Home | History | Annotate | Download | only in apps
      1 /* apps/apps.h */
      2 /* Copyright (C) 1995-1998 Eric Young (eay (at) cryptsoft.com)
      3  * All rights reserved.
      4  *
      5  * This package is an SSL implementation written
      6  * by Eric Young (eay (at) cryptsoft.com).
      7  * The implementation was written so as to conform with Netscapes SSL.
      8  *
      9  * This library is free for commercial and non-commercial use as long as
     10  * the following conditions are aheared to.  The following conditions
     11  * apply to all code found in this distribution, be it the RC4, RSA,
     12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
     13  * included with this distribution is covered by the same copyright terms
     14  * except that the holder is Tim Hudson (tjh (at) cryptsoft.com).
     15  *
     16  * Copyright remains Eric Young's, and as such any Copyright notices in
     17  * the code are not to be removed.
     18  * If this package is used in a product, Eric Young should be given attribution
     19  * as the author of the parts of the library used.
     20  * This can be in the form of a textual message at program startup or
     21  * in documentation (online or textual) provided with the package.
     22  *
     23  * Redistribution and use in source and binary forms, with or without
     24  * modification, are permitted provided that the following conditions
     25  * are met:
     26  * 1. Redistributions of source code must retain the copyright
     27  *    notice, this list of conditions and the following disclaimer.
     28  * 2. Redistributions in binary form must reproduce the above copyright
     29  *    notice, this list of conditions and the following disclaimer in the
     30  *    documentation and/or other materials provided with the distribution.
     31  * 3. All advertising materials mentioning features or use of this software
     32  *    must display the following acknowledgement:
     33  *    "This product includes cryptographic software written by
     34  *     Eric Young (eay (at) cryptsoft.com)"
     35  *    The word 'cryptographic' can be left out if the rouines from the library
     36  *    being used are not cryptographic related :-).
     37  * 4. If you include any Windows specific code (or a derivative thereof) from
     38  *    the apps directory (application code) you must include an acknowledgement:
     39  *    "This product includes software written by Tim Hudson (tjh (at) cryptsoft.com)"
     40  *
     41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
     42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
     45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
     46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
     47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
     49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
     50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     51  * SUCH DAMAGE.
     52  *
     53  * The licence and distribution terms for any publically available version or
     54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
     55  * copied and put under another distribution licence
     56  * [including the GNU Public Licence.]
     57  */
     58 /* ====================================================================
     59  * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
     60  *
     61  * Redistribution and use in source and binary forms, with or without
     62  * modification, are permitted provided that the following conditions
     63  * are met:
     64  *
     65  * 1. Redistributions of source code must retain the above copyright
     66  *    notice, this list of conditions and the following disclaimer.
     67  *
     68  * 2. Redistributions in binary form must reproduce the above copyright
     69  *    notice, this list of conditions and the following disclaimer in
     70  *    the documentation and/or other materials provided with the
     71  *    distribution.
     72  *
     73  * 3. All advertising materials mentioning features or use of this
     74  *    software must display the following acknowledgment:
     75  *    "This product includes software developed by the OpenSSL Project
     76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
     77  *
     78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
     79  *    endorse or promote products derived from this software without
     80  *    prior written permission. For written permission, please contact
     81  *    openssl-core (at) openssl.org.
     82  *
     83  * 5. Products derived from this software may not be called "OpenSSL"
     84  *    nor may "OpenSSL" appear in their names without prior written
     85  *    permission of the OpenSSL Project.
     86  *
     87  * 6. Redistributions of any form whatsoever must retain the following
     88  *    acknowledgment:
     89  *    "This product includes software developed by the OpenSSL Project
     90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
     91  *
     92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
     93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
     95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
     96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
     98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
     99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
    100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
    101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
    102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
    103  * OF THE POSSIBILITY OF SUCH DAMAGE.
    104  * ====================================================================
    105  *
    106  * This product includes cryptographic software written by Eric Young
    107  * (eay (at) cryptsoft.com).  This product includes software written by Tim
    108  * Hudson (tjh (at) cryptsoft.com).
    109  *
    110  */
    111 
    112 #ifndef HEADER_APPS_H
    113 #define HEADER_APPS_H
    114 
    115 #include "e_os.h"
    116 
    117 #include <openssl/bio.h>
    118 #include <openssl/x509.h>
    119 #include <openssl/lhash.h>
    120 #include <openssl/conf.h>
    121 #include <openssl/txt_db.h>
    122 #ifndef OPENSSL_NO_ENGINE
    123 #include <openssl/engine.h>
    124 #endif
    125 #ifndef OPENSSL_NO_OCSP
    126 #include <openssl/ocsp.h>
    127 #endif
    128 #include <openssl/ossl_typ.h>
    129 
    130 int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
    131 int app_RAND_write_file(const char *file, BIO *bio_e);
    132 /* When `file' is NULL, use defaults.
    133  * `bio_e' is for error messages. */
    134 void app_RAND_allow_write_file(void);
    135 long app_RAND_load_files(char *file); /* `file' is a list of files to read,
    136                                        * separated by LIST_SEPARATOR_CHAR
    137                                        * (see e_os.h).  The string is
    138                                        * destroyed! */
    139 
    140 #ifndef MONOLITH
    141 
    142 #define MAIN(a,v)	main(a,v)
    143 
    144 #ifndef NON_MAIN
    145 CONF *config=NULL;
    146 BIO *bio_err=NULL;
    147 #else
    148 extern CONF *config;
    149 extern BIO *bio_err;
    150 #endif
    151 
    152 #else
    153 
    154 #define MAIN(a,v)	PROG(a,v)
    155 extern CONF *config;
    156 extern char *default_config_file;
    157 extern BIO *bio_err;
    158 
    159 #endif
    160 
    161 #ifndef OPENSSL_SYS_NETWARE
    162 #include <signal.h>
    163 #endif
    164 
    165 #ifdef SIGPIPE
    166 #define do_pipe_sig()	signal(SIGPIPE,SIG_IGN)
    167 #else
    168 #define do_pipe_sig()
    169 #endif
    170 
    171 #ifdef OPENSSL_NO_COMP
    172 #define zlib_cleanup()
    173 #else
    174 #define zlib_cleanup() COMP_zlib_cleanup()
    175 #endif
    176 
    177 #if defined(MONOLITH) && !defined(OPENSSL_C)
    178 #  define apps_startup() \
    179 		do_pipe_sig()
    180 #  define apps_shutdown()
    181 #else
    182 #  ifndef OPENSSL_NO_ENGINE
    183 #    define apps_startup() \
    184 			do { do_pipe_sig(); CRYPTO_malloc_init(); \
    185 			ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
    186 			ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
    187 #    define apps_shutdown() \
    188 			do { CONF_modules_unload(1); destroy_ui_method(); \
    189 			OBJ_cleanup(); EVP_cleanup(); ENGINE_cleanup(); \
    190 			CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \
    191 			ERR_free_strings(); zlib_cleanup();} while(0)
    192 #  else
    193 #    define apps_startup() \
    194 			do { do_pipe_sig(); CRYPTO_malloc_init(); \
    195 			ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
    196 			setup_ui_method(); } while(0)
    197 #    define apps_shutdown() \
    198 			do { CONF_modules_unload(1); destroy_ui_method(); \
    199 			OBJ_cleanup(); EVP_cleanup(); \
    200 			CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \
    201 			ERR_free_strings(); zlib_cleanup(); } while(0)
    202 #  endif
    203 #endif
    204 
    205 #ifdef OPENSSL_SYSNAME_WIN32
    206 #  define openssl_fdset(a,b) FD_SET((unsigned int)a, b)
    207 #else
    208 #  define openssl_fdset(a,b) FD_SET(a, b)
    209 #endif
    210 
    211 
    212 typedef struct args_st
    213 	{
    214 	char **data;
    215 	int count;
    216 	} ARGS;
    217 
    218 #define PW_MIN_LENGTH 4
    219 typedef struct pw_cb_data
    220 	{
    221 	const void *password;
    222 	const char *prompt_info;
    223 	} PW_CB_DATA;
    224 
    225 int password_callback(char *buf, int bufsiz, int verify,
    226 	PW_CB_DATA *cb_data);
    227 
    228 int setup_ui_method(void);
    229 void destroy_ui_method(void);
    230 
    231 int should_retry(int i);
    232 int args_from_file(char *file, int *argc, char **argv[]);
    233 int str2fmt(char *s);
    234 void program_name(char *in,char *out,int size);
    235 int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
    236 #ifdef HEADER_X509_H
    237 int dump_cert_text(BIO *out, X509 *x);
    238 void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags);
    239 #endif
    240 int set_cert_ex(unsigned long *flags, const char *arg);
    241 int set_name_ex(unsigned long *flags, const char *arg);
    242 int set_ext_copy(int *copy_type, const char *arg);
    243 int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
    244 int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
    245 int add_oid_section(BIO *err, CONF *conf);
    246 X509 *load_cert(BIO *err, const char *file, int format,
    247 	const char *pass, ENGINE *e, const char *cert_descrip);
    248 EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
    249 	const char *pass, ENGINE *e, const char *key_descrip);
    250 EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
    251 	const char *pass, ENGINE *e, const char *key_descrip);
    252 STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
    253 	const char *pass, ENGINE *e, const char *cert_descrip);
    254 STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format,
    255 	const char *pass, ENGINE *e, const char *cert_descrip);
    256 X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
    257 #ifndef OPENSSL_NO_ENGINE
    258 ENGINE *setup_engine(BIO *err, const char *engine, int debug);
    259 #endif
    260 
    261 #ifndef OPENSSL_NO_OCSP
    262 OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
    263 			char *host, char *path, char *port, int use_ssl,
    264 			STACK_OF(CONF_VALUE) *headers,
    265 			int req_timeout);
    266 #endif
    267 
    268 int load_config(BIO *err, CONF *cnf);
    269 char *make_config_name(void);
    270 
    271 /* Functions defined in ca.c and also used in ocsp.c */
    272 int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
    273 			ASN1_GENERALIZEDTIME **pinvtm, const char *str);
    274 
    275 #define DB_type         0
    276 #define DB_exp_date     1
    277 #define DB_rev_date     2
    278 #define DB_serial       3       /* index - unique */
    279 #define DB_file         4
    280 #define DB_name         5       /* index - unique when active and not disabled */
    281 #define DB_NUMBER       6
    282 
    283 #define DB_TYPE_REV	'R'
    284 #define DB_TYPE_EXP	'E'
    285 #define DB_TYPE_VAL	'V'
    286 
    287 typedef struct db_attr_st
    288 	{
    289 	int unique_subject;
    290 	} DB_ATTR;
    291 typedef struct ca_db_st
    292 	{
    293 	DB_ATTR attributes;
    294 	TXT_DB *db;
    295 	} CA_DB;
    296 
    297 BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai);
    298 int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai);
    299 int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix);
    300 int rand_serial(BIGNUM *b, ASN1_INTEGER *ai);
    301 CA_DB *load_index(char *dbfile, DB_ATTR *dbattr);
    302 int index_index(CA_DB *db);
    303 int save_index(const char *dbfile, const char *suffix, CA_DB *db);
    304 int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix);
    305 void free_index(CA_DB *db);
    306 #define index_name_cmp_noconst(a, b) \
    307 	index_name_cmp((const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, a), \
    308 	(const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, b))
    309 int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b);
    310 int parse_yesno(const char *str, int def);
    311 
    312 X509_NAME *parse_name(char *str, long chtype, int multirdn);
    313 int args_verify(char ***pargs, int *pargc,
    314 			int *badarg, BIO *err, X509_VERIFY_PARAM **pm);
    315 void policies_print(BIO *out, X509_STORE_CTX *ctx);
    316 int bio_to_mem(unsigned char **out, int maxlen, BIO *in);
    317 int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value);
    318 int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
    319 			const char *algname, ENGINE *e, int do_param);
    320 #ifndef OPENSSL_NO_PSK
    321 extern char *psk_key;
    322 #endif
    323 #ifndef OPENSSL_NO_JPAKE
    324 void jpake_client_auth(BIO *out, BIO *conn, const char *secret);
    325 void jpake_server_auth(BIO *out, BIO *conn, const char *secret);
    326 #endif
    327 
    328 #define FORMAT_UNDEF    0
    329 #define FORMAT_ASN1     1
    330 #define FORMAT_TEXT     2
    331 #define FORMAT_PEM      3
    332 #define FORMAT_NETSCAPE 4
    333 #define FORMAT_PKCS12   5
    334 #define FORMAT_SMIME    6
    335 #define FORMAT_ENGINE   7
    336 #define FORMAT_IISSGC	8	/* XXX this stupid macro helps us to avoid
    337 				 * adding yet another param to load_*key() */
    338 #define FORMAT_PEMRSA	9	/* PEM RSAPubicKey format */
    339 #define FORMAT_ASN1RSA	10	/* DER RSAPubicKey format */
    340 #define FORMAT_MSBLOB	11	/* MS Key blob format */
    341 #define FORMAT_PVK	12	/* MS PVK file format */
    342 
    343 #define EXT_COPY_NONE	0
    344 #define EXT_COPY_ADD	1
    345 #define EXT_COPY_ALL	2
    346 
    347 #define NETSCAPE_CERT_HDR	"certificate"
    348 
    349 #define APP_PASS_LEN	1024
    350 
    351 #define SERIAL_RAND_BITS	64
    352 
    353 int app_isdir(const char *);
    354 int raw_read_stdin(void *,int);
    355 int raw_write_stdout(const void *,int);
    356 
    357 #define TM_START	0
    358 #define TM_STOP		1
    359 double app_tminterval (int stop,int usertime);
    360 #endif
    361 
    362 #ifndef OPENSSL_NO_NEXTPROTONEG
    363 unsigned char *next_protos_parse(unsigned short *outlen, const char *in);
    364 #endif
    365