Big apps cleanup (option-parsing, etc) (7e1b7485) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

apps/Makefile

+133 −131

File changed.

Preview size limit exceeded, changes collapsed.

apps/app_rand.c

+11 −14

Original line number	Diff line number	Diff line
		/* apps/app_rand.c */
		/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
		* All rights reserved.
		*
		@@ -109,25 +108,23 @@
		*
		*/

		#define NON_MAIN
		#include "apps.h"
		#undef NON_MAIN
		#include <openssl/bio.h>
		#include <openssl/rand.h>

		static int seeded = 0;
		static int egdsocket = 0;

		int app_RAND_load_file(const char file, BIO bio_e, int dont_warn)
		int app_RAND_load_file(const char *file, int dont_warn)
		{
		int consider_randfile = (file == NULL);
		char buffer[200];

		#ifdef OPENSSL_SYS_WINDOWS
		BIO_printf(bio_e, "Loading 'screen' into random state -");
		BIO_flush(bio_e);
		BIO_printf(bio_err, "Loading 'screen' into random state -");
		BIO_flush(bio_err);
		RAND_screen();
		BIO_printf(bio_e, " done\n");
		BIO_printf(bio_err, " done\n");
		#endif

		if (file == NULL)
		@@ -143,15 +140,15 @@ int app_RAND_load_file(const char file, BIO bio_e, int dont_warn)
		if (file == NULL \|\| !RAND_load_file(file, -1)) {
		if (RAND_status() == 0) {
		if (!dont_warn) {
		BIO_printf(bio_e, "unable to load 'random state'\n");
		BIO_printf(bio_e,
		BIO_printf(bio_err, "unable to load 'random state'\n");
		BIO_printf(bio_err,
		"This means that the random number generator has not been seeded\n");
		BIO_printf(bio_e, "with much random data.\n");
		BIO_printf(bio_err, "with much random data.\n");
		if (consider_randfile) { /* explanation does not apply when a
		* file is explicitly named */
		BIO_printf(bio_e,
		BIO_printf(bio_err,
		"Consider setting the RANDFILE environment variable to point at a file that\n");
		BIO_printf(bio_e,
		BIO_printf(bio_err,
		"'random' data can be kept in (the file will be overwritten).\n");
		}
		}
		@@ -193,7 +190,7 @@ long app_RAND_load_files(char *name)
		return (tot);
		}

		int app_RAND_write_file(const char file, BIO bio_e)
		int app_RAND_write_file(const char *file)
		{
		char buffer[200];

		@@ -208,7 +205,7 @@ int app_RAND_write_file(const char file, BIO bio_e)
		if (file == NULL)
		file = RAND_file_name(buffer, sizeof buffer);
		if (file == NULL \|\| !RAND_write_file(file)) {
		BIO_printf(bio_e, "unable to write 'random state'\n");
		BIO_printf(bio_err, "unable to write 'random state'\n");
		return 0;
		}
		return 1;

apps/apps.c

+214 −670

File changed.

Preview size limit exceeded, changes collapsed.

apps/apps.h

+266 −96

Original line number	Diff line number	Diff line
		@@ -126,9 +126,18 @@
		# include <openssl/ocsp.h>
		# endif
		# include <openssl/ossl_typ.h>
		# ifndef OPENSSL_SYS_NETWARE
		# include <signal.h>
		# endif

		int app_RAND_load_file(const char file, BIO bio_e, int dont_warn);
		int app_RAND_write_file(const char file, BIO bio_e);
		# if defined(OPENSSL_SYS_WIN32) \|\| defined(OPENSSL_SYS_WINCE)
		# define openssl_fdset(a,b) FD_SET((unsigned int)a, b)
		# else
		# define openssl_fdset(a,b) FD_SET(a, b)
		# endif

		int app_RAND_load_file(const char *file, int dont_warn);
		int app_RAND_write_file(const char *file);
		/*
		* When `file' is NULL, use defaults. `bio_e' is for error messages.
		*/
		@@ -138,82 +147,246 @@ long app_RAND_load_files(char file); / `file' is a list of files to read,
		* (see e_os.h). The string is
		* destroyed! */

		# ifndef MONOLITH

		# define MAIN(a,v) main(a,v)

		# ifndef NON_MAIN
		CONF *config = NULL;
		BIO *bio_err = NULL;
		# else
		extern CONF *config;
		extern BIO *bio_err;
		# endif

		# else

		# define MAIN(a,v) PROG(a,v)
		extern CONF *config;
		extern char *default_config_file;
		extern BIO *bio_in;
		extern BIO *bio_out;
		extern BIO *bio_err;
		BIO *dup_bio_in(void);
		BIO *dup_bio_out(void);
		BIO bio_open_default(const char filename, const char *mode);
		void unbuffer(FILE *fp);

		# endif

		# ifndef OPENSSL_SYS_NETWARE
		# include <signal.h>
		# endif
		/* Often used in calls to bio_open_default. */
		# define RB(xformat) ((xformat) == FORMAT_ASN1 ? "rb" : "r")
		# define WB(xformat) ((xformat) == FORMAT_ASN1 ? "wb" : "w")

		# ifdef SIGPIPE
		# define do_pipe_sig() signal(SIGPIPE,SIG_IGN)
		# else
		# define do_pipe_sig()
		# endif
		/*
		* Common verification options.
		*/
		# define OPT_V_ENUM \
		OPT_V__FIRST=2000, \
		OPT_V_POLICY, OPT_V_PURPOSE, OPT_V_VERIFY_NAME, OPT_V_VERIFY_DEPTH, \
		OPT_V_ATTIME, OPT_V_VERIFY_HOSTNAME, OPT_V_VERIFY_EMAIL, \
		OPT_V_VERIFY_IP, OPT_V_IGNORE_CRITICAL, OPT_V_ISSUER_CHECKS, \
		OPT_V_CRL_CHECK, OPT_V_CRL_CHECK_ALL, OPT_V_POLICY_CHECK, \
		OPT_V_EXPLICIT_POLICY, OPT_V_INHIBIT_ANY, OPT_V_INHIBIT_MAP, \
		OPT_V_X509_STRICT, OPT_V_EXTENDED_CRL, OPT_V_USE_DELTAS, \
		OPT_V_POLICY_PRINT, OPT_V_CHECK_SS_SIG, OPT_V_TRUSTED_FIRST, \
		OPT_V_SUITEB_128_ONLY, OPT_V_SUITEB_128, OPT_V_SUITEB_192, \
		OPT_V_PARTIAL_CHAIN, OPT_V_NO_ALT_CHAINS, \
		OPT_V__LAST

		# define OPT_V_OPTIONS \
		{ "policy", OPT_V_POLICY, 's' }, \
		{ "purpose", OPT_V_PURPOSE, 's' }, \
		{ "verify_name", OPT_V_VERIFY_NAME, 's' }, \
		{ "verify_depth", OPT_V_VERIFY_DEPTH, 'p' }, \
		{ "attime", OPT_V_ATTIME, 'p' }, \
		{ "verify_hostname", OPT_V_VERIFY_HOSTNAME, 's' }, \
		{ "verify_email", OPT_V_VERIFY_EMAIL, 's' }, \
		{ "verify_ip", OPT_V_VERIFY_IP, 's' }, \
		{ "ignore_critical", OPT_V_IGNORE_CRITICAL, '-' }, \
		{ "issuer_checks", OPT_V_ISSUER_CHECKS, '-' }, \
		{ "crl_check", OPT_V_CRL_CHECK, '-', "Check that peer cert has not been revoked" }, \
		{ "crl_check_all", OPT_V_CRL_CHECK_ALL, '-', "Also check all certs in the chain" }, \
		{ "policy_check", OPT_V_POLICY_CHECK, '-' }, \
		{ "explicit_policy", OPT_V_EXPLICIT_POLICY, '-' }, \
		{ "inhibit_any", OPT_V_INHIBIT_ANY, '-' }, \
		{ "inhibit_map", OPT_V_INHIBIT_MAP, '-' }, \
		{ "x509_strict", OPT_V_X509_STRICT, '-' }, \
		{ "extended_crl", OPT_V_EXTENDED_CRL, '-' }, \
		{ "use_deltas", OPT_V_USE_DELTAS, '-' }, \
		{ "policy_print", OPT_V_POLICY_PRINT, '-' }, \
		{ "check_ss_sig", OPT_V_CHECK_SS_SIG, '-' }, \
		{ "trusted_first", OPT_V_TRUSTED_FIRST, '-', "Use locally-trusted CA's first in building chain" }, \
		{ "suiteB_128_only", OPT_V_SUITEB_128_ONLY, '-' }, \
		{ "suiteB_128", OPT_V_SUITEB_128, '-' }, \
		{ "suiteB_192", OPT_V_SUITEB_192, '-' }, \
		{ "partial_chain", OPT_V_PARTIAL_CHAIN, '-' }, \
		{ "no_alt_chains", OPT_V_NO_ALT_CHAINS, '-', "Only use the first cert chain found" }

		# define OPT_V_CASES \
		OPT_V__FIRST: case OPT_V__LAST: break; \
		case OPT_V_POLICY: \
		case OPT_V_PURPOSE: \
		case OPT_V_VERIFY_NAME: \
		case OPT_V_VERIFY_DEPTH: \
		case OPT_V_ATTIME: \
		case OPT_V_VERIFY_HOSTNAME: \
		case OPT_V_VERIFY_EMAIL: \
		case OPT_V_VERIFY_IP: \
		case OPT_V_IGNORE_CRITICAL: \
		case OPT_V_ISSUER_CHECKS: \
		case OPT_V_CRL_CHECK: \
		case OPT_V_CRL_CHECK_ALL: \
		case OPT_V_POLICY_CHECK: \
		case OPT_V_EXPLICIT_POLICY: \
		case OPT_V_INHIBIT_ANY: \
		case OPT_V_INHIBIT_MAP: \
		case OPT_V_X509_STRICT: \
		case OPT_V_EXTENDED_CRL: \
		case OPT_V_USE_DELTAS: \
		case OPT_V_POLICY_PRINT: \
		case OPT_V_CHECK_SS_SIG: \
		case OPT_V_TRUSTED_FIRST: \
		case OPT_V_SUITEB_128_ONLY: \
		case OPT_V_SUITEB_128: \
		case OPT_V_SUITEB_192: \
		case OPT_V_PARTIAL_CHAIN: \
		case OPT_V_NO_ALT_CHAINS

		# ifdef OPENSSL_NO_COMP
		# define zlib_cleanup()
		# else
		# define zlib_cleanup() COMP_zlib_cleanup()
		# endif
		/*
		* Common "extended"? options.
		*/
		# define OPT_X_ENUM \
		OPT_X__FIRST=1000, \
		OPT_X_KEY, OPT_X_CERT, OPT_X_CHAIN, OPT_X_CHAIN_BUILD, \
		OPT_X_CERTFORM, OPT_X_KEYFORM, \
		OPT_X__LAST

		# define OPT_X_OPTIONS \
		{ "xkey", OPT_X_KEY, '<' }, \
		{ "xcert", OPT_X_CERT, '<' }, \
		{ "xchain", OPT_X_CHAIN, '<' }, \
		{ "xchain_build", OPT_X_CHAIN_BUILD, '-' }, \
		{ "xcertform", OPT_X_CERTFORM, 'F' }, \
		{ "xkeyform", OPT_X_KEYFORM, 'F' }

		# define OPT_X_CASES \
		OPT_X__FIRST: case OPT_X__LAST: break; \
		case OPT_X_KEY: \
		case OPT_X_CERT: \
		case OPT_X_CHAIN: \
		case OPT_X_CHAIN_BUILD: \
		case OPT_X_CERTFORM: \
		case OPT_X_KEYFORM

		# if defined(MONOLITH) && !defined(OPENSSL_C)
		# define apps_startup() \
		do_pipe_sig()
		# define apps_shutdown()
		# else
		# ifndef OPENSSL_NO_ENGINE
		# define apps_startup() \
		do { do_pipe_sig(); CRYPTO_malloc_init(); \
		ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
		ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
		# define apps_shutdown() \
		do { CONF_modules_unload(1); destroy_ui_method(); \
		OBJ_cleanup(); EVP_cleanup(); ENGINE_cleanup(); \
		CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \
		RAND_cleanup(); \
		ERR_free_strings(); zlib_cleanup();} while(0)
		# else
		# define apps_startup() \
		do { do_pipe_sig(); CRYPTO_malloc_init(); \
		ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
		setup_ui_method(); } while(0)
		# define apps_shutdown() \
		do { CONF_modules_unload(1); destroy_ui_method(); \
		OBJ_cleanup(); EVP_cleanup(); \
		CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \
		RAND_cleanup(); \
		ERR_free_strings(); zlib_cleanup(); } while(0)
		# endif
		# endif
		/*
		* Common SSL options.
		* Any changes here must be coordinated with ../ssl/ssl_conf.c
		*/
		# define OPT_S_ENUM \
		OPT_S__FIRST=3000, \
		OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \
		OPT_S_BUGS, OPT_S_NOCOMP, OPT_S_ECDHSINGLE, OPT_S_NOTICKET, \
		OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \
		OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_STRICT, OPT_S_SIGALGS, \
		OPT_S_CLIENTSIGALGS, OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, \
		OPT_S_DHPARAM, OPT_S_DEBUGBROKE, \
		OPT_S__LAST

		# define OPT_S_OPTIONS \
		{"no_ssl3", OPT_S_NOSSL3, '-' }, \
		{"no_tls1", OPT_S_NOTLS1, '-' }, \
		{"no_tls1_1", OPT_S_NOTLS1_1, '-' }, \
		{"no_tls1_2", OPT_S_NOTLS1_2, '-' }, \
		{"bugs", OPT_S_BUGS, '-' }, \
		{"no_comp", OPT_S_NOCOMP, '-' }, \
		{"ecdh_single", OPT_S_ECDHSINGLE, '-' }, \
		{"no_ticket", OPT_S_NOTICKET, '-' }, \
		{"serverpref", OPT_S_SERVERPREF, '-' }, \
		{"legacy_renegotiation", OPT_S_LEGACYRENEG, '-' }, \
		{"legacy_server_connect", OPT_S_LEGACYCONN, '-' }, \
		{"no_resumption_on_reneg", OPT_S_ONRESUMP, '-' }, \
		{"no_legacy_server_connect", OPT_S_NOLEGACYCONN, '-' }, \
		{"strict", OPT_S_STRICT, '-' }, \
		{"sigalgs", OPT_S_SIGALGS, 's', }, \
		{"client_sigalgs", OPT_S_CLIENTSIGALGS, 's', }, \
		{"curves", OPT_S_CURVES, 's', }, \
		{"named_curve", OPT_S_NAMEDCURVE, 's', }, \
		{"cipher", OPT_S_CIPHER, 's', }, \
		{"dhparam", OPT_S_DHPARAM, '<' }, \
		{"debug_broken_protocol", OPT_S_DEBUGBROKE, '-' }

		# define OPT_S_CASES \
		OPT_S__FIRST: case OPT_S__LAST: break; \
		case OPT_S_NOSSL3: \
		case OPT_S_NOTLS1: \
		case OPT_S_NOTLS1_1: \
		case OPT_S_NOTLS1_2: \
		case OPT_S_BUGS: \
		case OPT_S_NOCOMP: \
		case OPT_S_ECDHSINGLE: \
		case OPT_S_NOTICKET: \
		case OPT_S_SERVERPREF: \
		case OPT_S_LEGACYRENEG: \
		case OPT_S_LEGACYCONN: \
		case OPT_S_ONRESUMP: \
		case OPT_S_NOLEGACYCONN: \
		case OPT_S_STRICT: \
		case OPT_S_SIGALGS: \
		case OPT_S_CLIENTSIGALGS: \
		case OPT_S_CURVES: \
		case OPT_S_NAMEDCURVE: \
		case OPT_S_CIPHER: \
		case OPT_S_DHPARAM: \
		case OPT_S_DEBUGBROKE

		# if defined(OPENSSL_SYS_WIN32) \|\| defined(OPENSSL_SYS_WINCE)
		# define openssl_fdset(a,b) FD_SET((unsigned int)a, b)
		# else
		# define openssl_fdset(a,b) FD_SET(a, b)
		# endif
		/*
		* Option parsing.
		*/
		extern const char OPT_HELP_STR[];
		extern const char OPT_MORE_STR[];
		typedef struct options_st {
		const char *name;
		int retval;
		/*
		* value type: - no value (also the value zero), n number, p positive
		* number, u unsigned, s string, < input file, > output file, f der/pem
		* format, F any format identifier. n and u include zero; p does not.
		*/
		int valtype;
		const char *helpstr;
		} OPTIONS;

		typedef struct opt_pair_st {
		const char *name;
		int retval;
		} OPT_PAIR;

		/* Flags to pass into opt_format; see FORMAT_xxx, below. */
		# define OPT_FMT_PEMDER (1L << 1)
		# define OPT_FMT_PKCS12 (1L << 2)
		# define OPT_FMT_SMIME (1L << 3)
		# define OPT_FMT_ENGINE (1L << 4)
		# define OPT_FMT_MSBLOB (1L << 5)
		# define OPT_FMT_NETSCAPE (1L << 6)
		# define OPT_FMT_NSS (1L << 7)
		# define OPT_FMT_TEXT (1L << 8)
		# define OPT_FMT_HTTP (1L << 9)
		# define OPT_FMT_PVK (1L << 10)
		# define OPT_FMT_ANY ( \
		OPT_FMT_PEMDER \| OPT_FMT_PKCS12 \| OPT_FMT_SMIME \| \
		OPT_FMT_ENGINE \| OPT_FMT_MSBLOB \| OPT_FMT_NETSCAPE \| \
		OPT_FMT_NSS \| OPT_FMT_TEXT \| OPT_FMT_HTTP \| OPT_FMT_PVK)

		char opt_progname(const char argv0);
		char *opt_getprog(void);
		char opt_init(int ac, char av, const OPTIONS o);
		int opt_next();
		int opt_format(const char s, unsigned long flags, int result);
		int opt_int(const char arg, int result);
		int opt_ulong(const char arg, unsigned long result);
		int opt_long(const char arg, long result);
		int opt_pair(const char arg, const OPT_PAIR pairs, int *result);
		int opt_cipher(const char name, const EVP_CIPHER *cipherp);
		int opt_md(const char name, const EVP_MD *mdp);
		char *opt_arg(void);
		char *opt_flag(void);
		char *opt_unknown(void);
		char *opt_reset(void);
		char **opt_rest(void);
		int opt_num_rest(void);
		int opt_verify(int i, X509_VERIFY_PARAM *vpm);
		void opt_help(const OPTIONS * list);
		int opt_format_error(const char *s, unsigned long flags);
		int opt_next(void);

		typedef struct args_st {
		char **data;
		int count;
		int size;
		int argc;
		char **argv;
		} ARGS;

		# define PW_MIN_LENGTH 4
		@@ -227,53 +400,48 @@ int password_callback(char buf, int bufsiz, int verify, PW_CB_DATA cb_data);
		int setup_ui_method(void);
		void destroy_ui_method(void);

		int should_retry(int i);
		int args_from_file(char file, int argc, char **argv[]);
		int str2fmt(char *s);
		void program_name(char in, char out, int size);
		int chopup_args(ARGS arg, char buf, int argc, char *argv[]);
		int chopup_args(ARGS arg, char buf);
		# ifdef HEADER_X509_H
		int dump_cert_text(BIO out, X509 x);
		void print_name(BIO out, const char title, X509_NAME *nm,
		unsigned long lflags);
		# endif
		void print_bignum_var(BIO , BIGNUM , const char, int, unsigned char );
		void print_array(BIO , const char , int, const unsigned char *);
		int set_cert_ex(unsigned long flags, const char arg);
		int set_name_ex(unsigned long flags, const char arg);
		int set_ext_copy(int copy_type, const char arg);
		int copy_extensions(X509 x, X509_REQ req, int copy_type);
		int app_passwd(BIO err, char arg1, char arg2, char pass1, char *pass2);
		int add_oid_section(BIO err, CONF conf);
		X509 load_cert(BIO err, const char *file, int format,
		int app_passwd(char arg1, char arg2, char pass1, char pass2);
		int add_oid_section(CONF *conf);
		X509 load_cert(const char file, int format,
		const char pass, ENGINE e, const char *cert_descrip);
		X509_CRL load_crl(const char infile, int format);
		int load_cert_crl_http(const char url, BIO err,
		X509 pcert, X509_CRL pcrl);
		EVP_PKEY load_key(BIO err, const char *file, int format, int maybe_stdin,
		int load_cert_crl_http(const char url, X509 pcert, X509_CRL *pcrl);
		EVP_PKEY load_key(const char file, int format, int maybe_stdin,
		const char pass, ENGINE e, const char *key_descrip);
		EVP_PKEY load_pubkey(BIO err, const char *file, int format, int maybe_stdin,
		EVP_PKEY load_pubkey(const char file, int format, int maybe_stdin,
		const char pass, ENGINE e, const char *key_descrip);
		STACK_OF(X509) load_certs(BIO err, const char *file, int format,
		STACK_OF(X509) load_certs(const char file, int format,
		const char pass, ENGINE e,
		const char *cert_descrip);
		STACK_OF(X509_CRL) load_crls(BIO err, const char *file, int format,
		STACK_OF(X509_CRL) load_crls(const char file, int format,
		const char pass, ENGINE e,
		const char *cert_descrip);
		X509_STORE setup_verify(BIO bp, char CAfile, char CApath);
		X509_STORE setup_verify(char CAfile, char *CApath);
		int ctx_set_verify_locations(SSL_CTX *ctx,
		const char CAfile, const char CApath);
		# ifndef OPENSSL_NO_ENGINE
		ENGINE setup_engine(BIO err, const char *engine, int debug);
		ENGINE setup_engine(const char engine, int debug);
		# endif

		# ifndef OPENSSL_NO_OCSP
		OCSP_RESPONSE process_responder(BIO err, OCSP_REQUEST *req,
		OCSP_RESPONSE process_responder(OCSP_REQUEST req,
		const char host, const char path,
		const char *port, int use_ssl,
		const STACK_OF(CONF_VALUE) *headers,
		int req_timeout);
		# endif

		int load_config(BIO err, CONF cnf);
		char *make_config_name(void);

		/* Functions defined in ca.c and also used in ocsp.c */
		int unpack_revinfo(ASN1_TIME *prevtm, int preason, ASN1_OBJECT **phold,
		ASN1_GENERALIZEDTIME *pinvtm, const char str);
		@@ -318,17 +486,17 @@ int parse_yesno(const char *str, int def);

		X509_NAME parse_name(char str, long chtype, int multirdn);
		int args_verify(char **pargs, int pargc,
		int badarg, BIO err, X509_VERIFY_PARAM **pm);
		int badarg, X509_VERIFY_PARAM *pm);
		void policies_print(BIO out, X509_STORE_CTX ctx);
		int bio_to_mem(unsigned char *out, int maxlen, BIO in);
		int pkey_ctrl_string(EVP_PKEY_CTX ctx, char value);
		int init_gen_str(BIO err, EVP_PKEY_CTX *pctx,
		int init_gen_str(EVP_PKEY_CTX **pctx,
		const char algname, ENGINE e, int do_param);
		int do_X509_sign(BIO err, X509 x, EVP_PKEY pkey, const EVP_MD md,
		int do_X509_sign(X509 x, EVP_PKEY pkey, const EVP_MD *md,
		STACK_OF(OPENSSL_STRING) *sigopts);
		int do_X509_REQ_sign(BIO err, X509_REQ x, EVP_PKEY pkey, const EVP_MD md,
		int do_X509_REQ_sign(X509_REQ x, EVP_PKEY pkey, const EVP_MD *md,
		STACK_OF(OPENSSL_STRING) *sigopts);
		int do_X509_CRL_sign(BIO err, X509_CRL x, EVP_PKEY pkey, const EVP_MD md,
		int do_X509_CRL_sign(X509_CRL x, EVP_PKEY pkey, const EVP_MD *md,
		STACK_OF(OPENSSL_STRING) *sigopts);
		# ifndef OPENSSL_NO_PSK
		extern char *psk_key;
		@@ -348,6 +516,7 @@ void print_cert_checks(BIO bio, X509 x,

		void store_setup_crl_download(X509_STORE *st);

		/* See OPT_FMT_xxx, above. */
		# define FORMAT_UNDEF 0
		# define FORMAT_ASN1 1
		# define FORMAT_TEXT 2
		@@ -356,8 +525,6 @@ void store_setup_crl_download(X509_STORE *st);
		# define FORMAT_PKCS12 5
		# define FORMAT_SMIME 6
		# define FORMAT_ENGINE 7
		# define FORMAT_IISSGC 8 /* XXX this stupid macro helps us to avoid
		* adding yet another param to load_key() /
		# define FORMAT_PEMRSA 9 /* PEM RSAPubicKey format */
		# define FORMAT_ASN1RSA 10 /* DER RSAPubicKey format */
		# define FORMAT_MSBLOB 11 /* MS Key blob format */
		@@ -376,6 +543,7 @@ void store_setup_crl_download(X509_STORE *st);
		# define SERIAL_RAND_BITS 64

		int app_isdir(const char *);
		int app_access(const char *, int flag);
		int raw_read_stdin(void *, int);
		int raw_write_stdout(const void *, int);

		@@ -383,4 +551,6 @@ int raw_write_stdout(const void *, int);
		# define TM_STOP 1
		double app_tminterval(int stop, int usertime);

		# include "progs.h"

		#endif

apps/asn1pars.c

+106 −163

Original line number	Diff line number	Diff line
		/* apps/asn1pars.c */
		/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
		* All rights reserved.
		*
		@@ -70,190 +69,136 @@
		#include <openssl/x509.h>
		#include <openssl/pem.h>

		/*-
		* -inform arg - input format - default PEM (DER or PEM)
		* -in arg - input file - default stdin
		* -i - indent the details by depth
		* -offset - where in the file to start
		* -length - how many bytes to use
		* -oid file - extra oid description file
		*/

		#undef PROG
		#define PROG asn1parse_main

		int MAIN(int, char **);
		typedef enum OPTION_choice {
		OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
		OPT_INFORM, OPT_IN, OPT_OUT, OPT_INDENT, OPT_NOOUT,
		OPT_OID, OPT_OFFSET, OPT_LENGTH, OPT_DUMP, OPT_DLIMIT,
		OPT_STRPARSE, OPT_GENSTR, OPT_GENCONF, OPT_STRICTPEM
		} OPTION_CHOICE;

		OPTIONS asn1parse_options[] = {
		{"help", OPT_HELP, '-', "Display this summary"},
		{"inform", OPT_INFORM, 'F', "input format - one of DER PEM"},
		{"in", OPT_IN, '<', "input file"},
		{"out", OPT_OUT, '>', "output file (output format is always DER)"},
		{"i", OPT_INDENT, 0, "entries"},
		{"noout", OPT_NOOUT, 0, "don't produce any output"},
		{"offset", OPT_OFFSET, 'p', "offset into file"},
		{"length", OPT_LENGTH, 'p', "length of section in file"},
		{"oid", OPT_OID, '<', "file of extra oid definitions"},
		{"dump", OPT_DUMP, 0, "unknown data in hex form"},
		{"dlimit", OPT_DLIMIT, 'p',
		"dump the first arg bytes of unknown data in hex form"},
		{"strparse", OPT_STRPARSE, 's',
		"offset; a series of these can be used to 'dig'"},
		{OPT_MORE_STR, 0, 0, "into multiple ASN1 blob wrappings"},
		{"genstr", OPT_GENSTR, 's', "string to generate ASN1 structure from"},
		{"genconf", OPT_GENCONF, 's', "file to generate ASN1 structure from"},
		{OPT_MORE_STR, 0, 0, "(-inform will be ignored)"},
		{"strictpem", OPT_STRICTPEM, 0,
		"do not attempt base64 decode outside PEM markers"},
		{NULL}
		};

		static int do_generate(BIO bio, char genstr, char genconf, BUF_MEM buf);

		int MAIN(int argc, char **argv)
		int asn1parse_main(int argc, char **argv)
		{
		int i, badops = 0, offset = 0, ret = 1, j;
		unsigned int length = 0;
		long num, tmplen;
		BIO in = NULL, out = NULL, b64 = NULL, derout = NULL;
		int informat, indent = 0, noout = 0, dump = 0, strictpem = 0;
		char infile = NULL, str = NULL, prog, oidfile = NULL, *derfile =
		NULL, name = NULL, header = NULL;
		char genstr = NULL, genconf = NULL;
		unsigned char *tmpbuf;
		const unsigned char *ctmpbuf;
		ASN1_TYPE *at = NULL;
		BIO in = NULL, b64 = NULL, *derout = NULL;
		BUF_MEM *buf = NULL;
		STACK_OF(OPENSSL_STRING) *osk = NULL;
		ASN1_TYPE *at = NULL;

		informat = FORMAT_PEM;

		apps_startup();

		if (bio_err == NULL)
		if ((bio_err = BIO_new(BIO_s_file())) != NULL)
		BIO_set_fp(bio_err, stderr, BIO_NOCLOSE \| BIO_FP_TEXT);
		char genstr = NULL, genconf = NULL;
		char infile = NULL, str = NULL, oidfile = NULL, derfile = NULL;
		char name = NULL, header = NULL, *prog;
		const unsigned char *ctmpbuf;
		int indent = 0, noout = 0, dump = 0, strictpem = 0, informat = FORMAT_PEM;
		int offset = 0, ret = 1, i, j;
		long num, tmplen;
		unsigned char *tmpbuf;
		unsigned int length = 0;
		OPTION_CHOICE o;

		if (!load_config(bio_err, NULL))
		goto end;
		prog = opt_init(argc, argv, asn1parse_options);

		prog = argv[0];
		argc--;
		argv++;
		if ((osk = sk_OPENSSL_STRING_new_null()) == NULL) {
		BIO_printf(bio_err, "Memory allocation failure\n");
		BIO_printf(bio_err, "%s: Memory allocation failure\n", prog);
		goto end;
		}
		while (argc >= 1) {
		if (strcmp(*argv, "-inform") == 0) {
		if (--argc < 1)
		goto bad;
		informat = str2fmt(*(++argv));
		} else if (strcmp(*argv, "-in") == 0) {
		if (--argc < 1)
		goto bad;
		infile = *(++argv);
		} else if (strcmp(*argv, "-out") == 0) {
		if (--argc < 1)
		goto bad;
		derfile = *(++argv);
		} else if (strcmp(*argv, "-i") == 0) {

		while ((o = opt_next()) != OPT_EOF) {
		switch (o) {
		case OPT_EOF:
		case OPT_ERR:
		opthelp:
		BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
		goto end;
		case OPT_HELP:
		opt_help(asn1parse_options);
		ret = 0;
		goto end;
		case OPT_INFORM:
		if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
		goto opthelp;
		goto end;
		case OPT_IN:
		infile = opt_arg();
		break;
		case OPT_OUT:
		derfile = opt_arg();
		break;
		case OPT_INDENT:
		indent = 1;
		} else if (strcmp(*argv, "-noout") == 0)
		break;
		case OPT_NOOUT:
		noout = 1;
		else if (strcmp(*argv, "-oid") == 0) {
		if (--argc < 1)
		goto bad;
		oidfile = *(++argv);
		} else if (strcmp(*argv, "-offset") == 0) {
		if (--argc < 1)
		goto bad;
		offset = atoi(*(++argv));
		} else if (strcmp(*argv, "-length") == 0) {
		if (--argc < 1)
		goto bad;
		length = atoi(*(++argv));
		if (length == 0)
		goto bad;
		} else if (strcmp(*argv, "-dump") == 0) {
		break;
		case OPT_OID:
		oidfile = opt_arg();
		break;
		case OPT_OFFSET:
		offset = strtol(opt_arg(), NULL, 0);
		break;
		case OPT_LENGTH:
		length = atoi(opt_arg());
		break;
		case OPT_DUMP:
		dump = -1;
		} else if (strcmp(*argv, "-dlimit") == 0) {
		if (--argc < 1)
		goto bad;
		dump = atoi(*(++argv));
		if (dump <= 0)
		goto bad;
		} else if (strcmp(*argv, "-strparse") == 0) {
		if (--argc < 1)
		goto bad;
		sk_OPENSSL_STRING_push(osk, *(++argv));
		} else if (strcmp(*argv, "-genstr") == 0) {
		if (--argc < 1)
		goto bad;
		genstr = *(++argv);
		} else if (strcmp(*argv, "-genconf") == 0) {
		if (--argc < 1)
		goto bad;
		genconf = *(++argv);
		} else if (strcmp(*argv, "-strictpem") == 0) {
		break;
		case OPT_DLIMIT:
		dump = atoi(opt_arg());
		break;
		case OPT_STRPARSE:
		sk_OPENSSL_STRING_push(osk, opt_arg());
		break;
		case OPT_GENSTR:
		genstr = opt_arg();
		break;
		case OPT_GENCONF:
		genconf = opt_arg();
		break;
		case OPT_STRICTPEM:
		strictpem = 1;
		informat = FORMAT_PEM;
		} else {
		BIO_printf(bio_err, "unknown option %s\n", *argv);
		badops = 1;
		break;
		}
		argc--;
		argv++;
		}

		if (badops) {
		bad:
		BIO_printf(bio_err, "%s [options] <infile\n", prog);
		BIO_printf(bio_err, "where options are\n");
		BIO_printf(bio_err, " -inform arg input format - one of DER PEM\n");
		BIO_printf(bio_err, " -in arg input file\n");
		BIO_printf(bio_err,
		" -out arg output file (output format is always DER\n");
		BIO_printf(bio_err, " -noout arg don't produce any output\n");
		BIO_printf(bio_err, " -offset arg offset into file\n");
		BIO_printf(bio_err, " -length arg length of section in file\n");
		BIO_printf(bio_err, " -i indent entries\n");
		BIO_printf(bio_err, " -dump dump unknown data in hex form\n");
		BIO_printf(bio_err,
		" -dlimit arg dump the first arg bytes of unknown data in hex form\n");
		BIO_printf(bio_err, " -oid file file of extra oid definitions\n");
		BIO_printf(bio_err, " -strparse offset\n");
		BIO_printf(bio_err,
		" a series of these can be used to 'dig' into multiple\n");
		BIO_printf(bio_err, " ASN1 blob wrappings\n");
		BIO_printf(bio_err,
		" -genstr str string to generate ASN1 structure from\n");
		BIO_printf(bio_err,
		" -genconf file file to generate ASN1 structure from\n");
		BIO_printf(bio_err,
		" -strictpem do not attempt base64 decode outside PEM markers (-inform \n");
		BIO_printf(bio_err, " will be ignored)\n");
		goto end;
		}

		ERR_load_crypto_strings();

		in = BIO_new(BIO_s_file());
		out = BIO_new(BIO_s_file());
		if ((in == NULL) \|\| (out == NULL)) {
		ERR_print_errors(bio_err);
		goto end;
		}
		BIO_set_fp(out, stdout, BIO_NOCLOSE \| BIO_FP_TEXT);
		#ifdef OPENSSL_SYS_VMS
		{
		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
		out = BIO_push(tmpbio, out);
		}
		#endif
		argc = opt_num_rest();
		argv = opt_rest();

		if (oidfile != NULL) {
		if (BIO_read_filename(in, oidfile) <= 0) {
		BIO_printf(bio_err, "problems opening %s\n", oidfile);
		ERR_print_errors(bio_err);
		in = bio_open_default(oidfile, "r");
		if (in == NULL)
		goto end;
		}
		OBJ_create_objects(in);
		BIO_free(in);
		}

		if (infile == NULL)
		BIO_set_fp(in, stdin, BIO_NOCLOSE);
		else {
		if (BIO_read_filename(in, infile) <= 0) {
		perror(infile);
		if ((in = bio_open_default(infile, "r")) == NULL)
		goto end;
		}
		}

		if (derfile) {
		if (!(derout = BIO_new_file(derfile, "wb"))) {
		BIO_printf(bio_err, "problems opening %s\n", derfile);
		ERR_print_errors(bio_err);
		if (derfile && (derout = bio_open_default(derfile, "wb")) == NULL)
		goto end;
		}
		}

		if (strictpem) {
		if (PEM_read_bio(in, &name, &header, (unsigned char **)&str, &num) !=
		@@ -362,7 +307,7 @@ int MAIN(int argc, char **argv)
		}
		}
		if (!noout &&
		!ASN1_parse_dump(out, (unsigned char *)&(str[offset]), length,
		!ASN1_parse_dump(bio_out, (unsigned char *)&(str[offset]), length,
		indent, dump)) {
		ERR_print_errors(bio_err);
		goto end;
		@@ -371,7 +316,6 @@ int MAIN(int argc, char **argv)
		end:
		BIO_free(derout);
		BIO_free(in);
		BIO_free_all(out);
		BIO_free(b64);
		if (ret != 0)
		ERR_print_errors(bio_err);
		@@ -388,8 +332,7 @@ int MAIN(int argc, char **argv)
		if (osk != NULL)
		sk_OPENSSL_STRING_free(osk);
		OBJ_cleanup();
		apps_shutdown();
		OPENSSL_EXIT(ret);
		return (ret);
		}

		static int do_generate(BIO bio, char genstr, char genconf, BUF_MEM buf)