d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial import of OpenSSL 0.9.6

Browse Source
This commit is contained in:
Kris Kennaway 2000-11-13 01:03:58 +00:00
parent 07c567b8ec
commit ddd58736f0
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/vendor-crypto/openssl/dist/; revision=68651
598 changed files with 39182 additions and 11886 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

682
crypto/openssl/CHANGES
View File

@ -2,6 +2,678 @@
OpenSSL CHANGES
_______________
Changes between 0.9.5a and 0.9.6 [24 Sep 2000]
*) In ssl23_get_client_hello, generate an error message when faced
with an initial SSL 3.0/TLS record that is too small to contain the
first two bytes of the ClientHello message, i.e. client_version.
(Note that this is a pathologic case that probably has never happened
in real life.) The previous approach was to use the version number
from the record header as a substitute; but our protocol choice
should not depend on that one because it is not authenticated
by the Finished messages.
[Bodo Moeller]
*) More robust randomness gathering functions for Windows.
[Jeffrey Altman <jaltman@columbia.edu>]
*) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is
not set then we don't setup the error code for issuer check errors
to avoid possibly overwriting other errors which the callback does
handle. If an application does set the flag then we assume it knows
what it is doing and can handle the new informational codes
appropriately.
[Steve Henson]
*) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for
a general "ANY" type, as such it should be able to decode anything
including tagged types. However it didn't check the class so it would
wrongly interpret tagged types in the same way as their universal
counterpart and unknown types were just rejected. Changed so that the
tagged and unknown types are handled in the same way as a SEQUENCE:
that is the encoding is stored intact. There is also a new type
"V_ASN1_OTHER" which is used when the class is not universal, in this
case we have no idea what the actual type is so we just lump them all
together.
[Steve Henson]
*) On VMS, stdout may very well lead to a file that is written to
in a record-oriented fashion. That means that every write() will
write a separate record, which will be read separately by the
programs trying to read from it. This can be very confusing.
The solution is to put a BIO filter in the way that will buffer
text until a linefeed is reached, and then write everything a
line at a time, so every record written will be an actual line,
not chunks of lines and not (usually doesn't happen, but I've
seen it once) several lines in one record. BIO_f_linebuffer() is
the answer.
Currently, it's a VMS-only method, because that's where it has
been tested well enough.
[Richard Levitte]
*) Remove 'optimized' squaring variant in BN_mod_mul_montgomery,
it can return incorrect results.
(Note: The buggy variant was not enabled in OpenSSL 0.9.5a,
but it was in 0.9.6-beta[12].)
[Bodo Moeller]
*) Disable the check for content being present when verifying detached
signatures in pk7_smime.c. Some versions of Netscape (wrongly)
include zero length content when signing messages.
[Steve Henson]
*) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR
BIO_ctrl (for BIO pairs).
[Bodo Möller]
*) Add DSO method for VMS.
[Richard Levitte]
*) Bug fix: Montgomery multiplication could produce results with the
wrong sign.
[Ulf Möller]
*) Add RPM specification openssl.spec and modify it to build three
packages. The default package contains applications, application
documentation and run-time libraries. The devel package contains
include files, static libraries and function documentation. The
doc package contains the contents of the doc directory. The original
openssl.spec was provided by Damien Miller <djm@mindrot.org>.
[Richard Levitte]
*) Add a large number of documentation files for many SSL routines.
[Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>]
*) Add a configuration entry for Sony News 4.
[NAKAJI Hiroyuki <nakaji@tutrp.tut.ac.jp>]
*) Don't set the two most significant bits to one when generating a
random number < q in the DSA library.
[Ulf Möller]
*) New SSL API mode 'SSL_MODE_AUTO_RETRY'. This disables the default
behaviour that SSL_read may result in SSL_ERROR_WANT_READ (even if
the underlying transport is blocking) if a handshake took place.
(The default behaviour is needed by applications such as s_client
and s_server that use select() to determine when to use SSL_read;
but for applications that know in advance when to expect data, it
just makes things more complicated.)
[Bodo Moeller]
*) Add RAND_egd_bytes(), which gives control over the number of bytes read
from EGD.
[Ben Laurie]
*) Add a few more EBCDIC conditionals that make `req' and `x509'
work better on such systems.
[Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>]
*) Add two demo programs for PKCS12_parse() and PKCS12_create().
Update PKCS12_parse() so it copies the friendlyName and the
keyid to the certificates aux info.
[Steve Henson]
*) Fix bug in PKCS7_verify() which caused an infinite loop
if there was more than one signature.
[Sven Uszpelkat <su@celocom.de>]
*) Major change in util/mkdef.pl to include extra information
about each symbol, as well as presentig variables as well
as functions. This change means that there's n more need
to rebuild the .num files when some algorithms are excluded.
[Richard Levitte]
*) Allow the verify time to be set by an application,
rather than always using the current time.
[Steve Henson]
*) Phase 2 verify code reorganisation. The certificate
verify code now looks up an issuer certificate by a
number of criteria: subject name, authority key id
and key usage. It also verifies self signed certificates
by the same criteria. The main comparison function is
X509_check_issued() which performs these checks.
Lot of changes were necessary in order to support this
without completely rewriting the lookup code.
Authority and subject key identifier are now cached.
The LHASH 'certs' is X509_STORE has now been replaced
by a STACK_OF(X509_OBJECT). This is mainly because an
LHASH can't store or retrieve multiple objects with
the same hash value.
As a result various functions (which were all internal
use only) have changed to handle the new X509_STORE
structure. This will break anything that messed round
with X509_STORE internally.
The functions X509_STORE_add_cert() now checks for an
exact match, rather than just subject name.
The X509_STORE API doesn't directly support the retrieval
of multiple certificates matching a given criteria, however
this can be worked round by performing a lookup first
(which will fill the cache with candidate certificates)
and then examining the cache for matches. This is probably
the best we can do without throwing out X509_LOOKUP
entirely (maybe later...).
The X509_VERIFY_CTX structure has been enhanced considerably.
All certificate lookup operations now go via a get_issuer()
callback. Although this currently uses an X509_STORE it
can be replaced by custom lookups. This is a simple way
to bypass the X509_STORE hackery necessary to make this
work and makes it possible to use more efficient techniques
in future. A very simple version which uses a simple
STACK for its trusted certificate store is also provided
using X509_STORE_CTX_trusted_stack().
The verify_cb() and verify() callbacks now have equivalents
in the X509_STORE_CTX structure.
X509_STORE_CTX also has a 'flags' field which can be used
to customise the verify behaviour.
[Steve Henson]
*) Add new PKCS#7 signing option PKCS7_NOSMIMECAP which
excludes S/MIME capabilities.
[Steve Henson]
*) When a certificate request is read in keep a copy of the
original encoding of the signed data and use it when outputing
again. Signatures then use the original encoding rather than
a decoded, encoded version which may cause problems if the
request is improperly encoded.
[Steve Henson]
*) For consistency with other BIO_puts implementations, call
buffer_write(b, ...) directly in buffer_puts instead of calling
BIO_write(b, ...).
In BIO_puts, increment b->num_write as in BIO_write.
[Peter.Sylvester@EdelWeb.fr]
*) Fix BN_mul_word for the case where the word is 0. (We have to use
BN_zero, we may not return a BIGNUM with an array consisting of
words set to zero.)
[Bodo Moeller]
*) Avoid calling abort() from within the library when problems are
detected, except if preprocessor symbols have been defined
(such as REF_CHECK, BN_DEBUG etc.).
[Bodo Moeller]
*) New openssl application 'rsautl'. This utility can be
used for low level RSA operations. DER public key
BIO/fp routines also added.
[Steve Henson]
*) New Configure entry and patches for compiling on QNX 4.
[Andreas Schneider <andreas@ds3.etech.fh-hamburg.de>]
*) A demo state-machine implementation was sponsored by
Nuron (http://www.nuron.com/) and is now available in
demos/state_machine.
[Ben Laurie]
*) New options added to the 'dgst' utility for signature
generation and verification.
[Steve Henson]
*) Unrecognized PKCS#7 content types are now handled via a
catch all ASN1_TYPE structure. This allows unsupported
types to be stored as a "blob" and an application can
encode and decode it manually.
[Steve Henson]
*) Fix various signed/unsigned issues to make a_strex.c
compile under VC++.
[Oscar Jacobsson <oscar.jacobsson@celocom.com>]
*) ASN1 fixes. i2d_ASN1_OBJECT was not returning the correct
length if passed a buffer. ASN1_INTEGER_to_BN failed
if passed a NULL BN and its argument was negative.
[Steve Henson, pointed out by Sven Heiberg <sven@tartu.cyber.ee>]
*) Modification to PKCS#7 encoding routines to output definite
length encoding. Since currently the whole structures are in
memory there's not real point in using indefinite length
constructed encoding. However if OpenSSL is compiled with
the flag PKCS7_INDEFINITE_ENCODING the old form is used.
[Steve Henson]
*) Added BIO_vprintf() and BIO_vsnprintf().
[Richard Levitte]
*) Added more prefixes to parse for in the the strings written
through a logging bio, to cover all the levels that are available
through syslog. The prefixes are now:
PANIC, EMERG, EMR => LOG_EMERG
ALERT, ALR => LOG_ALERT
CRIT, CRI => LOG_CRIT
ERROR, ERR => LOG_ERR
WARNING, WARN, WAR => LOG_WARNING
NOTICE, NOTE, NOT => LOG_NOTICE
INFO, INF => LOG_INFO
DEBUG, DBG => LOG_DEBUG
and as before, if none of those prefixes are present at the
beginning of the string, LOG_ERR is chosen.
On Win32, the LOG_* levels are mapped according to this:
LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR => EVENTLOG_ERROR_TYPE
LOG_WARNING => EVENTLOG_WARNING_TYPE
LOG_NOTICE, LOG_INFO, LOG_DEBUG => EVENTLOG_INFORMATION_TYPE
[Richard Levitte]
*) Made it possible to reconfigure with just the configuration
argument "reconf" or "reconfigure". The command line arguments
are stored in Makefile.ssl in the variable CONFIGURE_ARGS,
and are retrieved from there when reconfiguring.
[Richard Levitte]
*) MD4 implemented.
[Assar Westerlund <assar@sics.se>, Richard Levitte]
*) Add the arguments -CAfile and -CApath to the pkcs12 utility.
[Richard Levitte]
*) The obj_dat.pl script was messing up the sorting of object
names. The reason was that it compared the quoted version
of strings as a result "OCSP" > "OCSP Signing" because
" > SPACE. Changed script to store unquoted versions of
names and add quotes on output. It was also omitting some
names from the lookup table if they were given a default
value (that is if SN is missing it is given the same
value as LN and vice versa), these are now added on the
grounds that if an object has a name we should be able to
look it up. Finally added warning output when duplicate
short or long names are found.
[Steve Henson]
*) Changes needed for Tandem NSK.
[Scott Uroff <scott@xypro.com>]
*) Fix SSL 2.0 rollback checking: Due to an off-by-one error in
RSA_padding_check_SSLv23(), special padding was never detected
and thus the SSL 3.0/TLS 1.0 countermeasure against protocol
version rollback attacks was not effective.
In s23_clnt.c, don't use special rollback-attack detection padding
(RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the
client; similarly, in s23_srvr.c, don't do the rollback check if
SSL 2.0 is the only protocol enabled in the server.
[Bodo Moeller]
*) Make it possible to get hexdumps of unprintable data with 'openssl
asn1parse'. By implication, the functions ASN1_parse_dump() and
BIO_dump_indent() are added.
[Richard Levitte]
*) New functions ASN1_STRING_print_ex() and X509_NAME_print_ex()
these print out strings and name structures based on various
flags including RFC2253 support and proper handling of
multibyte characters. Added options to the 'x509' utility
to allow the various flags to be set.
[Steve Henson]
*) Various fixes to use ASN1_TIME instead of ASN1_UTCTIME.
Also change the functions X509_cmp_current_time() and
X509_gmtime_adj() work with an ASN1_TIME structure,
this will enable certificates using GeneralizedTime in validity
dates to be checked.
[Steve Henson]
*) Make the NEG_PUBKEY_BUG code (which tolerates invalid
negative public key encodings) on by default,
NO_NEG_PUBKEY_BUG can be set to disable it.
[Steve Henson]
*) New function c2i_ASN1_OBJECT() which acts on ASN1_OBJECT
content octets. An i2c_ASN1_OBJECT is unnecessary because
the encoding can be trivially obtained from the structure.
[Steve Henson]
*) crypto/err.c locking bugfix: Use write locks (CRYPTO_w_[un]lock),
not read locks (CRYPTO_r_[un]lock).
[Bodo Moeller]
*) A first attempt at creating official support for shared
libraries through configuration. I've kept it so the
default is static libraries only, and the OpenSSL programs
are always statically linked for now, but there are
preparations for dynamic linking in place.
This has been tested on Linux and True64.
[Richard Levitte]
*) Randomness polling function for Win9x, as described in:
Peter Gutmann, Software Generation of Practically Strong
Random Numbers.
[Ulf Möller]
*) Fix so PRNG is seeded in req if using an already existing
DSA key.
[Steve Henson]
*) New options to smime application. -inform and -outform
allow alternative formats for the S/MIME message including
PEM and DER. The -content option allows the content to be
specified separately. This should allow things like Netscape
form signing output easier to verify.
[Steve Henson]
*) Fix the ASN1 encoding of tags using the 'long form'.
[Steve Henson]
*) New ASN1 functions, i2c_* and c2i_* for INTEGER and BIT
STRING types. These convert content octets to and from the
underlying type. The actual tag and length octets are
already assumed to have been read in and checked. These
are needed because all other string types have virtually
identical handling apart from the tag. By having versions
of the ASN1 functions that just operate on content octets
IMPLICIT tagging can be handled properly. It also allows
the ASN1_ENUMERATED code to be cut down because ASN1_ENUMERATED
and ASN1_INTEGER are identical apart from the tag.
[Steve Henson]
*) Change the handling of OID objects as follows:
- New object identifiers are inserted in objects.txt, following
the syntax given in objects.README.
- objects.pl is used to process obj_mac.num and create a new
obj_mac.h.
- obj_dat.pl is used to create a new obj_dat.h, using the data in
obj_mac.h.
This is currently kind of a hack, and the perl code in objects.pl
isn't very elegant, but it works as I intended. The simplest way
to check that it worked correctly is to look in obj_dat.h and
check the array nid_objs and make sure the objects haven't moved
around (this is important!). Additions are OK, as well as
consistent name changes.
[Richard Levitte]
*) Add BSD-style MD5-based passwords to 'openssl passwd' (option '-1').
[Bodo Moeller]
*) Addition of the command line parameter '-rand file' to 'openssl req'.
The given file adds to whatever has already been seeded into the
random pool through the RANDFILE configuration file option or
environment variable, or the default random state file.
[Richard Levitte]
*) mkstack.pl now sorts each macro group into lexical order.
Previously the output order depended on the order the files
appeared in the directory, resulting in needless rewriting
of safestack.h .
[Steve Henson]
*) Patches to make OpenSSL compile under Win32 again. Mostly
work arounds for the VC++ problem that it treats func() as
func(void). Also stripped out the parts of mkdef.pl that
added extra typesafe functions: these no longer exist.
[Steve Henson]
*) Reorganisation of the stack code. The macros are now all
collected in safestack.h . Each macro is defined in terms of
a "stack macro" of the form SKM_<name>(type, a, b). The
DEBUG_SAFESTACK is now handled in terms of function casts,
this has the advantage of retaining type safety without the
use of additional functions. If DEBUG_SAFESTACK is not defined
then the non typesafe macros are used instead. Also modified the
mkstack.pl script to handle the new form. Needs testing to see
if which (if any) compilers it chokes and maybe make DEBUG_SAFESTACK
the default if no major problems. Similar behaviour for ASN1_SET_OF
and PKCS12_STACK_OF.
[Steve Henson]
*) When some versions of IIS use the 'NET' form of private key the
key derivation algorithm is different. Normally MD5(password) is
used as a 128 bit RC4 key. In the modified case
MD5(MD5(password) + "SGCKEYSALT") is used insted. Added some
new functions i2d_RSA_NET(), d2i_RSA_NET() etc which are the same
as the old Netscape_RSA functions except they have an additional
'sgckey' parameter which uses the modified algorithm. Also added
an -sgckey command line option to the rsa utility. Thanks to
Adrian Peck <bertie@ncipher.com> for posting details of the modified
algorithm to openssl-dev.
[Steve Henson]
*) The evp_local.h macros were using 'c.##kname' which resulted in
invalid expansion on some systems (SCO 5.0.5 for example).
Corrected to 'c.kname'.
[Phillip Porch <root@theporch.com>]
*) New X509_get1_email() and X509_REQ_get1_email() functions that return
a STACK of email addresses from a certificate or request, these look
in the subject name and the subject alternative name extensions and
omit any duplicate addresses.
[Steve Henson]
*) Re-implement BN_mod_exp2_mont using independent (and larger) windows.
This makes DSA verification about 2 % faster.
[Bodo Moeller]
*) Increase maximum window size in BN_mod_exp_... to 6 bits instead of 5
(meaning that now 2^5 values will be precomputed, which is only 4 KB
plus overhead for 1024 bit moduli).
This makes exponentiations about 0.5 % faster for 1024 bit
exponents (as measured by "openssl speed rsa2048").
[Bodo Moeller]
*) Rename memory handling macros to avoid conflicts with other
software:
Malloc => OPENSSL_malloc
Malloc_locked => OPENSSL_malloc_locked
Realloc => OPENSSL_realloc
Free => OPENSSL_free
[Richard Levitte]
*) New function BN_mod_exp_mont_word for small bases (roughly 15%
faster than BN_mod_exp_mont, i.e. 7% for a full DH exchange).
[Bodo Moeller]
*) CygWin32 support.
[John Jarvie <jjarvie@newsguy.com>]
*) The type-safe stack code has been rejigged. It is now only compiled
in when OpenSSL is configured with the DEBUG_SAFESTACK option and
by default all type-specific stack functions are "#define"d back to
standard stack functions. This results in more streamlined output
but retains the type-safety checking possibilities of the original
approach.
[Geoff Thorpe]
*) The STACK code has been cleaned up, and certain type declarations
that didn't make a lot of sense have been brought in line. This has
also involved a cleanup of sorts in safestack.h to more correctly
map type-safe stack functions onto their plain stack counterparts.
This work has also resulted in a variety of "const"ifications of
lots of the code, especially "_cmp" operations which should normally
be prototyped with "const" parameters anyway.
[Geoff Thorpe]
*) When generating bytes for the first time in md_rand.c, 'stir the pool'
by seeding with STATE_SIZE dummy bytes (with zero entropy count).
(The PRNG state consists of two parts, the large pool 'state' and 'md',
where all of 'md' is used each time the PRNG is used, but 'state'
is used only indexed by a cyclic counter. As entropy may not be
well distributed from the beginning, 'md' is important as a
chaining variable. However, the output function chains only half
of 'md', i.e. 80 bits. ssleay_rand_add, on the other hand, chains
all of 'md', and seeding with STATE_SIZE dummy bytes will result
in all of 'state' being rewritten, with the new values depending
on virtually all of 'md'. This overcomes the 80 bit limitation.)
[Bodo Moeller]
*) In ssl/s2_clnt.c and ssl/s3_clnt.c, call ERR_clear_error() when
the handshake is continued after ssl_verify_cert_chain();
otherwise, if SSL_VERIFY_NONE is set, remaining error codes
can lead to 'unexplainable' connection aborts later.
[Bodo Moeller; problem tracked down by Lutz Jaenicke]
*) Major EVP API cipher revision.
Add hooks for extra EVP features. This allows various cipher
parameters to be set in the EVP interface. Support added for variable
key length ciphers via the EVP_CIPHER_CTX_set_key_length() function and
setting of RC2 and RC5 parameters.
Modify EVP_OpenInit() and EVP_SealInit() to cope with variable key length
ciphers.
Remove lots of duplicated code from the EVP library. For example *every*
cipher init() function handles the 'iv' in the same way according to the
cipher mode. They also all do nothing if the 'key' parameter is NULL and
for CFB and OFB modes they zero ctx->num.
New functionality allows removal of S/MIME code RC2 hack.
Most of the routines have the same form and so can be declared in terms
of macros.
By shifting this to the top level EVP_CipherInit() it can be removed from
all individual ciphers. If the cipher wants to handle IVs or keys
differently it can set the EVP_CIPH_CUSTOM_IV or EVP_CIPH_ALWAYS_CALL_INIT
flags.
Change lots of functions like EVP_EncryptUpdate() to now return a
value: although software versions of the algorithms cannot fail
any installed hardware versions can.
[Steve Henson]
*) Implement SSL_OP_TLS_ROLLBACK_BUG: In ssl3_get_client_key_exchange, if
this option is set, tolerate broken clients that send the negotiated
protocol version number instead of the requested protocol version
number.
[Bodo Moeller]
*) Call dh_tmp_cb (set by ..._TMP_DH_CB) with correct 'is_export' flag;
i.e. non-zero for export ciphersuites, zero otherwise.
Previous versions had this flag inverted, inconsistent with
rsa_tmp_cb (..._TMP_RSA_CB).
[Bodo Moeller; problem reported by Amit Chopra]
*) Add missing DSA library text string. Work around for some IIS
key files with invalid SEQUENCE encoding.
[Steve Henson]
*) Add a document (doc/standards.txt) that list all kinds of standards
and so on that are implemented in OpenSSL.
[Richard Levitte]
*) Enhance c_rehash script. Old version would mishandle certificates
with the same subject name hash and wouldn't handle CRLs at all.
Added -fingerprint option to crl utility, to support new c_rehash
features.
[Steve Henson]
*) Eliminate non-ANSI declarations in crypto.h and stack.h.
[Ulf Möller]
*) Fix for SSL server purpose checking. Server checking was
rejecting certificates which had extended key usage present
but no ssl client purpose.
[Steve Henson, reported by Rene Grosser <grosser@hisolutions.com>]
*) Make PKCS#12 code work with no password. The PKCS#12 spec
is a little unclear about how a blank password is handled.
Since the password in encoded as a BMPString with terminating
double NULL a zero length password would end up as just the
double NULL. However no password at all is different and is
handled differently in the PKCS#12 key generation code. NS
treats a blank password as zero length. MSIE treats it as no
password on export: but it will try both on import. We now do
the same: PKCS12_parse() tries zero length and no password if
the password is set to "" or NULL (NULL is now a valid password:
it wasn't before) as does the pkcs12 application.
[Steve Henson]
*) Bugfixes in apps/x509.c: Avoid a memory leak; and don't use
perror when PEM_read_bio_X509_REQ fails, the error message must
be obtained from the error queue.
[Bodo Moeller]
*) Avoid 'thread_hash' memory leak in crypto/err/err.c by freeing
it in ERR_remove_state if appropriate, and change ERR_get_state
accordingly to avoid race conditions (this is necessary because
thread_hash is no longer constant once set).
[Bodo Moeller]
*) Bugfix for linux-elf makefile.one.
[Ulf Möller]
*) RSA_get_default_method() will now cause a default
RSA_METHOD to be chosen if one doesn't exist already.
Previously this was only set during a call to RSA_new()
or RSA_new_method(NULL) meaning it was possible for
RSA_get_default_method() to return NULL.
[Geoff Thorpe]
*) Added native name translation to the existing DSO code
that will convert (if the flag to do so is set) filenames
that are sufficiently small and have no path information
into a canonical native form. Eg. "blah" converted to
"libblah.so" or "blah.dll" etc.
[Geoff Thorpe]
*) New function ERR_error_string_n(e, buf, len) which is like
ERR_error_string(e, buf), but writes at most 'len' bytes
including the 0 terminator. For ERR_error_string_n, 'buf'
may not be NULL.
[Damien Miller <djm@mindrot.org>, Bodo Moeller]
*) CONF library reworked to become more general. A new CONF
configuration file reader "class" is implemented as well as a
new functions (NCONF_*, for "New CONF") to handle it. The now
old CONF_* functions are still there, but are reimplemented to
work in terms of the new functions. Also, a set of functions
to handle the internal storage of the configuration data is
provided to make it easier to write new configuration file
reader "classes" (I can definitely see something reading a
configuration file in XML format, for example), called _CONF_*,
or "the configuration storage API"...
The new configuration file reading functions are:
NCONF_new, NCONF_free, NCONF_load, NCONF_load_fp, NCONF_load_bio,
NCONF_get_section, NCONF_get_string, NCONF_get_numbre
NCONF_default, NCONF_WIN32
NCONF_dump_fp, NCONF_dump_bio
NCONF_default and NCONF_WIN32 are method (or "class") choosers,
NCONF_new creates a new CONF object. This works in the same way
as other interfaces in OpenSSL, like the BIO interface.
NCONF_dump_* dump the internal storage of the configuration file,
which is useful for debugging. All other functions take the same
arguments as the old CONF_* functions wth the exception of the
first that must be a `CONF *' instead of a `LHASH *'.
To make it easer to use the new classes with the old CONF_* functions,
the function CONF_set_default_method is provided.
[Richard Levitte]
*) Add '-tls1' option to 'openssl ciphers', which was already
mentioned in the documentation but had not been implemented.
(This option is not yet really useful because even the additional
experimental TLS 1.0 ciphers are currently treated as SSL 3.0 ciphers.)
[Bodo Moeller]
*) Initial DSO code added into libcrypto for letting OpenSSL (and
OpenSSL-based applications) load shared libraries and bind to
them in a portable way.
[Geoff Thorpe, with contributions from Richard Levitte]
Changes between 0.9.5 and 0.9.5a [1 Apr 2000]
*) Make sure _lrotl and _lrotr are only used with MSVC.
@ -643,11 +1315,11 @@
With these changes, a new set of functions and macros have appeared:
CRYPTO_set_mem_debug_functions() [F]
CRYPTO_get_mem_debug_functions() [F]
CRYPTO_dbg_set_options() [F]
CRYPTO_dbg_get_options() [F]
CRYPTO_malloc_debug_init() [M]
CRYPTO_set_mem_debug_functions() [F]
CRYPTO_get_mem_debug_functions() [F]
CRYPTO_dbg_set_options() [F]
CRYPTO_dbg_get_options() [F]
CRYPTO_malloc_debug_init() [M]
The memory debug functions are NULL by default, unless the library
is compiled with CRYPTO_MDEBUG or friends is defined. If someone

441
crypto/openssl/Configure
View File

@ -10,7 +10,7 @@ use strict;
# see INSTALL for instructions.
my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [rsaref] [no-threads] [no-asm] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n";
my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n";
# Options:
#
@ -27,11 +27,17 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-
# [no-]threads [don't] try to create a library that is suitable for
# multithreaded applications (default is "threads" if we
# know how to do it)
# [no-]shared [don't] try to create shared libraries when supported.
# no-asm do not use assembler
# no-dso do not compile in any native shared-library methods. This
# will ensure that all methods just return NULL.
# 386 generate 80386 code
# no-<cipher> build without specified algorithm (rsa, idea, rc5, ...)
# -<xxx> +<xxx> compiler options are passed through
#
#
# DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items
# provided to stack calls. Generates unique stack functions for
# each possible stack type.
# DES_PTR use pointer lookup vs arrays in the DES in crypto/des/des_locl.h
# DES_RISC1 use different DES_ENCRYPT macro that helps reduce register
# dependancies but needs to more registers, good for RISC CPU's
@ -86,9 +92,13 @@ my $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:as
# -DB_ENDIAN slows things down on a sparc for md5, but helps sha1.
# So the md5_locl.h file has an undef B_ENDIAN if sun is defined
#config-string $cc : $cflags : $unistd : $thread_cflag : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj
#config-string $cc : $cflags : $unistd : $thread_cflag : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag
my %table=(
# File 'TABLE' (created by 'make TABLE') contains the data from this list,
# formatted for better readability.
#"b", "${tcc}:${tflags}::${tlib}:${bits1}:${tbn_mul}::",
#"bl-4c-2c", "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:${tbn_mul}::",
#"bl-4c-ri", "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:${tbn_mul}::",
@ -96,15 +106,15 @@ my %table=(
# Our development configs
"purify", "purify gcc:-g -DPURIFY -Wall::(unknown):-lsocket -lnsl::::",
"debug", "gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown):-lefence::::",
"debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
"debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown):::::",
"debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown):-lefence::::",
"debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
"debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown):::::",
"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-bodo", "gcc:-DBIO_PAIR_DEBUG -DL_ENDIAN -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:::",
"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn",
"dist", "cc:-O::(unknown):::::",
# Basic configs that should work on any (32 and less bit) box
@ -117,32 +127,32 @@ my %table=(
# surrounds it with #APP #NO_APP comment pair which (at least Solaris
# 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
# error message.
"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}",
"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:solaris-shared:-fPIC",
#### SPARC Solaris with GNU C setups
"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o::",
"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:",
"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC",
"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC",
"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC",
# gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8
# but keep the assembler modules.
"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o:",
"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC",
####
"debug-solaris-sparcv8-gcc","gcc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o::",
"debug-solaris-sparcv9-gcc","gcc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o::",
"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC",
"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:solaris-shared:-fPIC",
#### SPARC Solaris with Sun C setups
# DO NOT use /xO[34] on sparc with SC3.0. It is broken, and will not pass the tests
"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:::",
"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC",
# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
# SC5.0 note: Compiler common patch 107357-01 or later is required!
"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::",
"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o::",
"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:",
"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:",
"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC",
"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC",
"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC",
"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC",
####
"debug-solaris-sparcv8-cc","cc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o::",
"debug-solaris-sparcv9-cc","cc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:",
"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC",
"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC",
#### SPARC Linux setups
"linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
@ -168,11 +178,11 @@ my %table=(
# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
# './Configure irix-[g]cc' manually.
# -mips4 flag is added by ./config when appropriate.
"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::(unknown)::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::(unknown)::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
# N64 ABI builds.
"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::(unknown)::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::",
"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::(unknown)::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::",
"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::",
"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::",
#### Unified HP-UX ANSI C configs.
# Special notes:
@ -202,34 +212,43 @@ my %table=(
# crypto/sha/sha_lcl.h.
# <appro@fy.chalmers.se>
#
"hpux-parisc-cc","cc:-Ae +O3 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
#!#"hpux-parisc-cc","cc:-Ae +O3 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
# Since there is mention of this in shlib/hpux10-cc.sh
"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:::",
"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn",
# More attempts at unified 10.X and 11.X targets for HP C compiler.
#
# Chris Ruemmler <ruemmler@cup.hp.com>
# Kevin Steves <ks@hp.se>
"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl",
"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl",
"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn",
"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl",
# HPUX 9.X config.
# Don't use the bundled cc. It is broken. Use HP ANSI C if possible, or
# egcs. gcc 2.8.1 is also broken.
"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown)::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
# If hpux-cc fails (e.g. during "make test"), try the next one; otherwise,
# please report your OS and compiler version to the openssl-bugs@openssl.org
# mailing list.
"hpux-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown)::DES_PTR DES_UNROLL DES_RISC1:::",
"hpux-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
# If hpux-gcc fails, try this one:
"hpux-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::DES_PTR DES_UNROLL DES_RISC1:::",
"hpux-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
# HPUX 10.X config. Supports threads.
"hpux10-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
"hpux10-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
# If hpux10-cc fails, try this one (if still fails, try deleting BN_LLONG):
"hpux10-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
"hpux10-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
"hpux10-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
"hpux10-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
# If hpux10-gcc fails, try this one:
"hpux10-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::DES_PTR DES_UNROLL DES_RISC1:::",
"hpux10-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
# HPUX 11.X from www.globus.org.
# Only works on PA-RISC 2.0 cpus, and not optimized. Why?
@ -237,13 +256,16 @@ my %table=(
#"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::",
# Use unified settings above instead.
#### HP MPE/iX http://jazz.external.hp.com/src/openssl/
"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -DMPE -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
# Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with
# the new compiler
# For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:asm/alpha.o::",
"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o::",
"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o::",
"FreeBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2:::",
"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:asm/alpha.o:::::::::dlfcn:true64-shared",
"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:true64-shared",
"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:true64-shared",
"FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2:::",
#### Alpha Linux with GNU C and Compaq C setups
# Special notes:
@ -258,21 +280,23 @@ my %table=(
#
# <appro@fy.chalmers.se>
#
"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::",
"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::",
"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::",
"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::",
"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::",
"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::",
"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::",
"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::",
# assembler versions -- currently defunct:
##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:asm/alpha.o::",
# The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
# bn86-elf.o file file since it is hand tweaked assembler.
"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-linux-elf","gcc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",
"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
"linux-mips", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
"linux-m68k", "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::SIXTY_FOUR_BIT_LONG::",
"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
"NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
@ -286,6 +310,12 @@ my %table=(
# NCR MP-RAS UNIX ver 02.03.01
"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown):-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",
# QNX 4
"qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown)::${x86_gcc_des} ${x86_gcc_opts}:",
# Linux on ARM
"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC",
# UnixWare 2.0
"unixware-2.0","cc:-O -DFILIO_H::(unknown):-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",
"unixware-2.0-pentium","cc:-O -DFILIO_H -Kpentium -Kthread::(unknown):-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
@ -294,7 +324,7 @@ my %table=(
"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
# IBM's AIX.
"aix-cc", "cc:-O -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::",
"aix-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR:::",
"aix-gcc", "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::",
#
@ -341,22 +371,24 @@ my %table=(
# Windows NT, Microsoft Visual C++ 4.0
"VC-NT","cl:::::BN_LLONG RC4_INDEX ${x86_gcc_opts}:::",
"VC-WIN32","cl:::::BN_LLONG RC4_INDEX ${x86_gcc_opts}:::",
"VC-NT","cl:::::BN_LLONG RC4_INDEX ${x86_gcc_opts}::::::::::win32",
"VC-WIN32","cl:::::BN_LLONG RC4_INDEX ${x86_gcc_opts}::::::::::win32",
"VC-WIN16","cl:::(unknown)::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
"VC-W31-16","cl:::(unknown)::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
"VC-W31-32","cl:::::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
"VC-MSDOS","cl:::(unknown)::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
# Borland C++ 4.5
"BC-32","bcc32:::::BN_LLONG DES_PTR RC4_INDEX:::",
"BC-32","bcc32:::::BN_LLONG DES_PTR RC4_INDEX::::::::::win32",
"BC-16","bcc:::(unknown)::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",
# CygWin32
# Mingw32
# (Note: the real CFLAGS for Windows builds are defined by util/mk1mf.pl
# and its library files in util/pl/*)
"CygWin32", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:",
"Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:",
"Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
# CygWin32
"CygWin32", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
# Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
"ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::::::",
@ -366,24 +398,29 @@ my %table=(
# Some OpenBSD from Bob Beck <beck@obtuse.com>
"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:::",
"OpenBSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
"OpenBSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn",
"OpenBSD", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL:::",
"OpenBSD-mips","gcc:-O2 -DL_ENDIAN::(unknown):BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::",
##### MacOS X (a.k.a. Rhapsody) setup
"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
##### Sony NEWS-OS 4.x
"newsos4-gcc","gcc:-O -DB_ENDIAN -DNEWS4::(unknown):-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",
);
my @WinTargets=qw(VC-NT VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS BC-32
BC-16 CygWin32 Mingw32);
BC-16 Mingw32);
my $prefix="";
my $openssldir="";
my $install_prefix="";
my $no_threads=0;
my $no_shared=1;
my $threads=0;
my $no_asm=0;
my $no_dso=0;
my @skip=();
my $Makefile="Makefile.ssl";
my $des_locl="crypto/des/des_locl.h";
@ -414,95 +451,149 @@ $perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
&usage if ($#ARGV < 0);
my $flags="";
my $depflags="";
my $openssl_algorithm_defines="";
my $openssl_thread_defines="";
my $openssl_other_defines="";
my $libs="";
my $target="";
my $options="";
foreach (@ARGV)
my $flags;
my $depflags;
my $openssl_algorithm_defines;
my $openssl_thread_defines;
my $openssl_other_defines;
my $libs;
my $target;
my $options;
my $symlink;
my @argvcopy=@ARGV;
my $argvstring="";
my $argv_unprocessed=1;
while($argv_unprocessed)
{
s /^-no-/no-/; # some people just can't read the instructions
if (/^no-asm$/)
{
$no_asm=1;
$flags .= "-DNO_ASM ";
$openssl_other_defines .= "#define NO_ASM\n";
}
elsif (/^no-threads$/)
{ $no_threads=1; }
elsif (/^threads$/)
{ $threads=1; }
elsif (/^no-(.+)$/)
$flags="";
$depflags="";
$openssl_algorithm_defines="";
$openssl_thread_defines="";
$openssl_other_defines="";
$libs="";
$target="";
$options="";
$symlink=1;
$argv_unprocessed=0;
$argvstring=join(' ',@argvcopy);
PROCESS_ARGS:
foreach (@argvcopy)
{
my $algo=$1;
push @skip,$algo;
$algo =~ tr/[a-z]/[A-Z]/;
$flags .= "-DNO_$algo ";
$depflags .= "-DNO_$algo ";
$openssl_algorithm_defines .= "#define NO_$algo\n";
if ($algo eq "DES")
{
push @skip, "mdc2";
$options .= " no-mdc2";
$flags .= "-DNO_MDC2 ";
$depflags .= "-DNO_MDC2 ";
$openssl_algorithm_defines .= "#define NO_MDC2\n";
s /^-no-/no-/; # some people just can't read the instructions
if (/^no-asm$/)
{
$no_asm=1;
$flags .= "-DNO_ASM ";
$openssl_other_defines .= "#define NO_ASM\n";
}
}
elsif (/^386$/)
{ $processor=386; }
elsif (/^rsaref$/)
{
$libs.= "-lRSAglue -lrsaref ";
$flags.= "-DRSAref ";
$openssl_other_defines .= "#define RSAref\n";
}
elsif (/^[-+]/)
{
if (/^-[lL](.*)$/)
elsif (/^no-dso$/)
{ $no_dso=1; }
elsif (/^no-threads$/)
{ $no_threads=1; }
elsif (/^threads$/)
{ $threads=1; }
elsif (/^no-shared$/)
{ $no_shared=1; }
elsif (/^shared$/)
{ $no_shared=0; }
elsif (/^no-symlinks$/)
{ $symlink=0; }
elsif (/^no-(.+)$/)
{
$libs.=$_." ";
my $algo=$1;
push @skip,$algo;
$algo =~ tr/[a-z]/[A-Z]/;
$flags .= "-DNO_$algo ";
$depflags .= "-DNO_$algo ";
$openssl_algorithm_defines .= "#define NO_$algo\n";
if ($algo eq "DES")
{
push @skip, "mdc2";
$options .= " no-mdc2";
$flags .= "-DNO_MDC2 ";
$depflags .= "-DNO_MDC2 ";
$openssl_algorithm_defines .= "#define NO_MDC2\n";
}
}
elsif (/^-[^-]/ or /^\+/)
elsif (/^reconfigure/ || /^reconf/)
{
$flags.=$_." ";
if (open(IN,"<$Makefile"))
{
while (<IN>)
{
chop;
if (/^CONFIGURE_ARGS=(.*)/)
{
$argvstring=$1;
@argvcopy=split(' ',$argvstring);
die "Incorrect data to reconfigure, please do a normal configuration\n"
if (grep(/^reconf/,@argvcopy));
print "Reconfiguring with: $argvstring\n";
$argv_unprocessed=1;
close(IN);
last PROCESS_ARGS;
}
}
close(IN);
}
die "Insufficient data to reconfigure, please do a normal configuration\n";
}
elsif (/^--prefix=(.*)$/)
elsif (/^386$/)
{ $processor=386; }
elsif (/^rsaref$/)
{
$prefix=$1;
$libs.= "-lRSAglue -lrsaref ";
$flags.= "-DRSAref ";
$openssl_other_defines .= "#define RSAref\n";
}
elsif (/^--openssldir=(.*)$/)
elsif (/^[-+]/)
{
$openssldir=$1;
if (/^-[lL](.*)$/)
{
$libs.=$_." ";
}
elsif (/^-[^-]/ or /^\+/)
{
$flags.=$_." ";
}
elsif (/^--prefix=(.*)$/)
{
$prefix=$1;
}
elsif (/^--openssldir=(.*)$/)
{
$openssldir=$1;
}
elsif (/^--install.prefix=(.*)$/)
{
$install_prefix=$1;
}
else
{
print STDERR $usage;
exit(1);
}
}
elsif (/^--install.prefix=(.*)$/)
elsif ($_ =~ /^([^:]+):(.+)$/)
{
$install_prefix=$1;
eval "\$table{\$1} = \"$2\""; # allow $xxx constructs in the string
$target=$1;
}
else
{
print STDERR $usage;
exit(1);
die "target already defined - $target\n" if ($target ne "");
$target=$_;
}
unless ($_ eq $target) {
if ($options eq "") {
$options = $_;
} else {
$options .= " ".$_;
}
}
elsif ($_ =~ /^([^:]+):(.+)$/)
{
eval "\$table{\$1} = \"$2\""; # allow $xxx constructs in the string
$target=$1;
}
else
{
die "target already defined - $target\n" if ($target ne "");
$target=$_;
}
unless ($_ eq $target) {
if ($options eq "") {
$options = $_;
} else {
$options .= " ".$_;
}
}
}
@ -522,6 +613,8 @@ if ($target eq "LIST") {
exit 0;
}
print "Configuring for $target\n";
&usage if (!defined($table{$target}));
my $IsWindows=scalar grep /^$target$/,@WinTargets;
@ -539,10 +632,39 @@ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /^\//;
print "IsWindows=$IsWindows\n";
(my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
$md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj)=
split(/\s*:\s*/,$table{$target} . ":" x 20 , -1);
$md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag)=
split(/\s*:\s*/,$table{$target} . ":" x 22 , -1);
$cflags="$flags$cflags" if ($flags ne "");
# The DSO code currently always implements all functions so that no
# applications will have to worry about that from a compilation point
# of view. However, the "method"s may return zero unless that platform
# has support compiled in for them. Currently each method is enabled
# by a define "DSO_<name>" ... we translate the "dso_scheme" config
# string entry into using the following logic;
my $dso_cflags;
if (!$no_dso && $dso_scheme ne "")
{
$dso_scheme =~ tr/[a-z]/[A-Z]/;
if ($dso_scheme eq "DLFCN")
{
$dso_cflags = "-DDSO_DLFCN -DHAVE_DLFCN_H";
$openssl_other_defines .= "#define DSO_DLFCN\n";
$openssl_other_defines .= "#define HAVE_DLFCN_H\n";
}
elsif ($dso_scheme eq "DLFCN_NO_H")
{
$dso_cflags = "-DDSO_DLFCN";
$openssl_other_defines .= "#define DSO_DLFCN\n";
}
else
{
$dso_cflags = "-DDSO_$dso_scheme";
$openssl_other_defines .= "#define DSO_$dso_scheme\n";
}
$cflags = "$dso_cflags $cflags";
}
my $thread_cflags;
my $thread_defines;
if ($thread_cflag ne "(unknown)" && !$no_threads)
@ -585,6 +707,19 @@ if ($threads)
$openssl_thread_defines .= $thread_defines;
}
# You will find shlib_mark1 and shlib_mark2 explained in Makefile.org
my $shared_mark1 = "";
my $shared_mark2 = "";
if ($shared_cflag ne "")
{
$cflags = "$shared_cflag $cflags";
if (!$no_shared)
{
$shared_mark1 = ".shlib-clean.";
$shared_mark2 = ".shlib.";
}
}
#my ($bn1)=split(/\s+/,$bn_obj);
#$bn1 = "" unless defined $bn1;
#$bn1=$bn_asm unless ($bn1 =~ /\.o$/);
@ -616,13 +751,20 @@ if ($rmd160_obj =~ /\.o$/)
my $version = "unknown";
my $major = "unknown";
my $minor = "unknown";
my $shlib_version_number = "unknown";
my $shlib_version_history = "unknown";
my $shlib_major = "unknown";
my $shlib_minor = "unknown";
open(IN,'<crypto/opensslv.h') || die "unable to read opensslv.h:$!\n";
while (<IN>)
{
$version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /;
$shlib_version_number=$1 if /SHLIB_VERSION_NUMBER *"([^"]+)"/;
$shlib_version_history=$1 if /SHLIB_VERSION_HISTORY *"([^"]*)"/;
}
close(IN);
if ($shlib_version_history ne "") { $shlib_version_history .= ":"; }
if ($version =~ /(^[0-9]*)\.([0-9\.]*)/)
{
@ -630,6 +772,12 @@ if ($version =~ /(^[0-9]*)\.([0-9\.]*)/)
$minor=$2;
}
if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
{
$shlib_major=$1;
$shlib_minor=$2;
}
open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
open(OUT,">$Makefile") || die "unable to create $Makefile:$!\n";
print OUT "### Generated automatically from Makefile.org by Configure.\n\n";
@ -648,11 +796,16 @@ while (<IN>)
s/^VERSION=.*/VERSION=$version/;
s/^MAJOR=.*/MAJOR=$major/;
s/^MINOR=.*/MINOR=$minor/;
s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/;
s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;
s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;
s/^SHLIB_MINOR=.*/SHLIB_MINOR=$shlib_minor/;
s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/;
s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/;
s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/;
s/^PLATFORM=.*$/PLATFORM=$target/;
s/^OPTIONS=.*$/OPTIONS=$options/;
s/^CONFIGURE_ARGS=.*$/CONFIGURE_ARGS=$argvstring/;
s/^CC=.*$/CC= $cc/;
s/^CFLAG=.*$/CFLAG= $cflags/;
s/^DEPFLAG=.*$/DEPFLAG= $depflags/;
@ -669,6 +822,10 @@ while (<IN>)
s/^PROCESSOR=.*/PROCESSOR= $processor/;
s/^RANLIB=.*/RANLIB= $ranlib/;
s/^PERL=.*/PERL= $perl/;
s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
s/^SHLIB_MARK1=.*/SHLIB_MARK1=$shared_mark1/;
s/^SHLIB_MARK2=.*/SHLIB_MARK2=$shared_mark2/;
s/^LIBS=.*/LIBS=libcrypto\.so\* libssl\.so\*/ if (!$no_shared);
print OUT $_."\n";
}
close(IN);
@ -851,16 +1008,18 @@ if($IsWindows) {
EOF
close(OUT);
} else {
(system "make -f Makefile.ssl PERL=\'$perl\' links") == 0 or exit $?;
(system "make -f Makefile.ssl PERL=\'$perl\' links") == 0 or exit $?
if $symlink;
### (system 'make depend') == 0 or exit $? if $depflags ne "";
# Run "make depend" manually if you want to be able to delete
# the source code files of ciphers you left out.
&dofile("tools/c_rehash",$openssldir,'^DIR=', 'DIR=%s',);
if ( $perl =~ m@^/@) {
&dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
&dofile("apps/der_chop",$perl,'^#!/', '#!%s');
&dofile("apps/CA.pl",$perl,'^#!/', '#!%s');
} else {
# No path for Perl known ...
&dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
&dofile("apps/der_chop",'/usr/local/bin/perl','^#!/', '#!%s');
&dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
}
@ -952,8 +1111,9 @@ sub print_table_entry
(my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,
my $bn_obj,my $des_obj,my $bf_obj,
$md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj)=
split(/\s*:\s*/,$table{$target} . ":" x 20 , -1);
my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj,
my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag)=
split(/\s*:\s*/,$table{$target} . ":" x 22 , -1);
print <<EOF
@ -973,5 +1133,8 @@ sub print_table_entry
\$rc4_obj = $rc4_obj
\$rmd160_obj = $rmd160_obj
\$rc5_obj = $rc5_obj
\$dso_scheme = $dso_scheme
\$shared_target= $shared_target
\$shared_cflag = $shared_cflag
EOF
}

175
crypto/openssl/FAQ
View File

@ -10,21 +10,29 @@ OpenSSL - Frequently Asked Questions
* Why does the linker complain about undefined symbols?
* Where can I get a compiled version of OpenSSL?
* I've compiled a program under Windows and it crashes: why?
* How do I read or write a DER encoded buffer using the ASN1 functions?
* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
* I've called <some function> and it fails, why?
* I just get a load of numbers for the error output, what do they mean?
* Why do I get errors about unknown algorithms?
* How do I create certificates or certificate requests?
* Why can't I create certificate requests?
* Why does <SSL program> fail with a certificate verify error?
* Why can I only use weak ciphers when I connect to a server using OpenSSL?
* How can I create DSA certificates?
* Why can't I make an SSL connection using a DSA certificate?
* How can I remove the passphrase on a private key?
* Why can't the OpenSSH configure script detect OpenSSL?
* Why does the OpenSSL test fail with "bc: command not found"?
* Why does the OpenSSL test fail with "bc: 1 no implemented"?
* Why does the OpenSSL compilation fail on Alpha True64 Unix?
* Why does the OpenSSL compilation fail with "ar: command not found"?
* Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>.
OpenSSL 0.9.5a was released on April 1st, 2000.
OpenSSL 0.9.6 was released on September 24th, 2000.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:
@ -80,12 +88,6 @@ offer legal advice.
You can configure OpenSSL so as not to use RC5 and IDEA by using
./config no-rc5 no-idea
Until the RSA patent expires, U.S. users may want to use
./config no-rc5 no-idea no-rsa
Please note that you will *not* be able to communicate with most of
the popular web browsers without RSA support.
* Is OpenSSL thread-safe?
@ -128,6 +130,13 @@ the "PRNG not seeded" error message may occur.
when trying to password-encrypt an RSA key! This is a bug in the
library; try a later version instead.]
For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested
installing the SUNski package from Sun patch 105710-01 (Sparc) which
adds a /dev/random device and make sure it gets used, usually through
$RANDFILE. There are probably similar patches for the other Solaris
versions. However, be warned that /dev/random is usually a blocking
device, which may have some effects on OpenSSL.
* Why does the linker complain about undefined symbols?
@ -174,12 +183,63 @@ otherwise the conflict will cause a program to crash: typically on the
first BIO related read or write operation.
* How do I read or write a DER encoded buffer using the ASN1 functions?
You have two options. You can either use a memory BIO in conjunction
with the i2d_XXX_bio() or d2i_XXX_bio() functions or you can use the
i2d_XXX(), d2i_XXX() functions directly. Since these are often the
cause of grief here are some code fragments using PKCS7 as an example:
unsigned char *buf, *p;
int len;
len = i2d_PKCS7(p7, NULL);
buf = OPENSSL_malloc(len); /* or Malloc, error checking omitted */
p = buf;
i2d_PKCS7(p7, &p);
At this point buf contains the len bytes of the DER encoding of
p7.
The opposite assumes we already have len bytes in buf:
unsigned char *p;
p = buf;
p7 = d2i_PKCS7(NULL, &p, len);
At this point p7 contains a valid PKCS7 structure of NULL if an error
occurred. If an error occurred ERR_print_errors(bio) should give more
information.
The reason for the temporary variable 'p' is that the ASN1 functions
increment the passed pointer so it is ready to read or write the next
structure. This is often a cause of problems: without the temporary
variable the buffer pointer is changed to point just after the data
that has been read or written. This may well be uninitialized data
and attempts to free the buffer will have unpredictable results
because it no longer points to the same address.
* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
This usually happens when you try compiling something using the PKCS#12
macros with a C++ compiler. There is hardly ever any need to use the
PKCS#12 macros in a program, it is much easier to parse and create
PKCS#12 files using the PKCS12_parse() and PKCS12_create() functions
documented in doc/openssl.txt and with examples in demos/pkcs12. The
'pkcs12' application has to use the macros because it prints out
debugging information.
* I've called <some function> and it fails, why?
Before submitting a report or asking in one of the mailing lists you
should try to determine the cause. In particular you should call
Before submitting a report or asking in one of the mailing lists, you
should try to determine the cause. In particular, you should call
ERR_print_errors() or ERR_print_errors_fp() after the failed call
and see if the message helps.
and see if the message helps. Note that the problem may occur earlier
than you think -- you should check for errors after every call where
it is possible, otherwise the actual problem may be hidden because
some OpenSSL functions clear the error state.
* I just get a load of numbers for the error output, what do they mean?
@ -229,6 +289,13 @@ or file and the relevant program configured to read it. The OpenSSL program
the verify(1) program manual page for more information.
* Why can I only use weak ciphers when I connect to a server using OpenSSL?
This is almost certainly because you are using an old "export grade" browser
which only supports weak encryption. Upgrade your browser to support 128 bit
ciphers.
* How can I create DSA certificates?
Check the CA.pl(1) manual page for a DSA certificate example.
@ -239,11 +306,19 @@ Check the CA.pl(1) manual page for a DSA certificate example.
Typically you'll see a message saying there are no shared ciphers when
the same setup works fine with an RSA certificate. There are two possible
causes. The client may not support connections to DSA servers most web
browsers only support connections to servers supporting RSA cipher suites.
The other cause is that a set of DH parameters has not been supplied to
the server. DH parameters can be created with the dhparam(1) command and
loaded using the SSL_CTX_set_tmp_dh() for example: check the source to
s_server in apps/s_server.c for an example.
browsers (including Netscape and MSIE) only support connections to servers
supporting RSA cipher suites. The other cause is that a set of DH parameters
has not been supplied to the server. DH parameters can be created with the
dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example:
check the source to s_server in apps/s_server.c for an example.
* How can I remove the passphrase on a private key?
Firstly you should be really *really* sure you want to do this. Leaving
a private key unencrypted is a major security risk. If you decide that
you do have to do this check the EXAMPLES sections of the rsa(1) and
dsa(1) manual pages.
* Why can't the OpenSSH configure script detect OpenSSL?
@ -285,3 +360,73 @@ applied to the OpenSSH distribution:
fi
LIBS="$LIBS -lcrypto"
----- snip:end -----
* Why does the OpenSSL test fail with "bc: command not found"?
You didn't install "bc", the Unix calculator. If you want to run the
tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor.
* Why does the OpenSSL test fail with "bc: 1 no implemented"?
On some SCO installations or versions, bc has a bug that gets triggered when
you run the test suite (using "make test"). The message returned is "bc:
1 not implemented". The best way to deal with this is to find another
implementation of bc and compile/install it. For example, GNU bc (see
http://www.gnu.org/software/software.html for download instructions) can
be safely used.
* Why does the OpenSSL compilation fail on Alpha True64 Unix?
On some Alpha installations running True64 Unix and Compaq C, the compilation
of crypto/sha/sha_dgst.c fails with the message 'Fatal: Insufficient virtual
memory to continue compilation.' As far as the tests have shown, this may be
a compiler bug. What happens is that it eats up a lot of resident memory
to build something, probably a table. The problem is clearly in the
optimization code, because if one eliminates optimization completely (-O0),
the compilation goes through (and the compiler consumes about 2MB of resident
memory instead of 240MB or whatever one's limit is currently).
There are three options to solve this problem:
1. set your current data segment size soft limit higher. Experience shows
that about 241000 kbytes seems to be enough on an AlphaServer DS10. You do
this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of
kbytes to set the limit to.
2. If you have a hard limit that is lower than what you need and you can't
get it changed, you can compile all of OpenSSL with -O0 as optimization
level. This is however not a very nice thing to do for those who expect to
get the best result from OpenSSL. A bit more complicated solution is the
following:
----- snip:start -----
make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \
sed -e 's/ -O[0-9] / -O0 /'`"
rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'`
make
----- snip:end -----
This will only compile sha_dgst.c with -O0, the rest with the optimization
level chosen by the configuration process. When the above is done, do the
test and installation and you're set.
* Why does the OpenSSL compilation fail with "ar: command not found"?
Getting this message is quite usual on Solaris 2, because Sun has hidden
away 'ar' and other development commands in directories that aren't in
$PATH by default. One of those directories is '/usr/ccs/bin'. The
quickest way to fix this is to do the following (it assumes you use sh
or any sh-compatible shell):
----- snip:start -----
PATH=${PATH}:/usr/ccs/bin; export PATH
----- snip:end -----
and then redo the compilation. What you should really do is make sure
'/usr/ccs/bin' is permanently in your $PATH, for example through your
'.profile' (again, assuming you use a sh-compatible shell).

37
crypto/openssl/INSTALL
View File

@ -53,6 +53,12 @@
This will usually require additional system-dependent options!
See "Note on multi-threading" below.
no-shared Don't try to create shared libraries.
shared In addition to the usual static libraries, create shared
libraries on platforms where it's supported. See "Note on
shared libraries" below.
no-asm Do not use assembler code.
386 Use the 80386 instruction set only (the default x86 code is
@ -118,9 +124,12 @@
OpenSSL binary ("openssl"). The libraries will be built in the top-level
directory, and the binary will be in the "apps" directory.
If "make" fails, please report the problem to <openssl-bugs@openssl.org>
(note that your message will be forwarded to a public mailing list).
Include the output of "make report" in your message.
If "make" fails, look at the output. There may be reasons for
the failure that isn't a problem in OpenSSL itself (like missing
standard headers). If it is a problem with OpenSSL itself, please
report the problem to <openssl-bugs@openssl.org> (note that your
message will be forwarded to a public mailing list). Include the
output of "make report" in your message.
[If you encounter assembler error messages, try the "no-asm"
configuration option as an immediate fix.]
@ -132,10 +141,13 @@
$ make test
If a test fails, try removing any compiler optimization flags from
the CFLAGS line in Makefile.ssl and run "make clean; make". Please
send a bug report to <openssl-bugs@openssl.org>, including the
output of "make report".
If a test fails, look at the output. There may be reasons for
the failure that isn't a problem in OpenSSL itself (like a missing
or malfunctioning bc). If it is a problem with OpenSSL itself,
try removing any compiler optimization flags from the CFLAGS line
in Makefile.ssl and run "make clean; make". Please send a bug
report to <openssl-bugs@openssl.org>, including the output of
"make report".
4. If everything tests ok, install OpenSSL with
@ -253,3 +265,14 @@
you can still use "no-threads" to suppress an annoying warning message
from the Configure script.)
Note on shared libraries
------------------------
For some systems, the OpenSSL Configure script knows what is needed to
build shared libraries for libcrypto and libssl. On these systems,
the shared libraries are currently not created by default, but giving
the option "shared" will get them created. This method supports Makefile
targets for shared library creation, like linux-shared. Those targets
can currently be used on their own just as well, but this is expected
to change in future versions of OpenSSL.

217
crypto/openssl/Makefile.org
View File

@ -5,8 +5,15 @@
VERSION=
MAJOR=
MINOR=
SHLIB_VERSION_NUMBER=
SHLIB_VERSION_HISTORY=
SHLIB_MAJOR=
SHLIB_MINOR=
PLATFORM=dist
OPTIONS=
CONFIGURE_ARGS=
SHLIB_TARGET=
# INSTALL_PREFIX is for package builders so that they can configure
# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
# Normally it is left empty.
@ -55,7 +62,7 @@ AR=ar r
RANLIB= ranlib
PERL= perl
TAR= tar
TARFLAGS= --norecurse
TARFLAGS= --no-recursion
# Set BN_ASM to bn_asm.o if you want to use the C version
BN_ASM= bn_asm.o
@ -142,14 +149,21 @@ RMD160_ASM_OBJ= asm/rm86-out.o
#RMD160_ASM_OBJ= asm/rm86-out.o # a.out, FreeBSD
#RMD160_ASM_OBJ= asm/rm86bsdi.o # bsdi
DIRS= crypto ssl rsaref apps test tools
# To do special treatment, use "directory names" starting with a period.
# When we're prepared to use shared libraries in the programs we link here
# we might have SHLIB_MARK1 get the value ".shlib." and SHLIB_MARK2 be empty,
# or have that configurable.
SHLIB_MARK1=.shlib-clean.
SHLIB_MARK2=.shlib.
DIRS= crypto ssl rsaref $(SHLIB_MARK1) apps test tools $(SHLIB_MARK2)
SHLIBDIRS= crypto ssl
# dirs in crypto to build
SDIRS= \
md2 md5 sha mdc2 hmac ripemd \
md2 md4 md5 sha mdc2 hmac ripemd \
des rc2 rc4 rc5 idea bf cast \
bn rsa dsa dh \
bn rsa dsa dh dso \
buffer bio stack lhash rand err objects \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
@ -165,7 +179,8 @@ TOP= .
ONEDIRS=out tmp
EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
WDIRS= windows
LIBS= libcrypto.a libssl.a
LIBS= libcrypto.a libssl.a
SHARED_LIBS=libcrypto.so libssl.so
GENERAL= Makefile
BASENAME= openssl
@ -176,37 +191,108 @@ EXHEADER= e_os.h e_os2.h
HEADER= e_os.h
all: Makefile.ssl
@for i in $(DIRS) ;\
@need_shlib=true; \
for i in $(DIRS) ;\
do \
(cd $$i && echo "making all in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
done
-@# cd crypto; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' testapps
-@# cd perl; $(PERL) Makefile.PL; make
if [ "$$i" = ".shlib-clean." ]; then \
if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) clean-shared; \
fi; \
elif [ "$$i" = ".shlib." ]; then \
if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) $(SHARED_LIBS); \
fi; \
need_shlib=false; \
else \
(cd $$i && echo "making all in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
fi; \
done; \
if $$need_shlib && [ "$(SHLIB_MARK1)" != "" -o "$(SHLIB_MARK1)" != "" ]; then \
$(MAKE) $(SHARED_LIBS); \
fi
sub_all:
@for i in $(DIRS) ;\
@need_shlib=true; \
for i in $(DIRS) ;\
do \
(cd $$i && echo "making all in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
done;
if [ "$$i" = ".shlib-clean." ]; then \
if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) clean-shared; \
fi; \
elif [ "$$i" = ".shlib." ]; then \
if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) $(SHARED_LIBS); \
fi; \
need_shlib=false; \
else \
(cd $$i && echo "making all in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
fi; \
done; \
if $$need_shlib && [ "$(SHLIB_MARK1)" != "" -o "$(SHLIB_MARK1)" != "" ]; then \
$(MAKE) $(SHARED_LIBS); \
fi
libcrypto.so: libcrypto.a
@if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) SHLIBDIRS=crypto $(SHLIB_TARGET); \
else \
echo "There's no support for shared libraries on this platform" >&2; \
fi
libssl.so: libcrypto.so libssl.a
@if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-L. -lcrypto' $(SHLIB_TARGET); \
else \
echo "There's no support for shared libraries on this platform" >&2; \
fi
clean-shared:
for i in ${SHLIBDIRS}; do \
rm -f lib$$i.so \
lib$$i.so.${SHLIB_MAJOR} \
lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
done
linux-shared:
for i in ${SHLIBDIRS}; do \
rm -f lib$$i.a lib$$i.so \
lib$$i.so.${MAJOR} lib$$i.so.${MAJOR}.${MINOR}; \
${MAKE} CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='-fPIC ${CFLAG}' SDIRS='${SDIRS}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' DIRS=$$i clean all || exit 1; \
( set -x; ${CC} -shared -o lib$$i.so.${MAJOR}.${MINOR} \
-Wl,-S,-soname=lib$$i.so.${MAJOR} \
libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
rm -f lib$$i.so \
lib$$i.so.${SHLIB_MAJOR} \
lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
( set -x; ${CC} -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Wl,-S,-soname=lib$$i.so.${SHLIB_MAJOR} \
-Wl,--whole-archive lib$$i.a \
-Wl,--no-whole-archive -lc ) || exit 1; \
rm -f lib$$i.a; make -C $$i clean || exit 1 ;\
done;
@set -x; \
for i in ${SHLIBDIRS}; do \
ln -s lib$$i.so.${MAJOR}.${MINOR} lib$$i.so.${MAJOR}; \
ln -s lib$$i.so.${MAJOR} lib$$i.so; \
done;
-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
libs="$$libs -L. -l$$i"; \
( set -x; \
ln -s lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
lib$$i.so.${SHLIB_MAJOR}; \
ln -s lib$$i.so.${SHLIB_MAJOR} lib$$i.so ); \
done
# This assumes that GNU utilities are *not* used
true64-shared:
libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
( set -x; ${CC} -shared -no_archive -o lib$$i.so \
-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
libs="$$libs -L. -l$$i"; \
done
# This assumes that GNU utilities are *not* used
solaris-shared:
libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
rm -f lib$$i.so \
lib$$i.so.${SHLIB_MAJOR} \
lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
( set -x; ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-h lib$$i.so.${SHLIB_MAJOR} \
-z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
libs="$$libs -L. -l$$i"; \
ln -s lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
lib$$i.so.${SHLIB_MAJOR}; \
ln -s lib$$i.so.${SHLIB_MAJOR} lib$$i.so; \
done
Makefile.ssl: Makefile.org
@echo "Makefile.ssl is older than Makefile.org."
@ -220,9 +306,11 @@ clean:
rm -f shlib/*.o *.o core a.out fluff *.map rehash.time testlog make.log cctest cctest.c
@for i in $(DIRS) ;\
do \
(cd $$i && echo "making clean in $$i..." && \
$(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
rm -f $(LIBS); \
if echo "$$i" | grep -v '^\.'; then \
(cd $$i && echo "making clean in $$i..." && \
$(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
rm -f $(LIBS); \
fi; \
done;
rm -f *.a *.o speed.* *.map *.so .pure core
rm -f $(TARFILE)
@ -239,8 +327,10 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
@for i in $(DIRS) ;\
do \
(cd $$i && echo "making 'files' in $$i..." && \
$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \
if echo "$$i" | grep -v '^\.'; then \
(cd $$i && echo "making 'files' in $$i..." && \
$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \
fi; \
done;
links:
@ -248,21 +338,25 @@ links:
@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
@for i in $(DIRS); do \
(cd $$i && echo "making links in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \
if echo "$$i" | grep -v '^\.'; then \
(cd $$i && echo "making links in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \
fi; \
done;
dclean:
rm -f *.bak
@for i in $(DIRS) ;\
do \
(cd $$i && echo "making dclean in $$i..." && \
$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
if echo "$$i" | grep -v '^\.'; then \
(cd $$i && echo "making dclean in $$i..." && \
$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
fi; \
done;
rehash: rehash.time
rehash.time: certs
@(OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs)
@(OPENSSL="`pwd`/apps/openssl"; export OPENSSL; $(PERL) tools/c_rehash certs)
touch rehash.time
test: tests
@ -278,41 +372,52 @@ report:
depend:
@for i in $(DIRS) ;\
do \
(cd $$i && echo "making dependencies $$i..." && \
$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
if echo "$$i" | grep -v '^\.'; then \
(cd $$i && echo "making dependencies $$i..." && \
$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
fi; \
done;
lint:
@for i in $(DIRS) ;\
do \
(cd $$i && echo "making lint $$i..." && \
$(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \
if echo "$$i" | grep -v '^\.'; then \
(cd $$i && echo "making lint $$i..." && \
$(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \
fi; \
done;
tags:
@for i in $(DIRS) ;\
do \
(cd $$i && echo "making tags $$i..." && \
$(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \
if echo "$$i" | grep -v '^\.'; then \
(cd $$i && echo "making tags $$i..." && \
$(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \
fi; \
done;
errors:
perl util/mkerr.pl -recurse -write
stacks:
perl util/mkstack.pl -write
util/libeay.num::
perl util/mkdef.pl crypto update
util/ssleay.num::
perl util/mkdef.pl ssl update
crypto/objects/obj_dat.h: crypto/objects/objects.h crypto/objects/obj_dat.pl
perl crypto/objects/obj_dat.pl crypto/objects/objects.h crypto/objects/obj_dat.h
crypto/objects/obj_dat.h: crypto/objects/obj_mac.h crypto/objects/obj_dat.pl
perl crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt
perl crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
TABLE: Configure
(echo 'Output of `Configure TABLE'"':"; \
perl Configure TABLE) > TABLE
update: depend errors util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE
update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE
tar:
@$(TAR) $(TARFLAGS) -cvf - \
@ -347,15 +452,19 @@ install: all install_docs
done;
@for i in $(DIRS) ;\
do \
(cd $$i; echo "installing $$i..."; \
$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' install ); \
if echo "$$i" | grep -v '^\.'; then \
(cd $$i; echo "installing $$i..."; \
$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' install ); \
fi; \
done
@for i in $(LIBS) ;\
do \
( echo installing $$i; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
if [ -f "$$i" ]; then \
( echo installing $$i; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
fi \
done
install_docs:

221
crypto/openssl/Makefile.ssl
View File

@ -4,11 +4,18 @@
## Makefile for OpenSSL
##
VERSION=0.9.5a
VERSION=0.9.6
MAJOR=0
MINOR=9.5
MINOR=9.6
SHLIB_VERSION_NUMBER=0.9.6
SHLIB_VERSION_HISTORY=
SHLIB_MAJOR=0
SHLIB_MINOR=9.6
PLATFORM=dist
OPTIONS=
CONFIGURE_ARGS=dist
SHLIB_TARGET=
# INSTALL_PREFIX is for package builders so that they can configure
# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
# Normally it is left empty.
@ -57,7 +64,7 @@ AR=ar r
RANLIB= /usr/bin/ranlib
PERL= /usr/local/bin/perl
TAR= tar
TARFLAGS= --norecurse
TARFLAGS= --no-recursion
# Set BN_ASM to bn_asm.o if you want to use the C version
BN_ASM= bn_asm.o
@ -144,14 +151,21 @@ RMD160_ASM_OBJ=
#RMD160_ASM_OBJ= asm/rm86-out.o # a.out, FreeBSD
#RMD160_ASM_OBJ= asm/rm86bsdi.o # bsdi
DIRS= crypto ssl rsaref apps test tools
# To do special treatment, use "directory names" starting with a period.
# When we're prepared to use shared libraries in the programs we link here
# we might have SHLIB_MARK1 get the value ".shlib." and SHLIB_MARK2 be empty,
# or have that configurable.
SHLIB_MARK1=
SHLIB_MARK2=
DIRS= crypto ssl rsaref $(SHLIB_MARK1) apps test tools $(SHLIB_MARK2)
SHLIBDIRS= crypto ssl
# dirs in crypto to build
SDIRS= \
md2 md5 sha mdc2 hmac ripemd \
md2 md4 md5 sha mdc2 hmac ripemd \
des rc2 rc4 rc5 idea bf cast \
bn rsa dsa dh \
bn rsa dsa dh dso \
buffer bio stack lhash rand err objects \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
@ -167,7 +181,8 @@ TOP= .
ONEDIRS=out tmp
EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
WDIRS= windows
LIBS= libcrypto.a libssl.a
LIBS= libcrypto.a libssl.a
SHARED_LIBS=libcrypto.so libssl.so
GENERAL= Makefile
BASENAME= openssl
@ -178,37 +193,108 @@ EXHEADER= e_os.h e_os2.h
HEADER= e_os.h
all: Makefile.ssl
@for i in $(DIRS) ;\
@need_shlib=true; \
for i in $(DIRS) ;\
do \
(cd $$i && echo "making all in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
done
-@# cd crypto; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' testapps
-@# cd perl; $(PERL) Makefile.PL; make
if [ "$$i" = ".shlib-clean." ]; then \
if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) clean-shared; \
fi; \
elif [ "$$i" = ".shlib." ]; then \
if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) $(SHARED_LIBS); \
fi; \
need_shlib=false; \
else \
(cd $$i && echo "making all in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
fi; \
done; \
if $$need_shlib && [ "$(SHLIB_MARK1)" != "" -o "$(SHLIB_MARK1)" != "" ]; then \
$(MAKE) $(SHARED_LIBS); \
fi
sub_all:
@for i in $(DIRS) ;\
@need_shlib=true; \
for i in $(DIRS) ;\
do \
(cd $$i && echo "making all in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
done;
if [ "$$i" = ".shlib-clean." ]; then \
if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) clean-shared; \
fi; \
elif [ "$$i" = ".shlib." ]; then \
if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) $(SHARED_LIBS); \
fi; \
need_shlib=false; \
else \
(cd $$i && echo "making all in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
fi; \
done; \
if $$need_shlib && [ "$(SHLIB_MARK1)" != "" -o "$(SHLIB_MARK1)" != "" ]; then \
$(MAKE) $(SHARED_LIBS); \
fi
libcrypto.so: libcrypto.a
@if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) SHLIBDIRS=crypto $(SHLIB_TARGET); \
else \
echo "There's no support for shared libraries on this platform" >&2; \
fi
libssl.so: libcrypto.so libssl.a
@if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-L. -lcrypto' $(SHLIB_TARGET); \
else \
echo "There's no support for shared libraries on this platform" >&2; \
fi
clean-shared:
for i in ${SHLIBDIRS}; do \
rm -f lib$$i.so \
lib$$i.so.${SHLIB_MAJOR} \
lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
done
linux-shared:
for i in ${SHLIBDIRS}; do \
rm -f lib$$i.a lib$$i.so \
lib$$i.so.${MAJOR} lib$$i.so.${MAJOR}.${MINOR}; \
${MAKE} CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='-fPIC ${CFLAG}' SDIRS='${SDIRS}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' DIRS=$$i clean all || exit 1; \
( set -x; ${CC} -shared -o lib$$i.so.${MAJOR}.${MINOR} \
-Wl,-S,-soname=lib$$i.so.${MAJOR} \
libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
rm -f lib$$i.so \
lib$$i.so.${SHLIB_MAJOR} \
lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
( set -x; ${CC} -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Wl,-S,-soname=lib$$i.so.${SHLIB_MAJOR} \
-Wl,--whole-archive lib$$i.a \
-Wl,--no-whole-archive -lc ) || exit 1; \
rm -f lib$$i.a; make -C $$i clean || exit 1 ;\
done;
@set -x; \
for i in ${SHLIBDIRS}; do \
ln -s lib$$i.so.${MAJOR}.${MINOR} lib$$i.so.${MAJOR}; \
ln -s lib$$i.so.${MAJOR} lib$$i.so; \
done;
-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
libs="$$libs -L. -l$$i"; \
( set -x; \
ln -s lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
lib$$i.so.${SHLIB_MAJOR}; \
ln -s lib$$i.so.${SHLIB_MAJOR} lib$$i.so ); \
done
# This assumes that GNU utilities are *not* used
true64-shared:
libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
( set -x; ${CC} -shared -no_archive -o lib$$i.so \
-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
libs="$$libs -L. -l$$i"; \
done
# This assumes that GNU utilities are *not* used
solaris-shared:
libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
rm -f lib$$i.so \
lib$$i.so.${SHLIB_MAJOR} \
lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
( set -x; ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-h lib$$i.so.${SHLIB_MAJOR} \
-z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
libs="$$libs -L. -l$$i"; \
ln -s lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
lib$$i.so.${SHLIB_MAJOR}; \
ln -s lib$$i.so.${SHLIB_MAJOR} lib$$i.so; \
done
Makefile.ssl: Makefile.org
@echo "Makefile.ssl is older than Makefile.org."
@ -222,9 +308,11 @@ clean:
rm -f shlib/*.o *.o core a.out fluff *.map rehash.time testlog make.log cctest cctest.c
@for i in $(DIRS) ;\
do \
(cd $$i && echo "making clean in $$i..." && \
$(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
rm -f $(LIBS); \
if echo "$$i" | grep -v '^\.'; then \
(cd $$i && echo "making clean in $$i..." && \
$(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
rm -f $(LIBS); \
fi; \
done;
rm -f *.a *.o speed.* *.map *.so .pure core
rm -f $(TARFILE)
@ -241,8 +329,10 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
@for i in $(DIRS) ;\
do \
(cd $$i && echo "making 'files' in $$i..." && \
$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \
if echo "$$i" | grep -v '^\.'; then \
(cd $$i && echo "making 'files' in $$i..." && \
$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \
fi; \
done;
links:
@ -250,21 +340,25 @@ links:
@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
@for i in $(DIRS); do \
(cd $$i && echo "making links in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \
if echo "$$i" | grep -v '^\.'; then \
(cd $$i && echo "making links in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \
fi; \
done;
dclean:
rm -f *.bak
@for i in $(DIRS) ;\
do \
(cd $$i && echo "making dclean in $$i..." && \
$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
if echo "$$i" | grep -v '^\.'; then \
(cd $$i && echo "making dclean in $$i..." && \
$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
fi; \
done;
rehash: rehash.time
rehash.time: certs
@(OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs)
@(OPENSSL="`pwd`/apps/openssl"; export OPENSSL; $(PERL) tools/c_rehash certs)
touch rehash.time
test: tests
@ -280,41 +374,52 @@ report:
depend:
@for i in $(DIRS) ;\
do \
(cd $$i && echo "making dependencies $$i..." && \
$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
if echo "$$i" | grep -v '^\.'; then \
(cd $$i && echo "making dependencies $$i..." && \
$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
fi; \
done;
lint:
@for i in $(DIRS) ;\
do \
(cd $$i && echo "making lint $$i..." && \
$(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \
if echo "$$i" | grep -v '^\.'; then \
(cd $$i && echo "making lint $$i..." && \
$(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \
fi; \
done;
tags:
@for i in $(DIRS) ;\
do \
(cd $$i && echo "making tags $$i..." && \
$(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \
if echo "$$i" | grep -v '^\.'; then \
(cd $$i && echo "making tags $$i..." && \
$(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \
fi; \
done;
errors:
perl util/mkerr.pl -recurse -write
stacks:
perl util/mkstack.pl -write
util/libeay.num::
perl util/mkdef.pl crypto update
util/ssleay.num::
perl util/mkdef.pl ssl update
crypto/objects/obj_dat.h: crypto/objects/objects.h crypto/objects/obj_dat.pl
perl crypto/objects/obj_dat.pl crypto/objects/objects.h crypto/objects/obj_dat.h
crypto/objects/obj_dat.h: crypto/objects/obj_mac.h crypto/objects/obj_dat.pl
perl crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt
perl crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
TABLE: Configure
(echo 'Output of `Configure TABLE'"':"; \
perl Configure TABLE) > TABLE
update: depend errors util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE
update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE
tar:
@$(TAR) $(TARFLAGS) -cvf - \
@ -349,15 +454,19 @@ install: all install_docs
done;
@for i in $(DIRS) ;\
do \
(cd $$i; echo "installing $$i..."; \
$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' install ); \
if echo "$$i" | grep -v '^\.'; then \
(cd $$i; echo "installing $$i..."; \
$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' install ); \
fi; \
done
@for i in $(LIBS) ;\
do \
( echo installing $$i; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
if [ -f "$$i" ]; then \
( echo installing $$i; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
fi \
done
install_docs:

15
crypto/openssl/NEWS
View File

@ -5,6 +5,21 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6:
o Some documentation for BIO and SSL libraries.
o Enhanced chain verification using key identifiers.
o New sign and verify options to 'dgst' application.
o Support for DER and PEM encoded messages in 'smime' application.
o New 'rsautl' application, low level RSA utility.
o MD4 now included.
o Bugfix for SSL rollback padding check.
o Support for external crypto devices [1].
o Enhanced EVP interface.
[1] The support for external crypto devices is currently a separate
distribution. See the file README.ENGINE.
Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a:
o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8

21
crypto/openssl/README
View File

@ -1,5 +1,5 @@
OpenSSL 0.9.5a 1 Apr 2000
OpenSSL 0.9.6 24 Sep 2000
Copyright (c) 1998-2000 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
@ -99,13 +99,12 @@
country. The file contains some of the patents that we know about or are
rumoured to exist. This is not a definitive list.
RSA Data Security holds software patents on the RSA and RC5 algorithms. If
their ciphers are used used inside the USA (and Japan?), you must contact RSA
Data Security for licensing conditions. Their web page is
http://www.rsa.com/.
RSA Security holds software patents on the RC5 algorithm. If you
intend to use this cipher, you must contact RSA Security for
licensing conditions. Their web page is http://www.rsasecurity.com/.
RC4 is a trademark of RSA Data Security, so use of this label should perhaps
only be used with RSA Data Security's permission.
RC4 is a trademark of RSA Security, so use of this label should perhaps
only be used with RSA Security's permission.
The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
Japan, Netherlands, Spain, Sweden, Switzerland, UK and the USA. They should
@ -119,9 +118,6 @@
a Win32 platform, read the INSTALL.W32 file. For OpenVMS systems, read
INSTALL.VMS.
For people in the USA, it is possible to compile OpenSSL to use RSA Inc.'s
public key library, RSAREF, by configuring OpenSSL with the option "rsaref".
Read the documentation in the doc/ directory. It is quite rough, but it
lists the functions, you will probably have to look at the code to work out
how to used them. Look at the example programs.
@ -167,6 +163,9 @@
the string "[PATCH]" in the subject. Please be sure to include a
textual explanation of what your patch does.
Note: For legal reasons, contributions from the US can be accepted only
if a copy of the patch is sent to crypt@bxa.doc.gov
The preferred format for changes is "diff -u" output. You might
generate it like this:
@ -174,4 +173,4 @@
# [your changes]
# ./Configure dist; make clean
# cd ..
# diff -urN openssl-orig openssl-work > mydiffs.patch
# diff -ur openssl-orig openssl-work > mydiffs.patch

63
crypto/openssl/README.ENGINE Normal file
View File

@ -0,0 +1,63 @@
ENGINE
======
With OpenSSL 0.9.6, a new component has been added to support external
crypto devices, for example accelerator cards. The component is called
ENGINE, and has still a pretty experimental status and almost no
documentation. It's designed to be faily easily extensible by the
calling programs.
There's currently built-in support for the following crypto devices:
o CryptoSwift
o Compaq Atalla
o nCipher CHIL
A number of things are still needed and are being worked on:
o An openssl utility command to handle or at least check available
engines.
o A better way of handling the methods that are handled by the
engines.
o Documentation!
What already exists is fairly stable as far as it has been tested, but
the test base has been a bit small most of the time.
Because of this experimental status and what's lacking, the ENGINE
component is not yet part of the default OpenSSL distribution. However,
we have made a separate kit for those who want to try this out, to be
found in the same places as the default OpenSSL distribution, but with
"-engine-" being part of the kit file name. For example, version 0.9.6
is distributed in the following two files:
openssl-0.9.6.tar.gz
openssl-engine-0.9.6.tar.gz
NOTES
=====
openssl-engine-0.9.6.tar.gz does not depend on openssl-0.9.6.tar, you do
not need to download both.
openssl-engine-0.9.6.tar.gz is usable even if you don't have an external
crypto device. The internal OpenSSL functions are contained in the
engine "openssl", and will be used by default.
No external crypto device is chosen unless you say so. You have actively
tell the openssl utility commands to use it through a new command line
switch called "-engine". And if you want to use the ENGINE library to
do something similar, you must also explicitely choose an external crypto
device, or the built-in crypto routines will be used, just as in the
default OpenSSL distribution.
PROBLEMS
========
It seems like the ENGINE part doesn't work too well with Cryptoswift on
Win32. A quick test done right before the release showed that trying
"openssl speed -engine cswift" generated errors. If the DSO gets enabled,
an attempt is made to write at memory address 0x00000002.

6
crypto/openssl/apps/CA.pl
View File

@ -36,6 +36,7 @@
# default openssl.cnf file has setup as per the following
# demoCA ... where everything is stored
$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
$DAYS="-days 365";
$REQ="openssl req $SSLEAY_CONFIG";
$CA="openssl ca $SSLEAY_CONFIG";
@ -116,6 +117,11 @@ foreach (@ARGV) {
"-infiles newreq.pem");
$RET=$?;
print "Signed certificate is in newcert.pem\n";
} elsif (/^(-signCA)$/) {
system ("$CA -policy policy_anything -out newcert.pem " .
"-extensions v3_ca -infiles newreq.pem");
$RET=$?;
print "Signed CA certificate is in newcert.pem\n";
} elsif (/^-signcert$/) {
system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
"-out tmp.pem");

6
crypto/openssl/apps/CA.pl.in
View File

@ -36,6 +36,7 @@
# default openssl.cnf file has setup as per the following
# demoCA ... where everything is stored
$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
$DAYS="-days 365";
$REQ="openssl req $SSLEAY_CONFIG";
$CA="openssl ca $SSLEAY_CONFIG";
@ -116,6 +117,11 @@ foreach (@ARGV) {
"-infiles newreq.pem");
$RET=$?;
print "Signed certificate is in newcert.pem\n";
} elsif (/^(-signCA)$/) {
system ("$CA -policy policy_anything -out newcert.pem " .
"-extensions v3_ca -infiles newreq.pem");
$RET=$?;
print "Signed CA certificate is in newcert.pem\n";
} elsif (/^-signcert$/) {
system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
"-out tmp.pem");

933
crypto/openssl/apps/Makefile.ssl
View File

File diff suppressed because it is too large Load Diff

372
crypto/openssl/apps/apps.c
View File

@ -64,6 +64,11 @@
#define NON_MAIN
#include "apps.h"
#undef NON_MAIN
#include <openssl/err.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/pkcs12.h>
#include <openssl/safestack.h>
#ifdef WINDOWS
# include "bss_file.c"
@ -91,8 +96,8 @@ int args_from_file(char *file, int *argc, char **argv[])
*argv=NULL;
len=(unsigned int)stbuf.st_size;
if (buf != NULL) Free(buf);
buf=(char *)Malloc(len+1);
if (buf != NULL) OPENSSL_free(buf);
buf=(char *)OPENSSL_malloc(len+1);
if (buf == NULL) return(0);
len=fread(buf,1,len,fp);
@ -102,8 +107,8 @@ int args_from_file(char *file, int *argc, char **argv[])
i=0;
for (p=buf; *p; p++)
if (*p == '\n') i++;
if (arg != NULL) Free(arg);
arg=(char **)Malloc(sizeof(char *)*(i*2));
if (arg != NULL) OPENSSL_free(arg);
arg=(char **)OPENSSL_malloc(sizeof(char *)*(i*2));
*argv=arg;
num=0;
@ -159,6 +164,12 @@ int str2fmt(char *s)
return(FORMAT_PEM);
else if ((*s == 'N') || (*s == 'n'))
return(FORMAT_NETSCAPE);
else if ((*s == 'S') || (*s == 's'))
return(FORMAT_SMIME);
else if ((*s == '1')
|| (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
|| (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
return(FORMAT_PKCS12);
else
return(FORMAT_UNDEF);
}
@ -266,7 +277,7 @@ int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
if (arg->count == 0)
{
arg->count=20;
arg->data=(char **)Malloc(sizeof(char *)*arg->count);
arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count);
}
for (i=0; i<arg->count; i++)
arg->data[i]=NULL;
@ -285,7 +296,7 @@ int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
if (num >= arg->count)
{
arg->count+=20;
arg->data=(char **)Realloc(arg->data,
arg->data=(char **)OPENSSL_realloc(arg->data,
sizeof(char *)*arg->count);
if (argc == 0) return(0);
}
@ -414,3 +425,352 @@ static char *app_get_pass(BIO *err, char *arg, int keepbio)
if(tmp) *tmp = 0;
return BUF_strdup(tpass);
}
int add_oid_section(BIO *err, LHASH *conf)
{
char *p;
STACK_OF(CONF_VALUE) *sktmp;
CONF_VALUE *cnf;
int i;
if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1;
if(!(sktmp = CONF_get_section(conf, p))) {
BIO_printf(err, "problem loading oid section %s\n", p);
return 0;
}
for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
cnf = sk_CONF_VALUE_value(sktmp, i);
if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
BIO_printf(err, "problem creating object %s=%s\n",
cnf->name, cnf->value);
return 0;
}
}
return 1;
}
X509 *load_cert(BIO *err, char *file, int format)
{
ASN1_HEADER *ah=NULL;
BUF_MEM *buf=NULL;
X509 *x=NULL;
BIO *cert;
if ((cert=BIO_new(BIO_s_file())) == NULL)
{
ERR_print_errors(err);
goto end;
}
if (file == NULL)
BIO_set_fp(cert,stdin,BIO_NOCLOSE);
else
{
if (BIO_read_filename(cert,file) <= 0)
{
perror(file);
goto end;
}
}
if (format == FORMAT_ASN1)
x=d2i_X509_bio(cert,NULL);
else if (format == FORMAT_NETSCAPE)
{
unsigned char *p,*op;
int size=0,i;
/* We sort of have to do it this way because it is sort of nice
* to read the header first and check it, then
* try to read the certificate */
buf=BUF_MEM_new();
for (;;)
{
if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10)))
goto end;
i=BIO_read(cert,&(buf->data[size]),1024*10);
size+=i;
if (i == 0) break;
if (i < 0)
{
perror("reading certificate");
goto end;
}
}
p=(unsigned char *)buf->data;
op=p;
/* First load the header */
if ((ah=d2i_ASN1_HEADER(NULL,&p,(long)size)) == NULL)
goto end;
if ((ah->header == NULL) || (ah->header->data == NULL) ||
(strncmp(NETSCAPE_CERT_HDR,(char *)ah->header->data,
ah->header->length) != 0))
{
BIO_printf(err,"Error reading header on certificate\n");
goto end;
}
/* header is ok, so now read the object */
p=op;
ah->meth=X509_asn1_meth();
if ((ah=d2i_ASN1_HEADER(&ah,&p,(long)size)) == NULL)
goto end;
x=(X509 *)ah->data;
ah->data=NULL;
}
else if (format == FORMAT_PEM)
x=PEM_read_bio_X509_AUX(cert,NULL,NULL,NULL);
else if (format == FORMAT_PKCS12)
{
PKCS12 *p12 = d2i_PKCS12_bio(cert, NULL);
PKCS12_parse(p12, NULL, NULL, &x, NULL);
PKCS12_free(p12);
p12 = NULL;
}
else {
BIO_printf(err,"bad input format specified for input cert\n");
goto end;
}
end:
if (x == NULL)
{
BIO_printf(err,"unable to load certificate\n");
ERR_print_errors(err);
}
if (ah != NULL) ASN1_HEADER_free(ah);
if (cert != NULL) BIO_free(cert);
if (buf != NULL) BUF_MEM_free(buf);
return(x);
}
EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass)
{
BIO *key=NULL;
EVP_PKEY *pkey=NULL;
if (file == NULL)
{
BIO_printf(err,"no keyfile specified\n");
goto end;
}
key=BIO_new(BIO_s_file());
if (key == NULL)
{
ERR_print_errors(err);
goto end;
}
if (BIO_read_filename(key,file) <= 0)
{
perror(file);
goto end;
}
if (format == FORMAT_ASN1)
{
pkey=d2i_PrivateKey_bio(key, NULL);
}
else if (format == FORMAT_PEM)
{
pkey=PEM_read_bio_PrivateKey(key,NULL,NULL,pass);
}
else if (format == FORMAT_PKCS12)
{
PKCS12 *p12 = d2i_PKCS12_bio(key, NULL);
PKCS12_parse(p12, pass, &pkey, NULL, NULL);
PKCS12_free(p12);
p12 = NULL;
}
else
{
BIO_printf(err,"bad input format specified for key\n");
goto end;
}
end:
if (key != NULL) BIO_free(key);
if (pkey == NULL)
BIO_printf(err,"unable to load Private Key\n");
return(pkey);
}
EVP_PKEY *load_pubkey(BIO *err, char *file, int format)
{
BIO *key=NULL;
EVP_PKEY *pkey=NULL;
if (file == NULL)
{
BIO_printf(err,"no keyfile specified\n");
goto end;
}
key=BIO_new(BIO_s_file());
if (key == NULL)
{
ERR_print_errors(err);
goto end;
}
if (BIO_read_filename(key,file) <= 0)
{
perror(file);
goto end;
}
if (format == FORMAT_ASN1)
{
pkey=d2i_PUBKEY_bio(key, NULL);
}
else if (format == FORMAT_PEM)
{
pkey=PEM_read_bio_PUBKEY(key,NULL,NULL,NULL);
}
else
{
BIO_printf(err,"bad input format specified for key\n");
goto end;
}
end:
if (key != NULL) BIO_free(key);
if (pkey == NULL)
BIO_printf(err,"unable to load Public Key\n");
return(pkey);
}
STACK_OF(X509) *load_certs(BIO *err, char *file, int format)
{
BIO *certs;
int i;
STACK_OF(X509) *othercerts = NULL;
STACK_OF(X509_INFO) *allcerts = NULL;
X509_INFO *xi;
if((certs = BIO_new(BIO_s_file())) == NULL)
{
ERR_print_errors(err);
goto end;
}
if (file == NULL)
BIO_set_fp(certs,stdin,BIO_NOCLOSE);
else
{
if (BIO_read_filename(certs,file) <= 0)
{
perror(file);
goto end;
}
}
if (format == FORMAT_PEM)
{
othercerts = sk_X509_new_null();
if(!othercerts)
{
sk_X509_free(othercerts);
othercerts = NULL;
goto end;
}
allcerts = PEM_X509_INFO_read_bio(certs, NULL, NULL, NULL);
for(i = 0; i < sk_X509_INFO_num(allcerts); i++)
{
xi = sk_X509_INFO_value (allcerts, i);
if (xi->x509)
{
sk_X509_push(othercerts, xi->x509);
xi->x509 = NULL;
}
}
goto end;
}
else {
BIO_printf(err,"bad input format specified for input cert\n");
goto end;
}
end:
if (othercerts == NULL)
{
BIO_printf(err,"unable to load certificates\n");
ERR_print_errors(err);
}
if (allcerts) sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
if (certs != NULL) BIO_free(certs);
return(othercerts);
}
typedef struct {
char *name;
unsigned long flag;
unsigned long mask;
} NAME_EX_TBL;
int set_name_ex(unsigned long *flags, const char *arg)
{
char c;
const NAME_EX_TBL *ptbl, ex_tbl[] = {
{ "esc_2253", ASN1_STRFLGS_ESC_2253, 0},
{ "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
{ "esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
{ "use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
{ "utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},
{ "ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},
{ "show_type", ASN1_STRFLGS_SHOW_TYPE, 0},
{ "dump_all", ASN1_STRFLGS_DUMP_ALL, 0},
{ "dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},
{ "dump_der", ASN1_STRFLGS_DUMP_DER, 0},
{ "compat", XN_FLAG_COMPAT, 0xffffffffL},
{ "sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},
{ "sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},
{ "sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},
{ "sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},
{ "dn_rev", XN_FLAG_DN_REV, 0},
{ "nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
{ "sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
{ "lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
{ "oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
{ "space_eq", XN_FLAG_SPC_EQ, 0},
{ "dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
{ "RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
{ "oneline", XN_FLAG_ONELINE, 0xffffffffL},
{ "multiline", XN_FLAG_MULTILINE, 0xffffffffL},
{ NULL, 0, 0}
};
c = arg[0];
if(c == '-') {
c = 0;
arg++;
} else if (c == '+') {
c = 1;
arg++;
} else c = 1;
for(ptbl = ex_tbl; ptbl->name; ptbl++) {
if(!strcmp(arg, ptbl->name)) {
*flags &= ~ptbl->mask;
if(c) *flags |= ptbl->flag;
else *flags &= ~ptbl->flag;
return 1;
}
}
return 0;
}
void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
{
char buf[256];
char mline = 0;
int indent = 0;
if(title) BIO_puts(out, title);
if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
mline = 1;
indent = 4;
}
if(lflags == XN_FLAG_COMPAT) {
X509_NAME_oneline(nm,buf,256);
BIO_puts(out,buf);
BIO_puts(out, "\n");
} else {
if(mline) BIO_puts(out, "\n");
X509_NAME_print_ex(out, nm, indent, lflags);
BIO_puts(out, "\n");
}
}

15
crypto/openssl/apps/apps.h
View File

@ -65,6 +65,8 @@
#include <openssl/bio.h>
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/lhash.h>
#include <openssl/conf.h>
int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
int app_RAND_write_file(const char *file, BIO *bio_e);
@ -98,7 +100,6 @@ extern BIO *bio_err;
#else
#define MAIN(a,v) PROG(a,v)
#include <openssl/conf.h>
extern LHASH *config;
extern char *default_config_file;
extern BIO *bio_err;
@ -144,13 +145,25 @@ void program_name(char *in,char *out,int size);
int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
#ifdef HEADER_X509_H
int dump_cert_text(BIO *out, X509 *x);
void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags);
#endif
int set_name_ex(unsigned long *flags, const char *arg);
int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
int add_oid_section(BIO *err, LHASH *conf);
X509 *load_cert(BIO *err, char *file, int format);
EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass);
EVP_PKEY *load_pubkey(BIO *err, char *file, int format);
STACK_OF(X509) *load_certs(BIO *err, char *file, int format);
#define FORMAT_UNDEF 0
#define FORMAT_ASN1 1
#define FORMAT_TEXT 2
#define FORMAT_PEM 3
#define FORMAT_NETSCAPE 4
#define FORMAT_PKCS12 5
#define FORMAT_SMIME 6
#define NETSCAPE_CERT_HDR "certificate"
#define APP_PASS_LEN 1024

27
crypto/openssl/apps/asn1pars.c
View File

@ -88,7 +88,7 @@ int MAIN(int argc, char **argv)
unsigned int length=0;
long num,tmplen;
BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL;
int informat,indent=0, noout = 0;
int informat,indent=0, noout = 0, dump = 0;
char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL;
unsigned char *tmpbuf;
BUF_MEM *buf=NULL;
@ -108,7 +108,7 @@ int MAIN(int argc, char **argv)
argv++;
if ((osk=sk_new_null()) == NULL)
{
BIO_printf(bio_err,"Malloc failure\n");
BIO_printf(bio_err,"Memory allocation failure\n");
goto end;
}
while (argc >= 1)
@ -149,6 +149,16 @@ int MAIN(int argc, char **argv)
length= atoi(*(++argv));
if (length == 0) goto bad;
}
else if (strcmp(*argv,"-dump") == 0)
{
dump= -1;
}
else if (strcmp(*argv,"-dlimit") == 0)
{
if (--argc < 1) goto bad;
dump= atoi(*(++argv));
if (dump <= 0) goto bad;
}
else if (strcmp(*argv,"-strparse") == 0)
{
if (--argc < 1) goto bad;
@ -176,6 +186,8 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err," -offset arg offset into file\n");
BIO_printf(bio_err," -length arg length of section in file\n");
BIO_printf(bio_err," -i indent entries\n");
BIO_printf(bio_err," -dump dump unknown data in hex form\n");
BIO_printf(bio_err," -dlimit arg dump the first arg bytes of unknown data in hex form\n");
BIO_printf(bio_err," -oid file file of extra oid definitions\n");
BIO_printf(bio_err," -strparse offset\n");
BIO_printf(bio_err," a series of these can be used to 'dig' into multiple\n");
@ -194,6 +206,12 @@ int MAIN(int argc, char **argv)
goto end;
}
BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
if (oidfile != NULL)
{
@ -293,7 +311,8 @@ int MAIN(int argc, char **argv)
}
}
if (!noout &&
!ASN1_parse(out,(unsigned char *)&(str[offset]),length,indent))
!ASN1_parse_dump(out,(unsigned char *)&(str[offset]),length,
indent,dump))
{
ERR_print_errors(bio_err);
goto end;
@ -302,7 +321,7 @@ int MAIN(int argc, char **argv)
end:
BIO_free(derout);
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free(out);
if (out != NULL) BIO_free_all(out);
if (b64 != NULL) BIO_free(b64);
if (ret != 0)
ERR_print_errors(bio_err);

135
crypto/openssl/apps/ca.c
View File

@ -176,7 +176,6 @@ extern int EF_PROTECT_BELOW;
extern int EF_ALIGNMENT;
#endif
static int add_oid_section(LHASH *conf);
static void lookup_fail(char *name,char *tag);
static unsigned long index_serial_hash(char **a);
static int index_serial_cmp(char **a, char **b);
@ -217,7 +216,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
char *key=NULL;
char *key=NULL,*passargin=NULL;
int total=0;
int total_done=0;
int badops=0;
@ -263,7 +262,7 @@ int MAIN(int argc, char **argv)
long l;
const EVP_MD *dgst=NULL;
STACK_OF(CONF_VALUE) *attribs=NULL;
STACK *cert_sk=NULL;
STACK_OF(X509) *cert_sk=NULL;
BIO *hex=NULL;
#undef BSIZE
#define BSIZE 256
@ -334,6 +333,11 @@ EF_ALIGNMENT=0;
if (--argc < 1) goto bad;
keyfile= *(++argv);
}
else if (strcmp(*argv,"-passin") == 0)
{
if (--argc < 1) goto bad;
passargin= *(++argv);
}
else if (strcmp(*argv,"-key") == 0)
{
if (--argc < 1) goto bad;
@ -498,7 +502,7 @@ EF_ALIGNMENT=0;
BIO_free(oid_bio);
}
}
if(!add_oid_section(conf))
if(!add_oid_section(bio_err,conf))
{
ERR_print_errors(bio_err);
goto err;
@ -527,6 +531,11 @@ EF_ALIGNMENT=0;
lookup_fail(section,ENV_PRIVATE_KEY);
goto err;
}
if(!key && !app_passwd(bio_err, passargin, NULL, &key, NULL))
{
BIO_printf(bio_err,"Error getting password\n");
goto err;
}
if (BIO_read_filename(in,keyfile) <= 0)
{
perror(keyfile);
@ -681,6 +690,12 @@ EF_ALIGNMENT=0;
if (verbose)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail */
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
TXT_DB_write(out,db);
BIO_printf(bio_err,"%d entries loaded from the database\n",
db->data->num);
@ -715,7 +730,15 @@ EF_ALIGNMENT=0;
}
}
else
{
BIO_set_fp(Sout,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
Sout = BIO_push(tmpbio, Sout);
}
#endif
}
}
if (req)
@ -808,7 +831,7 @@ EF_ALIGNMENT=0;
{
if ((f=BN_bn2hex(serial)) == NULL) goto err;
BIO_printf(bio_err,"next serial number is %s\n",f);
Free(f);
OPENSSL_free(f);
}
if ((attribs=CONF_get_section(conf,policy)) == NULL)
@ -817,9 +840,9 @@ EF_ALIGNMENT=0;
goto err;
}
if ((cert_sk=sk_new_null()) == NULL)
if ((cert_sk=sk_X509_new_null()) == NULL)
{
BIO_printf(bio_err,"Malloc failure\n");
BIO_printf(bio_err,"Memory allocation failure\n");
goto err;
}
if (spkac_file != NULL)
@ -834,9 +857,9 @@ EF_ALIGNMENT=0;
total_done++;
BIO_printf(bio_err,"\n");
if (!BN_add_word(serial,1)) goto err;
if (!sk_push(cert_sk,(char *)x))
if (!sk_X509_push(cert_sk,x))
{
BIO_printf(bio_err,"Malloc failure\n");
BIO_printf(bio_err,"Memory allocation failure\n");
goto err;
}
if (outfile)
@ -858,9 +881,9 @@ EF_ALIGNMENT=0;
total_done++;
BIO_printf(bio_err,"\n");
if (!BN_add_word(serial,1)) goto err;
if (!sk_push(cert_sk,(char *)x))
if (!sk_X509_push(cert_sk,x))
{
BIO_printf(bio_err,"Malloc failure\n");
BIO_printf(bio_err,"Memory allocation failure\n");
goto err;
}
}
@ -877,9 +900,9 @@ EF_ALIGNMENT=0;
total_done++;
BIO_printf(bio_err,"\n");
if (!BN_add_word(serial,1)) goto err;
if (!sk_push(cert_sk,(char *)x))
if (!sk_X509_push(cert_sk,x))
{
BIO_printf(bio_err,"Malloc failure\n");
BIO_printf(bio_err,"Memory allocation failure\n");
goto err;
}
}
@ -896,9 +919,9 @@ EF_ALIGNMENT=0;
total_done++;
BIO_printf(bio_err,"\n");
if (!BN_add_word(serial,1)) goto err;
if (!sk_push(cert_sk,(char *)x))
if (!sk_X509_push(cert_sk,x))
{
BIO_printf(bio_err,"Malloc failure\n");
BIO_printf(bio_err,"Memory allocation failure\n");
goto err;
}
}
@ -907,7 +930,7 @@ EF_ALIGNMENT=0;
* and a data base and serial number that need
* updating */
if (sk_num(cert_sk) > 0)
if (sk_X509_num(cert_sk) > 0)
{
if (!batch)
{
@ -923,7 +946,7 @@ EF_ALIGNMENT=0;
}
}
BIO_printf(bio_err,"Write out database with %d new entries\n",sk_num(cert_sk));
BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk));
strncpy(buf[0],serialfile,BSIZE-4);
@ -955,12 +978,12 @@ EF_ALIGNMENT=0;
if (verbose)
BIO_printf(bio_err,"writing new certificates\n");
for (i=0; i<sk_num(cert_sk); i++)
for (i=0; i<sk_X509_num(cert_sk); i++)
{
int k;
unsigned char *n;
x=(X509 *)sk_value(cert_sk,i);
x=sk_X509_value(cert_sk,i);
j=x->cert_info->serialNumber->length;
p=(char *)x->cert_info->serialNumber->data;
@ -999,7 +1022,7 @@ EF_ALIGNMENT=0;
write_new_certificate(Sout,x, output_der, notext);
}
if (sk_num(cert_sk))
if (sk_X509_num(cert_sk))
{
/* Rename the database and the serial file */
strncpy(buf[2],serialfile,BSIZE-4);
@ -1011,7 +1034,7 @@ EF_ALIGNMENT=0;
#endif
BIO_free(in);
BIO_free(out);
BIO_free_all(out);
in=NULL;
out=NULL;
if (rename(serialfile,buf[2]) < 0)
@ -1228,12 +1251,12 @@ EF_ALIGNMENT=0;
ret=0;
err:
BIO_free(hex);
BIO_free(Cout);
BIO_free(Sout);
BIO_free(out);
BIO_free_all(Cout);
BIO_free_all(Sout);
BIO_free_all(out);
BIO_free(in);
sk_pop_free(cert_sk,X509_free);
sk_X509_pop_free(cert_sk,X509_free);
if (ret) ERR_print_errors(bio_err);
app_RAND_write_file(randfile, bio_err);
@ -1345,7 +1368,7 @@ static int save_serial(char *serialfile, BIGNUM *serial)
BIO_puts(out,"\n");
ret=1;
err:
if (out != NULL) BIO_free(out);
if (out != NULL) BIO_free_all(out);
if (ai != NULL) ASN1_INTEGER_free(ai);
return(ret);
}
@ -1580,7 +1603,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
/* Ok, now we check the 'policy' stuff. */
if ((subject=X509_NAME_new()) == NULL)
{
BIO_printf(bio_err,"Malloc failure\n");
BIO_printf(bio_err,"Memory allocation failure\n");
goto err;
}
@ -1678,7 +1701,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
{
if (push != NULL)
X509_NAME_ENTRY_free(push);
BIO_printf(bio_err,"Malloc failure\n");
BIO_printf(bio_err,"Memory allocation failure\n");
goto err;
}
}
@ -1700,7 +1723,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
row[DB_serial]=BN_bn2hex(serial);
if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
{
BIO_printf(bio_err,"Malloc failure\n");
BIO_printf(bio_err,"Memory allocation failure\n");
goto err;
}
@ -1841,32 +1864,32 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
goto err;
/* We now just add it to the database */
row[DB_type]=(char *)Malloc(2);
row[DB_type]=(char *)OPENSSL_malloc(2);
tm=X509_get_notAfter(ret);
row[DB_exp_date]=(char *)Malloc(tm->length+1);
row[DB_exp_date]=(char *)OPENSSL_malloc(tm->length+1);
memcpy(row[DB_exp_date],tm->data,tm->length);
row[DB_exp_date][tm->length]='\0';
row[DB_rev_date]=NULL;
/* row[DB_serial] done already */
row[DB_file]=(char *)Malloc(8);
row[DB_file]=(char *)OPENSSL_malloc(8);
/* row[DB_name] done already */
if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
(row[DB_file] == NULL))
{
BIO_printf(bio_err,"Malloc failure\n");
BIO_printf(bio_err,"Memory allocation failure\n");
goto err;
}
strcpy(row[DB_file],"unknown");
row[DB_type][0]='V';
row[DB_type][1]='\0';
if ((irow=(char **)Malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
if ((irow=(char **)OPENSSL_malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
{
BIO_printf(bio_err,"Malloc failure\n");
BIO_printf(bio_err,"Memory allocation failure\n");
goto err;
}
@ -1886,7 +1909,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
ok=1;
err:
for (i=0; i<DB_NUMBER; i++)
if (row[i] != NULL) Free(row[i]);
if (row[i] != NULL) OPENSSL_free(row[i]);
if (CAname != NULL)
X509_NAME_free(CAname);
@ -2100,28 +2123,6 @@ static int check_time_format(char *str)
return(ASN1_UTCTIME_check(&tm));
}
static int add_oid_section(LHASH *hconf)
{
char *p;
STACK_OF(CONF_VALUE) *sktmp;
CONF_VALUE *cnf;
int i;
if(!(p=CONF_get_string(hconf,NULL,"oid_section"))) return 1;
if(!(sktmp = CONF_get_section(hconf, p))) {
BIO_printf(bio_err, "problem loading oid section %s\n", p);
return 0;
}
for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
cnf = sk_CONF_VALUE_value(sktmp, i);
if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
BIO_printf(bio_err, "problem creating object %s=%s\n",
cnf->name, cnf->value);
return 0;
}
}
return 1;
}
static int do_revoke(X509 *x509, TXT_DB *db)
{
ASN1_UTCTIME *tm=NULL, *revtm=NULL;
@ -2137,7 +2138,7 @@ static int do_revoke(X509 *x509, TXT_DB *db)
BN_free(bn);
if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
{
BIO_printf(bio_err,"Malloc failure\n");
BIO_printf(bio_err,"Memory allocation failure\n");
goto err;
}
/* We have to lookup by serial number because name lookup
@ -2149,33 +2150,33 @@ static int do_revoke(X509 *x509, TXT_DB *db)
BIO_printf(bio_err,"Adding Entry to DB for %s\n", row[DB_name]);
/* We now just add it to the database */
row[DB_type]=(char *)Malloc(2);
row[DB_type]=(char *)OPENSSL_malloc(2);
tm=X509_get_notAfter(x509);
row[DB_exp_date]=(char *)Malloc(tm->length+1);
row[DB_exp_date]=(char *)OPENSSL_malloc(tm->length+1);
memcpy(row[DB_exp_date],tm->data,tm->length);
row[DB_exp_date][tm->length]='\0';
row[DB_rev_date]=NULL;
/* row[DB_serial] done already */
row[DB_file]=(char *)Malloc(8);
row[DB_file]=(char *)OPENSSL_malloc(8);
/* row[DB_name] done already */
if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
(row[DB_file] == NULL))
{
BIO_printf(bio_err,"Malloc failure\n");
BIO_printf(bio_err,"Memory allocation failure\n");
goto err;
}
strcpy(row[DB_file],"unknown");
row[DB_type][0]='V';
row[DB_type][1]='\0';
if ((irow=(char **)Malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
if ((irow=(char **)OPENSSL_malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
{
BIO_printf(bio_err,"Malloc failure\n");
BIO_printf(bio_err,"Memory allocation failure\n");
goto err;
}
@ -2218,7 +2219,7 @@ static int do_revoke(X509 *x509, TXT_DB *db)
revtm=X509_gmtime_adj(revtm,0);
rrow[DB_type][0]='R';
rrow[DB_type][1]='\0';
rrow[DB_rev_date]=(char *)Malloc(revtm->length+1);
rrow[DB_rev_date]=(char *)OPENSSL_malloc(revtm->length+1);
memcpy(rrow[DB_rev_date],revtm->data,revtm->length);
rrow[DB_rev_date][revtm->length]='\0';
ASN1_UTCTIME_free(revtm);
@ -2228,7 +2229,7 @@ static int do_revoke(X509 *x509, TXT_DB *db)
for (i=0; i<DB_NUMBER; i++)
{
if (row[i] != NULL)
Free(row[i]);
OPENSSL_free(row[i]);
}
return(ok);
}

13
crypto/openssl/apps/ciphers.c
View File

@ -74,6 +74,7 @@ static char *ciphers_usage[]={
" -v - verbose mode, a textual listing of the ciphers in SSLeay\n",
" -ssl2 - SSL2 mode\n",
" -ssl3 - SSL3 mode\n",
" -tls1 - TLS1 mode\n",
NULL
};
@ -107,6 +108,12 @@ int MAIN(int argc, char **argv)
if (bio_err == NULL)
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
STDout = BIO_push(tmpbio, STDout);
}
#endif
argc--;
argv++;
@ -121,6 +128,10 @@ int MAIN(int argc, char **argv)
#ifndef NO_SSL3
else if (strcmp(*argv,"-ssl3") == 0)
meth=SSLv3_client_method();
#endif
#ifndef NO_TLS1
else if (strcmp(*argv,"-tls1") == 0)
meth=TLSv1_client_method();
#endif
else if ((strncmp(*argv,"-h",2) == 0) ||
(strcmp(*argv,"-?") == 0))
@ -190,7 +201,7 @@ int MAIN(int argc, char **argv)
end:
if (ctx != NULL) SSL_CTX_free(ctx);
if (ssl != NULL) SSL_free(ssl);
if (STDout != NULL) BIO_free(STDout);
if (STDout != NULL) BIO_free_all(STDout);
EXIT(ret);
}

49
crypto/openssl/apps/crl.c
View File

@ -104,6 +104,7 @@ int MAIN(int argc, char **argv)
int informat,outformat;
char *infile=NULL,*outfile=NULL;
int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
int fingerprint = 0;
char **pp,buf[256];
X509_STORE *store = NULL;
X509_STORE_CTX ctx;
@ -111,6 +112,7 @@ int MAIN(int argc, char **argv)
X509_OBJECT xobj;
EVP_PKEY *pkey;
int do_ver = 0;
const EVP_MD *md_alg,*digest=EVP_md5();
apps_startup();
@ -120,7 +122,15 @@ int MAIN(int argc, char **argv)
if (bio_out == NULL)
if ((bio_out=BIO_new(BIO_s_file())) != NULL)
{
BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
bio_out = BIO_push(tmpbio, bio_out);
}
#endif
}
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
@ -183,6 +193,13 @@ int MAIN(int argc, char **argv)
nextupdate= ++num;
else if (strcmp(*argv,"-noout") == 0)
noout= ++num;
else if (strcmp(*argv,"-fingerprint") == 0)
fingerprint= ++num;
else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
{
/* ok */
digest=md_alg;
}
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
@ -274,6 +291,26 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_out,"NONE");
BIO_printf(bio_out,"\n");
}
if (fingerprint == i)
{
int j;
unsigned int n;
unsigned char md[EVP_MAX_MD_SIZE];
if (!X509_CRL_digest(x,digest,md,&n))
{
BIO_printf(bio_err,"out of memory\n");
goto end;
}
BIO_printf(bio_out,"%s Fingerprint=",
OBJ_nid2sn(EVP_MD_type(digest)));
for (j=0; j<(int)n; j++)
{
BIO_printf(bio_out,"%02X%c",md[j],
(j+1 == (int)n)
?'\n':':');
}
}
}
}
@ -285,7 +322,15 @@ int MAIN(int argc, char **argv)
}
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
@ -311,8 +356,8 @@ int MAIN(int argc, char **argv)
if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; }
ret=0;
end:
BIO_free(out);
BIO_free(bio_out);
BIO_free_all(out);
BIO_free_all(bio_out);
bio_out=NULL;
X509_CRL_free(x);
if(store) {

20
crypto/openssl/apps/crl2p7.c
View File

@ -141,7 +141,7 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv,"-certfile") == 0)
{
if (--argc < 1) goto bad;
if(!certflst) certflst = sk_new(NULL);
if(!certflst) certflst = sk_new_null();
sk_push(certflst,*(++argv));
}
else
@ -215,15 +215,15 @@ int MAIN(int argc, char **argv)
p7s->contents->type=OBJ_nid2obj(NID_pkcs7_data);
if (!ASN1_INTEGER_set(p7s->version,1)) goto end;
if ((crl_stack=sk_X509_CRL_new(NULL)) == NULL) goto end;
if ((crl_stack=sk_X509_CRL_new_null()) == NULL) goto end;
p7s->crl=crl_stack;
if (crl != NULL)
{
sk_X509_CRL_push(crl_stack,crl);
crl=NULL; /* now part of p7 for Freeing */
crl=NULL; /* now part of p7 for OPENSSL_freeing */
}
if ((cert_stack=sk_X509_new(NULL)) == NULL) goto end;
if ((cert_stack=sk_X509_new_null()) == NULL) goto end;
p7s->cert=cert_stack;
if(certflst) for(i = 0; i < sk_num(certflst); i++) {
@ -239,7 +239,15 @@ int MAIN(int argc, char **argv)
sk_free(certflst);
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
@ -266,7 +274,7 @@ int MAIN(int argc, char **argv)
ret=0;
end:
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free(out);
if (out != NULL) BIO_free_all(out);
if (p7 != NULL) PKCS7_free(p7);
if (crl != NULL) X509_CRL_free(crl);
@ -327,7 +335,7 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
ret=count;
end:
/* never need to Free x */
/* never need to OPENSSL_free x */
if (in != NULL) BIO_free(in);
if (sk != NULL) sk_X509_INFO_free(sk);
return(ret);

204
crypto/openssl/apps/dgst.c
View File

@ -73,7 +73,8 @@
#undef PROG
#define PROG dgst_main
void do_fp(unsigned char *buf,BIO *f,int sep);
void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout,
EVP_PKEY *key, unsigned char *sigin, int siglen);
int MAIN(int, char **);
@ -84,15 +85,22 @@ int MAIN(int argc, char **argv)
const EVP_MD *md=NULL,*m;
BIO *in=NULL,*inp;
BIO *bmd=NULL;
BIO *out = NULL;
const char *name;
#define PROG_NAME_SIZE 16
char pname[PROG_NAME_SIZE];
int separator=0;
int debug=0;
const char *outfile = NULL, *keyfile = NULL;
const char *sigfile = NULL, *randfile = NULL;
char out_bin = -1, want_pub = 0, do_verify = 0;
EVP_PKEY *sigkey = NULL;
unsigned char *sigbuf = NULL;
int siglen = 0;
apps_startup();
if ((buf=(unsigned char *)Malloc(BUFSIZE)) == NULL)
if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL)
{
BIO_printf(bio_err,"out of memory\n");
goto end;
@ -113,6 +121,43 @@ int MAIN(int argc, char **argv)
if ((*argv)[0] != '-') break;
if (strcmp(*argv,"-c") == 0)
separator=1;
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) break;
randfile=*(++argv);
}
else if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) break;
outfile=*(++argv);
}
else if (strcmp(*argv,"-sign") == 0)
{
if (--argc < 1) break;
keyfile=*(++argv);
}
else if (strcmp(*argv,"-verify") == 0)
{
if (--argc < 1) break;
keyfile=*(++argv);
want_pub = 1;
do_verify = 1;
}
else if (strcmp(*argv,"-prverify") == 0)
{
if (--argc < 1) break;
keyfile=*(++argv);
do_verify = 1;
}
else if (strcmp(*argv,"-signature") == 0)
{
if (--argc < 1) break;
sigfile=*(++argv);
}
else if (strcmp(*argv,"-hex") == 0)
out_bin = 0;
else if (strcmp(*argv,"-binary") == 0)
out_bin = 1;
else if (strcmp(*argv,"-d") == 0)
debug=1;
else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
@ -126,14 +171,30 @@ int MAIN(int argc, char **argv)
if (md == NULL)
md=EVP_md5();
if(do_verify && !sigfile) {
BIO_printf(bio_err, "No signature to verify: use the -signature option\n");
err = 1;
goto end;
}
if ((argc > 0) && (argv[0][0] == '-')) /* bad option */
{
BIO_printf(bio_err,"unknown option '%s'\n",*argv);
BIO_printf(bio_err,"options are\n");
BIO_printf(bio_err,"-c to output the digest with separating colons\n");
BIO_printf(bio_err,"-d to output debug info\n");
BIO_printf(bio_err,"-c to output the digest with separating colons\n");
BIO_printf(bio_err,"-d to output debug info\n");
BIO_printf(bio_err,"-hex output as hex dump\n");
BIO_printf(bio_err,"-binary output in binary form\n");
BIO_printf(bio_err,"-sign file sign digest using private key in file\n");
BIO_printf(bio_err,"-verify file verify a signature using public key in file\n");
BIO_printf(bio_err,"-prverify file verify a signature using private key in file\n");
BIO_printf(bio_err,"-signature file signature to verify\n");
BIO_printf(bio_err,"-binary output in binary form\n");
BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
LN_md5,LN_md5);
BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
LN_md4,LN_md4);
BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
LN_md2,LN_md2);
BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
@ -147,7 +208,7 @@ int MAIN(int argc, char **argv)
err=1;
goto end;
}
in=BIO_new(BIO_s_file());
bmd=BIO_new(BIO_f_md());
if (debug)
@ -163,6 +224,80 @@ int MAIN(int argc, char **argv)
goto end;
}
if(out_bin == -1) {
if(keyfile) out_bin = 1;
else out_bin = 0;
}
if(randfile)
app_RAND_load_file(randfile, bio_err, 0);
if(outfile) {
if(out_bin)
out = BIO_new_file(outfile, "wb");
else out = BIO_new_file(outfile, "w");
} else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
if(!out) {
BIO_printf(bio_err, "Error opening output file %s\n",
outfile ? outfile : "(stdout)");
ERR_print_errors(bio_err);
goto end;
}
if(keyfile) {
BIO *keybio;
keybio = BIO_new_file(keyfile, "r");
if(!keybio) {
BIO_printf(bio_err, "Error opening key file %s\n",
keyfile);
ERR_print_errors(bio_err);
goto end;
}
if(want_pub)
sigkey = PEM_read_bio_PUBKEY(keybio, NULL, NULL, NULL);
else sigkey = PEM_read_bio_PrivateKey(keybio, NULL, NULL, NULL);
BIO_free(keybio);
if(!sigkey) {
BIO_printf(bio_err, "Error reading key file %s\n",
keyfile);
ERR_print_errors(bio_err);
goto end;
}
}
if(sigfile && sigkey) {
BIO *sigbio;
sigbio = BIO_new_file(sigfile, "rb");
siglen = EVP_PKEY_size(sigkey);
sigbuf = OPENSSL_malloc(siglen);
if(!sigbio) {
BIO_printf(bio_err, "Error opening signature file %s\n",
sigfile);
ERR_print_errors(bio_err);
goto end;
}
siglen = BIO_read(sigbio, sigbuf, siglen);
BIO_free(sigbio);
if(siglen <= 0) {
BIO_printf(bio_err, "Error reading signature file %s\n",
sigfile);
ERR_print_errors(bio_err);
goto end;
}
}
/* we use md as a filter, reading from 'in' */
BIO_set_md(bmd,md);
inp=BIO_push(bmd,in);
@ -170,7 +305,7 @@ int MAIN(int argc, char **argv)
if (argc == 0)
{
BIO_set_fp(in,stdin,BIO_NOCLOSE);
do_fp(buf,inp,separator);
do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf, siglen);
}
else
{
@ -183,8 +318,9 @@ int MAIN(int argc, char **argv)
err++;
continue;
}
printf("%s(%s)= ",name,argv[i]);
do_fp(buf,inp,separator);
if(!out_bin) BIO_printf(out, "%s(%s)= ",name,argv[i]);
do_fp(out, buf,inp,separator, out_bin, sigkey,
sigbuf, siglen);
(void)BIO_reset(bmd);
}
}
@ -192,14 +328,18 @@ int MAIN(int argc, char **argv)
if (buf != NULL)
{
memset(buf,0,BUFSIZE);
Free(buf);
OPENSSL_free(buf);
}
if (in != NULL) BIO_free(in);
BIO_free_all(out);
EVP_PKEY_free(sigkey);
if(sigbuf) OPENSSL_free(sigbuf);
if (bmd != NULL) BIO_free(bmd);
EXIT(err);
}
void do_fp(unsigned char *buf, BIO *bp, int sep)
void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout,
EVP_PKEY *key, unsigned char *sigin, int siglen)
{
int len;
int i;
@ -209,14 +349,44 @@ void do_fp(unsigned char *buf, BIO *bp, int sep)
i=BIO_read(bp,(char *)buf,BUFSIZE);
if (i <= 0) break;
}
len=BIO_gets(bp,(char *)buf,BUFSIZE);
for (i=0; i<len; i++)
if(sigin)
{
if (sep && (i != 0))
putc(':',stdout);
printf("%02x",buf[i]);
EVP_MD_CTX *ctx;
BIO_get_md_ctx(bp, &ctx);
i = EVP_VerifyFinal(ctx, sigin, (unsigned int)siglen, key);
if(i > 0) BIO_printf(out, "Verified OK\n");
else if(i == 0) BIO_printf(out, "Verification Failure\n");
else
{
BIO_printf(bio_err, "Error Verifying Data\n");
ERR_print_errors(bio_err);
}
return;
}
if(key)
{
EVP_MD_CTX *ctx;
BIO_get_md_ctx(bp, &ctx);
if(!EVP_SignFinal(ctx, buf, (unsigned int *)&len, key))
{
BIO_printf(bio_err, "Error Signing Data\n");
ERR_print_errors(bio_err);
return;
}
}
else
len=BIO_gets(bp,(char *)buf,BUFSIZE);
if(binout) BIO_write(out, buf, len);
else
{
for (i=0; i<len; i++)
{
if (sep && (i != 0))
BIO_printf(out, ":");
BIO_printf(out, "%02x",buf[i]);
}
BIO_printf(out, "\n");
}
printf("\n");
}

16
crypto/openssl/apps/dh.c
View File

@ -184,7 +184,15 @@ int MAIN(int argc, char **argv)
}
}
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
@ -251,10 +259,10 @@ int MAIN(int argc, char **argv)
len=BN_num_bytes(dh->p);
bits=BN_num_bits(dh->p);
data=(unsigned char *)Malloc(len);
data=(unsigned char *)OPENSSL_malloc(len);
if (data == NULL)
{
perror("Malloc");
perror("OPENSSL_malloc");
goto end;
}
l=BN_bn2bin(dh->p,data);
@ -285,7 +293,7 @@ int MAIN(int argc, char **argv)
printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
printf("\t\treturn(NULL);\n");
printf("\treturn(dh);\n\t}\n");
Free(data);
OPENSSL_free(data);
}
@ -309,7 +317,7 @@ int MAIN(int argc, char **argv)
ret=0;
end:
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free(out);
if (out != NULL) BIO_free_all(out);
if (dh != NULL) DH_free(dh);
EXIT(ret);
}

11
crypto/openssl/apps/dh1024.pem
View File

@ -1,5 +1,10 @@
-----BEGIN DH PARAMETERS-----
MIGHAoGBAJf2QmHKtQXdKCjhPx1ottPb0PMTBH9A6FbaWMsTuKG/K3g6TG1Z1fkq
/Gz/PWk/eLI9TzFgqVAuPvr3q14a1aZeVUMTgo2oO5/y2UHe6VaJ+trqCTat3xlx
/mNbIK9HA2RgPC3gWfVLZQrY+gz3ASHHR5nXWHEyvpuZm7m3h+irAgEC
MIGHAoGBAPSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsY
jY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6
ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpL3jHAgEC
-----END DH PARAMETERS-----
These are the 1024 bit DH parameters from "Assigned Number for SKIP Protocols"
(http://www.skip-vpn.org/spec/numbers.html).
See there for how they were generated.
Note that g is not a generator, but this is not a problem since p is a safe prime.

12
crypto/openssl/apps/dh2048.pem Normal file
View File

@ -0,0 +1,12 @@
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV
89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50
T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknb
zSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdX
Q6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbT
CD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwIBAg==
-----END DH PARAMETERS-----
These are the 2048 bit DH parameters from "Assigned Number for SKIP Protocols"
(http://www.skip-vpn.org/spec/numbers.html).
See there for how they were generated.

18
crypto/openssl/apps/dh4096.pem Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEA+hRyUsFN4VpJ1O8JLcCo/VWr19k3BCgJ4uk+d+KhehjdRqNDNyOQ
l/MOyQNQfWXPeGKmOmIig6Ev/nm6Nf9Z2B1h3R4hExf+zTiHnvVPeRBhjdQi81rt
Xeoh6TNrSBIKIHfUJWBh3va0TxxjQIs6IZOLeVNRLMqzeylWqMf49HsIXqbcokUS
Vt1BkvLdW48j8PPv5DsKRN3tloTxqDJGo9tKvj1Fuk74A+Xda1kNhB7KFlqMyN98
VETEJ6c7KpfOo30mnK30wqw3S8OtaIR/maYX72tGOno2ehFDkq3pnPtEbD2CScxc
alJC+EL7RPk5c/tgeTvCngvc1KZn92Y//EI7G9tPZtylj2b56sHtMftIoYJ9+ODM
sccD5Piz/rejE3Ome8EOOceUSCYAhXn8b3qvxVI1ddd1pED6FHRhFvLrZxFvBEM9
ERRMp5QqOaHJkM+Dxv8Cj6MqrCbfC4u+ZErxodzuusgDgvZiLF22uxMZbobFWyte
OvOzKGtwcTqO/1wV5gKkzu1ZVswVUQd5Gg8lJicwqRWyyNRczDDoG9jVDxmogKTH
AaqLulO7R8Ifa1SwF2DteSGVtgWEN8gDpN3RBmmPTDngyF2DHb5qmpnznwtFKdTL
KWbuHn491xNO25CQWMtem80uKw+pTnisBRF/454n1Jnhub144YRBoN8CAQI=
-----END DH PARAMETERS-----
These are the 4096 bit DH parameters from "Assigned Number for SKIP Protocols"
(http://www.skip-vpn.org/spec/numbers.html).
See there for how they were generated.
Note that g is not a generator, but this is not a problem since p is a safe prime.

9
crypto/openssl/apps/dh512.pem Normal file
View File

@ -0,0 +1,9 @@
-----BEGIN DH PARAMETERS-----
MEYCQQD1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWak
XUGfnHy9iUsiGSa6q6Jew1XpKgVfAgEC
-----END DH PARAMETERS-----
These are the 512 bit DH parameters from "Assigned Number for SKIP Protocols"
(http://www.skip-vpn.org/spec/numbers.html).
See there for how they were generated.
Note that g is not a generator, but this is not a problem since p is a safe prime.

18
crypto/openssl/apps/dhparam.c
View File

@ -285,7 +285,7 @@ int MAIN(int argc, char **argv)
DSA *dsa;
BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
dsa = DSA_generate_parameters(num, NULL, 0, NULL, NULL, dh_cb, bio_err);
dsa = DSA_generate_parameters(num, NULL, 0, NULL, NULL, dh_cb, bio_err);
if (dsa == NULL)
{
ERR_print_errors(bio_err);
@ -391,7 +391,15 @@ int MAIN(int argc, char **argv)
goto end;
}
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
@ -432,10 +440,10 @@ int MAIN(int argc, char **argv)
len=BN_num_bytes(dh->p);
bits=BN_num_bits(dh->p);
data=(unsigned char *)Malloc(len);
data=(unsigned char *)OPENSSL_malloc(len);
if (data == NULL)
{
perror("Malloc");
perror("OPENSSL_malloc");
goto end;
}
printf("#ifndef HEADER_DH_H\n"
@ -472,7 +480,7 @@ int MAIN(int argc, char **argv)
if (dh->length)
printf("\tdh->length = %d;\n", dh->length);
printf("\treturn(dh);\n\t}\n");
Free(data);
OPENSSL_free(data);
}
@ -496,7 +504,7 @@ int MAIN(int argc, char **argv)
ret=0;
end:
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free(out);
if (out != NULL) BIO_free_all(out);
if (dh != NULL) DH_free(dh);
EXIT(ret);
}

14
crypto/openssl/apps/dsa.c
View File

@ -233,7 +233,15 @@ int MAIN(int argc, char **argv)
}
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
@ -281,10 +289,10 @@ int MAIN(int argc, char **argv)
ret=0;
end:
if(in != NULL) BIO_free(in);
if(out != NULL) BIO_free(out);
if(out != NULL) BIO_free_all(out);
if(dsa != NULL) DSA_free(dsa);
if(passin) Free(passin);
if(passout) Free(passout);
if(passin) OPENSSL_free(passin);
if(passout) OPENSSL_free(passout);
EXIT(ret);
}
#endif

14
crypto/openssl/apps/dsaparam.c
View File

@ -205,7 +205,15 @@ int MAIN(int argc, char **argv)
}
}
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
@ -260,10 +268,10 @@ int MAIN(int argc, char **argv)
bits_p=BN_num_bits(dsa->p);
bits_q=BN_num_bits(dsa->q);
bits_g=BN_num_bits(dsa->g);
data=(unsigned char *)Malloc(len+20);
data=(unsigned char *)OPENSSL_malloc(len+20);
if (data == NULL)
{
perror("Malloc");
perror("OPENSSL_malloc");
goto end;
}
l=BN_bn2bin(dsa->p,data);
@ -347,7 +355,7 @@ int MAIN(int argc, char **argv)
ret=0;
end:
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free(out);
if (out != NULL) BIO_free_all(out);
if (dsa != NULL) DSA_free(dsa);
EXIT(ret);
}

22
crypto/openssl/apps/enc.c
View File

@ -343,11 +343,11 @@ int MAIN(int argc, char **argv)
if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
}
strbuf=Malloc(SIZE);
buff=(unsigned char *)Malloc(EVP_ENCODE_LENGTH(bsize));
strbuf=OPENSSL_malloc(SIZE);
buff=(unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize));
if ((buff == NULL) || (strbuf == NULL))
{
BIO_printf(bio_err,"Malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize));
BIO_printf(bio_err,"OPENSSL_malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize));
goto end;
}
@ -416,7 +416,15 @@ int MAIN(int argc, char **argv)
if (outf == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outf) <= 0)
@ -581,13 +589,13 @@ int MAIN(int argc, char **argv)
}
end:
ERR_print_errors(bio_err);
if (strbuf != NULL) Free(strbuf);
if (buff != NULL) Free(buff);
if (strbuf != NULL) OPENSSL_free(strbuf);
if (buff != NULL) OPENSSL_free(buff);
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free(out);
if (out != NULL) BIO_free_all(out);
if (benc != NULL) BIO_free(benc);
if (b64 != NULL) BIO_free(b64);
if(pass) Free(pass);
if(pass) OPENSSL_free(pass);
EXIT(ret);
}

13
crypto/openssl/apps/errstr.c
View File

@ -91,12 +91,18 @@ int MAIN(int argc, char **argv)
out=BIO_new(BIO_s_file());
if ((out != NULL) && BIO_set_fp(out,stdout,BIO_NOCLOSE))
{
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
lh_node_stats_bio((LHASH *)ERR_get_string_table(),out);
lh_stats_bio((LHASH *)ERR_get_string_table(),out);
lh_node_usage_stats_bio((LHASH *)
ERR_get_string_table(),out);
}
if (out != NULL) BIO_free(out);
if (out != NULL) BIO_free_all(out);
argc--;
argv++;
}
@ -104,7 +110,10 @@ int MAIN(int argc, char **argv)
for (i=1; i<argc; i++)
{
if (sscanf(argv[i],"%lx",&l))
printf("%s\n",ERR_error_string(l,buf));
{
ERR_error_string_n(l, buf, sizeof buf);
printf("%s\n",buf);
}
else
{
printf("%s: bad error code\n",argv[i]);

10
crypto/openssl/apps/gendh.c
View File

@ -142,7 +142,15 @@ int MAIN(int argc, char **argv)
}
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
@ -174,7 +182,7 @@ int MAIN(int argc, char **argv)
end:
if (ret != 0)
ERR_print_errors(bio_err);
if (out != NULL) BIO_free(out);
if (out != NULL) BIO_free_all(out);
if (dh != NULL) DH_free(dh);
EXIT(ret);
}

12
crypto/openssl/apps/gendsa.c
View File

@ -178,7 +178,15 @@ int MAIN(int argc, char **argv)
if (out == NULL) goto end;
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
@ -209,9 +217,9 @@ int MAIN(int argc, char **argv)
if (ret != 0)
ERR_print_errors(bio_err);
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free(out);
if (out != NULL) BIO_free_all(out);
if (dsa != NULL) DSA_free(dsa);
if(passout) Free(passout);
if(passout) OPENSSL_free(passout);
EXIT(ret);
}
#endif

14
crypto/openssl/apps/genrsa.c
View File

@ -114,7 +114,7 @@ int MAIN(int argc, char **argv)
}
else if (strcmp(*argv,"-3") == 0)
f4=3;
else if (strcmp(*argv,"-F4") == 0)
else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
f4=RSA_F4;
else if (strcmp(*argv,"-rand") == 0)
{
@ -168,7 +168,15 @@ int MAIN(int argc, char **argv)
}
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
@ -212,8 +220,8 @@ int MAIN(int argc, char **argv)
ret=0;
err:
if (rsa != NULL) RSA_free(rsa);
if (out != NULL) BIO_free(out);
if(passout) Free(passout);
if (out != NULL) BIO_free_all(out);
if(passout) OPENSSL_free(passout);
if (ret != 0)
ERR_print_errors(bio_err);
EXIT(ret);

15
crypto/openssl/apps/nseq.c
View File

@ -119,11 +119,18 @@ int MAIN(int argc, char **argv)
"Can't open output file %s\n", outfile);
goto end;
}
} else out = BIO_new_fp(stdout, BIO_NOCLOSE);
} else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
if (toseq) {
seq = NETSCAPE_CERT_SEQUENCE_new();
seq->certs = sk_X509_new(NULL);
seq->certs = sk_X509_new_null();
while((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL)))
sk_X509_push(seq->certs,x509);
@ -152,7 +159,7 @@ int MAIN(int argc, char **argv)
ret = 0;
end:
BIO_free(in);
BIO_free(out);
BIO_free_all(out);
NETSCAPE_CERT_SEQUENCE_free(seq);
EXIT(ret);

20
crypto/openssl/apps/openssl.c
View File

@ -101,6 +101,8 @@ int main(int Argc, char *Argv[])
arg.data=NULL;
arg.count=0;
if (getenv("OPENSSL_DEBUG_MEMORY") != NULL)
CRYPTO_malloc_debug_init();
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
apps_startup();
@ -201,7 +203,7 @@ int main(int Argc, char *Argv[])
config=NULL;
}
if (prog != NULL) lh_free(prog);
if (arg.data != NULL) Free(arg.data);
if (arg.data != NULL) OPENSSL_free(arg.data);
ERR_remove_state(0);
EVP_cleanup();
@ -236,13 +238,19 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
else if ((strncmp(argv[0],"no-",3)) == 0)
{
BIO *bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
bio_stdout = BIO_push(tmpbio, bio_stdout);
}
#endif
f.name=argv[0]+3;
ret = (lh_retrieve(prog,&f) != NULL);
if (!ret)
BIO_printf(bio_stdout, "%s\n", argv[0]);
else
BIO_printf(bio_stdout, "%s\n", argv[0]+3);
BIO_free(bio_stdout);
BIO_free_all(bio_stdout);
goto end;
}
else if ((strcmp(argv[0],"quit") == 0) ||
@ -267,11 +275,17 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */
list_type = FUNC_TYPE_CIPHER;
bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
bio_stdout = BIO_push(tmpbio, bio_stdout);
}
#endif
for (fp=functions; fp->name != NULL; fp++)
if (fp->type == list_type)
BIO_printf(bio_stdout, "%s\n", fp->name);
BIO_free(bio_stdout);
BIO_free_all(bio_stdout);
ret=0;
goto end;
}

101
crypto/openssl/apps/passwd.c
View File

@ -1,10 +1,10 @@
/* apps/passwd.c */
#if defined NO_MD5 || defined CHARSET_EBCDIC
# define NO_APR1
# define NO_MD5CRYPT_1
#endif
#if !defined(NO_DES) || !defined(NO_APR1)
#if !defined(NO_DES) || !defined(NO_MD5CRYPT_1)
#include <assert.h>
#include <string.h>
@ -19,7 +19,7 @@
#ifndef NO_DES
# include <openssl/des.h>
#endif
#ifndef NO_APR1
#ifndef NO_MD5CRYPT_1
# include <openssl/md5.h>
#endif
@ -42,10 +42,11 @@ static unsigned const char cov_2char[64]={
static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
char *passwd, BIO *out, int quiet, int table, int reverse,
size_t pw_maxlen, int usecrypt, int useapr1);
size_t pw_maxlen, int usecrypt, int use1, int useapr1);
/* -crypt - standard Unix password algorithm (default, only choice)
* -apr1 - MD5-based password algorithm
/* -crypt - standard Unix password algorithm (default)
* -1 - MD5-based password algorithm
* -apr1 - MD5-based password algorithm, Apache variant
* -salt string - salt
* -in file - read passwords from file
* -stdin - read passwords from stdin
@ -63,11 +64,12 @@ int MAIN(int argc, char **argv)
int in_stdin = 0;
char *salt = NULL, *passwd = NULL, **passwds = NULL;
char *salt_malloc = NULL, *passwd_malloc = NULL;
size_t passwd_malloc_size = 0;
int pw_source_defined = 0;
BIO *in = NULL, *out = NULL;
int i, badopt, opt_done;
int passed_salt = 0, quiet = 0, table = 0, reverse = 0;
int usecrypt = 0, useapr1 = 0;
int usecrypt = 0, use1 = 0, useapr1 = 0;
size_t pw_maxlen = 0;
apps_startup();
@ -79,6 +81,12 @@ int MAIN(int argc, char **argv)
if (out == NULL)
goto err;
BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
badopt = 0, opt_done = 0;
i = 0;
@ -86,6 +94,8 @@ int MAIN(int argc, char **argv)
{
if (strcmp(argv[i], "-crypt") == 0)
usecrypt = 1;
else if (strcmp(argv[i], "-1") == 0)
use1 = 1;
else if (strcmp(argv[i], "-apr1") == 0)
useapr1 = 1;
else if (strcmp(argv[i], "-salt") == 0)
@ -137,17 +147,17 @@ int MAIN(int argc, char **argv)
badopt = 1;
}
if (!usecrypt && !useapr1) /* use default */
if (!usecrypt && !use1 && !useapr1) /* use default */
usecrypt = 1;
if (usecrypt + useapr1 > 1) /* conflict */
if (usecrypt + use1 + useapr1 > 1) /* conflict */
badopt = 1;
/* reject unsupported algorithms */
#ifdef NO_DES
if (usecrypt) badopt = 1;
#endif
#ifdef NO_APR1
if (useapr1) badopt = 1;
#ifdef NO_MD5CRYPT_1
if (use1 || useapr1) badopt = 1;
#endif
if (badopt)
@ -157,8 +167,9 @@ int MAIN(int argc, char **argv)
#ifndef NO_DES
BIO_printf(bio_err, "-crypt standard Unix password algorithm (default)\n");
#endif
#ifndef NO_APR1
BIO_printf(bio_err, "-apr1 MD5-based password algorithm\n");
#ifndef NO_MD5CRYPT_1
BIO_printf(bio_err, "-1 MD5-based password algorithm\n");
BIO_printf(bio_err, "-apr1 MD5-based password algorithm, Apache variant\n");
#endif
BIO_printf(bio_err, "-salt string use provided salt\n");
BIO_printf(bio_err, "-in file read passwords from file\n");
@ -190,13 +201,16 @@ int MAIN(int argc, char **argv)
if (usecrypt)
pw_maxlen = 8;
else if (useapr1)
else if (use1 || useapr1)
pw_maxlen = 256; /* arbitrary limit, should be enough for most passwords */
if (passwds == NULL)
{
/* no passwords on the command line */
passwd = passwd_malloc = Malloc(pw_maxlen + 1);
passwd_malloc_size = pw_maxlen + 2;
/* longer than necessary so that we can warn about truncation */
passwd = passwd_malloc = OPENSSL_malloc(passwd_malloc_size);
if (passwd_malloc == NULL)
goto err;
}
@ -208,7 +222,7 @@ int MAIN(int argc, char **argv)
passwds = passwds_static;
if (in == NULL)
if (EVP_read_pw_string(passwd_malloc, pw_maxlen + 1, "Password: ", 0) != 0)
if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", 0) != 0)
goto err;
passwds[0] = passwd_malloc;
}
@ -222,7 +236,7 @@ int MAIN(int argc, char **argv)
{
passwd = *passwds++;
if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
quiet, table, reverse, pw_maxlen, usecrypt, useapr1))
quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1))
goto err;
}
while (*passwds != NULL);
@ -251,7 +265,7 @@ int MAIN(int argc, char **argv)
}
if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
quiet, table, reverse, pw_maxlen, usecrypt, useapr1))
quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1))
goto err;
}
done = (r <= 0);
@ -262,22 +276,29 @@ int MAIN(int argc, char **argv)
err:
ERR_print_errors(bio_err);
if (salt_malloc)
Free(salt_malloc);
OPENSSL_free(salt_malloc);
if (passwd_malloc)
Free(passwd_malloc);
OPENSSL_free(passwd_malloc);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
BIO_free_all(out);
EXIT(ret);
}
#ifndef NO_APR1
/* MD5-based password algorithm compatible to the one found in Apache
* (should probably be available as a library function;
* then the static buffer would not be acceptable) */
static char *apr1_crypt(const char *passwd, const char *salt)
#ifndef NO_MD5CRYPT_1
/* MD5-based password algorithm (should probably be available as a library
* function; then the static buffer would not be acceptable).
* For magic string "1", this should be compatible to the MD5-based BSD
* password algorithm.
* For 'magic' string "apr1", this is compatible to the MD5-based Apache
* password algorithm.
* (Apparently, the Apache password algorithm is identical except that the
* 'magic' string was changed -- the laziest application of the NIH principle
* I've ever encountered.)
*/
static char *md5crypt(const char *passwd, const char *magic, const char *salt)
{
static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */
unsigned char buf[MD5_DIGEST_LENGTH];
@ -287,7 +308,11 @@ static char *apr1_crypt(const char *passwd, const char *salt)
size_t passwd_len, salt_len;
passwd_len = strlen(passwd);
strcpy(out_buf, "$apr1$");
out_buf[0] = '$';
out_buf[1] = 0;
assert(strlen(magic) <= 4); /* "1" or "apr1" */
strncat(out_buf, magic, 4);
strncat(out_buf, "$", 1);
strncat(out_buf, salt, 8);
assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
salt_out = out_buf + 6;
@ -296,7 +321,9 @@ static char *apr1_crypt(const char *passwd, const char *salt)
MD5_Init(&md);
MD5_Update(&md, passwd, passwd_len);
MD5_Update(&md, "$apr1$", 6);
MD5_Update(&md, "$", 1);
MD5_Update(&md, magic, strlen(magic));
MD5_Update(&md, "$", 1);
MD5_Update(&md, salt_out, salt_len);
{
@ -380,7 +407,7 @@ static char *apr1_crypt(const char *passwd, const char *salt)
static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
char *passwd, BIO *out, int quiet, int table, int reverse,
size_t pw_maxlen, int usecrypt, int useapr1)
size_t pw_maxlen, int usecrypt, int use1, int useapr1)
{
char *hash = NULL;
@ -395,7 +422,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
{
if (*salt_malloc_p == NULL)
{
*salt_p = *salt_malloc_p = Malloc(3);
*salt_p = *salt_malloc_p = OPENSSL_malloc(3);
if (*salt_malloc_p == NULL)
goto err;
}
@ -411,14 +438,14 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
}
#endif /* !NO_DES */
#ifndef NO_APR1
if (useapr1)
#ifndef NO_MD5CRYPT_1
if (use1 || useapr1)
{
int i;
if (*salt_malloc_p == NULL)
{
*salt_p = *salt_malloc_p = Malloc(9);
*salt_p = *salt_malloc_p = OPENSSL_malloc(9);
if (*salt_malloc_p == NULL)
goto err;
}
@ -429,7 +456,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
(*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */
(*salt_p)[8] = 0;
}
#endif /* !NO_APR1 */
#endif /* !NO_MD5CRYPT_1 */
}
assert(*salt_p != NULL);
@ -448,9 +475,9 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
if (usecrypt)
hash = des_crypt(passwd, *salt_p);
#endif
#ifndef NO_APR1
if (useapr1)
hash = apr1_crypt(passwd, *salt_p);
#ifndef NO_MD5CRYPT_1
if (use1 || useapr1)
hash = md5crypt(passwd, (use1 ? "1" : "apr1"), *salt_p);
#endif
assert(hash != NULL);

258
crypto/openssl/apps/pkcs12.c
View File

@ -78,9 +78,10 @@ EVP_CIPHER *enc;
#define CLCERTS 0x8
#define CACERTS 0x10
int get_cert_chain(X509 *cert, STACK_OF(X509) **chain);
int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain);
int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options, char *pempass);
int dump_certs_pkeys_bags(BIO *out, STACK *bags, char *pass, int passlen, int options, char *pempass);
int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass,
int passlen, int options, char *pempass);
int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass);
int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name);
void hex_prin(BIO *out, unsigned char *buf, int len);
@ -116,6 +117,7 @@ int MAIN(int argc, char **argv)
char *passargin = NULL, *passargout = NULL, *passarg = NULL;
char *passin = NULL, *passout = NULL;
char *inrand = NULL;
char *CApath = NULL, *CAfile = NULL;
apps_startup();
@ -195,7 +197,7 @@ int MAIN(int argc, char **argv)
} else if (!strcmp (*args, "-caname")) {
if (args[1]) {
args++;
if (!canames) canames = sk_new(NULL);
if (!canames) canames = sk_new_null();
sk_push(canames, *args);
} else badarg = 1;
} else if (!strcmp (*args, "-in")) {
@ -224,6 +226,16 @@ int MAIN(int argc, char **argv)
passarg = *args;
noprompt = 1;
} else badarg = 1;
} else if (!strcmp(*args,"-CApath")) {
if (args[1]) {
args++;
CApath = *args;
} else badarg = 1;
} else if (!strcmp(*args,"-CAfile")) {
if (args[1]) {
args++;
CAfile = *args;
} else badarg = 1;
} else badarg = 1;
} else badarg = 1;
@ -237,6 +249,8 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-chain add certificate chain\n");
BIO_printf (bio_err, "-inkey file private key if not infile\n");
BIO_printf (bio_err, "-certfile f add all certs in f\n");
BIO_printf (bio_err, "-CApath arg - PEM format directory of CA's\n");
BIO_printf (bio_err, "-CAfile arg - PEM format file of CA's\n");
BIO_printf (bio_err, "-name \"name\" use name as friendly name\n");
BIO_printf (bio_err, "-caname \"nm\" use nm as CA friendly name (can be used more than once).\n");
BIO_printf (bio_err, "-in infile input filename\n");
@ -336,8 +350,15 @@ int MAIN(int argc, char **argv)
CRYPTO_push_info("write files");
#endif
if (!outfile) out = BIO_new_fp(stdout, BIO_NOCLOSE);
else out = BIO_new_file(outfile, "wb");
if (!outfile) {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
} else out = BIO_new_file(outfile, "wb");
if (!out) {
BIO_printf(bio_err, "Error opening output file %s\n",
outfile ? outfile : "<stdout>");
@ -359,20 +380,22 @@ int MAIN(int argc, char **argv)
}
if (export_cert) {
EVP_PKEY *key;
STACK *bags, *safes;
PKCS12_SAFEBAG *bag;
PKCS8_PRIV_KEY_INFO *p8;
PKCS7 *authsafe;
EVP_PKEY *key = NULL;
STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
STACK_OF(PKCS7) *safes = NULL;
PKCS12_SAFEBAG *bag = NULL;
PKCS8_PRIV_KEY_INFO *p8 = NULL;
PKCS7 *authsafe = NULL;
X509 *ucert = NULL;
STACK_OF(X509) *certs=NULL;
char *catmp;
char *catmp = NULL;
int i;
unsigned char keyid[EVP_MAX_MD_SIZE];
unsigned int keyidlen = 0;
#ifdef CRYPTO_MDEBUG
CRYPTO_push_info("process -export_cert");
CRYPTO_push_info("reading private key");
#endif
key = PEM_read_bio_PrivateKey(inkey ? inkey : in, NULL, NULL, passin);
if (!inkey) (void) BIO_reset(in);
@ -380,18 +403,28 @@ int MAIN(int argc, char **argv)
if (!key) {
BIO_printf (bio_err, "Error loading private key\n");
ERR_print_errors(bio_err);
goto end;
goto export_end;
}
certs = sk_X509_new(NULL);
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("reading certs from input");
#endif
certs = sk_X509_new_null();
/* Load in all certs in input file */
if(!cert_load(in, certs)) {
BIO_printf(bio_err, "Error loading certificates from input\n");
ERR_print_errors(bio_err);
goto end;
goto export_end;
}
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("reading certs from input 2");
#endif
for(i = 0; i < sk_X509_num(certs); i++) {
ucert = sk_X509_value(certs, i);
if(X509_check_private_key(ucert, key)) {
@ -399,41 +432,68 @@ int MAIN(int argc, char **argv)
break;
}
}
if(!keyidlen) {
ucert = NULL;
BIO_printf(bio_err, "No certificate matches private key\n");
goto end;
goto export_end;
}
bags = sk_new (NULL);
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("reading certs from certfile");
#endif
bags = sk_PKCS12_SAFEBAG_new_null ();
/* Add any more certificates asked for */
if (certsin) {
if(!cert_load(certsin, certs)) {
BIO_printf(bio_err, "Error loading certificates from certfile\n");
ERR_print_errors(bio_err);
goto end;
goto export_end;
}
BIO_free(certsin);
}
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("building chain");
#endif
/* If chaining get chain from user cert */
if (chain) {
int vret;
STACK_OF(X509) *chain2;
vret = get_cert_chain (ucert, &chain2);
X509_STORE *store = X509_STORE_new();
if (!store)
{
BIO_printf (bio_err, "Memory allocation error\n");
goto export_end;
}
if (!X509_STORE_load_locations(store, CAfile, CApath))
X509_STORE_set_default_paths (store);
vret = get_cert_chain (ucert, store, &chain2);
X509_STORE_free(store);
if (!vret) {
/* Exclude verified certificate */
for (i = 1; i < sk_X509_num (chain2) ; i++)
sk_X509_push(certs, sk_X509_value (chain2, i));
}
sk_X509_free(chain2);
if (vret) {
BIO_printf (bio_err, "Error %s getting chain.\n",
X509_verify_cert_error_string(vret));
goto end;
}
/* Exclude verified certificate */
for (i = 1; i < sk_X509_num (chain2) ; i++)
sk_X509_push(certs, sk_X509_value (chain2, i));
sk_X509_free(chain2);
goto export_end;
}
}
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("building bags");
#endif
/* We now have loads of certificates: include them all */
for(i = 0; i < sk_X509_num(certs); i++) {
X509 *cert = NULL;
@ -445,59 +505,101 @@ int MAIN(int argc, char **argv)
PKCS12_add_localkeyid(bag, keyid, keyidlen);
} else if((catmp = sk_shift(canames)))
PKCS12_add_friendlyname(bag, catmp, -1);
sk_push(bags, (char *)bag);
sk_PKCS12_SAFEBAG_push(bags, bag);
}
sk_X509_pop_free(certs, X509_free);
if (canames) sk_free(canames);
certs = NULL;
/* ucert is part of certs so it is already freed */
ucert = NULL;
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("encrypting bags");
#endif
if(!noprompt &&
EVP_read_pw_string(pass, 50, "Enter Export Password:", 1)) {
BIO_printf (bio_err, "Can't read Password\n");
goto end;
goto export_end;
}
if (!twopass) strcpy(macpass, pass);
/* Turn certbags into encrypted authsafe */
authsafe = PKCS12_pack_p7encdata(cert_pbe, cpass, -1, NULL, 0,
iter, bags);
sk_pop_free(bags, PKCS12_SAFEBAG_free);
sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
bags = NULL;
if (!authsafe) {
ERR_print_errors (bio_err);
goto end;
goto export_end;
}
safes = sk_new (NULL);
sk_push (safes, (char *)authsafe);
safes = sk_PKCS7_new_null ();
sk_PKCS7_push (safes, authsafe);
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("building shrouded key bag");
#endif
/* Make a shrouded key bag */
p8 = EVP_PKEY2PKCS8 (key);
EVP_PKEY_free(key);
if(keytype) PKCS8_add_keyusage(p8, keytype);
bag = PKCS12_MAKE_SHKEYBAG(key_pbe, cpass, -1, NULL, 0, iter, p8);
PKCS8_PRIV_KEY_INFO_free(p8);
p8 = NULL;
if (name) PKCS12_add_friendlyname (bag, name, -1);
PKCS12_add_localkeyid (bag, keyid, keyidlen);
bags = sk_new(NULL);
sk_push (bags, (char *)bag);
bags = sk_PKCS12_SAFEBAG_new_null();
sk_PKCS12_SAFEBAG_push (bags, bag);
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("encrypting shrouded key bag");
#endif
/* Turn it into unencrypted safe bag */
authsafe = PKCS12_pack_p7data (bags);
sk_pop_free(bags, PKCS12_SAFEBAG_free);
sk_push (safes, (char *)authsafe);
sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
bags = NULL;
sk_PKCS7_push (safes, authsafe);
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("building pkcs12");
#endif
p12 = PKCS12_init (NID_pkcs7_data);
M_PKCS12_pack_authsafes (p12, safes);
sk_pop_free(safes, PKCS7_free);
sk_PKCS7_pop_free(safes, PKCS7_free);
safes = NULL;
PKCS12_set_mac (p12, mpass, -1, NULL, 0, maciter, NULL);
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("writing pkcs12");
#endif
i2d_PKCS12_bio (out, p12);
PKCS12_free(p12);
ret = 0;
export_end:
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_pop_info();
CRYPTO_push_info("process -export_cert: freeing");
#endif
if (key) EVP_PKEY_free(key);
if (certs) sk_X509_pop_free(certs, X509_free);
if (safes) sk_PKCS7_pop_free(safes, PKCS7_free);
if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
if (ucert) X509_free(ucert);
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
#endif
@ -528,11 +630,16 @@ int MAIN(int argc, char **argv)
#ifdef CRYPTO_MDEBUG
CRYPTO_push_info("verify MAC");
#endif
if (!PKCS12_verify_mac (p12, mpass, -1)) {
/* If we enter empty password try no password first */
if(!macpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
/* If mac and crypto pass the same set it to NULL too */
if(!twopass) cpass = NULL;
} else if (!PKCS12_verify_mac(p12, mpass, -1)) {
BIO_printf (bio_err, "Mac verify error: invalid password?\n");
ERR_print_errors (bio_err);
goto end;
} else BIO_printf (bio_err, "MAC verified OK\n");
}
BIO_printf (bio_err, "MAC verified OK\n");
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
#endif
@ -549,29 +656,32 @@ int MAIN(int argc, char **argv)
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
#endif
PKCS12_free(p12);
ret = 0;
end:
end:
if (p12) PKCS12_free(p12);
if(export_cert || inrand) app_RAND_write_file(NULL, bio_err);
#ifdef CRYPTO_MDEBUG
CRYPTO_remove_all_info();
#endif
BIO_free(in);
BIO_free(out);
if(passin) Free(passin);
if(passout) Free(passout);
BIO_free_all(out);
if (canames) sk_free(canames);
if(passin) OPENSSL_free(passin);
if(passout) OPENSSL_free(passout);
EXIT(ret);
}
int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
int passlen, int options, char *pempass)
{
STACK *asafes, *bags;
STACK_OF(PKCS7) *asafes;
STACK_OF(PKCS12_SAFEBAG) *bags;
int i, bagnid;
PKCS7 *p7;
if (!( asafes = M_PKCS12_unpack_authsafes (p12))) return 0;
for (i = 0; i < sk_num (asafes); i++) {
p7 = (PKCS7 *) sk_value (asafes, i);
for (i = 0; i < sk_PKCS7_num (asafes); i++) {
p7 = sk_PKCS7_value (asafes, i);
bagnid = OBJ_obj2nid (p7->type);
if (bagnid == NID_pkcs7_data) {
bags = M_PKCS12_unpack_p7data (p7);
@ -587,23 +697,25 @@ int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
if (!bags) return 0;
if (!dump_certs_pkeys_bags (out, bags, pass, passlen,
options, pempass)) {
sk_pop_free (bags, PKCS12_SAFEBAG_free);
sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
return 0;
}
sk_pop_free (bags, PKCS12_SAFEBAG_free);
sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
}
sk_pop_free (asafes, PKCS7_free);
sk_PKCS7_pop_free (asafes, PKCS7_free);
return 1;
}
int dump_certs_pkeys_bags (BIO *out, STACK *bags, char *pass,
int passlen, int options, char *pempass)
int dump_certs_pkeys_bags (BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
char *pass, int passlen, int options, char *pempass)
{
int i;
for (i = 0; i < sk_num (bags); i++) {
for (i = 0; i < sk_PKCS12_SAFEBAG_num (bags); i++) {
if (!dump_certs_pkeys_bag (out,
(PKCS12_SAFEBAG *)sk_value (bags, i), pass, passlen,
options, pempass)) return 0;
sk_PKCS12_SAFEBAG_value (bags, i),
pass, passlen,
options, pempass))
return 0;
}
return 1;
}
@ -679,15 +791,12 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
/* Hope this is OK .... */
int get_cert_chain (X509 *cert, STACK_OF(X509) **chain)
int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
{
X509_STORE *store;
X509_STORE_CTX store_ctx;
STACK_OF(X509) *chn;
int i;
store = X509_STORE_new ();
X509_STORE_set_default_paths (store);
X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
if (X509_verify_cert(&store_ctx) <= 0) {
i = X509_STORE_CTX_get_error (&store_ctx);
@ -698,7 +807,6 @@ int get_cert_chain (X509 *cert, STACK_OF(X509) **chain)
*chain = chn;
err:
X509_STORE_CTX_cleanup(&store_ctx);
X509_STORE_free(store);
return i;
}
@ -722,10 +830,22 @@ int cert_load(BIO *in, STACK_OF(X509) *sk)
int ret;
X509 *cert;
ret = 0;
#ifdef CRYPTO_MDEBUG
CRYPTO_push_info("cert_load(): reading one cert");
#endif
while((cert = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
#endif
ret = 1;
sk_X509_push(sk, cert);
#ifdef CRYPTO_MDEBUG
CRYPTO_push_info("cert_load(): reading one cert");
#endif
}
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
#endif
if(ret) ERR_clear_error();
return ret;
}
@ -763,18 +883,18 @@ int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name)
value = uni2asc(av->value.bmpstring->data,
av->value.bmpstring->length);
BIO_printf(out, "%s\n", value);
Free(value);
OPENSSL_free(value);
break;
case V_ASN1_OCTET_STRING:
hex_prin(out, av->value.bit_string->data,
av->value.bit_string->length);
hex_prin(out, av->value.octet_string->data,
av->value.octet_string->length);
BIO_printf(out, "\n");
break;
case V_ASN1_BIT_STRING:
hex_prin(out, av->value.octet_string->data,
av->value.octet_string->length);
hex_prin(out, av->value.bit_string->data,
av->value.bit_string->length);
BIO_printf(out, "\n");
break;

10
crypto/openssl/apps/pkcs7.c
View File

@ -196,7 +196,15 @@ int MAIN(int argc, char **argv)
}
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
@ -280,6 +288,6 @@ int MAIN(int argc, char **argv)
end:
if (p7 != NULL) PKCS7_free(p7);
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free(out);
if (out != NULL) BIO_free_all(out);
EXIT(ret);
}

23
crypto/openssl/apps/pkcs8.c
View File

@ -194,8 +194,15 @@ int MAIN(int argc, char **argv)
"Can't open output file %s\n", outfile);
return (1);
}
} else out = BIO_new_fp (stdout, BIO_NOCLOSE);
} else {
out = BIO_new_fp (stdout, BIO_NOCLOSE);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
if (topk8) {
if(informat == FORMAT_PEM)
pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, passin);
@ -253,9 +260,9 @@ int MAIN(int argc, char **argv)
}
PKCS8_PRIV_KEY_INFO_free (p8inf);
EVP_PKEY_free(pkey);
BIO_free(out);
if(passin) Free(passin);
if(passout) Free(passout);
BIO_free_all(out);
if(passin) OPENSSL_free(passin);
if(passout) OPENSSL_free(passout);
return (0);
}
@ -336,10 +343,10 @@ int MAIN(int argc, char **argv)
}
EVP_PKEY_free(pkey);
BIO_free(out);
BIO_free_all(out);
BIO_free(in);
if(passin) Free(passin);
if(passout) Free(passout);
if(passin) OPENSSL_free(passin);
if(passout) OPENSSL_free(passout);
return (0);
}

5
crypto/openssl/apps/progs.h
View File

@ -14,6 +14,7 @@ extern int errstr_main(int argc,char *argv[]);
extern int ca_main(int argc,char *argv[]);
extern int crl_main(int argc,char *argv[]);
extern int rsa_main(int argc,char *argv[]);
extern int rsautl_main(int argc,char *argv[]);
extern int dsa_main(int argc,char *argv[]);
extern int dsaparam_main(int argc,char *argv[]);
extern int x509_main(int argc,char *argv[]);
@ -67,6 +68,9 @@ FUNCTION functions[] = {
#ifndef NO_RSA
{FUNC_TYPE_GENERAL,"rsa",rsa_main},
#endif
#ifndef NO_RSA
{FUNC_TYPE_GENERAL,"rsautl",rsautl_main},
#endif
#ifndef NO_DSA
{FUNC_TYPE_GENERAL,"dsa",dsa_main},
#endif
@ -106,6 +110,7 @@ FUNCTION functions[] = {
{FUNC_TYPE_GENERAL,"smime",smime_main},
{FUNC_TYPE_GENERAL,"rand",rand_main},
{FUNC_TYPE_MD,"md2",dgst_main},
{FUNC_TYPE_MD,"md4",dgst_main},
{FUNC_TYPE_MD,"md5",dgst_main},
{FUNC_TYPE_MD,"sha",dgst_main},
{FUNC_TYPE_MD,"sha1",dgst_main},

4
crypto/openssl/apps/progs.pl
View File

@ -29,7 +29,7 @@ foreach (@ARGV)
$str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
{ print "#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))\n${str}#endif\n"; }
elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) )
elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) || ($_ =~ /^rsautl$/))
{ print "#ifndef NO_RSA\n${str}#endif\n"; }
elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/))
{ print "#ifndef NO_DSA\n${str}#endif\n"; }
@ -41,7 +41,7 @@ foreach (@ARGV)
{ print $str; }
}
foreach ("md2","md5","sha","sha1","mdc2","rmd160")
foreach ("md2","md4","md5","sha","sha1","mdc2","rmd160")
{
push(@files,$_);
printf "\t{FUNC_TYPE_MD,\"%s\",dgst_main},\n",$_;

10
crypto/openssl/apps/rand.c
View File

@ -62,7 +62,7 @@ int MAIN(int argc, char **argv)
else
badopt = 1;
}
else if (isdigit(argv[i][0]))
else if (isdigit((unsigned char)argv[i][0]))
{
if (num < 0)
{
@ -101,7 +101,15 @@ int MAIN(int argc, char **argv)
if (outfile != NULL)
r = BIO_write_filename(out, outfile);
else
{
r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
if (r <= 0)
goto err;

69
crypto/openssl/apps/req.c
View File

@ -102,6 +102,7 @@
* -config file - Load configuration file.
* -key file - make a request using key in file (or use it for verification).
* -keyform - key file format.
* -rand file(s) - load the file(s) into the PRNG.
* -newkey - make a key and a request.
* -modulus - print RSA modulus.
* -x509 - output a self signed X509 structure instead.
@ -125,7 +126,6 @@ static void MS_CALLBACK req_cb(int p,int n,void *arg);
#endif
static int req_check_len(int len,int min,int max);
static int check_end(char *str, char *end);
static int add_oid_section(LHASH *conf);
#ifndef MONOLITH
static char *default_config_file=NULL;
static LHASH *config=NULL;
@ -156,6 +156,7 @@ int MAIN(int argc, char **argv)
char *req_exts = NULL;
EVP_CIPHER *cipher=NULL;
int modulus=0;
char *inrand=NULL;
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
char *p;
@ -239,6 +240,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
passargout= *(++argv);
}
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
inrand= *(++argv);
}
else if (strcmp(*argv,"-newkey") == 0)
{
int is_numeric;
@ -372,6 +378,9 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err," -key file use the private key contained in file\n");
BIO_printf(bio_err," -keyform arg key file format\n");
BIO_printf(bio_err," -keyout arg file to send the key to\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
@ -457,7 +466,7 @@ int MAIN(int argc, char **argv)
}
}
}
if(!add_oid_section(req_conf)) goto end;
if(!add_oid_section(bio_err, req_conf)) goto end;
if ((md_alg == NULL) &&
((p=CONF_get_string(req_conf,SECTION,"default_md")) != NULL))
@ -538,12 +547,19 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err,"unable to load Private key\n");
goto end;
}
if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA)
{
char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
app_RAND_load_file(randfile, bio_err, 0);
}
}
if (newreq && (pkey == NULL))
{
char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
app_RAND_load_file(randfile, bio_err, 0);
if (inrand)
app_RAND_load_files(inrand);
if (newkey <= 0)
{
@ -593,6 +609,12 @@ int MAIN(int argc, char **argv)
{
BIO_printf(bio_err,"writing new private key to stdout\n");
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
@ -788,7 +810,15 @@ int MAIN(int argc, char **argv)
}
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if ((keyout != NULL) && (strcmp(outfile,keyout) == 0))
@ -874,12 +904,12 @@ int MAIN(int argc, char **argv)
}
if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf);
BIO_free(in);
BIO_free(out);
BIO_free_all(out);
EVP_PKEY_free(pkey);
X509_REQ_free(req);
X509_free(x509ss);
if(passargin && passin) Free(passin);
if(passargout && passout) Free(passout);
if(passargin && passin) OPENSSL_free(passin);
if(passargout && passout) OPENSSL_free(passout);
OBJ_cleanup();
#ifndef NO_DSA
if (dsa_params != NULL) DSA_free(dsa_params);
@ -1083,7 +1113,11 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
* multiple instances
*/
for(p = v->name; *p ; p++)
#ifndef CHARSET_EBCDIC
if ((*p == ':') || (*p == ',') || (*p == '.')) {
#else
if ((*p == os_toascii[':']) || (*p == os_toascii[',']) || (*p == os_toascii['.'])) {
#endif
p++;
if(*p) type = p;
break;
@ -1199,6 +1233,9 @@ static int add_attribute_object(X509_REQ *req, char *text,
return(0);
}
buf[--i]='\0';
#ifdef CHARSET_EBCDIC
ebcdic2ascii(buf, buf, i);
#endif
if(!req_check_len(i, min, max)) goto start;
if(!X509_REQ_add1_attr_by_NID(req, nid, MBSTRING_ASC,
@ -1256,25 +1293,3 @@ static int check_end(char *str, char *end)
tmp = str + slen - elen;
return strcmp(tmp, end);
}
static int add_oid_section(LHASH *conf)
{
char *p;
STACK_OF(CONF_VALUE) *sktmp;
CONF_VALUE *cnf;
int i;
if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1;
if(!(sktmp = CONF_get_section(conf, p))) {
BIO_printf(bio_err, "problem loading oid section %s\n", p);
return 0;
}
for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
cnf = sk_CONF_VALUE_value(sktmp, i);
if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
BIO_printf(bio_err, "problem creating object %s=%s\n",
cnf->name, cnf->value);
return 0;
}
}
return 1;
}

31
crypto/openssl/apps/rsa.c
View File

@ -92,7 +92,7 @@ int MAIN(int argc, char **argv)
{
int ret=1;
RSA *rsa=NULL;
int i,badops=0;
int i,badops=0, sgckey=0;
const EVP_CIPHER *enc=NULL;
BIO *in=NULL,*out=NULL;
int informat,outformat,text=0,check=0,noout=0;
@ -148,6 +148,8 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
passargout= *(++argv);
}
else if (strcmp(*argv,"-sgckey") == 0)
sgckey=1;
else if (strcmp(*argv,"-pubin") == 0)
pubin=1;
else if (strcmp(*argv,"-pubout") == 0)
@ -178,6 +180,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n");
BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -sgckey Use IIS SGC key format\n");
BIO_printf(bio_err," -passin arg input file pass phrase source\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -passout arg output file pass phrase source\n");
@ -254,7 +257,7 @@ int MAIN(int argc, char **argv)
}
}
p=(unsigned char *)buf->data;
rsa=d2i_Netscape_RSA(NULL,&p,(long)size,NULL);
rsa=d2i_RSA_NET(NULL,&p,(long)size,NULL, sgckey);
BUF_MEM_free(buf);
}
#endif
@ -275,7 +278,15 @@ int MAIN(int argc, char **argv)
}
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
@ -344,16 +355,16 @@ int MAIN(int argc, char **argv)
int size;
i=1;
size=i2d_Netscape_RSA(rsa,NULL,NULL);
if ((p=(unsigned char *)Malloc(size)) == NULL)
size=i2d_RSA_NET(rsa,NULL,NULL, sgckey);
if ((p=(unsigned char *)OPENSSL_malloc(size)) == NULL)
{
BIO_printf(bio_err,"Malloc failure\n");
BIO_printf(bio_err,"Memory allocation failure\n");
goto end;
}
pp=p;
i2d_Netscape_RSA(rsa,&p,NULL);
i2d_RSA_NET(rsa,&p,NULL, sgckey);
BIO_write(out,(char *)pp,size);
Free(pp);
OPENSSL_free(pp);
}
#endif
else if (outformat == FORMAT_PEM) {
@ -374,10 +385,10 @@ int MAIN(int argc, char **argv)
ret=0;
end:
if(in != NULL) BIO_free(in);
if(out != NULL) BIO_free(out);
if(out != NULL) BIO_free_all(out);
if(rsa != NULL) RSA_free(rsa);
if(passin) Free(passin);
if(passout) Free(passout);
if(passin) OPENSSL_free(passin);
if(passout) OPENSSL_free(passout);
EXIT(ret);
}
#else /* !NO_RSA */

290
crypto/openssl/apps/rsautl.c Normal file
View File

@ -0,0 +1,290 @@
/* rsautl.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
* project 2000.
*/
/* ====================================================================
* Copyright (c) 2000 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include "apps.h"
#include <string.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#define RSA_SIGN 1
#define RSA_VERIFY 2
#define RSA_ENCRYPT 3
#define RSA_DECRYPT 4
#define KEY_PRIVKEY 1
#define KEY_PUBKEY 2
#define KEY_CERT 3
static void usage(void);
#undef PROG
#define PROG rsautl_main
int MAIN(int argc, char **);
int MAIN(int argc, char **argv)
{
BIO *in = NULL, *out = NULL;
char *infile = NULL, *outfile = NULL;
char *keyfile = NULL;
char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
int keyform = FORMAT_PEM;
char need_priv = 0, badarg = 0, rev = 0;
char hexdump = 0, asn1parse = 0;
X509 *x;
EVP_PKEY *pkey = NULL;
RSA *rsa = NULL;
unsigned char *rsa_in = NULL, *rsa_out = NULL, pad;
int rsa_inlen, rsa_outlen = 0;
int keysize;
int ret = 1;
argc--;
argv++;
if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
pad = RSA_PKCS1_PADDING;
while(argc >= 1)
{
if (!strcmp(*argv,"-in")) {
if (--argc < 1) badarg = 1;
infile= *(++argv);
} else if (!strcmp(*argv,"-out")) {
if (--argc < 1) badarg = 1;
outfile= *(++argv);
} else if(!strcmp(*argv, "-inkey")) {
if (--argc < 1) badarg = 1;
keyfile = *(++argv);
} else if(!strcmp(*argv, "-pubin")) {
key_type = KEY_PUBKEY;
} else if(!strcmp(*argv, "-certin")) {
key_type = KEY_CERT;
}
else if(!strcmp(*argv, "-asn1parse")) asn1parse = 1;
else if(!strcmp(*argv, "-hexdump")) hexdump = 1;
else if(!strcmp(*argv, "-raw")) pad = RSA_NO_PADDING;
else if(!strcmp(*argv, "-oaep")) pad = RSA_PKCS1_OAEP_PADDING;
else if(!strcmp(*argv, "-ssl")) pad = RSA_SSLV23_PADDING;
else if(!strcmp(*argv, "-pkcs")) pad = RSA_PKCS1_PADDING;
else if(!strcmp(*argv, "-sign")) {
rsa_mode = RSA_SIGN;
need_priv = 1;
} else if(!strcmp(*argv, "-verify")) rsa_mode = RSA_VERIFY;
else if(!strcmp(*argv, "-rev")) rev = 1;
else if(!strcmp(*argv, "-encrypt")) rsa_mode = RSA_ENCRYPT;
else if(!strcmp(*argv, "-decrypt")) {
rsa_mode = RSA_DECRYPT;
need_priv = 1;
} else badarg = 1;
if(badarg) {
usage();
goto end;
}
argc--;
argv++;
}
if(need_priv && (key_type != KEY_PRIVKEY)) {
BIO_printf(bio_err, "A private key is needed for this operation\n");
goto end;
}
/* FIXME: seed PRNG only if needed */
app_RAND_load_file(NULL, bio_err, 0);
switch(key_type) {
case KEY_PRIVKEY:
pkey = load_key(bio_err, keyfile, keyform, NULL);
break;
case KEY_PUBKEY:
pkey = load_pubkey(bio_err, keyfile, keyform);
break;
case KEY_CERT:
x = load_cert(bio_err, keyfile, keyform);
if(x) {
pkey = X509_get_pubkey(x);
X509_free(x);
}
break;
}
if(!pkey) {
BIO_printf(bio_err, "Error loading key\n");
return 1;
}
rsa = EVP_PKEY_get1_RSA(pkey);
EVP_PKEY_free(pkey);
if(!rsa) {
BIO_printf(bio_err, "Error getting RSA key\n");
ERR_print_errors(bio_err);
goto end;
}
if(infile) {
if(!(in = BIO_new_file(infile, "rb"))) {
BIO_printf(bio_err, "Error Reading Input File\n");
ERR_print_errors(bio_err);
goto end;
}
} else in = BIO_new_fp(stdin, BIO_NOCLOSE);
if(outfile) {
if(!(out = BIO_new_file(outfile, "wb"))) {
BIO_printf(bio_err, "Error Reading Output File\n");
ERR_print_errors(bio_err);
goto end;
}
} else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
keysize = RSA_size(rsa);
rsa_in = OPENSSL_malloc(keysize * 2);
rsa_out = OPENSSL_malloc(keysize);
/* Read the input data */
rsa_inlen = BIO_read(in, rsa_in, keysize * 2);
if(rsa_inlen <= 0) {
BIO_printf(bio_err, "Error reading input Data\n");
exit(1);
}
if(rev) {
int i;
unsigned char ctmp;
for(i = 0; i < rsa_inlen/2; i++) {
ctmp = rsa_in[i];
rsa_in[i] = rsa_in[rsa_inlen - 1 - i];
rsa_in[rsa_inlen - 1 - i] = ctmp;
}
}
switch(rsa_mode) {
case RSA_VERIFY:
rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
break;
case RSA_SIGN:
rsa_outlen = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
break;
case RSA_ENCRYPT:
rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
break;
case RSA_DECRYPT:
rsa_outlen = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
break;
}
if(rsa_outlen <= 0) {
BIO_printf(bio_err, "RSA operation error\n");
ERR_print_errors(bio_err);
goto end;
}
ret = 0;
if(asn1parse) {
if(!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) {
ERR_print_errors(bio_err);
}
} else if(hexdump) BIO_dump(out, (char *)rsa_out, rsa_outlen);
else BIO_write(out, rsa_out, rsa_outlen);
end:
RSA_free(rsa);
BIO_free(in);
BIO_free_all(out);
if(rsa_in) OPENSSL_free(rsa_in);
if(rsa_out) OPENSSL_free(rsa_out);
return ret;
}
static void usage()
{
BIO_printf(bio_err, "Usage: rsautl [options]\n");
BIO_printf(bio_err, "-in file input file\n");
BIO_printf(bio_err, "-out file output file\n");
BIO_printf(bio_err, "-inkey file input key\n");
BIO_printf(bio_err, "-pubin input is an RSA public\n");
BIO_printf(bio_err, "-certin input is a certificate carrying an RSA public key\n");
BIO_printf(bio_err, "-ssl use SSL v2 padding\n");
BIO_printf(bio_err, "-raw use no padding\n");
BIO_printf(bio_err, "-pkcs use PKCS#1 v1.5 padding (default)\n");
BIO_printf(bio_err, "-oaep use PKCS#1 OAEP\n");
BIO_printf(bio_err, "-sign sign with private key\n");
BIO_printf(bio_err, "-verify verify with public key\n");
BIO_printf(bio_err, "-encrypt encrypt with public key\n");
BIO_printf(bio_err, "-decrypt decrypt with private key\n");
BIO_printf(bio_err, "-hexdump hex dump output\n");
}

12
crypto/openssl/apps/s_client.c
View File

@ -201,8 +201,8 @@ int MAIN(int argc, char **argv)
if (bio_err == NULL)
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
if ( ((cbuf=Malloc(BUFSIZZ)) == NULL) ||
((sbuf=Malloc(BUFSIZZ)) == NULL))
if ( ((cbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL))
{
BIO_printf(bio_err,"out of memory\n");
goto end;
@ -523,7 +523,7 @@ int MAIN(int argc, char **argv)
tv.tv_usec = 0;
i=select(width,(void *)&readfds,(void *)&writefds,
NULL,&tv);
if(!i && (!_kbhit() || !read_tty) ) continue;
if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue;
} else i=select(width,(void *)&readfds,(void *)&writefds,
NULL,NULL);
}
@ -689,7 +689,7 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
}
#ifdef WINDOWS
else if (_kbhit())
else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
#else
else if (FD_ISSET(fileno(stdin),&readfds))
#endif
@ -753,8 +753,8 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
if (con != NULL) SSL_free(con);
if (con2 != NULL) SSL_free(con2);
if (ctx != NULL) SSL_CTX_free(ctx);
if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); Free(cbuf); }
if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); Free(sbuf); }
if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); OPENSSL_free(cbuf); }
if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); OPENSSL_free(sbuf); }
if (bio_c_out != NULL)
{
BIO_free(bio_c_out);

16
crypto/openssl/apps/s_server.c
View File

@ -285,7 +285,7 @@ static int ebcdic_new(BIO *bi)
{
EBCDIC_OUTBUFF *wbuf;
wbuf = (EBCDIC_OUTBUFF *)Malloc(sizeof(EBCDIC_OUTBUFF) + 1024);
wbuf = (EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + 1024);
wbuf->alloced = 1024;
wbuf->buff[0] = '\0';
@ -299,7 +299,7 @@ static int ebcdic_free(BIO *a)
{
if (a == NULL) return(0);
if (a->ptr != NULL)
Free(a->ptr);
OPENSSL_free(a->ptr);
a->ptr=NULL;
a->init=0;
a->flags=0;
@ -336,8 +336,8 @@ static int ebcdic_write(BIO *b, char *in, int inl)
num = num + num; /* double the size */
if (num < inl)
num = inl;
Free(wbuf);
wbuf=(EBCDIC_OUTBUFF *)Malloc(sizeof(EBCDIC_OUTBUFF) + num);
OPENSSL_free(wbuf);
wbuf=(EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num);
wbuf->alloced = num;
wbuf->buff[0] = '\0';
@ -766,7 +766,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
struct timeval tv;
#endif
if ((buf=Malloc(bufsize)) == NULL)
if ((buf=OPENSSL_malloc(bufsize)) == NULL)
{
BIO_printf(bio_err,"out of memory\n");
goto err;
@ -1028,7 +1028,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
if (buf != NULL)
{
memset(buf,0,bufsize);
Free(buf);
OPENSSL_free(buf);
}
if (ret >= 0)
BIO_printf(bio_s_out,"ACCEPT\n");
@ -1145,7 +1145,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
BIO *io,*ssl_bio,*sbio;
long total_bytes;
buf=Malloc(bufsize);
buf=OPENSSL_malloc(bufsize);
if (buf == NULL) return(0);
io=BIO_new(BIO_f_buffer());
ssl_bio=BIO_new(BIO_f_ssl());
@ -1474,7 +1474,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
if (ret >= 0)
BIO_printf(bio_s_out,"ACCEPT\n");
if (buf != NULL) Free(buf);
if (buf != NULL) OPENSSL_free(buf);
if (io != NULL) BIO_free_all(io);
/* if (ssl_bio != NULL) BIO_free(ssl_bio);*/
return(ret);

8
crypto/openssl/apps/s_socket.c
View File

@ -209,9 +209,11 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port)
s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
if (s == INVALID_SOCKET) { perror("socket"); return(0); }
#ifndef MPE
i=0;
i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
if (i < 0) { perror("keepalive"); return(0); }
#endif
if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
{ close(s); perror("connect"); return(0); }
@ -241,7 +243,7 @@ int do_server(int port, int *ret, int (*cb)(), char *context)
return(0);
}
i=(*cb)(name,sock, context);
if (name != NULL) Free(name);
if (name != NULL) OPENSSL_free(name);
SHUTDOWN2(sock);
if (i < 0)
{
@ -372,9 +374,9 @@ static int do_accept(int acc_sock, int *sock, char **host)
}
else
{
if ((*host=(char *)Malloc(strlen(h1->h_name)+1)) == NULL)
if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL)
{
perror("Malloc");
perror("OPENSSL_malloc");
return(0);
}
strcpy(*host,h1->h_name);

10
crypto/openssl/apps/sess_id.c
View File

@ -206,7 +206,15 @@ int MAIN(int argc, char **argv)
}
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
@ -262,7 +270,7 @@ int MAIN(int argc, char **argv)
}
ret=0;
end:
if (out != NULL) BIO_free(out);
if (out != NULL) BIO_free_all(out);
if (x != NULL) SSL_SESSION_free(x);
EXIT(ret);
}

133
crypto/openssl/apps/smime.c
View File

@ -67,9 +67,6 @@
#undef PROG
#define PROG smime_main
static X509 *load_cert(char *file);
static EVP_PKEY *load_key(char *file, char *pass);
static STACK_OF(X509) *load_certs(char *file);
static X509_STORE *setup_verify(char *CAfile, char *CApath);
static int save_certs(char *signerfile, STACK_OF(X509) *signers);
@ -90,7 +87,7 @@ int MAIN(int argc, char **argv)
char *inmode = "r", *outmode = "w";
char *infile = NULL, *outfile = NULL;
char *signerfile = NULL, *recipfile = NULL;
char *certfile = NULL, *keyfile = NULL;
char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
EVP_CIPHER *cipher = NULL;
PKCS7 *p7 = NULL;
X509_STORE *store = NULL;
@ -105,6 +102,7 @@ int MAIN(int argc, char **argv)
char *passargin = NULL, *passin = NULL;
char *inrand = NULL;
int need_rand = 0;
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
args = argv + 1;
ret = 1;
@ -143,6 +141,8 @@ int MAIN(int argc, char **argv)
flags |= PKCS7_NOATTR;
else if (!strcmp (*args, "-nodetach"))
flags &= ~PKCS7_DETACHED;
else if (!strcmp (*args, "-nosmimecap"))
flags |= PKCS7_NOSMIMECAP;
else if (!strcmp (*args, "-binary"))
flags |= PKCS7_BINARY;
else if (!strcmp (*args, "-nosigs"))
@ -208,11 +208,26 @@ int MAIN(int argc, char **argv)
args++;
infile = *args;
} else badarg = 1;
} else if (!strcmp (*args, "-inform")) {
if (args[1]) {
args++;
informat = str2fmt(*args);
} else badarg = 1;
} else if (!strcmp (*args, "-outform")) {
if (args[1]) {
args++;
outformat = str2fmt(*args);
} else badarg = 1;
} else if (!strcmp (*args, "-out")) {
if (args[1]) {
args++;
outfile = *args;
} else badarg = 1;
} else if (!strcmp (*args, "-content")) {
if (args[1]) {
args++;
contfile = *args;
} else badarg = 1;
} else badarg = 1;
args++;
}
@ -264,8 +279,11 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-signer file signer certificate file\n");
BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n");
BIO_printf (bio_err, "-in file input file\n");
BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n");
BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n");
BIO_printf (bio_err, "-out file output file\n");
BIO_printf (bio_err, "-outform arg output format SMIME (default), PEM or DER\n");
BIO_printf (bio_err, "-content file supply or override content for detached signature\n");
BIO_printf (bio_err, "-to addr to address\n");
BIO_printf (bio_err, "-from ad from address\n");
BIO_printf (bio_err, "-subject s subject\n");
@ -295,9 +313,12 @@ int MAIN(int argc, char **argv)
if(operation != SMIME_SIGN) flags &= ~PKCS7_DETACHED;
if(flags & PKCS7_BINARY) {
if(operation & SMIME_OP) inmode = "rb";
else outmode = "rb";
if(operation & SMIME_OP) {
if(flags & PKCS7_BINARY) inmode = "rb";
if(outformat == FORMAT_ASN1) outmode = "wb";
} else {
if(flags & PKCS7_BINARY) outmode = "wb";
if(informat == FORMAT_ASN1) inmode = "rb";
}
if(operation == SMIME_ENCRYPT) {
@ -311,7 +332,7 @@ int MAIN(int argc, char **argv)
}
encerts = sk_X509_new_null();
while (*args) {
if(!(cert = load_cert(*args))) {
if(!(cert = load_cert(bio_err,*args,FORMAT_PEM))) {
BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args);
goto end;
}
@ -322,14 +343,14 @@ int MAIN(int argc, char **argv)
}
if(signerfile && (operation == SMIME_SIGN)) {
if(!(signer = load_cert(signerfile))) {
if(!(signer = load_cert(bio_err,signerfile,FORMAT_PEM))) {
BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile);
goto end;
}
}
if(certfile) {
if(!(other = load_certs(certfile))) {
if(!(other = load_certs(bio_err,certfile,FORMAT_PEM))) {
BIO_printf(bio_err, "Can't read certificate file %s\n", certfile);
ERR_print_errors(bio_err);
goto end;
@ -337,7 +358,7 @@ int MAIN(int argc, char **argv)
}
if(recipfile && (operation == SMIME_DECRYPT)) {
if(!(recip = load_cert(recipfile))) {
if(!(recip = load_cert(bio_err,recipfile,FORMAT_PEM))) {
BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile);
ERR_print_errors(bio_err);
goto end;
@ -351,7 +372,7 @@ int MAIN(int argc, char **argv)
} else keyfile = NULL;
if(keyfile) {
if(!(key = load_key(keyfile, passin))) {
if(!(key = load_key(bio_err,keyfile, FORMAT_PEM, passin))) {
BIO_printf(bio_err, "Can't read recipient certificate file %s\n", keyfile);
ERR_print_errors(bio_err);
goto end;
@ -372,7 +393,15 @@ int MAIN(int argc, char **argv)
"Can't open output file %s\n", outfile);
goto end;
}
} else out = BIO_new_fp(stdout, BIO_NOCLOSE);
} else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
if(operation == SMIME_VERIFY) {
if(!(store = setup_verify(CAfile, CApath))) goto end;
@ -386,10 +415,28 @@ int MAIN(int argc, char **argv)
p7 = PKCS7_sign(signer, key, other, in, flags);
BIO_reset(in);
} else {
if(!(p7 = SMIME_read_PKCS7(in, &indata))) {
if(informat == FORMAT_SMIME)
p7 = SMIME_read_PKCS7(in, &indata);
else if(informat == FORMAT_PEM)
p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
else if(informat == FORMAT_ASN1)
p7 = d2i_PKCS7_bio(in, NULL);
else {
BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");
goto end;
}
if(!p7) {
BIO_printf(bio_err, "Error reading S/MIME message\n");
goto end;
}
if(contfile) {
BIO_free(indata);
if(!(indata = BIO_new_file(contfile, "rb"))) {
BIO_printf(bio_err, "Can't read content file %s\n", contfile);
goto end;
}
}
}
if(!p7) {
@ -425,7 +472,16 @@ int MAIN(int argc, char **argv)
if(to) BIO_printf(out, "To: %s\n", to);
if(from) BIO_printf(out, "From: %s\n", from);
if(subject) BIO_printf(out, "Subject: %s\n", subject);
SMIME_write_PKCS7(out, p7, in, flags);
if(outformat == FORMAT_SMIME)
SMIME_write_PKCS7(out, p7, in, flags);
else if(outformat == FORMAT_PEM)
PEM_write_bio_PKCS7(out,p7);
else if(outformat == FORMAT_ASN1)
i2d_PKCS7_bio(out,p7);
else {
BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");
goto end;
}
}
ret = 0;
end:
@ -442,54 +498,11 @@ int MAIN(int argc, char **argv)
PKCS7_free(p7);
BIO_free(in);
BIO_free(indata);
BIO_free(out);
if(passin) Free(passin);
BIO_free_all(out);
if(passin) OPENSSL_free(passin);
return (ret);
}
static X509 *load_cert(char *file)
{
BIO *in;
X509 *cert;
if(!(in = BIO_new_file(file, "r"))) return NULL;
cert = PEM_read_bio_X509(in, NULL, NULL,NULL);
BIO_free(in);
return cert;
}
static EVP_PKEY *load_key(char *file, char *pass)
{
BIO *in;
EVP_PKEY *key;
if(!(in = BIO_new_file(file, "r"))) return NULL;
key = PEM_read_bio_PrivateKey(in, NULL,NULL,pass);
BIO_free(in);
return key;
}
static STACK_OF(X509) *load_certs(char *file)
{
BIO *in;
int i;
STACK_OF(X509) *othercerts;
STACK_OF(X509_INFO) *allcerts;
X509_INFO *xi;
if(!(in = BIO_new_file(file, "r"))) return NULL;
othercerts = sk_X509_new(NULL);
if(!othercerts) return NULL;
allcerts = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
for(i = 0; i < sk_X509_INFO_num(allcerts); i++) {
xi = sk_X509_INFO_value (allcerts, i);
if (xi->x509) {
sk_X509_push(othercerts, xi->x509);
xi->x509 = NULL;
}
}
sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
BIO_free(in);
return othercerts;
}
static X509_STORE *setup_verify(char *CAfile, char *CApath)
{
X509_STORE *store;

528
crypto/openssl/apps/speed.c
View File

@ -82,16 +82,25 @@
#include <openssl/rand.h>
#include <openssl/err.h>
#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
#define TIMES
#if defined(__FreeBSD__)
# define USE_TOD
#elif !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
# define TIMES
#endif
#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE)
# define TIMEB
#endif
#ifndef _IRIX
#include <time.h>
# include <time.h>
#endif
#ifdef TIMES
#include <sys/types.h>
#include <sys/times.h>
# include <sys/types.h>
# include <sys/times.h>
#endif
#ifdef USE_TOD
# include <sys/time.h>
# include <sys/resource.h>
#endif
/* Depending on the VMS version, the tms structure is perhaps defined.
@ -102,10 +111,14 @@
#undef TIMES
#endif
#ifndef TIMES
#ifdef TIMEB
#include <sys/timeb.h>
#endif
#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD)
#error "It seems neither struct tms nor struct timeb is supported in this platform!"
#endif
#if defined(sun) || defined(__ultrix)
#define _POSIX_SOURCE
#include <limits.h>
@ -121,6 +134,9 @@
#ifndef NO_MDC2
#include <openssl/mdc2.h>
#endif
#ifndef NO_MD4
#include <openssl/md4.h>
#endif
#ifndef NO_MD5
#include <openssl/md5.h>
#endif
@ -178,7 +194,7 @@
#define BUFSIZE ((long)1024*8+1)
int run=0;
static double Time_F(int s);
static double Time_F(int s, int usertime);
static void print_message(char *s,long num,int length);
static void pkey_print_message(char *str,char *str2,long num,int bits,int sec);
#ifdef SIGALRM
@ -202,39 +218,91 @@ static SIGRETTYPE sig_done(int sig)
#define START 0
#define STOP 1
static double Time_F(int s)
static double Time_F(int s, int usertime)
{
double ret;
#ifdef TIMES
static struct tms tstart,tend;
if (s == START)
{
times(&tstart);
return(0);
#ifdef USE_TOD
if(usertime)
{
static struct rusage tstart,tend;
if (s == START)
{
getrusage(RUSAGE_SELF,&tstart);
return(0);
}
else
{
long i;
getrusage(RUSAGE_SELF,&tend);
i=(long)tend.ru_utime.tv_usec-(long)tstart.ru_utime.tv_usec;
ret=((double)(tend.ru_utime.tv_sec-tstart.ru_utime.tv_sec))
+((double)i)/1000000.0;
return((ret < 0.001)?0.001:ret);
}
}
else
{
times(&tend);
ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
return((ret < 1e-3)?1e-3:ret);
}
#else /* !times() */
static struct timeb tstart,tend;
long i;
static struct timeval tstart,tend;
long i;
if (s == START)
{
ftime(&tstart);
return(0);
if (s == START)
{
gettimeofday(&tstart,NULL);
return(0);
}
else
{
gettimeofday(&tend,NULL);
i=(long)tend.tv_usec-(long)tstart.tv_usec;
ret=((double)(tend.tv_sec-tstart.tv_sec))+((double)i)/1000000.0;
return((ret < 0.001)?0.001:ret);
}
}
#else /* ndef USE_TOD */
# ifdef TIMES
if (usertime)
{
static struct tms tstart,tend;
if (s == START)
{
times(&tstart);
return(0);
}
else
{
times(&tend);
ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
return((ret < 1e-3)?1e-3:ret);
}
}
# endif /* times() */
# if defined(TIMES) && defined(TIMEB)
else
# endif
# ifdef TIMEB
{
ftime(&tend);
i=(long)tend.millitm-(long)tstart.millitm;
ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
return((ret < 0.001)?0.001:ret);
static struct timeb tstart,tend;
long i;
if (s == START)
{
ftime(&tstart);
return(0);
}
else
{
ftime(&tend);
i=(long)tend.millitm-(long)tstart.millitm;
ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
return((ret < 0.001)?0.001:ret);
}
}
# endif
#endif
}
@ -244,19 +312,22 @@ int MAIN(int argc, char **argv)
{
unsigned char *buf=NULL,*buf2=NULL;
int mret=1;
#define ALGOR_NUM 14
#define ALGOR_NUM 15
#define SIZE_NUM 5
#define RSA_NUM 4
#define DSA_NUM 3
long count,rsa_count;
int i,j,k;
unsigned rsa_num,rsa_num2;
unsigned rsa_num;
#ifndef NO_MD2
unsigned char md2[MD2_DIGEST_LENGTH];
#endif
#ifndef NO_MDC2
unsigned char mdc2[MDC2_DIGEST_LENGTH];
#endif
#ifndef NO_MD4
unsigned char md4[MD4_DIGEST_LENGTH];
#endif
#ifndef NO_MD5
unsigned char md5[MD5_DIGEST_LENGTH];
unsigned char hmac[MD5_DIGEST_LENGTH];
@ -298,23 +369,24 @@ int MAIN(int argc, char **argv)
#endif
#define D_MD2 0
#define D_MDC2 1
#define D_MD5 2
#define D_HMAC 3
#define D_SHA1 4
#define D_RMD160 5
#define D_RC4 6
#define D_CBC_DES 7
#define D_EDE3_DES 8
#define D_CBC_IDEA 9
#define D_CBC_RC2 10
#define D_CBC_RC5 11
#define D_CBC_BF 12
#define D_CBC_CAST 13
#define D_MD4 2
#define D_MD5 3
#define D_HMAC 4
#define D_SHA1 5
#define D_RMD160 6
#define D_RC4 7
#define D_CBC_DES 8
#define D_EDE3_DES 9
#define D_CBC_IDEA 10
#define D_CBC_RC2 11
#define D_CBC_RC5 12
#define D_CBC_BF 13
#define D_CBC_CAST 14
double d,results[ALGOR_NUM][SIZE_NUM];
static int lengths[SIZE_NUM]={8,64,256,1024,8*1024};
long c[ALGOR_NUM][SIZE_NUM];
static char *names[ALGOR_NUM]={
"md2","mdc2","md5","hmac(md5)","sha1","rmd160","rc4",
"md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4",
"des cbc","des ede3","idea cbc",
"rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc"};
#define R_DSA_512 0
@ -345,6 +417,11 @@ int MAIN(int argc, char **argv)
int dsa_doit[DSA_NUM];
int doit[ALGOR_NUM];
int pr_header=0;
int usertime=1;
#ifndef TIMES
usertime=-1;
#endif
apps_startup();
memset(results, 0, sizeof(results));
@ -362,7 +439,7 @@ int MAIN(int argc, char **argv)
rsa_key[i]=NULL;
#endif
if ((buf=(unsigned char *)Malloc((int)BUFSIZE)) == NULL)
if ((buf=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL)
{
BIO_printf(bio_err,"out of memory\n");
goto end;
@ -370,7 +447,7 @@ int MAIN(int argc, char **argv)
#ifndef NO_DES
buf_as_des_cblock = (des_cblock *)buf;
#endif
if ((buf2=(unsigned char *)Malloc((int)BUFSIZE)) == NULL)
if ((buf2=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL)
{
BIO_printf(bio_err,"out of memory\n");
goto end;
@ -391,6 +468,8 @@ int MAIN(int argc, char **argv)
argv++;
while (argc)
{
if ((argc > 0) && (strcmp(*argv,"-elapsed") == 0))
usertime = 0;
#ifndef NO_MD2
if (strcmp(*argv,"md2") == 0) doit[D_MD2]=1;
else
@ -399,6 +478,10 @@ int MAIN(int argc, char **argv)
if (strcmp(*argv,"mdc2") == 0) doit[D_MDC2]=1;
else
#endif
#ifndef NO_MD4
if (strcmp(*argv,"md4") == 0) doit[D_MD4]=1;
else
#endif
#ifndef NO_MD5
if (strcmp(*argv,"md5") == 0) doit[D_MD5]=1;
else
@ -510,8 +593,34 @@ int MAIN(int argc, char **argv)
else
#endif
{
BIO_printf(bio_err,"bad value, pick one of\n");
BIO_printf(bio_err,"md2 mdc2 md5 hmac sha1 rmd160\n");
BIO_printf(bio_err,"Error: bad option or value\n");
BIO_printf(bio_err,"\n");
BIO_printf(bio_err,"Available values:\n");
#ifndef NO_MD2
BIO_printf(bio_err,"md2 ");
#endif
#ifndef NO_MDC2
BIO_printf(bio_err,"mdc2 ");
#endif
#ifndef NO_MD4
BIO_printf(bio_err,"md4 ");
#endif
#ifndef NO_MD5
BIO_printf(bio_err,"md5 ");
#ifndef NO_HMAC
BIO_printf(bio_err,"hmac ");
#endif
#endif
#ifndef NO_SHA1
BIO_printf(bio_err,"sha1 ");
#endif
#ifndef NO_RIPEMD160
BIO_printf(bio_err,"rmd160");
#endif
#if !defined(NO_MD2) || !defined(NO_MDC2) || !defined(NO_MD4) || !defined(NO_MD5) || !defined(NO_SHA1) || !defined(NO_RIPEMD160)
BIO_printf(bio_err,"\n");
#endif
#ifndef NO_IDEA
BIO_printf(bio_err,"idea-cbc ");
#endif
@ -524,20 +633,48 @@ int MAIN(int argc, char **argv)
#ifndef NO_BF
BIO_printf(bio_err,"bf-cbc");
#endif
#if !defined(NO_IDEA) && !defined(NO_RC2) && !defined(NO_BF) && !defined(NO_RC5)
#if !defined(NO_IDEA) || !defined(NO_RC2) || !defined(NO_BF) || !defined(NO_RC5)
BIO_printf(bio_err,"\n");
#endif
BIO_printf(bio_err,"des-cbc des-ede3 ");
#ifndef NO_RC4
BIO_printf(bio_err,"rc4");
#endif
BIO_printf(bio_err,"\n");
#ifndef NO_RSA
BIO_printf(bio_err,"\nrsa512 rsa1024 rsa2048 rsa4096\n");
BIO_printf(bio_err,"rsa512 rsa1024 rsa2048 rsa4096\n");
#endif
#ifndef NO_DSA
BIO_printf(bio_err,"\ndsa512 dsa1024 dsa2048\n");
BIO_printf(bio_err,"dsa512 dsa1024 dsa2048\n");
#endif
#ifndef NO_IDEA
BIO_printf(bio_err,"idea ");
#endif
#ifndef NO_RC2
BIO_printf(bio_err,"rc2 ");
#endif
#ifndef NO_DES
BIO_printf(bio_err,"des ");
#endif
#ifndef NO_RSA
BIO_printf(bio_err,"rsa ");
#endif
#ifndef NO_BF
BIO_printf(bio_err,"blowfish");
#endif
#if !defined(NO_IDEA) || !defined(NO_RC2) || !defined(NO_DES) || !defined(NO_RSA) || !defined(NO_BF)
BIO_printf(bio_err,"\n");
#endif
#ifdef TIMES
BIO_printf(bio_err,"\n");
BIO_printf(bio_err,"Available options:\n");
BIO_printf(bio_err,"-elapsed measure time in real time instead of CPU user time.\n");
#endif
BIO_printf(bio_err,"idea rc2 des rsa blowfish\n");
goto end;
}
argc--;
@ -557,10 +694,13 @@ int MAIN(int argc, char **argv)
for (i=0; i<ALGOR_NUM; i++)
if (doit[i]) pr_header++;
#ifndef TIMES
BIO_printf(bio_err,"To get the most accurate results, try to run this\n");
BIO_printf(bio_err,"program when this computer is idle.\n");
#endif
if (usertime == 0)
BIO_printf(bio_err,"You have chosen to measure elapsed time instead of user CPU time.\n");
if (usertime <= 0)
{
BIO_printf(bio_err,"To get the most accurate results, try to run this\n");
BIO_printf(bio_err,"program when this computer is idle.\n");
}
#ifndef NO_RSA
for (i=0; i<RSA_NUM; i++)
@ -624,14 +764,15 @@ int MAIN(int argc, char **argv)
do {
long i;
count*=2;
Time_F(START);
Time_F(START,usertime);
for (i=count; i; i--)
des_ecb_encrypt(buf_as_des_cblock,buf_as_des_cblock,
&(sch[0]),DES_ENCRYPT);
d=Time_F(STOP);
d=Time_F(STOP,usertime);
} while (d <3);
c[D_MD2][0]=count/10;
c[D_MDC2][0]=count/10;
c[D_MD4][0]=count;
c[D_MD5][0]=count;
c[D_HMAC][0]=count;
c[D_SHA1][0]=count;
@ -649,6 +790,7 @@ int MAIN(int argc, char **argv)
{
c[D_MD2][i]=c[D_MD2][0]*4*lengths[0]/lengths[i];
c[D_MDC2][i]=c[D_MDC2][0]*4*lengths[0]/lengths[i];
c[D_MD4][i]=c[D_MD4][0]*4*lengths[0]/lengths[i];
c[D_MD5][i]=c[D_MD5][0]*4*lengths[0]/lengths[i];
c[D_HMAC][i]=c[D_HMAC][0]*4*lengths[0]/lengths[i];
c[D_SHA1][i]=c[D_SHA1][0]*4*lengths[0]/lengths[i];
@ -725,10 +867,10 @@ int MAIN(int argc, char **argv)
for (j=0; j<SIZE_NUM; j++)
{
print_message(names[D_MD2],c[D_MD2][j],lengths[j]);
Time_F(START);
Time_F(START,usertime);
for (count=0,run=1; COND(c[D_MD2][j]); count++)
MD2(buf,(unsigned long)lengths[j],&(md2[0]));
d=Time_F(STOP);
d=Time_F(STOP,usertime);
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
count,names[D_MD2],d);
results[D_MD2][j]=((double)count)/d*lengths[j];
@ -741,10 +883,10 @@ int MAIN(int argc, char **argv)
for (j=0; j<SIZE_NUM; j++)
{
print_message(names[D_MDC2],c[D_MDC2][j],lengths[j]);
Time_F(START);
Time_F(START,usertime);
for (count=0,run=1; COND(c[D_MDC2][j]); count++)
MDC2(buf,(unsigned long)lengths[j],&(mdc2[0]));
d=Time_F(STOP);
d=Time_F(STOP,usertime);
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
count,names[D_MDC2],d);
results[D_MDC2][j]=((double)count)/d*lengths[j];
@ -752,16 +894,33 @@ int MAIN(int argc, char **argv)
}
#endif
#ifndef NO_MD4
if (doit[D_MD4])
{
for (j=0; j<SIZE_NUM; j++)
{
print_message(names[D_MD4],c[D_MD4][j],lengths[j]);
Time_F(START,usertime);
for (count=0,run=1; COND(c[D_MD4][j]); count++)
MD4(&(buf[0]),(unsigned long)lengths[j],&(md4[0]));
d=Time_F(STOP,usertime);
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
count,names[D_MD4],d);
results[D_MD4][j]=((double)count)/d*lengths[j];
}
}
#endif
#ifndef NO_MD5
if (doit[D_MD5])
{
for (j=0; j<SIZE_NUM; j++)
{
print_message(names[D_MD5],c[D_MD5][j],lengths[j]);
Time_F(START);
Time_F(START,usertime);
for (count=0,run=1; COND(c[D_MD5][j]); count++)
MD5(&(buf[0]),(unsigned long)lengths[j],&(md5[0]));
d=Time_F(STOP);
d=Time_F(STOP,usertime);
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
count,names[D_MD5],d);
results[D_MD5][j]=((double)count)/d*lengths[j];
@ -779,14 +938,14 @@ int MAIN(int argc, char **argv)
for (j=0; j<SIZE_NUM; j++)
{
print_message(names[D_HMAC],c[D_HMAC][j],lengths[j]);
Time_F(START);
Time_F(START,usertime);
for (count=0,run=1; COND(c[D_HMAC][j]); count++)
{
HMAC_Init(&hctx,NULL,0,NULL);
HMAC_Update(&hctx,buf,lengths[j]);
HMAC_Final(&hctx,&(hmac[0]),NULL);
}
d=Time_F(STOP);
d=Time_F(STOP,usertime);
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
count,names[D_HMAC],d);
results[D_HMAC][j]=((double)count)/d*lengths[j];
@ -799,10 +958,10 @@ int MAIN(int argc, char **argv)
for (j=0; j<SIZE_NUM; j++)
{
print_message(names[D_SHA1],c[D_SHA1][j],lengths[j]);
Time_F(START);
Time_F(START,usertime);
for (count=0,run=1; COND(c[D_SHA1][j]); count++)
SHA1(buf,(unsigned long)lengths[j],&(sha[0]));
d=Time_F(STOP);
d=Time_F(STOP,usertime);
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
count,names[D_SHA1],d);
results[D_SHA1][j]=((double)count)/d*lengths[j];
@ -815,10 +974,10 @@ int MAIN(int argc, char **argv)
for (j=0; j<SIZE_NUM; j++)
{
print_message(names[D_RMD160],c[D_RMD160][j],lengths[j]);
Time_F(START);
Time_F(START,usertime);
for (count=0,run=1; COND(c[D_RMD160][j]); count++)
RIPEMD160(buf,(unsigned long)lengths[j],&(rmd160[0]));
d=Time_F(STOP);
d=Time_F(STOP,usertime);
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
count,names[D_RMD160],d);
results[D_RMD160][j]=((double)count)/d*lengths[j];
@ -831,11 +990,11 @@ int MAIN(int argc, char **argv)
for (j=0; j<SIZE_NUM; j++)
{
print_message(names[D_RC4],c[D_RC4][j],lengths[j]);
Time_F(START);
Time_F(START,usertime);
for (count=0,run=1; COND(c[D_RC4][j]); count++)
RC4(&rc4_ks,(unsigned int)lengths[j],
buf,buf);
d=Time_F(STOP);
d=Time_F(STOP,usertime);
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
count,names[D_RC4],d);
results[D_RC4][j]=((double)count)/d*lengths[j];
@ -848,11 +1007,11 @@ int MAIN(int argc, char **argv)
for (j=0; j<SIZE_NUM; j++)
{
print_message(names[D_CBC_DES],c[D_CBC_DES][j],lengths[j]);
Time_F(START);
Time_F(START,usertime);
for (count=0,run=1; COND(c[D_CBC_DES][j]); count++)
des_ncbc_encrypt(buf,buf,lengths[j],sch,
&iv,DES_ENCRYPT);
d=Time_F(STOP);
d=Time_F(STOP,usertime);
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
count,names[D_CBC_DES],d);
results[D_CBC_DES][j]=((double)count)/d*lengths[j];
@ -864,12 +1023,12 @@ int MAIN(int argc, char **argv)
for (j=0; j<SIZE_NUM; j++)
{
print_message(names[D_EDE3_DES],c[D_EDE3_DES][j],lengths[j]);
Time_F(START);
Time_F(START,usertime);
for (count=0,run=1; COND(c[D_EDE3_DES][j]); count++)
des_ede3_cbc_encrypt(buf,buf,lengths[j],
sch,sch2,sch3,
&iv,DES_ENCRYPT);
d=Time_F(STOP);
d=Time_F(STOP,usertime);
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
count,names[D_EDE3_DES],d);
results[D_EDE3_DES][j]=((double)count)/d*lengths[j];
@ -882,12 +1041,12 @@ int MAIN(int argc, char **argv)
for (j=0; j<SIZE_NUM; j++)
{
print_message(names[D_CBC_IDEA],c[D_CBC_IDEA][j],lengths[j]);
Time_F(START);
Time_F(START,usertime);
for (count=0,run=1; COND(c[D_CBC_IDEA][j]); count++)
idea_cbc_encrypt(buf,buf,
(unsigned long)lengths[j],&idea_ks,
iv,IDEA_ENCRYPT);
d=Time_F(STOP);
d=Time_F(STOP,usertime);
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
count,names[D_CBC_IDEA],d);
results[D_CBC_IDEA][j]=((double)count)/d*lengths[j];
@ -900,12 +1059,12 @@ int MAIN(int argc, char **argv)
for (j=0; j<SIZE_NUM; j++)
{
print_message(names[D_CBC_RC2],c[D_CBC_RC2][j],lengths[j]);
Time_F(START);
Time_F(START,usertime);
for (count=0,run=1; COND(c[D_CBC_RC2][j]); count++)
RC2_cbc_encrypt(buf,buf,
(unsigned long)lengths[j],&rc2_ks,
iv,RC2_ENCRYPT);
d=Time_F(STOP);
d=Time_F(STOP,usertime);
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
count,names[D_CBC_RC2],d);
results[D_CBC_RC2][j]=((double)count)/d*lengths[j];
@ -918,12 +1077,12 @@ int MAIN(int argc, char **argv)
for (j=0; j<SIZE_NUM; j++)
{
print_message(names[D_CBC_RC5],c[D_CBC_RC5][j],lengths[j]);
Time_F(START);
Time_F(START,usertime);
for (count=0,run=1; COND(c[D_CBC_RC5][j]); count++)
RC5_32_cbc_encrypt(buf,buf,
(unsigned long)lengths[j],&rc5_ks,
iv,RC5_ENCRYPT);
d=Time_F(STOP);
d=Time_F(STOP,usertime);
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
count,names[D_CBC_RC5],d);
results[D_CBC_RC5][j]=((double)count)/d*lengths[j];
@ -936,12 +1095,12 @@ int MAIN(int argc, char **argv)
for (j=0; j<SIZE_NUM; j++)
{
print_message(names[D_CBC_BF],c[D_CBC_BF][j],lengths[j]);
Time_F(START);
Time_F(START,usertime);
for (count=0,run=1; COND(c[D_CBC_BF][j]); count++)
BF_cbc_encrypt(buf,buf,
(unsigned long)lengths[j],&bf_ks,
iv,BF_ENCRYPT);
d=Time_F(STOP);
d=Time_F(STOP,usertime);
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
count,names[D_CBC_BF],d);
results[D_CBC_BF][j]=((double)count)/d*lengths[j];
@ -954,12 +1113,12 @@ int MAIN(int argc, char **argv)
for (j=0; j<SIZE_NUM; j++)
{
print_message(names[D_CBC_CAST],c[D_CBC_CAST][j],lengths[j]);
Time_F(START);
Time_F(START,usertime);
for (count=0,run=1; COND(c[D_CBC_CAST][j]); count++)
CAST_cbc_encrypt(buf,buf,
(unsigned long)lengths[j],&cast_ks,
iv,CAST_ENCRYPT);
d=Time_F(STOP);
d=Time_F(STOP,usertime);
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
count,names[D_CBC_CAST],d);
results[D_CBC_CAST][j]=((double)count)/d*lengths[j];
@ -974,49 +1133,73 @@ int MAIN(int argc, char **argv)
int ret;
if (!rsa_doit[j]) continue;
ret=RSA_sign(NID_md5_sha1, buf,36, buf2, &rsa_num, rsa_key[j]);
pkey_print_message("private","rsa",rsa_c[j][0],rsa_bits[j],
RSA_SECONDS);
/* RSA_blinding_on(rsa_key[j],NULL); */
Time_F(START);
for (count=0,run=1; COND(rsa_c[j][0]); count++)
if (ret == 0)
{
ret=RSA_sign(NID_md5_sha1, buf,36, buf2, &rsa_num,
rsa_key[j]);
if (ret <= 0)
{
BIO_printf(bio_err,"RSA private encrypt failure\n");
ERR_print_errors(bio_err);
count=1;
break;
}
BIO_printf(bio_err,"RSA sign failure. No RSA sign will be done.\n");
ERR_print_errors(bio_err);
rsa_count=1;
}
else
{
pkey_print_message("private","rsa",
rsa_c[j][0],rsa_bits[j],
RSA_SECONDS);
/* RSA_blinding_on(rsa_key[j],NULL); */
Time_F(START,usertime);
for (count=0,run=1; COND(rsa_c[j][0]); count++)
{
ret=RSA_sign(NID_md5_sha1, buf,36, buf2,
&rsa_num, rsa_key[j]);
if (ret == 0)
{
BIO_printf(bio_err,
"RSA sign failure\n");
ERR_print_errors(bio_err);
count=1;
break;
}
}
d=Time_F(STOP,usertime);
BIO_printf(bio_err,
"%ld %d bit private RSA's in %.2fs\n",
count,rsa_bits[j],d);
rsa_results[j][0]=d/(double)count;
rsa_count=count;
}
d=Time_F(STOP);
BIO_printf(bio_err,"%ld %d bit private RSA's in %.2fs\n",
count,rsa_bits[j],d);
rsa_results[j][0]=d/(double)count;
rsa_count=count;
#if 1
ret=RSA_verify(NID_md5_sha1, buf,36, buf2, rsa_num, rsa_key[j]);
pkey_print_message("public","rsa",rsa_c[j][1],rsa_bits[j],
RSA_SECONDS);
Time_F(START);
for (count=0,run=1; COND(rsa_c[j][1]); count++)
if (ret <= 0)
{
ret=RSA_verify(NID_md5_sha1, buf,36, buf2, rsa_num,
rsa_key[j]);
if (ret <= 0)
{
BIO_printf(bio_err,"RSA verify failure\n");
ERR_print_errors(bio_err);
count=1;
break;
}
BIO_printf(bio_err,"RSA verify failure. No RSA verify will be done.\n");
ERR_print_errors(bio_err);
dsa_doit[j] = 0;
}
else
{
pkey_print_message("public","rsa",
rsa_c[j][1],rsa_bits[j],
RSA_SECONDS);
Time_F(START,usertime);
for (count=0,run=1; COND(rsa_c[j][1]); count++)
{
ret=RSA_verify(NID_md5_sha1, buf,36, buf2,
rsa_num, rsa_key[j]);
if (ret == 0)
{
BIO_printf(bio_err,
"RSA verify failure\n");
ERR_print_errors(bio_err);
count=1;
break;
}
}
d=Time_F(STOP,usertime);
BIO_printf(bio_err,
"%ld %d bit public RSA's in %.2fs\n",
count,rsa_bits[j],d);
rsa_results[j][1]=d/(double)count;
}
d=Time_F(STOP);
BIO_printf(bio_err,"%ld %d bit public RSA's in %.2fs\n",
count,rsa_bits[j],d);
rsa_results[j][1]=d/(double)count;
#endif
if (rsa_count <= 1)
@ -1038,54 +1221,77 @@ int MAIN(int argc, char **argv)
for (j=0; j<DSA_NUM; j++)
{
unsigned int kk;
int ret;
if (!dsa_doit[j]) continue;
DSA_generate_key(dsa_key[j]);
/* DSA_sign_setup(dsa_key[j],NULL); */
rsa_num=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
&kk,dsa_key[j]);
pkey_print_message("sign","dsa",dsa_c[j][0],dsa_bits[j],
DSA_SECONDS);
Time_F(START);
for (count=0,run=1; COND(dsa_c[j][0]); count++)
if (ret == 0)
{
rsa_num=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
&kk,dsa_key[j]);
if (rsa_num == 0)
{
BIO_printf(bio_err,"DSA sign failure\n");
ERR_print_errors(bio_err);
count=1;
break;
}
BIO_printf(bio_err,"DSA sign failure. No DSA sign will be done.\n");
ERR_print_errors(bio_err);
rsa_count=1;
}
else
{
pkey_print_message("sign","dsa",
dsa_c[j][0],dsa_bits[j],
DSA_SECONDS);
Time_F(START,usertime);
for (count=0,run=1; COND(dsa_c[j][0]); count++)
{
ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
&kk,dsa_key[j]);
if (ret == 0)
{
BIO_printf(bio_err,
"DSA sign failure\n");
ERR_print_errors(bio_err);
count=1;
break;
}
}
d=Time_F(STOP,usertime);
BIO_printf(bio_err,"%ld %d bit DSA signs in %.2fs\n",
count,dsa_bits[j],d);
dsa_results[j][0]=d/(double)count;
rsa_count=count;
}
d=Time_F(STOP);
BIO_printf(bio_err,"%ld %d bit DSA signs in %.2fs\n",
count,dsa_bits[j],d);
dsa_results[j][0]=d/(double)count;
rsa_count=count;
rsa_num2=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
ret=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
kk,dsa_key[j]);
pkey_print_message("verify","dsa",dsa_c[j][1],dsa_bits[j],
DSA_SECONDS);
Time_F(START);
for (count=0,run=1; COND(dsa_c[j][1]); count++)
if (ret <= 0)
{
rsa_num2=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
kk,dsa_key[j]);
if (rsa_num2 == 0)
{
BIO_printf(bio_err,"DSA verify failure\n");
ERR_print_errors(bio_err);
count=1;
break;
}
BIO_printf(bio_err,"DSA verify failure. No DSA verify will be done.\n");
ERR_print_errors(bio_err);
dsa_doit[j] = 0;
}
else
{
pkey_print_message("verify","dsa",
dsa_c[j][1],dsa_bits[j],
DSA_SECONDS);
Time_F(START,usertime);
for (count=0,run=1; COND(dsa_c[j][1]); count++)
{
ret=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
kk,dsa_key[j]);
if (ret <= 0)
{
BIO_printf(bio_err,
"DSA verify failure\n");
ERR_print_errors(bio_err);
count=1;
break;
}
}
d=Time_F(STOP,usertime);
BIO_printf(bio_err,"%ld %d bit DSA verify in %.2fs\n",
count,dsa_bits[j],d);
dsa_results[j][1]=d/(double)count;
}
d=Time_F(STOP);
BIO_printf(bio_err,"%ld %d bit DSA verify in %.2fs\n",
count,dsa_bits[j],d);
dsa_results[j][1]=d/(double)count;
if (rsa_count <= 1)
{
@ -1173,8 +1379,8 @@ int MAIN(int argc, char **argv)
#endif
mret=0;
end:
if (buf != NULL) Free(buf);
if (buf2 != NULL) Free(buf2);
if (buf != NULL) OPENSSL_free(buf);
if (buf2 != NULL) OPENSSL_free(buf2);
#ifndef NO_RSA
for (i=0; i<RSA_NUM; i++)
if (rsa_key[i] != NULL)

26
crypto/openssl/apps/spkac.c
View File

@ -192,7 +192,15 @@ int MAIN(int argc, char **argv)
spkstr = NETSCAPE_SPKI_b64_encode(spki);
if (outfile) out = BIO_new_file(outfile, "w");
else out = BIO_new_fp(stdout, BIO_NOCLOSE);
else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
if(!out) {
BIO_printf(bio_err, "Error opening output file\n");
@ -200,7 +208,7 @@ int MAIN(int argc, char **argv)
goto end;
}
BIO_printf(out, "SPKAC=%s\n", spkstr);
Free(spkstr);
OPENSSL_free(spkstr);
ret = 0;
goto end;
}
@ -241,7 +249,15 @@ int MAIN(int argc, char **argv)
}
if (outfile) out = BIO_new_file(outfile, "w");
else out = BIO_new_fp(stdout, BIO_NOCLOSE);
else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
if(!out) {
BIO_printf(bio_err, "Error opening output file\n");
@ -268,9 +284,9 @@ int MAIN(int argc, char **argv)
CONF_free(conf);
NETSCAPE_SPKI_free(spki);
BIO_free(in);
BIO_free(out);
BIO_free_all(out);
BIO_free(key);
EVP_PKEY_free(pkey);
if(passin) Free(passin);
if(passin) OPENSSL_free(passin);
EXIT(ret);
}

35
crypto/openssl/apps/verify.c
View File

@ -70,9 +70,9 @@
#define PROG verify_main
static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx);
static int check(X509_STORE *ctx,char *file, STACK_OF(X509)*other, int purpose);
static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose);
static STACK_OF(X509) *load_untrusted(char *file);
static int v_verbose=0;
static int v_verbose=0, issuer_checks = 0;
int MAIN(int, char **);
@ -81,8 +81,8 @@ int MAIN(int argc, char **argv)
int i,ret=1;
int purpose = -1;
char *CApath=NULL,*CAfile=NULL;
char *untfile = NULL;
STACK_OF(X509) *untrusted = NULL;
char *untfile = NULL, *trustfile = NULL;
STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
X509_STORE *cert_ctx=NULL;
X509_LOOKUP *lookup=NULL;
@ -132,8 +132,15 @@ int MAIN(int argc, char **argv)
if (argc-- < 1) goto end;
untfile= *(++argv);
}
else if (strcmp(*argv,"-trusted") == 0)
{
if (argc-- < 1) goto end;
trustfile= *(++argv);
}
else if (strcmp(*argv,"-help") == 0)
goto end;
else if (strcmp(*argv,"-issuer_checks") == 0)
issuer_checks=1;
else if (strcmp(*argv,"-verbose") == 0)
v_verbose=1;
else if (argv[0][0] == '-')
@ -179,14 +186,22 @@ int MAIN(int argc, char **argv)
}
}
if (argc < 1) check(cert_ctx, NULL, untrusted, purpose);
if(trustfile) {
if(!(trusted = load_untrusted(trustfile))) {
BIO_printf(bio_err, "Error loading untrusted file %s\n", trustfile);
ERR_print_errors(bio_err);
goto end;
}
}
if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, purpose);
else
for (i=0; i<argc; i++)
check(cert_ctx,argv[i], untrusted, purpose);
check(cert_ctx,argv[i], untrusted, trusted, purpose);
ret=0;
end:
if (ret == 1) {
BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] cert1 cert2 ...\n");
BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] cert1 cert2 ...\n");
BIO_printf(bio_err,"recognized usages:\n");
for(i = 0; i < X509_PURPOSE_get_count(); i++) {
X509_PURPOSE *ptmp;
@ -197,10 +212,11 @@ int MAIN(int argc, char **argv)
}
if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
sk_X509_pop_free(untrusted, X509_free);
sk_X509_pop_free(trusted, X509_free);
EXIT(ret);
}
static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, int purpose)
static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose)
{
X509 *x=NULL;
BIO *in=NULL;
@ -242,7 +258,10 @@ static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, int purpos
goto end;
}
X509_STORE_CTX_init(csc,ctx,x,uchain);
if(tchain) X509_STORE_CTX_trusted_stack(csc, tchain);
if(purpose >= 0) X509_STORE_CTX_set_purpose(csc, purpose);
if(issuer_checks)
X509_STORE_CTX_set_flags(csc, X509_V_FLAG_CB_ISSUER_CHECK);
i=X509_verify_cert(csc);
X509_STORE_CTX_free(csc);

369
crypto/openssl/apps/x509.c
View File

@ -81,8 +81,6 @@
#define POSTFIX ".srl"
#define DEF_DAYS 30
#define CERT_HDR "certificate"
static char *x509_usage[]={
"usage: x509 args\n",
" -inform arg - input format - default PEM (one of DER, NET or PEM)\n",
@ -97,6 +95,7 @@ static char *x509_usage[]={
" -hash - print hash value\n",
" -subject - print subject DN\n",
" -issuer - print issuer DN\n",
" -email - print email address(es)\n",
" -startdate - notBefore field\n",
" -enddate - notAfter field\n",
" -purpose - print out certificate purposes\n",
@ -113,6 +112,8 @@ static char *x509_usage[]={
" -addreject arg - reject certificate for a given purpose\n",
" -setalias arg - set certificate alias\n",
" -days arg - How long till expiry of a signed certificate - def 30 days\n",
" -checkend arg - check whether the cert expires in the next arg seconds\n",
" exit 1 if so, 0 if not\n",
" -signkey arg - self sign cert with arg\n",
" -x509toreq - output a certification request object\n",
" -req - input is a certificate request, sign and output.\n",
@ -127,12 +128,11 @@ static char *x509_usage[]={
" -extfile - configuration file with X509V3 extensions to add\n",
" -extensions - section from config file with X509V3 extensions to add\n",
" -clrext - delete extensions before signing and input certificate\n",
" -nameopt arg - various certificate name options\n",
NULL
};
static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
static EVP_PKEY *load_key(char *file, int format, char *passin);
static X509 *load_cert(char *file, int format);
static int sign (X509 *x, EVP_PKEY *pkey,int days,int clrext, const EVP_MD *digest,
LHASH *conf, char *section);
static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest,
@ -159,7 +159,7 @@ int MAIN(int argc, char **argv)
char *CAkeyfile=NULL,*CAserial=NULL;
char *alias=NULL;
int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0;
int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0;
int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;
int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
int C=0;
int x509req=0,days=DEF_DAYS,modulus=0,pubkey=0;
@ -173,6 +173,8 @@ int MAIN(int argc, char **argv)
LHASH *extconf = NULL;
char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
int need_rand = 0;
int checkend=0,checkoffset=0;
unsigned long nmflag = 0;
reqfile=0;
@ -181,6 +183,12 @@ int MAIN(int argc, char **argv)
if (bio_err == NULL)
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
STDout = BIO_push(tmpbio, STDout);
}
#endif
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
@ -289,24 +297,26 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv,"-addtrust") == 0)
{
if (--argc < 1) goto bad;
if(!(objtmp = OBJ_txt2obj(*(++argv), 0))) {
if (!(objtmp = OBJ_txt2obj(*(++argv), 0)))
{
BIO_printf(bio_err,
"Invalid trust object value %s\n", *argv);
goto bad;
}
if(!trust) trust = sk_ASN1_OBJECT_new_null();
}
if (!trust) trust = sk_ASN1_OBJECT_new_null();
sk_ASN1_OBJECT_push(trust, objtmp);
trustout = 1;
}
else if (strcmp(*argv,"-addreject") == 0)
{
if (--argc < 1) goto bad;
if(!(objtmp = OBJ_txt2obj(*(++argv), 0))) {
if (!(objtmp = OBJ_txt2obj(*(++argv), 0)))
{
BIO_printf(bio_err,
"Invalid reject object value %s\n", *argv);
goto bad;
}
if(!reject) reject = sk_ASN1_OBJECT_new_null();
}
if (!reject) reject = sk_ASN1_OBJECT_new_null();
sk_ASN1_OBJECT_push(reject, objtmp);
trustout = 1;
}
@ -316,6 +326,11 @@ int MAIN(int argc, char **argv)
alias= *(++argv);
trustout = 1;
}
else if (strcmp(*argv,"-nameopt") == 0)
{
if (--argc < 1) goto bad;
if (!set_name_ex(&nmflag, *(++argv))) goto bad;
}
else if (strcmp(*argv,"-setalias") == 0)
{
if (--argc < 1) goto bad;
@ -324,6 +339,8 @@ int MAIN(int argc, char **argv)
}
else if (strcmp(*argv,"-C") == 0)
C= ++num;
else if (strcmp(*argv,"-email") == 0)
email= ++num;
else if (strcmp(*argv,"-serial") == 0)
serial= ++num;
else if (strcmp(*argv,"-modulus") == 0)
@ -353,6 +370,12 @@ int MAIN(int argc, char **argv)
startdate= ++num;
else if (strcmp(*argv,"-enddate") == 0)
enddate= ++num;
else if (strcmp(*argv,"-checkend") == 0)
{
if (--argc < 1) goto bad;
checkoffset=atoi(*(++argv));
checkend=1;
}
else if (strcmp(*argv,"-noout") == 0)
noout= ++num;
else if (strcmp(*argv,"-trustout") == 0)
@ -402,10 +425,11 @@ int MAIN(int argc, char **argv)
ERR_load_crypto_strings();
if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))
{
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
}
if (!X509_STORE_set_default_paths(ctx))
{
@ -421,10 +445,12 @@ int MAIN(int argc, char **argv)
goto end;
}
if (extfile) {
if (extfile)
{
long errorline;
X509V3_CTX ctx2;
if (!(extconf=CONF_load(NULL,extfile,&errorline))) {
if (!(extconf=CONF_load(NULL,extfile,&errorline)))
{
if (errorline <= 0)
BIO_printf(bio_err,
"error loading the config file '%s'\n",
@ -434,19 +460,20 @@ int MAIN(int argc, char **argv)
"error on line %ld of config file '%s'\n"
,errorline,extfile);
goto end;
}
if(!extsect && !(extsect = CONF_get_string(extconf, "default",
}
if (!extsect && !(extsect = CONF_get_string(extconf, "default",
"extensions"))) extsect = "default";
X509V3_set_ctx_test(&ctx2);
X509V3_set_conf_lhash(&ctx2, extconf);
if(!X509V3_EXT_add_conf(extconf, &ctx2, extsect, NULL)) {
if (!X509V3_EXT_add_conf(extconf, &ctx2, extsect, NULL))
{
BIO_printf(bio_err,
"Error Loading extension section %s\n",
extsect);
ERR_print_errors(bio_err);
goto end;
}
}
}
}
if (reqfile)
@ -474,13 +501,18 @@ int MAIN(int argc, char **argv)
if (BIO_read_filename(in,infile) <= 0)
{
perror(infile);
BIO_free(in);
goto end;
}
}
req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL);
BIO_free(in);
if (req == NULL) { perror(infile); goto end; }
if (req == NULL)
{
ERR_print_errors(bio_err);
goto end;
}
if ( (req->req_info == NULL) ||
(req->req_info->pubkey == NULL) ||
@ -511,9 +543,8 @@ int MAIN(int argc, char **argv)
}
else
BIO_printf(bio_err,"Signature ok\n");
X509_NAME_oneline(req->req_info->subject,buf,256);
BIO_printf(bio_err,"subject=%s\n",buf);
print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), nmflag);
if ((x=X509_new()) == NULL) goto end;
ci=x->cert_info;
@ -530,12 +561,12 @@ int MAIN(int argc, char **argv)
EVP_PKEY_free(pkey);
}
else
x=load_cert(infile,informat);
x=load_cert(bio_err,infile,informat);
if (x == NULL) goto end;
if (CA_flag)
{
xca=load_cert(CAfile,CAformat);
xca=load_cert(bio_err,CAfile,CAformat);
if (xca == NULL) goto end;
}
@ -551,7 +582,15 @@ int MAIN(int argc, char **argv)
goto end;
}
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
@ -562,24 +601,28 @@ int MAIN(int argc, char **argv)
}
}
if(alias) X509_alias_set1(x, (unsigned char *)alias, -1);
if (alias) X509_alias_set1(x, (unsigned char *)alias, -1);
if(clrtrust) X509_trust_clear(x);
if(clrreject) X509_reject_clear(x);
if (clrtrust) X509_trust_clear(x);
if (clrreject) X509_reject_clear(x);
if(trust) {
for(i = 0; i < sk_ASN1_OBJECT_num(trust); i++) {
if (trust)
{
for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++)
{
objtmp = sk_ASN1_OBJECT_value(trust, i);
X509_add1_trust_object(x, objtmp);
}
}
}
if(reject) {
for(i = 0; i < sk_ASN1_OBJECT_num(reject); i++) {
if (reject)
{
for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++)
{
objtmp = sk_ASN1_OBJECT_value(reject, i);
X509_add1_reject_object(x, objtmp);
}
}
}
if (num)
{
@ -587,15 +630,13 @@ int MAIN(int argc, char **argv)
{
if (issuer == i)
{
X509_NAME_oneline(X509_get_issuer_name(x),
buf,256);
BIO_printf(STDout,"issuer= %s\n",buf);
print_name(STDout, "issuer= ",
X509_get_issuer_name(x), nmflag);
}
else if (subject == i)
{
X509_NAME_oneline(X509_get_subject_name(x),
buf,256);
BIO_printf(STDout,"subject=%s\n",buf);
print_name(STDout, "subject= ",
X509_get_subject_name(x), nmflag);
}
else if (serial == i)
{
@ -603,11 +644,20 @@ int MAIN(int argc, char **argv)
i2a_ASN1_INTEGER(STDout,x->cert_info->serialNumber);
BIO_printf(STDout,"\n");
}
else if (email == i)
{
int j;
STACK *emlst;
emlst = X509_get1_email(x);
for (j = 0; j < sk_num(emlst); j++)
BIO_printf(STDout, "%s\n", sk_value(emlst, j));
X509_email_free(emlst);
}
else if (aliasout == i)
{
unsigned char *alstr;
alstr = X509_alias_get0(x, NULL);
if(alstr) BIO_printf(STDout,"%s\n", alstr);
if (alstr) BIO_printf(STDout,"%s\n", alstr);
else BIO_puts(STDout,"<No Alias>\n");
}
else if (hash == i)
@ -619,7 +669,7 @@ int MAIN(int argc, char **argv)
X509_PURPOSE *ptmp;
int j;
BIO_printf(STDout, "Certificate purposes:\n");
for(j = 0; j < X509_PURPOSE_get_count(); j++)
for (j = 0; j < X509_PURPOSE_get_count(); j++)
{
ptmp = X509_PURPOSE_get0(j);
purpose_print(STDout, x, ptmp);
@ -682,7 +732,7 @@ int MAIN(int argc, char **argv)
BIO_printf(STDout,"/* issuer :%s */\n",buf);
z=i2d_X509(x,NULL);
m=Malloc(z);
m=OPENSSL_malloc(z);
d=(unsigned char *)m;
z=i2d_X509_NAME(X509_get_subject_name(x),&d);
@ -720,7 +770,7 @@ int MAIN(int argc, char **argv)
if (y%16 != 0) BIO_printf(STDout,"\n");
BIO_printf(STDout,"};\n");
Free(m);
OPENSSL_free(m);
}
else if (text == i)
{
@ -765,7 +815,8 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err,"Getting Private key\n");
if (Upkey == NULL)
{
Upkey=load_key(keyfile,keyformat, passin);
Upkey=load_key(bio_err,
keyfile,keyformat, passin);
if (Upkey == NULL) goto end;
}
#ifndef NO_DSA
@ -782,7 +833,8 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err,"Getting CA Private Key\n");
if (CAkeyfile != NULL)
{
CApkey=load_key(CAkeyfile,CAkeyformat, passin);
CApkey=load_key(bio_err,
CAkeyfile,CAkeyformat, passin);
if (CApkey == NULL) goto end;
}
#ifndef NO_DSA
@ -808,7 +860,8 @@ int MAIN(int argc, char **argv)
}
else
{
pk=load_key(keyfile,FORMAT_PEM, passin);
pk=load_key(bio_err,
keyfile,FORMAT_PEM, passin);
if (pk == NULL) goto end;
}
@ -834,6 +887,23 @@ int MAIN(int argc, char **argv)
}
}
if (checkend)
{
time_t tnow=time(NULL);
if (ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(x), tnow+checkoffset) == -1)
{
BIO_printf(out,"Certificate will expire\n");
ret=1;
}
else
{
BIO_printf(out,"Certificate will not expire\n");
ret=0;
}
goto end;
}
if (noout)
{
ret=0;
@ -842,16 +912,18 @@ int MAIN(int argc, char **argv)
if (outformat == FORMAT_ASN1)
i=i2d_X509_bio(out,x);
else if (outformat == FORMAT_PEM) {
if(trustout) i=PEM_write_bio_X509_AUX(out,x);
else if (outformat == FORMAT_PEM)
{
if (trustout) i=PEM_write_bio_X509_AUX(out,x);
else i=PEM_write_bio_X509(out,x);
} else if (outformat == FORMAT_NETSCAPE)
}
else if (outformat == FORMAT_NETSCAPE)
{
ASN1_HEADER ah;
ASN1_OCTET_STRING os;
os.data=(unsigned char *)CERT_HDR;
os.length=strlen(CERT_HDR);
os.data=(unsigned char *)NETSCAPE_CERT_HDR;
os.length=strlen(NETSCAPE_CERT_HDR);
ah.header= &os;
ah.data=(char *)x;
ah.meth=X509_asn1_meth();
@ -863,7 +935,8 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
if (!i) {
if (!i)
{
BIO_printf(bio_err,"unable to write certificate\n");
ERR_print_errors(bio_err);
goto end;
@ -874,8 +947,8 @@ int MAIN(int argc, char **argv)
app_RAND_write_file(NULL, bio_err);
OBJ_cleanup();
CONF_free(extconf);
BIO_free(out);
BIO_free(STDout);
BIO_free_all(out);
BIO_free_all(STDout);
X509_STORE_free(ctx);
X509_REQ_free(req);
X509_free(x);
@ -885,7 +958,7 @@ int MAIN(int argc, char **argv)
X509_REQ_free(rq);
sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
if(passin) Free(passin);
if (passin) OPENSSL_free(passin);
EXIT(ret);
}
@ -907,7 +980,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
EVP_PKEY_free(upkey);
X509_STORE_CTX_init(&xsc,ctx,x,NULL);
buf=Malloc(EVP_PKEY_size(pkey)*2+
buf=OPENSSL_malloc(EVP_PKEY_size(pkey)*2+
((serialfile == NULL)
?(strlen(CAfile)+strlen(POSTFIX)+1)
:(strlen(serialfile)))+1);
@ -1012,17 +1085,19 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)
goto end;
if(clrext) {
while(X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
}
if (clrext)
{
while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
}
if(conf) {
if (conf)
{
X509V3_CTX ctx2;
X509_set_version(x,2); /* version 3 certificate */
X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
X509V3_set_conf_lhash(&ctx2, conf);
if(!X509V3_EXT_add_conf(conf, &ctx2, section, x)) goto end;
}
if (!X509V3_EXT_add_conf(conf, &ctx2, section, x)) goto end;
}
if (!X509_sign(x,pkey,digest)) goto end;
ret=1;
@ -1030,16 +1105,15 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
X509_STORE_CTX_cleanup(&xsc);
if (!ret)
ERR_print_errors(bio_err);
if (buf != NULL) Free(buf);
if (buf != NULL) OPENSSL_free(buf);
if (bs != NULL) ASN1_INTEGER_free(bs);
if (io != NULL) BIO_free(io);
if (serial != NULL) BN_free(serial);
return(ret);
return ret;
}
static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
{
char buf[256];
int err;
X509 *err_cert;
@ -1048,7 +1122,7 @@ static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
* final ok == 1 calls to this function */
err=X509_STORE_CTX_get_error(ctx);
if (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
return(1);
return 1;
/* BAD we should have gotten an error. Normally if everything
* worked X509_STORE_CTX_get_error(ctx) will still be set to
@ -1056,147 +1130,19 @@ static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
if (ok)
{
BIO_printf(bio_err,"error with certificate to be certified - should be self signed\n");
return(0);
return 0;
}
else
{
err_cert=X509_STORE_CTX_get_current_cert(ctx);
X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
BIO_printf(bio_err,"%s\n",buf);
print_name(bio_err, NULL, X509_get_subject_name(err_cert),0);
BIO_printf(bio_err,"error with certificate - error %d at depth %d\n%s\n",
err,X509_STORE_CTX_get_error_depth(ctx),
X509_verify_cert_error_string(err));
return(1);
return 1;
}
}
static EVP_PKEY *load_key(char *file, int format, char *passin)
{
BIO *key=NULL;
EVP_PKEY *pkey=NULL;
if (file == NULL)
{
BIO_printf(bio_err,"no keyfile specified\n");
goto end;
}
key=BIO_new(BIO_s_file());
if (key == NULL)
{
ERR_print_errors(bio_err);
goto end;
}
if (BIO_read_filename(key,file) <= 0)
{
perror(file);
goto end;
}
if (format == FORMAT_ASN1)
{
pkey=d2i_PrivateKey_bio(key, NULL);
}
else if (format == FORMAT_PEM)
{
pkey=PEM_read_bio_PrivateKey(key,NULL,NULL,passin);
}
else
{
BIO_printf(bio_err,"bad input format specified for key\n");
goto end;
}
end:
if (key != NULL) BIO_free(key);
if (pkey == NULL)
BIO_printf(bio_err,"unable to load Private Key\n");
return(pkey);
}
static X509 *load_cert(char *file, int format)
{
ASN1_HEADER *ah=NULL;
BUF_MEM *buf=NULL;
X509 *x=NULL;
BIO *cert;
if ((cert=BIO_new(BIO_s_file())) == NULL)
{
ERR_print_errors(bio_err);
goto end;
}
if (file == NULL)
BIO_set_fp(cert,stdin,BIO_NOCLOSE);
else
{
if (BIO_read_filename(cert,file) <= 0)
{
perror(file);
goto end;
}
}
if (format == FORMAT_ASN1)
x=d2i_X509_bio(cert,NULL);
else if (format == FORMAT_NETSCAPE)
{
unsigned char *p,*op;
int size=0,i;
/* We sort of have to do it this way because it is sort of nice
* to read the header first and check it, then
* try to read the certificate */
buf=BUF_MEM_new();
for (;;)
{
if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10)))
goto end;
i=BIO_read(cert,&(buf->data[size]),1024*10);
size+=i;
if (i == 0) break;
if (i < 0)
{
perror("reading certificate");
goto end;
}
}
p=(unsigned char *)buf->data;
op=p;
/* First load the header */
if ((ah=d2i_ASN1_HEADER(NULL,&p,(long)size)) == NULL)
goto end;
if ((ah->header == NULL) || (ah->header->data == NULL) ||
(strncmp(CERT_HDR,(char *)ah->header->data,
ah->header->length) != 0))
{
BIO_printf(bio_err,"Error reading header on certificate\n");
goto end;
}
/* header is ok, so now read the object */
p=op;
ah->meth=X509_asn1_meth();
if ((ah=d2i_ASN1_HEADER(&ah,&p,(long)size)) == NULL)
goto end;
x=(X509 *)ah->data;
ah->data=NULL;
}
else if (format == FORMAT_PEM)
x=PEM_read_bio_X509_AUX(cert,NULL,NULL,NULL);
else {
BIO_printf(bio_err,"bad input format specified for input cert\n");
goto end;
}
end:
if (x == NULL)
{
BIO_printf(bio_err,"unable to load certificate\n");
ERR_print_errors(bio_err);
}
if (ah != NULL) ASN1_HEADER_free(ah);
if (cert != NULL) BIO_free(cert);
if (buf != NULL) BUF_MEM_free(buf);
return(x);
}
/* self sign */
static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest,
LHASH *conf, char *section)
@ -1220,21 +1166,23 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *dig
goto err;
if (!X509_set_pubkey(x,pkey)) goto err;
if(clrext) {
while(X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
}
if(conf) {
if (clrext)
{
while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
}
if (conf)
{
X509V3_CTX ctx;
X509_set_version(x,2); /* version 3 certificate */
X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
X509V3_set_conf_lhash(&ctx, conf);
if(!X509V3_EXT_add_conf(conf, &ctx, section, x)) goto err;
}
if (!X509V3_EXT_add_conf(conf, &ctx, section, x)) goto err;
}
if (!X509_sign(x,pkey,digest)) goto err;
return(1);
return 1;
err:
ERR_print_errors(bio_err);
return(0);
return 0;
}
static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)
@ -1243,13 +1191,14 @@ static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)
char *pname;
id = X509_PURPOSE_get_id(pt);
pname = X509_PURPOSE_get0_name(pt);
for(i = 0; i < 2; i++) {
for (i = 0; i < 2; i++)
{
idret = X509_check_purpose(cert, id, i);
BIO_printf(bio, "%s%s : ", pname, i ? " CA" : "");
if(idret == 1) BIO_printf(bio, "Yes\n");
if (idret == 1) BIO_printf(bio, "Yes\n");
else if (idret == 0) BIO_printf(bio, "No\n");
else BIO_printf(bio, "Yes (WARNING code=%d)\n", idret);
}
}
return 1;
}

56
crypto/openssl/config
View File

@ -71,6 +71,10 @@ fi
# Now we simply scan though... In most cases, the SYSTEM info is enough
#
case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
MPE/iX:*)
MACHINE=`echo "$MACHINE" | sed -e 's/-/_/g'`
echo "parisc-hp-MPE/iX"; exit 0
;;
A/UX:*)
echo "m68k-apple-aux3"; exit 0
;;
@ -164,7 +168,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
;;
NetBSD:*:*:*386*)
echo "`sysctl -n hw.model | sed 's,.*\(.\)86-class.*,i\186,'`-whateve\r-netbsd"; exit 0
echo "`/usr/sbin/sysctl -n hw.model | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0
;;
NetBSD:*)
@ -181,11 +185,11 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
QNX:*)
case "$VERSION" in
423)
echo "${MACHINE}-qssl-qnx32"
4*)
echo "${MACHINE}-whatever-qnx4"
;;
*)
echo "${MACHINE}-qssl-qnx"
echo "${MACHINE}-whatever-qnx"
;;
esac
exit 0
@ -200,7 +204,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
;;
SunOS:5.*)
echo "${MACHINE}-sun-solaris2"; exit 0
echo "${MACHINE}-whatever-solaris2"; exit 0
;;
SunOS:*)
@ -247,6 +251,10 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
echo "${MACHINE}-v11-${SYSTEM}"; exit 0;
;;
NEWS-OS:4.*)
echo "mips-sony-newsos4"; exit 0;
;;
esac
#
@ -292,8 +300,6 @@ TEST="false"
for i
do
case "$i" in
# shared library support (behnke@trustcenter.de)
-shared) SHARED=true;;
-d*) PREFIX="debug-";;
-t*) TEST="true";;
-h*) TEST="true"; cat <<EOF
@ -409,6 +415,7 @@ case "$GUESSOS" in
;;
mips-*-linux?) OUT="linux-mips" ;;
ppc-*-linux2) OUT="linux-ppc" ;;
m68k-*-linux*) OUT="linux-m68k" ;;
ia64-*-linux?) OUT="linux-ia64" ;;
ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;;
sparc64-*-linux2)
@ -427,9 +434,10 @@ case "$GUESSOS" in
sun4d) OUT="linux-sparcv8" ;;
*) OUT="linux-sparcv7" ;;
esac ;;
arm*-*-linux2) OUT="linux-elf-arm" ;;
*-*-linux2) OUT="linux-elf" ;;
*-*-linux1) OUT="linux-aout" ;;
sun4u*-sun-solaris2)
sun4u*-*-solaris2)
ISA64=`(isalist) 2>/dev/null | grep sparcv9`
if [ "$ISA64" != "" -a "$CC" = "cc" -a $CCVER -ge 50 ]; then
echo "WARNING! If you wish to build 64-bit library, then you have to"
@ -438,10 +446,10 @@ case "$GUESSOS" in
read waste < /dev/tty
fi
OUT="solaris-sparcv9-$CC" ;;
sun4m-sun-solaris2) OUT="solaris-sparcv8-$CC" ;;
sun4d-sun-solaris2) OUT="solaris-sparcv8-$CC" ;;
sun4*-sun-solaris2) OUT="solaris-sparcv7-$CC" ;;
*86*-sun-solaris2) OUT="solaris-x86-$CC" ;;
sun4m-*-solaris2) OUT="solaris-sparcv8-$CC" ;;
sun4d-*-solaris2) OUT="solaris-sparcv8-$CC" ;;
sun4*-*-solaris2) OUT="solaris-sparcv7-$CC" ;;
*86*-*-solaris2) OUT="solaris-x86-$CC" ;;
*-*-sunos4) OUT="sunos-$CC" ;;
alpha*-*-freebsd*) OUT="FreeBSD-alpha" ;;
*-freebsd[3-9]*) OUT="FreeBSD-elf" ;;
@ -470,6 +478,7 @@ case "$GUESSOS" in
# these are all covered by the catchall below
# *-aix) OUT="aix-$CC" ;;
# *-dgux) OUT="dgux" ;;
mips-sony-newsos4) OUT="newsos4-gcc" ;;
*) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
esac
@ -479,16 +488,6 @@ then
options="$options -DATALLA"
fi
#get some basic shared lib support (behnke@trustcenter.de)
case "$OUT" in
solaris-*-gcc)
if [ "$SHARED" = "true" ]
then
options="$options -DPIC -fPIC"
fi
;;
esac
# gcc < 2.8 does not support -mcpu=ultrasparc
if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
then
@ -503,17 +502,6 @@ then
sleep 5
OUT=linux-sparcv8
fi
# To start with $OUT is never i86pc-sun-solaris2. Secondly why
# ban *all* assembler implementation if it can't stand only one,
# SHA-0 implementation.
#if [ "$OUT" = "i86pc-sun-solaris2" ]
#then
# ASM=`as -V /dev/null 2>&1`
# case "$ASM" in
# GNU*) ;;
# *) options="$options no-asm" ; echo "WARNING: You need the GNU assembler to use OpenSSL assembler code." ; echo "Sun as is not supported on Solaris x86." ;;
# esac
#fi
case "$GUESSOS" in
i386-*) options="$options 386" ;;
@ -569,7 +557,7 @@ OUT="$PREFIX$OUT"
$PERL ./Configure LIST | grep "$OUT" > /dev/null
if [ $? = "0" ]; then
echo Configuring for $OUT
#echo Configuring for $OUT
if [ "$TEST" = "true" ]; then
echo $PERL ./Configure $OUT $options

38
crypto/openssl/crypto/Makefile.save
View File

@ -27,7 +27,7 @@ LIBS=
SDIRS= md2 md5 sha mdc2 hmac ripemd \
des rc2 rc4 rc5 idea bf cast \
bn rsa dsa dh \
bn rsa dsa dh dso \
buffer bio stack lhash rand err objects \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
@ -39,8 +39,8 @@ LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdi
SRC= $(LIBSRC)
EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h
HEADER= cryptlib.h buildinf.h $(EXHEADER)
EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h
HEADER= cryptlib.h buildinf.h md32_common.h $(EXHEADER)
ALL= $(GENERAL) $(SRC) $(HEADER)
@ -155,41 +155,45 @@ dclean:
# DO NOT DELETE THIS LINE -- make depend depends on it.
cpt_err.o: ../include/openssl/crypto.h ../include/openssl/err.h
cpt_err.o: ../include/openssl/bio.h ../include/openssl/crypto.h
cpt_err.o: ../include/openssl/err.h ../include/openssl/lhash.h
cpt_err.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
cpt_err.o: ../include/openssl/stack.h
cpt_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
cryptlib.o: ../include/openssl/bio.h ../include/openssl/buffer.h
cryptlib.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
cryptlib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
cryptlib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
cryptlib.o: ../include/openssl/safestack.h ../include/openssl/stack.h
cryptlib.o: cryptlib.h
cryptlib.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
cryptlib.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
cryptlib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
cversion.o: ../include/openssl/bio.h ../include/openssl/buffer.h
cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
cversion.o: ../include/openssl/e_os2.h ../include/openssl/err.h
cversion.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
cversion.o: ../include/openssl/safestack.h ../include/openssl/stack.h
cversion.o: buildinf.h cryptlib.h
cversion.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
cversion.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
cversion.o: ../include/openssl/stack.h ../include/openssl/symhacks.h buildinf.h
cversion.o: cryptlib.h
ex_data.o: ../include/openssl/bio.h ../include/openssl/buffer.h
ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
ex_data.o: ../include/openssl/e_os2.h ../include/openssl/err.h
ex_data.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
ex_data.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
ex_data.o: ../include/openssl/stack.h cryptlib.h
ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
mem.o: ../include/openssl/bio.h ../include/openssl/buffer.h
mem.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
mem.o: ../include/openssl/e_os2.h ../include/openssl/err.h
mem.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
mem.o: ../include/openssl/safestack.h ../include/openssl/stack.h cryptlib.h
mem.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
mem.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
mem.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
mem_dbg.o: ../include/openssl/bio.h ../include/openssl/buffer.h
mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
mem_dbg.o: ../include/openssl/e_os2.h ../include/openssl/err.h
mem_dbg.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
mem_dbg.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
mem_dbg.o: ../include/openssl/stack.h cryptlib.h
mem_dbg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
tmdiff.o: ../include/openssl/bio.h ../include/openssl/buffer.h
tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
tmdiff.o: ../include/openssl/e_os2.h ../include/openssl/err.h
tmdiff.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
tmdiff.o: ../include/openssl/safestack.h ../include/openssl/stack.h
tmdiff.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
tmdiff.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h

36
crypto/openssl/crypto/Makefile.ssl
View File

@ -27,7 +27,7 @@ LIBS=
SDIRS= md2 md5 sha mdc2 hmac ripemd \
des rc2 rc4 rc5 idea bf cast \
bn rsa dsa dh \
bn rsa dsa dh dso \
buffer bio stack lhash rand err objects \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
@ -39,7 +39,7 @@ LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdi
SRC= $(LIBSRC)
EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h
EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h
HEADER= cryptlib.h buildinf.h md32_common.h $(EXHEADER)
ALL= $(GENERAL) $(SRC) $(HEADER)
@ -155,41 +155,45 @@ dclean:
# DO NOT DELETE THIS LINE -- make depend depends on it.
cpt_err.o: ../include/openssl/crypto.h ../include/openssl/err.h
cpt_err.o: ../include/openssl/bio.h ../include/openssl/crypto.h
cpt_err.o: ../include/openssl/err.h ../include/openssl/lhash.h
cpt_err.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
cpt_err.o: ../include/openssl/stack.h
cpt_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
cryptlib.o: ../include/openssl/bio.h ../include/openssl/buffer.h
cryptlib.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
cryptlib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
cryptlib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
cryptlib.o: ../include/openssl/safestack.h ../include/openssl/stack.h
cryptlib.o: cryptlib.h
cryptlib.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
cryptlib.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
cryptlib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
cversion.o: ../include/openssl/bio.h ../include/openssl/buffer.h
cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
cversion.o: ../include/openssl/e_os2.h ../include/openssl/err.h
cversion.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
cversion.o: ../include/openssl/safestack.h ../include/openssl/stack.h
cversion.o: buildinf.h cryptlib.h
cversion.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
cversion.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
cversion.o: ../include/openssl/stack.h ../include/openssl/symhacks.h buildinf.h
cversion.o: cryptlib.h
ex_data.o: ../include/openssl/bio.h ../include/openssl/buffer.h
ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
ex_data.o: ../include/openssl/e_os2.h ../include/openssl/err.h
ex_data.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
ex_data.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
ex_data.o: ../include/openssl/stack.h cryptlib.h
ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
mem.o: ../include/openssl/bio.h ../include/openssl/buffer.h
mem.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
mem.o: ../include/openssl/e_os2.h ../include/openssl/err.h
mem.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
mem.o: ../include/openssl/safestack.h ../include/openssl/stack.h cryptlib.h
mem.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
mem.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
mem.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
mem_dbg.o: ../include/openssl/bio.h ../include/openssl/buffer.h
mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
mem_dbg.o: ../include/openssl/e_os2.h ../include/openssl/err.h
mem_dbg.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
mem_dbg.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
mem_dbg.o: ../include/openssl/stack.h cryptlib.h
mem_dbg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
tmdiff.o: ../include/openssl/bio.h ../include/openssl/buffer.h
tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
tmdiff.o: ../include/openssl/e_os2.h ../include/openssl/err.h
tmdiff.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
tmdiff.o: ../include/openssl/safestack.h ../include/openssl/stack.h
tmdiff.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
tmdiff.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h

989
crypto/openssl/crypto/asn1/Makefile.save
View File

File diff suppressed because it is too large Load Diff

989
crypto/openssl/crypto/asn1/Makefile.ssl
View File

File diff suppressed because it is too large Load Diff

74
crypto/openssl/crypto/asn1/a_bitstr.c
View File

@ -70,13 +70,27 @@ int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
{ return M_ASN1_BIT_STRING_set(x, d, len); }
int i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
{
int len, ret;
len = i2c_ASN1_BIT_STRING(a, NULL);
ret=ASN1_object_size(0,len,V_ASN1_BIT_STRING);
if(pp) {
ASN1_put_object(pp,0,len,V_ASN1_BIT_STRING,V_ASN1_UNIVERSAL);
i2c_ASN1_BIT_STRING(a, pp);
}
return ret;
}
int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
{
int ret,j,r,bits,len;
int ret,j,bits,len;
unsigned char *p,*d;
if (a == NULL) return(0);
len=a->length;
ret=1+len;
if (pp == NULL) return(ret);
if (len > 0)
{
@ -104,36 +118,27 @@ int i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
}
else
bits=0;
ret=1+len;
r=ASN1_object_size(0,ret,V_ASN1_BIT_STRING);
if (pp == NULL) return(r);
p= *pp;
ASN1_put_object(&p,0,ret,V_ASN1_BIT_STRING,V_ASN1_UNIVERSAL);
*(p++)=(unsigned char)bits;
d=a->data;
memcpy(p,d,len);
p+=len;
if (len > 0) p[-1]&=(0xff<<bits);
*pp=p;
return(r);
return(ret);
}
/* Convert DER encoded ASN1 BIT_STRING to ASN1_BIT_STRING structure */
ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
long length)
{
ASN1_BIT_STRING *ret=NULL;
unsigned char *p,*s;
{
unsigned char *p;
long len;
int inf,tag,xclass;
int i;
if ((a == NULL) || ((*a) == NULL))
{
if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL);
}
else
ret=(*a);
int inf,tag,xclass;
ASN1_BIT_STRING *ret;
p= *pp;
inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
@ -149,7 +154,30 @@ ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
goto err;
}
if (len < 1) { i=ASN1_R_STRING_TOO_SHORT; goto err; }
ret = c2i_ASN1_BIT_STRING(a, &p, len);
if(ret) *pp = p;
return ret;
err:
ASN1err(ASN1_F_D2I_ASN1_BIT_STRING,i);
return(NULL);
}
ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
long len)
{
ASN1_BIT_STRING *ret=NULL;
unsigned char *p,*s;
int i;
if ((a == NULL) || ((*a) == NULL))
{
if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL);
}
else
ret=(*a);
p= *pp;
i= *(p++);
/* We do this to preserve the settings. If we modify
* the settings, via the _set_bit function, we will recalculate
@ -159,7 +187,7 @@ ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
if (len-- > 1) /* using one because of the bits left byte */
{
s=(unsigned char *)Malloc((int)len);
s=(unsigned char *)OPENSSL_malloc((int)len);
if (s == NULL)
{
i=ERR_R_MALLOC_FAILURE;
@ -173,7 +201,7 @@ ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
s=NULL;
ret->length=(int)len;
if (ret->data != NULL) Free(ret->data);
if (ret->data != NULL) OPENSSL_free(ret->data);
ret->data=s;
ret->type=V_ASN1_BIT_STRING;
if (a != NULL) (*a)=ret;
@ -204,14 +232,14 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
{
if (!value) return(1); /* Don't need to set */
if (a->data == NULL)
c=(unsigned char *)Malloc(w+1);
c=(unsigned char *)OPENSSL_malloc(w+1);
else
c=(unsigned char *)Realloc(a->data,w+1);
c=(unsigned char *)OPENSSL_realloc(a->data,w+1);
if (c == NULL) return(0);
if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length);
a->data=c;
a->length=w+1;
c[w]=0;
}
}
a->data[w]=((a->data[w])&iv)|v;
while ((a->length > 0) && (a->data[a->length-1] == 0))
a->length--;

14
crypto/openssl/crypto/asn1/a_bytes.c
View File

@ -111,7 +111,7 @@ ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, unsigned char **pp,
if (len != 0)
{
s=(unsigned char *)Malloc((int)len+1);
s=(unsigned char *)OPENSSL_malloc((int)len+1);
if (s == NULL)
{
i=ERR_R_MALLOC_FAILURE;
@ -124,7 +124,7 @@ ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, unsigned char **pp,
else
s=NULL;
if (ret->data != NULL) Free(ret->data);
if (ret->data != NULL) OPENSSL_free(ret->data);
ret->length=(int)len;
ret->data=s;
ret->type=tag;
@ -218,8 +218,8 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, long length,
{
if ((ret->length < len) || (ret->data == NULL))
{
if (ret->data != NULL) Free(ret->data);
s=(unsigned char *)Malloc((int)len + 1);
if (ret->data != NULL) OPENSSL_free(ret->data);
s=(unsigned char *)OPENSSL_malloc((int)len + 1);
if (s == NULL)
{
i=ERR_R_MALLOC_FAILURE;
@ -235,7 +235,7 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, long length,
else
{
s=NULL;
if (ret->data != NULL) Free(ret->data);
if (ret->data != NULL) OPENSSL_free(ret->data);
}
ret->length=(int)len;
@ -310,14 +310,14 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c)
if (!asn1_Finish(c)) goto err;
a->length=num;
if (a->data != NULL) Free(a->data);
if (a->data != NULL) OPENSSL_free(a->data);
a->data=(unsigned char *)b.data;
if (os != NULL) ASN1_STRING_free(os);
return(1);
err:
ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE,c->error);
if (os != NULL) ASN1_STRING_free(os);
if (b.data != NULL) Free(b.data);
if (b.data != NULL) OPENSSL_free(b.data);
return(0);
}

4
crypto/openssl/crypto/asn1/a_digest.c
View File

@ -77,14 +77,14 @@ int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data,
unsigned char *str,*p;
i=i2d(data,NULL);
if ((str=(unsigned char *)Malloc(i)) == NULL) return(0);
if ((str=(unsigned char *)OPENSSL_malloc(i)) == NULL) return(0);
p=str;
i2d(data,&p);
EVP_DigestInit(&ctx,type);
EVP_DigestUpdate(&ctx,str,i);
EVP_DigestFinal(&ctx,md,len);
Free(str);
OPENSSL_free(str);
return(1);
}

4
crypto/openssl/crypto/asn1/a_dup.c
View File

@ -71,13 +71,13 @@ char *ASN1_dup(int (*i2d)(), char *(*d2i)(), char *x)
if (x == NULL) return(NULL);
i=(long)i2d(x,NULL);
b=(unsigned char *)Malloc((unsigned int)i+10);
b=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
if (b == NULL)
{ ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
p= b;
i=i2d(x,&p);
p= b;
ret=d2i(NULL,&p,i);
Free(b);
OPENSSL_free(b);
return(ret);
}

165
crypto/openssl/crypto/asn1/a_enum.c
View File

@ -71,88 +71,28 @@ ASN1_ENUMERATED *ASN1_ENUMERATED_new(void)
void ASN1_ENUMERATED_free(ASN1_ENUMERATED *x)
{ M_ASN1_ENUMERATED_free(x); }
int i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a, unsigned char **pp)
{
int pad=0,ret,r,i,t;
unsigned char *p,*n,pb=0;
if ((a == NULL) || (a->data == NULL)) return(0);
t=a->type;
if (a->length == 0)
ret=1;
else
{
ret=a->length;
i=a->data[0];
if ((t == V_ASN1_ENUMERATED) && (i > 127)) {
pad=1;
pb=0;
} else if(t == V_ASN1_NEG_ENUMERATED) {
if(i>128) {
pad=1;
pb=0xFF;
} else if(i == 128) {
for(i = 1; i < a->length; i++) if(a->data[i]) {
pad=1;
pb=0xFF;
break;
}
}
}
ret+=pad;
}
r=ASN1_object_size(0,ret,V_ASN1_ENUMERATED);
if (pp == NULL) return(r);
p= *pp;
ASN1_put_object(&p,0,ret,V_ASN1_ENUMERATED,V_ASN1_UNIVERSAL);
if (pad) *(p++)=pb;
if (a->length == 0)
*(p++)=0;
else if (t == V_ASN1_ENUMERATED)
{
memcpy(p,a->data,(unsigned int)a->length);
p+=a->length;
}
else {
/* Begin at the end of the encoding */
n=a->data + a->length - 1;
p += a->length - 1;
i = a->length;
/* Copy zeros to destination as long as source is zero */
while(!*n) {
*(p--) = 0;
n--;
i--;
}
/* Complement and increment next octet */
*(p--) = ((*(n--)) ^ 0xff) + 1;
i--;
/* Complement any octets left */
for(;i > 0; i--) *(p--) = *(n--) ^ 0xff;
p += a->length;
}
*pp=p;
return(r);
{
int len, ret;
if(!a) return 0;
len = i2c_ASN1_INTEGER(a, NULL);
ret=ASN1_object_size(0,len,V_ASN1_ENUMERATED);
if(pp) {
ASN1_put_object(pp,0,len,V_ASN1_ENUMERATED,V_ASN1_UNIVERSAL);
i2c_ASN1_INTEGER(a, pp);
}
return ret;
}
ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a, unsigned char **pp,
long length)
{
ASN1_ENUMERATED *ret=NULL;
unsigned char *p,*to,*s;
{
unsigned char *p;
long len;
int inf,tag,xclass;
int i;
if ((a == NULL) || ((*a) == NULL))
{
if ((ret=M_ASN1_ENUMERATED_new()) == NULL) return(NULL);
ret->type=V_ASN1_ENUMERATED;
}
else
ret=(*a);
int inf,tag,xclass;
ASN1_ENUMERATED *ret;
p= *pp;
inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
@ -167,70 +107,17 @@ ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a, unsigned char **pp,
i=ASN1_R_EXPECTING_AN_ENUMERATED;
goto err;
}
/* We must Malloc stuff, even for 0 bytes otherwise it
* signifies a missing NULL parameter. */
s=(unsigned char *)Malloc((int)len+1);
if (s == NULL)
{
i=ERR_R_MALLOC_FAILURE;
goto err;
}
to=s;
if(!len) {
/* Strictly speaking this is an illegal ENUMERATED but we
* tolerate it.
*/
ret->type=V_ASN1_ENUMERATED;
} else if (*p & 0x80) /* a negative number */
{
ret->type=V_ASN1_NEG_ENUMERATED;
if ((*p == 0xff) && (len != 1)) {
p++;
len--;
}
i = len;
p += i - 1;
to += i - 1;
while((!*p) && i) {
*(to--) = 0;
i--;
p--;
}
if(!i) {
*s = 1;
s[len] = 0;
p += len;
len++;
} else {
*(to--) = (*(p--) ^ 0xff) + 1;
i--;
for(;i > 0; i--) *(to--) = *(p--) ^ 0xff;
p += len;
}
} else {
ret->type=V_ASN1_ENUMERATED;
if ((*p == 0) && (len != 1))
{
p++;
len--;
}
memcpy(s,p,(int)len);
p+=len;
ret = c2i_ASN1_INTEGER(a, &p, len);
if(ret) {
ret->type = (V_ASN1_NEG & ret->type) | V_ASN1_ENUMERATED;
*pp = p;
}
if (ret->data != NULL) Free(ret->data);
ret->data=s;
ret->length=(int)len;
if (a != NULL) (*a)=ret;
*pp=p;
return(ret);
return ret;
err:
ASN1err(ASN1_F_D2I_ASN1_ENUMERATED,i);
if ((ret != NULL) && ((a == NULL) || (*a != ret)))
M_ASN1_ENUMERATED_free(ret);
return(NULL);
}
}
int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
{
@ -242,8 +129,8 @@ int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
if (a->length < (sizeof(long)+1))
{
if (a->data != NULL)
Free(a->data);
if ((a->data=(unsigned char *)Malloc(sizeof(long)+1)) != NULL)
OPENSSL_free(a->data);
if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL)
memset((char *)a->data,0,sizeof(long)+1);
}
if (a->data == NULL)
@ -318,7 +205,7 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
else ret->type=V_ASN1_ENUMERATED;
j=BN_num_bits(bn);
len=((j == 0)?0:((j/8)+1));
ret->data=(unsigned char *)Malloc(len+4);
ret->data=(unsigned char *)OPENSSL_malloc(len+4);
ret->length=BN_bn2bin(bn,ret->data);
return(ret);
err:
@ -332,6 +219,6 @@ BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn)
if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN,ASN1_R_BN_LIB);
if(ai->type == V_ASN1_NEG_ENUMERATED) bn->neg = 1;
else if(ai->type == V_ASN1_NEG_ENUMERATED) ret->neg = 1;
return(ret);
}

4
crypto/openssl/crypto/asn1/a_gentm.c
View File

@ -212,10 +212,10 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
p=(char *)s->data;
if ((p == NULL) || (s->length < 16))
{
p=Malloc(20);
p=OPENSSL_malloc(20);
if (p == NULL) return(NULL);
if (s->data != NULL)
Free(s->data);
OPENSSL_free(s->data);
s->data=(unsigned char *)p;
}

2
crypto/openssl/crypto/asn1/a_hdr.c
View File

@ -115,5 +115,5 @@ void ASN1_HEADER_free(ASN1_HEADER *a)
M_ASN1_OCTET_STRING_free(a->header);
if (a->meth != NULL)
a->meth->destroy(a->data);
Free(a);
OPENSSL_free(a);
}

4
crypto/openssl/crypto/asn1/a_i2d_fp.c
View File

@ -86,7 +86,7 @@ int ASN1_i2d_bio(int (*i2d)(), BIO *out, unsigned char *x)
int i,j=0,n,ret=1;
n=i2d(x,NULL);
b=(char *)Malloc(n);
b=(char *)OPENSSL_malloc(n);
if (b == NULL)
{
ASN1err(ASN1_F_ASN1_I2D_BIO,ERR_R_MALLOC_FAILURE);
@ -108,6 +108,6 @@ int ASN1_i2d_bio(int (*i2d)(), BIO *out, unsigned char *x)
j+=i;
n-=i;
}
Free(b);
OPENSSL_free(b);
return(ret);
}

108
crypto/openssl/crypto/asn1/a_int.c
View File

@ -72,8 +72,23 @@ ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x)
int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y)
{ return M_ASN1_INTEGER_cmp(x,y);}
/* Output ASN1 INTEGER including tag+length */
int i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
{
int len, ret;
if(!a) return 0;
len = i2c_ASN1_INTEGER(a, NULL);
ret=ASN1_object_size(0,len,V_ASN1_INTEGER);
if(pp) {
ASN1_put_object(pp,0,len,V_ASN1_INTEGER,V_ASN1_UNIVERSAL);
i2c_ASN1_INTEGER(a, pp);
}
return ret;
}
/*
* This converts an ASN1 INTEGER into its DER encoding.
* This converts an ASN1 INTEGER into its content encoding.
* The internal representation is an ASN1_STRING whose data is a big endian
* representation of the value, ignoring the sign. The sign is determined by
* the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative.
@ -97,23 +112,23 @@ int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y)
* followed by optional zeros isn't padded.
*/
int i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
{
int pad=0,ret,r,i,t;
int pad=0,ret,i,neg;
unsigned char *p,*n,pb=0;
if ((a == NULL) || (a->data == NULL)) return(0);
t=a->type;
neg=a->type & V_ASN1_NEG;
if (a->length == 0)
ret=1;
else
{
ret=a->length;
i=a->data[0];
if ((t == V_ASN1_INTEGER) && (i > 127)) {
if (!neg && (i > 127)) {
pad=1;
pb=0;
} else if(t == V_ASN1_NEG_INTEGER) {
} else if(neg) {
if(i>128) {
pad=1;
pb=0xFF;
@ -131,14 +146,12 @@ int i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
}
ret+=pad;
}
r=ASN1_object_size(0,ret,V_ASN1_INTEGER);
if (pp == NULL) return(r);
if (pp == NULL) return(ret);
p= *pp;
ASN1_put_object(&p,0,ret,V_ASN1_INTEGER,V_ASN1_UNIVERSAL);
if (pad) *(p++)=pb;
if (a->length == 0) *(p++)=0;
else if (t == V_ASN1_INTEGER) memcpy(p,a->data,(unsigned int)a->length);
else if (!neg) memcpy(p,a->data,(unsigned int)a->length);
else {
/* Begin at the end of the encoding */
n=a->data + a->length - 1;
@ -157,30 +170,22 @@ int i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
for(;i > 0; i--) *(p--) = *(n--) ^ 0xff;
}
*pp+=r;
return(r);
*pp+=ret;
return(ret);
}
/* Convert DER encoded ASN1 INTEGER to ASN1_INTEGER structure */
ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
long length)
{
ASN1_INTEGER *ret=NULL;
unsigned char *p,*to,*s, *pend;
{
unsigned char *p;
long len;
int inf,tag,xclass;
int i;
if ((a == NULL) || ((*a) == NULL))
{
if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL);
ret->type=V_ASN1_INTEGER;
}
else
ret=(*a);
int inf,tag,xclass;
ASN1_INTEGER *ret;
p= *pp;
inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
pend = p + len;
if (inf & 0x80)
{
i=ASN1_R_BAD_OBJECT_HEADER;
@ -192,10 +197,39 @@ ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
i=ASN1_R_EXPECTING_AN_INTEGER;
goto err;
}
ret = c2i_ASN1_INTEGER(a, &p, len);
if(ret) *pp = p;
return ret;
err:
ASN1err(ASN1_F_D2I_ASN1_INTEGER,i);
return(NULL);
/* We must Malloc stuff, even for 0 bytes otherwise it
}
/* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */
ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
long len)
{
ASN1_INTEGER *ret=NULL;
unsigned char *p,*to,*s, *pend;
int i;
if ((a == NULL) || ((*a) == NULL))
{
if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL);
ret->type=V_ASN1_INTEGER;
}
else
ret=(*a);
p= *pp;
pend = p + len;
/* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it
* signifies a missing NULL parameter. */
s=(unsigned char *)Malloc((int)len+1);
s=(unsigned char *)OPENSSL_malloc((int)len+1);
if (s == NULL)
{
i=ERR_R_MALLOC_FAILURE;
@ -248,7 +282,7 @@ ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
memcpy(s,p,(int)len);
}
if (ret->data != NULL) Free(ret->data);
if (ret->data != NULL) OPENSSL_free(ret->data);
ret->data=s;
ret->length=(int)len;
if (a != NULL) (*a)=ret;
@ -261,6 +295,7 @@ ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
return(NULL);
}
/* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of
* ASN1 integers: some broken software can encode a positive INTEGER
* with its MSB set as negative (it doesn't add a padding zero).
@ -297,9 +332,9 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, unsigned char **pp,
goto err;
}
/* We must Malloc stuff, even for 0 bytes otherwise it
/* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it
* signifies a missing NULL parameter. */
s=(unsigned char *)Malloc((int)len+1);
s=(unsigned char *)OPENSSL_malloc((int)len+1);
if (s == NULL)
{
i=ERR_R_MALLOC_FAILURE;
@ -317,7 +352,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, unsigned char **pp,
p+=len;
}
if (ret->data != NULL) Free(ret->data);
if (ret->data != NULL) OPENSSL_free(ret->data);
ret->data=s;
ret->length=(int)len;
if (a != NULL) (*a)=ret;
@ -340,8 +375,8 @@ int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
if (a->length < (sizeof(long)+1))
{
if (a->data != NULL)
Free(a->data);
if ((a->data=(unsigned char *)Malloc(sizeof(long)+1)) != NULL)
OPENSSL_free(a->data);
if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL)
memset((char *)a->data,0,sizeof(long)+1);
}
if (a->data == NULL)
@ -416,7 +451,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
else ret->type=V_ASN1_INTEGER;
j=BN_num_bits(bn);
len=((j == 0)?0:((j/8)+1));
ret->data=(unsigned char *)Malloc(len+4);
ret->data=(unsigned char *)OPENSSL_malloc(len+4);
ret->length=BN_bn2bin(bn,ret->data);
return(ret);
err:
@ -430,6 +465,9 @@ BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn)
if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB);
if(ai->type == V_ASN1_NEG_INTEGER) bn->neg = 1;
else if(ai->type == V_ASN1_NEG_INTEGER) ret->neg = 1;
return(ret);
}
IMPLEMENT_STACK_OF(ASN1_INTEGER)
IMPLEMENT_ASN1_SET_OF(ASN1_INTEGER)

20
crypto/openssl/crypto/asn1/a_mbstr.c
View File

@ -92,6 +92,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
{
int str_type;
int ret;
char free_out;
int outform, outlen;
ASN1_STRING *dest;
unsigned char *p;
@ -180,14 +181,16 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
}
if(!out) return str_type;
if(*out) {
free_out = 0;
dest = *out;
if(dest->data) {
dest->length = 0;
Free(dest->data);
OPENSSL_free(dest->data);
dest->data = NULL;
}
dest->type = str_type;
} else {
free_out = 1;
dest = ASN1_STRING_type_new(str_type);
if(!dest) {
ASN1err(ASN1_F_ASN1_MBSTRING_COPY,
@ -228,8 +231,8 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
cpyfunc = cpy_utf8;
break;
}
if(!(p = Malloc(outlen + 1))) {
ASN1_STRING_free(dest);
if(!(p = OPENSSL_malloc(outlen + 1))) {
if(free_out) ASN1_STRING_free(dest);
ASN1err(ASN1_F_ASN1_MBSTRING_COPY,ERR_R_MALLOC_FAILURE);
return -1;
}
@ -258,8 +261,8 @@ static int traverse_string(const unsigned char *p, int len, int inform,
value |= *p++;
len -= 2;
} else if(inform == MBSTRING_UNIV) {
value = *p++ << 24;
value |= *p++ << 16;
value = ((unsigned long)*p++) << 24;
value |= ((unsigned long)*p++) << 16;
value |= *p++ << 8;
value |= *p++;
len -= 4;
@ -382,9 +385,16 @@ static int is_printable(unsigned long value)
/* Note: we can't use 'isalnum' because certain accented
* characters may count as alphanumeric in some environments.
*/
#ifndef CHARSET_EBCDIC
if((ch >= 'a') && (ch <= 'z')) return 1;
if((ch >= 'A') && (ch <= 'Z')) return 1;
if((ch >= '0') && (ch <= '9')) return 1;
if ((ch == ' ') || strchr("'()+,-./:=?", ch)) return 1;
#else /*CHARSET_EBCDIC*/
if((ch >= os_toascii['a']) && (ch <= os_toascii['z'])) return 1;
if((ch >= os_toascii['A']) && (ch <= os_toascii['Z'])) return 1;
if((ch >= os_toascii['0']) && (ch <= os_toascii['9'])) return 1;
if ((ch == os_toascii[' ']) || strchr("'()+,-./:=?", os_toebcdic[ch])) return 1;
#endif /*CHARSET_EBCDIC*/
return 0;
}

62
crypto/openssl/crypto/asn1/a_object.c
View File

@ -65,11 +65,12 @@
int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
{
unsigned char *p;
int objsize;
if ((a == NULL) || (a->data == NULL)) return(0);
if (pp == NULL)
return(ASN1_object_size(0,a->length,V_ASN1_OBJECT));
objsize = ASN1_object_size(0,a->length,V_ASN1_OBJECT);
if (pp == NULL) return objsize;
p= *pp;
ASN1_put_object(&p,0,a->length,V_ASN1_OBJECT,V_ASN1_UNIVERSAL);
@ -77,7 +78,7 @@ int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
p+=a->length;
*pp=p;
return(a->length);
return(objsize);
}
int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
@ -190,24 +191,13 @@ int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
long length)
{
ASN1_OBJECT *ret=NULL;
{
unsigned char *p;
long len;
int tag,xclass;
int inf,i;
/* only the ASN1_OBJECTs from the 'table' will have values
* for ->sn or ->ln */
if ((a == NULL) || ((*a) == NULL) ||
!((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC))
{
if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL);
}
else ret=(*a);
ASN1_OBJECT *ret = NULL;
p= *pp;
inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
if (inf & 0x80)
{
@ -220,10 +210,36 @@ ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
i=ASN1_R_EXPECTING_AN_OBJECT;
goto err;
}
ret = c2i_ASN1_OBJECT(a, &p, len);
if(ret) *pp = p;
return ret;
err:
ASN1err(ASN1_F_D2I_ASN1_OBJECT,i);
if ((ret != NULL) && ((a == NULL) || (*a != ret)))
ASN1_OBJECT_free(ret);
return(NULL);
}
ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
long len)
{
ASN1_OBJECT *ret=NULL;
unsigned char *p;
int i;
/* only the ASN1_OBJECTs from the 'table' will have values
* for ->sn or ->ln */
if ((a == NULL) || ((*a) == NULL) ||
!((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC))
{
if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL);
}
else ret=(*a);
p= *pp;
if ((ret->data == NULL) || (ret->length < len))
{
if (ret->data != NULL) Free(ret->data);
ret->data=(unsigned char *)Malloc(len ? (int)len : 1);
if (ret->data != NULL) OPENSSL_free(ret->data);
ret->data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1);
ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA;
if (ret->data == NULL)
{ i=ERR_R_MALLOC_FAILURE; goto err; }
@ -249,7 +265,7 @@ ASN1_OBJECT *ASN1_OBJECT_new(void)
{
ASN1_OBJECT *ret;
ret=(ASN1_OBJECT *)Malloc(sizeof(ASN1_OBJECT));
ret=(ASN1_OBJECT *)OPENSSL_malloc(sizeof(ASN1_OBJECT));
if (ret == NULL)
{
ASN1err(ASN1_F_ASN1_OBJECT_NEW,ERR_R_MALLOC_FAILURE);
@ -270,19 +286,19 @@ void ASN1_OBJECT_free(ASN1_OBJECT *a)
if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS)
{
#ifndef CONST_STRICT /* disable purely for compile-time strict const checking. Doing this on a "real" compile will cause memory leaks */
if (a->sn != NULL) Free((void *)a->sn);
if (a->ln != NULL) Free((void *)a->ln);
if (a->sn != NULL) OPENSSL_free((void *)a->sn);
if (a->ln != NULL) OPENSSL_free((void *)a->ln);
#endif
a->sn=a->ln=NULL;
}
if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA)
{
if (a->data != NULL) Free(a->data);
if (a->data != NULL) OPENSSL_free(a->data);
a->data=NULL;
a->length=0;
}
if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC)
Free(a);
OPENSSL_free(a);
}
ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,

12
crypto/openssl/crypto/asn1/a_set.c
View File

@ -116,7 +116,7 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, int (*func)(), int ex_tag,
}
pStart = p; /* Catch the beg of Setblobs*/
rgSetBlob = (MYBLOB *)Malloc( sk_num(a) * sizeof(MYBLOB)); /* In this array
rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)); /* In this array
we will store the SET blobs */
for (i=0; i<sk_num(a); i++)
@ -133,7 +133,7 @@ SetBlob
/* Now we have to sort the blobs. I am using a simple algo.
*Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
pTempMem = Malloc(totSize);
pTempMem = OPENSSL_malloc(totSize);
/* Copy to temp mem */
p = pTempMem;
@ -145,20 +145,20 @@ SetBlob
/* Copy back to user mem*/
memcpy(pStart, pTempMem, totSize);
Free(pTempMem);
Free(rgSetBlob);
OPENSSL_free(pTempMem);
OPENSSL_free(rgSetBlob);
return(r);
}
STACK *d2i_ASN1_SET(STACK **a, unsigned char **pp, long length,
char *(*func)(), void (*free_func)(), int ex_tag, int ex_class)
char *(*func)(), void (*free_func)(void *), int ex_tag, int ex_class)
{
ASN1_CTX c;
STACK *ret=NULL;
if ((a == NULL) || ((*a) == NULL))
{ if ((ret=sk_new(NULL)) == NULL) goto err; }
{ if ((ret=sk_new_null()) == NULL) goto err; }
else
ret=(*a);

10
crypto/openssl/crypto/asn1/a_sign.c
View File

@ -108,9 +108,9 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
}
}
inl=i2d(data,NULL);
buf_in=(unsigned char *)Malloc((unsigned int)inl);
buf_in=(unsigned char *)OPENSSL_malloc((unsigned int)inl);
outll=outl=EVP_PKEY_size(pkey);
buf_out=(unsigned char *)Malloc((unsigned int)outl);
buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
if ((buf_in == NULL) || (buf_out == NULL))
{
outl=0;
@ -129,7 +129,7 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB);
goto err;
}
if (signature->data != NULL) Free(signature->data);
if (signature->data != NULL) OPENSSL_free(signature->data);
signature->data=buf_out;
buf_out=NULL;
signature->length=outl;
@ -141,8 +141,8 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
err:
memset(&ctx,0,sizeof(ctx));
if (buf_in != NULL)
{ memset((char *)buf_in,0,(unsigned int)inl); Free(buf_in); }
{ memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); }
if (buf_out != NULL)
{ memset((char *)buf_out,0,outll); Free(buf_out); }
{ memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); }
return(outl);
}

533
crypto/openssl/crypto/asn1/a_strex.c Normal file
View File

@ -0,0 +1,533 @@
/* a_strex.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
* project 2000.
*/
/* ====================================================================
* Copyright (c) 2000 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/asn1.h>
#include "charmap.h"
/* ASN1_STRING_print_ex() and X509_NAME_print_ex().
* Enhanced string and name printing routines handling
* multibyte characters, RFC2253 and a host of other
* options.
*/
#define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253)
/* Three IO functions for sending data to memory, a BIO and
* and a FILE pointer.
*/
int send_mem_chars(void *arg, const void *buf, int len)
{
unsigned char **out = arg;
if(!out) return 1;
memcpy(*out, buf, len);
*out += len;
return 1;
}
int send_bio_chars(void *arg, const void *buf, int len)
{
if(!arg) return 1;
if(BIO_write(arg, buf, len) != len) return 0;
return 1;
}
int send_fp_chars(void *arg, const void *buf, int len)
{
if(!arg) return 1;
if(fwrite(buf, 1, len, arg) != (unsigned int)len) return 0;
return 1;
}
typedef int char_io(void *arg, const void *buf, int len);
/* This function handles display of
* strings, one character at a time.
* It is passed an unsigned long for each
* character because it could come from 2 or even
* 4 byte forms.
*/
static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, char_io *io_ch, void *arg)
{
unsigned char chflgs, chtmp;
char tmphex[11];
if(c > 0xffff) {
BIO_snprintf(tmphex, 11, "\\W%08lX", c);
if(!io_ch(arg, tmphex, 10)) return -1;
return 10;
}
if(c > 0xff) {
BIO_snprintf(tmphex, 11, "\\U%04lX", c);
if(!io_ch(arg, tmphex, 6)) return -1;
return 6;
}
chtmp = (unsigned char)c;
if(chtmp > 0x7f) chflgs = flags & ASN1_STRFLGS_ESC_MSB;
else chflgs = char_type[chtmp] & flags;
if(chflgs & CHARTYPE_BS_ESC) {
/* If we don't escape with quotes, signal we need quotes */
if(chflgs & ASN1_STRFLGS_ESC_QUOTE) {
if(do_quotes) *do_quotes = 1;
if(!io_ch(arg, &chtmp, 1)) return -1;
return 1;
}
if(!io_ch(arg, "\\", 1)) return -1;
if(!io_ch(arg, &chtmp, 1)) return -1;
return 2;
}
if(chflgs & (ASN1_STRFLGS_ESC_CTRL|ASN1_STRFLGS_ESC_MSB)) {
BIO_snprintf(tmphex, 11, "\\%02X", chtmp);
if(!io_ch(arg, tmphex, 3)) return -1;
return 3;
}
if(!io_ch(arg, &chtmp, 1)) return -1;
return 1;
}
#define BUF_TYPE_WIDTH_MASK 0x7
#define BUF_TYPE_CONVUTF8 0x8
/* This function sends each character in a buffer to
* do_esc_char(). It interprets the content formats
* and converts to or from UTF8 as appropriate.
*/
static int do_buf(unsigned char *buf, int buflen,
int type, unsigned char flags, char *quotes, char_io *io_ch, void *arg)
{
int i, outlen, len;
unsigned char orflags, *p, *q;
unsigned long c;
p = buf;
q = buf + buflen;
outlen = 0;
while(p != q) {
if(p == buf) orflags = CHARTYPE_FIRST_ESC_2253;
else orflags = 0;
switch(type & BUF_TYPE_WIDTH_MASK) {
case 4:
c = ((unsigned long)*p++) << 24;
c |= ((unsigned long)*p++) << 16;
c |= ((unsigned long)*p++) << 8;
c |= *p++;
break;
case 2:
c = ((unsigned long)*p++) << 8;
c |= *p++;
break;
case 1:
c = *p++;
break;
case 0:
i = UTF8_getc(p, buflen, &c);
if(i < 0) return -1; /* Invalid UTF8String */
p += i;
break;
}
if (p == q) orflags = CHARTYPE_LAST_ESC_2253;
if(type & BUF_TYPE_CONVUTF8) {
unsigned char utfbuf[6];
int utflen;
utflen = UTF8_putc(utfbuf, 6, c);
for(i = 0; i < utflen; i++) {
/* We don't need to worry about setting orflags correctly
* because if utflen==1 its value will be correct anyway
* otherwise each character will be > 0x7f and so the
* character will never be escaped on first and last.
*/
len = do_esc_char(utfbuf[i], (unsigned char)(flags | orflags), quotes, io_ch, arg);
if(len < 0) return -1;
outlen += len;
}
} else {
len = do_esc_char(c, (unsigned char)(flags | orflags), quotes, io_ch, arg);
if(len < 0) return -1;
outlen += len;
}
}
return outlen;
}
/* This function hex dumps a buffer of characters */
static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen)
{
const static char hexdig[] = "0123456789ABCDEF";
unsigned char *p, *q;
char hextmp[2];
if(arg) {
p = buf;
q = buf + buflen;
while(p != q) {
hextmp[0] = hexdig[*p >> 4];
hextmp[1] = hexdig[*p & 0xf];
if(!io_ch(arg, hextmp, 2)) return -1;
p++;
}
}
return buflen << 1;
}
/* "dump" a string. This is done when the type is unknown,
* or the flags request it. We can either dump the content
* octets or the entire DER encoding. This uses the RFC2253
* #01234 format.
*/
int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str)
{
/* Placing the ASN1_STRING in a temp ASN1_TYPE allows
* the DER encoding to readily obtained
*/
ASN1_TYPE t;
unsigned char *der_buf, *p;
int outlen, der_len;
if(!io_ch(arg, "#", 1)) return -1;
/* If we don't dump DER encoding just dump content octets */
if(!(lflags & ASN1_STRFLGS_DUMP_DER)) {
outlen = do_hex_dump(io_ch, arg, str->data, str->length);
if(outlen < 0) return -1;
return outlen + 1;
}
t.type = str->type;
t.value.ptr = (char *)str;
der_len = i2d_ASN1_TYPE(&t, NULL);
der_buf = OPENSSL_malloc(der_len);
if(!der_buf) return -1;
p = der_buf;
i2d_ASN1_TYPE(&t, &p);
outlen = do_hex_dump(io_ch, arg, der_buf, der_len);
OPENSSL_free(der_buf);
if(outlen < 0) return -1;
return outlen + 1;
}
/* Lookup table to convert tags to character widths,
* 0 = UTF8 encoded, -1 is used for non string types
* otherwise it is the number of bytes per character
*/
const static char tag2nbyte[] = {
-1, -1, -1, -1, -1, /* 0-4 */
-1, -1, -1, -1, -1, /* 5-9 */
-1, -1, 0, -1, /* 10-13 */
-1, -1, -1, -1, /* 15-17 */
-1, 1, 1, /* 18-20 */
-1, 1, -1,-1, /* 21-24 */
-1, 1, -1, /* 25-27 */
4, -1, 2 /* 28-30 */
};
#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
ASN1_STRFLGS_ESC_QUOTE | \
ASN1_STRFLGS_ESC_CTRL | \
ASN1_STRFLGS_ESC_MSB)
/* This is the main function, print out an
* ASN1_STRING taking note of various escape
* and display options. Returns number of
* characters written or -1 if an error
* occurred.
*/
static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, ASN1_STRING *str)
{
int outlen, len;
int type;
char quotes;
unsigned char flags;
quotes = 0;
/* Keep a copy of escape flags */
flags = (unsigned char)(lflags & ESC_FLAGS);
type = str->type;
outlen = 0;
if(lflags & ASN1_STRFLGS_SHOW_TYPE) {
const char *tagname;
tagname = ASN1_tag2str(type);
outlen += strlen(tagname);
if(!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1)) return -1;
outlen++;
}
/* Decide what to do with type, either dump content or display it */
/* Dump everything */
if(lflags & ASN1_STRFLGS_DUMP_ALL) type = -1;
/* Ignore the string type */
else if(lflags & ASN1_STRFLGS_IGNORE_TYPE) type = 1;
else {
/* Else determine width based on type */
if((type > 0) && (type < 31)) type = tag2nbyte[type];
else type = -1;
if((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN)) type = 1;
}
if(type == -1) {
len = do_dump(lflags, io_ch, arg, str);
if(len < 0) return -1;
outlen += len;
return outlen;
}
if(lflags & ASN1_STRFLGS_UTF8_CONVERT) {
/* Note: if string is UTF8 and we want
* to convert to UTF8 then we just interpret
* it as 1 byte per character to avoid converting
* twice.
*/
if(!type) type = 1;
else type |= BUF_TYPE_CONVUTF8;
}
len = do_buf(str->data, str->length, type, flags, &quotes, io_ch, NULL);
if(outlen < 0) return -1;
outlen += len;
if(quotes) outlen += 2;
if(!arg) return outlen;
if(quotes && !io_ch(arg, "\"", 1)) return -1;
do_buf(str->data, str->length, type, flags, NULL, io_ch, arg);
if(quotes && !io_ch(arg, "\"", 1)) return -1;
return outlen;
}
/* Used for line indenting: print 'indent' spaces */
static int do_indent(char_io *io_ch, void *arg, int indent)
{
int i;
for(i = 0; i < indent; i++)
if(!io_ch(arg, " ", 1)) return 0;
return 1;
}
static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
int indent, unsigned long flags)
{
int i, prev = -1, orflags, cnt;
int fn_opt, fn_nid;
ASN1_OBJECT *fn;
ASN1_STRING *val;
X509_NAME_ENTRY *ent;
char objtmp[80];
const char *objbuf;
int outlen, len;
char *sep_dn, *sep_mv, *sep_eq;
int sep_dn_len, sep_mv_len, sep_eq_len;
if(indent < 0) indent = 0;
outlen = indent;
if(!do_indent(io_ch, arg, indent)) return -1;
switch (flags & XN_FLAG_SEP_MASK)
{
case XN_FLAG_SEP_MULTILINE:
sep_dn = "\n";
sep_dn_len = 1;
sep_mv = " + ";
sep_mv_len = 3;
break;
case XN_FLAG_SEP_COMMA_PLUS:
sep_dn = ",";
sep_dn_len = 1;
sep_mv = "+";
sep_mv_len = 1;
indent = 0;
break;
case XN_FLAG_SEP_CPLUS_SPC:
sep_dn = ", ";
sep_dn_len = 2;
sep_mv = " + ";
sep_mv_len = 3;
indent = 0;
break;
case XN_FLAG_SEP_SPLUS_SPC:
sep_dn = "; ";
sep_dn_len = 2;
sep_mv = " + ";
sep_mv_len = 3;
indent = 0;
break;
default:
return -1;
}
if(flags & XN_FLAG_SPC_EQ) {
sep_eq = " = ";
sep_eq_len = 3;
} else {
sep_eq = "=";
sep_eq_len = 1;
}
fn_opt = flags & XN_FLAG_FN_MASK;
cnt = X509_NAME_entry_count(n);
for(i = 0; i < cnt; i++) {
if(flags & XN_FLAG_DN_REV)
ent = X509_NAME_get_entry(n, cnt - i - 1);
else ent = X509_NAME_get_entry(n, i);
if(prev != -1) {
if(prev == ent->set) {
if(!io_ch(arg, sep_mv, sep_mv_len)) return -1;
outlen += sep_mv_len;
} else {
if(!io_ch(arg, sep_dn, sep_dn_len)) return -1;
outlen += sep_dn_len;
if(!do_indent(io_ch, arg, indent)) return -1;
outlen += indent;
}
}
prev = ent->set;
fn = X509_NAME_ENTRY_get_object(ent);
val = X509_NAME_ENTRY_get_data(ent);
fn_nid = OBJ_obj2nid(fn);
if(fn_opt != XN_FLAG_FN_NONE) {
int objlen;
if((fn_opt == XN_FLAG_FN_OID) || (fn_nid==NID_undef) ) {
OBJ_obj2txt(objtmp, 80, fn, 1);
objbuf = objtmp;
} else {
if(fn_opt == XN_FLAG_FN_SN)
objbuf = OBJ_nid2sn(fn_nid);
else if(fn_opt == XN_FLAG_FN_LN)
objbuf = OBJ_nid2ln(fn_nid);
else objbuf = "";
}
objlen = strlen(objbuf);
if(!io_ch(arg, objbuf, objlen)) return -1;
if(!io_ch(arg, sep_eq, sep_eq_len)) return -1;
outlen += objlen + sep_eq_len;
}
/* If the field name is unknown then fix up the DER dump
* flag. We might want to limit this further so it will
* DER dump on anything other than a few 'standard' fields.
*/
if((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS))
orflags = ASN1_STRFLGS_DUMP_ALL;
else orflags = 0;
len = do_print_ex(io_ch, arg, flags | orflags, val);
if(len < 0) return -1;
outlen += len;
}
return outlen;
}
/* Wrappers round the main functions */
int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags)
{
return do_name_ex(send_bio_chars, out, nm, indent, flags);
}
int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags)
{
return do_name_ex(send_fp_chars, fp, nm, indent, flags);
}
int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags)
{
return do_print_ex(send_bio_chars, out, flags, str);
}
int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags)
{
return do_print_ex(send_fp_chars, fp, flags, str);
}
/* Utility function: convert any string type to UTF8, returns number of bytes
* in output string or a negative error code
*/
int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
{
ASN1_STRING stmp, *str = &stmp;
int mbflag, type, ret;
if(!*out || !in) return -1;
type = in->type;
if((type < 0) || (type > 30)) return -1;
mbflag = tag2nbyte[type];
if(mbflag == -1) return -1;
mbflag |= MBSTRING_FLAG;
stmp.data = NULL;
ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
if(ret < 0) return ret;
if(out) *out = stmp.data;
return stmp.length;
}

19
crypto/openssl/crypto/asn1/a_strnid.c
View File

@ -65,8 +65,9 @@
static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;
static void st_free(ASN1_STRING_TABLE *tbl);
static int sk_table_cmp(ASN1_STRING_TABLE **a, ASN1_STRING_TABLE **b);
static int table_cmp(ASN1_STRING_TABLE *a, ASN1_STRING_TABLE *b);
static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
const ASN1_STRING_TABLE * const *b);
static int table_cmp(const void *a, const void *b);
/* This is the global mask for the mbstring functions: this is use to
@ -173,14 +174,16 @@ static ASN1_STRING_TABLE tbl_standard[] = {
{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}
};
static int sk_table_cmp(ASN1_STRING_TABLE **a, ASN1_STRING_TABLE **b)
static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
const ASN1_STRING_TABLE * const *b)
{
return (*a)->nid - (*b)->nid;
}
static int table_cmp(ASN1_STRING_TABLE *a, ASN1_STRING_TABLE *b)
static int table_cmp(const void *a, const void *b)
{
return a->nid - b->nid;
const ASN1_STRING_TABLE *sa = a, *sb = b;
return sa->nid - sb->nid;
}
ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
@ -192,7 +195,7 @@ ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
ttmp = (ASN1_STRING_TABLE *) OBJ_bsearch((char *)&fnd,
(char *)tbl_standard,
sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE),
sizeof(ASN1_STRING_TABLE), (int(*)())table_cmp);
sizeof(ASN1_STRING_TABLE), table_cmp);
if(ttmp) return ttmp;
if(!stable) return NULL;
idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);
@ -213,7 +216,7 @@ int ASN1_STRING_TABLE_add(int nid,
return 0;
}
if(!(tmp = ASN1_STRING_TABLE_get(nid))) {
tmp = Malloc(sizeof(ASN1_STRING_TABLE));
tmp = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE));
if(!tmp) {
ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD,
ERR_R_MALLOC_FAILURE);
@ -241,7 +244,7 @@ void ASN1_STRING_TABLE_cleanup(void)
static void st_free(ASN1_STRING_TABLE *tbl)
{
if(tbl->flags & STABLE_FLAGS_MALLOC) Free(tbl);
if(tbl->flags & STABLE_FLAGS_MALLOC) OPENSSL_free(tbl);
}
IMPLEMENT_STACK_OF(ASN1_STRING_TABLE)

4
crypto/openssl/crypto/asn1/a_time.c
View File

@ -113,11 +113,9 @@ ASN1_TIME *d2i_ASN1_TIME(ASN1_TIME **a, unsigned char **pp, long length)
ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
{
struct tm *ts;
#if defined(THREADS) && !defined(WIN32)
#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
struct tm data;
#endif
#if defined(THREADS) && !defined(WIN32)
gmtime_r(&t,&data);
ts=&data; /* should return &data, but doesn't on some systems, so we don't even look at the return value */
#else

18
crypto/openssl/crypto/asn1/a_type.c
View File

@ -123,6 +123,8 @@ int i2d_ASN1_TYPE(ASN1_TYPE *a, unsigned char **pp)
break;
case V_ASN1_SET:
case V_ASN1_SEQUENCE:
case V_ASN1_OTHER:
default:
if (a->value.set == NULL)
r=0;
else
@ -159,6 +161,8 @@ ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, unsigned char **pp, long length)
inf=ASN1_get_object(&q,&len,&tag,&xclass,length);
if (inf & 0x80) goto err;
/* If not universal tag we've no idea what it is */
if(xclass != V_ASN1_UNIVERSAL) tag = V_ASN1_OTHER;
ASN1_TYPE_component_free(ret);
@ -245,6 +249,8 @@ ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, unsigned char **pp, long length)
break;
case V_ASN1_SET:
case V_ASN1_SEQUENCE:
case V_ASN1_OTHER:
default:
/* Sets and sequences are left complete */
if ((ret->value.set=ASN1_STRING_new()) == NULL) goto err;
ret->value.set->type=tag;
@ -252,9 +258,6 @@ ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, unsigned char **pp, long length)
if (!ASN1_STRING_set(ret->value.set,p,(int)len)) goto err;
p+=len;
break;
default:
ASN1err(ASN1_F_D2I_ASN1_TYPE,ASN1_R_BAD_TYPE);
goto err;
}
ret->type=tag;
@ -282,7 +285,7 @@ void ASN1_TYPE_free(ASN1_TYPE *a)
{
if (a == NULL) return;
ASN1_TYPE_component_free(a);
Free(a);
OPENSSL_free(a);
}
int ASN1_TYPE_get(ASN1_TYPE *a)
@ -312,6 +315,8 @@ static void ASN1_TYPE_component_free(ASN1_TYPE *a)
case V_ASN1_OBJECT:
ASN1_OBJECT_free(a->value.object);
break;
case V_ASN1_NULL:
break;
case V_ASN1_INTEGER:
case V_ASN1_NEG_INTEGER:
case V_ASN1_ENUMERATED:
@ -333,10 +338,9 @@ static void ASN1_TYPE_component_free(ASN1_TYPE *a)
case V_ASN1_UNIVERSALSTRING:
case V_ASN1_BMPSTRING:
case V_ASN1_UTF8STRING:
ASN1_STRING_free((ASN1_STRING *)a->value.ptr);
break;
case V_ASN1_OTHER:
default:
/* MEMORY LEAK */
ASN1_STRING_free((ASN1_STRING *)a->value.ptr);
break;
}
a->type=0;

90
crypto/openssl/crypto/asn1/a_utctm.c
View File

@ -193,7 +193,8 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
{
char *p;
struct tm *ts;
#if defined(THREADS) && !defined(WIN32)
#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
struct tm data;
#endif
@ -202,7 +203,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
if (s == NULL)
return(NULL);
#if defined(THREADS) && !defined(WIN32)
#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */
ts=&data;
#else
@ -248,10 +249,10 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
p=(char *)s->data;
if ((p == NULL) || (s->length < 14))
{
p=Malloc(20);
p=OPENSSL_malloc(20);
if (p == NULL) return(NULL);
if (s->data != NULL)
Free(s->data);
OPENSSL_free(s->data);
s->data=(unsigned char *)p;
}
@ -264,3 +265,84 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
#endif
return(s);
}
int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
{
struct tm *tm;
int offset;
int year;
#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
if (s->data[12] == 'Z')
offset=0;
else
{
offset = g2(s->data+13)*60+g2(s->data+15);
if (s->data[12] == '-')
offset = -offset;
}
t -= offset*60; /* FIXME: may overflow in extreme cases */
#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
{ struct tm data; gmtime_r(&t, &data); tm = &data; }
#else
tm = gmtime(&t);
#endif
#define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1
year = g2(s->data);
if (year < 50)
year += 100;
return_cmp(year, tm->tm_year);
return_cmp(g2(s->data+2) - 1, tm->tm_mon);
return_cmp(g2(s->data+4), tm->tm_mday);
return_cmp(g2(s->data+6), tm->tm_hour);
return_cmp(g2(s->data+8), tm->tm_min);
return_cmp(g2(s->data+10), tm->tm_sec);
#undef g2
#undef return_cmp
return 0;
}
#if 0
time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s)
{
struct tm tm;
int offset;
memset(&tm,'\0',sizeof tm);
#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
tm.tm_year=g2(s->data);
if(tm.tm_year < 50)
tm.tm_year+=100;
tm.tm_mon=g2(s->data+2)-1;
tm.tm_mday=g2(s->data+4);
tm.tm_hour=g2(s->data+6);
tm.tm_min=g2(s->data+8);
tm.tm_sec=g2(s->data+10);
if(s->data[12] == 'Z')
offset=0;
else
{
offset=g2(s->data+13)*60+g2(s->data+15);
if(s->data[12] == '-')
offset= -offset;
}
#undef g2
return mktime(&tm)-offset*60; /* FIXME: mktime assumes the current timezone
* instead of UTC, and unless we rewrite OpenSSL
* in Lisp we cannot locally change the timezone
* without possibly interfering with other parts
* of the program. timegm, which uses UTC, is
* non-standard.
* Also time_t is inappropriate for general
* UTC times because it may a 32 bit type. */
}
#endif

16
crypto/openssl/crypto/asn1/a_utf8.c
View File

@ -133,7 +133,7 @@ int UTF8_getc(const unsigned char *str, int len, unsigned long *val)
if( ((p[1] & 0xc0) != 0x80)
|| ((p[2] & 0xc0) != 0x80)
|| ((p[3] & 0xc0) != 0x80) ) return -3;
value = (*p++ & 0x7) << 18;
value = ((unsigned long)(*p++ & 0x7)) << 18;
value |= (*p++ & 0x3f) << 12;
value |= (*p++ & 0x3f) << 6;
value |= *p++ & 0x3f;
@ -145,9 +145,9 @@ int UTF8_getc(const unsigned char *str, int len, unsigned long *val)
|| ((p[2] & 0xc0) != 0x80)
|| ((p[3] & 0xc0) != 0x80)
|| ((p[4] & 0xc0) != 0x80) ) return -3;
value = (*p++ & 0x3) << 24;
value |= (*p++ & 0x3f) << 18;
value |= (*p++ & 0x3f) << 12;
value = ((unsigned long)(*p++ & 0x3)) << 24;
value |= ((unsigned long)(*p++ & 0x3f)) << 18;
value |= ((unsigned long)(*p++ & 0x3f)) << 12;
value |= (*p++ & 0x3f) << 6;
value |= *p++ & 0x3f;
if(value < 0x200000) return -4;
@ -159,10 +159,10 @@ int UTF8_getc(const unsigned char *str, int len, unsigned long *val)
|| ((p[3] & 0xc0) != 0x80)
|| ((p[4] & 0xc0) != 0x80)
|| ((p[5] & 0xc0) != 0x80) ) return -3;
value = (*p++ & 0x1) << 30;
value |= (*p++ & 0x3f) << 24;
value |= (*p++ & 0x3f) << 18;
value |= (*p++ & 0x3f) << 12;
value = ((unsigned long)(*p++ & 0x1)) << 30;
value |= ((unsigned long)(*p++ & 0x3f)) << 24;
value |= ((unsigned long)(*p++ & 0x3f)) << 18;
value |= ((unsigned long)(*p++ & 0x3f)) << 12;
value |= (*p++ & 0x3f) << 6;
value |= *p++ & 0x3f;
if(value < 0x4000000) return -4;

4
crypto/openssl/crypto/asn1/a_verify.c
View File

@ -88,7 +88,7 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
}
inl=i2d(data,NULL);
buf_in=Malloc((unsigned int)inl);
buf_in=OPENSSL_malloc((unsigned int)inl);
if (buf_in == NULL)
{
ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
@ -101,7 +101,7 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
memset(buf_in,0,(unsigned int)inl);
Free(buf_in);
OPENSSL_free(buf_in);
if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
(unsigned int)signature->length,pkey) <= 0)

162
crypto/openssl/crypto/asn1/asn1.h
View File

@ -59,17 +59,18 @@
#ifndef HEADER_ASN1_H
#define HEADER_ASN1_H
#ifdef __cplusplus
extern "C" {
#endif
#include <time.h>
#ifndef NO_BIO
#include <openssl/bio.h>
#endif
#include <openssl/bn.h>
#include <openssl/stack.h>
#include <openssl/safestack.h>
#ifdef VMS
#include <openssl/vms_idhacks.h>
#include <openssl/symhacks.h>
#ifdef __cplusplus
extern "C" {
#endif
#define V_ASN1_UNIVERSAL 0x00
@ -82,12 +83,15 @@ extern "C" {
#define V_ASN1_PRIMATIVE_TAG 0x1f
#define V_ASN1_APP_CHOOSE -2 /* let the recipient choose */
#define V_ASN1_OTHER -3 /* used in ASN1_TYPE */
#define V_ASN1_NEG 0x100 /* negative flag */
#define V_ASN1_UNDEF -1
#define V_ASN1_EOC 0
#define V_ASN1_BOOLEAN 1 /**/
#define V_ASN1_INTEGER 2
#define V_ASN1_NEG_INTEGER (2+0x100)
#define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG)
#define V_ASN1_BIT_STRING 3
#define V_ASN1_OCTET_STRING 4
#define V_ASN1_NULL 5
@ -96,7 +100,7 @@ extern "C" {
#define V_ASN1_EXTERNAL 8
#define V_ASN1_REAL 9
#define V_ASN1_ENUMERATED 10
#define V_ASN1_NEG_ENUMERATED (10+0x100)
#define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG)
#define V_ASN1_UTF8STRING 12
#define V_ASN1_SEQUENCE 16
#define V_ASN1_SET 17
@ -140,32 +144,10 @@ extern "C" {
#define MBSTRING_UNIV (MBSTRING_FLAG|3)
#define MBSTRING_UTF8 (MBSTRING_FLAG|4)
#define DECLARE_ASN1_SET_OF(type) \
int i2d_ASN1_SET_OF_##type(STACK_OF(type) *a,unsigned char **pp, \
int (*func)(type *,unsigned char **), int ex_tag, \
int ex_class, int is_set); \
STACK_OF(type) *d2i_ASN1_SET_OF_##type(STACK_OF(type) **a,unsigned char **pp, \
long length, \
type *(*func)(type **, \
unsigned char **,long), \
void (*free_func)(type *), \
int ex_tag,int ex_class);
struct X509_algor_st;
#define IMPLEMENT_ASN1_SET_OF(type) \
int i2d_ASN1_SET_OF_##type(STACK_OF(type) *a,unsigned char **pp, \
int (*func)(type *,unsigned char **), int ex_tag, \
int ex_class, int is_set) \
{ return i2d_ASN1_SET((STACK *)a,pp,func,ex_tag,ex_class,is_set); } \
STACK_OF(type) *d2i_ASN1_SET_OF_##type(STACK_OF(type) **a,unsigned char **pp, \
long length, \
type *(*func)(type **, \
unsigned char **,long), \
void (*free_func)(type *), \
int ex_tag,int ex_class) \
{ return (STACK_OF(type) *)d2i_ASN1_SET((STACK **)a,pp,length, \
(char *(*)())func, \
(void (*)())free_func, \
ex_tag,ex_class); }
#define DECLARE_ASN1_SET_OF(type) /* filled in by mkstack.pl */
#define IMPLEMENT_ASN1_SET_OF(type) /* nothing, no longer needed */
typedef struct asn1_ctx_st
{
@ -254,6 +236,7 @@ DECLARE_STACK_OF(ASN1_STRING_TABLE)
#define ASN1_BMPSTRING ASN1_STRING
#define ASN1_VISIBLESTRING ASN1_STRING
#define ASN1_UTF8STRING ASN1_STRING
#define ASN1_BOOLEAN int
#else
typedef struct asn1_string_st ASN1_INTEGER;
typedef struct asn1_string_st ASN1_ENUMERATED;
@ -270,15 +253,99 @@ typedef struct asn1_string_st ASN1_TIME;
typedef struct asn1_string_st ASN1_GENERALIZEDTIME;
typedef struct asn1_string_st ASN1_VISIBLESTRING;
typedef struct asn1_string_st ASN1_UTF8STRING;
typedef int ASN1_BOOLEAN;
#endif
typedef int ASN1_NULL;
/* Parameters used by ASN1_STRING_print_ex() */
/* These determine which characters to escape:
* RFC2253 special characters, control characters and
* MSB set characters
*/
#define ASN1_STRFLGS_ESC_2253 1
#define ASN1_STRFLGS_ESC_CTRL 2
#define ASN1_STRFLGS_ESC_MSB 4
/* This flag determines how we do escaping: normally
* RC2253 backslash only, set this to use backslash and
* quote.
*/
#define ASN1_STRFLGS_ESC_QUOTE 8
/* These three flags are internal use only. */
/* Character is a valid PrintableString character */
#define CHARTYPE_PRINTABLESTRING 0x10
/* Character needs escaping if it is the first character */
#define CHARTYPE_FIRST_ESC_2253 0x20
/* Character needs escaping if it is the last character */
#define CHARTYPE_LAST_ESC_2253 0x40
/* NB the internal flags are safely reused below by flags
* handled at the top level.
*/
/* If this is set we convert all character strings
* to UTF8 first
*/
#define ASN1_STRFLGS_UTF8_CONVERT 0x10
/* If this is set we don't attempt to interpret content:
* just assume all strings are 1 byte per character. This
* will produce some pretty odd looking output!
*/
#define ASN1_STRFLGS_IGNORE_TYPE 0x20
/* If this is set we include the string type in the output */
#define ASN1_STRFLGS_SHOW_TYPE 0x40
/* This determines which strings to display and which to
* 'dump' (hex dump of content octets or DER encoding). We can
* only dump non character strings or everything. If we
* don't dump 'unknown' they are interpreted as character
* strings with 1 octet per character and are subject to
* the usual escaping options.
*/
#define ASN1_STRFLGS_DUMP_ALL 0x80
#define ASN1_STRFLGS_DUMP_UNKNOWN 0x100
/* These determine what 'dumping' does, we can dump the
* content octets or the DER encoding: both use the
* RFC2253 #XXXXX notation.
*/
#define ASN1_STRFLGS_DUMP_DER 0x200
/* All the string flags consistent with RFC2253,
* escaping control characters isn't essential in
* RFC2253 but it is advisable anyway.
*/
#define ASN1_STRFLGS_RFC2253 (ASN1_STRFLGS_ESC_2253 | \
ASN1_STRFLGS_ESC_CTRL | \
ASN1_STRFLGS_ESC_MSB | \
ASN1_STRFLGS_UTF8_CONVERT | \
ASN1_STRFLGS_DUMP_UNKNOWN | \
ASN1_STRFLGS_DUMP_DER)
DECLARE_STACK_OF(ASN1_INTEGER)
DECLARE_ASN1_SET_OF(ASN1_INTEGER)
typedef struct asn1_type_st
{
int type;
union {
char *ptr;
ASN1_BOOLEAN boolean;
ASN1_STRING * asn1_string;
ASN1_OBJECT * object;
ASN1_INTEGER * integer;
@ -520,6 +587,8 @@ void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
ASN1_OBJECT * ASN1_OBJECT_new(void );
void ASN1_OBJECT_free(ASN1_OBJECT *a);
int i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp);
ASN1_OBJECT * c2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
long length);
ASN1_OBJECT * d2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
long length);
@ -542,14 +611,17 @@ unsigned char * ASN1_STRING_data(ASN1_STRING *x);
ASN1_BIT_STRING * ASN1_BIT_STRING_new(void);
void ASN1_BIT_STRING_free(ASN1_BIT_STRING *a);
int i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp);
int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp);
ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,unsigned char **pp,
long length);
ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,unsigned char **pp,
long length);
int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d,
int length );
int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);
#ifdef HEADER_BIO_H
#ifndef NO_BIO
int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
BIT_STRING_BITNAME *tbl, int indent);
#endif
@ -563,8 +635,11 @@ int d2i_ASN1_BOOLEAN(int *a,unsigned char **pp,long length);
ASN1_INTEGER * ASN1_INTEGER_new(void);
void ASN1_INTEGER_free(ASN1_INTEGER *a);
int i2d_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);
int i2c_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);
ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,
long length);
ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,
long length);
ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,unsigned char **pp,
long length);
ASN1_INTEGER * ASN1_INTEGER_dup(ASN1_INTEGER *x);
@ -579,6 +654,10 @@ ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a,unsigned char **pp,
int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);
int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str);
int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
#if 0
time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s);
#endif
int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t);
@ -673,10 +752,10 @@ ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t);
int i2d_ASN1_SET(STACK *a, unsigned char **pp,
int (*func)(), int ex_tag, int ex_class, int is_set);
STACK * d2i_ASN1_SET(STACK **a, unsigned char **pp, long length,
char *(*func)(), void (*free_func)(),
char *(*func)(), void (*free_func)(void *),
int ex_tag, int ex_class);
#ifdef HEADER_BIO_H
#ifndef NO_BIO
int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size);
int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a);
@ -729,16 +808,21 @@ char *ASN1_dup(int (*i2d)(),char *(*d2i)(),char *x);
#ifndef NO_FP_API
char *ASN1_d2i_fp(char *(*xnew)(),char *(*d2i)(),FILE *fp,unsigned char **x);
int ASN1_i2d_fp(int (*i2d)(),FILE *out,unsigned char *x);
int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);
#endif
#ifdef HEADER_BIO_H
int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in);
#ifndef NO_BIO
char *ASN1_d2i_bio(char *(*xnew)(),char *(*d2i)(),BIO *bp,unsigned char **x);
int ASN1_i2d_bio(int (*i2d)(),BIO *out,unsigned char *x);
int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a);
int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a);
int ASN1_TIME_print(BIO *fp,ASN1_TIME *a);
int ASN1_STRING_print(BIO *bp,ASN1_STRING *v);
int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags);
int ASN1_parse(BIO *bp,unsigned char *pp,long len,int indent);
int ASN1_parse_dump(BIO *bp,unsigned char *pp,long len,int indent,int dump);
#endif
const char *ASN1_tag2str(int tag);
@ -768,9 +852,9 @@ int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num,
unsigned char *data, int max_len);
STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(),
void (*free_func)() );
void (*free_func)(void *) );
unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf,
int *len );
int *len );
void *ASN1_unpack_string(ASN1_STRING *oct, char *(*d2i)());
ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_OCTET_STRING **oct);

23
crypto/openssl/crypto/asn1/asn1_lib.c
View File

@ -181,7 +181,7 @@ void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag,
int xclass)
{
unsigned char *p= *pp;
int i;
int i, ttag;
i=(constructed)?V_ASN1_CONSTRUCTED:0;
i|=(xclass&V_ASN1_PRIVATE);
@ -190,12 +190,15 @@ void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag,
else
{
*(p++)=i|V_ASN1_PRIMITIVE_TAG;
while (tag > 0x7f)
for(i = 0, ttag = tag; ttag > 0; i++) ttag >>=7;
ttag = i;
while(i-- > 0)
{
*(p++)=(tag&0x7f)|0x80;
tag>>=7;
p[i] = tag & 0x7f;
if(i != (ttag - 1)) p[i] |= 0x80;
tag >>= 7;
}
*(p++)=(tag&0x7f);
p += ttag;
}
if ((constructed == 2) && (length == 0))
*(p++)=0x80; /* der_put_length would output 0 instead */
@ -335,9 +338,9 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
{
c=str->data;
if (c == NULL)
str->data=Malloc(len+1);
str->data=OPENSSL_malloc(len+1);
else
str->data=Realloc(c,len+1);
str->data=OPENSSL_realloc(c,len+1);
if (str->data == NULL)
{
@ -365,7 +368,7 @@ ASN1_STRING *ASN1_STRING_type_new(int type)
{
ASN1_STRING *ret;
ret=(ASN1_STRING *)Malloc(sizeof(ASN1_STRING));
ret=(ASN1_STRING *)OPENSSL_malloc(sizeof(ASN1_STRING));
if (ret == NULL)
{
ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW,ERR_R_MALLOC_FAILURE);
@ -381,8 +384,8 @@ ASN1_STRING *ASN1_STRING_type_new(int type)
void ASN1_STRING_free(ASN1_STRING *a)
{
if (a == NULL) return;
if (a->data != NULL) Free(a->data);
Free(a);
if (a->data != NULL) OPENSSL_free(a->data);
OPENSSL_free(a);
}
int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b)

6
crypto/openssl/crypto/asn1/asn1_mac.h
View File

@ -59,12 +59,12 @@
#ifndef HEADER_ASN1_MAC_H
#define HEADER_ASN1_MAC_H
#include <openssl/asn1.h>
#ifdef __cplusplus
extern "C" {
#endif
#include <openssl/asn1.h>
#ifndef ASN1_MAC_ERR_LIB
#define ASN1_MAC_ERR_LIB ERR_LIB_ASN1
#endif
@ -340,7 +340,7 @@ err:\
/* New macros */
#define M_ASN1_New_Malloc(ret,type) \
if ((ret=(type *)Malloc(sizeof(type))) == NULL) \
if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \
{ c.line=__LINE__; goto err2; }
#define M_ASN1_New(arg,func) \

48
crypto/openssl/crypto/asn1/asn1_par.c
View File

@ -65,7 +65,7 @@
static int asn1_print_info(BIO *bp, int tag, int xclass,int constructed,
int indent);
static int asn1_parse2(BIO *bp, unsigned char **pp, long length,
int offset, int depth, int indent);
int offset, int depth, int indent, int dump);
static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
int indent)
{
@ -110,11 +110,16 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
int ASN1_parse(BIO *bp, unsigned char *pp, long len, int indent)
{
return(asn1_parse2(bp,&pp,len,0,0,indent));
return(asn1_parse2(bp,&pp,len,0,0,indent,0));
}
int ASN1_parse_dump(BIO *bp, unsigned char *pp, long len, int indent, int dump)
{
return(asn1_parse2(bp,&pp,len,0,0,indent,dump));
}
static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
int depth, int indent)
int depth, int indent, int dump)
{
unsigned char *p,*ep,*tot,*op,*opp;
long len;
@ -123,7 +128,13 @@ static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
ASN1_OBJECT *o=NULL;
ASN1_OCTET_STRING *os=NULL;
/* ASN1_BMPSTRING *bmp=NULL;*/
int dump_indent;
#if 0
dump_indent = indent;
#else
dump_indent = 6; /* Because we know BIO_dump_indent() */
#endif
p= *pp;
tot=p+length;
op=p-1;
@ -178,7 +189,7 @@ static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
{
r=asn1_parse2(bp,&p,(long)(tot-p),
offset+(p - *pp),depth+1,
indent);
indent,dump);
if (r == 0) { ret=0; goto end; }
if ((r == 2) || (p >= tot)) break;
}
@ -188,7 +199,7 @@ static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
{
r=asn1_parse2(bp,&p,(long)len,
offset+(p - *pp),depth+1,
indent);
indent,dump);
if (r == 0) { ret=0; goto end; }
}
}
@ -273,6 +284,20 @@ static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
os->length) <= 0)
goto end;
}
if (!printable && (os->length > 0)
&& dump)
{
if (!nl)
{
if (BIO_write(bp,"\n",1) <= 0)
goto end;
}
if (BIO_dump_indent(bp,(char *)opp,
((dump == -1 || dump > os->length)?os->length:dump),
dump_indent) <= 0)
goto end;
nl=1;
}
M_ASN1_OCTET_STRING_free(os);
os=NULL;
}
@ -341,6 +366,19 @@ static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
}
M_ASN1_ENUMERATED_free(bs);
}
else if (len > 0 && dump)
{
if (!nl)
{
if (BIO_write(bp,"\n",1) <= 0)
goto end;
}
if (BIO_dump_indent(bp,(char *)p,
((dump == -1 || dump > len)?len:dump),
dump_indent) <= 0)
goto end;
nl=1;
}
if (!nl)
{

8
crypto/openssl/crypto/asn1/asn_pack.c
View File

@ -65,7 +65,7 @@
/* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */
STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(),
void (*free_func)())
void (*free_func)(void *))
{
STACK *sk;
unsigned char *pbuf;
@ -77,7 +77,7 @@ STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(),
}
/* Turn a STACK structures into an ASN1 encoded SEQUENCE OF structure in a
* Malloc'ed buffer
* OPENSSL_malloc'ed buffer
*/
unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf,
@ -90,7 +90,7 @@ unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf,
ASN1err(ASN1_F_ASN1_SEQ_PACK,ASN1_R_ENCODE_ERROR);
return NULL;
}
if (!(safe = Malloc (safelen))) {
if (!(safe = OPENSSL_malloc (safelen))) {
ASN1err(ASN1_F_ASN1_SEQ_PACK,ERR_R_MALLOC_FAILURE);
return NULL;
}
@ -134,7 +134,7 @@ ASN1_STRING *ASN1_pack_string (void *obj, int (*i2d)(), ASN1_STRING **oct)
ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR);
return NULL;
}
if (!(p = Malloc (octmp->length))) {
if (!(p = OPENSSL_malloc (octmp->length))) {
ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
return NULL;
}

15
crypto/openssl/crypto/asn1/charmap.h Normal file
View File

@ -0,0 +1,15 @@
/* Auto generated with chartype.pl script.
* Mask of various character properties
*/
static unsigned char char_type[] = {
2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
120, 0, 1,40, 0, 0, 0,16,16,16, 0,25,25,16,16,16,
16,16,16,16,16,16,16,16,16,16,16, 9, 9,16, 9,16,
0,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,
16,16,16,16,16,16,16,16,16,16,16, 0, 1, 0, 0, 0,
0,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,
16,16,16,16,16,16,16,16,16,16,16, 0, 0, 0, 0, 2
};

80
crypto/openssl/crypto/asn1/charmap.pl Normal file
View File

@ -0,0 +1,80 @@
#!/usr/local/bin/perl -w
use strict;
my ($i, @arr);
# Set up an array with the type of ASCII characters
# Each set bit represents a character property.
# RFC2253 character properties
my $RFC2253_ESC = 1; # Character escaped with \
my $ESC_CTRL = 2; # Escaped control character
# These are used with RFC1779 quoting using "
my $NOESC_QUOTE = 8; # Not escaped if quoted
my $PSTRING_CHAR = 0x10; # Valid PrintableString character
my $RFC2253_FIRST_ESC = 0x20; # Escaped with \ if first character
my $RFC2253_LAST_ESC = 0x40; # Escaped with \ if last character
for($i = 0; $i < 128; $i++) {
# Set the RFC2253 escape characters (control)
$arr[$i] = 0;
if(($i < 32) || ($i > 126)) {
$arr[$i] |= $ESC_CTRL;
}
# Some PrintableString characters
if( ( ( $i >= ord("a")) && ( $i <= ord("z")) )
|| ( ( $i >= ord("A")) && ( $i <= ord("Z")) )
|| ( ( $i >= ord("0")) && ( $i <= ord("9")) ) ) {
$arr[$i] |= $PSTRING_CHAR;
}
}
# Now setup the rest
# Remaining RFC2253 escaped characters
$arr[ord(" ")] |= $NOESC_QUOTE | $RFC2253_FIRST_ESC | $RFC2253_LAST_ESC;
$arr[ord("#")] |= $NOESC_QUOTE | $RFC2253_FIRST_ESC;
$arr[ord(",")] |= $NOESC_QUOTE | $RFC2253_ESC;
$arr[ord("+")] |= $NOESC_QUOTE | $RFC2253_ESC;
$arr[ord("\"")] |= $RFC2253_ESC;
$arr[ord("\\")] |= $RFC2253_ESC;
$arr[ord("<")] |= $NOESC_QUOTE | $RFC2253_ESC;
$arr[ord(">")] |= $NOESC_QUOTE | $RFC2253_ESC;
$arr[ord(";")] |= $NOESC_QUOTE | $RFC2253_ESC;
# Remaining PrintableString characters
$arr[ord(" ")] |= $PSTRING_CHAR;
$arr[ord("'")] |= $PSTRING_CHAR;
$arr[ord("(")] |= $PSTRING_CHAR;
$arr[ord(")")] |= $PSTRING_CHAR;
$arr[ord("+")] |= $PSTRING_CHAR;
$arr[ord(",")] |= $PSTRING_CHAR;
$arr[ord("-")] |= $PSTRING_CHAR;
$arr[ord(".")] |= $PSTRING_CHAR;
$arr[ord("/")] |= $PSTRING_CHAR;
$arr[ord(":")] |= $PSTRING_CHAR;
$arr[ord("=")] |= $PSTRING_CHAR;
$arr[ord("?")] |= $PSTRING_CHAR;
# Now generate the C code
print <<EOF;
/* Auto generated with chartype.pl script.
* Mask of various character properties
*/
static unsigned char char_type[] = {
EOF
for($i = 0; $i < 128; $i++) {
print("\n") if($i && (($i % 16) == 0));
printf("%2d", $arr[$i]);
print(",") if ($i != 127);
}
print("\n};\n\n");

2
crypto/openssl/crypto/asn1/d2i_dsap.c
View File

@ -64,7 +64,7 @@
#include <openssl/objects.h>
#include <openssl/asn1_mac.h>
#ifdef NEG_PUBKEY_BUG
#ifndef NO_NEG_PUBKEY_BUG
#define d2i_ASN1_INTEGER d2i_ASN1_UINTEGER
#endif

2
crypto/openssl/crypto/asn1/d2i_r_pu.c
View File

@ -64,7 +64,7 @@
#include <openssl/objects.h>
#include <openssl/asn1_mac.h>
#ifdef NEG_PUBKEY_BUG
#ifndef NO_NEG_PUBKEY_BUG
#define d2i_ASN1_INTEGER d2i_ASN1_UINTEGER
#endif

1
crypto/openssl/crypto/asn1/d2i_s_pr.c
View File

@ -92,6 +92,7 @@ DSA *d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length)
== NULL) goto err_bn;
M_ASN1_INTEGER_free(bs);
bs = NULL;
M_ASN1_D2I_Finish_2(a);
err_bn:

2
crypto/openssl/crypto/asn1/d2i_s_pu.c
View File

@ -66,7 +66,7 @@
#include <openssl/objects.h>
#include <openssl/asn1_mac.h>
#ifdef NEG_PUBKEY_BUG
#ifndef NO_NEG_PUBKEY_BUG
#define d2i_ASN1_INTEGER d2i_ASN1_UINTEGER
#endif

6
crypto/openssl/crypto/asn1/f_enum.c
View File

@ -153,15 +153,15 @@ int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)
if (num+i > slen)
{
if (s == NULL)
sp=(unsigned char *)Malloc(
sp=(unsigned char *)OPENSSL_malloc(
(unsigned int)num+i*2);
else
sp=(unsigned char *)Realloc(s,
sp=(unsigned char *)OPENSSL_realloc(s,
(unsigned int)num+i*2);
if (sp == NULL)
{
ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
if (s != NULL) Free(s);
if (s != NULL) OPENSSL_free(s);
goto err;
}
s=sp;

6
crypto/openssl/crypto/asn1/f_int.c
View File

@ -160,15 +160,15 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
if (num+i > slen)
{
if (s == NULL)
sp=(unsigned char *)Malloc(
sp=(unsigned char *)OPENSSL_malloc(
(unsigned int)num+i*2);
else
sp=(unsigned char *)Realloc(s,
sp=(unsigned char *)OPENSSL_realloc(s,
(unsigned int)num+i*2);
if (sp == NULL)
{
ASN1err(ASN1_F_A2I_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
if (s != NULL) Free(s);
if (s != NULL) OPENSSL_free(s);
goto err;
}
s=sp;

6
crypto/openssl/crypto/asn1/f_string.c
View File

@ -158,15 +158,15 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
if (num+i > slen)
{
if (s == NULL)
sp=(unsigned char *)Malloc(
sp=(unsigned char *)OPENSSL_malloc(
(unsigned int)num+i*2);
else
sp=(unsigned char *)Realloc(s,
sp=(unsigned char *)OPENSSL_realloc(s,
(unsigned int)num+i*2);
if (sp == NULL)
{
ASN1err(ASN1_F_A2I_ASN1_STRING,ERR_R_MALLOC_FAILURE);
if (s != NULL) Free(s);
if (s != NULL) OPENSSL_free(s);
goto err;
}
s=sp;

4
crypto/openssl/crypto/asn1/i2d_dhp.c
View File

@ -105,7 +105,7 @@ int i2d_DHparams(DH *a, unsigned char **pp)
ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
bs.type=V_ASN1_INTEGER;
bs.data=(unsigned char *)Malloc(max+4);
bs.data=(unsigned char *)OPENSSL_malloc(max+4);
if (bs.data == NULL)
{
ASN1err(ASN1_F_I2D_DHPARAMS,ERR_R_MALLOC_FAILURE);
@ -118,7 +118,7 @@ int i2d_DHparams(DH *a, unsigned char **pp)
bs.length=BN_bn2bin(num[i],bs.data);
i2d_ASN1_INTEGER(&bs,&p);
}
Free(bs.data);
OPENSSL_free(bs.data);
ret=t;
err:
if (num[2] != NULL) BN_free(num[2]);

4
crypto/openssl/crypto/asn1/i2d_dsap.c
View File

@ -94,7 +94,7 @@ int i2d_DSAparams(DSA *a, unsigned char **pp)
ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
bs.type=V_ASN1_INTEGER;
bs.data=(unsigned char *)Malloc(max+4);
bs.data=(unsigned char *)OPENSSL_malloc(max+4);
if (bs.data == NULL)
{
ASN1err(ASN1_F_I2D_DSAPARAMS,ERR_R_MALLOC_FAILURE);
@ -107,7 +107,7 @@ int i2d_DSAparams(DSA *a, unsigned char **pp)
bs.length=BN_bn2bin(num[i],bs.data);
i2d_ASN1_INTEGER(&bs,&p);
}
Free(bs.data);
OPENSSL_free(bs.data);
ret=t;
err:
*pp=p;

4
crypto/openssl/crypto/asn1/i2d_r_pr.c
View File

@ -107,7 +107,7 @@ int i2d_RSAPrivateKey(RSA *a, unsigned char **pp)
i2d_ASN1_INTEGER(&bs,&p);
bs.data=(unsigned char *)Malloc(max+4);
bs.data=(unsigned char *)OPENSSL_malloc(max+4);
if (bs.data == NULL)
{
ASN1err(ASN1_F_I2D_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
@ -119,7 +119,7 @@ int i2d_RSAPrivateKey(RSA *a, unsigned char **pp)
bs.length=BN_bn2bin(num[i],bs.data);
i2d_ASN1_INTEGER(&bs,&p);
}
Free(bs.data);
OPENSSL_free(bs.data);
*pp=p;
return(t);
}

4
crypto/openssl/crypto/asn1/i2d_r_pu.c
View File

@ -93,7 +93,7 @@ int i2d_RSAPublicKey(RSA *a, unsigned char **pp)
ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
bs.type=V_ASN1_INTEGER;
bs.data=(unsigned char *)Malloc(max+4);
bs.data=(unsigned char *)OPENSSL_malloc(max+4);
if (bs.data == NULL)
{
ASN1err(ASN1_F_I2D_RSAPUBLICKEY,ERR_R_MALLOC_FAILURE);
@ -105,7 +105,7 @@ int i2d_RSAPublicKey(RSA *a, unsigned char **pp)
bs.length=BN_bn2bin(num[i],bs.data);
i2d_ASN1_INTEGER(&bs,&p);
}
Free(bs.data);
OPENSSL_free(bs.data);
*pp=p;
return(t);
}

4
crypto/openssl/crypto/asn1/i2d_s_pr.c
View File

@ -104,7 +104,7 @@ int i2d_DSAPrivateKey(DSA *a, unsigned char **pp)
i2d_ASN1_INTEGER(&bs,&p);
bs.data=(unsigned char *)Malloc(max+4);
bs.data=(unsigned char *)OPENSSL_malloc(max+4);
if (bs.data == NULL)
{
ASN1err(ASN1_F_I2D_DSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
@ -116,7 +116,7 @@ int i2d_DSAPrivateKey(DSA *a, unsigned char **pp)
bs.length=BN_bn2bin(num[i],bs.data);
i2d_ASN1_INTEGER(&bs,&p);
}
Free(bs.data);
OPENSSL_free(bs.data);
*pp=p;
return(t);
}

4
crypto/openssl/crypto/asn1/i2d_s_pu.c
View File

@ -109,7 +109,7 @@ int i2d_DSAPublicKey(DSA *a, unsigned char **pp)
ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
bs.type=V_ASN1_INTEGER;
bs.data=(unsigned char *)Malloc(max+4);
bs.data=(unsigned char *)OPENSSL_malloc(max+4);
if (bs.data == NULL)
{
ASN1err(ASN1_F_I2D_DSAPUBLICKEY,ERR_R_MALLOC_FAILURE);
@ -121,7 +121,7 @@ int i2d_DSAPublicKey(DSA *a, unsigned char **pp)
bs.length=BN_bn2bin(num[i],bs.data);
i2d_ASN1_INTEGER(&bs,&p);
}
Free(bs.data);
OPENSSL_free(bs.data);
*pp=p;
if(all) return(t);
else return(tot);

62
crypto/openssl/crypto/asn1/n_pkey.c
View File

@ -81,6 +81,11 @@ static NETSCAPE_PKEY *NETSCAPE_PKEY_new(void);
static void NETSCAPE_PKEY_free(NETSCAPE_PKEY *);
int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)())
{
return i2d_RSA_NET(a, pp, cb, 0);
}
int i2d_RSA_NET(RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
{
int i,j,l[6];
NETSCAPE_PKEY *pkey;
@ -139,8 +144,8 @@ int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)())
}
if (pkey->private_key->data != NULL)
Free(pkey->private_key->data);
if ((pkey->private_key->data=(unsigned char *)Malloc(l[0])) == NULL)
OPENSSL_free(pkey->private_key->data);
if ((pkey->private_key->data=(unsigned char *)OPENSSL_malloc(l[0])) == NULL)
{
ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
goto err;
@ -148,7 +153,7 @@ int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)())
zz=pkey->private_key->data;
i2d_RSAPrivateKey(a,&zz);
if ((os2.data=(unsigned char *)Malloc(os2.length)) == NULL)
if ((os2.data=(unsigned char *)OPENSSL_malloc(os2.length)) == NULL)
{
ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
goto err;
@ -164,8 +169,18 @@ int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)())
ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ASN1_R_BAD_PASSWORD_READ);
goto err;
}
EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,
strlen((char *)buf),1,key,NULL);
i = strlen((char *)buf);
/* If the key is used for SGC the algorithm is modified a little. */
if(sgckey){
EVP_MD_CTX mctx;
EVP_DigestInit(&mctx, EVP_md5());
EVP_DigestUpdate(&mctx, buf, i);
EVP_DigestFinal(&mctx, buf, NULL);
memcpy(buf + 16, "SGCKEYSALT", 10);
i = 26;
}
EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
memset(buf,0,256);
EVP_CIPHER_CTX_init(&ctx);
@ -182,14 +197,20 @@ int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)())
i2d_ASN1_OCTET_STRING(&os2,&p);
ret=l[5];
err:
if (os2.data != NULL) Free(os2.data);
if (os2.data != NULL) OPENSSL_free(os2.data);
if (alg != NULL) X509_ALGOR_free(alg);
if (pkey != NULL) NETSCAPE_PKEY_free(pkey);
r=r;
return(ret);
}
RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)())
{
return d2i_RSA_NET(a, pp, length, cb, 0);
}
RSA *d2i_RSA_NET(RSA **a, unsigned char **pp, long length, int (*cb)(), int sgckey)
{
RSA *ret=NULL;
ASN1_OCTET_STRING *os=NULL;
@ -210,14 +231,24 @@ RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)())
}
M_ASN1_BIT_STRING_free(os);
c.q=c.p;
if ((ret=d2i_Netscape_RSA_2(a,&c.p,c.slen,cb)) == NULL) goto err;
c.slen-=(c.p-c.q);
if ((ret=d2i_RSA_NET_2(a,&c.p,c.slen,cb, sgckey)) == NULL) goto err;
/* Note: some versions of IIS key files use length values that are
* too small for the surrounding SEQUENCEs. This following line
* effectively disable length checking.
*/
c.slen = 0;
M_ASN1_D2I_Finish(a,RSA_free,ASN1_F_D2I_NETSCAPE_RSA);
}
RSA *d2i_Netscape_RSA_2(RSA **a, unsigned char **pp, long length,
int (*cb)())
{
return d2i_RSA_NET_2(a, pp, length, cb, 0);
}
RSA *d2i_RSA_NET_2(RSA **a, unsigned char **pp, long length,
int (*cb)(), int sgckey)
{
NETSCAPE_PKEY *pkey=NULL;
RSA *ret=NULL;
@ -250,8 +281,17 @@ RSA *d2i_Netscape_RSA_2(RSA **a, unsigned char **pp, long length,
goto err;
}
EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,
strlen((char *)buf),1,key,NULL);
i = strlen((char *)buf);
if(sgckey){
EVP_MD_CTX mctx;
EVP_DigestInit(&mctx, EVP_md5());
EVP_DigestUpdate(&mctx, buf, i);
EVP_DigestFinal(&mctx, buf, NULL);
memcpy(buf + 16, "SGCKEYSALT", 10);
i = 26;
}
EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
memset(buf,0,256);
EVP_CIPHER_CTX_init(&ctx);
@ -334,7 +374,7 @@ static void NETSCAPE_PKEY_free(NETSCAPE_PKEY *a)
M_ASN1_INTEGER_free(a->version);
X509_ALGOR_free(a->algor);
M_ASN1_OCTET_STRING_free(a->private_key);
Free(a);
OPENSSL_free(a);
}
#endif /* NO_RC4 */

Some files were not shown because too many files have changed in this diff Show More