generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Run util/openssl-format-source -v -c .

Browse Source 
Reviewed-by: Tim Hudson <tjh@openssl.org>
This commit is contained in:
Matt Caswell 2015-01-22 03:40:55 +00:00
parent 22b52164aa
commit 0f113f3ee4
1054 changed files with 278488 additions and 279856 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

168
apps/app_rand.c
View File

@ -115,104 +115,106 @@
#include <openssl/bio.h> #include <openssl/bio.h>
#include <openssl/rand.h> #include <openssl/rand.h>
static int seeded = 0; static int seeded = 0;
static int egdsocket = 0; static int egdsocket = 0;
int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn) int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
{ {
int consider_randfile = (file == NULL); int consider_randfile = (file == NULL);
char buffer[200]; char buffer[200];
#ifdef OPENSSL_SYS_WINDOWS #ifdef OPENSSL_SYS_WINDOWS
BIO_printf(bio_e,"Loading 'screen' into random state -"); BIO_printf(bio_e, "Loading 'screen' into random state -");
BIO_flush(bio_e); BIO_flush(bio_e);
RAND_screen(); RAND_screen();
BIO_printf(bio_e," done\n"); BIO_printf(bio_e, " done\n");
#endif #endif
if (file == NULL) if (file == NULL)
file = RAND_file_name(buffer, sizeof buffer); file = RAND_file_name(buffer, sizeof buffer);
else if (RAND_egd(file) > 0) else if (RAND_egd(file) > 0) {
{ /*
/* we try if the given filename is an EGD socket. * we try if the given filename is an EGD socket. if it is, we don't
if it is, we don't write anything back to the file. */ * write anything back to the file.
egdsocket = 1; */
return 1; egdsocket = 1;
} return 1;
if (file == NULL || !RAND_load_file(file, -1)) }
{ if (file == NULL || !RAND_load_file(file, -1)) {
if (RAND_status() == 0) if (RAND_status() == 0) {
{ if (!dont_warn) {
if (!dont_warn) BIO_printf(bio_e, "unable to load 'random state'\n");
{ BIO_printf(bio_e,
BIO_printf(bio_e,"unable to load 'random state'\n"); "This means that the random number generator has not been seeded\n");
BIO_printf(bio_e,"This means that the random number generator has not been seeded\n"); BIO_printf(bio_e, "with much random data.\n");
BIO_printf(bio_e,"with much random data.\n"); if (consider_randfile) { /* explanation does not apply when a
if (consider_randfile) /* explanation does not apply when a file is explicitly named */ * file is explicitly named */
{ BIO_printf(bio_e,
BIO_printf(bio_e,"Consider setting the RANDFILE environment variable to point at a file that\n"); "Consider setting the RANDFILE environment variable to point at a file that\n");
BIO_printf(bio_e,"'random' data can be kept in (the file will be overwritten).\n"); BIO_printf(bio_e,
} "'random' data can be kept in (the file will be overwritten).\n");
} }
return 0; }
} return 0;
} }
seeded = 1; }
return 1; seeded = 1;
} return 1;
}
long app_RAND_load_files(char *name) long app_RAND_load_files(char *name)
{ {
char *p,*n; char *p, *n;
int last; int last;
long tot=0; long tot = 0;
int egd; int egd;
for (;;) for (;;) {
{ last = 0;
last=0; for (p = name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++) ;
for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++); if (*p == '\0')
if (*p == '\0') last=1; last = 1;
*p='\0'; *p = '\0';
n=name; n = name;
name=p+1; name = p + 1;
if (*n == '\0') break; if (*n == '\0')
break;
egd=RAND_egd(n); egd = RAND_egd(n);
if (egd > 0) if (egd > 0)
tot+=egd; tot += egd;
else else
tot+=RAND_load_file(n,-1); tot += RAND_load_file(n, -1);
if (last) break; if (last)
} break;
if (tot > 512) }
app_RAND_allow_write_file(); if (tot > 512)
return(tot); app_RAND_allow_write_file();
} return (tot);
}
int app_RAND_write_file(const char *file, BIO *bio_e) int app_RAND_write_file(const char *file, BIO *bio_e)
{ {
char buffer[200]; char buffer[200];
if (egdsocket || !seeded) if (egdsocket || !seeded)
/* If we did not manage to read the seed file, /*
* we should not write a low-entropy seed file back -- * If we did not manage to read the seed file, we should not write a
* it would suppress a crucial warning the next time * low-entropy seed file back -- it would suppress a crucial warning
* we want to use it. */ * the next time we want to use it.
return 0; */
return 0;
if (file == NULL) if (file == NULL)
file = RAND_file_name(buffer, sizeof buffer); file = RAND_file_name(buffer, sizeof buffer);
if (file == NULL || !RAND_write_file(file)) if (file == NULL || !RAND_write_file(file)) {
{ BIO_printf(bio_e, "unable to write 'random state'\n");
BIO_printf(bio_e,"unable to write 'random state'\n"); return 0;
return 0; }
} return 1;
return 1; }
}
void app_RAND_allow_write_file(void) void app_RAND_allow_write_file(void)
{ {
seeded = 1; seeded = 1;
} }

5186
apps/apps.c
View File

File diff suppressed because it is too large Load Diff

332
apps/apps.h
View File

@ -110,122 +110,119 @@
*/ */
#ifndef HEADER_APPS_H #ifndef HEADER_APPS_H
#define HEADER_APPS_H # define HEADER_APPS_H
#include "e_os.h" # include "e_os.h"
#include <openssl/bio.h> # include <openssl/bio.h>
#include <openssl/x509.h> # include <openssl/x509.h>
#include <openssl/lhash.h> # include <openssl/lhash.h>
#include <openssl/conf.h> # include <openssl/conf.h>
#include <openssl/txt_db.h> # include <openssl/txt_db.h>
#ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h> # include <openssl/engine.h>
#endif # endif
#ifndef OPENSSL_NO_OCSP # ifndef OPENSSL_NO_OCSP
#include <openssl/ocsp.h> # include <openssl/ocsp.h>
#endif # endif
#include <openssl/ossl_typ.h> # include <openssl/ossl_typ.h>
int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn); int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
int app_RAND_write_file(const char *file, BIO *bio_e); int app_RAND_write_file(const char *file, BIO *bio_e);
/* When `file' is NULL, use defaults. /*
* `bio_e' is for error messages. */ * When `file' is NULL, use defaults. `bio_e' is for error messages.
*/
void app_RAND_allow_write_file(void); void app_RAND_allow_write_file(void);
long app_RAND_load_files(char *file); /* `file' is a list of files to read, long app_RAND_load_files(char *file); /* `file' is a list of files to read,
* separated by LIST_SEPARATOR_CHAR * separated by LIST_SEPARATOR_CHAR
* (see e_os.h). The string is * (see e_os.h). The string is
* destroyed! */ * destroyed! */
#ifndef MONOLITH # ifndef MONOLITH
#define MAIN(a,v) main(a,v) # define MAIN(a,v) main(a,v)
#ifndef NON_MAIN # ifndef NON_MAIN
CONF *config=NULL; CONF *config = NULL;
BIO *bio_err=NULL; BIO *bio_err = NULL;
#else # else
extern CONF *config; extern CONF *config;
extern BIO *bio_err; extern BIO *bio_err;
#endif # endif
#else # else
#define MAIN(a,v) PROG(a,v) # define MAIN(a,v) PROG(a,v)
extern CONF *config; extern CONF *config;
extern char *default_config_file; extern char *default_config_file;
extern BIO *bio_err; extern BIO *bio_err;
#endif # endif
#ifndef OPENSSL_SYS_NETWARE # ifndef OPENSSL_SYS_NETWARE
#include <signal.h> # include <signal.h>
#endif # endif
#ifdef SIGPIPE # ifdef SIGPIPE
#define do_pipe_sig() signal(SIGPIPE,SIG_IGN) # define do_pipe_sig() signal(SIGPIPE,SIG_IGN)
#else # else
#define do_pipe_sig() # define do_pipe_sig()
#endif # endif
#ifdef OPENSSL_NO_COMP # ifdef OPENSSL_NO_COMP
#define zlib_cleanup() # define zlib_cleanup()
#else # else
#define zlib_cleanup() COMP_zlib_cleanup() # define zlib_cleanup() COMP_zlib_cleanup()
#endif # endif
#if defined(MONOLITH) && !defined(OPENSSL_C) # if defined(MONOLITH) && !defined(OPENSSL_C)
# define apps_startup() \ # define apps_startup() \
do_pipe_sig() do_pipe_sig()
# define apps_shutdown() # define apps_shutdown()
#else # else
# ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
# define apps_startup() \ # define apps_startup() \
do { do_pipe_sig(); CRYPTO_malloc_init(); \ do { do_pipe_sig(); CRYPTO_malloc_init(); \
ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
ENGINE_load_builtin_engines(); setup_ui_method(); } while(0) ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
# define apps_shutdown() \ # define apps_shutdown() \
do { CONF_modules_unload(1); destroy_ui_method(); \ do { CONF_modules_unload(1); destroy_ui_method(); \
OBJ_cleanup(); EVP_cleanup(); ENGINE_cleanup(); \ OBJ_cleanup(); EVP_cleanup(); ENGINE_cleanup(); \
CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \ CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \
RAND_cleanup(); \ RAND_cleanup(); \
ERR_free_strings(); zlib_cleanup();} while(0) ERR_free_strings(); zlib_cleanup();} while(0)
# else # else
# define apps_startup() \ # define apps_startup() \
do { do_pipe_sig(); CRYPTO_malloc_init(); \ do { do_pipe_sig(); CRYPTO_malloc_init(); \
ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
setup_ui_method(); } while(0) setup_ui_method(); } while(0)
# define apps_shutdown() \ # define apps_shutdown() \
do { CONF_modules_unload(1); destroy_ui_method(); \ do { CONF_modules_unload(1); destroy_ui_method(); \
OBJ_cleanup(); EVP_cleanup(); \ OBJ_cleanup(); EVP_cleanup(); \
CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \ CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \
RAND_cleanup(); \ RAND_cleanup(); \
ERR_free_strings(); zlib_cleanup(); } while(0) ERR_free_strings(); zlib_cleanup(); } while(0)
# endif # endif
#endif # endif
#if defined(OPENSSL_SYSNAME_WIN32) || defined(OPENSSL_SYSNAME_WINCE) # if defined(OPENSSL_SYSNAME_WIN32) || defined(OPENSSL_SYSNAME_WINCE)
# define openssl_fdset(a,b) FD_SET((unsigned int)a, b) # define openssl_fdset(a,b) FD_SET((unsigned int)a, b)
#else # else
# define openssl_fdset(a,b) FD_SET(a, b) # define openssl_fdset(a,b) FD_SET(a, b)
#endif # endif
typedef struct args_st {
char **data;
int count;
} ARGS;
typedef struct args_st # define PW_MIN_LENGTH 4
{ typedef struct pw_cb_data {
char **data; const void *password;
int count; const char *prompt_info;
} ARGS; } PW_CB_DATA;
#define PW_MIN_LENGTH 4 int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data);
typedef struct pw_cb_data
{
const void *password;
const char *prompt_info;
} PW_CB_DATA;
int password_callback(char *buf, int bufsiz, int verify,
PW_CB_DATA *cb_data);
int setup_ui_method(void); int setup_ui_method(void);
void destroy_ui_method(void); void destroy_ui_method(void);
@ -233,12 +230,13 @@ void destroy_ui_method(void);
int should_retry(int i); int should_retry(int i);
int args_from_file(char *file, int *argc, char **argv[]); int args_from_file(char *file, int *argc, char **argv[]);
int str2fmt(char *s); int str2fmt(char *s);
void program_name(char *in,char *out,int size); void program_name(char *in, char *out, int size);
int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]); int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[]);
#ifdef HEADER_X509_H # ifdef HEADER_X509_H
int dump_cert_text(BIO *out, X509 *x); int dump_cert_text(BIO *out, X509 *x);
void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags); void print_name(BIO *out, const char *title, X509_NAME *nm,
#endif unsigned long lflags);
# endif
int set_cert_ex(unsigned long *flags, const char *arg); int set_cert_ex(unsigned long *flags, const char *arg);
int set_name_ex(unsigned long *flags, const char *arg); int set_name_ex(unsigned long *flags, const char *arg);
int set_ext_copy(int *copy_type, const char *arg); int set_ext_copy(int *copy_type, const char *arg);
@ -246,143 +244,145 @@ int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2); int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
int add_oid_section(BIO *err, CONF *conf); int add_oid_section(BIO *err, CONF *conf);
X509 *load_cert(BIO *err, const char *file, int format, X509 *load_cert(BIO *err, const char *file, int format,
const char *pass, ENGINE *e, const char *cert_descrip); const char *pass, ENGINE *e, const char *cert_descrip);
X509_CRL *load_crl(const char *infile, int format); X509_CRL *load_crl(const char *infile, int format);
int load_cert_crl_http(const char *url, BIO *err, int load_cert_crl_http(const char *url, BIO *err,
X509 **pcert, X509_CRL **pcrl); X509 **pcert, X509_CRL **pcrl);
EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin, EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *key_descrip); const char *pass, ENGINE *e, const char *key_descrip);
EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *key_descrip); const char *pass, ENGINE *e, const char *key_descrip);
STACK_OF(X509) *load_certs(BIO *err, const char *file, int format, STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
const char *pass, ENGINE *e, const char *cert_descrip); const char *pass, ENGINE *e,
const char *cert_descrip);
STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format, STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format,
const char *pass, ENGINE *e, const char *cert_descrip); const char *pass, ENGINE *e,
const char *cert_descrip);
X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath); X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
#ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
ENGINE *setup_engine(BIO *err, const char *engine, int debug); ENGINE *setup_engine(BIO *err, const char *engine, int debug);
#endif # endif
#ifndef OPENSSL_NO_OCSP # ifndef OPENSSL_NO_OCSP
OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req, OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
const char *host, const char *path, const char *host, const char *path,
const char *port, int use_ssl, const char *port, int use_ssl,
const STACK_OF(CONF_VALUE) *headers, const STACK_OF(CONF_VALUE) *headers,
int req_timeout); int req_timeout);
#endif # endif
int load_config(BIO *err, CONF *cnf); int load_config(BIO *err, CONF *cnf);
char *make_config_name(void); char *make_config_name(void);
/* Functions defined in ca.c and also used in ocsp.c */ /* Functions defined in ca.c and also used in ocsp.c */
int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
ASN1_GENERALIZEDTIME **pinvtm, const char *str); ASN1_GENERALIZEDTIME **pinvtm, const char *str);
#define DB_type 0 # define DB_type 0
#define DB_exp_date 1 # define DB_exp_date 1
#define DB_rev_date 2 # define DB_rev_date 2
#define DB_serial 3 /* index - unique */ # define DB_serial 3 /* index - unique */
#define DB_file 4 # define DB_file 4
#define DB_name 5 /* index - unique when active and not disabled */ # define DB_name 5 /* index - unique when active and not
#define DB_NUMBER 6 * disabled */
# define DB_NUMBER 6
#define DB_TYPE_REV 'R' # define DB_TYPE_REV 'R'
#define DB_TYPE_EXP 'E' # define DB_TYPE_EXP 'E'
#define DB_TYPE_VAL 'V' # define DB_TYPE_VAL 'V'
typedef struct db_attr_st typedef struct db_attr_st {
{ int unique_subject;
int unique_subject; } DB_ATTR;
} DB_ATTR; typedef struct ca_db_st {
typedef struct ca_db_st DB_ATTR attributes;
{ TXT_DB *db;
DB_ATTR attributes; } CA_DB;
TXT_DB *db;
} CA_DB;
BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai); BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai);
int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai); int save_serial(char *serialfile, char *suffix, BIGNUM *serial,
ASN1_INTEGER **retai);
int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix); int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix);
int rand_serial(BIGNUM *b, ASN1_INTEGER *ai); int rand_serial(BIGNUM *b, ASN1_INTEGER *ai);
CA_DB *load_index(char *dbfile, DB_ATTR *dbattr); CA_DB *load_index(char *dbfile, DB_ATTR *dbattr);
int index_index(CA_DB *db); int index_index(CA_DB *db);
int save_index(const char *dbfile, const char *suffix, CA_DB *db); int save_index(const char *dbfile, const char *suffix, CA_DB *db);
int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix); int rotate_index(const char *dbfile, const char *new_suffix,
const char *old_suffix);
void free_index(CA_DB *db); void free_index(CA_DB *db);
#define index_name_cmp_noconst(a, b) \ # define index_name_cmp_noconst(a, b) \
index_name_cmp((const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, a), \ index_name_cmp((const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, a), \
(const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, b)) (const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, b))
int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b); int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b);
int parse_yesno(const char *str, int def); int parse_yesno(const char *str, int def);
X509_NAME *parse_name(char *str, long chtype, int multirdn); X509_NAME *parse_name(char *str, long chtype, int multirdn);
int args_verify(char ***pargs, int *pargc, int args_verify(char ***pargs, int *pargc,
int *badarg, BIO *err, X509_VERIFY_PARAM **pm); int *badarg, BIO *err, X509_VERIFY_PARAM **pm);
void policies_print(BIO *out, X509_STORE_CTX *ctx); void policies_print(BIO *out, X509_STORE_CTX *ctx);
int bio_to_mem(unsigned char **out, int maxlen, BIO *in); int bio_to_mem(unsigned char **out, int maxlen, BIO *in);
int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value); int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value);
int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx, int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
const char *algname, ENGINE *e, int do_param); const char *algname, ENGINE *e, int do_param);
int do_X509_sign(BIO *err, X509 *x, EVP_PKEY *pkey, const EVP_MD *md, int do_X509_sign(BIO *err, X509 *x, EVP_PKEY *pkey, const EVP_MD *md,
STACK_OF(OPENSSL_STRING) *sigopts); STACK_OF(OPENSSL_STRING) *sigopts);
int do_X509_REQ_sign(BIO *err, X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md, int do_X509_REQ_sign(BIO *err, X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md,
STACK_OF(OPENSSL_STRING) *sigopts); STACK_OF(OPENSSL_STRING) *sigopts);
int do_X509_CRL_sign(BIO *err, X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md, int do_X509_CRL_sign(BIO *err, X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
STACK_OF(OPENSSL_STRING) *sigopts); STACK_OF(OPENSSL_STRING) *sigopts);
#ifndef OPENSSL_NO_PSK # ifndef OPENSSL_NO_PSK
extern char *psk_key; extern char *psk_key;
#endif # endif
#ifndef OPENSSL_NO_JPAKE # ifndef OPENSSL_NO_JPAKE
void jpake_client_auth(BIO *out, BIO *conn, const char *secret); void jpake_client_auth(BIO *out, BIO *conn, const char *secret);
void jpake_server_auth(BIO *out, BIO *conn, const char *secret); void jpake_server_auth(BIO *out, BIO *conn, const char *secret);
#endif # endif
#ifndef OPENSSL_NO_TLSEXT # ifndef OPENSSL_NO_TLSEXT
unsigned char *next_protos_parse(unsigned short *outlen, const char *in); unsigned char *next_protos_parse(unsigned short *outlen, const char *in);
#endif /* ndef OPENSSL_NO_TLSEXT */ # endif /* ndef OPENSSL_NO_TLSEXT */
void print_cert_checks(BIO *bio, X509 *x, void print_cert_checks(BIO *bio, X509 *x,
const char *checkhost, const char *checkhost,
const char *checkemail, const char *checkemail, const char *checkip);
const char *checkip);
void store_setup_crl_download(X509_STORE *st); void store_setup_crl_download(X509_STORE *st);
#define FORMAT_UNDEF 0 # define FORMAT_UNDEF 0
#define FORMAT_ASN1 1 # define FORMAT_ASN1 1
#define FORMAT_TEXT 2 # define FORMAT_TEXT 2
#define FORMAT_PEM 3 # define FORMAT_PEM 3
#define FORMAT_NETSCAPE 4 # define FORMAT_NETSCAPE 4
#define FORMAT_PKCS12 5 # define FORMAT_PKCS12 5
#define FORMAT_SMIME 6 # define FORMAT_SMIME 6
#define FORMAT_ENGINE 7 # define FORMAT_ENGINE 7
#define FORMAT_IISSGC 8 /* XXX this stupid macro helps us to avoid # define FORMAT_IISSGC 8 /* XXX this stupid macro helps us to avoid
* adding yet another param to load_*key() */ * adding yet another param to load_*key() */
#define FORMAT_PEMRSA 9 /* PEM RSAPubicKey format */ # define FORMAT_PEMRSA 9 /* PEM RSAPubicKey format */
#define FORMAT_ASN1RSA 10 /* DER RSAPubicKey format */ # define FORMAT_ASN1RSA 10 /* DER RSAPubicKey format */
#define FORMAT_MSBLOB 11 /* MS Key blob format */ # define FORMAT_MSBLOB 11 /* MS Key blob format */
#define FORMAT_PVK 12 /* MS PVK file format */ # define FORMAT_PVK 12 /* MS PVK file format */
#define FORMAT_HTTP 13 /* Download using HTTP */ # define FORMAT_HTTP 13 /* Download using HTTP */
#define FORMAT_NSS 14 /* NSS keylog format */ # define FORMAT_NSS 14 /* NSS keylog format */
#define EXT_COPY_NONE 0 # define EXT_COPY_NONE 0
#define EXT_COPY_ADD 1 # define EXT_COPY_ADD 1
#define EXT_COPY_ALL 2 # define EXT_COPY_ALL 2
#define NETSCAPE_CERT_HDR "certificate" # define NETSCAPE_CERT_HDR "certificate"
#define APP_PASS_LEN 1024 # define APP_PASS_LEN 1024
#define SERIAL_RAND_BITS 64 # define SERIAL_RAND_BITS 64
int app_isdir(const char *); int app_isdir(const char *);
int raw_read_stdin(void *,int); int raw_read_stdin(void *, int);
int raw_write_stdout(const void *,int); int raw_write_stdout(const void *, int);
#define TM_START 0 # define TM_START 0
#define TM_STOP 1 # define TM_STOP 1
double app_tminterval (int stop,int usertime); double app_tminterval(int stop, int usertime);
#define OPENSSL_NO_SSL_INTERN # define OPENSSL_NO_SSL_INTERN
#endif #endif

683
apps/asn1pars.c
View File

@ -56,8 +56,9 @@
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
/* A nice addition from Dr Stephen Henson <steve@openssl.org> to /*
* add the -strparse option which parses nested binary structures * A nice addition from Dr Stephen Henson <steve@openssl.org> to add the
* -strparse option which parses nested binary structures
*/ */
#include <stdio.h> #include <stdio.h>
@ -70,402 +71,384 @@
#include <openssl/pem.h> #include <openssl/pem.h>
/*- /*-
* -inform arg - input format - default PEM (DER or PEM) * -inform arg - input format - default PEM (DER or PEM)
* -in arg - input file - default stdin * -in arg - input file - default stdin
* -i - indent the details by depth * -i - indent the details by depth
* -offset - where in the file to start * -offset - where in the file to start
* -length - how many bytes to use * -length - how many bytes to use
* -oid file - extra oid description file * -oid file - extra oid description file
*/ */
#undef PROG #undef PROG
#define PROG asn1parse_main #define PROG asn1parse_main
int MAIN(int, char **); int MAIN(int, char **);
static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf); static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf);
int MAIN(int argc, char **argv) int MAIN(int argc, char **argv)
{ {
int i,badops=0,offset=0,ret=1,j; int i, badops = 0, offset = 0, ret = 1, j;
unsigned int length=0; unsigned int length = 0;
long num,tmplen; long num, tmplen;
BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL; BIO *in = NULL, *out = NULL, *b64 = NULL, *derout = NULL;
int informat,indent=0, noout = 0, dump = 0, strictpem = 0; int informat, indent = 0, noout = 0, dump = 0, strictpem = 0;
char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL, *name=NULL, *header=NULL; char *infile = NULL, *str = NULL, *prog, *oidfile = NULL, *derfile =
char *genstr=NULL, *genconf=NULL; NULL, *name = NULL, *header = NULL;
unsigned char *tmpbuf; char *genstr = NULL, *genconf = NULL;
const unsigned char *ctmpbuf; unsigned char *tmpbuf;
BUF_MEM *buf=NULL; const unsigned char *ctmpbuf;
STACK_OF(OPENSSL_STRING) *osk=NULL; BUF_MEM *buf = NULL;
ASN1_TYPE *at=NULL; STACK_OF(OPENSSL_STRING) *osk = NULL;
ASN1_TYPE *at = NULL;
informat=FORMAT_PEM; informat = FORMAT_PEM;
apps_startup(); apps_startup();
if (bio_err == NULL) if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL)) if (!load_config(bio_err, NULL))
goto end; goto end;
prog=argv[0]; prog = argv[0];
argc--; argc--;
argv++; argv++;
if ((osk=sk_OPENSSL_STRING_new_null()) == NULL) if ((osk = sk_OPENSSL_STRING_new_null()) == NULL) {
{ BIO_printf(bio_err, "Memory allocation failure\n");
BIO_printf(bio_err,"Memory allocation failure\n"); goto end;
goto end; }
} while (argc >= 1) {
while (argc >= 1) if (strcmp(*argv, "-inform") == 0) {
{ if (--argc < 1)
if (strcmp(*argv,"-inform") == 0) goto bad;
{ informat = str2fmt(*(++argv));
if (--argc < 1) goto bad; } else if (strcmp(*argv, "-in") == 0) {
informat=str2fmt(*(++argv)); if (--argc < 1)
} goto bad;
else if (strcmp(*argv,"-in") == 0) infile = *(++argv);
{ } else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1) goto bad; if (--argc < 1)
infile= *(++argv); goto bad;
} derfile = *(++argv);
else if (strcmp(*argv,"-out") == 0) } else if (strcmp(*argv, "-i") == 0) {
{ indent = 1;
if (--argc < 1) goto bad; } else if (strcmp(*argv, "-noout") == 0)
derfile= *(++argv); noout = 1;
} else if (strcmp(*argv, "-oid") == 0) {
else if (strcmp(*argv,"-i") == 0) if (--argc < 1)
{ goto bad;
indent=1; oidfile = *(++argv);
} } else if (strcmp(*argv, "-offset") == 0) {
else if (strcmp(*argv,"-noout") == 0) noout = 1; if (--argc < 1)
else if (strcmp(*argv,"-oid") == 0) goto bad;
{ offset = atoi(*(++argv));
if (--argc < 1) goto bad; } else if (strcmp(*argv, "-length") == 0) {
oidfile= *(++argv); if (--argc < 1)
} goto bad;
else if (strcmp(*argv,"-offset") == 0) length = atoi(*(++argv));
{ if (length == 0)
if (--argc < 1) goto bad; goto bad;
offset= atoi(*(++argv)); } else if (strcmp(*argv, "-dump") == 0) {
} dump = -1;
else if (strcmp(*argv,"-length") == 0) } else if (strcmp(*argv, "-dlimit") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
length= atoi(*(++argv)); dump = atoi(*(++argv));
if (length == 0) goto bad; if (dump <= 0)
} goto bad;
else if (strcmp(*argv,"-dump") == 0) } else if (strcmp(*argv, "-strparse") == 0) {
{ if (--argc < 1)
dump= -1; goto bad;
} sk_OPENSSL_STRING_push(osk, *(++argv));
else if (strcmp(*argv,"-dlimit") == 0) } else if (strcmp(*argv, "-genstr") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
dump= atoi(*(++argv)); genstr = *(++argv);
if (dump <= 0) goto bad; } else if (strcmp(*argv, "-genconf") == 0) {
} if (--argc < 1)
else if (strcmp(*argv,"-strparse") == 0) goto bad;
{ genconf = *(++argv);
if (--argc < 1) goto bad; } else if (strcmp(*argv, "-strictpem") == 0) {
sk_OPENSSL_STRING_push(osk,*(++argv)); strictpem = 1;
} informat = FORMAT_PEM;
else if (strcmp(*argv,"-genstr") == 0) } else {
{ BIO_printf(bio_err, "unknown option %s\n", *argv);
if (--argc < 1) goto bad; badops = 1;
genstr= *(++argv); break;
} }
else if (strcmp(*argv,"-genconf") == 0) argc--;
{ argv++;
if (--argc < 1) goto bad; }
genconf= *(++argv);
}
else if (strcmp(*argv,"-strictpem") == 0)
{
strictpem = 1;
informat = FORMAT_PEM;
}
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
badops=1;
break;
}
argc--;
argv++;
}
if (badops) if (badops) {
{ bad:
bad: BIO_printf(bio_err, "%s [options] <infile\n", prog);
BIO_printf(bio_err,"%s [options] <infile\n",prog); BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err,"where options are\n"); BIO_printf(bio_err, " -inform arg input format - one of DER PEM\n");
BIO_printf(bio_err," -inform arg input format - one of DER PEM\n"); BIO_printf(bio_err, " -in arg input file\n");
BIO_printf(bio_err," -in arg input file\n"); BIO_printf(bio_err,
BIO_printf(bio_err," -out arg output file (output format is always DER\n"); " -out arg output file (output format is always DER\n");
BIO_printf(bio_err," -noout arg don't produce any output\n"); BIO_printf(bio_err, " -noout arg don't produce any output\n");
BIO_printf(bio_err," -offset arg offset into file\n"); BIO_printf(bio_err, " -offset arg offset into file\n");
BIO_printf(bio_err," -length arg length of section in file\n"); BIO_printf(bio_err, " -length arg length of section in file\n");
BIO_printf(bio_err," -i indent entries\n"); BIO_printf(bio_err, " -i indent entries\n");
BIO_printf(bio_err," -dump dump unknown data in hex form\n"); BIO_printf(bio_err, " -dump dump unknown data in hex form\n");
BIO_printf(bio_err," -dlimit arg dump the first arg bytes of unknown data in hex form\n"); BIO_printf(bio_err,
BIO_printf(bio_err," -oid file file of extra oid definitions\n"); " -dlimit arg dump the first arg bytes of unknown data in hex form\n");
BIO_printf(bio_err," -strparse offset\n"); BIO_printf(bio_err, " -oid file file of extra oid definitions\n");
BIO_printf(bio_err," a series of these can be used to 'dig' into multiple\n"); BIO_printf(bio_err, " -strparse offset\n");
BIO_printf(bio_err," ASN1 blob wrappings\n"); BIO_printf(bio_err,
BIO_printf(bio_err," -genstr str string to generate ASN1 structure from\n"); " a series of these can be used to 'dig' into multiple\n");
BIO_printf(bio_err," -genconf file file to generate ASN1 structure from\n"); BIO_printf(bio_err, " ASN1 blob wrappings\n");
BIO_printf(bio_err," -strictpem do not attempt base64 decode outside PEM markers (-inform \n"); BIO_printf(bio_err,
BIO_printf(bio_err," will be ignored)\n"); " -genstr str string to generate ASN1 structure from\n");
goto end; BIO_printf(bio_err,
} " -genconf file file to generate ASN1 structure from\n");
BIO_printf(bio_err,
" -strictpem do not attempt base64 decode outside PEM markers (-inform \n");
BIO_printf(bio_err, " will be ignored)\n");
goto end;
}
ERR_load_crypto_strings(); ERR_load_crypto_strings();
in=BIO_new(BIO_s_file()); in = BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL)) if ((in == NULL) || (out == NULL)) {
{ ERR_print_errors(bio_err);
ERR_print_errors(bio_err); goto end;
goto end; }
} BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
#ifdef OPENSSL_SYS_VMS #ifdef OPENSSL_SYS_VMS
{ {
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out); out = BIO_push(tmpbio, out);
} }
#endif #endif
if (oidfile != NULL) if (oidfile != NULL) {
{ if (BIO_read_filename(in, oidfile) <= 0) {
if (BIO_read_filename(in,oidfile) <= 0) BIO_printf(bio_err, "problems opening %s\n", oidfile);
{ ERR_print_errors(bio_err);
BIO_printf(bio_err,"problems opening %s\n",oidfile); goto end;
ERR_print_errors(bio_err); }
goto end; OBJ_create_objects(in);
} }
OBJ_create_objects(in);
}
if (infile == NULL) if (infile == NULL)
BIO_set_fp(in,stdin,BIO_NOCLOSE); BIO_set_fp(in, stdin, BIO_NOCLOSE);
else else {
{ if (BIO_read_filename(in, infile) <= 0) {
if (BIO_read_filename(in,infile) <= 0) perror(infile);
{ goto end;
perror(infile); }
goto end; }
}
}
if (derfile) { if (derfile) {
if(!(derout = BIO_new_file(derfile, "wb"))) { if (!(derout = BIO_new_file(derfile, "wb"))) {
BIO_printf(bio_err,"problems opening %s\n",derfile); BIO_printf(bio_err, "problems opening %s\n", derfile);
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
} }
if(strictpem) if (strictpem) {
{ if (PEM_read_bio(in, &name, &header, (unsigned char **)&str, &num) !=
if(PEM_read_bio(in, &name, &header, (unsigned char **)&str, &num) != 1) 1) {
{ BIO_printf(bio_err, "Error reading PEM file\n");
BIO_printf(bio_err,"Error reading PEM file\n"); ERR_print_errors(bio_err);
ERR_print_errors(bio_err); goto end;
goto end; }
} } else {
}
else
{
if ((buf=BUF_MEM_new()) == NULL) goto end; if ((buf = BUF_MEM_new()) == NULL)
if (!BUF_MEM_grow(buf,BUFSIZ*8)) goto end; /* Pre-allocate :-) */ goto end;
if (!BUF_MEM_grow(buf, BUFSIZ * 8))
goto end; /* Pre-allocate :-) */
if (genstr || genconf) if (genstr || genconf) {
{ num = do_generate(bio_err, genstr, genconf, buf);
num = do_generate(bio_err, genstr, genconf, buf); if (num < 0) {
if (num < 0) ERR_print_errors(bio_err);
{ goto end;
ERR_print_errors(bio_err); }
goto end; }
}
}
else else {
{
if (informat == FORMAT_PEM) if (informat == FORMAT_PEM) {
{ BIO *tmp;
BIO *tmp;
if ((b64=BIO_new(BIO_f_base64())) == NULL) if ((b64 = BIO_new(BIO_f_base64())) == NULL)
goto end; goto end;
BIO_push(b64,in); BIO_push(b64, in);
tmp=in; tmp = in;
in=b64; in = b64;
b64=tmp; b64 = tmp;
} }
num=0; num = 0;
for (;;) for (;;) {
{ if (!BUF_MEM_grow(buf, (int)num + BUFSIZ))
if (!BUF_MEM_grow(buf,(int)num+BUFSIZ)) goto end; goto end;
i=BIO_read(in,&(buf->data[num]),BUFSIZ); i = BIO_read(in, &(buf->data[num]), BUFSIZ);
if (i <= 0) break; if (i <= 0)
num+=i; break;
} num += i;
} }
str=buf->data; }
str = buf->data;
} }
/* If any structs to parse go through in sequence */ /* If any structs to parse go through in sequence */
if (sk_OPENSSL_STRING_num(osk)) if (sk_OPENSSL_STRING_num(osk)) {
{ tmpbuf = (unsigned char *)str;
tmpbuf=(unsigned char *)str; tmplen = num;
tmplen=num; for (i = 0; i < sk_OPENSSL_STRING_num(osk); i++) {
for (i=0; i<sk_OPENSSL_STRING_num(osk); i++) ASN1_TYPE *atmp;
{ int typ;
ASN1_TYPE *atmp; j = atoi(sk_OPENSSL_STRING_value(osk, i));
int typ; if (j == 0) {
j=atoi(sk_OPENSSL_STRING_value(osk,i)); BIO_printf(bio_err, "'%s' is an invalid number\n",
if (j == 0) sk_OPENSSL_STRING_value(osk, i));
{ continue;
BIO_printf(bio_err,"'%s' is an invalid number\n",sk_OPENSSL_STRING_value(osk,i)); }
continue; tmpbuf += j;
} tmplen -= j;
tmpbuf+=j; atmp = at;
tmplen-=j; ctmpbuf = tmpbuf;
atmp = at; at = d2i_ASN1_TYPE(NULL, &ctmpbuf, tmplen);
ctmpbuf = tmpbuf; ASN1_TYPE_free(atmp);
at = d2i_ASN1_TYPE(NULL,&ctmpbuf,tmplen); if (!at) {
ASN1_TYPE_free(atmp); BIO_printf(bio_err, "Error parsing structure\n");
if(!at) ERR_print_errors(bio_err);
{ goto end;
BIO_printf(bio_err,"Error parsing structure\n"); }
ERR_print_errors(bio_err); typ = ASN1_TYPE_get(at);
goto end; if ((typ == V_ASN1_OBJECT)
} || (typ == V_ASN1_NULL)) {
typ = ASN1_TYPE_get(at); BIO_printf(bio_err, "Can't parse %s type\n",
if ((typ == V_ASN1_OBJECT) typ == V_ASN1_NULL ? "NULL" : "OBJECT");
|| (typ == V_ASN1_NULL)) ERR_print_errors(bio_err);
{ goto end;
BIO_printf(bio_err, "Can't parse %s type\n", }
typ == V_ASN1_NULL ? "NULL" : "OBJECT"); /* hmm... this is a little evil but it works */
ERR_print_errors(bio_err); tmpbuf = at->value.asn1_string->data;
goto end; tmplen = at->value.asn1_string->length;
} }
/* hmm... this is a little evil but it works */ str = (char *)tmpbuf;
tmpbuf=at->value.asn1_string->data; num = tmplen;
tmplen=at->value.asn1_string->length; }
}
str=(char *)tmpbuf;
num=tmplen;
}
if (offset >= num) if (offset >= num) {
{ BIO_printf(bio_err, "Error: offset too large\n");
BIO_printf(bio_err, "Error: offset too large\n"); goto end;
goto end; }
}
num -= offset; num -= offset;
if ((length == 0) || ((long)length > num)) length=(unsigned int)num; if ((length == 0) || ((long)length > num))
if(derout) { length = (unsigned int)num;
if(BIO_write(derout, str + offset, length) != (int)length) { if (derout) {
BIO_printf(bio_err, "Error writing output\n"); if (BIO_write(derout, str + offset, length) != (int)length) {
ERR_print_errors(bio_err); BIO_printf(bio_err, "Error writing output\n");
goto end; ERR_print_errors(bio_err);
} goto end;
} }
if (!noout && }
!ASN1_parse_dump(out,(unsigned char *)&(str[offset]),length, if (!noout &&
indent,dump)) !ASN1_parse_dump(out, (unsigned char *)&(str[offset]), length,
{ indent, dump)) {
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
ret=0; ret = 0;
end: end:
BIO_free(derout); BIO_free(derout);
if (in != NULL) BIO_free(in); if (in != NULL)
if (out != NULL) BIO_free_all(out); BIO_free(in);
if (b64 != NULL) BIO_free(b64); if (out != NULL)
if (ret != 0) BIO_free_all(out);
ERR_print_errors(bio_err); if (b64 != NULL)
if (buf != NULL) BUF_MEM_free(buf); BIO_free(b64);
if (name != NULL) OPENSSL_free(name); if (ret != 0)
if (header != NULL) OPENSSL_free(header); ERR_print_errors(bio_err);
if (strictpem && str != NULL) OPENSSL_free(str); if (buf != NULL)
if (at != NULL) ASN1_TYPE_free(at); BUF_MEM_free(buf);
if (osk != NULL) sk_OPENSSL_STRING_free(osk); if (name != NULL)
OBJ_cleanup(); OPENSSL_free(name);
apps_shutdown(); if (header != NULL)
OPENSSL_EXIT(ret); OPENSSL_free(header);
} if (strictpem && str != NULL)
OPENSSL_free(str);
if (at != NULL)
ASN1_TYPE_free(at);
if (osk != NULL)
sk_OPENSSL_STRING_free(osk);
OBJ_cleanup();
apps_shutdown();
OPENSSL_EXIT(ret);
}
static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf) static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
{ {
CONF *cnf = NULL; CONF *cnf = NULL;
int len; int len;
long errline; long errline;
unsigned char *p; unsigned char *p;
ASN1_TYPE *atyp = NULL; ASN1_TYPE *atyp = NULL;
if (genconf) if (genconf) {
{ cnf = NCONF_new(NULL);
cnf = NCONF_new(NULL); if (!NCONF_load(cnf, genconf, &errline))
if (!NCONF_load(cnf, genconf, &errline)) goto conferr;
goto conferr; if (!genstr)
if (!genstr) genstr = NCONF_get_string(cnf, "default", "asn1");
genstr = NCONF_get_string(cnf, "default", "asn1"); if (!genstr) {
if (!genstr) BIO_printf(bio, "Can't find 'asn1' in '%s'\n", genconf);
{ goto err;
BIO_printf(bio, "Can't find 'asn1' in '%s'\n", genconf); }
goto err; }
}
}
atyp = ASN1_generate_nconf(genstr, cnf); atyp = ASN1_generate_nconf(genstr, cnf);
NCONF_free(cnf); NCONF_free(cnf);
cnf = NULL; cnf = NULL;
if (!atyp) if (!atyp)
return -1; return -1;
len = i2d_ASN1_TYPE(atyp, NULL); len = i2d_ASN1_TYPE(atyp, NULL);
if (len <= 0) if (len <= 0)
goto err; goto err;
if (!BUF_MEM_grow(buf,len)) if (!BUF_MEM_grow(buf, len))
goto err; goto err;
p=(unsigned char *)buf->data; p = (unsigned char *)buf->data;
i2d_ASN1_TYPE(atyp, &p); i2d_ASN1_TYPE(atyp, &p);
ASN1_TYPE_free(atyp); ASN1_TYPE_free(atyp);
return len; return len;
conferr: conferr:
if (errline > 0) if (errline > 0)
BIO_printf(bio, "Error on line %ld of config file '%s'\n", BIO_printf(bio, "Error on line %ld of config file '%s'\n",
errline, genconf); errline, genconf);
else else
BIO_printf(bio, "Error loading config file '%s'\n", genconf); BIO_printf(bio, "Error loading config file '%s'\n", genconf);
err: err:
NCONF_free(cnf); NCONF_free(cnf);
ASN1_TYPE_free(atyp); ASN1_TYPE_free(atyp);
return -1; return -1;
} }

5029
apps/ca.c
View File

File diff suppressed because it is too large Load Diff

285
apps/ciphers.c
View File

@ -64,182 +64,173 @@
#include <openssl/ssl.h> #include <openssl/ssl.h>
#undef PROG #undef PROG
#define PROG ciphers_main #define PROG ciphers_main
static const char *ciphers_usage[]={ static const char *ciphers_usage[] = {
"usage: ciphers args\n", "usage: ciphers args\n",
" -v - verbose mode, a textual listing of the SSL/TLS ciphers in OpenSSL\n", " -v - verbose mode, a textual listing of the SSL/TLS ciphers in OpenSSL\n",
" -V - even more verbose\n", " -V - even more verbose\n",
" -ssl3 - SSL3 mode\n", " -ssl3 - SSL3 mode\n",
" -tls1 - TLS1 mode\n", " -tls1 - TLS1 mode\n",
NULL NULL
}; };
int MAIN(int, char **); int MAIN(int, char **);
int MAIN(int argc, char **argv) int MAIN(int argc, char **argv)
{ {
int ret=1,i; int ret = 1, i;
int verbose=0,Verbose=0; int verbose = 0, Verbose = 0;
int use_supported = 0; int use_supported = 0;
#ifndef OPENSSL_NO_SSL_TRACE #ifndef OPENSSL_NO_SSL_TRACE
int stdname = 0; int stdname = 0;
#endif #endif
const char **pp; const char **pp;
const char *p; const char *p;
int badops=0; int badops = 0;
SSL_CTX *ctx=NULL; SSL_CTX *ctx = NULL;
SSL *ssl=NULL; SSL *ssl = NULL;
char *ciphers=NULL; char *ciphers = NULL;
const SSL_METHOD *meth=NULL; const SSL_METHOD *meth = NULL;
STACK_OF(SSL_CIPHER) *sk=NULL; STACK_OF(SSL_CIPHER) *sk = NULL;
char buf[512]; char buf[512];
BIO *STDout=NULL; BIO *STDout = NULL;
meth=SSLv23_server_method(); meth = SSLv23_server_method();
apps_startup(); apps_startup();
if (bio_err == NULL) if (bio_err == NULL)
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
STDout=BIO_new_fp(stdout,BIO_NOCLOSE); STDout = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS #ifdef OPENSSL_SYS_VMS
{ {
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); BIO *tmpbio = BIO_new(BIO_f_linebuffer());
STDout = BIO_push(tmpbio, STDout); STDout = BIO_push(tmpbio, STDout);
} }
#endif #endif
if (!load_config(bio_err, NULL)) if (!load_config(bio_err, NULL))
goto end; goto end;
argc--; argc--;
argv++; argv++;
while (argc >= 1) while (argc >= 1) {
{ if (strcmp(*argv, "-v") == 0)
if (strcmp(*argv,"-v") == 0) verbose = 1;
verbose=1; else if (strcmp(*argv, "-V") == 0)
else if (strcmp(*argv,"-V") == 0) verbose = Verbose = 1;
verbose=Verbose=1; else if (strcmp(*argv, "-s") == 0)
else if (strcmp(*argv,"-s") == 0) use_supported = 1;
use_supported = 1;
#ifndef OPENSSL_NO_SSL_TRACE #ifndef OPENSSL_NO_SSL_TRACE
else if (strcmp(*argv,"-stdname") == 0) else if (strcmp(*argv, "-stdname") == 0)
stdname=verbose=1; stdname = verbose = 1;
#endif #endif
#ifndef OPENSSL_NO_SSL3 #ifndef OPENSSL_NO_SSL3
else if (strcmp(*argv,"-ssl3") == 0) else if (strcmp(*argv, "-ssl3") == 0)
meth=SSLv3_client_method(); meth = SSLv3_client_method();
#endif #endif
#ifndef OPENSSL_NO_TLS1 #ifndef OPENSSL_NO_TLS1
else if (strcmp(*argv,"-tls1") == 0) else if (strcmp(*argv, "-tls1") == 0)
meth=TLSv1_client_method(); meth = TLSv1_client_method();
#endif #endif
else if ((strncmp(*argv,"-h",2) == 0) || else if ((strncmp(*argv, "-h", 2) == 0) || (strcmp(*argv, "-?") == 0)) {
(strcmp(*argv,"-?") == 0)) badops = 1;
{ break;
badops=1; } else {
break; ciphers = *argv;
} }
else argc--;
{ argv++;
ciphers= *argv; }
}
argc--;
argv++;
}
if (badops) if (badops) {
{ for (pp = ciphers_usage; (*pp != NULL); pp++)
for (pp=ciphers_usage; (*pp != NULL); pp++) BIO_printf(bio_err, "%s", *pp);
BIO_printf(bio_err,"%s",*pp); goto end;
goto end; }
}
OpenSSL_add_ssl_algorithms(); OpenSSL_add_ssl_algorithms();
ctx=SSL_CTX_new(meth); ctx = SSL_CTX_new(meth);
if (ctx == NULL) goto err; if (ctx == NULL)
if (ciphers != NULL) { goto err;
if(!SSL_CTX_set_cipher_list(ctx,ciphers)) { if (ciphers != NULL) {
BIO_printf(bio_err, "Error in cipher list\n"); if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
goto err; BIO_printf(bio_err, "Error in cipher list\n");
} goto err;
} }
ssl=SSL_new(ctx); }
if (ssl == NULL) goto err; ssl = SSL_new(ctx);
if (ssl == NULL)
goto err;
if (use_supported) if (use_supported)
sk=SSL_get1_supported_ciphers(ssl); sk = SSL_get1_supported_ciphers(ssl);
else else
sk=SSL_get_ciphers(ssl); sk = SSL_get_ciphers(ssl);
if (!verbose) if (!verbose) {
{ for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
for (i=0; i<sk_SSL_CIPHER_num(sk); i++) SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
{ p = SSL_CIPHER_get_name(c);
SSL_CIPHER *c = sk_SSL_CIPHER_value(sk,i); if (p == NULL)
p = SSL_CIPHER_get_name(c); break;
if (p == NULL) break; if (i != 0)
if (i != 0) BIO_printf(STDout,":"); BIO_printf(STDout, ":");
BIO_printf(STDout,"%s",p); BIO_printf(STDout, "%s", p);
} }
BIO_printf(STDout,"\n"); BIO_printf(STDout, "\n");
} } else { /* verbose */
else /* verbose */
{
for (i=0; i<sk_SSL_CIPHER_num(sk); i++) for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
{ SSL_CIPHER *c;
SSL_CIPHER *c;
c = sk_SSL_CIPHER_value(sk,i); c = sk_SSL_CIPHER_value(sk, i);
if (Verbose) if (Verbose) {
{ unsigned long id = SSL_CIPHER_get_id(c);
unsigned long id = SSL_CIPHER_get_id(c); int id0 = (int)(id >> 24);
int id0 = (int)(id >> 24); int id1 = (int)((id >> 16) & 0xffL);
int id1 = (int)((id >> 16) & 0xffL); int id2 = (int)((id >> 8) & 0xffL);
int id2 = (int)((id >> 8) & 0xffL); int id3 = (int)(id & 0xffL);
int id3 = (int)(id & 0xffL);
if ((id & 0xff000000L) == 0x03000000L) if ((id & 0xff000000L) == 0x03000000L) {
{ /* SSL3 cipher */
/* SSL3 cipher */ BIO_printf(STDout, " 0x%02X,0x%02X - ", id2,
BIO_printf(STDout, " 0x%02X,0x%02X - ", id2, id3); id3);
} } else {
else /* whatever */
{ BIO_printf(STDout, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0,
/* whatever */ id1, id2, id3);
BIO_printf(STDout, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); }
} }
}
#ifndef OPENSSL_NO_SSL_TRACE #ifndef OPENSSL_NO_SSL_TRACE
if (stdname) if (stdname) {
{ const char *nm = SSL_CIPHER_standard_name(c);
const char *nm = SSL_CIPHER_standard_name(c); if (nm == NULL)
if (nm == NULL) nm = "UNKNOWN";
nm = "UNKNOWN"; BIO_printf(STDout, "%s - ", nm);
BIO_printf(STDout, "%s - ", nm); }
}
#endif #endif
BIO_puts(STDout,SSL_CIPHER_description(c,buf,sizeof buf)); BIO_puts(STDout, SSL_CIPHER_description(c, buf, sizeof buf));
} }
} }
ret=0;
if (0)
{
err:
SSL_load_error_strings();
ERR_print_errors(bio_err);
}
end:
if (use_supported && sk)
sk_SSL_CIPHER_free(sk);
if (ctx != NULL) SSL_CTX_free(ctx);
if (ssl != NULL) SSL_free(ssl);
if (STDout != NULL) BIO_free_all(STDout);
apps_shutdown();
OPENSSL_EXIT(ret);
}
ret = 0;
if (0) {
err:
SSL_load_error_strings();
ERR_print_errors(bio_err);
}
end:
if (use_supported && sk)
sk_SSL_CIPHER_free(sk);
if (ctx != NULL)
SSL_CTX_free(ctx);
if (ssl != NULL)
SSL_free(ssl);
if (STDout != NULL)
BIO_free_all(STDout);
apps_shutdown();
OPENSSL_EXIT(ret);
}

2607
apps/cms.c
View File

File diff suppressed because it is too large Load Diff

692
apps/crl.c
View File

@ -67,410 +67,376 @@
#include <openssl/pem.h> #include <openssl/pem.h>
#undef PROG #undef PROG
#define PROG crl_main #define PROG crl_main
#undef POSTFIX #undef POSTFIX
#define POSTFIX ".rvk" #define POSTFIX ".rvk"
static const char *crl_usage[]={ static const char *crl_usage[] = {
"usage: crl args\n", "usage: crl args\n",
"\n", "\n",
" -inform arg - input format - default PEM (DER or PEM)\n", " -inform arg - input format - default PEM (DER or PEM)\n",
" -outform arg - output format - default PEM\n", " -outform arg - output format - default PEM\n",
" -text - print out a text format version\n", " -text - print out a text format version\n",
" -in arg - input file - default stdin\n", " -in arg - input file - default stdin\n",
" -out arg - output file - default stdout\n", " -out arg - output file - default stdout\n",
" -hash - print hash value\n", " -hash - print hash value\n",
#ifndef OPENSSL_NO_MD5 #ifndef OPENSSL_NO_MD5
" -hash_old - print old-style (MD5) hash value\n", " -hash_old - print old-style (MD5) hash value\n",
#endif #endif
" -fingerprint - print the crl fingerprint\n", " -fingerprint - print the crl fingerprint\n",
" -issuer - print issuer DN\n", " -issuer - print issuer DN\n",
" -lastupdate - lastUpdate field\n", " -lastupdate - lastUpdate field\n",
" -nextupdate - nextUpdate field\n", " -nextupdate - nextUpdate field\n",
" -crlnumber - print CRL number\n", " -crlnumber - print CRL number\n",
" -noout - no CRL output\n", " -noout - no CRL output\n",
" -CAfile name - verify CRL using certificates in file \"name\"\n", " -CAfile name - verify CRL using certificates in file \"name\"\n",
" -CApath dir - verify CRL using certificates in \"dir\"\n", " -CApath dir - verify CRL using certificates in \"dir\"\n",
" -nameopt arg - various certificate name options\n", " -nameopt arg - various certificate name options\n",
NULL NULL
}; };
static BIO *bio_out=NULL; static BIO *bio_out = NULL;
int MAIN(int, char **); int MAIN(int, char **);
int MAIN(int argc, char **argv) int MAIN(int argc, char **argv)
{ {
unsigned long nmflag = 0; unsigned long nmflag = 0;
X509_CRL *x=NULL; X509_CRL *x = NULL;
char *CAfile = NULL, *CApath = NULL; char *CAfile = NULL, *CApath = NULL;
int ret=1,i,num,badops=0,badsig=0; int ret = 1, i, num, badops = 0, badsig = 0;
BIO *out=NULL; BIO *out = NULL;
int informat,outformat, keyformat; int informat, outformat, keyformat;
char *infile=NULL,*outfile=NULL, *crldiff = NULL, *keyfile = NULL; char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL;
int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0; int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout =
0, text = 0;
#ifndef OPENSSL_NO_MD5 #ifndef OPENSSL_NO_MD5
int hash_old=0; int hash_old = 0;
#endif #endif
int fingerprint = 0, crlnumber = 0; int fingerprint = 0, crlnumber = 0;
const char **pp; const char **pp;
X509_STORE *store = NULL; X509_STORE *store = NULL;
X509_STORE_CTX ctx; X509_STORE_CTX ctx;
X509_LOOKUP *lookup = NULL; X509_LOOKUP *lookup = NULL;
X509_OBJECT xobj; X509_OBJECT xobj;
EVP_PKEY *pkey; EVP_PKEY *pkey;
int do_ver = 0; int do_ver = 0;
const EVP_MD *md_alg,*digest=EVP_sha1(); const EVP_MD *md_alg, *digest = EVP_sha1();
apps_startup(); apps_startup();
if (bio_err == NULL) if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL)) if (!load_config(bio_err, NULL))
goto end; goto end;
if (bio_out == NULL) if (bio_out == NULL)
if ((bio_out=BIO_new(BIO_s_file())) != NULL) if ((bio_out = BIO_new(BIO_s_file())) != NULL) {
{ BIO_set_fp(bio_out, stdout, BIO_NOCLOSE);
BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS #ifdef OPENSSL_SYS_VMS
{ {
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); BIO *tmpbio = BIO_new(BIO_f_linebuffer());
bio_out = BIO_push(tmpbio, bio_out); bio_out = BIO_push(tmpbio, bio_out);
} }
#endif #endif
} }
informat=FORMAT_PEM; informat = FORMAT_PEM;
outformat=FORMAT_PEM; outformat = FORMAT_PEM;
keyformat=FORMAT_PEM; keyformat = FORMAT_PEM;
argc--; argc--;
argv++; argv++;
num=0; num = 0;
while (argc >= 1) while (argc >= 1) {
{
#ifdef undef #ifdef undef
if (strcmp(*argv,"-p") == 0) if (strcmp(*argv, "-p") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
if (!args_from_file(++argv,Nargc,Nargv)) { goto end; }*/ if (!args_from_file(++argv, Nargc, Nargv)) {
} goto end;
}
*/}
#endif #endif
if (strcmp(*argv,"-inform") == 0) if (strcmp(*argv, "-inform") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
informat=str2fmt(*(++argv)); informat = str2fmt(*(++argv));
} } else if (strcmp(*argv, "-outform") == 0) {
else if (strcmp(*argv,"-outform") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad; outformat = str2fmt(*(++argv));
outformat=str2fmt(*(++argv)); } else if (strcmp(*argv, "-in") == 0) {
} if (--argc < 1)
else if (strcmp(*argv,"-in") == 0) goto bad;
{ infile = *(++argv);
if (--argc < 1) goto bad; } else if (strcmp(*argv, "-gendelta") == 0) {
infile= *(++argv); if (--argc < 1)
} goto bad;
else if (strcmp(*argv,"-gendelta") == 0) crldiff = *(++argv);
{ } else if (strcmp(*argv, "-key") == 0) {
if (--argc < 1) goto bad; if (--argc < 1)
crldiff= *(++argv); goto bad;
} keyfile = *(++argv);
else if (strcmp(*argv,"-key") == 0) } else if (strcmp(*argv, "-keyform") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
keyfile= *(++argv); keyformat = str2fmt(*(++argv));
} } else if (strcmp(*argv, "-out") == 0) {
else if (strcmp(*argv,"-keyform") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad; outfile = *(++argv);
keyformat=str2fmt(*(++argv)); } else if (strcmp(*argv, "-CApath") == 0) {
} if (--argc < 1)
else if (strcmp(*argv,"-out") == 0) goto bad;
{ CApath = *(++argv);
if (--argc < 1) goto bad; do_ver = 1;
outfile= *(++argv); } else if (strcmp(*argv, "-CAfile") == 0) {
} if (--argc < 1)
else if (strcmp(*argv,"-CApath") == 0) goto bad;
{ CAfile = *(++argv);
if (--argc < 1) goto bad; do_ver = 1;
CApath = *(++argv); } else if (strcmp(*argv, "-verify") == 0)
do_ver = 1; do_ver = 1;
} else if (strcmp(*argv, "-text") == 0)
else if (strcmp(*argv,"-CAfile") == 0) text = 1;
{ else if (strcmp(*argv, "-hash") == 0)
if (--argc < 1) goto bad; hash = ++num;
CAfile = *(++argv);
do_ver = 1;
}
else if (strcmp(*argv,"-verify") == 0)
do_ver = 1;
else if (strcmp(*argv,"-text") == 0)
text = 1;
else if (strcmp(*argv,"-hash") == 0)
hash= ++num;
#ifndef OPENSSL_NO_MD5 #ifndef OPENSSL_NO_MD5
else if (strcmp(*argv,"-hash_old") == 0) else if (strcmp(*argv, "-hash_old") == 0)
hash_old= ++num; hash_old = ++num;
#endif #endif
else if (strcmp(*argv,"-nameopt") == 0) else if (strcmp(*argv, "-nameopt") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
if (!set_name_ex(&nmflag, *(++argv))) goto bad; if (!set_name_ex(&nmflag, *(++argv)))
} goto bad;
else if (strcmp(*argv,"-issuer") == 0) } else if (strcmp(*argv, "-issuer") == 0)
issuer= ++num; issuer = ++num;
else if (strcmp(*argv,"-lastupdate") == 0) else if (strcmp(*argv, "-lastupdate") == 0)
lastupdate= ++num; lastupdate = ++num;
else if (strcmp(*argv,"-nextupdate") == 0) else if (strcmp(*argv, "-nextupdate") == 0)
nextupdate= ++num; nextupdate = ++num;
else if (strcmp(*argv,"-noout") == 0) else if (strcmp(*argv, "-noout") == 0)
noout= ++num; noout = ++num;
else if (strcmp(*argv,"-fingerprint") == 0) else if (strcmp(*argv, "-fingerprint") == 0)
fingerprint= ++num; fingerprint = ++num;
else if (strcmp(*argv,"-crlnumber") == 0) else if (strcmp(*argv, "-crlnumber") == 0)
crlnumber= ++num; crlnumber = ++num;
else if (strcmp(*argv,"-badsig") == 0) else if (strcmp(*argv, "-badsig") == 0)
badsig = 1; badsig = 1;
else if ((md_alg=EVP_get_digestbyname(*argv + 1))) else if ((md_alg = EVP_get_digestbyname(*argv + 1))) {
{ /* ok */
/* ok */ digest = md_alg;
digest=md_alg; } else {
} BIO_printf(bio_err, "unknown option %s\n", *argv);
else badops = 1;
{ break;
BIO_printf(bio_err,"unknown option %s\n",*argv); }
badops=1; argc--;
break; argv++;
} }
argc--;
argv++;
}
if (badops) if (badops) {
{ bad:
bad: for (pp = crl_usage; (*pp != NULL); pp++)
for (pp=crl_usage; (*pp != NULL); pp++) BIO_printf(bio_err, "%s", *pp);
BIO_printf(bio_err,"%s",*pp); goto end;
goto end; }
}
ERR_load_crypto_strings(); ERR_load_crypto_strings();
x=load_crl(infile,informat); x = load_crl(infile, informat);
if (x == NULL) { goto end; } if (x == NULL) {
goto end;
}
if(do_ver) { if (do_ver) {
store = X509_STORE_new(); store = X509_STORE_new();
lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file()); lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
if (lookup == NULL) goto end; if (lookup == NULL)
if (!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) goto end;
X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT); if (!X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM))
X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir()); lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
if (lookup == NULL) goto end; if (lookup == NULL)
if (!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) goto end;
X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT); if (!X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM))
ERR_clear_error(); X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
ERR_clear_error();
if(!X509_STORE_CTX_init(&ctx, store, NULL, NULL)) { if (!X509_STORE_CTX_init(&ctx, store, NULL, NULL)) {
BIO_printf(bio_err, BIO_printf(bio_err, "Error initialising X509 store\n");
"Error initialising X509 store\n"); goto end;
goto end; }
}
i = X509_STORE_get_by_subject(&ctx, X509_LU_X509, i = X509_STORE_get_by_subject(&ctx, X509_LU_X509,
X509_CRL_get_issuer(x), &xobj); X509_CRL_get_issuer(x), &xobj);
if(i <= 0) { if (i <= 0) {
BIO_printf(bio_err, BIO_printf(bio_err, "Error getting CRL issuer certificate\n");
"Error getting CRL issuer certificate\n"); goto end;
goto end; }
} pkey = X509_get_pubkey(xobj.data.x509);
pkey = X509_get_pubkey(xobj.data.x509); X509_OBJECT_free_contents(&xobj);
X509_OBJECT_free_contents(&xobj); if (!pkey) {
if(!pkey) { BIO_printf(bio_err, "Error getting CRL issuer public key\n");
BIO_printf(bio_err, goto end;
"Error getting CRL issuer public key\n"); }
goto end; i = X509_CRL_verify(x, pkey);
} EVP_PKEY_free(pkey);
i = X509_CRL_verify(x, pkey); if (i < 0)
EVP_PKEY_free(pkey); goto end;
if(i < 0) goto end; if (i == 0)
if(i == 0) BIO_printf(bio_err, "verify failure\n"); BIO_printf(bio_err, "verify failure\n");
else BIO_printf(bio_err, "verify OK\n"); else
} BIO_printf(bio_err, "verify OK\n");
}
if (crldiff) if (crldiff) {
{ X509_CRL *newcrl, *delta;
X509_CRL *newcrl, *delta; if (!keyfile) {
if (!keyfile) BIO_puts(bio_err, "Missing CRL signing key\n");
{ goto end;
BIO_puts(bio_err, "Missing CRL signing key\n"); }
goto end; newcrl = load_crl(crldiff, informat);
} if (!newcrl)
newcrl = load_crl(crldiff,informat); goto end;
if (!newcrl) pkey = load_key(bio_err, keyfile, keyformat, 0, NULL, NULL,
goto end; "CRL signing key");
pkey = load_key(bio_err, keyfile, keyformat, 0, NULL, NULL, if (!pkey) {
"CRL signing key"); X509_CRL_free(newcrl);
if (!pkey) goto end;
{ }
X509_CRL_free(newcrl); delta = X509_CRL_diff(x, newcrl, pkey, digest, 0);
goto end; X509_CRL_free(newcrl);
} EVP_PKEY_free(pkey);
delta = X509_CRL_diff(x, newcrl, pkey, digest, 0); if (delta) {
X509_CRL_free(newcrl); X509_CRL_free(x);
EVP_PKEY_free(pkey); x = delta;
if (delta) } else {
{ BIO_puts(bio_err, "Error creating delta CRL\n");
X509_CRL_free(x); goto end;
x = delta; }
} }
else
{
BIO_puts(bio_err, "Error creating delta CRL\n");
goto end;
}
}
if (num) if (num) {
{ for (i = 1; i <= num; i++) {
for (i=1; i<=num; i++) if (issuer == i) {
{ print_name(bio_out, "issuer=", X509_CRL_get_issuer(x),
if (issuer == i) nmflag);
{ }
print_name(bio_out, "issuer=", X509_CRL_get_issuer(x), nmflag); if (crlnumber == i) {
} ASN1_INTEGER *crlnum;
if (crlnumber == i) crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number, NULL, NULL);
{ BIO_printf(bio_out, "crlNumber=");
ASN1_INTEGER *crlnum; if (crlnum) {
crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number, i2a_ASN1_INTEGER(bio_out, crlnum);
NULL, NULL); ASN1_INTEGER_free(crlnum);
BIO_printf(bio_out,"crlNumber="); } else
if (crlnum) BIO_puts(bio_out, "<NONE>");
{ BIO_printf(bio_out, "\n");
i2a_ASN1_INTEGER(bio_out, crlnum); }
ASN1_INTEGER_free(crlnum); if (hash == i) {
} BIO_printf(bio_out, "%08lx\n",
else X509_NAME_hash(X509_CRL_get_issuer(x)));
BIO_puts(bio_out, "<NONE>"); }
BIO_printf(bio_out,"\n");
}
if (hash == i)
{
BIO_printf(bio_out,"%08lx\n",
X509_NAME_hash(X509_CRL_get_issuer(x)));
}
#ifndef OPENSSL_NO_MD5 #ifndef OPENSSL_NO_MD5
if (hash_old == i) if (hash_old == i) {
{ BIO_printf(bio_out, "%08lx\n",
BIO_printf(bio_out,"%08lx\n", X509_NAME_hash_old(X509_CRL_get_issuer(x)));
X509_NAME_hash_old( }
X509_CRL_get_issuer(x)));
}
#endif #endif
if (lastupdate == i) if (lastupdate == i) {
{ BIO_printf(bio_out, "lastUpdate=");
BIO_printf(bio_out,"lastUpdate="); ASN1_TIME_print(bio_out, X509_CRL_get_lastUpdate(x));
ASN1_TIME_print(bio_out, BIO_printf(bio_out, "\n");
X509_CRL_get_lastUpdate(x)); }
BIO_printf(bio_out,"\n"); if (nextupdate == i) {
} BIO_printf(bio_out, "nextUpdate=");
if (nextupdate == i) if (X509_CRL_get_nextUpdate(x))
{ ASN1_TIME_print(bio_out, X509_CRL_get_nextUpdate(x));
BIO_printf(bio_out,"nextUpdate="); else
if (X509_CRL_get_nextUpdate(x)) BIO_printf(bio_out, "NONE");
ASN1_TIME_print(bio_out, BIO_printf(bio_out, "\n");
X509_CRL_get_nextUpdate(x)); }
else if (fingerprint == i) {
BIO_printf(bio_out,"NONE"); int j;
BIO_printf(bio_out,"\n"); unsigned int n;
} unsigned char md[EVP_MAX_MD_SIZE];
if (fingerprint == i)
{
int j;
unsigned int n;
unsigned char md[EVP_MAX_MD_SIZE];
if (!X509_CRL_digest(x,digest,md,&n)) if (!X509_CRL_digest(x, digest, md, &n)) {
{ BIO_printf(bio_err, "out of memory\n");
BIO_printf(bio_err,"out of memory\n"); goto end;
goto end; }
} BIO_printf(bio_out, "%s Fingerprint=",
BIO_printf(bio_out,"%s Fingerprint=", OBJ_nid2sn(EVP_MD_type(digest)));
OBJ_nid2sn(EVP_MD_type(digest))); for (j = 0; j < (int)n; j++) {
for (j=0; j<(int)n; j++) BIO_printf(bio_out, "%02X%c", md[j], (j + 1 == (int)n)
{ ? '\n' : ':');
BIO_printf(bio_out,"%02X%c",md[j], }
(j+1 == (int)n) }
?'\n':':'); }
} }
}
}
}
out=BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file());
if (out == NULL) if (out == NULL) {
{ ERR_print_errors(bio_err);
ERR_print_errors(bio_err); goto end;
goto end; }
}
if (outfile == NULL) if (outfile == NULL) {
{ BIO_set_fp(out, stdout, BIO_NOCLOSE);
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS #ifdef OPENSSL_SYS_VMS
{ {
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out); out = BIO_push(tmpbio, out);
} }
#endif #endif
} } else {
else if (BIO_write_filename(out, outfile) <= 0) {
{ perror(outfile);
if (BIO_write_filename(out,outfile) <= 0) goto end;
{ }
perror(outfile); }
goto end;
}
}
if (text) X509_CRL_print(out, x); if (text)
X509_CRL_print(out, x);
if (noout) if (noout) {
{ ret = 0;
ret = 0; goto end;
goto end; }
}
if (badsig) if (badsig)
x->signature->data[x->signature->length - 1] ^= 0x1; x->signature->data[x->signature->length - 1] ^= 0x1;
if (outformat == FORMAT_ASN1) if (outformat == FORMAT_ASN1)
i=(int)i2d_X509_CRL_bio(out,x); i = (int)i2d_X509_CRL_bio(out, x);
else if (outformat == FORMAT_PEM) else if (outformat == FORMAT_PEM)
i=PEM_write_bio_X509_CRL(out,x); i = PEM_write_bio_X509_CRL(out, x);
else else {
{ BIO_printf(bio_err, "bad output format specified for outfile\n");
BIO_printf(bio_err,"bad output format specified for outfile\n"); goto end;
goto end; }
} if (!i) {
if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; } BIO_printf(bio_err, "unable to write CRL\n");
ret=0; goto end;
end: }
if (ret != 0) ret = 0;
ERR_print_errors(bio_err); end:
BIO_free_all(out); if (ret != 0)
BIO_free_all(bio_out); ERR_print_errors(bio_err);
bio_out=NULL; BIO_free_all(out);
X509_CRL_free(x); BIO_free_all(bio_out);
if(store) { bio_out = NULL;
X509_STORE_CTX_cleanup(&ctx); X509_CRL_free(x);
X509_STORE_free(store); if (store) {
} X509_STORE_CTX_cleanup(&ctx);
apps_shutdown(); X509_STORE_free(store);
OPENSSL_EXIT(ret); }
} apps_shutdown();
OPENSSL_EXIT(ret);
}

452
apps/crl2p7.c
View File

@ -56,9 +56,11 @@
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
/* This was written by Gordon Chaffee <chaffee@plateau.cs.berkeley.edu> /*
* and donated 'to the cause' along with lots and lots of other fixes to * This was written by Gordon Chaffee <chaffee@plateau.cs.berkeley.edu> and
* the library. */ * donated 'to the cause' along with lots and lots of other fixes to the
* library.
*/
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
@ -73,272 +75,260 @@
static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile); static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
#undef PROG #undef PROG
#define PROG crl2pkcs7_main #define PROG crl2pkcs7_main
/*- /*-
* -inform arg - input format - default PEM (DER or PEM) * -inform arg - input format - default PEM (DER or PEM)
* -outform arg - output format - default PEM * -outform arg - output format - default PEM
* -in arg - input file - default stdin * -in arg - input file - default stdin
* -out arg - output file - default stdout * -out arg - output file - default stdout
*/ */
int MAIN(int, char **); int MAIN(int, char **);
int MAIN(int argc, char **argv) int MAIN(int argc, char **argv)
{ {
int i,badops=0; int i, badops = 0;
BIO *in=NULL,*out=NULL; BIO *in = NULL, *out = NULL;
int informat,outformat; int informat, outformat;
char *infile,*outfile,*prog,*certfile; char *infile, *outfile, *prog, *certfile;
PKCS7 *p7 = NULL; PKCS7 *p7 = NULL;
PKCS7_SIGNED *p7s = NULL; PKCS7_SIGNED *p7s = NULL;
X509_CRL *crl=NULL; X509_CRL *crl = NULL;
STACK_OF(OPENSSL_STRING) *certflst=NULL; STACK_OF(OPENSSL_STRING) *certflst = NULL;
STACK_OF(X509_CRL) *crl_stack=NULL; STACK_OF(X509_CRL) *crl_stack = NULL;
STACK_OF(X509) *cert_stack=NULL; STACK_OF(X509) *cert_stack = NULL;
int ret=1,nocrl=0; int ret = 1, nocrl = 0;
apps_startup(); apps_startup();
if (bio_err == NULL) if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
infile=NULL; infile = NULL;
outfile=NULL; outfile = NULL;
informat=FORMAT_PEM; informat = FORMAT_PEM;
outformat=FORMAT_PEM; outformat = FORMAT_PEM;
prog=argv[0]; prog = argv[0];
argc--; argc--;
argv++; argv++;
while (argc >= 1) while (argc >= 1) {
{ if (strcmp(*argv, "-inform") == 0) {
if (strcmp(*argv,"-inform") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad; informat = str2fmt(*(++argv));
informat=str2fmt(*(++argv)); } else if (strcmp(*argv, "-outform") == 0) {
} if (--argc < 1)
else if (strcmp(*argv,"-outform") == 0) goto bad;
{ outformat = str2fmt(*(++argv));
if (--argc < 1) goto bad; } else if (strcmp(*argv, "-in") == 0) {
outformat=str2fmt(*(++argv)); if (--argc < 1)
} goto bad;
else if (strcmp(*argv,"-in") == 0) infile = *(++argv);
{ } else if (strcmp(*argv, "-nocrl") == 0) {
if (--argc < 1) goto bad; nocrl = 1;
infile= *(++argv); } else if (strcmp(*argv, "-out") == 0) {
} if (--argc < 1)
else if (strcmp(*argv,"-nocrl") == 0) goto bad;
{ outfile = *(++argv);
nocrl=1; } else if (strcmp(*argv, "-certfile") == 0) {
} if (--argc < 1)
else if (strcmp(*argv,"-out") == 0) goto bad;
{ if (!certflst)
if (--argc < 1) goto bad; certflst = sk_OPENSSL_STRING_new_null();
outfile= *(++argv); if (!certflst)
} goto end;
else if (strcmp(*argv,"-certfile") == 0) if (!sk_OPENSSL_STRING_push(certflst, *(++argv))) {
{ sk_OPENSSL_STRING_free(certflst);
if (--argc < 1) goto bad; goto end;
if(!certflst) certflst = sk_OPENSSL_STRING_new_null(); }
if (!certflst) } else {
goto end; BIO_printf(bio_err, "unknown option %s\n", *argv);
if (!sk_OPENSSL_STRING_push(certflst,*(++argv))) badops = 1;
{ break;
sk_OPENSSL_STRING_free(certflst); }
goto end; argc--;
} argv++;
} }
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
badops=1;
break;
}
argc--;
argv++;
}
if (badops) if (badops) {
{ bad:
bad: BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err,"where options are\n"); BIO_printf(bio_err, " -inform arg input format - DER or PEM\n");
BIO_printf(bio_err," -inform arg input format - DER or PEM\n"); BIO_printf(bio_err, " -outform arg output format - DER or PEM\n");
BIO_printf(bio_err," -outform arg output format - DER or PEM\n"); BIO_printf(bio_err, " -in arg input file\n");
BIO_printf(bio_err," -in arg input file\n"); BIO_printf(bio_err, " -out arg output file\n");
BIO_printf(bio_err," -out arg output file\n"); BIO_printf(bio_err,
BIO_printf(bio_err," -certfile arg certificates file of chain to a trusted CA\n"); " -certfile arg certificates file of chain to a trusted CA\n");
BIO_printf(bio_err," (can be used more than once)\n"); BIO_printf(bio_err, " (can be used more than once)\n");
BIO_printf(bio_err," -nocrl no crl to load, just certs from '-certfile'\n"); BIO_printf(bio_err,
ret = 1; " -nocrl no crl to load, just certs from '-certfile'\n");
goto end; ret = 1;
} goto end;
}
ERR_load_crypto_strings(); ERR_load_crypto_strings();
in=BIO_new(BIO_s_file()); in = BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL)) if ((in == NULL) || (out == NULL)) {
{ ERR_print_errors(bio_err);
ERR_print_errors(bio_err); goto end;
goto end; }
}
if (!nocrl) if (!nocrl) {
{ if (infile == NULL)
if (infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE);
BIO_set_fp(in,stdin,BIO_NOCLOSE); else {
else if (BIO_read_filename(in, infile) <= 0) {
{ perror(infile);
if (BIO_read_filename(in,infile) <= 0) goto end;
{ }
perror(infile); }
goto end;
}
}
if (informat == FORMAT_ASN1) if (informat == FORMAT_ASN1)
crl=d2i_X509_CRL_bio(in,NULL); crl = d2i_X509_CRL_bio(in, NULL);
else if (informat == FORMAT_PEM) else if (informat == FORMAT_PEM)
crl=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL); crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
else { else {
BIO_printf(bio_err,"bad input format specified for input crl\n"); BIO_printf(bio_err, "bad input format specified for input crl\n");
goto end; goto end;
} }
if (crl == NULL) if (crl == NULL) {
{ BIO_printf(bio_err, "unable to load CRL\n");
BIO_printf(bio_err,"unable to load CRL\n"); ERR_print_errors(bio_err);
ERR_print_errors(bio_err); goto end;
goto end; }
} }
}
if ((p7=PKCS7_new()) == NULL) goto end; if ((p7 = PKCS7_new()) == NULL)
if ((p7s=PKCS7_SIGNED_new()) == NULL) goto end; goto end;
p7->type=OBJ_nid2obj(NID_pkcs7_signed); if ((p7s = PKCS7_SIGNED_new()) == NULL)
p7->d.sign=p7s; goto end;
p7s->contents->type=OBJ_nid2obj(NID_pkcs7_data); p7->type = OBJ_nid2obj(NID_pkcs7_signed);
p7->d.sign = p7s;
p7s->contents->type = OBJ_nid2obj(NID_pkcs7_data);
if (!ASN1_INTEGER_set(p7s->version,1)) goto end; if (!ASN1_INTEGER_set(p7s->version, 1))
if ((crl_stack=sk_X509_CRL_new_null()) == NULL) goto end; goto end;
p7s->crl=crl_stack; if ((crl_stack = sk_X509_CRL_new_null()) == NULL)
if (crl != NULL) goto end;
{ p7s->crl = crl_stack;
sk_X509_CRL_push(crl_stack,crl); if (crl != NULL) {
crl=NULL; /* now part of p7 for OPENSSL_freeing */ sk_X509_CRL_push(crl_stack, crl);
} crl = NULL; /* now part of p7 for OPENSSL_freeing */
}
if ((cert_stack=sk_X509_new_null()) == NULL) goto end; if ((cert_stack = sk_X509_new_null()) == NULL)
p7s->cert=cert_stack; goto end;
p7s->cert = cert_stack;
if(certflst) for(i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) { if (certflst)
certfile = sk_OPENSSL_STRING_value(certflst, i); for (i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) {
if (add_certs_from_file(cert_stack,certfile) < 0) certfile = sk_OPENSSL_STRING_value(certflst, i);
{ if (add_certs_from_file(cert_stack, certfile) < 0) {
BIO_printf(bio_err, "error loading certificates\n"); BIO_printf(bio_err, "error loading certificates\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
} }
sk_OPENSSL_STRING_free(certflst); sk_OPENSSL_STRING_free(certflst);
if (outfile == NULL) if (outfile == NULL) {
{ BIO_set_fp(out, stdout, BIO_NOCLOSE);
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS #ifdef OPENSSL_SYS_VMS
{ {
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out); out = BIO_push(tmpbio, out);
} }
#endif #endif
} } else {
else if (BIO_write_filename(out, outfile) <= 0) {
{ perror(outfile);
if (BIO_write_filename(out,outfile) <= 0) goto end;
{ }
perror(outfile); }
goto end;
}
}
if (outformat == FORMAT_ASN1) if (outformat == FORMAT_ASN1)
i=i2d_PKCS7_bio(out,p7); i = i2d_PKCS7_bio(out, p7);
else if (outformat == FORMAT_PEM) else if (outformat == FORMAT_PEM)
i=PEM_write_bio_PKCS7(out,p7); i = PEM_write_bio_PKCS7(out, p7);
else { else {
BIO_printf(bio_err,"bad output format specified for outfile\n"); BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end; goto end;
} }
if (!i) if (!i) {
{ BIO_printf(bio_err, "unable to write pkcs7 object\n");
BIO_printf(bio_err,"unable to write pkcs7 object\n"); ERR_print_errors(bio_err);
ERR_print_errors(bio_err); goto end;
goto end; }
} ret = 0;
ret=0; end:
end: if (in != NULL)
if (in != NULL) BIO_free(in); BIO_free(in);
if (out != NULL) BIO_free_all(out); if (out != NULL)
if (p7 != NULL) PKCS7_free(p7); BIO_free_all(out);
if (crl != NULL) X509_CRL_free(crl); if (p7 != NULL)
PKCS7_free(p7);
if (crl != NULL)
X509_CRL_free(crl);
apps_shutdown(); apps_shutdown();
OPENSSL_EXIT(ret); OPENSSL_EXIT(ret);
} }
/*- /*-
*---------------------------------------------------------------------- *----------------------------------------------------------------------
* int add_certs_from_file * int add_certs_from_file
* *
* Read a list of certificates to be checked from a file. * Read a list of certificates to be checked from a file.
* *
* Results: * Results:
* number of certs added if successful, -1 if not. * number of certs added if successful, -1 if not.
*---------------------------------------------------------------------- *----------------------------------------------------------------------
*/ */
static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile) static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
{ {
BIO *in=NULL; BIO *in = NULL;
int count=0; int count = 0;
int ret= -1; int ret = -1;
STACK_OF(X509_INFO) *sk=NULL; STACK_OF(X509_INFO) *sk = NULL;
X509_INFO *xi; X509_INFO *xi;
in=BIO_new(BIO_s_file()); in = BIO_new(BIO_s_file());
if ((in == NULL) || (BIO_read_filename(in,certfile) <= 0)) if ((in == NULL) || (BIO_read_filename(in, certfile) <= 0)) {
{ BIO_printf(bio_err, "error opening the file, %s\n", certfile);
BIO_printf(bio_err,"error opening the file, %s\n",certfile); goto end;
goto end; }
}
/* This loads from a file, a stack of x509/crl/pkey sets */ /* This loads from a file, a stack of x509/crl/pkey sets */
sk=PEM_X509_INFO_read_bio(in,NULL,NULL,NULL); sk = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
if (sk == NULL) { if (sk == NULL) {
BIO_printf(bio_err,"error reading the file, %s\n",certfile); BIO_printf(bio_err, "error reading the file, %s\n", certfile);
goto end; goto end;
} }
/* scan over it and pull out the CRL's */ /* scan over it and pull out the CRL's */
while (sk_X509_INFO_num(sk)) while (sk_X509_INFO_num(sk)) {
{ xi = sk_X509_INFO_shift(sk);
xi=sk_X509_INFO_shift(sk); if (xi->x509 != NULL) {
if (xi->x509 != NULL) sk_X509_push(stack, xi->x509);
{ xi->x509 = NULL;
sk_X509_push(stack,xi->x509); count++;
xi->x509=NULL; }
count++; X509_INFO_free(xi);
} }
X509_INFO_free(xi);
}
ret=count;
end:
/* never need to OPENSSL_free x */
if (in != NULL) BIO_free(in);
if (sk != NULL) sk_X509_INFO_free(sk);
return(ret);
}
ret = count;
end:
/* never need to OPENSSL_free x */
if (in != NULL)
BIO_free(in);
if (sk != NULL)
sk_X509_INFO_free(sk);
return (ret);
}

1036
apps/dgst.c
View File

File diff suppressed because it is too large Load Diff

505
apps/dh.c
View File

@ -57,29 +57,29 @@
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
#include <openssl/opensslconf.h> /* for OPENSSL_NO_DH */ #include <openssl/opensslconf.h> /* for OPENSSL_NO_DH */
#ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_DH
#include <stdio.h> # include <stdio.h>
#include <stdlib.h> # include <stdlib.h>
#include <time.h> # include <time.h>
#include <string.h> # include <string.h>
#include "apps.h" # include "apps.h"
#include <openssl/bio.h> # include <openssl/bio.h>
#include <openssl/err.h> # include <openssl/err.h>
#include <openssl/bn.h> # include <openssl/bn.h>
#include <openssl/dh.h> # include <openssl/dh.h>
#include <openssl/x509.h> # include <openssl/x509.h>
#include <openssl/pem.h> # include <openssl/pem.h>
#undef PROG # undef PROG
#define PROG dh_main # define PROG dh_main
/*- /*-
* -inform arg - input format - default PEM (DER or PEM) * -inform arg - input format - default PEM (DER or PEM)
* -outform arg - output format - default PEM * -outform arg - output format - default PEM
* -in arg - input file - default stdin * -in arg - input file - default stdin
* -out arg - output file - default stdout * -out arg - output file - default stdout
* -check - check the parameters are ok * -check - check the parameters are ok
* -noout * -noout
* -text * -text
* -C * -C
@ -88,269 +88,250 @@
int MAIN(int, char **); int MAIN(int, char **);
int MAIN(int argc, char **argv) int MAIN(int argc, char **argv)
{ {
DH *dh=NULL; DH *dh = NULL;
int i,badops=0,text=0; int i, badops = 0, text = 0;
BIO *in=NULL,*out=NULL; BIO *in = NULL, *out = NULL;
int informat,outformat,check=0,noout=0,C=0,ret=1; int informat, outformat, check = 0, noout = 0, C = 0, ret = 1;
char *infile,*outfile,*prog; char *infile, *outfile, *prog;
#ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
char *engine; char *engine;
#endif # endif
apps_startup(); apps_startup();
if (bio_err == NULL) if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL)) if (!load_config(bio_err, NULL))
goto end; goto end;
#ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
engine=NULL; engine = NULL;
#endif # endif
infile=NULL; infile = NULL;
outfile=NULL; outfile = NULL;
informat=FORMAT_PEM; informat = FORMAT_PEM;
outformat=FORMAT_PEM; outformat = FORMAT_PEM;
prog=argv[0]; prog = argv[0];
argc--; argc--;
argv++; argv++;
while (argc >= 1) while (argc >= 1) {
{ if (strcmp(*argv, "-inform") == 0) {
if (strcmp(*argv,"-inform") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad; informat = str2fmt(*(++argv));
informat=str2fmt(*(++argv)); } else if (strcmp(*argv, "-outform") == 0) {
} if (--argc < 1)
else if (strcmp(*argv,"-outform") == 0) goto bad;
{ outformat = str2fmt(*(++argv));
if (--argc < 1) goto bad; } else if (strcmp(*argv, "-in") == 0) {
outformat=str2fmt(*(++argv)); if (--argc < 1)
} goto bad;
else if (strcmp(*argv,"-in") == 0) infile = *(++argv);
{ } else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1) goto bad; if (--argc < 1)
infile= *(++argv); goto bad;
} outfile = *(++argv);
else if (strcmp(*argv,"-out") == 0) }
{ # ifndef OPENSSL_NO_ENGINE
if (--argc < 1) goto bad; else if (strcmp(*argv, "-engine") == 0) {
outfile= *(++argv); if (--argc < 1)
} goto bad;
#ifndef OPENSSL_NO_ENGINE engine = *(++argv);
else if (strcmp(*argv,"-engine") == 0) }
{ # endif
if (--argc < 1) goto bad; else if (strcmp(*argv, "-check") == 0)
engine= *(++argv); check = 1;
} else if (strcmp(*argv, "-text") == 0)
#endif text = 1;
else if (strcmp(*argv,"-check") == 0) else if (strcmp(*argv, "-C") == 0)
check=1; C = 1;
else if (strcmp(*argv,"-text") == 0) else if (strcmp(*argv, "-noout") == 0)
text=1; noout = 1;
else if (strcmp(*argv,"-C") == 0) else {
C=1; BIO_printf(bio_err, "unknown option %s\n", *argv);
else if (strcmp(*argv,"-noout") == 0) badops = 1;
noout=1; break;
else }
{ argc--;
BIO_printf(bio_err,"unknown option %s\n",*argv); argv++;
badops=1; }
break;
}
argc--;
argv++;
}
if (badops) if (badops) {
{ bad:
bad: BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err,"where options are\n"); BIO_printf(bio_err, " -inform arg input format - one of DER PEM\n");
BIO_printf(bio_err," -inform arg input format - one of DER PEM\n"); BIO_printf(bio_err,
BIO_printf(bio_err," -outform arg output format - one of DER PEM\n"); " -outform arg output format - one of DER PEM\n");
BIO_printf(bio_err," -in arg input file\n"); BIO_printf(bio_err, " -in arg input file\n");
BIO_printf(bio_err," -out arg output file\n"); BIO_printf(bio_err, " -out arg output file\n");
BIO_printf(bio_err," -check check the DH parameters\n"); BIO_printf(bio_err, " -check check the DH parameters\n");
BIO_printf(bio_err," -text print a text form of the DH parameters\n"); BIO_printf(bio_err,
BIO_printf(bio_err," -C Output C code\n"); " -text print a text form of the DH parameters\n");
BIO_printf(bio_err," -noout no output\n"); BIO_printf(bio_err, " -C Output C code\n");
#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, " -noout no output\n");
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); # ifndef OPENSSL_NO_ENGINE
#endif BIO_printf(bio_err,
goto end; " -engine e use engine e, possibly a hardware device.\n");
} # endif
goto end;
}
ERR_load_crypto_strings(); ERR_load_crypto_strings();
#ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0); setup_engine(bio_err, engine, 0);
#endif # endif
in=BIO_new(BIO_s_file()); in = BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL)) if ((in == NULL) || (out == NULL)) {
{ ERR_print_errors(bio_err);
ERR_print_errors(bio_err); goto end;
goto end; }
}
if (infile == NULL) if (infile == NULL)
BIO_set_fp(in,stdin,BIO_NOCLOSE); BIO_set_fp(in, stdin, BIO_NOCLOSE);
else else {
{ if (BIO_read_filename(in, infile) <= 0) {
if (BIO_read_filename(in,infile) <= 0) perror(infile);
{ goto end;
perror(infile); }
goto end; }
} if (outfile == NULL) {
} BIO_set_fp(out, stdout, BIO_NOCLOSE);
if (outfile == NULL) # ifdef OPENSSL_SYS_VMS
{ {
BIO_set_fp(out,stdout,BIO_NOCLOSE); BIO *tmpbio = BIO_new(BIO_f_linebuffer());
#ifdef OPENSSL_SYS_VMS out = BIO_push(tmpbio, out);
{ }
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); # endif
out = BIO_push(tmpbio, out); } else {
} if (BIO_write_filename(out, outfile) <= 0) {
#endif perror(outfile);
} goto end;
else }
{ }
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile);
goto end;
}
}
if (informat == FORMAT_ASN1) if (informat == FORMAT_ASN1)
dh=d2i_DHparams_bio(in,NULL); dh = d2i_DHparams_bio(in, NULL);
else if (informat == FORMAT_PEM) else if (informat == FORMAT_PEM)
dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL); dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
else else {
{ BIO_printf(bio_err, "bad input format specified\n");
BIO_printf(bio_err,"bad input format specified\n"); goto end;
goto end; }
} if (dh == NULL) {
if (dh == NULL) BIO_printf(bio_err, "unable to load DH parameters\n");
{ ERR_print_errors(bio_err);
BIO_printf(bio_err,"unable to load DH parameters\n"); goto end;
ERR_print_errors(bio_err); }
goto end;
}
if (text) {
DHparams_print(out, dh);
# ifdef undef
printf("p=");
BN_print(stdout, dh->p);
printf("\ng=");
BN_print(stdout, dh->g);
printf("\n");
if (dh->length != 0)
printf("recommended private length=%ld\n", dh->length);
# endif
}
if (check) {
if (!DH_check(dh, &i)) {
ERR_print_errors(bio_err);
goto end;
}
if (i & DH_CHECK_P_NOT_PRIME)
printf("p value is not prime\n");
if (i & DH_CHECK_P_NOT_SAFE_PRIME)
printf("p value is not a safe prime\n");
if (i & DH_UNABLE_TO_CHECK_GENERATOR)
printf("unable to check the generator value\n");
if (i & DH_NOT_SUITABLE_GENERATOR)
printf("the g value is not a generator\n");
if (i == 0)
printf("DH parameters appear to be ok.\n");
}
if (C) {
unsigned char *data;
int len, l, bits;
if (text) len = BN_num_bytes(dh->p);
{ bits = BN_num_bits(dh->p);
DHparams_print(out,dh); data = (unsigned char *)OPENSSL_malloc(len);
#ifdef undef if (data == NULL) {
printf("p="); perror("OPENSSL_malloc");
BN_print(stdout,dh->p); goto end;
printf("\ng="); }
BN_print(stdout,dh->g); l = BN_bn2bin(dh->p, data);
printf("\n"); printf("static unsigned char dh%d_p[]={", bits);
if (dh->length != 0) for (i = 0; i < l; i++) {
printf("recommended private length=%ld\n",dh->length); if ((i % 12) == 0)
#endif printf("\n\t");
} printf("0x%02X,", data[i]);
}
printf("\n\t};\n");
if (check) l = BN_bn2bin(dh->g, data);
{ printf("static unsigned char dh%d_g[]={", bits);
if (!DH_check(dh,&i)) for (i = 0; i < l; i++) {
{ if ((i % 12) == 0)
ERR_print_errors(bio_err); printf("\n\t");
goto end; printf("0x%02X,", data[i]);
} }
if (i & DH_CHECK_P_NOT_PRIME) printf("\n\t};\n\n");
printf("p value is not prime\n");
if (i & DH_CHECK_P_NOT_SAFE_PRIME)
printf("p value is not a safe prime\n");
if (i & DH_UNABLE_TO_CHECK_GENERATOR)
printf("unable to check the generator value\n");
if (i & DH_NOT_SUITABLE_GENERATOR)
printf("the g value is not a generator\n");
if (i == 0)
printf("DH parameters appear to be ok.\n");
}
if (C)
{
unsigned char *data;
int len,l,bits;
len=BN_num_bytes(dh->p); printf("DH *get_dh%d()\n\t{\n", bits);
bits=BN_num_bits(dh->p); printf("\tDH *dh;\n\n");
data=(unsigned char *)OPENSSL_malloc(len); printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n");
if (data == NULL) printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n",
{ bits, bits);
perror("OPENSSL_malloc"); printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n",
goto end; bits, bits);
} printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
l=BN_bn2bin(dh->p,data); printf("\t\treturn(NULL);\n");
printf("static unsigned char dh%d_p[]={",bits); printf("\treturn(dh);\n\t}\n");
for (i=0; i<l; i++) OPENSSL_free(data);
{ }
if ((i%12) == 0) printf("\n\t");
printf("0x%02X,",data[i]);
}
printf("\n\t};\n");
l=BN_bn2bin(dh->g,data); if (!noout) {
printf("static unsigned char dh%d_g[]={",bits); if (outformat == FORMAT_ASN1)
for (i=0; i<l; i++) i = i2d_DHparams_bio(out, dh);
{ else if (outformat == FORMAT_PEM)
if ((i%12) == 0) printf("\n\t"); i = PEM_write_bio_DHparams(out, dh);
printf("0x%02X,",data[i]); else {
} BIO_printf(bio_err, "bad output format specified for outfile\n");
printf("\n\t};\n\n"); goto end;
}
printf("DH *get_dh%d()\n\t{\n",bits); if (!i) {
printf("\tDH *dh;\n\n"); BIO_printf(bio_err, "unable to write DH parameters\n");
printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n"); ERR_print_errors(bio_err);
printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n", goto end;
bits,bits); }
printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n", }
bits,bits); ret = 0;
printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n"); end:
printf("\t\treturn(NULL);\n"); if (in != NULL)
printf("\treturn(dh);\n\t}\n"); BIO_free(in);
OPENSSL_free(data); if (out != NULL)
} BIO_free_all(out);
if (dh != NULL)
DH_free(dh);
if (!noout) apps_shutdown();
{ OPENSSL_EXIT(ret);
if (outformat == FORMAT_ASN1) }
i=i2d_DHparams_bio(out,dh); #else /* !OPENSSL_NO_DH */
else if (outformat == FORMAT_PEM)
i=PEM_write_bio_DHparams(out,dh);
else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
if (!i)
{
BIO_printf(bio_err,"unable to write DH parameters\n");
ERR_print_errors(bio_err);
goto end;
}
}
ret=0;
end:
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
if (dh != NULL) DH_free(dh);
apps_shutdown();
OPENSSL_EXIT(ret);
}
#else /* !OPENSSL_NO_DH */
# if PEDANTIC # if PEDANTIC
static void *dummy=&dummy; static void *dummy = &dummy;
# endif # endif
#endif #endif

784
apps/dhparam.c
View File

@ -109,36 +109,36 @@
* *
*/ */
#include <openssl/opensslconf.h> /* for OPENSSL_NO_DH */ #include <openssl/opensslconf.h> /* for OPENSSL_NO_DH */
#ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_DH
#include <stdio.h> # include <stdio.h>
#include <stdlib.h> # include <stdlib.h>
#include <time.h> # include <time.h>
#include <string.h> # include <string.h>
#include "apps.h" # include "apps.h"
#include <openssl/bio.h> # include <openssl/bio.h>
#include <openssl/err.h> # include <openssl/err.h>
#include <openssl/bn.h> # include <openssl/bn.h>
#include <openssl/dh.h> # include <openssl/dh.h>
#include <openssl/x509.h> # include <openssl/x509.h>
#include <openssl/pem.h> # include <openssl/pem.h>
#ifndef OPENSSL_NO_DSA # ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h> # include <openssl/dsa.h>
#endif # endif
#undef PROG # undef PROG
#define PROG dhparam_main # define PROG dhparam_main
#define DEFBITS 2048 # define DEFBITS 2048
/*- /*-
* -inform arg - input format - default PEM (DER or PEM) * -inform arg - input format - default PEM (DER or PEM)
* -outform arg - output format - default PEM * -outform arg - output format - default PEM
* -in arg - input file - default stdin * -in arg - input file - default stdin
* -out arg - output file - default stdout * -out arg - output file - default stdout
* -dsaparam - read or generate DSA parameters, convert to DH * -dsaparam - read or generate DSA parameters, convert to DH
* -check - check the parameters are ok * -check - check the parameters are ok
* -noout * -noout
* -text * -text
* -C * -C
@ -149,425 +149,405 @@ static int dh_cb(int p, int n, BN_GENCB *cb);
int MAIN(int, char **); int MAIN(int, char **);
int MAIN(int argc, char **argv) int MAIN(int argc, char **argv)
{ {
DH *dh=NULL; DH *dh = NULL;
int i,badops=0,text=0; int i, badops = 0, text = 0;
#ifndef OPENSSL_NO_DSA # ifndef OPENSSL_NO_DSA
int dsaparam=0; int dsaparam = 0;
#endif # endif
BIO *in=NULL,*out=NULL; BIO *in = NULL, *out = NULL;
int informat,outformat,check=0,noout=0,C=0,ret=1; int informat, outformat, check = 0, noout = 0, C = 0, ret = 1;
char *infile,*outfile,*prog; char *infile, *outfile, *prog;
char *inrand=NULL; char *inrand = NULL;
#ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
char *engine=NULL; char *engine = NULL;
#endif # endif
int num = 0, g = 0; int num = 0, g = 0;
apps_startup(); apps_startup();
if (bio_err == NULL) if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL)) if (!load_config(bio_err, NULL))
goto end; goto end;
infile=NULL; infile = NULL;
outfile=NULL; outfile = NULL;
informat=FORMAT_PEM; informat = FORMAT_PEM;
outformat=FORMAT_PEM; outformat = FORMAT_PEM;
prog=argv[0]; prog = argv[0];
argc--; argc--;
argv++; argv++;
while (argc >= 1) while (argc >= 1) {
{ if (strcmp(*argv, "-inform") == 0) {
if (strcmp(*argv,"-inform") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad; informat = str2fmt(*(++argv));
informat=str2fmt(*(++argv)); } else if (strcmp(*argv, "-outform") == 0) {
} if (--argc < 1)
else if (strcmp(*argv,"-outform") == 0) goto bad;
{ outformat = str2fmt(*(++argv));
if (--argc < 1) goto bad; } else if (strcmp(*argv, "-in") == 0) {
outformat=str2fmt(*(++argv)); if (--argc < 1)
} goto bad;
else if (strcmp(*argv,"-in") == 0) infile = *(++argv);
{ } else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1) goto bad; if (--argc < 1)
infile= *(++argv); goto bad;
} outfile = *(++argv);
else if (strcmp(*argv,"-out") == 0) }
{ # ifndef OPENSSL_NO_ENGINE
if (--argc < 1) goto bad; else if (strcmp(*argv, "-engine") == 0) {
outfile= *(++argv); if (--argc < 1)
} goto bad;
#ifndef OPENSSL_NO_ENGINE engine = *(++argv);
else if (strcmp(*argv,"-engine") == 0) }
{ # endif
if (--argc < 1) goto bad; else if (strcmp(*argv, "-check") == 0)
engine= *(++argv); check = 1;
} else if (strcmp(*argv, "-text") == 0)
#endif text = 1;
else if (strcmp(*argv,"-check") == 0) # ifndef OPENSSL_NO_DSA
check=1; else if (strcmp(*argv, "-dsaparam") == 0)
else if (strcmp(*argv,"-text") == 0) dsaparam = 1;
text=1; # endif
#ifndef OPENSSL_NO_DSA else if (strcmp(*argv, "-C") == 0)
else if (strcmp(*argv,"-dsaparam") == 0) C = 1;
dsaparam=1; else if (strcmp(*argv, "-noout") == 0)
#endif noout = 1;
else if (strcmp(*argv,"-C") == 0) else if (strcmp(*argv, "-2") == 0)
C=1; g = 2;
else if (strcmp(*argv,"-noout") == 0) else if (strcmp(*argv, "-5") == 0)
noout=1; g = 5;
else if (strcmp(*argv,"-2") == 0) else if (strcmp(*argv, "-rand") == 0) {
g=2; if (--argc < 1)
else if (strcmp(*argv,"-5") == 0) goto bad;
g=5; inrand = *(++argv);
else if (strcmp(*argv,"-rand") == 0) } else if (((sscanf(*argv, "%d", &num) == 0) || (num <= 0)))
{ goto bad;
if (--argc < 1) goto bad; argv++;
inrand= *(++argv); argc--;
} }
else if (((sscanf(*argv,"%d",&num) == 0) || (num <= 0)))
goto bad;
argv++;
argc--;
}
if (badops) if (badops) {
{ bad:
bad: BIO_printf(bio_err, "%s [options] [numbits]\n", prog);
BIO_printf(bio_err,"%s [options] [numbits]\n",prog); BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err,"where options are\n"); BIO_printf(bio_err, " -inform arg input format - one of DER PEM\n");
BIO_printf(bio_err," -inform arg input format - one of DER PEM\n"); BIO_printf(bio_err,
BIO_printf(bio_err," -outform arg output format - one of DER PEM\n"); " -outform arg output format - one of DER PEM\n");
BIO_printf(bio_err," -in arg input file\n"); BIO_printf(bio_err, " -in arg input file\n");
BIO_printf(bio_err," -out arg output file\n"); BIO_printf(bio_err, " -out arg output file\n");
#ifndef OPENSSL_NO_DSA # ifndef OPENSSL_NO_DSA
BIO_printf(bio_err," -dsaparam read or generate DSA parameters, convert to DH\n"); BIO_printf(bio_err,
#endif " -dsaparam read or generate DSA parameters, convert to DH\n");
BIO_printf(bio_err," -check check the DH parameters\n"); # endif
BIO_printf(bio_err," -text print a text form of the DH parameters\n"); BIO_printf(bio_err, " -check check the DH parameters\n");
BIO_printf(bio_err," -C Output C code\n"); BIO_printf(bio_err,
BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n"); " -text print a text form of the DH parameters\n");
BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n"); BIO_printf(bio_err, " -C Output C code\n");
BIO_printf(bio_err," numbits number of bits in to generate (default 2048)\n"); BIO_printf(bio_err,
#ifndef OPENSSL_NO_ENGINE " -2 generate parameters using 2 as the generator value\n");
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err,
#endif " -5 generate parameters using 5 as the generator value\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err,
BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); " numbits number of bits in to generate (default 2048)\n");
BIO_printf(bio_err," the random number generator\n"); # ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -noout no output\n"); BIO_printf(bio_err,
goto end; " -engine e use engine e, possibly a hardware device.\n");
} # endif
BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
LIST_SEPARATOR_CHAR);
BIO_printf(bio_err,
" - load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n");
BIO_printf(bio_err, " -noout no output\n");
goto end;
}
ERR_load_crypto_strings(); ERR_load_crypto_strings();
#ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0); setup_engine(bio_err, engine, 0);
#endif # endif
if (g && !num) if (g && !num)
num = DEFBITS; num = DEFBITS;
#ifndef OPENSSL_NO_DSA # ifndef OPENSSL_NO_DSA
if (dsaparam) if (dsaparam) {
{ if (g) {
if (g) BIO_printf(bio_err,
{ "generator may not be chosen for DSA parameters\n");
BIO_printf(bio_err, "generator may not be chosen for DSA parameters\n"); goto end;
goto end; }
} } else
} # endif
else {
#endif /* DH parameters */
{ if (num && !g)
/* DH parameters */ g = 2;
if (num && !g) }
g = 2;
}
if(num) { if (num) {
BN_GENCB *cb; BN_GENCB *cb;
cb = BN_GENCB_new(); cb = BN_GENCB_new();
if(!cb) if (!cb) {
{ ERR_print_errors(bio_err);
ERR_print_errors(bio_err); goto end;
goto end; }
}
BN_GENCB_set(cb, dh_cb, bio_err); BN_GENCB_set(cb, dh_cb, bio_err);
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) {
{ BIO_printf(bio_err,
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); "warning, not much extra random data, consider using the -rand option\n");
} }
if (inrand != NULL) if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n", BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand)); app_RAND_load_files(inrand));
#ifndef OPENSSL_NO_DSA # ifndef OPENSSL_NO_DSA
if (dsaparam) if (dsaparam) {
{ DSA *dsa = DSA_new();
DSA *dsa = DSA_new();
BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num); BIO_printf(bio_err,
if(!dsa || !DSA_generate_parameters_ex(dsa, num, "Generating DSA parameters, %d bit long prime\n", num);
NULL, 0, NULL, NULL, cb)) if (!dsa
{ || !DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL,
if(dsa) DSA_free(dsa); cb)) {
BN_GENCB_free(cb); if (dsa)
ERR_print_errors(bio_err); DSA_free(dsa);
goto end; BN_GENCB_free(cb);
} ERR_print_errors(bio_err);
goto end;
}
dh = DSA_dup_DH(dsa); dh = DSA_dup_DH(dsa);
DSA_free(dsa); DSA_free(dsa);
if (dh == NULL) if (dh == NULL) {
{ BN_GENCB_free(cb);
BN_GENCB_free(cb); ERR_print_errors(bio_err);
ERR_print_errors(bio_err); goto end;
goto end; }
} } else
} # endif
else {
#endif dh = DH_new();
{ BIO_printf(bio_err,
dh = DH_new(); "Generating DH parameters, %d bit long safe prime, generator %d\n",
BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g); num, g);
BIO_printf(bio_err,"This is going to take a long time\n"); BIO_printf(bio_err, "This is going to take a long time\n");
if(!dh || !DH_generate_parameters_ex(dh, num, g, cb)) if (!dh || !DH_generate_parameters_ex(dh, num, g, cb)) {
{ BN_GENCB_free(cb);
BN_GENCB_free(cb); ERR_print_errors(bio_err);
ERR_print_errors(bio_err); goto end;
goto end; }
} }
}
BN_GENCB_free(cb); BN_GENCB_free(cb);
app_RAND_write_file(NULL, bio_err); app_RAND_write_file(NULL, bio_err);
} else { } else {
in=BIO_new(BIO_s_file()); in = BIO_new(BIO_s_file());
if (in == NULL) if (in == NULL) {
{ ERR_print_errors(bio_err);
ERR_print_errors(bio_err); goto end;
goto end; }
} if (infile == NULL)
if (infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE);
BIO_set_fp(in,stdin,BIO_NOCLOSE); else {
else if (BIO_read_filename(in, infile) <= 0) {
{ perror(infile);
if (BIO_read_filename(in,infile) <= 0) goto end;
{ }
perror(infile); }
goto end;
}
}
if (informat != FORMAT_ASN1 && informat != FORMAT_PEM) if (informat != FORMAT_ASN1 && informat != FORMAT_PEM) {
{ BIO_printf(bio_err, "bad input format specified\n");
BIO_printf(bio_err,"bad input format specified\n"); goto end;
goto end; }
} # ifndef OPENSSL_NO_DSA
if (dsaparam) {
DSA *dsa;
#ifndef OPENSSL_NO_DSA if (informat == FORMAT_ASN1)
if (dsaparam) dsa = d2i_DSAparams_bio(in, NULL);
{ else /* informat == FORMAT_PEM */
DSA *dsa; dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL);
if (informat == FORMAT_ASN1) if (dsa == NULL) {
dsa=d2i_DSAparams_bio(in,NULL); BIO_printf(bio_err, "unable to load DSA parameters\n");
else /* informat == FORMAT_PEM */ ERR_print_errors(bio_err);
dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL); goto end;
}
if (dsa == NULL) dh = DSA_dup_DH(dsa);
{ DSA_free(dsa);
BIO_printf(bio_err,"unable to load DSA parameters\n"); if (dh == NULL) {
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
} else
# endif
{
if (informat == FORMAT_ASN1)
dh = d2i_DHparams_bio(in, NULL);
else /* informat == FORMAT_PEM */
dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
dh = DSA_dup_DH(dsa); if (dh == NULL) {
DSA_free(dsa); BIO_printf(bio_err, "unable to load DH parameters\n");
if (dh == NULL) ERR_print_errors(bio_err);
{ goto end;
ERR_print_errors(bio_err); }
goto end; }
}
}
else
#endif
{
if (informat == FORMAT_ASN1)
dh=d2i_DHparams_bio(in,NULL);
else /* informat == FORMAT_PEM */
dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);
if (dh == NULL) /* dh != NULL */
{ }
BIO_printf(bio_err,"unable to load DH parameters\n");
ERR_print_errors(bio_err);
goto end;
}
}
/* dh != NULL */ out = BIO_new(BIO_s_file());
} if (out == NULL) {
ERR_print_errors(bio_err);
goto end;
}
if (outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
# ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
# endif
} else {
if (BIO_write_filename(out, outfile) <= 0) {
perror(outfile);
goto end;
}
}
out=BIO_new(BIO_s_file()); if (text) {
if (out == NULL) DHparams_print(out, dh);
{ }
ERR_print_errors(bio_err);
goto end;
}
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile);
goto end;
}
}
if (check) {
if (!DH_check(dh, &i)) {
ERR_print_errors(bio_err);
goto end;
}
if (i & DH_CHECK_P_NOT_PRIME)
printf("p value is not prime\n");
if (i & DH_CHECK_P_NOT_SAFE_PRIME)
printf("p value is not a safe prime\n");
if (i & DH_UNABLE_TO_CHECK_GENERATOR)
printf("unable to check the generator value\n");
if (i & DH_NOT_SUITABLE_GENERATOR)
printf("the g value is not a generator\n");
if (i == 0)
printf("DH parameters appear to be ok.\n");
}
if (C) {
unsigned char *data;
int len, l, bits;
if (text) len = BN_num_bytes(dh->p);
{ bits = BN_num_bits(dh->p);
DHparams_print(out,dh); data = (unsigned char *)OPENSSL_malloc(len);
} if (data == NULL) {
perror("OPENSSL_malloc");
goto end;
}
printf("#ifndef HEADER_DH_H\n"
"#include <openssl/dh.h>\n" "#endif\n");
printf("DH *get_dh%d()\n\t{\n", bits);
if (check) l = BN_bn2bin(dh->p, data);
{ printf("\tstatic unsigned char dh%d_p[]={", bits);
if (!DH_check(dh,&i)) for (i = 0; i < l; i++) {
{ if ((i % 12) == 0)
ERR_print_errors(bio_err); printf("\n\t\t");
goto end; printf("0x%02X,", data[i]);
} }
if (i & DH_CHECK_P_NOT_PRIME) printf("\n\t\t};\n");
printf("p value is not prime\n");
if (i & DH_CHECK_P_NOT_SAFE_PRIME)
printf("p value is not a safe prime\n");
if (i & DH_UNABLE_TO_CHECK_GENERATOR)
printf("unable to check the generator value\n");
if (i & DH_NOT_SUITABLE_GENERATOR)
printf("the g value is not a generator\n");
if (i == 0)
printf("DH parameters appear to be ok.\n");
}
if (C)
{
unsigned char *data;
int len,l,bits;
len=BN_num_bytes(dh->p); l = BN_bn2bin(dh->g, data);
bits=BN_num_bits(dh->p); printf("\tstatic unsigned char dh%d_g[]={", bits);
data=(unsigned char *)OPENSSL_malloc(len); for (i = 0; i < l; i++) {
if (data == NULL) if ((i % 12) == 0)
{ printf("\n\t\t");
perror("OPENSSL_malloc"); printf("0x%02X,", data[i]);
goto end; }
} printf("\n\t\t};\n");
printf("#ifndef HEADER_DH_H\n"
"#include <openssl/dh.h>\n"
"#endif\n");
printf("DH *get_dh%d()\n\t{\n",bits);
l=BN_bn2bin(dh->p,data); printf("\tDH *dh;\n\n");
printf("\tstatic unsigned char dh%d_p[]={",bits); printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n");
for (i=0; i<l; i++) printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n",
{ bits, bits);
if ((i%12) == 0) printf("\n\t\t"); printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n",
printf("0x%02X,",data[i]); bits, bits);
} printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
printf("\n\t\t};\n"); printf("\t\t{ DH_free(dh); return(NULL); }\n");
if (dh->length)
printf("\tdh->length = %ld;\n", dh->length);
printf("\treturn(dh);\n\t}\n");
OPENSSL_free(data);
}
l=BN_bn2bin(dh->g,data); if (!noout) {
printf("\tstatic unsigned char dh%d_g[]={",bits); if (outformat == FORMAT_ASN1)
for (i=0; i<l; i++) i = i2d_DHparams_bio(out, dh);
{ else if (outformat == FORMAT_PEM) {
if ((i%12) == 0) printf("\n\t\t"); if (dh->q)
printf("0x%02X,",data[i]); i = PEM_write_bio_DHxparams(out, dh);
} else
printf("\n\t\t};\n"); i = PEM_write_bio_DHparams(out, dh);
} else {
printf("\tDH *dh;\n\n"); BIO_printf(bio_err, "bad output format specified for outfile\n");
printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n"); goto end;
printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n", }
bits,bits); if (!i) {
printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n", BIO_printf(bio_err, "unable to write DH parameters\n");
bits,bits); ERR_print_errors(bio_err);
printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n"); goto end;
printf("\t\t{ DH_free(dh); return(NULL); }\n"); }
if (dh->length) }
printf("\tdh->length = %ld;\n", dh->length); ret = 0;
printf("\treturn(dh);\n\t}\n"); end:
OPENSSL_free(data); if (in != NULL)
} BIO_free(in);
if (out != NULL)
BIO_free_all(out);
if (!noout) if (dh != NULL)
{ DH_free(dh);
if (outformat == FORMAT_ASN1) apps_shutdown();
i=i2d_DHparams_bio(out,dh); OPENSSL_EXIT(ret);
else if (outformat == FORMAT_PEM) }
{
if (dh->q)
i=PEM_write_bio_DHxparams(out,dh);
else
i=PEM_write_bio_DHparams(out,dh);
}
else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
if (!i)
{
BIO_printf(bio_err,"unable to write DH parameters\n");
ERR_print_errors(bio_err);
goto end;
}
}
ret=0;
end:
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
if (dh != NULL) DH_free(dh);
apps_shutdown();
OPENSSL_EXIT(ret);
}
/* dh_cb is identical to dsa_cb in apps/dsaparam.c */ /* dh_cb is identical to dsa_cb in apps/dsaparam.c */
static int dh_cb(int p, int n, BN_GENCB *cb) static int dh_cb(int p, int n, BN_GENCB *cb)
{ {
char c='*'; char c = '*';
if (p == 0) c='.'; if (p == 0)
if (p == 1) c='+'; c = '.';
if (p == 2) c='*'; if (p == 1)
if (p == 3) c='\n'; c = '+';
BIO_write(BN_GENCB_get_arg(cb),&c,1); if (p == 2)
(void)BIO_flush(BN_GENCB_get_arg(cb)); c = '*';
return 1; if (p == 3)
} c = '\n';
BIO_write(BN_GENCB_get_arg(cb), &c, 1);
(void)BIO_flush(BN_GENCB_get_arg(cb));
return 1;
}
#else /* !OPENSSL_NO_DH */ #else /* !OPENSSL_NO_DH */
# if PEDANTIC # if PEDANTIC
static void *dummy=&dummy; static void *dummy = &dummy;
# endif # endif
#endif #endif

557
apps/dsa.c
View File

@ -56,322 +56,319 @@
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */ #include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */
#ifndef OPENSSL_NO_DSA #ifndef OPENSSL_NO_DSA
#include <stdio.h> # include <stdio.h>
#include <stdlib.h> # include <stdlib.h>
#include <string.h> # include <string.h>
#include <time.h> # include <time.h>
#include "apps.h" # include "apps.h"
#include <openssl/bio.h> # include <openssl/bio.h>
#include <openssl/err.h> # include <openssl/err.h>
#include <openssl/dsa.h> # include <openssl/dsa.h>
#include <openssl/evp.h> # include <openssl/evp.h>
#include <openssl/x509.h> # include <openssl/x509.h>
#include <openssl/pem.h> # include <openssl/pem.h>
#include <openssl/bn.h> # include <openssl/bn.h>
#undef PROG # undef PROG
#define PROG dsa_main # define PROG dsa_main
/*- /*-
* -inform arg - input format - default PEM (one of DER, NET or PEM) * -inform arg - input format - default PEM (one of DER, NET or PEM)
* -outform arg - output format - default PEM * -outform arg - output format - default PEM
* -in arg - input file - default stdin * -in arg - input file - default stdin
* -out arg - output file - default stdout * -out arg - output file - default stdout
* -des - encrypt output if PEM format with DES in cbc mode * -des - encrypt output if PEM format with DES in cbc mode
* -des3 - encrypt output if PEM format * -des3 - encrypt output if PEM format
* -idea - encrypt output if PEM format * -idea - encrypt output if PEM format
* -aes128 - encrypt output if PEM format * -aes128 - encrypt output if PEM format
* -aes192 - encrypt output if PEM format * -aes192 - encrypt output if PEM format
* -aes256 - encrypt output if PEM format * -aes256 - encrypt output if PEM format
* -camellia128 - encrypt output if PEM format * -camellia128 - encrypt output if PEM format
* -camellia192 - encrypt output if PEM format * -camellia192 - encrypt output if PEM format
* -camellia256 - encrypt output if PEM format * -camellia256 - encrypt output if PEM format
* -seed - encrypt output if PEM format * -seed - encrypt output if PEM format
* -text - print a text version * -text - print a text version
* -modulus - print the DSA public key * -modulus - print the DSA public key
*/ */
int MAIN(int, char **); int MAIN(int, char **);
int MAIN(int argc, char **argv) int MAIN(int argc, char **argv)
{ {
ENGINE *e = NULL; ENGINE *e = NULL;
int ret=1; int ret = 1;
DSA *dsa=NULL; DSA *dsa = NULL;
int i,badops=0; int i, badops = 0;
const EVP_CIPHER *enc=NULL; const EVP_CIPHER *enc = NULL;
BIO *in=NULL,*out=NULL; BIO *in = NULL, *out = NULL;
int informat,outformat,text=0,noout=0; int informat, outformat, text = 0, noout = 0;
int pubin = 0, pubout = 0; int pubin = 0, pubout = 0;
char *infile,*outfile,*prog; char *infile, *outfile, *prog;
#ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
char *engine; char *engine;
#endif # endif
char *passargin = NULL, *passargout = NULL; char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL; char *passin = NULL, *passout = NULL;
int modulus=0; int modulus = 0;
int pvk_encr = 2; int pvk_encr = 2;
apps_startup(); apps_startup();
if (bio_err == NULL) if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL)) if (!load_config(bio_err, NULL))
goto end; goto end;
#ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
engine=NULL; engine = NULL;
#endif # endif
infile=NULL; infile = NULL;
outfile=NULL; outfile = NULL;
informat=FORMAT_PEM; informat = FORMAT_PEM;
outformat=FORMAT_PEM; outformat = FORMAT_PEM;
prog=argv[0]; prog = argv[0];
argc--; argc--;
argv++; argv++;
while (argc >= 1) while (argc >= 1) {
{ if (strcmp(*argv, "-inform") == 0) {
if (strcmp(*argv,"-inform") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad; informat = str2fmt(*(++argv));
informat=str2fmt(*(++argv)); } else if (strcmp(*argv, "-outform") == 0) {
} if (--argc < 1)
else if (strcmp(*argv,"-outform") == 0) goto bad;
{ outformat = str2fmt(*(++argv));
if (--argc < 1) goto bad; } else if (strcmp(*argv, "-in") == 0) {
outformat=str2fmt(*(++argv)); if (--argc < 1)
} goto bad;
else if (strcmp(*argv,"-in") == 0) infile = *(++argv);
{ } else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1) goto bad; if (--argc < 1)
infile= *(++argv); goto bad;
} outfile = *(++argv);
else if (strcmp(*argv,"-out") == 0) } else if (strcmp(*argv, "-passin") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
outfile= *(++argv); passargin = *(++argv);
} } else if (strcmp(*argv, "-passout") == 0) {
else if (strcmp(*argv,"-passin") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad; passargout = *(++argv);
passargin= *(++argv); }
} # ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-passout") == 0) else if (strcmp(*argv, "-engine") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
passargout= *(++argv); engine = *(++argv);
} }
#ifndef OPENSSL_NO_ENGINE # endif
else if (strcmp(*argv,"-engine") == 0) else if (strcmp(*argv, "-pvk-strong") == 0)
{ pvk_encr = 2;
if (--argc < 1) goto bad; else if (strcmp(*argv, "-pvk-weak") == 0)
engine= *(++argv); pvk_encr = 1;
} else if (strcmp(*argv, "-pvk-none") == 0)
#endif pvk_encr = 0;
else if (strcmp(*argv,"-pvk-strong") == 0) else if (strcmp(*argv, "-noout") == 0)
pvk_encr=2; noout = 1;
else if (strcmp(*argv,"-pvk-weak") == 0) else if (strcmp(*argv, "-text") == 0)
pvk_encr=1; text = 1;
else if (strcmp(*argv,"-pvk-none") == 0) else if (strcmp(*argv, "-modulus") == 0)
pvk_encr=0; modulus = 1;
else if (strcmp(*argv,"-noout") == 0) else if (strcmp(*argv, "-pubin") == 0)
noout=1; pubin = 1;
else if (strcmp(*argv,"-text") == 0) else if (strcmp(*argv, "-pubout") == 0)
text=1; pubout = 1;
else if (strcmp(*argv,"-modulus") == 0) else if ((enc = EVP_get_cipherbyname(&(argv[0][1]))) == NULL) {
modulus=1; BIO_printf(bio_err, "unknown option %s\n", *argv);
else if (strcmp(*argv,"-pubin") == 0) badops = 1;
pubin=1; break;
else if (strcmp(*argv,"-pubout") == 0) }
pubout=1; argc--;
else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL) argv++;
{ }
BIO_printf(bio_err,"unknown option %s\n",*argv);
badops=1;
break;
}
argc--;
argv++;
}
if (badops) if (badops) {
{ bad:
bad: BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err,"where options are\n"); BIO_printf(bio_err, " -inform arg input format - DER or PEM\n");
BIO_printf(bio_err," -inform arg input format - DER or PEM\n"); BIO_printf(bio_err, " -outform arg output format - DER or PEM\n");
BIO_printf(bio_err," -outform arg output format - DER or PEM\n"); BIO_printf(bio_err, " -in arg input file\n");
BIO_printf(bio_err," -in arg input file\n"); BIO_printf(bio_err,
BIO_printf(bio_err," -passin arg input file pass phrase source\n"); " -passin arg input file pass phrase source\n");
BIO_printf(bio_err," -out arg output file\n"); BIO_printf(bio_err, " -out arg output file\n");
BIO_printf(bio_err," -passout arg output file pass phrase source\n"); BIO_printf(bio_err,
#ifndef OPENSSL_NO_ENGINE " -passout arg output file pass phrase source\n");
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); # ifndef OPENSSL_NO_ENGINE
#endif BIO_printf(bio_err,
BIO_printf(bio_err," -des encrypt PEM output with cbc des\n"); " -engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); # endif
#ifndef OPENSSL_NO_IDEA BIO_printf(bio_err,
BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n"); " -des encrypt PEM output with cbc des\n");
#endif BIO_printf(bio_err,
#ifndef OPENSSL_NO_AES " -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); # ifndef OPENSSL_NO_IDEA
BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); BIO_printf(bio_err,
#endif " -idea encrypt PEM output with cbc idea\n");
#ifndef OPENSSL_NO_CAMELLIA # endif
BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n"); # ifndef OPENSSL_NO_AES
BIO_printf(bio_err," encrypt PEM output with cbc camellia\n"); BIO_printf(bio_err, " -aes128, -aes192, -aes256\n");
#endif BIO_printf(bio_err,
#ifndef OPENSSL_NO_SEED " encrypt PEM output with cbc aes\n");
BIO_printf(bio_err," -seed encrypt PEM output with cbc seed\n"); # endif
#endif # ifndef OPENSSL_NO_CAMELLIA
BIO_printf(bio_err," -text print the key in text\n"); BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n");
BIO_printf(bio_err," -noout don't print key out\n"); BIO_printf(bio_err,
BIO_printf(bio_err," -modulus print the DSA public value\n"); " encrypt PEM output with cbc camellia\n");
goto end; # endif
} # ifndef OPENSSL_NO_SEED
BIO_printf(bio_err,
" -seed encrypt PEM output with cbc seed\n");
# endif
BIO_printf(bio_err, " -text print the key in text\n");
BIO_printf(bio_err, " -noout don't print key out\n");
BIO_printf(bio_err, " -modulus print the DSA public value\n");
goto end;
}
ERR_load_crypto_strings(); ERR_load_crypto_strings();
#ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0); e = setup_engine(bio_err, engine, 0);
#endif # endif
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n"); BIO_printf(bio_err, "Error getting passwords\n");
goto end; goto end;
} }
in=BIO_new(BIO_s_file()); in = BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL)) if ((in == NULL) || (out == NULL)) {
{ ERR_print_errors(bio_err);
ERR_print_errors(bio_err); goto end;
goto end; }
}
if (infile == NULL) if (infile == NULL)
BIO_set_fp(in,stdin,BIO_NOCLOSE); BIO_set_fp(in, stdin, BIO_NOCLOSE);
else else {
{ if (BIO_read_filename(in, infile) <= 0) {
if (BIO_read_filename(in,infile) <= 0) perror(infile);
{ goto end;
perror(infile); }
goto end; }
}
}
BIO_printf(bio_err,"read DSA key\n"); BIO_printf(bio_err, "read DSA key\n");
{ {
EVP_PKEY *pkey; EVP_PKEY *pkey;
if (pubin) if (pubin)
pkey = load_pubkey(bio_err, infile, informat, 1, pkey = load_pubkey(bio_err, infile, informat, 1,
passin, e, "Public Key"); passin, e, "Public Key");
else else
pkey = load_key(bio_err, infile, informat, 1, pkey = load_key(bio_err, infile, informat, 1,
passin, e, "Private Key"); passin, e, "Private Key");
if (pkey) if (pkey) {
{ dsa = EVP_PKEY_get1_DSA(pkey);
dsa = EVP_PKEY_get1_DSA(pkey); EVP_PKEY_free(pkey);
EVP_PKEY_free(pkey); }
} }
} if (dsa == NULL) {
if (dsa == NULL) BIO_printf(bio_err, "unable to load Key\n");
{ ERR_print_errors(bio_err);
BIO_printf(bio_err,"unable to load Key\n"); goto end;
ERR_print_errors(bio_err); }
goto end;
}
if (outfile == NULL) if (outfile == NULL) {
{ BIO_set_fp(out, stdout, BIO_NOCLOSE);
BIO_set_fp(out,stdout,BIO_NOCLOSE); # ifdef OPENSSL_SYS_VMS
#ifdef OPENSSL_SYS_VMS {
{ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out);
out = BIO_push(tmpbio, out); }
} # endif
#endif } else {
} if (BIO_write_filename(out, outfile) <= 0) {
else perror(outfile);
{ goto end;
if (BIO_write_filename(out,outfile) <= 0) }
{ }
perror(outfile);
goto end;
}
}
if (text) if (text)
if (!DSA_print(out,dsa,0)) if (!DSA_print(out, dsa, 0)) {
{ perror(outfile);
perror(outfile); ERR_print_errors(bio_err);
ERR_print_errors(bio_err); goto end;
goto end; }
}
if (modulus) if (modulus) {
{ fprintf(stdout, "Public Key=");
fprintf(stdout,"Public Key="); BN_print(out, dsa->pub_key);
BN_print(out,dsa->pub_key); fprintf(stdout, "\n");
fprintf(stdout,"\n"); }
}
if (noout) goto end; if (noout)
BIO_printf(bio_err,"writing DSA key\n"); goto end;
if (outformat == FORMAT_ASN1) { BIO_printf(bio_err, "writing DSA key\n");
if(pubin || pubout) i=i2d_DSA_PUBKEY_bio(out,dsa); if (outformat == FORMAT_ASN1) {
else i=i2d_DSAPrivateKey_bio(out,dsa); if (pubin || pubout)
} else if (outformat == FORMAT_PEM) { i = i2d_DSA_PUBKEY_bio(out, dsa);
if(pubin || pubout) else
i=PEM_write_bio_DSA_PUBKEY(out,dsa); i = i2d_DSAPrivateKey_bio(out, dsa);
else i=PEM_write_bio_DSAPrivateKey(out,dsa,enc, } else if (outformat == FORMAT_PEM) {
NULL,0,NULL, passout); if (pubin || pubout)
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_RC4) i = PEM_write_bio_DSA_PUBKEY(out, dsa);
} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) { else
EVP_PKEY *pk; i = PEM_write_bio_DSAPrivateKey(out, dsa, enc,
pk = EVP_PKEY_new(); NULL, 0, NULL, passout);
EVP_PKEY_set1_DSA(pk, dsa); # if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_RC4)
if (outformat == FORMAT_PVK) } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout); EVP_PKEY *pk;
else if (pubin || pubout) pk = EVP_PKEY_new();
i = i2b_PublicKey_bio(out, pk); EVP_PKEY_set1_DSA(pk, dsa);
else if (outformat == FORMAT_PVK)
i = i2b_PrivateKey_bio(out, pk); i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout);
EVP_PKEY_free(pk); else if (pubin || pubout)
#endif i = i2b_PublicKey_bio(out, pk);
} else { else
BIO_printf(bio_err,"bad output format specified for outfile\n"); i = i2b_PrivateKey_bio(out, pk);
goto end; EVP_PKEY_free(pk);
} # endif
if (i <= 0) } else {
{ BIO_printf(bio_err, "bad output format specified for outfile\n");
BIO_printf(bio_err,"unable to write private key\n"); goto end;
ERR_print_errors(bio_err); }
} if (i <= 0) {
else BIO_printf(bio_err, "unable to write private key\n");
ret=0; ERR_print_errors(bio_err);
end: } else
if(in != NULL) BIO_free(in); ret = 0;
if(out != NULL) BIO_free_all(out); end:
if(dsa != NULL) DSA_free(dsa); if (in != NULL)
if(passin) OPENSSL_free(passin); BIO_free(in);
if(passout) OPENSSL_free(passout); if (out != NULL)
apps_shutdown(); BIO_free_all(out);
OPENSSL_EXIT(ret); if (dsa != NULL)
} DSA_free(dsa);
#else /* !OPENSSL_NO_DSA */ if (passin)
OPENSSL_free(passin);
if (passout)
OPENSSL_free(passout);
apps_shutdown();
OPENSSL_EXIT(ret);
}
#else /* !OPENSSL_NO_DSA */
# if PEDANTIC # if PEDANTIC
static void *dummy=&dummy; static void *dummy = &dummy;
# endif # endif
#endif #endif

740
apps/dsaparam.c
View File

@ -56,30 +56,30 @@
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */ #include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */
#ifndef OPENSSL_NO_DSA #ifndef OPENSSL_NO_DSA
#include <assert.h> # include <assert.h>
#include <stdio.h> # include <stdio.h>
#include <stdlib.h> # include <stdlib.h>
#include <time.h> # include <time.h>
#include <string.h> # include <string.h>
#include "apps.h" # include "apps.h"
#include <openssl/bio.h> # include <openssl/bio.h>
#include <openssl/err.h> # include <openssl/err.h>
#include <openssl/bn.h> # include <openssl/bn.h>
#include <openssl/dsa.h> # include <openssl/dsa.h>
#include <openssl/x509.h> # include <openssl/x509.h>
#include <openssl/pem.h> # include <openssl/pem.h>
#undef PROG # undef PROG
#define PROG dsaparam_main # define PROG dsaparam_main
/*- /*-
* -inform arg - input format - default PEM (DER or PEM) * -inform arg - input format - default PEM (DER or PEM)
* -outform arg - output format - default PEM * -outform arg - output format - default PEM
* -in arg - input file - default stdin * -in arg - input file - default stdin
* -out arg - output file - default stdout * -out arg - output file - default stdout
* -noout * -noout
* -text * -text
* -C * -C
@ -90,404 +90,384 @@
* #endif * #endif
*/ */
#ifdef GENCB_TEST # ifdef GENCB_TEST
static int stop_keygen_flag = 0; static int stop_keygen_flag = 0;
static void timebomb_sigalarm(int foo) static void timebomb_sigalarm(int foo)
{ {
stop_keygen_flag = 1; stop_keygen_flag = 1;
} }
#endif # endif
static int dsa_cb(int p, int n, BN_GENCB *cb); static int dsa_cb(int p, int n, BN_GENCB *cb);
int MAIN(int, char **); int MAIN(int, char **);
int MAIN(int argc, char **argv) int MAIN(int argc, char **argv)
{ {
DSA *dsa=NULL; DSA *dsa = NULL;
int i,badops=0,text=0; int i, badops = 0, text = 0;
BIO *in=NULL,*out=NULL; BIO *in = NULL, *out = NULL;
int informat,outformat,noout=0,C=0,ret=1; int informat, outformat, noout = 0, C = 0, ret = 1;
char *infile,*outfile,*prog,*inrand=NULL; char *infile, *outfile, *prog, *inrand = NULL;
int numbits= -1,num,genkey=0; int numbits = -1, num, genkey = 0;
int need_rand=0; int need_rand = 0;
int non_fips_allow = 0; int non_fips_allow = 0;
BN_GENCB *cb = NULL; BN_GENCB *cb = NULL;
#ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
char *engine=NULL; char *engine = NULL;
#endif # endif
#ifdef GENCB_TEST # ifdef GENCB_TEST
int timebomb=0; int timebomb = 0;
#endif # endif
apps_startup(); apps_startup();
if (bio_err == NULL) if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL)) if (!load_config(bio_err, NULL))
goto end; goto end;
infile=NULL; infile = NULL;
outfile=NULL; outfile = NULL;
informat=FORMAT_PEM; informat = FORMAT_PEM;
outformat=FORMAT_PEM; outformat = FORMAT_PEM;
prog=argv[0]; prog = argv[0];
argc--; argc--;
argv++; argv++;
while (argc >= 1) while (argc >= 1) {
{ if (strcmp(*argv, "-inform") == 0) {
if (strcmp(*argv,"-inform") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad; informat = str2fmt(*(++argv));
informat=str2fmt(*(++argv)); } else if (strcmp(*argv, "-outform") == 0) {
} if (--argc < 1)
else if (strcmp(*argv,"-outform") == 0) goto bad;
{ outformat = str2fmt(*(++argv));
if (--argc < 1) goto bad; } else if (strcmp(*argv, "-in") == 0) {
outformat=str2fmt(*(++argv)); if (--argc < 1)
} goto bad;
else if (strcmp(*argv,"-in") == 0) infile = *(++argv);
{ } else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1) goto bad; if (--argc < 1)
infile= *(++argv); goto bad;
} outfile = *(++argv);
else if (strcmp(*argv,"-out") == 0) }
{ # ifndef OPENSSL_NO_ENGINE
if (--argc < 1) goto bad; else if (strcmp(*argv, "-engine") == 0) {
outfile= *(++argv); if (--argc < 1)
} goto bad;
#ifndef OPENSSL_NO_ENGINE engine = *(++argv);
else if(strcmp(*argv, "-engine") == 0) }
{ # endif
if (--argc < 1) goto bad; # ifdef GENCB_TEST
engine = *(++argv); else if (strcmp(*argv, "-timebomb") == 0) {
} if (--argc < 1)
#endif goto bad;
#ifdef GENCB_TEST timebomb = atoi(*(++argv));
else if(strcmp(*argv, "-timebomb") == 0) }
{ # endif
if (--argc < 1) goto bad; else if (strcmp(*argv, "-text") == 0)
timebomb = atoi(*(++argv)); text = 1;
} else if (strcmp(*argv, "-C") == 0)
#endif C = 1;
else if (strcmp(*argv,"-text") == 0) else if (strcmp(*argv, "-genkey") == 0) {
text=1; genkey = 1;
else if (strcmp(*argv,"-C") == 0) need_rand = 1;
C=1; } else if (strcmp(*argv, "-rand") == 0) {
else if (strcmp(*argv,"-genkey") == 0) if (--argc < 1)
{ goto bad;
genkey=1; inrand = *(++argv);
need_rand=1; need_rand = 1;
} } else if (strcmp(*argv, "-noout") == 0)
else if (strcmp(*argv,"-rand") == 0) noout = 1;
{ else if (strcmp(*argv, "-non-fips-allow") == 0)
if (--argc < 1) goto bad; non_fips_allow = 1;
inrand= *(++argv); else if (sscanf(*argv, "%d", &num) == 1) {
need_rand=1; /* generate a key */
} numbits = num;
else if (strcmp(*argv,"-noout") == 0) need_rand = 1;
noout=1; } else {
else if (strcmp(*argv,"-non-fips-allow") == 0) BIO_printf(bio_err, "unknown option %s\n", *argv);
non_fips_allow = 1; badops = 1;
else if (sscanf(*argv,"%d",&num) == 1) break;
{ }
/* generate a key */ argc--;
numbits=num; argv++;
need_rand=1; }
}
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
badops=1;
break;
}
argc--;
argv++;
}
if (badops) if (badops) {
{ bad:
bad: BIO_printf(bio_err, "%s [options] [bits] <infile >outfile\n", prog);
BIO_printf(bio_err,"%s [options] [bits] <infile >outfile\n",prog); BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err,"where options are\n"); BIO_printf(bio_err, " -inform arg input format - DER or PEM\n");
BIO_printf(bio_err," -inform arg input format - DER or PEM\n"); BIO_printf(bio_err, " -outform arg output format - DER or PEM\n");
BIO_printf(bio_err," -outform arg output format - DER or PEM\n"); BIO_printf(bio_err, " -in arg input file\n");
BIO_printf(bio_err," -in arg input file\n"); BIO_printf(bio_err, " -out arg output file\n");
BIO_printf(bio_err," -out arg output file\n"); BIO_printf(bio_err, " -text print as text\n");
BIO_printf(bio_err," -text print as text\n"); BIO_printf(bio_err, " -C Output C code\n");
BIO_printf(bio_err," -C Output C code\n"); BIO_printf(bio_err, " -noout no output\n");
BIO_printf(bio_err," -noout no output\n"); BIO_printf(bio_err, " -genkey generate a DSA key\n");
BIO_printf(bio_err," -genkey generate a DSA key\n"); BIO_printf(bio_err,
BIO_printf(bio_err," -rand files to use for random number input\n"); " -rand files to use for random number input\n");
#ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err,
#endif " -engine e use engine e, possibly a hardware device.\n");
#ifdef GENCB_TEST # endif
BIO_printf(bio_err," -timebomb n interrupt keygen after <n> seconds\n"); # ifdef GENCB_TEST
#endif BIO_printf(bio_err,
BIO_printf(bio_err," number number of bits to use for generating private key\n"); " -timebomb n interrupt keygen after <n> seconds\n");
goto end; # endif
} BIO_printf(bio_err,
" number number of bits to use for generating private key\n");
goto end;
}
ERR_load_crypto_strings(); ERR_load_crypto_strings();
in=BIO_new(BIO_s_file()); in = BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL)) if ((in == NULL) || (out == NULL)) {
{ ERR_print_errors(bio_err);
ERR_print_errors(bio_err); goto end;
goto end; }
}
if (infile == NULL) if (infile == NULL)
BIO_set_fp(in,stdin,BIO_NOCLOSE); BIO_set_fp(in, stdin, BIO_NOCLOSE);
else else {
{ if (BIO_read_filename(in, infile) <= 0) {
if (BIO_read_filename(in,infile) <= 0) perror(infile);
{ goto end;
perror(infile); }
goto end; }
} if (outfile == NULL) {
} BIO_set_fp(out, stdout, BIO_NOCLOSE);
if (outfile == NULL) # ifdef OPENSSL_SYS_VMS
{ {
BIO_set_fp(out,stdout,BIO_NOCLOSE); BIO *tmpbio = BIO_new(BIO_f_linebuffer());
#ifdef OPENSSL_SYS_VMS out = BIO_push(tmpbio, out);
{ }
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); # endif
out = BIO_push(tmpbio, out); } else {
} if (BIO_write_filename(out, outfile) <= 0) {
#endif perror(outfile);
} goto end;
else }
{ }
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile);
goto end;
}
}
#ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0); setup_engine(bio_err, engine, 0);
#endif # endif
if (need_rand) if (need_rand) {
{ app_RAND_load_file(NULL, bio_err, (inrand != NULL));
app_RAND_load_file(NULL, bio_err, (inrand != NULL)); if (inrand != NULL)
if (inrand != NULL) BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
BIO_printf(bio_err,"%ld semi-random bytes loaded\n", app_RAND_load_files(inrand));
app_RAND_load_files(inrand)); }
}
if (numbits > 0) if (numbits > 0) {
{ cb = BN_GENCB_new();
cb = BN_GENCB_new(); if (!cb) {
if(!cb) BIO_printf(bio_err, "Error allocating BN_GENCB object\n");
{ goto end;
BIO_printf(bio_err,"Error allocating BN_GENCB object\n"); }
goto end; BN_GENCB_set(cb, dsa_cb, bio_err);
} assert(need_rand);
BN_GENCB_set(cb, dsa_cb, bio_err); dsa = DSA_new();
assert(need_rand); if (!dsa) {
dsa = DSA_new(); BIO_printf(bio_err, "Error allocating DSA object\n");
if(!dsa) goto end;
{ }
BIO_printf(bio_err,"Error allocating DSA object\n"); if (non_fips_allow)
goto end; dsa->flags |= DSA_FLAG_NON_FIPS_ALLOW;
} BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n",
if (non_fips_allow) num);
dsa->flags |= DSA_FLAG_NON_FIPS_ALLOW; BIO_printf(bio_err, "This could take some time\n");
BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num); # ifdef GENCB_TEST
BIO_printf(bio_err,"This could take some time\n"); if (timebomb > 0) {
#ifdef GENCB_TEST struct sigaction act;
if(timebomb > 0) act.sa_handler = timebomb_sigalarm;
{ act.sa_flags = 0;
struct sigaction act; BIO_printf(bio_err,
act.sa_handler = timebomb_sigalarm; "(though I'll stop it if not done within %d secs)\n",
act.sa_flags = 0; timebomb);
BIO_printf(bio_err,"(though I'll stop it if not done within %d secs)\n", if (sigaction(SIGALRM, &act, NULL) != 0) {
timebomb); BIO_printf(bio_err, "Error, couldn't set SIGALRM handler\n");
if(sigaction(SIGALRM, &act, NULL) != 0) goto end;
{ }
BIO_printf(bio_err,"Error, couldn't set SIGALRM handler\n"); alarm(timebomb);
goto end; }
} # endif
alarm(timebomb); if (!DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL, cb)) {
} # ifdef GENCB_TEST
#endif if (stop_keygen_flag) {
if(!DSA_generate_parameters_ex(dsa,num,NULL,0,NULL,NULL, cb)) BIO_printf(bio_err, "DSA key generation time-stopped\n");
{ /* This is an asked-for behaviour! */
#ifdef GENCB_TEST ret = 0;
if(stop_keygen_flag) goto end;
{ }
BIO_printf(bio_err,"DSA key generation time-stopped\n"); # endif
/* This is an asked-for behaviour! */ ERR_print_errors(bio_err);
ret = 0; BIO_printf(bio_err, "Error, DSA key generation failed\n");
goto end; goto end;
} }
#endif } else if (informat == FORMAT_ASN1)
ERR_print_errors(bio_err); dsa = d2i_DSAparams_bio(in, NULL);
BIO_printf(bio_err,"Error, DSA key generation failed\n"); else if (informat == FORMAT_PEM)
goto end; dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL);
} else {
} BIO_printf(bio_err, "bad input format specified\n");
else if (informat == FORMAT_ASN1) goto end;
dsa=d2i_DSAparams_bio(in,NULL); }
else if (informat == FORMAT_PEM) if (dsa == NULL) {
dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL); BIO_printf(bio_err, "unable to load DSA parameters\n");
else ERR_print_errors(bio_err);
{ goto end;
BIO_printf(bio_err,"bad input format specified\n"); }
goto end;
}
if (dsa == NULL)
{
BIO_printf(bio_err,"unable to load DSA parameters\n");
ERR_print_errors(bio_err);
goto end;
}
if (text) if (text) {
{ DSAparams_print(out, dsa);
DSAparams_print(out,dsa); }
}
if (C) if (C) {
{ unsigned char *data;
unsigned char *data; int l, len, bits_p;
int l,len,bits_p;
len=BN_num_bytes(dsa->p); len = BN_num_bytes(dsa->p);
bits_p=BN_num_bits(dsa->p); bits_p = BN_num_bits(dsa->p);
data=(unsigned char *)OPENSSL_malloc(len+20); data = (unsigned char *)OPENSSL_malloc(len + 20);
if (data == NULL) if (data == NULL) {
{ perror("OPENSSL_malloc");
perror("OPENSSL_malloc"); goto end;
goto end; }
} l = BN_bn2bin(dsa->p, data);
l=BN_bn2bin(dsa->p,data); printf("static unsigned char dsa%d_p[]={", bits_p);
printf("static unsigned char dsa%d_p[]={",bits_p); for (i = 0; i < l; i++) {
for (i=0; i<l; i++) if ((i % 12) == 0)
{ printf("\n\t");
if ((i%12) == 0) printf("\n\t"); printf("0x%02X,", data[i]);
printf("0x%02X,",data[i]); }
} printf("\n\t};\n");
printf("\n\t};\n");
l=BN_bn2bin(dsa->q,data); l = BN_bn2bin(dsa->q, data);
printf("static unsigned char dsa%d_q[]={",bits_p); printf("static unsigned char dsa%d_q[]={", bits_p);
for (i=0; i<l; i++) for (i = 0; i < l; i++) {
{ if ((i % 12) == 0)
if ((i%12) == 0) printf("\n\t"); printf("\n\t");
printf("0x%02X,",data[i]); printf("0x%02X,", data[i]);
} }
printf("\n\t};\n"); printf("\n\t};\n");
l=BN_bn2bin(dsa->g,data); l = BN_bn2bin(dsa->g, data);
printf("static unsigned char dsa%d_g[]={",bits_p); printf("static unsigned char dsa%d_g[]={", bits_p);
for (i=0; i<l; i++) for (i = 0; i < l; i++) {
{ if ((i % 12) == 0)
if ((i%12) == 0) printf("\n\t"); printf("\n\t");
printf("0x%02X,",data[i]); printf("0x%02X,", data[i]);
} }
printf("\n\t};\n\n"); printf("\n\t};\n\n");
printf("DSA *get_dsa%d()\n\t{\n",bits_p); printf("DSA *get_dsa%d()\n\t{\n", bits_p);
printf("\tDSA *dsa;\n\n"); printf("\tDSA *dsa;\n\n");
printf("\tif ((dsa=DSA_new()) == NULL) return(NULL);\n"); printf("\tif ((dsa=DSA_new()) == NULL) return(NULL);\n");
printf("\tdsa->p=BN_bin2bn(dsa%d_p,sizeof(dsa%d_p),NULL);\n", printf("\tdsa->p=BN_bin2bn(dsa%d_p,sizeof(dsa%d_p),NULL);\n",
bits_p,bits_p); bits_p, bits_p);
printf("\tdsa->q=BN_bin2bn(dsa%d_q,sizeof(dsa%d_q),NULL);\n", printf("\tdsa->q=BN_bin2bn(dsa%d_q,sizeof(dsa%d_q),NULL);\n",
bits_p,bits_p); bits_p, bits_p);
printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n", printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n",
bits_p,bits_p); bits_p, bits_p);
printf("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n"); printf
printf("\t\t{ DSA_free(dsa); return(NULL); }\n"); ("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n");
printf("\treturn(dsa);\n\t}\n"); printf("\t\t{ DSA_free(dsa); return(NULL); }\n");
} printf("\treturn(dsa);\n\t}\n");
}
if (!noout) {
if (outformat == FORMAT_ASN1)
i = i2d_DSAparams_bio(out, dsa);
else if (outformat == FORMAT_PEM)
i = PEM_write_bio_DSAparams(out, dsa);
else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
}
if (!i) {
BIO_printf(bio_err, "unable to write DSA parameters\n");
ERR_print_errors(bio_err);
goto end;
}
}
if (genkey) {
DSA *dsakey;
if (!noout) assert(need_rand);
{ if ((dsakey = DSAparams_dup(dsa)) == NULL)
if (outformat == FORMAT_ASN1) goto end;
i=i2d_DSAparams_bio(out,dsa); if (non_fips_allow)
else if (outformat == FORMAT_PEM) dsakey->flags |= DSA_FLAG_NON_FIPS_ALLOW;
i=PEM_write_bio_DSAparams(out,dsa); if (!DSA_generate_key(dsakey)) {
else { ERR_print_errors(bio_err);
BIO_printf(bio_err,"bad output format specified for outfile\n"); DSA_free(dsakey);
goto end; goto end;
} }
if (!i) if (outformat == FORMAT_ASN1)
{ i = i2d_DSAPrivateKey_bio(out, dsakey);
BIO_printf(bio_err,"unable to write DSA parameters\n"); else if (outformat == FORMAT_PEM)
ERR_print_errors(bio_err); i = PEM_write_bio_DSAPrivateKey(out, dsakey, NULL, NULL, 0, NULL,
goto end; NULL);
} else {
} BIO_printf(bio_err, "bad output format specified for outfile\n");
if (genkey) DSA_free(dsakey);
{ goto end;
DSA *dsakey; }
DSA_free(dsakey);
assert(need_rand); }
if ((dsakey=DSAparams_dup(dsa)) == NULL) goto end; if (need_rand)
if (non_fips_allow) app_RAND_write_file(NULL, bio_err);
dsakey->flags |= DSA_FLAG_NON_FIPS_ALLOW; ret = 0;
if (!DSA_generate_key(dsakey)) end:
{ if (cb != NULL)
ERR_print_errors(bio_err); BN_GENCB_free(cb);
DSA_free(dsakey); if (in != NULL)
goto end; BIO_free(in);
} if (out != NULL)
if (outformat == FORMAT_ASN1) BIO_free_all(out);
i=i2d_DSAPrivateKey_bio(out,dsakey); if (dsa != NULL)
else if (outformat == FORMAT_PEM) DSA_free(dsa);
i=PEM_write_bio_DSAPrivateKey(out,dsakey,NULL,NULL,0,NULL,NULL); apps_shutdown();
else { OPENSSL_EXIT(ret);
BIO_printf(bio_err,"bad output format specified for outfile\n"); }
DSA_free(dsakey);
goto end;
}
DSA_free(dsakey);
}
if (need_rand)
app_RAND_write_file(NULL, bio_err);
ret=0;
end:
if (cb != NULL) BN_GENCB_free(cb);
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
if (dsa != NULL) DSA_free(dsa);
apps_shutdown();
OPENSSL_EXIT(ret);
}
static int dsa_cb(int p, int n, BN_GENCB *cb) static int dsa_cb(int p, int n, BN_GENCB *cb)
{ {
char c='*'; char c = '*';
if (p == 0) c='.'; if (p == 0)
if (p == 1) c='+'; c = '.';
if (p == 2) c='*'; if (p == 1)
if (p == 3) c='\n'; c = '+';
BIO_write(BN_GENCB_get_arg(cb),&c,1); if (p == 2)
(void)BIO_flush(BN_GENCB_get_arg(cb)); c = '*';
#ifdef GENCB_TEST if (p == 3)
if(stop_keygen_flag) c = '\n';
return 0; BIO_write(BN_GENCB_get_arg(cb), &c, 1);
#endif (void)BIO_flush(BN_GENCB_get_arg(cb));
return 1; # ifdef GENCB_TEST
} if (stop_keygen_flag)
#else /* !OPENSSL_NO_DSA */ return 0;
# endif
return 1;
}
#else /* !OPENSSL_NO_DSA */
# if PEDANTIC # if PEDANTIC
static void *dummy=&dummy; static void *dummy = &dummy;
# endif # endif
#endif #endif

564
apps/ec.c
View File

@ -58,17 +58,17 @@
#include <openssl/opensslconf.h> #include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
#include <stdio.h> # include <stdio.h>
#include <stdlib.h> # include <stdlib.h>
#include <string.h> # include <string.h>
#include "apps.h" # include "apps.h"
#include <openssl/bio.h> # include <openssl/bio.h>
#include <openssl/err.h> # include <openssl/err.h>
#include <openssl/evp.h> # include <openssl/evp.h>
#include <openssl/pem.h> # include <openssl/pem.h>
#undef PROG # undef PROG
#define PROG ec_main # define PROG ec_main
/*- /*-
* -inform arg - input format - default PEM (one of DER, NET or PEM) * -inform arg - input format - default PEM (one of DER, NET or PEM)
@ -86,322 +86,280 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv) int MAIN(int argc, char **argv)
{ {
int ret = 1; int ret = 1;
EC_KEY *eckey = NULL; EC_KEY *eckey = NULL;
const EC_GROUP *group; const EC_GROUP *group;
int i, badops = 0; int i, badops = 0;
const EVP_CIPHER *enc = NULL; const EVP_CIPHER *enc = NULL;
BIO *in = NULL, *out = NULL; BIO *in = NULL, *out = NULL;
int informat, outformat, text=0, noout=0; int informat, outformat, text = 0, noout = 0;
int pubin = 0, pubout = 0, param_out = 0; int pubin = 0, pubout = 0, param_out = 0;
char *infile, *outfile, *prog, *engine; char *infile, *outfile, *prog, *engine;
char *passargin = NULL, *passargout = NULL; char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL; char *passin = NULL, *passout = NULL;
point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED; point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
int new_form = 0; int new_form = 0;
int asn1_flag = OPENSSL_EC_NAMED_CURVE; int asn1_flag = OPENSSL_EC_NAMED_CURVE;
int new_asn1_flag = 0; int new_asn1_flag = 0;
apps_startup(); apps_startup();
if (bio_err == NULL) if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL)) if (!load_config(bio_err, NULL))
goto end; goto end;
engine = NULL; engine = NULL;
infile = NULL; infile = NULL;
outfile = NULL; outfile = NULL;
informat = FORMAT_PEM; informat = FORMAT_PEM;
outformat = FORMAT_PEM; outformat = FORMAT_PEM;
prog = argv[0]; prog = argv[0];
argc--; argc--;
argv++; argv++;
while (argc >= 1) while (argc >= 1) {
{ if (strcmp(*argv, "-inform") == 0) {
if (strcmp(*argv,"-inform") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad; informat = str2fmt(*(++argv));
informat=str2fmt(*(++argv)); } else if (strcmp(*argv, "-outform") == 0) {
} if (--argc < 1)
else if (strcmp(*argv,"-outform") == 0) goto bad;
{ outformat = str2fmt(*(++argv));
if (--argc < 1) goto bad; } else if (strcmp(*argv, "-in") == 0) {
outformat=str2fmt(*(++argv)); if (--argc < 1)
} goto bad;
else if (strcmp(*argv,"-in") == 0) infile = *(++argv);
{ } else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1) goto bad; if (--argc < 1)
infile= *(++argv); goto bad;
} outfile = *(++argv);
else if (strcmp(*argv,"-out") == 0) } else if (strcmp(*argv, "-passin") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
outfile= *(++argv); passargin = *(++argv);
} } else if (strcmp(*argv, "-passout") == 0) {
else if (strcmp(*argv,"-passin") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad; passargout = *(++argv);
passargin= *(++argv); } else if (strcmp(*argv, "-engine") == 0) {
} if (--argc < 1)
else if (strcmp(*argv,"-passout") == 0) goto bad;
{ engine = *(++argv);
if (--argc < 1) goto bad; } else if (strcmp(*argv, "-noout") == 0)
passargout= *(++argv); noout = 1;
} else if (strcmp(*argv, "-text") == 0)
else if (strcmp(*argv, "-engine") == 0) text = 1;
{ else if (strcmp(*argv, "-conv_form") == 0) {
if (--argc < 1) goto bad; if (--argc < 1)
engine= *(++argv); goto bad;
} ++argv;
else if (strcmp(*argv, "-noout") == 0) new_form = 1;
noout = 1; if (strcmp(*argv, "compressed") == 0)
else if (strcmp(*argv, "-text") == 0) form = POINT_CONVERSION_COMPRESSED;
text = 1; else if (strcmp(*argv, "uncompressed") == 0)
else if (strcmp(*argv, "-conv_form") == 0) form = POINT_CONVERSION_UNCOMPRESSED;
{ else if (strcmp(*argv, "hybrid") == 0)
if (--argc < 1) form = POINT_CONVERSION_HYBRID;
goto bad; else
++argv; goto bad;
new_form = 1; } else if (strcmp(*argv, "-param_enc") == 0) {
if (strcmp(*argv, "compressed") == 0) if (--argc < 1)
form = POINT_CONVERSION_COMPRESSED; goto bad;
else if (strcmp(*argv, "uncompressed") == 0) ++argv;
form = POINT_CONVERSION_UNCOMPRESSED; new_asn1_flag = 1;
else if (strcmp(*argv, "hybrid") == 0) if (strcmp(*argv, "named_curve") == 0)
form = POINT_CONVERSION_HYBRID; asn1_flag = OPENSSL_EC_NAMED_CURVE;
else else if (strcmp(*argv, "explicit") == 0)
goto bad; asn1_flag = 0;
} else
else if (strcmp(*argv, "-param_enc") == 0) goto bad;
{ } else if (strcmp(*argv, "-param_out") == 0)
if (--argc < 1) param_out = 1;
goto bad; else if (strcmp(*argv, "-pubin") == 0)
++argv; pubin = 1;
new_asn1_flag = 1; else if (strcmp(*argv, "-pubout") == 0)
if (strcmp(*argv, "named_curve") == 0) pubout = 1;
asn1_flag = OPENSSL_EC_NAMED_CURVE; else if ((enc = EVP_get_cipherbyname(&(argv[0][1]))) == NULL) {
else if (strcmp(*argv, "explicit") == 0) BIO_printf(bio_err, "unknown option %s\n", *argv);
asn1_flag = 0; badops = 1;
else break;
goto bad; }
} argc--;
else if (strcmp(*argv, "-param_out") == 0) argv++;
param_out = 1; }
else if (strcmp(*argv, "-pubin") == 0)
pubin=1;
else if (strcmp(*argv, "-pubout") == 0)
pubout=1;
else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
{
BIO_printf(bio_err, "unknown option %s\n", *argv);
badops=1;
break;
}
argc--;
argv++;
}
if (badops) if (badops) {
{ bad:
bad: BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog); BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, "where options are\n"); BIO_printf(bio_err, " -inform arg input format - "
BIO_printf(bio_err, " -inform arg input format - " "DER or PEM\n");
"DER or PEM\n"); BIO_printf(bio_err, " -outform arg output format - "
BIO_printf(bio_err, " -outform arg output format - " "DER or PEM\n");
"DER or PEM\n"); BIO_printf(bio_err, " -in arg input file\n");
BIO_printf(bio_err, " -in arg input file\n"); BIO_printf(bio_err, " -passin arg input file pass "
BIO_printf(bio_err, " -passin arg input file pass " "phrase source\n");
"phrase source\n"); BIO_printf(bio_err, " -out arg output file\n");
BIO_printf(bio_err, " -out arg output file\n"); BIO_printf(bio_err, " -passout arg output file pass "
BIO_printf(bio_err, " -passout arg output file pass " "phrase source\n");
"phrase source\n"); BIO_printf(bio_err, " -engine e use engine e, "
BIO_printf(bio_err, " -engine e use engine e, " "possibly a hardware device.\n");
"possibly a hardware device.\n"); BIO_printf(bio_err, " -des encrypt PEM output, "
BIO_printf(bio_err, " -des encrypt PEM output, " "instead of 'des' every other \n"
"instead of 'des' every other \n" " cipher "
" cipher " "supported by OpenSSL can be used\n");
"supported by OpenSSL can be used\n"); BIO_printf(bio_err, " -text print the key\n");
BIO_printf(bio_err, " -text print the key\n"); BIO_printf(bio_err, " -noout don't print key out\n");
BIO_printf(bio_err, " -noout don't print key out\n"); BIO_printf(bio_err, " -param_out print the elliptic "
BIO_printf(bio_err, " -param_out print the elliptic " "curve parameters\n");
"curve parameters\n"); BIO_printf(bio_err, " -conv_form arg specifies the "
BIO_printf(bio_err, " -conv_form arg specifies the " "point conversion form \n");
"point conversion form \n"); BIO_printf(bio_err, " possible values:"
BIO_printf(bio_err, " possible values:" " compressed\n");
" compressed\n"); BIO_printf(bio_err, " "
BIO_printf(bio_err, " " " uncompressed (default)\n");
" uncompressed (default)\n"); BIO_printf(bio_err, " " " hybrid\n");
BIO_printf(bio_err, " " BIO_printf(bio_err, " -param_enc arg specifies the way"
" hybrid\n"); " the ec parameters are encoded\n");
BIO_printf(bio_err, " -param_enc arg specifies the way" BIO_printf(bio_err, " in the asn1 der " "encoding\n");
" the ec parameters are encoded\n"); BIO_printf(bio_err, " possible values:"
BIO_printf(bio_err, " in the asn1 der " " named_curve (default)\n");
"encoding\n"); BIO_printf(bio_err, " "
BIO_printf(bio_err, " possible values:" "explicit\n");
" named_curve (default)\n"); goto end;
BIO_printf(bio_err," " }
"explicit\n");
goto end;
}
ERR_load_crypto_strings(); ERR_load_crypto_strings();
#ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0); setup_engine(bio_err, engine, 0);
#endif # endif
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
{ BIO_printf(bio_err, "Error getting passwords\n");
BIO_printf(bio_err, "Error getting passwords\n"); goto end;
goto end; }
}
in = BIO_new(BIO_s_file()); in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL)) if ((in == NULL) || (out == NULL)) {
{ ERR_print_errors(bio_err);
ERR_print_errors(bio_err); goto end;
goto end; }
}
if (infile == NULL) if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE); BIO_set_fp(in, stdin, BIO_NOCLOSE);
else else {
{ if (BIO_read_filename(in, infile) <= 0) {
if (BIO_read_filename(in, infile) <= 0) perror(infile);
{ goto end;
perror(infile); }
goto end; }
}
}
BIO_printf(bio_err, "read EC key\n"); BIO_printf(bio_err, "read EC key\n");
if (informat == FORMAT_ASN1) if (informat == FORMAT_ASN1) {
{ if (pubin)
if (pubin) eckey = d2i_EC_PUBKEY_bio(in, NULL);
eckey = d2i_EC_PUBKEY_bio(in, NULL); else
else eckey = d2i_ECPrivateKey_bio(in, NULL);
eckey = d2i_ECPrivateKey_bio(in, NULL); } else if (informat == FORMAT_PEM) {
} if (pubin)
else if (informat == FORMAT_PEM) eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, NULL);
{ else
if (pubin) eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL, passin);
eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, } else {
NULL); BIO_printf(bio_err, "bad input format specified for key\n");
else goto end;
eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL, }
passin); if (eckey == NULL) {
} BIO_printf(bio_err, "unable to load Key\n");
else ERR_print_errors(bio_err);
{ goto end;
BIO_printf(bio_err, "bad input format specified for key\n"); }
goto end;
}
if (eckey == NULL)
{
BIO_printf(bio_err,"unable to load Key\n");
ERR_print_errors(bio_err);
goto end;
}
if (outfile == NULL) if (outfile == NULL) {
{ BIO_set_fp(out, stdout, BIO_NOCLOSE);
BIO_set_fp(out, stdout, BIO_NOCLOSE); # ifdef OPENSSL_SYS_VMS
#ifdef OPENSSL_SYS_VMS {
{ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out);
out = BIO_push(tmpbio, out); }
} # endif
#endif } else {
} if (BIO_write_filename(out, outfile) <= 0) {
else perror(outfile);
{ goto end;
if (BIO_write_filename(out, outfile) <= 0) }
{ }
perror(outfile);
goto end;
}
}
group = EC_KEY_get0_group(eckey); group = EC_KEY_get0_group(eckey);
if (new_form) if (new_form)
EC_KEY_set_conv_form(eckey, form); EC_KEY_set_conv_form(eckey, form);
if (new_asn1_flag) if (new_asn1_flag)
EC_KEY_set_asn1_flag(eckey, asn1_flag); EC_KEY_set_asn1_flag(eckey, asn1_flag);
if (text) if (text)
if (!EC_KEY_print(out, eckey, 0)) if (!EC_KEY_print(out, eckey, 0)) {
{ perror(outfile);
perror(outfile); ERR_print_errors(bio_err);
ERR_print_errors(bio_err); goto end;
goto end; }
}
if (noout) if (noout) {
{ ret = 0;
ret = 0; goto end;
goto end; }
}
BIO_printf(bio_err, "writing EC key\n"); BIO_printf(bio_err, "writing EC key\n");
if (outformat == FORMAT_ASN1) if (outformat == FORMAT_ASN1) {
{ if (param_out)
if (param_out) i = i2d_ECPKParameters_bio(out, group);
i = i2d_ECPKParameters_bio(out, group); else if (pubin || pubout)
else if (pubin || pubout) i = i2d_EC_PUBKEY_bio(out, eckey);
i = i2d_EC_PUBKEY_bio(out, eckey); else
else i = i2d_ECPrivateKey_bio(out, eckey);
i = i2d_ECPrivateKey_bio(out, eckey); } else if (outformat == FORMAT_PEM) {
} if (param_out)
else if (outformat == FORMAT_PEM) i = PEM_write_bio_ECPKParameters(out, group);
{ else if (pubin || pubout)
if (param_out) i = PEM_write_bio_EC_PUBKEY(out, eckey);
i = PEM_write_bio_ECPKParameters(out, group); else
else if (pubin || pubout) i = PEM_write_bio_ECPrivateKey(out, eckey, enc,
i = PEM_write_bio_EC_PUBKEY(out, eckey); NULL, 0, NULL, passout);
else } else {
i = PEM_write_bio_ECPrivateKey(out, eckey, enc, BIO_printf(bio_err, "bad output format specified for " "outfile\n");
NULL, 0, NULL, passout); goto end;
} }
else
{
BIO_printf(bio_err, "bad output format specified for "
"outfile\n");
goto end;
}
if (!i) if (!i) {
{ BIO_printf(bio_err, "unable to write private key\n");
BIO_printf(bio_err, "unable to write private key\n"); ERR_print_errors(bio_err);
ERR_print_errors(bio_err); } else
} ret = 0;
else end:
ret=0; if (in)
end: BIO_free(in);
if (in) if (out)
BIO_free(in); BIO_free_all(out);
if (out) if (eckey)
BIO_free_all(out); EC_KEY_free(eckey);
if (eckey) if (passin)
EC_KEY_free(eckey); OPENSSL_free(passin);
if (passin) if (passout)
OPENSSL_free(passin); OPENSSL_free(passout);
if (passout) apps_shutdown();
OPENSSL_free(passout); OPENSSL_EXIT(ret);
apps_shutdown();
OPENSSL_EXIT(ret);
} }
#else /* !OPENSSL_NO_EC */ #else /* !OPENSSL_NO_EC */
# if PEDANTIC # if PEDANTIC
static void *dummy=&dummy; static void *dummy = &dummy;
# endif # endif
#endif #endif

1065
apps/ecparam.c
View File

File diff suppressed because it is too large Load Diff

1150
apps/enc.c
View File

File diff suppressed because it is too large Load Diff

842
apps/engine.c
View File

@ -1,6 +1,7 @@
/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */ /* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */
/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL /*
* project 2000. * Written by Richard Levitte <richard@levitte.org> for the OpenSSL project
* 2000.
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 2000 The OpenSSL Project. All rights reserved. * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
@ -56,491 +57,458 @@
* *
*/ */
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include "apps.h" #include "apps.h"
#include <openssl/err.h> #include <openssl/err.h>
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h> # include <openssl/engine.h>
#include <openssl/ssl.h> # include <openssl/ssl.h>
#undef PROG # undef PROG
#define PROG engine_main # define PROG engine_main
static const char *engine_usage[]={ static const char *engine_usage[] = {
"usage: engine opts [engine ...]\n", "usage: engine opts [engine ...]\n",
" -v[v[v[v]]] - verbose mode, for each engine, list its 'control commands'\n", " -v[v[v[v]]] - verbose mode, for each engine, list its 'control commands'\n",
" -vv will additionally display each command's description\n", " -vv will additionally display each command's description\n",
" -vvv will also add the input flags for each command\n", " -vvv will also add the input flags for each command\n",
" -vvvv will also show internal input flags\n", " -vvvv will also show internal input flags\n",
" -c - for each engine, also list the capabilities\n", " -c - for each engine, also list the capabilities\n",
" -t[t] - for each engine, check that they are really available\n", " -t[t] - for each engine, check that they are really available\n",
" -tt will display error trace for unavailable engines\n", " -tt will display error trace for unavailable engines\n",
" -pre <cmd> - runs command 'cmd' against the ENGINE before any attempts\n", " -pre <cmd> - runs command 'cmd' against the ENGINE before any attempts\n",
" to load it (if -t is used)\n", " to load it (if -t is used)\n",
" -post <cmd> - runs command 'cmd' against the ENGINE after loading it\n", " -post <cmd> - runs command 'cmd' against the ENGINE after loading it\n",
" (only used if -t is also provided)\n", " (only used if -t is also provided)\n",
" NB: -pre and -post will be applied to all ENGINEs supplied on the command\n", " NB: -pre and -post will be applied to all ENGINEs supplied on the command\n",
" line, or all supported ENGINEs if none are specified.\n", " line, or all supported ENGINEs if none are specified.\n",
" Eg. '-pre \"SO_PATH:/lib/libdriver.so\"' calls command \"SO_PATH\" with\n", " Eg. '-pre \"SO_PATH:/lib/libdriver.so\"' calls command \"SO_PATH\" with\n",
" argument \"/lib/libdriver.so\".\n", " argument \"/lib/libdriver.so\".\n",
NULL NULL
}; };
static void identity(char *ptr) static void identity(char *ptr)
{ {
return; return;
} }
static int append_buf(char **buf, const char *s, int *size, int step) static int append_buf(char **buf, const char *s, int *size, int step)
{ {
int l = strlen(s); int l = strlen(s);
if (*buf == NULL) if (*buf == NULL) {
{ *size = step;
*size = step; *buf = OPENSSL_malloc(*size);
*buf = OPENSSL_malloc(*size); if (*buf == NULL)
if (*buf == NULL) return 0;
return 0; **buf = '\0';
**buf = '\0'; }
}
if (**buf != '\0') if (**buf != '\0')
l += 2; /* ", " */ l += 2; /* ", " */
if (strlen(*buf) + strlen(s) >= (unsigned int)*size) if (strlen(*buf) + strlen(s) >= (unsigned int)*size) {
{ *size += step;
*size += step; *buf = OPENSSL_realloc(*buf, *size);
*buf = OPENSSL_realloc(*buf, *size); }
}
if (*buf == NULL) if (*buf == NULL)
return 0; return 0;
if (**buf != '\0') if (**buf != '\0')
BUF_strlcat(*buf, ", ", *size); BUF_strlcat(*buf, ", ", *size);
BUF_strlcat(*buf, s, *size); BUF_strlcat(*buf, s, *size);
return 1; return 1;
} }
static int util_flags(BIO *bio_out, unsigned int flags, const char *indent) static int util_flags(BIO *bio_out, unsigned int flags, const char *indent)
{ {
int started = 0, err = 0; int started = 0, err = 0;
/* Indent before displaying input flags */ /* Indent before displaying input flags */
BIO_printf(bio_out, "%s%s(input flags): ", indent, indent); BIO_printf(bio_out, "%s%s(input flags): ", indent, indent);
if(flags == 0) if (flags == 0) {
{ BIO_printf(bio_out, "<no flags>\n");
BIO_printf(bio_out, "<no flags>\n"); return 1;
return 1; }
} /*
/* If the object is internal, mark it in a way that shows instead of * If the object is internal, mark it in a way that shows instead of
* having it part of all the other flags, even if it really is. */ * having it part of all the other flags, even if it really is.
if(flags & ENGINE_CMD_FLAG_INTERNAL) */
{ if (flags & ENGINE_CMD_FLAG_INTERNAL) {
BIO_printf(bio_out, "[Internal] "); BIO_printf(bio_out, "[Internal] ");
} }
if(flags & ENGINE_CMD_FLAG_NUMERIC) if (flags & ENGINE_CMD_FLAG_NUMERIC) {
{ BIO_printf(bio_out, "NUMERIC");
BIO_printf(bio_out, "NUMERIC"); started = 1;
started = 1; }
} /*
/* Now we check that no combinations of the mutually exclusive NUMERIC, * Now we check that no combinations of the mutually exclusive NUMERIC,
* STRING, and NO_INPUT flags have been used. Future flags that can be * STRING, and NO_INPUT flags have been used. Future flags that can be
* OR'd together with these would need to added after these to preserve * OR'd together with these would need to added after these to preserve
* the testing logic. */ * the testing logic.
if(flags & ENGINE_CMD_FLAG_STRING) */
{ if (flags & ENGINE_CMD_FLAG_STRING) {
if(started) if (started) {
{ BIO_printf(bio_out, "|");
BIO_printf(bio_out, "|"); err = 1;
err = 1; }
} BIO_printf(bio_out, "STRING");
BIO_printf(bio_out, "STRING"); started = 1;
started = 1; }
} if (flags & ENGINE_CMD_FLAG_NO_INPUT) {
if(flags & ENGINE_CMD_FLAG_NO_INPUT) if (started) {
{ BIO_printf(bio_out, "|");
if(started) err = 1;
{ }
BIO_printf(bio_out, "|"); BIO_printf(bio_out, "NO_INPUT");
err = 1; started = 1;
} }
BIO_printf(bio_out, "NO_INPUT"); /* Check for unknown flags */
started = 1; flags = flags & ~ENGINE_CMD_FLAG_NUMERIC &
} ~ENGINE_CMD_FLAG_STRING &
/* Check for unknown flags */ ~ENGINE_CMD_FLAG_NO_INPUT & ~ENGINE_CMD_FLAG_INTERNAL;
flags = flags & ~ENGINE_CMD_FLAG_NUMERIC & if (flags) {
~ENGINE_CMD_FLAG_STRING & if (started)
~ENGINE_CMD_FLAG_NO_INPUT & BIO_printf(bio_out, "|");
~ENGINE_CMD_FLAG_INTERNAL; BIO_printf(bio_out, "<0x%04X>", flags);
if(flags) }
{ if (err)
if(started) BIO_printf(bio_out, "|"); BIO_printf(bio_out, " <illegal flags!>");
BIO_printf(bio_out, "<0x%04X>", flags); BIO_printf(bio_out, "\n");
} return 1;
if(err) }
BIO_printf(bio_out, " <illegal flags!>");
BIO_printf(bio_out, "\n");
return 1;
}
static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent) static int util_verbose(ENGINE *e, int verbose, BIO *bio_out,
{ const char *indent)
static const int line_wrap = 78; {
int num; static const int line_wrap = 78;
int ret = 0; int num;
char *name = NULL; int ret = 0;
char *desc = NULL; char *name = NULL;
int flags; char *desc = NULL;
int xpos = 0; int flags;
STACK_OF(OPENSSL_STRING) *cmds = NULL; int xpos = 0;
if(!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) || STACK_OF(OPENSSL_STRING) *cmds = NULL;
((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE, if (!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||
0, NULL, NULL)) <= 0)) ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,
{ 0, NULL, NULL)) <= 0)) {
#if 0 # if 0
BIO_printf(bio_out, "%s<no control commands>\n", indent); BIO_printf(bio_out, "%s<no control commands>\n", indent);
#endif # endif
return 1; return 1;
} }
cmds = sk_OPENSSL_STRING_new_null(); cmds = sk_OPENSSL_STRING_new_null();
if(!cmds) if (!cmds)
goto err; goto err;
do { do {
int len; int len;
/* Get the command input flags */ /* Get the command input flags */
if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,
NULL, NULL)) < 0) NULL, NULL)) < 0)
goto err; goto err;
if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4) if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4) {
{ /* Get the command name */
/* Get the command name */ if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num,
if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num, NULL, NULL)) <= 0)
NULL, NULL)) <= 0) goto err;
goto err; if ((name = OPENSSL_malloc(len + 1)) == NULL)
if((name = OPENSSL_malloc(len + 1)) == NULL) goto err;
goto err; if (ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name,
if(ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name, NULL) <= 0)
goto err;
/* Get the command description */
if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num,
NULL, NULL)) < 0)
goto err;
if (len > 0) {
if ((desc = OPENSSL_malloc(len + 1)) == NULL)
goto err;
if (ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc,
NULL) <= 0) NULL) <= 0)
goto err; goto err;
/* Get the command description */ }
if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num, /* Now decide on the output */
NULL, NULL)) < 0) if (xpos == 0)
goto err; /* Do an indent */
if(len > 0) xpos = BIO_puts(bio_out, indent);
{ else
if((desc = OPENSSL_malloc(len + 1)) == NULL) /* Otherwise prepend a ", " */
goto err; xpos += BIO_printf(bio_out, ", ");
if(ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc, if (verbose == 1) {
NULL) <= 0) /*
goto err; * We're just listing names, comma-delimited
} */
/* Now decide on the output */ if ((xpos > (int)strlen(indent)) &&
if(xpos == 0) (xpos + (int)strlen(name) > line_wrap)) {
/* Do an indent */ BIO_printf(bio_out, "\n");
xpos = BIO_puts(bio_out, indent); xpos = BIO_puts(bio_out, indent);
else }
/* Otherwise prepend a ", " */ xpos += BIO_printf(bio_out, "%s", name);
xpos += BIO_printf(bio_out, ", "); } else {
if(verbose == 1) /* We're listing names plus descriptions */
{ BIO_printf(bio_out, "%s: %s\n", name,
/* We're just listing names, comma-delimited */ (desc == NULL) ? "<no description>" : desc);
if((xpos > (int)strlen(indent)) && /* ... and sometimes input flags */
(xpos + (int)strlen(name) > line_wrap)) if ((verbose >= 3) && !util_flags(bio_out, flags, indent))
{ goto err;
BIO_printf(bio_out, "\n"); xpos = 0;
xpos = BIO_puts(bio_out, indent); }
} }
xpos += BIO_printf(bio_out, "%s", name); OPENSSL_free(name);
} name = NULL;
else if (desc) {
{ OPENSSL_free(desc);
/* We're listing names plus descriptions */ desc = NULL;
BIO_printf(bio_out, "%s: %s\n", name, }
(desc == NULL) ? "<no description>" : desc); /* Move to the next command */
/* ... and sometimes input flags */ num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE, num, NULL, NULL);
if((verbose >= 3) && !util_flags(bio_out, flags, } while (num > 0);
indent)) if (xpos > 0)
goto err; BIO_printf(bio_out, "\n");
xpos = 0; ret = 1;
} err:
} if (cmds)
OPENSSL_free(name); name = NULL; sk_OPENSSL_STRING_pop_free(cmds, identity);
if(desc) { OPENSSL_free(desc); desc = NULL; } if (name)
/* Move to the next command */ OPENSSL_free(name);
num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE, if (desc)
num, NULL, NULL); OPENSSL_free(desc);
} while(num > 0); return ret;
if(xpos > 0) }
BIO_printf(bio_out, "\n");
ret = 1;
err:
if(cmds) sk_OPENSSL_STRING_pop_free(cmds, identity);
if(name) OPENSSL_free(name);
if(desc) OPENSSL_free(desc);
return ret;
}
static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds, static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds,
BIO *bio_out, const char *indent) BIO *bio_out, const char *indent)
{ {
int loop, res, num = sk_OPENSSL_STRING_num(cmds); int loop, res, num = sk_OPENSSL_STRING_num(cmds);
if(num < 0) if (num < 0) {
{ BIO_printf(bio_out, "[Error]: internal stack error\n");
BIO_printf(bio_out, "[Error]: internal stack error\n"); return;
return; }
} for (loop = 0; loop < num; loop++) {
for(loop = 0; loop < num; loop++) char buf[256];
{ const char *cmd, *arg;
char buf[256]; cmd = sk_OPENSSL_STRING_value(cmds, loop);
const char *cmd, *arg; res = 1; /* assume success */
cmd = sk_OPENSSL_STRING_value(cmds, loop); /* Check if this command has no ":arg" */
res = 1; /* assume success */ if ((arg = strstr(cmd, ":")) == NULL) {
/* Check if this command has no ":arg" */ if (!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0))
if((arg = strstr(cmd, ":")) == NULL) res = 0;
{ } else {
if(!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0)) if ((int)(arg - cmd) > 254) {
res = 0; BIO_printf(bio_out, "[Error]: command name too long\n");
} return;
else }
{ memcpy(buf, cmd, (int)(arg - cmd));
if((int)(arg - cmd) > 254) buf[arg - cmd] = '\0';
{ arg++; /* Move past the ":" */
BIO_printf(bio_out,"[Error]: command name too long\n"); /* Call the command with the argument */
return; if (!ENGINE_ctrl_cmd_string(e, buf, arg, 0))
} res = 0;
memcpy(buf, cmd, (int)(arg - cmd)); }
buf[arg-cmd] = '\0'; if (res)
arg++; /* Move past the ":" */ BIO_printf(bio_out, "[Success]: %s\n", cmd);
/* Call the command with the argument */ else {
if(!ENGINE_ctrl_cmd_string(e, buf, arg, 0)) BIO_printf(bio_out, "[Failure]: %s\n", cmd);
res = 0; ERR_print_errors(bio_out);
} }
if(res) }
BIO_printf(bio_out, "[Success]: %s\n", cmd); }
else
{
BIO_printf(bio_out, "[Failure]: %s\n", cmd);
ERR_print_errors(bio_out);
}
}
}
int MAIN(int, char **); int MAIN(int, char **);
int MAIN(int argc, char **argv) int MAIN(int argc, char **argv)
{ {
int ret=1,i; int ret = 1, i;
const char **pp; const char **pp;
int verbose=0, list_cap=0, test_avail=0, test_avail_noise = 0; int verbose = 0, list_cap = 0, test_avail = 0, test_avail_noise = 0;
ENGINE *e; ENGINE *e;
STACK_OF(OPENSSL_STRING) *engines = sk_OPENSSL_STRING_new_null(); STACK_OF(OPENSSL_STRING) *engines = sk_OPENSSL_STRING_new_null();
STACK_OF(OPENSSL_STRING) *pre_cmds = sk_OPENSSL_STRING_new_null(); STACK_OF(OPENSSL_STRING) *pre_cmds = sk_OPENSSL_STRING_new_null();
STACK_OF(OPENSSL_STRING) *post_cmds = sk_OPENSSL_STRING_new_null(); STACK_OF(OPENSSL_STRING) *post_cmds = sk_OPENSSL_STRING_new_null();
int badops=1; int badops = 1;
BIO *bio_out=NULL; BIO *bio_out = NULL;
const char *indent = " "; const char *indent = " ";
apps_startup(); apps_startup();
SSL_load_error_strings(); SSL_load_error_strings();
if (bio_err == NULL) if (bio_err == NULL)
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL)) if (!load_config(bio_err, NULL))
goto end; goto end;
bio_out=BIO_new_fp(stdout,BIO_NOCLOSE); bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS # ifdef OPENSSL_SYS_VMS
{ {
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); BIO *tmpbio = BIO_new(BIO_f_linebuffer());
bio_out = BIO_push(tmpbio, bio_out); bio_out = BIO_push(tmpbio, bio_out);
} }
#endif # endif
argc--; argc--;
argv++; argv++;
while (argc >= 1) while (argc >= 1) {
{ if (strncmp(*argv, "-v", 2) == 0) {
if (strncmp(*argv,"-v",2) == 0) if (strspn(*argv + 1, "v") < strlen(*argv + 1))
{ goto skip_arg_loop;
if(strspn(*argv + 1, "v") < strlen(*argv + 1)) if ((verbose = strlen(*argv + 1)) > 4)
goto skip_arg_loop; goto skip_arg_loop;
if((verbose=strlen(*argv + 1)) > 4) } else if (strcmp(*argv, "-c") == 0)
goto skip_arg_loop; list_cap = 1;
} else if (strncmp(*argv, "-t", 2) == 0) {
else if (strcmp(*argv,"-c") == 0) test_avail = 1;
list_cap=1; if (strspn(*argv + 1, "t") < strlen(*argv + 1))
else if (strncmp(*argv,"-t",2) == 0) goto skip_arg_loop;
{ if ((test_avail_noise = strlen(*argv + 1) - 1) > 1)
test_avail=1; goto skip_arg_loop;
if(strspn(*argv + 1, "t") < strlen(*argv + 1)) } else if (strcmp(*argv, "-pre") == 0) {
goto skip_arg_loop; argc--;
if((test_avail_noise = strlen(*argv + 1) - 1) > 1) argv++;
goto skip_arg_loop; if (argc == 0)
} goto skip_arg_loop;
else if (strcmp(*argv,"-pre") == 0) sk_OPENSSL_STRING_push(pre_cmds, *argv);
{ } else if (strcmp(*argv, "-post") == 0) {
argc--; argv++; argc--;
if (argc == 0) argv++;
goto skip_arg_loop; if (argc == 0)
sk_OPENSSL_STRING_push(pre_cmds,*argv); goto skip_arg_loop;
} sk_OPENSSL_STRING_push(post_cmds, *argv);
else if (strcmp(*argv,"-post") == 0) } else if ((strncmp(*argv, "-h", 2) == 0) ||
{ (strcmp(*argv, "-?") == 0))
argc--; argv++; goto skip_arg_loop;
if (argc == 0) else
goto skip_arg_loop; sk_OPENSSL_STRING_push(engines, *argv);
sk_OPENSSL_STRING_push(post_cmds,*argv); argc--;
} argv++;
else if ((strncmp(*argv,"-h",2) == 0) || }
(strcmp(*argv,"-?") == 0)) /* Looks like everything went OK */
goto skip_arg_loop; badops = 0;
else skip_arg_loop:
sk_OPENSSL_STRING_push(engines,*argv);
argc--;
argv++;
}
/* Looks like everything went OK */
badops = 0;
skip_arg_loop:
if (badops) if (badops) {
{ for (pp = engine_usage; (*pp != NULL); pp++)
for (pp=engine_usage; (*pp != NULL); pp++) BIO_printf(bio_err, "%s", *pp);
BIO_printf(bio_err,"%s",*pp); goto end;
goto end; }
}
if (sk_OPENSSL_STRING_num(engines) == 0) if (sk_OPENSSL_STRING_num(engines) == 0) {
{ for (e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) {
for(e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) sk_OPENSSL_STRING_push(engines, (char *)ENGINE_get_id(e));
{ }
sk_OPENSSL_STRING_push(engines,(char *)ENGINE_get_id(e)); }
}
}
for (i=0; i<sk_OPENSSL_STRING_num(engines); i++) for (i = 0; i < sk_OPENSSL_STRING_num(engines); i++) {
{ const char *id = sk_OPENSSL_STRING_value(engines, i);
const char *id = sk_OPENSSL_STRING_value(engines,i); if ((e = ENGINE_by_id(id)) != NULL) {
if ((e = ENGINE_by_id(id)) != NULL) const char *name = ENGINE_get_name(e);
{ /*
const char *name = ENGINE_get_name(e); * Do "id" first, then "name". Easier to auto-parse.
/* Do "id" first, then "name". Easier to auto-parse. */ */
BIO_printf(bio_out, "(%s) %s\n", id, name); BIO_printf(bio_out, "(%s) %s\n", id, name);
util_do_cmds(e, pre_cmds, bio_out, indent); util_do_cmds(e, pre_cmds, bio_out, indent);
if (strcmp(ENGINE_get_id(e), id) != 0) if (strcmp(ENGINE_get_id(e), id) != 0) {
{ BIO_printf(bio_out, "Loaded: (%s) %s\n",
BIO_printf(bio_out, "Loaded: (%s) %s\n", ENGINE_get_id(e), ENGINE_get_name(e));
ENGINE_get_id(e), ENGINE_get_name(e)); }
} if (list_cap) {
if (list_cap) int cap_size = 256;
{ char *cap_buf = NULL;
int cap_size = 256; int k, n;
char *cap_buf = NULL; const int *nids;
int k,n; ENGINE_CIPHERS_PTR fn_c;
const int *nids; ENGINE_DIGESTS_PTR fn_d;
ENGINE_CIPHERS_PTR fn_c; ENGINE_PKEY_METHS_PTR fn_pk;
ENGINE_DIGESTS_PTR fn_d;
ENGINE_PKEY_METHS_PTR fn_pk;
if (ENGINE_get_RSA(e) != NULL if (ENGINE_get_RSA(e) != NULL
&& !append_buf(&cap_buf, "RSA", && !append_buf(&cap_buf, "RSA", &cap_size, 256))
&cap_size, 256)) goto end;
goto end; if (ENGINE_get_DSA(e) != NULL
if (ENGINE_get_DSA(e) != NULL && !append_buf(&cap_buf, "DSA", &cap_size, 256))
&& !append_buf(&cap_buf, "DSA", goto end;
&cap_size, 256)) if (ENGINE_get_DH(e) != NULL
goto end; && !append_buf(&cap_buf, "DH", &cap_size, 256))
if (ENGINE_get_DH(e) != NULL goto end;
&& !append_buf(&cap_buf, "DH", if (ENGINE_get_RAND(e) != NULL
&cap_size, 256)) && !append_buf(&cap_buf, "RAND", &cap_size, 256))
goto end; goto end;
if (ENGINE_get_RAND(e) != NULL
&& !append_buf(&cap_buf, "RAND",
&cap_size, 256))
goto end;
fn_c = ENGINE_get_ciphers(e); fn_c = ENGINE_get_ciphers(e);
if(!fn_c) goto skip_ciphers; if (!fn_c)
n = fn_c(e, NULL, &nids, 0); goto skip_ciphers;
for(k=0 ; k < n ; ++k) n = fn_c(e, NULL, &nids, 0);
if(!append_buf(&cap_buf, for (k = 0; k < n; ++k)
OBJ_nid2sn(nids[k]), if (!append_buf(&cap_buf,
&cap_size, 256)) OBJ_nid2sn(nids[k]), &cap_size, 256))
goto end; goto end;
skip_ciphers: skip_ciphers:
fn_d = ENGINE_get_digests(e); fn_d = ENGINE_get_digests(e);
if(!fn_d) goto skip_digests; if (!fn_d)
n = fn_d(e, NULL, &nids, 0); goto skip_digests;
for(k=0 ; k < n ; ++k) n = fn_d(e, NULL, &nids, 0);
if(!append_buf(&cap_buf, for (k = 0; k < n; ++k)
OBJ_nid2sn(nids[k]), if (!append_buf(&cap_buf,
&cap_size, 256)) OBJ_nid2sn(nids[k]), &cap_size, 256))
goto end; goto end;
skip_digests: skip_digests:
fn_pk = ENGINE_get_pkey_meths(e); fn_pk = ENGINE_get_pkey_meths(e);
if(!fn_pk) goto skip_pmeths; if (!fn_pk)
n = fn_pk(e, NULL, &nids, 0); goto skip_pmeths;
for(k=0 ; k < n ; ++k) n = fn_pk(e, NULL, &nids, 0);
if(!append_buf(&cap_buf, for (k = 0; k < n; ++k)
OBJ_nid2sn(nids[k]), if (!append_buf(&cap_buf,
&cap_size, 256)) OBJ_nid2sn(nids[k]), &cap_size, 256))
goto end; goto end;
skip_pmeths: skip_pmeths:
if (cap_buf && (*cap_buf != '\0')) if (cap_buf && (*cap_buf != '\0'))
BIO_printf(bio_out, " [%s]\n", cap_buf); BIO_printf(bio_out, " [%s]\n", cap_buf);
OPENSSL_free(cap_buf); OPENSSL_free(cap_buf);
} }
if(test_avail) if (test_avail) {
{ BIO_printf(bio_out, "%s", indent);
BIO_printf(bio_out, "%s", indent); if (ENGINE_init(e)) {
if (ENGINE_init(e)) BIO_printf(bio_out, "[ available ]\n");
{ util_do_cmds(e, post_cmds, bio_out, indent);
BIO_printf(bio_out, "[ available ]\n"); ENGINE_finish(e);
util_do_cmds(e, post_cmds, bio_out, indent); } else {
ENGINE_finish(e); BIO_printf(bio_out, "[ unavailable ]\n");
} if (test_avail_noise)
else ERR_print_errors_fp(stdout);
{ ERR_clear_error();
BIO_printf(bio_out, "[ unavailable ]\n"); }
if(test_avail_noise) }
ERR_print_errors_fp(stdout); if ((verbose > 0) && !util_verbose(e, verbose, bio_out, indent))
ERR_clear_error(); goto end;
} ENGINE_free(e);
} } else
if((verbose > 0) && !util_verbose(e, verbose, bio_out, indent)) ERR_print_errors(bio_err);
goto end; }
ENGINE_free(e);
}
else
ERR_print_errors(bio_err);
}
ret=0; ret = 0;
end: end:
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
sk_OPENSSL_STRING_pop_free(engines, identity); sk_OPENSSL_STRING_pop_free(engines, identity);
sk_OPENSSL_STRING_pop_free(pre_cmds, identity); sk_OPENSSL_STRING_pop_free(pre_cmds, identity);
sk_OPENSSL_STRING_pop_free(post_cmds, identity); sk_OPENSSL_STRING_pop_free(post_cmds, identity);
if (bio_out != NULL) BIO_free_all(bio_out); if (bio_out != NULL)
apps_shutdown(); BIO_free_all(bio_out);
OPENSSL_EXIT(ret); apps_shutdown();
} OPENSSL_EXIT(ret);
}
#else #else
# if PEDANTIC # if PEDANTIC
static void *dummy=&dummy; static void *dummy = &dummy;
# endif # endif
#endif #endif

89
apps/errstr.c
View File

@ -66,63 +66,56 @@
#include <openssl/ssl.h> #include <openssl/ssl.h>
#undef PROG #undef PROG
#define PROG errstr_main #define PROG errstr_main
int MAIN(int, char **); int MAIN(int, char **);
int MAIN(int argc, char **argv) int MAIN(int argc, char **argv)
{ {
int i,ret=0; int i, ret = 0;
char buf[256]; char buf[256];
unsigned long l; unsigned long l;
apps_startup(); apps_startup();
if (bio_err == NULL) if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
SSL_load_error_strings(); SSL_load_error_strings();
if ((argc > 1) && (strcmp(argv[1],"-stats") == 0)) if ((argc > 1) && (strcmp(argv[1], "-stats") == 0)) {
{ BIO *out = NULL;
BIO *out=NULL;
out=BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file());
if ((out != NULL) && BIO_set_fp(out,stdout,BIO_NOCLOSE)) if ((out != NULL) && BIO_set_fp(out, stdout, BIO_NOCLOSE)) {
{
#ifdef OPENSSL_SYS_VMS #ifdef OPENSSL_SYS_VMS
{ {
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out); out = BIO_push(tmpbio, out);
} }
#endif #endif
lh_ERR_STRING_DATA_node_stats_bio( lh_ERR_STRING_DATA_node_stats_bio(ERR_get_string_table(), out);
ERR_get_string_table(), out); lh_ERR_STRING_DATA_stats_bio(ERR_get_string_table(), out);
lh_ERR_STRING_DATA_stats_bio(ERR_get_string_table(), lh_ERR_STRING_DATA_node_usage_stats_bio(ERR_get_string_table(),
out); out);
lh_ERR_STRING_DATA_node_usage_stats_bio( }
ERR_get_string_table(),out); if (out != NULL)
} BIO_free_all(out);
if (out != NULL) BIO_free_all(out); argc--;
argc--; argv++;
argv++; }
}
for (i=1; i<argc; i++) for (i = 1; i < argc; i++) {
{ if (sscanf(argv[i], "%lx", &l)) {
if (sscanf(argv[i],"%lx",&l)) ERR_error_string_n(l, buf, sizeof buf);
{ printf("%s\n", buf);
ERR_error_string_n(l, buf, sizeof buf); } else {
printf("%s\n",buf); printf("%s: bad error code\n", argv[i]);
} printf("usage: errstr [-stats] <errno> ...\n");
else ret++;
{ }
printf("%s: bad error code\n",argv[i]); }
printf("usage: errstr [-stats] <errno> ...\n"); apps_shutdown();
ret++; OPENSSL_EXIT(ret);
} }
}
apps_shutdown();
OPENSSL_EXIT(ret);
}

304
apps/gendh.c
View File

@ -60,180 +60,186 @@
#include <openssl/opensslconf.h> #include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_DH
#include <stdio.h> # include <stdio.h>
#include <string.h> # include <string.h>
#include <sys/types.h> # include <sys/types.h>
#include <sys/stat.h> # include <sys/stat.h>
#include "apps.h" # include "apps.h"
#include <openssl/bio.h> # include <openssl/bio.h>
#include <openssl/rand.h> # include <openssl/rand.h>
#include <openssl/err.h> # include <openssl/err.h>
#include <openssl/bn.h> # include <openssl/bn.h>
#include <openssl/dh.h> # include <openssl/dh.h>
#include <openssl/x509.h> # include <openssl/x509.h>
#include <openssl/pem.h> # include <openssl/pem.h>
#define DEFBITS 2048 # define DEFBITS 2048
#undef PROG # undef PROG
#define PROG gendh_main # define PROG gendh_main
static int dh_cb(int p, int n, BN_GENCB *cb); static int dh_cb(int p, int n, BN_GENCB *cb);
int MAIN(int, char **); int MAIN(int, char **);
int MAIN(int argc, char **argv) int MAIN(int argc, char **argv)
{ {
BN_GENCB *cb=NULL; BN_GENCB *cb = NULL;
DH *dh=NULL; DH *dh = NULL;
int ret=1,num=DEFBITS; int ret = 1, num = DEFBITS;
int g=2; int g = 2;
char *outfile=NULL; char *outfile = NULL;
char *inrand=NULL; char *inrand = NULL;
#ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
char *engine=NULL; char *engine = NULL;
#endif # endif
BIO *out=NULL; BIO *out = NULL;
apps_startup(); apps_startup();
if (bio_err == NULL) if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
cb = BN_GENCB_new(); cb = BN_GENCB_new();
if(!cb) if (!cb)
goto end; goto end;
BN_GENCB_set(cb, dh_cb, bio_err); BN_GENCB_set(cb, dh_cb, bio_err);
if (!load_config(bio_err, NULL)) if (!load_config(bio_err, NULL))
goto end; goto end;
argv++; argv++;
argc--; argc--;
for (;;) for (;;) {
{ if (argc <= 0)
if (argc <= 0) break; break;
if (strcmp(*argv,"-out") == 0) if (strcmp(*argv, "-out") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
outfile= *(++argv); outfile = *(++argv);
} } else if (strcmp(*argv, "-2") == 0)
else if (strcmp(*argv,"-2") == 0) g = 2;
g=2; /*- else if (strcmp(*argv,"-3") == 0)
/*- else if (strcmp(*argv,"-3") == 0) g=3; */
g=3; */ else if (strcmp(*argv, "-5") == 0)
else if (strcmp(*argv,"-5") == 0) g = 5;
g=5; # ifndef OPENSSL_NO_ENGINE
#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv, "-engine") == 0) {
else if (strcmp(*argv,"-engine") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad; engine = *(++argv);
engine= *(++argv); }
} # endif
#endif else if (strcmp(*argv, "-rand") == 0) {
else if (strcmp(*argv,"-rand") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad; inrand = *(++argv);
inrand= *(++argv); } else
} break;
else argv++;
break; argc--;
argv++; }
argc--; if ((argc >= 1) && ((sscanf(*argv, "%d", &num) == 0) || (num < 0))) {
} bad:
if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0))) BIO_printf(bio_err, "usage: gendh [args] [numbits]\n");
{ BIO_printf(bio_err, " -out file - output the key to 'file\n");
bad: BIO_printf(bio_err, " -2 - use 2 as the generator value\n");
BIO_printf(bio_err,"usage: gendh [args] [numbits]\n"); /*
BIO_printf(bio_err," -out file - output the key to 'file\n"); * BIO_printf(bio_err," -3 - use 3 as the generator value\n");
BIO_printf(bio_err," -2 - use 2 as the generator value\n"); */
/* BIO_printf(bio_err," -3 - use 3 as the generator value\n"); */ BIO_printf(bio_err, " -5 - use 5 as the generator value\n");
BIO_printf(bio_err," -5 - use 5 as the generator value\n"); # ifndef OPENSSL_NO_ENGINE
#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err,
BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n"); " -engine e - use engine e, possibly a hardware device.\n");
#endif # endif
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," the random number generator\n"); BIO_printf(bio_err,
goto end; " - load the file (or the files in the directory) into\n");
} BIO_printf(bio_err, " the random number generator\n");
goto end;
}
# ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
# endif
#ifndef OPENSSL_NO_ENGINE out = BIO_new(BIO_s_file());
setup_engine(bio_err, engine, 0); if (out == NULL) {
#endif ERR_print_errors(bio_err);
goto end;
}
out=BIO_new(BIO_s_file()); if (outfile == NULL) {
if (out == NULL) BIO_set_fp(out, stdout, BIO_NOCLOSE);
{ # ifdef OPENSSL_SYS_VMS
ERR_print_errors(bio_err); {
goto end; BIO *tmpbio = BIO_new(BIO_f_linebuffer());
} out = BIO_push(tmpbio, out);
}
# endif
} else {
if (BIO_write_filename(out, outfile) <= 0) {
perror(outfile);
goto end;
}
}
if (outfile == NULL) if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) {
{ BIO_printf(bio_err,
BIO_set_fp(out,stdout,BIO_NOCLOSE); "warning, not much extra random data, consider using the -rand option\n");
#ifdef OPENSSL_SYS_VMS }
{ if (inrand != NULL)
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
out = BIO_push(tmpbio, out); app_RAND_load_files(inrand));
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile);
goto end;
}
}
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) BIO_printf(bio_err,
{ "Generating DH parameters, %d bit long safe prime, generator %d\n",
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); num, g);
} BIO_printf(bio_err, "This is going to take a long time\n");
if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g); if (((dh = DH_new()) == NULL)
BIO_printf(bio_err,"This is going to take a long time\n"); || !DH_generate_parameters_ex(dh, num, g, cb))
goto end;
if(((dh = DH_new()) == NULL) || !DH_generate_parameters_ex(dh, num, g, cb)) app_RAND_write_file(NULL, bio_err);
goto end;
app_RAND_write_file(NULL, bio_err); if (!PEM_write_bio_DHparams(out, dh))
goto end;
if (!PEM_write_bio_DHparams(out,dh)) ret = 0;
goto end; end:
ret=0; if (ret != 0)
end: ERR_print_errors(bio_err);
if (ret != 0) if (out != NULL)
ERR_print_errors(bio_err); BIO_free_all(out);
if (out != NULL) BIO_free_all(out); if (dh != NULL)
if (dh != NULL) DH_free(dh); DH_free(dh);
if (cb != NULL) BN_GENCB_free(cb); if (cb != NULL)
apps_shutdown(); BN_GENCB_free(cb);
OPENSSL_EXIT(ret); apps_shutdown();
} OPENSSL_EXIT(ret);
}
static int dh_cb(int p, int n, BN_GENCB *cb) static int dh_cb(int p, int n, BN_GENCB *cb)
{ {
char c='*'; char c = '*';
if (p == 0) c='.'; if (p == 0)
if (p == 1) c='+'; c = '.';
if (p == 2) c='*'; if (p == 1)
if (p == 3) c='\n'; c = '+';
BIO_write(BN_GENCB_get_arg(cb),&c,1); if (p == 2)
(void)BIO_flush(BN_GENCB_get_arg(cb)); c = '*';
return 1; if (p == 3)
} c = '\n';
#else /* !OPENSSL_NO_DH */ BIO_write(BN_GENCB_get_arg(cb), &c, 1);
(void)BIO_flush(BN_GENCB_get_arg(cb));
return 1;
}
#else /* !OPENSSL_NO_DH */
# if PEDANTIC # if PEDANTIC
static void *dummy=&dummy; static void *dummy = &dummy;
# endif # endif
#endif #endif

406
apps/gendsa.c
View File

@ -56,230 +56,232 @@
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */ #include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */
#ifndef OPENSSL_NO_DSA #ifndef OPENSSL_NO_DSA
#include <stdio.h> # include <stdio.h>
#include <string.h> # include <string.h>
#include <sys/types.h> # include <sys/types.h>
#include <sys/stat.h> # include <sys/stat.h>
#include "apps.h" # include "apps.h"
#include <openssl/bio.h> # include <openssl/bio.h>
#include <openssl/err.h> # include <openssl/err.h>
#include <openssl/bn.h> # include <openssl/bn.h>
#include <openssl/dsa.h> # include <openssl/dsa.h>
#include <openssl/x509.h> # include <openssl/x509.h>
#include <openssl/pem.h> # include <openssl/pem.h>
#define DEFBITS 512 # define DEFBITS 512
#undef PROG # undef PROG
#define PROG gendsa_main # define PROG gendsa_main
int MAIN(int, char **); int MAIN(int, char **);
int MAIN(int argc, char **argv) int MAIN(int argc, char **argv)
{ {
DSA *dsa=NULL; DSA *dsa = NULL;
int ret=1; int ret = 1;
char *outfile=NULL; char *outfile = NULL;
char *inrand=NULL,*dsaparams=NULL; char *inrand = NULL, *dsaparams = NULL;
char *passargout = NULL, *passout = NULL; char *passargout = NULL, *passout = NULL;
BIO *out=NULL,*in=NULL; BIO *out = NULL, *in = NULL;
const EVP_CIPHER *enc=NULL; const EVP_CIPHER *enc = NULL;
#ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
char *engine=NULL; char *engine = NULL;
#endif # endif
apps_startup(); apps_startup();
if (bio_err == NULL) if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL)) if (!load_config(bio_err, NULL))
goto end; goto end;
argv++; argv++;
argc--; argc--;
for (;;) for (;;) {
{ if (argc <= 0)
if (argc <= 0) break; break;
if (strcmp(*argv,"-out") == 0) if (strcmp(*argv, "-out") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
outfile= *(++argv); outfile = *(++argv);
} } else if (strcmp(*argv, "-passout") == 0) {
else if (strcmp(*argv,"-passout") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad; passargout = *(++argv);
passargout= *(++argv); }
} # ifndef OPENSSL_NO_ENGINE
#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv, "-engine") == 0) {
else if (strcmp(*argv,"-engine") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad; engine = *(++argv);
engine= *(++argv); }
} # endif
#endif else if (strcmp(*argv, "-rand") == 0) {
else if (strcmp(*argv,"-rand") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad; inrand = *(++argv);
inrand= *(++argv); } else if (strcmp(*argv, "-") == 0)
} goto bad;
else if (strcmp(*argv,"-") == 0) # ifndef OPENSSL_NO_DES
goto bad; else if (strcmp(*argv, "-des") == 0)
#ifndef OPENSSL_NO_DES enc = EVP_des_cbc();
else if (strcmp(*argv,"-des") == 0) else if (strcmp(*argv, "-des3") == 0)
enc=EVP_des_cbc(); enc = EVP_des_ede3_cbc();
else if (strcmp(*argv,"-des3") == 0) # endif
enc=EVP_des_ede3_cbc(); # ifndef OPENSSL_NO_IDEA
#endif else if (strcmp(*argv, "-idea") == 0)
#ifndef OPENSSL_NO_IDEA enc = EVP_idea_cbc();
else if (strcmp(*argv,"-idea") == 0) # endif
enc=EVP_idea_cbc(); # ifndef OPENSSL_NO_SEED
#endif else if (strcmp(*argv, "-seed") == 0)
#ifndef OPENSSL_NO_SEED enc = EVP_seed_cbc();
else if (strcmp(*argv,"-seed") == 0) # endif
enc=EVP_seed_cbc(); # ifndef OPENSSL_NO_AES
#endif else if (strcmp(*argv, "-aes128") == 0)
#ifndef OPENSSL_NO_AES enc = EVP_aes_128_cbc();
else if (strcmp(*argv,"-aes128") == 0) else if (strcmp(*argv, "-aes192") == 0)
enc=EVP_aes_128_cbc(); enc = EVP_aes_192_cbc();
else if (strcmp(*argv,"-aes192") == 0) else if (strcmp(*argv, "-aes256") == 0)
enc=EVP_aes_192_cbc(); enc = EVP_aes_256_cbc();
else if (strcmp(*argv,"-aes256") == 0) # endif
enc=EVP_aes_256_cbc(); # ifndef OPENSSL_NO_CAMELLIA
#endif else if (strcmp(*argv, "-camellia128") == 0)
#ifndef OPENSSL_NO_CAMELLIA enc = EVP_camellia_128_cbc();
else if (strcmp(*argv,"-camellia128") == 0) else if (strcmp(*argv, "-camellia192") == 0)
enc=EVP_camellia_128_cbc(); enc = EVP_camellia_192_cbc();
else if (strcmp(*argv,"-camellia192") == 0) else if (strcmp(*argv, "-camellia256") == 0)
enc=EVP_camellia_192_cbc(); enc = EVP_camellia_256_cbc();
else if (strcmp(*argv,"-camellia256") == 0) # endif
enc=EVP_camellia_256_cbc(); else if (**argv != '-' && dsaparams == NULL) {
#endif dsaparams = *argv;
else if (**argv != '-' && dsaparams == NULL) } else
{ goto bad;
dsaparams = *argv; argv++;
} argc--;
else }
goto bad;
argv++;
argc--;
}
if (dsaparams == NULL) if (dsaparams == NULL) {
{ bad:
bad: BIO_printf(bio_err, "usage: gendsa [args] dsaparam-file\n");
BIO_printf(bio_err,"usage: gendsa [args] dsaparam-file\n"); BIO_printf(bio_err, " -out file - output the key to 'file'\n");
BIO_printf(bio_err," -out file - output the key to 'file'\n"); # ifndef OPENSSL_NO_DES
#ifndef OPENSSL_NO_DES BIO_printf(bio_err,
BIO_printf(bio_err," -des - encrypt the generated key with DES in cbc mode\n"); " -des - encrypt the generated key with DES in cbc mode\n");
BIO_printf(bio_err," -des3 - encrypt the generated key with DES in ede cbc mode (168 bit key)\n"); BIO_printf(bio_err,
#endif " -des3 - encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
#ifndef OPENSSL_NO_IDEA # endif
BIO_printf(bio_err," -idea - encrypt the generated key with IDEA in cbc mode\n"); # ifndef OPENSSL_NO_IDEA
#endif BIO_printf(bio_err,
#ifndef OPENSSL_NO_SEED " -idea - encrypt the generated key with IDEA in cbc mode\n");
BIO_printf(bio_err," -seed\n"); # endif
BIO_printf(bio_err," encrypt PEM output with cbc seed\n"); # ifndef OPENSSL_NO_SEED
#endif BIO_printf(bio_err, " -seed\n");
#ifndef OPENSSL_NO_AES BIO_printf(bio_err,
BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); " encrypt PEM output with cbc seed\n");
BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); # endif
#endif # ifndef OPENSSL_NO_AES
#ifndef OPENSSL_NO_CAMELLIA BIO_printf(bio_err, " -aes128, -aes192, -aes256\n");
BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n"); BIO_printf(bio_err,
BIO_printf(bio_err," encrypt PEM output with cbc camellia\n"); " encrypt PEM output with cbc aes\n");
#endif # endif
#ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_CAMELLIA
BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n"); BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n");
#endif BIO_printf(bio_err,
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); " encrypt PEM output with cbc camellia\n");
BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); # endif
BIO_printf(bio_err," the random number generator\n"); # ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," dsaparam-file\n"); BIO_printf(bio_err,
BIO_printf(bio_err," - a DSA parameter file as generated by the dsaparam command\n"); " -engine e - use engine e, possibly a hardware device.\n");
goto end; # endif
} BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
LIST_SEPARATOR_CHAR);
BIO_printf(bio_err,
" - load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n");
BIO_printf(bio_err, " dsaparam-file\n");
BIO_printf(bio_err,
" - a DSA parameter file as generated by the dsaparam command\n");
goto end;
}
# ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
# endif
#ifndef OPENSSL_NO_ENGINE if (!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
setup_engine(bio_err, engine, 0); BIO_printf(bio_err, "Error getting password\n");
#endif goto end;
}
if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) { in = BIO_new(BIO_s_file());
BIO_printf(bio_err, "Error getting password\n"); if (!(BIO_read_filename(in, dsaparams))) {
goto end; perror(dsaparams);
} goto end;
}
if ((dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL)) == NULL) {
BIO_printf(bio_err, "unable to load DSA parameter file\n");
goto end;
}
BIO_free(in);
in = NULL;
in=BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file());
if (!(BIO_read_filename(in,dsaparams))) if (out == NULL)
{ goto end;
perror(dsaparams);
goto end;
}
if ((dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL)) == NULL) if (outfile == NULL) {
{ BIO_set_fp(out, stdout, BIO_NOCLOSE);
BIO_printf(bio_err,"unable to load DSA parameter file\n"); # ifdef OPENSSL_SYS_VMS
goto end; {
} BIO *tmpbio = BIO_new(BIO_f_linebuffer());
BIO_free(in); out = BIO_push(tmpbio, out);
in = NULL; }
# endif
} else {
if (BIO_write_filename(out, outfile) <= 0) {
perror(outfile);
goto end;
}
}
out=BIO_new(BIO_s_file()); if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) {
if (out == NULL) goto end; BIO_printf(bio_err,
"warning, not much extra random data, consider using the -rand option\n");
}
if (inrand != NULL)
BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
if (outfile == NULL) BIO_printf(bio_err, "Generating DSA key, %d bits\n", BN_num_bits(dsa->p));
{ if (!DSA_generate_key(dsa))
BIO_set_fp(out,stdout,BIO_NOCLOSE); goto end;
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile);
goto end;
}
}
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) app_RAND_write_file(NULL, bio_err);
{
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
}
if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
BIO_printf(bio_err,"Generating DSA key, %d bits\n", if (!PEM_write_bio_DSAPrivateKey(out, dsa, enc, NULL, 0, NULL, passout))
BN_num_bits(dsa->p)); goto end;
if (!DSA_generate_key(dsa)) goto end; ret = 0;
end:
app_RAND_write_file(NULL, bio_err); if (ret != 0)
ERR_print_errors(bio_err);
if (!PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL, passout)) if (in != NULL)
goto end; BIO_free(in);
ret=0; if (out != NULL)
end: BIO_free_all(out);
if (ret != 0) if (dsa != NULL)
ERR_print_errors(bio_err); DSA_free(dsa);
if (in != NULL) BIO_free(in); if (passout)
if (out != NULL) BIO_free_all(out); OPENSSL_free(passout);
if (dsa != NULL) DSA_free(dsa); apps_shutdown();
if(passout) OPENSSL_free(passout); OPENSSL_EXIT(ret);
apps_shutdown(); }
OPENSSL_EXIT(ret); #else /* !OPENSSL_NO_DSA */
}
#else /* !OPENSSL_NO_DSA */
# if PEDANTIC # if PEDANTIC
static void *dummy=&dummy; static void *dummy = &dummy;
# endif # endif
#endif #endif

595
apps/genpkey.c
View File

@ -1,6 +1,7 @@
/* apps/genpkey.c */ /* apps/genpkey.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL /*
* project 2006 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 2006
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved. * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
@ -62,11 +63,11 @@
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/evp.h> #include <openssl/evp.h>
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h> # include <openssl/engine.h>
#endif #endif
static int init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx, static int init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx,
const char *file, ENGINE *e); const char *file, ENGINE *e);
static int genpkey_cb(EVP_PKEY_CTX *ctx); static int genpkey_cb(EVP_PKEY_CTX *ctx);
#define PROG genpkey_main #define PROG genpkey_main
@ -74,364 +75,328 @@ static int genpkey_cb(EVP_PKEY_CTX *ctx);
int MAIN(int, char **); int MAIN(int, char **);
int MAIN(int argc, char **argv) int MAIN(int argc, char **argv)
{ {
ENGINE *e = NULL; ENGINE *e = NULL;
char **args, *outfile = NULL; char **args, *outfile = NULL;
char *passarg = NULL; char *passarg = NULL;
BIO *in = NULL, *out = NULL; BIO *in = NULL, *out = NULL;
const EVP_CIPHER *cipher = NULL; const EVP_CIPHER *cipher = NULL;
int outformat; int outformat;
int text = 0; int text = 0;
EVP_PKEY *pkey=NULL; EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL; EVP_PKEY_CTX *ctx = NULL;
char *pass = NULL; char *pass = NULL;
int badarg = 0; int badarg = 0;
int ret = 1, rv; int ret = 1, rv;
int do_param = 0; int do_param = 0;
if (bio_err == NULL) if (bio_err == NULL)
bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL)) if (!load_config(bio_err, NULL))
goto end; goto end;
outformat=FORMAT_PEM; outformat = FORMAT_PEM;
ERR_load_crypto_strings(); ERR_load_crypto_strings();
OpenSSL_add_all_algorithms(); OpenSSL_add_all_algorithms();
args = argv + 1; args = argv + 1;
while (!badarg && *args && *args[0] == '-') while (!badarg && *args && *args[0] == '-') {
{ if (!strcmp(*args, "-outform")) {
if (!strcmp(*args,"-outform")) if (args[1]) {
{ args++;
if (args[1]) outformat = str2fmt(*args);
{ } else
args++; badarg = 1;
outformat=str2fmt(*args); } else if (!strcmp(*args, "-pass")) {
} if (!args[1])
else badarg = 1; goto bad;
} passarg = *(++args);
else if (!strcmp(*args,"-pass")) }
{
if (!args[1]) goto bad;
passarg= *(++args);
}
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
else if (strcmp(*args,"-engine") == 0) else if (strcmp(*args, "-engine") == 0) {
{ if (!args[1])
if (!args[1]) goto bad;
goto bad; e = setup_engine(bio_err, *(++args), 0);
e = setup_engine(bio_err, *(++args), 0); }
}
#endif #endif
else if (!strcmp (*args, "-paramfile")) else if (!strcmp(*args, "-paramfile")) {
{ if (!args[1])
if (!args[1]) goto bad;
goto bad; args++;
args++; if (do_param == 1)
if (do_param == 1) goto bad;
goto bad; if (!init_keygen_file(bio_err, &ctx, *args, e))
if (!init_keygen_file(bio_err, &ctx, *args, e)) goto end;
goto end; } else if (!strcmp(*args, "-out")) {
} if (args[1]) {
else if (!strcmp (*args, "-out")) args++;
{ outfile = *args;
if (args[1]) } else
{ badarg = 1;
args++; } else if (strcmp(*args, "-algorithm") == 0) {
outfile = *args; if (!args[1])
} goto bad;
else badarg = 1; if (!init_gen_str(bio_err, &ctx, *(++args), e, do_param))
} goto end;
else if (strcmp(*args,"-algorithm") == 0) } else if (strcmp(*args, "-pkeyopt") == 0) {
{ if (!args[1])
if (!args[1]) goto bad;
goto bad; if (!ctx) {
if (!init_gen_str(bio_err, &ctx, *(++args),e, do_param)) BIO_puts(bio_err, "No keytype specified\n");
goto end; goto bad;
} } else if (pkey_ctrl_string(ctx, *(++args)) <= 0) {
else if (strcmp(*args,"-pkeyopt") == 0) BIO_puts(bio_err, "parameter setting error\n");
{ ERR_print_errors(bio_err);
if (!args[1]) goto end;
goto bad; }
if (!ctx) } else if (strcmp(*args, "-genparam") == 0) {
{ if (ctx)
BIO_puts(bio_err, "No keytype specified\n"); goto bad;
goto bad; do_param = 1;
} } else if (strcmp(*args, "-text") == 0)
else if (pkey_ctrl_string(ctx, *(++args)) <= 0) text = 1;
{ else {
BIO_puts(bio_err, "parameter setting error\n"); cipher = EVP_get_cipherbyname(*args + 1);
ERR_print_errors(bio_err); if (!cipher) {
goto end; BIO_printf(bio_err, "Unknown cipher %s\n", *args + 1);
} badarg = 1;
} }
else if (strcmp(*args,"-genparam") == 0) if (do_param == 1)
{ badarg = 1;
if (ctx) }
goto bad; args++;
do_param = 1; }
}
else if (strcmp(*args,"-text") == 0)
text=1;
else
{
cipher = EVP_get_cipherbyname(*args + 1);
if (!cipher)
{
BIO_printf(bio_err, "Unknown cipher %s\n",
*args + 1);
badarg = 1;
}
if (do_param == 1)
badarg = 1;
}
args++;
}
if (!ctx) if (!ctx)
badarg = 1; badarg = 1;
if (badarg) if (badarg) {
{ bad:
bad: BIO_printf(bio_err, "Usage: genpkey [options]\n");
BIO_printf(bio_err, "Usage: genpkey [options]\n"); BIO_printf(bio_err, "where options may be\n");
BIO_printf(bio_err, "where options may be\n"); BIO_printf(bio_err, "-out file output file\n");
BIO_printf(bio_err, "-out file output file\n"); BIO_printf(bio_err,
BIO_printf(bio_err, "-outform X output format (DER or PEM)\n"); "-outform X output format (DER or PEM)\n");
BIO_printf(bio_err, "-pass arg output file pass phrase source\n"); BIO_printf(bio_err,
BIO_printf(bio_err, "-<cipher> use cipher <cipher> to encrypt the key\n"); "-pass arg output file pass phrase source\n");
BIO_printf(bio_err,
"-<cipher> use cipher <cipher> to encrypt the key\n");
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err,
"-engine e use engine e, possibly a hardware device.\n");
#endif #endif
BIO_printf(bio_err, "-paramfile file parameters file\n"); BIO_printf(bio_err, "-paramfile file parameters file\n");
BIO_printf(bio_err, "-algorithm alg the public key algorithm\n"); BIO_printf(bio_err, "-algorithm alg the public key algorithm\n");
BIO_printf(bio_err, "-pkeyopt opt:value set the public key algorithm option <opt>\n" BIO_printf(bio_err,
" to value <value>\n"); "-pkeyopt opt:value set the public key algorithm option <opt>\n"
BIO_printf(bio_err, "-genparam generate parameters, not key\n"); " to value <value>\n");
BIO_printf(bio_err, "-text print the in text\n"); BIO_printf(bio_err,
BIO_printf(bio_err, "NB: options order may be important! See the manual page.\n"); "-genparam generate parameters, not key\n");
goto end; BIO_printf(bio_err, "-text print the in text\n");
} BIO_printf(bio_err,
"NB: options order may be important! See the manual page.\n");
goto end;
}
if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) {
{ BIO_puts(bio_err, "Error getting password\n");
BIO_puts(bio_err, "Error getting password\n"); goto end;
goto end; }
}
if (outfile) if (outfile) {
{ if (!(out = BIO_new_file(outfile, "wb"))) {
if (!(out = BIO_new_file (outfile, "wb"))) BIO_printf(bio_err, "Can't open output file %s\n", outfile);
{ goto end;
BIO_printf(bio_err, }
"Can't open output file %s\n", outfile); } else {
goto end; out = BIO_new_fp(stdout, BIO_NOCLOSE);
}
}
else
{
out = BIO_new_fp (stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS #ifdef OPENSSL_SYS_VMS
{ {
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out); out = BIO_push(tmpbio, out);
} }
#endif #endif
} }
EVP_PKEY_CTX_set_cb(ctx, genpkey_cb); EVP_PKEY_CTX_set_cb(ctx, genpkey_cb);
EVP_PKEY_CTX_set_app_data(ctx, bio_err); EVP_PKEY_CTX_set_app_data(ctx, bio_err);
if (do_param) if (do_param) {
{ if (EVP_PKEY_paramgen(ctx, &pkey) <= 0) {
if (EVP_PKEY_paramgen(ctx, &pkey) <= 0) BIO_puts(bio_err, "Error generating parameters\n");
{ ERR_print_errors(bio_err);
BIO_puts(bio_err, "Error generating parameters\n"); goto end;
ERR_print_errors(bio_err); }
goto end; } else {
} if (EVP_PKEY_keygen(ctx, &pkey) <= 0) {
} BIO_puts(bio_err, "Error generating key\n");
else ERR_print_errors(bio_err);
{ goto end;
if (EVP_PKEY_keygen(ctx, &pkey) <= 0) }
{ }
BIO_puts(bio_err, "Error generating key\n");
ERR_print_errors(bio_err);
goto end;
}
}
if (do_param) if (do_param)
rv = PEM_write_bio_Parameters(out, pkey); rv = PEM_write_bio_Parameters(out, pkey);
else if (outformat == FORMAT_PEM) else if (outformat == FORMAT_PEM)
rv = PEM_write_bio_PrivateKey(out, pkey, cipher, NULL, 0, rv = PEM_write_bio_PrivateKey(out, pkey, cipher, NULL, 0, NULL, pass);
NULL, pass); else if (outformat == FORMAT_ASN1)
else if (outformat == FORMAT_ASN1) rv = i2d_PrivateKey_bio(out, pkey);
rv = i2d_PrivateKey_bio(out, pkey); else {
else BIO_printf(bio_err, "Bad format specified for key\n");
{ goto end;
BIO_printf(bio_err, "Bad format specified for key\n"); }
goto end;
}
if (rv <= 0) if (rv <= 0) {
{ BIO_puts(bio_err, "Error writing key\n");
BIO_puts(bio_err, "Error writing key\n"); ERR_print_errors(bio_err);
ERR_print_errors(bio_err); }
}
if (text) if (text) {
{ if (do_param)
if (do_param) rv = EVP_PKEY_print_params(out, pkey, 0, NULL);
rv = EVP_PKEY_print_params(out, pkey, 0, NULL); else
else rv = EVP_PKEY_print_private(out, pkey, 0, NULL);
rv = EVP_PKEY_print_private(out, pkey, 0, NULL);
if (rv <= 0) if (rv <= 0) {
{ BIO_puts(bio_err, "Error printing key\n");
BIO_puts(bio_err, "Error printing key\n"); ERR_print_errors(bio_err);
ERR_print_errors(bio_err); }
} }
}
ret = 0; ret = 0;
end: end:
if (pkey) if (pkey)
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
if (ctx) if (ctx)
EVP_PKEY_CTX_free(ctx); EVP_PKEY_CTX_free(ctx);
if (out) if (out)
BIO_free_all(out); BIO_free_all(out);
BIO_free(in); BIO_free(in);
if (pass) if (pass)
OPENSSL_free(pass); OPENSSL_free(pass);
return ret; return ret;
} }
static int init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx, static int init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx,
const char *file, ENGINE *e) const char *file, ENGINE *e)
{ {
BIO *pbio; BIO *pbio;
EVP_PKEY *pkey = NULL; EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL; EVP_PKEY_CTX *ctx = NULL;
if (*pctx) if (*pctx) {
{ BIO_puts(err, "Parameters already set!\n");
BIO_puts(err, "Parameters already set!\n"); return 0;
return 0; }
}
pbio = BIO_new_file(file, "r"); pbio = BIO_new_file(file, "r");
if (!pbio) if (!pbio) {
{ BIO_printf(err, "Can't open parameter file %s\n", file);
BIO_printf(err, "Can't open parameter file %s\n", file); return 0;
return 0; }
}
pkey = PEM_read_bio_Parameters(pbio, NULL); pkey = PEM_read_bio_Parameters(pbio, NULL);
BIO_free(pbio); BIO_free(pbio);
if (!pkey) if (!pkey) {
{ BIO_printf(bio_err, "Error reading parameter file %s\n", file);
BIO_printf(bio_err, "Error reading parameter file %s\n", file); return 0;
return 0; }
}
ctx = EVP_PKEY_CTX_new(pkey, e); ctx = EVP_PKEY_CTX_new(pkey, e);
if (!ctx) if (!ctx)
goto err; goto err;
if (EVP_PKEY_keygen_init(ctx) <= 0) if (EVP_PKEY_keygen_init(ctx) <= 0)
goto err; goto err;
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
*pctx = ctx; *pctx = ctx;
return 1; return 1;
err: err:
BIO_puts(err, "Error initializing context\n"); BIO_puts(err, "Error initializing context\n");
ERR_print_errors(err); ERR_print_errors(err);
if (ctx) if (ctx)
EVP_PKEY_CTX_free(ctx); EVP_PKEY_CTX_free(ctx);
if (pkey) if (pkey)
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
return 0; return 0;
} }
int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx, int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
const char *algname, ENGINE *e, int do_param) const char *algname, ENGINE *e, int do_param)
{ {
EVP_PKEY_CTX *ctx = NULL; EVP_PKEY_CTX *ctx = NULL;
const EVP_PKEY_ASN1_METHOD *ameth; const EVP_PKEY_ASN1_METHOD *ameth;
ENGINE *tmpeng = NULL; ENGINE *tmpeng = NULL;
int pkey_id; int pkey_id;
if (*pctx) if (*pctx) {
{ BIO_puts(err, "Algorithm already set!\n");
BIO_puts(err, "Algorithm already set!\n"); return 0;
return 0; }
}
ameth = EVP_PKEY_asn1_find_str(&tmpeng, algname, -1); ameth = EVP_PKEY_asn1_find_str(&tmpeng, algname, -1);
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
if (!ameth && e) if (!ameth && e)
ameth = ENGINE_get_pkey_asn1_meth_str(e, algname, -1); ameth = ENGINE_get_pkey_asn1_meth_str(e, algname, -1);
#endif #endif
if (!ameth) if (!ameth) {
{ BIO_printf(bio_err, "Algorithm %s not found\n", algname);
BIO_printf(bio_err, "Algorithm %s not found\n", algname); return 0;
return 0; }
}
ERR_clear_error(); ERR_clear_error();
EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth); EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
if (tmpeng) if (tmpeng)
ENGINE_finish(tmpeng); ENGINE_finish(tmpeng);
#endif #endif
ctx = EVP_PKEY_CTX_new_id(pkey_id, e); ctx = EVP_PKEY_CTX_new_id(pkey_id, e);
if (!ctx) if (!ctx)
goto err; goto err;
if (do_param) if (do_param) {
{ if (EVP_PKEY_paramgen_init(ctx) <= 0)
if (EVP_PKEY_paramgen_init(ctx) <= 0) goto err;
goto err; } else {
} if (EVP_PKEY_keygen_init(ctx) <= 0)
else goto err;
{ }
if (EVP_PKEY_keygen_init(ctx) <= 0)
goto err;
}
*pctx = ctx; *pctx = ctx;
return 1; return 1;
err: err:
BIO_printf(err, "Error initializing %s context\n", algname); BIO_printf(err, "Error initializing %s context\n", algname);
ERR_print_errors(err); ERR_print_errors(err);
if (ctx) if (ctx)
EVP_PKEY_CTX_free(ctx); EVP_PKEY_CTX_free(ctx);
return 0; return 0;
} }
static int genpkey_cb(EVP_PKEY_CTX *ctx) static int genpkey_cb(EVP_PKEY_CTX *ctx)
{ {
char c='*'; char c = '*';
BIO *b = EVP_PKEY_CTX_get_app_data(ctx); BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
int p; int p;
p = EVP_PKEY_CTX_get_keygen_info(ctx, 0); p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
if (p == 0) c='.'; if (p == 0)
if (p == 1) c='+'; c = '.';
if (p == 2) c='*'; if (p == 1)
if (p == 3) c='\n'; c = '+';
BIO_write(b,&c,1); if (p == 2)
(void)BIO_flush(b); c = '*';
return 1; if (p == 3)
} c = '\n';
BIO_write(b, &c, 1);
(void)BIO_flush(b);
return 1;
}

497
apps/genrsa.c
View File

@ -59,275 +59,290 @@
#include <openssl/opensslconf.h> #include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_RSA #ifndef OPENSSL_NO_RSA
#include <stdio.h> # include <stdio.h>
#include <string.h> # include <string.h>
#include <sys/types.h> # include <sys/types.h>
#include <sys/stat.h> # include <sys/stat.h>
#include "apps.h" # include "apps.h"
#include <openssl/bio.h> # include <openssl/bio.h>
#include <openssl/err.h> # include <openssl/err.h>
#include <openssl/bn.h> # include <openssl/bn.h>
#include <openssl/rsa.h> # include <openssl/rsa.h>
#include <openssl/evp.h> # include <openssl/evp.h>
#include <openssl/x509.h> # include <openssl/x509.h>
#include <openssl/pem.h> # include <openssl/pem.h>
#include <openssl/rand.h> # include <openssl/rand.h>
#define DEFBITS 2048 # define DEFBITS 2048
#undef PROG # undef PROG
#define PROG genrsa_main # define PROG genrsa_main
static int genrsa_cb(int p, int n, BN_GENCB *cb); static int genrsa_cb(int p, int n, BN_GENCB *cb);
int MAIN(int, char **); int MAIN(int, char **);
int MAIN(int argc, char **argv) int MAIN(int argc, char **argv)
{ {
BN_GENCB *cb = NULL; BN_GENCB *cb = NULL;
#ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL; ENGINE *e = NULL;
#endif # endif
int ret=1; int ret = 1;
int non_fips_allow = 0; int non_fips_allow = 0;
int num=DEFBITS; int num = DEFBITS;
const EVP_CIPHER *enc=NULL; const EVP_CIPHER *enc = NULL;
unsigned long f4=RSA_F4; unsigned long f4 = RSA_F4;
char *outfile=NULL; char *outfile = NULL;
char *passargout = NULL, *passout = NULL; char *passargout = NULL, *passout = NULL;
char *hexe, *dece; char *hexe, *dece;
#ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
char *engine=NULL; char *engine = NULL;
#endif # endif
char *inrand=NULL; char *inrand = NULL;
BIO *out=NULL; BIO *out = NULL;
BIGNUM *bn = BN_new(); BIGNUM *bn = BN_new();
RSA *rsa = NULL; RSA *rsa = NULL;
if(!bn) goto err; if (!bn)
goto err;
cb = BN_GENCB_new(); cb = BN_GENCB_new();
if(!cb) goto err; if (!cb)
goto err;
apps_startup(); apps_startup();
BN_GENCB_set(cb, genrsa_cb, bio_err); BN_GENCB_set(cb, genrsa_cb, bio_err);
if (bio_err == NULL) if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL)) if (!load_config(bio_err, NULL))
goto err; goto err;
if ((out=BIO_new(BIO_s_file())) == NULL) if ((out = BIO_new(BIO_s_file())) == NULL) {
{ BIO_printf(bio_err, "unable to create BIO for output\n");
BIO_printf(bio_err,"unable to create BIO for output\n"); goto err;
goto err; }
}
argv++; argv++;
argc--; argc--;
for (;;) for (;;) {
{ if (argc <= 0)
if (argc <= 0) break; break;
if (strcmp(*argv,"-out") == 0) if (strcmp(*argv, "-out") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
outfile= *(++argv); outfile = *(++argv);
} } else if (strcmp(*argv, "-3") == 0)
else if (strcmp(*argv,"-3") == 0) f4 = 3;
f4=3; else if (strcmp(*argv, "-F4") == 0 || strcmp(*argv, "-f4") == 0)
else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0) f4 = RSA_F4;
f4=RSA_F4; # ifndef OPENSSL_NO_ENGINE
#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv, "-engine") == 0) {
else if (strcmp(*argv,"-engine") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad; engine = *(++argv);
engine= *(++argv); }
} # endif
#endif else if (strcmp(*argv, "-rand") == 0) {
else if (strcmp(*argv,"-rand") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad; inrand = *(++argv);
inrand= *(++argv); }
} # ifndef OPENSSL_NO_DES
#ifndef OPENSSL_NO_DES else if (strcmp(*argv, "-des") == 0)
else if (strcmp(*argv,"-des") == 0) enc = EVP_des_cbc();
enc=EVP_des_cbc(); else if (strcmp(*argv, "-des3") == 0)
else if (strcmp(*argv,"-des3") == 0) enc = EVP_des_ede3_cbc();
enc=EVP_des_ede3_cbc(); # endif
#endif # ifndef OPENSSL_NO_IDEA
#ifndef OPENSSL_NO_IDEA else if (strcmp(*argv, "-idea") == 0)
else if (strcmp(*argv,"-idea") == 0) enc = EVP_idea_cbc();
enc=EVP_idea_cbc(); # endif
#endif # ifndef OPENSSL_NO_SEED
#ifndef OPENSSL_NO_SEED else if (strcmp(*argv, "-seed") == 0)
else if (strcmp(*argv,"-seed") == 0) enc = EVP_seed_cbc();
enc=EVP_seed_cbc(); # endif
#endif # ifndef OPENSSL_NO_AES
#ifndef OPENSSL_NO_AES else if (strcmp(*argv, "-aes128") == 0)
else if (strcmp(*argv,"-aes128") == 0) enc = EVP_aes_128_cbc();
enc=EVP_aes_128_cbc(); else if (strcmp(*argv, "-aes192") == 0)
else if (strcmp(*argv,"-aes192") == 0) enc = EVP_aes_192_cbc();
enc=EVP_aes_192_cbc(); else if (strcmp(*argv, "-aes256") == 0)
else if (strcmp(*argv,"-aes256") == 0) enc = EVP_aes_256_cbc();
enc=EVP_aes_256_cbc(); # endif
#endif # ifndef OPENSSL_NO_CAMELLIA
#ifndef OPENSSL_NO_CAMELLIA else if (strcmp(*argv, "-camellia128") == 0)
else if (strcmp(*argv,"-camellia128") == 0) enc = EVP_camellia_128_cbc();
enc=EVP_camellia_128_cbc(); else if (strcmp(*argv, "-camellia192") == 0)
else if (strcmp(*argv,"-camellia192") == 0) enc = EVP_camellia_192_cbc();
enc=EVP_camellia_192_cbc(); else if (strcmp(*argv, "-camellia256") == 0)
else if (strcmp(*argv,"-camellia256") == 0) enc = EVP_camellia_256_cbc();
enc=EVP_camellia_256_cbc(); # endif
#endif else if (strcmp(*argv, "-passout") == 0) {
else if (strcmp(*argv,"-passout") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad; passargout = *(++argv);
passargout= *(++argv); } else if (strcmp(*argv, "-non-fips-allow") == 0)
} non_fips_allow = 1;
else if (strcmp(*argv,"-non-fips-allow") == 0) else
non_fips_allow = 1; break;
else argv++;
break; argc--;
argv++; }
argc--; if ((argc >= 1) && ((sscanf(*argv, "%d", &num) == 0) || (num < 0))) {
} bad:
if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0))) BIO_printf(bio_err, "usage: genrsa [args] [numbits]\n");
{ BIO_printf(bio_err,
bad: " -des encrypt the generated key with DES in cbc mode\n");
BIO_printf(bio_err,"usage: genrsa [args] [numbits]\n"); BIO_printf(bio_err,
BIO_printf(bio_err," -des encrypt the generated key with DES in cbc mode\n"); " -des3 encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
BIO_printf(bio_err," -des3 encrypt the generated key with DES in ede cbc mode (168 bit key)\n"); # ifndef OPENSSL_NO_IDEA
#ifndef OPENSSL_NO_IDEA BIO_printf(bio_err,
BIO_printf(bio_err," -idea encrypt the generated key with IDEA in cbc mode\n"); " -idea encrypt the generated key with IDEA in cbc mode\n");
#endif # endif
#ifndef OPENSSL_NO_SEED # ifndef OPENSSL_NO_SEED
BIO_printf(bio_err," -seed\n"); BIO_printf(bio_err, " -seed\n");
BIO_printf(bio_err," encrypt PEM output with cbc seed\n"); BIO_printf(bio_err,
#endif " encrypt PEM output with cbc seed\n");
#ifndef OPENSSL_NO_AES # endif
BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); # ifndef OPENSSL_NO_AES
BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); BIO_printf(bio_err, " -aes128, -aes192, -aes256\n");
#endif BIO_printf(bio_err,
#ifndef OPENSSL_NO_CAMELLIA " encrypt PEM output with cbc aes\n");
BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n"); # endif
BIO_printf(bio_err," encrypt PEM output with cbc camellia\n"); # ifndef OPENSSL_NO_CAMELLIA
#endif BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n");
BIO_printf(bio_err," -out file output the key to 'file\n"); BIO_printf(bio_err,
BIO_printf(bio_err," -passout arg output file pass phrase source\n"); " encrypt PEM output with cbc camellia\n");
BIO_printf(bio_err," -f4 use F4 (0x10001) for the E value\n"); # endif
BIO_printf(bio_err," -3 use 3 for the E value\n"); BIO_printf(bio_err, " -out file output the key to 'file\n");
#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err,
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); " -passout arg output file pass phrase source\n");
#endif BIO_printf(bio_err,
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); " -f4 use F4 (0x10001) for the E value\n");
BIO_printf(bio_err," load the file (or the files in the directory) into\n"); BIO_printf(bio_err, " -3 use 3 for the E value\n");
BIO_printf(bio_err," the random number generator\n"); # ifndef OPENSSL_NO_ENGINE
goto err; BIO_printf(bio_err,
} " -engine e use engine e, possibly a hardware device.\n");
# endif
BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
LIST_SEPARATOR_CHAR);
BIO_printf(bio_err,
" load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n");
goto err;
}
ERR_load_crypto_strings(); ERR_load_crypto_strings();
if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) { if (!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
BIO_printf(bio_err, "Error getting password\n"); BIO_printf(bio_err, "Error getting password\n");
goto err; goto err;
} }
# ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
# endif
#ifndef OPENSSL_NO_ENGINE if (outfile == NULL) {
e = setup_engine(bio_err, engine, 0); BIO_set_fp(out, stdout, BIO_NOCLOSE);
#endif # ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
# endif
} else {
if (BIO_write_filename(out, outfile) <= 0) {
perror(outfile);
goto err;
}
}
if (outfile == NULL) if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
{ && !RAND_status()) {
BIO_set_fp(out,stdout,BIO_NOCLOSE); BIO_printf(bio_err,
#ifdef OPENSSL_SYS_VMS "warning, not much extra random data, consider using the -rand option\n");
{ }
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); if (inrand != NULL)
out = BIO_push(tmpbio, out); BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
} app_RAND_load_files(inrand));
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile);
goto err;
}
}
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus\n",
&& !RAND_status()) num);
{ # ifdef OPENSSL_NO_ENGINE
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); rsa = RSA_new();
} # else
if (inrand != NULL) rsa = RSA_new_method(e);
BIO_printf(bio_err,"%ld semi-random bytes loaded\n", # endif
app_RAND_load_files(inrand)); if (!rsa)
goto err;
BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n", if (non_fips_allow)
num); rsa->flags |= RSA_FLAG_NON_FIPS_ALLOW;
#ifdef OPENSSL_NO_ENGINE
rsa = RSA_new();
#else
rsa = RSA_new_method(e);
#endif
if (!rsa)
goto err;
if (non_fips_allow) if (!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, cb))
rsa->flags |= RSA_FLAG_NON_FIPS_ALLOW; goto err;
if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, cb)) app_RAND_write_file(NULL, bio_err);
goto err;
app_RAND_write_file(NULL, bio_err); hexe = BN_bn2hex(rsa->e);
dece = BN_bn2dec(rsa->e);
if (hexe && dece) {
BIO_printf(bio_err, "e is %s (0x%s)\n", dece, hexe);
}
if (hexe)
OPENSSL_free(hexe);
if (dece)
OPENSSL_free(dece);
{
PW_CB_DATA cb_data;
cb_data.password = passout;
cb_data.prompt_info = outfile;
if (!PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0,
(pem_password_cb *)password_callback,
&cb_data))
goto err;
}
hexe = BN_bn2hex(rsa->e); ret = 0;
dece = BN_bn2dec(rsa->e); err:
if(hexe && dece) if (bn)
{ BN_free(bn);
BIO_printf(bio_err,"e is %s (0x%s)\n",dece, hexe); if (cb)
} BN_GENCB_free(cb);
if(hexe) OPENSSL_free(hexe); if (rsa)
if(dece) OPENSSL_free(dece); RSA_free(rsa);
{ if (out)
PW_CB_DATA cb_data; BIO_free_all(out);
cb_data.password = passout; if (passout)
cb_data.prompt_info = outfile; OPENSSL_free(passout);
if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0, if (ret != 0)
(pem_password_cb *)password_callback,&cb_data)) ERR_print_errors(bio_err);
goto err; apps_shutdown();
} OPENSSL_EXIT(ret);
}
ret=0;
err:
if (bn) BN_free(bn);
if (cb) BN_GENCB_free(cb);
if (rsa) RSA_free(rsa);
if (out) BIO_free_all(out);
if(passout) OPENSSL_free(passout);
if (ret != 0)
ERR_print_errors(bio_err);
apps_shutdown();
OPENSSL_EXIT(ret);
}
static int genrsa_cb(int p, int n, BN_GENCB *cb) static int genrsa_cb(int p, int n, BN_GENCB *cb)
{ {
char c='*'; char c = '*';
if (p == 0) c='.'; if (p == 0)
if (p == 1) c='+'; c = '.';
if (p == 2) c='*'; if (p == 1)
if (p == 3) c='\n'; c = '+';
BIO_write(BN_GENCB_get_arg(cb),&c,1); if (p == 2)
(void)BIO_flush(BN_GENCB_get_arg(cb)); c = '*';
return 1; if (p == 3)
} c = '\n';
#else /* !OPENSSL_NO_RSA */ BIO_write(BN_GENCB_get_arg(cb), &c, 1);
(void)BIO_flush(BN_GENCB_get_arg(cb));
return 1;
}
#else /* !OPENSSL_NO_RSA */
# if PEDANTIC # if PEDANTIC
static void *dummy=&dummy; static void *dummy = &dummy;
# endif # endif
#endif #endif

179
apps/nseq.c
View File

@ -1,6 +1,7 @@
/* nseq.c */ /* nseq.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL /*
* project 1999. * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 1999.
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved. * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
@ -69,99 +70,101 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv) int MAIN(int argc, char **argv)
{ {
char **args, *infile = NULL, *outfile = NULL; char **args, *infile = NULL, *outfile = NULL;
BIO *in = NULL, *out = NULL; BIO *in = NULL, *out = NULL;
int toseq = 0; int toseq = 0;
X509 *x509 = NULL; X509 *x509 = NULL;
NETSCAPE_CERT_SEQUENCE *seq = NULL; NETSCAPE_CERT_SEQUENCE *seq = NULL;
int i, ret = 1; int i, ret = 1;
int badarg = 0; int badarg = 0;
if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); if (bio_err == NULL)
ERR_load_crypto_strings(); bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
args = argv + 1; ERR_load_crypto_strings();
while (!badarg && *args && *args[0] == '-') { args = argv + 1;
if (!strcmp (*args, "-toseq")) toseq = 1; while (!badarg && *args && *args[0] == '-') {
else if (!strcmp (*args, "-in")) { if (!strcmp(*args, "-toseq"))
if (args[1]) { toseq = 1;
args++; else if (!strcmp(*args, "-in")) {
infile = *args; if (args[1]) {
} else badarg = 1; args++;
} else if (!strcmp (*args, "-out")) { infile = *args;
if (args[1]) { } else
args++; badarg = 1;
outfile = *args; } else if (!strcmp(*args, "-out")) {
} else badarg = 1; if (args[1]) {
} else badarg = 1; args++;
args++; outfile = *args;
} } else
badarg = 1;
} else
badarg = 1;
args++;
}
if (badarg) { if (badarg) {
BIO_printf (bio_err, "Netscape certificate sequence utility\n"); BIO_printf(bio_err, "Netscape certificate sequence utility\n");
BIO_printf (bio_err, "Usage nseq [options]\n"); BIO_printf(bio_err, "Usage nseq [options]\n");
BIO_printf (bio_err, "where options are\n"); BIO_printf(bio_err, "where options are\n");
BIO_printf (bio_err, "-in file input file\n"); BIO_printf(bio_err, "-in file input file\n");
BIO_printf (bio_err, "-out file output file\n"); BIO_printf(bio_err, "-out file output file\n");
BIO_printf (bio_err, "-toseq output NS Sequence file\n"); BIO_printf(bio_err, "-toseq output NS Sequence file\n");
OPENSSL_EXIT(1); OPENSSL_EXIT(1);
} }
if (infile) { if (infile) {
if (!(in = BIO_new_file (infile, "r"))) { if (!(in = BIO_new_file(infile, "r"))) {
BIO_printf (bio_err, BIO_printf(bio_err, "Can't open input file %s\n", infile);
"Can't open input file %s\n", infile); goto end;
goto end; }
} } else
} else in = BIO_new_fp(stdin, BIO_NOCLOSE); in = BIO_new_fp(stdin, BIO_NOCLOSE);
if (outfile) { if (outfile) {
if (!(out = BIO_new_file (outfile, "w"))) { if (!(out = BIO_new_file(outfile, "w"))) {
BIO_printf (bio_err, BIO_printf(bio_err, "Can't open output file %s\n", outfile);
"Can't open output file %s\n", outfile); goto end;
goto end; }
} } else {
} else { out = BIO_new_fp(stdout, BIO_NOCLOSE);
out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS #ifdef OPENSSL_SYS_VMS
{ {
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out); out = BIO_push(tmpbio, out);
} }
#endif #endif
} }
if (toseq) { if (toseq) {
seq = NETSCAPE_CERT_SEQUENCE_new(); seq = NETSCAPE_CERT_SEQUENCE_new();
seq->certs = sk_X509_new_null(); seq->certs = sk_X509_new_null();
while((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL))) while ((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL)))
sk_X509_push(seq->certs,x509); sk_X509_push(seq->certs, x509);
if(!sk_X509_num(seq->certs)) if (!sk_X509_num(seq->certs)) {
{ BIO_printf(bio_err, "Error reading certs file %s\n", infile);
BIO_printf (bio_err, "Error reading certs file %s\n", infile); ERR_print_errors(bio_err);
ERR_print_errors(bio_err); goto end;
goto end; }
} PEM_write_bio_NETSCAPE_CERT_SEQUENCE(out, seq);
PEM_write_bio_NETSCAPE_CERT_SEQUENCE(out, seq); ret = 0;
ret = 0; goto end;
goto end; }
}
if (!(seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL))) { if (!(seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL))) {
BIO_printf (bio_err, "Error reading sequence file %s\n", infile); BIO_printf(bio_err, "Error reading sequence file %s\n", infile);
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
for(i = 0; i < sk_X509_num(seq->certs); i++) { for (i = 0; i < sk_X509_num(seq->certs); i++) {
x509 = sk_X509_value(seq->certs, i); x509 = sk_X509_value(seq->certs, i);
dump_cert_text(out, x509); dump_cert_text(out, x509);
PEM_write_bio_X509(out, x509); PEM_write_bio_X509(out, x509);
} }
ret = 0; ret = 0;
end: end:
BIO_free(in); BIO_free(in);
BIO_free_all(out); BIO_free_all(out);
NETSCAPE_CERT_SEQUENCE_free(seq); NETSCAPE_CERT_SEQUENCE_free(seq);
OPENSSL_EXIT(ret); OPENSSL_EXIT(ret);
} }

2453
apps/ocsp.c
View File

File diff suppressed because it is too large Load Diff

991
apps/openssl.c
View File

File diff suppressed because it is too large Load Diff

842
apps/passwd.c
View File

@ -6,42 +6,41 @@
#if !defined(OPENSSL_NO_DES) || !defined(NO_MD5CRYPT_1) #if !defined(OPENSSL_NO_DES) || !defined(NO_MD5CRYPT_1)
#include <assert.h> # include <assert.h>
#include <string.h> # include <string.h>
#include "apps.h" # include "apps.h"
#include <openssl/bio.h> # include <openssl/bio.h>
#include <openssl/err.h> # include <openssl/err.h>
#include <openssl/evp.h> # include <openssl/evp.h>
#include <openssl/rand.h> # include <openssl/rand.h>
#ifndef OPENSSL_NO_DES # ifndef OPENSSL_NO_DES
# include <openssl/des.h> # include <openssl/des.h>
#endif # endif
#ifndef NO_MD5CRYPT_1 # ifndef NO_MD5CRYPT_1
# include <openssl/md5.h> # include <openssl/md5.h>
#endif # endif
# undef PROG
# define PROG passwd_main
#undef PROG static unsigned const char cov_2char[64] = {
#define PROG passwd_main /* from crypto/des/fcrypt.c */
0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44,
static unsigned const char cov_2char[64]={ 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C,
/* from crypto/des/fcrypt.c */ 0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54,
0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x61, 0x62,
0x36,0x37,0x38,0x39,0x41,0x42,0x43,0x44, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A,
0x45,0x46,0x47,0x48,0x49,0x4A,0x4B,0x4C, 0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71, 0x72,
0x4D,0x4E,0x4F,0x50,0x51,0x52,0x53,0x54, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A
0x55,0x56,0x57,0x58,0x59,0x5A,0x61,0x62,
0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6A,
0x6B,0x6C,0x6D,0x6E,0x6F,0x70,0x71,0x72,
0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A
}; };
static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
char *passwd, BIO *out, int quiet, int table, int reverse, char *passwd, BIO *out, int quiet, int table,
size_t pw_maxlen, int usecrypt, int use1, int useapr1); int reverse, size_t pw_maxlen, int usecrypt, int use1,
int useapr1);
/*- /*-
* -crypt - standard Unix password algorithm (default) * -crypt - standard Unix password algorithm (default)
@ -59,456 +58,437 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
int MAIN(int, char **); int MAIN(int, char **);
int MAIN(int argc, char **argv) int MAIN(int argc, char **argv)
{ {
int ret = 1; int ret = 1;
char *infile = NULL; char *infile = NULL;
int in_stdin = 0; int in_stdin = 0;
int in_noverify = 0; int in_noverify = 0;
char *salt = NULL, *passwd = NULL, **passwds = NULL; char *salt = NULL, *passwd = NULL, **passwds = NULL;
char *salt_malloc = NULL, *passwd_malloc = NULL; char *salt_malloc = NULL, *passwd_malloc = NULL;
size_t passwd_malloc_size = 0; size_t passwd_malloc_size = 0;
int pw_source_defined = 0; int pw_source_defined = 0;
BIO *in = NULL, *out = NULL; BIO *in = NULL, *out = NULL;
int i, badopt, opt_done; int i, badopt, opt_done;
int passed_salt = 0, quiet = 0, table = 0, reverse = 0; int passed_salt = 0, quiet = 0, table = 0, reverse = 0;
int usecrypt = 0, use1 = 0, useapr1 = 0; int usecrypt = 0, use1 = 0, useapr1 = 0;
size_t pw_maxlen = 0; size_t pw_maxlen = 0;
apps_startup(); apps_startup();
if (bio_err == NULL) if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL)) if (!load_config(bio_err, NULL))
goto err; goto err;
out = BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file());
if (out == NULL) if (out == NULL)
goto err; goto err;
BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
#ifdef OPENSSL_SYS_VMS # ifdef OPENSSL_SYS_VMS
{ {
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out); out = BIO_push(tmpbio, out);
} }
#endif # endif
badopt = 0, opt_done = 0; badopt = 0, opt_done = 0;
i = 0; i = 0;
while (!badopt && !opt_done && argv[++i] != NULL) while (!badopt && !opt_done && argv[++i] != NULL) {
{ if (strcmp(argv[i], "-crypt") == 0)
if (strcmp(argv[i], "-crypt") == 0) usecrypt = 1;
usecrypt = 1; else if (strcmp(argv[i], "-1") == 0)
else if (strcmp(argv[i], "-1") == 0) use1 = 1;
use1 = 1; else if (strcmp(argv[i], "-apr1") == 0)
else if (strcmp(argv[i], "-apr1") == 0) useapr1 = 1;
useapr1 = 1; else if (strcmp(argv[i], "-salt") == 0) {
else if (strcmp(argv[i], "-salt") == 0) if ((argv[i + 1] != NULL) && (salt == NULL)) {
{ passed_salt = 1;
if ((argv[i+1] != NULL) && (salt == NULL)) salt = argv[++i];
{ } else
passed_salt = 1; badopt = 1;
salt = argv[++i]; } else if (strcmp(argv[i], "-in") == 0) {
} if ((argv[i + 1] != NULL) && !pw_source_defined) {
else pw_source_defined = 1;
badopt = 1; infile = argv[++i];
} } else
else if (strcmp(argv[i], "-in") == 0) badopt = 1;
{ } else if (strcmp(argv[i], "-stdin") == 0) {
if ((argv[i+1] != NULL) && !pw_source_defined) if (!pw_source_defined) {
{ pw_source_defined = 1;
pw_source_defined = 1; in_stdin = 1;
infile = argv[++i]; } else
} badopt = 1;
else } else if (strcmp(argv[i], "-noverify") == 0)
badopt = 1; in_noverify = 1;
} else if (strcmp(argv[i], "-quiet") == 0)
else if (strcmp(argv[i], "-stdin") == 0) quiet = 1;
{ else if (strcmp(argv[i], "-table") == 0)
if (!pw_source_defined) table = 1;
{ else if (strcmp(argv[i], "-reverse") == 0)
pw_source_defined = 1; reverse = 1;
in_stdin = 1; else if (argv[i][0] == '-')
} badopt = 1;
else else if (!pw_source_defined)
badopt = 1; /* non-option arguments, use as passwords */
} {
else if (strcmp(argv[i], "-noverify") == 0) pw_source_defined = 1;
in_noverify = 1; passwds = &argv[i];
else if (strcmp(argv[i], "-quiet") == 0) opt_done = 1;
quiet = 1; } else
else if (strcmp(argv[i], "-table") == 0) badopt = 1;
table = 1; }
else if (strcmp(argv[i], "-reverse") == 0)
reverse = 1;
else if (argv[i][0] == '-')
badopt = 1;
else if (!pw_source_defined)
/* non-option arguments, use as passwords */
{
pw_source_defined = 1;
passwds = &argv[i];
opt_done = 1;
}
else
badopt = 1;
}
if (!usecrypt && !use1 && !useapr1) /* use default */ if (!usecrypt && !use1 && !useapr1) /* use default */
usecrypt = 1; usecrypt = 1;
if (usecrypt + use1 + useapr1 > 1) /* conflict */ if (usecrypt + use1 + useapr1 > 1) /* conflict */
badopt = 1; badopt = 1;
/* reject unsupported algorithms */ /* reject unsupported algorithms */
#ifdef OPENSSL_NO_DES # ifdef OPENSSL_NO_DES
if (usecrypt) badopt = 1; if (usecrypt)
#endif badopt = 1;
#ifdef NO_MD5CRYPT_1 # endif
if (use1 || useapr1) badopt = 1; # ifdef NO_MD5CRYPT_1
#endif if (use1 || useapr1)
badopt = 1;
# endif
if (badopt) if (badopt) {
{ BIO_printf(bio_err, "Usage: passwd [options] [passwords]\n");
BIO_printf(bio_err, "Usage: passwd [options] [passwords]\n"); BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, "where options are\n"); # ifndef OPENSSL_NO_DES
#ifndef OPENSSL_NO_DES BIO_printf(bio_err,
BIO_printf(bio_err, "-crypt standard Unix password algorithm (default)\n"); "-crypt standard Unix password algorithm (default)\n");
#endif # endif
#ifndef NO_MD5CRYPT_1 # ifndef NO_MD5CRYPT_1
BIO_printf(bio_err, "-1 MD5-based password algorithm\n"); BIO_printf(bio_err,
BIO_printf(bio_err, "-apr1 MD5-based password algorithm, Apache variant\n"); "-1 MD5-based password algorithm\n");
#endif BIO_printf(bio_err,
BIO_printf(bio_err, "-salt string use provided salt\n"); "-apr1 MD5-based password algorithm, Apache variant\n");
BIO_printf(bio_err, "-in file read passwords from file\n"); # endif
BIO_printf(bio_err, "-stdin read passwords from stdin\n"); BIO_printf(bio_err, "-salt string use provided salt\n");
BIO_printf(bio_err, "-noverify never verify when reading password from terminal\n"); BIO_printf(bio_err, "-in file read passwords from file\n");
BIO_printf(bio_err, "-quiet no warnings\n"); BIO_printf(bio_err, "-stdin read passwords from stdin\n");
BIO_printf(bio_err, "-table format output as table\n"); BIO_printf(bio_err,
BIO_printf(bio_err, "-reverse switch table columns\n"); "-noverify never verify when reading password from terminal\n");
BIO_printf(bio_err, "-quiet no warnings\n");
BIO_printf(bio_err, "-table format output as table\n");
BIO_printf(bio_err, "-reverse switch table columns\n");
goto err; goto err;
} }
if ((infile != NULL) || in_stdin) if ((infile != NULL) || in_stdin) {
{ in = BIO_new(BIO_s_file());
in = BIO_new(BIO_s_file()); if (in == NULL)
if (in == NULL) goto err;
goto err; if (infile != NULL) {
if (infile != NULL) assert(in_stdin == 0);
{ if (BIO_read_filename(in, infile) <= 0)
assert(in_stdin == 0); goto err;
if (BIO_read_filename(in, infile) <= 0) } else {
goto err; assert(in_stdin);
} BIO_set_fp(in, stdin, BIO_NOCLOSE);
else }
{ }
assert(in_stdin);
BIO_set_fp(in, stdin, BIO_NOCLOSE);
}
}
if (usecrypt) if (usecrypt)
pw_maxlen = 8; pw_maxlen = 8;
else if (use1 || useapr1) else if (use1 || useapr1)
pw_maxlen = 256; /* arbitrary limit, should be enough for most passwords */ pw_maxlen = 256; /* arbitrary limit, should be enough for most
* passwords */
if (passwds == NULL) if (passwds == NULL) {
{ /* no passwords on the command line */
/* no passwords on the command line */
passwd_malloc_size = pw_maxlen + 2; passwd_malloc_size = pw_maxlen + 2;
/* longer than necessary so that we can warn about truncation */ /*
passwd = passwd_malloc = OPENSSL_malloc(passwd_malloc_size); * longer than necessary so that we can warn about truncation
if (passwd_malloc == NULL) */
goto err; passwd = passwd_malloc = OPENSSL_malloc(passwd_malloc_size);
} if (passwd_malloc == NULL)
goto err;
}
if ((in == NULL) && (passwds == NULL)) if ((in == NULL) && (passwds == NULL)) {
{ /* build a null-terminated list */
/* build a null-terminated list */ static char *passwds_static[2] = { NULL, NULL };
static char *passwds_static[2] = {NULL, NULL};
passwds = passwds_static; passwds = passwds_static;
if (in == NULL) if (in == NULL)
if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", !(passed_salt || in_noverify)) != 0) if (EVP_read_pw_string
goto err; (passwd_malloc, passwd_malloc_size, "Password: ",
passwds[0] = passwd_malloc; !(passed_salt || in_noverify)) != 0)
} goto err;
passwds[0] = passwd_malloc;
}
if (in == NULL) if (in == NULL) {
{ assert(passwds != NULL);
assert(passwds != NULL); assert(*passwds != NULL);
assert(*passwds != NULL);
do /* loop over list of passwords */ do { /* loop over list of passwords */
{ passwd = *passwds++;
passwd = *passwds++; if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out, quiet, table, reverse, pw_maxlen, usecrypt, use1,
quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1)) useapr1))
goto err; goto err;
} }
while (*passwds != NULL); while (*passwds != NULL);
} } else
else /* in != NULL */
/* in != NULL */ {
{ int done;
int done;
assert (passwd != NULL); assert(passwd != NULL);
do do {
{ int r = BIO_gets(in, passwd, pw_maxlen + 1);
int r = BIO_gets(in, passwd, pw_maxlen + 1); if (r > 0) {
if (r > 0) char *c = (strchr(passwd, '\n'));
{ if (c != NULL)
char *c = (strchr(passwd, '\n')) ; *c = 0; /* truncate at newline */
if (c != NULL) else {
*c = 0; /* truncate at newline */ /* ignore rest of line */
else char trash[BUFSIZ];
{ do
/* ignore rest of line */ r = BIO_gets(in, trash, sizeof trash);
char trash[BUFSIZ]; while ((r > 0) && (!strchr(trash, '\n')));
do }
r = BIO_gets(in, trash, sizeof trash);
while ((r > 0) && (!strchr(trash, '\n')));
}
if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out, if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1)) quiet, table, reverse, pw_maxlen, usecrypt,
goto err; use1, useapr1))
} goto err;
done = (r <= 0); }
} done = (r <= 0);
while (!done); }
} while (!done);
ret = 0; }
ret = 0;
err: err:
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
if (salt_malloc) if (salt_malloc)
OPENSSL_free(salt_malloc); OPENSSL_free(salt_malloc);
if (passwd_malloc) if (passwd_malloc)
OPENSSL_free(passwd_malloc); OPENSSL_free(passwd_malloc);
if (in) if (in)
BIO_free(in); BIO_free(in);
if (out) if (out)
BIO_free_all(out); BIO_free_all(out);
apps_shutdown(); apps_shutdown();
OPENSSL_EXIT(ret); OPENSSL_EXIT(ret);
} }
# ifndef NO_MD5CRYPT_1
#ifndef NO_MD5CRYPT_1 /*
/* MD5-based password algorithm (should probably be available as a library * MD5-based password algorithm (should probably be available as a library
* function; then the static buffer would not be acceptable). * function; then the static buffer would not be acceptable). For magic
* For magic string "1", this should be compatible to the MD5-based BSD * string "1", this should be compatible to the MD5-based BSD password
* password algorithm. * algorithm. For 'magic' string "apr1", this is compatible to the MD5-based
* For 'magic' string "apr1", this is compatible to the MD5-based Apache * Apache password algorithm. (Apparently, the Apache password algorithm is
* password algorithm. * identical except that the 'magic' string was changed -- the laziest
* (Apparently, the Apache password algorithm is identical except that the * application of the NIH principle I've ever encountered.)
* 'magic' string was changed -- the laziest application of the NIH principle
* I've ever encountered.)
*/ */
static char *md5crypt(const char *passwd, const char *magic, const char *salt) static char *md5crypt(const char *passwd, const char *magic, const char *salt)
{ {
/* "$apr1$..salt..$.......md5hash..........\0" */ /* "$apr1$..salt..$.......md5hash..........\0" */
static char out_buf[6 + 9 + 24 + 2]; static char out_buf[6 + 9 + 24 + 2];
unsigned char buf[MD5_DIGEST_LENGTH]; unsigned char buf[MD5_DIGEST_LENGTH];
char *salt_out; char *salt_out;
int n; int n;
unsigned int i; unsigned int i;
EVP_MD_CTX md,md2; EVP_MD_CTX md, md2;
size_t passwd_len, salt_len; size_t passwd_len, salt_len;
passwd_len = strlen(passwd); passwd_len = strlen(passwd);
out_buf[0] = '$'; out_buf[0] = '$';
out_buf[1] = 0; out_buf[1] = 0;
assert(strlen(magic) <= 4); /* "1" or "apr1" */ assert(strlen(magic) <= 4); /* "1" or "apr1" */
strncat(out_buf, magic, 4); strncat(out_buf, magic, 4);
strncat(out_buf, "$", 1); strncat(out_buf, "$", 1);
strncat(out_buf, salt, 8); strncat(out_buf, salt, 8);
assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */ assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
salt_out = out_buf + 2 + strlen(magic); salt_out = out_buf + 2 + strlen(magic);
salt_len = strlen(salt_out); salt_len = strlen(salt_out);
assert(salt_len <= 8); assert(salt_len <= 8);
EVP_MD_CTX_init(&md); EVP_MD_CTX_init(&md);
EVP_DigestInit_ex(&md,EVP_md5(), NULL); EVP_DigestInit_ex(&md, EVP_md5(), NULL);
EVP_DigestUpdate(&md, passwd, passwd_len); EVP_DigestUpdate(&md, passwd, passwd_len);
EVP_DigestUpdate(&md, "$", 1); EVP_DigestUpdate(&md, "$", 1);
EVP_DigestUpdate(&md, magic, strlen(magic)); EVP_DigestUpdate(&md, magic, strlen(magic));
EVP_DigestUpdate(&md, "$", 1); EVP_DigestUpdate(&md, "$", 1);
EVP_DigestUpdate(&md, salt_out, salt_len); EVP_DigestUpdate(&md, salt_out, salt_len);
EVP_MD_CTX_init(&md2); EVP_MD_CTX_init(&md2);
EVP_DigestInit_ex(&md2,EVP_md5(), NULL); EVP_DigestInit_ex(&md2, EVP_md5(), NULL);
EVP_DigestUpdate(&md2, passwd, passwd_len); EVP_DigestUpdate(&md2, passwd, passwd_len);
EVP_DigestUpdate(&md2, salt_out, salt_len); EVP_DigestUpdate(&md2, salt_out, salt_len);
EVP_DigestUpdate(&md2, passwd, passwd_len); EVP_DigestUpdate(&md2, passwd, passwd_len);
EVP_DigestFinal_ex(&md2, buf, NULL); EVP_DigestFinal_ex(&md2, buf, NULL);
for (i = passwd_len; i > sizeof buf; i -= sizeof buf) for (i = passwd_len; i > sizeof buf; i -= sizeof buf)
EVP_DigestUpdate(&md, buf, sizeof buf); EVP_DigestUpdate(&md, buf, sizeof buf);
EVP_DigestUpdate(&md, buf, i); EVP_DigestUpdate(&md, buf, i);
n = passwd_len; n = passwd_len;
while (n) while (n) {
{ EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1);
EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1); n >>= 1;
n >>= 1; }
} EVP_DigestFinal_ex(&md, buf, NULL);
EVP_DigestFinal_ex(&md, buf, NULL);
for (i = 0; i < 1000; i++) for (i = 0; i < 1000; i++) {
{ EVP_DigestInit_ex(&md2, EVP_md5(), NULL);
EVP_DigestInit_ex(&md2,EVP_md5(), NULL); EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *)passwd : buf,
EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *) passwd : buf, (i & 1) ? passwd_len : sizeof buf);
(i & 1) ? passwd_len : sizeof buf); if (i % 3)
if (i % 3) EVP_DigestUpdate(&md2, salt_out, salt_len);
EVP_DigestUpdate(&md2, salt_out, salt_len); if (i % 7)
if (i % 7) EVP_DigestUpdate(&md2, passwd, passwd_len);
EVP_DigestUpdate(&md2, passwd, passwd_len); EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *)passwd,
EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *) passwd, (i & 1) ? sizeof buf : passwd_len);
(i & 1) ? sizeof buf : passwd_len); EVP_DigestFinal_ex(&md2, buf, NULL);
EVP_DigestFinal_ex(&md2, buf, NULL); }
} EVP_MD_CTX_cleanup(&md2);
EVP_MD_CTX_cleanup(&md2);
{ {
/* transform buf into output string */ /* transform buf into output string */
unsigned char buf_perm[sizeof buf]; unsigned char buf_perm[sizeof buf];
int dest, source; int dest, source;
char *output; char *output;
/* silly output permutation */ /* silly output permutation */
for (dest = 0, source = 0; dest < 14; dest++, source = (source + 6) % 17) for (dest = 0, source = 0; dest < 14;
buf_perm[dest] = buf[source]; dest++, source = (source + 6) % 17)
buf_perm[14] = buf[5]; buf_perm[dest] = buf[source];
buf_perm[15] = buf[11]; buf_perm[14] = buf[5];
#ifndef PEDANTIC /* Unfortunately, this generates a "no effect" warning */ buf_perm[15] = buf[11];
assert(16 == sizeof buf_perm); # ifndef PEDANTIC /* Unfortunately, this generates a "no
#endif * effect" warning */
assert(16 == sizeof buf_perm);
# endif
output = salt_out + salt_len; output = salt_out + salt_len;
assert(output == out_buf + strlen(out_buf)); assert(output == out_buf + strlen(out_buf));
*output++ = '$'; *output++ = '$';
for (i = 0; i < 15; i += 3) for (i = 0; i < 15; i += 3) {
{ *output++ = cov_2char[buf_perm[i + 2] & 0x3f];
*output++ = cov_2char[buf_perm[i+2] & 0x3f]; *output++ = cov_2char[((buf_perm[i + 1] & 0xf) << 2) |
*output++ = cov_2char[((buf_perm[i+1] & 0xf) << 2) | (buf_perm[i + 2] >> 6)];
(buf_perm[i+2] >> 6)]; *output++ = cov_2char[((buf_perm[i] & 3) << 4) |
*output++ = cov_2char[((buf_perm[i] & 3) << 4) | (buf_perm[i + 1] >> 4)];
(buf_perm[i+1] >> 4)]; *output++ = cov_2char[buf_perm[i] >> 2];
*output++ = cov_2char[buf_perm[i] >> 2]; }
} assert(i == 15);
assert(i == 15); *output++ = cov_2char[buf_perm[i] & 0x3f];
*output++ = cov_2char[buf_perm[i] & 0x3f]; *output++ = cov_2char[buf_perm[i] >> 6];
*output++ = cov_2char[buf_perm[i] >> 6]; *output = 0;
*output = 0; assert(strlen(out_buf) < sizeof(out_buf));
assert(strlen(out_buf) < sizeof(out_buf)); }
} EVP_MD_CTX_cleanup(&md);
EVP_MD_CTX_cleanup(&md);
return out_buf;
}
#endif
return out_buf;
}
# endif
static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
char *passwd, BIO *out, int quiet, int table, int reverse, char *passwd, BIO *out, int quiet, int table,
size_t pw_maxlen, int usecrypt, int use1, int useapr1) int reverse, size_t pw_maxlen, int usecrypt, int use1,
{ int useapr1)
char *hash = NULL; {
char *hash = NULL;
assert(salt_p != NULL); assert(salt_p != NULL);
assert(salt_malloc_p != NULL); assert(salt_malloc_p != NULL);
/* first make sure we have a salt */ /* first make sure we have a salt */
if (!passed_salt) if (!passed_salt) {
{ # ifndef OPENSSL_NO_DES
#ifndef OPENSSL_NO_DES if (usecrypt) {
if (usecrypt) if (*salt_malloc_p == NULL) {
{ *salt_p = *salt_malloc_p = OPENSSL_malloc(3);
if (*salt_malloc_p == NULL) if (*salt_malloc_p == NULL)
{ goto err;
*salt_p = *salt_malloc_p = OPENSSL_malloc(3); }
if (*salt_malloc_p == NULL) if (RAND_pseudo_bytes((unsigned char *)*salt_p, 2) < 0)
goto err; goto err;
} (*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */
if (RAND_pseudo_bytes((unsigned char *)*salt_p, 2) < 0) (*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */
goto err; (*salt_p)[2] = 0;
(*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */ # ifdef CHARSET_EBCDIC
(*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */ ascii2ebcdic(*salt_p, *salt_p, 2); /* des_crypt will convert back
(*salt_p)[2] = 0; * to ASCII */
#ifdef CHARSET_EBCDIC # endif
ascii2ebcdic(*salt_p, *salt_p, 2); /* des_crypt will convert }
* back to ASCII */ # endif /* !OPENSSL_NO_DES */
#endif
}
#endif /* !OPENSSL_NO_DES */
#ifndef NO_MD5CRYPT_1 # ifndef NO_MD5CRYPT_1
if (use1 || useapr1) if (use1 || useapr1) {
{ int i;
int i;
if (*salt_malloc_p == NULL) if (*salt_malloc_p == NULL) {
{ *salt_p = *salt_malloc_p = OPENSSL_malloc(9);
*salt_p = *salt_malloc_p = OPENSSL_malloc(9); if (*salt_malloc_p == NULL)
if (*salt_malloc_p == NULL) goto err;
goto err; }
} if (RAND_pseudo_bytes((unsigned char *)*salt_p, 8) < 0)
if (RAND_pseudo_bytes((unsigned char *)*salt_p, 8) < 0) goto err;
goto err;
for (i = 0; i < 8; i++) for (i = 0; i < 8; i++)
(*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */ (*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */
(*salt_p)[8] = 0; (*salt_p)[8] = 0;
} }
#endif /* !NO_MD5CRYPT_1 */ # endif /* !NO_MD5CRYPT_1 */
} }
assert(*salt_p != NULL); assert(*salt_p != NULL);
/* truncate password if necessary */ /* truncate password if necessary */
if ((strlen(passwd) > pw_maxlen)) if ((strlen(passwd) > pw_maxlen)) {
{ if (!quiet)
if (!quiet) /*
/* XXX: really we should know how to print a size_t, not cast it */ * XXX: really we should know how to print a size_t, not cast it
BIO_printf(bio_err, "Warning: truncating password to %u characters\n", (unsigned)pw_maxlen); */
passwd[pw_maxlen] = 0; BIO_printf(bio_err,
} "Warning: truncating password to %u characters\n",
assert(strlen(passwd) <= pw_maxlen); (unsigned)pw_maxlen);
passwd[pw_maxlen] = 0;
}
assert(strlen(passwd) <= pw_maxlen);
/* now compute password hash */ /* now compute password hash */
#ifndef OPENSSL_NO_DES # ifndef OPENSSL_NO_DES
if (usecrypt) if (usecrypt)
hash = DES_crypt(passwd, *salt_p); hash = DES_crypt(passwd, *salt_p);
#endif # endif
#ifndef NO_MD5CRYPT_1 # ifndef NO_MD5CRYPT_1
if (use1 || useapr1) if (use1 || useapr1)
hash = md5crypt(passwd, (use1 ? "1" : "apr1"), *salt_p); hash = md5crypt(passwd, (use1 ? "1" : "apr1"), *salt_p);
#endif # endif
assert(hash != NULL); assert(hash != NULL);
if (table && !reverse) if (table && !reverse)
BIO_printf(out, "%s\t%s\n", passwd, hash); BIO_printf(out, "%s\t%s\n", passwd, hash);
else if (table && reverse) else if (table && reverse)
BIO_printf(out, "%s\t%s\n", hash, passwd); BIO_printf(out, "%s\t%s\n", hash, passwd);
else else
BIO_printf(out, "%s\n", hash); BIO_printf(out, "%s\n", hash);
return 1; return 1;
err: err:
return 0; return 0;
} }
#else #else
int MAIN(int argc, char **argv) int MAIN(int argc, char **argv)
{ {
fputs("Program not available.\n", stderr) fputs("Program not available.\n", stderr)
OPENSSL_EXIT(1); OPENSSL_EXIT(1);
} }
#endif #endif

1550
apps/pkcs12.c
View File

File diff suppressed because it is too large Load Diff

401
apps/pkcs7.c
View File

@ -69,253 +69,240 @@
#include <openssl/pem.h> #include <openssl/pem.h>
#undef PROG #undef PROG
#define PROG pkcs7_main #define PROG pkcs7_main
/*- /*-
* -inform arg - input format - default PEM (DER or PEM) * -inform arg - input format - default PEM (DER or PEM)
* -outform arg - output format - default PEM * -outform arg - output format - default PEM
* -in arg - input file - default stdin * -in arg - input file - default stdin
* -out arg - output file - default stdout * -out arg - output file - default stdout
* -print_certs * -print_certs
*/ */
int MAIN(int, char **); int MAIN(int, char **);
int MAIN(int argc, char **argv) int MAIN(int argc, char **argv)
{ {
PKCS7 *p7=NULL; PKCS7 *p7 = NULL;
int i,badops=0; int i, badops = 0;
BIO *in=NULL,*out=NULL; BIO *in = NULL, *out = NULL;
int informat,outformat; int informat, outformat;
char *infile,*outfile,*prog; char *infile, *outfile, *prog;
int print_certs=0,text=0,noout=0,p7_print=0; int print_certs = 0, text = 0, noout = 0, p7_print = 0;
int ret=1; int ret = 1;
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
char *engine=NULL; char *engine = NULL;
#endif #endif
apps_startup(); apps_startup();
if (bio_err == NULL) if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL)) if (!load_config(bio_err, NULL))
goto end; goto end;
infile=NULL; infile = NULL;
outfile=NULL; outfile = NULL;
informat=FORMAT_PEM; informat = FORMAT_PEM;
outformat=FORMAT_PEM; outformat = FORMAT_PEM;
prog=argv[0]; prog = argv[0];
argc--; argc--;
argv++; argv++;
while (argc >= 1) while (argc >= 1) {
{ if (strcmp(*argv, "-inform") == 0) {
if (strcmp(*argv,"-inform") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad; informat = str2fmt(*(++argv));
informat=str2fmt(*(++argv)); } else if (strcmp(*argv, "-outform") == 0) {
} if (--argc < 1)
else if (strcmp(*argv,"-outform") == 0) goto bad;
{ outformat = str2fmt(*(++argv));
if (--argc < 1) goto bad; } else if (strcmp(*argv, "-in") == 0) {
outformat=str2fmt(*(++argv)); if (--argc < 1)
} goto bad;
else if (strcmp(*argv,"-in") == 0) infile = *(++argv);
{ } else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1) goto bad; if (--argc < 1)
infile= *(++argv); goto bad;
} outfile = *(++argv);
else if (strcmp(*argv,"-out") == 0) } else if (strcmp(*argv, "-noout") == 0)
{ noout = 1;
if (--argc < 1) goto bad; else if (strcmp(*argv, "-text") == 0)
outfile= *(++argv); text = 1;
} else if (strcmp(*argv, "-print") == 0)
else if (strcmp(*argv,"-noout") == 0) p7_print = 1;
noout=1; else if (strcmp(*argv, "-print_certs") == 0)
else if (strcmp(*argv,"-text") == 0) print_certs = 1;
text=1;
else if (strcmp(*argv,"-print") == 0)
p7_print=1;
else if (strcmp(*argv,"-print_certs") == 0)
print_certs=1;
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0) else if (strcmp(*argv, "-engine") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
engine= *(++argv); engine = *(++argv);
} }
#endif #endif
else else {
{ BIO_printf(bio_err, "unknown option %s\n", *argv);
BIO_printf(bio_err,"unknown option %s\n",*argv); badops = 1;
badops=1; break;
break; }
} argc--;
argc--; argv++;
argv++; }
}
if (badops) if (badops) {
{ bad:
bad: BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err,"where options are\n"); BIO_printf(bio_err, " -inform arg input format - DER or PEM\n");
BIO_printf(bio_err," -inform arg input format - DER or PEM\n"); BIO_printf(bio_err, " -outform arg output format - DER or PEM\n");
BIO_printf(bio_err," -outform arg output format - DER or PEM\n"); BIO_printf(bio_err, " -in arg input file\n");
BIO_printf(bio_err," -in arg input file\n"); BIO_printf(bio_err, " -out arg output file\n");
BIO_printf(bio_err," -out arg output file\n"); BIO_printf(bio_err,
BIO_printf(bio_err," -print_certs print any certs or crl in the input\n"); " -print_certs print any certs or crl in the input\n");
BIO_printf(bio_err," -text print full details of certificates\n"); BIO_printf(bio_err,
BIO_printf(bio_err," -noout don't output encoded data\n"); " -text print full details of certificates\n");
BIO_printf(bio_err, " -noout don't output encoded data\n");
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err,
" -engine e use engine e, possibly a hardware device.\n");
#endif #endif
ret = 1; ret = 1;
goto end; goto end;
} }
ERR_load_crypto_strings(); ERR_load_crypto_strings();
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0); setup_engine(bio_err, engine, 0);
#endif #endif
in=BIO_new(BIO_s_file()); in = BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL)) if ((in == NULL) || (out == NULL)) {
{ ERR_print_errors(bio_err);
ERR_print_errors(bio_err); goto end;
}
if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
if (BIO_read_filename(in, infile) <= 0)
if (in == NULL) {
perror(infile);
goto end; goto end;
} }
}
if (infile == NULL) if (informat == FORMAT_ASN1)
BIO_set_fp(in,stdin,BIO_NOCLOSE); p7 = d2i_PKCS7_bio(in, NULL);
else else if (informat == FORMAT_PEM)
{ p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
if (BIO_read_filename(in,infile) <= 0) else {
if (in == NULL) BIO_printf(bio_err, "bad input format specified for pkcs7 object\n");
{ goto end;
perror(infile); }
goto end; if (p7 == NULL) {
} BIO_printf(bio_err, "unable to load PKCS7 object\n");
} ERR_print_errors(bio_err);
goto end;
}
if (informat == FORMAT_ASN1) if (outfile == NULL) {
p7=d2i_PKCS7_bio(in,NULL); BIO_set_fp(out, stdout, BIO_NOCLOSE);
else if (informat == FORMAT_PEM)
p7=PEM_read_bio_PKCS7(in,NULL,NULL,NULL);
else
{
BIO_printf(bio_err,"bad input format specified for pkcs7 object\n");
goto end;
}
if (p7 == NULL)
{
BIO_printf(bio_err,"unable to load PKCS7 object\n");
ERR_print_errors(bio_err);
goto end;
}
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS #ifdef OPENSSL_SYS_VMS
{ {
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out); out = BIO_push(tmpbio, out);
} }
#endif #endif
} } else {
else if (BIO_write_filename(out, outfile) <= 0) {
{ perror(outfile);
if (BIO_write_filename(out,outfile) <= 0) goto end;
{ }
perror(outfile); }
goto end;
}
}
if (p7_print) if (p7_print)
PKCS7_print_ctx(out, p7, 0, NULL); PKCS7_print_ctx(out, p7, 0, NULL);
if (print_certs) if (print_certs) {
{ STACK_OF(X509) *certs = NULL;
STACK_OF(X509) *certs=NULL; STACK_OF(X509_CRL) *crls = NULL;
STACK_OF(X509_CRL) *crls=NULL;
i=OBJ_obj2nid(p7->type); i = OBJ_obj2nid(p7->type);
switch (i) switch (i) {
{ case NID_pkcs7_signed:
case NID_pkcs7_signed: certs = p7->d.sign->cert;
certs=p7->d.sign->cert; crls = p7->d.sign->crl;
crls=p7->d.sign->crl; break;
break; case NID_pkcs7_signedAndEnveloped:
case NID_pkcs7_signedAndEnveloped: certs = p7->d.signed_and_enveloped->cert;
certs=p7->d.signed_and_enveloped->cert; crls = p7->d.signed_and_enveloped->crl;
crls=p7->d.signed_and_enveloped->crl; break;
break; default:
default: break;
break; }
}
if (certs != NULL) if (certs != NULL) {
{ X509 *x;
X509 *x;
for (i=0; i<sk_X509_num(certs); i++) for (i = 0; i < sk_X509_num(certs); i++) {
{ x = sk_X509_value(certs, i);
x=sk_X509_value(certs,i); if (text)
if(text) X509_print(out, x); X509_print(out, x);
else dump_cert_text(out, x); else
dump_cert_text(out, x);
if(!noout) PEM_write_bio_X509(out,x); if (!noout)
BIO_puts(out,"\n"); PEM_write_bio_X509(out, x);
} BIO_puts(out, "\n");
} }
if (crls != NULL) }
{ if (crls != NULL) {
X509_CRL *crl; X509_CRL *crl;
for (i=0; i<sk_X509_CRL_num(crls); i++) for (i = 0; i < sk_X509_CRL_num(crls); i++) {
{ crl = sk_X509_CRL_value(crls, i);
crl=sk_X509_CRL_value(crls,i);
X509_CRL_print(out, crl); X509_CRL_print(out, crl);
if(!noout)PEM_write_bio_X509_CRL(out,crl); if (!noout)
BIO_puts(out,"\n"); PEM_write_bio_X509_CRL(out, crl);
} BIO_puts(out, "\n");
} }
}
ret=0; ret = 0;
goto end; goto end;
} }
if(!noout) { if (!noout) {
if (outformat == FORMAT_ASN1) if (outformat == FORMAT_ASN1)
i=i2d_PKCS7_bio(out,p7); i = i2d_PKCS7_bio(out, p7);
else if (outformat == FORMAT_PEM) else if (outformat == FORMAT_PEM)
i=PEM_write_bio_PKCS7(out,p7); i = PEM_write_bio_PKCS7(out, p7);
else { else {
BIO_printf(bio_err,"bad output format specified for outfile\n"); BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end; goto end;
} }
if (!i) if (!i) {
{ BIO_printf(bio_err, "unable to write pkcs7 object\n");
BIO_printf(bio_err,"unable to write pkcs7 object\n"); ERR_print_errors(bio_err);
ERR_print_errors(bio_err); goto end;
goto end; }
} }
} ret = 0;
ret=0; end:
end: if (p7 != NULL)
if (p7 != NULL) PKCS7_free(p7); PKCS7_free(p7);
if (in != NULL) BIO_free(in); if (in != NULL)
if (out != NULL) BIO_free_all(out); BIO_free(in);
apps_shutdown(); if (out != NULL)
OPENSSL_EXIT(ret); BIO_free_all(out);
} apps_shutdown();
OPENSSL_EXIT(ret);
}

679
apps/pkcs8.c
View File

@ -1,6 +1,7 @@
/* pkcs8.c */ /* pkcs8.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL /*
* project 1999-2004. * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 1999-2004.
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved. * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
@ -69,400 +70,344 @@
int MAIN(int, char **); int MAIN(int, char **);
int MAIN(int argc, char **argv) int MAIN(int argc, char **argv)
{ {
ENGINE *e = NULL; ENGINE *e = NULL;
char **args, *infile = NULL, *outfile = NULL; char **args, *infile = NULL, *outfile = NULL;
char *passargin = NULL, *passargout = NULL; char *passargin = NULL, *passargout = NULL;
BIO *in = NULL, *out = NULL; BIO *in = NULL, *out = NULL;
int topk8 = 0; int topk8 = 0;
int pbe_nid = -1; int pbe_nid = -1;
const EVP_CIPHER *cipher = NULL; const EVP_CIPHER *cipher = NULL;
int iter = PKCS12_DEFAULT_ITER; int iter = PKCS12_DEFAULT_ITER;
int informat, outformat; int informat, outformat;
int p8_broken = PKCS8_OK; int p8_broken = PKCS8_OK;
int nocrypt = 0; int nocrypt = 0;
X509_SIG *p8 = NULL; X509_SIG *p8 = NULL;
PKCS8_PRIV_KEY_INFO *p8inf = NULL; PKCS8_PRIV_KEY_INFO *p8inf = NULL;
EVP_PKEY *pkey=NULL; EVP_PKEY *pkey = NULL;
char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL; char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
int badarg = 0; int badarg = 0;
int ret = 1; int ret = 1;
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
char *engine=NULL; char *engine = NULL;
#endif #endif
if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); if (bio_err == NULL)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL)) if (!load_config(bio_err, NULL))
goto end; goto end;
informat=FORMAT_PEM; informat = FORMAT_PEM;
outformat=FORMAT_PEM; outformat = FORMAT_PEM;
ERR_load_crypto_strings(); ERR_load_crypto_strings();
OpenSSL_add_all_algorithms(); OpenSSL_add_all_algorithms();
args = argv + 1; args = argv + 1;
while (!badarg && *args && *args[0] == '-') while (!badarg && *args && *args[0] == '-') {
{ if (!strcmp(*args, "-v2")) {
if (!strcmp(*args,"-v2")) if (args[1]) {
{ args++;
if (args[1]) cipher = EVP_get_cipherbyname(*args);
{ if (!cipher) {
args++; BIO_printf(bio_err, "Unknown cipher %s\n", *args);
cipher=EVP_get_cipherbyname(*args); badarg = 1;
if (!cipher) }
{ } else
BIO_printf(bio_err, badarg = 1;
"Unknown cipher %s\n", *args); } else if (!strcmp(*args, "-v1")) {
badarg = 1; if (args[1]) {
} args++;
} pbe_nid = OBJ_txt2nid(*args);
else if (pbe_nid == NID_undef) {
badarg = 1; BIO_printf(bio_err, "Unknown PBE algorithm %s\n", *args);
} badarg = 1;
else if (!strcmp(*args,"-v1")) }
{ } else
if (args[1]) badarg = 1;
{ } else if (!strcmp(*args, "-v2prf")) {
args++; if (args[1]) {
pbe_nid=OBJ_txt2nid(*args); args++;
if (pbe_nid == NID_undef) pbe_nid = OBJ_txt2nid(*args);
{ if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0)) {
BIO_printf(bio_err, BIO_printf(bio_err, "Unknown PRF algorithm %s\n", *args);
"Unknown PBE algorithm %s\n", *args); badarg = 1;
badarg = 1; }
} } else
} badarg = 1;
else } else if (!strcmp(*args, "-inform")) {
badarg = 1; if (args[1]) {
} args++;
else if (!strcmp(*args,"-v2prf")) informat = str2fmt(*args);
{ } else
if (args[1]) badarg = 1;
{ } else if (!strcmp(*args, "-outform")) {
args++; if (args[1]) {
pbe_nid=OBJ_txt2nid(*args); args++;
if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0)) outformat = str2fmt(*args);
{ } else
BIO_printf(bio_err, badarg = 1;
"Unknown PRF algorithm %s\n", *args); } else if (!strcmp(*args, "-topk8"))
badarg = 1; topk8 = 1;
} else if (!strcmp(*args, "-noiter"))
} iter = 1;
else else if (!strcmp(*args, "-iter")) {
badarg = 1; if (args[1]) {
} iter = atoi(*(++args));
else if (!strcmp(*args,"-inform")) if (iter <= 0)
{ badarg = 1;
if (args[1]) } else
{ badarg = 1;
args++; } else if (!strcmp(*args, "-nocrypt"))
informat=str2fmt(*args); nocrypt = 1;
} else if (!strcmp(*args, "-nooct"))
else badarg = 1; p8_broken = PKCS8_NO_OCTET;
} else if (!strcmp(*args, "-nsdb"))
else if (!strcmp(*args,"-outform")) p8_broken = PKCS8_NS_DB;
{ else if (!strcmp(*args, "-embed"))
if (args[1]) p8_broken = PKCS8_EMBEDDED_PARAM;
{ else if (!strcmp(*args, "-passin")) {
args++; if (args[1])
outformat=str2fmt(*args); passargin = *(++args);
} else
else badarg = 1; badarg = 1;
} } else if (!strcmp(*args, "-passout")) {
else if (!strcmp (*args, "-topk8")) if (args[1])
topk8 = 1; passargout = *(++args);
else if (!strcmp (*args, "-noiter")) else
iter = 1; badarg = 1;
else if (!strcmp (*args, "-iter")) }
{
if (args[1])
{
iter = atoi(*(++args));
if (iter <= 0) badarg = 1;
}
else badarg = 1;
}
else if (!strcmp (*args, "-nocrypt"))
nocrypt = 1;
else if (!strcmp (*args, "-nooct"))
p8_broken = PKCS8_NO_OCTET;
else if (!strcmp (*args, "-nsdb"))
p8_broken = PKCS8_NS_DB;
else if (!strcmp (*args, "-embed"))
p8_broken = PKCS8_EMBEDDED_PARAM;
else if (!strcmp(*args,"-passin"))
{
if (args[1])
passargin= *(++args);
else badarg = 1;
}
else if (!strcmp(*args,"-passout"))
{
if (args[1])
passargout= *(++args);
else badarg = 1;
}
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
else if (strcmp(*args,"-engine") == 0) else if (strcmp(*args, "-engine") == 0) {
{ if (args[1])
if (args[1]) engine = *(++args);
engine= *(++args); else
else badarg = 1; badarg = 1;
} }
#endif #endif
else if (!strcmp (*args, "-in")) else if (!strcmp(*args, "-in")) {
{ if (args[1]) {
if (args[1]) args++;
{ infile = *args;
args++; } else
infile = *args; badarg = 1;
} } else if (!strcmp(*args, "-out")) {
else badarg = 1; if (args[1]) {
} args++;
else if (!strcmp (*args, "-out")) outfile = *args;
{ } else
if (args[1]) badarg = 1;
{ } else
args++; badarg = 1;
outfile = *args; args++;
} }
else badarg = 1;
}
else badarg = 1;
args++;
}
if (badarg) if (badarg) {
{ BIO_printf(bio_err, "Usage pkcs8 [options]\n");
BIO_printf(bio_err, "Usage pkcs8 [options]\n"); BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, "where options are\n"); BIO_printf(bio_err, "-in file input file\n");
BIO_printf(bio_err, "-in file input file\n"); BIO_printf(bio_err, "-inform X input format (DER or PEM)\n");
BIO_printf(bio_err, "-inform X input format (DER or PEM)\n"); BIO_printf(bio_err,
BIO_printf(bio_err, "-passin arg input file pass phrase source\n"); "-passin arg input file pass phrase source\n");
BIO_printf(bio_err, "-outform X output format (DER or PEM)\n"); BIO_printf(bio_err, "-outform X output format (DER or PEM)\n");
BIO_printf(bio_err, "-out file output file\n"); BIO_printf(bio_err, "-out file output file\n");
BIO_printf(bio_err, "-passout arg output file pass phrase source\n"); BIO_printf(bio_err,
BIO_printf(bio_err, "-topk8 output PKCS8 file\n"); "-passout arg output file pass phrase source\n");
BIO_printf(bio_err, "-nooct use (nonstandard) no octet format\n"); BIO_printf(bio_err, "-topk8 output PKCS8 file\n");
BIO_printf(bio_err, "-embed use (nonstandard) embedded DSA parameters format\n"); BIO_printf(bio_err,
BIO_printf(bio_err, "-nsdb use (nonstandard) DSA Netscape DB format\n"); "-nooct use (nonstandard) no octet format\n");
BIO_printf(bio_err, "-iter count use count as iteration count\n"); BIO_printf(bio_err,
BIO_printf(bio_err, "-noiter use 1 as iteration count\n"); "-embed use (nonstandard) embedded DSA parameters format\n");
BIO_printf(bio_err, "-nocrypt use or expect unencrypted private key\n"); BIO_printf(bio_err,
BIO_printf(bio_err, "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n"); "-nsdb use (nonstandard) DSA Netscape DB format\n");
BIO_printf(bio_err, "-v1 obj use PKCS#5 v1.5 and cipher \"alg\"\n"); BIO_printf(bio_err, "-iter count use count as iteration count\n");
BIO_printf(bio_err, "-noiter use 1 as iteration count\n");
BIO_printf(bio_err,
"-nocrypt use or expect unencrypted private key\n");
BIO_printf(bio_err,
"-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n");
BIO_printf(bio_err,
"-v1 obj use PKCS#5 v1.5 and cipher \"alg\"\n");
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err,
" -engine e use engine e, possibly a hardware device.\n");
#endif #endif
goto end; goto end;
} }
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0); e = setup_engine(bio_err, engine, 0);
#endif #endif
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
{ BIO_printf(bio_err, "Error getting passwords\n");
BIO_printf(bio_err, "Error getting passwords\n"); goto end;
goto end; }
}
if ((pbe_nid == -1) && !cipher) if ((pbe_nid == -1) && !cipher)
pbe_nid = NID_pbeWithMD5AndDES_CBC; pbe_nid = NID_pbeWithMD5AndDES_CBC;
if (infile) if (infile) {
{ if (!(in = BIO_new_file(infile, "rb"))) {
if (!(in = BIO_new_file(infile, "rb"))) BIO_printf(bio_err, "Can't open input file %s\n", infile);
{ goto end;
BIO_printf(bio_err, }
"Can't open input file %s\n", infile); } else
goto end; in = BIO_new_fp(stdin, BIO_NOCLOSE);
}
}
else
in = BIO_new_fp (stdin, BIO_NOCLOSE);
if (outfile) if (outfile) {
{ if (!(out = BIO_new_file(outfile, "wb"))) {
if (!(out = BIO_new_file (outfile, "wb"))) BIO_printf(bio_err, "Can't open output file %s\n", outfile);
{ goto end;
BIO_printf(bio_err, }
"Can't open output file %s\n", outfile); } else {
goto end; out = BIO_new_fp(stdout, BIO_NOCLOSE);
}
}
else
{
out = BIO_new_fp (stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS #ifdef OPENSSL_SYS_VMS
{ {
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out); out = BIO_push(tmpbio, out);
} }
#endif #endif
} }
if (topk8) if (topk8) {
{ pkey = load_key(bio_err, infile, informat, 1, passin, e, "key");
pkey = load_key(bio_err, infile, informat, 1, if (!pkey)
passin, e, "key"); goto end;
if (!pkey) if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) {
goto end; BIO_printf(bio_err, "Error converting key\n");
if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) ERR_print_errors(bio_err);
{ goto end;
BIO_printf(bio_err, "Error converting key\n"); }
ERR_print_errors(bio_err); if (nocrypt) {
goto end; if (outformat == FORMAT_PEM)
} PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);
if (nocrypt) else if (outformat == FORMAT_ASN1)
{ i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);
if (outformat == FORMAT_PEM) else {
PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf); BIO_printf(bio_err, "Bad format specified for key\n");
else if (outformat == FORMAT_ASN1) goto end;
i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf); }
else } else {
{ if (passout)
BIO_printf(bio_err, "Bad format specified for key\n"); p8pass = passout;
goto end; else {
} p8pass = pass;
} if (EVP_read_pw_string
else (pass, sizeof pass, "Enter Encryption Password:", 1))
{ goto end;
if (passout) }
p8pass = passout; app_RAND_load_file(NULL, bio_err, 0);
else if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
{ p8pass, strlen(p8pass),
p8pass = pass; NULL, 0, iter, p8inf))) {
if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1)) BIO_printf(bio_err, "Error encrypting key\n");
goto end; ERR_print_errors(bio_err);
} goto end;
app_RAND_load_file(NULL, bio_err, 0); }
if (!(p8 = PKCS8_encrypt(pbe_nid, cipher, app_RAND_write_file(NULL, bio_err);
p8pass, strlen(p8pass), if (outformat == FORMAT_PEM)
NULL, 0, iter, p8inf))) PEM_write_bio_PKCS8(out, p8);
{ else if (outformat == FORMAT_ASN1)
BIO_printf(bio_err, "Error encrypting key\n"); i2d_PKCS8_bio(out, p8);
ERR_print_errors(bio_err); else {
goto end; BIO_printf(bio_err, "Bad format specified for key\n");
} goto end;
app_RAND_write_file(NULL, bio_err); }
if (outformat == FORMAT_PEM) }
PEM_write_bio_PKCS8(out, p8);
else if (outformat == FORMAT_ASN1)
i2d_PKCS8_bio(out, p8);
else
{
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
}
}
ret = 0; ret = 0;
goto end; goto end;
} }
if (nocrypt) if (nocrypt) {
{ if (informat == FORMAT_PEM)
if (informat == FORMAT_PEM) p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in, NULL, NULL, NULL);
p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in,NULL,NULL, NULL); else if (informat == FORMAT_ASN1)
else if (informat == FORMAT_ASN1) p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);
p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL); else {
else BIO_printf(bio_err, "Bad format specified for key\n");
{ goto end;
BIO_printf(bio_err, "Bad format specified for key\n"); }
goto end; } else {
} if (informat == FORMAT_PEM)
} p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);
else else if (informat == FORMAT_ASN1)
{ p8 = d2i_PKCS8_bio(in, NULL);
if (informat == FORMAT_PEM) else {
p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL); BIO_printf(bio_err, "Bad format specified for key\n");
else if (informat == FORMAT_ASN1) goto end;
p8 = d2i_PKCS8_bio(in, NULL); }
else
{
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
}
if (!p8) if (!p8) {
{ BIO_printf(bio_err, "Error reading key\n");
BIO_printf (bio_err, "Error reading key\n"); ERR_print_errors(bio_err);
ERR_print_errors(bio_err); goto end;
goto end; }
} if (passin)
if (passin) p8pass = passin;
p8pass = passin; else {
else p8pass = pass;
{ EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0);
p8pass = pass; }
EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0); p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
} }
p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
}
if (!p8inf) if (!p8inf) {
{ BIO_printf(bio_err, "Error decrypting key\n");
BIO_printf(bio_err, "Error decrypting key\n"); ERR_print_errors(bio_err);
ERR_print_errors(bio_err); goto end;
goto end; }
}
if (!(pkey = EVP_PKCS82PKEY(p8inf))) if (!(pkey = EVP_PKCS82PKEY(p8inf))) {
{ BIO_printf(bio_err, "Error converting key\n");
BIO_printf(bio_err, "Error converting key\n"); ERR_print_errors(bio_err);
ERR_print_errors(bio_err); goto end;
goto end; }
}
if (p8inf->broken) if (p8inf->broken) {
{ BIO_printf(bio_err, "Warning: broken key encoding: ");
BIO_printf(bio_err, "Warning: broken key encoding: "); switch (p8inf->broken) {
switch (p8inf->broken) case PKCS8_NO_OCTET:
{ BIO_printf(bio_err, "No Octet String in PrivateKey\n");
case PKCS8_NO_OCTET: break;
BIO_printf(bio_err, "No Octet String in PrivateKey\n");
break;
case PKCS8_EMBEDDED_PARAM: case PKCS8_EMBEDDED_PARAM:
BIO_printf(bio_err, "DSA parameters included in PrivateKey\n"); BIO_printf(bio_err, "DSA parameters included in PrivateKey\n");
break; break;
case PKCS8_NS_DB: case PKCS8_NS_DB:
BIO_printf(bio_err, "DSA public key include in PrivateKey\n"); BIO_printf(bio_err, "DSA public key include in PrivateKey\n");
break; break;
case PKCS8_NEG_PRIVKEY: case PKCS8_NEG_PRIVKEY:
BIO_printf(bio_err, "DSA private key value is negative\n"); BIO_printf(bio_err, "DSA private key value is negative\n");
break; break;
default: default:
BIO_printf(bio_err, "Unknown broken type\n"); BIO_printf(bio_err, "Unknown broken type\n");
break; break;
} }
} }
if (outformat == FORMAT_PEM) if (outformat == FORMAT_PEM)
PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout); PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
else if (outformat == FORMAT_ASN1) else if (outformat == FORMAT_ASN1)
i2d_PrivateKey_bio(out, pkey); i2d_PrivateKey_bio(out, pkey);
else else {
{ BIO_printf(bio_err, "Bad format specified for key\n");
BIO_printf(bio_err, "Bad format specified for key\n"); goto end;
goto end; }
} ret = 0;
ret = 0;
end: end:
X509_SIG_free(p8); X509_SIG_free(p8);
PKCS8_PRIV_KEY_INFO_free(p8inf); PKCS8_PRIV_KEY_INFO_free(p8inf);
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
BIO_free_all(out); BIO_free_all(out);
BIO_free(in); BIO_free(in);
if (passin) if (passin)
OPENSSL_free(passin); OPENSSL_free(passin);
if (passout) if (passout)
OPENSSL_free(passout); OPENSSL_free(passout);
return ret; return ret;
} }

353
apps/pkey.c
View File

@ -1,6 +1,7 @@
/* apps/pkey.c */ /* apps/pkey.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL /*
* project 2006 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 2006
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved. * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
@ -67,218 +68,184 @@
int MAIN(int, char **); int MAIN(int, char **);
int MAIN(int argc, char **argv) int MAIN(int argc, char **argv)
{ {
ENGINE *e = NULL; ENGINE *e = NULL;
char **args, *infile = NULL, *outfile = NULL; char **args, *infile = NULL, *outfile = NULL;
char *passargin = NULL, *passargout = NULL; char *passargin = NULL, *passargout = NULL;
BIO *in = NULL, *out = NULL; BIO *in = NULL, *out = NULL;
const EVP_CIPHER *cipher = NULL; const EVP_CIPHER *cipher = NULL;
int informat, outformat; int informat, outformat;
int pubin = 0, pubout = 0, pubtext = 0, text = 0, noout = 0; int pubin = 0, pubout = 0, pubtext = 0, text = 0, noout = 0;
EVP_PKEY *pkey=NULL; EVP_PKEY *pkey = NULL;
char *passin = NULL, *passout = NULL; char *passin = NULL, *passout = NULL;
int badarg = 0; int badarg = 0;
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
char *engine=NULL; char *engine = NULL;
#endif #endif
int ret = 1; int ret = 1;
if (bio_err == NULL) if (bio_err == NULL)
bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL)) if (!load_config(bio_err, NULL))
goto end; goto end;
informat=FORMAT_PEM; informat = FORMAT_PEM;
outformat=FORMAT_PEM; outformat = FORMAT_PEM;
ERR_load_crypto_strings(); ERR_load_crypto_strings();
OpenSSL_add_all_algorithms(); OpenSSL_add_all_algorithms();
args = argv + 1; args = argv + 1;
while (!badarg && *args && *args[0] == '-') while (!badarg && *args && *args[0] == '-') {
{ if (!strcmp(*args, "-inform")) {
if (!strcmp(*args,"-inform")) if (args[1]) {
{ args++;
if (args[1]) informat = str2fmt(*args);
{ } else
args++; badarg = 1;
informat=str2fmt(*args); } else if (!strcmp(*args, "-outform")) {
} if (args[1]) {
else badarg = 1; args++;
} outformat = str2fmt(*args);
else if (!strcmp(*args,"-outform")) } else
{ badarg = 1;
if (args[1]) } else if (!strcmp(*args, "-passin")) {
{ if (!args[1])
args++; goto bad;
outformat=str2fmt(*args); passargin = *(++args);
} } else if (!strcmp(*args, "-passout")) {
else badarg = 1; if (!args[1])
} goto bad;
else if (!strcmp(*args,"-passin")) passargout = *(++args);
{ }
if (!args[1]) goto bad;
passargin= *(++args);
}
else if (!strcmp(*args,"-passout"))
{
if (!args[1]) goto bad;
passargout= *(++args);
}
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
else if (strcmp(*args,"-engine") == 0) else if (strcmp(*args, "-engine") == 0) {
{ if (!args[1])
if (!args[1]) goto bad; goto bad;
engine= *(++args); engine = *(++args);
} }
#endif #endif
else if (!strcmp (*args, "-in")) else if (!strcmp(*args, "-in")) {
{ if (args[1]) {
if (args[1]) args++;
{ infile = *args;
args++; } else
infile = *args; badarg = 1;
} } else if (!strcmp(*args, "-out")) {
else badarg = 1; if (args[1]) {
} args++;
else if (!strcmp (*args, "-out")) outfile = *args;
{ } else
if (args[1]) badarg = 1;
{ } else if (strcmp(*args, "-pubin") == 0) {
args++; pubin = 1;
outfile = *args; pubout = 1;
} pubtext = 1;
else badarg = 1; } else if (strcmp(*args, "-pubout") == 0)
} pubout = 1;
else if (strcmp(*args,"-pubin") == 0) else if (strcmp(*args, "-text_pub") == 0) {
{ pubtext = 1;
pubin=1; text = 1;
pubout=1; } else if (strcmp(*args, "-text") == 0)
pubtext=1; text = 1;
} else if (strcmp(*args, "-noout") == 0)
else if (strcmp(*args,"-pubout") == 0) noout = 1;
pubout=1; else {
else if (strcmp(*args,"-text_pub") == 0) cipher = EVP_get_cipherbyname(*args + 1);
{ if (!cipher) {
pubtext=1; BIO_printf(bio_err, "Unknown cipher %s\n", *args + 1);
text=1; badarg = 1;
} }
else if (strcmp(*args,"-text") == 0) }
text=1; args++;
else if (strcmp(*args,"-noout") == 0) }
noout=1;
else
{
cipher = EVP_get_cipherbyname(*args + 1);
if (!cipher)
{
BIO_printf(bio_err, "Unknown cipher %s\n",
*args + 1);
badarg = 1;
}
}
args++;
}
if (badarg) if (badarg) {
{ bad:
bad: BIO_printf(bio_err, "Usage pkey [options]\n");
BIO_printf(bio_err, "Usage pkey [options]\n"); BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, "where options are\n"); BIO_printf(bio_err, "-in file input file\n");
BIO_printf(bio_err, "-in file input file\n"); BIO_printf(bio_err, "-inform X input format (DER or PEM)\n");
BIO_printf(bio_err, "-inform X input format (DER or PEM)\n"); BIO_printf(bio_err,
BIO_printf(bio_err, "-passin arg input file pass phrase source\n"); "-passin arg input file pass phrase source\n");
BIO_printf(bio_err, "-outform X output format (DER or PEM)\n"); BIO_printf(bio_err, "-outform X output format (DER or PEM)\n");
BIO_printf(bio_err, "-out file output file\n"); BIO_printf(bio_err, "-out file output file\n");
BIO_printf(bio_err, "-passout arg output file pass phrase source\n"); BIO_printf(bio_err,
"-passout arg output file pass phrase source\n");
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err,
"-engine e use engine e, possibly a hardware device.\n");
#endif #endif
return 1; return 1;
} }
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0); e = setup_engine(bio_err, engine, 0);
#endif #endif
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
{ BIO_printf(bio_err, "Error getting passwords\n");
BIO_printf(bio_err, "Error getting passwords\n"); goto end;
goto end; }
}
if (outfile) if (outfile) {
{ if (!(out = BIO_new_file(outfile, "wb"))) {
if (!(out = BIO_new_file (outfile, "wb"))) BIO_printf(bio_err, "Can't open output file %s\n", outfile);
{ goto end;
BIO_printf(bio_err, }
"Can't open output file %s\n", outfile); } else {
goto end; out = BIO_new_fp(stdout, BIO_NOCLOSE);
}
}
else
{
out = BIO_new_fp (stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS #ifdef OPENSSL_SYS_VMS
{ {
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out); out = BIO_push(tmpbio, out);
} }
#endif #endif
} }
if (pubin) if (pubin)
pkey = load_pubkey(bio_err, infile, informat, 1, pkey = load_pubkey(bio_err, infile, informat, 1,
passin, e, "Public Key"); passin, e, "Public Key");
else else
pkey = load_key(bio_err, infile, informat, 1, pkey = load_key(bio_err, infile, informat, 1, passin, e, "key");
passin, e, "key"); if (!pkey)
if (!pkey) goto end;
goto end;
if (!noout) if (!noout) {
{ if (outformat == FORMAT_PEM) {
if (outformat == FORMAT_PEM) if (pubout)
{ PEM_write_bio_PUBKEY(out, pkey);
if (pubout) else
PEM_write_bio_PUBKEY(out,pkey); PEM_write_bio_PrivateKey(out, pkey, cipher,
else NULL, 0, NULL, passout);
PEM_write_bio_PrivateKey(out, pkey, cipher, } else if (outformat == FORMAT_ASN1) {
NULL, 0, NULL, passout); if (pubout)
} i2d_PUBKEY_bio(out, pkey);
else if (outformat == FORMAT_ASN1) else
{ i2d_PrivateKey_bio(out, pkey);
if (pubout) } else {
i2d_PUBKEY_bio(out, pkey); BIO_printf(bio_err, "Bad format specified for key\n");
else goto end;
i2d_PrivateKey_bio(out, pkey); }
}
else
{
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
}
} }
if (text) if (text) {
{ if (pubtext)
if (pubtext) EVP_PKEY_print_public(out, pkey, 0, NULL);
EVP_PKEY_print_public(out, pkey, 0, NULL); else
else EVP_PKEY_print_private(out, pkey, 0, NULL);
EVP_PKEY_print_private(out, pkey, 0, NULL); }
}
ret = 0; ret = 0;
end: end:
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
BIO_free_all(out); BIO_free_all(out);
BIO_free(in); BIO_free(in);
if (passin) if (passin)
OPENSSL_free(passin); OPENSSL_free(passin);
if (passout) if (passout)
OPENSSL_free(passout); OPENSSL_free(passout);
return ret; return ret;
} }

201
apps/pkeyparam.c
View File

@ -1,6 +1,7 @@
/* apps/pkeyparam.c */ /* apps/pkeyparam.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL /*
* project 2006 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 2006
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved. * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
@ -67,134 +68,118 @@
int MAIN(int, char **); int MAIN(int, char **);
int MAIN(int argc, char **argv) int MAIN(int argc, char **argv)
{ {
char **args, *infile = NULL, *outfile = NULL; char **args, *infile = NULL, *outfile = NULL;
BIO *in = NULL, *out = NULL; BIO *in = NULL, *out = NULL;
int text = 0, noout = 0; int text = 0, noout = 0;
EVP_PKEY *pkey=NULL; EVP_PKEY *pkey = NULL;
int badarg = 0; int badarg = 0;
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
char *engine=NULL; char *engine = NULL;
#endif #endif
int ret = 1; int ret = 1;
if (bio_err == NULL) if (bio_err == NULL)
bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL)) if (!load_config(bio_err, NULL))
goto end; goto end;
ERR_load_crypto_strings(); ERR_load_crypto_strings();
OpenSSL_add_all_algorithms(); OpenSSL_add_all_algorithms();
args = argv + 1; args = argv + 1;
while (!badarg && *args && *args[0] == '-') while (!badarg && *args && *args[0] == '-') {
{ if (!strcmp(*args, "-in")) {
if (!strcmp (*args, "-in")) if (args[1]) {
{ args++;
if (args[1]) infile = *args;
{ } else
args++; badarg = 1;
infile = *args; } else if (!strcmp(*args, "-out")) {
} if (args[1]) {
else badarg = 1; args++;
} outfile = *args;
else if (!strcmp (*args, "-out")) } else
{ badarg = 1;
if (args[1]) }
{
args++;
outfile = *args;
}
else badarg = 1;
}
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
else if (strcmp(*args,"-engine") == 0) else if (strcmp(*args, "-engine") == 0) {
{ if (!args[1])
if (!args[1]) goto bad; goto bad;
engine= *(++args); engine = *(++args);
} }
#endif #endif
else if (strcmp(*args,"-text") == 0) else if (strcmp(*args, "-text") == 0)
text=1; text = 1;
else if (strcmp(*args,"-noout") == 0) else if (strcmp(*args, "-noout") == 0)
noout=1; noout = 1;
args++; args++;
} }
if (badarg) if (badarg) {
{
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
bad: bad:
#endif #endif
BIO_printf(bio_err, "Usage pkeyparam [options]\n"); BIO_printf(bio_err, "Usage pkeyparam [options]\n");
BIO_printf(bio_err, "where options are\n"); BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, "-in file input file\n"); BIO_printf(bio_err, "-in file input file\n");
BIO_printf(bio_err, "-out file output file\n"); BIO_printf(bio_err, "-out file output file\n");
BIO_printf(bio_err, "-text print parameters as text\n"); BIO_printf(bio_err, "-text print parameters as text\n");
BIO_printf(bio_err, "-noout don't output encoded parameters\n"); BIO_printf(bio_err,
"-noout don't output encoded parameters\n");
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err,
"-engine e use engine e, possibly a hardware device.\n");
#endif #endif
return 1; return 1;
} }
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0); setup_engine(bio_err, engine, 0);
#endif #endif
if (infile) if (infile) {
{ if (!(in = BIO_new_file(infile, "r"))) {
if (!(in = BIO_new_file (infile, "r"))) BIO_printf(bio_err, "Can't open input file %s\n", infile);
{ goto end;
BIO_printf(bio_err, }
"Can't open input file %s\n", infile); } else
goto end; in = BIO_new_fp(stdin, BIO_NOCLOSE);
}
}
else
in = BIO_new_fp (stdin, BIO_NOCLOSE);
if (outfile) if (outfile) {
{ if (!(out = BIO_new_file(outfile, "w"))) {
if (!(out = BIO_new_file (outfile, "w"))) BIO_printf(bio_err, "Can't open output file %s\n", outfile);
{ goto end;
BIO_printf(bio_err, }
"Can't open output file %s\n", outfile); } else {
goto end; out = BIO_new_fp(stdout, BIO_NOCLOSE);
}
}
else
{
out = BIO_new_fp (stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS #ifdef OPENSSL_SYS_VMS
{ {
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out); out = BIO_push(tmpbio, out);
} }
#endif #endif
} }
pkey = PEM_read_bio_Parameters(in, NULL); pkey = PEM_read_bio_Parameters(in, NULL);
if (!pkey) if (!pkey) {
{ BIO_printf(bio_err, "Error reading parameters\n");
BIO_printf(bio_err, "Error reading parameters\n"); ERR_print_errors(bio_err);
ERR_print_errors(bio_err); goto end;
goto end; }
}
if (!noout) if (!noout)
PEM_write_bio_Parameters(out,pkey); PEM_write_bio_Parameters(out, pkey);
if (text) if (text)
EVP_PKEY_print_params(out, pkey, 0, NULL); EVP_PKEY_print_params(out, pkey, 0, NULL);
ret = 0; ret = 0;
end: end:
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
BIO_free_all(out); BIO_free_all(out);
BIO_free(in); BIO_free(in);
return ret; return ret;
} }

809
apps/pkeyutl.c
View File

@ -1,5 +1,6 @@
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL /*
* project 2006. * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 2006.
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved. * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
@ -55,16 +56,15 @@
* *
*/ */
#include "apps.h" #include "apps.h"
#include <string.h> #include <string.h>
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/pem.h> #include <openssl/pem.h>
#include <openssl/evp.h> #include <openssl/evp.h>
#define KEY_PRIVKEY 1 #define KEY_PRIVKEY 1
#define KEY_PUBKEY 2 #define KEY_PUBKEY 2
#define KEY_CERT 3 #define KEY_CERT 3
static void usage(void); static void usage(void);
@ -73,498 +73,451 @@ static void usage(void);
#define PROG pkeyutl_main #define PROG pkeyutl_main
static EVP_PKEY_CTX *init_ctx(int *pkeysize, static EVP_PKEY_CTX *init_ctx(int *pkeysize,
char *keyfile, int keyform, int key_type, char *keyfile, int keyform, int key_type,
char *passargin, int pkey_op, ENGINE *e); char *passargin, int pkey_op, ENGINE *e);
static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform, static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
const char *file); const char *file);
static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op, static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
unsigned char *out, size_t *poutlen, unsigned char *out, size_t *poutlen,
unsigned char *in, size_t inlen); unsigned char *in, size_t inlen);
int MAIN(int argc, char **); int MAIN(int argc, char **);
int MAIN(int argc, char **argv) int MAIN(int argc, char **argv)
{ {
BIO *in = NULL, *out = NULL; BIO *in = NULL, *out = NULL;
char *infile = NULL, *outfile = NULL, *sigfile = NULL; char *infile = NULL, *outfile = NULL, *sigfile = NULL;
ENGINE *e = NULL; ENGINE *e = NULL;
int pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY; int pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY;
int keyform = FORMAT_PEM, peerform = FORMAT_PEM; int keyform = FORMAT_PEM, peerform = FORMAT_PEM;
char badarg = 0, rev = 0; char badarg = 0, rev = 0;
char hexdump = 0, asn1parse = 0; char hexdump = 0, asn1parse = 0;
EVP_PKEY_CTX *ctx = NULL; EVP_PKEY_CTX *ctx = NULL;
char *passargin = NULL; char *passargin = NULL;
int keysize = -1; int keysize = -1;
unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL; unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;
size_t buf_outlen; size_t buf_outlen;
int buf_inlen = 0, siglen = -1; int buf_inlen = 0, siglen = -1;
int ret = 1, rv = -1; int ret = 1, rv = -1;
argc--; argc--;
argv++; argv++;
if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); if (!bio_err)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL)) if (!load_config(bio_err, NULL))
goto end; goto end;
ERR_load_crypto_strings(); ERR_load_crypto_strings();
OpenSSL_add_all_algorithms(); OpenSSL_add_all_algorithms();
while(argc >= 1) while (argc >= 1) {
{ if (!strcmp(*argv, "-in")) {
if (!strcmp(*argv,"-in")) if (--argc < 1)
{ badarg = 1;
if (--argc < 1) badarg = 1; else
else infile= *(++argv); infile = *(++argv);
} } else if (!strcmp(*argv, "-out")) {
else if (!strcmp(*argv,"-out")) if (--argc < 1)
{ badarg = 1;
if (--argc < 1) badarg = 1; else
else outfile= *(++argv); outfile = *(++argv);
} } else if (!strcmp(*argv, "-sigfile")) {
else if (!strcmp(*argv,"-sigfile")) if (--argc < 1)
{ badarg = 1;
if (--argc < 1) badarg = 1; else
else sigfile= *(++argv); sigfile = *(++argv);
} } else if (!strcmp(*argv, "-inkey")) {
else if(!strcmp(*argv, "-inkey")) if (--argc < 1)
{ badarg = 1;
if (--argc < 1) else {
badarg = 1; ctx = init_ctx(&keysize,
else *(++argv), keyform, key_type,
{ passargin, pkey_op, e);
ctx = init_ctx(&keysize, if (!ctx) {
*(++argv), keyform, key_type, BIO_puts(bio_err, "Error initializing context\n");
passargin, pkey_op, e); ERR_print_errors(bio_err);
if (!ctx) badarg = 1;
{ }
BIO_puts(bio_err, }
"Error initializing context\n"); } else if (!strcmp(*argv, "-peerkey")) {
ERR_print_errors(bio_err); if (--argc < 1)
badarg = 1; badarg = 1;
} else if (!setup_peer(bio_err, ctx, peerform, *(++argv)))
} badarg = 1;
} } else if (!strcmp(*argv, "-passin")) {
else if (!strcmp(*argv,"-peerkey")) if (--argc < 1)
{ badarg = 1;
if (--argc < 1) else
badarg = 1; passargin = *(++argv);
else if (!setup_peer(bio_err, ctx, peerform, *(++argv))) } else if (strcmp(*argv, "-peerform") == 0) {
badarg = 1; if (--argc < 1)
} badarg = 1;
else if (!strcmp(*argv,"-passin")) else
{ peerform = str2fmt(*(++argv));
if (--argc < 1) badarg = 1; } else if (strcmp(*argv, "-keyform") == 0) {
else passargin= *(++argv); if (--argc < 1)
} badarg = 1;
else if (strcmp(*argv,"-peerform") == 0) else
{ keyform = str2fmt(*(++argv));
if (--argc < 1) badarg = 1; }
else peerform=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-keyform") == 0)
{
if (--argc < 1) badarg = 1;
else keyform=str2fmt(*(++argv));
}
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
else if(!strcmp(*argv, "-engine")) else if (!strcmp(*argv, "-engine")) {
{ if (--argc < 1)
if (--argc < 1) badarg = 1;
badarg = 1; else
else e = setup_engine(bio_err, *(++argv), 0);
e = setup_engine(bio_err, *(++argv), 0); }
}
#endif #endif
else if(!strcmp(*argv, "-pubin")) else if (!strcmp(*argv, "-pubin"))
key_type = KEY_PUBKEY; key_type = KEY_PUBKEY;
else if(!strcmp(*argv, "-certin")) else if (!strcmp(*argv, "-certin"))
key_type = KEY_CERT; key_type = KEY_CERT;
else if(!strcmp(*argv, "-asn1parse")) else if (!strcmp(*argv, "-asn1parse"))
asn1parse = 1; asn1parse = 1;
else if(!strcmp(*argv, "-hexdump")) else if (!strcmp(*argv, "-hexdump"))
hexdump = 1; hexdump = 1;
else if(!strcmp(*argv, "-sign")) else if (!strcmp(*argv, "-sign"))
pkey_op = EVP_PKEY_OP_SIGN; pkey_op = EVP_PKEY_OP_SIGN;
else if(!strcmp(*argv, "-verify")) else if (!strcmp(*argv, "-verify"))
pkey_op = EVP_PKEY_OP_VERIFY; pkey_op = EVP_PKEY_OP_VERIFY;
else if(!strcmp(*argv, "-verifyrecover")) else if (!strcmp(*argv, "-verifyrecover"))
pkey_op = EVP_PKEY_OP_VERIFYRECOVER; pkey_op = EVP_PKEY_OP_VERIFYRECOVER;
else if(!strcmp(*argv, "-rev")) else if (!strcmp(*argv, "-rev"))
rev = 1; rev = 1;
else if(!strcmp(*argv, "-encrypt")) else if (!strcmp(*argv, "-encrypt"))
pkey_op = EVP_PKEY_OP_ENCRYPT; pkey_op = EVP_PKEY_OP_ENCRYPT;
else if(!strcmp(*argv, "-decrypt")) else if (!strcmp(*argv, "-decrypt"))
pkey_op = EVP_PKEY_OP_DECRYPT; pkey_op = EVP_PKEY_OP_DECRYPT;
else if(!strcmp(*argv, "-derive")) else if (!strcmp(*argv, "-derive"))
pkey_op = EVP_PKEY_OP_DERIVE; pkey_op = EVP_PKEY_OP_DERIVE;
else if (strcmp(*argv,"-pkeyopt") == 0) else if (strcmp(*argv, "-pkeyopt") == 0) {
{ if (--argc < 1)
if (--argc < 1) badarg = 1;
badarg = 1; else if (!ctx) {
else if (!ctx) BIO_puts(bio_err, "-pkeyopt command before -inkey\n");
{ badarg = 1;
BIO_puts(bio_err, } else if (pkey_ctrl_string(ctx, *(++argv)) <= 0) {
"-pkeyopt command before -inkey\n"); BIO_puts(bio_err, "parameter setting error\n");
badarg = 1; ERR_print_errors(bio_err);
} goto end;
else if (pkey_ctrl_string(ctx, *(++argv)) <= 0) }
{ } else
BIO_puts(bio_err, "parameter setting error\n"); badarg = 1;
ERR_print_errors(bio_err); if (badarg) {
goto end; usage();
} goto end;
} }
else badarg = 1; argc--;
if(badarg) argv++;
{ }
usage();
goto end;
}
argc--;
argv++;
}
if (!ctx) if (!ctx) {
{ usage();
usage(); goto end;
goto end; }
}
if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY)) if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY)) {
{ BIO_puts(bio_err, "Signature file specified for non verify\n");
BIO_puts(bio_err, "Signature file specified for non verify\n"); goto end;
goto end; }
}
if (!sigfile && (pkey_op == EVP_PKEY_OP_VERIFY)) if (!sigfile && (pkey_op == EVP_PKEY_OP_VERIFY)) {
{ BIO_puts(bio_err, "No signature file specified for verify\n");
BIO_puts(bio_err, "No signature file specified for verify\n"); goto end;
goto end; }
}
/* FIXME: seed PRNG only if needed */ /* FIXME: seed PRNG only if needed */
app_RAND_load_file(NULL, bio_err, 0); app_RAND_load_file(NULL, bio_err, 0);
if (pkey_op != EVP_PKEY_OP_DERIVE) if (pkey_op != EVP_PKEY_OP_DERIVE) {
{ if (infile) {
if(infile) if (!(in = BIO_new_file(infile, "rb"))) {
{ BIO_puts(bio_err, "Error Opening Input File\n");
if(!(in = BIO_new_file(infile, "rb"))) ERR_print_errors(bio_err);
{ goto end;
BIO_puts(bio_err, }
"Error Opening Input File\n"); } else
ERR_print_errors(bio_err); in = BIO_new_fp(stdin, BIO_NOCLOSE);
goto end; }
}
}
else
in = BIO_new_fp(stdin, BIO_NOCLOSE);
}
if(outfile) if (outfile) {
{ if (!(out = BIO_new_file(outfile, "wb"))) {
if(!(out = BIO_new_file(outfile, "wb"))) BIO_printf(bio_err, "Error Creating Output File\n");
{ ERR_print_errors(bio_err);
BIO_printf(bio_err, "Error Creating Output File\n"); goto end;
ERR_print_errors(bio_err); }
goto end; } else {
} out = BIO_new_fp(stdout, BIO_NOCLOSE);
}
else
{
out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS #ifdef OPENSSL_SYS_VMS
{ {
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out); out = BIO_push(tmpbio, out);
} }
#endif #endif
} }
if (sigfile) if (sigfile) {
{ BIO *sigbio = BIO_new_file(sigfile, "rb");
BIO *sigbio = BIO_new_file(sigfile, "rb"); if (!sigbio) {
if (!sigbio) BIO_printf(bio_err, "Can't open signature file %s\n", sigfile);
{ goto end;
BIO_printf(bio_err, "Can't open signature file %s\n", }
sigfile); siglen = bio_to_mem(&sig, keysize * 10, sigbio);
goto end; BIO_free(sigbio);
} if (siglen <= 0) {
siglen = bio_to_mem(&sig, keysize * 10, sigbio); BIO_printf(bio_err, "Error reading signature data\n");
BIO_free(sigbio); goto end;
if (siglen <= 0) }
{ }
BIO_printf(bio_err, "Error reading signature data\n");
goto end;
}
}
if (in) if (in) {
{ /* Read the input data */
/* Read the input data */ buf_inlen = bio_to_mem(&buf_in, keysize * 10, in);
buf_inlen = bio_to_mem(&buf_in, keysize * 10, in); if (buf_inlen <= 0) {
if(buf_inlen <= 0) BIO_printf(bio_err, "Error reading input Data\n");
{ exit(1);
BIO_printf(bio_err, "Error reading input Data\n"); }
exit(1); if (rev) {
} size_t i;
if(rev) unsigned char ctmp;
{ size_t l = (size_t)buf_inlen;
size_t i; for (i = 0; i < l / 2; i++) {
unsigned char ctmp; ctmp = buf_in[i];
size_t l = (size_t)buf_inlen; buf_in[i] = buf_in[l - 1 - i];
for(i = 0; i < l/2; i++) buf_in[l - 1 - i] = ctmp;
{ }
ctmp = buf_in[i]; }
buf_in[i] = buf_in[l - 1 - i]; }
buf_in[l - 1 - i] = ctmp;
}
}
}
if(pkey_op == EVP_PKEY_OP_VERIFY) if (pkey_op == EVP_PKEY_OP_VERIFY) {
{ rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen,
rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen, buf_in, (size_t)buf_inlen);
buf_in, (size_t)buf_inlen); if (rv == 0)
if (rv == 0) BIO_puts(out, "Signature Verification Failure\n");
BIO_puts(out, "Signature Verification Failure\n"); else if (rv == 1)
else if (rv == 1) BIO_puts(out, "Signature Verified Successfully\n");
BIO_puts(out, "Signature Verified Successfully\n"); if (rv >= 0)
if (rv >= 0) goto end;
goto end; } else {
} rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen,
else buf_in, (size_t)buf_inlen);
{ if (rv > 0) {
rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen, buf_out = OPENSSL_malloc(buf_outlen);
buf_in, (size_t)buf_inlen); if (!buf_out)
if (rv > 0) rv = -1;
{ else
buf_out = OPENSSL_malloc(buf_outlen); rv = do_keyop(ctx, pkey_op,
if (!buf_out) buf_out, (size_t *)&buf_outlen,
rv = -1; buf_in, (size_t)buf_inlen);
else }
rv = do_keyop(ctx, pkey_op, }
buf_out, (size_t *)&buf_outlen,
buf_in, (size_t)buf_inlen);
}
}
if(rv <= 0) if (rv <= 0) {
{ BIO_printf(bio_err, "Public Key operation error\n");
BIO_printf(bio_err, "Public Key operation error\n"); ERR_print_errors(bio_err);
ERR_print_errors(bio_err); goto end;
goto end; }
} ret = 0;
ret = 0; if (asn1parse) {
if(asn1parse) if (!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1))
{ ERR_print_errors(bio_err);
if(!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1)) } else if (hexdump)
ERR_print_errors(bio_err); BIO_dump(out, (char *)buf_out, buf_outlen);
} else
else if(hexdump) BIO_write(out, buf_out, buf_outlen);
BIO_dump(out, (char *)buf_out, buf_outlen);
else
BIO_write(out, buf_out, buf_outlen);
end: end:
if (ctx) if (ctx)
EVP_PKEY_CTX_free(ctx); EVP_PKEY_CTX_free(ctx);
BIO_free(in); BIO_free(in);
BIO_free_all(out); BIO_free_all(out);
if (buf_in) if (buf_in)
OPENSSL_free(buf_in); OPENSSL_free(buf_in);
if (buf_out) if (buf_out)
OPENSSL_free(buf_out); OPENSSL_free(buf_out);
if (sig) if (sig)
OPENSSL_free(sig); OPENSSL_free(sig);
return ret; return ret;
} }
static void usage() static void usage()
{ {
BIO_printf(bio_err, "Usage: pkeyutl [options]\n"); BIO_printf(bio_err, "Usage: pkeyutl [options]\n");
BIO_printf(bio_err, "-in file input file\n"); BIO_printf(bio_err, "-in file input file\n");
BIO_printf(bio_err, "-out file output file\n"); BIO_printf(bio_err, "-out file output file\n");
BIO_printf(bio_err, "-sigfile file signature file (verify operation only)\n"); BIO_printf(bio_err,
BIO_printf(bio_err, "-inkey file input key\n"); "-sigfile file signature file (verify operation only)\n");
BIO_printf(bio_err, "-keyform arg private key format - default PEM\n"); BIO_printf(bio_err, "-inkey file input key\n");
BIO_printf(bio_err, "-pubin input is a public key\n"); BIO_printf(bio_err, "-keyform arg private key format - default PEM\n");
BIO_printf(bio_err, "-certin input is a certificate carrying a public key\n"); BIO_printf(bio_err, "-pubin input is a public key\n");
BIO_printf(bio_err, "-pkeyopt X:Y public key options\n"); BIO_printf(bio_err,
BIO_printf(bio_err, "-sign sign with private key\n"); "-certin input is a certificate carrying a public key\n");
BIO_printf(bio_err, "-verify verify with public key\n"); BIO_printf(bio_err, "-pkeyopt X:Y public key options\n");
BIO_printf(bio_err, "-verifyrecover verify with public key, recover original data\n"); BIO_printf(bio_err, "-sign sign with private key\n");
BIO_printf(bio_err, "-encrypt encrypt with public key\n"); BIO_printf(bio_err, "-verify verify with public key\n");
BIO_printf(bio_err, "-decrypt decrypt with private key\n"); BIO_printf(bio_err,
BIO_printf(bio_err, "-derive derive shared secret\n"); "-verifyrecover verify with public key, recover original data\n");
BIO_printf(bio_err, "-hexdump hex dump output\n"); BIO_printf(bio_err, "-encrypt encrypt with public key\n");
BIO_printf(bio_err, "-decrypt decrypt with private key\n");
BIO_printf(bio_err, "-derive derive shared secret\n");
BIO_printf(bio_err, "-hexdump hex dump output\n");
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err,
"-engine e use engine e, possibly a hardware device.\n");
#endif #endif
BIO_printf(bio_err, "-passin arg pass phrase source\n"); BIO_printf(bio_err, "-passin arg pass phrase source\n");
} }
static EVP_PKEY_CTX *init_ctx(int *pkeysize, static EVP_PKEY_CTX *init_ctx(int *pkeysize,
char *keyfile, int keyform, int key_type, char *keyfile, int keyform, int key_type,
char *passargin, int pkey_op, ENGINE *e) char *passargin, int pkey_op, ENGINE *e)
{ {
EVP_PKEY *pkey = NULL; EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL; EVP_PKEY_CTX *ctx = NULL;
char *passin = NULL; char *passin = NULL;
int rv = -1; int rv = -1;
X509 *x; X509 *x;
if(((pkey_op == EVP_PKEY_OP_SIGN) || (pkey_op == EVP_PKEY_OP_DECRYPT) if (((pkey_op == EVP_PKEY_OP_SIGN) || (pkey_op == EVP_PKEY_OP_DECRYPT)
|| (pkey_op == EVP_PKEY_OP_DERIVE)) || (pkey_op == EVP_PKEY_OP_DERIVE))
&& (key_type != KEY_PRIVKEY)) && (key_type != KEY_PRIVKEY)) {
{ BIO_printf(bio_err, "A private key is needed for this operation\n");
BIO_printf(bio_err, "A private key is needed for this operation\n"); goto end;
goto end; }
} if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) BIO_printf(bio_err, "Error getting password\n");
{ goto end;
BIO_printf(bio_err, "Error getting password\n"); }
goto end; switch (key_type) {
} case KEY_PRIVKEY:
switch(key_type) pkey = load_key(bio_err, keyfile, keyform, 0,
{ passin, e, "Private Key");
case KEY_PRIVKEY: break;
pkey = load_key(bio_err, keyfile, keyform, 0,
passin, e, "Private Key");
break;
case KEY_PUBKEY: case KEY_PUBKEY:
pkey = load_pubkey(bio_err, keyfile, keyform, 0, pkey = load_pubkey(bio_err, keyfile, keyform, 0,
NULL, e, "Public Key"); NULL, e, "Public Key");
break; break;
case KEY_CERT: case KEY_CERT:
x = load_cert(bio_err, keyfile, keyform, x = load_cert(bio_err, keyfile, keyform, NULL, e, "Certificate");
NULL, e, "Certificate"); if (x) {
if(x) pkey = X509_get_pubkey(x);
{ X509_free(x);
pkey = X509_get_pubkey(x); }
X509_free(x); break;
}
break;
} }
*pkeysize = EVP_PKEY_size(pkey); *pkeysize = EVP_PKEY_size(pkey);
if (!pkey) if (!pkey)
goto end; goto end;
ctx = EVP_PKEY_CTX_new(pkey, e); ctx = EVP_PKEY_CTX_new(pkey, e);
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
if (!ctx) if (!ctx)
goto end; goto end;
switch(pkey_op) switch (pkey_op) {
{ case EVP_PKEY_OP_SIGN:
case EVP_PKEY_OP_SIGN: rv = EVP_PKEY_sign_init(ctx);
rv = EVP_PKEY_sign_init(ctx); break;
break;
case EVP_PKEY_OP_VERIFY: case EVP_PKEY_OP_VERIFY:
rv = EVP_PKEY_verify_init(ctx); rv = EVP_PKEY_verify_init(ctx);
break; break;
case EVP_PKEY_OP_VERIFYRECOVER: case EVP_PKEY_OP_VERIFYRECOVER:
rv = EVP_PKEY_verify_recover_init(ctx); rv = EVP_PKEY_verify_recover_init(ctx);
break; break;
case EVP_PKEY_OP_ENCRYPT: case EVP_PKEY_OP_ENCRYPT:
rv = EVP_PKEY_encrypt_init(ctx); rv = EVP_PKEY_encrypt_init(ctx);
break; break;
case EVP_PKEY_OP_DECRYPT: case EVP_PKEY_OP_DECRYPT:
rv = EVP_PKEY_decrypt_init(ctx); rv = EVP_PKEY_decrypt_init(ctx);
break; break;
case EVP_PKEY_OP_DERIVE: case EVP_PKEY_OP_DERIVE:
rv = EVP_PKEY_derive_init(ctx); rv = EVP_PKEY_derive_init(ctx);
break; break;
} }
if (rv <= 0) if (rv <= 0) {
{ EVP_PKEY_CTX_free(ctx);
EVP_PKEY_CTX_free(ctx); ctx = NULL;
ctx = NULL; }
}
end: end:
if (passin) if (passin)
OPENSSL_free(passin); OPENSSL_free(passin);
return ctx; return ctx;
}
}
static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform, static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
const char *file) const char *file)
{ {
EVP_PKEY *peer = NULL; EVP_PKEY *peer = NULL;
int ret; int ret;
if (!ctx) if (!ctx) {
{ BIO_puts(err, "-peerkey command before -inkey\n");
BIO_puts(err, "-peerkey command before -inkey\n"); return 0;
return 0; }
}
peer = load_pubkey(bio_err, file, peerform, 0, NULL, NULL, "Peer Key"); peer = load_pubkey(bio_err, file, peerform, 0, NULL, NULL, "Peer Key");
if (!peer) if (!peer) {
{ BIO_printf(bio_err, "Error reading peer key %s\n", file);
BIO_printf(bio_err, "Error reading peer key %s\n", file); ERR_print_errors(err);
ERR_print_errors(err); return 0;
return 0; }
}
ret = EVP_PKEY_derive_set_peer(ctx, peer); ret = EVP_PKEY_derive_set_peer(ctx, peer);
EVP_PKEY_free(peer); EVP_PKEY_free(peer);
if (ret <= 0) if (ret <= 0)
ERR_print_errors(err); ERR_print_errors(err);
return ret; return ret;
} }
static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op, static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
unsigned char *out, size_t *poutlen, unsigned char *out, size_t *poutlen,
unsigned char *in, size_t inlen) unsigned char *in, size_t inlen)
{ {
int rv = 0; int rv = 0;
switch(pkey_op) switch (pkey_op) {
{ case EVP_PKEY_OP_VERIFYRECOVER:
case EVP_PKEY_OP_VERIFYRECOVER: rv = EVP_PKEY_verify_recover(ctx, out, poutlen, in, inlen);
rv = EVP_PKEY_verify_recover(ctx, out, poutlen, in, inlen); break;
break;
case EVP_PKEY_OP_SIGN: case EVP_PKEY_OP_SIGN:
rv = EVP_PKEY_sign(ctx, out, poutlen, in, inlen); rv = EVP_PKEY_sign(ctx, out, poutlen, in, inlen);
break; break;
case EVP_PKEY_OP_ENCRYPT: case EVP_PKEY_OP_ENCRYPT:
rv = EVP_PKEY_encrypt(ctx, out, poutlen, in, inlen); rv = EVP_PKEY_encrypt(ctx, out, poutlen, in, inlen);
break; break;
case EVP_PKEY_OP_DECRYPT: case EVP_PKEY_OP_DECRYPT:
rv = EVP_PKEY_decrypt(ctx, out, poutlen, in, inlen); rv = EVP_PKEY_decrypt(ctx, out, poutlen, in, inlen);
break; break;
case EVP_PKEY_OP_DERIVE: case EVP_PKEY_OP_DERIVE:
rv = EVP_PKEY_derive(ctx, out, poutlen); rv = EVP_PKEY_derive(ctx, out, poutlen);
break; break;
} }
return rv; return rv;
} }

147
apps/prime.c
View File

@ -52,109 +52,100 @@
#include "apps.h" #include "apps.h"
#include <openssl/bn.h> #include <openssl/bn.h>
#undef PROG #undef PROG
#define PROG prime_main #define PROG prime_main
int MAIN(int, char **); int MAIN(int, char **);
int MAIN(int argc, char **argv) int MAIN(int argc, char **argv)
{ {
int hex=0; int hex = 0;
int checks=20; int checks = 20;
int generate=0; int generate = 0;
int bits=0; int bits = 0;
int safe=0; int safe = 0;
BIGNUM *bn=NULL; BIGNUM *bn = NULL;
BIO *bio_out; BIO *bio_out;
apps_startup(); apps_startup();
if (bio_err == NULL) if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
--argc; --argc;
++argv; ++argv;
while (argc >= 1 && **argv == '-') while (argc >= 1 && **argv == '-') {
{ if (!strcmp(*argv, "-hex"))
if(!strcmp(*argv,"-hex")) hex = 1;
hex=1; else if (!strcmp(*argv, "-generate"))
else if(!strcmp(*argv,"-generate")) generate = 1;
generate=1; else if (!strcmp(*argv, "-bits"))
else if(!strcmp(*argv,"-bits")) if (--argc < 1)
if(--argc < 1) goto bad;
goto bad; else
else bits = atoi(*++argv);
bits=atoi(*++argv); else if (!strcmp(*argv, "-safe"))
else if(!strcmp(*argv,"-safe")) safe = 1;
safe=1; else if (!strcmp(*argv, "-checks"))
else if(!strcmp(*argv,"-checks")) if (--argc < 1)
if(--argc < 1) goto bad;
goto bad; else
else checks = atoi(*++argv);
checks=atoi(*++argv); else {
else BIO_printf(bio_err, "Unknown option '%s'\n", *argv);
{ goto bad;
BIO_printf(bio_err,"Unknown option '%s'\n",*argv); }
goto bad; --argc;
} ++argv;
--argc; }
++argv;
}
if (argv[0] == NULL && !generate) if (argv[0] == NULL && !generate) {
{ BIO_printf(bio_err, "No prime specified\n");
BIO_printf(bio_err,"No prime specified\n"); goto bad;
goto bad; }
}
if ((bio_out=BIO_new(BIO_s_file())) != NULL) if ((bio_out = BIO_new(BIO_s_file())) != NULL) {
{ BIO_set_fp(bio_out, stdout, BIO_NOCLOSE);
BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS #ifdef OPENSSL_SYS_VMS
{ {
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); BIO *tmpbio = BIO_new(BIO_f_linebuffer());
bio_out = BIO_push(tmpbio, bio_out); bio_out = BIO_push(tmpbio, bio_out);
} }
#endif #endif
} }
if(generate) if (generate) {
{ char *s;
char *s;
if(!bits) if (!bits) {
{ BIO_printf(bio_err, "Specifiy the number of bits.\n");
BIO_printf(bio_err,"Specifiy the number of bits.\n"); return 1;
return 1; }
} bn = BN_new();
bn=BN_new(); BN_generate_prime_ex(bn, bits, safe, NULL, NULL, NULL);
BN_generate_prime_ex(bn,bits,safe,NULL,NULL,NULL); s = hex ? BN_bn2hex(bn) : BN_bn2dec(bn);
s=hex ? BN_bn2hex(bn) : BN_bn2dec(bn); BIO_printf(bio_out, "%s\n", s);
BIO_printf(bio_out,"%s\n",s); OPENSSL_free(s);
OPENSSL_free(s); } else {
} if (hex)
else BN_hex2bn(&bn, argv[0]);
{ else
if(hex) BN_dec2bn(&bn, argv[0]);
BN_hex2bn(&bn,argv[0]);
else
BN_dec2bn(&bn,argv[0]);
BN_print(bio_out,bn); BN_print(bio_out, bn);
BIO_printf(bio_out," is %sprime\n", BIO_printf(bio_out, " is %sprime\n",
BN_is_prime_ex(bn,checks,NULL,NULL) ? "" : "not "); BN_is_prime_ex(bn, checks, NULL, NULL) ? "" : "not ");
} }
BN_free(bn); BN_free(bn);
BIO_free_all(bio_out); BIO_free_all(bio_out);
return 0; return 0;
bad: bad:
BIO_printf(bio_err,"options are\n"); BIO_printf(bio_err, "options are\n");
BIO_printf(bio_err,"%-14s hex\n","-hex"); BIO_printf(bio_err, "%-14s hex\n", "-hex");
BIO_printf(bio_err,"%-14s number of checks\n","-checks <n>"); BIO_printf(bio_err, "%-14s number of checks\n", "-checks <n>");
return 1; return 1;
} }

358
apps/progs.h
View File

@ -1,378 +1,378 @@
/* apps/progs.h */ /* apps/progs.h */
/* automatically generated by progs.pl for openssl.c */ /* automatically generated by progs.pl for openssl.c */
extern int verify_main(int argc,char *argv[]); extern int verify_main(int argc, char *argv[]);
extern int asn1parse_main(int argc,char *argv[]); extern int asn1parse_main(int argc, char *argv[]);
extern int req_main(int argc,char *argv[]); extern int req_main(int argc, char *argv[]);
extern int dgst_main(int argc,char *argv[]); extern int dgst_main(int argc, char *argv[]);
extern int dh_main(int argc,char *argv[]); extern int dh_main(int argc, char *argv[]);
extern int dhparam_main(int argc,char *argv[]); extern int dhparam_main(int argc, char *argv[]);
extern int enc_main(int argc,char *argv[]); extern int enc_main(int argc, char *argv[]);
extern int passwd_main(int argc,char *argv[]); extern int passwd_main(int argc, char *argv[]);
extern int gendh_main(int argc,char *argv[]); extern int gendh_main(int argc, char *argv[]);
extern int errstr_main(int argc,char *argv[]); extern int errstr_main(int argc, char *argv[]);
extern int ca_main(int argc,char *argv[]); extern int ca_main(int argc, char *argv[]);
extern int crl_main(int argc,char *argv[]); extern int crl_main(int argc, char *argv[]);
extern int rsa_main(int argc,char *argv[]); extern int rsa_main(int argc, char *argv[]);
extern int rsautl_main(int argc,char *argv[]); extern int rsautl_main(int argc, char *argv[]);
extern int dsa_main(int argc,char *argv[]); extern int dsa_main(int argc, char *argv[]);
extern int dsaparam_main(int argc,char *argv[]); extern int dsaparam_main(int argc, char *argv[]);
extern int ec_main(int argc,char *argv[]); extern int ec_main(int argc, char *argv[]);
extern int ecparam_main(int argc,char *argv[]); extern int ecparam_main(int argc, char *argv[]);
extern int x509_main(int argc,char *argv[]); extern int x509_main(int argc, char *argv[]);
extern int genrsa_main(int argc,char *argv[]); extern int genrsa_main(int argc, char *argv[]);
extern int gendsa_main(int argc,char *argv[]); extern int gendsa_main(int argc, char *argv[]);
extern int genpkey_main(int argc,char *argv[]); extern int genpkey_main(int argc, char *argv[]);
extern int s_server_main(int argc,char *argv[]); extern int s_server_main(int argc, char *argv[]);
extern int s_client_main(int argc,char *argv[]); extern int s_client_main(int argc, char *argv[]);
extern int speed_main(int argc,char *argv[]); extern int speed_main(int argc, char *argv[]);
extern int s_time_main(int argc,char *argv[]); extern int s_time_main(int argc, char *argv[]);
extern int version_main(int argc,char *argv[]); extern int version_main(int argc, char *argv[]);
extern int pkcs7_main(int argc,char *argv[]); extern int pkcs7_main(int argc, char *argv[]);
extern int cms_main(int argc,char *argv[]); extern int cms_main(int argc, char *argv[]);
extern int crl2pkcs7_main(int argc,char *argv[]); extern int crl2pkcs7_main(int argc, char *argv[]);
extern int sess_id_main(int argc,char *argv[]); extern int sess_id_main(int argc, char *argv[]);
extern int ciphers_main(int argc,char *argv[]); extern int ciphers_main(int argc, char *argv[]);
extern int nseq_main(int argc,char *argv[]); extern int nseq_main(int argc, char *argv[]);
extern int pkcs12_main(int argc,char *argv[]); extern int pkcs12_main(int argc, char *argv[]);
extern int pkcs8_main(int argc,char *argv[]); extern int pkcs8_main(int argc, char *argv[]);
extern int pkey_main(int argc,char *argv[]); extern int pkey_main(int argc, char *argv[]);
extern int pkeyparam_main(int argc,char *argv[]); extern int pkeyparam_main(int argc, char *argv[]);
extern int pkeyutl_main(int argc,char *argv[]); extern int pkeyutl_main(int argc, char *argv[]);
extern int spkac_main(int argc,char *argv[]); extern int spkac_main(int argc, char *argv[]);
extern int smime_main(int argc,char *argv[]); extern int smime_main(int argc, char *argv[]);
extern int rand_main(int argc,char *argv[]); extern int rand_main(int argc, char *argv[]);
extern int engine_main(int argc,char *argv[]); extern int engine_main(int argc, char *argv[]);
extern int ocsp_main(int argc,char *argv[]); extern int ocsp_main(int argc, char *argv[]);
extern int prime_main(int argc,char *argv[]); extern int prime_main(int argc, char *argv[]);
extern int ts_main(int argc,char *argv[]); extern int ts_main(int argc, char *argv[]);
extern int srp_main(int argc,char *argv[]); extern int srp_main(int argc, char *argv[]);
#define FUNC_TYPE_GENERAL 1 #define FUNC_TYPE_GENERAL 1
#define FUNC_TYPE_MD 2 #define FUNC_TYPE_MD 2
#define FUNC_TYPE_CIPHER 3 #define FUNC_TYPE_CIPHER 3
#define FUNC_TYPE_PKEY 4 #define FUNC_TYPE_PKEY 4
#define FUNC_TYPE_MD_ALG 5 #define FUNC_TYPE_MD_ALG 5
#define FUNC_TYPE_CIPHER_ALG 6 #define FUNC_TYPE_CIPHER_ALG 6
typedef struct { typedef struct {
int type; int type;
const char *name; const char *name;
int (*func)(int argc,char *argv[]); int (*func) (int argc, char *argv[]);
} FUNCTION; } FUNCTION;
DECLARE_LHASH_OF(FUNCTION); DECLARE_LHASH_OF(FUNCTION);
FUNCTION functions[] = { FUNCTION functions[] = {
{FUNC_TYPE_GENERAL,"verify",verify_main}, {FUNC_TYPE_GENERAL, "verify", verify_main},
{FUNC_TYPE_GENERAL,"asn1parse",asn1parse_main}, {FUNC_TYPE_GENERAL, "asn1parse", asn1parse_main},
{FUNC_TYPE_GENERAL,"req",req_main}, {FUNC_TYPE_GENERAL, "req", req_main},
{FUNC_TYPE_GENERAL,"dgst",dgst_main}, {FUNC_TYPE_GENERAL, "dgst", dgst_main},
#ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_DH
{FUNC_TYPE_GENERAL,"dh",dh_main}, {FUNC_TYPE_GENERAL, "dh", dh_main},
#endif #endif
#ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_DH
{FUNC_TYPE_GENERAL,"dhparam",dhparam_main}, {FUNC_TYPE_GENERAL, "dhparam", dhparam_main},
#endif #endif
{FUNC_TYPE_GENERAL,"enc",enc_main}, {FUNC_TYPE_GENERAL, "enc", enc_main},
{FUNC_TYPE_GENERAL,"passwd",passwd_main}, {FUNC_TYPE_GENERAL, "passwd", passwd_main},
#ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_DH
{FUNC_TYPE_GENERAL,"gendh",gendh_main}, {FUNC_TYPE_GENERAL, "gendh", gendh_main},
#endif #endif
{FUNC_TYPE_GENERAL,"errstr",errstr_main}, {FUNC_TYPE_GENERAL, "errstr", errstr_main},
{FUNC_TYPE_GENERAL,"ca",ca_main}, {FUNC_TYPE_GENERAL, "ca", ca_main},
{FUNC_TYPE_GENERAL,"crl",crl_main}, {FUNC_TYPE_GENERAL, "crl", crl_main},
#ifndef OPENSSL_NO_RSA #ifndef OPENSSL_NO_RSA
{FUNC_TYPE_GENERAL,"rsa",rsa_main}, {FUNC_TYPE_GENERAL, "rsa", rsa_main},
#endif #endif
#ifndef OPENSSL_NO_RSA #ifndef OPENSSL_NO_RSA
{FUNC_TYPE_GENERAL,"rsautl",rsautl_main}, {FUNC_TYPE_GENERAL, "rsautl", rsautl_main},
#endif #endif
#ifndef OPENSSL_NO_DSA #ifndef OPENSSL_NO_DSA
{FUNC_TYPE_GENERAL,"dsa",dsa_main}, {FUNC_TYPE_GENERAL, "dsa", dsa_main},
#endif #endif
#ifndef OPENSSL_NO_DSA #ifndef OPENSSL_NO_DSA
{FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main}, {FUNC_TYPE_GENERAL, "dsaparam", dsaparam_main},
#endif #endif
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
{FUNC_TYPE_GENERAL,"ec",ec_main}, {FUNC_TYPE_GENERAL, "ec", ec_main},
#endif #endif
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
{FUNC_TYPE_GENERAL,"ecparam",ecparam_main}, {FUNC_TYPE_GENERAL, "ecparam", ecparam_main},
#endif #endif
{FUNC_TYPE_GENERAL,"x509",x509_main}, {FUNC_TYPE_GENERAL, "x509", x509_main},
#ifndef OPENSSL_NO_RSA #ifndef OPENSSL_NO_RSA
{FUNC_TYPE_GENERAL,"genrsa",genrsa_main}, {FUNC_TYPE_GENERAL, "genrsa", genrsa_main},
#endif #endif
#ifndef OPENSSL_NO_DSA #ifndef OPENSSL_NO_DSA
{FUNC_TYPE_GENERAL,"gendsa",gendsa_main}, {FUNC_TYPE_GENERAL, "gendsa", gendsa_main},
#endif #endif
{FUNC_TYPE_GENERAL,"genpkey",genpkey_main}, {FUNC_TYPE_GENERAL, "genpkey", genpkey_main},
#if !defined(OPENSSL_NO_SOCK) #if !defined(OPENSSL_NO_SOCK)
{FUNC_TYPE_GENERAL,"s_server",s_server_main}, {FUNC_TYPE_GENERAL, "s_server", s_server_main},
#endif #endif
#if !defined(OPENSSL_NO_SOCK) #if !defined(OPENSSL_NO_SOCK)
{FUNC_TYPE_GENERAL,"s_client",s_client_main}, {FUNC_TYPE_GENERAL, "s_client", s_client_main},
#endif #endif
#ifndef OPENSSL_NO_SPEED #ifndef OPENSSL_NO_SPEED
{FUNC_TYPE_GENERAL,"speed",speed_main}, {FUNC_TYPE_GENERAL, "speed", speed_main},
#endif #endif
#if !defined(OPENSSL_NO_SOCK) #if !defined(OPENSSL_NO_SOCK)
{FUNC_TYPE_GENERAL,"s_time",s_time_main}, {FUNC_TYPE_GENERAL, "s_time", s_time_main},
#endif #endif
{FUNC_TYPE_GENERAL,"version",version_main}, {FUNC_TYPE_GENERAL, "version", version_main},
{FUNC_TYPE_GENERAL,"pkcs7",pkcs7_main}, {FUNC_TYPE_GENERAL, "pkcs7", pkcs7_main},
#ifndef OPENSSL_NO_CMS #ifndef OPENSSL_NO_CMS
{FUNC_TYPE_GENERAL,"cms",cms_main}, {FUNC_TYPE_GENERAL, "cms", cms_main},
#endif #endif
{FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main}, {FUNC_TYPE_GENERAL, "crl2pkcs7", crl2pkcs7_main},
{FUNC_TYPE_GENERAL,"sess_id",sess_id_main}, {FUNC_TYPE_GENERAL, "sess_id", sess_id_main},
#if !defined(OPENSSL_NO_SOCK) #if !defined(OPENSSL_NO_SOCK)
{FUNC_TYPE_GENERAL,"ciphers",ciphers_main}, {FUNC_TYPE_GENERAL, "ciphers", ciphers_main},
#endif #endif
{FUNC_TYPE_GENERAL,"nseq",nseq_main}, {FUNC_TYPE_GENERAL, "nseq", nseq_main},
#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1) #if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
{FUNC_TYPE_GENERAL,"pkcs12",pkcs12_main}, {FUNC_TYPE_GENERAL, "pkcs12", pkcs12_main},
#endif #endif
{FUNC_TYPE_GENERAL,"pkcs8",pkcs8_main}, {FUNC_TYPE_GENERAL, "pkcs8", pkcs8_main},
{FUNC_TYPE_GENERAL,"pkey",pkey_main}, {FUNC_TYPE_GENERAL, "pkey", pkey_main},
{FUNC_TYPE_GENERAL,"pkeyparam",pkeyparam_main}, {FUNC_TYPE_GENERAL, "pkeyparam", pkeyparam_main},
{FUNC_TYPE_GENERAL,"pkeyutl",pkeyutl_main}, {FUNC_TYPE_GENERAL, "pkeyutl", pkeyutl_main},
{FUNC_TYPE_GENERAL,"spkac",spkac_main}, {FUNC_TYPE_GENERAL, "spkac", spkac_main},
{FUNC_TYPE_GENERAL,"smime",smime_main}, {FUNC_TYPE_GENERAL, "smime", smime_main},
{FUNC_TYPE_GENERAL,"rand",rand_main}, {FUNC_TYPE_GENERAL, "rand", rand_main},
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
{FUNC_TYPE_GENERAL,"engine",engine_main}, {FUNC_TYPE_GENERAL, "engine", engine_main},
#endif #endif
#ifndef OPENSSL_NO_OCSP #ifndef OPENSSL_NO_OCSP
{FUNC_TYPE_GENERAL,"ocsp",ocsp_main}, {FUNC_TYPE_GENERAL, "ocsp", ocsp_main},
#endif #endif
{FUNC_TYPE_GENERAL,"prime",prime_main}, {FUNC_TYPE_GENERAL, "prime", prime_main},
{FUNC_TYPE_GENERAL,"ts",ts_main}, {FUNC_TYPE_GENERAL, "ts", ts_main},
#ifndef OPENSSL_NO_SRP #ifndef OPENSSL_NO_SRP
{FUNC_TYPE_GENERAL,"srp",srp_main}, {FUNC_TYPE_GENERAL, "srp", srp_main},
#endif #endif
#ifndef OPENSSL_NO_MD2 #ifndef OPENSSL_NO_MD2
{FUNC_TYPE_MD,"md2",dgst_main}, {FUNC_TYPE_MD, "md2", dgst_main},
#endif #endif
#ifndef OPENSSL_NO_MD4 #ifndef OPENSSL_NO_MD4
{FUNC_TYPE_MD,"md4",dgst_main}, {FUNC_TYPE_MD, "md4", dgst_main},
#endif #endif
#ifndef OPENSSL_NO_MD5 #ifndef OPENSSL_NO_MD5
{FUNC_TYPE_MD,"md5",dgst_main}, {FUNC_TYPE_MD, "md5", dgst_main},
#endif #endif
#ifndef OPENSSL_NO_SHA #ifndef OPENSSL_NO_SHA
{FUNC_TYPE_MD,"sha",dgst_main}, {FUNC_TYPE_MD, "sha", dgst_main},
#endif #endif
#ifndef OPENSSL_NO_SHA1 #ifndef OPENSSL_NO_SHA1
{FUNC_TYPE_MD,"sha1",dgst_main}, {FUNC_TYPE_MD, "sha1", dgst_main},
#endif #endif
#ifndef OPENSSL_NO_MDC2 #ifndef OPENSSL_NO_MDC2
{FUNC_TYPE_MD,"mdc2",dgst_main}, {FUNC_TYPE_MD, "mdc2", dgst_main},
#endif #endif
#ifndef OPENSSL_NO_RMD160 #ifndef OPENSSL_NO_RMD160
{FUNC_TYPE_MD,"rmd160",dgst_main}, {FUNC_TYPE_MD, "rmd160", dgst_main},
#endif #endif
#ifndef OPENSSL_NO_SHA224 #ifndef OPENSSL_NO_SHA224
{FUNC_TYPE_MD,"sha224",dgst_main}, {FUNC_TYPE_MD, "sha224", dgst_main},
#endif #endif
#ifndef OPENSSL_NO_SHA256 #ifndef OPENSSL_NO_SHA256
{FUNC_TYPE_MD,"sha256",dgst_main}, {FUNC_TYPE_MD, "sha256", dgst_main},
#endif #endif
#ifndef OPENSSL_NO_SHA384 #ifndef OPENSSL_NO_SHA384
{FUNC_TYPE_MD,"sha384",dgst_main}, {FUNC_TYPE_MD, "sha384", dgst_main},
#endif #endif
#ifndef OPENSSL_NO_SHA512 #ifndef OPENSSL_NO_SHA512
{FUNC_TYPE_MD,"sha512",dgst_main}, {FUNC_TYPE_MD, "sha512", dgst_main},
#endif #endif
#ifndef OPENSSL_NO_AES #ifndef OPENSSL_NO_AES
{FUNC_TYPE_CIPHER,"aes-128-cbc",enc_main}, {FUNC_TYPE_CIPHER, "aes-128-cbc", enc_main},
#endif #endif
#ifndef OPENSSL_NO_AES #ifndef OPENSSL_NO_AES
{FUNC_TYPE_CIPHER,"aes-128-ecb",enc_main}, {FUNC_TYPE_CIPHER, "aes-128-ecb", enc_main},
#endif #endif
#ifndef OPENSSL_NO_AES #ifndef OPENSSL_NO_AES
{FUNC_TYPE_CIPHER,"aes-192-cbc",enc_main}, {FUNC_TYPE_CIPHER, "aes-192-cbc", enc_main},
#endif #endif
#ifndef OPENSSL_NO_AES #ifndef OPENSSL_NO_AES
{FUNC_TYPE_CIPHER,"aes-192-ecb",enc_main}, {FUNC_TYPE_CIPHER, "aes-192-ecb", enc_main},
#endif #endif
#ifndef OPENSSL_NO_AES #ifndef OPENSSL_NO_AES
{FUNC_TYPE_CIPHER,"aes-256-cbc",enc_main}, {FUNC_TYPE_CIPHER, "aes-256-cbc", enc_main},
#endif #endif
#ifndef OPENSSL_NO_AES #ifndef OPENSSL_NO_AES
{FUNC_TYPE_CIPHER,"aes-256-ecb",enc_main}, {FUNC_TYPE_CIPHER, "aes-256-ecb", enc_main},
#endif #endif
#ifndef OPENSSL_NO_CAMELLIA #ifndef OPENSSL_NO_CAMELLIA
{FUNC_TYPE_CIPHER,"camellia-128-cbc",enc_main}, {FUNC_TYPE_CIPHER, "camellia-128-cbc", enc_main},
#endif #endif
#ifndef OPENSSL_NO_CAMELLIA #ifndef OPENSSL_NO_CAMELLIA
{FUNC_TYPE_CIPHER,"camellia-128-ecb",enc_main}, {FUNC_TYPE_CIPHER, "camellia-128-ecb", enc_main},
#endif #endif
#ifndef OPENSSL_NO_CAMELLIA #ifndef OPENSSL_NO_CAMELLIA
{FUNC_TYPE_CIPHER,"camellia-192-cbc",enc_main}, {FUNC_TYPE_CIPHER, "camellia-192-cbc", enc_main},
#endif #endif
#ifndef OPENSSL_NO_CAMELLIA #ifndef OPENSSL_NO_CAMELLIA
{FUNC_TYPE_CIPHER,"camellia-192-ecb",enc_main}, {FUNC_TYPE_CIPHER, "camellia-192-ecb", enc_main},
#endif #endif
#ifndef OPENSSL_NO_CAMELLIA #ifndef OPENSSL_NO_CAMELLIA
{FUNC_TYPE_CIPHER,"camellia-256-cbc",enc_main}, {FUNC_TYPE_CIPHER, "camellia-256-cbc", enc_main},
#endif #endif
#ifndef OPENSSL_NO_CAMELLIA #ifndef OPENSSL_NO_CAMELLIA
{FUNC_TYPE_CIPHER,"camellia-256-ecb",enc_main}, {FUNC_TYPE_CIPHER, "camellia-256-ecb", enc_main},
#endif #endif
{FUNC_TYPE_CIPHER,"base64",enc_main}, {FUNC_TYPE_CIPHER, "base64", enc_main},
#ifdef ZLIB #ifdef ZLIB
{FUNC_TYPE_CIPHER,"zlib",enc_main}, {FUNC_TYPE_CIPHER, "zlib", enc_main},
#endif #endif
#ifndef OPENSSL_NO_DES #ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des",enc_main}, {FUNC_TYPE_CIPHER, "des", enc_main},
#endif #endif
#ifndef OPENSSL_NO_DES #ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des3",enc_main}, {FUNC_TYPE_CIPHER, "des3", enc_main},
#endif #endif
#ifndef OPENSSL_NO_DES #ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"desx",enc_main}, {FUNC_TYPE_CIPHER, "desx", enc_main},
#endif #endif
#ifndef OPENSSL_NO_IDEA #ifndef OPENSSL_NO_IDEA
{FUNC_TYPE_CIPHER,"idea",enc_main}, {FUNC_TYPE_CIPHER, "idea", enc_main},
#endif #endif
#ifndef OPENSSL_NO_SEED #ifndef OPENSSL_NO_SEED
{FUNC_TYPE_CIPHER,"seed",enc_main}, {FUNC_TYPE_CIPHER, "seed", enc_main},
#endif #endif
#ifndef OPENSSL_NO_RC4 #ifndef OPENSSL_NO_RC4
{FUNC_TYPE_CIPHER,"rc4",enc_main}, {FUNC_TYPE_CIPHER, "rc4", enc_main},
#endif #endif
#ifndef OPENSSL_NO_RC4 #ifndef OPENSSL_NO_RC4
{FUNC_TYPE_CIPHER,"rc4-40",enc_main}, {FUNC_TYPE_CIPHER, "rc4-40", enc_main},
#endif #endif
#ifndef OPENSSL_NO_RC2 #ifndef OPENSSL_NO_RC2
{FUNC_TYPE_CIPHER,"rc2",enc_main}, {FUNC_TYPE_CIPHER, "rc2", enc_main},
#endif #endif
#ifndef OPENSSL_NO_BF #ifndef OPENSSL_NO_BF
{FUNC_TYPE_CIPHER,"bf",enc_main}, {FUNC_TYPE_CIPHER, "bf", enc_main},
#endif #endif
#ifndef OPENSSL_NO_CAST #ifndef OPENSSL_NO_CAST
{FUNC_TYPE_CIPHER,"cast",enc_main}, {FUNC_TYPE_CIPHER, "cast", enc_main},
#endif #endif
#ifndef OPENSSL_NO_RC5 #ifndef OPENSSL_NO_RC5
{FUNC_TYPE_CIPHER,"rc5",enc_main}, {FUNC_TYPE_CIPHER, "rc5", enc_main},
#endif #endif
#ifndef OPENSSL_NO_DES #ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des-ecb",enc_main}, {FUNC_TYPE_CIPHER, "des-ecb", enc_main},
#endif #endif
#ifndef OPENSSL_NO_DES #ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des-ede",enc_main}, {FUNC_TYPE_CIPHER, "des-ede", enc_main},
#endif #endif
#ifndef OPENSSL_NO_DES #ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des-ede3",enc_main}, {FUNC_TYPE_CIPHER, "des-ede3", enc_main},
#endif #endif
#ifndef OPENSSL_NO_DES #ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des-cbc",enc_main}, {FUNC_TYPE_CIPHER, "des-cbc", enc_main},
#endif #endif
#ifndef OPENSSL_NO_DES #ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des-ede-cbc",enc_main}, {FUNC_TYPE_CIPHER, "des-ede-cbc", enc_main},
#endif #endif
#ifndef OPENSSL_NO_DES #ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des-ede3-cbc",enc_main}, {FUNC_TYPE_CIPHER, "des-ede3-cbc", enc_main},
#endif #endif
#ifndef OPENSSL_NO_DES #ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des-cfb",enc_main}, {FUNC_TYPE_CIPHER, "des-cfb", enc_main},
#endif #endif
#ifndef OPENSSL_NO_DES #ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des-ede-cfb",enc_main}, {FUNC_TYPE_CIPHER, "des-ede-cfb", enc_main},
#endif #endif
#ifndef OPENSSL_NO_DES #ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des-ede3-cfb",enc_main}, {FUNC_TYPE_CIPHER, "des-ede3-cfb", enc_main},
#endif #endif
#ifndef OPENSSL_NO_DES #ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des-ofb",enc_main}, {FUNC_TYPE_CIPHER, "des-ofb", enc_main},
#endif #endif
#ifndef OPENSSL_NO_DES #ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des-ede-ofb",enc_main}, {FUNC_TYPE_CIPHER, "des-ede-ofb", enc_main},
#endif #endif
#ifndef OPENSSL_NO_DES #ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des-ede3-ofb",enc_main}, {FUNC_TYPE_CIPHER, "des-ede3-ofb", enc_main},
#endif #endif
#ifndef OPENSSL_NO_IDEA #ifndef OPENSSL_NO_IDEA
{FUNC_TYPE_CIPHER,"idea-cbc",enc_main}, {FUNC_TYPE_CIPHER, "idea-cbc", enc_main},
#endif #endif
#ifndef OPENSSL_NO_IDEA #ifndef OPENSSL_NO_IDEA
{FUNC_TYPE_CIPHER,"idea-ecb",enc_main}, {FUNC_TYPE_CIPHER, "idea-ecb", enc_main},
#endif #endif
#ifndef OPENSSL_NO_IDEA #ifndef OPENSSL_NO_IDEA
{FUNC_TYPE_CIPHER,"idea-cfb",enc_main}, {FUNC_TYPE_CIPHER, "idea-cfb", enc_main},
#endif #endif
#ifndef OPENSSL_NO_IDEA #ifndef OPENSSL_NO_IDEA
{FUNC_TYPE_CIPHER,"idea-ofb",enc_main}, {FUNC_TYPE_CIPHER, "idea-ofb", enc_main},
#endif #endif
#ifndef OPENSSL_NO_SEED #ifndef OPENSSL_NO_SEED
{FUNC_TYPE_CIPHER,"seed-cbc",enc_main}, {FUNC_TYPE_CIPHER, "seed-cbc", enc_main},
#endif #endif
#ifndef OPENSSL_NO_SEED #ifndef OPENSSL_NO_SEED
{FUNC_TYPE_CIPHER,"seed-ecb",enc_main}, {FUNC_TYPE_CIPHER, "seed-ecb", enc_main},
#endif #endif
#ifndef OPENSSL_NO_SEED #ifndef OPENSSL_NO_SEED
{FUNC_TYPE_CIPHER,"seed-cfb",enc_main}, {FUNC_TYPE_CIPHER, "seed-cfb", enc_main},
#endif #endif
#ifndef OPENSSL_NO_SEED #ifndef OPENSSL_NO_SEED
{FUNC_TYPE_CIPHER,"seed-ofb",enc_main}, {FUNC_TYPE_CIPHER, "seed-ofb", enc_main},
#endif #endif
#ifndef OPENSSL_NO_RC2 #ifndef OPENSSL_NO_RC2
{FUNC_TYPE_CIPHER,"rc2-cbc",enc_main}, {FUNC_TYPE_CIPHER, "rc2-cbc", enc_main},
#endif #endif
#ifndef OPENSSL_NO_RC2 #ifndef OPENSSL_NO_RC2
{FUNC_TYPE_CIPHER,"rc2-ecb",enc_main}, {FUNC_TYPE_CIPHER, "rc2-ecb", enc_main},
#endif #endif
#ifndef OPENSSL_NO_RC2 #ifndef OPENSSL_NO_RC2
{FUNC_TYPE_CIPHER,"rc2-cfb",enc_main}, {FUNC_TYPE_CIPHER, "rc2-cfb", enc_main},
#endif #endif
#ifndef OPENSSL_NO_RC2 #ifndef OPENSSL_NO_RC2
{FUNC_TYPE_CIPHER,"rc2-ofb",enc_main}, {FUNC_TYPE_CIPHER, "rc2-ofb", enc_main},
#endif #endif
#ifndef OPENSSL_NO_RC2 #ifndef OPENSSL_NO_RC2
{FUNC_TYPE_CIPHER,"rc2-64-cbc",enc_main}, {FUNC_TYPE_CIPHER, "rc2-64-cbc", enc_main},
#endif #endif
#ifndef OPENSSL_NO_RC2 #ifndef OPENSSL_NO_RC2
{FUNC_TYPE_CIPHER,"rc2-40-cbc",enc_main}, {FUNC_TYPE_CIPHER, "rc2-40-cbc", enc_main},
#endif #endif
#ifndef OPENSSL_NO_BF #ifndef OPENSSL_NO_BF
{FUNC_TYPE_CIPHER,"bf-cbc",enc_main}, {FUNC_TYPE_CIPHER, "bf-cbc", enc_main},
#endif #endif
#ifndef OPENSSL_NO_BF #ifndef OPENSSL_NO_BF
{FUNC_TYPE_CIPHER,"bf-ecb",enc_main}, {FUNC_TYPE_CIPHER, "bf-ecb", enc_main},
#endif #endif
#ifndef OPENSSL_NO_BF #ifndef OPENSSL_NO_BF
{FUNC_TYPE_CIPHER,"bf-cfb",enc_main}, {FUNC_TYPE_CIPHER, "bf-cfb", enc_main},
#endif #endif
#ifndef OPENSSL_NO_BF #ifndef OPENSSL_NO_BF
{FUNC_TYPE_CIPHER,"bf-ofb",enc_main}, {FUNC_TYPE_CIPHER, "bf-ofb", enc_main},
#endif #endif
#ifndef OPENSSL_NO_CAST #ifndef OPENSSL_NO_CAST
{FUNC_TYPE_CIPHER,"cast5-cbc",enc_main}, {FUNC_TYPE_CIPHER, "cast5-cbc", enc_main},
#endif #endif
#ifndef OPENSSL_NO_CAST #ifndef OPENSSL_NO_CAST
{FUNC_TYPE_CIPHER,"cast5-ecb",enc_main}, {FUNC_TYPE_CIPHER, "cast5-ecb", enc_main},
#endif #endif
#ifndef OPENSSL_NO_CAST #ifndef OPENSSL_NO_CAST
{FUNC_TYPE_CIPHER,"cast5-cfb",enc_main}, {FUNC_TYPE_CIPHER, "cast5-cfb", enc_main},
#endif #endif
#ifndef OPENSSL_NO_CAST #ifndef OPENSSL_NO_CAST
{FUNC_TYPE_CIPHER,"cast5-ofb",enc_main}, {FUNC_TYPE_CIPHER, "cast5-ofb", enc_main},
#endif #endif
#ifndef OPENSSL_NO_CAST #ifndef OPENSSL_NO_CAST
{FUNC_TYPE_CIPHER,"cast-cbc",enc_main}, {FUNC_TYPE_CIPHER, "cast-cbc", enc_main},
#endif #endif
#ifndef OPENSSL_NO_RC5 #ifndef OPENSSL_NO_RC5
{FUNC_TYPE_CIPHER,"rc5-cbc",enc_main}, {FUNC_TYPE_CIPHER, "rc5-cbc", enc_main},
#endif #endif
#ifndef OPENSSL_NO_RC5 #ifndef OPENSSL_NO_RC5
{FUNC_TYPE_CIPHER,"rc5-ecb",enc_main}, {FUNC_TYPE_CIPHER, "rc5-ecb", enc_main},
#endif #endif
#ifndef OPENSSL_NO_RC5 #ifndef OPENSSL_NO_RC5
{FUNC_TYPE_CIPHER,"rc5-cfb",enc_main}, {FUNC_TYPE_CIPHER, "rc5-cfb", enc_main},
#endif #endif
#ifndef OPENSSL_NO_RC5 #ifndef OPENSSL_NO_RC5
{FUNC_TYPE_CIPHER,"rc5-ofb",enc_main}, {FUNC_TYPE_CIPHER, "rc5-ofb", enc_main},
#endif #endif
{0,NULL,NULL} {0, NULL, NULL}
}; };

269
apps/rand.c
View File

@ -77,170 +77,153 @@
int MAIN(int, char **); int MAIN(int, char **);
int MAIN(int argc, char **argv) int MAIN(int argc, char **argv)
{ {
int i, r, ret = 1; int i, r, ret = 1;
int badopt; int badopt;
char *outfile = NULL; char *outfile = NULL;
char *inrand = NULL; char *inrand = NULL;
int base64 = 0; int base64 = 0;
int hex = 0; int hex = 0;
BIO *out = NULL; BIO *out = NULL;
int num = -1; int num = -1;
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
char *engine=NULL; char *engine = NULL;
#endif #endif
apps_startup(); apps_startup();
if (bio_err == NULL) if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL)) if (!load_config(bio_err, NULL))
goto err; goto err;
badopt = 0; badopt = 0;
i = 0; i = 0;
while (!badopt && argv[++i] != NULL) while (!badopt && argv[++i] != NULL) {
{ if (strcmp(argv[i], "-out") == 0) {
if (strcmp(argv[i], "-out") == 0) if ((argv[i + 1] != NULL) && (outfile == NULL))
{ outfile = argv[++i];
if ((argv[i+1] != NULL) && (outfile == NULL)) else
outfile = argv[++i]; badopt = 1;
else }
badopt = 1;
}
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
else if (strcmp(argv[i], "-engine") == 0) else if (strcmp(argv[i], "-engine") == 0) {
{ if ((argv[i + 1] != NULL) && (engine == NULL))
if ((argv[i+1] != NULL) && (engine == NULL)) engine = argv[++i];
engine = argv[++i]; else
else badopt = 1;
badopt = 1; }
}
#endif #endif
else if (strcmp(argv[i], "-rand") == 0) else if (strcmp(argv[i], "-rand") == 0) {
{ if ((argv[i + 1] != NULL) && (inrand == NULL))
if ((argv[i+1] != NULL) && (inrand == NULL)) inrand = argv[++i];
inrand = argv[++i]; else
else badopt = 1;
badopt = 1; } else if (strcmp(argv[i], "-base64") == 0) {
} if (!base64)
else if (strcmp(argv[i], "-base64") == 0) base64 = 1;
{ else
if (!base64) badopt = 1;
base64 = 1; } else if (strcmp(argv[i], "-hex") == 0) {
else if (!hex)
badopt = 1; hex = 1;
} else
else if (strcmp(argv[i], "-hex") == 0) badopt = 1;
{ } else if (isdigit((unsigned char)argv[i][0])) {
if (!hex) if (num < 0) {
hex = 1; r = sscanf(argv[i], "%d", &num);
else if (r == 0 || num < 0)
badopt = 1; badopt = 1;
} } else
else if (isdigit((unsigned char)argv[i][0])) badopt = 1;
{ } else
if (num < 0) badopt = 1;
{ }
r = sscanf(argv[i], "%d", &num);
if (r == 0 || num < 0)
badopt = 1;
}
else
badopt = 1;
}
else
badopt = 1;
}
if (hex && base64) if (hex && base64)
badopt = 1; badopt = 1;
if (num < 0) if (num < 0)
badopt = 1; badopt = 1;
if (badopt) if (badopt) {
{ BIO_printf(bio_err, "Usage: rand [options] num\n");
BIO_printf(bio_err, "Usage: rand [options] num\n"); BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, "where options are\n"); BIO_printf(bio_err, "-out file - write to file\n");
BIO_printf(bio_err, "-out file - write to file\n");
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, "-engine e - use engine e, possibly a hardware device.\n"); BIO_printf(bio_err,
"-engine e - use engine e, possibly a hardware device.\n");
#endif #endif
BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n",
BIO_printf(bio_err, "-base64 - base64 encode output\n"); LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, "-hex - hex encode output\n"); BIO_printf(bio_err, "-base64 - base64 encode output\n");
goto err; BIO_printf(bio_err, "-hex - hex encode output\n");
} goto err;
}
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0); setup_engine(bio_err, engine, 0);
#endif #endif
app_RAND_load_file(NULL, bio_err, (inrand != NULL)); app_RAND_load_file(NULL, bio_err, (inrand != NULL));
if (inrand != NULL) if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n", BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand)); app_RAND_load_files(inrand));
out = BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file());
if (out == NULL) if (out == NULL)
goto err; goto err;
if (outfile != NULL) if (outfile != NULL)
r = BIO_write_filename(out, outfile); r = BIO_write_filename(out, outfile);
else else {
{ r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
#ifdef OPENSSL_SYS_VMS #ifdef OPENSSL_SYS_VMS
{ {
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out); out = BIO_push(tmpbio, out);
} }
#endif #endif
} }
if (r <= 0) if (r <= 0)
goto err; goto err;
if (base64) if (base64) {
{ BIO *b64 = BIO_new(BIO_f_base64());
BIO *b64 = BIO_new(BIO_f_base64()); if (b64 == NULL)
if (b64 == NULL) goto err;
goto err; out = BIO_push(b64, out);
out = BIO_push(b64, out); }
}
while (num > 0) while (num > 0) {
{ unsigned char buf[4096];
unsigned char buf[4096]; int chunk;
int chunk;
chunk = num; chunk = num;
if (chunk > (int)sizeof(buf)) if (chunk > (int)sizeof(buf))
chunk = sizeof buf; chunk = sizeof buf;
r = RAND_bytes(buf, chunk); r = RAND_bytes(buf, chunk);
if (r <= 0) if (r <= 0)
goto err; goto err;
if (!hex) if (!hex)
BIO_write(out, buf, chunk); BIO_write(out, buf, chunk);
else else {
{ for (i = 0; i < chunk; i++)
for (i = 0; i < chunk; i++) BIO_printf(out, "%02x", buf[i]);
BIO_printf(out, "%02x", buf[i]); }
} num -= chunk;
num -= chunk; }
} if (hex)
if (hex) BIO_puts(out, "\n");
BIO_puts(out, "\n"); (void)BIO_flush(out);
(void)BIO_flush(out);
app_RAND_write_file(NULL, bio_err); app_RAND_write_file(NULL, bio_err);
ret = 0; ret = 0;
err: err:
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
if (out) if (out)
BIO_free_all(out); BIO_free_all(out);
apps_shutdown(); apps_shutdown();
OPENSSL_EXIT(ret); OPENSSL_EXIT(ret);
} }

2958
apps/req.c
View File

File diff suppressed because it is too large Load Diff

684
apps/rsa.c
View File

@ -58,394 +58,382 @@
#include <openssl/opensslconf.h> #include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_RSA #ifndef OPENSSL_NO_RSA
#include <stdio.h> # include <stdio.h>
#include <stdlib.h> # include <stdlib.h>
#include <string.h> # include <string.h>
#include <time.h> # include <time.h>
#include "apps.h" # include "apps.h"
#include <openssl/bio.h> # include <openssl/bio.h>
#include <openssl/err.h> # include <openssl/err.h>
#include <openssl/rsa.h> # include <openssl/rsa.h>
#include <openssl/evp.h> # include <openssl/evp.h>
#include <openssl/x509.h> # include <openssl/x509.h>
#include <openssl/pem.h> # include <openssl/pem.h>
#include <openssl/bn.h> # include <openssl/bn.h>
#undef PROG # undef PROG
#define PROG rsa_main # define PROG rsa_main
/*- /*-
* -inform arg - input format - default PEM (one of DER, NET or PEM) * -inform arg - input format - default PEM (one of DER, NET or PEM)
* -outform arg - output format - default PEM * -outform arg - output format - default PEM
* -in arg - input file - default stdin * -in arg - input file - default stdin
* -out arg - output file - default stdout * -out arg - output file - default stdout
* -des - encrypt output if PEM format with DES in cbc mode * -des - encrypt output if PEM format with DES in cbc mode
* -des3 - encrypt output if PEM format * -des3 - encrypt output if PEM format
* -idea - encrypt output if PEM format * -idea - encrypt output if PEM format
* -seed - encrypt output if PEM format * -seed - encrypt output if PEM format
* -aes128 - encrypt output if PEM format * -aes128 - encrypt output if PEM format
* -aes192 - encrypt output if PEM format * -aes192 - encrypt output if PEM format
* -aes256 - encrypt output if PEM format * -aes256 - encrypt output if PEM format
* -camellia128 - encrypt output if PEM format * -camellia128 - encrypt output if PEM format
* -camellia192 - encrypt output if PEM format * -camellia192 - encrypt output if PEM format
* -camellia256 - encrypt output if PEM format * -camellia256 - encrypt output if PEM format
* -text - print a text version * -text - print a text version
* -modulus - print the RSA key modulus * -modulus - print the RSA key modulus
* -check - verify key consistency * -check - verify key consistency
* -pubin - Expect a public key in input file. * -pubin - Expect a public key in input file.
* -pubout - Output a public key. * -pubout - Output a public key.
*/ */
int MAIN(int, char **); int MAIN(int, char **);
int MAIN(int argc, char **argv) int MAIN(int argc, char **argv)
{ {
ENGINE *e = NULL; ENGINE *e = NULL;
int ret=1; int ret = 1;
RSA *rsa=NULL; RSA *rsa = NULL;
int i,badops=0, sgckey=0; int i, badops = 0, sgckey = 0;
const EVP_CIPHER *enc=NULL; const EVP_CIPHER *enc = NULL;
BIO *out=NULL; BIO *out = NULL;
int informat,outformat,text=0,check=0,noout=0; int informat, outformat, text = 0, check = 0, noout = 0;
int pubin = 0, pubout = 0; int pubin = 0, pubout = 0;
char *infile,*outfile,*prog; char *infile, *outfile, *prog;
char *passargin = NULL, *passargout = NULL; char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL; char *passin = NULL, *passout = NULL;
#ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
char *engine=NULL; char *engine = NULL;
#endif # endif
int modulus=0; int modulus = 0;
int pvk_encr = 2; int pvk_encr = 2;
apps_startup(); apps_startup();
if (bio_err == NULL) if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL)) if (!load_config(bio_err, NULL))
goto end; goto end;
infile=NULL; infile = NULL;
outfile=NULL; outfile = NULL;
informat=FORMAT_PEM; informat = FORMAT_PEM;
outformat=FORMAT_PEM; outformat = FORMAT_PEM;
prog=argv[0]; prog = argv[0];
argc--; argc--;
argv++; argv++;
while (argc >= 1) while (argc >= 1) {
{ if (strcmp(*argv, "-inform") == 0) {
if (strcmp(*argv,"-inform") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad; informat = str2fmt(*(++argv));
informat=str2fmt(*(++argv)); } else if (strcmp(*argv, "-outform") == 0) {
} if (--argc < 1)
else if (strcmp(*argv,"-outform") == 0) goto bad;
{ outformat = str2fmt(*(++argv));
if (--argc < 1) goto bad; } else if (strcmp(*argv, "-in") == 0) {
outformat=str2fmt(*(++argv)); if (--argc < 1)
} goto bad;
else if (strcmp(*argv,"-in") == 0) infile = *(++argv);
{ } else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1) goto bad; if (--argc < 1)
infile= *(++argv); goto bad;
} outfile = *(++argv);
else if (strcmp(*argv,"-out") == 0) } else if (strcmp(*argv, "-passin") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
outfile= *(++argv); passargin = *(++argv);
} } else if (strcmp(*argv, "-passout") == 0) {
else if (strcmp(*argv,"-passin") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad; passargout = *(++argv);
passargin= *(++argv); }
} # ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-passout") == 0) else if (strcmp(*argv, "-engine") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
passargout= *(++argv); engine = *(++argv);
} }
#ifndef OPENSSL_NO_ENGINE # endif
else if (strcmp(*argv,"-engine") == 0) else if (strcmp(*argv, "-sgckey") == 0)
{ sgckey = 1;
if (--argc < 1) goto bad; else if (strcmp(*argv, "-pubin") == 0)
engine= *(++argv); pubin = 1;
} else if (strcmp(*argv, "-pubout") == 0)
#endif pubout = 1;
else if (strcmp(*argv,"-sgckey") == 0) else if (strcmp(*argv, "-RSAPublicKey_in") == 0)
sgckey=1; pubin = 2;
else if (strcmp(*argv,"-pubin") == 0) else if (strcmp(*argv, "-RSAPublicKey_out") == 0)
pubin=1; pubout = 2;
else if (strcmp(*argv,"-pubout") == 0) else if (strcmp(*argv, "-pvk-strong") == 0)
pubout=1; pvk_encr = 2;
else if (strcmp(*argv,"-RSAPublicKey_in") == 0) else if (strcmp(*argv, "-pvk-weak") == 0)
pubin = 2; pvk_encr = 1;
else if (strcmp(*argv,"-RSAPublicKey_out") == 0) else if (strcmp(*argv, "-pvk-none") == 0)
pubout = 2; pvk_encr = 0;
else if (strcmp(*argv,"-pvk-strong") == 0) else if (strcmp(*argv, "-noout") == 0)
pvk_encr=2; noout = 1;
else if (strcmp(*argv,"-pvk-weak") == 0) else if (strcmp(*argv, "-text") == 0)
pvk_encr=1; text = 1;
else if (strcmp(*argv,"-pvk-none") == 0) else if (strcmp(*argv, "-modulus") == 0)
pvk_encr=0; modulus = 1;
else if (strcmp(*argv,"-noout") == 0) else if (strcmp(*argv, "-check") == 0)
noout=1; check = 1;
else if (strcmp(*argv,"-text") == 0) else if ((enc = EVP_get_cipherbyname(&(argv[0][1]))) == NULL) {
text=1; BIO_printf(bio_err, "unknown option %s\n", *argv);
else if (strcmp(*argv,"-modulus") == 0) badops = 1;
modulus=1; break;
else if (strcmp(*argv,"-check") == 0) }
check=1; argc--;
else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL) argv++;
{ }
BIO_printf(bio_err,"unknown option %s\n",*argv);
badops=1;
break;
}
argc--;
argv++;
}
if (badops) if (badops) {
{ bad:
bad: BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err,"where options are\n"); BIO_printf(bio_err,
BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n"); " -inform arg input format - one of DER NET PEM\n");
BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n"); BIO_printf(bio_err,
BIO_printf(bio_err," -in arg input file\n"); " -outform arg output format - one of DER NET PEM\n");
BIO_printf(bio_err," -sgckey Use IIS SGC key format\n"); BIO_printf(bio_err, " -in arg input file\n");
BIO_printf(bio_err," -passin arg input file pass phrase source\n"); BIO_printf(bio_err, " -sgckey Use IIS SGC key format\n");
BIO_printf(bio_err," -out arg output file\n"); BIO_printf(bio_err,
BIO_printf(bio_err," -passout arg output file pass phrase source\n"); " -passin arg input file pass phrase source\n");
BIO_printf(bio_err," -des encrypt PEM output with cbc des\n"); BIO_printf(bio_err, " -out arg output file\n");
BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); BIO_printf(bio_err,
#ifndef OPENSSL_NO_IDEA " -passout arg output file pass phrase source\n");
BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n"); BIO_printf(bio_err,
#endif " -des encrypt PEM output with cbc des\n");
#ifndef OPENSSL_NO_SEED BIO_printf(bio_err,
BIO_printf(bio_err," -seed encrypt PEM output with cbc seed\n"); " -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
#endif # ifndef OPENSSL_NO_IDEA
#ifndef OPENSSL_NO_AES BIO_printf(bio_err,
BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); " -idea encrypt PEM output with cbc idea\n");
BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); # endif
#endif # ifndef OPENSSL_NO_SEED
#ifndef OPENSSL_NO_CAMELLIA BIO_printf(bio_err,
BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n"); " -seed encrypt PEM output with cbc seed\n");
BIO_printf(bio_err," encrypt PEM output with cbc camellia\n"); # endif
#endif # ifndef OPENSSL_NO_AES
BIO_printf(bio_err," -text print the key in text\n"); BIO_printf(bio_err, " -aes128, -aes192, -aes256\n");
BIO_printf(bio_err," -noout don't print key out\n"); BIO_printf(bio_err,
BIO_printf(bio_err," -modulus print the RSA key modulus\n"); " encrypt PEM output with cbc aes\n");
BIO_printf(bio_err," -check verify key consistency\n"); # endif
BIO_printf(bio_err," -pubin expect a public key in input file\n"); # ifndef OPENSSL_NO_CAMELLIA
BIO_printf(bio_err," -pubout output a public key\n"); BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n");
#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err,
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); " encrypt PEM output with cbc camellia\n");
#endif # endif
goto end; BIO_printf(bio_err, " -text print the key in text\n");
} BIO_printf(bio_err, " -noout don't print key out\n");
BIO_printf(bio_err, " -modulus print the RSA key modulus\n");
BIO_printf(bio_err, " -check verify key consistency\n");
BIO_printf(bio_err,
" -pubin expect a public key in input file\n");
BIO_printf(bio_err, " -pubout output a public key\n");
# ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,
" -engine e use engine e, possibly a hardware device.\n");
# endif
goto end;
}
ERR_load_crypto_strings(); ERR_load_crypto_strings();
#ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0); e = setup_engine(bio_err, engine, 0);
#endif # endif
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n"); BIO_printf(bio_err, "Error getting passwords\n");
goto end; goto end;
} }
if(check && pubin) { if (check && pubin) {
BIO_printf(bio_err, "Only private keys can be checked\n"); BIO_printf(bio_err, "Only private keys can be checked\n");
goto end; goto end;
} }
out=BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file());
{ {
EVP_PKEY *pkey; EVP_PKEY *pkey;
if (pubin) if (pubin) {
{ int tmpformat = -1;
int tmpformat=-1; if (pubin == 2) {
if (pubin == 2) if (informat == FORMAT_PEM)
{ tmpformat = FORMAT_PEMRSA;
if (informat == FORMAT_PEM) else if (informat == FORMAT_ASN1)
tmpformat = FORMAT_PEMRSA; tmpformat = FORMAT_ASN1RSA;
else if (informat == FORMAT_ASN1) } else if (informat == FORMAT_NETSCAPE && sgckey)
tmpformat = FORMAT_ASN1RSA; tmpformat = FORMAT_IISSGC;
} else
else if (informat == FORMAT_NETSCAPE && sgckey) tmpformat = informat;
tmpformat = FORMAT_IISSGC;
else
tmpformat = informat;
pkey = load_pubkey(bio_err, infile, tmpformat, 1, pkey = load_pubkey(bio_err, infile, tmpformat, 1,
passin, e, "Public Key"); passin, e, "Public Key");
} } else
else pkey = load_key(bio_err, infile,
pkey = load_key(bio_err, infile, (informat == FORMAT_NETSCAPE && sgckey ?
(informat == FORMAT_NETSCAPE && sgckey ? FORMAT_IISSGC : informat), 1,
FORMAT_IISSGC : informat), 1, passin, e, "Private Key");
passin, e, "Private Key");
if (pkey != NULL) if (pkey != NULL)
rsa = EVP_PKEY_get1_RSA(pkey); rsa = EVP_PKEY_get1_RSA(pkey);
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
} }
if (rsa == NULL) if (rsa == NULL) {
{ ERR_print_errors(bio_err);
ERR_print_errors(bio_err); goto end;
goto end; }
}
if (outfile == NULL) if (outfile == NULL) {
{ BIO_set_fp(out, stdout, BIO_NOCLOSE);
BIO_set_fp(out,stdout,BIO_NOCLOSE); # ifdef OPENSSL_SYS_VMS
#ifdef OPENSSL_SYS_VMS {
{ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out);
out = BIO_push(tmpbio, out); }
} # endif
#endif } else {
} if (BIO_write_filename(out, outfile) <= 0) {
else perror(outfile);
{ goto end;
if (BIO_write_filename(out,outfile) <= 0) }
{ }
perror(outfile);
goto end;
}
}
if (text) if (text)
if (!RSA_print(out,rsa,0)) if (!RSA_print(out, rsa, 0)) {
{ perror(outfile);
perror(outfile); ERR_print_errors(bio_err);
ERR_print_errors(bio_err); goto end;
goto end; }
}
if (modulus) if (modulus) {
{ BIO_printf(out, "Modulus=");
BIO_printf(out,"Modulus="); BN_print(out, rsa->n);
BN_print(out,rsa->n); BIO_printf(out, "\n");
BIO_printf(out,"\n"); }
}
if (check) if (check) {
{ int r = RSA_check_key(rsa);
int r = RSA_check_key(rsa);
if (r == 1) if (r == 1)
BIO_printf(out,"RSA key ok\n"); BIO_printf(out, "RSA key ok\n");
else if (r == 0) else if (r == 0) {
{ unsigned long err;
unsigned long err;
while ((err = ERR_peek_error()) != 0 && while ((err = ERR_peek_error()) != 0 &&
ERR_GET_LIB(err) == ERR_LIB_RSA && ERR_GET_LIB(err) == ERR_LIB_RSA &&
ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY && ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY &&
ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE) ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE) {
{ BIO_printf(out, "RSA key error: %s\n",
BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(err)); ERR_reason_error_string(err));
ERR_get_error(); /* remove e from error stack */ ERR_get_error(); /* remove e from error stack */
} }
} }
if (r == -1 || ERR_peek_error() != 0) /* should happen only if r == -1 */ if (r == -1 || ERR_peek_error() != 0) { /* should happen only if r ==
{ * -1 */
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
} }
if (noout) if (noout) {
{ ret = 0;
ret = 0; goto end;
goto end; }
} BIO_printf(bio_err, "writing RSA key\n");
BIO_printf(bio_err,"writing RSA key\n"); if (outformat == FORMAT_ASN1) {
if (outformat == FORMAT_ASN1) { if (pubout || pubin) {
if(pubout || pubin) if (pubout == 2)
{ i = i2d_RSAPublicKey_bio(out, rsa);
if (pubout == 2) else
i=i2d_RSAPublicKey_bio(out,rsa); i = i2d_RSA_PUBKEY_bio(out, rsa);
else } else
i=i2d_RSA_PUBKEY_bio(out,rsa); i = i2d_RSAPrivateKey_bio(out, rsa);
} }
else i=i2d_RSAPrivateKey_bio(out,rsa); # ifndef OPENSSL_NO_RC4
} else if (outformat == FORMAT_NETSCAPE) {
#ifndef OPENSSL_NO_RC4 unsigned char *p, *pp;
else if (outformat == FORMAT_NETSCAPE) int size;
{
unsigned char *p,*pp;
int size;
i=1; i = 1;
size=i2d_RSA_NET(rsa,NULL,NULL, sgckey); size = i2d_RSA_NET(rsa, NULL, NULL, sgckey);
if ((p=(unsigned char *)OPENSSL_malloc(size)) == NULL) if ((p = (unsigned char *)OPENSSL_malloc(size)) == NULL) {
{ BIO_printf(bio_err, "Memory allocation failure\n");
BIO_printf(bio_err,"Memory allocation failure\n"); goto end;
goto end; }
} pp = p;
pp=p; i2d_RSA_NET(rsa, &p, NULL, sgckey);
i2d_RSA_NET(rsa,&p,NULL, sgckey); BIO_write(out, (char *)pp, size);
BIO_write(out,(char *)pp,size); OPENSSL_free(pp);
OPENSSL_free(pp); }
} # endif
#endif else if (outformat == FORMAT_PEM) {
else if (outformat == FORMAT_PEM) { if (pubout || pubin) {
if(pubout || pubin) if (pubout == 2)
{ i = PEM_write_bio_RSAPublicKey(out, rsa);
if (pubout == 2) else
i=PEM_write_bio_RSAPublicKey(out,rsa); i = PEM_write_bio_RSA_PUBKEY(out, rsa);
else } else
i=PEM_write_bio_RSA_PUBKEY(out,rsa); i = PEM_write_bio_RSAPrivateKey(out, rsa,
} enc, NULL, 0, NULL, passout);
else i=PEM_write_bio_RSAPrivateKey(out,rsa, # if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
enc,NULL,0,NULL,passout); } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4) EVP_PKEY *pk;
} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) { pk = EVP_PKEY_new();
EVP_PKEY *pk; EVP_PKEY_set1_RSA(pk, rsa);
pk = EVP_PKEY_new(); if (outformat == FORMAT_PVK)
EVP_PKEY_set1_RSA(pk, rsa); i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout);
if (outformat == FORMAT_PVK) else if (pubin || pubout)
i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout); i = i2b_PublicKey_bio(out, pk);
else if (pubin || pubout) else
i = i2b_PublicKey_bio(out, pk); i = i2b_PrivateKey_bio(out, pk);
else EVP_PKEY_free(pk);
i = i2b_PrivateKey_bio(out, pk); # endif
EVP_PKEY_free(pk); } else {
#endif BIO_printf(bio_err, "bad output format specified for outfile\n");
} else { goto end;
BIO_printf(bio_err,"bad output format specified for outfile\n"); }
goto end; if (i <= 0) {
} BIO_printf(bio_err, "unable to write key\n");
if (i <= 0) ERR_print_errors(bio_err);
{ } else
BIO_printf(bio_err,"unable to write key\n"); ret = 0;
ERR_print_errors(bio_err); end:
} if (out != NULL)
else BIO_free_all(out);
ret=0; if (rsa != NULL)
end: RSA_free(rsa);
if(out != NULL) BIO_free_all(out); if (passin)
if(rsa != NULL) RSA_free(rsa); OPENSSL_free(passin);
if(passin) OPENSSL_free(passin); if (passout)
if(passout) OPENSSL_free(passout); OPENSSL_free(passout);
apps_shutdown(); apps_shutdown();
OPENSSL_EXIT(ret); OPENSSL_EXIT(ret);
} }
#else /* !OPENSSL_NO_RSA */ #else /* !OPENSSL_NO_RSA */
# if PEDANTIC # if PEDANTIC
static void *dummy=&dummy; static void *dummy = &dummy;
# endif # endif
#endif #endif

507
apps/rsautl.c
View File

@ -1,6 +1,7 @@
/* rsautl.c */ /* rsautl.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL /*
* project 2000. * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 2000.
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 2000 The OpenSSL Project. All rights reserved. * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
@ -59,293 +60,311 @@
#include <openssl/opensslconf.h> #include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_RSA #ifndef OPENSSL_NO_RSA
#include "apps.h" # include "apps.h"
#include <string.h> # include <string.h>
#include <openssl/err.h> # include <openssl/err.h>
#include <openssl/pem.h> # include <openssl/pem.h>
#include <openssl/rsa.h> # include <openssl/rsa.h>
#define RSA_SIGN 1 # define RSA_SIGN 1
#define RSA_VERIFY 2 # define RSA_VERIFY 2
#define RSA_ENCRYPT 3 # define RSA_ENCRYPT 3
#define RSA_DECRYPT 4 # define RSA_DECRYPT 4
#define KEY_PRIVKEY 1 # define KEY_PRIVKEY 1
#define KEY_PUBKEY 2 # define KEY_PUBKEY 2
#define KEY_CERT 3 # define KEY_CERT 3
static void usage(void); static void usage(void);
#undef PROG # undef PROG
#define PROG rsautl_main # define PROG rsautl_main
int MAIN(int argc, char **); int MAIN(int argc, char **);
int MAIN(int argc, char **argv) int MAIN(int argc, char **argv)
{ {
ENGINE *e = NULL; ENGINE *e = NULL;
BIO *in = NULL, *out = NULL; BIO *in = NULL, *out = NULL;
char *infile = NULL, *outfile = NULL; char *infile = NULL, *outfile = NULL;
#ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
char *engine = NULL; char *engine = NULL;
#endif # endif
char *keyfile = NULL; char *keyfile = NULL;
char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY; char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
int keyform = FORMAT_PEM; int keyform = FORMAT_PEM;
char need_priv = 0, badarg = 0, rev = 0; char need_priv = 0, badarg = 0, rev = 0;
char hexdump = 0, asn1parse = 0; char hexdump = 0, asn1parse = 0;
X509 *x; X509 *x;
EVP_PKEY *pkey = NULL; EVP_PKEY *pkey = NULL;
RSA *rsa = NULL; RSA *rsa = NULL;
unsigned char *rsa_in = NULL, *rsa_out = NULL, pad; unsigned char *rsa_in = NULL, *rsa_out = NULL, pad;
char *passargin = NULL, *passin = NULL; char *passargin = NULL, *passin = NULL;
int rsa_inlen, rsa_outlen = 0; int rsa_inlen, rsa_outlen = 0;
int keysize; int keysize;
int ret = 1; int ret = 1;
argc--; argc--;
argv++; argv++;
if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); if (!bio_err)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL)) if (!load_config(bio_err, NULL))
goto end; goto end;
ERR_load_crypto_strings(); ERR_load_crypto_strings();
OpenSSL_add_all_algorithms(); OpenSSL_add_all_algorithms();
pad = RSA_PKCS1_PADDING; pad = RSA_PKCS1_PADDING;
while(argc >= 1) while (argc >= 1) {
{ if (!strcmp(*argv, "-in")) {
if (!strcmp(*argv,"-in")) { if (--argc < 1)
if (--argc < 1) badarg = 1;
badarg = 1; else
else infile = *(++argv);
infile= *(++argv); } else if (!strcmp(*argv, "-out")) {
} else if (!strcmp(*argv,"-out")) { if (--argc < 1)
if (--argc < 1) badarg = 1;
badarg = 1; else
else outfile = *(++argv);
outfile= *(++argv); } else if (!strcmp(*argv, "-inkey")) {
} else if(!strcmp(*argv, "-inkey")) { if (--argc < 1)
if (--argc < 1) badarg = 1;
badarg = 1; else
else keyfile = *(++argv);
keyfile = *(++argv); } else if (!strcmp(*argv, "-passin")) {
} else if (!strcmp(*argv,"-passin")) { if (--argc < 1)
if (--argc < 1) badarg = 1;
badarg = 1; else
else passargin = *(++argv);
passargin= *(++argv); } else if (strcmp(*argv, "-keyform") == 0) {
} else if (strcmp(*argv,"-keyform") == 0) { if (--argc < 1)
if (--argc < 1) badarg = 1;
badarg = 1; else
else keyform = str2fmt(*(++argv));
keyform=str2fmt(*(++argv)); # ifndef OPENSSL_NO_ENGINE
#ifndef OPENSSL_NO_ENGINE } else if (!strcmp(*argv, "-engine")) {
} else if(!strcmp(*argv, "-engine")) { if (--argc < 1)
if (--argc < 1) badarg = 1;
badarg = 1; else
else engine = *(++argv);
engine = *(++argv); # endif
#endif } else if (!strcmp(*argv, "-pubin")) {
} else if(!strcmp(*argv, "-pubin")) { key_type = KEY_PUBKEY;
key_type = KEY_PUBKEY; } else if (!strcmp(*argv, "-certin")) {
} else if(!strcmp(*argv, "-certin")) { key_type = KEY_CERT;
key_type = KEY_CERT; } else if (!strcmp(*argv, "-asn1parse"))
} asn1parse = 1;
else if(!strcmp(*argv, "-asn1parse")) asn1parse = 1; else if (!strcmp(*argv, "-hexdump"))
else if(!strcmp(*argv, "-hexdump")) hexdump = 1; hexdump = 1;
else if(!strcmp(*argv, "-raw")) pad = RSA_NO_PADDING; else if (!strcmp(*argv, "-raw"))
else if(!strcmp(*argv, "-oaep")) pad = RSA_PKCS1_OAEP_PADDING; pad = RSA_NO_PADDING;
else if(!strcmp(*argv, "-ssl")) pad = RSA_SSLV23_PADDING; else if (!strcmp(*argv, "-oaep"))
else if(!strcmp(*argv, "-pkcs")) pad = RSA_PKCS1_PADDING; pad = RSA_PKCS1_OAEP_PADDING;
else if(!strcmp(*argv, "-x931")) pad = RSA_X931_PADDING; else if (!strcmp(*argv, "-ssl"))
else if(!strcmp(*argv, "-sign")) { pad = RSA_SSLV23_PADDING;
rsa_mode = RSA_SIGN; else if (!strcmp(*argv, "-pkcs"))
need_priv = 1; pad = RSA_PKCS1_PADDING;
} else if(!strcmp(*argv, "-verify")) rsa_mode = RSA_VERIFY; else if (!strcmp(*argv, "-x931"))
else if(!strcmp(*argv, "-rev")) rev = 1; pad = RSA_X931_PADDING;
else if(!strcmp(*argv, "-encrypt")) rsa_mode = RSA_ENCRYPT; else if (!strcmp(*argv, "-sign")) {
else if(!strcmp(*argv, "-decrypt")) { rsa_mode = RSA_SIGN;
rsa_mode = RSA_DECRYPT; need_priv = 1;
need_priv = 1; } else if (!strcmp(*argv, "-verify"))
} else badarg = 1; rsa_mode = RSA_VERIFY;
if(badarg) { else if (!strcmp(*argv, "-rev"))
usage(); rev = 1;
goto end; else if (!strcmp(*argv, "-encrypt"))
} rsa_mode = RSA_ENCRYPT;
argc--; else if (!strcmp(*argv, "-decrypt")) {
argv++; rsa_mode = RSA_DECRYPT;
} need_priv = 1;
} else
badarg = 1;
if (badarg) {
usage();
goto end;
}
argc--;
argv++;
}
if(need_priv && (key_type != KEY_PRIVKEY)) { if (need_priv && (key_type != KEY_PRIVKEY)) {
BIO_printf(bio_err, "A private key is needed for this operation\n"); BIO_printf(bio_err, "A private key is needed for this operation\n");
goto end; goto end;
} }
# ifndef OPENSSL_NO_ENGINE
#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0);
e = setup_engine(bio_err, engine, 0); # endif
#endif if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n");
BIO_printf(bio_err, "Error getting password\n"); goto end;
goto end; }
}
/* FIXME: seed PRNG only if needed */ /* FIXME: seed PRNG only if needed */
app_RAND_load_file(NULL, bio_err, 0); app_RAND_load_file(NULL, bio_err, 0);
switch(key_type) { switch (key_type) {
case KEY_PRIVKEY: case KEY_PRIVKEY:
pkey = load_key(bio_err, keyfile, keyform, 0, pkey = load_key(bio_err, keyfile, keyform, 0,
passin, e, "Private Key"); passin, e, "Private Key");
break; break;
case KEY_PUBKEY: case KEY_PUBKEY:
pkey = load_pubkey(bio_err, keyfile, keyform, 0, pkey = load_pubkey(bio_err, keyfile, keyform, 0,
NULL, e, "Public Key"); NULL, e, "Public Key");
break; break;
case KEY_CERT: case KEY_CERT:
x = load_cert(bio_err, keyfile, keyform, x = load_cert(bio_err, keyfile, keyform, NULL, e, "Certificate");
NULL, e, "Certificate"); if (x) {
if(x) { pkey = X509_get_pubkey(x);
pkey = X509_get_pubkey(x); X509_free(x);
X509_free(x); }
} break;
break; }
}
if(!pkey) { if (!pkey) {
return 1; return 1;
} }
rsa = EVP_PKEY_get1_RSA(pkey); rsa = EVP_PKEY_get1_RSA(pkey);
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
if(!rsa) { if (!rsa) {
BIO_printf(bio_err, "Error getting RSA key\n"); BIO_printf(bio_err, "Error getting RSA key\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
if (infile) {
if (!(in = BIO_new_file(infile, "rb"))) {
BIO_printf(bio_err, "Error Reading Input File\n");
ERR_print_errors(bio_err);
goto end;
}
} else
in = BIO_new_fp(stdin, BIO_NOCLOSE);
if(infile) { if (outfile) {
if(!(in = BIO_new_file(infile, "rb"))) { if (!(out = BIO_new_file(outfile, "wb"))) {
BIO_printf(bio_err, "Error Reading Input File\n"); BIO_printf(bio_err, "Error Reading Output File\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
} else in = BIO_new_fp(stdin, BIO_NOCLOSE); } else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
# ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
# endif
}
if(outfile) { keysize = RSA_size(rsa);
if(!(out = BIO_new_file(outfile, "wb"))) {
BIO_printf(bio_err, "Error Reading Output File\n");
ERR_print_errors(bio_err);
goto end;
}
} else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
keysize = RSA_size(rsa); rsa_in = OPENSSL_malloc(keysize * 2);
rsa_out = OPENSSL_malloc(keysize);
rsa_in = OPENSSL_malloc(keysize * 2); /* Read the input data */
rsa_out = OPENSSL_malloc(keysize); rsa_inlen = BIO_read(in, rsa_in, keysize * 2);
if (rsa_inlen <= 0) {
BIO_printf(bio_err, "Error reading input Data\n");
exit(1);
}
if (rev) {
int i;
unsigned char ctmp;
for (i = 0; i < rsa_inlen / 2; i++) {
ctmp = rsa_in[i];
rsa_in[i] = rsa_in[rsa_inlen - 1 - i];
rsa_in[rsa_inlen - 1 - i] = ctmp;
}
}
switch (rsa_mode) {
/* Read the input data */ case RSA_VERIFY:
rsa_inlen = BIO_read(in, rsa_in, keysize * 2); rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
if(rsa_inlen <= 0) { break;
BIO_printf(bio_err, "Error reading input Data\n");
exit(1);
}
if(rev) {
int i;
unsigned char ctmp;
for(i = 0; i < rsa_inlen/2; i++) {
ctmp = rsa_in[i];
rsa_in[i] = rsa_in[rsa_inlen - 1 - i];
rsa_in[rsa_inlen - 1 - i] = ctmp;
}
}
switch(rsa_mode) {
case RSA_VERIFY: case RSA_SIGN:
rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad); rsa_outlen =
break; RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
break;
case RSA_SIGN: case RSA_ENCRYPT:
rsa_outlen = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad); rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
break; break;
case RSA_ENCRYPT: case RSA_DECRYPT:
rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad); rsa_outlen =
break; RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
break;
case RSA_DECRYPT: }
rsa_outlen = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
break;
} if (rsa_outlen <= 0) {
BIO_printf(bio_err, "RSA operation error\n");
if(rsa_outlen <= 0) { ERR_print_errors(bio_err);
BIO_printf(bio_err, "RSA operation error\n"); goto end;
ERR_print_errors(bio_err); }
goto end; ret = 0;
} if (asn1parse) {
ret = 0; if (!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) {
if(asn1parse) { ERR_print_errors(bio_err);
if(!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) { }
ERR_print_errors(bio_err); } else if (hexdump)
} BIO_dump(out, (char *)rsa_out, rsa_outlen);
} else if(hexdump) BIO_dump(out, (char *)rsa_out, rsa_outlen); else
else BIO_write(out, rsa_out, rsa_outlen); BIO_write(out, rsa_out, rsa_outlen);
end: end:
RSA_free(rsa); RSA_free(rsa);
BIO_free(in); BIO_free(in);
BIO_free_all(out); BIO_free_all(out);
if(rsa_in) OPENSSL_free(rsa_in); if (rsa_in)
if(rsa_out) OPENSSL_free(rsa_out); OPENSSL_free(rsa_in);
if(passin) OPENSSL_free(passin); if (rsa_out)
return ret; OPENSSL_free(rsa_out);
if (passin)
OPENSSL_free(passin);
return ret;
} }
static void usage() static void usage()
{ {
BIO_printf(bio_err, "Usage: rsautl [options]\n"); BIO_printf(bio_err, "Usage: rsautl [options]\n");
BIO_printf(bio_err, "-in file input file\n"); BIO_printf(bio_err, "-in file input file\n");
BIO_printf(bio_err, "-out file output file\n"); BIO_printf(bio_err, "-out file output file\n");
BIO_printf(bio_err, "-inkey file input key\n"); BIO_printf(bio_err, "-inkey file input key\n");
BIO_printf(bio_err, "-keyform arg private key format - default PEM\n"); BIO_printf(bio_err, "-keyform arg private key format - default PEM\n");
BIO_printf(bio_err, "-pubin input is an RSA public\n"); BIO_printf(bio_err, "-pubin input is an RSA public\n");
BIO_printf(bio_err, "-certin input is a certificate carrying an RSA public key\n"); BIO_printf(bio_err,
BIO_printf(bio_err, "-ssl use SSL v2 padding\n"); "-certin input is a certificate carrying an RSA public key\n");
BIO_printf(bio_err, "-raw use no padding\n"); BIO_printf(bio_err, "-ssl use SSL v2 padding\n");
BIO_printf(bio_err, "-pkcs use PKCS#1 v1.5 padding (default)\n"); BIO_printf(bio_err, "-raw use no padding\n");
BIO_printf(bio_err, "-oaep use PKCS#1 OAEP\n"); BIO_printf(bio_err,
BIO_printf(bio_err, "-sign sign with private key\n"); "-pkcs use PKCS#1 v1.5 padding (default)\n");
BIO_printf(bio_err, "-verify verify with public key\n"); BIO_printf(bio_err, "-oaep use PKCS#1 OAEP\n");
BIO_printf(bio_err, "-encrypt encrypt with public key\n"); BIO_printf(bio_err, "-sign sign with private key\n");
BIO_printf(bio_err, "-decrypt decrypt with private key\n"); BIO_printf(bio_err, "-verify verify with public key\n");
BIO_printf(bio_err, "-hexdump hex dump output\n"); BIO_printf(bio_err, "-encrypt encrypt with public key\n");
#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, "-decrypt decrypt with private key\n");
BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err, "-hexdump hex dump output\n");
BIO_printf (bio_err, "-passin arg pass phrase source\n"); # ifndef OPENSSL_NO_ENGINE
#endif BIO_printf(bio_err,
"-engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err, "-passin arg pass phrase source\n");
# endif
} }
#else /* !OPENSSL_NO_RSA */ #else /* !OPENSSL_NO_RSA */
# if PEDANTIC # if PEDANTIC
static void *dummy=&dummy; static void *dummy = &dummy;
# endif # endif
#endif #endif

86
apps/s_apps.h
View File

@ -110,39 +110,41 @@
*/ */
/* conflicts with winsock2 stuff on netware */ /* conflicts with winsock2 stuff on netware */
#if !defined(OPENSSL_SYS_NETWARE) #if !defined(OPENSSL_SYS_NETWARE)
#include <sys/types.h> # include <sys/types.h>
#endif #endif
#include <openssl/opensslconf.h> #include <openssl/opensslconf.h>
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
#include <conio.h> # include <conio.h>
#endif #endif
#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32) #if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32)
#define _kbhit kbhit # define _kbhit kbhit
#endif #endif
#if defined(OPENSSL_SYS_VMS) && !defined(FD_SET) #if defined(OPENSSL_SYS_VMS) && !defined(FD_SET)
/* VAX C does not defined fd_set and friends, but it's actually quite simple */ /*
/* These definitions are borrowed from SOCKETSHR. /Richard Levitte */ * VAX C does not defined fd_set and friends, but it's actually quite simple
#define MAX_NOFILE 32 */
#define NBBY 8 /* number of bits in a byte */ /* These definitions are borrowed from SOCKETSHR. /Richard Levitte */
# define MAX_NOFILE 32
# define NBBY 8 /* number of bits in a byte */
#ifndef FD_SETSIZE # ifndef FD_SETSIZE
#define FD_SETSIZE MAX_NOFILE # define FD_SETSIZE MAX_NOFILE
#endif /* FD_SETSIZE */ # endif /* FD_SETSIZE */
/* How many things we'll allow select to use. 0 if unlimited */ /* How many things we'll allow select to use. 0 if unlimited */
#define MAXSELFD MAX_NOFILE # define MAXSELFD MAX_NOFILE
typedef int fd_mask; /* int here! VMS prototypes int, not long */ typedef int fd_mask; /* int here! VMS prototypes int, not long */
#define NFDBITS (sizeof(fd_mask) * NBBY) /* bits per mask (power of 2!)*/ # define NFDBITS (sizeof(fd_mask) * NBBY)/* bits per mask (power of 2!) */
#define NFDSHIFT 5 /* Shift based on above */ # define NFDSHIFT 5 /* Shift based on above */
typedef fd_mask fd_set; typedef fd_mask fd_set;
#define FD_SET(n, p) (*(p) |= (1 << ((n) % NFDBITS))) # define FD_SET(n, p) (*(p) |= (1 << ((n) % NFDBITS)))
#define FD_CLR(n, p) (*(p) &= ~(1 << ((n) % NFDBITS))) # define FD_CLR(n, p) (*(p) &= ~(1 << ((n) % NFDBITS)))
#define FD_ISSET(n, p) (*(p) & (1 << ((n) % NFDBITS))) # define FD_ISSET(n, p) (*(p) & (1 << ((n) % NFDBITS)))
#define FD_ZERO(p) memset((char *)(p), 0, sizeof(*(p))) # define FD_ZERO(p) memset((char *)(p), 0, sizeof(*(p)))
#endif #endif
#define PORT 4433 #define PORT 4433
@ -150,12 +152,14 @@ typedef fd_mask fd_set;
#define PROTOCOL "tcp" #define PROTOCOL "tcp"
int do_server(int port, int type, int *ret, int do_server(int port, int type, int *ret,
int (*cb)(char *hostname, int s, int stype, unsigned char *context), int (*cb) (char *hostname, int s, int stype,
unsigned char *context, int naccept); unsigned char *context), unsigned char *context,
int naccept);
#ifndef NO_SYS_UN_H #ifndef NO_SYS_UN_H
int do_server_unix(const char *path, int *ret, int do_server_unix(const char *path, int *ret,
int (*cb)(char *hostname, int s, int stype, unsigned char *context), int (*cb) (char *hostname, int s, int stype,
unsigned char *context, int naccept); unsigned char *context), unsigned char *context,
int naccept);
#endif #endif
#ifdef HEADER_X509_H #ifdef HEADER_X509_H
int verify_callback(int ok, X509_STORE_CTX *ctx); int verify_callback(int ok, X509_STORE_CTX *ctx);
@ -163,7 +167,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx);
#ifdef HEADER_SSL_H #ifdef HEADER_SSL_H
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file); int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key, int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
STACK_OF(X509) *chain, int build_chain); STACK_OF(X509) *chain, int build_chain);
int ssl_print_sigalgs(BIO *out, SSL *s); int ssl_print_sigalgs(BIO *out, SSL *s);
int ssl_print_point_formats(BIO *out, SSL *s); int ssl_print_point_formats(BIO *out, SSL *s);
int ssl_print_curves(BIO *out, SSL *s, int noshared); int ssl_print_curves(BIO *out, SSL *s, int noshared);
@ -175,39 +179,43 @@ int init_client_unix(int *sock, const char *server);
#endif #endif
int should_retry(int i); int should_retry(int i);
int extract_port(const char *str, short *port_ptr); int extract_port(const char *str, short *port_ptr);
int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p); int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
short *p);
long bio_dump_callback(BIO *bio, int cmd, const char *argp, long bio_dump_callback(BIO *bio, int cmd, const char *argp,
int argi, long argl, long ret); int argi, long argl, long ret);
#ifdef HEADER_SSL_H #ifdef HEADER_SSL_H
void apps_ssl_info_callback(const SSL *s, int where, int ret); void apps_ssl_info_callback(const SSL *s, int where, int ret);
void msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); void msg_cb(int write_p, int version, int content_type, const void *buf,
void tlsext_cb(SSL *s, int client_server, int type, size_t len, SSL *ssl, void *arg);
unsigned char *data, int len, void tlsext_cb(SSL *s, int client_server, int type, unsigned char *data,
void *arg); int len, void *arg);
#endif #endif
int generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len); int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
int verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len); unsigned int *cookie_len);
int verify_cookie_callback(SSL *ssl, unsigned char *cookie,
unsigned int cookie_len);
typedef struct ssl_excert_st SSL_EXCERT; typedef struct ssl_excert_st SSL_EXCERT;
void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc); void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc);
void ssl_excert_free(SSL_EXCERT *exc); void ssl_excert_free(SSL_EXCERT *exc);
int args_excert(char ***pargs, int *pargc, int args_excert(char ***pargs, int *pargc,
int *badarg, BIO *err, SSL_EXCERT **pexc); int *badarg, BIO *err, SSL_EXCERT **pexc);
int load_excert(SSL_EXCERT **pexc, BIO *err); int load_excert(SSL_EXCERT **pexc, BIO *err);
void print_ssl_summary(BIO *bio, SSL *s); void print_ssl_summary(BIO *bio, SSL *s);
#ifdef HEADER_SSL_H #ifdef HEADER_SSL_H
int args_ssl(char ***pargs, int *pargc, SSL_CONF_CTX *cctx, int args_ssl(char ***pargs, int *pargc, SSL_CONF_CTX *cctx,
int *badarg, BIO *err, STACK_OF(OPENSSL_STRING) **pstr); int *badarg, BIO *err, STACK_OF(OPENSSL_STRING) **pstr);
int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx, int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx,
STACK_OF(OPENSSL_STRING) *str, int no_ecdhe, int no_jpake); STACK_OF(OPENSSL_STRING) *str, int no_ecdhe, int no_jpake);
int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls, int crl_download); int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls,
int ssl_load_stores(SSL_CTX *ctx, int crl_download);
const char *vfyCApath, const char *vfyCAfile, int ssl_load_stores(SSL_CTX *ctx, const char *vfyCApath,
const char *chCApath, const char *chCAfile, const char *vfyCAfile, const char *chCApath,
STACK_OF(X509_CRL) *crls, int crl_download); const char *chCAfile, STACK_OF(X509_CRL) *crls,
int crl_download);
void ssl_ctx_security_debug(SSL_CTX *ctx, BIO *out, int verbose); void ssl_ctx_security_debug(SSL_CTX *ctx, BIO *out, int verbose);
#endif #endif

2991
apps/s_cb.c
View File

File diff suppressed because it is too large Load Diff

3643
apps/s_client.c
View File

File diff suppressed because it is too large Load Diff

5411
apps/s_server.c
View File

File diff suppressed because it is too large Load Diff

1115
apps/s_socket.c
View File

File diff suppressed because it is too large Load Diff

713
apps/s_time.c
View File

@ -58,7 +58,7 @@
#define NO_SHUTDOWN #define NO_SHUTDOWN
/*----------------------------------------- /* ----------------------------------------
s_time - SSL client connection timer program s_time - SSL client connection timer program
Written and donated by Larry Streepy <streepy@healthcare.com> Written and donated by Larry Streepy <streepy@healthcare.com>
-----------------------------------------*/ -----------------------------------------*/
@ -75,11 +75,11 @@
#include "s_apps.h" #include "s_apps.h"
#include <openssl/err.h> #include <openssl/err.h>
#ifdef WIN32_STUFF #ifdef WIN32_STUFF
#include "winmain.h" # include "winmain.h"
#include "wintext.h" # include "wintext.h"
#endif #endif
#if !defined(OPENSSL_SYS_MSDOS) #if !defined(OPENSSL_SYS_MSDOS)
#include OPENSSL_UNISTD # include OPENSSL_UNISTD
#endif #endif
#undef PROG #undef PROG
@ -88,10 +88,12 @@
#undef ioctl #undef ioctl
#define ioctl ioctlsocket #define ioctl ioctlsocket
#define SSL_CONNECT_NAME "localhost:4433" #define SSL_CONNECT_NAME "localhost:4433"
/* no default cert. */ /* no default cert. */
/*#define TEST_CERT "client.pem" */ /*
* #define TEST_CERT "client.pem"
*/
#undef BUFSIZZ #undef BUFSIZZ
#define BUFSIZZ 1024*10 #define BUFSIZZ 1024*10
@ -104,13 +106,13 @@
#define max(a,b) (((a) > (b)) ? (a) : (b)) #define max(a,b) (((a) > (b)) ? (a) : (b))
#undef SECONDS #undef SECONDS
#define SECONDS 30 #define SECONDS 30
extern int verify_depth; extern int verify_depth;
extern int verify_error; extern int verify_error;
static void s_time_usage(void); static void s_time_usage(void);
static int parseArgs( int argc, char **argv ); static int parseArgs(int argc, char **argv);
static SSL *doConnection( SSL *scon ); static SSL *doConnection(SSL *scon);
static void s_time_init(void); static void s_time_init(void);
/*********************************************************************** /***********************************************************************
@ -118,58 +120,58 @@ static void s_time_init(void);
*/ */
/* static char *port=PORT_STR;*/ /* static char *port=PORT_STR;*/
static char *host=SSL_CONNECT_NAME; static char *host = SSL_CONNECT_NAME;
static char *t_cert_file=NULL; static char *t_cert_file = NULL;
static char *t_key_file=NULL; static char *t_key_file = NULL;
static char *CApath=NULL; static char *CApath = NULL;
static char *CAfile=NULL; static char *CAfile = NULL;
static char *tm_cipher=NULL; static char *tm_cipher = NULL;
static int tm_verify = SSL_VERIFY_NONE; static int tm_verify = SSL_VERIFY_NONE;
static int maxTime = SECONDS; static int maxTime = SECONDS;
static SSL_CTX *tm_ctx=NULL; static SSL_CTX *tm_ctx = NULL;
static const SSL_METHOD *s_time_meth=NULL; static const SSL_METHOD *s_time_meth = NULL;
static char *s_www_path=NULL; static char *s_www_path = NULL;
static long bytes_read=0; static long bytes_read = 0;
static int st_bugs=0; static int st_bugs = 0;
static int perform=0; static int perform = 0;
#ifdef FIONBIO #ifdef FIONBIO
static int t_nbio=0; static int t_nbio = 0;
#endif #endif
#ifdef OPENSSL_SYS_WIN32 #ifdef OPENSSL_SYS_WIN32
static int exitNow = 0; /* Set when it's time to exit main */ static int exitNow = 0; /* Set when it's time to exit main */
#endif #endif
static void s_time_init(void) static void s_time_init(void)
{ {
host=SSL_CONNECT_NAME; host = SSL_CONNECT_NAME;
t_cert_file=NULL; t_cert_file = NULL;
t_key_file=NULL; t_key_file = NULL;
CApath=NULL; CApath = NULL;
CAfile=NULL; CAfile = NULL;
tm_cipher=NULL; tm_cipher = NULL;
tm_verify = SSL_VERIFY_NONE; tm_verify = SSL_VERIFY_NONE;
maxTime = SECONDS; maxTime = SECONDS;
tm_ctx=NULL; tm_ctx = NULL;
s_time_meth=NULL; s_time_meth = NULL;
s_www_path=NULL; s_www_path = NULL;
bytes_read=0; bytes_read = 0;
st_bugs=0; st_bugs = 0;
perform=0; perform = 0;
#ifdef FIONBIO #ifdef FIONBIO
t_nbio=0; t_nbio = 0;
#endif #endif
#ifdef OPENSSL_SYS_WIN32 #ifdef OPENSSL_SYS_WIN32
exitNow = 0; /* Set when it's time to exit main */ exitNow = 0; /* Set when it's time to exit main */
#endif #endif
} }
/*********************************************************************** /***********************************************************************
* usage - display usage message * usage - display usage message
*/ */
static void s_time_usage(void) static void s_time_usage(void)
{ {
static char umsg[] = "\ static char umsg[] = "\
-time arg - max number of seconds to collect data, default %d\n\ -time arg - max number of seconds to collect data, default %d\n\
-verify arg - turn on peer certificate verification, arg == depth\n\ -verify arg - turn on peer certificate verification, arg == depth\n\
-cert arg - certificate file to use, PEM format assumed\n\ -cert arg - certificate file to use, PEM format assumed\n\
@ -179,18 +181,19 @@ static void s_time_usage(void)
-CAfile arg - PEM format file of CA's\n\ -CAfile arg - PEM format file of CA's\n\
-cipher - preferred cipher to use, play with 'openssl ciphers'\n\n"; -cipher - preferred cipher to use, play with 'openssl ciphers'\n\n";
printf( "usage: s_time <args>\n\n" ); printf("usage: s_time <args>\n\n");
printf("-connect host:port - host:port to connect to (default is %s)\n",SSL_CONNECT_NAME); printf("-connect host:port - host:port to connect to (default is %s)\n",
SSL_CONNECT_NAME);
#ifdef FIONBIO #ifdef FIONBIO
printf("-nbio - Run with non-blocking IO\n"); printf("-nbio - Run with non-blocking IO\n");
printf("-ssl3 - Just use SSLv3\n"); printf("-ssl3 - Just use SSLv3\n");
printf("-bugs - Turn on SSL bug compatibility\n"); printf("-bugs - Turn on SSL bug compatibility\n");
printf("-new - Just time new connections\n"); printf("-new - Just time new connections\n");
printf("-reuse - Just time connection reuse\n"); printf("-reuse - Just time connection reuse\n");
printf("-www page - Retrieve 'page' from the site\n"); printf("-www page - Retrieve 'page' from the site\n");
#endif #endif
printf( umsg,SECONDS ); printf(umsg, SECONDS);
} }
/*********************************************************************** /***********************************************************************
@ -202,414 +205,420 @@ static int parseArgs(int argc, char **argv)
{ {
int badop = 0; int badop = 0;
verify_depth=0; verify_depth = 0;
verify_error=X509_V_OK; verify_error = X509_V_OK;
argc--; argc--;
argv++; argv++;
while (argc >= 1) { while (argc >= 1) {
if (strcmp(*argv,"-connect") == 0) if (strcmp(*argv, "-connect") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
host= *(++argv); host = *(++argv);
} }
#if 0 #if 0
else if( strcmp(*argv,"-host") == 0) else if (strcmp(*argv, "-host") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
host= *(++argv); host = *(++argv);
} } else if (strcmp(*argv, "-port") == 0) {
else if( strcmp(*argv,"-port") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad; port = *(++argv);
port= *(++argv); }
}
#endif #endif
else if (strcmp(*argv,"-reuse") == 0) else if (strcmp(*argv, "-reuse") == 0)
perform=2; perform = 2;
else if (strcmp(*argv,"-new") == 0) else if (strcmp(*argv, "-new") == 0)
perform=1; perform = 1;
else if( strcmp(*argv,"-verify") == 0) { else if (strcmp(*argv, "-verify") == 0) {
tm_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE; tm_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
if (--argc < 1) goto bad; if (--argc < 1)
verify_depth=atoi(*(++argv)); goto bad;
BIO_printf(bio_err,"verify depth is %d\n",verify_depth); verify_depth = atoi(*(++argv));
BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
} else if( strcmp(*argv,"-cert") == 0) { } else if (strcmp(*argv, "-cert") == 0) {
if (--argc < 1) goto bad; if (--argc < 1)
t_cert_file= *(++argv); goto bad;
t_cert_file = *(++argv);
} else if( strcmp(*argv,"-key") == 0) { } else if (strcmp(*argv, "-key") == 0) {
if (--argc < 1) goto bad; if (--argc < 1)
t_key_file= *(++argv); goto bad;
t_key_file = *(++argv);
} else if( strcmp(*argv,"-CApath") == 0) { } else if (strcmp(*argv, "-CApath") == 0) {
if (--argc < 1) goto bad; if (--argc < 1)
CApath= *(++argv); goto bad;
CApath = *(++argv);
} else if( strcmp(*argv,"-CAfile") == 0) { } else if (strcmp(*argv, "-CAfile") == 0) {
if (--argc < 1) goto bad; if (--argc < 1)
CAfile= *(++argv); goto bad;
CAfile = *(++argv);
} else if( strcmp(*argv,"-cipher") == 0) { } else if (strcmp(*argv, "-cipher") == 0) {
if (--argc < 1) goto bad; if (--argc < 1)
tm_cipher= *(++argv); goto bad;
} tm_cipher = *(++argv);
}
#ifdef FIONBIO #ifdef FIONBIO
else if(strcmp(*argv,"-nbio") == 0) { else if (strcmp(*argv, "-nbio") == 0) {
t_nbio=1; t_nbio = 1;
} }
#endif #endif
else if(strcmp(*argv,"-www") == 0) else if (strcmp(*argv, "-www") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
s_www_path= *(++argv); s_www_path = *(++argv);
if(strlen(s_www_path) > MYBUFSIZ-100) if (strlen(s_www_path) > MYBUFSIZ - 100) {
{ BIO_printf(bio_err, "-www option too long\n");
BIO_printf(bio_err,"-www option too long\n"); badop = 1;
badop=1; }
} } else if (strcmp(*argv, "-bugs") == 0)
} st_bugs = 1;
else if(strcmp(*argv,"-bugs") == 0)
st_bugs=1;
#ifndef OPENSSL_NO_SSL3 #ifndef OPENSSL_NO_SSL3
else if(strcmp(*argv,"-ssl3") == 0) else if (strcmp(*argv, "-ssl3") == 0)
s_time_meth=SSLv3_client_method(); s_time_meth = SSLv3_client_method();
#endif #endif
else if( strcmp(*argv,"-time") == 0) { else if (strcmp(*argv, "-time") == 0) {
if (--argc < 1) goto bad; if (--argc < 1)
maxTime= atoi(*(++argv)); goto bad;
} maxTime = atoi(*(++argv));
else { } else {
BIO_printf(bio_err,"unknown option %s\n",*argv); BIO_printf(bio_err, "unknown option %s\n", *argv);
badop=1; badop = 1;
break; break;
} }
argc--; argc--;
argv++; argv++;
} }
if (perform == 0) perform=3; if (perform == 0)
perform = 3;
if(badop) { if (badop) {
bad: bad:
s_time_usage(); s_time_usage();
return -1; return -1;
} }
return 0; /* Valid args */ return 0; /* Valid args */
} }
/*********************************************************************** /***********************************************************************
* TIME - time functions * TIME - time functions
*/ */
#define START 0 #define START 0
#define STOP 1 #define STOP 1
static double tm_Time_F(int s) static double tm_Time_F(int s)
{ {
return app_tminterval(s,1); return app_tminterval(s, 1);
} }
/*********************************************************************** /***********************************************************************
* MAIN - main processing area for client * MAIN - main processing area for client
* real name depends on MONOLITH * real name depends on MONOLITH
*/ */
int MAIN(int, char **); int MAIN(int, char **);
int MAIN(int argc, char **argv) int MAIN(int argc, char **argv)
{ {
double totalTime = 0.0; double totalTime = 0.0;
int nConn = 0; int nConn = 0;
SSL *scon=NULL; SSL *scon = NULL;
long finishtime=0; long finishtime = 0;
int ret=1,i; int ret = 1, i;
MS_STATIC char buf[1024*8]; MS_STATIC char buf[1024 * 8];
int ver; int ver;
apps_startup(); apps_startup();
s_time_init(); s_time_init();
if (bio_err == NULL) if (bio_err == NULL)
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
s_time_meth=SSLv23_client_method(); s_time_meth = SSLv23_client_method();
/* parse the command line arguments */ /* parse the command line arguments */
if( parseArgs( argc, argv ) < 0 ) if (parseArgs(argc, argv) < 0)
goto end; goto end;
OpenSSL_add_ssl_algorithms(); OpenSSL_add_ssl_algorithms();
if ((tm_ctx=SSL_CTX_new(s_time_meth)) == NULL) return(1); if ((tm_ctx = SSL_CTX_new(s_time_meth)) == NULL)
return (1);
SSL_CTX_set_quiet_shutdown(tm_ctx,1); SSL_CTX_set_quiet_shutdown(tm_ctx, 1);
if (st_bugs) SSL_CTX_set_options(tm_ctx,SSL_OP_ALL); if (st_bugs)
SSL_CTX_set_cipher_list(tm_ctx,tm_cipher); SSL_CTX_set_options(tm_ctx, SSL_OP_ALL);
if(!set_cert_stuff(tm_ctx,t_cert_file,t_key_file)) SSL_CTX_set_cipher_list(tm_ctx, tm_cipher);
goto end; if (!set_cert_stuff(tm_ctx, t_cert_file, t_key_file))
goto end;
SSL_load_error_strings(); SSL_load_error_strings();
if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) || if ((!SSL_CTX_load_verify_locations(tm_ctx, CAfile, CApath)) ||
(!SSL_CTX_set_default_verify_paths(tm_ctx))) (!SSL_CTX_set_default_verify_paths(tm_ctx))) {
{ /*
/* BIO_printf(bio_err,"error setting default verify locations\n"); */ * BIO_printf(bio_err,"error setting default verify locations\n");
ERR_print_errors(bio_err); */
/* goto end; */ ERR_print_errors(bio_err);
} /* goto end; */
}
if (tm_cipher == NULL) if (tm_cipher == NULL)
tm_cipher = getenv("SSL_CIPHER"); tm_cipher = getenv("SSL_CIPHER");
if (tm_cipher == NULL ) { if (tm_cipher == NULL) {
fprintf( stderr, "No CIPHER specified\n" ); fprintf(stderr, "No CIPHER specified\n");
} }
if (!(perform & 1)) goto next; if (!(perform & 1))
printf( "Collecting connection statistics for %d seconds\n", maxTime ); goto next;
printf("Collecting connection statistics for %d seconds\n", maxTime);
/* Loop and time how long it takes to make connections */ /* Loop and time how long it takes to make connections */
bytes_read=0; bytes_read = 0;
finishtime=(long)time(NULL)+maxTime; finishtime = (long)time(NULL) + maxTime;
tm_Time_F(START); tm_Time_F(START);
for (;;) for (;;) {
{ if (finishtime < (long)time(NULL))
if (finishtime < (long)time(NULL)) break; break;
#ifdef WIN32_STUFF #ifdef WIN32_STUFF
if( flushWinMsgs(0) == -1 ) if (flushWinMsgs(0) == -1)
goto end; goto end;
if( waitingToDie || exitNow ) /* we're dead */ if (waitingToDie || exitNow) /* we're dead */
goto end; goto end;
#endif #endif
if( (scon = doConnection( NULL )) == NULL ) if ((scon = doConnection(NULL)) == NULL)
goto end; goto end;
if (s_www_path != NULL)
{
BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
SSL_write(scon,buf,strlen(buf));
while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
bytes_read+=i;
}
if (s_www_path != NULL) {
BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n",
s_www_path);
SSL_write(scon, buf, strlen(buf));
while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
bytes_read += i;
}
#ifdef NO_SHUTDOWN #ifdef NO_SHUTDOWN
SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
#else #else
SSL_shutdown(scon); SSL_shutdown(scon);
#endif #endif
SHUTDOWN2(SSL_get_fd(scon)); SHUTDOWN2(SSL_get_fd(scon));
nConn += 1; nConn += 1;
if (SSL_session_reused(scon)) if (SSL_session_reused(scon))
ver='r'; ver = 'r';
else else {
{ ver = SSL_version(scon);
ver=SSL_version(scon); if (ver == TLS1_VERSION)
if (ver == TLS1_VERSION) ver = 't';
ver='t'; else if (ver == SSL3_VERSION)
else if (ver == SSL3_VERSION) ver = '3';
ver='3'; else
else ver = '*';
ver='*'; }
} fputc(ver, stdout);
fputc(ver,stdout); fflush(stdout);
fflush(stdout);
SSL_free( scon ); SSL_free(scon);
scon=NULL; scon = NULL;
} }
totalTime += tm_Time_F(STOP); /* Add the time for this iteration */ totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
i=(int)((long)time(NULL)-finishtime+maxTime); i = (int)((long)time(NULL) - finishtime + maxTime);
printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read); printf
printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn); ("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
nConn, totalTime, ((double)nConn / totalTime), bytes_read);
printf
("%d connections in %ld real seconds, %ld bytes read per connection\n",
nConn, (long)time(NULL) - finishtime + maxTime, bytes_read / nConn);
/* Now loop and time connections using the same session id over and over */ /*
* Now loop and time connections using the same session id over and over
*/
next: next:
if (!(perform & 2)) goto end; if (!(perform & 2))
printf( "\n\nNow timing with session id reuse.\n" ); goto end;
printf("\n\nNow timing with session id reuse.\n");
/* Get an SSL object so we can reuse the session id */ /* Get an SSL object so we can reuse the session id */
if( (scon = doConnection( NULL )) == NULL ) if ((scon = doConnection(NULL)) == NULL) {
{ fprintf(stderr, "Unable to get connection\n");
fprintf( stderr, "Unable to get connection\n" ); goto end;
goto end; }
}
if (s_www_path != NULL) if (s_www_path != NULL) {
{ BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", s_www_path);
BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); SSL_write(scon, buf, strlen(buf));
SSL_write(scon,buf,strlen(buf)); while (SSL_read(scon, buf, sizeof(buf)) > 0) ;
while (SSL_read(scon,buf,sizeof(buf)) > 0) }
;
}
#ifdef NO_SHUTDOWN #ifdef NO_SHUTDOWN
SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
#else #else
SSL_shutdown(scon); SSL_shutdown(scon);
#endif #endif
SHUTDOWN2(SSL_get_fd(scon)); SHUTDOWN2(SSL_get_fd(scon));
nConn = 0; nConn = 0;
totalTime = 0.0; totalTime = 0.0;
finishtime=(long)time(NULL)+maxTime; finishtime = (long)time(NULL) + maxTime;
printf( "starting\n" ); printf("starting\n");
bytes_read=0; bytes_read = 0;
tm_Time_F(START); tm_Time_F(START);
for (;;) for (;;) {
{ if (finishtime < (long)time(NULL))
if (finishtime < (long)time(NULL)) break; break;
#ifdef WIN32_STUFF #ifdef WIN32_STUFF
if( flushWinMsgs(0) == -1 ) if (flushWinMsgs(0) == -1)
goto end; goto end;
if( waitingToDie || exitNow ) /* we're dead */ if (waitingToDie || exitNow) /* we're dead */
goto end; goto end;
#endif #endif
if( (doConnection( scon )) == NULL ) if ((doConnection(scon)) == NULL)
goto end; goto end;
if (s_www_path)
{
BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
SSL_write(scon,buf,strlen(buf));
while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
bytes_read+=i;
}
if (s_www_path) {
BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n",
s_www_path);
SSL_write(scon, buf, strlen(buf));
while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
bytes_read += i;
}
#ifdef NO_SHUTDOWN #ifdef NO_SHUTDOWN
SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
#else #else
SSL_shutdown(scon); SSL_shutdown(scon);
#endif #endif
SHUTDOWN2(SSL_get_fd(scon)); SHUTDOWN2(SSL_get_fd(scon));
nConn += 1; nConn += 1;
if (SSL_session_reused(scon)) if (SSL_session_reused(scon))
ver='r'; ver = 'r';
else else {
{ ver = SSL_version(scon);
ver=SSL_version(scon); if (ver == TLS1_VERSION)
if (ver == TLS1_VERSION) ver = 't';
ver='t'; else if (ver == SSL3_VERSION)
else if (ver == SSL3_VERSION) ver = '3';
ver='3'; else
else ver = '*';
ver='*'; }
} fputc(ver, stdout);
fputc(ver,stdout); fflush(stdout);
fflush(stdout); }
} totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
totalTime += tm_Time_F(STOP); /* Add the time for this iteration*/
printf
("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
nConn, totalTime, ((double)nConn / totalTime), bytes_read);
printf
("%d connections in %ld real seconds, %ld bytes read per connection\n",
nConn, (long)time(NULL) - finishtime + maxTime, bytes_read / nConn);
printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read); ret = 0;
printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn); end:
if (scon != NULL)
SSL_free(scon);
ret=0; if (tm_ctx != NULL) {
end: SSL_CTX_free(tm_ctx);
if (scon != NULL) SSL_free(scon); tm_ctx = NULL;
}
if (tm_ctx != NULL) apps_shutdown();
{ OPENSSL_EXIT(ret);
SSL_CTX_free(tm_ctx); }
tm_ctx=NULL;
}
apps_shutdown();
OPENSSL_EXIT(ret);
}
/*- /*-
* doConnection - make a connection * doConnection - make a connection
* Args: * Args:
* scon = earlier ssl connection for session id, or NULL * scon = earlier ssl connection for session id, or NULL
* Returns: * Returns:
* SSL * = the connection pointer. * SSL * = the connection pointer.
*/ */
static SSL *doConnection(SSL *scon) static SSL *doConnection(SSL *scon)
{ {
BIO *conn; BIO *conn;
SSL *serverCon; SSL *serverCon;
int width, i; int width, i;
fd_set readfds; fd_set readfds;
if ((conn=BIO_new(BIO_s_connect())) == NULL) if ((conn = BIO_new(BIO_s_connect())) == NULL)
return(NULL); return (NULL);
/* BIO_set_conn_port(conn,port);*/ /* BIO_set_conn_port(conn,port);*/
BIO_set_conn_hostname(conn,host); BIO_set_conn_hostname(conn, host);
if (scon == NULL) if (scon == NULL)
serverCon=SSL_new(tm_ctx); serverCon = SSL_new(tm_ctx);
else else {
{ serverCon = scon;
serverCon=scon; SSL_set_connect_state(serverCon);
SSL_set_connect_state(serverCon); }
}
SSL_set_bio(serverCon,conn,conn); SSL_set_bio(serverCon, conn, conn);
#if 0 #if 0
if( scon != NULL ) if (scon != NULL)
SSL_set_session(serverCon,SSL_get_session(scon)); SSL_set_session(serverCon, SSL_get_session(scon));
#endif #endif
/* ok, lets connect */ /* ok, lets connect */
for(;;) { for (;;) {
i=SSL_connect(serverCon); i = SSL_connect(serverCon);
if (BIO_sock_should_retry(i)) if (BIO_sock_should_retry(i)) {
{ BIO_printf(bio_err, "DELAY\n");
BIO_printf(bio_err,"DELAY\n");
i=SSL_get_fd(serverCon);
width=i+1;
FD_ZERO(&readfds);
openssl_fdset(i,&readfds);
/* Note: under VMS with SOCKETSHR the 2nd parameter
* is currently of type (int *) whereas under other
* systems it is (void *) if you don't have a cast it
* will choke the compiler: if you do have a cast then
* you can either go for (int *) or (void *).
*/
select(width,(void *)&readfds,NULL,NULL,NULL);
continue;
}
break;
}
if(i <= 0)
{
BIO_printf(bio_err,"ERROR\n");
if (verify_error != X509_V_OK)
BIO_printf(bio_err,"verify error:%s\n",
X509_verify_cert_error_string(verify_error));
else
ERR_print_errors(bio_err);
if (scon == NULL)
SSL_free(serverCon);
return NULL;
}
return serverCon;
}
i = SSL_get_fd(serverCon);
width = i + 1;
FD_ZERO(&readfds);
openssl_fdset(i, &readfds);
/*
* Note: under VMS with SOCKETSHR the 2nd parameter is currently
* of type (int *) whereas under other systems it is (void *) if
* you don't have a cast it will choke the compiler: if you do
* have a cast then you can either go for (int *) or (void *).
*/
select(width, (void *)&readfds, NULL, NULL, NULL);
continue;
}
break;
}
if (i <= 0) {
BIO_printf(bio_err, "ERROR\n");
if (verify_error != X509_V_OK)
BIO_printf(bio_err, "verify error:%s\n",
X509_verify_cert_error_string(verify_error));
else
ERR_print_errors(bio_err);
if (scon == NULL)
SSL_free(serverCon);
return NULL;
}
return serverCon;
}

426
apps/sess_id.c
View File

@ -67,20 +67,20 @@
#include <openssl/ssl.h> #include <openssl/ssl.h>
#undef PROG #undef PROG
#define PROG sess_id_main #define PROG sess_id_main
static const char *sess_id_usage[]={ static const char *sess_id_usage[] = {
"usage: sess_id args\n", "usage: sess_id args\n",
"\n", "\n",
" -inform arg - input format - default PEM (DER or PEM)\n", " -inform arg - input format - default PEM (DER or PEM)\n",
" -outform arg - output format - default PEM (PEM, DER or NSS)\n", " -outform arg - output format - default PEM (PEM, DER or NSS)\n",
" -in arg - input file - default stdin\n", " -in arg - input file - default stdin\n",
" -out arg - output file - default stdout\n", " -out arg - output file - default stdout\n",
" -text - print ssl session id details\n", " -text - print ssl session id details\n",
" -cert - output certificate \n", " -cert - output certificate \n",
" -noout - no output of encoded session info\n", " -noout - no output of encoded session info\n",
" -context arg - set the session ID context\n", " -context arg - set the session ID context\n",
NULL NULL
}; };
static SSL_SESSION *load_sess_id(char *file, int format); static SSL_SESSION *load_sess_id(char *file, int format);
@ -88,237 +88,215 @@ static SSL_SESSION *load_sess_id(char *file, int format);
int MAIN(int, char **); int MAIN(int, char **);
int MAIN(int argc, char **argv) int MAIN(int argc, char **argv)
{ {
SSL_SESSION *x=NULL; SSL_SESSION *x = NULL;
X509 *peer = NULL; X509 *peer = NULL;
int ret=1,i,num,badops=0; int ret = 1, i, num, badops = 0;
BIO *out=NULL; BIO *out = NULL;
int informat,outformat; int informat, outformat;
char *infile=NULL,*outfile=NULL,*context=NULL; char *infile = NULL, *outfile = NULL, *context = NULL;
int cert=0,noout=0,text=0; int cert = 0, noout = 0, text = 0;
const char **pp; const char **pp;
apps_startup(); apps_startup();
if (bio_err == NULL) if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
informat=FORMAT_PEM; informat = FORMAT_PEM;
outformat=FORMAT_PEM; outformat = FORMAT_PEM;
argc--; argc--;
argv++; argv++;
num=0; num = 0;
while (argc >= 1) while (argc >= 1) {
{ if (strcmp(*argv, "-inform") == 0) {
if (strcmp(*argv,"-inform") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad; informat = str2fmt(*(++argv));
informat=str2fmt(*(++argv)); } else if (strcmp(*argv, "-outform") == 0) {
} if (--argc < 1)
else if (strcmp(*argv,"-outform") == 0) goto bad;
{ outformat = str2fmt(*(++argv));
if (--argc < 1) goto bad; } else if (strcmp(*argv, "-in") == 0) {
outformat=str2fmt(*(++argv)); if (--argc < 1)
} goto bad;
else if (strcmp(*argv,"-in") == 0) infile = *(++argv);
{ } else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1) goto bad; if (--argc < 1)
infile= *(++argv); goto bad;
} outfile = *(++argv);
else if (strcmp(*argv,"-out") == 0) } else if (strcmp(*argv, "-text") == 0)
{ text = ++num;
if (--argc < 1) goto bad; else if (strcmp(*argv, "-cert") == 0)
outfile= *(++argv); cert = ++num;
} else if (strcmp(*argv, "-noout") == 0)
else if (strcmp(*argv,"-text") == 0) noout = ++num;
text= ++num; else if (strcmp(*argv, "-context") == 0) {
else if (strcmp(*argv,"-cert") == 0) if (--argc < 1)
cert= ++num; goto bad;
else if (strcmp(*argv,"-noout") == 0) context = *++argv;
noout= ++num; } else {
else if (strcmp(*argv,"-context") == 0) BIO_printf(bio_err, "unknown option %s\n", *argv);
{ badops = 1;
if(--argc < 1) goto bad; break;
context=*++argv; }
} argc--;
else argv++;
{ }
BIO_printf(bio_err,"unknown option %s\n",*argv);
badops=1;
break;
}
argc--;
argv++;
}
if (badops) if (badops) {
{ bad:
bad: for (pp = sess_id_usage; (*pp != NULL); pp++)
for (pp=sess_id_usage; (*pp != NULL); pp++) BIO_printf(bio_err, "%s", *pp);
BIO_printf(bio_err,"%s",*pp); goto end;
goto end; }
}
ERR_load_crypto_strings(); ERR_load_crypto_strings();
x=load_sess_id(infile,informat); x = load_sess_id(infile, informat);
if (x == NULL) { goto end; } if (x == NULL) {
peer = SSL_SESSION_get0_peer(x); goto end;
}
if(context) peer = SSL_SESSION_get0_peer(x);
{
size_t ctx_len = strlen(context);
if(ctx_len > SSL_MAX_SID_CTX_LENGTH)
{
BIO_printf(bio_err,"Context too long\n");
goto end;
}
SSL_SESSION_set1_id_context(x, (unsigned char *)context, ctx_len);
}
if (context) {
size_t ctx_len = strlen(context);
if (ctx_len > SSL_MAX_SID_CTX_LENGTH) {
BIO_printf(bio_err, "Context too long\n");
goto end;
}
SSL_SESSION_set1_id_context(x, (unsigned char *)context, ctx_len);
}
#ifdef undef #ifdef undef
/* just testing for memory leaks :-) */ /* just testing for memory leaks :-) */
{ {
SSL_SESSION *s; SSL_SESSION *s;
char buf[1024*10],*p; char buf[1024 * 10], *p;
int i; int i;
s=SSL_SESSION_new(); s = SSL_SESSION_new();
p= &buf; p = &buf;
i=i2d_SSL_SESSION(x,&p); i = i2d_SSL_SESSION(x, &p);
p= &buf; p = &buf;
d2i_SSL_SESSION(&s,&p,(long)i); d2i_SSL_SESSION(&s, &p, (long)i);
p= &buf; p = &buf;
d2i_SSL_SESSION(&s,&p,(long)i); d2i_SSL_SESSION(&s, &p, (long)i);
p= &buf; p = &buf;
d2i_SSL_SESSION(&s,&p,(long)i); d2i_SSL_SESSION(&s, &p, (long)i);
SSL_SESSION_free(s); SSL_SESSION_free(s);
} }
#endif #endif
if (!noout || text) if (!noout || text) {
{ out = BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file()); if (out == NULL) {
if (out == NULL) ERR_print_errors(bio_err);
{ goto end;
ERR_print_errors(bio_err); }
goto end;
}
if (outfile == NULL) if (outfile == NULL) {
{ BIO_set_fp(out, stdout, BIO_NOCLOSE);
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS #ifdef OPENSSL_SYS_VMS
{ {
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out); out = BIO_push(tmpbio, out);
} }
#endif #endif
} } else {
else if (BIO_write_filename(out, outfile) <= 0) {
{ perror(outfile);
if (BIO_write_filename(out,outfile) <= 0) goto end;
{ }
perror(outfile); }
goto end; }
}
}
}
if (text) if (text) {
{ SSL_SESSION_print(out, x);
SSL_SESSION_print(out,x);
if (cert) if (cert) {
{ if (peer == NULL)
if (peer == NULL) BIO_puts(out, "No certificate present\n");
BIO_puts(out,"No certificate present\n"); else
else X509_print(out, peer);
X509_print(out,peer); }
} }
}
if (!noout && !cert) if (!noout && !cert) {
{ if (outformat == FORMAT_ASN1)
if (outformat == FORMAT_ASN1) i = i2d_SSL_SESSION_bio(out, x);
i=i2d_SSL_SESSION_bio(out,x); else if (outformat == FORMAT_PEM)
else if (outformat == FORMAT_PEM) i = PEM_write_bio_SSL_SESSION(out, x);
i=PEM_write_bio_SSL_SESSION(out,x); else if (outformat == FORMAT_NSS)
else if (outformat == FORMAT_NSS) i = SSL_SESSION_print_keylog(out, x);
i=SSL_SESSION_print_keylog(out,x); else {
else { BIO_printf(bio_err, "bad output format specified for outfile\n");
BIO_printf(bio_err,"bad output format specified for outfile\n"); goto end;
goto end; }
} if (!i) {
if (!i) { BIO_printf(bio_err, "unable to write SSL_SESSION\n");
BIO_printf(bio_err,"unable to write SSL_SESSION\n"); goto end;
goto end; }
} } else if (!noout && (peer != NULL)) { /* just print the certificate */
} if (outformat == FORMAT_ASN1)
else if (!noout && (peer != NULL)) /* just print the certificate */ i = (int)i2d_X509_bio(out, peer);
{ else if (outformat == FORMAT_PEM)
if (outformat == FORMAT_ASN1) i = PEM_write_bio_X509(out, peer);
i=(int)i2d_X509_bio(out,peer); else {
else if (outformat == FORMAT_PEM) BIO_printf(bio_err, "bad output format specified for outfile\n");
i=PEM_write_bio_X509(out,peer); goto end;
else { }
BIO_printf(bio_err,"bad output format specified for outfile\n"); if (!i) {
goto end; BIO_printf(bio_err, "unable to write X509\n");
} goto end;
if (!i) { }
BIO_printf(bio_err,"unable to write X509\n"); }
goto end; ret = 0;
} end:
} if (out != NULL)
ret=0; BIO_free_all(out);
end: if (x != NULL)
if (out != NULL) BIO_free_all(out); SSL_SESSION_free(x);
if (x != NULL) SSL_SESSION_free(x); apps_shutdown();
apps_shutdown(); OPENSSL_EXIT(ret);
OPENSSL_EXIT(ret); }
}
static SSL_SESSION *load_sess_id(char *infile, int format) static SSL_SESSION *load_sess_id(char *infile, int format)
{ {
SSL_SESSION *x=NULL; SSL_SESSION *x = NULL;
BIO *in=NULL; BIO *in = NULL;
in=BIO_new(BIO_s_file()); in = BIO_new(BIO_s_file());
if (in == NULL) if (in == NULL) {
{ ERR_print_errors(bio_err);
ERR_print_errors(bio_err); goto end;
goto end; }
}
if (infile == NULL) if (infile == NULL)
BIO_set_fp(in,stdin,BIO_NOCLOSE); BIO_set_fp(in, stdin, BIO_NOCLOSE);
else else {
{ if (BIO_read_filename(in, infile) <= 0) {
if (BIO_read_filename(in,infile) <= 0) perror(infile);
{ goto end;
perror(infile); }
goto end; }
} if (format == FORMAT_ASN1)
} x = d2i_SSL_SESSION_bio(in, NULL);
if (format == FORMAT_ASN1) else if (format == FORMAT_PEM)
x=d2i_SSL_SESSION_bio(in,NULL); x = PEM_read_bio_SSL_SESSION(in, NULL, NULL, NULL);
else if (format == FORMAT_PEM) else {
x=PEM_read_bio_SSL_SESSION(in,NULL,NULL,NULL); BIO_printf(bio_err, "bad input format specified for input crl\n");
else { goto end;
BIO_printf(bio_err,"bad input format specified for input crl\n"); }
goto end; if (x == NULL) {
} BIO_printf(bio_err, "unable to load SSL_SESSION\n");
if (x == NULL) ERR_print_errors(bio_err);
{ goto end;
BIO_printf(bio_err,"unable to load SSL_SESSION\n"); }
ERR_print_errors(bio_err);
goto end;
}
end:
if (in != NULL) BIO_free(in);
return(x);
}
end:
if (in != NULL)
BIO_free(in);
return (x);
}

1338
apps/smime.c
View File

File diff suppressed because it is too large Load Diff

5409
apps/speed.c
View File

File diff suppressed because it is too large Load Diff

399
apps/spkac.c
View File

@ -1,8 +1,8 @@
/* apps/spkac.c */ /* apps/spkac.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL /*
* project 1999. Based on an original idea by Massimiliano Pala * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* (madwolf@openca.org). * 1999. Based on an original idea by Massimiliano Pala (madwolf@openca.org).
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved. * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
@ -71,239 +71,242 @@
#include <openssl/pem.h> #include <openssl/pem.h>
#undef PROG #undef PROG
#define PROG spkac_main #define PROG spkac_main
/*- /*-
* -in arg - input file - default stdin * -in arg - input file - default stdin
* -out arg - output file - default stdout * -out arg - output file - default stdout
*/ */
int MAIN(int, char **); int MAIN(int, char **);
int MAIN(int argc, char **argv) int MAIN(int argc, char **argv)
{ {
ENGINE *e = NULL; ENGINE *e = NULL;
int i,badops=0, ret = 1; int i, badops = 0, ret = 1;
BIO *in = NULL,*out = NULL; BIO *in = NULL, *out = NULL;
int verify=0,noout=0,pubkey=0; int verify = 0, noout = 0, pubkey = 0;
char *infile = NULL,*outfile = NULL,*prog; char *infile = NULL, *outfile = NULL, *prog;
char *passargin = NULL, *passin = NULL; char *passargin = NULL, *passin = NULL;
const char *spkac = "SPKAC", *spksect = "default"; const char *spkac = "SPKAC", *spksect = "default";
char *spkstr = NULL; char *spkstr = NULL;
char *challenge = NULL, *keyfile = NULL; char *challenge = NULL, *keyfile = NULL;
CONF *conf = NULL; CONF *conf = NULL;
NETSCAPE_SPKI *spki = NULL; NETSCAPE_SPKI *spki = NULL;
EVP_PKEY *pkey = NULL; EVP_PKEY *pkey = NULL;
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
char *engine=NULL; char *engine = NULL;
#endif #endif
apps_startup(); apps_startup();
if (!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); if (!bio_err)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL)) if (!load_config(bio_err, NULL))
goto end; goto end;
prog=argv[0]; prog = argv[0];
argc--; argc--;
argv++; argv++;
while (argc >= 1) while (argc >= 1) {
{ if (strcmp(*argv, "-in") == 0) {
if (strcmp(*argv,"-in") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad; infile = *(++argv);
infile= *(++argv); } else if (strcmp(*argv, "-out") == 0) {
} if (--argc < 1)
else if (strcmp(*argv,"-out") == 0) goto bad;
{ outfile = *(++argv);
if (--argc < 1) goto bad; } else if (strcmp(*argv, "-passin") == 0) {
outfile= *(++argv); if (--argc < 1)
} goto bad;
else if (strcmp(*argv,"-passin") == 0) passargin = *(++argv);
{ } else if (strcmp(*argv, "-key") == 0) {
if (--argc < 1) goto bad; if (--argc < 1)
passargin= *(++argv); goto bad;
} keyfile = *(++argv);
else if (strcmp(*argv,"-key") == 0) } else if (strcmp(*argv, "-challenge") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
keyfile= *(++argv); challenge = *(++argv);
} } else if (strcmp(*argv, "-spkac") == 0) {
else if (strcmp(*argv,"-challenge") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad; spkac = *(++argv);
challenge= *(++argv); } else if (strcmp(*argv, "-spksect") == 0) {
} if (--argc < 1)
else if (strcmp(*argv,"-spkac") == 0) goto bad;
{ spksect = *(++argv);
if (--argc < 1) goto bad; }
spkac= *(++argv);
}
else if (strcmp(*argv,"-spksect") == 0)
{
if (--argc < 1) goto bad;
spksect= *(++argv);
}
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0) else if (strcmp(*argv, "-engine") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
engine= *(++argv); engine = *(++argv);
} }
#endif #endif
else if (strcmp(*argv,"-noout") == 0) else if (strcmp(*argv, "-noout") == 0)
noout=1; noout = 1;
else if (strcmp(*argv,"-pubkey") == 0) else if (strcmp(*argv, "-pubkey") == 0)
pubkey=1; pubkey = 1;
else if (strcmp(*argv,"-verify") == 0) else if (strcmp(*argv, "-verify") == 0)
verify=1; verify = 1;
else badops = 1; else
argc--; badops = 1;
argv++; argc--;
} argv++;
}
if (badops) if (badops) {
{ bad:
bad: BIO_printf(bio_err, "%s [options]\n", prog);
BIO_printf(bio_err,"%s [options]\n",prog); BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err,"where options are\n"); BIO_printf(bio_err, " -in arg input file\n");
BIO_printf(bio_err," -in arg input file\n"); BIO_printf(bio_err, " -out arg output file\n");
BIO_printf(bio_err," -out arg output file\n"); BIO_printf(bio_err,
BIO_printf(bio_err," -key arg create SPKAC using private key\n"); " -key arg create SPKAC using private key\n");
BIO_printf(bio_err," -passin arg input file pass phrase source\n"); BIO_printf(bio_err,
BIO_printf(bio_err," -challenge arg challenge string\n"); " -passin arg input file pass phrase source\n");
BIO_printf(bio_err," -spkac arg alternative SPKAC name\n"); BIO_printf(bio_err, " -challenge arg challenge string\n");
BIO_printf(bio_err," -noout don't print SPKAC\n"); BIO_printf(bio_err, " -spkac arg alternative SPKAC name\n");
BIO_printf(bio_err," -pubkey output public key\n"); BIO_printf(bio_err, " -noout don't print SPKAC\n");
BIO_printf(bio_err," -verify verify SPKAC signature\n"); BIO_printf(bio_err, " -pubkey output public key\n");
BIO_printf(bio_err, " -verify verify SPKAC signature\n");
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err,
" -engine e use engine e, possibly a hardware device.\n");
#endif #endif
goto end; goto end;
} }
ERR_load_crypto_strings();
if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
ERR_load_crypto_strings();
if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0); e = setup_engine(bio_err, engine, 0);
#endif #endif
if(keyfile) { if (keyfile) {
pkey = load_key(bio_err, pkey = load_key(bio_err,
strcmp(keyfile, "-") ? keyfile : NULL, strcmp(keyfile, "-") ? keyfile : NULL,
FORMAT_PEM, 1, passin, e, "private key"); FORMAT_PEM, 1, passin, e, "private key");
if(!pkey) { if (!pkey) {
goto end; goto end;
} }
spki = NETSCAPE_SPKI_new(); spki = NETSCAPE_SPKI_new();
if(challenge) ASN1_STRING_set(spki->spkac->challenge, if (challenge)
challenge, (int)strlen(challenge)); ASN1_STRING_set(spki->spkac->challenge,
NETSCAPE_SPKI_set_pubkey(spki, pkey); challenge, (int)strlen(challenge));
NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); NETSCAPE_SPKI_set_pubkey(spki, pkey);
spkstr = NETSCAPE_SPKI_b64_encode(spki); NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
spkstr = NETSCAPE_SPKI_b64_encode(spki);
if (outfile) out = BIO_new_file(outfile, "w"); if (outfile)
else { out = BIO_new_file(outfile, "w");
out = BIO_new_fp(stdout, BIO_NOCLOSE); else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS #ifdef OPENSSL_SYS_VMS
{ {
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out); out = BIO_push(tmpbio, out);
} }
#endif #endif
} }
if(!out) { if (!out) {
BIO_printf(bio_err, "Error opening output file\n"); BIO_printf(bio_err, "Error opening output file\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
BIO_printf(out, "SPKAC=%s\n", spkstr); BIO_printf(out, "SPKAC=%s\n", spkstr);
OPENSSL_free(spkstr); OPENSSL_free(spkstr);
ret = 0; ret = 0;
goto end; goto end;
} }
if (infile)
in = BIO_new_file(infile, "r");
else
in = BIO_new_fp(stdin, BIO_NOCLOSE);
if (!in) {
BIO_printf(bio_err, "Error opening input file\n");
ERR_print_errors(bio_err);
goto end;
}
if (infile) in = BIO_new_file(infile, "r"); conf = NCONF_new(NULL);
else in = BIO_new_fp(stdin, BIO_NOCLOSE); i = NCONF_load_bio(conf, in, NULL);
if(!in) { if (!i) {
BIO_printf(bio_err, "Error opening input file\n"); BIO_printf(bio_err, "Error parsing config file\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
conf = NCONF_new(NULL); spkstr = NCONF_get_string(conf, spksect, spkac);
i = NCONF_load_bio(conf, in, NULL);
if(!i) { if (!spkstr) {
BIO_printf(bio_err, "Error parsing config file\n"); BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac);
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
spkstr = NCONF_get_string(conf, spksect, spkac); spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
if(!spkstr) { if (!spki) {
BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac); BIO_printf(bio_err, "Error loading SPKAC\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
spki = NETSCAPE_SPKI_b64_decode(spkstr, -1); if (outfile)
out = BIO_new_file(outfile, "w");
if(!spki) { else {
BIO_printf(bio_err, "Error loading SPKAC\n"); out = BIO_new_fp(stdout, BIO_NOCLOSE);
ERR_print_errors(bio_err);
goto end;
}
if (outfile) out = BIO_new_file(outfile, "w");
else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS #ifdef OPENSSL_SYS_VMS
{ {
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out); out = BIO_push(tmpbio, out);
} }
#endif #endif
} }
if(!out) { if (!out) {
BIO_printf(bio_err, "Error opening output file\n"); BIO_printf(bio_err, "Error opening output file\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
if(!noout) NETSCAPE_SPKI_print(out, spki); if (!noout)
pkey = NETSCAPE_SPKI_get_pubkey(spki); NETSCAPE_SPKI_print(out, spki);
if(verify) { pkey = NETSCAPE_SPKI_get_pubkey(spki);
i = NETSCAPE_SPKI_verify(spki, pkey); if (verify) {
if (i > 0) BIO_printf(bio_err, "Signature OK\n"); i = NETSCAPE_SPKI_verify(spki, pkey);
else { if (i > 0)
BIO_printf(bio_err, "Signature Failure\n"); BIO_printf(bio_err, "Signature OK\n");
ERR_print_errors(bio_err); else {
goto end; BIO_printf(bio_err, "Signature Failure\n");
} ERR_print_errors(bio_err);
} goto end;
if(pubkey) PEM_write_bio_PUBKEY(out, pkey); }
}
if (pubkey)
PEM_write_bio_PUBKEY(out, pkey);
ret = 0; ret = 0;
end: end:
NCONF_free(conf); NCONF_free(conf);
NETSCAPE_SPKI_free(spki); NETSCAPE_SPKI_free(spki);
BIO_free(in); BIO_free(in);
BIO_free_all(out); BIO_free_all(out);
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
if(passin) OPENSSL_free(passin); if (passin)
apps_shutdown(); OPENSSL_free(passin);
OPENSSL_EXIT(ret); apps_shutdown();
} OPENSSL_EXIT(ret);
}

5
apps/srp.c
View File

@ -1,6 +1,7 @@
/* apps/srp.c */ /* apps/srp.c */
/* Written by Peter Sylvester (peter.sylvester@edelweb.fr) /*
* for the EdelKey project and contributed to the OpenSSL project 2004. * Written by Peter Sylvester (peter.sylvester@edelweb.fr) for the EdelKey
* project and contributed to the OpenSSL project 2004.
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 2004 The OpenSSL Project. All rights reserved. * Copyright (c) 2004 The OpenSSL Project. All rights reserved.

416
apps/testdsa.h
View File

@ -1,217 +1,233 @@
/* NOCW */ /* NOCW */
/* used by apps/speed.c */ /* used by apps/speed.c */
DSA *get_dsa512(void ); DSA *get_dsa512(void);
DSA *get_dsa1024(void ); DSA *get_dsa1024(void);
DSA *get_dsa2048(void ); DSA *get_dsa2048(void);
static unsigned char dsa512_priv[] = { static unsigned char dsa512_priv[] = {
0x65,0xe5,0xc7,0x38,0x60,0x24,0xb5,0x89,0xd4,0x9c,0xeb,0x4c, 0x65, 0xe5, 0xc7, 0x38, 0x60, 0x24, 0xb5, 0x89, 0xd4, 0x9c, 0xeb, 0x4c,
0x9c,0x1d,0x7a,0x22,0xbd,0xd1,0xc2,0xd2, 0x9c, 0x1d, 0x7a, 0x22, 0xbd, 0xd1, 0xc2, 0xd2,
}; };
static unsigned char dsa512_pub[] = { static unsigned char dsa512_pub[] = {
0x00,0x95,0xa7,0x0d,0xec,0x93,0x68,0xba,0x5f,0xf7,0x5f,0x07, 0x00, 0x95, 0xa7, 0x0d, 0xec, 0x93, 0x68, 0xba, 0x5f, 0xf7, 0x5f, 0x07,
0xf2,0x3b,0xad,0x6b,0x01,0xdc,0xbe,0xec,0xde,0x04,0x7a,0x3a, 0xf2, 0x3b, 0xad, 0x6b, 0x01, 0xdc, 0xbe, 0xec, 0xde, 0x04, 0x7a, 0x3a,
0x27,0xb3,0xec,0x49,0xfd,0x08,0x43,0x3d,0x7e,0xa8,0x2c,0x5e, 0x27, 0xb3, 0xec, 0x49, 0xfd, 0x08, 0x43, 0x3d, 0x7e, 0xa8, 0x2c, 0x5e,
0x7b,0xbb,0xfc,0xf4,0x6e,0xeb,0x6c,0xb0,0x6e,0xf8,0x02,0x12, 0x7b, 0xbb, 0xfc, 0xf4, 0x6e, 0xeb, 0x6c, 0xb0, 0x6e, 0xf8, 0x02, 0x12,
0x8c,0x38,0x5d,0x83,0x56,0x7d,0xee,0x53,0x05,0x3e,0x24,0x84, 0x8c, 0x38, 0x5d, 0x83, 0x56, 0x7d, 0xee, 0x53, 0x05, 0x3e, 0x24, 0x84,
0xbe,0xba,0x0a,0x6b,0xc8, 0xbe, 0xba, 0x0a, 0x6b, 0xc8,
}; };
static unsigned char dsa512_p[]={
0x9D,0x1B,0x69,0x8E,0x26,0xDB,0xF2,0x2B,0x11,0x70,0x19,0x86, static unsigned char dsa512_p[] = {
0xF6,0x19,0xC8,0xF8,0x19,0xF2,0x18,0x53,0x94,0x46,0x06,0xD0, 0x9D, 0x1B, 0x69, 0x8E, 0x26, 0xDB, 0xF2, 0x2B, 0x11, 0x70, 0x19, 0x86,
0x62,0x50,0x33,0x4B,0x02,0x3C,0x52,0x30,0x03,0x8B,0x3B,0xF9, 0xF6, 0x19, 0xC8, 0xF8, 0x19, 0xF2, 0x18, 0x53, 0x94, 0x46, 0x06, 0xD0,
0x5F,0xD1,0x24,0x06,0x4F,0x7B,0x4C,0xBA,0xAA,0x40,0x9B,0xFD, 0x62, 0x50, 0x33, 0x4B, 0x02, 0x3C, 0x52, 0x30, 0x03, 0x8B, 0x3B, 0xF9,
0x96,0xE4,0x37,0x33,0xBB,0x2D,0x5A,0xD7,0x5A,0x11,0x40,0x66, 0x5F, 0xD1, 0x24, 0x06, 0x4F, 0x7B, 0x4C, 0xBA, 0xAA, 0x40, 0x9B, 0xFD,
0xA2,0x76,0x7D,0x31, 0x96, 0xE4, 0x37, 0x33, 0xBB, 0x2D, 0x5A, 0xD7, 0x5A, 0x11, 0x40, 0x66,
}; 0xA2, 0x76, 0x7D, 0x31,
static unsigned char dsa512_q[]={ };
0xFB,0x53,0xEF,0x50,0xB4,0x40,0x92,0x31,0x56,0x86,0x53,0x7A,
0xE8,0x8B,0x22,0x9A,0x49,0xFB,0x71,0x8F, static unsigned char dsa512_q[] = {
}; 0xFB, 0x53, 0xEF, 0x50, 0xB4, 0x40, 0x92, 0x31, 0x56, 0x86, 0x53, 0x7A,
static unsigned char dsa512_g[]={ 0xE8, 0x8B, 0x22, 0x9A, 0x49, 0xFB, 0x71, 0x8F,
0x83,0x3E,0x88,0xE5,0xC5,0x89,0x73,0xCE,0x3B,0x6C,0x01,0x49, };
0xBF,0xB3,0xC7,0x9F,0x0A,0xEA,0x44,0x91,0xE5,0x30,0xAA,0xD9,
0xBE,0x5B,0x5F,0xB7,0x10,0xD7,0x89,0xB7,0x8E,0x74,0xFB,0xCF, static unsigned char dsa512_g[] = {
0x29,0x1E,0xEB,0xA8,0x2C,0x54,0x51,0xB8,0x10,0xDE,0xA0,0xCE, 0x83, 0x3E, 0x88, 0xE5, 0xC5, 0x89, 0x73, 0xCE, 0x3B, 0x6C, 0x01, 0x49,
0x2F,0xCC,0x24,0x6B,0x90,0x77,0xDE,0xA2,0x68,0xA6,0x52,0x12, 0xBF, 0xB3, 0xC7, 0x9F, 0x0A, 0xEA, 0x44, 0x91, 0xE5, 0x30, 0xAA, 0xD9,
0xA2,0x03,0x9D,0x20, 0xBE, 0x5B, 0x5F, 0xB7, 0x10, 0xD7, 0x89, 0xB7, 0x8E, 0x74, 0xFB, 0xCF,
}; 0x29, 0x1E, 0xEB, 0xA8, 0x2C, 0x54, 0x51, 0xB8, 0x10, 0xDE, 0xA0, 0xCE,
0x2F, 0xCC, 0x24, 0x6B, 0x90, 0x77, 0xDE, 0xA2, 0x68, 0xA6, 0x52, 0x12,
0xA2, 0x03, 0x9D, 0x20,
};
DSA *get_dsa512() DSA *get_dsa512()
{ {
DSA *dsa; DSA *dsa;
if ((dsa=DSA_new()) == NULL) return(NULL); if ((dsa = DSA_new()) == NULL)
dsa->priv_key=BN_bin2bn(dsa512_priv,sizeof(dsa512_priv),NULL); return (NULL);
dsa->pub_key=BN_bin2bn(dsa512_pub,sizeof(dsa512_pub),NULL); dsa->priv_key = BN_bin2bn(dsa512_priv, sizeof(dsa512_priv), NULL);
dsa->p=BN_bin2bn(dsa512_p,sizeof(dsa512_p),NULL); dsa->pub_key = BN_bin2bn(dsa512_pub, sizeof(dsa512_pub), NULL);
dsa->q=BN_bin2bn(dsa512_q,sizeof(dsa512_q),NULL); dsa->p = BN_bin2bn(dsa512_p, sizeof(dsa512_p), NULL);
dsa->g=BN_bin2bn(dsa512_g,sizeof(dsa512_g),NULL); dsa->q = BN_bin2bn(dsa512_q, sizeof(dsa512_q), NULL);
if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) || dsa->g = BN_bin2bn(dsa512_g, sizeof(dsa512_g), NULL);
(dsa->q == NULL) || (dsa->g == NULL)) if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL)
return(NULL); || (dsa->q == NULL) || (dsa->g == NULL))
return(dsa); return (NULL);
} return (dsa);
}
static unsigned char dsa1024_priv[]={ static unsigned char dsa1024_priv[] = {
0x7d,0x21,0xda,0xbb,0x62,0x15,0x47,0x36,0x07,0x67,0x12,0xe8, 0x7d, 0x21, 0xda, 0xbb, 0x62, 0x15, 0x47, 0x36, 0x07, 0x67, 0x12, 0xe8,
0x8c,0xaa,0x1c,0xcd,0x38,0x12,0x61,0x18, 0x8c, 0xaa, 0x1c, 0xcd, 0x38, 0x12, 0x61, 0x18,
}; };
static unsigned char dsa1024_pub[]={
0x3c,0x4e,0x9c,0x2a,0x7f,0x16,0xc1,0x25,0xeb,0xac,0x78,0x63, static unsigned char dsa1024_pub[] = {
0x90,0x14,0x8c,0x8b,0xf4,0x68,0x43,0x3c,0x2d,0xee,0x65,0x50, 0x3c, 0x4e, 0x9c, 0x2a, 0x7f, 0x16, 0xc1, 0x25, 0xeb, 0xac, 0x78, 0x63,
0x7d,0x9c,0x8f,0x8c,0x8a,0x51,0xd6,0x11,0x2b,0x99,0xaf,0x1e, 0x90, 0x14, 0x8c, 0x8b, 0xf4, 0x68, 0x43, 0x3c, 0x2d, 0xee, 0x65, 0x50,
0x90,0x97,0xb5,0xd3,0xa6,0x20,0x25,0xd6,0xfe,0x43,0x02,0xd5, 0x7d, 0x9c, 0x8f, 0x8c, 0x8a, 0x51, 0xd6, 0x11, 0x2b, 0x99, 0xaf, 0x1e,
0x91,0x7d,0xa7,0x8c,0xdb,0xc9,0x85,0xa3,0x36,0x48,0xf7,0x68, 0x90, 0x97, 0xb5, 0xd3, 0xa6, 0x20, 0x25, 0xd6, 0xfe, 0x43, 0x02, 0xd5,
0xaa,0x60,0xb1,0xf7,0x05,0x68,0x3a,0xa3,0x3f,0xd3,0x19,0x82, 0x91, 0x7d, 0xa7, 0x8c, 0xdb, 0xc9, 0x85, 0xa3, 0x36, 0x48, 0xf7, 0x68,
0xd8,0x82,0x7a,0x77,0xfb,0xef,0xf4,0x15,0x0a,0xeb,0x06,0x04, 0xaa, 0x60, 0xb1, 0xf7, 0x05, 0x68, 0x3a, 0xa3, 0x3f, 0xd3, 0x19, 0x82,
0x7f,0x53,0x07,0x0c,0xbc,0xcb,0x2d,0x83,0xdb,0x3e,0xd1,0x28, 0xd8, 0x82, 0x7a, 0x77, 0xfb, 0xef, 0xf4, 0x15, 0x0a, 0xeb, 0x06, 0x04,
0xa5,0xa1,0x31,0xe0,0x67,0xfa,0x50,0xde,0x9b,0x07,0x83,0x7e, 0x7f, 0x53, 0x07, 0x0c, 0xbc, 0xcb, 0x2d, 0x83, 0xdb, 0x3e, 0xd1, 0x28,
0x2c,0x0b,0xc3,0x13,0x50,0x61,0xe5,0xad,0xbd,0x36,0xb8,0x97, 0xa5, 0xa1, 0x31, 0xe0, 0x67, 0xfa, 0x50, 0xde, 0x9b, 0x07, 0x83, 0x7e,
0x4e,0x40,0x7d,0xe8,0x83,0x0d,0xbc,0x4b 0x2c, 0x0b, 0xc3, 0x13, 0x50, 0x61, 0xe5, 0xad, 0xbd, 0x36, 0xb8, 0x97,
}; 0x4e, 0x40, 0x7d, 0xe8, 0x83, 0x0d, 0xbc, 0x4b
static unsigned char dsa1024_p[]={ };
0xA7,0x3F,0x6E,0x85,0xBF,0x41,0x6A,0x29,0x7D,0xF0,0x9F,0x47,
0x19,0x30,0x90,0x9A,0x09,0x1D,0xDA,0x6A,0x33,0x1E,0xC5,0x3D, static unsigned char dsa1024_p[] = {
0x86,0x96,0xB3,0x15,0xE0,0x53,0x2E,0x8F,0xE0,0x59,0x82,0x73, 0xA7, 0x3F, 0x6E, 0x85, 0xBF, 0x41, 0x6A, 0x29, 0x7D, 0xF0, 0x9F, 0x47,
0x90,0x3E,0x75,0x31,0x99,0x47,0x7A,0x52,0xFB,0x85,0xE4,0xD9, 0x19, 0x30, 0x90, 0x9A, 0x09, 0x1D, 0xDA, 0x6A, 0x33, 0x1E, 0xC5, 0x3D,
0xA6,0x7B,0x38,0x9B,0x68,0x8A,0x84,0x9B,0x87,0xC6,0x1E,0xB5, 0x86, 0x96, 0xB3, 0x15, 0xE0, 0x53, 0x2E, 0x8F, 0xE0, 0x59, 0x82, 0x73,
0x7E,0x86,0x4B,0x53,0x5B,0x59,0xCF,0x71,0x65,0x19,0x88,0x6E, 0x90, 0x3E, 0x75, 0x31, 0x99, 0x47, 0x7A, 0x52, 0xFB, 0x85, 0xE4, 0xD9,
0xCE,0x66,0xAE,0x6B,0x88,0x36,0xFB,0xEC,0x28,0xDC,0xC2,0xD7, 0xA6, 0x7B, 0x38, 0x9B, 0x68, 0x8A, 0x84, 0x9B, 0x87, 0xC6, 0x1E, 0xB5,
0xA5,0xBB,0xE5,0x2C,0x39,0x26,0x4B,0xDA,0x9A,0x70,0x18,0x95, 0x7E, 0x86, 0x4B, 0x53, 0x5B, 0x59, 0xCF, 0x71, 0x65, 0x19, 0x88, 0x6E,
0x37,0x95,0x10,0x56,0x23,0xF6,0x15,0xED,0xBA,0x04,0x5E,0xDE, 0xCE, 0x66, 0xAE, 0x6B, 0x88, 0x36, 0xFB, 0xEC, 0x28, 0xDC, 0xC2, 0xD7,
0x39,0x4F,0xFD,0xB7,0x43,0x1F,0xB5,0xA4,0x65,0x6F,0xCD,0x80, 0xA5, 0xBB, 0xE5, 0x2C, 0x39, 0x26, 0x4B, 0xDA, 0x9A, 0x70, 0x18, 0x95,
0x11,0xE4,0x70,0x95,0x5B,0x50,0xCD,0x49, 0x37, 0x95, 0x10, 0x56, 0x23, 0xF6, 0x15, 0xED, 0xBA, 0x04, 0x5E, 0xDE,
}; 0x39, 0x4F, 0xFD, 0xB7, 0x43, 0x1F, 0xB5, 0xA4, 0x65, 0x6F, 0xCD, 0x80,
static unsigned char dsa1024_q[]={ 0x11, 0xE4, 0x70, 0x95, 0x5B, 0x50, 0xCD, 0x49,
0xF7,0x07,0x31,0xED,0xFA,0x6C,0x06,0x03,0xD5,0x85,0x8A,0x1C, };
0xAC,0x9C,0x65,0xE7,0x50,0x66,0x65,0x6F,
}; static unsigned char dsa1024_q[] = {
static unsigned char dsa1024_g[]={ 0xF7, 0x07, 0x31, 0xED, 0xFA, 0x6C, 0x06, 0x03, 0xD5, 0x85, 0x8A, 0x1C,
0x4D,0xDF,0x4C,0x03,0xA6,0x91,0x8A,0xF5,0x19,0x6F,0x50,0x46, 0xAC, 0x9C, 0x65, 0xE7, 0x50, 0x66, 0x65, 0x6F,
0x25,0x99,0xE5,0x68,0x6F,0x30,0xE3,0x69,0xE1,0xE5,0xB3,0x5D, };
0x98,0xBB,0x28,0x86,0x48,0xFC,0xDE,0x99,0x04,0x3F,0x5F,0x88,
0x0C,0x9C,0x73,0x24,0x0D,0x20,0x5D,0xB9,0x2A,0x9A,0x3F,0x18, static unsigned char dsa1024_g[] = {
0x96,0x27,0xE4,0x62,0x87,0xC1,0x7B,0x74,0x62,0x53,0xFC,0x61, 0x4D, 0xDF, 0x4C, 0x03, 0xA6, 0x91, 0x8A, 0xF5, 0x19, 0x6F, 0x50, 0x46,
0x27,0xA8,0x7A,0x91,0x09,0x9D,0xB6,0xF1,0x4D,0x9C,0x54,0x0F, 0x25, 0x99, 0xE5, 0x68, 0x6F, 0x30, 0xE3, 0x69, 0xE1, 0xE5, 0xB3, 0x5D,
0x58,0x06,0xEE,0x49,0x74,0x07,0xCE,0x55,0x7E,0x23,0xCE,0x16, 0x98, 0xBB, 0x28, 0x86, 0x48, 0xFC, 0xDE, 0x99, 0x04, 0x3F, 0x5F, 0x88,
0xF6,0xCA,0xDC,0x5A,0x61,0x01,0x7E,0xC9,0x71,0xB5,0x4D,0xF6, 0x0C, 0x9C, 0x73, 0x24, 0x0D, 0x20, 0x5D, 0xB9, 0x2A, 0x9A, 0x3F, 0x18,
0xDC,0x34,0x29,0x87,0x68,0xF6,0x5E,0x20,0x93,0xB3,0xDB,0xF5, 0x96, 0x27, 0xE4, 0x62, 0x87, 0xC1, 0x7B, 0x74, 0x62, 0x53, 0xFC, 0x61,
0xE4,0x09,0x6C,0x41,0x17,0x95,0x92,0xEB,0x01,0xB5,0x73,0xA5, 0x27, 0xA8, 0x7A, 0x91, 0x09, 0x9D, 0xB6, 0xF1, 0x4D, 0x9C, 0x54, 0x0F,
0x6A,0x7E,0xD8,0x32,0xED,0x0E,0x02,0xB8, 0x58, 0x06, 0xEE, 0x49, 0x74, 0x07, 0xCE, 0x55, 0x7E, 0x23, 0xCE, 0x16,
}; 0xF6, 0xCA, 0xDC, 0x5A, 0x61, 0x01, 0x7E, 0xC9, 0x71, 0xB5, 0x4D, 0xF6,
0xDC, 0x34, 0x29, 0x87, 0x68, 0xF6, 0x5E, 0x20, 0x93, 0xB3, 0xDB, 0xF5,
0xE4, 0x09, 0x6C, 0x41, 0x17, 0x95, 0x92, 0xEB, 0x01, 0xB5, 0x73, 0xA5,
0x6A, 0x7E, 0xD8, 0x32, 0xED, 0x0E, 0x02, 0xB8,
};
DSA *get_dsa1024() DSA *get_dsa1024()
{ {
DSA *dsa; DSA *dsa;
if ((dsa=DSA_new()) == NULL) return(NULL); if ((dsa = DSA_new()) == NULL)
dsa->priv_key=BN_bin2bn(dsa1024_priv,sizeof(dsa1024_priv),NULL); return (NULL);
dsa->pub_key=BN_bin2bn(dsa1024_pub,sizeof(dsa1024_pub),NULL); dsa->priv_key = BN_bin2bn(dsa1024_priv, sizeof(dsa1024_priv), NULL);
dsa->p=BN_bin2bn(dsa1024_p,sizeof(dsa1024_p),NULL); dsa->pub_key = BN_bin2bn(dsa1024_pub, sizeof(dsa1024_pub), NULL);
dsa->q=BN_bin2bn(dsa1024_q,sizeof(dsa1024_q),NULL); dsa->p = BN_bin2bn(dsa1024_p, sizeof(dsa1024_p), NULL);
dsa->g=BN_bin2bn(dsa1024_g,sizeof(dsa1024_g),NULL); dsa->q = BN_bin2bn(dsa1024_q, sizeof(dsa1024_q), NULL);
if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) || dsa->g = BN_bin2bn(dsa1024_g, sizeof(dsa1024_g), NULL);
(dsa->q == NULL) || (dsa->g == NULL)) if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL)
return(NULL); || (dsa->q == NULL) || (dsa->g == NULL))
return(dsa); return (NULL);
} return (dsa);
}
static unsigned char dsa2048_priv[]={ static unsigned char dsa2048_priv[] = {
0x32,0x67,0x92,0xf6,0xc4,0xe2,0xe2,0xe8,0xa0,0x8b,0x6b,0x45, 0x32, 0x67, 0x92, 0xf6, 0xc4, 0xe2, 0xe2, 0xe8, 0xa0, 0x8b, 0x6b, 0x45,
0x0c,0x8a,0x76,0xb0,0xee,0xcf,0x91,0xa7, 0x0c, 0x8a, 0x76, 0xb0, 0xee, 0xcf, 0x91, 0xa7,
}; };
static unsigned char dsa2048_pub[]={
0x17,0x8f,0xa8,0x11,0x84,0x92,0xec,0x83,0x47,0xc7,0x6a,0xb0, static unsigned char dsa2048_pub[] = {
0x92,0xaf,0x5a,0x20,0x37,0xa3,0x64,0x79,0xd2,0xd0,0x3d,0xcd, 0x17, 0x8f, 0xa8, 0x11, 0x84, 0x92, 0xec, 0x83, 0x47, 0xc7, 0x6a, 0xb0,
0xe0,0x61,0x88,0x88,0x21,0xcc,0x74,0x5d,0xce,0x4c,0x51,0x47, 0x92, 0xaf, 0x5a, 0x20, 0x37, 0xa3, 0x64, 0x79, 0xd2, 0xd0, 0x3d, 0xcd,
0xf0,0xc5,0x5c,0x4c,0x82,0x7a,0xaf,0x72,0xad,0xb9,0xe0,0x53, 0xe0, 0x61, 0x88, 0x88, 0x21, 0xcc, 0x74, 0x5d, 0xce, 0x4c, 0x51, 0x47,
0xf2,0x78,0xb7,0xf0,0xb5,0x48,0x7f,0x8a,0x3a,0x18,0xd1,0x9f, 0xf0, 0xc5, 0x5c, 0x4c, 0x82, 0x7a, 0xaf, 0x72, 0xad, 0xb9, 0xe0, 0x53,
0x8b,0x7d,0xa5,0x47,0xb7,0x95,0xab,0x98,0xf8,0x7b,0x74,0x50, 0xf2, 0x78, 0xb7, 0xf0, 0xb5, 0x48, 0x7f, 0x8a, 0x3a, 0x18, 0xd1, 0x9f,
0x56,0x8e,0x57,0xf0,0xee,0xf5,0xb7,0xba,0xab,0x85,0x86,0xf9, 0x8b, 0x7d, 0xa5, 0x47, 0xb7, 0x95, 0xab, 0x98, 0xf8, 0x7b, 0x74, 0x50,
0x2b,0xef,0x41,0x56,0xa0,0xa4,0x9f,0xb7,0x38,0x00,0x46,0x0a, 0x56, 0x8e, 0x57, 0xf0, 0xee, 0xf5, 0xb7, 0xba, 0xab, 0x85, 0x86, 0xf9,
0xa6,0xf1,0xfc,0x1f,0xd8,0x4e,0x85,0x44,0x92,0x43,0x21,0x5d, 0x2b, 0xef, 0x41, 0x56, 0xa0, 0xa4, 0x9f, 0xb7, 0x38, 0x00, 0x46, 0x0a,
0x6e,0xcc,0xc2,0xcb,0x26,0x31,0x0d,0x21,0xc4,0xbd,0x8d,0x24, 0xa6, 0xf1, 0xfc, 0x1f, 0xd8, 0x4e, 0x85, 0x44, 0x92, 0x43, 0x21, 0x5d,
0xbc,0xd9,0x18,0x19,0xd7,0xdc,0xf1,0xe7,0x93,0x50,0x48,0x03, 0x6e, 0xcc, 0xc2, 0xcb, 0x26, 0x31, 0x0d, 0x21, 0xc4, 0xbd, 0x8d, 0x24,
0x2c,0xae,0x2e,0xe7,0x49,0x88,0x5f,0x93,0x57,0x27,0x99,0x36, 0xbc, 0xd9, 0x18, 0x19, 0xd7, 0xdc, 0xf1, 0xe7, 0x93, 0x50, 0x48, 0x03,
0xb4,0x20,0xab,0xfc,0xa7,0x2b,0xf2,0xd9,0x98,0xd7,0xd4,0x34, 0x2c, 0xae, 0x2e, 0xe7, 0x49, 0x88, 0x5f, 0x93, 0x57, 0x27, 0x99, 0x36,
0x9d,0x96,0x50,0x58,0x9a,0xea,0x54,0xf3,0xee,0xf5,0x63,0x14, 0xb4, 0x20, 0xab, 0xfc, 0xa7, 0x2b, 0xf2, 0xd9, 0x98, 0xd7, 0xd4, 0x34,
0xee,0x85,0x83,0x74,0x76,0xe1,0x52,0x95,0xc3,0xf7,0xeb,0x04, 0x9d, 0x96, 0x50, 0x58, 0x9a, 0xea, 0x54, 0xf3, 0xee, 0xf5, 0x63, 0x14,
0x04,0x7b,0xa7,0x28,0x1b,0xcc,0xea,0x4a,0x4e,0x84,0xda,0xd8, 0xee, 0x85, 0x83, 0x74, 0x76, 0xe1, 0x52, 0x95, 0xc3, 0xf7, 0xeb, 0x04,
0x9c,0x79,0xd8,0x9b,0x66,0x89,0x2f,0xcf,0xac,0xd7,0x79,0xf9, 0x04, 0x7b, 0xa7, 0x28, 0x1b, 0xcc, 0xea, 0x4a, 0x4e, 0x84, 0xda, 0xd8,
0xa9,0xd8,0x45,0x13,0x78,0xb9,0x00,0x14,0xc9,0x7e,0x22,0x51, 0x9c, 0x79, 0xd8, 0x9b, 0x66, 0x89, 0x2f, 0xcf, 0xac, 0xd7, 0x79, 0xf9,
0x86,0x67,0xb0,0x9f,0x26,0x11,0x23,0xc8,0x38,0xd7,0x70,0x1d, 0xa9, 0xd8, 0x45, 0x13, 0x78, 0xb9, 0x00, 0x14, 0xc9, 0x7e, 0x22, 0x51,
0x15,0x8e,0x4d,0x4f,0x95,0x97,0x40,0xa1,0xc2,0x7e,0x01,0x18, 0x86, 0x67, 0xb0, 0x9f, 0x26, 0x11, 0x23, 0xc8, 0x38, 0xd7, 0x70, 0x1d,
0x72,0xf4,0x10,0xe6,0x8d,0x52,0x16,0x7f,0xf2,0xc9,0xf8,0x33, 0x15, 0x8e, 0x4d, 0x4f, 0x95, 0x97, 0x40, 0xa1, 0xc2, 0x7e, 0x01, 0x18,
0x8b,0x33,0xb7,0xce, 0x72, 0xf4, 0x10, 0xe6, 0x8d, 0x52, 0x16, 0x7f, 0xf2, 0xc9, 0xf8, 0x33,
}; 0x8b, 0x33, 0xb7, 0xce,
static unsigned char dsa2048_p[]={ };
0xA0,0x25,0xFA,0xAD,0xF4,0x8E,0xB9,0xE5,0x99,0xF3,0x5D,0x6F,
0x4F,0x83,0x34,0xE2,0x7E,0xCF,0x6F,0xBF,0x30,0xAF,0x6F,0x81, static unsigned char dsa2048_p[] = {
0xEB,0xF8,0xC4,0x13,0xD9,0xA0,0x5D,0x8B,0x5C,0x8E,0xDC,0xC2, 0xA0, 0x25, 0xFA, 0xAD, 0xF4, 0x8E, 0xB9, 0xE5, 0x99, 0xF3, 0x5D, 0x6F,
0x1D,0x0B,0x41,0x32,0xB0,0x1F,0xFE,0xEF,0x0C,0xC2,0xA2,0x7E, 0x4F, 0x83, 0x34, 0xE2, 0x7E, 0xCF, 0x6F, 0xBF, 0x30, 0xAF, 0x6F, 0x81,
0x68,0x5C,0x28,0x21,0xE9,0xF5,0xB1,0x58,0x12,0x63,0x4C,0x19, 0xEB, 0xF8, 0xC4, 0x13, 0xD9, 0xA0, 0x5D, 0x8B, 0x5C, 0x8E, 0xDC, 0xC2,
0x4E,0xFF,0x02,0x4B,0x92,0xED,0xD2,0x07,0x11,0x4D,0x8C,0x58, 0x1D, 0x0B, 0x41, 0x32, 0xB0, 0x1F, 0xFE, 0xEF, 0x0C, 0xC2, 0xA2, 0x7E,
0x16,0x5C,0x55,0x8E,0xAD,0xA3,0x67,0x7D,0xB9,0x86,0x6E,0x0B, 0x68, 0x5C, 0x28, 0x21, 0xE9, 0xF5, 0xB1, 0x58, 0x12, 0x63, 0x4C, 0x19,
0xE6,0x54,0x6F,0x40,0xAE,0x0E,0x67,0x4C,0xF9,0x12,0x5B,0x3C, 0x4E, 0xFF, 0x02, 0x4B, 0x92, 0xED, 0xD2, 0x07, 0x11, 0x4D, 0x8C, 0x58,
0x08,0x7A,0xF7,0xFC,0x67,0x86,0x69,0xE7,0x0A,0x94,0x40,0xBF, 0x16, 0x5C, 0x55, 0x8E, 0xAD, 0xA3, 0x67, 0x7D, 0xB9, 0x86, 0x6E, 0x0B,
0x8B,0x76,0xFE,0x26,0xD1,0xF2,0xA1,0x1A,0x84,0xA1,0x43,0x56, 0xE6, 0x54, 0x6F, 0x40, 0xAE, 0x0E, 0x67, 0x4C, 0xF9, 0x12, 0x5B, 0x3C,
0x28,0xBC,0x9A,0x5F,0xD7,0x3B,0x69,0x89,0x8A,0x36,0x2C,0x51, 0x08, 0x7A, 0xF7, 0xFC, 0x67, 0x86, 0x69, 0xE7, 0x0A, 0x94, 0x40, 0xBF,
0xDF,0x12,0x77,0x2F,0x57,0x7B,0xA0,0xAA,0xDD,0x7F,0xA1,0x62, 0x8B, 0x76, 0xFE, 0x26, 0xD1, 0xF2, 0xA1, 0x1A, 0x84, 0xA1, 0x43, 0x56,
0x3B,0x40,0x7B,0x68,0x1A,0x8F,0x0D,0x38,0xBB,0x21,0x5D,0x18, 0x28, 0xBC, 0x9A, 0x5F, 0xD7, 0x3B, 0x69, 0x89, 0x8A, 0x36, 0x2C, 0x51,
0xFC,0x0F,0x46,0xF7,0xA3,0xB0,0x1D,0x23,0xC3,0xD2,0xC7,0x72, 0xDF, 0x12, 0x77, 0x2F, 0x57, 0x7B, 0xA0, 0xAA, 0xDD, 0x7F, 0xA1, 0x62,
0x51,0x18,0xDF,0x46,0x95,0x79,0xD9,0xBD,0xB5,0x19,0x02,0x2C, 0x3B, 0x40, 0x7B, 0x68, 0x1A, 0x8F, 0x0D, 0x38, 0xBB, 0x21, 0x5D, 0x18,
0x87,0xDC,0xE7,0x57,0x82,0x7E,0xF1,0x8B,0x06,0x3D,0x00,0xA5, 0xFC, 0x0F, 0x46, 0xF7, 0xA3, 0xB0, 0x1D, 0x23, 0xC3, 0xD2, 0xC7, 0x72,
0x7B,0x6B,0x26,0x27,0x91,0x0F,0x6A,0x77,0xE4,0xD5,0x04,0xE4, 0x51, 0x18, 0xDF, 0x46, 0x95, 0x79, 0xD9, 0xBD, 0xB5, 0x19, 0x02, 0x2C,
0x12,0x2C,0x42,0xFF,0xD2,0x88,0xBB,0xD3,0x92,0xA0,0xF9,0xC8, 0x87, 0xDC, 0xE7, 0x57, 0x82, 0x7E, 0xF1, 0x8B, 0x06, 0x3D, 0x00, 0xA5,
0x51,0x64,0x14,0x5C,0xD8,0xF9,0x6C,0x47,0x82,0xB4,0x1C,0x7F, 0x7B, 0x6B, 0x26, 0x27, 0x91, 0x0F, 0x6A, 0x77, 0xE4, 0xD5, 0x04, 0xE4,
0x09,0xB8,0xF0,0x25,0x83,0x1D,0x3F,0x3F,0x05,0xB3,0x21,0x0A, 0x12, 0x2C, 0x42, 0xFF, 0xD2, 0x88, 0xBB, 0xD3, 0x92, 0xA0, 0xF9, 0xC8,
0x5D,0xA7,0xD8,0x54,0xC3,0x65,0x7D,0xC3,0xB0,0x1D,0xBF,0xAE, 0x51, 0x64, 0x14, 0x5C, 0xD8, 0xF9, 0x6C, 0x47, 0x82, 0xB4, 0x1C, 0x7F,
0xF8,0x68,0xCF,0x9B, 0x09, 0xB8, 0xF0, 0x25, 0x83, 0x1D, 0x3F, 0x3F, 0x05, 0xB3, 0x21, 0x0A,
}; 0x5D, 0xA7, 0xD8, 0x54, 0xC3, 0x65, 0x7D, 0xC3, 0xB0, 0x1D, 0xBF, 0xAE,
static unsigned char dsa2048_q[]={ 0xF8, 0x68, 0xCF, 0x9B,
0x97,0xE7,0x33,0x4D,0xD3,0x94,0x3E,0x0B,0xDB,0x62,0x74,0xC6, };
0xA1,0x08,0xDD,0x19,0xA3,0x75,0x17,0x1B,
}; static unsigned char dsa2048_q[] = {
static unsigned char dsa2048_g[]={ 0x97, 0xE7, 0x33, 0x4D, 0xD3, 0x94, 0x3E, 0x0B, 0xDB, 0x62, 0x74, 0xC6,
0x2C,0x78,0x16,0x59,0x34,0x63,0xF4,0xF3,0x92,0xFC,0xB5,0xA5, 0xA1, 0x08, 0xDD, 0x19, 0xA3, 0x75, 0x17, 0x1B,
0x4F,0x13,0xDE,0x2F,0x1C,0xA4,0x3C,0xAE,0xAD,0x38,0x3F,0x7E, };
0x90,0xBF,0x96,0xA6,0xAE,0x25,0x90,0x72,0xF5,0x8E,0x80,0x0C,
0x39,0x1C,0xD9,0xEC,0xBA,0x90,0x5B,0x3A,0xE8,0x58,0x6C,0x9E, static unsigned char dsa2048_g[] = {
0x30,0x42,0x37,0x02,0x31,0x82,0xBC,0x6A,0xDF,0x6A,0x09,0x29, 0x2C, 0x78, 0x16, 0x59, 0x34, 0x63, 0xF4, 0xF3, 0x92, 0xFC, 0xB5, 0xA5,
0xE3,0xC0,0x46,0xD1,0xCB,0x85,0xEC,0x0C,0x30,0x5E,0xEA,0xC8, 0x4F, 0x13, 0xDE, 0x2F, 0x1C, 0xA4, 0x3C, 0xAE, 0xAD, 0x38, 0x3F, 0x7E,
0x39,0x8E,0x22,0x9F,0x22,0x10,0xD2,0x34,0x61,0x68,0x37,0x3D, 0x90, 0xBF, 0x96, 0xA6, 0xAE, 0x25, 0x90, 0x72, 0xF5, 0x8E, 0x80, 0x0C,
0x2E,0x4A,0x5B,0x9A,0xF5,0xC1,0x48,0xC6,0xF6,0xDC,0x63,0x1A, 0x39, 0x1C, 0xD9, 0xEC, 0xBA, 0x90, 0x5B, 0x3A, 0xE8, 0x58, 0x6C, 0x9E,
0xD3,0x96,0x64,0xBA,0x34,0xC9,0xD1,0xA0,0xD1,0xAE,0x6C,0x2F, 0x30, 0x42, 0x37, 0x02, 0x31, 0x82, 0xBC, 0x6A, 0xDF, 0x6A, 0x09, 0x29,
0x48,0x17,0x93,0x14,0x43,0xED,0xF0,0x21,0x30,0x19,0xC3,0x1B, 0xE3, 0xC0, 0x46, 0xD1, 0xCB, 0x85, 0xEC, 0x0C, 0x30, 0x5E, 0xEA, 0xC8,
0x5F,0xDE,0xA3,0xF0,0x70,0x78,0x18,0xE1,0xA8,0xE4,0xEE,0x2E, 0x39, 0x8E, 0x22, 0x9F, 0x22, 0x10, 0xD2, 0x34, 0x61, 0x68, 0x37, 0x3D,
0x00,0xA5,0xE4,0xB3,0x17,0xC8,0x0C,0x7D,0x6E,0x42,0xDC,0xB7, 0x2E, 0x4A, 0x5B, 0x9A, 0xF5, 0xC1, 0x48, 0xC6, 0xF6, 0xDC, 0x63, 0x1A,
0x46,0x00,0x36,0x4D,0xD4,0x46,0xAA,0x3D,0x3C,0x46,0x89,0x40, 0xD3, 0x96, 0x64, 0xBA, 0x34, 0xC9, 0xD1, 0xA0, 0xD1, 0xAE, 0x6C, 0x2F,
0xBF,0x1D,0x84,0x77,0x0A,0x75,0xF3,0x87,0x1D,0x08,0x4C,0xA6, 0x48, 0x17, 0x93, 0x14, 0x43, 0xED, 0xF0, 0x21, 0x30, 0x19, 0xC3, 0x1B,
0xD1,0xA9,0x1C,0x1E,0x12,0x1E,0xE1,0xC7,0x30,0x28,0x76,0xA5, 0x5F, 0xDE, 0xA3, 0xF0, 0x70, 0x78, 0x18, 0xE1, 0xA8, 0xE4, 0xEE, 0x2E,
0x7F,0x6C,0x85,0x96,0x2B,0x6F,0xDB,0x80,0x66,0x26,0xAE,0xF5, 0x00, 0xA5, 0xE4, 0xB3, 0x17, 0xC8, 0x0C, 0x7D, 0x6E, 0x42, 0xDC, 0xB7,
0x93,0xC7,0x8E,0xAE,0x9A,0xED,0xE4,0xCA,0x04,0xEA,0x3B,0x72, 0x46, 0x00, 0x36, 0x4D, 0xD4, 0x46, 0xAA, 0x3D, 0x3C, 0x46, 0x89, 0x40,
0xEF,0xDC,0x87,0xED,0x0D,0xA5,0x4C,0x4A,0xDD,0x71,0x22,0x64, 0xBF, 0x1D, 0x84, 0x77, 0x0A, 0x75, 0xF3, 0x87, 0x1D, 0x08, 0x4C, 0xA6,
0x59,0x69,0x4E,0x8E,0xBF,0x43,0xDC,0xAB,0x8E,0x66,0xBB,0x01, 0xD1, 0xA9, 0x1C, 0x1E, 0x12, 0x1E, 0xE1, 0xC7, 0x30, 0x28, 0x76, 0xA5,
0xB6,0xF4,0xE7,0xFD,0xD2,0xAD,0x9F,0x36,0xC1,0xA0,0x29,0x99, 0x7F, 0x6C, 0x85, 0x96, 0x2B, 0x6F, 0xDB, 0x80, 0x66, 0x26, 0xAE, 0xF5,
0xD1,0x96,0x70,0x59,0x06,0x78,0x35,0xBD,0x65,0x55,0x52,0x9E, 0x93, 0xC7, 0x8E, 0xAE, 0x9A, 0xED, 0xE4, 0xCA, 0x04, 0xEA, 0x3B, 0x72,
0xF8,0xB2,0xE5,0x38, 0xEF, 0xDC, 0x87, 0xED, 0x0D, 0xA5, 0x4C, 0x4A, 0xDD, 0x71, 0x22, 0x64,
}; 0x59, 0x69, 0x4E, 0x8E, 0xBF, 0x43, 0xDC, 0xAB, 0x8E, 0x66, 0xBB, 0x01,
0xB6, 0xF4, 0xE7, 0xFD, 0xD2, 0xAD, 0x9F, 0x36, 0xC1, 0xA0, 0x29, 0x99,
0xD1, 0x96, 0x70, 0x59, 0x06, 0x78, 0x35, 0xBD, 0x65, 0x55, 0x52, 0x9E,
0xF8, 0xB2, 0xE5, 0x38,
};
DSA *get_dsa2048() DSA *get_dsa2048()
{ {
DSA *dsa; DSA *dsa;
if ((dsa=DSA_new()) == NULL) return(NULL); if ((dsa = DSA_new()) == NULL)
dsa->priv_key=BN_bin2bn(dsa2048_priv,sizeof(dsa2048_priv),NULL); return (NULL);
dsa->pub_key=BN_bin2bn(dsa2048_pub,sizeof(dsa2048_pub),NULL); dsa->priv_key = BN_bin2bn(dsa2048_priv, sizeof(dsa2048_priv), NULL);
dsa->p=BN_bin2bn(dsa2048_p,sizeof(dsa2048_p),NULL); dsa->pub_key = BN_bin2bn(dsa2048_pub, sizeof(dsa2048_pub), NULL);
dsa->q=BN_bin2bn(dsa2048_q,sizeof(dsa2048_q),NULL); dsa->p = BN_bin2bn(dsa2048_p, sizeof(dsa2048_p), NULL);
dsa->g=BN_bin2bn(dsa2048_g,sizeof(dsa2048_g),NULL); dsa->q = BN_bin2bn(dsa2048_q, sizeof(dsa2048_q), NULL);
if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) || dsa->g = BN_bin2bn(dsa2048_g, sizeof(dsa2048_g), NULL);
(dsa->q == NULL) || (dsa->g == NULL)) if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL)
return(NULL); || (dsa->q == NULL) || (dsa->g == NULL))
return(dsa); return (NULL);
} return (dsa);
}
static const char rnd_seed[] = "string to make the random number generator think it has entropy"; static const char rnd_seed[] =
"string to make the random number generator think it has entropy";
static int rnd_fake = 0; static int rnd_fake = 0;

3892
apps/testrsa.h
View File

File diff suppressed because it is too large Load Diff

8
apps/timeouts.h
View File

@ -58,10 +58,10 @@
*/ */
#ifndef INCLUDED_TIMEOUTS_H #ifndef INCLUDED_TIMEOUTS_H
#define INCLUDED_TIMEOUTS_H # define INCLUDED_TIMEOUTS_H
/* numbers in us */ /* numbers in us */
#define DGRAM_RCV_TIMEOUT 250000 # define DGRAM_RCV_TIMEOUT 250000
#define DGRAM_SND_TIMEOUT 250000 # define DGRAM_SND_TIMEOUT 250000
#endif /* ! INCLUDED_TIMEOUTS_H */ #endif /* ! INCLUDED_TIMEOUTS_H */

1746
apps/ts.c
View File

File diff suppressed because it is too large Load Diff

540
apps/verify.c
View File

@ -67,330 +67,314 @@
#include <openssl/pem.h> #include <openssl/pem.h>
#undef PROG #undef PROG
#define PROG verify_main #define PROG verify_main
static int cb(int ok, X509_STORE_CTX *ctx); static int cb(int ok, X509_STORE_CTX *ctx);
static int check(X509_STORE *ctx, char *file, static int check(X509_STORE *ctx, char *file,
STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
STACK_OF(X509_CRL) *crls, ENGINE *e, int show_chain); STACK_OF(X509_CRL) *crls, ENGINE *e, int show_chain);
static int v_verbose=0, vflags = 0; static int v_verbose = 0, vflags = 0;
int MAIN(int, char **); int MAIN(int, char **);
int MAIN(int argc, char **argv) int MAIN(int argc, char **argv)
{ {
ENGINE *e = NULL; ENGINE *e = NULL;
int i,ret=1, badarg = 0; int i, ret = 1, badarg = 0;
char *CApath=NULL,*CAfile=NULL; char *CApath = NULL, *CAfile = NULL;
char *untfile = NULL, *trustfile = NULL, *crlfile = NULL; char *untfile = NULL, *trustfile = NULL, *crlfile = NULL;
STACK_OF(X509) *untrusted = NULL, *trusted = NULL; STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
STACK_OF(X509_CRL) *crls = NULL; STACK_OF(X509_CRL) *crls = NULL;
X509_STORE *cert_ctx=NULL; X509_STORE *cert_ctx = NULL;
X509_LOOKUP *lookup=NULL; X509_LOOKUP *lookup = NULL;
X509_VERIFY_PARAM *vpm = NULL; X509_VERIFY_PARAM *vpm = NULL;
int crl_download = 0, show_chain = 0; int crl_download = 0, show_chain = 0;
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
char *engine=NULL; char *engine = NULL;
#endif #endif
cert_ctx=X509_STORE_new(); cert_ctx = X509_STORE_new();
if (cert_ctx == NULL) goto end; if (cert_ctx == NULL)
X509_STORE_set_verify_cb(cert_ctx,cb); goto end;
X509_STORE_set_verify_cb(cert_ctx, cb);
ERR_load_crypto_strings(); ERR_load_crypto_strings();
apps_startup(); apps_startup();
if (bio_err == NULL) if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL)) if (!load_config(bio_err, NULL))
goto end; goto end;
argc--; argc--;
argv++; argv++;
for (;;) for (;;) {
{ if (argc >= 1) {
if (argc >= 1) if (strcmp(*argv, "-CApath") == 0) {
{ if (argc-- < 1)
if (strcmp(*argv,"-CApath") == 0) goto end;
{ CApath = *(++argv);
if (argc-- < 1) goto end; } else if (strcmp(*argv, "-CAfile") == 0) {
CApath= *(++argv); if (argc-- < 1)
} goto end;
else if (strcmp(*argv,"-CAfile") == 0) CAfile = *(++argv);
{ } else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) {
if (argc-- < 1) goto end; if (badarg)
CAfile= *(++argv); goto end;
} continue;
else if (args_verify(&argv, &argc, &badarg, bio_err, } else if (strcmp(*argv, "-untrusted") == 0) {
&vpm)) if (argc-- < 1)
{ goto end;
if (badarg) untfile = *(++argv);
goto end; } else if (strcmp(*argv, "-trusted") == 0) {
continue; if (argc-- < 1)
} goto end;
else if (strcmp(*argv,"-untrusted") == 0) trustfile = *(++argv);
{ } else if (strcmp(*argv, "-CRLfile") == 0) {
if (argc-- < 1) goto end; if (argc-- < 1)
untfile= *(++argv); goto end;
} crlfile = *(++argv);
else if (strcmp(*argv,"-trusted") == 0) } else if (strcmp(*argv, "-crl_download") == 0)
{ crl_download = 1;
if (argc-- < 1) goto end; else if (strcmp(*argv, "-show_chain") == 0)
trustfile= *(++argv); show_chain = 1;
}
else if (strcmp(*argv,"-CRLfile") == 0)
{
if (argc-- < 1) goto end;
crlfile= *(++argv);
}
else if (strcmp(*argv,"-crl_download") == 0)
crl_download = 1;
else if (strcmp(*argv,"-show_chain") == 0)
show_chain = 1;
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0) else if (strcmp(*argv, "-engine") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto end; goto end;
engine= *(++argv); engine = *(++argv);
} }
#endif #endif
else if (strcmp(*argv,"-help") == 0) else if (strcmp(*argv, "-help") == 0)
goto end; goto end;
else if (strcmp(*argv,"-verbose") == 0) else if (strcmp(*argv, "-verbose") == 0)
v_verbose=1; v_verbose = 1;
else if (argv[0][0] == '-') else if (argv[0][0] == '-')
goto end; goto end;
else else
break; break;
argc--; argc--;
argv++; argv++;
} } else
else break;
break; }
}
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0); e = setup_engine(bio_err, engine, 0);
#endif #endif
if (vpm) if (vpm)
X509_STORE_set1_param(cert_ctx, vpm); X509_STORE_set1_param(cert_ctx, vpm);
lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file()); lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
if (lookup == NULL) abort(); if (lookup == NULL)
if (CAfile) { abort();
i=X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM); if (CAfile) {
if(!i) { i = X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM);
BIO_printf(bio_err, "Error loading file %s\n", CAfile); if (!i) {
ERR_print_errors(bio_err); BIO_printf(bio_err, "Error loading file %s\n", CAfile);
goto end; ERR_print_errors(bio_err);
} goto end;
} else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT); }
} else
X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_hash_dir()); lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir());
if (lookup == NULL) abort(); if (lookup == NULL)
if (CApath) { abort();
i=X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM); if (CApath) {
if(!i) { i = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM);
BIO_printf(bio_err, "Error loading directory %s\n", CApath); if (!i) {
ERR_print_errors(bio_err); BIO_printf(bio_err, "Error loading directory %s\n", CApath);
goto end; ERR_print_errors(bio_err);
} goto end;
} else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT); }
} else
X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
ERR_clear_error(); ERR_clear_error();
if(untfile) if (untfile) {
{ untrusted = load_certs(bio_err, untfile, FORMAT_PEM,
untrusted = load_certs(bio_err, untfile, FORMAT_PEM, NULL, e, "untrusted certificates");
NULL, e, "untrusted certificates"); if (!untrusted)
if(!untrusted) goto end;
goto end; }
}
if(trustfile) if (trustfile) {
{ trusted = load_certs(bio_err, trustfile, FORMAT_PEM,
trusted = load_certs(bio_err, trustfile, FORMAT_PEM, NULL, e, "trusted certificates");
NULL, e, "trusted certificates"); if (!trusted)
if(!trusted) goto end;
goto end; }
}
if(crlfile) if (crlfile) {
{ crls = load_crls(bio_err, crlfile, FORMAT_PEM, NULL, e, "other CRLs");
crls = load_crls(bio_err, crlfile, FORMAT_PEM, if (!crls)
NULL, e, "other CRLs"); goto end;
if(!crls) }
goto end;
}
if (crl_download) if (crl_download)
store_setup_crl_download(cert_ctx); store_setup_crl_download(cert_ctx);
ret=0; ret = 0;
if (argc < 1) if (argc < 1) {
{ if (1 !=
if (1 != check(cert_ctx, NULL, untrusted, trusted, crls, e, show_chain)) check(cert_ctx, NULL, untrusted, trusted, crls, e, show_chain))
ret=-1; ret = -1;
} } else {
else for (i = 0; i < argc; i++)
{ if (1 !=
for (i=0; i<argc; i++) check(cert_ctx, argv[i], untrusted, trusted, crls, e,
if (1 != check(cert_ctx,argv[i], untrusted, trusted, crls, e, show_chain)) show_chain))
ret=-1; ret = -1;
} }
end: end:
if (ret == 1) { if (ret == 1) {
BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-trusted_first] [-purpose purpose] [-crl_check]"); BIO_printf(bio_err,
"usage: verify [-verbose] [-CApath path] [-CAfile file] [-trusted_first] [-purpose purpose] [-crl_check]");
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," [-engine e]"); BIO_printf(bio_err, " [-engine e]");
#endif #endif
BIO_printf(bio_err," cert1 cert2 ...\n"); BIO_printf(bio_err, " cert1 cert2 ...\n");
BIO_printf(bio_err,"recognized usages:\n"); BIO_printf(bio_err, "recognized usages:\n");
for(i = 0; i < X509_PURPOSE_get_count(); i++) for (i = 0; i < X509_PURPOSE_get_count(); i++) {
{ X509_PURPOSE *ptmp;
X509_PURPOSE *ptmp; ptmp = X509_PURPOSE_get0(i);
ptmp = X509_PURPOSE_get0(i); BIO_printf(bio_err, "\t%-10s\t%s\n",
BIO_printf(bio_err, "\t%-10s\t%s\n", X509_PURPOSE_get0_sname(ptmp),
X509_PURPOSE_get0_sname(ptmp), X509_PURPOSE_get0_name(ptmp));
X509_PURPOSE_get0_name(ptmp)); }
}
BIO_printf(bio_err,"recognized verify names:\n"); BIO_printf(bio_err, "recognized verify names:\n");
for(i = 0; i < X509_VERIFY_PARAM_get_count(); i++) for (i = 0; i < X509_VERIFY_PARAM_get_count(); i++) {
{ const X509_VERIFY_PARAM *vptmp;
const X509_VERIFY_PARAM *vptmp; vptmp = X509_VERIFY_PARAM_get0(i);
vptmp = X509_VERIFY_PARAM_get0(i); BIO_printf(bio_err, "\t%-10s\n",
BIO_printf(bio_err, "\t%-10s\n", X509_VERIFY_PARAM_get0_name(vptmp));
X509_VERIFY_PARAM_get0_name(vptmp)); }
}
} }
if (vpm) X509_VERIFY_PARAM_free(vpm); if (vpm)
if (cert_ctx != NULL) X509_STORE_free(cert_ctx); X509_VERIFY_PARAM_free(vpm);
sk_X509_pop_free(untrusted, X509_free); if (cert_ctx != NULL)
sk_X509_pop_free(trusted, X509_free); X509_STORE_free(cert_ctx);
sk_X509_CRL_pop_free(crls, X509_CRL_free); sk_X509_pop_free(untrusted, X509_free);
apps_shutdown(); sk_X509_pop_free(trusted, X509_free);
OPENSSL_EXIT(ret < 0 ? 2 : ret); sk_X509_CRL_pop_free(crls, X509_CRL_free);
} apps_shutdown();
OPENSSL_EXIT(ret < 0 ? 2 : ret);
}
static int check(X509_STORE *ctx, char *file, static int check(X509_STORE *ctx, char *file,
STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
STACK_OF(X509_CRL) *crls, ENGINE *e, int show_chain) STACK_OF(X509_CRL) *crls, ENGINE *e, int show_chain)
{ {
X509 *x=NULL; X509 *x = NULL;
int i=0,ret=0; int i = 0, ret = 0;
X509_STORE_CTX *csc; X509_STORE_CTX *csc;
STACK_OF(X509) *chain = NULL; STACK_OF(X509) *chain = NULL;
x = load_cert(bio_err, file, FORMAT_PEM, NULL, e, "certificate file"); x = load_cert(bio_err, file, FORMAT_PEM, NULL, e, "certificate file");
if (x == NULL) if (x == NULL)
goto end; goto end;
fprintf(stdout,"%s: ",(file == NULL)?"stdin":file); fprintf(stdout, "%s: ", (file == NULL) ? "stdin" : file);
csc = X509_STORE_CTX_new(); csc = X509_STORE_CTX_new();
if (csc == NULL) if (csc == NULL) {
{ ERR_print_errors(bio_err);
ERR_print_errors(bio_err); goto end;
goto end; }
} X509_STORE_set_flags(ctx, vflags);
X509_STORE_set_flags(ctx, vflags); if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) {
if(!X509_STORE_CTX_init(csc,ctx,x,uchain)) ERR_print_errors(bio_err);
{ goto end;
ERR_print_errors(bio_err); }
goto end; if (tchain)
} X509_STORE_CTX_trusted_stack(csc, tchain);
if(tchain) X509_STORE_CTX_trusted_stack(csc, tchain); if (crls)
if (crls) X509_STORE_CTX_set0_crls(csc, crls);
X509_STORE_CTX_set0_crls(csc, crls); i = X509_verify_cert(csc);
i=X509_verify_cert(csc); if (i > 0 && show_chain)
if (i > 0 && show_chain) chain = X509_STORE_CTX_get1_chain(csc);
chain = X509_STORE_CTX_get1_chain(csc); X509_STORE_CTX_free(csc);
X509_STORE_CTX_free(csc);
ret=0; ret = 0;
end: end:
if (i > 0) if (i > 0) {
{ fprintf(stdout, "OK\n");
fprintf(stdout,"OK\n"); ret = 1;
ret=1; } else
} ERR_print_errors(bio_err);
else if (chain) {
ERR_print_errors(bio_err); printf("Chain:\n");
if (chain) for (i = 0; i < sk_X509_num(chain); i++) {
{ X509 *cert = sk_X509_value(chain, i);
printf("Chain:\n"); printf("depth=%d: ", i);
for (i = 0; i < sk_X509_num(chain); i++) X509_NAME_print_ex_fp(stdout,
{ X509_get_subject_name(cert),
X509 *cert = sk_X509_value(chain, i); 0, XN_FLAG_ONELINE);
printf("depth=%d: ", i); printf("\n");
X509_NAME_print_ex_fp(stdout, }
X509_get_subject_name(cert), sk_X509_pop_free(chain, X509_free);
0, XN_FLAG_ONELINE); }
printf("\n"); if (x != NULL)
} X509_free(x);
sk_X509_pop_free(chain, X509_free);
}
if (x != NULL) X509_free(x);
return(ret); return (ret);
} }
static int cb(int ok, X509_STORE_CTX *ctx) static int cb(int ok, X509_STORE_CTX *ctx)
{ {
int cert_error = X509_STORE_CTX_get_error(ctx); int cert_error = X509_STORE_CTX_get_error(ctx);
X509 *current_cert = X509_STORE_CTX_get_current_cert(ctx); X509 *current_cert = X509_STORE_CTX_get_current_cert(ctx);
if (!ok) if (!ok) {
{ if (current_cert) {
if (current_cert) X509_NAME_print_ex_fp(stdout,
{ X509_get_subject_name(current_cert),
X509_NAME_print_ex_fp(stdout, 0, XN_FLAG_ONELINE);
X509_get_subject_name(current_cert), printf("\n");
0, XN_FLAG_ONELINE); }
printf("\n"); printf("%serror %d at %d depth lookup:%s\n",
} X509_STORE_CTX_get0_parent_ctx(ctx) ? "[CRL path]" : "",
printf("%serror %d at %d depth lookup:%s\n", cert_error,
X509_STORE_CTX_get0_parent_ctx(ctx) ? "[CRL path]" : "", X509_STORE_CTX_get_error_depth(ctx),
cert_error, X509_verify_cert_error_string(cert_error));
X509_STORE_CTX_get_error_depth(ctx), switch (cert_error) {
X509_verify_cert_error_string(cert_error)); case X509_V_ERR_NO_EXPLICIT_POLICY:
switch(cert_error) policies_print(NULL, ctx);
{ case X509_V_ERR_CERT_HAS_EXPIRED:
case X509_V_ERR_NO_EXPLICIT_POLICY:
policies_print(NULL, ctx);
case X509_V_ERR_CERT_HAS_EXPIRED:
/* since we are just checking the certificates, it is /*
* ok if they are self signed. But we should still warn * since we are just checking the certificates, it is ok if they
* the user. * are self signed. But we should still warn the user.
*/ */
case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
/* Continue after extension errors too */ /* Continue after extension errors too */
case X509_V_ERR_INVALID_CA: case X509_V_ERR_INVALID_CA:
case X509_V_ERR_INVALID_NON_CA: case X509_V_ERR_INVALID_NON_CA:
case X509_V_ERR_PATH_LENGTH_EXCEEDED: case X509_V_ERR_PATH_LENGTH_EXCEEDED:
case X509_V_ERR_INVALID_PURPOSE: case X509_V_ERR_INVALID_PURPOSE:
case X509_V_ERR_CRL_HAS_EXPIRED: case X509_V_ERR_CRL_HAS_EXPIRED:
case X509_V_ERR_CRL_NOT_YET_VALID: case X509_V_ERR_CRL_NOT_YET_VALID:
case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
ok = 1; ok = 1;
} }
return ok; return ok;
} }
if (cert_error == X509_V_OK && ok == 2) if (cert_error == X509_V_OK && ok == 2)
policies_print(NULL, ctx); policies_print(NULL, ctx);
if (!v_verbose) if (!v_verbose)
ERR_clear_error(); ERR_clear_error();
return(ok); return (ok);
} }

125
apps/version.c
View File

@ -133,85 +133,82 @@
#endif #endif
#undef PROG #undef PROG
#define PROG version_main #define PROG version_main
int MAIN(int, char **); int MAIN(int, char **);
int MAIN(int argc, char **argv) int MAIN(int argc, char **argv)
{ {
int i,ret=0; int i, ret = 0;
int cflags=0,version=0,date=0,options=0,platform=0,dir=0; int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0;
apps_startup(); apps_startup();
if (bio_err == NULL) if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (argc == 1) version=1; if (argc == 1)
for (i=1; i<argc; i++) version = 1;
{ for (i = 1; i < argc; i++) {
if (strcmp(argv[i],"-v") == 0) if (strcmp(argv[i], "-v") == 0)
version=1; version = 1;
else if (strcmp(argv[i],"-b") == 0) else if (strcmp(argv[i], "-b") == 0)
date=1; date = 1;
else if (strcmp(argv[i],"-f") == 0) else if (strcmp(argv[i], "-f") == 0)
cflags=1; cflags = 1;
else if (strcmp(argv[i],"-o") == 0) else if (strcmp(argv[i], "-o") == 0)
options=1; options = 1;
else if (strcmp(argv[i],"-p") == 0) else if (strcmp(argv[i], "-p") == 0)
platform=1; platform = 1;
else if (strcmp(argv[i],"-d") == 0) else if (strcmp(argv[i], "-d") == 0)
dir=1; dir = 1;
else if (strcmp(argv[i],"-a") == 0) else if (strcmp(argv[i], "-a") == 0)
date=version=cflags=options=platform=dir=1; date = version = cflags = options = platform = dir = 1;
else else {
{ BIO_printf(bio_err, "usage:version -[avbofpd]\n");
BIO_printf(bio_err,"usage:version -[avbofpd]\n"); ret = 1;
ret=1; goto end;
goto end; }
} }
}
if (version) if (version) {
{ if (SSLeay() == SSLEAY_VERSION_NUMBER) {
if (SSLeay() == SSLEAY_VERSION_NUMBER) printf("%s\n", SSLeay_version(SSLEAY_VERSION));
{ } else {
printf("%s\n",SSLeay_version(SSLEAY_VERSION)); printf("%s (Library: %s)\n",
} OPENSSL_VERSION_TEXT, SSLeay_version(SSLEAY_VERSION));
else }
{ }
printf("%s (Library: %s)\n", if (date)
OPENSSL_VERSION_TEXT, printf("%s\n", SSLeay_version(SSLEAY_BUILT_ON));
SSLeay_version(SSLEAY_VERSION)); if (platform)
} printf("%s\n", SSLeay_version(SSLEAY_PLATFORM));
} if (options) {
if (date) printf("%s\n",SSLeay_version(SSLEAY_BUILT_ON)); printf("options: ");
if (platform) printf("%s\n",SSLeay_version(SSLEAY_PLATFORM)); printf("%s ", BN_options());
if (options)
{
printf("options: ");
printf("%s ",BN_options());
#ifndef OPENSSL_NO_MD2 #ifndef OPENSSL_NO_MD2
printf("%s ",MD2_options()); printf("%s ", MD2_options());
#endif #endif
#ifndef OPENSSL_NO_RC4 #ifndef OPENSSL_NO_RC4
printf("%s ",RC4_options()); printf("%s ", RC4_options());
#endif #endif
#ifndef OPENSSL_NO_DES #ifndef OPENSSL_NO_DES
printf("%s ",DES_options()); printf("%s ", DES_options());
#endif #endif
#ifndef OPENSSL_NO_IDEA #ifndef OPENSSL_NO_IDEA
printf("%s ",idea_options()); printf("%s ", idea_options());
#endif #endif
#ifndef OPENSSL_NO_BF #ifndef OPENSSL_NO_BF
printf("%s ",BF_options()); printf("%s ", BF_options());
#endif #endif
printf("\n"); printf("\n");
} }
if (cflags) printf("%s\n",SSLeay_version(SSLEAY_CFLAGS)); if (cflags)
if (dir) printf("%s\n",SSLeay_version(SSLEAY_DIR)); printf("%s\n", SSLeay_version(SSLEAY_CFLAGS));
end: if (dir)
apps_shutdown(); printf("%s\n", SSLeay_version(SSLEAY_DIR));
OPENSSL_EXIT(ret); end:
} apps_shutdown();
OPENSSL_EXIT(ret);
}

166
apps/vms_decc_init.c Executable file → Normal file
View File

@ -18,10 +18,9 @@
*---------------------------------------------------------------------- *----------------------------------------------------------------------
*/ */
#include <stdio.h> # include <stdio.h>
#include <stdlib.h> # include <stdlib.h>
#include <unixlib.h> # include <unixlib.h>
/* Global storage. */ /* Global storage. */
@ -29,41 +28,38 @@
int decc_init_done = -1; int decc_init_done = -1;
/* Structure to hold a DECC$* feature name and its desired value. */ /* Structure to hold a DECC$* feature name and its desired value. */
typedef struct typedef struct {
{
char *name; char *name;
int value; int value;
} decc_feat_t; } decc_feat_t;
/*
/* Array of DECC$* feature names and their desired values. * Array of DECC$* feature names and their desired values. Note:
* Note: DECC$ARGV_PARSE_STYLE is the urgent one. * DECC$ARGV_PARSE_STYLE is the urgent one.
*/ */
decc_feat_t decc_feat_array[] = decc_feat_t decc_feat_array[] = {
{ /* Preserve command-line case with SET PROCESS/PARSE_STYLE=EXTENDED */
/* Preserve command-line case with SET PROCESS/PARSE_STYLE=EXTENDED */ {"DECC$ARGV_PARSE_STYLE", 1},
{ "DECC$ARGV_PARSE_STYLE", 1 },
/* Preserve case for file names on ODS5 disks. */ /* Preserve case for file names on ODS5 disks. */
{ "DECC$EFS_CASE_PRESERVE", 1 }, {"DECC$EFS_CASE_PRESERVE", 1},
/* Enable multiple dots (and most characters) in ODS5 file names, /*
* while preserving VMS-ness of ";version". * Enable multiple dots (and most characters) in ODS5 file names, while
*/ * preserving VMS-ness of ";version".
{ "DECC$EFS_CHARSET", 1 }, */
{"DECC$EFS_CHARSET", 1},
/* List terminator. */ /* List terminator. */
{ (char *)NULL, 0 } {(char *)NULL, 0}
}; };
/* LIB$INITIALIZE initialization function. */ /* LIB$INITIALIZE initialization function. */
static void decc_init( void) static void decc_init(void)
{ {
char *openssl_debug_decc_init; char *openssl_debug_decc_init;
int verbose = 0; int verbose = 0;
@ -75,12 +71,10 @@ static void decc_init( void)
int sts; int sts;
/* Get debug option. */ /* Get debug option. */
openssl_debug_decc_init = getenv( "OPENSSL_DEBUG_DECC_INIT"); openssl_debug_decc_init = getenv("OPENSSL_DEBUG_DECC_INIT");
if (openssl_debug_decc_init != NULL) if (openssl_debug_decc_init != NULL) {
{ verbose = strtol(openssl_debug_decc_init, NULL, 10);
verbose = strtol( openssl_debug_decc_init, NULL, 10); if (verbose <= 0) {
if (verbose <= 0)
{
verbose = 1; verbose = 1;
} }
} }
@ -90,99 +84,89 @@ static void decc_init( void)
/* Loop through all items in the decc_feat_array[]. */ /* Loop through all items in the decc_feat_array[]. */
for (i = 0; decc_feat_array[ i].name != NULL; i++) for (i = 0; decc_feat_array[i].name != NULL; i++) {
{
/* Get the feature index. */ /* Get the feature index. */
feat_index = decc$feature_get_index( decc_feat_array[ i].name); feat_index = decc$feature_get_index(decc_feat_array[i].name);
if (feat_index >= 0) if (feat_index >= 0) {
{
/* Valid item. Collect its properties. */ /* Valid item. Collect its properties. */
feat_value = decc$feature_get_value( feat_index, 1); feat_value = decc$feature_get_value(feat_index, 1);
feat_value_min = decc$feature_get_value( feat_index, 2); feat_value_min = decc$feature_get_value(feat_index, 2);
feat_value_max = decc$feature_get_value( feat_index, 3); feat_value_max = decc$feature_get_value(feat_index, 3);
/* Check the validity of our desired value. */ /* Check the validity of our desired value. */
if ((decc_feat_array[ i].value >= feat_value_min) && if ((decc_feat_array[i].value >= feat_value_min) &&
(decc_feat_array[ i].value <= feat_value_max)) (decc_feat_array[i].value <= feat_value_max)) {
{
/* Valid value. Set it if necessary. */ /* Valid value. Set it if necessary. */
if (feat_value != decc_feat_array[ i].value) if (feat_value != decc_feat_array[i].value) {
{ sts = decc$feature_set_value(feat_index,
sts = decc$feature_set_value( feat_index, 1, decc_feat_array[i].value);
1,
decc_feat_array[ i].value);
if (verbose > 1) if (verbose > 1) {
{ fprintf(stderr, " %s = %d, sts = %d.\n",
fprintf( stderr, " %s = %d, sts = %d.\n", decc_feat_array[i].name,
decc_feat_array[ i].name, decc_feat_array[i].value, sts);
decc_feat_array[ i].value, }
sts);
}
} }
} } else {
else
{
/* Invalid DECC feature value. */ /* Invalid DECC feature value. */
fprintf( stderr, fprintf(stderr,
" INVALID DECC$FEATURE VALUE, %d: %d <= %s <= %d.\n", " INVALID DECC$FEATURE VALUE, %d: %d <= %s <= %d.\n",
feat_value, feat_value,
feat_value_min, decc_feat_array[ i].name, feat_value_max); feat_value_min, decc_feat_array[i].name,
feat_value_max);
} }
} } else {
else
{
/* Invalid DECC feature name. */ /* Invalid DECC feature name. */
fprintf( stderr, fprintf(stderr,
" UNKNOWN DECC$FEATURE: %s.\n", decc_feat_array[ i].name); " UNKNOWN DECC$FEATURE: %s.\n", decc_feat_array[i].name);
} }
} }
if (verbose > 0) if (verbose > 0) {
{ fprintf(stderr, " DECC_INIT complete.\n");
fprintf( stderr, " DECC_INIT complete.\n");
} }
} }
/* Get "decc_init()" into a valid, loaded LIB$INITIALIZE PSECT. */ /* Get "decc_init()" into a valid, loaded LIB$INITIALIZE PSECT. */
#pragma nostandard # pragma nostandard
/* Establish the LIB$INITIALIZE PSECTs, with proper alignment and /*
* other attributes. Note that "nopic" is significant only on VAX. * Establish the LIB$INITIALIZE PSECTs, with proper alignment and other
* attributes. Note that "nopic" is significant only on VAX.
*/ */
#pragma extern_model save # pragma extern_model save
#if __INITIAL_POINTER_SIZE == 64 # if __INITIAL_POINTER_SIZE == 64
# define PSECT_ALIGN 3 # define PSECT_ALIGN 3
#else # else
# define PSECT_ALIGN 2 # define PSECT_ALIGN 2
#endif # endif
#pragma extern_model strict_refdef "LIB$INITIALIZ" PSECT_ALIGN, nopic, nowrt # pragma extern_model strict_refdef "LIB$INITIALIZ" PSECT_ALIGN, nopic, nowrt
const int spare[ 8] = { 0 }; const int spare[8] = { 0 };
#pragma extern_model strict_refdef "LIB$INITIALIZE" PSECT_ALIGN, nopic, nowrt # pragma extern_model strict_refdef "LIB$INITIALIZE" PSECT_ALIGN, nopic, nowrt
void (*const x_decc_init)() = decc_init; void (*const x_decc_init) () = decc_init;
#pragma extern_model restore # pragma extern_model restore
/* Fake reference to ensure loading the LIB$INITIALIZE PSECT. */ /* Fake reference to ensure loading the LIB$INITIALIZE PSECT. */
#pragma extern_model save # pragma extern_model save
int LIB$INITIALIZE( void); int LIB$INITIALIZE(void);
#pragma extern_model strict_refdef # pragma extern_model strict_refdef
int dmy_lib$initialize = (int) LIB$INITIALIZE; int dmy_lib$initialize = (int)LIB$INITIALIZE;
#pragma extern_model restore # pragma extern_model restore
#pragma standard # pragma standard
#else /* def USE_DECC_INIT */ #else /* def USE_DECC_INIT */
/* Dummy code to avoid a %CC-W-EMPTYFILE complaint. */ /* Dummy code to avoid a %CC-W-EMPTYFILE complaint. */
int decc_init_dummy( void); int decc_init_dummy(void);
#endif /* def USE_DECC_INIT */ #endif /* def USE_DECC_INIT */

129
apps/winrand.c
View File

@ -68,82 +68,79 @@ LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);
const char *filename; const char *filename;
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
PSTR cmdline, int iCmdShow) PSTR cmdline, int iCmdShow)
{ {
static char appname[] = "OpenSSL"; static char appname[] = "OpenSSL";
HWND hwnd; HWND hwnd;
MSG msg; MSG msg;
WNDCLASSEX wndclass; WNDCLASSEX wndclass;
char buffer[200]; char buffer[200];
if (cmdline[0] == '\0') if (cmdline[0] == '\0')
filename = RAND_file_name(buffer, sizeof buffer); filename = RAND_file_name(buffer, sizeof buffer);
else else
filename = cmdline; filename = cmdline;
RAND_load_file(filename, -1); RAND_load_file(filename, -1);
wndclass.cbSize = sizeof(wndclass); wndclass.cbSize = sizeof(wndclass);
wndclass.style = CS_HREDRAW | CS_VREDRAW; wndclass.style = CS_HREDRAW | CS_VREDRAW;
wndclass.lpfnWndProc = WndProc; wndclass.lpfnWndProc = WndProc;
wndclass.cbClsExtra = 0; wndclass.cbClsExtra = 0;
wndclass.cbWndExtra = 0; wndclass.cbWndExtra = 0;
wndclass.hInstance = hInstance; wndclass.hInstance = hInstance;
wndclass.hIcon = LoadIcon(NULL, IDI_APPLICATION); wndclass.hIcon = LoadIcon(NULL, IDI_APPLICATION);
wndclass.hCursor = LoadCursor(NULL, IDC_ARROW); wndclass.hCursor = LoadCursor(NULL, IDC_ARROW);
wndclass.hbrBackground = (HBRUSH) GetStockObject(WHITE_BRUSH); wndclass.hbrBackground = (HBRUSH) GetStockObject(WHITE_BRUSH);
wndclass.lpszMenuName = NULL; wndclass.lpszMenuName = NULL;
wndclass.lpszClassName = appname; wndclass.lpszClassName = appname;
wndclass.hIconSm = LoadIcon(NULL, IDI_APPLICATION); wndclass.hIconSm = LoadIcon(NULL, IDI_APPLICATION);
RegisterClassEx(&wndclass); RegisterClassEx(&wndclass);
hwnd = CreateWindow(appname, OPENSSL_VERSION_TEXT, hwnd = CreateWindow(appname, OPENSSL_VERSION_TEXT,
WS_OVERLAPPEDWINDOW, CW_USEDEFAULT, CW_USEDEFAULT, WS_OVERLAPPEDWINDOW, CW_USEDEFAULT, CW_USEDEFAULT,
CW_USEDEFAULT, CW_USEDEFAULT, NULL, NULL, hInstance, NULL); CW_USEDEFAULT, CW_USEDEFAULT, NULL, NULL, hInstance,
NULL);
ShowWindow(hwnd, iCmdShow); ShowWindow(hwnd, iCmdShow);
UpdateWindow(hwnd); UpdateWindow(hwnd);
while (GetMessage(&msg, NULL, 0, 0)) {
TranslateMessage(&msg);
DispatchMessage(&msg);
}
while (GetMessage(&msg, NULL, 0, 0)) return msg.wParam;
{ }
TranslateMessage(&msg);
DispatchMessage(&msg);
}
return msg.wParam;
}
LRESULT CALLBACK WndProc(HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam) LRESULT CALLBACK WndProc(HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam)
{ {
HDC hdc; HDC hdc;
PAINTSTRUCT ps; PAINTSTRUCT ps;
RECT rect; RECT rect;
static int seeded = 0; static int seeded = 0;
switch (iMsg) switch (iMsg) {
{ case WM_PAINT:
case WM_PAINT: hdc = BeginPaint(hwnd, &ps);
hdc = BeginPaint(hwnd, &ps); GetClientRect(hwnd, &rect);
GetClientRect(hwnd, &rect); DrawText(hdc, "Seeding the PRNG. Please move the mouse!", -1,
DrawText(hdc, "Seeding the PRNG. Please move the mouse!", -1, &rect, DT_SINGLELINE | DT_CENTER | DT_VCENTER);
&rect, DT_SINGLELINE | DT_CENTER | DT_VCENTER); EndPaint(hwnd, &ps);
EndPaint(hwnd, &ps); return 0;
return 0;
case WM_DESTROY: case WM_DESTROY:
PostQuitMessage(0); PostQuitMessage(0);
return 0; return 0;
} }
if (RAND_event(iMsg, wParam, lParam) == 1 && seeded == 0) if (RAND_event(iMsg, wParam, lParam) == 1 && seeded == 0) {
{ seeded = 1;
seeded = 1; if (RAND_write_file(filename) <= 0)
if (RAND_write_file(filename) <= 0) MessageBox(hwnd, "Couldn't write random file!",
MessageBox(hwnd, "Couldn't write random file!", "OpenSSL", MB_OK | MB_ICONERROR);
"OpenSSL", MB_OK | MB_ICONERROR); PostQuitMessage(0);
PostQuitMessage(0); }
}
return DefWindowProc(hwnd, iMsg, wParam, lParam); return DefWindowProc(hwnd, iMsg, wParam, lParam);
} }

2195
apps/x509.c
View File

File diff suppressed because it is too large Load Diff

34
bugs/alpha.c
View File

@ -56,9 +56,10 @@
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
/* while not exactly a bug (ASN1 C leaves this undefined) it is /*
* something to watch out for. This was fine on linux/NT/Solaris but not * while not exactly a bug (ASN1 C leaves this undefined) it is something to
* Alpha */ * watch out for. This was fine on linux/NT/Solaris but not Alpha
*/
/*- /*-
* it is basically an example of * it is basically an example of
@ -70,23 +71,22 @@
#define TYPE unsigned int #define TYPE unsigned int
void func(a,b) void func(a, b)
TYPE *a; TYPE *a;
TYPE b; TYPE b;
{ {
printf("%ld -1 == %ld\n",a[0],b); printf("%ld -1 == %ld\n", a[0], b);
} }
main() main()
{ {
TYPE data[5]={1L,2L,3L,4L,5L}; TYPE data[5] = { 1L, 2L, 3L, 4L, 5L };
TYPE *p; TYPE *p;
int i; int i;
p=data; p = data;
for (i=0; i<4; i++) for (i = 0; i < 4; i++) {
{ func(p, *(p++));
func(p,*(p++)); }
} }
}

72
bugs/sgiccbug.c
View File

@ -4,11 +4,11 @@
#include <stdio.h> #include <stdio.h>
/* This compiler bug it present on IRIX 5.3, 5.1 and 4.0.5 (these are /*
* the only versions of IRIX I have access to. * This compiler bug it present on IRIX 5.3, 5.1 and 4.0.5 (these are the
* defining FIXBUG removes the bug. * only versions of IRIX I have access to. defining FIXBUG removes the bug.
* (bug is still present in IRIX 6.3 according to * (bug is still present in IRIX 6.3 according to Gage
* Gage <agage@forgetmenot.Mines.EDU> * <agage@forgetmenot.Mines.EDU>
*/ */
/*- /*-
@ -18,41 +18,43 @@
* cc -O sgiccbug.c; ./a.out * cc -O sgiccbug.c; ./a.out
*/ */
static unsigned long a[4]={0x01234567,0x89ABCDEF,0xFEDCBA98,0x76543210}; static unsigned long a[4] =
static unsigned long b[4]={0x89ABCDEF,0xFEDCBA98,0x76543210,0x01234567}; { 0x01234567, 0x89ABCDEF, 0xFEDCBA98, 0x76543210 };
static unsigned long c[4]={0x77777778,0x8ACF1357,0x88888888,0x7530ECA9}; static unsigned long b[4] =
{ 0x89ABCDEF, 0xFEDCBA98, 0x76543210, 0x01234567 };
static unsigned long c[4] =
{ 0x77777778, 0x8ACF1357, 0x88888888, 0x7530ECA9 };
main() main()
{ {
unsigned long r[4]; unsigned long r[4];
sub(r,a,b); sub(r, a, b);
fprintf(stderr,"input a= %08X %08X %08X %08X\n",a[3],a[2],a[1],a[0]); fprintf(stderr, "input a= %08X %08X %08X %08X\n", a[3], a[2], a[1], a[0]);
fprintf(stderr,"input b= %08X %08X %08X %08X\n",b[3],b[2],b[1],b[0]); fprintf(stderr, "input b= %08X %08X %08X %08X\n", b[3], b[2], b[1], b[0]);
fprintf(stderr,"output = %08X %08X %08X %08X\n",r[3],r[2],r[1],r[0]); fprintf(stderr, "output = %08X %08X %08X %08X\n", r[3], r[2], r[1], r[0]);
fprintf(stderr,"correct= %08X %08X %08X %08X\n",c[3],c[2],c[1],c[0]); fprintf(stderr, "correct= %08X %08X %08X %08X\n", c[3], c[2], c[1], c[0]);
} }
int sub(r,a,b) int sub(r, a, b)
unsigned long *r,*a,*b; unsigned long *r, *a, *b;
{ {
register unsigned long t1,t2,*ap,*bp,*rp; register unsigned long t1, t2, *ap, *bp, *rp;
int i,carry; int i, carry;
#ifdef FIXBUG #ifdef FIXBUG
unsigned long dummy; unsigned long dummy;
#endif #endif
ap=a; ap = a;
bp=b; bp = b;
rp=r; rp = r;
carry=0; carry = 0;
for (i=0; i<4; i++) for (i = 0; i < 4; i++) {
{ t1 = *(ap++);
t1= *(ap++); t2 = *(bp++);
t2= *(bp++); t1 = (t1 - t2);
t1=(t1-t2);
#ifdef FIXBUG #ifdef FIXBUG
dummy=t1; dummy = t1;
#endif #endif
*(rp++)=t1&0xffffffff; *(rp++) = t1 & 0xffffffff;
} }
} }

107
bugs/stream.c
View File

@ -59,73 +59,74 @@
#include <stdio.h> #include <stdio.h>
#include <openssl/rc4.h> #include <openssl/rc4.h>
#ifdef OPENSSL_NO_DES #ifdef OPENSSL_NO_DES
#include <des.h> # include <des.h>
#else #else
#include <openssl/des.h> # include <openssl/des.h>
#endif #endif
/* show how stream ciphers are not very good. The mac has no affect /*
* on RC4 while it does for cfb DES * show how stream ciphers are not very good. The mac has no affect on RC4
* while it does for cfb DES
*/ */
main() main()
{ {
fprintf(stderr,"rc4\n"); fprintf(stderr, "rc4\n");
rc4(); rc4();
fprintf(stderr,"cfb des\n"); fprintf(stderr, "cfb des\n");
des(); des();
} }
int des() int des()
{ {
des_key_schedule ks; des_key_schedule ks;
des_cblock iv,key; des_cblock iv, key;
int num; int num;
static char *keystr="01234567"; static char *keystr = "01234567";
static char *in1="0123456789ABCEDFdata 12345"; static char *in1 = "0123456789ABCEDFdata 12345";
static char *in2="9876543210abcdefdata 12345"; static char *in2 = "9876543210abcdefdata 12345";
unsigned char out[100]; unsigned char out[100];
int i; int i;
des_set_key((des_cblock *)keystr,ks); des_set_key((des_cblock *)keystr, ks);
num=0; num = 0;
memset(iv,0,8); memset(iv, 0, 8);
des_cfb64_encrypt(in1,out,26,ks,(des_cblock *)iv,&num,1); des_cfb64_encrypt(in1, out, 26, ks, (des_cblock *)iv, &num, 1);
for (i=0; i<26; i++) for (i = 0; i < 26; i++)
fprintf(stderr,"%02X ",out[i]); fprintf(stderr, "%02X ", out[i]);
fprintf(stderr,"\n"); fprintf(stderr, "\n");
num=0; num = 0;
memset(iv,0,8); memset(iv, 0, 8);
des_cfb64_encrypt(in2,out,26,ks,(des_cblock *)iv,&num,1); des_cfb64_encrypt(in2, out, 26, ks, (des_cblock *)iv, &num, 1);
for (i=0; i<26; i++) for (i = 0; i < 26; i++)
fprintf(stderr,"%02X ",out[i]); fprintf(stderr, "%02X ", out[i]);
fprintf(stderr,"\n"); fprintf(stderr, "\n");
} }
int rc4() int rc4()
{ {
static char *keystr="0123456789abcdef"; static char *keystr = "0123456789abcdef";
RC4_KEY key; RC4_KEY key;
unsigned char in[100],out[100]; unsigned char in[100], out[100];
int i; int i;
RC4_set_key(&key,16,keystr); RC4_set_key(&key, 16, keystr);
in[0]='\0'; in[0] = '\0';
strcpy(in,"0123456789ABCEDFdata 12345"); strcpy(in, "0123456789ABCEDFdata 12345");
RC4(key,26,in,out); RC4(key, 26, in, out);
for (i=0; i<26; i++) for (i = 0; i < 26; i++)
fprintf(stderr,"%02X ",out[i]); fprintf(stderr, "%02X ", out[i]);
fprintf(stderr,"\n"); fprintf(stderr, "\n");
RC4_set_key(&key,16,keystr); RC4_set_key(&key, 16, keystr);
in[0]='\0'; in[0] = '\0';
strcpy(in,"9876543210abcdefdata 12345"); strcpy(in, "9876543210abcdefdata 12345");
RC4(key,26,in,out); RC4(key, 26, in, out);
for (i=0; i<26; i++) for (i = 0; i < 26; i++)
fprintf(stderr,"%02X ",out[i]); fprintf(stderr, "%02X ", out[i]);
fprintf(stderr,"\n"); fprintf(stderr, "\n");
} }

50
bugs/ultrixcc.c
View File

@ -13,34 +13,32 @@
*/ */
main() main()
{ {
f(5); f(5);
f(0); f(0);
} }
int f(a) int f(a)
int a; int a;
{ {
switch(a&7) switch (a & 7) {
{ case 7:
case 7: printf("7\n");
printf("7\n"); case 6:
case 6: printf("6\n");
printf("6\n"); case 5:
case 5: printf("5\n");
printf("5\n"); case 4:
case 4: printf("4\n");
printf("4\n"); case 3:
case 3: printf("3\n");
printf("3\n"); case 2:
case 2: printf("2\n");
printf("2\n"); case 1:
case 1: printf("1\n");
printf("1\n");
#ifdef FIX_BUG #ifdef FIX_BUG
case 0: case 0:
; ;
#endif #endif
} }
} }

27
crypto/LPdir_nyi.c
View File

@ -1,4 +1,6 @@
/* $LP: LPlib/source/LPdir_win.c,v 1.1 2004/06/14 10:07:56 _cvs_levitte Exp $ */ /*
* $LP: LPlib/source/LPdir_win.c,v 1.1 2004/06/14 10:07:56 _cvs_levitte Exp $
*/
/* /*
* Copyright (c) 2004, Richard Levitte <richard@levitte.org> * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
* All rights reserved. * All rights reserved.
@ -26,17 +28,20 @@
*/ */
#ifndef LPDIR_H #ifndef LPDIR_H
#include "LPdir.h" # include "LPdir.h"
#endif #endif
struct LP_dir_context_st { void *dummy; }; struct LP_dir_context_st {
void *dummy;
};
const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
{ {
errno = EINVAL; errno = EINVAL;
return 0; return 0;
} }
int LP_find_file_end(LP_DIR_CTX **ctx) int LP_find_file_end(LP_DIR_CTX **ctx)
{ {
errno = EINVAL; errno = EINVAL;
return 0; return 0;
} }

121
crypto/LPdir_unix.c
View File

@ -1,4 +1,7 @@
/* $LP: LPlib/source/LPdir_unix.c,v 1.11 2004/09/23 22:07:22 _cvs_levitte Exp $ */ /*
* $LP: LPlib/source/LPdir_unix.c,v 1.11 2004/09/23 22:07:22 _cvs_levitte Exp
* $
*/
/* /*
* Copyright (c) 2004, Richard Levitte <richard@levitte.org> * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
* All rights reserved. * All rights reserved.
@ -33,95 +36,91 @@
#include <dirent.h> #include <dirent.h>
#include <errno.h> #include <errno.h>
#ifndef LPDIR_H #ifndef LPDIR_H
#include "LPdir.h" # include "LPdir.h"
#endif #endif
/* The POSIXly macro for the maximum number of characters in a file path /*
is NAME_MAX. However, some operating systems use PATH_MAX instead. * The POSIXly macro for the maximum number of characters in a file path is
Therefore, it seems natural to first check for PATH_MAX and use that, * NAME_MAX. However, some operating systems use PATH_MAX instead.
and if it doesn't exist, use NAME_MAX. */ * Therefore, it seems natural to first check for PATH_MAX and use that, and
* if it doesn't exist, use NAME_MAX.
*/
#if defined(PATH_MAX) #if defined(PATH_MAX)
# define LP_ENTRY_SIZE PATH_MAX # define LP_ENTRY_SIZE PATH_MAX
#elif defined(NAME_MAX) #elif defined(NAME_MAX)
# define LP_ENTRY_SIZE NAME_MAX # define LP_ENTRY_SIZE NAME_MAX
#endif #endif
/* Of course, there's the possibility that neither PATH_MAX nor NAME_MAX /*
exist. It's also possible that NAME_MAX exists but is define to a * Of course, there's the possibility that neither PATH_MAX nor NAME_MAX
very small value (HP-UX offers 14), so we need to check if we got a * exist. It's also possible that NAME_MAX exists but is define to a very
result, and if it meets a minimum standard, and create or change it * small value (HP-UX offers 14), so we need to check if we got a result, and
if not. */ * if it meets a minimum standard, and create or change it if not.
*/
#if !defined(LP_ENTRY_SIZE) || LP_ENTRY_SIZE<255 #if !defined(LP_ENTRY_SIZE) || LP_ENTRY_SIZE<255
# undef LP_ENTRY_SIZE # undef LP_ENTRY_SIZE
# define LP_ENTRY_SIZE 255 # define LP_ENTRY_SIZE 255
#endif #endif
struct LP_dir_context_st struct LP_dir_context_st {
{ DIR *dir;
DIR *dir; char entry_name[LP_ENTRY_SIZE + 1];
char entry_name[LP_ENTRY_SIZE+1];
}; };
const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
{ {
struct dirent *direntry = NULL; struct dirent *direntry = NULL;
if (ctx == NULL || directory == NULL) if (ctx == NULL || directory == NULL) {
{ errno = EINVAL;
errno = EINVAL; return 0;
return 0;
} }
errno = 0; errno = 0;
if (*ctx == NULL) if (*ctx == NULL) {
{ *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
*ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX)); if (*ctx == NULL) {
if (*ctx == NULL) errno = ENOMEM;
{ return 0;
errno = ENOMEM; }
return 0; memset(*ctx, '\0', sizeof(LP_DIR_CTX));
}
memset(*ctx, '\0', sizeof(LP_DIR_CTX));
(*ctx)->dir = opendir(directory); (*ctx)->dir = opendir(directory);
if ((*ctx)->dir == NULL) if ((*ctx)->dir == NULL) {
{ int save_errno = errno; /* Probably not needed, but I'm paranoid */
int save_errno = errno; /* Probably not needed, but I'm paranoid */ free(*ctx);
free(*ctx); *ctx = NULL;
*ctx = NULL; errno = save_errno;
errno = save_errno; return 0;
return 0; }
}
} }
direntry = readdir((*ctx)->dir); direntry = readdir((*ctx)->dir);
if (direntry == NULL) if (direntry == NULL) {
{ return 0;
return 0;
} }
strncpy((*ctx)->entry_name, direntry->d_name, sizeof((*ctx)->entry_name) - 1); strncpy((*ctx)->entry_name, direntry->d_name,
(*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0'; sizeof((*ctx)->entry_name) - 1);
return (*ctx)->entry_name; (*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0';
return (*ctx)->entry_name;
} }
int LP_find_file_end(LP_DIR_CTX **ctx) int LP_find_file_end(LP_DIR_CTX **ctx)
{ {
if (ctx != NULL && *ctx != NULL) if (ctx != NULL && *ctx != NULL) {
{ int ret = closedir((*ctx)->dir);
int ret = closedir((*ctx)->dir);
free(*ctx); free(*ctx);
switch (ret) switch (ret) {
{ case 0:
case 0: return 1;
return 1; case -1:
case -1: return 0;
return 0; default:
default: break;
break; }
}
} }
errno = EINVAL; errno = EINVAL;
return 0; return 0;
} }

216
crypto/LPdir_vms.c
View File

@ -37,175 +37,159 @@
#include <str$routines.h> #include <str$routines.h>
#include <stsdef.h> #include <stsdef.h>
#ifndef LPDIR_H #ifndef LPDIR_H
#include "LPdir.h" # include "LPdir.h"
#endif #endif
#include "vms_rms.h" #include "vms_rms.h"
/* Some compiler options hide EVMSERR. */ /* Some compiler options hide EVMSERR. */
#ifndef EVMSERR #ifndef EVMSERR
# define EVMSERR 65535 /* error for non-translatable VMS errors */ # define EVMSERR 65535 /* error for non-translatable VMS errors */
#endif #endif
struct LP_dir_context_st struct LP_dir_context_st {
{ unsigned long VMS_context;
unsigned long VMS_context; char filespec[NAMX_MAXRSS + 1];
char filespec[ NAMX_MAXRSS+ 1]; char result[NAMX_MAXRSS + 1];
char result[ NAMX_MAXRSS+ 1]; struct dsc$descriptor_d filespec_dsc;
struct dsc$descriptor_d filespec_dsc; struct dsc$descriptor_d result_dsc;
struct dsc$descriptor_d result_dsc;
}; };
const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
{ {
int status; int status;
char *p, *r; char *p, *r;
size_t l; size_t l;
unsigned long flags = 0; unsigned long flags = 0;
/* Arrange 32-bit pointer to (copied) string storage, if needed. */ /* Arrange 32-bit pointer to (copied) string storage, if needed. */
#if __INITIAL_POINTER_SIZE == 64 #if __INITIAL_POINTER_SIZE == 64
# pragma pointer_size save # pragma pointer_size save
# pragma pointer_size 32 # pragma pointer_size 32
char *ctx_filespec_32p; char *ctx_filespec_32p;
# pragma pointer_size restore # pragma pointer_size restore
char ctx_filespec_32[ NAMX_MAXRSS+ 1]; char ctx_filespec_32[NAMX_MAXRSS + 1];
#endif /* __INITIAL_POINTER_SIZE == 64 */ #endif /* __INITIAL_POINTER_SIZE == 64 */
#ifdef NAML$C_MAXRSS #ifdef NAML$C_MAXRSS
flags |= LIB$M_FIL_LONG_NAMES; flags |= LIB$M_FIL_LONG_NAMES;
#endif #endif
if (ctx == NULL || directory == NULL) if (ctx == NULL || directory == NULL) {
{ errno = EINVAL;
errno = EINVAL; return 0;
return 0;
} }
errno = 0; errno = 0;
if (*ctx == NULL) if (*ctx == NULL) {
{ size_t filespeclen = strlen(directory);
size_t filespeclen = strlen(directory); char *filespec = NULL;
char *filespec = NULL;
if (filespeclen == 0) if (filespeclen == 0) {
{ errno = ENOENT;
errno = ENOENT; return 0;
return 0; }
}
/* MUST be a VMS directory specification! Let's estimate if it is. */ /* MUST be a VMS directory specification! Let's estimate if it is. */
if (directory[filespeclen-1] != ']' if (directory[filespeclen - 1] != ']'
&& directory[filespeclen-1] != '>' && directory[filespeclen - 1] != '>'
&& directory[filespeclen-1] != ':') && directory[filespeclen - 1] != ':') {
{ errno = EINVAL;
errno = EINVAL; return 0;
return 0; }
}
filespeclen += 4; /* "*.*;" */ filespeclen += 4; /* "*.*;" */
if (filespeclen > NAMX_MAXRSS) if (filespeclen > NAMX_MAXRSS) {
{ errno = ENAMETOOLONG;
errno = ENAMETOOLONG; return 0;
return 0; }
}
*ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX)); *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
if (*ctx == NULL) if (*ctx == NULL) {
{ errno = ENOMEM;
errno = ENOMEM; return 0;
return 0; }
} memset(*ctx, '\0', sizeof(LP_DIR_CTX));
memset(*ctx, '\0', sizeof(LP_DIR_CTX));
strcpy((*ctx)->filespec,directory); strcpy((*ctx)->filespec, directory);
strcat((*ctx)->filespec,"*.*;"); strcat((*ctx)->filespec, "*.*;");
/* Arrange 32-bit pointer to (copied) string storage, if needed. */ /* Arrange 32-bit pointer to (copied) string storage, if needed. */
#if __INITIAL_POINTER_SIZE == 64 #if __INITIAL_POINTER_SIZE == 64
# define CTX_FILESPEC ctx_filespec_32p # define CTX_FILESPEC ctx_filespec_32p
/* Copy the file name to storage with a 32-bit pointer. */ /* Copy the file name to storage with a 32-bit pointer. */
ctx_filespec_32p = ctx_filespec_32; ctx_filespec_32p = ctx_filespec_32;
strcpy( ctx_filespec_32p, (*ctx)->filespec); strcpy(ctx_filespec_32p, (*ctx)->filespec);
#else /* __INITIAL_POINTER_SIZE == 64 */ #else /* __INITIAL_POINTER_SIZE == 64 */
# define CTX_FILESPEC (*ctx)->filespec # define CTX_FILESPEC (*ctx)->filespec
#endif /* __INITIAL_POINTER_SIZE == 64 [else] */ #endif /* __INITIAL_POINTER_SIZE == 64 [else] */
(*ctx)->filespec_dsc.dsc$w_length = filespeclen; (*ctx)->filespec_dsc.dsc$w_length = filespeclen;
(*ctx)->filespec_dsc.dsc$b_dtype = DSC$K_DTYPE_T; (*ctx)->filespec_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
(*ctx)->filespec_dsc.dsc$b_class = DSC$K_CLASS_S; (*ctx)->filespec_dsc.dsc$b_class = DSC$K_CLASS_S;
(*ctx)->filespec_dsc.dsc$a_pointer = CTX_FILESPEC; (*ctx)->filespec_dsc.dsc$a_pointer = CTX_FILESPEC;
} }
(*ctx)->result_dsc.dsc$w_length = 0; (*ctx)->result_dsc.dsc$w_length = 0;
(*ctx)->result_dsc.dsc$b_dtype = DSC$K_DTYPE_T; (*ctx)->result_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
(*ctx)->result_dsc.dsc$b_class = DSC$K_CLASS_D; (*ctx)->result_dsc.dsc$b_class = DSC$K_CLASS_D;
(*ctx)->result_dsc.dsc$a_pointer = 0; (*ctx)->result_dsc.dsc$a_pointer = 0;
status = lib$find_file(&(*ctx)->filespec_dsc, &(*ctx)->result_dsc, status = lib$find_file(&(*ctx)->filespec_dsc, &(*ctx)->result_dsc,
&(*ctx)->VMS_context, 0, 0, 0, &flags); &(*ctx)->VMS_context, 0, 0, 0, &flags);
if (status == RMS$_NMF) if (status == RMS$_NMF) {
{ errno = 0;
errno = 0; vaxc$errno = status;
vaxc$errno = status; return NULL;
return NULL;
} }
if(!$VMS_STATUS_SUCCESS(status)) if (!$VMS_STATUS_SUCCESS(status)) {
{ errno = EVMSERR;
errno = EVMSERR; vaxc$errno = status;
vaxc$errno = status; return NULL;
return NULL;
} }
/* Quick, cheap and dirty way to discard any device and directory, /*
since we only want file names */ * Quick, cheap and dirty way to discard any device and directory, since
l = (*ctx)->result_dsc.dsc$w_length; * we only want file names
p = (*ctx)->result_dsc.dsc$a_pointer; */
r = p; l = (*ctx)->result_dsc.dsc$w_length;
for (; *p; p++) p = (*ctx)->result_dsc.dsc$a_pointer;
{ r = p;
if (*p == '^' && p[1] != '\0') /* Take care of ODS-5 escapes */ for (; *p; p++) {
{ if (*p == '^' && p[1] != '\0') { /* Take care of ODS-5 escapes */
p++; p++;
} } else if (*p == ':' || *p == '>' || *p == ']') {
else if (*p == ':' || *p == '>' || *p == ']') l -= p + 1 - r;
{ r = p + 1;
l -= p + 1 - r; } else if (*p == ';') {
r = p + 1; l = p - r;
} break;
else if (*p == ';') }
{
l = p - r;
break;
}
} }
strncpy((*ctx)->result, r, l); strncpy((*ctx)->result, r, l);
(*ctx)->result[l] = '\0'; (*ctx)->result[l] = '\0';
str$free1_dx(&(*ctx)->result_dsc); str$free1_dx(&(*ctx)->result_dsc);
return (*ctx)->result; return (*ctx)->result;
} }
int LP_find_file_end(LP_DIR_CTX **ctx) int LP_find_file_end(LP_DIR_CTX **ctx)
{ {
if (ctx != NULL && *ctx != NULL) if (ctx != NULL && *ctx != NULL) {
{ int status = lib$find_file_end(&(*ctx)->VMS_context);
int status = lib$find_file_end(&(*ctx)->VMS_context);
free(*ctx); free(*ctx);
if(!$VMS_STATUS_SUCCESS(status)) if (!$VMS_STATUS_SUCCESS(status)) {
{ errno = EVMSERR;
errno = EVMSERR; vaxc$errno = status;
vaxc$errno = status; return 0;
return 0; }
} return 1;
return 1;
} }
errno = EINVAL; errno = EINVAL;
return 0; return 0;
} }

233
crypto/LPdir_win.c
View File

@ -26,13 +26,14 @@
#include <windows.h> #include <windows.h>
#include <tchar.h> #include <tchar.h>
#ifndef LPDIR_H #ifndef LPDIR_H
#include "LPdir.h" # include "LPdir.h"
#endif #endif
/* We're most likely overcautious here, but let's reserve for /*
broken WinCE headers and explicitly opt for UNICODE call. * We're most likely overcautious here, but let's reserve for broken WinCE
Keep in mind that our WinCE builds are compiled with -DUNICODE * headers and explicitly opt for UNICODE call. Keep in mind that our WinCE
[as well as -D_UNICODE]. */ * builds are compiled with -DUNICODE [as well as -D_UNICODE].
*/
#if defined(LP_SYS_WINCE) && !defined(FindFirstFile) #if defined(LP_SYS_WINCE) && !defined(FindFirstFile)
# define FindFirstFile FindFirstFileW # define FindFirstFile FindFirstFileW
#endif #endif
@ -41,147 +42,129 @@
#endif #endif
#ifndef NAME_MAX #ifndef NAME_MAX
#define NAME_MAX 255 # define NAME_MAX 255
#endif #endif
struct LP_dir_context_st struct LP_dir_context_st {
{ WIN32_FIND_DATA ctx;
WIN32_FIND_DATA ctx; HANDLE handle;
HANDLE handle; char entry_name[NAME_MAX + 1];
char entry_name[NAME_MAX+1];
}; };
const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
{ {
if (ctx == NULL || directory == NULL) if (ctx == NULL || directory == NULL) {
{ errno = EINVAL;
errno = EINVAL; return 0;
return 0;
} }
errno = 0; errno = 0;
if (*ctx == NULL) if (*ctx == NULL) {
{ const char *extdir = directory;
const char *extdir = directory; char *extdirbuf = NULL;
char *extdirbuf = NULL; size_t dirlen = strlen(directory);
size_t dirlen = strlen (directory);
if (dirlen == 0) if (dirlen == 0) {
{ errno = ENOENT;
errno = ENOENT; return 0;
return 0; }
}
*ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX)); *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
if (*ctx == NULL) if (*ctx == NULL) {
{ errno = ENOMEM;
errno = ENOMEM; return 0;
return 0; }
} memset(*ctx, '\0', sizeof(LP_DIR_CTX));
memset(*ctx, '\0', sizeof(LP_DIR_CTX));
if (directory[dirlen-1] != '*') if (directory[dirlen - 1] != '*') {
{ extdirbuf = (char *)malloc(dirlen + 3);
extdirbuf = (char *)malloc(dirlen + 3); if (extdirbuf == NULL) {
if (extdirbuf == NULL) free(*ctx);
{ *ctx = NULL;
free(*ctx); errno = ENOMEM;
*ctx = NULL; return 0;
errno = ENOMEM; }
return 0; if (directory[dirlen - 1] != '/' && directory[dirlen - 1] != '\\')
} extdir = strcat(strcpy(extdirbuf, directory), "/*");
if (directory[dirlen-1] != '/' && directory[dirlen-1] != '\\') else
extdir = strcat(strcpy (extdirbuf,directory),"/*"); extdir = strcat(strcpy(extdirbuf, directory), "*");
else }
extdir = strcat(strcpy (extdirbuf,directory),"*");
}
if (sizeof(TCHAR) != sizeof(char)) if (sizeof(TCHAR) != sizeof(char)) {
{ TCHAR *wdir = NULL;
TCHAR *wdir = NULL; /* len_0 denotes string length *with* trailing 0 */
/* len_0 denotes string length *with* trailing 0 */ size_t index = 0, len_0 = strlen(extdir) + 1;
size_t index = 0,len_0 = strlen(extdir) + 1;
wdir = (TCHAR *)calloc(len_0, sizeof(TCHAR)); wdir = (TCHAR *)calloc(len_0, sizeof(TCHAR));
if (wdir == NULL) if (wdir == NULL) {
{ if (extdirbuf != NULL) {
if (extdirbuf != NULL) free(extdirbuf);
{ }
free (extdirbuf); free(*ctx);
} *ctx = NULL;
free(*ctx); errno = ENOMEM;
*ctx = NULL; return 0;
errno = ENOMEM; }
return 0; #ifdef LP_MULTIBYTE_AVAILABLE
} if (!MultiByteToWideChar
(CP_ACP, 0, extdir, len_0, (WCHAR *)wdir, len_0))
#endif
for (index = 0; index < len_0; index++)
wdir[index] = (TCHAR)extdir[index];
(*ctx)->handle = FindFirstFile(wdir, &(*ctx)->ctx);
free(wdir);
} else {
(*ctx)->handle = FindFirstFile((TCHAR *)extdir, &(*ctx)->ctx);
}
if (extdirbuf != NULL) {
free(extdirbuf);
}
if ((*ctx)->handle == INVALID_HANDLE_VALUE) {
free(*ctx);
*ctx = NULL;
errno = EINVAL;
return 0;
}
} else {
if (FindNextFile((*ctx)->handle, &(*ctx)->ctx) == FALSE) {
return 0;
}
}
if (sizeof(TCHAR) != sizeof(char)) {
TCHAR *wdir = (*ctx)->ctx.cFileName;
size_t index, len_0 = 0;
while (wdir[len_0] && len_0 < (sizeof((*ctx)->entry_name) - 1))
len_0++;
len_0++;
#ifdef LP_MULTIBYTE_AVAILABLE #ifdef LP_MULTIBYTE_AVAILABLE
if (!MultiByteToWideChar(CP_ACP, 0, extdir, len_0, (WCHAR *)wdir, len_0)) if (!WideCharToMultiByte
(CP_ACP, 0, (WCHAR *)wdir, len_0, (*ctx)->entry_name,
sizeof((*ctx)->entry_name), NULL, 0))
#endif #endif
for (index = 0; index < len_0; index++) for (index = 0; index < len_0; index++)
wdir[index] = (TCHAR)extdir[index]; (*ctx)->entry_name[index] = (char)wdir[index];
} else
strncpy((*ctx)->entry_name, (const char *)(*ctx)->ctx.cFileName,
sizeof((*ctx)->entry_name) - 1);
(*ctx)->handle = FindFirstFile(wdir, &(*ctx)->ctx); (*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0';
free(wdir); return (*ctx)->entry_name;
}
else
{
(*ctx)->handle = FindFirstFile((TCHAR *)extdir, &(*ctx)->ctx);
}
if (extdirbuf != NULL)
{
free (extdirbuf);
}
if ((*ctx)->handle == INVALID_HANDLE_VALUE)
{
free(*ctx);
*ctx = NULL;
errno = EINVAL;
return 0;
}
}
else
{
if (FindNextFile((*ctx)->handle, &(*ctx)->ctx) == FALSE)
{
return 0;
}
}
if (sizeof(TCHAR) != sizeof(char))
{
TCHAR *wdir = (*ctx)->ctx.cFileName;
size_t index, len_0 = 0;
while (wdir[len_0] && len_0 < (sizeof((*ctx)->entry_name) - 1)) len_0++;
len_0++;
#ifdef LP_MULTIBYTE_AVAILABLE
if (!WideCharToMultiByte(CP_ACP, 0, (WCHAR *)wdir, len_0, (*ctx)->entry_name,
sizeof((*ctx)->entry_name), NULL, 0))
#endif
for (index = 0; index < len_0; index++)
(*ctx)->entry_name[index] = (char)wdir[index];
}
else
strncpy((*ctx)->entry_name, (const char *)(*ctx)->ctx.cFileName,
sizeof((*ctx)->entry_name)-1);
(*ctx)->entry_name[sizeof((*ctx)->entry_name)-1] = '\0';
return (*ctx)->entry_name;
} }
int LP_find_file_end(LP_DIR_CTX **ctx) int LP_find_file_end(LP_DIR_CTX **ctx)
{ {
if (ctx != NULL && *ctx != NULL) if (ctx != NULL && *ctx != NULL) {
{ FindClose((*ctx)->handle);
FindClose((*ctx)->handle); free(*ctx);
free(*ctx); *ctx = NULL;
*ctx = NULL; return 1;
return 1;
} }
errno = EINVAL; errno = EINVAL;
return 0; return 0;
} }

5
crypto/LPdir_win32.c
View File

@ -1,4 +1,7 @@
/* $LP: LPlib/source/LPdir_win32.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp $ */ /*
* $LP: LPlib/source/LPdir_win32.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp
* $
*/
/* /*
* Copyright (c) 2004, Richard Levitte <richard@levitte.org> * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
* All rights reserved. * All rights reserved.

11
crypto/LPdir_wince.c
View File

@ -1,4 +1,7 @@
/* $LP: LPlib/source/LPdir_wince.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp $ */ /*
* $LP: LPlib/source/LPdir_wince.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp
* $
*/
/* /*
* Copyright (c) 2004, Richard Levitte <richard@levitte.org> * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
* All rights reserved. * All rights reserved.
@ -26,6 +29,8 @@
*/ */
#define LP_SYS_WINCE #define LP_SYS_WINCE
/* We might want to define LP_MULTIBYTE_AVAILABLE here. It's currently /*
under investigation what the exact conditions would be */ * We might want to define LP_MULTIBYTE_AVAILABLE here. It's currently under
* investigation what the exact conditions would be
*/
#include "LPdir_win.c" #include "LPdir_win.c"

98
crypto/aes/aes.h
View File

@ -50,23 +50,25 @@
*/ */
#ifndef HEADER_AES_H #ifndef HEADER_AES_H
#define HEADER_AES_H # define HEADER_AES_H
#include <openssl/opensslconf.h> # include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_AES # ifdef OPENSSL_NO_AES
#error AES is disabled. # error AES is disabled.
#endif # endif
#include <stddef.h> # include <stddef.h>
#define AES_ENCRYPT 1 # define AES_ENCRYPT 1
#define AES_DECRYPT 0 # define AES_DECRYPT 0
/* Because array size can't be a const in C, the following two are macros. /*
Both sizes are in bytes. */ * Because array size can't be a const in C, the following two are macros.
#define AES_MAXNR 14 * Both sizes are in bytes.
#define AES_BLOCK_SIZE 16 */
# define AES_MAXNR 14
# define AES_BLOCK_SIZE 16
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
@ -74,11 +76,11 @@ extern "C" {
/* This should be a hidden type, but EVP requires that the size be known */ /* This should be a hidden type, but EVP requires that the size be known */
struct aes_key_st { struct aes_key_st {
#ifdef AES_LONG # ifdef AES_LONG
unsigned long rd_key[4 *(AES_MAXNR + 1)]; unsigned long rd_key[4 * (AES_MAXNR + 1)];
#else # else
unsigned int rd_key[4 *(AES_MAXNR + 1)]; unsigned int rd_key[4 * (AES_MAXNR + 1)];
#endif # endif
int rounds; int rounds;
}; };
typedef struct aes_key_st AES_KEY; typedef struct aes_key_st AES_KEY;
@ -86,59 +88,59 @@ typedef struct aes_key_st AES_KEY;
const char *AES_options(void); const char *AES_options(void);
int AES_set_encrypt_key(const unsigned char *userKey, const int bits, int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
AES_KEY *key); AES_KEY *key);
int AES_set_decrypt_key(const unsigned char *userKey, const int bits, int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
AES_KEY *key); AES_KEY *key);
void AES_encrypt(const unsigned char *in, unsigned char *out, void AES_encrypt(const unsigned char *in, unsigned char *out,
const AES_KEY *key); const AES_KEY *key);
void AES_decrypt(const unsigned char *in, unsigned char *out, void AES_decrypt(const unsigned char *in, unsigned char *out,
const AES_KEY *key); const AES_KEY *key);
void AES_ecb_encrypt(const unsigned char *in, unsigned char *out, void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
const AES_KEY *key, const int enc); const AES_KEY *key, const int enc);
void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key, size_t length, const AES_KEY *key,
unsigned char *ivec, const int enc); unsigned char *ivec, const int enc);
void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key, size_t length, const AES_KEY *key,
unsigned char *ivec, int *num, const int enc); unsigned char *ivec, int *num, const int enc);
void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key, size_t length, const AES_KEY *key,
unsigned char *ivec, int *num, const int enc); unsigned char *ivec, int *num, const int enc);
void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key, size_t length, const AES_KEY *key,
unsigned char *ivec, int *num, const int enc); unsigned char *ivec, int *num, const int enc);
void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key, size_t length, const AES_KEY *key,
unsigned char *ivec, int *num); unsigned char *ivec, int *num);
#if 0 # if 0
void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key, size_t length, const AES_KEY *key,
unsigned char ivec[AES_BLOCK_SIZE], unsigned char ivec[AES_BLOCK_SIZE],
unsigned char ecount_buf[AES_BLOCK_SIZE], unsigned char ecount_buf[AES_BLOCK_SIZE],
unsigned int *num); unsigned int *num);
#endif # endif
/* NB: the IV is _two_ blocks long */ /* NB: the IV is _two_ blocks long */
void AES_ige_encrypt(const unsigned char *in, unsigned char *out, void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key, size_t length, const AES_KEY *key,
unsigned char *ivec, const int enc); unsigned char *ivec, const int enc);
/* NB: the IV is _four_ blocks long */ /* NB: the IV is _four_ blocks long */
void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key, size_t length, const AES_KEY *key,
const AES_KEY *key2, const unsigned char *ivec, const AES_KEY *key2, const unsigned char *ivec,
const int enc); const int enc);
int AES_wrap_key(AES_KEY *key, const unsigned char *iv, int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
unsigned char *out, unsigned char *out,
const unsigned char *in, unsigned int inlen); const unsigned char *in, unsigned int inlen);
int AES_unwrap_key(AES_KEY *key, const unsigned char *iv, int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
unsigned char *out, unsigned char *out,
const unsigned char *in, unsigned int inlen); const unsigned char *in, unsigned int inlen);
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* !HEADER_AES_H */ #endif /* !HEADER_AES_H */

15
crypto/aes/aes_cbc.c
View File

@ -53,11 +53,14 @@
#include <openssl/modes.h> #include <openssl/modes.h>
void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const AES_KEY *key, size_t len, const AES_KEY *key,
unsigned char *ivec, const int enc) { unsigned char *ivec, const int enc)
{
if (enc) if (enc)
CRYPTO_cbc128_encrypt(in,out,len,key,ivec,(block128_f)AES_encrypt); CRYPTO_cbc128_encrypt(in, out, len, key, ivec,
else (block128_f) AES_encrypt);
CRYPTO_cbc128_decrypt(in,out,len,key,ivec,(block128_f)AES_decrypt); else
CRYPTO_cbc128_decrypt(in, out, len, key, ivec,
(block128_f) AES_decrypt);
} }

38
crypto/aes/aes_cfb.c
View File

@ -52,30 +52,34 @@
#include <openssl/aes.h> #include <openssl/aes.h>
#include <openssl/modes.h> #include <openssl/modes.h>
/* The input and output encrypted as though 128bit cfb mode is being /*
* used. The extra state information to record how much of the * The input and output encrypted as though 128bit cfb mode is being used.
* 128bit block we have used is contained in *num; * The extra state information to record how much of the 128bit block we have
* used is contained in *num;
*/ */
void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key, size_t length, const AES_KEY *key,
unsigned char *ivec, int *num, const int enc) { unsigned char *ivec, int *num, const int enc)
{
CRYPTO_cfb128_encrypt(in,out,length,key,ivec,num,enc,(block128_f)AES_encrypt); CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,
(block128_f) AES_encrypt);
} }
/* N.B. This expects the input to be packed, MS bit first */ /* N.B. This expects the input to be packed, MS bit first */
void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key, size_t length, const AES_KEY *key,
unsigned char *ivec, int *num, const int enc) unsigned char *ivec, int *num, const int enc)
{ {
CRYPTO_cfb128_1_encrypt(in,out,length,key,ivec,num,enc,(block128_f)AES_encrypt); CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc,
} (block128_f) AES_encrypt);
}
void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key, size_t length, const AES_KEY *key,
unsigned char *ivec, int *num, const int enc) unsigned char *ivec, int *num, const int enc)
{ {
CRYPTO_cfb128_8_encrypt(in,out,length,key,ivec,num,enc,(block128_f)AES_encrypt); CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc,
} (block128_f) AES_encrypt);
}

16
crypto/aes/aes_ecb.c
View File

@ -60,14 +60,14 @@
#include "aes_locl.h" #include "aes_locl.h"
void AES_ecb_encrypt(const unsigned char *in, unsigned char *out, void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
const AES_KEY *key, const int enc) { const AES_KEY *key, const int enc)
{
assert(in && out && key); assert(in && out && key);
assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc)); assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc));
if (AES_ENCRYPT == enc) if (AES_ENCRYPT == enc)
AES_encrypt(in, out, key); AES_encrypt(in, out, key);
else else
AES_decrypt(in, out, key); AES_decrypt(in, out, key);
} }

452
crypto/aes/aes_ige.c
View File

@ -56,152 +56,147 @@
#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long)) #define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long))
typedef struct { typedef struct {
unsigned long data[N_WORDS]; unsigned long data[N_WORDS];
} aes_block_t; } aes_block_t;
/* XXX: probably some better way to do this */ /* XXX: probably some better way to do this */
#if defined(__i386__) || defined(__x86_64__) #if defined(__i386__) || defined(__x86_64__)
#define UNALIGNED_MEMOPS_ARE_FAST 1 # define UNALIGNED_MEMOPS_ARE_FAST 1
#else #else
#define UNALIGNED_MEMOPS_ARE_FAST 0 # define UNALIGNED_MEMOPS_ARE_FAST 0
#endif #endif
#if UNALIGNED_MEMOPS_ARE_FAST #if UNALIGNED_MEMOPS_ARE_FAST
#define load_block(d, s) (d) = *(const aes_block_t *)(s) # define load_block(d, s) (d) = *(const aes_block_t *)(s)
#define store_block(d, s) *(aes_block_t *)(d) = (s) # define store_block(d, s) *(aes_block_t *)(d) = (s)
#else #else
#define load_block(d, s) memcpy((d).data, (s), AES_BLOCK_SIZE) # define load_block(d, s) memcpy((d).data, (s), AES_BLOCK_SIZE)
#define store_block(d, s) memcpy((d), (s).data, AES_BLOCK_SIZE) # define store_block(d, s) memcpy((d), (s).data, AES_BLOCK_SIZE)
#endif #endif
/* N.B. The IV for this mode is _twice_ the block size */ /* N.B. The IV for this mode is _twice_ the block size */
void AES_ige_encrypt(const unsigned char *in, unsigned char *out, void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key, size_t length, const AES_KEY *key,
unsigned char *ivec, const int enc) unsigned char *ivec, const int enc)
{ {
size_t n; size_t n;
size_t len = length; size_t len = length;
OPENSSL_assert(in && out && key && ivec); OPENSSL_assert(in && out && key && ivec);
OPENSSL_assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc)); OPENSSL_assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc));
OPENSSL_assert((length%AES_BLOCK_SIZE) == 0); OPENSSL_assert((length % AES_BLOCK_SIZE) == 0);
len = length / AES_BLOCK_SIZE; len = length / AES_BLOCK_SIZE;
if (AES_ENCRYPT == enc) if (AES_ENCRYPT == enc) {
{ if (in != out &&
if (in != out && (UNALIGNED_MEMOPS_ARE_FAST
(UNALIGNED_MEMOPS_ARE_FAST || ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(long)==0)) || ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(long) ==
{ 0)) {
aes_block_t *ivp = (aes_block_t *)ivec; aes_block_t *ivp = (aes_block_t *) ivec;
aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE); aes_block_t *iv2p = (aes_block_t *) (ivec + AES_BLOCK_SIZE);
while (len) while (len) {
{ aes_block_t *inp = (aes_block_t *) in;
aes_block_t *inp = (aes_block_t *)in; aes_block_t *outp = (aes_block_t *) out;
aes_block_t *outp = (aes_block_t *)out;
for(n=0 ; n < N_WORDS; ++n) for (n = 0; n < N_WORDS; ++n)
outp->data[n] = inp->data[n] ^ ivp->data[n]; outp->data[n] = inp->data[n] ^ ivp->data[n];
AES_encrypt((unsigned char *)outp->data, (unsigned char *)outp->data, key); AES_encrypt((unsigned char *)outp->data,
for(n=0 ; n < N_WORDS; ++n) (unsigned char *)outp->data, key);
outp->data[n] ^= iv2p->data[n]; for (n = 0; n < N_WORDS; ++n)
ivp = outp; outp->data[n] ^= iv2p->data[n];
iv2p = inp; ivp = outp;
--len; iv2p = inp;
in += AES_BLOCK_SIZE; --len;
out += AES_BLOCK_SIZE; in += AES_BLOCK_SIZE;
} out += AES_BLOCK_SIZE;
memcpy(ivec, ivp->data, AES_BLOCK_SIZE); }
memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE); memcpy(ivec, ivp->data, AES_BLOCK_SIZE);
} memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);
else } else {
{ aes_block_t tmp, tmp2;
aes_block_t tmp, tmp2; aes_block_t iv;
aes_block_t iv; aes_block_t iv2;
aes_block_t iv2;
load_block(iv, ivec); load_block(iv, ivec);
load_block(iv2, ivec + AES_BLOCK_SIZE); load_block(iv2, ivec + AES_BLOCK_SIZE);
while (len) while (len) {
{ load_block(tmp, in);
load_block(tmp, in); for (n = 0; n < N_WORDS; ++n)
for(n=0 ; n < N_WORDS; ++n) tmp2.data[n] = tmp.data[n] ^ iv.data[n];
tmp2.data[n] = tmp.data[n] ^ iv.data[n]; AES_encrypt((unsigned char *)tmp2.data,
AES_encrypt((unsigned char *)tmp2.data, (unsigned char *)tmp2.data, key); (unsigned char *)tmp2.data, key);
for(n=0 ; n < N_WORDS; ++n) for (n = 0; n < N_WORDS; ++n)
tmp2.data[n] ^= iv2.data[n]; tmp2.data[n] ^= iv2.data[n];
store_block(out, tmp2); store_block(out, tmp2);
iv = tmp2; iv = tmp2;
iv2 = tmp; iv2 = tmp;
--len; --len;
in += AES_BLOCK_SIZE; in += AES_BLOCK_SIZE;
out += AES_BLOCK_SIZE; out += AES_BLOCK_SIZE;
} }
memcpy(ivec, iv.data, AES_BLOCK_SIZE); memcpy(ivec, iv.data, AES_BLOCK_SIZE);
memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE); memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE);
} }
} } else {
else if (in != out &&
{ (UNALIGNED_MEMOPS_ARE_FAST
if (in != out && || ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(long) ==
(UNALIGNED_MEMOPS_ARE_FAST || ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(long)==0)) 0)) {
{ aes_block_t *ivp = (aes_block_t *) ivec;
aes_block_t *ivp = (aes_block_t *)ivec; aes_block_t *iv2p = (aes_block_t *) (ivec + AES_BLOCK_SIZE);
aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE);
while (len) while (len) {
{ aes_block_t tmp;
aes_block_t tmp; aes_block_t *inp = (aes_block_t *) in;
aes_block_t *inp = (aes_block_t *)in; aes_block_t *outp = (aes_block_t *) out;
aes_block_t *outp = (aes_block_t *)out;
for(n=0 ; n < N_WORDS; ++n) for (n = 0; n < N_WORDS; ++n)
tmp.data[n] = inp->data[n] ^ iv2p->data[n]; tmp.data[n] = inp->data[n] ^ iv2p->data[n];
AES_decrypt((unsigned char *)tmp.data, (unsigned char *)outp->data, key); AES_decrypt((unsigned char *)tmp.data,
for(n=0 ; n < N_WORDS; ++n) (unsigned char *)outp->data, key);
outp->data[n] ^= ivp->data[n]; for (n = 0; n < N_WORDS; ++n)
ivp = inp; outp->data[n] ^= ivp->data[n];
iv2p = outp; ivp = inp;
--len; iv2p = outp;
in += AES_BLOCK_SIZE; --len;
out += AES_BLOCK_SIZE; in += AES_BLOCK_SIZE;
} out += AES_BLOCK_SIZE;
memcpy(ivec, ivp->data, AES_BLOCK_SIZE); }
memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE); memcpy(ivec, ivp->data, AES_BLOCK_SIZE);
} memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);
else } else {
{ aes_block_t tmp, tmp2;
aes_block_t tmp, tmp2; aes_block_t iv;
aes_block_t iv; aes_block_t iv2;
aes_block_t iv2;
load_block(iv, ivec); load_block(iv, ivec);
load_block(iv2, ivec + AES_BLOCK_SIZE); load_block(iv2, ivec + AES_BLOCK_SIZE);
while (len) while (len) {
{ load_block(tmp, in);
load_block(tmp, in); tmp2 = tmp;
tmp2 = tmp; for (n = 0; n < N_WORDS; ++n)
for(n=0 ; n < N_WORDS; ++n) tmp.data[n] ^= iv2.data[n];
tmp.data[n] ^= iv2.data[n]; AES_decrypt((unsigned char *)tmp.data,
AES_decrypt((unsigned char *)tmp.data, (unsigned char *)tmp.data, key); (unsigned char *)tmp.data, key);
for(n=0 ; n < N_WORDS; ++n) for (n = 0; n < N_WORDS; ++n)
tmp.data[n] ^= iv.data[n]; tmp.data[n] ^= iv.data[n];
store_block(out, tmp); store_block(out, tmp);
iv = tmp2; iv = tmp2;
iv2 = tmp; iv2 = tmp;
--len; --len;
in += AES_BLOCK_SIZE; in += AES_BLOCK_SIZE;
out += AES_BLOCK_SIZE; out += AES_BLOCK_SIZE;
} }
memcpy(ivec, iv.data, AES_BLOCK_SIZE); memcpy(ivec, iv.data, AES_BLOCK_SIZE);
memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE); memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE);
} }
} }
} }
/* /*
* Note that its effectively impossible to do biIGE in anything other * Note that its effectively impossible to do biIGE in anything other
@ -211,113 +206,118 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
/* N.B. The IV for this mode is _four times_ the block size */ /* N.B. The IV for this mode is _four times_ the block size */
void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key, size_t length, const AES_KEY *key,
const AES_KEY *key2, const unsigned char *ivec, const AES_KEY *key2, const unsigned char *ivec,
const int enc) const int enc)
{ {
size_t n; size_t n;
size_t len = length; size_t len = length;
unsigned char tmp[AES_BLOCK_SIZE]; unsigned char tmp[AES_BLOCK_SIZE];
unsigned char tmp2[AES_BLOCK_SIZE]; unsigned char tmp2[AES_BLOCK_SIZE];
unsigned char tmp3[AES_BLOCK_SIZE]; unsigned char tmp3[AES_BLOCK_SIZE];
unsigned char prev[AES_BLOCK_SIZE]; unsigned char prev[AES_BLOCK_SIZE];
const unsigned char *iv; const unsigned char *iv;
const unsigned char *iv2; const unsigned char *iv2;
OPENSSL_assert(in && out && key && ivec); OPENSSL_assert(in && out && key && ivec);
OPENSSL_assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc)); OPENSSL_assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc));
OPENSSL_assert((length%AES_BLOCK_SIZE) == 0); OPENSSL_assert((length % AES_BLOCK_SIZE) == 0);
if (AES_ENCRYPT == enc) if (AES_ENCRYPT == enc) {
{ /*
/* XXX: Do a separate case for when in != out (strictly should * XXX: Do a separate case for when in != out (strictly should check
check for overlap, too) */ * for overlap, too)
*/
/* First the forward pass */ /* First the forward pass */
iv = ivec; iv = ivec;
iv2 = ivec + AES_BLOCK_SIZE; iv2 = ivec + AES_BLOCK_SIZE;
while (len >= AES_BLOCK_SIZE) while (len >= AES_BLOCK_SIZE) {
{ for (n = 0; n < AES_BLOCK_SIZE; ++n)
for(n=0 ; n < AES_BLOCK_SIZE ; ++n) out[n] = in[n] ^ iv[n];
out[n] = in[n] ^ iv[n]; AES_encrypt(out, out, key);
AES_encrypt(out, out, key); for (n = 0; n < AES_BLOCK_SIZE; ++n)
for(n=0 ; n < AES_BLOCK_SIZE ; ++n) out[n] ^= iv2[n];
out[n] ^= iv2[n]; iv = out;
iv = out; memcpy(prev, in, AES_BLOCK_SIZE);
memcpy(prev, in, AES_BLOCK_SIZE); iv2 = prev;
iv2 = prev; len -= AES_BLOCK_SIZE;
len -= AES_BLOCK_SIZE; in += AES_BLOCK_SIZE;
in += AES_BLOCK_SIZE; out += AES_BLOCK_SIZE;
out += AES_BLOCK_SIZE; }
}
/* And now backwards */ /* And now backwards */
iv = ivec + AES_BLOCK_SIZE*2; iv = ivec + AES_BLOCK_SIZE * 2;
iv2 = ivec + AES_BLOCK_SIZE*3; iv2 = ivec + AES_BLOCK_SIZE * 3;
len = length; len = length;
while(len >= AES_BLOCK_SIZE) while (len >= AES_BLOCK_SIZE) {
{ out -= AES_BLOCK_SIZE;
out -= AES_BLOCK_SIZE; /*
/* XXX: reduce copies by alternating between buffers */ * XXX: reduce copies by alternating between buffers
memcpy(tmp, out, AES_BLOCK_SIZE); */
for(n=0 ; n < AES_BLOCK_SIZE ; ++n) memcpy(tmp, out, AES_BLOCK_SIZE);
out[n] ^= iv[n]; for (n = 0; n < AES_BLOCK_SIZE; ++n)
/* hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE); */ out[n] ^= iv[n];
AES_encrypt(out, out, key); /*
/* hexdump(stdout,"enc", out, AES_BLOCK_SIZE); */ * hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE);
/* hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); */ */
for(n=0 ; n < AES_BLOCK_SIZE ; ++n) AES_encrypt(out, out, key);
out[n] ^= iv2[n]; /*
/* hexdump(stdout,"out", out, AES_BLOCK_SIZE); */ * hexdump(stdout,"enc", out, AES_BLOCK_SIZE);
iv = out; */
memcpy(prev, tmp, AES_BLOCK_SIZE); /*
iv2 = prev; * hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE);
len -= AES_BLOCK_SIZE; */
} for (n = 0; n < AES_BLOCK_SIZE; ++n)
} out[n] ^= iv2[n];
else /*
{ * hexdump(stdout,"out", out, AES_BLOCK_SIZE);
/* First backwards */ */
iv = ivec + AES_BLOCK_SIZE*2; iv = out;
iv2 = ivec + AES_BLOCK_SIZE*3; memcpy(prev, tmp, AES_BLOCK_SIZE);
in += length; iv2 = prev;
out += length; len -= AES_BLOCK_SIZE;
while (len >= AES_BLOCK_SIZE) }
{ } else {
in -= AES_BLOCK_SIZE; /* First backwards */
out -= AES_BLOCK_SIZE; iv = ivec + AES_BLOCK_SIZE * 2;
memcpy(tmp, in, AES_BLOCK_SIZE); iv2 = ivec + AES_BLOCK_SIZE * 3;
memcpy(tmp2, in, AES_BLOCK_SIZE); in += length;
for(n=0 ; n < AES_BLOCK_SIZE ; ++n) out += length;
tmp[n] ^= iv2[n]; while (len >= AES_BLOCK_SIZE) {
AES_decrypt(tmp, out, key); in -= AES_BLOCK_SIZE;
for(n=0 ; n < AES_BLOCK_SIZE ; ++n) out -= AES_BLOCK_SIZE;
out[n] ^= iv[n]; memcpy(tmp, in, AES_BLOCK_SIZE);
memcpy(tmp3, tmp2, AES_BLOCK_SIZE); memcpy(tmp2, in, AES_BLOCK_SIZE);
iv = tmp3; for (n = 0; n < AES_BLOCK_SIZE; ++n)
iv2 = out; tmp[n] ^= iv2[n];
len -= AES_BLOCK_SIZE; AES_decrypt(tmp, out, key);
} for (n = 0; n < AES_BLOCK_SIZE; ++n)
out[n] ^= iv[n];
memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
iv = tmp3;
iv2 = out;
len -= AES_BLOCK_SIZE;
}
/* And now forwards */ /* And now forwards */
iv = ivec; iv = ivec;
iv2 = ivec + AES_BLOCK_SIZE; iv2 = ivec + AES_BLOCK_SIZE;
len = length; len = length;
while (len >= AES_BLOCK_SIZE) while (len >= AES_BLOCK_SIZE) {
{ memcpy(tmp, out, AES_BLOCK_SIZE);
memcpy(tmp, out, AES_BLOCK_SIZE); memcpy(tmp2, out, AES_BLOCK_SIZE);
memcpy(tmp2, out, AES_BLOCK_SIZE); for (n = 0; n < AES_BLOCK_SIZE; ++n)
for(n=0 ; n < AES_BLOCK_SIZE ; ++n) tmp[n] ^= iv2[n];
tmp[n] ^= iv2[n]; AES_decrypt(tmp, out, key);
AES_decrypt(tmp, out, key); for (n = 0; n < AES_BLOCK_SIZE; ++n)
for(n=0 ; n < AES_BLOCK_SIZE ; ++n) out[n] ^= iv[n];
out[n] ^= iv[n]; memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
memcpy(tmp3, tmp2, AES_BLOCK_SIZE); iv = tmp3;
iv = tmp3; iv2 = out;
iv2 = out; len -= AES_BLOCK_SIZE;
len -= AES_BLOCK_SIZE; in += AES_BLOCK_SIZE;
in += AES_BLOCK_SIZE; out += AES_BLOCK_SIZE;
out += AES_BLOCK_SIZE; }
} }
} }
}

48
crypto/aes/aes_locl.h
View File

@ -50,40 +50,40 @@
*/ */
#ifndef HEADER_AES_LOCL_H #ifndef HEADER_AES_LOCL_H
#define HEADER_AES_LOCL_H # define HEADER_AES_LOCL_H
#include <openssl/e_os2.h> # include <openssl/e_os2.h>
#ifdef OPENSSL_NO_AES # ifdef OPENSSL_NO_AES
#error AES is disabled. # error AES is disabled.
#endif # endif
#include <stdio.h> # include <stdio.h>
#include <stdlib.h> # include <stdlib.h>
#include <string.h> # include <string.h>
#if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)) # if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64))
# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) # define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
# define GETU32(p) SWAP(*((u32 *)(p))) # define GETU32(p) SWAP(*((u32 *)(p)))
# define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); } # define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }
#else # else
# define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3])) # define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3]))
# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); } # define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); }
#endif # endif
#ifdef AES_LONG # ifdef AES_LONG
typedef unsigned long u32; typedef unsigned long u32;
#else # else
typedef unsigned int u32; typedef unsigned int u32;
#endif # endif
typedef unsigned short u16; typedef unsigned short u16;
typedef unsigned char u8; typedef unsigned char u8;
#define MAXKC (256/32) # define MAXKC (256/32)
#define MAXKB (256/8) # define MAXKB (256/8)
#define MAXNR 14 # define MAXNR 14
/* This controls loop-unrolling in aes_core.c */ /* This controls loop-unrolling in aes_core.c */
#undef FULL_UNROLL # undef FULL_UNROLL
#endif /* !HEADER_AES_LOCL_H */ #endif /* !HEADER_AES_LOCL_H */

9
crypto/aes/aes_misc.c
View File

@ -53,12 +53,13 @@
#include <openssl/aes.h> #include <openssl/aes.h>
#include "aes_locl.h" #include "aes_locl.h"
const char AES_version[]="AES" OPENSSL_VERSION_PTEXT; const char AES_version[] = "AES" OPENSSL_VERSION_PTEXT;
const char *AES_options(void) { const char *AES_options(void)
{
#ifdef FULL_UNROLL #ifdef FULL_UNROLL
return "aes(full)"; return "aes(full)";
#else #else
return "aes(partial)"; return "aes(partial)";
#endif #endif
} }

7
crypto/aes/aes_ofb.c
View File

@ -53,8 +53,9 @@
#include <openssl/modes.h> #include <openssl/modes.h>
void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key, size_t length, const AES_KEY *key,
unsigned char *ivec, int *num) unsigned char *ivec, int *num)
{ {
CRYPTO_ofb128_encrypt(in,out,length,key,ivec,num,(block128_f)AES_encrypt); CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num,
(block128_f) AES_encrypt);
} }

24
crypto/aes/aes_wrap.c
View File

@ -1,5 +1,6 @@
/* crypto/aes/aes_wrap.c */ /* crypto/aes/aes_wrap.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL /*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project. * project.
*/ */
/* ==================================================================== /* ====================================================================
@ -56,15 +57,16 @@
#include <openssl/modes.h> #include <openssl/modes.h>
int AES_wrap_key(AES_KEY *key, const unsigned char *iv, int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
unsigned char *out, unsigned char *out,
const unsigned char *in, unsigned int inlen) const unsigned char *in, unsigned int inlen)
{ {
return CRYPTO_128_wrap(key, iv, out, in, inlen, (block128_f)AES_encrypt); return CRYPTO_128_wrap(key, iv, out, in, inlen, (block128_f) AES_encrypt);
} }
int AES_unwrap_key(AES_KEY *key, const unsigned char *iv, int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
unsigned char *out, unsigned char *out,
const unsigned char *in, unsigned int inlen) const unsigned char *in, unsigned int inlen)
{ {
return CRYPTO_128_unwrap(key, iv, out, in, inlen, (block128_f)AES_decrypt); return CRYPTO_128_unwrap(key, iv, out, in, inlen,
} (block128_f) AES_decrypt);
}

106
crypto/arm_arch.h
View File

@ -1,74 +1,74 @@
#ifndef __ARM_ARCH_H__ #ifndef __ARM_ARCH_H__
#define __ARM_ARCH_H__ # define __ARM_ARCH_H__
#if !defined(__ARM_ARCH__) # if !defined(__ARM_ARCH__)
# if defined(__CC_ARM) # if defined(__CC_ARM)
# define __ARM_ARCH__ __TARGET_ARCH_ARM # define __ARM_ARCH__ __TARGET_ARCH_ARM
# if defined(__BIG_ENDIAN) # if defined(__BIG_ENDIAN)
# define __ARMEB__
# else
# define __ARMEL__
# endif
# elif defined(__GNUC__)
# if defined(__aarch64__)
# define __ARM_ARCH__ 8
# if __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
# define __ARMEB__ # define __ARMEB__
# else # else
# define __ARMEL__ # define __ARMEL__
# endif # endif
# elif defined(__GNUC__)
# if defined(__aarch64__)
# define __ARM_ARCH__ 8
# if __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
# define __ARMEB__
# else
# define __ARMEL__
# endif
/* /*
* Why doesn't gcc define __ARM_ARCH__? Instead it defines * Why doesn't gcc define __ARM_ARCH__? Instead it defines
* bunch of below macros. See all_architectires[] table in * bunch of below macros. See all_architectires[] table in
* gcc/config/arm/arm.c. On a side note it defines * gcc/config/arm/arm.c. On a side note it defines
* __ARMEL__/__ARMEB__ for little-/big-endian. * __ARMEL__/__ARMEB__ for little-/big-endian.
*/ */
# elif defined(__ARM_ARCH) # elif defined(__ARM_ARCH)
# define __ARM_ARCH__ __ARM_ARCH # define __ARM_ARCH__ __ARM_ARCH
# elif defined(__ARM_ARCH_8A__) # elif defined(__ARM_ARCH_8A__)
# define __ARM_ARCH__ 8 # define __ARM_ARCH__ 8
# elif defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__) || \ # elif defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__) || \
defined(__ARM_ARCH_7R__)|| defined(__ARM_ARCH_7M__) || \ defined(__ARM_ARCH_7R__)|| defined(__ARM_ARCH_7M__) || \
defined(__ARM_ARCH_7EM__) defined(__ARM_ARCH_7EM__)
# define __ARM_ARCH__ 7 # define __ARM_ARCH__ 7
# elif defined(__ARM_ARCH_6__) || defined(__ARM_ARCH_6J__) || \ # elif defined(__ARM_ARCH_6__) || defined(__ARM_ARCH_6J__) || \
defined(__ARM_ARCH_6K__)|| defined(__ARM_ARCH_6M__) || \ defined(__ARM_ARCH_6K__)|| defined(__ARM_ARCH_6M__) || \
defined(__ARM_ARCH_6Z__)|| defined(__ARM_ARCH_6ZK__) || \ defined(__ARM_ARCH_6Z__)|| defined(__ARM_ARCH_6ZK__) || \
defined(__ARM_ARCH_6T2__) defined(__ARM_ARCH_6T2__)
# define __ARM_ARCH__ 6 # define __ARM_ARCH__ 6
# elif defined(__ARM_ARCH_5__) || defined(__ARM_ARCH_5T__) || \ # elif defined(__ARM_ARCH_5__) || defined(__ARM_ARCH_5T__) || \
defined(__ARM_ARCH_5E__)|| defined(__ARM_ARCH_5TE__) || \ defined(__ARM_ARCH_5E__)|| defined(__ARM_ARCH_5TE__) || \
defined(__ARM_ARCH_5TEJ__) defined(__ARM_ARCH_5TEJ__)
# define __ARM_ARCH__ 5 # define __ARM_ARCH__ 5
# elif defined(__ARM_ARCH_4__) || defined(__ARM_ARCH_4T__) # elif defined(__ARM_ARCH_4__) || defined(__ARM_ARCH_4T__)
# define __ARM_ARCH__ 4 # define __ARM_ARCH__ 4
# else # else
# error "unsupported ARM architecture" # error "unsupported ARM architecture"
# endif
# endif # endif
# endif # endif
#endif
#if !defined(__ARM_MAX_ARCH__) # if !defined(__ARM_MAX_ARCH__)
# define __ARM_MAX_ARCH__ __ARM_ARCH__ # define __ARM_MAX_ARCH__ __ARM_ARCH__
#endif
#if __ARM_MAX_ARCH__<__ARM_ARCH__
# error "__ARM_MAX_ARCH__ can't be less than __ARM_ARCH__"
#elif __ARM_MAX_ARCH__!=__ARM_ARCH__
# if __ARM_ARCH__<7 && __ARM_MAX_ARCH__>=7 && defined(__ARMEB__)
# error "can't build universal big-endian binary"
# endif # endif
#endif
#if !__ASSEMBLER__ # if __ARM_MAX_ARCH__<__ARM_ARCH__
# error "__ARM_MAX_ARCH__ can't be less than __ARM_ARCH__"
# elif __ARM_MAX_ARCH__!=__ARM_ARCH__
# if __ARM_ARCH__<7 && __ARM_MAX_ARCH__>=7 && defined(__ARMEB__)
# error "can't build universal big-endian binary"
# endif
# endif
# if !__ASSEMBLER__
extern unsigned int OPENSSL_armcap_P; extern unsigned int OPENSSL_armcap_P;
#endif # endif
#define ARMV7_NEON (1<<0) # define ARMV7_NEON (1<<0)
#define ARMV7_TICK (1<<1) # define ARMV7_TICK (1<<1)
#define ARMV8_AES (1<<2) # define ARMV8_AES (1<<2)
#define ARMV8_SHA1 (1<<3) # define ARMV8_SHA1 (1<<3)
#define ARMV8_SHA256 (1<<4) # define ARMV8_SHA256 (1<<4)
#define ARMV8_PMULL (1<<5) # define ARMV8_PMULL (1<<5)
#endif #endif

214
crypto/armcap.c
View File

@ -7,16 +7,25 @@
#include "arm_arch.h" #include "arm_arch.h"
unsigned int OPENSSL_armcap_P=0; unsigned int OPENSSL_armcap_P = 0;
#if __ARM_MAX_ARCH__<7 #if __ARM_MAX_ARCH__<7
void OPENSSL_cpuid_setup(void) {} void OPENSSL_cpuid_setup(void)
unsigned long OPENSSL_rdtsc(void) { return 0; } {
}
unsigned long OPENSSL_rdtsc(void)
{
return 0;
}
#else #else
static sigset_t all_masked; static sigset_t all_masked;
static sigjmp_buf ill_jmp; static sigjmp_buf ill_jmp;
static void ill_handler (int sig) { siglongjmp(ill_jmp,sig); } static void ill_handler(int sig)
{
siglongjmp(ill_jmp, sig);
}
/* /*
* Following subroutines could have been inlined, but it's not all * Following subroutines could have been inlined, but it's not all
@ -30,133 +39,126 @@ void _armv8_pmull_probe(void);
unsigned long _armv7_tick(void); unsigned long _armv7_tick(void);
unsigned long OPENSSL_rdtsc(void) unsigned long OPENSSL_rdtsc(void)
{ {
if (OPENSSL_armcap_P & ARMV7_TICK) if (OPENSSL_armcap_P & ARMV7_TICK)
return _armv7_tick(); return _armv7_tick();
else else
return 0; return 0;
} }
/* /*
* Use a weak reference to getauxval() so we can use it if it is available but * Use a weak reference to getauxval() so we can use it if it is available but
* don't break the build if it is not. * don't break the build if it is not.
*/ */
#if defined(__GNUC__) && __GNUC__>=2 # if defined(__GNUC__) && __GNUC__>=2
void OPENSSL_cpuid_setup(void) __attribute__((constructor)); void OPENSSL_cpuid_setup(void) __attribute__ ((constructor));
extern unsigned long getauxval(unsigned long type) __attribute__((weak)); extern unsigned long getauxval(unsigned long type) __attribute__ ((weak));
#else # else
static unsigned long (*getauxval)(unsigned long) = NULL; static unsigned long (*getauxval) (unsigned long) = NULL;
#endif # endif
/* /*
* ARM puts the the feature bits for Crypto Extensions in AT_HWCAP2, whereas * ARM puts the the feature bits for Crypto Extensions in AT_HWCAP2, whereas
* AArch64 used AT_HWCAP. * AArch64 used AT_HWCAP.
*/ */
#if defined(__arm__) || defined (__arm) # if defined(__arm__) || defined (__arm)
# define HWCAP 16 /* AT_HWCAP */ # define HWCAP 16
# define HWCAP_NEON (1 << 12) /* AT_HWCAP */
# define HWCAP_NEON (1 << 12)
# define HWCAP_CE 26 /* AT_HWCAP2 */ # define HWCAP_CE 26
# define HWCAP_CE_AES (1 << 0) /* AT_HWCAP2 */
# define HWCAP_CE_PMULL (1 << 1) # define HWCAP_CE_AES (1 << 0)
# define HWCAP_CE_SHA1 (1 << 2) # define HWCAP_CE_PMULL (1 << 1)
# define HWCAP_CE_SHA256 (1 << 3) # define HWCAP_CE_SHA1 (1 << 2)
#elif defined(__aarch64__) # define HWCAP_CE_SHA256 (1 << 3)
# define HWCAP 16 /* AT_HWCAP */ # elif defined(__aarch64__)
# define HWCAP_NEON (1 << 1) # define HWCAP 16
/* AT_HWCAP */
# define HWCAP_NEON (1 << 1)
# define HWCAP_CE HWCAP # define HWCAP_CE HWCAP
# define HWCAP_CE_AES (1 << 3) # define HWCAP_CE_AES (1 << 3)
# define HWCAP_CE_PMULL (1 << 4) # define HWCAP_CE_PMULL (1 << 4)
# define HWCAP_CE_SHA1 (1 << 5) # define HWCAP_CE_SHA1 (1 << 5)
# define HWCAP_CE_SHA256 (1 << 6) # define HWCAP_CE_SHA256 (1 << 6)
#endif # endif
void OPENSSL_cpuid_setup(void) void OPENSSL_cpuid_setup(void)
{ {
char *e; char *e;
struct sigaction ill_oact,ill_act; struct sigaction ill_oact, ill_act;
sigset_t oset; sigset_t oset;
static int trigger=0; static int trigger = 0;
if (trigger) return; if (trigger)
trigger=1; return;
trigger = 1;
if ((e=getenv("OPENSSL_armcap"))) if ((e = getenv("OPENSSL_armcap"))) {
{ OPENSSL_armcap_P = (unsigned int)strtoul(e, NULL, 0);
OPENSSL_armcap_P=(unsigned int)strtoul(e,NULL,0); return;
return; }
}
sigfillset(&all_masked); sigfillset(&all_masked);
sigdelset(&all_masked,SIGILL); sigdelset(&all_masked, SIGILL);
sigdelset(&all_masked,SIGTRAP); sigdelset(&all_masked, SIGTRAP);
sigdelset(&all_masked,SIGFPE); sigdelset(&all_masked, SIGFPE);
sigdelset(&all_masked,SIGBUS); sigdelset(&all_masked, SIGBUS);
sigdelset(&all_masked,SIGSEGV); sigdelset(&all_masked, SIGSEGV);
OPENSSL_armcap_P = 0; OPENSSL_armcap_P = 0;
memset(&ill_act,0,sizeof(ill_act)); memset(&ill_act, 0, sizeof(ill_act));
ill_act.sa_handler = ill_handler; ill_act.sa_handler = ill_handler;
ill_act.sa_mask = all_masked; ill_act.sa_mask = all_masked;
sigprocmask(SIG_SETMASK,&ill_act.sa_mask,&oset); sigprocmask(SIG_SETMASK, &ill_act.sa_mask, &oset);
sigaction(SIGILL,&ill_act,&ill_oact); sigaction(SIGILL, &ill_act, &ill_oact);
if (getauxval != NULL) if (getauxval != NULL) {
{ if (getauxval(HWCAP) & HWCAP_NEON) {
if (getauxval(HWCAP) & HWCAP_NEON) unsigned long hwcap = getauxval(HWCAP_CE);
{
unsigned long hwcap = getauxval(HWCAP_CE);
OPENSSL_armcap_P |= ARMV7_NEON; OPENSSL_armcap_P |= ARMV7_NEON;
if (hwcap & HWCAP_CE_AES) if (hwcap & HWCAP_CE_AES)
OPENSSL_armcap_P |= ARMV8_AES; OPENSSL_armcap_P |= ARMV8_AES;
if (hwcap & HWCAP_CE_PMULL) if (hwcap & HWCAP_CE_PMULL)
OPENSSL_armcap_P |= ARMV8_PMULL; OPENSSL_armcap_P |= ARMV8_PMULL;
if (hwcap & HWCAP_CE_SHA1) if (hwcap & HWCAP_CE_SHA1)
OPENSSL_armcap_P |= ARMV8_SHA1; OPENSSL_armcap_P |= ARMV8_SHA1;
if (hwcap & HWCAP_CE_SHA256) if (hwcap & HWCAP_CE_SHA256)
OPENSSL_armcap_P |= ARMV8_SHA256; OPENSSL_armcap_P |= ARMV8_SHA256;
} }
} } else if (sigsetjmp(ill_jmp, 1) == 0) {
else if (sigsetjmp(ill_jmp,1) == 0) _armv7_neon_probe();
{ OPENSSL_armcap_P |= ARMV7_NEON;
_armv7_neon_probe(); if (sigsetjmp(ill_jmp, 1) == 0) {
OPENSSL_armcap_P |= ARMV7_NEON; _armv8_pmull_probe();
if (sigsetjmp(ill_jmp,1) == 0) OPENSSL_armcap_P |= ARMV8_PMULL | ARMV8_AES;
{ } else if (sigsetjmp(ill_jmp, 1) == 0) {
_armv8_pmull_probe(); _armv8_aes_probe();
OPENSSL_armcap_P |= ARMV8_PMULL|ARMV8_AES; OPENSSL_armcap_P |= ARMV8_AES;
} }
else if (sigsetjmp(ill_jmp,1) == 0) if (sigsetjmp(ill_jmp, 1) == 0) {
{ _armv8_sha1_probe();
_armv8_aes_probe(); OPENSSL_armcap_P |= ARMV8_SHA1;
OPENSSL_armcap_P |= ARMV8_AES; }
} if (sigsetjmp(ill_jmp, 1) == 0) {
if (sigsetjmp(ill_jmp,1) == 0) _armv8_sha256_probe();
{ OPENSSL_armcap_P |= ARMV8_SHA256;
_armv8_sha1_probe(); }
OPENSSL_armcap_P |= ARMV8_SHA1; }
} if (sigsetjmp(ill_jmp, 1) == 0) {
if (sigsetjmp(ill_jmp,1) == 0) _armv7_tick();
{ OPENSSL_armcap_P |= ARMV7_TICK;
_armv8_sha256_probe(); }
OPENSSL_armcap_P |= ARMV8_SHA256;
}
}
if (sigsetjmp(ill_jmp,1) == 0)
{
_armv7_tick();
OPENSSL_armcap_P |= ARMV7_TICK;
}
sigaction (SIGILL,&ill_oact,NULL); sigaction(SIGILL, &ill_oact, NULL);
sigprocmask(SIG_SETMASK,&oset,NULL); sigprocmask(SIG_SETMASK, &oset, NULL);
} }
#endif #endif

321
crypto/asn1/a_bitstr.c
View File

@ -61,172 +61,179 @@
#include <openssl/asn1.h> #include <openssl/asn1.h>
int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len) int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
{ return M_ASN1_BIT_STRING_set(x, d, len); } {
return M_ASN1_BIT_STRING_set(x, d, len);
}
int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp) int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
{ {
int ret,j,bits,len; int ret, j, bits, len;
unsigned char *p,*d; unsigned char *p, *d;
if (a == NULL) return(0); if (a == NULL)
return (0);
len=a->length; len = a->length;
if (len > 0) if (len > 0) {
{ if (a->flags & ASN1_STRING_FLAG_BITS_LEFT) {
if (a->flags & ASN1_STRING_FLAG_BITS_LEFT) bits = (int)a->flags & 0x07;
{ } else {
bits=(int)a->flags&0x07; for (; len > 0; len--) {
} if (a->data[len - 1])
else break;
{ }
for ( ; len > 0; len--) j = a->data[len - 1];
{ if (j & 0x01)
if (a->data[len-1]) break; bits = 0;
} else if (j & 0x02)
j=a->data[len-1]; bits = 1;
if (j & 0x01) bits=0; else if (j & 0x04)
else if (j & 0x02) bits=1; bits = 2;
else if (j & 0x04) bits=2; else if (j & 0x08)
else if (j & 0x08) bits=3; bits = 3;
else if (j & 0x10) bits=4; else if (j & 0x10)
else if (j & 0x20) bits=5; bits = 4;
else if (j & 0x40) bits=6; else if (j & 0x20)
else if (j & 0x80) bits=7; bits = 5;
else bits=0; /* should not happen */ else if (j & 0x40)
} bits = 6;
} else if (j & 0x80)
else bits = 7;
bits=0; else
bits = 0; /* should not happen */
}
} else
bits = 0;
ret=1+len; ret = 1 + len;
if (pp == NULL) return(ret); if (pp == NULL)
return (ret);
p= *pp; p = *pp;
*(p++)=(unsigned char)bits; *(p++) = (unsigned char)bits;
d=a->data; d = a->data;
memcpy(p,d,len); memcpy(p, d, len);
p+=len; p += len;
if (len > 0) p[-1]&=(0xff<<bits); if (len > 0)
*pp=p; p[-1] &= (0xff << bits);
return(ret); *pp = p;
} return (ret);
}
ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
const unsigned char **pp, long len) const unsigned char **pp, long len)
{ {
ASN1_BIT_STRING *ret=NULL; ASN1_BIT_STRING *ret = NULL;
const unsigned char *p; const unsigned char *p;
unsigned char *s; unsigned char *s;
int i; int i;
if (len < 1) if (len < 1) {
{ i = ASN1_R_STRING_TOO_SHORT;
i=ASN1_R_STRING_TOO_SHORT; goto err;
goto err; }
}
if ((a == NULL) || ((*a) == NULL)) if ((a == NULL) || ((*a) == NULL)) {
{ if ((ret = M_ASN1_BIT_STRING_new()) == NULL)
if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL); return (NULL);
} } else
else ret = (*a);
ret=(*a);
p= *pp; p = *pp;
i= *(p++); i = *(p++);
if (i > 7) if (i > 7) {
{ i = ASN1_R_INVALID_BIT_STRING_BITS_LEFT;
i=ASN1_R_INVALID_BIT_STRING_BITS_LEFT; goto err;
goto err; }
} /*
/* We do this to preserve the settings. If we modify * We do this to preserve the settings. If we modify the settings, via
* the settings, via the _set_bit function, we will recalculate * the _set_bit function, we will recalculate on output
* on output */ */
ret->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear */ ret->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear */
ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|i); /* set */ ret->flags |= (ASN1_STRING_FLAG_BITS_LEFT | i); /* set */
if (len-- > 1) /* using one because of the bits left byte */ if (len-- > 1) { /* using one because of the bits left byte */
{ s = (unsigned char *)OPENSSL_malloc((int)len);
s=(unsigned char *)OPENSSL_malloc((int)len); if (s == NULL) {
if (s == NULL) i = ERR_R_MALLOC_FAILURE;
{ goto err;
i=ERR_R_MALLOC_FAILURE; }
goto err; memcpy(s, p, (int)len);
} s[len - 1] &= (0xff << i);
memcpy(s,p,(int)len); p += len;
s[len-1]&=(0xff<<i); } else
p+=len; s = NULL;
}
else
s=NULL;
ret->length=(int)len; ret->length = (int)len;
if (ret->data != NULL) OPENSSL_free(ret->data); if (ret->data != NULL)
ret->data=s; OPENSSL_free(ret->data);
ret->type=V_ASN1_BIT_STRING; ret->data = s;
if (a != NULL) (*a)=ret; ret->type = V_ASN1_BIT_STRING;
*pp=p; if (a != NULL)
return(ret); (*a) = ret;
err: *pp = p;
ASN1err(ASN1_F_C2I_ASN1_BIT_STRING,i); return (ret);
if ((ret != NULL) && ((a == NULL) || (*a != ret))) err:
M_ASN1_BIT_STRING_free(ret); ASN1err(ASN1_F_C2I_ASN1_BIT_STRING, i);
return(NULL); if ((ret != NULL) && ((a == NULL) || (*a != ret)))
} M_ASN1_BIT_STRING_free(ret);
return (NULL);
}
/* These next 2 functions from Goetz Babin-Ebell <babinebell@trustcenter.de> /*
* These next 2 functions from Goetz Babin-Ebell <babinebell@trustcenter.de>
*/ */
int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value) int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
{ {
int w,v,iv; int w, v, iv;
unsigned char *c; unsigned char *c;
w=n/8; w = n / 8;
v=1<<(7-(n&0x07)); v = 1 << (7 - (n & 0x07));
iv= ~v; iv = ~v;
if (!value) v=0; if (!value)
v = 0;
if (a == NULL) if (a == NULL)
return 0; return 0;
a->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear, set on write */ a->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear, set on write */
if ((a->length < (w+1)) || (a->data == NULL)) if ((a->length < (w + 1)) || (a->data == NULL)) {
{ if (!value)
if (!value) return(1); /* Don't need to set */ return (1); /* Don't need to set */
if (a->data == NULL) if (a->data == NULL)
c=(unsigned char *)OPENSSL_malloc(w+1); c = (unsigned char *)OPENSSL_malloc(w + 1);
else else
c=(unsigned char *)OPENSSL_realloc_clean(a->data, c = (unsigned char *)OPENSSL_realloc_clean(a->data,
a->length, a->length, w + 1);
w+1); if (c == NULL) {
if (c == NULL) ASN1err(ASN1_F_ASN1_BIT_STRING_SET_BIT, ERR_R_MALLOC_FAILURE);
{ return 0;
ASN1err(ASN1_F_ASN1_BIT_STRING_SET_BIT,ERR_R_MALLOC_FAILURE); }
return 0; if (w + 1 - a->length > 0)
} memset(c + a->length, 0, w + 1 - a->length);
if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length); a->data = c;
a->data=c; a->length = w + 1;
a->length=w+1; }
} a->data[w] = ((a->data[w]) & iv) | v;
a->data[w]=((a->data[w])&iv)|v; while ((a->length > 0) && (a->data[a->length - 1] == 0))
while ((a->length > 0) && (a->data[a->length-1] == 0)) a->length--;
a->length--; return (1);
return(1); }
}
int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n) int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n)
{ {
int w,v; int w, v;
w=n/8; w = n / 8;
v=1<<(7-(n&0x07)); v = 1 << (7 - (n & 0x07));
if ((a == NULL) || (a->length < (w+1)) || (a->data == NULL)) if ((a == NULL) || (a->length < (w + 1)) || (a->data == NULL))
return(0); return (0);
return((a->data[w]&v) != 0); return ((a->data[w] & v) != 0);
} }
/* /*
* Checks if the given bit string contains only bits specified by * Checks if the given bit string contains only bits specified by
@ -235,19 +242,21 @@ int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n)
* 'len' is the length of 'flags'. * 'len' is the length of 'flags'.
*/ */
int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a, int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a,
const unsigned char *flags, int flags_len) const unsigned char *flags, int flags_len)
{ {
int i, ok; int i, ok;
/* Check if there is one bit set at all. */ /* Check if there is one bit set at all. */
if (!a || !a->data) return 1; if (!a || !a->data)
return 1;
/* Check each byte of the internal representation of the bit string. */ /*
ok = 1; * Check each byte of the internal representation of the bit string.
for (i = 0; i < a->length && ok; ++i) */
{ ok = 1;
unsigned char mask = i < flags_len ? ~flags[i] : 0xff; for (i = 0; i < a->length && ok; ++i) {
/* We are done if there is an unneeded bit set. */ unsigned char mask = i < flags_len ? ~flags[i] : 0xff;
ok = (a->data[i] & mask) == 0; /* We are done if there is an unneeded bit set. */
} ok = (a->data[i] & mask) == 0;
return ok; }
} return ok;
}

85
crypto/asn1/a_bool.c
View File

@ -61,54 +61,51 @@
#include <openssl/asn1t.h> #include <openssl/asn1t.h>
int i2d_ASN1_BOOLEAN(int a, unsigned char **pp) int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
{ {
int r; int r;
unsigned char *p; unsigned char *p;
r=ASN1_object_size(0,1,V_ASN1_BOOLEAN); r = ASN1_object_size(0, 1, V_ASN1_BOOLEAN);
if (pp == NULL) return(r); if (pp == NULL)
p= *pp; return (r);
p = *pp;
ASN1_put_object(&p,0,1,V_ASN1_BOOLEAN,V_ASN1_UNIVERSAL); ASN1_put_object(&p, 0, 1, V_ASN1_BOOLEAN, V_ASN1_UNIVERSAL);
*(p++)= (unsigned char)a; *(p++) = (unsigned char)a;
*pp=p; *pp = p;
return(r); return (r);
} }
int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length) int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length)
{ {
int ret= -1; int ret = -1;
const unsigned char *p; const unsigned char *p;
long len; long len;
int inf,tag,xclass; int inf, tag, xclass;
int i=0; int i = 0;
p= *pp; p = *pp;
inf=ASN1_get_object(&p,&len,&tag,&xclass,length); inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
if (inf & 0x80) if (inf & 0x80) {
{ i = ASN1_R_BAD_OBJECT_HEADER;
i=ASN1_R_BAD_OBJECT_HEADER; goto err;
goto err; }
}
if (tag != V_ASN1_BOOLEAN)
{
i=ASN1_R_EXPECTING_A_BOOLEAN;
goto err;
}
if (len != 1)
{
i=ASN1_R_BOOLEAN_IS_WRONG_LENGTH;
goto err;
}
ret= (int)*(p++);
if (a != NULL) (*a)=ret;
*pp=p;
return(ret);
err:
ASN1err(ASN1_F_D2I_ASN1_BOOLEAN,i);
return(ret);
}
if (tag != V_ASN1_BOOLEAN) {
i = ASN1_R_EXPECTING_A_BOOLEAN;
goto err;
}
if (len != 1) {
i = ASN1_R_BOOLEAN_IS_WRONG_LENGTH;
goto err;
}
ret = (int)*(p++);
if (a != NULL)
(*a) = ret;
*pp = p;
return (ret);
err:
ASN1err(ASN1_F_D2I_ASN1_BOOLEAN, i);
return (ret);
}

430
crypto/asn1/a_bytes.c
View File

@ -61,254 +61,246 @@
#include <openssl/asn1.h> #include <openssl/asn1.h>
static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c); static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c);
/* type is a 'bitmap' of acceptable string types. /*
* type is a 'bitmap' of acceptable string types.
*/ */
ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp, ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp,
long length, int type) long length, int type)
{ {
ASN1_STRING *ret=NULL; ASN1_STRING *ret = NULL;
const unsigned char *p; const unsigned char *p;
unsigned char *s; unsigned char *s;
long len; long len;
int inf,tag,xclass; int inf, tag, xclass;
int i=0; int i = 0;
p= *pp; p = *pp;
inf=ASN1_get_object(&p,&len,&tag,&xclass,length); inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
if (inf & 0x80) goto err; if (inf & 0x80)
goto err;
if (tag >= 32) if (tag >= 32) {
{ i = ASN1_R_TAG_VALUE_TOO_HIGH;
i=ASN1_R_TAG_VALUE_TOO_HIGH; goto err;
goto err; }
} if (!(ASN1_tag2bit(tag) & type)) {
if (!(ASN1_tag2bit(tag) & type)) i = ASN1_R_WRONG_TYPE;
{ goto err;
i=ASN1_R_WRONG_TYPE; }
goto err;
}
/* If a bit-string, exit early */ /* If a bit-string, exit early */
if (tag == V_ASN1_BIT_STRING) if (tag == V_ASN1_BIT_STRING)
return(d2i_ASN1_BIT_STRING(a,pp,length)); return (d2i_ASN1_BIT_STRING(a, pp, length));
if ((a == NULL) || ((*a) == NULL)) if ((a == NULL) || ((*a) == NULL)) {
{ if ((ret = ASN1_STRING_new()) == NULL)
if ((ret=ASN1_STRING_new()) == NULL) return(NULL); return (NULL);
} } else
else ret = (*a);
ret=(*a);
if (len != 0) if (len != 0) {
{ s = (unsigned char *)OPENSSL_malloc((int)len + 1);
s=(unsigned char *)OPENSSL_malloc((int)len+1); if (s == NULL) {
if (s == NULL) i = ERR_R_MALLOC_FAILURE;
{ goto err;
i=ERR_R_MALLOC_FAILURE; }
goto err; memcpy(s, p, (int)len);
} s[len] = '\0';
memcpy(s,p,(int)len); p += len;
s[len]='\0'; } else
p+=len; s = NULL;
}
else
s=NULL;
if (ret->data != NULL) OPENSSL_free(ret->data); if (ret->data != NULL)
ret->length=(int)len; OPENSSL_free(ret->data);
ret->data=s; ret->length = (int)len;
ret->type=tag; ret->data = s;
if (a != NULL) (*a)=ret; ret->type = tag;
*pp=p; if (a != NULL)
return(ret); (*a) = ret;
err: *pp = p;
ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES,i); return (ret);
if ((ret != NULL) && ((a == NULL) || (*a != ret))) err:
ASN1_STRING_free(ret); ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES, i);
return(NULL); if ((ret != NULL) && ((a == NULL) || (*a != ret)))
} ASN1_STRING_free(ret);
return (NULL);
}
int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass) int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass)
{ {
int ret,r,constructed; int ret, r, constructed;
unsigned char *p; unsigned char *p;
if (a == NULL) return(0); if (a == NULL)
return (0);
if (tag == V_ASN1_BIT_STRING) if (tag == V_ASN1_BIT_STRING)
return(i2d_ASN1_BIT_STRING(a,pp)); return (i2d_ASN1_BIT_STRING(a, pp));
ret=a->length; ret = a->length;
r=ASN1_object_size(0,ret,tag); r = ASN1_object_size(0, ret, tag);
if (pp == NULL) return(r); if (pp == NULL)
p= *pp; return (r);
p = *pp;
if ((tag == V_ASN1_SEQUENCE) || (tag == V_ASN1_SET)) if ((tag == V_ASN1_SEQUENCE) || (tag == V_ASN1_SET))
constructed=1; constructed = 1;
else else
constructed=0; constructed = 0;
ASN1_put_object(&p,constructed,ret,tag,xclass); ASN1_put_object(&p, constructed, ret, tag, xclass);
memcpy(p,a->data,a->length); memcpy(p, a->data, a->length);
p+=a->length; p += a->length;
*pp= p; *pp = p;
return(r); return (r);
} }
ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp, ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
long length, int Ptag, int Pclass) long length, int Ptag, int Pclass)
{ {
ASN1_STRING *ret=NULL; ASN1_STRING *ret = NULL;
const unsigned char *p; const unsigned char *p;
unsigned char *s; unsigned char *s;
long len; long len;
int inf,tag,xclass; int inf, tag, xclass;
int i=0; int i = 0;
if ((a == NULL) || ((*a) == NULL)) if ((a == NULL) || ((*a) == NULL)) {
{ if ((ret = ASN1_STRING_new()) == NULL)
if ((ret=ASN1_STRING_new()) == NULL) return(NULL); return (NULL);
} } else
else ret = (*a);
ret=(*a);
p= *pp; p = *pp;
inf=ASN1_get_object(&p,&len,&tag,&xclass,length); inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
if (inf & 0x80) if (inf & 0x80) {
{ i = ASN1_R_BAD_OBJECT_HEADER;
i=ASN1_R_BAD_OBJECT_HEADER; goto err;
goto err; }
}
if (tag != Ptag) if (tag != Ptag) {
{ i = ASN1_R_WRONG_TAG;
i=ASN1_R_WRONG_TAG; goto err;
goto err; }
}
if (inf & V_ASN1_CONSTRUCTED) if (inf & V_ASN1_CONSTRUCTED) {
{ ASN1_const_CTX c;
ASN1_const_CTX c;
c.pp=pp; c.pp = pp;
c.p=p; c.p = p;
c.inf=inf; c.inf = inf;
c.slen=len; c.slen = len;
c.tag=Ptag; c.tag = Ptag;
c.xclass=Pclass; c.xclass = Pclass;
c.max=(length == 0)?0:(p+length); c.max = (length == 0) ? 0 : (p + length);
if (!asn1_collate_primitive(ret,&c)) if (!asn1_collate_primitive(ret, &c))
goto err; goto err;
else else {
{ p = c.p;
p=c.p; }
} } else {
} if (len != 0) {
else if ((ret->length < len) || (ret->data == NULL)) {
{ if (ret->data != NULL)
if (len != 0) OPENSSL_free(ret->data);
{ s = (unsigned char *)OPENSSL_malloc((int)len + 1);
if ((ret->length < len) || (ret->data == NULL)) if (s == NULL) {
{ i = ERR_R_MALLOC_FAILURE;
if (ret->data != NULL) OPENSSL_free(ret->data); goto err;
s=(unsigned char *)OPENSSL_malloc((int)len + 1); }
if (s == NULL) } else
{ s = ret->data;
i=ERR_R_MALLOC_FAILURE; memcpy(s, p, (int)len);
goto err; s[len] = '\0';
} p += len;
} } else {
else s = NULL;
s=ret->data; if (ret->data != NULL)
memcpy(s,p,(int)len); OPENSSL_free(ret->data);
s[len] = '\0'; }
p+=len;
}
else
{
s=NULL;
if (ret->data != NULL) OPENSSL_free(ret->data);
}
ret->length=(int)len; ret->length = (int)len;
ret->data=s; ret->data = s;
ret->type=Ptag; ret->type = Ptag;
} }
if (a != NULL) (*a)=ret; if (a != NULL)
*pp=p; (*a) = ret;
return(ret); *pp = p;
err: return (ret);
if ((ret != NULL) && ((a == NULL) || (*a != ret))) err:
ASN1_STRING_free(ret); if ((ret != NULL) && ((a == NULL) || (*a != ret)))
ASN1err(ASN1_F_D2I_ASN1_BYTES,i); ASN1_STRING_free(ret);
return(NULL); ASN1err(ASN1_F_D2I_ASN1_BYTES, i);
} return (NULL);
}
/*
/* We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapse * We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapse them
* them into the one structure that is then returned */ * into the one structure that is then returned
/* There have been a few bug fixes for this function from */
* Paul Keogh <paul.keogh@sse.ie>, many thanks to him */ /*
* There have been a few bug fixes for this function from Paul Keogh
* <paul.keogh@sse.ie>, many thanks to him
*/
static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c) static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c)
{ {
ASN1_STRING *os=NULL; ASN1_STRING *os = NULL;
BUF_MEM b; BUF_MEM b;
int num; int num;
b.length=0; b.length = 0;
b.max=0; b.max = 0;
b.data=NULL; b.data = NULL;
if (a == NULL) if (a == NULL) {
{ c->error = ERR_R_PASSED_NULL_PARAMETER;
c->error=ERR_R_PASSED_NULL_PARAMETER; goto err;
goto err; }
}
num=0; num = 0;
for (;;) for (;;) {
{ if (c->inf & 1) {
if (c->inf & 1) c->eos = ASN1_const_check_infinite_end(&c->p,
{ (long)(c->max - c->p));
c->eos=ASN1_const_check_infinite_end(&c->p, if (c->eos)
(long)(c->max-c->p)); break;
if (c->eos) break; } else {
} if (c->slen <= 0)
else break;
{ }
if (c->slen <= 0) break;
}
c->q=c->p; c->q = c->p;
if (d2i_ASN1_bytes(&os,&c->p,c->max-c->p,c->tag,c->xclass) if (d2i_ASN1_bytes(&os, &c->p, c->max - c->p, c->tag, c->xclass)
== NULL) == NULL) {
{ c->error = ERR_R_ASN1_LIB;
c->error=ERR_R_ASN1_LIB; goto err;
goto err; }
}
if (!BUF_MEM_grow_clean(&b,num+os->length)) if (!BUF_MEM_grow_clean(&b, num + os->length)) {
{ c->error = ERR_R_BUF_LIB;
c->error=ERR_R_BUF_LIB; goto err;
goto err; }
} memcpy(&(b.data[num]), os->data, os->length);
memcpy(&(b.data[num]),os->data,os->length); if (!(c->inf & 1))
if (!(c->inf & 1)) c->slen -= (c->p - c->q);
c->slen-=(c->p-c->q); num += os->length;
num+=os->length; }
}
if (!asn1_const_Finish(c)) goto err; if (!asn1_const_Finish(c))
goto err;
a->length=num;
if (a->data != NULL) OPENSSL_free(a->data);
a->data=(unsigned char *)b.data;
if (os != NULL) ASN1_STRING_free(os);
return(1);
err:
ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE,c->error);
if (os != NULL) ASN1_STRING_free(os);
if (b.data != NULL) OPENSSL_free(b.data);
return(0);
}
a->length = num;
if (a->data != NULL)
OPENSSL_free(a->data);
a->data = (unsigned char *)b.data;
if (os != NULL)
ASN1_STRING_free(os);
return (1);
err:
ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE, c->error);
if (os != NULL)
ASN1_STRING_free(os);
if (b.data != NULL)
OPENSSL_free(b.data);
return (0);
}

366
crypto/asn1/a_d2i_fp.c
View File

@ -65,222 +65,204 @@
static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb); static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);
#ifndef NO_OLD_ASN1 #ifndef NO_OLD_ASN1
#ifndef OPENSSL_NO_STDIO # ifndef OPENSSL_NO_STDIO
void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x) void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x)
{ {
BIO *b; BIO *b;
void *ret; void *ret;
if ((b=BIO_new(BIO_s_file())) == NULL) if ((b = BIO_new(BIO_s_file())) == NULL) {
{ ASN1err(ASN1_F_ASN1_D2I_FP, ERR_R_BUF_LIB);
ASN1err(ASN1_F_ASN1_D2I_FP,ERR_R_BUF_LIB); return (NULL);
return(NULL); }
} BIO_set_fp(b, in, BIO_NOCLOSE);
BIO_set_fp(b,in,BIO_NOCLOSE); ret = ASN1_d2i_bio(xnew, d2i, b, x);
ret=ASN1_d2i_bio(xnew,d2i,b,x); BIO_free(b);
BIO_free(b); return (ret);
return(ret); }
} # endif
#endif
void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x) void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x)
{ {
BUF_MEM *b = NULL; BUF_MEM *b = NULL;
const unsigned char *p; const unsigned char *p;
void *ret=NULL; void *ret = NULL;
int len; int len;
len = asn1_d2i_read_bio(in, &b); len = asn1_d2i_read_bio(in, &b);
if(len < 0) goto err; if (len < 0)
goto err;
p=(unsigned char *)b->data; p = (unsigned char *)b->data;
ret=d2i(x,&p,len); ret = d2i(x, &p, len);
err: err:
if (b != NULL) BUF_MEM_free(b); if (b != NULL)
return(ret); BUF_MEM_free(b);
} return (ret);
}
#endif #endif
void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x) void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
{ {
BUF_MEM *b = NULL; BUF_MEM *b = NULL;
const unsigned char *p; const unsigned char *p;
void *ret=NULL; void *ret = NULL;
int len; int len;
len = asn1_d2i_read_bio(in, &b); len = asn1_d2i_read_bio(in, &b);
if(len < 0) goto err; if (len < 0)
goto err;
p=(const unsigned char *)b->data; p = (const unsigned char *)b->data;
ret=ASN1_item_d2i(x,&p,len, it); ret = ASN1_item_d2i(x, &p, len, it);
err: err:
if (b != NULL) BUF_MEM_free(b); if (b != NULL)
return(ret); BUF_MEM_free(b);
} return (ret);
}
#ifndef OPENSSL_NO_STDIO #ifndef OPENSSL_NO_STDIO
void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x) void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
{ {
BIO *b; BIO *b;
char *ret; char *ret;
if ((b=BIO_new(BIO_s_file())) == NULL) if ((b = BIO_new(BIO_s_file())) == NULL) {
{ ASN1err(ASN1_F_ASN1_ITEM_D2I_FP, ERR_R_BUF_LIB);
ASN1err(ASN1_F_ASN1_ITEM_D2I_FP,ERR_R_BUF_LIB); return (NULL);
return(NULL); }
} BIO_set_fp(b, in, BIO_NOCLOSE);
BIO_set_fp(b,in,BIO_NOCLOSE); ret = ASN1_item_d2i_bio(it, b, x);
ret=ASN1_item_d2i_bio(it,b,x); BIO_free(b);
BIO_free(b); return (ret);
return(ret); }
}
#endif #endif
#define HEADER_SIZE 8 #define HEADER_SIZE 8
static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
{ {
BUF_MEM *b; BUF_MEM *b;
unsigned char *p; unsigned char *p;
int i; int i;
ASN1_const_CTX c; ASN1_const_CTX c;
size_t want=HEADER_SIZE; size_t want = HEADER_SIZE;
int eos=0; int eos = 0;
size_t off=0; size_t off = 0;
size_t len=0; size_t len = 0;
b=BUF_MEM_new(); b = BUF_MEM_new();
if (b == NULL) if (b == NULL) {
{ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE); return -1;
return -1; }
}
ERR_clear_error(); ERR_clear_error();
for (;;) for (;;) {
{ if (want >= (len - off)) {
if (want >= (len-off)) want -= (len - off);
{
want-=(len-off);
if (len + want < len || !BUF_MEM_grow_clean(b,len+want)) if (len + want < len || !BUF_MEM_grow_clean(b, len + want)) {
{ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE); goto err;
goto err; }
} i = BIO_read(in, &(b->data[len]), want);
i=BIO_read(in,&(b->data[len]),want); if ((i < 0) && ((len - off) == 0)) {
if ((i < 0) && ((len-off) == 0)) ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_NOT_ENOUGH_DATA);
{ goto err;
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_NOT_ENOUGH_DATA); }
goto err; if (i > 0) {
} if (len + i < len) {
if (i > 0) ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
{ goto err;
if (len+i < len) }
{ len += i;
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG); }
goto err; }
} /* else data already loaded */
len+=i;
}
}
/* else data already loaded */
p=(unsigned char *)&(b->data[off]); p = (unsigned char *)&(b->data[off]);
c.p=p; c.p = p;
c.inf=ASN1_get_object(&(c.p),&(c.slen),&(c.tag),&(c.xclass), c.inf = ASN1_get_object(&(c.p), &(c.slen), &(c.tag), &(c.xclass),
len-off); len - off);
if (c.inf & 0x80) if (c.inf & 0x80) {
{ unsigned long e;
unsigned long e;
e=ERR_GET_REASON(ERR_peek_error()); e = ERR_GET_REASON(ERR_peek_error());
if (e != ASN1_R_TOO_LONG) if (e != ASN1_R_TOO_LONG)
goto err; goto err;
else else
ERR_clear_error(); /* clear error */ ERR_clear_error(); /* clear error */
} }
i=c.p-p;/* header length */ i = c.p - p; /* header length */
off+=i; /* end of data */ off += i; /* end of data */
if (c.inf & 1) if (c.inf & 1) {
{ /* no data body so go round again */
/* no data body so go round again */ eos++;
eos++; if (eos < 0) {
if (eos < 0) ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_HEADER_TOO_LONG);
{ goto err;
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_HEADER_TOO_LONG); }
goto err; want = HEADER_SIZE;
} } else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC)) {
want=HEADER_SIZE; /* eos value, so go back and read another header */
} eos--;
else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC)) if (eos <= 0)
{ break;
/* eos value, so go back and read another header */ else
eos--; want = HEADER_SIZE;
if (eos <= 0) } else {
break; /* suck in c.slen bytes of data */
else want = c.slen;
want=HEADER_SIZE; if (want > (len - off)) {
} want -= (len - off);
else if (want > INT_MAX /* BIO_read takes an int length */ ||
{ len + want < len) {
/* suck in c.slen bytes of data */ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
want=c.slen; goto err;
if (want > (len-off)) }
{ if (!BUF_MEM_grow_clean(b, len + want)) {
want-=(len-off); ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
if (want > INT_MAX /* BIO_read takes an int length */ || goto err;
len+want < len) }
{ while (want > 0) {
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG); i = BIO_read(in, &(b->data[len]), want);
goto err; if (i <= 0) {
} ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
if (!BUF_MEM_grow_clean(b,len+want)) ASN1_R_NOT_ENOUGH_DATA);
{ goto err;
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE); }
goto err; /*
} * This can't overflow because |len+want| didn't
while (want > 0) * overflow.
{ */
i=BIO_read(in,&(b->data[len]),want); len += i;
if (i <= 0) want -= i;
{ }
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, }
ASN1_R_NOT_ENOUGH_DATA); if (off + c.slen < off) {
goto err; ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
} goto err;
/* This can't overflow because }
* |len+want| didn't overflow. */ off += c.slen;
len+=i; if (eos <= 0) {
want-=i; break;
} } else
} want = HEADER_SIZE;
if (off + c.slen < off) }
{ }
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
goto err;
}
off+=c.slen;
if (eos <= 0)
{
break;
}
else
want=HEADER_SIZE;
}
}
if (off > INT_MAX) if (off > INT_MAX) {
{ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG); goto err;
goto err; }
}
*pb = b; *pb = b;
return off; return off;
err: err:
if (b != NULL) BUF_MEM_free(b); if (b != NULL)
return -1; BUF_MEM_free(b);
} return -1;
}

58
crypto/asn1/a_digest.c
View File

@ -73,41 +73,39 @@
#ifndef NO_ASN1_OLD #ifndef NO_ASN1_OLD
int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
unsigned char *md, unsigned int *len) unsigned char *md, unsigned int *len)
{ {
int i; int i;
unsigned char *str,*p; unsigned char *str, *p;
i=i2d(data,NULL); i = i2d(data, NULL);
if ((str=(unsigned char *)OPENSSL_malloc(i)) == NULL) if ((str = (unsigned char *)OPENSSL_malloc(i)) == NULL) {
{ ASN1err(ASN1_F_ASN1_DIGEST, ERR_R_MALLOC_FAILURE);
ASN1err(ASN1_F_ASN1_DIGEST,ERR_R_MALLOC_FAILURE); return (0);
return(0); }
} p = str;
p=str; i2d(data, &p);
i2d(data,&p);
if (!EVP_Digest(str, i, md, len, type, NULL)) if (!EVP_Digest(str, i, md, len, type, NULL))
return 0; return 0;
OPENSSL_free(str); OPENSSL_free(str);
return(1); return (1);
} }
#endif #endif
int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn, int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
unsigned char *md, unsigned int *len) unsigned char *md, unsigned int *len)
{ {
int i; int i;
unsigned char *str = NULL; unsigned char *str = NULL;
i=ASN1_item_i2d(asn,&str, it); i = ASN1_item_i2d(asn, &str, it);
if (!str) return(0); if (!str)
return (0);
if (!EVP_Digest(str, i, md, len, type, NULL))
return 0;
OPENSSL_free(str);
return(1);
}
if (!EVP_Digest(str, i, md, len, type, NULL))
return 0;
OPENSSL_free(str);
return (1);
}

76
crypto/asn1/a_dup.c
View File

@ -63,47 +63,55 @@
#ifndef NO_OLD_ASN1 #ifndef NO_OLD_ASN1
void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x) void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x)
{ {
unsigned char *b,*p; unsigned char *b, *p;
const unsigned char *p2; const unsigned char *p2;
int i; int i;
char *ret; char *ret;
if (x == NULL) return(NULL); if (x == NULL)
return (NULL);
i=i2d(x,NULL); i = i2d(x, NULL);
b=OPENSSL_malloc(i+10); b = OPENSSL_malloc(i + 10);
if (b == NULL) if (b == NULL) {
{ ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); } ASN1err(ASN1_F_ASN1_DUP, ERR_R_MALLOC_FAILURE);
p= b; return (NULL);
i=i2d(x,&p); }
p2= b; p = b;
ret=d2i(NULL,&p2,i); i = i2d(x, &p);
OPENSSL_free(b); p2 = b;
return(ret); ret = d2i(NULL, &p2, i);
} OPENSSL_free(b);
return (ret);
}
#endif #endif
/* ASN1_ITEM version of dup: this follows the model above except we don't need /*
* to allocate the buffer. At some point this could be rewritten to directly dup * ASN1_ITEM version of dup: this follows the model above except we don't
* the underlying structure instead of doing and encode and decode. * need to allocate the buffer. At some point this could be rewritten to
* directly dup the underlying structure instead of doing and encode and
* decode.
*/ */
void *ASN1_item_dup(const ASN1_ITEM *it, void *x) void *ASN1_item_dup(const ASN1_ITEM *it, void *x)
{ {
unsigned char *b = NULL; unsigned char *b = NULL;
const unsigned char *p; const unsigned char *p;
long i; long i;
void *ret; void *ret;
if (x == NULL) return(NULL); if (x == NULL)
return (NULL);
i=ASN1_item_i2d(x,&b,it); i = ASN1_item_i2d(x, &b, it);
if (b == NULL) if (b == NULL) {
{ ASN1err(ASN1_F_ASN1_ITEM_DUP,ERR_R_MALLOC_FAILURE); return(NULL); } ASN1err(ASN1_F_ASN1_ITEM_DUP, ERR_R_MALLOC_FAILURE);
p= b; return (NULL);
ret=ASN1_item_d2i(NULL,&p,i, it); }
OPENSSL_free(b); p = b;
return(ret); ret = ASN1_item_d2i(NULL, &p, i, it);
} OPENSSL_free(b);
return (ret);
}

197
crypto/asn1/a_enum.c
View File

@ -67,116 +67,115 @@
*/ */
int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v) int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
{ {
int j,k; int j, k;
unsigned int i; unsigned int i;
unsigned char buf[sizeof(long)+1]; unsigned char buf[sizeof(long) + 1];
long d; long d;
a->type=V_ASN1_ENUMERATED; a->type = V_ASN1_ENUMERATED;
if (a->length < (int)(sizeof(long)+1)) if (a->length < (int)(sizeof(long) + 1)) {
{ if (a->data != NULL)
if (a->data != NULL) OPENSSL_free(a->data);
OPENSSL_free(a->data); if ((a->data =
if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL) (unsigned char *)OPENSSL_malloc(sizeof(long) + 1)) != NULL)
memset((char *)a->data,0,sizeof(long)+1); memset((char *)a->data, 0, sizeof(long) + 1);
} }
if (a->data == NULL) if (a->data == NULL) {
{ ASN1err(ASN1_F_ASN1_ENUMERATED_SET, ERR_R_MALLOC_FAILURE);
ASN1err(ASN1_F_ASN1_ENUMERATED_SET,ERR_R_MALLOC_FAILURE); return (0);
return(0); }
} d = v;
d=v; if (d < 0) {
if (d < 0) d = -d;
{ a->type = V_ASN1_NEG_ENUMERATED;
d= -d; }
a->type=V_ASN1_NEG_ENUMERATED;
}
for (i=0; i<sizeof(long); i++) for (i = 0; i < sizeof(long); i++) {
{ if (d == 0)
if (d == 0) break; break;
buf[i]=(int)d&0xff; buf[i] = (int)d & 0xff;
d>>=8; d >>= 8;
} }
j=0; j = 0;
for (k=i-1; k >=0; k--) for (k = i - 1; k >= 0; k--)
a->data[j++]=buf[k]; a->data[j++] = buf[k];
a->length=j; a->length = j;
return(1); return (1);
} }
long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a) long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
{ {
int neg=0,i; int neg = 0, i;
long r=0; long r = 0;
if (a == NULL) return(0L); if (a == NULL)
i=a->type; return (0L);
if (i == V_ASN1_NEG_ENUMERATED) i = a->type;
neg=1; if (i == V_ASN1_NEG_ENUMERATED)
else if (i != V_ASN1_ENUMERATED) neg = 1;
return -1; else if (i != V_ASN1_ENUMERATED)
return -1;
if (a->length > (int)sizeof(long)) if (a->length > (int)sizeof(long)) {
{ /* hmm... a bit ugly */
/* hmm... a bit ugly */ return (0xffffffffL);
return(0xffffffffL); }
} if (a->data == NULL)
if (a->data == NULL) return 0;
return 0;
for (i=0; i<a->length; i++) for (i = 0; i < a->length; i++) {
{ r <<= 8;
r<<=8; r |= (unsigned char)a->data[i];
r|=(unsigned char)a->data[i]; }
} if (neg)
if (neg) r= -r; r = -r;
return(r); return (r);
} }
ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai) ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
{ {
ASN1_ENUMERATED *ret; ASN1_ENUMERATED *ret;
int len,j; int len, j;
if (ai == NULL) if (ai == NULL)
ret=M_ASN1_ENUMERATED_new(); ret = M_ASN1_ENUMERATED_new();
else else
ret=ai; ret = ai;
if (ret == NULL) if (ret == NULL) {
{ ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED, ERR_R_NESTED_ASN1_ERROR);
ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_NESTED_ASN1_ERROR); goto err;
goto err; }
} if (BN_is_negative(bn))
if(BN_is_negative(bn)) ret->type = V_ASN1_NEG_ENUMERATED; ret->type = V_ASN1_NEG_ENUMERATED;
else ret->type=V_ASN1_ENUMERATED; else
j=BN_num_bits(bn); ret->type = V_ASN1_ENUMERATED;
len=((j == 0)?0:((j/8)+1)); j = BN_num_bits(bn);
if (ret->length < len+4) len = ((j == 0) ? 0 : ((j / 8) + 1));
{ if (ret->length < len + 4) {
unsigned char *new_data=OPENSSL_realloc(ret->data, len+4); unsigned char *new_data = OPENSSL_realloc(ret->data, len + 4);
if (!new_data) if (!new_data) {
{ ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE);
ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE); goto err;
goto err; }
} ret->data = new_data;
ret->data=new_data; }
}
ret->length=BN_bn2bin(bn,ret->data); ret->length = BN_bn2bin(bn, ret->data);
return(ret); return (ret);
err: err:
if (ret != ai) M_ASN1_ENUMERATED_free(ret); if (ret != ai)
return(NULL); M_ASN1_ENUMERATED_free(ret);
} return (NULL);
}
BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn) BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn)
{ {
BIGNUM *ret; BIGNUM *ret;
if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL) if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL)
ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN,ASN1_R_BN_LIB); ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN, ASN1_R_BN_LIB);
else if(ai->type == V_ASN1_NEG_ENUMERATED) BN_set_negative(ret,1); else if (ai->type == V_ASN1_NEG_ENUMERATED)
return(ret); BN_set_negative(ret, 1);
} return (ret);
}

425
crypto/asn1/a_gentm.c
View File

@ -56,7 +56,9 @@
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
/* GENERALIZEDTIME implementation, written by Steve Henson. Based on UTCTIME */ /*
* GENERALIZEDTIME implementation, written by Steve Henson. Based on UTCTIME
*/
#include <stdio.h> #include <stdio.h>
#include <time.h> #include <time.h>
@ -67,244 +69,243 @@
#if 0 #if 0
int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp) int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp)
{ {
#ifdef CHARSET_EBCDIC # ifdef CHARSET_EBCDIC
/* KLUDGE! We convert to ascii before writing DER */ /* KLUDGE! We convert to ascii before writing DER */
int len; int len;
char tmp[24]; char tmp[24];
ASN1_STRING tmpstr = *(ASN1_STRING *)a; ASN1_STRING tmpstr = *(ASN1_STRING *)a;
len = tmpstr.length; len = tmpstr.length;
ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len); ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len);
tmpstr.data = tmp; tmpstr.data = tmp;
a = (ASN1_GENERALIZEDTIME *) &tmpstr;
#endif
return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
V_ASN1_GENERALIZEDTIME,V_ASN1_UNIVERSAL));
}
a = (ASN1_GENERALIZEDTIME *)&tmpstr;
# endif
return (i2d_ASN1_bytes((ASN1_STRING *)a, pp,
V_ASN1_GENERALIZEDTIME, V_ASN1_UNIVERSAL));
}
ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a, ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a,
unsigned char **pp, long length) unsigned char **pp,
{ long length)
ASN1_GENERALIZEDTIME *ret=NULL; {
ASN1_GENERALIZEDTIME *ret = NULL;
ret=(ASN1_GENERALIZEDTIME *)d2i_ASN1_bytes((ASN1_STRING **)a,pp,length, ret =
V_ASN1_GENERALIZEDTIME,V_ASN1_UNIVERSAL); (ASN1_GENERALIZEDTIME *)d2i_ASN1_bytes((ASN1_STRING **)a, pp, length,
if (ret == NULL) V_ASN1_GENERALIZEDTIME,
{ V_ASN1_UNIVERSAL);
ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME,ERR_R_NESTED_ASN1_ERROR); if (ret == NULL) {
return(NULL); ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME, ERR_R_NESTED_ASN1_ERROR);
} return (NULL);
#ifdef CHARSET_EBCDIC }
ascii2ebcdic(ret->data, ret->data, ret->length); # ifdef CHARSET_EBCDIC
#endif ascii2ebcdic(ret->data, ret->data, ret->length);
if (!ASN1_GENERALIZEDTIME_check(ret)) # endif
{ if (!ASN1_GENERALIZEDTIME_check(ret)) {
ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME,ASN1_R_INVALID_TIME_FORMAT); ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME, ASN1_R_INVALID_TIME_FORMAT);
goto err; goto err;
} }
return(ret); return (ret);
err: err:
if ((ret != NULL) && ((a == NULL) || (*a != ret))) if ((ret != NULL) && ((a == NULL) || (*a != ret)))
M_ASN1_GENERALIZEDTIME_free(ret); M_ASN1_GENERALIZEDTIME_free(ret);
return(NULL); return (NULL);
} }
#endif #endif
int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d) int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d)
{ {
static const int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0}; static const int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 };
static const int max[9]={99, 99,12,31,23,59,59,12,59}; static const int max[9] = { 99, 99, 12, 31, 23, 59, 59, 12, 59 };
char *a; char *a;
int n,i,l,o; int n, i, l, o;
if (d->type != V_ASN1_GENERALIZEDTIME) return(0); if (d->type != V_ASN1_GENERALIZEDTIME)
l=d->length; return (0);
a=(char *)d->data; l = d->length;
o=0; a = (char *)d->data;
/* GENERALIZEDTIME is similar to UTCTIME except the year is o = 0;
* represented as YYYY. This stuff treats everything as a two digit /*
* field so make first two fields 00 to 99 * GENERALIZEDTIME is similar to UTCTIME except the year is represented
*/ * as YYYY. This stuff treats everything as a two digit field so make
if (l < 13) goto err; * first two fields 00 to 99
for (i=0; i<7; i++) */
{ if (l < 13)
if ((i == 6) && ((a[o] == 'Z') || goto err;
(a[o] == '+') || (a[o] == '-'))) for (i = 0; i < 7; i++) {
{ if ((i == 6) && ((a[o] == 'Z') || (a[o] == '+') || (a[o] == '-'))) {
i++; i++;
if (tm) if (tm)
tm->tm_sec = 0; tm->tm_sec = 0;
break; break;
} }
if ((a[o] < '0') || (a[o] > '9')) goto err; if ((a[o] < '0') || (a[o] > '9'))
n= a[o]-'0'; goto err;
if (++o > l) goto err; n = a[o] - '0';
if (++o > l)
goto err;
if ((a[o] < '0') || (a[o] > '9')) goto err; if ((a[o] < '0') || (a[o] > '9'))
n=(n*10)+ a[o]-'0'; goto err;
if (++o > l) goto err; n = (n * 10) + a[o] - '0';
if (++o > l)
goto err;
if ((n < min[i]) || (n > max[i])) goto err; if ((n < min[i]) || (n > max[i]))
if (tm) goto err;
{ if (tm) {
switch(i) switch (i) {
{ case 0:
case 0: tm->tm_year = n * 100 - 1900;
tm->tm_year = n * 100 - 1900; break;
break; case 1:
case 1: tm->tm_year += n;
tm->tm_year += n; break;
break; case 2:
case 2: tm->tm_mon = n - 1;
tm->tm_mon = n - 1; break;
break; case 3:
case 3: tm->tm_mday = n;
tm->tm_mday = n; break;
break; case 4:
case 4: tm->tm_hour = n;
tm->tm_hour = n; break;
break; case 5:
case 5: tm->tm_min = n;
tm->tm_min = n; break;
break; case 6:
case 6: tm->tm_sec = n;
tm->tm_sec = n; break;
break; }
} }
} }
} /*
/* Optional fractional seconds: decimal point followed by one * Optional fractional seconds: decimal point followed by one or more
* or more digits. * digits.
*/ */
if (a[o] == '.') if (a[o] == '.') {
{ if (++o > l)
if (++o > l) goto err; goto err;
i = o; i = o;
while ((a[o] >= '0') && (a[o] <= '9') && (o <= l)) while ((a[o] >= '0') && (a[o] <= '9') && (o <= l))
o++; o++;
/* Must have at least one digit after decimal point */ /* Must have at least one digit after decimal point */
if (i == o) goto err; if (i == o)
} goto err;
}
if (a[o] == 'Z') if (a[o] == 'Z')
o++; o++;
else if ((a[o] == '+') || (a[o] == '-')) else if ((a[o] == '+') || (a[o] == '-')) {
{ int offsign = a[o] == '-' ? -1 : 1, offset = 0;
int offsign = a[o] == '-' ? -1 : 1, offset = 0; o++;
o++; if (o + 4 > l)
if (o+4 > l) goto err; goto err;
for (i=7; i<9; i++) for (i = 7; i < 9; i++) {
{ if ((a[o] < '0') || (a[o] > '9'))
if ((a[o] < '0') || (a[o] > '9')) goto err; goto err;
n= a[o]-'0'; n = a[o] - '0';
o++; o++;
if ((a[o] < '0') || (a[o] > '9')) goto err; if ((a[o] < '0') || (a[o] > '9'))
n=(n*10)+ a[o]-'0'; goto err;
if ((n < min[i]) || (n > max[i])) goto err; n = (n * 10) + a[o] - '0';
if (tm) if ((n < min[i]) || (n > max[i]))
{ goto err;
if (i == 7) if (tm) {
offset = n * 3600; if (i == 7)
else if (i == 8) offset = n * 3600;
offset += n * 60; else if (i == 8)
} offset += n * 60;
o++; }
} o++;
if (offset && !OPENSSL_gmtime_adj(tm, 0, offset * offsign)) }
return 0; if (offset && !OPENSSL_gmtime_adj(tm, 0, offset * offsign))
} return 0;
else if (a[o]) } else if (a[o]) {
{ /* Missing time zone information. */
/* Missing time zone information. */ goto err;
goto err; }
} return (o == l);
return(o == l); err:
err: return (0);
return(0); }
}
int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *d) int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *d)
{ {
return asn1_generalizedtime_to_tm(NULL, d); return asn1_generalizedtime_to_tm(NULL, d);
} }
int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str) int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str)
{ {
ASN1_GENERALIZEDTIME t; ASN1_GENERALIZEDTIME t;
t.type=V_ASN1_GENERALIZEDTIME; t.type = V_ASN1_GENERALIZEDTIME;
t.length=strlen(str); t.length = strlen(str);
t.data=(unsigned char *)str; t.data = (unsigned char *)str;
if (ASN1_GENERALIZEDTIME_check(&t)) if (ASN1_GENERALIZEDTIME_check(&t)) {
{ if (s != NULL) {
if (s != NULL) if (!ASN1_STRING_set((ASN1_STRING *)s,
{ (unsigned char *)str, t.length))
if (!ASN1_STRING_set((ASN1_STRING *)s, return 0;
(unsigned char *)str,t.length)) s->type = V_ASN1_GENERALIZEDTIME;
return 0; }
s->type=V_ASN1_GENERALIZEDTIME; return (1);
} } else
return(1); return (0);
} }
else
return(0);
}
ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
time_t t) time_t t)
{ {
return ASN1_GENERALIZEDTIME_adj(s, t, 0, 0); return ASN1_GENERALIZEDTIME_adj(s, t, 0, 0);
} }
ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
time_t t, int offset_day, long offset_sec) time_t t, int offset_day,
{ long offset_sec)
char *p; {
struct tm *ts; char *p;
struct tm data; struct tm *ts;
size_t len = 20; struct tm data;
size_t len = 20;
if (s == NULL) if (s == NULL)
s=M_ASN1_GENERALIZEDTIME_new(); s = M_ASN1_GENERALIZEDTIME_new();
if (s == NULL) if (s == NULL)
return(NULL); return (NULL);
ts=OPENSSL_gmtime(&t, &data); ts = OPENSSL_gmtime(&t, &data);
if (ts == NULL) if (ts == NULL)
return(NULL); return (NULL);
if (offset_day || offset_sec) if (offset_day || offset_sec) {
{ if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec)) return NULL;
return NULL; }
}
p=(char *)s->data; p = (char *)s->data;
if ((p == NULL) || ((size_t)s->length < len)) if ((p == NULL) || ((size_t)s->length < len)) {
{ p = OPENSSL_malloc(len);
p=OPENSSL_malloc(len); if (p == NULL) {
if (p == NULL) ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_ADJ, ERR_R_MALLOC_FAILURE);
{ return (NULL);
ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_ADJ, }
ERR_R_MALLOC_FAILURE); if (s->data != NULL)
return(NULL); OPENSSL_free(s->data);
} s->data = (unsigned char *)p;
if (s->data != NULL) }
OPENSSL_free(s->data);
s->data=(unsigned char *)p;
}
BIO_snprintf(p,len,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900, BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ", ts->tm_year + 1900,
ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec); ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min,
s->length=strlen(p); ts->tm_sec);
s->type=V_ASN1_GENERALIZEDTIME; s->length = strlen(p);
s->type = V_ASN1_GENERALIZEDTIME;
#ifdef CHARSET_EBCDIC_not #ifdef CHARSET_EBCDIC_not
ebcdic2ascii(s->data, s->data, s->length); ebcdic2ascii(s->data, s->data, s->length);
#endif #endif
return(s); return (s);
} }

154
crypto/asn1/a_i2d_fp.c
View File

@ -63,101 +63,95 @@
#ifndef NO_OLD_ASN1 #ifndef NO_OLD_ASN1
#ifndef OPENSSL_NO_STDIO # ifndef OPENSSL_NO_STDIO
int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x) int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x)
{ {
BIO *b; BIO *b;
int ret; int ret;
if ((b=BIO_new(BIO_s_file())) == NULL) if ((b = BIO_new(BIO_s_file())) == NULL) {
{ ASN1err(ASN1_F_ASN1_I2D_FP, ERR_R_BUF_LIB);
ASN1err(ASN1_F_ASN1_I2D_FP,ERR_R_BUF_LIB); return (0);
return(0); }
} BIO_set_fp(b, out, BIO_NOCLOSE);
BIO_set_fp(b,out,BIO_NOCLOSE); ret = ASN1_i2d_bio(i2d, b, x);
ret=ASN1_i2d_bio(i2d,b,x); BIO_free(b);
BIO_free(b); return (ret);
return(ret); }
} # endif
#endif
int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x) int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x)
{ {
char *b; char *b;
unsigned char *p; unsigned char *p;
int i,j=0,n,ret=1; int i, j = 0, n, ret = 1;
n=i2d(x,NULL); n = i2d(x, NULL);
b=(char *)OPENSSL_malloc(n); b = (char *)OPENSSL_malloc(n);
if (b == NULL) if (b == NULL) {
{ ASN1err(ASN1_F_ASN1_I2D_BIO, ERR_R_MALLOC_FAILURE);
ASN1err(ASN1_F_ASN1_I2D_BIO,ERR_R_MALLOC_FAILURE); return (0);
return(0); }
}
p=(unsigned char *)b; p = (unsigned char *)b;
i2d(x,&p); i2d(x, &p);
for (;;) for (;;) {
{ i = BIO_write(out, &(b[j]), n);
i=BIO_write(out,&(b[j]),n); if (i == n)
if (i == n) break; break;
if (i <= 0) if (i <= 0) {
{ ret = 0;
ret=0; break;
break; }
} j += i;
j+=i; n -= i;
n-=i; }
} OPENSSL_free(b);
OPENSSL_free(b); return (ret);
return(ret); }
}
#endif #endif
#ifndef OPENSSL_NO_STDIO #ifndef OPENSSL_NO_STDIO
int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x) int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x)
{ {
BIO *b; BIO *b;
int ret; int ret;
if ((b=BIO_new(BIO_s_file())) == NULL) if ((b = BIO_new(BIO_s_file())) == NULL) {
{ ASN1err(ASN1_F_ASN1_ITEM_I2D_FP, ERR_R_BUF_LIB);
ASN1err(ASN1_F_ASN1_ITEM_I2D_FP,ERR_R_BUF_LIB); return (0);
return(0); }
} BIO_set_fp(b, out, BIO_NOCLOSE);
BIO_set_fp(b,out,BIO_NOCLOSE); ret = ASN1_item_i2d_bio(it, b, x);
ret=ASN1_item_i2d_bio(it,b,x); BIO_free(b);
BIO_free(b); return (ret);
return(ret); }
}
#endif #endif
int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x) int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x)
{ {
unsigned char *b = NULL; unsigned char *b = NULL;
int i,j=0,n,ret=1; int i, j = 0, n, ret = 1;
n = ASN1_item_i2d(x, &b, it); n = ASN1_item_i2d(x, &b, it);
if (b == NULL) if (b == NULL) {
{ ASN1err(ASN1_F_ASN1_ITEM_I2D_BIO, ERR_R_MALLOC_FAILURE);
ASN1err(ASN1_F_ASN1_ITEM_I2D_BIO,ERR_R_MALLOC_FAILURE); return (0);
return(0); }
}
for (;;) for (;;) {
{ i = BIO_write(out, &(b[j]), n);
i=BIO_write(out,&(b[j]),n); if (i == n)
if (i == n) break; break;
if (i <= 0) if (i <= 0) {
{ ret = 0;
ret=0; break;
break; }
} j += i;
j+=i; n -= i;
n-=i; }
} OPENSSL_free(b);
OPENSSL_free(b); return (ret);
return(ret); }
}

651
crypto/asn1/a_int.c
View File

@ -62,29 +62,29 @@
#include <openssl/bn.h> #include <openssl/bn.h>
ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x) ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x)
{ return M_ASN1_INTEGER_dup(x);} {
return M_ASN1_INTEGER_dup(x);
}
int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y) int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y)
{ {
int neg, ret; int neg, ret;
/* Compare signs */ /* Compare signs */
neg = x->type & V_ASN1_NEG; neg = x->type & V_ASN1_NEG;
if (neg != (y->type & V_ASN1_NEG)) if (neg != (y->type & V_ASN1_NEG)) {
{ if (neg)
if (neg) return -1;
return -1; else
else return 1;
return 1; }
}
ret = ASN1_STRING_cmp(x, y); ret = ASN1_STRING_cmp(x, y);
if (neg)
return -ret;
else
return ret;
}
if (neg)
return -ret;
else
return ret;
}
/*- /*-
* This converts an ASN1 INTEGER into its content encoding. * This converts an ASN1 INTEGER into its content encoding.
@ -112,346 +112,349 @@ int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y)
*/ */
int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
{ {
int pad=0,ret,i,neg; int pad = 0, ret, i, neg;
unsigned char *p,*n,pb=0; unsigned char *p, *n, pb = 0;
if (a == NULL) return(0); if (a == NULL)
neg=a->type & V_ASN1_NEG; return (0);
if (a->length == 0) neg = a->type & V_ASN1_NEG;
ret=1; if (a->length == 0)
else ret = 1;
{ else {
ret=a->length; ret = a->length;
i=a->data[0]; i = a->data[0];
if (!neg && (i > 127)) { if (!neg && (i > 127)) {
pad=1; pad = 1;
pb=0; pb = 0;
} else if(neg) { } else if (neg) {
if(i>128) { if (i > 128) {
pad=1; pad = 1;
pb=0xFF; pb = 0xFF;
} else if(i == 128) { } else if (i == 128) {
/* /*
* Special case: if any other bytes non zero we pad: * Special case: if any other bytes non zero we pad:
* otherwise we don't. * otherwise we don't.
*/ */
for(i = 1; i < a->length; i++) if(a->data[i]) { for (i = 1; i < a->length; i++)
pad=1; if (a->data[i]) {
pb=0xFF; pad = 1;
break; pb = 0xFF;
} break;
} }
} }
ret+=pad; }
} ret += pad;
if (pp == NULL) return(ret); }
p= *pp; if (pp == NULL)
return (ret);
p = *pp;
if (pad) *(p++)=pb; if (pad)
if (a->length == 0) *(p++)=0; *(p++) = pb;
else if (!neg) memcpy(p,a->data,(unsigned int)a->length); if (a->length == 0)
else { *(p++) = 0;
/* Begin at the end of the encoding */ else if (!neg)
n=a->data + a->length - 1; memcpy(p, a->data, (unsigned int)a->length);
p += a->length - 1; else {
i = a->length; /* Begin at the end of the encoding */
/* Copy zeros to destination as long as source is zero */ n = a->data + a->length - 1;
while(!*n) { p += a->length - 1;
*(p--) = 0; i = a->length;
n--; /* Copy zeros to destination as long as source is zero */
i--; while (!*n) {
} *(p--) = 0;
/* Complement and increment next octet */ n--;
*(p--) = ((*(n--)) ^ 0xff) + 1; i--;
i--; }
/* Complement any octets left */ /* Complement and increment next octet */
for(;i > 0; i--) *(p--) = *(n--) ^ 0xff; *(p--) = ((*(n--)) ^ 0xff) + 1;
} i--;
/* Complement any octets left */
for (; i > 0; i--)
*(p--) = *(n--) ^ 0xff;
}
*pp+=ret; *pp += ret;
return(ret); return (ret);
} }
/* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */ /* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */
ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
long len) long len)
{ {
ASN1_INTEGER *ret=NULL; ASN1_INTEGER *ret = NULL;
const unsigned char *p, *pend; const unsigned char *p, *pend;
unsigned char *to,*s; unsigned char *to, *s;
int i; int i;
if ((a == NULL) || ((*a) == NULL)) if ((a == NULL) || ((*a) == NULL)) {
{ if ((ret = M_ASN1_INTEGER_new()) == NULL)
if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL); return (NULL);
ret->type=V_ASN1_INTEGER; ret->type = V_ASN1_INTEGER;
} } else
else ret = (*a);
ret=(*a);
p= *pp; p = *pp;
pend = p + len; pend = p + len;
/* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it /*
* signifies a missing NULL parameter. */ * We must OPENSSL_malloc stuff, even for 0 bytes otherwise it signifies
s=(unsigned char *)OPENSSL_malloc((int)len+1); * a missing NULL parameter.
if (s == NULL) */
{ s = (unsigned char *)OPENSSL_malloc((int)len + 1);
i=ERR_R_MALLOC_FAILURE; if (s == NULL) {
goto err; i = ERR_R_MALLOC_FAILURE;
} goto err;
to=s; }
if(!len) { to = s;
/* Strictly speaking this is an illegal INTEGER but we if (!len) {
* tolerate it. /*
*/ * Strictly speaking this is an illegal INTEGER but we tolerate it.
ret->type=V_ASN1_INTEGER; */
} else if (*p & 0x80) /* a negative number */ ret->type = V_ASN1_INTEGER;
{ } else if (*p & 0x80) { /* a negative number */
ret->type=V_ASN1_NEG_INTEGER; ret->type = V_ASN1_NEG_INTEGER;
if ((*p == 0xff) && (len != 1)) { if ((*p == 0xff) && (len != 1)) {
p++; p++;
len--; len--;
} }
i = len; i = len;
p += i - 1; p += i - 1;
to += i - 1; to += i - 1;
while((!*p) && i) { while ((!*p) && i) {
*(to--) = 0; *(to--) = 0;
i--; i--;
p--; p--;
} }
/* Special case: if all zeros then the number will be of /*
* the form FF followed by n zero bytes: this corresponds to * Special case: if all zeros then the number will be of the form FF
* 1 followed by n zero bytes. We've already written n zeros * followed by n zero bytes: this corresponds to 1 followed by n zero
* so we just append an extra one and set the first byte to * bytes. We've already written n zeros so we just append an extra
* a 1. This is treated separately because it is the only case * one and set the first byte to a 1. This is treated separately
* where the number of bytes is larger than len. * because it is the only case where the number of bytes is larger
*/ * than len.
if(!i) { */
*s = 1; if (!i) {
s[len] = 0; *s = 1;
len++; s[len] = 0;
} else { len++;
*(to--) = (*(p--) ^ 0xff) + 1; } else {
i--; *(to--) = (*(p--) ^ 0xff) + 1;
for(;i > 0; i--) *(to--) = *(p--) ^ 0xff; i--;
} for (; i > 0; i--)
} else { *(to--) = *(p--) ^ 0xff;
ret->type=V_ASN1_INTEGER; }
if ((*p == 0) && (len != 1)) } else {
{ ret->type = V_ASN1_INTEGER;
p++; if ((*p == 0) && (len != 1)) {
len--; p++;
} len--;
memcpy(s,p,(int)len); }
} memcpy(s, p, (int)len);
}
if (ret->data != NULL) OPENSSL_free(ret->data); if (ret->data != NULL)
ret->data=s; OPENSSL_free(ret->data);
ret->length=(int)len; ret->data = s;
if (a != NULL) (*a)=ret; ret->length = (int)len;
*pp=pend; if (a != NULL)
return(ret); (*a) = ret;
err: *pp = pend;
ASN1err(ASN1_F_C2I_ASN1_INTEGER,i); return (ret);
if ((ret != NULL) && ((a == NULL) || (*a != ret))) err:
M_ASN1_INTEGER_free(ret); ASN1err(ASN1_F_C2I_ASN1_INTEGER, i);
return(NULL); if ((ret != NULL) && ((a == NULL) || (*a != ret)))
} M_ASN1_INTEGER_free(ret);
return (NULL);
}
/*
/* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of * This is a version of d2i_ASN1_INTEGER that ignores the sign bit of ASN1
* ASN1 integers: some broken software can encode a positive INTEGER * integers: some broken software can encode a positive INTEGER with its MSB
* with its MSB set as negative (it doesn't add a padding zero). * set as negative (it doesn't add a padding zero).
*/ */
ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
long length) long length)
{ {
ASN1_INTEGER *ret=NULL; ASN1_INTEGER *ret = NULL;
const unsigned char *p; const unsigned char *p;
unsigned char *s; unsigned char *s;
long len; long len;
int inf,tag,xclass; int inf, tag, xclass;
int i; int i;
if ((a == NULL) || ((*a) == NULL)) if ((a == NULL) || ((*a) == NULL)) {
{ if ((ret = M_ASN1_INTEGER_new()) == NULL)
if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL); return (NULL);
ret->type=V_ASN1_INTEGER; ret->type = V_ASN1_INTEGER;
} } else
else ret = (*a);
ret=(*a);
p= *pp; p = *pp;
inf=ASN1_get_object(&p,&len,&tag,&xclass,length); inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
if (inf & 0x80) if (inf & 0x80) {
{ i = ASN1_R_BAD_OBJECT_HEADER;
i=ASN1_R_BAD_OBJECT_HEADER; goto err;
goto err; }
}
if (tag != V_ASN1_INTEGER) if (tag != V_ASN1_INTEGER) {
{ i = ASN1_R_EXPECTING_AN_INTEGER;
i=ASN1_R_EXPECTING_AN_INTEGER; goto err;
goto err; }
}
/* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it /*
* signifies a missing NULL parameter. */ * We must OPENSSL_malloc stuff, even for 0 bytes otherwise it signifies
s=(unsigned char *)OPENSSL_malloc((int)len+1); * a missing NULL parameter.
if (s == NULL) */
{ s = (unsigned char *)OPENSSL_malloc((int)len + 1);
i=ERR_R_MALLOC_FAILURE; if (s == NULL) {
goto err; i = ERR_R_MALLOC_FAILURE;
} goto err;
ret->type=V_ASN1_INTEGER; }
if(len) { ret->type = V_ASN1_INTEGER;
if ((*p == 0) && (len != 1)) if (len) {
{ if ((*p == 0) && (len != 1)) {
p++; p++;
len--; len--;
} }
memcpy(s,p,(int)len); memcpy(s, p, (int)len);
p+=len; p += len;
} }
if (ret->data != NULL) OPENSSL_free(ret->data); if (ret->data != NULL)
ret->data=s; OPENSSL_free(ret->data);
ret->length=(int)len; ret->data = s;
if (a != NULL) (*a)=ret; ret->length = (int)len;
*pp=p; if (a != NULL)
return(ret); (*a) = ret;
err: *pp = p;
ASN1err(ASN1_F_D2I_ASN1_UINTEGER,i); return (ret);
if ((ret != NULL) && ((a == NULL) || (*a != ret))) err:
M_ASN1_INTEGER_free(ret); ASN1err(ASN1_F_D2I_ASN1_UINTEGER, i);
return(NULL); if ((ret != NULL) && ((a == NULL) || (*a != ret)))
} M_ASN1_INTEGER_free(ret);
return (NULL);
}
int ASN1_INTEGER_set(ASN1_INTEGER *a, long v) int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
{ {
int j,k; int j, k;
unsigned int i; unsigned int i;
unsigned char buf[sizeof(long)+1]; unsigned char buf[sizeof(long) + 1];
if (a->length < (int)(sizeof(long)+1)) if (a->length < (int)(sizeof(long) + 1)) {
{ if (a->data != NULL)
if (a->data != NULL) OPENSSL_free(a->data);
OPENSSL_free(a->data); if ((a->data =
if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL) (unsigned char *)OPENSSL_malloc(sizeof(long) + 1)) != NULL)
memset((char *)a->data,0,sizeof(long)+1); memset((char *)a->data, 0, sizeof(long) + 1);
} }
if (a->data == NULL) if (a->data == NULL) {
{ ASN1err(ASN1_F_ASN1_INTEGER_SET, ERR_R_MALLOC_FAILURE);
ASN1err(ASN1_F_ASN1_INTEGER_SET,ERR_R_MALLOC_FAILURE); return (0);
return(0); }
} if (v < 0) {
if (v < 0) v = -v;
{ a->type = V_ASN1_NEG_INTEGER;
v= -v; } else
a->type=V_ASN1_NEG_INTEGER; a->type = V_ASN1_INTEGER;
}
else
a->type=V_ASN1_INTEGER;
for (i=0; i<sizeof(long); i++) for (i = 0; i < sizeof(long); i++) {
{ if (v == 0)
if (v == 0) break; break;
buf[i]=(int)v&0xff; buf[i] = (int)v & 0xff;
v>>=8; v >>= 8;
} }
j=0; j = 0;
for (k=i-1; k >=0; k--) for (k = i - 1; k >= 0; k--)
a->data[j++]=buf[k]; a->data[j++] = buf[k];
a->length=j; a->length = j;
return(1); return (1);
} }
long ASN1_INTEGER_get(const ASN1_INTEGER *a) long ASN1_INTEGER_get(const ASN1_INTEGER *a)
{ {
int neg=0,i; int neg = 0, i;
long r=0; long r = 0;
if (a == NULL) return(0L); if (a == NULL)
i=a->type; return (0L);
if (i == V_ASN1_NEG_INTEGER) i = a->type;
neg=1; if (i == V_ASN1_NEG_INTEGER)
else if (i != V_ASN1_INTEGER) neg = 1;
return -1; else if (i != V_ASN1_INTEGER)
return -1;
if (a->length > (int)sizeof(long)) if (a->length > (int)sizeof(long)) {
{ /* hmm... a bit ugly, return all ones */
/* hmm... a bit ugly, return all ones */ return -1;
return -1; }
} if (a->data == NULL)
if (a->data == NULL) return 0;
return 0;
for (i=0; i<a->length; i++) for (i = 0; i < a->length; i++) {
{ r <<= 8;
r<<=8; r |= (unsigned char)a->data[i];
r|=(unsigned char)a->data[i]; }
} if (neg)
if (neg) r= -r; r = -r;
return(r); return (r);
} }
ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai) ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai)
{ {
ASN1_INTEGER *ret; ASN1_INTEGER *ret;
int len,j; int len, j;
if (ai == NULL) if (ai == NULL)
ret=M_ASN1_INTEGER_new(); ret = M_ASN1_INTEGER_new();
else else
ret=ai; ret = ai;
if (ret == NULL) if (ret == NULL) {
{ ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_NESTED_ASN1_ERROR);
ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_NESTED_ASN1_ERROR); goto err;
goto err; }
} if (BN_is_negative(bn))
if (BN_is_negative(bn)) ret->type = V_ASN1_NEG_INTEGER;
ret->type = V_ASN1_NEG_INTEGER; else
else ret->type=V_ASN1_INTEGER; ret->type = V_ASN1_INTEGER;
j=BN_num_bits(bn); j = BN_num_bits(bn);
len=((j == 0)?0:((j/8)+1)); len = ((j == 0) ? 0 : ((j / 8) + 1));
if (ret->length < len+4) if (ret->length < len + 4) {
{ unsigned char *new_data = OPENSSL_realloc(ret->data, len + 4);
unsigned char *new_data=OPENSSL_realloc(ret->data, len+4); if (!new_data) {
if (!new_data) ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
{ goto err;
ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE); }
goto err; ret->data = new_data;
} }
ret->data=new_data; ret->length = BN_bn2bin(bn, ret->data);
} /* Correct zero case */
ret->length=BN_bn2bin(bn,ret->data); if (!ret->length) {
/* Correct zero case */ ret->data[0] = 0;
if(!ret->length) ret->length = 1;
{ }
ret->data[0] = 0; return (ret);
ret->length = 1; err:
} if (ret != ai)
return(ret); M_ASN1_INTEGER_free(ret);
err: return (NULL);
if (ret != ai) M_ASN1_INTEGER_free(ret); }
return(NULL);
}
BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn) BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn)
{ {
BIGNUM *ret; BIGNUM *ret;
if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL) if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL)
ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB); ASN1err(ASN1_F_ASN1_INTEGER_TO_BN, ASN1_R_BN_LIB);
else if(ai->type == V_ASN1_NEG_INTEGER) else if (ai->type == V_ASN1_NEG_INTEGER)
BN_set_negative(ret, 1); BN_set_negative(ret, 1);
return(ret); return (ret);
} }
IMPLEMENT_STACK_OF(ASN1_INTEGER) IMPLEMENT_STACK_OF(ASN1_INTEGER)
IMPLEMENT_ASN1_SET_OF(ASN1_INTEGER) IMPLEMENT_ASN1_SET_OF(ASN1_INTEGER)

523
crypto/asn1/a_mbstr.c
View File

@ -1,6 +1,7 @@
/* a_mbstr.c */ /* a_mbstr.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL /*
* project 1999. * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 1999.
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved. * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
@ -62,7 +63,8 @@
#include <openssl/asn1.h> #include <openssl/asn1.h>
static int traverse_string(const unsigned char *p, int len, int inform, static int traverse_string(const unsigned char *p, int len, int inform,
int (*rfunc)(unsigned long value, void *in), void *arg); int (*rfunc) (unsigned long value, void *in),
void *arg);
static int in_utf8(unsigned long value, void *arg); static int in_utf8(unsigned long value, void *arg);
static int out_utf8(unsigned long value, void *arg); static int out_utf8(unsigned long value, void *arg);
static int type_str(unsigned long value, void *arg); static int type_str(unsigned long value, void *arg);
@ -72,212 +74,221 @@ static int cpy_univ(unsigned long value, void *arg);
static int cpy_utf8(unsigned long value, void *arg); static int cpy_utf8(unsigned long value, void *arg);
static int is_printable(unsigned long value); static int is_printable(unsigned long value);
/* These functions take a string in UTF8, ASCII or multibyte form and /*
* a mask of permissible ASN1 string types. It then works out the minimal * These functions take a string in UTF8, ASCII or multibyte form and a mask
* type (using the order Printable < IA5 < T61 < BMP < Universal < UTF8) * of permissible ASN1 string types. It then works out the minimal type
* and creates a string of the correct type with the supplied data. * (using the order Printable < IA5 < T61 < BMP < Universal < UTF8) and
* Yes this is horrible: it has to be :-( * creates a string of the correct type with the supplied data. Yes this is
* The 'ncopy' form checks minimum and maximum size limits too. * horrible: it has to be :-( The 'ncopy' form checks minimum and maximum
* size limits too.
*/ */
int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len, int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
int inform, unsigned long mask) int inform, unsigned long mask)
{ {
return ASN1_mbstring_ncopy(out, in, len, inform, mask, 0, 0); return ASN1_mbstring_ncopy(out, in, len, inform, mask, 0, 0);
} }
int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
int inform, unsigned long mask, int inform, unsigned long mask,
long minsize, long maxsize) long minsize, long maxsize)
{ {
int str_type; int str_type;
int ret; int ret;
char free_out; char free_out;
int outform, outlen = 0; int outform, outlen = 0;
ASN1_STRING *dest; ASN1_STRING *dest;
unsigned char *p; unsigned char *p;
int nchar; int nchar;
char strbuf[32]; char strbuf[32];
int (*cpyfunc)(unsigned long,void *) = NULL; int (*cpyfunc) (unsigned long, void *) = NULL;
if(len == -1) len = strlen((const char *)in); if (len == -1)
if(!mask) mask = DIRSTRING_TYPE; len = strlen((const char *)in);
if (!mask)
mask = DIRSTRING_TYPE;
/* First do a string check and work out the number of characters */ /* First do a string check and work out the number of characters */
switch(inform) { switch (inform) {
case MBSTRING_BMP: case MBSTRING_BMP:
if(len & 1) { if (len & 1) {
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
ASN1_R_INVALID_BMPSTRING_LENGTH); ASN1_R_INVALID_BMPSTRING_LENGTH);
return -1; return -1;
} }
nchar = len >> 1; nchar = len >> 1;
break; break;
case MBSTRING_UNIV: case MBSTRING_UNIV:
if(len & 3) { if (len & 3) {
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
ASN1_R_INVALID_UNIVERSALSTRING_LENGTH); ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
return -1; return -1;
} }
nchar = len >> 2; nchar = len >> 2;
break; break;
case MBSTRING_UTF8: case MBSTRING_UTF8:
nchar = 0; nchar = 0;
/* This counts the characters and does utf8 syntax checking */ /* This counts the characters and does utf8 syntax checking */
ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar); ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar);
if(ret < 0) { if (ret < 0) {
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_INVALID_UTF8STRING);
ASN1_R_INVALID_UTF8STRING); return -1;
return -1; }
} break;
break;
case MBSTRING_ASC: case MBSTRING_ASC:
nchar = len; nchar = len;
break; break;
default: default:
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_UNKNOWN_FORMAT); ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_UNKNOWN_FORMAT);
return -1; return -1;
} }
if((minsize > 0) && (nchar < minsize)) { if ((minsize > 0) && (nchar < minsize)) {
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT); ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT);
BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize); BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize);
ERR_add_error_data(2, "minsize=", strbuf); ERR_add_error_data(2, "minsize=", strbuf);
return -1; return -1;
} }
if((maxsize > 0) && (nchar > maxsize)) { if ((maxsize > 0) && (nchar > maxsize)) {
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG); ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG);
BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize); BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize);
ERR_add_error_data(2, "maxsize=", strbuf); ERR_add_error_data(2, "maxsize=", strbuf);
return -1; return -1;
} }
/* Now work out minimal type (if any) */ /* Now work out minimal type (if any) */
if(traverse_string(in, len, inform, type_str, &mask) < 0) { if (traverse_string(in, len, inform, type_str, &mask) < 0) {
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_ILLEGAL_CHARACTERS); ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_ILLEGAL_CHARACTERS);
return -1; return -1;
} }
/* Now work out output format and string type */
outform = MBSTRING_ASC;
if (mask & B_ASN1_PRINTABLESTRING)
str_type = V_ASN1_PRINTABLESTRING;
else if (mask & B_ASN1_IA5STRING)
str_type = V_ASN1_IA5STRING;
else if (mask & B_ASN1_T61STRING)
str_type = V_ASN1_T61STRING;
else if (mask & B_ASN1_BMPSTRING) {
str_type = V_ASN1_BMPSTRING;
outform = MBSTRING_BMP;
} else if (mask & B_ASN1_UNIVERSALSTRING) {
str_type = V_ASN1_UNIVERSALSTRING;
outform = MBSTRING_UNIV;
} else {
str_type = V_ASN1_UTF8STRING;
outform = MBSTRING_UTF8;
}
if (!out)
return str_type;
if (*out) {
free_out = 0;
dest = *out;
if (dest->data) {
dest->length = 0;
OPENSSL_free(dest->data);
dest->data = NULL;
}
dest->type = str_type;
} else {
free_out = 1;
dest = ASN1_STRING_type_new(str_type);
if (!dest) {
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE);
return -1;
}
*out = dest;
}
/* If both the same type just copy across */
if (inform == outform) {
if (!ASN1_STRING_set(dest, in, len)) {
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE);
return -1;
}
return str_type;
}
/* Now work out output format and string type */ /* Work out how much space the destination will need */
outform = MBSTRING_ASC; switch (outform) {
if(mask & B_ASN1_PRINTABLESTRING) str_type = V_ASN1_PRINTABLESTRING; case MBSTRING_ASC:
else if(mask & B_ASN1_IA5STRING) str_type = V_ASN1_IA5STRING; outlen = nchar;
else if(mask & B_ASN1_T61STRING) str_type = V_ASN1_T61STRING; cpyfunc = cpy_asc;
else if(mask & B_ASN1_BMPSTRING) { break;
str_type = V_ASN1_BMPSTRING;
outform = MBSTRING_BMP;
} else if(mask & B_ASN1_UNIVERSALSTRING) {
str_type = V_ASN1_UNIVERSALSTRING;
outform = MBSTRING_UNIV;
} else {
str_type = V_ASN1_UTF8STRING;
outform = MBSTRING_UTF8;
}
if(!out) return str_type;
if(*out) {
free_out = 0;
dest = *out;
if(dest->data) {
dest->length = 0;
OPENSSL_free(dest->data);
dest->data = NULL;
}
dest->type = str_type;
} else {
free_out = 1;
dest = ASN1_STRING_type_new(str_type);
if(!dest) {
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
ERR_R_MALLOC_FAILURE);
return -1;
}
*out = dest;
}
/* If both the same type just copy across */
if(inform == outform) {
if(!ASN1_STRING_set(dest, in, len)) {
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,ERR_R_MALLOC_FAILURE);
return -1;
}
return str_type;
}
/* Work out how much space the destination will need */ case MBSTRING_BMP:
switch(outform) { outlen = nchar << 1;
case MBSTRING_ASC: cpyfunc = cpy_bmp;
outlen = nchar; break;
cpyfunc = cpy_asc;
break;
case MBSTRING_BMP: case MBSTRING_UNIV:
outlen = nchar << 1; outlen = nchar << 2;
cpyfunc = cpy_bmp; cpyfunc = cpy_univ;
break; break;
case MBSTRING_UNIV: case MBSTRING_UTF8:
outlen = nchar << 2; outlen = 0;
cpyfunc = cpy_univ; traverse_string(in, len, inform, out_utf8, &outlen);
break; cpyfunc = cpy_utf8;
break;
case MBSTRING_UTF8: }
outlen = 0; if (!(p = OPENSSL_malloc(outlen + 1))) {
traverse_string(in, len, inform, out_utf8, &outlen); if (free_out)
cpyfunc = cpy_utf8; ASN1_STRING_free(dest);
break; ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE);
} return -1;
if(!(p = OPENSSL_malloc(outlen + 1))) { }
if(free_out) ASN1_STRING_free(dest); dest->length = outlen;
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,ERR_R_MALLOC_FAILURE); dest->data = p;
return -1; p[outlen] = 0;
} traverse_string(in, len, inform, cpyfunc, &p);
dest->length = outlen; return str_type;
dest->data = p;
p[outlen] = 0;
traverse_string(in, len, inform, cpyfunc, &p);
return str_type;
} }
/* This function traverses a string and passes the value of each character /*
* to an optional function along with a void * argument. * This function traverses a string and passes the value of each character to
* an optional function along with a void * argument.
*/ */
static int traverse_string(const unsigned char *p, int len, int inform, static int traverse_string(const unsigned char *p, int len, int inform,
int (*rfunc)(unsigned long value, void *in), void *arg) int (*rfunc) (unsigned long value, void *in),
void *arg)
{ {
unsigned long value; unsigned long value;
int ret; int ret;
while(len) { while (len) {
if(inform == MBSTRING_ASC) { if (inform == MBSTRING_ASC) {
value = *p++; value = *p++;
len--; len--;
} else if(inform == MBSTRING_BMP) { } else if (inform == MBSTRING_BMP) {
value = *p++ << 8; value = *p++ << 8;
value |= *p++; value |= *p++;
len -= 2; len -= 2;
} else if(inform == MBSTRING_UNIV) { } else if (inform == MBSTRING_UNIV) {
value = ((unsigned long)*p++) << 24; value = ((unsigned long)*p++) << 24;
value |= ((unsigned long)*p++) << 16; value |= ((unsigned long)*p++) << 16;
value |= *p++ << 8; value |= *p++ << 8;
value |= *p++; value |= *p++;
len -= 4; len -= 4;
} else { } else {
ret = UTF8_getc(p, len, &value); ret = UTF8_getc(p, len, &value);
if(ret < 0) return -1; if (ret < 0)
len -= ret; return -1;
p += ret; len -= ret;
} p += ret;
if(rfunc) { }
ret = rfunc(value, arg); if (rfunc) {
if(ret <= 0) return ret; ret = rfunc(value, arg);
} if (ret <= 0)
} return ret;
return 1; }
}
return 1;
} }
/* Various utility functions for traverse_string */ /* Various utility functions for traverse_string */
@ -286,115 +297,127 @@ static int traverse_string(const unsigned char *p, int len, int inform,
static int in_utf8(unsigned long value, void *arg) static int in_utf8(unsigned long value, void *arg)
{ {
int *nchar; int *nchar;
nchar = arg; nchar = arg;
(*nchar)++; (*nchar)++;
return 1; return 1;
} }
/* Determine size of output as a UTF8 String */ /* Determine size of output as a UTF8 String */
static int out_utf8(unsigned long value, void *arg) static int out_utf8(unsigned long value, void *arg)
{ {
int *outlen; int *outlen;
outlen = arg; outlen = arg;
*outlen += UTF8_putc(NULL, -1, value); *outlen += UTF8_putc(NULL, -1, value);
return 1; return 1;
} }
/* Determine the "type" of a string: check each character against a /*
* supplied "mask". * Determine the "type" of a string: check each character against a supplied
* "mask".
*/ */
static int type_str(unsigned long value, void *arg) static int type_str(unsigned long value, void *arg)
{ {
unsigned long types; unsigned long types;
types = *((unsigned long *)arg); types = *((unsigned long *)arg);
if((types & B_ASN1_PRINTABLESTRING) && !is_printable(value)) if ((types & B_ASN1_PRINTABLESTRING) && !is_printable(value))
types &= ~B_ASN1_PRINTABLESTRING; types &= ~B_ASN1_PRINTABLESTRING;
if((types & B_ASN1_IA5STRING) && (value > 127)) if ((types & B_ASN1_IA5STRING) && (value > 127))
types &= ~B_ASN1_IA5STRING; types &= ~B_ASN1_IA5STRING;
if((types & B_ASN1_T61STRING) && (value > 0xff)) if ((types & B_ASN1_T61STRING) && (value > 0xff))
types &= ~B_ASN1_T61STRING; types &= ~B_ASN1_T61STRING;
if((types & B_ASN1_BMPSTRING) && (value > 0xffff)) if ((types & B_ASN1_BMPSTRING) && (value > 0xffff))
types &= ~B_ASN1_BMPSTRING; types &= ~B_ASN1_BMPSTRING;
if(!types) return -1; if (!types)
*((unsigned long *)arg) = types; return -1;
return 1; *((unsigned long *)arg) = types;
return 1;
} }
/* Copy one byte per character ASCII like strings */ /* Copy one byte per character ASCII like strings */
static int cpy_asc(unsigned long value, void *arg) static int cpy_asc(unsigned long value, void *arg)
{ {
unsigned char **p, *q; unsigned char **p, *q;
p = arg; p = arg;
q = *p; q = *p;
*q = (unsigned char) value; *q = (unsigned char)value;
(*p)++; (*p)++;
return 1; return 1;
} }
/* Copy two byte per character BMPStrings */ /* Copy two byte per character BMPStrings */
static int cpy_bmp(unsigned long value, void *arg) static int cpy_bmp(unsigned long value, void *arg)
{ {
unsigned char **p, *q; unsigned char **p, *q;
p = arg; p = arg;
q = *p; q = *p;
*q++ = (unsigned char) ((value >> 8) & 0xff); *q++ = (unsigned char)((value >> 8) & 0xff);
*q = (unsigned char) (value & 0xff); *q = (unsigned char)(value & 0xff);
*p += 2; *p += 2;
return 1; return 1;
} }
/* Copy four byte per character UniversalStrings */ /* Copy four byte per character UniversalStrings */
static int cpy_univ(unsigned long value, void *arg) static int cpy_univ(unsigned long value, void *arg)
{ {
unsigned char **p, *q; unsigned char **p, *q;
p = arg; p = arg;
q = *p; q = *p;
*q++ = (unsigned char) ((value >> 24) & 0xff); *q++ = (unsigned char)((value >> 24) & 0xff);
*q++ = (unsigned char) ((value >> 16) & 0xff); *q++ = (unsigned char)((value >> 16) & 0xff);
*q++ = (unsigned char) ((value >> 8) & 0xff); *q++ = (unsigned char)((value >> 8) & 0xff);
*q = (unsigned char) (value & 0xff); *q = (unsigned char)(value & 0xff);
*p += 4; *p += 4;
return 1; return 1;
} }
/* Copy to a UTF8String */ /* Copy to a UTF8String */
static int cpy_utf8(unsigned long value, void *arg) static int cpy_utf8(unsigned long value, void *arg)
{ {
unsigned char **p; unsigned char **p;
int ret; int ret;
p = arg; p = arg;
/* We already know there is enough room so pass 0xff as the length */ /* We already know there is enough room so pass 0xff as the length */
ret = UTF8_putc(*p, 0xff, value); ret = UTF8_putc(*p, 0xff, value);
*p += ret; *p += ret;
return 1; return 1;
} }
/* Return 1 if the character is permitted in a PrintableString */ /* Return 1 if the character is permitted in a PrintableString */
static int is_printable(unsigned long value) static int is_printable(unsigned long value)
{ {
int ch; int ch;
if(value > 0x7f) return 0; if (value > 0x7f)
ch = (int) value; return 0;
/* Note: we can't use 'isalnum' because certain accented ch = (int)value;
* characters may count as alphanumeric in some environments. /*
*/ * Note: we can't use 'isalnum' because certain accented characters may
* count as alphanumeric in some environments.
*/
#ifndef CHARSET_EBCDIC #ifndef CHARSET_EBCDIC
if((ch >= 'a') && (ch <= 'z')) return 1; if ((ch >= 'a') && (ch <= 'z'))
if((ch >= 'A') && (ch <= 'Z')) return 1; return 1;
if((ch >= '0') && (ch <= '9')) return 1; if ((ch >= 'A') && (ch <= 'Z'))
if ((ch == ' ') || strchr("'()+,-./:=?", ch)) return 1; return 1;
#else /*CHARSET_EBCDIC*/ if ((ch >= '0') && (ch <= '9'))
if((ch >= os_toascii['a']) && (ch <= os_toascii['z'])) return 1; return 1;
if((ch >= os_toascii['A']) && (ch <= os_toascii['Z'])) return 1; if ((ch == ' ') || strchr("'()+,-./:=?", ch))
if((ch >= os_toascii['0']) && (ch <= os_toascii['9'])) return 1; return 1;
if ((ch == os_toascii[' ']) || strchr("'()+,-./:=?", os_toebcdic[ch])) return 1; #else /* CHARSET_EBCDIC */
#endif /*CHARSET_EBCDIC*/ if ((ch >= os_toascii['a']) && (ch <= os_toascii['z']))
return 0; return 1;
if ((ch >= os_toascii['A']) && (ch <= os_toascii['Z']))
return 1;
if ((ch >= os_toascii['0']) && (ch <= os_toascii['9']))
return 1;
if ((ch == os_toascii[' ']) || strchr("'()+,-./:=?", os_toebcdic[ch]))
return 1;
#endif /* CHARSET_EBCDIC */
return 0;
} }

608
crypto/asn1/a_object.c
View File

@ -65,355 +65,341 @@
#include <openssl/bn.h> #include <openssl/bn.h>
int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp) int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
{ {
unsigned char *p; unsigned char *p;
int objsize; int objsize;
if ((a == NULL) || (a->data == NULL)) return(0); if ((a == NULL) || (a->data == NULL))
return (0);
objsize = ASN1_object_size(0,a->length,V_ASN1_OBJECT); objsize = ASN1_object_size(0, a->length, V_ASN1_OBJECT);
if (pp == NULL) return objsize; if (pp == NULL)
return objsize;
p= *pp; p = *pp;
ASN1_put_object(&p,0,a->length,V_ASN1_OBJECT,V_ASN1_UNIVERSAL); ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL);
memcpy(p,a->data,a->length); memcpy(p, a->data, a->length);
p+=a->length; p += a->length;
*pp=p; *pp = p;
return(objsize); return (objsize);
} }
int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
{ {
int i,first,len=0,c, use_bn; int i, first, len = 0, c, use_bn;
char ftmp[24], *tmp = ftmp; char ftmp[24], *tmp = ftmp;
int tmpsize = sizeof ftmp; int tmpsize = sizeof ftmp;
const char *p; const char *p;
unsigned long l; unsigned long l;
BIGNUM *bl = NULL; BIGNUM *bl = NULL;
if (num == 0) if (num == 0)
return(0); return (0);
else if (num == -1) else if (num == -1)
num=strlen(buf); num = strlen(buf);
p=buf; p = buf;
c= *(p++); c = *(p++);
num--; num--;
if ((c >= '0') && (c <= '2')) if ((c >= '0') && (c <= '2')) {
{ first = c - '0';
first= c-'0'; } else {
} ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_FIRST_NUM_TOO_LARGE);
else goto err;
{ }
ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_FIRST_NUM_TOO_LARGE);
goto err;
}
if (num <= 0) if (num <= 0) {
{ ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_MISSING_SECOND_NUMBER);
ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_MISSING_SECOND_NUMBER); goto err;
goto err; }
} c = *(p++);
c= *(p++); num--;
num--; for (;;) {
for (;;) if (num <= 0)
{ break;
if (num <= 0) break; if ((c != '.') && (c != ' ')) {
if ((c != '.') && (c != ' ')) ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_INVALID_SEPARATOR);
{ goto err;
ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_SEPARATOR); }
goto err; l = 0;
} use_bn = 0;
l=0; for (;;) {
use_bn = 0; if (num <= 0)
for (;;) break;
{ num--;
if (num <= 0) break; c = *(p++);
num--; if ((c == ' ') || (c == '.'))
c= *(p++); break;
if ((c == ' ') || (c == '.')) if ((c < '0') || (c > '9')) {
break; ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_INVALID_DIGIT);
if ((c < '0') || (c > '9')) goto err;
{ }
ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT); if (!use_bn && l >= ((ULONG_MAX - 80) / 10L)) {
goto err; use_bn = 1;
} if (!bl)
if (!use_bn && l >= ((ULONG_MAX - 80) / 10L)) bl = BN_new();
{ if (!bl || !BN_set_word(bl, l))
use_bn = 1; goto err;
if (!bl) }
bl = BN_new(); if (use_bn) {
if (!bl || !BN_set_word(bl, l)) if (!BN_mul_word(bl, 10L)
goto err; || !BN_add_word(bl, c - '0'))
} goto err;
if (use_bn) } else
{ l = l * 10L + (long)(c - '0');
if (!BN_mul_word(bl, 10L) }
|| !BN_add_word(bl, c-'0')) if (len == 0) {
goto err; if ((first < 2) && (l >= 40)) {
} ASN1err(ASN1_F_A2D_ASN1_OBJECT,
else ASN1_R_SECOND_NUMBER_TOO_LARGE);
l=l*10L+(long)(c-'0'); goto err;
} }
if (len == 0) if (use_bn) {
{ if (!BN_add_word(bl, first * 40))
if ((first < 2) && (l >= 40)) goto err;
{ } else
ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_SECOND_NUMBER_TOO_LARGE); l += (long)first *40;
goto err; }
} i = 0;
if (use_bn) if (use_bn) {
{ int blsize;
if (!BN_add_word(bl, first * 40)) blsize = BN_num_bits(bl);
goto err; blsize = (blsize + 6) / 7;
} if (blsize > tmpsize) {
else if (tmp != ftmp)
l+=(long)first*40; OPENSSL_free(tmp);
} tmpsize = blsize + 32;
i=0; tmp = OPENSSL_malloc(tmpsize);
if (use_bn) if (!tmp)
{ goto err;
int blsize; }
blsize = BN_num_bits(bl); while (blsize--)
blsize = (blsize + 6)/7; tmp[i++] = (unsigned char)BN_div_word(bl, 0x80L);
if (blsize > tmpsize) } else {
{
if (tmp != ftmp)
OPENSSL_free(tmp);
tmpsize = blsize + 32;
tmp = OPENSSL_malloc(tmpsize);
if (!tmp)
goto err;
}
while(blsize--)
tmp[i++] = (unsigned char)BN_div_word(bl, 0x80L);
}
else
{
for (;;) for (;;) {
{ tmp[i++] = (unsigned char)l & 0x7f;
tmp[i++]=(unsigned char)l&0x7f; l >>= 7L;
l>>=7L; if (l == 0L)
if (l == 0L) break; break;
} }
} }
if (out != NULL) if (out != NULL) {
{ if (len + i > olen) {
if (len+i > olen) ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_BUFFER_TOO_SMALL);
{ goto err;
ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_BUFFER_TOO_SMALL); }
goto err; while (--i > 0)
} out[len++] = tmp[i] | 0x80;
while (--i > 0) out[len++] = tmp[0];
out[len++]=tmp[i]|0x80; } else
out[len++]=tmp[0]; len += i;
} }
else if (tmp != ftmp)
len+=i; OPENSSL_free(tmp);
} if (bl)
if (tmp != ftmp) BN_free(bl);
OPENSSL_free(tmp); return (len);
if (bl) err:
BN_free(bl); if (tmp != ftmp)
return(len); OPENSSL_free(tmp);
err: if (bl)
if (tmp != ftmp) BN_free(bl);
OPENSSL_free(tmp); return (0);
if (bl) }
BN_free(bl);
return(0);
}
int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a) int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a)
{ {
return OBJ_obj2txt(buf, buf_len, a, 0); return OBJ_obj2txt(buf, buf_len, a, 0);
} }
int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a) int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
{ {
char buf[80], *p = buf; char buf[80], *p = buf;
int i; int i;
if ((a == NULL) || (a->data == NULL)) if ((a == NULL) || (a->data == NULL))
return(BIO_write(bp,"NULL",4)); return (BIO_write(bp, "NULL", 4));
i=i2t_ASN1_OBJECT(buf,sizeof buf,a); i = i2t_ASN1_OBJECT(buf, sizeof buf, a);
if (i > (int)(sizeof(buf) - 1)) if (i > (int)(sizeof(buf) - 1)) {
{ p = OPENSSL_malloc(i + 1);
p = OPENSSL_malloc(i + 1); if (!p)
if (!p) return -1;
return -1; i2t_ASN1_OBJECT(p, i + 1, a);
i2t_ASN1_OBJECT(p,i + 1,a); }
} if (i <= 0) {
if (i <= 0) i = BIO_write(bp, "<INVALID>", 9);
{ i += BIO_dump(bp, (const char *)a->data, a->length);
i = BIO_write(bp, "<INVALID>", 9); return i;
i += BIO_dump(bp, (const char *)a->data, a->length); }
return i; BIO_write(bp, p, i);
} if (p != buf)
BIO_write(bp,p,i); OPENSSL_free(p);
if (p != buf) return (i);
OPENSSL_free(p); }
return(i);
}
ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
long length) long length)
{ {
const unsigned char *p; const unsigned char *p;
long len; long len;
int tag,xclass; int tag, xclass;
int inf,i; int inf, i;
ASN1_OBJECT *ret = NULL; ASN1_OBJECT *ret = NULL;
p= *pp; p = *pp;
inf=ASN1_get_object(&p,&len,&tag,&xclass,length); inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
if (inf & 0x80) if (inf & 0x80) {
{ i = ASN1_R_BAD_OBJECT_HEADER;
i=ASN1_R_BAD_OBJECT_HEADER; goto err;
goto err; }
}
if (tag != V_ASN1_OBJECT) if (tag != V_ASN1_OBJECT) {
{ i = ASN1_R_EXPECTING_AN_OBJECT;
i=ASN1_R_EXPECTING_AN_OBJECT; goto err;
goto err; }
} ret = c2i_ASN1_OBJECT(a, &p, len);
ret = c2i_ASN1_OBJECT(a, &p, len); if (ret)
if(ret) *pp = p; *pp = p;
return ret; return ret;
err: err:
ASN1err(ASN1_F_D2I_ASN1_OBJECT,i); ASN1err(ASN1_F_D2I_ASN1_OBJECT, i);
return(NULL); return (NULL);
} }
ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
long len) long len)
{ {
ASN1_OBJECT *ret=NULL; ASN1_OBJECT *ret = NULL;
const unsigned char *p; const unsigned char *p;
unsigned char *data; unsigned char *data;
int i, length; int i, length;
/* Sanity check OID encoding. /*
* Need at least one content octet. * Sanity check OID encoding. Need at least one content octet. MSB must
* MSB must be clear in the last octet. * be clear in the last octet. can't have leading 0x80 in subidentifiers,
* can't have leading 0x80 in subidentifiers, see: X.690 8.19.2 * see: X.690 8.19.2
*/ */
if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL || if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL ||
p[len - 1] & 0x80) p[len - 1] & 0x80) {
{ ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING);
ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING); return NULL;
return NULL; }
} /* Now 0 < len <= INT_MAX, so the cast is safe. */
/* Now 0 < len <= INT_MAX, so the cast is safe. */ length = (int)len;
length = (int)len; for (i = 0; i < length; i++, p++) {
for (i = 0; i < length; i++, p++) if (*p == 0x80 && (!i || !(p[-1] & 0x80))) {
{ ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING);
if (*p == 0x80 && (!i || !(p[-1] & 0x80))) return NULL;
{ }
ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING); }
return NULL;
}
}
/* only the ASN1_OBJECTs from the 'table' will have values /*
* for ->sn or ->ln */ * only the ASN1_OBJECTs from the 'table' will have values for ->sn or
if ((a == NULL) || ((*a) == NULL) || * ->ln
!((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) */
{ if ((a == NULL) || ((*a) == NULL) ||
if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL); !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) {
} if ((ret = ASN1_OBJECT_new()) == NULL)
else ret=(*a); return (NULL);
} else
ret = (*a);
p= *pp; p = *pp;
/* detach data from object */ /* detach data from object */
data = (unsigned char *)ret->data; data = (unsigned char *)ret->data;
ret->data = NULL; ret->data = NULL;
/* once detached we can change it */ /* once detached we can change it */
if ((data == NULL) || (ret->length < length)) if ((data == NULL) || (ret->length < length)) {
{ ret->length = 0;
ret->length=0; if (data != NULL)
if (data != NULL) OPENSSL_free(data); OPENSSL_free(data);
data=(unsigned char *)OPENSSL_malloc(length); data = (unsigned char *)OPENSSL_malloc(length);
if (data == NULL) if (data == NULL) {
{ i=ERR_R_MALLOC_FAILURE; goto err; } i = ERR_R_MALLOC_FAILURE;
ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA; goto err;
} }
memcpy(data,p,length); ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA;
/* reattach data to object, after which it remains const */ }
ret->data =data; memcpy(data, p, length);
ret->length=length; /* reattach data to object, after which it remains const */
ret->sn=NULL; ret->data = data;
ret->ln=NULL; ret->length = length;
/* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */ ret->sn = NULL;
p+=length; ret->ln = NULL;
/* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */
p += length;
if (a != NULL) (*a)=ret; if (a != NULL)
*pp=p; (*a) = ret;
return(ret); *pp = p;
err: return (ret);
ASN1err(ASN1_F_C2I_ASN1_OBJECT,i); err:
if ((ret != NULL) && ((a == NULL) || (*a != ret))) ASN1err(ASN1_F_C2I_ASN1_OBJECT, i);
ASN1_OBJECT_free(ret); if ((ret != NULL) && ((a == NULL) || (*a != ret)))
return(NULL); ASN1_OBJECT_free(ret);
} return (NULL);
}
ASN1_OBJECT *ASN1_OBJECT_new(void) ASN1_OBJECT *ASN1_OBJECT_new(void)
{ {
ASN1_OBJECT *ret; ASN1_OBJECT *ret;
ret=(ASN1_OBJECT *)OPENSSL_malloc(sizeof(ASN1_OBJECT)); ret = (ASN1_OBJECT *)OPENSSL_malloc(sizeof(ASN1_OBJECT));
if (ret == NULL) if (ret == NULL) {
{ ASN1err(ASN1_F_ASN1_OBJECT_NEW, ERR_R_MALLOC_FAILURE);
ASN1err(ASN1_F_ASN1_OBJECT_NEW,ERR_R_MALLOC_FAILURE); return (NULL);
return(NULL); }
} ret->length = 0;
ret->length=0; ret->data = NULL;
ret->data=NULL; ret->nid = 0;
ret->nid=0; ret->sn = NULL;
ret->sn=NULL; ret->ln = NULL;
ret->ln=NULL; ret->flags = ASN1_OBJECT_FLAG_DYNAMIC;
ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; return (ret);
return(ret); }
}
void ASN1_OBJECT_free(ASN1_OBJECT *a) void ASN1_OBJECT_free(ASN1_OBJECT *a)
{ {
if (a == NULL) return; if (a == NULL)
if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) return;
{ if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) {
#ifndef CONST_STRICT /* disable purely for compile-time strict const checking. Doing this on a "real" compile will cause memory leaks */ #ifndef CONST_STRICT /* disable purely for compile-time strict
if (a->sn != NULL) OPENSSL_free((void *)a->sn); * const checking. Doing this on a "real"
if (a->ln != NULL) OPENSSL_free((void *)a->ln); * compile will cause memory leaks */
if (a->sn != NULL)
OPENSSL_free((void *)a->sn);
if (a->ln != NULL)
OPENSSL_free((void *)a->ln);
#endif #endif
a->sn=a->ln=NULL; a->sn = a->ln = NULL;
} }
if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) {
{ if (a->data != NULL)
if (a->data != NULL) OPENSSL_free((void *)a->data); OPENSSL_free((void *)a->data);
a->data=NULL; a->data = NULL;
a->length=0; a->length = 0;
} }
if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC) if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC)
OPENSSL_free(a); OPENSSL_free(a);
} }
ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len, ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
const char *sn, const char *ln) const char *sn, const char *ln)
{ {
ASN1_OBJECT o; ASN1_OBJECT o;
o.sn=sn; o.sn = sn;
o.ln=ln; o.ln = ln;
o.data=data; o.data = data;
o.nid=nid; o.nid = nid;
o.length=len; o.length = len;
o.flags=ASN1_OBJECT_FLAG_DYNAMIC|ASN1_OBJECT_FLAG_DYNAMIC_STRINGS| o.flags = ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS |
ASN1_OBJECT_FLAG_DYNAMIC_DATA; ASN1_OBJECT_FLAG_DYNAMIC_DATA;
return(OBJ_dup(&o)); return (OBJ_dup(&o));
} }
IMPLEMENT_STACK_OF(ASN1_OBJECT) IMPLEMENT_STACK_OF(ASN1_OBJECT)
IMPLEMENT_ASN1_SET_OF(ASN1_OBJECT) IMPLEMENT_ASN1_SET_OF(ASN1_OBJECT)

19
crypto/asn1/a_octet.c
View File

@ -61,11 +61,18 @@
#include <openssl/asn1.h> #include <openssl/asn1.h>
ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *x) ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *x)
{ return M_ASN1_OCTET_STRING_dup(x); } {
return M_ASN1_OCTET_STRING_dup(x);
}
int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, const ASN1_OCTET_STRING *b) int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a,
{ return M_ASN1_OCTET_STRING_cmp(a, b); } const ASN1_OCTET_STRING *b)
{
int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d, int len) return M_ASN1_OCTET_STRING_cmp(a, b);
{ return M_ASN1_OCTET_STRING_set(x, d, len); } }
int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d,
int len)
{
return M_ASN1_OCTET_STRING_set(x, d, len);
}

112
crypto/asn1/a_print.c
View File

@ -61,66 +61,68 @@
#include <openssl/asn1.h> #include <openssl/asn1.h>
int ASN1_PRINTABLE_type(const unsigned char *s, int len) int ASN1_PRINTABLE_type(const unsigned char *s, int len)
{ {
int c; int c;
int ia5=0; int ia5 = 0;
int t61=0; int t61 = 0;
if (len <= 0) len= -1; if (len <= 0)
if (s == NULL) return(V_ASN1_PRINTABLESTRING); len = -1;
if (s == NULL)
return (V_ASN1_PRINTABLESTRING);
while ((*s) && (len-- != 0)) while ((*s) && (len-- != 0)) {
{ c = *(s++);
c= *(s++);
#ifndef CHARSET_EBCDIC #ifndef CHARSET_EBCDIC
if (!( ((c >= 'a') && (c <= 'z')) || if (!(((c >= 'a') && (c <= 'z')) ||
((c >= 'A') && (c <= 'Z')) || ((c >= 'A') && (c <= 'Z')) ||
((c >= '0') && (c <= '9')) || ((c >= '0') && (c <= '9')) ||
(c == ' ') || (c == '\'') || (c == ' ') || (c == '\'') ||
(c == '(') || (c == ')') || (c == '(') || (c == ')') ||
(c == '+') || (c == ',') || (c == '+') || (c == ',') ||
(c == '-') || (c == '.') || (c == '-') || (c == '.') ||
(c == '/') || (c == ':') || (c == '/') || (c == ':') || (c == '=') || (c == '?')))
(c == '=') || (c == '?'))) ia5 = 1;
ia5=1; if (c & 0x80)
if (c&0x80) t61 = 1;
t61=1;
#else #else
if (!isalnum(c) && (c != ' ') && if (!isalnum(c) && (c != ' ') && strchr("'()+,-./:=?", c) == NULL)
strchr("'()+,-./:=?", c) == NULL) ia5 = 1;
ia5=1; if (os_toascii[c] & 0x80)
if (os_toascii[c] & 0x80) t61 = 1;
t61=1;
#endif #endif
} }
if (t61) return(V_ASN1_T61STRING); if (t61)
if (ia5) return(V_ASN1_IA5STRING); return (V_ASN1_T61STRING);
return(V_ASN1_PRINTABLESTRING); if (ia5)
} return (V_ASN1_IA5STRING);
return (V_ASN1_PRINTABLESTRING);
}
int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s) int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s)
{ {
int i; int i;
unsigned char *p; unsigned char *p;
if (s->type != V_ASN1_UNIVERSALSTRING) return(0); if (s->type != V_ASN1_UNIVERSALSTRING)
if ((s->length%4) != 0) return(0); return (0);
p=s->data; if ((s->length % 4) != 0)
for (i=0; i<s->length; i+=4) return (0);
{ p = s->data;
if ((p[0] != '\0') || (p[1] != '\0') || (p[2] != '\0')) for (i = 0; i < s->length; i += 4) {
break; if ((p[0] != '\0') || (p[1] != '\0') || (p[2] != '\0'))
else break;
p+=4; else
} p += 4;
if (i < s->length) return(0); }
p=s->data; if (i < s->length)
for (i=3; i<s->length; i+=4) return (0);
{ p = s->data;
*(p++)=s->data[i]; for (i = 3; i < s->length; i += 4) {
} *(p++) = s->data[i];
*(p)='\0'; }
s->length/=4; *(p) = '\0';
s->type=ASN1_PRINTABLE_type(s->data,s->length); s->length /= 4;
return(1); s->type = ASN1_PRINTABLE_type(s->data, s->length);
} return (1);
}

285
crypto/asn1/a_set.c
View File

@ -62,181 +62,178 @@
#ifndef NO_ASN1_OLD #ifndef NO_ASN1_OLD
typedef struct typedef struct {
{
unsigned char *pbData; unsigned char *pbData;
int cbData; int cbData;
} MYBLOB; } MYBLOB;
/* SetBlobCmp /*
* This function compares two elements of SET_OF block * SetBlobCmp This function compares two elements of SET_OF block
*/ */
static int SetBlobCmp(const void *elem1, const void *elem2 ) static int SetBlobCmp(const void *elem1, const void *elem2)
{ {
const MYBLOB *b1 = (const MYBLOB *)elem1; const MYBLOB *b1 = (const MYBLOB *)elem1;
const MYBLOB *b2 = (const MYBLOB *)elem2; const MYBLOB *b2 = (const MYBLOB *)elem2;
int r; int r;
r = memcmp(b1->pbData, b2->pbData, r = memcmp(b1->pbData, b2->pbData,
b1->cbData < b2->cbData ? b1->cbData : b2->cbData); b1->cbData < b2->cbData ? b1->cbData : b2->cbData);
if(r != 0) if (r != 0)
return r; return r;
return b1->cbData-b2->cbData; return b1->cbData - b2->cbData;
} }
/* int is_set: if TRUE, then sort the contents (i.e. it isn't a SEQUENCE) */ /*
* int is_set: if TRUE, then sort the contents (i.e. it isn't a SEQUENCE)
*/
int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp, int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp,
i2d_of_void *i2d, int ex_tag, int ex_class, i2d_of_void *i2d, int ex_tag, int ex_class, int is_set)
int is_set) {
{ int ret = 0, r;
int ret=0,r; int i;
int i; unsigned char *p;
unsigned char *p; unsigned char *pStart, *pTempMem;
unsigned char *pStart, *pTempMem; MYBLOB *rgSetBlob;
MYBLOB *rgSetBlob; int totSize;
int totSize;
if (a == NULL) return(0); if (a == NULL)
for (i=sk_OPENSSL_BLOCK_num(a)-1; i>=0; i--) return (0);
ret+=i2d(sk_OPENSSL_BLOCK_value(a,i),NULL); for (i = sk_OPENSSL_BLOCK_num(a) - 1; i >= 0; i--)
r=ASN1_object_size(1,ret,ex_tag); ret += i2d(sk_OPENSSL_BLOCK_value(a, i), NULL);
if (pp == NULL) return(r); r = ASN1_object_size(1, ret, ex_tag);
if (pp == NULL)
return (r);
p= *pp; p = *pp;
ASN1_put_object(&p,1,ret,ex_tag,ex_class); ASN1_put_object(&p, 1, ret, ex_tag, ex_class);
/* Modified by gp@nsj.co.jp */ /* Modified by gp@nsj.co.jp */
/* And then again by Ben */ /* And then again by Ben */
/* And again by Steve */ /* And again by Steve */
if(!is_set || (sk_OPENSSL_BLOCK_num(a) < 2)) if (!is_set || (sk_OPENSSL_BLOCK_num(a) < 2)) {
{ for (i = 0; i < sk_OPENSSL_BLOCK_num(a); i++)
for (i=0; i<sk_OPENSSL_BLOCK_num(a); i++) i2d(sk_OPENSSL_BLOCK_value(a, i), &p);
i2d(sk_OPENSSL_BLOCK_value(a,i),&p);
*pp=p; *pp = p;
return(r); return (r);
} }
pStart = p; /* Catch the beg of Setblobs*/ pStart = p; /* Catch the beg of Setblobs */
/* In this array we will store the SET blobs */ /* In this array we will store the SET blobs */
rgSetBlob = OPENSSL_malloc(sk_OPENSSL_BLOCK_num(a) * sizeof(MYBLOB)); rgSetBlob = OPENSSL_malloc(sk_OPENSSL_BLOCK_num(a) * sizeof(MYBLOB));
if (rgSetBlob == NULL) if (rgSetBlob == NULL) {
{ ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE);
ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE); return (0);
return(0); }
}
for (i=0; i<sk_OPENSSL_BLOCK_num(a); i++) for (i = 0; i < sk_OPENSSL_BLOCK_num(a); i++) {
{ rgSetBlob[i].pbData = p; /* catch each set encode blob */
rgSetBlob[i].pbData = p; /* catch each set encode blob */ i2d(sk_OPENSSL_BLOCK_value(a, i), &p);
i2d(sk_OPENSSL_BLOCK_value(a,i),&p); rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this
rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this * SetBlob */
SetBlob }
*/ *pp = p;
} totSize = p - pStart; /* This is the total size of all set blobs */
*pp=p;
totSize = p - pStart; /* This is the total size of all set blobs */
/* Now we have to sort the blobs. I am using a simple algo. /*
*Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/ * Now we have to sort the blobs. I am using a simple algo. *Sort ptrs
qsort( rgSetBlob, sk_OPENSSL_BLOCK_num(a), sizeof(MYBLOB), SetBlobCmp); * *Copy to temp-mem *Copy from temp-mem to user-mem
if (!(pTempMem = OPENSSL_malloc(totSize))) */
{ qsort(rgSetBlob, sk_OPENSSL_BLOCK_num(a), sizeof(MYBLOB), SetBlobCmp);
OPENSSL_free(rgSetBlob); if (!(pTempMem = OPENSSL_malloc(totSize))) {
ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE); OPENSSL_free(rgSetBlob);
return(0); ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE);
} return (0);
}
/* Copy to temp mem */ /* Copy to temp mem */
p = pTempMem; p = pTempMem;
for(i=0; i<sk_OPENSSL_BLOCK_num(a); ++i) for (i = 0; i < sk_OPENSSL_BLOCK_num(a); ++i) {
{ memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData);
memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData); p += rgSetBlob[i].cbData;
p += rgSetBlob[i].cbData; }
}
/* Copy back to user mem*/ /* Copy back to user mem*/
memcpy(pStart, pTempMem, totSize); memcpy(pStart, pTempMem, totSize);
OPENSSL_free(pTempMem); OPENSSL_free(pTempMem);
OPENSSL_free(rgSetBlob); OPENSSL_free(rgSetBlob);
return(r); return (r);
} }
STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a, STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a,
const unsigned char **pp, const unsigned char **pp,
long length, d2i_of_void *d2i, long length, d2i_of_void *d2i,
void (*free_func)(OPENSSL_BLOCK), int ex_tag, void (*free_func) (OPENSSL_BLOCK),
int ex_class) int ex_tag, int ex_class)
{ {
ASN1_const_CTX c; ASN1_const_CTX c;
STACK_OF(OPENSSL_BLOCK) *ret=NULL; STACK_OF(OPENSSL_BLOCK) *ret = NULL;
if ((a == NULL) || ((*a) == NULL)) if ((a == NULL) || ((*a) == NULL)) {
{ if ((ret = sk_OPENSSL_BLOCK_new_null()) == NULL) {
if ((ret=sk_OPENSSL_BLOCK_new_null()) == NULL) ASN1err(ASN1_F_D2I_ASN1_SET, ERR_R_MALLOC_FAILURE);
{ goto err;
ASN1err(ASN1_F_D2I_ASN1_SET,ERR_R_MALLOC_FAILURE); }
goto err; } else
} ret = (*a);
}
else
ret=(*a);
c.p= *pp; c.p = *pp;
c.max=(length == 0)?0:(c.p+length); c.max = (length == 0) ? 0 : (c.p + length);
c.inf=ASN1_get_object(&c.p,&c.slen,&c.tag,&c.xclass,c.max-c.p); c.inf = ASN1_get_object(&c.p, &c.slen, &c.tag, &c.xclass, c.max - c.p);
if (c.inf & 0x80) goto err; if (c.inf & 0x80)
if (ex_class != c.xclass) goto err;
{ if (ex_class != c.xclass) {
ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_BAD_CLASS); ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_BAD_CLASS);
goto err; goto err;
} }
if (ex_tag != c.tag) if (ex_tag != c.tag) {
{ ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_BAD_TAG);
ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_BAD_TAG); goto err;
goto err; }
} if ((c.slen + c.p) > c.max) {
if ((c.slen+c.p) > c.max) ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_LENGTH_ERROR);
{ goto err;
ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_LENGTH_ERROR); }
goto err; /*
} * check for infinite constructed - it can be as long as the amount of
/* check for infinite constructed - it can be as long * data passed to us
* as the amount of data passed to us */ */
if (c.inf == (V_ASN1_CONSTRUCTED+1)) if (c.inf == (V_ASN1_CONSTRUCTED + 1))
c.slen=length+ *pp-c.p; c.slen = length + *pp - c.p;
c.max=c.p+c.slen; c.max = c.p + c.slen;
while (c.p < c.max) while (c.p < c.max) {
{ char *s;
char *s;
if (M_ASN1_D2I_end_sequence()) break; if (M_ASN1_D2I_end_sequence())
/* XXX: This was called with 4 arguments, incorrectly, it seems break;
if ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL) */ /*
if ((s=d2i(NULL,&c.p,c.slen)) == NULL) * XXX: This was called with 4 arguments, incorrectly, it seems if
{ * ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL)
ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_ERROR_PARSING_SET_ELEMENT); */
asn1_add_error(*pp,(int)(c.p- *pp)); if ((s = d2i(NULL, &c.p, c.slen)) == NULL) {
goto err; ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_ERROR_PARSING_SET_ELEMENT);
} asn1_add_error(*pp, (int)(c.p - *pp));
if (!sk_OPENSSL_BLOCK_push(ret,s)) goto err; goto err;
} }
if (a != NULL) (*a)=ret; if (!sk_OPENSSL_BLOCK_push(ret, s))
*pp=c.p; goto err;
return(ret); }
err: if (a != NULL)
if ((ret != NULL) && ((a == NULL) || (*a != ret))) (*a) = ret;
{ *pp = c.p;
if (free_func != NULL) return (ret);
sk_OPENSSL_BLOCK_pop_free(ret,free_func); err:
else if ((ret != NULL) && ((a == NULL) || (*a != ret))) {
sk_OPENSSL_BLOCK_free(ret); if (free_func != NULL)
} sk_OPENSSL_BLOCK_pop_free(ret, free_func);
return(NULL); else
} sk_OPENSSL_BLOCK_free(ret);
}
return (NULL);
}
#endif #endif

373
crypto/asn1/a_sign.c
View File

@ -128,207 +128,204 @@
#ifndef NO_ASN1_OLD #ifndef NO_ASN1_OLD
int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey,
const EVP_MD *type) const EVP_MD *type)
{ {
EVP_MD_CTX ctx; EVP_MD_CTX ctx;
unsigned char *p,*buf_in=NULL,*buf_out=NULL; unsigned char *p, *buf_in = NULL, *buf_out = NULL;
int i,inl=0,outl=0,outll=0; int i, inl = 0, outl = 0, outll = 0;
X509_ALGOR *a; X509_ALGOR *a;
EVP_MD_CTX_init(&ctx); EVP_MD_CTX_init(&ctx);
for (i=0; i<2; i++) for (i = 0; i < 2; i++) {
{ if (i == 0)
if (i == 0) a = algor1;
a=algor1; else
else a = algor2;
a=algor2; if (a == NULL)
if (a == NULL) continue; continue;
if (type->pkey_type == NID_dsaWithSHA1) if (type->pkey_type == NID_dsaWithSHA1) {
{ /*
/* special case: RFC 2459 tells us to omit 'parameters' * special case: RFC 2459 tells us to omit 'parameters' with
* with id-dsa-with-sha1 */ * id-dsa-with-sha1
ASN1_TYPE_free(a->parameter); */
a->parameter = NULL; ASN1_TYPE_free(a->parameter);
} a->parameter = NULL;
else if ((a->parameter == NULL) || } else if ((a->parameter == NULL) ||
(a->parameter->type != V_ASN1_NULL)) (a->parameter->type != V_ASN1_NULL)) {
{ ASN1_TYPE_free(a->parameter);
ASN1_TYPE_free(a->parameter); if ((a->parameter = ASN1_TYPE_new()) == NULL)
if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err; goto err;
a->parameter->type=V_ASN1_NULL; a->parameter->type = V_ASN1_NULL;
} }
ASN1_OBJECT_free(a->algorithm); ASN1_OBJECT_free(a->algorithm);
a->algorithm=OBJ_nid2obj(type->pkey_type); a->algorithm = OBJ_nid2obj(type->pkey_type);
if (a->algorithm == NULL) if (a->algorithm == NULL) {
{ ASN1err(ASN1_F_ASN1_SIGN, ASN1_R_UNKNOWN_OBJECT_TYPE);
ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE); goto err;
goto err; }
} if (a->algorithm->length == 0) {
if (a->algorithm->length == 0) ASN1err(ASN1_F_ASN1_SIGN,
{ ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); goto err;
goto err; }
} }
} inl = i2d(data, NULL);
inl=i2d(data,NULL); buf_in = (unsigned char *)OPENSSL_malloc((unsigned int)inl);
buf_in=(unsigned char *)OPENSSL_malloc((unsigned int)inl); outll = outl = EVP_PKEY_size(pkey);
outll=outl=EVP_PKEY_size(pkey); buf_out = (unsigned char *)OPENSSL_malloc((unsigned int)outl);
buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl); if ((buf_in == NULL) || (buf_out == NULL)) {
if ((buf_in == NULL) || (buf_out == NULL)) outl = 0;
{ ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE);
outl=0; goto err;
ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE); }
goto err; p = buf_in;
}
p=buf_in;
i2d(data,&p); i2d(data, &p);
if (!EVP_SignInit_ex(&ctx,type, NULL) if (!EVP_SignInit_ex(&ctx, type, NULL)
|| !EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl) || !EVP_SignUpdate(&ctx, (unsigned char *)buf_in, inl)
|| !EVP_SignFinal(&ctx,(unsigned char *)buf_out, || !EVP_SignFinal(&ctx, (unsigned char *)buf_out,
(unsigned int *)&outl,pkey)) (unsigned int *)&outl, pkey)) {
{ outl = 0;
outl=0; ASN1err(ASN1_F_ASN1_SIGN, ERR_R_EVP_LIB);
ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB); goto err;
goto err; }
} if (signature->data != NULL)
if (signature->data != NULL) OPENSSL_free(signature->data); OPENSSL_free(signature->data);
signature->data=buf_out; signature->data = buf_out;
buf_out=NULL; buf_out = NULL;
signature->length=outl; signature->length = outl;
/* In the interests of compatibility, I'll make sure that /*
* the bit string has a 'not-used bits' value of 0 * In the interests of compatibility, I'll make sure that the bit string
*/ * has a 'not-used bits' value of 0
signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); */
signature->flags|=ASN1_STRING_FLAG_BITS_LEFT; signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
err: signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
EVP_MD_CTX_cleanup(&ctx); err:
if (buf_in != NULL) EVP_MD_CTX_cleanup(&ctx);
{ OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); } if (buf_in != NULL) {
if (buf_out != NULL) OPENSSL_cleanse((char *)buf_in, (unsigned int)inl);
{ OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); } OPENSSL_free(buf_in);
return(outl); }
} if (buf_out != NULL) {
OPENSSL_cleanse((char *)buf_out, outll);
OPENSSL_free(buf_out);
}
return (outl);
}
#endif #endif
int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey, X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn,
const EVP_MD *type) EVP_PKEY *pkey, const EVP_MD *type)
{ {
EVP_MD_CTX ctx; EVP_MD_CTX ctx;
EVP_MD_CTX_init(&ctx); EVP_MD_CTX_init(&ctx);
if (!EVP_DigestSignInit(&ctx, NULL, type, NULL, pkey)) if (!EVP_DigestSignInit(&ctx, NULL, type, NULL, pkey)) {
{ EVP_MD_CTX_cleanup(&ctx);
EVP_MD_CTX_cleanup(&ctx); return 0;
return 0; }
} return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, &ctx);
return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, &ctx); }
}
int ASN1_item_sign_ctx(const ASN1_ITEM *it, int ASN1_item_sign_ctx(const ASN1_ITEM *it,
X509_ALGOR *algor1, X509_ALGOR *algor2, X509_ALGOR *algor1, X509_ALGOR *algor2,
ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx) ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx)
{ {
const EVP_MD *type; const EVP_MD *type;
EVP_PKEY *pkey; EVP_PKEY *pkey;
unsigned char *buf_in=NULL,*buf_out=NULL; unsigned char *buf_in = NULL, *buf_out = NULL;
size_t inl=0,outl=0,outll=0; size_t inl = 0, outl = 0, outll = 0;
int signid, paramtype; int signid, paramtype;
int rv; int rv;
type = EVP_MD_CTX_md(ctx); type = EVP_MD_CTX_md(ctx);
pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx); pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx);
if (!type || !pkey) if (!type || !pkey) {
{ ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED);
ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED); return 0;
return 0; }
}
if (pkey->ameth->item_sign) if (pkey->ameth->item_sign) {
{ rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2, signature);
rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2, if (rv == 1)
signature); outl = signature->length;
if (rv == 1) /*-
outl = signature->length; * Return value meanings:
/*- * <=0: error.
* Return value meanings: * 1: method does everything.
* <=0: error. * 2: carry on as normal.
* 1: method does everything. * 3: ASN1 method sets algorithm identifiers: just sign.
* 2: carry on as normal. */
* 3: ASN1 method sets algorithm identifiers: just sign. if (rv <= 0)
*/ ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB);
if (rv <= 0) if (rv <= 1)
ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB); goto err;
if (rv <= 1) } else
goto err; rv = 2;
}
else
rv = 2;
if (rv == 2) if (rv == 2) {
{ if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) {
if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) if (!pkey->ameth ||
{ !OBJ_find_sigid_by_algs(&signid,
if (!pkey->ameth || EVP_MD_nid(type),
!OBJ_find_sigid_by_algs(&signid, pkey->ameth->pkey_id)) {
EVP_MD_nid(type), ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,
pkey->ameth->pkey_id)) ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
{ return 0;
ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, }
ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); } else
return 0; signid = type->pkey_type;
}
}
else
signid = type->pkey_type;
if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL) if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)
paramtype = V_ASN1_NULL; paramtype = V_ASN1_NULL;
else else
paramtype = V_ASN1_UNDEF; paramtype = V_ASN1_UNDEF;
if (algor1) if (algor1)
X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL); X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL);
if (algor2) if (algor2)
X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL); X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL);
} }
inl=ASN1_item_i2d(asn,&buf_in, it); inl = ASN1_item_i2d(asn, &buf_in, it);
outll=outl=EVP_PKEY_size(pkey); outll = outl = EVP_PKEY_size(pkey);
buf_out=OPENSSL_malloc((unsigned int)outl); buf_out = OPENSSL_malloc((unsigned int)outl);
if ((buf_in == NULL) || (buf_out == NULL)) if ((buf_in == NULL) || (buf_out == NULL)) {
{ outl = 0;
outl=0; ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_MALLOC_FAILURE);
ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,ERR_R_MALLOC_FAILURE); goto err;
goto err; }
}
if (!EVP_DigestSignUpdate(ctx, buf_in, inl) if (!EVP_DigestSignUpdate(ctx, buf_in, inl)
|| !EVP_DigestSignFinal(ctx, buf_out, &outl)) || !EVP_DigestSignFinal(ctx, buf_out, &outl)) {
{ outl = 0;
outl=0; ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB);
ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,ERR_R_EVP_LIB); goto err;
goto err; }
} if (signature->data != NULL)
if (signature->data != NULL) OPENSSL_free(signature->data); OPENSSL_free(signature->data);
signature->data=buf_out; signature->data = buf_out;
buf_out=NULL; buf_out = NULL;
signature->length=outl; signature->length = outl;
/* In the interests of compatibility, I'll make sure that /*
* the bit string has a 'not-used bits' value of 0 * In the interests of compatibility, I'll make sure that the bit string
*/ * has a 'not-used bits' value of 0
signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); */
signature->flags|=ASN1_STRING_FLAG_BITS_LEFT; signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
err: signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
EVP_MD_CTX_cleanup(ctx); err:
if (buf_in != NULL) EVP_MD_CTX_cleanup(ctx);
{ OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); } if (buf_in != NULL) {
if (buf_out != NULL) OPENSSL_cleanse((char *)buf_in, (unsigned int)inl);
{ OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); } OPENSSL_free(buf_in);
return(outl); }
} if (buf_out != NULL) {
OPENSSL_cleanse((char *)buf_out, outll);
OPENSSL_free(buf_out);
}
return (outl);
}

875
crypto/asn1/a_strex.c
View File

@ -1,6 +1,7 @@
/* a_strex.c */ /* a_strex.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL /*
* project 2000. * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 2000.
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 2000 The OpenSSL Project. All rights reserved. * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
@ -65,512 +66,584 @@
#include "charmap.h" #include "charmap.h"
/* ASN1_STRING_print_ex() and X509_NAME_print_ex(). /*
* Enhanced string and name printing routines handling * ASN1_STRING_print_ex() and X509_NAME_print_ex(). Enhanced string and name
* multibyte characters, RFC2253 and a host of other * printing routines handling multibyte characters, RFC2253 and a host of
* options. * other options.
*/ */
#define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253)
#define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253)
#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \ #define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
ASN1_STRFLGS_ESC_QUOTE | \ ASN1_STRFLGS_ESC_QUOTE | \
ASN1_STRFLGS_ESC_CTRL | \ ASN1_STRFLGS_ESC_CTRL | \
ASN1_STRFLGS_ESC_MSB) ASN1_STRFLGS_ESC_MSB)
/*
/* Three IO functions for sending data to memory, a BIO and * Three IO functions for sending data to memory, a BIO and and a FILE
* and a FILE pointer. * pointer.
*/ */
#if 0 /* never used */ #if 0 /* never used */
static int send_mem_chars(void *arg, const void *buf, int len) static int send_mem_chars(void *arg, const void *buf, int len)
{ {
unsigned char **out = arg; unsigned char **out = arg;
if(!out) return 1; if (!out)
memcpy(*out, buf, len); return 1;
*out += len; memcpy(*out, buf, len);
return 1; *out += len;
return 1;
} }
#endif #endif
static int send_bio_chars(void *arg, const void *buf, int len) static int send_bio_chars(void *arg, const void *buf, int len)
{ {
if(!arg) return 1; if (!arg)
if(BIO_write(arg, buf, len) != len) return 0; return 1;
return 1; if (BIO_write(arg, buf, len) != len)
return 0;
return 1;
} }
static int send_fp_chars(void *arg, const void *buf, int len) static int send_fp_chars(void *arg, const void *buf, int len)
{ {
if(!arg) return 1; if (!arg)
if(fwrite(buf, 1, len, arg) != (unsigned int)len) return 0; return 1;
return 1; if (fwrite(buf, 1, len, arg) != (unsigned int)len)
return 0;
return 1;
} }
typedef int char_io(void *arg, const void *buf, int len); typedef int char_io (void *arg, const void *buf, int len);
/* This function handles display of /*
* strings, one character at a time. * This function handles display of strings, one character at a time. It is
* It is passed an unsigned long for each * passed an unsigned long for each character because it could come from 2 or
* character because it could come from 2 or even * even 4 byte forms.
* 4 byte forms.
*/ */
static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, char_io *io_ch, void *arg) static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes,
char_io *io_ch, void *arg)
{ {
unsigned char chflgs, chtmp; unsigned char chflgs, chtmp;
char tmphex[HEX_SIZE(long)+3]; char tmphex[HEX_SIZE(long) + 3];
if(c > 0xffffffffL) if (c > 0xffffffffL)
return -1; return -1;
if(c > 0xffff) { if (c > 0xffff) {
BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c); BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c);
if(!io_ch(arg, tmphex, 10)) return -1; if (!io_ch(arg, tmphex, 10))
return 10; return -1;
} return 10;
if(c > 0xff) { }
BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c); if (c > 0xff) {
if(!io_ch(arg, tmphex, 6)) return -1; BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c);
return 6; if (!io_ch(arg, tmphex, 6))
} return -1;
chtmp = (unsigned char)c; return 6;
if(chtmp > 0x7f) chflgs = flags & ASN1_STRFLGS_ESC_MSB; }
else chflgs = char_type[chtmp] & flags; chtmp = (unsigned char)c;
if(chflgs & CHARTYPE_BS_ESC) { if (chtmp > 0x7f)
/* If we don't escape with quotes, signal we need quotes */ chflgs = flags & ASN1_STRFLGS_ESC_MSB;
if(chflgs & ASN1_STRFLGS_ESC_QUOTE) { else
if(do_quotes) *do_quotes = 1; chflgs = char_type[chtmp] & flags;
if(!io_ch(arg, &chtmp, 1)) return -1; if (chflgs & CHARTYPE_BS_ESC) {
return 1; /* If we don't escape with quotes, signal we need quotes */
} if (chflgs & ASN1_STRFLGS_ESC_QUOTE) {
if(!io_ch(arg, "\\", 1)) return -1; if (do_quotes)
if(!io_ch(arg, &chtmp, 1)) return -1; *do_quotes = 1;
return 2; if (!io_ch(arg, &chtmp, 1))
} return -1;
if(chflgs & (ASN1_STRFLGS_ESC_CTRL|ASN1_STRFLGS_ESC_MSB)) { return 1;
BIO_snprintf(tmphex, 11, "\\%02X", chtmp); }
if(!io_ch(arg, tmphex, 3)) return -1; if (!io_ch(arg, "\\", 1))
return 3; return -1;
} if (!io_ch(arg, &chtmp, 1))
/* If we get this far and do any escaping at all must escape return -1;
* the escape character itself: backslash. return 2;
*/ }
if (chtmp == '\\' && flags & ESC_FLAGS) { if (chflgs & (ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB)) {
if(!io_ch(arg, "\\\\", 2)) return -1; BIO_snprintf(tmphex, 11, "\\%02X", chtmp);
return 2; if (!io_ch(arg, tmphex, 3))
} return -1;
if(!io_ch(arg, &chtmp, 1)) return -1; return 3;
return 1; }
/*
* If we get this far and do any escaping at all must escape the escape
* character itself: backslash.
*/
if (chtmp == '\\' && flags & ESC_FLAGS) {
if (!io_ch(arg, "\\\\", 2))
return -1;
return 2;
}
if (!io_ch(arg, &chtmp, 1))
return -1;
return 1;
} }
#define BUF_TYPE_WIDTH_MASK 0x7 #define BUF_TYPE_WIDTH_MASK 0x7
#define BUF_TYPE_CONVUTF8 0x8 #define BUF_TYPE_CONVUTF8 0x8
/* This function sends each character in a buffer to /*
* do_esc_char(). It interprets the content formats * This function sends each character in a buffer to do_esc_char(). It
* and converts to or from UTF8 as appropriate. * interprets the content formats and converts to or from UTF8 as
* appropriate.
*/ */
static int do_buf(unsigned char *buf, int buflen, static int do_buf(unsigned char *buf, int buflen,
int type, unsigned char flags, char *quotes, char_io *io_ch, void *arg) int type, unsigned char flags, char *quotes, char_io *io_ch,
void *arg)
{ {
int i, outlen, len; int i, outlen, len;
unsigned char orflags, *p, *q; unsigned char orflags, *p, *q;
unsigned long c; unsigned long c;
p = buf; p = buf;
q = buf + buflen; q = buf + buflen;
outlen = 0; outlen = 0;
while(p != q) { while (p != q) {
if(p == buf && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_FIRST_ESC_2253; if (p == buf && flags & ASN1_STRFLGS_ESC_2253)
else orflags = 0; orflags = CHARTYPE_FIRST_ESC_2253;
switch(type & BUF_TYPE_WIDTH_MASK) { else
case 4: orflags = 0;
c = ((unsigned long)*p++) << 24; switch (type & BUF_TYPE_WIDTH_MASK) {
c |= ((unsigned long)*p++) << 16; case 4:
c |= ((unsigned long)*p++) << 8; c = ((unsigned long)*p++) << 24;
c |= *p++; c |= ((unsigned long)*p++) << 16;
break; c |= ((unsigned long)*p++) << 8;
c |= *p++;
break;
case 2: case 2:
c = ((unsigned long)*p++) << 8; c = ((unsigned long)*p++) << 8;
c |= *p++; c |= *p++;
break; break;
case 1: case 1:
c = *p++; c = *p++;
break; break;
case 0: case 0:
i = UTF8_getc(p, buflen, &c); i = UTF8_getc(p, buflen, &c);
if(i < 0) return -1; /* Invalid UTF8String */ if (i < 0)
p += i; return -1; /* Invalid UTF8String */
break; p += i;
default: break;
return -1; /* invalid width */ default:
} return -1; /* invalid width */
if (p == q && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_LAST_ESC_2253; }
if(type & BUF_TYPE_CONVUTF8) { if (p == q && flags & ASN1_STRFLGS_ESC_2253)
unsigned char utfbuf[6]; orflags = CHARTYPE_LAST_ESC_2253;
int utflen; if (type & BUF_TYPE_CONVUTF8) {
utflen = UTF8_putc(utfbuf, sizeof utfbuf, c); unsigned char utfbuf[6];
for(i = 0; i < utflen; i++) { int utflen;
/* We don't need to worry about setting orflags correctly utflen = UTF8_putc(utfbuf, sizeof utfbuf, c);
* because if utflen==1 its value will be correct anyway for (i = 0; i < utflen; i++) {
* otherwise each character will be > 0x7f and so the /*
* character will never be escaped on first and last. * We don't need to worry about setting orflags correctly
*/ * because if utflen==1 its value will be correct anyway
len = do_esc_char(utfbuf[i], (unsigned char)(flags | orflags), quotes, io_ch, arg); * otherwise each character will be > 0x7f and so the
if(len < 0) return -1; * character will never be escaped on first and last.
outlen += len; */
} len =
} else { do_esc_char(utfbuf[i], (unsigned char)(flags | orflags),
len = do_esc_char(c, (unsigned char)(flags | orflags), quotes, io_ch, arg); quotes, io_ch, arg);
if(len < 0) return -1; if (len < 0)
outlen += len; return -1;
} outlen += len;
} }
return outlen; } else {
len =
do_esc_char(c, (unsigned char)(flags | orflags), quotes,
io_ch, arg);
if (len < 0)
return -1;
outlen += len;
}
}
return outlen;
} }
/* This function hex dumps a buffer of characters */ /* This function hex dumps a buffer of characters */
static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen) static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf,
int buflen)
{ {
static const char hexdig[] = "0123456789ABCDEF"; static const char hexdig[] = "0123456789ABCDEF";
unsigned char *p, *q; unsigned char *p, *q;
char hextmp[2]; char hextmp[2];
if(arg) { if (arg) {
p = buf; p = buf;
q = buf + buflen; q = buf + buflen;
while(p != q) { while (p != q) {
hextmp[0] = hexdig[*p >> 4]; hextmp[0] = hexdig[*p >> 4];
hextmp[1] = hexdig[*p & 0xf]; hextmp[1] = hexdig[*p & 0xf];
if(!io_ch(arg, hextmp, 2)) return -1; if (!io_ch(arg, hextmp, 2))
p++; return -1;
} p++;
} }
return buflen << 1; }
return buflen << 1;
} }
/* "dump" a string. This is done when the type is unknown, /*
* or the flags request it. We can either dump the content * "dump" a string. This is done when the type is unknown, or the flags
* octets or the entire DER encoding. This uses the RFC2253 * request it. We can either dump the content octets or the entire DER
* #01234 format. * encoding. This uses the RFC2253 #01234 format.
*/ */
static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str) static int do_dump(unsigned long lflags, char_io *io_ch, void *arg,
ASN1_STRING *str)
{ {
/* Placing the ASN1_STRING in a temp ASN1_TYPE allows /*
* the DER encoding to readily obtained * Placing the ASN1_STRING in a temp ASN1_TYPE allows the DER encoding to
*/ * readily obtained
ASN1_TYPE t; */
unsigned char *der_buf, *p; ASN1_TYPE t;
int outlen, der_len; unsigned char *der_buf, *p;
int outlen, der_len;
if(!io_ch(arg, "#", 1)) return -1; if (!io_ch(arg, "#", 1))
/* If we don't dump DER encoding just dump content octets */ return -1;
if(!(lflags & ASN1_STRFLGS_DUMP_DER)) { /* If we don't dump DER encoding just dump content octets */
outlen = do_hex_dump(io_ch, arg, str->data, str->length); if (!(lflags & ASN1_STRFLGS_DUMP_DER)) {
if(outlen < 0) return -1; outlen = do_hex_dump(io_ch, arg, str->data, str->length);
return outlen + 1; if (outlen < 0)
} return -1;
t.type = str->type; return outlen + 1;
t.value.ptr = (char *)str; }
der_len = i2d_ASN1_TYPE(&t, NULL); t.type = str->type;
der_buf = OPENSSL_malloc(der_len); t.value.ptr = (char *)str;
if(!der_buf) return -1; der_len = i2d_ASN1_TYPE(&t, NULL);
p = der_buf; der_buf = OPENSSL_malloc(der_len);
i2d_ASN1_TYPE(&t, &p); if (!der_buf)
outlen = do_hex_dump(io_ch, arg, der_buf, der_len); return -1;
OPENSSL_free(der_buf); p = der_buf;
if(outlen < 0) return -1; i2d_ASN1_TYPE(&t, &p);
return outlen + 1; outlen = do_hex_dump(io_ch, arg, der_buf, der_len);
OPENSSL_free(der_buf);
if (outlen < 0)
return -1;
return outlen + 1;
} }
/* Lookup table to convert tags to character widths, /*
* 0 = UTF8 encoded, -1 is used for non string types * Lookup table to convert tags to character widths, 0 = UTF8 encoded, -1 is
* otherwise it is the number of bytes per character * used for non string types otherwise it is the number of bytes per
* character
*/ */
static const signed char tag2nbyte[] = { static const signed char tag2nbyte[] = {
-1, -1, -1, -1, -1, /* 0-4 */ -1, -1, -1, -1, -1, /* 0-4 */
-1, -1, -1, -1, -1, /* 5-9 */ -1, -1, -1, -1, -1, /* 5-9 */
-1, -1, 0, -1, /* 10-13 */ -1, -1, 0, -1, /* 10-13 */
-1, -1, -1, -1, /* 15-17 */ -1, -1, -1, -1, /* 15-17 */
-1, 1, 1, /* 18-20 */ -1, 1, 1, /* 18-20 */
-1, 1, 1, 1, /* 21-24 */ -1, 1, 1, 1, /* 21-24 */
-1, 1, -1, /* 25-27 */ -1, 1, -1, /* 25-27 */
4, -1, 2 /* 28-30 */ 4, -1, 2 /* 28-30 */
}; };
/* This is the main function, print out an /*
* ASN1_STRING taking note of various escape * This is the main function, print out an ASN1_STRING taking note of various
* and display options. Returns number of * escape and display options. Returns number of characters written or -1 if
* characters written or -1 if an error * an error occurred.
* occurred.
*/ */
static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, ASN1_STRING *str) static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags,
ASN1_STRING *str)
{ {
int outlen, len; int outlen, len;
int type; int type;
char quotes; char quotes;
unsigned char flags; unsigned char flags;
quotes = 0; quotes = 0;
/* Keep a copy of escape flags */ /* Keep a copy of escape flags */
flags = (unsigned char)(lflags & ESC_FLAGS); flags = (unsigned char)(lflags & ESC_FLAGS);
type = str->type; type = str->type;
outlen = 0; outlen = 0;
if (lflags & ASN1_STRFLGS_SHOW_TYPE) {
const char *tagname;
tagname = ASN1_tag2str(type);
outlen += strlen(tagname);
if (!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1))
return -1;
outlen++;
}
if(lflags & ASN1_STRFLGS_SHOW_TYPE) { /* Decide what to do with type, either dump content or display it */
const char *tagname;
tagname = ASN1_tag2str(type);
outlen += strlen(tagname);
if(!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1)) return -1;
outlen++;
}
/* Decide what to do with type, either dump content or display it */ /* Dump everything */
if (lflags & ASN1_STRFLGS_DUMP_ALL)
type = -1;
/* Ignore the string type */
else if (lflags & ASN1_STRFLGS_IGNORE_TYPE)
type = 1;
else {
/* Else determine width based on type */
if ((type > 0) && (type < 31))
type = tag2nbyte[type];
else
type = -1;
if ((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN))
type = 1;
}
/* Dump everything */ if (type == -1) {
if(lflags & ASN1_STRFLGS_DUMP_ALL) type = -1; len = do_dump(lflags, io_ch, arg, str);
/* Ignore the string type */ if (len < 0)
else if(lflags & ASN1_STRFLGS_IGNORE_TYPE) type = 1; return -1;
else { outlen += len;
/* Else determine width based on type */ return outlen;
if((type > 0) && (type < 31)) type = tag2nbyte[type]; }
else type = -1;
if((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN)) type = 1;
}
if(type == -1) { if (lflags & ASN1_STRFLGS_UTF8_CONVERT) {
len = do_dump(lflags, io_ch, arg, str); /*
if(len < 0) return -1; * Note: if string is UTF8 and we want to convert to UTF8 then we
outlen += len; * just interpret it as 1 byte per character to avoid converting
return outlen; * twice.
} */
if (!type)
type = 1;
else
type |= BUF_TYPE_CONVUTF8;
}
if(lflags & ASN1_STRFLGS_UTF8_CONVERT) { len = do_buf(str->data, str->length, type, flags, &quotes, io_ch, NULL);
/* Note: if string is UTF8 and we want if (len < 0)
* to convert to UTF8 then we just interpret return -1;
* it as 1 byte per character to avoid converting outlen += len;
* twice. if (quotes)
*/ outlen += 2;
if(!type) type = 1; if (!arg)
else type |= BUF_TYPE_CONVUTF8; return outlen;
} if (quotes && !io_ch(arg, "\"", 1))
return -1;
len = do_buf(str->data, str->length, type, flags, &quotes, io_ch, NULL); if (do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0)
if(len < 0) return -1; return -1;
outlen += len; if (quotes && !io_ch(arg, "\"", 1))
if(quotes) outlen += 2; return -1;
if(!arg) return outlen; return outlen;
if(quotes && !io_ch(arg, "\"", 1)) return -1;
if(do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0)
return -1;
if(quotes && !io_ch(arg, "\"", 1)) return -1;
return outlen;
} }
/* Used for line indenting: print 'indent' spaces */ /* Used for line indenting: print 'indent' spaces */
static int do_indent(char_io *io_ch, void *arg, int indent) static int do_indent(char_io *io_ch, void *arg, int indent)
{ {
int i; int i;
for(i = 0; i < indent; i++) for (i = 0; i < indent; i++)
if(!io_ch(arg, " ", 1)) return 0; if (!io_ch(arg, " ", 1))
return 1; return 0;
return 1;
} }
#define FN_WIDTH_LN 25 #define FN_WIDTH_LN 25
#define FN_WIDTH_SN 10 #define FN_WIDTH_SN 10
static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n, static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
int indent, unsigned long flags) int indent, unsigned long flags)
{ {
int i, prev = -1, orflags, cnt; int i, prev = -1, orflags, cnt;
int fn_opt, fn_nid; int fn_opt, fn_nid;
ASN1_OBJECT *fn; ASN1_OBJECT *fn;
ASN1_STRING *val; ASN1_STRING *val;
X509_NAME_ENTRY *ent; X509_NAME_ENTRY *ent;
char objtmp[80]; char objtmp[80];
const char *objbuf; const char *objbuf;
int outlen, len; int outlen, len;
char *sep_dn, *sep_mv, *sep_eq; char *sep_dn, *sep_mv, *sep_eq;
int sep_dn_len, sep_mv_len, sep_eq_len; int sep_dn_len, sep_mv_len, sep_eq_len;
if(indent < 0) indent = 0; if (indent < 0)
outlen = indent; indent = 0;
if(!do_indent(io_ch, arg, indent)) return -1; outlen = indent;
switch (flags & XN_FLAG_SEP_MASK) if (!do_indent(io_ch, arg, indent))
{ return -1;
case XN_FLAG_SEP_MULTILINE: switch (flags & XN_FLAG_SEP_MASK) {
sep_dn = "\n"; case XN_FLAG_SEP_MULTILINE:
sep_dn_len = 1; sep_dn = "\n";
sep_mv = " + "; sep_dn_len = 1;
sep_mv_len = 3; sep_mv = " + ";
break; sep_mv_len = 3;
break;
case XN_FLAG_SEP_COMMA_PLUS: case XN_FLAG_SEP_COMMA_PLUS:
sep_dn = ","; sep_dn = ",";
sep_dn_len = 1; sep_dn_len = 1;
sep_mv = "+"; sep_mv = "+";
sep_mv_len = 1; sep_mv_len = 1;
indent = 0; indent = 0;
break; break;
case XN_FLAG_SEP_CPLUS_SPC: case XN_FLAG_SEP_CPLUS_SPC:
sep_dn = ", "; sep_dn = ", ";
sep_dn_len = 2; sep_dn_len = 2;
sep_mv = " + "; sep_mv = " + ";
sep_mv_len = 3; sep_mv_len = 3;
indent = 0; indent = 0;
break; break;
case XN_FLAG_SEP_SPLUS_SPC: case XN_FLAG_SEP_SPLUS_SPC:
sep_dn = "; "; sep_dn = "; ";
sep_dn_len = 2; sep_dn_len = 2;
sep_mv = " + "; sep_mv = " + ";
sep_mv_len = 3; sep_mv_len = 3;
indent = 0; indent = 0;
break; break;
default: default:
return -1; return -1;
} }
if(flags & XN_FLAG_SPC_EQ) { if (flags & XN_FLAG_SPC_EQ) {
sep_eq = " = "; sep_eq = " = ";
sep_eq_len = 3; sep_eq_len = 3;
} else { } else {
sep_eq = "="; sep_eq = "=";
sep_eq_len = 1; sep_eq_len = 1;
} }
fn_opt = flags & XN_FLAG_FN_MASK; fn_opt = flags & XN_FLAG_FN_MASK;
cnt = X509_NAME_entry_count(n); cnt = X509_NAME_entry_count(n);
for(i = 0; i < cnt; i++) { for (i = 0; i < cnt; i++) {
if(flags & XN_FLAG_DN_REV) if (flags & XN_FLAG_DN_REV)
ent = X509_NAME_get_entry(n, cnt - i - 1); ent = X509_NAME_get_entry(n, cnt - i - 1);
else ent = X509_NAME_get_entry(n, i); else
if(prev != -1) { ent = X509_NAME_get_entry(n, i);
if(prev == ent->set) { if (prev != -1) {
if(!io_ch(arg, sep_mv, sep_mv_len)) return -1; if (prev == ent->set) {
outlen += sep_mv_len; if (!io_ch(arg, sep_mv, sep_mv_len))
} else { return -1;
if(!io_ch(arg, sep_dn, sep_dn_len)) return -1; outlen += sep_mv_len;
outlen += sep_dn_len; } else {
if(!do_indent(io_ch, arg, indent)) return -1; if (!io_ch(arg, sep_dn, sep_dn_len))
outlen += indent; return -1;
} outlen += sep_dn_len;
} if (!do_indent(io_ch, arg, indent))
prev = ent->set; return -1;
fn = X509_NAME_ENTRY_get_object(ent); outlen += indent;
val = X509_NAME_ENTRY_get_data(ent); }
fn_nid = OBJ_obj2nid(fn); }
if(fn_opt != XN_FLAG_FN_NONE) { prev = ent->set;
int objlen, fld_len; fn = X509_NAME_ENTRY_get_object(ent);
if((fn_opt == XN_FLAG_FN_OID) || (fn_nid==NID_undef) ) { val = X509_NAME_ENTRY_get_data(ent);
OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1); fn_nid = OBJ_obj2nid(fn);
fld_len = 0; /* XXX: what should this be? */ if (fn_opt != XN_FLAG_FN_NONE) {
objbuf = objtmp; int objlen, fld_len;
} else { if ((fn_opt == XN_FLAG_FN_OID) || (fn_nid == NID_undef)) {
if(fn_opt == XN_FLAG_FN_SN) { OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1);
fld_len = FN_WIDTH_SN; fld_len = 0; /* XXX: what should this be? */
objbuf = OBJ_nid2sn(fn_nid); objbuf = objtmp;
} else if(fn_opt == XN_FLAG_FN_LN) { } else {
fld_len = FN_WIDTH_LN; if (fn_opt == XN_FLAG_FN_SN) {
objbuf = OBJ_nid2ln(fn_nid); fld_len = FN_WIDTH_SN;
} else { objbuf = OBJ_nid2sn(fn_nid);
fld_len = 0; /* XXX: what should this be? */ } else if (fn_opt == XN_FLAG_FN_LN) {
objbuf = ""; fld_len = FN_WIDTH_LN;
} objbuf = OBJ_nid2ln(fn_nid);
} } else {
objlen = strlen(objbuf); fld_len = 0; /* XXX: what should this be? */
if(!io_ch(arg, objbuf, objlen)) return -1; objbuf = "";
if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) { }
if (!do_indent(io_ch, arg, fld_len - objlen)) return -1; }
outlen += fld_len - objlen; objlen = strlen(objbuf);
} if (!io_ch(arg, objbuf, objlen))
if(!io_ch(arg, sep_eq, sep_eq_len)) return -1; return -1;
outlen += objlen + sep_eq_len; if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) {
} if (!do_indent(io_ch, arg, fld_len - objlen))
/* If the field name is unknown then fix up the DER dump return -1;
* flag. We might want to limit this further so it will outlen += fld_len - objlen;
* DER dump on anything other than a few 'standard' fields. }
*/ if (!io_ch(arg, sep_eq, sep_eq_len))
if((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS)) return -1;
orflags = ASN1_STRFLGS_DUMP_ALL; outlen += objlen + sep_eq_len;
else orflags = 0; }
/*
* If the field name is unknown then fix up the DER dump flag. We
* might want to limit this further so it will DER dump on anything
* other than a few 'standard' fields.
*/
if ((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS))
orflags = ASN1_STRFLGS_DUMP_ALL;
else
orflags = 0;
len = do_print_ex(io_ch, arg, flags | orflags, val); len = do_print_ex(io_ch, arg, flags | orflags, val);
if(len < 0) return -1; if (len < 0)
outlen += len; return -1;
} outlen += len;
return outlen; }
return outlen;
} }
/* Wrappers round the main functions */ /* Wrappers round the main functions */
int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags) int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent,
unsigned long flags)
{ {
if(flags == XN_FLAG_COMPAT) if (flags == XN_FLAG_COMPAT)
return X509_NAME_print(out, nm, indent); return X509_NAME_print(out, nm, indent);
return do_name_ex(send_bio_chars, out, nm, indent, flags); return do_name_ex(send_bio_chars, out, nm, indent, flags);
} }
#ifndef OPENSSL_NO_STDIO #ifndef OPENSSL_NO_STDIO
int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags) int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent,
unsigned long flags)
{ {
if(flags == XN_FLAG_COMPAT) if (flags == XN_FLAG_COMPAT) {
{ BIO *btmp;
BIO *btmp; int ret;
int ret; btmp = BIO_new_fp(fp, BIO_NOCLOSE);
btmp = BIO_new_fp(fp, BIO_NOCLOSE); if (!btmp)
if(!btmp) return -1; return -1;
ret = X509_NAME_print(btmp, nm, indent); ret = X509_NAME_print(btmp, nm, indent);
BIO_free(btmp); BIO_free(btmp);
return ret; return ret;
} }
return do_name_ex(send_fp_chars, fp, nm, indent, flags); return do_name_ex(send_fp_chars, fp, nm, indent, flags);
} }
#endif #endif
int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags) int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags)
{ {
return do_print_ex(send_bio_chars, out, flags, str); return do_print_ex(send_bio_chars, out, flags, str);
} }
#ifndef OPENSSL_NO_STDIO #ifndef OPENSSL_NO_STDIO
int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags) int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags)
{ {
return do_print_ex(send_fp_chars, fp, flags, str); return do_print_ex(send_fp_chars, fp, flags, str);
} }
#endif #endif
/* Utility function: convert any string type to UTF8, returns number of bytes /*
* Utility function: convert any string type to UTF8, returns number of bytes
* in output string or a negative error code * in output string or a negative error code
*/ */
int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in) int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
{ {
ASN1_STRING stmp, *str = &stmp; ASN1_STRING stmp, *str = &stmp;
int mbflag, type, ret; int mbflag, type, ret;
if(!in) return -1; if (!in)
type = in->type; return -1;
if((type < 0) || (type > 30)) return -1; type = in->type;
mbflag = tag2nbyte[type]; if ((type < 0) || (type > 30))
if(mbflag == -1) return -1; return -1;
mbflag |= MBSTRING_FLAG; mbflag = tag2nbyte[type];
stmp.data = NULL; if (mbflag == -1)
stmp.length = 0; return -1;
stmp.flags = 0; mbflag |= MBSTRING_FLAG;
ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING); stmp.data = NULL;
if(ret < 0) return ret; stmp.length = 0;
*out = stmp.data; stmp.flags = 0;
return stmp.length; ret =
ASN1_mbstring_copy(&str, in->data, in->length, mbflag,
B_ASN1_UTF8STRING);
if (ret < 0)
return ret;
*out = stmp.data;
return stmp.length;
} }

367
crypto/asn1/a_strnid.c
View File

@ -1,6 +1,7 @@
/* a_strnid.c */ /* a_strnid.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL /*
* project 1999. * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 1999.
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved. * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
@ -62,28 +63,27 @@
#include <openssl/asn1.h> #include <openssl/asn1.h>
#include <openssl/objects.h> #include <openssl/objects.h>
static STACK_OF(ASN1_STRING_TABLE) *stable = NULL; static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;
static void st_free(ASN1_STRING_TABLE *tbl); static void st_free(ASN1_STRING_TABLE *tbl);
static int sk_table_cmp(const ASN1_STRING_TABLE * const *a, static int sk_table_cmp(const ASN1_STRING_TABLE *const *a,
const ASN1_STRING_TABLE * const *b); const ASN1_STRING_TABLE *const *b);
/*
/* This is the global mask for the mbstring functions: this is use to * This is the global mask for the mbstring functions: this is use to mask
* mask out certain types (such as BMPString and UTF8String) because * out certain types (such as BMPString and UTF8String) because certain
* certain software (e.g. Netscape) has problems with them. * software (e.g. Netscape) has problems with them.
*/ */
static unsigned long global_mask = B_ASN1_UTF8STRING; static unsigned long global_mask = B_ASN1_UTF8STRING;
void ASN1_STRING_set_default_mask(unsigned long mask) void ASN1_STRING_set_default_mask(unsigned long mask)
{ {
global_mask = mask; global_mask = mask;
} }
unsigned long ASN1_STRING_get_default_mask(void) unsigned long ASN1_STRING_get_default_mask(void)
{ {
return global_mask; return global_mask;
} }
/*- /*-
@ -98,195 +98,207 @@ unsigned long ASN1_STRING_get_default_mask(void)
int ASN1_STRING_set_default_mask_asc(const char *p) int ASN1_STRING_set_default_mask_asc(const char *p)
{ {
unsigned long mask; unsigned long mask;
char *end; char *end;
if(!strncmp(p, "MASK:", 5)) { if (!strncmp(p, "MASK:", 5)) {
if(!p[5]) return 0; if (!p[5])
mask = strtoul(p + 5, &end, 0); return 0;
if(*end) return 0; mask = strtoul(p + 5, &end, 0);
} else if(!strcmp(p, "nombstr")) if (*end)
mask = ~((unsigned long)(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING)); return 0;
else if(!strcmp(p, "pkix")) } else if (!strcmp(p, "nombstr"))
mask = ~((unsigned long)B_ASN1_T61STRING); mask = ~((unsigned long)(B_ASN1_BMPSTRING | B_ASN1_UTF8STRING));
else if(!strcmp(p, "utf8only")) mask = B_ASN1_UTF8STRING; else if (!strcmp(p, "pkix"))
else if(!strcmp(p, "default")) mask = ~((unsigned long)B_ASN1_T61STRING);
mask = 0xFFFFFFFFL; else if (!strcmp(p, "utf8only"))
else return 0; mask = B_ASN1_UTF8STRING;
ASN1_STRING_set_default_mask(mask); else if (!strcmp(p, "default"))
return 1; mask = 0xFFFFFFFFL;
else
return 0;
ASN1_STRING_set_default_mask(mask);
return 1;
} }
/* The following function generates an ASN1_STRING based on limits in a table. /*
* Frequently the types and length of an ASN1_STRING are restricted by a * The following function generates an ASN1_STRING based on limits in a
* corresponding OID. For example certificates and certificate requests. * table. Frequently the types and length of an ASN1_STRING are restricted by
* a corresponding OID. For example certificates and certificate requests.
*/ */
ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out,
int inlen, int inform, int nid) const unsigned char *in, int inlen,
int inform, int nid)
{ {
ASN1_STRING_TABLE *tbl; ASN1_STRING_TABLE *tbl;
ASN1_STRING *str = NULL; ASN1_STRING *str = NULL;
unsigned long mask; unsigned long mask;
int ret; int ret;
if(!out) out = &str; if (!out)
tbl = ASN1_STRING_TABLE_get(nid); out = &str;
if(tbl) { tbl = ASN1_STRING_TABLE_get(nid);
mask = tbl->mask; if (tbl) {
if(!(tbl->flags & STABLE_NO_MASK)) mask &= global_mask; mask = tbl->mask;
ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask, if (!(tbl->flags & STABLE_NO_MASK))
tbl->minsize, tbl->maxsize); mask &= global_mask;
} else ret = ASN1_mbstring_copy(out, in, inlen, inform, DIRSTRING_TYPE & global_mask); ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask,
if(ret <= 0) return NULL; tbl->minsize, tbl->maxsize);
return *out; } else
ret =
ASN1_mbstring_copy(out, in, inlen, inform,
DIRSTRING_TYPE & global_mask);
if (ret <= 0)
return NULL;
return *out;
} }
/* Now the tables and helper functions for the string table: /*
* Now the tables and helper functions for the string table:
*/ */
/* size limits: this stuff is taken straight from RFC3280 */ /* size limits: this stuff is taken straight from RFC3280 */
#define ub_name 32768 #define ub_name 32768
#define ub_common_name 64 #define ub_common_name 64
#define ub_locality_name 128 #define ub_locality_name 128
#define ub_state_name 128 #define ub_state_name 128
#define ub_organization_name 64 #define ub_organization_name 64
#define ub_organization_unit_name 64 #define ub_organization_unit_name 64
#define ub_title 64 #define ub_title 64
#define ub_email_address 128 #define ub_email_address 128
#define ub_serial_number 64 #define ub_serial_number 64
/* This table must be kept in NID order */ /* This table must be kept in NID order */
static const ASN1_STRING_TABLE tbl_standard[] = { static const ASN1_STRING_TABLE tbl_standard[] = {
{NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0}, {NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0},
{NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, {NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
{NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0}, {NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0},
{NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0}, {NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0},
{NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0}, {NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0},
{NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE, 0}, {NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE,
{NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING, STABLE_NO_MASK}, 0},
{NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0}, {NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING,
{NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0}, STABLE_NO_MASK},
{NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0}, {NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0},
{NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0}, {NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0},
{NID_surname, 1, ub_name, DIRSTRING_TYPE, 0}, {NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0},
{NID_initials, 1, ub_name, DIRSTRING_TYPE, 0}, {NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0},
{NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, {NID_surname, 1, ub_name, DIRSTRING_TYPE, 0},
{NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, {NID_initials, 1, ub_name, DIRSTRING_TYPE, 0},
{NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, {NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING,
{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, STABLE_NO_MASK},
{NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK}, {NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
{NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK} {NID_name, 1, ub_name, DIRSTRING_TYPE, 0},
{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
{NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},
{NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}
}; };
static int sk_table_cmp(const ASN1_STRING_TABLE * const *a, static int sk_table_cmp(const ASN1_STRING_TABLE *const *a,
const ASN1_STRING_TABLE * const *b) const ASN1_STRING_TABLE *const *b)
{ {
return (*a)->nid - (*b)->nid; return (*a)->nid - (*b)->nid;
} }
DECLARE_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table); DECLARE_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table);
static int table_cmp(const ASN1_STRING_TABLE *a, const ASN1_STRING_TABLE *b) static int table_cmp(const ASN1_STRING_TABLE *a, const ASN1_STRING_TABLE *b)
{ {
return a->nid - b->nid; return a->nid - b->nid;
} }
IMPLEMENT_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table); IMPLEMENT_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table);
ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid) ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
{ {
int idx; int idx;
ASN1_STRING_TABLE fnd; ASN1_STRING_TABLE fnd;
fnd.nid = nid; fnd.nid = nid;
if (stable) if (stable) {
{ idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);
idx = sk_ASN1_STRING_TABLE_find(stable, &fnd); if (idx >= 0)
if (idx >= 0) return sk_ASN1_STRING_TABLE_value(stable, idx);
return sk_ASN1_STRING_TABLE_value(stable, idx); }
} return OBJ_bsearch_table(&fnd, tbl_standard,
return OBJ_bsearch_table(&fnd, tbl_standard, sizeof(tbl_standard) /
sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE)); sizeof(ASN1_STRING_TABLE));
} }
/* Return a string table pointer which can be modified: either directly /*
* from table or a copy of an internal value added to the table. * Return a string table pointer which can be modified: either directly from
* table or a copy of an internal value added to the table.
*/ */
static ASN1_STRING_TABLE *stable_get(int nid) static ASN1_STRING_TABLE *stable_get(int nid)
{ {
ASN1_STRING_TABLE *tmp, *rv; ASN1_STRING_TABLE *tmp, *rv;
/* Always need a string table so allocate one if NULL */ /* Always need a string table so allocate one if NULL */
if(!stable) if (!stable) {
{ stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp);
stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp); if (!stable)
if (!stable) return NULL;
return NULL; }
} tmp = ASN1_STRING_TABLE_get(nid);
tmp = ASN1_STRING_TABLE_get(nid); if (tmp && tmp->flags & STABLE_FLAGS_MALLOC)
if (tmp && tmp->flags & STABLE_FLAGS_MALLOC) return tmp;
return tmp; rv = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE));
rv = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE)); if (!rv)
if (!rv) return NULL;
return NULL; if (!sk_ASN1_STRING_TABLE_push(stable, rv)) {
if (!sk_ASN1_STRING_TABLE_push(stable, rv)) OPENSSL_free(rv);
{ return NULL;
OPENSSL_free(rv); }
return NULL; if (tmp) {
} rv->nid = tmp->nid;
if (tmp) rv->minsize = tmp->minsize;
{ rv->maxsize = tmp->maxsize;
rv->nid = tmp->nid; rv->mask = tmp->mask;
rv->minsize = tmp->minsize; rv->flags = tmp->flags | STABLE_FLAGS_MALLOC;
rv->maxsize = tmp->maxsize; } else {
rv->mask = tmp->mask; rv->minsize = -1;
rv->flags = tmp->flags | STABLE_FLAGS_MALLOC; rv->maxsize = -1;
} rv->mask = 0;
else rv->flags = STABLE_FLAGS_MALLOC;
{ }
rv->minsize = -1; return rv;
rv->maxsize = -1; }
rv->mask = 0;
rv->flags = STABLE_FLAGS_MALLOC;
}
return rv;
}
int ASN1_STRING_TABLE_add(int nid, int ASN1_STRING_TABLE_add(int nid,
long minsize, long maxsize, unsigned long mask, long minsize, long maxsize, unsigned long mask,
unsigned long flags) unsigned long flags)
{ {
ASN1_STRING_TABLE *tmp; ASN1_STRING_TABLE *tmp;
tmp = stable_get(nid); tmp = stable_get(nid);
if (!tmp) if (!tmp) {
{ ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE);
ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE); return 0;
return 0; }
} if (minsize >= 0)
if (minsize >= 0) tmp->minsize = minsize;
tmp->minsize = minsize; if (maxsize >= 0)
if (maxsize >= 0) tmp->maxsize = maxsize;
tmp->maxsize = maxsize; if (mask)
if (mask) tmp->mask = mask;
tmp->mask = mask; if (flags)
if (flags) tmp->flags = STABLE_FLAGS_MALLOC | flags;
tmp->flags = STABLE_FLAGS_MALLOC | flags; return 1;
return 1; }
}
void ASN1_STRING_TABLE_cleanup(void) void ASN1_STRING_TABLE_cleanup(void)
{ {
STACK_OF(ASN1_STRING_TABLE) *tmp; STACK_OF(ASN1_STRING_TABLE) *tmp;
tmp = stable; tmp = stable;
if(!tmp) return; if (!tmp)
stable = NULL; return;
sk_ASN1_STRING_TABLE_pop_free(tmp, st_free); stable = NULL;
sk_ASN1_STRING_TABLE_pop_free(tmp, st_free);
} }
static void st_free(ASN1_STRING_TABLE *tbl) static void st_free(ASN1_STRING_TABLE *tbl)
{ {
if(tbl->flags & STABLE_FLAGS_MALLOC) OPENSSL_free(tbl); if (tbl->flags & STABLE_FLAGS_MALLOC)
OPENSSL_free(tbl);
} }
@ -296,30 +308,27 @@ IMPLEMENT_STACK_OF(ASN1_STRING_TABLE)
main() main()
{ {
ASN1_STRING_TABLE *tmp; ASN1_STRING_TABLE *tmp;
int i, last_nid = -1; int i, last_nid = -1;
for (tmp = tbl_standard, i = 0; for (tmp = tbl_standard, i = 0;
i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++) i < sizeof(tbl_standard) / sizeof(ASN1_STRING_TABLE); i++, tmp++) {
{ if (tmp->nid < last_nid) {
if (tmp->nid < last_nid) last_nid = 0;
{ break;
last_nid = 0; }
break; last_nid = tmp->nid;
} }
last_nid = tmp->nid;
}
if (last_nid != 0) if (last_nid != 0) {
{ printf("Table order OK\n");
printf("Table order OK\n"); exit(0);
exit(0); }
}
for (tmp = tbl_standard, i = 0; for (tmp = tbl_standard, i = 0;
i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++) i < sizeof(tbl_standard) / sizeof(ASN1_STRING_TABLE); i++, tmp++)
printf("Index %d, NID %d, Name=%s\n", i, tmp->nid, printf("Index %d, NID %d, Name=%s\n", i, tmp->nid,
OBJ_nid2ln(tmp->nid)); OBJ_nid2ln(tmp->nid));
} }

244
crypto/asn1/a_time.c
View File

@ -53,7 +53,6 @@
* *
*/ */
/*- /*-
* This is an implementation of the ASN1 Time structure which is: * This is an implementation of the ASN1 Time structure which is:
* Time ::= CHOICE { * Time ::= CHOICE {
@ -74,156 +73,155 @@ IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME)
#if 0 #if 0
int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp) int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp)
{ {
#ifdef CHARSET_EBCDIC # ifdef CHARSET_EBCDIC
/* KLUDGE! We convert to ascii before writing DER */ /* KLUDGE! We convert to ascii before writing DER */
char tmp[24]; char tmp[24];
ASN1_STRING tmpstr; ASN1_STRING tmpstr;
if(a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) { if (a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) {
int len; int len;
tmpstr = *(ASN1_STRING *)a; tmpstr = *(ASN1_STRING *)a;
len = tmpstr.length; len = tmpstr.length;
ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len); ebcdic2ascii(tmp, tmpstr.data,
tmpstr.data = tmp; (len >= sizeof tmp) ? sizeof tmp : len);
a = (ASN1_GENERALIZEDTIME *) &tmpstr; tmpstr.data = tmp;
} a = (ASN1_GENERALIZEDTIME *)&tmpstr;
}
# endif
if (a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME)
return (i2d_ASN1_bytes((ASN1_STRING *)a, pp,
a->type, V_ASN1_UNIVERSAL));
ASN1err(ASN1_F_I2D_ASN1_TIME, ASN1_R_EXPECTING_A_TIME);
return -1;
}
#endif #endif
if(a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME)
return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
a->type ,V_ASN1_UNIVERSAL));
ASN1err(ASN1_F_I2D_ASN1_TIME,ASN1_R_EXPECTING_A_TIME);
return -1;
}
#endif
ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t) ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
{ {
return ASN1_TIME_adj(s, t, 0, 0); return ASN1_TIME_adj(s, t, 0, 0);
} }
ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t,
int offset_day, long offset_sec) int offset_day, long offset_sec)
{ {
struct tm *ts; struct tm *ts;
struct tm data; struct tm data;
ts=OPENSSL_gmtime(&t,&data); ts = OPENSSL_gmtime(&t, &data);
if (ts == NULL) if (ts == NULL) {
{ ASN1err(ASN1_F_ASN1_TIME_ADJ, ASN1_R_ERROR_GETTING_TIME);
ASN1err(ASN1_F_ASN1_TIME_ADJ, ASN1_R_ERROR_GETTING_TIME); return NULL;
return NULL; }
} if (offset_day || offset_sec) {
if (offset_day || offset_sec) if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
{ return NULL;
if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec)) }
return NULL; if ((ts->tm_year >= 50) && (ts->tm_year < 150))
} return ASN1_UTCTIME_adj(s, t, offset_day, offset_sec);
if((ts->tm_year >= 50) && (ts->tm_year < 150)) return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec);
return ASN1_UTCTIME_adj(s, t, offset_day, offset_sec); }
return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec);
}
int ASN1_TIME_check(const ASN1_TIME *t) int ASN1_TIME_check(const ASN1_TIME *t)
{ {
if (t->type == V_ASN1_GENERALIZEDTIME) if (t->type == V_ASN1_GENERALIZEDTIME)
return ASN1_GENERALIZEDTIME_check(t); return ASN1_GENERALIZEDTIME_check(t);
else if (t->type == V_ASN1_UTCTIME) else if (t->type == V_ASN1_UTCTIME)
return ASN1_UTCTIME_check(t); return ASN1_UTCTIME_check(t);
return 0; return 0;
} }
/* Convert an ASN1_TIME structure to GeneralizedTime */ /* Convert an ASN1_TIME structure to GeneralizedTime */
ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out) ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t,
{ ASN1_GENERALIZEDTIME **out)
ASN1_GENERALIZEDTIME *ret; {
char *str; ASN1_GENERALIZEDTIME *ret;
int newlen; char *str;
int newlen;
if (!ASN1_TIME_check(t)) return NULL; if (!ASN1_TIME_check(t))
return NULL;
if (!out || !*out) if (!out || !*out) {
{ if (!(ret = ASN1_GENERALIZEDTIME_new()))
if (!(ret = ASN1_GENERALIZEDTIME_new ())) return NULL;
return NULL; if (out)
if (out) *out = ret; *out = ret;
} } else
else ret = *out; ret = *out;
/* If already GeneralizedTime just copy across */ /* If already GeneralizedTime just copy across */
if (t->type == V_ASN1_GENERALIZEDTIME) if (t->type == V_ASN1_GENERALIZEDTIME) {
{ if (!ASN1_STRING_set(ret, t->data, t->length))
if(!ASN1_STRING_set(ret, t->data, t->length)) return NULL;
return NULL; return ret;
return ret; }
}
/* grow the string */ /* grow the string */
if (!ASN1_STRING_set(ret, NULL, t->length + 2)) if (!ASN1_STRING_set(ret, NULL, t->length + 2))
return NULL; return NULL;
/* ASN1_STRING_set() allocated 'len + 1' bytes. */ /* ASN1_STRING_set() allocated 'len + 1' bytes. */
newlen = t->length + 2 + 1; newlen = t->length + 2 + 1;
str = (char *)ret->data; str = (char *)ret->data;
/* Work out the century and prepend */ /* Work out the century and prepend */
if (t->data[0] >= '5') BUF_strlcpy(str, "19", newlen); if (t->data[0] >= '5')
else BUF_strlcpy(str, "20", newlen); BUF_strlcpy(str, "19", newlen);
else
BUF_strlcpy(str, "20", newlen);
BUF_strlcat(str, (char *)t->data, newlen); BUF_strlcat(str, (char *)t->data, newlen);
return ret; return ret;
} }
int ASN1_TIME_set_string(ASN1_TIME *s, const char *str) int ASN1_TIME_set_string(ASN1_TIME *s, const char *str)
{ {
ASN1_TIME t; ASN1_TIME t;
t.length = strlen(str); t.length = strlen(str);
t.data = (unsigned char *)str; t.data = (unsigned char *)str;
t.flags = 0; t.flags = 0;
t.type = V_ASN1_UTCTIME; t.type = V_ASN1_UTCTIME;
if (!ASN1_TIME_check(&t)) if (!ASN1_TIME_check(&t)) {
{ t.type = V_ASN1_GENERALIZEDTIME;
t.type = V_ASN1_GENERALIZEDTIME; if (!ASN1_TIME_check(&t))
if (!ASN1_TIME_check(&t)) return 0;
return 0; }
}
if (s && !ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t)) if (s && !ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t))
return 0; return 0;
return 1; return 1;
} }
static int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *t) static int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *t)
{ {
if (t == NULL) if (t == NULL) {
{ time_t now_t;
time_t now_t; time(&now_t);
time(&now_t); if (OPENSSL_gmtime(&now_t, tm))
if (OPENSSL_gmtime(&now_t, tm)) return 1;
return 1; return 0;
return 0; }
}
if (t->type == V_ASN1_UTCTIME) if (t->type == V_ASN1_UTCTIME)
return asn1_utctime_to_tm(tm, t); return asn1_utctime_to_tm(tm, t);
else if (t->type == V_ASN1_GENERALIZEDTIME) else if (t->type == V_ASN1_GENERALIZEDTIME)
return asn1_generalizedtime_to_tm(tm, t); return asn1_generalizedtime_to_tm(tm, t);
return 0; return 0;
} }
int ASN1_TIME_diff(int *pday, int *psec, int ASN1_TIME_diff(int *pday, int *psec,
const ASN1_TIME *from, const ASN1_TIME *to) const ASN1_TIME *from, const ASN1_TIME *to)
{ {
struct tm tm_from, tm_to; struct tm tm_from, tm_to;
if (!asn1_time_to_tm(&tm_from, from)) if (!asn1_time_to_tm(&tm_from, from))
return 0; return 0;
if (!asn1_time_to_tm(&tm_to, to)) if (!asn1_time_to_tm(&tm_to, to))
return 0; return 0;
return OPENSSL_gmtime_diff(pday, psec, &tm_from, &tm_to); return OPENSSL_gmtime_diff(pday, psec, &tm_from, &tm_to);
} }

159
crypto/asn1/a_type.c
View File

@ -62,98 +62,93 @@
#include <openssl/objects.h> #include <openssl/objects.h>
int ASN1_TYPE_get(ASN1_TYPE *a) int ASN1_TYPE_get(ASN1_TYPE *a)
{ {
if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL)) if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL))
return(a->type); return (a->type);
else else
return(0); return (0);
} }
void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value) void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
{ {
if (a->value.ptr != NULL) if (a->value.ptr != NULL) {
{ ASN1_TYPE **tmp_a = &a;
ASN1_TYPE **tmp_a = &a; ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL);
ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL); }
} a->type = type;
a->type=type; if (type == V_ASN1_BOOLEAN)
if (type == V_ASN1_BOOLEAN) a->value.boolean = value ? 0xff : 0;
a->value.boolean = value ? 0xff : 0; else
else a->value.ptr = value;
a->value.ptr=value; }
}
int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value) int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value)
{ {
if (!value || (type == V_ASN1_BOOLEAN)) if (!value || (type == V_ASN1_BOOLEAN)) {
{ void *p = (void *)value;
void *p = (void *)value; ASN1_TYPE_set(a, type, p);
ASN1_TYPE_set(a, type, p); } else if (type == V_ASN1_OBJECT) {
} ASN1_OBJECT *odup;
else if (type == V_ASN1_OBJECT) odup = OBJ_dup(value);
{ if (!odup)
ASN1_OBJECT *odup; return 0;
odup = OBJ_dup(value); ASN1_TYPE_set(a, type, odup);
if (!odup) } else {
return 0; ASN1_STRING *sdup;
ASN1_TYPE_set(a, type, odup); sdup = ASN1_STRING_dup(value);
} if (!sdup)
else return 0;
{ ASN1_TYPE_set(a, type, sdup);
ASN1_STRING *sdup; }
sdup = ASN1_STRING_dup(value); return 1;
if (!sdup) }
return 0;
ASN1_TYPE_set(a, type, sdup);
}
return 1;
}
IMPLEMENT_STACK_OF(ASN1_TYPE) IMPLEMENT_STACK_OF(ASN1_TYPE)
IMPLEMENT_ASN1_SET_OF(ASN1_TYPE) IMPLEMENT_ASN1_SET_OF(ASN1_TYPE)
/* Returns 0 if they are equal, != 0 otherwise. */ /* Returns 0 if they are equal, != 0 otherwise. */
int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b) int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b)
{ {
int result = -1; int result = -1;
if (!a || !b || a->type != b->type) return -1; if (!a || !b || a->type != b->type)
return -1;
switch (a->type) switch (a->type) {
{ case V_ASN1_OBJECT:
case V_ASN1_OBJECT: result = OBJ_cmp(a->value.object, b->value.object);
result = OBJ_cmp(a->value.object, b->value.object); break;
break; case V_ASN1_NULL:
case V_ASN1_NULL: result = 0; /* They do not have content. */
result = 0; /* They do not have content. */ break;
break; case V_ASN1_INTEGER:
case V_ASN1_INTEGER: case V_ASN1_NEG_INTEGER:
case V_ASN1_NEG_INTEGER: case V_ASN1_ENUMERATED:
case V_ASN1_ENUMERATED: case V_ASN1_NEG_ENUMERATED:
case V_ASN1_NEG_ENUMERATED: case V_ASN1_BIT_STRING:
case V_ASN1_BIT_STRING: case V_ASN1_OCTET_STRING:
case V_ASN1_OCTET_STRING: case V_ASN1_SEQUENCE:
case V_ASN1_SEQUENCE: case V_ASN1_SET:
case V_ASN1_SET: case V_ASN1_NUMERICSTRING:
case V_ASN1_NUMERICSTRING: case V_ASN1_PRINTABLESTRING:
case V_ASN1_PRINTABLESTRING: case V_ASN1_T61STRING:
case V_ASN1_T61STRING: case V_ASN1_VIDEOTEXSTRING:
case V_ASN1_VIDEOTEXSTRING: case V_ASN1_IA5STRING:
case V_ASN1_IA5STRING: case V_ASN1_UTCTIME:
case V_ASN1_UTCTIME: case V_ASN1_GENERALIZEDTIME:
case V_ASN1_GENERALIZEDTIME: case V_ASN1_GRAPHICSTRING:
case V_ASN1_GRAPHICSTRING: case V_ASN1_VISIBLESTRING:
case V_ASN1_VISIBLESTRING: case V_ASN1_GENERALSTRING:
case V_ASN1_GENERALSTRING: case V_ASN1_UNIVERSALSTRING:
case V_ASN1_UNIVERSALSTRING: case V_ASN1_BMPSTRING:
case V_ASN1_BMPSTRING: case V_ASN1_UTF8STRING:
case V_ASN1_UTF8STRING: case V_ASN1_OTHER:
case V_ASN1_OTHER: default:
default: result = ASN1_STRING_cmp((ASN1_STRING *)a->value.ptr,
result = ASN1_STRING_cmp((ASN1_STRING *) a->value.ptr, (ASN1_STRING *)b->value.ptr);
(ASN1_STRING *) b->value.ptr); break;
break; }
}
return result; return result;
} }

Some files were not shown because too many files have changed in this diff Show More