apps.h@ 91772

Last change on this file since 91772 was 91772, checked in by vboxsync, 3 years ago
openssl-1.1.1l: Applied and adjusted our OpenSSL changes to 1.1.1l. bugref:10126
File size: 24.7 KB

Line
1	/*
2	* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the OpenSSL license (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	#ifndef OSSL_APPS_H
11	# define OSSL_APPS_H
12
13	# include "e_os.h" /* struct timeval for DTLS */
14	# include "internal/nelem.h"
15	# include <assert.h>
16
17	# include <sys/types.h>
18	# ifndef OPENSSL_NO_POSIX_IO
19	# include <sys/stat.h>
20	# include <fcntl.h>
21	# endif
22
23	# include <openssl/e_os2.h>
24	# include <openssl/ossl_typ.h>
25	# include <openssl/bio.h>
26	# include <openssl/x509.h>
27	# include <openssl/conf.h>
28	# include <openssl/txt_db.h>
29	# include <openssl/engine.h>
30	# include <openssl/ocsp.h>
31	# include <signal.h>
32
33	# if defined(OPENSSL_SYS_WIN32) \|\| defined(OPENSSL_SYS_WINCE)
34	# define openssl_fdset(a,b) FD_SET((unsigned int)a, b)
35	# else
36	# define openssl_fdset(a,b) FD_SET(a, b)
37	# endif
38
39	/*
40	* quick macro when you need to pass an unsigned char instead of a char.
41	* this is true for some implementations of the is*() functions, for
42	* example.
43	*/
44	#define _UC(c) ((unsigned char)(c))
45
46	void app_RAND_load_conf(CONF c, const char section);
47	void app_RAND_write(void);
48
49	extern char *default_config_file;
50	extern BIO *bio_in;
51	extern BIO *bio_out;
52	extern BIO *bio_err;
53	extern const unsigned char tls13_aes128gcmsha256_id[];
54	extern const unsigned char tls13_aes256gcmsha384_id[];
55	extern BIO_ADDR *ourpeer;
56
57	BIO_METHOD *apps_bf_prefix(void);
58	/*
59	* The control used to set the prefix with BIO_ctrl()
60	* We make it high enough so the chance of ever clashing with the BIO library
61	* remains unlikely for the foreseeable future and beyond.
62	*/
63	#define PREFIX_CTRL_SET_PREFIX (1 << 15)
64	/*
65	* apps_bf_prefix() returns a dynamically created BIO_METHOD, which we
66	* need to destroy at some point. When created internally, it's stored
67	* in an internal pointer which can be freed with the following function
68	*/
69	void destroy_prefix_method(void);
70
71	BIO *dup_bio_in(int format);
72	BIO *dup_bio_out(int format);
73	BIO *dup_bio_err(int format);
74	BIO bio_open_owner(const char filename, int format, int private);
75	BIO bio_open_default(const char filename, char mode, int format);
76	BIO bio_open_default_quiet(const char filename, char mode, int format);
77	CONF app_load_config_bio(BIO in, const char *filename);
78	CONF app_load_config(const char filename);
79	CONF app_load_config_quiet(const char filename);
80	int app_load_modules(const CONF *config);
81	void unbuffer(FILE *fp);
82	void wait_for_async(SSL *s);
83	# if defined(OPENSSL_SYS_MSDOS)
84	int has_stdin_waiting(void);
85	# endif
86
87	void corrupt_signature(const ASN1_STRING *signature);
88	int set_cert_times(X509 x, const char startdate, const char *enddate,
89	int days);
90
91	/*
92	* Common verification options.
93	*/
94	# define OPT_V_ENUM \
95	OPT_V__FIRST=2000, \
96	OPT_V_POLICY, OPT_V_PURPOSE, OPT_V_VERIFY_NAME, OPT_V_VERIFY_DEPTH, \
97	OPT_V_ATTIME, OPT_V_VERIFY_HOSTNAME, OPT_V_VERIFY_EMAIL, \
98	OPT_V_VERIFY_IP, OPT_V_IGNORE_CRITICAL, OPT_V_ISSUER_CHECKS, \
99	OPT_V_CRL_CHECK, OPT_V_CRL_CHECK_ALL, OPT_V_POLICY_CHECK, \
100	OPT_V_EXPLICIT_POLICY, OPT_V_INHIBIT_ANY, OPT_V_INHIBIT_MAP, \
101	OPT_V_X509_STRICT, OPT_V_EXTENDED_CRL, OPT_V_USE_DELTAS, \
102	OPT_V_POLICY_PRINT, OPT_V_CHECK_SS_SIG, OPT_V_TRUSTED_FIRST, \
103	OPT_V_SUITEB_128_ONLY, OPT_V_SUITEB_128, OPT_V_SUITEB_192, \
104	OPT_V_PARTIAL_CHAIN, OPT_V_NO_ALT_CHAINS, OPT_V_NO_CHECK_TIME, \
105	OPT_V_VERIFY_AUTH_LEVEL, OPT_V_ALLOW_PROXY_CERTS, \
106	OPT_V__LAST
107
108	# define OPT_V_OPTIONS \
109	{ "policy", OPT_V_POLICY, 's', "adds policy to the acceptable policy set"}, \
110	{ "purpose", OPT_V_PURPOSE, 's', \
111	"certificate chain purpose"}, \
112	{ "verify_name", OPT_V_VERIFY_NAME, 's', "verification policy name"}, \
113	{ "verify_depth", OPT_V_VERIFY_DEPTH, 'n', \
114	"chain depth limit" }, \
115	{ "auth_level", OPT_V_VERIFY_AUTH_LEVEL, 'n', \
116	"chain authentication security level" }, \
117	{ "attime", OPT_V_ATTIME, 'M', "verification epoch time" }, \
118	{ "verify_hostname", OPT_V_VERIFY_HOSTNAME, 's', \
119	"expected peer hostname" }, \
120	{ "verify_email", OPT_V_VERIFY_EMAIL, 's', \
121	"expected peer email" }, \
122	{ "verify_ip", OPT_V_VERIFY_IP, 's', \
123	"expected peer IP address" }, \
124	{ "ignore_critical", OPT_V_IGNORE_CRITICAL, '-', \
125	"permit unhandled critical extensions"}, \
126	{ "issuer_checks", OPT_V_ISSUER_CHECKS, '-', "(deprecated)"}, \
127	{ "crl_check", OPT_V_CRL_CHECK, '-', "check leaf certificate revocation" }, \
128	{ "crl_check_all", OPT_V_CRL_CHECK_ALL, '-', "check full chain revocation" }, \
129	{ "policy_check", OPT_V_POLICY_CHECK, '-', "perform rfc5280 policy checks"}, \
130	{ "explicit_policy", OPT_V_EXPLICIT_POLICY, '-', \
131	"set policy variable require-explicit-policy"}, \
132	{ "inhibit_any", OPT_V_INHIBIT_ANY, '-', \
133	"set policy variable inhibit-any-policy"}, \
134	{ "inhibit_map", OPT_V_INHIBIT_MAP, '-', \
135	"set policy variable inhibit-policy-mapping"}, \
136	{ "x509_strict", OPT_V_X509_STRICT, '-', \
137	"disable certificate compatibility work-arounds"}, \
138	{ "extended_crl", OPT_V_EXTENDED_CRL, '-', \
139	"enable extended CRL features"}, \
140	{ "use_deltas", OPT_V_USE_DELTAS, '-', \
141	"use delta CRLs"}, \
142	{ "policy_print", OPT_V_POLICY_PRINT, '-', \
143	"print policy processing diagnostics"}, \
144	{ "check_ss_sig", OPT_V_CHECK_SS_SIG, '-', \
145	"check root CA self-signatures"}, \
146	{ "trusted_first", OPT_V_TRUSTED_FIRST, '-', \
147	"search trust store first (default)" }, \
148	{ "suiteB_128_only", OPT_V_SUITEB_128_ONLY, '-', "Suite B 128-bit-only mode"}, \
149	{ "suiteB_128", OPT_V_SUITEB_128, '-', \
150	"Suite B 128-bit mode allowing 192-bit algorithms"}, \
151	{ "suiteB_192", OPT_V_SUITEB_192, '-', "Suite B 192-bit-only mode" }, \
152	{ "partial_chain", OPT_V_PARTIAL_CHAIN, '-', \
153	"accept chains anchored by intermediate trust-store CAs"}, \
154	{ "no_alt_chains", OPT_V_NO_ALT_CHAINS, '-', "(deprecated)" }, \
155	{ "no_check_time", OPT_V_NO_CHECK_TIME, '-', "ignore certificate validity time" }, \
156	{ "allow_proxy_certs", OPT_V_ALLOW_PROXY_CERTS, '-', "allow the use of proxy certificates" }
157
158	# define OPT_V_CASES \
159	OPT_V__FIRST: case OPT_V__LAST: break; \
160	case OPT_V_POLICY: \
161	case OPT_V_PURPOSE: \
162	case OPT_V_VERIFY_NAME: \
163	case OPT_V_VERIFY_DEPTH: \
164	case OPT_V_VERIFY_AUTH_LEVEL: \
165	case OPT_V_ATTIME: \
166	case OPT_V_VERIFY_HOSTNAME: \
167	case OPT_V_VERIFY_EMAIL: \
168	case OPT_V_VERIFY_IP: \
169	case OPT_V_IGNORE_CRITICAL: \
170	case OPT_V_ISSUER_CHECKS: \
171	case OPT_V_CRL_CHECK: \
172	case OPT_V_CRL_CHECK_ALL: \
173	case OPT_V_POLICY_CHECK: \
174	case OPT_V_EXPLICIT_POLICY: \
175	case OPT_V_INHIBIT_ANY: \
176	case OPT_V_INHIBIT_MAP: \
177	case OPT_V_X509_STRICT: \
178	case OPT_V_EXTENDED_CRL: \
179	case OPT_V_USE_DELTAS: \
180	case OPT_V_POLICY_PRINT: \
181	case OPT_V_CHECK_SS_SIG: \
182	case OPT_V_TRUSTED_FIRST: \
183	case OPT_V_SUITEB_128_ONLY: \
184	case OPT_V_SUITEB_128: \
185	case OPT_V_SUITEB_192: \
186	case OPT_V_PARTIAL_CHAIN: \
187	case OPT_V_NO_ALT_CHAINS: \
188	case OPT_V_NO_CHECK_TIME: \
189	case OPT_V_ALLOW_PROXY_CERTS
190
191	/*
192	* Common "extended validation" options.
193	*/
194	# define OPT_X_ENUM \
195	OPT_X__FIRST=1000, \
196	OPT_X_KEY, OPT_X_CERT, OPT_X_CHAIN, OPT_X_CHAIN_BUILD, \
197	OPT_X_CERTFORM, OPT_X_KEYFORM, \
198	OPT_X__LAST
199
200	# define OPT_X_OPTIONS \
201	{ "xkey", OPT_X_KEY, '<', "key for Extended certificates"}, \
202	{ "xcert", OPT_X_CERT, '<', "cert for Extended certificates"}, \
203	{ "xchain", OPT_X_CHAIN, '<', "chain for Extended certificates"}, \
204	{ "xchain_build", OPT_X_CHAIN_BUILD, '-', \
205	"build certificate chain for the extended certificates"}, \
206	{ "xcertform", OPT_X_CERTFORM, 'F', \
207	"format of Extended certificate (PEM or DER) PEM default " }, \
208	{ "xkeyform", OPT_X_KEYFORM, 'F', \
209	"format of Extended certificate's key (PEM or DER) PEM default"}
210
211	# define OPT_X_CASES \
212	OPT_X__FIRST: case OPT_X__LAST: break; \
213	case OPT_X_KEY: \
214	case OPT_X_CERT: \
215	case OPT_X_CHAIN: \
216	case OPT_X_CHAIN_BUILD: \
217	case OPT_X_CERTFORM: \
218	case OPT_X_KEYFORM
219
220	/*
221	* Common SSL options.
222	* Any changes here must be coordinated with ../ssl/ssl_conf.c
223	*/
224	# define OPT_S_ENUM \
225	OPT_S__FIRST=3000, \
226	OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \
227	OPT_S_NOTLS1_3, OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET, \
228	OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \
229	OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_ALLOW_NO_DHE_KEX, \
230	OPT_S_PRIORITIZE_CHACHA, \
231	OPT_S_STRICT, OPT_S_SIGALGS, OPT_S_CLIENTSIGALGS, OPT_S_GROUPS, \
232	OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, OPT_S_CIPHERSUITES, \
233	OPT_S_RECORD_PADDING, OPT_S_DEBUGBROKE, OPT_S_COMP, \
234	OPT_S_MINPROTO, OPT_S_MAXPROTO, \
235	OPT_S_NO_RENEGOTIATION, OPT_S_NO_MIDDLEBOX, OPT_S__LAST
236
237	# define OPT_S_OPTIONS \
238	{"no_ssl3", OPT_S_NOSSL3, '-',"Just disable SSLv3" }, \
239	{"no_tls1", OPT_S_NOTLS1, '-', "Just disable TLSv1"}, \
240	{"no_tls1_1", OPT_S_NOTLS1_1, '-', "Just disable TLSv1.1" }, \
241	{"no_tls1_2", OPT_S_NOTLS1_2, '-', "Just disable TLSv1.2"}, \
242	{"no_tls1_3", OPT_S_NOTLS1_3, '-', "Just disable TLSv1.3"}, \
243	{"bugs", OPT_S_BUGS, '-', "Turn on SSL bug compatibility"}, \
244	{"no_comp", OPT_S_NO_COMP, '-', "Disable SSL/TLS compression (default)" }, \
245	{"comp", OPT_S_COMP, '-', "Use SSL/TLS-level compression" }, \
246	{"no_ticket", OPT_S_NOTICKET, '-', \
247	"Disable use of TLS session tickets"}, \
248	{"serverpref", OPT_S_SERVERPREF, '-', "Use server's cipher preferences"}, \
249	{"legacy_renegotiation", OPT_S_LEGACYRENEG, '-', \
250	"Enable use of legacy renegotiation (dangerous)"}, \
251	{"no_renegotiation", OPT_S_NO_RENEGOTIATION, '-', \
252	"Disable all renegotiation."}, \
253	{"legacy_server_connect", OPT_S_LEGACYCONN, '-', \
254	"Allow initial connection to servers that don't support RI"}, \
255	{"no_resumption_on_reneg", OPT_S_ONRESUMP, '-', \
256	"Disallow session resumption on renegotiation"}, \
257	{"no_legacy_server_connect", OPT_S_NOLEGACYCONN, '-', \
258	"Disallow initial connection to servers that don't support RI"}, \
259	{"allow_no_dhe_kex", OPT_S_ALLOW_NO_DHE_KEX, '-', \
260	"In TLSv1.3 allow non-(ec)dhe based key exchange on resumption"}, \
261	{"prioritize_chacha", OPT_S_PRIORITIZE_CHACHA, '-', \
262	"Prioritize ChaCha ciphers when preferred by clients"}, \
263	{"strict", OPT_S_STRICT, '-', \
264	"Enforce strict certificate checks as per TLS standard"}, \
265	{"sigalgs", OPT_S_SIGALGS, 's', \
266	"Signature algorithms to support (colon-separated list)" }, \
267	{"client_sigalgs", OPT_S_CLIENTSIGALGS, 's', \
268	"Signature algorithms to support for client certificate" \
269	" authentication (colon-separated list)" }, \
270	{"groups", OPT_S_GROUPS, 's', \
271	"Groups to advertise (colon-separated list)" }, \
272	{"curves", OPT_S_CURVES, 's', \
273	"Groups to advertise (colon-separated list)" }, \
274	{"named_curve", OPT_S_NAMEDCURVE, 's', \
275	"Elliptic curve used for ECDHE (server-side only)" }, \
276	{"cipher", OPT_S_CIPHER, 's', "Specify TLSv1.2 and below cipher list to be used"}, \
277	{"ciphersuites", OPT_S_CIPHERSUITES, 's', "Specify TLSv1.3 ciphersuites to be used"}, \
278	{"min_protocol", OPT_S_MINPROTO, 's', "Specify the minimum protocol version to be used"}, \
279	{"max_protocol", OPT_S_MAXPROTO, 's', "Specify the maximum protocol version to be used"}, \
280	{"record_padding", OPT_S_RECORD_PADDING, 's', \
281	"Block size to pad TLS 1.3 records to."}, \
282	{"debug_broken_protocol", OPT_S_DEBUGBROKE, '-', \
283	"Perform all sorts of protocol violations for testing purposes"}, \
284	{"no_middlebox", OPT_S_NO_MIDDLEBOX, '-', \
285	"Disable TLSv1.3 middlebox compat mode" }
286
287	# define OPT_S_CASES \
288	OPT_S__FIRST: case OPT_S__LAST: break; \
289	case OPT_S_NOSSL3: \
290	case OPT_S_NOTLS1: \
291	case OPT_S_NOTLS1_1: \
292	case OPT_S_NOTLS1_2: \
293	case OPT_S_NOTLS1_3: \
294	case OPT_S_BUGS: \
295	case OPT_S_NO_COMP: \
296	case OPT_S_COMP: \
297	case OPT_S_NOTICKET: \
298	case OPT_S_SERVERPREF: \
299	case OPT_S_LEGACYRENEG: \
300	case OPT_S_LEGACYCONN: \
301	case OPT_S_ONRESUMP: \
302	case OPT_S_NOLEGACYCONN: \
303	case OPT_S_ALLOW_NO_DHE_KEX: \
304	case OPT_S_PRIORITIZE_CHACHA: \
305	case OPT_S_STRICT: \
306	case OPT_S_SIGALGS: \
307	case OPT_S_CLIENTSIGALGS: \
308	case OPT_S_GROUPS: \
309	case OPT_S_CURVES: \
310	case OPT_S_NAMEDCURVE: \
311	case OPT_S_CIPHER: \
312	case OPT_S_CIPHERSUITES: \
313	case OPT_S_RECORD_PADDING: \
314	case OPT_S_NO_RENEGOTIATION: \
315	case OPT_S_MINPROTO: \
316	case OPT_S_MAXPROTO: \
317	case OPT_S_DEBUGBROKE: \
318	case OPT_S_NO_MIDDLEBOX
319
320	#define IS_NO_PROT_FLAG(o) \
321	(o == OPT_S_NOSSL3 \|\| o == OPT_S_NOTLS1 \|\| o == OPT_S_NOTLS1_1 \
322	\|\| o == OPT_S_NOTLS1_2 \|\| o == OPT_S_NOTLS1_3)
323
324	/*
325	* Random state options.
326	*/
327	# define OPT_R_ENUM \
328	OPT_R__FIRST=1500, OPT_R_RAND, OPT_R_WRITERAND, OPT_R__LAST
329
330	# define OPT_R_OPTIONS \
331	{"rand", OPT_R_RAND, 's', "Load the file(s) into the random number generator"}, \
332	{"writerand", OPT_R_WRITERAND, '>', "Write random data to the specified file"}
333
334	# define OPT_R_CASES \
335	OPT_R__FIRST: case OPT_R__LAST: break; \
336	case OPT_R_RAND: case OPT_R_WRITERAND
337
338	/*
339	* Option parsing.
340	*/
341	extern const char OPT_HELP_STR[];
342	extern const char OPT_MORE_STR[];
343	typedef struct options_st {
344	const char *name;
345	int retval;
346	/*
347	* value type: - no value (also the value zero), n number, p positive
348	* number, u unsigned, l long, s string, < input file, > output file,
349	* f any format, F der/pem format, E der/pem/engine format identifier.
350	* l, n and u include zero; p does not.
351	*/
352	int valtype;
353	const char *helpstr;
354	} OPTIONS;
355
356	/*
357	* A string/int pairing; widely use for option value lookup, hence the
358	* name OPT_PAIR. But that name is misleading in s_cb.c, so we also use
359	* the "generic" name STRINT_PAIR.
360	*/
361	typedef struct string_int_pair_st {
362	const char *name;
363	int retval;
364	} OPT_PAIR, STRINT_PAIR;
365
366	/* Flags to pass into opt_format; see FORMAT_xxx, below. */
367	# define OPT_FMT_PEMDER (1L << 1)
368	# define OPT_FMT_PKCS12 (1L << 2)
369	# define OPT_FMT_SMIME (1L << 3)
370	# define OPT_FMT_ENGINE (1L << 4)
371	# define OPT_FMT_MSBLOB (1L << 5)
372	/* (1L << 6) was OPT_FMT_NETSCAPE, but wasn't used */
373	# define OPT_FMT_NSS (1L << 7)
374	# define OPT_FMT_TEXT (1L << 8)
375	# define OPT_FMT_HTTP (1L << 9)
376	# define OPT_FMT_PVK (1L << 10)
377	# define OPT_FMT_PDE (OPT_FMT_PEMDER \| OPT_FMT_ENGINE)
378	# define OPT_FMT_PDS (OPT_FMT_PEMDER \| OPT_FMT_SMIME)
379	# define OPT_FMT_ANY ( \
380	OPT_FMT_PEMDER \| OPT_FMT_PKCS12 \| OPT_FMT_SMIME \| \
381	OPT_FMT_ENGINE \| OPT_FMT_MSBLOB \| OPT_FMT_NSS \| \
382	OPT_FMT_TEXT \| OPT_FMT_HTTP \| OPT_FMT_PVK)
383
384	char opt_progname(const char argv0);
385	char *opt_getprog(void);
386	char opt_init(int ac, char av, const OPTIONS o);
387	int opt_next(void);
388	int opt_format(const char s, unsigned long flags, int result);
389	int opt_int(const char arg, int result);
390	int opt_ulong(const char arg, unsigned long result);
391	int opt_long(const char arg, long result);
392	#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \
393	defined(INTMAX_MAX) && defined(UINTMAX_MAX)
394	int opt_imax(const char arg, intmax_t result);
395	int opt_umax(const char arg, uintmax_t result);
396	#else
397	# define opt_imax opt_long
398	# define opt_umax opt_ulong
399	# define intmax_t long
400	# define uintmax_t unsigned long
401	#endif
402	int opt_pair(const char arg, const OPT_PAIR pairs, int *result);
403	int opt_cipher(const char name, const EVP_CIPHER *cipherp);
404	int opt_md(const char name, const EVP_MD *mdp);
405	char *opt_arg(void);
406	char *opt_flag(void);
407	char *opt_unknown(void);
408	char **opt_rest(void);
409	int opt_num_rest(void);
410	int opt_verify(int i, X509_VERIFY_PARAM *vpm);
411	int opt_rand(int i);
412	void opt_help(const OPTIONS * list);
413	int opt_format_error(const char *s, unsigned long flags);
414
415	typedef struct args_st {
416	int size;
417	int argc;
418	char **argv;
419	} ARGS;
420
421	/*
422	* VMS C only for now, implemented in vms_decc_init.c
423	* If other C compilers forget to terminate argv with NULL, this function
424	* can be re-used.
425	*/
426	char *copy_argv(int argc, char *argv[]);
427	/*
428	* Win32-specific argv initialization that splits OS-supplied UNICODE
429	* command line string to array of UTF8-encoded strings.
430	*/
431	void win32_utf8argv(int argc, char *argv[]);
432
433
434	# define PW_MIN_LENGTH 4
435	typedef struct pw_cb_data {
436	const void *password;
437	const char *prompt_info;
438	} PW_CB_DATA;
439
440	int password_callback(char buf, int bufsiz, int verify, PW_CB_DATA cb_data);
441
442	int setup_ui_method(void);
443	void destroy_ui_method(void);
444	const UI_METHOD *get_ui_method(void);
445
446	int chopup_args(ARGS arg, char buf);
447	int dump_cert_text(BIO out, X509 x);
448	void print_name(BIO out, const char title, X509_NAME *nm,
449	unsigned long lflags);
450	void print_bignum_var(BIO , const BIGNUM , const char*,
451	int, unsigned char *);
452	void print_array(BIO , const char , int, const unsigned char *);
453	int set_nameopt(const char *arg);
454	unsigned long get_nameopt(void);
455	int set_cert_ex(unsigned long flags, const char arg);
456	int set_name_ex(unsigned long flags, const char arg);
457	int set_ext_copy(int copy_type, const char arg);
458	int copy_extensions(X509 x, X509_REQ req, int copy_type);
459	int app_passwd(const char arg1, const char arg2, char pass1, char pass2);
460	int add_oid_section(CONF *conf);
461	X509 load_cert(const char file, int format, const char *cert_descrip);
462	X509_CRL load_crl(const char infile, int format);
463	EVP_PKEY load_key(const char file, int format, int maybe_stdin,
464	const char pass, ENGINE e, const char *key_descrip);
465	EVP_PKEY load_pubkey(const char file, int format, int maybe_stdin,
466	const char pass, ENGINE e, const char *key_descrip);
467	int load_certs(const char file, STACK_OF(X509) *certs, int format,
468	const char pass, const char cert_descrip);
469	int load_crls(const char file, STACK_OF(X509_CRL) *crls, int format,
470	const char pass, const char cert_descrip);
471	X509_STORE setup_verify(const char CAfile, const char *CApath,
472	int noCAfile, int noCApath);
473	__owur int ctx_set_verify_locations(SSL_CTX ctx, const char CAfile,
474	const char *CApath, int noCAfile,
475	int noCApath);
476
477	#ifndef OPENSSL_NO_CT
478
479	/*
480	* Sets the file to load the Certificate Transparency log list from.
481	* If path is NULL, loads from the default file path.
482	* Returns 1 on success, 0 otherwise.
483	*/
484	__owur int ctx_set_ctlog_list_file(SSL_CTX ctx, const char path);
485
486	#endif
487
488	ENGINE setup_engine(const char engine, int debug);
489	void release_engine(ENGINE *e);
490
491	# ifndef OPENSSL_NO_OCSP
492	OCSP_RESPONSE process_responder(OCSP_REQUEST req,
493	const char host, const char path,
494	const char *port, int use_ssl,
495	STACK_OF(CONF_VALUE) *headers,
496	int req_timeout);
497	# endif
498
499	/* Functions defined in ca.c and also used in ocsp.c */
500	int unpack_revinfo(ASN1_TIME *prevtm, int preason, ASN1_OBJECT **phold,
501	ASN1_GENERALIZEDTIME *pinvtm, const char str);
502
503	# define DB_type 0
504	# define DB_exp_date 1
505	# define DB_rev_date 2
506	# define DB_serial 3 /* index - unique */
507	# define DB_file 4
508	# define DB_name 5 /* index - unique when active and not
509	* disabled */
510	# define DB_NUMBER 6
511
512	# define DB_TYPE_REV 'R' /* Revoked */
513	# define DB_TYPE_EXP 'E' /* Expired */
514	# define DB_TYPE_VAL 'V' /* Valid ; inserted with: ca ... -valid */
515	# define DB_TYPE_SUSP 'S' /* Suspended */
516
517	typedef struct db_attr_st {
518	int unique_subject;
519	} DB_ATTR;
520	typedef struct ca_db_st {
521	DB_ATTR attributes;
522	TXT_DB *db;
523	char *dbfname;
524	# ifndef OPENSSL_NO_POSIX_IO
525	struct stat dbst;
526	# endif
527	} CA_DB;
528
529	void* app_malloc(int sz, const char *what);
530	BIGNUM load_serial(const char serialfile, int create, ASN1_INTEGER **retai);
531	int save_serial(const char serialfile, const char suffix, const BIGNUM *serial,
532	ASN1_INTEGER **retai);
533	int rotate_serial(const char serialfile, const char new_suffix,
534	const char *old_suffix);
535	int rand_serial(BIGNUM b, ASN1_INTEGER ai);
536	CA_DB load_index(const char dbfile, DB_ATTR *dbattr);
537	int index_index(CA_DB *db);
538	int save_index(const char dbfile, const char suffix, CA_DB *db);
539	int rotate_index(const char dbfile, const char new_suffix,
540	const char *old_suffix);
541	void free_index(CA_DB *db);
542	# define index_name_cmp_noconst(a, b) \
543	index_name_cmp((const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, a), \
544	(const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, b))
545	int index_name_cmp(const OPENSSL_CSTRING a, const OPENSSL_CSTRING b);
546	int parse_yesno(const char *str, int def);
547
548	X509_NAME parse_name(const char str, long chtype, int multirdn);
549	void policies_print(X509_STORE_CTX *ctx);
550	int bio_to_mem(unsigned char *out, int maxlen, BIO in);
551	int pkey_ctrl_string(EVP_PKEY_CTX ctx, const char value);
552	int init_gen_str(EVP_PKEY_CTX **pctx,
553	const char algname, ENGINE e, int do_param);
554	int do_X509_sign(X509 x, EVP_PKEY pkey, const EVP_MD *md,
555	STACK_OF(OPENSSL_STRING) *sigopts);
556	int do_X509_REQ_sign(X509_REQ x, EVP_PKEY pkey, const EVP_MD *md,
557	STACK_OF(OPENSSL_STRING) *sigopts);
558	int do_X509_CRL_sign(X509_CRL x, EVP_PKEY pkey, const EVP_MD *md,
559	STACK_OF(OPENSSL_STRING) *sigopts);
560
561	extern char *psk_key;
562
563
564	unsigned char next_protos_parse(size_t outlen, const char *in);
565
566	void print_cert_checks(BIO bio, X509 x,
567	const char *checkhost,
568	const char checkemail, const char checkip);
569
570	void store_setup_crl_download(X509_STORE *st);
571
572	/* See OPT_FMT_xxx, above. */
573	/* On some platforms, it's important to distinguish between text and binary
574	* files. On some, there might even be specific file formats for different
575	* contents. The FORMAT_xxx macros are meant to express an intent with the
576	* file being read or created.
577	*/
578	# define B_FORMAT_TEXT 0x8000
579	# define FORMAT_UNDEF 0
580	# define FORMAT_TEXT (1 \| B_FORMAT_TEXT) /* Generic text */
581	# define FORMAT_BINARY 2 /* Generic binary */
582	# define FORMAT_BASE64 (3 \| B_FORMAT_TEXT) /* Base64 */
583	# define FORMAT_ASN1 4 /* ASN.1/DER */
584	# define FORMAT_PEM (5 \| B_FORMAT_TEXT)
585	# define FORMAT_PKCS12 6
586	# define FORMAT_SMIME (7 \| B_FORMAT_TEXT)
587	# define FORMAT_ENGINE 8 /* Not really a file format */
588	# define FORMAT_PEMRSA (9 \| B_FORMAT_TEXT) /* PEM RSAPubicKey format */
589	# define FORMAT_ASN1RSA 10 /* DER RSAPubicKey format */
590	# define FORMAT_MSBLOB 11 /* MS Key blob format */
591	# define FORMAT_PVK 12 /* MS PVK file format */
592	# define FORMAT_HTTP 13 /* Download using HTTP */
593	# define FORMAT_NSS 14 /* NSS keylog format */
594
595	# define EXT_COPY_NONE 0
596	# define EXT_COPY_ADD 1
597	# define EXT_COPY_ALL 2
598
599	# define NETSCAPE_CERT_HDR "certificate"
600
601	# define APP_PASS_LEN 1024
602
603	/*
604	* IETF RFC 5280 says serial number must be <= 20 bytes. Use 159 bits
605	* so that the first bit will never be one, so that the DER encoding
606	* rules won't force a leading octet.
607	*/
608	# define SERIAL_RAND_BITS 159
609
610	int app_isdir(const char *);
611	int app_access(const char *, int flag);
612	int fileno_stdin(void);
613	int fileno_stdout(void);
614	int raw_read_stdin(void *, int);
615	int raw_write_stdout(const void *, int);
616
617	# define TM_START 0
618	# define TM_STOP 1
619	double app_tminterval(int stop, int usertime);
620
621	void make_uppercase(char *string);
622
623	typedef struct verify_options_st {
624	int depth;
625	int quiet;
626	int error;
627	int return_error;
628	} VERIFY_CB_ARGS;
629
630	extern VERIFY_CB_ARGS verify_args;
631
632	#endif

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/libs/openssl-1.1.1l/apps/apps.h@ 91772

Download in other formats: