This commit was generated by cvs2svn to compensate for changes in r109998,
which included commits to RCS files with non-trunk default branches.
This commit is contained in:
commit
5bd38a39ed
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=109999
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -9,6 +9,7 @@ OpenSSL - Frequently Asked Questions
|
||||
* Where can I get a compiled version of OpenSSL?
|
||||
* Why aren't tools like 'autoconf' and 'libtool' used?
|
||||
* What is an 'engine' version?
|
||||
* How do I check the authenticity of the OpenSSL distribution?
|
||||
|
||||
[LEGAL] Legal questions
|
||||
|
||||
@ -29,17 +30,22 @@ OpenSSL - Frequently Asked Questions
|
||||
* Why can't I use OpenSSL certificates with SSL client authentication?
|
||||
* Why does my browser give a warning about a mismatched hostname?
|
||||
* How do I install a CA certificate into a browser?
|
||||
* Why is OpenSSL x509 DN output not conformant to RFC2253?
|
||||
|
||||
[BUILD] Questions about building and testing OpenSSL
|
||||
|
||||
* Why does the linker complain about undefined symbols?
|
||||
* Why does the OpenSSL test fail with "bc: command not found"?
|
||||
* Why does the OpenSSL test fail with "bc: 1 no implemented"?
|
||||
* Why does the OpenSSL test fail with "bc: stack empty"?
|
||||
* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
|
||||
* Why does the OpenSSL compilation fail with "ar: command not found"?
|
||||
* Why does the OpenSSL compilation fail on Win32 with VC++?
|
||||
* What is special about OpenSSL on Redhat?
|
||||
* Why does the OpenSSL compilation fail on MacOS X?
|
||||
* Why does the OpenSSL test suite fail on MacOS X?
|
||||
* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]?
|
||||
* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?
|
||||
|
||||
[PROG] Questions about programming with OpenSSL
|
||||
|
||||
@ -53,6 +59,7 @@ OpenSSL - Frequently Asked Questions
|
||||
* Why can't the OpenSSH configure script detect OpenSSL?
|
||||
* Can I use OpenSSL's SSL library with non-blocking I/O?
|
||||
* Why doesn't my server application receive a client certificate?
|
||||
* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
|
||||
|
||||
===============================================================================
|
||||
|
||||
@ -61,7 +68,7 @@ OpenSSL - Frequently Asked Questions
|
||||
* Which is the current version of OpenSSL?
|
||||
|
||||
The current version is available from <URL: http://www.openssl.org>.
|
||||
OpenSSL 0.9.6g was released on 9 August 2002.
|
||||
OpenSSL 0.9.7 was released on December 31, 2002.
|
||||
|
||||
In addition to the current stable release, you can also access daily
|
||||
snapshots of the OpenSSL development version at <URL:
|
||||
@ -132,6 +139,19 @@ hardware. This was realized in a special release '0.9.6-engine'. With
|
||||
version 0.9.7 (not yet released) the changes were merged into the main
|
||||
development line, so that the special release is no longer necessary.
|
||||
|
||||
* How do I check the authenticity of the OpenSSL distribution?
|
||||
|
||||
We provide MD5 digests and ASC signatures of each tarball.
|
||||
Use MD5 to check that a tarball from a mirror site is identical:
|
||||
|
||||
md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5
|
||||
|
||||
You can check authenticity using pgp or gpg. You need the OpenSSL team
|
||||
member public key used to sign it (download it from a key server). Then
|
||||
just do:
|
||||
|
||||
pgp TARBALL.asc
|
||||
|
||||
[LEGAL] =======================================================================
|
||||
|
||||
* Do I need patent licenses to use OpenSSL?
|
||||
@ -222,6 +242,8 @@ support can be found at
|
||||
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski
|
||||
However, be warned that /dev/random is usually a blocking device, which
|
||||
may have some effects on OpenSSL.
|
||||
A third party /dev/random solution for Solaris is available at
|
||||
http://www.cosy.sbg.ac.at/~andi/
|
||||
|
||||
|
||||
* Why do I get an "unable to write 'random state'" error message?
|
||||
@ -348,6 +370,13 @@ DO NOT DO THIS! This command will give away your CAs private key and
|
||||
reduces its security to zero: allowing anyone to forge certificates in
|
||||
whatever name they choose.
|
||||
|
||||
* Why is OpenSSL x509 DN output not conformant to RFC2253?
|
||||
|
||||
The ways to print out the oneline format of the DN (Distinguished Name) have
|
||||
been extended in version 0.9.7 of OpenSSL. Using the new X509_NAME_print_ex()
|
||||
interface, the "-nameopt" option could be introduded. See the manual
|
||||
page of the "openssl x509" commandline tool for details. The old behaviour
|
||||
has however been left as default for the sake of compatibility.
|
||||
|
||||
[BUILD] =======================================================================
|
||||
|
||||
@ -392,6 +421,17 @@ and compile/install it. GNU bc (see http://www.gnu.org/software/software.html
|
||||
for download instructions) can be safely used, for example.
|
||||
|
||||
|
||||
* Why does the OpenSSL test fail with "bc: stack empty"?
|
||||
|
||||
On some DG/ux versions, bc seems to have a too small stack for calculations
|
||||
that the OpenSSL bntest throws at it. This gets triggered when you run the
|
||||
test suite (using "make test"). The message returned is "bc: stack empty".
|
||||
|
||||
The best way to deal with this is to find another implementation of bc
|
||||
and compile/install it. GNU bc (see http://www.gnu.org/software/software.html
|
||||
for download instructions) can be safely used, for example.
|
||||
|
||||
|
||||
* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
|
||||
|
||||
On some Alpha installations running Tru64 Unix and Compaq C, the compilation
|
||||
@ -489,6 +529,18 @@ IDEA: 5,214,703 25/05/2010
|
||||
RC5: 5,724,428 03/03/2015
|
||||
|
||||
|
||||
* Why does the OpenSSL compilation fail on MacOS X?
|
||||
|
||||
If the failure happens when trying to build the "openssl" binary, with
|
||||
a large number of undefined symbols, it's very probable that you have
|
||||
OpenSSL 0.9.6b delivered with the operating system (you can find out by
|
||||
running '/usr/bin/openssl version') and that you were trying to build
|
||||
OpenSSL 0.9.7 or newer. The problem is that the loader ('ld') in
|
||||
MacOS X has a misfeature that's quite difficult to go around.
|
||||
Look in the file PROBLEMS for a more detailed explanation and for possible
|
||||
solutions.
|
||||
|
||||
|
||||
* Why does the OpenSSL test suite fail on MacOS X?
|
||||
|
||||
If the failure happens when running 'make test' and the RC4 test fails,
|
||||
@ -502,6 +554,34 @@ libraries you just built.
|
||||
Look in the file PROBLEMS for a more detailed explanation and for possible
|
||||
solutions.
|
||||
|
||||
* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]?
|
||||
|
||||
Failure in BN_sqr test is most likely caused by a failure to configure the
|
||||
toolkit for current platform or lack of support for the platform in question.
|
||||
Run './config -t' and './apps/openssl version -p'. Do these platform
|
||||
identifiers match? If they don't, then you most likely failed to run
|
||||
./config and you're hereby advised to do so before filing a bug report.
|
||||
If ./config itself fails to run, then it's most likely problem with your
|
||||
local environment and you should turn to your system administrator (or
|
||||
similar). If identifiers match (and/or no alternative identifier is
|
||||
suggested by ./config script), then the platform is unsupported. There might
|
||||
or might not be a workaround. Most notably on SPARC64 platforms with GNU
|
||||
C compiler you should be able to produce a working build by running
|
||||
'./config -m32'. I understand that -m32 might not be what you want/need,
|
||||
but the build should be operational. For further details turn to
|
||||
<openssl-dev@openssl.org>.
|
||||
|
||||
* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?
|
||||
|
||||
As of 0.9.7 assembler routines were overhauled for position independence
|
||||
of the machine code, which is essential for shared library support. For
|
||||
some reason OpenBSD is equipped with an out-of-date GNU assembler which
|
||||
finds the new code offensive. To work around the problem, configure with
|
||||
no-asm (and sacrifice a great deal of performance) or upgrade /usr/bin/as.
|
||||
For your convenience a pre-compiled replacement binary is provided at
|
||||
http://www.openssl.org/~appro/i386-openbsd3-as, which is compiled from
|
||||
binutils-2.8 released in 1997.
|
||||
|
||||
[PROG] ========================================================================
|
||||
|
||||
* Is OpenSSL thread-safe?
|
||||
@ -667,5 +747,13 @@ if explicitly asked by the server. Use the SSL_VERIFY_PEER flag of the
|
||||
SSL_CTX_set_verify() function to enable the use of client certificates.
|
||||
|
||||
|
||||
* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
|
||||
|
||||
For OpenSSL 0.9.7 the OID table was extended and corrected. In earlier
|
||||
versions, uniqueIdentifier was incorrectly used for X.509 certificates.
|
||||
The correct name according to RFC2256 (LDAP) is x500UniqueIdentifier.
|
||||
Change your code to use the new name when compiling against OpenSSL 0.9.7.
|
||||
|
||||
|
||||
===============================================================================
|
||||
|
||||
|
@ -2,8 +2,10 @@
|
||||
INSTALLATION ON THE UNIX PLATFORM
|
||||
---------------------------------
|
||||
|
||||
[Installation on Windows, OpenVMS and MacOS (before MacOS X) is described
|
||||
in INSTALL.W32, INSTALL.VMS and INSTALL.MacOS.]
|
||||
[Installation on DOS (with djgpp), Windows, OpenVMS and MacOS (before MacOS X)
|
||||
is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS and INSTALL.MacOS.
|
||||
This document describes installation on operating systems in the Unix
|
||||
family.]
|
||||
|
||||
To install OpenSSL, you will need:
|
||||
|
||||
@ -53,6 +55,15 @@
|
||||
This will usually require additional system-dependent options!
|
||||
See "Note on multi-threading" below.
|
||||
|
||||
no-zlib Don't try to build with support for zlib compression and
|
||||
decompression.
|
||||
|
||||
zlib Build with support for zlib compression/decompression.
|
||||
|
||||
zlib-dynamic Like "zlib", but has OpenSSL load the zlib library dynamically
|
||||
when needed. This is only supported on systems where loading
|
||||
of shared libraries is supported. This is the default choice.
|
||||
|
||||
no-shared Don't try to create shared libraries.
|
||||
|
||||
shared In addition to the usual static libraries, create shared
|
||||
@ -129,8 +140,8 @@
|
||||
standard headers). If it is a problem with OpenSSL itself, please
|
||||
report the problem to <openssl-bugs@openssl.org> (note that your
|
||||
message will be recorded in the request tracker publicly readable
|
||||
via http://www.openssl.org/rt2.html and will be forwarded to a public
|
||||
mailing list). Include the output of "make report" in your message.
|
||||
via http://www.openssl.org/support/rt2.html and will be forwarded to a
|
||||
public mailing list). Include the output of "make report" in your message.
|
||||
Please check out the request tracker. Maybe the bug was already
|
||||
reported or has already been fixed.
|
||||
|
||||
@ -151,7 +162,7 @@
|
||||
in Makefile.ssl and run "make clean; make". Please send a bug
|
||||
report to <openssl-bugs@openssl.org>, including the output of
|
||||
"make report" in order to be added to the request tracker at
|
||||
http://www.openssl.org/rt2.html.
|
||||
http://www.openssl.org/support/rt2.html.
|
||||
|
||||
4. If everything tests ok, install OpenSSL with
|
||||
|
||||
@ -285,3 +296,15 @@
|
||||
targets for shared library creation, like linux-shared. Those targets
|
||||
can currently be used on their own just as well, but this is expected
|
||||
to change in future versions of OpenSSL.
|
||||
|
||||
Note on random number generation
|
||||
--------------------------------
|
||||
|
||||
Availability of cryptographically secure random numbers is required for
|
||||
secret key generation. OpenSSL provides several options to seed the
|
||||
internal PRNG. If not properly seeded, the internal PRNG will refuse
|
||||
to deliver random bytes and a "PRNG not seeded error" will occur.
|
||||
On systems without /dev/urandom (or similar) device, it may be necessary
|
||||
to install additional support software to obtain random seed.
|
||||
Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
|
||||
and the FAQ for more information.
|
||||
|
@ -15,6 +15,11 @@ OPTIONS=
|
||||
CONFIGURE_ARGS=
|
||||
SHLIB_TARGET=
|
||||
|
||||
# HERE indicates where this Makefile lives. This can be used to indicate
|
||||
# where sub-Makefiles are expected to be. Currently has very limited usage,
|
||||
# and should probably not be bothered with at all.
|
||||
HERE=.
|
||||
|
||||
# INSTALL_PREFIX is for package builders so that they can configure
|
||||
# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
|
||||
# Normally it is left empty.
|
||||
@ -24,7 +29,6 @@ INSTALLTOP=/usr/local/ssl
|
||||
# Do not edit this manually. Use Configure --openssldir=DIR do change this!
|
||||
OPENSSLDIR=/usr/local/ssl
|
||||
|
||||
# RSAref - Define if we are to link with RSAref.
|
||||
# NO_IDEA - Define to build without the IDEA algorithm
|
||||
# NO_RC4 - Define to build without the RC4 algorithm
|
||||
# NO_RC2 - Define to build without the RC2 algorithm
|
||||
@ -60,11 +64,13 @@ DEPFLAG=
|
||||
PEX_LIBS=
|
||||
EX_LIBS=
|
||||
EXE_EXT=
|
||||
AR=ar r
|
||||
ARFLAGS=
|
||||
AR=ar $(ARFLAGS) r
|
||||
RANLIB= ranlib
|
||||
PERL= perl
|
||||
TAR= tar
|
||||
TARFLAGS= --no-recursion
|
||||
MAKEDEPPROG=makedepend
|
||||
|
||||
# Set BN_ASM to bn_asm.o if you want to use the C version
|
||||
BN_ASM= bn_asm.o
|
||||
@ -151,20 +157,27 @@ RMD160_ASM_OBJ= asm/rm86-out.o
|
||||
#RMD160_ASM_OBJ= asm/rm86-out.o # a.out, FreeBSD
|
||||
#RMD160_ASM_OBJ= asm/rm86bsdi.o # bsdi
|
||||
|
||||
# KRB5 stuff
|
||||
KRB5_INCLUDES=
|
||||
|
||||
# When we're prepared to use shared libraries in the programs we link here
|
||||
# we might set SHLIB_MARK to '$(SHARED_LIBS)'.
|
||||
SHLIB_MARK=
|
||||
|
||||
DIRS= crypto ssl rsaref $(SHLIB_MARK) apps test tools
|
||||
DIRS= crypto ssl $(SHLIB_MARK) apps test tools
|
||||
SHLIBDIRS= crypto ssl
|
||||
|
||||
# dirs in crypto to build
|
||||
SDIRS= \
|
||||
md2 md4 md5 sha mdc2 hmac ripemd \
|
||||
des rc2 rc4 rc5 idea bf cast \
|
||||
bn rsa dsa dh dso \
|
||||
bn ec rsa dsa dh dso engine aes \
|
||||
buffer bio stack lhash rand err objects \
|
||||
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
|
||||
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5
|
||||
|
||||
# tests to perform. "alltests" is a special word indicating that all tests
|
||||
# should be performed.
|
||||
TESTS = alltests
|
||||
|
||||
MAKEFILE= Makefile.ssl
|
||||
MAKE= make -f Makefile.ssl
|
||||
@ -190,29 +203,24 @@ BASENAME= openssl
|
||||
NAME= $(BASENAME)-$(VERSION)
|
||||
TARFILE= $(NAME).tar
|
||||
WTARFILE= $(NAME)-win.tar
|
||||
EXHEADER= e_os.h e_os2.h
|
||||
EXHEADER= e_os2.h
|
||||
HEADER= e_os.h
|
||||
|
||||
# When we're prepared to use shared libraries in the programs we link here
|
||||
# we might remove 'clean-shared' from the targets to perform at this stage
|
||||
|
||||
all: clean-shared Makefile.ssl sub_all
|
||||
all: Makefile.ssl sub_all openssl.pc
|
||||
|
||||
sub_all:
|
||||
@for i in $(DIRS); \
|
||||
do \
|
||||
if [ -d "$$i" ]; then \
|
||||
(cd $$i && echo "making all in $$i..." && \
|
||||
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' all ) || exit 1; \
|
||||
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
|
||||
else \
|
||||
$(MAKE) $$i; \
|
||||
fi; \
|
||||
done; \
|
||||
if echo "$(DIRS)" | \
|
||||
egrep '(^| )(crypto|ssl)( |$$)' > /dev/null 2>&1 && \
|
||||
[ -n "$(SHARED_LIBS)" ]; then \
|
||||
$(MAKE) $(SHARED_LIBS); \
|
||||
fi
|
||||
done;
|
||||
|
||||
libcrypto$(SHLIB_EXT): libcrypto.a
|
||||
@if [ "$(SHLIB_TARGET)" != "" ]; then \
|
||||
@ -220,6 +228,7 @@ libcrypto$(SHLIB_EXT): libcrypto.a
|
||||
else \
|
||||
echo "There's no support for shared libraries on this platform" >&2; \
|
||||
fi
|
||||
|
||||
libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
|
||||
@if [ "$(SHLIB_TARGET)" != "" ]; then \
|
||||
$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
|
||||
@ -237,7 +246,7 @@ clean-shared:
|
||||
fi; \
|
||||
( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
|
||||
if [ "$(PLATFORM)" = "Cygwin" ]; then \
|
||||
( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
|
||||
( set -x; rm -f cyg$$i-$(SHLIB_VERSION_NUMBER)$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
|
||||
fi; \
|
||||
done
|
||||
|
||||
@ -269,12 +278,7 @@ do_gnu-shared:
|
||||
libs="$$libs -l$$i"; \
|
||||
done
|
||||
|
||||
DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
|
||||
collect2=`gcc -print-prog-name=collect2 2>&1` && \
|
||||
[ -n "$$collect2" ] && \
|
||||
my_ld=`$$collect2 --help 2>&1 | grep Usage: | sed 's/^Usage: *\([^ ][^ ]*\).*/\1/'` && \
|
||||
[ -n "$$my_ld" ] && \
|
||||
$$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
|
||||
DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
|
||||
|
||||
# For Darwin AKA Mac OS/X (dyld)
|
||||
do_darwin-shared:
|
||||
@ -289,7 +293,7 @@ do_darwin-shared:
|
||||
|
||||
do_cygwin-shared:
|
||||
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
|
||||
( set -x; ${CC} -shared -o cyg$$i.dll \
|
||||
( set -x; ${CC} -shared -o cyg$$i-$(SHLIB_VERSION_NUMBER).dll \
|
||||
-Wl,-Bsymbolic \
|
||||
-Wl,--whole-archive lib$$i.a \
|
||||
-Wl,--out-implib,lib$$i.dll.a \
|
||||
@ -352,10 +356,13 @@ do_solaris-shared:
|
||||
else \
|
||||
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
|
||||
( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
|
||||
set -x; ${CC} ${SHARED_LDFLAGS} \
|
||||
-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
MINUSZ='-z '; \
|
||||
(${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
|
||||
set -x; ${CC} ${SHARED_LDFLAGS} -G -dy -z text \
|
||||
-o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
-z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
|
||||
$${MINUSZ}allextract lib$$i.a $${MINUSZ}defaultextract \
|
||||
$$libs ${EX_LIBS} -lc ) || exit 1; \
|
||||
libs="$$libs -l$$i"; \
|
||||
done; \
|
||||
fi
|
||||
@ -414,26 +421,44 @@ do_irix-shared:
|
||||
fi
|
||||
|
||||
# This assumes that GNU utilities are *not* used
|
||||
# HP-UX includes the full pathname of libs we depend on, so we would get
|
||||
# ./libcrypto (with ./ as path information) compiled into libssl, hence
|
||||
# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
|
||||
# anyway.
|
||||
# The object modules are loaded from lib$i.a using the undocumented -Fl
|
||||
# option.
|
||||
#
|
||||
# WARNING: Until DSO is fixed to support a search path, we support SHLIB_PATH
|
||||
# by temporarily specifying "+s"!
|
||||
#
|
||||
do_hpux-shared:
|
||||
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
|
||||
for i in ${SHLIBDIRS}; do \
|
||||
( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
|
||||
+vnocompatwarnings \
|
||||
-b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
+vnocompatwarnings \
|
||||
-b -z +s \
|
||||
-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
-Fl lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
|
||||
chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} ; \
|
||||
libs="$$libs -L. -l$$i"; \
|
||||
-Fl lib$$i.a -ldld -lc ) || exit 1; \
|
||||
chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
|
||||
done
|
||||
|
||||
# This assumes that GNU utilities are *not* used
|
||||
# HP-UX includes the full pathname of libs we depend on, so we would get
|
||||
# ./libcrypto (with ./ as path information) compiled into libssl, hence
|
||||
# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
|
||||
# anyway.
|
||||
#
|
||||
# HP-UX in 64bit mode has "+s" enabled by default; it will search for
|
||||
# shared libraries along LD_LIBRARY_PATH _and_ SHLIB_PATH.
|
||||
#
|
||||
do_hpux64-shared:
|
||||
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
|
||||
for i in ${SHLIBDIRS}; do \
|
||||
( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
|
||||
-b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
-b -z \
|
||||
-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
+forceload lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
|
||||
chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} ; \
|
||||
libs="$$libs -L. -l$$i"; \
|
||||
+forceload lib$$i.a -ldl -lc ) || exit 1; \
|
||||
chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
|
||||
done
|
||||
|
||||
# The following method is said to work on all platforms. Tests will
|
||||
@ -479,6 +504,33 @@ do_aix-shared:
|
||||
libs="$$libs -l$$i"; \
|
||||
done
|
||||
|
||||
do_reliantunix-shared:
|
||||
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
|
||||
tmpdir=/tmp/openssl.$$$$ ; rm -rf $$tmpdir ; \
|
||||
( set -x; \
|
||||
( Opwd=`pwd` ; mkdir $$tmpdir || exit 1; \
|
||||
cd $$tmpdir || exit 1 ; ar x $$Opwd/lib$$i.a ; \
|
||||
${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} *.o \
|
||||
) || exit 1; \
|
||||
cp $$tmpdir/lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} . ; \
|
||||
) || exit 1; \
|
||||
rm -rf $$tmpdir ; \
|
||||
libs="$$libs -l$$i"; \
|
||||
done
|
||||
|
||||
openssl.pc: Makefile.ssl
|
||||
@ ( echo 'prefix=$(INSTALLTOP)'; \
|
||||
echo 'exec_prefix=$${prefix}'; \
|
||||
echo 'libdir=$${exec_prefix}/lib'; \
|
||||
echo 'includedir=$${prefix}/include'; \
|
||||
echo ''; \
|
||||
echo 'Name: OpenSSL'; \
|
||||
echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
|
||||
echo 'Version: '$(VERSION); \
|
||||
echo 'Requires: '; \
|
||||
echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
|
||||
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
|
||||
|
||||
Makefile.ssl: Makefile.org
|
||||
@echo "Makefile.ssl is older than Makefile.org."
|
||||
@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
|
||||
@ -497,6 +549,7 @@ clean:
|
||||
rm -f $(LIBS); \
|
||||
fi; \
|
||||
done;
|
||||
rm -f openssl.pc
|
||||
rm -f *.a *.o speed.* *.map *.so .pure core
|
||||
rm -f $(TARFILE)
|
||||
@for i in $(ONEDIRS) ;\
|
||||
@ -525,10 +578,14 @@ links:
|
||||
@for i in $(DIRS); do \
|
||||
if [ -d "$$i" ]; then \
|
||||
(cd $$i && echo "making links in $$i..." && \
|
||||
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \
|
||||
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' links ) || exit 1; \
|
||||
fi; \
|
||||
done;
|
||||
|
||||
gentests:
|
||||
@(cd test && echo "generating dummy tests (if needed)..." && \
|
||||
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
|
||||
|
||||
dclean:
|
||||
rm -f *.bak
|
||||
@for i in $(DIRS) ;\
|
||||
@ -541,15 +598,25 @@ dclean:
|
||||
|
||||
rehash: rehash.time
|
||||
rehash.time: certs
|
||||
@(OPENSSL="`pwd`/apps/openssl"; export OPENSSL; $(PERL) tools/c_rehash certs)
|
||||
@(OPENSSL="`pwd`/apps/openssl"; OPENSSL_DEBUG_MEMORY=on; \
|
||||
export OPENSSL OPENSSL_DEBUG_MEMORY; \
|
||||
LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
|
||||
if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH"; \
|
||||
elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
|
||||
export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
|
||||
$(PERL) tools/c_rehash certs)
|
||||
touch rehash.time
|
||||
|
||||
test: tests
|
||||
|
||||
tests: rehash
|
||||
@(cd test && echo "testing..." && \
|
||||
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' OPENSSL_DEBUG_MEMORY=on tests );
|
||||
@apps/openssl version -a
|
||||
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
|
||||
@LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
|
||||
if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH"; \
|
||||
elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
|
||||
export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
|
||||
apps/openssl version -a
|
||||
|
||||
report:
|
||||
@$(PERL) util/selftest.pl
|
||||
@ -559,7 +626,7 @@ depend:
|
||||
do \
|
||||
if [ -d "$$i" ]; then \
|
||||
(cd $$i && echo "making dependencies $$i..." && \
|
||||
$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' PERL='${PERL}' depend ) || exit 1; \
|
||||
$(MAKE) SDIRS='${SDIRS}' CFLAG='${CFLAG}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' PERL='${PERL}' depend ) || exit 1; \
|
||||
fi; \
|
||||
done;
|
||||
|
||||
@ -583,6 +650,7 @@ tags:
|
||||
|
||||
errors:
|
||||
$(PERL) util/mkerr.pl -recurse -write
|
||||
(cd crypto/engine; $(MAKE) PERL=$(PERL) errors)
|
||||
|
||||
stacks:
|
||||
$(PERL) util/mkstack.pl -write
|
||||
@ -593,9 +661,9 @@ util/libeay.num::
|
||||
util/ssleay.num::
|
||||
$(PERL) util/mkdef.pl ssl update
|
||||
|
||||
crypto/objects/obj_dat.h: crypto/objects/obj_mac.h crypto/objects/obj_dat.pl
|
||||
crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
|
||||
$(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
|
||||
crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt
|
||||
crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
|
||||
$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
|
||||
|
||||
TABLE: Configure
|
||||
@ -610,6 +678,9 @@ update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_
|
||||
# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
|
||||
# tar does not support the --files-from option.
|
||||
tar:
|
||||
find . -type d -print | xargs chmod 755
|
||||
find . -type f -print | xargs chmod a+r
|
||||
find . -type f -perm -0100 -print | xargs chmod a+x
|
||||
find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
|
||||
$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
|
||||
tardy --user_number=0 --user_name=openssl \
|
||||
@ -619,6 +690,14 @@ tar:
|
||||
rm -f ../$(TARFILE).list; \
|
||||
ls -l ../$(TARFILE).gz
|
||||
|
||||
tar-snap:
|
||||
@$(TAR) $(TARFLAGS) -cvf - \
|
||||
`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\
|
||||
tardy --user_number=0 --user_name=openssl \
|
||||
--group_number=0 --group_name=openssl \
|
||||
--prefix=openssl-$(VERSION) - > ../$(TARFILE);\
|
||||
ls -l ../$(TARFILE)
|
||||
|
||||
dist:
|
||||
$(PERL) Configure dist
|
||||
@$(MAKE) dist_pem_h
|
||||
@ -631,6 +710,7 @@ dist_pem_h:
|
||||
install: all install_docs
|
||||
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
|
||||
$(INSTALL_PREFIX)$(INSTALLTOP)/lib \
|
||||
$(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \
|
||||
$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
|
||||
$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
|
||||
$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
|
||||
@ -652,11 +732,12 @@ install: all install_docs
|
||||
do \
|
||||
if [ -f "$$i" ]; then \
|
||||
( echo installing $$i; \
|
||||
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
|
||||
$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
|
||||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
|
||||
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
|
||||
$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
|
||||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
|
||||
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
|
||||
fi; \
|
||||
done
|
||||
done;
|
||||
@if [ -n "$(SHARED_LIBS)" ]; then \
|
||||
tmp="$(SHARED_LIBS)"; \
|
||||
for i in $${tmp:-x}; \
|
||||
@ -664,14 +745,17 @@ install: all install_docs
|
||||
if [ -f "$$i" -o -f "$$i.a" ]; then \
|
||||
( echo installing $$i; \
|
||||
if [ "$(PLATFORM)" != "Cygwin" ]; then \
|
||||
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
|
||||
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
|
||||
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
|
||||
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
|
||||
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
|
||||
else \
|
||||
c=`echo $$i | sed 's/^lib/cyg/'`; \
|
||||
cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
|
||||
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
|
||||
cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
|
||||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
|
||||
c=`echo $$i | sed 's/^lib\(.*\)/cyg\1-$(SHLIB_VERSION_NUMBER)/'`; \
|
||||
cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
|
||||
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
|
||||
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
|
||||
cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
|
||||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
|
||||
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
|
||||
fi ); \
|
||||
fi; \
|
||||
done; \
|
||||
@ -680,6 +764,7 @@ install: all install_docs
|
||||
set $(MAKE); \
|
||||
$$1 -f $$here/Makefile link-shared ); \
|
||||
fi
|
||||
cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
|
||||
|
||||
install_docs:
|
||||
@$(PERL) $(TOP)/util/mkdir-p.pl \
|
||||
@ -687,26 +772,43 @@ install_docs:
|
||||
$(INSTALL_PREFIX)$(MANDIR)/man3 \
|
||||
$(INSTALL_PREFIX)$(MANDIR)/man5 \
|
||||
$(INSTALL_PREFIX)$(MANDIR)/man7
|
||||
@pod2man=`cd util; ./pod2mantest ignore`; \
|
||||
@pod2man="`cd util; ./pod2mantest $(PERL)`"; \
|
||||
here="`pwd`"; \
|
||||
filecase=; \
|
||||
if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" ]; then \
|
||||
filecase=-i; \
|
||||
fi; \
|
||||
for i in doc/apps/*.pod; do \
|
||||
fn=`basename $$i .pod`; \
|
||||
if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
|
||||
echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
|
||||
echo "installing man$$sec/$$fn.$$sec"; \
|
||||
(cd `$(PERL) util/dirname.pl $$i`; \
|
||||
sh -c "$(PERL) $$pod2man \
|
||||
sh -c "$$pod2man \
|
||||
--section=$$sec --center=OpenSSL \
|
||||
--release=$(VERSION) `basename $$i`") \
|
||||
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
|
||||
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \
|
||||
$(PERL) util/extract-names.pl < $$i | \
|
||||
grep -v $$filecase "^$$fn\$$" | \
|
||||
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
|
||||
while read n; do \
|
||||
$$here/util/point.sh $$fn.$$sec $$n.$$sec; \
|
||||
done); \
|
||||
done; \
|
||||
for i in doc/crypto/*.pod doc/ssl/*.pod; do \
|
||||
fn=`basename $$i .pod`; \
|
||||
if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
|
||||
echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
|
||||
echo "installing man$$sec/$$fn.$$sec"; \
|
||||
(cd `$(PERL) util/dirname.pl $$i`; \
|
||||
sh -c "$(PERL) $$pod2man \
|
||||
sh -c "$$pod2man \
|
||||
--section=$$sec --center=OpenSSL \
|
||||
--release=$(VERSION) `basename $$i`") \
|
||||
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
|
||||
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \
|
||||
$(PERL) util/extract-names.pl < $$i | \
|
||||
grep -v $$filecase "^$$fn\$$" | \
|
||||
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
|
||||
while read n; do \
|
||||
$$here/util/point.sh $$fn.$$sec $$n.$$sec; \
|
||||
done); \
|
||||
done
|
||||
|
||||
# DO NOT DELETE THIS LINE -- make depend depends on it.
|
||||
|
@ -4,19 +4,24 @@
|
||||
## Makefile for OpenSSL
|
||||
##
|
||||
|
||||
VERSION=0.9.6g
|
||||
VERSION=0.9.7
|
||||
MAJOR=0
|
||||
MINOR=9.6
|
||||
SHLIB_VERSION_NUMBER=0.9.6
|
||||
MINOR=9.7
|
||||
SHLIB_VERSION_NUMBER=0.9.7
|
||||
SHLIB_VERSION_HISTORY=
|
||||
SHLIB_MAJOR=0
|
||||
SHLIB_MINOR=9.6
|
||||
SHLIB_MINOR=9.7
|
||||
SHLIB_EXT=
|
||||
PLATFORM=dist
|
||||
OPTIONS=
|
||||
OPTIONS= no-krb5
|
||||
CONFIGURE_ARGS=dist
|
||||
SHLIB_TARGET=
|
||||
|
||||
# HERE indicates where this Makefile lives. This can be used to indicate
|
||||
# where sub-Makefiles are expected to be. Currently has very limited usage,
|
||||
# and should probably not be bothered with at all.
|
||||
HERE=.
|
||||
|
||||
# INSTALL_PREFIX is for package builders so that they can configure
|
||||
# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
|
||||
# Normally it is left empty.
|
||||
@ -26,7 +31,6 @@ INSTALLTOP=/usr/local/ssl
|
||||
# Do not edit this manually. Use Configure --openssldir=DIR do change this!
|
||||
OPENSSLDIR=/usr/local/ssl
|
||||
|
||||
# RSAref - Define if we are to link with RSAref.
|
||||
# NO_IDEA - Define to build without the IDEA algorithm
|
||||
# NO_RC4 - Define to build without the RC4 algorithm
|
||||
# NO_RC2 - Define to build without the RC2 algorithm
|
||||
@ -57,16 +61,18 @@ OPENSSLDIR=/usr/local/ssl
|
||||
|
||||
CC= cc
|
||||
#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
|
||||
CFLAG= -O
|
||||
CFLAG= -DOPENSSL_NO_KRB5 -O
|
||||
DEPFLAG=
|
||||
PEX_LIBS=
|
||||
EX_LIBS=
|
||||
EXE_EXT=
|
||||
AR=ar r
|
||||
ARFLAGS=
|
||||
AR=ar $(ARFLAGS) r
|
||||
RANLIB= /usr/bin/ranlib
|
||||
PERL= /usr/local/bin/perl
|
||||
TAR= tar
|
||||
TARFLAGS= --no-recursion
|
||||
MAKEDEPPROG=makedepend
|
||||
|
||||
# Set BN_ASM to bn_asm.o if you want to use the C version
|
||||
BN_ASM= bn_asm.o
|
||||
@ -153,20 +159,27 @@ RMD160_ASM_OBJ=
|
||||
#RMD160_ASM_OBJ= asm/rm86-out.o # a.out, FreeBSD
|
||||
#RMD160_ASM_OBJ= asm/rm86bsdi.o # bsdi
|
||||
|
||||
# KRB5 stuff
|
||||
KRB5_INCLUDES=
|
||||
|
||||
# When we're prepared to use shared libraries in the programs we link here
|
||||
# we might set SHLIB_MARK to '$(SHARED_LIBS)'.
|
||||
SHLIB_MARK=
|
||||
|
||||
DIRS= crypto ssl rsaref $(SHLIB_MARK) apps test tools
|
||||
DIRS= crypto ssl $(SHLIB_MARK) apps test tools
|
||||
SHLIBDIRS= crypto ssl
|
||||
|
||||
# dirs in crypto to build
|
||||
SDIRS= \
|
||||
md2 md4 md5 sha mdc2 hmac ripemd \
|
||||
des rc2 rc4 rc5 idea bf cast \
|
||||
bn rsa dsa dh dso \
|
||||
bn ec rsa dsa dh dso engine aes \
|
||||
buffer bio stack lhash rand err objects \
|
||||
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
|
||||
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5
|
||||
|
||||
# tests to perform. "alltests" is a special word indicating that all tests
|
||||
# should be performed.
|
||||
TESTS = alltests
|
||||
|
||||
MAKEFILE= Makefile.ssl
|
||||
MAKE= make -f Makefile.ssl
|
||||
@ -192,29 +205,24 @@ BASENAME= openssl
|
||||
NAME= $(BASENAME)-$(VERSION)
|
||||
TARFILE= $(NAME).tar
|
||||
WTARFILE= $(NAME)-win.tar
|
||||
EXHEADER= e_os.h e_os2.h
|
||||
EXHEADER= e_os2.h
|
||||
HEADER= e_os.h
|
||||
|
||||
# When we're prepared to use shared libraries in the programs we link here
|
||||
# we might remove 'clean-shared' from the targets to perform at this stage
|
||||
|
||||
all: clean-shared Makefile.ssl sub_all
|
||||
all: Makefile.ssl sub_all openssl.pc
|
||||
|
||||
sub_all:
|
||||
@for i in $(DIRS); \
|
||||
do \
|
||||
if [ -d "$$i" ]; then \
|
||||
(cd $$i && echo "making all in $$i..." && \
|
||||
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' all ) || exit 1; \
|
||||
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
|
||||
else \
|
||||
$(MAKE) $$i; \
|
||||
fi; \
|
||||
done; \
|
||||
if echo "$(DIRS)" | \
|
||||
egrep '(^| )(crypto|ssl)( |$$)' > /dev/null 2>&1 && \
|
||||
[ -n "$(SHARED_LIBS)" ]; then \
|
||||
$(MAKE) $(SHARED_LIBS); \
|
||||
fi
|
||||
done;
|
||||
|
||||
libcrypto$(SHLIB_EXT): libcrypto.a
|
||||
@if [ "$(SHLIB_TARGET)" != "" ]; then \
|
||||
@ -222,6 +230,7 @@ libcrypto$(SHLIB_EXT): libcrypto.a
|
||||
else \
|
||||
echo "There's no support for shared libraries on this platform" >&2; \
|
||||
fi
|
||||
|
||||
libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
|
||||
@if [ "$(SHLIB_TARGET)" != "" ]; then \
|
||||
$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
|
||||
@ -239,7 +248,7 @@ clean-shared:
|
||||
fi; \
|
||||
( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
|
||||
if [ "$(PLATFORM)" = "Cygwin" ]; then \
|
||||
( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
|
||||
( set -x; rm -f cyg$$i-$(SHLIB_VERSION_NUMBER)$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
|
||||
fi; \
|
||||
done
|
||||
|
||||
@ -271,12 +280,7 @@ do_gnu-shared:
|
||||
libs="$$libs -l$$i"; \
|
||||
done
|
||||
|
||||
DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
|
||||
collect2=`gcc -print-prog-name=collect2 2>&1` && \
|
||||
[ -n "$$collect2" ] && \
|
||||
my_ld=`$$collect2 --help 2>&1 | grep Usage: | sed 's/^Usage: *\([^ ][^ ]*\).*/\1/'` && \
|
||||
[ -n "$$my_ld" ] && \
|
||||
$$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
|
||||
DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
|
||||
|
||||
# For Darwin AKA Mac OS/X (dyld)
|
||||
do_darwin-shared:
|
||||
@ -291,7 +295,7 @@ do_darwin-shared:
|
||||
|
||||
do_cygwin-shared:
|
||||
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
|
||||
( set -x; ${CC} -shared -o cyg$$i.dll \
|
||||
( set -x; ${CC} -shared -o cyg$$i-$(SHLIB_VERSION_NUMBER).dll \
|
||||
-Wl,-Bsymbolic \
|
||||
-Wl,--whole-archive lib$$i.a \
|
||||
-Wl,--out-implib,lib$$i.dll.a \
|
||||
@ -354,10 +358,13 @@ do_solaris-shared:
|
||||
else \
|
||||
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
|
||||
( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
|
||||
set -x; ${CC} ${SHARED_LDFLAGS} \
|
||||
-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
MINUSZ='-z '; \
|
||||
(${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
|
||||
set -x; ${CC} ${SHARED_LDFLAGS} -G -dy -z text \
|
||||
-o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
-z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
|
||||
$${MINUSZ}allextract lib$$i.a $${MINUSZ}defaultextract \
|
||||
$$libs ${EX_LIBS} -lc ) || exit 1; \
|
||||
libs="$$libs -l$$i"; \
|
||||
done; \
|
||||
fi
|
||||
@ -416,26 +423,44 @@ do_irix-shared:
|
||||
fi
|
||||
|
||||
# This assumes that GNU utilities are *not* used
|
||||
# HP-UX includes the full pathname of libs we depend on, so we would get
|
||||
# ./libcrypto (with ./ as path information) compiled into libssl, hence
|
||||
# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
|
||||
# anyway.
|
||||
# The object modules are loaded from lib$i.a using the undocumented -Fl
|
||||
# option.
|
||||
#
|
||||
# WARNING: Until DSO is fixed to support a search path, we support SHLIB_PATH
|
||||
# by temporarily specifying "+s"!
|
||||
#
|
||||
do_hpux-shared:
|
||||
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
|
||||
for i in ${SHLIBDIRS}; do \
|
||||
( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
|
||||
+vnocompatwarnings \
|
||||
-b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
+vnocompatwarnings \
|
||||
-b -z +s \
|
||||
-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
-Fl lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
|
||||
chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} ; \
|
||||
libs="$$libs -L. -l$$i"; \
|
||||
-Fl lib$$i.a -ldld -lc ) || exit 1; \
|
||||
chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
|
||||
done
|
||||
|
||||
# This assumes that GNU utilities are *not* used
|
||||
# HP-UX includes the full pathname of libs we depend on, so we would get
|
||||
# ./libcrypto (with ./ as path information) compiled into libssl, hence
|
||||
# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
|
||||
# anyway.
|
||||
#
|
||||
# HP-UX in 64bit mode has "+s" enabled by default; it will search for
|
||||
# shared libraries along LD_LIBRARY_PATH _and_ SHLIB_PATH.
|
||||
#
|
||||
do_hpux64-shared:
|
||||
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
|
||||
for i in ${SHLIBDIRS}; do \
|
||||
( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
|
||||
-b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
-b -z \
|
||||
-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
+forceload lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
|
||||
chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} ; \
|
||||
libs="$$libs -L. -l$$i"; \
|
||||
+forceload lib$$i.a -ldl -lc ) || exit 1; \
|
||||
chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
|
||||
done
|
||||
|
||||
# The following method is said to work on all platforms. Tests will
|
||||
@ -481,6 +506,33 @@ do_aix-shared:
|
||||
libs="$$libs -l$$i"; \
|
||||
done
|
||||
|
||||
do_reliantunix-shared:
|
||||
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
|
||||
tmpdir=/tmp/openssl.$$$$ ; rm -rf $$tmpdir ; \
|
||||
( set -x; \
|
||||
( Opwd=`pwd` ; mkdir $$tmpdir || exit 1; \
|
||||
cd $$tmpdir || exit 1 ; ar x $$Opwd/lib$$i.a ; \
|
||||
${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} *.o \
|
||||
) || exit 1; \
|
||||
cp $$tmpdir/lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} . ; \
|
||||
) || exit 1; \
|
||||
rm -rf $$tmpdir ; \
|
||||
libs="$$libs -l$$i"; \
|
||||
done
|
||||
|
||||
openssl.pc: Makefile.ssl
|
||||
@ ( echo 'prefix=$(INSTALLTOP)'; \
|
||||
echo 'exec_prefix=$${prefix}'; \
|
||||
echo 'libdir=$${exec_prefix}/lib'; \
|
||||
echo 'includedir=$${prefix}/include'; \
|
||||
echo ''; \
|
||||
echo 'Name: OpenSSL'; \
|
||||
echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
|
||||
echo 'Version: '$(VERSION); \
|
||||
echo 'Requires: '; \
|
||||
echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
|
||||
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
|
||||
|
||||
Makefile.ssl: Makefile.org
|
||||
@echo "Makefile.ssl is older than Makefile.org."
|
||||
@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
|
||||
@ -499,6 +551,7 @@ clean:
|
||||
rm -f $(LIBS); \
|
||||
fi; \
|
||||
done;
|
||||
rm -f openssl.pc
|
||||
rm -f *.a *.o speed.* *.map *.so .pure core
|
||||
rm -f $(TARFILE)
|
||||
@for i in $(ONEDIRS) ;\
|
||||
@ -527,10 +580,14 @@ links:
|
||||
@for i in $(DIRS); do \
|
||||
if [ -d "$$i" ]; then \
|
||||
(cd $$i && echo "making links in $$i..." && \
|
||||
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \
|
||||
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' links ) || exit 1; \
|
||||
fi; \
|
||||
done;
|
||||
|
||||
gentests:
|
||||
@(cd test && echo "generating dummy tests (if needed)..." && \
|
||||
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
|
||||
|
||||
dclean:
|
||||
rm -f *.bak
|
||||
@for i in $(DIRS) ;\
|
||||
@ -543,15 +600,25 @@ dclean:
|
||||
|
||||
rehash: rehash.time
|
||||
rehash.time: certs
|
||||
@(OPENSSL="`pwd`/apps/openssl"; export OPENSSL; $(PERL) tools/c_rehash certs)
|
||||
@(OPENSSL="`pwd`/apps/openssl"; OPENSSL_DEBUG_MEMORY=on; \
|
||||
export OPENSSL OPENSSL_DEBUG_MEMORY; \
|
||||
LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
|
||||
if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH"; \
|
||||
elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
|
||||
export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
|
||||
$(PERL) tools/c_rehash certs)
|
||||
touch rehash.time
|
||||
|
||||
test: tests
|
||||
|
||||
tests: rehash
|
||||
@(cd test && echo "testing..." && \
|
||||
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' OPENSSL_DEBUG_MEMORY=on tests );
|
||||
@apps/openssl version -a
|
||||
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
|
||||
@LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
|
||||
if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH"; \
|
||||
elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
|
||||
export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
|
||||
apps/openssl version -a
|
||||
|
||||
report:
|
||||
@$(PERL) util/selftest.pl
|
||||
@ -561,7 +628,7 @@ depend:
|
||||
do \
|
||||
if [ -d "$$i" ]; then \
|
||||
(cd $$i && echo "making dependencies $$i..." && \
|
||||
$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' PERL='${PERL}' depend ) || exit 1; \
|
||||
$(MAKE) SDIRS='${SDIRS}' CFLAG='${CFLAG}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' PERL='${PERL}' depend ) || exit 1; \
|
||||
fi; \
|
||||
done;
|
||||
|
||||
@ -585,6 +652,7 @@ tags:
|
||||
|
||||
errors:
|
||||
$(PERL) util/mkerr.pl -recurse -write
|
||||
(cd crypto/engine; $(MAKE) PERL=$(PERL) errors)
|
||||
|
||||
stacks:
|
||||
$(PERL) util/mkstack.pl -write
|
||||
@ -595,9 +663,9 @@ util/libeay.num::
|
||||
util/ssleay.num::
|
||||
$(PERL) util/mkdef.pl ssl update
|
||||
|
||||
crypto/objects/obj_dat.h: crypto/objects/obj_mac.h crypto/objects/obj_dat.pl
|
||||
crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
|
||||
$(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
|
||||
crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt
|
||||
crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
|
||||
$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
|
||||
|
||||
TABLE: Configure
|
||||
@ -612,6 +680,9 @@ update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_
|
||||
# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
|
||||
# tar does not support the --files-from option.
|
||||
tar:
|
||||
find . -type d -print | xargs chmod 755
|
||||
find . -type f -print | xargs chmod a+r
|
||||
find . -type f -perm -0100 -print | xargs chmod a+x
|
||||
find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
|
||||
$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
|
||||
tardy --user_number=0 --user_name=openssl \
|
||||
@ -621,6 +692,14 @@ tar:
|
||||
rm -f ../$(TARFILE).list; \
|
||||
ls -l ../$(TARFILE).gz
|
||||
|
||||
tar-snap:
|
||||
@$(TAR) $(TARFLAGS) -cvf - \
|
||||
`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\
|
||||
tardy --user_number=0 --user_name=openssl \
|
||||
--group_number=0 --group_name=openssl \
|
||||
--prefix=openssl-$(VERSION) - > ../$(TARFILE);\
|
||||
ls -l ../$(TARFILE)
|
||||
|
||||
dist:
|
||||
$(PERL) Configure dist
|
||||
@$(MAKE) dist_pem_h
|
||||
@ -633,6 +712,7 @@ dist_pem_h:
|
||||
install: all install_docs
|
||||
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
|
||||
$(INSTALL_PREFIX)$(INSTALLTOP)/lib \
|
||||
$(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \
|
||||
$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
|
||||
$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
|
||||
$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
|
||||
@ -654,11 +734,12 @@ install: all install_docs
|
||||
do \
|
||||
if [ -f "$$i" ]; then \
|
||||
( echo installing $$i; \
|
||||
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
|
||||
$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
|
||||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
|
||||
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
|
||||
$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
|
||||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
|
||||
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
|
||||
fi; \
|
||||
done
|
||||
done;
|
||||
@if [ -n "$(SHARED_LIBS)" ]; then \
|
||||
tmp="$(SHARED_LIBS)"; \
|
||||
for i in $${tmp:-x}; \
|
||||
@ -666,14 +747,17 @@ install: all install_docs
|
||||
if [ -f "$$i" -o -f "$$i.a" ]; then \
|
||||
( echo installing $$i; \
|
||||
if [ "$(PLATFORM)" != "Cygwin" ]; then \
|
||||
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
|
||||
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
|
||||
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
|
||||
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
|
||||
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
|
||||
else \
|
||||
c=`echo $$i | sed 's/^lib/cyg/'`; \
|
||||
cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
|
||||
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
|
||||
cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
|
||||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
|
||||
c=`echo $$i | sed 's/^lib\(.*\)/cyg\1-$(SHLIB_VERSION_NUMBER)/'`; \
|
||||
cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
|
||||
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
|
||||
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
|
||||
cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
|
||||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
|
||||
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
|
||||
fi ); \
|
||||
fi; \
|
||||
done; \
|
||||
@ -682,6 +766,7 @@ install: all install_docs
|
||||
set $(MAKE); \
|
||||
$$1 -f $$here/Makefile link-shared ); \
|
||||
fi
|
||||
cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
|
||||
|
||||
install_docs:
|
||||
@$(PERL) $(TOP)/util/mkdir-p.pl \
|
||||
@ -689,26 +774,43 @@ install_docs:
|
||||
$(INSTALL_PREFIX)$(MANDIR)/man3 \
|
||||
$(INSTALL_PREFIX)$(MANDIR)/man5 \
|
||||
$(INSTALL_PREFIX)$(MANDIR)/man7
|
||||
@pod2man=`cd util; ./pod2mantest ignore`; \
|
||||
@pod2man="`cd util; ./pod2mantest $(PERL)`"; \
|
||||
here="`pwd`"; \
|
||||
filecase=; \
|
||||
if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" ]; then \
|
||||
filecase=-i; \
|
||||
fi; \
|
||||
for i in doc/apps/*.pod; do \
|
||||
fn=`basename $$i .pod`; \
|
||||
if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
|
||||
echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
|
||||
echo "installing man$$sec/$$fn.$$sec"; \
|
||||
(cd `$(PERL) util/dirname.pl $$i`; \
|
||||
sh -c "$(PERL) $$pod2man \
|
||||
sh -c "$$pod2man \
|
||||
--section=$$sec --center=OpenSSL \
|
||||
--release=$(VERSION) `basename $$i`") \
|
||||
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
|
||||
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \
|
||||
$(PERL) util/extract-names.pl < $$i | \
|
||||
grep -v $$filecase "^$$fn\$$" | \
|
||||
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
|
||||
while read n; do \
|
||||
$$here/util/point.sh $$fn.$$sec $$n.$$sec; \
|
||||
done); \
|
||||
done; \
|
||||
for i in doc/crypto/*.pod doc/ssl/*.pod; do \
|
||||
fn=`basename $$i .pod`; \
|
||||
if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
|
||||
echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
|
||||
echo "installing man$$sec/$$fn.$$sec"; \
|
||||
(cd `$(PERL) util/dirname.pl $$i`; \
|
||||
sh -c "$(PERL) $$pod2man \
|
||||
sh -c "$$pod2man \
|
||||
--section=$$sec --center=OpenSSL \
|
||||
--release=$(VERSION) `basename $$i`") \
|
||||
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
|
||||
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \
|
||||
$(PERL) util/extract-names.pl < $$i | \
|
||||
grep -v $$filecase "^$$fn\$$" | \
|
||||
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
|
||||
while read n; do \
|
||||
$$here/util/point.sh $$fn.$$sec $$n.$$sec; \
|
||||
done); \
|
||||
done
|
||||
|
||||
# DO NOT DELETE THIS LINE -- make depend depends on it.
|
||||
|
@ -5,6 +5,66 @@
|
||||
This file gives a brief overview of the major changes between each OpenSSL
|
||||
release. For more details please read the CHANGES file.
|
||||
|
||||
Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7:
|
||||
|
||||
o New library section OCSP.
|
||||
o Complete rewrite of ASN1 code.
|
||||
o CRL checking in verify code and openssl utility.
|
||||
o Extension copying in 'ca' utility.
|
||||
o Flexible display options in 'ca' utility.
|
||||
o Provisional support for international characters with UTF8.
|
||||
o Support for external crypto devices ('engine') is no longer
|
||||
a separate distribution.
|
||||
o New elliptic curve library section.
|
||||
o New AES (Rijndael) library section.
|
||||
o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit,
|
||||
Linux x86_64, Linux 64-bit on Sparc v9
|
||||
o Extended support for some platforms: VxWorks
|
||||
o Enhanced support for shared libraries.
|
||||
o Now only builds PIC code when shared library support is requested.
|
||||
o Support for pkg-config.
|
||||
o Lots of new manuals.
|
||||
o Makes symbolic links to or copies of manuals to cover all described
|
||||
functions.
|
||||
o Change DES API to clean up the namespace (some applications link also
|
||||
against libdes providing similar functions having the same name).
|
||||
Provide macros for backward compatibility (will be removed in the
|
||||
future).
|
||||
o Unify handling of cryptographic algorithms (software and engine)
|
||||
to be available via EVP routines for asymmetric and symmetric ciphers.
|
||||
o NCONF: new configuration handling routines.
|
||||
o Change API to use more 'const' modifiers to improve error checking
|
||||
and help optimizers.
|
||||
o Finally remove references to RSAref.
|
||||
o Reworked parts of the BIGNUM code.
|
||||
o Support for new engines: Broadcom ubsec, Accelerated Encryption
|
||||
Processing, IBM 4758.
|
||||
o A few new engines added in the demos area.
|
||||
o Extended and corrected OID (object identifier) table.
|
||||
o PRNG: query at more locations for a random device, automatic query for
|
||||
EGD style random sources at several locations.
|
||||
o SSL/TLS: allow optional cipher choice according to server's preference.
|
||||
o SSL/TLS: allow server to explicitly set new session ids.
|
||||
o SSL/TLS: support Kerberos cipher suites (RFC2712).
|
||||
Only supports MIT Kerberos for now.
|
||||
o SSL/TLS: allow more precise control of renegotiations and sessions.
|
||||
o SSL/TLS: add callback to retrieve SSL/TLS messages.
|
||||
o SSL/TLS: support AES cipher suites (RFC3268).
|
||||
|
||||
Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h:
|
||||
|
||||
o New configuration targets for Tandem OSS and A/UX.
|
||||
o New OIDs for Microsoft attributes.
|
||||
o Better handling of SSL session caching.
|
||||
o Better comparison of distinguished names.
|
||||
o Better handling of shared libraries in a mixed GNU/non-GNU environment.
|
||||
o Support assembler code with Borland C.
|
||||
o Fixes for length problems.
|
||||
o Fixes for uninitialised variables.
|
||||
o Fixes for memory leaks, some unusual crashes and some race conditions.
|
||||
o Fixes for smaller building problems.
|
||||
o Updates of manuals, FAQ and other instructive documents.
|
||||
|
||||
Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g:
|
||||
|
||||
o Important building fixes on Unix.
|
||||
|
@ -1,5 +1,11 @@
|
||||
* System libcrypto.dylib and libssl.dylib are used by system ld on MacOS X.
|
||||
[NOTE: This is currently undergoing tests, and may be removed soon]
|
||||
|
||||
|
||||
NOTE: The problem described here only applies when OpenSSL isn't built
|
||||
with shared library support (i.e. without the "shared" configuration
|
||||
option). If you build with shared library support, you will have no
|
||||
problems as long as you set up DYLD_LIBRARY_PATH properly at all times.
|
||||
|
||||
|
||||
This is really a misfeature in ld, which seems to look for .dylib libraries
|
||||
along the whole library path before it bothers looking for .a libraries. This
|
||||
@ -40,3 +46,27 @@ scripts use the same name for output and input files, which means different
|
||||
will interfere with each other and lead to test failure.
|
||||
|
||||
The solution is simple for now: don't run parallell make when testing.
|
||||
|
||||
|
||||
* Bugs in gcc 3.0 triggered
|
||||
|
||||
According to a problem report, there are bugs in gcc 3.0 that are
|
||||
triggered by some of the code in OpenSSL, more specifically in
|
||||
PEM_get_EVP_CIPHER_INFO(). The triggering code is the following:
|
||||
|
||||
header+=11;
|
||||
if (*header != '4') return(0); header++;
|
||||
if (*header != ',') return(0); header++;
|
||||
|
||||
What happens is that gcc might optimize a little too agressively, and
|
||||
you end up with an extra incrementation when *header != '4'.
|
||||
|
||||
We recommend that you upgrade gcc to as high a 3.x version as you can.
|
||||
|
||||
* solaris64-sparcv9-cc SHA-1 performance with WorkShop 6 compiler.
|
||||
|
||||
As subject suggests SHA-1 might perform poorly (4 times slower)
|
||||
if compiled with WorkShop 6 compiler and -xarch=v9. The cause for
|
||||
this seems to be the fact that compiler emits multiplication to
|
||||
perform shift operations:-( To work the problem around configure
|
||||
with './Configure solaris64-sparcv9-cc -DMD32_REG_T=int'.
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
OpenSSL 0.9.6g 9 August 2002
|
||||
OpenSSL 0.9.7 31 Dec 2002
|
||||
|
||||
Copyright (c) 1998-2002 The OpenSSL Project
|
||||
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
|
||||
@ -154,7 +154,7 @@
|
||||
- Stack Traceback (if the application dumps core)
|
||||
|
||||
Report the bug to the OpenSSL project via the Request Tracker
|
||||
(http://www.openssl.org/rt2.html) by mail to:
|
||||
(http://www.openssl.org/support/rt2.html) by mail to:
|
||||
|
||||
openssl-bugs@openssl.org
|
||||
|
||||
|
187
crypto/openssl/README.ASN1
Normal file
187
crypto/openssl/README.ASN1
Normal file
@ -0,0 +1,187 @@
|
||||
|
||||
OpenSSL ASN1 Revision
|
||||
=====================
|
||||
|
||||
This document describes some of the issues relating to the new ASN1 code.
|
||||
|
||||
Previous OpenSSL ASN1 problems
|
||||
=============================
|
||||
|
||||
OK why did the OpenSSL ASN1 code need revising in the first place? Well
|
||||
there are lots of reasons some of which are included below...
|
||||
|
||||
1. The code is difficult to read and write. For every single ASN1 structure
|
||||
(e.g. SEQUENCE) four functions need to be written for new, free, encode and
|
||||
decode operations. This is a very painful and error prone operation. Very few
|
||||
people have ever written any OpenSSL ASN1 and those that have usually wish
|
||||
they hadn't.
|
||||
|
||||
2. Partly because of 1. the code is bloated and takes up a disproportionate
|
||||
amount of space. The SEQUENCE encoder is particularly bad: it essentially
|
||||
contains two copies of the same operation, one to compute the SEQUENCE length
|
||||
and the other to encode it.
|
||||
|
||||
3. The code is memory based: that is it expects to be able to read the whole
|
||||
structure from memory. This is fine for small structures but if you have a
|
||||
(say) 1Gb PKCS#7 signedData structure it isn't such a good idea...
|
||||
|
||||
4. The code for the ASN1 IMPLICIT tag is evil. It is handled by temporarily
|
||||
changing the tag to the expected one, attempting to read it, then changing it
|
||||
back again. This means that decode buffers have to be writable even though they
|
||||
are ultimately unchanged. This gets in the way of constification.
|
||||
|
||||
5. The handling of EXPLICIT isn't much better. It adds a chunk of code into
|
||||
the decoder and encoder for every EXPLICIT tag.
|
||||
|
||||
6. APPLICATION and PRIVATE tags aren't even supported at all.
|
||||
|
||||
7. Even IMPLICIT isn't complete: there is no support for implicitly tagged
|
||||
types that are not OPTIONAL.
|
||||
|
||||
8. Much of the code assumes that a tag will fit in a single octet. This is
|
||||
only true if the tag is 30 or less (mercifully tags over 30 are rare).
|
||||
|
||||
9. The ASN1 CHOICE type has to be largely handled manually, there aren't any
|
||||
macros that properly support it.
|
||||
|
||||
10. Encoders have no concept of OPTIONAL and have no error checking. If the
|
||||
passed structure contains a NULL in a mandatory field it will not be encoded,
|
||||
resulting in an invalid structure.
|
||||
|
||||
11. It is tricky to add ASN1 encoders and decoders to external applications.
|
||||
|
||||
Template model
|
||||
==============
|
||||
|
||||
One of the major problems with revision is the sheer volume of the ASN1 code.
|
||||
Attempts to change (for example) the IMPLICIT behaviour would result in a
|
||||
modification of *every* single decode function.
|
||||
|
||||
I decided to adopt a template based approach. I'm using the term 'template'
|
||||
in a manner similar to SNACC templates: it has nothing to do with C++
|
||||
templates.
|
||||
|
||||
A template is a description of an ASN1 module as several constant C structures.
|
||||
It describes in a machine readable way exactly how the ASN1 structure should
|
||||
behave. If this template contains enough detail then it is possible to write
|
||||
versions of new, free, encode, decode (and possibly others operations) that
|
||||
operate on templates.
|
||||
|
||||
Instead of having to write code to handle each operation only a single
|
||||
template needs to be written. If new operations are needed (such as a 'print'
|
||||
operation) only a single new template based function needs to be written
|
||||
which will then automatically handle all existing templates.
|
||||
|
||||
Plans for revision
|
||||
==================
|
||||
|
||||
The revision will consist of the following steps. Other than the first two
|
||||
these can be handled in any order.
|
||||
|
||||
o Design and write template new, free, encode and decode operations, initially
|
||||
memory based. *DONE*
|
||||
|
||||
o Convert existing ASN1 code to template form. *IN PROGRESS*
|
||||
|
||||
o Convert an existing ASN1 compiler (probably SNACC) to output templates
|
||||
in OpenSSL form.
|
||||
|
||||
o Add support for BIO based ASN1 encoders and decoders to handle large
|
||||
structures, initially blocking I/O.
|
||||
|
||||
o Add support for non blocking I/O: this is quite a bit harder than blocking
|
||||
I/O.
|
||||
|
||||
o Add new ASN1 structures, such as OCSP, CRMF, S/MIME v3 (CMS), attribute
|
||||
certificates etc etc.
|
||||
|
||||
Description of major changes
|
||||
============================
|
||||
|
||||
The BOOLEAN type now takes three values. 0xff is TRUE, 0 is FALSE and -1 is
|
||||
absent. The meaning of absent depends on the context. If for example the
|
||||
boolean type is DEFAULT FALSE (as in the case of the critical flag for
|
||||
certificate extensions) then -1 is FALSE, if DEFAULT TRUE then -1 is TRUE.
|
||||
Usually the value will only ever be read via an API which will hide this from
|
||||
an application.
|
||||
|
||||
There is an evil bug in the old ASN1 code that mishandles OPTIONAL with
|
||||
SEQUENCE OF or SET OF. These are both implemented as a STACK structure. The
|
||||
old code would omit the structure if the STACK was NULL (which is fine) or if
|
||||
it had zero elements (which is NOT OK). This causes problems because an empty
|
||||
SEQUENCE OF or SET OF will result in an empty STACK when it is decoded but when
|
||||
it is encoded it will be omitted resulting in different encodings. The new code
|
||||
only omits the encoding if the STACK is NULL, if it contains zero elements it
|
||||
is encoded and empty. There is an additional problem though: because an empty
|
||||
STACK was omitted, sometimes the corresponding *_new() function would
|
||||
initialize the STACK to empty so an application could immediately use it, if
|
||||
this is done with the new code (i.e. a NULL) it wont work. Therefore a new
|
||||
STACK should be allocated first. One instance of this is the X509_CRL list of
|
||||
revoked certificates: a helper function X509_CRL_add0_revoked() has been added
|
||||
for this purpose.
|
||||
|
||||
The X509_ATTRIBUTE structure used to have an element called 'set' which took
|
||||
the value 1 if the attribute value was a SET OF or 0 if it was a single. Due
|
||||
to the behaviour of CHOICE in the new code this has been changed to a field
|
||||
called 'single' which is 0 for a SET OF and 1 for single. The old field has
|
||||
been deleted to deliberately break source compatibility. Since this structure
|
||||
is normally accessed via higher level functions this shouldn't break too much.
|
||||
|
||||
The X509_REQ_INFO certificate request info structure no longer has a field
|
||||
called 'req_kludge'. This used to be set to 1 if the attributes field was
|
||||
(incorrectly) omitted. You can check to see if the field is omitted now by
|
||||
checking if the attributes field is NULL. Similarly if you need to omit
|
||||
the field then free attributes and set it to NULL.
|
||||
|
||||
The top level 'detached' field in the PKCS7 structure is no longer set when
|
||||
a PKCS#7 structure is read in. PKCS7_is_detached() should be called instead.
|
||||
The behaviour of PKCS7_get_detached() is unaffected.
|
||||
|
||||
The values of 'type' in the GENERAL_NAME structure have changed. This is
|
||||
because the old code use the ASN1 initial octet as the selector. The new
|
||||
code uses the index in the ASN1_CHOICE template.
|
||||
|
||||
The DIST_POINT_NAME structure has changed to be a true CHOICE type.
|
||||
|
||||
typedef struct DIST_POINT_NAME_st {
|
||||
int type;
|
||||
union {
|
||||
STACK_OF(GENERAL_NAME) *fullname;
|
||||
STACK_OF(X509_NAME_ENTRY) *relativename;
|
||||
} name;
|
||||
} DIST_POINT_NAME;
|
||||
|
||||
This means that name.fullname or name.relativename should be set
|
||||
and type reflects the option. That is if name.fullname is set then
|
||||
type is 0 and if name.relativename is set type is 1.
|
||||
|
||||
With the old code using the i2d functions would typically involve:
|
||||
|
||||
unsigned char *buf, *p;
|
||||
int len;
|
||||
/* Find length of encoding */
|
||||
len = i2d_SOMETHING(x, NULL);
|
||||
/* Allocate buffer */
|
||||
buf = OPENSSL_malloc(len);
|
||||
if(buf == NULL) {
|
||||
/* Malloc error */
|
||||
}
|
||||
/* Use temp variable because &p gets updated to point to end of
|
||||
* encoding.
|
||||
*/
|
||||
p = buf;
|
||||
i2d_SOMETHING(x, &p);
|
||||
|
||||
|
||||
Using the new i2d you can also do:
|
||||
|
||||
unsigned char *buf = NULL;
|
||||
int len;
|
||||
len = i2d_SOMETHING(x, &buf);
|
||||
if(len < 0) {
|
||||
/* Malloc error */
|
||||
}
|
||||
|
||||
and it will automatically allocate and populate a buffer with the
|
||||
encoding. After this call 'buf' will point to the start of the
|
||||
encoding which is len bytes long.
|
@ -1,63 +1,289 @@
|
||||
|
||||
ENGINE
|
||||
======
|
||||
|
||||
With OpenSSL 0.9.6, a new component has been added to support external
|
||||
crypto devices, for example accelerator cards. The component is called
|
||||
ENGINE, and has still a pretty experimental status and almost no
|
||||
documentation. It's designed to be fairly easily extensible by the
|
||||
calling programs.
|
||||
With OpenSSL 0.9.6, a new component was added to support alternative
|
||||
cryptography implementations, most commonly for interfacing with external
|
||||
crypto devices (eg. accelerator cards). This component is called ENGINE,
|
||||
and its presence in OpenSSL 0.9.6 (and subsequent bug-fix releases)
|
||||
caused a little confusion as 0.9.6** releases were rolled in two
|
||||
versions, a "standard" and an "engine" version. In development for 0.9.7,
|
||||
the ENGINE code has been merged into the main branch and will be present
|
||||
in the standard releases from 0.9.7 forwards.
|
||||
|
||||
There's currently built-in support for the following crypto devices:
|
||||
There are currently built-in ENGINE implementations for the following
|
||||
crypto devices:
|
||||
|
||||
o CryptoSwift
|
||||
o Compaq Atalla
|
||||
o nCipher CHIL
|
||||
o Nuron
|
||||
o Broadcom uBSec
|
||||
|
||||
A number of things are still needed and are being worked on:
|
||||
In addition, dynamic binding to external ENGINE implementations is now
|
||||
provided by a special ENGINE called "dynamic". See the "DYNAMIC ENGINE"
|
||||
section below for details.
|
||||
|
||||
o An openssl utility command to handle or at least check available
|
||||
engines.
|
||||
o A better way of handling the methods that are handled by the
|
||||
engines.
|
||||
o Documentation!
|
||||
At this stage, a number of things are still needed and are being worked on:
|
||||
|
||||
1 Integration of EVP support.
|
||||
2 Configuration support.
|
||||
3 Documentation!
|
||||
|
||||
1 With respect to EVP, this relates to support for ciphers and digests in
|
||||
the ENGINE model so that alternative implementations of existing
|
||||
algorithms/modes (or previously unimplemented ones) can be provided by
|
||||
ENGINE implementations.
|
||||
|
||||
2 Configuration support currently exists in the ENGINE API itself, in the
|
||||
form of "control commands". These allow an application to expose to the
|
||||
user/admin the set of commands and parameter types a given ENGINE
|
||||
implementation supports, and for an application to directly feed string
|
||||
based input to those ENGINEs, in the form of name-value pairs. This is an
|
||||
extensible way for ENGINEs to define their own "configuration" mechanisms
|
||||
that are specific to a given ENGINE (eg. for a particular hardware
|
||||
device) but that should be consistent across *all* OpenSSL-based
|
||||
applications when they use that ENGINE. Work is in progress (or at least
|
||||
in planning) for supporting these control commands from the CONF (or
|
||||
NCONF) code so that applications using OpenSSL's existing configuration
|
||||
file format can have ENGINE settings specified in much the same way.
|
||||
Presently however, applications must use the ENGINE API itself to provide
|
||||
such functionality. To see first hand the types of commands available
|
||||
with the various compiled-in ENGINEs (see further down for dynamic
|
||||
ENGINEs), use the "engine" openssl utility with full verbosity, ie;
|
||||
openssl engine -vvvv
|
||||
|
||||
3 Documentation? Volunteers welcome! The source code is reasonably well
|
||||
self-documenting, but some summaries and usage instructions are needed -
|
||||
moreover, they are needed in the same POD format the existing OpenSSL
|
||||
documentation is provided in. Any complete or incomplete contributions
|
||||
would help make this happen.
|
||||
|
||||
STABILITY & BUG-REPORTS
|
||||
=======================
|
||||
|
||||
What already exists is fairly stable as far as it has been tested, but
|
||||
the test base has been a bit small most of the time.
|
||||
the test base has been a bit small most of the time. For the most part,
|
||||
the vendors of the devices these ENGINEs support have contributed to the
|
||||
development and/or testing of the implementations, and *usually* (with no
|
||||
guarantees) have experience in using the ENGINE support to drive their
|
||||
devices from common OpenSSL-based applications. Bugs and/or inexplicable
|
||||
behaviour in using a specific ENGINE implementation should be sent to the
|
||||
author of that implementation (if it is mentioned in the corresponding C
|
||||
file), and in the case of implementations for commercial hardware
|
||||
devices, also through whatever vendor support channels are available. If
|
||||
none of this is possible, or the problem seems to be something about the
|
||||
ENGINE API itself (ie. not necessarily specific to a particular ENGINE
|
||||
implementation) then you should mail complete details to the relevant
|
||||
OpenSSL mailing list. For a definition of "complete details", refer to
|
||||
the OpenSSL "README" file. As for which list to send it to;
|
||||
|
||||
Because of this experimental status and what's lacking, the ENGINE
|
||||
component is not yet part of the default OpenSSL distribution. However,
|
||||
we have made a separate kit for those who want to try this out, to be
|
||||
found in the same places as the default OpenSSL distribution, but with
|
||||
"-engine-" being part of the kit file name. For example, version 0.9.6
|
||||
is distributed in the following two files:
|
||||
openssl-users: if you are *using* the ENGINE abstraction, either in an
|
||||
pre-compiled application or in your own application code.
|
||||
|
||||
openssl-0.9.6.tar.gz
|
||||
openssl-engine-0.9.6.tar.gz
|
||||
openssl-dev: if you are discussing problems with OpenSSL source code.
|
||||
|
||||
NOTES
|
||||
USAGE
|
||||
=====
|
||||
|
||||
openssl-engine-0.9.6.tar.gz does not depend on openssl-0.9.6.tar, you do
|
||||
not need to download both.
|
||||
The default "openssl" ENGINE is always chosen when performing crypto
|
||||
operations unless you specify otherwise. You must actively tell the
|
||||
openssl utility commands to use anything else through a new command line
|
||||
switch called "-engine". Also, if you want to use the ENGINE support in
|
||||
your own code to do something similar, you must likewise explicitly
|
||||
select the ENGINE implementation you want.
|
||||
|
||||
openssl-engine-0.9.6.tar.gz is usable even if you don't have an external
|
||||
crypto device. The internal OpenSSL functions are contained in the
|
||||
engine "openssl", and will be used by default.
|
||||
Depending on the type of hardware, system, and configuration, "settings"
|
||||
may need to be applied to an ENGINE for it to function as expected/hoped.
|
||||
The recommended way of doing this is for the application to support
|
||||
ENGINE "control commands" so that each ENGINE implementation can provide
|
||||
whatever configuration primitives it might require and the application
|
||||
can allow the user/admin (and thus the hardware vendor's support desk
|
||||
also) to provide any such input directly to the ENGINE implementation.
|
||||
This way, applications do not need to know anything specific to any
|
||||
device, they only need to provide the means to carry such user/admin
|
||||
input through to the ENGINE in question. Ie. this connects *you* (and
|
||||
your helpdesk) to the specific ENGINE implementation (and device), and
|
||||
allows application authors to not get buried in hassle supporting
|
||||
arbitrary devices they know (and care) nothing about.
|
||||
|
||||
No external crypto device is chosen unless you say so. You have actively
|
||||
tell the openssl utility commands to use it through a new command line
|
||||
switch called "-engine". And if you want to use the ENGINE library to
|
||||
do something similar, you must also explicitly choose an external crypto
|
||||
device, or the built-in crypto routines will be used, just as in the
|
||||
default OpenSSL distribution.
|
||||
A new "openssl" utility, "openssl engine", has been added in that allows
|
||||
for testing and examination of ENGINE implementations. Basic usage
|
||||
instructions are available by specifying the "-?" command line switch.
|
||||
|
||||
DYNAMIC ENGINES
|
||||
===============
|
||||
|
||||
The new "dynamic" ENGINE provides a low-overhead way to support ENGINE
|
||||
implementations that aren't pre-compiled and linked into OpenSSL-based
|
||||
applications. This could be because existing compiled-in implementations
|
||||
have known problems and you wish to use a newer version with an existing
|
||||
application. It could equally be because the application (or OpenSSL
|
||||
library) you are using simply doesn't have support for the ENGINE you
|
||||
wish to use, and the ENGINE provider (eg. hardware vendor) is providing
|
||||
you with a self-contained implementation in the form of a shared-library.
|
||||
The other use-case for "dynamic" is with applications that wish to
|
||||
maintain the smallest foot-print possible and so do not link in various
|
||||
ENGINE implementations from OpenSSL, but instead leaves you to provide
|
||||
them, if you want them, in the form of "dynamic"-loadable
|
||||
shared-libraries. It should be possible for hardware vendors to provide
|
||||
their own shared-libraries to support arbitrary hardware to work with
|
||||
applications based on OpenSSL 0.9.7 or later. If you're using an
|
||||
application based on 0.9.7 (or later) and the support you desire is only
|
||||
announced for versions later than the one you need, ask the vendor to
|
||||
backport their ENGINE to the version you need.
|
||||
|
||||
How does "dynamic" work?
|
||||
------------------------
|
||||
The dynamic ENGINE has a special flag in its implementation such that
|
||||
every time application code asks for the 'dynamic' ENGINE, it in fact
|
||||
gets its own copy of it. As such, multi-threaded code (or code that
|
||||
multiplexes multiple uses of 'dynamic' in a single application in any
|
||||
way at all) does not get confused by 'dynamic' being used to do many
|
||||
independent things. Other ENGINEs typically don't do this so there is
|
||||
only ever 1 ENGINE structure of its type (and reference counts are used
|
||||
to keep order). The dynamic ENGINE itself provides absolutely no
|
||||
cryptographic functionality, and any attempt to "initialise" the ENGINE
|
||||
automatically fails. All it does provide are a few "control commands"
|
||||
that can be used to control how it will load an external ENGINE
|
||||
implementation from a shared-library. To see these control commands,
|
||||
use the command-line;
|
||||
|
||||
openssl engine -vvvv dynamic
|
||||
|
||||
The "SO_PATH" control command should be used to identify the
|
||||
shared-library that contains the ENGINE implementation, and "NO_VCHECK"
|
||||
might possibly be useful if there is a minor version conflict and you
|
||||
(or a vendor helpdesk) is convinced you can safely ignore it.
|
||||
"ID" is probably only needed if a shared-library implements
|
||||
multiple ENGINEs, but if you know the engine id you expect to be using,
|
||||
it doesn't hurt to specify it (and this provides a sanity check if
|
||||
nothing else). "LIST_ADD" is only required if you actually wish the
|
||||
loaded ENGINE to be discoverable by application code later on using the
|
||||
ENGINE's "id". For most applications, this isn't necessary - but some
|
||||
application authors may have nifty reasons for using it. The "LOAD"
|
||||
command is the only one that takes no parameters and is the command
|
||||
that uses the settings from any previous commands to actually *load*
|
||||
the shared-library ENGINE implementation. If this command succeeds, the
|
||||
(copy of the) 'dynamic' ENGINE will magically morph into the ENGINE
|
||||
that has been loaded from the shared-library. As such, any control
|
||||
commands supported by the loaded ENGINE could then be executed as per
|
||||
normal. Eg. if ENGINE "foo" is implemented in the shared-library
|
||||
"libfoo.so" and it supports some special control command "CMD_FOO", the
|
||||
following code would load and use it (NB: obviously this code has no
|
||||
error checking);
|
||||
|
||||
ENGINE *e = ENGINE_by_id("dynamic");
|
||||
ENGINE_ctrl_cmd_string(e, "SO_PATH", "/lib/libfoo.so", 0);
|
||||
ENGINE_ctrl_cmd_string(e, "ID", "foo", 0);
|
||||
ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0);
|
||||
ENGINE_ctrl_cmd_string(e, "CMD_FOO", "some input data", 0);
|
||||
|
||||
For testing, the "openssl engine" utility can be useful for this sort
|
||||
of thing. For example the above code excerpt would achieve much the
|
||||
same result as;
|
||||
|
||||
openssl engine dynamic \
|
||||
-pre SO_PATH:/lib/libfoo.so \
|
||||
-pre ID:foo \
|
||||
-pre LOAD \
|
||||
-pre "CMD_FOO:some input data"
|
||||
|
||||
Or to simply see the list of commands supported by the "foo" ENGINE;
|
||||
|
||||
openssl engine -vvvv dynamic \
|
||||
-pre SO_PATH:/lib/libfoo.so \
|
||||
-pre ID:foo \
|
||||
-pre LOAD
|
||||
|
||||
Applications that support the ENGINE API and more specifically, the
|
||||
"control commands" mechanism, will provide some way for you to pass
|
||||
such commands through to ENGINEs. As such, you would select "dynamic"
|
||||
as the ENGINE to use, and the parameters/commands you pass would
|
||||
control the *actual* ENGINE used. Each command is actually a name-value
|
||||
pair and the value can sometimes be omitted (eg. the "LOAD" command).
|
||||
Whilst the syntax demonstrated in "openssl engine" uses a colon to
|
||||
separate the command name from the value, applications may provide
|
||||
their own syntax for making that separation (eg. a win32 registry
|
||||
key-value pair may be used by some applications). The reason for the
|
||||
"-pre" syntax in the "openssl engine" utility is that some commands
|
||||
might be issued to an ENGINE *after* it has been initialised for use.
|
||||
Eg. if an ENGINE implementation requires a smart-card to be inserted
|
||||
during initialisation (or a PIN to be typed, or whatever), there may be
|
||||
a control command you can issue afterwards to "forget" the smart-card
|
||||
so that additional initialisation is no longer possible. In
|
||||
applications such as web-servers, where potentially volatile code may
|
||||
run on the same host system, this may provide some arguable security
|
||||
value. In such a case, the command would be passed to the ENGINE after
|
||||
it has been initialised for use, and so the "-post" switch would be
|
||||
used instead. Applications may provide a different syntax for
|
||||
supporting this distinction, and some may simply not provide it at all
|
||||
("-pre" is almost always what you're after, in reality).
|
||||
|
||||
How do I build a "dynamic" ENGINE?
|
||||
----------------------------------
|
||||
This question is trickier - currently OpenSSL bundles various ENGINE
|
||||
implementations that are statically built in, and any application that
|
||||
calls the "ENGINE_load_builtin_engines()" function will automatically
|
||||
have all such ENGINEs available (and occupying memory). Applications
|
||||
that don't call that function have no ENGINEs available like that and
|
||||
would have to use "dynamic" to load any such ENGINE - but on the other
|
||||
hand such applications would only have the memory footprint of any
|
||||
ENGINEs explicitly loaded using user/admin provided control commands.
|
||||
The main advantage of not statically linking ENGINEs and only using
|
||||
"dynamic" for hardware support is that any installation using no
|
||||
"external" ENGINE suffers no unnecessary memory footprint from unused
|
||||
ENGINEs. Likewise, installations that do require an ENGINE incur the
|
||||
overheads from only *that* ENGINE once it has been loaded.
|
||||
|
||||
Sounds good? Maybe, but currently building an ENGINE implementation as
|
||||
a shared-library that can be loaded by "dynamic" isn't automated in
|
||||
OpenSSL's build process. It can be done manually quite easily however.
|
||||
Such a shared-library can either be built with any OpenSSL code it
|
||||
needs statically linked in, or it can link dynamically against OpenSSL
|
||||
if OpenSSL itself is built as a shared library. The instructions are
|
||||
the same in each case, but in the former (statically linked any
|
||||
dependencies on OpenSSL) you must ensure OpenSSL is built with
|
||||
position-independent code ("PIC"). The default OpenSSL compilation may
|
||||
already specify the relevant flags to do this, but you should consult
|
||||
with your compiler documentation if you are in any doubt.
|
||||
|
||||
This example will show building the "atalla" ENGINE in the
|
||||
crypto/engine/ directory as a shared-library for use via the "dynamic"
|
||||
ENGINE.
|
||||
1) "cd" to the crypto/engine/ directory of a pre-compiled OpenSSL
|
||||
source tree.
|
||||
2) Recompile at least one source file so you can see all the compiler
|
||||
flags (and syntax) being used to build normally. Eg;
|
||||
touch hw_atalla.c ; make
|
||||
will rebuild "hw_atalla.o" using all such flags.
|
||||
3) Manually enter the same compilation line to compile the
|
||||
"hw_atalla.c" file but with the following two changes;
|
||||
(a) add "-DENGINE_DYNAMIC_SUPPORT" to the command line switches,
|
||||
(b) change the output file from "hw_atalla.o" to something new,
|
||||
eg. "tmp_atalla.o"
|
||||
4) Link "tmp_atalla.o" into a shared-library using the top-level
|
||||
OpenSSL libraries to resolve any dependencies. The syntax for doing
|
||||
this depends heavily on your system/compiler and is a nightmare
|
||||
known well to anyone who has worked with shared-library portability
|
||||
before. 'gcc' on Linux, for example, would use the following syntax;
|
||||
gcc -shared -o dyn_atalla.so tmp_atalla.o -L../.. -lcrypto
|
||||
5) Test your shared library using "openssl engine" as explained in the
|
||||
previous section. Eg. from the top-level directory, you might try;
|
||||
apps/openssl engine -vvvv dynamic \
|
||||
-pre SO_PATH:./crypto/engine/dyn_atalla.so -pre LOAD
|
||||
If the shared-library loads successfully, you will see both "-pre"
|
||||
commands marked as "SUCCESS" and the list of control commands
|
||||
displayed (because of "-vvvv") will be the control commands for the
|
||||
*atalla* ENGINE (ie. *not* the 'dynamic' ENGINE). You can also add
|
||||
the "-t" switch to the utility if you want it to try and initialise
|
||||
the atalla ENGINE for use to test any possible hardware/driver
|
||||
issues.
|
||||
|
||||
PROBLEMS
|
||||
========
|
||||
|
||||
It seems like the ENGINE part doesn't work too well with CryptoSwift on
|
||||
Win32. A quick test done right before the release showed that trying
|
||||
"openssl speed -engine cswift" generated errors. If the DSO gets enabled,
|
||||
an attempt is made to write at memory address 0x00000002.
|
||||
It seems like the ENGINE part doesn't work too well with CryptoSwift on Win32.
|
||||
A quick test done right before the release showed that trying "openssl speed
|
||||
-engine cswift" generated errors. If the DSO gets enabled, an attempt is made
|
||||
to write at memory address 0x00000002.
|
||||
|
||||
|
@ -5,7 +5,7 @@
|
||||
# things easier between now and when Eric is convinced to fix it :-)
|
||||
#
|
||||
# CA -newca ... will setup the right stuff
|
||||
# CA -newreq ... will generate a certificate request
|
||||
# CA -newreq[-nodes] ... will generate a certificate request
|
||||
# CA -sign ... will sign the generated request and output
|
||||
#
|
||||
# At the end of that grab newreq.pem and newcert.pem (one has the key
|
||||
@ -54,7 +54,7 @@ $RET = 0;
|
||||
|
||||
foreach (@ARGV) {
|
||||
if ( /^(-\?|-h|-help)$/ ) {
|
||||
print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
|
||||
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
|
||||
exit 0;
|
||||
} elsif (/^-newcert$/) {
|
||||
# create a certificate
|
||||
@ -66,6 +66,11 @@ foreach (@ARGV) {
|
||||
system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
|
||||
$RET=$?;
|
||||
print "Request (and private key) is in newreq.pem\n";
|
||||
} elsif (/^-newreq-nodes$/) {
|
||||
# create a certificate request
|
||||
system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");
|
||||
$RET=$?;
|
||||
print "Request (and private key) is in newreq.pem\n";
|
||||
} elsif (/^-newca$/) {
|
||||
# if explicitly asked for or it doesn't exist then setup the
|
||||
# directory structure that Eric likes to manage things
|
||||
@ -143,7 +148,7 @@ foreach (@ARGV) {
|
||||
}
|
||||
} else {
|
||||
print STDERR "Unknown arg $_\n";
|
||||
print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
|
||||
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
|
||||
exit 1;
|
||||
}
|
||||
}
|
||||
|
@ -5,7 +5,7 @@
|
||||
# things easier between now and when Eric is convinced to fix it :-)
|
||||
#
|
||||
# CA -newca ... will setup the right stuff
|
||||
# CA -newreq ... will generate a certificate request
|
||||
# CA -newreq[-nodes] ... will generate a certificate request
|
||||
# CA -sign ... will sign the generated request and output
|
||||
#
|
||||
# At the end of that grab newreq.pem and newcert.pem (one has the key
|
||||
@ -54,7 +54,7 @@ $RET = 0;
|
||||
|
||||
foreach (@ARGV) {
|
||||
if ( /^(-\?|-h|-help)$/ ) {
|
||||
print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
|
||||
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
|
||||
exit 0;
|
||||
} elsif (/^-newcert$/) {
|
||||
# create a certificate
|
||||
@ -66,6 +66,11 @@ foreach (@ARGV) {
|
||||
system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
|
||||
$RET=$?;
|
||||
print "Request (and private key) is in newreq.pem\n";
|
||||
} elsif (/^-newreq-nodes$/) {
|
||||
# create a certificate request
|
||||
system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");
|
||||
$RET=$?;
|
||||
print "Request (and private key) is in newreq.pem\n";
|
||||
} elsif (/^-newca$/) {
|
||||
# if explicitly asked for or it doesn't exist then setup the
|
||||
# directory structure that Eric likes to manage things
|
||||
@ -143,7 +148,7 @@ foreach (@ARGV) {
|
||||
}
|
||||
} else {
|
||||
print STDERR "Unknown arg $_\n";
|
||||
print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
|
||||
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
|
||||
exit 1;
|
||||
}
|
||||
}
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -124,7 +124,7 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
|
||||
int consider_randfile = (file == NULL);
|
||||
char buffer[200];
|
||||
|
||||
#ifdef WINDOWS
|
||||
#ifdef OPENSSL_SYS_WINDOWS
|
||||
BIO_printf(bio_e,"Loading 'screen' into random state -");
|
||||
BIO_flush(bio_e);
|
||||
RAND_screen();
|
||||
@ -142,18 +142,21 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
|
||||
}
|
||||
if (file == NULL || !RAND_load_file(file, -1))
|
||||
{
|
||||
if (RAND_status() == 0 && !dont_warn)
|
||||
if (RAND_status() == 0)
|
||||
{
|
||||
BIO_printf(bio_e,"unable to load 'random state'\n");
|
||||
BIO_printf(bio_e,"This means that the random number generator has not been seeded\n");
|
||||
BIO_printf(bio_e,"with much random data.\n");
|
||||
if (consider_randfile) /* explanation does not apply when a file is explicitly named */
|
||||
if (!dont_warn)
|
||||
{
|
||||
BIO_printf(bio_e,"Consider setting the RANDFILE environment variable to point at a file that\n");
|
||||
BIO_printf(bio_e,"'random' data can be kept in (the file will be overwritten).\n");
|
||||
BIO_printf(bio_e,"unable to load 'random state'\n");
|
||||
BIO_printf(bio_e,"This means that the random number generator has not been seeded\n");
|
||||
BIO_printf(bio_e,"with much random data.\n");
|
||||
if (consider_randfile) /* explanation does not apply when a file is explicitly named */
|
||||
{
|
||||
BIO_printf(bio_e,"Consider setting the RANDFILE environment variable to point at a file that\n");
|
||||
BIO_printf(bio_e,"'random' data can be kept in (the file will be overwritten).\n");
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
seeded = 1;
|
||||
return 1;
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -55,11 +55,64 @@
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef HEADER_APPS_H
|
||||
#define HEADER_APPS_H
|
||||
|
||||
#include "openssl/e_os.h"
|
||||
#include "e_os.h"
|
||||
|
||||
#include <openssl/buffer.h>
|
||||
#include <openssl/bio.h>
|
||||
@ -67,6 +120,9 @@
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/lhash.h>
|
||||
#include <openssl/conf.h>
|
||||
#include <openssl/txt_db.h>
|
||||
#include <openssl/engine.h>
|
||||
#include <openssl/ossl_typ.h>
|
||||
|
||||
int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
|
||||
int app_RAND_write_file(const char *file, BIO *bio_e);
|
||||
@ -78,29 +134,33 @@ long app_RAND_load_files(char *file); /* `file' is a list of files to read,
|
||||
* (see e_os.h). The string is
|
||||
* destroyed! */
|
||||
|
||||
#ifdef NO_STDIO
|
||||
BIO_METHOD *BIO_s_file();
|
||||
#endif
|
||||
|
||||
#ifdef WIN32
|
||||
#ifdef OPENSSL_SYS_WIN32
|
||||
#define rename(from,to) WIN32_rename((from),(to))
|
||||
int WIN32_rename(char *oldname,char *newname);
|
||||
#endif
|
||||
|
||||
/* VMS below version 7.0 doesn't have strcasecmp() */
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
#define strcasecmp(str1,str2) VMS_strcasecmp((str1),(str2))
|
||||
int VMS_strcasecmp(const char *str1, const char *str2);
|
||||
#endif
|
||||
|
||||
#ifndef MONOLITH
|
||||
|
||||
#define MAIN(a,v) main(a,v)
|
||||
|
||||
#ifndef NON_MAIN
|
||||
CONF *config=NULL;
|
||||
BIO *bio_err=NULL;
|
||||
#else
|
||||
extern CONF *config;
|
||||
extern BIO *bio_err;
|
||||
#endif
|
||||
|
||||
#else
|
||||
|
||||
#define MAIN(a,v) PROG(a,v)
|
||||
extern LHASH *config;
|
||||
extern CONF *config;
|
||||
extern char *default_config_file;
|
||||
extern BIO *bio_err;
|
||||
|
||||
@ -115,21 +175,34 @@ extern BIO *bio_err;
|
||||
#endif
|
||||
|
||||
#if defined(MONOLITH) && !defined(OPENSSL_C)
|
||||
# define apps_startup() do_pipe_sig()
|
||||
# define apps_startup() \
|
||||
do_pipe_sig()
|
||||
# define apps_shutdown()
|
||||
#else
|
||||
# if defined(MSDOS) || defined(WIN16) || defined(WIN32)
|
||||
# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \
|
||||
defined(OPENSSL_SYS_WIN32)
|
||||
# ifdef _O_BINARY
|
||||
# define apps_startup() \
|
||||
_fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
|
||||
SSLeay_add_all_algorithms()
|
||||
do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
|
||||
ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
|
||||
ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
|
||||
# else
|
||||
# define apps_startup() \
|
||||
_fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
|
||||
SSLeay_add_all_algorithms()
|
||||
do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
|
||||
ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
|
||||
ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
|
||||
# endif
|
||||
# else
|
||||
# define apps_startup() do_pipe_sig(); SSLeay_add_all_algorithms();
|
||||
# define apps_startup() \
|
||||
do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \
|
||||
ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \
|
||||
setup_ui_method(); } while(0)
|
||||
# endif
|
||||
# define apps_shutdown() \
|
||||
do { CONF_modules_unload(1); destroy_ui_method(); \
|
||||
EVP_cleanup(); ENGINE_cleanup(); \
|
||||
CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
|
||||
ERR_free_strings(); } while(0)
|
||||
#endif
|
||||
|
||||
typedef struct args_st
|
||||
@ -138,6 +211,19 @@ typedef struct args_st
|
||||
int count;
|
||||
} ARGS;
|
||||
|
||||
#define PW_MIN_LENGTH 4
|
||||
typedef struct pw_cb_data
|
||||
{
|
||||
const void *password;
|
||||
const char *prompt_info;
|
||||
} PW_CB_DATA;
|
||||
|
||||
int password_callback(char *buf, int bufsiz, int verify,
|
||||
PW_CB_DATA *cb_data);
|
||||
|
||||
int setup_ui_method(void);
|
||||
void destroy_ui_method(void);
|
||||
|
||||
int should_retry(int i);
|
||||
int args_from_file(char *file, int *argc, char **argv[]);
|
||||
int str2fmt(char *s);
|
||||
@ -147,13 +233,32 @@ int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
|
||||
int dump_cert_text(BIO *out, X509 *x);
|
||||
void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags);
|
||||
#endif
|
||||
int set_cert_ex(unsigned long *flags, const char *arg);
|
||||
int set_name_ex(unsigned long *flags, const char *arg);
|
||||
int set_ext_copy(int *copy_type, const char *arg);
|
||||
int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
|
||||
int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
|
||||
int add_oid_section(BIO *err, LHASH *conf);
|
||||
X509 *load_cert(BIO *err, char *file, int format);
|
||||
EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass);
|
||||
EVP_PKEY *load_pubkey(BIO *err, char *file, int format);
|
||||
STACK_OF(X509) *load_certs(BIO *err, char *file, int format);
|
||||
int add_oid_section(BIO *err, CONF *conf);
|
||||
X509 *load_cert(BIO *err, const char *file, int format,
|
||||
const char *pass, ENGINE *e, const char *cert_descrip);
|
||||
EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
|
||||
const char *pass, ENGINE *e, const char *key_descrip);
|
||||
EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
|
||||
const char *pass, ENGINE *e, const char *key_descrip);
|
||||
STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
|
||||
const char *pass, ENGINE *e, const char *cert_descrip);
|
||||
X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
|
||||
ENGINE *setup_engine(BIO *err, const char *engine, int debug);
|
||||
|
||||
int load_config(BIO *err, CONF *cnf);
|
||||
char *make_config_name(void);
|
||||
|
||||
/* Functions defined in ca.c and also used in ocsp.c */
|
||||
int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
|
||||
ASN1_GENERALIZEDTIME **pinvtm, char *str);
|
||||
int make_serial_index(TXT_DB *db);
|
||||
|
||||
X509_NAME *do_subject(char *str, long chtype);
|
||||
|
||||
#define FORMAT_UNDEF 0
|
||||
#define FORMAT_ASN1 1
|
||||
@ -162,6 +267,13 @@ STACK_OF(X509) *load_certs(BIO *err, char *file, int format);
|
||||
#define FORMAT_NETSCAPE 4
|
||||
#define FORMAT_PKCS12 5
|
||||
#define FORMAT_SMIME 6
|
||||
#define FORMAT_ENGINE 7
|
||||
#define FORMAT_IISSGC 8 /* XXX this stupid macro helps us to avoid
|
||||
* adding yet another param to load_*key() */
|
||||
|
||||
#define EXT_COPY_NONE 0
|
||||
#define EXT_COPY_ADD 1
|
||||
#define EXT_COPY_ALL 2
|
||||
|
||||
#define NETSCAPE_CERT_HDR "certificate"
|
||||
|
||||
|
@ -103,6 +103,9 @@ int MAIN(int argc, char **argv)
|
||||
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
prog=argv[0];
|
||||
argc--;
|
||||
argv++;
|
||||
@ -205,7 +208,7 @@ int MAIN(int argc, char **argv)
|
||||
goto end;
|
||||
}
|
||||
BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
|
||||
#ifdef VMS
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -328,6 +331,7 @@ int MAIN(int argc, char **argv)
|
||||
if (at != NULL) ASN1_TYPE_free(at);
|
||||
if (osk != NULL) sk_free(osk);
|
||||
OBJ_cleanup();
|
||||
EXIT(ret);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -59,7 +59,7 @@
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#ifdef NO_STDIO
|
||||
#ifdef OPENSSL_NO_STDIO
|
||||
#define APPS_WIN16
|
||||
#endif
|
||||
#include "apps.h"
|
||||
@ -95,11 +95,11 @@ int MAIN(int argc, char **argv)
|
||||
char buf[512];
|
||||
BIO *STDout=NULL;
|
||||
|
||||
#if !defined(NO_SSL2) && !defined(NO_SSL3)
|
||||
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
|
||||
meth=SSLv23_server_method();
|
||||
#elif !defined(NO_SSL3)
|
||||
#elif !defined(OPENSSL_NO_SSL3)
|
||||
meth=SSLv3_server_method();
|
||||
#elif !defined(NO_SSL2)
|
||||
#elif !defined(OPENSSL_NO_SSL2)
|
||||
meth=SSLv2_server_method();
|
||||
#endif
|
||||
|
||||
@ -108,7 +108,7 @@ int MAIN(int argc, char **argv)
|
||||
if (bio_err == NULL)
|
||||
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
|
||||
STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
|
||||
#ifdef VMS
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
STDout = BIO_push(tmpbio, STDout);
|
||||
@ -121,15 +121,15 @@ int MAIN(int argc, char **argv)
|
||||
{
|
||||
if (strcmp(*argv,"-v") == 0)
|
||||
verbose=1;
|
||||
#ifndef NO_SSL2
|
||||
#ifndef OPENSSL_NO_SSL2
|
||||
else if (strcmp(*argv,"-ssl2") == 0)
|
||||
meth=SSLv2_client_method();
|
||||
#endif
|
||||
#ifndef NO_SSL3
|
||||
#ifndef OPENSSL_NO_SSL3
|
||||
else if (strcmp(*argv,"-ssl3") == 0)
|
||||
meth=SSLv3_client_method();
|
||||
#endif
|
||||
#ifndef NO_TLS1
|
||||
#ifndef OPENSSL_NO_TLS1
|
||||
else if (strcmp(*argv,"-tls1") == 0)
|
||||
meth=TLSv1_client_method();
|
||||
#endif
|
||||
@ -150,7 +150,7 @@ int MAIN(int argc, char **argv)
|
||||
if (badops)
|
||||
{
|
||||
for (pp=ciphers_usage; (*pp != NULL); pp++)
|
||||
BIO_printf(bio_err,*pp);
|
||||
BIO_printf(bio_err,"%s",*pp);
|
||||
goto end;
|
||||
}
|
||||
|
||||
@ -187,7 +187,7 @@ int MAIN(int argc, char **argv)
|
||||
{
|
||||
BIO_puts(STDout,SSL_CIPHER_description(
|
||||
sk_SSL_CIPHER_value(sk,i),
|
||||
buf,512));
|
||||
buf,sizeof buf));
|
||||
}
|
||||
}
|
||||
|
||||
@ -202,6 +202,7 @@ int MAIN(int argc, char **argv)
|
||||
if (ctx != NULL) SSL_CTX_free(ctx);
|
||||
if (ssl != NULL) SSL_free(ssl);
|
||||
if (STDout != NULL) BIO_free_all(STDout);
|
||||
EXIT(ret);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
|
@ -87,6 +87,7 @@ static char *crl_usage[]={
|
||||
" -noout - no CRL output\n",
|
||||
" -CAfile name - verify CRL using certificates in file \"name\"\n",
|
||||
" -CApath dir - verify CRL using certificates in \"dir\"\n",
|
||||
" -nameopt arg - various certificate name options\n",
|
||||
NULL
|
||||
};
|
||||
|
||||
@ -97,6 +98,7 @@ int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
unsigned long nmflag = 0;
|
||||
X509_CRL *x=NULL;
|
||||
char *CAfile = NULL, *CApath = NULL;
|
||||
int ret=1,i,num,badops=0;
|
||||
@ -105,7 +107,7 @@ int MAIN(int argc, char **argv)
|
||||
char *infile=NULL,*outfile=NULL;
|
||||
int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
|
||||
int fingerprint = 0;
|
||||
char **pp,buf[256];
|
||||
char **pp;
|
||||
X509_STORE *store = NULL;
|
||||
X509_STORE_CTX ctx;
|
||||
X509_LOOKUP *lookup = NULL;
|
||||
@ -120,11 +122,14 @@ int MAIN(int argc, char **argv)
|
||||
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
if (bio_out == NULL)
|
||||
if ((bio_out=BIO_new(BIO_s_file())) != NULL)
|
||||
{
|
||||
BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
|
||||
#ifdef VMS
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
bio_out = BIO_push(tmpbio, bio_out);
|
||||
@ -185,6 +190,11 @@ int MAIN(int argc, char **argv)
|
||||
text = 1;
|
||||
else if (strcmp(*argv,"-hash") == 0)
|
||||
hash= ++num;
|
||||
else if (strcmp(*argv,"-nameopt") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
if (!set_name_ex(&nmflag, *(++argv))) goto bad;
|
||||
}
|
||||
else if (strcmp(*argv,"-issuer") == 0)
|
||||
issuer= ++num;
|
||||
else if (strcmp(*argv,"-lastupdate") == 0)
|
||||
@ -214,7 +224,7 @@ int MAIN(int argc, char **argv)
|
||||
{
|
||||
bad:
|
||||
for (pp=crl_usage; (*pp != NULL); pp++)
|
||||
BIO_printf(bio_err,*pp);
|
||||
BIO_printf(bio_err,"%s",*pp);
|
||||
goto end;
|
||||
}
|
||||
|
||||
@ -235,7 +245,11 @@ int MAIN(int argc, char **argv)
|
||||
X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
|
||||
ERR_clear_error();
|
||||
|
||||
X509_STORE_CTX_init(&ctx, store, NULL, NULL);
|
||||
if(!X509_STORE_CTX_init(&ctx, store, NULL, NULL)) {
|
||||
BIO_printf(bio_err,
|
||||
"Error initialising X509 store\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
i = X509_STORE_get_by_subject(&ctx, X509_LU_X509,
|
||||
X509_CRL_get_issuer(x), &xobj);
|
||||
@ -264,9 +278,7 @@ int MAIN(int argc, char **argv)
|
||||
{
|
||||
if (issuer == i)
|
||||
{
|
||||
X509_NAME_oneline(X509_CRL_get_issuer(x),
|
||||
buf,256);
|
||||
BIO_printf(bio_out,"issuer= %s\n",buf);
|
||||
print_name(bio_out, "issuer=", X509_CRL_get_issuer(x), nmflag);
|
||||
}
|
||||
|
||||
if (hash == i)
|
||||
@ -324,7 +336,7 @@ int MAIN(int argc, char **argv)
|
||||
if (outfile == NULL)
|
||||
{
|
||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||
#ifdef VMS
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -364,7 +376,8 @@ int MAIN(int argc, char **argv)
|
||||
X509_STORE_CTX_cleanup(&ctx);
|
||||
X509_STORE_free(store);
|
||||
}
|
||||
EXIT(ret);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
static X509_CRL *load_crl(char *infile, int format)
|
||||
|
@ -166,7 +166,8 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err," -certfile arg certificates file of chain to a trusted CA\n");
|
||||
BIO_printf(bio_err," (can be used more than once)\n");
|
||||
BIO_printf(bio_err," -nocrl no crl to load, just certs from '-certfile'\n");
|
||||
EXIT(1);
|
||||
ret = 1;
|
||||
goto end;
|
||||
}
|
||||
|
||||
ERR_load_crypto_strings();
|
||||
@ -241,7 +242,7 @@ int MAIN(int argc, char **argv)
|
||||
if (outfile == NULL)
|
||||
{
|
||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||
#ifdef VMS
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -278,7 +279,8 @@ int MAIN(int argc, char **argv)
|
||||
if (p7 != NULL) PKCS7_free(p7);
|
||||
if (crl != NULL) X509_CRL_free(crl);
|
||||
|
||||
EXIT(ret);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -73,13 +73,15 @@
|
||||
#undef PROG
|
||||
#define PROG dgst_main
|
||||
|
||||
void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
|
||||
EVP_PKEY *key, unsigned char *sigin, int siglen);
|
||||
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
|
||||
EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
|
||||
const char *file);
|
||||
|
||||
int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
ENGINE *e = NULL;
|
||||
unsigned char *buf=NULL;
|
||||
int i,err=0;
|
||||
const EVP_MD *md=NULL,*m;
|
||||
@ -91,12 +93,14 @@ int MAIN(int argc, char **argv)
|
||||
char pname[PROG_NAME_SIZE+1];
|
||||
int separator=0;
|
||||
int debug=0;
|
||||
int keyform=FORMAT_PEM;
|
||||
const char *outfile = NULL, *keyfile = NULL;
|
||||
const char *sigfile = NULL, *randfile = NULL;
|
||||
int out_bin = -1, want_pub = 0, do_verify = 0;
|
||||
EVP_PKEY *sigkey = NULL;
|
||||
unsigned char *sigbuf = NULL;
|
||||
int siglen = 0;
|
||||
char *engine=NULL;
|
||||
|
||||
apps_startup();
|
||||
|
||||
@ -109,8 +113,11 @@ int MAIN(int argc, char **argv)
|
||||
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
/* first check the program name */
|
||||
program_name(argv[0],pname,PROG_NAME_SIZE);
|
||||
program_name(argv[0],pname,sizeof pname);
|
||||
|
||||
md=EVP_get_digestbyname(pname);
|
||||
|
||||
@ -154,6 +161,16 @@ int MAIN(int argc, char **argv)
|
||||
if (--argc < 1) break;
|
||||
sigfile=*(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-keyform") == 0)
|
||||
{
|
||||
if (--argc < 1) break;
|
||||
keyform=str2fmt(*(++argv));
|
||||
}
|
||||
else if (strcmp(*argv,"-engine") == 0)
|
||||
{
|
||||
if (--argc < 1) break;
|
||||
engine= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-hex") == 0)
|
||||
out_bin = 0;
|
||||
else if (strcmp(*argv,"-binary") == 0)
|
||||
@ -188,8 +205,10 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err,"-sign file sign digest using private key in file\n");
|
||||
BIO_printf(bio_err,"-verify file verify a signature using public key in file\n");
|
||||
BIO_printf(bio_err,"-prverify file verify a signature using private key in file\n");
|
||||
BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGINE)\n");
|
||||
BIO_printf(bio_err,"-signature file signature to verify\n");
|
||||
BIO_printf(bio_err,"-binary output in binary form\n");
|
||||
BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n");
|
||||
|
||||
BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
|
||||
LN_md5,LN_md5);
|
||||
@ -209,6 +228,8 @@ int MAIN(int argc, char **argv)
|
||||
goto end;
|
||||
}
|
||||
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
|
||||
in=BIO_new(BIO_s_file());
|
||||
bmd=BIO_new(BIO_f_md());
|
||||
if (debug)
|
||||
@ -238,7 +259,7 @@ int MAIN(int argc, char **argv)
|
||||
else out = BIO_new_file(outfile, "w");
|
||||
} else {
|
||||
out = BIO_new_fp(stdout, BIO_NOCLOSE);
|
||||
#ifdef VMS
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -253,27 +274,21 @@ int MAIN(int argc, char **argv)
|
||||
goto end;
|
||||
}
|
||||
|
||||
if(keyfile) {
|
||||
BIO *keybio;
|
||||
keybio = BIO_new_file(keyfile, "r");
|
||||
if(!keybio) {
|
||||
BIO_printf(bio_err, "Error opening key file %s\n",
|
||||
keyfile);
|
||||
ERR_print_errors(bio_err);
|
||||
if(keyfile)
|
||||
{
|
||||
if (want_pub)
|
||||
sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL,
|
||||
e, "key file");
|
||||
else
|
||||
sigkey = load_key(bio_err, keyfile, keyform, 0, NULL,
|
||||
e, "key file");
|
||||
if (!sigkey)
|
||||
{
|
||||
/* load_[pub]key() has already printed an appropriate
|
||||
message */
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if(want_pub)
|
||||
sigkey = PEM_read_bio_PUBKEY(keybio, NULL, NULL, NULL);
|
||||
else sigkey = PEM_read_bio_PrivateKey(keybio, NULL, NULL, NULL);
|
||||
BIO_free(keybio);
|
||||
if(!sigkey) {
|
||||
BIO_printf(bio_err, "Error reading key file %s\n",
|
||||
keyfile);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if(sigfile && sigkey) {
|
||||
BIO *sigbio;
|
||||
@ -305,29 +320,43 @@ int MAIN(int argc, char **argv)
|
||||
if (argc == 0)
|
||||
{
|
||||
BIO_set_fp(in,stdin,BIO_NOCLOSE);
|
||||
do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf, siglen);
|
||||
err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf,
|
||||
siglen,"","(stdin)");
|
||||
}
|
||||
else
|
||||
{
|
||||
name=OBJ_nid2sn(md->type);
|
||||
for (i=0; i<argc; i++)
|
||||
{
|
||||
char *tmp,*tofree=NULL;
|
||||
int r;
|
||||
|
||||
if (BIO_read_filename(in,argv[i]) <= 0)
|
||||
{
|
||||
perror(argv[i]);
|
||||
err++;
|
||||
continue;
|
||||
}
|
||||
if(!out_bin) BIO_printf(out, "%s(%s)= ",name,argv[i]);
|
||||
do_fp(out, buf,inp,separator, out_bin, sigkey,
|
||||
sigbuf, siglen);
|
||||
if(!out_bin)
|
||||
{
|
||||
tmp=tofree=OPENSSL_malloc(strlen(name)+strlen(argv[i])+5);
|
||||
sprintf(tmp,"%s(%s)= ",name,argv[i]);
|
||||
}
|
||||
else
|
||||
tmp="";
|
||||
r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf,
|
||||
siglen,tmp,argv[i]);
|
||||
if(r)
|
||||
err=r;
|
||||
if(tofree)
|
||||
OPENSSL_free(tofree);
|
||||
(void)BIO_reset(bmd);
|
||||
}
|
||||
}
|
||||
end:
|
||||
if (buf != NULL)
|
||||
{
|
||||
memset(buf,0,BUFSIZE);
|
||||
OPENSSL_cleanse(buf,BUFSIZE);
|
||||
OPENSSL_free(buf);
|
||||
}
|
||||
if (in != NULL) BIO_free(in);
|
||||
@ -335,11 +364,13 @@ int MAIN(int argc, char **argv)
|
||||
EVP_PKEY_free(sigkey);
|
||||
if(sigbuf) OPENSSL_free(sigbuf);
|
||||
if (bmd != NULL) BIO_free(bmd);
|
||||
EXIT(err);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(err);
|
||||
}
|
||||
|
||||
void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
|
||||
EVP_PKEY *key, unsigned char *sigin, int siglen)
|
||||
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
|
||||
EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
|
||||
const char *file)
|
||||
{
|
||||
int len;
|
||||
int i;
|
||||
@ -347,21 +378,33 @@ void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
|
||||
for (;;)
|
||||
{
|
||||
i=BIO_read(bp,(char *)buf,BUFSIZE);
|
||||
if (i <= 0) break;
|
||||
if(i < 0)
|
||||
{
|
||||
BIO_printf(bio_err, "Read Error in %s\n",file);
|
||||
ERR_print_errors(bio_err);
|
||||
return 1;
|
||||
}
|
||||
if (i == 0) break;
|
||||
}
|
||||
if(sigin)
|
||||
{
|
||||
EVP_MD_CTX *ctx;
|
||||
BIO_get_md_ctx(bp, &ctx);
|
||||
i = EVP_VerifyFinal(ctx, sigin, (unsigned int)siglen, key);
|
||||
if(i > 0) BIO_printf(out, "Verified OK\n");
|
||||
else if(i == 0) BIO_printf(out, "Verification Failure\n");
|
||||
if(i > 0)
|
||||
BIO_printf(out, "Verified OK\n");
|
||||
else if(i == 0)
|
||||
{
|
||||
BIO_printf(out, "Verification Failure\n");
|
||||
return 1;
|
||||
}
|
||||
else
|
||||
{
|
||||
BIO_printf(bio_err, "Error Verifying Data\n");
|
||||
ERR_print_errors(bio_err);
|
||||
return 1;
|
||||
}
|
||||
return;
|
||||
return 0;
|
||||
}
|
||||
if(key)
|
||||
{
|
||||
@ -371,7 +414,7 @@ void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
|
||||
{
|
||||
BIO_printf(bio_err, "Error Signing Data\n");
|
||||
ERR_print_errors(bio_err);
|
||||
return;
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
else
|
||||
@ -380,6 +423,7 @@ void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
|
||||
if(binout) BIO_write(out, buf, len);
|
||||
else
|
||||
{
|
||||
BIO_write(out,title,strlen(title));
|
||||
for (i=0; i<len; i++)
|
||||
{
|
||||
if (sep && (i != 0))
|
||||
@ -388,5 +432,6 @@ void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
|
||||
}
|
||||
BIO_printf(out, "\n");
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -57,7 +57,7 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
#ifndef NO_DH
|
||||
#ifndef OPENSSL_NO_DH
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <time.h>
|
||||
@ -87,11 +87,12 @@ int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
ENGINE *e = NULL;
|
||||
DH *dh=NULL;
|
||||
int i,badops=0,text=0;
|
||||
BIO *in=NULL,*out=NULL;
|
||||
int informat,outformat,check=0,noout=0,C=0,ret=1;
|
||||
char *infile,*outfile,*prog;
|
||||
char *infile,*outfile,*prog,*engine;
|
||||
|
||||
apps_startup();
|
||||
|
||||
@ -99,6 +100,10 @@ int MAIN(int argc, char **argv)
|
||||
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
engine=NULL;
|
||||
infile=NULL;
|
||||
outfile=NULL;
|
||||
informat=FORMAT_PEM;
|
||||
@ -129,6 +134,11 @@ int MAIN(int argc, char **argv)
|
||||
if (--argc < 1) goto bad;
|
||||
outfile= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-engine") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
engine= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-check") == 0)
|
||||
check=1;
|
||||
else if (strcmp(*argv,"-text") == 0)
|
||||
@ -160,11 +170,14 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err," -text print a text form of the DH parameters\n");
|
||||
BIO_printf(bio_err," -C Output C code\n");
|
||||
BIO_printf(bio_err," -noout no output\n");
|
||||
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
|
||||
in=BIO_new(BIO_s_file());
|
||||
out=BIO_new(BIO_s_file());
|
||||
if ((in == NULL) || (out == NULL))
|
||||
@ -186,7 +199,7 @@ int MAIN(int argc, char **argv)
|
||||
if (outfile == NULL)
|
||||
{
|
||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||
#ifdef VMS
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -319,6 +332,7 @@ int MAIN(int argc, char **argv)
|
||||
if (in != NULL) BIO_free(in);
|
||||
if (out != NULL) BIO_free_all(out);
|
||||
if (dh != NULL) DH_free(dh);
|
||||
EXIT(ret);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
#endif
|
||||
|
@ -109,7 +109,7 @@
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef NO_DH
|
||||
#ifndef OPENSSL_NO_DH
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <time.h>
|
||||
@ -122,7 +122,7 @@
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pem.h>
|
||||
|
||||
#ifndef NO_DSA
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
#include <openssl/dsa.h>
|
||||
#endif
|
||||
|
||||
@ -148,15 +148,16 @@ int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
ENGINE *e = NULL;
|
||||
DH *dh=NULL;
|
||||
int i,badops=0,text=0;
|
||||
#ifndef NO_DSA
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
int dsaparam=0;
|
||||
#endif
|
||||
BIO *in=NULL,*out=NULL;
|
||||
int informat,outformat,check=0,noout=0,C=0,ret=1;
|
||||
char *infile,*outfile,*prog;
|
||||
char *inrand=NULL;
|
||||
char *inrand=NULL,*engine=NULL;
|
||||
int num = 0, g = 0;
|
||||
|
||||
apps_startup();
|
||||
@ -165,6 +166,9 @@ int MAIN(int argc, char **argv)
|
||||
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
infile=NULL;
|
||||
outfile=NULL;
|
||||
informat=FORMAT_PEM;
|
||||
@ -195,11 +199,16 @@ int MAIN(int argc, char **argv)
|
||||
if (--argc < 1) goto bad;
|
||||
outfile= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-engine") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
engine= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-check") == 0)
|
||||
check=1;
|
||||
else if (strcmp(*argv,"-text") == 0)
|
||||
text=1;
|
||||
#ifndef NO_DSA
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
else if (strcmp(*argv,"-dsaparam") == 0)
|
||||
dsaparam=1;
|
||||
#endif
|
||||
@ -231,7 +240,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err," -outform arg output format - one of DER PEM\n");
|
||||
BIO_printf(bio_err," -in arg input file\n");
|
||||
BIO_printf(bio_err," -out arg output file\n");
|
||||
#ifndef NO_DSA
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
BIO_printf(bio_err," -dsaparam read or generate DSA parameters, convert to DH\n");
|
||||
#endif
|
||||
BIO_printf(bio_err," -check check the DH parameters\n");
|
||||
@ -240,6 +249,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n");
|
||||
BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n");
|
||||
BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n");
|
||||
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
|
||||
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
|
||||
BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
|
||||
BIO_printf(bio_err," the random number generator\n");
|
||||
@ -249,10 +259,12 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
|
||||
if (g && !num)
|
||||
num = DEFBITS;
|
||||
|
||||
#ifndef NO_DSA
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
if (dsaparam)
|
||||
{
|
||||
if (g)
|
||||
@ -279,7 +291,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
|
||||
app_RAND_load_files(inrand));
|
||||
|
||||
#ifndef NO_DSA
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
if (dsaparam)
|
||||
{
|
||||
DSA *dsa;
|
||||
@ -340,7 +352,7 @@ int MAIN(int argc, char **argv)
|
||||
goto end;
|
||||
}
|
||||
|
||||
#ifndef NO_DSA
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
if (dsaparam)
|
||||
{
|
||||
DSA *dsa;
|
||||
@ -393,7 +405,7 @@ int MAIN(int argc, char **argv)
|
||||
if (outfile == NULL)
|
||||
{
|
||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||
#ifdef VMS
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -478,7 +490,7 @@ int MAIN(int argc, char **argv)
|
||||
printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
|
||||
printf("\t\t{ DH_free(dh); return(NULL); }\n");
|
||||
if (dh->length)
|
||||
printf("\tdh->length = %d;\n", dh->length);
|
||||
printf("\tdh->length = %ld;\n", dh->length);
|
||||
printf("\treturn(dh);\n\t}\n");
|
||||
OPENSSL_free(data);
|
||||
}
|
||||
@ -506,7 +518,8 @@ int MAIN(int argc, char **argv)
|
||||
if (in != NULL) BIO_free(in);
|
||||
if (out != NULL) BIO_free_all(out);
|
||||
if (dh != NULL) DH_free(dh);
|
||||
EXIT(ret);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
/* dh_cb is identical to dsa_cb in apps/dsaparam.c */
|
||||
|
@ -56,7 +56,7 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
#ifndef NO_DSA
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
@ -79,6 +79,9 @@
|
||||
* -des - encrypt output if PEM format with DES in cbc mode
|
||||
* -des3 - encrypt output if PEM format
|
||||
* -idea - encrypt output if PEM format
|
||||
* -aes128 - encrypt output if PEM format
|
||||
* -aes192 - encrypt output if PEM format
|
||||
* -aes256 - encrypt output if PEM format
|
||||
* -text - print a text version
|
||||
* -modulus - print the DSA public key
|
||||
*/
|
||||
@ -87,6 +90,7 @@ int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
ENGINE *e = NULL;
|
||||
int ret=1;
|
||||
DSA *dsa=NULL;
|
||||
int i,badops=0;
|
||||
@ -94,7 +98,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO *in=NULL,*out=NULL;
|
||||
int informat,outformat,text=0,noout=0;
|
||||
int pubin = 0, pubout = 0;
|
||||
char *infile,*outfile,*prog;
|
||||
char *infile,*outfile,*prog,*engine;
|
||||
char *passargin = NULL, *passargout = NULL;
|
||||
char *passin = NULL, *passout = NULL;
|
||||
int modulus=0;
|
||||
@ -105,6 +109,10 @@ int MAIN(int argc, char **argv)
|
||||
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
engine=NULL;
|
||||
infile=NULL;
|
||||
outfile=NULL;
|
||||
informat=FORMAT_PEM;
|
||||
@ -145,6 +153,11 @@ int MAIN(int argc, char **argv)
|
||||
if (--argc < 1) goto bad;
|
||||
passargout= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-engine") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
engine= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-noout") == 0)
|
||||
noout=1;
|
||||
else if (strcmp(*argv,"-text") == 0)
|
||||
@ -176,10 +189,15 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err," -passin arg input file pass phrase source\n");
|
||||
BIO_printf(bio_err," -out arg output file\n");
|
||||
BIO_printf(bio_err," -passout arg output file pass phrase source\n");
|
||||
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
|
||||
BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
|
||||
BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
|
||||
#ifndef NO_IDEA
|
||||
#ifndef OPENSSL_NO_IDEA
|
||||
BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n");
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_AES
|
||||
BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
|
||||
BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
|
||||
#endif
|
||||
BIO_printf(bio_err," -text print the key in text\n");
|
||||
BIO_printf(bio_err," -noout don't print key out\n");
|
||||
@ -189,6 +207,8 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
|
||||
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
|
||||
BIO_printf(bio_err, "Error getting passwords\n");
|
||||
goto end;
|
||||
@ -235,7 +255,7 @@ int MAIN(int argc, char **argv)
|
||||
if (outfile == NULL)
|
||||
{
|
||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||
#ifdef VMS
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -293,6 +313,7 @@ int MAIN(int argc, char **argv)
|
||||
if(dsa != NULL) DSA_free(dsa);
|
||||
if(passin) OPENSSL_free(passin);
|
||||
if(passout) OPENSSL_free(passout);
|
||||
EXIT(ret);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
#endif
|
||||
|
@ -56,7 +56,7 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
#ifndef NO_DSA
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
#include <assert.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
@ -90,6 +90,7 @@ int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
ENGINE *e = NULL;
|
||||
DSA *dsa=NULL;
|
||||
int i,badops=0,text=0;
|
||||
BIO *in=NULL,*out=NULL;
|
||||
@ -97,6 +98,7 @@ int MAIN(int argc, char **argv)
|
||||
char *infile,*outfile,*prog,*inrand=NULL;
|
||||
int numbits= -1,num,genkey=0;
|
||||
int need_rand=0;
|
||||
char *engine=NULL;
|
||||
|
||||
apps_startup();
|
||||
|
||||
@ -104,6 +106,9 @@ int MAIN(int argc, char **argv)
|
||||
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
infile=NULL;
|
||||
outfile=NULL;
|
||||
informat=FORMAT_PEM;
|
||||
@ -134,6 +139,11 @@ int MAIN(int argc, char **argv)
|
||||
if (--argc < 1) goto bad;
|
||||
outfile= *(++argv);
|
||||
}
|
||||
else if(strcmp(*argv, "-engine") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
engine = *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-text") == 0)
|
||||
text=1;
|
||||
else if (strcmp(*argv,"-C") == 0)
|
||||
@ -179,7 +189,9 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err," -text print as text\n");
|
||||
BIO_printf(bio_err," -C Output C code\n");
|
||||
BIO_printf(bio_err," -noout no output\n");
|
||||
BIO_printf(bio_err," -genkey generate a DSA key\n");
|
||||
BIO_printf(bio_err," -rand files to use for random number input\n");
|
||||
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
|
||||
BIO_printf(bio_err," number number of bits to use for generating private key\n");
|
||||
goto end;
|
||||
}
|
||||
@ -207,7 +219,7 @@ int MAIN(int argc, char **argv)
|
||||
if (outfile == NULL)
|
||||
{
|
||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||
#ifdef VMS
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -223,6 +235,8 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
}
|
||||
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
|
||||
if (need_rand)
|
||||
{
|
||||
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
|
||||
@ -357,7 +371,8 @@ int MAIN(int argc, char **argv)
|
||||
if (in != NULL) BIO_free(in);
|
||||
if (out != NULL) BIO_free_all(out);
|
||||
if (dsa != NULL) DSA_free(dsa);
|
||||
EXIT(ret);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
|
||||
|
@ -66,10 +66,8 @@
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/rand.h>
|
||||
#ifndef NO_MD5
|
||||
#include <openssl/md5.h>
|
||||
#endif
|
||||
#include <openssl/pem.h>
|
||||
#include <ctype.h>
|
||||
|
||||
int set_hex(char *in,unsigned char *out,int size);
|
||||
#undef SIZE
|
||||
@ -80,17 +78,37 @@ int set_hex(char *in,unsigned char *out,int size);
|
||||
#define BSIZE (8*1024)
|
||||
#define PROG enc_main
|
||||
|
||||
static void show_ciphers(const OBJ_NAME *name,void *bio_)
|
||||
{
|
||||
BIO *bio=bio_;
|
||||
static int n;
|
||||
|
||||
if(!islower((unsigned char)*name->name))
|
||||
return;
|
||||
|
||||
BIO_printf(bio,"-%-25s",name->name);
|
||||
if(++n == 3)
|
||||
{
|
||||
BIO_printf(bio,"\n");
|
||||
n=0;
|
||||
}
|
||||
else
|
||||
BIO_printf(bio," ");
|
||||
}
|
||||
|
||||
int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
ENGINE *e = NULL;
|
||||
static const char magic[]="Salted__";
|
||||
char mbuf[8]; /* should be 1 smaller than magic */
|
||||
char mbuf[sizeof magic-1];
|
||||
char *strbuf=NULL;
|
||||
unsigned char *buff=NULL,*bufsize=NULL;
|
||||
int bsize=BSIZE,verbose=0;
|
||||
int ret=1,inl;
|
||||
unsigned char key[24],iv[MD5_DIGEST_LENGTH];
|
||||
int nopad = 0;
|
||||
unsigned char key[EVP_MAX_KEY_LENGTH],iv[EVP_MAX_IV_LENGTH];
|
||||
unsigned char salt[PKCS5_SALT_LEN];
|
||||
char *str=NULL, *passarg = NULL, *pass = NULL;
|
||||
char *hkey=NULL,*hiv=NULL,*hsalt = NULL;
|
||||
@ -101,6 +119,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
|
||||
#define PROG_NAME_SIZE 39
|
||||
char pname[PROG_NAME_SIZE+1];
|
||||
char *engine = NULL;
|
||||
|
||||
apps_startup();
|
||||
|
||||
@ -108,8 +127,11 @@ int MAIN(int argc, char **argv)
|
||||
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
/* first check the program name */
|
||||
program_name(argv[0],pname,PROG_NAME_SIZE);
|
||||
program_name(argv[0],pname,sizeof pname);
|
||||
if (strcmp(pname,"base64") == 0)
|
||||
base64=1;
|
||||
|
||||
@ -141,12 +163,19 @@ int MAIN(int argc, char **argv)
|
||||
if (--argc < 1) goto bad;
|
||||
passarg= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-engine") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
engine= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-d") == 0)
|
||||
enc=0;
|
||||
else if (strcmp(*argv,"-p") == 0)
|
||||
printkey=1;
|
||||
else if (strcmp(*argv,"-v") == 0)
|
||||
verbose=1;
|
||||
else if (strcmp(*argv,"-nopad") == 0)
|
||||
nopad=1;
|
||||
else if (strcmp(*argv,"-salt") == 0)
|
||||
nosalt=0;
|
||||
else if (strcmp(*argv,"-nosalt") == 0)
|
||||
@ -187,7 +216,7 @@ int MAIN(int argc, char **argv)
|
||||
goto bad;
|
||||
}
|
||||
buf[0]='\0';
|
||||
fgets(buf,128,infile);
|
||||
fgets(buf,sizeof buf,infile);
|
||||
fclose(infile);
|
||||
i=strlen(buf);
|
||||
if ((i > 0) &&
|
||||
@ -241,79 +270,22 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
|
||||
BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
|
||||
BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
|
||||
BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
|
||||
|
||||
BIO_printf(bio_err,"Cipher Types\n");
|
||||
BIO_printf(bio_err,"des : 56 bit key DES encryption\n");
|
||||
BIO_printf(bio_err,"des_ede :112 bit key ede DES encryption\n");
|
||||
BIO_printf(bio_err,"des_ede3:168 bit key ede DES encryption\n");
|
||||
#ifndef NO_IDEA
|
||||
BIO_printf(bio_err,"idea :128 bit key IDEA encryption\n");
|
||||
#endif
|
||||
#ifndef NO_RC4
|
||||
BIO_printf(bio_err,"rc2 :128 bit key RC2 encryption\n");
|
||||
#endif
|
||||
#ifndef NO_BF
|
||||
BIO_printf(bio_err,"bf :128 bit key Blowfish encryption\n");
|
||||
#endif
|
||||
#ifndef NO_RC4
|
||||
BIO_printf(bio_err," -%-5s :128 bit key RC4 encryption\n",
|
||||
LN_rc4);
|
||||
#endif
|
||||
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
|
||||
show_ciphers,
|
||||
bio_err);
|
||||
BIO_printf(bio_err,"\n");
|
||||
|
||||
BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
|
||||
LN_des_ecb,LN_des_cbc,
|
||||
LN_des_cfb64,LN_des_ofb64);
|
||||
BIO_printf(bio_err," -%-4s (%s)\n",
|
||||
"des", LN_des_cbc);
|
||||
|
||||
BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
|
||||
LN_des_ede,LN_des_ede_cbc,
|
||||
LN_des_ede_cfb64,LN_des_ede_ofb64);
|
||||
BIO_printf(bio_err," -desx -none\n");
|
||||
|
||||
|
||||
BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
|
||||
LN_des_ede3,LN_des_ede3_cbc,
|
||||
LN_des_ede3_cfb64,LN_des_ede3_ofb64);
|
||||
BIO_printf(bio_err," -%-4s (%s)\n",
|
||||
"des3", LN_des_ede3_cbc);
|
||||
|
||||
#ifndef NO_IDEA
|
||||
BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
|
||||
LN_idea_ecb, LN_idea_cbc,
|
||||
LN_idea_cfb64, LN_idea_ofb64);
|
||||
BIO_printf(bio_err," -%-4s (%s)\n","idea",LN_idea_cbc);
|
||||
#endif
|
||||
#ifndef NO_RC2
|
||||
BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
|
||||
LN_rc2_ecb, LN_rc2_cbc,
|
||||
LN_rc2_cfb64, LN_rc2_ofb64);
|
||||
BIO_printf(bio_err," -%-4s (%s)\n","rc2", LN_rc2_cbc);
|
||||
#endif
|
||||
#ifndef NO_BF
|
||||
BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
|
||||
LN_bf_ecb, LN_bf_cbc,
|
||||
LN_bf_cfb64, LN_bf_ofb64);
|
||||
BIO_printf(bio_err," -%-4s (%s)\n","bf", LN_bf_cbc);
|
||||
#endif
|
||||
#ifndef NO_CAST
|
||||
BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
|
||||
LN_cast5_ecb, LN_cast5_cbc,
|
||||
LN_cast5_cfb64, LN_cast5_ofb64);
|
||||
BIO_printf(bio_err," -%-4s (%s)\n","cast", LN_cast5_cbc);
|
||||
#endif
|
||||
#ifndef NO_RC5
|
||||
BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
|
||||
LN_rc5_ecb, LN_rc5_cbc,
|
||||
LN_rc5_cfb64, LN_rc5_ofb64);
|
||||
BIO_printf(bio_err," -%-4s (%s)\n","rc5", LN_rc5_cbc);
|
||||
#endif
|
||||
goto end;
|
||||
}
|
||||
argc--;
|
||||
argv++;
|
||||
}
|
||||
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
|
||||
if (bufsize != NULL)
|
||||
{
|
||||
unsigned long n;
|
||||
@ -418,7 +390,7 @@ int MAIN(int argc, char **argv)
|
||||
if (outf == NULL)
|
||||
{
|
||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||
#ifdef VMS
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -456,6 +428,9 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
if (cipher != NULL)
|
||||
{
|
||||
/* Note that str is NULL if a key was passed on the command
|
||||
* line, so we get no salt in that case. Is this a bug?
|
||||
*/
|
||||
if (str != NULL)
|
||||
{
|
||||
/* Salt handling: if encrypting generate a salt and
|
||||
@ -467,12 +442,12 @@ int MAIN(int argc, char **argv)
|
||||
else {
|
||||
if(enc) {
|
||||
if(hsalt) {
|
||||
if(!set_hex(hsalt,salt,PKCS5_SALT_LEN)) {
|
||||
if(!set_hex(hsalt,salt,sizeof salt)) {
|
||||
BIO_printf(bio_err,
|
||||
"invalid hex salt value\n");
|
||||
goto end;
|
||||
}
|
||||
} else if (RAND_pseudo_bytes(salt, PKCS5_SALT_LEN) < 0)
|
||||
} else if (RAND_pseudo_bytes(salt, sizeof salt) < 0)
|
||||
goto end;
|
||||
/* If -P option then don't bother writing */
|
||||
if((printkey != 2)
|
||||
@ -480,14 +455,14 @@ int MAIN(int argc, char **argv)
|
||||
sizeof magic-1) != sizeof magic-1
|
||||
|| BIO_write(wbio,
|
||||
(char *)salt,
|
||||
PKCS5_SALT_LEN) != PKCS5_SALT_LEN)) {
|
||||
sizeof salt) != sizeof salt)) {
|
||||
BIO_printf(bio_err,"error writing output file\n");
|
||||
goto end;
|
||||
}
|
||||
} else if(BIO_read(rbio,mbuf,sizeof mbuf) != sizeof mbuf
|
||||
|| BIO_read(rbio,
|
||||
(unsigned char *)salt,
|
||||
PKCS5_SALT_LEN) != PKCS5_SALT_LEN) {
|
||||
sizeof salt) != sizeof salt) {
|
||||
BIO_printf(bio_err,"error reading input file\n");
|
||||
goto end;
|
||||
} else if(memcmp(mbuf,magic,sizeof magic-1)) {
|
||||
@ -506,11 +481,11 @@ int MAIN(int argc, char **argv)
|
||||
* bug picked up by
|
||||
* Larry J. Hughes Jr. <hughes@indiana.edu> */
|
||||
if (str == strbuf)
|
||||
memset(str,0,SIZE);
|
||||
OPENSSL_cleanse(str,SIZE);
|
||||
else
|
||||
memset(str,0,strlen(str));
|
||||
OPENSSL_cleanse(str,strlen(str));
|
||||
}
|
||||
if ((hiv != NULL) && !set_hex(hiv,iv,8))
|
||||
if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv))
|
||||
{
|
||||
BIO_printf(bio_err,"invalid hex iv value\n");
|
||||
goto end;
|
||||
@ -523,7 +498,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err, "iv undefined\n");
|
||||
goto end;
|
||||
}
|
||||
if ((hkey != NULL) && !set_hex(hkey,key,24))
|
||||
if ((hkey != NULL) && !set_hex(hkey,key,sizeof key))
|
||||
{
|
||||
BIO_printf(bio_err,"invalid hex key value\n");
|
||||
goto end;
|
||||
@ -532,6 +507,12 @@ int MAIN(int argc, char **argv)
|
||||
if ((benc=BIO_new(BIO_f_cipher())) == NULL)
|
||||
goto end;
|
||||
BIO_set_cipher(benc,cipher,key,iv,enc);
|
||||
if (nopad)
|
||||
{
|
||||
EVP_CIPHER_CTX *ctx;
|
||||
BIO_get_cipher_ctx(benc, &ctx);
|
||||
EVP_CIPHER_CTX_set_padding(ctx, 0);
|
||||
}
|
||||
if (debug)
|
||||
{
|
||||
BIO_set_callback(benc,BIO_debug_callback);
|
||||
@ -543,7 +524,7 @@ int MAIN(int argc, char **argv)
|
||||
if (!nosalt)
|
||||
{
|
||||
printf("salt=");
|
||||
for (i=0; i<PKCS5_SALT_LEN; i++)
|
||||
for (i=0; i<sizeof salt; i++)
|
||||
printf("%02X",salt[i]);
|
||||
printf("\n");
|
||||
}
|
||||
@ -604,7 +585,8 @@ int MAIN(int argc, char **argv)
|
||||
if (benc != NULL) BIO_free(benc);
|
||||
if (b64 != NULL) BIO_free(b64);
|
||||
if(pass) OPENSSL_free(pass);
|
||||
EXIT(ret);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
int set_hex(char *in, unsigned char *out, int size)
|
||||
|
520
crypto/openssl/apps/engine.c
Normal file
520
crypto/openssl/apps/engine.c
Normal file
@ -0,0 +1,520 @@
|
||||
/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */
|
||||
/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
|
||||
* project 2000.
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2000 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* licensing@OpenSSL.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#ifdef OPENSSL_NO_STDIO
|
||||
#define APPS_WIN16
|
||||
#endif
|
||||
#include "apps.h"
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/engine.h>
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
#undef PROG
|
||||
#define PROG engine_main
|
||||
|
||||
static char *engine_usage[]={
|
||||
"usage: engine opts [engine ...]\n",
|
||||
" -v[v[v[v]]] - verbose mode, for each engine, list its 'control commands'\n",
|
||||
" -vv will additionally display each command's description\n",
|
||||
" -vvv will also add the input flags for each command\n",
|
||||
" -vvvv will also show internal input flags\n",
|
||||
" -c - for each engine, also list the capabilities\n",
|
||||
" -t - for each engine, check that they are really available\n",
|
||||
" -pre <cmd> - runs command 'cmd' against the ENGINE before any attempts\n",
|
||||
" to load it (if -t is used)\n",
|
||||
" -post <cmd> - runs command 'cmd' against the ENGINE after loading it\n",
|
||||
" (only used if -t is also provided)\n",
|
||||
" NB: -pre and -post will be applied to all ENGINEs supplied on the command\n",
|
||||
" line, or all supported ENGINEs if none are specified.\n",
|
||||
" Eg. '-pre \"SO_PATH:/lib/libdriver.so\"' calls command \"SO_PATH\" with\n",
|
||||
" argument \"/lib/libdriver.so\".\n",
|
||||
NULL
|
||||
};
|
||||
|
||||
static void identity(void *ptr)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
static int append_buf(char **buf, const char *s, int *size, int step)
|
||||
{
|
||||
int l = strlen(s);
|
||||
|
||||
if (*buf == NULL)
|
||||
{
|
||||
*size = step;
|
||||
*buf = OPENSSL_malloc(*size);
|
||||
if (*buf == NULL)
|
||||
return 0;
|
||||
**buf = '\0';
|
||||
}
|
||||
|
||||
if (**buf != '\0')
|
||||
l += 2; /* ", " */
|
||||
|
||||
if (strlen(*buf) + strlen(s) >= (unsigned int)*size)
|
||||
{
|
||||
*size += step;
|
||||
*buf = OPENSSL_realloc(*buf, *size);
|
||||
}
|
||||
|
||||
if (*buf == NULL)
|
||||
return 0;
|
||||
|
||||
if (**buf != '\0')
|
||||
strcat(*buf, ", ");
|
||||
strcat(*buf, s);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int util_flags(BIO *bio_out, unsigned int flags, const char *indent)
|
||||
{
|
||||
int started = 0, err = 0;
|
||||
/* Indent before displaying input flags */
|
||||
BIO_printf(bio_out, "%s%s(input flags): ", indent, indent);
|
||||
if(flags == 0)
|
||||
{
|
||||
BIO_printf(bio_out, "<no flags>\n");
|
||||
return 1;
|
||||
}
|
||||
/* If the object is internal, mark it in a way that shows instead of
|
||||
* having it part of all the other flags, even if it really is. */
|
||||
if(flags & ENGINE_CMD_FLAG_INTERNAL)
|
||||
{
|
||||
BIO_printf(bio_out, "[Internal] ");
|
||||
}
|
||||
|
||||
if(flags & ENGINE_CMD_FLAG_NUMERIC)
|
||||
{
|
||||
if(started)
|
||||
{
|
||||
BIO_printf(bio_out, "|");
|
||||
err = 1;
|
||||
}
|
||||
BIO_printf(bio_out, "NUMERIC");
|
||||
started = 1;
|
||||
}
|
||||
/* Now we check that no combinations of the mutually exclusive NUMERIC,
|
||||
* STRING, and NO_INPUT flags have been used. Future flags that can be
|
||||
* OR'd together with these would need to added after these to preserve
|
||||
* the testing logic. */
|
||||
if(flags & ENGINE_CMD_FLAG_STRING)
|
||||
{
|
||||
if(started)
|
||||
{
|
||||
BIO_printf(bio_out, "|");
|
||||
err = 1;
|
||||
}
|
||||
BIO_printf(bio_out, "STRING");
|
||||
started = 1;
|
||||
}
|
||||
if(flags & ENGINE_CMD_FLAG_NO_INPUT)
|
||||
{
|
||||
if(started)
|
||||
{
|
||||
BIO_printf(bio_out, "|");
|
||||
err = 1;
|
||||
}
|
||||
BIO_printf(bio_out, "NO_INPUT");
|
||||
started = 1;
|
||||
}
|
||||
/* Check for unknown flags */
|
||||
flags = flags & ~ENGINE_CMD_FLAG_NUMERIC &
|
||||
~ENGINE_CMD_FLAG_STRING &
|
||||
~ENGINE_CMD_FLAG_NO_INPUT &
|
||||
~ENGINE_CMD_FLAG_INTERNAL;
|
||||
if(flags)
|
||||
{
|
||||
if(started) BIO_printf(bio_out, "|");
|
||||
BIO_printf(bio_out, "<0x%04X>", flags);
|
||||
}
|
||||
if(err)
|
||||
BIO_printf(bio_out, " <illegal flags!>");
|
||||
BIO_printf(bio_out, "\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent)
|
||||
{
|
||||
static const int line_wrap = 78;
|
||||
int num;
|
||||
int ret = 0;
|
||||
char *name = NULL;
|
||||
char *desc = NULL;
|
||||
int flags;
|
||||
int xpos = 0;
|
||||
STACK *cmds = NULL;
|
||||
if(!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||
|
||||
((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,
|
||||
0, NULL, NULL)) <= 0))
|
||||
{
|
||||
#if 0
|
||||
BIO_printf(bio_out, "%s<no control commands>\n", indent);
|
||||
#endif
|
||||
return 1;
|
||||
}
|
||||
|
||||
cmds = sk_new_null();
|
||||
|
||||
if(!cmds)
|
||||
goto err;
|
||||
do {
|
||||
int len;
|
||||
/* Get the command input flags */
|
||||
if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,
|
||||
NULL, NULL)) < 0)
|
||||
goto err;
|
||||
if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4)
|
||||
{
|
||||
/* Get the command name */
|
||||
if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num,
|
||||
NULL, NULL)) <= 0)
|
||||
goto err;
|
||||
if((name = OPENSSL_malloc(len + 1)) == NULL)
|
||||
goto err;
|
||||
if(ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name,
|
||||
NULL) <= 0)
|
||||
goto err;
|
||||
/* Get the command description */
|
||||
if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num,
|
||||
NULL, NULL)) < 0)
|
||||
goto err;
|
||||
if(len > 0)
|
||||
{
|
||||
if((desc = OPENSSL_malloc(len + 1)) == NULL)
|
||||
goto err;
|
||||
if(ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc,
|
||||
NULL) <= 0)
|
||||
goto err;
|
||||
}
|
||||
/* Now decide on the output */
|
||||
if(xpos == 0)
|
||||
/* Do an indent */
|
||||
xpos = BIO_printf(bio_out, indent);
|
||||
else
|
||||
/* Otherwise prepend a ", " */
|
||||
xpos += BIO_printf(bio_out, ", ");
|
||||
if(verbose == 1)
|
||||
{
|
||||
/* We're just listing names, comma-delimited */
|
||||
if((xpos > (int)strlen(indent)) &&
|
||||
(xpos + (int)strlen(name) > line_wrap))
|
||||
{
|
||||
BIO_printf(bio_out, "\n");
|
||||
xpos = BIO_printf(bio_out, indent);
|
||||
}
|
||||
xpos += BIO_printf(bio_out, "%s", name);
|
||||
}
|
||||
else
|
||||
{
|
||||
/* We're listing names plus descriptions */
|
||||
BIO_printf(bio_out, "%s: %s\n", name,
|
||||
(desc == NULL) ? "<no description>" : desc);
|
||||
/* ... and sometimes input flags */
|
||||
if((verbose >= 3) && !util_flags(bio_out, flags,
|
||||
indent))
|
||||
goto err;
|
||||
xpos = 0;
|
||||
}
|
||||
}
|
||||
OPENSSL_free(name); name = NULL;
|
||||
if(desc) { OPENSSL_free(desc); desc = NULL; }
|
||||
/* Move to the next command */
|
||||
num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE,
|
||||
num, NULL, NULL);
|
||||
} while(num > 0);
|
||||
if(xpos > 0)
|
||||
BIO_printf(bio_out, "\n");
|
||||
ret = 1;
|
||||
err:
|
||||
if(cmds) sk_pop_free(cmds, identity);
|
||||
if(name) OPENSSL_free(name);
|
||||
if(desc) OPENSSL_free(desc);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static void util_do_cmds(ENGINE *e, STACK *cmds, BIO *bio_out, const char *indent)
|
||||
{
|
||||
int loop, res, num = sk_num(cmds);
|
||||
if(num < 0)
|
||||
{
|
||||
BIO_printf(bio_out, "[Error]: internal stack error\n");
|
||||
return;
|
||||
}
|
||||
for(loop = 0; loop < num; loop++)
|
||||
{
|
||||
char buf[256];
|
||||
const char *cmd, *arg;
|
||||
cmd = sk_value(cmds, loop);
|
||||
res = 1; /* assume success */
|
||||
/* Check if this command has no ":arg" */
|
||||
if((arg = strstr(cmd, ":")) == NULL)
|
||||
{
|
||||
if(!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0))
|
||||
res = 0;
|
||||
}
|
||||
else
|
||||
{
|
||||
if((int)(arg - cmd) > 254)
|
||||
{
|
||||
BIO_printf(bio_out,"[Error]: command name too long\n");
|
||||
return;
|
||||
}
|
||||
memcpy(buf, cmd, (int)(arg - cmd));
|
||||
buf[arg-cmd] = '\0';
|
||||
arg++; /* Move past the ":" */
|
||||
/* Call the command with the argument */
|
||||
if(!ENGINE_ctrl_cmd_string(e, buf, arg, 0))
|
||||
res = 0;
|
||||
}
|
||||
if(res)
|
||||
BIO_printf(bio_out, "[Success]: %s\n", cmd);
|
||||
else
|
||||
{
|
||||
BIO_printf(bio_out, "[Failure]: %s\n", cmd);
|
||||
ERR_print_errors(bio_out);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
int ret=1,i;
|
||||
char **pp;
|
||||
int verbose=0, list_cap=0, test_avail=0;
|
||||
ENGINE *e;
|
||||
STACK *engines = sk_new_null();
|
||||
STACK *pre_cmds = sk_new_null();
|
||||
STACK *post_cmds = sk_new_null();
|
||||
int badops=1;
|
||||
BIO *bio_out=NULL;
|
||||
const char *indent = " ";
|
||||
|
||||
apps_startup();
|
||||
SSL_load_error_strings();
|
||||
|
||||
if (bio_err == NULL)
|
||||
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
bio_out = BIO_push(tmpbio, bio_out);
|
||||
}
|
||||
#endif
|
||||
|
||||
argc--;
|
||||
argv++;
|
||||
while (argc >= 1)
|
||||
{
|
||||
if (strncmp(*argv,"-v",2) == 0)
|
||||
{
|
||||
if(strspn(*argv + 1, "v") < strlen(*argv + 1))
|
||||
goto skip_arg_loop;
|
||||
if((verbose=strlen(*argv + 1)) > 4)
|
||||
goto skip_arg_loop;
|
||||
}
|
||||
else if (strcmp(*argv,"-c") == 0)
|
||||
list_cap=1;
|
||||
else if (strcmp(*argv,"-t") == 0)
|
||||
test_avail=1;
|
||||
else if (strcmp(*argv,"-pre") == 0)
|
||||
{
|
||||
argc--; argv++;
|
||||
sk_push(pre_cmds,*argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-post") == 0)
|
||||
{
|
||||
argc--; argv++;
|
||||
sk_push(post_cmds,*argv);
|
||||
}
|
||||
else if ((strncmp(*argv,"-h",2) == 0) ||
|
||||
(strcmp(*argv,"-?") == 0))
|
||||
goto skip_arg_loop;
|
||||
else
|
||||
sk_push(engines,*argv);
|
||||
argc--;
|
||||
argv++;
|
||||
}
|
||||
/* Looks like everything went OK */
|
||||
badops = 0;
|
||||
skip_arg_loop:
|
||||
|
||||
if (badops)
|
||||
{
|
||||
for (pp=engine_usage; (*pp != NULL); pp++)
|
||||
BIO_printf(bio_err,"%s",*pp);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (sk_num(engines) == 0)
|
||||
{
|
||||
for(e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e))
|
||||
{
|
||||
sk_push(engines,(char *)ENGINE_get_id(e));
|
||||
}
|
||||
}
|
||||
|
||||
for (i=0; i<sk_num(engines); i++)
|
||||
{
|
||||
const char *id = sk_value(engines,i);
|
||||
if ((e = ENGINE_by_id(id)) != NULL)
|
||||
{
|
||||
const char *name = ENGINE_get_name(e);
|
||||
/* Do "id" first, then "name". Easier to auto-parse. */
|
||||
BIO_printf(bio_out, "(%s) %s\n", id, name);
|
||||
util_do_cmds(e, pre_cmds, bio_out, indent);
|
||||
if (strcmp(ENGINE_get_id(e), id) != 0)
|
||||
{
|
||||
BIO_printf(bio_out, "Loaded: (%s) %s\n",
|
||||
ENGINE_get_id(e), ENGINE_get_name(e));
|
||||
}
|
||||
if (list_cap)
|
||||
{
|
||||
int cap_size = 256;
|
||||
char *cap_buf = NULL;
|
||||
int k,n;
|
||||
const int *nids;
|
||||
ENGINE_CIPHERS_PTR fn_c;
|
||||
ENGINE_DIGESTS_PTR fn_d;
|
||||
|
||||
if (ENGINE_get_RSA(e) != NULL
|
||||
&& !append_buf(&cap_buf, "RSA",
|
||||
&cap_size, 256))
|
||||
goto end;
|
||||
if (ENGINE_get_DSA(e) != NULL
|
||||
&& !append_buf(&cap_buf, "DSA",
|
||||
&cap_size, 256))
|
||||
goto end;
|
||||
if (ENGINE_get_DH(e) != NULL
|
||||
&& !append_buf(&cap_buf, "DH",
|
||||
&cap_size, 256))
|
||||
goto end;
|
||||
if (ENGINE_get_RAND(e) != NULL
|
||||
&& !append_buf(&cap_buf, "RAND",
|
||||
&cap_size, 256))
|
||||
goto end;
|
||||
|
||||
fn_c = ENGINE_get_ciphers(e);
|
||||
if(!fn_c) goto skip_ciphers;
|
||||
n = fn_c(e, NULL, &nids, 0);
|
||||
for(k=0 ; k < n ; ++k)
|
||||
if(!append_buf(&cap_buf,
|
||||
OBJ_nid2sn(nids[k]),
|
||||
&cap_size, 256))
|
||||
goto end;
|
||||
|
||||
skip_ciphers:
|
||||
fn_d = ENGINE_get_digests(e);
|
||||
if(!fn_d) goto skip_digests;
|
||||
n = fn_d(e, NULL, &nids, 0);
|
||||
for(k=0 ; k < n ; ++k)
|
||||
if(!append_buf(&cap_buf,
|
||||
OBJ_nid2sn(nids[k]),
|
||||
&cap_size, 256))
|
||||
goto end;
|
||||
|
||||
skip_digests:
|
||||
if (cap_buf && (*cap_buf != '\0'))
|
||||
BIO_printf(bio_out, " [%s]\n", cap_buf);
|
||||
|
||||
OPENSSL_free(cap_buf);
|
||||
}
|
||||
if(test_avail)
|
||||
{
|
||||
BIO_printf(bio_out, "%s", indent);
|
||||
if (ENGINE_init(e))
|
||||
{
|
||||
BIO_printf(bio_out, "[ available ]\n");
|
||||
util_do_cmds(e, post_cmds, bio_out, indent);
|
||||
ENGINE_finish(e);
|
||||
}
|
||||
else
|
||||
{
|
||||
BIO_printf(bio_out, "[ unavailable ]\n");
|
||||
ERR_print_errors_fp(stdout);
|
||||
ERR_clear_error();
|
||||
}
|
||||
}
|
||||
if((verbose > 0) && !util_verbose(e, verbose, bio_out, indent))
|
||||
goto end;
|
||||
ENGINE_free(e);
|
||||
}
|
||||
else
|
||||
ERR_print_errors(bio_err);
|
||||
}
|
||||
|
||||
ret=0;
|
||||
end:
|
||||
ERR_print_errors(bio_err);
|
||||
sk_pop_free(engines, identity);
|
||||
sk_pop_free(pre_cmds, identity);
|
||||
sk_pop_free(post_cmds, identity);
|
||||
if (bio_out != NULL) BIO_free_all(bio_out);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
@ -91,7 +91,7 @@ int MAIN(int argc, char **argv)
|
||||
out=BIO_new(BIO_s_file());
|
||||
if ((out != NULL) && BIO_set_fp(out,stdout,BIO_NOCLOSE))
|
||||
{
|
||||
#ifdef VMS
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -121,5 +121,6 @@ int MAIN(int argc, char **argv)
|
||||
ret++;
|
||||
}
|
||||
}
|
||||
EXIT(ret);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
@ -57,7 +57,7 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
#ifndef NO_DH
|
||||
#ifndef OPENSSL_NO_DH
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <sys/types.h>
|
||||
@ -81,11 +81,13 @@ int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
ENGINE *e = NULL;
|
||||
DH *dh=NULL;
|
||||
int ret=1,num=DEFBITS;
|
||||
int g=2;
|
||||
char *outfile=NULL;
|
||||
char *inrand=NULL;
|
||||
char *engine=NULL;
|
||||
BIO *out=NULL;
|
||||
|
||||
apps_startup();
|
||||
@ -94,6 +96,9 @@ int MAIN(int argc, char **argv)
|
||||
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
argv++;
|
||||
argc--;
|
||||
for (;;)
|
||||
@ -110,6 +115,11 @@ int MAIN(int argc, char **argv)
|
||||
g=3; */
|
||||
else if (strcmp(*argv,"-5") == 0)
|
||||
g=5;
|
||||
else if (strcmp(*argv,"-engine") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
engine= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-rand") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
@ -125,15 +135,18 @@ int MAIN(int argc, char **argv)
|
||||
bad:
|
||||
BIO_printf(bio_err,"usage: gendh [args] [numbits]\n");
|
||||
BIO_printf(bio_err," -out file - output the key to 'file\n");
|
||||
BIO_printf(bio_err," -2 use 2 as the generator value\n");
|
||||
/* BIO_printf(bio_err," -3 use 3 as the generator value\n"); */
|
||||
BIO_printf(bio_err," -5 use 5 as the generator value\n");
|
||||
BIO_printf(bio_err," -2 - use 2 as the generator value\n");
|
||||
/* BIO_printf(bio_err," -3 - use 3 as the generator value\n"); */
|
||||
BIO_printf(bio_err," -5 - use 5 as the generator value\n");
|
||||
BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
|
||||
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
|
||||
BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
|
||||
BIO_printf(bio_err," the random number generator\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
|
||||
out=BIO_new(BIO_s_file());
|
||||
if (out == NULL)
|
||||
{
|
||||
@ -144,7 +157,7 @@ int MAIN(int argc, char **argv)
|
||||
if (outfile == NULL)
|
||||
{
|
||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||
#ifdef VMS
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -184,7 +197,8 @@ int MAIN(int argc, char **argv)
|
||||
ERR_print_errors(bio_err);
|
||||
if (out != NULL) BIO_free_all(out);
|
||||
if (dh != NULL) DH_free(dh);
|
||||
EXIT(ret);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
static void MS_CALLBACK dh_cb(int p, int n, void *arg)
|
||||
|
@ -56,7 +56,7 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
#ifndef NO_DSA
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <sys/types.h>
|
||||
@ -77,13 +77,15 @@ int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
ENGINE *e = NULL;
|
||||
DSA *dsa=NULL;
|
||||
int ret=1;
|
||||
char *outfile=NULL;
|
||||
char *inrand=NULL,*dsaparams=NULL;
|
||||
char *passargout = NULL, *passout = NULL;
|
||||
BIO *out=NULL,*in=NULL;
|
||||
EVP_CIPHER *enc=NULL;
|
||||
const EVP_CIPHER *enc=NULL;
|
||||
char *engine=NULL;
|
||||
|
||||
apps_startup();
|
||||
|
||||
@ -91,6 +93,9 @@ int MAIN(int argc, char **argv)
|
||||
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
argv++;
|
||||
argc--;
|
||||
for (;;)
|
||||
@ -106,6 +111,11 @@ int MAIN(int argc, char **argv)
|
||||
if (--argc < 1) goto bad;
|
||||
passargout= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-engine") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
engine= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-rand") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
@ -113,15 +123,23 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
else if (strcmp(*argv,"-") == 0)
|
||||
goto bad;
|
||||
#ifndef NO_DES
|
||||
#ifndef OPENSSL_NO_DES
|
||||
else if (strcmp(*argv,"-des") == 0)
|
||||
enc=EVP_des_cbc();
|
||||
else if (strcmp(*argv,"-des3") == 0)
|
||||
enc=EVP_des_ede3_cbc();
|
||||
#endif
|
||||
#ifndef NO_IDEA
|
||||
#ifndef OPENSSL_NO_IDEA
|
||||
else if (strcmp(*argv,"-idea") == 0)
|
||||
enc=EVP_idea_cbc();
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_AES
|
||||
else if (strcmp(*argv,"-aes128") == 0)
|
||||
enc=EVP_aes_128_cbc();
|
||||
else if (strcmp(*argv,"-aes192") == 0)
|
||||
enc=EVP_aes_192_cbc();
|
||||
else if (strcmp(*argv,"-aes256") == 0)
|
||||
enc=EVP_aes_256_cbc();
|
||||
#endif
|
||||
else if (**argv != '-' && dsaparams == NULL)
|
||||
{
|
||||
@ -138,13 +156,18 @@ int MAIN(int argc, char **argv)
|
||||
bad:
|
||||
BIO_printf(bio_err,"usage: gendsa [args] dsaparam-file\n");
|
||||
BIO_printf(bio_err," -out file - output the key to 'file'\n");
|
||||
#ifndef NO_DES
|
||||
#ifndef OPENSSL_NO_DES
|
||||
BIO_printf(bio_err," -des - encrypt the generated key with DES in cbc mode\n");
|
||||
BIO_printf(bio_err," -des3 - encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
|
||||
#endif
|
||||
#ifndef NO_IDEA
|
||||
#ifndef OPENSSL_NO_IDEA
|
||||
BIO_printf(bio_err," -idea - encrypt the generated key with IDEA in cbc mode\n");
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_AES
|
||||
BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
|
||||
BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
|
||||
#endif
|
||||
BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
|
||||
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
|
||||
BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
|
||||
BIO_printf(bio_err," the random number generator\n");
|
||||
@ -153,6 +176,8 @@ int MAIN(int argc, char **argv)
|
||||
goto end;
|
||||
}
|
||||
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
|
||||
if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
|
||||
BIO_printf(bio_err, "Error getting password\n");
|
||||
goto end;
|
||||
@ -180,7 +205,7 @@ int MAIN(int argc, char **argv)
|
||||
if (outfile == NULL)
|
||||
{
|
||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||
#ifdef VMS
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -220,6 +245,7 @@ int MAIN(int argc, char **argv)
|
||||
if (out != NULL) BIO_free_all(out);
|
||||
if (dsa != NULL) DSA_free(dsa);
|
||||
if(passout) OPENSSL_free(passout);
|
||||
EXIT(ret);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
#endif
|
||||
|
@ -56,7 +56,7 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
#ifndef NO_RSA
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <sys/types.h>
|
||||
@ -69,6 +69,7 @@
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/rand.h>
|
||||
|
||||
#define DEFBITS 512
|
||||
#undef PROG
|
||||
@ -80,14 +81,16 @@ int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
ENGINE *e = NULL;
|
||||
int ret=1;
|
||||
RSA *rsa=NULL;
|
||||
int i,num=DEFBITS;
|
||||
long l;
|
||||
EVP_CIPHER *enc=NULL;
|
||||
const EVP_CIPHER *enc=NULL;
|
||||
unsigned long f4=RSA_F4;
|
||||
char *outfile=NULL;
|
||||
char *passargout = NULL, *passout = NULL;
|
||||
char *engine=NULL;
|
||||
char *inrand=NULL;
|
||||
BIO *out=NULL;
|
||||
|
||||
@ -96,6 +99,9 @@ int MAIN(int argc, char **argv)
|
||||
if (bio_err == NULL)
|
||||
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto err;
|
||||
if ((out=BIO_new(BIO_s_file())) == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"unable to create BIO for output\n");
|
||||
@ -116,20 +122,33 @@ int MAIN(int argc, char **argv)
|
||||
f4=3;
|
||||
else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
|
||||
f4=RSA_F4;
|
||||
else if (strcmp(*argv,"-engine") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
engine= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-rand") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
inrand= *(++argv);
|
||||
}
|
||||
#ifndef NO_DES
|
||||
#ifndef OPENSSL_NO_DES
|
||||
else if (strcmp(*argv,"-des") == 0)
|
||||
enc=EVP_des_cbc();
|
||||
else if (strcmp(*argv,"-des3") == 0)
|
||||
enc=EVP_des_ede3_cbc();
|
||||
#endif
|
||||
#ifndef NO_IDEA
|
||||
#ifndef OPENSSL_NO_IDEA
|
||||
else if (strcmp(*argv,"-idea") == 0)
|
||||
enc=EVP_idea_cbc();
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_AES
|
||||
else if (strcmp(*argv,"-aes128") == 0)
|
||||
enc=EVP_aes_128_cbc();
|
||||
else if (strcmp(*argv,"-aes192") == 0)
|
||||
enc=EVP_aes_192_cbc();
|
||||
else if (strcmp(*argv,"-aes256") == 0)
|
||||
enc=EVP_aes_256_cbc();
|
||||
#endif
|
||||
else if (strcmp(*argv,"-passout") == 0)
|
||||
{
|
||||
@ -147,13 +166,18 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err,"usage: genrsa [args] [numbits]\n");
|
||||
BIO_printf(bio_err," -des encrypt the generated key with DES in cbc mode\n");
|
||||
BIO_printf(bio_err," -des3 encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
|
||||
#ifndef NO_IDEA
|
||||
#ifndef OPENSSL_NO_IDEA
|
||||
BIO_printf(bio_err," -idea encrypt the generated key with IDEA in cbc mode\n");
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_AES
|
||||
BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
|
||||
BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
|
||||
#endif
|
||||
BIO_printf(bio_err," -out file output the key to 'file\n");
|
||||
BIO_printf(bio_err," -passout arg output file pass phrase source\n");
|
||||
BIO_printf(bio_err," -f4 use F4 (0x10001) for the E value\n");
|
||||
BIO_printf(bio_err," -3 use 3 for the E value\n");
|
||||
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
|
||||
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
|
||||
BIO_printf(bio_err," load the file (or the files in the directory) into\n");
|
||||
BIO_printf(bio_err," the random number generator\n");
|
||||
@ -167,10 +191,12 @@ int MAIN(int argc, char **argv)
|
||||
goto err;
|
||||
}
|
||||
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
|
||||
if (outfile == NULL)
|
||||
{
|
||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||
#ifdef VMS
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -186,7 +212,8 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
}
|
||||
|
||||
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
|
||||
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
|
||||
&& !RAND_status())
|
||||
{
|
||||
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
|
||||
}
|
||||
@ -214,8 +241,14 @@ int MAIN(int argc, char **argv)
|
||||
l+=rsa->e->d[i];
|
||||
}
|
||||
BIO_printf(bio_err,"e is %ld (0x%lX)\n",l,l);
|
||||
if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL, passout))
|
||||
{
|
||||
PW_CB_DATA cb_data;
|
||||
cb_data.password = passout;
|
||||
cb_data.prompt_info = outfile;
|
||||
if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,
|
||||
(pem_password_cb *)password_callback,&cb_data))
|
||||
goto err;
|
||||
}
|
||||
|
||||
ret=0;
|
||||
err:
|
||||
@ -224,7 +257,8 @@ int MAIN(int argc, char **argv)
|
||||
if(passout) OPENSSL_free(passout);
|
||||
if (ret != 0)
|
||||
ERR_print_errors(bio_err);
|
||||
EXIT(ret);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
static void MS_CALLBACK genrsa_cb(int p, int n, void *arg)
|
||||
@ -241,7 +275,7 @@ static void MS_CALLBACK genrsa_cb(int p, int n, void *arg)
|
||||
p=n;
|
||||
#endif
|
||||
}
|
||||
#else /* !NO_RSA */
|
||||
#else /* !OPENSSL_NO_RSA */
|
||||
|
||||
# if PEDANTIC
|
||||
static void *dummy=&dummy;
|
||||
|
@ -58,9 +58,9 @@
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include "apps.h"
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/err.h>
|
||||
#include "apps.h"
|
||||
|
||||
#undef PROG
|
||||
#define PROG nseq_main
|
||||
@ -102,7 +102,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf (bio_err, "-in file input file\n");
|
||||
BIO_printf (bio_err, "-out file output file\n");
|
||||
BIO_printf (bio_err, "-toseq output NS Sequence file\n");
|
||||
EXIT(1);
|
||||
OPENSSL_EXIT(1);
|
||||
}
|
||||
|
||||
if (infile) {
|
||||
@ -121,7 +121,7 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
} else {
|
||||
out = BIO_new_fp(stdout, BIO_NOCLOSE);
|
||||
#ifdef VMS
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -162,6 +162,6 @@ int MAIN(int argc, char **argv)
|
||||
BIO_free_all(out);
|
||||
NETSCAPE_CERT_SEQUENCE_free(seq);
|
||||
|
||||
EXIT(ret);
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
|
1228
crypto/openssl/apps/ocsp.c
Normal file
1228
crypto/openssl/apps/ocsp.c
Normal file
File diff suppressed because it is too large
Load Diff
@ -55,11 +55,66 @@
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
#define OPENSSL_C /* tells apps.h to use complete apps_startup() */
|
||||
#include "apps.h"
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/lhash.h>
|
||||
@ -67,31 +122,104 @@
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/engine.h>
|
||||
#define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
#include "s_apps.h"
|
||||
#include <openssl/err.h>
|
||||
|
||||
static unsigned long MS_CALLBACK hash(FUNCTION *a);
|
||||
static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
|
||||
/* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the
|
||||
* base prototypes (we cast each variable inside the function to the required
|
||||
* type of "FUNCTION*"). This removes the necessity for macro-generated wrapper
|
||||
* functions. */
|
||||
|
||||
/* static unsigned long MS_CALLBACK hash(FUNCTION *a); */
|
||||
static unsigned long MS_CALLBACK hash(const void *a_void);
|
||||
/* static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b); */
|
||||
static int MS_CALLBACK cmp(const void *a_void,const void *b_void);
|
||||
static LHASH *prog_init(void );
|
||||
static int do_cmd(LHASH *prog,int argc,char *argv[]);
|
||||
LHASH *config=NULL;
|
||||
char *default_config_file=NULL;
|
||||
|
||||
/* Make sure there is only one when MONOLITH is defined */
|
||||
#ifdef MONOLITH
|
||||
CONF *config=NULL;
|
||||
BIO *bio_err=NULL;
|
||||
#endif
|
||||
|
||||
|
||||
static void lock_dbg_cb(int mode, int type, const char *file, int line)
|
||||
{
|
||||
static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
|
||||
const char *errstr = NULL;
|
||||
int rw;
|
||||
|
||||
rw = mode & (CRYPTO_READ|CRYPTO_WRITE);
|
||||
if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE)))
|
||||
{
|
||||
errstr = "invalid mode";
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (type < 0 || type > CRYPTO_NUM_LOCKS)
|
||||
{
|
||||
errstr = "type out of bounds";
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (mode & CRYPTO_LOCK)
|
||||
{
|
||||
if (modes[type])
|
||||
{
|
||||
errstr = "already locked";
|
||||
/* must not happen in a single-threaded program
|
||||
* (would deadlock) */
|
||||
goto err;
|
||||
}
|
||||
|
||||
modes[type] = rw;
|
||||
}
|
||||
else if (mode & CRYPTO_UNLOCK)
|
||||
{
|
||||
if (!modes[type])
|
||||
{
|
||||
errstr = "not locked";
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (modes[type] != rw)
|
||||
{
|
||||
errstr = (rw == CRYPTO_READ) ?
|
||||
"CRYPTO_r_unlock on write lock" :
|
||||
"CRYPTO_w_unlock on read lock";
|
||||
}
|
||||
|
||||
modes[type] = 0;
|
||||
}
|
||||
else
|
||||
{
|
||||
errstr = "invalid mode";
|
||||
goto err;
|
||||
}
|
||||
|
||||
err:
|
||||
if (errstr)
|
||||
{
|
||||
/* we cannot use bio_err here */
|
||||
fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
|
||||
errstr, mode, type, file, line);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
int main(int Argc, char *Argv[])
|
||||
{
|
||||
ARGS arg;
|
||||
#define PROG_NAME_SIZE 39
|
||||
char pname[PROG_NAME_SIZE+1];
|
||||
FUNCTION f,*fp;
|
||||
MS_STATIC char *prompt,buf[1024],config_name[256];
|
||||
MS_STATIC char *prompt,buf[1024];
|
||||
char *to_free=NULL;
|
||||
int n,i,ret=0;
|
||||
int argc;
|
||||
char **argv,*p;
|
||||
@ -101,41 +229,56 @@ int main(int Argc, char *Argv[])
|
||||
arg.data=NULL;
|
||||
arg.count=0;
|
||||
|
||||
if (getenv("OPENSSL_DEBUG_MEMORY") != NULL)
|
||||
CRYPTO_malloc_debug_init();
|
||||
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
|
||||
|
||||
apps_startup();
|
||||
|
||||
if (bio_err == NULL)
|
||||
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
|
||||
|
||||
ERR_load_crypto_strings();
|
||||
if (getenv("OPENSSL_DEBUG_MEMORY") != NULL) /* if not defined, use compiled-in library defaults */
|
||||
{
|
||||
if (!(0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))
|
||||
{
|
||||
CRYPTO_malloc_debug_init();
|
||||
CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
|
||||
}
|
||||
else
|
||||
{
|
||||
/* OPENSSL_DEBUG_MEMORY=off */
|
||||
CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
|
||||
}
|
||||
}
|
||||
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
|
||||
|
||||
#if 0
|
||||
if (getenv("OPENSSL_DEBUG_LOCKING") != NULL)
|
||||
#endif
|
||||
{
|
||||
CRYPTO_set_locking_callback(lock_dbg_cb);
|
||||
}
|
||||
|
||||
apps_startup();
|
||||
|
||||
/* Lets load up our environment a little */
|
||||
p=getenv("OPENSSL_CONF");
|
||||
if (p == NULL)
|
||||
p=getenv("SSLEAY_CONF");
|
||||
if (p == NULL)
|
||||
{
|
||||
strcpy(config_name,X509_get_default_cert_area());
|
||||
#ifndef VMS
|
||||
strcat(config_name,"/");
|
||||
#endif
|
||||
strcat(config_name,OPENSSL_CONF);
|
||||
p=config_name;
|
||||
}
|
||||
p=to_free=make_config_name();
|
||||
|
||||
default_config_file=p;
|
||||
|
||||
config=CONF_load(config,p,&errline);
|
||||
if (config == NULL) ERR_clear_error();
|
||||
config=NCONF_new(NULL);
|
||||
i=NCONF_load(config,p,&errline);
|
||||
if (i == 0)
|
||||
{
|
||||
NCONF_free(config);
|
||||
config = NULL;
|
||||
ERR_clear_error();
|
||||
}
|
||||
|
||||
prog=prog_init();
|
||||
|
||||
/* first check the program name */
|
||||
program_name(Argv[0],pname,PROG_NAME_SIZE);
|
||||
program_name(Argv[0],pname,sizeof pname);
|
||||
|
||||
f.name=pname;
|
||||
fp=(FUNCTION *)lh_retrieve(prog,&f);
|
||||
@ -163,7 +306,7 @@ int main(int Argc, char *Argv[])
|
||||
{
|
||||
ret=0;
|
||||
p=buf;
|
||||
n=1024;
|
||||
n=sizeof buf;
|
||||
i=0;
|
||||
for (;;)
|
||||
{
|
||||
@ -197,25 +340,25 @@ int main(int Argc, char *Argv[])
|
||||
BIO_printf(bio_err,"bad exit\n");
|
||||
ret=1;
|
||||
end:
|
||||
if (to_free)
|
||||
OPENSSL_free(to_free);
|
||||
if (config != NULL)
|
||||
{
|
||||
CONF_free(config);
|
||||
NCONF_free(config);
|
||||
config=NULL;
|
||||
}
|
||||
if (prog != NULL) lh_free(prog);
|
||||
if (arg.data != NULL) OPENSSL_free(arg.data);
|
||||
ERR_remove_state(0);
|
||||
|
||||
EVP_cleanup();
|
||||
ERR_free_strings();
|
||||
|
||||
apps_shutdown();
|
||||
|
||||
CRYPTO_mem_leaks(bio_err);
|
||||
if (bio_err != NULL)
|
||||
{
|
||||
BIO_free(bio_err);
|
||||
bio_err=NULL;
|
||||
}
|
||||
EXIT(ret);
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
#define LIST_STANDARD_COMMANDS "list-standard-commands"
|
||||
@ -238,7 +381,7 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
|
||||
else if ((strncmp(argv[0],"no-",3)) == 0)
|
||||
{
|
||||
BIO *bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
|
||||
#ifdef VMS
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
bio_stdout = BIO_push(tmpbio, bio_stdout);
|
||||
@ -275,7 +418,7 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
|
||||
else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */
|
||||
list_type = FUNC_TYPE_CIPHER;
|
||||
bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
|
||||
#ifdef VMS
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
bio_stdout = BIO_push(tmpbio, bio_stdout);
|
||||
@ -350,19 +493,23 @@ static LHASH *prog_init(void)
|
||||
;
|
||||
qsort(functions,i,sizeof *functions,SortFnByName);
|
||||
|
||||
if ((ret=lh_new(hash,cmp)) == NULL) return(NULL);
|
||||
if ((ret=lh_new(hash, cmp)) == NULL)
|
||||
return(NULL);
|
||||
|
||||
for (f=functions; f->name != NULL; f++)
|
||||
lh_insert(ret,f);
|
||||
return(ret);
|
||||
}
|
||||
|
||||
static int MS_CALLBACK cmp(FUNCTION *a, FUNCTION *b)
|
||||
/* static int MS_CALLBACK cmp(FUNCTION *a, FUNCTION *b) */
|
||||
static int MS_CALLBACK cmp(const void *a_void, const void *b_void)
|
||||
{
|
||||
return(strncmp(a->name,b->name,8));
|
||||
return(strncmp(((FUNCTION *)a_void)->name,
|
||||
((FUNCTION *)b_void)->name,8));
|
||||
}
|
||||
|
||||
static unsigned long MS_CALLBACK hash(FUNCTION *a)
|
||||
/* static unsigned long MS_CALLBACK hash(FUNCTION *a) */
|
||||
static unsigned long MS_CALLBACK hash(const void *a_void)
|
||||
{
|
||||
return(lh_strhash(a->name));
|
||||
return(lh_strhash(((FUNCTION *)a_void)->name));
|
||||
}
|
||||
|
@ -1,10 +1,10 @@
|
||||
/* apps/passwd.c */
|
||||
|
||||
#if defined NO_MD5 || defined CHARSET_EBCDIC
|
||||
#if defined OPENSSL_NO_MD5 || defined CHARSET_EBCDIC
|
||||
# define NO_MD5CRYPT_1
|
||||
#endif
|
||||
|
||||
#if !defined(NO_DES) || !defined(NO_MD5CRYPT_1)
|
||||
#if !defined(OPENSSL_NO_DES) || !defined(NO_MD5CRYPT_1)
|
||||
|
||||
#include <assert.h>
|
||||
#include <string.h>
|
||||
@ -15,8 +15,7 @@
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/rand.h>
|
||||
|
||||
#ifndef NO_DES
|
||||
#ifndef OPENSSL_NO_DES
|
||||
# include <openssl/des.h>
|
||||
#endif
|
||||
#ifndef NO_MD5CRYPT_1
|
||||
@ -50,6 +49,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
|
||||
* -salt string - salt
|
||||
* -in file - read passwords from file
|
||||
* -stdin - read passwords from stdin
|
||||
* -noverify - never verify when reading password from terminal
|
||||
* -quiet - no warnings
|
||||
* -table - format output as table
|
||||
* -reverse - switch table columns
|
||||
@ -62,6 +62,7 @@ int MAIN(int argc, char **argv)
|
||||
int ret = 1;
|
||||
char *infile = NULL;
|
||||
int in_stdin = 0;
|
||||
int in_noverify = 0;
|
||||
char *salt = NULL, *passwd = NULL, **passwds = NULL;
|
||||
char *salt_malloc = NULL, *passwd_malloc = NULL;
|
||||
size_t passwd_malloc_size = 0;
|
||||
@ -77,11 +78,14 @@ int MAIN(int argc, char **argv)
|
||||
if (bio_err == NULL)
|
||||
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto err;
|
||||
out = BIO_new(BIO_s_file());
|
||||
if (out == NULL)
|
||||
goto err;
|
||||
BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
|
||||
#ifdef VMS
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -128,6 +132,8 @@ int MAIN(int argc, char **argv)
|
||||
else
|
||||
badopt = 1;
|
||||
}
|
||||
else if (strcmp(argv[i], "-noverify") == 0)
|
||||
in_noverify = 1;
|
||||
else if (strcmp(argv[i], "-quiet") == 0)
|
||||
quiet = 1;
|
||||
else if (strcmp(argv[i], "-table") == 0)
|
||||
@ -153,7 +159,7 @@ int MAIN(int argc, char **argv)
|
||||
badopt = 1;
|
||||
|
||||
/* reject unsupported algorithms */
|
||||
#ifdef NO_DES
|
||||
#ifdef OPENSSL_NO_DES
|
||||
if (usecrypt) badopt = 1;
|
||||
#endif
|
||||
#ifdef NO_MD5CRYPT_1
|
||||
@ -164,7 +170,7 @@ int MAIN(int argc, char **argv)
|
||||
{
|
||||
BIO_printf(bio_err, "Usage: passwd [options] [passwords]\n");
|
||||
BIO_printf(bio_err, "where options are\n");
|
||||
#ifndef NO_DES
|
||||
#ifndef OPENSSL_NO_DES
|
||||
BIO_printf(bio_err, "-crypt standard Unix password algorithm (default)\n");
|
||||
#endif
|
||||
#ifndef NO_MD5CRYPT_1
|
||||
@ -174,6 +180,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err, "-salt string use provided salt\n");
|
||||
BIO_printf(bio_err, "-in file read passwords from file\n");
|
||||
BIO_printf(bio_err, "-stdin read passwords from stdin\n");
|
||||
BIO_printf(bio_err, "-noverify never verify when reading password from terminal\n");
|
||||
BIO_printf(bio_err, "-quiet no warnings\n");
|
||||
BIO_printf(bio_err, "-table format output as table\n");
|
||||
BIO_printf(bio_err, "-reverse switch table columns\n");
|
||||
@ -222,7 +229,7 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
passwds = passwds_static;
|
||||
if (in == NULL)
|
||||
if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", 0) != 0)
|
||||
if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", !(passed_salt || in_noverify)) != 0)
|
||||
goto err;
|
||||
passwds[0] = passwd_malloc;
|
||||
}
|
||||
@ -284,7 +291,8 @@ int MAIN(int argc, char **argv)
|
||||
BIO_free(in);
|
||||
if (out)
|
||||
BIO_free_all(out);
|
||||
EXIT(ret);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
|
||||
@ -305,7 +313,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
|
||||
unsigned char buf[MD5_DIGEST_LENGTH];
|
||||
char *salt_out;
|
||||
int n, i;
|
||||
MD5_CTX md;
|
||||
EVP_MD_CTX md,md2;
|
||||
size_t passwd_len, salt_len;
|
||||
|
||||
passwd_len = strlen(passwd);
|
||||
@ -320,49 +328,47 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
|
||||
salt_len = strlen(salt_out);
|
||||
assert(salt_len <= 8);
|
||||
|
||||
MD5_Init(&md);
|
||||
MD5_Update(&md, passwd, passwd_len);
|
||||
MD5_Update(&md, "$", 1);
|
||||
MD5_Update(&md, magic, strlen(magic));
|
||||
MD5_Update(&md, "$", 1);
|
||||
MD5_Update(&md, salt_out, salt_len);
|
||||
EVP_MD_CTX_init(&md);
|
||||
EVP_DigestInit_ex(&md,EVP_md5(), NULL);
|
||||
EVP_DigestUpdate(&md, passwd, passwd_len);
|
||||
EVP_DigestUpdate(&md, "$", 1);
|
||||
EVP_DigestUpdate(&md, magic, strlen(magic));
|
||||
EVP_DigestUpdate(&md, "$", 1);
|
||||
EVP_DigestUpdate(&md, salt_out, salt_len);
|
||||
|
||||
{
|
||||
MD5_CTX md2;
|
||||
EVP_MD_CTX_init(&md2);
|
||||
EVP_DigestInit_ex(&md2,EVP_md5(), NULL);
|
||||
EVP_DigestUpdate(&md2, passwd, passwd_len);
|
||||
EVP_DigestUpdate(&md2, salt_out, salt_len);
|
||||
EVP_DigestUpdate(&md2, passwd, passwd_len);
|
||||
EVP_DigestFinal_ex(&md2, buf, NULL);
|
||||
|
||||
MD5_Init(&md2);
|
||||
MD5_Update(&md2, passwd, passwd_len);
|
||||
MD5_Update(&md2, salt_out, salt_len);
|
||||
MD5_Update(&md2, passwd, passwd_len);
|
||||
MD5_Final(buf, &md2);
|
||||
}
|
||||
for (i = passwd_len; i > sizeof buf; i -= sizeof buf)
|
||||
MD5_Update(&md, buf, sizeof buf);
|
||||
MD5_Update(&md, buf, i);
|
||||
EVP_DigestUpdate(&md, buf, sizeof buf);
|
||||
EVP_DigestUpdate(&md, buf, i);
|
||||
|
||||
n = passwd_len;
|
||||
while (n)
|
||||
{
|
||||
MD5_Update(&md, (n & 1) ? "\0" : passwd, 1);
|
||||
EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1);
|
||||
n >>= 1;
|
||||
}
|
||||
MD5_Final(buf, &md);
|
||||
EVP_DigestFinal_ex(&md, buf, NULL);
|
||||
|
||||
for (i = 0; i < 1000; i++)
|
||||
{
|
||||
MD5_CTX md2;
|
||||
|
||||
MD5_Init(&md2);
|
||||
MD5_Update(&md2, (i & 1) ? (unsigned char *) passwd : buf,
|
||||
(i & 1) ? passwd_len : sizeof buf);
|
||||
EVP_DigestInit_ex(&md2,EVP_md5(), NULL);
|
||||
EVP_DigestUpdate(&md2, (i & 1) ? (unsigned char *) passwd : buf,
|
||||
(i & 1) ? passwd_len : sizeof buf);
|
||||
if (i % 3)
|
||||
MD5_Update(&md2, salt_out, salt_len);
|
||||
EVP_DigestUpdate(&md2, salt_out, salt_len);
|
||||
if (i % 7)
|
||||
MD5_Update(&md2, passwd, passwd_len);
|
||||
MD5_Update(&md2, (i & 1) ? buf : (unsigned char *) passwd,
|
||||
(i & 1) ? sizeof buf : passwd_len);
|
||||
MD5_Final(buf, &md2);
|
||||
EVP_DigestUpdate(&md2, passwd, passwd_len);
|
||||
EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned char *) passwd,
|
||||
(i & 1) ? sizeof buf : passwd_len);
|
||||
EVP_DigestFinal_ex(&md2, buf, NULL);
|
||||
}
|
||||
EVP_MD_CTX_cleanup(&md2);
|
||||
|
||||
{
|
||||
/* transform buf into output string */
|
||||
@ -400,6 +406,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
|
||||
*output = 0;
|
||||
assert(strlen(out_buf) < sizeof(out_buf));
|
||||
}
|
||||
EVP_MD_CTX_cleanup(&md);
|
||||
|
||||
return out_buf;
|
||||
}
|
||||
@ -418,7 +425,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
|
||||
/* first make sure we have a salt */
|
||||
if (!passed_salt)
|
||||
{
|
||||
#ifndef NO_DES
|
||||
#ifndef OPENSSL_NO_DES
|
||||
if (usecrypt)
|
||||
{
|
||||
if (*salt_malloc_p == NULL)
|
||||
@ -437,7 +444,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
|
||||
* back to ASCII */
|
||||
#endif
|
||||
}
|
||||
#endif /* !NO_DES */
|
||||
#endif /* !OPENSSL_NO_DES */
|
||||
|
||||
#ifndef NO_MD5CRYPT_1
|
||||
if (use1 || useapr1)
|
||||
@ -472,9 +479,9 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
|
||||
assert(strlen(passwd) <= pw_maxlen);
|
||||
|
||||
/* now compute password hash */
|
||||
#ifndef NO_DES
|
||||
#ifndef OPENSSL_NO_DES
|
||||
if (usecrypt)
|
||||
hash = des_crypt(passwd, *salt_p);
|
||||
hash = DES_crypt(passwd, *salt_p);
|
||||
#endif
|
||||
#ifndef NO_MD5CRYPT_1
|
||||
if (use1 || useapr1)
|
||||
@ -498,6 +505,6 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
fputs("Program not available.\n", stderr)
|
||||
EXIT(1);
|
||||
OPENSSL_EXIT(1);
|
||||
}
|
||||
#endif
|
||||
|
@ -1,5 +1,5 @@
|
||||
/* pkcs12.c */
|
||||
#if !defined(NO_DES) && !defined(NO_SHA1)
|
||||
#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
|
||||
|
||||
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
|
||||
* project 1999.
|
||||
@ -69,7 +69,7 @@
|
||||
|
||||
#define PROG pkcs12_main
|
||||
|
||||
EVP_CIPHER *enc;
|
||||
const EVP_CIPHER *enc;
|
||||
|
||||
|
||||
#define NOKEYS 0x1
|
||||
@ -92,11 +92,13 @@ int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
ENGINE *e = NULL;
|
||||
char *infile=NULL, *outfile=NULL, *keyname = NULL;
|
||||
char *certfile=NULL;
|
||||
BIO *in=NULL, *out = NULL, *inkey = NULL, *certsin = NULL;
|
||||
BIO *in=NULL, *out = NULL;
|
||||
char **args;
|
||||
char *name = NULL;
|
||||
char *csp_name = NULL;
|
||||
PKCS12 *p12 = NULL;
|
||||
char pass[50], macpass[50];
|
||||
int export_cert = 0;
|
||||
@ -118,12 +120,16 @@ int MAIN(int argc, char **argv)
|
||||
char *passin = NULL, *passout = NULL;
|
||||
char *inrand = NULL;
|
||||
char *CApath = NULL, *CAfile = NULL;
|
||||
char *engine=NULL;
|
||||
|
||||
apps_startup();
|
||||
|
||||
enc = EVP_des_ede3_cbc();
|
||||
if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
args = argv + 1;
|
||||
|
||||
|
||||
@ -144,10 +150,15 @@ int MAIN(int argc, char **argv)
|
||||
cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
|
||||
else if (!strcmp (*args, "-export")) export_cert = 1;
|
||||
else if (!strcmp (*args, "-des")) enc=EVP_des_cbc();
|
||||
#ifndef NO_IDEA
|
||||
#ifndef OPENSSL_NO_IDEA
|
||||
else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc();
|
||||
#endif
|
||||
else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc();
|
||||
#ifndef OPENSSL_NO_AES
|
||||
else if (!strcmp(*args,"-aes128")) enc=EVP_aes_128_cbc();
|
||||
else if (!strcmp(*args,"-aes192")) enc=EVP_aes_192_cbc();
|
||||
else if (!strcmp(*args,"-aes256")) enc=EVP_aes_256_cbc();
|
||||
#endif
|
||||
else if (!strcmp (*args, "-noiter")) iter = 1;
|
||||
else if (!strcmp (*args, "-maciter"))
|
||||
maciter = PKCS12_DEFAULT_ITER;
|
||||
@ -194,6 +205,11 @@ int MAIN(int argc, char **argv)
|
||||
args++;
|
||||
name = *args;
|
||||
} else badarg = 1;
|
||||
} else if (!strcmp (*args, "-CSP")) {
|
||||
if (args[1]) {
|
||||
args++;
|
||||
csp_name = *args;
|
||||
} else badarg = 1;
|
||||
} else if (!strcmp (*args, "-caname")) {
|
||||
if (args[1]) {
|
||||
args++;
|
||||
@ -236,6 +252,11 @@ int MAIN(int argc, char **argv)
|
||||
args++;
|
||||
CAfile = *args;
|
||||
} else badarg = 1;
|
||||
} else if (!strcmp(*args,"-engine")) {
|
||||
if (args[1]) {
|
||||
args++;
|
||||
engine = *args;
|
||||
} else badarg = 1;
|
||||
} else badarg = 1;
|
||||
|
||||
} else badarg = 1;
|
||||
@ -264,8 +285,12 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf (bio_err, "-info give info about PKCS#12 structure.\n");
|
||||
BIO_printf (bio_err, "-des encrypt private keys with DES\n");
|
||||
BIO_printf (bio_err, "-des3 encrypt private keys with triple DES (default)\n");
|
||||
#ifndef NO_IDEA
|
||||
#ifndef OPENSSL_NO_IDEA
|
||||
BIO_printf (bio_err, "-idea encrypt private keys with idea\n");
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_AES
|
||||
BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
|
||||
BIO_printf (bio_err, " encrypt PEM output with cbc aes\n");
|
||||
#endif
|
||||
BIO_printf (bio_err, "-nodes don't encrypt private keys\n");
|
||||
BIO_printf (bio_err, "-noiter don't use encryption iteration\n");
|
||||
@ -279,12 +304,15 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf (bio_err, "-password p set import/export password source\n");
|
||||
BIO_printf (bio_err, "-passin p input file pass phrase source\n");
|
||||
BIO_printf (bio_err, "-passout p output file pass phrase source\n");
|
||||
BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
|
||||
BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
|
||||
BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
|
||||
BIO_printf(bio_err, " the random number generator\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
|
||||
if(passarg) {
|
||||
if(export_cert) passargout = passarg;
|
||||
else passargin = passarg;
|
||||
@ -329,6 +357,7 @@ int MAIN(int argc, char **argv)
|
||||
goto end;
|
||||
}
|
||||
|
||||
#if 0
|
||||
if (certfile) {
|
||||
if(!(certsin = BIO_new_file(certfile, "r"))) {
|
||||
BIO_printf(bio_err, "Can't open certificate file %s\n", certfile);
|
||||
@ -344,6 +373,7 @@ int MAIN(int argc, char **argv)
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef CRYPTO_MDEBUG
|
||||
CRYPTO_pop_info();
|
||||
@ -352,7 +382,7 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
if (!outfile) {
|
||||
out = BIO_new_fp(stdout, BIO_NOCLOSE);
|
||||
#ifdef VMS
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -369,7 +399,7 @@ int MAIN(int argc, char **argv)
|
||||
#ifdef CRYPTO_MDEBUG
|
||||
CRYPTO_push_info("read MAC password");
|
||||
#endif
|
||||
if(EVP_read_pw_string (macpass, 50, "Enter MAC Password:", export_cert))
|
||||
if(EVP_read_pw_string (macpass, sizeof macpass, "Enter MAC Password:", export_cert))
|
||||
{
|
||||
BIO_printf (bio_err, "Can't read Password\n");
|
||||
goto end;
|
||||
@ -397,12 +427,9 @@ int MAIN(int argc, char **argv)
|
||||
CRYPTO_push_info("process -export_cert");
|
||||
CRYPTO_push_info("reading private key");
|
||||
#endif
|
||||
key = PEM_read_bio_PrivateKey(inkey ? inkey : in, NULL, NULL, passin);
|
||||
if (!inkey) (void) BIO_reset(in);
|
||||
else BIO_free(inkey);
|
||||
key = load_key(bio_err, keyname ? keyname : infile, FORMAT_PEM, 1,
|
||||
passin, e, "private key");
|
||||
if (!key) {
|
||||
BIO_printf (bio_err, "Error loading private key\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto export_end;
|
||||
}
|
||||
|
||||
@ -411,12 +438,9 @@ int MAIN(int argc, char **argv)
|
||||
CRYPTO_push_info("reading certs from input");
|
||||
#endif
|
||||
|
||||
certs = sk_X509_new_null();
|
||||
|
||||
/* Load in all certs in input file */
|
||||
if(!cert_load(in, certs)) {
|
||||
BIO_printf(bio_err, "Error loading certificates from input\n");
|
||||
ERR_print_errors(bio_err);
|
||||
if(!(certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e,
|
||||
"certificates"))) {
|
||||
goto export_end;
|
||||
}
|
||||
|
||||
@ -446,13 +470,17 @@ int MAIN(int argc, char **argv)
|
||||
bags = sk_PKCS12_SAFEBAG_new_null ();
|
||||
|
||||
/* Add any more certificates asked for */
|
||||
if (certsin) {
|
||||
if(!cert_load(certsin, certs)) {
|
||||
BIO_printf(bio_err, "Error loading certificates from certfile\n");
|
||||
ERR_print_errors(bio_err);
|
||||
if (certfile) {
|
||||
STACK_OF(X509) *morecerts=NULL;
|
||||
if(!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM,
|
||||
NULL, e,
|
||||
"certificates from certfile"))) {
|
||||
goto export_end;
|
||||
}
|
||||
BIO_free(certsin);
|
||||
while(sk_X509_num(morecerts) > 0) {
|
||||
sk_X509_push(certs, sk_X509_shift(morecerts));
|
||||
}
|
||||
sk_X509_free(morecerts);
|
||||
}
|
||||
|
||||
#ifdef CRYPTO_MDEBUG
|
||||
@ -480,9 +508,10 @@ int MAIN(int argc, char **argv)
|
||||
/* Exclude verified certificate */
|
||||
for (i = 1; i < sk_X509_num (chain2) ; i++)
|
||||
sk_X509_push(certs, sk_X509_value (chain2, i));
|
||||
}
|
||||
sk_X509_free(chain2);
|
||||
if (vret) {
|
||||
/* Free first certificate */
|
||||
X509_free(sk_X509_value(chain2, 0));
|
||||
sk_X509_free(chain2);
|
||||
} else {
|
||||
BIO_printf (bio_err, "Error %s getting chain.\n",
|
||||
X509_verify_cert_error_string(vret));
|
||||
goto export_end;
|
||||
@ -498,7 +527,7 @@ int MAIN(int argc, char **argv)
|
||||
for(i = 0; i < sk_X509_num(certs); i++) {
|
||||
X509 *cert = NULL;
|
||||
cert = sk_X509_value(certs, i);
|
||||
bag = M_PKCS12_x5092certbag(cert);
|
||||
bag = PKCS12_x5092certbag(cert);
|
||||
/* If it matches private key set id */
|
||||
if(cert == ucert) {
|
||||
if(name) PKCS12_add_friendlyname(bag, name, -1);
|
||||
@ -509,8 +538,6 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
sk_X509_pop_free(certs, X509_free);
|
||||
certs = NULL;
|
||||
/* ucert is part of certs so it is already freed */
|
||||
ucert = NULL;
|
||||
|
||||
#ifdef CRYPTO_MDEBUG
|
||||
CRYPTO_pop_info();
|
||||
@ -518,7 +545,7 @@ int MAIN(int argc, char **argv)
|
||||
#endif
|
||||
|
||||
if(!noprompt &&
|
||||
EVP_read_pw_string(pass, 50, "Enter Export Password:", 1)) {
|
||||
EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1)) {
|
||||
BIO_printf (bio_err, "Can't read Password\n");
|
||||
goto export_end;
|
||||
}
|
||||
@ -549,6 +576,7 @@ int MAIN(int argc, char **argv)
|
||||
PKCS8_PRIV_KEY_INFO_free(p8);
|
||||
p8 = NULL;
|
||||
if (name) PKCS12_add_friendlyname (bag, name, -1);
|
||||
if(csp_name) PKCS12_add_CSPName_asc(bag, csp_name, -1);
|
||||
PKCS12_add_localkeyid (bag, keyid, keyidlen);
|
||||
bags = sk_PKCS12_SAFEBAG_new_null();
|
||||
sk_PKCS12_SAFEBAG_push (bags, bag);
|
||||
@ -569,9 +597,9 @@ int MAIN(int argc, char **argv)
|
||||
CRYPTO_push_info("building pkcs12");
|
||||
#endif
|
||||
|
||||
p12 = PKCS12_init (NID_pkcs7_data);
|
||||
p12 = PKCS12_init(NID_pkcs7_data);
|
||||
|
||||
M_PKCS12_pack_authsafes (p12, safes);
|
||||
PKCS12_pack_authsafes(p12, safes);
|
||||
|
||||
sk_PKCS7_pop_free(safes, PKCS7_free);
|
||||
safes = NULL;
|
||||
@ -598,7 +626,6 @@ int MAIN(int argc, char **argv)
|
||||
if (certs) sk_X509_pop_free(certs, X509_free);
|
||||
if (safes) sk_PKCS7_pop_free(safes, PKCS7_free);
|
||||
if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
|
||||
if (ucert) X509_free(ucert);
|
||||
|
||||
#ifdef CRYPTO_MDEBUG
|
||||
CRYPTO_pop_info();
|
||||
@ -615,7 +642,7 @@ int MAIN(int argc, char **argv)
|
||||
#ifdef CRYPTO_MDEBUG
|
||||
CRYPTO_push_info("read import password");
|
||||
#endif
|
||||
if(!noprompt && EVP_read_pw_string(pass, 50, "Enter Import Password:", 0)) {
|
||||
if(!noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", 0)) {
|
||||
BIO_printf (bio_err, "Can't read Password\n");
|
||||
goto end;
|
||||
}
|
||||
@ -668,7 +695,8 @@ int MAIN(int argc, char **argv)
|
||||
if (canames) sk_free(canames);
|
||||
if(passin) OPENSSL_free(passin);
|
||||
if(passout) OPENSSL_free(passout);
|
||||
EXIT(ret);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
|
||||
@ -679,20 +707,20 @@ int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
|
||||
int i, bagnid;
|
||||
PKCS7 *p7;
|
||||
|
||||
if (!( asafes = M_PKCS12_unpack_authsafes (p12))) return 0;
|
||||
if (!( asafes = PKCS12_unpack_authsafes(p12))) return 0;
|
||||
for (i = 0; i < sk_PKCS7_num (asafes); i++) {
|
||||
p7 = sk_PKCS7_value (asafes, i);
|
||||
bagnid = OBJ_obj2nid (p7->type);
|
||||
if (bagnid == NID_pkcs7_data) {
|
||||
bags = M_PKCS12_unpack_p7data (p7);
|
||||
bags = PKCS12_unpack_p7data(p7);
|
||||
if (options & INFO) BIO_printf (bio_err, "PKCS7 Data\n");
|
||||
} else if (bagnid == NID_pkcs7_encrypted) {
|
||||
if (options & INFO) {
|
||||
BIO_printf (bio_err, "PKCS7 Encrypted data: ");
|
||||
alg_print (bio_err,
|
||||
BIO_printf(bio_err, "PKCS7 Encrypted data: ");
|
||||
alg_print(bio_err,
|
||||
p7->d.encrypted->enc_data->algorithm);
|
||||
}
|
||||
bags = M_PKCS12_unpack_p7encdata (p7, pass, passlen);
|
||||
bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
|
||||
} else continue;
|
||||
if (!bags) return 0;
|
||||
if (!dump_certs_pkeys_bags (out, bags, pass, passlen,
|
||||
@ -747,7 +775,7 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
|
||||
}
|
||||
if (options & NOKEYS) return 1;
|
||||
print_attribs (out, bag->attrib, "Bag Attributes");
|
||||
if (!(p8 = M_PKCS12_decrypt_skey (bag, pass, passlen)))
|
||||
if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
|
||||
return 0;
|
||||
if (!(pkey = EVP_PKCS82PKEY (p8))) {
|
||||
PKCS8_PRIV_KEY_INFO_free(p8);
|
||||
@ -768,7 +796,7 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
|
||||
print_attribs (out, bag->attrib, "Bag Attributes");
|
||||
if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
|
||||
return 1;
|
||||
if (!(x509 = M_PKCS12_certbag2x509(bag))) return 0;
|
||||
if (!(x509 = PKCS12_certbag2x509(bag))) return 0;
|
||||
dump_cert_text (out, x509);
|
||||
PEM_write_bio_X509 (out, x509);
|
||||
X509_free(x509);
|
||||
@ -800,6 +828,9 @@ int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
|
||||
STACK_OF(X509) *chn;
|
||||
int i;
|
||||
|
||||
/* FIXME: Should really check the return status of X509_STORE_CTX_init
|
||||
* for an error, but how that fits into the return value of this
|
||||
* function is less obvious. */
|
||||
X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
|
||||
if (X509_verify_cert(&store_ctx) <= 0) {
|
||||
i = X509_STORE_CTX_get_error (&store_ctx);
|
||||
|
@ -82,6 +82,7 @@ int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
ENGINE *e = NULL;
|
||||
PKCS7 *p7=NULL;
|
||||
int i,badops=0;
|
||||
BIO *in=NULL,*out=NULL;
|
||||
@ -89,6 +90,7 @@ int MAIN(int argc, char **argv)
|
||||
char *infile,*outfile,*prog;
|
||||
int print_certs=0,text=0,noout=0;
|
||||
int ret=1;
|
||||
char *engine=NULL;
|
||||
|
||||
apps_startup();
|
||||
|
||||
@ -132,6 +134,11 @@ int MAIN(int argc, char **argv)
|
||||
text=1;
|
||||
else if (strcmp(*argv,"-print_certs") == 0)
|
||||
print_certs=1;
|
||||
else if (strcmp(*argv,"-engine") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
engine= *(++argv);
|
||||
}
|
||||
else
|
||||
{
|
||||
BIO_printf(bio_err,"unknown option %s\n",*argv);
|
||||
@ -154,11 +161,15 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err," -print_certs print any certs or crl in the input\n");
|
||||
BIO_printf(bio_err," -text print full details of certificates\n");
|
||||
BIO_printf(bio_err," -noout don't output encoded data\n");
|
||||
EXIT(1);
|
||||
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
|
||||
ret = 1;
|
||||
goto end;
|
||||
}
|
||||
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
|
||||
in=BIO_new(BIO_s_file());
|
||||
out=BIO_new(BIO_s_file());
|
||||
if ((in == NULL) || (out == NULL))
|
||||
@ -198,7 +209,7 @@ int MAIN(int argc, char **argv)
|
||||
if (outfile == NULL)
|
||||
{
|
||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||
#ifdef VMS
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -289,5 +300,6 @@ int MAIN(int argc, char **argv)
|
||||
if (p7 != NULL) PKCS7_free(p7);
|
||||
if (in != NULL) BIO_free(in);
|
||||
if (out != NULL) BIO_free_all(out);
|
||||
EXIT(ret);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
@ -63,13 +63,13 @@
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/pkcs12.h>
|
||||
|
||||
#include "apps.h"
|
||||
#define PROG pkcs8_main
|
||||
|
||||
int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
ENGINE *e = NULL;
|
||||
char **args, *infile = NULL, *outfile = NULL;
|
||||
char *passargin = NULL, *passargout = NULL;
|
||||
BIO *in = NULL, *out = NULL;
|
||||
@ -82,12 +82,19 @@ int MAIN(int argc, char **argv)
|
||||
int nocrypt = 0;
|
||||
X509_SIG *p8;
|
||||
PKCS8_PRIV_KEY_INFO *p8inf;
|
||||
EVP_PKEY *pkey;
|
||||
EVP_PKEY *pkey=NULL;
|
||||
char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
|
||||
int badarg = 0;
|
||||
char *engine=NULL;
|
||||
|
||||
if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
informat=FORMAT_PEM;
|
||||
outformat=FORMAT_PEM;
|
||||
|
||||
ERR_load_crypto_strings();
|
||||
OpenSSL_add_all_algorithms();
|
||||
args = argv + 1;
|
||||
@ -138,6 +145,11 @@ int MAIN(int argc, char **argv)
|
||||
if (!args[1]) goto bad;
|
||||
passargout= *(++args);
|
||||
}
|
||||
else if (strcmp(*args,"-engine") == 0)
|
||||
{
|
||||
if (!args[1]) goto bad;
|
||||
engine= *(++args);
|
||||
}
|
||||
else if (!strcmp (*args, "-in")) {
|
||||
if (args[1]) {
|
||||
args++;
|
||||
@ -170,9 +182,12 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err, "-nocrypt use or expect unencrypted private key\n");
|
||||
BIO_printf(bio_err, "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n");
|
||||
BIO_printf(bio_err, "-v1 obj use PKCS#5 v1.5 and cipher \"alg\"\n");
|
||||
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
|
||||
return (1);
|
||||
}
|
||||
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
|
||||
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
|
||||
BIO_printf(bio_err, "Error getting passwords\n");
|
||||
return (1);
|
||||
@ -196,28 +211,21 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
} else {
|
||||
out = BIO_new_fp (stdout, BIO_NOCLOSE);
|
||||
#ifdef VMS
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
if (topk8) {
|
||||
if(informat == FORMAT_PEM)
|
||||
pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, passin);
|
||||
else if(informat == FORMAT_ASN1)
|
||||
pkey = d2i_PrivateKey_bio(in, NULL);
|
||||
else {
|
||||
BIO_printf(bio_err, "Bad format specified for key\n");
|
||||
return (1);
|
||||
}
|
||||
if (topk8)
|
||||
{
|
||||
BIO_free(in); /* Not needed in this section */
|
||||
pkey = load_key(bio_err, infile, informat, 1,
|
||||
passin, e, "key");
|
||||
if (!pkey) {
|
||||
BIO_printf(bio_err, "Error reading key\n", outfile);
|
||||
ERR_print_errors(bio_err);
|
||||
return (1);
|
||||
}
|
||||
BIO_free(in);
|
||||
if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) {
|
||||
BIO_printf(bio_err, "Error converting key\n", outfile);
|
||||
ERR_print_errors(bio_err);
|
||||
@ -236,7 +244,8 @@ int MAIN(int argc, char **argv)
|
||||
if(passout) p8pass = passout;
|
||||
else {
|
||||
p8pass = pass;
|
||||
EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1);
|
||||
if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1))
|
||||
return (1);
|
||||
}
|
||||
app_RAND_load_file(NULL, bio_err, 0);
|
||||
if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
|
||||
@ -293,9 +302,9 @@ int MAIN(int argc, char **argv)
|
||||
if(passin) p8pass = passin;
|
||||
else {
|
||||
p8pass = pass;
|
||||
EVP_read_pw_string(pass, 50, "Enter Password:", 0);
|
||||
EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0);
|
||||
}
|
||||
p8inf = M_PKCS8_decrypt(p8, p8pass, strlen(p8pass));
|
||||
p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
|
||||
X509_SIG_free(p8);
|
||||
}
|
||||
|
||||
@ -342,6 +351,7 @@ int MAIN(int argc, char **argv)
|
||||
return (1);
|
||||
}
|
||||
|
||||
end:
|
||||
EVP_PKEY_free(pkey);
|
||||
BIO_free_all(out);
|
||||
BIO_free(in);
|
||||
|
@ -35,6 +35,8 @@ extern int pkcs8_main(int argc,char *argv[]);
|
||||
extern int spkac_main(int argc,char *argv[]);
|
||||
extern int smime_main(int argc,char *argv[]);
|
||||
extern int rand_main(int argc,char *argv[]);
|
||||
extern int engine_main(int argc,char *argv[]);
|
||||
extern int ocsp_main(int argc,char *argv[]);
|
||||
|
||||
#define FUNC_TYPE_GENERAL 1
|
||||
#define FUNC_TYPE_MD 2
|
||||
@ -51,205 +53,239 @@ FUNCTION functions[] = {
|
||||
{FUNC_TYPE_GENERAL,"asn1parse",asn1parse_main},
|
||||
{FUNC_TYPE_GENERAL,"req",req_main},
|
||||
{FUNC_TYPE_GENERAL,"dgst",dgst_main},
|
||||
#ifndef NO_DH
|
||||
#ifndef OPENSSL_NO_DH
|
||||
{FUNC_TYPE_GENERAL,"dh",dh_main},
|
||||
#endif
|
||||
#ifndef NO_DH
|
||||
#ifndef OPENSSL_NO_DH
|
||||
{FUNC_TYPE_GENERAL,"dhparam",dhparam_main},
|
||||
#endif
|
||||
{FUNC_TYPE_GENERAL,"enc",enc_main},
|
||||
{FUNC_TYPE_GENERAL,"passwd",passwd_main},
|
||||
#ifndef NO_DH
|
||||
#ifndef OPENSSL_NO_DH
|
||||
{FUNC_TYPE_GENERAL,"gendh",gendh_main},
|
||||
#endif
|
||||
{FUNC_TYPE_GENERAL,"errstr",errstr_main},
|
||||
{FUNC_TYPE_GENERAL,"ca",ca_main},
|
||||
{FUNC_TYPE_GENERAL,"crl",crl_main},
|
||||
#ifndef NO_RSA
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
{FUNC_TYPE_GENERAL,"rsa",rsa_main},
|
||||
#endif
|
||||
#ifndef NO_RSA
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
{FUNC_TYPE_GENERAL,"rsautl",rsautl_main},
|
||||
#endif
|
||||
#ifndef NO_DSA
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
{FUNC_TYPE_GENERAL,"dsa",dsa_main},
|
||||
#endif
|
||||
#ifndef NO_DSA
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
{FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main},
|
||||
#endif
|
||||
{FUNC_TYPE_GENERAL,"x509",x509_main},
|
||||
#ifndef NO_RSA
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
{FUNC_TYPE_GENERAL,"genrsa",genrsa_main},
|
||||
#endif
|
||||
#ifndef NO_DSA
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
{FUNC_TYPE_GENERAL,"gendsa",gendsa_main},
|
||||
#endif
|
||||
#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))
|
||||
#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
|
||||
{FUNC_TYPE_GENERAL,"s_server",s_server_main},
|
||||
#endif
|
||||
#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))
|
||||
#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
|
||||
{FUNC_TYPE_GENERAL,"s_client",s_client_main},
|
||||
#endif
|
||||
{FUNC_TYPE_GENERAL,"speed",speed_main},
|
||||
#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))
|
||||
#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
|
||||
{FUNC_TYPE_GENERAL,"s_time",s_time_main},
|
||||
#endif
|
||||
{FUNC_TYPE_GENERAL,"version",version_main},
|
||||
{FUNC_TYPE_GENERAL,"pkcs7",pkcs7_main},
|
||||
{FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main},
|
||||
{FUNC_TYPE_GENERAL,"sess_id",sess_id_main},
|
||||
#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))
|
||||
#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
|
||||
{FUNC_TYPE_GENERAL,"ciphers",ciphers_main},
|
||||
#endif
|
||||
{FUNC_TYPE_GENERAL,"nseq",nseq_main},
|
||||
#if !defined(NO_DES) && !defined(NO_SHA1)
|
||||
#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
|
||||
{FUNC_TYPE_GENERAL,"pkcs12",pkcs12_main},
|
||||
#endif
|
||||
{FUNC_TYPE_GENERAL,"pkcs8",pkcs8_main},
|
||||
{FUNC_TYPE_GENERAL,"spkac",spkac_main},
|
||||
{FUNC_TYPE_GENERAL,"smime",smime_main},
|
||||
{FUNC_TYPE_GENERAL,"rand",rand_main},
|
||||
{FUNC_TYPE_GENERAL,"engine",engine_main},
|
||||
{FUNC_TYPE_GENERAL,"ocsp",ocsp_main},
|
||||
#ifndef OPENSSL_NO_MD2
|
||||
{FUNC_TYPE_MD,"md2",dgst_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_MD4
|
||||
{FUNC_TYPE_MD,"md4",dgst_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_MD5
|
||||
{FUNC_TYPE_MD,"md5",dgst_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SHA
|
||||
{FUNC_TYPE_MD,"sha",dgst_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SHA1
|
||||
{FUNC_TYPE_MD,"sha1",dgst_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_MDC2
|
||||
{FUNC_TYPE_MD,"mdc2",dgst_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_RMD160
|
||||
{FUNC_TYPE_MD,"rmd160",dgst_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_AES
|
||||
{FUNC_TYPE_CIPHER,"aes-128-cbc",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_AES
|
||||
{FUNC_TYPE_CIPHER,"aes-128-ecb",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_AES
|
||||
{FUNC_TYPE_CIPHER,"aes-192-cbc",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_AES
|
||||
{FUNC_TYPE_CIPHER,"aes-192-ecb",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_AES
|
||||
{FUNC_TYPE_CIPHER,"aes-256-cbc",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_AES
|
||||
{FUNC_TYPE_CIPHER,"aes-256-ecb",enc_main},
|
||||
#endif
|
||||
{FUNC_TYPE_CIPHER,"base64",enc_main},
|
||||
#ifndef NO_DES
|
||||
#ifndef OPENSSL_NO_DES
|
||||
{FUNC_TYPE_CIPHER,"des",enc_main},
|
||||
#endif
|
||||
#ifndef NO_DES
|
||||
#ifndef OPENSSL_NO_DES
|
||||
{FUNC_TYPE_CIPHER,"des3",enc_main},
|
||||
#endif
|
||||
#ifndef NO_DES
|
||||
#ifndef OPENSSL_NO_DES
|
||||
{FUNC_TYPE_CIPHER,"desx",enc_main},
|
||||
#endif
|
||||
#ifndef NO_IDEA
|
||||
#ifndef OPENSSL_NO_IDEA
|
||||
{FUNC_TYPE_CIPHER,"idea",enc_main},
|
||||
#endif
|
||||
#ifndef NO_RC4
|
||||
#ifndef OPENSSL_NO_RC4
|
||||
{FUNC_TYPE_CIPHER,"rc4",enc_main},
|
||||
#endif
|
||||
#ifndef NO_RC4
|
||||
#ifndef OPENSSL_NO_RC4
|
||||
{FUNC_TYPE_CIPHER,"rc4-40",enc_main},
|
||||
#endif
|
||||
#ifndef NO_RC2
|
||||
#ifndef OPENSSL_NO_RC2
|
||||
{FUNC_TYPE_CIPHER,"rc2",enc_main},
|
||||
#endif
|
||||
#ifndef NO_BF
|
||||
#ifndef OPENSSL_NO_BF
|
||||
{FUNC_TYPE_CIPHER,"bf",enc_main},
|
||||
#endif
|
||||
#ifndef NO_CAST
|
||||
#ifndef OPENSSL_NO_CAST
|
||||
{FUNC_TYPE_CIPHER,"cast",enc_main},
|
||||
#endif
|
||||
#ifndef NO_RC5
|
||||
#ifndef OPENSSL_NO_RC5
|
||||
{FUNC_TYPE_CIPHER,"rc5",enc_main},
|
||||
#endif
|
||||
#ifndef NO_DES
|
||||
#ifndef OPENSSL_NO_DES
|
||||
{FUNC_TYPE_CIPHER,"des-ecb",enc_main},
|
||||
#endif
|
||||
#ifndef NO_DES
|
||||
#ifndef OPENSSL_NO_DES
|
||||
{FUNC_TYPE_CIPHER,"des-ede",enc_main},
|
||||
#endif
|
||||
#ifndef NO_DES
|
||||
#ifndef OPENSSL_NO_DES
|
||||
{FUNC_TYPE_CIPHER,"des-ede3",enc_main},
|
||||
#endif
|
||||
#ifndef NO_DES
|
||||
#ifndef OPENSSL_NO_DES
|
||||
{FUNC_TYPE_CIPHER,"des-cbc",enc_main},
|
||||
#endif
|
||||
#ifndef NO_DES
|
||||
#ifndef OPENSSL_NO_DES
|
||||
{FUNC_TYPE_CIPHER,"des-ede-cbc",enc_main},
|
||||
#endif
|
||||
#ifndef NO_DES
|
||||
#ifndef OPENSSL_NO_DES
|
||||
{FUNC_TYPE_CIPHER,"des-ede3-cbc",enc_main},
|
||||
#endif
|
||||
#ifndef NO_DES
|
||||
#ifndef OPENSSL_NO_DES
|
||||
{FUNC_TYPE_CIPHER,"des-cfb",enc_main},
|
||||
#endif
|
||||
#ifndef NO_DES
|
||||
#ifndef OPENSSL_NO_DES
|
||||
{FUNC_TYPE_CIPHER,"des-ede-cfb",enc_main},
|
||||
#endif
|
||||
#ifndef NO_DES
|
||||
#ifndef OPENSSL_NO_DES
|
||||
{FUNC_TYPE_CIPHER,"des-ede3-cfb",enc_main},
|
||||
#endif
|
||||
#ifndef NO_DES
|
||||
#ifndef OPENSSL_NO_DES
|
||||
{FUNC_TYPE_CIPHER,"des-ofb",enc_main},
|
||||
#endif
|
||||
#ifndef NO_DES
|
||||
#ifndef OPENSSL_NO_DES
|
||||
{FUNC_TYPE_CIPHER,"des-ede-ofb",enc_main},
|
||||
#endif
|
||||
#ifndef NO_DES
|
||||
#ifndef OPENSSL_NO_DES
|
||||
{FUNC_TYPE_CIPHER,"des-ede3-ofb",enc_main},
|
||||
#endif
|
||||
#ifndef NO_IDEA
|
||||
#ifndef OPENSSL_NO_IDEA
|
||||
{FUNC_TYPE_CIPHER,"idea-cbc",enc_main},
|
||||
#endif
|
||||
#ifndef NO_IDEA
|
||||
#ifndef OPENSSL_NO_IDEA
|
||||
{FUNC_TYPE_CIPHER,"idea-ecb",enc_main},
|
||||
#endif
|
||||
#ifndef NO_IDEA
|
||||
#ifndef OPENSSL_NO_IDEA
|
||||
{FUNC_TYPE_CIPHER,"idea-cfb",enc_main},
|
||||
#endif
|
||||
#ifndef NO_IDEA
|
||||
#ifndef OPENSSL_NO_IDEA
|
||||
{FUNC_TYPE_CIPHER,"idea-ofb",enc_main},
|
||||
#endif
|
||||
#ifndef NO_RC2
|
||||
#ifndef OPENSSL_NO_RC2
|
||||
{FUNC_TYPE_CIPHER,"rc2-cbc",enc_main},
|
||||
#endif
|
||||
#ifndef NO_RC2
|
||||
#ifndef OPENSSL_NO_RC2
|
||||
{FUNC_TYPE_CIPHER,"rc2-ecb",enc_main},
|
||||
#endif
|
||||
#ifndef NO_RC2
|
||||
#ifndef OPENSSL_NO_RC2
|
||||
{FUNC_TYPE_CIPHER,"rc2-cfb",enc_main},
|
||||
#endif
|
||||
#ifndef NO_RC2
|
||||
#ifndef OPENSSL_NO_RC2
|
||||
{FUNC_TYPE_CIPHER,"rc2-ofb",enc_main},
|
||||
#endif
|
||||
#ifndef NO_RC2
|
||||
#ifndef OPENSSL_NO_RC2
|
||||
{FUNC_TYPE_CIPHER,"rc2-64-cbc",enc_main},
|
||||
#endif
|
||||
#ifndef NO_RC2
|
||||
#ifndef OPENSSL_NO_RC2
|
||||
{FUNC_TYPE_CIPHER,"rc2-40-cbc",enc_main},
|
||||
#endif
|
||||
#ifndef NO_BF
|
||||
#ifndef OPENSSL_NO_BF
|
||||
{FUNC_TYPE_CIPHER,"bf-cbc",enc_main},
|
||||
#endif
|
||||
#ifndef NO_BF
|
||||
#ifndef OPENSSL_NO_BF
|
||||
{FUNC_TYPE_CIPHER,"bf-ecb",enc_main},
|
||||
#endif
|
||||
#ifndef NO_BF
|
||||
#ifndef OPENSSL_NO_BF
|
||||
{FUNC_TYPE_CIPHER,"bf-cfb",enc_main},
|
||||
#endif
|
||||
#ifndef NO_BF
|
||||
#ifndef OPENSSL_NO_BF
|
||||
{FUNC_TYPE_CIPHER,"bf-ofb",enc_main},
|
||||
#endif
|
||||
#ifndef NO_CAST
|
||||
#ifndef OPENSSL_NO_CAST
|
||||
{FUNC_TYPE_CIPHER,"cast5-cbc",enc_main},
|
||||
#endif
|
||||
#ifndef NO_CAST
|
||||
#ifndef OPENSSL_NO_CAST
|
||||
{FUNC_TYPE_CIPHER,"cast5-ecb",enc_main},
|
||||
#endif
|
||||
#ifndef NO_CAST
|
||||
#ifndef OPENSSL_NO_CAST
|
||||
{FUNC_TYPE_CIPHER,"cast5-cfb",enc_main},
|
||||
#endif
|
||||
#ifndef NO_CAST
|
||||
#ifndef OPENSSL_NO_CAST
|
||||
{FUNC_TYPE_CIPHER,"cast5-ofb",enc_main},
|
||||
#endif
|
||||
#ifndef NO_CAST
|
||||
#ifndef OPENSSL_NO_CAST
|
||||
{FUNC_TYPE_CIPHER,"cast-cbc",enc_main},
|
||||
#endif
|
||||
#ifndef NO_RC5
|
||||
#ifndef OPENSSL_NO_RC5
|
||||
{FUNC_TYPE_CIPHER,"rc5-cbc",enc_main},
|
||||
#endif
|
||||
#ifndef NO_RC5
|
||||
#ifndef OPENSSL_NO_RC5
|
||||
{FUNC_TYPE_CIPHER,"rc5-ecb",enc_main},
|
||||
#endif
|
||||
#ifndef NO_RC5
|
||||
#ifndef OPENSSL_NO_RC5
|
||||
{FUNC_TYPE_CIPHER,"rc5-cfb",enc_main},
|
||||
#endif
|
||||
#ifndef NO_RC5
|
||||
#ifndef OPENSSL_NO_RC5
|
||||
{FUNC_TYPE_CIPHER,"rc5-ofb",enc_main},
|
||||
#endif
|
||||
{0,NULL,NULL}
|
||||
|
@ -28,15 +28,15 @@ foreach (@ARGV)
|
||||
push(@files,$_);
|
||||
$str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
|
||||
if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
|
||||
{ print "#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))\n${str}#endif\n"; }
|
||||
{ print "#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))\n${str}#endif\n"; }
|
||||
elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) || ($_ =~ /^rsautl$/))
|
||||
{ print "#ifndef NO_RSA\n${str}#endif\n"; }
|
||||
{ print "#ifndef OPENSSL_NO_RSA\n${str}#endif\n"; }
|
||||
elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/))
|
||||
{ print "#ifndef NO_DSA\n${str}#endif\n"; }
|
||||
{ print "#ifndef OPENSSL_NO_DSA\n${str}#endif\n"; }
|
||||
elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/) || ($_ =~ /^dhparam$/))
|
||||
{ print "#ifndef NO_DH\n${str}#endif\n"; }
|
||||
{ print "#ifndef OPENSSL_NO_DH\n${str}#endif\n"; }
|
||||
elsif ( ($_ =~ /^pkcs12$/))
|
||||
{ print "#if !defined(NO_DES) && !defined(NO_SHA1)\n${str}#endif\n"; }
|
||||
{ print "#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)\n${str}#endif\n"; }
|
||||
else
|
||||
{ print $str; }
|
||||
}
|
||||
@ -44,10 +44,13 @@ foreach (@ARGV)
|
||||
foreach ("md2","md4","md5","sha","sha1","mdc2","rmd160")
|
||||
{
|
||||
push(@files,$_);
|
||||
printf "\t{FUNC_TYPE_MD,\"%s\",dgst_main},\n",$_;
|
||||
printf "#ifndef OPENSSL_NO_".uc($_)."\n\t{FUNC_TYPE_MD,\"".$_."\",dgst_main},\n#endif\n";
|
||||
}
|
||||
|
||||
foreach (
|
||||
"aes-128-cbc", "aes-128-ecb",
|
||||
"aes-192-cbc", "aes-192-ecb",
|
||||
"aes-256-cbc", "aes-256-ecb",
|
||||
"base64",
|
||||
"des", "des3", "desx", "idea", "rc4", "rc4-40",
|
||||
"rc2", "bf", "cast", "rc5",
|
||||
@ -64,13 +67,14 @@ foreach (
|
||||
push(@files,$_);
|
||||
|
||||
$t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_);
|
||||
if ($_ =~ /des/) { $t="#ifndef NO_DES\n${t}#endif\n"; }
|
||||
elsif ($_ =~ /idea/) { $t="#ifndef NO_IDEA\n${t}#endif\n"; }
|
||||
elsif ($_ =~ /rc4/) { $t="#ifndef NO_RC4\n${t}#endif\n"; }
|
||||
elsif ($_ =~ /rc2/) { $t="#ifndef NO_RC2\n${t}#endif\n"; }
|
||||
elsif ($_ =~ /bf/) { $t="#ifndef NO_BF\n${t}#endif\n"; }
|
||||
elsif ($_ =~ /cast/) { $t="#ifndef NO_CAST\n${t}#endif\n"; }
|
||||
elsif ($_ =~ /rc5/) { $t="#ifndef NO_RC5\n${t}#endif\n"; }
|
||||
if ($_ =~ /des/) { $t="#ifndef OPENSSL_NO_DES\n${t}#endif\n"; }
|
||||
elsif ($_ =~ /aes/) { $t="#ifndef OPENSSL_NO_AES\n${t}#endif\n"; }
|
||||
elsif ($_ =~ /idea/) { $t="#ifndef OPENSSL_NO_IDEA\n${t}#endif\n"; }
|
||||
elsif ($_ =~ /rc4/) { $t="#ifndef OPENSSL_NO_RC4\n${t}#endif\n"; }
|
||||
elsif ($_ =~ /rc2/) { $t="#ifndef OPENSSL_NO_RC2\n${t}#endif\n"; }
|
||||
elsif ($_ =~ /bf/) { $t="#ifndef OPENSSL_NO_BF\n${t}#endif\n"; }
|
||||
elsif ($_ =~ /cast/) { $t="#ifndef OPENSSL_NO_CAST\n${t}#endif\n"; }
|
||||
elsif ($_ =~ /rc5/) { $t="#ifndef OPENSSL_NO_RC5\n${t}#endif\n"; }
|
||||
print $t;
|
||||
}
|
||||
|
||||
|
@ -1,4 +1,57 @@
|
||||
/* apps/rand.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
|
||||
#include "apps.h"
|
||||
|
||||
@ -23,6 +76,7 @@ int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
ENGINE *e = NULL;
|
||||
int i, r, ret = 1;
|
||||
int badopt;
|
||||
char *outfile = NULL;
|
||||
@ -30,6 +84,7 @@ int MAIN(int argc, char **argv)
|
||||
int base64 = 0;
|
||||
BIO *out = NULL;
|
||||
int num = -1;
|
||||
char *engine=NULL;
|
||||
|
||||
apps_startup();
|
||||
|
||||
@ -37,6 +92,9 @@ int MAIN(int argc, char **argv)
|
||||
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto err;
|
||||
|
||||
badopt = 0;
|
||||
i = 0;
|
||||
while (!badopt && argv[++i] != NULL)
|
||||
@ -48,6 +106,13 @@ int MAIN(int argc, char **argv)
|
||||
else
|
||||
badopt = 1;
|
||||
}
|
||||
else if (strcmp(argv[i], "-engine") == 0)
|
||||
{
|
||||
if ((argv[i+1] != NULL) && (engine == NULL))
|
||||
engine = argv[++i];
|
||||
else
|
||||
badopt = 1;
|
||||
}
|
||||
else if (strcmp(argv[i], "-rand") == 0)
|
||||
{
|
||||
if ((argv[i+1] != NULL) && (inrand == NULL))
|
||||
@ -84,12 +149,15 @@ int MAIN(int argc, char **argv)
|
||||
{
|
||||
BIO_printf(bio_err, "Usage: rand [options] num\n");
|
||||
BIO_printf(bio_err, "where options are\n");
|
||||
BIO_printf(bio_err, "-out file - write to file\n");
|
||||
BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
|
||||
BIO_printf(bio_err, "-base64 - encode output\n");
|
||||
BIO_printf(bio_err, "-out file - write to file\n");
|
||||
BIO_printf(bio_err, "-engine e - use engine e, possibly a hardware device.\n");
|
||||
BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
|
||||
BIO_printf(bio_err, "-base64 - encode output\n");
|
||||
goto err;
|
||||
}
|
||||
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
|
||||
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
|
||||
if (inrand != NULL)
|
||||
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
|
||||
@ -103,7 +171,7 @@ int MAIN(int argc, char **argv)
|
||||
else
|
||||
{
|
||||
r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
|
||||
#ifdef VMS
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -144,5 +212,6 @@ int MAIN(int argc, char **argv)
|
||||
ERR_print_errors(bio_err);
|
||||
if (out)
|
||||
BIO_free_all(out);
|
||||
EXIT(ret);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -56,7 +56,7 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
#ifndef NO_RSA
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
@ -79,6 +79,9 @@
|
||||
* -des - encrypt output if PEM format with DES in cbc mode
|
||||
* -des3 - encrypt output if PEM format
|
||||
* -idea - encrypt output if PEM format
|
||||
* -aes128 - encrypt output if PEM format
|
||||
* -aes192 - encrypt output if PEM format
|
||||
* -aes256 - encrypt output if PEM format
|
||||
* -text - print a text version
|
||||
* -modulus - print the RSA key modulus
|
||||
* -check - verify key consistency
|
||||
@ -90,16 +93,18 @@ int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
ENGINE *e = NULL;
|
||||
int ret=1;
|
||||
RSA *rsa=NULL;
|
||||
int i,badops=0, sgckey=0;
|
||||
const EVP_CIPHER *enc=NULL;
|
||||
BIO *in=NULL,*out=NULL;
|
||||
BIO *out=NULL;
|
||||
int informat,outformat,text=0,check=0,noout=0;
|
||||
int pubin = 0, pubout = 0;
|
||||
char *infile,*outfile,*prog;
|
||||
char *passargin = NULL, *passargout = NULL;
|
||||
char *passin = NULL, *passout = NULL;
|
||||
char *engine=NULL;
|
||||
int modulus=0;
|
||||
|
||||
apps_startup();
|
||||
@ -108,6 +113,9 @@ int MAIN(int argc, char **argv)
|
||||
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
infile=NULL;
|
||||
outfile=NULL;
|
||||
informat=FORMAT_PEM;
|
||||
@ -148,6 +156,11 @@ int MAIN(int argc, char **argv)
|
||||
if (--argc < 1) goto bad;
|
||||
passargout= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-engine") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
engine= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-sgckey") == 0)
|
||||
sgckey=1;
|
||||
else if (strcmp(*argv,"-pubin") == 0)
|
||||
@ -186,8 +199,12 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err," -passout arg output file pass phrase source\n");
|
||||
BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
|
||||
BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
|
||||
#ifndef NO_IDEA
|
||||
#ifndef OPENSSL_NO_IDEA
|
||||
BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n");
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_AES
|
||||
BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
|
||||
BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
|
||||
#endif
|
||||
BIO_printf(bio_err," -text print the key in text\n");
|
||||
BIO_printf(bio_err," -noout don't print key out\n");
|
||||
@ -195,11 +212,14 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err," -check verify key consistency\n");
|
||||
BIO_printf(bio_err," -pubin expect a public key in input file\n");
|
||||
BIO_printf(bio_err," -pubout output a public key\n");
|
||||
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
|
||||
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
|
||||
BIO_printf(bio_err, "Error getting passwords\n");
|
||||
goto end;
|
||||
@ -210,69 +230,29 @@ int MAIN(int argc, char **argv)
|
||||
goto end;
|
||||
}
|
||||
|
||||
in=BIO_new(BIO_s_file());
|
||||
out=BIO_new(BIO_s_file());
|
||||
if ((in == NULL) || (out == NULL))
|
||||
{
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (infile == NULL)
|
||||
BIO_set_fp(in,stdin,BIO_NOCLOSE);
|
||||
else
|
||||
{
|
||||
if (BIO_read_filename(in,infile) <= 0)
|
||||
{
|
||||
perror(infile);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
{
|
||||
EVP_PKEY *pkey;
|
||||
|
||||
BIO_printf(bio_err,"read RSA key\n");
|
||||
if (informat == FORMAT_ASN1) {
|
||||
if (pubin) rsa=d2i_RSA_PUBKEY_bio(in,NULL);
|
||||
else rsa=d2i_RSAPrivateKey_bio(in,NULL);
|
||||
if (pubin)
|
||||
pkey = load_pubkey(bio_err, infile,
|
||||
(informat == FORMAT_NETSCAPE && sgckey ?
|
||||
FORMAT_IISSGC : informat), 1,
|
||||
passin, e, "Public Key");
|
||||
else
|
||||
pkey = load_key(bio_err, infile,
|
||||
(informat == FORMAT_NETSCAPE && sgckey ?
|
||||
FORMAT_IISSGC : informat), 1,
|
||||
passin, e, "Private Key");
|
||||
|
||||
if (pkey != NULL)
|
||||
rsa = pkey == NULL ? NULL : EVP_PKEY_get1_RSA(pkey);
|
||||
EVP_PKEY_free(pkey);
|
||||
}
|
||||
#ifndef NO_RC4
|
||||
else if (informat == FORMAT_NETSCAPE)
|
||||
{
|
||||
BUF_MEM *buf=NULL;
|
||||
unsigned char *p;
|
||||
int size=0;
|
||||
|
||||
buf=BUF_MEM_new();
|
||||
for (;;)
|
||||
{
|
||||
if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10)))
|
||||
goto end;
|
||||
i=BIO_read(in,&(buf->data[size]),1024*10);
|
||||
size+=i;
|
||||
if (i == 0) break;
|
||||
if (i < 0)
|
||||
{
|
||||
perror("reading private key");
|
||||
BUF_MEM_free(buf);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
p=(unsigned char *)buf->data;
|
||||
rsa=d2i_RSA_NET(NULL,&p,(long)size,NULL, sgckey);
|
||||
BUF_MEM_free(buf);
|
||||
}
|
||||
#endif
|
||||
else if (informat == FORMAT_PEM) {
|
||||
if(pubin) rsa=PEM_read_bio_RSA_PUBKEY(in,NULL,NULL,NULL);
|
||||
else rsa=PEM_read_bio_RSAPrivateKey(in,NULL, NULL,passin);
|
||||
}
|
||||
else
|
||||
{
|
||||
BIO_printf(bio_err,"bad input format specified for key\n");
|
||||
goto end;
|
||||
}
|
||||
if (rsa == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"unable to load key\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
@ -280,7 +260,7 @@ int MAIN(int argc, char **argv)
|
||||
if (outfile == NULL)
|
||||
{
|
||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||
#ifdef VMS
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -319,14 +299,14 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(out,"RSA key ok\n");
|
||||
else if (r == 0)
|
||||
{
|
||||
long e;
|
||||
long err;
|
||||
|
||||
while ((e = ERR_peek_error()) != 0 &&
|
||||
ERR_GET_LIB(e) == ERR_LIB_RSA &&
|
||||
ERR_GET_FUNC(e) == RSA_F_RSA_CHECK_KEY &&
|
||||
ERR_GET_REASON(e) != ERR_R_MALLOC_FAILURE)
|
||||
while ((err = ERR_peek_error()) != 0 &&
|
||||
ERR_GET_LIB(err) == ERR_LIB_RSA &&
|
||||
ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY &&
|
||||
ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE)
|
||||
{
|
||||
BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(e));
|
||||
BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(err));
|
||||
ERR_get_error(); /* remove e from error stack */
|
||||
}
|
||||
}
|
||||
@ -348,7 +328,7 @@ int MAIN(int argc, char **argv)
|
||||
if(pubout || pubin) i=i2d_RSA_PUBKEY_bio(out,rsa);
|
||||
else i=i2d_RSAPrivateKey_bio(out,rsa);
|
||||
}
|
||||
#ifndef NO_RC4
|
||||
#ifndef OPENSSL_NO_RC4
|
||||
else if (outformat == FORMAT_NETSCAPE)
|
||||
{
|
||||
unsigned char *p,*pp;
|
||||
@ -384,14 +364,14 @@ int MAIN(int argc, char **argv)
|
||||
else
|
||||
ret=0;
|
||||
end:
|
||||
if(in != NULL) BIO_free(in);
|
||||
if(out != NULL) BIO_free_all(out);
|
||||
if(rsa != NULL) RSA_free(rsa);
|
||||
if(passin) OPENSSL_free(passin);
|
||||
if(passout) OPENSSL_free(passout);
|
||||
EXIT(ret);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
#else /* !NO_RSA */
|
||||
#else /* !OPENSSL_NO_RSA */
|
||||
|
||||
# if PEDANTIC
|
||||
static void *dummy=&dummy;
|
||||
|
@ -56,7 +56,7 @@
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef NO_RSA
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
|
||||
#include "apps.h"
|
||||
#include <string.h>
|
||||
@ -82,8 +82,10 @@ int MAIN(int argc, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
ENGINE *e = NULL;
|
||||
BIO *in = NULL, *out = NULL;
|
||||
char *infile = NULL, *outfile = NULL;
|
||||
char *engine = NULL;
|
||||
char *keyfile = NULL;
|
||||
char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
|
||||
int keyform = FORMAT_PEM;
|
||||
@ -102,6 +104,9 @@ int MAIN(int argc, char **argv)
|
||||
argv++;
|
||||
|
||||
if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
ERR_load_crypto_strings();
|
||||
OpenSSL_add_all_algorithms();
|
||||
pad = RSA_PKCS1_PADDING;
|
||||
@ -117,6 +122,12 @@ int MAIN(int argc, char **argv)
|
||||
} else if(!strcmp(*argv, "-inkey")) {
|
||||
if (--argc < 1) badarg = 1;
|
||||
keyfile = *(++argv);
|
||||
} else if (strcmp(*argv,"-keyform") == 0) {
|
||||
if (--argc < 1) badarg = 1;
|
||||
keyform=str2fmt(*(++argv));
|
||||
} else if(!strcmp(*argv, "-engine")) {
|
||||
if (--argc < 1) badarg = 1;
|
||||
engine = *(++argv);
|
||||
} else if(!strcmp(*argv, "-pubin")) {
|
||||
key_type = KEY_PUBKEY;
|
||||
} else if(!strcmp(*argv, "-certin")) {
|
||||
@ -151,20 +162,25 @@ int MAIN(int argc, char **argv)
|
||||
goto end;
|
||||
}
|
||||
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
|
||||
/* FIXME: seed PRNG only if needed */
|
||||
app_RAND_load_file(NULL, bio_err, 0);
|
||||
|
||||
switch(key_type) {
|
||||
case KEY_PRIVKEY:
|
||||
pkey = load_key(bio_err, keyfile, keyform, NULL);
|
||||
pkey = load_key(bio_err, keyfile, keyform, 0,
|
||||
NULL, e, "Private Key");
|
||||
break;
|
||||
|
||||
case KEY_PUBKEY:
|
||||
pkey = load_pubkey(bio_err, keyfile, keyform);
|
||||
pkey = load_pubkey(bio_err, keyfile, keyform, 0,
|
||||
NULL, e, "Public Key");
|
||||
break;
|
||||
|
||||
case KEY_CERT:
|
||||
x = load_cert(bio_err, keyfile, keyform);
|
||||
x = load_cert(bio_err, keyfile, keyform,
|
||||
NULL, e, "Certificate");
|
||||
if(x) {
|
||||
pkey = X509_get_pubkey(x);
|
||||
X509_free(x);
|
||||
@ -173,7 +189,6 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
|
||||
if(!pkey) {
|
||||
BIO_printf(bio_err, "Error loading key\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -203,7 +218,7 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
} else {
|
||||
out = BIO_new_fp(stdout, BIO_NOCLOSE);
|
||||
#ifdef VMS
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -278,6 +293,7 @@ static void usage()
|
||||
BIO_printf(bio_err, "-in file input file\n");
|
||||
BIO_printf(bio_err, "-out file output file\n");
|
||||
BIO_printf(bio_err, "-inkey file input key\n");
|
||||
BIO_printf(bio_err, "-keyform arg private key format - default PEM\n");
|
||||
BIO_printf(bio_err, "-pubin input is an RSA public\n");
|
||||
BIO_printf(bio_err, "-certin input is a certificate carrying an RSA public key\n");
|
||||
BIO_printf(bio_err, "-ssl use SSL v2 padding\n");
|
||||
@ -289,6 +305,8 @@ static void usage()
|
||||
BIO_printf(bio_err, "-encrypt encrypt with public key\n");
|
||||
BIO_printf(bio_err, "-decrypt decrypt with private key\n");
|
||||
BIO_printf(bio_err, "-hexdump hex dump output\n");
|
||||
BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
|
||||
|
||||
}
|
||||
|
||||
#endif
|
||||
|
@ -55,9 +55,64 @@
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
|
||||
#include <sys/types.h>
|
||||
#if (defined(VMS) || defined(__VMS)) && !defined(FD_SET)
|
||||
#include <openssl/opensslconf.h>
|
||||
|
||||
#if defined(OPENSSL_SYS_VMS) && !defined(FD_SET)
|
||||
/* VAX C does not defined fd_set and friends, but it's actually quite simple */
|
||||
/* These definitions are borrowed from SOCKETSHR. /Richard Levitte */
|
||||
#define MAX_NOFILE 32
|
||||
@ -87,13 +142,9 @@ typedef fd_mask fd_set;
|
||||
int do_server(int port, int *ret, int (*cb) (), char *context);
|
||||
#ifdef HEADER_X509_H
|
||||
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
|
||||
#else
|
||||
int MS_CALLBACK verify_callback(int ok, char *ctx);
|
||||
#endif
|
||||
#ifdef HEADER_SSL_H
|
||||
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
|
||||
#else
|
||||
int set_cert_stuff(char *ctx, char *cert_file, char *key_file);
|
||||
#endif
|
||||
int init_client(int *sock, char *server, int port);
|
||||
int should_retry(int i);
|
||||
@ -104,8 +155,6 @@ long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp,
|
||||
int argi, long argl, long ret);
|
||||
|
||||
#ifdef HEADER_SSL_H
|
||||
void MS_CALLBACK apps_ssl_info_callback(SSL *s, int where, int ret);
|
||||
#else
|
||||
void MS_CALLBACK apps_ssl_info_callback(char *s, int where, int ret);
|
||||
void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret);
|
||||
void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
|
||||
#endif
|
||||
|
||||
|
@ -55,6 +55,59 @@
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
@ -81,7 +134,7 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
|
||||
err= X509_STORE_CTX_get_error(ctx);
|
||||
depth= X509_STORE_CTX_get_error_depth(ctx);
|
||||
|
||||
X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
|
||||
X509_NAME_oneline(X509_get_subject_name(err_cert),buf,sizeof buf);
|
||||
BIO_printf(bio_err,"depth=%d %s\n",depth,buf);
|
||||
if (!ok)
|
||||
{
|
||||
@ -101,7 +154,7 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
|
||||
switch (ctx->error)
|
||||
{
|
||||
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
|
||||
X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256);
|
||||
X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,sizeof buf);
|
||||
BIO_printf(bio_err,"issuer= %s\n",buf);
|
||||
break;
|
||||
case X509_V_ERR_CERT_NOT_YET_VALID:
|
||||
@ -200,7 +253,7 @@ long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi,
|
||||
return(ret);
|
||||
}
|
||||
|
||||
void MS_CALLBACK apps_ssl_info_callback(SSL *s, int where, int ret)
|
||||
void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret)
|
||||
{
|
||||
char *str;
|
||||
int w;
|
||||
@ -236,3 +289,261 @@ void MS_CALLBACK apps_ssl_info_callback(SSL *s, int where, int ret)
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
|
||||
{
|
||||
BIO *bio = arg;
|
||||
const char *str_write_p, *str_version, *str_content_type = "", *str_details1 = "", *str_details2= "";
|
||||
|
||||
str_write_p = write_p ? ">>>" : "<<<";
|
||||
|
||||
switch (version)
|
||||
{
|
||||
case SSL2_VERSION:
|
||||
str_version = "SSL 2.0";
|
||||
break;
|
||||
case SSL3_VERSION:
|
||||
str_version = "SSL 3.0 ";
|
||||
break;
|
||||
case TLS1_VERSION:
|
||||
str_version = "TLS 1.0 ";
|
||||
break;
|
||||
default:
|
||||
str_version = "???";
|
||||
}
|
||||
|
||||
if (version == SSL2_VERSION)
|
||||
{
|
||||
str_details1 = "???";
|
||||
|
||||
if (len > 0)
|
||||
{
|
||||
switch (((unsigned char*)buf)[0])
|
||||
{
|
||||
case 0:
|
||||
str_details1 = ", ERROR:";
|
||||
str_details2 = " ???";
|
||||
if (len >= 3)
|
||||
{
|
||||
unsigned err = (((unsigned char*)buf)[1]<<8) + ((unsigned char*)buf)[2];
|
||||
|
||||
switch (err)
|
||||
{
|
||||
case 0x0001:
|
||||
str_details2 = " NO-CIPHER-ERROR";
|
||||
break;
|
||||
case 0x0002:
|
||||
str_details2 = " NO-CERTIFICATE-ERROR";
|
||||
break;
|
||||
case 0x0004:
|
||||
str_details2 = " BAD-CERTIFICATE-ERROR";
|
||||
break;
|
||||
case 0x0006:
|
||||
str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR";
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
break;
|
||||
case 1:
|
||||
str_details1 = ", CLIENT-HELLO";
|
||||
break;
|
||||
case 2:
|
||||
str_details1 = ", CLIENT-MASTER-KEY";
|
||||
break;
|
||||
case 3:
|
||||
str_details1 = ", CLIENT-FINISHED";
|
||||
break;
|
||||
case 4:
|
||||
str_details1 = ", SERVER-HELLO";
|
||||
break;
|
||||
case 5:
|
||||
str_details1 = ", SERVER-VERIFY";
|
||||
break;
|
||||
case 6:
|
||||
str_details1 = ", SERVER-FINISHED";
|
||||
break;
|
||||
case 7:
|
||||
str_details1 = ", REQUEST-CERTIFICATE";
|
||||
break;
|
||||
case 8:
|
||||
str_details1 = ", CLIENT-CERTIFICATE";
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (version == SSL3_VERSION || version == TLS1_VERSION)
|
||||
{
|
||||
switch (content_type)
|
||||
{
|
||||
case 20:
|
||||
str_content_type = "ChangeCipherSpec";
|
||||
break;
|
||||
case 21:
|
||||
str_content_type = "Alert";
|
||||
break;
|
||||
case 22:
|
||||
str_content_type = "Handshake";
|
||||
break;
|
||||
}
|
||||
|
||||
if (content_type == 21) /* Alert */
|
||||
{
|
||||
str_details1 = ", ???";
|
||||
|
||||
if (len == 2)
|
||||
{
|
||||
switch (((unsigned char*)buf)[0])
|
||||
{
|
||||
case 1:
|
||||
str_details1 = ", warning";
|
||||
break;
|
||||
case 2:
|
||||
str_details1 = ", fatal";
|
||||
break;
|
||||
}
|
||||
|
||||
str_details2 = " ???";
|
||||
switch (((unsigned char*)buf)[1])
|
||||
{
|
||||
case 0:
|
||||
str_details2 = " close_notify";
|
||||
break;
|
||||
case 10:
|
||||
str_details2 = " unexpected_message";
|
||||
break;
|
||||
case 20:
|
||||
str_details2 = " bad_record_mac";
|
||||
break;
|
||||
case 21:
|
||||
str_details2 = " decryption_failed";
|
||||
break;
|
||||
case 22:
|
||||
str_details2 = " record_overflow";
|
||||
break;
|
||||
case 30:
|
||||
str_details2 = " decompression_failure";
|
||||
break;
|
||||
case 40:
|
||||
str_details2 = " handshake_failure";
|
||||
break;
|
||||
case 42:
|
||||
str_details2 = " bad_certificate";
|
||||
break;
|
||||
case 43:
|
||||
str_details2 = " unsupported_certificate";
|
||||
break;
|
||||
case 44:
|
||||
str_details2 = " certificate_revoked";
|
||||
break;
|
||||
case 45:
|
||||
str_details2 = " certificate_expired";
|
||||
break;
|
||||
case 46:
|
||||
str_details2 = " certificate_unknown";
|
||||
break;
|
||||
case 47:
|
||||
str_details2 = " illegal_parameter";
|
||||
break;
|
||||
case 48:
|
||||
str_details2 = " unknown_ca";
|
||||
break;
|
||||
case 49:
|
||||
str_details2 = " access_denied";
|
||||
break;
|
||||
case 50:
|
||||
str_details2 = " decode_error";
|
||||
break;
|
||||
case 51:
|
||||
str_details2 = " decrypt_error";
|
||||
break;
|
||||
case 60:
|
||||
str_details2 = " export_restriction";
|
||||
break;
|
||||
case 70:
|
||||
str_details2 = " protocol_version";
|
||||
break;
|
||||
case 71:
|
||||
str_details2 = " insufficient_security";
|
||||
break;
|
||||
case 80:
|
||||
str_details2 = " internal_error";
|
||||
break;
|
||||
case 90:
|
||||
str_details2 = " user_canceled";
|
||||
break;
|
||||
case 100:
|
||||
str_details2 = " no_renegotiation";
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (content_type == 22) /* Handshake */
|
||||
{
|
||||
str_details1 = "???";
|
||||
|
||||
if (len > 0)
|
||||
{
|
||||
switch (((unsigned char*)buf)[0])
|
||||
{
|
||||
case 0:
|
||||
str_details1 = ", HelloRequest";
|
||||
break;
|
||||
case 1:
|
||||
str_details1 = ", ClientHello";
|
||||
break;
|
||||
case 2:
|
||||
str_details1 = ", ServerHello";
|
||||
break;
|
||||
case 11:
|
||||
str_details1 = ", Certificate";
|
||||
break;
|
||||
case 12:
|
||||
str_details1 = ", ServerKeyExchange";
|
||||
break;
|
||||
case 13:
|
||||
str_details1 = ", CertificateRequest";
|
||||
break;
|
||||
case 14:
|
||||
str_details1 = ", ServerHelloDone";
|
||||
break;
|
||||
case 15:
|
||||
str_details1 = ", CertificateVerify";
|
||||
break;
|
||||
case 16:
|
||||
str_details1 = ", ClientKeyExchange";
|
||||
break;
|
||||
case 20:
|
||||
str_details1 = ", Finished";
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, str_content_type, (unsigned long)len, str_details1, str_details2);
|
||||
|
||||
if (len > 0)
|
||||
{
|
||||
size_t num, i;
|
||||
|
||||
BIO_printf(bio, " ");
|
||||
num = len;
|
||||
#if 0
|
||||
if (num > 16)
|
||||
num = 16;
|
||||
#endif
|
||||
for (i = 0; i < num; i++)
|
||||
{
|
||||
if (i % 16 == 0 && i > 0)
|
||||
BIO_printf(bio, "\n ");
|
||||
BIO_printf(bio, " %02x", ((unsigned char*)buf)[i]);
|
||||
}
|
||||
if (i < len)
|
||||
BIO_printf(bio, " ...");
|
||||
BIO_printf(bio, "\n");
|
||||
}
|
||||
BIO_flush(bio);
|
||||
}
|
||||
|
@ -55,12 +55,66 @@
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
|
||||
#include <assert.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#ifdef NO_STDIO
|
||||
#include <openssl/e_os2.h>
|
||||
#ifdef OPENSSL_NO_STDIO
|
||||
#define APPS_WIN16
|
||||
#endif
|
||||
|
||||
@ -68,7 +122,7 @@
|
||||
recursive header file inclusion, resulting in the compiler complaining
|
||||
that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
|
||||
is needed to have fileno() declared correctly... So let's define u_int */
|
||||
#if defined(VMS) && defined(__DECC) && !defined(__U_INT)
|
||||
#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
|
||||
#define __U_INT
|
||||
typedef unsigned int u_int;
|
||||
#endif
|
||||
@ -82,12 +136,20 @@ typedef unsigned int u_int;
|
||||
#include <openssl/rand.h>
|
||||
#include "s_apps.h"
|
||||
|
||||
#ifdef WINDOWS
|
||||
#ifdef OPENSSL_SYS_WINDOWS
|
||||
#include <conio.h>
|
||||
#endif
|
||||
|
||||
#ifdef OPENSSL_SYS_WINCE
|
||||
/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
|
||||
#ifdef fileno
|
||||
#undef fileno
|
||||
#endif
|
||||
#define fileno(a) (int)_fileno(a)
|
||||
#endif
|
||||
|
||||
#if (defined(VMS) && __VMS_VER < 70000000)
|
||||
|
||||
#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
|
||||
/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
|
||||
#undef FIONBIO
|
||||
#endif
|
||||
@ -112,6 +174,7 @@ static int c_nbio=0;
|
||||
#endif
|
||||
static int c_Pause=0;
|
||||
static int c_debug=0;
|
||||
static int c_msg=0;
|
||||
static int c_showcerts=0;
|
||||
|
||||
static void sc_usage(void);
|
||||
@ -138,6 +201,7 @@ static void sc_usage(void)
|
||||
BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n");
|
||||
BIO_printf(bio_err," -showcerts - show all certificates in the chain\n");
|
||||
BIO_printf(bio_err," -debug - extra output\n");
|
||||
BIO_printf(bio_err," -msg - Show protocol messages\n");
|
||||
BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n");
|
||||
BIO_printf(bio_err," -state - print the 'ssl' states\n");
|
||||
#ifdef FIONBIO
|
||||
@ -151,8 +215,14 @@ static void sc_usage(void)
|
||||
BIO_printf(bio_err," -tls1 - just use TLSv1\n");
|
||||
BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
|
||||
BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n");
|
||||
BIO_printf(bio_err," -serverpref - Use server's cipher preferences (only SSLv2)\n");
|
||||
BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n");
|
||||
BIO_printf(bio_err," command to see what is available\n");
|
||||
BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");
|
||||
BIO_printf(bio_err," for those protocols that support it, where\n");
|
||||
BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n");
|
||||
BIO_printf(bio_err," only \"smtp\" is supported.\n");
|
||||
BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
|
||||
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
|
||||
|
||||
}
|
||||
@ -163,8 +233,9 @@ int MAIN(int argc, char **argv)
|
||||
{
|
||||
int off=0;
|
||||
SSL *con=NULL,*con2=NULL;
|
||||
X509_STORE *store = NULL;
|
||||
int s,k,width,state=0;
|
||||
char *cbuf=NULL,*sbuf=NULL;
|
||||
char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL;
|
||||
int cbuf_len,cbuf_off;
|
||||
int sbuf_len,sbuf_off;
|
||||
fd_set readfds,writefds;
|
||||
@ -178,19 +249,22 @@ int MAIN(int argc, char **argv)
|
||||
int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
|
||||
SSL_CTX *ctx=NULL;
|
||||
int ret=1,in_init=1,i,nbio_test=0;
|
||||
int prexit = 0;
|
||||
int smtp_starttls = 0;
|
||||
int prexit = 0, vflags = 0;
|
||||
SSL_METHOD *meth=NULL;
|
||||
BIO *sbio;
|
||||
char *inrand=NULL;
|
||||
#ifdef WINDOWS
|
||||
char *engine_id=NULL;
|
||||
ENGINE *e=NULL;
|
||||
#ifdef OPENSSL_SYS_WINDOWS
|
||||
struct timeval tv;
|
||||
#endif
|
||||
|
||||
#if !defined(NO_SSL2) && !defined(NO_SSL3)
|
||||
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
|
||||
meth=SSLv23_client_method();
|
||||
#elif !defined(NO_SSL3)
|
||||
#elif !defined(OPENSSL_NO_SSL3)
|
||||
meth=SSLv3_client_method();
|
||||
#elif !defined(NO_SSL2)
|
||||
#elif !defined(OPENSSL_NO_SSL2)
|
||||
meth=SSLv2_client_method();
|
||||
#endif
|
||||
|
||||
@ -199,13 +273,18 @@ int MAIN(int argc, char **argv)
|
||||
c_quiet=0;
|
||||
c_ign_eof=0;
|
||||
c_debug=0;
|
||||
c_msg=0;
|
||||
c_showcerts=0;
|
||||
|
||||
if (bio_err == NULL)
|
||||
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
if ( ((cbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
|
||||
((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL))
|
||||
((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
|
||||
((mbuf=OPENSSL_malloc(BUFSIZZ)) == NULL))
|
||||
{
|
||||
BIO_printf(bio_err,"out of memory\n");
|
||||
goto end;
|
||||
@ -250,6 +329,10 @@ int MAIN(int argc, char **argv)
|
||||
if (--argc < 1) goto bad;
|
||||
cert_file= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-crl_check") == 0)
|
||||
vflags |= X509_V_FLAG_CRL_CHECK;
|
||||
else if (strcmp(*argv,"-crl_check_all") == 0)
|
||||
vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
|
||||
else if (strcmp(*argv,"-prexit") == 0)
|
||||
prexit=1;
|
||||
else if (strcmp(*argv,"-crlf") == 0)
|
||||
@ -265,21 +348,23 @@ int MAIN(int argc, char **argv)
|
||||
c_Pause=1;
|
||||
else if (strcmp(*argv,"-debug") == 0)
|
||||
c_debug=1;
|
||||
else if (strcmp(*argv,"-msg") == 0)
|
||||
c_msg=1;
|
||||
else if (strcmp(*argv,"-showcerts") == 0)
|
||||
c_showcerts=1;
|
||||
else if (strcmp(*argv,"-nbio_test") == 0)
|
||||
nbio_test=1;
|
||||
else if (strcmp(*argv,"-state") == 0)
|
||||
state=1;
|
||||
#ifndef NO_SSL2
|
||||
#ifndef OPENSSL_NO_SSL2
|
||||
else if (strcmp(*argv,"-ssl2") == 0)
|
||||
meth=SSLv2_client_method();
|
||||
#endif
|
||||
#ifndef NO_SSL3
|
||||
#ifndef OPENSSL_NO_SSL3
|
||||
else if (strcmp(*argv,"-ssl3") == 0)
|
||||
meth=SSLv3_client_method();
|
||||
#endif
|
||||
#ifndef NO_TLS1
|
||||
#ifndef OPENSSL_NO_TLS1
|
||||
else if (strcmp(*argv,"-tls1") == 0)
|
||||
meth=TLSv1_client_method();
|
||||
#endif
|
||||
@ -310,6 +395,8 @@ int MAIN(int argc, char **argv)
|
||||
off|=SSL_OP_NO_SSLv3;
|
||||
else if (strcmp(*argv,"-no_ssl2") == 0)
|
||||
off|=SSL_OP_NO_SSLv2;
|
||||
else if (strcmp(*argv,"-serverpref") == 0)
|
||||
off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
|
||||
else if (strcmp(*argv,"-cipher") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
@ -319,6 +406,20 @@ int MAIN(int argc, char **argv)
|
||||
else if (strcmp(*argv,"-nbio") == 0)
|
||||
{ c_nbio=1; }
|
||||
#endif
|
||||
else if (strcmp(*argv,"-starttls") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
++argv;
|
||||
if (strcmp(*argv,"smtp") == 0)
|
||||
smtp_starttls = 1;
|
||||
else
|
||||
goto bad;
|
||||
}
|
||||
else if (strcmp(*argv,"-engine") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
engine_id = *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-rand") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
@ -340,6 +441,11 @@ int MAIN(int argc, char **argv)
|
||||
goto end;
|
||||
}
|
||||
|
||||
OpenSSL_add_ssl_algorithms();
|
||||
SSL_load_error_strings();
|
||||
|
||||
e = setup_engine(bio_err, engine_id, 1);
|
||||
|
||||
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
|
||||
&& !RAND_status())
|
||||
{
|
||||
@ -351,7 +457,7 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
if (bio_c_out == NULL)
|
||||
{
|
||||
if (c_quiet)
|
||||
if (c_quiet && !c_debug && !c_msg)
|
||||
{
|
||||
bio_c_out=BIO_new(BIO_s_null());
|
||||
}
|
||||
@ -362,8 +468,6 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
}
|
||||
|
||||
OpenSSL_add_ssl_algorithms();
|
||||
SSL_load_error_strings();
|
||||
ctx=SSL_CTX_new(meth);
|
||||
if (ctx == NULL)
|
||||
{
|
||||
@ -400,8 +504,16 @@ int MAIN(int argc, char **argv)
|
||||
/* goto end; */
|
||||
}
|
||||
|
||||
store = SSL_CTX_get_cert_store(ctx);
|
||||
X509_STORE_set_flags(store, vflags);
|
||||
|
||||
con=SSL_new(ctx);
|
||||
#ifndef OPENSSL_NO_KRB5
|
||||
if (con && (con->kssl_ctx = kssl_ctx_new()) != NULL)
|
||||
{
|
||||
kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVER, host);
|
||||
}
|
||||
#endif /* OPENSSL_NO_KRB5 */
|
||||
/* SSL_set_cipher_list(con,"RC4-MD5"); */
|
||||
|
||||
re_start:
|
||||
@ -443,6 +555,11 @@ int MAIN(int argc, char **argv)
|
||||
BIO_set_callback(sbio,bio_dump_cb);
|
||||
BIO_set_callback_arg(sbio,bio_c_out);
|
||||
}
|
||||
if (c_msg)
|
||||
{
|
||||
SSL_set_msg_callback(con, msg_cb);
|
||||
SSL_set_msg_callback_arg(con, bio_c_out);
|
||||
}
|
||||
|
||||
SSL_set_bio(con,sbio,sbio);
|
||||
SSL_set_connect_state(con);
|
||||
@ -461,6 +578,14 @@ int MAIN(int argc, char **argv)
|
||||
sbuf_len=0;
|
||||
sbuf_off=0;
|
||||
|
||||
/* This is an ugly hack that does a lot of assumptions */
|
||||
if (smtp_starttls)
|
||||
{
|
||||
BIO_read(sbio,mbuf,BUFSIZZ);
|
||||
BIO_printf(sbio,"STARTTLS\r\n");
|
||||
BIO_read(sbio,sbuf,BUFSIZZ);
|
||||
}
|
||||
|
||||
for (;;)
|
||||
{
|
||||
FD_ZERO(&readfds);
|
||||
@ -480,6 +605,13 @@ int MAIN(int argc, char **argv)
|
||||
print_stuff(bio_c_out,con,full_log);
|
||||
if (full_log > 0) full_log--;
|
||||
|
||||
if (smtp_starttls)
|
||||
{
|
||||
BIO_printf(bio_err,"%s",mbuf);
|
||||
/* We don't need to know any more */
|
||||
smtp_starttls = 0;
|
||||
}
|
||||
|
||||
if (reconnect)
|
||||
{
|
||||
reconnect--;
|
||||
@ -496,7 +628,7 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
if (!ssl_pending)
|
||||
{
|
||||
#ifndef WINDOWS
|
||||
#ifndef OPENSSL_SYS_WINDOWS
|
||||
if (tty_on)
|
||||
{
|
||||
if (read_tty) FD_SET(fileno(stdin),&readfds);
|
||||
@ -523,7 +655,7 @@ int MAIN(int argc, char **argv)
|
||||
* will choke the compiler: if you do have a cast then
|
||||
* you can either go for (int *) or (void *).
|
||||
*/
|
||||
#ifdef WINDOWS
|
||||
#ifdef OPENSSL_SYS_WINDOWS
|
||||
/* Under Windows we make the assumption that we can
|
||||
* always write to the tty: therefore if we need to
|
||||
* write to the tty we just fall through. Otherwise
|
||||
@ -538,7 +670,11 @@ int MAIN(int argc, char **argv)
|
||||
tv.tv_usec = 0;
|
||||
i=select(width,(void *)&readfds,(void *)&writefds,
|
||||
NULL,&tv);
|
||||
#ifdef OPENSSL_SYS_WINCE
|
||||
if(!i && (!_kbhit() || !read_tty) ) continue;
|
||||
#else
|
||||
if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue;
|
||||
#endif
|
||||
} else i=select(width,(void *)&readfds,(void *)&writefds,
|
||||
NULL,NULL);
|
||||
}
|
||||
@ -622,8 +758,8 @@ int MAIN(int argc, char **argv)
|
||||
goto shut;
|
||||
}
|
||||
}
|
||||
#ifdef WINDOWS
|
||||
/* Assume Windows can always write */
|
||||
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
|
||||
/* Assume Windows/DOS can always write */
|
||||
else if (!ssl_pending && write_tty)
|
||||
#else
|
||||
else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds))
|
||||
@ -703,8 +839,12 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef WINDOWS
|
||||
#ifdef OPENSSL_SYS_WINDOWS
|
||||
#ifdef OPENSSL_SYS_WINCE
|
||||
else if (_kbhit())
|
||||
#else
|
||||
else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
|
||||
#endif
|
||||
#else
|
||||
else if (FD_ISSET(fileno(stdin),&readfds))
|
||||
#endif
|
||||
@ -768,14 +908,16 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
|
||||
if (con != NULL) SSL_free(con);
|
||||
if (con2 != NULL) SSL_free(con2);
|
||||
if (ctx != NULL) SSL_CTX_free(ctx);
|
||||
if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); OPENSSL_free(cbuf); }
|
||||
if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); OPENSSL_free(sbuf); }
|
||||
if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
|
||||
if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
|
||||
if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }
|
||||
if (bio_c_out != NULL)
|
||||
{
|
||||
BIO_free(bio_c_out);
|
||||
bio_c_out=NULL;
|
||||
}
|
||||
EXIT(ret);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
|
||||
@ -804,10 +946,10 @@ static void print_stuff(BIO *bio, SSL *s, int full)
|
||||
for (i=0; i<sk_X509_num(sk); i++)
|
||||
{
|
||||
X509_NAME_oneline(X509_get_subject_name(
|
||||
sk_X509_value(sk,i)),buf,BUFSIZ);
|
||||
sk_X509_value(sk,i)),buf,sizeof buf);
|
||||
BIO_printf(bio,"%2d s:%s\n",i,buf);
|
||||
X509_NAME_oneline(X509_get_issuer_name(
|
||||
sk_X509_value(sk,i)),buf,BUFSIZ);
|
||||
sk_X509_value(sk,i)),buf,sizeof buf);
|
||||
BIO_printf(bio," i:%s\n",buf);
|
||||
if (c_showcerts)
|
||||
PEM_write_bio_X509(bio,sk_X509_value(sk,i));
|
||||
@ -822,10 +964,10 @@ static void print_stuff(BIO *bio, SSL *s, int full)
|
||||
if (!(c_showcerts && got_a_chain)) /* Redundant if we showed the whole chain */
|
||||
PEM_write_bio_X509(bio,peer);
|
||||
X509_NAME_oneline(X509_get_subject_name(peer),
|
||||
buf,BUFSIZ);
|
||||
buf,sizeof buf);
|
||||
BIO_printf(bio,"subject=%s\n",buf);
|
||||
X509_NAME_oneline(X509_get_issuer_name(peer),
|
||||
buf,BUFSIZ);
|
||||
buf,sizeof buf);
|
||||
BIO_printf(bio,"issuer=%s\n",buf);
|
||||
}
|
||||
else
|
||||
@ -847,7 +989,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
|
||||
{
|
||||
BIO_printf(bio,"---\nNo client certificate CA names sent\n");
|
||||
}
|
||||
p=SSL_get_shared_ciphers(s,buf,BUFSIZ);
|
||||
p=SSL_get_shared_ciphers(s,buf,sizeof buf);
|
||||
if (p != NULL)
|
||||
{
|
||||
/* This works only for SSL 2. In later protocol
|
||||
|
@ -55,6 +55,59 @@
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
|
||||
#include <assert.h>
|
||||
#include <stdio.h>
|
||||
@ -62,7 +115,8 @@
|
||||
#include <string.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#ifdef NO_STDIO
|
||||
#include <openssl/e_os2.h>
|
||||
#ifdef OPENSSL_NO_STDIO
|
||||
#define APPS_WIN16
|
||||
#endif
|
||||
|
||||
@ -70,7 +124,7 @@
|
||||
recursive header file inclusion, resulting in the compiler complaining
|
||||
that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
|
||||
is needed to have fileno() declared correctly... So let's define u_int */
|
||||
#if defined(VMS) && defined(__DECC) && !defined(__U_INT)
|
||||
#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
|
||||
#define __U_INT
|
||||
typedef unsigned int u_int;
|
||||
#endif
|
||||
@ -86,16 +140,24 @@ typedef unsigned int u_int;
|
||||
#include <openssl/rand.h>
|
||||
#include "s_apps.h"
|
||||
|
||||
#ifdef WINDOWS
|
||||
#ifdef OPENSSL_SYS_WINDOWS
|
||||
#include <conio.h>
|
||||
#endif
|
||||
|
||||
#if (defined(VMS) && __VMS_VER < 70000000)
|
||||
#ifdef OPENSSL_SYS_WINCE
|
||||
/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
|
||||
#ifdef fileno
|
||||
#undef fileno
|
||||
#endif
|
||||
#define fileno(a) (int)_fileno(a)
|
||||
#endif
|
||||
|
||||
#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
|
||||
/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
|
||||
#undef FIONBIO
|
||||
#endif
|
||||
|
||||
#ifndef NO_RSA
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
|
||||
#endif
|
||||
static int sv_body(char *hostname, int s, unsigned char *context);
|
||||
@ -104,7 +166,9 @@ static void close_accept_socket(void );
|
||||
static void sv_usage(void);
|
||||
static int init_ssl_connection(SSL *s);
|
||||
static void print_stats(BIO *bp,SSL_CTX *ctx);
|
||||
#ifndef NO_DH
|
||||
static int generate_session_id(const SSL *ssl, unsigned char *id,
|
||||
unsigned int *id_len);
|
||||
#ifndef OPENSSL_NO_DH
|
||||
static DH *load_dh_param(char *dhfile);
|
||||
static DH *get_dh512(void);
|
||||
#endif
|
||||
@ -120,7 +184,7 @@ static void s_server_init(void);
|
||||
# endif
|
||||
#endif
|
||||
|
||||
#ifndef NO_DH
|
||||
#ifndef OPENSSL_NO_DH
|
||||
static unsigned char dh512_p[]={
|
||||
0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
|
||||
0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
|
||||
@ -174,9 +238,12 @@ static int www=0;
|
||||
|
||||
static BIO *bio_s_out=NULL;
|
||||
static int s_debug=0;
|
||||
static int s_msg=0;
|
||||
static int s_quiet=0;
|
||||
|
||||
static int hack=0;
|
||||
static char *engine_id=NULL;
|
||||
static const char *session_id_prefix=NULL;
|
||||
|
||||
#ifdef MONOLITH
|
||||
static void s_server_init(void)
|
||||
@ -197,8 +264,10 @@ static void s_server_init(void)
|
||||
|
||||
bio_s_out=NULL;
|
||||
s_debug=0;
|
||||
s_msg=0;
|
||||
s_quiet=0;
|
||||
hack=0;
|
||||
engine_id=NULL;
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -224,11 +293,13 @@ static void sv_usage(void)
|
||||
BIO_printf(bio_err," -nbio_test - test with the non-blocking test bio\n");
|
||||
BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n");
|
||||
BIO_printf(bio_err," -debug - Print more output\n");
|
||||
BIO_printf(bio_err," -msg - Show protocol messages\n");
|
||||
BIO_printf(bio_err," -state - Print the SSL states\n");
|
||||
BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
|
||||
BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
|
||||
BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n");
|
||||
BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n");
|
||||
BIO_printf(bio_err," -serverpref - Use server's cipher preferences\n");
|
||||
BIO_printf(bio_err," -quiet - No server output\n");
|
||||
BIO_printf(bio_err," -no_tmp_rsa - Do not generate a tmp RSA key\n");
|
||||
BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n");
|
||||
@ -237,12 +308,16 @@ static void sv_usage(void)
|
||||
BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n");
|
||||
BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n");
|
||||
BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n");
|
||||
#ifndef NO_DH
|
||||
#ifndef OPENSSL_NO_DH
|
||||
BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n");
|
||||
#endif
|
||||
BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n");
|
||||
BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n");
|
||||
BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
|
||||
BIO_printf(bio_err," -HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
|
||||
BIO_printf(bio_err," with the assumption it contains a complete HTTP response.\n");
|
||||
BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
|
||||
BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");
|
||||
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
|
||||
}
|
||||
|
||||
@ -253,10 +328,10 @@ static char **local_argv;
|
||||
static int ebcdic_new(BIO *bi);
|
||||
static int ebcdic_free(BIO *a);
|
||||
static int ebcdic_read(BIO *b, char *out, int outl);
|
||||
static int ebcdic_write(BIO *b, char *in, int inl);
|
||||
static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr);
|
||||
static int ebcdic_write(BIO *b, const char *in, int inl);
|
||||
static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr);
|
||||
static int ebcdic_gets(BIO *bp, char *buf, int size);
|
||||
static int ebcdic_puts(BIO *bp, char *str);
|
||||
static int ebcdic_puts(BIO *bp, const char *str);
|
||||
|
||||
#define BIO_TYPE_EBCDIC_FILTER (18|0x0200)
|
||||
static BIO_METHOD methods_ebcdic=
|
||||
@ -321,7 +396,7 @@ static int ebcdic_read(BIO *b, char *out, int outl)
|
||||
return(ret);
|
||||
}
|
||||
|
||||
static int ebcdic_write(BIO *b, char *in, int inl)
|
||||
static int ebcdic_write(BIO *b, const char *in, int inl)
|
||||
{
|
||||
EBCDIC_OUTBUFF *wbuf;
|
||||
int ret=0;
|
||||
@ -354,7 +429,7 @@ static int ebcdic_write(BIO *b, char *in, int inl)
|
||||
return(ret);
|
||||
}
|
||||
|
||||
static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr)
|
||||
static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)
|
||||
{
|
||||
long ret;
|
||||
|
||||
@ -373,7 +448,7 @@ static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr)
|
||||
|
||||
static int ebcdic_gets(BIO *bp, char *buf, int size)
|
||||
{
|
||||
int i, ret;
|
||||
int i, ret=0;
|
||||
if (bp->next_bio == NULL) return(0);
|
||||
/* return(BIO_gets(bp->next_bio,buf,size));*/
|
||||
for (i=0; i<size-1; ++i)
|
||||
@ -392,7 +467,7 @@ static int ebcdic_gets(BIO *bp, char *buf, int size)
|
||||
return (ret < 0 && i == 0) ? ret : i;
|
||||
}
|
||||
|
||||
static int ebcdic_puts(BIO *bp, char *str)
|
||||
static int ebcdic_puts(BIO *bp, const char *str)
|
||||
{
|
||||
if (bp->next_bio == NULL) return(0);
|
||||
return ebcdic_write(bp, str, strlen(str));
|
||||
@ -403,6 +478,8 @@ int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char *argv[])
|
||||
{
|
||||
X509_STORE *store = NULL;
|
||||
int vflags = 0;
|
||||
short port=PORT;
|
||||
char *CApath=NULL,*CAfile=NULL;
|
||||
char *context = NULL;
|
||||
@ -413,16 +490,14 @@ int MAIN(int argc, char *argv[])
|
||||
int no_tmp_rsa=0,no_dhe=0,nocert=0;
|
||||
int state=0;
|
||||
SSL_METHOD *meth=NULL;
|
||||
ENGINE *e=NULL;
|
||||
char *inrand=NULL;
|
||||
#ifndef NO_DH
|
||||
DH *dh=NULL;
|
||||
#endif
|
||||
|
||||
#if !defined(NO_SSL2) && !defined(NO_SSL3)
|
||||
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
|
||||
meth=SSLv23_server_method();
|
||||
#elif !defined(NO_SSL3)
|
||||
#elif !defined(OPENSSL_NO_SSL3)
|
||||
meth=SSLv3_server_method();
|
||||
#elif !defined(NO_SSL2)
|
||||
#elif !defined(OPENSSL_NO_SSL2)
|
||||
meth=SSLv2_server_method();
|
||||
#endif
|
||||
|
||||
@ -437,6 +512,9 @@ int MAIN(int argc, char *argv[])
|
||||
if (bio_err == NULL)
|
||||
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
verify_depth=0;
|
||||
#ifdef FIONBIO
|
||||
s_nbio=0;
|
||||
@ -509,6 +587,16 @@ int MAIN(int argc, char *argv[])
|
||||
if (--argc < 1) goto bad;
|
||||
CApath= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-crl_check") == 0)
|
||||
{
|
||||
vflags |= X509_V_FLAG_CRL_CHECK;
|
||||
}
|
||||
else if (strcmp(*argv,"-crl_check") == 0)
|
||||
{
|
||||
vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
|
||||
}
|
||||
else if (strcmp(*argv,"-serverpref") == 0)
|
||||
{ off|=SSL_OP_CIPHER_SERVER_PREFERENCE; }
|
||||
else if (strcmp(*argv,"-cipher") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
@ -532,6 +620,8 @@ int MAIN(int argc, char *argv[])
|
||||
}
|
||||
else if (strcmp(*argv,"-debug") == 0)
|
||||
{ s_debug=1; }
|
||||
else if (strcmp(*argv,"-msg") == 0)
|
||||
{ s_msg=1; }
|
||||
else if (strcmp(*argv,"-hack") == 0)
|
||||
{ hack=1; }
|
||||
else if (strcmp(*argv,"-state") == 0)
|
||||
@ -550,24 +640,36 @@ int MAIN(int argc, char *argv[])
|
||||
{ www=1; }
|
||||
else if (strcmp(*argv,"-WWW") == 0)
|
||||
{ www=2; }
|
||||
else if (strcmp(*argv,"-HTTP") == 0)
|
||||
{ www=3; }
|
||||
else if (strcmp(*argv,"-no_ssl2") == 0)
|
||||
{ off|=SSL_OP_NO_SSLv2; }
|
||||
else if (strcmp(*argv,"-no_ssl3") == 0)
|
||||
{ off|=SSL_OP_NO_SSLv3; }
|
||||
else if (strcmp(*argv,"-no_tls1") == 0)
|
||||
{ off|=SSL_OP_NO_TLSv1; }
|
||||
#ifndef NO_SSL2
|
||||
#ifndef OPENSSL_NO_SSL2
|
||||
else if (strcmp(*argv,"-ssl2") == 0)
|
||||
{ meth=SSLv2_server_method(); }
|
||||
#endif
|
||||
#ifndef NO_SSL3
|
||||
#ifndef OPENSSL_NO_SSL3
|
||||
else if (strcmp(*argv,"-ssl3") == 0)
|
||||
{ meth=SSLv3_server_method(); }
|
||||
#endif
|
||||
#ifndef NO_TLS1
|
||||
#ifndef OPENSSL_NO_TLS1
|
||||
else if (strcmp(*argv,"-tls1") == 0)
|
||||
{ meth=TLSv1_server_method(); }
|
||||
#endif
|
||||
else if (strcmp(*argv, "-id_prefix") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
session_id_prefix = *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-engine") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
engine_id= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-rand") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
@ -589,6 +691,11 @@ int MAIN(int argc, char *argv[])
|
||||
goto end;
|
||||
}
|
||||
|
||||
SSL_load_error_strings();
|
||||
OpenSSL_add_ssl_algorithms();
|
||||
|
||||
e = setup_engine(bio_err, engine_id, 1);
|
||||
|
||||
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
|
||||
&& !RAND_status())
|
||||
{
|
||||
@ -600,7 +707,7 @@ int MAIN(int argc, char *argv[])
|
||||
|
||||
if (bio_s_out == NULL)
|
||||
{
|
||||
if (s_quiet && !s_debug)
|
||||
if (s_quiet && !s_debug && !s_msg)
|
||||
{
|
||||
bio_s_out=BIO_new(BIO_s_null());
|
||||
}
|
||||
@ -611,7 +718,7 @@ int MAIN(int argc, char *argv[])
|
||||
}
|
||||
}
|
||||
|
||||
#if !defined(NO_RSA) || !defined(NO_DSA)
|
||||
#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA)
|
||||
if (nocert)
|
||||
#endif
|
||||
{
|
||||
@ -621,21 +728,32 @@ int MAIN(int argc, char *argv[])
|
||||
s_dkey_file=NULL;
|
||||
}
|
||||
|
||||
SSL_load_error_strings();
|
||||
OpenSSL_add_ssl_algorithms();
|
||||
|
||||
ctx=SSL_CTX_new(meth);
|
||||
if (ctx == NULL)
|
||||
{
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (session_id_prefix)
|
||||
{
|
||||
if(strlen(session_id_prefix) >= 32)
|
||||
BIO_printf(bio_err,
|
||||
"warning: id_prefix is too long, only one new session will be possible\n");
|
||||
else if(strlen(session_id_prefix) >= 16)
|
||||
BIO_printf(bio_err,
|
||||
"warning: id_prefix is too long if you use SSLv2\n");
|
||||
if(!SSL_CTX_set_generate_session_id(ctx, generate_session_id))
|
||||
{
|
||||
BIO_printf(bio_err,"error setting 'id_prefix'\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
BIO_printf(bio_err,"id_prefix '%s' set.\n", session_id_prefix);
|
||||
}
|
||||
SSL_CTX_set_quiet_shutdown(ctx,1);
|
||||
if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL);
|
||||
if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
|
||||
SSL_CTX_set_options(ctx,off);
|
||||
if (hack) SSL_CTX_set_options(ctx,SSL_OP_NON_EXPORT_FIRST);
|
||||
|
||||
if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
|
||||
|
||||
@ -660,11 +778,19 @@ int MAIN(int argc, char *argv[])
|
||||
ERR_print_errors(bio_err);
|
||||
/* goto end; */
|
||||
}
|
||||
store = SSL_CTX_get_cert_store(ctx);
|
||||
X509_STORE_set_flags(store, vflags);
|
||||
|
||||
#ifndef NO_DH
|
||||
#ifndef OPENSSL_NO_DH
|
||||
if (!no_dhe)
|
||||
{
|
||||
dh=load_dh_param(dhfile ? dhfile : s_cert_file);
|
||||
DH *dh=NULL;
|
||||
|
||||
if (dhfile)
|
||||
dh = load_dh_param(dhfile);
|
||||
else if (s_cert_file)
|
||||
dh = load_dh_param(s_cert_file);
|
||||
|
||||
if (dh != NULL)
|
||||
{
|
||||
BIO_printf(bio_s_out,"Setting temp DH parameters\n");
|
||||
@ -689,7 +815,7 @@ int MAIN(int argc, char *argv[])
|
||||
goto end;
|
||||
}
|
||||
|
||||
#ifndef NO_RSA
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
#if 1
|
||||
if (!no_tmp_rsa)
|
||||
SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
|
||||
@ -741,7 +867,8 @@ int MAIN(int argc, char *argv[])
|
||||
BIO_free(bio_s_out);
|
||||
bio_s_out=NULL;
|
||||
}
|
||||
EXIT(ret);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
|
||||
@ -778,7 +905,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
|
||||
unsigned long l;
|
||||
SSL *con=NULL;
|
||||
BIO *sbio;
|
||||
#ifdef WINDOWS
|
||||
#ifdef OPENSSL_SYS_WINDOWS
|
||||
struct timeval tv;
|
||||
#endif
|
||||
|
||||
@ -801,6 +928,15 @@ static int sv_body(char *hostname, int s, unsigned char *context)
|
||||
|
||||
if (con == NULL) {
|
||||
con=SSL_new(ctx);
|
||||
#ifndef OPENSSL_NO_KRB5
|
||||
if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
|
||||
{
|
||||
kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE,
|
||||
KRB5SVC);
|
||||
kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB,
|
||||
KRB5KEYTAB);
|
||||
}
|
||||
#endif /* OPENSSL_NO_KRB5 */
|
||||
if(context)
|
||||
SSL_set_session_id_context(con, context,
|
||||
strlen((char *)context));
|
||||
@ -825,6 +961,11 @@ static int sv_body(char *hostname, int s, unsigned char *context)
|
||||
BIO_set_callback(SSL_get_rbio(con),bio_dump_cb);
|
||||
BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out);
|
||||
}
|
||||
if (s_msg)
|
||||
{
|
||||
SSL_set_msg_callback(con, msg_cb);
|
||||
SSL_set_msg_callback_arg(con, bio_s_out);
|
||||
}
|
||||
|
||||
width=s+1;
|
||||
for (;;)
|
||||
@ -838,7 +979,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
|
||||
if (!read_from_sslcon)
|
||||
{
|
||||
FD_ZERO(&readfds);
|
||||
#ifndef WINDOWS
|
||||
#ifndef OPENSSL_SYS_WINDOWS
|
||||
FD_SET(fileno(stdin),&readfds);
|
||||
#endif
|
||||
FD_SET(s,&readfds);
|
||||
@ -848,7 +989,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
|
||||
* the compiler: if you do have a cast then you can either
|
||||
* go for (int *) or (void *).
|
||||
*/
|
||||
#ifdef WINDOWS
|
||||
#ifdef OPENSSL_SYS_WINDOWS
|
||||
/* Under Windows we can't select on stdin: only
|
||||
* on sockets. As a workaround we timeout the select every
|
||||
* second and check for any keypress. In a proper Windows
|
||||
@ -1043,7 +1184,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
|
||||
BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
|
||||
if (buf != NULL)
|
||||
{
|
||||
memset(buf,0,bufsize);
|
||||
OPENSSL_cleanse(buf,bufsize);
|
||||
OPENSSL_free(buf);
|
||||
}
|
||||
if (ret >= 0)
|
||||
@ -1095,14 +1236,14 @@ static int init_ssl_connection(SSL *con)
|
||||
{
|
||||
BIO_printf(bio_s_out,"Client certificate\n");
|
||||
PEM_write_bio_X509(bio_s_out,peer);
|
||||
X509_NAME_oneline(X509_get_subject_name(peer),buf,BUFSIZ);
|
||||
X509_NAME_oneline(X509_get_subject_name(peer),buf,sizeof buf);
|
||||
BIO_printf(bio_s_out,"subject=%s\n",buf);
|
||||
X509_NAME_oneline(X509_get_issuer_name(peer),buf,BUFSIZ);
|
||||
X509_NAME_oneline(X509_get_issuer_name(peer),buf,sizeof buf);
|
||||
BIO_printf(bio_s_out,"issuer=%s\n",buf);
|
||||
X509_free(peer);
|
||||
}
|
||||
|
||||
if (SSL_get_shared_ciphers(con,buf,BUFSIZ) != NULL)
|
||||
if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL)
|
||||
BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
|
||||
str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
|
||||
BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
|
||||
@ -1114,7 +1255,7 @@ static int init_ssl_connection(SSL *con)
|
||||
return(1);
|
||||
}
|
||||
|
||||
#ifndef NO_DH
|
||||
#ifndef OPENSSL_NO_DH
|
||||
static DH *load_dh_param(char *dhfile)
|
||||
{
|
||||
DH *ret=NULL;
|
||||
@ -1183,6 +1324,13 @@ static int www_body(char *hostname, int s, unsigned char *context)
|
||||
if (!BIO_set_write_buffer_size(io,bufsize)) goto err;
|
||||
|
||||
if ((con=SSL_new(ctx)) == NULL) goto err;
|
||||
#ifndef OPENSSL_NO_KRB5
|
||||
if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
|
||||
{
|
||||
kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC);
|
||||
kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB);
|
||||
}
|
||||
#endif /* OPENSSL_NO_KRB5 */
|
||||
if(context) SSL_set_session_id_context(con, context,
|
||||
strlen((char *)context));
|
||||
|
||||
@ -1210,6 +1358,11 @@ static int www_body(char *hostname, int s, unsigned char *context)
|
||||
BIO_set_callback(SSL_get_rbio(con),bio_dump_cb);
|
||||
BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out);
|
||||
}
|
||||
if (s_msg)
|
||||
{
|
||||
SSL_set_msg_callback(con, msg_cb);
|
||||
SSL_set_msg_callback_arg(con, bio_s_out);
|
||||
}
|
||||
|
||||
blank=0;
|
||||
for (;;)
|
||||
@ -1250,7 +1403,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
|
||||
else
|
||||
{
|
||||
BIO_printf(bio_s_out,"read R BLOCK\n");
|
||||
#ifndef MSDOS
|
||||
#if !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
|
||||
sleep(1);
|
||||
#endif
|
||||
continue;
|
||||
@ -1344,7 +1497,8 @@ static int www_body(char *hostname, int s, unsigned char *context)
|
||||
BIO_puts(io,"</BODY></HTML>\r\n\r\n");
|
||||
break;
|
||||
}
|
||||
else if ((www == 2) && (strncmp("GET /",buf,5) == 0))
|
||||
else if ((www == 2 || www == 3)
|
||||
&& (strncmp("GET /",buf,5) == 0))
|
||||
{
|
||||
BIO *file;
|
||||
char *p,*e;
|
||||
@ -1434,13 +1588,16 @@ static int www_body(char *hostname, int s, unsigned char *context)
|
||||
if (!s_quiet)
|
||||
BIO_printf(bio_err,"FILE:%s\n",p);
|
||||
|
||||
i=strlen(p);
|
||||
if ( ((i > 5) && (strcmp(&(p[i-5]),".html") == 0)) ||
|
||||
((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) ||
|
||||
((i > 4) && (strcmp(&(p[i-4]),".htm") == 0)))
|
||||
BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
|
||||
else
|
||||
BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
|
||||
if (www == 2)
|
||||
{
|
||||
i=strlen(p);
|
||||
if ( ((i > 5) && (strcmp(&(p[i-5]),".html") == 0)) ||
|
||||
((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) ||
|
||||
((i > 4) && (strcmp(&(p[i-4]),".htm") == 0)))
|
||||
BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
|
||||
else
|
||||
BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
|
||||
}
|
||||
/* send the file */
|
||||
total_bytes=0;
|
||||
for (;;)
|
||||
@ -1518,7 +1675,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
|
||||
return(ret);
|
||||
}
|
||||
|
||||
#ifndef NO_RSA
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
|
||||
{
|
||||
static RSA *rsa_tmp=NULL;
|
||||
@ -1540,3 +1697,26 @@ static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
|
||||
return(rsa_tmp);
|
||||
}
|
||||
#endif
|
||||
|
||||
#define MAX_SESSION_ID_ATTEMPTS 10
|
||||
static int generate_session_id(const SSL *ssl, unsigned char *id,
|
||||
unsigned int *id_len)
|
||||
{
|
||||
unsigned int count = 0;
|
||||
do {
|
||||
RAND_pseudo_bytes(id, *id_len);
|
||||
/* Prefix the session_id with the required prefix. NB: If our
|
||||
* prefix is too long, clip it - but there will be worse effects
|
||||
* anyway, eg. the server could only possibly create 1 session
|
||||
* ID (ie. the prefix!) so all future session negotiations will
|
||||
* fail due to conflicts. */
|
||||
memcpy(id, session_id_prefix,
|
||||
(strlen(session_id_prefix) < *id_len) ?
|
||||
strlen(session_id_prefix) : *id_len);
|
||||
}
|
||||
while(SSL_has_matching_session_id(ssl, id, *id_len) &&
|
||||
(++count < MAX_SESSION_ID_ATTEMPTS));
|
||||
if(count >= MAX_SESSION_ID_ATTEMPTS)
|
||||
return 0;
|
||||
return 1;
|
||||
}
|
||||
|
@ -62,11 +62,13 @@
|
||||
#include <errno.h>
|
||||
#include <signal.h>
|
||||
|
||||
#include <openssl/e_os2.h>
|
||||
|
||||
/* With IPv6, it looks like Digital has mixed up the proper order of
|
||||
recursive header file inclusion, resulting in the compiler complaining
|
||||
that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
|
||||
is needed to have fileno() declared correctly... So let's define u_int */
|
||||
#if defined(VMS) && defined(__DECC) && !defined(__U_INT)
|
||||
#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
|
||||
#define __U_INT
|
||||
typedef unsigned int u_int;
|
||||
#endif
|
||||
@ -80,27 +82,27 @@ typedef unsigned int u_int;
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
static struct hostent *GetHostByName(char *name);
|
||||
#ifdef WINDOWS
|
||||
static void sock_cleanup(void);
|
||||
#ifdef OPENSSL_SYS_WINDOWS
|
||||
static void ssl_sock_cleanup(void);
|
||||
#endif
|
||||
static int sock_init(void);
|
||||
static int ssl_sock_init(void);
|
||||
static int init_client_ip(int *sock,unsigned char ip[4], int port);
|
||||
static int init_server(int *sock, int port);
|
||||
static int init_server_long(int *sock, int port,char *ip);
|
||||
static int do_accept(int acc_sock, int *sock, char **host);
|
||||
static int host_ip(char *str, unsigned char ip[4]);
|
||||
|
||||
#ifdef WIN16
|
||||
#ifdef OPENSSL_SYS_WIN16
|
||||
#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
|
||||
#else
|
||||
#define SOCKET_PROTOCOL IPPROTO_TCP
|
||||
#endif
|
||||
|
||||
#ifdef WINDOWS
|
||||
#ifdef OPENSSL_SYS_WINDOWS
|
||||
static struct WSAData wsa_state;
|
||||
static int wsa_init_done=0;
|
||||
|
||||
#ifdef WIN16
|
||||
#ifdef OPENSSL_SYS_WIN16
|
||||
static HWND topWnd=0;
|
||||
static FARPROC lpTopWndProc=NULL;
|
||||
static FARPROC lpTopHookProc=NULL;
|
||||
@ -116,7 +118,7 @@ static LONG FAR PASCAL topHookProc(HWND hwnd, UINT message, WPARAM wParam,
|
||||
case WM_DESTROY:
|
||||
case WM_CLOSE:
|
||||
SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopWndProc);
|
||||
sock_cleanup();
|
||||
ssl_sock_cleanup();
|
||||
break;
|
||||
}
|
||||
}
|
||||
@ -129,30 +131,38 @@ static BOOL CALLBACK enumproc(HWND hwnd,LPARAM lParam)
|
||||
return(FALSE);
|
||||
}
|
||||
|
||||
#endif /* WIN32 */
|
||||
#endif /* WINDOWS */
|
||||
#endif /* OPENSSL_SYS_WIN32 */
|
||||
#endif /* OPENSSL_SYS_WINDOWS */
|
||||
|
||||
#ifdef WINDOWS
|
||||
static void sock_cleanup(void)
|
||||
#ifdef OPENSSL_SYS_WINDOWS
|
||||
static void ssl_sock_cleanup(void)
|
||||
{
|
||||
if (wsa_init_done)
|
||||
{
|
||||
wsa_init_done=0;
|
||||
#ifndef OPENSSL_SYS_WINCE
|
||||
WSACancelBlockingCall();
|
||||
#endif
|
||||
WSACleanup();
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
static int sock_init(void)
|
||||
static int ssl_sock_init(void)
|
||||
{
|
||||
#ifdef WINDOWS
|
||||
#ifdef WATT32
|
||||
extern int _watt_do_exit;
|
||||
_watt_do_exit = 0;
|
||||
dbug_init();
|
||||
if (sock_init())
|
||||
return (0);
|
||||
#elif defined(OPENSSL_SYS_WINDOWS)
|
||||
if (!wsa_init_done)
|
||||
{
|
||||
int err;
|
||||
|
||||
#ifdef SIGINT
|
||||
signal(SIGINT,(void (*)(int))sock_cleanup);
|
||||
signal(SIGINT,(void (*)(int))ssl_sock_cleanup);
|
||||
#endif
|
||||
wsa_init_done=1;
|
||||
memset(&wsa_state,0,sizeof(wsa_state));
|
||||
@ -163,15 +173,15 @@ static int sock_init(void)
|
||||
return(0);
|
||||
}
|
||||
|
||||
#ifdef WIN16
|
||||
#ifdef OPENSSL_SYS_WIN16
|
||||
EnumTaskWindows(GetCurrentTask(),enumproc,0L);
|
||||
lpTopWndProc=(FARPROC)GetWindowLong(topWnd,GWL_WNDPROC);
|
||||
lpTopHookProc=MakeProcInstance((FARPROC)topHookProc,_hInstance);
|
||||
|
||||
SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopHookProc);
|
||||
#endif /* WIN16 */
|
||||
#endif /* OPENSSL_SYS_WIN16 */
|
||||
}
|
||||
#endif /* WINDOWS */
|
||||
#endif /* OPENSSL_SYS_WINDOWS */
|
||||
return(1);
|
||||
}
|
||||
|
||||
@ -194,7 +204,7 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port)
|
||||
struct sockaddr_in them;
|
||||
int s,i;
|
||||
|
||||
if (!sock_init()) return(0);
|
||||
if (!ssl_sock_init()) return(0);
|
||||
|
||||
memset((char *)&them,0,sizeof(them));
|
||||
them.sin_family=AF_INET;
|
||||
@ -209,7 +219,7 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port)
|
||||
s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
|
||||
if (s == INVALID_SOCKET) { perror("socket"); return(0); }
|
||||
|
||||
#ifndef MPE
|
||||
#ifndef OPENSSL_SYS_MPE
|
||||
i=0;
|
||||
i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
|
||||
if (i < 0) { perror("keepalive"); return(0); }
|
||||
@ -259,7 +269,7 @@ static int init_server_long(int *sock, int port, char *ip)
|
||||
struct sockaddr_in server;
|
||||
int s= -1,i;
|
||||
|
||||
if (!sock_init()) return(0);
|
||||
if (!ssl_sock_init()) return(0);
|
||||
|
||||
memset((char *)&server,0,sizeof(server));
|
||||
server.sin_family=AF_INET;
|
||||
@ -285,7 +295,7 @@ static int init_server_long(int *sock, int port, char *ip)
|
||||
#endif
|
||||
if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
|
||||
{
|
||||
#ifndef WINDOWS
|
||||
#ifndef OPENSSL_SYS_WINDOWS
|
||||
perror("bind");
|
||||
#endif
|
||||
goto err;
|
||||
@ -316,9 +326,9 @@ static int do_accept(int acc_sock, int *sock, char **host)
|
||||
int len;
|
||||
/* struct linger ling; */
|
||||
|
||||
if (!sock_init()) return(0);
|
||||
if (!ssl_sock_init()) return(0);
|
||||
|
||||
#ifndef WINDOWS
|
||||
#ifndef OPENSSL_SYS_WINDOWS
|
||||
redoit:
|
||||
#endif
|
||||
|
||||
@ -332,7 +342,7 @@ static int do_accept(int acc_sock, int *sock, char **host)
|
||||
ret=accept(acc_sock,(struct sockaddr *)&from,(void *)&len);
|
||||
if (ret == INVALID_SOCKET)
|
||||
{
|
||||
#ifdef WINDOWS
|
||||
#ifdef OPENSSL_SYS_WINDOWS
|
||||
i=WSAGetLastError();
|
||||
BIO_printf(bio_err,"accept error %d\n",i);
|
||||
#else
|
||||
@ -446,7 +456,7 @@ static int host_ip(char *str, unsigned char ip[4])
|
||||
{ /* do a gethostbyname */
|
||||
struct hostent *he;
|
||||
|
||||
if (!sock_init()) return(0);
|
||||
if (!ssl_sock_init()) return(0);
|
||||
|
||||
he=GetHostByName(str);
|
||||
if (he == NULL)
|
||||
@ -527,9 +537,12 @@ static struct hostent *GetHostByName(char *name)
|
||||
ret=gethostbyname(name);
|
||||
if (ret == NULL) return(NULL);
|
||||
/* else add to cache */
|
||||
strncpy(ghbn_cache[lowi].name,name,128);
|
||||
memcpy((char *)&(ghbn_cache[lowi].ent),ret,sizeof(struct hostent));
|
||||
ghbn_cache[lowi].order=ghbn_miss+ghbn_hits;
|
||||
if(strlen(name) < sizeof ghbn_cache[0].name)
|
||||
{
|
||||
strcpy(ghbn_cache[lowi].name,name);
|
||||
memcpy((char *)&(ghbn_cache[lowi].ent),ret,sizeof(struct hostent));
|
||||
ghbn_cache[lowi].order=ghbn_miss+ghbn_hits;
|
||||
}
|
||||
return(ret);
|
||||
}
|
||||
else
|
||||
|
@ -67,22 +67,25 @@
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#ifdef NO_STDIO
|
||||
#define USE_SOCKETS
|
||||
#include "apps.h"
|
||||
#ifdef OPENSSL_NO_STDIO
|
||||
#define APPS_WIN16
|
||||
#endif
|
||||
#define USE_SOCKETS
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/pem.h>
|
||||
#include "apps.h"
|
||||
#include "s_apps.h"
|
||||
#include <openssl/err.h>
|
||||
#ifdef WIN32_STUFF
|
||||
#include "winmain.h"
|
||||
#include "wintext.h"
|
||||
#endif
|
||||
#if !defined(OPENSSL_SYS_MSDOS)
|
||||
#include OPENSSL_UNISTD
|
||||
#endif
|
||||
|
||||
#if !defined(MSDOS) && !defined(VXWORKS) && (!defined(VMS) || defined(__DECC)) || defined (_DARWIN)
|
||||
#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC))
|
||||
#define TIMES
|
||||
#endif
|
||||
|
||||
@ -98,18 +101,14 @@
|
||||
The __TMS macro will show if it was. If it wasn't defined, we should
|
||||
undefine TIMES, since that tells the rest of the program how things
|
||||
should be handled. -- Richard Levitte */
|
||||
#if defined(VMS) && defined(__DECC) && !defined(__TMS)
|
||||
#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
|
||||
#undef TIMES
|
||||
#endif
|
||||
|
||||
#if !defined(TIMES) && !defined(VXWORKS)
|
||||
#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS)
|
||||
#include <sys/timeb.h>
|
||||
#endif
|
||||
|
||||
#ifdef _AIX
|
||||
#include <sys/select.h>
|
||||
#endif
|
||||
|
||||
#if defined(sun) || defined(__ultrix)
|
||||
#define _POSIX_SOURCE
|
||||
#include <limits.h>
|
||||
@ -119,11 +118,19 @@
|
||||
/* The following if from times(3) man page. It may need to be changed
|
||||
*/
|
||||
#ifndef HZ
|
||||
#ifndef CLK_TCK
|
||||
#define HZ 100.0
|
||||
#else /* CLK_TCK */
|
||||
#define HZ ((double)CLK_TCK)
|
||||
#endif
|
||||
# ifdef _SC_CLK_TCK
|
||||
# define HZ ((double)sysconf(_SC_CLK_TCK))
|
||||
# else
|
||||
# ifndef CLK_TCK
|
||||
# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
|
||||
# define HZ 100.0
|
||||
# else /* _BSD_CLK_TCK_ */
|
||||
# define HZ ((double)_BSD_CLK_TCK_)
|
||||
# endif
|
||||
# else /* CLK_TCK */
|
||||
# define HZ ((double)CLK_TCK)
|
||||
# endif
|
||||
# endif
|
||||
#endif
|
||||
|
||||
#undef PROG
|
||||
@ -139,6 +146,8 @@
|
||||
#undef BUFSIZZ
|
||||
#define BUFSIZZ 1024*10
|
||||
|
||||
#define MYBUFSIZ 1024*8
|
||||
|
||||
#undef min
|
||||
#undef max
|
||||
#define min(a,b) (((a) < (b)) ? (a) : (b))
|
||||
@ -176,7 +185,7 @@ static int perform=0;
|
||||
#ifdef FIONBIO
|
||||
static int t_nbio=0;
|
||||
#endif
|
||||
#ifdef WIN32
|
||||
#ifdef OPENSSL_SYS_WIN32
|
||||
static int exitNow = 0; /* Set when it's time to exit main */
|
||||
#endif
|
||||
|
||||
@ -200,7 +209,7 @@ static void s_time_init(void)
|
||||
#ifdef FIONBIO
|
||||
t_nbio=0;
|
||||
#endif
|
||||
#ifdef WIN32
|
||||
#ifdef OPENSSL_SYS_WIN32
|
||||
exitNow = 0; /* Set when it's time to exit main */
|
||||
#endif
|
||||
}
|
||||
@ -313,14 +322,19 @@ static int parseArgs(int argc, char **argv)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
s_www_path= *(++argv);
|
||||
if(strlen(s_www_path) > MYBUFSIZ-100)
|
||||
{
|
||||
BIO_printf(bio_err,"-www option too long\n");
|
||||
badop=1;
|
||||
}
|
||||
}
|
||||
else if(strcmp(*argv,"-bugs") == 0)
|
||||
st_bugs=1;
|
||||
#ifndef NO_SSL2
|
||||
#ifndef OPENSSL_NO_SSL2
|
||||
else if(strcmp(*argv,"-ssl2") == 0)
|
||||
s_time_meth=SSLv2_client_method();
|
||||
#endif
|
||||
#ifndef NO_SSL3
|
||||
#ifndef OPENSSL_NO_SSL3
|
||||
else if(strcmp(*argv,"-ssl3") == 0)
|
||||
s_time_meth=SSLv3_client_method();
|
||||
#endif
|
||||
@ -370,7 +384,7 @@ static double tm_Time_F(int s)
|
||||
ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
|
||||
return((ret == 0.0)?1e-6:ret);
|
||||
}
|
||||
#elif defined(VXWORKS)
|
||||
#elif defined(OPENSSL_SYS_VXWORKS)
|
||||
{
|
||||
static unsigned long tick_start, tick_end;
|
||||
|
||||
@ -424,11 +438,11 @@ int MAIN(int argc, char **argv)
|
||||
if (bio_err == NULL)
|
||||
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
|
||||
|
||||
#if !defined(NO_SSL2) && !defined(NO_SSL3)
|
||||
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
|
||||
s_time_meth=SSLv23_client_method();
|
||||
#elif !defined(NO_SSL3)
|
||||
#elif !defined(OPENSSL_NO_SSL3)
|
||||
s_time_meth=SSLv3_client_method();
|
||||
#elif !defined(NO_SSL2)
|
||||
#elif !defined(OPENSSL_NO_SSL2)
|
||||
s_time_meth=SSLv2_client_method();
|
||||
#endif
|
||||
|
||||
@ -461,7 +475,6 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
if (tm_cipher == NULL ) {
|
||||
fprintf( stderr, "No CIPHER specified\n" );
|
||||
/* EXIT(1); */
|
||||
}
|
||||
|
||||
if (!(perform & 1)) goto next;
|
||||
@ -474,7 +487,7 @@ int MAIN(int argc, char **argv)
|
||||
tm_Time_F(START);
|
||||
for (;;)
|
||||
{
|
||||
if (finishtime < time(NULL)) break;
|
||||
if (finishtime < (long)time(NULL)) break;
|
||||
#ifdef WIN32_STUFF
|
||||
|
||||
if( flushWinMsgs(0) == -1 )
|
||||
@ -525,9 +538,9 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
|
||||
|
||||
i=(int)(time(NULL)-finishtime+maxTime);
|
||||
i=(int)((long)time(NULL)-finishtime+maxTime);
|
||||
printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);
|
||||
printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,time(NULL)-finishtime+maxTime,bytes_read/nConn);
|
||||
printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn);
|
||||
|
||||
/* Now loop and time connections using the same session id over and over */
|
||||
|
||||
@ -559,7 +572,7 @@ int MAIN(int argc, char **argv)
|
||||
nConn = 0;
|
||||
totalTime = 0.0;
|
||||
|
||||
finishtime=time(NULL)+maxTime;
|
||||
finishtime=(long)time(NULL)+maxTime;
|
||||
|
||||
printf( "starting\n" );
|
||||
bytes_read=0;
|
||||
@ -567,7 +580,7 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
for (;;)
|
||||
{
|
||||
if (finishtime < time(NULL)) break;
|
||||
if (finishtime < (long)time(NULL)) break;
|
||||
|
||||
#ifdef WIN32_STUFF
|
||||
if( flushWinMsgs(0) == -1 )
|
||||
@ -617,7 +630,7 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
|
||||
printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);
|
||||
printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,time(NULL)-finishtime+maxTime,bytes_read/nConn);
|
||||
printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn);
|
||||
|
||||
ret=0;
|
||||
end:
|
||||
@ -628,7 +641,8 @@ int MAIN(int argc, char **argv)
|
||||
SSL_CTX_free(tm_ctx);
|
||||
tm_ctx=NULL;
|
||||
}
|
||||
EXIT(ret);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
/***********************************************************************
|
||||
|
@ -156,7 +156,7 @@ int MAIN(int argc, char **argv)
|
||||
{
|
||||
bad:
|
||||
for (pp=sess_id_usage; (*pp != NULL); pp++)
|
||||
BIO_printf(bio_err,*pp);
|
||||
BIO_printf(bio_err,"%s",*pp);
|
||||
goto end;
|
||||
}
|
||||
|
||||
@ -208,7 +208,7 @@ int MAIN(int argc, char **argv)
|
||||
if (outfile == NULL)
|
||||
{
|
||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||
#ifdef VMS
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -272,7 +272,8 @@ int MAIN(int argc, char **argv)
|
||||
end:
|
||||
if (out != NULL) BIO_free_all(out);
|
||||
if (x != NULL) SSL_SESSION_free(x);
|
||||
EXIT(ret);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
static SSL_SESSION *load_sess_id(char *infile, int format)
|
||||
|
@ -67,7 +67,6 @@
|
||||
|
||||
#undef PROG
|
||||
#define PROG smime_main
|
||||
static X509_STORE *setup_verify(char *CAfile, char *CApath);
|
||||
static int save_certs(char *signerfile, STACK_OF(X509) *signers);
|
||||
|
||||
#define SMIME_OP 0x10
|
||||
@ -81,6 +80,7 @@ int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
ENGINE *e = NULL;
|
||||
int operation = 0;
|
||||
int ret = 0;
|
||||
char **args;
|
||||
@ -88,7 +88,7 @@ int MAIN(int argc, char **argv)
|
||||
char *infile = NULL, *outfile = NULL;
|
||||
char *signerfile = NULL, *recipfile = NULL;
|
||||
char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
|
||||
EVP_CIPHER *cipher = NULL;
|
||||
const EVP_CIPHER *cipher = NULL;
|
||||
PKCS7 *p7 = NULL;
|
||||
X509_STORE *store = NULL;
|
||||
X509 *cert = NULL, *recip = NULL, *signer = NULL;
|
||||
@ -96,36 +96,55 @@ int MAIN(int argc, char **argv)
|
||||
STACK_OF(X509) *encerts = NULL, *other = NULL;
|
||||
BIO *in = NULL, *out = NULL, *indata = NULL;
|
||||
int badarg = 0;
|
||||
int flags = PKCS7_DETACHED;
|
||||
int flags = PKCS7_DETACHED, store_flags = 0;
|
||||
char *to = NULL, *from = NULL, *subject = NULL;
|
||||
char *CAfile = NULL, *CApath = NULL;
|
||||
char *passargin = NULL, *passin = NULL;
|
||||
char *inrand = NULL;
|
||||
int need_rand = 0;
|
||||
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
|
||||
args = argv + 1;
|
||||
int keyform = FORMAT_PEM;
|
||||
char *engine=NULL;
|
||||
|
||||
args = argv + 1;
|
||||
ret = 1;
|
||||
|
||||
apps_startup();
|
||||
|
||||
if (bio_err == NULL)
|
||||
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
while (!badarg && *args && *args[0] == '-') {
|
||||
if (!strcmp (*args, "-encrypt")) operation = SMIME_ENCRYPT;
|
||||
else if (!strcmp (*args, "-decrypt")) operation = SMIME_DECRYPT;
|
||||
else if (!strcmp (*args, "-sign")) operation = SMIME_SIGN;
|
||||
else if (!strcmp (*args, "-verify")) operation = SMIME_VERIFY;
|
||||
else if (!strcmp (*args, "-pk7out")) operation = SMIME_PK7OUT;
|
||||
#ifndef NO_DES
|
||||
#ifndef OPENSSL_NO_DES
|
||||
else if (!strcmp (*args, "-des3"))
|
||||
cipher = EVP_des_ede3_cbc();
|
||||
else if (!strcmp (*args, "-des"))
|
||||
cipher = EVP_des_cbc();
|
||||
#endif
|
||||
#ifndef NO_RC2
|
||||
#ifndef OPENSSL_NO_RC2
|
||||
else if (!strcmp (*args, "-rc2-40"))
|
||||
cipher = EVP_rc2_40_cbc();
|
||||
else if (!strcmp (*args, "-rc2-128"))
|
||||
cipher = EVP_rc2_cbc();
|
||||
else if (!strcmp (*args, "-rc2-64"))
|
||||
cipher = EVP_rc2_64_cbc();
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_AES
|
||||
else if (!strcmp(*args,"-aes128"))
|
||||
cipher = EVP_aes_128_cbc();
|
||||
else if (!strcmp(*args,"-aes192"))
|
||||
cipher = EVP_aes_192_cbc();
|
||||
else if (!strcmp(*args,"-aes256"))
|
||||
cipher = EVP_aes_256_cbc();
|
||||
#endif
|
||||
else if (!strcmp (*args, "-text"))
|
||||
flags |= PKCS7_TEXT;
|
||||
@ -147,12 +166,21 @@ int MAIN(int argc, char **argv)
|
||||
flags |= PKCS7_BINARY;
|
||||
else if (!strcmp (*args, "-nosigs"))
|
||||
flags |= PKCS7_NOSIGS;
|
||||
else if (!strcmp (*args, "-crl_check"))
|
||||
store_flags |= X509_V_FLAG_CRL_CHECK;
|
||||
else if (!strcmp (*args, "-crl_check_all"))
|
||||
store_flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
|
||||
else if (!strcmp(*args,"-rand")) {
|
||||
if (args[1]) {
|
||||
args++;
|
||||
inrand = *args;
|
||||
} else badarg = 1;
|
||||
need_rand = 1;
|
||||
} else if (!strcmp(*args,"-engine")) {
|
||||
if (args[1]) {
|
||||
args++;
|
||||
engine = *args;
|
||||
} else badarg = 1;
|
||||
} else if (!strcmp(*args,"-passin")) {
|
||||
if (args[1]) {
|
||||
args++;
|
||||
@ -188,6 +216,11 @@ int MAIN(int argc, char **argv)
|
||||
args++;
|
||||
keyfile = *args;
|
||||
} else badarg = 1;
|
||||
} else if (!strcmp (*args, "-keyform")) {
|
||||
if (args[1]) {
|
||||
args++;
|
||||
keyform = str2fmt(*args);
|
||||
} else badarg = 1;
|
||||
} else if (!strcmp (*args, "-certfile")) {
|
||||
if (args[1]) {
|
||||
args++;
|
||||
@ -259,14 +292,18 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf (bio_err, "-sign sign message\n");
|
||||
BIO_printf (bio_err, "-verify verify signed message\n");
|
||||
BIO_printf (bio_err, "-pk7out output PKCS#7 structure\n");
|
||||
#ifndef NO_DES
|
||||
#ifndef OPENSSL_NO_DES
|
||||
BIO_printf (bio_err, "-des3 encrypt with triple DES\n");
|
||||
BIO_printf (bio_err, "-des encrypt with DES\n");
|
||||
#endif
|
||||
#ifndef NO_RC2
|
||||
#ifndef OPENSSL_NO_RC2
|
||||
BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n");
|
||||
BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n");
|
||||
BIO_printf (bio_err, "-rc2-128 encrypt with RC2-128\n");
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_AES
|
||||
BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
|
||||
BIO_printf (bio_err, " encrypt PEM output with cbc aes\n");
|
||||
#endif
|
||||
BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n");
|
||||
BIO_printf (bio_err, "-nosigs don't verify message signature\n");
|
||||
@ -281,6 +318,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf (bio_err, "-in file input file\n");
|
||||
BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n");
|
||||
BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n");
|
||||
BIO_printf (bio_err, "-keyform arg input private key format (PEM or ENGINE)\n");
|
||||
BIO_printf (bio_err, "-out file output file\n");
|
||||
BIO_printf (bio_err, "-outform arg output format SMIME (default), PEM or DER\n");
|
||||
BIO_printf (bio_err, "-content file supply or override content for detached signature\n");
|
||||
@ -290,6 +328,9 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf (bio_err, "-text include or delete text MIME headers\n");
|
||||
BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
|
||||
BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
|
||||
BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
|
||||
BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
|
||||
BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
|
||||
BIO_printf (bio_err, "-passin arg input file pass phrase source\n");
|
||||
BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
|
||||
BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
|
||||
@ -298,6 +339,8 @@ int MAIN(int argc, char **argv)
|
||||
goto end;
|
||||
}
|
||||
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
|
||||
if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
|
||||
BIO_printf(bio_err, "Error getting password\n");
|
||||
goto end;
|
||||
@ -324,7 +367,7 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
if(operation == SMIME_ENCRYPT) {
|
||||
if (!cipher) {
|
||||
#ifndef NO_RC2
|
||||
#ifndef OPENSSL_NO_RC2
|
||||
cipher = EVP_rc2_40_cbc();
|
||||
#else
|
||||
BIO_printf(bio_err, "No cipher selected\n");
|
||||
@ -333,8 +376,11 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
encerts = sk_X509_new_null();
|
||||
while (*args) {
|
||||
if(!(cert = load_cert(bio_err,*args,FORMAT_PEM))) {
|
||||
if(!(cert = load_cert(bio_err,*args,FORMAT_PEM,
|
||||
NULL, e, "recipient certificate file"))) {
|
||||
#if 0 /* An appropriate message is already printed */
|
||||
BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args);
|
||||
#endif
|
||||
goto end;
|
||||
}
|
||||
sk_X509_push(encerts, cert);
|
||||
@ -344,23 +390,32 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
|
||||
if(signerfile && (operation == SMIME_SIGN)) {
|
||||
if(!(signer = load_cert(bio_err,signerfile,FORMAT_PEM))) {
|
||||
if(!(signer = load_cert(bio_err,signerfile,FORMAT_PEM, NULL,
|
||||
e, "signer certificate"))) {
|
||||
#if 0 /* An appropri message has already been printed */
|
||||
BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile);
|
||||
#endif
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if(certfile) {
|
||||
if(!(other = load_certs(bio_err,certfile,FORMAT_PEM))) {
|
||||
if(!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL,
|
||||
e, "certificate file"))) {
|
||||
#if 0 /* An appropriate message has already been printed */
|
||||
BIO_printf(bio_err, "Can't read certificate file %s\n", certfile);
|
||||
#endif
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if(recipfile && (operation == SMIME_DECRYPT)) {
|
||||
if(!(recip = load_cert(bio_err,recipfile,FORMAT_PEM))) {
|
||||
if(!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL,
|
||||
e, "recipient certificate file"))) {
|
||||
#if 0 /* An appropriate message has alrady been printed */
|
||||
BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile);
|
||||
#endif
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
@ -373,11 +428,11 @@ int MAIN(int argc, char **argv)
|
||||
} else keyfile = NULL;
|
||||
|
||||
if(keyfile) {
|
||||
if(!(key = load_key(bio_err,keyfile, FORMAT_PEM, passin))) {
|
||||
BIO_printf(bio_err, "Can't read recipient certificate file %s\n", keyfile);
|
||||
ERR_print_errors(bio_err);
|
||||
key = load_key(bio_err, keyfile, keyform, 0, passin, e,
|
||||
"signing key file");
|
||||
if (!key) {
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (infile) {
|
||||
@ -396,7 +451,7 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
} else {
|
||||
out = BIO_new_fp(stdout, BIO_NOCLOSE);
|
||||
#ifdef VMS
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -405,9 +460,11 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
|
||||
if(operation == SMIME_VERIFY) {
|
||||
if(!(store = setup_verify(CAfile, CApath))) goto end;
|
||||
if(!(store = setup_verify(bio_err, CAfile, CApath))) goto end;
|
||||
X509_STORE_set_flags(store, store_flags);
|
||||
}
|
||||
|
||||
|
||||
ret = 3;
|
||||
|
||||
if(operation == SMIME_ENCRYPT) {
|
||||
@ -507,36 +564,6 @@ int MAIN(int argc, char **argv)
|
||||
return (ret);
|
||||
}
|
||||
|
||||
static X509_STORE *setup_verify(char *CAfile, char *CApath)
|
||||
{
|
||||
X509_STORE *store;
|
||||
X509_LOOKUP *lookup;
|
||||
if(!(store = X509_STORE_new())) goto end;
|
||||
lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
|
||||
if (lookup == NULL) goto end;
|
||||
if (CAfile) {
|
||||
if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) {
|
||||
BIO_printf(bio_err, "Error loading file %s\n", CAfile);
|
||||
goto end;
|
||||
}
|
||||
} else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
|
||||
|
||||
lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
|
||||
if (lookup == NULL) goto end;
|
||||
if (CApath) {
|
||||
if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) {
|
||||
BIO_printf(bio_err, "Error loading directory %s\n", CApath);
|
||||
goto end;
|
||||
}
|
||||
} else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
|
||||
|
||||
ERR_clear_error();
|
||||
return store;
|
||||
end:
|
||||
X509_STORE_free(store);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static int save_certs(char *signerfile, STACK_OF(X509) *signers)
|
||||
{
|
||||
int i;
|
||||
|
@ -81,21 +81,26 @@ int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
ENGINE *e = NULL;
|
||||
int i,badops=0, ret = 1;
|
||||
BIO *in = NULL,*out = NULL, *key = NULL;
|
||||
BIO *in = NULL,*out = NULL;
|
||||
int verify=0,noout=0,pubkey=0;
|
||||
char *infile = NULL,*outfile = NULL,*prog;
|
||||
char *passargin = NULL, *passin = NULL;
|
||||
char *spkac = "SPKAC", *spksect = "default", *spkstr = NULL;
|
||||
char *challenge = NULL, *keyfile = NULL;
|
||||
LHASH *conf = NULL;
|
||||
CONF *conf = NULL;
|
||||
NETSCAPE_SPKI *spki = NULL;
|
||||
EVP_PKEY *pkey = NULL;
|
||||
char *engine=NULL;
|
||||
|
||||
apps_startup();
|
||||
|
||||
if (!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
prog=argv[0];
|
||||
argc--;
|
||||
argv++;
|
||||
@ -136,6 +141,11 @@ int MAIN(int argc, char **argv)
|
||||
if (--argc < 1) goto bad;
|
||||
spksect= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-engine") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
engine= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-noout") == 0)
|
||||
noout=1;
|
||||
else if (strcmp(*argv,"-pubkey") == 0)
|
||||
@ -161,6 +171,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err," -noout don't print SPKAC\n");
|
||||
BIO_printf(bio_err," -pubkey output public key\n");
|
||||
BIO_printf(bio_err," -verify verify SPKAC signature\n");
|
||||
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
@ -170,18 +181,13 @@ int MAIN(int argc, char **argv)
|
||||
goto end;
|
||||
}
|
||||
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
|
||||
if(keyfile) {
|
||||
if(strcmp(keyfile, "-")) key = BIO_new_file(keyfile, "r");
|
||||
else key = BIO_new_fp(stdin, BIO_NOCLOSE);
|
||||
if(!key) {
|
||||
BIO_printf(bio_err, "Error opening key file\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, passin);
|
||||
pkey = load_key(bio_err,
|
||||
strcmp(keyfile, "-") ? keyfile : NULL,
|
||||
FORMAT_PEM, 1, passin, e, "private key");
|
||||
if(!pkey) {
|
||||
BIO_printf(bio_err, "Error reading private key\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
spki = NETSCAPE_SPKI_new();
|
||||
@ -194,7 +200,7 @@ int MAIN(int argc, char **argv)
|
||||
if (outfile) out = BIO_new_file(outfile, "w");
|
||||
else {
|
||||
out = BIO_new_fp(stdout, BIO_NOCLOSE);
|
||||
#ifdef VMS
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -224,15 +230,16 @@ int MAIN(int argc, char **argv)
|
||||
goto end;
|
||||
}
|
||||
|
||||
conf = CONF_load_bio(NULL, in, NULL);
|
||||
conf = NCONF_new(NULL);
|
||||
i = NCONF_load_bio(conf, in, NULL);
|
||||
|
||||
if(!conf) {
|
||||
if(!i) {
|
||||
BIO_printf(bio_err, "Error parsing config file\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
spkstr = CONF_get_string(conf, spksect, spkac);
|
||||
spkstr = NCONF_get_string(conf, spksect, spkac);
|
||||
|
||||
if(!spkstr) {
|
||||
BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac);
|
||||
@ -251,7 +258,7 @@ int MAIN(int argc, char **argv)
|
||||
if (outfile) out = BIO_new_file(outfile, "w");
|
||||
else {
|
||||
out = BIO_new_fp(stdout, BIO_NOCLOSE);
|
||||
#ifdef VMS
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -281,12 +288,12 @@ int MAIN(int argc, char **argv)
|
||||
ret = 0;
|
||||
|
||||
end:
|
||||
CONF_free(conf);
|
||||
NCONF_free(conf);
|
||||
NETSCAPE_SPKI_free(spki);
|
||||
BIO_free(in);
|
||||
BIO_free_all(out);
|
||||
BIO_free(key);
|
||||
EVP_PKEY_free(pkey);
|
||||
if(passin) OPENSSL_free(passin);
|
||||
EXIT(ret);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
@ -3,6 +3,18 @@
|
||||
DSA *get_dsa512(void );
|
||||
DSA *get_dsa1024(void );
|
||||
DSA *get_dsa2048(void );
|
||||
static unsigned char dsa512_priv[] = {
|
||||
0x65,0xe5,0xc7,0x38,0x60,0x24,0xb5,0x89,0xd4,0x9c,0xeb,0x4c,
|
||||
0x9c,0x1d,0x7a,0x22,0xbd,0xd1,0xc2,0xd2,
|
||||
};
|
||||
static unsigned char dsa512_pub[] = {
|
||||
0x00,0x95,0xa7,0x0d,0xec,0x93,0x68,0xba,0x5f,0xf7,0x5f,0x07,
|
||||
0xf2,0x3b,0xad,0x6b,0x01,0xdc,0xbe,0xec,0xde,0x04,0x7a,0x3a,
|
||||
0x27,0xb3,0xec,0x49,0xfd,0x08,0x43,0x3d,0x7e,0xa8,0x2c,0x5e,
|
||||
0x7b,0xbb,0xfc,0xf4,0x6e,0xeb,0x6c,0xb0,0x6e,0xf8,0x02,0x12,
|
||||
0x8c,0x38,0x5d,0x83,0x56,0x7d,0xee,0x53,0x05,0x3e,0x24,0x84,
|
||||
0xbe,0xba,0x0a,0x6b,0xc8,
|
||||
};
|
||||
static unsigned char dsa512_p[]={
|
||||
0x9D,0x1B,0x69,0x8E,0x26,0xDB,0xF2,0x2B,0x11,0x70,0x19,0x86,
|
||||
0xF6,0x19,0xC8,0xF8,0x19,0xF2,0x18,0x53,0x94,0x46,0x06,0xD0,
|
||||
@ -29,14 +41,34 @@ DSA *get_dsa512()
|
||||
DSA *dsa;
|
||||
|
||||
if ((dsa=DSA_new()) == NULL) return(NULL);
|
||||
dsa->priv_key=BN_bin2bn(dsa512_priv,sizeof(dsa512_priv),NULL);
|
||||
dsa->pub_key=BN_bin2bn(dsa512_pub,sizeof(dsa512_pub),NULL);
|
||||
dsa->p=BN_bin2bn(dsa512_p,sizeof(dsa512_p),NULL);
|
||||
dsa->q=BN_bin2bn(dsa512_q,sizeof(dsa512_q),NULL);
|
||||
dsa->g=BN_bin2bn(dsa512_g,sizeof(dsa512_g),NULL);
|
||||
if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
|
||||
if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||
|
||||
(dsa->q == NULL) || (dsa->g == NULL))
|
||||
return(NULL);
|
||||
return(dsa);
|
||||
}
|
||||
|
||||
static unsigned char dsa1024_priv[]={
|
||||
0x7d,0x21,0xda,0xbb,0x62,0x15,0x47,0x36,0x07,0x67,0x12,0xe8,
|
||||
0x8c,0xaa,0x1c,0xcd,0x38,0x12,0x61,0x18,
|
||||
};
|
||||
static unsigned char dsa1024_pub[]={
|
||||
0x3c,0x4e,0x9c,0x2a,0x7f,0x16,0xc1,0x25,0xeb,0xac,0x78,0x63,
|
||||
0x90,0x14,0x8c,0x8b,0xf4,0x68,0x43,0x3c,0x2d,0xee,0x65,0x50,
|
||||
0x7d,0x9c,0x8f,0x8c,0x8a,0x51,0xd6,0x11,0x2b,0x99,0xaf,0x1e,
|
||||
0x90,0x97,0xb5,0xd3,0xa6,0x20,0x25,0xd6,0xfe,0x43,0x02,0xd5,
|
||||
0x91,0x7d,0xa7,0x8c,0xdb,0xc9,0x85,0xa3,0x36,0x48,0xf7,0x68,
|
||||
0xaa,0x60,0xb1,0xf7,0x05,0x68,0x3a,0xa3,0x3f,0xd3,0x19,0x82,
|
||||
0xd8,0x82,0x7a,0x77,0xfb,0xef,0xf4,0x15,0x0a,0xeb,0x06,0x04,
|
||||
0x7f,0x53,0x07,0x0c,0xbc,0xcb,0x2d,0x83,0xdb,0x3e,0xd1,0x28,
|
||||
0xa5,0xa1,0x31,0xe0,0x67,0xfa,0x50,0xde,0x9b,0x07,0x83,0x7e,
|
||||
0x2c,0x0b,0xc3,0x13,0x50,0x61,0xe5,0xad,0xbd,0x36,0xb8,0x97,
|
||||
0x4e,0x40,0x7d,0xe8,0x83,0x0d,0xbc,0x4b
|
||||
};
|
||||
static unsigned char dsa1024_p[]={
|
||||
0xA7,0x3F,0x6E,0x85,0xBF,0x41,0x6A,0x29,0x7D,0xF0,0x9F,0x47,
|
||||
0x19,0x30,0x90,0x9A,0x09,0x1D,0xDA,0x6A,0x33,0x1E,0xC5,0x3D,
|
||||
@ -73,14 +105,45 @@ DSA *get_dsa1024()
|
||||
DSA *dsa;
|
||||
|
||||
if ((dsa=DSA_new()) == NULL) return(NULL);
|
||||
dsa->priv_key=BN_bin2bn(dsa1024_priv,sizeof(dsa1024_priv),NULL);
|
||||
dsa->pub_key=BN_bin2bn(dsa1024_pub,sizeof(dsa1024_pub),NULL);
|
||||
dsa->p=BN_bin2bn(dsa1024_p,sizeof(dsa1024_p),NULL);
|
||||
dsa->q=BN_bin2bn(dsa1024_q,sizeof(dsa1024_q),NULL);
|
||||
dsa->g=BN_bin2bn(dsa1024_g,sizeof(dsa1024_g),NULL);
|
||||
if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
|
||||
if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||
|
||||
(dsa->q == NULL) || (dsa->g == NULL))
|
||||
return(NULL);
|
||||
return(dsa);
|
||||
}
|
||||
|
||||
static unsigned char dsa2048_priv[]={
|
||||
0x32,0x67,0x92,0xf6,0xc4,0xe2,0xe2,0xe8,0xa0,0x8b,0x6b,0x45,
|
||||
0x0c,0x8a,0x76,0xb0,0xee,0xcf,0x91,0xa7,
|
||||
};
|
||||
static unsigned char dsa2048_pub[]={
|
||||
0x17,0x8f,0xa8,0x11,0x84,0x92,0xec,0x83,0x47,0xc7,0x6a,0xb0,
|
||||
0x92,0xaf,0x5a,0x20,0x37,0xa3,0x64,0x79,0xd2,0xd0,0x3d,0xcd,
|
||||
0xe0,0x61,0x88,0x88,0x21,0xcc,0x74,0x5d,0xce,0x4c,0x51,0x47,
|
||||
0xf0,0xc5,0x5c,0x4c,0x82,0x7a,0xaf,0x72,0xad,0xb9,0xe0,0x53,
|
||||
0xf2,0x78,0xb7,0xf0,0xb5,0x48,0x7f,0x8a,0x3a,0x18,0xd1,0x9f,
|
||||
0x8b,0x7d,0xa5,0x47,0xb7,0x95,0xab,0x98,0xf8,0x7b,0x74,0x50,
|
||||
0x56,0x8e,0x57,0xf0,0xee,0xf5,0xb7,0xba,0xab,0x85,0x86,0xf9,
|
||||
0x2b,0xef,0x41,0x56,0xa0,0xa4,0x9f,0xb7,0x38,0x00,0x46,0x0a,
|
||||
0xa6,0xf1,0xfc,0x1f,0xd8,0x4e,0x85,0x44,0x92,0x43,0x21,0x5d,
|
||||
0x6e,0xcc,0xc2,0xcb,0x26,0x31,0x0d,0x21,0xc4,0xbd,0x8d,0x24,
|
||||
0xbc,0xd9,0x18,0x19,0xd7,0xdc,0xf1,0xe7,0x93,0x50,0x48,0x03,
|
||||
0x2c,0xae,0x2e,0xe7,0x49,0x88,0x5f,0x93,0x57,0x27,0x99,0x36,
|
||||
0xb4,0x20,0xab,0xfc,0xa7,0x2b,0xf2,0xd9,0x98,0xd7,0xd4,0x34,
|
||||
0x9d,0x96,0x50,0x58,0x9a,0xea,0x54,0xf3,0xee,0xf5,0x63,0x14,
|
||||
0xee,0x85,0x83,0x74,0x76,0xe1,0x52,0x95,0xc3,0xf7,0xeb,0x04,
|
||||
0x04,0x7b,0xa7,0x28,0x1b,0xcc,0xea,0x4a,0x4e,0x84,0xda,0xd8,
|
||||
0x9c,0x79,0xd8,0x9b,0x66,0x89,0x2f,0xcf,0xac,0xd7,0x79,0xf9,
|
||||
0xa9,0xd8,0x45,0x13,0x78,0xb9,0x00,0x14,0xc9,0x7e,0x22,0x51,
|
||||
0x86,0x67,0xb0,0x9f,0x26,0x11,0x23,0xc8,0x38,0xd7,0x70,0x1d,
|
||||
0x15,0x8e,0x4d,0x4f,0x95,0x97,0x40,0xa1,0xc2,0x7e,0x01,0x18,
|
||||
0x72,0xf4,0x10,0xe6,0x8d,0x52,0x16,0x7f,0xf2,0xc9,0xf8,0x33,
|
||||
0x8b,0x33,0xb7,0xce,
|
||||
};
|
||||
static unsigned char dsa2048_p[]={
|
||||
0xA0,0x25,0xFA,0xAD,0xF4,0x8E,0xB9,0xE5,0x99,0xF3,0x5D,0x6F,
|
||||
0x4F,0x83,0x34,0xE2,0x7E,0xCF,0x6F,0xBF,0x30,0xAF,0x6F,0x81,
|
||||
@ -139,10 +202,13 @@ DSA *get_dsa2048()
|
||||
DSA *dsa;
|
||||
|
||||
if ((dsa=DSA_new()) == NULL) return(NULL);
|
||||
dsa->priv_key=BN_bin2bn(dsa2048_priv,sizeof(dsa2048_priv),NULL);
|
||||
dsa->pub_key=BN_bin2bn(dsa2048_pub,sizeof(dsa2048_pub),NULL);
|
||||
dsa->p=BN_bin2bn(dsa2048_p,sizeof(dsa2048_p),NULL);
|
||||
dsa->q=BN_bin2bn(dsa2048_q,sizeof(dsa2048_q),NULL);
|
||||
dsa->g=BN_bin2bn(dsa2048_g,sizeof(dsa2048_g),NULL);
|
||||
if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
|
||||
if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||
|
||||
(dsa->q == NULL) || (dsa->g == NULL))
|
||||
return(NULL);
|
||||
return(dsa);
|
||||
}
|
||||
|
@ -70,14 +70,15 @@
|
||||
#define PROG verify_main
|
||||
|
||||
static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx);
|
||||
static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose);
|
||||
static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose, ENGINE *e);
|
||||
static STACK_OF(X509) *load_untrusted(char *file);
|
||||
static int v_verbose=0, issuer_checks = 0;
|
||||
static int v_verbose=0, vflags = 0;
|
||||
|
||||
int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
ENGINE *e = NULL;
|
||||
int i,ret=1;
|
||||
int purpose = -1;
|
||||
char *CApath=NULL,*CAfile=NULL;
|
||||
@ -85,6 +86,7 @@ int MAIN(int argc, char **argv)
|
||||
STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
|
||||
X509_STORE *cert_ctx=NULL;
|
||||
X509_LOOKUP *lookup=NULL;
|
||||
char *engine=NULL;
|
||||
|
||||
cert_ctx=X509_STORE_new();
|
||||
if (cert_ctx == NULL) goto end;
|
||||
@ -98,6 +100,9 @@ int MAIN(int argc, char **argv)
|
||||
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
argc--;
|
||||
argv++;
|
||||
for (;;)
|
||||
@ -137,10 +142,21 @@ int MAIN(int argc, char **argv)
|
||||
if (argc-- < 1) goto end;
|
||||
trustfile= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-engine") == 0)
|
||||
{
|
||||
if (--argc < 1) goto end;
|
||||
engine= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-help") == 0)
|
||||
goto end;
|
||||
else if (strcmp(*argv,"-ignore_critical") == 0)
|
||||
vflags |= X509_V_FLAG_IGNORE_CRITICAL;
|
||||
else if (strcmp(*argv,"-issuer_checks") == 0)
|
||||
issuer_checks=1;
|
||||
vflags |= X509_V_FLAG_CB_ISSUER_CHECK;
|
||||
else if (strcmp(*argv,"-crl_check") == 0)
|
||||
vflags |= X509_V_FLAG_CRL_CHECK;
|
||||
else if (strcmp(*argv,"-crl_check_all") == 0)
|
||||
vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
|
||||
else if (strcmp(*argv,"-verbose") == 0)
|
||||
v_verbose=1;
|
||||
else if (argv[0][0] == '-')
|
||||
@ -154,6 +170,8 @@ int MAIN(int argc, char **argv)
|
||||
break;
|
||||
}
|
||||
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
|
||||
lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
|
||||
if (lookup == NULL) abort();
|
||||
if (CAfile) {
|
||||
@ -194,14 +212,14 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
}
|
||||
|
||||
if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, purpose);
|
||||
if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, purpose, e);
|
||||
else
|
||||
for (i=0; i<argc; i++)
|
||||
check(cert_ctx,argv[i], untrusted, trusted, purpose);
|
||||
check(cert_ctx,argv[i], untrusted, trusted, purpose, e);
|
||||
ret=0;
|
||||
end:
|
||||
if (ret == 1) {
|
||||
BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] cert1 cert2 ...\n");
|
||||
BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check] [-engine e] cert1 cert2 ...\n");
|
||||
BIO_printf(bio_err,"recognized usages:\n");
|
||||
for(i = 0; i < X509_PURPOSE_get_count(); i++) {
|
||||
X509_PURPOSE *ptmp;
|
||||
@ -213,42 +231,19 @@ int MAIN(int argc, char **argv)
|
||||
if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
|
||||
sk_X509_pop_free(untrusted, X509_free);
|
||||
sk_X509_pop_free(trusted, X509_free);
|
||||
EXIT(ret);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose)
|
||||
static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose, ENGINE *e)
|
||||
{
|
||||
X509 *x=NULL;
|
||||
BIO *in=NULL;
|
||||
int i=0,ret=0;
|
||||
X509_STORE_CTX *csc;
|
||||
|
||||
in=BIO_new(BIO_s_file());
|
||||
if (in == NULL)
|
||||
{
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (file == NULL)
|
||||
BIO_set_fp(in,stdin,BIO_NOCLOSE);
|
||||
else
|
||||
{
|
||||
if (BIO_read_filename(in,file) <= 0)
|
||||
{
|
||||
perror(file);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
x=PEM_read_bio_X509(in,NULL,NULL,NULL);
|
||||
x = load_cert(bio_err, file, FORMAT_PEM, NULL, e, "certificate file");
|
||||
if (x == NULL)
|
||||
{
|
||||
fprintf(stdout,"%s: unable to load certificate file\n",
|
||||
(file == NULL)?"stdin":file);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
fprintf(stdout,"%s: ",(file == NULL)?"stdin":file);
|
||||
|
||||
csc = X509_STORE_CTX_new();
|
||||
@ -257,11 +252,14 @@ static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
X509_STORE_CTX_init(csc,ctx,x,uchain);
|
||||
X509_STORE_set_flags(ctx, vflags);
|
||||
if(!X509_STORE_CTX_init(csc,ctx,x,uchain))
|
||||
{
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
if(tchain) X509_STORE_CTX_trusted_stack(csc, tchain);
|
||||
if(purpose >= 0) X509_STORE_CTX_set_purpose(csc, purpose);
|
||||
if(issuer_checks)
|
||||
X509_STORE_CTX_set_flags(csc, X509_V_FLAG_CB_ISSUER_CHECK);
|
||||
i=X509_verify_cert(csc);
|
||||
X509_STORE_CTX_free(csc);
|
||||
|
||||
@ -275,7 +273,6 @@ static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X
|
||||
else
|
||||
ERR_print_errors(bio_err);
|
||||
if (x != NULL) X509_free(x);
|
||||
if (in != NULL) BIO_free(in);
|
||||
|
||||
return(ret);
|
||||
}
|
||||
@ -333,7 +330,8 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
|
||||
if (!ok)
|
||||
{
|
||||
X509_NAME_oneline(
|
||||
X509_get_subject_name(ctx->current_cert),buf,256);
|
||||
X509_get_subject_name(ctx->current_cert),buf,
|
||||
sizeof buf);
|
||||
printf("%s\n",buf);
|
||||
printf("error %d at %d depth lookup:%s\n",ctx->error,
|
||||
ctx->error_depth,
|
||||
@ -349,6 +347,9 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
|
||||
if (ctx->error == X509_V_ERR_PATH_LENGTH_EXCEEDED) ok=1;
|
||||
if (ctx->error == X509_V_ERR_INVALID_PURPOSE) ok=1;
|
||||
if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1;
|
||||
if (ctx->error == X509_V_ERR_CRL_HAS_EXPIRED) ok=1;
|
||||
if (ctx->error == X509_V_ERR_CRL_NOT_YET_VALID) ok=1;
|
||||
if (ctx->error == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) ok=1;
|
||||
}
|
||||
if (!v_verbose)
|
||||
ERR_clear_error();
|
||||
|
@ -55,6 +55,59 @@
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
@ -62,6 +115,21 @@
|
||||
#include "apps.h"
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/crypto.h>
|
||||
#ifndef OPENSSL_NO_MD2
|
||||
# include <openssl/md2.h>
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_RC4
|
||||
# include <openssl/rc4.h>
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DES
|
||||
# include <openssl/des.h>
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_IDEA
|
||||
# include <openssl/idea.h>
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_BF
|
||||
# include <openssl/blowfish.h>
|
||||
#endif
|
||||
|
||||
#undef PROG
|
||||
#define PROG version_main
|
||||
@ -71,7 +139,7 @@ int MAIN(int, char **);
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
int i,ret=0;
|
||||
int cflags=0,version=0,date=0,options=0,platform=0;
|
||||
int cflags=0,version=0,date=0,options=0,platform=0,dir=0;
|
||||
|
||||
apps_startup();
|
||||
|
||||
@ -92,8 +160,10 @@ int MAIN(int argc, char **argv)
|
||||
options=1;
|
||||
else if (strcmp(argv[i],"-p") == 0)
|
||||
platform=1;
|
||||
else if (strcmp(argv[i],"-d") == 0)
|
||||
dir=1;
|
||||
else if (strcmp(argv[i],"-a") == 0)
|
||||
date=version=cflags=options=platform=1;
|
||||
date=version=cflags=options=platform=dir=1;
|
||||
else
|
||||
{
|
||||
BIO_printf(bio_err,"usage:version -[avbofp]\n");
|
||||
@ -109,24 +179,26 @@ int MAIN(int argc, char **argv)
|
||||
{
|
||||
printf("options: ");
|
||||
printf("%s ",BN_options());
|
||||
#ifndef NO_MD2
|
||||
#ifndef OPENSSL_NO_MD2
|
||||
printf("%s ",MD2_options());
|
||||
#endif
|
||||
#ifndef NO_RC4
|
||||
#ifndef OPENSSL_NO_RC4
|
||||
printf("%s ",RC4_options());
|
||||
#endif
|
||||
#ifndef NO_DES
|
||||
printf("%s ",des_options());
|
||||
#ifndef OPENSSL_NO_DES
|
||||
printf("%s ",DES_options());
|
||||
#endif
|
||||
#ifndef NO_IDEA
|
||||
#ifndef OPENSSL_NO_IDEA
|
||||
printf("%s ",idea_options());
|
||||
#endif
|
||||
#ifndef NO_BF
|
||||
#ifndef OPENSSL_NO_BF
|
||||
printf("%s ",BF_options());
|
||||
#endif
|
||||
printf("\n");
|
||||
}
|
||||
if (cflags) printf("%s\n",SSLeay_version(SSLEAY_CFLAGS));
|
||||
if (dir) printf("%s\n",SSLeay_version(SSLEAY_DIR));
|
||||
end:
|
||||
EXIT(ret);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
@ -118,7 +118,6 @@ LRESULT CALLBACK WndProc(HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam)
|
||||
HDC hdc;
|
||||
PAINTSTRUCT ps;
|
||||
RECT rect;
|
||||
char buffer[200];
|
||||
static int seeded = 0;
|
||||
|
||||
switch (iMsg)
|
||||
|
@ -60,7 +60,7 @@
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#ifdef NO_STDIO
|
||||
#ifdef OPENSSL_NO_STDIO
|
||||
#define APPS_WIN16
|
||||
#endif
|
||||
#include "apps.h"
|
||||
@ -105,6 +105,7 @@ static char *x509_usage[]={
|
||||
" -fingerprint - print the certificate fingerprint\n",
|
||||
" -alias - output certificate alias\n",
|
||||
" -noout - no certificate output\n",
|
||||
" -ocspid - print OCSP hash values for the subject name and public key\n",
|
||||
" -trustout - output a \"trusted\" certificate\n",
|
||||
" -clrtrust - clear all trusted purposes\n",
|
||||
" -clrreject - clear all rejected purposes\n",
|
||||
@ -121,7 +122,8 @@ static char *x509_usage[]={
|
||||
" -CAkey arg - set the CA key, must be PEM format\n",
|
||||
" missing, it is assumed to be in the CA file.\n",
|
||||
" -CAcreateserial - create serial number file if it does not exist\n",
|
||||
" -CAserial - serial file\n",
|
||||
" -CAserial arg - serial file\n",
|
||||
" -set_serial - serial number to use\n",
|
||||
" -text - print the certificate in text form\n",
|
||||
" -C - print out C code forms\n",
|
||||
" -md2/-md5/-sha1/-mdc2 - digest to use\n",
|
||||
@ -129,15 +131,18 @@ static char *x509_usage[]={
|
||||
" -extensions - section from config file with X509V3 extensions to add\n",
|
||||
" -clrext - delete extensions before signing and input certificate\n",
|
||||
" -nameopt arg - various certificate name options\n",
|
||||
" -engine e - use engine e, possibly a hardware device.\n",
|
||||
" -certopt arg - various certificate text options\n",
|
||||
NULL
|
||||
};
|
||||
|
||||
static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
|
||||
static int sign (X509 *x, EVP_PKEY *pkey,int days,int clrext, const EVP_MD *digest,
|
||||
LHASH *conf, char *section);
|
||||
CONF *conf, char *section);
|
||||
static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest,
|
||||
X509 *x,X509 *xca,EVP_PKEY *pkey,char *serial,
|
||||
int create,int days, int clrext, LHASH *conf, char *section);
|
||||
int create,int days, int clrext, CONF *conf, char *section,
|
||||
ASN1_INTEGER *sno);
|
||||
static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);
|
||||
static int reqfile=0;
|
||||
|
||||
@ -145,11 +150,13 @@ int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
ENGINE *e = NULL;
|
||||
int ret=1;
|
||||
X509_REQ *req=NULL;
|
||||
X509 *x=NULL,*xca=NULL;
|
||||
ASN1_OBJECT *objtmp;
|
||||
EVP_PKEY *Upkey=NULL,*CApkey=NULL;
|
||||
ASN1_INTEGER *sno = NULL;
|
||||
int i,num,badops=0;
|
||||
BIO *out=NULL;
|
||||
BIO *STDout=NULL;
|
||||
@ -159,6 +166,7 @@ int MAIN(int argc, char **argv)
|
||||
char *CAkeyfile=NULL,*CAserial=NULL;
|
||||
char *alias=NULL;
|
||||
int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0;
|
||||
int ocspid=0;
|
||||
int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;
|
||||
int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
|
||||
int C=0;
|
||||
@ -170,11 +178,12 @@ int MAIN(int argc, char **argv)
|
||||
int fingerprint=0;
|
||||
char buf[256];
|
||||
const EVP_MD *md_alg,*digest=EVP_md5();
|
||||
LHASH *extconf = NULL;
|
||||
CONF *extconf = NULL;
|
||||
char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
|
||||
int need_rand = 0;
|
||||
int checkend=0,checkoffset=0;
|
||||
unsigned long nmflag = 0;
|
||||
unsigned long nmflag = 0, certflag = 0;
|
||||
char *engine=NULL;
|
||||
|
||||
reqfile=0;
|
||||
|
||||
@ -182,8 +191,11 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
if (bio_err == NULL)
|
||||
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
|
||||
#ifdef VMS
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
STDout = BIO_push(tmpbio, STDout);
|
||||
@ -294,6 +306,12 @@ int MAIN(int argc, char **argv)
|
||||
if (--argc < 1) goto bad;
|
||||
CAserial= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-set_serial") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
if (!(sno = s2i_ASN1_INTEGER(NULL, *(++argv))))
|
||||
goto bad;
|
||||
}
|
||||
else if (strcmp(*argv,"-addtrust") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
@ -326,6 +344,11 @@ int MAIN(int argc, char **argv)
|
||||
alias= *(++argv);
|
||||
trustout = 1;
|
||||
}
|
||||
else if (strcmp(*argv,"-certopt") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
if (!set_cert_ex(&certflag, *(++argv))) goto bad;
|
||||
}
|
||||
else if (strcmp(*argv,"-nameopt") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
@ -337,6 +360,11 @@ int MAIN(int argc, char **argv)
|
||||
alias= *(++argv);
|
||||
trustout = 1;
|
||||
}
|
||||
else if (strcmp(*argv,"-engine") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
engine= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-C") == 0)
|
||||
C= ++num;
|
||||
else if (strcmp(*argv,"-email") == 0)
|
||||
@ -397,6 +425,8 @@ int MAIN(int argc, char **argv)
|
||||
clrext = 1;
|
||||
}
|
||||
#endif
|
||||
else if (strcmp(*argv,"-ocspid") == 0)
|
||||
ocspid= ++num;
|
||||
else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
|
||||
{
|
||||
/* ok */
|
||||
@ -416,10 +446,12 @@ int MAIN(int argc, char **argv)
|
||||
{
|
||||
bad:
|
||||
for (pp=x509_usage; (*pp != NULL); pp++)
|
||||
BIO_printf(bio_err,*pp);
|
||||
BIO_printf(bio_err,"%s",*pp);
|
||||
goto end;
|
||||
}
|
||||
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
|
||||
if (need_rand)
|
||||
app_RAND_load_file(NULL, bio_err, 0);
|
||||
|
||||
@ -447,9 +479,10 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
if (extfile)
|
||||
{
|
||||
long errorline;
|
||||
long errorline = -1;
|
||||
X509V3_CTX ctx2;
|
||||
if (!(extconf=CONF_load(NULL,extfile,&errorline)))
|
||||
extconf = NCONF_new(NULL);
|
||||
if (!NCONF_load(extconf, extfile,&errorline))
|
||||
{
|
||||
if (errorline <= 0)
|
||||
BIO_printf(bio_err,
|
||||
@ -461,11 +494,18 @@ int MAIN(int argc, char **argv)
|
||||
,errorline,extfile);
|
||||
goto end;
|
||||
}
|
||||
if (!extsect && !(extsect = CONF_get_string(extconf, "default",
|
||||
"extensions"))) extsect = "default";
|
||||
if (!extsect)
|
||||
{
|
||||
extsect = NCONF_get_string(extconf, "default", "extensions");
|
||||
if (!extsect)
|
||||
{
|
||||
ERR_clear_error();
|
||||
extsect = "default";
|
||||
}
|
||||
}
|
||||
X509V3_set_ctx_test(&ctx2);
|
||||
X509V3_set_conf_lhash(&ctx2, extconf);
|
||||
if (!X509V3_EXT_add_conf(extconf, &ctx2, extsect, NULL))
|
||||
X509V3_set_nconf(&ctx2, extconf);
|
||||
if (!X509V3_EXT_add_nconf(extconf, &ctx2, extsect, NULL))
|
||||
{
|
||||
BIO_printf(bio_err,
|
||||
"Error Loading extension section %s\n",
|
||||
@ -549,7 +589,12 @@ int MAIN(int argc, char **argv)
|
||||
if ((x=X509_new()) == NULL) goto end;
|
||||
ci=x->cert_info;
|
||||
|
||||
if (!ASN1_INTEGER_set(X509_get_serialNumber(x),0)) goto end;
|
||||
if (sno)
|
||||
{
|
||||
if (!X509_set_serialNumber(x, sno))
|
||||
goto end;
|
||||
}
|
||||
else if (!ASN1_INTEGER_set(X509_get_serialNumber(x),0)) goto end;
|
||||
if (!X509_set_issuer_name(x,req->req_info->subject)) goto end;
|
||||
if (!X509_set_subject_name(x,req->req_info->subject)) goto end;
|
||||
|
||||
@ -561,12 +606,12 @@ int MAIN(int argc, char **argv)
|
||||
EVP_PKEY_free(pkey);
|
||||
}
|
||||
else
|
||||
x=load_cert(bio_err,infile,informat);
|
||||
x=load_cert(bio_err,infile,informat,NULL,e,"Certificate");
|
||||
|
||||
if (x == NULL) goto end;
|
||||
if (CA_flag)
|
||||
{
|
||||
xca=load_cert(bio_err,CAfile,CAformat);
|
||||
xca=load_cert(bio_err,CAfile,CAformat,NULL,e,"CA Certificate");
|
||||
if (xca == NULL) goto end;
|
||||
}
|
||||
|
||||
@ -584,7 +629,7 @@ int MAIN(int argc, char **argv)
|
||||
if (outfile == NULL)
|
||||
{
|
||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||
#ifdef VMS
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -688,12 +733,12 @@ int MAIN(int argc, char **argv)
|
||||
goto end;
|
||||
}
|
||||
BIO_printf(STDout,"Modulus=");
|
||||
#ifndef NO_RSA
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
if (pkey->type == EVP_PKEY_RSA)
|
||||
BN_print(STDout,pkey->pkey.rsa->n);
|
||||
else
|
||||
#endif
|
||||
#ifndef NO_DSA
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
if (pkey->type == EVP_PKEY_DSA)
|
||||
BN_print(STDout,pkey->pkey.dsa->pub_key);
|
||||
else
|
||||
@ -725,10 +770,11 @@ int MAIN(int argc, char **argv)
|
||||
int y,z;
|
||||
|
||||
X509_NAME_oneline(X509_get_subject_name(x),
|
||||
buf,256);
|
||||
buf,sizeof buf);
|
||||
BIO_printf(STDout,"/* subject:%s */\n",buf);
|
||||
m=X509_NAME_oneline(
|
||||
X509_get_issuer_name(x),buf,256);
|
||||
X509_get_issuer_name(x),buf,
|
||||
sizeof buf);
|
||||
BIO_printf(STDout,"/* issuer :%s */\n",buf);
|
||||
|
||||
z=i2d_X509(x,NULL);
|
||||
@ -774,7 +820,7 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
else if (text == i)
|
||||
{
|
||||
X509_print(out,x);
|
||||
X509_print_ex(out,x,nmflag, certflag);
|
||||
}
|
||||
else if (startdate == i)
|
||||
{
|
||||
@ -816,10 +862,11 @@ int MAIN(int argc, char **argv)
|
||||
if (Upkey == NULL)
|
||||
{
|
||||
Upkey=load_key(bio_err,
|
||||
keyfile,keyformat, passin);
|
||||
keyfile, keyformat, 0,
|
||||
passin, e, "Private key");
|
||||
if (Upkey == NULL) goto end;
|
||||
}
|
||||
#ifndef NO_DSA
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
if (Upkey->type == EVP_PKEY_DSA)
|
||||
digest=EVP_dss1();
|
||||
#endif
|
||||
@ -834,10 +881,12 @@ int MAIN(int argc, char **argv)
|
||||
if (CAkeyfile != NULL)
|
||||
{
|
||||
CApkey=load_key(bio_err,
|
||||
CAkeyfile,CAkeyformat, passin);
|
||||
CAkeyfile, CAkeyformat,
|
||||
0, passin, e,
|
||||
"CA Private Key");
|
||||
if (CApkey == NULL) goto end;
|
||||
}
|
||||
#ifndef NO_DSA
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
if (CApkey->type == EVP_PKEY_DSA)
|
||||
digest=EVP_dss1();
|
||||
#endif
|
||||
@ -845,7 +894,7 @@ int MAIN(int argc, char **argv)
|
||||
assert(need_rand);
|
||||
if (!x509_certify(ctx,CAfile,digest,x,xca,
|
||||
CApkey, CAserial,CA_createserial,days, clrext,
|
||||
extconf, extsect))
|
||||
extconf, extsect, sno))
|
||||
goto end;
|
||||
}
|
||||
else if (x509req == i)
|
||||
@ -861,13 +910,14 @@ int MAIN(int argc, char **argv)
|
||||
else
|
||||
{
|
||||
pk=load_key(bio_err,
|
||||
keyfile,FORMAT_PEM, passin);
|
||||
keyfile, FORMAT_PEM, 0,
|
||||
passin, e, "request key");
|
||||
if (pk == NULL) goto end;
|
||||
}
|
||||
|
||||
BIO_printf(bio_err,"Generating certificate request\n");
|
||||
|
||||
#ifndef NO_DSA
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
if (pk->type == EVP_PKEY_DSA)
|
||||
digest=EVP_dss1();
|
||||
#endif
|
||||
@ -886,6 +936,10 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
noout=1;
|
||||
}
|
||||
else if (ocspid == i)
|
||||
{
|
||||
X509_ocspid_print(out, x);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -948,7 +1002,7 @@ int MAIN(int argc, char **argv)
|
||||
if (need_rand)
|
||||
app_RAND_write_file(NULL, bio_err);
|
||||
OBJ_cleanup();
|
||||
CONF_free(extconf);
|
||||
NCONF_free(extconf);
|
||||
BIO_free_all(out);
|
||||
BIO_free_all(STDout);
|
||||
X509_STORE_free(ctx);
|
||||
@ -958,32 +1012,23 @@ int MAIN(int argc, char **argv)
|
||||
EVP_PKEY_free(Upkey);
|
||||
EVP_PKEY_free(CApkey);
|
||||
X509_REQ_free(rq);
|
||||
ASN1_INTEGER_free(sno);
|
||||
sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
|
||||
sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
|
||||
if (passin) OPENSSL_free(passin);
|
||||
EXIT(ret);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
|
||||
X509 *x, X509 *xca, EVP_PKEY *pkey, char *serialfile, int create,
|
||||
int days, int clrext, LHASH *conf, char *section)
|
||||
static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create)
|
||||
{
|
||||
int ret=0;
|
||||
BIO *io=NULL;
|
||||
char *buf = NULL, *p;
|
||||
MS_STATIC char buf2[1024];
|
||||
char *buf=NULL,*p;
|
||||
BIGNUM *serial=NULL;
|
||||
ASN1_INTEGER *bs=NULL,bs2;
|
||||
X509_STORE_CTX xsc;
|
||||
EVP_PKEY *upkey;
|
||||
ASN1_INTEGER *bs = NULL, *bs2 = NULL;
|
||||
BIO *io = NULL;
|
||||
BIGNUM *serial = NULL;
|
||||
|
||||
upkey = X509_get_pubkey(xca);
|
||||
EVP_PKEY_copy_parameters(upkey,pkey);
|
||||
EVP_PKEY_free(upkey);
|
||||
|
||||
X509_STORE_CTX_init(&xsc,ctx,x,NULL);
|
||||
buf=OPENSSL_malloc(EVP_PKEY_size(pkey)*2+
|
||||
((serialfile == NULL)
|
||||
buf=OPENSSL_malloc( ((serialfile == NULL)
|
||||
?(strlen(CAfile)+strlen(POSTFIX)+1)
|
||||
:(strlen(serialfile)))+1);
|
||||
if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; }
|
||||
@ -1030,7 +1075,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
|
||||
}
|
||||
else
|
||||
{
|
||||
if (!a2i_ASN1_INTEGER(io,bs,buf2,1024))
|
||||
if (!a2i_ASN1_INTEGER(io,bs,buf2,sizeof buf2))
|
||||
{
|
||||
BIO_printf(bio_err,"unable to load serial number from %s\n",buf);
|
||||
ERR_print_errors(bio_err);
|
||||
@ -1049,20 +1094,55 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
|
||||
|
||||
if (!BN_add_word(serial,1))
|
||||
{ BIO_printf(bio_err,"add_word failure\n"); goto end; }
|
||||
bs2.data=(unsigned char *)buf2;
|
||||
bs2.length=BN_bn2bin(serial,bs2.data);
|
||||
|
||||
if (!(bs2 = BN_to_ASN1_INTEGER(serial, NULL)))
|
||||
{ BIO_printf(bio_err,"error converting bn 2 asn1_integer\n"); goto end; }
|
||||
if (BIO_write_filename(io,buf) <= 0)
|
||||
{
|
||||
BIO_printf(bio_err,"error attempting to write serial number file\n");
|
||||
perror(buf);
|
||||
goto end;
|
||||
}
|
||||
i2a_ASN1_INTEGER(io,&bs2);
|
||||
i2a_ASN1_INTEGER(io,bs2);
|
||||
BIO_puts(io,"\n");
|
||||
|
||||
BIO_free(io);
|
||||
if (buf) OPENSSL_free(buf);
|
||||
ASN1_INTEGER_free(bs2);
|
||||
BN_free(serial);
|
||||
io=NULL;
|
||||
|
||||
return bs;
|
||||
|
||||
end:
|
||||
if (buf) OPENSSL_free(buf);
|
||||
BIO_free(io);
|
||||
ASN1_INTEGER_free(bs);
|
||||
BN_free(serial);
|
||||
return NULL;
|
||||
|
||||
}
|
||||
|
||||
static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
|
||||
X509 *x, X509 *xca, EVP_PKEY *pkey, char *serialfile, int create,
|
||||
int days, int clrext, CONF *conf, char *section, ASN1_INTEGER *sno)
|
||||
{
|
||||
int ret=0;
|
||||
ASN1_INTEGER *bs=NULL;
|
||||
X509_STORE_CTX xsc;
|
||||
EVP_PKEY *upkey;
|
||||
|
||||
upkey = X509_get_pubkey(xca);
|
||||
EVP_PKEY_copy_parameters(upkey,pkey);
|
||||
EVP_PKEY_free(upkey);
|
||||
|
||||
if(!X509_STORE_CTX_init(&xsc,ctx,x,NULL))
|
||||
{
|
||||
BIO_printf(bio_err,"Error initialising X509 store\n");
|
||||
goto end;
|
||||
}
|
||||
if (sno) bs = sno;
|
||||
else if (!(bs = load_serial(CAfile, serialfile, create)))
|
||||
goto end;
|
||||
|
||||
if (!X509_STORE_add_cert(ctx,x)) goto end;
|
||||
|
||||
/* NOTE: this certificate can/should be self signed, unless it was
|
||||
@ -1097,8 +1177,8 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
|
||||
X509V3_CTX ctx2;
|
||||
X509_set_version(x,2); /* version 3 certificate */
|
||||
X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
|
||||
X509V3_set_conf_lhash(&ctx2, conf);
|
||||
if (!X509V3_EXT_add_conf(conf, &ctx2, section, x)) goto end;
|
||||
X509V3_set_nconf(&ctx2, conf);
|
||||
if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x)) goto end;
|
||||
}
|
||||
|
||||
if (!X509_sign(x,pkey,digest)) goto end;
|
||||
@ -1107,10 +1187,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
|
||||
X509_STORE_CTX_cleanup(&xsc);
|
||||
if (!ret)
|
||||
ERR_print_errors(bio_err);
|
||||
if (buf != NULL) OPENSSL_free(buf);
|
||||
if (bs != NULL) ASN1_INTEGER_free(bs);
|
||||
if (io != NULL) BIO_free(io);
|
||||
if (serial != NULL) BN_free(serial);
|
||||
if (!sno) ASN1_INTEGER_free(bs);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -1147,7 +1224,7 @@ static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
|
||||
|
||||
/* self sign */
|
||||
static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest,
|
||||
LHASH *conf, char *section)
|
||||
CONF *conf, char *section)
|
||||
{
|
||||
|
||||
EVP_PKEY *pktmp;
|
||||
@ -1177,8 +1254,8 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *dig
|
||||
X509V3_CTX ctx;
|
||||
X509_set_version(x,2); /* version 3 certificate */
|
||||
X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
|
||||
X509V3_set_conf_lhash(&ctx, conf);
|
||||
if (!X509V3_EXT_add_conf(conf, &ctx, section, x)) goto err;
|
||||
X509V3_set_nconf(&ctx, conf);
|
||||
if (!X509V3_EXT_add_nconf(conf, &ctx, section, x)) goto err;
|
||||
}
|
||||
if (!X509_sign(x,pkey,digest)) goto err;
|
||||
return 1;
|
||||
@ -1203,6 +1280,3 @@ static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
@ -58,7 +58,7 @@
|
||||
|
||||
#include <stdio.h>
|
||||
#include <openssl/rc4.h>
|
||||
#ifdef NO_DES
|
||||
#ifdef OPENSSL_NO_DES
|
||||
#include <des.h>
|
||||
#else
|
||||
#include <openssl/des.h>
|
||||
|
19
crypto/openssl/certs/RegTP-4R.pem
Normal file
19
crypto/openssl/certs/RegTP-4R.pem
Normal file
@ -0,0 +1,19 @@
|
||||
issuer= CN=4R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
|
||||
notBefore=Jan 21 16:04:53 1999 GMT
|
||||
notAfter=Jan 21 16:04:53 2004 GMT
|
||||
subject= CN=4R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICZzCCAdOgAwIBAgIEOwVn1DAKBgYrJAMDAQIFADBvMQswCQYDVQQGEwJERTE9
|
||||
MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWth
|
||||
dGlvbiB1bmQgUG9zdDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAo0Ui1DQSAxOlBO
|
||||
MCIYDzE5OTkwMTIxMTYwNDUzWhgPMjAwNDAxMjExNjA0NTNaMG8xCzAJBgNVBAYT
|
||||
AkRFMT0wOwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21t
|
||||
dW5pa2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjRSLUNB
|
||||
IDE6UE4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGAjzHbq2asUlqeWbXTQHso
|
||||
aVF6YIPVH3c/B2cbuy9HJ/lnE6x0asOzM2DGDqi47xkdAxPc0LZ0fxO87rkmz7xs
|
||||
jJObnVrMXpyUSDSp5Y0wqKJdsFdr6mGFOQZteIti8AJnr8xMkwnWVyuOlEXsFe1h
|
||||
5gxwQXrOcPinE6qu1t/3PmECBMAAAAGjEjAQMA4GA1UdDwEB/wQEAwIBBjAKBgYr
|
||||
JAMDAQIFAAOBgQA+RdocBmA2VV9E5aKPBcp01tdZAvvW9Tve3docArVKR/4/yvSX
|
||||
Z+wvzzk+uu4qBp49HN3nqPYMrzbTmjBFu4ce5fkZ7dHF0W1sSBL0rox5z36Aq2re
|
||||
JjfEOEmSnNe0+opuh4FSVOssXblXTE8lEQU0FhhItgDx2ADnWZibaxLG4w==
|
||||
-----END CERTIFICATE-----
|
19
crypto/openssl/certs/RegTP-5R.pem
Normal file
19
crypto/openssl/certs/RegTP-5R.pem
Normal file
@ -0,0 +1,19 @@
|
||||
issuer= CN=5R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
|
||||
notBefore=Mar 22 08:55:51 2000 GMT
|
||||
notAfter=Mar 22 08:55:51 2005 GMT
|
||||
subject= CN=5R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICaDCCAdSgAwIBAgIDDIOqMAoGBiskAwMBAgUAMG8xCzAJBgNVBAYTAkRFMT0w
|
||||
OwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0
|
||||
aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjVSLUNBIDE6UE4w
|
||||
IhgPMjAwMDAzMjIwODU1NTFaGA8yMDA1MDMyMjA4NTU1MVowbzELMAkGA1UEBhMC
|
||||
REUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11
|
||||
bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNVItQ0Eg
|
||||
MTpQTjCBoTANBgkqhkiG9w0BAQEFAAOBjwAwgYsCgYEAih5BUycfBpqKhU8RDsaS
|
||||
vV5AtzWeXQRColL9CH3t0DKnhjKAlJ8iccFtJNv+d3bh8bb9sh0maRSo647xP7hs
|
||||
HTjKgTE4zM5BYNfXvST79OtcMgAzrnDiGjQIIWv8xbfV1MqxxdtZJygrwzRMb9jG
|
||||
CAGoJEymoyzAMNG7tSdBWnUCBQDAAAABoxIwEDAOBgNVHQ8BAf8EBAMCAQYwCgYG
|
||||
KyQDAwECBQADgYEAOaK8ihVSBUcL2IdVBxZYYUKwMz5m7H3zqhN8W9w+iafWudH6
|
||||
b+aahkbENEwzg3C3v5g8nze7v7ssacQze657LHjP+e7ksUDIgcS4R1pU2eN16bjS
|
||||
P/qGPF3rhrIEHoK5nJULkjkZYTtNiOvmQ/+G70TXDi3Os/TwLlWRvu+7YLM=
|
||||
-----END CERTIFICATE-----
|
19
crypto/openssl/certs/RegTP-6R.pem
Normal file
19
crypto/openssl/certs/RegTP-6R.pem
Normal file
@ -0,0 +1,19 @@
|
||||
issuer= CN=6R-Ca 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
|
||||
notBefore=Feb 1 09:52:17 2001 GMT
|
||||
notAfter=Jun 1 09:52:17 2005 GMT
|
||||
subject= CN=6R-Ca 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICaDCCAdSgAwIBAgIDMtGNMAoGBiskAwMBAgUAMG8xCzAJBgNVBAYTAkRFMT0w
|
||||
OwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0
|
||||
aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjZSLUNhIDE6UE4w
|
||||
IhgPMjAwMTAyMDEwOTUyMTdaGA8yMDA1MDYwMTA5NTIxN1owbzELMAkGA1UEBhMC
|
||||
REUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11
|
||||
bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNlItQ2Eg
|
||||
MTpQTjCBoTANBgkqhkiG9w0BAQEFAAOBjwAwgYsCgYEAg6KrFSTNXKqe+2GKGeW2
|
||||
wTmbVeflNkp5H/YxA9K1zmEn5XjKm0S0jH4Wfms6ipPlURVaFwTfnB1s++AnJAWf
|
||||
mayaE9BP/pdIY6WtZGgW6aZc32VDMCMKPWyBNyagsJVDmzlakIA5cXBVa7Xqqd3P
|
||||
ew8i2feMnQXcqHfDv02CW88CBQDAAAABoxIwEDAOBgNVHQ8BAf8EBAMCAQYwCgYG
|
||||
KyQDAwECBQADgYEAOkqkUwdaTCt8wcJLA2zLuOwL5ADHMWLhv6gr5zEF+VckA6qe
|
||||
IVLVf8e7fYlRmzQd+5OJcGglCQJLGT+ZplI3Mjnrd4plkoTNKV4iOzBcvJD7K4tn
|
||||
XPvs9wCFcC7QU7PLvc1FDsAlr7e4wyefZRDL+wbqNfI7QZTSF1ubLd9AzeQ=
|
||||
-----END CERTIFICATE-----
|
@ -20,6 +20,31 @@
|
||||
# Be as similar to the output of config.guess/config.sub
|
||||
# as possible.
|
||||
|
||||
PREFIX=""
|
||||
SUFFIX=""
|
||||
TEST="false"
|
||||
|
||||
# pick up any command line args to config
|
||||
for i
|
||||
do
|
||||
case "$i" in
|
||||
-d*) PREFIX="debug-";;
|
||||
-t*) TEST="true";;
|
||||
-h*) TEST="true"; cat <<EOF
|
||||
Usage: config [options]
|
||||
-d Add a debug- prefix to machine choice.
|
||||
-t Test mode, do not run the Configure perl script.
|
||||
-h This help.
|
||||
|
||||
Any other text will be passed to the Configure perl script.
|
||||
See INSTALL for instructions.
|
||||
|
||||
EOF
|
||||
;;
|
||||
*) options=$options" $i" ;;
|
||||
esac
|
||||
done
|
||||
|
||||
# First get uname entries that we use below
|
||||
|
||||
MACHINE=`(uname -m) 2>/dev/null` || MACHINE="unknown"
|
||||
@ -68,7 +93,7 @@ if [ "x$XREL" != "x" ]; then
|
||||
4.2)
|
||||
echo "whatever-whatever-unixware1"; exit 0
|
||||
;;
|
||||
OpenUNIX)
|
||||
OpenUNIX)
|
||||
if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x8" ]; then
|
||||
echo "${MACHINE}-unknown-OpenUNIX${VERSION}"; exit 0
|
||||
fi
|
||||
@ -115,10 +140,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
|
||||
HP-UX:*)
|
||||
HPUXVER=`echo ${RELEASE}|sed -e 's/[^.]*.[0B]*//'`
|
||||
case "$HPUXVER" in
|
||||
11.*)
|
||||
echo "${MACHINE}-hp-hpux11"; exit 0
|
||||
;;
|
||||
10.*)
|
||||
1[0-9].*) # HPUX 10 and 11 targets are unified
|
||||
echo "${MACHINE}-hp-hpux10"; exit 0
|
||||
;;
|
||||
*)
|
||||
@ -147,6 +169,10 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
|
||||
echo "${MACHINE}-whatever-linux1"; exit 0
|
||||
;;
|
||||
|
||||
GNU*)
|
||||
echo "hurd-x86"; exit 0;
|
||||
;;
|
||||
|
||||
LynxOS:*)
|
||||
echo "${MACHINE}-lynx-lynxos"; exit 0
|
||||
;;
|
||||
@ -243,7 +269,15 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
|
||||
;;
|
||||
|
||||
Darwin:*)
|
||||
echo "ppc-apple-darwin"; exit 0
|
||||
case "$MACHINE" in
|
||||
Power*)
|
||||
echo "ppc-apple-darwin${VERSION}"
|
||||
;;
|
||||
*)
|
||||
echo "i386-apple-darwin${VERSION}"
|
||||
;;
|
||||
esac
|
||||
exit 0
|
||||
;;
|
||||
|
||||
SunOS:5.*)
|
||||
@ -317,6 +351,10 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
|
||||
*CRAY*)
|
||||
echo "j90-cray-unicos"; exit 0;
|
||||
;;
|
||||
|
||||
NONSTOP_KERNEL*)
|
||||
echo "nsr-tandem-nsk"; exit 0;
|
||||
;;
|
||||
esac
|
||||
|
||||
#
|
||||
@ -354,31 +392,6 @@ exit 0
|
||||
# this is where the translation occurs into SSLeay terms
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
PREFIX=""
|
||||
SUFFIX=""
|
||||
TEST="false"
|
||||
|
||||
# pick up any command line args to config
|
||||
for i
|
||||
do
|
||||
case "$i" in
|
||||
-d*) PREFIX="debug-";;
|
||||
-t*) TEST="true";;
|
||||
-h*) TEST="true"; cat <<EOF
|
||||
Usage: config [options]
|
||||
-d Add a debug- prefix to machine choice.
|
||||
-t Test mode, do not run the Configure perl script.
|
||||
-h This help.
|
||||
|
||||
Any other text will be passed to the Configure perl script.
|
||||
See INSTALL for instructions.
|
||||
|
||||
EOF
|
||||
;;
|
||||
*) options=$options" $i" ;;
|
||||
esac
|
||||
done
|
||||
|
||||
# figure out if gcc is available and if so we use it otherwise
|
||||
# we fallback to whatever cc does on the system
|
||||
GCCVER=`(gcc -dumpversion) 2>/dev/null`
|
||||
@ -409,6 +422,15 @@ if [ "$SYSTEM" = "HP-UX" ];then
|
||||
fi
|
||||
fi
|
||||
if [ "$SYSTEM" = "SunOS" ]; then
|
||||
if [ $GCCVER -ge 30 ]; then
|
||||
# 64-bit ABI isn't officially supported in gcc 3.0, but it appears
|
||||
# to be working, at the very least 'make test' passes...
|
||||
if gcc -v -E -x c /dev/null 2>&1 | grep __arch64__ > /dev/null; then
|
||||
GCC_ARCH="-m64"
|
||||
else
|
||||
GCC_ARCH="-m32"
|
||||
fi
|
||||
fi
|
||||
# check for WorkShop C, expected output is "cc: blah-blah C x.x"
|
||||
CCVER=`(cc -V 2>&1) 2>/dev/null | \
|
||||
egrep -e '^cc: .* C [0-9]\.[0-9]' | \
|
||||
@ -439,7 +461,6 @@ if [ "${SYSTEM}-${MACHINE}" = "Linux-alpha" ]; then
|
||||
fi
|
||||
fi
|
||||
|
||||
GCCVER=${GCCVER:-0}
|
||||
CCVER=${CCVER:-0}
|
||||
|
||||
# read the output of the embedded GuessOS
|
||||
@ -472,8 +493,10 @@ case "$GUESSOS" in
|
||||
mips4-sgi-irix64)
|
||||
echo "WARNING! If you wish to build 64-bit library, then you have to"
|
||||
echo " invoke './Configure irix64-mips4-$CC' *manually*."
|
||||
echo " Type return if you want to continue, Ctrl-C to abort."
|
||||
read waste < /dev/tty
|
||||
if [ "$TEST" = "false" ]; then
|
||||
echo " You have about 5 seconds to press Ctrl-C to abort."
|
||||
(stty -icanon min 0 time 50; read waste) < /dev/tty
|
||||
fi
|
||||
CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
|
||||
CPU=${CPU:-0}
|
||||
if [ $CPU -ge 5000 ]; then
|
||||
@ -521,14 +544,16 @@ EOF
|
||||
m68k-*-linux*) OUT="linux-m68k" ;;
|
||||
ia64-*-linux?) OUT="linux-ia64" ;;
|
||||
ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;;
|
||||
ppc-apple-darwin) OUT="darwin-ppc-cc" ;;
|
||||
ppc-apple-darwin*) OUT="darwin-ppc-cc" ;;
|
||||
i386-apple-darwin*) OUT="darwin-i386-cc" ;;
|
||||
sparc64-*-linux2)
|
||||
#Before we can uncomment following lines we have to wait at least
|
||||
#till 64-bit glibc for SPARC is operational:-(
|
||||
#echo "WARNING! If you wish to build 64-bit library, then you have to"
|
||||
#echo " invoke './Configure linux64-sparcv9' *manually*."
|
||||
#echo " Type return if you want to continue, Ctrl-C to abort."
|
||||
#read waste < /dev/tty
|
||||
echo "WARNING! If *know* that your GNU C supports 64-bit/V9 ABI"
|
||||
echo " and wish to build 64-bit library, then you have to"
|
||||
echo " invoke './Configure linux64-sparcv9' *manually*."
|
||||
if [ "$TEST" = "false" ]; then
|
||||
echo " You have about 5 seconds to press Ctrl-C to abort."
|
||||
(stty -icanon min 0 time 50; read waste) < /dev/tty
|
||||
fi
|
||||
OUT="linux-sparcv9" ;;
|
||||
sparc-*-linux2)
|
||||
KARCH=`awk '/^type/{print$3}' /proc/cpuinfo`
|
||||
@ -561,17 +586,54 @@ EOF
|
||||
arm*-*-linux2) OUT="linux-elf-arm" ;;
|
||||
s390-*-linux2) OUT="linux-s390" ;;
|
||||
s390x-*-linux?) OUT="linux-s390x" ;;
|
||||
*-*-linux2) OUT="linux-elf" ;;
|
||||
x86_64-*-linux?) OUT="linux-x86_64" ;;
|
||||
*-*-linux2) OUT="linux-elf"
|
||||
if [ "$GCCVER" -gt 28 ]; then
|
||||
if grep '^model.*Pentium' /proc/cpuinfo >/dev/null ; then
|
||||
OUT="linux-pentium"
|
||||
fi
|
||||
if grep '^model.*Pentium Pro' /proc/cpuinfo >/dev/null ; then
|
||||
OUT="linux-ppro"
|
||||
fi
|
||||
if grep '^model.*K6' /proc/cpuinfo >/dev/null ; then
|
||||
OUT="linux-k6"
|
||||
fi
|
||||
fi ;;
|
||||
*-*-linux1) OUT="linux-aout" ;;
|
||||
sun4u*-*-solaris2)
|
||||
OUT="solaris-sparcv9-$CC"
|
||||
ISA64=`(isalist) 2>/dev/null | grep sparcv9`
|
||||
if [ "$ISA64" != "" -a "$CC" = "cc" -a $CCVER -ge 50 ]; then
|
||||
if [ "$ISA64" != "" ]; then
|
||||
if [ "$CC" = "cc" -a $CCVER -ge 50 ]; then
|
||||
echo "WARNING! If you wish to build 64-bit library, then you have to"
|
||||
echo " invoke './Configure solaris64-sparcv9-cc' *manually*."
|
||||
echo " Type return if you want to continue, Ctrl-C to abort."
|
||||
read waste < /dev/tty
|
||||
if [ "$TEST" = "false" ]; then
|
||||
echo " You have about 5 seconds to press Ctrl-C to abort."
|
||||
(stty -icanon min 0 time 50; read waste) < /dev/tty
|
||||
fi
|
||||
elif [ "$CC" = "gcc" -a "$GCC_ARCH" = "-m64" ]; then
|
||||
# $GCC_ARCH denotes default ABI chosen by compiler driver
|
||||
# (first one found on the $PATH). I assume that user
|
||||
# expects certain consistency with the rest of his builds
|
||||
# and therefore switch over to 64-bit. <appro>
|
||||
OUT="solaris64-sparcv9-gcc"
|
||||
echo "WARNING! If you wish to build 32-bit library, then you have to"
|
||||
echo " invoke './Configure solaris-sparcv9-gcc' *manually*."
|
||||
if [ "$TEST" = "false" ]; then
|
||||
echo " You have about 5 seconds to press Ctrl-C to abort."
|
||||
(stty -icanon min 0 time 50; read waste) < /dev/tty
|
||||
fi
|
||||
elif [ "$GCC_ARCH" = "-m32" ]; then
|
||||
echo "NOTICE! If you *know* that your GNU C supports 64-bit/V9 ABI"
|
||||
echo " and wish to build 64-bit library, then you have to"
|
||||
echo " invoke './Configure solaris64-sparcv9-gcc' *manually*."
|
||||
if [ "$TEST" = "false" ]; then
|
||||
echo " You have about 5 seconds to press Ctrl-C to abort."
|
||||
(stty -icanon min 0 time 50; read waste) < /dev/tty
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
OUT="solaris-sparcv9-$CC" ;;
|
||||
;;
|
||||
sun4m-*-solaris2) OUT="solaris-sparcv8-$CC" ;;
|
||||
sun4d-*-solaris2) OUT="solaris-sparcv8-$CC" ;;
|
||||
sun4*-*-solaris2) OUT="solaris-sparcv7-$CC" ;;
|
||||
@ -583,9 +645,17 @@ EOF
|
||||
*86*-*-netbsd) OUT="NetBSD-x86" ;;
|
||||
sun3*-*-netbsd) OUT="NetBSD-m68" ;;
|
||||
*-*-netbsd) OUT="NetBSD-sparc" ;;
|
||||
*86*-*-openbsd) OUT="OpenBSD-x86" ;;
|
||||
alpha*-*-openbsd) OUT="OpenBSD-alpha" ;;
|
||||
*86*-*-openbsd) OUT="OpenBSD-i386" ;;
|
||||
m68k*-*-openbsd) OUT="OpenBSD-m68k" ;;
|
||||
m88k*-*-openbsd) OUT="OpenBSD-m88k" ;;
|
||||
mips*-*-openbsd) OUT="OpenBSD-mips" ;;
|
||||
pmax*-*-openbsd) OUT="OpenBSD-mips" ;;
|
||||
powerpc*-*-openbsd) OUT="OpenBSD-powerpc" ;;
|
||||
sparc64*-*-openbsd) OUT="OpenBSD-sparc64" ;;
|
||||
sparc*-*-openbsd) OUT="OpenBSD-sparc" ;;
|
||||
vax*-*-openbsd) OUT="OpenBSD-vax" ;;
|
||||
hppa*-*-openbsd) OUT="OpenBSD-hppa" ;;
|
||||
*-*-openbsd) OUT="OpenBSD" ;;
|
||||
*86*-*-bsdi4) OUT="bsdi-elf-gcc" ;;
|
||||
*-*-osf) OUT="alphaold-cc" ;;
|
||||
@ -620,6 +690,37 @@ EOF
|
||||
else
|
||||
OUT="hpux-parisc-$CC"
|
||||
fi
|
||||
KERNEL_BITS=`(getconf KERNEL_BITS) 2>/dev/null`
|
||||
KERNEL_BITS=${KERNEL_BITS:-32}
|
||||
CPU_VERSION=`(getconf CPU_VERSION) 2>/dev/null`
|
||||
CPU_VERSION=${CPU_VERSION:-0}
|
||||
# See <sys/unistd.h> for further info on CPU_VERSION.
|
||||
if [ $CPU_VERSION -ge 768 ]; then # IA-64 CPU
|
||||
echo "NOTICE! 64-bit is the only ABI currently operational on HP-UXi."
|
||||
echo " Post request to openssl-dev@openssl.org for 32-bit support."
|
||||
if [ "$TEST" = "false" ]; then
|
||||
(stty -icanon min 0 time 50; read waste) < /dev/tty
|
||||
fi
|
||||
OUT="hpux64-ia64-cc"
|
||||
elif [ $CPU_VERSION -ge 532 ]; then # PA-RISC 2.x CPU
|
||||
if [ "$CC" = "cc" ]; then
|
||||
OUT="hpux-parisc2-cc" # can't we have hpux-parisc2-gcc?
|
||||
fi
|
||||
if [ $KERNEL_BITS -eq 64 -a "$CC" = "cc" ]; then
|
||||
echo "WARNING! If you wish to build 64-bit library then you have to"
|
||||
echo " invoke './Configure hpux64-parisc2-cc' *manually*."
|
||||
if [ "$TEST" = "false" ]; then
|
||||
echo " You have about 5 seconds to press Ctrl-C to abort."
|
||||
(stty -icanon min 0 time 50; read waste) < /dev/tty
|
||||
fi
|
||||
fi
|
||||
elif [ $CPU_VERSION -ge 528 ]; then # PA-RISC 1.1+ CPU
|
||||
:
|
||||
elif [ $CPU_VERSION -ge 523 ]; then # PA-RISC 1.0 CPU
|
||||
:
|
||||
else # Motorola(?) CPU
|
||||
OUT="hpux-$CC"
|
||||
fi
|
||||
options="$options -D_REENTRANT" ;;
|
||||
*-hpux) OUT="hpux-parisc-$CC" ;;
|
||||
# these are all covered by the catchall below
|
||||
@ -630,14 +731,21 @@ EOF
|
||||
*-*-cygwin) OUT="Cygwin" ;;
|
||||
t3e-cray-unicosmk) OUT="cray-t3e" ;;
|
||||
j90-cray-unicos) OUT="cray-j90" ;;
|
||||
nsr-tandem-nsk) OUT="tandem-c89" ;;
|
||||
*) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
|
||||
esac
|
||||
|
||||
# NB: This atalla support has been superceded by the ENGINE support
|
||||
# That contains its own header and definitions anyway. Support can
|
||||
# be enabled or disabled on any supported platform without external
|
||||
# headers, eg. by adding the "hw-atalla" switch to ./config or
|
||||
# perl Configure
|
||||
#
|
||||
# See whether we can compile Atalla support
|
||||
if [ -f /usr/include/atasi.h ]
|
||||
then
|
||||
options="$options -DATALLA"
|
||||
fi
|
||||
#if [ -f /usr/include/atasi.h ]
|
||||
#then
|
||||
# options="$options -DATALLA"
|
||||
#fi
|
||||
|
||||
# gcc < 2.8 does not support -mcpu=ultrasparc
|
||||
if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
|
||||
@ -658,7 +766,7 @@ case "$GUESSOS" in
|
||||
i386-*) options="$options 386" ;;
|
||||
esac
|
||||
|
||||
for i in bf cast des dh dsa hmac idea md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa sha
|
||||
for i in bf cast des dh dsa ec hmac idea md2 md5 mdc2 rc2 rc4 rc5 aes ripemd rsa sha
|
||||
do
|
||||
if [ ! -d crypto/$i ]
|
||||
then
|
||||
@ -666,6 +774,27 @@ do
|
||||
fi
|
||||
done
|
||||
|
||||
# Discover Kerberos 5 (since it's still a prototype, we don't
|
||||
# do any guesses yet, that's why this section is commented away.
|
||||
#if [ -d /usr/kerberos ]; then
|
||||
# krb5_dir=/usr/kerberos
|
||||
# if [ \( -f $krb5_dir/lib/libgssapi_krb5.a -o -f $krb5_dir/lib/libgssapi_krb5.so* \)\
|
||||
# -a \( -f $krb5_dir/lib/libkrb5.a -o -f $krb5_dir/lib/libkrb5.so* \)\
|
||||
# -a \( -f $krb5_dir/lib/libcom_err.a -o -f $krb5_dir/lib/libcom_err.so* \)\
|
||||
# -a \( -f $krb5_dir/lib/libk5crypto.a -o -f $krb5_dir/lib/libk5crypto.so* \)\
|
||||
# -a \( -f $krb5_dir/include/krb5.h \) ]; then
|
||||
# options="$options --with-krb5-flavor=MIT"
|
||||
# fi
|
||||
#elif [ -d /usr/heimdal ]; then
|
||||
# krb5_dir=/usr/heimdal
|
||||
# if [ \( -f $krb5_dir/lib/libgssapi.a -o -f $krb5_dir/lib/libgssapi.so* \)\
|
||||
# -a \( -f $krb5_dir/lib/libkrb5.a -o -f $krb5_dir/lib/libkrb5.so* \)\
|
||||
# -a \( -f $krb5_dir/lib/libcom_err.a -o -f $krb5_dir/lib/libcom_err.so* \)\
|
||||
# -a \( -f $krb5_dir/include/krb5.h \) ]; then
|
||||
# options="$options --with-krb5-flavor=Heimdal"
|
||||
# fi
|
||||
#fi
|
||||
|
||||
if [ -z "$OUT" ]; then
|
||||
OUT="$CC"
|
||||
fi
|
||||
|
@ -5,14 +5,15 @@
|
||||
DIR= crypto
|
||||
TOP= ..
|
||||
CC= cc
|
||||
INCLUDE= -I. -I../include
|
||||
INCLUDE= -I. -I$(TOP) -I../include
|
||||
INCLUDES= -I.. -I../.. -I../../include
|
||||
CFLAG= -g
|
||||
INSTALL_PREFIX=
|
||||
OPENSSLDIR= /usr/local/ssl
|
||||
INSTALLTOP= /usr/local/ssl
|
||||
MAKE= make -f Makefile.ssl
|
||||
MAKEDEPEND= $(TOP)/util/domd $(TOP)
|
||||
MAKEDEPPROG= makedepend
|
||||
MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
|
||||
MAKEFILE= Makefile.ssl
|
||||
RM= rm -f
|
||||
AR= ar r
|
||||
@ -27,27 +28,29 @@ LIBS=
|
||||
|
||||
SDIRS= md2 md5 sha mdc2 hmac ripemd \
|
||||
des rc2 rc4 rc5 idea bf cast \
|
||||
bn rsa dsa dh dso \
|
||||
bn ec rsa dsa dh dso engine aes \
|
||||
buffer bio stack lhash rand err objects \
|
||||
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
|
||||
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5
|
||||
|
||||
GENERAL=Makefile README crypto-lib.com install.com
|
||||
|
||||
LIB= $(TOP)/libcrypto.a
|
||||
LIBSRC= cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c
|
||||
LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o
|
||||
SHARED_LIB= libcrypto$(SHLIB_EXT)
|
||||
LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c
|
||||
LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o
|
||||
|
||||
SRC= $(LIBSRC)
|
||||
|
||||
EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h
|
||||
HEADER= cryptlib.h buildinf.h md32_common.h $(EXHEADER)
|
||||
EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h \
|
||||
ossl_typ.h
|
||||
HEADER= cryptlib.h buildinf.h md32_common.h o_time.h $(EXHEADER)
|
||||
|
||||
ALL= $(GENERAL) $(SRC) $(HEADER)
|
||||
|
||||
top:
|
||||
@(cd ..; $(MAKE) DIRS=$(DIR) all)
|
||||
|
||||
all: buildinf.h lib subdirs
|
||||
all: buildinf.h lib subdirs shared
|
||||
|
||||
buildinf.h: ../Makefile.ssl
|
||||
( echo "#ifndef MK1MF_BUILD"; \
|
||||
@ -73,7 +76,7 @@ files:
|
||||
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
|
||||
@for i in $(SDIRS) ;\
|
||||
do \
|
||||
(cd $$i; echo "making 'files' in crypto/$$i..."; \
|
||||
(cd $$i && echo "making 'files' in crypto/$$i..." && \
|
||||
$(MAKE) PERL='${PERL}' files ); \
|
||||
done;
|
||||
|
||||
@ -84,27 +87,31 @@ links:
|
||||
@$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
|
||||
@$(TOP)/util/point.sh Makefile.ssl Makefile
|
||||
@for i in $(SDIRS); do \
|
||||
(cd $$i; echo "making links in crypto/$$i..."; \
|
||||
(cd $$i && echo "making links in crypto/$$i..." && \
|
||||
$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PERL='${PERL}' links ); \
|
||||
done;
|
||||
|
||||
lib: $(LIBOBJ)
|
||||
$(AR) $(LIB) $(LIBOBJ)
|
||||
@echo You may get an error following this line. Please ignore.
|
||||
- $(RANLIB) $(LIB)
|
||||
$(RANLIB) $(LIB) || echo Never mind.
|
||||
@touch lib
|
||||
|
||||
shared:
|
||||
if [ -n "$(SHARED_LIBS)" ]; then \
|
||||
(cd ..; $(MAKE) $(SHARED_LIB)); \
|
||||
fi
|
||||
|
||||
libs:
|
||||
@for i in $(SDIRS) ;\
|
||||
do \
|
||||
(cd $$i; echo "making libs in crypto/$$i..."; \
|
||||
(cd $$i && echo "making libs in crypto/$$i..." && \
|
||||
$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' lib ); \
|
||||
done;
|
||||
|
||||
tests:
|
||||
@for i in $(SDIRS) ;\
|
||||
do \
|
||||
(cd $$i; echo "making tests in crypto/$$i..."; \
|
||||
(cd $$i && echo "making tests in crypto/$$i..." && \
|
||||
$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' tests ); \
|
||||
done;
|
||||
|
||||
@ -116,32 +123,32 @@ install:
|
||||
done;
|
||||
@for i in $(SDIRS) ;\
|
||||
do \
|
||||
(cd $$i; echo "making install in crypto/$$i..."; \
|
||||
(cd $$i && echo "making install in crypto/$$i..." && \
|
||||
$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' install ); \
|
||||
done;
|
||||
|
||||
lint:
|
||||
@for i in $(SDIRS) ;\
|
||||
do \
|
||||
(cd $$i; echo "making lint in crypto/$$i..."; \
|
||||
(cd $$i && echo "making lint in crypto/$$i..." && \
|
||||
$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' lint ); \
|
||||
done;
|
||||
|
||||
depend:
|
||||
if [ ! -f buildinf.h ]; then touch buildinf.h; fi # fake buildinf.h if it does not exist
|
||||
$(MAKEDEPEND) $(INCLUDE) $(DEPFLAG) $(PROGS) $(LIBSRC)
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
if [ ! -s buildinf.h ]; then rm buildinf.h; fi
|
||||
@for i in $(SDIRS) ;\
|
||||
do \
|
||||
(cd $$i; echo "making depend in crypto/$$i..."; \
|
||||
$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' DEPFLAG='${DEPFLAG}' PERL='${PERL}' depend ); \
|
||||
(cd $$i && echo "making depend in crypto/$$i..." && \
|
||||
$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' PERL='${PERL}' depend ); \
|
||||
done;
|
||||
|
||||
clean:
|
||||
rm -f buildinf.h *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
|
||||
@for i in $(SDIRS) ;\
|
||||
do \
|
||||
(cd $$i; echo "making clean in crypto/$$i..."; \
|
||||
(cd $$i && echo "making clean in crypto/$$i..." && \
|
||||
$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' clean ); \
|
||||
done;
|
||||
|
||||
@ -150,54 +157,62 @@ dclean:
|
||||
mv -f Makefile.new $(MAKEFILE)
|
||||
@for i in $(SDIRS) ;\
|
||||
do \
|
||||
(cd $$i; echo "making dclean in crypto/$$i..."; \
|
||||
(cd $$i && echo "making dclean in crypto/$$i..." && \
|
||||
$(MAKE) PERL='${PERL}' CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' dclean ); \
|
||||
done;
|
||||
|
||||
# DO NOT DELETE THIS LINE -- make depend depends on it.
|
||||
|
||||
cpt_err.o: ../include/openssl/bio.h ../include/openssl/crypto.h
|
||||
cpt_err.o: ../include/openssl/err.h ../include/openssl/lhash.h
|
||||
cpt_err.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
||||
cpt_err.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
|
||||
cpt_err.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
|
||||
cpt_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
|
||||
cryptlib.o: ../include/openssl/bio.h ../include/openssl/buffer.h
|
||||
cryptlib.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
|
||||
cryptlib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
||||
cryptlib.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
|
||||
cryptlib.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
|
||||
cryptlib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
|
||||
cversion.o: ../include/openssl/bio.h ../include/openssl/buffer.h
|
||||
cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
|
||||
cversion.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
||||
cversion.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
|
||||
cversion.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
|
||||
cversion.o: ../include/openssl/stack.h ../include/openssl/symhacks.h buildinf.h
|
||||
cversion.o: cryptlib.h
|
||||
ex_data.o: ../include/openssl/bio.h ../include/openssl/buffer.h
|
||||
ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
|
||||
ex_data.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
||||
ex_data.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
|
||||
ex_data.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
|
||||
ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
|
||||
mem.o: ../include/openssl/bio.h ../include/openssl/buffer.h
|
||||
mem.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
|
||||
mem.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
||||
mem.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
|
||||
mem.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
|
||||
mem.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
|
||||
mem_dbg.o: ../include/openssl/bio.h ../include/openssl/buffer.h
|
||||
mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
|
||||
mem_dbg.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
||||
mem_dbg.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
|
||||
mem_dbg.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
|
||||
mem_dbg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
|
||||
tmdiff.o: ../include/openssl/bio.h ../include/openssl/buffer.h
|
||||
tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
|
||||
tmdiff.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
||||
tmdiff.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
|
||||
tmdiff.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
|
||||
tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
|
||||
tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h
|
||||
uid.o: ../include/openssl/crypto.h ../include/openssl/opensslv.h
|
||||
cpt_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cpt_err.c
|
||||
cryptlib.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
|
||||
cryptlib.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
|
||||
cryptlib.o: ../include/openssl/err.h ../include/openssl/lhash.h
|
||||
cryptlib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
|
||||
cryptlib.o: ../include/openssl/safestack.h ../include/openssl/stack.h
|
||||
cryptlib.o: ../include/openssl/symhacks.h cryptlib.c cryptlib.h
|
||||
cversion.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
|
||||
cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
|
||||
cversion.o: ../include/openssl/err.h ../include/openssl/lhash.h
|
||||
cversion.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
|
||||
cversion.o: ../include/openssl/safestack.h ../include/openssl/stack.h
|
||||
cversion.o: ../include/openssl/symhacks.h buildinf.h cryptlib.h cversion.c
|
||||
ebcdic.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h ebcdic.c
|
||||
ex_data.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
|
||||
ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
|
||||
ex_data.o: ../include/openssl/err.h ../include/openssl/lhash.h
|
||||
ex_data.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
|
||||
ex_data.o: ../include/openssl/safestack.h ../include/openssl/stack.h
|
||||
ex_data.o: ../include/openssl/symhacks.h cryptlib.h ex_data.c
|
||||
mem.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
|
||||
mem.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
|
||||
mem.o: ../include/openssl/err.h ../include/openssl/lhash.h
|
||||
mem.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
|
||||
mem.o: ../include/openssl/safestack.h ../include/openssl/stack.h
|
||||
mem.o: ../include/openssl/symhacks.h cryptlib.h mem.c
|
||||
mem_clr.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
|
||||
mem_clr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
|
||||
mem_clr.o: ../include/openssl/safestack.h ../include/openssl/stack.h
|
||||
mem_clr.o: ../include/openssl/symhacks.h mem_clr.c
|
||||
mem_dbg.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
|
||||
mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
|
||||
mem_dbg.o: ../include/openssl/err.h ../include/openssl/lhash.h
|
||||
mem_dbg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
|
||||
mem_dbg.o: ../include/openssl/safestack.h ../include/openssl/stack.h
|
||||
mem_dbg.o: ../include/openssl/symhacks.h cryptlib.h mem_dbg.c
|
||||
o_time.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_time.c
|
||||
o_time.o: o_time.h
|
||||
tmdiff.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
|
||||
tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
|
||||
tmdiff.o: ../include/openssl/err.h ../include/openssl/lhash.h
|
||||
tmdiff.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
|
||||
tmdiff.o: ../include/openssl/safestack.h ../include/openssl/stack.h
|
||||
tmdiff.o: ../include/openssl/symhacks.h ../include/openssl/tmdiff.h cryptlib.h
|
||||
tmdiff.o: tmdiff.c
|
||||
uid.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
|
||||
uid.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
|
||||
uid.o: ../include/openssl/safestack.h ../include/openssl/stack.h
|
||||
uid.o: ../include/openssl/symhacks.h
|
||||
uid.o: ../include/openssl/symhacks.h uid.c
|
||||
|
103
crypto/openssl/crypto/aes/Makefile.ssl
Normal file
103
crypto/openssl/crypto/aes/Makefile.ssl
Normal file
@ -0,0 +1,103 @@
|
||||
#
|
||||
# crypto/aes/Makefile
|
||||
#
|
||||
|
||||
DIR= aes
|
||||
TOP= ../..
|
||||
CC= cc
|
||||
CPP= $(CC) -E
|
||||
INCLUDES=
|
||||
CFLAG=-g
|
||||
INSTALL_PREFIX=
|
||||
OPENSSLDIR= /usr/local/ssl
|
||||
INSTALLTOP= /usr/local/ssl
|
||||
MAKE= make -f Makefile.ssl
|
||||
MAKEDEPPROG= makedepend
|
||||
MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
|
||||
MAKEFILE= Makefile.ssl
|
||||
AR= ar r
|
||||
|
||||
# CFLAGS= -mpentiumpro $(INCLUDES) $(CFLAG) -O3 -fexpensive-optimizations -funroll-loops -fforce-addr
|
||||
CFLAGS= $(INCLUDES) $(CFLAG)
|
||||
|
||||
GENERAL=Makefile
|
||||
#TEST=aestest.c
|
||||
TEST=
|
||||
APPS=
|
||||
|
||||
LIB=$(TOP)/libcrypto.a
|
||||
LIBSRC=aes_core.c aes_misc.c aes_ecb.c aes_cbc.c aes_cfb.c aes_ofb.c aes_ctr.c
|
||||
LIBOBJ=aes_core.o aes_misc.o aes_ecb.o aes_cbc.o aes_cfb.o aes_ofb.o aes_ctr.o
|
||||
|
||||
SRC= $(LIBSRC)
|
||||
|
||||
EXHEADER= aes.h
|
||||
HEADER= aes_locl.h $(EXHEADER)
|
||||
|
||||
ALL= $(GENERAL) $(SRC) $(HEADER)
|
||||
|
||||
top:
|
||||
(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
|
||||
|
||||
all: lib
|
||||
|
||||
lib: $(LIBOBJ)
|
||||
$(AR) $(LIB) $(LIBOBJ)
|
||||
$(RANLIB) $(LIB) || echo Never mind.
|
||||
@touch lib
|
||||
|
||||
$(LIBOBJ): $(LIBSRC)
|
||||
|
||||
files:
|
||||
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
|
||||
|
||||
links:
|
||||
@$(TOP)/util/point.sh Makefile.ssl Makefile
|
||||
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
|
||||
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
|
||||
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
|
||||
|
||||
install: installs
|
||||
|
||||
installs:
|
||||
@for i in $(EXHEADER) ; \
|
||||
do \
|
||||
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
|
||||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
|
||||
done;
|
||||
|
||||
tags:
|
||||
ctags $(SRC)
|
||||
|
||||
tests:
|
||||
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
depend:
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
dclean:
|
||||
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
|
||||
mv -f Makefile.new $(MAKEFILE)
|
||||
|
||||
clean:
|
||||
rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
|
||||
|
||||
# DO NOT DELETE THIS LINE -- make depend depends on it.
|
||||
|
||||
aes_cbc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
|
||||
aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c aes_locl.h
|
||||
aes_cfb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
|
||||
aes_cfb.o: ../../include/openssl/opensslconf.h aes_cfb.c aes_locl.h
|
||||
aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
|
||||
aes_core.o: ../../include/openssl/opensslconf.h aes_core.c aes_locl.h
|
||||
aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
|
||||
aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c aes_locl.h
|
||||
aes_ecb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
|
||||
aes_ecb.o: ../../include/openssl/opensslconf.h aes_ecb.c aes_locl.h
|
||||
aes_misc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
|
||||
aes_misc.o: ../../include/openssl/opensslconf.h
|
||||
aes_misc.o: ../../include/openssl/opensslv.h aes_locl.h aes_misc.c
|
||||
aes_ofb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
|
||||
aes_ofb.o: ../../include/openssl/opensslconf.h aes_locl.h aes_ofb.c
|
3
crypto/openssl/crypto/aes/README
Normal file
3
crypto/openssl/crypto/aes/README
Normal file
@ -0,0 +1,3 @@
|
||||
This is an OpenSSL-compatible version of AES (also called Rijndael).
|
||||
aes_core.c is basically the same as rijndael-alg-fst.c but with an
|
||||
API that looks like the rest of the OpenSSL symmetric cipher suite.
|
112
crypto/openssl/crypto/aes/aes.h
Normal file
112
crypto/openssl/crypto/aes/aes.h
Normal file
@ -0,0 +1,112 @@
|
||||
/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef HEADER_AES_H
|
||||
#define HEADER_AES_H
|
||||
|
||||
#ifdef OPENSSL_NO_AES
|
||||
#error AES is disabled.
|
||||
#endif
|
||||
|
||||
#define AES_ENCRYPT 1
|
||||
#define AES_DECRYPT 0
|
||||
|
||||
/* Because array size can't be a const in C, the following two are macros.
|
||||
Both sizes are in bytes. */
|
||||
#define AES_MAXNR 14
|
||||
#define AES_BLOCK_SIZE 16
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/* This should be a hidden type, but EVP requires that the size be known */
|
||||
struct aes_key_st {
|
||||
unsigned long rd_key[4 *(AES_MAXNR + 1)];
|
||||
int rounds;
|
||||
};
|
||||
typedef struct aes_key_st AES_KEY;
|
||||
|
||||
const char *AES_options(void);
|
||||
|
||||
int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
|
||||
AES_KEY *key);
|
||||
int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
|
||||
AES_KEY *key);
|
||||
|
||||
void AES_encrypt(const unsigned char *in, unsigned char *out,
|
||||
const AES_KEY *key);
|
||||
void AES_decrypt(const unsigned char *in, unsigned char *out,
|
||||
const AES_KEY *key);
|
||||
|
||||
void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
|
||||
const AES_KEY *key, const int enc);
|
||||
void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
|
||||
const unsigned long length, const AES_KEY *key,
|
||||
unsigned char *ivec, const int enc);
|
||||
void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
|
||||
const unsigned long length, const AES_KEY *key,
|
||||
unsigned char *ivec, int *num, const int enc);
|
||||
void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
|
||||
const unsigned long length, const AES_KEY *key,
|
||||
unsigned char *ivec, int *num);
|
||||
void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
|
||||
const unsigned long length, const AES_KEY *key,
|
||||
unsigned char counter[AES_BLOCK_SIZE],
|
||||
unsigned char ecount_buf[AES_BLOCK_SIZE],
|
||||
unsigned int *num);
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* !HEADER_AES_H */
|
111
crypto/openssl/crypto/aes/aes_cbc.c
Normal file
111
crypto/openssl/crypto/aes/aes_cbc.c
Normal file
@ -0,0 +1,111 @@
|
||||
/* crypto/aes/aes_cbc.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef AES_DEBUG
|
||||
# ifndef NDEBUG
|
||||
# define NDEBUG
|
||||
# endif
|
||||
#endif
|
||||
#include <assert.h>
|
||||
|
||||
#include <openssl/aes.h>
|
||||
#include "aes_locl.h"
|
||||
|
||||
void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
|
||||
const unsigned long length, const AES_KEY *key,
|
||||
unsigned char *ivec, const int enc) {
|
||||
|
||||
unsigned long n;
|
||||
unsigned long len = length;
|
||||
unsigned char tmp[AES_BLOCK_SIZE];
|
||||
|
||||
assert(in && out && key && ivec);
|
||||
assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
|
||||
|
||||
if (AES_ENCRYPT == enc) {
|
||||
while (len >= AES_BLOCK_SIZE) {
|
||||
for(n=0; n < sizeof tmp; ++n)
|
||||
tmp[n] = in[n] ^ ivec[n];
|
||||
AES_encrypt(tmp, out, key);
|
||||
memcpy(ivec, out, AES_BLOCK_SIZE);
|
||||
len -= AES_BLOCK_SIZE;
|
||||
in += AES_BLOCK_SIZE;
|
||||
out += AES_BLOCK_SIZE;
|
||||
}
|
||||
if (len) {
|
||||
for(n=0; n < len; ++n)
|
||||
tmp[n] = in[n] ^ ivec[n];
|
||||
for(n=len; n < AES_BLOCK_SIZE; ++n)
|
||||
tmp[n] = ivec[n];
|
||||
AES_encrypt(tmp, tmp, key);
|
||||
memcpy(out, tmp, len);
|
||||
memcpy(ivec, tmp, sizeof tmp);
|
||||
}
|
||||
} else {
|
||||
while (len >= AES_BLOCK_SIZE) {
|
||||
memcpy(tmp, in, sizeof tmp);
|
||||
AES_decrypt(in, out, key);
|
||||
for(n=0; n < AES_BLOCK_SIZE; ++n)
|
||||
out[n] ^= ivec[n];
|
||||
memcpy(ivec, tmp, AES_BLOCK_SIZE);
|
||||
len -= AES_BLOCK_SIZE;
|
||||
in += AES_BLOCK_SIZE;
|
||||
out += AES_BLOCK_SIZE;
|
||||
}
|
||||
if (len) {
|
||||
memcpy(tmp, in, sizeof tmp);
|
||||
AES_decrypt(tmp, tmp, key);
|
||||
for(n=0; n < len; ++n)
|
||||
out[n] ^= ivec[n];
|
||||
memcpy(ivec, tmp, sizeof tmp);
|
||||
}
|
||||
}
|
||||
}
|
157
crypto/openssl/crypto/aes/aes_cfb.c
Normal file
157
crypto/openssl/crypto/aes/aes_cfb.c
Normal file
@ -0,0 +1,157 @@
|
||||
/* crypto/aes/aes_cfb.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
*/
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
#ifndef AES_DEBUG
|
||||
# ifndef NDEBUG
|
||||
# define NDEBUG
|
||||
# endif
|
||||
#endif
|
||||
#include <assert.h>
|
||||
|
||||
#include <openssl/aes.h>
|
||||
#include "aes_locl.h"
|
||||
|
||||
/* The input and output encrypted as though 128bit cfb mode is being
|
||||
* used. The extra state information to record how much of the
|
||||
* 128bit block we have used is contained in *num;
|
||||
*/
|
||||
|
||||
void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
|
||||
const unsigned long length, const AES_KEY *key,
|
||||
unsigned char *ivec, int *num, const int enc) {
|
||||
|
||||
unsigned int n;
|
||||
unsigned long l = length;
|
||||
unsigned char c;
|
||||
|
||||
assert(in && out && key && ivec && num);
|
||||
|
||||
n = *num;
|
||||
|
||||
if (enc) {
|
||||
while (l--) {
|
||||
if (n == 0) {
|
||||
AES_encrypt(ivec, ivec, key);
|
||||
}
|
||||
ivec[n] = *(out++) = *(in++) ^ ivec[n];
|
||||
n = (n+1) % AES_BLOCK_SIZE;
|
||||
}
|
||||
} else {
|
||||
while (l--) {
|
||||
if (n == 0) {
|
||||
AES_encrypt(ivec, ivec, key);
|
||||
}
|
||||
c = *(in);
|
||||
*(out++) = *(in++) ^ ivec[n];
|
||||
ivec[n] = c;
|
||||
n = (n+1) % AES_BLOCK_SIZE;
|
||||
}
|
||||
}
|
||||
|
||||
*num=n;
|
||||
}
|
||||
|
1257
crypto/openssl/crypto/aes/aes_core.c
Normal file
1257
crypto/openssl/crypto/aes/aes_core.c
Normal file
File diff suppressed because it is too large
Load Diff
128
crypto/openssl/crypto/aes/aes_ctr.c
Normal file
128
crypto/openssl/crypto/aes/aes_ctr.c
Normal file
@ -0,0 +1,128 @@
|
||||
/* crypto/aes/aes_ctr.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef AES_DEBUG
|
||||
# ifndef NDEBUG
|
||||
# define NDEBUG
|
||||
# endif
|
||||
#endif
|
||||
#include <assert.h>
|
||||
|
||||
#include <openssl/aes.h>
|
||||
#include "aes_locl.h"
|
||||
|
||||
/* NOTE: CTR mode is big-endian. The rest of the AES code
|
||||
* is endian-neutral. */
|
||||
|
||||
/* increment counter (128-bit int) by 2^64 */
|
||||
static void AES_ctr128_inc(unsigned char *counter) {
|
||||
unsigned long c;
|
||||
|
||||
/* Grab 3rd dword of counter and increment */
|
||||
#ifdef L_ENDIAN
|
||||
c = GETU32(counter + 8);
|
||||
c++;
|
||||
PUTU32(counter + 8, c);
|
||||
#else
|
||||
c = GETU32(counter + 4);
|
||||
c++;
|
||||
PUTU32(counter + 4, c);
|
||||
#endif
|
||||
|
||||
/* if no overflow, we're done */
|
||||
if (c)
|
||||
return;
|
||||
|
||||
/* Grab top dword of counter and increment */
|
||||
#ifdef L_ENDIAN
|
||||
c = GETU32(counter + 12);
|
||||
c++;
|
||||
PUTU32(counter + 12, c);
|
||||
#else
|
||||
c = GETU32(counter + 0);
|
||||
c++;
|
||||
PUTU32(counter + 0, c);
|
||||
#endif
|
||||
|
||||
}
|
||||
|
||||
/* The input encrypted as though 128bit counter mode is being
|
||||
* used. The extra state information to record how much of the
|
||||
* 128bit block we have used is contained in *num, and the
|
||||
* encrypted counter is kept in ecount_buf. Both *num and
|
||||
* ecount_buf must be initialised with zeros before the first
|
||||
* call to AES_ctr128_encrypt().
|
||||
*/
|
||||
void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
|
||||
const unsigned long length, const AES_KEY *key,
|
||||
unsigned char counter[AES_BLOCK_SIZE],
|
||||
unsigned char ecount_buf[AES_BLOCK_SIZE],
|
||||
unsigned int *num) {
|
||||
|
||||
unsigned int n;
|
||||
unsigned long l=length;
|
||||
|
||||
assert(in && out && key && counter && num);
|
||||
assert(*num < AES_BLOCK_SIZE);
|
||||
|
||||
n = *num;
|
||||
|
||||
while (l--) {
|
||||
if (n == 0) {
|
||||
AES_encrypt(counter, ecount_buf, key);
|
||||
AES_ctr128_inc(counter);
|
||||
}
|
||||
*(out++) = *(in++) ^ ecount_buf[n];
|
||||
n = (n+1) % AES_BLOCK_SIZE;
|
||||
}
|
||||
|
||||
*num=n;
|
||||
}
|
73
crypto/openssl/crypto/aes/aes_ecb.c
Normal file
73
crypto/openssl/crypto/aes/aes_ecb.c
Normal file
@ -0,0 +1,73 @@
|
||||
/* crypto/aes/aes_ecb.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef AES_DEBUG
|
||||
# ifndef NDEBUG
|
||||
# define NDEBUG
|
||||
# endif
|
||||
#endif
|
||||
#include <assert.h>
|
||||
|
||||
#include <openssl/aes.h>
|
||||
#include "aes_locl.h"
|
||||
|
||||
void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
|
||||
const AES_KEY *key, const int enc) {
|
||||
|
||||
assert(in && out && key);
|
||||
assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
|
||||
|
||||
if (AES_ENCRYPT == enc)
|
||||
AES_encrypt(in, out, key);
|
||||
else
|
||||
AES_decrypt(in, out, key);
|
||||
}
|
||||
|
85
crypto/openssl/crypto/aes/aes_locl.h
Normal file
85
crypto/openssl/crypto/aes/aes_locl.h
Normal file
@ -0,0 +1,85 @@
|
||||
/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef HEADER_AES_LOCL_H
|
||||
#define HEADER_AES_LOCL_H
|
||||
|
||||
#include <openssl/e_os2.h>
|
||||
|
||||
#ifdef OPENSSL_NO_AES
|
||||
#error AES is disabled.
|
||||
#endif
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#if defined(_MSC_VER) && !defined(OPENSSL_SYS_WINCE)
|
||||
# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
|
||||
# define GETU32(p) SWAP(*((u32 *)(p)))
|
||||
# define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }
|
||||
#else
|
||||
# define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3]))
|
||||
# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); }
|
||||
#endif
|
||||
|
||||
typedef unsigned long u32;
|
||||
typedef unsigned short u16;
|
||||
typedef unsigned char u8;
|
||||
|
||||
#define MAXKC (256/32)
|
||||
#define MAXKB (256/8)
|
||||
#define MAXNR 14
|
||||
|
||||
/* This controls loop-unrolling in aes_core.c */
|
||||
#undef FULL_UNROLL
|
||||
|
||||
#endif /* !HEADER_AES_LOCL_H */
|
64
crypto/openssl/crypto/aes/aes_misc.c
Normal file
64
crypto/openssl/crypto/aes/aes_misc.c
Normal file
@ -0,0 +1,64 @@
|
||||
/* crypto/aes/aes_misc.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
*/
|
||||
|
||||
#include <openssl/opensslv.h>
|
||||
#include <openssl/aes.h>
|
||||
#include "aes_locl.h"
|
||||
|
||||
const char *AES_version="AES" OPENSSL_VERSION_PTEXT;
|
||||
|
||||
const char *AES_options(void) {
|
||||
#ifdef FULL_UNROLL
|
||||
return "aes(full)";
|
||||
#else
|
||||
return "aes(partial)";
|
||||
#endif
|
||||
}
|
142
crypto/openssl/crypto/aes/aes_ofb.c
Normal file
142
crypto/openssl/crypto/aes/aes_ofb.c
Normal file
@ -0,0 +1,142 @@
|
||||
/* crypto/aes/aes_ofb.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
*/
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
#ifndef AES_DEBUG
|
||||
# ifndef NDEBUG
|
||||
# define NDEBUG
|
||||
# endif
|
||||
#endif
|
||||
#include <assert.h>
|
||||
|
||||
#include <openssl/aes.h>
|
||||
#include "aes_locl.h"
|
||||
|
||||
/* The input and output encrypted as though 128bit ofb mode is being
|
||||
* used. The extra state information to record how much of the
|
||||
* 128bit block we have used is contained in *num;
|
||||
*/
|
||||
void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
|
||||
const unsigned long length, const AES_KEY *key,
|
||||
unsigned char *ivec, int *num) {
|
||||
|
||||
unsigned int n;
|
||||
unsigned long l=length;
|
||||
|
||||
assert(in && out && key && ivec && num);
|
||||
|
||||
n = *num;
|
||||
|
||||
while (l--) {
|
||||
if (n == 0) {
|
||||
AES_encrypt(ivec, ivec, key);
|
||||
}
|
||||
*(out++) = *(in++) ^ ivec[n];
|
||||
n = (n+1) % AES_BLOCK_SIZE;
|
||||
}
|
||||
|
||||
*num=n;
|
||||
}
|
File diff suppressed because it is too large
Load Diff
@ -60,27 +60,9 @@
|
||||
#include "cryptlib.h"
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
ASN1_BIT_STRING *ASN1_BIT_STRING_new(void)
|
||||
{ return M_ASN1_BIT_STRING_new(); }
|
||||
|
||||
void ASN1_BIT_STRING_free(ASN1_BIT_STRING *x)
|
||||
{ M_ASN1_BIT_STRING_free(x); }
|
||||
|
||||
int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
|
||||
{ return M_ASN1_BIT_STRING_set(x, d, len); }
|
||||
|
||||
int i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
|
||||
{
|
||||
int len, ret;
|
||||
len = i2c_ASN1_BIT_STRING(a, NULL);
|
||||
ret=ASN1_object_size(0,len,V_ASN1_BIT_STRING);
|
||||
if(pp) {
|
||||
ASN1_put_object(pp,0,len,V_ASN1_BIT_STRING,V_ASN1_UNIVERSAL);
|
||||
i2c_ASN1_BIT_STRING(a, pp);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
|
||||
{
|
||||
int ret,j,bits,len;
|
||||
@ -131,40 +113,6 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
|
||||
return(ret);
|
||||
}
|
||||
|
||||
|
||||
/* Convert DER encoded ASN1 BIT_STRING to ASN1_BIT_STRING structure */
|
||||
ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
|
||||
long length)
|
||||
{
|
||||
unsigned char *p;
|
||||
long len;
|
||||
int i;
|
||||
int inf,tag,xclass;
|
||||
ASN1_BIT_STRING *ret;
|
||||
|
||||
p= *pp;
|
||||
inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
|
||||
if (inf & 0x80)
|
||||
{
|
||||
i=ASN1_R_BAD_OBJECT_HEADER;
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (tag != V_ASN1_BIT_STRING)
|
||||
{
|
||||
i=ASN1_R_EXPECTING_A_BIT_STRING;
|
||||
goto err;
|
||||
}
|
||||
if (len < 1) { i=ASN1_R_STRING_TOO_SHORT; goto err; }
|
||||
ret = c2i_ASN1_BIT_STRING(a, &p, len);
|
||||
if(ret) *pp = p;
|
||||
return ret;
|
||||
err:
|
||||
ASN1err(ASN1_F_D2I_ASN1_BIT_STRING,i);
|
||||
return(NULL);
|
||||
|
||||
}
|
||||
|
||||
ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
|
||||
long len)
|
||||
{
|
||||
@ -172,6 +120,12 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
|
||||
unsigned char *p,*s;
|
||||
int i;
|
||||
|
||||
if (len < 1)
|
||||
{
|
||||
i=ASN1_R_STRING_TOO_SHORT;
|
||||
goto err;
|
||||
}
|
||||
|
||||
if ((a == NULL) || ((*a) == NULL))
|
||||
{
|
||||
if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL);
|
||||
@ -237,7 +191,9 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
|
||||
if (a->data == NULL)
|
||||
c=(unsigned char *)OPENSSL_malloc(w+1);
|
||||
else
|
||||
c=(unsigned char *)OPENSSL_realloc(a->data,w+1);
|
||||
c=(unsigned char *)OPENSSL_realloc_clean(a->data,
|
||||
a->length,
|
||||
w+1);
|
||||
if (c == NULL) return(0);
|
||||
if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length);
|
||||
a->data=c;
|
||||
|
@ -58,7 +58,7 @@
|
||||
|
||||
#include <stdio.h>
|
||||
#include "cryptlib.h"
|
||||
#include <openssl/asn1.h>
|
||||
#include <openssl/asn1t.h>
|
||||
|
||||
int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
|
||||
{
|
||||
@ -110,3 +110,5 @@ int d2i_ASN1_BOOLEAN(int *a, unsigned char **pp, long length)
|
||||
ASN1err(ASN1_F_D2I_ASN1_BOOLEAN,i);
|
||||
return(ret);
|
||||
}
|
||||
|
||||
|
||||
|
@ -58,18 +58,7 @@
|
||||
|
||||
#include <stdio.h>
|
||||
#include "cryptlib.h"
|
||||
#include <openssl/asn1_mac.h>
|
||||
|
||||
static unsigned long tag2bit[32]={
|
||||
0, 0, 0, B_ASN1_BIT_STRING, /* tags 0 - 3 */
|
||||
B_ASN1_OCTET_STRING, 0, 0, B_ASN1_UNKNOWN,/* tags 4- 7 */
|
||||
B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,/* tags 8-11 */
|
||||
B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */
|
||||
0, 0, B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING,
|
||||
B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING,0,
|
||||
0,B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING,
|
||||
B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN,
|
||||
};
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c);
|
||||
/* type is a 'bitmap' of acceptable string types.
|
||||
@ -92,7 +81,7 @@ ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, unsigned char **pp,
|
||||
i=ASN1_R_TAG_VALUE_TOO_HIGH;;
|
||||
goto err;
|
||||
}
|
||||
if (!(tag2bit[tag] & type))
|
||||
if (!(ASN1_tag2bit(tag) & type))
|
||||
{
|
||||
i=ASN1_R_WRONG_TYPE;
|
||||
goto err;
|
||||
@ -296,7 +285,7 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c)
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (!BUF_MEM_grow(&b,num+os->length))
|
||||
if (!BUF_MEM_grow_clean(&b,num+os->length))
|
||||
{
|
||||
c->error=ERR_R_BUF_LIB;
|
||||
goto err;
|
||||
|
@ -61,9 +61,11 @@
|
||||
#include <openssl/buffer.h>
|
||||
#include <openssl/asn1_mac.h>
|
||||
|
||||
#define HEADER_SIZE 8
|
||||
static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);
|
||||
|
||||
#ifndef NO_OLD_ASN1
|
||||
#ifndef OPENSSL_NO_FP_API
|
||||
|
||||
#ifndef NO_FP_API
|
||||
char *ASN1_d2i_fp(char *(*xnew)(), char *(*d2i)(), FILE *in,
|
||||
unsigned char **x)
|
||||
{
|
||||
@ -85,21 +87,81 @@ char *ASN1_d2i_fp(char *(*xnew)(), char *(*d2i)(), FILE *in,
|
||||
char *ASN1_d2i_bio(char *(*xnew)(), char *(*d2i)(), BIO *in,
|
||||
unsigned char **x)
|
||||
{
|
||||
BUF_MEM *b = NULL;
|
||||
unsigned char *p;
|
||||
char *ret=NULL;
|
||||
int len;
|
||||
|
||||
len = asn1_d2i_read_bio(in, &b);
|
||||
if(len < 0) goto err;
|
||||
|
||||
p=(unsigned char *)b->data;
|
||||
ret=d2i(x,&p,len);
|
||||
err:
|
||||
if (b != NULL) BUF_MEM_free(b);
|
||||
return(ret);
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
|
||||
{
|
||||
BUF_MEM *b = NULL;
|
||||
unsigned char *p;
|
||||
void *ret=NULL;
|
||||
int len;
|
||||
|
||||
len = asn1_d2i_read_bio(in, &b);
|
||||
if(len < 0) goto err;
|
||||
|
||||
p=(unsigned char *)b->data;
|
||||
ret=ASN1_item_d2i(x,&p,len, it);
|
||||
err:
|
||||
if (b != NULL) BUF_MEM_free(b);
|
||||
return(ret);
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_FP_API
|
||||
void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
|
||||
{
|
||||
BIO *b;
|
||||
char *ret;
|
||||
|
||||
if ((b=BIO_new(BIO_s_file())) == NULL)
|
||||
{
|
||||
ASN1err(ASN1_F_ASN1_D2I_FP,ERR_R_BUF_LIB);
|
||||
return(NULL);
|
||||
}
|
||||
BIO_set_fp(b,in,BIO_NOCLOSE);
|
||||
ret=ASN1_item_d2i_bio(it,b,x);
|
||||
BIO_free(b);
|
||||
return(ret);
|
||||
}
|
||||
#endif
|
||||
|
||||
#define HEADER_SIZE 8
|
||||
static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
|
||||
{
|
||||
BUF_MEM *b;
|
||||
unsigned char *p;
|
||||
int i;
|
||||
char *ret=NULL;
|
||||
int ret=-1;
|
||||
ASN1_CTX c;
|
||||
int want=HEADER_SIZE;
|
||||
int eos=0;
|
||||
#if defined(__GNUC__) && defined(__ia64)
|
||||
/* pathetic compiler bug in all known versions as of Nov. 2002 */
|
||||
long off=0;
|
||||
#else
|
||||
int off=0;
|
||||
#endif
|
||||
int len=0;
|
||||
|
||||
b=BUF_MEM_new();
|
||||
if (b == NULL)
|
||||
{
|
||||
ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
|
||||
return(NULL);
|
||||
return -1;
|
||||
}
|
||||
|
||||
ERR_clear_error();
|
||||
@ -109,7 +171,7 @@ char *ASN1_d2i_bio(char *(*xnew)(), char *(*d2i)(), BIO *in,
|
||||
{
|
||||
want-=(len-off);
|
||||
|
||||
if (!BUF_MEM_grow(b,len+want))
|
||||
if (!BUF_MEM_grow_clean(b,len+want))
|
||||
{
|
||||
ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
@ -164,18 +226,23 @@ char *ASN1_d2i_bio(char *(*xnew)(), char *(*d2i)(), BIO *in,
|
||||
if (want > (len-off))
|
||||
{
|
||||
want-=(len-off);
|
||||
if (!BUF_MEM_grow(b,len+want))
|
||||
if (!BUF_MEM_grow_clean(b,len+want))
|
||||
{
|
||||
ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
i=BIO_read(in,&(b->data[len]),want);
|
||||
if (i <= 0)
|
||||
while (want > 0)
|
||||
{
|
||||
ASN1err(ASN1_F_ASN1_D2I_BIO,ASN1_R_NOT_ENOUGH_DATA);
|
||||
goto err;
|
||||
i=BIO_read(in,&(b->data[len]),want);
|
||||
if (i <= 0)
|
||||
{
|
||||
ASN1err(ASN1_F_ASN1_D2I_BIO,
|
||||
ASN1_R_NOT_ENOUGH_DATA);
|
||||
goto err;
|
||||
}
|
||||
len+=i;
|
||||
want -= i;
|
||||
}
|
||||
len+=i;
|
||||
}
|
||||
off+=(int)c.slen;
|
||||
if (eos <= 0)
|
||||
@ -187,8 +254,8 @@ char *ASN1_d2i_bio(char *(*xnew)(), char *(*d2i)(), BIO *in,
|
||||
}
|
||||
}
|
||||
|
||||
p=(unsigned char *)b->data;
|
||||
ret=d2i(x,&p,off);
|
||||
*pb = b;
|
||||
return off;
|
||||
err:
|
||||
if (b != NULL) BUF_MEM_free(b);
|
||||
return(ret);
|
||||
|
@ -69,10 +69,11 @@
|
||||
#include <openssl/buffer.h>
|
||||
#include <openssl/x509.h>
|
||||
|
||||
#ifndef NO_ASN1_OLD
|
||||
|
||||
int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data,
|
||||
unsigned char *md, unsigned int *len)
|
||||
{
|
||||
EVP_MD_CTX ctx;
|
||||
int i;
|
||||
unsigned char *str,*p;
|
||||
|
||||
@ -81,9 +82,24 @@ int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data,
|
||||
p=str;
|
||||
i2d(data,&p);
|
||||
|
||||
EVP_DigestInit(&ctx,type);
|
||||
EVP_DigestUpdate(&ctx,str,i);
|
||||
EVP_DigestFinal(&ctx,md,len);
|
||||
EVP_Digest(str, i, md, len, type, NULL);
|
||||
OPENSSL_free(str);
|
||||
return(1);
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
|
||||
unsigned char *md, unsigned int *len)
|
||||
{
|
||||
int i;
|
||||
unsigned char *str = NULL;
|
||||
|
||||
i=ASN1_item_i2d(asn,&str, it);
|
||||
if (!str) return(0);
|
||||
|
||||
EVP_Digest(str, i, md, len, type, NULL);
|
||||
OPENSSL_free(str);
|
||||
return(1);
|
||||
}
|
||||
|
@ -58,9 +58,9 @@
|
||||
|
||||
#include <stdio.h>
|
||||
#include "cryptlib.h"
|
||||
#include <openssl/asn1_mac.h>
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
#define READ_CHUNK 2048
|
||||
#ifndef NO_OLD_ASN1
|
||||
|
||||
char *ASN1_dup(int (*i2d)(), char *(*d2i)(), char *x)
|
||||
{
|
||||
@ -81,3 +81,27 @@ char *ASN1_dup(int (*i2d)(), char *(*d2i)(), char *x)
|
||||
OPENSSL_free(b);
|
||||
return(ret);
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
/* ASN1_ITEM version of dup: this follows the model above except we don't need
|
||||
* to allocate the buffer. At some point this could be rewritten to directly dup
|
||||
* the underlying structure instead of doing and encode and decode.
|
||||
*/
|
||||
|
||||
void *ASN1_item_dup(const ASN1_ITEM *it, void *x)
|
||||
{
|
||||
unsigned char *b = NULL, *p;
|
||||
long i;
|
||||
void *ret;
|
||||
|
||||
if (x == NULL) return(NULL);
|
||||
|
||||
i=ASN1_item_i2d(x,&b,it);
|
||||
if (b == NULL)
|
||||
{ ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
|
||||
p= b;
|
||||
ret=ASN1_item_d2i(NULL,&p,i, it);
|
||||
OPENSSL_free(b);
|
||||
return(ret);
|
||||
}
|
||||
|
@ -65,60 +65,6 @@
|
||||
* for comments on encoding see a_int.c
|
||||
*/
|
||||
|
||||
ASN1_ENUMERATED *ASN1_ENUMERATED_new(void)
|
||||
{ return M_ASN1_ENUMERATED_new(); }
|
||||
|
||||
void ASN1_ENUMERATED_free(ASN1_ENUMERATED *x)
|
||||
{ M_ASN1_ENUMERATED_free(x); }
|
||||
|
||||
|
||||
int i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a, unsigned char **pp)
|
||||
{
|
||||
int len, ret;
|
||||
if(!a) return 0;
|
||||
len = i2c_ASN1_INTEGER(a, NULL);
|
||||
ret=ASN1_object_size(0,len,V_ASN1_ENUMERATED);
|
||||
if(pp) {
|
||||
ASN1_put_object(pp,0,len,V_ASN1_ENUMERATED,V_ASN1_UNIVERSAL);
|
||||
i2c_ASN1_INTEGER(a, pp);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a, unsigned char **pp,
|
||||
long length)
|
||||
{
|
||||
unsigned char *p;
|
||||
long len;
|
||||
int i;
|
||||
int inf,tag,xclass;
|
||||
ASN1_ENUMERATED *ret;
|
||||
|
||||
p= *pp;
|
||||
inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
|
||||
if (inf & 0x80)
|
||||
{
|
||||
i=ASN1_R_BAD_OBJECT_HEADER;
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (tag != V_ASN1_ENUMERATED)
|
||||
{
|
||||
i=ASN1_R_EXPECTING_AN_ENUMERATED;
|
||||
goto err;
|
||||
}
|
||||
ret = c2i_ASN1_INTEGER(a, &p, len);
|
||||
if(ret) {
|
||||
ret->type = (V_ASN1_NEG & ret->type) | V_ASN1_ENUMERATED;
|
||||
*pp = p;
|
||||
}
|
||||
return ret;
|
||||
err:
|
||||
ASN1err(ASN1_F_D2I_ASN1_ENUMERATED,i);
|
||||
return(NULL);
|
||||
|
||||
}
|
||||
|
||||
int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
|
||||
{
|
||||
int i,j,k;
|
||||
@ -168,7 +114,7 @@ long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
|
||||
if (i == V_ASN1_NEG_ENUMERATED)
|
||||
neg=1;
|
||||
else if (i != V_ASN1_ENUMERATED)
|
||||
return(0);
|
||||
return -1;
|
||||
|
||||
if (a->length > sizeof(long))
|
||||
{
|
||||
@ -176,7 +122,7 @@ long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
|
||||
return(0xffffffffL);
|
||||
}
|
||||
if (a->data == NULL)
|
||||
return(0);
|
||||
return 0;
|
||||
|
||||
for (i=0; i<a->length; i++)
|
||||
{
|
||||
@ -207,8 +153,7 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
|
||||
len=((j == 0)?0:((j/8)+1));
|
||||
if (ret->length < len+4)
|
||||
{
|
||||
unsigned char *new_data=
|
||||
OPENSSL_realloc(ret->data, len+4);
|
||||
unsigned char *new_data=OPENSSL_realloc(ret->data, len+4);
|
||||
if (!new_data)
|
||||
{
|
||||
ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
|
||||
|
@ -61,13 +61,10 @@
|
||||
#include <stdio.h>
|
||||
#include <time.h>
|
||||
#include "cryptlib.h"
|
||||
#include "o_time.h"
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_new(void)
|
||||
{ return M_ASN1_GENERALIZEDTIME_new(); }
|
||||
|
||||
void ASN1_GENERALIZEDTIME_free(ASN1_GENERALIZEDTIME *x)
|
||||
{ M_ASN1_GENERALIZEDTIME_free(x); }
|
||||
#if 0
|
||||
|
||||
int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp)
|
||||
{
|
||||
@ -116,6 +113,8 @@ ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a,
|
||||
return(NULL);
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
|
||||
{
|
||||
static int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0};
|
||||
@ -147,6 +146,19 @@ int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
|
||||
|
||||
if ((n < min[i]) || (n > max[i])) goto err;
|
||||
}
|
||||
/* Optional fractional seconds: decimal point followed by one
|
||||
* or more digits.
|
||||
*/
|
||||
if (a[o] == '.')
|
||||
{
|
||||
if (++o > l) goto err;
|
||||
i = o;
|
||||
while ((a[o] >= '0') && (a[o] <= '9') && (o <= l))
|
||||
o++;
|
||||
/* Must have at least one digit after decimal point */
|
||||
if (i == o) goto err;
|
||||
}
|
||||
|
||||
if (a[o] == 'Z')
|
||||
o++;
|
||||
else if ((a[o] == '+') || (a[o] == '-'))
|
||||
@ -182,6 +194,7 @@ int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str)
|
||||
{
|
||||
ASN1_STRING_set((ASN1_STRING *)s,
|
||||
(unsigned char *)str,t.length);
|
||||
s->type=V_ASN1_GENERALIZEDTIME;
|
||||
}
|
||||
return(1);
|
||||
}
|
||||
@ -194,21 +207,17 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
|
||||
{
|
||||
char *p;
|
||||
struct tm *ts;
|
||||
#if defined(THREADS) && !defined(WIN32)
|
||||
struct tm data;
|
||||
#endif
|
||||
|
||||
if (s == NULL)
|
||||
s=M_ASN1_GENERALIZEDTIME_new();
|
||||
if (s == NULL)
|
||||
return(NULL);
|
||||
|
||||
#if defined(THREADS) && !defined(WIN32) && ! defined(_DARWIN)
|
||||
gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */
|
||||
ts=&data;
|
||||
#else
|
||||
ts=gmtime(&t);
|
||||
#endif
|
||||
ts=OPENSSL_gmtime(&t, &data);
|
||||
if (ts == NULL)
|
||||
return(NULL);
|
||||
|
||||
p=(char *)s->data;
|
||||
if ((p == NULL) || (s->length < 16))
|
||||
{
|
||||
|
@ -59,9 +59,11 @@
|
||||
#include <stdio.h>
|
||||
#include "cryptlib.h"
|
||||
#include <openssl/buffer.h>
|
||||
#include <openssl/asn1_mac.h>
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
#ifndef NO_FP_API
|
||||
#ifndef NO_OLD_ASN1
|
||||
|
||||
#ifndef OPENSSL_NO_FP_API
|
||||
int ASN1_i2d_fp(int (*i2d)(), FILE *out, unsigned char *x)
|
||||
{
|
||||
BIO *b;
|
||||
@ -111,3 +113,51 @@ int ASN1_i2d_bio(int (*i2d)(), BIO *out, unsigned char *x)
|
||||
OPENSSL_free(b);
|
||||
return(ret);
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_FP_API
|
||||
int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x)
|
||||
{
|
||||
BIO *b;
|
||||
int ret;
|
||||
|
||||
if ((b=BIO_new(BIO_s_file())) == NULL)
|
||||
{
|
||||
ASN1err(ASN1_F_ASN1_I2D_FP,ERR_R_BUF_LIB);
|
||||
return(0);
|
||||
}
|
||||
BIO_set_fp(b,out,BIO_NOCLOSE);
|
||||
ret=ASN1_item_i2d_bio(it,b,x);
|
||||
BIO_free(b);
|
||||
return(ret);
|
||||
}
|
||||
#endif
|
||||
|
||||
int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x)
|
||||
{
|
||||
unsigned char *b = NULL;
|
||||
int i,j=0,n,ret=1;
|
||||
|
||||
n = ASN1_item_i2d(x, &b, it);
|
||||
if (b == NULL)
|
||||
{
|
||||
ASN1err(ASN1_F_ASN1_I2D_BIO,ERR_R_MALLOC_FAILURE);
|
||||
return(0);
|
||||
}
|
||||
|
||||
for (;;)
|
||||
{
|
||||
i=BIO_write(out,&(b[j]),n);
|
||||
if (i == n) break;
|
||||
if (i <= 0)
|
||||
{
|
||||
ret=0;
|
||||
break;
|
||||
}
|
||||
j+=i;
|
||||
n-=i;
|
||||
}
|
||||
OPENSSL_free(b);
|
||||
return(ret);
|
||||
}
|
||||
|
@ -60,33 +60,12 @@
|
||||
#include "cryptlib.h"
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
ASN1_INTEGER *ASN1_INTEGER_new(void)
|
||||
{ return M_ASN1_INTEGER_new();}
|
||||
|
||||
void ASN1_INTEGER_free(ASN1_INTEGER *x)
|
||||
{ M_ASN1_INTEGER_free(x);}
|
||||
|
||||
ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x)
|
||||
{ return M_ASN1_INTEGER_dup(x);}
|
||||
|
||||
int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y)
|
||||
{ return M_ASN1_INTEGER_cmp(x,y);}
|
||||
|
||||
/* Output ASN1 INTEGER including tag+length */
|
||||
|
||||
int i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
|
||||
{
|
||||
int len, ret;
|
||||
if(!a) return 0;
|
||||
len = i2c_ASN1_INTEGER(a, NULL);
|
||||
ret=ASN1_object_size(0,len,V_ASN1_INTEGER);
|
||||
if(pp) {
|
||||
ASN1_put_object(pp,0,len,V_ASN1_INTEGER,V_ASN1_UNIVERSAL);
|
||||
i2c_ASN1_INTEGER(a, pp);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
* This converts an ASN1 INTEGER into its content encoding.
|
||||
* The internal representation is an ASN1_STRING whose data is a big endian
|
||||
@ -174,39 +153,6 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
|
||||
return(ret);
|
||||
}
|
||||
|
||||
/* Convert DER encoded ASN1 INTEGER to ASN1_INTEGER structure */
|
||||
ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
|
||||
long length)
|
||||
{
|
||||
unsigned char *p;
|
||||
long len;
|
||||
int i;
|
||||
int inf,tag,xclass;
|
||||
ASN1_INTEGER *ret;
|
||||
|
||||
p= *pp;
|
||||
inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
|
||||
if (inf & 0x80)
|
||||
{
|
||||
i=ASN1_R_BAD_OBJECT_HEADER;
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (tag != V_ASN1_INTEGER)
|
||||
{
|
||||
i=ASN1_R_EXPECTING_AN_INTEGER;
|
||||
goto err;
|
||||
}
|
||||
ret = c2i_ASN1_INTEGER(a, &p, len);
|
||||
if(ret) *pp = p;
|
||||
return ret;
|
||||
err:
|
||||
ASN1err(ASN1_F_D2I_ASN1_INTEGER,i);
|
||||
return(NULL);
|
||||
|
||||
}
|
||||
|
||||
|
||||
/* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */
|
||||
|
||||
ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
|
||||
@ -414,7 +360,7 @@ long ASN1_INTEGER_get(ASN1_INTEGER *a)
|
||||
if (i == V_ASN1_NEG_INTEGER)
|
||||
neg=1;
|
||||
else if (i != V_ASN1_INTEGER)
|
||||
return(0);
|
||||
return -1;
|
||||
|
||||
if (a->length > sizeof(long))
|
||||
{
|
||||
@ -422,7 +368,7 @@ long ASN1_INTEGER_get(ASN1_INTEGER *a)
|
||||
return(0xffffffffL);
|
||||
}
|
||||
if (a->data == NULL)
|
||||
return(0);
|
||||
return 0;
|
||||
|
||||
for (i=0; i<a->length; i++)
|
||||
{
|
||||
@ -453,7 +399,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
|
||||
len=((j == 0)?0:((j/8)+1));
|
||||
if (ret->length < len+4)
|
||||
{
|
||||
unsigned char *new_data= OPENSSL_realloc(ret->data, len+4);
|
||||
unsigned char *new_data=OPENSSL_realloc(ret->data, len+4);
|
||||
if (!new_data)
|
||||
{
|
||||
ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
|
||||
@ -462,6 +408,12 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
|
||||
ret->data=new_data;
|
||||
}
|
||||
ret->length=BN_bn2bin(bn,ret->data);
|
||||
/* Correct zero case */
|
||||
if(!ret->length)
|
||||
{
|
||||
ret->data[0] = 0;
|
||||
ret->length = 1;
|
||||
}
|
||||
return(ret);
|
||||
err:
|
||||
if (ret != ai) M_ASN1_INTEGER_free(ret);
|
||||
|
@ -183,8 +183,8 @@ int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
|
||||
|
||||
if ((a == NULL) || (a->data == NULL))
|
||||
return(BIO_write(bp,"NULL",4));
|
||||
i=i2t_ASN1_OBJECT(buf,80,a);
|
||||
if (i > 80) i=80;
|
||||
i=i2t_ASN1_OBJECT(buf,sizeof buf,a);
|
||||
if (i > sizeof buf) i=sizeof buf;
|
||||
BIO_write(bp,buf,i);
|
||||
return(i);
|
||||
}
|
||||
@ -302,7 +302,7 @@ void ASN1_OBJECT_free(ASN1_OBJECT *a)
|
||||
}
|
||||
|
||||
ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
|
||||
char *sn, char *ln)
|
||||
const char *sn, const char *ln)
|
||||
{
|
||||
ASN1_OBJECT o;
|
||||
|
||||
|
@ -60,12 +60,6 @@
|
||||
#include "cryptlib.h"
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
ASN1_OCTET_STRING *ASN1_OCTET_STRING_new(void)
|
||||
{ return M_ASN1_OCTET_STRING_new(); }
|
||||
|
||||
void ASN1_OCTET_STRING_free(ASN1_OCTET_STRING *x)
|
||||
{ M_ASN1_OCTET_STRING_free(x); }
|
||||
|
||||
ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *x)
|
||||
{ return M_ASN1_OCTET_STRING_dup(x); }
|
||||
|
||||
@ -75,21 +69,3 @@ int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b)
|
||||
int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, unsigned char *d, int len)
|
||||
{ return M_ASN1_OCTET_STRING_set(x, d, len); }
|
||||
|
||||
int i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *a, unsigned char **pp)
|
||||
{ return M_i2d_ASN1_OCTET_STRING(a, pp); }
|
||||
|
||||
ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **a,
|
||||
unsigned char **pp, long length)
|
||||
{
|
||||
ASN1_OCTET_STRING *ret=NULL;
|
||||
|
||||
ret=(ASN1_OCTET_STRING *)d2i_ASN1_bytes((ASN1_STRING **)a,
|
||||
pp,length,V_ASN1_OCTET_STRING,V_ASN1_UNIVERSAL);
|
||||
if (ret == NULL)
|
||||
{
|
||||
ASN1err(ASN1_F_D2I_ASN1_OCTET_STRING,ERR_R_NESTED_ASN1_ERROR);
|
||||
return(NULL);
|
||||
}
|
||||
return(ret);
|
||||
}
|
||||
|
||||
|
@ -60,50 +60,6 @@
|
||||
#include "cryptlib.h"
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
ASN1_IA5STRING *ASN1_IA5STRING_new(void)
|
||||
{ return M_ASN1_IA5STRING_new();}
|
||||
|
||||
void ASN1_IA5STRING_free(ASN1_IA5STRING *x)
|
||||
{ M_ASN1_IA5STRING_free(x);}
|
||||
|
||||
int i2d_ASN1_IA5STRING(ASN1_IA5STRING *a, unsigned char **pp)
|
||||
{ return(M_i2d_ASN1_IA5STRING(a,pp)); }
|
||||
|
||||
ASN1_IA5STRING *d2i_ASN1_IA5STRING(ASN1_IA5STRING **a, unsigned char **pp,
|
||||
long l)
|
||||
{ return(M_d2i_ASN1_IA5STRING(a,pp,l)); }
|
||||
|
||||
ASN1_T61STRING *ASN1_T61STRING_new(void)
|
||||
{ return M_ASN1_T61STRING_new();}
|
||||
|
||||
void ASN1_T61STRING_free(ASN1_T61STRING *x)
|
||||
{ M_ASN1_T61STRING_free(x);}
|
||||
|
||||
ASN1_T61STRING *d2i_ASN1_T61STRING(ASN1_T61STRING **a, unsigned char **pp,
|
||||
long l)
|
||||
{ return(M_d2i_ASN1_T61STRING(a,pp,l)); }
|
||||
|
||||
ASN1_PRINTABLESTRING *ASN1_PRINTABLESTRING_new(void)
|
||||
{ return M_ASN1_PRINTABLESTRING_new();}
|
||||
|
||||
void ASN1_PRINTABLESTRING_free(ASN1_PRINTABLESTRING *x)
|
||||
{ M_ASN1_PRINTABLESTRING_free(x);}
|
||||
|
||||
ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING **a,
|
||||
unsigned char **pp, long l)
|
||||
{ return(M_d2i_ASN1_PRINTABLESTRING(a,pp,
|
||||
l)); }
|
||||
|
||||
int i2d_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING *a, unsigned char **pp)
|
||||
{ return(M_i2d_ASN1_PRINTABLESTRING(a,pp)); }
|
||||
|
||||
int i2d_ASN1_PRINTABLE(ASN1_STRING *a, unsigned char **pp)
|
||||
{ return(M_i2d_ASN1_PRINTABLE(a,pp)); }
|
||||
|
||||
ASN1_STRING *d2i_ASN1_PRINTABLE(ASN1_STRING **a, unsigned char **pp,
|
||||
long l)
|
||||
{ return(M_d2i_ASN1_PRINTABLE(a,pp,l)); }
|
||||
|
||||
int ASN1_PRINTABLE_type(unsigned char *s, int len)
|
||||
{
|
||||
int c;
|
||||
@ -169,29 +125,3 @@ int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s)
|
||||
s->type=ASN1_PRINTABLE_type(s->data,s->length);
|
||||
return(1);
|
||||
}
|
||||
|
||||
ASN1_STRING *DIRECTORYSTRING_new(void)
|
||||
{ return M_DIRECTORYSTRING_new();}
|
||||
|
||||
void DIRECTORYSTRING_free(ASN1_STRING *x)
|
||||
{ M_DIRECTORYSTRING_free(x);}
|
||||
|
||||
int i2d_DIRECTORYSTRING(ASN1_STRING *a, unsigned char **pp)
|
||||
{ return(M_i2d_DIRECTORYSTRING(a,pp)); }
|
||||
|
||||
ASN1_STRING *d2i_DIRECTORYSTRING(ASN1_STRING **a, unsigned char **pp,
|
||||
long l)
|
||||
{ return(M_d2i_DIRECTORYSTRING(a,pp,l)); }
|
||||
|
||||
ASN1_STRING *DISPLAYTEXT_new(void)
|
||||
{ return M_DISPLAYTEXT_new();}
|
||||
|
||||
void DISPLAYTEXT_free(ASN1_STRING *x)
|
||||
{ M_DISPLAYTEXT_free(x);}
|
||||
|
||||
int i2d_DISPLAYTEXT(ASN1_STRING *a, unsigned char **pp)
|
||||
{ return(M_i2d_DISPLAYTEXT(a,pp)); }
|
||||
|
||||
ASN1_STRING *d2i_DISPLAYTEXT(ASN1_STRING **a, unsigned char **pp,
|
||||
long l)
|
||||
{ return(M_d2i_DISPLAYTEXT(a,pp,l)); }
|
||||
|
@ -60,6 +60,8 @@
|
||||
#include "cryptlib.h"
|
||||
#include <openssl/asn1_mac.h>
|
||||
|
||||
#ifndef NO_ASN1_OLD
|
||||
|
||||
typedef struct
|
||||
{
|
||||
unsigned char *pbData;
|
||||
@ -215,3 +217,4 @@ STACK *d2i_ASN1_SET(STACK **a, unsigned char **pp, long length,
|
||||
return(NULL);
|
||||
}
|
||||
|
||||
#endif
|
||||
|
@ -124,6 +124,8 @@
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/buffer.h>
|
||||
|
||||
#ifndef NO_ASN1_OLD
|
||||
|
||||
int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
|
||||
ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey,
|
||||
const EVP_MD *type)
|
||||
@ -133,6 +135,7 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
|
||||
int i,inl=0,outl=0,outll=0;
|
||||
X509_ALGOR *a;
|
||||
|
||||
EVP_MD_CTX_init(&ctx);
|
||||
for (i=0; i<2; i++)
|
||||
{
|
||||
if (i == 0)
|
||||
@ -180,7 +183,7 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
|
||||
p=buf_in;
|
||||
|
||||
i2d(data,&p);
|
||||
EVP_SignInit(&ctx,type);
|
||||
EVP_SignInit_ex(&ctx,type, NULL);
|
||||
EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
|
||||
if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
|
||||
(unsigned int *)&outl,pkey))
|
||||
@ -199,10 +202,93 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
|
||||
signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
|
||||
signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
|
||||
err:
|
||||
memset(&ctx,0,sizeof(ctx));
|
||||
EVP_MD_CTX_cleanup(&ctx);
|
||||
if (buf_in != NULL)
|
||||
{ memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); }
|
||||
{ OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
|
||||
if (buf_out != NULL)
|
||||
{ memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); }
|
||||
{ OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
|
||||
return(outl);
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
|
||||
ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey,
|
||||
const EVP_MD *type)
|
||||
{
|
||||
EVP_MD_CTX ctx;
|
||||
unsigned char *buf_in=NULL,*buf_out=NULL;
|
||||
int i,inl=0,outl=0,outll=0;
|
||||
X509_ALGOR *a;
|
||||
|
||||
EVP_MD_CTX_init(&ctx);
|
||||
for (i=0; i<2; i++)
|
||||
{
|
||||
if (i == 0)
|
||||
a=algor1;
|
||||
else
|
||||
a=algor2;
|
||||
if (a == NULL) continue;
|
||||
if (type->pkey_type == NID_dsaWithSHA1)
|
||||
{
|
||||
/* special case: RFC 2459 tells us to omit 'parameters'
|
||||
* with id-dsa-with-sha1 */
|
||||
ASN1_TYPE_free(a->parameter);
|
||||
a->parameter = NULL;
|
||||
}
|
||||
else if ((a->parameter == NULL) ||
|
||||
(a->parameter->type != V_ASN1_NULL))
|
||||
{
|
||||
ASN1_TYPE_free(a->parameter);
|
||||
if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;
|
||||
a->parameter->type=V_ASN1_NULL;
|
||||
}
|
||||
ASN1_OBJECT_free(a->algorithm);
|
||||
a->algorithm=OBJ_nid2obj(type->pkey_type);
|
||||
if (a->algorithm == NULL)
|
||||
{
|
||||
ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
|
||||
goto err;
|
||||
}
|
||||
if (a->algorithm->length == 0)
|
||||
{
|
||||
ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
inl=ASN1_item_i2d(asn,&buf_in, it);
|
||||
outll=outl=EVP_PKEY_size(pkey);
|
||||
buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
|
||||
if ((buf_in == NULL) || (buf_out == NULL))
|
||||
{
|
||||
outl=0;
|
||||
ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
|
||||
EVP_SignInit_ex(&ctx,type, NULL);
|
||||
EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
|
||||
if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
|
||||
(unsigned int *)&outl,pkey))
|
||||
{
|
||||
outl=0;
|
||||
ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB);
|
||||
goto err;
|
||||
}
|
||||
if (signature->data != NULL) OPENSSL_free(signature->data);
|
||||
signature->data=buf_out;
|
||||
buf_out=NULL;
|
||||
signature->length=outl;
|
||||
/* In the interests of compatibility, I'll make sure that
|
||||
* the bit string has a 'not-used bits' value of 0
|
||||
*/
|
||||
signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
|
||||
signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
|
||||
err:
|
||||
EVP_MD_CTX_cleanup(&ctx);
|
||||
if (buf_in != NULL)
|
||||
{ OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
|
||||
if (buf_out != NULL)
|
||||
{ OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
|
||||
return(outl);
|
||||
}
|
||||
|
@ -63,6 +63,7 @@
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
#include "charmap.h"
|
||||
#include "cryptlib.h"
|
||||
|
||||
/* ASN1_STRING_print_ex() and X509_NAME_print_ex().
|
||||
* Enhanced string and name printing routines handling
|
||||
@ -77,8 +78,8 @@
|
||||
/* Three IO functions for sending data to memory, a BIO and
|
||||
* and a FILE pointer.
|
||||
*/
|
||||
|
||||
int send_mem_chars(void *arg, const void *buf, int len)
|
||||
#if 0 /* never used */
|
||||
static int send_mem_chars(void *arg, const void *buf, int len)
|
||||
{
|
||||
unsigned char **out = arg;
|
||||
if(!out) return 1;
|
||||
@ -86,15 +87,16 @@ int send_mem_chars(void *arg, const void *buf, int len)
|
||||
*out += len;
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
int send_bio_chars(void *arg, const void *buf, int len)
|
||||
static int send_bio_chars(void *arg, const void *buf, int len)
|
||||
{
|
||||
if(!arg) return 1;
|
||||
if(BIO_write(arg, buf, len) != len) return 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
int send_fp_chars(void *arg, const void *buf, int len)
|
||||
static int send_fp_chars(void *arg, const void *buf, int len)
|
||||
{
|
||||
if(!arg) return 1;
|
||||
if(fwrite(buf, 1, len, arg) != (unsigned int)len) return 0;
|
||||
@ -113,14 +115,17 @@ typedef int char_io(void *arg, const void *buf, int len);
|
||||
static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, char_io *io_ch, void *arg)
|
||||
{
|
||||
unsigned char chflgs, chtmp;
|
||||
char tmphex[11];
|
||||
char tmphex[HEX_SIZE(long)+3];
|
||||
|
||||
if(c > 0xffffffffL)
|
||||
return -1;
|
||||
if(c > 0xffff) {
|
||||
BIO_snprintf(tmphex, 11, "\\W%08lX", c);
|
||||
BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c);
|
||||
if(!io_ch(arg, tmphex, 10)) return -1;
|
||||
return 10;
|
||||
}
|
||||
if(c > 0xff) {
|
||||
BIO_snprintf(tmphex, 11, "\\U%04lX", c);
|
||||
BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c);
|
||||
if(!io_ch(arg, tmphex, 6)) return -1;
|
||||
return 6;
|
||||
}
|
||||
@ -194,7 +199,7 @@ static int do_buf(unsigned char *buf, int buflen,
|
||||
if(type & BUF_TYPE_CONVUTF8) {
|
||||
unsigned char utfbuf[6];
|
||||
int utflen;
|
||||
utflen = UTF8_putc(utfbuf, 6, c);
|
||||
utflen = UTF8_putc(utfbuf, sizeof utfbuf, c);
|
||||
for(i = 0; i < utflen; i++) {
|
||||
/* We don't need to worry about setting orflags correctly
|
||||
* because if utflen==1 its value will be correct anyway
|
||||
@ -240,7 +245,7 @@ static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen
|
||||
* #01234 format.
|
||||
*/
|
||||
|
||||
int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str)
|
||||
static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str)
|
||||
{
|
||||
/* Placing the ASN1_STRING in a temp ASN1_TYPE allows
|
||||
* the DER encoding to readily obtained
|
||||
@ -371,6 +376,8 @@ static int do_indent(char_io *io_ch, void *arg, int indent)
|
||||
return 1;
|
||||
}
|
||||
|
||||
#define FN_WIDTH_LN 25
|
||||
#define FN_WIDTH_SN 10
|
||||
|
||||
static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
|
||||
int indent, unsigned long flags)
|
||||
@ -456,19 +463,29 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
|
||||
val = X509_NAME_ENTRY_get_data(ent);
|
||||
fn_nid = OBJ_obj2nid(fn);
|
||||
if(fn_opt != XN_FLAG_FN_NONE) {
|
||||
int objlen;
|
||||
int objlen, fld_len;
|
||||
if((fn_opt == XN_FLAG_FN_OID) || (fn_nid==NID_undef) ) {
|
||||
OBJ_obj2txt(objtmp, 80, fn, 1);
|
||||
OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1);
|
||||
fld_len = 0; /* XXX: what should this be? */
|
||||
objbuf = objtmp;
|
||||
} else {
|
||||
if(fn_opt == XN_FLAG_FN_SN)
|
||||
if(fn_opt == XN_FLAG_FN_SN) {
|
||||
fld_len = FN_WIDTH_SN;
|
||||
objbuf = OBJ_nid2sn(fn_nid);
|
||||
else if(fn_opt == XN_FLAG_FN_LN)
|
||||
} else if(fn_opt == XN_FLAG_FN_LN) {
|
||||
fld_len = FN_WIDTH_LN;
|
||||
objbuf = OBJ_nid2ln(fn_nid);
|
||||
else objbuf = "";
|
||||
} else {
|
||||
fld_len = 0; /* XXX: what should this be? */
|
||||
objbuf = "";
|
||||
}
|
||||
}
|
||||
objlen = strlen(objbuf);
|
||||
if(!io_ch(arg, objbuf, objlen)) return -1;
|
||||
if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) {
|
||||
if (!do_indent(io_ch, arg, fld_len - objlen)) return -1;
|
||||
outlen += fld_len - objlen;
|
||||
}
|
||||
if(!io_ch(arg, sep_eq, sep_eq_len)) return -1;
|
||||
outlen += objlen + sep_eq_len;
|
||||
}
|
||||
@ -491,12 +508,24 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
|
||||
|
||||
int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags)
|
||||
{
|
||||
if(flags == XN_FLAG_COMPAT)
|
||||
return X509_NAME_print(out, nm, indent);
|
||||
return do_name_ex(send_bio_chars, out, nm, indent, flags);
|
||||
}
|
||||
|
||||
|
||||
int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags)
|
||||
{
|
||||
if(flags == XN_FLAG_COMPAT)
|
||||
{
|
||||
BIO *btmp;
|
||||
int ret;
|
||||
btmp = BIO_new_fp(fp, BIO_NOCLOSE);
|
||||
if(!btmp) return -1;
|
||||
ret = X509_NAME_print(btmp, nm, indent);
|
||||
BIO_free(btmp);
|
||||
return ret;
|
||||
}
|
||||
return do_name_ex(send_fp_chars, fp, nm, indent, flags);
|
||||
}
|
||||
|
||||
@ -519,7 +548,7 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
|
||||
{
|
||||
ASN1_STRING stmp, *str = &stmp;
|
||||
int mbflag, type, ret;
|
||||
if(!*out || !in) return -1;
|
||||
if(!in) return -1;
|
||||
type = in->type;
|
||||
if((type < 0) || (type > 30)) return -1;
|
||||
mbflag = tag2nbyte[type];
|
||||
@ -528,6 +557,6 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
|
||||
stmp.data = NULL;
|
||||
ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
|
||||
if(ret < 0) return ret;
|
||||
if(out) *out = stmp.data;
|
||||
*out = stmp.data;
|
||||
return stmp.length;
|
||||
}
|
||||
|
@ -105,7 +105,7 @@ int ASN1_STRING_set_default_mask_asc(char *p)
|
||||
mask = strtoul(p + 5, &end, 0);
|
||||
if(*end) return 0;
|
||||
} else if(!strcmp(p, "nombstr"))
|
||||
mask = ~((unsigned long)(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING));
|
||||
mask = ~((unsigned long)(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING));
|
||||
else if(!strcmp(p, "pkix"))
|
||||
mask = ~((unsigned long)B_ASN1_T61STRING);
|
||||
else if(!strcmp(p, "utf8only")) mask = B_ASN1_UTF8STRING;
|
||||
@ -170,8 +170,10 @@ static ASN1_STRING_TABLE tbl_standard[] = {
|
||||
{NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0},
|
||||
{NID_surname, 1, ub_name, DIRSTRING_TYPE, 0},
|
||||
{NID_initials, 1, ub_name, DIRSTRING_TYPE, 0},
|
||||
{NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
|
||||
{NID_name, 1, ub_name, DIRSTRING_TYPE, 0},
|
||||
{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}
|
||||
{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
|
||||
{NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}
|
||||
};
|
||||
|
||||
static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
|
||||
|
@ -64,14 +64,14 @@
|
||||
#include <stdio.h>
|
||||
#include <time.h>
|
||||
#include "cryptlib.h"
|
||||
#include <openssl/asn1.h>
|
||||
#include "o_time.h"
|
||||
#include <openssl/asn1t.h>
|
||||
|
||||
ASN1_TIME *ASN1_TIME_new(void)
|
||||
{ return M_ASN1_TIME_new(); }
|
||||
IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME)
|
||||
|
||||
void ASN1_TIME_free(ASN1_TIME *x)
|
||||
{ M_ASN1_TIME_free(x); }
|
||||
IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME)
|
||||
|
||||
#if 0
|
||||
int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp)
|
||||
{
|
||||
#ifdef CHARSET_EBCDIC
|
||||
@ -95,33 +95,64 @@ int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp)
|
||||
ASN1err(ASN1_F_I2D_ASN1_TIME,ASN1_R_EXPECTING_A_TIME);
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
ASN1_TIME *d2i_ASN1_TIME(ASN1_TIME **a, unsigned char **pp, long length)
|
||||
{
|
||||
unsigned char tag;
|
||||
tag = **pp & ~V_ASN1_CONSTRUCTED;
|
||||
if(tag == (V_ASN1_UTCTIME|V_ASN1_UNIVERSAL))
|
||||
return d2i_ASN1_UTCTIME(a, pp, length);
|
||||
if(tag == (V_ASN1_GENERALIZEDTIME|V_ASN1_UNIVERSAL))
|
||||
return d2i_ASN1_GENERALIZEDTIME(a, pp, length);
|
||||
ASN1err(ASN1_F_D2I_ASN1_TIME,ASN1_R_EXPECTING_A_TIME);
|
||||
return(NULL);
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
|
||||
{
|
||||
struct tm *ts;
|
||||
#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
|
||||
struct tm data;
|
||||
|
||||
gmtime_r(&t,&data);
|
||||
ts=&data; /* should return &data, but doesn't on some systems, so we don't even look at the return value */
|
||||
#else
|
||||
ts=gmtime(&t);
|
||||
#endif
|
||||
ts=OPENSSL_gmtime(&t,&data);
|
||||
if (ts == NULL)
|
||||
return NULL;
|
||||
if((ts->tm_year >= 50) && (ts->tm_year < 150))
|
||||
return ASN1_UTCTIME_set(s, t);
|
||||
return ASN1_GENERALIZEDTIME_set(s,t);
|
||||
}
|
||||
|
||||
int ASN1_TIME_check(ASN1_TIME *t)
|
||||
{
|
||||
if (t->type == V_ASN1_GENERALIZEDTIME)
|
||||
return ASN1_GENERALIZEDTIME_check(t);
|
||||
else if (t->type == V_ASN1_UTCTIME)
|
||||
return ASN1_UTCTIME_check(t);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Convert an ASN1_TIME structure to GeneralizedTime */
|
||||
ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out)
|
||||
{
|
||||
ASN1_GENERALIZEDTIME *ret;
|
||||
char *str;
|
||||
|
||||
if (!ASN1_TIME_check(t)) return NULL;
|
||||
|
||||
if (!out || !*out)
|
||||
{
|
||||
if (!(ret = ASN1_GENERALIZEDTIME_new ()))
|
||||
return NULL;
|
||||
if (out) *out = ret;
|
||||
}
|
||||
else ret = *out;
|
||||
|
||||
/* If already GeneralizedTime just copy across */
|
||||
if (t->type == V_ASN1_GENERALIZEDTIME)
|
||||
{
|
||||
if(!ASN1_STRING_set(ret, t->data, t->length))
|
||||
return NULL;
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* grow the string */
|
||||
if (!ASN1_STRING_set(ret, NULL, t->length + 2))
|
||||
return NULL;
|
||||
str = (char *)ret->data;
|
||||
/* Work out the century and prepend */
|
||||
if (t->data[0] >= '5') strcpy(str, "19");
|
||||
else strcpy(str, "20");
|
||||
|
||||
BUF_strlcat(str, (char *)t->data, t->length+2);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
@ -57,240 +57,12 @@
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <openssl/asn1t.h>
|
||||
#include "cryptlib.h"
|
||||
#include <openssl/asn1_mac.h>
|
||||
|
||||
static void ASN1_TYPE_component_free(ASN1_TYPE *a);
|
||||
int i2d_ASN1_TYPE(ASN1_TYPE *a, unsigned char **pp)
|
||||
{
|
||||
int r=0;
|
||||
|
||||
if (a == NULL) return(0);
|
||||
|
||||
switch (a->type)
|
||||
{
|
||||
case V_ASN1_NULL:
|
||||
if (pp != NULL)
|
||||
ASN1_put_object(pp,0,0,V_ASN1_NULL,V_ASN1_UNIVERSAL);
|
||||
r=2;
|
||||
break;
|
||||
case V_ASN1_INTEGER:
|
||||
case V_ASN1_NEG_INTEGER:
|
||||
r=i2d_ASN1_INTEGER(a->value.integer,pp);
|
||||
break;
|
||||
case V_ASN1_ENUMERATED:
|
||||
case V_ASN1_NEG_ENUMERATED:
|
||||
r=i2d_ASN1_ENUMERATED(a->value.enumerated,pp);
|
||||
break;
|
||||
case V_ASN1_BIT_STRING:
|
||||
r=i2d_ASN1_BIT_STRING(a->value.bit_string,pp);
|
||||
break;
|
||||
case V_ASN1_OCTET_STRING:
|
||||
r=i2d_ASN1_OCTET_STRING(a->value.octet_string,pp);
|
||||
break;
|
||||
case V_ASN1_OBJECT:
|
||||
r=i2d_ASN1_OBJECT(a->value.object,pp);
|
||||
break;
|
||||
case V_ASN1_PRINTABLESTRING:
|
||||
r=M_i2d_ASN1_PRINTABLESTRING(a->value.printablestring,pp);
|
||||
break;
|
||||
case V_ASN1_T61STRING:
|
||||
r=M_i2d_ASN1_T61STRING(a->value.t61string,pp);
|
||||
break;
|
||||
case V_ASN1_IA5STRING:
|
||||
r=M_i2d_ASN1_IA5STRING(a->value.ia5string,pp);
|
||||
break;
|
||||
case V_ASN1_GENERALSTRING:
|
||||
r=M_i2d_ASN1_GENERALSTRING(a->value.generalstring,pp);
|
||||
break;
|
||||
case V_ASN1_UNIVERSALSTRING:
|
||||
r=M_i2d_ASN1_UNIVERSALSTRING(a->value.universalstring,pp);
|
||||
break;
|
||||
case V_ASN1_UTF8STRING:
|
||||
r=M_i2d_ASN1_UTF8STRING(a->value.utf8string,pp);
|
||||
break;
|
||||
case V_ASN1_VISIBLESTRING:
|
||||
r=M_i2d_ASN1_VISIBLESTRING(a->value.visiblestring,pp);
|
||||
break;
|
||||
case V_ASN1_BMPSTRING:
|
||||
r=M_i2d_ASN1_BMPSTRING(a->value.bmpstring,pp);
|
||||
break;
|
||||
case V_ASN1_UTCTIME:
|
||||
r=i2d_ASN1_UTCTIME(a->value.utctime,pp);
|
||||
break;
|
||||
case V_ASN1_GENERALIZEDTIME:
|
||||
r=i2d_ASN1_GENERALIZEDTIME(a->value.generalizedtime,pp);
|
||||
break;
|
||||
case V_ASN1_SET:
|
||||
case V_ASN1_SEQUENCE:
|
||||
case V_ASN1_OTHER:
|
||||
default:
|
||||
if (a->value.set == NULL)
|
||||
r=0;
|
||||
else
|
||||
{
|
||||
r=a->value.set->length;
|
||||
if (pp != NULL)
|
||||
{
|
||||
memcpy(*pp,a->value.set->data,r);
|
||||
*pp+=r;
|
||||
}
|
||||
}
|
||||
break;
|
||||
}
|
||||
return(r);
|
||||
}
|
||||
|
||||
ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, unsigned char **pp, long length)
|
||||
{
|
||||
ASN1_TYPE *ret=NULL;
|
||||
unsigned char *q,*p,*max;
|
||||
int inf,tag,xclass;
|
||||
long len;
|
||||
|
||||
if ((a == NULL) || ((*a) == NULL))
|
||||
{
|
||||
if ((ret=ASN1_TYPE_new()) == NULL) goto err;
|
||||
}
|
||||
else
|
||||
ret=(*a);
|
||||
|
||||
p= *pp;
|
||||
q=p;
|
||||
max=(p+length);
|
||||
|
||||
inf=ASN1_get_object(&q,&len,&tag,&xclass,length);
|
||||
if (inf & 0x80) goto err;
|
||||
/* If not universal tag we've no idea what it is */
|
||||
if(xclass != V_ASN1_UNIVERSAL) tag = V_ASN1_OTHER;
|
||||
|
||||
ASN1_TYPE_component_free(ret);
|
||||
|
||||
switch (tag)
|
||||
{
|
||||
case V_ASN1_NULL:
|
||||
p=q;
|
||||
ret->value.ptr=NULL;
|
||||
break;
|
||||
case V_ASN1_INTEGER:
|
||||
if ((ret->value.integer=
|
||||
d2i_ASN1_INTEGER(NULL,&p,max-p)) == NULL)
|
||||
goto err;
|
||||
break;
|
||||
case V_ASN1_ENUMERATED:
|
||||
if ((ret->value.enumerated=
|
||||
d2i_ASN1_ENUMERATED(NULL,&p,max-p)) == NULL)
|
||||
goto err;
|
||||
break;
|
||||
case V_ASN1_BIT_STRING:
|
||||
if ((ret->value.bit_string=
|
||||
d2i_ASN1_BIT_STRING(NULL,&p,max-p)) == NULL)
|
||||
goto err;
|
||||
break;
|
||||
case V_ASN1_OCTET_STRING:
|
||||
if ((ret->value.octet_string=
|
||||
d2i_ASN1_OCTET_STRING(NULL,&p,max-p)) == NULL)
|
||||
goto err;
|
||||
break;
|
||||
case V_ASN1_VISIBLESTRING:
|
||||
if ((ret->value.visiblestring=
|
||||
d2i_ASN1_VISIBLESTRING(NULL,&p,max-p)) == NULL)
|
||||
goto err;
|
||||
break;
|
||||
case V_ASN1_UTF8STRING:
|
||||
if ((ret->value.utf8string=
|
||||
d2i_ASN1_UTF8STRING(NULL,&p,max-p)) == NULL)
|
||||
goto err;
|
||||
break;
|
||||
case V_ASN1_OBJECT:
|
||||
if ((ret->value.object=
|
||||
d2i_ASN1_OBJECT(NULL,&p,max-p)) == NULL)
|
||||
goto err;
|
||||
break;
|
||||
case V_ASN1_PRINTABLESTRING:
|
||||
if ((ret->value.printablestring=
|
||||
d2i_ASN1_PRINTABLESTRING(NULL,&p,max-p)) == NULL)
|
||||
goto err;
|
||||
break;
|
||||
case V_ASN1_T61STRING:
|
||||
if ((ret->value.t61string=
|
||||
M_d2i_ASN1_T61STRING(NULL,&p,max-p)) == NULL)
|
||||
goto err;
|
||||
break;
|
||||
case V_ASN1_IA5STRING:
|
||||
if ((ret->value.ia5string=
|
||||
M_d2i_ASN1_IA5STRING(NULL,&p,max-p)) == NULL)
|
||||
goto err;
|
||||
break;
|
||||
case V_ASN1_GENERALSTRING:
|
||||
if ((ret->value.generalstring=
|
||||
M_d2i_ASN1_GENERALSTRING(NULL,&p,max-p)) == NULL)
|
||||
goto err;
|
||||
break;
|
||||
case V_ASN1_UNIVERSALSTRING:
|
||||
if ((ret->value.universalstring=
|
||||
M_d2i_ASN1_UNIVERSALSTRING(NULL,&p,max-p)) == NULL)
|
||||
goto err;
|
||||
break;
|
||||
case V_ASN1_BMPSTRING:
|
||||
if ((ret->value.bmpstring=
|
||||
M_d2i_ASN1_BMPSTRING(NULL,&p,max-p)) == NULL)
|
||||
goto err;
|
||||
break;
|
||||
case V_ASN1_UTCTIME:
|
||||
if ((ret->value.utctime=
|
||||
d2i_ASN1_UTCTIME(NULL,&p,max-p)) == NULL)
|
||||
goto err;
|
||||
break;
|
||||
case V_ASN1_GENERALIZEDTIME:
|
||||
if ((ret->value.generalizedtime=
|
||||
d2i_ASN1_GENERALIZEDTIME(NULL,&p,max-p)) == NULL)
|
||||
goto err;
|
||||
break;
|
||||
case V_ASN1_SET:
|
||||
case V_ASN1_SEQUENCE:
|
||||
case V_ASN1_OTHER:
|
||||
default:
|
||||
/* Sets and sequences are left complete */
|
||||
if ((ret->value.set=ASN1_STRING_new()) == NULL) goto err;
|
||||
ret->value.set->type=tag;
|
||||
len+=(q-p);
|
||||
if (!ASN1_STRING_set(ret->value.set,p,(int)len)) goto err;
|
||||
p+=len;
|
||||
break;
|
||||
}
|
||||
|
||||
ret->type=tag;
|
||||
if (a != NULL) (*a)=ret;
|
||||
*pp=p;
|
||||
return(ret);
|
||||
err:
|
||||
if ((ret != NULL) && ((a == NULL) || (*a != ret))) ASN1_TYPE_free(ret);
|
||||
return(NULL);
|
||||
}
|
||||
|
||||
ASN1_TYPE *ASN1_TYPE_new(void)
|
||||
{
|
||||
ASN1_TYPE *ret=NULL;
|
||||
ASN1_CTX c;
|
||||
|
||||
M_ASN1_New_Malloc(ret,ASN1_TYPE);
|
||||
ret->type= -1;
|
||||
ret->value.ptr=NULL;
|
||||
return(ret);
|
||||
M_ASN1_New_Error(ASN1_F_ASN1_TYPE_NEW);
|
||||
}
|
||||
|
||||
void ASN1_TYPE_free(ASN1_TYPE *a)
|
||||
{
|
||||
if (a == NULL) return;
|
||||
ASN1_TYPE_component_free(a);
|
||||
OPENSSL_free(a);
|
||||
}
|
||||
|
||||
int ASN1_TYPE_get(ASN1_TYPE *a)
|
||||
{
|
||||
if (a->value.ptr != NULL)
|
||||
if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL))
|
||||
return(a->type);
|
||||
else
|
||||
return(0);
|
||||
@ -299,54 +71,11 @@ int ASN1_TYPE_get(ASN1_TYPE *a)
|
||||
void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
|
||||
{
|
||||
if (a->value.ptr != NULL)
|
||||
ASN1_TYPE_component_free(a);
|
||||
ASN1_primitive_free((ASN1_VALUE **)&a, NULL);
|
||||
a->type=type;
|
||||
a->value.ptr=value;
|
||||
}
|
||||
|
||||
static void ASN1_TYPE_component_free(ASN1_TYPE *a)
|
||||
{
|
||||
if (a == NULL) return;
|
||||
|
||||
if (a->value.ptr != NULL)
|
||||
{
|
||||
switch (a->type)
|
||||
{
|
||||
case V_ASN1_OBJECT:
|
||||
ASN1_OBJECT_free(a->value.object);
|
||||
break;
|
||||
case V_ASN1_NULL:
|
||||
break;
|
||||
case V_ASN1_INTEGER:
|
||||
case V_ASN1_NEG_INTEGER:
|
||||
case V_ASN1_ENUMERATED:
|
||||
case V_ASN1_NEG_ENUMERATED:
|
||||
case V_ASN1_BIT_STRING:
|
||||
case V_ASN1_OCTET_STRING:
|
||||
case V_ASN1_SEQUENCE:
|
||||
case V_ASN1_SET:
|
||||
case V_ASN1_NUMERICSTRING:
|
||||
case V_ASN1_PRINTABLESTRING:
|
||||
case V_ASN1_T61STRING:
|
||||
case V_ASN1_VIDEOTEXSTRING:
|
||||
case V_ASN1_IA5STRING:
|
||||
case V_ASN1_UTCTIME:
|
||||
case V_ASN1_GENERALIZEDTIME:
|
||||
case V_ASN1_GRAPHICSTRING:
|
||||
case V_ASN1_VISIBLESTRING:
|
||||
case V_ASN1_GENERALSTRING:
|
||||
case V_ASN1_UNIVERSALSTRING:
|
||||
case V_ASN1_BMPSTRING:
|
||||
case V_ASN1_UTF8STRING:
|
||||
case V_ASN1_OTHER:
|
||||
default:
|
||||
ASN1_STRING_free((ASN1_STRING *)a->value.ptr);
|
||||
break;
|
||||
}
|
||||
a->type=0;
|
||||
a->value.ptr=NULL;
|
||||
}
|
||||
}
|
||||
|
||||
IMPLEMENT_STACK_OF(ASN1_TYPE)
|
||||
IMPLEMENT_ASN1_SET_OF(ASN1_TYPE)
|
||||
|
@ -58,20 +58,11 @@
|
||||
|
||||
#include <stdio.h>
|
||||
#include <time.h>
|
||||
#ifdef VMS
|
||||
#include <descrip.h>
|
||||
#include <lnmdef.h>
|
||||
#include <starlet.h>
|
||||
#endif
|
||||
#include "cryptlib.h"
|
||||
#include "o_time.h"
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
ASN1_UTCTIME *ASN1_UTCTIME_new(void)
|
||||
{ return M_ASN1_UTCTIME_new(); }
|
||||
|
||||
void ASN1_UTCTIME_free(ASN1_UTCTIME *x)
|
||||
{ M_ASN1_UTCTIME_free(x); }
|
||||
|
||||
#if 0
|
||||
int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp)
|
||||
{
|
||||
#ifndef CHARSET_EBCDIC
|
||||
@ -119,6 +110,8 @@ ASN1_UTCTIME *d2i_ASN1_UTCTIME(ASN1_UTCTIME **a, unsigned char **pp,
|
||||
return(NULL);
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
int ASN1_UTCTIME_check(ASN1_UTCTIME *d)
|
||||
{
|
||||
static int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0};
|
||||
@ -182,6 +175,7 @@ int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str)
|
||||
{
|
||||
ASN1_STRING_set((ASN1_STRING *)s,
|
||||
(unsigned char *)str,t.length);
|
||||
s->type = V_ASN1_UTCTIME;
|
||||
}
|
||||
return(1);
|
||||
}
|
||||
@ -193,59 +187,17 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
|
||||
{
|
||||
char *p;
|
||||
struct tm *ts;
|
||||
#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
|
||||
|
||||
struct tm data;
|
||||
#endif
|
||||
|
||||
if (s == NULL)
|
||||
s=M_ASN1_UTCTIME_new();
|
||||
if (s == NULL)
|
||||
return(NULL);
|
||||
|
||||
#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
|
||||
gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */
|
||||
ts=&data;
|
||||
#else
|
||||
ts=gmtime(&t);
|
||||
#endif
|
||||
#ifdef VMS
|
||||
ts=OPENSSL_gmtime(&t, &data);
|
||||
if (ts == NULL)
|
||||
{
|
||||
static $DESCRIPTOR(tabnam,"LNM$DCL_LOGICAL");
|
||||
static $DESCRIPTOR(lognam,"SYS$TIMEZONE_DIFFERENTIAL");
|
||||
char result[256];
|
||||
unsigned int reslen = 0;
|
||||
struct {
|
||||
short buflen;
|
||||
short code;
|
||||
void *bufaddr;
|
||||
unsigned int *reslen;
|
||||
} itemlist[] = {
|
||||
{ 0, LNM$_STRING, 0, 0 },
|
||||
{ 0, 0, 0, 0 },
|
||||
};
|
||||
int status;
|
||||
return(NULL);
|
||||
|
||||
/* Get the value for SYS$TIMEZONE_DIFFERENTIAL */
|
||||
itemlist[0].buflen = sizeof(result);
|
||||
itemlist[0].bufaddr = result;
|
||||
itemlist[0].reslen = &reslen;
|
||||
status = sys$trnlnm(0, &tabnam, &lognam, 0, itemlist);
|
||||
if (!(status & 1))
|
||||
return NULL;
|
||||
result[reslen] = '\0';
|
||||
|
||||
/* Get the numerical value of the equivalence string */
|
||||
status = atoi(result);
|
||||
|
||||
/* and use it to move time to GMT */
|
||||
t -= status;
|
||||
|
||||
/* then convert the result to the time structure */
|
||||
ts=(struct tm *)localtime(&t);
|
||||
}
|
||||
#endif
|
||||
p=(char *)s->data;
|
||||
if ((p == NULL) || (s->length < 14))
|
||||
{
|
||||
@ -270,9 +222,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
|
||||
int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
|
||||
{
|
||||
struct tm *tm;
|
||||
#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
|
||||
struct tm data;
|
||||
#endif
|
||||
int offset;
|
||||
int year;
|
||||
|
||||
@ -289,12 +239,7 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
|
||||
|
||||
t -= offset*60; /* FIXME: may overflow in extreme cases */
|
||||
|
||||
#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
|
||||
gmtime_r(&t, &data);
|
||||
tm = &data;
|
||||
#else
|
||||
tm = gmtime(&t);
|
||||
#endif
|
||||
tm = OPENSSL_gmtime(&t, &data);
|
||||
|
||||
#define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1
|
||||
year = g2(s->data);
|
||||
|
@ -60,33 +60,6 @@
|
||||
#include "cryptlib.h"
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
ASN1_UTF8STRING *ASN1_UTF8STRING_new(void)
|
||||
{ return M_ASN1_UTF8STRING_new();}
|
||||
|
||||
void ASN1_UTF8STRING_free(ASN1_UTF8STRING *x)
|
||||
{ M_ASN1_UTF8STRING_free(x);}
|
||||
|
||||
int i2d_ASN1_UTF8STRING(ASN1_UTF8STRING *a, unsigned char **pp)
|
||||
{
|
||||
return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
|
||||
V_ASN1_UTF8STRING,V_ASN1_UNIVERSAL));
|
||||
}
|
||||
|
||||
ASN1_UTF8STRING *d2i_ASN1_UTF8STRING(ASN1_UTF8STRING **a, unsigned char **pp,
|
||||
long length)
|
||||
{
|
||||
ASN1_UTF8STRING *ret=NULL;
|
||||
|
||||
ret=(ASN1_UTF8STRING *)d2i_ASN1_bytes((ASN1_STRING **)a,
|
||||
pp,length,V_ASN1_UTF8STRING,V_ASN1_UNIVERSAL);
|
||||
if (ret == NULL)
|
||||
{
|
||||
ASN1err(ASN1_F_D2I_ASN1_UTF8STRING,ERR_R_NESTED_ASN1_ERROR);
|
||||
return(NULL);
|
||||
}
|
||||
return(ret);
|
||||
}
|
||||
|
||||
|
||||
/* UTF8 utilities */
|
||||
|
||||
|
@ -71,6 +71,8 @@
|
||||
#include <openssl/buffer.h>
|
||||
#include <openssl/evp.h>
|
||||
|
||||
#ifndef NO_ASN1_OLD
|
||||
|
||||
int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
|
||||
char *data, EVP_PKEY *pkey)
|
||||
{
|
||||
@ -79,6 +81,7 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
|
||||
unsigned char *p,*buf_in=NULL;
|
||||
int ret= -1,i,inl;
|
||||
|
||||
EVP_MD_CTX_init(&ctx);
|
||||
i=OBJ_obj2nid(a->algorithm);
|
||||
type=EVP_get_digestbyname(OBJ_nid2sn(i));
|
||||
if (type == NULL)
|
||||
@ -97,10 +100,10 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
|
||||
p=buf_in;
|
||||
|
||||
i2d(data,&p);
|
||||
EVP_VerifyInit(&ctx,type);
|
||||
EVP_VerifyInit_ex(&ctx,type, NULL);
|
||||
EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
|
||||
|
||||
memset(buf_in,0,(unsigned int)inl);
|
||||
OPENSSL_cleanse(buf_in,(unsigned int)inl);
|
||||
OPENSSL_free(buf_in);
|
||||
|
||||
if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
|
||||
@ -115,5 +118,58 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
|
||||
/* memset(&ctx,0,sizeof(ctx)); */
|
||||
ret=1;
|
||||
err:
|
||||
EVP_MD_CTX_cleanup(&ctx);
|
||||
return(ret);
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature,
|
||||
void *asn, EVP_PKEY *pkey)
|
||||
{
|
||||
EVP_MD_CTX ctx;
|
||||
const EVP_MD *type;
|
||||
unsigned char *buf_in=NULL;
|
||||
int ret= -1,i,inl;
|
||||
|
||||
EVP_MD_CTX_init(&ctx);
|
||||
i=OBJ_obj2nid(a->algorithm);
|
||||
type=EVP_get_digestbyname(OBJ_nid2sn(i));
|
||||
if (type == NULL)
|
||||
{
|
||||
ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
|
||||
goto err;
|
||||
}
|
||||
|
||||
inl = ASN1_item_i2d(asn, &buf_in, it);
|
||||
|
||||
if (buf_in == NULL)
|
||||
{
|
||||
ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
|
||||
EVP_VerifyInit_ex(&ctx,type, NULL);
|
||||
EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
|
||||
|
||||
OPENSSL_cleanse(buf_in,(unsigned int)inl);
|
||||
OPENSSL_free(buf_in);
|
||||
|
||||
if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
|
||||
(unsigned int)signature->length,pkey) <= 0)
|
||||
{
|
||||
ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
|
||||
ret=0;
|
||||
goto err;
|
||||
}
|
||||
/* we don't need to zero the 'ctx' because we just checked
|
||||
* public information */
|
||||
/* memset(&ctx,0,sizeof(ctx)); */
|
||||
ret=1;
|
||||
err:
|
||||
EVP_MD_CTX_cleanup(&ctx);
|
||||
return(ret);
|
||||
}
|
||||
|
||||
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user