Initial import of OpenSSL 0.9.6
This commit is contained in:
parent
07c567b8ec
commit
ddd58736f0
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/vendor-crypto/openssl/dist/; revision=68651
@ -2,6 +2,678 @@
|
|||||||
OpenSSL CHANGES
|
OpenSSL CHANGES
|
||||||
_______________
|
_______________
|
||||||
|
|
||||||
|
Changes between 0.9.5a and 0.9.6 [24 Sep 2000]
|
||||||
|
|
||||||
|
*) In ssl23_get_client_hello, generate an error message when faced
|
||||||
|
with an initial SSL 3.0/TLS record that is too small to contain the
|
||||||
|
first two bytes of the ClientHello message, i.e. client_version.
|
||||||
|
(Note that this is a pathologic case that probably has never happened
|
||||||
|
in real life.) The previous approach was to use the version number
|
||||||
|
from the record header as a substitute; but our protocol choice
|
||||||
|
should not depend on that one because it is not authenticated
|
||||||
|
by the Finished messages.
|
||||||
|
[Bodo Moeller]
|
||||||
|
|
||||||
|
*) More robust randomness gathering functions for Windows.
|
||||||
|
[Jeffrey Altman <jaltman@columbia.edu>]
|
||||||
|
|
||||||
|
*) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is
|
||||||
|
not set then we don't setup the error code for issuer check errors
|
||||||
|
to avoid possibly overwriting other errors which the callback does
|
||||||
|
handle. If an application does set the flag then we assume it knows
|
||||||
|
what it is doing and can handle the new informational codes
|
||||||
|
appropriately.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
|
*) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for
|
||||||
|
a general "ANY" type, as such it should be able to decode anything
|
||||||
|
including tagged types. However it didn't check the class so it would
|
||||||
|
wrongly interpret tagged types in the same way as their universal
|
||||||
|
counterpart and unknown types were just rejected. Changed so that the
|
||||||
|
tagged and unknown types are handled in the same way as a SEQUENCE:
|
||||||
|
that is the encoding is stored intact. There is also a new type
|
||||||
|
"V_ASN1_OTHER" which is used when the class is not universal, in this
|
||||||
|
case we have no idea what the actual type is so we just lump them all
|
||||||
|
together.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
|
*) On VMS, stdout may very well lead to a file that is written to
|
||||||
|
in a record-oriented fashion. That means that every write() will
|
||||||
|
write a separate record, which will be read separately by the
|
||||||
|
programs trying to read from it. This can be very confusing.
|
||||||
|
|
||||||
|
The solution is to put a BIO filter in the way that will buffer
|
||||||
|
text until a linefeed is reached, and then write everything a
|
||||||
|
line at a time, so every record written will be an actual line,
|
||||||
|
not chunks of lines and not (usually doesn't happen, but I've
|
||||||
|
seen it once) several lines in one record. BIO_f_linebuffer() is
|
||||||
|
the answer.
|
||||||
|
|
||||||
|
Currently, it's a VMS-only method, because that's where it has
|
||||||
|
been tested well enough.
|
||||||
|
[Richard Levitte]
|
||||||
|
|
||||||
|
*) Remove 'optimized' squaring variant in BN_mod_mul_montgomery,
|
||||||
|
it can return incorrect results.
|
||||||
|
(Note: The buggy variant was not enabled in OpenSSL 0.9.5a,
|
||||||
|
but it was in 0.9.6-beta[12].)
|
||||||
|
[Bodo Moeller]
|
||||||
|
|
||||||
|
*) Disable the check for content being present when verifying detached
|
||||||
|
signatures in pk7_smime.c. Some versions of Netscape (wrongly)
|
||||||
|
include zero length content when signing messages.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
|
*) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR
|
||||||
|
BIO_ctrl (for BIO pairs).
|
||||||
|
[Bodo Möller]
|
||||||
|
|
||||||
|
*) Add DSO method for VMS.
|
||||||
|
[Richard Levitte]
|
||||||
|
|
||||||
|
*) Bug fix: Montgomery multiplication could produce results with the
|
||||||
|
wrong sign.
|
||||||
|
[Ulf Möller]
|
||||||
|
|
||||||
|
*) Add RPM specification openssl.spec and modify it to build three
|
||||||
|
packages. The default package contains applications, application
|
||||||
|
documentation and run-time libraries. The devel package contains
|
||||||
|
include files, static libraries and function documentation. The
|
||||||
|
doc package contains the contents of the doc directory. The original
|
||||||
|
openssl.spec was provided by Damien Miller <djm@mindrot.org>.
|
||||||
|
[Richard Levitte]
|
||||||
|
|
||||||
|
*) Add a large number of documentation files for many SSL routines.
|
||||||
|
[Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>]
|
||||||
|
|
||||||
|
*) Add a configuration entry for Sony News 4.
|
||||||
|
[NAKAJI Hiroyuki <nakaji@tutrp.tut.ac.jp>]
|
||||||
|
|
||||||
|
*) Don't set the two most significant bits to one when generating a
|
||||||
|
random number < q in the DSA library.
|
||||||
|
[Ulf Möller]
|
||||||
|
|
||||||
|
*) New SSL API mode 'SSL_MODE_AUTO_RETRY'. This disables the default
|
||||||
|
behaviour that SSL_read may result in SSL_ERROR_WANT_READ (even if
|
||||||
|
the underlying transport is blocking) if a handshake took place.
|
||||||
|
(The default behaviour is needed by applications such as s_client
|
||||||
|
and s_server that use select() to determine when to use SSL_read;
|
||||||
|
but for applications that know in advance when to expect data, it
|
||||||
|
just makes things more complicated.)
|
||||||
|
[Bodo Moeller]
|
||||||
|
|
||||||
|
*) Add RAND_egd_bytes(), which gives control over the number of bytes read
|
||||||
|
from EGD.
|
||||||
|
[Ben Laurie]
|
||||||
|
|
||||||
|
*) Add a few more EBCDIC conditionals that make `req' and `x509'
|
||||||
|
work better on such systems.
|
||||||
|
[Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>]
|
||||||
|
|
||||||
|
*) Add two demo programs for PKCS12_parse() and PKCS12_create().
|
||||||
|
Update PKCS12_parse() so it copies the friendlyName and the
|
||||||
|
keyid to the certificates aux info.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
|
*) Fix bug in PKCS7_verify() which caused an infinite loop
|
||||||
|
if there was more than one signature.
|
||||||
|
[Sven Uszpelkat <su@celocom.de>]
|
||||||
|
|
||||||
|
*) Major change in util/mkdef.pl to include extra information
|
||||||
|
about each symbol, as well as presentig variables as well
|
||||||
|
as functions. This change means that there's n more need
|
||||||
|
to rebuild the .num files when some algorithms are excluded.
|
||||||
|
[Richard Levitte]
|
||||||
|
|
||||||
|
*) Allow the verify time to be set by an application,
|
||||||
|
rather than always using the current time.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
|
*) Phase 2 verify code reorganisation. The certificate
|
||||||
|
verify code now looks up an issuer certificate by a
|
||||||
|
number of criteria: subject name, authority key id
|
||||||
|
and key usage. It also verifies self signed certificates
|
||||||
|
by the same criteria. The main comparison function is
|
||||||
|
X509_check_issued() which performs these checks.
|
||||||
|
|
||||||
|
Lot of changes were necessary in order to support this
|
||||||
|
without completely rewriting the lookup code.
|
||||||
|
|
||||||
|
Authority and subject key identifier are now cached.
|
||||||
|
|
||||||
|
The LHASH 'certs' is X509_STORE has now been replaced
|
||||||
|
by a STACK_OF(X509_OBJECT). This is mainly because an
|
||||||
|
LHASH can't store or retrieve multiple objects with
|
||||||
|
the same hash value.
|
||||||
|
|
||||||
|
As a result various functions (which were all internal
|
||||||
|
use only) have changed to handle the new X509_STORE
|
||||||
|
structure. This will break anything that messed round
|
||||||
|
with X509_STORE internally.
|
||||||
|
|
||||||
|
The functions X509_STORE_add_cert() now checks for an
|
||||||
|
exact match, rather than just subject name.
|
||||||
|
|
||||||
|
The X509_STORE API doesn't directly support the retrieval
|
||||||
|
of multiple certificates matching a given criteria, however
|
||||||
|
this can be worked round by performing a lookup first
|
||||||
|
(which will fill the cache with candidate certificates)
|
||||||
|
and then examining the cache for matches. This is probably
|
||||||
|
the best we can do without throwing out X509_LOOKUP
|
||||||
|
entirely (maybe later...).
|
||||||
|
|
||||||
|
The X509_VERIFY_CTX structure has been enhanced considerably.
|
||||||
|
|
||||||
|
All certificate lookup operations now go via a get_issuer()
|
||||||
|
callback. Although this currently uses an X509_STORE it
|
||||||
|
can be replaced by custom lookups. This is a simple way
|
||||||
|
to bypass the X509_STORE hackery necessary to make this
|
||||||
|
work and makes it possible to use more efficient techniques
|
||||||
|
in future. A very simple version which uses a simple
|
||||||
|
STACK for its trusted certificate store is also provided
|
||||||
|
using X509_STORE_CTX_trusted_stack().
|
||||||
|
|
||||||
|
The verify_cb() and verify() callbacks now have equivalents
|
||||||
|
in the X509_STORE_CTX structure.
|
||||||
|
|
||||||
|
X509_STORE_CTX also has a 'flags' field which can be used
|
||||||
|
to customise the verify behaviour.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
|
*) Add new PKCS#7 signing option PKCS7_NOSMIMECAP which
|
||||||
|
excludes S/MIME capabilities.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
|
*) When a certificate request is read in keep a copy of the
|
||||||
|
original encoding of the signed data and use it when outputing
|
||||||
|
again. Signatures then use the original encoding rather than
|
||||||
|
a decoded, encoded version which may cause problems if the
|
||||||
|
request is improperly encoded.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
|
*) For consistency with other BIO_puts implementations, call
|
||||||
|
buffer_write(b, ...) directly in buffer_puts instead of calling
|
||||||
|
BIO_write(b, ...).
|
||||||
|
|
||||||
|
In BIO_puts, increment b->num_write as in BIO_write.
|
||||||
|
[Peter.Sylvester@EdelWeb.fr]
|
||||||
|
|
||||||
|
*) Fix BN_mul_word for the case where the word is 0. (We have to use
|
||||||
|
BN_zero, we may not return a BIGNUM with an array consisting of
|
||||||
|
words set to zero.)
|
||||||
|
[Bodo Moeller]
|
||||||
|
|
||||||
|
*) Avoid calling abort() from within the library when problems are
|
||||||
|
detected, except if preprocessor symbols have been defined
|
||||||
|
(such as REF_CHECK, BN_DEBUG etc.).
|
||||||
|
[Bodo Moeller]
|
||||||
|
|
||||||
|
*) New openssl application 'rsautl'. This utility can be
|
||||||
|
used for low level RSA operations. DER public key
|
||||||
|
BIO/fp routines also added.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
|
*) New Configure entry and patches for compiling on QNX 4.
|
||||||
|
[Andreas Schneider <andreas@ds3.etech.fh-hamburg.de>]
|
||||||
|
|
||||||
|
*) A demo state-machine implementation was sponsored by
|
||||||
|
Nuron (http://www.nuron.com/) and is now available in
|
||||||
|
demos/state_machine.
|
||||||
|
[Ben Laurie]
|
||||||
|
|
||||||
|
*) New options added to the 'dgst' utility for signature
|
||||||
|
generation and verification.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
|
*) Unrecognized PKCS#7 content types are now handled via a
|
||||||
|
catch all ASN1_TYPE structure. This allows unsupported
|
||||||
|
types to be stored as a "blob" and an application can
|
||||||
|
encode and decode it manually.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
|
*) Fix various signed/unsigned issues to make a_strex.c
|
||||||
|
compile under VC++.
|
||||||
|
[Oscar Jacobsson <oscar.jacobsson@celocom.com>]
|
||||||
|
|
||||||
|
*) ASN1 fixes. i2d_ASN1_OBJECT was not returning the correct
|
||||||
|
length if passed a buffer. ASN1_INTEGER_to_BN failed
|
||||||
|
if passed a NULL BN and its argument was negative.
|
||||||
|
[Steve Henson, pointed out by Sven Heiberg <sven@tartu.cyber.ee>]
|
||||||
|
|
||||||
|
*) Modification to PKCS#7 encoding routines to output definite
|
||||||
|
length encoding. Since currently the whole structures are in
|
||||||
|
memory there's not real point in using indefinite length
|
||||||
|
constructed encoding. However if OpenSSL is compiled with
|
||||||
|
the flag PKCS7_INDEFINITE_ENCODING the old form is used.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
|
*) Added BIO_vprintf() and BIO_vsnprintf().
|
||||||
|
[Richard Levitte]
|
||||||
|
|
||||||
|
*) Added more prefixes to parse for in the the strings written
|
||||||
|
through a logging bio, to cover all the levels that are available
|
||||||
|
through syslog. The prefixes are now:
|
||||||
|
|
||||||
|
PANIC, EMERG, EMR => LOG_EMERG
|
||||||
|
ALERT, ALR => LOG_ALERT
|
||||||
|
CRIT, CRI => LOG_CRIT
|
||||||
|
ERROR, ERR => LOG_ERR
|
||||||
|
WARNING, WARN, WAR => LOG_WARNING
|
||||||
|
NOTICE, NOTE, NOT => LOG_NOTICE
|
||||||
|
INFO, INF => LOG_INFO
|
||||||
|
DEBUG, DBG => LOG_DEBUG
|
||||||
|
|
||||||
|
and as before, if none of those prefixes are present at the
|
||||||
|
beginning of the string, LOG_ERR is chosen.
|
||||||
|
|
||||||
|
On Win32, the LOG_* levels are mapped according to this:
|
||||||
|
|
||||||
|
LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR => EVENTLOG_ERROR_TYPE
|
||||||
|
LOG_WARNING => EVENTLOG_WARNING_TYPE
|
||||||
|
LOG_NOTICE, LOG_INFO, LOG_DEBUG => EVENTLOG_INFORMATION_TYPE
|
||||||
|
|
||||||
|
[Richard Levitte]
|
||||||
|
|
||||||
|
*) Made it possible to reconfigure with just the configuration
|
||||||
|
argument "reconf" or "reconfigure". The command line arguments
|
||||||
|
are stored in Makefile.ssl in the variable CONFIGURE_ARGS,
|
||||||
|
and are retrieved from there when reconfiguring.
|
||||||
|
[Richard Levitte]
|
||||||
|
|
||||||
|
*) MD4 implemented.
|
||||||
|
[Assar Westerlund <assar@sics.se>, Richard Levitte]
|
||||||
|
|
||||||
|
*) Add the arguments -CAfile and -CApath to the pkcs12 utility.
|
||||||
|
[Richard Levitte]
|
||||||
|
|
||||||
|
*) The obj_dat.pl script was messing up the sorting of object
|
||||||
|
names. The reason was that it compared the quoted version
|
||||||
|
of strings as a result "OCSP" > "OCSP Signing" because
|
||||||
|
" > SPACE. Changed script to store unquoted versions of
|
||||||
|
names and add quotes on output. It was also omitting some
|
||||||
|
names from the lookup table if they were given a default
|
||||||
|
value (that is if SN is missing it is given the same
|
||||||
|
value as LN and vice versa), these are now added on the
|
||||||
|
grounds that if an object has a name we should be able to
|
||||||
|
look it up. Finally added warning output when duplicate
|
||||||
|
short or long names are found.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
|
*) Changes needed for Tandem NSK.
|
||||||
|
[Scott Uroff <scott@xypro.com>]
|
||||||
|
|
||||||
|
*) Fix SSL 2.0 rollback checking: Due to an off-by-one error in
|
||||||
|
RSA_padding_check_SSLv23(), special padding was never detected
|
||||||
|
and thus the SSL 3.0/TLS 1.0 countermeasure against protocol
|
||||||
|
version rollback attacks was not effective.
|
||||||
|
|
||||||
|
In s23_clnt.c, don't use special rollback-attack detection padding
|
||||||
|
(RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the
|
||||||
|
client; similarly, in s23_srvr.c, don't do the rollback check if
|
||||||
|
SSL 2.0 is the only protocol enabled in the server.
|
||||||
|
[Bodo Moeller]
|
||||||
|
|
||||||
|
*) Make it possible to get hexdumps of unprintable data with 'openssl
|
||||||
|
asn1parse'. By implication, the functions ASN1_parse_dump() and
|
||||||
|
BIO_dump_indent() are added.
|
||||||
|
[Richard Levitte]
|
||||||
|
|
||||||
|
*) New functions ASN1_STRING_print_ex() and X509_NAME_print_ex()
|
||||||
|
these print out strings and name structures based on various
|
||||||
|
flags including RFC2253 support and proper handling of
|
||||||
|
multibyte characters. Added options to the 'x509' utility
|
||||||
|
to allow the various flags to be set.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
|
*) Various fixes to use ASN1_TIME instead of ASN1_UTCTIME.
|
||||||
|
Also change the functions X509_cmp_current_time() and
|
||||||
|
X509_gmtime_adj() work with an ASN1_TIME structure,
|
||||||
|
this will enable certificates using GeneralizedTime in validity
|
||||||
|
dates to be checked.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
|
*) Make the NEG_PUBKEY_BUG code (which tolerates invalid
|
||||||
|
negative public key encodings) on by default,
|
||||||
|
NO_NEG_PUBKEY_BUG can be set to disable it.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
|
*) New function c2i_ASN1_OBJECT() which acts on ASN1_OBJECT
|
||||||
|
content octets. An i2c_ASN1_OBJECT is unnecessary because
|
||||||
|
the encoding can be trivially obtained from the structure.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
|
*) crypto/err.c locking bugfix: Use write locks (CRYPTO_w_[un]lock),
|
||||||
|
not read locks (CRYPTO_r_[un]lock).
|
||||||
|
[Bodo Moeller]
|
||||||
|
|
||||||
|
*) A first attempt at creating official support for shared
|
||||||
|
libraries through configuration. I've kept it so the
|
||||||
|
default is static libraries only, and the OpenSSL programs
|
||||||
|
are always statically linked for now, but there are
|
||||||
|
preparations for dynamic linking in place.
|
||||||
|
This has been tested on Linux and True64.
|
||||||
|
[Richard Levitte]
|
||||||
|
|
||||||
|
*) Randomness polling function for Win9x, as described in:
|
||||||
|
Peter Gutmann, Software Generation of Practically Strong
|
||||||
|
Random Numbers.
|
||||||
|
[Ulf Möller]
|
||||||
|
|
||||||
|
*) Fix so PRNG is seeded in req if using an already existing
|
||||||
|
DSA key.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
|
*) New options to smime application. -inform and -outform
|
||||||
|
allow alternative formats for the S/MIME message including
|
||||||
|
PEM and DER. The -content option allows the content to be
|
||||||
|
specified separately. This should allow things like Netscape
|
||||||
|
form signing output easier to verify.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
|
*) Fix the ASN1 encoding of tags using the 'long form'.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
|
*) New ASN1 functions, i2c_* and c2i_* for INTEGER and BIT
|
||||||
|
STRING types. These convert content octets to and from the
|
||||||
|
underlying type. The actual tag and length octets are
|
||||||
|
already assumed to have been read in and checked. These
|
||||||
|
are needed because all other string types have virtually
|
||||||
|
identical handling apart from the tag. By having versions
|
||||||
|
of the ASN1 functions that just operate on content octets
|
||||||
|
IMPLICIT tagging can be handled properly. It also allows
|
||||||
|
the ASN1_ENUMERATED code to be cut down because ASN1_ENUMERATED
|
||||||
|
and ASN1_INTEGER are identical apart from the tag.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
|
*) Change the handling of OID objects as follows:
|
||||||
|
|
||||||
|
- New object identifiers are inserted in objects.txt, following
|
||||||
|
the syntax given in objects.README.
|
||||||
|
- objects.pl is used to process obj_mac.num and create a new
|
||||||
|
obj_mac.h.
|
||||||
|
- obj_dat.pl is used to create a new obj_dat.h, using the data in
|
||||||
|
obj_mac.h.
|
||||||
|
|
||||||
|
This is currently kind of a hack, and the perl code in objects.pl
|
||||||
|
isn't very elegant, but it works as I intended. The simplest way
|
||||||
|
to check that it worked correctly is to look in obj_dat.h and
|
||||||
|
check the array nid_objs and make sure the objects haven't moved
|
||||||
|
around (this is important!). Additions are OK, as well as
|
||||||
|
consistent name changes.
|
||||||
|
[Richard Levitte]
|
||||||
|
|
||||||
|
*) Add BSD-style MD5-based passwords to 'openssl passwd' (option '-1').
|
||||||
|
[Bodo Moeller]
|
||||||
|
|
||||||
|
*) Addition of the command line parameter '-rand file' to 'openssl req'.
|
||||||
|
The given file adds to whatever has already been seeded into the
|
||||||
|
random pool through the RANDFILE configuration file option or
|
||||||
|
environment variable, or the default random state file.
|
||||||
|
[Richard Levitte]
|
||||||
|
|
||||||
|
*) mkstack.pl now sorts each macro group into lexical order.
|
||||||
|
Previously the output order depended on the order the files
|
||||||
|
appeared in the directory, resulting in needless rewriting
|
||||||
|
of safestack.h .
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
|
*) Patches to make OpenSSL compile under Win32 again. Mostly
|
||||||
|
work arounds for the VC++ problem that it treats func() as
|
||||||
|
func(void). Also stripped out the parts of mkdef.pl that
|
||||||
|
added extra typesafe functions: these no longer exist.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
|
*) Reorganisation of the stack code. The macros are now all
|
||||||
|
collected in safestack.h . Each macro is defined in terms of
|
||||||
|
a "stack macro" of the form SKM_<name>(type, a, b). The
|
||||||
|
DEBUG_SAFESTACK is now handled in terms of function casts,
|
||||||
|
this has the advantage of retaining type safety without the
|
||||||
|
use of additional functions. If DEBUG_SAFESTACK is not defined
|
||||||
|
then the non typesafe macros are used instead. Also modified the
|
||||||
|
mkstack.pl script to handle the new form. Needs testing to see
|
||||||
|
if which (if any) compilers it chokes and maybe make DEBUG_SAFESTACK
|
||||||
|
the default if no major problems. Similar behaviour for ASN1_SET_OF
|
||||||
|
and PKCS12_STACK_OF.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
|
*) When some versions of IIS use the 'NET' form of private key the
|
||||||
|
key derivation algorithm is different. Normally MD5(password) is
|
||||||
|
used as a 128 bit RC4 key. In the modified case
|
||||||
|
MD5(MD5(password) + "SGCKEYSALT") is used insted. Added some
|
||||||
|
new functions i2d_RSA_NET(), d2i_RSA_NET() etc which are the same
|
||||||
|
as the old Netscape_RSA functions except they have an additional
|
||||||
|
'sgckey' parameter which uses the modified algorithm. Also added
|
||||||
|
an -sgckey command line option to the rsa utility. Thanks to
|
||||||
|
Adrian Peck <bertie@ncipher.com> for posting details of the modified
|
||||||
|
algorithm to openssl-dev.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
|
*) The evp_local.h macros were using 'c.##kname' which resulted in
|
||||||
|
invalid expansion on some systems (SCO 5.0.5 for example).
|
||||||
|
Corrected to 'c.kname'.
|
||||||
|
[Phillip Porch <root@theporch.com>]
|
||||||
|
|
||||||
|
*) New X509_get1_email() and X509_REQ_get1_email() functions that return
|
||||||
|
a STACK of email addresses from a certificate or request, these look
|
||||||
|
in the subject name and the subject alternative name extensions and
|
||||||
|
omit any duplicate addresses.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
|
*) Re-implement BN_mod_exp2_mont using independent (and larger) windows.
|
||||||
|
This makes DSA verification about 2 % faster.
|
||||||
|
[Bodo Moeller]
|
||||||
|
|
||||||
|
*) Increase maximum window size in BN_mod_exp_... to 6 bits instead of 5
|
||||||
|
(meaning that now 2^5 values will be precomputed, which is only 4 KB
|
||||||
|
plus overhead for 1024 bit moduli).
|
||||||
|
This makes exponentiations about 0.5 % faster for 1024 bit
|
||||||
|
exponents (as measured by "openssl speed rsa2048").
|
||||||
|
[Bodo Moeller]
|
||||||
|
|
||||||
|
*) Rename memory handling macros to avoid conflicts with other
|
||||||
|
software:
|
||||||
|
Malloc => OPENSSL_malloc
|
||||||
|
Malloc_locked => OPENSSL_malloc_locked
|
||||||
|
Realloc => OPENSSL_realloc
|
||||||
|
Free => OPENSSL_free
|
||||||
|
[Richard Levitte]
|
||||||
|
|
||||||
|
*) New function BN_mod_exp_mont_word for small bases (roughly 15%
|
||||||
|
faster than BN_mod_exp_mont, i.e. 7% for a full DH exchange).
|
||||||
|
[Bodo Moeller]
|
||||||
|
|
||||||
|
*) CygWin32 support.
|
||||||
|
[John Jarvie <jjarvie@newsguy.com>]
|
||||||
|
|
||||||
|
*) The type-safe stack code has been rejigged. It is now only compiled
|
||||||
|
in when OpenSSL is configured with the DEBUG_SAFESTACK option and
|
||||||
|
by default all type-specific stack functions are "#define"d back to
|
||||||
|
standard stack functions. This results in more streamlined output
|
||||||
|
but retains the type-safety checking possibilities of the original
|
||||||
|
approach.
|
||||||
|
[Geoff Thorpe]
|
||||||
|
|
||||||
|
*) The STACK code has been cleaned up, and certain type declarations
|
||||||
|
that didn't make a lot of sense have been brought in line. This has
|
||||||
|
also involved a cleanup of sorts in safestack.h to more correctly
|
||||||
|
map type-safe stack functions onto their plain stack counterparts.
|
||||||
|
This work has also resulted in a variety of "const"ifications of
|
||||||
|
lots of the code, especially "_cmp" operations which should normally
|
||||||
|
be prototyped with "const" parameters anyway.
|
||||||
|
[Geoff Thorpe]
|
||||||
|
|
||||||
|
*) When generating bytes for the first time in md_rand.c, 'stir the pool'
|
||||||
|
by seeding with STATE_SIZE dummy bytes (with zero entropy count).
|
||||||
|
(The PRNG state consists of two parts, the large pool 'state' and 'md',
|
||||||
|
where all of 'md' is used each time the PRNG is used, but 'state'
|
||||||
|
is used only indexed by a cyclic counter. As entropy may not be
|
||||||
|
well distributed from the beginning, 'md' is important as a
|
||||||
|
chaining variable. However, the output function chains only half
|
||||||
|
of 'md', i.e. 80 bits. ssleay_rand_add, on the other hand, chains
|
||||||
|
all of 'md', and seeding with STATE_SIZE dummy bytes will result
|
||||||
|
in all of 'state' being rewritten, with the new values depending
|
||||||
|
on virtually all of 'md'. This overcomes the 80 bit limitation.)
|
||||||
|
[Bodo Moeller]
|
||||||
|
|
||||||
|
*) In ssl/s2_clnt.c and ssl/s3_clnt.c, call ERR_clear_error() when
|
||||||
|
the handshake is continued after ssl_verify_cert_chain();
|
||||||
|
otherwise, if SSL_VERIFY_NONE is set, remaining error codes
|
||||||
|
can lead to 'unexplainable' connection aborts later.
|
||||||
|
[Bodo Moeller; problem tracked down by Lutz Jaenicke]
|
||||||
|
|
||||||
|
*) Major EVP API cipher revision.
|
||||||
|
Add hooks for extra EVP features. This allows various cipher
|
||||||
|
parameters to be set in the EVP interface. Support added for variable
|
||||||
|
key length ciphers via the EVP_CIPHER_CTX_set_key_length() function and
|
||||||
|
setting of RC2 and RC5 parameters.
|
||||||
|
|
||||||
|
Modify EVP_OpenInit() and EVP_SealInit() to cope with variable key length
|
||||||
|
ciphers.
|
||||||
|
|
||||||
|
Remove lots of duplicated code from the EVP library. For example *every*
|
||||||
|
cipher init() function handles the 'iv' in the same way according to the
|
||||||
|
cipher mode. They also all do nothing if the 'key' parameter is NULL and
|
||||||
|
for CFB and OFB modes they zero ctx->num.
|
||||||
|
|
||||||
|
New functionality allows removal of S/MIME code RC2 hack.
|
||||||
|
|
||||||
|
Most of the routines have the same form and so can be declared in terms
|
||||||
|
of macros.
|
||||||
|
|
||||||
|
By shifting this to the top level EVP_CipherInit() it can be removed from
|
||||||
|
all individual ciphers. If the cipher wants to handle IVs or keys
|
||||||
|
differently it can set the EVP_CIPH_CUSTOM_IV or EVP_CIPH_ALWAYS_CALL_INIT
|
||||||
|
flags.
|
||||||
|
|
||||||
|
Change lots of functions like EVP_EncryptUpdate() to now return a
|
||||||
|
value: although software versions of the algorithms cannot fail
|
||||||
|
any installed hardware versions can.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
|
*) Implement SSL_OP_TLS_ROLLBACK_BUG: In ssl3_get_client_key_exchange, if
|
||||||
|
this option is set, tolerate broken clients that send the negotiated
|
||||||
|
protocol version number instead of the requested protocol version
|
||||||
|
number.
|
||||||
|
[Bodo Moeller]
|
||||||
|
|
||||||
|
*) Call dh_tmp_cb (set by ..._TMP_DH_CB) with correct 'is_export' flag;
|
||||||
|
i.e. non-zero for export ciphersuites, zero otherwise.
|
||||||
|
Previous versions had this flag inverted, inconsistent with
|
||||||
|
rsa_tmp_cb (..._TMP_RSA_CB).
|
||||||
|
[Bodo Moeller; problem reported by Amit Chopra]
|
||||||
|
|
||||||
|
*) Add missing DSA library text string. Work around for some IIS
|
||||||
|
key files with invalid SEQUENCE encoding.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
|
*) Add a document (doc/standards.txt) that list all kinds of standards
|
||||||
|
and so on that are implemented in OpenSSL.
|
||||||
|
[Richard Levitte]
|
||||||
|
|
||||||
|
*) Enhance c_rehash script. Old version would mishandle certificates
|
||||||
|
with the same subject name hash and wouldn't handle CRLs at all.
|
||||||
|
Added -fingerprint option to crl utility, to support new c_rehash
|
||||||
|
features.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
|
*) Eliminate non-ANSI declarations in crypto.h and stack.h.
|
||||||
|
[Ulf Möller]
|
||||||
|
|
||||||
|
*) Fix for SSL server purpose checking. Server checking was
|
||||||
|
rejecting certificates which had extended key usage present
|
||||||
|
but no ssl client purpose.
|
||||||
|
[Steve Henson, reported by Rene Grosser <grosser@hisolutions.com>]
|
||||||
|
|
||||||
|
*) Make PKCS#12 code work with no password. The PKCS#12 spec
|
||||||
|
is a little unclear about how a blank password is handled.
|
||||||
|
Since the password in encoded as a BMPString with terminating
|
||||||
|
double NULL a zero length password would end up as just the
|
||||||
|
double NULL. However no password at all is different and is
|
||||||
|
handled differently in the PKCS#12 key generation code. NS
|
||||||
|
treats a blank password as zero length. MSIE treats it as no
|
||||||
|
password on export: but it will try both on import. We now do
|
||||||
|
the same: PKCS12_parse() tries zero length and no password if
|
||||||
|
the password is set to "" or NULL (NULL is now a valid password:
|
||||||
|
it wasn't before) as does the pkcs12 application.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
|
*) Bugfixes in apps/x509.c: Avoid a memory leak; and don't use
|
||||||
|
perror when PEM_read_bio_X509_REQ fails, the error message must
|
||||||
|
be obtained from the error queue.
|
||||||
|
[Bodo Moeller]
|
||||||
|
|
||||||
|
*) Avoid 'thread_hash' memory leak in crypto/err/err.c by freeing
|
||||||
|
it in ERR_remove_state if appropriate, and change ERR_get_state
|
||||||
|
accordingly to avoid race conditions (this is necessary because
|
||||||
|
thread_hash is no longer constant once set).
|
||||||
|
[Bodo Moeller]
|
||||||
|
|
||||||
|
*) Bugfix for linux-elf makefile.one.
|
||||||
|
[Ulf Möller]
|
||||||
|
|
||||||
|
*) RSA_get_default_method() will now cause a default
|
||||||
|
RSA_METHOD to be chosen if one doesn't exist already.
|
||||||
|
Previously this was only set during a call to RSA_new()
|
||||||
|
or RSA_new_method(NULL) meaning it was possible for
|
||||||
|
RSA_get_default_method() to return NULL.
|
||||||
|
[Geoff Thorpe]
|
||||||
|
|
||||||
|
*) Added native name translation to the existing DSO code
|
||||||
|
that will convert (if the flag to do so is set) filenames
|
||||||
|
that are sufficiently small and have no path information
|
||||||
|
into a canonical native form. Eg. "blah" converted to
|
||||||
|
"libblah.so" or "blah.dll" etc.
|
||||||
|
[Geoff Thorpe]
|
||||||
|
|
||||||
|
*) New function ERR_error_string_n(e, buf, len) which is like
|
||||||
|
ERR_error_string(e, buf), but writes at most 'len' bytes
|
||||||
|
including the 0 terminator. For ERR_error_string_n, 'buf'
|
||||||
|
may not be NULL.
|
||||||
|
[Damien Miller <djm@mindrot.org>, Bodo Moeller]
|
||||||
|
|
||||||
|
*) CONF library reworked to become more general. A new CONF
|
||||||
|
configuration file reader "class" is implemented as well as a
|
||||||
|
new functions (NCONF_*, for "New CONF") to handle it. The now
|
||||||
|
old CONF_* functions are still there, but are reimplemented to
|
||||||
|
work in terms of the new functions. Also, a set of functions
|
||||||
|
to handle the internal storage of the configuration data is
|
||||||
|
provided to make it easier to write new configuration file
|
||||||
|
reader "classes" (I can definitely see something reading a
|
||||||
|
configuration file in XML format, for example), called _CONF_*,
|
||||||
|
or "the configuration storage API"...
|
||||||
|
|
||||||
|
The new configuration file reading functions are:
|
||||||
|
|
||||||
|
NCONF_new, NCONF_free, NCONF_load, NCONF_load_fp, NCONF_load_bio,
|
||||||
|
NCONF_get_section, NCONF_get_string, NCONF_get_numbre
|
||||||
|
|
||||||
|
NCONF_default, NCONF_WIN32
|
||||||
|
|
||||||
|
NCONF_dump_fp, NCONF_dump_bio
|
||||||
|
|
||||||
|
NCONF_default and NCONF_WIN32 are method (or "class") choosers,
|
||||||
|
NCONF_new creates a new CONF object. This works in the same way
|
||||||
|
as other interfaces in OpenSSL, like the BIO interface.
|
||||||
|
NCONF_dump_* dump the internal storage of the configuration file,
|
||||||
|
which is useful for debugging. All other functions take the same
|
||||||
|
arguments as the old CONF_* functions wth the exception of the
|
||||||
|
first that must be a `CONF *' instead of a `LHASH *'.
|
||||||
|
|
||||||
|
To make it easer to use the new classes with the old CONF_* functions,
|
||||||
|
the function CONF_set_default_method is provided.
|
||||||
|
[Richard Levitte]
|
||||||
|
|
||||||
|
*) Add '-tls1' option to 'openssl ciphers', which was already
|
||||||
|
mentioned in the documentation but had not been implemented.
|
||||||
|
(This option is not yet really useful because even the additional
|
||||||
|
experimental TLS 1.0 ciphers are currently treated as SSL 3.0 ciphers.)
|
||||||
|
[Bodo Moeller]
|
||||||
|
|
||||||
|
*) Initial DSO code added into libcrypto for letting OpenSSL (and
|
||||||
|
OpenSSL-based applications) load shared libraries and bind to
|
||||||
|
them in a portable way.
|
||||||
|
[Geoff Thorpe, with contributions from Richard Levitte]
|
||||||
|
|
||||||
Changes between 0.9.5 and 0.9.5a [1 Apr 2000]
|
Changes between 0.9.5 and 0.9.5a [1 Apr 2000]
|
||||||
|
|
||||||
*) Make sure _lrotl and _lrotr are only used with MSVC.
|
*) Make sure _lrotl and _lrotr are only used with MSVC.
|
||||||
@ -643,11 +1315,11 @@
|
|||||||
|
|
||||||
With these changes, a new set of functions and macros have appeared:
|
With these changes, a new set of functions and macros have appeared:
|
||||||
|
|
||||||
CRYPTO_set_mem_debug_functions() [F]
|
CRYPTO_set_mem_debug_functions() [F]
|
||||||
CRYPTO_get_mem_debug_functions() [F]
|
CRYPTO_get_mem_debug_functions() [F]
|
||||||
CRYPTO_dbg_set_options() [F]
|
CRYPTO_dbg_set_options() [F]
|
||||||
CRYPTO_dbg_get_options() [F]
|
CRYPTO_dbg_get_options() [F]
|
||||||
CRYPTO_malloc_debug_init() [M]
|
CRYPTO_malloc_debug_init() [M]
|
||||||
|
|
||||||
The memory debug functions are NULL by default, unless the library
|
The memory debug functions are NULL by default, unless the library
|
||||||
is compiled with CRYPTO_MDEBUG or friends is defined. If someone
|
is compiled with CRYPTO_MDEBUG or friends is defined. If someone
|
||||||
|
@ -10,7 +10,7 @@ use strict;
|
|||||||
|
|
||||||
# see INSTALL for instructions.
|
# see INSTALL for instructions.
|
||||||
|
|
||||||
my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [rsaref] [no-threads] [no-asm] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n";
|
my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n";
|
||||||
|
|
||||||
# Options:
|
# Options:
|
||||||
#
|
#
|
||||||
@ -27,11 +27,17 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-
|
|||||||
# [no-]threads [don't] try to create a library that is suitable for
|
# [no-]threads [don't] try to create a library that is suitable for
|
||||||
# multithreaded applications (default is "threads" if we
|
# multithreaded applications (default is "threads" if we
|
||||||
# know how to do it)
|
# know how to do it)
|
||||||
|
# [no-]shared [don't] try to create shared libraries when supported.
|
||||||
# no-asm do not use assembler
|
# no-asm do not use assembler
|
||||||
|
# no-dso do not compile in any native shared-library methods. This
|
||||||
|
# will ensure that all methods just return NULL.
|
||||||
# 386 generate 80386 code
|
# 386 generate 80386 code
|
||||||
# no-<cipher> build without specified algorithm (rsa, idea, rc5, ...)
|
# no-<cipher> build without specified algorithm (rsa, idea, rc5, ...)
|
||||||
# -<xxx> +<xxx> compiler options are passed through
|
# -<xxx> +<xxx> compiler options are passed through
|
||||||
#
|
#
|
||||||
|
# DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items
|
||||||
|
# provided to stack calls. Generates unique stack functions for
|
||||||
|
# each possible stack type.
|
||||||
# DES_PTR use pointer lookup vs arrays in the DES in crypto/des/des_locl.h
|
# DES_PTR use pointer lookup vs arrays in the DES in crypto/des/des_locl.h
|
||||||
# DES_RISC1 use different DES_ENCRYPT macro that helps reduce register
|
# DES_RISC1 use different DES_ENCRYPT macro that helps reduce register
|
||||||
# dependancies but needs to more registers, good for RISC CPU's
|
# dependancies but needs to more registers, good for RISC CPU's
|
||||||
@ -86,9 +92,13 @@ my $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:as
|
|||||||
# -DB_ENDIAN slows things down on a sparc for md5, but helps sha1.
|
# -DB_ENDIAN slows things down on a sparc for md5, but helps sha1.
|
||||||
# So the md5_locl.h file has an undef B_ENDIAN if sun is defined
|
# So the md5_locl.h file has an undef B_ENDIAN if sun is defined
|
||||||
|
|
||||||
#config-string $cc : $cflags : $unistd : $thread_cflag : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj
|
#config-string $cc : $cflags : $unistd : $thread_cflag : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag
|
||||||
|
|
||||||
my %table=(
|
my %table=(
|
||||||
|
# File 'TABLE' (created by 'make TABLE') contains the data from this list,
|
||||||
|
# formatted for better readability.
|
||||||
|
|
||||||
|
|
||||||
#"b", "${tcc}:${tflags}::${tlib}:${bits1}:${tbn_mul}::",
|
#"b", "${tcc}:${tflags}::${tlib}:${bits1}:${tbn_mul}::",
|
||||||
#"bl-4c-2c", "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:${tbn_mul}::",
|
#"bl-4c-2c", "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:${tbn_mul}::",
|
||||||
#"bl-4c-ri", "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:${tbn_mul}::",
|
#"bl-4c-ri", "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:${tbn_mul}::",
|
||||||
@ -96,15 +106,15 @@ my %table=(
|
|||||||
|
|
||||||
# Our development configs
|
# Our development configs
|
||||||
"purify", "purify gcc:-g -DPURIFY -Wall::(unknown):-lsocket -lnsl::::",
|
"purify", "purify gcc:-g -DPURIFY -Wall::(unknown):-lsocket -lnsl::::",
|
||||||
"debug", "gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown):-lefence::::",
|
"debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown):-lefence::::",
|
||||||
"debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
|
"debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
|
||||||
"debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
|
"debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
|
||||||
"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown):::::",
|
"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown):::::",
|
||||||
"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
|
"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
|
||||||
"debug-bodo", "gcc:-DBIO_PAIR_DEBUG -DL_ENDIAN -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
|
"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
|
||||||
"debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
|
"debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
|
||||||
"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
|
"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
|
||||||
"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:::",
|
"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn",
|
||||||
"dist", "cc:-O::(unknown):::::",
|
"dist", "cc:-O::(unknown):::::",
|
||||||
|
|
||||||
# Basic configs that should work on any (32 and less bit) box
|
# Basic configs that should work on any (32 and less bit) box
|
||||||
@ -117,32 +127,32 @@ my %table=(
|
|||||||
# surrounds it with #APP #NO_APP comment pair which (at least Solaris
|
# surrounds it with #APP #NO_APP comment pair which (at least Solaris
|
||||||
# 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
|
# 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
|
||||||
# error message.
|
# error message.
|
||||||
"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}",
|
"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:solaris-shared:-fPIC",
|
||||||
|
|
||||||
#### SPARC Solaris with GNU C setups
|
#### SPARC Solaris with GNU C setups
|
||||||
"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
|
"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC",
|
||||||
"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o::",
|
"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC",
|
||||||
"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:",
|
"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC",
|
||||||
# gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8
|
# gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8
|
||||||
# but keep the assembler modules.
|
# but keep the assembler modules.
|
||||||
"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o:",
|
"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC",
|
||||||
####
|
####
|
||||||
"debug-solaris-sparcv8-gcc","gcc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o::",
|
"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC",
|
||||||
"debug-solaris-sparcv9-gcc","gcc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o::",
|
"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:solaris-shared:-fPIC",
|
||||||
|
|
||||||
#### SPARC Solaris with Sun C setups
|
#### SPARC Solaris with Sun C setups
|
||||||
# DO NOT use /xO[34] on sparc with SC3.0. It is broken, and will not pass the tests
|
# DO NOT use /xO[34] on sparc with SC3.0. It is broken, and will not pass the tests
|
||||||
"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:::",
|
"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC",
|
||||||
# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
|
# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
|
||||||
# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
|
# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
|
||||||
# SC5.0 note: Compiler common patch 107357-01 or later is required!
|
# SC5.0 note: Compiler common patch 107357-01 or later is required!
|
||||||
"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::",
|
"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC",
|
||||||
"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o::",
|
"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC",
|
||||||
"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:",
|
"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC",
|
||||||
"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:",
|
"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC",
|
||||||
####
|
####
|
||||||
"debug-solaris-sparcv8-cc","cc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o::",
|
"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC",
|
||||||
"debug-solaris-sparcv9-cc","cc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:",
|
"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC",
|
||||||
|
|
||||||
#### SPARC Linux setups
|
#### SPARC Linux setups
|
||||||
"linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
|
"linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
|
||||||
@ -168,11 +178,11 @@ my %table=(
|
|||||||
# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
|
# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
|
||||||
# './Configure irix-[g]cc' manually.
|
# './Configure irix-[g]cc' manually.
|
||||||
# -mips4 flag is added by ./config when appropriate.
|
# -mips4 flag is added by ./config when appropriate.
|
||||||
"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::(unknown)::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
|
"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
|
||||||
"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::(unknown)::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
|
"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
|
||||||
# N64 ABI builds.
|
# N64 ABI builds.
|
||||||
"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::(unknown)::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::",
|
"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::",
|
||||||
"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::(unknown)::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::",
|
"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::",
|
||||||
|
|
||||||
#### Unified HP-UX ANSI C configs.
|
#### Unified HP-UX ANSI C configs.
|
||||||
# Special notes:
|
# Special notes:
|
||||||
@ -202,34 +212,43 @@ my %table=(
|
|||||||
# crypto/sha/sha_lcl.h.
|
# crypto/sha/sha_lcl.h.
|
||||||
# <appro@fy.chalmers.se>
|
# <appro@fy.chalmers.se>
|
||||||
#
|
#
|
||||||
"hpux-parisc-cc","cc:-Ae +O3 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
|
#!#"hpux-parisc-cc","cc:-Ae +O3 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
|
||||||
# Since there is mention of this in shlib/hpux10-cc.sh
|
# Since there is mention of this in shlib/hpux10-cc.sh
|
||||||
"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
|
"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
|
||||||
"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
|
"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
|
||||||
"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:::",
|
"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn",
|
||||||
|
|
||||||
|
# More attempts at unified 10.X and 11.X targets for HP C compiler.
|
||||||
|
#
|
||||||
|
# Chris Ruemmler <ruemmler@cup.hp.com>
|
||||||
|
# Kevin Steves <ks@hp.se>
|
||||||
|
"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl",
|
||||||
|
"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl",
|
||||||
|
"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn",
|
||||||
|
"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl",
|
||||||
|
|
||||||
# HPUX 9.X config.
|
# HPUX 9.X config.
|
||||||
# Don't use the bundled cc. It is broken. Use HP ANSI C if possible, or
|
# Don't use the bundled cc. It is broken. Use HP ANSI C if possible, or
|
||||||
# egcs. gcc 2.8.1 is also broken.
|
# egcs. gcc 2.8.1 is also broken.
|
||||||
|
|
||||||
"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown)::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
|
"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
|
||||||
# If hpux-cc fails (e.g. during "make test"), try the next one; otherwise,
|
# If hpux-cc fails (e.g. during "make test"), try the next one; otherwise,
|
||||||
# please report your OS and compiler version to the openssl-bugs@openssl.org
|
# please report your OS and compiler version to the openssl-bugs@openssl.org
|
||||||
# mailing list.
|
# mailing list.
|
||||||
"hpux-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown)::DES_PTR DES_UNROLL DES_RISC1:::",
|
"hpux-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
|
||||||
|
|
||||||
"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
|
"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
|
||||||
# If hpux-gcc fails, try this one:
|
# If hpux-gcc fails, try this one:
|
||||||
"hpux-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::DES_PTR DES_UNROLL DES_RISC1:::",
|
"hpux-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
|
||||||
|
|
||||||
# HPUX 10.X config. Supports threads.
|
# HPUX 10.X config. Supports threads.
|
||||||
"hpux10-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
|
"hpux10-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
|
||||||
# If hpux10-cc fails, try this one (if still fails, try deleting BN_LLONG):
|
# If hpux10-cc fails, try this one (if still fails, try deleting BN_LLONG):
|
||||||
"hpux10-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
|
"hpux10-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
|
||||||
|
|
||||||
"hpux10-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
|
"hpux10-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
|
||||||
# If hpux10-gcc fails, try this one:
|
# If hpux10-gcc fails, try this one:
|
||||||
"hpux10-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::DES_PTR DES_UNROLL DES_RISC1:::",
|
"hpux10-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
|
||||||
|
|
||||||
# HPUX 11.X from www.globus.org.
|
# HPUX 11.X from www.globus.org.
|
||||||
# Only works on PA-RISC 2.0 cpus, and not optimized. Why?
|
# Only works on PA-RISC 2.0 cpus, and not optimized. Why?
|
||||||
@ -237,13 +256,16 @@ my %table=(
|
|||||||
#"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::",
|
#"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::",
|
||||||
# Use unified settings above instead.
|
# Use unified settings above instead.
|
||||||
|
|
||||||
|
#### HP MPE/iX http://jazz.external.hp.com/src/openssl/
|
||||||
|
"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -DMPE -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
|
||||||
|
|
||||||
# Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with
|
# Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with
|
||||||
# the new compiler
|
# the new compiler
|
||||||
# For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
|
# For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
|
||||||
"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:asm/alpha.o::",
|
"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:asm/alpha.o:::::::::dlfcn:true64-shared",
|
||||||
"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o::",
|
"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:true64-shared",
|
||||||
"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o::",
|
"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:true64-shared",
|
||||||
"FreeBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2:::",
|
"FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2:::",
|
||||||
|
|
||||||
#### Alpha Linux with GNU C and Compaq C setups
|
#### Alpha Linux with GNU C and Compaq C setups
|
||||||
# Special notes:
|
# Special notes:
|
||||||
@ -258,21 +280,23 @@ my %table=(
|
|||||||
#
|
#
|
||||||
# <appro@fy.chalmers.se>
|
# <appro@fy.chalmers.se>
|
||||||
#
|
#
|
||||||
"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::",
|
"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::",
|
||||||
"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::",
|
"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::",
|
||||||
"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::",
|
"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::",
|
||||||
"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::",
|
"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::",
|
||||||
|
|
||||||
# assembler versions -- currently defunct:
|
# assembler versions -- currently defunct:
|
||||||
##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:asm/alpha.o::",
|
##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:asm/alpha.o::",
|
||||||
|
|
||||||
# The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
|
# The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
|
||||||
# bn86-elf.o file file since it is hand tweaked assembler.
|
# bn86-elf.o file file since it is hand tweaked assembler.
|
||||||
"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
|
"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",
|
||||||
"debug-linux-elf","gcc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
|
"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
|
||||||
|
"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
|
||||||
"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
|
"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
|
||||||
"linux-mips", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
|
"linux-mips", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
|
||||||
"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
|
"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
|
||||||
|
"linux-m68k", "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
|
||||||
"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::SIXTY_FOUR_BIT_LONG::",
|
"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::SIXTY_FOUR_BIT_LONG::",
|
||||||
"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
|
"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
|
||||||
"NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
|
"NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
|
||||||
@ -286,6 +310,12 @@ my %table=(
|
|||||||
# NCR MP-RAS UNIX ver 02.03.01
|
# NCR MP-RAS UNIX ver 02.03.01
|
||||||
"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown):-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",
|
"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown):-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",
|
||||||
|
|
||||||
|
# QNX 4
|
||||||
|
"qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown)::${x86_gcc_des} ${x86_gcc_opts}:",
|
||||||
|
|
||||||
|
# Linux on ARM
|
||||||
|
"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC",
|
||||||
|
|
||||||
# UnixWare 2.0
|
# UnixWare 2.0
|
||||||
"unixware-2.0","cc:-O -DFILIO_H::(unknown):-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",
|
"unixware-2.0","cc:-O -DFILIO_H::(unknown):-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",
|
||||||
"unixware-2.0-pentium","cc:-O -DFILIO_H -Kpentium -Kthread::(unknown):-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
|
"unixware-2.0-pentium","cc:-O -DFILIO_H -Kpentium -Kthread::(unknown):-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
|
||||||
@ -294,7 +324,7 @@ my %table=(
|
|||||||
"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
|
"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
|
||||||
|
|
||||||
# IBM's AIX.
|
# IBM's AIX.
|
||||||
"aix-cc", "cc:-O -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::",
|
"aix-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR:::",
|
||||||
"aix-gcc", "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::",
|
"aix-gcc", "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::",
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -341,22 +371,24 @@ my %table=(
|
|||||||
|
|
||||||
# Windows NT, Microsoft Visual C++ 4.0
|
# Windows NT, Microsoft Visual C++ 4.0
|
||||||
|
|
||||||
"VC-NT","cl:::::BN_LLONG RC4_INDEX ${x86_gcc_opts}:::",
|
"VC-NT","cl:::::BN_LLONG RC4_INDEX ${x86_gcc_opts}::::::::::win32",
|
||||||
"VC-WIN32","cl:::::BN_LLONG RC4_INDEX ${x86_gcc_opts}:::",
|
"VC-WIN32","cl:::::BN_LLONG RC4_INDEX ${x86_gcc_opts}::::::::::win32",
|
||||||
"VC-WIN16","cl:::(unknown)::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
|
"VC-WIN16","cl:::(unknown)::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
|
||||||
"VC-W31-16","cl:::(unknown)::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
|
"VC-W31-16","cl:::(unknown)::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
|
||||||
"VC-W31-32","cl:::::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
|
"VC-W31-32","cl:::::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
|
||||||
"VC-MSDOS","cl:::(unknown)::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
|
"VC-MSDOS","cl:::(unknown)::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
|
||||||
|
|
||||||
# Borland C++ 4.5
|
# Borland C++ 4.5
|
||||||
"BC-32","bcc32:::::BN_LLONG DES_PTR RC4_INDEX:::",
|
"BC-32","bcc32:::::BN_LLONG DES_PTR RC4_INDEX::::::::::win32",
|
||||||
"BC-16","bcc:::(unknown)::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",
|
"BC-16","bcc:::(unknown)::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",
|
||||||
|
|
||||||
# CygWin32
|
# Mingw32
|
||||||
# (Note: the real CFLAGS for Windows builds are defined by util/mk1mf.pl
|
# (Note: the real CFLAGS for Windows builds are defined by util/mk1mf.pl
|
||||||
# and its library files in util/pl/*)
|
# and its library files in util/pl/*)
|
||||||
"CygWin32", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:",
|
"Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
|
||||||
"Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:",
|
|
||||||
|
# CygWin32
|
||||||
|
"CygWin32", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
|
||||||
|
|
||||||
# Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
|
# Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
|
||||||
"ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::::::",
|
"ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::::::",
|
||||||
@ -366,24 +398,29 @@ my %table=(
|
|||||||
|
|
||||||
# Some OpenBSD from Bob Beck <beck@obtuse.com>
|
# Some OpenBSD from Bob Beck <beck@obtuse.com>
|
||||||
"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:::",
|
"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:::",
|
||||||
"OpenBSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
|
"OpenBSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn",
|
||||||
"OpenBSD", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL:::",
|
"OpenBSD", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL:::",
|
||||||
"OpenBSD-mips","gcc:-O2 -DL_ENDIAN::(unknown):BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::",
|
"OpenBSD-mips","gcc:-O2 -DL_ENDIAN::(unknown):BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::",
|
||||||
|
|
||||||
##### MacOS X (a.k.a. Rhapsody) setup
|
##### MacOS X (a.k.a. Rhapsody) setup
|
||||||
"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
|
"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
|
||||||
|
|
||||||
|
##### Sony NEWS-OS 4.x
|
||||||
|
"newsos4-gcc","gcc:-O -DB_ENDIAN -DNEWS4::(unknown):-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",
|
||||||
|
|
||||||
);
|
);
|
||||||
|
|
||||||
my @WinTargets=qw(VC-NT VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS BC-32
|
my @WinTargets=qw(VC-NT VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS BC-32
|
||||||
BC-16 CygWin32 Mingw32);
|
BC-16 Mingw32);
|
||||||
|
|
||||||
my $prefix="";
|
my $prefix="";
|
||||||
my $openssldir="";
|
my $openssldir="";
|
||||||
my $install_prefix="";
|
my $install_prefix="";
|
||||||
my $no_threads=0;
|
my $no_threads=0;
|
||||||
|
my $no_shared=1;
|
||||||
my $threads=0;
|
my $threads=0;
|
||||||
my $no_asm=0;
|
my $no_asm=0;
|
||||||
|
my $no_dso=0;
|
||||||
my @skip=();
|
my @skip=();
|
||||||
my $Makefile="Makefile.ssl";
|
my $Makefile="Makefile.ssl";
|
||||||
my $des_locl="crypto/des/des_locl.h";
|
my $des_locl="crypto/des/des_locl.h";
|
||||||
@ -414,95 +451,149 @@ $perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
|
|||||||
|
|
||||||
&usage if ($#ARGV < 0);
|
&usage if ($#ARGV < 0);
|
||||||
|
|
||||||
my $flags="";
|
my $flags;
|
||||||
my $depflags="";
|
my $depflags;
|
||||||
my $openssl_algorithm_defines="";
|
my $openssl_algorithm_defines;
|
||||||
my $openssl_thread_defines="";
|
my $openssl_thread_defines;
|
||||||
my $openssl_other_defines="";
|
my $openssl_other_defines;
|
||||||
my $libs="";
|
my $libs;
|
||||||
my $target="";
|
my $target;
|
||||||
my $options="";
|
my $options;
|
||||||
foreach (@ARGV)
|
my $symlink;
|
||||||
|
|
||||||
|
my @argvcopy=@ARGV;
|
||||||
|
my $argvstring="";
|
||||||
|
my $argv_unprocessed=1;
|
||||||
|
|
||||||
|
while($argv_unprocessed)
|
||||||
{
|
{
|
||||||
s /^-no-/no-/; # some people just can't read the instructions
|
$flags="";
|
||||||
if (/^no-asm$/)
|
$depflags="";
|
||||||
{
|
$openssl_algorithm_defines="";
|
||||||
$no_asm=1;
|
$openssl_thread_defines="";
|
||||||
$flags .= "-DNO_ASM ";
|
$openssl_other_defines="";
|
||||||
$openssl_other_defines .= "#define NO_ASM\n";
|
$libs="";
|
||||||
}
|
$target="";
|
||||||
elsif (/^no-threads$/)
|
$options="";
|
||||||
{ $no_threads=1; }
|
$symlink=1;
|
||||||
elsif (/^threads$/)
|
|
||||||
{ $threads=1; }
|
$argv_unprocessed=0;
|
||||||
elsif (/^no-(.+)$/)
|
$argvstring=join(' ',@argvcopy);
|
||||||
|
|
||||||
|
PROCESS_ARGS:
|
||||||
|
foreach (@argvcopy)
|
||||||
{
|
{
|
||||||
my $algo=$1;
|
s /^-no-/no-/; # some people just can't read the instructions
|
||||||
push @skip,$algo;
|
if (/^no-asm$/)
|
||||||
$algo =~ tr/[a-z]/[A-Z]/;
|
{
|
||||||
$flags .= "-DNO_$algo ";
|
$no_asm=1;
|
||||||
$depflags .= "-DNO_$algo ";
|
$flags .= "-DNO_ASM ";
|
||||||
$openssl_algorithm_defines .= "#define NO_$algo\n";
|
$openssl_other_defines .= "#define NO_ASM\n";
|
||||||
if ($algo eq "DES")
|
|
||||||
{
|
|
||||||
push @skip, "mdc2";
|
|
||||||
$options .= " no-mdc2";
|
|
||||||
$flags .= "-DNO_MDC2 ";
|
|
||||||
$depflags .= "-DNO_MDC2 ";
|
|
||||||
$openssl_algorithm_defines .= "#define NO_MDC2\n";
|
|
||||||
}
|
}
|
||||||
}
|
elsif (/^no-dso$/)
|
||||||
elsif (/^386$/)
|
{ $no_dso=1; }
|
||||||
{ $processor=386; }
|
elsif (/^no-threads$/)
|
||||||
elsif (/^rsaref$/)
|
{ $no_threads=1; }
|
||||||
{
|
elsif (/^threads$/)
|
||||||
$libs.= "-lRSAglue -lrsaref ";
|
{ $threads=1; }
|
||||||
$flags.= "-DRSAref ";
|
elsif (/^no-shared$/)
|
||||||
$openssl_other_defines .= "#define RSAref\n";
|
{ $no_shared=1; }
|
||||||
}
|
elsif (/^shared$/)
|
||||||
elsif (/^[-+]/)
|
{ $no_shared=0; }
|
||||||
{
|
elsif (/^no-symlinks$/)
|
||||||
if (/^-[lL](.*)$/)
|
{ $symlink=0; }
|
||||||
|
elsif (/^no-(.+)$/)
|
||||||
{
|
{
|
||||||
$libs.=$_." ";
|
my $algo=$1;
|
||||||
|
push @skip,$algo;
|
||||||
|
$algo =~ tr/[a-z]/[A-Z]/;
|
||||||
|
$flags .= "-DNO_$algo ";
|
||||||
|
$depflags .= "-DNO_$algo ";
|
||||||
|
$openssl_algorithm_defines .= "#define NO_$algo\n";
|
||||||
|
if ($algo eq "DES")
|
||||||
|
{
|
||||||
|
push @skip, "mdc2";
|
||||||
|
$options .= " no-mdc2";
|
||||||
|
$flags .= "-DNO_MDC2 ";
|
||||||
|
$depflags .= "-DNO_MDC2 ";
|
||||||
|
$openssl_algorithm_defines .= "#define NO_MDC2\n";
|
||||||
|
}
|
||||||
}
|
}
|
||||||
elsif (/^-[^-]/ or /^\+/)
|
elsif (/^reconfigure/ || /^reconf/)
|
||||||
{
|
{
|
||||||
$flags.=$_." ";
|
if (open(IN,"<$Makefile"))
|
||||||
|
{
|
||||||
|
while (<IN>)
|
||||||
|
{
|
||||||
|
chop;
|
||||||
|
if (/^CONFIGURE_ARGS=(.*)/)
|
||||||
|
{
|
||||||
|
$argvstring=$1;
|
||||||
|
@argvcopy=split(' ',$argvstring);
|
||||||
|
die "Incorrect data to reconfigure, please do a normal configuration\n"
|
||||||
|
if (grep(/^reconf/,@argvcopy));
|
||||||
|
print "Reconfiguring with: $argvstring\n";
|
||||||
|
$argv_unprocessed=1;
|
||||||
|
close(IN);
|
||||||
|
last PROCESS_ARGS;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
close(IN);
|
||||||
|
}
|
||||||
|
die "Insufficient data to reconfigure, please do a normal configuration\n";
|
||||||
}
|
}
|
||||||
elsif (/^--prefix=(.*)$/)
|
elsif (/^386$/)
|
||||||
|
{ $processor=386; }
|
||||||
|
elsif (/^rsaref$/)
|
||||||
{
|
{
|
||||||
$prefix=$1;
|
$libs.= "-lRSAglue -lrsaref ";
|
||||||
|
$flags.= "-DRSAref ";
|
||||||
|
$openssl_other_defines .= "#define RSAref\n";
|
||||||
}
|
}
|
||||||
elsif (/^--openssldir=(.*)$/)
|
elsif (/^[-+]/)
|
||||||
{
|
{
|
||||||
$openssldir=$1;
|
if (/^-[lL](.*)$/)
|
||||||
|
{
|
||||||
|
$libs.=$_." ";
|
||||||
|
}
|
||||||
|
elsif (/^-[^-]/ or /^\+/)
|
||||||
|
{
|
||||||
|
$flags.=$_." ";
|
||||||
|
}
|
||||||
|
elsif (/^--prefix=(.*)$/)
|
||||||
|
{
|
||||||
|
$prefix=$1;
|
||||||
|
}
|
||||||
|
elsif (/^--openssldir=(.*)$/)
|
||||||
|
{
|
||||||
|
$openssldir=$1;
|
||||||
|
}
|
||||||
|
elsif (/^--install.prefix=(.*)$/)
|
||||||
|
{
|
||||||
|
$install_prefix=$1;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
print STDERR $usage;
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
elsif (/^--install.prefix=(.*)$/)
|
elsif ($_ =~ /^([^:]+):(.+)$/)
|
||||||
{
|
{
|
||||||
$install_prefix=$1;
|
eval "\$table{\$1} = \"$2\""; # allow $xxx constructs in the string
|
||||||
|
$target=$1;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
print STDERR $usage;
|
die "target already defined - $target\n" if ($target ne "");
|
||||||
exit(1);
|
$target=$_;
|
||||||
|
}
|
||||||
|
unless ($_ eq $target) {
|
||||||
|
if ($options eq "") {
|
||||||
|
$options = $_;
|
||||||
|
} else {
|
||||||
|
$options .= " ".$_;
|
||||||
}
|
}
|
||||||
}
|
|
||||||
elsif ($_ =~ /^([^:]+):(.+)$/)
|
|
||||||
{
|
|
||||||
eval "\$table{\$1} = \"$2\""; # allow $xxx constructs in the string
|
|
||||||
$target=$1;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
die "target already defined - $target\n" if ($target ne "");
|
|
||||||
$target=$_;
|
|
||||||
}
|
|
||||||
unless ($_ eq $target) {
|
|
||||||
if ($options eq "") {
|
|
||||||
$options = $_;
|
|
||||||
} else {
|
|
||||||
$options .= " ".$_;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -522,6 +613,8 @@ if ($target eq "LIST") {
|
|||||||
exit 0;
|
exit 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
print "Configuring for $target\n";
|
||||||
|
|
||||||
&usage if (!defined($table{$target}));
|
&usage if (!defined($table{$target}));
|
||||||
|
|
||||||
my $IsWindows=scalar grep /^$target$/,@WinTargets;
|
my $IsWindows=scalar grep /^$target$/,@WinTargets;
|
||||||
@ -539,10 +632,39 @@ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /^\//;
|
|||||||
print "IsWindows=$IsWindows\n";
|
print "IsWindows=$IsWindows\n";
|
||||||
|
|
||||||
(my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
|
(my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
|
||||||
$md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj)=
|
$md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag)=
|
||||||
split(/\s*:\s*/,$table{$target} . ":" x 20 , -1);
|
split(/\s*:\s*/,$table{$target} . ":" x 22 , -1);
|
||||||
$cflags="$flags$cflags" if ($flags ne "");
|
$cflags="$flags$cflags" if ($flags ne "");
|
||||||
|
|
||||||
|
# The DSO code currently always implements all functions so that no
|
||||||
|
# applications will have to worry about that from a compilation point
|
||||||
|
# of view. However, the "method"s may return zero unless that platform
|
||||||
|
# has support compiled in for them. Currently each method is enabled
|
||||||
|
# by a define "DSO_<name>" ... we translate the "dso_scheme" config
|
||||||
|
# string entry into using the following logic;
|
||||||
|
my $dso_cflags;
|
||||||
|
if (!$no_dso && $dso_scheme ne "")
|
||||||
|
{
|
||||||
|
$dso_scheme =~ tr/[a-z]/[A-Z]/;
|
||||||
|
if ($dso_scheme eq "DLFCN")
|
||||||
|
{
|
||||||
|
$dso_cflags = "-DDSO_DLFCN -DHAVE_DLFCN_H";
|
||||||
|
$openssl_other_defines .= "#define DSO_DLFCN\n";
|
||||||
|
$openssl_other_defines .= "#define HAVE_DLFCN_H\n";
|
||||||
|
}
|
||||||
|
elsif ($dso_scheme eq "DLFCN_NO_H")
|
||||||
|
{
|
||||||
|
$dso_cflags = "-DDSO_DLFCN";
|
||||||
|
$openssl_other_defines .= "#define DSO_DLFCN\n";
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$dso_cflags = "-DDSO_$dso_scheme";
|
||||||
|
$openssl_other_defines .= "#define DSO_$dso_scheme\n";
|
||||||
|
}
|
||||||
|
$cflags = "$dso_cflags $cflags";
|
||||||
|
}
|
||||||
|
|
||||||
my $thread_cflags;
|
my $thread_cflags;
|
||||||
my $thread_defines;
|
my $thread_defines;
|
||||||
if ($thread_cflag ne "(unknown)" && !$no_threads)
|
if ($thread_cflag ne "(unknown)" && !$no_threads)
|
||||||
@ -585,6 +707,19 @@ if ($threads)
|
|||||||
$openssl_thread_defines .= $thread_defines;
|
$openssl_thread_defines .= $thread_defines;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# You will find shlib_mark1 and shlib_mark2 explained in Makefile.org
|
||||||
|
my $shared_mark1 = "";
|
||||||
|
my $shared_mark2 = "";
|
||||||
|
if ($shared_cflag ne "")
|
||||||
|
{
|
||||||
|
$cflags = "$shared_cflag $cflags";
|
||||||
|
if (!$no_shared)
|
||||||
|
{
|
||||||
|
$shared_mark1 = ".shlib-clean.";
|
||||||
|
$shared_mark2 = ".shlib.";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
#my ($bn1)=split(/\s+/,$bn_obj);
|
#my ($bn1)=split(/\s+/,$bn_obj);
|
||||||
#$bn1 = "" unless defined $bn1;
|
#$bn1 = "" unless defined $bn1;
|
||||||
#$bn1=$bn_asm unless ($bn1 =~ /\.o$/);
|
#$bn1=$bn_asm unless ($bn1 =~ /\.o$/);
|
||||||
@ -616,13 +751,20 @@ if ($rmd160_obj =~ /\.o$/)
|
|||||||
my $version = "unknown";
|
my $version = "unknown";
|
||||||
my $major = "unknown";
|
my $major = "unknown";
|
||||||
my $minor = "unknown";
|
my $minor = "unknown";
|
||||||
|
my $shlib_version_number = "unknown";
|
||||||
|
my $shlib_version_history = "unknown";
|
||||||
|
my $shlib_major = "unknown";
|
||||||
|
my $shlib_minor = "unknown";
|
||||||
|
|
||||||
open(IN,'<crypto/opensslv.h') || die "unable to read opensslv.h:$!\n";
|
open(IN,'<crypto/opensslv.h') || die "unable to read opensslv.h:$!\n";
|
||||||
while (<IN>)
|
while (<IN>)
|
||||||
{
|
{
|
||||||
$version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /;
|
$version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /;
|
||||||
|
$shlib_version_number=$1 if /SHLIB_VERSION_NUMBER *"([^"]+)"/;
|
||||||
|
$shlib_version_history=$1 if /SHLIB_VERSION_HISTORY *"([^"]*)"/;
|
||||||
}
|
}
|
||||||
close(IN);
|
close(IN);
|
||||||
|
if ($shlib_version_history ne "") { $shlib_version_history .= ":"; }
|
||||||
|
|
||||||
if ($version =~ /(^[0-9]*)\.([0-9\.]*)/)
|
if ($version =~ /(^[0-9]*)\.([0-9\.]*)/)
|
||||||
{
|
{
|
||||||
@ -630,6 +772,12 @@ if ($version =~ /(^[0-9]*)\.([0-9\.]*)/)
|
|||||||
$minor=$2;
|
$minor=$2;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
|
||||||
|
{
|
||||||
|
$shlib_major=$1;
|
||||||
|
$shlib_minor=$2;
|
||||||
|
}
|
||||||
|
|
||||||
open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
|
open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
|
||||||
open(OUT,">$Makefile") || die "unable to create $Makefile:$!\n";
|
open(OUT,">$Makefile") || die "unable to create $Makefile:$!\n";
|
||||||
print OUT "### Generated automatically from Makefile.org by Configure.\n\n";
|
print OUT "### Generated automatically from Makefile.org by Configure.\n\n";
|
||||||
@ -648,11 +796,16 @@ while (<IN>)
|
|||||||
s/^VERSION=.*/VERSION=$version/;
|
s/^VERSION=.*/VERSION=$version/;
|
||||||
s/^MAJOR=.*/MAJOR=$major/;
|
s/^MAJOR=.*/MAJOR=$major/;
|
||||||
s/^MINOR=.*/MINOR=$minor/;
|
s/^MINOR=.*/MINOR=$minor/;
|
||||||
|
s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/;
|
||||||
|
s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;
|
||||||
|
s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;
|
||||||
|
s/^SHLIB_MINOR=.*/SHLIB_MINOR=$shlib_minor/;
|
||||||
s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/;
|
s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/;
|
||||||
s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/;
|
s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/;
|
||||||
s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/;
|
s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/;
|
||||||
s/^PLATFORM=.*$/PLATFORM=$target/;
|
s/^PLATFORM=.*$/PLATFORM=$target/;
|
||||||
s/^OPTIONS=.*$/OPTIONS=$options/;
|
s/^OPTIONS=.*$/OPTIONS=$options/;
|
||||||
|
s/^CONFIGURE_ARGS=.*$/CONFIGURE_ARGS=$argvstring/;
|
||||||
s/^CC=.*$/CC= $cc/;
|
s/^CC=.*$/CC= $cc/;
|
||||||
s/^CFLAG=.*$/CFLAG= $cflags/;
|
s/^CFLAG=.*$/CFLAG= $cflags/;
|
||||||
s/^DEPFLAG=.*$/DEPFLAG= $depflags/;
|
s/^DEPFLAG=.*$/DEPFLAG= $depflags/;
|
||||||
@ -669,6 +822,10 @@ while (<IN>)
|
|||||||
s/^PROCESSOR=.*/PROCESSOR= $processor/;
|
s/^PROCESSOR=.*/PROCESSOR= $processor/;
|
||||||
s/^RANLIB=.*/RANLIB= $ranlib/;
|
s/^RANLIB=.*/RANLIB= $ranlib/;
|
||||||
s/^PERL=.*/PERL= $perl/;
|
s/^PERL=.*/PERL= $perl/;
|
||||||
|
s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
|
||||||
|
s/^SHLIB_MARK1=.*/SHLIB_MARK1=$shared_mark1/;
|
||||||
|
s/^SHLIB_MARK2=.*/SHLIB_MARK2=$shared_mark2/;
|
||||||
|
s/^LIBS=.*/LIBS=libcrypto\.so\* libssl\.so\*/ if (!$no_shared);
|
||||||
print OUT $_."\n";
|
print OUT $_."\n";
|
||||||
}
|
}
|
||||||
close(IN);
|
close(IN);
|
||||||
@ -851,16 +1008,18 @@ if($IsWindows) {
|
|||||||
EOF
|
EOF
|
||||||
close(OUT);
|
close(OUT);
|
||||||
} else {
|
} else {
|
||||||
(system "make -f Makefile.ssl PERL=\'$perl\' links") == 0 or exit $?;
|
(system "make -f Makefile.ssl PERL=\'$perl\' links") == 0 or exit $?
|
||||||
|
if $symlink;
|
||||||
### (system 'make depend') == 0 or exit $? if $depflags ne "";
|
### (system 'make depend') == 0 or exit $? if $depflags ne "";
|
||||||
# Run "make depend" manually if you want to be able to delete
|
# Run "make depend" manually if you want to be able to delete
|
||||||
# the source code files of ciphers you left out.
|
# the source code files of ciphers you left out.
|
||||||
&dofile("tools/c_rehash",$openssldir,'^DIR=', 'DIR=%s',);
|
|
||||||
if ( $perl =~ m@^/@) {
|
if ( $perl =~ m@^/@) {
|
||||||
|
&dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
|
||||||
&dofile("apps/der_chop",$perl,'^#!/', '#!%s');
|
&dofile("apps/der_chop",$perl,'^#!/', '#!%s');
|
||||||
&dofile("apps/CA.pl",$perl,'^#!/', '#!%s');
|
&dofile("apps/CA.pl",$perl,'^#!/', '#!%s');
|
||||||
} else {
|
} else {
|
||||||
# No path for Perl known ...
|
# No path for Perl known ...
|
||||||
|
&dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
|
||||||
&dofile("apps/der_chop",'/usr/local/bin/perl','^#!/', '#!%s');
|
&dofile("apps/der_chop",'/usr/local/bin/perl','^#!/', '#!%s');
|
||||||
&dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
|
&dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
|
||||||
}
|
}
|
||||||
@ -952,8 +1111,9 @@ sub print_table_entry
|
|||||||
|
|
||||||
(my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,
|
(my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,
|
||||||
my $bn_obj,my $des_obj,my $bf_obj,
|
my $bn_obj,my $des_obj,my $bf_obj,
|
||||||
$md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj)=
|
my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj,
|
||||||
split(/\s*:\s*/,$table{$target} . ":" x 20 , -1);
|
my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag)=
|
||||||
|
split(/\s*:\s*/,$table{$target} . ":" x 22 , -1);
|
||||||
|
|
||||||
print <<EOF
|
print <<EOF
|
||||||
|
|
||||||
@ -973,5 +1133,8 @@ sub print_table_entry
|
|||||||
\$rc4_obj = $rc4_obj
|
\$rc4_obj = $rc4_obj
|
||||||
\$rmd160_obj = $rmd160_obj
|
\$rmd160_obj = $rmd160_obj
|
||||||
\$rc5_obj = $rc5_obj
|
\$rc5_obj = $rc5_obj
|
||||||
|
\$dso_scheme = $dso_scheme
|
||||||
|
\$shared_target= $shared_target
|
||||||
|
\$shared_cflag = $shared_cflag
|
||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
|
@ -10,21 +10,29 @@ OpenSSL - Frequently Asked Questions
|
|||||||
* Why does the linker complain about undefined symbols?
|
* Why does the linker complain about undefined symbols?
|
||||||
* Where can I get a compiled version of OpenSSL?
|
* Where can I get a compiled version of OpenSSL?
|
||||||
* I've compiled a program under Windows and it crashes: why?
|
* I've compiled a program under Windows and it crashes: why?
|
||||||
|
* How do I read or write a DER encoded buffer using the ASN1 functions?
|
||||||
|
* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
|
||||||
* I've called <some function> and it fails, why?
|
* I've called <some function> and it fails, why?
|
||||||
* I just get a load of numbers for the error output, what do they mean?
|
* I just get a load of numbers for the error output, what do they mean?
|
||||||
* Why do I get errors about unknown algorithms?
|
* Why do I get errors about unknown algorithms?
|
||||||
* How do I create certificates or certificate requests?
|
* How do I create certificates or certificate requests?
|
||||||
* Why can't I create certificate requests?
|
* Why can't I create certificate requests?
|
||||||
* Why does <SSL program> fail with a certificate verify error?
|
* Why does <SSL program> fail with a certificate verify error?
|
||||||
|
* Why can I only use weak ciphers when I connect to a server using OpenSSL?
|
||||||
* How can I create DSA certificates?
|
* How can I create DSA certificates?
|
||||||
* Why can't I make an SSL connection using a DSA certificate?
|
* Why can't I make an SSL connection using a DSA certificate?
|
||||||
|
* How can I remove the passphrase on a private key?
|
||||||
* Why can't the OpenSSH configure script detect OpenSSL?
|
* Why can't the OpenSSH configure script detect OpenSSL?
|
||||||
|
* Why does the OpenSSL test fail with "bc: command not found"?
|
||||||
|
* Why does the OpenSSL test fail with "bc: 1 no implemented"?
|
||||||
|
* Why does the OpenSSL compilation fail on Alpha True64 Unix?
|
||||||
|
* Why does the OpenSSL compilation fail with "ar: command not found"?
|
||||||
|
|
||||||
|
|
||||||
* Which is the current version of OpenSSL?
|
* Which is the current version of OpenSSL?
|
||||||
|
|
||||||
The current version is available from <URL: http://www.openssl.org>.
|
The current version is available from <URL: http://www.openssl.org>.
|
||||||
OpenSSL 0.9.5a was released on April 1st, 2000.
|
OpenSSL 0.9.6 was released on September 24th, 2000.
|
||||||
|
|
||||||
In addition to the current stable release, you can also access daily
|
In addition to the current stable release, you can also access daily
|
||||||
snapshots of the OpenSSL development version at <URL:
|
snapshots of the OpenSSL development version at <URL:
|
||||||
@ -80,12 +88,6 @@ offer legal advice.
|
|||||||
You can configure OpenSSL so as not to use RC5 and IDEA by using
|
You can configure OpenSSL so as not to use RC5 and IDEA by using
|
||||||
./config no-rc5 no-idea
|
./config no-rc5 no-idea
|
||||||
|
|
||||||
Until the RSA patent expires, U.S. users may want to use
|
|
||||||
./config no-rc5 no-idea no-rsa
|
|
||||||
|
|
||||||
Please note that you will *not* be able to communicate with most of
|
|
||||||
the popular web browsers without RSA support.
|
|
||||||
|
|
||||||
|
|
||||||
* Is OpenSSL thread-safe?
|
* Is OpenSSL thread-safe?
|
||||||
|
|
||||||
@ -128,6 +130,13 @@ the "PRNG not seeded" error message may occur.
|
|||||||
when trying to password-encrypt an RSA key! This is a bug in the
|
when trying to password-encrypt an RSA key! This is a bug in the
|
||||||
library; try a later version instead.]
|
library; try a later version instead.]
|
||||||
|
|
||||||
|
For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested
|
||||||
|
installing the SUNski package from Sun patch 105710-01 (Sparc) which
|
||||||
|
adds a /dev/random device and make sure it gets used, usually through
|
||||||
|
$RANDFILE. There are probably similar patches for the other Solaris
|
||||||
|
versions. However, be warned that /dev/random is usually a blocking
|
||||||
|
device, which may have some effects on OpenSSL.
|
||||||
|
|
||||||
|
|
||||||
* Why does the linker complain about undefined symbols?
|
* Why does the linker complain about undefined symbols?
|
||||||
|
|
||||||
@ -174,12 +183,63 @@ otherwise the conflict will cause a program to crash: typically on the
|
|||||||
first BIO related read or write operation.
|
first BIO related read or write operation.
|
||||||
|
|
||||||
|
|
||||||
|
* How do I read or write a DER encoded buffer using the ASN1 functions?
|
||||||
|
|
||||||
|
You have two options. You can either use a memory BIO in conjunction
|
||||||
|
with the i2d_XXX_bio() or d2i_XXX_bio() functions or you can use the
|
||||||
|
i2d_XXX(), d2i_XXX() functions directly. Since these are often the
|
||||||
|
cause of grief here are some code fragments using PKCS7 as an example:
|
||||||
|
|
||||||
|
unsigned char *buf, *p;
|
||||||
|
int len;
|
||||||
|
|
||||||
|
len = i2d_PKCS7(p7, NULL);
|
||||||
|
buf = OPENSSL_malloc(len); /* or Malloc, error checking omitted */
|
||||||
|
p = buf;
|
||||||
|
i2d_PKCS7(p7, &p);
|
||||||
|
|
||||||
|
At this point buf contains the len bytes of the DER encoding of
|
||||||
|
p7.
|
||||||
|
|
||||||
|
The opposite assumes we already have len bytes in buf:
|
||||||
|
|
||||||
|
unsigned char *p;
|
||||||
|
p = buf;
|
||||||
|
p7 = d2i_PKCS7(NULL, &p, len);
|
||||||
|
|
||||||
|
At this point p7 contains a valid PKCS7 structure of NULL if an error
|
||||||
|
occurred. If an error occurred ERR_print_errors(bio) should give more
|
||||||
|
information.
|
||||||
|
|
||||||
|
The reason for the temporary variable 'p' is that the ASN1 functions
|
||||||
|
increment the passed pointer so it is ready to read or write the next
|
||||||
|
structure. This is often a cause of problems: without the temporary
|
||||||
|
variable the buffer pointer is changed to point just after the data
|
||||||
|
that has been read or written. This may well be uninitialized data
|
||||||
|
and attempts to free the buffer will have unpredictable results
|
||||||
|
because it no longer points to the same address.
|
||||||
|
|
||||||
|
|
||||||
|
* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
|
||||||
|
|
||||||
|
This usually happens when you try compiling something using the PKCS#12
|
||||||
|
macros with a C++ compiler. There is hardly ever any need to use the
|
||||||
|
PKCS#12 macros in a program, it is much easier to parse and create
|
||||||
|
PKCS#12 files using the PKCS12_parse() and PKCS12_create() functions
|
||||||
|
documented in doc/openssl.txt and with examples in demos/pkcs12. The
|
||||||
|
'pkcs12' application has to use the macros because it prints out
|
||||||
|
debugging information.
|
||||||
|
|
||||||
|
|
||||||
* I've called <some function> and it fails, why?
|
* I've called <some function> and it fails, why?
|
||||||
|
|
||||||
Before submitting a report or asking in one of the mailing lists you
|
Before submitting a report or asking in one of the mailing lists, you
|
||||||
should try to determine the cause. In particular you should call
|
should try to determine the cause. In particular, you should call
|
||||||
ERR_print_errors() or ERR_print_errors_fp() after the failed call
|
ERR_print_errors() or ERR_print_errors_fp() after the failed call
|
||||||
and see if the message helps.
|
and see if the message helps. Note that the problem may occur earlier
|
||||||
|
than you think -- you should check for errors after every call where
|
||||||
|
it is possible, otherwise the actual problem may be hidden because
|
||||||
|
some OpenSSL functions clear the error state.
|
||||||
|
|
||||||
|
|
||||||
* I just get a load of numbers for the error output, what do they mean?
|
* I just get a load of numbers for the error output, what do they mean?
|
||||||
@ -229,6 +289,13 @@ or file and the relevant program configured to read it. The OpenSSL program
|
|||||||
the verify(1) program manual page for more information.
|
the verify(1) program manual page for more information.
|
||||||
|
|
||||||
|
|
||||||
|
* Why can I only use weak ciphers when I connect to a server using OpenSSL?
|
||||||
|
|
||||||
|
This is almost certainly because you are using an old "export grade" browser
|
||||||
|
which only supports weak encryption. Upgrade your browser to support 128 bit
|
||||||
|
ciphers.
|
||||||
|
|
||||||
|
|
||||||
* How can I create DSA certificates?
|
* How can I create DSA certificates?
|
||||||
|
|
||||||
Check the CA.pl(1) manual page for a DSA certificate example.
|
Check the CA.pl(1) manual page for a DSA certificate example.
|
||||||
@ -239,11 +306,19 @@ Check the CA.pl(1) manual page for a DSA certificate example.
|
|||||||
Typically you'll see a message saying there are no shared ciphers when
|
Typically you'll see a message saying there are no shared ciphers when
|
||||||
the same setup works fine with an RSA certificate. There are two possible
|
the same setup works fine with an RSA certificate. There are two possible
|
||||||
causes. The client may not support connections to DSA servers most web
|
causes. The client may not support connections to DSA servers most web
|
||||||
browsers only support connections to servers supporting RSA cipher suites.
|
browsers (including Netscape and MSIE) only support connections to servers
|
||||||
The other cause is that a set of DH parameters has not been supplied to
|
supporting RSA cipher suites. The other cause is that a set of DH parameters
|
||||||
the server. DH parameters can be created with the dhparam(1) command and
|
has not been supplied to the server. DH parameters can be created with the
|
||||||
loaded using the SSL_CTX_set_tmp_dh() for example: check the source to
|
dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example:
|
||||||
s_server in apps/s_server.c for an example.
|
check the source to s_server in apps/s_server.c for an example.
|
||||||
|
|
||||||
|
|
||||||
|
* How can I remove the passphrase on a private key?
|
||||||
|
|
||||||
|
Firstly you should be really *really* sure you want to do this. Leaving
|
||||||
|
a private key unencrypted is a major security risk. If you decide that
|
||||||
|
you do have to do this check the EXAMPLES sections of the rsa(1) and
|
||||||
|
dsa(1) manual pages.
|
||||||
|
|
||||||
|
|
||||||
* Why can't the OpenSSH configure script detect OpenSSL?
|
* Why can't the OpenSSH configure script detect OpenSSL?
|
||||||
@ -285,3 +360,73 @@ applied to the OpenSSH distribution:
|
|||||||
fi
|
fi
|
||||||
LIBS="$LIBS -lcrypto"
|
LIBS="$LIBS -lcrypto"
|
||||||
----- snip:end -----
|
----- snip:end -----
|
||||||
|
|
||||||
|
|
||||||
|
* Why does the OpenSSL test fail with "bc: command not found"?
|
||||||
|
|
||||||
|
You didn't install "bc", the Unix calculator. If you want to run the
|
||||||
|
tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor.
|
||||||
|
|
||||||
|
|
||||||
|
* Why does the OpenSSL test fail with "bc: 1 no implemented"?
|
||||||
|
|
||||||
|
On some SCO installations or versions, bc has a bug that gets triggered when
|
||||||
|
you run the test suite (using "make test"). The message returned is "bc:
|
||||||
|
1 not implemented". The best way to deal with this is to find another
|
||||||
|
implementation of bc and compile/install it. For example, GNU bc (see
|
||||||
|
http://www.gnu.org/software/software.html for download instructions) can
|
||||||
|
be safely used.
|
||||||
|
|
||||||
|
|
||||||
|
* Why does the OpenSSL compilation fail on Alpha True64 Unix?
|
||||||
|
|
||||||
|
On some Alpha installations running True64 Unix and Compaq C, the compilation
|
||||||
|
of crypto/sha/sha_dgst.c fails with the message 'Fatal: Insufficient virtual
|
||||||
|
memory to continue compilation.' As far as the tests have shown, this may be
|
||||||
|
a compiler bug. What happens is that it eats up a lot of resident memory
|
||||||
|
to build something, probably a table. The problem is clearly in the
|
||||||
|
optimization code, because if one eliminates optimization completely (-O0),
|
||||||
|
the compilation goes through (and the compiler consumes about 2MB of resident
|
||||||
|
memory instead of 240MB or whatever one's limit is currently).
|
||||||
|
|
||||||
|
There are three options to solve this problem:
|
||||||
|
|
||||||
|
1. set your current data segment size soft limit higher. Experience shows
|
||||||
|
that about 241000 kbytes seems to be enough on an AlphaServer DS10. You do
|
||||||
|
this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of
|
||||||
|
kbytes to set the limit to.
|
||||||
|
|
||||||
|
2. If you have a hard limit that is lower than what you need and you can't
|
||||||
|
get it changed, you can compile all of OpenSSL with -O0 as optimization
|
||||||
|
level. This is however not a very nice thing to do for those who expect to
|
||||||
|
get the best result from OpenSSL. A bit more complicated solution is the
|
||||||
|
following:
|
||||||
|
|
||||||
|
----- snip:start -----
|
||||||
|
make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \
|
||||||
|
sed -e 's/ -O[0-9] / -O0 /'`"
|
||||||
|
rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'`
|
||||||
|
make
|
||||||
|
----- snip:end -----
|
||||||
|
|
||||||
|
This will only compile sha_dgst.c with -O0, the rest with the optimization
|
||||||
|
level chosen by the configuration process. When the above is done, do the
|
||||||
|
test and installation and you're set.
|
||||||
|
|
||||||
|
|
||||||
|
* Why does the OpenSSL compilation fail with "ar: command not found"?
|
||||||
|
|
||||||
|
Getting this message is quite usual on Solaris 2, because Sun has hidden
|
||||||
|
away 'ar' and other development commands in directories that aren't in
|
||||||
|
$PATH by default. One of those directories is '/usr/ccs/bin'. The
|
||||||
|
quickest way to fix this is to do the following (it assumes you use sh
|
||||||
|
or any sh-compatible shell):
|
||||||
|
|
||||||
|
----- snip:start -----
|
||||||
|
PATH=${PATH}:/usr/ccs/bin; export PATH
|
||||||
|
----- snip:end -----
|
||||||
|
|
||||||
|
and then redo the compilation. What you should really do is make sure
|
||||||
|
'/usr/ccs/bin' is permanently in your $PATH, for example through your
|
||||||
|
'.profile' (again, assuming you use a sh-compatible shell).
|
||||||
|
|
||||||
|
@ -53,6 +53,12 @@
|
|||||||
This will usually require additional system-dependent options!
|
This will usually require additional system-dependent options!
|
||||||
See "Note on multi-threading" below.
|
See "Note on multi-threading" below.
|
||||||
|
|
||||||
|
no-shared Don't try to create shared libraries.
|
||||||
|
|
||||||
|
shared In addition to the usual static libraries, create shared
|
||||||
|
libraries on platforms where it's supported. See "Note on
|
||||||
|
shared libraries" below.
|
||||||
|
|
||||||
no-asm Do not use assembler code.
|
no-asm Do not use assembler code.
|
||||||
|
|
||||||
386 Use the 80386 instruction set only (the default x86 code is
|
386 Use the 80386 instruction set only (the default x86 code is
|
||||||
@ -118,9 +124,12 @@
|
|||||||
OpenSSL binary ("openssl"). The libraries will be built in the top-level
|
OpenSSL binary ("openssl"). The libraries will be built in the top-level
|
||||||
directory, and the binary will be in the "apps" directory.
|
directory, and the binary will be in the "apps" directory.
|
||||||
|
|
||||||
If "make" fails, please report the problem to <openssl-bugs@openssl.org>
|
If "make" fails, look at the output. There may be reasons for
|
||||||
(note that your message will be forwarded to a public mailing list).
|
the failure that isn't a problem in OpenSSL itself (like missing
|
||||||
Include the output of "make report" in your message.
|
standard headers). If it is a problem with OpenSSL itself, please
|
||||||
|
report the problem to <openssl-bugs@openssl.org> (note that your
|
||||||
|
message will be forwarded to a public mailing list). Include the
|
||||||
|
output of "make report" in your message.
|
||||||
|
|
||||||
[If you encounter assembler error messages, try the "no-asm"
|
[If you encounter assembler error messages, try the "no-asm"
|
||||||
configuration option as an immediate fix.]
|
configuration option as an immediate fix.]
|
||||||
@ -132,10 +141,13 @@
|
|||||||
|
|
||||||
$ make test
|
$ make test
|
||||||
|
|
||||||
If a test fails, try removing any compiler optimization flags from
|
If a test fails, look at the output. There may be reasons for
|
||||||
the CFLAGS line in Makefile.ssl and run "make clean; make". Please
|
the failure that isn't a problem in OpenSSL itself (like a missing
|
||||||
send a bug report to <openssl-bugs@openssl.org>, including the
|
or malfunctioning bc). If it is a problem with OpenSSL itself,
|
||||||
output of "make report".
|
try removing any compiler optimization flags from the CFLAGS line
|
||||||
|
in Makefile.ssl and run "make clean; make". Please send a bug
|
||||||
|
report to <openssl-bugs@openssl.org>, including the output of
|
||||||
|
"make report".
|
||||||
|
|
||||||
4. If everything tests ok, install OpenSSL with
|
4. If everything tests ok, install OpenSSL with
|
||||||
|
|
||||||
@ -253,3 +265,14 @@
|
|||||||
you can still use "no-threads" to suppress an annoying warning message
|
you can still use "no-threads" to suppress an annoying warning message
|
||||||
from the Configure script.)
|
from the Configure script.)
|
||||||
|
|
||||||
|
|
||||||
|
Note on shared libraries
|
||||||
|
------------------------
|
||||||
|
|
||||||
|
For some systems, the OpenSSL Configure script knows what is needed to
|
||||||
|
build shared libraries for libcrypto and libssl. On these systems,
|
||||||
|
the shared libraries are currently not created by default, but giving
|
||||||
|
the option "shared" will get them created. This method supports Makefile
|
||||||
|
targets for shared library creation, like linux-shared. Those targets
|
||||||
|
can currently be used on their own just as well, but this is expected
|
||||||
|
to change in future versions of OpenSSL.
|
||||||
|
@ -5,8 +5,15 @@
|
|||||||
VERSION=
|
VERSION=
|
||||||
MAJOR=
|
MAJOR=
|
||||||
MINOR=
|
MINOR=
|
||||||
|
SHLIB_VERSION_NUMBER=
|
||||||
|
SHLIB_VERSION_HISTORY=
|
||||||
|
SHLIB_MAJOR=
|
||||||
|
SHLIB_MINOR=
|
||||||
PLATFORM=dist
|
PLATFORM=dist
|
||||||
OPTIONS=
|
OPTIONS=
|
||||||
|
CONFIGURE_ARGS=
|
||||||
|
SHLIB_TARGET=
|
||||||
|
|
||||||
# INSTALL_PREFIX is for package builders so that they can configure
|
# INSTALL_PREFIX is for package builders so that they can configure
|
||||||
# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
|
# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
|
||||||
# Normally it is left empty.
|
# Normally it is left empty.
|
||||||
@ -55,7 +62,7 @@ AR=ar r
|
|||||||
RANLIB= ranlib
|
RANLIB= ranlib
|
||||||
PERL= perl
|
PERL= perl
|
||||||
TAR= tar
|
TAR= tar
|
||||||
TARFLAGS= --norecurse
|
TARFLAGS= --no-recursion
|
||||||
|
|
||||||
# Set BN_ASM to bn_asm.o if you want to use the C version
|
# Set BN_ASM to bn_asm.o if you want to use the C version
|
||||||
BN_ASM= bn_asm.o
|
BN_ASM= bn_asm.o
|
||||||
@ -142,14 +149,21 @@ RMD160_ASM_OBJ= asm/rm86-out.o
|
|||||||
#RMD160_ASM_OBJ= asm/rm86-out.o # a.out, FreeBSD
|
#RMD160_ASM_OBJ= asm/rm86-out.o # a.out, FreeBSD
|
||||||
#RMD160_ASM_OBJ= asm/rm86bsdi.o # bsdi
|
#RMD160_ASM_OBJ= asm/rm86bsdi.o # bsdi
|
||||||
|
|
||||||
DIRS= crypto ssl rsaref apps test tools
|
# To do special treatment, use "directory names" starting with a period.
|
||||||
|
# When we're prepared to use shared libraries in the programs we link here
|
||||||
|
# we might have SHLIB_MARK1 get the value ".shlib." and SHLIB_MARK2 be empty,
|
||||||
|
# or have that configurable.
|
||||||
|
SHLIB_MARK1=.shlib-clean.
|
||||||
|
SHLIB_MARK2=.shlib.
|
||||||
|
|
||||||
|
DIRS= crypto ssl rsaref $(SHLIB_MARK1) apps test tools $(SHLIB_MARK2)
|
||||||
SHLIBDIRS= crypto ssl
|
SHLIBDIRS= crypto ssl
|
||||||
|
|
||||||
# dirs in crypto to build
|
# dirs in crypto to build
|
||||||
SDIRS= \
|
SDIRS= \
|
||||||
md2 md5 sha mdc2 hmac ripemd \
|
md2 md4 md5 sha mdc2 hmac ripemd \
|
||||||
des rc2 rc4 rc5 idea bf cast \
|
des rc2 rc4 rc5 idea bf cast \
|
||||||
bn rsa dsa dh \
|
bn rsa dsa dh dso \
|
||||||
buffer bio stack lhash rand err objects \
|
buffer bio stack lhash rand err objects \
|
||||||
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
|
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
|
||||||
|
|
||||||
@ -165,7 +179,8 @@ TOP= .
|
|||||||
ONEDIRS=out tmp
|
ONEDIRS=out tmp
|
||||||
EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
|
EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
|
||||||
WDIRS= windows
|
WDIRS= windows
|
||||||
LIBS= libcrypto.a libssl.a
|
LIBS= libcrypto.a libssl.a
|
||||||
|
SHARED_LIBS=libcrypto.so libssl.so
|
||||||
|
|
||||||
GENERAL= Makefile
|
GENERAL= Makefile
|
||||||
BASENAME= openssl
|
BASENAME= openssl
|
||||||
@ -176,37 +191,108 @@ EXHEADER= e_os.h e_os2.h
|
|||||||
HEADER= e_os.h
|
HEADER= e_os.h
|
||||||
|
|
||||||
all: Makefile.ssl
|
all: Makefile.ssl
|
||||||
@for i in $(DIRS) ;\
|
@need_shlib=true; \
|
||||||
|
for i in $(DIRS) ;\
|
||||||
do \
|
do \
|
||||||
(cd $$i && echo "making all in $$i..." && \
|
if [ "$$i" = ".shlib-clean." ]; then \
|
||||||
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
|
if [ "$(SHLIB_TARGET)" != "" ]; then \
|
||||||
done
|
$(MAKE) clean-shared; \
|
||||||
-@# cd crypto; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' testapps
|
fi; \
|
||||||
-@# cd perl; $(PERL) Makefile.PL; make
|
elif [ "$$i" = ".shlib." ]; then \
|
||||||
|
if [ "$(SHLIB_TARGET)" != "" ]; then \
|
||||||
|
$(MAKE) $(SHARED_LIBS); \
|
||||||
|
fi; \
|
||||||
|
need_shlib=false; \
|
||||||
|
else \
|
||||||
|
(cd $$i && echo "making all in $$i..." && \
|
||||||
|
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
|
||||||
|
fi; \
|
||||||
|
done; \
|
||||||
|
if $$need_shlib && [ "$(SHLIB_MARK1)" != "" -o "$(SHLIB_MARK1)" != "" ]; then \
|
||||||
|
$(MAKE) $(SHARED_LIBS); \
|
||||||
|
fi
|
||||||
|
|
||||||
sub_all:
|
sub_all:
|
||||||
@for i in $(DIRS) ;\
|
@need_shlib=true; \
|
||||||
|
for i in $(DIRS) ;\
|
||||||
do \
|
do \
|
||||||
(cd $$i && echo "making all in $$i..." && \
|
if [ "$$i" = ".shlib-clean." ]; then \
|
||||||
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
|
if [ "$(SHLIB_TARGET)" != "" ]; then \
|
||||||
done;
|
$(MAKE) clean-shared; \
|
||||||
|
fi; \
|
||||||
|
elif [ "$$i" = ".shlib." ]; then \
|
||||||
|
if [ "$(SHLIB_TARGET)" != "" ]; then \
|
||||||
|
$(MAKE) $(SHARED_LIBS); \
|
||||||
|
fi; \
|
||||||
|
need_shlib=false; \
|
||||||
|
else \
|
||||||
|
(cd $$i && echo "making all in $$i..." && \
|
||||||
|
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
|
||||||
|
fi; \
|
||||||
|
done; \
|
||||||
|
if $$need_shlib && [ "$(SHLIB_MARK1)" != "" -o "$(SHLIB_MARK1)" != "" ]; then \
|
||||||
|
$(MAKE) $(SHARED_LIBS); \
|
||||||
|
fi
|
||||||
|
|
||||||
|
libcrypto.so: libcrypto.a
|
||||||
|
@if [ "$(SHLIB_TARGET)" != "" ]; then \
|
||||||
|
$(MAKE) SHLIBDIRS=crypto $(SHLIB_TARGET); \
|
||||||
|
else \
|
||||||
|
echo "There's no support for shared libraries on this platform" >&2; \
|
||||||
|
fi
|
||||||
|
libssl.so: libcrypto.so libssl.a
|
||||||
|
@if [ "$(SHLIB_TARGET)" != "" ]; then \
|
||||||
|
$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-L. -lcrypto' $(SHLIB_TARGET); \
|
||||||
|
else \
|
||||||
|
echo "There's no support for shared libraries on this platform" >&2; \
|
||||||
|
fi
|
||||||
|
|
||||||
|
clean-shared:
|
||||||
|
for i in ${SHLIBDIRS}; do \
|
||||||
|
rm -f lib$$i.so \
|
||||||
|
lib$$i.so.${SHLIB_MAJOR} \
|
||||||
|
lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
|
||||||
|
done
|
||||||
|
|
||||||
linux-shared:
|
linux-shared:
|
||||||
for i in ${SHLIBDIRS}; do \
|
libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
|
||||||
rm -f lib$$i.a lib$$i.so \
|
rm -f lib$$i.so \
|
||||||
lib$$i.so.${MAJOR} lib$$i.so.${MAJOR}.${MINOR}; \
|
lib$$i.so.${SHLIB_MAJOR} \
|
||||||
${MAKE} CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='-fPIC ${CFLAG}' SDIRS='${SDIRS}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' DIRS=$$i clean all || exit 1; \
|
lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
|
||||||
( set -x; ${CC} -shared -o lib$$i.so.${MAJOR}.${MINOR} \
|
( set -x; ${CC} -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||||
-Wl,-S,-soname=lib$$i.so.${MAJOR} \
|
-Wl,-S,-soname=lib$$i.so.${SHLIB_MAJOR} \
|
||||||
-Wl,--whole-archive lib$$i.a \
|
-Wl,--whole-archive lib$$i.a \
|
||||||
-Wl,--no-whole-archive -lc ) || exit 1; \
|
-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
|
||||||
rm -f lib$$i.a; make -C $$i clean || exit 1 ;\
|
libs="$$libs -L. -l$$i"; \
|
||||||
done;
|
( set -x; \
|
||||||
@set -x; \
|
ln -s lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||||
for i in ${SHLIBDIRS}; do \
|
lib$$i.so.${SHLIB_MAJOR}; \
|
||||||
ln -s lib$$i.so.${MAJOR}.${MINOR} lib$$i.so.${MAJOR}; \
|
ln -s lib$$i.so.${SHLIB_MAJOR} lib$$i.so ); \
|
||||||
ln -s lib$$i.so.${MAJOR} lib$$i.so; \
|
done
|
||||||
done;
|
|
||||||
|
# This assumes that GNU utilities are *not* used
|
||||||
|
true64-shared:
|
||||||
|
libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
|
||||||
|
( set -x; ${CC} -shared -no_archive -o lib$$i.so \
|
||||||
|
-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
|
||||||
|
-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
|
||||||
|
libs="$$libs -L. -l$$i"; \
|
||||||
|
done
|
||||||
|
|
||||||
|
# This assumes that GNU utilities are *not* used
|
||||||
|
solaris-shared:
|
||||||
|
libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
|
||||||
|
rm -f lib$$i.so \
|
||||||
|
lib$$i.so.${SHLIB_MAJOR} \
|
||||||
|
lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
|
||||||
|
( set -x; ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||||
|
-h lib$$i.so.${SHLIB_MAJOR} \
|
||||||
|
-z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
|
||||||
|
libs="$$libs -L. -l$$i"; \
|
||||||
|
ln -s lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||||
|
lib$$i.so.${SHLIB_MAJOR}; \
|
||||||
|
ln -s lib$$i.so.${SHLIB_MAJOR} lib$$i.so; \
|
||||||
|
done
|
||||||
|
|
||||||
Makefile.ssl: Makefile.org
|
Makefile.ssl: Makefile.org
|
||||||
@echo "Makefile.ssl is older than Makefile.org."
|
@echo "Makefile.ssl is older than Makefile.org."
|
||||||
@ -220,9 +306,11 @@ clean:
|
|||||||
rm -f shlib/*.o *.o core a.out fluff *.map rehash.time testlog make.log cctest cctest.c
|
rm -f shlib/*.o *.o core a.out fluff *.map rehash.time testlog make.log cctest cctest.c
|
||||||
@for i in $(DIRS) ;\
|
@for i in $(DIRS) ;\
|
||||||
do \
|
do \
|
||||||
(cd $$i && echo "making clean in $$i..." && \
|
if echo "$$i" | grep -v '^\.'; then \
|
||||||
$(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
|
(cd $$i && echo "making clean in $$i..." && \
|
||||||
rm -f $(LIBS); \
|
$(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
|
||||||
|
rm -f $(LIBS); \
|
||||||
|
fi; \
|
||||||
done;
|
done;
|
||||||
rm -f *.a *.o speed.* *.map *.so .pure core
|
rm -f *.a *.o speed.* *.map *.so .pure core
|
||||||
rm -f $(TARFILE)
|
rm -f $(TARFILE)
|
||||||
@ -239,8 +327,10 @@ files:
|
|||||||
$(PERL) $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
|
$(PERL) $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
|
||||||
@for i in $(DIRS) ;\
|
@for i in $(DIRS) ;\
|
||||||
do \
|
do \
|
||||||
(cd $$i && echo "making 'files' in $$i..." && \
|
if echo "$$i" | grep -v '^\.'; then \
|
||||||
$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \
|
(cd $$i && echo "making 'files' in $$i..." && \
|
||||||
|
$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \
|
||||||
|
fi; \
|
||||||
done;
|
done;
|
||||||
|
|
||||||
links:
|
links:
|
||||||
@ -248,21 +338,25 @@ links:
|
|||||||
@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
|
@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
|
||||||
@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
|
@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
|
||||||
@for i in $(DIRS); do \
|
@for i in $(DIRS); do \
|
||||||
(cd $$i && echo "making links in $$i..." && \
|
if echo "$$i" | grep -v '^\.'; then \
|
||||||
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \
|
(cd $$i && echo "making links in $$i..." && \
|
||||||
|
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \
|
||||||
|
fi; \
|
||||||
done;
|
done;
|
||||||
|
|
||||||
dclean:
|
dclean:
|
||||||
rm -f *.bak
|
rm -f *.bak
|
||||||
@for i in $(DIRS) ;\
|
@for i in $(DIRS) ;\
|
||||||
do \
|
do \
|
||||||
(cd $$i && echo "making dclean in $$i..." && \
|
if echo "$$i" | grep -v '^\.'; then \
|
||||||
$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
|
(cd $$i && echo "making dclean in $$i..." && \
|
||||||
|
$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
|
||||||
|
fi; \
|
||||||
done;
|
done;
|
||||||
|
|
||||||
rehash: rehash.time
|
rehash: rehash.time
|
||||||
rehash.time: certs
|
rehash.time: certs
|
||||||
@(OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs)
|
@(OPENSSL="`pwd`/apps/openssl"; export OPENSSL; $(PERL) tools/c_rehash certs)
|
||||||
touch rehash.time
|
touch rehash.time
|
||||||
|
|
||||||
test: tests
|
test: tests
|
||||||
@ -278,41 +372,52 @@ report:
|
|||||||
depend:
|
depend:
|
||||||
@for i in $(DIRS) ;\
|
@for i in $(DIRS) ;\
|
||||||
do \
|
do \
|
||||||
(cd $$i && echo "making dependencies $$i..." && \
|
if echo "$$i" | grep -v '^\.'; then \
|
||||||
$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
|
(cd $$i && echo "making dependencies $$i..." && \
|
||||||
|
$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
|
||||||
|
fi; \
|
||||||
done;
|
done;
|
||||||
|
|
||||||
lint:
|
lint:
|
||||||
@for i in $(DIRS) ;\
|
@for i in $(DIRS) ;\
|
||||||
do \
|
do \
|
||||||
(cd $$i && echo "making lint $$i..." && \
|
if echo "$$i" | grep -v '^\.'; then \
|
||||||
$(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \
|
(cd $$i && echo "making lint $$i..." && \
|
||||||
|
$(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \
|
||||||
|
fi; \
|
||||||
done;
|
done;
|
||||||
|
|
||||||
tags:
|
tags:
|
||||||
@for i in $(DIRS) ;\
|
@for i in $(DIRS) ;\
|
||||||
do \
|
do \
|
||||||
(cd $$i && echo "making tags $$i..." && \
|
if echo "$$i" | grep -v '^\.'; then \
|
||||||
$(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \
|
(cd $$i && echo "making tags $$i..." && \
|
||||||
|
$(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \
|
||||||
|
fi; \
|
||||||
done;
|
done;
|
||||||
|
|
||||||
errors:
|
errors:
|
||||||
perl util/mkerr.pl -recurse -write
|
perl util/mkerr.pl -recurse -write
|
||||||
|
|
||||||
|
stacks:
|
||||||
|
perl util/mkstack.pl -write
|
||||||
|
|
||||||
util/libeay.num::
|
util/libeay.num::
|
||||||
perl util/mkdef.pl crypto update
|
perl util/mkdef.pl crypto update
|
||||||
|
|
||||||
util/ssleay.num::
|
util/ssleay.num::
|
||||||
perl util/mkdef.pl ssl update
|
perl util/mkdef.pl ssl update
|
||||||
|
|
||||||
crypto/objects/obj_dat.h: crypto/objects/objects.h crypto/objects/obj_dat.pl
|
crypto/objects/obj_dat.h: crypto/objects/obj_mac.h crypto/objects/obj_dat.pl
|
||||||
perl crypto/objects/obj_dat.pl crypto/objects/objects.h crypto/objects/obj_dat.h
|
perl crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
|
||||||
|
crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt
|
||||||
|
perl crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
|
||||||
|
|
||||||
TABLE: Configure
|
TABLE: Configure
|
||||||
(echo 'Output of `Configure TABLE'"':"; \
|
(echo 'Output of `Configure TABLE'"':"; \
|
||||||
perl Configure TABLE) > TABLE
|
perl Configure TABLE) > TABLE
|
||||||
|
|
||||||
update: depend errors util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE
|
update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE
|
||||||
|
|
||||||
tar:
|
tar:
|
||||||
@$(TAR) $(TARFLAGS) -cvf - \
|
@$(TAR) $(TARFLAGS) -cvf - \
|
||||||
@ -347,15 +452,19 @@ install: all install_docs
|
|||||||
done;
|
done;
|
||||||
@for i in $(DIRS) ;\
|
@for i in $(DIRS) ;\
|
||||||
do \
|
do \
|
||||||
(cd $$i; echo "installing $$i..."; \
|
if echo "$$i" | grep -v '^\.'; then \
|
||||||
$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' install ); \
|
(cd $$i; echo "installing $$i..."; \
|
||||||
|
$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' install ); \
|
||||||
|
fi; \
|
||||||
done
|
done
|
||||||
@for i in $(LIBS) ;\
|
@for i in $(LIBS) ;\
|
||||||
do \
|
do \
|
||||||
( echo installing $$i; \
|
if [ -f "$$i" ]; then \
|
||||||
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
|
( echo installing $$i; \
|
||||||
$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
|
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
|
||||||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
|
$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
|
||||||
|
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
|
||||||
|
fi \
|
||||||
done
|
done
|
||||||
|
|
||||||
install_docs:
|
install_docs:
|
||||||
|
@ -4,11 +4,18 @@
|
|||||||
## Makefile for OpenSSL
|
## Makefile for OpenSSL
|
||||||
##
|
##
|
||||||
|
|
||||||
VERSION=0.9.5a
|
VERSION=0.9.6
|
||||||
MAJOR=0
|
MAJOR=0
|
||||||
MINOR=9.5
|
MINOR=9.6
|
||||||
|
SHLIB_VERSION_NUMBER=0.9.6
|
||||||
|
SHLIB_VERSION_HISTORY=
|
||||||
|
SHLIB_MAJOR=0
|
||||||
|
SHLIB_MINOR=9.6
|
||||||
PLATFORM=dist
|
PLATFORM=dist
|
||||||
OPTIONS=
|
OPTIONS=
|
||||||
|
CONFIGURE_ARGS=dist
|
||||||
|
SHLIB_TARGET=
|
||||||
|
|
||||||
# INSTALL_PREFIX is for package builders so that they can configure
|
# INSTALL_PREFIX is for package builders so that they can configure
|
||||||
# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
|
# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
|
||||||
# Normally it is left empty.
|
# Normally it is left empty.
|
||||||
@ -57,7 +64,7 @@ AR=ar r
|
|||||||
RANLIB= /usr/bin/ranlib
|
RANLIB= /usr/bin/ranlib
|
||||||
PERL= /usr/local/bin/perl
|
PERL= /usr/local/bin/perl
|
||||||
TAR= tar
|
TAR= tar
|
||||||
TARFLAGS= --norecurse
|
TARFLAGS= --no-recursion
|
||||||
|
|
||||||
# Set BN_ASM to bn_asm.o if you want to use the C version
|
# Set BN_ASM to bn_asm.o if you want to use the C version
|
||||||
BN_ASM= bn_asm.o
|
BN_ASM= bn_asm.o
|
||||||
@ -144,14 +151,21 @@ RMD160_ASM_OBJ=
|
|||||||
#RMD160_ASM_OBJ= asm/rm86-out.o # a.out, FreeBSD
|
#RMD160_ASM_OBJ= asm/rm86-out.o # a.out, FreeBSD
|
||||||
#RMD160_ASM_OBJ= asm/rm86bsdi.o # bsdi
|
#RMD160_ASM_OBJ= asm/rm86bsdi.o # bsdi
|
||||||
|
|
||||||
DIRS= crypto ssl rsaref apps test tools
|
# To do special treatment, use "directory names" starting with a period.
|
||||||
|
# When we're prepared to use shared libraries in the programs we link here
|
||||||
|
# we might have SHLIB_MARK1 get the value ".shlib." and SHLIB_MARK2 be empty,
|
||||||
|
# or have that configurable.
|
||||||
|
SHLIB_MARK1=
|
||||||
|
SHLIB_MARK2=
|
||||||
|
|
||||||
|
DIRS= crypto ssl rsaref $(SHLIB_MARK1) apps test tools $(SHLIB_MARK2)
|
||||||
SHLIBDIRS= crypto ssl
|
SHLIBDIRS= crypto ssl
|
||||||
|
|
||||||
# dirs in crypto to build
|
# dirs in crypto to build
|
||||||
SDIRS= \
|
SDIRS= \
|
||||||
md2 md5 sha mdc2 hmac ripemd \
|
md2 md4 md5 sha mdc2 hmac ripemd \
|
||||||
des rc2 rc4 rc5 idea bf cast \
|
des rc2 rc4 rc5 idea bf cast \
|
||||||
bn rsa dsa dh \
|
bn rsa dsa dh dso \
|
||||||
buffer bio stack lhash rand err objects \
|
buffer bio stack lhash rand err objects \
|
||||||
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
|
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
|
||||||
|
|
||||||
@ -167,7 +181,8 @@ TOP= .
|
|||||||
ONEDIRS=out tmp
|
ONEDIRS=out tmp
|
||||||
EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
|
EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
|
||||||
WDIRS= windows
|
WDIRS= windows
|
||||||
LIBS= libcrypto.a libssl.a
|
LIBS= libcrypto.a libssl.a
|
||||||
|
SHARED_LIBS=libcrypto.so libssl.so
|
||||||
|
|
||||||
GENERAL= Makefile
|
GENERAL= Makefile
|
||||||
BASENAME= openssl
|
BASENAME= openssl
|
||||||
@ -178,37 +193,108 @@ EXHEADER= e_os.h e_os2.h
|
|||||||
HEADER= e_os.h
|
HEADER= e_os.h
|
||||||
|
|
||||||
all: Makefile.ssl
|
all: Makefile.ssl
|
||||||
@for i in $(DIRS) ;\
|
@need_shlib=true; \
|
||||||
|
for i in $(DIRS) ;\
|
||||||
do \
|
do \
|
||||||
(cd $$i && echo "making all in $$i..." && \
|
if [ "$$i" = ".shlib-clean." ]; then \
|
||||||
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
|
if [ "$(SHLIB_TARGET)" != "" ]; then \
|
||||||
done
|
$(MAKE) clean-shared; \
|
||||||
-@# cd crypto; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' testapps
|
fi; \
|
||||||
-@# cd perl; $(PERL) Makefile.PL; make
|
elif [ "$$i" = ".shlib." ]; then \
|
||||||
|
if [ "$(SHLIB_TARGET)" != "" ]; then \
|
||||||
|
$(MAKE) $(SHARED_LIBS); \
|
||||||
|
fi; \
|
||||||
|
need_shlib=false; \
|
||||||
|
else \
|
||||||
|
(cd $$i && echo "making all in $$i..." && \
|
||||||
|
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
|
||||||
|
fi; \
|
||||||
|
done; \
|
||||||
|
if $$need_shlib && [ "$(SHLIB_MARK1)" != "" -o "$(SHLIB_MARK1)" != "" ]; then \
|
||||||
|
$(MAKE) $(SHARED_LIBS); \
|
||||||
|
fi
|
||||||
|
|
||||||
sub_all:
|
sub_all:
|
||||||
@for i in $(DIRS) ;\
|
@need_shlib=true; \
|
||||||
|
for i in $(DIRS) ;\
|
||||||
do \
|
do \
|
||||||
(cd $$i && echo "making all in $$i..." && \
|
if [ "$$i" = ".shlib-clean." ]; then \
|
||||||
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
|
if [ "$(SHLIB_TARGET)" != "" ]; then \
|
||||||
done;
|
$(MAKE) clean-shared; \
|
||||||
|
fi; \
|
||||||
|
elif [ "$$i" = ".shlib." ]; then \
|
||||||
|
if [ "$(SHLIB_TARGET)" != "" ]; then \
|
||||||
|
$(MAKE) $(SHARED_LIBS); \
|
||||||
|
fi; \
|
||||||
|
need_shlib=false; \
|
||||||
|
else \
|
||||||
|
(cd $$i && echo "making all in $$i..." && \
|
||||||
|
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
|
||||||
|
fi; \
|
||||||
|
done; \
|
||||||
|
if $$need_shlib && [ "$(SHLIB_MARK1)" != "" -o "$(SHLIB_MARK1)" != "" ]; then \
|
||||||
|
$(MAKE) $(SHARED_LIBS); \
|
||||||
|
fi
|
||||||
|
|
||||||
|
libcrypto.so: libcrypto.a
|
||||||
|
@if [ "$(SHLIB_TARGET)" != "" ]; then \
|
||||||
|
$(MAKE) SHLIBDIRS=crypto $(SHLIB_TARGET); \
|
||||||
|
else \
|
||||||
|
echo "There's no support for shared libraries on this platform" >&2; \
|
||||||
|
fi
|
||||||
|
libssl.so: libcrypto.so libssl.a
|
||||||
|
@if [ "$(SHLIB_TARGET)" != "" ]; then \
|
||||||
|
$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-L. -lcrypto' $(SHLIB_TARGET); \
|
||||||
|
else \
|
||||||
|
echo "There's no support for shared libraries on this platform" >&2; \
|
||||||
|
fi
|
||||||
|
|
||||||
|
clean-shared:
|
||||||
|
for i in ${SHLIBDIRS}; do \
|
||||||
|
rm -f lib$$i.so \
|
||||||
|
lib$$i.so.${SHLIB_MAJOR} \
|
||||||
|
lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
|
||||||
|
done
|
||||||
|
|
||||||
linux-shared:
|
linux-shared:
|
||||||
for i in ${SHLIBDIRS}; do \
|
libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
|
||||||
rm -f lib$$i.a lib$$i.so \
|
rm -f lib$$i.so \
|
||||||
lib$$i.so.${MAJOR} lib$$i.so.${MAJOR}.${MINOR}; \
|
lib$$i.so.${SHLIB_MAJOR} \
|
||||||
${MAKE} CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='-fPIC ${CFLAG}' SDIRS='${SDIRS}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' DIRS=$$i clean all || exit 1; \
|
lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
|
||||||
( set -x; ${CC} -shared -o lib$$i.so.${MAJOR}.${MINOR} \
|
( set -x; ${CC} -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||||
-Wl,-S,-soname=lib$$i.so.${MAJOR} \
|
-Wl,-S,-soname=lib$$i.so.${SHLIB_MAJOR} \
|
||||||
-Wl,--whole-archive lib$$i.a \
|
-Wl,--whole-archive lib$$i.a \
|
||||||
-Wl,--no-whole-archive -lc ) || exit 1; \
|
-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
|
||||||
rm -f lib$$i.a; make -C $$i clean || exit 1 ;\
|
libs="$$libs -L. -l$$i"; \
|
||||||
done;
|
( set -x; \
|
||||||
@set -x; \
|
ln -s lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||||
for i in ${SHLIBDIRS}; do \
|
lib$$i.so.${SHLIB_MAJOR}; \
|
||||||
ln -s lib$$i.so.${MAJOR}.${MINOR} lib$$i.so.${MAJOR}; \
|
ln -s lib$$i.so.${SHLIB_MAJOR} lib$$i.so ); \
|
||||||
ln -s lib$$i.so.${MAJOR} lib$$i.so; \
|
done
|
||||||
done;
|
|
||||||
|
# This assumes that GNU utilities are *not* used
|
||||||
|
true64-shared:
|
||||||
|
libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
|
||||||
|
( set -x; ${CC} -shared -no_archive -o lib$$i.so \
|
||||||
|
-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
|
||||||
|
-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
|
||||||
|
libs="$$libs -L. -l$$i"; \
|
||||||
|
done
|
||||||
|
|
||||||
|
# This assumes that GNU utilities are *not* used
|
||||||
|
solaris-shared:
|
||||||
|
libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
|
||||||
|
rm -f lib$$i.so \
|
||||||
|
lib$$i.so.${SHLIB_MAJOR} \
|
||||||
|
lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
|
||||||
|
( set -x; ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||||
|
-h lib$$i.so.${SHLIB_MAJOR} \
|
||||||
|
-z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
|
||||||
|
libs="$$libs -L. -l$$i"; \
|
||||||
|
ln -s lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||||
|
lib$$i.so.${SHLIB_MAJOR}; \
|
||||||
|
ln -s lib$$i.so.${SHLIB_MAJOR} lib$$i.so; \
|
||||||
|
done
|
||||||
|
|
||||||
Makefile.ssl: Makefile.org
|
Makefile.ssl: Makefile.org
|
||||||
@echo "Makefile.ssl is older than Makefile.org."
|
@echo "Makefile.ssl is older than Makefile.org."
|
||||||
@ -222,9 +308,11 @@ clean:
|
|||||||
rm -f shlib/*.o *.o core a.out fluff *.map rehash.time testlog make.log cctest cctest.c
|
rm -f shlib/*.o *.o core a.out fluff *.map rehash.time testlog make.log cctest cctest.c
|
||||||
@for i in $(DIRS) ;\
|
@for i in $(DIRS) ;\
|
||||||
do \
|
do \
|
||||||
(cd $$i && echo "making clean in $$i..." && \
|
if echo "$$i" | grep -v '^\.'; then \
|
||||||
$(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
|
(cd $$i && echo "making clean in $$i..." && \
|
||||||
rm -f $(LIBS); \
|
$(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
|
||||||
|
rm -f $(LIBS); \
|
||||||
|
fi; \
|
||||||
done;
|
done;
|
||||||
rm -f *.a *.o speed.* *.map *.so .pure core
|
rm -f *.a *.o speed.* *.map *.so .pure core
|
||||||
rm -f $(TARFILE)
|
rm -f $(TARFILE)
|
||||||
@ -241,8 +329,10 @@ files:
|
|||||||
$(PERL) $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
|
$(PERL) $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
|
||||||
@for i in $(DIRS) ;\
|
@for i in $(DIRS) ;\
|
||||||
do \
|
do \
|
||||||
(cd $$i && echo "making 'files' in $$i..." && \
|
if echo "$$i" | grep -v '^\.'; then \
|
||||||
$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \
|
(cd $$i && echo "making 'files' in $$i..." && \
|
||||||
|
$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \
|
||||||
|
fi; \
|
||||||
done;
|
done;
|
||||||
|
|
||||||
links:
|
links:
|
||||||
@ -250,21 +340,25 @@ links:
|
|||||||
@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
|
@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
|
||||||
@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
|
@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
|
||||||
@for i in $(DIRS); do \
|
@for i in $(DIRS); do \
|
||||||
(cd $$i && echo "making links in $$i..." && \
|
if echo "$$i" | grep -v '^\.'; then \
|
||||||
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \
|
(cd $$i && echo "making links in $$i..." && \
|
||||||
|
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \
|
||||||
|
fi; \
|
||||||
done;
|
done;
|
||||||
|
|
||||||
dclean:
|
dclean:
|
||||||
rm -f *.bak
|
rm -f *.bak
|
||||||
@for i in $(DIRS) ;\
|
@for i in $(DIRS) ;\
|
||||||
do \
|
do \
|
||||||
(cd $$i && echo "making dclean in $$i..." && \
|
if echo "$$i" | grep -v '^\.'; then \
|
||||||
$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
|
(cd $$i && echo "making dclean in $$i..." && \
|
||||||
|
$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
|
||||||
|
fi; \
|
||||||
done;
|
done;
|
||||||
|
|
||||||
rehash: rehash.time
|
rehash: rehash.time
|
||||||
rehash.time: certs
|
rehash.time: certs
|
||||||
@(OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs)
|
@(OPENSSL="`pwd`/apps/openssl"; export OPENSSL; $(PERL) tools/c_rehash certs)
|
||||||
touch rehash.time
|
touch rehash.time
|
||||||
|
|
||||||
test: tests
|
test: tests
|
||||||
@ -280,41 +374,52 @@ report:
|
|||||||
depend:
|
depend:
|
||||||
@for i in $(DIRS) ;\
|
@for i in $(DIRS) ;\
|
||||||
do \
|
do \
|
||||||
(cd $$i && echo "making dependencies $$i..." && \
|
if echo "$$i" | grep -v '^\.'; then \
|
||||||
$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
|
(cd $$i && echo "making dependencies $$i..." && \
|
||||||
|
$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
|
||||||
|
fi; \
|
||||||
done;
|
done;
|
||||||
|
|
||||||
lint:
|
lint:
|
||||||
@for i in $(DIRS) ;\
|
@for i in $(DIRS) ;\
|
||||||
do \
|
do \
|
||||||
(cd $$i && echo "making lint $$i..." && \
|
if echo "$$i" | grep -v '^\.'; then \
|
||||||
$(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \
|
(cd $$i && echo "making lint $$i..." && \
|
||||||
|
$(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \
|
||||||
|
fi; \
|
||||||
done;
|
done;
|
||||||
|
|
||||||
tags:
|
tags:
|
||||||
@for i in $(DIRS) ;\
|
@for i in $(DIRS) ;\
|
||||||
do \
|
do \
|
||||||
(cd $$i && echo "making tags $$i..." && \
|
if echo "$$i" | grep -v '^\.'; then \
|
||||||
$(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \
|
(cd $$i && echo "making tags $$i..." && \
|
||||||
|
$(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \
|
||||||
|
fi; \
|
||||||
done;
|
done;
|
||||||
|
|
||||||
errors:
|
errors:
|
||||||
perl util/mkerr.pl -recurse -write
|
perl util/mkerr.pl -recurse -write
|
||||||
|
|
||||||
|
stacks:
|
||||||
|
perl util/mkstack.pl -write
|
||||||
|
|
||||||
util/libeay.num::
|
util/libeay.num::
|
||||||
perl util/mkdef.pl crypto update
|
perl util/mkdef.pl crypto update
|
||||||
|
|
||||||
util/ssleay.num::
|
util/ssleay.num::
|
||||||
perl util/mkdef.pl ssl update
|
perl util/mkdef.pl ssl update
|
||||||
|
|
||||||
crypto/objects/obj_dat.h: crypto/objects/objects.h crypto/objects/obj_dat.pl
|
crypto/objects/obj_dat.h: crypto/objects/obj_mac.h crypto/objects/obj_dat.pl
|
||||||
perl crypto/objects/obj_dat.pl crypto/objects/objects.h crypto/objects/obj_dat.h
|
perl crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
|
||||||
|
crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt
|
||||||
|
perl crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
|
||||||
|
|
||||||
TABLE: Configure
|
TABLE: Configure
|
||||||
(echo 'Output of `Configure TABLE'"':"; \
|
(echo 'Output of `Configure TABLE'"':"; \
|
||||||
perl Configure TABLE) > TABLE
|
perl Configure TABLE) > TABLE
|
||||||
|
|
||||||
update: depend errors util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE
|
update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE
|
||||||
|
|
||||||
tar:
|
tar:
|
||||||
@$(TAR) $(TARFLAGS) -cvf - \
|
@$(TAR) $(TARFLAGS) -cvf - \
|
||||||
@ -349,15 +454,19 @@ install: all install_docs
|
|||||||
done;
|
done;
|
||||||
@for i in $(DIRS) ;\
|
@for i in $(DIRS) ;\
|
||||||
do \
|
do \
|
||||||
(cd $$i; echo "installing $$i..."; \
|
if echo "$$i" | grep -v '^\.'; then \
|
||||||
$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' install ); \
|
(cd $$i; echo "installing $$i..."; \
|
||||||
|
$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' install ); \
|
||||||
|
fi; \
|
||||||
done
|
done
|
||||||
@for i in $(LIBS) ;\
|
@for i in $(LIBS) ;\
|
||||||
do \
|
do \
|
||||||
( echo installing $$i; \
|
if [ -f "$$i" ]; then \
|
||||||
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
|
( echo installing $$i; \
|
||||||
$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
|
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
|
||||||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
|
$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
|
||||||
|
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
|
||||||
|
fi \
|
||||||
done
|
done
|
||||||
|
|
||||||
install_docs:
|
install_docs:
|
||||||
|
@ -5,6 +5,21 @@
|
|||||||
This file gives a brief overview of the major changes between each OpenSSL
|
This file gives a brief overview of the major changes between each OpenSSL
|
||||||
release. For more details please read the CHANGES file.
|
release. For more details please read the CHANGES file.
|
||||||
|
|
||||||
|
Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6:
|
||||||
|
|
||||||
|
o Some documentation for BIO and SSL libraries.
|
||||||
|
o Enhanced chain verification using key identifiers.
|
||||||
|
o New sign and verify options to 'dgst' application.
|
||||||
|
o Support for DER and PEM encoded messages in 'smime' application.
|
||||||
|
o New 'rsautl' application, low level RSA utility.
|
||||||
|
o MD4 now included.
|
||||||
|
o Bugfix for SSL rollback padding check.
|
||||||
|
o Support for external crypto devices [1].
|
||||||
|
o Enhanced EVP interface.
|
||||||
|
|
||||||
|
[1] The support for external crypto devices is currently a separate
|
||||||
|
distribution. See the file README.ENGINE.
|
||||||
|
|
||||||
Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a:
|
Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a:
|
||||||
|
|
||||||
o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8
|
o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
OpenSSL 0.9.5a 1 Apr 2000
|
OpenSSL 0.9.6 24 Sep 2000
|
||||||
|
|
||||||
Copyright (c) 1998-2000 The OpenSSL Project
|
Copyright (c) 1998-2000 The OpenSSL Project
|
||||||
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
|
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
|
||||||
@ -99,13 +99,12 @@
|
|||||||
country. The file contains some of the patents that we know about or are
|
country. The file contains some of the patents that we know about or are
|
||||||
rumoured to exist. This is not a definitive list.
|
rumoured to exist. This is not a definitive list.
|
||||||
|
|
||||||
RSA Data Security holds software patents on the RSA and RC5 algorithms. If
|
RSA Security holds software patents on the RC5 algorithm. If you
|
||||||
their ciphers are used used inside the USA (and Japan?), you must contact RSA
|
intend to use this cipher, you must contact RSA Security for
|
||||||
Data Security for licensing conditions. Their web page is
|
licensing conditions. Their web page is http://www.rsasecurity.com/.
|
||||||
http://www.rsa.com/.
|
|
||||||
|
|
||||||
RC4 is a trademark of RSA Data Security, so use of this label should perhaps
|
RC4 is a trademark of RSA Security, so use of this label should perhaps
|
||||||
only be used with RSA Data Security's permission.
|
only be used with RSA Security's permission.
|
||||||
|
|
||||||
The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
|
The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
|
||||||
Japan, Netherlands, Spain, Sweden, Switzerland, UK and the USA. They should
|
Japan, Netherlands, Spain, Sweden, Switzerland, UK and the USA. They should
|
||||||
@ -119,9 +118,6 @@
|
|||||||
a Win32 platform, read the INSTALL.W32 file. For OpenVMS systems, read
|
a Win32 platform, read the INSTALL.W32 file. For OpenVMS systems, read
|
||||||
INSTALL.VMS.
|
INSTALL.VMS.
|
||||||
|
|
||||||
For people in the USA, it is possible to compile OpenSSL to use RSA Inc.'s
|
|
||||||
public key library, RSAREF, by configuring OpenSSL with the option "rsaref".
|
|
||||||
|
|
||||||
Read the documentation in the doc/ directory. It is quite rough, but it
|
Read the documentation in the doc/ directory. It is quite rough, but it
|
||||||
lists the functions, you will probably have to look at the code to work out
|
lists the functions, you will probably have to look at the code to work out
|
||||||
how to used them. Look at the example programs.
|
how to used them. Look at the example programs.
|
||||||
@ -167,6 +163,9 @@
|
|||||||
the string "[PATCH]" in the subject. Please be sure to include a
|
the string "[PATCH]" in the subject. Please be sure to include a
|
||||||
textual explanation of what your patch does.
|
textual explanation of what your patch does.
|
||||||
|
|
||||||
|
Note: For legal reasons, contributions from the US can be accepted only
|
||||||
|
if a copy of the patch is sent to crypt@bxa.doc.gov
|
||||||
|
|
||||||
The preferred format for changes is "diff -u" output. You might
|
The preferred format for changes is "diff -u" output. You might
|
||||||
generate it like this:
|
generate it like this:
|
||||||
|
|
||||||
@ -174,4 +173,4 @@
|
|||||||
# [your changes]
|
# [your changes]
|
||||||
# ./Configure dist; make clean
|
# ./Configure dist; make clean
|
||||||
# cd ..
|
# cd ..
|
||||||
# diff -urN openssl-orig openssl-work > mydiffs.patch
|
# diff -ur openssl-orig openssl-work > mydiffs.patch
|
||||||
|
63
crypto/openssl/README.ENGINE
Normal file
63
crypto/openssl/README.ENGINE
Normal file
@ -0,0 +1,63 @@
|
|||||||
|
|
||||||
|
ENGINE
|
||||||
|
======
|
||||||
|
|
||||||
|
With OpenSSL 0.9.6, a new component has been added to support external
|
||||||
|
crypto devices, for example accelerator cards. The component is called
|
||||||
|
ENGINE, and has still a pretty experimental status and almost no
|
||||||
|
documentation. It's designed to be faily easily extensible by the
|
||||||
|
calling programs.
|
||||||
|
|
||||||
|
There's currently built-in support for the following crypto devices:
|
||||||
|
|
||||||
|
o CryptoSwift
|
||||||
|
o Compaq Atalla
|
||||||
|
o nCipher CHIL
|
||||||
|
|
||||||
|
A number of things are still needed and are being worked on:
|
||||||
|
|
||||||
|
o An openssl utility command to handle or at least check available
|
||||||
|
engines.
|
||||||
|
o A better way of handling the methods that are handled by the
|
||||||
|
engines.
|
||||||
|
o Documentation!
|
||||||
|
|
||||||
|
What already exists is fairly stable as far as it has been tested, but
|
||||||
|
the test base has been a bit small most of the time.
|
||||||
|
|
||||||
|
Because of this experimental status and what's lacking, the ENGINE
|
||||||
|
component is not yet part of the default OpenSSL distribution. However,
|
||||||
|
we have made a separate kit for those who want to try this out, to be
|
||||||
|
found in the same places as the default OpenSSL distribution, but with
|
||||||
|
"-engine-" being part of the kit file name. For example, version 0.9.6
|
||||||
|
is distributed in the following two files:
|
||||||
|
|
||||||
|
openssl-0.9.6.tar.gz
|
||||||
|
openssl-engine-0.9.6.tar.gz
|
||||||
|
|
||||||
|
NOTES
|
||||||
|
=====
|
||||||
|
|
||||||
|
openssl-engine-0.9.6.tar.gz does not depend on openssl-0.9.6.tar, you do
|
||||||
|
not need to download both.
|
||||||
|
|
||||||
|
openssl-engine-0.9.6.tar.gz is usable even if you don't have an external
|
||||||
|
crypto device. The internal OpenSSL functions are contained in the
|
||||||
|
engine "openssl", and will be used by default.
|
||||||
|
|
||||||
|
No external crypto device is chosen unless you say so. You have actively
|
||||||
|
tell the openssl utility commands to use it through a new command line
|
||||||
|
switch called "-engine". And if you want to use the ENGINE library to
|
||||||
|
do something similar, you must also explicitely choose an external crypto
|
||||||
|
device, or the built-in crypto routines will be used, just as in the
|
||||||
|
default OpenSSL distribution.
|
||||||
|
|
||||||
|
|
||||||
|
PROBLEMS
|
||||||
|
========
|
||||||
|
|
||||||
|
It seems like the ENGINE part doesn't work too well with Cryptoswift on
|
||||||
|
Win32. A quick test done right before the release showed that trying
|
||||||
|
"openssl speed -engine cswift" generated errors. If the DSO gets enabled,
|
||||||
|
an attempt is made to write at memory address 0x00000002.
|
||||||
|
|
@ -36,6 +36,7 @@
|
|||||||
# default openssl.cnf file has setup as per the following
|
# default openssl.cnf file has setup as per the following
|
||||||
# demoCA ... where everything is stored
|
# demoCA ... where everything is stored
|
||||||
|
|
||||||
|
$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
|
||||||
$DAYS="-days 365";
|
$DAYS="-days 365";
|
||||||
$REQ="openssl req $SSLEAY_CONFIG";
|
$REQ="openssl req $SSLEAY_CONFIG";
|
||||||
$CA="openssl ca $SSLEAY_CONFIG";
|
$CA="openssl ca $SSLEAY_CONFIG";
|
||||||
@ -116,6 +117,11 @@ foreach (@ARGV) {
|
|||||||
"-infiles newreq.pem");
|
"-infiles newreq.pem");
|
||||||
$RET=$?;
|
$RET=$?;
|
||||||
print "Signed certificate is in newcert.pem\n";
|
print "Signed certificate is in newcert.pem\n";
|
||||||
|
} elsif (/^(-signCA)$/) {
|
||||||
|
system ("$CA -policy policy_anything -out newcert.pem " .
|
||||||
|
"-extensions v3_ca -infiles newreq.pem");
|
||||||
|
$RET=$?;
|
||||||
|
print "Signed CA certificate is in newcert.pem\n";
|
||||||
} elsif (/^-signcert$/) {
|
} elsif (/^-signcert$/) {
|
||||||
system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
|
system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
|
||||||
"-out tmp.pem");
|
"-out tmp.pem");
|
||||||
|
@ -36,6 +36,7 @@
|
|||||||
# default openssl.cnf file has setup as per the following
|
# default openssl.cnf file has setup as per the following
|
||||||
# demoCA ... where everything is stored
|
# demoCA ... where everything is stored
|
||||||
|
|
||||||
|
$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
|
||||||
$DAYS="-days 365";
|
$DAYS="-days 365";
|
||||||
$REQ="openssl req $SSLEAY_CONFIG";
|
$REQ="openssl req $SSLEAY_CONFIG";
|
||||||
$CA="openssl ca $SSLEAY_CONFIG";
|
$CA="openssl ca $SSLEAY_CONFIG";
|
||||||
@ -116,6 +117,11 @@ foreach (@ARGV) {
|
|||||||
"-infiles newreq.pem");
|
"-infiles newreq.pem");
|
||||||
$RET=$?;
|
$RET=$?;
|
||||||
print "Signed certificate is in newcert.pem\n";
|
print "Signed certificate is in newcert.pem\n";
|
||||||
|
} elsif (/^(-signCA)$/) {
|
||||||
|
system ("$CA -policy policy_anything -out newcert.pem " .
|
||||||
|
"-extensions v3_ca -infiles newreq.pem");
|
||||||
|
$RET=$?;
|
||||||
|
print "Signed CA certificate is in newcert.pem\n";
|
||||||
} elsif (/^-signcert$/) {
|
} elsif (/^-signcert$/) {
|
||||||
system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
|
system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
|
||||||
"-out tmp.pem");
|
"-out tmp.pem");
|
||||||
|
File diff suppressed because it is too large
Load Diff
@ -64,6 +64,11 @@
|
|||||||
#define NON_MAIN
|
#define NON_MAIN
|
||||||
#include "apps.h"
|
#include "apps.h"
|
||||||
#undef NON_MAIN
|
#undef NON_MAIN
|
||||||
|
#include <openssl/err.h>
|
||||||
|
#include <openssl/x509.h>
|
||||||
|
#include <openssl/pem.h>
|
||||||
|
#include <openssl/pkcs12.h>
|
||||||
|
#include <openssl/safestack.h>
|
||||||
|
|
||||||
#ifdef WINDOWS
|
#ifdef WINDOWS
|
||||||
# include "bss_file.c"
|
# include "bss_file.c"
|
||||||
@ -91,8 +96,8 @@ int args_from_file(char *file, int *argc, char **argv[])
|
|||||||
*argv=NULL;
|
*argv=NULL;
|
||||||
|
|
||||||
len=(unsigned int)stbuf.st_size;
|
len=(unsigned int)stbuf.st_size;
|
||||||
if (buf != NULL) Free(buf);
|
if (buf != NULL) OPENSSL_free(buf);
|
||||||
buf=(char *)Malloc(len+1);
|
buf=(char *)OPENSSL_malloc(len+1);
|
||||||
if (buf == NULL) return(0);
|
if (buf == NULL) return(0);
|
||||||
|
|
||||||
len=fread(buf,1,len,fp);
|
len=fread(buf,1,len,fp);
|
||||||
@ -102,8 +107,8 @@ int args_from_file(char *file, int *argc, char **argv[])
|
|||||||
i=0;
|
i=0;
|
||||||
for (p=buf; *p; p++)
|
for (p=buf; *p; p++)
|
||||||
if (*p == '\n') i++;
|
if (*p == '\n') i++;
|
||||||
if (arg != NULL) Free(arg);
|
if (arg != NULL) OPENSSL_free(arg);
|
||||||
arg=(char **)Malloc(sizeof(char *)*(i*2));
|
arg=(char **)OPENSSL_malloc(sizeof(char *)*(i*2));
|
||||||
|
|
||||||
*argv=arg;
|
*argv=arg;
|
||||||
num=0;
|
num=0;
|
||||||
@ -159,6 +164,12 @@ int str2fmt(char *s)
|
|||||||
return(FORMAT_PEM);
|
return(FORMAT_PEM);
|
||||||
else if ((*s == 'N') || (*s == 'n'))
|
else if ((*s == 'N') || (*s == 'n'))
|
||||||
return(FORMAT_NETSCAPE);
|
return(FORMAT_NETSCAPE);
|
||||||
|
else if ((*s == 'S') || (*s == 's'))
|
||||||
|
return(FORMAT_SMIME);
|
||||||
|
else if ((*s == '1')
|
||||||
|
|| (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
|
||||||
|
|| (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
|
||||||
|
return(FORMAT_PKCS12);
|
||||||
else
|
else
|
||||||
return(FORMAT_UNDEF);
|
return(FORMAT_UNDEF);
|
||||||
}
|
}
|
||||||
@ -266,7 +277,7 @@ int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
|
|||||||
if (arg->count == 0)
|
if (arg->count == 0)
|
||||||
{
|
{
|
||||||
arg->count=20;
|
arg->count=20;
|
||||||
arg->data=(char **)Malloc(sizeof(char *)*arg->count);
|
arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count);
|
||||||
}
|
}
|
||||||
for (i=0; i<arg->count; i++)
|
for (i=0; i<arg->count; i++)
|
||||||
arg->data[i]=NULL;
|
arg->data[i]=NULL;
|
||||||
@ -285,7 +296,7 @@ int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
|
|||||||
if (num >= arg->count)
|
if (num >= arg->count)
|
||||||
{
|
{
|
||||||
arg->count+=20;
|
arg->count+=20;
|
||||||
arg->data=(char **)Realloc(arg->data,
|
arg->data=(char **)OPENSSL_realloc(arg->data,
|
||||||
sizeof(char *)*arg->count);
|
sizeof(char *)*arg->count);
|
||||||
if (argc == 0) return(0);
|
if (argc == 0) return(0);
|
||||||
}
|
}
|
||||||
@ -414,3 +425,352 @@ static char *app_get_pass(BIO *err, char *arg, int keepbio)
|
|||||||
if(tmp) *tmp = 0;
|
if(tmp) *tmp = 0;
|
||||||
return BUF_strdup(tpass);
|
return BUF_strdup(tpass);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int add_oid_section(BIO *err, LHASH *conf)
|
||||||
|
{
|
||||||
|
char *p;
|
||||||
|
STACK_OF(CONF_VALUE) *sktmp;
|
||||||
|
CONF_VALUE *cnf;
|
||||||
|
int i;
|
||||||
|
if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1;
|
||||||
|
if(!(sktmp = CONF_get_section(conf, p))) {
|
||||||
|
BIO_printf(err, "problem loading oid section %s\n", p);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
|
||||||
|
cnf = sk_CONF_VALUE_value(sktmp, i);
|
||||||
|
if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
|
||||||
|
BIO_printf(err, "problem creating object %s=%s\n",
|
||||||
|
cnf->name, cnf->value);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
X509 *load_cert(BIO *err, char *file, int format)
|
||||||
|
{
|
||||||
|
ASN1_HEADER *ah=NULL;
|
||||||
|
BUF_MEM *buf=NULL;
|
||||||
|
X509 *x=NULL;
|
||||||
|
BIO *cert;
|
||||||
|
|
||||||
|
if ((cert=BIO_new(BIO_s_file())) == NULL)
|
||||||
|
{
|
||||||
|
ERR_print_errors(err);
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (file == NULL)
|
||||||
|
BIO_set_fp(cert,stdin,BIO_NOCLOSE);
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if (BIO_read_filename(cert,file) <= 0)
|
||||||
|
{
|
||||||
|
perror(file);
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (format == FORMAT_ASN1)
|
||||||
|
x=d2i_X509_bio(cert,NULL);
|
||||||
|
else if (format == FORMAT_NETSCAPE)
|
||||||
|
{
|
||||||
|
unsigned char *p,*op;
|
||||||
|
int size=0,i;
|
||||||
|
|
||||||
|
/* We sort of have to do it this way because it is sort of nice
|
||||||
|
* to read the header first and check it, then
|
||||||
|
* try to read the certificate */
|
||||||
|
buf=BUF_MEM_new();
|
||||||
|
for (;;)
|
||||||
|
{
|
||||||
|
if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10)))
|
||||||
|
goto end;
|
||||||
|
i=BIO_read(cert,&(buf->data[size]),1024*10);
|
||||||
|
size+=i;
|
||||||
|
if (i == 0) break;
|
||||||
|
if (i < 0)
|
||||||
|
{
|
||||||
|
perror("reading certificate");
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
p=(unsigned char *)buf->data;
|
||||||
|
op=p;
|
||||||
|
|
||||||
|
/* First load the header */
|
||||||
|
if ((ah=d2i_ASN1_HEADER(NULL,&p,(long)size)) == NULL)
|
||||||
|
goto end;
|
||||||
|
if ((ah->header == NULL) || (ah->header->data == NULL) ||
|
||||||
|
(strncmp(NETSCAPE_CERT_HDR,(char *)ah->header->data,
|
||||||
|
ah->header->length) != 0))
|
||||||
|
{
|
||||||
|
BIO_printf(err,"Error reading header on certificate\n");
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
/* header is ok, so now read the object */
|
||||||
|
p=op;
|
||||||
|
ah->meth=X509_asn1_meth();
|
||||||
|
if ((ah=d2i_ASN1_HEADER(&ah,&p,(long)size)) == NULL)
|
||||||
|
goto end;
|
||||||
|
x=(X509 *)ah->data;
|
||||||
|
ah->data=NULL;
|
||||||
|
}
|
||||||
|
else if (format == FORMAT_PEM)
|
||||||
|
x=PEM_read_bio_X509_AUX(cert,NULL,NULL,NULL);
|
||||||
|
else if (format == FORMAT_PKCS12)
|
||||||
|
{
|
||||||
|
PKCS12 *p12 = d2i_PKCS12_bio(cert, NULL);
|
||||||
|
|
||||||
|
PKCS12_parse(p12, NULL, NULL, &x, NULL);
|
||||||
|
PKCS12_free(p12);
|
||||||
|
p12 = NULL;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
BIO_printf(err,"bad input format specified for input cert\n");
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
end:
|
||||||
|
if (x == NULL)
|
||||||
|
{
|
||||||
|
BIO_printf(err,"unable to load certificate\n");
|
||||||
|
ERR_print_errors(err);
|
||||||
|
}
|
||||||
|
if (ah != NULL) ASN1_HEADER_free(ah);
|
||||||
|
if (cert != NULL) BIO_free(cert);
|
||||||
|
if (buf != NULL) BUF_MEM_free(buf);
|
||||||
|
return(x);
|
||||||
|
}
|
||||||
|
|
||||||
|
EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass)
|
||||||
|
{
|
||||||
|
BIO *key=NULL;
|
||||||
|
EVP_PKEY *pkey=NULL;
|
||||||
|
|
||||||
|
if (file == NULL)
|
||||||
|
{
|
||||||
|
BIO_printf(err,"no keyfile specified\n");
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
key=BIO_new(BIO_s_file());
|
||||||
|
if (key == NULL)
|
||||||
|
{
|
||||||
|
ERR_print_errors(err);
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
if (BIO_read_filename(key,file) <= 0)
|
||||||
|
{
|
||||||
|
perror(file);
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
if (format == FORMAT_ASN1)
|
||||||
|
{
|
||||||
|
pkey=d2i_PrivateKey_bio(key, NULL);
|
||||||
|
}
|
||||||
|
else if (format == FORMAT_PEM)
|
||||||
|
{
|
||||||
|
pkey=PEM_read_bio_PrivateKey(key,NULL,NULL,pass);
|
||||||
|
}
|
||||||
|
else if (format == FORMAT_PKCS12)
|
||||||
|
{
|
||||||
|
PKCS12 *p12 = d2i_PKCS12_bio(key, NULL);
|
||||||
|
|
||||||
|
PKCS12_parse(p12, pass, &pkey, NULL, NULL);
|
||||||
|
PKCS12_free(p12);
|
||||||
|
p12 = NULL;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
BIO_printf(err,"bad input format specified for key\n");
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
end:
|
||||||
|
if (key != NULL) BIO_free(key);
|
||||||
|
if (pkey == NULL)
|
||||||
|
BIO_printf(err,"unable to load Private Key\n");
|
||||||
|
return(pkey);
|
||||||
|
}
|
||||||
|
|
||||||
|
EVP_PKEY *load_pubkey(BIO *err, char *file, int format)
|
||||||
|
{
|
||||||
|
BIO *key=NULL;
|
||||||
|
EVP_PKEY *pkey=NULL;
|
||||||
|
|
||||||
|
if (file == NULL)
|
||||||
|
{
|
||||||
|
BIO_printf(err,"no keyfile specified\n");
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
key=BIO_new(BIO_s_file());
|
||||||
|
if (key == NULL)
|
||||||
|
{
|
||||||
|
ERR_print_errors(err);
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
if (BIO_read_filename(key,file) <= 0)
|
||||||
|
{
|
||||||
|
perror(file);
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
if (format == FORMAT_ASN1)
|
||||||
|
{
|
||||||
|
pkey=d2i_PUBKEY_bio(key, NULL);
|
||||||
|
}
|
||||||
|
else if (format == FORMAT_PEM)
|
||||||
|
{
|
||||||
|
pkey=PEM_read_bio_PUBKEY(key,NULL,NULL,NULL);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
BIO_printf(err,"bad input format specified for key\n");
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
end:
|
||||||
|
if (key != NULL) BIO_free(key);
|
||||||
|
if (pkey == NULL)
|
||||||
|
BIO_printf(err,"unable to load Public Key\n");
|
||||||
|
return(pkey);
|
||||||
|
}
|
||||||
|
|
||||||
|
STACK_OF(X509) *load_certs(BIO *err, char *file, int format)
|
||||||
|
{
|
||||||
|
BIO *certs;
|
||||||
|
int i;
|
||||||
|
STACK_OF(X509) *othercerts = NULL;
|
||||||
|
STACK_OF(X509_INFO) *allcerts = NULL;
|
||||||
|
X509_INFO *xi;
|
||||||
|
|
||||||
|
if((certs = BIO_new(BIO_s_file())) == NULL)
|
||||||
|
{
|
||||||
|
ERR_print_errors(err);
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (file == NULL)
|
||||||
|
BIO_set_fp(certs,stdin,BIO_NOCLOSE);
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if (BIO_read_filename(certs,file) <= 0)
|
||||||
|
{
|
||||||
|
perror(file);
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (format == FORMAT_PEM)
|
||||||
|
{
|
||||||
|
othercerts = sk_X509_new_null();
|
||||||
|
if(!othercerts)
|
||||||
|
{
|
||||||
|
sk_X509_free(othercerts);
|
||||||
|
othercerts = NULL;
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
allcerts = PEM_X509_INFO_read_bio(certs, NULL, NULL, NULL);
|
||||||
|
for(i = 0; i < sk_X509_INFO_num(allcerts); i++)
|
||||||
|
{
|
||||||
|
xi = sk_X509_INFO_value (allcerts, i);
|
||||||
|
if (xi->x509)
|
||||||
|
{
|
||||||
|
sk_X509_push(othercerts, xi->x509);
|
||||||
|
xi->x509 = NULL;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
BIO_printf(err,"bad input format specified for input cert\n");
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
end:
|
||||||
|
if (othercerts == NULL)
|
||||||
|
{
|
||||||
|
BIO_printf(err,"unable to load certificates\n");
|
||||||
|
ERR_print_errors(err);
|
||||||
|
}
|
||||||
|
if (allcerts) sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
|
||||||
|
if (certs != NULL) BIO_free(certs);
|
||||||
|
return(othercerts);
|
||||||
|
}
|
||||||
|
|
||||||
|
typedef struct {
|
||||||
|
char *name;
|
||||||
|
unsigned long flag;
|
||||||
|
unsigned long mask;
|
||||||
|
} NAME_EX_TBL;
|
||||||
|
|
||||||
|
int set_name_ex(unsigned long *flags, const char *arg)
|
||||||
|
{
|
||||||
|
char c;
|
||||||
|
const NAME_EX_TBL *ptbl, ex_tbl[] = {
|
||||||
|
{ "esc_2253", ASN1_STRFLGS_ESC_2253, 0},
|
||||||
|
{ "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
|
||||||
|
{ "esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
|
||||||
|
{ "use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
|
||||||
|
{ "utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},
|
||||||
|
{ "ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},
|
||||||
|
{ "show_type", ASN1_STRFLGS_SHOW_TYPE, 0},
|
||||||
|
{ "dump_all", ASN1_STRFLGS_DUMP_ALL, 0},
|
||||||
|
{ "dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},
|
||||||
|
{ "dump_der", ASN1_STRFLGS_DUMP_DER, 0},
|
||||||
|
{ "compat", XN_FLAG_COMPAT, 0xffffffffL},
|
||||||
|
{ "sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},
|
||||||
|
{ "sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},
|
||||||
|
{ "sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},
|
||||||
|
{ "sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},
|
||||||
|
{ "dn_rev", XN_FLAG_DN_REV, 0},
|
||||||
|
{ "nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
|
||||||
|
{ "sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
|
||||||
|
{ "lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
|
||||||
|
{ "oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
|
||||||
|
{ "space_eq", XN_FLAG_SPC_EQ, 0},
|
||||||
|
{ "dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
|
||||||
|
{ "RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
|
||||||
|
{ "oneline", XN_FLAG_ONELINE, 0xffffffffL},
|
||||||
|
{ "multiline", XN_FLAG_MULTILINE, 0xffffffffL},
|
||||||
|
{ NULL, 0, 0}
|
||||||
|
};
|
||||||
|
|
||||||
|
c = arg[0];
|
||||||
|
|
||||||
|
if(c == '-') {
|
||||||
|
c = 0;
|
||||||
|
arg++;
|
||||||
|
} else if (c == '+') {
|
||||||
|
c = 1;
|
||||||
|
arg++;
|
||||||
|
} else c = 1;
|
||||||
|
|
||||||
|
for(ptbl = ex_tbl; ptbl->name; ptbl++) {
|
||||||
|
if(!strcmp(arg, ptbl->name)) {
|
||||||
|
*flags &= ~ptbl->mask;
|
||||||
|
if(c) *flags |= ptbl->flag;
|
||||||
|
else *flags &= ~ptbl->flag;
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
|
||||||
|
{
|
||||||
|
char buf[256];
|
||||||
|
char mline = 0;
|
||||||
|
int indent = 0;
|
||||||
|
if(title) BIO_puts(out, title);
|
||||||
|
if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
|
||||||
|
mline = 1;
|
||||||
|
indent = 4;
|
||||||
|
}
|
||||||
|
if(lflags == XN_FLAG_COMPAT) {
|
||||||
|
X509_NAME_oneline(nm,buf,256);
|
||||||
|
BIO_puts(out,buf);
|
||||||
|
BIO_puts(out, "\n");
|
||||||
|
} else {
|
||||||
|
if(mline) BIO_puts(out, "\n");
|
||||||
|
X509_NAME_print_ex(out, nm, indent, lflags);
|
||||||
|
BIO_puts(out, "\n");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@ -65,6 +65,8 @@
|
|||||||
#include <openssl/bio.h>
|
#include <openssl/bio.h>
|
||||||
#include <openssl/crypto.h>
|
#include <openssl/crypto.h>
|
||||||
#include <openssl/x509.h>
|
#include <openssl/x509.h>
|
||||||
|
#include <openssl/lhash.h>
|
||||||
|
#include <openssl/conf.h>
|
||||||
|
|
||||||
int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
|
int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
|
||||||
int app_RAND_write_file(const char *file, BIO *bio_e);
|
int app_RAND_write_file(const char *file, BIO *bio_e);
|
||||||
@ -98,7 +100,6 @@ extern BIO *bio_err;
|
|||||||
#else
|
#else
|
||||||
|
|
||||||
#define MAIN(a,v) PROG(a,v)
|
#define MAIN(a,v) PROG(a,v)
|
||||||
#include <openssl/conf.h>
|
|
||||||
extern LHASH *config;
|
extern LHASH *config;
|
||||||
extern char *default_config_file;
|
extern char *default_config_file;
|
||||||
extern BIO *bio_err;
|
extern BIO *bio_err;
|
||||||
@ -144,13 +145,25 @@ void program_name(char *in,char *out,int size);
|
|||||||
int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
|
int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
|
||||||
#ifdef HEADER_X509_H
|
#ifdef HEADER_X509_H
|
||||||
int dump_cert_text(BIO *out, X509 *x);
|
int dump_cert_text(BIO *out, X509 *x);
|
||||||
|
void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags);
|
||||||
#endif
|
#endif
|
||||||
|
int set_name_ex(unsigned long *flags, const char *arg);
|
||||||
int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
|
int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
|
||||||
|
int add_oid_section(BIO *err, LHASH *conf);
|
||||||
|
X509 *load_cert(BIO *err, char *file, int format);
|
||||||
|
EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass);
|
||||||
|
EVP_PKEY *load_pubkey(BIO *err, char *file, int format);
|
||||||
|
STACK_OF(X509) *load_certs(BIO *err, char *file, int format);
|
||||||
|
|
||||||
#define FORMAT_UNDEF 0
|
#define FORMAT_UNDEF 0
|
||||||
#define FORMAT_ASN1 1
|
#define FORMAT_ASN1 1
|
||||||
#define FORMAT_TEXT 2
|
#define FORMAT_TEXT 2
|
||||||
#define FORMAT_PEM 3
|
#define FORMAT_PEM 3
|
||||||
#define FORMAT_NETSCAPE 4
|
#define FORMAT_NETSCAPE 4
|
||||||
|
#define FORMAT_PKCS12 5
|
||||||
|
#define FORMAT_SMIME 6
|
||||||
|
|
||||||
|
#define NETSCAPE_CERT_HDR "certificate"
|
||||||
|
|
||||||
#define APP_PASS_LEN 1024
|
#define APP_PASS_LEN 1024
|
||||||
|
|
||||||
|
@ -88,7 +88,7 @@ int MAIN(int argc, char **argv)
|
|||||||
unsigned int length=0;
|
unsigned int length=0;
|
||||||
long num,tmplen;
|
long num,tmplen;
|
||||||
BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL;
|
BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL;
|
||||||
int informat,indent=0, noout = 0;
|
int informat,indent=0, noout = 0, dump = 0;
|
||||||
char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL;
|
char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL;
|
||||||
unsigned char *tmpbuf;
|
unsigned char *tmpbuf;
|
||||||
BUF_MEM *buf=NULL;
|
BUF_MEM *buf=NULL;
|
||||||
@ -108,7 +108,7 @@ int MAIN(int argc, char **argv)
|
|||||||
argv++;
|
argv++;
|
||||||
if ((osk=sk_new_null()) == NULL)
|
if ((osk=sk_new_null()) == NULL)
|
||||||
{
|
{
|
||||||
BIO_printf(bio_err,"Malloc failure\n");
|
BIO_printf(bio_err,"Memory allocation failure\n");
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
while (argc >= 1)
|
while (argc >= 1)
|
||||||
@ -149,6 +149,16 @@ int MAIN(int argc, char **argv)
|
|||||||
length= atoi(*(++argv));
|
length= atoi(*(++argv));
|
||||||
if (length == 0) goto bad;
|
if (length == 0) goto bad;
|
||||||
}
|
}
|
||||||
|
else if (strcmp(*argv,"-dump") == 0)
|
||||||
|
{
|
||||||
|
dump= -1;
|
||||||
|
}
|
||||||
|
else if (strcmp(*argv,"-dlimit") == 0)
|
||||||
|
{
|
||||||
|
if (--argc < 1) goto bad;
|
||||||
|
dump= atoi(*(++argv));
|
||||||
|
if (dump <= 0) goto bad;
|
||||||
|
}
|
||||||
else if (strcmp(*argv,"-strparse") == 0)
|
else if (strcmp(*argv,"-strparse") == 0)
|
||||||
{
|
{
|
||||||
if (--argc < 1) goto bad;
|
if (--argc < 1) goto bad;
|
||||||
@ -176,6 +186,8 @@ int MAIN(int argc, char **argv)
|
|||||||
BIO_printf(bio_err," -offset arg offset into file\n");
|
BIO_printf(bio_err," -offset arg offset into file\n");
|
||||||
BIO_printf(bio_err," -length arg length of section in file\n");
|
BIO_printf(bio_err," -length arg length of section in file\n");
|
||||||
BIO_printf(bio_err," -i indent entries\n");
|
BIO_printf(bio_err," -i indent entries\n");
|
||||||
|
BIO_printf(bio_err," -dump dump unknown data in hex form\n");
|
||||||
|
BIO_printf(bio_err," -dlimit arg dump the first arg bytes of unknown data in hex form\n");
|
||||||
BIO_printf(bio_err," -oid file file of extra oid definitions\n");
|
BIO_printf(bio_err," -oid file file of extra oid definitions\n");
|
||||||
BIO_printf(bio_err," -strparse offset\n");
|
BIO_printf(bio_err," -strparse offset\n");
|
||||||
BIO_printf(bio_err," a series of these can be used to 'dig' into multiple\n");
|
BIO_printf(bio_err," a series of these can be used to 'dig' into multiple\n");
|
||||||
@ -194,6 +206,12 @@ int MAIN(int argc, char **argv)
|
|||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
|
BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
|
||||||
|
#ifdef VMS
|
||||||
|
{
|
||||||
|
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||||
|
out = BIO_push(tmpbio, out);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
if (oidfile != NULL)
|
if (oidfile != NULL)
|
||||||
{
|
{
|
||||||
@ -293,7 +311,8 @@ int MAIN(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (!noout &&
|
if (!noout &&
|
||||||
!ASN1_parse(out,(unsigned char *)&(str[offset]),length,indent))
|
!ASN1_parse_dump(out,(unsigned char *)&(str[offset]),length,
|
||||||
|
indent,dump))
|
||||||
{
|
{
|
||||||
ERR_print_errors(bio_err);
|
ERR_print_errors(bio_err);
|
||||||
goto end;
|
goto end;
|
||||||
@ -302,7 +321,7 @@ int MAIN(int argc, char **argv)
|
|||||||
end:
|
end:
|
||||||
BIO_free(derout);
|
BIO_free(derout);
|
||||||
if (in != NULL) BIO_free(in);
|
if (in != NULL) BIO_free(in);
|
||||||
if (out != NULL) BIO_free(out);
|
if (out != NULL) BIO_free_all(out);
|
||||||
if (b64 != NULL) BIO_free(b64);
|
if (b64 != NULL) BIO_free(b64);
|
||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
ERR_print_errors(bio_err);
|
ERR_print_errors(bio_err);
|
||||||
|
@ -176,7 +176,6 @@ extern int EF_PROTECT_BELOW;
|
|||||||
extern int EF_ALIGNMENT;
|
extern int EF_ALIGNMENT;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
static int add_oid_section(LHASH *conf);
|
|
||||||
static void lookup_fail(char *name,char *tag);
|
static void lookup_fail(char *name,char *tag);
|
||||||
static unsigned long index_serial_hash(char **a);
|
static unsigned long index_serial_hash(char **a);
|
||||||
static int index_serial_cmp(char **a, char **b);
|
static int index_serial_cmp(char **a, char **b);
|
||||||
@ -217,7 +216,7 @@ int MAIN(int, char **);
|
|||||||
|
|
||||||
int MAIN(int argc, char **argv)
|
int MAIN(int argc, char **argv)
|
||||||
{
|
{
|
||||||
char *key=NULL;
|
char *key=NULL,*passargin=NULL;
|
||||||
int total=0;
|
int total=0;
|
||||||
int total_done=0;
|
int total_done=0;
|
||||||
int badops=0;
|
int badops=0;
|
||||||
@ -263,7 +262,7 @@ int MAIN(int argc, char **argv)
|
|||||||
long l;
|
long l;
|
||||||
const EVP_MD *dgst=NULL;
|
const EVP_MD *dgst=NULL;
|
||||||
STACK_OF(CONF_VALUE) *attribs=NULL;
|
STACK_OF(CONF_VALUE) *attribs=NULL;
|
||||||
STACK *cert_sk=NULL;
|
STACK_OF(X509) *cert_sk=NULL;
|
||||||
BIO *hex=NULL;
|
BIO *hex=NULL;
|
||||||
#undef BSIZE
|
#undef BSIZE
|
||||||
#define BSIZE 256
|
#define BSIZE 256
|
||||||
@ -334,6 +333,11 @@ EF_ALIGNMENT=0;
|
|||||||
if (--argc < 1) goto bad;
|
if (--argc < 1) goto bad;
|
||||||
keyfile= *(++argv);
|
keyfile= *(++argv);
|
||||||
}
|
}
|
||||||
|
else if (strcmp(*argv,"-passin") == 0)
|
||||||
|
{
|
||||||
|
if (--argc < 1) goto bad;
|
||||||
|
passargin= *(++argv);
|
||||||
|
}
|
||||||
else if (strcmp(*argv,"-key") == 0)
|
else if (strcmp(*argv,"-key") == 0)
|
||||||
{
|
{
|
||||||
if (--argc < 1) goto bad;
|
if (--argc < 1) goto bad;
|
||||||
@ -498,7 +502,7 @@ EF_ALIGNMENT=0;
|
|||||||
BIO_free(oid_bio);
|
BIO_free(oid_bio);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if(!add_oid_section(conf))
|
if(!add_oid_section(bio_err,conf))
|
||||||
{
|
{
|
||||||
ERR_print_errors(bio_err);
|
ERR_print_errors(bio_err);
|
||||||
goto err;
|
goto err;
|
||||||
@ -527,6 +531,11 @@ EF_ALIGNMENT=0;
|
|||||||
lookup_fail(section,ENV_PRIVATE_KEY);
|
lookup_fail(section,ENV_PRIVATE_KEY);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
if(!key && !app_passwd(bio_err, passargin, NULL, &key, NULL))
|
||||||
|
{
|
||||||
|
BIO_printf(bio_err,"Error getting password\n");
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
if (BIO_read_filename(in,keyfile) <= 0)
|
if (BIO_read_filename(in,keyfile) <= 0)
|
||||||
{
|
{
|
||||||
perror(keyfile);
|
perror(keyfile);
|
||||||
@ -681,6 +690,12 @@ EF_ALIGNMENT=0;
|
|||||||
if (verbose)
|
if (verbose)
|
||||||
{
|
{
|
||||||
BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail */
|
BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail */
|
||||||
|
#ifdef VMS
|
||||||
|
{
|
||||||
|
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||||
|
out = BIO_push(tmpbio, out);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
TXT_DB_write(out,db);
|
TXT_DB_write(out,db);
|
||||||
BIO_printf(bio_err,"%d entries loaded from the database\n",
|
BIO_printf(bio_err,"%d entries loaded from the database\n",
|
||||||
db->data->num);
|
db->data->num);
|
||||||
@ -715,7 +730,15 @@ EF_ALIGNMENT=0;
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
{
|
||||||
BIO_set_fp(Sout,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
|
BIO_set_fp(Sout,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
|
||||||
|
#ifdef VMS
|
||||||
|
{
|
||||||
|
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||||
|
Sout = BIO_push(tmpbio, Sout);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (req)
|
if (req)
|
||||||
@ -808,7 +831,7 @@ EF_ALIGNMENT=0;
|
|||||||
{
|
{
|
||||||
if ((f=BN_bn2hex(serial)) == NULL) goto err;
|
if ((f=BN_bn2hex(serial)) == NULL) goto err;
|
||||||
BIO_printf(bio_err,"next serial number is %s\n",f);
|
BIO_printf(bio_err,"next serial number is %s\n",f);
|
||||||
Free(f);
|
OPENSSL_free(f);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((attribs=CONF_get_section(conf,policy)) == NULL)
|
if ((attribs=CONF_get_section(conf,policy)) == NULL)
|
||||||
@ -817,9 +840,9 @@ EF_ALIGNMENT=0;
|
|||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((cert_sk=sk_new_null()) == NULL)
|
if ((cert_sk=sk_X509_new_null()) == NULL)
|
||||||
{
|
{
|
||||||
BIO_printf(bio_err,"Malloc failure\n");
|
BIO_printf(bio_err,"Memory allocation failure\n");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
if (spkac_file != NULL)
|
if (spkac_file != NULL)
|
||||||
@ -834,9 +857,9 @@ EF_ALIGNMENT=0;
|
|||||||
total_done++;
|
total_done++;
|
||||||
BIO_printf(bio_err,"\n");
|
BIO_printf(bio_err,"\n");
|
||||||
if (!BN_add_word(serial,1)) goto err;
|
if (!BN_add_word(serial,1)) goto err;
|
||||||
if (!sk_push(cert_sk,(char *)x))
|
if (!sk_X509_push(cert_sk,x))
|
||||||
{
|
{
|
||||||
BIO_printf(bio_err,"Malloc failure\n");
|
BIO_printf(bio_err,"Memory allocation failure\n");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
if (outfile)
|
if (outfile)
|
||||||
@ -858,9 +881,9 @@ EF_ALIGNMENT=0;
|
|||||||
total_done++;
|
total_done++;
|
||||||
BIO_printf(bio_err,"\n");
|
BIO_printf(bio_err,"\n");
|
||||||
if (!BN_add_word(serial,1)) goto err;
|
if (!BN_add_word(serial,1)) goto err;
|
||||||
if (!sk_push(cert_sk,(char *)x))
|
if (!sk_X509_push(cert_sk,x))
|
||||||
{
|
{
|
||||||
BIO_printf(bio_err,"Malloc failure\n");
|
BIO_printf(bio_err,"Memory allocation failure\n");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -877,9 +900,9 @@ EF_ALIGNMENT=0;
|
|||||||
total_done++;
|
total_done++;
|
||||||
BIO_printf(bio_err,"\n");
|
BIO_printf(bio_err,"\n");
|
||||||
if (!BN_add_word(serial,1)) goto err;
|
if (!BN_add_word(serial,1)) goto err;
|
||||||
if (!sk_push(cert_sk,(char *)x))
|
if (!sk_X509_push(cert_sk,x))
|
||||||
{
|
{
|
||||||
BIO_printf(bio_err,"Malloc failure\n");
|
BIO_printf(bio_err,"Memory allocation failure\n");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -896,9 +919,9 @@ EF_ALIGNMENT=0;
|
|||||||
total_done++;
|
total_done++;
|
||||||
BIO_printf(bio_err,"\n");
|
BIO_printf(bio_err,"\n");
|
||||||
if (!BN_add_word(serial,1)) goto err;
|
if (!BN_add_word(serial,1)) goto err;
|
||||||
if (!sk_push(cert_sk,(char *)x))
|
if (!sk_X509_push(cert_sk,x))
|
||||||
{
|
{
|
||||||
BIO_printf(bio_err,"Malloc failure\n");
|
BIO_printf(bio_err,"Memory allocation failure\n");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -907,7 +930,7 @@ EF_ALIGNMENT=0;
|
|||||||
* and a data base and serial number that need
|
* and a data base and serial number that need
|
||||||
* updating */
|
* updating */
|
||||||
|
|
||||||
if (sk_num(cert_sk) > 0)
|
if (sk_X509_num(cert_sk) > 0)
|
||||||
{
|
{
|
||||||
if (!batch)
|
if (!batch)
|
||||||
{
|
{
|
||||||
@ -923,7 +946,7 @@ EF_ALIGNMENT=0;
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
BIO_printf(bio_err,"Write out database with %d new entries\n",sk_num(cert_sk));
|
BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk));
|
||||||
|
|
||||||
strncpy(buf[0],serialfile,BSIZE-4);
|
strncpy(buf[0],serialfile,BSIZE-4);
|
||||||
|
|
||||||
@ -955,12 +978,12 @@ EF_ALIGNMENT=0;
|
|||||||
|
|
||||||
if (verbose)
|
if (verbose)
|
||||||
BIO_printf(bio_err,"writing new certificates\n");
|
BIO_printf(bio_err,"writing new certificates\n");
|
||||||
for (i=0; i<sk_num(cert_sk); i++)
|
for (i=0; i<sk_X509_num(cert_sk); i++)
|
||||||
{
|
{
|
||||||
int k;
|
int k;
|
||||||
unsigned char *n;
|
unsigned char *n;
|
||||||
|
|
||||||
x=(X509 *)sk_value(cert_sk,i);
|
x=sk_X509_value(cert_sk,i);
|
||||||
|
|
||||||
j=x->cert_info->serialNumber->length;
|
j=x->cert_info->serialNumber->length;
|
||||||
p=(char *)x->cert_info->serialNumber->data;
|
p=(char *)x->cert_info->serialNumber->data;
|
||||||
@ -999,7 +1022,7 @@ EF_ALIGNMENT=0;
|
|||||||
write_new_certificate(Sout,x, output_der, notext);
|
write_new_certificate(Sout,x, output_der, notext);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (sk_num(cert_sk))
|
if (sk_X509_num(cert_sk))
|
||||||
{
|
{
|
||||||
/* Rename the database and the serial file */
|
/* Rename the database and the serial file */
|
||||||
strncpy(buf[2],serialfile,BSIZE-4);
|
strncpy(buf[2],serialfile,BSIZE-4);
|
||||||
@ -1011,7 +1034,7 @@ EF_ALIGNMENT=0;
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
BIO_free(in);
|
BIO_free(in);
|
||||||
BIO_free(out);
|
BIO_free_all(out);
|
||||||
in=NULL;
|
in=NULL;
|
||||||
out=NULL;
|
out=NULL;
|
||||||
if (rename(serialfile,buf[2]) < 0)
|
if (rename(serialfile,buf[2]) < 0)
|
||||||
@ -1228,12 +1251,12 @@ EF_ALIGNMENT=0;
|
|||||||
ret=0;
|
ret=0;
|
||||||
err:
|
err:
|
||||||
BIO_free(hex);
|
BIO_free(hex);
|
||||||
BIO_free(Cout);
|
BIO_free_all(Cout);
|
||||||
BIO_free(Sout);
|
BIO_free_all(Sout);
|
||||||
BIO_free(out);
|
BIO_free_all(out);
|
||||||
BIO_free(in);
|
BIO_free(in);
|
||||||
|
|
||||||
sk_pop_free(cert_sk,X509_free);
|
sk_X509_pop_free(cert_sk,X509_free);
|
||||||
|
|
||||||
if (ret) ERR_print_errors(bio_err);
|
if (ret) ERR_print_errors(bio_err);
|
||||||
app_RAND_write_file(randfile, bio_err);
|
app_RAND_write_file(randfile, bio_err);
|
||||||
@ -1345,7 +1368,7 @@ static int save_serial(char *serialfile, BIGNUM *serial)
|
|||||||
BIO_puts(out,"\n");
|
BIO_puts(out,"\n");
|
||||||
ret=1;
|
ret=1;
|
||||||
err:
|
err:
|
||||||
if (out != NULL) BIO_free(out);
|
if (out != NULL) BIO_free_all(out);
|
||||||
if (ai != NULL) ASN1_INTEGER_free(ai);
|
if (ai != NULL) ASN1_INTEGER_free(ai);
|
||||||
return(ret);
|
return(ret);
|
||||||
}
|
}
|
||||||
@ -1580,7 +1603,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
|
|||||||
/* Ok, now we check the 'policy' stuff. */
|
/* Ok, now we check the 'policy' stuff. */
|
||||||
if ((subject=X509_NAME_new()) == NULL)
|
if ((subject=X509_NAME_new()) == NULL)
|
||||||
{
|
{
|
||||||
BIO_printf(bio_err,"Malloc failure\n");
|
BIO_printf(bio_err,"Memory allocation failure\n");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1678,7 +1701,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
|
|||||||
{
|
{
|
||||||
if (push != NULL)
|
if (push != NULL)
|
||||||
X509_NAME_ENTRY_free(push);
|
X509_NAME_ENTRY_free(push);
|
||||||
BIO_printf(bio_err,"Malloc failure\n");
|
BIO_printf(bio_err,"Memory allocation failure\n");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1700,7 +1723,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
|
|||||||
row[DB_serial]=BN_bn2hex(serial);
|
row[DB_serial]=BN_bn2hex(serial);
|
||||||
if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
|
if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
|
||||||
{
|
{
|
||||||
BIO_printf(bio_err,"Malloc failure\n");
|
BIO_printf(bio_err,"Memory allocation failure\n");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1841,32 +1864,32 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
|
|||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
/* We now just add it to the database */
|
/* We now just add it to the database */
|
||||||
row[DB_type]=(char *)Malloc(2);
|
row[DB_type]=(char *)OPENSSL_malloc(2);
|
||||||
|
|
||||||
tm=X509_get_notAfter(ret);
|
tm=X509_get_notAfter(ret);
|
||||||
row[DB_exp_date]=(char *)Malloc(tm->length+1);
|
row[DB_exp_date]=(char *)OPENSSL_malloc(tm->length+1);
|
||||||
memcpy(row[DB_exp_date],tm->data,tm->length);
|
memcpy(row[DB_exp_date],tm->data,tm->length);
|
||||||
row[DB_exp_date][tm->length]='\0';
|
row[DB_exp_date][tm->length]='\0';
|
||||||
|
|
||||||
row[DB_rev_date]=NULL;
|
row[DB_rev_date]=NULL;
|
||||||
|
|
||||||
/* row[DB_serial] done already */
|
/* row[DB_serial] done already */
|
||||||
row[DB_file]=(char *)Malloc(8);
|
row[DB_file]=(char *)OPENSSL_malloc(8);
|
||||||
/* row[DB_name] done already */
|
/* row[DB_name] done already */
|
||||||
|
|
||||||
if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
|
if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
|
||||||
(row[DB_file] == NULL))
|
(row[DB_file] == NULL))
|
||||||
{
|
{
|
||||||
BIO_printf(bio_err,"Malloc failure\n");
|
BIO_printf(bio_err,"Memory allocation failure\n");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
strcpy(row[DB_file],"unknown");
|
strcpy(row[DB_file],"unknown");
|
||||||
row[DB_type][0]='V';
|
row[DB_type][0]='V';
|
||||||
row[DB_type][1]='\0';
|
row[DB_type][1]='\0';
|
||||||
|
|
||||||
if ((irow=(char **)Malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
|
if ((irow=(char **)OPENSSL_malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
|
||||||
{
|
{
|
||||||
BIO_printf(bio_err,"Malloc failure\n");
|
BIO_printf(bio_err,"Memory allocation failure\n");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1886,7 +1909,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
|
|||||||
ok=1;
|
ok=1;
|
||||||
err:
|
err:
|
||||||
for (i=0; i<DB_NUMBER; i++)
|
for (i=0; i<DB_NUMBER; i++)
|
||||||
if (row[i] != NULL) Free(row[i]);
|
if (row[i] != NULL) OPENSSL_free(row[i]);
|
||||||
|
|
||||||
if (CAname != NULL)
|
if (CAname != NULL)
|
||||||
X509_NAME_free(CAname);
|
X509_NAME_free(CAname);
|
||||||
@ -2100,28 +2123,6 @@ static int check_time_format(char *str)
|
|||||||
return(ASN1_UTCTIME_check(&tm));
|
return(ASN1_UTCTIME_check(&tm));
|
||||||
}
|
}
|
||||||
|
|
||||||
static int add_oid_section(LHASH *hconf)
|
|
||||||
{
|
|
||||||
char *p;
|
|
||||||
STACK_OF(CONF_VALUE) *sktmp;
|
|
||||||
CONF_VALUE *cnf;
|
|
||||||
int i;
|
|
||||||
if(!(p=CONF_get_string(hconf,NULL,"oid_section"))) return 1;
|
|
||||||
if(!(sktmp = CONF_get_section(hconf, p))) {
|
|
||||||
BIO_printf(bio_err, "problem loading oid section %s\n", p);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
|
|
||||||
cnf = sk_CONF_VALUE_value(sktmp, i);
|
|
||||||
if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
|
|
||||||
BIO_printf(bio_err, "problem creating object %s=%s\n",
|
|
||||||
cnf->name, cnf->value);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int do_revoke(X509 *x509, TXT_DB *db)
|
static int do_revoke(X509 *x509, TXT_DB *db)
|
||||||
{
|
{
|
||||||
ASN1_UTCTIME *tm=NULL, *revtm=NULL;
|
ASN1_UTCTIME *tm=NULL, *revtm=NULL;
|
||||||
@ -2137,7 +2138,7 @@ static int do_revoke(X509 *x509, TXT_DB *db)
|
|||||||
BN_free(bn);
|
BN_free(bn);
|
||||||
if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
|
if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
|
||||||
{
|
{
|
||||||
BIO_printf(bio_err,"Malloc failure\n");
|
BIO_printf(bio_err,"Memory allocation failure\n");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
/* We have to lookup by serial number because name lookup
|
/* We have to lookup by serial number because name lookup
|
||||||
@ -2149,33 +2150,33 @@ static int do_revoke(X509 *x509, TXT_DB *db)
|
|||||||
BIO_printf(bio_err,"Adding Entry to DB for %s\n", row[DB_name]);
|
BIO_printf(bio_err,"Adding Entry to DB for %s\n", row[DB_name]);
|
||||||
|
|
||||||
/* We now just add it to the database */
|
/* We now just add it to the database */
|
||||||
row[DB_type]=(char *)Malloc(2);
|
row[DB_type]=(char *)OPENSSL_malloc(2);
|
||||||
|
|
||||||
tm=X509_get_notAfter(x509);
|
tm=X509_get_notAfter(x509);
|
||||||
row[DB_exp_date]=(char *)Malloc(tm->length+1);
|
row[DB_exp_date]=(char *)OPENSSL_malloc(tm->length+1);
|
||||||
memcpy(row[DB_exp_date],tm->data,tm->length);
|
memcpy(row[DB_exp_date],tm->data,tm->length);
|
||||||
row[DB_exp_date][tm->length]='\0';
|
row[DB_exp_date][tm->length]='\0';
|
||||||
|
|
||||||
row[DB_rev_date]=NULL;
|
row[DB_rev_date]=NULL;
|
||||||
|
|
||||||
/* row[DB_serial] done already */
|
/* row[DB_serial] done already */
|
||||||
row[DB_file]=(char *)Malloc(8);
|
row[DB_file]=(char *)OPENSSL_malloc(8);
|
||||||
|
|
||||||
/* row[DB_name] done already */
|
/* row[DB_name] done already */
|
||||||
|
|
||||||
if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
|
if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
|
||||||
(row[DB_file] == NULL))
|
(row[DB_file] == NULL))
|
||||||
{
|
{
|
||||||
BIO_printf(bio_err,"Malloc failure\n");
|
BIO_printf(bio_err,"Memory allocation failure\n");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
strcpy(row[DB_file],"unknown");
|
strcpy(row[DB_file],"unknown");
|
||||||
row[DB_type][0]='V';
|
row[DB_type][0]='V';
|
||||||
row[DB_type][1]='\0';
|
row[DB_type][1]='\0';
|
||||||
|
|
||||||
if ((irow=(char **)Malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
|
if ((irow=(char **)OPENSSL_malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
|
||||||
{
|
{
|
||||||
BIO_printf(bio_err,"Malloc failure\n");
|
BIO_printf(bio_err,"Memory allocation failure\n");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2218,7 +2219,7 @@ static int do_revoke(X509 *x509, TXT_DB *db)
|
|||||||
revtm=X509_gmtime_adj(revtm,0);
|
revtm=X509_gmtime_adj(revtm,0);
|
||||||
rrow[DB_type][0]='R';
|
rrow[DB_type][0]='R';
|
||||||
rrow[DB_type][1]='\0';
|
rrow[DB_type][1]='\0';
|
||||||
rrow[DB_rev_date]=(char *)Malloc(revtm->length+1);
|
rrow[DB_rev_date]=(char *)OPENSSL_malloc(revtm->length+1);
|
||||||
memcpy(rrow[DB_rev_date],revtm->data,revtm->length);
|
memcpy(rrow[DB_rev_date],revtm->data,revtm->length);
|
||||||
rrow[DB_rev_date][revtm->length]='\0';
|
rrow[DB_rev_date][revtm->length]='\0';
|
||||||
ASN1_UTCTIME_free(revtm);
|
ASN1_UTCTIME_free(revtm);
|
||||||
@ -2228,7 +2229,7 @@ static int do_revoke(X509 *x509, TXT_DB *db)
|
|||||||
for (i=0; i<DB_NUMBER; i++)
|
for (i=0; i<DB_NUMBER; i++)
|
||||||
{
|
{
|
||||||
if (row[i] != NULL)
|
if (row[i] != NULL)
|
||||||
Free(row[i]);
|
OPENSSL_free(row[i]);
|
||||||
}
|
}
|
||||||
return(ok);
|
return(ok);
|
||||||
}
|
}
|
||||||
|
@ -74,6 +74,7 @@ static char *ciphers_usage[]={
|
|||||||
" -v - verbose mode, a textual listing of the ciphers in SSLeay\n",
|
" -v - verbose mode, a textual listing of the ciphers in SSLeay\n",
|
||||||
" -ssl2 - SSL2 mode\n",
|
" -ssl2 - SSL2 mode\n",
|
||||||
" -ssl3 - SSL3 mode\n",
|
" -ssl3 - SSL3 mode\n",
|
||||||
|
" -tls1 - TLS1 mode\n",
|
||||||
NULL
|
NULL
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -107,6 +108,12 @@ int MAIN(int argc, char **argv)
|
|||||||
if (bio_err == NULL)
|
if (bio_err == NULL)
|
||||||
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
|
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
|
||||||
STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
|
STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
|
||||||
|
#ifdef VMS
|
||||||
|
{
|
||||||
|
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||||
|
STDout = BIO_push(tmpbio, STDout);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
argc--;
|
argc--;
|
||||||
argv++;
|
argv++;
|
||||||
@ -121,6 +128,10 @@ int MAIN(int argc, char **argv)
|
|||||||
#ifndef NO_SSL3
|
#ifndef NO_SSL3
|
||||||
else if (strcmp(*argv,"-ssl3") == 0)
|
else if (strcmp(*argv,"-ssl3") == 0)
|
||||||
meth=SSLv3_client_method();
|
meth=SSLv3_client_method();
|
||||||
|
#endif
|
||||||
|
#ifndef NO_TLS1
|
||||||
|
else if (strcmp(*argv,"-tls1") == 0)
|
||||||
|
meth=TLSv1_client_method();
|
||||||
#endif
|
#endif
|
||||||
else if ((strncmp(*argv,"-h",2) == 0) ||
|
else if ((strncmp(*argv,"-h",2) == 0) ||
|
||||||
(strcmp(*argv,"-?") == 0))
|
(strcmp(*argv,"-?") == 0))
|
||||||
@ -190,7 +201,7 @@ int MAIN(int argc, char **argv)
|
|||||||
end:
|
end:
|
||||||
if (ctx != NULL) SSL_CTX_free(ctx);
|
if (ctx != NULL) SSL_CTX_free(ctx);
|
||||||
if (ssl != NULL) SSL_free(ssl);
|
if (ssl != NULL) SSL_free(ssl);
|
||||||
if (STDout != NULL) BIO_free(STDout);
|
if (STDout != NULL) BIO_free_all(STDout);
|
||||||
EXIT(ret);
|
EXIT(ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -104,6 +104,7 @@ int MAIN(int argc, char **argv)
|
|||||||
int informat,outformat;
|
int informat,outformat;
|
||||||
char *infile=NULL,*outfile=NULL;
|
char *infile=NULL,*outfile=NULL;
|
||||||
int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
|
int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
|
||||||
|
int fingerprint = 0;
|
||||||
char **pp,buf[256];
|
char **pp,buf[256];
|
||||||
X509_STORE *store = NULL;
|
X509_STORE *store = NULL;
|
||||||
X509_STORE_CTX ctx;
|
X509_STORE_CTX ctx;
|
||||||
@ -111,6 +112,7 @@ int MAIN(int argc, char **argv)
|
|||||||
X509_OBJECT xobj;
|
X509_OBJECT xobj;
|
||||||
EVP_PKEY *pkey;
|
EVP_PKEY *pkey;
|
||||||
int do_ver = 0;
|
int do_ver = 0;
|
||||||
|
const EVP_MD *md_alg,*digest=EVP_md5();
|
||||||
|
|
||||||
apps_startup();
|
apps_startup();
|
||||||
|
|
||||||
@ -120,7 +122,15 @@ int MAIN(int argc, char **argv)
|
|||||||
|
|
||||||
if (bio_out == NULL)
|
if (bio_out == NULL)
|
||||||
if ((bio_out=BIO_new(BIO_s_file())) != NULL)
|
if ((bio_out=BIO_new(BIO_s_file())) != NULL)
|
||||||
|
{
|
||||||
BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
|
BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
|
||||||
|
#ifdef VMS
|
||||||
|
{
|
||||||
|
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||||
|
bio_out = BIO_push(tmpbio, bio_out);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
informat=FORMAT_PEM;
|
informat=FORMAT_PEM;
|
||||||
outformat=FORMAT_PEM;
|
outformat=FORMAT_PEM;
|
||||||
@ -183,6 +193,13 @@ int MAIN(int argc, char **argv)
|
|||||||
nextupdate= ++num;
|
nextupdate= ++num;
|
||||||
else if (strcmp(*argv,"-noout") == 0)
|
else if (strcmp(*argv,"-noout") == 0)
|
||||||
noout= ++num;
|
noout= ++num;
|
||||||
|
else if (strcmp(*argv,"-fingerprint") == 0)
|
||||||
|
fingerprint= ++num;
|
||||||
|
else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
|
||||||
|
{
|
||||||
|
/* ok */
|
||||||
|
digest=md_alg;
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
BIO_printf(bio_err,"unknown option %s\n",*argv);
|
BIO_printf(bio_err,"unknown option %s\n",*argv);
|
||||||
@ -274,6 +291,26 @@ int MAIN(int argc, char **argv)
|
|||||||
BIO_printf(bio_out,"NONE");
|
BIO_printf(bio_out,"NONE");
|
||||||
BIO_printf(bio_out,"\n");
|
BIO_printf(bio_out,"\n");
|
||||||
}
|
}
|
||||||
|
if (fingerprint == i)
|
||||||
|
{
|
||||||
|
int j;
|
||||||
|
unsigned int n;
|
||||||
|
unsigned char md[EVP_MAX_MD_SIZE];
|
||||||
|
|
||||||
|
if (!X509_CRL_digest(x,digest,md,&n))
|
||||||
|
{
|
||||||
|
BIO_printf(bio_err,"out of memory\n");
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
BIO_printf(bio_out,"%s Fingerprint=",
|
||||||
|
OBJ_nid2sn(EVP_MD_type(digest)));
|
||||||
|
for (j=0; j<(int)n; j++)
|
||||||
|
{
|
||||||
|
BIO_printf(bio_out,"%02X%c",md[j],
|
||||||
|
(j+1 == (int)n)
|
||||||
|
?'\n':':');
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -285,7 +322,15 @@ int MAIN(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (outfile == NULL)
|
if (outfile == NULL)
|
||||||
|
{
|
||||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||||
|
#ifdef VMS
|
||||||
|
{
|
||||||
|
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||||
|
out = BIO_push(tmpbio, out);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if (BIO_write_filename(out,outfile) <= 0)
|
if (BIO_write_filename(out,outfile) <= 0)
|
||||||
@ -311,8 +356,8 @@ int MAIN(int argc, char **argv)
|
|||||||
if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; }
|
if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; }
|
||||||
ret=0;
|
ret=0;
|
||||||
end:
|
end:
|
||||||
BIO_free(out);
|
BIO_free_all(out);
|
||||||
BIO_free(bio_out);
|
BIO_free_all(bio_out);
|
||||||
bio_out=NULL;
|
bio_out=NULL;
|
||||||
X509_CRL_free(x);
|
X509_CRL_free(x);
|
||||||
if(store) {
|
if(store) {
|
||||||
|
@ -141,7 +141,7 @@ int MAIN(int argc, char **argv)
|
|||||||
else if (strcmp(*argv,"-certfile") == 0)
|
else if (strcmp(*argv,"-certfile") == 0)
|
||||||
{
|
{
|
||||||
if (--argc < 1) goto bad;
|
if (--argc < 1) goto bad;
|
||||||
if(!certflst) certflst = sk_new(NULL);
|
if(!certflst) certflst = sk_new_null();
|
||||||
sk_push(certflst,*(++argv));
|
sk_push(certflst,*(++argv));
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@ -215,15 +215,15 @@ int MAIN(int argc, char **argv)
|
|||||||
p7s->contents->type=OBJ_nid2obj(NID_pkcs7_data);
|
p7s->contents->type=OBJ_nid2obj(NID_pkcs7_data);
|
||||||
|
|
||||||
if (!ASN1_INTEGER_set(p7s->version,1)) goto end;
|
if (!ASN1_INTEGER_set(p7s->version,1)) goto end;
|
||||||
if ((crl_stack=sk_X509_CRL_new(NULL)) == NULL) goto end;
|
if ((crl_stack=sk_X509_CRL_new_null()) == NULL) goto end;
|
||||||
p7s->crl=crl_stack;
|
p7s->crl=crl_stack;
|
||||||
if (crl != NULL)
|
if (crl != NULL)
|
||||||
{
|
{
|
||||||
sk_X509_CRL_push(crl_stack,crl);
|
sk_X509_CRL_push(crl_stack,crl);
|
||||||
crl=NULL; /* now part of p7 for Freeing */
|
crl=NULL; /* now part of p7 for OPENSSL_freeing */
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((cert_stack=sk_X509_new(NULL)) == NULL) goto end;
|
if ((cert_stack=sk_X509_new_null()) == NULL) goto end;
|
||||||
p7s->cert=cert_stack;
|
p7s->cert=cert_stack;
|
||||||
|
|
||||||
if(certflst) for(i = 0; i < sk_num(certflst); i++) {
|
if(certflst) for(i = 0; i < sk_num(certflst); i++) {
|
||||||
@ -239,7 +239,15 @@ int MAIN(int argc, char **argv)
|
|||||||
sk_free(certflst);
|
sk_free(certflst);
|
||||||
|
|
||||||
if (outfile == NULL)
|
if (outfile == NULL)
|
||||||
|
{
|
||||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||||
|
#ifdef VMS
|
||||||
|
{
|
||||||
|
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||||
|
out = BIO_push(tmpbio, out);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if (BIO_write_filename(out,outfile) <= 0)
|
if (BIO_write_filename(out,outfile) <= 0)
|
||||||
@ -266,7 +274,7 @@ int MAIN(int argc, char **argv)
|
|||||||
ret=0;
|
ret=0;
|
||||||
end:
|
end:
|
||||||
if (in != NULL) BIO_free(in);
|
if (in != NULL) BIO_free(in);
|
||||||
if (out != NULL) BIO_free(out);
|
if (out != NULL) BIO_free_all(out);
|
||||||
if (p7 != NULL) PKCS7_free(p7);
|
if (p7 != NULL) PKCS7_free(p7);
|
||||||
if (crl != NULL) X509_CRL_free(crl);
|
if (crl != NULL) X509_CRL_free(crl);
|
||||||
|
|
||||||
@ -327,7 +335,7 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
|
|||||||
|
|
||||||
ret=count;
|
ret=count;
|
||||||
end:
|
end:
|
||||||
/* never need to Free x */
|
/* never need to OPENSSL_free x */
|
||||||
if (in != NULL) BIO_free(in);
|
if (in != NULL) BIO_free(in);
|
||||||
if (sk != NULL) sk_X509_INFO_free(sk);
|
if (sk != NULL) sk_X509_INFO_free(sk);
|
||||||
return(ret);
|
return(ret);
|
||||||
|
@ -73,7 +73,8 @@
|
|||||||
#undef PROG
|
#undef PROG
|
||||||
#define PROG dgst_main
|
#define PROG dgst_main
|
||||||
|
|
||||||
void do_fp(unsigned char *buf,BIO *f,int sep);
|
void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout,
|
||||||
|
EVP_PKEY *key, unsigned char *sigin, int siglen);
|
||||||
|
|
||||||
int MAIN(int, char **);
|
int MAIN(int, char **);
|
||||||
|
|
||||||
@ -84,15 +85,22 @@ int MAIN(int argc, char **argv)
|
|||||||
const EVP_MD *md=NULL,*m;
|
const EVP_MD *md=NULL,*m;
|
||||||
BIO *in=NULL,*inp;
|
BIO *in=NULL,*inp;
|
||||||
BIO *bmd=NULL;
|
BIO *bmd=NULL;
|
||||||
|
BIO *out = NULL;
|
||||||
const char *name;
|
const char *name;
|
||||||
#define PROG_NAME_SIZE 16
|
#define PROG_NAME_SIZE 16
|
||||||
char pname[PROG_NAME_SIZE];
|
char pname[PROG_NAME_SIZE];
|
||||||
int separator=0;
|
int separator=0;
|
||||||
int debug=0;
|
int debug=0;
|
||||||
|
const char *outfile = NULL, *keyfile = NULL;
|
||||||
|
const char *sigfile = NULL, *randfile = NULL;
|
||||||
|
char out_bin = -1, want_pub = 0, do_verify = 0;
|
||||||
|
EVP_PKEY *sigkey = NULL;
|
||||||
|
unsigned char *sigbuf = NULL;
|
||||||
|
int siglen = 0;
|
||||||
|
|
||||||
apps_startup();
|
apps_startup();
|
||||||
|
|
||||||
if ((buf=(unsigned char *)Malloc(BUFSIZE)) == NULL)
|
if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL)
|
||||||
{
|
{
|
||||||
BIO_printf(bio_err,"out of memory\n");
|
BIO_printf(bio_err,"out of memory\n");
|
||||||
goto end;
|
goto end;
|
||||||
@ -113,6 +121,43 @@ int MAIN(int argc, char **argv)
|
|||||||
if ((*argv)[0] != '-') break;
|
if ((*argv)[0] != '-') break;
|
||||||
if (strcmp(*argv,"-c") == 0)
|
if (strcmp(*argv,"-c") == 0)
|
||||||
separator=1;
|
separator=1;
|
||||||
|
else if (strcmp(*argv,"-rand") == 0)
|
||||||
|
{
|
||||||
|
if (--argc < 1) break;
|
||||||
|
randfile=*(++argv);
|
||||||
|
}
|
||||||
|
else if (strcmp(*argv,"-out") == 0)
|
||||||
|
{
|
||||||
|
if (--argc < 1) break;
|
||||||
|
outfile=*(++argv);
|
||||||
|
}
|
||||||
|
else if (strcmp(*argv,"-sign") == 0)
|
||||||
|
{
|
||||||
|
if (--argc < 1) break;
|
||||||
|
keyfile=*(++argv);
|
||||||
|
}
|
||||||
|
else if (strcmp(*argv,"-verify") == 0)
|
||||||
|
{
|
||||||
|
if (--argc < 1) break;
|
||||||
|
keyfile=*(++argv);
|
||||||
|
want_pub = 1;
|
||||||
|
do_verify = 1;
|
||||||
|
}
|
||||||
|
else if (strcmp(*argv,"-prverify") == 0)
|
||||||
|
{
|
||||||
|
if (--argc < 1) break;
|
||||||
|
keyfile=*(++argv);
|
||||||
|
do_verify = 1;
|
||||||
|
}
|
||||||
|
else if (strcmp(*argv,"-signature") == 0)
|
||||||
|
{
|
||||||
|
if (--argc < 1) break;
|
||||||
|
sigfile=*(++argv);
|
||||||
|
}
|
||||||
|
else if (strcmp(*argv,"-hex") == 0)
|
||||||
|
out_bin = 0;
|
||||||
|
else if (strcmp(*argv,"-binary") == 0)
|
||||||
|
out_bin = 1;
|
||||||
else if (strcmp(*argv,"-d") == 0)
|
else if (strcmp(*argv,"-d") == 0)
|
||||||
debug=1;
|
debug=1;
|
||||||
else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
|
else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
|
||||||
@ -126,14 +171,30 @@ int MAIN(int argc, char **argv)
|
|||||||
if (md == NULL)
|
if (md == NULL)
|
||||||
md=EVP_md5();
|
md=EVP_md5();
|
||||||
|
|
||||||
|
if(do_verify && !sigfile) {
|
||||||
|
BIO_printf(bio_err, "No signature to verify: use the -signature option\n");
|
||||||
|
err = 1;
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
|
||||||
if ((argc > 0) && (argv[0][0] == '-')) /* bad option */
|
if ((argc > 0) && (argv[0][0] == '-')) /* bad option */
|
||||||
{
|
{
|
||||||
BIO_printf(bio_err,"unknown option '%s'\n",*argv);
|
BIO_printf(bio_err,"unknown option '%s'\n",*argv);
|
||||||
BIO_printf(bio_err,"options are\n");
|
BIO_printf(bio_err,"options are\n");
|
||||||
BIO_printf(bio_err,"-c to output the digest with separating colons\n");
|
BIO_printf(bio_err,"-c to output the digest with separating colons\n");
|
||||||
BIO_printf(bio_err,"-d to output debug info\n");
|
BIO_printf(bio_err,"-d to output debug info\n");
|
||||||
|
BIO_printf(bio_err,"-hex output as hex dump\n");
|
||||||
|
BIO_printf(bio_err,"-binary output in binary form\n");
|
||||||
|
BIO_printf(bio_err,"-sign file sign digest using private key in file\n");
|
||||||
|
BIO_printf(bio_err,"-verify file verify a signature using public key in file\n");
|
||||||
|
BIO_printf(bio_err,"-prverify file verify a signature using private key in file\n");
|
||||||
|
BIO_printf(bio_err,"-signature file signature to verify\n");
|
||||||
|
BIO_printf(bio_err,"-binary output in binary form\n");
|
||||||
|
|
||||||
BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
|
BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
|
||||||
LN_md5,LN_md5);
|
LN_md5,LN_md5);
|
||||||
|
BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
|
||||||
|
LN_md4,LN_md4);
|
||||||
BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
|
BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
|
||||||
LN_md2,LN_md2);
|
LN_md2,LN_md2);
|
||||||
BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
|
BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
|
||||||
@ -147,7 +208,7 @@ int MAIN(int argc, char **argv)
|
|||||||
err=1;
|
err=1;
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
|
|
||||||
in=BIO_new(BIO_s_file());
|
in=BIO_new(BIO_s_file());
|
||||||
bmd=BIO_new(BIO_f_md());
|
bmd=BIO_new(BIO_f_md());
|
||||||
if (debug)
|
if (debug)
|
||||||
@ -163,6 +224,80 @@ int MAIN(int argc, char **argv)
|
|||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(out_bin == -1) {
|
||||||
|
if(keyfile) out_bin = 1;
|
||||||
|
else out_bin = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(randfile)
|
||||||
|
app_RAND_load_file(randfile, bio_err, 0);
|
||||||
|
|
||||||
|
if(outfile) {
|
||||||
|
if(out_bin)
|
||||||
|
out = BIO_new_file(outfile, "wb");
|
||||||
|
else out = BIO_new_file(outfile, "w");
|
||||||
|
} else {
|
||||||
|
out = BIO_new_fp(stdout, BIO_NOCLOSE);
|
||||||
|
#ifdef VMS
|
||||||
|
{
|
||||||
|
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||||
|
out = BIO_push(tmpbio, out);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
if(!out) {
|
||||||
|
BIO_printf(bio_err, "Error opening output file %s\n",
|
||||||
|
outfile ? outfile : "(stdout)");
|
||||||
|
ERR_print_errors(bio_err);
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(keyfile) {
|
||||||
|
BIO *keybio;
|
||||||
|
keybio = BIO_new_file(keyfile, "r");
|
||||||
|
if(!keybio) {
|
||||||
|
BIO_printf(bio_err, "Error opening key file %s\n",
|
||||||
|
keyfile);
|
||||||
|
ERR_print_errors(bio_err);
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(want_pub)
|
||||||
|
sigkey = PEM_read_bio_PUBKEY(keybio, NULL, NULL, NULL);
|
||||||
|
else sigkey = PEM_read_bio_PrivateKey(keybio, NULL, NULL, NULL);
|
||||||
|
BIO_free(keybio);
|
||||||
|
if(!sigkey) {
|
||||||
|
BIO_printf(bio_err, "Error reading key file %s\n",
|
||||||
|
keyfile);
|
||||||
|
ERR_print_errors(bio_err);
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if(sigfile && sigkey) {
|
||||||
|
BIO *sigbio;
|
||||||
|
sigbio = BIO_new_file(sigfile, "rb");
|
||||||
|
siglen = EVP_PKEY_size(sigkey);
|
||||||
|
sigbuf = OPENSSL_malloc(siglen);
|
||||||
|
if(!sigbio) {
|
||||||
|
BIO_printf(bio_err, "Error opening signature file %s\n",
|
||||||
|
sigfile);
|
||||||
|
ERR_print_errors(bio_err);
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
siglen = BIO_read(sigbio, sigbuf, siglen);
|
||||||
|
BIO_free(sigbio);
|
||||||
|
if(siglen <= 0) {
|
||||||
|
BIO_printf(bio_err, "Error reading signature file %s\n",
|
||||||
|
sigfile);
|
||||||
|
ERR_print_errors(bio_err);
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/* we use md as a filter, reading from 'in' */
|
/* we use md as a filter, reading from 'in' */
|
||||||
BIO_set_md(bmd,md);
|
BIO_set_md(bmd,md);
|
||||||
inp=BIO_push(bmd,in);
|
inp=BIO_push(bmd,in);
|
||||||
@ -170,7 +305,7 @@ int MAIN(int argc, char **argv)
|
|||||||
if (argc == 0)
|
if (argc == 0)
|
||||||
{
|
{
|
||||||
BIO_set_fp(in,stdin,BIO_NOCLOSE);
|
BIO_set_fp(in,stdin,BIO_NOCLOSE);
|
||||||
do_fp(buf,inp,separator);
|
do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf, siglen);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -183,8 +318,9 @@ int MAIN(int argc, char **argv)
|
|||||||
err++;
|
err++;
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
printf("%s(%s)= ",name,argv[i]);
|
if(!out_bin) BIO_printf(out, "%s(%s)= ",name,argv[i]);
|
||||||
do_fp(buf,inp,separator);
|
do_fp(out, buf,inp,separator, out_bin, sigkey,
|
||||||
|
sigbuf, siglen);
|
||||||
(void)BIO_reset(bmd);
|
(void)BIO_reset(bmd);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -192,14 +328,18 @@ int MAIN(int argc, char **argv)
|
|||||||
if (buf != NULL)
|
if (buf != NULL)
|
||||||
{
|
{
|
||||||
memset(buf,0,BUFSIZE);
|
memset(buf,0,BUFSIZE);
|
||||||
Free(buf);
|
OPENSSL_free(buf);
|
||||||
}
|
}
|
||||||
if (in != NULL) BIO_free(in);
|
if (in != NULL) BIO_free(in);
|
||||||
|
BIO_free_all(out);
|
||||||
|
EVP_PKEY_free(sigkey);
|
||||||
|
if(sigbuf) OPENSSL_free(sigbuf);
|
||||||
if (bmd != NULL) BIO_free(bmd);
|
if (bmd != NULL) BIO_free(bmd);
|
||||||
EXIT(err);
|
EXIT(err);
|
||||||
}
|
}
|
||||||
|
|
||||||
void do_fp(unsigned char *buf, BIO *bp, int sep)
|
void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout,
|
||||||
|
EVP_PKEY *key, unsigned char *sigin, int siglen)
|
||||||
{
|
{
|
||||||
int len;
|
int len;
|
||||||
int i;
|
int i;
|
||||||
@ -209,14 +349,44 @@ void do_fp(unsigned char *buf, BIO *bp, int sep)
|
|||||||
i=BIO_read(bp,(char *)buf,BUFSIZE);
|
i=BIO_read(bp,(char *)buf,BUFSIZE);
|
||||||
if (i <= 0) break;
|
if (i <= 0) break;
|
||||||
}
|
}
|
||||||
len=BIO_gets(bp,(char *)buf,BUFSIZE);
|
if(sigin)
|
||||||
|
|
||||||
for (i=0; i<len; i++)
|
|
||||||
{
|
{
|
||||||
if (sep && (i != 0))
|
EVP_MD_CTX *ctx;
|
||||||
putc(':',stdout);
|
BIO_get_md_ctx(bp, &ctx);
|
||||||
printf("%02x",buf[i]);
|
i = EVP_VerifyFinal(ctx, sigin, (unsigned int)siglen, key);
|
||||||
|
if(i > 0) BIO_printf(out, "Verified OK\n");
|
||||||
|
else if(i == 0) BIO_printf(out, "Verification Failure\n");
|
||||||
|
else
|
||||||
|
{
|
||||||
|
BIO_printf(bio_err, "Error Verifying Data\n");
|
||||||
|
ERR_print_errors(bio_err);
|
||||||
|
}
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if(key)
|
||||||
|
{
|
||||||
|
EVP_MD_CTX *ctx;
|
||||||
|
BIO_get_md_ctx(bp, &ctx);
|
||||||
|
if(!EVP_SignFinal(ctx, buf, (unsigned int *)&len, key))
|
||||||
|
{
|
||||||
|
BIO_printf(bio_err, "Error Signing Data\n");
|
||||||
|
ERR_print_errors(bio_err);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
len=BIO_gets(bp,(char *)buf,BUFSIZE);
|
||||||
|
|
||||||
|
if(binout) BIO_write(out, buf, len);
|
||||||
|
else
|
||||||
|
{
|
||||||
|
for (i=0; i<len; i++)
|
||||||
|
{
|
||||||
|
if (sep && (i != 0))
|
||||||
|
BIO_printf(out, ":");
|
||||||
|
BIO_printf(out, "%02x",buf[i]);
|
||||||
|
}
|
||||||
|
BIO_printf(out, "\n");
|
||||||
}
|
}
|
||||||
printf("\n");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -184,7 +184,15 @@ int MAIN(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (outfile == NULL)
|
if (outfile == NULL)
|
||||||
|
{
|
||||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||||
|
#ifdef VMS
|
||||||
|
{
|
||||||
|
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||||
|
out = BIO_push(tmpbio, out);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if (BIO_write_filename(out,outfile) <= 0)
|
if (BIO_write_filename(out,outfile) <= 0)
|
||||||
@ -251,10 +259,10 @@ int MAIN(int argc, char **argv)
|
|||||||
|
|
||||||
len=BN_num_bytes(dh->p);
|
len=BN_num_bytes(dh->p);
|
||||||
bits=BN_num_bits(dh->p);
|
bits=BN_num_bits(dh->p);
|
||||||
data=(unsigned char *)Malloc(len);
|
data=(unsigned char *)OPENSSL_malloc(len);
|
||||||
if (data == NULL)
|
if (data == NULL)
|
||||||
{
|
{
|
||||||
perror("Malloc");
|
perror("OPENSSL_malloc");
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
l=BN_bn2bin(dh->p,data);
|
l=BN_bn2bin(dh->p,data);
|
||||||
@ -285,7 +293,7 @@ int MAIN(int argc, char **argv)
|
|||||||
printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
|
printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
|
||||||
printf("\t\treturn(NULL);\n");
|
printf("\t\treturn(NULL);\n");
|
||||||
printf("\treturn(dh);\n\t}\n");
|
printf("\treturn(dh);\n\t}\n");
|
||||||
Free(data);
|
OPENSSL_free(data);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -309,7 +317,7 @@ int MAIN(int argc, char **argv)
|
|||||||
ret=0;
|
ret=0;
|
||||||
end:
|
end:
|
||||||
if (in != NULL) BIO_free(in);
|
if (in != NULL) BIO_free(in);
|
||||||
if (out != NULL) BIO_free(out);
|
if (out != NULL) BIO_free_all(out);
|
||||||
if (dh != NULL) DH_free(dh);
|
if (dh != NULL) DH_free(dh);
|
||||||
EXIT(ret);
|
EXIT(ret);
|
||||||
}
|
}
|
||||||
|
@ -1,5 +1,10 @@
|
|||||||
-----BEGIN DH PARAMETERS-----
|
-----BEGIN DH PARAMETERS-----
|
||||||
MIGHAoGBAJf2QmHKtQXdKCjhPx1ottPb0PMTBH9A6FbaWMsTuKG/K3g6TG1Z1fkq
|
MIGHAoGBAPSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsY
|
||||||
/Gz/PWk/eLI9TzFgqVAuPvr3q14a1aZeVUMTgo2oO5/y2UHe6VaJ+trqCTat3xlx
|
jY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6
|
||||||
/mNbIK9HA2RgPC3gWfVLZQrY+gz3ASHHR5nXWHEyvpuZm7m3h+irAgEC
|
ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpL3jHAgEC
|
||||||
-----END DH PARAMETERS-----
|
-----END DH PARAMETERS-----
|
||||||
|
|
||||||
|
These are the 1024 bit DH parameters from "Assigned Number for SKIP Protocols"
|
||||||
|
(http://www.skip-vpn.org/spec/numbers.html).
|
||||||
|
See there for how they were generated.
|
||||||
|
Note that g is not a generator, but this is not a problem since p is a safe prime.
|
||||||
|
12
crypto/openssl/apps/dh2048.pem
Normal file
12
crypto/openssl/apps/dh2048.pem
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
-----BEGIN DH PARAMETERS-----
|
||||||
|
MIIBCAKCAQEA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV
|
||||||
|
89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50
|
||||||
|
T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknb
|
||||||
|
zSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdX
|
||||||
|
Q6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbT
|
||||||
|
CD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwIBAg==
|
||||||
|
-----END DH PARAMETERS-----
|
||||||
|
|
||||||
|
These are the 2048 bit DH parameters from "Assigned Number for SKIP Protocols"
|
||||||
|
(http://www.skip-vpn.org/spec/numbers.html).
|
||||||
|
See there for how they were generated.
|
18
crypto/openssl/apps/dh4096.pem
Normal file
18
crypto/openssl/apps/dh4096.pem
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
-----BEGIN DH PARAMETERS-----
|
||||||
|
MIICCAKCAgEA+hRyUsFN4VpJ1O8JLcCo/VWr19k3BCgJ4uk+d+KhehjdRqNDNyOQ
|
||||||
|
l/MOyQNQfWXPeGKmOmIig6Ev/nm6Nf9Z2B1h3R4hExf+zTiHnvVPeRBhjdQi81rt
|
||||||
|
Xeoh6TNrSBIKIHfUJWBh3va0TxxjQIs6IZOLeVNRLMqzeylWqMf49HsIXqbcokUS
|
||||||
|
Vt1BkvLdW48j8PPv5DsKRN3tloTxqDJGo9tKvj1Fuk74A+Xda1kNhB7KFlqMyN98
|
||||||
|
VETEJ6c7KpfOo30mnK30wqw3S8OtaIR/maYX72tGOno2ehFDkq3pnPtEbD2CScxc
|
||||||
|
alJC+EL7RPk5c/tgeTvCngvc1KZn92Y//EI7G9tPZtylj2b56sHtMftIoYJ9+ODM
|
||||||
|
sccD5Piz/rejE3Ome8EOOceUSCYAhXn8b3qvxVI1ddd1pED6FHRhFvLrZxFvBEM9
|
||||||
|
ERRMp5QqOaHJkM+Dxv8Cj6MqrCbfC4u+ZErxodzuusgDgvZiLF22uxMZbobFWyte
|
||||||
|
OvOzKGtwcTqO/1wV5gKkzu1ZVswVUQd5Gg8lJicwqRWyyNRczDDoG9jVDxmogKTH
|
||||||
|
AaqLulO7R8Ifa1SwF2DteSGVtgWEN8gDpN3RBmmPTDngyF2DHb5qmpnznwtFKdTL
|
||||||
|
KWbuHn491xNO25CQWMtem80uKw+pTnisBRF/454n1Jnhub144YRBoN8CAQI=
|
||||||
|
-----END DH PARAMETERS-----
|
||||||
|
|
||||||
|
These are the 4096 bit DH parameters from "Assigned Number for SKIP Protocols"
|
||||||
|
(http://www.skip-vpn.org/spec/numbers.html).
|
||||||
|
See there for how they were generated.
|
||||||
|
Note that g is not a generator, but this is not a problem since p is a safe prime.
|
9
crypto/openssl/apps/dh512.pem
Normal file
9
crypto/openssl/apps/dh512.pem
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
-----BEGIN DH PARAMETERS-----
|
||||||
|
MEYCQQD1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWak
|
||||||
|
XUGfnHy9iUsiGSa6q6Jew1XpKgVfAgEC
|
||||||
|
-----END DH PARAMETERS-----
|
||||||
|
|
||||||
|
These are the 512 bit DH parameters from "Assigned Number for SKIP Protocols"
|
||||||
|
(http://www.skip-vpn.org/spec/numbers.html).
|
||||||
|
See there for how they were generated.
|
||||||
|
Note that g is not a generator, but this is not a problem since p is a safe prime.
|
@ -285,7 +285,7 @@ int MAIN(int argc, char **argv)
|
|||||||
DSA *dsa;
|
DSA *dsa;
|
||||||
|
|
||||||
BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
|
BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
|
||||||
dsa = DSA_generate_parameters(num, NULL, 0, NULL, NULL, dh_cb, bio_err);
|
dsa = DSA_generate_parameters(num, NULL, 0, NULL, NULL, dh_cb, bio_err);
|
||||||
if (dsa == NULL)
|
if (dsa == NULL)
|
||||||
{
|
{
|
||||||
ERR_print_errors(bio_err);
|
ERR_print_errors(bio_err);
|
||||||
@ -391,7 +391,15 @@ int MAIN(int argc, char **argv)
|
|||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
if (outfile == NULL)
|
if (outfile == NULL)
|
||||||
|
{
|
||||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||||
|
#ifdef VMS
|
||||||
|
{
|
||||||
|
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||||
|
out = BIO_push(tmpbio, out);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if (BIO_write_filename(out,outfile) <= 0)
|
if (BIO_write_filename(out,outfile) <= 0)
|
||||||
@ -432,10 +440,10 @@ int MAIN(int argc, char **argv)
|
|||||||
|
|
||||||
len=BN_num_bytes(dh->p);
|
len=BN_num_bytes(dh->p);
|
||||||
bits=BN_num_bits(dh->p);
|
bits=BN_num_bits(dh->p);
|
||||||
data=(unsigned char *)Malloc(len);
|
data=(unsigned char *)OPENSSL_malloc(len);
|
||||||
if (data == NULL)
|
if (data == NULL)
|
||||||
{
|
{
|
||||||
perror("Malloc");
|
perror("OPENSSL_malloc");
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
printf("#ifndef HEADER_DH_H\n"
|
printf("#ifndef HEADER_DH_H\n"
|
||||||
@ -472,7 +480,7 @@ int MAIN(int argc, char **argv)
|
|||||||
if (dh->length)
|
if (dh->length)
|
||||||
printf("\tdh->length = %d;\n", dh->length);
|
printf("\tdh->length = %d;\n", dh->length);
|
||||||
printf("\treturn(dh);\n\t}\n");
|
printf("\treturn(dh);\n\t}\n");
|
||||||
Free(data);
|
OPENSSL_free(data);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -496,7 +504,7 @@ int MAIN(int argc, char **argv)
|
|||||||
ret=0;
|
ret=0;
|
||||||
end:
|
end:
|
||||||
if (in != NULL) BIO_free(in);
|
if (in != NULL) BIO_free(in);
|
||||||
if (out != NULL) BIO_free(out);
|
if (out != NULL) BIO_free_all(out);
|
||||||
if (dh != NULL) DH_free(dh);
|
if (dh != NULL) DH_free(dh);
|
||||||
EXIT(ret);
|
EXIT(ret);
|
||||||
}
|
}
|
||||||
|
@ -233,7 +233,15 @@ int MAIN(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (outfile == NULL)
|
if (outfile == NULL)
|
||||||
|
{
|
||||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||||
|
#ifdef VMS
|
||||||
|
{
|
||||||
|
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||||
|
out = BIO_push(tmpbio, out);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if (BIO_write_filename(out,outfile) <= 0)
|
if (BIO_write_filename(out,outfile) <= 0)
|
||||||
@ -281,10 +289,10 @@ int MAIN(int argc, char **argv)
|
|||||||
ret=0;
|
ret=0;
|
||||||
end:
|
end:
|
||||||
if(in != NULL) BIO_free(in);
|
if(in != NULL) BIO_free(in);
|
||||||
if(out != NULL) BIO_free(out);
|
if(out != NULL) BIO_free_all(out);
|
||||||
if(dsa != NULL) DSA_free(dsa);
|
if(dsa != NULL) DSA_free(dsa);
|
||||||
if(passin) Free(passin);
|
if(passin) OPENSSL_free(passin);
|
||||||
if(passout) Free(passout);
|
if(passout) OPENSSL_free(passout);
|
||||||
EXIT(ret);
|
EXIT(ret);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
@ -205,7 +205,15 @@ int MAIN(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (outfile == NULL)
|
if (outfile == NULL)
|
||||||
|
{
|
||||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||||
|
#ifdef VMS
|
||||||
|
{
|
||||||
|
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||||
|
out = BIO_push(tmpbio, out);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if (BIO_write_filename(out,outfile) <= 0)
|
if (BIO_write_filename(out,outfile) <= 0)
|
||||||
@ -260,10 +268,10 @@ int MAIN(int argc, char **argv)
|
|||||||
bits_p=BN_num_bits(dsa->p);
|
bits_p=BN_num_bits(dsa->p);
|
||||||
bits_q=BN_num_bits(dsa->q);
|
bits_q=BN_num_bits(dsa->q);
|
||||||
bits_g=BN_num_bits(dsa->g);
|
bits_g=BN_num_bits(dsa->g);
|
||||||
data=(unsigned char *)Malloc(len+20);
|
data=(unsigned char *)OPENSSL_malloc(len+20);
|
||||||
if (data == NULL)
|
if (data == NULL)
|
||||||
{
|
{
|
||||||
perror("Malloc");
|
perror("OPENSSL_malloc");
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
l=BN_bn2bin(dsa->p,data);
|
l=BN_bn2bin(dsa->p,data);
|
||||||
@ -347,7 +355,7 @@ int MAIN(int argc, char **argv)
|
|||||||
ret=0;
|
ret=0;
|
||||||
end:
|
end:
|
||||||
if (in != NULL) BIO_free(in);
|
if (in != NULL) BIO_free(in);
|
||||||
if (out != NULL) BIO_free(out);
|
if (out != NULL) BIO_free_all(out);
|
||||||
if (dsa != NULL) DSA_free(dsa);
|
if (dsa != NULL) DSA_free(dsa);
|
||||||
EXIT(ret);
|
EXIT(ret);
|
||||||
}
|
}
|
||||||
|
@ -343,11 +343,11 @@ int MAIN(int argc, char **argv)
|
|||||||
if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
|
if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
|
||||||
}
|
}
|
||||||
|
|
||||||
strbuf=Malloc(SIZE);
|
strbuf=OPENSSL_malloc(SIZE);
|
||||||
buff=(unsigned char *)Malloc(EVP_ENCODE_LENGTH(bsize));
|
buff=(unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize));
|
||||||
if ((buff == NULL) || (strbuf == NULL))
|
if ((buff == NULL) || (strbuf == NULL))
|
||||||
{
|
{
|
||||||
BIO_printf(bio_err,"Malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize));
|
BIO_printf(bio_err,"OPENSSL_malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize));
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -416,7 +416,15 @@ int MAIN(int argc, char **argv)
|
|||||||
|
|
||||||
|
|
||||||
if (outf == NULL)
|
if (outf == NULL)
|
||||||
|
{
|
||||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||||
|
#ifdef VMS
|
||||||
|
{
|
||||||
|
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||||
|
out = BIO_push(tmpbio, out);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if (BIO_write_filename(out,outf) <= 0)
|
if (BIO_write_filename(out,outf) <= 0)
|
||||||
@ -581,13 +589,13 @@ int MAIN(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
end:
|
end:
|
||||||
ERR_print_errors(bio_err);
|
ERR_print_errors(bio_err);
|
||||||
if (strbuf != NULL) Free(strbuf);
|
if (strbuf != NULL) OPENSSL_free(strbuf);
|
||||||
if (buff != NULL) Free(buff);
|
if (buff != NULL) OPENSSL_free(buff);
|
||||||
if (in != NULL) BIO_free(in);
|
if (in != NULL) BIO_free(in);
|
||||||
if (out != NULL) BIO_free(out);
|
if (out != NULL) BIO_free_all(out);
|
||||||
if (benc != NULL) BIO_free(benc);
|
if (benc != NULL) BIO_free(benc);
|
||||||
if (b64 != NULL) BIO_free(b64);
|
if (b64 != NULL) BIO_free(b64);
|
||||||
if(pass) Free(pass);
|
if(pass) OPENSSL_free(pass);
|
||||||
EXIT(ret);
|
EXIT(ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -91,12 +91,18 @@ int MAIN(int argc, char **argv)
|
|||||||
out=BIO_new(BIO_s_file());
|
out=BIO_new(BIO_s_file());
|
||||||
if ((out != NULL) && BIO_set_fp(out,stdout,BIO_NOCLOSE))
|
if ((out != NULL) && BIO_set_fp(out,stdout,BIO_NOCLOSE))
|
||||||
{
|
{
|
||||||
|
#ifdef VMS
|
||||||
|
{
|
||||||
|
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||||
|
out = BIO_push(tmpbio, out);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
lh_node_stats_bio((LHASH *)ERR_get_string_table(),out);
|
lh_node_stats_bio((LHASH *)ERR_get_string_table(),out);
|
||||||
lh_stats_bio((LHASH *)ERR_get_string_table(),out);
|
lh_stats_bio((LHASH *)ERR_get_string_table(),out);
|
||||||
lh_node_usage_stats_bio((LHASH *)
|
lh_node_usage_stats_bio((LHASH *)
|
||||||
ERR_get_string_table(),out);
|
ERR_get_string_table(),out);
|
||||||
}
|
}
|
||||||
if (out != NULL) BIO_free(out);
|
if (out != NULL) BIO_free_all(out);
|
||||||
argc--;
|
argc--;
|
||||||
argv++;
|
argv++;
|
||||||
}
|
}
|
||||||
@ -104,7 +110,10 @@ int MAIN(int argc, char **argv)
|
|||||||
for (i=1; i<argc; i++)
|
for (i=1; i<argc; i++)
|
||||||
{
|
{
|
||||||
if (sscanf(argv[i],"%lx",&l))
|
if (sscanf(argv[i],"%lx",&l))
|
||||||
printf("%s\n",ERR_error_string(l,buf));
|
{
|
||||||
|
ERR_error_string_n(l, buf, sizeof buf);
|
||||||
|
printf("%s\n",buf);
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
printf("%s: bad error code\n",argv[i]);
|
printf("%s: bad error code\n",argv[i]);
|
||||||
|
@ -142,7 +142,15 @@ int MAIN(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (outfile == NULL)
|
if (outfile == NULL)
|
||||||
|
{
|
||||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||||
|
#ifdef VMS
|
||||||
|
{
|
||||||
|
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||||
|
out = BIO_push(tmpbio, out);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if (BIO_write_filename(out,outfile) <= 0)
|
if (BIO_write_filename(out,outfile) <= 0)
|
||||||
@ -174,7 +182,7 @@ int MAIN(int argc, char **argv)
|
|||||||
end:
|
end:
|
||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
ERR_print_errors(bio_err);
|
ERR_print_errors(bio_err);
|
||||||
if (out != NULL) BIO_free(out);
|
if (out != NULL) BIO_free_all(out);
|
||||||
if (dh != NULL) DH_free(dh);
|
if (dh != NULL) DH_free(dh);
|
||||||
EXIT(ret);
|
EXIT(ret);
|
||||||
}
|
}
|
||||||
|
@ -178,7 +178,15 @@ int MAIN(int argc, char **argv)
|
|||||||
if (out == NULL) goto end;
|
if (out == NULL) goto end;
|
||||||
|
|
||||||
if (outfile == NULL)
|
if (outfile == NULL)
|
||||||
|
{
|
||||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||||
|
#ifdef VMS
|
||||||
|
{
|
||||||
|
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||||
|
out = BIO_push(tmpbio, out);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if (BIO_write_filename(out,outfile) <= 0)
|
if (BIO_write_filename(out,outfile) <= 0)
|
||||||
@ -209,9 +217,9 @@ int MAIN(int argc, char **argv)
|
|||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
ERR_print_errors(bio_err);
|
ERR_print_errors(bio_err);
|
||||||
if (in != NULL) BIO_free(in);
|
if (in != NULL) BIO_free(in);
|
||||||
if (out != NULL) BIO_free(out);
|
if (out != NULL) BIO_free_all(out);
|
||||||
if (dsa != NULL) DSA_free(dsa);
|
if (dsa != NULL) DSA_free(dsa);
|
||||||
if(passout) Free(passout);
|
if(passout) OPENSSL_free(passout);
|
||||||
EXIT(ret);
|
EXIT(ret);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
@ -114,7 +114,7 @@ int MAIN(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
else if (strcmp(*argv,"-3") == 0)
|
else if (strcmp(*argv,"-3") == 0)
|
||||||
f4=3;
|
f4=3;
|
||||||
else if (strcmp(*argv,"-F4") == 0)
|
else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
|
||||||
f4=RSA_F4;
|
f4=RSA_F4;
|
||||||
else if (strcmp(*argv,"-rand") == 0)
|
else if (strcmp(*argv,"-rand") == 0)
|
||||||
{
|
{
|
||||||
@ -168,7 +168,15 @@ int MAIN(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (outfile == NULL)
|
if (outfile == NULL)
|
||||||
|
{
|
||||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||||
|
#ifdef VMS
|
||||||
|
{
|
||||||
|
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||||
|
out = BIO_push(tmpbio, out);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if (BIO_write_filename(out,outfile) <= 0)
|
if (BIO_write_filename(out,outfile) <= 0)
|
||||||
@ -212,8 +220,8 @@ int MAIN(int argc, char **argv)
|
|||||||
ret=0;
|
ret=0;
|
||||||
err:
|
err:
|
||||||
if (rsa != NULL) RSA_free(rsa);
|
if (rsa != NULL) RSA_free(rsa);
|
||||||
if (out != NULL) BIO_free(out);
|
if (out != NULL) BIO_free_all(out);
|
||||||
if(passout) Free(passout);
|
if(passout) OPENSSL_free(passout);
|
||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
ERR_print_errors(bio_err);
|
ERR_print_errors(bio_err);
|
||||||
EXIT(ret);
|
EXIT(ret);
|
||||||
|
@ -119,11 +119,18 @@ int MAIN(int argc, char **argv)
|
|||||||
"Can't open output file %s\n", outfile);
|
"Can't open output file %s\n", outfile);
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
} else out = BIO_new_fp(stdout, BIO_NOCLOSE);
|
} else {
|
||||||
|
out = BIO_new_fp(stdout, BIO_NOCLOSE);
|
||||||
|
#ifdef VMS
|
||||||
|
{
|
||||||
|
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||||
|
out = BIO_push(tmpbio, out);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
||||||
if (toseq) {
|
if (toseq) {
|
||||||
seq = NETSCAPE_CERT_SEQUENCE_new();
|
seq = NETSCAPE_CERT_SEQUENCE_new();
|
||||||
seq->certs = sk_X509_new(NULL);
|
seq->certs = sk_X509_new_null();
|
||||||
while((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL)))
|
while((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL)))
|
||||||
sk_X509_push(seq->certs,x509);
|
sk_X509_push(seq->certs,x509);
|
||||||
|
|
||||||
@ -152,7 +159,7 @@ int MAIN(int argc, char **argv)
|
|||||||
ret = 0;
|
ret = 0;
|
||||||
end:
|
end:
|
||||||
BIO_free(in);
|
BIO_free(in);
|
||||||
BIO_free(out);
|
BIO_free_all(out);
|
||||||
NETSCAPE_CERT_SEQUENCE_free(seq);
|
NETSCAPE_CERT_SEQUENCE_free(seq);
|
||||||
|
|
||||||
EXIT(ret);
|
EXIT(ret);
|
||||||
|
@ -101,6 +101,8 @@ int main(int Argc, char *Argv[])
|
|||||||
arg.data=NULL;
|
arg.data=NULL;
|
||||||
arg.count=0;
|
arg.count=0;
|
||||||
|
|
||||||
|
if (getenv("OPENSSL_DEBUG_MEMORY") != NULL)
|
||||||
|
CRYPTO_malloc_debug_init();
|
||||||
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
|
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
|
||||||
|
|
||||||
apps_startup();
|
apps_startup();
|
||||||
@ -201,7 +203,7 @@ int main(int Argc, char *Argv[])
|
|||||||
config=NULL;
|
config=NULL;
|
||||||
}
|
}
|
||||||
if (prog != NULL) lh_free(prog);
|
if (prog != NULL) lh_free(prog);
|
||||||
if (arg.data != NULL) Free(arg.data);
|
if (arg.data != NULL) OPENSSL_free(arg.data);
|
||||||
ERR_remove_state(0);
|
ERR_remove_state(0);
|
||||||
|
|
||||||
EVP_cleanup();
|
EVP_cleanup();
|
||||||
@ -236,13 +238,19 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
|
|||||||
else if ((strncmp(argv[0],"no-",3)) == 0)
|
else if ((strncmp(argv[0],"no-",3)) == 0)
|
||||||
{
|
{
|
||||||
BIO *bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
|
BIO *bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
|
||||||
|
#ifdef VMS
|
||||||
|
{
|
||||||
|
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||||
|
bio_stdout = BIO_push(tmpbio, bio_stdout);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
f.name=argv[0]+3;
|
f.name=argv[0]+3;
|
||||||
ret = (lh_retrieve(prog,&f) != NULL);
|
ret = (lh_retrieve(prog,&f) != NULL);
|
||||||
if (!ret)
|
if (!ret)
|
||||||
BIO_printf(bio_stdout, "%s\n", argv[0]);
|
BIO_printf(bio_stdout, "%s\n", argv[0]);
|
||||||
else
|
else
|
||||||
BIO_printf(bio_stdout, "%s\n", argv[0]+3);
|
BIO_printf(bio_stdout, "%s\n", argv[0]+3);
|
||||||
BIO_free(bio_stdout);
|
BIO_free_all(bio_stdout);
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
else if ((strcmp(argv[0],"quit") == 0) ||
|
else if ((strcmp(argv[0],"quit") == 0) ||
|
||||||
@ -267,11 +275,17 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
|
|||||||
else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */
|
else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */
|
||||||
list_type = FUNC_TYPE_CIPHER;
|
list_type = FUNC_TYPE_CIPHER;
|
||||||
bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
|
bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
|
||||||
|
#ifdef VMS
|
||||||
|
{
|
||||||
|
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||||
|
bio_stdout = BIO_push(tmpbio, bio_stdout);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
for (fp=functions; fp->name != NULL; fp++)
|
for (fp=functions; fp->name != NULL; fp++)
|
||||||
if (fp->type == list_type)
|
if (fp->type == list_type)
|
||||||
BIO_printf(bio_stdout, "%s\n", fp->name);
|
BIO_printf(bio_stdout, "%s\n", fp->name);
|
||||||
BIO_free(bio_stdout);
|
BIO_free_all(bio_stdout);
|
||||||
ret=0;
|
ret=0;
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
|
@ -1,10 +1,10 @@
|
|||||||
/* apps/passwd.c */
|
/* apps/passwd.c */
|
||||||
|
|
||||||
#if defined NO_MD5 || defined CHARSET_EBCDIC
|
#if defined NO_MD5 || defined CHARSET_EBCDIC
|
||||||
# define NO_APR1
|
# define NO_MD5CRYPT_1
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if !defined(NO_DES) || !defined(NO_APR1)
|
#if !defined(NO_DES) || !defined(NO_MD5CRYPT_1)
|
||||||
|
|
||||||
#include <assert.h>
|
#include <assert.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
@ -19,7 +19,7 @@
|
|||||||
#ifndef NO_DES
|
#ifndef NO_DES
|
||||||
# include <openssl/des.h>
|
# include <openssl/des.h>
|
||||||
#endif
|
#endif
|
||||||
#ifndef NO_APR1
|
#ifndef NO_MD5CRYPT_1
|
||||||
# include <openssl/md5.h>
|
# include <openssl/md5.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -42,10 +42,11 @@ static unsigned const char cov_2char[64]={
|
|||||||
|
|
||||||
static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
|
static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
|
||||||
char *passwd, BIO *out, int quiet, int table, int reverse,
|
char *passwd, BIO *out, int quiet, int table, int reverse,
|
||||||
size_t pw_maxlen, int usecrypt, int useapr1);
|
size_t pw_maxlen, int usecrypt, int use1, int useapr1);
|
||||||
|
|
||||||
/* -crypt - standard Unix password algorithm (default, only choice)
|
/* -crypt - standard Unix password algorithm (default)
|
||||||
* -apr1 - MD5-based password algorithm
|
* -1 - MD5-based password algorithm
|
||||||
|
* -apr1 - MD5-based password algorithm, Apache variant
|
||||||
* -salt string - salt
|
* -salt string - salt
|
||||||
* -in file - read passwords from file
|
* -in file - read passwords from file
|
||||||
* -stdin - read passwords from stdin
|
* -stdin - read passwords from stdin
|
||||||
@ -63,11 +64,12 @@ int MAIN(int argc, char **argv)
|
|||||||
int in_stdin = 0;
|
int in_stdin = 0;
|
||||||
char *salt = NULL, *passwd = NULL, **passwds = NULL;
|
char *salt = NULL, *passwd = NULL, **passwds = NULL;
|
||||||
char *salt_malloc = NULL, *passwd_malloc = NULL;
|
char *salt_malloc = NULL, *passwd_malloc = NULL;
|
||||||
|
size_t passwd_malloc_size = 0;
|
||||||
int pw_source_defined = 0;
|
int pw_source_defined = 0;
|
||||||
BIO *in = NULL, *out = NULL;
|
BIO *in = NULL, *out = NULL;
|
||||||
int i, badopt, opt_done;
|
int i, badopt, opt_done;
|
||||||
int passed_salt = 0, quiet = 0, table = 0, reverse = 0;
|
int passed_salt = 0, quiet = 0, table = 0, reverse = 0;
|
||||||
int usecrypt = 0, useapr1 = 0;
|
int usecrypt = 0, use1 = 0, useapr1 = 0;
|
||||||
size_t pw_maxlen = 0;
|
size_t pw_maxlen = 0;
|
||||||
|
|
||||||
apps_startup();
|
apps_startup();
|
||||||
@ -79,6 +81,12 @@ int MAIN(int argc, char **argv)
|
|||||||
if (out == NULL)
|
if (out == NULL)
|
||||||
goto err;
|
goto err;
|
||||||
BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
|
BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
|
||||||
|
#ifdef VMS
|
||||||
|
{
|
||||||
|
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||||
|
out = BIO_push(tmpbio, out);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
badopt = 0, opt_done = 0;
|
badopt = 0, opt_done = 0;
|
||||||
i = 0;
|
i = 0;
|
||||||
@ -86,6 +94,8 @@ int MAIN(int argc, char **argv)
|
|||||||
{
|
{
|
||||||
if (strcmp(argv[i], "-crypt") == 0)
|
if (strcmp(argv[i], "-crypt") == 0)
|
||||||
usecrypt = 1;
|
usecrypt = 1;
|
||||||
|
else if (strcmp(argv[i], "-1") == 0)
|
||||||
|
use1 = 1;
|
||||||
else if (strcmp(argv[i], "-apr1") == 0)
|
else if (strcmp(argv[i], "-apr1") == 0)
|
||||||
useapr1 = 1;
|
useapr1 = 1;
|
||||||
else if (strcmp(argv[i], "-salt") == 0)
|
else if (strcmp(argv[i], "-salt") == 0)
|
||||||
@ -137,17 +147,17 @@ int MAIN(int argc, char **argv)
|
|||||||
badopt = 1;
|
badopt = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!usecrypt && !useapr1) /* use default */
|
if (!usecrypt && !use1 && !useapr1) /* use default */
|
||||||
usecrypt = 1;
|
usecrypt = 1;
|
||||||
if (usecrypt + useapr1 > 1) /* conflict */
|
if (usecrypt + use1 + useapr1 > 1) /* conflict */
|
||||||
badopt = 1;
|
badopt = 1;
|
||||||
|
|
||||||
/* reject unsupported algorithms */
|
/* reject unsupported algorithms */
|
||||||
#ifdef NO_DES
|
#ifdef NO_DES
|
||||||
if (usecrypt) badopt = 1;
|
if (usecrypt) badopt = 1;
|
||||||
#endif
|
#endif
|
||||||
#ifdef NO_APR1
|
#ifdef NO_MD5CRYPT_1
|
||||||
if (useapr1) badopt = 1;
|
if (use1 || useapr1) badopt = 1;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (badopt)
|
if (badopt)
|
||||||
@ -157,8 +167,9 @@ int MAIN(int argc, char **argv)
|
|||||||
#ifndef NO_DES
|
#ifndef NO_DES
|
||||||
BIO_printf(bio_err, "-crypt standard Unix password algorithm (default)\n");
|
BIO_printf(bio_err, "-crypt standard Unix password algorithm (default)\n");
|
||||||
#endif
|
#endif
|
||||||
#ifndef NO_APR1
|
#ifndef NO_MD5CRYPT_1
|
||||||
BIO_printf(bio_err, "-apr1 MD5-based password algorithm\n");
|
BIO_printf(bio_err, "-1 MD5-based password algorithm\n");
|
||||||
|
BIO_printf(bio_err, "-apr1 MD5-based password algorithm, Apache variant\n");
|
||||||
#endif
|
#endif
|
||||||
BIO_printf(bio_err, "-salt string use provided salt\n");
|
BIO_printf(bio_err, "-salt string use provided salt\n");
|
||||||
BIO_printf(bio_err, "-in file read passwords from file\n");
|
BIO_printf(bio_err, "-in file read passwords from file\n");
|
||||||
@ -190,13 +201,16 @@ int MAIN(int argc, char **argv)
|
|||||||
|
|
||||||
if (usecrypt)
|
if (usecrypt)
|
||||||
pw_maxlen = 8;
|
pw_maxlen = 8;
|
||||||
else if (useapr1)
|
else if (use1 || useapr1)
|
||||||
pw_maxlen = 256; /* arbitrary limit, should be enough for most passwords */
|
pw_maxlen = 256; /* arbitrary limit, should be enough for most passwords */
|
||||||
|
|
||||||
if (passwds == NULL)
|
if (passwds == NULL)
|
||||||
{
|
{
|
||||||
/* no passwords on the command line */
|
/* no passwords on the command line */
|
||||||
passwd = passwd_malloc = Malloc(pw_maxlen + 1);
|
|
||||||
|
passwd_malloc_size = pw_maxlen + 2;
|
||||||
|
/* longer than necessary so that we can warn about truncation */
|
||||||
|
passwd = passwd_malloc = OPENSSL_malloc(passwd_malloc_size);
|
||||||
if (passwd_malloc == NULL)
|
if (passwd_malloc == NULL)
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
@ -208,7 +222,7 @@ int MAIN(int argc, char **argv)
|
|||||||
|
|
||||||
passwds = passwds_static;
|
passwds = passwds_static;
|
||||||
if (in == NULL)
|
if (in == NULL)
|
||||||
if (EVP_read_pw_string(passwd_malloc, pw_maxlen + 1, "Password: ", 0) != 0)
|
if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", 0) != 0)
|
||||||
goto err;
|
goto err;
|
||||||
passwds[0] = passwd_malloc;
|
passwds[0] = passwd_malloc;
|
||||||
}
|
}
|
||||||
@ -222,7 +236,7 @@ int MAIN(int argc, char **argv)
|
|||||||
{
|
{
|
||||||
passwd = *passwds++;
|
passwd = *passwds++;
|
||||||
if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
|
if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
|
||||||
quiet, table, reverse, pw_maxlen, usecrypt, useapr1))
|
quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1))
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
while (*passwds != NULL);
|
while (*passwds != NULL);
|
||||||
@ -251,7 +265,7 @@ int MAIN(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
|
if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
|
||||||
quiet, table, reverse, pw_maxlen, usecrypt, useapr1))
|
quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1))
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
done = (r <= 0);
|
done = (r <= 0);
|
||||||
@ -262,22 +276,29 @@ int MAIN(int argc, char **argv)
|
|||||||
err:
|
err:
|
||||||
ERR_print_errors(bio_err);
|
ERR_print_errors(bio_err);
|
||||||
if (salt_malloc)
|
if (salt_malloc)
|
||||||
Free(salt_malloc);
|
OPENSSL_free(salt_malloc);
|
||||||
if (passwd_malloc)
|
if (passwd_malloc)
|
||||||
Free(passwd_malloc);
|
OPENSSL_free(passwd_malloc);
|
||||||
if (in)
|
if (in)
|
||||||
BIO_free(in);
|
BIO_free(in);
|
||||||
if (out)
|
if (out)
|
||||||
BIO_free(out);
|
BIO_free_all(out);
|
||||||
EXIT(ret);
|
EXIT(ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
#ifndef NO_APR1
|
#ifndef NO_MD5CRYPT_1
|
||||||
/* MD5-based password algorithm compatible to the one found in Apache
|
/* MD5-based password algorithm (should probably be available as a library
|
||||||
* (should probably be available as a library function;
|
* function; then the static buffer would not be acceptable).
|
||||||
* then the static buffer would not be acceptable) */
|
* For magic string "1", this should be compatible to the MD5-based BSD
|
||||||
static char *apr1_crypt(const char *passwd, const char *salt)
|
* password algorithm.
|
||||||
|
* For 'magic' string "apr1", this is compatible to the MD5-based Apache
|
||||||
|
* password algorithm.
|
||||||
|
* (Apparently, the Apache password algorithm is identical except that the
|
||||||
|
* 'magic' string was changed -- the laziest application of the NIH principle
|
||||||
|
* I've ever encountered.)
|
||||||
|
*/
|
||||||
|
static char *md5crypt(const char *passwd, const char *magic, const char *salt)
|
||||||
{
|
{
|
||||||
static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */
|
static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */
|
||||||
unsigned char buf[MD5_DIGEST_LENGTH];
|
unsigned char buf[MD5_DIGEST_LENGTH];
|
||||||
@ -287,7 +308,11 @@ static char *apr1_crypt(const char *passwd, const char *salt)
|
|||||||
size_t passwd_len, salt_len;
|
size_t passwd_len, salt_len;
|
||||||
|
|
||||||
passwd_len = strlen(passwd);
|
passwd_len = strlen(passwd);
|
||||||
strcpy(out_buf, "$apr1$");
|
out_buf[0] = '$';
|
||||||
|
out_buf[1] = 0;
|
||||||
|
assert(strlen(magic) <= 4); /* "1" or "apr1" */
|
||||||
|
strncat(out_buf, magic, 4);
|
||||||
|
strncat(out_buf, "$", 1);
|
||||||
strncat(out_buf, salt, 8);
|
strncat(out_buf, salt, 8);
|
||||||
assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
|
assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
|
||||||
salt_out = out_buf + 6;
|
salt_out = out_buf + 6;
|
||||||
@ -296,7 +321,9 @@ static char *apr1_crypt(const char *passwd, const char *salt)
|
|||||||
|
|
||||||
MD5_Init(&md);
|
MD5_Init(&md);
|
||||||
MD5_Update(&md, passwd, passwd_len);
|
MD5_Update(&md, passwd, passwd_len);
|
||||||
MD5_Update(&md, "$apr1$", 6);
|
MD5_Update(&md, "$", 1);
|
||||||
|
MD5_Update(&md, magic, strlen(magic));
|
||||||
|
MD5_Update(&md, "$", 1);
|
||||||
MD5_Update(&md, salt_out, salt_len);
|
MD5_Update(&md, salt_out, salt_len);
|
||||||
|
|
||||||
{
|
{
|
||||||
@ -380,7 +407,7 @@ static char *apr1_crypt(const char *passwd, const char *salt)
|
|||||||
|
|
||||||
static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
|
static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
|
||||||
char *passwd, BIO *out, int quiet, int table, int reverse,
|
char *passwd, BIO *out, int quiet, int table, int reverse,
|
||||||
size_t pw_maxlen, int usecrypt, int useapr1)
|
size_t pw_maxlen, int usecrypt, int use1, int useapr1)
|
||||||
{
|
{
|
||||||
char *hash = NULL;
|
char *hash = NULL;
|
||||||
|
|
||||||
@ -395,7 +422,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
|
|||||||
{
|
{
|
||||||
if (*salt_malloc_p == NULL)
|
if (*salt_malloc_p == NULL)
|
||||||
{
|
{
|
||||||
*salt_p = *salt_malloc_p = Malloc(3);
|
*salt_p = *salt_malloc_p = OPENSSL_malloc(3);
|
||||||
if (*salt_malloc_p == NULL)
|
if (*salt_malloc_p == NULL)
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
@ -411,14 +438,14 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
|
|||||||
}
|
}
|
||||||
#endif /* !NO_DES */
|
#endif /* !NO_DES */
|
||||||
|
|
||||||
#ifndef NO_APR1
|
#ifndef NO_MD5CRYPT_1
|
||||||
if (useapr1)
|
if (use1 || useapr1)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
if (*salt_malloc_p == NULL)
|
if (*salt_malloc_p == NULL)
|
||||||
{
|
{
|
||||||
*salt_p = *salt_malloc_p = Malloc(9);
|
*salt_p = *salt_malloc_p = OPENSSL_malloc(9);
|
||||||
if (*salt_malloc_p == NULL)
|
if (*salt_malloc_p == NULL)
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
@ -429,7 +456,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
|
|||||||
(*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */
|
(*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */
|
||||||
(*salt_p)[8] = 0;
|
(*salt_p)[8] = 0;
|
||||||
}
|
}
|
||||||
#endif /* !NO_APR1 */
|
#endif /* !NO_MD5CRYPT_1 */
|
||||||
}
|
}
|
||||||
|
|
||||||
assert(*salt_p != NULL);
|
assert(*salt_p != NULL);
|
||||||
@ -448,9 +475,9 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
|
|||||||
if (usecrypt)
|
if (usecrypt)
|
||||||
hash = des_crypt(passwd, *salt_p);
|
hash = des_crypt(passwd, *salt_p);
|
||||||
#endif
|
#endif
|
||||||
#ifndef NO_APR1
|
#ifndef NO_MD5CRYPT_1
|
||||||
if (useapr1)
|
if (use1 || useapr1)
|
||||||
hash = apr1_crypt(passwd, *salt_p);
|
hash = md5crypt(passwd, (use1 ? "1" : "apr1"), *salt_p);
|
||||||
#endif
|
#endif
|
||||||
assert(hash != NULL);
|
assert(hash != NULL);
|
||||||
|
|
||||||
|
@ -78,9 +78,10 @@ EVP_CIPHER *enc;
|
|||||||
#define CLCERTS 0x8
|
#define CLCERTS 0x8
|
||||||
#define CACERTS 0x10
|
#define CACERTS 0x10
|
||||||
|
|
||||||
int get_cert_chain(X509 *cert, STACK_OF(X509) **chain);
|
int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain);
|
||||||
int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options, char *pempass);
|
int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options, char *pempass);
|
||||||
int dump_certs_pkeys_bags(BIO *out, STACK *bags, char *pass, int passlen, int options, char *pempass);
|
int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass,
|
||||||
|
int passlen, int options, char *pempass);
|
||||||
int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass);
|
int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass);
|
||||||
int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name);
|
int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name);
|
||||||
void hex_prin(BIO *out, unsigned char *buf, int len);
|
void hex_prin(BIO *out, unsigned char *buf, int len);
|
||||||
@ -116,6 +117,7 @@ int MAIN(int argc, char **argv)
|
|||||||
char *passargin = NULL, *passargout = NULL, *passarg = NULL;
|
char *passargin = NULL, *passargout = NULL, *passarg = NULL;
|
||||||
char *passin = NULL, *passout = NULL;
|
char *passin = NULL, *passout = NULL;
|
||||||
char *inrand = NULL;
|
char *inrand = NULL;
|
||||||
|
char *CApath = NULL, *CAfile = NULL;
|
||||||
|
|
||||||
apps_startup();
|
apps_startup();
|
||||||
|
|
||||||
@ -195,7 +197,7 @@ int MAIN(int argc, char **argv)
|
|||||||
} else if (!strcmp (*args, "-caname")) {
|
} else if (!strcmp (*args, "-caname")) {
|
||||||
if (args[1]) {
|
if (args[1]) {
|
||||||
args++;
|
args++;
|
||||||
if (!canames) canames = sk_new(NULL);
|
if (!canames) canames = sk_new_null();
|
||||||
sk_push(canames, *args);
|
sk_push(canames, *args);
|
||||||
} else badarg = 1;
|
} else badarg = 1;
|
||||||
} else if (!strcmp (*args, "-in")) {
|
} else if (!strcmp (*args, "-in")) {
|
||||||
@ -224,6 +226,16 @@ int MAIN(int argc, char **argv)
|
|||||||
passarg = *args;
|
passarg = *args;
|
||||||
noprompt = 1;
|
noprompt = 1;
|
||||||
} else badarg = 1;
|
} else badarg = 1;
|
||||||
|
} else if (!strcmp(*args,"-CApath")) {
|
||||||
|
if (args[1]) {
|
||||||
|
args++;
|
||||||
|
CApath = *args;
|
||||||
|
} else badarg = 1;
|
||||||
|
} else if (!strcmp(*args,"-CAfile")) {
|
||||||
|
if (args[1]) {
|
||||||
|
args++;
|
||||||
|
CAfile = *args;
|
||||||
|
} else badarg = 1;
|
||||||
} else badarg = 1;
|
} else badarg = 1;
|
||||||
|
|
||||||
} else badarg = 1;
|
} else badarg = 1;
|
||||||
@ -237,6 +249,8 @@ int MAIN(int argc, char **argv)
|
|||||||
BIO_printf (bio_err, "-chain add certificate chain\n");
|
BIO_printf (bio_err, "-chain add certificate chain\n");
|
||||||
BIO_printf (bio_err, "-inkey file private key if not infile\n");
|
BIO_printf (bio_err, "-inkey file private key if not infile\n");
|
||||||
BIO_printf (bio_err, "-certfile f add all certs in f\n");
|
BIO_printf (bio_err, "-certfile f add all certs in f\n");
|
||||||
|
BIO_printf (bio_err, "-CApath arg - PEM format directory of CA's\n");
|
||||||
|
BIO_printf (bio_err, "-CAfile arg - PEM format file of CA's\n");
|
||||||
BIO_printf (bio_err, "-name \"name\" use name as friendly name\n");
|
BIO_printf (bio_err, "-name \"name\" use name as friendly name\n");
|
||||||
BIO_printf (bio_err, "-caname \"nm\" use nm as CA friendly name (can be used more than once).\n");
|
BIO_printf (bio_err, "-caname \"nm\" use nm as CA friendly name (can be used more than once).\n");
|
||||||
BIO_printf (bio_err, "-in infile input filename\n");
|
BIO_printf (bio_err, "-in infile input filename\n");
|
||||||
@ -336,8 +350,15 @@ int MAIN(int argc, char **argv)
|
|||||||
CRYPTO_push_info("write files");
|
CRYPTO_push_info("write files");
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (!outfile) out = BIO_new_fp(stdout, BIO_NOCLOSE);
|
if (!outfile) {
|
||||||
else out = BIO_new_file(outfile, "wb");
|
out = BIO_new_fp(stdout, BIO_NOCLOSE);
|
||||||
|
#ifdef VMS
|
||||||
|
{
|
||||||
|
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||||
|
out = BIO_push(tmpbio, out);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
} else out = BIO_new_file(outfile, "wb");
|
||||||
if (!out) {
|
if (!out) {
|
||||||
BIO_printf(bio_err, "Error opening output file %s\n",
|
BIO_printf(bio_err, "Error opening output file %s\n",
|
||||||
outfile ? outfile : "<stdout>");
|
outfile ? outfile : "<stdout>");
|
||||||
@ -359,20 +380,22 @@ int MAIN(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (export_cert) {
|
if (export_cert) {
|
||||||
EVP_PKEY *key;
|
EVP_PKEY *key = NULL;
|
||||||
STACK *bags, *safes;
|
STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
|
||||||
PKCS12_SAFEBAG *bag;
|
STACK_OF(PKCS7) *safes = NULL;
|
||||||
PKCS8_PRIV_KEY_INFO *p8;
|
PKCS12_SAFEBAG *bag = NULL;
|
||||||
PKCS7 *authsafe;
|
PKCS8_PRIV_KEY_INFO *p8 = NULL;
|
||||||
|
PKCS7 *authsafe = NULL;
|
||||||
X509 *ucert = NULL;
|
X509 *ucert = NULL;
|
||||||
STACK_OF(X509) *certs=NULL;
|
STACK_OF(X509) *certs=NULL;
|
||||||
char *catmp;
|
char *catmp = NULL;
|
||||||
int i;
|
int i;
|
||||||
unsigned char keyid[EVP_MAX_MD_SIZE];
|
unsigned char keyid[EVP_MAX_MD_SIZE];
|
||||||
unsigned int keyidlen = 0;
|
unsigned int keyidlen = 0;
|
||||||
|
|
||||||
#ifdef CRYPTO_MDEBUG
|
#ifdef CRYPTO_MDEBUG
|
||||||
CRYPTO_push_info("process -export_cert");
|
CRYPTO_push_info("process -export_cert");
|
||||||
|
CRYPTO_push_info("reading private key");
|
||||||
#endif
|
#endif
|
||||||
key = PEM_read_bio_PrivateKey(inkey ? inkey : in, NULL, NULL, passin);
|
key = PEM_read_bio_PrivateKey(inkey ? inkey : in, NULL, NULL, passin);
|
||||||
if (!inkey) (void) BIO_reset(in);
|
if (!inkey) (void) BIO_reset(in);
|
||||||
@ -380,18 +403,28 @@ int MAIN(int argc, char **argv)
|
|||||||
if (!key) {
|
if (!key) {
|
||||||
BIO_printf (bio_err, "Error loading private key\n");
|
BIO_printf (bio_err, "Error loading private key\n");
|
||||||
ERR_print_errors(bio_err);
|
ERR_print_errors(bio_err);
|
||||||
goto end;
|
goto export_end;
|
||||||
}
|
}
|
||||||
|
|
||||||
certs = sk_X509_new(NULL);
|
#ifdef CRYPTO_MDEBUG
|
||||||
|
CRYPTO_pop_info();
|
||||||
|
CRYPTO_push_info("reading certs from input");
|
||||||
|
#endif
|
||||||
|
|
||||||
|
certs = sk_X509_new_null();
|
||||||
|
|
||||||
/* Load in all certs in input file */
|
/* Load in all certs in input file */
|
||||||
if(!cert_load(in, certs)) {
|
if(!cert_load(in, certs)) {
|
||||||
BIO_printf(bio_err, "Error loading certificates from input\n");
|
BIO_printf(bio_err, "Error loading certificates from input\n");
|
||||||
ERR_print_errors(bio_err);
|
ERR_print_errors(bio_err);
|
||||||
goto end;
|
goto export_end;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef CRYPTO_MDEBUG
|
||||||
|
CRYPTO_pop_info();
|
||||||
|
CRYPTO_push_info("reading certs from input 2");
|
||||||
|
#endif
|
||||||
|
|
||||||
for(i = 0; i < sk_X509_num(certs); i++) {
|
for(i = 0; i < sk_X509_num(certs); i++) {
|
||||||
ucert = sk_X509_value(certs, i);
|
ucert = sk_X509_value(certs, i);
|
||||||
if(X509_check_private_key(ucert, key)) {
|
if(X509_check_private_key(ucert, key)) {
|
||||||
@ -399,41 +432,68 @@ int MAIN(int argc, char **argv)
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!keyidlen) {
|
if(!keyidlen) {
|
||||||
|
ucert = NULL;
|
||||||
BIO_printf(bio_err, "No certificate matches private key\n");
|
BIO_printf(bio_err, "No certificate matches private key\n");
|
||||||
goto end;
|
goto export_end;
|
||||||
}
|
}
|
||||||
|
|
||||||
bags = sk_new (NULL);
|
#ifdef CRYPTO_MDEBUG
|
||||||
|
CRYPTO_pop_info();
|
||||||
|
CRYPTO_push_info("reading certs from certfile");
|
||||||
|
#endif
|
||||||
|
|
||||||
|
bags = sk_PKCS12_SAFEBAG_new_null ();
|
||||||
|
|
||||||
/* Add any more certificates asked for */
|
/* Add any more certificates asked for */
|
||||||
if (certsin) {
|
if (certsin) {
|
||||||
if(!cert_load(certsin, certs)) {
|
if(!cert_load(certsin, certs)) {
|
||||||
BIO_printf(bio_err, "Error loading certificates from certfile\n");
|
BIO_printf(bio_err, "Error loading certificates from certfile\n");
|
||||||
ERR_print_errors(bio_err);
|
ERR_print_errors(bio_err);
|
||||||
goto end;
|
goto export_end;
|
||||||
}
|
}
|
||||||
BIO_free(certsin);
|
BIO_free(certsin);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef CRYPTO_MDEBUG
|
||||||
|
CRYPTO_pop_info();
|
||||||
|
CRYPTO_push_info("building chain");
|
||||||
|
#endif
|
||||||
|
|
||||||
/* If chaining get chain from user cert */
|
/* If chaining get chain from user cert */
|
||||||
if (chain) {
|
if (chain) {
|
||||||
int vret;
|
int vret;
|
||||||
STACK_OF(X509) *chain2;
|
STACK_OF(X509) *chain2;
|
||||||
vret = get_cert_chain (ucert, &chain2);
|
X509_STORE *store = X509_STORE_new();
|
||||||
|
if (!store)
|
||||||
|
{
|
||||||
|
BIO_printf (bio_err, "Memory allocation error\n");
|
||||||
|
goto export_end;
|
||||||
|
}
|
||||||
|
if (!X509_STORE_load_locations(store, CAfile, CApath))
|
||||||
|
X509_STORE_set_default_paths (store);
|
||||||
|
|
||||||
|
vret = get_cert_chain (ucert, store, &chain2);
|
||||||
|
X509_STORE_free(store);
|
||||||
|
|
||||||
|
if (!vret) {
|
||||||
|
/* Exclude verified certificate */
|
||||||
|
for (i = 1; i < sk_X509_num (chain2) ; i++)
|
||||||
|
sk_X509_push(certs, sk_X509_value (chain2, i));
|
||||||
|
}
|
||||||
|
sk_X509_free(chain2);
|
||||||
if (vret) {
|
if (vret) {
|
||||||
BIO_printf (bio_err, "Error %s getting chain.\n",
|
BIO_printf (bio_err, "Error %s getting chain.\n",
|
||||||
X509_verify_cert_error_string(vret));
|
X509_verify_cert_error_string(vret));
|
||||||
goto end;
|
goto export_end;
|
||||||
}
|
}
|
||||||
/* Exclude verified certificate */
|
|
||||||
for (i = 1; i < sk_X509_num (chain2) ; i++)
|
|
||||||
sk_X509_push(certs, sk_X509_value (chain2, i));
|
|
||||||
sk_X509_free(chain2);
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef CRYPTO_MDEBUG
|
||||||
|
CRYPTO_pop_info();
|
||||||
|
CRYPTO_push_info("building bags");
|
||||||
|
#endif
|
||||||
|
|
||||||
/* We now have loads of certificates: include them all */
|
/* We now have loads of certificates: include them all */
|
||||||
for(i = 0; i < sk_X509_num(certs); i++) {
|
for(i = 0; i < sk_X509_num(certs); i++) {
|
||||||
X509 *cert = NULL;
|
X509 *cert = NULL;
|
||||||
@ -445,59 +505,101 @@ int MAIN(int argc, char **argv)
|
|||||||
PKCS12_add_localkeyid(bag, keyid, keyidlen);
|
PKCS12_add_localkeyid(bag, keyid, keyidlen);
|
||||||
} else if((catmp = sk_shift(canames)))
|
} else if((catmp = sk_shift(canames)))
|
||||||
PKCS12_add_friendlyname(bag, catmp, -1);
|
PKCS12_add_friendlyname(bag, catmp, -1);
|
||||||
sk_push(bags, (char *)bag);
|
sk_PKCS12_SAFEBAG_push(bags, bag);
|
||||||
}
|
}
|
||||||
sk_X509_pop_free(certs, X509_free);
|
sk_X509_pop_free(certs, X509_free);
|
||||||
if (canames) sk_free(canames);
|
certs = NULL;
|
||||||
|
/* ucert is part of certs so it is already freed */
|
||||||
|
ucert = NULL;
|
||||||
|
|
||||||
|
#ifdef CRYPTO_MDEBUG
|
||||||
|
CRYPTO_pop_info();
|
||||||
|
CRYPTO_push_info("encrypting bags");
|
||||||
|
#endif
|
||||||
|
|
||||||
if(!noprompt &&
|
if(!noprompt &&
|
||||||
EVP_read_pw_string(pass, 50, "Enter Export Password:", 1)) {
|
EVP_read_pw_string(pass, 50, "Enter Export Password:", 1)) {
|
||||||
BIO_printf (bio_err, "Can't read Password\n");
|
BIO_printf (bio_err, "Can't read Password\n");
|
||||||
goto end;
|
goto export_end;
|
||||||
}
|
}
|
||||||
if (!twopass) strcpy(macpass, pass);
|
if (!twopass) strcpy(macpass, pass);
|
||||||
/* Turn certbags into encrypted authsafe */
|
/* Turn certbags into encrypted authsafe */
|
||||||
authsafe = PKCS12_pack_p7encdata(cert_pbe, cpass, -1, NULL, 0,
|
authsafe = PKCS12_pack_p7encdata(cert_pbe, cpass, -1, NULL, 0,
|
||||||
iter, bags);
|
iter, bags);
|
||||||
sk_pop_free(bags, PKCS12_SAFEBAG_free);
|
sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
|
||||||
|
bags = NULL;
|
||||||
|
|
||||||
if (!authsafe) {
|
if (!authsafe) {
|
||||||
ERR_print_errors (bio_err);
|
ERR_print_errors (bio_err);
|
||||||
goto end;
|
goto export_end;
|
||||||
}
|
}
|
||||||
|
|
||||||
safes = sk_new (NULL);
|
safes = sk_PKCS7_new_null ();
|
||||||
sk_push (safes, (char *)authsafe);
|
sk_PKCS7_push (safes, authsafe);
|
||||||
|
|
||||||
|
#ifdef CRYPTO_MDEBUG
|
||||||
|
CRYPTO_pop_info();
|
||||||
|
CRYPTO_push_info("building shrouded key bag");
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Make a shrouded key bag */
|
/* Make a shrouded key bag */
|
||||||
p8 = EVP_PKEY2PKCS8 (key);
|
p8 = EVP_PKEY2PKCS8 (key);
|
||||||
EVP_PKEY_free(key);
|
|
||||||
if(keytype) PKCS8_add_keyusage(p8, keytype);
|
if(keytype) PKCS8_add_keyusage(p8, keytype);
|
||||||
bag = PKCS12_MAKE_SHKEYBAG(key_pbe, cpass, -1, NULL, 0, iter, p8);
|
bag = PKCS12_MAKE_SHKEYBAG(key_pbe, cpass, -1, NULL, 0, iter, p8);
|
||||||
PKCS8_PRIV_KEY_INFO_free(p8);
|
PKCS8_PRIV_KEY_INFO_free(p8);
|
||||||
|
p8 = NULL;
|
||||||
if (name) PKCS12_add_friendlyname (bag, name, -1);
|
if (name) PKCS12_add_friendlyname (bag, name, -1);
|
||||||
PKCS12_add_localkeyid (bag, keyid, keyidlen);
|
PKCS12_add_localkeyid (bag, keyid, keyidlen);
|
||||||
bags = sk_new(NULL);
|
bags = sk_PKCS12_SAFEBAG_new_null();
|
||||||
sk_push (bags, (char *)bag);
|
sk_PKCS12_SAFEBAG_push (bags, bag);
|
||||||
|
|
||||||
|
#ifdef CRYPTO_MDEBUG
|
||||||
|
CRYPTO_pop_info();
|
||||||
|
CRYPTO_push_info("encrypting shrouded key bag");
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Turn it into unencrypted safe bag */
|
/* Turn it into unencrypted safe bag */
|
||||||
authsafe = PKCS12_pack_p7data (bags);
|
authsafe = PKCS12_pack_p7data (bags);
|
||||||
sk_pop_free(bags, PKCS12_SAFEBAG_free);
|
sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
|
||||||
sk_push (safes, (char *)authsafe);
|
bags = NULL;
|
||||||
|
sk_PKCS7_push (safes, authsafe);
|
||||||
|
|
||||||
|
#ifdef CRYPTO_MDEBUG
|
||||||
|
CRYPTO_pop_info();
|
||||||
|
CRYPTO_push_info("building pkcs12");
|
||||||
|
#endif
|
||||||
|
|
||||||
p12 = PKCS12_init (NID_pkcs7_data);
|
p12 = PKCS12_init (NID_pkcs7_data);
|
||||||
|
|
||||||
M_PKCS12_pack_authsafes (p12, safes);
|
M_PKCS12_pack_authsafes (p12, safes);
|
||||||
|
|
||||||
sk_pop_free(safes, PKCS7_free);
|
sk_PKCS7_pop_free(safes, PKCS7_free);
|
||||||
|
safes = NULL;
|
||||||
|
|
||||||
PKCS12_set_mac (p12, mpass, -1, NULL, 0, maciter, NULL);
|
PKCS12_set_mac (p12, mpass, -1, NULL, 0, maciter, NULL);
|
||||||
|
|
||||||
|
#ifdef CRYPTO_MDEBUG
|
||||||
|
CRYPTO_pop_info();
|
||||||
|
CRYPTO_push_info("writing pkcs12");
|
||||||
|
#endif
|
||||||
|
|
||||||
i2d_PKCS12_bio (out, p12);
|
i2d_PKCS12_bio (out, p12);
|
||||||
|
|
||||||
PKCS12_free(p12);
|
|
||||||
|
|
||||||
ret = 0;
|
ret = 0;
|
||||||
|
|
||||||
|
export_end:
|
||||||
|
#ifdef CRYPTO_MDEBUG
|
||||||
|
CRYPTO_pop_info();
|
||||||
|
CRYPTO_pop_info();
|
||||||
|
CRYPTO_push_info("process -export_cert: freeing");
|
||||||
|
#endif
|
||||||
|
|
||||||
|
if (key) EVP_PKEY_free(key);
|
||||||
|
if (certs) sk_X509_pop_free(certs, X509_free);
|
||||||
|
if (safes) sk_PKCS7_pop_free(safes, PKCS7_free);
|
||||||
|
if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
|
||||||
|
if (ucert) X509_free(ucert);
|
||||||
|
|
||||||
#ifdef CRYPTO_MDEBUG
|
#ifdef CRYPTO_MDEBUG
|
||||||
CRYPTO_pop_info();
|
CRYPTO_pop_info();
|
||||||
#endif
|
#endif
|
||||||
@ -528,11 +630,16 @@ int MAIN(int argc, char **argv)
|
|||||||
#ifdef CRYPTO_MDEBUG
|
#ifdef CRYPTO_MDEBUG
|
||||||
CRYPTO_push_info("verify MAC");
|
CRYPTO_push_info("verify MAC");
|
||||||
#endif
|
#endif
|
||||||
if (!PKCS12_verify_mac (p12, mpass, -1)) {
|
/* If we enter empty password try no password first */
|
||||||
|
if(!macpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
|
||||||
|
/* If mac and crypto pass the same set it to NULL too */
|
||||||
|
if(!twopass) cpass = NULL;
|
||||||
|
} else if (!PKCS12_verify_mac(p12, mpass, -1)) {
|
||||||
BIO_printf (bio_err, "Mac verify error: invalid password?\n");
|
BIO_printf (bio_err, "Mac verify error: invalid password?\n");
|
||||||
ERR_print_errors (bio_err);
|
ERR_print_errors (bio_err);
|
||||||
goto end;
|
goto end;
|
||||||
} else BIO_printf (bio_err, "MAC verified OK\n");
|
}
|
||||||
|
BIO_printf (bio_err, "MAC verified OK\n");
|
||||||
#ifdef CRYPTO_MDEBUG
|
#ifdef CRYPTO_MDEBUG
|
||||||
CRYPTO_pop_info();
|
CRYPTO_pop_info();
|
||||||
#endif
|
#endif
|
||||||
@ -549,29 +656,32 @@ int MAIN(int argc, char **argv)
|
|||||||
#ifdef CRYPTO_MDEBUG
|
#ifdef CRYPTO_MDEBUG
|
||||||
CRYPTO_pop_info();
|
CRYPTO_pop_info();
|
||||||
#endif
|
#endif
|
||||||
PKCS12_free(p12);
|
|
||||||
ret = 0;
|
ret = 0;
|
||||||
end:
|
end:
|
||||||
|
if (p12) PKCS12_free(p12);
|
||||||
if(export_cert || inrand) app_RAND_write_file(NULL, bio_err);
|
if(export_cert || inrand) app_RAND_write_file(NULL, bio_err);
|
||||||
#ifdef CRYPTO_MDEBUG
|
#ifdef CRYPTO_MDEBUG
|
||||||
CRYPTO_remove_all_info();
|
CRYPTO_remove_all_info();
|
||||||
#endif
|
#endif
|
||||||
BIO_free(in);
|
BIO_free(in);
|
||||||
BIO_free(out);
|
BIO_free_all(out);
|
||||||
if(passin) Free(passin);
|
if (canames) sk_free(canames);
|
||||||
if(passout) Free(passout);
|
if(passin) OPENSSL_free(passin);
|
||||||
|
if(passout) OPENSSL_free(passout);
|
||||||
EXIT(ret);
|
EXIT(ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
|
int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
|
||||||
int passlen, int options, char *pempass)
|
int passlen, int options, char *pempass)
|
||||||
{
|
{
|
||||||
STACK *asafes, *bags;
|
STACK_OF(PKCS7) *asafes;
|
||||||
|
STACK_OF(PKCS12_SAFEBAG) *bags;
|
||||||
int i, bagnid;
|
int i, bagnid;
|
||||||
PKCS7 *p7;
|
PKCS7 *p7;
|
||||||
|
|
||||||
if (!( asafes = M_PKCS12_unpack_authsafes (p12))) return 0;
|
if (!( asafes = M_PKCS12_unpack_authsafes (p12))) return 0;
|
||||||
for (i = 0; i < sk_num (asafes); i++) {
|
for (i = 0; i < sk_PKCS7_num (asafes); i++) {
|
||||||
p7 = (PKCS7 *) sk_value (asafes, i);
|
p7 = sk_PKCS7_value (asafes, i);
|
||||||
bagnid = OBJ_obj2nid (p7->type);
|
bagnid = OBJ_obj2nid (p7->type);
|
||||||
if (bagnid == NID_pkcs7_data) {
|
if (bagnid == NID_pkcs7_data) {
|
||||||
bags = M_PKCS12_unpack_p7data (p7);
|
bags = M_PKCS12_unpack_p7data (p7);
|
||||||
@ -587,23 +697,25 @@ int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
|
|||||||
if (!bags) return 0;
|
if (!bags) return 0;
|
||||||
if (!dump_certs_pkeys_bags (out, bags, pass, passlen,
|
if (!dump_certs_pkeys_bags (out, bags, pass, passlen,
|
||||||
options, pempass)) {
|
options, pempass)) {
|
||||||
sk_pop_free (bags, PKCS12_SAFEBAG_free);
|
sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
sk_pop_free (bags, PKCS12_SAFEBAG_free);
|
sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
|
||||||
}
|
}
|
||||||
sk_pop_free (asafes, PKCS7_free);
|
sk_PKCS7_pop_free (asafes, PKCS7_free);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int dump_certs_pkeys_bags (BIO *out, STACK *bags, char *pass,
|
int dump_certs_pkeys_bags (BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
|
||||||
int passlen, int options, char *pempass)
|
char *pass, int passlen, int options, char *pempass)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
for (i = 0; i < sk_num (bags); i++) {
|
for (i = 0; i < sk_PKCS12_SAFEBAG_num (bags); i++) {
|
||||||
if (!dump_certs_pkeys_bag (out,
|
if (!dump_certs_pkeys_bag (out,
|
||||||
(PKCS12_SAFEBAG *)sk_value (bags, i), pass, passlen,
|
sk_PKCS12_SAFEBAG_value (bags, i),
|
||||||
options, pempass)) return 0;
|
pass, passlen,
|
||||||
|
options, pempass))
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
@ -679,15 +791,12 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
|
|||||||
|
|
||||||
/* Hope this is OK .... */
|
/* Hope this is OK .... */
|
||||||
|
|
||||||
int get_cert_chain (X509 *cert, STACK_OF(X509) **chain)
|
int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
|
||||||
{
|
{
|
||||||
X509_STORE *store;
|
|
||||||
X509_STORE_CTX store_ctx;
|
X509_STORE_CTX store_ctx;
|
||||||
STACK_OF(X509) *chn;
|
STACK_OF(X509) *chn;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
store = X509_STORE_new ();
|
|
||||||
X509_STORE_set_default_paths (store);
|
|
||||||
X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
|
X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
|
||||||
if (X509_verify_cert(&store_ctx) <= 0) {
|
if (X509_verify_cert(&store_ctx) <= 0) {
|
||||||
i = X509_STORE_CTX_get_error (&store_ctx);
|
i = X509_STORE_CTX_get_error (&store_ctx);
|
||||||
@ -698,7 +807,6 @@ int get_cert_chain (X509 *cert, STACK_OF(X509) **chain)
|
|||||||
*chain = chn;
|
*chain = chn;
|
||||||
err:
|
err:
|
||||||
X509_STORE_CTX_cleanup(&store_ctx);
|
X509_STORE_CTX_cleanup(&store_ctx);
|
||||||
X509_STORE_free(store);
|
|
||||||
|
|
||||||
return i;
|
return i;
|
||||||
}
|
}
|
||||||
@ -722,10 +830,22 @@ int cert_load(BIO *in, STACK_OF(X509) *sk)
|
|||||||
int ret;
|
int ret;
|
||||||
X509 *cert;
|
X509 *cert;
|
||||||
ret = 0;
|
ret = 0;
|
||||||
|
#ifdef CRYPTO_MDEBUG
|
||||||
|
CRYPTO_push_info("cert_load(): reading one cert");
|
||||||
|
#endif
|
||||||
while((cert = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
|
while((cert = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
|
||||||
|
#ifdef CRYPTO_MDEBUG
|
||||||
|
CRYPTO_pop_info();
|
||||||
|
#endif
|
||||||
ret = 1;
|
ret = 1;
|
||||||
sk_X509_push(sk, cert);
|
sk_X509_push(sk, cert);
|
||||||
|
#ifdef CRYPTO_MDEBUG
|
||||||
|
CRYPTO_push_info("cert_load(): reading one cert");
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
#ifdef CRYPTO_MDEBUG
|
||||||
|
CRYPTO_pop_info();
|
||||||
|
#endif
|
||||||
if(ret) ERR_clear_error();
|
if(ret) ERR_clear_error();
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
@ -763,18 +883,18 @@ int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name)
|
|||||||
value = uni2asc(av->value.bmpstring->data,
|
value = uni2asc(av->value.bmpstring->data,
|
||||||
av->value.bmpstring->length);
|
av->value.bmpstring->length);
|
||||||
BIO_printf(out, "%s\n", value);
|
BIO_printf(out, "%s\n", value);
|
||||||
Free(value);
|
OPENSSL_free(value);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case V_ASN1_OCTET_STRING:
|
case V_ASN1_OCTET_STRING:
|
||||||
hex_prin(out, av->value.bit_string->data,
|
hex_prin(out, av->value.octet_string->data,
|
||||||
av->value.bit_string->length);
|
av->value.octet_string->length);
|
||||||
BIO_printf(out, "\n");
|
BIO_printf(out, "\n");
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case V_ASN1_BIT_STRING:
|
case V_ASN1_BIT_STRING:
|
||||||
hex_prin(out, av->value.octet_string->data,
|
hex_prin(out, av->value.bit_string->data,
|
||||||
av->value.octet_string->length);
|
av->value.bit_string->length);
|
||||||
BIO_printf(out, "\n");
|
BIO_printf(out, "\n");
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
@ -196,7 +196,15 @@ int MAIN(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (outfile == NULL)
|
if (outfile == NULL)
|
||||||
|
{
|
||||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||||
|
#ifdef VMS
|
||||||
|
{
|
||||||
|
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||||
|
out = BIO_push(tmpbio, out);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if (BIO_write_filename(out,outfile) <= 0)
|
if (BIO_write_filename(out,outfile) <= 0)
|
||||||
@ -280,6 +288,6 @@ int MAIN(int argc, char **argv)
|
|||||||
end:
|
end:
|
||||||
if (p7 != NULL) PKCS7_free(p7);
|
if (p7 != NULL) PKCS7_free(p7);
|
||||||
if (in != NULL) BIO_free(in);
|
if (in != NULL) BIO_free(in);
|
||||||
if (out != NULL) BIO_free(out);
|
if (out != NULL) BIO_free_all(out);
|
||||||
EXIT(ret);
|
EXIT(ret);
|
||||||
}
|
}
|
||||||
|
@ -194,8 +194,15 @@ int MAIN(int argc, char **argv)
|
|||||||
"Can't open output file %s\n", outfile);
|
"Can't open output file %s\n", outfile);
|
||||||
return (1);
|
return (1);
|
||||||
}
|
}
|
||||||
} else out = BIO_new_fp (stdout, BIO_NOCLOSE);
|
} else {
|
||||||
|
out = BIO_new_fp (stdout, BIO_NOCLOSE);
|
||||||
|
#ifdef VMS
|
||||||
|
{
|
||||||
|
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||||
|
out = BIO_push(tmpbio, out);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
||||||
if (topk8) {
|
if (topk8) {
|
||||||
if(informat == FORMAT_PEM)
|
if(informat == FORMAT_PEM)
|
||||||
pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, passin);
|
pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, passin);
|
||||||
@ -253,9 +260,9 @@ int MAIN(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
PKCS8_PRIV_KEY_INFO_free (p8inf);
|
PKCS8_PRIV_KEY_INFO_free (p8inf);
|
||||||
EVP_PKEY_free(pkey);
|
EVP_PKEY_free(pkey);
|
||||||
BIO_free(out);
|
BIO_free_all(out);
|
||||||
if(passin) Free(passin);
|
if(passin) OPENSSL_free(passin);
|
||||||
if(passout) Free(passout);
|
if(passout) OPENSSL_free(passout);
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -336,10 +343,10 @@ int MAIN(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
|
|
||||||
EVP_PKEY_free(pkey);
|
EVP_PKEY_free(pkey);
|
||||||
BIO_free(out);
|
BIO_free_all(out);
|
||||||
BIO_free(in);
|
BIO_free(in);
|
||||||
if(passin) Free(passin);
|
if(passin) OPENSSL_free(passin);
|
||||||
if(passout) Free(passout);
|
if(passout) OPENSSL_free(passout);
|
||||||
|
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
|
@ -14,6 +14,7 @@ extern int errstr_main(int argc,char *argv[]);
|
|||||||
extern int ca_main(int argc,char *argv[]);
|
extern int ca_main(int argc,char *argv[]);
|
||||||
extern int crl_main(int argc,char *argv[]);
|
extern int crl_main(int argc,char *argv[]);
|
||||||
extern int rsa_main(int argc,char *argv[]);
|
extern int rsa_main(int argc,char *argv[]);
|
||||||
|
extern int rsautl_main(int argc,char *argv[]);
|
||||||
extern int dsa_main(int argc,char *argv[]);
|
extern int dsa_main(int argc,char *argv[]);
|
||||||
extern int dsaparam_main(int argc,char *argv[]);
|
extern int dsaparam_main(int argc,char *argv[]);
|
||||||
extern int x509_main(int argc,char *argv[]);
|
extern int x509_main(int argc,char *argv[]);
|
||||||
@ -67,6 +68,9 @@ FUNCTION functions[] = {
|
|||||||
#ifndef NO_RSA
|
#ifndef NO_RSA
|
||||||
{FUNC_TYPE_GENERAL,"rsa",rsa_main},
|
{FUNC_TYPE_GENERAL,"rsa",rsa_main},
|
||||||
#endif
|
#endif
|
||||||
|
#ifndef NO_RSA
|
||||||
|
{FUNC_TYPE_GENERAL,"rsautl",rsautl_main},
|
||||||
|
#endif
|
||||||
#ifndef NO_DSA
|
#ifndef NO_DSA
|
||||||
{FUNC_TYPE_GENERAL,"dsa",dsa_main},
|
{FUNC_TYPE_GENERAL,"dsa",dsa_main},
|
||||||
#endif
|
#endif
|
||||||
@ -106,6 +110,7 @@ FUNCTION functions[] = {
|
|||||||
{FUNC_TYPE_GENERAL,"smime",smime_main},
|
{FUNC_TYPE_GENERAL,"smime",smime_main},
|
||||||
{FUNC_TYPE_GENERAL,"rand",rand_main},
|
{FUNC_TYPE_GENERAL,"rand",rand_main},
|
||||||
{FUNC_TYPE_MD,"md2",dgst_main},
|
{FUNC_TYPE_MD,"md2",dgst_main},
|
||||||
|
{FUNC_TYPE_MD,"md4",dgst_main},
|
||||||
{FUNC_TYPE_MD,"md5",dgst_main},
|
{FUNC_TYPE_MD,"md5",dgst_main},
|
||||||
{FUNC_TYPE_MD,"sha",dgst_main},
|
{FUNC_TYPE_MD,"sha",dgst_main},
|
||||||
{FUNC_TYPE_MD,"sha1",dgst_main},
|
{FUNC_TYPE_MD,"sha1",dgst_main},
|
||||||
|
@ -29,7 +29,7 @@ foreach (@ARGV)
|
|||||||
$str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
|
$str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
|
||||||
if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
|
if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
|
||||||
{ print "#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))\n${str}#endif\n"; }
|
{ print "#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))\n${str}#endif\n"; }
|
||||||
elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) )
|
elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) || ($_ =~ /^rsautl$/))
|
||||||
{ print "#ifndef NO_RSA\n${str}#endif\n"; }
|
{ print "#ifndef NO_RSA\n${str}#endif\n"; }
|
||||||
elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/))
|
elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/))
|
||||||
{ print "#ifndef NO_DSA\n${str}#endif\n"; }
|
{ print "#ifndef NO_DSA\n${str}#endif\n"; }
|
||||||
@ -41,7 +41,7 @@ foreach (@ARGV)
|
|||||||
{ print $str; }
|
{ print $str; }
|
||||||
}
|
}
|
||||||
|
|
||||||
foreach ("md2","md5","sha","sha1","mdc2","rmd160")
|
foreach ("md2","md4","md5","sha","sha1","mdc2","rmd160")
|
||||||
{
|
{
|
||||||
push(@files,$_);
|
push(@files,$_);
|
||||||
printf "\t{FUNC_TYPE_MD,\"%s\",dgst_main},\n",$_;
|
printf "\t{FUNC_TYPE_MD,\"%s\",dgst_main},\n",$_;
|
||||||
|
@ -62,7 +62,7 @@ int MAIN(int argc, char **argv)
|
|||||||
else
|
else
|
||||||
badopt = 1;
|
badopt = 1;
|
||||||
}
|
}
|
||||||
else if (isdigit(argv[i][0]))
|
else if (isdigit((unsigned char)argv[i][0]))
|
||||||
{
|
{
|
||||||
if (num < 0)
|
if (num < 0)
|
||||||
{
|
{
|
||||||
@ -101,7 +101,15 @@ int MAIN(int argc, char **argv)
|
|||||||
if (outfile != NULL)
|
if (outfile != NULL)
|
||||||
r = BIO_write_filename(out, outfile);
|
r = BIO_write_filename(out, outfile);
|
||||||
else
|
else
|
||||||
|
{
|
||||||
r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
|
r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
|
||||||
|
#ifdef VMS
|
||||||
|
{
|
||||||
|
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||||
|
out = BIO_push(tmpbio, out);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
||||||
if (r <= 0)
|
if (r <= 0)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
|
@ -102,6 +102,7 @@
|
|||||||
* -config file - Load configuration file.
|
* -config file - Load configuration file.
|
||||||
* -key file - make a request using key in file (or use it for verification).
|
* -key file - make a request using key in file (or use it for verification).
|
||||||
* -keyform - key file format.
|
* -keyform - key file format.
|
||||||
|
* -rand file(s) - load the file(s) into the PRNG.
|
||||||
* -newkey - make a key and a request.
|
* -newkey - make a key and a request.
|
||||||
* -modulus - print RSA modulus.
|
* -modulus - print RSA modulus.
|
||||||
* -x509 - output a self signed X509 structure instead.
|
* -x509 - output a self signed X509 structure instead.
|
||||||
@ -125,7 +126,6 @@ static void MS_CALLBACK req_cb(int p,int n,void *arg);
|
|||||||
#endif
|
#endif
|
||||||
static int req_check_len(int len,int min,int max);
|
static int req_check_len(int len,int min,int max);
|
||||||
static int check_end(char *str, char *end);
|
static int check_end(char *str, char *end);
|
||||||
static int add_oid_section(LHASH *conf);
|
|
||||||
#ifndef MONOLITH
|
#ifndef MONOLITH
|
||||||
static char *default_config_file=NULL;
|
static char *default_config_file=NULL;
|
||||||
static LHASH *config=NULL;
|
static LHASH *config=NULL;
|
||||||
@ -156,6 +156,7 @@ int MAIN(int argc, char **argv)
|
|||||||
char *req_exts = NULL;
|
char *req_exts = NULL;
|
||||||
EVP_CIPHER *cipher=NULL;
|
EVP_CIPHER *cipher=NULL;
|
||||||
int modulus=0;
|
int modulus=0;
|
||||||
|
char *inrand=NULL;
|
||||||
char *passargin = NULL, *passargout = NULL;
|
char *passargin = NULL, *passargout = NULL;
|
||||||
char *passin = NULL, *passout = NULL;
|
char *passin = NULL, *passout = NULL;
|
||||||
char *p;
|
char *p;
|
||||||
@ -239,6 +240,11 @@ int MAIN(int argc, char **argv)
|
|||||||
if (--argc < 1) goto bad;
|
if (--argc < 1) goto bad;
|
||||||
passargout= *(++argv);
|
passargout= *(++argv);
|
||||||
}
|
}
|
||||||
|
else if (strcmp(*argv,"-rand") == 0)
|
||||||
|
{
|
||||||
|
if (--argc < 1) goto bad;
|
||||||
|
inrand= *(++argv);
|
||||||
|
}
|
||||||
else if (strcmp(*argv,"-newkey") == 0)
|
else if (strcmp(*argv,"-newkey") == 0)
|
||||||
{
|
{
|
||||||
int is_numeric;
|
int is_numeric;
|
||||||
@ -372,6 +378,9 @@ int MAIN(int argc, char **argv)
|
|||||||
BIO_printf(bio_err," -key file use the private key contained in file\n");
|
BIO_printf(bio_err," -key file use the private key contained in file\n");
|
||||||
BIO_printf(bio_err," -keyform arg key file format\n");
|
BIO_printf(bio_err," -keyform arg key file format\n");
|
||||||
BIO_printf(bio_err," -keyout arg file to send the key to\n");
|
BIO_printf(bio_err," -keyout arg file to send the key to\n");
|
||||||
|
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
|
||||||
|
BIO_printf(bio_err," load the file (or the files in the directory) into\n");
|
||||||
|
BIO_printf(bio_err," the random number generator\n");
|
||||||
BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
|
BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
|
||||||
BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
|
BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
|
||||||
|
|
||||||
@ -457,7 +466,7 @@ int MAIN(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if(!add_oid_section(req_conf)) goto end;
|
if(!add_oid_section(bio_err, req_conf)) goto end;
|
||||||
|
|
||||||
if ((md_alg == NULL) &&
|
if ((md_alg == NULL) &&
|
||||||
((p=CONF_get_string(req_conf,SECTION,"default_md")) != NULL))
|
((p=CONF_get_string(req_conf,SECTION,"default_md")) != NULL))
|
||||||
@ -538,12 +547,19 @@ int MAIN(int argc, char **argv)
|
|||||||
BIO_printf(bio_err,"unable to load Private key\n");
|
BIO_printf(bio_err,"unable to load Private key\n");
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
|
if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA)
|
||||||
|
{
|
||||||
|
char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
|
||||||
|
app_RAND_load_file(randfile, bio_err, 0);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (newreq && (pkey == NULL))
|
if (newreq && (pkey == NULL))
|
||||||
{
|
{
|
||||||
char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
|
char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
|
||||||
app_RAND_load_file(randfile, bio_err, 0);
|
app_RAND_load_file(randfile, bio_err, 0);
|
||||||
|
if (inrand)
|
||||||
|
app_RAND_load_files(inrand);
|
||||||
|
|
||||||
if (newkey <= 0)
|
if (newkey <= 0)
|
||||||
{
|
{
|
||||||
@ -593,6 +609,12 @@ int MAIN(int argc, char **argv)
|
|||||||
{
|
{
|
||||||
BIO_printf(bio_err,"writing new private key to stdout\n");
|
BIO_printf(bio_err,"writing new private key to stdout\n");
|
||||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||||
|
#ifdef VMS
|
||||||
|
{
|
||||||
|
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||||
|
out = BIO_push(tmpbio, out);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -788,7 +810,15 @@ int MAIN(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (outfile == NULL)
|
if (outfile == NULL)
|
||||||
|
{
|
||||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||||
|
#ifdef VMS
|
||||||
|
{
|
||||||
|
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||||
|
out = BIO_push(tmpbio, out);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if ((keyout != NULL) && (strcmp(outfile,keyout) == 0))
|
if ((keyout != NULL) && (strcmp(outfile,keyout) == 0))
|
||||||
@ -874,12 +904,12 @@ int MAIN(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf);
|
if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf);
|
||||||
BIO_free(in);
|
BIO_free(in);
|
||||||
BIO_free(out);
|
BIO_free_all(out);
|
||||||
EVP_PKEY_free(pkey);
|
EVP_PKEY_free(pkey);
|
||||||
X509_REQ_free(req);
|
X509_REQ_free(req);
|
||||||
X509_free(x509ss);
|
X509_free(x509ss);
|
||||||
if(passargin && passin) Free(passin);
|
if(passargin && passin) OPENSSL_free(passin);
|
||||||
if(passargout && passout) Free(passout);
|
if(passargout && passout) OPENSSL_free(passout);
|
||||||
OBJ_cleanup();
|
OBJ_cleanup();
|
||||||
#ifndef NO_DSA
|
#ifndef NO_DSA
|
||||||
if (dsa_params != NULL) DSA_free(dsa_params);
|
if (dsa_params != NULL) DSA_free(dsa_params);
|
||||||
@ -1083,7 +1113,11 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
|
|||||||
* multiple instances
|
* multiple instances
|
||||||
*/
|
*/
|
||||||
for(p = v->name; *p ; p++)
|
for(p = v->name; *p ; p++)
|
||||||
|
#ifndef CHARSET_EBCDIC
|
||||||
if ((*p == ':') || (*p == ',') || (*p == '.')) {
|
if ((*p == ':') || (*p == ',') || (*p == '.')) {
|
||||||
|
#else
|
||||||
|
if ((*p == os_toascii[':']) || (*p == os_toascii[',']) || (*p == os_toascii['.'])) {
|
||||||
|
#endif
|
||||||
p++;
|
p++;
|
||||||
if(*p) type = p;
|
if(*p) type = p;
|
||||||
break;
|
break;
|
||||||
@ -1199,6 +1233,9 @@ static int add_attribute_object(X509_REQ *req, char *text,
|
|||||||
return(0);
|
return(0);
|
||||||
}
|
}
|
||||||
buf[--i]='\0';
|
buf[--i]='\0';
|
||||||
|
#ifdef CHARSET_EBCDIC
|
||||||
|
ebcdic2ascii(buf, buf, i);
|
||||||
|
#endif
|
||||||
if(!req_check_len(i, min, max)) goto start;
|
if(!req_check_len(i, min, max)) goto start;
|
||||||
|
|
||||||
if(!X509_REQ_add1_attr_by_NID(req, nid, MBSTRING_ASC,
|
if(!X509_REQ_add1_attr_by_NID(req, nid, MBSTRING_ASC,
|
||||||
@ -1256,25 +1293,3 @@ static int check_end(char *str, char *end)
|
|||||||
tmp = str + slen - elen;
|
tmp = str + slen - elen;
|
||||||
return strcmp(tmp, end);
|
return strcmp(tmp, end);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int add_oid_section(LHASH *conf)
|
|
||||||
{
|
|
||||||
char *p;
|
|
||||||
STACK_OF(CONF_VALUE) *sktmp;
|
|
||||||
CONF_VALUE *cnf;
|
|
||||||
int i;
|
|
||||||
if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1;
|
|
||||||
if(!(sktmp = CONF_get_section(conf, p))) {
|
|
||||||
BIO_printf(bio_err, "problem loading oid section %s\n", p);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
|
|
||||||
cnf = sk_CONF_VALUE_value(sktmp, i);
|
|
||||||
if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
|
|
||||||
BIO_printf(bio_err, "problem creating object %s=%s\n",
|
|
||||||
cnf->name, cnf->value);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
@ -92,7 +92,7 @@ int MAIN(int argc, char **argv)
|
|||||||
{
|
{
|
||||||
int ret=1;
|
int ret=1;
|
||||||
RSA *rsa=NULL;
|
RSA *rsa=NULL;
|
||||||
int i,badops=0;
|
int i,badops=0, sgckey=0;
|
||||||
const EVP_CIPHER *enc=NULL;
|
const EVP_CIPHER *enc=NULL;
|
||||||
BIO *in=NULL,*out=NULL;
|
BIO *in=NULL,*out=NULL;
|
||||||
int informat,outformat,text=0,check=0,noout=0;
|
int informat,outformat,text=0,check=0,noout=0;
|
||||||
@ -148,6 +148,8 @@ int MAIN(int argc, char **argv)
|
|||||||
if (--argc < 1) goto bad;
|
if (--argc < 1) goto bad;
|
||||||
passargout= *(++argv);
|
passargout= *(++argv);
|
||||||
}
|
}
|
||||||
|
else if (strcmp(*argv,"-sgckey") == 0)
|
||||||
|
sgckey=1;
|
||||||
else if (strcmp(*argv,"-pubin") == 0)
|
else if (strcmp(*argv,"-pubin") == 0)
|
||||||
pubin=1;
|
pubin=1;
|
||||||
else if (strcmp(*argv,"-pubout") == 0)
|
else if (strcmp(*argv,"-pubout") == 0)
|
||||||
@ -178,6 +180,7 @@ int MAIN(int argc, char **argv)
|
|||||||
BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n");
|
BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n");
|
||||||
BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n");
|
BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n");
|
||||||
BIO_printf(bio_err," -in arg input file\n");
|
BIO_printf(bio_err," -in arg input file\n");
|
||||||
|
BIO_printf(bio_err," -sgckey Use IIS SGC key format\n");
|
||||||
BIO_printf(bio_err," -passin arg input file pass phrase source\n");
|
BIO_printf(bio_err," -passin arg input file pass phrase source\n");
|
||||||
BIO_printf(bio_err," -out arg output file\n");
|
BIO_printf(bio_err," -out arg output file\n");
|
||||||
BIO_printf(bio_err," -passout arg output file pass phrase source\n");
|
BIO_printf(bio_err," -passout arg output file pass phrase source\n");
|
||||||
@ -254,7 +257,7 @@ int MAIN(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
p=(unsigned char *)buf->data;
|
p=(unsigned char *)buf->data;
|
||||||
rsa=d2i_Netscape_RSA(NULL,&p,(long)size,NULL);
|
rsa=d2i_RSA_NET(NULL,&p,(long)size,NULL, sgckey);
|
||||||
BUF_MEM_free(buf);
|
BUF_MEM_free(buf);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
@ -275,7 +278,15 @@ int MAIN(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (outfile == NULL)
|
if (outfile == NULL)
|
||||||
|
{
|
||||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||||
|
#ifdef VMS
|
||||||
|
{
|
||||||
|
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||||
|
out = BIO_push(tmpbio, out);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if (BIO_write_filename(out,outfile) <= 0)
|
if (BIO_write_filename(out,outfile) <= 0)
|
||||||
@ -344,16 +355,16 @@ int MAIN(int argc, char **argv)
|
|||||||
int size;
|
int size;
|
||||||
|
|
||||||
i=1;
|
i=1;
|
||||||
size=i2d_Netscape_RSA(rsa,NULL,NULL);
|
size=i2d_RSA_NET(rsa,NULL,NULL, sgckey);
|
||||||
if ((p=(unsigned char *)Malloc(size)) == NULL)
|
if ((p=(unsigned char *)OPENSSL_malloc(size)) == NULL)
|
||||||
{
|
{
|
||||||
BIO_printf(bio_err,"Malloc failure\n");
|
BIO_printf(bio_err,"Memory allocation failure\n");
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
pp=p;
|
pp=p;
|
||||||
i2d_Netscape_RSA(rsa,&p,NULL);
|
i2d_RSA_NET(rsa,&p,NULL, sgckey);
|
||||||
BIO_write(out,(char *)pp,size);
|
BIO_write(out,(char *)pp,size);
|
||||||
Free(pp);
|
OPENSSL_free(pp);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
else if (outformat == FORMAT_PEM) {
|
else if (outformat == FORMAT_PEM) {
|
||||||
@ -374,10 +385,10 @@ int MAIN(int argc, char **argv)
|
|||||||
ret=0;
|
ret=0;
|
||||||
end:
|
end:
|
||||||
if(in != NULL) BIO_free(in);
|
if(in != NULL) BIO_free(in);
|
||||||
if(out != NULL) BIO_free(out);
|
if(out != NULL) BIO_free_all(out);
|
||||||
if(rsa != NULL) RSA_free(rsa);
|
if(rsa != NULL) RSA_free(rsa);
|
||||||
if(passin) Free(passin);
|
if(passin) OPENSSL_free(passin);
|
||||||
if(passout) Free(passout);
|
if(passout) OPENSSL_free(passout);
|
||||||
EXIT(ret);
|
EXIT(ret);
|
||||||
}
|
}
|
||||||
#else /* !NO_RSA */
|
#else /* !NO_RSA */
|
||||||
|
290
crypto/openssl/apps/rsautl.c
Normal file
290
crypto/openssl/apps/rsautl.c
Normal file
@ -0,0 +1,290 @@
|
|||||||
|
/* rsautl.c */
|
||||||
|
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
|
||||||
|
* project 2000.
|
||||||
|
*/
|
||||||
|
/* ====================================================================
|
||||||
|
* Copyright (c) 2000 The OpenSSL Project. All rights reserved.
|
||||||
|
*
|
||||||
|
* Redistribution and use in source and binary forms, with or without
|
||||||
|
* modification, are permitted provided that the following conditions
|
||||||
|
* are met:
|
||||||
|
*
|
||||||
|
* 1. Redistributions of source code must retain the above copyright
|
||||||
|
* notice, this list of conditions and the following disclaimer.
|
||||||
|
*
|
||||||
|
* 2. Redistributions in binary form must reproduce the above copyright
|
||||||
|
* notice, this list of conditions and the following disclaimer in
|
||||||
|
* the documentation and/or other materials provided with the
|
||||||
|
* distribution.
|
||||||
|
*
|
||||||
|
* 3. All advertising materials mentioning features or use of this
|
||||||
|
* software must display the following acknowledgment:
|
||||||
|
* "This product includes software developed by the OpenSSL Project
|
||||||
|
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
|
||||||
|
*
|
||||||
|
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||||
|
* endorse or promote products derived from this software without
|
||||||
|
* prior written permission. For written permission, please contact
|
||||||
|
* licensing@OpenSSL.org.
|
||||||
|
*
|
||||||
|
* 5. Products derived from this software may not be called "OpenSSL"
|
||||||
|
* nor may "OpenSSL" appear in their names without prior written
|
||||||
|
* permission of the OpenSSL Project.
|
||||||
|
*
|
||||||
|
* 6. Redistributions of any form whatsoever must retain the following
|
||||||
|
* acknowledgment:
|
||||||
|
* "This product includes software developed by the OpenSSL Project
|
||||||
|
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
|
||||||
|
*
|
||||||
|
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||||
|
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||||
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||||
|
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||||
|
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||||
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||||
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||||
|
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||||
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||||
|
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||||
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||||
|
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
* ====================================================================
|
||||||
|
*
|
||||||
|
* This product includes cryptographic software written by Eric Young
|
||||||
|
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||||
|
* Hudson (tjh@cryptsoft.com).
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
#include "apps.h"
|
||||||
|
#include <string.h>
|
||||||
|
#include <openssl/err.h>
|
||||||
|
#include <openssl/pem.h>
|
||||||
|
|
||||||
|
#define RSA_SIGN 1
|
||||||
|
#define RSA_VERIFY 2
|
||||||
|
#define RSA_ENCRYPT 3
|
||||||
|
#define RSA_DECRYPT 4
|
||||||
|
|
||||||
|
#define KEY_PRIVKEY 1
|
||||||
|
#define KEY_PUBKEY 2
|
||||||
|
#define KEY_CERT 3
|
||||||
|
|
||||||
|
static void usage(void);
|
||||||
|
|
||||||
|
#undef PROG
|
||||||
|
|
||||||
|
#define PROG rsautl_main
|
||||||
|
|
||||||
|
int MAIN(int argc, char **);
|
||||||
|
|
||||||
|
int MAIN(int argc, char **argv)
|
||||||
|
{
|
||||||
|
BIO *in = NULL, *out = NULL;
|
||||||
|
char *infile = NULL, *outfile = NULL;
|
||||||
|
char *keyfile = NULL;
|
||||||
|
char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
|
||||||
|
int keyform = FORMAT_PEM;
|
||||||
|
char need_priv = 0, badarg = 0, rev = 0;
|
||||||
|
char hexdump = 0, asn1parse = 0;
|
||||||
|
X509 *x;
|
||||||
|
EVP_PKEY *pkey = NULL;
|
||||||
|
RSA *rsa = NULL;
|
||||||
|
unsigned char *rsa_in = NULL, *rsa_out = NULL, pad;
|
||||||
|
int rsa_inlen, rsa_outlen = 0;
|
||||||
|
int keysize;
|
||||||
|
|
||||||
|
int ret = 1;
|
||||||
|
|
||||||
|
argc--;
|
||||||
|
argv++;
|
||||||
|
|
||||||
|
if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
|
||||||
|
ERR_load_crypto_strings();
|
||||||
|
OpenSSL_add_all_algorithms();
|
||||||
|
pad = RSA_PKCS1_PADDING;
|
||||||
|
|
||||||
|
while(argc >= 1)
|
||||||
|
{
|
||||||
|
if (!strcmp(*argv,"-in")) {
|
||||||
|
if (--argc < 1) badarg = 1;
|
||||||
|
infile= *(++argv);
|
||||||
|
} else if (!strcmp(*argv,"-out")) {
|
||||||
|
if (--argc < 1) badarg = 1;
|
||||||
|
outfile= *(++argv);
|
||||||
|
} else if(!strcmp(*argv, "-inkey")) {
|
||||||
|
if (--argc < 1) badarg = 1;
|
||||||
|
keyfile = *(++argv);
|
||||||
|
} else if(!strcmp(*argv, "-pubin")) {
|
||||||
|
key_type = KEY_PUBKEY;
|
||||||
|
} else if(!strcmp(*argv, "-certin")) {
|
||||||
|
key_type = KEY_CERT;
|
||||||
|
}
|
||||||
|
else if(!strcmp(*argv, "-asn1parse")) asn1parse = 1;
|
||||||
|
else if(!strcmp(*argv, "-hexdump")) hexdump = 1;
|
||||||
|
else if(!strcmp(*argv, "-raw")) pad = RSA_NO_PADDING;
|
||||||
|
else if(!strcmp(*argv, "-oaep")) pad = RSA_PKCS1_OAEP_PADDING;
|
||||||
|
else if(!strcmp(*argv, "-ssl")) pad = RSA_SSLV23_PADDING;
|
||||||
|
else if(!strcmp(*argv, "-pkcs")) pad = RSA_PKCS1_PADDING;
|
||||||
|
else if(!strcmp(*argv, "-sign")) {
|
||||||
|
rsa_mode = RSA_SIGN;
|
||||||
|
need_priv = 1;
|
||||||
|
} else if(!strcmp(*argv, "-verify")) rsa_mode = RSA_VERIFY;
|
||||||
|
else if(!strcmp(*argv, "-rev")) rev = 1;
|
||||||
|
else if(!strcmp(*argv, "-encrypt")) rsa_mode = RSA_ENCRYPT;
|
||||||
|
else if(!strcmp(*argv, "-decrypt")) {
|
||||||
|
rsa_mode = RSA_DECRYPT;
|
||||||
|
need_priv = 1;
|
||||||
|
} else badarg = 1;
|
||||||
|
if(badarg) {
|
||||||
|
usage();
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
argc--;
|
||||||
|
argv++;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(need_priv && (key_type != KEY_PRIVKEY)) {
|
||||||
|
BIO_printf(bio_err, "A private key is needed for this operation\n");
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* FIXME: seed PRNG only if needed */
|
||||||
|
app_RAND_load_file(NULL, bio_err, 0);
|
||||||
|
|
||||||
|
switch(key_type) {
|
||||||
|
case KEY_PRIVKEY:
|
||||||
|
pkey = load_key(bio_err, keyfile, keyform, NULL);
|
||||||
|
break;
|
||||||
|
|
||||||
|
case KEY_PUBKEY:
|
||||||
|
pkey = load_pubkey(bio_err, keyfile, keyform);
|
||||||
|
break;
|
||||||
|
|
||||||
|
case KEY_CERT:
|
||||||
|
x = load_cert(bio_err, keyfile, keyform);
|
||||||
|
if(x) {
|
||||||
|
pkey = X509_get_pubkey(x);
|
||||||
|
X509_free(x);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(!pkey) {
|
||||||
|
BIO_printf(bio_err, "Error loading key\n");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
rsa = EVP_PKEY_get1_RSA(pkey);
|
||||||
|
EVP_PKEY_free(pkey);
|
||||||
|
|
||||||
|
if(!rsa) {
|
||||||
|
BIO_printf(bio_err, "Error getting RSA key\n");
|
||||||
|
ERR_print_errors(bio_err);
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
if(infile) {
|
||||||
|
if(!(in = BIO_new_file(infile, "rb"))) {
|
||||||
|
BIO_printf(bio_err, "Error Reading Input File\n");
|
||||||
|
ERR_print_errors(bio_err);
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
} else in = BIO_new_fp(stdin, BIO_NOCLOSE);
|
||||||
|
|
||||||
|
if(outfile) {
|
||||||
|
if(!(out = BIO_new_file(outfile, "wb"))) {
|
||||||
|
BIO_printf(bio_err, "Error Reading Output File\n");
|
||||||
|
ERR_print_errors(bio_err);
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
out = BIO_new_fp(stdout, BIO_NOCLOSE);
|
||||||
|
#ifdef VMS
|
||||||
|
{
|
||||||
|
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||||
|
out = BIO_push(tmpbio, out);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
keysize = RSA_size(rsa);
|
||||||
|
|
||||||
|
rsa_in = OPENSSL_malloc(keysize * 2);
|
||||||
|
rsa_out = OPENSSL_malloc(keysize);
|
||||||
|
|
||||||
|
/* Read the input data */
|
||||||
|
rsa_inlen = BIO_read(in, rsa_in, keysize * 2);
|
||||||
|
if(rsa_inlen <= 0) {
|
||||||
|
BIO_printf(bio_err, "Error reading input Data\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
if(rev) {
|
||||||
|
int i;
|
||||||
|
unsigned char ctmp;
|
||||||
|
for(i = 0; i < rsa_inlen/2; i++) {
|
||||||
|
ctmp = rsa_in[i];
|
||||||
|
rsa_in[i] = rsa_in[rsa_inlen - 1 - i];
|
||||||
|
rsa_in[rsa_inlen - 1 - i] = ctmp;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
switch(rsa_mode) {
|
||||||
|
|
||||||
|
case RSA_VERIFY:
|
||||||
|
rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
|
||||||
|
break;
|
||||||
|
|
||||||
|
case RSA_SIGN:
|
||||||
|
rsa_outlen = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
|
||||||
|
break;
|
||||||
|
|
||||||
|
case RSA_ENCRYPT:
|
||||||
|
rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
|
||||||
|
break;
|
||||||
|
|
||||||
|
case RSA_DECRYPT:
|
||||||
|
rsa_outlen = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
|
||||||
|
break;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
if(rsa_outlen <= 0) {
|
||||||
|
BIO_printf(bio_err, "RSA operation error\n");
|
||||||
|
ERR_print_errors(bio_err);
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
ret = 0;
|
||||||
|
if(asn1parse) {
|
||||||
|
if(!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) {
|
||||||
|
ERR_print_errors(bio_err);
|
||||||
|
}
|
||||||
|
} else if(hexdump) BIO_dump(out, (char *)rsa_out, rsa_outlen);
|
||||||
|
else BIO_write(out, rsa_out, rsa_outlen);
|
||||||
|
end:
|
||||||
|
RSA_free(rsa);
|
||||||
|
BIO_free(in);
|
||||||
|
BIO_free_all(out);
|
||||||
|
if(rsa_in) OPENSSL_free(rsa_in);
|
||||||
|
if(rsa_out) OPENSSL_free(rsa_out);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
static void usage()
|
||||||
|
{
|
||||||
|
BIO_printf(bio_err, "Usage: rsautl [options]\n");
|
||||||
|
BIO_printf(bio_err, "-in file input file\n");
|
||||||
|
BIO_printf(bio_err, "-out file output file\n");
|
||||||
|
BIO_printf(bio_err, "-inkey file input key\n");
|
||||||
|
BIO_printf(bio_err, "-pubin input is an RSA public\n");
|
||||||
|
BIO_printf(bio_err, "-certin input is a certificate carrying an RSA public key\n");
|
||||||
|
BIO_printf(bio_err, "-ssl use SSL v2 padding\n");
|
||||||
|
BIO_printf(bio_err, "-raw use no padding\n");
|
||||||
|
BIO_printf(bio_err, "-pkcs use PKCS#1 v1.5 padding (default)\n");
|
||||||
|
BIO_printf(bio_err, "-oaep use PKCS#1 OAEP\n");
|
||||||
|
BIO_printf(bio_err, "-sign sign with private key\n");
|
||||||
|
BIO_printf(bio_err, "-verify verify with public key\n");
|
||||||
|
BIO_printf(bio_err, "-encrypt encrypt with public key\n");
|
||||||
|
BIO_printf(bio_err, "-decrypt decrypt with private key\n");
|
||||||
|
BIO_printf(bio_err, "-hexdump hex dump output\n");
|
||||||
|
}
|
||||||
|
|
@ -201,8 +201,8 @@ int MAIN(int argc, char **argv)
|
|||||||
if (bio_err == NULL)
|
if (bio_err == NULL)
|
||||||
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
|
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
|
||||||
|
|
||||||
if ( ((cbuf=Malloc(BUFSIZZ)) == NULL) ||
|
if ( ((cbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
|
||||||
((sbuf=Malloc(BUFSIZZ)) == NULL))
|
((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL))
|
||||||
{
|
{
|
||||||
BIO_printf(bio_err,"out of memory\n");
|
BIO_printf(bio_err,"out of memory\n");
|
||||||
goto end;
|
goto end;
|
||||||
@ -523,7 +523,7 @@ int MAIN(int argc, char **argv)
|
|||||||
tv.tv_usec = 0;
|
tv.tv_usec = 0;
|
||||||
i=select(width,(void *)&readfds,(void *)&writefds,
|
i=select(width,(void *)&readfds,(void *)&writefds,
|
||||||
NULL,&tv);
|
NULL,&tv);
|
||||||
if(!i && (!_kbhit() || !read_tty) ) continue;
|
if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue;
|
||||||
} else i=select(width,(void *)&readfds,(void *)&writefds,
|
} else i=select(width,(void *)&readfds,(void *)&writefds,
|
||||||
NULL,NULL);
|
NULL,NULL);
|
||||||
}
|
}
|
||||||
@ -689,7 +689,7 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
|
|||||||
}
|
}
|
||||||
|
|
||||||
#ifdef WINDOWS
|
#ifdef WINDOWS
|
||||||
else if (_kbhit())
|
else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
|
||||||
#else
|
#else
|
||||||
else if (FD_ISSET(fileno(stdin),&readfds))
|
else if (FD_ISSET(fileno(stdin),&readfds))
|
||||||
#endif
|
#endif
|
||||||
@ -753,8 +753,8 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
|
|||||||
if (con != NULL) SSL_free(con);
|
if (con != NULL) SSL_free(con);
|
||||||
if (con2 != NULL) SSL_free(con2);
|
if (con2 != NULL) SSL_free(con2);
|
||||||
if (ctx != NULL) SSL_CTX_free(ctx);
|
if (ctx != NULL) SSL_CTX_free(ctx);
|
||||||
if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); Free(cbuf); }
|
if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); OPENSSL_free(cbuf); }
|
||||||
if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); Free(sbuf); }
|
if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); OPENSSL_free(sbuf); }
|
||||||
if (bio_c_out != NULL)
|
if (bio_c_out != NULL)
|
||||||
{
|
{
|
||||||
BIO_free(bio_c_out);
|
BIO_free(bio_c_out);
|
||||||
|
@ -285,7 +285,7 @@ static int ebcdic_new(BIO *bi)
|
|||||||
{
|
{
|
||||||
EBCDIC_OUTBUFF *wbuf;
|
EBCDIC_OUTBUFF *wbuf;
|
||||||
|
|
||||||
wbuf = (EBCDIC_OUTBUFF *)Malloc(sizeof(EBCDIC_OUTBUFF) + 1024);
|
wbuf = (EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + 1024);
|
||||||
wbuf->alloced = 1024;
|
wbuf->alloced = 1024;
|
||||||
wbuf->buff[0] = '\0';
|
wbuf->buff[0] = '\0';
|
||||||
|
|
||||||
@ -299,7 +299,7 @@ static int ebcdic_free(BIO *a)
|
|||||||
{
|
{
|
||||||
if (a == NULL) return(0);
|
if (a == NULL) return(0);
|
||||||
if (a->ptr != NULL)
|
if (a->ptr != NULL)
|
||||||
Free(a->ptr);
|
OPENSSL_free(a->ptr);
|
||||||
a->ptr=NULL;
|
a->ptr=NULL;
|
||||||
a->init=0;
|
a->init=0;
|
||||||
a->flags=0;
|
a->flags=0;
|
||||||
@ -336,8 +336,8 @@ static int ebcdic_write(BIO *b, char *in, int inl)
|
|||||||
num = num + num; /* double the size */
|
num = num + num; /* double the size */
|
||||||
if (num < inl)
|
if (num < inl)
|
||||||
num = inl;
|
num = inl;
|
||||||
Free(wbuf);
|
OPENSSL_free(wbuf);
|
||||||
wbuf=(EBCDIC_OUTBUFF *)Malloc(sizeof(EBCDIC_OUTBUFF) + num);
|
wbuf=(EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num);
|
||||||
|
|
||||||
wbuf->alloced = num;
|
wbuf->alloced = num;
|
||||||
wbuf->buff[0] = '\0';
|
wbuf->buff[0] = '\0';
|
||||||
@ -766,7 +766,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
|
|||||||
struct timeval tv;
|
struct timeval tv;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if ((buf=Malloc(bufsize)) == NULL)
|
if ((buf=OPENSSL_malloc(bufsize)) == NULL)
|
||||||
{
|
{
|
||||||
BIO_printf(bio_err,"out of memory\n");
|
BIO_printf(bio_err,"out of memory\n");
|
||||||
goto err;
|
goto err;
|
||||||
@ -1028,7 +1028,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
|
|||||||
if (buf != NULL)
|
if (buf != NULL)
|
||||||
{
|
{
|
||||||
memset(buf,0,bufsize);
|
memset(buf,0,bufsize);
|
||||||
Free(buf);
|
OPENSSL_free(buf);
|
||||||
}
|
}
|
||||||
if (ret >= 0)
|
if (ret >= 0)
|
||||||
BIO_printf(bio_s_out,"ACCEPT\n");
|
BIO_printf(bio_s_out,"ACCEPT\n");
|
||||||
@ -1145,7 +1145,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
|
|||||||
BIO *io,*ssl_bio,*sbio;
|
BIO *io,*ssl_bio,*sbio;
|
||||||
long total_bytes;
|
long total_bytes;
|
||||||
|
|
||||||
buf=Malloc(bufsize);
|
buf=OPENSSL_malloc(bufsize);
|
||||||
if (buf == NULL) return(0);
|
if (buf == NULL) return(0);
|
||||||
io=BIO_new(BIO_f_buffer());
|
io=BIO_new(BIO_f_buffer());
|
||||||
ssl_bio=BIO_new(BIO_f_ssl());
|
ssl_bio=BIO_new(BIO_f_ssl());
|
||||||
@ -1474,7 +1474,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
|
|||||||
if (ret >= 0)
|
if (ret >= 0)
|
||||||
BIO_printf(bio_s_out,"ACCEPT\n");
|
BIO_printf(bio_s_out,"ACCEPT\n");
|
||||||
|
|
||||||
if (buf != NULL) Free(buf);
|
if (buf != NULL) OPENSSL_free(buf);
|
||||||
if (io != NULL) BIO_free_all(io);
|
if (io != NULL) BIO_free_all(io);
|
||||||
/* if (ssl_bio != NULL) BIO_free(ssl_bio);*/
|
/* if (ssl_bio != NULL) BIO_free(ssl_bio);*/
|
||||||
return(ret);
|
return(ret);
|
||||||
|
@ -209,9 +209,11 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port)
|
|||||||
s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
|
s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
|
||||||
if (s == INVALID_SOCKET) { perror("socket"); return(0); }
|
if (s == INVALID_SOCKET) { perror("socket"); return(0); }
|
||||||
|
|
||||||
|
#ifndef MPE
|
||||||
i=0;
|
i=0;
|
||||||
i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
|
i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
|
||||||
if (i < 0) { perror("keepalive"); return(0); }
|
if (i < 0) { perror("keepalive"); return(0); }
|
||||||
|
#endif
|
||||||
|
|
||||||
if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
|
if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
|
||||||
{ close(s); perror("connect"); return(0); }
|
{ close(s); perror("connect"); return(0); }
|
||||||
@ -241,7 +243,7 @@ int do_server(int port, int *ret, int (*cb)(), char *context)
|
|||||||
return(0);
|
return(0);
|
||||||
}
|
}
|
||||||
i=(*cb)(name,sock, context);
|
i=(*cb)(name,sock, context);
|
||||||
if (name != NULL) Free(name);
|
if (name != NULL) OPENSSL_free(name);
|
||||||
SHUTDOWN2(sock);
|
SHUTDOWN2(sock);
|
||||||
if (i < 0)
|
if (i < 0)
|
||||||
{
|
{
|
||||||
@ -372,9 +374,9 @@ static int do_accept(int acc_sock, int *sock, char **host)
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if ((*host=(char *)Malloc(strlen(h1->h_name)+1)) == NULL)
|
if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL)
|
||||||
{
|
{
|
||||||
perror("Malloc");
|
perror("OPENSSL_malloc");
|
||||||
return(0);
|
return(0);
|
||||||
}
|
}
|
||||||
strcpy(*host,h1->h_name);
|
strcpy(*host,h1->h_name);
|
||||||
|
@ -206,7 +206,15 @@ int MAIN(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (outfile == NULL)
|
if (outfile == NULL)
|
||||||
|
{
|
||||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||||
|
#ifdef VMS
|
||||||
|
{
|
||||||
|
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||||
|
out = BIO_push(tmpbio, out);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if (BIO_write_filename(out,outfile) <= 0)
|
if (BIO_write_filename(out,outfile) <= 0)
|
||||||
@ -262,7 +270,7 @@ int MAIN(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
ret=0;
|
ret=0;
|
||||||
end:
|
end:
|
||||||
if (out != NULL) BIO_free(out);
|
if (out != NULL) BIO_free_all(out);
|
||||||
if (x != NULL) SSL_SESSION_free(x);
|
if (x != NULL) SSL_SESSION_free(x);
|
||||||
EXIT(ret);
|
EXIT(ret);
|
||||||
}
|
}
|
||||||
|
@ -67,9 +67,6 @@
|
|||||||
|
|
||||||
#undef PROG
|
#undef PROG
|
||||||
#define PROG smime_main
|
#define PROG smime_main
|
||||||
static X509 *load_cert(char *file);
|
|
||||||
static EVP_PKEY *load_key(char *file, char *pass);
|
|
||||||
static STACK_OF(X509) *load_certs(char *file);
|
|
||||||
static X509_STORE *setup_verify(char *CAfile, char *CApath);
|
static X509_STORE *setup_verify(char *CAfile, char *CApath);
|
||||||
static int save_certs(char *signerfile, STACK_OF(X509) *signers);
|
static int save_certs(char *signerfile, STACK_OF(X509) *signers);
|
||||||
|
|
||||||
@ -90,7 +87,7 @@ int MAIN(int argc, char **argv)
|
|||||||
char *inmode = "r", *outmode = "w";
|
char *inmode = "r", *outmode = "w";
|
||||||
char *infile = NULL, *outfile = NULL;
|
char *infile = NULL, *outfile = NULL;
|
||||||
char *signerfile = NULL, *recipfile = NULL;
|
char *signerfile = NULL, *recipfile = NULL;
|
||||||
char *certfile = NULL, *keyfile = NULL;
|
char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
|
||||||
EVP_CIPHER *cipher = NULL;
|
EVP_CIPHER *cipher = NULL;
|
||||||
PKCS7 *p7 = NULL;
|
PKCS7 *p7 = NULL;
|
||||||
X509_STORE *store = NULL;
|
X509_STORE *store = NULL;
|
||||||
@ -105,6 +102,7 @@ int MAIN(int argc, char **argv)
|
|||||||
char *passargin = NULL, *passin = NULL;
|
char *passargin = NULL, *passin = NULL;
|
||||||
char *inrand = NULL;
|
char *inrand = NULL;
|
||||||
int need_rand = 0;
|
int need_rand = 0;
|
||||||
|
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
|
||||||
args = argv + 1;
|
args = argv + 1;
|
||||||
|
|
||||||
ret = 1;
|
ret = 1;
|
||||||
@ -143,6 +141,8 @@ int MAIN(int argc, char **argv)
|
|||||||
flags |= PKCS7_NOATTR;
|
flags |= PKCS7_NOATTR;
|
||||||
else if (!strcmp (*args, "-nodetach"))
|
else if (!strcmp (*args, "-nodetach"))
|
||||||
flags &= ~PKCS7_DETACHED;
|
flags &= ~PKCS7_DETACHED;
|
||||||
|
else if (!strcmp (*args, "-nosmimecap"))
|
||||||
|
flags |= PKCS7_NOSMIMECAP;
|
||||||
else if (!strcmp (*args, "-binary"))
|
else if (!strcmp (*args, "-binary"))
|
||||||
flags |= PKCS7_BINARY;
|
flags |= PKCS7_BINARY;
|
||||||
else if (!strcmp (*args, "-nosigs"))
|
else if (!strcmp (*args, "-nosigs"))
|
||||||
@ -208,11 +208,26 @@ int MAIN(int argc, char **argv)
|
|||||||
args++;
|
args++;
|
||||||
infile = *args;
|
infile = *args;
|
||||||
} else badarg = 1;
|
} else badarg = 1;
|
||||||
|
} else if (!strcmp (*args, "-inform")) {
|
||||||
|
if (args[1]) {
|
||||||
|
args++;
|
||||||
|
informat = str2fmt(*args);
|
||||||
|
} else badarg = 1;
|
||||||
|
} else if (!strcmp (*args, "-outform")) {
|
||||||
|
if (args[1]) {
|
||||||
|
args++;
|
||||||
|
outformat = str2fmt(*args);
|
||||||
|
} else badarg = 1;
|
||||||
} else if (!strcmp (*args, "-out")) {
|
} else if (!strcmp (*args, "-out")) {
|
||||||
if (args[1]) {
|
if (args[1]) {
|
||||||
args++;
|
args++;
|
||||||
outfile = *args;
|
outfile = *args;
|
||||||
} else badarg = 1;
|
} else badarg = 1;
|
||||||
|
} else if (!strcmp (*args, "-content")) {
|
||||||
|
if (args[1]) {
|
||||||
|
args++;
|
||||||
|
contfile = *args;
|
||||||
|
} else badarg = 1;
|
||||||
} else badarg = 1;
|
} else badarg = 1;
|
||||||
args++;
|
args++;
|
||||||
}
|
}
|
||||||
@ -264,8 +279,11 @@ int MAIN(int argc, char **argv)
|
|||||||
BIO_printf (bio_err, "-signer file signer certificate file\n");
|
BIO_printf (bio_err, "-signer file signer certificate file\n");
|
||||||
BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n");
|
BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n");
|
||||||
BIO_printf (bio_err, "-in file input file\n");
|
BIO_printf (bio_err, "-in file input file\n");
|
||||||
|
BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n");
|
||||||
BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n");
|
BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n");
|
||||||
BIO_printf (bio_err, "-out file output file\n");
|
BIO_printf (bio_err, "-out file output file\n");
|
||||||
|
BIO_printf (bio_err, "-outform arg output format SMIME (default), PEM or DER\n");
|
||||||
|
BIO_printf (bio_err, "-content file supply or override content for detached signature\n");
|
||||||
BIO_printf (bio_err, "-to addr to address\n");
|
BIO_printf (bio_err, "-to addr to address\n");
|
||||||
BIO_printf (bio_err, "-from ad from address\n");
|
BIO_printf (bio_err, "-from ad from address\n");
|
||||||
BIO_printf (bio_err, "-subject s subject\n");
|
BIO_printf (bio_err, "-subject s subject\n");
|
||||||
@ -295,9 +313,12 @@ int MAIN(int argc, char **argv)
|
|||||||
|
|
||||||
if(operation != SMIME_SIGN) flags &= ~PKCS7_DETACHED;
|
if(operation != SMIME_SIGN) flags &= ~PKCS7_DETACHED;
|
||||||
|
|
||||||
if(flags & PKCS7_BINARY) {
|
if(operation & SMIME_OP) {
|
||||||
if(operation & SMIME_OP) inmode = "rb";
|
if(flags & PKCS7_BINARY) inmode = "rb";
|
||||||
else outmode = "rb";
|
if(outformat == FORMAT_ASN1) outmode = "wb";
|
||||||
|
} else {
|
||||||
|
if(flags & PKCS7_BINARY) outmode = "wb";
|
||||||
|
if(informat == FORMAT_ASN1) inmode = "rb";
|
||||||
}
|
}
|
||||||
|
|
||||||
if(operation == SMIME_ENCRYPT) {
|
if(operation == SMIME_ENCRYPT) {
|
||||||
@ -311,7 +332,7 @@ int MAIN(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
encerts = sk_X509_new_null();
|
encerts = sk_X509_new_null();
|
||||||
while (*args) {
|
while (*args) {
|
||||||
if(!(cert = load_cert(*args))) {
|
if(!(cert = load_cert(bio_err,*args,FORMAT_PEM))) {
|
||||||
BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args);
|
BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args);
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
@ -322,14 +343,14 @@ int MAIN(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if(signerfile && (operation == SMIME_SIGN)) {
|
if(signerfile && (operation == SMIME_SIGN)) {
|
||||||
if(!(signer = load_cert(signerfile))) {
|
if(!(signer = load_cert(bio_err,signerfile,FORMAT_PEM))) {
|
||||||
BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile);
|
BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile);
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if(certfile) {
|
if(certfile) {
|
||||||
if(!(other = load_certs(certfile))) {
|
if(!(other = load_certs(bio_err,certfile,FORMAT_PEM))) {
|
||||||
BIO_printf(bio_err, "Can't read certificate file %s\n", certfile);
|
BIO_printf(bio_err, "Can't read certificate file %s\n", certfile);
|
||||||
ERR_print_errors(bio_err);
|
ERR_print_errors(bio_err);
|
||||||
goto end;
|
goto end;
|
||||||
@ -337,7 +358,7 @@ int MAIN(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if(recipfile && (operation == SMIME_DECRYPT)) {
|
if(recipfile && (operation == SMIME_DECRYPT)) {
|
||||||
if(!(recip = load_cert(recipfile))) {
|
if(!(recip = load_cert(bio_err,recipfile,FORMAT_PEM))) {
|
||||||
BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile);
|
BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile);
|
||||||
ERR_print_errors(bio_err);
|
ERR_print_errors(bio_err);
|
||||||
goto end;
|
goto end;
|
||||||
@ -351,7 +372,7 @@ int MAIN(int argc, char **argv)
|
|||||||
} else keyfile = NULL;
|
} else keyfile = NULL;
|
||||||
|
|
||||||
if(keyfile) {
|
if(keyfile) {
|
||||||
if(!(key = load_key(keyfile, passin))) {
|
if(!(key = load_key(bio_err,keyfile, FORMAT_PEM, passin))) {
|
||||||
BIO_printf(bio_err, "Can't read recipient certificate file %s\n", keyfile);
|
BIO_printf(bio_err, "Can't read recipient certificate file %s\n", keyfile);
|
||||||
ERR_print_errors(bio_err);
|
ERR_print_errors(bio_err);
|
||||||
goto end;
|
goto end;
|
||||||
@ -372,7 +393,15 @@ int MAIN(int argc, char **argv)
|
|||||||
"Can't open output file %s\n", outfile);
|
"Can't open output file %s\n", outfile);
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
} else out = BIO_new_fp(stdout, BIO_NOCLOSE);
|
} else {
|
||||||
|
out = BIO_new_fp(stdout, BIO_NOCLOSE);
|
||||||
|
#ifdef VMS
|
||||||
|
{
|
||||||
|
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||||
|
out = BIO_push(tmpbio, out);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
if(operation == SMIME_VERIFY) {
|
if(operation == SMIME_VERIFY) {
|
||||||
if(!(store = setup_verify(CAfile, CApath))) goto end;
|
if(!(store = setup_verify(CAfile, CApath))) goto end;
|
||||||
@ -386,10 +415,28 @@ int MAIN(int argc, char **argv)
|
|||||||
p7 = PKCS7_sign(signer, key, other, in, flags);
|
p7 = PKCS7_sign(signer, key, other, in, flags);
|
||||||
BIO_reset(in);
|
BIO_reset(in);
|
||||||
} else {
|
} else {
|
||||||
if(!(p7 = SMIME_read_PKCS7(in, &indata))) {
|
if(informat == FORMAT_SMIME)
|
||||||
|
p7 = SMIME_read_PKCS7(in, &indata);
|
||||||
|
else if(informat == FORMAT_PEM)
|
||||||
|
p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
|
||||||
|
else if(informat == FORMAT_ASN1)
|
||||||
|
p7 = d2i_PKCS7_bio(in, NULL);
|
||||||
|
else {
|
||||||
|
BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(!p7) {
|
||||||
BIO_printf(bio_err, "Error reading S/MIME message\n");
|
BIO_printf(bio_err, "Error reading S/MIME message\n");
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
|
if(contfile) {
|
||||||
|
BIO_free(indata);
|
||||||
|
if(!(indata = BIO_new_file(contfile, "rb"))) {
|
||||||
|
BIO_printf(bio_err, "Can't read content file %s\n", contfile);
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!p7) {
|
if(!p7) {
|
||||||
@ -425,7 +472,16 @@ int MAIN(int argc, char **argv)
|
|||||||
if(to) BIO_printf(out, "To: %s\n", to);
|
if(to) BIO_printf(out, "To: %s\n", to);
|
||||||
if(from) BIO_printf(out, "From: %s\n", from);
|
if(from) BIO_printf(out, "From: %s\n", from);
|
||||||
if(subject) BIO_printf(out, "Subject: %s\n", subject);
|
if(subject) BIO_printf(out, "Subject: %s\n", subject);
|
||||||
SMIME_write_PKCS7(out, p7, in, flags);
|
if(outformat == FORMAT_SMIME)
|
||||||
|
SMIME_write_PKCS7(out, p7, in, flags);
|
||||||
|
else if(outformat == FORMAT_PEM)
|
||||||
|
PEM_write_bio_PKCS7(out,p7);
|
||||||
|
else if(outformat == FORMAT_ASN1)
|
||||||
|
i2d_PKCS7_bio(out,p7);
|
||||||
|
else {
|
||||||
|
BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
ret = 0;
|
ret = 0;
|
||||||
end:
|
end:
|
||||||
@ -442,54 +498,11 @@ int MAIN(int argc, char **argv)
|
|||||||
PKCS7_free(p7);
|
PKCS7_free(p7);
|
||||||
BIO_free(in);
|
BIO_free(in);
|
||||||
BIO_free(indata);
|
BIO_free(indata);
|
||||||
BIO_free(out);
|
BIO_free_all(out);
|
||||||
if(passin) Free(passin);
|
if(passin) OPENSSL_free(passin);
|
||||||
return (ret);
|
return (ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
static X509 *load_cert(char *file)
|
|
||||||
{
|
|
||||||
BIO *in;
|
|
||||||
X509 *cert;
|
|
||||||
if(!(in = BIO_new_file(file, "r"))) return NULL;
|
|
||||||
cert = PEM_read_bio_X509(in, NULL, NULL,NULL);
|
|
||||||
BIO_free(in);
|
|
||||||
return cert;
|
|
||||||
}
|
|
||||||
|
|
||||||
static EVP_PKEY *load_key(char *file, char *pass)
|
|
||||||
{
|
|
||||||
BIO *in;
|
|
||||||
EVP_PKEY *key;
|
|
||||||
if(!(in = BIO_new_file(file, "r"))) return NULL;
|
|
||||||
key = PEM_read_bio_PrivateKey(in, NULL,NULL,pass);
|
|
||||||
BIO_free(in);
|
|
||||||
return key;
|
|
||||||
}
|
|
||||||
|
|
||||||
static STACK_OF(X509) *load_certs(char *file)
|
|
||||||
{
|
|
||||||
BIO *in;
|
|
||||||
int i;
|
|
||||||
STACK_OF(X509) *othercerts;
|
|
||||||
STACK_OF(X509_INFO) *allcerts;
|
|
||||||
X509_INFO *xi;
|
|
||||||
if(!(in = BIO_new_file(file, "r"))) return NULL;
|
|
||||||
othercerts = sk_X509_new(NULL);
|
|
||||||
if(!othercerts) return NULL;
|
|
||||||
allcerts = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
|
|
||||||
for(i = 0; i < sk_X509_INFO_num(allcerts); i++) {
|
|
||||||
xi = sk_X509_INFO_value (allcerts, i);
|
|
||||||
if (xi->x509) {
|
|
||||||
sk_X509_push(othercerts, xi->x509);
|
|
||||||
xi->x509 = NULL;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
|
|
||||||
BIO_free(in);
|
|
||||||
return othercerts;
|
|
||||||
}
|
|
||||||
|
|
||||||
static X509_STORE *setup_verify(char *CAfile, char *CApath)
|
static X509_STORE *setup_verify(char *CAfile, char *CApath)
|
||||||
{
|
{
|
||||||
X509_STORE *store;
|
X509_STORE *store;
|
||||||
|
@ -82,16 +82,25 @@
|
|||||||
#include <openssl/rand.h>
|
#include <openssl/rand.h>
|
||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
|
|
||||||
#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
|
#if defined(__FreeBSD__)
|
||||||
#define TIMES
|
# define USE_TOD
|
||||||
|
#elif !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
|
||||||
|
# define TIMES
|
||||||
|
#endif
|
||||||
|
#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE)
|
||||||
|
# define TIMEB
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifndef _IRIX
|
#ifndef _IRIX
|
||||||
#include <time.h>
|
# include <time.h>
|
||||||
#endif
|
#endif
|
||||||
#ifdef TIMES
|
#ifdef TIMES
|
||||||
#include <sys/types.h>
|
# include <sys/types.h>
|
||||||
#include <sys/times.h>
|
# include <sys/times.h>
|
||||||
|
#endif
|
||||||
|
#ifdef USE_TOD
|
||||||
|
# include <sys/time.h>
|
||||||
|
# include <sys/resource.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* Depending on the VMS version, the tms structure is perhaps defined.
|
/* Depending on the VMS version, the tms structure is perhaps defined.
|
||||||
@ -102,10 +111,14 @@
|
|||||||
#undef TIMES
|
#undef TIMES
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifndef TIMES
|
#ifdef TIMEB
|
||||||
#include <sys/timeb.h>
|
#include <sys/timeb.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD)
|
||||||
|
#error "It seems neither struct tms nor struct timeb is supported in this platform!"
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(sun) || defined(__ultrix)
|
#if defined(sun) || defined(__ultrix)
|
||||||
#define _POSIX_SOURCE
|
#define _POSIX_SOURCE
|
||||||
#include <limits.h>
|
#include <limits.h>
|
||||||
@ -121,6 +134,9 @@
|
|||||||
#ifndef NO_MDC2
|
#ifndef NO_MDC2
|
||||||
#include <openssl/mdc2.h>
|
#include <openssl/mdc2.h>
|
||||||
#endif
|
#endif
|
||||||
|
#ifndef NO_MD4
|
||||||
|
#include <openssl/md4.h>
|
||||||
|
#endif
|
||||||
#ifndef NO_MD5
|
#ifndef NO_MD5
|
||||||
#include <openssl/md5.h>
|
#include <openssl/md5.h>
|
||||||
#endif
|
#endif
|
||||||
@ -178,7 +194,7 @@
|
|||||||
#define BUFSIZE ((long)1024*8+1)
|
#define BUFSIZE ((long)1024*8+1)
|
||||||
int run=0;
|
int run=0;
|
||||||
|
|
||||||
static double Time_F(int s);
|
static double Time_F(int s, int usertime);
|
||||||
static void print_message(char *s,long num,int length);
|
static void print_message(char *s,long num,int length);
|
||||||
static void pkey_print_message(char *str,char *str2,long num,int bits,int sec);
|
static void pkey_print_message(char *str,char *str2,long num,int bits,int sec);
|
||||||
#ifdef SIGALRM
|
#ifdef SIGALRM
|
||||||
@ -202,39 +218,91 @@ static SIGRETTYPE sig_done(int sig)
|
|||||||
#define START 0
|
#define START 0
|
||||||
#define STOP 1
|
#define STOP 1
|
||||||
|
|
||||||
static double Time_F(int s)
|
static double Time_F(int s, int usertime)
|
||||||
{
|
{
|
||||||
double ret;
|
double ret;
|
||||||
#ifdef TIMES
|
|
||||||
static struct tms tstart,tend;
|
|
||||||
|
|
||||||
if (s == START)
|
#ifdef USE_TOD
|
||||||
{
|
if(usertime)
|
||||||
times(&tstart);
|
{
|
||||||
return(0);
|
static struct rusage tstart,tend;
|
||||||
|
|
||||||
|
if (s == START)
|
||||||
|
{
|
||||||
|
getrusage(RUSAGE_SELF,&tstart);
|
||||||
|
return(0);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
long i;
|
||||||
|
|
||||||
|
getrusage(RUSAGE_SELF,&tend);
|
||||||
|
i=(long)tend.ru_utime.tv_usec-(long)tstart.ru_utime.tv_usec;
|
||||||
|
ret=((double)(tend.ru_utime.tv_sec-tstart.ru_utime.tv_sec))
|
||||||
|
+((double)i)/1000000.0;
|
||||||
|
return((ret < 0.001)?0.001:ret);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
times(&tend);
|
static struct timeval tstart,tend;
|
||||||
ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
|
long i;
|
||||||
return((ret < 1e-3)?1e-3:ret);
|
|
||||||
}
|
|
||||||
#else /* !times() */
|
|
||||||
static struct timeb tstart,tend;
|
|
||||||
long i;
|
|
||||||
|
|
||||||
if (s == START)
|
if (s == START)
|
||||||
{
|
{
|
||||||
ftime(&tstart);
|
gettimeofday(&tstart,NULL);
|
||||||
return(0);
|
return(0);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
gettimeofday(&tend,NULL);
|
||||||
|
i=(long)tend.tv_usec-(long)tstart.tv_usec;
|
||||||
|
ret=((double)(tend.tv_sec-tstart.tv_sec))+((double)i)/1000000.0;
|
||||||
|
return((ret < 0.001)?0.001:ret);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
#else /* ndef USE_TOD */
|
||||||
|
|
||||||
|
# ifdef TIMES
|
||||||
|
if (usertime)
|
||||||
|
{
|
||||||
|
static struct tms tstart,tend;
|
||||||
|
|
||||||
|
if (s == START)
|
||||||
|
{
|
||||||
|
times(&tstart);
|
||||||
|
return(0);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
times(&tend);
|
||||||
|
ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
|
||||||
|
return((ret < 1e-3)?1e-3:ret);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
# endif /* times() */
|
||||||
|
# if defined(TIMES) && defined(TIMEB)
|
||||||
else
|
else
|
||||||
|
# endif
|
||||||
|
# ifdef TIMEB
|
||||||
{
|
{
|
||||||
ftime(&tend);
|
static struct timeb tstart,tend;
|
||||||
i=(long)tend.millitm-(long)tstart.millitm;
|
long i;
|
||||||
ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
|
|
||||||
return((ret < 0.001)?0.001:ret);
|
if (s == START)
|
||||||
|
{
|
||||||
|
ftime(&tstart);
|
||||||
|
return(0);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
ftime(&tend);
|
||||||
|
i=(long)tend.millitm-(long)tstart.millitm;
|
||||||
|
ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
|
||||||
|
return((ret < 0.001)?0.001:ret);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
# endif
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -244,19 +312,22 @@ int MAIN(int argc, char **argv)
|
|||||||
{
|
{
|
||||||
unsigned char *buf=NULL,*buf2=NULL;
|
unsigned char *buf=NULL,*buf2=NULL;
|
||||||
int mret=1;
|
int mret=1;
|
||||||
#define ALGOR_NUM 14
|
#define ALGOR_NUM 15
|
||||||
#define SIZE_NUM 5
|
#define SIZE_NUM 5
|
||||||
#define RSA_NUM 4
|
#define RSA_NUM 4
|
||||||
#define DSA_NUM 3
|
#define DSA_NUM 3
|
||||||
long count,rsa_count;
|
long count,rsa_count;
|
||||||
int i,j,k;
|
int i,j,k;
|
||||||
unsigned rsa_num,rsa_num2;
|
unsigned rsa_num;
|
||||||
#ifndef NO_MD2
|
#ifndef NO_MD2
|
||||||
unsigned char md2[MD2_DIGEST_LENGTH];
|
unsigned char md2[MD2_DIGEST_LENGTH];
|
||||||
#endif
|
#endif
|
||||||
#ifndef NO_MDC2
|
#ifndef NO_MDC2
|
||||||
unsigned char mdc2[MDC2_DIGEST_LENGTH];
|
unsigned char mdc2[MDC2_DIGEST_LENGTH];
|
||||||
#endif
|
#endif
|
||||||
|
#ifndef NO_MD4
|
||||||
|
unsigned char md4[MD4_DIGEST_LENGTH];
|
||||||
|
#endif
|
||||||
#ifndef NO_MD5
|
#ifndef NO_MD5
|
||||||
unsigned char md5[MD5_DIGEST_LENGTH];
|
unsigned char md5[MD5_DIGEST_LENGTH];
|
||||||
unsigned char hmac[MD5_DIGEST_LENGTH];
|
unsigned char hmac[MD5_DIGEST_LENGTH];
|
||||||
@ -298,23 +369,24 @@ int MAIN(int argc, char **argv)
|
|||||||
#endif
|
#endif
|
||||||
#define D_MD2 0
|
#define D_MD2 0
|
||||||
#define D_MDC2 1
|
#define D_MDC2 1
|
||||||
#define D_MD5 2
|
#define D_MD4 2
|
||||||
#define D_HMAC 3
|
#define D_MD5 3
|
||||||
#define D_SHA1 4
|
#define D_HMAC 4
|
||||||
#define D_RMD160 5
|
#define D_SHA1 5
|
||||||
#define D_RC4 6
|
#define D_RMD160 6
|
||||||
#define D_CBC_DES 7
|
#define D_RC4 7
|
||||||
#define D_EDE3_DES 8
|
#define D_CBC_DES 8
|
||||||
#define D_CBC_IDEA 9
|
#define D_EDE3_DES 9
|
||||||
#define D_CBC_RC2 10
|
#define D_CBC_IDEA 10
|
||||||
#define D_CBC_RC5 11
|
#define D_CBC_RC2 11
|
||||||
#define D_CBC_BF 12
|
#define D_CBC_RC5 12
|
||||||
#define D_CBC_CAST 13
|
#define D_CBC_BF 13
|
||||||
|
#define D_CBC_CAST 14
|
||||||
double d,results[ALGOR_NUM][SIZE_NUM];
|
double d,results[ALGOR_NUM][SIZE_NUM];
|
||||||
static int lengths[SIZE_NUM]={8,64,256,1024,8*1024};
|
static int lengths[SIZE_NUM]={8,64,256,1024,8*1024};
|
||||||
long c[ALGOR_NUM][SIZE_NUM];
|
long c[ALGOR_NUM][SIZE_NUM];
|
||||||
static char *names[ALGOR_NUM]={
|
static char *names[ALGOR_NUM]={
|
||||||
"md2","mdc2","md5","hmac(md5)","sha1","rmd160","rc4",
|
"md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4",
|
||||||
"des cbc","des ede3","idea cbc",
|
"des cbc","des ede3","idea cbc",
|
||||||
"rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc"};
|
"rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc"};
|
||||||
#define R_DSA_512 0
|
#define R_DSA_512 0
|
||||||
@ -345,6 +417,11 @@ int MAIN(int argc, char **argv)
|
|||||||
int dsa_doit[DSA_NUM];
|
int dsa_doit[DSA_NUM];
|
||||||
int doit[ALGOR_NUM];
|
int doit[ALGOR_NUM];
|
||||||
int pr_header=0;
|
int pr_header=0;
|
||||||
|
int usertime=1;
|
||||||
|
|
||||||
|
#ifndef TIMES
|
||||||
|
usertime=-1;
|
||||||
|
#endif
|
||||||
|
|
||||||
apps_startup();
|
apps_startup();
|
||||||
memset(results, 0, sizeof(results));
|
memset(results, 0, sizeof(results));
|
||||||
@ -362,7 +439,7 @@ int MAIN(int argc, char **argv)
|
|||||||
rsa_key[i]=NULL;
|
rsa_key[i]=NULL;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if ((buf=(unsigned char *)Malloc((int)BUFSIZE)) == NULL)
|
if ((buf=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL)
|
||||||
{
|
{
|
||||||
BIO_printf(bio_err,"out of memory\n");
|
BIO_printf(bio_err,"out of memory\n");
|
||||||
goto end;
|
goto end;
|
||||||
@ -370,7 +447,7 @@ int MAIN(int argc, char **argv)
|
|||||||
#ifndef NO_DES
|
#ifndef NO_DES
|
||||||
buf_as_des_cblock = (des_cblock *)buf;
|
buf_as_des_cblock = (des_cblock *)buf;
|
||||||
#endif
|
#endif
|
||||||
if ((buf2=(unsigned char *)Malloc((int)BUFSIZE)) == NULL)
|
if ((buf2=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL)
|
||||||
{
|
{
|
||||||
BIO_printf(bio_err,"out of memory\n");
|
BIO_printf(bio_err,"out of memory\n");
|
||||||
goto end;
|
goto end;
|
||||||
@ -391,6 +468,8 @@ int MAIN(int argc, char **argv)
|
|||||||
argv++;
|
argv++;
|
||||||
while (argc)
|
while (argc)
|
||||||
{
|
{
|
||||||
|
if ((argc > 0) && (strcmp(*argv,"-elapsed") == 0))
|
||||||
|
usertime = 0;
|
||||||
#ifndef NO_MD2
|
#ifndef NO_MD2
|
||||||
if (strcmp(*argv,"md2") == 0) doit[D_MD2]=1;
|
if (strcmp(*argv,"md2") == 0) doit[D_MD2]=1;
|
||||||
else
|
else
|
||||||
@ -399,6 +478,10 @@ int MAIN(int argc, char **argv)
|
|||||||
if (strcmp(*argv,"mdc2") == 0) doit[D_MDC2]=1;
|
if (strcmp(*argv,"mdc2") == 0) doit[D_MDC2]=1;
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
|
#ifndef NO_MD4
|
||||||
|
if (strcmp(*argv,"md4") == 0) doit[D_MD4]=1;
|
||||||
|
else
|
||||||
|
#endif
|
||||||
#ifndef NO_MD5
|
#ifndef NO_MD5
|
||||||
if (strcmp(*argv,"md5") == 0) doit[D_MD5]=1;
|
if (strcmp(*argv,"md5") == 0) doit[D_MD5]=1;
|
||||||
else
|
else
|
||||||
@ -510,8 +593,34 @@ int MAIN(int argc, char **argv)
|
|||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
{
|
{
|
||||||
BIO_printf(bio_err,"bad value, pick one of\n");
|
BIO_printf(bio_err,"Error: bad option or value\n");
|
||||||
BIO_printf(bio_err,"md2 mdc2 md5 hmac sha1 rmd160\n");
|
BIO_printf(bio_err,"\n");
|
||||||
|
BIO_printf(bio_err,"Available values:\n");
|
||||||
|
#ifndef NO_MD2
|
||||||
|
BIO_printf(bio_err,"md2 ");
|
||||||
|
#endif
|
||||||
|
#ifndef NO_MDC2
|
||||||
|
BIO_printf(bio_err,"mdc2 ");
|
||||||
|
#endif
|
||||||
|
#ifndef NO_MD4
|
||||||
|
BIO_printf(bio_err,"md4 ");
|
||||||
|
#endif
|
||||||
|
#ifndef NO_MD5
|
||||||
|
BIO_printf(bio_err,"md5 ");
|
||||||
|
#ifndef NO_HMAC
|
||||||
|
BIO_printf(bio_err,"hmac ");
|
||||||
|
#endif
|
||||||
|
#endif
|
||||||
|
#ifndef NO_SHA1
|
||||||
|
BIO_printf(bio_err,"sha1 ");
|
||||||
|
#endif
|
||||||
|
#ifndef NO_RIPEMD160
|
||||||
|
BIO_printf(bio_err,"rmd160");
|
||||||
|
#endif
|
||||||
|
#if !defined(NO_MD2) || !defined(NO_MDC2) || !defined(NO_MD4) || !defined(NO_MD5) || !defined(NO_SHA1) || !defined(NO_RIPEMD160)
|
||||||
|
BIO_printf(bio_err,"\n");
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifndef NO_IDEA
|
#ifndef NO_IDEA
|
||||||
BIO_printf(bio_err,"idea-cbc ");
|
BIO_printf(bio_err,"idea-cbc ");
|
||||||
#endif
|
#endif
|
||||||
@ -524,20 +633,48 @@ int MAIN(int argc, char **argv)
|
|||||||
#ifndef NO_BF
|
#ifndef NO_BF
|
||||||
BIO_printf(bio_err,"bf-cbc");
|
BIO_printf(bio_err,"bf-cbc");
|
||||||
#endif
|
#endif
|
||||||
#if !defined(NO_IDEA) && !defined(NO_RC2) && !defined(NO_BF) && !defined(NO_RC5)
|
#if !defined(NO_IDEA) || !defined(NO_RC2) || !defined(NO_BF) || !defined(NO_RC5)
|
||||||
BIO_printf(bio_err,"\n");
|
BIO_printf(bio_err,"\n");
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
BIO_printf(bio_err,"des-cbc des-ede3 ");
|
BIO_printf(bio_err,"des-cbc des-ede3 ");
|
||||||
#ifndef NO_RC4
|
#ifndef NO_RC4
|
||||||
BIO_printf(bio_err,"rc4");
|
BIO_printf(bio_err,"rc4");
|
||||||
#endif
|
#endif
|
||||||
|
BIO_printf(bio_err,"\n");
|
||||||
|
|
||||||
#ifndef NO_RSA
|
#ifndef NO_RSA
|
||||||
BIO_printf(bio_err,"\nrsa512 rsa1024 rsa2048 rsa4096\n");
|
BIO_printf(bio_err,"rsa512 rsa1024 rsa2048 rsa4096\n");
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifndef NO_DSA
|
#ifndef NO_DSA
|
||||||
BIO_printf(bio_err,"\ndsa512 dsa1024 dsa2048\n");
|
BIO_printf(bio_err,"dsa512 dsa1024 dsa2048\n");
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifndef NO_IDEA
|
||||||
|
BIO_printf(bio_err,"idea ");
|
||||||
|
#endif
|
||||||
|
#ifndef NO_RC2
|
||||||
|
BIO_printf(bio_err,"rc2 ");
|
||||||
|
#endif
|
||||||
|
#ifndef NO_DES
|
||||||
|
BIO_printf(bio_err,"des ");
|
||||||
|
#endif
|
||||||
|
#ifndef NO_RSA
|
||||||
|
BIO_printf(bio_err,"rsa ");
|
||||||
|
#endif
|
||||||
|
#ifndef NO_BF
|
||||||
|
BIO_printf(bio_err,"blowfish");
|
||||||
|
#endif
|
||||||
|
#if !defined(NO_IDEA) || !defined(NO_RC2) || !defined(NO_DES) || !defined(NO_RSA) || !defined(NO_BF)
|
||||||
|
BIO_printf(bio_err,"\n");
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef TIMES
|
||||||
|
BIO_printf(bio_err,"\n");
|
||||||
|
BIO_printf(bio_err,"Available options:\n");
|
||||||
|
BIO_printf(bio_err,"-elapsed measure time in real time instead of CPU user time.\n");
|
||||||
#endif
|
#endif
|
||||||
BIO_printf(bio_err,"idea rc2 des rsa blowfish\n");
|
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
argc--;
|
argc--;
|
||||||
@ -557,10 +694,13 @@ int MAIN(int argc, char **argv)
|
|||||||
for (i=0; i<ALGOR_NUM; i++)
|
for (i=0; i<ALGOR_NUM; i++)
|
||||||
if (doit[i]) pr_header++;
|
if (doit[i]) pr_header++;
|
||||||
|
|
||||||
#ifndef TIMES
|
if (usertime == 0)
|
||||||
BIO_printf(bio_err,"To get the most accurate results, try to run this\n");
|
BIO_printf(bio_err,"You have chosen to measure elapsed time instead of user CPU time.\n");
|
||||||
BIO_printf(bio_err,"program when this computer is idle.\n");
|
if (usertime <= 0)
|
||||||
#endif
|
{
|
||||||
|
BIO_printf(bio_err,"To get the most accurate results, try to run this\n");
|
||||||
|
BIO_printf(bio_err,"program when this computer is idle.\n");
|
||||||
|
}
|
||||||
|
|
||||||
#ifndef NO_RSA
|
#ifndef NO_RSA
|
||||||
for (i=0; i<RSA_NUM; i++)
|
for (i=0; i<RSA_NUM; i++)
|
||||||
@ -624,14 +764,15 @@ int MAIN(int argc, char **argv)
|
|||||||
do {
|
do {
|
||||||
long i;
|
long i;
|
||||||
count*=2;
|
count*=2;
|
||||||
Time_F(START);
|
Time_F(START,usertime);
|
||||||
for (i=count; i; i--)
|
for (i=count; i; i--)
|
||||||
des_ecb_encrypt(buf_as_des_cblock,buf_as_des_cblock,
|
des_ecb_encrypt(buf_as_des_cblock,buf_as_des_cblock,
|
||||||
&(sch[0]),DES_ENCRYPT);
|
&(sch[0]),DES_ENCRYPT);
|
||||||
d=Time_F(STOP);
|
d=Time_F(STOP,usertime);
|
||||||
} while (d <3);
|
} while (d <3);
|
||||||
c[D_MD2][0]=count/10;
|
c[D_MD2][0]=count/10;
|
||||||
c[D_MDC2][0]=count/10;
|
c[D_MDC2][0]=count/10;
|
||||||
|
c[D_MD4][0]=count;
|
||||||
c[D_MD5][0]=count;
|
c[D_MD5][0]=count;
|
||||||
c[D_HMAC][0]=count;
|
c[D_HMAC][0]=count;
|
||||||
c[D_SHA1][0]=count;
|
c[D_SHA1][0]=count;
|
||||||
@ -649,6 +790,7 @@ int MAIN(int argc, char **argv)
|
|||||||
{
|
{
|
||||||
c[D_MD2][i]=c[D_MD2][0]*4*lengths[0]/lengths[i];
|
c[D_MD2][i]=c[D_MD2][0]*4*lengths[0]/lengths[i];
|
||||||
c[D_MDC2][i]=c[D_MDC2][0]*4*lengths[0]/lengths[i];
|
c[D_MDC2][i]=c[D_MDC2][0]*4*lengths[0]/lengths[i];
|
||||||
|
c[D_MD4][i]=c[D_MD4][0]*4*lengths[0]/lengths[i];
|
||||||
c[D_MD5][i]=c[D_MD5][0]*4*lengths[0]/lengths[i];
|
c[D_MD5][i]=c[D_MD5][0]*4*lengths[0]/lengths[i];
|
||||||
c[D_HMAC][i]=c[D_HMAC][0]*4*lengths[0]/lengths[i];
|
c[D_HMAC][i]=c[D_HMAC][0]*4*lengths[0]/lengths[i];
|
||||||
c[D_SHA1][i]=c[D_SHA1][0]*4*lengths[0]/lengths[i];
|
c[D_SHA1][i]=c[D_SHA1][0]*4*lengths[0]/lengths[i];
|
||||||
@ -725,10 +867,10 @@ int MAIN(int argc, char **argv)
|
|||||||
for (j=0; j<SIZE_NUM; j++)
|
for (j=0; j<SIZE_NUM; j++)
|
||||||
{
|
{
|
||||||
print_message(names[D_MD2],c[D_MD2][j],lengths[j]);
|
print_message(names[D_MD2],c[D_MD2][j],lengths[j]);
|
||||||
Time_F(START);
|
Time_F(START,usertime);
|
||||||
for (count=0,run=1; COND(c[D_MD2][j]); count++)
|
for (count=0,run=1; COND(c[D_MD2][j]); count++)
|
||||||
MD2(buf,(unsigned long)lengths[j],&(md2[0]));
|
MD2(buf,(unsigned long)lengths[j],&(md2[0]));
|
||||||
d=Time_F(STOP);
|
d=Time_F(STOP,usertime);
|
||||||
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
|
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
|
||||||
count,names[D_MD2],d);
|
count,names[D_MD2],d);
|
||||||
results[D_MD2][j]=((double)count)/d*lengths[j];
|
results[D_MD2][j]=((double)count)/d*lengths[j];
|
||||||
@ -741,10 +883,10 @@ int MAIN(int argc, char **argv)
|
|||||||
for (j=0; j<SIZE_NUM; j++)
|
for (j=0; j<SIZE_NUM; j++)
|
||||||
{
|
{
|
||||||
print_message(names[D_MDC2],c[D_MDC2][j],lengths[j]);
|
print_message(names[D_MDC2],c[D_MDC2][j],lengths[j]);
|
||||||
Time_F(START);
|
Time_F(START,usertime);
|
||||||
for (count=0,run=1; COND(c[D_MDC2][j]); count++)
|
for (count=0,run=1; COND(c[D_MDC2][j]); count++)
|
||||||
MDC2(buf,(unsigned long)lengths[j],&(mdc2[0]));
|
MDC2(buf,(unsigned long)lengths[j],&(mdc2[0]));
|
||||||
d=Time_F(STOP);
|
d=Time_F(STOP,usertime);
|
||||||
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
|
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
|
||||||
count,names[D_MDC2],d);
|
count,names[D_MDC2],d);
|
||||||
results[D_MDC2][j]=((double)count)/d*lengths[j];
|
results[D_MDC2][j]=((double)count)/d*lengths[j];
|
||||||
@ -752,16 +894,33 @@ int MAIN(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifndef NO_MD4
|
||||||
|
if (doit[D_MD4])
|
||||||
|
{
|
||||||
|
for (j=0; j<SIZE_NUM; j++)
|
||||||
|
{
|
||||||
|
print_message(names[D_MD4],c[D_MD4][j],lengths[j]);
|
||||||
|
Time_F(START,usertime);
|
||||||
|
for (count=0,run=1; COND(c[D_MD4][j]); count++)
|
||||||
|
MD4(&(buf[0]),(unsigned long)lengths[j],&(md4[0]));
|
||||||
|
d=Time_F(STOP,usertime);
|
||||||
|
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
|
||||||
|
count,names[D_MD4],d);
|
||||||
|
results[D_MD4][j]=((double)count)/d*lengths[j];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifndef NO_MD5
|
#ifndef NO_MD5
|
||||||
if (doit[D_MD5])
|
if (doit[D_MD5])
|
||||||
{
|
{
|
||||||
for (j=0; j<SIZE_NUM; j++)
|
for (j=0; j<SIZE_NUM; j++)
|
||||||
{
|
{
|
||||||
print_message(names[D_MD5],c[D_MD5][j],lengths[j]);
|
print_message(names[D_MD5],c[D_MD5][j],lengths[j]);
|
||||||
Time_F(START);
|
Time_F(START,usertime);
|
||||||
for (count=0,run=1; COND(c[D_MD5][j]); count++)
|
for (count=0,run=1; COND(c[D_MD5][j]); count++)
|
||||||
MD5(&(buf[0]),(unsigned long)lengths[j],&(md5[0]));
|
MD5(&(buf[0]),(unsigned long)lengths[j],&(md5[0]));
|
||||||
d=Time_F(STOP);
|
d=Time_F(STOP,usertime);
|
||||||
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
|
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
|
||||||
count,names[D_MD5],d);
|
count,names[D_MD5],d);
|
||||||
results[D_MD5][j]=((double)count)/d*lengths[j];
|
results[D_MD5][j]=((double)count)/d*lengths[j];
|
||||||
@ -779,14 +938,14 @@ int MAIN(int argc, char **argv)
|
|||||||
for (j=0; j<SIZE_NUM; j++)
|
for (j=0; j<SIZE_NUM; j++)
|
||||||
{
|
{
|
||||||
print_message(names[D_HMAC],c[D_HMAC][j],lengths[j]);
|
print_message(names[D_HMAC],c[D_HMAC][j],lengths[j]);
|
||||||
Time_F(START);
|
Time_F(START,usertime);
|
||||||
for (count=0,run=1; COND(c[D_HMAC][j]); count++)
|
for (count=0,run=1; COND(c[D_HMAC][j]); count++)
|
||||||
{
|
{
|
||||||
HMAC_Init(&hctx,NULL,0,NULL);
|
HMAC_Init(&hctx,NULL,0,NULL);
|
||||||
HMAC_Update(&hctx,buf,lengths[j]);
|
HMAC_Update(&hctx,buf,lengths[j]);
|
||||||
HMAC_Final(&hctx,&(hmac[0]),NULL);
|
HMAC_Final(&hctx,&(hmac[0]),NULL);
|
||||||
}
|
}
|
||||||
d=Time_F(STOP);
|
d=Time_F(STOP,usertime);
|
||||||
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
|
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
|
||||||
count,names[D_HMAC],d);
|
count,names[D_HMAC],d);
|
||||||
results[D_HMAC][j]=((double)count)/d*lengths[j];
|
results[D_HMAC][j]=((double)count)/d*lengths[j];
|
||||||
@ -799,10 +958,10 @@ int MAIN(int argc, char **argv)
|
|||||||
for (j=0; j<SIZE_NUM; j++)
|
for (j=0; j<SIZE_NUM; j++)
|
||||||
{
|
{
|
||||||
print_message(names[D_SHA1],c[D_SHA1][j],lengths[j]);
|
print_message(names[D_SHA1],c[D_SHA1][j],lengths[j]);
|
||||||
Time_F(START);
|
Time_F(START,usertime);
|
||||||
for (count=0,run=1; COND(c[D_SHA1][j]); count++)
|
for (count=0,run=1; COND(c[D_SHA1][j]); count++)
|
||||||
SHA1(buf,(unsigned long)lengths[j],&(sha[0]));
|
SHA1(buf,(unsigned long)lengths[j],&(sha[0]));
|
||||||
d=Time_F(STOP);
|
d=Time_F(STOP,usertime);
|
||||||
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
|
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
|
||||||
count,names[D_SHA1],d);
|
count,names[D_SHA1],d);
|
||||||
results[D_SHA1][j]=((double)count)/d*lengths[j];
|
results[D_SHA1][j]=((double)count)/d*lengths[j];
|
||||||
@ -815,10 +974,10 @@ int MAIN(int argc, char **argv)
|
|||||||
for (j=0; j<SIZE_NUM; j++)
|
for (j=0; j<SIZE_NUM; j++)
|
||||||
{
|
{
|
||||||
print_message(names[D_RMD160],c[D_RMD160][j],lengths[j]);
|
print_message(names[D_RMD160],c[D_RMD160][j],lengths[j]);
|
||||||
Time_F(START);
|
Time_F(START,usertime);
|
||||||
for (count=0,run=1; COND(c[D_RMD160][j]); count++)
|
for (count=0,run=1; COND(c[D_RMD160][j]); count++)
|
||||||
RIPEMD160(buf,(unsigned long)lengths[j],&(rmd160[0]));
|
RIPEMD160(buf,(unsigned long)lengths[j],&(rmd160[0]));
|
||||||
d=Time_F(STOP);
|
d=Time_F(STOP,usertime);
|
||||||
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
|
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
|
||||||
count,names[D_RMD160],d);
|
count,names[D_RMD160],d);
|
||||||
results[D_RMD160][j]=((double)count)/d*lengths[j];
|
results[D_RMD160][j]=((double)count)/d*lengths[j];
|
||||||
@ -831,11 +990,11 @@ int MAIN(int argc, char **argv)
|
|||||||
for (j=0; j<SIZE_NUM; j++)
|
for (j=0; j<SIZE_NUM; j++)
|
||||||
{
|
{
|
||||||
print_message(names[D_RC4],c[D_RC4][j],lengths[j]);
|
print_message(names[D_RC4],c[D_RC4][j],lengths[j]);
|
||||||
Time_F(START);
|
Time_F(START,usertime);
|
||||||
for (count=0,run=1; COND(c[D_RC4][j]); count++)
|
for (count=0,run=1; COND(c[D_RC4][j]); count++)
|
||||||
RC4(&rc4_ks,(unsigned int)lengths[j],
|
RC4(&rc4_ks,(unsigned int)lengths[j],
|
||||||
buf,buf);
|
buf,buf);
|
||||||
d=Time_F(STOP);
|
d=Time_F(STOP,usertime);
|
||||||
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
|
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
|
||||||
count,names[D_RC4],d);
|
count,names[D_RC4],d);
|
||||||
results[D_RC4][j]=((double)count)/d*lengths[j];
|
results[D_RC4][j]=((double)count)/d*lengths[j];
|
||||||
@ -848,11 +1007,11 @@ int MAIN(int argc, char **argv)
|
|||||||
for (j=0; j<SIZE_NUM; j++)
|
for (j=0; j<SIZE_NUM; j++)
|
||||||
{
|
{
|
||||||
print_message(names[D_CBC_DES],c[D_CBC_DES][j],lengths[j]);
|
print_message(names[D_CBC_DES],c[D_CBC_DES][j],lengths[j]);
|
||||||
Time_F(START);
|
Time_F(START,usertime);
|
||||||
for (count=0,run=1; COND(c[D_CBC_DES][j]); count++)
|
for (count=0,run=1; COND(c[D_CBC_DES][j]); count++)
|
||||||
des_ncbc_encrypt(buf,buf,lengths[j],sch,
|
des_ncbc_encrypt(buf,buf,lengths[j],sch,
|
||||||
&iv,DES_ENCRYPT);
|
&iv,DES_ENCRYPT);
|
||||||
d=Time_F(STOP);
|
d=Time_F(STOP,usertime);
|
||||||
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
|
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
|
||||||
count,names[D_CBC_DES],d);
|
count,names[D_CBC_DES],d);
|
||||||
results[D_CBC_DES][j]=((double)count)/d*lengths[j];
|
results[D_CBC_DES][j]=((double)count)/d*lengths[j];
|
||||||
@ -864,12 +1023,12 @@ int MAIN(int argc, char **argv)
|
|||||||
for (j=0; j<SIZE_NUM; j++)
|
for (j=0; j<SIZE_NUM; j++)
|
||||||
{
|
{
|
||||||
print_message(names[D_EDE3_DES],c[D_EDE3_DES][j],lengths[j]);
|
print_message(names[D_EDE3_DES],c[D_EDE3_DES][j],lengths[j]);
|
||||||
Time_F(START);
|
Time_F(START,usertime);
|
||||||
for (count=0,run=1; COND(c[D_EDE3_DES][j]); count++)
|
for (count=0,run=1; COND(c[D_EDE3_DES][j]); count++)
|
||||||
des_ede3_cbc_encrypt(buf,buf,lengths[j],
|
des_ede3_cbc_encrypt(buf,buf,lengths[j],
|
||||||
sch,sch2,sch3,
|
sch,sch2,sch3,
|
||||||
&iv,DES_ENCRYPT);
|
&iv,DES_ENCRYPT);
|
||||||
d=Time_F(STOP);
|
d=Time_F(STOP,usertime);
|
||||||
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
|
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
|
||||||
count,names[D_EDE3_DES],d);
|
count,names[D_EDE3_DES],d);
|
||||||
results[D_EDE3_DES][j]=((double)count)/d*lengths[j];
|
results[D_EDE3_DES][j]=((double)count)/d*lengths[j];
|
||||||
@ -882,12 +1041,12 @@ int MAIN(int argc, char **argv)
|
|||||||
for (j=0; j<SIZE_NUM; j++)
|
for (j=0; j<SIZE_NUM; j++)
|
||||||
{
|
{
|
||||||
print_message(names[D_CBC_IDEA],c[D_CBC_IDEA][j],lengths[j]);
|
print_message(names[D_CBC_IDEA],c[D_CBC_IDEA][j],lengths[j]);
|
||||||
Time_F(START);
|
Time_F(START,usertime);
|
||||||
for (count=0,run=1; COND(c[D_CBC_IDEA][j]); count++)
|
for (count=0,run=1; COND(c[D_CBC_IDEA][j]); count++)
|
||||||
idea_cbc_encrypt(buf,buf,
|
idea_cbc_encrypt(buf,buf,
|
||||||
(unsigned long)lengths[j],&idea_ks,
|
(unsigned long)lengths[j],&idea_ks,
|
||||||
iv,IDEA_ENCRYPT);
|
iv,IDEA_ENCRYPT);
|
||||||
d=Time_F(STOP);
|
d=Time_F(STOP,usertime);
|
||||||
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
|
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
|
||||||
count,names[D_CBC_IDEA],d);
|
count,names[D_CBC_IDEA],d);
|
||||||
results[D_CBC_IDEA][j]=((double)count)/d*lengths[j];
|
results[D_CBC_IDEA][j]=((double)count)/d*lengths[j];
|
||||||
@ -900,12 +1059,12 @@ int MAIN(int argc, char **argv)
|
|||||||
for (j=0; j<SIZE_NUM; j++)
|
for (j=0; j<SIZE_NUM; j++)
|
||||||
{
|
{
|
||||||
print_message(names[D_CBC_RC2],c[D_CBC_RC2][j],lengths[j]);
|
print_message(names[D_CBC_RC2],c[D_CBC_RC2][j],lengths[j]);
|
||||||
Time_F(START);
|
Time_F(START,usertime);
|
||||||
for (count=0,run=1; COND(c[D_CBC_RC2][j]); count++)
|
for (count=0,run=1; COND(c[D_CBC_RC2][j]); count++)
|
||||||
RC2_cbc_encrypt(buf,buf,
|
RC2_cbc_encrypt(buf,buf,
|
||||||
(unsigned long)lengths[j],&rc2_ks,
|
(unsigned long)lengths[j],&rc2_ks,
|
||||||
iv,RC2_ENCRYPT);
|
iv,RC2_ENCRYPT);
|
||||||
d=Time_F(STOP);
|
d=Time_F(STOP,usertime);
|
||||||
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
|
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
|
||||||
count,names[D_CBC_RC2],d);
|
count,names[D_CBC_RC2],d);
|
||||||
results[D_CBC_RC2][j]=((double)count)/d*lengths[j];
|
results[D_CBC_RC2][j]=((double)count)/d*lengths[j];
|
||||||
@ -918,12 +1077,12 @@ int MAIN(int argc, char **argv)
|
|||||||
for (j=0; j<SIZE_NUM; j++)
|
for (j=0; j<SIZE_NUM; j++)
|
||||||
{
|
{
|
||||||
print_message(names[D_CBC_RC5],c[D_CBC_RC5][j],lengths[j]);
|
print_message(names[D_CBC_RC5],c[D_CBC_RC5][j],lengths[j]);
|
||||||
Time_F(START);
|
Time_F(START,usertime);
|
||||||
for (count=0,run=1; COND(c[D_CBC_RC5][j]); count++)
|
for (count=0,run=1; COND(c[D_CBC_RC5][j]); count++)
|
||||||
RC5_32_cbc_encrypt(buf,buf,
|
RC5_32_cbc_encrypt(buf,buf,
|
||||||
(unsigned long)lengths[j],&rc5_ks,
|
(unsigned long)lengths[j],&rc5_ks,
|
||||||
iv,RC5_ENCRYPT);
|
iv,RC5_ENCRYPT);
|
||||||
d=Time_F(STOP);
|
d=Time_F(STOP,usertime);
|
||||||
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
|
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
|
||||||
count,names[D_CBC_RC5],d);
|
count,names[D_CBC_RC5],d);
|
||||||
results[D_CBC_RC5][j]=((double)count)/d*lengths[j];
|
results[D_CBC_RC5][j]=((double)count)/d*lengths[j];
|
||||||
@ -936,12 +1095,12 @@ int MAIN(int argc, char **argv)
|
|||||||
for (j=0; j<SIZE_NUM; j++)
|
for (j=0; j<SIZE_NUM; j++)
|
||||||
{
|
{
|
||||||
print_message(names[D_CBC_BF],c[D_CBC_BF][j],lengths[j]);
|
print_message(names[D_CBC_BF],c[D_CBC_BF][j],lengths[j]);
|
||||||
Time_F(START);
|
Time_F(START,usertime);
|
||||||
for (count=0,run=1; COND(c[D_CBC_BF][j]); count++)
|
for (count=0,run=1; COND(c[D_CBC_BF][j]); count++)
|
||||||
BF_cbc_encrypt(buf,buf,
|
BF_cbc_encrypt(buf,buf,
|
||||||
(unsigned long)lengths[j],&bf_ks,
|
(unsigned long)lengths[j],&bf_ks,
|
||||||
iv,BF_ENCRYPT);
|
iv,BF_ENCRYPT);
|
||||||
d=Time_F(STOP);
|
d=Time_F(STOP,usertime);
|
||||||
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
|
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
|
||||||
count,names[D_CBC_BF],d);
|
count,names[D_CBC_BF],d);
|
||||||
results[D_CBC_BF][j]=((double)count)/d*lengths[j];
|
results[D_CBC_BF][j]=((double)count)/d*lengths[j];
|
||||||
@ -954,12 +1113,12 @@ int MAIN(int argc, char **argv)
|
|||||||
for (j=0; j<SIZE_NUM; j++)
|
for (j=0; j<SIZE_NUM; j++)
|
||||||
{
|
{
|
||||||
print_message(names[D_CBC_CAST],c[D_CBC_CAST][j],lengths[j]);
|
print_message(names[D_CBC_CAST],c[D_CBC_CAST][j],lengths[j]);
|
||||||
Time_F(START);
|
Time_F(START,usertime);
|
||||||
for (count=0,run=1; COND(c[D_CBC_CAST][j]); count++)
|
for (count=0,run=1; COND(c[D_CBC_CAST][j]); count++)
|
||||||
CAST_cbc_encrypt(buf,buf,
|
CAST_cbc_encrypt(buf,buf,
|
||||||
(unsigned long)lengths[j],&cast_ks,
|
(unsigned long)lengths[j],&cast_ks,
|
||||||
iv,CAST_ENCRYPT);
|
iv,CAST_ENCRYPT);
|
||||||
d=Time_F(STOP);
|
d=Time_F(STOP,usertime);
|
||||||
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
|
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
|
||||||
count,names[D_CBC_CAST],d);
|
count,names[D_CBC_CAST],d);
|
||||||
results[D_CBC_CAST][j]=((double)count)/d*lengths[j];
|
results[D_CBC_CAST][j]=((double)count)/d*lengths[j];
|
||||||
@ -974,49 +1133,73 @@ int MAIN(int argc, char **argv)
|
|||||||
int ret;
|
int ret;
|
||||||
if (!rsa_doit[j]) continue;
|
if (!rsa_doit[j]) continue;
|
||||||
ret=RSA_sign(NID_md5_sha1, buf,36, buf2, &rsa_num, rsa_key[j]);
|
ret=RSA_sign(NID_md5_sha1, buf,36, buf2, &rsa_num, rsa_key[j]);
|
||||||
pkey_print_message("private","rsa",rsa_c[j][0],rsa_bits[j],
|
if (ret == 0)
|
||||||
RSA_SECONDS);
|
|
||||||
/* RSA_blinding_on(rsa_key[j],NULL); */
|
|
||||||
Time_F(START);
|
|
||||||
for (count=0,run=1; COND(rsa_c[j][0]); count++)
|
|
||||||
{
|
{
|
||||||
ret=RSA_sign(NID_md5_sha1, buf,36, buf2, &rsa_num,
|
BIO_printf(bio_err,"RSA sign failure. No RSA sign will be done.\n");
|
||||||
rsa_key[j]);
|
ERR_print_errors(bio_err);
|
||||||
if (ret <= 0)
|
rsa_count=1;
|
||||||
{
|
}
|
||||||
BIO_printf(bio_err,"RSA private encrypt failure\n");
|
else
|
||||||
ERR_print_errors(bio_err);
|
{
|
||||||
count=1;
|
pkey_print_message("private","rsa",
|
||||||
break;
|
rsa_c[j][0],rsa_bits[j],
|
||||||
}
|
RSA_SECONDS);
|
||||||
|
/* RSA_blinding_on(rsa_key[j],NULL); */
|
||||||
|
Time_F(START,usertime);
|
||||||
|
for (count=0,run=1; COND(rsa_c[j][0]); count++)
|
||||||
|
{
|
||||||
|
ret=RSA_sign(NID_md5_sha1, buf,36, buf2,
|
||||||
|
&rsa_num, rsa_key[j]);
|
||||||
|
if (ret == 0)
|
||||||
|
{
|
||||||
|
BIO_printf(bio_err,
|
||||||
|
"RSA sign failure\n");
|
||||||
|
ERR_print_errors(bio_err);
|
||||||
|
count=1;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
d=Time_F(STOP,usertime);
|
||||||
|
BIO_printf(bio_err,
|
||||||
|
"%ld %d bit private RSA's in %.2fs\n",
|
||||||
|
count,rsa_bits[j],d);
|
||||||
|
rsa_results[j][0]=d/(double)count;
|
||||||
|
rsa_count=count;
|
||||||
}
|
}
|
||||||
d=Time_F(STOP);
|
|
||||||
BIO_printf(bio_err,"%ld %d bit private RSA's in %.2fs\n",
|
|
||||||
count,rsa_bits[j],d);
|
|
||||||
rsa_results[j][0]=d/(double)count;
|
|
||||||
rsa_count=count;
|
|
||||||
|
|
||||||
#if 1
|
#if 1
|
||||||
ret=RSA_verify(NID_md5_sha1, buf,36, buf2, rsa_num, rsa_key[j]);
|
ret=RSA_verify(NID_md5_sha1, buf,36, buf2, rsa_num, rsa_key[j]);
|
||||||
pkey_print_message("public","rsa",rsa_c[j][1],rsa_bits[j],
|
if (ret <= 0)
|
||||||
RSA_SECONDS);
|
|
||||||
Time_F(START);
|
|
||||||
for (count=0,run=1; COND(rsa_c[j][1]); count++)
|
|
||||||
{
|
{
|
||||||
ret=RSA_verify(NID_md5_sha1, buf,36, buf2, rsa_num,
|
BIO_printf(bio_err,"RSA verify failure. No RSA verify will be done.\n");
|
||||||
rsa_key[j]);
|
ERR_print_errors(bio_err);
|
||||||
if (ret <= 0)
|
dsa_doit[j] = 0;
|
||||||
{
|
}
|
||||||
BIO_printf(bio_err,"RSA verify failure\n");
|
else
|
||||||
ERR_print_errors(bio_err);
|
{
|
||||||
count=1;
|
pkey_print_message("public","rsa",
|
||||||
break;
|
rsa_c[j][1],rsa_bits[j],
|
||||||
}
|
RSA_SECONDS);
|
||||||
|
Time_F(START,usertime);
|
||||||
|
for (count=0,run=1; COND(rsa_c[j][1]); count++)
|
||||||
|
{
|
||||||
|
ret=RSA_verify(NID_md5_sha1, buf,36, buf2,
|
||||||
|
rsa_num, rsa_key[j]);
|
||||||
|
if (ret == 0)
|
||||||
|
{
|
||||||
|
BIO_printf(bio_err,
|
||||||
|
"RSA verify failure\n");
|
||||||
|
ERR_print_errors(bio_err);
|
||||||
|
count=1;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
d=Time_F(STOP,usertime);
|
||||||
|
BIO_printf(bio_err,
|
||||||
|
"%ld %d bit public RSA's in %.2fs\n",
|
||||||
|
count,rsa_bits[j],d);
|
||||||
|
rsa_results[j][1]=d/(double)count;
|
||||||
}
|
}
|
||||||
d=Time_F(STOP);
|
|
||||||
BIO_printf(bio_err,"%ld %d bit public RSA's in %.2fs\n",
|
|
||||||
count,rsa_bits[j],d);
|
|
||||||
rsa_results[j][1]=d/(double)count;
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (rsa_count <= 1)
|
if (rsa_count <= 1)
|
||||||
@ -1038,54 +1221,77 @@ int MAIN(int argc, char **argv)
|
|||||||
for (j=0; j<DSA_NUM; j++)
|
for (j=0; j<DSA_NUM; j++)
|
||||||
{
|
{
|
||||||
unsigned int kk;
|
unsigned int kk;
|
||||||
|
int ret;
|
||||||
|
|
||||||
if (!dsa_doit[j]) continue;
|
if (!dsa_doit[j]) continue;
|
||||||
DSA_generate_key(dsa_key[j]);
|
DSA_generate_key(dsa_key[j]);
|
||||||
/* DSA_sign_setup(dsa_key[j],NULL); */
|
/* DSA_sign_setup(dsa_key[j],NULL); */
|
||||||
rsa_num=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
|
ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
|
||||||
&kk,dsa_key[j]);
|
&kk,dsa_key[j]);
|
||||||
pkey_print_message("sign","dsa",dsa_c[j][0],dsa_bits[j],
|
if (ret == 0)
|
||||||
DSA_SECONDS);
|
|
||||||
Time_F(START);
|
|
||||||
for (count=0,run=1; COND(dsa_c[j][0]); count++)
|
|
||||||
{
|
{
|
||||||
rsa_num=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
|
BIO_printf(bio_err,"DSA sign failure. No DSA sign will be done.\n");
|
||||||
&kk,dsa_key[j]);
|
ERR_print_errors(bio_err);
|
||||||
if (rsa_num == 0)
|
rsa_count=1;
|
||||||
{
|
}
|
||||||
BIO_printf(bio_err,"DSA sign failure\n");
|
else
|
||||||
ERR_print_errors(bio_err);
|
{
|
||||||
count=1;
|
pkey_print_message("sign","dsa",
|
||||||
break;
|
dsa_c[j][0],dsa_bits[j],
|
||||||
}
|
DSA_SECONDS);
|
||||||
|
Time_F(START,usertime);
|
||||||
|
for (count=0,run=1; COND(dsa_c[j][0]); count++)
|
||||||
|
{
|
||||||
|
ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
|
||||||
|
&kk,dsa_key[j]);
|
||||||
|
if (ret == 0)
|
||||||
|
{
|
||||||
|
BIO_printf(bio_err,
|
||||||
|
"DSA sign failure\n");
|
||||||
|
ERR_print_errors(bio_err);
|
||||||
|
count=1;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
d=Time_F(STOP,usertime);
|
||||||
|
BIO_printf(bio_err,"%ld %d bit DSA signs in %.2fs\n",
|
||||||
|
count,dsa_bits[j],d);
|
||||||
|
dsa_results[j][0]=d/(double)count;
|
||||||
|
rsa_count=count;
|
||||||
}
|
}
|
||||||
d=Time_F(STOP);
|
|
||||||
BIO_printf(bio_err,"%ld %d bit DSA signs in %.2fs\n",
|
|
||||||
count,dsa_bits[j],d);
|
|
||||||
dsa_results[j][0]=d/(double)count;
|
|
||||||
rsa_count=count;
|
|
||||||
|
|
||||||
rsa_num2=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
|
ret=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
|
||||||
kk,dsa_key[j]);
|
kk,dsa_key[j]);
|
||||||
pkey_print_message("verify","dsa",dsa_c[j][1],dsa_bits[j],
|
if (ret <= 0)
|
||||||
DSA_SECONDS);
|
|
||||||
Time_F(START);
|
|
||||||
for (count=0,run=1; COND(dsa_c[j][1]); count++)
|
|
||||||
{
|
{
|
||||||
rsa_num2=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
|
BIO_printf(bio_err,"DSA verify failure. No DSA verify will be done.\n");
|
||||||
kk,dsa_key[j]);
|
ERR_print_errors(bio_err);
|
||||||
if (rsa_num2 == 0)
|
dsa_doit[j] = 0;
|
||||||
{
|
}
|
||||||
BIO_printf(bio_err,"DSA verify failure\n");
|
else
|
||||||
ERR_print_errors(bio_err);
|
{
|
||||||
count=1;
|
pkey_print_message("verify","dsa",
|
||||||
break;
|
dsa_c[j][1],dsa_bits[j],
|
||||||
}
|
DSA_SECONDS);
|
||||||
|
Time_F(START,usertime);
|
||||||
|
for (count=0,run=1; COND(dsa_c[j][1]); count++)
|
||||||
|
{
|
||||||
|
ret=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
|
||||||
|
kk,dsa_key[j]);
|
||||||
|
if (ret <= 0)
|
||||||
|
{
|
||||||
|
BIO_printf(bio_err,
|
||||||
|
"DSA verify failure\n");
|
||||||
|
ERR_print_errors(bio_err);
|
||||||
|
count=1;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
d=Time_F(STOP,usertime);
|
||||||
|
BIO_printf(bio_err,"%ld %d bit DSA verify in %.2fs\n",
|
||||||
|
count,dsa_bits[j],d);
|
||||||
|
dsa_results[j][1]=d/(double)count;
|
||||||
}
|
}
|
||||||
d=Time_F(STOP);
|
|
||||||
BIO_printf(bio_err,"%ld %d bit DSA verify in %.2fs\n",
|
|
||||||
count,dsa_bits[j],d);
|
|
||||||
dsa_results[j][1]=d/(double)count;
|
|
||||||
|
|
||||||
if (rsa_count <= 1)
|
if (rsa_count <= 1)
|
||||||
{
|
{
|
||||||
@ -1173,8 +1379,8 @@ int MAIN(int argc, char **argv)
|
|||||||
#endif
|
#endif
|
||||||
mret=0;
|
mret=0;
|
||||||
end:
|
end:
|
||||||
if (buf != NULL) Free(buf);
|
if (buf != NULL) OPENSSL_free(buf);
|
||||||
if (buf2 != NULL) Free(buf2);
|
if (buf2 != NULL) OPENSSL_free(buf2);
|
||||||
#ifndef NO_RSA
|
#ifndef NO_RSA
|
||||||
for (i=0; i<RSA_NUM; i++)
|
for (i=0; i<RSA_NUM; i++)
|
||||||
if (rsa_key[i] != NULL)
|
if (rsa_key[i] != NULL)
|
||||||
|
@ -192,7 +192,15 @@ int MAIN(int argc, char **argv)
|
|||||||
spkstr = NETSCAPE_SPKI_b64_encode(spki);
|
spkstr = NETSCAPE_SPKI_b64_encode(spki);
|
||||||
|
|
||||||
if (outfile) out = BIO_new_file(outfile, "w");
|
if (outfile) out = BIO_new_file(outfile, "w");
|
||||||
else out = BIO_new_fp(stdout, BIO_NOCLOSE);
|
else {
|
||||||
|
out = BIO_new_fp(stdout, BIO_NOCLOSE);
|
||||||
|
#ifdef VMS
|
||||||
|
{
|
||||||
|
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||||
|
out = BIO_push(tmpbio, out);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
if(!out) {
|
if(!out) {
|
||||||
BIO_printf(bio_err, "Error opening output file\n");
|
BIO_printf(bio_err, "Error opening output file\n");
|
||||||
@ -200,7 +208,7 @@ int MAIN(int argc, char **argv)
|
|||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
BIO_printf(out, "SPKAC=%s\n", spkstr);
|
BIO_printf(out, "SPKAC=%s\n", spkstr);
|
||||||
Free(spkstr);
|
OPENSSL_free(spkstr);
|
||||||
ret = 0;
|
ret = 0;
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
@ -241,7 +249,15 @@ int MAIN(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (outfile) out = BIO_new_file(outfile, "w");
|
if (outfile) out = BIO_new_file(outfile, "w");
|
||||||
else out = BIO_new_fp(stdout, BIO_NOCLOSE);
|
else {
|
||||||
|
out = BIO_new_fp(stdout, BIO_NOCLOSE);
|
||||||
|
#ifdef VMS
|
||||||
|
{
|
||||||
|
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||||
|
out = BIO_push(tmpbio, out);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
if(!out) {
|
if(!out) {
|
||||||
BIO_printf(bio_err, "Error opening output file\n");
|
BIO_printf(bio_err, "Error opening output file\n");
|
||||||
@ -268,9 +284,9 @@ int MAIN(int argc, char **argv)
|
|||||||
CONF_free(conf);
|
CONF_free(conf);
|
||||||
NETSCAPE_SPKI_free(spki);
|
NETSCAPE_SPKI_free(spki);
|
||||||
BIO_free(in);
|
BIO_free(in);
|
||||||
BIO_free(out);
|
BIO_free_all(out);
|
||||||
BIO_free(key);
|
BIO_free(key);
|
||||||
EVP_PKEY_free(pkey);
|
EVP_PKEY_free(pkey);
|
||||||
if(passin) Free(passin);
|
if(passin) OPENSSL_free(passin);
|
||||||
EXIT(ret);
|
EXIT(ret);
|
||||||
}
|
}
|
||||||
|
@ -70,9 +70,9 @@
|
|||||||
#define PROG verify_main
|
#define PROG verify_main
|
||||||
|
|
||||||
static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx);
|
static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx);
|
||||||
static int check(X509_STORE *ctx,char *file, STACK_OF(X509)*other, int purpose);
|
static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose);
|
||||||
static STACK_OF(X509) *load_untrusted(char *file);
|
static STACK_OF(X509) *load_untrusted(char *file);
|
||||||
static int v_verbose=0;
|
static int v_verbose=0, issuer_checks = 0;
|
||||||
|
|
||||||
int MAIN(int, char **);
|
int MAIN(int, char **);
|
||||||
|
|
||||||
@ -81,8 +81,8 @@ int MAIN(int argc, char **argv)
|
|||||||
int i,ret=1;
|
int i,ret=1;
|
||||||
int purpose = -1;
|
int purpose = -1;
|
||||||
char *CApath=NULL,*CAfile=NULL;
|
char *CApath=NULL,*CAfile=NULL;
|
||||||
char *untfile = NULL;
|
char *untfile = NULL, *trustfile = NULL;
|
||||||
STACK_OF(X509) *untrusted = NULL;
|
STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
|
||||||
X509_STORE *cert_ctx=NULL;
|
X509_STORE *cert_ctx=NULL;
|
||||||
X509_LOOKUP *lookup=NULL;
|
X509_LOOKUP *lookup=NULL;
|
||||||
|
|
||||||
@ -132,8 +132,15 @@ int MAIN(int argc, char **argv)
|
|||||||
if (argc-- < 1) goto end;
|
if (argc-- < 1) goto end;
|
||||||
untfile= *(++argv);
|
untfile= *(++argv);
|
||||||
}
|
}
|
||||||
|
else if (strcmp(*argv,"-trusted") == 0)
|
||||||
|
{
|
||||||
|
if (argc-- < 1) goto end;
|
||||||
|
trustfile= *(++argv);
|
||||||
|
}
|
||||||
else if (strcmp(*argv,"-help") == 0)
|
else if (strcmp(*argv,"-help") == 0)
|
||||||
goto end;
|
goto end;
|
||||||
|
else if (strcmp(*argv,"-issuer_checks") == 0)
|
||||||
|
issuer_checks=1;
|
||||||
else if (strcmp(*argv,"-verbose") == 0)
|
else if (strcmp(*argv,"-verbose") == 0)
|
||||||
v_verbose=1;
|
v_verbose=1;
|
||||||
else if (argv[0][0] == '-')
|
else if (argv[0][0] == '-')
|
||||||
@ -179,14 +186,22 @@ int MAIN(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (argc < 1) check(cert_ctx, NULL, untrusted, purpose);
|
if(trustfile) {
|
||||||
|
if(!(trusted = load_untrusted(trustfile))) {
|
||||||
|
BIO_printf(bio_err, "Error loading untrusted file %s\n", trustfile);
|
||||||
|
ERR_print_errors(bio_err);
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, purpose);
|
||||||
else
|
else
|
||||||
for (i=0; i<argc; i++)
|
for (i=0; i<argc; i++)
|
||||||
check(cert_ctx,argv[i], untrusted, purpose);
|
check(cert_ctx,argv[i], untrusted, trusted, purpose);
|
||||||
ret=0;
|
ret=0;
|
||||||
end:
|
end:
|
||||||
if (ret == 1) {
|
if (ret == 1) {
|
||||||
BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] cert1 cert2 ...\n");
|
BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] cert1 cert2 ...\n");
|
||||||
BIO_printf(bio_err,"recognized usages:\n");
|
BIO_printf(bio_err,"recognized usages:\n");
|
||||||
for(i = 0; i < X509_PURPOSE_get_count(); i++) {
|
for(i = 0; i < X509_PURPOSE_get_count(); i++) {
|
||||||
X509_PURPOSE *ptmp;
|
X509_PURPOSE *ptmp;
|
||||||
@ -197,10 +212,11 @@ int MAIN(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
|
if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
|
||||||
sk_X509_pop_free(untrusted, X509_free);
|
sk_X509_pop_free(untrusted, X509_free);
|
||||||
|
sk_X509_pop_free(trusted, X509_free);
|
||||||
EXIT(ret);
|
EXIT(ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, int purpose)
|
static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose)
|
||||||
{
|
{
|
||||||
X509 *x=NULL;
|
X509 *x=NULL;
|
||||||
BIO *in=NULL;
|
BIO *in=NULL;
|
||||||
@ -242,7 +258,10 @@ static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, int purpos
|
|||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
X509_STORE_CTX_init(csc,ctx,x,uchain);
|
X509_STORE_CTX_init(csc,ctx,x,uchain);
|
||||||
|
if(tchain) X509_STORE_CTX_trusted_stack(csc, tchain);
|
||||||
if(purpose >= 0) X509_STORE_CTX_set_purpose(csc, purpose);
|
if(purpose >= 0) X509_STORE_CTX_set_purpose(csc, purpose);
|
||||||
|
if(issuer_checks)
|
||||||
|
X509_STORE_CTX_set_flags(csc, X509_V_FLAG_CB_ISSUER_CHECK);
|
||||||
i=X509_verify_cert(csc);
|
i=X509_verify_cert(csc);
|
||||||
X509_STORE_CTX_free(csc);
|
X509_STORE_CTX_free(csc);
|
||||||
|
|
||||||
|
@ -81,8 +81,6 @@
|
|||||||
#define POSTFIX ".srl"
|
#define POSTFIX ".srl"
|
||||||
#define DEF_DAYS 30
|
#define DEF_DAYS 30
|
||||||
|
|
||||||
#define CERT_HDR "certificate"
|
|
||||||
|
|
||||||
static char *x509_usage[]={
|
static char *x509_usage[]={
|
||||||
"usage: x509 args\n",
|
"usage: x509 args\n",
|
||||||
" -inform arg - input format - default PEM (one of DER, NET or PEM)\n",
|
" -inform arg - input format - default PEM (one of DER, NET or PEM)\n",
|
||||||
@ -97,6 +95,7 @@ static char *x509_usage[]={
|
|||||||
" -hash - print hash value\n",
|
" -hash - print hash value\n",
|
||||||
" -subject - print subject DN\n",
|
" -subject - print subject DN\n",
|
||||||
" -issuer - print issuer DN\n",
|
" -issuer - print issuer DN\n",
|
||||||
|
" -email - print email address(es)\n",
|
||||||
" -startdate - notBefore field\n",
|
" -startdate - notBefore field\n",
|
||||||
" -enddate - notAfter field\n",
|
" -enddate - notAfter field\n",
|
||||||
" -purpose - print out certificate purposes\n",
|
" -purpose - print out certificate purposes\n",
|
||||||
@ -113,6 +112,8 @@ static char *x509_usage[]={
|
|||||||
" -addreject arg - reject certificate for a given purpose\n",
|
" -addreject arg - reject certificate for a given purpose\n",
|
||||||
" -setalias arg - set certificate alias\n",
|
" -setalias arg - set certificate alias\n",
|
||||||
" -days arg - How long till expiry of a signed certificate - def 30 days\n",
|
" -days arg - How long till expiry of a signed certificate - def 30 days\n",
|
||||||
|
" -checkend arg - check whether the cert expires in the next arg seconds\n",
|
||||||
|
" exit 1 if so, 0 if not\n",
|
||||||
" -signkey arg - self sign cert with arg\n",
|
" -signkey arg - self sign cert with arg\n",
|
||||||
" -x509toreq - output a certification request object\n",
|
" -x509toreq - output a certification request object\n",
|
||||||
" -req - input is a certificate request, sign and output.\n",
|
" -req - input is a certificate request, sign and output.\n",
|
||||||
@ -127,12 +128,11 @@ static char *x509_usage[]={
|
|||||||
" -extfile - configuration file with X509V3 extensions to add\n",
|
" -extfile - configuration file with X509V3 extensions to add\n",
|
||||||
" -extensions - section from config file with X509V3 extensions to add\n",
|
" -extensions - section from config file with X509V3 extensions to add\n",
|
||||||
" -clrext - delete extensions before signing and input certificate\n",
|
" -clrext - delete extensions before signing and input certificate\n",
|
||||||
|
" -nameopt arg - various certificate name options\n",
|
||||||
NULL
|
NULL
|
||||||
};
|
};
|
||||||
|
|
||||||
static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
|
static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
|
||||||
static EVP_PKEY *load_key(char *file, int format, char *passin);
|
|
||||||
static X509 *load_cert(char *file, int format);
|
|
||||||
static int sign (X509 *x, EVP_PKEY *pkey,int days,int clrext, const EVP_MD *digest,
|
static int sign (X509 *x, EVP_PKEY *pkey,int days,int clrext, const EVP_MD *digest,
|
||||||
LHASH *conf, char *section);
|
LHASH *conf, char *section);
|
||||||
static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest,
|
static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest,
|
||||||
@ -159,7 +159,7 @@ int MAIN(int argc, char **argv)
|
|||||||
char *CAkeyfile=NULL,*CAserial=NULL;
|
char *CAkeyfile=NULL,*CAserial=NULL;
|
||||||
char *alias=NULL;
|
char *alias=NULL;
|
||||||
int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0;
|
int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0;
|
||||||
int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0;
|
int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;
|
||||||
int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
|
int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
|
||||||
int C=0;
|
int C=0;
|
||||||
int x509req=0,days=DEF_DAYS,modulus=0,pubkey=0;
|
int x509req=0,days=DEF_DAYS,modulus=0,pubkey=0;
|
||||||
@ -173,6 +173,8 @@ int MAIN(int argc, char **argv)
|
|||||||
LHASH *extconf = NULL;
|
LHASH *extconf = NULL;
|
||||||
char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
|
char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
|
||||||
int need_rand = 0;
|
int need_rand = 0;
|
||||||
|
int checkend=0,checkoffset=0;
|
||||||
|
unsigned long nmflag = 0;
|
||||||
|
|
||||||
reqfile=0;
|
reqfile=0;
|
||||||
|
|
||||||
@ -181,6 +183,12 @@ int MAIN(int argc, char **argv)
|
|||||||
if (bio_err == NULL)
|
if (bio_err == NULL)
|
||||||
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
|
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
|
||||||
STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
|
STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
|
||||||
|
#ifdef VMS
|
||||||
|
{
|
||||||
|
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||||
|
STDout = BIO_push(tmpbio, STDout);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
informat=FORMAT_PEM;
|
informat=FORMAT_PEM;
|
||||||
outformat=FORMAT_PEM;
|
outformat=FORMAT_PEM;
|
||||||
@ -289,24 +297,26 @@ int MAIN(int argc, char **argv)
|
|||||||
else if (strcmp(*argv,"-addtrust") == 0)
|
else if (strcmp(*argv,"-addtrust") == 0)
|
||||||
{
|
{
|
||||||
if (--argc < 1) goto bad;
|
if (--argc < 1) goto bad;
|
||||||
if(!(objtmp = OBJ_txt2obj(*(++argv), 0))) {
|
if (!(objtmp = OBJ_txt2obj(*(++argv), 0)))
|
||||||
|
{
|
||||||
BIO_printf(bio_err,
|
BIO_printf(bio_err,
|
||||||
"Invalid trust object value %s\n", *argv);
|
"Invalid trust object value %s\n", *argv);
|
||||||
goto bad;
|
goto bad;
|
||||||
}
|
}
|
||||||
if(!trust) trust = sk_ASN1_OBJECT_new_null();
|
if (!trust) trust = sk_ASN1_OBJECT_new_null();
|
||||||
sk_ASN1_OBJECT_push(trust, objtmp);
|
sk_ASN1_OBJECT_push(trust, objtmp);
|
||||||
trustout = 1;
|
trustout = 1;
|
||||||
}
|
}
|
||||||
else if (strcmp(*argv,"-addreject") == 0)
|
else if (strcmp(*argv,"-addreject") == 0)
|
||||||
{
|
{
|
||||||
if (--argc < 1) goto bad;
|
if (--argc < 1) goto bad;
|
||||||
if(!(objtmp = OBJ_txt2obj(*(++argv), 0))) {
|
if (!(objtmp = OBJ_txt2obj(*(++argv), 0)))
|
||||||
|
{
|
||||||
BIO_printf(bio_err,
|
BIO_printf(bio_err,
|
||||||
"Invalid reject object value %s\n", *argv);
|
"Invalid reject object value %s\n", *argv);
|
||||||
goto bad;
|
goto bad;
|
||||||
}
|
}
|
||||||
if(!reject) reject = sk_ASN1_OBJECT_new_null();
|
if (!reject) reject = sk_ASN1_OBJECT_new_null();
|
||||||
sk_ASN1_OBJECT_push(reject, objtmp);
|
sk_ASN1_OBJECT_push(reject, objtmp);
|
||||||
trustout = 1;
|
trustout = 1;
|
||||||
}
|
}
|
||||||
@ -316,6 +326,11 @@ int MAIN(int argc, char **argv)
|
|||||||
alias= *(++argv);
|
alias= *(++argv);
|
||||||
trustout = 1;
|
trustout = 1;
|
||||||
}
|
}
|
||||||
|
else if (strcmp(*argv,"-nameopt") == 0)
|
||||||
|
{
|
||||||
|
if (--argc < 1) goto bad;
|
||||||
|
if (!set_name_ex(&nmflag, *(++argv))) goto bad;
|
||||||
|
}
|
||||||
else if (strcmp(*argv,"-setalias") == 0)
|
else if (strcmp(*argv,"-setalias") == 0)
|
||||||
{
|
{
|
||||||
if (--argc < 1) goto bad;
|
if (--argc < 1) goto bad;
|
||||||
@ -324,6 +339,8 @@ int MAIN(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
else if (strcmp(*argv,"-C") == 0)
|
else if (strcmp(*argv,"-C") == 0)
|
||||||
C= ++num;
|
C= ++num;
|
||||||
|
else if (strcmp(*argv,"-email") == 0)
|
||||||
|
email= ++num;
|
||||||
else if (strcmp(*argv,"-serial") == 0)
|
else if (strcmp(*argv,"-serial") == 0)
|
||||||
serial= ++num;
|
serial= ++num;
|
||||||
else if (strcmp(*argv,"-modulus") == 0)
|
else if (strcmp(*argv,"-modulus") == 0)
|
||||||
@ -353,6 +370,12 @@ int MAIN(int argc, char **argv)
|
|||||||
startdate= ++num;
|
startdate= ++num;
|
||||||
else if (strcmp(*argv,"-enddate") == 0)
|
else if (strcmp(*argv,"-enddate") == 0)
|
||||||
enddate= ++num;
|
enddate= ++num;
|
||||||
|
else if (strcmp(*argv,"-checkend") == 0)
|
||||||
|
{
|
||||||
|
if (--argc < 1) goto bad;
|
||||||
|
checkoffset=atoi(*(++argv));
|
||||||
|
checkend=1;
|
||||||
|
}
|
||||||
else if (strcmp(*argv,"-noout") == 0)
|
else if (strcmp(*argv,"-noout") == 0)
|
||||||
noout= ++num;
|
noout= ++num;
|
||||||
else if (strcmp(*argv,"-trustout") == 0)
|
else if (strcmp(*argv,"-trustout") == 0)
|
||||||
@ -402,10 +425,11 @@ int MAIN(int argc, char **argv)
|
|||||||
|
|
||||||
ERR_load_crypto_strings();
|
ERR_load_crypto_strings();
|
||||||
|
|
||||||
if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
|
if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))
|
||||||
|
{
|
||||||
BIO_printf(bio_err, "Error getting password\n");
|
BIO_printf(bio_err, "Error getting password\n");
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!X509_STORE_set_default_paths(ctx))
|
if (!X509_STORE_set_default_paths(ctx))
|
||||||
{
|
{
|
||||||
@ -421,10 +445,12 @@ int MAIN(int argc, char **argv)
|
|||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (extfile) {
|
if (extfile)
|
||||||
|
{
|
||||||
long errorline;
|
long errorline;
|
||||||
X509V3_CTX ctx2;
|
X509V3_CTX ctx2;
|
||||||
if (!(extconf=CONF_load(NULL,extfile,&errorline))) {
|
if (!(extconf=CONF_load(NULL,extfile,&errorline)))
|
||||||
|
{
|
||||||
if (errorline <= 0)
|
if (errorline <= 0)
|
||||||
BIO_printf(bio_err,
|
BIO_printf(bio_err,
|
||||||
"error loading the config file '%s'\n",
|
"error loading the config file '%s'\n",
|
||||||
@ -434,19 +460,20 @@ int MAIN(int argc, char **argv)
|
|||||||
"error on line %ld of config file '%s'\n"
|
"error on line %ld of config file '%s'\n"
|
||||||
,errorline,extfile);
|
,errorline,extfile);
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
if(!extsect && !(extsect = CONF_get_string(extconf, "default",
|
if (!extsect && !(extsect = CONF_get_string(extconf, "default",
|
||||||
"extensions"))) extsect = "default";
|
"extensions"))) extsect = "default";
|
||||||
X509V3_set_ctx_test(&ctx2);
|
X509V3_set_ctx_test(&ctx2);
|
||||||
X509V3_set_conf_lhash(&ctx2, extconf);
|
X509V3_set_conf_lhash(&ctx2, extconf);
|
||||||
if(!X509V3_EXT_add_conf(extconf, &ctx2, extsect, NULL)) {
|
if (!X509V3_EXT_add_conf(extconf, &ctx2, extsect, NULL))
|
||||||
|
{
|
||||||
BIO_printf(bio_err,
|
BIO_printf(bio_err,
|
||||||
"Error Loading extension section %s\n",
|
"Error Loading extension section %s\n",
|
||||||
extsect);
|
extsect);
|
||||||
ERR_print_errors(bio_err);
|
ERR_print_errors(bio_err);
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
if (reqfile)
|
if (reqfile)
|
||||||
@ -474,13 +501,18 @@ int MAIN(int argc, char **argv)
|
|||||||
if (BIO_read_filename(in,infile) <= 0)
|
if (BIO_read_filename(in,infile) <= 0)
|
||||||
{
|
{
|
||||||
perror(infile);
|
perror(infile);
|
||||||
|
BIO_free(in);
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL);
|
req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL);
|
||||||
BIO_free(in);
|
BIO_free(in);
|
||||||
|
|
||||||
if (req == NULL) { perror(infile); goto end; }
|
if (req == NULL)
|
||||||
|
{
|
||||||
|
ERR_print_errors(bio_err);
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
|
||||||
if ( (req->req_info == NULL) ||
|
if ( (req->req_info == NULL) ||
|
||||||
(req->req_info->pubkey == NULL) ||
|
(req->req_info->pubkey == NULL) ||
|
||||||
@ -511,9 +543,8 @@ int MAIN(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
BIO_printf(bio_err,"Signature ok\n");
|
BIO_printf(bio_err,"Signature ok\n");
|
||||||
|
|
||||||
X509_NAME_oneline(req->req_info->subject,buf,256);
|
print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), nmflag);
|
||||||
BIO_printf(bio_err,"subject=%s\n",buf);
|
|
||||||
|
|
||||||
if ((x=X509_new()) == NULL) goto end;
|
if ((x=X509_new()) == NULL) goto end;
|
||||||
ci=x->cert_info;
|
ci=x->cert_info;
|
||||||
@ -530,12 +561,12 @@ int MAIN(int argc, char **argv)
|
|||||||
EVP_PKEY_free(pkey);
|
EVP_PKEY_free(pkey);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
x=load_cert(infile,informat);
|
x=load_cert(bio_err,infile,informat);
|
||||||
|
|
||||||
if (x == NULL) goto end;
|
if (x == NULL) goto end;
|
||||||
if (CA_flag)
|
if (CA_flag)
|
||||||
{
|
{
|
||||||
xca=load_cert(CAfile,CAformat);
|
xca=load_cert(bio_err,CAfile,CAformat);
|
||||||
if (xca == NULL) goto end;
|
if (xca == NULL) goto end;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -551,7 +582,15 @@ int MAIN(int argc, char **argv)
|
|||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
if (outfile == NULL)
|
if (outfile == NULL)
|
||||||
|
{
|
||||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||||
|
#ifdef VMS
|
||||||
|
{
|
||||||
|
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||||
|
out = BIO_push(tmpbio, out);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if (BIO_write_filename(out,outfile) <= 0)
|
if (BIO_write_filename(out,outfile) <= 0)
|
||||||
@ -562,24 +601,28 @@ int MAIN(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if(alias) X509_alias_set1(x, (unsigned char *)alias, -1);
|
if (alias) X509_alias_set1(x, (unsigned char *)alias, -1);
|
||||||
|
|
||||||
if(clrtrust) X509_trust_clear(x);
|
if (clrtrust) X509_trust_clear(x);
|
||||||
if(clrreject) X509_reject_clear(x);
|
if (clrreject) X509_reject_clear(x);
|
||||||
|
|
||||||
if(trust) {
|
if (trust)
|
||||||
for(i = 0; i < sk_ASN1_OBJECT_num(trust); i++) {
|
{
|
||||||
|
for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++)
|
||||||
|
{
|
||||||
objtmp = sk_ASN1_OBJECT_value(trust, i);
|
objtmp = sk_ASN1_OBJECT_value(trust, i);
|
||||||
X509_add1_trust_object(x, objtmp);
|
X509_add1_trust_object(x, objtmp);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
if(reject) {
|
if (reject)
|
||||||
for(i = 0; i < sk_ASN1_OBJECT_num(reject); i++) {
|
{
|
||||||
|
for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++)
|
||||||
|
{
|
||||||
objtmp = sk_ASN1_OBJECT_value(reject, i);
|
objtmp = sk_ASN1_OBJECT_value(reject, i);
|
||||||
X509_add1_reject_object(x, objtmp);
|
X509_add1_reject_object(x, objtmp);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
if (num)
|
if (num)
|
||||||
{
|
{
|
||||||
@ -587,15 +630,13 @@ int MAIN(int argc, char **argv)
|
|||||||
{
|
{
|
||||||
if (issuer == i)
|
if (issuer == i)
|
||||||
{
|
{
|
||||||
X509_NAME_oneline(X509_get_issuer_name(x),
|
print_name(STDout, "issuer= ",
|
||||||
buf,256);
|
X509_get_issuer_name(x), nmflag);
|
||||||
BIO_printf(STDout,"issuer= %s\n",buf);
|
|
||||||
}
|
}
|
||||||
else if (subject == i)
|
else if (subject == i)
|
||||||
{
|
{
|
||||||
X509_NAME_oneline(X509_get_subject_name(x),
|
print_name(STDout, "subject= ",
|
||||||
buf,256);
|
X509_get_subject_name(x), nmflag);
|
||||||
BIO_printf(STDout,"subject=%s\n",buf);
|
|
||||||
}
|
}
|
||||||
else if (serial == i)
|
else if (serial == i)
|
||||||
{
|
{
|
||||||
@ -603,11 +644,20 @@ int MAIN(int argc, char **argv)
|
|||||||
i2a_ASN1_INTEGER(STDout,x->cert_info->serialNumber);
|
i2a_ASN1_INTEGER(STDout,x->cert_info->serialNumber);
|
||||||
BIO_printf(STDout,"\n");
|
BIO_printf(STDout,"\n");
|
||||||
}
|
}
|
||||||
|
else if (email == i)
|
||||||
|
{
|
||||||
|
int j;
|
||||||
|
STACK *emlst;
|
||||||
|
emlst = X509_get1_email(x);
|
||||||
|
for (j = 0; j < sk_num(emlst); j++)
|
||||||
|
BIO_printf(STDout, "%s\n", sk_value(emlst, j));
|
||||||
|
X509_email_free(emlst);
|
||||||
|
}
|
||||||
else if (aliasout == i)
|
else if (aliasout == i)
|
||||||
{
|
{
|
||||||
unsigned char *alstr;
|
unsigned char *alstr;
|
||||||
alstr = X509_alias_get0(x, NULL);
|
alstr = X509_alias_get0(x, NULL);
|
||||||
if(alstr) BIO_printf(STDout,"%s\n", alstr);
|
if (alstr) BIO_printf(STDout,"%s\n", alstr);
|
||||||
else BIO_puts(STDout,"<No Alias>\n");
|
else BIO_puts(STDout,"<No Alias>\n");
|
||||||
}
|
}
|
||||||
else if (hash == i)
|
else if (hash == i)
|
||||||
@ -619,7 +669,7 @@ int MAIN(int argc, char **argv)
|
|||||||
X509_PURPOSE *ptmp;
|
X509_PURPOSE *ptmp;
|
||||||
int j;
|
int j;
|
||||||
BIO_printf(STDout, "Certificate purposes:\n");
|
BIO_printf(STDout, "Certificate purposes:\n");
|
||||||
for(j = 0; j < X509_PURPOSE_get_count(); j++)
|
for (j = 0; j < X509_PURPOSE_get_count(); j++)
|
||||||
{
|
{
|
||||||
ptmp = X509_PURPOSE_get0(j);
|
ptmp = X509_PURPOSE_get0(j);
|
||||||
purpose_print(STDout, x, ptmp);
|
purpose_print(STDout, x, ptmp);
|
||||||
@ -682,7 +732,7 @@ int MAIN(int argc, char **argv)
|
|||||||
BIO_printf(STDout,"/* issuer :%s */\n",buf);
|
BIO_printf(STDout,"/* issuer :%s */\n",buf);
|
||||||
|
|
||||||
z=i2d_X509(x,NULL);
|
z=i2d_X509(x,NULL);
|
||||||
m=Malloc(z);
|
m=OPENSSL_malloc(z);
|
||||||
|
|
||||||
d=(unsigned char *)m;
|
d=(unsigned char *)m;
|
||||||
z=i2d_X509_NAME(X509_get_subject_name(x),&d);
|
z=i2d_X509_NAME(X509_get_subject_name(x),&d);
|
||||||
@ -720,7 +770,7 @@ int MAIN(int argc, char **argv)
|
|||||||
if (y%16 != 0) BIO_printf(STDout,"\n");
|
if (y%16 != 0) BIO_printf(STDout,"\n");
|
||||||
BIO_printf(STDout,"};\n");
|
BIO_printf(STDout,"};\n");
|
||||||
|
|
||||||
Free(m);
|
OPENSSL_free(m);
|
||||||
}
|
}
|
||||||
else if (text == i)
|
else if (text == i)
|
||||||
{
|
{
|
||||||
@ -765,7 +815,8 @@ int MAIN(int argc, char **argv)
|
|||||||
BIO_printf(bio_err,"Getting Private key\n");
|
BIO_printf(bio_err,"Getting Private key\n");
|
||||||
if (Upkey == NULL)
|
if (Upkey == NULL)
|
||||||
{
|
{
|
||||||
Upkey=load_key(keyfile,keyformat, passin);
|
Upkey=load_key(bio_err,
|
||||||
|
keyfile,keyformat, passin);
|
||||||
if (Upkey == NULL) goto end;
|
if (Upkey == NULL) goto end;
|
||||||
}
|
}
|
||||||
#ifndef NO_DSA
|
#ifndef NO_DSA
|
||||||
@ -782,7 +833,8 @@ int MAIN(int argc, char **argv)
|
|||||||
BIO_printf(bio_err,"Getting CA Private Key\n");
|
BIO_printf(bio_err,"Getting CA Private Key\n");
|
||||||
if (CAkeyfile != NULL)
|
if (CAkeyfile != NULL)
|
||||||
{
|
{
|
||||||
CApkey=load_key(CAkeyfile,CAkeyformat, passin);
|
CApkey=load_key(bio_err,
|
||||||
|
CAkeyfile,CAkeyformat, passin);
|
||||||
if (CApkey == NULL) goto end;
|
if (CApkey == NULL) goto end;
|
||||||
}
|
}
|
||||||
#ifndef NO_DSA
|
#ifndef NO_DSA
|
||||||
@ -808,7 +860,8 @@ int MAIN(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
pk=load_key(keyfile,FORMAT_PEM, passin);
|
pk=load_key(bio_err,
|
||||||
|
keyfile,FORMAT_PEM, passin);
|
||||||
if (pk == NULL) goto end;
|
if (pk == NULL) goto end;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -834,6 +887,23 @@ int MAIN(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (checkend)
|
||||||
|
{
|
||||||
|
time_t tnow=time(NULL);
|
||||||
|
|
||||||
|
if (ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(x), tnow+checkoffset) == -1)
|
||||||
|
{
|
||||||
|
BIO_printf(out,"Certificate will expire\n");
|
||||||
|
ret=1;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
BIO_printf(out,"Certificate will not expire\n");
|
||||||
|
ret=0;
|
||||||
|
}
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
|
||||||
if (noout)
|
if (noout)
|
||||||
{
|
{
|
||||||
ret=0;
|
ret=0;
|
||||||
@ -842,16 +912,18 @@ int MAIN(int argc, char **argv)
|
|||||||
|
|
||||||
if (outformat == FORMAT_ASN1)
|
if (outformat == FORMAT_ASN1)
|
||||||
i=i2d_X509_bio(out,x);
|
i=i2d_X509_bio(out,x);
|
||||||
else if (outformat == FORMAT_PEM) {
|
else if (outformat == FORMAT_PEM)
|
||||||
if(trustout) i=PEM_write_bio_X509_AUX(out,x);
|
{
|
||||||
|
if (trustout) i=PEM_write_bio_X509_AUX(out,x);
|
||||||
else i=PEM_write_bio_X509(out,x);
|
else i=PEM_write_bio_X509(out,x);
|
||||||
} else if (outformat == FORMAT_NETSCAPE)
|
}
|
||||||
|
else if (outformat == FORMAT_NETSCAPE)
|
||||||
{
|
{
|
||||||
ASN1_HEADER ah;
|
ASN1_HEADER ah;
|
||||||
ASN1_OCTET_STRING os;
|
ASN1_OCTET_STRING os;
|
||||||
|
|
||||||
os.data=(unsigned char *)CERT_HDR;
|
os.data=(unsigned char *)NETSCAPE_CERT_HDR;
|
||||||
os.length=strlen(CERT_HDR);
|
os.length=strlen(NETSCAPE_CERT_HDR);
|
||||||
ah.header= &os;
|
ah.header= &os;
|
||||||
ah.data=(char *)x;
|
ah.data=(char *)x;
|
||||||
ah.meth=X509_asn1_meth();
|
ah.meth=X509_asn1_meth();
|
||||||
@ -863,7 +935,8 @@ int MAIN(int argc, char **argv)
|
|||||||
BIO_printf(bio_err,"bad output format specified for outfile\n");
|
BIO_printf(bio_err,"bad output format specified for outfile\n");
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
if (!i) {
|
if (!i)
|
||||||
|
{
|
||||||
BIO_printf(bio_err,"unable to write certificate\n");
|
BIO_printf(bio_err,"unable to write certificate\n");
|
||||||
ERR_print_errors(bio_err);
|
ERR_print_errors(bio_err);
|
||||||
goto end;
|
goto end;
|
||||||
@ -874,8 +947,8 @@ int MAIN(int argc, char **argv)
|
|||||||
app_RAND_write_file(NULL, bio_err);
|
app_RAND_write_file(NULL, bio_err);
|
||||||
OBJ_cleanup();
|
OBJ_cleanup();
|
||||||
CONF_free(extconf);
|
CONF_free(extconf);
|
||||||
BIO_free(out);
|
BIO_free_all(out);
|
||||||
BIO_free(STDout);
|
BIO_free_all(STDout);
|
||||||
X509_STORE_free(ctx);
|
X509_STORE_free(ctx);
|
||||||
X509_REQ_free(req);
|
X509_REQ_free(req);
|
||||||
X509_free(x);
|
X509_free(x);
|
||||||
@ -885,7 +958,7 @@ int MAIN(int argc, char **argv)
|
|||||||
X509_REQ_free(rq);
|
X509_REQ_free(rq);
|
||||||
sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
|
sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
|
||||||
sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
|
sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
|
||||||
if(passin) Free(passin);
|
if (passin) OPENSSL_free(passin);
|
||||||
EXIT(ret);
|
EXIT(ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -907,7 +980,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
|
|||||||
EVP_PKEY_free(upkey);
|
EVP_PKEY_free(upkey);
|
||||||
|
|
||||||
X509_STORE_CTX_init(&xsc,ctx,x,NULL);
|
X509_STORE_CTX_init(&xsc,ctx,x,NULL);
|
||||||
buf=Malloc(EVP_PKEY_size(pkey)*2+
|
buf=OPENSSL_malloc(EVP_PKEY_size(pkey)*2+
|
||||||
((serialfile == NULL)
|
((serialfile == NULL)
|
||||||
?(strlen(CAfile)+strlen(POSTFIX)+1)
|
?(strlen(CAfile)+strlen(POSTFIX)+1)
|
||||||
:(strlen(serialfile)))+1);
|
:(strlen(serialfile)))+1);
|
||||||
@ -1012,17 +1085,19 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
|
|||||||
if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)
|
if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)
|
||||||
goto end;
|
goto end;
|
||||||
|
|
||||||
if(clrext) {
|
if (clrext)
|
||||||
while(X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
|
{
|
||||||
}
|
while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
|
||||||
|
}
|
||||||
|
|
||||||
if(conf) {
|
if (conf)
|
||||||
|
{
|
||||||
X509V3_CTX ctx2;
|
X509V3_CTX ctx2;
|
||||||
X509_set_version(x,2); /* version 3 certificate */
|
X509_set_version(x,2); /* version 3 certificate */
|
||||||
X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
|
X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
|
||||||
X509V3_set_conf_lhash(&ctx2, conf);
|
X509V3_set_conf_lhash(&ctx2, conf);
|
||||||
if(!X509V3_EXT_add_conf(conf, &ctx2, section, x)) goto end;
|
if (!X509V3_EXT_add_conf(conf, &ctx2, section, x)) goto end;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!X509_sign(x,pkey,digest)) goto end;
|
if (!X509_sign(x,pkey,digest)) goto end;
|
||||||
ret=1;
|
ret=1;
|
||||||
@ -1030,16 +1105,15 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
|
|||||||
X509_STORE_CTX_cleanup(&xsc);
|
X509_STORE_CTX_cleanup(&xsc);
|
||||||
if (!ret)
|
if (!ret)
|
||||||
ERR_print_errors(bio_err);
|
ERR_print_errors(bio_err);
|
||||||
if (buf != NULL) Free(buf);
|
if (buf != NULL) OPENSSL_free(buf);
|
||||||
if (bs != NULL) ASN1_INTEGER_free(bs);
|
if (bs != NULL) ASN1_INTEGER_free(bs);
|
||||||
if (io != NULL) BIO_free(io);
|
if (io != NULL) BIO_free(io);
|
||||||
if (serial != NULL) BN_free(serial);
|
if (serial != NULL) BN_free(serial);
|
||||||
return(ret);
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
|
static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
|
||||||
{
|
{
|
||||||
char buf[256];
|
|
||||||
int err;
|
int err;
|
||||||
X509 *err_cert;
|
X509 *err_cert;
|
||||||
|
|
||||||
@ -1048,7 +1122,7 @@ static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
|
|||||||
* final ok == 1 calls to this function */
|
* final ok == 1 calls to this function */
|
||||||
err=X509_STORE_CTX_get_error(ctx);
|
err=X509_STORE_CTX_get_error(ctx);
|
||||||
if (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
|
if (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
|
||||||
return(1);
|
return 1;
|
||||||
|
|
||||||
/* BAD we should have gotten an error. Normally if everything
|
/* BAD we should have gotten an error. Normally if everything
|
||||||
* worked X509_STORE_CTX_get_error(ctx) will still be set to
|
* worked X509_STORE_CTX_get_error(ctx) will still be set to
|
||||||
@ -1056,147 +1130,19 @@ static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
|
|||||||
if (ok)
|
if (ok)
|
||||||
{
|
{
|
||||||
BIO_printf(bio_err,"error with certificate to be certified - should be self signed\n");
|
BIO_printf(bio_err,"error with certificate to be certified - should be self signed\n");
|
||||||
return(0);
|
return 0;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
err_cert=X509_STORE_CTX_get_current_cert(ctx);
|
err_cert=X509_STORE_CTX_get_current_cert(ctx);
|
||||||
X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
|
print_name(bio_err, NULL, X509_get_subject_name(err_cert),0);
|
||||||
BIO_printf(bio_err,"%s\n",buf);
|
|
||||||
BIO_printf(bio_err,"error with certificate - error %d at depth %d\n%s\n",
|
BIO_printf(bio_err,"error with certificate - error %d at depth %d\n%s\n",
|
||||||
err,X509_STORE_CTX_get_error_depth(ctx),
|
err,X509_STORE_CTX_get_error_depth(ctx),
|
||||||
X509_verify_cert_error_string(err));
|
X509_verify_cert_error_string(err));
|
||||||
return(1);
|
return 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static EVP_PKEY *load_key(char *file, int format, char *passin)
|
|
||||||
{
|
|
||||||
BIO *key=NULL;
|
|
||||||
EVP_PKEY *pkey=NULL;
|
|
||||||
|
|
||||||
if (file == NULL)
|
|
||||||
{
|
|
||||||
BIO_printf(bio_err,"no keyfile specified\n");
|
|
||||||
goto end;
|
|
||||||
}
|
|
||||||
key=BIO_new(BIO_s_file());
|
|
||||||
if (key == NULL)
|
|
||||||
{
|
|
||||||
ERR_print_errors(bio_err);
|
|
||||||
goto end;
|
|
||||||
}
|
|
||||||
if (BIO_read_filename(key,file) <= 0)
|
|
||||||
{
|
|
||||||
perror(file);
|
|
||||||
goto end;
|
|
||||||
}
|
|
||||||
if (format == FORMAT_ASN1)
|
|
||||||
{
|
|
||||||
pkey=d2i_PrivateKey_bio(key, NULL);
|
|
||||||
}
|
|
||||||
else if (format == FORMAT_PEM)
|
|
||||||
{
|
|
||||||
pkey=PEM_read_bio_PrivateKey(key,NULL,NULL,passin);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
BIO_printf(bio_err,"bad input format specified for key\n");
|
|
||||||
goto end;
|
|
||||||
}
|
|
||||||
end:
|
|
||||||
if (key != NULL) BIO_free(key);
|
|
||||||
if (pkey == NULL)
|
|
||||||
BIO_printf(bio_err,"unable to load Private Key\n");
|
|
||||||
return(pkey);
|
|
||||||
}
|
|
||||||
|
|
||||||
static X509 *load_cert(char *file, int format)
|
|
||||||
{
|
|
||||||
ASN1_HEADER *ah=NULL;
|
|
||||||
BUF_MEM *buf=NULL;
|
|
||||||
X509 *x=NULL;
|
|
||||||
BIO *cert;
|
|
||||||
|
|
||||||
if ((cert=BIO_new(BIO_s_file())) == NULL)
|
|
||||||
{
|
|
||||||
ERR_print_errors(bio_err);
|
|
||||||
goto end;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (file == NULL)
|
|
||||||
BIO_set_fp(cert,stdin,BIO_NOCLOSE);
|
|
||||||
else
|
|
||||||
{
|
|
||||||
if (BIO_read_filename(cert,file) <= 0)
|
|
||||||
{
|
|
||||||
perror(file);
|
|
||||||
goto end;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (format == FORMAT_ASN1)
|
|
||||||
x=d2i_X509_bio(cert,NULL);
|
|
||||||
else if (format == FORMAT_NETSCAPE)
|
|
||||||
{
|
|
||||||
unsigned char *p,*op;
|
|
||||||
int size=0,i;
|
|
||||||
|
|
||||||
/* We sort of have to do it this way because it is sort of nice
|
|
||||||
* to read the header first and check it, then
|
|
||||||
* try to read the certificate */
|
|
||||||
buf=BUF_MEM_new();
|
|
||||||
for (;;)
|
|
||||||
{
|
|
||||||
if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10)))
|
|
||||||
goto end;
|
|
||||||
i=BIO_read(cert,&(buf->data[size]),1024*10);
|
|
||||||
size+=i;
|
|
||||||
if (i == 0) break;
|
|
||||||
if (i < 0)
|
|
||||||
{
|
|
||||||
perror("reading certificate");
|
|
||||||
goto end;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
p=(unsigned char *)buf->data;
|
|
||||||
op=p;
|
|
||||||
|
|
||||||
/* First load the header */
|
|
||||||
if ((ah=d2i_ASN1_HEADER(NULL,&p,(long)size)) == NULL)
|
|
||||||
goto end;
|
|
||||||
if ((ah->header == NULL) || (ah->header->data == NULL) ||
|
|
||||||
(strncmp(CERT_HDR,(char *)ah->header->data,
|
|
||||||
ah->header->length) != 0))
|
|
||||||
{
|
|
||||||
BIO_printf(bio_err,"Error reading header on certificate\n");
|
|
||||||
goto end;
|
|
||||||
}
|
|
||||||
/* header is ok, so now read the object */
|
|
||||||
p=op;
|
|
||||||
ah->meth=X509_asn1_meth();
|
|
||||||
if ((ah=d2i_ASN1_HEADER(&ah,&p,(long)size)) == NULL)
|
|
||||||
goto end;
|
|
||||||
x=(X509 *)ah->data;
|
|
||||||
ah->data=NULL;
|
|
||||||
}
|
|
||||||
else if (format == FORMAT_PEM)
|
|
||||||
x=PEM_read_bio_X509_AUX(cert,NULL,NULL,NULL);
|
|
||||||
else {
|
|
||||||
BIO_printf(bio_err,"bad input format specified for input cert\n");
|
|
||||||
goto end;
|
|
||||||
}
|
|
||||||
end:
|
|
||||||
if (x == NULL)
|
|
||||||
{
|
|
||||||
BIO_printf(bio_err,"unable to load certificate\n");
|
|
||||||
ERR_print_errors(bio_err);
|
|
||||||
}
|
|
||||||
if (ah != NULL) ASN1_HEADER_free(ah);
|
|
||||||
if (cert != NULL) BIO_free(cert);
|
|
||||||
if (buf != NULL) BUF_MEM_free(buf);
|
|
||||||
return(x);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* self sign */
|
/* self sign */
|
||||||
static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest,
|
static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest,
|
||||||
LHASH *conf, char *section)
|
LHASH *conf, char *section)
|
||||||
@ -1220,21 +1166,23 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *dig
|
|||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
if (!X509_set_pubkey(x,pkey)) goto err;
|
if (!X509_set_pubkey(x,pkey)) goto err;
|
||||||
if(clrext) {
|
if (clrext)
|
||||||
while(X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
|
{
|
||||||
}
|
while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
|
||||||
if(conf) {
|
}
|
||||||
|
if (conf)
|
||||||
|
{
|
||||||
X509V3_CTX ctx;
|
X509V3_CTX ctx;
|
||||||
X509_set_version(x,2); /* version 3 certificate */
|
X509_set_version(x,2); /* version 3 certificate */
|
||||||
X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
|
X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
|
||||||
X509V3_set_conf_lhash(&ctx, conf);
|
X509V3_set_conf_lhash(&ctx, conf);
|
||||||
if(!X509V3_EXT_add_conf(conf, &ctx, section, x)) goto err;
|
if (!X509V3_EXT_add_conf(conf, &ctx, section, x)) goto err;
|
||||||
}
|
}
|
||||||
if (!X509_sign(x,pkey,digest)) goto err;
|
if (!X509_sign(x,pkey,digest)) goto err;
|
||||||
return(1);
|
return 1;
|
||||||
err:
|
err:
|
||||||
ERR_print_errors(bio_err);
|
ERR_print_errors(bio_err);
|
||||||
return(0);
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)
|
static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)
|
||||||
@ -1243,13 +1191,14 @@ static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)
|
|||||||
char *pname;
|
char *pname;
|
||||||
id = X509_PURPOSE_get_id(pt);
|
id = X509_PURPOSE_get_id(pt);
|
||||||
pname = X509_PURPOSE_get0_name(pt);
|
pname = X509_PURPOSE_get0_name(pt);
|
||||||
for(i = 0; i < 2; i++) {
|
for (i = 0; i < 2; i++)
|
||||||
|
{
|
||||||
idret = X509_check_purpose(cert, id, i);
|
idret = X509_check_purpose(cert, id, i);
|
||||||
BIO_printf(bio, "%s%s : ", pname, i ? " CA" : "");
|
BIO_printf(bio, "%s%s : ", pname, i ? " CA" : "");
|
||||||
if(idret == 1) BIO_printf(bio, "Yes\n");
|
if (idret == 1) BIO_printf(bio, "Yes\n");
|
||||||
else if (idret == 0) BIO_printf(bio, "No\n");
|
else if (idret == 0) BIO_printf(bio, "No\n");
|
||||||
else BIO_printf(bio, "Yes (WARNING code=%d)\n", idret);
|
else BIO_printf(bio, "Yes (WARNING code=%d)\n", idret);
|
||||||
}
|
}
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -71,6 +71,10 @@ fi
|
|||||||
# Now we simply scan though... In most cases, the SYSTEM info is enough
|
# Now we simply scan though... In most cases, the SYSTEM info is enough
|
||||||
#
|
#
|
||||||
case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
|
case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
|
||||||
|
MPE/iX:*)
|
||||||
|
MACHINE=`echo "$MACHINE" | sed -e 's/-/_/g'`
|
||||||
|
echo "parisc-hp-MPE/iX"; exit 0
|
||||||
|
;;
|
||||||
A/UX:*)
|
A/UX:*)
|
||||||
echo "m68k-apple-aux3"; exit 0
|
echo "m68k-apple-aux3"; exit 0
|
||||||
;;
|
;;
|
||||||
@ -164,7 +168,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
|
|||||||
;;
|
;;
|
||||||
|
|
||||||
NetBSD:*:*:*386*)
|
NetBSD:*:*:*386*)
|
||||||
echo "`sysctl -n hw.model | sed 's,.*\(.\)86-class.*,i\186,'`-whateve\r-netbsd"; exit 0
|
echo "`/usr/sbin/sysctl -n hw.model | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0
|
||||||
;;
|
;;
|
||||||
|
|
||||||
NetBSD:*)
|
NetBSD:*)
|
||||||
@ -181,11 +185,11 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
|
|||||||
|
|
||||||
QNX:*)
|
QNX:*)
|
||||||
case "$VERSION" in
|
case "$VERSION" in
|
||||||
423)
|
4*)
|
||||||
echo "${MACHINE}-qssl-qnx32"
|
echo "${MACHINE}-whatever-qnx4"
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
echo "${MACHINE}-qssl-qnx"
|
echo "${MACHINE}-whatever-qnx"
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
exit 0
|
exit 0
|
||||||
@ -200,7 +204,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
|
|||||||
;;
|
;;
|
||||||
|
|
||||||
SunOS:5.*)
|
SunOS:5.*)
|
||||||
echo "${MACHINE}-sun-solaris2"; exit 0
|
echo "${MACHINE}-whatever-solaris2"; exit 0
|
||||||
;;
|
;;
|
||||||
|
|
||||||
SunOS:*)
|
SunOS:*)
|
||||||
@ -247,6 +251,10 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
|
|||||||
echo "${MACHINE}-v11-${SYSTEM}"; exit 0;
|
echo "${MACHINE}-v11-${SYSTEM}"; exit 0;
|
||||||
;;
|
;;
|
||||||
|
|
||||||
|
NEWS-OS:4.*)
|
||||||
|
echo "mips-sony-newsos4"; exit 0;
|
||||||
|
;;
|
||||||
|
|
||||||
esac
|
esac
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -292,8 +300,6 @@ TEST="false"
|
|||||||
for i
|
for i
|
||||||
do
|
do
|
||||||
case "$i" in
|
case "$i" in
|
||||||
# shared library support (behnke@trustcenter.de)
|
|
||||||
-shared) SHARED=true;;
|
|
||||||
-d*) PREFIX="debug-";;
|
-d*) PREFIX="debug-";;
|
||||||
-t*) TEST="true";;
|
-t*) TEST="true";;
|
||||||
-h*) TEST="true"; cat <<EOF
|
-h*) TEST="true"; cat <<EOF
|
||||||
@ -409,6 +415,7 @@ case "$GUESSOS" in
|
|||||||
;;
|
;;
|
||||||
mips-*-linux?) OUT="linux-mips" ;;
|
mips-*-linux?) OUT="linux-mips" ;;
|
||||||
ppc-*-linux2) OUT="linux-ppc" ;;
|
ppc-*-linux2) OUT="linux-ppc" ;;
|
||||||
|
m68k-*-linux*) OUT="linux-m68k" ;;
|
||||||
ia64-*-linux?) OUT="linux-ia64" ;;
|
ia64-*-linux?) OUT="linux-ia64" ;;
|
||||||
ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;;
|
ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;;
|
||||||
sparc64-*-linux2)
|
sparc64-*-linux2)
|
||||||
@ -427,9 +434,10 @@ case "$GUESSOS" in
|
|||||||
sun4d) OUT="linux-sparcv8" ;;
|
sun4d) OUT="linux-sparcv8" ;;
|
||||||
*) OUT="linux-sparcv7" ;;
|
*) OUT="linux-sparcv7" ;;
|
||||||
esac ;;
|
esac ;;
|
||||||
|
arm*-*-linux2) OUT="linux-elf-arm" ;;
|
||||||
*-*-linux2) OUT="linux-elf" ;;
|
*-*-linux2) OUT="linux-elf" ;;
|
||||||
*-*-linux1) OUT="linux-aout" ;;
|
*-*-linux1) OUT="linux-aout" ;;
|
||||||
sun4u*-sun-solaris2)
|
sun4u*-*-solaris2)
|
||||||
ISA64=`(isalist) 2>/dev/null | grep sparcv9`
|
ISA64=`(isalist) 2>/dev/null | grep sparcv9`
|
||||||
if [ "$ISA64" != "" -a "$CC" = "cc" -a $CCVER -ge 50 ]; then
|
if [ "$ISA64" != "" -a "$CC" = "cc" -a $CCVER -ge 50 ]; then
|
||||||
echo "WARNING! If you wish to build 64-bit library, then you have to"
|
echo "WARNING! If you wish to build 64-bit library, then you have to"
|
||||||
@ -438,10 +446,10 @@ case "$GUESSOS" in
|
|||||||
read waste < /dev/tty
|
read waste < /dev/tty
|
||||||
fi
|
fi
|
||||||
OUT="solaris-sparcv9-$CC" ;;
|
OUT="solaris-sparcv9-$CC" ;;
|
||||||
sun4m-sun-solaris2) OUT="solaris-sparcv8-$CC" ;;
|
sun4m-*-solaris2) OUT="solaris-sparcv8-$CC" ;;
|
||||||
sun4d-sun-solaris2) OUT="solaris-sparcv8-$CC" ;;
|
sun4d-*-solaris2) OUT="solaris-sparcv8-$CC" ;;
|
||||||
sun4*-sun-solaris2) OUT="solaris-sparcv7-$CC" ;;
|
sun4*-*-solaris2) OUT="solaris-sparcv7-$CC" ;;
|
||||||
*86*-sun-solaris2) OUT="solaris-x86-$CC" ;;
|
*86*-*-solaris2) OUT="solaris-x86-$CC" ;;
|
||||||
*-*-sunos4) OUT="sunos-$CC" ;;
|
*-*-sunos4) OUT="sunos-$CC" ;;
|
||||||
alpha*-*-freebsd*) OUT="FreeBSD-alpha" ;;
|
alpha*-*-freebsd*) OUT="FreeBSD-alpha" ;;
|
||||||
*-freebsd[3-9]*) OUT="FreeBSD-elf" ;;
|
*-freebsd[3-9]*) OUT="FreeBSD-elf" ;;
|
||||||
@ -470,6 +478,7 @@ case "$GUESSOS" in
|
|||||||
# these are all covered by the catchall below
|
# these are all covered by the catchall below
|
||||||
# *-aix) OUT="aix-$CC" ;;
|
# *-aix) OUT="aix-$CC" ;;
|
||||||
# *-dgux) OUT="dgux" ;;
|
# *-dgux) OUT="dgux" ;;
|
||||||
|
mips-sony-newsos4) OUT="newsos4-gcc" ;;
|
||||||
*) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
|
*) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
@ -479,16 +488,6 @@ then
|
|||||||
options="$options -DATALLA"
|
options="$options -DATALLA"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#get some basic shared lib support (behnke@trustcenter.de)
|
|
||||||
case "$OUT" in
|
|
||||||
solaris-*-gcc)
|
|
||||||
if [ "$SHARED" = "true" ]
|
|
||||||
then
|
|
||||||
options="$options -DPIC -fPIC"
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
# gcc < 2.8 does not support -mcpu=ultrasparc
|
# gcc < 2.8 does not support -mcpu=ultrasparc
|
||||||
if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
|
if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
|
||||||
then
|
then
|
||||||
@ -503,17 +502,6 @@ then
|
|||||||
sleep 5
|
sleep 5
|
||||||
OUT=linux-sparcv8
|
OUT=linux-sparcv8
|
||||||
fi
|
fi
|
||||||
# To start with $OUT is never i86pc-sun-solaris2. Secondly why
|
|
||||||
# ban *all* assembler implementation if it can't stand only one,
|
|
||||||
# SHA-0 implementation.
|
|
||||||
#if [ "$OUT" = "i86pc-sun-solaris2" ]
|
|
||||||
#then
|
|
||||||
# ASM=`as -V /dev/null 2>&1`
|
|
||||||
# case "$ASM" in
|
|
||||||
# GNU*) ;;
|
|
||||||
# *) options="$options no-asm" ; echo "WARNING: You need the GNU assembler to use OpenSSL assembler code." ; echo "Sun as is not supported on Solaris x86." ;;
|
|
||||||
# esac
|
|
||||||
#fi
|
|
||||||
|
|
||||||
case "$GUESSOS" in
|
case "$GUESSOS" in
|
||||||
i386-*) options="$options 386" ;;
|
i386-*) options="$options 386" ;;
|
||||||
@ -569,7 +557,7 @@ OUT="$PREFIX$OUT"
|
|||||||
|
|
||||||
$PERL ./Configure LIST | grep "$OUT" > /dev/null
|
$PERL ./Configure LIST | grep "$OUT" > /dev/null
|
||||||
if [ $? = "0" ]; then
|
if [ $? = "0" ]; then
|
||||||
echo Configuring for $OUT
|
#echo Configuring for $OUT
|
||||||
|
|
||||||
if [ "$TEST" = "true" ]; then
|
if [ "$TEST" = "true" ]; then
|
||||||
echo $PERL ./Configure $OUT $options
|
echo $PERL ./Configure $OUT $options
|
||||||
|
@ -27,7 +27,7 @@ LIBS=
|
|||||||
|
|
||||||
SDIRS= md2 md5 sha mdc2 hmac ripemd \
|
SDIRS= md2 md5 sha mdc2 hmac ripemd \
|
||||||
des rc2 rc4 rc5 idea bf cast \
|
des rc2 rc4 rc5 idea bf cast \
|
||||||
bn rsa dsa dh \
|
bn rsa dsa dh dso \
|
||||||
buffer bio stack lhash rand err objects \
|
buffer bio stack lhash rand err objects \
|
||||||
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
|
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
|
||||||
|
|
||||||
@ -39,8 +39,8 @@ LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdi
|
|||||||
|
|
||||||
SRC= $(LIBSRC)
|
SRC= $(LIBSRC)
|
||||||
|
|
||||||
EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h
|
EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h
|
||||||
HEADER= cryptlib.h buildinf.h $(EXHEADER)
|
HEADER= cryptlib.h buildinf.h md32_common.h $(EXHEADER)
|
||||||
|
|
||||||
ALL= $(GENERAL) $(SRC) $(HEADER)
|
ALL= $(GENERAL) $(SRC) $(HEADER)
|
||||||
|
|
||||||
@ -155,41 +155,45 @@ dclean:
|
|||||||
|
|
||||||
# DO NOT DELETE THIS LINE -- make depend depends on it.
|
# DO NOT DELETE THIS LINE -- make depend depends on it.
|
||||||
|
|
||||||
cpt_err.o: ../include/openssl/crypto.h ../include/openssl/err.h
|
cpt_err.o: ../include/openssl/bio.h ../include/openssl/crypto.h
|
||||||
|
cpt_err.o: ../include/openssl/err.h ../include/openssl/lhash.h
|
||||||
cpt_err.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
|
cpt_err.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
|
||||||
cpt_err.o: ../include/openssl/stack.h
|
cpt_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
|
||||||
cryptlib.o: ../include/openssl/bio.h ../include/openssl/buffer.h
|
cryptlib.o: ../include/openssl/bio.h ../include/openssl/buffer.h
|
||||||
cryptlib.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
|
cryptlib.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
|
||||||
cryptlib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
cryptlib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
||||||
cryptlib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
|
cryptlib.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
|
||||||
cryptlib.o: ../include/openssl/safestack.h ../include/openssl/stack.h
|
cryptlib.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
|
||||||
cryptlib.o: cryptlib.h
|
cryptlib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
|
||||||
cversion.o: ../include/openssl/bio.h ../include/openssl/buffer.h
|
cversion.o: ../include/openssl/bio.h ../include/openssl/buffer.h
|
||||||
cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
|
cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
|
||||||
cversion.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
cversion.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
||||||
cversion.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
|
cversion.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
|
||||||
cversion.o: ../include/openssl/safestack.h ../include/openssl/stack.h
|
cversion.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
|
||||||
cversion.o: buildinf.h cryptlib.h
|
cversion.o: ../include/openssl/stack.h ../include/openssl/symhacks.h buildinf.h
|
||||||
|
cversion.o: cryptlib.h
|
||||||
ex_data.o: ../include/openssl/bio.h ../include/openssl/buffer.h
|
ex_data.o: ../include/openssl/bio.h ../include/openssl/buffer.h
|
||||||
ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
|
ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
|
||||||
ex_data.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
ex_data.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
||||||
ex_data.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
|
ex_data.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
|
||||||
ex_data.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
|
ex_data.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
|
||||||
ex_data.o: ../include/openssl/stack.h cryptlib.h
|
ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
|
||||||
mem.o: ../include/openssl/bio.h ../include/openssl/buffer.h
|
mem.o: ../include/openssl/bio.h ../include/openssl/buffer.h
|
||||||
mem.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
|
mem.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
|
||||||
mem.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
mem.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
||||||
mem.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
|
mem.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
|
||||||
mem.o: ../include/openssl/safestack.h ../include/openssl/stack.h cryptlib.h
|
mem.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
|
||||||
|
mem.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
|
||||||
mem_dbg.o: ../include/openssl/bio.h ../include/openssl/buffer.h
|
mem_dbg.o: ../include/openssl/bio.h ../include/openssl/buffer.h
|
||||||
mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
|
mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
|
||||||
mem_dbg.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
mem_dbg.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
||||||
mem_dbg.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
|
mem_dbg.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
|
||||||
mem_dbg.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
|
mem_dbg.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
|
||||||
mem_dbg.o: ../include/openssl/stack.h cryptlib.h
|
mem_dbg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
|
||||||
tmdiff.o: ../include/openssl/bio.h ../include/openssl/buffer.h
|
tmdiff.o: ../include/openssl/bio.h ../include/openssl/buffer.h
|
||||||
tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
|
tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
|
||||||
tmdiff.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
tmdiff.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
||||||
tmdiff.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
|
tmdiff.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
|
||||||
tmdiff.o: ../include/openssl/safestack.h ../include/openssl/stack.h
|
tmdiff.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
|
||||||
|
tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
|
||||||
tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h
|
tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h
|
||||||
|
@ -27,7 +27,7 @@ LIBS=
|
|||||||
|
|
||||||
SDIRS= md2 md5 sha mdc2 hmac ripemd \
|
SDIRS= md2 md5 sha mdc2 hmac ripemd \
|
||||||
des rc2 rc4 rc5 idea bf cast \
|
des rc2 rc4 rc5 idea bf cast \
|
||||||
bn rsa dsa dh \
|
bn rsa dsa dh dso \
|
||||||
buffer bio stack lhash rand err objects \
|
buffer bio stack lhash rand err objects \
|
||||||
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
|
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
|
||||||
|
|
||||||
@ -39,7 +39,7 @@ LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdi
|
|||||||
|
|
||||||
SRC= $(LIBSRC)
|
SRC= $(LIBSRC)
|
||||||
|
|
||||||
EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h
|
EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h
|
||||||
HEADER= cryptlib.h buildinf.h md32_common.h $(EXHEADER)
|
HEADER= cryptlib.h buildinf.h md32_common.h $(EXHEADER)
|
||||||
|
|
||||||
ALL= $(GENERAL) $(SRC) $(HEADER)
|
ALL= $(GENERAL) $(SRC) $(HEADER)
|
||||||
@ -155,41 +155,45 @@ dclean:
|
|||||||
|
|
||||||
# DO NOT DELETE THIS LINE -- make depend depends on it.
|
# DO NOT DELETE THIS LINE -- make depend depends on it.
|
||||||
|
|
||||||
cpt_err.o: ../include/openssl/crypto.h ../include/openssl/err.h
|
cpt_err.o: ../include/openssl/bio.h ../include/openssl/crypto.h
|
||||||
|
cpt_err.o: ../include/openssl/err.h ../include/openssl/lhash.h
|
||||||
cpt_err.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
|
cpt_err.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
|
||||||
cpt_err.o: ../include/openssl/stack.h
|
cpt_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
|
||||||
cryptlib.o: ../include/openssl/bio.h ../include/openssl/buffer.h
|
cryptlib.o: ../include/openssl/bio.h ../include/openssl/buffer.h
|
||||||
cryptlib.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
|
cryptlib.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
|
||||||
cryptlib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
cryptlib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
||||||
cryptlib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
|
cryptlib.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
|
||||||
cryptlib.o: ../include/openssl/safestack.h ../include/openssl/stack.h
|
cryptlib.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
|
||||||
cryptlib.o: cryptlib.h
|
cryptlib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
|
||||||
cversion.o: ../include/openssl/bio.h ../include/openssl/buffer.h
|
cversion.o: ../include/openssl/bio.h ../include/openssl/buffer.h
|
||||||
cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
|
cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
|
||||||
cversion.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
cversion.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
||||||
cversion.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
|
cversion.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
|
||||||
cversion.o: ../include/openssl/safestack.h ../include/openssl/stack.h
|
cversion.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
|
||||||
cversion.o: buildinf.h cryptlib.h
|
cversion.o: ../include/openssl/stack.h ../include/openssl/symhacks.h buildinf.h
|
||||||
|
cversion.o: cryptlib.h
|
||||||
ex_data.o: ../include/openssl/bio.h ../include/openssl/buffer.h
|
ex_data.o: ../include/openssl/bio.h ../include/openssl/buffer.h
|
||||||
ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
|
ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
|
||||||
ex_data.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
ex_data.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
||||||
ex_data.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
|
ex_data.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
|
||||||
ex_data.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
|
ex_data.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
|
||||||
ex_data.o: ../include/openssl/stack.h cryptlib.h
|
ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
|
||||||
mem.o: ../include/openssl/bio.h ../include/openssl/buffer.h
|
mem.o: ../include/openssl/bio.h ../include/openssl/buffer.h
|
||||||
mem.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
|
mem.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
|
||||||
mem.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
mem.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
||||||
mem.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
|
mem.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
|
||||||
mem.o: ../include/openssl/safestack.h ../include/openssl/stack.h cryptlib.h
|
mem.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
|
||||||
|
mem.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
|
||||||
mem_dbg.o: ../include/openssl/bio.h ../include/openssl/buffer.h
|
mem_dbg.o: ../include/openssl/bio.h ../include/openssl/buffer.h
|
||||||
mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
|
mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
|
||||||
mem_dbg.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
mem_dbg.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
||||||
mem_dbg.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
|
mem_dbg.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
|
||||||
mem_dbg.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
|
mem_dbg.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
|
||||||
mem_dbg.o: ../include/openssl/stack.h cryptlib.h
|
mem_dbg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
|
||||||
tmdiff.o: ../include/openssl/bio.h ../include/openssl/buffer.h
|
tmdiff.o: ../include/openssl/bio.h ../include/openssl/buffer.h
|
||||||
tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
|
tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
|
||||||
tmdiff.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
tmdiff.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
||||||
tmdiff.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
|
tmdiff.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
|
||||||
tmdiff.o: ../include/openssl/safestack.h ../include/openssl/stack.h
|
tmdiff.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
|
||||||
|
tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
|
||||||
tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h
|
tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h
|
||||||
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -70,13 +70,27 @@ int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
|
|||||||
{ return M_ASN1_BIT_STRING_set(x, d, len); }
|
{ return M_ASN1_BIT_STRING_set(x, d, len); }
|
||||||
|
|
||||||
int i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
|
int i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
|
||||||
|
{
|
||||||
|
int len, ret;
|
||||||
|
len = i2c_ASN1_BIT_STRING(a, NULL);
|
||||||
|
ret=ASN1_object_size(0,len,V_ASN1_BIT_STRING);
|
||||||
|
if(pp) {
|
||||||
|
ASN1_put_object(pp,0,len,V_ASN1_BIT_STRING,V_ASN1_UNIVERSAL);
|
||||||
|
i2c_ASN1_BIT_STRING(a, pp);
|
||||||
|
}
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
|
||||||
{
|
{
|
||||||
int ret,j,r,bits,len;
|
int ret,j,bits,len;
|
||||||
unsigned char *p,*d;
|
unsigned char *p,*d;
|
||||||
|
|
||||||
if (a == NULL) return(0);
|
if (a == NULL) return(0);
|
||||||
|
|
||||||
len=a->length;
|
len=a->length;
|
||||||
|
ret=1+len;
|
||||||
|
if (pp == NULL) return(ret);
|
||||||
|
|
||||||
if (len > 0)
|
if (len > 0)
|
||||||
{
|
{
|
||||||
@ -104,36 +118,27 @@ int i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
bits=0;
|
bits=0;
|
||||||
ret=1+len;
|
|
||||||
r=ASN1_object_size(0,ret,V_ASN1_BIT_STRING);
|
|
||||||
if (pp == NULL) return(r);
|
|
||||||
p= *pp;
|
p= *pp;
|
||||||
|
|
||||||
ASN1_put_object(&p,0,ret,V_ASN1_BIT_STRING,V_ASN1_UNIVERSAL);
|
|
||||||
*(p++)=(unsigned char)bits;
|
*(p++)=(unsigned char)bits;
|
||||||
d=a->data;
|
d=a->data;
|
||||||
memcpy(p,d,len);
|
memcpy(p,d,len);
|
||||||
p+=len;
|
p+=len;
|
||||||
if (len > 0) p[-1]&=(0xff<<bits);
|
if (len > 0) p[-1]&=(0xff<<bits);
|
||||||
*pp=p;
|
*pp=p;
|
||||||
return(r);
|
return(ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Convert DER encoded ASN1 BIT_STRING to ASN1_BIT_STRING structure */
|
||||||
ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
|
ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
|
||||||
long length)
|
long length)
|
||||||
{
|
{
|
||||||
ASN1_BIT_STRING *ret=NULL;
|
unsigned char *p;
|
||||||
unsigned char *p,*s;
|
|
||||||
long len;
|
long len;
|
||||||
int inf,tag,xclass;
|
|
||||||
int i;
|
int i;
|
||||||
|
int inf,tag,xclass;
|
||||||
if ((a == NULL) || ((*a) == NULL))
|
ASN1_BIT_STRING *ret;
|
||||||
{
|
|
||||||
if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
ret=(*a);
|
|
||||||
|
|
||||||
p= *pp;
|
p= *pp;
|
||||||
inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
|
inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
|
||||||
@ -149,7 +154,30 @@ ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
|
|||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
if (len < 1) { i=ASN1_R_STRING_TOO_SHORT; goto err; }
|
if (len < 1) { i=ASN1_R_STRING_TOO_SHORT; goto err; }
|
||||||
|
ret = c2i_ASN1_BIT_STRING(a, &p, len);
|
||||||
|
if(ret) *pp = p;
|
||||||
|
return ret;
|
||||||
|
err:
|
||||||
|
ASN1err(ASN1_F_D2I_ASN1_BIT_STRING,i);
|
||||||
|
return(NULL);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
|
||||||
|
long len)
|
||||||
|
{
|
||||||
|
ASN1_BIT_STRING *ret=NULL;
|
||||||
|
unsigned char *p,*s;
|
||||||
|
int i;
|
||||||
|
|
||||||
|
if ((a == NULL) || ((*a) == NULL))
|
||||||
|
{
|
||||||
|
if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
ret=(*a);
|
||||||
|
|
||||||
|
p= *pp;
|
||||||
i= *(p++);
|
i= *(p++);
|
||||||
/* We do this to preserve the settings. If we modify
|
/* We do this to preserve the settings. If we modify
|
||||||
* the settings, via the _set_bit function, we will recalculate
|
* the settings, via the _set_bit function, we will recalculate
|
||||||
@ -159,7 +187,7 @@ ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
|
|||||||
|
|
||||||
if (len-- > 1) /* using one because of the bits left byte */
|
if (len-- > 1) /* using one because of the bits left byte */
|
||||||
{
|
{
|
||||||
s=(unsigned char *)Malloc((int)len);
|
s=(unsigned char *)OPENSSL_malloc((int)len);
|
||||||
if (s == NULL)
|
if (s == NULL)
|
||||||
{
|
{
|
||||||
i=ERR_R_MALLOC_FAILURE;
|
i=ERR_R_MALLOC_FAILURE;
|
||||||
@ -173,7 +201,7 @@ ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
|
|||||||
s=NULL;
|
s=NULL;
|
||||||
|
|
||||||
ret->length=(int)len;
|
ret->length=(int)len;
|
||||||
if (ret->data != NULL) Free(ret->data);
|
if (ret->data != NULL) OPENSSL_free(ret->data);
|
||||||
ret->data=s;
|
ret->data=s;
|
||||||
ret->type=V_ASN1_BIT_STRING;
|
ret->type=V_ASN1_BIT_STRING;
|
||||||
if (a != NULL) (*a)=ret;
|
if (a != NULL) (*a)=ret;
|
||||||
@ -204,14 +232,14 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
|
|||||||
{
|
{
|
||||||
if (!value) return(1); /* Don't need to set */
|
if (!value) return(1); /* Don't need to set */
|
||||||
if (a->data == NULL)
|
if (a->data == NULL)
|
||||||
c=(unsigned char *)Malloc(w+1);
|
c=(unsigned char *)OPENSSL_malloc(w+1);
|
||||||
else
|
else
|
||||||
c=(unsigned char *)Realloc(a->data,w+1);
|
c=(unsigned char *)OPENSSL_realloc(a->data,w+1);
|
||||||
if (c == NULL) return(0);
|
if (c == NULL) return(0);
|
||||||
|
if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length);
|
||||||
a->data=c;
|
a->data=c;
|
||||||
a->length=w+1;
|
a->length=w+1;
|
||||||
c[w]=0;
|
}
|
||||||
}
|
|
||||||
a->data[w]=((a->data[w])&iv)|v;
|
a->data[w]=((a->data[w])&iv)|v;
|
||||||
while ((a->length > 0) && (a->data[a->length-1] == 0))
|
while ((a->length > 0) && (a->data[a->length-1] == 0))
|
||||||
a->length--;
|
a->length--;
|
||||||
|
@ -111,7 +111,7 @@ ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, unsigned char **pp,
|
|||||||
|
|
||||||
if (len != 0)
|
if (len != 0)
|
||||||
{
|
{
|
||||||
s=(unsigned char *)Malloc((int)len+1);
|
s=(unsigned char *)OPENSSL_malloc((int)len+1);
|
||||||
if (s == NULL)
|
if (s == NULL)
|
||||||
{
|
{
|
||||||
i=ERR_R_MALLOC_FAILURE;
|
i=ERR_R_MALLOC_FAILURE;
|
||||||
@ -124,7 +124,7 @@ ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, unsigned char **pp,
|
|||||||
else
|
else
|
||||||
s=NULL;
|
s=NULL;
|
||||||
|
|
||||||
if (ret->data != NULL) Free(ret->data);
|
if (ret->data != NULL) OPENSSL_free(ret->data);
|
||||||
ret->length=(int)len;
|
ret->length=(int)len;
|
||||||
ret->data=s;
|
ret->data=s;
|
||||||
ret->type=tag;
|
ret->type=tag;
|
||||||
@ -218,8 +218,8 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, long length,
|
|||||||
{
|
{
|
||||||
if ((ret->length < len) || (ret->data == NULL))
|
if ((ret->length < len) || (ret->data == NULL))
|
||||||
{
|
{
|
||||||
if (ret->data != NULL) Free(ret->data);
|
if (ret->data != NULL) OPENSSL_free(ret->data);
|
||||||
s=(unsigned char *)Malloc((int)len + 1);
|
s=(unsigned char *)OPENSSL_malloc((int)len + 1);
|
||||||
if (s == NULL)
|
if (s == NULL)
|
||||||
{
|
{
|
||||||
i=ERR_R_MALLOC_FAILURE;
|
i=ERR_R_MALLOC_FAILURE;
|
||||||
@ -235,7 +235,7 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, long length,
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
s=NULL;
|
s=NULL;
|
||||||
if (ret->data != NULL) Free(ret->data);
|
if (ret->data != NULL) OPENSSL_free(ret->data);
|
||||||
}
|
}
|
||||||
|
|
||||||
ret->length=(int)len;
|
ret->length=(int)len;
|
||||||
@ -310,14 +310,14 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c)
|
|||||||
if (!asn1_Finish(c)) goto err;
|
if (!asn1_Finish(c)) goto err;
|
||||||
|
|
||||||
a->length=num;
|
a->length=num;
|
||||||
if (a->data != NULL) Free(a->data);
|
if (a->data != NULL) OPENSSL_free(a->data);
|
||||||
a->data=(unsigned char *)b.data;
|
a->data=(unsigned char *)b.data;
|
||||||
if (os != NULL) ASN1_STRING_free(os);
|
if (os != NULL) ASN1_STRING_free(os);
|
||||||
return(1);
|
return(1);
|
||||||
err:
|
err:
|
||||||
ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE,c->error);
|
ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE,c->error);
|
||||||
if (os != NULL) ASN1_STRING_free(os);
|
if (os != NULL) ASN1_STRING_free(os);
|
||||||
if (b.data != NULL) Free(b.data);
|
if (b.data != NULL) OPENSSL_free(b.data);
|
||||||
return(0);
|
return(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -77,14 +77,14 @@ int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data,
|
|||||||
unsigned char *str,*p;
|
unsigned char *str,*p;
|
||||||
|
|
||||||
i=i2d(data,NULL);
|
i=i2d(data,NULL);
|
||||||
if ((str=(unsigned char *)Malloc(i)) == NULL) return(0);
|
if ((str=(unsigned char *)OPENSSL_malloc(i)) == NULL) return(0);
|
||||||
p=str;
|
p=str;
|
||||||
i2d(data,&p);
|
i2d(data,&p);
|
||||||
|
|
||||||
EVP_DigestInit(&ctx,type);
|
EVP_DigestInit(&ctx,type);
|
||||||
EVP_DigestUpdate(&ctx,str,i);
|
EVP_DigestUpdate(&ctx,str,i);
|
||||||
EVP_DigestFinal(&ctx,md,len);
|
EVP_DigestFinal(&ctx,md,len);
|
||||||
Free(str);
|
OPENSSL_free(str);
|
||||||
return(1);
|
return(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -71,13 +71,13 @@ char *ASN1_dup(int (*i2d)(), char *(*d2i)(), char *x)
|
|||||||
if (x == NULL) return(NULL);
|
if (x == NULL) return(NULL);
|
||||||
|
|
||||||
i=(long)i2d(x,NULL);
|
i=(long)i2d(x,NULL);
|
||||||
b=(unsigned char *)Malloc((unsigned int)i+10);
|
b=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
|
||||||
if (b == NULL)
|
if (b == NULL)
|
||||||
{ ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
|
{ ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
|
||||||
p= b;
|
p= b;
|
||||||
i=i2d(x,&p);
|
i=i2d(x,&p);
|
||||||
p= b;
|
p= b;
|
||||||
ret=d2i(NULL,&p,i);
|
ret=d2i(NULL,&p,i);
|
||||||
Free(b);
|
OPENSSL_free(b);
|
||||||
return(ret);
|
return(ret);
|
||||||
}
|
}
|
||||||
|
@ -71,88 +71,28 @@ ASN1_ENUMERATED *ASN1_ENUMERATED_new(void)
|
|||||||
void ASN1_ENUMERATED_free(ASN1_ENUMERATED *x)
|
void ASN1_ENUMERATED_free(ASN1_ENUMERATED *x)
|
||||||
{ M_ASN1_ENUMERATED_free(x); }
|
{ M_ASN1_ENUMERATED_free(x); }
|
||||||
|
|
||||||
|
|
||||||
int i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a, unsigned char **pp)
|
int i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a, unsigned char **pp)
|
||||||
{
|
{
|
||||||
int pad=0,ret,r,i,t;
|
int len, ret;
|
||||||
unsigned char *p,*n,pb=0;
|
if(!a) return 0;
|
||||||
|
len = i2c_ASN1_INTEGER(a, NULL);
|
||||||
if ((a == NULL) || (a->data == NULL)) return(0);
|
ret=ASN1_object_size(0,len,V_ASN1_ENUMERATED);
|
||||||
t=a->type;
|
if(pp) {
|
||||||
if (a->length == 0)
|
ASN1_put_object(pp,0,len,V_ASN1_ENUMERATED,V_ASN1_UNIVERSAL);
|
||||||
ret=1;
|
i2c_ASN1_INTEGER(a, pp);
|
||||||
else
|
|
||||||
{
|
|
||||||
ret=a->length;
|
|
||||||
i=a->data[0];
|
|
||||||
if ((t == V_ASN1_ENUMERATED) && (i > 127)) {
|
|
||||||
pad=1;
|
|
||||||
pb=0;
|
|
||||||
} else if(t == V_ASN1_NEG_ENUMERATED) {
|
|
||||||
if(i>128) {
|
|
||||||
pad=1;
|
|
||||||
pb=0xFF;
|
|
||||||
} else if(i == 128) {
|
|
||||||
for(i = 1; i < a->length; i++) if(a->data[i]) {
|
|
||||||
pad=1;
|
|
||||||
pb=0xFF;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
ret+=pad;
|
|
||||||
}
|
|
||||||
r=ASN1_object_size(0,ret,V_ASN1_ENUMERATED);
|
|
||||||
if (pp == NULL) return(r);
|
|
||||||
p= *pp;
|
|
||||||
|
|
||||||
ASN1_put_object(&p,0,ret,V_ASN1_ENUMERATED,V_ASN1_UNIVERSAL);
|
|
||||||
if (pad) *(p++)=pb;
|
|
||||||
if (a->length == 0)
|
|
||||||
*(p++)=0;
|
|
||||||
else if (t == V_ASN1_ENUMERATED)
|
|
||||||
{
|
|
||||||
memcpy(p,a->data,(unsigned int)a->length);
|
|
||||||
p+=a->length;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
/* Begin at the end of the encoding */
|
|
||||||
n=a->data + a->length - 1;
|
|
||||||
p += a->length - 1;
|
|
||||||
i = a->length;
|
|
||||||
/* Copy zeros to destination as long as source is zero */
|
|
||||||
while(!*n) {
|
|
||||||
*(p--) = 0;
|
|
||||||
n--;
|
|
||||||
i--;
|
|
||||||
}
|
|
||||||
/* Complement and increment next octet */
|
|
||||||
*(p--) = ((*(n--)) ^ 0xff) + 1;
|
|
||||||
i--;
|
|
||||||
/* Complement any octets left */
|
|
||||||
for(;i > 0; i--) *(p--) = *(n--) ^ 0xff;
|
|
||||||
p += a->length;
|
|
||||||
}
|
|
||||||
|
|
||||||
*pp=p;
|
|
||||||
return(r);
|
|
||||||
}
|
}
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a, unsigned char **pp,
|
ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a, unsigned char **pp,
|
||||||
long length)
|
long length)
|
||||||
{
|
{
|
||||||
ASN1_ENUMERATED *ret=NULL;
|
unsigned char *p;
|
||||||
unsigned char *p,*to,*s;
|
|
||||||
long len;
|
long len;
|
||||||
int inf,tag,xclass;
|
|
||||||
int i;
|
int i;
|
||||||
|
int inf,tag,xclass;
|
||||||
if ((a == NULL) || ((*a) == NULL))
|
ASN1_ENUMERATED *ret;
|
||||||
{
|
|
||||||
if ((ret=M_ASN1_ENUMERATED_new()) == NULL) return(NULL);
|
|
||||||
ret->type=V_ASN1_ENUMERATED;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
ret=(*a);
|
|
||||||
|
|
||||||
p= *pp;
|
p= *pp;
|
||||||
inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
|
inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
|
||||||
@ -167,70 +107,17 @@ ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a, unsigned char **pp,
|
|||||||
i=ASN1_R_EXPECTING_AN_ENUMERATED;
|
i=ASN1_R_EXPECTING_AN_ENUMERATED;
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
ret = c2i_ASN1_INTEGER(a, &p, len);
|
||||||
/* We must Malloc stuff, even for 0 bytes otherwise it
|
if(ret) {
|
||||||
* signifies a missing NULL parameter. */
|
ret->type = (V_ASN1_NEG & ret->type) | V_ASN1_ENUMERATED;
|
||||||
s=(unsigned char *)Malloc((int)len+1);
|
*pp = p;
|
||||||
if (s == NULL)
|
|
||||||
{
|
|
||||||
i=ERR_R_MALLOC_FAILURE;
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
to=s;
|
|
||||||
if(!len) {
|
|
||||||
/* Strictly speaking this is an illegal ENUMERATED but we
|
|
||||||
* tolerate it.
|
|
||||||
*/
|
|
||||||
ret->type=V_ASN1_ENUMERATED;
|
|
||||||
} else if (*p & 0x80) /* a negative number */
|
|
||||||
{
|
|
||||||
ret->type=V_ASN1_NEG_ENUMERATED;
|
|
||||||
if ((*p == 0xff) && (len != 1)) {
|
|
||||||
p++;
|
|
||||||
len--;
|
|
||||||
}
|
|
||||||
i = len;
|
|
||||||
p += i - 1;
|
|
||||||
to += i - 1;
|
|
||||||
while((!*p) && i) {
|
|
||||||
*(to--) = 0;
|
|
||||||
i--;
|
|
||||||
p--;
|
|
||||||
}
|
|
||||||
if(!i) {
|
|
||||||
*s = 1;
|
|
||||||
s[len] = 0;
|
|
||||||
p += len;
|
|
||||||
len++;
|
|
||||||
} else {
|
|
||||||
*(to--) = (*(p--) ^ 0xff) + 1;
|
|
||||||
i--;
|
|
||||||
for(;i > 0; i--) *(to--) = *(p--) ^ 0xff;
|
|
||||||
p += len;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
ret->type=V_ASN1_ENUMERATED;
|
|
||||||
if ((*p == 0) && (len != 1))
|
|
||||||
{
|
|
||||||
p++;
|
|
||||||
len--;
|
|
||||||
}
|
|
||||||
memcpy(s,p,(int)len);
|
|
||||||
p+=len;
|
|
||||||
}
|
}
|
||||||
|
return ret;
|
||||||
if (ret->data != NULL) Free(ret->data);
|
|
||||||
ret->data=s;
|
|
||||||
ret->length=(int)len;
|
|
||||||
if (a != NULL) (*a)=ret;
|
|
||||||
*pp=p;
|
|
||||||
return(ret);
|
|
||||||
err:
|
err:
|
||||||
ASN1err(ASN1_F_D2I_ASN1_ENUMERATED,i);
|
ASN1err(ASN1_F_D2I_ASN1_ENUMERATED,i);
|
||||||
if ((ret != NULL) && ((a == NULL) || (*a != ret)))
|
|
||||||
M_ASN1_ENUMERATED_free(ret);
|
|
||||||
return(NULL);
|
return(NULL);
|
||||||
}
|
|
||||||
|
}
|
||||||
|
|
||||||
int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
|
int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
|
||||||
{
|
{
|
||||||
@ -242,8 +129,8 @@ int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
|
|||||||
if (a->length < (sizeof(long)+1))
|
if (a->length < (sizeof(long)+1))
|
||||||
{
|
{
|
||||||
if (a->data != NULL)
|
if (a->data != NULL)
|
||||||
Free(a->data);
|
OPENSSL_free(a->data);
|
||||||
if ((a->data=(unsigned char *)Malloc(sizeof(long)+1)) != NULL)
|
if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL)
|
||||||
memset((char *)a->data,0,sizeof(long)+1);
|
memset((char *)a->data,0,sizeof(long)+1);
|
||||||
}
|
}
|
||||||
if (a->data == NULL)
|
if (a->data == NULL)
|
||||||
@ -318,7 +205,7 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
|
|||||||
else ret->type=V_ASN1_ENUMERATED;
|
else ret->type=V_ASN1_ENUMERATED;
|
||||||
j=BN_num_bits(bn);
|
j=BN_num_bits(bn);
|
||||||
len=((j == 0)?0:((j/8)+1));
|
len=((j == 0)?0:((j/8)+1));
|
||||||
ret->data=(unsigned char *)Malloc(len+4);
|
ret->data=(unsigned char *)OPENSSL_malloc(len+4);
|
||||||
ret->length=BN_bn2bin(bn,ret->data);
|
ret->length=BN_bn2bin(bn,ret->data);
|
||||||
return(ret);
|
return(ret);
|
||||||
err:
|
err:
|
||||||
@ -332,6 +219,6 @@ BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn)
|
|||||||
|
|
||||||
if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
|
if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
|
||||||
ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN,ASN1_R_BN_LIB);
|
ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN,ASN1_R_BN_LIB);
|
||||||
if(ai->type == V_ASN1_NEG_ENUMERATED) bn->neg = 1;
|
else if(ai->type == V_ASN1_NEG_ENUMERATED) ret->neg = 1;
|
||||||
return(ret);
|
return(ret);
|
||||||
}
|
}
|
||||||
|
@ -212,10 +212,10 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
|
|||||||
p=(char *)s->data;
|
p=(char *)s->data;
|
||||||
if ((p == NULL) || (s->length < 16))
|
if ((p == NULL) || (s->length < 16))
|
||||||
{
|
{
|
||||||
p=Malloc(20);
|
p=OPENSSL_malloc(20);
|
||||||
if (p == NULL) return(NULL);
|
if (p == NULL) return(NULL);
|
||||||
if (s->data != NULL)
|
if (s->data != NULL)
|
||||||
Free(s->data);
|
OPENSSL_free(s->data);
|
||||||
s->data=(unsigned char *)p;
|
s->data=(unsigned char *)p;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -115,5 +115,5 @@ void ASN1_HEADER_free(ASN1_HEADER *a)
|
|||||||
M_ASN1_OCTET_STRING_free(a->header);
|
M_ASN1_OCTET_STRING_free(a->header);
|
||||||
if (a->meth != NULL)
|
if (a->meth != NULL)
|
||||||
a->meth->destroy(a->data);
|
a->meth->destroy(a->data);
|
||||||
Free(a);
|
OPENSSL_free(a);
|
||||||
}
|
}
|
||||||
|
@ -86,7 +86,7 @@ int ASN1_i2d_bio(int (*i2d)(), BIO *out, unsigned char *x)
|
|||||||
int i,j=0,n,ret=1;
|
int i,j=0,n,ret=1;
|
||||||
|
|
||||||
n=i2d(x,NULL);
|
n=i2d(x,NULL);
|
||||||
b=(char *)Malloc(n);
|
b=(char *)OPENSSL_malloc(n);
|
||||||
if (b == NULL)
|
if (b == NULL)
|
||||||
{
|
{
|
||||||
ASN1err(ASN1_F_ASN1_I2D_BIO,ERR_R_MALLOC_FAILURE);
|
ASN1err(ASN1_F_ASN1_I2D_BIO,ERR_R_MALLOC_FAILURE);
|
||||||
@ -108,6 +108,6 @@ int ASN1_i2d_bio(int (*i2d)(), BIO *out, unsigned char *x)
|
|||||||
j+=i;
|
j+=i;
|
||||||
n-=i;
|
n-=i;
|
||||||
}
|
}
|
||||||
Free(b);
|
OPENSSL_free(b);
|
||||||
return(ret);
|
return(ret);
|
||||||
}
|
}
|
||||||
|
@ -72,8 +72,23 @@ ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x)
|
|||||||
int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y)
|
int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y)
|
||||||
{ return M_ASN1_INTEGER_cmp(x,y);}
|
{ return M_ASN1_INTEGER_cmp(x,y);}
|
||||||
|
|
||||||
|
/* Output ASN1 INTEGER including tag+length */
|
||||||
|
|
||||||
|
int i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
|
||||||
|
{
|
||||||
|
int len, ret;
|
||||||
|
if(!a) return 0;
|
||||||
|
len = i2c_ASN1_INTEGER(a, NULL);
|
||||||
|
ret=ASN1_object_size(0,len,V_ASN1_INTEGER);
|
||||||
|
if(pp) {
|
||||||
|
ASN1_put_object(pp,0,len,V_ASN1_INTEGER,V_ASN1_UNIVERSAL);
|
||||||
|
i2c_ASN1_INTEGER(a, pp);
|
||||||
|
}
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* This converts an ASN1 INTEGER into its DER encoding.
|
* This converts an ASN1 INTEGER into its content encoding.
|
||||||
* The internal representation is an ASN1_STRING whose data is a big endian
|
* The internal representation is an ASN1_STRING whose data is a big endian
|
||||||
* representation of the value, ignoring the sign. The sign is determined by
|
* representation of the value, ignoring the sign. The sign is determined by
|
||||||
* the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative.
|
* the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative.
|
||||||
@ -97,23 +112,23 @@ int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y)
|
|||||||
* followed by optional zeros isn't padded.
|
* followed by optional zeros isn't padded.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
int i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
|
int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
|
||||||
{
|
{
|
||||||
int pad=0,ret,r,i,t;
|
int pad=0,ret,i,neg;
|
||||||
unsigned char *p,*n,pb=0;
|
unsigned char *p,*n,pb=0;
|
||||||
|
|
||||||
if ((a == NULL) || (a->data == NULL)) return(0);
|
if ((a == NULL) || (a->data == NULL)) return(0);
|
||||||
t=a->type;
|
neg=a->type & V_ASN1_NEG;
|
||||||
if (a->length == 0)
|
if (a->length == 0)
|
||||||
ret=1;
|
ret=1;
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
ret=a->length;
|
ret=a->length;
|
||||||
i=a->data[0];
|
i=a->data[0];
|
||||||
if ((t == V_ASN1_INTEGER) && (i > 127)) {
|
if (!neg && (i > 127)) {
|
||||||
pad=1;
|
pad=1;
|
||||||
pb=0;
|
pb=0;
|
||||||
} else if(t == V_ASN1_NEG_INTEGER) {
|
} else if(neg) {
|
||||||
if(i>128) {
|
if(i>128) {
|
||||||
pad=1;
|
pad=1;
|
||||||
pb=0xFF;
|
pb=0xFF;
|
||||||
@ -131,14 +146,12 @@ int i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
|
|||||||
}
|
}
|
||||||
ret+=pad;
|
ret+=pad;
|
||||||
}
|
}
|
||||||
r=ASN1_object_size(0,ret,V_ASN1_INTEGER);
|
if (pp == NULL) return(ret);
|
||||||
if (pp == NULL) return(r);
|
|
||||||
p= *pp;
|
p= *pp;
|
||||||
|
|
||||||
ASN1_put_object(&p,0,ret,V_ASN1_INTEGER,V_ASN1_UNIVERSAL);
|
|
||||||
if (pad) *(p++)=pb;
|
if (pad) *(p++)=pb;
|
||||||
if (a->length == 0) *(p++)=0;
|
if (a->length == 0) *(p++)=0;
|
||||||
else if (t == V_ASN1_INTEGER) memcpy(p,a->data,(unsigned int)a->length);
|
else if (!neg) memcpy(p,a->data,(unsigned int)a->length);
|
||||||
else {
|
else {
|
||||||
/* Begin at the end of the encoding */
|
/* Begin at the end of the encoding */
|
||||||
n=a->data + a->length - 1;
|
n=a->data + a->length - 1;
|
||||||
@ -157,30 +170,22 @@ int i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
|
|||||||
for(;i > 0; i--) *(p--) = *(n--) ^ 0xff;
|
for(;i > 0; i--) *(p--) = *(n--) ^ 0xff;
|
||||||
}
|
}
|
||||||
|
|
||||||
*pp+=r;
|
*pp+=ret;
|
||||||
return(r);
|
return(ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Convert DER encoded ASN1 INTEGER to ASN1_INTEGER structure */
|
||||||
ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
|
ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
|
||||||
long length)
|
long length)
|
||||||
{
|
{
|
||||||
ASN1_INTEGER *ret=NULL;
|
unsigned char *p;
|
||||||
unsigned char *p,*to,*s, *pend;
|
|
||||||
long len;
|
long len;
|
||||||
int inf,tag,xclass;
|
|
||||||
int i;
|
int i;
|
||||||
|
int inf,tag,xclass;
|
||||||
if ((a == NULL) || ((*a) == NULL))
|
ASN1_INTEGER *ret;
|
||||||
{
|
|
||||||
if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL);
|
|
||||||
ret->type=V_ASN1_INTEGER;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
ret=(*a);
|
|
||||||
|
|
||||||
p= *pp;
|
p= *pp;
|
||||||
inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
|
inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
|
||||||
pend = p + len;
|
|
||||||
if (inf & 0x80)
|
if (inf & 0x80)
|
||||||
{
|
{
|
||||||
i=ASN1_R_BAD_OBJECT_HEADER;
|
i=ASN1_R_BAD_OBJECT_HEADER;
|
||||||
@ -192,10 +197,39 @@ ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
|
|||||||
i=ASN1_R_EXPECTING_AN_INTEGER;
|
i=ASN1_R_EXPECTING_AN_INTEGER;
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
ret = c2i_ASN1_INTEGER(a, &p, len);
|
||||||
|
if(ret) *pp = p;
|
||||||
|
return ret;
|
||||||
|
err:
|
||||||
|
ASN1err(ASN1_F_D2I_ASN1_INTEGER,i);
|
||||||
|
return(NULL);
|
||||||
|
|
||||||
/* We must Malloc stuff, even for 0 bytes otherwise it
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */
|
||||||
|
|
||||||
|
ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
|
||||||
|
long len)
|
||||||
|
{
|
||||||
|
ASN1_INTEGER *ret=NULL;
|
||||||
|
unsigned char *p,*to,*s, *pend;
|
||||||
|
int i;
|
||||||
|
|
||||||
|
if ((a == NULL) || ((*a) == NULL))
|
||||||
|
{
|
||||||
|
if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL);
|
||||||
|
ret->type=V_ASN1_INTEGER;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
ret=(*a);
|
||||||
|
|
||||||
|
p= *pp;
|
||||||
|
pend = p + len;
|
||||||
|
|
||||||
|
/* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it
|
||||||
* signifies a missing NULL parameter. */
|
* signifies a missing NULL parameter. */
|
||||||
s=(unsigned char *)Malloc((int)len+1);
|
s=(unsigned char *)OPENSSL_malloc((int)len+1);
|
||||||
if (s == NULL)
|
if (s == NULL)
|
||||||
{
|
{
|
||||||
i=ERR_R_MALLOC_FAILURE;
|
i=ERR_R_MALLOC_FAILURE;
|
||||||
@ -248,7 +282,7 @@ ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
|
|||||||
memcpy(s,p,(int)len);
|
memcpy(s,p,(int)len);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ret->data != NULL) Free(ret->data);
|
if (ret->data != NULL) OPENSSL_free(ret->data);
|
||||||
ret->data=s;
|
ret->data=s;
|
||||||
ret->length=(int)len;
|
ret->length=(int)len;
|
||||||
if (a != NULL) (*a)=ret;
|
if (a != NULL) (*a)=ret;
|
||||||
@ -261,6 +295,7 @@ ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
|
|||||||
return(NULL);
|
return(NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of
|
/* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of
|
||||||
* ASN1 integers: some broken software can encode a positive INTEGER
|
* ASN1 integers: some broken software can encode a positive INTEGER
|
||||||
* with its MSB set as negative (it doesn't add a padding zero).
|
* with its MSB set as negative (it doesn't add a padding zero).
|
||||||
@ -297,9 +332,9 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, unsigned char **pp,
|
|||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* We must Malloc stuff, even for 0 bytes otherwise it
|
/* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it
|
||||||
* signifies a missing NULL parameter. */
|
* signifies a missing NULL parameter. */
|
||||||
s=(unsigned char *)Malloc((int)len+1);
|
s=(unsigned char *)OPENSSL_malloc((int)len+1);
|
||||||
if (s == NULL)
|
if (s == NULL)
|
||||||
{
|
{
|
||||||
i=ERR_R_MALLOC_FAILURE;
|
i=ERR_R_MALLOC_FAILURE;
|
||||||
@ -317,7 +352,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, unsigned char **pp,
|
|||||||
p+=len;
|
p+=len;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ret->data != NULL) Free(ret->data);
|
if (ret->data != NULL) OPENSSL_free(ret->data);
|
||||||
ret->data=s;
|
ret->data=s;
|
||||||
ret->length=(int)len;
|
ret->length=(int)len;
|
||||||
if (a != NULL) (*a)=ret;
|
if (a != NULL) (*a)=ret;
|
||||||
@ -340,8 +375,8 @@ int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
|
|||||||
if (a->length < (sizeof(long)+1))
|
if (a->length < (sizeof(long)+1))
|
||||||
{
|
{
|
||||||
if (a->data != NULL)
|
if (a->data != NULL)
|
||||||
Free(a->data);
|
OPENSSL_free(a->data);
|
||||||
if ((a->data=(unsigned char *)Malloc(sizeof(long)+1)) != NULL)
|
if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL)
|
||||||
memset((char *)a->data,0,sizeof(long)+1);
|
memset((char *)a->data,0,sizeof(long)+1);
|
||||||
}
|
}
|
||||||
if (a->data == NULL)
|
if (a->data == NULL)
|
||||||
@ -416,7 +451,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
|
|||||||
else ret->type=V_ASN1_INTEGER;
|
else ret->type=V_ASN1_INTEGER;
|
||||||
j=BN_num_bits(bn);
|
j=BN_num_bits(bn);
|
||||||
len=((j == 0)?0:((j/8)+1));
|
len=((j == 0)?0:((j/8)+1));
|
||||||
ret->data=(unsigned char *)Malloc(len+4);
|
ret->data=(unsigned char *)OPENSSL_malloc(len+4);
|
||||||
ret->length=BN_bn2bin(bn,ret->data);
|
ret->length=BN_bn2bin(bn,ret->data);
|
||||||
return(ret);
|
return(ret);
|
||||||
err:
|
err:
|
||||||
@ -430,6 +465,9 @@ BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn)
|
|||||||
|
|
||||||
if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
|
if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
|
||||||
ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB);
|
ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB);
|
||||||
if(ai->type == V_ASN1_NEG_INTEGER) bn->neg = 1;
|
else if(ai->type == V_ASN1_NEG_INTEGER) ret->neg = 1;
|
||||||
return(ret);
|
return(ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
IMPLEMENT_STACK_OF(ASN1_INTEGER)
|
||||||
|
IMPLEMENT_ASN1_SET_OF(ASN1_INTEGER)
|
||||||
|
@ -92,6 +92,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
|
|||||||
{
|
{
|
||||||
int str_type;
|
int str_type;
|
||||||
int ret;
|
int ret;
|
||||||
|
char free_out;
|
||||||
int outform, outlen;
|
int outform, outlen;
|
||||||
ASN1_STRING *dest;
|
ASN1_STRING *dest;
|
||||||
unsigned char *p;
|
unsigned char *p;
|
||||||
@ -180,14 +181,16 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
|
|||||||
}
|
}
|
||||||
if(!out) return str_type;
|
if(!out) return str_type;
|
||||||
if(*out) {
|
if(*out) {
|
||||||
|
free_out = 0;
|
||||||
dest = *out;
|
dest = *out;
|
||||||
if(dest->data) {
|
if(dest->data) {
|
||||||
dest->length = 0;
|
dest->length = 0;
|
||||||
Free(dest->data);
|
OPENSSL_free(dest->data);
|
||||||
dest->data = NULL;
|
dest->data = NULL;
|
||||||
}
|
}
|
||||||
dest->type = str_type;
|
dest->type = str_type;
|
||||||
} else {
|
} else {
|
||||||
|
free_out = 1;
|
||||||
dest = ASN1_STRING_type_new(str_type);
|
dest = ASN1_STRING_type_new(str_type);
|
||||||
if(!dest) {
|
if(!dest) {
|
||||||
ASN1err(ASN1_F_ASN1_MBSTRING_COPY,
|
ASN1err(ASN1_F_ASN1_MBSTRING_COPY,
|
||||||
@ -228,8 +231,8 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
|
|||||||
cpyfunc = cpy_utf8;
|
cpyfunc = cpy_utf8;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if(!(p = Malloc(outlen + 1))) {
|
if(!(p = OPENSSL_malloc(outlen + 1))) {
|
||||||
ASN1_STRING_free(dest);
|
if(free_out) ASN1_STRING_free(dest);
|
||||||
ASN1err(ASN1_F_ASN1_MBSTRING_COPY,ERR_R_MALLOC_FAILURE);
|
ASN1err(ASN1_F_ASN1_MBSTRING_COPY,ERR_R_MALLOC_FAILURE);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@ -258,8 +261,8 @@ static int traverse_string(const unsigned char *p, int len, int inform,
|
|||||||
value |= *p++;
|
value |= *p++;
|
||||||
len -= 2;
|
len -= 2;
|
||||||
} else if(inform == MBSTRING_UNIV) {
|
} else if(inform == MBSTRING_UNIV) {
|
||||||
value = *p++ << 24;
|
value = ((unsigned long)*p++) << 24;
|
||||||
value |= *p++ << 16;
|
value |= ((unsigned long)*p++) << 16;
|
||||||
value |= *p++ << 8;
|
value |= *p++ << 8;
|
||||||
value |= *p++;
|
value |= *p++;
|
||||||
len -= 4;
|
len -= 4;
|
||||||
@ -382,9 +385,16 @@ static int is_printable(unsigned long value)
|
|||||||
/* Note: we can't use 'isalnum' because certain accented
|
/* Note: we can't use 'isalnum' because certain accented
|
||||||
* characters may count as alphanumeric in some environments.
|
* characters may count as alphanumeric in some environments.
|
||||||
*/
|
*/
|
||||||
|
#ifndef CHARSET_EBCDIC
|
||||||
if((ch >= 'a') && (ch <= 'z')) return 1;
|
if((ch >= 'a') && (ch <= 'z')) return 1;
|
||||||
if((ch >= 'A') && (ch <= 'Z')) return 1;
|
if((ch >= 'A') && (ch <= 'Z')) return 1;
|
||||||
if((ch >= '0') && (ch <= '9')) return 1;
|
if((ch >= '0') && (ch <= '9')) return 1;
|
||||||
if ((ch == ' ') || strchr("'()+,-./:=?", ch)) return 1;
|
if ((ch == ' ') || strchr("'()+,-./:=?", ch)) return 1;
|
||||||
|
#else /*CHARSET_EBCDIC*/
|
||||||
|
if((ch >= os_toascii['a']) && (ch <= os_toascii['z'])) return 1;
|
||||||
|
if((ch >= os_toascii['A']) && (ch <= os_toascii['Z'])) return 1;
|
||||||
|
if((ch >= os_toascii['0']) && (ch <= os_toascii['9'])) return 1;
|
||||||
|
if ((ch == os_toascii[' ']) || strchr("'()+,-./:=?", os_toebcdic[ch])) return 1;
|
||||||
|
#endif /*CHARSET_EBCDIC*/
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
@ -65,11 +65,12 @@
|
|||||||
int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
|
int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
|
||||||
{
|
{
|
||||||
unsigned char *p;
|
unsigned char *p;
|
||||||
|
int objsize;
|
||||||
|
|
||||||
if ((a == NULL) || (a->data == NULL)) return(0);
|
if ((a == NULL) || (a->data == NULL)) return(0);
|
||||||
|
|
||||||
if (pp == NULL)
|
objsize = ASN1_object_size(0,a->length,V_ASN1_OBJECT);
|
||||||
return(ASN1_object_size(0,a->length,V_ASN1_OBJECT));
|
if (pp == NULL) return objsize;
|
||||||
|
|
||||||
p= *pp;
|
p= *pp;
|
||||||
ASN1_put_object(&p,0,a->length,V_ASN1_OBJECT,V_ASN1_UNIVERSAL);
|
ASN1_put_object(&p,0,a->length,V_ASN1_OBJECT,V_ASN1_UNIVERSAL);
|
||||||
@ -77,7 +78,7 @@ int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
|
|||||||
p+=a->length;
|
p+=a->length;
|
||||||
|
|
||||||
*pp=p;
|
*pp=p;
|
||||||
return(a->length);
|
return(objsize);
|
||||||
}
|
}
|
||||||
|
|
||||||
int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
|
int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
|
||||||
@ -190,24 +191,13 @@ int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
|
|||||||
|
|
||||||
ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
|
ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
|
||||||
long length)
|
long length)
|
||||||
{
|
{
|
||||||
ASN1_OBJECT *ret=NULL;
|
|
||||||
unsigned char *p;
|
unsigned char *p;
|
||||||
long len;
|
long len;
|
||||||
int tag,xclass;
|
int tag,xclass;
|
||||||
int inf,i;
|
int inf,i;
|
||||||
|
ASN1_OBJECT *ret = NULL;
|
||||||
/* only the ASN1_OBJECTs from the 'table' will have values
|
|
||||||
* for ->sn or ->ln */
|
|
||||||
if ((a == NULL) || ((*a) == NULL) ||
|
|
||||||
!((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC))
|
|
||||||
{
|
|
||||||
if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL);
|
|
||||||
}
|
|
||||||
else ret=(*a);
|
|
||||||
|
|
||||||
p= *pp;
|
p= *pp;
|
||||||
|
|
||||||
inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
|
inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
|
||||||
if (inf & 0x80)
|
if (inf & 0x80)
|
||||||
{
|
{
|
||||||
@ -220,10 +210,36 @@ ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
|
|||||||
i=ASN1_R_EXPECTING_AN_OBJECT;
|
i=ASN1_R_EXPECTING_AN_OBJECT;
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
ret = c2i_ASN1_OBJECT(a, &p, len);
|
||||||
|
if(ret) *pp = p;
|
||||||
|
return ret;
|
||||||
|
err:
|
||||||
|
ASN1err(ASN1_F_D2I_ASN1_OBJECT,i);
|
||||||
|
if ((ret != NULL) && ((a == NULL) || (*a != ret)))
|
||||||
|
ASN1_OBJECT_free(ret);
|
||||||
|
return(NULL);
|
||||||
|
}
|
||||||
|
ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
|
||||||
|
long len)
|
||||||
|
{
|
||||||
|
ASN1_OBJECT *ret=NULL;
|
||||||
|
unsigned char *p;
|
||||||
|
int i;
|
||||||
|
|
||||||
|
/* only the ASN1_OBJECTs from the 'table' will have values
|
||||||
|
* for ->sn or ->ln */
|
||||||
|
if ((a == NULL) || ((*a) == NULL) ||
|
||||||
|
!((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC))
|
||||||
|
{
|
||||||
|
if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL);
|
||||||
|
}
|
||||||
|
else ret=(*a);
|
||||||
|
|
||||||
|
p= *pp;
|
||||||
if ((ret->data == NULL) || (ret->length < len))
|
if ((ret->data == NULL) || (ret->length < len))
|
||||||
{
|
{
|
||||||
if (ret->data != NULL) Free(ret->data);
|
if (ret->data != NULL) OPENSSL_free(ret->data);
|
||||||
ret->data=(unsigned char *)Malloc(len ? (int)len : 1);
|
ret->data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1);
|
||||||
ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA;
|
ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA;
|
||||||
if (ret->data == NULL)
|
if (ret->data == NULL)
|
||||||
{ i=ERR_R_MALLOC_FAILURE; goto err; }
|
{ i=ERR_R_MALLOC_FAILURE; goto err; }
|
||||||
@ -249,7 +265,7 @@ ASN1_OBJECT *ASN1_OBJECT_new(void)
|
|||||||
{
|
{
|
||||||
ASN1_OBJECT *ret;
|
ASN1_OBJECT *ret;
|
||||||
|
|
||||||
ret=(ASN1_OBJECT *)Malloc(sizeof(ASN1_OBJECT));
|
ret=(ASN1_OBJECT *)OPENSSL_malloc(sizeof(ASN1_OBJECT));
|
||||||
if (ret == NULL)
|
if (ret == NULL)
|
||||||
{
|
{
|
||||||
ASN1err(ASN1_F_ASN1_OBJECT_NEW,ERR_R_MALLOC_FAILURE);
|
ASN1err(ASN1_F_ASN1_OBJECT_NEW,ERR_R_MALLOC_FAILURE);
|
||||||
@ -270,19 +286,19 @@ void ASN1_OBJECT_free(ASN1_OBJECT *a)
|
|||||||
if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS)
|
if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS)
|
||||||
{
|
{
|
||||||
#ifndef CONST_STRICT /* disable purely for compile-time strict const checking. Doing this on a "real" compile will cause memory leaks */
|
#ifndef CONST_STRICT /* disable purely for compile-time strict const checking. Doing this on a "real" compile will cause memory leaks */
|
||||||
if (a->sn != NULL) Free((void *)a->sn);
|
if (a->sn != NULL) OPENSSL_free((void *)a->sn);
|
||||||
if (a->ln != NULL) Free((void *)a->ln);
|
if (a->ln != NULL) OPENSSL_free((void *)a->ln);
|
||||||
#endif
|
#endif
|
||||||
a->sn=a->ln=NULL;
|
a->sn=a->ln=NULL;
|
||||||
}
|
}
|
||||||
if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA)
|
if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA)
|
||||||
{
|
{
|
||||||
if (a->data != NULL) Free(a->data);
|
if (a->data != NULL) OPENSSL_free(a->data);
|
||||||
a->data=NULL;
|
a->data=NULL;
|
||||||
a->length=0;
|
a->length=0;
|
||||||
}
|
}
|
||||||
if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC)
|
if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC)
|
||||||
Free(a);
|
OPENSSL_free(a);
|
||||||
}
|
}
|
||||||
|
|
||||||
ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
|
ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
|
||||||
|
@ -116,7 +116,7 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, int (*func)(), int ex_tag,
|
|||||||
}
|
}
|
||||||
|
|
||||||
pStart = p; /* Catch the beg of Setblobs*/
|
pStart = p; /* Catch the beg of Setblobs*/
|
||||||
rgSetBlob = (MYBLOB *)Malloc( sk_num(a) * sizeof(MYBLOB)); /* In this array
|
rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)); /* In this array
|
||||||
we will store the SET blobs */
|
we will store the SET blobs */
|
||||||
|
|
||||||
for (i=0; i<sk_num(a); i++)
|
for (i=0; i<sk_num(a); i++)
|
||||||
@ -133,7 +133,7 @@ SetBlob
|
|||||||
/* Now we have to sort the blobs. I am using a simple algo.
|
/* Now we have to sort the blobs. I am using a simple algo.
|
||||||
*Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
|
*Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
|
||||||
qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
|
qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
|
||||||
pTempMem = Malloc(totSize);
|
pTempMem = OPENSSL_malloc(totSize);
|
||||||
|
|
||||||
/* Copy to temp mem */
|
/* Copy to temp mem */
|
||||||
p = pTempMem;
|
p = pTempMem;
|
||||||
@ -145,20 +145,20 @@ SetBlob
|
|||||||
|
|
||||||
/* Copy back to user mem*/
|
/* Copy back to user mem*/
|
||||||
memcpy(pStart, pTempMem, totSize);
|
memcpy(pStart, pTempMem, totSize);
|
||||||
Free(pTempMem);
|
OPENSSL_free(pTempMem);
|
||||||
Free(rgSetBlob);
|
OPENSSL_free(rgSetBlob);
|
||||||
|
|
||||||
return(r);
|
return(r);
|
||||||
}
|
}
|
||||||
|
|
||||||
STACK *d2i_ASN1_SET(STACK **a, unsigned char **pp, long length,
|
STACK *d2i_ASN1_SET(STACK **a, unsigned char **pp, long length,
|
||||||
char *(*func)(), void (*free_func)(), int ex_tag, int ex_class)
|
char *(*func)(), void (*free_func)(void *), int ex_tag, int ex_class)
|
||||||
{
|
{
|
||||||
ASN1_CTX c;
|
ASN1_CTX c;
|
||||||
STACK *ret=NULL;
|
STACK *ret=NULL;
|
||||||
|
|
||||||
if ((a == NULL) || ((*a) == NULL))
|
if ((a == NULL) || ((*a) == NULL))
|
||||||
{ if ((ret=sk_new(NULL)) == NULL) goto err; }
|
{ if ((ret=sk_new_null()) == NULL) goto err; }
|
||||||
else
|
else
|
||||||
ret=(*a);
|
ret=(*a);
|
||||||
|
|
||||||
|
@ -108,9 +108,9 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
inl=i2d(data,NULL);
|
inl=i2d(data,NULL);
|
||||||
buf_in=(unsigned char *)Malloc((unsigned int)inl);
|
buf_in=(unsigned char *)OPENSSL_malloc((unsigned int)inl);
|
||||||
outll=outl=EVP_PKEY_size(pkey);
|
outll=outl=EVP_PKEY_size(pkey);
|
||||||
buf_out=(unsigned char *)Malloc((unsigned int)outl);
|
buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
|
||||||
if ((buf_in == NULL) || (buf_out == NULL))
|
if ((buf_in == NULL) || (buf_out == NULL))
|
||||||
{
|
{
|
||||||
outl=0;
|
outl=0;
|
||||||
@ -129,7 +129,7 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
|
|||||||
ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB);
|
ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
if (signature->data != NULL) Free(signature->data);
|
if (signature->data != NULL) OPENSSL_free(signature->data);
|
||||||
signature->data=buf_out;
|
signature->data=buf_out;
|
||||||
buf_out=NULL;
|
buf_out=NULL;
|
||||||
signature->length=outl;
|
signature->length=outl;
|
||||||
@ -141,8 +141,8 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
|
|||||||
err:
|
err:
|
||||||
memset(&ctx,0,sizeof(ctx));
|
memset(&ctx,0,sizeof(ctx));
|
||||||
if (buf_in != NULL)
|
if (buf_in != NULL)
|
||||||
{ memset((char *)buf_in,0,(unsigned int)inl); Free(buf_in); }
|
{ memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); }
|
||||||
if (buf_out != NULL)
|
if (buf_out != NULL)
|
||||||
{ memset((char *)buf_out,0,outll); Free(buf_out); }
|
{ memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); }
|
||||||
return(outl);
|
return(outl);
|
||||||
}
|
}
|
||||||
|
533
crypto/openssl/crypto/asn1/a_strex.c
Normal file
533
crypto/openssl/crypto/asn1/a_strex.c
Normal file
@ -0,0 +1,533 @@
|
|||||||
|
/* a_strex.c */
|
||||||
|
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
|
||||||
|
* project 2000.
|
||||||
|
*/
|
||||||
|
/* ====================================================================
|
||||||
|
* Copyright (c) 2000 The OpenSSL Project. All rights reserved.
|
||||||
|
*
|
||||||
|
* Redistribution and use in source and binary forms, with or without
|
||||||
|
* modification, are permitted provided that the following conditions
|
||||||
|
* are met:
|
||||||
|
*
|
||||||
|
* 1. Redistributions of source code must retain the above copyright
|
||||||
|
* notice, this list of conditions and the following disclaimer.
|
||||||
|
*
|
||||||
|
* 2. Redistributions in binary form must reproduce the above copyright
|
||||||
|
* notice, this list of conditions and the following disclaimer in
|
||||||
|
* the documentation and/or other materials provided with the
|
||||||
|
* distribution.
|
||||||
|
*
|
||||||
|
* 3. All advertising materials mentioning features or use of this
|
||||||
|
* software must display the following acknowledgment:
|
||||||
|
* "This product includes software developed by the OpenSSL Project
|
||||||
|
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
|
||||||
|
*
|
||||||
|
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||||
|
* endorse or promote products derived from this software without
|
||||||
|
* prior written permission. For written permission, please contact
|
||||||
|
* licensing@OpenSSL.org.
|
||||||
|
*
|
||||||
|
* 5. Products derived from this software may not be called "OpenSSL"
|
||||||
|
* nor may "OpenSSL" appear in their names without prior written
|
||||||
|
* permission of the OpenSSL Project.
|
||||||
|
*
|
||||||
|
* 6. Redistributions of any form whatsoever must retain the following
|
||||||
|
* acknowledgment:
|
||||||
|
* "This product includes software developed by the OpenSSL Project
|
||||||
|
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
|
||||||
|
*
|
||||||
|
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||||
|
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||||
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||||
|
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||||
|
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||||
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||||
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||||
|
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||||
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||||
|
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||||
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||||
|
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
* ====================================================================
|
||||||
|
*
|
||||||
|
* This product includes cryptographic software written by Eric Young
|
||||||
|
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||||
|
* Hudson (tjh@cryptsoft.com).
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include <openssl/crypto.h>
|
||||||
|
#include <openssl/x509.h>
|
||||||
|
#include <openssl/asn1.h>
|
||||||
|
|
||||||
|
#include "charmap.h"
|
||||||
|
|
||||||
|
/* ASN1_STRING_print_ex() and X509_NAME_print_ex().
|
||||||
|
* Enhanced string and name printing routines handling
|
||||||
|
* multibyte characters, RFC2253 and a host of other
|
||||||
|
* options.
|
||||||
|
*/
|
||||||
|
|
||||||
|
|
||||||
|
#define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253)
|
||||||
|
|
||||||
|
|
||||||
|
/* Three IO functions for sending data to memory, a BIO and
|
||||||
|
* and a FILE pointer.
|
||||||
|
*/
|
||||||
|
|
||||||
|
int send_mem_chars(void *arg, const void *buf, int len)
|
||||||
|
{
|
||||||
|
unsigned char **out = arg;
|
||||||
|
if(!out) return 1;
|
||||||
|
memcpy(*out, buf, len);
|
||||||
|
*out += len;
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
int send_bio_chars(void *arg, const void *buf, int len)
|
||||||
|
{
|
||||||
|
if(!arg) return 1;
|
||||||
|
if(BIO_write(arg, buf, len) != len) return 0;
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
int send_fp_chars(void *arg, const void *buf, int len)
|
||||||
|
{
|
||||||
|
if(!arg) return 1;
|
||||||
|
if(fwrite(buf, 1, len, arg) != (unsigned int)len) return 0;
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
typedef int char_io(void *arg, const void *buf, int len);
|
||||||
|
|
||||||
|
/* This function handles display of
|
||||||
|
* strings, one character at a time.
|
||||||
|
* It is passed an unsigned long for each
|
||||||
|
* character because it could come from 2 or even
|
||||||
|
* 4 byte forms.
|
||||||
|
*/
|
||||||
|
|
||||||
|
static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, char_io *io_ch, void *arg)
|
||||||
|
{
|
||||||
|
unsigned char chflgs, chtmp;
|
||||||
|
char tmphex[11];
|
||||||
|
if(c > 0xffff) {
|
||||||
|
BIO_snprintf(tmphex, 11, "\\W%08lX", c);
|
||||||
|
if(!io_ch(arg, tmphex, 10)) return -1;
|
||||||
|
return 10;
|
||||||
|
}
|
||||||
|
if(c > 0xff) {
|
||||||
|
BIO_snprintf(tmphex, 11, "\\U%04lX", c);
|
||||||
|
if(!io_ch(arg, tmphex, 6)) return -1;
|
||||||
|
return 6;
|
||||||
|
}
|
||||||
|
chtmp = (unsigned char)c;
|
||||||
|
if(chtmp > 0x7f) chflgs = flags & ASN1_STRFLGS_ESC_MSB;
|
||||||
|
else chflgs = char_type[chtmp] & flags;
|
||||||
|
if(chflgs & CHARTYPE_BS_ESC) {
|
||||||
|
/* If we don't escape with quotes, signal we need quotes */
|
||||||
|
if(chflgs & ASN1_STRFLGS_ESC_QUOTE) {
|
||||||
|
if(do_quotes) *do_quotes = 1;
|
||||||
|
if(!io_ch(arg, &chtmp, 1)) return -1;
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
if(!io_ch(arg, "\\", 1)) return -1;
|
||||||
|
if(!io_ch(arg, &chtmp, 1)) return -1;
|
||||||
|
return 2;
|
||||||
|
}
|
||||||
|
if(chflgs & (ASN1_STRFLGS_ESC_CTRL|ASN1_STRFLGS_ESC_MSB)) {
|
||||||
|
BIO_snprintf(tmphex, 11, "\\%02X", chtmp);
|
||||||
|
if(!io_ch(arg, tmphex, 3)) return -1;
|
||||||
|
return 3;
|
||||||
|
}
|
||||||
|
if(!io_ch(arg, &chtmp, 1)) return -1;
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
#define BUF_TYPE_WIDTH_MASK 0x7
|
||||||
|
#define BUF_TYPE_CONVUTF8 0x8
|
||||||
|
|
||||||
|
/* This function sends each character in a buffer to
|
||||||
|
* do_esc_char(). It interprets the content formats
|
||||||
|
* and converts to or from UTF8 as appropriate.
|
||||||
|
*/
|
||||||
|
|
||||||
|
static int do_buf(unsigned char *buf, int buflen,
|
||||||
|
int type, unsigned char flags, char *quotes, char_io *io_ch, void *arg)
|
||||||
|
{
|
||||||
|
int i, outlen, len;
|
||||||
|
unsigned char orflags, *p, *q;
|
||||||
|
unsigned long c;
|
||||||
|
p = buf;
|
||||||
|
q = buf + buflen;
|
||||||
|
outlen = 0;
|
||||||
|
while(p != q) {
|
||||||
|
if(p == buf) orflags = CHARTYPE_FIRST_ESC_2253;
|
||||||
|
else orflags = 0;
|
||||||
|
switch(type & BUF_TYPE_WIDTH_MASK) {
|
||||||
|
case 4:
|
||||||
|
c = ((unsigned long)*p++) << 24;
|
||||||
|
c |= ((unsigned long)*p++) << 16;
|
||||||
|
c |= ((unsigned long)*p++) << 8;
|
||||||
|
c |= *p++;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 2:
|
||||||
|
c = ((unsigned long)*p++) << 8;
|
||||||
|
c |= *p++;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 1:
|
||||||
|
c = *p++;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 0:
|
||||||
|
i = UTF8_getc(p, buflen, &c);
|
||||||
|
if(i < 0) return -1; /* Invalid UTF8String */
|
||||||
|
p += i;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
if (p == q) orflags = CHARTYPE_LAST_ESC_2253;
|
||||||
|
if(type & BUF_TYPE_CONVUTF8) {
|
||||||
|
unsigned char utfbuf[6];
|
||||||
|
int utflen;
|
||||||
|
utflen = UTF8_putc(utfbuf, 6, c);
|
||||||
|
for(i = 0; i < utflen; i++) {
|
||||||
|
/* We don't need to worry about setting orflags correctly
|
||||||
|
* because if utflen==1 its value will be correct anyway
|
||||||
|
* otherwise each character will be > 0x7f and so the
|
||||||
|
* character will never be escaped on first and last.
|
||||||
|
*/
|
||||||
|
len = do_esc_char(utfbuf[i], (unsigned char)(flags | orflags), quotes, io_ch, arg);
|
||||||
|
if(len < 0) return -1;
|
||||||
|
outlen += len;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
len = do_esc_char(c, (unsigned char)(flags | orflags), quotes, io_ch, arg);
|
||||||
|
if(len < 0) return -1;
|
||||||
|
outlen += len;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return outlen;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* This function hex dumps a buffer of characters */
|
||||||
|
|
||||||
|
static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen)
|
||||||
|
{
|
||||||
|
const static char hexdig[] = "0123456789ABCDEF";
|
||||||
|
unsigned char *p, *q;
|
||||||
|
char hextmp[2];
|
||||||
|
if(arg) {
|
||||||
|
p = buf;
|
||||||
|
q = buf + buflen;
|
||||||
|
while(p != q) {
|
||||||
|
hextmp[0] = hexdig[*p >> 4];
|
||||||
|
hextmp[1] = hexdig[*p & 0xf];
|
||||||
|
if(!io_ch(arg, hextmp, 2)) return -1;
|
||||||
|
p++;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return buflen << 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* "dump" a string. This is done when the type is unknown,
|
||||||
|
* or the flags request it. We can either dump the content
|
||||||
|
* octets or the entire DER encoding. This uses the RFC2253
|
||||||
|
* #01234 format.
|
||||||
|
*/
|
||||||
|
|
||||||
|
int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str)
|
||||||
|
{
|
||||||
|
/* Placing the ASN1_STRING in a temp ASN1_TYPE allows
|
||||||
|
* the DER encoding to readily obtained
|
||||||
|
*/
|
||||||
|
ASN1_TYPE t;
|
||||||
|
unsigned char *der_buf, *p;
|
||||||
|
int outlen, der_len;
|
||||||
|
|
||||||
|
if(!io_ch(arg, "#", 1)) return -1;
|
||||||
|
/* If we don't dump DER encoding just dump content octets */
|
||||||
|
if(!(lflags & ASN1_STRFLGS_DUMP_DER)) {
|
||||||
|
outlen = do_hex_dump(io_ch, arg, str->data, str->length);
|
||||||
|
if(outlen < 0) return -1;
|
||||||
|
return outlen + 1;
|
||||||
|
}
|
||||||
|
t.type = str->type;
|
||||||
|
t.value.ptr = (char *)str;
|
||||||
|
der_len = i2d_ASN1_TYPE(&t, NULL);
|
||||||
|
der_buf = OPENSSL_malloc(der_len);
|
||||||
|
if(!der_buf) return -1;
|
||||||
|
p = der_buf;
|
||||||
|
i2d_ASN1_TYPE(&t, &p);
|
||||||
|
outlen = do_hex_dump(io_ch, arg, der_buf, der_len);
|
||||||
|
OPENSSL_free(der_buf);
|
||||||
|
if(outlen < 0) return -1;
|
||||||
|
return outlen + 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Lookup table to convert tags to character widths,
|
||||||
|
* 0 = UTF8 encoded, -1 is used for non string types
|
||||||
|
* otherwise it is the number of bytes per character
|
||||||
|
*/
|
||||||
|
|
||||||
|
const static char tag2nbyte[] = {
|
||||||
|
-1, -1, -1, -1, -1, /* 0-4 */
|
||||||
|
-1, -1, -1, -1, -1, /* 5-9 */
|
||||||
|
-1, -1, 0, -1, /* 10-13 */
|
||||||
|
-1, -1, -1, -1, /* 15-17 */
|
||||||
|
-1, 1, 1, /* 18-20 */
|
||||||
|
-1, 1, -1,-1, /* 21-24 */
|
||||||
|
-1, 1, -1, /* 25-27 */
|
||||||
|
4, -1, 2 /* 28-30 */
|
||||||
|
};
|
||||||
|
|
||||||
|
#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
|
||||||
|
ASN1_STRFLGS_ESC_QUOTE | \
|
||||||
|
ASN1_STRFLGS_ESC_CTRL | \
|
||||||
|
ASN1_STRFLGS_ESC_MSB)
|
||||||
|
|
||||||
|
/* This is the main function, print out an
|
||||||
|
* ASN1_STRING taking note of various escape
|
||||||
|
* and display options. Returns number of
|
||||||
|
* characters written or -1 if an error
|
||||||
|
* occurred.
|
||||||
|
*/
|
||||||
|
|
||||||
|
static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, ASN1_STRING *str)
|
||||||
|
{
|
||||||
|
int outlen, len;
|
||||||
|
int type;
|
||||||
|
char quotes;
|
||||||
|
unsigned char flags;
|
||||||
|
quotes = 0;
|
||||||
|
/* Keep a copy of escape flags */
|
||||||
|
flags = (unsigned char)(lflags & ESC_FLAGS);
|
||||||
|
|
||||||
|
type = str->type;
|
||||||
|
|
||||||
|
outlen = 0;
|
||||||
|
|
||||||
|
|
||||||
|
if(lflags & ASN1_STRFLGS_SHOW_TYPE) {
|
||||||
|
const char *tagname;
|
||||||
|
tagname = ASN1_tag2str(type);
|
||||||
|
outlen += strlen(tagname);
|
||||||
|
if(!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1)) return -1;
|
||||||
|
outlen++;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Decide what to do with type, either dump content or display it */
|
||||||
|
|
||||||
|
/* Dump everything */
|
||||||
|
if(lflags & ASN1_STRFLGS_DUMP_ALL) type = -1;
|
||||||
|
/* Ignore the string type */
|
||||||
|
else if(lflags & ASN1_STRFLGS_IGNORE_TYPE) type = 1;
|
||||||
|
else {
|
||||||
|
/* Else determine width based on type */
|
||||||
|
if((type > 0) && (type < 31)) type = tag2nbyte[type];
|
||||||
|
else type = -1;
|
||||||
|
if((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN)) type = 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(type == -1) {
|
||||||
|
len = do_dump(lflags, io_ch, arg, str);
|
||||||
|
if(len < 0) return -1;
|
||||||
|
outlen += len;
|
||||||
|
return outlen;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(lflags & ASN1_STRFLGS_UTF8_CONVERT) {
|
||||||
|
/* Note: if string is UTF8 and we want
|
||||||
|
* to convert to UTF8 then we just interpret
|
||||||
|
* it as 1 byte per character to avoid converting
|
||||||
|
* twice.
|
||||||
|
*/
|
||||||
|
if(!type) type = 1;
|
||||||
|
else type |= BUF_TYPE_CONVUTF8;
|
||||||
|
}
|
||||||
|
|
||||||
|
len = do_buf(str->data, str->length, type, flags, "es, io_ch, NULL);
|
||||||
|
if(outlen < 0) return -1;
|
||||||
|
outlen += len;
|
||||||
|
if(quotes) outlen += 2;
|
||||||
|
if(!arg) return outlen;
|
||||||
|
if(quotes && !io_ch(arg, "\"", 1)) return -1;
|
||||||
|
do_buf(str->data, str->length, type, flags, NULL, io_ch, arg);
|
||||||
|
if(quotes && !io_ch(arg, "\"", 1)) return -1;
|
||||||
|
return outlen;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Used for line indenting: print 'indent' spaces */
|
||||||
|
|
||||||
|
static int do_indent(char_io *io_ch, void *arg, int indent)
|
||||||
|
{
|
||||||
|
int i;
|
||||||
|
for(i = 0; i < indent; i++)
|
||||||
|
if(!io_ch(arg, " ", 1)) return 0;
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
|
||||||
|
int indent, unsigned long flags)
|
||||||
|
{
|
||||||
|
int i, prev = -1, orflags, cnt;
|
||||||
|
int fn_opt, fn_nid;
|
||||||
|
ASN1_OBJECT *fn;
|
||||||
|
ASN1_STRING *val;
|
||||||
|
X509_NAME_ENTRY *ent;
|
||||||
|
char objtmp[80];
|
||||||
|
const char *objbuf;
|
||||||
|
int outlen, len;
|
||||||
|
char *sep_dn, *sep_mv, *sep_eq;
|
||||||
|
int sep_dn_len, sep_mv_len, sep_eq_len;
|
||||||
|
if(indent < 0) indent = 0;
|
||||||
|
outlen = indent;
|
||||||
|
if(!do_indent(io_ch, arg, indent)) return -1;
|
||||||
|
switch (flags & XN_FLAG_SEP_MASK)
|
||||||
|
{
|
||||||
|
case XN_FLAG_SEP_MULTILINE:
|
||||||
|
sep_dn = "\n";
|
||||||
|
sep_dn_len = 1;
|
||||||
|
sep_mv = " + ";
|
||||||
|
sep_mv_len = 3;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case XN_FLAG_SEP_COMMA_PLUS:
|
||||||
|
sep_dn = ",";
|
||||||
|
sep_dn_len = 1;
|
||||||
|
sep_mv = "+";
|
||||||
|
sep_mv_len = 1;
|
||||||
|
indent = 0;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case XN_FLAG_SEP_CPLUS_SPC:
|
||||||
|
sep_dn = ", ";
|
||||||
|
sep_dn_len = 2;
|
||||||
|
sep_mv = " + ";
|
||||||
|
sep_mv_len = 3;
|
||||||
|
indent = 0;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case XN_FLAG_SEP_SPLUS_SPC:
|
||||||
|
sep_dn = "; ";
|
||||||
|
sep_dn_len = 2;
|
||||||
|
sep_mv = " + ";
|
||||||
|
sep_mv_len = 3;
|
||||||
|
indent = 0;
|
||||||
|
break;
|
||||||
|
|
||||||
|
default:
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(flags & XN_FLAG_SPC_EQ) {
|
||||||
|
sep_eq = " = ";
|
||||||
|
sep_eq_len = 3;
|
||||||
|
} else {
|
||||||
|
sep_eq = "=";
|
||||||
|
sep_eq_len = 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
fn_opt = flags & XN_FLAG_FN_MASK;
|
||||||
|
|
||||||
|
cnt = X509_NAME_entry_count(n);
|
||||||
|
for(i = 0; i < cnt; i++) {
|
||||||
|
if(flags & XN_FLAG_DN_REV)
|
||||||
|
ent = X509_NAME_get_entry(n, cnt - i - 1);
|
||||||
|
else ent = X509_NAME_get_entry(n, i);
|
||||||
|
if(prev != -1) {
|
||||||
|
if(prev == ent->set) {
|
||||||
|
if(!io_ch(arg, sep_mv, sep_mv_len)) return -1;
|
||||||
|
outlen += sep_mv_len;
|
||||||
|
} else {
|
||||||
|
if(!io_ch(arg, sep_dn, sep_dn_len)) return -1;
|
||||||
|
outlen += sep_dn_len;
|
||||||
|
if(!do_indent(io_ch, arg, indent)) return -1;
|
||||||
|
outlen += indent;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
prev = ent->set;
|
||||||
|
fn = X509_NAME_ENTRY_get_object(ent);
|
||||||
|
val = X509_NAME_ENTRY_get_data(ent);
|
||||||
|
fn_nid = OBJ_obj2nid(fn);
|
||||||
|
if(fn_opt != XN_FLAG_FN_NONE) {
|
||||||
|
int objlen;
|
||||||
|
if((fn_opt == XN_FLAG_FN_OID) || (fn_nid==NID_undef) ) {
|
||||||
|
OBJ_obj2txt(objtmp, 80, fn, 1);
|
||||||
|
objbuf = objtmp;
|
||||||
|
} else {
|
||||||
|
if(fn_opt == XN_FLAG_FN_SN)
|
||||||
|
objbuf = OBJ_nid2sn(fn_nid);
|
||||||
|
else if(fn_opt == XN_FLAG_FN_LN)
|
||||||
|
objbuf = OBJ_nid2ln(fn_nid);
|
||||||
|
else objbuf = "";
|
||||||
|
}
|
||||||
|
objlen = strlen(objbuf);
|
||||||
|
if(!io_ch(arg, objbuf, objlen)) return -1;
|
||||||
|
if(!io_ch(arg, sep_eq, sep_eq_len)) return -1;
|
||||||
|
outlen += objlen + sep_eq_len;
|
||||||
|
}
|
||||||
|
/* If the field name is unknown then fix up the DER dump
|
||||||
|
* flag. We might want to limit this further so it will
|
||||||
|
* DER dump on anything other than a few 'standard' fields.
|
||||||
|
*/
|
||||||
|
if((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS))
|
||||||
|
orflags = ASN1_STRFLGS_DUMP_ALL;
|
||||||
|
else orflags = 0;
|
||||||
|
|
||||||
|
len = do_print_ex(io_ch, arg, flags | orflags, val);
|
||||||
|
if(len < 0) return -1;
|
||||||
|
outlen += len;
|
||||||
|
}
|
||||||
|
return outlen;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Wrappers round the main functions */
|
||||||
|
|
||||||
|
int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags)
|
||||||
|
{
|
||||||
|
return do_name_ex(send_bio_chars, out, nm, indent, flags);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags)
|
||||||
|
{
|
||||||
|
return do_name_ex(send_fp_chars, fp, nm, indent, flags);
|
||||||
|
}
|
||||||
|
|
||||||
|
int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags)
|
||||||
|
{
|
||||||
|
return do_print_ex(send_bio_chars, out, flags, str);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags)
|
||||||
|
{
|
||||||
|
return do_print_ex(send_fp_chars, fp, flags, str);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Utility function: convert any string type to UTF8, returns number of bytes
|
||||||
|
* in output string or a negative error code
|
||||||
|
*/
|
||||||
|
|
||||||
|
int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
|
||||||
|
{
|
||||||
|
ASN1_STRING stmp, *str = &stmp;
|
||||||
|
int mbflag, type, ret;
|
||||||
|
if(!*out || !in) return -1;
|
||||||
|
type = in->type;
|
||||||
|
if((type < 0) || (type > 30)) return -1;
|
||||||
|
mbflag = tag2nbyte[type];
|
||||||
|
if(mbflag == -1) return -1;
|
||||||
|
mbflag |= MBSTRING_FLAG;
|
||||||
|
stmp.data = NULL;
|
||||||
|
ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
|
||||||
|
if(ret < 0) return ret;
|
||||||
|
if(out) *out = stmp.data;
|
||||||
|
return stmp.length;
|
||||||
|
}
|
@ -65,8 +65,9 @@
|
|||||||
|
|
||||||
static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;
|
static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;
|
||||||
static void st_free(ASN1_STRING_TABLE *tbl);
|
static void st_free(ASN1_STRING_TABLE *tbl);
|
||||||
static int sk_table_cmp(ASN1_STRING_TABLE **a, ASN1_STRING_TABLE **b);
|
static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
|
||||||
static int table_cmp(ASN1_STRING_TABLE *a, ASN1_STRING_TABLE *b);
|
const ASN1_STRING_TABLE * const *b);
|
||||||
|
static int table_cmp(const void *a, const void *b);
|
||||||
|
|
||||||
|
|
||||||
/* This is the global mask for the mbstring functions: this is use to
|
/* This is the global mask for the mbstring functions: this is use to
|
||||||
@ -173,14 +174,16 @@ static ASN1_STRING_TABLE tbl_standard[] = {
|
|||||||
{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}
|
{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}
|
||||||
};
|
};
|
||||||
|
|
||||||
static int sk_table_cmp(ASN1_STRING_TABLE **a, ASN1_STRING_TABLE **b)
|
static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
|
||||||
|
const ASN1_STRING_TABLE * const *b)
|
||||||
{
|
{
|
||||||
return (*a)->nid - (*b)->nid;
|
return (*a)->nid - (*b)->nid;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int table_cmp(ASN1_STRING_TABLE *a, ASN1_STRING_TABLE *b)
|
static int table_cmp(const void *a, const void *b)
|
||||||
{
|
{
|
||||||
return a->nid - b->nid;
|
const ASN1_STRING_TABLE *sa = a, *sb = b;
|
||||||
|
return sa->nid - sb->nid;
|
||||||
}
|
}
|
||||||
|
|
||||||
ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
|
ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
|
||||||
@ -192,7 +195,7 @@ ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
|
|||||||
ttmp = (ASN1_STRING_TABLE *) OBJ_bsearch((char *)&fnd,
|
ttmp = (ASN1_STRING_TABLE *) OBJ_bsearch((char *)&fnd,
|
||||||
(char *)tbl_standard,
|
(char *)tbl_standard,
|
||||||
sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE),
|
sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE),
|
||||||
sizeof(ASN1_STRING_TABLE), (int(*)())table_cmp);
|
sizeof(ASN1_STRING_TABLE), table_cmp);
|
||||||
if(ttmp) return ttmp;
|
if(ttmp) return ttmp;
|
||||||
if(!stable) return NULL;
|
if(!stable) return NULL;
|
||||||
idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);
|
idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);
|
||||||
@ -213,7 +216,7 @@ int ASN1_STRING_TABLE_add(int nid,
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
if(!(tmp = ASN1_STRING_TABLE_get(nid))) {
|
if(!(tmp = ASN1_STRING_TABLE_get(nid))) {
|
||||||
tmp = Malloc(sizeof(ASN1_STRING_TABLE));
|
tmp = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE));
|
||||||
if(!tmp) {
|
if(!tmp) {
|
||||||
ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD,
|
ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD,
|
||||||
ERR_R_MALLOC_FAILURE);
|
ERR_R_MALLOC_FAILURE);
|
||||||
@ -241,7 +244,7 @@ void ASN1_STRING_TABLE_cleanup(void)
|
|||||||
|
|
||||||
static void st_free(ASN1_STRING_TABLE *tbl)
|
static void st_free(ASN1_STRING_TABLE *tbl)
|
||||||
{
|
{
|
||||||
if(tbl->flags & STABLE_FLAGS_MALLOC) Free(tbl);
|
if(tbl->flags & STABLE_FLAGS_MALLOC) OPENSSL_free(tbl);
|
||||||
}
|
}
|
||||||
|
|
||||||
IMPLEMENT_STACK_OF(ASN1_STRING_TABLE)
|
IMPLEMENT_STACK_OF(ASN1_STRING_TABLE)
|
||||||
|
@ -113,11 +113,9 @@ ASN1_TIME *d2i_ASN1_TIME(ASN1_TIME **a, unsigned char **pp, long length)
|
|||||||
ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
|
ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
|
||||||
{
|
{
|
||||||
struct tm *ts;
|
struct tm *ts;
|
||||||
#if defined(THREADS) && !defined(WIN32)
|
#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
|
||||||
struct tm data;
|
struct tm data;
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(THREADS) && !defined(WIN32)
|
|
||||||
gmtime_r(&t,&data);
|
gmtime_r(&t,&data);
|
||||||
ts=&data; /* should return &data, but doesn't on some systems, so we don't even look at the return value */
|
ts=&data; /* should return &data, but doesn't on some systems, so we don't even look at the return value */
|
||||||
#else
|
#else
|
||||||
|
@ -123,6 +123,8 @@ int i2d_ASN1_TYPE(ASN1_TYPE *a, unsigned char **pp)
|
|||||||
break;
|
break;
|
||||||
case V_ASN1_SET:
|
case V_ASN1_SET:
|
||||||
case V_ASN1_SEQUENCE:
|
case V_ASN1_SEQUENCE:
|
||||||
|
case V_ASN1_OTHER:
|
||||||
|
default:
|
||||||
if (a->value.set == NULL)
|
if (a->value.set == NULL)
|
||||||
r=0;
|
r=0;
|
||||||
else
|
else
|
||||||
@ -159,6 +161,8 @@ ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, unsigned char **pp, long length)
|
|||||||
|
|
||||||
inf=ASN1_get_object(&q,&len,&tag,&xclass,length);
|
inf=ASN1_get_object(&q,&len,&tag,&xclass,length);
|
||||||
if (inf & 0x80) goto err;
|
if (inf & 0x80) goto err;
|
||||||
|
/* If not universal tag we've no idea what it is */
|
||||||
|
if(xclass != V_ASN1_UNIVERSAL) tag = V_ASN1_OTHER;
|
||||||
|
|
||||||
ASN1_TYPE_component_free(ret);
|
ASN1_TYPE_component_free(ret);
|
||||||
|
|
||||||
@ -245,6 +249,8 @@ ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, unsigned char **pp, long length)
|
|||||||
break;
|
break;
|
||||||
case V_ASN1_SET:
|
case V_ASN1_SET:
|
||||||
case V_ASN1_SEQUENCE:
|
case V_ASN1_SEQUENCE:
|
||||||
|
case V_ASN1_OTHER:
|
||||||
|
default:
|
||||||
/* Sets and sequences are left complete */
|
/* Sets and sequences are left complete */
|
||||||
if ((ret->value.set=ASN1_STRING_new()) == NULL) goto err;
|
if ((ret->value.set=ASN1_STRING_new()) == NULL) goto err;
|
||||||
ret->value.set->type=tag;
|
ret->value.set->type=tag;
|
||||||
@ -252,9 +258,6 @@ ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, unsigned char **pp, long length)
|
|||||||
if (!ASN1_STRING_set(ret->value.set,p,(int)len)) goto err;
|
if (!ASN1_STRING_set(ret->value.set,p,(int)len)) goto err;
|
||||||
p+=len;
|
p+=len;
|
||||||
break;
|
break;
|
||||||
default:
|
|
||||||
ASN1err(ASN1_F_D2I_ASN1_TYPE,ASN1_R_BAD_TYPE);
|
|
||||||
goto err;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
ret->type=tag;
|
ret->type=tag;
|
||||||
@ -282,7 +285,7 @@ void ASN1_TYPE_free(ASN1_TYPE *a)
|
|||||||
{
|
{
|
||||||
if (a == NULL) return;
|
if (a == NULL) return;
|
||||||
ASN1_TYPE_component_free(a);
|
ASN1_TYPE_component_free(a);
|
||||||
Free(a);
|
OPENSSL_free(a);
|
||||||
}
|
}
|
||||||
|
|
||||||
int ASN1_TYPE_get(ASN1_TYPE *a)
|
int ASN1_TYPE_get(ASN1_TYPE *a)
|
||||||
@ -312,6 +315,8 @@ static void ASN1_TYPE_component_free(ASN1_TYPE *a)
|
|||||||
case V_ASN1_OBJECT:
|
case V_ASN1_OBJECT:
|
||||||
ASN1_OBJECT_free(a->value.object);
|
ASN1_OBJECT_free(a->value.object);
|
||||||
break;
|
break;
|
||||||
|
case V_ASN1_NULL:
|
||||||
|
break;
|
||||||
case V_ASN1_INTEGER:
|
case V_ASN1_INTEGER:
|
||||||
case V_ASN1_NEG_INTEGER:
|
case V_ASN1_NEG_INTEGER:
|
||||||
case V_ASN1_ENUMERATED:
|
case V_ASN1_ENUMERATED:
|
||||||
@ -333,10 +338,9 @@ static void ASN1_TYPE_component_free(ASN1_TYPE *a)
|
|||||||
case V_ASN1_UNIVERSALSTRING:
|
case V_ASN1_UNIVERSALSTRING:
|
||||||
case V_ASN1_BMPSTRING:
|
case V_ASN1_BMPSTRING:
|
||||||
case V_ASN1_UTF8STRING:
|
case V_ASN1_UTF8STRING:
|
||||||
ASN1_STRING_free((ASN1_STRING *)a->value.ptr);
|
case V_ASN1_OTHER:
|
||||||
break;
|
|
||||||
default:
|
default:
|
||||||
/* MEMORY LEAK */
|
ASN1_STRING_free((ASN1_STRING *)a->value.ptr);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
a->type=0;
|
a->type=0;
|
||||||
|
@ -193,7 +193,8 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
|
|||||||
{
|
{
|
||||||
char *p;
|
char *p;
|
||||||
struct tm *ts;
|
struct tm *ts;
|
||||||
#if defined(THREADS) && !defined(WIN32)
|
#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
|
||||||
|
|
||||||
struct tm data;
|
struct tm data;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -202,7 +203,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
|
|||||||
if (s == NULL)
|
if (s == NULL)
|
||||||
return(NULL);
|
return(NULL);
|
||||||
|
|
||||||
#if defined(THREADS) && !defined(WIN32)
|
#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
|
||||||
gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */
|
gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */
|
||||||
ts=&data;
|
ts=&data;
|
||||||
#else
|
#else
|
||||||
@ -248,10 +249,10 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
|
|||||||
p=(char *)s->data;
|
p=(char *)s->data;
|
||||||
if ((p == NULL) || (s->length < 14))
|
if ((p == NULL) || (s->length < 14))
|
||||||
{
|
{
|
||||||
p=Malloc(20);
|
p=OPENSSL_malloc(20);
|
||||||
if (p == NULL) return(NULL);
|
if (p == NULL) return(NULL);
|
||||||
if (s->data != NULL)
|
if (s->data != NULL)
|
||||||
Free(s->data);
|
OPENSSL_free(s->data);
|
||||||
s->data=(unsigned char *)p;
|
s->data=(unsigned char *)p;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -264,3 +265,84 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
|
|||||||
#endif
|
#endif
|
||||||
return(s);
|
return(s);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
|
||||||
|
{
|
||||||
|
struct tm *tm;
|
||||||
|
int offset;
|
||||||
|
int year;
|
||||||
|
|
||||||
|
#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
|
||||||
|
|
||||||
|
if (s->data[12] == 'Z')
|
||||||
|
offset=0;
|
||||||
|
else
|
||||||
|
{
|
||||||
|
offset = g2(s->data+13)*60+g2(s->data+15);
|
||||||
|
if (s->data[12] == '-')
|
||||||
|
offset = -offset;
|
||||||
|
}
|
||||||
|
|
||||||
|
t -= offset*60; /* FIXME: may overflow in extreme cases */
|
||||||
|
|
||||||
|
#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
|
||||||
|
{ struct tm data; gmtime_r(&t, &data); tm = &data; }
|
||||||
|
#else
|
||||||
|
tm = gmtime(&t);
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1
|
||||||
|
year = g2(s->data);
|
||||||
|
if (year < 50)
|
||||||
|
year += 100;
|
||||||
|
return_cmp(year, tm->tm_year);
|
||||||
|
return_cmp(g2(s->data+2) - 1, tm->tm_mon);
|
||||||
|
return_cmp(g2(s->data+4), tm->tm_mday);
|
||||||
|
return_cmp(g2(s->data+6), tm->tm_hour);
|
||||||
|
return_cmp(g2(s->data+8), tm->tm_min);
|
||||||
|
return_cmp(g2(s->data+10), tm->tm_sec);
|
||||||
|
#undef g2
|
||||||
|
#undef return_cmp
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#if 0
|
||||||
|
time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s)
|
||||||
|
{
|
||||||
|
struct tm tm;
|
||||||
|
int offset;
|
||||||
|
|
||||||
|
memset(&tm,'\0',sizeof tm);
|
||||||
|
|
||||||
|
#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
|
||||||
|
tm.tm_year=g2(s->data);
|
||||||
|
if(tm.tm_year < 50)
|
||||||
|
tm.tm_year+=100;
|
||||||
|
tm.tm_mon=g2(s->data+2)-1;
|
||||||
|
tm.tm_mday=g2(s->data+4);
|
||||||
|
tm.tm_hour=g2(s->data+6);
|
||||||
|
tm.tm_min=g2(s->data+8);
|
||||||
|
tm.tm_sec=g2(s->data+10);
|
||||||
|
if(s->data[12] == 'Z')
|
||||||
|
offset=0;
|
||||||
|
else
|
||||||
|
{
|
||||||
|
offset=g2(s->data+13)*60+g2(s->data+15);
|
||||||
|
if(s->data[12] == '-')
|
||||||
|
offset= -offset;
|
||||||
|
}
|
||||||
|
#undef g2
|
||||||
|
|
||||||
|
return mktime(&tm)-offset*60; /* FIXME: mktime assumes the current timezone
|
||||||
|
* instead of UTC, and unless we rewrite OpenSSL
|
||||||
|
* in Lisp we cannot locally change the timezone
|
||||||
|
* without possibly interfering with other parts
|
||||||
|
* of the program. timegm, which uses UTC, is
|
||||||
|
* non-standard.
|
||||||
|
* Also time_t is inappropriate for general
|
||||||
|
* UTC times because it may a 32 bit type. */
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
@ -133,7 +133,7 @@ int UTF8_getc(const unsigned char *str, int len, unsigned long *val)
|
|||||||
if( ((p[1] & 0xc0) != 0x80)
|
if( ((p[1] & 0xc0) != 0x80)
|
||||||
|| ((p[2] & 0xc0) != 0x80)
|
|| ((p[2] & 0xc0) != 0x80)
|
||||||
|| ((p[3] & 0xc0) != 0x80) ) return -3;
|
|| ((p[3] & 0xc0) != 0x80) ) return -3;
|
||||||
value = (*p++ & 0x7) << 18;
|
value = ((unsigned long)(*p++ & 0x7)) << 18;
|
||||||
value |= (*p++ & 0x3f) << 12;
|
value |= (*p++ & 0x3f) << 12;
|
||||||
value |= (*p++ & 0x3f) << 6;
|
value |= (*p++ & 0x3f) << 6;
|
||||||
value |= *p++ & 0x3f;
|
value |= *p++ & 0x3f;
|
||||||
@ -145,9 +145,9 @@ int UTF8_getc(const unsigned char *str, int len, unsigned long *val)
|
|||||||
|| ((p[2] & 0xc0) != 0x80)
|
|| ((p[2] & 0xc0) != 0x80)
|
||||||
|| ((p[3] & 0xc0) != 0x80)
|
|| ((p[3] & 0xc0) != 0x80)
|
||||||
|| ((p[4] & 0xc0) != 0x80) ) return -3;
|
|| ((p[4] & 0xc0) != 0x80) ) return -3;
|
||||||
value = (*p++ & 0x3) << 24;
|
value = ((unsigned long)(*p++ & 0x3)) << 24;
|
||||||
value |= (*p++ & 0x3f) << 18;
|
value |= ((unsigned long)(*p++ & 0x3f)) << 18;
|
||||||
value |= (*p++ & 0x3f) << 12;
|
value |= ((unsigned long)(*p++ & 0x3f)) << 12;
|
||||||
value |= (*p++ & 0x3f) << 6;
|
value |= (*p++ & 0x3f) << 6;
|
||||||
value |= *p++ & 0x3f;
|
value |= *p++ & 0x3f;
|
||||||
if(value < 0x200000) return -4;
|
if(value < 0x200000) return -4;
|
||||||
@ -159,10 +159,10 @@ int UTF8_getc(const unsigned char *str, int len, unsigned long *val)
|
|||||||
|| ((p[3] & 0xc0) != 0x80)
|
|| ((p[3] & 0xc0) != 0x80)
|
||||||
|| ((p[4] & 0xc0) != 0x80)
|
|| ((p[4] & 0xc0) != 0x80)
|
||||||
|| ((p[5] & 0xc0) != 0x80) ) return -3;
|
|| ((p[5] & 0xc0) != 0x80) ) return -3;
|
||||||
value = (*p++ & 0x1) << 30;
|
value = ((unsigned long)(*p++ & 0x1)) << 30;
|
||||||
value |= (*p++ & 0x3f) << 24;
|
value |= ((unsigned long)(*p++ & 0x3f)) << 24;
|
||||||
value |= (*p++ & 0x3f) << 18;
|
value |= ((unsigned long)(*p++ & 0x3f)) << 18;
|
||||||
value |= (*p++ & 0x3f) << 12;
|
value |= ((unsigned long)(*p++ & 0x3f)) << 12;
|
||||||
value |= (*p++ & 0x3f) << 6;
|
value |= (*p++ & 0x3f) << 6;
|
||||||
value |= *p++ & 0x3f;
|
value |= *p++ & 0x3f;
|
||||||
if(value < 0x4000000) return -4;
|
if(value < 0x4000000) return -4;
|
||||||
|
@ -88,7 +88,7 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
|
|||||||
}
|
}
|
||||||
|
|
||||||
inl=i2d(data,NULL);
|
inl=i2d(data,NULL);
|
||||||
buf_in=Malloc((unsigned int)inl);
|
buf_in=OPENSSL_malloc((unsigned int)inl);
|
||||||
if (buf_in == NULL)
|
if (buf_in == NULL)
|
||||||
{
|
{
|
||||||
ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
|
ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
|
||||||
@ -101,7 +101,7 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
|
|||||||
EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
|
EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
|
||||||
|
|
||||||
memset(buf_in,0,(unsigned int)inl);
|
memset(buf_in,0,(unsigned int)inl);
|
||||||
Free(buf_in);
|
OPENSSL_free(buf_in);
|
||||||
|
|
||||||
if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
|
if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
|
||||||
(unsigned int)signature->length,pkey) <= 0)
|
(unsigned int)signature->length,pkey) <= 0)
|
||||||
|
@ -59,17 +59,18 @@
|
|||||||
#ifndef HEADER_ASN1_H
|
#ifndef HEADER_ASN1_H
|
||||||
#define HEADER_ASN1_H
|
#define HEADER_ASN1_H
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
extern "C" {
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#include <time.h>
|
#include <time.h>
|
||||||
|
#ifndef NO_BIO
|
||||||
|
#include <openssl/bio.h>
|
||||||
|
#endif
|
||||||
#include <openssl/bn.h>
|
#include <openssl/bn.h>
|
||||||
#include <openssl/stack.h>
|
#include <openssl/stack.h>
|
||||||
#include <openssl/safestack.h>
|
#include <openssl/safestack.h>
|
||||||
|
|
||||||
#ifdef VMS
|
#include <openssl/symhacks.h>
|
||||||
#include <openssl/vms_idhacks.h>
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
extern "C" {
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#define V_ASN1_UNIVERSAL 0x00
|
#define V_ASN1_UNIVERSAL 0x00
|
||||||
@ -82,12 +83,15 @@ extern "C" {
|
|||||||
#define V_ASN1_PRIMATIVE_TAG 0x1f
|
#define V_ASN1_PRIMATIVE_TAG 0x1f
|
||||||
|
|
||||||
#define V_ASN1_APP_CHOOSE -2 /* let the recipient choose */
|
#define V_ASN1_APP_CHOOSE -2 /* let the recipient choose */
|
||||||
|
#define V_ASN1_OTHER -3 /* used in ASN1_TYPE */
|
||||||
|
|
||||||
|
#define V_ASN1_NEG 0x100 /* negative flag */
|
||||||
|
|
||||||
#define V_ASN1_UNDEF -1
|
#define V_ASN1_UNDEF -1
|
||||||
#define V_ASN1_EOC 0
|
#define V_ASN1_EOC 0
|
||||||
#define V_ASN1_BOOLEAN 1 /**/
|
#define V_ASN1_BOOLEAN 1 /**/
|
||||||
#define V_ASN1_INTEGER 2
|
#define V_ASN1_INTEGER 2
|
||||||
#define V_ASN1_NEG_INTEGER (2+0x100)
|
#define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG)
|
||||||
#define V_ASN1_BIT_STRING 3
|
#define V_ASN1_BIT_STRING 3
|
||||||
#define V_ASN1_OCTET_STRING 4
|
#define V_ASN1_OCTET_STRING 4
|
||||||
#define V_ASN1_NULL 5
|
#define V_ASN1_NULL 5
|
||||||
@ -96,7 +100,7 @@ extern "C" {
|
|||||||
#define V_ASN1_EXTERNAL 8
|
#define V_ASN1_EXTERNAL 8
|
||||||
#define V_ASN1_REAL 9
|
#define V_ASN1_REAL 9
|
||||||
#define V_ASN1_ENUMERATED 10
|
#define V_ASN1_ENUMERATED 10
|
||||||
#define V_ASN1_NEG_ENUMERATED (10+0x100)
|
#define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG)
|
||||||
#define V_ASN1_UTF8STRING 12
|
#define V_ASN1_UTF8STRING 12
|
||||||
#define V_ASN1_SEQUENCE 16
|
#define V_ASN1_SEQUENCE 16
|
||||||
#define V_ASN1_SET 17
|
#define V_ASN1_SET 17
|
||||||
@ -140,32 +144,10 @@ extern "C" {
|
|||||||
#define MBSTRING_UNIV (MBSTRING_FLAG|3)
|
#define MBSTRING_UNIV (MBSTRING_FLAG|3)
|
||||||
#define MBSTRING_UTF8 (MBSTRING_FLAG|4)
|
#define MBSTRING_UTF8 (MBSTRING_FLAG|4)
|
||||||
|
|
||||||
#define DECLARE_ASN1_SET_OF(type) \
|
struct X509_algor_st;
|
||||||
int i2d_ASN1_SET_OF_##type(STACK_OF(type) *a,unsigned char **pp, \
|
|
||||||
int (*func)(type *,unsigned char **), int ex_tag, \
|
|
||||||
int ex_class, int is_set); \
|
|
||||||
STACK_OF(type) *d2i_ASN1_SET_OF_##type(STACK_OF(type) **a,unsigned char **pp, \
|
|
||||||
long length, \
|
|
||||||
type *(*func)(type **, \
|
|
||||||
unsigned char **,long), \
|
|
||||||
void (*free_func)(type *), \
|
|
||||||
int ex_tag,int ex_class);
|
|
||||||
|
|
||||||
#define IMPLEMENT_ASN1_SET_OF(type) \
|
#define DECLARE_ASN1_SET_OF(type) /* filled in by mkstack.pl */
|
||||||
int i2d_ASN1_SET_OF_##type(STACK_OF(type) *a,unsigned char **pp, \
|
#define IMPLEMENT_ASN1_SET_OF(type) /* nothing, no longer needed */
|
||||||
int (*func)(type *,unsigned char **), int ex_tag, \
|
|
||||||
int ex_class, int is_set) \
|
|
||||||
{ return i2d_ASN1_SET((STACK *)a,pp,func,ex_tag,ex_class,is_set); } \
|
|
||||||
STACK_OF(type) *d2i_ASN1_SET_OF_##type(STACK_OF(type) **a,unsigned char **pp, \
|
|
||||||
long length, \
|
|
||||||
type *(*func)(type **, \
|
|
||||||
unsigned char **,long), \
|
|
||||||
void (*free_func)(type *), \
|
|
||||||
int ex_tag,int ex_class) \
|
|
||||||
{ return (STACK_OF(type) *)d2i_ASN1_SET((STACK **)a,pp,length, \
|
|
||||||
(char *(*)())func, \
|
|
||||||
(void (*)())free_func, \
|
|
||||||
ex_tag,ex_class); }
|
|
||||||
|
|
||||||
typedef struct asn1_ctx_st
|
typedef struct asn1_ctx_st
|
||||||
{
|
{
|
||||||
@ -254,6 +236,7 @@ DECLARE_STACK_OF(ASN1_STRING_TABLE)
|
|||||||
#define ASN1_BMPSTRING ASN1_STRING
|
#define ASN1_BMPSTRING ASN1_STRING
|
||||||
#define ASN1_VISIBLESTRING ASN1_STRING
|
#define ASN1_VISIBLESTRING ASN1_STRING
|
||||||
#define ASN1_UTF8STRING ASN1_STRING
|
#define ASN1_UTF8STRING ASN1_STRING
|
||||||
|
#define ASN1_BOOLEAN int
|
||||||
#else
|
#else
|
||||||
typedef struct asn1_string_st ASN1_INTEGER;
|
typedef struct asn1_string_st ASN1_INTEGER;
|
||||||
typedef struct asn1_string_st ASN1_ENUMERATED;
|
typedef struct asn1_string_st ASN1_ENUMERATED;
|
||||||
@ -270,15 +253,99 @@ typedef struct asn1_string_st ASN1_TIME;
|
|||||||
typedef struct asn1_string_st ASN1_GENERALIZEDTIME;
|
typedef struct asn1_string_st ASN1_GENERALIZEDTIME;
|
||||||
typedef struct asn1_string_st ASN1_VISIBLESTRING;
|
typedef struct asn1_string_st ASN1_VISIBLESTRING;
|
||||||
typedef struct asn1_string_st ASN1_UTF8STRING;
|
typedef struct asn1_string_st ASN1_UTF8STRING;
|
||||||
|
typedef int ASN1_BOOLEAN;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
typedef int ASN1_NULL;
|
typedef int ASN1_NULL;
|
||||||
|
|
||||||
|
/* Parameters used by ASN1_STRING_print_ex() */
|
||||||
|
|
||||||
|
/* These determine which characters to escape:
|
||||||
|
* RFC2253 special characters, control characters and
|
||||||
|
* MSB set characters
|
||||||
|
*/
|
||||||
|
|
||||||
|
#define ASN1_STRFLGS_ESC_2253 1
|
||||||
|
#define ASN1_STRFLGS_ESC_CTRL 2
|
||||||
|
#define ASN1_STRFLGS_ESC_MSB 4
|
||||||
|
|
||||||
|
|
||||||
|
/* This flag determines how we do escaping: normally
|
||||||
|
* RC2253 backslash only, set this to use backslash and
|
||||||
|
* quote.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#define ASN1_STRFLGS_ESC_QUOTE 8
|
||||||
|
|
||||||
|
|
||||||
|
/* These three flags are internal use only. */
|
||||||
|
|
||||||
|
/* Character is a valid PrintableString character */
|
||||||
|
#define CHARTYPE_PRINTABLESTRING 0x10
|
||||||
|
/* Character needs escaping if it is the first character */
|
||||||
|
#define CHARTYPE_FIRST_ESC_2253 0x20
|
||||||
|
/* Character needs escaping if it is the last character */
|
||||||
|
#define CHARTYPE_LAST_ESC_2253 0x40
|
||||||
|
|
||||||
|
/* NB the internal flags are safely reused below by flags
|
||||||
|
* handled at the top level.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* If this is set we convert all character strings
|
||||||
|
* to UTF8 first
|
||||||
|
*/
|
||||||
|
|
||||||
|
#define ASN1_STRFLGS_UTF8_CONVERT 0x10
|
||||||
|
|
||||||
|
/* If this is set we don't attempt to interpret content:
|
||||||
|
* just assume all strings are 1 byte per character. This
|
||||||
|
* will produce some pretty odd looking output!
|
||||||
|
*/
|
||||||
|
|
||||||
|
#define ASN1_STRFLGS_IGNORE_TYPE 0x20
|
||||||
|
|
||||||
|
/* If this is set we include the string type in the output */
|
||||||
|
#define ASN1_STRFLGS_SHOW_TYPE 0x40
|
||||||
|
|
||||||
|
/* This determines which strings to display and which to
|
||||||
|
* 'dump' (hex dump of content octets or DER encoding). We can
|
||||||
|
* only dump non character strings or everything. If we
|
||||||
|
* don't dump 'unknown' they are interpreted as character
|
||||||
|
* strings with 1 octet per character and are subject to
|
||||||
|
* the usual escaping options.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#define ASN1_STRFLGS_DUMP_ALL 0x80
|
||||||
|
#define ASN1_STRFLGS_DUMP_UNKNOWN 0x100
|
||||||
|
|
||||||
|
/* These determine what 'dumping' does, we can dump the
|
||||||
|
* content octets or the DER encoding: both use the
|
||||||
|
* RFC2253 #XXXXX notation.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#define ASN1_STRFLGS_DUMP_DER 0x200
|
||||||
|
|
||||||
|
/* All the string flags consistent with RFC2253,
|
||||||
|
* escaping control characters isn't essential in
|
||||||
|
* RFC2253 but it is advisable anyway.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#define ASN1_STRFLGS_RFC2253 (ASN1_STRFLGS_ESC_2253 | \
|
||||||
|
ASN1_STRFLGS_ESC_CTRL | \
|
||||||
|
ASN1_STRFLGS_ESC_MSB | \
|
||||||
|
ASN1_STRFLGS_UTF8_CONVERT | \
|
||||||
|
ASN1_STRFLGS_DUMP_UNKNOWN | \
|
||||||
|
ASN1_STRFLGS_DUMP_DER)
|
||||||
|
|
||||||
|
DECLARE_STACK_OF(ASN1_INTEGER)
|
||||||
|
DECLARE_ASN1_SET_OF(ASN1_INTEGER)
|
||||||
|
|
||||||
typedef struct asn1_type_st
|
typedef struct asn1_type_st
|
||||||
{
|
{
|
||||||
int type;
|
int type;
|
||||||
union {
|
union {
|
||||||
char *ptr;
|
char *ptr;
|
||||||
|
ASN1_BOOLEAN boolean;
|
||||||
ASN1_STRING * asn1_string;
|
ASN1_STRING * asn1_string;
|
||||||
ASN1_OBJECT * object;
|
ASN1_OBJECT * object;
|
||||||
ASN1_INTEGER * integer;
|
ASN1_INTEGER * integer;
|
||||||
@ -520,6 +587,8 @@ void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
|
|||||||
ASN1_OBJECT * ASN1_OBJECT_new(void );
|
ASN1_OBJECT * ASN1_OBJECT_new(void );
|
||||||
void ASN1_OBJECT_free(ASN1_OBJECT *a);
|
void ASN1_OBJECT_free(ASN1_OBJECT *a);
|
||||||
int i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp);
|
int i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp);
|
||||||
|
ASN1_OBJECT * c2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
|
||||||
|
long length);
|
||||||
ASN1_OBJECT * d2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
|
ASN1_OBJECT * d2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
|
||||||
long length);
|
long length);
|
||||||
|
|
||||||
@ -542,14 +611,17 @@ unsigned char * ASN1_STRING_data(ASN1_STRING *x);
|
|||||||
ASN1_BIT_STRING * ASN1_BIT_STRING_new(void);
|
ASN1_BIT_STRING * ASN1_BIT_STRING_new(void);
|
||||||
void ASN1_BIT_STRING_free(ASN1_BIT_STRING *a);
|
void ASN1_BIT_STRING_free(ASN1_BIT_STRING *a);
|
||||||
int i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp);
|
int i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp);
|
||||||
|
int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp);
|
||||||
ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,unsigned char **pp,
|
ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,unsigned char **pp,
|
||||||
long length);
|
long length);
|
||||||
|
ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,unsigned char **pp,
|
||||||
|
long length);
|
||||||
int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d,
|
int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d,
|
||||||
int length );
|
int length );
|
||||||
int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
|
int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
|
||||||
int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);
|
int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);
|
||||||
|
|
||||||
#ifdef HEADER_BIO_H
|
#ifndef NO_BIO
|
||||||
int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
|
int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
|
||||||
BIT_STRING_BITNAME *tbl, int indent);
|
BIT_STRING_BITNAME *tbl, int indent);
|
||||||
#endif
|
#endif
|
||||||
@ -563,8 +635,11 @@ int d2i_ASN1_BOOLEAN(int *a,unsigned char **pp,long length);
|
|||||||
ASN1_INTEGER * ASN1_INTEGER_new(void);
|
ASN1_INTEGER * ASN1_INTEGER_new(void);
|
||||||
void ASN1_INTEGER_free(ASN1_INTEGER *a);
|
void ASN1_INTEGER_free(ASN1_INTEGER *a);
|
||||||
int i2d_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);
|
int i2d_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);
|
||||||
|
int i2c_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);
|
||||||
ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,
|
ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,
|
||||||
long length);
|
long length);
|
||||||
|
ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,
|
||||||
|
long length);
|
||||||
ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,unsigned char **pp,
|
ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,unsigned char **pp,
|
||||||
long length);
|
long length);
|
||||||
ASN1_INTEGER * ASN1_INTEGER_dup(ASN1_INTEGER *x);
|
ASN1_INTEGER * ASN1_INTEGER_dup(ASN1_INTEGER *x);
|
||||||
@ -579,6 +654,10 @@ ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a,unsigned char **pp,
|
|||||||
int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
|
int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
|
||||||
ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);
|
ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);
|
||||||
int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str);
|
int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str);
|
||||||
|
int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
|
||||||
|
#if 0
|
||||||
|
time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s);
|
||||||
|
#endif
|
||||||
|
|
||||||
int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
|
int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
|
||||||
ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t);
|
ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t);
|
||||||
@ -673,10 +752,10 @@ ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t);
|
|||||||
int i2d_ASN1_SET(STACK *a, unsigned char **pp,
|
int i2d_ASN1_SET(STACK *a, unsigned char **pp,
|
||||||
int (*func)(), int ex_tag, int ex_class, int is_set);
|
int (*func)(), int ex_tag, int ex_class, int is_set);
|
||||||
STACK * d2i_ASN1_SET(STACK **a, unsigned char **pp, long length,
|
STACK * d2i_ASN1_SET(STACK **a, unsigned char **pp, long length,
|
||||||
char *(*func)(), void (*free_func)(),
|
char *(*func)(), void (*free_func)(void *),
|
||||||
int ex_tag, int ex_class);
|
int ex_tag, int ex_class);
|
||||||
|
|
||||||
#ifdef HEADER_BIO_H
|
#ifndef NO_BIO
|
||||||
int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
|
int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
|
||||||
int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size);
|
int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size);
|
||||||
int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a);
|
int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a);
|
||||||
@ -729,16 +808,21 @@ char *ASN1_dup(int (*i2d)(),char *(*d2i)(),char *x);
|
|||||||
#ifndef NO_FP_API
|
#ifndef NO_FP_API
|
||||||
char *ASN1_d2i_fp(char *(*xnew)(),char *(*d2i)(),FILE *fp,unsigned char **x);
|
char *ASN1_d2i_fp(char *(*xnew)(),char *(*d2i)(),FILE *fp,unsigned char **x);
|
||||||
int ASN1_i2d_fp(int (*i2d)(),FILE *out,unsigned char *x);
|
int ASN1_i2d_fp(int (*i2d)(),FILE *out,unsigned char *x);
|
||||||
|
int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef HEADER_BIO_H
|
int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in);
|
||||||
|
|
||||||
|
#ifndef NO_BIO
|
||||||
char *ASN1_d2i_bio(char *(*xnew)(),char *(*d2i)(),BIO *bp,unsigned char **x);
|
char *ASN1_d2i_bio(char *(*xnew)(),char *(*d2i)(),BIO *bp,unsigned char **x);
|
||||||
int ASN1_i2d_bio(int (*i2d)(),BIO *out,unsigned char *x);
|
int ASN1_i2d_bio(int (*i2d)(),BIO *out,unsigned char *x);
|
||||||
int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a);
|
int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a);
|
||||||
int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a);
|
int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a);
|
||||||
int ASN1_TIME_print(BIO *fp,ASN1_TIME *a);
|
int ASN1_TIME_print(BIO *fp,ASN1_TIME *a);
|
||||||
int ASN1_STRING_print(BIO *bp,ASN1_STRING *v);
|
int ASN1_STRING_print(BIO *bp,ASN1_STRING *v);
|
||||||
|
int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags);
|
||||||
int ASN1_parse(BIO *bp,unsigned char *pp,long len,int indent);
|
int ASN1_parse(BIO *bp,unsigned char *pp,long len,int indent);
|
||||||
|
int ASN1_parse_dump(BIO *bp,unsigned char *pp,long len,int indent,int dump);
|
||||||
#endif
|
#endif
|
||||||
const char *ASN1_tag2str(int tag);
|
const char *ASN1_tag2str(int tag);
|
||||||
|
|
||||||
@ -768,9 +852,9 @@ int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num,
|
|||||||
unsigned char *data, int max_len);
|
unsigned char *data, int max_len);
|
||||||
|
|
||||||
STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(),
|
STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(),
|
||||||
void (*free_func)() );
|
void (*free_func)(void *) );
|
||||||
unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf,
|
unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf,
|
||||||
int *len );
|
int *len );
|
||||||
void *ASN1_unpack_string(ASN1_STRING *oct, char *(*d2i)());
|
void *ASN1_unpack_string(ASN1_STRING *oct, char *(*d2i)());
|
||||||
ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_OCTET_STRING **oct);
|
ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_OCTET_STRING **oct);
|
||||||
|
|
||||||
|
@ -181,7 +181,7 @@ void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag,
|
|||||||
int xclass)
|
int xclass)
|
||||||
{
|
{
|
||||||
unsigned char *p= *pp;
|
unsigned char *p= *pp;
|
||||||
int i;
|
int i, ttag;
|
||||||
|
|
||||||
i=(constructed)?V_ASN1_CONSTRUCTED:0;
|
i=(constructed)?V_ASN1_CONSTRUCTED:0;
|
||||||
i|=(xclass&V_ASN1_PRIVATE);
|
i|=(xclass&V_ASN1_PRIVATE);
|
||||||
@ -190,12 +190,15 @@ void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag,
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
*(p++)=i|V_ASN1_PRIMITIVE_TAG;
|
*(p++)=i|V_ASN1_PRIMITIVE_TAG;
|
||||||
while (tag > 0x7f)
|
for(i = 0, ttag = tag; ttag > 0; i++) ttag >>=7;
|
||||||
|
ttag = i;
|
||||||
|
while(i-- > 0)
|
||||||
{
|
{
|
||||||
*(p++)=(tag&0x7f)|0x80;
|
p[i] = tag & 0x7f;
|
||||||
tag>>=7;
|
if(i != (ttag - 1)) p[i] |= 0x80;
|
||||||
|
tag >>= 7;
|
||||||
}
|
}
|
||||||
*(p++)=(tag&0x7f);
|
p += ttag;
|
||||||
}
|
}
|
||||||
if ((constructed == 2) && (length == 0))
|
if ((constructed == 2) && (length == 0))
|
||||||
*(p++)=0x80; /* der_put_length would output 0 instead */
|
*(p++)=0x80; /* der_put_length would output 0 instead */
|
||||||
@ -335,9 +338,9 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
|
|||||||
{
|
{
|
||||||
c=str->data;
|
c=str->data;
|
||||||
if (c == NULL)
|
if (c == NULL)
|
||||||
str->data=Malloc(len+1);
|
str->data=OPENSSL_malloc(len+1);
|
||||||
else
|
else
|
||||||
str->data=Realloc(c,len+1);
|
str->data=OPENSSL_realloc(c,len+1);
|
||||||
|
|
||||||
if (str->data == NULL)
|
if (str->data == NULL)
|
||||||
{
|
{
|
||||||
@ -365,7 +368,7 @@ ASN1_STRING *ASN1_STRING_type_new(int type)
|
|||||||
{
|
{
|
||||||
ASN1_STRING *ret;
|
ASN1_STRING *ret;
|
||||||
|
|
||||||
ret=(ASN1_STRING *)Malloc(sizeof(ASN1_STRING));
|
ret=(ASN1_STRING *)OPENSSL_malloc(sizeof(ASN1_STRING));
|
||||||
if (ret == NULL)
|
if (ret == NULL)
|
||||||
{
|
{
|
||||||
ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW,ERR_R_MALLOC_FAILURE);
|
ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW,ERR_R_MALLOC_FAILURE);
|
||||||
@ -381,8 +384,8 @@ ASN1_STRING *ASN1_STRING_type_new(int type)
|
|||||||
void ASN1_STRING_free(ASN1_STRING *a)
|
void ASN1_STRING_free(ASN1_STRING *a)
|
||||||
{
|
{
|
||||||
if (a == NULL) return;
|
if (a == NULL) return;
|
||||||
if (a->data != NULL) Free(a->data);
|
if (a->data != NULL) OPENSSL_free(a->data);
|
||||||
Free(a);
|
OPENSSL_free(a);
|
||||||
}
|
}
|
||||||
|
|
||||||
int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b)
|
int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b)
|
||||||
|
@ -59,12 +59,12 @@
|
|||||||
#ifndef HEADER_ASN1_MAC_H
|
#ifndef HEADER_ASN1_MAC_H
|
||||||
#define HEADER_ASN1_MAC_H
|
#define HEADER_ASN1_MAC_H
|
||||||
|
|
||||||
|
#include <openssl/asn1.h>
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
extern "C" {
|
extern "C" {
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#include <openssl/asn1.h>
|
|
||||||
|
|
||||||
#ifndef ASN1_MAC_ERR_LIB
|
#ifndef ASN1_MAC_ERR_LIB
|
||||||
#define ASN1_MAC_ERR_LIB ERR_LIB_ASN1
|
#define ASN1_MAC_ERR_LIB ERR_LIB_ASN1
|
||||||
#endif
|
#endif
|
||||||
@ -340,7 +340,7 @@ err:\
|
|||||||
|
|
||||||
/* New macros */
|
/* New macros */
|
||||||
#define M_ASN1_New_Malloc(ret,type) \
|
#define M_ASN1_New_Malloc(ret,type) \
|
||||||
if ((ret=(type *)Malloc(sizeof(type))) == NULL) \
|
if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \
|
||||||
{ c.line=__LINE__; goto err2; }
|
{ c.line=__LINE__; goto err2; }
|
||||||
|
|
||||||
#define M_ASN1_New(arg,func) \
|
#define M_ASN1_New(arg,func) \
|
||||||
|
@ -65,7 +65,7 @@
|
|||||||
static int asn1_print_info(BIO *bp, int tag, int xclass,int constructed,
|
static int asn1_print_info(BIO *bp, int tag, int xclass,int constructed,
|
||||||
int indent);
|
int indent);
|
||||||
static int asn1_parse2(BIO *bp, unsigned char **pp, long length,
|
static int asn1_parse2(BIO *bp, unsigned char **pp, long length,
|
||||||
int offset, int depth, int indent);
|
int offset, int depth, int indent, int dump);
|
||||||
static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
|
static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
|
||||||
int indent)
|
int indent)
|
||||||
{
|
{
|
||||||
@ -110,11 +110,16 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
|
|||||||
|
|
||||||
int ASN1_parse(BIO *bp, unsigned char *pp, long len, int indent)
|
int ASN1_parse(BIO *bp, unsigned char *pp, long len, int indent)
|
||||||
{
|
{
|
||||||
return(asn1_parse2(bp,&pp,len,0,0,indent));
|
return(asn1_parse2(bp,&pp,len,0,0,indent,0));
|
||||||
|
}
|
||||||
|
|
||||||
|
int ASN1_parse_dump(BIO *bp, unsigned char *pp, long len, int indent, int dump)
|
||||||
|
{
|
||||||
|
return(asn1_parse2(bp,&pp,len,0,0,indent,dump));
|
||||||
}
|
}
|
||||||
|
|
||||||
static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
|
static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
|
||||||
int depth, int indent)
|
int depth, int indent, int dump)
|
||||||
{
|
{
|
||||||
unsigned char *p,*ep,*tot,*op,*opp;
|
unsigned char *p,*ep,*tot,*op,*opp;
|
||||||
long len;
|
long len;
|
||||||
@ -123,7 +128,13 @@ static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
|
|||||||
ASN1_OBJECT *o=NULL;
|
ASN1_OBJECT *o=NULL;
|
||||||
ASN1_OCTET_STRING *os=NULL;
|
ASN1_OCTET_STRING *os=NULL;
|
||||||
/* ASN1_BMPSTRING *bmp=NULL;*/
|
/* ASN1_BMPSTRING *bmp=NULL;*/
|
||||||
|
int dump_indent;
|
||||||
|
|
||||||
|
#if 0
|
||||||
|
dump_indent = indent;
|
||||||
|
#else
|
||||||
|
dump_indent = 6; /* Because we know BIO_dump_indent() */
|
||||||
|
#endif
|
||||||
p= *pp;
|
p= *pp;
|
||||||
tot=p+length;
|
tot=p+length;
|
||||||
op=p-1;
|
op=p-1;
|
||||||
@ -178,7 +189,7 @@ static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
|
|||||||
{
|
{
|
||||||
r=asn1_parse2(bp,&p,(long)(tot-p),
|
r=asn1_parse2(bp,&p,(long)(tot-p),
|
||||||
offset+(p - *pp),depth+1,
|
offset+(p - *pp),depth+1,
|
||||||
indent);
|
indent,dump);
|
||||||
if (r == 0) { ret=0; goto end; }
|
if (r == 0) { ret=0; goto end; }
|
||||||
if ((r == 2) || (p >= tot)) break;
|
if ((r == 2) || (p >= tot)) break;
|
||||||
}
|
}
|
||||||
@ -188,7 +199,7 @@ static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
|
|||||||
{
|
{
|
||||||
r=asn1_parse2(bp,&p,(long)len,
|
r=asn1_parse2(bp,&p,(long)len,
|
||||||
offset+(p - *pp),depth+1,
|
offset+(p - *pp),depth+1,
|
||||||
indent);
|
indent,dump);
|
||||||
if (r == 0) { ret=0; goto end; }
|
if (r == 0) { ret=0; goto end; }
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -273,6 +284,20 @@ static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
|
|||||||
os->length) <= 0)
|
os->length) <= 0)
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
|
if (!printable && (os->length > 0)
|
||||||
|
&& dump)
|
||||||
|
{
|
||||||
|
if (!nl)
|
||||||
|
{
|
||||||
|
if (BIO_write(bp,"\n",1) <= 0)
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
if (BIO_dump_indent(bp,(char *)opp,
|
||||||
|
((dump == -1 || dump > os->length)?os->length:dump),
|
||||||
|
dump_indent) <= 0)
|
||||||
|
goto end;
|
||||||
|
nl=1;
|
||||||
|
}
|
||||||
M_ASN1_OCTET_STRING_free(os);
|
M_ASN1_OCTET_STRING_free(os);
|
||||||
os=NULL;
|
os=NULL;
|
||||||
}
|
}
|
||||||
@ -341,6 +366,19 @@ static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
|
|||||||
}
|
}
|
||||||
M_ASN1_ENUMERATED_free(bs);
|
M_ASN1_ENUMERATED_free(bs);
|
||||||
}
|
}
|
||||||
|
else if (len > 0 && dump)
|
||||||
|
{
|
||||||
|
if (!nl)
|
||||||
|
{
|
||||||
|
if (BIO_write(bp,"\n",1) <= 0)
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
if (BIO_dump_indent(bp,(char *)p,
|
||||||
|
((dump == -1 || dump > len)?len:dump),
|
||||||
|
dump_indent) <= 0)
|
||||||
|
goto end;
|
||||||
|
nl=1;
|
||||||
|
}
|
||||||
|
|
||||||
if (!nl)
|
if (!nl)
|
||||||
{
|
{
|
||||||
|
@ -65,7 +65,7 @@
|
|||||||
/* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */
|
/* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */
|
||||||
|
|
||||||
STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(),
|
STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(),
|
||||||
void (*free_func)())
|
void (*free_func)(void *))
|
||||||
{
|
{
|
||||||
STACK *sk;
|
STACK *sk;
|
||||||
unsigned char *pbuf;
|
unsigned char *pbuf;
|
||||||
@ -77,7 +77,7 @@ STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(),
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Turn a STACK structures into an ASN1 encoded SEQUENCE OF structure in a
|
/* Turn a STACK structures into an ASN1 encoded SEQUENCE OF structure in a
|
||||||
* Malloc'ed buffer
|
* OPENSSL_malloc'ed buffer
|
||||||
*/
|
*/
|
||||||
|
|
||||||
unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf,
|
unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf,
|
||||||
@ -90,7 +90,7 @@ unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf,
|
|||||||
ASN1err(ASN1_F_ASN1_SEQ_PACK,ASN1_R_ENCODE_ERROR);
|
ASN1err(ASN1_F_ASN1_SEQ_PACK,ASN1_R_ENCODE_ERROR);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
if (!(safe = Malloc (safelen))) {
|
if (!(safe = OPENSSL_malloc (safelen))) {
|
||||||
ASN1err(ASN1_F_ASN1_SEQ_PACK,ERR_R_MALLOC_FAILURE);
|
ASN1err(ASN1_F_ASN1_SEQ_PACK,ERR_R_MALLOC_FAILURE);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
@ -134,7 +134,7 @@ ASN1_STRING *ASN1_pack_string (void *obj, int (*i2d)(), ASN1_STRING **oct)
|
|||||||
ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR);
|
ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
if (!(p = Malloc (octmp->length))) {
|
if (!(p = OPENSSL_malloc (octmp->length))) {
|
||||||
ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
|
ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
15
crypto/openssl/crypto/asn1/charmap.h
Normal file
15
crypto/openssl/crypto/asn1/charmap.h
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
/* Auto generated with chartype.pl script.
|
||||||
|
* Mask of various character properties
|
||||||
|
*/
|
||||||
|
|
||||||
|
static unsigned char char_type[] = {
|
||||||
|
2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
|
||||||
|
2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
|
||||||
|
120, 0, 1,40, 0, 0, 0,16,16,16, 0,25,25,16,16,16,
|
||||||
|
16,16,16,16,16,16,16,16,16,16,16, 9, 9,16, 9,16,
|
||||||
|
0,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,
|
||||||
|
16,16,16,16,16,16,16,16,16,16,16, 0, 1, 0, 0, 0,
|
||||||
|
0,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,
|
||||||
|
16,16,16,16,16,16,16,16,16,16,16, 0, 0, 0, 0, 2
|
||||||
|
};
|
||||||
|
|
80
crypto/openssl/crypto/asn1/charmap.pl
Normal file
80
crypto/openssl/crypto/asn1/charmap.pl
Normal file
@ -0,0 +1,80 @@
|
|||||||
|
#!/usr/local/bin/perl -w
|
||||||
|
|
||||||
|
use strict;
|
||||||
|
|
||||||
|
my ($i, @arr);
|
||||||
|
|
||||||
|
# Set up an array with the type of ASCII characters
|
||||||
|
# Each set bit represents a character property.
|
||||||
|
|
||||||
|
# RFC2253 character properties
|
||||||
|
my $RFC2253_ESC = 1; # Character escaped with \
|
||||||
|
my $ESC_CTRL = 2; # Escaped control character
|
||||||
|
# These are used with RFC1779 quoting using "
|
||||||
|
my $NOESC_QUOTE = 8; # Not escaped if quoted
|
||||||
|
my $PSTRING_CHAR = 0x10; # Valid PrintableString character
|
||||||
|
my $RFC2253_FIRST_ESC = 0x20; # Escaped with \ if first character
|
||||||
|
my $RFC2253_LAST_ESC = 0x40; # Escaped with \ if last character
|
||||||
|
|
||||||
|
for($i = 0; $i < 128; $i++) {
|
||||||
|
# Set the RFC2253 escape characters (control)
|
||||||
|
$arr[$i] = 0;
|
||||||
|
if(($i < 32) || ($i > 126)) {
|
||||||
|
$arr[$i] |= $ESC_CTRL;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Some PrintableString characters
|
||||||
|
if( ( ( $i >= ord("a")) && ( $i <= ord("z")) )
|
||||||
|
|| ( ( $i >= ord("A")) && ( $i <= ord("Z")) )
|
||||||
|
|| ( ( $i >= ord("0")) && ( $i <= ord("9")) ) ) {
|
||||||
|
$arr[$i] |= $PSTRING_CHAR;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Now setup the rest
|
||||||
|
|
||||||
|
# Remaining RFC2253 escaped characters
|
||||||
|
|
||||||
|
$arr[ord(" ")] |= $NOESC_QUOTE | $RFC2253_FIRST_ESC | $RFC2253_LAST_ESC;
|
||||||
|
$arr[ord("#")] |= $NOESC_QUOTE | $RFC2253_FIRST_ESC;
|
||||||
|
|
||||||
|
$arr[ord(",")] |= $NOESC_QUOTE | $RFC2253_ESC;
|
||||||
|
$arr[ord("+")] |= $NOESC_QUOTE | $RFC2253_ESC;
|
||||||
|
$arr[ord("\"")] |= $RFC2253_ESC;
|
||||||
|
$arr[ord("\\")] |= $RFC2253_ESC;
|
||||||
|
$arr[ord("<")] |= $NOESC_QUOTE | $RFC2253_ESC;
|
||||||
|
$arr[ord(">")] |= $NOESC_QUOTE | $RFC2253_ESC;
|
||||||
|
$arr[ord(";")] |= $NOESC_QUOTE | $RFC2253_ESC;
|
||||||
|
|
||||||
|
# Remaining PrintableString characters
|
||||||
|
|
||||||
|
$arr[ord(" ")] |= $PSTRING_CHAR;
|
||||||
|
$arr[ord("'")] |= $PSTRING_CHAR;
|
||||||
|
$arr[ord("(")] |= $PSTRING_CHAR;
|
||||||
|
$arr[ord(")")] |= $PSTRING_CHAR;
|
||||||
|
$arr[ord("+")] |= $PSTRING_CHAR;
|
||||||
|
$arr[ord(",")] |= $PSTRING_CHAR;
|
||||||
|
$arr[ord("-")] |= $PSTRING_CHAR;
|
||||||
|
$arr[ord(".")] |= $PSTRING_CHAR;
|
||||||
|
$arr[ord("/")] |= $PSTRING_CHAR;
|
||||||
|
$arr[ord(":")] |= $PSTRING_CHAR;
|
||||||
|
$arr[ord("=")] |= $PSTRING_CHAR;
|
||||||
|
$arr[ord("?")] |= $PSTRING_CHAR;
|
||||||
|
|
||||||
|
# Now generate the C code
|
||||||
|
|
||||||
|
print <<EOF;
|
||||||
|
/* Auto generated with chartype.pl script.
|
||||||
|
* Mask of various character properties
|
||||||
|
*/
|
||||||
|
|
||||||
|
static unsigned char char_type[] = {
|
||||||
|
EOF
|
||||||
|
|
||||||
|
for($i = 0; $i < 128; $i++) {
|
||||||
|
print("\n") if($i && (($i % 16) == 0));
|
||||||
|
printf("%2d", $arr[$i]);
|
||||||
|
print(",") if ($i != 127);
|
||||||
|
}
|
||||||
|
print("\n};\n\n");
|
||||||
|
|
@ -64,7 +64,7 @@
|
|||||||
#include <openssl/objects.h>
|
#include <openssl/objects.h>
|
||||||
#include <openssl/asn1_mac.h>
|
#include <openssl/asn1_mac.h>
|
||||||
|
|
||||||
#ifdef NEG_PUBKEY_BUG
|
#ifndef NO_NEG_PUBKEY_BUG
|
||||||
#define d2i_ASN1_INTEGER d2i_ASN1_UINTEGER
|
#define d2i_ASN1_INTEGER d2i_ASN1_UINTEGER
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -64,7 +64,7 @@
|
|||||||
#include <openssl/objects.h>
|
#include <openssl/objects.h>
|
||||||
#include <openssl/asn1_mac.h>
|
#include <openssl/asn1_mac.h>
|
||||||
|
|
||||||
#ifdef NEG_PUBKEY_BUG
|
#ifndef NO_NEG_PUBKEY_BUG
|
||||||
#define d2i_ASN1_INTEGER d2i_ASN1_UINTEGER
|
#define d2i_ASN1_INTEGER d2i_ASN1_UINTEGER
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -92,6 +92,7 @@ DSA *d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length)
|
|||||||
== NULL) goto err_bn;
|
== NULL) goto err_bn;
|
||||||
|
|
||||||
M_ASN1_INTEGER_free(bs);
|
M_ASN1_INTEGER_free(bs);
|
||||||
|
bs = NULL;
|
||||||
|
|
||||||
M_ASN1_D2I_Finish_2(a);
|
M_ASN1_D2I_Finish_2(a);
|
||||||
err_bn:
|
err_bn:
|
||||||
|
@ -66,7 +66,7 @@
|
|||||||
#include <openssl/objects.h>
|
#include <openssl/objects.h>
|
||||||
#include <openssl/asn1_mac.h>
|
#include <openssl/asn1_mac.h>
|
||||||
|
|
||||||
#ifdef NEG_PUBKEY_BUG
|
#ifndef NO_NEG_PUBKEY_BUG
|
||||||
#define d2i_ASN1_INTEGER d2i_ASN1_UINTEGER
|
#define d2i_ASN1_INTEGER d2i_ASN1_UINTEGER
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -153,15 +153,15 @@ int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)
|
|||||||
if (num+i > slen)
|
if (num+i > slen)
|
||||||
{
|
{
|
||||||
if (s == NULL)
|
if (s == NULL)
|
||||||
sp=(unsigned char *)Malloc(
|
sp=(unsigned char *)OPENSSL_malloc(
|
||||||
(unsigned int)num+i*2);
|
(unsigned int)num+i*2);
|
||||||
else
|
else
|
||||||
sp=(unsigned char *)Realloc(s,
|
sp=(unsigned char *)OPENSSL_realloc(s,
|
||||||
(unsigned int)num+i*2);
|
(unsigned int)num+i*2);
|
||||||
if (sp == NULL)
|
if (sp == NULL)
|
||||||
{
|
{
|
||||||
ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
|
ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
|
||||||
if (s != NULL) Free(s);
|
if (s != NULL) OPENSSL_free(s);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
s=sp;
|
s=sp;
|
||||||
|
@ -160,15 +160,15 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
|
|||||||
if (num+i > slen)
|
if (num+i > slen)
|
||||||
{
|
{
|
||||||
if (s == NULL)
|
if (s == NULL)
|
||||||
sp=(unsigned char *)Malloc(
|
sp=(unsigned char *)OPENSSL_malloc(
|
||||||
(unsigned int)num+i*2);
|
(unsigned int)num+i*2);
|
||||||
else
|
else
|
||||||
sp=(unsigned char *)Realloc(s,
|
sp=(unsigned char *)OPENSSL_realloc(s,
|
||||||
(unsigned int)num+i*2);
|
(unsigned int)num+i*2);
|
||||||
if (sp == NULL)
|
if (sp == NULL)
|
||||||
{
|
{
|
||||||
ASN1err(ASN1_F_A2I_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
|
ASN1err(ASN1_F_A2I_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
|
||||||
if (s != NULL) Free(s);
|
if (s != NULL) OPENSSL_free(s);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
s=sp;
|
s=sp;
|
||||||
|
@ -158,15 +158,15 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
|
|||||||
if (num+i > slen)
|
if (num+i > slen)
|
||||||
{
|
{
|
||||||
if (s == NULL)
|
if (s == NULL)
|
||||||
sp=(unsigned char *)Malloc(
|
sp=(unsigned char *)OPENSSL_malloc(
|
||||||
(unsigned int)num+i*2);
|
(unsigned int)num+i*2);
|
||||||
else
|
else
|
||||||
sp=(unsigned char *)Realloc(s,
|
sp=(unsigned char *)OPENSSL_realloc(s,
|
||||||
(unsigned int)num+i*2);
|
(unsigned int)num+i*2);
|
||||||
if (sp == NULL)
|
if (sp == NULL)
|
||||||
{
|
{
|
||||||
ASN1err(ASN1_F_A2I_ASN1_STRING,ERR_R_MALLOC_FAILURE);
|
ASN1err(ASN1_F_A2I_ASN1_STRING,ERR_R_MALLOC_FAILURE);
|
||||||
if (s != NULL) Free(s);
|
if (s != NULL) OPENSSL_free(s);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
s=sp;
|
s=sp;
|
||||||
|
@ -105,7 +105,7 @@ int i2d_DHparams(DH *a, unsigned char **pp)
|
|||||||
ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
|
ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
|
||||||
|
|
||||||
bs.type=V_ASN1_INTEGER;
|
bs.type=V_ASN1_INTEGER;
|
||||||
bs.data=(unsigned char *)Malloc(max+4);
|
bs.data=(unsigned char *)OPENSSL_malloc(max+4);
|
||||||
if (bs.data == NULL)
|
if (bs.data == NULL)
|
||||||
{
|
{
|
||||||
ASN1err(ASN1_F_I2D_DHPARAMS,ERR_R_MALLOC_FAILURE);
|
ASN1err(ASN1_F_I2D_DHPARAMS,ERR_R_MALLOC_FAILURE);
|
||||||
@ -118,7 +118,7 @@ int i2d_DHparams(DH *a, unsigned char **pp)
|
|||||||
bs.length=BN_bn2bin(num[i],bs.data);
|
bs.length=BN_bn2bin(num[i],bs.data);
|
||||||
i2d_ASN1_INTEGER(&bs,&p);
|
i2d_ASN1_INTEGER(&bs,&p);
|
||||||
}
|
}
|
||||||
Free(bs.data);
|
OPENSSL_free(bs.data);
|
||||||
ret=t;
|
ret=t;
|
||||||
err:
|
err:
|
||||||
if (num[2] != NULL) BN_free(num[2]);
|
if (num[2] != NULL) BN_free(num[2]);
|
||||||
|
@ -94,7 +94,7 @@ int i2d_DSAparams(DSA *a, unsigned char **pp)
|
|||||||
ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
|
ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
|
||||||
|
|
||||||
bs.type=V_ASN1_INTEGER;
|
bs.type=V_ASN1_INTEGER;
|
||||||
bs.data=(unsigned char *)Malloc(max+4);
|
bs.data=(unsigned char *)OPENSSL_malloc(max+4);
|
||||||
if (bs.data == NULL)
|
if (bs.data == NULL)
|
||||||
{
|
{
|
||||||
ASN1err(ASN1_F_I2D_DSAPARAMS,ERR_R_MALLOC_FAILURE);
|
ASN1err(ASN1_F_I2D_DSAPARAMS,ERR_R_MALLOC_FAILURE);
|
||||||
@ -107,7 +107,7 @@ int i2d_DSAparams(DSA *a, unsigned char **pp)
|
|||||||
bs.length=BN_bn2bin(num[i],bs.data);
|
bs.length=BN_bn2bin(num[i],bs.data);
|
||||||
i2d_ASN1_INTEGER(&bs,&p);
|
i2d_ASN1_INTEGER(&bs,&p);
|
||||||
}
|
}
|
||||||
Free(bs.data);
|
OPENSSL_free(bs.data);
|
||||||
ret=t;
|
ret=t;
|
||||||
err:
|
err:
|
||||||
*pp=p;
|
*pp=p;
|
||||||
|
@ -107,7 +107,7 @@ int i2d_RSAPrivateKey(RSA *a, unsigned char **pp)
|
|||||||
|
|
||||||
i2d_ASN1_INTEGER(&bs,&p);
|
i2d_ASN1_INTEGER(&bs,&p);
|
||||||
|
|
||||||
bs.data=(unsigned char *)Malloc(max+4);
|
bs.data=(unsigned char *)OPENSSL_malloc(max+4);
|
||||||
if (bs.data == NULL)
|
if (bs.data == NULL)
|
||||||
{
|
{
|
||||||
ASN1err(ASN1_F_I2D_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
|
ASN1err(ASN1_F_I2D_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
|
||||||
@ -119,7 +119,7 @@ int i2d_RSAPrivateKey(RSA *a, unsigned char **pp)
|
|||||||
bs.length=BN_bn2bin(num[i],bs.data);
|
bs.length=BN_bn2bin(num[i],bs.data);
|
||||||
i2d_ASN1_INTEGER(&bs,&p);
|
i2d_ASN1_INTEGER(&bs,&p);
|
||||||
}
|
}
|
||||||
Free(bs.data);
|
OPENSSL_free(bs.data);
|
||||||
*pp=p;
|
*pp=p;
|
||||||
return(t);
|
return(t);
|
||||||
}
|
}
|
||||||
|
@ -93,7 +93,7 @@ int i2d_RSAPublicKey(RSA *a, unsigned char **pp)
|
|||||||
ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
|
ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
|
||||||
|
|
||||||
bs.type=V_ASN1_INTEGER;
|
bs.type=V_ASN1_INTEGER;
|
||||||
bs.data=(unsigned char *)Malloc(max+4);
|
bs.data=(unsigned char *)OPENSSL_malloc(max+4);
|
||||||
if (bs.data == NULL)
|
if (bs.data == NULL)
|
||||||
{
|
{
|
||||||
ASN1err(ASN1_F_I2D_RSAPUBLICKEY,ERR_R_MALLOC_FAILURE);
|
ASN1err(ASN1_F_I2D_RSAPUBLICKEY,ERR_R_MALLOC_FAILURE);
|
||||||
@ -105,7 +105,7 @@ int i2d_RSAPublicKey(RSA *a, unsigned char **pp)
|
|||||||
bs.length=BN_bn2bin(num[i],bs.data);
|
bs.length=BN_bn2bin(num[i],bs.data);
|
||||||
i2d_ASN1_INTEGER(&bs,&p);
|
i2d_ASN1_INTEGER(&bs,&p);
|
||||||
}
|
}
|
||||||
Free(bs.data);
|
OPENSSL_free(bs.data);
|
||||||
*pp=p;
|
*pp=p;
|
||||||
return(t);
|
return(t);
|
||||||
}
|
}
|
||||||
|
@ -104,7 +104,7 @@ int i2d_DSAPrivateKey(DSA *a, unsigned char **pp)
|
|||||||
|
|
||||||
i2d_ASN1_INTEGER(&bs,&p);
|
i2d_ASN1_INTEGER(&bs,&p);
|
||||||
|
|
||||||
bs.data=(unsigned char *)Malloc(max+4);
|
bs.data=(unsigned char *)OPENSSL_malloc(max+4);
|
||||||
if (bs.data == NULL)
|
if (bs.data == NULL)
|
||||||
{
|
{
|
||||||
ASN1err(ASN1_F_I2D_DSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
|
ASN1err(ASN1_F_I2D_DSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
|
||||||
@ -116,7 +116,7 @@ int i2d_DSAPrivateKey(DSA *a, unsigned char **pp)
|
|||||||
bs.length=BN_bn2bin(num[i],bs.data);
|
bs.length=BN_bn2bin(num[i],bs.data);
|
||||||
i2d_ASN1_INTEGER(&bs,&p);
|
i2d_ASN1_INTEGER(&bs,&p);
|
||||||
}
|
}
|
||||||
Free(bs.data);
|
OPENSSL_free(bs.data);
|
||||||
*pp=p;
|
*pp=p;
|
||||||
return(t);
|
return(t);
|
||||||
}
|
}
|
||||||
|
@ -109,7 +109,7 @@ int i2d_DSAPublicKey(DSA *a, unsigned char **pp)
|
|||||||
ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
|
ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
|
||||||
|
|
||||||
bs.type=V_ASN1_INTEGER;
|
bs.type=V_ASN1_INTEGER;
|
||||||
bs.data=(unsigned char *)Malloc(max+4);
|
bs.data=(unsigned char *)OPENSSL_malloc(max+4);
|
||||||
if (bs.data == NULL)
|
if (bs.data == NULL)
|
||||||
{
|
{
|
||||||
ASN1err(ASN1_F_I2D_DSAPUBLICKEY,ERR_R_MALLOC_FAILURE);
|
ASN1err(ASN1_F_I2D_DSAPUBLICKEY,ERR_R_MALLOC_FAILURE);
|
||||||
@ -121,7 +121,7 @@ int i2d_DSAPublicKey(DSA *a, unsigned char **pp)
|
|||||||
bs.length=BN_bn2bin(num[i],bs.data);
|
bs.length=BN_bn2bin(num[i],bs.data);
|
||||||
i2d_ASN1_INTEGER(&bs,&p);
|
i2d_ASN1_INTEGER(&bs,&p);
|
||||||
}
|
}
|
||||||
Free(bs.data);
|
OPENSSL_free(bs.data);
|
||||||
*pp=p;
|
*pp=p;
|
||||||
if(all) return(t);
|
if(all) return(t);
|
||||||
else return(tot);
|
else return(tot);
|
||||||
|
@ -81,6 +81,11 @@ static NETSCAPE_PKEY *NETSCAPE_PKEY_new(void);
|
|||||||
static void NETSCAPE_PKEY_free(NETSCAPE_PKEY *);
|
static void NETSCAPE_PKEY_free(NETSCAPE_PKEY *);
|
||||||
|
|
||||||
int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)())
|
int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)())
|
||||||
|
{
|
||||||
|
return i2d_RSA_NET(a, pp, cb, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
int i2d_RSA_NET(RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
|
||||||
{
|
{
|
||||||
int i,j,l[6];
|
int i,j,l[6];
|
||||||
NETSCAPE_PKEY *pkey;
|
NETSCAPE_PKEY *pkey;
|
||||||
@ -139,8 +144,8 @@ int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)())
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (pkey->private_key->data != NULL)
|
if (pkey->private_key->data != NULL)
|
||||||
Free(pkey->private_key->data);
|
OPENSSL_free(pkey->private_key->data);
|
||||||
if ((pkey->private_key->data=(unsigned char *)Malloc(l[0])) == NULL)
|
if ((pkey->private_key->data=(unsigned char *)OPENSSL_malloc(l[0])) == NULL)
|
||||||
{
|
{
|
||||||
ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
|
ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
|
||||||
goto err;
|
goto err;
|
||||||
@ -148,7 +153,7 @@ int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)())
|
|||||||
zz=pkey->private_key->data;
|
zz=pkey->private_key->data;
|
||||||
i2d_RSAPrivateKey(a,&zz);
|
i2d_RSAPrivateKey(a,&zz);
|
||||||
|
|
||||||
if ((os2.data=(unsigned char *)Malloc(os2.length)) == NULL)
|
if ((os2.data=(unsigned char *)OPENSSL_malloc(os2.length)) == NULL)
|
||||||
{
|
{
|
||||||
ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
|
ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
|
||||||
goto err;
|
goto err;
|
||||||
@ -164,8 +169,18 @@ int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)())
|
|||||||
ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ASN1_R_BAD_PASSWORD_READ);
|
ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ASN1_R_BAD_PASSWORD_READ);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,
|
i = strlen((char *)buf);
|
||||||
strlen((char *)buf),1,key,NULL);
|
/* If the key is used for SGC the algorithm is modified a little. */
|
||||||
|
if(sgckey){
|
||||||
|
EVP_MD_CTX mctx;
|
||||||
|
EVP_DigestInit(&mctx, EVP_md5());
|
||||||
|
EVP_DigestUpdate(&mctx, buf, i);
|
||||||
|
EVP_DigestFinal(&mctx, buf, NULL);
|
||||||
|
memcpy(buf + 16, "SGCKEYSALT", 10);
|
||||||
|
i = 26;
|
||||||
|
}
|
||||||
|
|
||||||
|
EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
|
||||||
memset(buf,0,256);
|
memset(buf,0,256);
|
||||||
|
|
||||||
EVP_CIPHER_CTX_init(&ctx);
|
EVP_CIPHER_CTX_init(&ctx);
|
||||||
@ -182,14 +197,20 @@ int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)())
|
|||||||
i2d_ASN1_OCTET_STRING(&os2,&p);
|
i2d_ASN1_OCTET_STRING(&os2,&p);
|
||||||
ret=l[5];
|
ret=l[5];
|
||||||
err:
|
err:
|
||||||
if (os2.data != NULL) Free(os2.data);
|
if (os2.data != NULL) OPENSSL_free(os2.data);
|
||||||
if (alg != NULL) X509_ALGOR_free(alg);
|
if (alg != NULL) X509_ALGOR_free(alg);
|
||||||
if (pkey != NULL) NETSCAPE_PKEY_free(pkey);
|
if (pkey != NULL) NETSCAPE_PKEY_free(pkey);
|
||||||
r=r;
|
r=r;
|
||||||
return(ret);
|
return(ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)())
|
RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)())
|
||||||
|
{
|
||||||
|
return d2i_RSA_NET(a, pp, length, cb, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
RSA *d2i_RSA_NET(RSA **a, unsigned char **pp, long length, int (*cb)(), int sgckey)
|
||||||
{
|
{
|
||||||
RSA *ret=NULL;
|
RSA *ret=NULL;
|
||||||
ASN1_OCTET_STRING *os=NULL;
|
ASN1_OCTET_STRING *os=NULL;
|
||||||
@ -210,14 +231,24 @@ RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)())
|
|||||||
}
|
}
|
||||||
M_ASN1_BIT_STRING_free(os);
|
M_ASN1_BIT_STRING_free(os);
|
||||||
c.q=c.p;
|
c.q=c.p;
|
||||||
if ((ret=d2i_Netscape_RSA_2(a,&c.p,c.slen,cb)) == NULL) goto err;
|
if ((ret=d2i_RSA_NET_2(a,&c.p,c.slen,cb, sgckey)) == NULL) goto err;
|
||||||
c.slen-=(c.p-c.q);
|
/* Note: some versions of IIS key files use length values that are
|
||||||
|
* too small for the surrounding SEQUENCEs. This following line
|
||||||
|
* effectively disable length checking.
|
||||||
|
*/
|
||||||
|
c.slen = 0;
|
||||||
|
|
||||||
M_ASN1_D2I_Finish(a,RSA_free,ASN1_F_D2I_NETSCAPE_RSA);
|
M_ASN1_D2I_Finish(a,RSA_free,ASN1_F_D2I_NETSCAPE_RSA);
|
||||||
}
|
}
|
||||||
|
|
||||||
RSA *d2i_Netscape_RSA_2(RSA **a, unsigned char **pp, long length,
|
RSA *d2i_Netscape_RSA_2(RSA **a, unsigned char **pp, long length,
|
||||||
int (*cb)())
|
int (*cb)())
|
||||||
|
{
|
||||||
|
return d2i_RSA_NET_2(a, pp, length, cb, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
RSA *d2i_RSA_NET_2(RSA **a, unsigned char **pp, long length,
|
||||||
|
int (*cb)(), int sgckey)
|
||||||
{
|
{
|
||||||
NETSCAPE_PKEY *pkey=NULL;
|
NETSCAPE_PKEY *pkey=NULL;
|
||||||
RSA *ret=NULL;
|
RSA *ret=NULL;
|
||||||
@ -250,8 +281,17 @@ RSA *d2i_Netscape_RSA_2(RSA **a, unsigned char **pp, long length,
|
|||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,
|
i = strlen((char *)buf);
|
||||||
strlen((char *)buf),1,key,NULL);
|
if(sgckey){
|
||||||
|
EVP_MD_CTX mctx;
|
||||||
|
EVP_DigestInit(&mctx, EVP_md5());
|
||||||
|
EVP_DigestUpdate(&mctx, buf, i);
|
||||||
|
EVP_DigestFinal(&mctx, buf, NULL);
|
||||||
|
memcpy(buf + 16, "SGCKEYSALT", 10);
|
||||||
|
i = 26;
|
||||||
|
}
|
||||||
|
|
||||||
|
EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
|
||||||
memset(buf,0,256);
|
memset(buf,0,256);
|
||||||
|
|
||||||
EVP_CIPHER_CTX_init(&ctx);
|
EVP_CIPHER_CTX_init(&ctx);
|
||||||
@ -334,7 +374,7 @@ static void NETSCAPE_PKEY_free(NETSCAPE_PKEY *a)
|
|||||||
M_ASN1_INTEGER_free(a->version);
|
M_ASN1_INTEGER_free(a->version);
|
||||||
X509_ALGOR_free(a->algor);
|
X509_ALGOR_free(a->algor);
|
||||||
M_ASN1_OCTET_STRING_free(a->private_key);
|
M_ASN1_OCTET_STRING_free(a->private_key);
|
||||||
Free(a);
|
OPENSSL_free(a);
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif /* NO_RC4 */
|
#endif /* NO_RC4 */
|
||||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user