A_process(ctx, &s3a)) { |
2679 |
|
ERR_print_errors(bio_err); |
2680 |
|
exit(1); |
2688 |
|
int l; |
2689 |
|
|
2690 |
|
JPAKE_STEP3B_init(&s3b); |
2691 |
< |
l = BIO_read(bconn, s3b.hk, sizeof s3b.hk); |
2692 |
< |
assert(l == sizeof s3b.hk); |
2691 |
> |
l = BIO_read(bconn, s3b.hk, sizeof(s3b.hk)); |
2692 |
> |
assert(l == sizeof(s3b.hk)); |
2693 |
|
if (!JPAKE_STEP3B_process(ctx, &s3b)) { |
2694 |
|
ERR_print_errors(bio_err); |
2695 |
|
exit(1); |
2718 |
|
|
2719 |
|
BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n"); |
2720 |
|
|
2721 |
+ |
if (psk_key) |
2722 |
+ |
OPENSSL_free(psk_key); |
2723 |
+ |
|
2724 |
|
psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx)); |
2725 |
|
|
2726 |
|
BIO_pop(bconn); |
2750 |
|
|
2751 |
|
BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n"); |
2752 |
|
|
2753 |
+ |
if (psk_key) |
2754 |
+ |
OPENSSL_free(psk_key); |
2755 |
+ |
|
2756 |
|
psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx)); |
2757 |
|
|
2758 |
|
BIO_pop(bconn); |
2763 |
|
|
2764 |
|
#endif |
2765 |
|
|
2766 |
< |
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) |
2766 |
> |
#ifndef OPENSSL_NO_TLSEXT |
2767 |
|
/*- |
2768 |
|
* next_protos_parse parses a comma separated list of strings into a string |
2769 |
|
* in a format suitable for passing to SSL_CTX_set_next_protos_advertised. |
2793 |
|
OPENSSL_free(out); |
2794 |
|
return NULL; |
2795 |
|
} |
2796 |
< |
out[start] = i - start; |
2796 |
> |
out[start] = (unsigned char)(i - start); |
2797 |
|
start = i + 1; |
2798 |
|
} else |
2799 |
|
out[i + 1] = in[i]; |
2800 |
|
} |
2801 |
|
|
2802 |
< |
*outlen = len + 1; |
2802 |
> |
*outlen = (unsigned char)(len + 1); |
2803 |
|
return out; |
2804 |
|
} |
2805 |
< |
#endif /* !OPENSSL_NO_TLSEXT && |
2637 |
< |
* !OPENSSL_NO_NEXTPROTONEG */ |
2805 |
> |
#endif /* ndef OPENSSL_NO_TLSEXT */ |
2806 |
|
|
2807 |
+ |
void print_cert_checks(BIO *bio, X509 *x, |
2808 |
+ |
const char *checkhost, |
2809 |
+ |
const char *checkemail, const char *checkip) |
2810 |
+ |
{ |
2811 |
+ |
if (x == NULL) |
2812 |
+ |
return; |
2813 |
+ |
if (checkhost) { |
2814 |
+ |
BIO_printf(bio, "Hostname %s does%s match certificate\n", |
2815 |
+ |
checkhost, X509_check_host(x, checkhost, 0, 0, NULL) == 1 |
2816 |
+ |
? "" : " NOT"); |
2817 |
+ |
} |
2818 |
+ |
|
2819 |
+ |
if (checkemail) { |
2820 |
+ |
BIO_printf(bio, "Email %s does%s match certificate\n", |
2821 |
+ |
checkemail, X509_check_email(x, checkemail, 0, |
2822 |
+ |
0) ? "" : " NOT"); |
2823 |
+ |
} |
2824 |
+ |
|
2825 |
+ |
if (checkip) { |
2826 |
+ |
BIO_printf(bio, "IP %s does%s match certificate\n", |
2827 |
+ |
checkip, X509_check_ip_asc(x, checkip, 0) ? "" : " NOT"); |
2828 |
+ |
} |
2829 |
+ |
} |
2830 |
+ |
|
2831 |
+ |
/* Get first http URL from a DIST_POINT structure */ |
2832 |
+ |
|
2833 |
+ |
static const char *get_dp_url(DIST_POINT *dp) |
2834 |
+ |
{ |
2835 |
+ |
GENERAL_NAMES *gens; |
2836 |
+ |
GENERAL_NAME *gen; |
2837 |
+ |
int i, gtype; |
2838 |
+ |
ASN1_STRING *uri; |
2839 |
+ |
if (!dp->distpoint || dp->distpoint->type != 0) |
2840 |
+ |
return NULL; |
2841 |
+ |
gens = dp->distpoint->name.fullname; |
2842 |
+ |
for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { |
2843 |
+ |
gen = sk_GENERAL_NAME_value(gens, i); |
2844 |
+ |
uri = GENERAL_NAME_get0_value(gen, >ype); |
2845 |
+ |
if (gtype == GEN_URI && ASN1_STRING_length(uri) > 6) { |
2846 |
+ |
char *uptr = (char *)ASN1_STRING_data(uri); |
2847 |
+ |
if (!strncmp(uptr, "http://", 7)) |
2848 |
+ |
return uptr; |
2849 |
+ |
} |
2850 |
+ |
} |
2851 |
+ |
return NULL; |
2852 |
+ |
} |
2853 |
+ |
|
2854 |
|
/* |
2855 |
+ |
* Look through a CRLDP structure and attempt to find an http URL to |
2856 |
+ |
* downloads a CRL from. |
2857 |
+ |
*/ |
2858 |
+ |
|
2859 |
+ |
static X509_CRL *load_crl_crldp(STACK_OF(DIST_POINT) *crldp) |
2860 |
+ |
{ |
2861 |
+ |
int i; |
2862 |
+ |
const char *urlptr = NULL; |
2863 |
+ |
for (i = 0; i < sk_DIST_POINT_num(crldp); i++) { |
2864 |
+ |
DIST_POINT *dp = sk_DIST_POINT_value(crldp, i); |
2865 |
+ |
urlptr = get_dp_url(dp); |
2866 |
+ |
if (urlptr) |
2867 |
+ |
return load_crl(urlptr, FORMAT_HTTP); |
2868 |
+ |
} |
2869 |
+ |
return NULL; |
2870 |
+ |
} |
2871 |
+ |
|
2872 |
+ |
/* |
2873 |
+ |
* Example of downloading CRLs from CRLDP: not usable for real world as it |
2874 |
+ |
* always downloads, doesn't support non-blocking I/O and doesn't cache |
2875 |
+ |
* anything. |
2876 |
+ |
*/ |
2877 |
+ |
|
2878 |
+ |
static STACK_OF(X509_CRL) *crls_http_cb(X509_STORE_CTX *ctx, X509_NAME *nm) |
2879 |
+ |
{ |
2880 |
+ |
X509 *x; |
2881 |
+ |
STACK_OF(X509_CRL) *crls = NULL; |
2882 |
+ |
X509_CRL *crl; |
2883 |
+ |
STACK_OF(DIST_POINT) *crldp; |
2884 |
+ |
x = X509_STORE_CTX_get_current_cert(ctx); |
2885 |
+ |
crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL); |
2886 |
+ |
crl = load_crl_crldp(crldp); |
2887 |
+ |
sk_DIST_POINT_pop_free(crldp, DIST_POINT_free); |
2888 |
+ |
if (!crl) |
2889 |
+ |
return NULL; |
2890 |
+ |
crls = sk_X509_CRL_new_null(); |
2891 |
+ |
sk_X509_CRL_push(crls, crl); |
2892 |
+ |
/* Try to download delta CRL */ |
2893 |
+ |
crldp = X509_get_ext_d2i(x, NID_freshest_crl, NULL, NULL); |
2894 |
+ |
crl = load_crl_crldp(crldp); |
2895 |
+ |
sk_DIST_POINT_pop_free(crldp, DIST_POINT_free); |
2896 |
+ |
if (crl) |
2897 |
+ |
sk_X509_CRL_push(crls, crl); |
2898 |
+ |
return crls; |
2899 |
+ |
} |
2900 |
+ |
|
2901 |
+ |
void store_setup_crl_download(X509_STORE *st) |
2902 |
+ |
{ |
2903 |
+ |
X509_STORE_set_lookup_crls_cb(st, crls_http_cb); |
2904 |
+ |
} |
2905 |
+ |
|
2906 |
+ |
/* |
2907 |
|
* Platform-specific sections |
2908 |
|
*/ |
2909 |
|
#if defined(_WIN32) |
3214 |
|
#endif |
3215 |
|
|
3216 |
|
/* raw_read|write section */ |
3217 |
+ |
#if defined(__VMS) |
3218 |
+ |
# include "vms_term_sock.h" |
3219 |
+ |
static int stdin_sock = -1; |
3220 |
+ |
|
3221 |
+ |
static void close_stdin_sock(void) |
3222 |
+ |
{ |
3223 |
+ |
TerminalSocket (TERM_SOCK_DELETE, &stdin_sock); |
3224 |
+ |
} |
3225 |
+ |
|
3226 |
+ |
int fileno_stdin(void) |
3227 |
+ |
{ |
3228 |
+ |
if (stdin_sock == -1) { |
3229 |
+ |
TerminalSocket(TERM_SOCK_CREATE, &stdin_sock); |
3230 |
+ |
atexit(close_stdin_sock); |
3231 |
+ |
} |
3232 |
+ |
|
3233 |
+ |
return stdin_sock; |
3234 |
+ |
} |
3235 |
+ |
#else |
3236 |
+ |
int fileno_stdin(void) |
3237 |
+ |
{ |
3238 |
+ |
return fileno(stdin); |
3239 |
+ |
} |
3240 |
+ |
#endif |
3241 |
+ |
|
3242 |
+ |
int fileno_stdout(void) |
3243 |
+ |
{ |
3244 |
+ |
return fileno(stdout); |
3245 |
+ |
} |
3246 |
+ |
|
3247 |
|
#if defined(_WIN32) && defined(STD_INPUT_HANDLE) |
3248 |
|
int raw_read_stdin(void *buf, int siz) |
3249 |
|
{ |
3253 |
|
else |
3254 |
|
return (-1); |
3255 |
|
} |
3256 |
+ |
#elif defined(__VMS) |
3257 |
+ |
#include <sys/socket.h> |
3258 |
+ |
|
3259 |
+ |
int raw_read_stdin(void *buf, int siz) |
3260 |
+ |
{ |
3261 |
+ |
return recv(fileno_stdin(), buf, siz, 0); |
3262 |
+ |
} |
3263 |
|
#else |
3264 |
|
int raw_read_stdin(void *buf, int siz) |
3265 |
|
{ |
3266 |
< |
return read(fileno(stdin), buf, siz); |
3266 |
> |
return read(fileno_stdin(), buf, siz); |
3267 |
|
} |
3268 |
|
#endif |
3269 |
|
|
3279 |
|
#else |
3280 |
|
int raw_write_stdout(const void *buf, int siz) |
3281 |
|
{ |
3282 |
< |
return write(fileno(stdout), buf, siz); |
3282 |
> |
return write(fileno_stdout(), buf, siz); |
3283 |
|
} |
3284 |
|
#endif |