Home | History | Annotate | Download | only in apps
      1 /* apps/apps.c */
      2 /* Copyright (C) 1995-1998 Eric Young (eay (at) cryptsoft.com)
      3  * All rights reserved.
      4  *
      5  * This package is an SSL implementation written
      6  * by Eric Young (eay (at) cryptsoft.com).
      7  * The implementation was written so as to conform with Netscapes SSL.
      8  *
      9  * This library is free for commercial and non-commercial use as long as
     10  * the following conditions are aheared to.  The following conditions
     11  * apply to all code found in this distribution, be it the RC4, RSA,
     12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
     13  * included with this distribution is covered by the same copyright terms
     14  * except that the holder is Tim Hudson (tjh (at) cryptsoft.com).
     15  *
     16  * Copyright remains Eric Young's, and as such any Copyright notices in
     17  * the code are not to be removed.
     18  * If this package is used in a product, Eric Young should be given attribution
     19  * as the author of the parts of the library used.
     20  * This can be in the form of a textual message at program startup or
     21  * in documentation (online or textual) provided with the package.
     22  *
     23  * Redistribution and use in source and binary forms, with or without
     24  * modification, are permitted provided that the following conditions
     25  * are met:
     26  * 1. Redistributions of source code must retain the copyright
     27  *    notice, this list of conditions and the following disclaimer.
     28  * 2. Redistributions in binary form must reproduce the above copyright
     29  *    notice, this list of conditions and the following disclaimer in the
     30  *    documentation and/or other materials provided with the distribution.
     31  * 3. All advertising materials mentioning features or use of this software
     32  *    must display the following acknowledgement:
     33  *    "This product includes cryptographic software written by
     34  *     Eric Young (eay (at) cryptsoft.com)"
     35  *    The word 'cryptographic' can be left out if the rouines from the library
     36  *    being used are not cryptographic related :-).
     37  * 4. If you include any Windows specific code (or a derivative thereof) from
     38  *    the apps directory (application code) you must include an acknowledgement:
     39  *    "This product includes software written by Tim Hudson (tjh (at) cryptsoft.com)"
     40  *
     41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
     42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
     45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
     46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
     47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
     49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
     50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     51  * SUCH DAMAGE.
     52  *
     53  * The licence and distribution terms for any publically available version or
     54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
     55  * copied and put under another distribution licence
     56  * [including the GNU Public Licence.]
     57  */
     58 /* ====================================================================
     59  * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
     60  *
     61  * Redistribution and use in source and binary forms, with or without
     62  * modification, are permitted provided that the following conditions
     63  * are met:
     64  *
     65  * 1. Redistributions of source code must retain the above copyright
     66  *    notice, this list of conditions and the following disclaimer.
     67  *
     68  * 2. Redistributions in binary form must reproduce the above copyright
     69  *    notice, this list of conditions and the following disclaimer in
     70  *    the documentation and/or other materials provided with the
     71  *    distribution.
     72  *
     73  * 3. All advertising materials mentioning features or use of this
     74  *    software must display the following acknowledgment:
     75  *    "This product includes software developed by the OpenSSL Project
     76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
     77  *
     78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
     79  *    endorse or promote products derived from this software without
     80  *    prior written permission. For written permission, please contact
     81  *    openssl-core (at) openssl.org.
     82  *
     83  * 5. Products derived from this software may not be called "OpenSSL"
     84  *    nor may "OpenSSL" appear in their names without prior written
     85  *    permission of the OpenSSL Project.
     86  *
     87  * 6. Redistributions of any form whatsoever must retain the following
     88  *    acknowledgment:
     89  *    "This product includes software developed by the OpenSSL Project
     90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
     91  *
     92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
     93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
     95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
     96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
     98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
     99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
    100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
    101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
    102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
    103  * OF THE POSSIBILITY OF SUCH DAMAGE.
    104  * ====================================================================
    105  *
    106  * This product includes cryptographic software written by Eric Young
    107  * (eay (at) cryptsoft.com).  This product includes software written by Tim
    108  * Hudson (tjh (at) cryptsoft.com).
    109  *
    110  */
    111 
    112 #if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
    113 #define _POSIX_C_SOURCE 2	/* On VMS, you need to define this to get
    114 				   the declaration of fileno().  The value
    115 				   2 is to make sure no function defined
    116 				   in POSIX-2 is left undefined. */
    117 #endif
    118 #include <stdio.h>
    119 #include <stdlib.h>
    120 #include <string.h>
    121 #if !defined(OPENSSL_SYSNAME_WIN32) && !defined(NETWARE_CLIB)
    122 #include <strings.h>
    123 #endif
    124 #include <sys/types.h>
    125 #include <ctype.h>
    126 #include <errno.h>
    127 #include <assert.h>
    128 #include <openssl/err.h>
    129 #include <openssl/x509.h>
    130 #include <openssl/x509v3.h>
    131 #include <openssl/pem.h>
    132 #include <openssl/pkcs12.h>
    133 #include <openssl/ui.h>
    134 #include <openssl/safestack.h>
    135 #ifndef OPENSSL_NO_ENGINE
    136 #include <openssl/engine.h>
    137 #endif
    138 #ifndef OPENSSL_NO_RSA
    139 #include <openssl/rsa.h>
    140 #endif
    141 #include <openssl/bn.h>
    142 #ifndef OPENSSL_NO_JPAKE
    143 #include <openssl/jpake.h>
    144 #endif
    145 
    146 #define NON_MAIN
    147 #include "apps.h"
    148 #undef NON_MAIN
    149 
    150 #ifdef _WIN32
    151 static int WIN32_rename(const char *from, const char *to);
    152 #define rename(from,to) WIN32_rename((from),(to))
    153 #endif
    154 
    155 typedef struct {
    156 	const char *name;
    157 	unsigned long flag;
    158 	unsigned long mask;
    159 } NAME_EX_TBL;
    160 
    161 static UI_METHOD *ui_method = NULL;
    162 
    163 static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
    164 static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
    165 
    166 #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
    167 /* Looks like this stuff is worth moving into separate function */
    168 static EVP_PKEY *
    169 load_netscape_key(BIO *err, BIO *key, const char *file,
    170 		const char *key_descrip, int format);
    171 #endif
    172 
    173 int app_init(long mesgwin);
    174 #ifdef undef /* never finished - probably never will be :-) */
    175 int args_from_file(char *file, int *argc, char **argv[])
    176 	{
    177 	FILE *fp;
    178 	int num,i;
    179 	unsigned int len;
    180 	static char *buf=NULL;
    181 	static char **arg=NULL;
    182 	char *p;
    183 
    184 	fp=fopen(file,"r");
    185 	if (fp == NULL)
    186 		return(0);
    187 
    188 	if (fseek(fp,0,SEEK_END)==0)
    189 		len=ftell(fp), rewind(fp);
    190 	else	len=-1;
    191 	if (len<=0)
    192 		{
    193 		fclose(fp);
    194 		return(0);
    195 		}
    196 
    197 	*argc=0;
    198 	*argv=NULL;
    199 
    200 	if (buf != NULL) OPENSSL_free(buf);
    201 	buf=(char *)OPENSSL_malloc(len+1);
    202 	if (buf == NULL) return(0);
    203 
    204 	len=fread(buf,1,len,fp);
    205 	if (len <= 1) return(0);
    206 	buf[len]='\0';
    207 
    208 	i=0;
    209 	for (p=buf; *p; p++)
    210 		if (*p == '\n') i++;
    211 	if (arg != NULL) OPENSSL_free(arg);
    212 	arg=(char **)OPENSSL_malloc(sizeof(char *)*(i*2));
    213 
    214 	*argv=arg;
    215 	num=0;
    216 	p=buf;
    217 	for (;;)
    218 		{
    219 		if (!*p) break;
    220 		if (*p == '#') /* comment line */
    221 			{
    222 			while (*p && (*p != '\n')) p++;
    223 			continue;
    224 			}
    225 		/* else we have a line */
    226 		*(arg++)=p;
    227 		num++;
    228 		while (*p && ((*p != ' ') && (*p != '\t') && (*p != '\n')))
    229 			p++;
    230 		if (!*p) break;
    231 		if (*p == '\n')
    232 			{
    233 			*(p++)='\0';
    234 			continue;
    235 			}
    236 		/* else it is a tab or space */
    237 		p++;
    238 		while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
    239 			p++;
    240 		if (!*p) break;
    241 		if (*p == '\n')
    242 			{
    243 			p++;
    244 			continue;
    245 			}
    246 		*(arg++)=p++;
    247 		num++;
    248 		while (*p && (*p != '\n')) p++;
    249 		if (!*p) break;
    250 		/* else *p == '\n' */
    251 		*(p++)='\0';
    252 		}
    253 	*argc=num;
    254 	return(1);
    255 	}
    256 #endif
    257 
    258 int str2fmt(char *s)
    259 	{
    260 	if (s == NULL)
    261 		return FORMAT_UNDEF;
    262 	if 	((*s == 'D') || (*s == 'd'))
    263 		return(FORMAT_ASN1);
    264 	else if ((*s == 'T') || (*s == 't'))
    265 		return(FORMAT_TEXT);
    266   	else if ((*s == 'N') || (*s == 'n'))
    267   		return(FORMAT_NETSCAPE);
    268   	else if ((*s == 'S') || (*s == 's'))
    269   		return(FORMAT_SMIME);
    270  	else if ((*s == 'M') || (*s == 'm'))
    271  		return(FORMAT_MSBLOB);
    272 	else if ((*s == '1')
    273 		|| (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
    274 		|| (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
    275 		return(FORMAT_PKCS12);
    276 	else if ((*s == 'E') || (*s == 'e'))
    277 		return(FORMAT_ENGINE);
    278 	else if ((*s == 'P') || (*s == 'p'))
    279  		{
    280  		if (s[1] == 'V' || s[1] == 'v')
    281  			return FORMAT_PVK;
    282  		else
    283   			return(FORMAT_PEM);
    284  		}
    285 	else
    286 		return(FORMAT_UNDEF);
    287 	}
    288 
    289 #if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_NETWARE)
    290 void program_name(char *in, char *out, int size)
    291 	{
    292 	int i,n;
    293 	char *p=NULL;
    294 
    295 	n=strlen(in);
    296 	/* find the last '/', '\' or ':' */
    297 	for (i=n-1; i>0; i--)
    298 		{
    299 		if ((in[i] == '/') || (in[i] == '\\') || (in[i] == ':'))
    300 			{
    301 			p= &(in[i+1]);
    302 			break;
    303 			}
    304 		}
    305 	if (p == NULL)
    306 		p=in;
    307 	n=strlen(p);
    308 
    309 #if defined(OPENSSL_SYS_NETWARE)
    310    /* strip off trailing .nlm if present. */
    311    if ((n > 4) && (p[n-4] == '.') &&
    312       ((p[n-3] == 'n') || (p[n-3] == 'N')) &&
    313       ((p[n-2] == 'l') || (p[n-2] == 'L')) &&
    314       ((p[n-1] == 'm') || (p[n-1] == 'M')))
    315       n-=4;
    316 #else
    317 	/* strip off trailing .exe if present. */
    318 	if ((n > 4) && (p[n-4] == '.') &&
    319 		((p[n-3] == 'e') || (p[n-3] == 'E')) &&
    320 		((p[n-2] == 'x') || (p[n-2] == 'X')) &&
    321 		((p[n-1] == 'e') || (p[n-1] == 'E')))
    322 		n-=4;
    323 #endif
    324 
    325 	if (n > size-1)
    326 		n=size-1;
    327 
    328 	for (i=0; i<n; i++)
    329 		{
    330 		if ((p[i] >= 'A') && (p[i] <= 'Z'))
    331 			out[i]=p[i]-'A'+'a';
    332 		else
    333 			out[i]=p[i];
    334 		}
    335 	out[n]='\0';
    336 	}
    337 #else
    338 #ifdef OPENSSL_SYS_VMS
    339 void program_name(char *in, char *out, int size)
    340 	{
    341 	char *p=in, *q;
    342 	char *chars=":]>";
    343 
    344 	while(*chars != '\0')
    345 		{
    346 		q=strrchr(p,*chars);
    347 		if (q > p)
    348 			p = q + 1;
    349 		chars++;
    350 		}
    351 
    352 	q=strrchr(p,'.');
    353 	if (q == NULL)
    354 		q = p + strlen(p);
    355 	strncpy(out,p,size-1);
    356 	if (q-p >= size)
    357 		{
    358 		out[size-1]='\0';
    359 		}
    360 	else
    361 		{
    362 		out[q-p]='\0';
    363 		}
    364 	}
    365 #else
    366 void program_name(char *in, char *out, int size)
    367 	{
    368 	char *p;
    369 
    370 	p=strrchr(in,'/');
    371 	if (p != NULL)
    372 		p++;
    373 	else
    374 		p=in;
    375 	BUF_strlcpy(out,p,size);
    376 	}
    377 #endif
    378 #endif
    379 
    380 int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
    381 	{
    382 	int num,i;
    383 	char *p;
    384 
    385 	*argc=0;
    386 	*argv=NULL;
    387 
    388 	i=0;
    389 	if (arg->count == 0)
    390 		{
    391 		arg->count=20;
    392 		arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count);
    393 		}
    394 	for (i=0; i<arg->count; i++)
    395 		arg->data[i]=NULL;
    396 
    397 	num=0;
    398 	p=buf;
    399 	for (;;)
    400 		{
    401 		/* first scan over white space */
    402 		if (!*p) break;
    403 		while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
    404 			p++;
    405 		if (!*p) break;
    406 
    407 		/* The start of something good :-) */
    408 		if (num >= arg->count)
    409 			{
    410 			char **tmp_p;
    411 			int tlen = arg->count + 20;
    412 			tmp_p = (char **)OPENSSL_realloc(arg->data,
    413 				sizeof(char *)*tlen);
    414 			if (tmp_p == NULL)
    415 				return 0;
    416 			arg->data  = tmp_p;
    417 			arg->count = tlen;
    418 			/* initialize newly allocated data */
    419 			for (i = num; i < arg->count; i++)
    420 				arg->data[i] = NULL;
    421 			}
    422 		arg->data[num++]=p;
    423 
    424 		/* now look for the end of this */
    425 		if ((*p == '\'') || (*p == '\"')) /* scan for closing quote */
    426 			{
    427 			i= *(p++);
    428 			arg->data[num-1]++; /* jump over quote */
    429 			while (*p && (*p != i))
    430 				p++;
    431 			*p='\0';
    432 			}
    433 		else
    434 			{
    435 			while (*p && ((*p != ' ') &&
    436 				(*p != '\t') && (*p != '\n')))
    437 				p++;
    438 
    439 			if (*p == '\0')
    440 				p--;
    441 			else
    442 				*p='\0';
    443 			}
    444 		p++;
    445 		}
    446 	*argc=num;
    447 	*argv=arg->data;
    448 	return(1);
    449 	}
    450 
    451 #ifndef APP_INIT
    452 int app_init(long mesgwin)
    453 	{
    454 	return(1);
    455 	}
    456 #endif
    457 
    458 
    459 int dump_cert_text (BIO *out, X509 *x)
    460 {
    461 	char *p;
    462 
    463 	p=X509_NAME_oneline(X509_get_subject_name(x),NULL,0);
    464 	BIO_puts(out,"subject=");
    465 	BIO_puts(out,p);
    466 	OPENSSL_free(p);
    467 
    468 	p=X509_NAME_oneline(X509_get_issuer_name(x),NULL,0);
    469 	BIO_puts(out,"\nissuer=");
    470 	BIO_puts(out,p);
    471 	BIO_puts(out,"\n");
    472 	OPENSSL_free(p);
    473 
    474 	return 0;
    475 }
    476 
    477 static int ui_open(UI *ui)
    478 	{
    479 	return UI_method_get_opener(UI_OpenSSL())(ui);
    480 	}
    481 static int ui_read(UI *ui, UI_STRING *uis)
    482 	{
    483 	if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
    484 		&& UI_get0_user_data(ui))
    485 		{
    486 		switch(UI_get_string_type(uis))
    487 			{
    488 		case UIT_PROMPT:
    489 		case UIT_VERIFY:
    490 			{
    491 			const char *password =
    492 				((PW_CB_DATA *)UI_get0_user_data(ui))->password;
    493 			if (password && password[0] != '\0')
    494 				{
    495 				UI_set_result(ui, uis, password);
    496 				return 1;
    497 				}
    498 			}
    499 		default:
    500 			break;
    501 			}
    502 		}
    503 	return UI_method_get_reader(UI_OpenSSL())(ui, uis);
    504 	}
    505 static int ui_write(UI *ui, UI_STRING *uis)
    506 	{
    507 	if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
    508 		&& UI_get0_user_data(ui))
    509 		{
    510 		switch(UI_get_string_type(uis))
    511 			{
    512 		case UIT_PROMPT:
    513 		case UIT_VERIFY:
    514 			{
    515 			const char *password =
    516 				((PW_CB_DATA *)UI_get0_user_data(ui))->password;
    517 			if (password && password[0] != '\0')
    518 				return 1;
    519 			}
    520 		default:
    521 			break;
    522 			}
    523 		}
    524 	return UI_method_get_writer(UI_OpenSSL())(ui, uis);
    525 	}
    526 static int ui_close(UI *ui)
    527 	{
    528 	return UI_method_get_closer(UI_OpenSSL())(ui);
    529 	}
    530 int setup_ui_method(void)
    531 	{
    532 	ui_method = UI_create_method("OpenSSL application user interface");
    533 	UI_method_set_opener(ui_method, ui_open);
    534 	UI_method_set_reader(ui_method, ui_read);
    535 	UI_method_set_writer(ui_method, ui_write);
    536 	UI_method_set_closer(ui_method, ui_close);
    537 	return 0;
    538 	}
    539 void destroy_ui_method(void)
    540 	{
    541 	if(ui_method)
    542 		{
    543 		UI_destroy_method(ui_method);
    544 		ui_method = NULL;
    545 		}
    546 	}
    547 int password_callback(char *buf, int bufsiz, int verify,
    548 	PW_CB_DATA *cb_tmp)
    549 	{
    550 	UI *ui = NULL;
    551 	int res = 0;
    552 	const char *prompt_info = NULL;
    553 	const char *password = NULL;
    554 	PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;
    555 
    556 	if (cb_data)
    557 		{
    558 		if (cb_data->password)
    559 			password = cb_data->password;
    560 		if (cb_data->prompt_info)
    561 			prompt_info = cb_data->prompt_info;
    562 		}
    563 
    564 	if (password)
    565 		{
    566 		res = strlen(password);
    567 		if (res > bufsiz)
    568 			res = bufsiz;
    569 		memcpy(buf, password, res);
    570 		return res;
    571 		}
    572 
    573 	ui = UI_new_method(ui_method);
    574 	if (ui)
    575 		{
    576 		int ok = 0;
    577 		char *buff = NULL;
    578 		int ui_flags = 0;
    579 		char *prompt = NULL;
    580 
    581 		prompt = UI_construct_prompt(ui, "pass phrase",
    582 			prompt_info);
    583 
    584 		ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
    585 		UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
    586 
    587 		if (ok >= 0)
    588 			ok = UI_add_input_string(ui,prompt,ui_flags,buf,
    589 				PW_MIN_LENGTH,BUFSIZ-1);
    590 		if (ok >= 0 && verify)
    591 			{
    592 			buff = (char *)OPENSSL_malloc(bufsiz);
    593 			ok = UI_add_verify_string(ui,prompt,ui_flags,buff,
    594 				PW_MIN_LENGTH,BUFSIZ-1, buf);
    595 			}
    596 		if (ok >= 0)
    597 			do
    598 				{
    599 				ok = UI_process(ui);
    600 				}
    601 			while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
    602 
    603 		if (buff)
    604 			{
    605 			OPENSSL_cleanse(buff,(unsigned int)bufsiz);
    606 			OPENSSL_free(buff);
    607 			}
    608 
    609 		if (ok >= 0)
    610 			res = strlen(buf);
    611 		if (ok == -1)
    612 			{
    613 			BIO_printf(bio_err, "User interface error\n");
    614 			ERR_print_errors(bio_err);
    615 			OPENSSL_cleanse(buf,(unsigned int)bufsiz);
    616 			res = 0;
    617 			}
    618 		if (ok == -2)
    619 			{
    620 			BIO_printf(bio_err,"aborted!\n");
    621 			OPENSSL_cleanse(buf,(unsigned int)bufsiz);
    622 			res = 0;
    623 			}
    624 		UI_free(ui);
    625 		OPENSSL_free(prompt);
    626 		}
    627 	return res;
    628 	}
    629 
    630 static char *app_get_pass(BIO *err, char *arg, int keepbio);
    631 
    632 int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2)
    633 {
    634 	int same;
    635 	if(!arg2 || !arg1 || strcmp(arg1, arg2)) same = 0;
    636 	else same = 1;
    637 	if(arg1) {
    638 		*pass1 = app_get_pass(err, arg1, same);
    639 		if(!*pass1) return 0;
    640 	} else if(pass1) *pass1 = NULL;
    641 	if(arg2) {
    642 		*pass2 = app_get_pass(err, arg2, same ? 2 : 0);
    643 		if(!*pass2) return 0;
    644 	} else if(pass2) *pass2 = NULL;
    645 	return 1;
    646 }
    647 
    648 static char *app_get_pass(BIO *err, char *arg, int keepbio)
    649 {
    650 	char *tmp, tpass[APP_PASS_LEN];
    651 	static BIO *pwdbio = NULL;
    652 	int i;
    653 	if(!strncmp(arg, "pass:", 5)) return BUF_strdup(arg + 5);
    654 	if(!strncmp(arg, "env:", 4)) {
    655 		tmp = getenv(arg + 4);
    656 		if(!tmp) {
    657 			BIO_printf(err, "Can't read environment variable %s\n", arg + 4);
    658 			return NULL;
    659 		}
    660 		return BUF_strdup(tmp);
    661 	}
    662 	if(!keepbio || !pwdbio) {
    663 		if(!strncmp(arg, "file:", 5)) {
    664 			pwdbio = BIO_new_file(arg + 5, "r");
    665 			if(!pwdbio) {
    666 				BIO_printf(err, "Can't open file %s\n", arg + 5);
    667 				return NULL;
    668 			}
    669 #if !defined(_WIN32)
    670 		/*
    671 		 * Under _WIN32, which covers even Win64 and CE, file
    672 		 * descriptors referenced by BIO_s_fd are not inherited
    673 		 * by child process and therefore below is not an option.
    674 		 * It could have been an option if bss_fd.c was operating
    675 		 * on real Windows descriptors, such as those obtained
    676 		 * with CreateFile.
    677 		 */
    678 		} else if(!strncmp(arg, "fd:", 3)) {
    679 			BIO *btmp;
    680 			i = atoi(arg + 3);
    681 			if(i >= 0) pwdbio = BIO_new_fd(i, BIO_NOCLOSE);
    682 			if((i < 0) || !pwdbio) {
    683 				BIO_printf(err, "Can't access file descriptor %s\n", arg + 3);
    684 				return NULL;
    685 			}
    686 			/* Can't do BIO_gets on an fd BIO so add a buffering BIO */
    687 			btmp = BIO_new(BIO_f_buffer());
    688 			pwdbio = BIO_push(btmp, pwdbio);
    689 #endif
    690 		} else if(!strcmp(arg, "stdin")) {
    691 			pwdbio = BIO_new_fp(stdin, BIO_NOCLOSE);
    692 			if(!pwdbio) {
    693 				BIO_printf(err, "Can't open BIO for stdin\n");
    694 				return NULL;
    695 			}
    696 		} else {
    697 			BIO_printf(err, "Invalid password argument \"%s\"\n", arg);
    698 			return NULL;
    699 		}
    700 	}
    701 	i = BIO_gets(pwdbio, tpass, APP_PASS_LEN);
    702 	if(keepbio != 1) {
    703 		BIO_free_all(pwdbio);
    704 		pwdbio = NULL;
    705 	}
    706 	if(i <= 0) {
    707 		BIO_printf(err, "Error reading password from BIO\n");
    708 		return NULL;
    709 	}
    710 	tmp = strchr(tpass, '\n');
    711 	if(tmp) *tmp = 0;
    712 	return BUF_strdup(tpass);
    713 }
    714 
    715 int add_oid_section(BIO *err, CONF *conf)
    716 {
    717 	char *p;
    718 	STACK_OF(CONF_VALUE) *sktmp;
    719 	CONF_VALUE *cnf;
    720 	int i;
    721 	if(!(p=NCONF_get_string(conf,NULL,"oid_section")))
    722 		{
    723 		ERR_clear_error();
    724 		return 1;
    725 		}
    726 	if(!(sktmp = NCONF_get_section(conf, p))) {
    727 		BIO_printf(err, "problem loading oid section %s\n", p);
    728 		return 0;
    729 	}
    730 	for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
    731 		cnf = sk_CONF_VALUE_value(sktmp, i);
    732 		if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
    733 			BIO_printf(err, "problem creating object %s=%s\n",
    734 							 cnf->name, cnf->value);
    735 			return 0;
    736 		}
    737 	}
    738 	return 1;
    739 }
    740 
    741 static int load_pkcs12(BIO *err, BIO *in, const char *desc,
    742 		pem_password_cb *pem_cb,  void *cb_data,
    743 		EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
    744 	{
    745  	const char *pass;
    746 	char tpass[PEM_BUFSIZE];
    747 	int len, ret = 0;
    748 	PKCS12 *p12;
    749 	p12 = d2i_PKCS12_bio(in, NULL);
    750 	if (p12 == NULL)
    751 		{
    752 		BIO_printf(err, "Error loading PKCS12 file for %s\n", desc);
    753 		goto die;
    754 		}
    755 	/* See if an empty password will do */
    756 	if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0))
    757 		pass = "";
    758 	else
    759 		{
    760 		if (!pem_cb)
    761 			pem_cb = (pem_password_cb *)password_callback;
    762 		len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data);
    763 		if (len < 0)
    764 			{
    765 			BIO_printf(err, "Passpharse callback error for %s\n",
    766 					desc);
    767 			goto die;
    768 			}
    769 		if (len < PEM_BUFSIZE)
    770 			tpass[len] = 0;
    771 		if (!PKCS12_verify_mac(p12, tpass, len))
    772 			{
    773 			BIO_printf(err,
    774 	"Mac verify error (wrong password?) in PKCS12 file for %s\n", desc);
    775 			goto die;
    776 			}
    777 		pass = tpass;
    778 		}
    779 	ret = PKCS12_parse(p12, pass, pkey, cert, ca);
    780 	die:
    781 	if (p12)
    782 		PKCS12_free(p12);
    783 	return ret;
    784 	}
    785 
    786 X509 *load_cert(BIO *err, const char *file, int format,
    787 	const char *pass, ENGINE *e, const char *cert_descrip)
    788 	{
    789 	X509 *x=NULL;
    790 	BIO *cert;
    791 
    792 	if ((cert=BIO_new(BIO_s_file())) == NULL)
    793 		{
    794 		ERR_print_errors(err);
    795 		goto end;
    796 		}
    797 
    798 	if (file == NULL)
    799 		{
    800 #ifdef _IONBF
    801 # ifndef OPENSSL_NO_SETVBUF_IONBF
    802 		setvbuf(stdin, NULL, _IONBF, 0);
    803 # endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
    804 #endif
    805 		BIO_set_fp(cert,stdin,BIO_NOCLOSE);
    806 		}
    807 	else
    808 		{
    809 		if (BIO_read_filename(cert,file) <= 0)
    810 			{
    811 			BIO_printf(err, "Error opening %s %s\n",
    812 				cert_descrip, file);
    813 			ERR_print_errors(err);
    814 			goto end;
    815 			}
    816 		}
    817 
    818 	if 	(format == FORMAT_ASN1)
    819 		x=d2i_X509_bio(cert,NULL);
    820 	else if (format == FORMAT_NETSCAPE)
    821 		{
    822 		NETSCAPE_X509 *nx;
    823 		nx=ASN1_item_d2i_bio(ASN1_ITEM_rptr(NETSCAPE_X509),cert,NULL);
    824 		if (nx == NULL)
    825 				goto end;
    826 
    827 		if ((strncmp(NETSCAPE_CERT_HDR,(char *)nx->header->data,
    828 			nx->header->length) != 0))
    829 			{
    830 			NETSCAPE_X509_free(nx);
    831 			BIO_printf(err,"Error reading header on certificate\n");
    832 			goto end;
    833 			}
    834 		x=nx->cert;
    835 		nx->cert = NULL;
    836 		NETSCAPE_X509_free(nx);
    837 		}
    838 	else if (format == FORMAT_PEM)
    839 		x=PEM_read_bio_X509_AUX(cert,NULL,
    840 			(pem_password_cb *)password_callback, NULL);
    841 	else if (format == FORMAT_PKCS12)
    842 		{
    843 		if (!load_pkcs12(err, cert,cert_descrip, NULL, NULL,
    844 					NULL, &x, NULL))
    845 			goto end;
    846 		}
    847 	else	{
    848 		BIO_printf(err,"bad input format specified for %s\n",
    849 			cert_descrip);
    850 		goto end;
    851 		}
    852 end:
    853 	if (x == NULL)
    854 		{
    855 		BIO_printf(err,"unable to load certificate\n");
    856 		ERR_print_errors(err);
    857 		}
    858 	if (cert != NULL) BIO_free(cert);
    859 	return(x);
    860 	}
    861 
    862 EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
    863 	const char *pass, ENGINE *e, const char *key_descrip)
    864 	{
    865 	BIO *key=NULL;
    866 	EVP_PKEY *pkey=NULL;
    867 	PW_CB_DATA cb_data;
    868 
    869 	cb_data.password = pass;
    870 	cb_data.prompt_info = file;
    871 
    872 	if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE))
    873 		{
    874 		BIO_printf(err,"no keyfile specified\n");
    875 		goto end;
    876 		}
    877 #ifndef OPENSSL_NO_ENGINE
    878 	if (format == FORMAT_ENGINE)
    879 		{
    880 		if (!e)
    881 			BIO_printf(err,"no engine specified\n");
    882 		else
    883 			{
    884 			pkey = ENGINE_load_private_key(e, file,
    885 				ui_method, &cb_data);
    886 			if (!pkey)
    887 				{
    888 				BIO_printf(err,"cannot load %s from engine\n",key_descrip);
    889 				ERR_print_errors(err);
    890 				}
    891 			}
    892 		goto end;
    893 		}
    894 #endif
    895 	key=BIO_new(BIO_s_file());
    896 	if (key == NULL)
    897 		{
    898 		ERR_print_errors(err);
    899 		goto end;
    900 		}
    901 	if (file == NULL && maybe_stdin)
    902 		{
    903 #ifdef _IONBF
    904 # ifndef OPENSSL_NO_SETVBUF_IONBF
    905 		setvbuf(stdin, NULL, _IONBF, 0);
    906 # endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
    907 #endif
    908 		BIO_set_fp(key,stdin,BIO_NOCLOSE);
    909 		}
    910 	else
    911 		if (BIO_read_filename(key,file) <= 0)
    912 			{
    913 			BIO_printf(err, "Error opening %s %s\n",
    914 				key_descrip, file);
    915 			ERR_print_errors(err);
    916 			goto end;
    917 			}
    918 	if (format == FORMAT_ASN1)
    919 		{
    920 		pkey=d2i_PrivateKey_bio(key, NULL);
    921 		}
    922 	else if (format == FORMAT_PEM)
    923 		{
    924 		pkey=PEM_read_bio_PrivateKey(key,NULL,
    925 			(pem_password_cb *)password_callback, &cb_data);
    926 		}
    927 #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
    928 	else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
    929 		pkey = load_netscape_key(err, key, file, key_descrip, format);
    930 #endif
    931 	else if (format == FORMAT_PKCS12)
    932 		{
    933 		if (!load_pkcs12(err, key, key_descrip,
    934 				(pem_password_cb *)password_callback, &cb_data,
    935 				&pkey, NULL, NULL))
    936 			goto end;
    937 		}
    938 #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) && !defined (OPENSSL_NO_RC4)
    939 	else if (format == FORMAT_MSBLOB)
    940 		pkey = b2i_PrivateKey_bio(key);
    941 	else if (format == FORMAT_PVK)
    942 		pkey = b2i_PVK_bio(key, (pem_password_cb *)password_callback,
    943 								&cb_data);
    944 #endif
    945 	else
    946 		{
    947 		BIO_printf(err,"bad input format specified for key file\n");
    948 		goto end;
    949 		}
    950  end:
    951 	if (key != NULL) BIO_free(key);
    952 	if (pkey == NULL)
    953 		{
    954 		BIO_printf(err,"unable to load %s\n", key_descrip);
    955 		ERR_print_errors(err);
    956 		}
    957 	return(pkey);
    958 	}
    959 
    960 EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
    961 	const char *pass, ENGINE *e, const char *key_descrip)
    962 	{
    963 	BIO *key=NULL;
    964 	EVP_PKEY *pkey=NULL;
    965 	PW_CB_DATA cb_data;
    966 
    967 	cb_data.password = pass;
    968 	cb_data.prompt_info = file;
    969 
    970 	if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE))
    971 		{
    972 		BIO_printf(err,"no keyfile specified\n");
    973 		goto end;
    974 		}
    975 #ifndef OPENSSL_NO_ENGINE
    976 	if (format == FORMAT_ENGINE)
    977 		{
    978 		if (!e)
    979 			BIO_printf(bio_err,"no engine specified\n");
    980 		else
    981 			pkey = ENGINE_load_public_key(e, file,
    982 				ui_method, &cb_data);
    983 		goto end;
    984 		}
    985 #endif
    986 	key=BIO_new(BIO_s_file());
    987 	if (key == NULL)
    988 		{
    989 		ERR_print_errors(err);
    990 		goto end;
    991 		}
    992 	if (file == NULL && maybe_stdin)
    993 		{
    994 #ifdef _IONBF
    995 # ifndef OPENSSL_NO_SETVBUF_IONBF
    996 		setvbuf(stdin, NULL, _IONBF, 0);
    997 # endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
    998 #endif
    999 		BIO_set_fp(key,stdin,BIO_NOCLOSE);
   1000 		}
   1001 	else
   1002 		if (BIO_read_filename(key,file) <= 0)
   1003 			{
   1004 			BIO_printf(err, "Error opening %s %s\n",
   1005 				key_descrip, file);
   1006 			ERR_print_errors(err);
   1007 			goto end;
   1008 		}
   1009 	if (format == FORMAT_ASN1)
   1010 		{
   1011 		pkey=d2i_PUBKEY_bio(key, NULL);
   1012 		}
   1013 #ifndef OPENSSL_NO_RSA
   1014 	else if (format == FORMAT_ASN1RSA)
   1015 		{
   1016 		RSA *rsa;
   1017 		rsa = d2i_RSAPublicKey_bio(key, NULL);
   1018 		if (rsa)
   1019 			{
   1020 			pkey = EVP_PKEY_new();
   1021 			if (pkey)
   1022 				EVP_PKEY_set1_RSA(pkey, rsa);
   1023 			RSA_free(rsa);
   1024 			}
   1025 		else
   1026 			pkey = NULL;
   1027 		}
   1028 	else if (format == FORMAT_PEMRSA)
   1029 		{
   1030 		RSA *rsa;
   1031 		rsa = PEM_read_bio_RSAPublicKey(key, NULL,
   1032 			(pem_password_cb *)password_callback, &cb_data);
   1033 		if (rsa)
   1034 			{
   1035 			pkey = EVP_PKEY_new();
   1036 			if (pkey)
   1037 				EVP_PKEY_set1_RSA(pkey, rsa);
   1038 			RSA_free(rsa);
   1039 			}
   1040 		else
   1041 			pkey = NULL;
   1042 		}
   1043 #endif
   1044 	else if (format == FORMAT_PEM)
   1045 		{
   1046 		pkey=PEM_read_bio_PUBKEY(key,NULL,
   1047 			(pem_password_cb *)password_callback, &cb_data);
   1048 		}
   1049 #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
   1050 	else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
   1051 		pkey = load_netscape_key(err, key, file, key_descrip, format);
   1052 #endif
   1053 #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
   1054 	else if (format == FORMAT_MSBLOB)
   1055 		pkey = b2i_PublicKey_bio(key);
   1056 #endif
   1057 	else
   1058 		{
   1059 		BIO_printf(err,"bad input format specified for key file\n");
   1060 		goto end;
   1061 		}
   1062  end:
   1063 	if (key != NULL) BIO_free(key);
   1064 	if (pkey == NULL)
   1065 		BIO_printf(err,"unable to load %s\n", key_descrip);
   1066 	return(pkey);
   1067 	}
   1068 
   1069 #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
   1070 static EVP_PKEY *
   1071 load_netscape_key(BIO *err, BIO *key, const char *file,
   1072 		const char *key_descrip, int format)
   1073 	{
   1074 	EVP_PKEY *pkey;
   1075 	BUF_MEM *buf;
   1076 	RSA	*rsa;
   1077 	const unsigned char *p;
   1078 	int size, i;
   1079 
   1080 	buf=BUF_MEM_new();
   1081 	pkey = EVP_PKEY_new();
   1082 	size = 0;
   1083 	if (buf == NULL || pkey == NULL)
   1084 		goto error;
   1085 	for (;;)
   1086 		{
   1087 		if (!BUF_MEM_grow_clean(buf,size+1024*10))
   1088 			goto error;
   1089 		i = BIO_read(key, &(buf->data[size]), 1024*10);
   1090 		size += i;
   1091 		if (i == 0)
   1092 			break;
   1093 		if (i < 0)
   1094 			{
   1095 				BIO_printf(err, "Error reading %s %s",
   1096 					key_descrip, file);
   1097 				goto error;
   1098 			}
   1099 		}
   1100 	p=(unsigned char *)buf->data;
   1101 	rsa = d2i_RSA_NET(NULL,&p,(long)size,NULL,
   1102 		(format == FORMAT_IISSGC ? 1 : 0));
   1103 	if (rsa == NULL)
   1104 		goto error;
   1105 	BUF_MEM_free(buf);
   1106 	EVP_PKEY_set1_RSA(pkey, rsa);
   1107 	return pkey;
   1108 error:
   1109 	BUF_MEM_free(buf);
   1110 	EVP_PKEY_free(pkey);
   1111 	return NULL;
   1112 	}
   1113 #endif /* ndef OPENSSL_NO_RC4 */
   1114 
   1115 static int load_certs_crls(BIO *err, const char *file, int format,
   1116 	const char *pass, ENGINE *e, const char *desc,
   1117 	STACK_OF(X509) **pcerts, STACK_OF(X509_CRL) **pcrls)
   1118 	{
   1119 	int i;
   1120 	BIO *bio;
   1121 	STACK_OF(X509_INFO) *xis = NULL;
   1122 	X509_INFO *xi;
   1123 	PW_CB_DATA cb_data;
   1124 	int rv = 0;
   1125 
   1126 	cb_data.password = pass;
   1127 	cb_data.prompt_info = file;
   1128 
   1129 	if (format != FORMAT_PEM)
   1130 		{
   1131 		BIO_printf(err,"bad input format specified for %s\n", desc);
   1132 		return 0;
   1133 		}
   1134 
   1135 	if (file == NULL)
   1136 		bio = BIO_new_fp(stdin,BIO_NOCLOSE);
   1137 	else
   1138 		bio = BIO_new_file(file, "r");
   1139 
   1140 	if (bio == NULL)
   1141 		{
   1142 		BIO_printf(err, "Error opening %s %s\n",
   1143 				desc, file ? file : "stdin");
   1144 		ERR_print_errors(err);
   1145 		return 0;
   1146 		}
   1147 
   1148 	xis = PEM_X509_INFO_read_bio(bio, NULL,
   1149 				(pem_password_cb *)password_callback, &cb_data);
   1150 
   1151 	BIO_free(bio);
   1152 
   1153 	if (pcerts)
   1154 		{
   1155 		*pcerts = sk_X509_new_null();
   1156 		if (!*pcerts)
   1157 			goto end;
   1158 		}
   1159 
   1160 	if (pcrls)
   1161 		{
   1162 		*pcrls = sk_X509_CRL_new_null();
   1163 		if (!*pcrls)
   1164 			goto end;
   1165 		}
   1166 
   1167 	for(i = 0; i < sk_X509_INFO_num(xis); i++)
   1168 		{
   1169 		xi = sk_X509_INFO_value (xis, i);
   1170 		if (xi->x509 && pcerts)
   1171 			{
   1172 			if (!sk_X509_push(*pcerts, xi->x509))
   1173 				goto end;
   1174 			xi->x509 = NULL;
   1175 			}
   1176 		if (xi->crl && pcrls)
   1177 			{
   1178 			if (!sk_X509_CRL_push(*pcrls, xi->crl))
   1179 				goto end;
   1180 			xi->crl = NULL;
   1181 			}
   1182 		}
   1183 
   1184 	if (pcerts && sk_X509_num(*pcerts) > 0)
   1185 		rv = 1;
   1186 
   1187 	if (pcrls && sk_X509_CRL_num(*pcrls) > 0)
   1188 		rv = 1;
   1189 
   1190 	end:
   1191 
   1192 	if (xis)
   1193 		sk_X509_INFO_pop_free(xis, X509_INFO_free);
   1194 
   1195 	if (rv == 0)
   1196 		{
   1197 		if (pcerts)
   1198 			{
   1199 			sk_X509_pop_free(*pcerts, X509_free);
   1200 			*pcerts = NULL;
   1201 			}
   1202 		if (pcrls)
   1203 			{
   1204 			sk_X509_CRL_pop_free(*pcrls, X509_CRL_free);
   1205 			*pcrls = NULL;
   1206 			}
   1207 		BIO_printf(err,"unable to load %s\n",
   1208 				pcerts ? "certificates" : "CRLs");
   1209 		ERR_print_errors(err);
   1210 		}
   1211 	return rv;
   1212 	}
   1213 
   1214 STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
   1215 	const char *pass, ENGINE *e, const char *desc)
   1216 	{
   1217 	STACK_OF(X509) *certs;
   1218 	if (!load_certs_crls(err, file, format, pass, e, desc, &certs, NULL))
   1219 		return NULL;
   1220 	return certs;
   1221 	}
   1222 
   1223 STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format,
   1224 	const char *pass, ENGINE *e, const char *desc)
   1225 	{
   1226 	STACK_OF(X509_CRL) *crls;
   1227 	if (!load_certs_crls(err, file, format, pass, e, desc, NULL, &crls))
   1228 		return NULL;
   1229 	return crls;
   1230 	}
   1231 
   1232 #define X509V3_EXT_UNKNOWN_MASK		(0xfL << 16)
   1233 /* Return error for unknown extensions */
   1234 #define X509V3_EXT_DEFAULT		0
   1235 /* Print error for unknown extensions */
   1236 #define X509V3_EXT_ERROR_UNKNOWN	(1L << 16)
   1237 /* ASN1 parse unknown extensions */
   1238 #define X509V3_EXT_PARSE_UNKNOWN	(2L << 16)
   1239 /* BIO_dump unknown extensions */
   1240 #define X509V3_EXT_DUMP_UNKNOWN		(3L << 16)
   1241 
   1242 #define X509_FLAG_CA (X509_FLAG_NO_ISSUER | X509_FLAG_NO_PUBKEY | \
   1243 			 X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION)
   1244 
   1245 int set_cert_ex(unsigned long *flags, const char *arg)
   1246 {
   1247 	static const NAME_EX_TBL cert_tbl[] = {
   1248 		{ "compatible", X509_FLAG_COMPAT, 0xffffffffl},
   1249 		{ "ca_default", X509_FLAG_CA, 0xffffffffl},
   1250 		{ "no_header", X509_FLAG_NO_HEADER, 0},
   1251 		{ "no_version", X509_FLAG_NO_VERSION, 0},
   1252 		{ "no_serial", X509_FLAG_NO_SERIAL, 0},
   1253 		{ "no_signame", X509_FLAG_NO_SIGNAME, 0},
   1254 		{ "no_validity", X509_FLAG_NO_VALIDITY, 0},
   1255 		{ "no_subject", X509_FLAG_NO_SUBJECT, 0},
   1256 		{ "no_issuer", X509_FLAG_NO_ISSUER, 0},
   1257 		{ "no_pubkey", X509_FLAG_NO_PUBKEY, 0},
   1258 		{ "no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
   1259 		{ "no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
   1260 		{ "no_aux", X509_FLAG_NO_AUX, 0},
   1261 		{ "no_attributes", X509_FLAG_NO_ATTRIBUTES, 0},
   1262 		{ "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
   1263 		{ "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
   1264 		{ "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
   1265 		{ "ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
   1266 		{ NULL, 0, 0}
   1267 	};
   1268 	return set_multi_opts(flags, arg, cert_tbl);
   1269 }
   1270 
   1271 int set_name_ex(unsigned long *flags, const char *arg)
   1272 {
   1273 	static const NAME_EX_TBL ex_tbl[] = {
   1274 		{ "esc_2253", ASN1_STRFLGS_ESC_2253, 0},
   1275 		{ "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
   1276 		{ "esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
   1277 		{ "use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
   1278 		{ "utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},
   1279 		{ "ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},
   1280 		{ "show_type", ASN1_STRFLGS_SHOW_TYPE, 0},
   1281 		{ "dump_all", ASN1_STRFLGS_DUMP_ALL, 0},
   1282 		{ "dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},
   1283 		{ "dump_der", ASN1_STRFLGS_DUMP_DER, 0},
   1284 		{ "compat", XN_FLAG_COMPAT, 0xffffffffL},
   1285 		{ "sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},
   1286 		{ "sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},
   1287 		{ "sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},
   1288 		{ "sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},
   1289 		{ "dn_rev", XN_FLAG_DN_REV, 0},
   1290 		{ "nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
   1291 		{ "sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
   1292 		{ "lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
   1293 		{ "align", XN_FLAG_FN_ALIGN, 0},
   1294 		{ "oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
   1295 		{ "space_eq", XN_FLAG_SPC_EQ, 0},
   1296 		{ "dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
   1297 		{ "RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
   1298 		{ "oneline", XN_FLAG_ONELINE, 0xffffffffL},
   1299 		{ "multiline", XN_FLAG_MULTILINE, 0xffffffffL},
   1300 		{ "ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
   1301 		{ NULL, 0, 0}
   1302 	};
   1303 	return set_multi_opts(flags, arg, ex_tbl);
   1304 }
   1305 
   1306 int set_ext_copy(int *copy_type, const char *arg)
   1307 {
   1308 	if (!strcasecmp(arg, "none"))
   1309 		*copy_type = EXT_COPY_NONE;
   1310 	else if (!strcasecmp(arg, "copy"))
   1311 		*copy_type = EXT_COPY_ADD;
   1312 	else if (!strcasecmp(arg, "copyall"))
   1313 		*copy_type = EXT_COPY_ALL;
   1314 	else
   1315 		return 0;
   1316 	return 1;
   1317 }
   1318 
   1319 int copy_extensions(X509 *x, X509_REQ *req, int copy_type)
   1320 {
   1321 	STACK_OF(X509_EXTENSION) *exts = NULL;
   1322 	X509_EXTENSION *ext, *tmpext;
   1323 	ASN1_OBJECT *obj;
   1324 	int i, idx, ret = 0;
   1325 	if (!x || !req || (copy_type == EXT_COPY_NONE))
   1326 		return 1;
   1327 	exts = X509_REQ_get_extensions(req);
   1328 
   1329 	for(i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
   1330 		ext = sk_X509_EXTENSION_value(exts, i);
   1331 		obj = X509_EXTENSION_get_object(ext);
   1332 		idx = X509_get_ext_by_OBJ(x, obj, -1);
   1333 		/* Does extension exist? */
   1334 		if (idx != -1) {
   1335 			/* If normal copy don't override existing extension */
   1336 			if (copy_type == EXT_COPY_ADD)
   1337 				continue;
   1338 			/* Delete all extensions of same type */
   1339 			do {
   1340 				tmpext = X509_get_ext(x, idx);
   1341 				X509_delete_ext(x, idx);
   1342 				X509_EXTENSION_free(tmpext);
   1343 				idx = X509_get_ext_by_OBJ(x, obj, -1);
   1344 			} while (idx != -1);
   1345 		}
   1346 		if (!X509_add_ext(x, ext, -1))
   1347 			goto end;
   1348 	}
   1349 
   1350 	ret = 1;
   1351 
   1352 	end:
   1353 
   1354 	sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
   1355 
   1356 	return ret;
   1357 }
   1358 
   1359 
   1360 
   1361 
   1362 static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
   1363 {
   1364 	STACK_OF(CONF_VALUE) *vals;
   1365 	CONF_VALUE *val;
   1366 	int i, ret = 1;
   1367 	if(!arg) return 0;
   1368 	vals = X509V3_parse_list(arg);
   1369 	for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
   1370 		val = sk_CONF_VALUE_value(vals, i);
   1371 		if (!set_table_opts(flags, val->name, in_tbl))
   1372 			ret = 0;
   1373 	}
   1374 	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
   1375 	return ret;
   1376 }
   1377 
   1378 static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
   1379 {
   1380 	char c;
   1381 	const NAME_EX_TBL *ptbl;
   1382 	c = arg[0];
   1383 
   1384 	if(c == '-') {
   1385 		c = 0;
   1386 		arg++;
   1387 	} else if (c == '+') {
   1388 		c = 1;
   1389 		arg++;
   1390 	} else c = 1;
   1391 
   1392 	for(ptbl = in_tbl; ptbl->name; ptbl++) {
   1393 		if(!strcasecmp(arg, ptbl->name)) {
   1394 			*flags &= ~ptbl->mask;
   1395 			if(c) *flags |= ptbl->flag;
   1396 			else *flags &= ~ptbl->flag;
   1397 			return 1;
   1398 		}
   1399 	}
   1400 	return 0;
   1401 }
   1402 
   1403 void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags)
   1404 {
   1405 	char *buf;
   1406 	char mline = 0;
   1407 	int indent = 0;
   1408 
   1409 	if(title) BIO_puts(out, title);
   1410 	if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
   1411 		mline = 1;
   1412 		indent = 4;
   1413 	}
   1414 	if(lflags == XN_FLAG_COMPAT) {
   1415 		buf = X509_NAME_oneline(nm, 0, 0);
   1416 		BIO_puts(out, buf);
   1417 		BIO_puts(out, "\n");
   1418 		OPENSSL_free(buf);
   1419 	} else {
   1420 		if(mline) BIO_puts(out, "\n");
   1421 		X509_NAME_print_ex(out, nm, indent, lflags);
   1422 		BIO_puts(out, "\n");
   1423 	}
   1424 }
   1425 
   1426 X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath)
   1427 {
   1428 	X509_STORE *store;
   1429 	X509_LOOKUP *lookup;
   1430 	if(!(store = X509_STORE_new())) goto end;
   1431 	lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
   1432 	if (lookup == NULL) goto end;
   1433 	if (CAfile) {
   1434 		if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) {
   1435 			BIO_printf(bp, "Error loading file %s\n", CAfile);
   1436 			goto end;
   1437 		}
   1438 	} else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
   1439 
   1440 	lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
   1441 	if (lookup == NULL) goto end;
   1442 	if (CApath) {
   1443 		if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) {
   1444 			BIO_printf(bp, "Error loading directory %s\n", CApath);
   1445 			goto end;
   1446 		}
   1447 	} else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
   1448 
   1449 	ERR_clear_error();
   1450 	return store;
   1451 	end:
   1452 	X509_STORE_free(store);
   1453 	return NULL;
   1454 }
   1455 
   1456 #ifndef OPENSSL_NO_ENGINE
   1457 /* Try to load an engine in a shareable library */
   1458 static ENGINE *try_load_engine(BIO *err, const char *engine, int debug)
   1459 	{
   1460 	ENGINE *e = ENGINE_by_id("dynamic");
   1461 	if (e)
   1462 		{
   1463 		if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0)
   1464 			|| !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
   1465 			{
   1466 			ENGINE_free(e);
   1467 			e = NULL;
   1468 			}
   1469 		}
   1470 	return e;
   1471 	}
   1472 
   1473 ENGINE *setup_engine(BIO *err, const char *engine, int debug)
   1474         {
   1475         ENGINE *e = NULL;
   1476 
   1477         if (engine)
   1478                 {
   1479 		if(strcmp(engine, "auto") == 0)
   1480 			{
   1481 			BIO_printf(err,"enabling auto ENGINE support\n");
   1482 			ENGINE_register_all_complete();
   1483 			return NULL;
   1484 			}
   1485 		if((e = ENGINE_by_id(engine)) == NULL
   1486 			&& (e = try_load_engine(err, engine, debug)) == NULL)
   1487 			{
   1488 			BIO_printf(err,"invalid engine \"%s\"\n", engine);
   1489 			ERR_print_errors(err);
   1490 			return NULL;
   1491 			}
   1492 		if (debug)
   1493 			{
   1494 			ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
   1495 				0, err, 0);
   1496 			}
   1497                 ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);
   1498 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
   1499 			{
   1500 			BIO_printf(err,"can't use that engine\n");
   1501 			ERR_print_errors(err);
   1502 			ENGINE_free(e);
   1503 			return NULL;
   1504 			}
   1505 
   1506 		BIO_printf(err,"engine \"%s\" set.\n", ENGINE_get_id(e));
   1507 
   1508 		/* Free our "structural" reference. */
   1509 		ENGINE_free(e);
   1510 		}
   1511         return e;
   1512         }
   1513 #endif
   1514 
   1515 int load_config(BIO *err, CONF *cnf)
   1516 	{
   1517 	static int load_config_called = 0;
   1518 	if (load_config_called)
   1519 		return 1;
   1520 	load_config_called = 1;
   1521 	if (!cnf)
   1522 		cnf = config;
   1523 	if (!cnf)
   1524 		return 1;
   1525 
   1526 	OPENSSL_load_builtin_modules();
   1527 
   1528 	if (CONF_modules_load(cnf, NULL, 0) <= 0)
   1529 		{
   1530 		BIO_printf(err, "Error configuring OpenSSL\n");
   1531 		ERR_print_errors(err);
   1532 		return 0;
   1533 		}
   1534 	return 1;
   1535 	}
   1536 
   1537 char *make_config_name()
   1538 	{
   1539 	const char *t=X509_get_default_cert_area();
   1540 	size_t len;
   1541 	char *p;
   1542 
   1543 	len=strlen(t)+strlen(OPENSSL_CONF)+2;
   1544 	p=OPENSSL_malloc(len);
   1545 	BUF_strlcpy(p,t,len);
   1546 #ifndef OPENSSL_SYS_VMS
   1547 	BUF_strlcat(p,"/",len);
   1548 #endif
   1549 	BUF_strlcat(p,OPENSSL_CONF,len);
   1550 
   1551 	return p;
   1552 	}
   1553 
   1554 static unsigned long index_serial_hash(const OPENSSL_CSTRING *a)
   1555 	{
   1556 	const char *n;
   1557 
   1558 	n=a[DB_serial];
   1559 	while (*n == '0') n++;
   1560 	return(lh_strhash(n));
   1561 	}
   1562 
   1563 static int index_serial_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
   1564 	{
   1565 	const char *aa,*bb;
   1566 
   1567 	for (aa=a[DB_serial]; *aa == '0'; aa++);
   1568 	for (bb=b[DB_serial]; *bb == '0'; bb++);
   1569 	return(strcmp(aa,bb));
   1570 	}
   1571 
   1572 static int index_name_qual(char **a)
   1573 	{ return(a[0][0] == 'V'); }
   1574 
   1575 static unsigned long index_name_hash(const OPENSSL_CSTRING *a)
   1576 	{ return(lh_strhash(a[DB_name])); }
   1577 
   1578 int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
   1579 	{ return(strcmp(a[DB_name], b[DB_name])); }
   1580 
   1581 static IMPLEMENT_LHASH_HASH_FN(index_serial, OPENSSL_CSTRING)
   1582 static IMPLEMENT_LHASH_COMP_FN(index_serial, OPENSSL_CSTRING)
   1583 static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING)
   1584 static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING)
   1585 
   1586 #undef BSIZE
   1587 #define BSIZE 256
   1588 
   1589 BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai)
   1590 	{
   1591 	BIO *in=NULL;
   1592 	BIGNUM *ret=NULL;
   1593 	MS_STATIC char buf[1024];
   1594 	ASN1_INTEGER *ai=NULL;
   1595 
   1596 	ai=ASN1_INTEGER_new();
   1597 	if (ai == NULL) goto err;
   1598 
   1599 	if ((in=BIO_new(BIO_s_file())) == NULL)
   1600 		{
   1601 		ERR_print_errors(bio_err);
   1602 		goto err;
   1603 		}
   1604 
   1605 	if (BIO_read_filename(in,serialfile) <= 0)
   1606 		{
   1607 		if (!create)
   1608 			{
   1609 			perror(serialfile);
   1610 			goto err;
   1611 			}
   1612 		else
   1613 			{
   1614 			ret=BN_new();
   1615 			if (ret == NULL || !rand_serial(ret, ai))
   1616 				BIO_printf(bio_err, "Out of memory\n");
   1617 			}
   1618 		}
   1619 	else
   1620 		{
   1621 		if (!a2i_ASN1_INTEGER(in,ai,buf,1024))
   1622 			{
   1623 			BIO_printf(bio_err,"unable to load number from %s\n",
   1624 				serialfile);
   1625 			goto err;
   1626 			}
   1627 		ret=ASN1_INTEGER_to_BN(ai,NULL);
   1628 		if (ret == NULL)
   1629 			{
   1630 			BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");
   1631 			goto err;
   1632 			}
   1633 		}
   1634 
   1635 	if (ret && retai)
   1636 		{
   1637 		*retai = ai;
   1638 		ai = NULL;
   1639 		}
   1640  err:
   1641 	if (in != NULL) BIO_free(in);
   1642 	if (ai != NULL) ASN1_INTEGER_free(ai);
   1643 	return(ret);
   1644 	}
   1645 
   1646 int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai)
   1647 	{
   1648 	char buf[1][BSIZE];
   1649 	BIO *out = NULL;
   1650 	int ret=0;
   1651 	ASN1_INTEGER *ai=NULL;
   1652 	int j;
   1653 
   1654 	if (suffix == NULL)
   1655 		j = strlen(serialfile);
   1656 	else
   1657 		j = strlen(serialfile) + strlen(suffix) + 1;
   1658 	if (j >= BSIZE)
   1659 		{
   1660 		BIO_printf(bio_err,"file name too long\n");
   1661 		goto err;
   1662 		}
   1663 
   1664 	if (suffix == NULL)
   1665 		BUF_strlcpy(buf[0], serialfile, BSIZE);
   1666 	else
   1667 		{
   1668 #ifndef OPENSSL_SYS_VMS
   1669 		j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix);
   1670 #else
   1671 		j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);
   1672 #endif
   1673 		}
   1674 #ifdef RL_DEBUG
   1675 	BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
   1676 #endif
   1677 	out=BIO_new(BIO_s_file());
   1678 	if (out == NULL)
   1679 		{
   1680 		ERR_print_errors(bio_err);
   1681 		goto err;
   1682 		}
   1683 	if (BIO_write_filename(out,buf[0]) <= 0)
   1684 		{
   1685 		perror(serialfile);
   1686 		goto err;
   1687 		}
   1688 
   1689 	if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL)
   1690 		{
   1691 		BIO_printf(bio_err,"error converting serial to ASN.1 format\n");
   1692 		goto err;
   1693 		}
   1694 	i2a_ASN1_INTEGER(out,ai);
   1695 	BIO_puts(out,"\n");
   1696 	ret=1;
   1697 	if (retai)
   1698 		{
   1699 		*retai = ai;
   1700 		ai = NULL;
   1701 		}
   1702 err:
   1703 	if (out != NULL) BIO_free_all(out);
   1704 	if (ai != NULL) ASN1_INTEGER_free(ai);
   1705 	return(ret);
   1706 	}
   1707 
   1708 int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
   1709 	{
   1710 	char buf[5][BSIZE];
   1711 	int i,j;
   1712 
   1713 	i = strlen(serialfile) + strlen(old_suffix);
   1714 	j = strlen(serialfile) + strlen(new_suffix);
   1715 	if (i > j) j = i;
   1716 	if (j + 1 >= BSIZE)
   1717 		{
   1718 		BIO_printf(bio_err,"file name too long\n");
   1719 		goto err;
   1720 		}
   1721 
   1722 #ifndef OPENSSL_SYS_VMS
   1723 	j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",
   1724 		serialfile, new_suffix);
   1725 #else
   1726 	j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",
   1727 		serialfile, new_suffix);
   1728 #endif
   1729 #ifndef OPENSSL_SYS_VMS
   1730 	j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",
   1731 		serialfile, old_suffix);
   1732 #else
   1733 	j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
   1734 		serialfile, old_suffix);
   1735 #endif
   1736 #ifdef RL_DEBUG
   1737 	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
   1738 		serialfile, buf[1]);
   1739 #endif
   1740 	if (rename(serialfile,buf[1]) < 0 && errno != ENOENT
   1741 #ifdef ENOTDIR
   1742 			&& errno != ENOTDIR
   1743 #endif
   1744 	   )		{
   1745 			BIO_printf(bio_err,
   1746 				"unable to rename %s to %s\n",
   1747 				serialfile, buf[1]);
   1748 			perror("reason");
   1749 			goto err;
   1750 			}
   1751 #ifdef RL_DEBUG
   1752 	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
   1753 		buf[0],serialfile);
   1754 #endif
   1755 	if (rename(buf[0],serialfile) < 0)
   1756 		{
   1757 		BIO_printf(bio_err,
   1758 			"unable to rename %s to %s\n",
   1759 			buf[0],serialfile);
   1760 		perror("reason");
   1761 		rename(buf[1],serialfile);
   1762 		goto err;
   1763 		}
   1764 	return 1;
   1765  err:
   1766 	return 0;
   1767 	}
   1768 
   1769 int rand_serial(BIGNUM *b, ASN1_INTEGER *ai)
   1770 	{
   1771 	BIGNUM *btmp;
   1772 	int ret = 0;
   1773 	if (b)
   1774 		btmp = b;
   1775 	else
   1776 		btmp = BN_new();
   1777 
   1778 	if (!btmp)
   1779 		return 0;
   1780 
   1781 	if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0))
   1782 		goto error;
   1783 	if (ai && !BN_to_ASN1_INTEGER(btmp, ai))
   1784 		goto error;
   1785 
   1786 	ret = 1;
   1787 
   1788 	error:
   1789 
   1790 	if (!b)
   1791 		BN_free(btmp);
   1792 
   1793 	return ret;
   1794 	}
   1795 
   1796 CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
   1797 	{
   1798 	CA_DB *retdb = NULL;
   1799 	TXT_DB *tmpdb = NULL;
   1800 	BIO *in = BIO_new(BIO_s_file());
   1801 	CONF *dbattr_conf = NULL;
   1802 	char buf[1][BSIZE];
   1803 	long errorline= -1;
   1804 
   1805 	if (in == NULL)
   1806 		{
   1807 		ERR_print_errors(bio_err);
   1808 		goto err;
   1809 		}
   1810 	if (BIO_read_filename(in,dbfile) <= 0)
   1811 		{
   1812 		perror(dbfile);
   1813 		BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
   1814 		goto err;
   1815 		}
   1816 	if ((tmpdb = TXT_DB_read(in,DB_NUMBER)) == NULL)
   1817 		goto err;
   1818 
   1819 #ifndef OPENSSL_SYS_VMS
   1820 	BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile);
   1821 #else
   1822 	BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile);
   1823 #endif
   1824 	dbattr_conf = NCONF_new(NULL);
   1825 	if (NCONF_load(dbattr_conf,buf[0],&errorline) <= 0)
   1826 		{
   1827 		if (errorline > 0)
   1828 			{
   1829 			BIO_printf(bio_err,
   1830 				"error on line %ld of db attribute file '%s'\n"
   1831 				,errorline,buf[0]);
   1832 			goto err;
   1833 			}
   1834 		else
   1835 			{
   1836 			NCONF_free(dbattr_conf);
   1837 			dbattr_conf = NULL;
   1838 			}
   1839 		}
   1840 
   1841 	if ((retdb = OPENSSL_malloc(sizeof(CA_DB))) == NULL)
   1842 		{
   1843 		fprintf(stderr, "Out of memory\n");
   1844 		goto err;
   1845 		}
   1846 
   1847 	retdb->db = tmpdb;
   1848 	tmpdb = NULL;
   1849 	if (db_attr)
   1850 		retdb->attributes = *db_attr;
   1851 	else
   1852 		{
   1853 		retdb->attributes.unique_subject = 1;
   1854 		}
   1855 
   1856 	if (dbattr_conf)
   1857 		{
   1858 		char *p = NCONF_get_string(dbattr_conf,NULL,"unique_subject");
   1859 		if (p)
   1860 			{
   1861 #ifdef RL_DEBUG
   1862 			BIO_printf(bio_err, "DEBUG[load_index]: unique_subject = \"%s\"\n", p);
   1863 #endif
   1864 			retdb->attributes.unique_subject = parse_yesno(p,1);
   1865 			}
   1866 		}
   1867 
   1868  err:
   1869 	if (dbattr_conf) NCONF_free(dbattr_conf);
   1870 	if (tmpdb) TXT_DB_free(tmpdb);
   1871 	if (in) BIO_free_all(in);
   1872 	return retdb;
   1873 	}
   1874 
   1875 int index_index(CA_DB *db)
   1876 	{
   1877 	if (!TXT_DB_create_index(db->db, DB_serial, NULL,
   1878 				LHASH_HASH_FN(index_serial),
   1879 				LHASH_COMP_FN(index_serial)))
   1880 		{
   1881 		BIO_printf(bio_err,
   1882 		  "error creating serial number index:(%ld,%ld,%ld)\n",
   1883 		  			db->db->error,db->db->arg1,db->db->arg2);
   1884 			return 0;
   1885 		}
   1886 
   1887 	if (db->attributes.unique_subject
   1888 		&& !TXT_DB_create_index(db->db, DB_name, index_name_qual,
   1889 			LHASH_HASH_FN(index_name),
   1890 			LHASH_COMP_FN(index_name)))
   1891 		{
   1892 		BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
   1893 			db->db->error,db->db->arg1,db->db->arg2);
   1894 		return 0;
   1895 		}
   1896 	return 1;
   1897 	}
   1898 
   1899 int save_index(const char *dbfile, const char *suffix, CA_DB *db)
   1900 	{
   1901 	char buf[3][BSIZE];
   1902 	BIO *out = BIO_new(BIO_s_file());
   1903 	int j;
   1904 
   1905 	if (out == NULL)
   1906 		{
   1907 		ERR_print_errors(bio_err);
   1908 		goto err;
   1909 		}
   1910 
   1911 	j = strlen(dbfile) + strlen(suffix);
   1912 	if (j + 6 >= BSIZE)
   1913 		{
   1914 		BIO_printf(bio_err,"file name too long\n");
   1915 		goto err;
   1916 		}
   1917 
   1918 #ifndef OPENSSL_SYS_VMS
   1919 	j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
   1920 #else
   1921 	j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
   1922 #endif
   1923 #ifndef OPENSSL_SYS_VMS
   1924 	j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
   1925 #else
   1926 	j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
   1927 #endif
   1928 #ifndef OPENSSL_SYS_VMS
   1929 	j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
   1930 #else
   1931 	j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);
   1932 #endif
   1933 #ifdef RL_DEBUG
   1934 	BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
   1935 #endif
   1936 	if (BIO_write_filename(out,buf[0]) <= 0)
   1937 		{
   1938 		perror(dbfile);
   1939 		BIO_printf(bio_err,"unable to open '%s'\n", dbfile);
   1940 		goto err;
   1941 		}
   1942 	j=TXT_DB_write(out,db->db);
   1943 	if (j <= 0) goto err;
   1944 
   1945 	BIO_free(out);
   1946 
   1947 	out = BIO_new(BIO_s_file());
   1948 #ifdef RL_DEBUG
   1949 	BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[1]);
   1950 #endif
   1951 	if (BIO_write_filename(out,buf[1]) <= 0)
   1952 		{
   1953 		perror(buf[2]);
   1954 		BIO_printf(bio_err,"unable to open '%s'\n", buf[2]);
   1955 		goto err;
   1956 		}
   1957 	BIO_printf(out,"unique_subject = %s\n",
   1958 		db->attributes.unique_subject ? "yes" : "no");
   1959 	BIO_free(out);
   1960 
   1961 	return 1;
   1962  err:
   1963 	return 0;
   1964 	}
   1965 
   1966 int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix)
   1967 	{
   1968 	char buf[5][BSIZE];
   1969 	int i,j;
   1970 
   1971 	i = strlen(dbfile) + strlen(old_suffix);
   1972 	j = strlen(dbfile) + strlen(new_suffix);
   1973 	if (i > j) j = i;
   1974 	if (j + 6 >= BSIZE)
   1975 		{
   1976 		BIO_printf(bio_err,"file name too long\n");
   1977 		goto err;
   1978 		}
   1979 
   1980 #ifndef OPENSSL_SYS_VMS
   1981 	j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
   1982 #else
   1983 	j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
   1984 #endif
   1985 #ifndef OPENSSL_SYS_VMS
   1986 	j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s",
   1987 		dbfile, new_suffix);
   1988 #else
   1989 	j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s",
   1990 		dbfile, new_suffix);
   1991 #endif
   1992 #ifndef OPENSSL_SYS_VMS
   1993 	j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",
   1994 		dbfile, new_suffix);
   1995 #else
   1996 	j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",
   1997 		dbfile, new_suffix);
   1998 #endif
   1999 #ifndef OPENSSL_SYS_VMS
   2000 	j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",
   2001 		dbfile, old_suffix);
   2002 #else
   2003 	j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
   2004 		dbfile, old_suffix);
   2005 #endif
   2006 #ifndef OPENSSL_SYS_VMS
   2007 	j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s",
   2008 		dbfile, old_suffix);
   2009 #else
   2010 	j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s",
   2011 		dbfile, old_suffix);
   2012 #endif
   2013 #ifdef RL_DEBUG
   2014 	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
   2015 		dbfile, buf[1]);
   2016 #endif
   2017 	if (rename(dbfile,buf[1]) < 0 && errno != ENOENT
   2018 #ifdef ENOTDIR
   2019 		&& errno != ENOTDIR
   2020 #endif
   2021 	   )		{
   2022 			BIO_printf(bio_err,
   2023 				"unable to rename %s to %s\n",
   2024 				dbfile, buf[1]);
   2025 			perror("reason");
   2026 			goto err;
   2027 			}
   2028 #ifdef RL_DEBUG
   2029 	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
   2030 		buf[0],dbfile);
   2031 #endif
   2032 	if (rename(buf[0],dbfile) < 0)
   2033 		{
   2034 		BIO_printf(bio_err,
   2035 			"unable to rename %s to %s\n",
   2036 			buf[0],dbfile);
   2037 		perror("reason");
   2038 		rename(buf[1],dbfile);
   2039 		goto err;
   2040 		}
   2041 #ifdef RL_DEBUG
   2042 	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
   2043 		buf[4],buf[3]);
   2044 #endif
   2045 	if (rename(buf[4],buf[3]) < 0 && errno != ENOENT
   2046 #ifdef ENOTDIR
   2047 		&& errno != ENOTDIR
   2048 #endif
   2049 	   )		{
   2050 			BIO_printf(bio_err,
   2051 				"unable to rename %s to %s\n",
   2052 				buf[4], buf[3]);
   2053 			perror("reason");
   2054 			rename(dbfile,buf[0]);
   2055 			rename(buf[1],dbfile);
   2056 			goto err;
   2057 			}
   2058 #ifdef RL_DEBUG
   2059 	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
   2060 		buf[2],buf[4]);
   2061 #endif
   2062 	if (rename(buf[2],buf[4]) < 0)
   2063 		{
   2064 		BIO_printf(bio_err,
   2065 			"unable to rename %s to %s\n",
   2066 			buf[2],buf[4]);
   2067 		perror("reason");
   2068 		rename(buf[3],buf[4]);
   2069 		rename(dbfile,buf[0]);
   2070 		rename(buf[1],dbfile);
   2071 		goto err;
   2072 		}
   2073 	return 1;
   2074  err:
   2075 	return 0;
   2076 	}
   2077 
   2078 void free_index(CA_DB *db)
   2079 	{
   2080 	if (db)
   2081 		{
   2082 		if (db->db) TXT_DB_free(db->db);
   2083 		OPENSSL_free(db);
   2084 		}
   2085 	}
   2086 
   2087 int parse_yesno(const char *str, int def)
   2088 	{
   2089 	int ret = def;
   2090 	if (str)
   2091 		{
   2092 		switch (*str)
   2093 			{
   2094 		case 'f': /* false */
   2095 		case 'F': /* FALSE */
   2096 		case 'n': /* no */
   2097 		case 'N': /* NO */
   2098 		case '0': /* 0 */
   2099 			ret = 0;
   2100 			break;
   2101 		case 't': /* true */
   2102 		case 'T': /* TRUE */
   2103 		case 'y': /* yes */
   2104 		case 'Y': /* YES */
   2105 		case '1': /* 1 */
   2106 			ret = 1;
   2107 			break;
   2108 		default:
   2109 			ret = def;
   2110 			break;
   2111 			}
   2112 		}
   2113 	return ret;
   2114 	}
   2115 
   2116 /*
   2117  * subject is expected to be in the format /type0=value0/type1=value1/type2=...
   2118  * where characters may be escaped by \
   2119  */
   2120 X509_NAME *parse_name(char *subject, long chtype, int multirdn)
   2121 	{
   2122 	size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */
   2123 	char *buf = OPENSSL_malloc(buflen);
   2124 	size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */
   2125 	char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *));
   2126 	char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *));
   2127 	int *mval = OPENSSL_malloc (max_ne * sizeof (int));
   2128 
   2129 	char *sp = subject, *bp = buf;
   2130 	int i, ne_num = 0;
   2131 
   2132 	X509_NAME *n = NULL;
   2133 	int nid;
   2134 
   2135 	if (!buf || !ne_types || !ne_values || !mval)
   2136 		{
   2137 		BIO_printf(bio_err, "malloc error\n");
   2138 		goto error;
   2139 		}
   2140 
   2141 	if (*subject != '/')
   2142 		{
   2143 		BIO_printf(bio_err, "Subject does not start with '/'.\n");
   2144 		goto error;
   2145 		}
   2146 	sp++; /* skip leading / */
   2147 
   2148 	/* no multivalued RDN by default */
   2149 	mval[ne_num] = 0;
   2150 
   2151 	while (*sp)
   2152 		{
   2153 		/* collect type */
   2154 		ne_types[ne_num] = bp;
   2155 		while (*sp)
   2156 			{
   2157 			if (*sp == '\\') /* is there anything to escape in the type...? */
   2158 				{
   2159 				if (*++sp)
   2160 					*bp++ = *sp++;
   2161 				else
   2162 					{
   2163 					BIO_printf(bio_err, "escape character at end of string\n");
   2164 					goto error;
   2165 					}
   2166 				}
   2167 			else if (*sp == '=')
   2168 				{
   2169 				sp++;
   2170 				*bp++ = '\0';
   2171 				break;
   2172 				}
   2173 			else
   2174 				*bp++ = *sp++;
   2175 			}
   2176 		if (!*sp)
   2177 			{
   2178 			BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num);
   2179 			goto error;
   2180 			}
   2181 		ne_values[ne_num] = bp;
   2182 		while (*sp)
   2183 			{
   2184 			if (*sp == '\\')
   2185 				{
   2186 				if (*++sp)
   2187 					*bp++ = *sp++;
   2188 				else
   2189 					{
   2190 					BIO_printf(bio_err, "escape character at end of string\n");
   2191 					goto error;
   2192 					}
   2193 				}
   2194 			else if (*sp == '/')
   2195 				{
   2196 				sp++;
   2197 				/* no multivalued RDN by default */
   2198 				mval[ne_num+1] = 0;
   2199 				break;
   2200 				}
   2201 			else if (*sp == '+' && multirdn)
   2202 				{
   2203 				/* a not escaped + signals a mutlivalued RDN */
   2204 				sp++;
   2205 				mval[ne_num+1] = -1;
   2206 				break;
   2207 				}
   2208 			else
   2209 				*bp++ = *sp++;
   2210 			}
   2211 		*bp++ = '\0';
   2212 		ne_num++;
   2213 		}
   2214 
   2215 	if (!(n = X509_NAME_new()))
   2216 		goto error;
   2217 
   2218 	for (i = 0; i < ne_num; i++)
   2219 		{
   2220 		if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef)
   2221 			{
   2222 			BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]);
   2223 			continue;
   2224 			}
   2225 
   2226 		if (!*ne_values[i])
   2227 			{
   2228 			BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]);
   2229 			continue;
   2230 			}
   2231 
   2232 		if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,mval[i]))
   2233 			goto error;
   2234 		}
   2235 
   2236 	OPENSSL_free(ne_values);
   2237 	OPENSSL_free(ne_types);
   2238 	OPENSSL_free(buf);
   2239 	OPENSSL_free(mval);
   2240 	return n;
   2241 
   2242 error:
   2243 	X509_NAME_free(n);
   2244 	if (ne_values)
   2245 		OPENSSL_free(ne_values);
   2246 	if (ne_types)
   2247 		OPENSSL_free(ne_types);
   2248 	if (mval)
   2249 		OPENSSL_free(mval);
   2250 	if (buf)
   2251 		OPENSSL_free(buf);
   2252 	return NULL;
   2253 }
   2254 
   2255 int args_verify(char ***pargs, int *pargc,
   2256 			int *badarg, BIO *err, X509_VERIFY_PARAM **pm)
   2257 	{
   2258 	ASN1_OBJECT *otmp = NULL;
   2259 	unsigned long flags = 0;
   2260 	int i;
   2261 	int purpose = 0, depth = -1;
   2262 	char **oldargs = *pargs;
   2263 	char *arg = **pargs, *argn = (*pargs)[1];
   2264 	time_t at_time = 0;
   2265 	if (!strcmp(arg, "-policy"))
   2266 		{
   2267 		if (!argn)
   2268 			*badarg = 1;
   2269 		else
   2270 			{
   2271 			otmp = OBJ_txt2obj(argn, 0);
   2272 			if (!otmp)
   2273 				{
   2274 				BIO_printf(err, "Invalid Policy \"%s\"\n",
   2275 									argn);
   2276 				*badarg = 1;
   2277 				}
   2278 			}
   2279 		(*pargs)++;
   2280 		}
   2281 	else if (strcmp(arg,"-purpose") == 0)
   2282 		{
   2283 		X509_PURPOSE *xptmp;
   2284 		if (!argn)
   2285 			*badarg = 1;
   2286 		else
   2287 			{
   2288 			i = X509_PURPOSE_get_by_sname(argn);
   2289 			if(i < 0)
   2290 				{
   2291 				BIO_printf(err, "unrecognized purpose\n");
   2292 				*badarg = 1;
   2293 				}
   2294 			else
   2295 				{
   2296 				xptmp = X509_PURPOSE_get0(i);
   2297 				purpose = X509_PURPOSE_get_id(xptmp);
   2298 				}
   2299 			}
   2300 		(*pargs)++;
   2301 		}
   2302 	else if (strcmp(arg,"-verify_depth") == 0)
   2303 		{
   2304 		if (!argn)
   2305 			*badarg = 1;
   2306 		else
   2307 			{
   2308 			depth = atoi(argn);
   2309 			if(depth < 0)
   2310 				{
   2311 				BIO_printf(err, "invalid depth\n");
   2312 				*badarg = 1;
   2313 				}
   2314 			}
   2315 		(*pargs)++;
   2316 		}
   2317 	else if (strcmp(arg,"-attime") == 0)
   2318 		{
   2319 		if (!argn)
   2320 			*badarg = 1;
   2321 		else
   2322 			{
   2323 			long timestamp;
   2324 			/* interpret the -attime argument as seconds since
   2325 			 * Epoch */
   2326 			if (sscanf(argn, "%li", &timestamp) != 1)
   2327 				{
   2328 				BIO_printf(bio_err,
   2329 						"Error parsing timestamp %s\n",
   2330 					   	argn);
   2331 				*badarg = 1;
   2332 				}
   2333 			/* on some platforms time_t may be a float */
   2334 			at_time = (time_t) timestamp;
   2335 			}
   2336 		(*pargs)++;
   2337 		}
   2338 	else if (!strcmp(arg, "-ignore_critical"))
   2339 		flags |= X509_V_FLAG_IGNORE_CRITICAL;
   2340 	else if (!strcmp(arg, "-issuer_checks"))
   2341 		flags |= X509_V_FLAG_CB_ISSUER_CHECK;
   2342 	else if (!strcmp(arg, "-crl_check"))
   2343 		flags |=  X509_V_FLAG_CRL_CHECK;
   2344 	else if (!strcmp(arg, "-crl_check_all"))
   2345 		flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
   2346 	else if (!strcmp(arg, "-policy_check"))
   2347 		flags |= X509_V_FLAG_POLICY_CHECK;
   2348 	else if (!strcmp(arg, "-explicit_policy"))
   2349 		flags |= X509_V_FLAG_EXPLICIT_POLICY;
   2350 	else if (!strcmp(arg, "-inhibit_any"))
   2351 		flags |= X509_V_FLAG_INHIBIT_ANY;
   2352 	else if (!strcmp(arg, "-inhibit_map"))
   2353 		flags |= X509_V_FLAG_INHIBIT_MAP;
   2354 	else if (!strcmp(arg, "-x509_strict"))
   2355 		flags |= X509_V_FLAG_X509_STRICT;
   2356 	else if (!strcmp(arg, "-extended_crl"))
   2357 		flags |= X509_V_FLAG_EXTENDED_CRL_SUPPORT;
   2358 	else if (!strcmp(arg, "-use_deltas"))
   2359 		flags |= X509_V_FLAG_USE_DELTAS;
   2360 	else if (!strcmp(arg, "-policy_print"))
   2361 		flags |= X509_V_FLAG_NOTIFY_POLICY;
   2362 	else if (!strcmp(arg, "-check_ss_sig"))
   2363 		flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
   2364 	else
   2365 		return 0;
   2366 
   2367 	if (*badarg)
   2368 		{
   2369 		if (*pm)
   2370 			X509_VERIFY_PARAM_free(*pm);
   2371 		*pm = NULL;
   2372 		goto end;
   2373 		}
   2374 
   2375 	if (!*pm && !(*pm = X509_VERIFY_PARAM_new()))
   2376 		{
   2377 		*badarg = 1;
   2378 		goto end;
   2379 		}
   2380 
   2381 	if (otmp)
   2382 		X509_VERIFY_PARAM_add0_policy(*pm, otmp);
   2383 	if (flags)
   2384 		X509_VERIFY_PARAM_set_flags(*pm, flags);
   2385 
   2386 	if (purpose)
   2387 		X509_VERIFY_PARAM_set_purpose(*pm, purpose);
   2388 
   2389 	if (depth >= 0)
   2390 		X509_VERIFY_PARAM_set_depth(*pm, depth);
   2391 
   2392 	if (at_time)
   2393 		X509_VERIFY_PARAM_set_time(*pm, at_time);
   2394 
   2395 	end:
   2396 
   2397 	(*pargs)++;
   2398 
   2399 	if (pargc)
   2400 		*pargc -= *pargs - oldargs;
   2401 
   2402 	return 1;
   2403 
   2404 	}
   2405 
   2406 /* Read whole contents of a BIO into an allocated memory buffer and
   2407  * return it.
   2408  */
   2409 
   2410 int bio_to_mem(unsigned char **out, int maxlen, BIO *in)
   2411 	{
   2412 	BIO *mem;
   2413 	int len, ret;
   2414 	unsigned char tbuf[1024];
   2415 	mem = BIO_new(BIO_s_mem());
   2416 	if (!mem)
   2417 		return -1;
   2418 	for(;;)
   2419 		{
   2420 		if ((maxlen != -1) && maxlen < 1024)
   2421 			len = maxlen;
   2422 		else
   2423 			len = 1024;
   2424 		len = BIO_read(in, tbuf, len);
   2425 		if (len <= 0)
   2426 			break;
   2427 		if (BIO_write(mem, tbuf, len) != len)
   2428 			{
   2429 			BIO_free(mem);
   2430 			return -1;
   2431 			}
   2432 		maxlen -= len;
   2433 
   2434 		if (maxlen == 0)
   2435 			break;
   2436 		}
   2437 	ret = BIO_get_mem_data(mem, (char **)out);
   2438 	BIO_set_flags(mem, BIO_FLAGS_MEM_RDONLY);
   2439 	BIO_free(mem);
   2440 	return ret;
   2441 	}
   2442 
   2443 int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value)
   2444 	{
   2445 	int rv;
   2446 	char *stmp, *vtmp = NULL;
   2447 	stmp = BUF_strdup(value);
   2448 	if (!stmp)
   2449 		return -1;
   2450 	vtmp = strchr(stmp, ':');
   2451 	if (vtmp)
   2452 		{
   2453 		*vtmp = 0;
   2454 		vtmp++;
   2455 		}
   2456 	rv = EVP_PKEY_CTX_ctrl_str(ctx, stmp, vtmp);
   2457 	OPENSSL_free(stmp);
   2458 	return rv;
   2459 	}
   2460 
   2461 static void nodes_print(BIO *out, const char *name,
   2462 	STACK_OF(X509_POLICY_NODE) *nodes)
   2463 	{
   2464 	X509_POLICY_NODE *node;
   2465 	int i;
   2466 	BIO_printf(out, "%s Policies:", name);
   2467 	if (nodes)
   2468 		{
   2469 		BIO_puts(out, "\n");
   2470 		for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++)
   2471 			{
   2472 			node = sk_X509_POLICY_NODE_value(nodes, i);
   2473 			X509_POLICY_NODE_print(out, node, 2);
   2474 			}
   2475 		}
   2476 	else
   2477 		BIO_puts(out, " <empty>\n");
   2478 	}
   2479 
   2480 void policies_print(BIO *out, X509_STORE_CTX *ctx)
   2481 	{
   2482 	X509_POLICY_TREE *tree;
   2483 	int explicit_policy;
   2484 	int free_out = 0;
   2485 	if (out == NULL)
   2486 		{
   2487 		out = BIO_new_fp(stderr, BIO_NOCLOSE);
   2488 		free_out = 1;
   2489 		}
   2490 	tree = X509_STORE_CTX_get0_policy_tree(ctx);
   2491 	explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx);
   2492 
   2493 	BIO_printf(out, "Require explicit Policy: %s\n",
   2494 				explicit_policy ? "True" : "False");
   2495 
   2496 	nodes_print(out, "Authority", X509_policy_tree_get0_policies(tree));
   2497 	nodes_print(out, "User", X509_policy_tree_get0_user_policies(tree));
   2498 	if (free_out)
   2499 		BIO_free(out);
   2500 	}
   2501 
   2502 #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
   2503 
   2504 static JPAKE_CTX *jpake_init(const char *us, const char *them,
   2505 							 const char *secret)
   2506 	{
   2507 	BIGNUM *p = NULL;
   2508 	BIGNUM *g = NULL;
   2509 	BIGNUM *q = NULL;
   2510 	BIGNUM *bnsecret = BN_new();
   2511 	JPAKE_CTX *ctx;
   2512 
   2513 	/* Use a safe prime for p (that we found earlier) */
   2514 	BN_hex2bn(&p, "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F");
   2515 	g = BN_new();
   2516 	BN_set_word(g, 2);
   2517 	q = BN_new();
   2518 	BN_rshift1(q, p);
   2519 
   2520 	BN_bin2bn((const unsigned char *)secret, strlen(secret), bnsecret);
   2521 
   2522 	ctx = JPAKE_CTX_new(us, them, p, g, q, bnsecret);
   2523 	BN_free(bnsecret);
   2524 	BN_free(q);
   2525 	BN_free(g);
   2526 	BN_free(p);
   2527 
   2528 	return ctx;
   2529 	}
   2530 
   2531 static void jpake_send_part(BIO *conn, const JPAKE_STEP_PART *p)
   2532 	{
   2533 	BN_print(conn, p->gx);
   2534 	BIO_puts(conn, "\n");
   2535 	BN_print(conn, p->zkpx.gr);
   2536 	BIO_puts(conn, "\n");
   2537 	BN_print(conn, p->zkpx.b);
   2538 	BIO_puts(conn, "\n");
   2539 	}
   2540 
   2541 static void jpake_send_step1(BIO *bconn, JPAKE_CTX *ctx)
   2542 	{
   2543 	JPAKE_STEP1 s1;
   2544 
   2545 	JPAKE_STEP1_init(&s1);
   2546 	JPAKE_STEP1_generate(&s1, ctx);
   2547 	jpake_send_part(bconn, &s1.p1);
   2548 	jpake_send_part(bconn, &s1.p2);
   2549 	(void)BIO_flush(bconn);
   2550 	JPAKE_STEP1_release(&s1);
   2551 	}
   2552 
   2553 static void jpake_send_step2(BIO *bconn, JPAKE_CTX *ctx)
   2554 	{
   2555 	JPAKE_STEP2 s2;
   2556 
   2557 	JPAKE_STEP2_init(&s2);
   2558 	JPAKE_STEP2_generate(&s2, ctx);
   2559 	jpake_send_part(bconn, &s2);
   2560 	(void)BIO_flush(bconn);
   2561 	JPAKE_STEP2_release(&s2);
   2562 	}
   2563 
   2564 static void jpake_send_step3a(BIO *bconn, JPAKE_CTX *ctx)
   2565 	{
   2566 	JPAKE_STEP3A s3a;
   2567 
   2568 	JPAKE_STEP3A_init(&s3a);
   2569 	JPAKE_STEP3A_generate(&s3a, ctx);
   2570 	BIO_write(bconn, s3a.hhk, sizeof s3a.hhk);
   2571 	(void)BIO_flush(bconn);
   2572 	JPAKE_STEP3A_release(&s3a);
   2573 	}
   2574 
   2575 static void jpake_send_step3b(BIO *bconn, JPAKE_CTX *ctx)
   2576 	{
   2577 	JPAKE_STEP3B s3b;
   2578 
   2579 	JPAKE_STEP3B_init(&s3b);
   2580 	JPAKE_STEP3B_generate(&s3b, ctx);
   2581 	BIO_write(bconn, s3b.hk, sizeof s3b.hk);
   2582 	(void)BIO_flush(bconn);
   2583 	JPAKE_STEP3B_release(&s3b);
   2584 	}
   2585 
   2586 static void readbn(BIGNUM **bn, BIO *bconn)
   2587 	{
   2588 	char buf[10240];
   2589 	int l;
   2590 
   2591 	l = BIO_gets(bconn, buf, sizeof buf);
   2592 	assert(l > 0);
   2593 	assert(buf[l-1] == '\n');
   2594 	buf[l-1] = '\0';
   2595 	BN_hex2bn(bn, buf);
   2596 	}
   2597 
   2598 static void jpake_receive_part(JPAKE_STEP_PART *p, BIO *bconn)
   2599 	{
   2600 	readbn(&p->gx, bconn);
   2601 	readbn(&p->zkpx.gr, bconn);
   2602 	readbn(&p->zkpx.b, bconn);
   2603 	}
   2604 
   2605 static void jpake_receive_step1(JPAKE_CTX *ctx, BIO *bconn)
   2606 	{
   2607 	JPAKE_STEP1 s1;
   2608 
   2609 	JPAKE_STEP1_init(&s1);
   2610 	jpake_receive_part(&s1.p1, bconn);
   2611 	jpake_receive_part(&s1.p2, bconn);
   2612 	if(!JPAKE_STEP1_process(ctx, &s1))
   2613 		{
   2614 		ERR_print_errors(bio_err);
   2615 		exit(1);
   2616 		}
   2617 	JPAKE_STEP1_release(&s1);
   2618 	}
   2619 
   2620 static void jpake_receive_step2(JPAKE_CTX *ctx, BIO *bconn)
   2621 	{
   2622 	JPAKE_STEP2 s2;
   2623 
   2624 	JPAKE_STEP2_init(&s2);
   2625 	jpake_receive_part(&s2, bconn);
   2626 	if(!JPAKE_STEP2_process(ctx, &s2))
   2627 		{
   2628 		ERR_print_errors(bio_err);
   2629 		exit(1);
   2630 		}
   2631 	JPAKE_STEP2_release(&s2);
   2632 	}
   2633 
   2634 static void jpake_receive_step3a(JPAKE_CTX *ctx, BIO *bconn)
   2635 	{
   2636 	JPAKE_STEP3A s3a;
   2637 	int l;
   2638 
   2639 	JPAKE_STEP3A_init(&s3a);
   2640 	l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk);
   2641 	assert(l == sizeof s3a.hhk);
   2642 	if(!JPAKE_STEP3A_process(ctx, &s3a))
   2643 		{
   2644 		ERR_print_errors(bio_err);
   2645 		exit(1);
   2646 		}
   2647 	JPAKE_STEP3A_release(&s3a);
   2648 	}
   2649 
   2650 static void jpake_receive_step3b(JPAKE_CTX *ctx, BIO *bconn)
   2651 	{
   2652 	JPAKE_STEP3B s3b;
   2653 	int l;
   2654 
   2655 	JPAKE_STEP3B_init(&s3b);
   2656 	l = BIO_read(bconn, s3b.hk, sizeof s3b.hk);
   2657 	assert(l == sizeof s3b.hk);
   2658 	if(!JPAKE_STEP3B_process(ctx, &s3b))
   2659 		{
   2660 		ERR_print_errors(bio_err);
   2661 		exit(1);
   2662 		}
   2663 	JPAKE_STEP3B_release(&s3b);
   2664 	}
   2665 
   2666 void jpake_client_auth(BIO *out, BIO *conn, const char *secret)
   2667 	{
   2668 	JPAKE_CTX *ctx;
   2669 	BIO *bconn;
   2670 
   2671 	BIO_puts(out, "Authenticating with JPAKE\n");
   2672 
   2673 	ctx = jpake_init("client", "server", secret);
   2674 
   2675 	bconn = BIO_new(BIO_f_buffer());
   2676 	BIO_push(bconn, conn);
   2677 
   2678 	jpake_send_step1(bconn, ctx);
   2679 	jpake_receive_step1(ctx, bconn);
   2680 	jpake_send_step2(bconn, ctx);
   2681 	jpake_receive_step2(ctx, bconn);
   2682 	jpake_send_step3a(bconn, ctx);
   2683 	jpake_receive_step3b(ctx, bconn);
   2684 
   2685 	BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
   2686 
   2687 	psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
   2688 
   2689 	BIO_pop(bconn);
   2690 	BIO_free(bconn);
   2691 
   2692 	JPAKE_CTX_free(ctx);
   2693 	}
   2694 
   2695 void jpake_server_auth(BIO *out, BIO *conn, const char *secret)
   2696 	{
   2697 	JPAKE_CTX *ctx;
   2698 	BIO *bconn;
   2699 
   2700 	BIO_puts(out, "Authenticating with JPAKE\n");
   2701 
   2702 	ctx = jpake_init("server", "client", secret);
   2703 
   2704 	bconn = BIO_new(BIO_f_buffer());
   2705 	BIO_push(bconn, conn);
   2706 
   2707 	jpake_receive_step1(ctx, bconn);
   2708 	jpake_send_step1(bconn, ctx);
   2709 	jpake_receive_step2(ctx, bconn);
   2710 	jpake_send_step2(bconn, ctx);
   2711 	jpake_receive_step3a(ctx, bconn);
   2712 	jpake_send_step3b(bconn, ctx);
   2713 
   2714 	BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
   2715 
   2716 	psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
   2717 
   2718 	BIO_pop(bconn);
   2719 	BIO_free(bconn);
   2720 
   2721 	JPAKE_CTX_free(ctx);
   2722 	}
   2723 
   2724 #endif
   2725 
   2726 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
   2727 /* next_protos_parse parses a comma separated list of strings into a string
   2728  * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
   2729  *   outlen: (output) set to the length of the resulting buffer on success.
   2730  *   err: (maybe NULL) on failure, an error message line is written to this BIO.
   2731  *   in: a NUL termianted string like "abc,def,ghi"
   2732  *
   2733  *   returns: a malloced buffer or NULL on failure.
   2734  */
   2735 unsigned char *next_protos_parse(unsigned short *outlen, const char *in)
   2736 	{
   2737 	size_t len;
   2738 	unsigned char *out;
   2739 	size_t i, start = 0;
   2740 
   2741 	len = strlen(in);
   2742 	if (len >= 65535)
   2743 		return NULL;
   2744 
   2745 	out = OPENSSL_malloc(strlen(in) + 1);
   2746 	if (!out)
   2747 		return NULL;
   2748 
   2749 	for (i = 0; i <= len; ++i)
   2750 		{
   2751 		if (i == len || in[i] == ',')
   2752 			{
   2753 			if (i - start > 255)
   2754 				{
   2755 				OPENSSL_free(out);
   2756 				return NULL;
   2757 				}
   2758 			out[start] = i - start;
   2759 			start = i + 1;
   2760 			}
   2761 		else
   2762 			out[i+1] = in[i];
   2763 		}
   2764 
   2765 	*outlen = len + 1;
   2766 	return out;
   2767 	}
   2768 #endif  /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */
   2769 
   2770 /*
   2771  * Platform-specific sections
   2772  */
   2773 #if defined(_WIN32)
   2774 # ifdef fileno
   2775 #  undef fileno
   2776 #  define fileno(a) (int)_fileno(a)
   2777 # endif
   2778 
   2779 # include <windows.h>
   2780 # include <tchar.h>
   2781 
   2782 static int WIN32_rename(const char *from, const char *to)
   2783 	{
   2784 	TCHAR  *tfrom=NULL,*tto;
   2785 	DWORD	err;
   2786 	int	ret=0;
   2787 
   2788 	if (sizeof(TCHAR) == 1)
   2789 		{
   2790 		tfrom = (TCHAR *)from;
   2791 		tto   = (TCHAR *)to;
   2792 		}
   2793 	else	/* UNICODE path */
   2794 		{
   2795 		size_t i,flen=strlen(from)+1,tlen=strlen(to)+1;
   2796 		tfrom = (TCHAR *)malloc(sizeof(TCHAR)*(flen+tlen));
   2797 		if (tfrom==NULL) goto err;
   2798 		tto=tfrom+flen;
   2799 #if !defined(_WIN32_WCE) || _WIN32_WCE>=101
   2800 		if (!MultiByteToWideChar(CP_ACP,0,from,flen,(WCHAR *)tfrom,flen))
   2801 #endif
   2802 			for (i=0;i<flen;i++)	tfrom[i]=(TCHAR)from[i];
   2803 #if !defined(_WIN32_WCE) || _WIN32_WCE>=101
   2804 		if (!MultiByteToWideChar(CP_ACP,0,to,  tlen,(WCHAR *)tto,  tlen))
   2805 #endif
   2806 			for (i=0;i<tlen;i++)	tto[i]  =(TCHAR)to[i];
   2807 		}
   2808 
   2809 	if (MoveFile(tfrom,tto))	goto ok;
   2810 	err=GetLastError();
   2811 	if (err==ERROR_ALREADY_EXISTS || err==ERROR_FILE_EXISTS)
   2812 		{
   2813 		if (DeleteFile(tto) && MoveFile(tfrom,tto))
   2814 			goto ok;
   2815 		err=GetLastError();
   2816 		}
   2817 	if (err==ERROR_FILE_NOT_FOUND || err==ERROR_PATH_NOT_FOUND)
   2818 		errno = ENOENT;
   2819 	else if (err==ERROR_ACCESS_DENIED)
   2820 		errno = EACCES;
   2821 	else
   2822 		errno = EINVAL;	/* we could map more codes... */
   2823 err:
   2824 	ret=-1;
   2825 ok:
   2826 	if (tfrom!=NULL && tfrom!=(TCHAR *)from)	free(tfrom);
   2827 	return ret;
   2828 	}
   2829 #endif
   2830 
   2831 /* app_tminterval section */
   2832 #if defined(_WIN32)
   2833 double app_tminterval(int stop,int usertime)
   2834 	{
   2835 	FILETIME		now;
   2836 	double			ret=0;
   2837 	static ULARGE_INTEGER	tmstart;
   2838 	static int		warning=1;
   2839 #ifdef _WIN32_WINNT
   2840 	static HANDLE		proc=NULL;
   2841 
   2842 	if (proc==NULL)
   2843 		{
   2844 		if (GetVersion() < 0x80000000)
   2845 			proc = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,
   2846 						GetCurrentProcessId());
   2847 		if (proc==NULL) proc = (HANDLE)-1;
   2848 		}
   2849 
   2850 	if (usertime && proc!=(HANDLE)-1)
   2851 		{
   2852 		FILETIME junk;
   2853 		GetProcessTimes(proc,&junk,&junk,&junk,&now);
   2854 		}
   2855 	else
   2856 #endif
   2857 		{
   2858 		SYSTEMTIME systime;
   2859 
   2860 		if (usertime && warning)
   2861 			{
   2862 			BIO_printf(bio_err,"To get meaningful results, run "
   2863 					   "this program on idle system.\n");
   2864 			warning=0;
   2865 			}
   2866 		GetSystemTime(&systime);
   2867 		SystemTimeToFileTime(&systime,&now);
   2868 		}
   2869 
   2870 	if (stop==TM_START)
   2871 		{
   2872 		tmstart.u.LowPart  = now.dwLowDateTime;
   2873 		tmstart.u.HighPart = now.dwHighDateTime;
   2874 		}
   2875 	else	{
   2876 		ULARGE_INTEGER tmstop;
   2877 
   2878 		tmstop.u.LowPart   = now.dwLowDateTime;
   2879 		tmstop.u.HighPart  = now.dwHighDateTime;
   2880 
   2881 		ret = (__int64)(tmstop.QuadPart - tmstart.QuadPart)*1e-7;
   2882 		}
   2883 
   2884 	return (ret);
   2885 	}
   2886 
   2887 #elif defined(OPENSSL_SYS_NETWARE)
   2888 #include <time.h>
   2889 
   2890 double app_tminterval(int stop,int usertime)
   2891 	{
   2892 	double		ret=0;
   2893 	static clock_t	tmstart;
   2894 	static int	warning=1;
   2895 
   2896 	if (usertime && warning)
   2897 		{
   2898 		BIO_printf(bio_err,"To get meaningful results, run "
   2899 				   "this program on idle system.\n");
   2900 		warning=0;
   2901 		}
   2902 
   2903 	if (stop==TM_START)	tmstart = clock();
   2904 	else			ret     = (clock()-tmstart)/(double)CLOCKS_PER_SEC;
   2905 
   2906 	return (ret);
   2907 	}
   2908 
   2909 #elif defined(OPENSSL_SYSTEM_VXWORKS)
   2910 #include <time.h>
   2911 
   2912 double app_tminterval(int stop,int usertime)
   2913 	{
   2914 	double ret=0;
   2915 #ifdef CLOCK_REALTIME
   2916 	static struct timespec	tmstart;
   2917 	struct timespec		now;
   2918 #else
   2919 	static unsigned long	tmstart;
   2920 	unsigned long		now;
   2921 #endif
   2922 	static int warning=1;
   2923 
   2924 	if (usertime && warning)
   2925 		{
   2926 		BIO_printf(bio_err,"To get meaningful results, run "
   2927 				   "this program on idle system.\n");
   2928 		warning=0;
   2929 		}
   2930 
   2931 #ifdef CLOCK_REALTIME
   2932 	clock_gettime(CLOCK_REALTIME,&now);
   2933 	if (stop==TM_START)	tmstart = now;
   2934 	else	ret = ( (now.tv_sec+now.tv_nsec*1e-9)
   2935 			- (tmstart.tv_sec+tmstart.tv_nsec*1e-9) );
   2936 #else
   2937 	now = tickGet();
   2938 	if (stop==TM_START)	tmstart = now;
   2939 	else			ret = (now - tmstart)/(double)sysClkRateGet();
   2940 #endif
   2941 	return (ret);
   2942 	}
   2943 
   2944 #elif defined(OPENSSL_SYSTEM_VMS)
   2945 #include <time.h>
   2946 #include <times.h>
   2947 
   2948 double app_tminterval(int stop,int usertime)
   2949 	{
   2950 	static clock_t	tmstart;
   2951 	double		ret = 0;
   2952 	clock_t		now;
   2953 #ifdef __TMS
   2954 	struct tms	rus;
   2955 
   2956 	now = times(&rus);
   2957 	if (usertime)	now = rus.tms_utime;
   2958 #else
   2959 	if (usertime)
   2960 		now = clock(); /* sum of user and kernel times */
   2961 	else	{
   2962 		struct timeval tv;
   2963 		gettimeofday(&tv,NULL);
   2964 		now = (clock_t)(
   2965 			(unsigned long long)tv.tv_sec*CLK_TCK +
   2966 			(unsigned long long)tv.tv_usec*(1000000/CLK_TCK)
   2967 			);
   2968 		}
   2969 #endif
   2970 	if (stop==TM_START)	tmstart = now;
   2971 	else			ret = (now - tmstart)/(double)(CLK_TCK);
   2972 
   2973 	return (ret);
   2974 	}
   2975 
   2976 #elif defined(_SC_CLK_TCK)	/* by means of unistd.h */
   2977 #include <sys/times.h>
   2978 
   2979 double app_tminterval(int stop,int usertime)
   2980 	{
   2981 	double		ret = 0;
   2982 	struct tms	rus;
   2983 	clock_t		now = times(&rus);
   2984 	static clock_t	tmstart;
   2985 
   2986 	if (usertime)		now = rus.tms_utime;
   2987 
   2988 	if (stop==TM_START)	tmstart = now;
   2989 	else
   2990 		{
   2991 		long int tck = sysconf(_SC_CLK_TCK);
   2992 		ret = (now - tmstart)/(double)tck;
   2993 		}
   2994 
   2995 	return (ret);
   2996 	}
   2997 
   2998 #else
   2999 #include <sys/time.h>
   3000 #include <sys/resource.h>
   3001 
   3002 double app_tminterval(int stop,int usertime)
   3003 	{
   3004 	double		ret = 0;
   3005 	struct rusage	rus;
   3006 	struct timeval	now;
   3007 	static struct timeval tmstart;
   3008 
   3009 	if (usertime)		getrusage(RUSAGE_SELF,&rus), now = rus.ru_utime;
   3010 	else			gettimeofday(&now,NULL);
   3011 
   3012 	if (stop==TM_START)	tmstart = now;
   3013 	else			ret = ( (now.tv_sec+now.tv_usec*1e-6)
   3014 					- (tmstart.tv_sec+tmstart.tv_usec*1e-6) );
   3015 
   3016 	return ret;
   3017 	}
   3018 #endif
   3019 
   3020 /* app_isdir section */
   3021 #ifdef _WIN32
   3022 int app_isdir(const char *name)
   3023 	{
   3024 	HANDLE		hList;
   3025 	WIN32_FIND_DATA	FileData;
   3026 #if defined(UNICODE) || defined(_UNICODE)
   3027 	size_t i, len_0 = strlen(name)+1;
   3028 
   3029 	if (len_0 > sizeof(FileData.cFileName)/sizeof(FileData.cFileName[0]))
   3030 		return -1;
   3031 
   3032 #if !defined(_WIN32_WCE) || _WIN32_WCE>=101
   3033 	if (!MultiByteToWideChar(CP_ACP,0,name,len_0,FileData.cFileName,len_0))
   3034 #endif
   3035 		for (i=0;i<len_0;i++)
   3036 			FileData.cFileName[i] = (WCHAR)name[i];
   3037 
   3038 	hList = FindFirstFile(FileData.cFileName,&FileData);
   3039 #else
   3040 	hList = FindFirstFile(name,&FileData);
   3041 #endif
   3042 	if (hList == INVALID_HANDLE_VALUE)	return -1;
   3043 	FindClose(hList);
   3044 	return ((FileData.dwFileAttributes&FILE_ATTRIBUTE_DIRECTORY)!=0);
   3045 	}
   3046 #else
   3047 #include <sys/stat.h>
   3048 #ifndef S_ISDIR
   3049 # if defined(_S_IFMT) && defined(_S_IFDIR)
   3050 #  define S_ISDIR(a)   (((a) & _S_IFMT) == _S_IFDIR)
   3051 # else
   3052 #  define S_ISDIR(a)   (((a) & S_IFMT) == S_IFDIR)
   3053 # endif
   3054 #endif
   3055 
   3056 int app_isdir(const char *name)
   3057 	{
   3058 #if defined(S_ISDIR)
   3059 	struct stat st;
   3060 
   3061 	if (stat(name,&st)==0)	return S_ISDIR(st.st_mode);
   3062 	else			return -1;
   3063 #else
   3064 	return -1;
   3065 #endif
   3066 	}
   3067 #endif
   3068 
   3069 /* raw_read|write section */
   3070 #if defined(_WIN32) && defined(STD_INPUT_HANDLE)
   3071 int raw_read_stdin(void *buf,int siz)
   3072 	{
   3073 	DWORD n;
   3074 	if (ReadFile(GetStdHandle(STD_INPUT_HANDLE),buf,siz,&n,NULL))
   3075 		return (n);
   3076 	else	return (-1);
   3077 	}
   3078 #else
   3079 int raw_read_stdin(void *buf,int siz)
   3080 	{	return read(fileno(stdin),buf,siz);	}
   3081 #endif
   3082 
   3083 #if defined(_WIN32) && defined(STD_OUTPUT_HANDLE)
   3084 int raw_write_stdout(const void *buf,int siz)
   3085 	{
   3086 	DWORD n;
   3087 	if (WriteFile(GetStdHandle(STD_OUTPUT_HANDLE),buf,siz,&n,NULL))
   3088 		return (n);
   3089 	else	return (-1);
   3090 	}
   3091 #else
   3092 int raw_write_stdout(const void *buf,int siz)
   3093 	{	return write(fileno(stdout),buf,siz);	}
   3094 #endif
   3095