diff --git a/CHANGES b/CHANGES index f37ba4541..da71aa3eb 100644 --- a/CHANGES +++ b/CHANGES @@ -5,6 +5,12 @@ Changes between 0.9.1c and 0.9.2 + *) First cut of a cleanup for apps/. First the `ssleay' program is now named + `openssl' and second, the shortcut symlinks for the `openssl ' + are no longer created. This way we have a single and consistent command + line interface `openssl ', similar to `cvs '. + [Ralf S. Engelschall] + *) ca.c: move test for DSA keys inside #ifndef NO_DSA. Make pubkey BIT STRING wrapper always have zero unused bits. [Steve Henson] diff --git a/apps/.cvsignore b/apps/.cvsignore index 21cbc9dd8..fa963ae15 100644 --- a/apps/.cvsignore +++ b/apps/.cvsignore @@ -1 +1 @@ -ssleay +openssl diff --git a/apps/Makefile.ssl b/apps/Makefile.ssl index 94aa149a3..54f409139 100644 --- a/apps/Makefile.ssl +++ b/apps/Makefile.ssl @@ -1,5 +1,5 @@ # -# SSLeay/apps/Makefile.ssl +# apps/Makefile.ssl # DIR= apps @@ -25,18 +25,18 @@ DLIBSSL=../libssl.a LIBCRYPTO=-L.. -lcrypto LIBSSL=-L.. -lssl -SSLEAY= ssleay +PROGRAM= openssl -SCRIPTS=CA.sh der_chop CA.pl +SCRIPTS=CA.sh CA.pl der_chop -EXE= $(SSLEAY) +EXE= $(PROGRAM) E_EXE= verify asn1pars req dgst dh enc gendh errstr ca crl \ rsa dsa dsaparam \ x509 genrsa s_server s_client speed \ s_time version pkcs7 crl2pkcs7 sess_id ciphers -PROGS= $(SSLEAY).c +PROGS= $(PROGRAM).c A_OBJ=apps.o A_SRC=apps.c @@ -86,18 +86,15 @@ sreq.o: req.c files: perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO -install: mklinks - @for i in $(EXE) $(SCRIPTS) mklinks; \ +install: + @for i in $(EXE) $(SCRIPTS); \ do \ (echo installing $$i; \ cp $$i $(INSTALLTOP)/bin/$$i; \ chmod 755 $(INSTALLTOP)/bin/$$i ); \ done; \ - cp ssleay.cnf $(INSTALLTOP)/lib - chmod 644 $(INSTALLTOP)/lib/ssleay.cnf - cd $(INSTALLTOP)/bin; \ - /bin/sh ./mklinks; \ - /bin/rm -f ./mklinks + cp openssl.cnf $(INSTALLTOP)/lib; \ + chmod 644 $(INSTALLTOP)/lib/openssl.cnf tags: ctags $(SRC) @@ -130,15 +127,12 @@ $(DLIBSSL): $(DLIBCRYPTO): (cd ../crypto; $(MAKE)) -$(SSLEAY): progs.h $(E_OBJ) $(SSLEAY).o $(DLIBCRYPTO) $(DLIBSSL) - $(RM) $(SSLEAY) - $(CC) -o $(SSLEAY) $(CFLAGS) $(SSLEAY).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS) +$(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL) + $(RM) $(PROGRAM) + $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS) progs.h: - perl ./g_ssleay.pl $(E_EXE) >progs.h - $(RM) $(SSLEAY).o - -mklinks: - perl ./g_ssleay.pl $(E_EXE) >progs.h + perl ./progs.pl $(E_EXE) >progs.h + $(RM) $(PROGRAM).o # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/apps/ext.v3 b/apps/ext.v3 deleted file mode 100644 index 87ee8e617..000000000 --- a/apps/ext.v3 +++ /dev/null @@ -1,2 +0,0 @@ -2.99999.3 SET.ex3 SET x509v3 extension 3 - diff --git a/apps/g_ssleay.pl b/apps/g_ssleay.pl deleted file mode 100644 index 4c63e86ea..000000000 --- a/apps/g_ssleay.pl +++ /dev/null @@ -1,114 +0,0 @@ -#!/usr/local/bin/perl - -$mkprog='mklinks'; -$rmprog='rmlinks'; - -print "#ifndef NOPROTO\n"; - -grep(s/^asn1pars$/asn1parse/,@ARGV); - -foreach (@ARGV) - { printf "extern int %s_main(int argc,char *argv[]);\n",$_; } -print "#else\n"; -foreach (@ARGV) - { printf "extern int %s_main();\n",$_; } -print "#endif\n"; - - -print <<'EOF'; - -#ifdef SSLEAY_SRC - -#define FUNC_TYPE_GENERAL 1 -#define FUNC_TYPE_MD 2 -#define FUNC_TYPE_CIPHER 3 - -typedef struct { - int type; - char *name; - int (*func)(); - } FUNCTION; - -FUNCTION functions[] = { -EOF - -foreach (@ARGV) - { - push(@files,$_); - $str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n"; - if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/)) - { print "#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))\n${str}#endif\n"; } - elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) || - ($_ =~ /^req$/) || ($_ =~ /^ca$/) || ($_ =~ /^x509$/)) - { print "#ifndef NO_RSA\n${str}#endif\n"; } - elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/)) - { print "#ifndef NO_DSA\n${str}#endif\n"; } - elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/)) - { print "#ifndef NO_DH\n${str}#endif\n"; } - else - { print $str; } - } - -foreach ("md2","md5","sha","sha1","mdc2","rmd160") - { - push(@files,$_); - printf "\t{FUNC_TYPE_MD,\"%s\",dgst_main},\n",$_; - } - -foreach ( - "base64", - "des", "des3", "desx", "idea", "rc4", "rc2","bf","cast","rc5", - "des-ecb", "des-ede", "des-ede3", - "des-cbc", "des-ede-cbc","des-ede3-cbc", - "des-cfb", "des-ede-cfb","des-ede3-cfb", - "des-ofb", "des-ede-ofb","des-ede3-ofb", - "idea-cbc","idea-ecb", "idea-cfb", "idea-ofb", - "rc2-cbc", "rc2-ecb", "rc2-cfb", "rc2-ofb", - "bf-cbc", "bf-ecb", "bf-cfb", "bf-ofb", - "cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb", - "cast-cbc", "rc5-cbc", "rc5-ecb", "rc5-cfb", "rc5-ofb") - { - push(@files,$_); - - $t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_); - if ($_ =~ /des/) { $t="#ifndef NO_DES\n${t}#endif\n"; } - elsif ($_ =~ /idea/) { $t="#ifndef NO_IDEA\n${t}#endif\n"; } - elsif ($_ =~ /rc4/) { $t="#ifndef NO_RC4\n${t}#endif\n"; } - elsif ($_ =~ /rc2/) { $t="#ifndef NO_RC2\n${t}#endif\n"; } - elsif ($_ =~ /bf/) { $t="#ifndef NO_BLOWFISH\n${t}#endif\n"; } - elsif ($_ =~ /cast/) { $t="#ifndef NO_CAST\n${t}#endif\n"; } - elsif ($_ =~ /rc5/) { $t="#ifndef NO_RC5\n${t}#endif\n"; } - print $t; - } - -print "\t{0,NULL,NULL}\n\t};\n"; -print "#endif\n\n"; - -open(OUT,">$mkprog") || die "unable to open '$prog':$!\n"; -print OUT "#!/bin/sh\nfor i in "; -foreach (@files) - { print OUT $_." "; } -print OUT <<'EOF'; - -do -echo making symlink for $i -/bin/rm -f $i -ln -s ssleay $i -done -EOF -close(OUT); -chmod(0755,$mkprog); - -open(OUT,">$rmprog") || die "unable to open '$prog':$!\n"; -print OUT "#!/bin/sh\nfor i in "; -foreach (@files) - { print OUT $_." "; } -print OUT <<'EOF'; - -do -echo removing $i -/bin/rm -f $i -done -EOF -close(OUT); -chmod(0755,$rmprog); diff --git a/apps/gmon.out b/apps/gmon.out deleted file mode 100644 index abab8b9ee..000000000 Binary files a/apps/gmon.out and /dev/null differ diff --git a/apps/mklinks b/apps/mklinks deleted file mode 100644 index d9be1c35c..000000000 --- a/apps/mklinks +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh -for i in verify asn1parse req dgst dh enc gendh errstr ca crl rsa dsa dsaparam x509 genrsa s_server s_client speed s_time version pkcs7 crl2pkcs7 sess_id ciphers md2 md5 sha sha1 mdc2 rmd160 base64 des des3 desx idea rc4 rc2 bf cast rc5 des-ecb des-ede des-ede3 des-cbc des-ede-cbc des-ede3-cbc des-cfb des-ede-cfb des-ede3-cfb des-ofb des-ede-ofb des-ede3-ofb idea-cbc idea-ecb idea-cfb idea-ofb rc2-cbc rc2-ecb rc2-cfb rc2-ofb bf-cbc bf-ecb bf-cfb bf-ofb cast5-cbc cast5-ecb cast5-cfb cast5-ofb cast-cbc rc5-cbc rc5-ecb rc5-cfb rc5-ofb -do -echo making symlink for $i -/bin/rm -f $i -ln -s ssleay $i -done diff --git a/apps/openssl.c b/apps/openssl.c index 739a0e8f3..e4bf362fa 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -1,4 +1,4 @@ -/* apps/ssleay.c */ +/* apps/openssl.c */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -152,12 +152,14 @@ char *Argv[]; ERR_load_crypto_strings(); /* Lets load up our environment a little */ - p=getenv("SSLEAY_CONF"); + p=getenv("OPENSSL_CONF"); + if (p == NULL) + p=getenv("SSLEAY_CONF"); if (p == NULL) { strcpy(config_name,X509_get_default_cert_area()); strcat(config_name,"/lib/"); - strcat(config_name,SSLEAY_CONF); + strcat(config_name,OPENSSL_CONF); p=config_name; } @@ -191,7 +193,7 @@ char *Argv[]; goto end; } - /* ok, lets enter the old 'SSLeay>' mode */ + /* ok, lets enter the old 'OpenSSL>' mode */ for (;;) { @@ -204,7 +206,7 @@ char *Argv[]; p[0]='\0'; if (i++) prompt=">"; - else prompt="SSLeay>"; + else prompt="OpenSSL> "; fputs(prompt,stdout); fflush(stdout); fgets(p,n,stdin); @@ -278,10 +280,10 @@ char *argv[]; } else { - BIO_printf(bio_err,"'%s' is a bad command, valid commands are", + BIO_printf(bio_err,"openssl:Error: '%s' is an invalid command.\n", argv[0]); + BIO_printf(bio_err, "\nStandard commands"); i=0; - fp=functions; tp=0; for (fp=functions; fp->name != NULL; fp++) { @@ -299,17 +301,17 @@ char *argv[]; { i=1; BIO_printf(bio_err, - "Message Digest commands - see the dgst command for more details\n"); + "\nMessage Digest commands (see the `dgst' command for more details)\n"); } else if (tp == FUNC_TYPE_CIPHER) { i=1; - BIO_printf(bio_err,"Cipher commands - see the enc command for more details\n"); + BIO_printf(bio_err,"\nCipher commands (see the `enc' command for more details)\n"); } } BIO_printf(bio_err,"%-15s",fp->name); } - BIO_printf(bio_err,"\nquit\n"); + BIO_printf(bio_err,"\n\n"); ret=0; } end: diff --git a/apps/openssl.cnf b/apps/openssl.cnf index 2621d90d3..c07083566 100644 --- a/apps/openssl.cnf +++ b/apps/openssl.cnf @@ -1,5 +1,5 @@ # -# SSLeay example configuration file. +# OpenSSL example configuration file. # This is mostly being used for generation of certificate requests. # @@ -80,7 +80,7 @@ localityName = Locality Name (eg, city) # we can do this but it is not needed normally :-) #1.organizationName = Second Organization Name (eg, company) -#1.organizationName_default = CryptSoft Pty Ltd +#1.organizationName_default = World Wide Web Pty Ltd organizationalUnitName = Organizational Unit Name (eg, section) #organizationalUnitName_default = @@ -102,7 +102,7 @@ unstructuredName = An optional company name [ x509v3_extensions ] -nsCaRevocationUrl = http://www.cryptsoft.com/ca-crl.pem +nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem nsComment = "This is a comment" # under ASN.1, the 0 bit would be encoded as 80 diff --git a/apps/progs.pl b/apps/progs.pl index 4c63e86ea..dfa308c5a 100644 --- a/apps/progs.pl +++ b/apps/progs.pl @@ -1,8 +1,5 @@ #!/usr/local/bin/perl -$mkprog='mklinks'; -$rmprog='rmlinks'; - print "#ifndef NOPROTO\n"; grep(s/^asn1pars$/asn1parse/,@ARGV); @@ -38,8 +35,7 @@ foreach (@ARGV) $str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n"; if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/)) { print "#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))\n${str}#endif\n"; } - elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) || - ($_ =~ /^req$/) || ($_ =~ /^ca$/) || ($_ =~ /^x509$/)) + elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) ) { print "#ifndef NO_RSA\n${str}#endif\n"; } elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/)) { print "#ifndef NO_DSA\n${str}#endif\n"; } @@ -84,31 +80,3 @@ foreach ( print "\t{0,NULL,NULL}\n\t};\n"; print "#endif\n\n"; -open(OUT,">$mkprog") || die "unable to open '$prog':$!\n"; -print OUT "#!/bin/sh\nfor i in "; -foreach (@files) - { print OUT $_." "; } -print OUT <<'EOF'; - -do -echo making symlink for $i -/bin/rm -f $i -ln -s ssleay $i -done -EOF -close(OUT); -chmod(0755,$mkprog); - -open(OUT,">$rmprog") || die "unable to open '$prog':$!\n"; -print OUT "#!/bin/sh\nfor i in "; -foreach (@files) - { print OUT $_." "; } -print OUT <<'EOF'; - -do -echo removing $i -/bin/rm -f $i -done -EOF -close(OUT); -chmod(0755,$rmprog); diff --git a/apps/req.c b/apps/req.c index 50802f52c..17f58d07c 100644 --- a/apps/req.c +++ b/apps/req.c @@ -357,12 +357,14 @@ bad: #ifndef MONOLITH /* Lets load up our environment a little */ - p=getenv("SSLEAY_CONF"); + p=getenv("OPENSSL_CONF"); + if (p == NULL) + p=getenv("SSLEAY_CONF"); if (p == NULL) { strcpy(config_name,X509_get_default_cert_area()); strcat(config_name,"/lib/"); - strcat(config_name,SSLEAY_CONF); + strcat(config_name,OPENSSL_CONF); p=config_name; } default_config_file=p; diff --git a/apps/rmlinks b/apps/rmlinks deleted file mode 100644 index 005673675..000000000 --- a/apps/rmlinks +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh -for i in verify asn1parse req dgst dh enc gendh errstr ca crl rsa dsa dsaparam x509 genrsa s_server s_client speed s_time version pkcs7 crl2pkcs7 sess_id ciphers md2 md5 sha sha1 mdc2 rmd160 base64 des des3 desx idea rc4 rc2 bf cast rc5 des-ecb des-ede des-ede3 des-cbc des-ede-cbc des-ede3-cbc des-cfb des-ede-cfb des-ede3-cfb des-ofb des-ede-ofb des-ede3-ofb idea-cbc idea-ecb idea-cfb idea-ofb rc2-cbc rc2-ecb rc2-cfb rc2-ofb bf-cbc bf-ecb bf-cfb bf-ofb cast5-cbc cast5-ecb cast5-cfb cast5-ofb cast-cbc rc5-cbc rc5-ecb rc5-cfb rc5-ofb -do -echo removing $i -/bin/rm -f $i -done diff --git a/apps/ssleay.c b/apps/ssleay.c deleted file mode 100644 index 739a0e8f3..000000000 --- a/apps/ssleay.c +++ /dev/null @@ -1,343 +0,0 @@ -/* apps/ssleay.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef DEBUG -#undef DEBUG -#endif - -#include -#include -#include -#include "bio.h" -#include "crypto.h" -#include "lhash.h" -#include "conf.h" -#include "x509.h" -#include "pem.h" -#include "ssl.h" -#define SSLEAY /* turn off a few special case MONOLITH macros */ -#define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */ -#define SSLEAY_SRC -#include "apps.h" -#include "s_apps.h" -#include "err.h" - -/* -#ifdef WINDOWS -#include "bss_file.c" -#endif -*/ - -#ifndef NOPROTO -static unsigned long MS_CALLBACK hash(FUNCTION *a); -static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b); -static LHASH *prog_init(void ); -static int do_cmd(LHASH *prog,int argc,char *argv[]); -#else -static unsigned long MS_CALLBACK hash(); -static int MS_CALLBACK cmp(); -static LHASH *prog_init(); -static int do_cmd(); -#endif - -LHASH *config=NULL; -char *default_config_file=NULL; - -#ifdef DEBUG -static void sig_stop(i) -int i; - { - char *a=NULL; - - *a='\0'; - } -#endif - -/* Make sure there is only one when MONOLITH is defined */ -#ifdef MONOLITH -BIO *bio_err=NULL; -#endif - -int main(Argc,Argv) -int Argc; -char *Argv[]; - { - ARGS arg; -#define PROG_NAME_SIZE 16 - char pname[PROG_NAME_SIZE]; - FUNCTION f,*fp; - MS_STATIC char *prompt,buf[1024],config_name[256]; - int n,i,ret=0; - int argc; - char **argv,*p; - LHASH *prog=NULL; - long errline; - - arg.data=NULL; - arg.count=0; - - /* SSLeay_add_ssl_algorithms(); is called in apps_startup() */ - apps_startup(); - -#if defined(DEBUG) && !defined(WINDOWS) && !defined(MSDOS) -#ifdef SIGBUS - signal(SIGBUS,sig_stop); -#endif -#ifdef SIGSEGV - signal(SIGSEGV,sig_stop); -#endif -#endif - - if (bio_err == NULL) - if ((bio_err=BIO_new(BIO_s_file())) != NULL) - BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); - - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - - ERR_load_crypto_strings(); - - /* Lets load up our environment a little */ - p=getenv("SSLEAY_CONF"); - if (p == NULL) - { - strcpy(config_name,X509_get_default_cert_area()); - strcat(config_name,"/lib/"); - strcat(config_name,SSLEAY_CONF); - p=config_name; - } - - default_config_file=p; - - config=CONF_load(config,p,&errline); - if (config == NULL) ERR_clear_error(); - - prog=prog_init(); - - /* first check the program name */ - program_name(Argv[0],pname,PROG_NAME_SIZE); - - f.name=pname; - fp=(FUNCTION *)lh_retrieve(prog,(char *)&f); - if (fp != NULL) - { - Argv[0]=pname; - ret=fp->func(Argc,Argv); - goto end; - } - - /* ok, now check that there are not arguments, if there are, - * run with them, shifting the ssleay off the front */ - if (Argc != 1) - { - Argc--; - Argv++; - ret=do_cmd(prog,Argc,Argv); - if (ret < 0) ret=0; - goto end; - } - - /* ok, lets enter the old 'SSLeay>' mode */ - - for (;;) - { - ret=0; - p=buf; - n=1024; - i=0; - for (;;) - { - p[0]='\0'; - if (i++) - prompt=">"; - else prompt="SSLeay>"; - fputs(prompt,stdout); - fflush(stdout); - fgets(p,n,stdin); - if (p[0] == '\0') goto end; - i=strlen(p); - if (i <= 1) break; - if (p[i-2] != '\\') break; - i-=2; - p+=i; - n-=i; - } - if (!chopup_args(&arg,buf,&argc,&argv)) break; - - ret=do_cmd(prog,argc,argv); - if (ret < 0) - { - ret=0; - goto end; - } - if (ret != 0) - BIO_printf(bio_err,"error in %s\n",argv[0]); - BIO_flush(bio_err); - } - BIO_printf(bio_err,"bad exit\n"); - ret=1; -end: - if (config != NULL) - { - CONF_free(config); - config=NULL; - } - if (prog != NULL) lh_free(prog); - if (arg.data != NULL) Free(arg.data); - ERR_remove_state(0); - - EVP_cleanup(); - ERR_free_strings(); - - CRYPTO_mem_leaks(bio_err); - if (bio_err != NULL) - { - BIO_free(bio_err); - bio_err=NULL; - } - EXIT(ret); - } - -static int do_cmd(prog,argc,argv) -LHASH *prog; -int argc; -char *argv[]; - { - FUNCTION f,*fp; - int i,ret=1,tp,nl; - - if ((argc <= 0) || (argv[0] == NULL)) - { ret=0; goto end; } - f.name=argv[0]; - fp=(FUNCTION *)lh_retrieve(prog,(char *)&f); - if (fp != NULL) - { - ret=fp->func(argc,argv); - } - else if ((strcmp(argv[0],"quit") == 0) || - (strcmp(argv[0],"q") == 0) || - (strcmp(argv[0],"exit") == 0) || - (strcmp(argv[0],"bye") == 0)) - { - ret= -1; - goto end; - } - else - { - BIO_printf(bio_err,"'%s' is a bad command, valid commands are", - argv[0]); - i=0; - fp=functions; - tp=0; - for (fp=functions; fp->name != NULL; fp++) - { - nl=0; - if (((i++) % 5) == 0) - { - BIO_printf(bio_err,"\n"); - nl=1; - } - if (fp->type != tp) - { - tp=fp->type; - if (!nl) BIO_printf(bio_err,"\n"); - if (tp == FUNC_TYPE_MD) - { - i=1; - BIO_printf(bio_err, - "Message Digest commands - see the dgst command for more details\n"); - } - else if (tp == FUNC_TYPE_CIPHER) - { - i=1; - BIO_printf(bio_err,"Cipher commands - see the enc command for more details\n"); - } - } - BIO_printf(bio_err,"%-15s",fp->name); - } - BIO_printf(bio_err,"\nquit\n"); - ret=0; - } -end: - return(ret); - } - -static LHASH *prog_init() - { - LHASH *ret; - FUNCTION *f; - - if ((ret=lh_new(hash,cmp)) == NULL) return(NULL); - - for (f=functions; f->name != NULL; f++) - lh_insert(ret,(char *)f); - return(ret); - } - -static int MS_CALLBACK cmp(a,b) -FUNCTION *a,*b; - { - return(strncmp(a->name,b->name,8)); - } - -static unsigned long MS_CALLBACK hash(a) -FUNCTION *a; - { - return(lh_strhash(a->name)); - } - -#undef SSLEAY diff --git a/apps/ssleay.cnf b/apps/ssleay.cnf deleted file mode 100644 index 2621d90d3..000000000 --- a/apps/ssleay.cnf +++ /dev/null @@ -1,119 +0,0 @@ -# -# SSLeay example configuration file. -# This is mostly being used for generation of certificate requests. -# - -RANDFILE = $ENV::HOME/.rnd -oid_file = $ENV::HOME/.oid - -#################################################################### -[ ca ] -default_ca = CA_default # The default ca section - -#################################################################### -[ CA_default ] - -dir = ./demoCA # Where everything is kept -certs = $dir/certs # Where the issued certs are kept -crl_dir = $dir/crl # Where the issued crl are kept -database = $dir/index.txt # database index file. -new_certs_dir = $dir/newcerts # default place for new certs. - -certificate = $dir/cacert.pem # The CA certificate -serial = $dir/serial # The current serial number -crl = $dir/crl.pem # The current CRL -private_key = $dir/private/cakey.pem# The private key -RANDFILE = $dir/private/.rand # private random number file - -x509_extensions = x509v3_extensions # The extentions to add to the cert -default_days = 365 # how long to certify for -default_crl_days= 30 # how long before next CRL -default_md = md5 # which md to use. -preserve = no # keep passed DN ordering - -# A few difference way of specifying how similar the request should look -# For type CA, the listed attributes must be the same, and the optional -# and supplied fields are just that :-) -policy = policy_match - -# For the CA policy -[ policy_match ] -countryName = match -stateOrProvinceName = match -organizationName = match -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -# For the 'anything' policy -# At this point in time, you must list all acceptable 'object' -# types. -[ policy_anything ] -countryName = optional -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -#################################################################### -[ req ] -default_bits = 1024 -default_keyfile = privkey.pem -distinguished_name = req_distinguished_name -attributes = req_attributes - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = AU -countryName_min = 2 -countryName_max = 2 - -stateOrProvinceName = State or Province Name (full name) -stateOrProvinceName_default = Some-State - -localityName = Locality Name (eg, city) - -0.organizationName = Organization Name (eg, company) -0.organizationName_default = Internet Widgits Pty Ltd - -# we can do this but it is not needed normally :-) -#1.organizationName = Second Organization Name (eg, company) -#1.organizationName_default = CryptSoft Pty Ltd - -organizationalUnitName = Organizational Unit Name (eg, section) -#organizationalUnitName_default = - -commonName = Common Name (eg, YOUR name) -commonName_max = 64 - -emailAddress = Email Address -emailAddress_max = 40 - -SET-ex3 = SET extension number 3 - -[ req_attributes ] -challengePassword = A challenge password -challengePassword_min = 4 -challengePassword_max = 20 - -unstructuredName = An optional company name - -[ x509v3_extensions ] - -nsCaRevocationUrl = http://www.cryptsoft.com/ca-crl.pem -nsComment = "This is a comment" - -# under ASN.1, the 0 bit would be encoded as 80 -nsCertType = 0x40 - -#nsBaseUrl -#nsRevocationUrl -#nsRenewalUrl -#nsCaPolicyUrl -#nsSslServerName -#nsCertSequence -#nsCertExt -#nsDataType - diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index ea79d47f5..eac4d68e0 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -61,12 +61,12 @@ * perl obj_dat.pl < objects.h > obj_dat.h */ -#define NUM_NID 126 -#define NUM_SN 97 -#define NUM_LN 124 -#define NUM_OBJ 98 +#define NUM_NID 127 +#define NUM_SN 98 +#define NUM_LN 125 +#define NUM_OBJ 99 -static unsigned char lvalues[611]={ +static unsigned char lvalues[614]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ @@ -165,6 +165,7 @@ static unsigned char lvalues[611]={ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08, /* [592] OBJ_rc5_cbc */ 0x29,0x01,0x01,0x85,0x1A, /* [600] OBJ_rle_compression */ 0x29,0x01,0x01,0x85,0x1A, /* [605] OBJ_zlib_compression */ +0x55,0x1D,0x25, /* [610] OBJ_ext_key_usage */ }; static ASN1_OBJECT nid_objs[NUM_NID]={ @@ -336,6 +337,8 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"RC5-OFB","rc5-ofb",NID_rc5_ofb64,0,NULL}, {"RLE","run length compression",NID_rle_compression,5,&(lvalues[600]),0}, {"ZLIB","zlib compression",NID_zlib_compression,5,&(lvalues[605]),0}, +{"extendedKeyUsage","X509v3 Extended Key Usage",NID_ext_key_usage,3, + &(lvalues[610]),0}, }; static ASN1_OBJECT *sn_objs[NUM_SN]={ @@ -419,6 +422,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[89]),/* "certificatePolicies" */ &(nid_objs[103]),/* "crlDistributionPoints" */ &(nid_objs[88]),/* "crlNumber" */ +&(nid_objs[126]),/* "extendedKeyUsage" */ &(nid_objs[86]),/* "issuerAltName" */ &(nid_objs[83]),/* "keyUsage" */ &(nid_objs[81]),/* "ld-ce" */ @@ -458,6 +462,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[103]),/* "X509v3 CRL Distribution Points" */ &(nid_objs[88]),/* "X509v3 CRL Number" */ &(nid_objs[89]),/* "X509v3 Certificate Policies" */ +&(nid_objs[126]),/* "X509v3 Extended Key Usage" */ &(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */ &(nid_objs[83]),/* "X509v3 Key Usage" */ &(nid_objs[84]),/* "X509v3 Private Key Usage Period" */ @@ -593,11 +598,12 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[103]),/* OBJ_crl_distribution_points 2 5 29 31 */ &(nid_objs[89]),/* OBJ_certificate_policies 2 5 29 32 */ &(nid_objs[90]),/* OBJ_authority_key_identifier 2 5 29 35 */ +&(nid_objs[126]),/* OBJ_ext_key_usage 2 5 29 37 */ &(nid_objs[19]),/* OBJ_rsa 2 5 8 1 1 */ &(nid_objs[96]),/* OBJ_mdc2WithRSA 2 5 8 3 100 */ &(nid_objs[95]),/* OBJ_mdc2 2 5 8 3 101 */ -&(nid_objs[124]),/* OBJ_rle_compression 1 1 1 1 666.1 */ &(nid_objs[125]),/* OBJ_zlib_compression 1 1 1 1 666.2 */ +&(nid_objs[124]),/* OBJ_rle_compression 1 1 1 1 666.1 */ &(nid_objs[104]),/* OBJ_md5WithRSA 1 3 14 3 2 3 */ &(nid_objs[29]),/* OBJ_des_ecb 1 3 14 3 2 6 */ &(nid_objs[31]),/* OBJ_des_cbc 1 3 14 3 2 7 */ diff --git a/e_os.h b/e_os.h index 510db0e9a..b105fa919 100644 --- a/e_os.h +++ b/e_os.h @@ -172,7 +172,8 @@ extern "C" { #ifndef R_OK # define R_OK 4 #endif -# define SSLEAY_CONF "ssleay.cnf" +# define OPENSSL_CONF "openssl.cnf" +# define SSLEAY_CONF OPENSSL_CONF # define NUL_DEV "nul" # define RFILE ".rnd" @@ -184,7 +185,8 @@ extern "C" { # include # endif -# define SSLEAY_CONF "ssleay.cnf" +# define OPENSSL_CONF "openssl.cnf" +# define SSLEAY_CONF OPENSSL_CONF # define RFILE ".rnd" # define LIST_SEPARATOR_CHAR ':' # ifndef MONOLITH