generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Run util/openssl-format-source -v -c .

Browse Source 
Reviewed-by: Tim Hudson <tjh@openssl.org>
This commit is contained in:
Matt Caswell
2015-01-22 02:47:42 +00:00
parent 9d03aabea3
commit 40720ce3ca
987 changed files with 225809 additions and 225646 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
MacOS/GetHTTPS.src/MacSocket.h
View File

@@ -5,97 +5,98 @@
extern "C" { extern "C" {
#endif #endif
enum {
enum
{
kMacSocket_TimeoutErr = -2 kMacSocket_TimeoutErr = -2
}; };
// Since MacSocket does busy waiting, I do a callback while waiting // Since MacSocket does busy waiting, I do a callback while waiting
typedef OSErr(*MacSocket_IdleWaitCallback) (void *); typedef OSErr(*MacSocket_IdleWaitCallback) (void *);
// Call this before anything else! // Call this before anything else!
OSErr MacSocket_Startup(void); OSErr MacSocket_Startup(void);
// Call this to cleanup before quitting // Call this to cleanup before quitting
OSErr MacSocket_Shutdown(void); OSErr MacSocket_Shutdown(void);
// Call this to allocate a "socket" (reference number is returned in
// Call this to allocate a "socket" (reference number is returned in outSocketNum) // outSocketNum)
// Note that inDoThreadSwitching is pretty much irrelevant right now, since I ignore it // Note that inDoThreadSwitching is pretty much irrelevant right now, since I
// ignore it
// The inTimeoutTicks parameter is applied during reads/writes of data // The inTimeoutTicks parameter is applied during reads/writes of data
// The inIdleWaitCallback parameter specifies a callback which is called during busy-waiting periods // The inIdleWaitCallback parameter specifies a callback which is called
// during busy-waiting periods
// The inUserRefPtr parameter is passed back to the idle-wait callback // The inUserRefPtr parameter is passed back to the idle-wait callback
OSErr MacSocket_socket(int *outSocketNum,const Boolean inDoThreadSwitching,const long inTimeoutTicks,MacSocket_IdleWaitCallback inIdleWaitCallback,void *inUserRefPtr); OSErr MacSocket_socket(int *outSocketNum, const Boolean inDoThreadSwitching,
const long inTimeoutTicks,
MacSocket_IdleWaitCallback inIdleWaitCallback,
void *inUserRefPtr);
// Call this to connect to an IP/DNS address // Call this to connect to an IP/DNS address
// Note that inTargetAddressAndPort is in "IP:port" format-- e.g. 10.1.1.1:123 // Note that inTargetAddressAndPort is in "IP:port" format-- e.g.
// 10.1.1.1:123
OSErr MacSocket_connect(const int inSocketNum, char *inTargetAddressAndPort); OSErr MacSocket_connect(const int inSocketNum, char *inTargetAddressAndPort);
// Call this to listen on a port // Call this to listen on a port
// Since this a low-performance implementation, I allow a maximum of 1 (one!) incoming request when I listen // Since this a low-performance implementation, I allow a maximum of 1 (one!)
// incoming request when I listen
OSErr MacSocket_listen(const int inSocketNum, const int inPortNum); OSErr MacSocket_listen(const int inSocketNum, const int inPortNum);
// Call this to close a socket // Call this to close a socket
OSErr MacSocket_close(const int inSocketNum); OSErr MacSocket_close(const int inSocketNum);
// Call this to receive data on a socket // Call this to receive data on a socket
// Most parameters' purpose are obvious-- except maybe "inBlock" which controls whether I wait for data or return immediately // Most parameters' purpose are obvious-- except maybe "inBlock" which
// controls whether I wait for data or return immediately
int MacSocket_recv(const int inSocketNum,void *outBuff,int outBuffLength,const Boolean inBlock);
int MacSocket_recv(const int inSocketNum, void *outBuff, int outBuffLength,
const Boolean inBlock);
// Call this to send data on a socket // Call this to send data on a socket
int MacSocket_send(const int inSocketNum,const void *inBuff,int inBuffLength); int MacSocket_send(const int inSocketNum, const void *inBuff,
int inBuffLength);
// If zero bytes were read in a call to MacSocket_recv(), it may be that the
// If zero bytes were read in a call to MacSocket_recv(), it may be that the remote end has done a half-close // remote end has done a half-close
// This function will let you check whether that's true or not // This function will let you check whether that's true or not
Boolean MacSocket_RemoteEndIsClosing(const int inSocketNum); Boolean MacSocket_RemoteEndIsClosing(const int inSocketNum);
// Call this to see if the listen has completed after a call to
// Call this to see if the listen has completed after a call to MacSocket_listen() // MacSocket_listen()
Boolean MacSocket_ListenCompleted(const int inSocketNum); Boolean MacSocket_ListenCompleted(const int inSocketNum);
// These really aren't very useful anymore // These really aren't very useful anymore
Boolean MacSocket_LocalEndIsOpen(const int inSocketNum); Boolean MacSocket_LocalEndIsOpen(const int inSocketNum);
Boolean MacSocket_RemoteEndIsOpen(const int inSocketNum); Boolean MacSocket_RemoteEndIsOpen(const int inSocketNum);
// You may wish to change the userRefPtr for a socket callback-- use this to
// You may wish to change the userRefPtr for a socket callback-- use this to do it // do it
void MacSocket_SetUserRefPtr(const int inSocketNum, void *inNewRefPtr); void MacSocket_SetUserRefPtr(const int inSocketNum, void *inNewRefPtr);
// Call these to get the socket's IP:port descriptor // Call these to get the socket's IP:port descriptor
void MacSocket_GetLocalIPAndPort(const int inSocketNum,char *outIPAndPort,const int inIPAndPortLength); void MacSocket_GetLocalIPAndPort(const int inSocketNum, char *outIPAndPort,
void MacSocket_GetRemoteIPAndPort(const int inSocketNum,char *outIPAndPort,const int inIPAndPortLength); const int inIPAndPortLength);
void MacSocket_GetRemoteIPAndPort(const int inSocketNum, char *outIPAndPort,
const int inIPAndPortLength);
// Call this to get error info from a socket // Call this to get error info from a socket
void MacSocket_GetSocketErrorInfo(const int inSocketNum,int *outSocketErrCode,char *outSocketErrString,const int inSocketErrStringMaxLength); void MacSocket_GetSocketErrorInfo(const int inSocketNum,
int *outSocketErrCode,
char *outSocketErrString,
const int inSocketErrStringMaxLength);
#ifdef __cplusplus #ifdef __cplusplus

3
MacOS/Randomizer.h
View File

@@ -4,8 +4,7 @@
#include <MacTypes.h> #include <MacTypes.h>
class CRandomizer class CRandomizer {
{
public: public:
CRandomizer(void); CRandomizer(void);
void PeriodicAction(void); void PeriodicAction(void);

46
MacOS/opensslconf.h
View File

@@ -21,8 +21,10 @@
#if defined(HEADER_RC4_H) #if defined(HEADER_RC4_H)
# if !defined(RC4_INT) # if !defined(RC4_INT)
/* using int types make the structure larger but make the code faster /*
* on most boxes I have tested - up to %20 faster. */ * using int types make the structure larger but make the code faster on most
* boxes I have tested - up to %20 faster.
*/
/*- /*-
* I don't know what does "most" mean, but declaring "int" is a must on: * I don't know what does "most" mean, but declaring "int" is a must on:
* - Intel P6 because partial register stalls are very expensive; * - Intel P6 because partial register stalls are very expensive;
@@ -40,8 +42,10 @@
#endif #endif
#if defined(HEADER_DES_H) && !defined(DES_LONG) #if defined(HEADER_DES_H) && !defined(DES_LONG)
/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a /*
* %20 speed up (longs are 8 bytes, int's are 4). */ * If this is set to 'unsigned int' on a DEC Alpha, this gives about a %20
* speed up (longs are 8 bytes, int's are 4).
*/
# ifndef DES_LONG # ifndef DES_LONG
# define DES_LONG unsigned long # define DES_LONG unsigned long
# endif # endif
@@ -58,9 +62,10 @@
/* Should we define BN_DIV2W here? */ /* Should we define BN_DIV2W here? */
/* Only one for the following should be defined */ /* Only one for the following should be defined */
/* The prime number generation stuff may not work when /*
* EIGHT_BIT but I don't care since I've only used this mode * The prime number generation stuff may not work when EIGHT_BIT but I don't
* for debuging the bignum libraries */ * care since I've only used this mode for debuging the bignum libraries
*/
# undef SIXTY_FOUR_BIT_LONG # undef SIXTY_FOUR_BIT_LONG
# undef SIXTY_FOUR_BIT # undef SIXTY_FOUR_BIT
# define THIRTY_TWO_BIT # define THIRTY_TWO_BIT
@@ -70,8 +75,10 @@
#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
# define CONFIG_HEADER_RC4_LOCL_H # define CONFIG_HEADER_RC4_LOCL_H
/* if this is defined data[i] is used instead of *data, this is a %20 /*
* speedup on x86 */ * if this is defined data[i] is used instead of *data, this is a %20 speedup
* on x86
*/
# undef RC4_INDEX # undef RC4_INDEX
#endif #endif
@@ -82,15 +89,19 @@
#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) #if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
# define CONFIG_HEADER_DES_LOCL_H # define CONFIG_HEADER_DES_LOCL_H
/* the following is tweaked from a config script, that is why it is a /*
* protected undef/define */ * the following is tweaked from a config script, that is why it is a
* protected undef/define
*/
# ifndef DES_PTR # ifndef DES_PTR
# define DES_PTR # define DES_PTR
# endif # endif
/* This helps C compiler generate the correct code for multiple functional /*
* This helps C compiler generate the correct code for multiple functional
* units. It reduces register dependancies at the expense of 2 more * units. It reduces register dependancies at the expense of 2 more
* registers */ * registers
*/
# ifndef DES_RISC1 # ifndef DES_RISC1
# define DES_RISC1 # define DES_RISC1
# endif # endif
@@ -102,15 +113,14 @@
# if defined(DES_RISC1) && defined(DES_RISC2) # if defined(DES_RISC1) && defined(DES_RISC2)
YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED ! !!!! YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED ! !!!!
# endif # endif
/*
/* Unroll the inner loop, this sometimes helps, sometimes hinders. * Unroll the inner loop, this sometimes helps, sometimes hinders. Very mucy
* Very mucy CPU dependant */ * CPU dependant
*/
# ifndef DES_UNROLL # ifndef DES_UNROLL
# define DES_UNROLL # define DES_UNROLL
# endif # endif
#endif /* HEADER_DES_LOCL_H */ #endif /* HEADER_DES_LOCL_H */
#ifndef __POWERPC__ #ifndef __POWERPC__
# define MD32_XARRAY # define MD32_XARRAY
#endif #endif

56
apps/app_rand.c
View File

@@ -115,7 +115,6 @@
#include <openssl/bio.h> #include <openssl/bio.h>
#include <openssl/rand.h> #include <openssl/rand.h>
static int seeded = 0; static int seeded = 0;
static int egdsocket = 0; static int egdsocket = 0;
@@ -133,26 +132,27 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
if (file == NULL) if (file == NULL)
file = RAND_file_name(buffer, sizeof buffer); file = RAND_file_name(buffer, sizeof buffer);
else if (RAND_egd(file) > 0) else if (RAND_egd(file) > 0) {
{ /*
/* we try if the given filename is an EGD socket. * we try if the given filename is an EGD socket. if it is, we don't
if it is, we don't write anything back to the file. */ * write anything back to the file.
*/
egdsocket = 1; egdsocket = 1;
return 1; return 1;
} }
if (file == NULL || !RAND_load_file(file, -1)) if (file == NULL || !RAND_load_file(file, -1)) {
{ if (RAND_status() == 0) {
if (RAND_status() == 0) if (!dont_warn) {
{
if (!dont_warn)
{
BIO_printf(bio_e, "unable to load 'random state'\n"); BIO_printf(bio_e, "unable to load 'random state'\n");
BIO_printf(bio_e,"This means that the random number generator has not been seeded\n"); BIO_printf(bio_e,
"This means that the random number generator has not been seeded\n");
BIO_printf(bio_e, "with much random data.\n"); BIO_printf(bio_e, "with much random data.\n");
if (consider_randfile) /* explanation does not apply when a file is explicitly named */ if (consider_randfile) { /* explanation does not apply when a
{ * file is explicitly named */
BIO_printf(bio_e,"Consider setting the RANDFILE environment variable to point at a file that\n"); BIO_printf(bio_e,
BIO_printf(bio_e,"'random' data can be kept in (the file will be overwritten).\n"); "Consider setting the RANDFILE environment variable to point at a file that\n");
BIO_printf(bio_e,
"'random' data can be kept in (the file will be overwritten).\n");
} }
} }
return 0; return 0;
@@ -169,22 +169,24 @@ long app_RAND_load_files(char *name)
long tot = 0; long tot = 0;
int egd; int egd;
for (;;) for (;;) {
{
last = 0; last = 0;
for (p = name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++) ; for (p = name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++) ;
if (*p == '\0') last=1; if (*p == '\0')
last = 1;
*p = '\0'; *p = '\0';
n = name; n = name;
name = p + 1; name = p + 1;
if (*n == '\0') break; if (*n == '\0')
break;
egd = RAND_egd(n); egd = RAND_egd(n);
if (egd > 0) if (egd > 0)
tot += egd; tot += egd;
else else
tot += RAND_load_file(n, -1); tot += RAND_load_file(n, -1);
if (last) break; if (last)
break;
} }
if (tot > 512) if (tot > 512)
app_RAND_allow_write_file(); app_RAND_allow_write_file();
@@ -196,16 +198,16 @@ int app_RAND_write_file(const char *file, BIO *bio_e)
char buffer[200]; char buffer[200];
if (egdsocket || !seeded) if (egdsocket || !seeded)
/* If we did not manage to read the seed file, /*
* we should not write a low-entropy seed file back -- * If we did not manage to read the seed file, we should not write a
* it would suppress a crucial warning the next time * low-entropy seed file back -- it would suppress a crucial warning
* we want to use it. */ * the next time we want to use it.
*/
return 0; return 0;
if (file == NULL) if (file == NULL)
file = RAND_file_name(buffer, sizeof buffer); file = RAND_file_name(buffer, sizeof buffer);
if (file == NULL || !RAND_write_file(file)) if (file == NULL || !RAND_write_file(file)) {
{
BIO_printf(bio_e, "unable to write 'random state'\n"); BIO_printf(bio_e, "unable to write 'random state'\n");
return 0; return 0;
} }

942
apps/apps.c
View File

File diff suppressed because it is too large Load Diff

39
apps/apps.h
View File

@@ -129,8 +129,9 @@
int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn); int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
int app_RAND_write_file(const char *file, BIO *bio_e); int app_RAND_write_file(const char *file, BIO *bio_e);
/* When `file' is NULL, use defaults. /*
* `bio_e' is for error messages. */ * When `file' is NULL, use defaults. `bio_e' is for error messages.
*/
void app_RAND_allow_write_file(void); void app_RAND_allow_write_file(void);
long app_RAND_load_files(char *file); /* `file' is a list of files to read, long app_RAND_load_files(char *file); /* `file' is a list of files to read,
* separated by LIST_SEPARATOR_CHAR * separated by LIST_SEPARATOR_CHAR
@@ -240,21 +241,18 @@ extern int in_FIPS_mode;
# define openssl_fdset(a,b) FD_SET(a, b) # define openssl_fdset(a,b) FD_SET(a, b)
# endif # endif
typedef struct args_st typedef struct args_st {
{
char **data; char **data;
int count; int count;
} ARGS; } ARGS;
# define PW_MIN_LENGTH 4 # define PW_MIN_LENGTH 4
typedef struct pw_cb_data typedef struct pw_cb_data {
{
const void *password; const void *password;
const char *prompt_info; const char *prompt_info;
} PW_CB_DATA; } PW_CB_DATA;
int password_callback(char *buf, int bufsiz, int verify, int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data);
PW_CB_DATA *cb_data);
int setup_ui_method(void); int setup_ui_method(void);
void destroy_ui_method(void); void destroy_ui_method(void);
@@ -266,7 +264,8 @@ void program_name(char *in,char *out,int size);
int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[]); int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[]);
# ifdef HEADER_X509_H # ifdef HEADER_X509_H
int dump_cert_text(BIO *out, X509 *x); int dump_cert_text(BIO *out, X509 *x);
void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags); void print_name(BIO *out, const char *title, X509_NAME *nm,
unsigned long lflags);
# endif # endif
int set_cert_ex(unsigned long *flags, const char *arg); int set_cert_ex(unsigned long *flags, const char *arg);
int set_name_ex(unsigned long *flags, const char *arg); int set_name_ex(unsigned long *flags, const char *arg);
@@ -281,7 +280,8 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *key_descrip); const char *pass, ENGINE *e, const char *key_descrip);
STACK_OF(X509) *load_certs(BIO *err, const char *file, int format, STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
const char *pass, ENGINE *e, const char *cert_descrip); const char *pass, ENGINE *e,
const char *cert_descrip);
X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath); X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
# ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
ENGINE *setup_engine(BIO *err, const char *engine, int debug); ENGINE *setup_engine(BIO *err, const char *engine, int debug);
@@ -289,8 +289,8 @@ ENGINE *setup_engine(BIO *err, const char *engine, int debug);
# ifndef OPENSSL_NO_OCSP # ifndef OPENSSL_NO_OCSP
OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req, OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
char *host, char *path, char *port, int use_ssl, char *host, char *path, char *port,
int req_timeout); int use_ssl, int req_timeout);
# endif # endif
int load_config(BIO *err, CONF *cnf); int load_config(BIO *err, CONF *cnf);
@@ -305,31 +305,32 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
# define DB_rev_date 2 # define DB_rev_date 2
# define DB_serial 3 /* index - unique */ # define DB_serial 3 /* index - unique */
# define DB_file 4 # define DB_file 4
#define DB_name 5 /* index - unique when active and not disabled */ # define DB_name 5 /* index - unique when active and not
* disabled */
# define DB_NUMBER 6 # define DB_NUMBER 6
# define DB_TYPE_REV 'R' # define DB_TYPE_REV 'R'
# define DB_TYPE_EXP 'E' # define DB_TYPE_EXP 'E'
# define DB_TYPE_VAL 'V' # define DB_TYPE_VAL 'V'
typedef struct db_attr_st typedef struct db_attr_st {
{
int unique_subject; int unique_subject;
} DB_ATTR; } DB_ATTR;
typedef struct ca_db_st typedef struct ca_db_st {
{
DB_ATTR attributes; DB_ATTR attributes;
TXT_DB *db; TXT_DB *db;
} CA_DB; } CA_DB;
BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai); BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai);
int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai); int save_serial(char *serialfile, char *suffix, BIGNUM *serial,
ASN1_INTEGER **retai);
int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix); int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix);
int rand_serial(BIGNUM *b, ASN1_INTEGER *ai); int rand_serial(BIGNUM *b, ASN1_INTEGER *ai);
CA_DB *load_index(char *dbfile, DB_ATTR *dbattr); CA_DB *load_index(char *dbfile, DB_ATTR *dbattr);
int index_index(CA_DB *db); int index_index(CA_DB *db);
int save_index(const char *dbfile, const char *suffix, CA_DB *db); int save_index(const char *dbfile, const char *suffix, CA_DB *db);
int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix); int rotate_index(const char *dbfile, const char *new_suffix,
const char *old_suffix);
void free_index(CA_DB *db); void free_index(CA_DB *db);
int index_name_cmp(const char **a, const char **b); int index_name_cmp(const char **a, const char **b);
int parse_yesno(const char *str, int def); int parse_yesno(const char *str, int def);

212
apps/asn1pars.c
View File

@@ -56,8 +56,9 @@
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
/* A nice addition from Dr Stephen Henson <steve@openssl.org> to /*
* add the -strparse option which parses nested binary structures * A nice addition from Dr Stephen Henson <steve@openssl.org> to add the
* -strparse option which parses nested binary structures
*/ */
#include <stdio.h> #include <stdio.h>
@@ -114,76 +115,62 @@ int MAIN(int argc, char **argv)
prog = argv[0]; prog = argv[0];
argc--; argc--;
argv++; argv++;
if ((osk=sk_new_null()) == NULL) if ((osk = sk_new_null()) == NULL) {
{
BIO_printf(bio_err, "Memory allocation failure\n"); BIO_printf(bio_err, "Memory allocation failure\n");
goto end; goto end;
} }
while (argc >= 1) while (argc >= 1) {
{ if (strcmp(*argv, "-inform") == 0) {
if (strcmp(*argv,"-inform") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
informat = str2fmt(*(++argv)); informat = str2fmt(*(++argv));
} } else if (strcmp(*argv, "-in") == 0) {
else if (strcmp(*argv,"-in") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
infile = *(++argv); infile = *(++argv);
} } else if (strcmp(*argv, "-out") == 0) {
else if (strcmp(*argv,"-out") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
derfile = *(++argv); derfile = *(++argv);
} } else if (strcmp(*argv, "-i") == 0) {
else if (strcmp(*argv,"-i") == 0)
{
indent = 1; indent = 1;
} } else if (strcmp(*argv, "-noout") == 0)
else if (strcmp(*argv,"-noout") == 0) noout = 1; noout = 1;
else if (strcmp(*argv,"-oid") == 0) else if (strcmp(*argv, "-oid") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
oidfile = *(++argv); oidfile = *(++argv);
} } else if (strcmp(*argv, "-offset") == 0) {
else if (strcmp(*argv,"-offset") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
offset = atoi(*(++argv)); offset = atoi(*(++argv));
} } else if (strcmp(*argv, "-length") == 0) {
else if (strcmp(*argv,"-length") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
length = atoi(*(++argv)); length = atoi(*(++argv));
if (length == 0) goto bad; if (length == 0)
} goto bad;
else if (strcmp(*argv,"-dump") == 0) } else if (strcmp(*argv, "-dump") == 0) {
{
dump = -1; dump = -1;
} } else if (strcmp(*argv, "-dlimit") == 0) {
else if (strcmp(*argv,"-dlimit") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
dump = atoi(*(++argv)); dump = atoi(*(++argv));
if (dump <= 0) goto bad; if (dump <= 0)
} goto bad;
else if (strcmp(*argv,"-strparse") == 0) } else if (strcmp(*argv, "-strparse") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
sk_push(osk, *(++argv)); sk_push(osk, *(++argv));
} } else if (strcmp(*argv, "-genstr") == 0) {
else if (strcmp(*argv,"-genstr") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
genstr = *(++argv); genstr = *(++argv);
} } else if (strcmp(*argv, "-genconf") == 0) {
else if (strcmp(*argv,"-genconf") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
genconf = *(++argv); genconf = *(++argv);
} } else {
else
{
BIO_printf(bio_err, "unknown option %s\n", *argv); BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1; badops = 1;
break; break;
@@ -192,26 +179,30 @@ int MAIN(int argc, char **argv)
argv++; argv++;
} }
if (badops) if (badops) {
{
bad: bad:
BIO_printf(bio_err, "%s [options] <infile\n", prog); BIO_printf(bio_err, "%s [options] <infile\n", prog);
BIO_printf(bio_err, "where options are\n"); BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, " -inform arg input format - one of DER PEM\n"); BIO_printf(bio_err, " -inform arg input format - one of DER PEM\n");
BIO_printf(bio_err, " -in arg input file\n"); BIO_printf(bio_err, " -in arg input file\n");
BIO_printf(bio_err," -out arg output file (output format is always DER\n"); BIO_printf(bio_err,
" -out arg output file (output format is always DER\n");
BIO_printf(bio_err, " -noout arg don't produce any output\n"); BIO_printf(bio_err, " -noout arg don't produce any output\n");
BIO_printf(bio_err, " -offset arg offset into file\n"); BIO_printf(bio_err, " -offset arg offset into file\n");
BIO_printf(bio_err, " -length arg length of section in file\n"); BIO_printf(bio_err, " -length arg length of section in file\n");
BIO_printf(bio_err, " -i indent entries\n"); BIO_printf(bio_err, " -i indent entries\n");
BIO_printf(bio_err, " -dump dump unknown data in hex form\n"); BIO_printf(bio_err, " -dump dump unknown data in hex form\n");
BIO_printf(bio_err," -dlimit arg dump the first arg bytes of unknown data in hex form\n"); BIO_printf(bio_err,
" -dlimit arg dump the first arg bytes of unknown data in hex form\n");
BIO_printf(bio_err, " -oid file file of extra oid definitions\n"); BIO_printf(bio_err, " -oid file file of extra oid definitions\n");
BIO_printf(bio_err, " -strparse offset\n"); BIO_printf(bio_err, " -strparse offset\n");
BIO_printf(bio_err," a series of these can be used to 'dig' into multiple\n"); BIO_printf(bio_err,
" a series of these can be used to 'dig' into multiple\n");
BIO_printf(bio_err, " ASN1 blob wrappings\n"); BIO_printf(bio_err, " ASN1 blob wrappings\n");
BIO_printf(bio_err," -genstr str string to generate ASN1 structure from\n"); BIO_printf(bio_err,
BIO_printf(bio_err," -genconf file file to generate ASN1 structure from\n"); " -genstr str string to generate ASN1 structure from\n");
BIO_printf(bio_err,
" -genconf file file to generate ASN1 structure from\n");
goto end; goto end;
} }
@@ -219,8 +210,7 @@ bad:
in = BIO_new(BIO_s_file()); in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL)) if ((in == NULL) || (out == NULL)) {
{
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
@@ -232,10 +222,8 @@ bad:
} }
#endif #endif
if (oidfile != NULL) if (oidfile != NULL) {
{ if (BIO_read_filename(in, oidfile) <= 0) {
if (BIO_read_filename(in,oidfile) <= 0)
{
BIO_printf(bio_err, "problems opening %s\n", oidfile); BIO_printf(bio_err, "problems opening %s\n", oidfile);
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
@@ -245,10 +233,8 @@ bad:
if (infile == NULL) if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE); BIO_set_fp(in, stdin, BIO_NOCLOSE);
else else {
{ if (BIO_read_filename(in, infile) <= 0) {
if (BIO_read_filename(in,infile) <= 0)
{
perror(infile); perror(infile);
goto end; goto end;
} }
@@ -262,24 +248,22 @@ bad:
} }
} }
if ((buf=BUF_MEM_new()) == NULL) goto end; if ((buf = BUF_MEM_new()) == NULL)
if (!BUF_MEM_grow(buf,BUFSIZ*8)) goto end; /* Pre-allocate :-) */ goto end;
if (!BUF_MEM_grow(buf, BUFSIZ * 8))
goto end; /* Pre-allocate :-) */
if (genstr || genconf) if (genstr || genconf) {
{
num = do_generate(bio_err, genstr, genconf, buf); num = do_generate(bio_err, genstr, genconf, buf);
if (num < 0) if (num < 0) {
{
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
} }
else else {
{
if (informat == FORMAT_PEM) if (informat == FORMAT_PEM) {
{
BIO *tmp; BIO *tmp;
if ((b64 = BIO_new(BIO_f_base64())) == NULL) if ((b64 = BIO_new(BIO_f_base64())) == NULL)
@@ -291,11 +275,12 @@ bad:
} }
num = 0; num = 0;
for (;;) for (;;) {
{ if (!BUF_MEM_grow(buf, (int)num + BUFSIZ))
if (!BUF_MEM_grow(buf,(int)num+BUFSIZ)) goto end; goto end;
i = BIO_read(in, &(buf->data[num]), BUFSIZ); i = BIO_read(in, &(buf->data[num]), BUFSIZ);
if (i <= 0) break; if (i <= 0)
break;
num += i; num += i;
} }
} }
@@ -303,18 +288,16 @@ bad:
/* If any structs to parse go through in sequence */ /* If any structs to parse go through in sequence */
if (sk_num(osk)) if (sk_num(osk)) {
{
tmpbuf = (unsigned char *)str; tmpbuf = (unsigned char *)str;
tmplen = num; tmplen = num;
for (i=0; i<sk_num(osk); i++) for (i = 0; i < sk_num(osk); i++) {
{
ASN1_TYPE *atmp; ASN1_TYPE *atmp;
int typ; int typ;
j = atoi(sk_value(osk, i)); j = atoi(sk_value(osk, i));
if (j == 0) if (j == 0) {
{ BIO_printf(bio_err, "'%s' is an invalid number\n",
BIO_printf(bio_err,"'%s' is an invalid number\n",sk_value(osk,i)); sk_value(osk, i));
continue; continue;
} }
tmpbuf += j; tmpbuf += j;
@@ -323,16 +306,14 @@ bad:
ctmpbuf = tmpbuf; ctmpbuf = tmpbuf;
at = d2i_ASN1_TYPE(NULL, &ctmpbuf, tmplen); at = d2i_ASN1_TYPE(NULL, &ctmpbuf, tmplen);
ASN1_TYPE_free(atmp); ASN1_TYPE_free(atmp);
if(!at) if (!at) {
{
BIO_printf(bio_err, "Error parsing structure\n"); BIO_printf(bio_err, "Error parsing structure\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
typ = ASN1_TYPE_get(at); typ = ASN1_TYPE_get(at);
if ((typ == V_ASN1_OBJECT) if ((typ == V_ASN1_OBJECT)
|| (typ == V_ASN1_NULL)) || (typ == V_ASN1_NULL)) {
{
BIO_printf(bio_err, "Can't parse %s type\n", BIO_printf(bio_err, "Can't parse %s type\n",
typ == V_ASN1_NULL ? "NULL" : "OBJECT"); typ == V_ASN1_NULL ? "NULL" : "OBJECT");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
@@ -346,15 +327,15 @@ bad:
num = tmplen; num = tmplen;
} }
if (offset >= num) if (offset >= num) {
{
BIO_printf(bio_err, "Error: offset too large\n"); BIO_printf(bio_err, "Error: offset too large\n");
goto end; goto end;
} }
num -= offset; num -= offset;
if ((length == 0) || ((long)length > num)) length=(unsigned int)num; if ((length == 0) || ((long)length > num))
length = (unsigned int)num;
if (derout) { if (derout) {
if (BIO_write(derout, str + offset, length) != (int)length) { if (BIO_write(derout, str + offset, length) != (int)length) {
BIO_printf(bio_err, "Error writing output\n"); BIO_printf(bio_err, "Error writing output\n");
@@ -364,22 +345,27 @@ bad:
} }
if (!noout && if (!noout &&
!ASN1_parse_dump(out, (unsigned char *)&(str[offset]), length, !ASN1_parse_dump(out, (unsigned char *)&(str[offset]), length,
indent,dump)) indent, dump)) {
{
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
ret = 0; ret = 0;
end: end:
BIO_free(derout); BIO_free(derout);
if (in != NULL) BIO_free(in); if (in != NULL)
if (out != NULL) BIO_free_all(out); BIO_free(in);
if (b64 != NULL) BIO_free(b64); if (out != NULL)
BIO_free_all(out);
if (b64 != NULL)
BIO_free(b64);
if (ret != 0) if (ret != 0)
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
if (buf != NULL) BUF_MEM_free(buf); if (buf != NULL)
if (at != NULL) ASN1_TYPE_free(at); BUF_MEM_free(buf);
if (osk != NULL) sk_free(osk); if (at != NULL)
ASN1_TYPE_free(at);
if (osk != NULL)
sk_free(osk);
OBJ_cleanup(); OBJ_cleanup();
apps_shutdown(); apps_shutdown();
OPENSSL_EXIT(ret); OPENSSL_EXIT(ret);
@@ -393,15 +379,13 @@ static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
unsigned char *p; unsigned char *p;
ASN1_TYPE *atyp = NULL; ASN1_TYPE *atyp = NULL;
if (genconf) if (genconf) {
{
cnf = NCONF_new(NULL); cnf = NCONF_new(NULL);
if (!NCONF_load(cnf, genconf, &errline)) if (!NCONF_load(cnf, genconf, &errline))
goto conferr; goto conferr;
if (!genstr) if (!genstr)
genstr = NCONF_get_string(cnf, "default", "asn1"); genstr = NCONF_get_string(cnf, "default", "asn1");
if (!genstr) if (!genstr) {
{
BIO_printf(bio, "Can't find 'asn1' in '%s'\n", genconf); BIO_printf(bio, "Can't find 'asn1' in '%s'\n", genconf);
goto err; goto err;
} }

1713
apps/ca.c
View File

File diff suppressed because it is too large Load Diff

59
apps/ciphers.c
View File

@@ -117,8 +117,7 @@ int MAIN(int argc, char **argv)
argc--; argc--;
argv++; argv++;
while (argc >= 1) while (argc >= 1) {
{
if (strcmp(*argv, "-v") == 0) if (strcmp(*argv, "-v") == 0)
verbose = 1; verbose = 1;
#ifndef OPENSSL_NO_SSL2 #ifndef OPENSSL_NO_SSL2
@@ -133,22 +132,17 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv, "-tls1") == 0) else if (strcmp(*argv, "-tls1") == 0)
meth = TLSv1_client_method(); meth = TLSv1_client_method();
#endif #endif
else if ((strncmp(*argv,"-h",2) == 0) || else if ((strncmp(*argv, "-h", 2) == 0) || (strcmp(*argv, "-?") == 0)) {
(strcmp(*argv,"-?") == 0))
{
badops = 1; badops = 1;
break; break;
} } else {
else
{
ciphers = *argv; ciphers = *argv;
} }
argc--; argc--;
argv++; argv++;
} }
if (badops) if (badops) {
{
for (pp = ciphers_usage; (*pp != NULL); pp++) for (pp = ciphers_usage; (*pp != NULL); pp++)
BIO_printf(bio_err, "%s", *pp); BIO_printf(bio_err, "%s", *pp);
goto end; goto end;
@@ -157,7 +151,8 @@ int MAIN(int argc, char **argv)
OpenSSL_add_ssl_algorithms(); OpenSSL_add_ssl_algorithms();
ctx = SSL_CTX_new(meth); ctx = SSL_CTX_new(meth);
if (ctx == NULL) goto err; if (ctx == NULL)
goto err;
if (ciphers != NULL) { if (ciphers != NULL) {
if (!SSL_CTX_set_cipher_list(ctx, ciphers)) { if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
BIO_printf(bio_err, "Error in cipher list\n"); BIO_printf(bio_err, "Error in cipher list\n");
@@ -165,44 +160,42 @@ int MAIN(int argc, char **argv)
} }
} }
ssl = SSL_new(ctx); ssl = SSL_new(ctx);
if (ssl == NULL) goto err; if (ssl == NULL)
goto err;
if (!verbose) {
if (!verbose) for (i = 0;; i++) {
{
for (i=0; ; i++)
{
p = SSL_get_cipher_list(ssl, i); p = SSL_get_cipher_list(ssl, i);
if (p == NULL) break; if (p == NULL)
if (i != 0) BIO_printf(STDout,":"); break;
if (i != 0)
BIO_printf(STDout, ":");
BIO_printf(STDout, "%s", p); BIO_printf(STDout, "%s", p);
} }
BIO_printf(STDout, "\n"); BIO_printf(STDout, "\n");
} } else {
else
{
sk = SSL_get_ciphers(ssl); sk = SSL_get_ciphers(ssl);
for (i=0; i<sk_SSL_CIPHER_num(sk); i++) for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
{ BIO_puts(STDout,
BIO_puts(STDout,SSL_CIPHER_description( SSL_CIPHER_description(sk_SSL_CIPHER_value(sk, i), buf,
sk_SSL_CIPHER_value(sk,i), sizeof buf));
buf,sizeof buf));
} }
} }
ret = 0; ret = 0;
if (0) if (0) {
{
err: err:
SSL_load_error_strings(); SSL_load_error_strings();
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
} }
end: end:
if (ctx != NULL) SSL_CTX_free(ctx); if (ctx != NULL)
if (ssl != NULL) SSL_free(ssl); SSL_CTX_free(ctx);
if (STDout != NULL) BIO_free_all(STDout); if (ssl != NULL)
SSL_free(ssl);
if (STDout != NULL)
BIO_free_all(STDout);
apps_shutdown(); apps_shutdown();
OPENSSL_EXIT(ret); OPENSSL_EXIT(ret);
} }

590
apps/cms.c
View File

File diff suppressed because it is too large Load Diff

204
apps/crl.c
View File

@@ -107,7 +107,8 @@ int MAIN(int argc, char **argv)
BIO *out = NULL; BIO *out = NULL;
int informat, outformat; int informat, outformat;
char *infile = NULL, *outfile = NULL; char *infile = NULL, *outfile = NULL;
int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0; int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout =
0, text = 0;
int fingerprint = 0, crlnumber = 0; int fingerprint = 0, crlnumber = 0;
const char **pp; const char **pp;
X509_STORE *store = NULL; X509_STORE *store = NULL;
@@ -128,8 +129,7 @@ int MAIN(int argc, char **argv)
goto end; goto end;
if (bio_out == NULL) if (bio_out == NULL)
if ((bio_out=BIO_new(BIO_s_file())) != NULL) if ((bio_out = BIO_new(BIO_s_file())) != NULL) {
{
BIO_set_fp(bio_out, stdout, BIO_NOCLOSE); BIO_set_fp(bio_out, stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS #ifdef OPENSSL_SYS_VMS
{ {
@@ -145,59 +145,54 @@ int MAIN(int argc, char **argv)
argc--; argc--;
argv++; argv++;
num = 0; num = 0;
while (argc >= 1) while (argc >= 1) {
{
#ifdef undef #ifdef undef
if (strcmp(*argv,"-p") == 0) if (strcmp(*argv, "-p") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
if (!args_from_file(++argv,Nargc,Nargv)) { goto end; }*/ if (!args_from_file(++argv, Nargc, Nargv)) {
goto end;
} }
*/}
#endif #endif
if (strcmp(*argv,"-inform") == 0) if (strcmp(*argv, "-inform") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
informat = str2fmt(*(++argv)); informat = str2fmt(*(++argv));
} } else if (strcmp(*argv, "-outform") == 0) {
else if (strcmp(*argv,"-outform") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
outformat = str2fmt(*(++argv)); outformat = str2fmt(*(++argv));
} } else if (strcmp(*argv, "-in") == 0) {
else if (strcmp(*argv,"-in") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
infile = *(++argv); infile = *(++argv);
} } else if (strcmp(*argv, "-out") == 0) {
else if (strcmp(*argv,"-out") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
outfile = *(++argv); outfile = *(++argv);
} } else if (strcmp(*argv, "-CApath") == 0) {
else if (strcmp(*argv,"-CApath") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
CApath = *(++argv); CApath = *(++argv);
do_ver = 1; do_ver = 1;
} } else if (strcmp(*argv, "-CAfile") == 0) {
else if (strcmp(*argv,"-CAfile") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
CAfile = *(++argv); CAfile = *(++argv);
do_ver = 1; do_ver = 1;
} } else if (strcmp(*argv, "-verify") == 0)
else if (strcmp(*argv,"-verify") == 0)
do_ver = 1; do_ver = 1;
else if (strcmp(*argv, "-text") == 0) else if (strcmp(*argv, "-text") == 0)
text = 1; text = 1;
else if (strcmp(*argv, "-hash") == 0) else if (strcmp(*argv, "-hash") == 0)
hash = ++num; hash = ++num;
else if (strcmp(*argv,"-nameopt") == 0) else if (strcmp(*argv, "-nameopt") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
if (!set_name_ex(&nmflag, *(++argv))) goto bad; if (!set_name_ex(&nmflag, *(++argv)))
} goto bad;
else if (strcmp(*argv,"-issuer") == 0) } else if (strcmp(*argv, "-issuer") == 0)
issuer = ++num; issuer = ++num;
else if (strcmp(*argv, "-lastupdate") == 0) else if (strcmp(*argv, "-lastupdate") == 0)
lastupdate = ++num; lastupdate = ++num;
@@ -209,13 +204,10 @@ int MAIN(int argc, char **argv)
fingerprint = ++num; fingerprint = ++num;
else if (strcmp(*argv, "-crlnumber") == 0) else if (strcmp(*argv, "-crlnumber") == 0)
crlnumber = ++num; crlnumber = ++num;
else if ((md_alg=EVP_get_digestbyname(*argv + 1))) else if ((md_alg = EVP_get_digestbyname(*argv + 1))) {
{
/* ok */ /* ok */
digest = md_alg; digest = md_alg;
} } else {
else
{
BIO_printf(bio_err, "unknown option %s\n", *argv); BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1; badops = 1;
break; break;
@@ -224,8 +216,7 @@ int MAIN(int argc, char **argv)
argv++; argv++;
} }
if (badops) if (badops) {
{
bad: bad:
for (pp = crl_usage; (*pp != NULL); pp++) for (pp = crl_usage; (*pp != NULL); pp++)
BIO_printf(bio_err, "%s", *pp); BIO_printf(bio_err, "%s", *pp);
@@ -234,110 +225,99 @@ bad:
ERR_load_crypto_strings(); ERR_load_crypto_strings();
x = load_crl(infile, informat); x = load_crl(infile, informat);
if (x == NULL) { goto end; } if (x == NULL) {
goto end;
}
if (do_ver) { if (do_ver) {
store = X509_STORE_new(); store = X509_STORE_new();
lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
if (lookup == NULL) goto end; if (lookup == NULL)
goto end;
if (!X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM)) if (!X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM))
X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT); X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()); lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
if (lookup == NULL) goto end; if (lookup == NULL)
goto end;
if (!X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM)) if (!X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM))
X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT); X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
ERR_clear_error(); ERR_clear_error();
if (!X509_STORE_CTX_init(&ctx, store, NULL, NULL)) { if (!X509_STORE_CTX_init(&ctx, store, NULL, NULL)) {
BIO_printf(bio_err, BIO_printf(bio_err, "Error initialising X509 store\n");
"Error initialising X509 store\n");
goto end; goto end;
} }
i = X509_STORE_get_by_subject(&ctx, X509_LU_X509, i = X509_STORE_get_by_subject(&ctx, X509_LU_X509,
X509_CRL_get_issuer(x), &xobj); X509_CRL_get_issuer(x), &xobj);
if (i <= 0) { if (i <= 0) {
BIO_printf(bio_err, BIO_printf(bio_err, "Error getting CRL issuer certificate\n");
"Error getting CRL issuer certificate\n");
goto end; goto end;
} }
pkey = X509_get_pubkey(xobj.data.x509); pkey = X509_get_pubkey(xobj.data.x509);
X509_OBJECT_free_contents(&xobj); X509_OBJECT_free_contents(&xobj);
if (!pkey) { if (!pkey) {
BIO_printf(bio_err, BIO_printf(bio_err, "Error getting CRL issuer public key\n");
"Error getting CRL issuer public key\n");
goto end; goto end;
} }
i = X509_CRL_verify(x, pkey); i = X509_CRL_verify(x, pkey);
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
if(i < 0) goto end; if (i < 0)
if(i == 0) BIO_printf(bio_err, "verify failure\n"); goto end;
else BIO_printf(bio_err, "verify OK\n"); if (i == 0)
BIO_printf(bio_err, "verify failure\n");
else
BIO_printf(bio_err, "verify OK\n");
} }
if (num) if (num) {
{ for (i = 1; i <= num; i++) {
for (i=1; i<=num; i++) if (issuer == i) {
{ print_name(bio_out, "issuer=", X509_CRL_get_issuer(x),
if (issuer == i) nmflag);
{
print_name(bio_out, "issuer=", X509_CRL_get_issuer(x), nmflag);
} }
if (crlnumber == i) if (crlnumber == i) {
{
ASN1_INTEGER *crlnum; ASN1_INTEGER *crlnum;
crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number, crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number, NULL, NULL);
NULL, NULL);
BIO_printf(bio_out, "crlNumber="); BIO_printf(bio_out, "crlNumber=");
if (crlnum) if (crlnum) {
{
i2a_ASN1_INTEGER(bio_out, crlnum); i2a_ASN1_INTEGER(bio_out, crlnum);
ASN1_INTEGER_free(crlnum); ASN1_INTEGER_free(crlnum);
} } else
else
BIO_puts(bio_out, "<NONE>"); BIO_puts(bio_out, "<NONE>");
BIO_printf(bio_out, "\n"); BIO_printf(bio_out, "\n");
} }
if (hash == i) if (hash == i) {
{
BIO_printf(bio_out, "%08lx\n", BIO_printf(bio_out, "%08lx\n",
X509_NAME_hash(X509_CRL_get_issuer(x))); X509_NAME_hash(X509_CRL_get_issuer(x)));
} }
if (lastupdate == i) if (lastupdate == i) {
{
BIO_printf(bio_out, "lastUpdate="); BIO_printf(bio_out, "lastUpdate=");
ASN1_TIME_print(bio_out, ASN1_TIME_print(bio_out, X509_CRL_get_lastUpdate(x));
X509_CRL_get_lastUpdate(x));
BIO_printf(bio_out, "\n"); BIO_printf(bio_out, "\n");
} }
if (nextupdate == i) if (nextupdate == i) {
{
BIO_printf(bio_out, "nextUpdate="); BIO_printf(bio_out, "nextUpdate=");
if (X509_CRL_get_nextUpdate(x)) if (X509_CRL_get_nextUpdate(x))
ASN1_TIME_print(bio_out, ASN1_TIME_print(bio_out, X509_CRL_get_nextUpdate(x));
X509_CRL_get_nextUpdate(x));
else else
BIO_printf(bio_out, "NONE"); BIO_printf(bio_out, "NONE");
BIO_printf(bio_out, "\n"); BIO_printf(bio_out, "\n");
} }
if (fingerprint == i) if (fingerprint == i) {
{
int j; int j;
unsigned int n; unsigned int n;
unsigned char md[EVP_MAX_MD_SIZE]; unsigned char md[EVP_MAX_MD_SIZE];
if (!X509_CRL_digest(x,digest,md,&n)) if (!X509_CRL_digest(x, digest, md, &n)) {
{
BIO_printf(bio_err, "out of memory\n"); BIO_printf(bio_err, "out of memory\n");
goto end; goto end;
} }
BIO_printf(bio_out, "%s Fingerprint=", BIO_printf(bio_out, "%s Fingerprint=",
OBJ_nid2sn(EVP_MD_type(digest))); OBJ_nid2sn(EVP_MD_type(digest)));
for (j=0; j<(int)n; j++) for (j = 0; j < (int)n; j++) {
{ BIO_printf(bio_out, "%02X%c", md[j], (j + 1 == (int)n)
BIO_printf(bio_out,"%02X%c",md[j],
(j+1 == (int)n)
? '\n' : ':'); ? '\n' : ':');
} }
} }
@@ -345,14 +325,12 @@ bad:
} }
out = BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file());
if (out == NULL) if (out == NULL) {
{
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
if (outfile == NULL) if (outfile == NULL) {
{
BIO_set_fp(out, stdout, BIO_NOCLOSE); BIO_set_fp(out, stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS #ifdef OPENSSL_SYS_VMS
{ {
@@ -360,20 +338,17 @@ bad:
out = BIO_push(tmpbio, out); out = BIO_push(tmpbio, out);
} }
#endif #endif
} } else {
else if (BIO_write_filename(out, outfile) <= 0) {
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile); perror(outfile);
goto end; goto end;
} }
} }
if (text) X509_CRL_print(out, x); if (text)
X509_CRL_print(out, x);
if (noout) if (noout) {
{
ret = 0; ret = 0;
goto end; goto end;
} }
@@ -382,12 +357,14 @@ bad:
i = (int)i2d_X509_CRL_bio(out, x); i = (int)i2d_X509_CRL_bio(out, x);
else if (outformat == FORMAT_PEM) else if (outformat == FORMAT_PEM)
i = PEM_write_bio_X509_CRL(out, x); i = PEM_write_bio_X509_CRL(out, x);
else else {
{
BIO_printf(bio_err, "bad output format specified for outfile\n"); BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end; goto end;
} }
if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; } if (!i) {
BIO_printf(bio_err, "unable to write CRL\n");
goto end;
}
ret = 0; ret = 0;
end: end:
BIO_free_all(out); BIO_free_all(out);
@@ -408,18 +385,15 @@ static X509_CRL *load_crl(char *infile, int format)
BIO *in = NULL; BIO *in = NULL;
in = BIO_new(BIO_s_file()); in = BIO_new(BIO_s_file());
if (in == NULL) if (in == NULL) {
{
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
if (infile == NULL) if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE); BIO_set_fp(in, stdin, BIO_NOCLOSE);
else else {
{ if (BIO_read_filename(in, infile) <= 0) {
if (BIO_read_filename(in,infile) <= 0)
{
perror(infile); perror(infile);
goto end; goto end;
} }
@@ -432,8 +406,7 @@ static X509_CRL *load_crl(char *infile, int format)
BIO_printf(bio_err, "bad input format specified for input crl\n"); BIO_printf(bio_err, "bad input format specified for input crl\n");
goto end; goto end;
} }
if (x == NULL) if (x == NULL) {
{
BIO_printf(bio_err, "unable to load CRL\n"); BIO_printf(bio_err, "unable to load CRL\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
@@ -443,4 +416,3 @@ end:
BIO_free(in); BIO_free(in);
return (x); return (x);
} }

151
apps/crl2p7.c
View File

@@ -56,9 +56,11 @@
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
/* This was written by Gordon Chaffee <chaffee@plateau.cs.berkeley.edu> /*
* and donated 'to the cause' along with lots and lots of other fixes to * This was written by Gordon Chaffee <chaffee@plateau.cs.berkeley.edu> and
* the library. */ * donated 'to the cause' along with lots and lots of other fixes to the
* library.
*/
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
@@ -113,46 +115,37 @@ int MAIN(int argc, char **argv)
prog = argv[0]; prog = argv[0];
argc--; argc--;
argv++; argv++;
while (argc >= 1) while (argc >= 1) {
{ if (strcmp(*argv, "-inform") == 0) {
if (strcmp(*argv,"-inform") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
informat = str2fmt(*(++argv)); informat = str2fmt(*(++argv));
} } else if (strcmp(*argv, "-outform") == 0) {
else if (strcmp(*argv,"-outform") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
outformat = str2fmt(*(++argv)); outformat = str2fmt(*(++argv));
} } else if (strcmp(*argv, "-in") == 0) {
else if (strcmp(*argv,"-in") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
infile = *(++argv); infile = *(++argv);
} } else if (strcmp(*argv, "-nocrl") == 0) {
else if (strcmp(*argv,"-nocrl") == 0)
{
nocrl = 1; nocrl = 1;
} } else if (strcmp(*argv, "-out") == 0) {
else if (strcmp(*argv,"-out") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
outfile = *(++argv); outfile = *(++argv);
} } else if (strcmp(*argv, "-certfile") == 0) {
else if (strcmp(*argv,"-certfile") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad; if (!certflst)
if(!certflst) certflst = sk_new_null(); certflst = sk_new_null();
if (!certflst) if (!certflst)
goto end; goto end;
if (!sk_push(certflst,*(++argv))) if (!sk_push(certflst, *(++argv))) {
{
sk_free(certflst); sk_free(certflst);
goto end; goto end;
} }
} } else {
else
{
BIO_printf(bio_err, "unknown option %s\n", *argv); BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1; badops = 1;
break; break;
@@ -161,8 +154,7 @@ int MAIN(int argc, char **argv)
argv++; argv++;
} }
if (badops) if (badops) {
{
bad: bad:
BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog); BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
BIO_printf(bio_err, "where options are\n"); BIO_printf(bio_err, "where options are\n");
@@ -170,9 +162,11 @@ bad:
BIO_printf(bio_err, " -outform arg output format - DER or PEM\n"); BIO_printf(bio_err, " -outform arg output format - DER or PEM\n");
BIO_printf(bio_err, " -in arg input file\n"); BIO_printf(bio_err, " -in arg input file\n");
BIO_printf(bio_err, " -out arg output file\n"); BIO_printf(bio_err, " -out arg output file\n");
BIO_printf(bio_err," -certfile arg certificates file of chain to a trusted CA\n"); BIO_printf(bio_err,
" -certfile arg certificates file of chain to a trusted CA\n");
BIO_printf(bio_err, " (can be used more than once)\n"); BIO_printf(bio_err, " (can be used more than once)\n");
BIO_printf(bio_err," -nocrl no crl to load, just certs from '-certfile'\n"); BIO_printf(bio_err,
" -nocrl no crl to load, just certs from '-certfile'\n");
ret = 1; ret = 1;
goto end; goto end;
} }
@@ -181,20 +175,16 @@ bad:
in = BIO_new(BIO_s_file()); in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL)) if ((in == NULL) || (out == NULL)) {
{
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
if (!nocrl) if (!nocrl) {
{
if (infile == NULL) if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE); BIO_set_fp(in, stdin, BIO_NOCLOSE);
else else {
{ if (BIO_read_filename(in, infile) <= 0) {
if (BIO_read_filename(in,infile) <= 0)
{
perror(infile); perror(infile);
goto end; goto end;
} }
@@ -208,36 +198,39 @@ bad:
BIO_printf(bio_err, "bad input format specified for input crl\n"); BIO_printf(bio_err, "bad input format specified for input crl\n");
goto end; goto end;
} }
if (crl == NULL) if (crl == NULL) {
{
BIO_printf(bio_err, "unable to load CRL\n"); BIO_printf(bio_err, "unable to load CRL\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
} }
if ((p7=PKCS7_new()) == NULL) goto end; if ((p7 = PKCS7_new()) == NULL)
if ((p7s=PKCS7_SIGNED_new()) == NULL) goto end; goto end;
if ((p7s = PKCS7_SIGNED_new()) == NULL)
goto end;
p7->type = OBJ_nid2obj(NID_pkcs7_signed); p7->type = OBJ_nid2obj(NID_pkcs7_signed);
p7->d.sign = p7s; p7->d.sign = p7s;
p7s->contents->type = OBJ_nid2obj(NID_pkcs7_data); p7s->contents->type = OBJ_nid2obj(NID_pkcs7_data);
if (!ASN1_INTEGER_set(p7s->version,1)) goto end; if (!ASN1_INTEGER_set(p7s->version, 1))
if ((crl_stack=sk_X509_CRL_new_null()) == NULL) goto end; goto end;
if ((crl_stack = sk_X509_CRL_new_null()) == NULL)
goto end;
p7s->crl = crl_stack; p7s->crl = crl_stack;
if (crl != NULL) if (crl != NULL) {
{
sk_X509_CRL_push(crl_stack, crl); sk_X509_CRL_push(crl_stack, crl);
crl = NULL; /* now part of p7 for OPENSSL_freeing */ crl = NULL; /* now part of p7 for OPENSSL_freeing */
} }
if ((cert_stack=sk_X509_new_null()) == NULL) goto end; if ((cert_stack = sk_X509_new_null()) == NULL)
goto end;
p7s->cert = cert_stack; p7s->cert = cert_stack;
if(certflst) for(i = 0; i < sk_num(certflst); i++) { if (certflst)
for (i = 0; i < sk_num(certflst); i++) {
certfile = sk_value(certflst, i); certfile = sk_value(certflst, i);
if (add_certs_from_file(cert_stack,certfile) < 0) if (add_certs_from_file(cert_stack, certfile) < 0) {
{
BIO_printf(bio_err, "error loading certificates\n"); BIO_printf(bio_err, "error loading certificates\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
@@ -246,8 +239,7 @@ bad:
sk_free(certflst); sk_free(certflst);
if (outfile == NULL) if (outfile == NULL) {
{
BIO_set_fp(out, stdout, BIO_NOCLOSE); BIO_set_fp(out, stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS #ifdef OPENSSL_SYS_VMS
{ {
@@ -255,11 +247,8 @@ bad:
out = BIO_push(tmpbio, out); out = BIO_push(tmpbio, out);
} }
#endif #endif
} } else {
else if (BIO_write_filename(out, outfile) <= 0) {
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile); perror(outfile);
goto end; goto end;
} }
@@ -273,18 +262,21 @@ bad:
BIO_printf(bio_err, "bad output format specified for outfile\n"); BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end; goto end;
} }
if (!i) if (!i) {
{
BIO_printf(bio_err, "unable to write pkcs7 object\n"); BIO_printf(bio_err, "unable to write pkcs7 object\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
ret = 0; ret = 0;
end: end:
if (in != NULL) BIO_free(in); if (in != NULL)
if (out != NULL) BIO_free_all(out); BIO_free(in);
if (p7 != NULL) PKCS7_free(p7); if (out != NULL)
if (crl != NULL) X509_CRL_free(crl); BIO_free_all(out);
if (p7 != NULL)
PKCS7_free(p7);
if (crl != NULL)
X509_CRL_free(crl);
apps_shutdown(); apps_shutdown();
OPENSSL_EXIT(ret); OPENSSL_EXIT(ret);
@@ -309,15 +301,13 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
STACK_OF(X509_INFO) *sk = NULL; STACK_OF(X509_INFO) *sk = NULL;
X509_INFO *xi; X509_INFO *xi;
if ((stat(certfile,&st) != 0)) if ((stat(certfile, &st) != 0)) {
{
BIO_printf(bio_err, "unable to load the file, %s\n", certfile); BIO_printf(bio_err, "unable to load the file, %s\n", certfile);
goto end; goto end;
} }
in = BIO_new(BIO_s_file()); in = BIO_new(BIO_s_file());
if ((in == NULL) || (BIO_read_filename(in,certfile) <= 0)) if ((in == NULL) || (BIO_read_filename(in, certfile) <= 0)) {
{
BIO_printf(bio_err, "error opening the file, %s\n", certfile); BIO_printf(bio_err, "error opening the file, %s\n", certfile);
goto end; goto end;
} }
@@ -330,11 +320,9 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
} }
/* scan over it and pull out the CRL's */ /* scan over it and pull out the CRL's */
while (sk_X509_INFO_num(sk)) while (sk_X509_INFO_num(sk)) {
{
xi = sk_X509_INFO_shift(sk); xi = sk_X509_INFO_shift(sk);
if (xi->x509 != NULL) if (xi->x509 != NULL) {
{
sk_X509_push(stack, xi->x509); sk_X509_push(stack, xi->x509);
xi->x509 = NULL; xi->x509 = NULL;
count++; count++;
@@ -345,8 +333,9 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
ret = count; ret = count;
end: end:
/* never need to OPENSSL_free x */ /* never need to OPENSSL_free x */
if (in != NULL) BIO_free(in); if (in != NULL)
if (sk != NULL) sk_X509_INFO_free(sk); BIO_free(in);
if (sk != NULL)
sk_X509_INFO_free(sk);
return (ret); return (ret);
} }

248
apps/dgst.c
View File

@@ -76,7 +76,8 @@
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title, EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
const char *file,BIO *bmd,const char *hmac_key, int non_fips_allow); const char *file, BIO *bmd, const char *hmac_key,
int non_fips_allow);
int MAIN(int, char **); int MAIN(int, char **);
@@ -111,8 +112,7 @@ int MAIN(int argc, char **argv)
apps_startup(); apps_startup();
ERR_load_crypto_strings(); ERR_load_crypto_strings();
if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL) if ((buf = (unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL) {
{
BIO_printf(bio_err, "out of memory\n"); BIO_printf(bio_err, "out of memory\n");
goto end; goto end;
} }
@@ -130,80 +130,69 @@ ERR_load_crypto_strings();
argc--; argc--;
argv++; argv++;
while (argc > 0) while (argc > 0) {
{ if ((*argv)[0] != '-')
if ((*argv)[0] != '-') break; break;
if (strcmp(*argv, "-c") == 0) if (strcmp(*argv, "-c") == 0)
separator = 1; separator = 1;
else if (strcmp(*argv,"-rand") == 0) else if (strcmp(*argv, "-rand") == 0) {
{ if (--argc < 1)
if (--argc < 1) break; break;
randfile = *(++argv); randfile = *(++argv);
} } else if (strcmp(*argv, "-out") == 0) {
else if (strcmp(*argv,"-out") == 0) if (--argc < 1)
{ break;
if (--argc < 1) break;
outfile = *(++argv); outfile = *(++argv);
} } else if (strcmp(*argv, "-sign") == 0) {
else if (strcmp(*argv,"-sign") == 0) if (--argc < 1)
{ break;
if (--argc < 1) break;
keyfile = *(++argv); keyfile = *(++argv);
} } else if (!strcmp(*argv, "-passin")) {
else if (!strcmp(*argv,"-passin"))
{
if (--argc < 1) if (--argc < 1)
break; break;
passargin = *++argv; passargin = *++argv;
} } else if (strcmp(*argv, "-verify") == 0) {
else if (strcmp(*argv,"-verify") == 0) if (--argc < 1)
{ break;
if (--argc < 1) break;
keyfile = *(++argv); keyfile = *(++argv);
want_pub = 1; want_pub = 1;
do_verify = 1; do_verify = 1;
} } else if (strcmp(*argv, "-prverify") == 0) {
else if (strcmp(*argv,"-prverify") == 0) if (--argc < 1)
{ break;
if (--argc < 1) break;
keyfile = *(++argv); keyfile = *(++argv);
do_verify = 1; do_verify = 1;
} } else if (strcmp(*argv, "-x931") == 0)
else if (strcmp(*argv,"-x931") == 0)
sig_flags = EVP_MD_CTX_FLAG_PAD_X931; sig_flags = EVP_MD_CTX_FLAG_PAD_X931;
else if (strcmp(*argv,"-pss_saltlen") == 0) else if (strcmp(*argv, "-pss_saltlen") == 0) {
{
int saltlen; int saltlen;
if (--argc < 1) break; if (--argc < 1)
break;
saltlen = atoi(*(++argv)); saltlen = atoi(*(++argv));
if (saltlen == -1) if (saltlen == -1)
sig_flags = EVP_MD_CTX_FLAG_PSS_MREC; sig_flags = EVP_MD_CTX_FLAG_PSS_MREC;
else if (saltlen == -2) else if (saltlen == -2)
sig_flags = EVP_MD_CTX_FLAG_PSS_MDLEN; sig_flags = EVP_MD_CTX_FLAG_PSS_MDLEN;
else if (saltlen < -2 || saltlen >= 0xFFFE) else if (saltlen < -2 || saltlen >= 0xFFFE) {
{
BIO_printf(bio_err, "Invalid PSS salt length %d\n", saltlen); BIO_printf(bio_err, "Invalid PSS salt length %d\n", saltlen);
goto end; goto end;
} } else
else
sig_flags = saltlen; sig_flags = saltlen;
sig_flags <<= 16; sig_flags <<= 16;
sig_flags |= EVP_MD_CTX_FLAG_PAD_PSS; sig_flags |= EVP_MD_CTX_FLAG_PAD_PSS;
} } else if (strcmp(*argv, "-signature") == 0) {
else if (strcmp(*argv,"-signature") == 0) if (--argc < 1)
{ break;
if (--argc < 1) break;
sigfile = *(++argv); sigfile = *(++argv);
} } else if (strcmp(*argv, "-keyform") == 0) {
else if (strcmp(*argv,"-keyform") == 0) if (--argc < 1)
{ break;
if (--argc < 1) break;
keyform = str2fmt(*(++argv)); keyform = str2fmt(*(++argv));
} }
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0) else if (strcmp(*argv, "-engine") == 0) {
{ if (--argc < 1)
if (--argc < 1) break; break;
engine = *(++argv); engine = *(++argv);
} }
#endif #endif
@@ -217,13 +206,11 @@ ERR_load_crypto_strings();
non_fips_allow = 1; non_fips_allow = 1;
else if (!strcmp(*argv, "-fips-fingerprint")) else if (!strcmp(*argv, "-fips-fingerprint"))
hmac_key = "etaonrishdlcupfm"; hmac_key = "etaonrishdlcupfm";
else if (!strcmp(*argv,"-hmac")) else if (!strcmp(*argv, "-hmac")) {
{
if (--argc < 1) if (--argc < 1)
break; break;
hmac_key = *++argv; hmac_key = *++argv;
} } else if ((m = EVP_get_digestbyname(&((*argv)[1]))) != NULL)
else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
md = m; md = m;
else else
break; break;
@@ -235,31 +222,38 @@ ERR_load_crypto_strings();
md = EVP_md5(); md = EVP_md5();
if (do_verify && !sigfile) { if (do_verify && !sigfile) {
BIO_printf(bio_err, "No signature to verify: use the -signature option\n"); BIO_printf(bio_err,
"No signature to verify: use the -signature option\n");
err = 1; err = 1;
goto end; goto end;
} }
if ((argc > 0) && (argv[0][0] == '-')) /* bad option */ if ((argc > 0) && (argv[0][0] == '-')) { /* bad option */
{
BIO_printf(bio_err, "unknown option '%s'\n", *argv); BIO_printf(bio_err, "unknown option '%s'\n", *argv);
BIO_printf(bio_err, "options are\n"); BIO_printf(bio_err, "options are\n");
BIO_printf(bio_err,"-c to output the digest with separating colons\n"); BIO_printf(bio_err,
"-c to output the digest with separating colons\n");
BIO_printf(bio_err, "-d to output debug info\n"); BIO_printf(bio_err, "-d to output debug info\n");
BIO_printf(bio_err, "-hex output as hex dump\n"); BIO_printf(bio_err, "-hex output as hex dump\n");
BIO_printf(bio_err, "-binary output in binary form\n"); BIO_printf(bio_err, "-binary output in binary form\n");
BIO_printf(bio_err,"-sign file sign digest using private key in file\n"); BIO_printf(bio_err,
BIO_printf(bio_err,"-verify file verify a signature using public key in file\n"); "-sign file sign digest using private key in file\n");
BIO_printf(bio_err,"-prverify file verify a signature using private key in file\n"); BIO_printf(bio_err,
BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGINE)\n"); "-verify file verify a signature using public key in file\n");
BIO_printf(bio_err,
"-prverify file verify a signature using private key in file\n");
BIO_printf(bio_err,
"-keyform arg key file format (PEM or ENGINE)\n");
BIO_printf(bio_err, "-signature file signature to verify\n"); BIO_printf(bio_err, "-signature file signature to verify\n");
BIO_printf(bio_err, "-binary output in binary form\n"); BIO_printf(bio_err, "-binary output in binary form\n");
BIO_printf(bio_err, "-hmac key create hashed MAC with key\n"); BIO_printf(bio_err, "-hmac key create hashed MAC with key\n");
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err,
"-engine e use engine e, possibly a hardware device.\n");
#endif #endif
BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm (default)\n", BIO_printf(bio_err,
"-%-14s to use the %s message digest algorithm (default)\n",
LN_md5, LN_md5); LN_md5, LN_md5);
BIO_printf(bio_err, "-%-14s to use the %s message digest algorithm\n", BIO_printf(bio_err, "-%-14s to use the %s message digest algorithm\n",
LN_md4, LN_md4); LN_md4, LN_md4);
@@ -290,35 +284,33 @@ ERR_load_crypto_strings();
err = 1; err = 1;
goto end; goto end;
} }
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0); e = setup_engine(bio_err, engine, 0);
#endif #endif
in = BIO_new(BIO_s_file()); in = BIO_new(BIO_s_file());
bmd = BIO_new(BIO_f_md()); bmd = BIO_new(BIO_f_md());
if (debug) if (debug) {
{
BIO_set_callback(in, BIO_debug_callback); BIO_set_callback(in, BIO_debug_callback);
/* needed for windows 3.1 */ /* needed for windows 3.1 */
BIO_set_callback_arg(in, (char *)bio_err); BIO_set_callback_arg(in, (char *)bio_err);
} }
if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
{
BIO_printf(bio_err, "Error getting password\n"); BIO_printf(bio_err, "Error getting password\n");
goto end; goto end;
} }
if ((in == NULL) || (bmd == NULL)) if ((in == NULL) || (bmd == NULL)) {
{
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
if (out_bin == -1) { if (out_bin == -1) {
if(keyfile) out_bin = 1; if (keyfile)
else out_bin = 0; out_bin = 1;
else
out_bin = 0;
} }
if (randfile) if (randfile)
@@ -327,7 +319,8 @@ ERR_load_crypto_strings();
if (outfile) { if (outfile) {
if (out_bin) if (out_bin)
out = BIO_new_file(outfile, "wb"); out = BIO_new_file(outfile, "wb");
else out = BIO_new_file(outfile, "w"); else
out = BIO_new_file(outfile, "w");
} else { } else {
out = BIO_new_fp(stdout, BIO_NOCLOSE); out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS #ifdef OPENSSL_SYS_VMS
@@ -345,18 +338,17 @@ ERR_load_crypto_strings();
goto end; goto end;
} }
if(keyfile) if (keyfile) {
{
if (want_pub) if (want_pub)
sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL, sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL,
e, "key file"); e, "key file");
else else
sigkey = load_key(bio_err, keyfile, keyform, 0, passin, sigkey = load_key(bio_err, keyfile, keyform, 0, passin,
e, "key file"); e, "key file");
if (!sigkey) if (!sigkey) {
{ /*
/* load_[pub]key() has already printed an appropriate * load_[pub]key() has already printed an appropriate message
message */ */
goto end; goto end;
} }
} }
@@ -367,38 +359,33 @@ ERR_load_crypto_strings();
siglen = EVP_PKEY_size(sigkey); siglen = EVP_PKEY_size(sigkey);
sigbuf = OPENSSL_malloc(siglen); sigbuf = OPENSSL_malloc(siglen);
if (!sigbio) { if (!sigbio) {
BIO_printf(bio_err, "Error opening signature file %s\n", BIO_printf(bio_err, "Error opening signature file %s\n", sigfile);
sigfile);
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
siglen = BIO_read(sigbio, sigbuf, siglen); siglen = BIO_read(sigbio, sigbuf, siglen);
BIO_free(sigbio); BIO_free(sigbio);
if (siglen <= 0) { if (siglen <= 0) {
BIO_printf(bio_err, "Error reading signature file %s\n", BIO_printf(bio_err, "Error reading signature file %s\n", sigfile);
sigfile);
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
} }
if (non_fips_allow) if (non_fips_allow) {
{
EVP_MD_CTX *md_ctx; EVP_MD_CTX *md_ctx;
BIO_get_md_ctx(bmd, &md_ctx); BIO_get_md_ctx(bmd, &md_ctx);
EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
} }
if (sig_flags) if (sig_flags) {
{
EVP_MD_CTX *md_ctx; EVP_MD_CTX *md_ctx;
BIO_get_md_ctx(bmd, &md_ctx); BIO_get_md_ctx(bmd, &md_ctx);
EVP_MD_CTX_set_flags(md_ctx, sig_flags); EVP_MD_CTX_set_flags(md_ctx, sig_flags);
} }
/* we use md as a filter, reading from 'in' */ /* we use md as a filter, reading from 'in' */
if (!BIO_set_md(bmd,md)) if (!BIO_set_md(bmd, md)) {
{
BIO_printf(bio_err, "Error setting digest %s\n", pname); BIO_printf(bio_err, "Error setting digest %s\n", pname);
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
@@ -406,35 +393,29 @@ ERR_load_crypto_strings();
inp = BIO_push(bmd, in); inp = BIO_push(bmd, in);
if (argc == 0) if (argc == 0) {
{
BIO_set_fp(in, stdin, BIO_NOCLOSE); BIO_set_fp(in, stdin, BIO_NOCLOSE);
err = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf, err = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
siglen, "", "(stdin)", bmd, hmac_key, non_fips_allow); siglen, "", "(stdin)", bmd, hmac_key, non_fips_allow);
} } else {
else
{
name = OBJ_nid2sn(md->type); name = OBJ_nid2sn(md->type);
err = 0; err = 0;
for (i=0; i<argc; i++) for (i = 0; i < argc; i++) {
{
char *tmp, *tofree = NULL; char *tmp, *tofree = NULL;
int r; int r;
if (BIO_read_filename(in,argv[i]) <= 0) if (BIO_read_filename(in, argv[i]) <= 0) {
{
perror(argv[i]); perror(argv[i]);
err++; err++;
continue; continue;
} }
if(!out_bin) if (!out_bin) {
{ size_t len =
size_t len = strlen(name)+strlen(argv[i])+(hmac_key ? 5 : 0)+5; strlen(name) + strlen(argv[i]) + (hmac_key ? 5 : 0) + 5;
tmp = tofree = OPENSSL_malloc(len); tmp = tofree = OPENSSL_malloc(len);
BIO_snprintf(tmp, len, "%s%s(%s)= ", BIO_snprintf(tmp, len, "%s%s(%s)= ",
hmac_key ? "HMAC-" : "", name, argv[i]); hmac_key ? "HMAC-" : "", name, argv[i]);
} } else
else
tmp = ""; tmp = "";
r = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf, r = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
siglen, tmp, argv[i], bmd, hmac_key, non_fips_allow); siglen, tmp, argv[i], bmd, hmac_key, non_fips_allow);
@@ -446,33 +427,35 @@ ERR_load_crypto_strings();
} }
} }
end: end:
if (buf != NULL) if (buf != NULL) {
{
OPENSSL_cleanse(buf, BUFSIZE); OPENSSL_cleanse(buf, BUFSIZE);
OPENSSL_free(buf); OPENSSL_free(buf);
} }
if (in != NULL) BIO_free(in); if (in != NULL)
BIO_free(in);
if (passin) if (passin)
OPENSSL_free(passin); OPENSSL_free(passin);
BIO_free_all(out); BIO_free_all(out);
EVP_PKEY_free(sigkey); EVP_PKEY_free(sigkey);
if(sigbuf) OPENSSL_free(sigbuf); if (sigbuf)
if (bmd != NULL) BIO_free(bmd); OPENSSL_free(sigbuf);
if (bmd != NULL)
BIO_free(bmd);
apps_shutdown(); apps_shutdown();
OPENSSL_EXIT(err); OPENSSL_EXIT(err);
} }
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title, EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
const char *file,BIO *bmd,const char *hmac_key,int non_fips_allow) const char *file, BIO *bmd, const char *hmac_key,
int non_fips_allow)
{ {
unsigned int len; unsigned int len;
int i; int i;
EVP_MD_CTX *md_ctx; EVP_MD_CTX *md_ctx;
HMAC_CTX hmac_ctx; HMAC_CTX hmac_ctx;
if (hmac_key) if (hmac_key) {
{
EVP_MD *md; EVP_MD *md;
BIO_get_md(bmd, &md); BIO_get_md(bmd, &md);
@@ -481,72 +464,59 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
BIO_get_md_ctx(bmd, &md_ctx); BIO_get_md_ctx(bmd, &md_ctx);
BIO_set_md_ctx(bmd, &hmac_ctx.md_ctx); BIO_set_md_ctx(bmd, &hmac_ctx.md_ctx);
} }
for (;;) for (;;) {
{
i = BIO_read(bp, (char *)buf, BUFSIZE); i = BIO_read(bp, (char *)buf, BUFSIZE);
if(i < 0) if (i < 0) {
{
BIO_printf(bio_err, "Read Error in %s\n", file); BIO_printf(bio_err, "Read Error in %s\n", file);
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
return 1; return 1;
} }
if (i == 0) break; if (i == 0)
break;
} }
if(sigin) if (sigin) {
{
EVP_MD_CTX *ctx; EVP_MD_CTX *ctx;
BIO_get_md_ctx(bp, &ctx); BIO_get_md_ctx(bp, &ctx);
i = EVP_VerifyFinal(ctx, sigin, (unsigned int)siglen, key); i = EVP_VerifyFinal(ctx, sigin, (unsigned int)siglen, key);
if (i > 0) if (i > 0)
BIO_printf(out, "Verified OK\n"); BIO_printf(out, "Verified OK\n");
else if(i == 0) else if (i == 0) {
{
BIO_printf(out, "Verification Failure\n"); BIO_printf(out, "Verification Failure\n");
return 1; return 1;
} } else {
else
{
BIO_printf(bio_err, "Error Verifying Data\n"); BIO_printf(bio_err, "Error Verifying Data\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
return 1; return 1;
} }
return 0; return 0;
} }
if(key) if (key) {
{
EVP_MD_CTX *ctx; EVP_MD_CTX *ctx;
BIO_get_md_ctx(bp, &ctx); BIO_get_md_ctx(bp, &ctx);
if(!EVP_SignFinal(ctx, buf, (unsigned int *)&len, key)) if (!EVP_SignFinal(ctx, buf, (unsigned int *)&len, key)) {
{
BIO_printf(bio_err, "Error Signing Data\n"); BIO_printf(bio_err, "Error Signing Data\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
return 1; return 1;
} }
} } else if (hmac_key) {
else if(hmac_key)
{
HMAC_Final(&hmac_ctx, buf, &len); HMAC_Final(&hmac_ctx, buf, &len);
HMAC_CTX_cleanup(&hmac_ctx); HMAC_CTX_cleanup(&hmac_ctx);
} } else
else
len = BIO_gets(bp, (char *)buf, BUFSIZE); len = BIO_gets(bp, (char *)buf, BUFSIZE);
if(binout) BIO_write(out, buf, len); if (binout)
else BIO_write(out, buf, len);
{ else {
BIO_write(out, title, strlen(title)); BIO_write(out, title, strlen(title));
for (i=0; i<(int)len; i++) for (i = 0; i < (int)len; i++) {
{
if (sep && (i != 0)) if (sep && (i != 0))
BIO_printf(out, ":"); BIO_printf(out, ":");
BIO_printf(out, "%02x", buf[i]); BIO_printf(out, "%02x", buf[i]);
} }
BIO_printf(out, "\n"); BIO_printf(out, "\n");
} }
if (hmac_key) if (hmac_key) {
{
BIO_set_md_ctx(bmd, md_ctx); BIO_set_md_ctx(bmd, md_ctx);
} }
return 0; return 0;
} }

121
apps/dh.c
View File

@@ -118,32 +118,28 @@ int MAIN(int argc, char **argv)
prog = argv[0]; prog = argv[0];
argc--; argc--;
argv++; argv++;
while (argc >= 1) while (argc >= 1) {
{ if (strcmp(*argv, "-inform") == 0) {
if (strcmp(*argv,"-inform") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
informat = str2fmt(*(++argv)); informat = str2fmt(*(++argv));
} } else if (strcmp(*argv, "-outform") == 0) {
else if (strcmp(*argv,"-outform") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
outformat = str2fmt(*(++argv)); outformat = str2fmt(*(++argv));
} } else if (strcmp(*argv, "-in") == 0) {
else if (strcmp(*argv,"-in") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
infile = *(++argv); infile = *(++argv);
} } else if (strcmp(*argv, "-out") == 0) {
else if (strcmp(*argv,"-out") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
outfile = *(++argv); outfile = *(++argv);
} }
# ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0) else if (strcmp(*argv, "-engine") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
engine = *(++argv); engine = *(++argv);
} }
# endif # endif
@@ -155,8 +151,7 @@ int MAIN(int argc, char **argv)
C = 1; C = 1;
else if (strcmp(*argv, "-noout") == 0) else if (strcmp(*argv, "-noout") == 0)
noout = 1; noout = 1;
else else {
{
BIO_printf(bio_err, "unknown option %s\n", *argv); BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1; badops = 1;
break; break;
@@ -165,21 +160,23 @@ int MAIN(int argc, char **argv)
argv++; argv++;
} }
if (badops) if (badops) {
{
bad: bad:
BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog); BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
BIO_printf(bio_err, "where options are\n"); BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, " -inform arg input format - one of DER PEM\n"); BIO_printf(bio_err, " -inform arg input format - one of DER PEM\n");
BIO_printf(bio_err," -outform arg output format - one of DER PEM\n"); BIO_printf(bio_err,
" -outform arg output format - one of DER PEM\n");
BIO_printf(bio_err, " -in arg input file\n"); BIO_printf(bio_err, " -in arg input file\n");
BIO_printf(bio_err, " -out arg output file\n"); BIO_printf(bio_err, " -out arg output file\n");
BIO_printf(bio_err, " -check check the DH parameters\n"); BIO_printf(bio_err, " -check check the DH parameters\n");
BIO_printf(bio_err," -text print a text form of the DH parameters\n"); BIO_printf(bio_err,
" -text print a text form of the DH parameters\n");
BIO_printf(bio_err, " -C Output C code\n"); BIO_printf(bio_err, " -C Output C code\n");
BIO_printf(bio_err, " -noout no output\n"); BIO_printf(bio_err, " -noout no output\n");
# ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err,
" -engine e use engine e, possibly a hardware device.\n");
# endif # endif
goto end; goto end;
} }
@@ -192,24 +189,20 @@ bad:
in = BIO_new(BIO_s_file()); in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL)) if ((in == NULL) || (out == NULL)) {
{
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
if (infile == NULL) if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE); BIO_set_fp(in, stdin, BIO_NOCLOSE);
else else {
{ if (BIO_read_filename(in, infile) <= 0) {
if (BIO_read_filename(in,infile) <= 0)
{
perror(infile); perror(infile);
goto end; goto end;
} }
} }
if (outfile == NULL) if (outfile == NULL) {
{
BIO_set_fp(out, stdout, BIO_NOCLOSE); BIO_set_fp(out, stdout, BIO_NOCLOSE);
# ifdef OPENSSL_SYS_VMS # ifdef OPENSSL_SYS_VMS
{ {
@@ -217,11 +210,8 @@ bad:
out = BIO_push(tmpbio, out); out = BIO_push(tmpbio, out);
} }
# endif # endif
} } else {
else if (BIO_write_filename(out, outfile) <= 0) {
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile); perror(outfile);
goto end; goto end;
} }
@@ -231,22 +221,17 @@ bad:
dh = d2i_DHparams_bio(in, NULL); dh = d2i_DHparams_bio(in, NULL);
else if (informat == FORMAT_PEM) else if (informat == FORMAT_PEM)
dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL); dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
else else {
{
BIO_printf(bio_err, "bad input format specified\n"); BIO_printf(bio_err, "bad input format specified\n");
goto end; goto end;
} }
if (dh == NULL) if (dh == NULL) {
{
BIO_printf(bio_err, "unable to load DH parameters\n"); BIO_printf(bio_err, "unable to load DH parameters\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
if (text) {
if (text)
{
DHparams_print(out, dh); DHparams_print(out, dh);
# ifdef undef # ifdef undef
printf("p="); printf("p=");
@@ -259,10 +244,8 @@ bad:
# endif # endif
} }
if (check) if (check) {
{ if (!DH_check(dh, &i)) {
if (!DH_check(dh,&i))
{
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
@@ -277,33 +260,31 @@ bad:
if (i == 0) if (i == 0)
printf("DH parameters appear to be ok.\n"); printf("DH parameters appear to be ok.\n");
} }
if (C) if (C) {
{
unsigned char *data; unsigned char *data;
int len, l, bits; int len, l, bits;
len = BN_num_bytes(dh->p); len = BN_num_bytes(dh->p);
bits = BN_num_bits(dh->p); bits = BN_num_bits(dh->p);
data = (unsigned char *)OPENSSL_malloc(len); data = (unsigned char *)OPENSSL_malloc(len);
if (data == NULL) if (data == NULL) {
{
perror("OPENSSL_malloc"); perror("OPENSSL_malloc");
goto end; goto end;
} }
l = BN_bn2bin(dh->p, data); l = BN_bn2bin(dh->p, data);
printf("static unsigned char dh%d_p[]={", bits); printf("static unsigned char dh%d_p[]={", bits);
for (i=0; i<l; i++) for (i = 0; i < l; i++) {
{ if ((i % 12) == 0)
if ((i%12) == 0) printf("\n\t"); printf("\n\t");
printf("0x%02X,", data[i]); printf("0x%02X,", data[i]);
} }
printf("\n\t};\n"); printf("\n\t};\n");
l = BN_bn2bin(dh->g, data); l = BN_bn2bin(dh->g, data);
printf("static unsigned char dh%d_g[]={", bits); printf("static unsigned char dh%d_g[]={", bits);
for (i=0; i<l; i++) for (i = 0; i < l; i++) {
{ if ((i % 12) == 0)
if ((i%12) == 0) printf("\n\t"); printf("\n\t");
printf("0x%02X,", data[i]); printf("0x%02X,", data[i]);
} }
printf("\n\t};\n\n"); printf("\n\t};\n\n");
@@ -321,9 +302,7 @@ bad:
OPENSSL_free(data); OPENSSL_free(data);
} }
if (!noout) {
if (!noout)
{
if (outformat == FORMAT_ASN1) if (outformat == FORMAT_ASN1)
i = i2d_DHparams_bio(out, dh); i = i2d_DHparams_bio(out, dh);
else if (outformat == FORMAT_PEM) else if (outformat == FORMAT_PEM)
@@ -332,8 +311,7 @@ bad:
BIO_printf(bio_err, "bad output format specified for outfile\n"); BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end; goto end;
} }
if (!i) if (!i) {
{
BIO_printf(bio_err, "unable to write DH parameters\n"); BIO_printf(bio_err, "unable to write DH parameters\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
@@ -341,9 +319,12 @@ bad:
} }
ret = 0; ret = 0;
end: end:
if (in != NULL) BIO_free(in); if (in != NULL)
if (out != NULL) BIO_free_all(out); BIO_free(in);
if (dh != NULL) DH_free(dh); if (out != NULL)
BIO_free_all(out);
if (dh != NULL)
DH_free(dh);
apps_shutdown(); apps_shutdown();
OPENSSL_EXIT(ret); OPENSSL_EXIT(ret);
} }

221
apps/dhparam.c
View File

@@ -181,32 +181,28 @@ int MAIN(int argc, char **argv)
prog = argv[0]; prog = argv[0];
argc--; argc--;
argv++; argv++;
while (argc >= 1) while (argc >= 1) {
{ if (strcmp(*argv, "-inform") == 0) {
if (strcmp(*argv,"-inform") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
informat = str2fmt(*(++argv)); informat = str2fmt(*(++argv));
} } else if (strcmp(*argv, "-outform") == 0) {
else if (strcmp(*argv,"-outform") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
outformat = str2fmt(*(++argv)); outformat = str2fmt(*(++argv));
} } else if (strcmp(*argv, "-in") == 0) {
else if (strcmp(*argv,"-in") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
infile = *(++argv); infile = *(++argv);
} } else if (strcmp(*argv, "-out") == 0) {
else if (strcmp(*argv,"-out") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
outfile = *(++argv); outfile = *(++argv);
} }
# ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0) else if (strcmp(*argv, "-engine") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
engine = *(++argv); engine = *(++argv);
} }
# endif # endif
@@ -226,40 +222,47 @@ int MAIN(int argc, char **argv)
g = 2; g = 2;
else if (strcmp(*argv, "-5") == 0) else if (strcmp(*argv, "-5") == 0)
g = 5; g = 5;
else if (strcmp(*argv,"-rand") == 0) else if (strcmp(*argv, "-rand") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
inrand = *(++argv); inrand = *(++argv);
} } else if (((sscanf(*argv, "%d", &num) == 0) || (num <= 0)))
else if (((sscanf(*argv,"%d",&num) == 0) || (num <= 0)))
goto bad; goto bad;
argv++; argv++;
argc--; argc--;
} }
if (badops) if (badops) {
{
bad: bad:
BIO_printf(bio_err, "%s [options] [numbits]\n", prog); BIO_printf(bio_err, "%s [options] [numbits]\n", prog);
BIO_printf(bio_err, "where options are\n"); BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, " -inform arg input format - one of DER PEM\n"); BIO_printf(bio_err, " -inform arg input format - one of DER PEM\n");
BIO_printf(bio_err," -outform arg output format - one of DER PEM\n"); BIO_printf(bio_err,
" -outform arg output format - one of DER PEM\n");
BIO_printf(bio_err, " -in arg input file\n"); BIO_printf(bio_err, " -in arg input file\n");
BIO_printf(bio_err, " -out arg output file\n"); BIO_printf(bio_err, " -out arg output file\n");
# ifndef OPENSSL_NO_DSA # ifndef OPENSSL_NO_DSA
BIO_printf(bio_err," -dsaparam read or generate DSA parameters, convert to DH\n"); BIO_printf(bio_err,
" -dsaparam read or generate DSA parameters, convert to DH\n");
# endif # endif
BIO_printf(bio_err, " -check check the DH parameters\n"); BIO_printf(bio_err, " -check check the DH parameters\n");
BIO_printf(bio_err," -text print a text form of the DH parameters\n"); BIO_printf(bio_err,
" -text print a text form of the DH parameters\n");
BIO_printf(bio_err, " -C Output C code\n"); BIO_printf(bio_err, " -C Output C code\n");
BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n"); BIO_printf(bio_err,
BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n"); " -2 generate parameters using 2 as the generator value\n");
BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n"); BIO_printf(bio_err,
" -5 generate parameters using 5 as the generator value\n");
BIO_printf(bio_err,
" numbits number of bits in to generate (default 512)\n");
# ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err,
" -engine e use engine e, possibly a hardware device.\n");
# endif # endif
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); LIST_SEPARATOR_CHAR);
BIO_printf(bio_err,
" - load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n"); BIO_printf(bio_err, " the random number generator\n");
BIO_printf(bio_err, " -noout no output\n"); BIO_printf(bio_err, " -noout no output\n");
goto end; goto end;
@@ -275,15 +278,13 @@ bad:
num = DEFBITS; num = DEFBITS;
# ifndef OPENSSL_NO_DSA # ifndef OPENSSL_NO_DSA
if (dsaparam) if (dsaparam) {
{ if (g) {
if (g) BIO_printf(bio_err,
{ "generator may not be chosen for DSA parameters\n");
BIO_printf(bio_err, "generator may not be chosen for DSA parameters\n");
goto end; goto end;
} }
} } else
else
# endif # endif
{ {
/* DH parameters */ /* DH parameters */
@@ -295,44 +296,44 @@ bad:
BN_GENCB cb; BN_GENCB cb;
BN_GENCB_set(&cb, dh_cb, bio_err); BN_GENCB_set(&cb, dh_cb, bio_err);
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) {
{ BIO_printf(bio_err,
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); "warning, not much extra random data, consider using the -rand option\n");
} }
if (inrand != NULL) if (inrand != NULL)
BIO_printf(bio_err, "%ld semi-random bytes loaded\n", BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand)); app_RAND_load_files(inrand));
# ifndef OPENSSL_NO_DSA # ifndef OPENSSL_NO_DSA
if (dsaparam) if (dsaparam) {
{
DSA *dsa = DSA_new(); DSA *dsa = DSA_new();
BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num); BIO_printf(bio_err,
if(!dsa || !DSA_generate_parameters_ex(dsa, num, "Generating DSA parameters, %d bit long prime\n", num);
NULL, 0, NULL, NULL, &cb)) if (!dsa
{ || !DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL,
if(dsa) DSA_free(dsa); &cb)) {
if (dsa)
DSA_free(dsa);
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
dh = DSA_dup_DH(dsa); dh = DSA_dup_DH(dsa);
DSA_free(dsa); DSA_free(dsa);
if (dh == NULL) if (dh == NULL) {
{
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
} } else
else
# endif # endif
{ {
dh = DH_new(); dh = DH_new();
BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g); BIO_printf(bio_err,
"Generating DH parameters, %d bit long safe prime, generator %d\n",
num, g);
BIO_printf(bio_err, "This is going to take a long time\n"); BIO_printf(bio_err, "This is going to take a long time\n");
if(!dh || !DH_generate_parameters_ex(dh, num, g, &cb)) if (!dh || !DH_generate_parameters_ex(dh, num, g, &cb)) {
{
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
@@ -342,31 +343,25 @@ bad:
} else { } else {
in = BIO_new(BIO_s_file()); in = BIO_new(BIO_s_file());
if (in == NULL) if (in == NULL) {
{
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
if (infile == NULL) if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE); BIO_set_fp(in, stdin, BIO_NOCLOSE);
else else {
{ if (BIO_read_filename(in, infile) <= 0) {
if (BIO_read_filename(in,infile) <= 0)
{
perror(infile); perror(infile);
goto end; goto end;
} }
} }
if (informat != FORMAT_ASN1 && informat != FORMAT_PEM) if (informat != FORMAT_ASN1 && informat != FORMAT_PEM) {
{
BIO_printf(bio_err, "bad input format specified\n"); BIO_printf(bio_err, "bad input format specified\n");
goto end; goto end;
} }
# ifndef OPENSSL_NO_DSA # ifndef OPENSSL_NO_DSA
if (dsaparam) if (dsaparam) {
{
DSA *dsa; DSA *dsa;
if (informat == FORMAT_ASN1) if (informat == FORMAT_ASN1)
@@ -374,8 +369,7 @@ bad:
else /* informat == FORMAT_PEM */ else /* informat == FORMAT_PEM */
dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL); dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL);
if (dsa == NULL) if (dsa == NULL) {
{
BIO_printf(bio_err, "unable to load DSA parameters\n"); BIO_printf(bio_err, "unable to load DSA parameters\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
@@ -383,13 +377,11 @@ bad:
dh = DSA_dup_DH(dsa); dh = DSA_dup_DH(dsa);
DSA_free(dsa); DSA_free(dsa);
if (dh == NULL) if (dh == NULL) {
{
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
} } else
else
# endif # endif
{ {
if (informat == FORMAT_ASN1) if (informat == FORMAT_ASN1)
@@ -397,8 +389,7 @@ bad:
else /* informat == FORMAT_PEM */ else /* informat == FORMAT_PEM */
dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL); dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
if (dh == NULL) if (dh == NULL) {
{
BIO_printf(bio_err, "unable to load DH parameters\n"); BIO_printf(bio_err, "unable to load DH parameters\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
@@ -409,13 +400,11 @@ bad:
} }
out = BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file());
if (out == NULL) if (out == NULL) {
{
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
if (outfile == NULL) if (outfile == NULL) {
{
BIO_set_fp(out, stdout, BIO_NOCLOSE); BIO_set_fp(out, stdout, BIO_NOCLOSE);
# ifdef OPENSSL_SYS_VMS # ifdef OPENSSL_SYS_VMS
{ {
@@ -423,26 +412,19 @@ bad:
out = BIO_push(tmpbio, out); out = BIO_push(tmpbio, out);
} }
# endif # endif
} } else {
else if (BIO_write_filename(out, outfile) <= 0) {
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile); perror(outfile);
goto end; goto end;
} }
} }
if (text) {
if (text)
{
DHparams_print(out, dh); DHparams_print(out, dh);
} }
if (check) if (check) {
{ if (!DH_check(dh, &i)) {
if (!DH_check(dh,&i))
{
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
@@ -457,38 +439,35 @@ bad:
if (i == 0) if (i == 0)
printf("DH parameters appear to be ok.\n"); printf("DH parameters appear to be ok.\n");
} }
if (C) if (C) {
{
unsigned char *data; unsigned char *data;
int len, l, bits; int len, l, bits;
len = BN_num_bytes(dh->p); len = BN_num_bytes(dh->p);
bits = BN_num_bits(dh->p); bits = BN_num_bits(dh->p);
data = (unsigned char *)OPENSSL_malloc(len); data = (unsigned char *)OPENSSL_malloc(len);
if (data == NULL) if (data == NULL) {
{
perror("OPENSSL_malloc"); perror("OPENSSL_malloc");
goto end; goto end;
} }
printf("#ifndef HEADER_DH_H\n" printf("#ifndef HEADER_DH_H\n"
"#include <openssl/dh.h>\n" "#include <openssl/dh.h>\n" "#endif\n");
"#endif\n");
printf("DH *get_dh%d()\n\t{\n", bits); printf("DH *get_dh%d()\n\t{\n", bits);
l = BN_bn2bin(dh->p, data); l = BN_bn2bin(dh->p, data);
printf("\tstatic unsigned char dh%d_p[]={", bits); printf("\tstatic unsigned char dh%d_p[]={", bits);
for (i=0; i<l; i++) for (i = 0; i < l; i++) {
{ if ((i % 12) == 0)
if ((i%12) == 0) printf("\n\t\t"); printf("\n\t\t");
printf("0x%02X,", data[i]); printf("0x%02X,", data[i]);
} }
printf("\n\t\t};\n"); printf("\n\t\t};\n");
l = BN_bn2bin(dh->g, data); l = BN_bn2bin(dh->g, data);
printf("\tstatic unsigned char dh%d_g[]={", bits); printf("\tstatic unsigned char dh%d_g[]={", bits);
for (i=0; i<l; i++) for (i = 0; i < l; i++) {
{ if ((i % 12) == 0)
if ((i%12) == 0) printf("\n\t\t"); printf("\n\t\t");
printf("0x%02X,", data[i]); printf("0x%02X,", data[i]);
} }
printf("\n\t\t};\n"); printf("\n\t\t};\n");
@@ -507,9 +486,7 @@ bad:
OPENSSL_free(data); OPENSSL_free(data);
} }
if (!noout) {
if (!noout)
{
if (outformat == FORMAT_ASN1) if (outformat == FORMAT_ASN1)
i = i2d_DHparams_bio(out, dh); i = i2d_DHparams_bio(out, dh);
else if (outformat == FORMAT_PEM) else if (outformat == FORMAT_PEM)
@@ -518,8 +495,7 @@ bad:
BIO_printf(bio_err, "bad output format specified for outfile\n"); BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end; goto end;
} }
if (!i) if (!i) {
{
BIO_printf(bio_err, "unable to write DH parameters\n"); BIO_printf(bio_err, "unable to write DH parameters\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
@@ -527,9 +503,12 @@ bad:
} }
ret = 0; ret = 0;
end: end:
if (in != NULL) BIO_free(in); if (in != NULL)
if (out != NULL) BIO_free_all(out); BIO_free(in);
if (dh != NULL) DH_free(dh); if (out != NULL)
BIO_free_all(out);
if (dh != NULL)
DH_free(dh);
apps_shutdown(); apps_shutdown();
OPENSSL_EXIT(ret); OPENSSL_EXIT(ret);
} }
@@ -539,10 +518,14 @@ static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)
{ {
char c = '*'; char c = '*';
if (p == 0) c='.'; if (p == 0)
if (p == 1) c='+'; c = '.';
if (p == 2) c='*'; if (p == 1)
if (p == 3) c='\n'; c = '+';
if (p == 2)
c = '*';
if (p == 3)
c = '\n';
BIO_write(cb->arg, &c, 1); BIO_write(cb->arg, &c, 1);
(void)BIO_flush(cb->arg); (void)BIO_flush(cb->arg);
# ifdef LINT # ifdef LINT

138
apps/dsa.c
View File

@@ -133,42 +133,36 @@ int MAIN(int argc, char **argv)
prog = argv[0]; prog = argv[0];
argc--; argc--;
argv++; argv++;
while (argc >= 1) while (argc >= 1) {
{ if (strcmp(*argv, "-inform") == 0) {
if (strcmp(*argv,"-inform") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
informat = str2fmt(*(++argv)); informat = str2fmt(*(++argv));
} } else if (strcmp(*argv, "-outform") == 0) {
else if (strcmp(*argv,"-outform") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
outformat = str2fmt(*(++argv)); outformat = str2fmt(*(++argv));
} } else if (strcmp(*argv, "-in") == 0) {
else if (strcmp(*argv,"-in") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
infile = *(++argv); infile = *(++argv);
} } else if (strcmp(*argv, "-out") == 0) {
else if (strcmp(*argv,"-out") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
outfile = *(++argv); outfile = *(++argv);
} } else if (strcmp(*argv, "-passin") == 0) {
else if (strcmp(*argv,"-passin") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
passargin = *(++argv); passargin = *(++argv);
} } else if (strcmp(*argv, "-passout") == 0) {
else if (strcmp(*argv,"-passout") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
passargout = *(++argv); passargout = *(++argv);
} }
# ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0) else if (strcmp(*argv, "-engine") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
engine = *(++argv); engine = *(++argv);
} }
# endif # endif
@@ -182,8 +176,7 @@ int MAIN(int argc, char **argv)
pubin = 1; pubin = 1;
else if (strcmp(*argv, "-pubout") == 0) else if (strcmp(*argv, "-pubout") == 0)
pubout = 1; pubout = 1;
else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL) else if ((enc = EVP_get_cipherbyname(&(argv[0][1]))) == NULL) {
{
BIO_printf(bio_err, "unknown option %s\n", *argv); BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1; badops = 1;
break; break;
@@ -192,35 +185,43 @@ int MAIN(int argc, char **argv)
argv++; argv++;
} }
if (badops) if (badops) {
{
bad: bad:
BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog); BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
BIO_printf(bio_err, "where options are\n"); BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, " -inform arg input format - DER or PEM\n"); BIO_printf(bio_err, " -inform arg input format - DER or PEM\n");
BIO_printf(bio_err, " -outform arg output format - DER or PEM\n"); BIO_printf(bio_err, " -outform arg output format - DER or PEM\n");
BIO_printf(bio_err, " -in arg input file\n"); BIO_printf(bio_err, " -in arg input file\n");
BIO_printf(bio_err," -passin arg input file pass phrase source\n"); BIO_printf(bio_err,
" -passin arg input file pass phrase source\n");
BIO_printf(bio_err, " -out arg output file\n"); BIO_printf(bio_err, " -out arg output file\n");
BIO_printf(bio_err," -passout arg output file pass phrase source\n"); BIO_printf(bio_err,
" -passout arg output file pass phrase source\n");
# ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err,
" -engine e use engine e, possibly a hardware device.\n");
# endif # endif
BIO_printf(bio_err," -des encrypt PEM output with cbc des\n"); BIO_printf(bio_err,
BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); " -des encrypt PEM output with cbc des\n");
BIO_printf(bio_err,
" -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
# ifndef OPENSSL_NO_IDEA # ifndef OPENSSL_NO_IDEA
BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n"); BIO_printf(bio_err,
" -idea encrypt PEM output with cbc idea\n");
# endif # endif
# ifndef OPENSSL_NO_AES # ifndef OPENSSL_NO_AES
BIO_printf(bio_err, " -aes128, -aes192, -aes256\n"); BIO_printf(bio_err, " -aes128, -aes192, -aes256\n");
BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); BIO_printf(bio_err,
" encrypt PEM output with cbc aes\n");
# endif # endif
# ifndef OPENSSL_NO_CAMELLIA # ifndef OPENSSL_NO_CAMELLIA
BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n"); BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n");
BIO_printf(bio_err," encrypt PEM output with cbc camellia\n"); BIO_printf(bio_err,
" encrypt PEM output with cbc camellia\n");
# endif # endif
# ifndef OPENSSL_NO_SEED # ifndef OPENSSL_NO_SEED
BIO_printf(bio_err," -seed encrypt PEM output with cbc seed\n"); BIO_printf(bio_err,
" -seed encrypt PEM output with cbc seed\n");
# endif # endif
BIO_printf(bio_err, " -text print the key in text\n"); BIO_printf(bio_err, " -text print the key in text\n");
BIO_printf(bio_err, " -noout don't print key out\n"); BIO_printf(bio_err, " -noout don't print key out\n");
@@ -240,8 +241,7 @@ bad:
} }
out = BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file());
if (out == NULL) if (out == NULL) {
{
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
@@ -260,15 +260,13 @@ bad:
dsa = pkey == NULL ? NULL : EVP_PKEY_get1_DSA(pkey); dsa = pkey == NULL ? NULL : EVP_PKEY_get1_DSA(pkey);
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
} }
if (dsa == NULL) if (dsa == NULL) {
{
BIO_printf(bio_err, "unable to load Key\n"); BIO_printf(bio_err, "unable to load Key\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
if (outfile == NULL) if (outfile == NULL) {
{
BIO_set_fp(out, stdout, BIO_NOCLOSE); BIO_set_fp(out, stdout, BIO_NOCLOSE);
# ifdef OPENSSL_SYS_VMS # ifdef OPENSSL_SYS_VMS
{ {
@@ -276,58 +274,60 @@ bad:
out = BIO_push(tmpbio, out); out = BIO_push(tmpbio, out);
} }
# endif # endif
} } else {
else if (BIO_write_filename(out, outfile) <= 0) {
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile); perror(outfile);
goto end; goto end;
} }
} }
if (text) if (text)
if (!DSA_print(out,dsa,0)) if (!DSA_print(out, dsa, 0)) {
{
perror(outfile); perror(outfile);
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
if (modulus) if (modulus) {
{
fprintf(stdout, "Public Key="); fprintf(stdout, "Public Key=");
BN_print(out, dsa->pub_key); BN_print(out, dsa->pub_key);
fprintf(stdout, "\n"); fprintf(stdout, "\n");
} }
if (noout) goto end; if (noout)
goto end;
BIO_printf(bio_err, "writing DSA key\n"); BIO_printf(bio_err, "writing DSA key\n");
if (outformat == FORMAT_ASN1) { if (outformat == FORMAT_ASN1) {
if(pubin || pubout) i=i2d_DSA_PUBKEY_bio(out,dsa); if (pubin || pubout)
else i=i2d_DSAPrivateKey_bio(out,dsa); i = i2d_DSA_PUBKEY_bio(out, dsa);
else
i = i2d_DSAPrivateKey_bio(out, dsa);
} else if (outformat == FORMAT_PEM) { } else if (outformat == FORMAT_PEM) {
if (pubin || pubout) if (pubin || pubout)
i = PEM_write_bio_DSA_PUBKEY(out, dsa); i = PEM_write_bio_DSA_PUBKEY(out, dsa);
else i=PEM_write_bio_DSAPrivateKey(out,dsa,enc, else
i = PEM_write_bio_DSAPrivateKey(out, dsa, enc,
NULL, 0, NULL, passout); NULL, 0, NULL, passout);
} else { } else {
BIO_printf(bio_err, "bad output format specified for outfile\n"); BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end; goto end;
} }
if (!i) if (!i) {
{
BIO_printf(bio_err, "unable to write private key\n"); BIO_printf(bio_err, "unable to write private key\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
} } else
else
ret = 0; ret = 0;
end: end:
if(in != NULL) BIO_free(in); if (in != NULL)
if(out != NULL) BIO_free_all(out); BIO_free(in);
if(dsa != NULL) DSA_free(dsa); if (out != NULL)
if(passin) OPENSSL_free(passin); BIO_free_all(out);
if(passout) OPENSSL_free(passout); if (dsa != NULL)
DSA_free(dsa);
if (passin)
OPENSSL_free(passin);
if (passout)
OPENSSL_free(passout);
apps_shutdown(); apps_shutdown();
OPENSSL_EXIT(ret); OPENSSL_EXIT(ret);
} }

208
apps/dsaparam.c
View File

@@ -57,8 +57,10 @@
*/ */
#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */ #include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */
/* Until the key-gen callbacks are modified to use newer prototypes, we allow /*
* deprecated functions for openssl-internal code */ * Until the key-gen callbacks are modified to use newer prototypes, we allow
* deprecated functions for openssl-internal code
*/
#ifdef OPENSSL_NO_DEPRECATED #ifdef OPENSSL_NO_DEPRECATED
# undef OPENSSL_NO_DEPRECATED # undef OPENSSL_NO_DEPRECATED
#endif #endif
@@ -143,39 +145,35 @@ int MAIN(int argc, char **argv)
prog = argv[0]; prog = argv[0];
argc--; argc--;
argv++; argv++;
while (argc >= 1) while (argc >= 1) {
{ if (strcmp(*argv, "-inform") == 0) {
if (strcmp(*argv,"-inform") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
informat = str2fmt(*(++argv)); informat = str2fmt(*(++argv));
} } else if (strcmp(*argv, "-outform") == 0) {
else if (strcmp(*argv,"-outform") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
outformat = str2fmt(*(++argv)); outformat = str2fmt(*(++argv));
} } else if (strcmp(*argv, "-in") == 0) {
else if (strcmp(*argv,"-in") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
infile = *(++argv); infile = *(++argv);
} } else if (strcmp(*argv, "-out") == 0) {
else if (strcmp(*argv,"-out") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
outfile = *(++argv); outfile = *(++argv);
} }
# ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
else if(strcmp(*argv, "-engine") == 0) else if (strcmp(*argv, "-engine") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
engine = *(++argv); engine = *(++argv);
} }
# endif # endif
# ifdef GENCB_TEST # ifdef GENCB_TEST
else if(strcmp(*argv, "-timebomb") == 0) else if (strcmp(*argv, "-timebomb") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
timebomb = atoi(*(++argv)); timebomb = atoi(*(++argv));
} }
# endif # endif
@@ -183,27 +181,21 @@ int MAIN(int argc, char **argv)
text = 1; text = 1;
else if (strcmp(*argv, "-C") == 0) else if (strcmp(*argv, "-C") == 0)
C = 1; C = 1;
else if (strcmp(*argv,"-genkey") == 0) else if (strcmp(*argv, "-genkey") == 0) {
{
genkey = 1; genkey = 1;
need_rand = 1; need_rand = 1;
} } else if (strcmp(*argv, "-rand") == 0) {
else if (strcmp(*argv,"-rand") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
inrand = *(++argv); inrand = *(++argv);
need_rand = 1; need_rand = 1;
} } else if (strcmp(*argv, "-noout") == 0)
else if (strcmp(*argv,"-noout") == 0)
noout = 1; noout = 1;
else if (sscanf(*argv,"%d",&num) == 1) else if (sscanf(*argv, "%d", &num) == 1) {
{
/* generate a key */ /* generate a key */
numbits = num; numbits = num;
need_rand = 1; need_rand = 1;
} } else {
else
{
BIO_printf(bio_err, "unknown option %s\n", *argv); BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1; badops = 1;
break; break;
@@ -212,8 +204,7 @@ int MAIN(int argc, char **argv)
argv++; argv++;
} }
if (badops) if (badops) {
{
bad: bad:
BIO_printf(bio_err, "%s [options] [bits] <infile >outfile\n", prog); BIO_printf(bio_err, "%s [options] [bits] <infile >outfile\n", prog);
BIO_printf(bio_err, "where options are\n"); BIO_printf(bio_err, "where options are\n");
@@ -225,14 +216,18 @@ bad:
BIO_printf(bio_err, " -C Output C code\n"); BIO_printf(bio_err, " -C Output C code\n");
BIO_printf(bio_err, " -noout no output\n"); BIO_printf(bio_err, " -noout no output\n");
BIO_printf(bio_err, " -genkey generate a DSA key\n"); BIO_printf(bio_err, " -genkey generate a DSA key\n");
BIO_printf(bio_err," -rand files to use for random number input\n"); BIO_printf(bio_err,
" -rand files to use for random number input\n");
# ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err,
" -engine e use engine e, possibly a hardware device.\n");
# endif # endif
# ifdef GENCB_TEST # ifdef GENCB_TEST
BIO_printf(bio_err," -timebomb n interrupt keygen after <n> seconds\n"); BIO_printf(bio_err,
" -timebomb n interrupt keygen after <n> seconds\n");
# endif # endif
BIO_printf(bio_err," number number of bits to use for generating private key\n"); BIO_printf(bio_err,
" number number of bits to use for generating private key\n");
goto end; goto end;
} }
@@ -240,24 +235,20 @@ bad:
in = BIO_new(BIO_s_file()); in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL)) if ((in == NULL) || (out == NULL)) {
{
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
if (infile == NULL) if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE); BIO_set_fp(in, stdin, BIO_NOCLOSE);
else else {
{ if (BIO_read_filename(in, infile) <= 0) {
if (BIO_read_filename(in,infile) <= 0)
{
perror(infile); perror(infile);
goto end; goto end;
} }
} }
if (outfile == NULL) if (outfile == NULL) {
{
BIO_set_fp(out, stdout, BIO_NOCLOSE); BIO_set_fp(out, stdout, BIO_NOCLOSE);
# ifdef OPENSSL_SYS_VMS # ifdef OPENSSL_SYS_VMS
{ {
@@ -265,11 +256,8 @@ bad:
out = BIO_push(tmpbio, out); out = BIO_push(tmpbio, out);
} }
# endif # endif
} } else {
else if (BIO_write_filename(out, outfile) <= 0) {
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile); perror(outfile);
goto end; goto end;
} }
@@ -279,48 +267,43 @@ bad:
setup_engine(bio_err, engine, 0); setup_engine(bio_err, engine, 0);
# endif # endif
if (need_rand) if (need_rand) {
{
app_RAND_load_file(NULL, bio_err, (inrand != NULL)); app_RAND_load_file(NULL, bio_err, (inrand != NULL));
if (inrand != NULL) if (inrand != NULL)
BIO_printf(bio_err, "%ld semi-random bytes loaded\n", BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand)); app_RAND_load_files(inrand));
} }
if (numbits > 0) if (numbits > 0) {
{
BN_GENCB cb; BN_GENCB cb;
BN_GENCB_set(&cb, dsa_cb, bio_err); BN_GENCB_set(&cb, dsa_cb, bio_err);
assert(need_rand); assert(need_rand);
dsa = DSA_new(); dsa = DSA_new();
if(!dsa) if (!dsa) {
{
BIO_printf(bio_err, "Error allocating DSA object\n"); BIO_printf(bio_err, "Error allocating DSA object\n");
goto end; goto end;
} }
BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num); BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n",
num);
BIO_printf(bio_err, "This could take some time\n"); BIO_printf(bio_err, "This could take some time\n");
# ifdef GENCB_TEST # ifdef GENCB_TEST
if(timebomb > 0) if (timebomb > 0) {
{
struct sigaction act; struct sigaction act;
act.sa_handler = timebomb_sigalarm; act.sa_handler = timebomb_sigalarm;
act.sa_flags = 0; act.sa_flags = 0;
BIO_printf(bio_err,"(though I'll stop it if not done within %d secs)\n", BIO_printf(bio_err,
"(though I'll stop it if not done within %d secs)\n",
timebomb); timebomb);
if(sigaction(SIGALRM, &act, NULL) != 0) if (sigaction(SIGALRM, &act, NULL) != 0) {
{
BIO_printf(bio_err, "Error, couldn't set SIGALRM handler\n"); BIO_printf(bio_err, "Error, couldn't set SIGALRM handler\n");
goto end; goto end;
} }
alarm(timebomb); alarm(timebomb);
} }
# endif # endif
if(!DSA_generate_parameters_ex(dsa,num,NULL,0,NULL,NULL, &cb)) if (!DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL, &cb)) {
{
# ifdef GENCB_TEST # ifdef GENCB_TEST
if(stop_keygen_flag) if (stop_keygen_flag) {
{
BIO_printf(bio_err, "DSA key generation time-stopped\n"); BIO_printf(bio_err, "DSA key generation time-stopped\n");
/* This is an asked-for behaviour! */ /* This is an asked-for behaviour! */
ret = 0; ret = 0;
@@ -330,64 +313,58 @@ bad:
BIO_printf(bio_err, "Error, DSA key generation failed\n"); BIO_printf(bio_err, "Error, DSA key generation failed\n");
goto end; goto end;
} }
} } else if (informat == FORMAT_ASN1)
else if (informat == FORMAT_ASN1)
dsa = d2i_DSAparams_bio(in, NULL); dsa = d2i_DSAparams_bio(in, NULL);
else if (informat == FORMAT_PEM) else if (informat == FORMAT_PEM)
dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL); dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL);
else else {
{
BIO_printf(bio_err, "bad input format specified\n"); BIO_printf(bio_err, "bad input format specified\n");
goto end; goto end;
} }
if (dsa == NULL) if (dsa == NULL) {
{
BIO_printf(bio_err, "unable to load DSA parameters\n"); BIO_printf(bio_err, "unable to load DSA parameters\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
if (text) if (text) {
{
DSAparams_print(out, dsa); DSAparams_print(out, dsa);
} }
if (C) if (C) {
{
unsigned char *data; unsigned char *data;
int l, len, bits_p; int l, len, bits_p;
len = BN_num_bytes(dsa->p); len = BN_num_bytes(dsa->p);
bits_p = BN_num_bits(dsa->p); bits_p = BN_num_bits(dsa->p);
data = (unsigned char *)OPENSSL_malloc(len + 20); data = (unsigned char *)OPENSSL_malloc(len + 20);
if (data == NULL) if (data == NULL) {
{
perror("OPENSSL_malloc"); perror("OPENSSL_malloc");
goto end; goto end;
} }
l = BN_bn2bin(dsa->p, data); l = BN_bn2bin(dsa->p, data);
printf("static unsigned char dsa%d_p[]={", bits_p); printf("static unsigned char dsa%d_p[]={", bits_p);
for (i=0; i<l; i++) for (i = 0; i < l; i++) {
{ if ((i % 12) == 0)
if ((i%12) == 0) printf("\n\t"); printf("\n\t");
printf("0x%02X,", data[i]); printf("0x%02X,", data[i]);
} }
printf("\n\t};\n"); printf("\n\t};\n");
l = BN_bn2bin(dsa->q, data); l = BN_bn2bin(dsa->q, data);
printf("static unsigned char dsa%d_q[]={", bits_p); printf("static unsigned char dsa%d_q[]={", bits_p);
for (i=0; i<l; i++) for (i = 0; i < l; i++) {
{ if ((i % 12) == 0)
if ((i%12) == 0) printf("\n\t"); printf("\n\t");
printf("0x%02X,", data[i]); printf("0x%02X,", data[i]);
} }
printf("\n\t};\n"); printf("\n\t};\n");
l = BN_bn2bin(dsa->g, data); l = BN_bn2bin(dsa->g, data);
printf("static unsigned char dsa%d_g[]={", bits_p); printf("static unsigned char dsa%d_g[]={", bits_p);
for (i=0; i<l; i++) for (i = 0; i < l; i++) {
{ if ((i % 12) == 0)
if ((i%12) == 0) printf("\n\t"); printf("\n\t");
printf("0x%02X,", data[i]); printf("0x%02X,", data[i]);
} }
printf("\n\t};\n\n"); printf("\n\t};\n\n");
@@ -401,14 +378,13 @@ bad:
bits_p, bits_p); bits_p, bits_p);
printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n", printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n",
bits_p, bits_p); bits_p, bits_p);
printf("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n"); printf
("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n");
printf("\t\t{ DSA_free(dsa); return(NULL); }\n"); printf("\t\t{ DSA_free(dsa); return(NULL); }\n");
printf("\treturn(dsa);\n\t}\n"); printf("\treturn(dsa);\n\t}\n");
} }
if (!noout) {
if (!noout)
{
if (outformat == FORMAT_ASN1) if (outformat == FORMAT_ASN1)
i = i2d_DSAparams_bio(out, dsa); i = i2d_DSAparams_bio(out, dsa);
else if (outformat == FORMAT_PEM) else if (outformat == FORMAT_PEM)
@@ -417,24 +393,25 @@ bad:
BIO_printf(bio_err, "bad output format specified for outfile\n"); BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end; goto end;
} }
if (!i) if (!i) {
{
BIO_printf(bio_err, "unable to write DSA parameters\n"); BIO_printf(bio_err, "unable to write DSA parameters\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
} }
if (genkey) if (genkey) {
{
DSA *dsakey; DSA *dsakey;
assert(need_rand); assert(need_rand);
if ((dsakey=DSAparams_dup(dsa)) == NULL) goto end; if ((dsakey = DSAparams_dup(dsa)) == NULL)
if (!DSA_generate_key(dsakey)) goto end; goto end;
if (!DSA_generate_key(dsakey))
goto end;
if (outformat == FORMAT_ASN1) if (outformat == FORMAT_ASN1)
i = i2d_DSAPrivateKey_bio(out, dsakey); i = i2d_DSAPrivateKey_bio(out, dsakey);
else if (outformat == FORMAT_PEM) else if (outformat == FORMAT_PEM)
i=PEM_write_bio_DSAPrivateKey(out,dsakey,NULL,NULL,0,NULL,NULL); i = PEM_write_bio_DSAPrivateKey(out, dsakey, NULL, NULL, 0, NULL,
NULL);
else { else {
BIO_printf(bio_err, "bad output format specified for outfile\n"); BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end; goto end;
@@ -445,9 +422,12 @@ bad:
app_RAND_write_file(NULL, bio_err); app_RAND_write_file(NULL, bio_err);
ret = 0; ret = 0;
end: end:
if (in != NULL) BIO_free(in); if (in != NULL)
if (out != NULL) BIO_free_all(out); BIO_free(in);
if (dsa != NULL) DSA_free(dsa); if (out != NULL)
BIO_free_all(out);
if (dsa != NULL)
DSA_free(dsa);
apps_shutdown(); apps_shutdown();
OPENSSL_EXIT(ret); OPENSSL_EXIT(ret);
} }
@@ -456,10 +436,14 @@ static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb)
{ {
char c = '*'; char c = '*';
if (p == 0) c='.'; if (p == 0)
if (p == 1) c='+'; c = '.';
if (p == 2) c='*'; if (p == 1)
if (p == 3) c='\n'; c = '+';
if (p == 2)
c = '*';
if (p == 3)
c = '\n';
BIO_write(cb->arg, &c, 1); BIO_write(cb->arg, &c, 1);
(void)BIO_flush(cb->arg); (void)BIO_flush(cb->arg);
# ifdef LINT # ifdef LINT

144
apps/ec.c
View File

@@ -120,49 +120,40 @@ int MAIN(int argc, char **argv)
prog = argv[0]; prog = argv[0];
argc--; argc--;
argv++; argv++;
while (argc >= 1) while (argc >= 1) {
{ if (strcmp(*argv, "-inform") == 0) {
if (strcmp(*argv,"-inform") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
informat = str2fmt(*(++argv)); informat = str2fmt(*(++argv));
} } else if (strcmp(*argv, "-outform") == 0) {
else if (strcmp(*argv,"-outform") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
outformat = str2fmt(*(++argv)); outformat = str2fmt(*(++argv));
} } else if (strcmp(*argv, "-in") == 0) {
else if (strcmp(*argv,"-in") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
infile = *(++argv); infile = *(++argv);
} } else if (strcmp(*argv, "-out") == 0) {
else if (strcmp(*argv,"-out") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
outfile = *(++argv); outfile = *(++argv);
} } else if (strcmp(*argv, "-passin") == 0) {
else if (strcmp(*argv,"-passin") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
passargin = *(++argv); passargin = *(++argv);
} } else if (strcmp(*argv, "-passout") == 0) {
else if (strcmp(*argv,"-passout") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
passargout = *(++argv); passargout = *(++argv);
} } else if (strcmp(*argv, "-engine") == 0) {
else if (strcmp(*argv, "-engine") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
engine = *(++argv); engine = *(++argv);
} } else if (strcmp(*argv, "-noout") == 0)
else if (strcmp(*argv, "-noout") == 0)
noout = 1; noout = 1;
else if (strcmp(*argv, "-text") == 0) else if (strcmp(*argv, "-text") == 0)
text = 1; text = 1;
else if (strcmp(*argv, "-conv_form") == 0) else if (strcmp(*argv, "-conv_form") == 0) {
{
if (--argc < 1) if (--argc < 1)
goto bad; goto bad;
++argv; ++argv;
@@ -175,9 +166,7 @@ int MAIN(int argc, char **argv)
form = POINT_CONVERSION_HYBRID; form = POINT_CONVERSION_HYBRID;
else else
goto bad; goto bad;
} } else if (strcmp(*argv, "-param_enc") == 0) {
else if (strcmp(*argv, "-param_enc") == 0)
{
if (--argc < 1) if (--argc < 1)
goto bad; goto bad;
++argv; ++argv;
@@ -188,15 +177,13 @@ int MAIN(int argc, char **argv)
asn1_flag = 0; asn1_flag = 0;
else else
goto bad; goto bad;
} } else if (strcmp(*argv, "-param_out") == 0)
else if (strcmp(*argv, "-param_out") == 0)
param_out = 1; param_out = 1;
else if (strcmp(*argv, "-pubin") == 0) else if (strcmp(*argv, "-pubin") == 0)
pubin = 1; pubin = 1;
else if (strcmp(*argv, "-pubout") == 0) else if (strcmp(*argv, "-pubout") == 0)
pubout = 1; pubout = 1;
else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL) else if ((enc = EVP_get_cipherbyname(&(argv[0][1]))) == NULL) {
{
BIO_printf(bio_err, "unknown option %s\n", *argv); BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1; badops = 1;
break; break;
@@ -205,8 +192,7 @@ int MAIN(int argc, char **argv)
argv++; argv++;
} }
if (badops) if (badops) {
{
bad: bad:
BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog); BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
BIO_printf(bio_err, "where options are\n"); BIO_printf(bio_err, "where options are\n");
@@ -236,12 +222,10 @@ bad:
" compressed\n"); " compressed\n");
BIO_printf(bio_err, " " BIO_printf(bio_err, " "
" uncompressed (default)\n"); " uncompressed (default)\n");
BIO_printf(bio_err, " " BIO_printf(bio_err, " " " hybrid\n");
" hybrid\n");
BIO_printf(bio_err, " -param_enc arg specifies the way" BIO_printf(bio_err, " -param_enc arg specifies the way"
" the ec parameters are encoded\n"); " the ec parameters are encoded\n");
BIO_printf(bio_err, " in the asn1 der " BIO_printf(bio_err, " in the asn1 der " "encoding\n");
"encoding\n");
BIO_printf(bio_err, " possible values:" BIO_printf(bio_err, " possible values:"
" named_curve (default)\n"); " named_curve (default)\n");
BIO_printf(bio_err, " " BIO_printf(bio_err, " "
@@ -255,62 +239,49 @@ bad:
setup_engine(bio_err, engine, 0); setup_engine(bio_err, engine, 0);
# endif # endif
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
{
BIO_printf(bio_err, "Error getting passwords\n"); BIO_printf(bio_err, "Error getting passwords\n");
goto end; goto end;
} }
in = BIO_new(BIO_s_file()); in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL)) if ((in == NULL) || (out == NULL)) {
{
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
if (infile == NULL) if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE); BIO_set_fp(in, stdin, BIO_NOCLOSE);
else else {
{ if (BIO_read_filename(in, infile) <= 0) {
if (BIO_read_filename(in, infile) <= 0)
{
perror(infile); perror(infile);
goto end; goto end;
} }
} }
BIO_printf(bio_err, "read EC key\n"); BIO_printf(bio_err, "read EC key\n");
if (informat == FORMAT_ASN1) if (informat == FORMAT_ASN1) {
{
if (pubin) if (pubin)
eckey = d2i_EC_PUBKEY_bio(in, NULL); eckey = d2i_EC_PUBKEY_bio(in, NULL);
else else
eckey = d2i_ECPrivateKey_bio(in, NULL); eckey = d2i_ECPrivateKey_bio(in, NULL);
} } else if (informat == FORMAT_PEM) {
else if (informat == FORMAT_PEM)
{
if (pubin) if (pubin)
eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, NULL);
NULL);
else else
eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL, eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL, passin);
passin); } else {
}
else
{
BIO_printf(bio_err, "bad input format specified for key\n"); BIO_printf(bio_err, "bad input format specified for key\n");
goto end; goto end;
} }
if (eckey == NULL) if (eckey == NULL) {
{
BIO_printf(bio_err, "unable to load Key\n"); BIO_printf(bio_err, "unable to load Key\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
if (outfile == NULL) if (outfile == NULL) {
{
BIO_set_fp(out, stdout, BIO_NOCLOSE); BIO_set_fp(out, stdout, BIO_NOCLOSE);
# ifdef OPENSSL_SYS_VMS # ifdef OPENSSL_SYS_VMS
{ {
@@ -318,11 +289,8 @@ bad:
out = BIO_push(tmpbio, out); out = BIO_push(tmpbio, out);
} }
# endif # endif
} } else {
else if (BIO_write_filename(out, outfile) <= 0) {
{
if (BIO_write_filename(out, outfile) <= 0)
{
perror(outfile); perror(outfile);
goto end; goto end;
} }
@@ -337,31 +305,26 @@ bad:
EC_KEY_set_asn1_flag(eckey, asn1_flag); EC_KEY_set_asn1_flag(eckey, asn1_flag);
if (text) if (text)
if (!EC_KEY_print(out, eckey, 0)) if (!EC_KEY_print(out, eckey, 0)) {
{
perror(outfile); perror(outfile);
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
if (noout) if (noout) {
{
ret = 0; ret = 0;
goto end; goto end;
} }
BIO_printf(bio_err, "writing EC key\n"); BIO_printf(bio_err, "writing EC key\n");
if (outformat == FORMAT_ASN1) if (outformat == FORMAT_ASN1) {
{
if (param_out) if (param_out)
i = i2d_ECPKParameters_bio(out, group); i = i2d_ECPKParameters_bio(out, group);
else if (pubin || pubout) else if (pubin || pubout)
i = i2d_EC_PUBKEY_bio(out, eckey); i = i2d_EC_PUBKEY_bio(out, eckey);
else else
i = i2d_ECPrivateKey_bio(out, eckey); i = i2d_ECPrivateKey_bio(out, eckey);
} } else if (outformat == FORMAT_PEM) {
else if (outformat == FORMAT_PEM)
{
if (param_out) if (param_out)
i = PEM_write_bio_ECPKParameters(out, group); i = PEM_write_bio_ECPKParameters(out, group);
else if (pubin || pubout) else if (pubin || pubout)
@@ -369,20 +332,15 @@ bad:
else else
i = PEM_write_bio_ECPrivateKey(out, eckey, enc, i = PEM_write_bio_ECPrivateKey(out, eckey, enc,
NULL, 0, NULL, passout); NULL, 0, NULL, passout);
} } else {
else BIO_printf(bio_err, "bad output format specified for " "outfile\n");
{
BIO_printf(bio_err, "bad output format specified for "
"outfile\n");
goto end; goto end;
} }
if (!i) if (!i) {
{
BIO_printf(bio_err, "unable to write private key\n"); BIO_printf(bio_err, "unable to write private key\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
} } else
else
ret = 0; ret = 0;
end: end:
if (in) if (in)

243
apps/ecparam.c
View File

@@ -112,8 +112,8 @@
* -engine e - use engine e, possibly a hardware device * -engine e - use engine e, possibly a hardware device
*/ */
static int ecparam_print_var(BIO *, BIGNUM *, const char *, int,
static int ecparam_print_var(BIO *,BIGNUM *,const char *,int,unsigned char *); unsigned char *);
int MAIN(int, char **); int MAIN(int, char **);
@@ -151,44 +151,36 @@ int MAIN(int argc, char **argv)
prog = argv[0]; prog = argv[0];
argc--; argc--;
argv++; argv++;
while (argc >= 1) while (argc >= 1) {
{ if (strcmp(*argv, "-inform") == 0) {
if (strcmp(*argv,"-inform") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
informat = str2fmt(*(++argv)); informat = str2fmt(*(++argv));
} } else if (strcmp(*argv, "-outform") == 0) {
else if (strcmp(*argv,"-outform") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
outformat = str2fmt(*(++argv)); outformat = str2fmt(*(++argv));
} } else if (strcmp(*argv, "-in") == 0) {
else if (strcmp(*argv,"-in") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
infile = *(++argv); infile = *(++argv);
} } else if (strcmp(*argv, "-out") == 0) {
else if (strcmp(*argv,"-out") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
outfile = *(++argv); outfile = *(++argv);
} } else if (strcmp(*argv, "-text") == 0)
else if (strcmp(*argv,"-text") == 0)
text = 1; text = 1;
else if (strcmp(*argv, "-C") == 0) else if (strcmp(*argv, "-C") == 0)
C = 1; C = 1;
else if (strcmp(*argv, "-check") == 0) else if (strcmp(*argv, "-check") == 0)
check = 1; check = 1;
else if (strcmp (*argv, "-name") == 0) else if (strcmp(*argv, "-name") == 0) {
{
if (--argc < 1) if (--argc < 1)
goto bad; goto bad;
curve_name = *(++argv); curve_name = *(++argv);
} } else if (strcmp(*argv, "-list_curves") == 0)
else if (strcmp(*argv, "-list_curves") == 0)
list_curves = 1; list_curves = 1;
else if (strcmp(*argv, "-conv_form") == 0) else if (strcmp(*argv, "-conv_form") == 0) {
{
if (--argc < 1) if (--argc < 1)
goto bad; goto bad;
++argv; ++argv;
@@ -201,9 +193,7 @@ int MAIN(int argc, char **argv)
form = POINT_CONVERSION_HYBRID; form = POINT_CONVERSION_HYBRID;
else else
goto bad; goto bad;
} } else if (strcmp(*argv, "-param_enc") == 0) {
else if (strcmp(*argv, "-param_enc") == 0)
{
if (--argc < 1) if (--argc < 1)
goto bad; goto bad;
++argv; ++argv;
@@ -214,29 +204,23 @@ int MAIN(int argc, char **argv)
asn1_flag = 0; asn1_flag = 0;
else else
goto bad; goto bad;
} } else if (strcmp(*argv, "-no_seed") == 0)
else if (strcmp(*argv, "-no_seed") == 0)
no_seed = 1; no_seed = 1;
else if (strcmp(*argv, "-noout") == 0) else if (strcmp(*argv, "-noout") == 0)
noout = 1; noout = 1;
else if (strcmp(*argv,"-genkey") == 0) else if (strcmp(*argv, "-genkey") == 0) {
{
genkey = 1; genkey = 1;
need_rand = 1; need_rand = 1;
} } else if (strcmp(*argv, "-rand") == 0) {
else if (strcmp(*argv, "-rand") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
inrand = *(++argv); inrand = *(++argv);
need_rand = 1; need_rand = 1;
} } else if (strcmp(*argv, "-engine") == 0) {
else if(strcmp(*argv, "-engine") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
engine = *(++argv); engine = *(++argv);
} } else {
else
{
BIO_printf(bio_err, "unknown option %s\n", *argv); BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1; badops = 1;
break; break;
@@ -245,8 +229,7 @@ int MAIN(int argc, char **argv)
argv++; argv++;
} }
if (badops) if (badops) {
{
bad: bad:
BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog); BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
BIO_printf(bio_err, "where options are\n"); BIO_printf(bio_err, "where options are\n");
@@ -287,10 +270,8 @@ bad:
BIO_printf(bio_err, " " BIO_printf(bio_err, " "
" explicit\n"); " explicit\n");
BIO_printf(bio_err, " -no_seed if 'explicit'" BIO_printf(bio_err, " -no_seed if 'explicit'"
" parameters are choosen do not" " parameters are choosen do not" " use the seed\n");
" use the seed\n"); BIO_printf(bio_err, " -genkey generate ec" " key\n");
BIO_printf(bio_err, " -genkey generate ec"
" key\n");
BIO_printf(bio_err, " -rand file files to use for" BIO_printf(bio_err, " -rand file files to use for"
" random number input\n"); " random number input\n");
BIO_printf(bio_err, " -engine e use engine e, " BIO_printf(bio_err, " -engine e use engine e, "
@@ -302,24 +283,20 @@ bad:
in = BIO_new(BIO_s_file()); in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL)) if ((in == NULL) || (out == NULL)) {
{
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
if (infile == NULL) if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE); BIO_set_fp(in, stdin, BIO_NOCLOSE);
else else {
{ if (BIO_read_filename(in, infile) <= 0) {
if (BIO_read_filename(in,infile) <= 0)
{
perror(infile); perror(infile);
goto end; goto end;
} }
} }
if (outfile == NULL) if (outfile == NULL) {
{
BIO_set_fp(out, stdout, BIO_NOCLOSE); BIO_set_fp(out, stdout, BIO_NOCLOSE);
# ifdef OPENSSL_SYS_VMS # ifdef OPENSSL_SYS_VMS
{ {
@@ -327,11 +304,8 @@ bad:
out = BIO_push(tmpbio, out); out = BIO_push(tmpbio, out);
} }
# endif # endif
} } else {
else if (BIO_write_filename(out, outfile) <= 0) {
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile); perror(outfile);
goto end; goto end;
} }
@@ -341,8 +315,7 @@ bad:
setup_engine(bio_err, engine, 0); setup_engine(bio_err, engine, 0);
# endif # endif
if (list_curves) if (list_curves) {
{
EC_builtin_curve *curves = NULL; EC_builtin_curve *curves = NULL;
size_t crv_len = 0; size_t crv_len = 0;
size_t n = 0; size_t n = 0;
@@ -354,15 +327,12 @@ bad:
if (curves == NULL) if (curves == NULL)
goto end; goto end;
if (!EC_get_builtin_curves(curves, crv_len)) if (!EC_get_builtin_curves(curves, crv_len)) {
{
OPENSSL_free(curves); OPENSSL_free(curves);
goto end; goto end;
} }
for (n = 0; n < crv_len; n++) {
for (n = 0; n < crv_len; n++)
{
const char *comment; const char *comment;
const char *sname; const char *sname;
comment = curves[n].comment; comment = curves[n].comment;
@@ -381,64 +351,48 @@ bad:
goto end; goto end;
} }
if (curve_name != NULL) if (curve_name != NULL) {
{
int nid; int nid;
/* workaround for the SECG curve names secp192r1 /*
* and secp256r1 (which are the same as the curves * workaround for the SECG curve names secp192r1 and secp256r1 (which
* prime192v1 and prime256v1 defined in X9.62) * are the same as the curves prime192v1 and prime256v1 defined in
* X9.62)
*/ */
if (!strcmp(curve_name, "secp192r1")) if (!strcmp(curve_name, "secp192r1")) {
{
BIO_printf(bio_err, "using curve name prime192v1 " BIO_printf(bio_err, "using curve name prime192v1 "
"instead of secp192r1\n"); "instead of secp192r1\n");
nid = NID_X9_62_prime192v1; nid = NID_X9_62_prime192v1;
} } else if (!strcmp(curve_name, "secp256r1")) {
else if (!strcmp(curve_name, "secp256r1"))
{
BIO_printf(bio_err, "using curve name prime256v1 " BIO_printf(bio_err, "using curve name prime256v1 "
"instead of secp256r1\n"); "instead of secp256r1\n");
nid = NID_X9_62_prime256v1; nid = NID_X9_62_prime256v1;
} } else
else
nid = OBJ_sn2nid(curve_name); nid = OBJ_sn2nid(curve_name);
if (nid == 0) if (nid == 0) {
{ BIO_printf(bio_err, "unknown curve name (%s)\n", curve_name);
BIO_printf(bio_err, "unknown curve name (%s)\n",
curve_name);
goto end; goto end;
} }
group = EC_GROUP_new_by_curve_name(nid); group = EC_GROUP_new_by_curve_name(nid);
if (group == NULL) if (group == NULL) {
{ BIO_printf(bio_err, "unable to create curve (%s)\n", curve_name);
BIO_printf(bio_err, "unable to create curve (%s)\n",
curve_name);
goto end; goto end;
} }
EC_GROUP_set_asn1_flag(group, asn1_flag); EC_GROUP_set_asn1_flag(group, asn1_flag);
EC_GROUP_set_point_conversion_form(group, form); EC_GROUP_set_point_conversion_form(group, form);
} } else if (informat == FORMAT_ASN1) {
else if (informat == FORMAT_ASN1)
{
group = d2i_ECPKParameters_bio(in, NULL); group = d2i_ECPKParameters_bio(in, NULL);
} } else if (informat == FORMAT_PEM) {
else if (informat == FORMAT_PEM)
{
group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL); group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL);
} } else {
else
{
BIO_printf(bio_err, "bad input format specified\n"); BIO_printf(bio_err, "bad input format specified\n");
goto end; goto end;
} }
if (group == NULL) if (group == NULL) {
{ BIO_printf(bio_err, "unable to load elliptic curve parameters\n");
BIO_printf(bio_err,
"unable to load elliptic curve parameters\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
@@ -449,34 +403,28 @@ bad:
if (new_asn1_flag) if (new_asn1_flag)
EC_GROUP_set_asn1_flag(group, asn1_flag); EC_GROUP_set_asn1_flag(group, asn1_flag);
if (no_seed) if (no_seed) {
{
EC_GROUP_set_seed(group, NULL, 0); EC_GROUP_set_seed(group, NULL, 0);
} }
if (text) if (text) {
{
if (!ECPKParameters_print(out, group, 0)) if (!ECPKParameters_print(out, group, 0))
goto end; goto end;
} }
if (check) if (check) {
{
if (group == NULL) if (group == NULL)
BIO_printf(bio_err, "no elliptic curve parameters\n"); BIO_printf(bio_err, "no elliptic curve parameters\n");
BIO_printf(bio_err, "checking elliptic curve parameters: "); BIO_printf(bio_err, "checking elliptic curve parameters: ");
if (!EC_GROUP_check(group, NULL)) if (!EC_GROUP_check(group, NULL)) {
{
BIO_printf(bio_err, "failed\n"); BIO_printf(bio_err, "failed\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
} } else
else
BIO_printf(bio_err, "ok\n"); BIO_printf(bio_err, "ok\n");
} }
if (C) if (C) {
{
size_t buf_len = 0, tmp_len = 0; size_t buf_len = 0, tmp_len = 0;
const EC_POINT *point; const EC_POINT *point;
int is_prime, len = 0; int is_prime, len = 0;
@@ -485,23 +433,17 @@ bad:
if ((ec_p = BN_new()) == NULL || (ec_a = BN_new()) == NULL || if ((ec_p = BN_new()) == NULL || (ec_a = BN_new()) == NULL ||
(ec_b = BN_new()) == NULL || (ec_gen = BN_new()) == NULL || (ec_b = BN_new()) == NULL || (ec_gen = BN_new()) == NULL ||
(ec_order = BN_new()) == NULL || (ec_order = BN_new()) == NULL ||
(ec_cofactor = BN_new()) == NULL ) (ec_cofactor = BN_new()) == NULL) {
{
perror("OPENSSL_malloc"); perror("OPENSSL_malloc");
goto end; goto end;
} }
is_prime = (EC_METHOD_get_field_type(meth) == is_prime = (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field);
NID_X9_62_prime_field);
if (is_prime) if (is_prime) {
{ if (!EC_GROUP_get_curve_GFp(group, ec_p, ec_a, ec_b, NULL))
if (!EC_GROUP_get_curve_GFp(group, ec_p, ec_a,
ec_b, NULL))
goto end; goto end;
} } else {
else
{
/* TODO */ /* TODO */
goto end; goto end;
} }
@@ -509,16 +451,15 @@ bad:
if ((point = EC_GROUP_get0_generator(group)) == NULL) if ((point = EC_GROUP_get0_generator(group)) == NULL)
goto end; goto end;
if (!EC_POINT_point2bn(group, point, if (!EC_POINT_point2bn(group, point,
EC_GROUP_get_point_conversion_form(group), ec_gen, EC_GROUP_get_point_conversion_form(group),
NULL)) ec_gen, NULL))
goto end; goto end;
if (!EC_GROUP_get_order(group, ec_order, NULL)) if (!EC_GROUP_get_order(group, ec_order, NULL))
goto end; goto end;
if (!EC_GROUP_get_cofactor(group, ec_cofactor, NULL)) if (!EC_GROUP_get_cofactor(group, ec_cofactor, NULL))
goto end; goto end;
if (!ec_p || !ec_a || !ec_b || !ec_gen || if (!ec_p || !ec_a || !ec_b || !ec_gen || !ec_order || !ec_cofactor)
!ec_order || !ec_cofactor)
goto end; goto end;
len = BN_num_bits(ec_order); len = BN_num_bits(ec_order);
@@ -538,8 +479,7 @@ bad:
buffer = (unsigned char *)OPENSSL_malloc(buf_len); buffer = (unsigned char *)OPENSSL_malloc(buf_len);
if (buffer == NULL) if (buffer == NULL) {
{
perror("OPENSSL_malloc"); perror("OPENSSL_malloc");
goto end; goto end;
} }
@@ -549,8 +489,7 @@ bad:
ecparam_print_var(out, ec_b, "ec_b", len, buffer); ecparam_print_var(out, ec_b, "ec_b", len, buffer);
ecparam_print_var(out, ec_gen, "ec_gen", len, buffer); ecparam_print_var(out, ec_gen, "ec_gen", len, buffer);
ecparam_print_var(out, ec_order, "ec_order", len, buffer); ecparam_print_var(out, ec_order, "ec_order", len, buffer);
ecparam_print_var(out, ec_cofactor, "ec_cofactor", len, ecparam_print_var(out, ec_cofactor, "ec_cofactor", len, buffer);
buffer);
BIO_printf(out, "\n\n"); BIO_printf(out, "\n\n");
@@ -569,14 +508,11 @@ bad:
BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_b_%d, " BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_b_%d, "
"sizeof(ec_b_%d), NULL)) == NULL)\n\t\t" "sizeof(ec_b_%d), NULL)) == NULL)\n\t\t"
"goto err;\n", len, len); "goto err;\n", len, len);
if (is_prime) if (is_prime) {
{
BIO_printf(out, "\tif ((group = EC_GROUP_new_curve_" BIO_printf(out, "\tif ((group = EC_GROUP_new_curve_"
"GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)" "GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)"
"\n\t\tgoto err;\n\n"); "\n\t\tgoto err;\n\n");
} } else {
else
{
/* TODO */ /* TODO */
goto end; goto end;
} }
@@ -609,20 +545,17 @@ bad:
BIO_printf(out, "\treturn(group);\n\t}\n"); BIO_printf(out, "\treturn(group);\n\t}\n");
} }
if (!noout) if (!noout) {
{
if (outformat == FORMAT_ASN1) if (outformat == FORMAT_ASN1)
i = i2d_ECPKParameters_bio(out, group); i = i2d_ECPKParameters_bio(out, group);
else if (outformat == FORMAT_PEM) else if (outformat == FORMAT_PEM)
i = PEM_write_bio_ECPKParameters(out, group); i = PEM_write_bio_ECPKParameters(out, group);
else else {
{
BIO_printf(bio_err, "bad output format specified for" BIO_printf(bio_err, "bad output format specified for"
" outfile\n"); " outfile\n");
goto end; goto end;
} }
if (!i) if (!i) {
{
BIO_printf(bio_err, "unable to write elliptic " BIO_printf(bio_err, "unable to write elliptic "
"curve parameters\n"); "curve parameters\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
@@ -630,16 +563,14 @@ bad:
} }
} }
if (need_rand) if (need_rand) {
{
app_RAND_load_file(NULL, bio_err, (inrand != NULL)); app_RAND_load_file(NULL, bio_err, (inrand != NULL));
if (inrand != NULL) if (inrand != NULL)
BIO_printf(bio_err, "%ld semi-random bytes loaded\n", BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand)); app_RAND_load_files(inrand));
} }
if (genkey) if (genkey) {
{
EC_KEY *eckey = EC_KEY_new(); EC_KEY *eckey = EC_KEY_new();
if (eckey == NULL) if (eckey == NULL)
@@ -650,8 +581,7 @@ bad:
if (EC_KEY_set_group(eckey, group) == 0) if (EC_KEY_set_group(eckey, group) == 0)
goto end; goto end;
if (!EC_KEY_generate_key(eckey)) if (!EC_KEY_generate_key(eckey)) {
{
EC_KEY_free(eckey); EC_KEY_free(eckey);
goto end; goto end;
} }
@@ -660,8 +590,7 @@ bad:
else if (outformat == FORMAT_PEM) else if (outformat == FORMAT_PEM)
i = PEM_write_bio_ECPrivateKey(out, eckey, NULL, i = PEM_write_bio_ECPrivateKey(out, eckey, NULL,
NULL, 0, NULL, NULL); NULL, 0, NULL, NULL);
else else {
{
BIO_printf(bio_err, "bad output format specified " BIO_printf(bio_err, "bad output format specified "
"for outfile\n"); "for outfile\n");
EC_KEY_free(eckey); EC_KEY_free(eckey);
@@ -705,13 +634,11 @@ static int ecparam_print_var(BIO *out, BIGNUM *in, const char *var,
BIO_printf(out, "static unsigned char %s_%d[] = {", var, len); BIO_printf(out, "static unsigned char %s_%d[] = {", var, len);
if (BN_is_zero(in)) if (BN_is_zero(in))
BIO_printf(out, "\n\t0x00"); BIO_printf(out, "\n\t0x00");
else else {
{
int i, l; int i, l;
l = BN_bn2bin(in, buffer); l = BN_bn2bin(in, buffer);
for (i=0; i<l-1; i++) for (i = 0; i < l - 1; i++) {
{
if ((i % 12) == 0) if ((i % 12) == 0)
BIO_printf(out, "\n\t"); BIO_printf(out, "\n\t");
BIO_printf(out, "0x%02X,", buffer[i]); BIO_printf(out, "0x%02X,", buffer[i]);

367
apps/enc.c
View File

@@ -87,12 +87,10 @@ static void show_ciphers(const OBJ_NAME *name,void *bio_)
return; return;
BIO_printf(bio, "-%-25s", name->name); BIO_printf(bio, "-%-25s", name->name);
if(++n == 3) if (++n == 3) {
{
BIO_printf(bio, "\n"); BIO_printf(bio, "\n");
n = 0; n = 0;
} } else
else
BIO_printf(bio, " "); BIO_printf(bio, " ");
} }
@@ -117,7 +115,8 @@ int MAIN(int argc, char **argv)
const EVP_CIPHER *cipher = NULL, *c; const EVP_CIPHER *cipher = NULL, *c;
EVP_CIPHER_CTX *ctx = NULL; EVP_CIPHER_CTX *ctx = NULL;
char *inf = NULL, *outf = NULL; char *inf = NULL, *outf = NULL;
BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL; BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL, *rbio =
NULL, *wbio = NULL;
#define PROG_NAME_SIZE 39 #define PROG_NAME_SIZE 39
char pname[PROG_NAME_SIZE + 1]; char pname[PROG_NAME_SIZE + 1];
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
@@ -141,37 +140,33 @@ int MAIN(int argc, char **argv)
base64 = 1; base64 = 1;
cipher = EVP_get_cipherbyname(pname); cipher = EVP_get_cipherbyname(pname);
if (!base64 && (cipher == NULL) && (strcmp(pname,"enc") != 0)) if (!base64 && (cipher == NULL) && (strcmp(pname, "enc") != 0)) {
{
BIO_printf(bio_err, "%s is an unknown cipher\n", pname); BIO_printf(bio_err, "%s is an unknown cipher\n", pname);
goto bad; goto bad;
} }
argc--; argc--;
argv++; argv++;
while (argc >= 1) while (argc >= 1) {
{
if (strcmp(*argv, "-e") == 0) if (strcmp(*argv, "-e") == 0)
enc = 1; enc = 1;
else if (strcmp(*argv,"-in") == 0) else if (strcmp(*argv, "-in") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
inf = *(++argv); inf = *(++argv);
} } else if (strcmp(*argv, "-out") == 0) {
else if (strcmp(*argv,"-out") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
outf = *(++argv); outf = *(++argv);
} } else if (strcmp(*argv, "-pass") == 0) {
else if (strcmp(*argv,"-pass") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
passarg = *(++argv); passarg = *(++argv);
} }
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0) else if (strcmp(*argv, "-engine") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
engine = *(++argv); engine = *(++argv);
} }
#endif #endif
@@ -197,84 +192,67 @@ int MAIN(int argc, char **argv)
base64 = 1; base64 = 1;
else if (strcmp(*argv, "-base64") == 0) else if (strcmp(*argv, "-base64") == 0)
base64 = 1; base64 = 1;
else if (strcmp(*argv,"-bufsize") == 0) else if (strcmp(*argv, "-bufsize") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
bufsize = (unsigned char *)*(++argv); bufsize = (unsigned char *)*(++argv);
} } else if (strcmp(*argv, "-k") == 0) {
else if (strcmp(*argv,"-k") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
str = *(++argv); str = *(++argv);
} } else if (strcmp(*argv, "-kfile") == 0) {
else if (strcmp(*argv,"-kfile") == 0)
{
static char buf[128]; static char buf[128];
FILE *infile; FILE *infile;
char *file; char *file;
if (--argc < 1) goto bad; if (--argc < 1)
goto bad;
file = *(++argv); file = *(++argv);
infile = fopen(file, "r"); infile = fopen(file, "r");
if (infile == NULL) if (infile == NULL) {
{ BIO_printf(bio_err, "unable to read key from '%s'\n", file);
BIO_printf(bio_err,"unable to read key from '%s'\n",
file);
goto bad; goto bad;
} }
buf[0] = '\0'; buf[0] = '\0';
if (!fgets(buf,sizeof buf,infile)) if (!fgets(buf, sizeof buf, infile)) {
{ BIO_printf(bio_err, "unable to read key from '%s'\n", file);
BIO_printf(bio_err,"unable to read key from '%s'\n",
file);
goto bad; goto bad;
} }
fclose(infile); fclose(infile);
i = strlen(buf); i = strlen(buf);
if ((i > 0) && if ((i > 0) && ((buf[i - 1] == '\n') || (buf[i - 1] == '\r')))
((buf[i-1] == '\n') || (buf[i-1] == '\r')))
buf[--i] = '\0'; buf[--i] = '\0';
if ((i > 0) && if ((i > 0) && ((buf[i - 1] == '\n') || (buf[i - 1] == '\r')))
((buf[i-1] == '\n') || (buf[i-1] == '\r')))
buf[--i] = '\0'; buf[--i] = '\0';
if (i < 1) if (i < 1) {
{
BIO_printf(bio_err, "zero length password\n"); BIO_printf(bio_err, "zero length password\n");
goto bad; goto bad;
} }
str = buf; str = buf;
} } else if (strcmp(*argv, "-K") == 0) {
else if (strcmp(*argv,"-K") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
hkey = *(++argv); hkey = *(++argv);
} } else if (strcmp(*argv, "-S") == 0) {
else if (strcmp(*argv,"-S") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
hsalt = *(++argv); hsalt = *(++argv);
} } else if (strcmp(*argv, "-iv") == 0) {
else if (strcmp(*argv,"-iv") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
hiv = *(++argv); hiv = *(++argv);
} } else if (strcmp(*argv, "-md") == 0) {
else if (strcmp(*argv,"-md") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
md = *(++argv); md = *(++argv);
} } else if (strcmp(*argv, "-non-fips-allow") == 0)
else if (strcmp(*argv,"-non-fips-allow") == 0)
non_fips_allow = 1; non_fips_allow = 1;
else if ((argv[0][0] == '-') && else if ((argv[0][0] == '-') &&
((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) ((c = EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) {
{
cipher = c; cipher = c;
} } else if (strcmp(*argv, "-none") == 0)
else if (strcmp(*argv,"-none") == 0)
cipher = NULL; cipher = NULL;
else else {
{
BIO_printf(bio_err, "unknown option '%s'\n", *argv); BIO_printf(bio_err, "unknown option '%s'\n", *argv);
bad: bad:
BIO_printf(bio_err, "options are\n"); BIO_printf(bio_err, "options are\n");
@@ -283,22 +261,34 @@ bad:
BIO_printf(bio_err, "%-14s pass phrase source\n", "-pass <arg>"); BIO_printf(bio_err, "%-14s pass phrase source\n", "-pass <arg>");
BIO_printf(bio_err, "%-14s encrypt\n", "-e"); BIO_printf(bio_err, "%-14s encrypt\n", "-e");
BIO_printf(bio_err, "%-14s decrypt\n", "-d"); BIO_printf(bio_err, "%-14s decrypt\n", "-d");
BIO_printf(bio_err,"%-14s base64 encode/decode, depending on encryption flag\n","-a/-base64"); BIO_printf(bio_err,
BIO_printf(bio_err,"%-14s passphrase is the next argument\n","-k"); "%-14s base64 encode/decode, depending on encryption flag\n",
BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile"); "-a/-base64");
BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md"); BIO_printf(bio_err, "%-14s passphrase is the next argument\n",
BIO_printf(bio_err,"%-14s from a passphrase. One of md2, md5, sha or sha1\n",""); "-k");
BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv"); BIO_printf(bio_err,
BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]"); "%-14s passphrase is the first line of the file argument\n",
"-kfile");
BIO_printf(bio_err,
"%-14s the next argument is the md to use to create a key\n",
"-md");
BIO_printf(bio_err,
"%-14s from a passphrase. One of md2, md5, sha or sha1\n",
"");
BIO_printf(bio_err, "%-14s key/iv in hex is the next argument\n",
"-K/-iv");
BIO_printf(bio_err, "%-14s print the iv/key (then exit if -P)\n",
"-[pP]");
BIO_printf(bio_err, "%-14s buffer size\n", "-bufsize <n>"); BIO_printf(bio_err, "%-14s buffer size\n", "-bufsize <n>");
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e"); BIO_printf(bio_err,
"%-14s use engine e, possibly a hardware device.\n",
"-engine e");
#endif #endif
BIO_printf(bio_err, "Cipher Types\n"); BIO_printf(bio_err, "Cipher Types\n");
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
show_ciphers, show_ciphers, bio_err);
bio_err);
BIO_printf(bio_err, "\n"); BIO_printf(bio_err, "\n");
goto end; goto end;
@@ -311,82 +301,72 @@ bad:
setup_engine(bio_err, engine, 0); setup_engine(bio_err, engine, 0);
#endif #endif
if (md && (dgst=EVP_get_digestbyname(md)) == NULL) if (md && (dgst = EVP_get_digestbyname(md)) == NULL) {
{
BIO_printf(bio_err, "%s is an unsupported message digest type\n", md); BIO_printf(bio_err, "%s is an unsupported message digest type\n", md);
goto end; goto end;
} }
if (dgst == NULL) if (dgst == NULL) {
{
if (in_FIPS_mode) if (in_FIPS_mode)
dgst = EVP_sha1(); dgst = EVP_sha1();
else else
dgst = EVP_md5(); dgst = EVP_md5();
} }
if (bufsize != NULL) if (bufsize != NULL) {
{
unsigned long n; unsigned long n;
for (n=0; *bufsize; bufsize++) for (n = 0; *bufsize; bufsize++) {
{
i = *bufsize; i = *bufsize;
if ((i <= '9') && (i >= '0')) if ((i <= '9') && (i >= '0'))
n = n * 10 + i - '0'; n = n * 10 + i - '0';
else if (i == 'k') else if (i == 'k') {
{
n *= 1024; n *= 1024;
bufsize++; bufsize++;
break; break;
} }
} }
if (*bufsize != '\0') if (*bufsize != '\0') {
{
BIO_printf(bio_err, "invalid 'bufsize' specified.\n"); BIO_printf(bio_err, "invalid 'bufsize' specified.\n");
goto end; goto end;
} }
/* It must be large enough for a base64 encoded line */ /* It must be large enough for a base64 encoded line */
if (base64 && n < 80) n=80; if (base64 && n < 80)
n = 80;
bsize = (int)n; bsize = (int)n;
if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize); if (verbose)
BIO_printf(bio_err, "bufsize=%d\n", bsize);
} }
strbuf = OPENSSL_malloc(SIZE); strbuf = OPENSSL_malloc(SIZE);
buff = (unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize)); buff = (unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize));
if ((buff == NULL) || (strbuf == NULL)) if ((buff == NULL) || (strbuf == NULL)) {
{ BIO_printf(bio_err, "OPENSSL_malloc failure %ld\n",
BIO_printf(bio_err,"OPENSSL_malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize)); (long)EVP_ENCODE_LENGTH(bsize));
goto end; goto end;
} }
in = BIO_new(BIO_s_file()); in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL)) if ((in == NULL) || (out == NULL)) {
{
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
if (debug) if (debug) {
{
BIO_set_callback(in, BIO_debug_callback); BIO_set_callback(in, BIO_debug_callback);
BIO_set_callback(out, BIO_debug_callback); BIO_set_callback(out, BIO_debug_callback);
BIO_set_callback_arg(in, (char *)bio_err); BIO_set_callback_arg(in, (char *)bio_err);
BIO_set_callback_arg(out, (char *)bio_err); BIO_set_callback_arg(out, (char *)bio_err);
} }
if (inf == NULL) if (inf == NULL) {
{
if (bufsize != NULL) if (bufsize != NULL)
setvbuf(stdin, (char *)NULL, _IONBF, 0); setvbuf(stdin, (char *)NULL, _IONBF, 0);
BIO_set_fp(in, stdin, BIO_NOCLOSE); BIO_set_fp(in, stdin, BIO_NOCLOSE);
} } else {
else if (BIO_read_filename(in, inf) <= 0) {
{
if (BIO_read_filename(in,inf) <= 0)
{
perror(inf); perror(inf);
goto end; goto end;
} }
@@ -400,10 +380,8 @@ bad:
str = pass; str = pass;
} }
if ((str == NULL) && (cipher != NULL) && (hkey == NULL)) if ((str == NULL) && (cipher != NULL) && (hkey == NULL)) {
{ for (;;) {
for (;;)
{
char buf[200]; char buf[200];
BIO_snprintf(buf, sizeof buf, "enter %s %s password:", BIO_snprintf(buf, sizeof buf, "enter %s %s password:",
@@ -411,27 +389,22 @@ bad:
(enc) ? "encryption" : "decryption"); (enc) ? "encryption" : "decryption");
strbuf[0] = '\0'; strbuf[0] = '\0';
i = EVP_read_pw_string((char *)strbuf, SIZE, buf, enc); i = EVP_read_pw_string((char *)strbuf, SIZE, buf, enc);
if (i == 0) if (i == 0) {
{ if (strbuf[0] == '\0') {
if (strbuf[0] == '\0')
{
ret = 1; ret = 1;
goto end; goto end;
} }
str = strbuf; str = strbuf;
break; break;
} }
if (i < 0) if (i < 0) {
{
BIO_printf(bio_err, "bad password read\n"); BIO_printf(bio_err, "bad password read\n");
goto end; goto end;
} }
} }
} }
if (outf == NULL) {
if (outf == NULL)
{
BIO_set_fp(out, stdout, BIO_NOCLOSE); BIO_set_fp(out, stdout, BIO_NOCLOSE);
if (bufsize != NULL) if (bufsize != NULL)
setvbuf(stdout, (char *)NULL, _IONBF, 0); setvbuf(stdout, (char *)NULL, _IONBF, 0);
@@ -441,11 +414,8 @@ bad:
out = BIO_push(tmpbio, out); out = BIO_push(tmpbio, out);
} }
#endif #endif
} } else {
else if (BIO_write_filename(out, outf) <= 0) {
{
if (BIO_write_filename(out,outf) <= 0)
{
perror(outf); perror(outf);
goto end; goto end;
} }
@@ -454,12 +424,10 @@ bad:
rbio = in; rbio = in;
wbio = out; wbio = out;
if (base64) if (base64) {
{
if ((b64 = BIO_new(BIO_f_base64())) == NULL) if ((b64 = BIO_new(BIO_f_base64())) == NULL)
goto end; goto end;
if (debug) if (debug) {
{
BIO_set_callback(b64, BIO_debug_callback); BIO_set_callback(b64, BIO_debug_callback);
BIO_set_callback_arg(b64, (char *)bio_err); BIO_set_callback_arg(b64, (char *)bio_err);
} }
@@ -471,30 +439,31 @@ bad:
rbio = BIO_push(b64, rbio); rbio = BIO_push(b64, rbio);
} }
if (cipher != NULL) if (cipher != NULL) {
{ /*
/* Note that str is NULL if a key was passed on the command * Note that str is NULL if a key was passed on the command line, so
* line, so we get no salt in that case. Is this a bug? * we get no salt in that case. Is this a bug?
*/ */
if (str != NULL) if (str != NULL) {
{ /*
/* Salt handling: if encrypting generate a salt and * Salt handling: if encrypting generate a salt and write to
* write to output BIO. If decrypting read salt from * output BIO. If decrypting read salt from input BIO.
* input BIO.
*/ */
unsigned char *sptr; unsigned char *sptr;
if(nosalt) sptr = NULL; if (nosalt)
sptr = NULL;
else { else {
if (enc) { if (enc) {
if (hsalt) { if (hsalt) {
if (!set_hex(hsalt, salt, sizeof salt)) { if (!set_hex(hsalt, salt, sizeof salt)) {
BIO_printf(bio_err, BIO_printf(bio_err, "invalid hex salt value\n");
"invalid hex salt value\n");
goto end; goto end;
} }
} else if (RAND_pseudo_bytes(salt, sizeof salt) < 0) } else if (RAND_pseudo_bytes(salt, sizeof salt) < 0)
goto end; goto end;
/* If -P option then don't bother writing */ /*
* If -P option then don't bother writing
*/
if ((printkey != 2) if ((printkey != 2)
&& (BIO_write(wbio, magic, && (BIO_write(wbio, magic,
sizeof magic - 1) != sizeof magic - 1 sizeof magic - 1) != sizeof magic - 1
@@ -519,33 +488,31 @@ bad:
} }
EVP_BytesToKey(cipher, dgst, sptr, EVP_BytesToKey(cipher, dgst, sptr,
(unsigned char *)str, (unsigned char *)str, strlen(str), 1, key, iv);
strlen(str),1,key,iv); /*
/* zero the complete buffer or the string * zero the complete buffer or the string passed from the command
* passed from the command line * line bug picked up by Larry J. Hughes Jr. <hughes@indiana.edu>
* bug picked up by */
* Larry J. Hughes Jr. <hughes@indiana.edu> */
if (str == strbuf) if (str == strbuf)
OPENSSL_cleanse(str, SIZE); OPENSSL_cleanse(str, SIZE);
else else
OPENSSL_cleanse(str, strlen(str)); OPENSSL_cleanse(str, strlen(str));
} }
if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv)) if ((hiv != NULL) && !set_hex(hiv, iv, sizeof iv)) {
{
BIO_printf(bio_err, "invalid hex iv value\n"); BIO_printf(bio_err, "invalid hex iv value\n");
goto end; goto end;
} }
if ((hiv == NULL) && (str == NULL) if ((hiv == NULL) && (str == NULL)
&& EVP_CIPHER_iv_length(cipher) != 0) && EVP_CIPHER_iv_length(cipher) != 0) {
{ /*
/* No IV was explicitly set and no IV was generated * No IV was explicitly set and no IV was generated during
* during EVP_BytesToKey. Hence the IV is undefined, * EVP_BytesToKey. Hence the IV is undefined, making correct
* making correct decryption impossible. */ * decryption impossible.
*/
BIO_printf(bio_err, "iv undefined\n"); BIO_printf(bio_err, "iv undefined\n");
goto end; goto end;
} }
if ((hkey != NULL) && !set_hex(hkey,key,sizeof key)) if ((hkey != NULL) && !set_hex(hkey, key, sizeof key)) {
{
BIO_printf(bio_err, "invalid hex key value\n"); BIO_printf(bio_err, "invalid hex key value\n");
goto end; goto end;
} }
@@ -553,18 +520,17 @@ bad:
if ((benc = BIO_new(BIO_f_cipher())) == NULL) if ((benc = BIO_new(BIO_f_cipher())) == NULL)
goto end; goto end;
/* Since we may be changing parameters work on the encryption /*
* context rather than calling BIO_set_cipher(). * Since we may be changing parameters work on the encryption context
* rather than calling BIO_set_cipher().
*/ */
BIO_get_cipher_ctx(benc, &ctx); BIO_get_cipher_ctx(benc, &ctx);
if (non_fips_allow) if (non_fips_allow)
EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW);
EVP_CIPH_FLAG_NON_FIPS_ALLOW);
if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) {
{
BIO_printf(bio_err, "Error setting cipher %s\n", BIO_printf(bio_err, "Error setting cipher %s\n",
EVP_CIPHER_name(cipher)); EVP_CIPHER_name(cipher));
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
@@ -574,45 +540,38 @@ bad:
if (nopad) if (nopad)
EVP_CIPHER_CTX_set_padding(ctx, 0); EVP_CIPHER_CTX_set_padding(ctx, 0);
if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) {
{
BIO_printf(bio_err, "Error setting cipher %s\n", BIO_printf(bio_err, "Error setting cipher %s\n",
EVP_CIPHER_name(cipher)); EVP_CIPHER_name(cipher));
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
if (debug) if (debug) {
{
BIO_set_callback(benc, BIO_debug_callback); BIO_set_callback(benc, BIO_debug_callback);
BIO_set_callback_arg(benc, (char *)bio_err); BIO_set_callback_arg(benc, (char *)bio_err);
} }
if (printkey) if (printkey) {
{ if (!nosalt) {
if (!nosalt)
{
printf("salt="); printf("salt=");
for (i = 0; i < (int)sizeof(salt); i++) for (i = 0; i < (int)sizeof(salt); i++)
printf("%02X", salt[i]); printf("%02X", salt[i]);
printf("\n"); printf("\n");
} }
if (cipher->key_len > 0) if (cipher->key_len > 0) {
{
printf("key="); printf("key=");
for (i = 0; i < cipher->key_len; i++) for (i = 0; i < cipher->key_len; i++)
printf("%02X", key[i]); printf("%02X", key[i]);
printf("\n"); printf("\n");
} }
if (cipher->iv_len > 0) if (cipher->iv_len > 0) {
{
printf("iv ="); printf("iv =");
for (i = 0; i < cipher->iv_len; i++) for (i = 0; i < cipher->iv_len; i++)
printf("%02X", iv[i]); printf("%02X", iv[i]);
printf("\n"); printf("\n");
} }
if (printkey == 2) if (printkey == 2) {
{
ret = 0; ret = 0;
goto end; goto end;
} }
@@ -623,37 +582,41 @@ bad:
if (benc != NULL) if (benc != NULL)
wbio = BIO_push(benc, wbio); wbio = BIO_push(benc, wbio);
for (;;) for (;;) {
{
inl = BIO_read(rbio, (char *)buff, bsize); inl = BIO_read(rbio, (char *)buff, bsize);
if (inl <= 0) break; if (inl <= 0)
if (BIO_write(wbio,(char *)buff,inl) != inl) break;
{ if (BIO_write(wbio, (char *)buff, inl) != inl) {
BIO_printf(bio_err, "error writing output file\n"); BIO_printf(bio_err, "error writing output file\n");
goto end; goto end;
} }
} }
if (!BIO_flush(wbio)) if (!BIO_flush(wbio)) {
{
BIO_printf(bio_err, "bad decrypt\n"); BIO_printf(bio_err, "bad decrypt\n");
goto end; goto end;
} }
ret = 0; ret = 0;
if (verbose) if (verbose) {
{
BIO_printf(bio_err, "bytes read :%8ld\n", BIO_number_read(in)); BIO_printf(bio_err, "bytes read :%8ld\n", BIO_number_read(in));
BIO_printf(bio_err, "bytes written:%8ld\n", BIO_number_written(out)); BIO_printf(bio_err, "bytes written:%8ld\n", BIO_number_written(out));
} }
end: end:
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
if (strbuf != NULL) OPENSSL_free(strbuf); if (strbuf != NULL)
if (buff != NULL) OPENSSL_free(buff); OPENSSL_free(strbuf);
if (in != NULL) BIO_free(in); if (buff != NULL)
if (out != NULL) BIO_free_all(out); OPENSSL_free(buff);
if (benc != NULL) BIO_free(benc); if (in != NULL)
if (b64 != NULL) BIO_free(b64); BIO_free(in);
if(pass) OPENSSL_free(pass); if (out != NULL)
BIO_free_all(out);
if (benc != NULL)
BIO_free(benc);
if (b64 != NULL)
BIO_free(b64);
if (pass)
OPENSSL_free(pass);
apps_shutdown(); apps_shutdown();
OPENSSL_EXIT(ret); OPENSSL_EXIT(ret);
} }
@@ -664,25 +627,23 @@ int set_hex(char *in, unsigned char *out, int size)
unsigned char j; unsigned char j;
n = strlen(in); n = strlen(in);
if (n > (size*2)) if (n > (size * 2)) {
{
BIO_printf(bio_err, "hex string is too long\n"); BIO_printf(bio_err, "hex string is too long\n");
return (0); return (0);
} }
memset(out, 0, size); memset(out, 0, size);
for (i=0; i<n; i++) for (i = 0; i < n; i++) {
{
j = (unsigned char)*in; j = (unsigned char)*in;
*(in++) = '\0'; *(in++) = '\0';
if (j == 0) break; if (j == 0)
break;
if ((j >= '0') && (j <= '9')) if ((j >= '0') && (j <= '9'))
j -= '0'; j -= '0';
else if ((j >= 'A') && (j <= 'F')) else if ((j >= 'A') && (j <= 'F'))
j = j - 'A' + 10; j = j - 'A' + 10;
else if ((j >= 'a') && (j <= 'f')) else if ((j >= 'a') && (j <= 'f'))
j = j - 'a' + 10; j = j - 'a' + 10;
else else {
{
BIO_printf(bio_err, "non-hex digit\n"); BIO_printf(bio_err, "non-hex digit\n");
return (0); return (0);
} }

222
apps/engine.c
View File

@@ -1,6 +1,7 @@
/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */ /* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */
/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL /*
* project 2000. * Written by Richard Levitte <richard@levitte.org> for the OpenSSL project
* 2000.
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 2000 The OpenSSL Project. All rights reserved. * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
@@ -56,7 +57,6 @@
* *
*/ */
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
@@ -101,8 +101,7 @@ static int append_buf(char **buf, const char *s, int *size, int step)
{ {
int l = strlen(s); int l = strlen(s);
if (*buf == NULL) if (*buf == NULL) {
{
*size = step; *size = step;
*buf = OPENSSL_malloc(*size); *buf = OPENSSL_malloc(*size);
if (*buf == NULL) if (*buf == NULL)
@@ -113,8 +112,7 @@ static int append_buf(char **buf, const char *s, int *size, int step)
if (**buf != '\0') if (**buf != '\0')
l += 2; /* ", " */ l += 2; /* ", " */
if (strlen(*buf) + strlen(s) >= (unsigned int)*size) if (strlen(*buf) + strlen(s) >= (unsigned int)*size) {
{
*size += step; *size += step;
*buf = OPENSSL_realloc(*buf, *size); *buf = OPENSSL_realloc(*buf, *size);
} }
@@ -134,46 +132,42 @@ static int util_flags(BIO *bio_out, unsigned int flags, const char *indent)
int started = 0, err = 0; int started = 0, err = 0;
/* Indent before displaying input flags */ /* Indent before displaying input flags */
BIO_printf(bio_out, "%s%s(input flags): ", indent, indent); BIO_printf(bio_out, "%s%s(input flags): ", indent, indent);
if(flags == 0) if (flags == 0) {
{
BIO_printf(bio_out, "<no flags>\n"); BIO_printf(bio_out, "<no flags>\n");
return 1; return 1;
} }
/* If the object is internal, mark it in a way that shows instead of /*
* having it part of all the other flags, even if it really is. */ * If the object is internal, mark it in a way that shows instead of
if(flags & ENGINE_CMD_FLAG_INTERNAL) * having it part of all the other flags, even if it really is.
{ */
if (flags & ENGINE_CMD_FLAG_INTERNAL) {
BIO_printf(bio_out, "[Internal] "); BIO_printf(bio_out, "[Internal] ");
} }
if(flags & ENGINE_CMD_FLAG_NUMERIC) if (flags & ENGINE_CMD_FLAG_NUMERIC) {
{ if (started) {
if(started)
{
BIO_printf(bio_out, "|"); BIO_printf(bio_out, "|");
err = 1; err = 1;
} }
BIO_printf(bio_out, "NUMERIC"); BIO_printf(bio_out, "NUMERIC");
started = 1; started = 1;
} }
/* Now we check that no combinations of the mutually exclusive NUMERIC, /*
* Now we check that no combinations of the mutually exclusive NUMERIC,
* STRING, and NO_INPUT flags have been used. Future flags that can be * STRING, and NO_INPUT flags have been used. Future flags that can be
* OR'd together with these would need to added after these to preserve * OR'd together with these would need to added after these to preserve
* the testing logic. */ * the testing logic.
if(flags & ENGINE_CMD_FLAG_STRING) */
{ if (flags & ENGINE_CMD_FLAG_STRING) {
if(started) if (started) {
{
BIO_printf(bio_out, "|"); BIO_printf(bio_out, "|");
err = 1; err = 1;
} }
BIO_printf(bio_out, "STRING"); BIO_printf(bio_out, "STRING");
started = 1; started = 1;
} }
if(flags & ENGINE_CMD_FLAG_NO_INPUT) if (flags & ENGINE_CMD_FLAG_NO_INPUT) {
{ if (started) {
if(started)
{
BIO_printf(bio_out, "|"); BIO_printf(bio_out, "|");
err = 1; err = 1;
} }
@@ -183,11 +177,10 @@ static int util_flags(BIO *bio_out, unsigned int flags, const char *indent)
/* Check for unknown flags */ /* Check for unknown flags */
flags = flags & ~ENGINE_CMD_FLAG_NUMERIC & flags = flags & ~ENGINE_CMD_FLAG_NUMERIC &
~ENGINE_CMD_FLAG_STRING & ~ENGINE_CMD_FLAG_STRING &
~ENGINE_CMD_FLAG_NO_INPUT & ~ENGINE_CMD_FLAG_NO_INPUT & ~ENGINE_CMD_FLAG_INTERNAL;
~ENGINE_CMD_FLAG_INTERNAL; if (flags) {
if(flags) if (started)
{ BIO_printf(bio_out, "|");
if(started) BIO_printf(bio_out, "|");
BIO_printf(bio_out, "<0x%04X>", flags); BIO_printf(bio_out, "<0x%04X>", flags);
} }
if (err) if (err)
@@ -196,7 +189,8 @@ static int util_flags(BIO *bio_out, unsigned int flags, const char *indent)
return 1; return 1;
} }
static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent) static int util_verbose(ENGINE *e, int verbose, BIO *bio_out,
const char *indent)
{ {
static const int line_wrap = 78; static const int line_wrap = 78;
int num; int num;
@@ -208,8 +202,7 @@ static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent
STACK *cmds = NULL; STACK *cmds = NULL;
if (!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) || if (!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||
((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE, ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,
0, NULL, NULL)) <= 0)) 0, NULL, NULL)) <= 0)) {
{
# if 0 # if 0
BIO_printf(bio_out, "%s<no control commands>\n", indent); BIO_printf(bio_out, "%s<no control commands>\n", indent);
# endif # endif
@@ -226,8 +219,7 @@ static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent
if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,
NULL, NULL)) < 0) NULL, NULL)) < 0)
goto err; goto err;
if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4) if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4) {
{
/* Get the command name */ /* Get the command name */
if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num, if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num,
NULL, NULL)) <= 0) NULL, NULL)) <= 0)
@@ -241,8 +233,7 @@ static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent
if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num, if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num,
NULL, NULL)) < 0) NULL, NULL)) < 0)
goto err; goto err;
if(len > 0) if (len > 0) {
{
if ((desc = OPENSSL_malloc(len + 1)) == NULL) if ((desc = OPENSSL_malloc(len + 1)) == NULL)
goto err; goto err;
if (ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc, if (ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc,
@@ -256,69 +247,67 @@ static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent
else else
/* Otherwise prepend a ", " */ /* Otherwise prepend a ", " */
xpos += BIO_printf(bio_out, ", "); xpos += BIO_printf(bio_out, ", ");
if(verbose == 1) if (verbose == 1) {
{ /*
/* We're just listing names, comma-delimited */ * We're just listing names, comma-delimited
*/
if ((xpos > (int)strlen(indent)) && if ((xpos > (int)strlen(indent)) &&
(xpos + (int)strlen(name) > line_wrap)) (xpos + (int)strlen(name) > line_wrap)) {
{
BIO_printf(bio_out, "\n"); BIO_printf(bio_out, "\n");
xpos = BIO_puts(bio_out, indent); xpos = BIO_puts(bio_out, indent);
} }
xpos += BIO_printf(bio_out, "%s", name); xpos += BIO_printf(bio_out, "%s", name);
} } else {
else
{
/* We're listing names plus descriptions */ /* We're listing names plus descriptions */
BIO_printf(bio_out, "%s: %s\n", name, BIO_printf(bio_out, "%s: %s\n", name,
(desc == NULL) ? "<no description>" : desc); (desc == NULL) ? "<no description>" : desc);
/* ... and sometimes input flags */ /* ... and sometimes input flags */
if((verbose >= 3) && !util_flags(bio_out, flags, if ((verbose >= 3) && !util_flags(bio_out, flags, indent))
indent))
goto err; goto err;
xpos = 0; xpos = 0;
} }
} }
OPENSSL_free(name); name = NULL; OPENSSL_free(name);
if(desc) { OPENSSL_free(desc); desc = NULL; } name = NULL;
if (desc) {
OPENSSL_free(desc);
desc = NULL;
}
/* Move to the next command */ /* Move to the next command */
num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE, num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE, num, NULL, NULL);
num, NULL, NULL);
} while (num > 0); } while (num > 0);
if (xpos > 0) if (xpos > 0)
BIO_printf(bio_out, "\n"); BIO_printf(bio_out, "\n");
ret = 1; ret = 1;
err: err:
if(cmds) sk_pop_free(cmds, identity); if (cmds)
if(name) OPENSSL_free(name); sk_pop_free(cmds, identity);
if(desc) OPENSSL_free(desc); if (name)
OPENSSL_free(name);
if (desc)
OPENSSL_free(desc);
return ret; return ret;
} }
static void util_do_cmds(ENGINE *e, STACK *cmds, BIO *bio_out, const char *indent) static void util_do_cmds(ENGINE *e, STACK * cmds, BIO *bio_out,
const char *indent)
{ {
int loop, res, num = sk_num(cmds); int loop, res, num = sk_num(cmds);
if(num < 0) if (num < 0) {
{
BIO_printf(bio_out, "[Error]: internal stack error\n"); BIO_printf(bio_out, "[Error]: internal stack error\n");
return; return;
} }
for(loop = 0; loop < num; loop++) for (loop = 0; loop < num; loop++) {
{
char buf[256]; char buf[256];
const char *cmd, *arg; const char *cmd, *arg;
cmd = sk_value(cmds, loop); cmd = sk_value(cmds, loop);
res = 1; /* assume success */ res = 1; /* assume success */
/* Check if this command has no ":arg" */ /* Check if this command has no ":arg" */
if((arg = strstr(cmd, ":")) == NULL) if ((arg = strstr(cmd, ":")) == NULL) {
{
if (!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0)) if (!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0))
res = 0; res = 0;
} } else {
else if ((int)(arg - cmd) > 254) {
{
if((int)(arg - cmd) > 254)
{
BIO_printf(bio_out, "[Error]: command name too long\n"); BIO_printf(bio_out, "[Error]: command name too long\n");
return; return;
} }
@@ -331,8 +320,7 @@ static void util_do_cmds(ENGINE *e, STACK *cmds, BIO *bio_out, const char *inden
} }
if (res) if (res)
BIO_printf(bio_out, "[Success]: %s\n", cmd); BIO_printf(bio_out, "[Success]: %s\n", cmd);
else else {
{
BIO_printf(bio_out, "[Failure]: %s\n", cmd); BIO_printf(bio_out, "[Failure]: %s\n", cmd);
ERR_print_errors(bio_out); ERR_print_errors(bio_out);
} }
@@ -372,40 +360,33 @@ int MAIN(int argc, char **argv)
argc--; argc--;
argv++; argv++;
while (argc >= 1) while (argc >= 1) {
{ if (strncmp(*argv, "-v", 2) == 0) {
if (strncmp(*argv,"-v",2) == 0)
{
if (strspn(*argv + 1, "v") < strlen(*argv + 1)) if (strspn(*argv + 1, "v") < strlen(*argv + 1))
goto skip_arg_loop; goto skip_arg_loop;
if ((verbose = strlen(*argv + 1)) > 4) if ((verbose = strlen(*argv + 1)) > 4)
goto skip_arg_loop; goto skip_arg_loop;
} } else if (strcmp(*argv, "-c") == 0)
else if (strcmp(*argv,"-c") == 0)
list_cap = 1; list_cap = 1;
else if (strncmp(*argv,"-t",2) == 0) else if (strncmp(*argv, "-t", 2) == 0) {
{
test_avail = 1; test_avail = 1;
if (strspn(*argv + 1, "t") < strlen(*argv + 1)) if (strspn(*argv + 1, "t") < strlen(*argv + 1))
goto skip_arg_loop; goto skip_arg_loop;
if ((test_avail_noise = strlen(*argv + 1) - 1) > 1) if ((test_avail_noise = strlen(*argv + 1) - 1) > 1)
goto skip_arg_loop; goto skip_arg_loop;
} } else if (strcmp(*argv, "-pre") == 0) {
else if (strcmp(*argv,"-pre") == 0) argc--;
{ argv++;
argc--; argv++;
if (argc == 0) if (argc == 0)
goto skip_arg_loop; goto skip_arg_loop;
sk_push(pre_cmds, *argv); sk_push(pre_cmds, *argv);
} } else if (strcmp(*argv, "-post") == 0) {
else if (strcmp(*argv,"-post") == 0) argc--;
{ argv++;
argc--; argv++;
if (argc == 0) if (argc == 0)
goto skip_arg_loop; goto skip_arg_loop;
sk_push(post_cmds, *argv); sk_push(post_cmds, *argv);
} } else if ((strncmp(*argv, "-h", 2) == 0) ||
else if ((strncmp(*argv,"-h",2) == 0) ||
(strcmp(*argv, "-?") == 0)) (strcmp(*argv, "-?") == 0))
goto skip_arg_loop; goto skip_arg_loop;
else else
@@ -417,37 +398,32 @@ int MAIN(int argc, char **argv)
badops = 0; badops = 0;
skip_arg_loop: skip_arg_loop:
if (badops) if (badops) {
{
for (pp = engine_usage; (*pp != NULL); pp++) for (pp = engine_usage; (*pp != NULL); pp++)
BIO_printf(bio_err, "%s", *pp); BIO_printf(bio_err, "%s", *pp);
goto end; goto end;
} }
if (sk_num(engines) == 0) if (sk_num(engines) == 0) {
{ for (e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) {
for(e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e))
{
sk_push(engines, (char *)ENGINE_get_id(e)); sk_push(engines, (char *)ENGINE_get_id(e));
} }
} }
for (i=0; i<sk_num(engines); i++) for (i = 0; i < sk_num(engines); i++) {
{
const char *id = sk_value(engines, i); const char *id = sk_value(engines, i);
if ((e = ENGINE_by_id(id)) != NULL) if ((e = ENGINE_by_id(id)) != NULL) {
{
const char *name = ENGINE_get_name(e); const char *name = ENGINE_get_name(e);
/* Do "id" first, then "name". Easier to auto-parse. */ /*
* Do "id" first, then "name". Easier to auto-parse.
*/
BIO_printf(bio_out, "(%s) %s\n", id, name); BIO_printf(bio_out, "(%s) %s\n", id, name);
util_do_cmds(e, pre_cmds, bio_out, indent); util_do_cmds(e, pre_cmds, bio_out, indent);
if (strcmp(ENGINE_get_id(e), id) != 0) if (strcmp(ENGINE_get_id(e), id) != 0) {
{
BIO_printf(bio_out, "Loaded: (%s) %s\n", BIO_printf(bio_out, "Loaded: (%s) %s\n",
ENGINE_get_id(e), ENGINE_get_name(e)); ENGINE_get_id(e), ENGINE_get_name(e));
} }
if (list_cap) if (list_cap) {
{
int cap_size = 256; int cap_size = 256;
char *cap_buf = NULL; char *cap_buf = NULL;
int k, n; int k, n;
@@ -456,39 +432,35 @@ skip_arg_loop:
ENGINE_DIGESTS_PTR fn_d; ENGINE_DIGESTS_PTR fn_d;
if (ENGINE_get_RSA(e) != NULL if (ENGINE_get_RSA(e) != NULL
&& !append_buf(&cap_buf, "RSA", && !append_buf(&cap_buf, "RSA", &cap_size, 256))
&cap_size, 256))
goto end; goto end;
if (ENGINE_get_DSA(e) != NULL if (ENGINE_get_DSA(e) != NULL
&& !append_buf(&cap_buf, "DSA", && !append_buf(&cap_buf, "DSA", &cap_size, 256))
&cap_size, 256))
goto end; goto end;
if (ENGINE_get_DH(e) != NULL if (ENGINE_get_DH(e) != NULL
&& !append_buf(&cap_buf, "DH", && !append_buf(&cap_buf, "DH", &cap_size, 256))
&cap_size, 256))
goto end; goto end;
if (ENGINE_get_RAND(e) != NULL if (ENGINE_get_RAND(e) != NULL
&& !append_buf(&cap_buf, "RAND", && !append_buf(&cap_buf, "RAND", &cap_size, 256))
&cap_size, 256))
goto end; goto end;
fn_c = ENGINE_get_ciphers(e); fn_c = ENGINE_get_ciphers(e);
if(!fn_c) goto skip_ciphers; if (!fn_c)
goto skip_ciphers;
n = fn_c(e, NULL, &nids, 0); n = fn_c(e, NULL, &nids, 0);
for (k = 0; k < n; ++k) for (k = 0; k < n; ++k)
if (!append_buf(&cap_buf, if (!append_buf(&cap_buf,
OBJ_nid2sn(nids[k]), OBJ_nid2sn(nids[k]), &cap_size, 256))
&cap_size, 256))
goto end; goto end;
skip_ciphers: skip_ciphers:
fn_d = ENGINE_get_digests(e); fn_d = ENGINE_get_digests(e);
if(!fn_d) goto skip_digests; if (!fn_d)
goto skip_digests;
n = fn_d(e, NULL, &nids, 0); n = fn_d(e, NULL, &nids, 0);
for (k = 0; k < n; ++k) for (k = 0; k < n; ++k)
if (!append_buf(&cap_buf, if (!append_buf(&cap_buf,
OBJ_nid2sn(nids[k]), OBJ_nid2sn(nids[k]), &cap_size, 256))
&cap_size, 256))
goto end; goto end;
skip_digests: skip_digests:
@@ -497,17 +469,13 @@ skip_digests:
OPENSSL_free(cap_buf); OPENSSL_free(cap_buf);
} }
if(test_avail) if (test_avail) {
{
BIO_printf(bio_out, "%s", indent); BIO_printf(bio_out, "%s", indent);
if (ENGINE_init(e)) if (ENGINE_init(e)) {
{
BIO_printf(bio_out, "[ available ]\n"); BIO_printf(bio_out, "[ available ]\n");
util_do_cmds(e, post_cmds, bio_out, indent); util_do_cmds(e, post_cmds, bio_out, indent);
ENGINE_finish(e); ENGINE_finish(e);
} } else {
else
{
BIO_printf(bio_out, "[ unavailable ]\n"); BIO_printf(bio_out, "[ unavailable ]\n");
if (test_avail_noise) if (test_avail_noise)
ERR_print_errors_fp(stdout); ERR_print_errors_fp(stdout);
@@ -517,8 +485,7 @@ skip_digests:
if ((verbose > 0) && !util_verbose(e, verbose, bio_out, indent)) if ((verbose > 0) && !util_verbose(e, verbose, bio_out, indent))
goto end; goto end;
ENGINE_free(e); ENGINE_free(e);
} } else
else
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
} }
@@ -529,7 +496,8 @@ end:
sk_pop_free(engines, identity); sk_pop_free(engines, identity);
sk_pop_free(pre_cmds, identity); sk_pop_free(pre_cmds, identity);
sk_pop_free(post_cmds, identity); sk_pop_free(post_cmds, identity);
if (bio_out != NULL) BIO_free_all(bio_out); if (bio_out != NULL)
BIO_free_all(bio_out);
apps_shutdown(); apps_shutdown();
OPENSSL_EXIT(ret); OPENSSL_EXIT(ret);
} }

19
apps/errstr.c
View File

@@ -84,13 +84,11 @@ int MAIN(int argc, char **argv)
SSL_load_error_strings(); SSL_load_error_strings();
if ((argc > 1) && (strcmp(argv[1],"-stats") == 0)) if ((argc > 1) && (strcmp(argv[1], "-stats") == 0)) {
{
BIO *out = NULL; BIO *out = NULL;
out = BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file());
if ((out != NULL) && BIO_set_fp(out,stdout,BIO_NOCLOSE)) if ((out != NULL) && BIO_set_fp(out, stdout, BIO_NOCLOSE)) {
{
#ifdef OPENSSL_SYS_VMS #ifdef OPENSSL_SYS_VMS
{ {
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); BIO *tmpbio = BIO_new(BIO_f_linebuffer());
@@ -102,20 +100,17 @@ int MAIN(int argc, char **argv)
lh_node_usage_stats_bio((LHASH *) lh_node_usage_stats_bio((LHASH *)
ERR_get_string_table(), out); ERR_get_string_table(), out);
} }
if (out != NULL) BIO_free_all(out); if (out != NULL)
BIO_free_all(out);
argc--; argc--;
argv++; argv++;
} }
for (i=1; i<argc; i++) for (i = 1; i < argc; i++) {
{ if (sscanf(argv[i], "%lx", &l)) {
if (sscanf(argv[i],"%lx",&l))
{
ERR_error_string_n(l, buf, sizeof buf); ERR_error_string_n(l, buf, sizeof buf);
printf("%s\n", buf); printf("%s\n", buf);
} } else {
else
{
printf("%s: bad error code\n", argv[i]); printf("%s: bad error code\n", argv[i]);
printf("usage: errstr [-stats] <errno> ...\n"); printf("usage: errstr [-stats] <errno> ...\n");
ret++; ret++;

97
apps/gendh.c
View File

@@ -58,8 +58,10 @@
*/ */
#include <openssl/opensslconf.h> #include <openssl/opensslconf.h>
/* Until the key-gen callbacks are modified to use newer prototypes, we allow /*
* deprecated functions for openssl-internal code */ * Until the key-gen callbacks are modified to use newer prototypes, we allow
* deprecated functions for openssl-internal code
*/
#ifdef OPENSSL_NO_DEPRECATED #ifdef OPENSSL_NO_DEPRECATED
# undef OPENSSL_NO_DEPRECATED # undef OPENSSL_NO_DEPRECATED
#endif #endif
@@ -111,67 +113,66 @@ int MAIN(int argc, char **argv)
argv++; argv++;
argc--; argc--;
for (;;) for (;;) {
{ if (argc <= 0)
if (argc <= 0) break; break;
if (strcmp(*argv,"-out") == 0) if (strcmp(*argv, "-out") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
outfile = *(++argv); outfile = *(++argv);
} } else if (strcmp(*argv, "-2") == 0)
else if (strcmp(*argv,"-2") == 0)
g = 2; g = 2;
/*- else if (strcmp(*argv,"-3") == 0) /*- else if (strcmp(*argv,"-3") == 0)
g=3; */ g=3; */
else if (strcmp(*argv, "-5") == 0) else if (strcmp(*argv, "-5") == 0)
g = 5; g = 5;
# ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0) else if (strcmp(*argv, "-engine") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
engine = *(++argv); engine = *(++argv);
} }
# endif # endif
else if (strcmp(*argv,"-rand") == 0) else if (strcmp(*argv, "-rand") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
inrand = *(++argv); inrand = *(++argv);
} } else
else
break; break;
argv++; argv++;
argc--; argc--;
} }
if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0))) if ((argc >= 1) && ((sscanf(*argv, "%d", &num) == 0) || (num < 0))) {
{
bad: bad:
BIO_printf(bio_err, "usage: gendh [args] [numbits]\n"); BIO_printf(bio_err, "usage: gendh [args] [numbits]\n");
BIO_printf(bio_err, " -out file - output the key to 'file\n"); BIO_printf(bio_err, " -out file - output the key to 'file\n");
BIO_printf(bio_err, " -2 - use 2 as the generator value\n"); BIO_printf(bio_err, " -2 - use 2 as the generator value\n");
/* BIO_printf(bio_err," -3 - use 3 as the generator value\n"); */ /*
* BIO_printf(bio_err," -3 - use 3 as the generator value\n");
*/
BIO_printf(bio_err, " -5 - use 5 as the generator value\n"); BIO_printf(bio_err, " -5 - use 5 as the generator value\n");
# ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n"); BIO_printf(bio_err,
" -engine e - use engine e, possibly a hardware device.\n");
# endif # endif
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); LIST_SEPARATOR_CHAR);
BIO_printf(bio_err,
" - load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n"); BIO_printf(bio_err, " the random number generator\n");
goto end; goto end;
} }
# ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0); setup_engine(bio_err, engine, 0);
# endif # endif
out = BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file());
if (out == NULL) if (out == NULL) {
{
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
if (outfile == NULL) if (outfile == NULL) {
{
BIO_set_fp(out, stdout, BIO_NOCLOSE); BIO_set_fp(out, stdout, BIO_NOCLOSE);
# ifdef OPENSSL_SYS_VMS # ifdef OPENSSL_SYS_VMS
{ {
@@ -179,28 +180,28 @@ bad:
out = BIO_push(tmpbio, out); out = BIO_push(tmpbio, out);
} }
# endif # endif
} } else {
else if (BIO_write_filename(out, outfile) <= 0) {
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile); perror(outfile);
goto end; goto end;
} }
} }
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) {
{ BIO_printf(bio_err,
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); "warning, not much extra random data, consider using the -rand option\n");
} }
if (inrand != NULL) if (inrand != NULL)
BIO_printf(bio_err, "%ld semi-random bytes loaded\n", BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand)); app_RAND_load_files(inrand));
BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g); BIO_printf(bio_err,
"Generating DH parameters, %d bit long safe prime, generator %d\n",
num, g);
BIO_printf(bio_err, "This is going to take a long time\n"); BIO_printf(bio_err, "This is going to take a long time\n");
if(((dh = DH_new()) == NULL) || !DH_generate_parameters_ex(dh, num, g, &cb)) if (((dh = DH_new()) == NULL)
|| !DH_generate_parameters_ex(dh, num, g, &cb))
goto end; goto end;
app_RAND_write_file(NULL, bio_err); app_RAND_write_file(NULL, bio_err);
@@ -211,8 +212,10 @@ bad:
end: end:
if (ret != 0) if (ret != 0)
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
if (out != NULL) BIO_free_all(out); if (out != NULL)
if (dh != NULL) DH_free(dh); BIO_free_all(out);
if (dh != NULL)
DH_free(dh);
apps_shutdown(); apps_shutdown();
OPENSSL_EXIT(ret); OPENSSL_EXIT(ret);
} }
@@ -221,10 +224,14 @@ static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)
{ {
char c = '*'; char c = '*';
if (p == 0) c='.'; if (p == 0)
if (p == 1) c='+'; c = '.';
if (p == 2) c='*'; if (p == 1)
if (p == 3) c='\n'; c = '+';
if (p == 2)
c = '*';
if (p == 3)
c = '\n';
BIO_write(cb->arg, &c, 1); BIO_write(cb->arg, &c, 1);
(void)BIO_flush(cb->arg); (void)BIO_flush(cb->arg);
# ifdef LINT # ifdef LINT

118
apps/gendsa.c
View File

@@ -100,32 +100,30 @@ int MAIN(int argc, char **argv)
argv++; argv++;
argc--; argc--;
for (;;) for (;;) {
{ if (argc <= 0)
if (argc <= 0) break; break;
if (strcmp(*argv,"-out") == 0) if (strcmp(*argv, "-out") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
outfile = *(++argv); outfile = *(++argv);
} } else if (strcmp(*argv, "-passout") == 0) {
else if (strcmp(*argv,"-passout") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
passargout = *(++argv); passargout = *(++argv);
} }
# ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0) else if (strcmp(*argv, "-engine") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
engine = *(++argv); engine = *(++argv);
} }
# endif # endif
else if (strcmp(*argv,"-rand") == 0) else if (strcmp(*argv, "-rand") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
inrand = *(++argv); inrand = *(++argv);
} } else if (strcmp(*argv, "-") == 0)
else if (strcmp(*argv,"-") == 0)
goto bad; goto bad;
# ifndef OPENSSL_NO_DES # ifndef OPENSSL_NO_DES
else if (strcmp(*argv, "-des") == 0) else if (strcmp(*argv, "-des") == 0)
@@ -157,51 +155,57 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv, "-camellia256") == 0) else if (strcmp(*argv, "-camellia256") == 0)
enc = EVP_camellia_256_cbc(); enc = EVP_camellia_256_cbc();
# endif # endif
else if (**argv != '-' && dsaparams == NULL) else if (**argv != '-' && dsaparams == NULL) {
{
dsaparams = *argv; dsaparams = *argv;
} } else
else
goto bad; goto bad;
argv++; argv++;
argc--; argc--;
} }
if (dsaparams == NULL) if (dsaparams == NULL) {
{
bad: bad:
BIO_printf(bio_err, "usage: gendsa [args] dsaparam-file\n"); BIO_printf(bio_err, "usage: gendsa [args] dsaparam-file\n");
BIO_printf(bio_err, " -out file - output the key to 'file'\n"); BIO_printf(bio_err, " -out file - output the key to 'file'\n");
# ifndef OPENSSL_NO_DES # ifndef OPENSSL_NO_DES
BIO_printf(bio_err," -des - encrypt the generated key with DES in cbc mode\n"); BIO_printf(bio_err,
BIO_printf(bio_err," -des3 - encrypt the generated key with DES in ede cbc mode (168 bit key)\n"); " -des - encrypt the generated key with DES in cbc mode\n");
BIO_printf(bio_err,
" -des3 - encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
# endif # endif
# ifndef OPENSSL_NO_IDEA # ifndef OPENSSL_NO_IDEA
BIO_printf(bio_err," -idea - encrypt the generated key with IDEA in cbc mode\n"); BIO_printf(bio_err,
" -idea - encrypt the generated key with IDEA in cbc mode\n");
# endif # endif
# ifndef OPENSSL_NO_SEED # ifndef OPENSSL_NO_SEED
BIO_printf(bio_err, " -seed\n"); BIO_printf(bio_err, " -seed\n");
BIO_printf(bio_err," encrypt PEM output with cbc seed\n"); BIO_printf(bio_err,
" encrypt PEM output with cbc seed\n");
# endif # endif
# ifndef OPENSSL_NO_AES # ifndef OPENSSL_NO_AES
BIO_printf(bio_err, " -aes128, -aes192, -aes256\n"); BIO_printf(bio_err, " -aes128, -aes192, -aes256\n");
BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); BIO_printf(bio_err,
" encrypt PEM output with cbc aes\n");
# endif # endif
# ifndef OPENSSL_NO_CAMELLIA # ifndef OPENSSL_NO_CAMELLIA
BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n"); BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n");
BIO_printf(bio_err," encrypt PEM output with cbc camellia\n"); BIO_printf(bio_err,
" encrypt PEM output with cbc camellia\n");
# endif # endif
# ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n"); BIO_printf(bio_err,
" -engine e - use engine e, possibly a hardware device.\n");
# endif # endif
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); LIST_SEPARATOR_CHAR);
BIO_printf(bio_err,
" - load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n"); BIO_printf(bio_err, " the random number generator\n");
BIO_printf(bio_err, " dsaparam-file\n"); BIO_printf(bio_err, " dsaparam-file\n");
BIO_printf(bio_err," - a DSA parameter file as generated by the dsaparam command\n"); BIO_printf(bio_err,
" - a DSA parameter file as generated by the dsaparam command\n");
goto end; goto end;
} }
# ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0); setup_engine(bio_err, engine, 0);
# endif # endif
@@ -211,16 +215,13 @@ bad:
goto end; goto end;
} }
in = BIO_new(BIO_s_file()); in = BIO_new(BIO_s_file());
if (!(BIO_read_filename(in,dsaparams))) if (!(BIO_read_filename(in, dsaparams))) {
{
perror(dsaparams); perror(dsaparams);
goto end; goto end;
} }
if ((dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL)) == NULL) if ((dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL)) == NULL) {
{
BIO_printf(bio_err, "unable to load DSA parameter file\n"); BIO_printf(bio_err, "unable to load DSA parameter file\n");
goto end; goto end;
} }
@@ -228,10 +229,10 @@ bad:
in = NULL; in = NULL;
out = BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file());
if (out == NULL) goto end; if (out == NULL)
goto end;
if (outfile == NULL) if (outfile == NULL) {
{
BIO_set_fp(out, stdout, BIO_NOCLOSE); BIO_set_fp(out, stdout, BIO_NOCLOSE);
# ifdef OPENSSL_SYS_VMS # ifdef OPENSSL_SYS_VMS
{ {
@@ -239,27 +240,24 @@ bad:
out = BIO_push(tmpbio, out); out = BIO_push(tmpbio, out);
} }
# endif # endif
} } else {
else if (BIO_write_filename(out, outfile) <= 0) {
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile); perror(outfile);
goto end; goto end;
} }
} }
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) {
{ BIO_printf(bio_err,
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); "warning, not much extra random data, consider using the -rand option\n");
} }
if (inrand != NULL) if (inrand != NULL)
BIO_printf(bio_err, "%ld semi-random bytes loaded\n", BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand)); app_RAND_load_files(inrand));
BIO_printf(bio_err,"Generating DSA key, %d bits\n", BIO_printf(bio_err, "Generating DSA key, %d bits\n", BN_num_bits(dsa->p));
BN_num_bits(dsa->p)); if (!DSA_generate_key(dsa))
if (!DSA_generate_key(dsa)) goto end; goto end;
app_RAND_write_file(NULL, bio_err); app_RAND_write_file(NULL, bio_err);
@@ -269,10 +267,14 @@ bad:
end: end:
if (ret != 0) if (ret != 0)
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
if (in != NULL) BIO_free(in); if (in != NULL)
if (out != NULL) BIO_free_all(out); BIO_free(in);
if (dsa != NULL) DSA_free(dsa); if (out != NULL)
if(passout) OPENSSL_free(passout); BIO_free_all(out);
if (dsa != NULL)
DSA_free(dsa);
if (passout)
OPENSSL_free(passout);
apps_shutdown(); apps_shutdown();
OPENSSL_EXIT(ret); OPENSSL_EXIT(ret);
} }

144
apps/genrsa.c
View File

@@ -57,8 +57,10 @@
*/ */
#include <openssl/opensslconf.h> #include <openssl/opensslconf.h>
/* Until the key-gen callbacks are modified to use newer prototypes, we allow /*
* deprecated functions for openssl-internal code */ * Until the key-gen callbacks are modified to use newer prototypes, we allow
* deprecated functions for openssl-internal code
*/
#ifdef OPENSSL_NO_DEPRECATED #ifdef OPENSSL_NO_DEPRECATED
# undef OPENSSL_NO_DEPRECATED # undef OPENSSL_NO_DEPRECATED
#endif #endif
@@ -105,7 +107,8 @@ int MAIN(int argc, char **argv)
BIGNUM *bn = BN_new(); BIGNUM *bn = BN_new();
RSA *rsa = NULL; RSA *rsa = NULL;
if(!bn) goto err; if (!bn)
goto err;
apps_startup(); apps_startup();
BN_GENCB_set(&cb, genrsa_cb, bio_err); BN_GENCB_set(&cb, genrsa_cb, bio_err);
@@ -116,38 +119,36 @@ int MAIN(int argc, char **argv)
if (!load_config(bio_err, NULL)) if (!load_config(bio_err, NULL))
goto err; goto err;
if ((out=BIO_new(BIO_s_file())) == NULL) if ((out = BIO_new(BIO_s_file())) == NULL) {
{
BIO_printf(bio_err, "unable to create BIO for output\n"); BIO_printf(bio_err, "unable to create BIO for output\n");
goto err; goto err;
} }
argv++; argv++;
argc--; argc--;
for (;;) for (;;) {
{ if (argc <= 0)
if (argc <= 0) break; break;
if (strcmp(*argv,"-out") == 0) if (strcmp(*argv, "-out") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
outfile = *(++argv); outfile = *(++argv);
} } else if (strcmp(*argv, "-3") == 0)
else if (strcmp(*argv,"-3") == 0)
f4 = 3; f4 = 3;
else if (strcmp(*argv, "-F4") == 0 || strcmp(*argv, "-f4") == 0) else if (strcmp(*argv, "-F4") == 0 || strcmp(*argv, "-f4") == 0)
f4 = RSA_F4; f4 = RSA_F4;
else if (strcmp(*argv, "-x931") == 0) else if (strcmp(*argv, "-x931") == 0)
use_x931 = 1; use_x931 = 1;
# ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0) else if (strcmp(*argv, "-engine") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
engine = *(++argv); engine = *(++argv);
} }
# endif # endif
else if (strcmp(*argv,"-rand") == 0) else if (strcmp(*argv, "-rand") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
inrand = *(++argv); inrand = *(++argv);
} }
# ifndef OPENSSL_NO_DES # ifndef OPENSSL_NO_DES
@@ -180,46 +181,55 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv, "-camellia256") == 0) else if (strcmp(*argv, "-camellia256") == 0)
enc = EVP_camellia_256_cbc(); enc = EVP_camellia_256_cbc();
# endif # endif
else if (strcmp(*argv,"-passout") == 0) else if (strcmp(*argv, "-passout") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
passargout = *(++argv); passargout = *(++argv);
} } else
else
break; break;
argv++; argv++;
argc--; argc--;
} }
if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0))) if ((argc >= 1) && ((sscanf(*argv, "%d", &num) == 0) || (num < 0))) {
{
bad: bad:
BIO_printf(bio_err, "usage: genrsa [args] [numbits]\n"); BIO_printf(bio_err, "usage: genrsa [args] [numbits]\n");
BIO_printf(bio_err," -des encrypt the generated key with DES in cbc mode\n"); BIO_printf(bio_err,
BIO_printf(bio_err," -des3 encrypt the generated key with DES in ede cbc mode (168 bit key)\n"); " -des encrypt the generated key with DES in cbc mode\n");
BIO_printf(bio_err,
" -des3 encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
# ifndef OPENSSL_NO_IDEA # ifndef OPENSSL_NO_IDEA
BIO_printf(bio_err," -idea encrypt the generated key with IDEA in cbc mode\n"); BIO_printf(bio_err,
" -idea encrypt the generated key with IDEA in cbc mode\n");
# endif # endif
# ifndef OPENSSL_NO_SEED # ifndef OPENSSL_NO_SEED
BIO_printf(bio_err, " -seed\n"); BIO_printf(bio_err, " -seed\n");
BIO_printf(bio_err," encrypt PEM output with cbc seed\n"); BIO_printf(bio_err,
" encrypt PEM output with cbc seed\n");
# endif # endif
# ifndef OPENSSL_NO_AES # ifndef OPENSSL_NO_AES
BIO_printf(bio_err, " -aes128, -aes192, -aes256\n"); BIO_printf(bio_err, " -aes128, -aes192, -aes256\n");
BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); BIO_printf(bio_err,
" encrypt PEM output with cbc aes\n");
# endif # endif
# ifndef OPENSSL_NO_CAMELLIA # ifndef OPENSSL_NO_CAMELLIA
BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n"); BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n");
BIO_printf(bio_err," encrypt PEM output with cbc camellia\n"); BIO_printf(bio_err,
" encrypt PEM output with cbc camellia\n");
# endif # endif
BIO_printf(bio_err, " -out file output the key to 'file\n"); BIO_printf(bio_err, " -out file output the key to 'file\n");
BIO_printf(bio_err," -passout arg output file pass phrase source\n"); BIO_printf(bio_err,
BIO_printf(bio_err," -f4 use F4 (0x10001) for the E value\n"); " -passout arg output file pass phrase source\n");
BIO_printf(bio_err,
" -f4 use F4 (0x10001) for the E value\n");
BIO_printf(bio_err, " -3 use 3 for the E value\n"); BIO_printf(bio_err, " -3 use 3 for the E value\n");
# ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err,
" -engine e use engine e, possibly a hardware device.\n");
# endif # endif
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
BIO_printf(bio_err," load the file (or the files in the directory) into\n"); LIST_SEPARATOR_CHAR);
BIO_printf(bio_err,
" load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n"); BIO_printf(bio_err, " the random number generator\n");
goto err; goto err;
} }
@@ -230,13 +240,11 @@ bad:
BIO_printf(bio_err, "Error getting password\n"); BIO_printf(bio_err, "Error getting password\n");
goto err; goto err;
} }
# ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0); setup_engine(bio_err, engine, 0);
# endif # endif
if (outfile == NULL) if (outfile == NULL) {
{
BIO_set_fp(out, stdout, BIO_NOCLOSE); BIO_set_fp(out, stdout, BIO_NOCLOSE);
# ifdef OPENSSL_SYS_VMS # ifdef OPENSSL_SYS_VMS
{ {
@@ -244,20 +252,17 @@ bad:
out = BIO_push(tmpbio, out); out = BIO_push(tmpbio, out);
} }
# endif # endif
} } else {
else if (BIO_write_filename(out, outfile) <= 0) {
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile); perror(outfile);
goto err; goto err;
} }
} }
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
&& !RAND_status()) && !RAND_status()) {
{ BIO_printf(bio_err,
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); "warning, not much extra random data, consider using the -rand option\n");
} }
if (inrand != NULL) if (inrand != NULL)
BIO_printf(bio_err, "%ld semi-random bytes loaded\n", BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
@@ -270,8 +275,7 @@ bad:
if (!rsa) if (!rsa)
goto err; goto err;
if (use_x931) if (use_x931) {
{
BIGNUM *pubexp; BIGNUM *pubexp;
pubexp = BN_new(); pubexp = BN_new();
if (!BN_set_word(pubexp, f4)) if (!BN_set_word(pubexp, f4))
@@ -279,17 +283,18 @@ bad:
if (!RSA_X931_generate_key_ex(rsa, num, pubexp, &cb)) if (!RSA_X931_generate_key_ex(rsa, num, pubexp, &cb))
goto err; goto err;
BN_free(pubexp); BN_free(pubexp);
} } else if (!BN_set_word(bn, f4)
else if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb)) || !RSA_generate_key_ex(rsa, num, bn, &cb))
goto err; goto err;
app_RAND_write_file(NULL, bio_err); app_RAND_write_file(NULL, bio_err);
/* We need to do the following for when the base number size is < /*
* long, esp windows 3.1 :-(. */ * We need to do the following for when the base number size is < long,
* esp windows 3.1 :-(.
*/
l = 0L; l = 0L;
for (i=0; i<rsa->e->top; i++) for (i = 0; i < rsa->e->top; i++) {
{
# ifndef SIXTY_FOUR_BIT # ifndef SIXTY_FOUR_BIT
l <<= BN_BITS4; l <<= BN_BITS4;
l <<= BN_BITS4; l <<= BN_BITS4;
@@ -302,16 +307,21 @@ bad:
cb_data.password = passout; cb_data.password = passout;
cb_data.prompt_info = outfile; cb_data.prompt_info = outfile;
if (!PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0, if (!PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0,
(pem_password_cb *)password_callback,&cb_data)) (pem_password_cb *)password_callback,
&cb_data))
goto err; goto err;
} }
ret = 0; ret = 0;
err: err:
if (bn) BN_free(bn); if (bn)
if (rsa) RSA_free(rsa); BN_free(bn);
if (out) BIO_free_all(out); if (rsa)
if(passout) OPENSSL_free(passout); RSA_free(rsa);
if (out)
BIO_free_all(out);
if (passout)
OPENSSL_free(passout);
if (ret != 0) if (ret != 0)
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
apps_shutdown(); apps_shutdown();
@@ -322,10 +332,14 @@ static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb)
{ {
char c = '*'; char c = '*';
if (p == 0) c='.'; if (p == 0)
if (p == 1) c='+'; c = '.';
if (p == 2) c='*'; if (p == 1)
if (p == 3) c='\n'; c = '+';
if (p == 2)
c = '*';
if (p == 3)
c = '\n';
BIO_write(cb->arg, &c, 1); BIO_write(cb->arg, &c, 1);
(void)BIO_flush(cb->arg); (void)BIO_flush(cb->arg);
# ifdef LINT # ifdef LINT

33
apps/nseq.c
View File

@@ -1,6 +1,7 @@
/* nseq.c */ /* nseq.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL /*
* project 1999. * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 1999.
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved. * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
@@ -76,22 +77,27 @@ int MAIN(int argc, char **argv)
NETSCAPE_CERT_SEQUENCE *seq = NULL; NETSCAPE_CERT_SEQUENCE *seq = NULL;
int i, ret = 1; int i, ret = 1;
int badarg = 0; int badarg = 0;
if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); if (bio_err == NULL)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
ERR_load_crypto_strings(); ERR_load_crypto_strings();
args = argv + 1; args = argv + 1;
while (!badarg && *args && *args[0] == '-') { while (!badarg && *args && *args[0] == '-') {
if (!strcmp (*args, "-toseq")) toseq = 1; if (!strcmp(*args, "-toseq"))
toseq = 1;
else if (!strcmp(*args, "-in")) { else if (!strcmp(*args, "-in")) {
if (args[1]) { if (args[1]) {
args++; args++;
infile = *args; infile = *args;
} else badarg = 1; } else
badarg = 1;
} else if (!strcmp(*args, "-out")) { } else if (!strcmp(*args, "-out")) {
if (args[1]) { if (args[1]) {
args++; args++;
outfile = *args; outfile = *args;
} else badarg = 1; } else
} else badarg = 1; badarg = 1;
} else
badarg = 1;
args++; args++;
} }
@@ -107,16 +113,15 @@ int MAIN(int argc, char **argv)
if (infile) { if (infile) {
if (!(in = BIO_new_file(infile, "r"))) { if (!(in = BIO_new_file(infile, "r"))) {
BIO_printf (bio_err, BIO_printf(bio_err, "Can't open input file %s\n", infile);
"Can't open input file %s\n", infile);
goto end; goto end;
} }
} else in = BIO_new_fp(stdin, BIO_NOCLOSE); } else
in = BIO_new_fp(stdin, BIO_NOCLOSE);
if (outfile) { if (outfile) {
if (!(out = BIO_new_file(outfile, "w"))) { if (!(out = BIO_new_file(outfile, "w"))) {
BIO_printf (bio_err, BIO_printf(bio_err, "Can't open output file %s\n", outfile);
"Can't open output file %s\n", outfile);
goto end; goto end;
} }
} else { } else {
@@ -134,8 +139,7 @@ int MAIN(int argc, char **argv)
while ((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL))) while ((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL)))
sk_X509_push(seq->certs, x509); sk_X509_push(seq->certs, x509);
if(!sk_X509_num(seq->certs)) if (!sk_X509_num(seq->certs)) {
{
BIO_printf(bio_err, "Error reading certs file %s\n", infile); BIO_printf(bio_err, "Error reading certs file %s\n", infile);
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
@@ -164,4 +168,3 @@ end:
OPENSSL_EXIT(ret); OPENSSL_EXIT(ret);
} }

864
apps/ocsp.c
View File

File diff suppressed because it is too large Load Diff

173
apps/openssl.c
View File

@@ -109,11 +109,11 @@
* *
*/ */
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
#include <stdlib.h> #include <stdlib.h>
#define OPENSSL_C /* tells apps.h to use complete apps_startup() */ #define OPENSSL_C /* tells apps.h to use complete
* apps_startup() */
#include "apps.h" #include "apps.h"
#include <openssl/bio.h> #include <openssl/bio.h>
#include <openssl/crypto.h> #include <openssl/crypto.h>
@@ -125,15 +125,18 @@
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
# include <openssl/engine.h> # include <openssl/engine.h>
#endif #endif
#define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */ #define USE_SOCKETS /* needed for the _O_BINARY defs in the MS
* world */
#include "progs.h" #include "progs.h"
#include "s_apps.h" #include "s_apps.h"
#include <openssl/err.h> #include <openssl/err.h>
/* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the /*
* base prototypes (we cast each variable inside the function to the required * The LHASH callbacks ("hash" & "cmp") have been replaced by functions with
* type of "FUNCTION*"). This removes the necessity for macro-generated wrapper * the base prototypes (we cast each variable inside the function to the
* functions. */ * required type of "FUNCTION*"). This removes the necessity for
* macro-generated wrapper functions.
*/
/* static unsigned long MS_CALLBACK hash(FUNCTION *a); */ /* static unsigned long MS_CALLBACK hash(FUNCTION *a); */
static unsigned long MS_CALLBACK hash(const void *a_void); static unsigned long MS_CALLBACK hash(const void *a_void);
@@ -150,7 +153,6 @@ BIO *bio_err=NULL;
int in_FIPS_mode = 0; int in_FIPS_mode = 0;
#endif #endif
static void lock_dbg_cb(int mode, int type, const char *file, int line) static void lock_dbg_cb(int mode, int type, const char *file, int line)
{ {
static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */ static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
@@ -158,63 +160,53 @@ static void lock_dbg_cb(int mode, int type, const char *file, int line)
int rw; int rw;
rw = mode & (CRYPTO_READ | CRYPTO_WRITE); rw = mode & (CRYPTO_READ | CRYPTO_WRITE);
if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE))) if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE))) {
{
errstr = "invalid mode"; errstr = "invalid mode";
goto err; goto err;
} }
if (type < 0 || type >= CRYPTO_NUM_LOCKS) if (type < 0 || type >= CRYPTO_NUM_LOCKS) {
{
errstr = "type out of bounds"; errstr = "type out of bounds";
goto err; goto err;
} }
if (mode & CRYPTO_LOCK) if (mode & CRYPTO_LOCK) {
{ if (modes[type]) {
if (modes[type])
{
errstr = "already locked"; errstr = "already locked";
/* must not happen in a single-threaded program /*
* (would deadlock) */ * must not happen in a single-threaded program (would deadlock)
*/
goto err; goto err;
} }
modes[type] = rw; modes[type] = rw;
} } else if (mode & CRYPTO_UNLOCK) {
else if (mode & CRYPTO_UNLOCK) if (!modes[type]) {
{
if (!modes[type])
{
errstr = "not locked"; errstr = "not locked";
goto err; goto err;
} }
if (modes[type] != rw) if (modes[type] != rw) {
{
errstr = (rw == CRYPTO_READ) ? errstr = (rw == CRYPTO_READ) ?
"CRYPTO_r_unlock on write lock" : "CRYPTO_r_unlock on write lock" :
"CRYPTO_w_unlock on read lock"; "CRYPTO_w_unlock on read lock";
} }
modes[type] = 0; modes[type] = 0;
} } else {
else
{
errstr = "invalid mode"; errstr = "invalid mode";
goto err; goto err;
} }
err: err:
if (errstr) if (errstr) {
{
/* we cannot use bio_err here */ /* we cannot use bio_err here */
fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n", fprintf(stderr,
"openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
errstr, mode, type, file, line); errstr, mode, type, file, line);
} }
} }
int main(int Argc, char *Argv[]) int main(int Argc, char *Argv[])
{ {
ARGS arg; ARGS arg;
@@ -253,15 +245,13 @@ int main(int Argc, char *Argv[])
if ((bio_err = BIO_new(BIO_s_file())) != NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (getenv("OPENSSL_DEBUG_MEMORY") != NULL) /* if not defined, use compiled-in library defaults */ if (getenv("OPENSSL_DEBUG_MEMORY") != NULL) { /* if not defined, use
{ * compiled-in library
if (!(0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))) * defaults */
{ if (!(0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))) {
CRYPTO_malloc_debug_init(); CRYPTO_malloc_debug_init();
CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
} } else {
else
{
/* OPENSSL_DEBUG_MEMORY=off */ /* OPENSSL_DEBUG_MEMORY=off */
CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0); CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
} }
@@ -288,8 +278,7 @@ int main(int Argc, char *Argv[])
config = NCONF_new(NULL); config = NCONF_new(NULL);
i = NCONF_load(config, p, &errline); i = NCONF_load(config, p, &errline);
if (i == 0) if (i == 0) {
{
NCONF_free(config); NCONF_free(config);
config = NULL; config = NULL;
ERR_clear_error(); ERR_clear_error();
@@ -302,55 +291,58 @@ int main(int Argc, char *Argv[])
f.name = pname; f.name = pname;
fp = (FUNCTION *) lh_retrieve(prog, &f); fp = (FUNCTION *) lh_retrieve(prog, &f);
if (fp != NULL) if (fp != NULL) {
{
Argv[0] = pname; Argv[0] = pname;
ret = fp->func(Argc, Argv); ret = fp->func(Argc, Argv);
goto end; goto end;
} }
/* ok, now check that there are not arguments, if there are, /*
* run with them, shifting the ssleay off the front */ * ok, now check that there are not arguments, if there are, run with
if (Argc != 1) * them, shifting the ssleay off the front
{ */
if (Argc != 1) {
Argc--; Argc--;
Argv++; Argv++;
ret = do_cmd(prog, Argc, Argv); ret = do_cmd(prog, Argc, Argv);
if (ret < 0) ret=0; if (ret < 0)
ret = 0;
goto end; goto end;
} }
/* ok, lets enter the old 'OpenSSL>' mode */ /* ok, lets enter the old 'OpenSSL>' mode */
for (;;) for (;;) {
{
ret = 0; ret = 0;
p = buf; p = buf;
n = sizeof buf; n = sizeof buf;
i = 0; i = 0;
for (;;) for (;;) {
{
p[0] = '\0'; p[0] = '\0';
if (i++) if (i++)
prompt = ">"; prompt = ">";
else prompt="OpenSSL> "; else
prompt = "OpenSSL> ";
fputs(prompt, stdout); fputs(prompt, stdout);
fflush(stdout); fflush(stdout);
if (!fgets(p, n, stdin)) if (!fgets(p, n, stdin))
goto end; goto end;
if (p[0] == '\0') goto end; if (p[0] == '\0')
goto end;
i = strlen(p); i = strlen(p);
if (i <= 1) break; if (i <= 1)
if (p[i-2] != '\\') break; break;
if (p[i - 2] != '\\')
break;
i -= 2; i -= 2;
p += i; p += i;
n -= i; n -= i;
} }
if (!chopup_args(&arg,buf,&argc,&argv)) break; if (!chopup_args(&arg, buf, &argc, &argv))
break;
ret = do_cmd(prog, argc, argv); ret = do_cmd(prog, argc, argv);
if (ret < 0) if (ret < 0) {
{
ret = 0; ret = 0;
goto end; goto end;
} }
@@ -363,19 +355,19 @@ int main(int Argc, char *Argv[])
end: end:
if (to_free) if (to_free)
OPENSSL_free(to_free); OPENSSL_free(to_free);
if (config != NULL) if (config != NULL) {
{
NCONF_free(config); NCONF_free(config);
config = NULL; config = NULL;
} }
if (prog != NULL) lh_free(prog); if (prog != NULL)
if (arg.data != NULL) OPENSSL_free(arg.data); lh_free(prog);
if (arg.data != NULL)
OPENSSL_free(arg.data);
apps_shutdown(); apps_shutdown();
CRYPTO_mem_leaks(bio_err); CRYPTO_mem_leaks(bio_err);
if (bio_err != NULL) if (bio_err != NULL) {
{
BIO_free(bio_err); BIO_free(bio_err);
bio_err = NULL; bio_err = NULL;
} }
@@ -391,16 +383,15 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
FUNCTION f, *fp; FUNCTION f, *fp;
int i, ret = 1, tp, nl; int i, ret = 1, tp, nl;
if ((argc <= 0) || (argv[0] == NULL)) if ((argc <= 0) || (argv[0] == NULL)) {
{ ret=0; goto end; } ret = 0;
goto end;
}
f.name = argv[0]; f.name = argv[0];
fp = (FUNCTION *) lh_retrieve(prog, &f); fp = (FUNCTION *) lh_retrieve(prog, &f);
if (fp != NULL) if (fp != NULL) {
{
ret = fp->func(argc, argv); ret = fp->func(argc, argv);
} } else if ((strncmp(argv[0], "no-", 3)) == 0) {
else if ((strncmp(argv[0],"no-",3)) == 0)
{
BIO *bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE); BIO *bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS #ifdef OPENSSL_SYS_VMS
{ {
@@ -416,19 +407,15 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
BIO_printf(bio_stdout, "%s\n", argv[0] + 3); BIO_printf(bio_stdout, "%s\n", argv[0] + 3);
BIO_free_all(bio_stdout); BIO_free_all(bio_stdout);
goto end; goto end;
} } else if ((strcmp(argv[0], "quit") == 0) ||
else if ((strcmp(argv[0],"quit") == 0) ||
(strcmp(argv[0], "q") == 0) || (strcmp(argv[0], "q") == 0) ||
(strcmp(argv[0], "exit") == 0) || (strcmp(argv[0], "exit") == 0) ||
(strcmp(argv[0],"bye") == 0)) (strcmp(argv[0], "bye") == 0)) {
{
ret = -1; ret = -1;
goto end; goto end;
} } else if ((strcmp(argv[0], LIST_STANDARD_COMMANDS) == 0) ||
else if ((strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0) ||
(strcmp(argv[0], LIST_MESSAGE_DIGEST_COMMANDS) == 0) || (strcmp(argv[0], LIST_MESSAGE_DIGEST_COMMANDS) == 0) ||
(strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0)) (strcmp(argv[0], LIST_CIPHER_COMMANDS) == 0)) {
{
int list_type; int list_type;
BIO *bio_stdout; BIO *bio_stdout;
@@ -452,16 +439,13 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
BIO_free_all(bio_stdout); BIO_free_all(bio_stdout);
ret = 0; ret = 0;
goto end; goto end;
} } else {
else
{
BIO_printf(bio_err, "openssl:Error: '%s' is an invalid command.\n", BIO_printf(bio_err, "openssl:Error: '%s' is an invalid command.\n",
argv[0]); argv[0]);
BIO_printf(bio_err, "\nStandard commands"); BIO_printf(bio_err, "\nStandard commands");
i = 0; i = 0;
tp = 0; tp = 0;
for (fp=functions; fp->name != NULL; fp++) for (fp = functions; fp->name != NULL; fp++) {
{
nl = 0; nl = 0;
#ifdef OPENSSL_NO_CAMELLIA #ifdef OPENSSL_NO_CAMELLIA
if (((i++) % 5) == 0) if (((i++) % 5) == 0)
@@ -472,20 +456,18 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
BIO_printf(bio_err, "\n"); BIO_printf(bio_err, "\n");
nl = 1; nl = 1;
} }
if (fp->type != tp) if (fp->type != tp) {
{
tp = fp->type; tp = fp->type;
if (!nl) BIO_printf(bio_err,"\n"); if (!nl)
if (tp == FUNC_TYPE_MD) BIO_printf(bio_err, "\n");
{ if (tp == FUNC_TYPE_MD) {
i = 1; i = 1;
BIO_printf(bio_err, BIO_printf(bio_err,
"\nMessage Digest commands (see the `dgst' command for more details)\n"); "\nMessage Digest commands (see the `dgst' command for more details)\n");
} } else if (tp == FUNC_TYPE_CIPHER) {
else if (tp == FUNC_TYPE_CIPHER)
{
i = 1; i = 1;
BIO_printf(bio_err,"\nCipher commands (see the `enc' command for more details)\n"); BIO_printf(bio_err,
"\nCipher commands (see the `enc' command for more details)\n");
} }
} }
#ifdef OPENSSL_NO_CAMELLIA #ifdef OPENSSL_NO_CAMELLIA
@@ -518,8 +500,7 @@ static LHASH *prog_init(void)
size_t i; size_t i;
/* Purely so it looks nice when the user hits ? */ /* Purely so it looks nice when the user hits ? */
for(i=0,f=functions ; f->name != NULL ; ++f,++i) for (i = 0, f = functions; f->name != NULL; ++f, ++i) ;
;
qsort(functions, i, sizeof *functions, SortFnByName); qsort(functions, i, sizeof *functions, SortFnByName);
if ((ret = lh_new(hash, cmp)) == NULL) if ((ret = lh_new(hash, cmp)) == NULL)

186
apps/passwd.c
View File

@@ -22,11 +22,9 @@
# include <openssl/md5.h> # include <openssl/md5.h>
# endif # endif
# undef PROG # undef PROG
# define PROG passwd_main # define PROG passwd_main
static unsigned const char cov_2char[64] = { static unsigned const char cov_2char[64] = {
/* from crypto/des/fcrypt.c */ /* from crypto/des/fcrypt.c */
0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
@@ -40,8 +38,9 @@ static unsigned const char cov_2char[64]={
}; };
static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
char *passwd, BIO *out, int quiet, int table, int reverse, char *passwd, BIO *out, int quiet, int table,
size_t pw_maxlen, int usecrypt, int use1, int useapr1); int reverse, size_t pw_maxlen, int usecrypt, int use1,
int useapr1);
/*- /*-
* -crypt - standard Unix password algorithm (default) * -crypt - standard Unix password algorithm (default)
@@ -95,45 +94,32 @@ int MAIN(int argc, char **argv)
badopt = 0, opt_done = 0; badopt = 0, opt_done = 0;
i = 0; i = 0;
while (!badopt && !opt_done && argv[++i] != NULL) while (!badopt && !opt_done && argv[++i] != NULL) {
{
if (strcmp(argv[i], "-crypt") == 0) if (strcmp(argv[i], "-crypt") == 0)
usecrypt = 1; usecrypt = 1;
else if (strcmp(argv[i], "-1") == 0) else if (strcmp(argv[i], "-1") == 0)
use1 = 1; use1 = 1;
else if (strcmp(argv[i], "-apr1") == 0) else if (strcmp(argv[i], "-apr1") == 0)
useapr1 = 1; useapr1 = 1;
else if (strcmp(argv[i], "-salt") == 0) else if (strcmp(argv[i], "-salt") == 0) {
{ if ((argv[i + 1] != NULL) && (salt == NULL)) {
if ((argv[i+1] != NULL) && (salt == NULL))
{
passed_salt = 1; passed_salt = 1;
salt = argv[++i]; salt = argv[++i];
} } else
else
badopt = 1; badopt = 1;
} } else if (strcmp(argv[i], "-in") == 0) {
else if (strcmp(argv[i], "-in") == 0) if ((argv[i + 1] != NULL) && !pw_source_defined) {
{
if ((argv[i+1] != NULL) && !pw_source_defined)
{
pw_source_defined = 1; pw_source_defined = 1;
infile = argv[++i]; infile = argv[++i];
} } else
else
badopt = 1; badopt = 1;
} } else if (strcmp(argv[i], "-stdin") == 0) {
else if (strcmp(argv[i], "-stdin") == 0) if (!pw_source_defined) {
{
if (!pw_source_defined)
{
pw_source_defined = 1; pw_source_defined = 1;
in_stdin = 1; in_stdin = 1;
} } else
else
badopt = 1; badopt = 1;
} } else if (strcmp(argv[i], "-noverify") == 0)
else if (strcmp(argv[i], "-noverify") == 0)
in_noverify = 1; in_noverify = 1;
else if (strcmp(argv[i], "-quiet") == 0) else if (strcmp(argv[i], "-quiet") == 0)
quiet = 1; quiet = 1;
@@ -149,8 +135,7 @@ int MAIN(int argc, char **argv)
pw_source_defined = 1; pw_source_defined = 1;
passwds = &argv[i]; passwds = &argv[i];
opt_done = 1; opt_done = 1;
} } else
else
badopt = 1; badopt = 1;
} }
@@ -161,27 +146,32 @@ int MAIN(int argc, char **argv)
/* reject unsupported algorithms */ /* reject unsupported algorithms */
# ifdef OPENSSL_NO_DES # ifdef OPENSSL_NO_DES
if (usecrypt) badopt = 1; if (usecrypt)
badopt = 1;
# endif # endif
# ifdef NO_MD5CRYPT_1 # ifdef NO_MD5CRYPT_1
if (use1 || useapr1) badopt = 1; if (use1 || useapr1)
badopt = 1;
# endif # endif
if (badopt) if (badopt) {
{
BIO_printf(bio_err, "Usage: passwd [options] [passwords]\n"); BIO_printf(bio_err, "Usage: passwd [options] [passwords]\n");
BIO_printf(bio_err, "where options are\n"); BIO_printf(bio_err, "where options are\n");
# ifndef OPENSSL_NO_DES # ifndef OPENSSL_NO_DES
BIO_printf(bio_err, "-crypt standard Unix password algorithm (default)\n"); BIO_printf(bio_err,
"-crypt standard Unix password algorithm (default)\n");
# endif # endif
# ifndef NO_MD5CRYPT_1 # ifndef NO_MD5CRYPT_1
BIO_printf(bio_err, "-1 MD5-based password algorithm\n"); BIO_printf(bio_err,
BIO_printf(bio_err, "-apr1 MD5-based password algorithm, Apache variant\n"); "-1 MD5-based password algorithm\n");
BIO_printf(bio_err,
"-apr1 MD5-based password algorithm, Apache variant\n");
# endif # endif
BIO_printf(bio_err, "-salt string use provided salt\n"); BIO_printf(bio_err, "-salt string use provided salt\n");
BIO_printf(bio_err, "-in file read passwords from file\n"); BIO_printf(bio_err, "-in file read passwords from file\n");
BIO_printf(bio_err, "-stdin read passwords from stdin\n"); BIO_printf(bio_err, "-stdin read passwords from stdin\n");
BIO_printf(bio_err, "-noverify never verify when reading password from terminal\n"); BIO_printf(bio_err,
"-noverify never verify when reading password from terminal\n");
BIO_printf(bio_err, "-quiet no warnings\n"); BIO_printf(bio_err, "-quiet no warnings\n");
BIO_printf(bio_err, "-table format output as table\n"); BIO_printf(bio_err, "-table format output as table\n");
BIO_printf(bio_err, "-reverse switch table columns\n"); BIO_printf(bio_err, "-reverse switch table columns\n");
@@ -189,19 +179,15 @@ int MAIN(int argc, char **argv)
goto err; goto err;
} }
if ((infile != NULL) || in_stdin) if ((infile != NULL) || in_stdin) {
{
in = BIO_new(BIO_s_file()); in = BIO_new(BIO_s_file());
if (in == NULL) if (in == NULL)
goto err; goto err;
if (infile != NULL) if (infile != NULL) {
{
assert(in_stdin == 0); assert(in_stdin == 0);
if (BIO_read_filename(in, infile) <= 0) if (BIO_read_filename(in, infile) <= 0)
goto err; goto err;
} } else {
else
{
assert(in_stdin); assert(in_stdin);
BIO_set_fp(in, stdin, BIO_NOCLOSE); BIO_set_fp(in, stdin, BIO_NOCLOSE);
} }
@@ -210,61 +196,59 @@ int MAIN(int argc, char **argv)
if (usecrypt) if (usecrypt)
pw_maxlen = 8; pw_maxlen = 8;
else if (use1 || useapr1) else if (use1 || useapr1)
pw_maxlen = 256; /* arbitrary limit, should be enough for most passwords */ pw_maxlen = 256; /* arbitrary limit, should be enough for most
* passwords */
if (passwds == NULL) if (passwds == NULL) {
{
/* no passwords on the command line */ /* no passwords on the command line */
passwd_malloc_size = pw_maxlen + 2; passwd_malloc_size = pw_maxlen + 2;
/* longer than necessary so that we can warn about truncation */ /*
* longer than necessary so that we can warn about truncation
*/
passwd = passwd_malloc = OPENSSL_malloc(passwd_malloc_size); passwd = passwd_malloc = OPENSSL_malloc(passwd_malloc_size);
if (passwd_malloc == NULL) if (passwd_malloc == NULL)
goto err; goto err;
} }
if ((in == NULL) && (passwds == NULL)) if ((in == NULL) && (passwds == NULL)) {
{
/* build a null-terminated list */ /* build a null-terminated list */
static char *passwds_static[2] = { NULL, NULL }; static char *passwds_static[2] = { NULL, NULL };
passwds = passwds_static; passwds = passwds_static;
if (in == NULL) if (in == NULL)
if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", !(passed_salt || in_noverify)) != 0) if (EVP_read_pw_string
(passwd_malloc, passwd_malloc_size, "Password: ",
!(passed_salt || in_noverify)) != 0)
goto err; goto err;
passwds[0] = passwd_malloc; passwds[0] = passwd_malloc;
} }
if (in == NULL) if (in == NULL) {
{
assert(passwds != NULL); assert(passwds != NULL);
assert(*passwds != NULL); assert(*passwds != NULL);
do /* loop over list of passwords */ do { /* loop over list of passwords */
{
passwd = *passwds++; passwd = *passwds++;
if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out, if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1)) quiet, table, reverse, pw_maxlen, usecrypt, use1,
useapr1))
goto err; goto err;
} }
while (*passwds != NULL); while (*passwds != NULL);
} } else
else
/* in != NULL */ /* in != NULL */
{ {
int done; int done;
assert(passwd != NULL); assert(passwd != NULL);
do do {
{
int r = BIO_gets(in, passwd, pw_maxlen + 1); int r = BIO_gets(in, passwd, pw_maxlen + 1);
if (r > 0) if (r > 0) {
{
char *c = (strchr(passwd, '\n')); char *c = (strchr(passwd, '\n'));
if (c != NULL) if (c != NULL)
*c = 0; /* truncate at newline */ *c = 0; /* truncate at newline */
else else {
{
/* ignore rest of line */ /* ignore rest of line */
char trash[BUFSIZ]; char trash[BUFSIZ];
do do
@@ -273,7 +257,8 @@ int MAIN(int argc, char **argv)
} }
if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out, if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1)) quiet, table, reverse, pw_maxlen, usecrypt,
use1, useapr1))
goto err; goto err;
} }
done = (r <= 0); done = (r <= 0);
@@ -296,17 +281,15 @@ err:
OPENSSL_EXIT(ret); OPENSSL_EXIT(ret);
} }
# ifndef NO_MD5CRYPT_1 # ifndef NO_MD5CRYPT_1
/* MD5-based password algorithm (should probably be available as a library /*
* function; then the static buffer would not be acceptable). * MD5-based password algorithm (should probably be available as a library
* For magic string "1", this should be compatible to the MD5-based BSD * function; then the static buffer would not be acceptable). For magic
* password algorithm. * string "1", this should be compatible to the MD5-based BSD password
* For 'magic' string "apr1", this is compatible to the MD5-based Apache * algorithm. For 'magic' string "apr1", this is compatible to the MD5-based
* password algorithm. * Apache password algorithm. (Apparently, the Apache password algorithm is
* (Apparently, the Apache password algorithm is identical except that the * identical except that the 'magic' string was changed -- the laziest
* 'magic' string was changed -- the laziest application of the NIH principle * application of the NIH principle I've ever encountered.)
* I've ever encountered.)
*/ */
static char *md5crypt(const char *passwd, const char *magic, const char *salt) static char *md5crypt(const char *passwd, const char *magic, const char *salt)
{ {
@@ -351,15 +334,13 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
EVP_DigestUpdate(&md, buf, i); EVP_DigestUpdate(&md, buf, i);
n = passwd_len; n = passwd_len;
while (n) while (n) {
{
EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1); EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1);
n >>= 1; n >>= 1;
} }
EVP_DigestFinal_ex(&md, buf, NULL); EVP_DigestFinal_ex(&md, buf, NULL);
for (i = 0; i < 1000; i++) for (i = 0; i < 1000; i++) {
{
EVP_DigestInit_ex(&md2, EVP_md5(), NULL); EVP_DigestInit_ex(&md2, EVP_md5(), NULL);
EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *)passwd : buf, EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *)passwd : buf,
(i & 1) ? passwd_len : sizeof buf); (i & 1) ? passwd_len : sizeof buf);
@@ -381,11 +362,13 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
char *output; char *output;
/* silly output permutation */ /* silly output permutation */
for (dest = 0, source = 0; dest < 14; dest++, source = (source + 6) % 17) for (dest = 0, source = 0; dest < 14;
dest++, source = (source + 6) % 17)
buf_perm[dest] = buf[source]; buf_perm[dest] = buf[source];
buf_perm[14] = buf[5]; buf_perm[14] = buf[5];
buf_perm[15] = buf[11]; buf_perm[15] = buf[11];
#ifndef PEDANTIC /* Unfortunately, this generates a "no effect" warning */ # ifndef PEDANTIC /* Unfortunately, this generates a "no
* effect" warning */
assert(16 == sizeof buf_perm); assert(16 == sizeof buf_perm);
# endif # endif
@@ -394,8 +377,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
*output++ = '$'; *output++ = '$';
for (i = 0; i < 15; i += 3) for (i = 0; i < 15; i += 3) {
{
*output++ = cov_2char[buf_perm[i + 2] & 0x3f]; *output++ = cov_2char[buf_perm[i + 2] & 0x3f];
*output++ = cov_2char[((buf_perm[i + 1] & 0xf) << 2) | *output++ = cov_2char[((buf_perm[i + 1] & 0xf) << 2) |
(buf_perm[i + 2] >> 6)]; (buf_perm[i + 2] >> 6)];
@@ -415,10 +397,10 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
} }
# endif # endif
static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
char *passwd, BIO *out, int quiet, int table, int reverse, char *passwd, BIO *out, int quiet, int table,
size_t pw_maxlen, int usecrypt, int use1, int useapr1) int reverse, size_t pw_maxlen, int usecrypt, int use1,
int useapr1)
{ {
char *hash = NULL; char *hash = NULL;
@@ -426,13 +408,10 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
assert(salt_malloc_p != NULL); assert(salt_malloc_p != NULL);
/* first make sure we have a salt */ /* first make sure we have a salt */
if (!passed_salt) if (!passed_salt) {
{
# ifndef OPENSSL_NO_DES # ifndef OPENSSL_NO_DES
if (usecrypt) if (usecrypt) {
{ if (*salt_malloc_p == NULL) {
if (*salt_malloc_p == NULL)
{
*salt_p = *salt_malloc_p = OPENSSL_malloc(3); *salt_p = *salt_malloc_p = OPENSSL_malloc(3);
if (*salt_malloc_p == NULL) if (*salt_malloc_p == NULL)
goto err; goto err;
@@ -443,19 +422,17 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
(*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */ (*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */
(*salt_p)[2] = 0; (*salt_p)[2] = 0;
# ifdef CHARSET_EBCDIC # ifdef CHARSET_EBCDIC
ascii2ebcdic(*salt_p, *salt_p, 2); /* des_crypt will convert ascii2ebcdic(*salt_p, *salt_p, 2); /* des_crypt will convert back
* back to ASCII */ * to ASCII */
# endif # endif
} }
# endif /* !OPENSSL_NO_DES */ # endif /* !OPENSSL_NO_DES */
# ifndef NO_MD5CRYPT_1 # ifndef NO_MD5CRYPT_1
if (use1 || useapr1) if (use1 || useapr1) {
{
int i; int i;
if (*salt_malloc_p == NULL) if (*salt_malloc_p == NULL) {
{
*salt_p = *salt_malloc_p = OPENSSL_malloc(9); *salt_p = *salt_malloc_p = OPENSSL_malloc(9);
if (*salt_malloc_p == NULL) if (*salt_malloc_p == NULL)
goto err; goto err;
@@ -473,11 +450,14 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
assert(*salt_p != NULL); assert(*salt_p != NULL);
/* truncate password if necessary */ /* truncate password if necessary */
if ((strlen(passwd) > pw_maxlen)) if ((strlen(passwd) > pw_maxlen)) {
{
if (!quiet) if (!quiet)
/* XXX: really we should know how to print a size_t, not cast it */ /*
BIO_printf(bio_err, "Warning: truncating password to %u characters\n", (unsigned)pw_maxlen); * XXX: really we should know how to print a size_t, not cast it
*/
BIO_printf(bio_err,
"Warning: truncating password to %u characters\n",
(unsigned)pw_maxlen);
passwd[pw_maxlen] = 0; passwd[pw_maxlen] = 0;
} }
assert(strlen(passwd) <= pw_maxlen); assert(strlen(passwd) <= pw_maxlen);

393
apps/pkcs12.c
View File

@@ -1,5 +1,6 @@
/* pkcs12.c */ /* pkcs12.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL /*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project. * project.
*/ */
/* ==================================================================== /* ====================================================================
@@ -78,7 +79,6 @@
const EVP_CIPHER *enc; const EVP_CIPHER *enc;
# define NOKEYS 0x1 # define NOKEYS 0x1
# define NOCERTS 0x2 # define NOCERTS 0x2
# define INFO 0x4 # define INFO 0x4
@@ -86,11 +86,15 @@ const EVP_CIPHER *enc;
# define CACERTS 0x10 # define CACERTS 0x10
int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain); int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain);
int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options, char *pempass); int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen,
int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass, int options, char *pempass);
int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
char *pass, int passlen, int options,
char *pempass);
int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass,
int passlen, int options, char *pempass); int passlen, int options, char *pempass);
int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass); int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,
int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name); const char *name);
void hex_prin(BIO *out, unsigned char *buf, int len); void hex_prin(BIO *out, unsigned char *buf, int len);
int alg_print(BIO *x, X509_ALGOR *alg); int alg_print(BIO *x, X509_ALGOR *alg);
int cert_load(BIO *in, STACK_OF(X509) *sk); int cert_load(BIO *in, STACK_OF(X509) *sk);
@@ -142,56 +146,80 @@ int MAIN(int argc, char **argv)
cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
enc = EVP_des_ede3_cbc(); enc = EVP_des_ede3_cbc();
if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); if (bio_err == NULL)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL)) if (!load_config(bio_err, NULL))
goto end; goto end;
args = argv + 1; args = argv + 1;
while (*args) { while (*args) {
if (*args[0] == '-') { if (*args[0] == '-') {
if (!strcmp (*args, "-nokeys")) options |= NOKEYS; if (!strcmp(*args, "-nokeys"))
else if (!strcmp (*args, "-keyex")) keytype = KEY_EX; options |= NOKEYS;
else if (!strcmp (*args, "-keysig")) keytype = KEY_SIG; else if (!strcmp(*args, "-keyex"))
else if (!strcmp (*args, "-nocerts")) options |= NOCERTS; keytype = KEY_EX;
else if (!strcmp (*args, "-clcerts")) options |= CLCERTS; else if (!strcmp(*args, "-keysig"))
else if (!strcmp (*args, "-cacerts")) options |= CACERTS; keytype = KEY_SIG;
else if (!strcmp (*args, "-noout")) options |= (NOKEYS|NOCERTS); else if (!strcmp(*args, "-nocerts"))
else if (!strcmp (*args, "-info")) options |= INFO; options |= NOCERTS;
else if (!strcmp (*args, "-chain")) chain = 1; else if (!strcmp(*args, "-clcerts"))
else if (!strcmp (*args, "-twopass")) twopass = 1; options |= CLCERTS;
else if (!strcmp (*args, "-nomacver")) macver = 0; else if (!strcmp(*args, "-cacerts"))
options |= CACERTS;
else if (!strcmp(*args, "-noout"))
options |= (NOKEYS | NOCERTS);
else if (!strcmp(*args, "-info"))
options |= INFO;
else if (!strcmp(*args, "-chain"))
chain = 1;
else if (!strcmp(*args, "-twopass"))
twopass = 1;
else if (!strcmp(*args, "-nomacver"))
macver = 0;
else if (!strcmp(*args, "-descert")) else if (!strcmp(*args, "-descert"))
cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
else if (!strcmp (*args, "-export")) export_cert = 1; else if (!strcmp(*args, "-export"))
else if (!strcmp (*args, "-des")) enc=EVP_des_cbc(); export_cert = 1;
else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc(); else if (!strcmp(*args, "-des"))
enc = EVP_des_cbc();
else if (!strcmp(*args, "-des3"))
enc = EVP_des_ede3_cbc();
# ifndef OPENSSL_NO_IDEA # ifndef OPENSSL_NO_IDEA
else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc(); else if (!strcmp(*args, "-idea"))
enc = EVP_idea_cbc();
# endif # endif
# ifndef OPENSSL_NO_SEED # ifndef OPENSSL_NO_SEED
else if (!strcmp(*args, "-seed")) enc=EVP_seed_cbc(); else if (!strcmp(*args, "-seed"))
enc = EVP_seed_cbc();
# endif # endif
# ifndef OPENSSL_NO_AES # ifndef OPENSSL_NO_AES
else if (!strcmp(*args,"-aes128")) enc=EVP_aes_128_cbc(); else if (!strcmp(*args, "-aes128"))
else if (!strcmp(*args,"-aes192")) enc=EVP_aes_192_cbc(); enc = EVP_aes_128_cbc();
else if (!strcmp(*args,"-aes256")) enc=EVP_aes_256_cbc(); else if (!strcmp(*args, "-aes192"))
enc = EVP_aes_192_cbc();
else if (!strcmp(*args, "-aes256"))
enc = EVP_aes_256_cbc();
# endif # endif
# ifndef OPENSSL_NO_CAMELLIA # ifndef OPENSSL_NO_CAMELLIA
else if (!strcmp(*args,"-camellia128")) enc=EVP_camellia_128_cbc(); else if (!strcmp(*args, "-camellia128"))
else if (!strcmp(*args,"-camellia192")) enc=EVP_camellia_192_cbc(); enc = EVP_camellia_128_cbc();
else if (!strcmp(*args,"-camellia256")) enc=EVP_camellia_256_cbc(); else if (!strcmp(*args, "-camellia192"))
enc = EVP_camellia_192_cbc();
else if (!strcmp(*args, "-camellia256"))
enc = EVP_camellia_256_cbc();
# endif # endif
else if (!strcmp (*args, "-noiter")) iter = 1; else if (!strcmp(*args, "-noiter"))
iter = 1;
else if (!strcmp(*args, "-maciter")) else if (!strcmp(*args, "-maciter"))
maciter = PKCS12_DEFAULT_ITER; maciter = PKCS12_DEFAULT_ITER;
else if (!strcmp(*args, "-nomaciter")) else if (!strcmp(*args, "-nomaciter"))
maciter = 1; maciter = 1;
else if (!strcmp(*args, "-nomac")) else if (!strcmp(*args, "-nomac"))
maciter = -1; maciter = -1;
else if (!strcmp (*args, "-nodes")) enc=NULL; else if (!strcmp(*args, "-nodes"))
enc = NULL;
else if (!strcmp(*args, "-certpbe")) { else if (!strcmp(*args, "-certpbe")) {
if (args[1]) { if (args[1]) {
args++; args++;
@@ -204,7 +232,8 @@ int MAIN(int argc, char **argv)
"Unknown PBE algorithm %s\n", *args); "Unknown PBE algorithm %s\n", *args);
badarg = 1; badarg = 1;
} }
} else badarg = 1; } else
badarg = 1;
} else if (!strcmp(*args, "-keypbe")) { } else if (!strcmp(*args, "-keypbe")) {
if (args[1]) { if (args[1]) {
args++; args++;
@@ -217,86 +246,104 @@ int MAIN(int argc, char **argv)
"Unknown PBE algorithm %s\n", *args); "Unknown PBE algorithm %s\n", *args);
badarg = 1; badarg = 1;
} }
} else badarg = 1; } else
badarg = 1;
} else if (!strcmp(*args, "-rand")) { } else if (!strcmp(*args, "-rand")) {
if (args[1]) { if (args[1]) {
args++; args++;
inrand = *args; inrand = *args;
} else badarg = 1; } else
badarg = 1;
} else if (!strcmp(*args, "-inkey")) { } else if (!strcmp(*args, "-inkey")) {
if (args[1]) { if (args[1]) {
args++; args++;
keyname = *args; keyname = *args;
} else badarg = 1; } else
badarg = 1;
} else if (!strcmp(*args, "-certfile")) { } else if (!strcmp(*args, "-certfile")) {
if (args[1]) { if (args[1]) {
args++; args++;
certfile = *args; certfile = *args;
} else badarg = 1; } else
badarg = 1;
} else if (!strcmp(*args, "-name")) { } else if (!strcmp(*args, "-name")) {
if (args[1]) { if (args[1]) {
args++; args++;
name = *args; name = *args;
} else badarg = 1; } else
badarg = 1;
} else if (!strcmp(*args, "-LMK")) } else if (!strcmp(*args, "-LMK"))
add_lmk = 1; add_lmk = 1;
else if (!strcmp(*args, "-CSP")) { else if (!strcmp(*args, "-CSP")) {
if (args[1]) { if (args[1]) {
args++; args++;
csp_name = *args; csp_name = *args;
} else badarg = 1; } else
badarg = 1;
} else if (!strcmp(*args, "-caname")) { } else if (!strcmp(*args, "-caname")) {
if (args[1]) { if (args[1]) {
args++; args++;
if (!canames) canames = sk_new_null(); if (!canames)
canames = sk_new_null();
sk_push(canames, *args); sk_push(canames, *args);
} else badarg = 1; } else
badarg = 1;
} else if (!strcmp(*args, "-in")) { } else if (!strcmp(*args, "-in")) {
if (args[1]) { if (args[1]) {
args++; args++;
infile = *args; infile = *args;
} else badarg = 1; } else
badarg = 1;
} else if (!strcmp(*args, "-out")) { } else if (!strcmp(*args, "-out")) {
if (args[1]) { if (args[1]) {
args++; args++;
outfile = *args; outfile = *args;
} else badarg = 1; } else
badarg = 1;
} else if (!strcmp(*args, "-passin")) { } else if (!strcmp(*args, "-passin")) {
if (args[1]) { if (args[1]) {
args++; args++;
passargin = *args; passargin = *args;
} else badarg = 1; } else
badarg = 1;
} else if (!strcmp(*args, "-passout")) { } else if (!strcmp(*args, "-passout")) {
if (args[1]) { if (args[1]) {
args++; args++;
passargout = *args; passargout = *args;
} else badarg = 1; } else
badarg = 1;
} else if (!strcmp(*args, "-password")) { } else if (!strcmp(*args, "-password")) {
if (args[1]) { if (args[1]) {
args++; args++;
passarg = *args; passarg = *args;
noprompt = 1; noprompt = 1;
} else badarg = 1; } else
badarg = 1;
} else if (!strcmp(*args, "-CApath")) { } else if (!strcmp(*args, "-CApath")) {
if (args[1]) { if (args[1]) {
args++; args++;
CApath = *args; CApath = *args;
} else badarg = 1; } else
badarg = 1;
} else if (!strcmp(*args, "-CAfile")) { } else if (!strcmp(*args, "-CAfile")) {
if (args[1]) { if (args[1]) {
args++; args++;
CAfile = *args; CAfile = *args;
} else badarg = 1; } else
badarg = 1;
# ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
} else if (!strcmp(*args, "-engine")) { } else if (!strcmp(*args, "-engine")) {
if (args[1]) { if (args[1]) {
args++; args++;
engine = *args; engine = *args;
} else badarg = 1; } else
badarg = 1;
# endif # endif
} else badarg = 1; } else
badarg = 1;
} else badarg = 1; } else
badarg = 1;
args++; args++;
} }
@@ -310,18 +357,23 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "-CApath arg - PEM format directory of CA's\n"); BIO_printf(bio_err, "-CApath arg - PEM format directory of CA's\n");
BIO_printf(bio_err, "-CAfile arg - PEM format file of CA's\n"); BIO_printf(bio_err, "-CAfile arg - PEM format file of CA's\n");
BIO_printf(bio_err, "-name \"name\" use name as friendly name\n"); BIO_printf(bio_err, "-name \"name\" use name as friendly name\n");
BIO_printf (bio_err, "-caname \"nm\" use nm as CA friendly name (can be used more than once).\n"); BIO_printf(bio_err,
"-caname \"nm\" use nm as CA friendly name (can be used more than once).\n");
BIO_printf(bio_err, "-in infile input filename\n"); BIO_printf(bio_err, "-in infile input filename\n");
BIO_printf(bio_err, "-out outfile output filename\n"); BIO_printf(bio_err, "-out outfile output filename\n");
BIO_printf (bio_err, "-noout don't output anything, just verify.\n"); BIO_printf(bio_err,
"-noout don't output anything, just verify.\n");
BIO_printf(bio_err, "-nomacver don't verify MAC.\n"); BIO_printf(bio_err, "-nomacver don't verify MAC.\n");
BIO_printf(bio_err, "-nocerts don't output certificates.\n"); BIO_printf(bio_err, "-nocerts don't output certificates.\n");
BIO_printf (bio_err, "-clcerts only output client certificates.\n"); BIO_printf(bio_err,
"-clcerts only output client certificates.\n");
BIO_printf(bio_err, "-cacerts only output CA certificates.\n"); BIO_printf(bio_err, "-cacerts only output CA certificates.\n");
BIO_printf(bio_err, "-nokeys don't output private keys.\n"); BIO_printf(bio_err, "-nokeys don't output private keys.\n");
BIO_printf (bio_err, "-info give info about PKCS#12 structure.\n"); BIO_printf(bio_err,
"-info give info about PKCS#12 structure.\n");
BIO_printf(bio_err, "-des encrypt private keys with DES\n"); BIO_printf(bio_err, "-des encrypt private keys with DES\n");
BIO_printf (bio_err, "-des3 encrypt private keys with triple DES (default)\n"); BIO_printf(bio_err,
"-des3 encrypt private keys with triple DES (default)\n");
# ifndef OPENSSL_NO_IDEA # ifndef OPENSSL_NO_IDEA
BIO_printf(bio_err, "-idea encrypt private keys with idea\n"); BIO_printf(bio_err, "-idea encrypt private keys with idea\n");
# endif # endif
@@ -330,42 +382,54 @@ int MAIN(int argc, char **argv)
# endif # endif
# ifndef OPENSSL_NO_AES # ifndef OPENSSL_NO_AES
BIO_printf(bio_err, "-aes128, -aes192, -aes256\n"); BIO_printf(bio_err, "-aes128, -aes192, -aes256\n");
BIO_printf (bio_err, " encrypt PEM output with cbc aes\n"); BIO_printf(bio_err,
" encrypt PEM output with cbc aes\n");
# endif # endif
# ifndef OPENSSL_NO_CAMELLIA # ifndef OPENSSL_NO_CAMELLIA
BIO_printf(bio_err, "-camellia128, -camellia192, -camellia256\n"); BIO_printf(bio_err, "-camellia128, -camellia192, -camellia256\n");
BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n"); BIO_printf(bio_err,
" encrypt PEM output with cbc camellia\n");
# endif # endif
BIO_printf(bio_err, "-nodes don't encrypt private keys\n"); BIO_printf(bio_err, "-nodes don't encrypt private keys\n");
BIO_printf(bio_err, "-noiter don't use encryption iteration\n"); BIO_printf(bio_err, "-noiter don't use encryption iteration\n");
BIO_printf(bio_err, "-maciter use MAC iteration\n"); BIO_printf(bio_err, "-maciter use MAC iteration\n");
BIO_printf (bio_err, "-twopass separate MAC, encryption passwords\n"); BIO_printf(bio_err,
BIO_printf (bio_err, "-descert encrypt PKCS#12 certificates with triple DES (default RC2-40)\n"); "-twopass separate MAC, encryption passwords\n");
BIO_printf (bio_err, "-certpbe alg specify certificate PBE algorithm (default RC2-40)\n"); BIO_printf(bio_err,
BIO_printf (bio_err, "-keypbe alg specify private key PBE algorithm (default 3DES)\n"); "-descert encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
BIO_printf(bio_err,
"-certpbe alg specify certificate PBE algorithm (default RC2-40)\n");
BIO_printf(bio_err,
"-keypbe alg specify private key PBE algorithm (default 3DES)\n");
BIO_printf(bio_err, "-keyex set MS key exchange type\n"); BIO_printf(bio_err, "-keyex set MS key exchange type\n");
BIO_printf(bio_err, "-keysig set MS key signature type\n"); BIO_printf(bio_err, "-keysig set MS key signature type\n");
BIO_printf (bio_err, "-password p set import/export password source\n"); BIO_printf(bio_err,
"-password p set import/export password source\n");
BIO_printf(bio_err, "-passin p input file pass phrase source\n"); BIO_printf(bio_err, "-passin p input file pass phrase source\n");
BIO_printf(bio_err, "-passout p output file pass phrase source\n"); BIO_printf(bio_err, "-passout p output file pass phrase source\n");
# ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err,
"-engine e use engine e, possibly a hardware device.\n");
# endif # endif
BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); LIST_SEPARATOR_CHAR);
BIO_printf(bio_err,
" load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n"); BIO_printf(bio_err, " the random number generator\n");
BIO_printf(bio_err, "-CSP name Microsoft CSP name\n"); BIO_printf(bio_err, "-CSP name Microsoft CSP name\n");
BIO_printf(bio_err, "-LMK Add local machine keyset attribute to private key\n"); BIO_printf(bio_err,
"-LMK Add local machine keyset attribute to private key\n");
goto end; goto end;
} }
# ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0); e = setup_engine(bio_err, engine, 0);
# endif # endif
if (passarg) { if (passarg) {
if(export_cert) passargout = passarg; if (export_cert)
else passargin = passarg; passargout = passarg;
else
passargin = passarg;
} }
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
@@ -374,8 +438,10 @@ int MAIN(int argc, char **argv)
} }
if (!cpass) { if (!cpass) {
if(export_cert) cpass = passout; if (export_cert)
else cpass = passin; cpass = passout;
else
cpass = passin;
} }
if (cpass) { if (cpass) {
@@ -398,15 +464,16 @@ int MAIN(int argc, char **argv)
CRYPTO_push_info("read files"); CRYPTO_push_info("read files");
# endif # endif
if (!infile) in = BIO_new_fp(stdin, BIO_NOCLOSE); if (!infile)
else in = BIO_new_file(infile, "rb"); in = BIO_new_fp(stdin, BIO_NOCLOSE);
else
in = BIO_new_file(infile, "rb");
if (!in) { if (!in) {
BIO_printf(bio_err, "Error opening input file %s\n", BIO_printf(bio_err, "Error opening input file %s\n",
infile ? infile : "<stdin>"); infile ? infile : "<stdin>");
perror(infile); perror(infile);
goto end; goto end;
} }
# ifdef CRYPTO_MDEBUG # ifdef CRYPTO_MDEBUG
CRYPTO_pop_info(); CRYPTO_pop_info();
CRYPTO_push_info("write files"); CRYPTO_push_info("write files");
@@ -420,7 +487,8 @@ int MAIN(int argc, char **argv)
out = BIO_push(tmpbio, out); out = BIO_push(tmpbio, out);
} }
# endif # endif
} else out = BIO_new_file(outfile, "wb"); } else
out = BIO_new_file(outfile, "wb");
if (!out) { if (!out) {
BIO_printf(bio_err, "Error opening output file %s\n", BIO_printf(bio_err, "Error opening output file %s\n",
outfile ? outfile : "<stdout>"); outfile ? outfile : "<stdout>");
@@ -431,8 +499,8 @@ int MAIN(int argc, char **argv)
# ifdef CRYPTO_MDEBUG # ifdef CRYPTO_MDEBUG
CRYPTO_push_info("read MAC password"); CRYPTO_push_info("read MAC password");
# endif # endif
if(EVP_read_pw_string (macpass, sizeof macpass, "Enter MAC Password:", export_cert)) if (EVP_read_pw_string
{ (macpass, sizeof macpass, "Enter MAC Password:", export_cert)) {
BIO_printf(bio_err, "Can't read Password\n"); BIO_printf(bio_err, "Can't read Password\n");
goto end; goto end;
} }
@@ -448,8 +516,7 @@ int MAIN(int argc, char **argv)
unsigned char *catmp = NULL; unsigned char *catmp = NULL;
int i; int i;
if ((options & (NOCERTS|NOKEYS)) == (NOCERTS|NOKEYS)) if ((options & (NOCERTS | NOKEYS)) == (NOCERTS | NOKEYS)) {
{
BIO_printf(bio_err, "Nothing to do!\n"); BIO_printf(bio_err, "Nothing to do!\n");
goto export_end; goto export_end;
} }
@@ -461,35 +528,29 @@ int MAIN(int argc, char **argv)
CRYPTO_push_info("process -export_cert"); CRYPTO_push_info("process -export_cert");
CRYPTO_push_info("reading private key"); CRYPTO_push_info("reading private key");
# endif # endif
if (!(options & NOKEYS)) if (!(options & NOKEYS)) {
{
key = load_key(bio_err, keyname ? keyname : infile, key = load_key(bio_err, keyname ? keyname : infile,
FORMAT_PEM, 1, passin, e, "private key"); FORMAT_PEM, 1, passin, e, "private key");
if (!key) if (!key)
goto export_end; goto export_end;
} }
# ifdef CRYPTO_MDEBUG # ifdef CRYPTO_MDEBUG
CRYPTO_pop_info(); CRYPTO_pop_info();
CRYPTO_push_info("reading certs from input"); CRYPTO_push_info("reading certs from input");
# endif # endif
/* Load in all certs in input file */ /* Load in all certs in input file */
if(!(options & NOCERTS)) if (!(options & NOCERTS)) {
{
certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e, certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e,
"certificates"); "certificates");
if (!certs) if (!certs)
goto export_end; goto export_end;
if (key) if (key) {
{
/* Look for matching private key */ /* Look for matching private key */
for(i = 0; i < sk_X509_num(certs); i++) for (i = 0; i < sk_X509_num(certs); i++) {
{
x = sk_X509_value(certs, i); x = sk_X509_value(certs, i);
if(X509_check_private_key(x, key)) if (X509_check_private_key(x, key)) {
{
ucert = x; ucert = x;
/* Zero keyid and alias */ /* Zero keyid and alias */
X509_keyid_set1(ucert, NULL, 0); X509_keyid_set1(ucert, NULL, 0);
@@ -499,23 +560,21 @@ int MAIN(int argc, char **argv)
break; break;
} }
} }
if (!ucert) if (!ucert) {
{ BIO_printf(bio_err,
BIO_printf(bio_err, "No certificate matches private key\n"); "No certificate matches private key\n");
goto export_end; goto export_end;
} }
} }
} }
# ifdef CRYPTO_MDEBUG # ifdef CRYPTO_MDEBUG
CRYPTO_pop_info(); CRYPTO_pop_info();
CRYPTO_push_info("reading certs from input 2"); CRYPTO_push_info("reading certs from input 2");
# endif # endif
/* Add any more certificates asked for */ /* Add any more certificates asked for */
if(certfile) if (certfile) {
{
STACK_OF(X509) *morecerts = NULL; STACK_OF(X509) *morecerts = NULL;
if (!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM, if (!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM,
NULL, e, NULL, e,
@@ -525,7 +584,6 @@ int MAIN(int argc, char **argv)
sk_X509_push(certs, sk_X509_shift(morecerts)); sk_X509_push(certs, sk_X509_shift(morecerts));
sk_X509_free(morecerts); sk_X509_free(morecerts);
} }
# ifdef CRYPTO_MDEBUG # ifdef CRYPTO_MDEBUG
CRYPTO_pop_info(); CRYPTO_pop_info();
CRYPTO_push_info("reading certs from certfile"); CRYPTO_push_info("reading certs from certfile");
@@ -541,8 +599,7 @@ int MAIN(int argc, char **argv)
int vret; int vret;
STACK_OF(X509) *chain2; STACK_OF(X509) *chain2;
X509_STORE *store = X509_STORE_new(); X509_STORE *store = X509_STORE_new();
if (!store) if (!store) {
{
BIO_printf(bio_err, "Memory allocation error\n"); BIO_printf(bio_err, "Memory allocation error\n");
goto export_end; goto export_end;
} }
@@ -571,15 +628,15 @@ int MAIN(int argc, char **argv)
/* Add any CA names */ /* Add any CA names */
for (i = 0; i < sk_num(canames); i++) for (i = 0; i < sk_num(canames); i++) {
{
catmp = (unsigned char *)sk_value(canames, i); catmp = (unsigned char *)sk_value(canames, i);
X509_alias_set1(sk_X509_value(certs, i), catmp, -1); X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
} }
if (csp_name && key) if (csp_name && key)
EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name, EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
MBSTRING_ASC, (unsigned char *)csp_name, -1); MBSTRING_ASC, (unsigned char *)csp_name,
-1);
if (add_lmk && key) if (add_lmk && key)
EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1); EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1);
@@ -590,12 +647,13 @@ int MAIN(int argc, char **argv)
# endif # endif
if (!noprompt && if (!noprompt &&
EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1)) EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:",
{ 1)) {
BIO_printf(bio_err, "Can't read Password\n"); BIO_printf(bio_err, "Can't read Password\n");
goto export_end; goto export_end;
} }
if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass); if (!twopass)
BUF_strlcpy(macpass, pass, sizeof macpass);
# ifdef CRYPTO_MDEBUG # ifdef CRYPTO_MDEBUG
CRYPTO_pop_info(); CRYPTO_pop_info();
@@ -605,8 +663,7 @@ int MAIN(int argc, char **argv)
p12 = PKCS12_create(cpass, name, key, ucert, certs, p12 = PKCS12_create(cpass, name, key, ucert, certs,
key_pbe, cert_pbe, iter, -1, keytype); key_pbe, cert_pbe, iter, -1, keytype);
if (!p12) if (!p12) {
{
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto export_end; goto export_end;
} }
@@ -630,9 +687,12 @@ int MAIN(int argc, char **argv)
CRYPTO_push_info("process -export_cert: freeing"); CRYPTO_push_info("process -export_cert: freeing");
# endif # endif
if (key) EVP_PKEY_free(key); if (key)
if (certs) sk_X509_pop_free(certs, X509_free); EVP_PKEY_free(key);
if (ucert) X509_free(ucert); if (certs)
sk_X509_pop_free(certs, X509_free);
if (ucert)
X509_free(ucert);
# ifdef CRYPTO_MDEBUG # ifdef CRYPTO_MDEBUG
CRYPTO_pop_info(); CRYPTO_pop_info();
@@ -645,11 +705,12 @@ int MAIN(int argc, char **argv)
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
# ifdef CRYPTO_MDEBUG # ifdef CRYPTO_MDEBUG
CRYPTO_push_info("read import password"); CRYPTO_push_info("read import password");
# endif # endif
if(!noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", 0)) { if (!noprompt
&& EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:",
0)) {
BIO_printf(bio_err, "Can't read Password\n"); BIO_printf(bio_err, "Can't read Password\n");
goto end; goto end;
} }
@@ -657,9 +718,12 @@ int MAIN(int argc, char **argv)
CRYPTO_pop_info(); CRYPTO_pop_info();
# endif # endif
if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass); if (!twopass)
BUF_strlcpy(macpass, pass, sizeof macpass);
if ((options & INFO) && p12->mac) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1); if ((options & INFO) && p12->mac)
BIO_printf(bio_err, "MAC Iteration %ld\n",
p12->mac->iter ? ASN1_INTEGER_get(p12->mac->iter) : 1);
if (macver) { if (macver) {
# ifdef CRYPTO_MDEBUG # ifdef CRYPTO_MDEBUG
CRYPTO_push_info("verify MAC"); CRYPTO_push_info("verify MAC");
@@ -667,7 +731,8 @@ int MAIN(int argc, char **argv)
/* If we enter empty password try no password first */ /* If we enter empty password try no password first */
if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) { if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
/* If mac and crypto pass the same set it to NULL too */ /* If mac and crypto pass the same set it to NULL too */
if(!twopass) cpass = NULL; if (!twopass)
cpass = NULL;
} else if (!PKCS12_verify_mac(p12, mpass, -1)) { } else if (!PKCS12_verify_mac(p12, mpass, -1)) {
BIO_printf(bio_err, "Mac verify error: invalid password?\n"); BIO_printf(bio_err, "Mac verify error: invalid password?\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
@@ -678,7 +743,6 @@ int MAIN(int argc, char **argv)
CRYPTO_pop_info(); CRYPTO_pop_info();
# endif # endif
} }
# ifdef CRYPTO_MDEBUG # ifdef CRYPTO_MDEBUG
CRYPTO_push_info("output keys and certificates"); CRYPTO_push_info("output keys and certificates");
# endif # endif
@@ -692,16 +756,21 @@ int MAIN(int argc, char **argv)
# endif # endif
ret = 0; ret = 0;
end: end:
if (p12) PKCS12_free(p12); if (p12)
if(export_cert || inrand) app_RAND_write_file(NULL, bio_err); PKCS12_free(p12);
if (export_cert || inrand)
app_RAND_write_file(NULL, bio_err);
# ifdef CRYPTO_MDEBUG # ifdef CRYPTO_MDEBUG
CRYPTO_remove_all_info(); CRYPTO_remove_all_info();
# endif # endif
BIO_free(in); BIO_free(in);
BIO_free_all(out); BIO_free_all(out);
if (canames) sk_free(canames); if (canames)
if(passin) OPENSSL_free(passin); sk_free(canames);
if(passout) OPENSSL_free(passout); if (passin)
OPENSSL_free(passin);
if (passout)
OPENSSL_free(passout);
apps_shutdown(); apps_shutdown();
OPENSSL_EXIT(ret); OPENSSL_EXIT(ret);
} }
@@ -715,22 +784,25 @@ int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
int ret = 0; int ret = 0;
PKCS7 *p7; PKCS7 *p7;
if (!( asafes = PKCS12_unpack_authsafes(p12))) return 0; if (!(asafes = PKCS12_unpack_authsafes(p12)))
return 0;
for (i = 0; i < sk_PKCS7_num(asafes); i++) { for (i = 0; i < sk_PKCS7_num(asafes); i++) {
p7 = sk_PKCS7_value(asafes, i); p7 = sk_PKCS7_value(asafes, i);
bagnid = OBJ_obj2nid(p7->type); bagnid = OBJ_obj2nid(p7->type);
if (bagnid == NID_pkcs7_data) { if (bagnid == NID_pkcs7_data) {
bags = PKCS12_unpack_p7data(p7); bags = PKCS12_unpack_p7data(p7);
if (options & INFO) BIO_printf (bio_err, "PKCS7 Data\n"); if (options & INFO)
BIO_printf(bio_err, "PKCS7 Data\n");
} else if (bagnid == NID_pkcs7_encrypted) { } else if (bagnid == NID_pkcs7_encrypted) {
if (options & INFO) { if (options & INFO) {
BIO_printf(bio_err, "PKCS7 Encrypted data: "); BIO_printf(bio_err, "PKCS7 Encrypted data: ");
alg_print(bio_err, alg_print(bio_err, p7->d.encrypted->enc_data->algorithm);
p7->d.encrypted->enc_data->algorithm);
} }
bags = PKCS12_unpack_p7encdata(p7, pass, passlen); bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
} else continue; } else
if (!bags) goto err; continue;
if (!bags)
goto err;
if (!dump_certs_pkeys_bags(out, bags, pass, passlen, if (!dump_certs_pkeys_bags(out, bags, pass, passlen,
options, pempass)) { options, pempass)) {
sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
@@ -755,8 +827,7 @@ int dump_certs_pkeys_bags (BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
if (!dump_certs_pkeys_bag(out, if (!dump_certs_pkeys_bag(out,
sk_PKCS12_SAFEBAG_value(bags, i), sk_PKCS12_SAFEBAG_value(bags, i),
pass, passlen, pass, passlen, options, pempass))
options, pempass))
return 0; return 0;
} }
return 1; return 1;
@@ -769,14 +840,16 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
PKCS8_PRIV_KEY_INFO *p8; PKCS8_PRIV_KEY_INFO *p8;
X509 *x509; X509 *x509;
switch (M_PKCS12_bag_type(bag)) switch (M_PKCS12_bag_type(bag)) {
{
case NID_keyBag: case NID_keyBag:
if (options & INFO) BIO_printf (bio_err, "Key bag\n"); if (options & INFO)
if (options & NOKEYS) return 1; BIO_printf(bio_err, "Key bag\n");
if (options & NOKEYS)
return 1;
print_attribs(out, bag->attrib, "Bag Attributes"); print_attribs(out, bag->attrib, "Bag Attributes");
p8 = bag->value.keybag; p8 = bag->value.keybag;
if (!(pkey = EVP_PKCS82PKEY (p8))) return 0; if (!(pkey = EVP_PKCS82PKEY(p8)))
return 0;
print_attribs(out, p8->attributes, "Key Attributes"); print_attribs(out, p8->attributes, "Key Attributes");
PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass); PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass);
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
@@ -787,7 +860,8 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
BIO_printf(bio_err, "Shrouded Keybag: "); BIO_printf(bio_err, "Shrouded Keybag: ");
alg_print(bio_err, bag->value.shkeybag->algor); alg_print(bio_err, bag->value.shkeybag->algor);
} }
if (options & NOKEYS) return 1; if (options & NOKEYS)
return 1;
print_attribs(out, bag->attrib, "Bag Attributes"); print_attribs(out, bag->attrib, "Bag Attributes");
if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen))) if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
return 0; return 0;
@@ -802,22 +876,28 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
break; break;
case NID_certBag: case NID_certBag:
if (options & INFO) BIO_printf (bio_err, "Certificate bag\n"); if (options & INFO)
if (options & NOCERTS) return 1; BIO_printf(bio_err, "Certificate bag\n");
if (options & NOCERTS)
return 1;
if (PKCS12_get_attr(bag, NID_localKeyID)) { if (PKCS12_get_attr(bag, NID_localKeyID)) {
if (options & CACERTS) return 1; if (options & CACERTS)
} else if (options & CLCERTS) return 1; return 1;
} else if (options & CLCERTS)
return 1;
print_attribs(out, bag->attrib, "Bag Attributes"); print_attribs(out, bag->attrib, "Bag Attributes");
if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate) if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate)
return 1; return 1;
if (!(x509 = PKCS12_certbag2x509(bag))) return 0; if (!(x509 = PKCS12_certbag2x509(bag)))
return 0;
dump_cert_text(out, x509); dump_cert_text(out, x509);
PEM_write_bio_X509(out, x509); PEM_write_bio_X509(out, x509);
X509_free(x509); X509_free(x509);
break; break;
case NID_safeContentsBag: case NID_safeContentsBag:
if (options & INFO) BIO_printf (bio_err, "Safe Contents bag\n"); if (options & INFO)
BIO_printf(bio_err, "Safe Contents bag\n");
print_attribs(out, bag->attrib, "Bag Attributes"); print_attribs(out, bag->attrib, "Bag Attributes");
return dump_certs_pkeys_bags(out, bag->value.safes, pass, return dump_certs_pkeys_bags(out, bag->value.safes, pass,
passlen, options, pempass); passlen, options, pempass);
@@ -842,15 +922,19 @@ int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
STACK_OF(X509) *chn; STACK_OF(X509) *chn;
int i = 0; int i = 0;
/* FIXME: Should really check the return status of X509_STORE_CTX_init /*
* for an error, but how that fits into the return value of this * FIXME: Should really check the return status of X509_STORE_CTX_init
* function is less obvious. */ * for an error, but how that fits into the return value of this function
* is less obvious.
*/
X509_STORE_CTX_init(&store_ctx, store, cert, NULL); X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
if (X509_verify_cert(&store_ctx) <= 0) { if (X509_verify_cert(&store_ctx) <= 0) {
i = X509_STORE_CTX_get_error(&store_ctx); i = X509_STORE_CTX_get_error(&store_ctx);
if (i == 0) if (i == 0)
/* avoid returning 0 if X509_verify_cert() did not /*
* set an appropriate error value in the context */ * avoid returning 0 if X509_verify_cert() did not set an
* appropriate error value in the context
*/
i = -1; i = -1;
chn = NULL; chn = NULL;
goto err; goto err;
@@ -901,13 +985,15 @@ int cert_load(BIO *in, STACK_OF(X509) *sk)
# ifdef CRYPTO_MDEBUG # ifdef CRYPTO_MDEBUG
CRYPTO_pop_info(); CRYPTO_pop_info();
# endif # endif
if(ret) ERR_clear_error(); if (ret)
ERR_clear_error();
return ret; return ret;
} }
/* Generalised attribute print: handle PKCS#8 and bag attributes */ /* Generalised attribute print: handle PKCS#8 and bag attributes */
int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name) int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,
const char *name)
{ {
X509_ATTRIBUTE *attr; X509_ATTRIBUTE *attr;
ASN1_TYPE *av; ASN1_TYPE *av;
@@ -929,7 +1015,8 @@ int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name)
if (attr_nid == NID_undef) { if (attr_nid == NID_undef) {
i2a_ASN1_OBJECT(out, attr->object); i2a_ASN1_OBJECT(out, attr->object);
BIO_printf(out, ": "); BIO_printf(out, ": ");
} else BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid)); } else
BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid));
if (sk_ASN1_TYPE_num(attr->value.set)) { if (sk_ASN1_TYPE_num(attr->value.set)) {
av = sk_ASN1_TYPE_value(attr->value.set, 0); av = sk_ASN1_TYPE_value(attr->value.set, 0);
@@ -957,7 +1044,8 @@ int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name)
BIO_printf(out, "<Unsupported tag %d>\n", av->type); BIO_printf(out, "<Unsupported tag %d>\n", av->type);
break; break;
} }
} else BIO_printf(out, "<No Values>\n"); } else
BIO_printf(out, "<No Values>\n");
} }
return 1; return 1;
} }
@@ -965,7 +1053,8 @@ int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name)
void hex_prin(BIO *out, unsigned char *buf, int len) void hex_prin(BIO *out, unsigned char *buf, int len)
{ {
int i; int i;
for (i = 0; i < len; i++) BIO_printf (out, "%02X ", buf[i]); for (i = 0; i < len; i++)
BIO_printf(out, "%02X ", buf[i]);
} }
#endif #endif

121
apps/pkcs7.c
View File

@@ -111,43 +111,37 @@ int MAIN(int argc, char **argv)
prog = argv[0]; prog = argv[0];
argc--; argc--;
argv++; argv++;
while (argc >= 1) while (argc >= 1) {
{ if (strcmp(*argv, "-inform") == 0) {
if (strcmp(*argv,"-inform") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
informat = str2fmt(*(++argv)); informat = str2fmt(*(++argv));
} } else if (strcmp(*argv, "-outform") == 0) {
else if (strcmp(*argv,"-outform") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
outformat = str2fmt(*(++argv)); outformat = str2fmt(*(++argv));
} } else if (strcmp(*argv, "-in") == 0) {
else if (strcmp(*argv,"-in") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
infile = *(++argv); infile = *(++argv);
} } else if (strcmp(*argv, "-out") == 0) {
else if (strcmp(*argv,"-out") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
outfile = *(++argv); outfile = *(++argv);
} } else if (strcmp(*argv, "-noout") == 0)
else if (strcmp(*argv,"-noout") == 0)
noout = 1; noout = 1;
else if (strcmp(*argv, "-text") == 0) else if (strcmp(*argv, "-text") == 0)
text = 1; text = 1;
else if (strcmp(*argv, "-print_certs") == 0) else if (strcmp(*argv, "-print_certs") == 0)
print_certs = 1; print_certs = 1;
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0) else if (strcmp(*argv, "-engine") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
engine = *(++argv); engine = *(++argv);
} }
#endif #endif
else else {
{
BIO_printf(bio_err, "unknown option %s\n", *argv); BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1; badops = 1;
break; break;
@@ -156,8 +150,7 @@ int MAIN(int argc, char **argv)
argv++; argv++;
} }
if (badops) if (badops) {
{
bad: bad:
BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog); BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
BIO_printf(bio_err, "where options are\n"); BIO_printf(bio_err, "where options are\n");
@@ -165,11 +158,14 @@ bad:
BIO_printf(bio_err, " -outform arg output format - DER or PEM\n"); BIO_printf(bio_err, " -outform arg output format - DER or PEM\n");
BIO_printf(bio_err, " -in arg input file\n"); BIO_printf(bio_err, " -in arg input file\n");
BIO_printf(bio_err, " -out arg output file\n"); BIO_printf(bio_err, " -out arg output file\n");
BIO_printf(bio_err," -print_certs print any certs or crl in the input\n"); BIO_printf(bio_err,
BIO_printf(bio_err," -text print full details of certificates\n"); " -print_certs print any certs or crl in the input\n");
BIO_printf(bio_err,
" -text print full details of certificates\n");
BIO_printf(bio_err, " -noout don't output encoded data\n"); BIO_printf(bio_err, " -noout don't output encoded data\n");
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err,
" -engine e use engine e, possibly a hardware device.\n");
#endif #endif
ret = 1; ret = 1;
goto end; goto end;
@@ -183,19 +179,16 @@ bad:
in = BIO_new(BIO_s_file()); in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL)) if ((in == NULL) || (out == NULL)) {
{
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
if (infile == NULL) if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE); BIO_set_fp(in, stdin, BIO_NOCLOSE);
else else {
{
if (BIO_read_filename(in, infile) <= 0) if (BIO_read_filename(in, infile) <= 0)
if (in == NULL) if (in == NULL) {
{
perror(infile); perror(infile);
goto end; goto end;
} }
@@ -205,20 +198,17 @@ bad:
p7 = d2i_PKCS7_bio(in, NULL); p7 = d2i_PKCS7_bio(in, NULL);
else if (informat == FORMAT_PEM) else if (informat == FORMAT_PEM)
p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
else else {
{
BIO_printf(bio_err, "bad input format specified for pkcs7 object\n"); BIO_printf(bio_err, "bad input format specified for pkcs7 object\n");
goto end; goto end;
} }
if (p7 == NULL) if (p7 == NULL) {
{
BIO_printf(bio_err, "unable to load PKCS7 object\n"); BIO_printf(bio_err, "unable to load PKCS7 object\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
if (outfile == NULL) if (outfile == NULL) {
{
BIO_set_fp(out, stdout, BIO_NOCLOSE); BIO_set_fp(out, stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS #ifdef OPENSSL_SYS_VMS
{ {
@@ -226,24 +216,19 @@ bad:
out = BIO_push(tmpbio, out); out = BIO_push(tmpbio, out);
} }
#endif #endif
} } else {
else if (BIO_write_filename(out, outfile) <= 0) {
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile); perror(outfile);
goto end; goto end;
} }
} }
if (print_certs) if (print_certs) {
{
STACK_OF(X509) *certs = NULL; STACK_OF(X509) *certs = NULL;
STACK_OF(X509_CRL) *crls = NULL; STACK_OF(X509_CRL) *crls = NULL;
i = OBJ_obj2nid(p7->type); i = OBJ_obj2nid(p7->type);
switch (i) switch (i) {
{
case NID_pkcs7_signed: case NID_pkcs7_signed:
certs = p7->d.sign->cert; certs = p7->d.sign->cert;
crls = p7->d.sign->crl; crls = p7->d.sign->crl;
@@ -256,31 +241,31 @@ bad:
break; break;
} }
if (certs != NULL) if (certs != NULL) {
{
X509 *x; X509 *x;
for (i=0; i<sk_X509_num(certs); i++) for (i = 0; i < sk_X509_num(certs); i++) {
{
x = sk_X509_value(certs, i); x = sk_X509_value(certs, i);
if(text) X509_print(out, x); if (text)
else dump_cert_text(out, x); X509_print(out, x);
else
dump_cert_text(out, x);
if(!noout) PEM_write_bio_X509(out,x); if (!noout)
PEM_write_bio_X509(out, x);
BIO_puts(out, "\n"); BIO_puts(out, "\n");
} }
} }
if (crls != NULL) if (crls != NULL) {
{
X509_CRL *crl; X509_CRL *crl;
for (i=0; i<sk_X509_CRL_num(crls); i++) for (i = 0; i < sk_X509_CRL_num(crls); i++) {
{
crl = sk_X509_CRL_value(crls, i); crl = sk_X509_CRL_value(crls, i);
X509_CRL_print(out, crl); X509_CRL_print(out, crl);
if(!noout)PEM_write_bio_X509_CRL(out,crl); if (!noout)
PEM_write_bio_X509_CRL(out, crl);
BIO_puts(out, "\n"); BIO_puts(out, "\n");
} }
} }
@@ -299,8 +284,7 @@ bad:
goto end; goto end;
} }
if (!i) if (!i) {
{
BIO_printf(bio_err, "unable to write pkcs7 object\n"); BIO_printf(bio_err, "unable to write pkcs7 object\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
@@ -308,9 +292,12 @@ bad:
} }
ret = 0; ret = 0;
end: end:
if (p7 != NULL) PKCS7_free(p7); if (p7 != NULL)
if (in != NULL) BIO_free(in); PKCS7_free(p7);
if (out != NULL) BIO_free_all(out); if (in != NULL)
BIO_free(in);
if (out != NULL)
BIO_free_all(out);
apps_shutdown(); apps_shutdown();
OPENSSL_EXIT(ret); OPENSSL_EXIT(ret);
} }

239
apps/pkcs8.c
View File

@@ -1,6 +1,7 @@
/* pkcs8.c */ /* pkcs8.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL /*
* project 1999-2004. * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 1999-2004.
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved. * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
@@ -89,7 +90,8 @@ int MAIN(int argc, char **argv)
char *engine = NULL; char *engine = NULL;
#endif #endif
if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); if (bio_err == NULL)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL)) if (!load_config(bio_err, NULL))
goto end; goto end;
@@ -100,59 +102,40 @@ int MAIN(int argc, char **argv)
ERR_load_crypto_strings(); ERR_load_crypto_strings();
OpenSSL_add_all_algorithms(); OpenSSL_add_all_algorithms();
args = argv + 1; args = argv + 1;
while (!badarg && *args && *args[0] == '-') while (!badarg && *args && *args[0] == '-') {
{ if (!strcmp(*args, "-v2")) {
if (!strcmp(*args,"-v2")) if (args[1]) {
{
if (args[1])
{
args++; args++;
cipher = EVP_get_cipherbyname(*args); cipher = EVP_get_cipherbyname(*args);
if (!cipher) if (!cipher) {
{ BIO_printf(bio_err, "Unknown cipher %s\n", *args);
BIO_printf(bio_err,
"Unknown cipher %s\n", *args);
badarg = 1; badarg = 1;
} }
} } else
else
badarg = 1; badarg = 1;
} } else if (!strcmp(*args, "-v1")) {
else if (!strcmp(*args,"-v1")) if (args[1]) {
{
if (args[1])
{
args++; args++;
pbe_nid = OBJ_txt2nid(*args); pbe_nid = OBJ_txt2nid(*args);
if (pbe_nid == NID_undef) if (pbe_nid == NID_undef) {
{ BIO_printf(bio_err, "Unknown PBE algorithm %s\n", *args);
BIO_printf(bio_err,
"Unknown PBE algorithm %s\n", *args);
badarg = 1; badarg = 1;
} }
} } else
else
badarg = 1; badarg = 1;
} } else if (!strcmp(*args, "-inform")) {
else if (!strcmp(*args,"-inform")) if (args[1]) {
{
if (args[1])
{
args++; args++;
informat = str2fmt(*args); informat = str2fmt(*args);
} } else
else badarg = 1; badarg = 1;
} } else if (!strcmp(*args, "-outform")) {
else if (!strcmp(*args,"-outform")) if (args[1]) {
{
if (args[1])
{
args++; args++;
outformat = str2fmt(*args); outformat = str2fmt(*args);
} } else
else badarg = 1; badarg = 1;
} } else if (!strcmp(*args, "-topk8"))
else if (!strcmp (*args, "-topk8"))
topk8 = 1; topk8 = 1;
else if (!strcmp(*args, "-noiter")) else if (!strcmp(*args, "-noiter"))
iter = 1; iter = 1;
@@ -164,76 +147,76 @@ int MAIN(int argc, char **argv)
p8_broken = PKCS8_NS_DB; p8_broken = PKCS8_NS_DB;
else if (!strcmp(*args, "-embed")) else if (!strcmp(*args, "-embed"))
p8_broken = PKCS8_EMBEDDED_PARAM; p8_broken = PKCS8_EMBEDDED_PARAM;
else if (!strcmp(*args,"-passin")) else if (!strcmp(*args, "-passin")) {
{ if (!args[1])
if (!args[1]) goto bad; goto bad;
passargin = *(++args); passargin = *(++args);
} } else if (!strcmp(*args, "-passout")) {
else if (!strcmp(*args,"-passout")) if (!args[1])
{ goto bad;
if (!args[1]) goto bad;
passargout = *(++args); passargout = *(++args);
} }
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
else if (strcmp(*args,"-engine") == 0) else if (strcmp(*args, "-engine") == 0) {
{ if (!args[1])
if (!args[1]) goto bad; goto bad;
engine = *(++args); engine = *(++args);
} }
#endif #endif
else if (!strcmp (*args, "-in")) else if (!strcmp(*args, "-in")) {
{ if (args[1]) {
if (args[1])
{
args++; args++;
infile = *args; infile = *args;
} } else
else badarg = 1; badarg = 1;
} } else if (!strcmp(*args, "-out")) {
else if (!strcmp (*args, "-out")) if (args[1]) {
{
if (args[1])
{
args++; args++;
outfile = *args; outfile = *args;
} } else
else badarg = 1; badarg = 1;
} } else
else badarg = 1; badarg = 1;
args++; args++;
} }
if (badarg) if (badarg) {
{
bad: bad:
BIO_printf(bio_err, "Usage pkcs8 [options]\n"); BIO_printf(bio_err, "Usage pkcs8 [options]\n");
BIO_printf(bio_err, "where options are\n"); BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, "-in file input file\n"); BIO_printf(bio_err, "-in file input file\n");
BIO_printf(bio_err, "-inform X input format (DER or PEM)\n"); BIO_printf(bio_err, "-inform X input format (DER or PEM)\n");
BIO_printf(bio_err, "-passin arg input file pass phrase source\n"); BIO_printf(bio_err,
"-passin arg input file pass phrase source\n");
BIO_printf(bio_err, "-outform X output format (DER or PEM)\n"); BIO_printf(bio_err, "-outform X output format (DER or PEM)\n");
BIO_printf(bio_err, "-out file output file\n"); BIO_printf(bio_err, "-out file output file\n");
BIO_printf(bio_err, "-passout arg output file pass phrase source\n"); BIO_printf(bio_err,
"-passout arg output file pass phrase source\n");
BIO_printf(bio_err, "-topk8 output PKCS8 file\n"); BIO_printf(bio_err, "-topk8 output PKCS8 file\n");
BIO_printf(bio_err, "-nooct use (nonstandard) no octet format\n"); BIO_printf(bio_err,
BIO_printf(bio_err, "-embed use (nonstandard) embedded DSA parameters format\n"); "-nooct use (nonstandard) no octet format\n");
BIO_printf(bio_err, "-nsdb use (nonstandard) DSA Netscape DB format\n"); BIO_printf(bio_err,
"-embed use (nonstandard) embedded DSA parameters format\n");
BIO_printf(bio_err,
"-nsdb use (nonstandard) DSA Netscape DB format\n");
BIO_printf(bio_err, "-noiter use 1 as iteration count\n"); BIO_printf(bio_err, "-noiter use 1 as iteration count\n");
BIO_printf(bio_err, "-nocrypt use or expect unencrypted private key\n"); BIO_printf(bio_err,
BIO_printf(bio_err, "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n"); "-nocrypt use or expect unencrypted private key\n");
BIO_printf(bio_err, "-v1 obj use PKCS#5 v1.5 and cipher \"alg\"\n"); BIO_printf(bio_err,
"-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n");
BIO_printf(bio_err,
"-v1 obj use PKCS#5 v1.5 and cipher \"alg\"\n");
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err,
" -engine e use engine e, possibly a hardware device.\n");
#endif #endif
return 1; return 1;
} }
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0); e = setup_engine(bio_err, engine, 0);
#endif #endif
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
{
BIO_printf(bio_err, "Error getting passwords\n"); BIO_printf(bio_err, "Error getting passwords\n");
return 1; return 1;
} }
@@ -241,29 +224,20 @@ int MAIN(int argc, char **argv)
if ((pbe_nid == -1) && !cipher) if ((pbe_nid == -1) && !cipher)
pbe_nid = NID_pbeWithMD5AndDES_CBC; pbe_nid = NID_pbeWithMD5AndDES_CBC;
if (infile) if (infile) {
{ if (!(in = BIO_new_file(infile, "rb"))) {
if (!(in = BIO_new_file(infile, "rb"))) BIO_printf(bio_err, "Can't open input file %s\n", infile);
{
BIO_printf(bio_err,
"Can't open input file %s\n", infile);
return (1); return (1);
} }
} } else
else
in = BIO_new_fp(stdin, BIO_NOCLOSE); in = BIO_new_fp(stdin, BIO_NOCLOSE);
if (outfile) if (outfile) {
{ if (!(out = BIO_new_file(outfile, "wb"))) {
if (!(out = BIO_new_file (outfile, "wb"))) BIO_printf(bio_err, "Can't open output file %s\n", outfile);
{
BIO_printf(bio_err,
"Can't open output file %s\n", outfile);
return (1); return (1);
} }
} } else {
else
{
out = BIO_new_fp(stdout, BIO_NOCLOSE); out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS #ifdef OPENSSL_SYS_VMS
{ {
@@ -272,48 +246,39 @@ int MAIN(int argc, char **argv)
} }
#endif #endif
} }
if (topk8) if (topk8) {
{
BIO_free(in); /* Not needed in this section */ BIO_free(in); /* Not needed in this section */
pkey = load_key(bio_err, infile, informat, 1, pkey = load_key(bio_err, infile, informat, 1, passin, e, "key");
passin, e, "key"); if (!pkey) {
if (!pkey)
{
BIO_free_all(out); BIO_free_all(out);
return 1; return 1;
} }
if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) {
{
BIO_printf(bio_err, "Error converting key\n"); BIO_printf(bio_err, "Error converting key\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
BIO_free_all(out); BIO_free_all(out);
return 1; return 1;
} }
if (nocrypt) if (nocrypt) {
{
if (outformat == FORMAT_PEM) if (outformat == FORMAT_PEM)
PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf); PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);
else if (outformat == FORMAT_ASN1) else if (outformat == FORMAT_ASN1)
i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf); i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);
else else {
{
BIO_printf(bio_err, "Bad format specified for key\n"); BIO_printf(bio_err, "Bad format specified for key\n");
PKCS8_PRIV_KEY_INFO_free(p8inf); PKCS8_PRIV_KEY_INFO_free(p8inf);
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
BIO_free_all(out); BIO_free_all(out);
return (1); return (1);
} }
} } else {
else
{
if (passout) if (passout)
p8pass = passout; p8pass = passout;
else else {
{
p8pass = pass; p8pass = pass;
if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1)) if (EVP_read_pw_string
{ (pass, sizeof pass, "Enter Encryption Password:", 1)) {
PKCS8_PRIV_KEY_INFO_free(p8inf); PKCS8_PRIV_KEY_INFO_free(p8inf);
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
BIO_free_all(out); BIO_free_all(out);
@@ -323,8 +288,7 @@ int MAIN(int argc, char **argv)
app_RAND_load_file(NULL, bio_err, 0); app_RAND_load_file(NULL, bio_err, 0);
if (!(p8 = PKCS8_encrypt(pbe_nid, cipher, if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
p8pass, strlen(p8pass), p8pass, strlen(p8pass),
NULL, 0, iter, p8inf))) NULL, 0, iter, p8inf))) {
{
BIO_printf(bio_err, "Error encrypting key\n"); BIO_printf(bio_err, "Error encrypting key\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
PKCS8_PRIV_KEY_INFO_free(p8inf); PKCS8_PRIV_KEY_INFO_free(p8inf);
@@ -337,8 +301,7 @@ int MAIN(int argc, char **argv)
PEM_write_bio_PKCS8(out, p8); PEM_write_bio_PKCS8(out, p8);
else if (outformat == FORMAT_ASN1) else if (outformat == FORMAT_ASN1)
i2d_PKCS8_bio(out, p8); i2d_PKCS8_bio(out, p8);
else else {
{
BIO_printf(bio_err, "Bad format specified for key\n"); BIO_printf(bio_err, "Bad format specified for key\n");
PKCS8_PRIV_KEY_INFO_free(p8inf); PKCS8_PRIV_KEY_INFO_free(p8inf);
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
@@ -358,40 +321,33 @@ int MAIN(int argc, char **argv)
return (0); return (0);
} }
if (nocrypt) if (nocrypt) {
{
if (informat == FORMAT_PEM) if (informat == FORMAT_PEM)
p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in, NULL, NULL, NULL); p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in, NULL, NULL, NULL);
else if (informat == FORMAT_ASN1) else if (informat == FORMAT_ASN1)
p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL); p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);
else else {
{
BIO_printf(bio_err, "Bad format specified for key\n"); BIO_printf(bio_err, "Bad format specified for key\n");
return (1); return (1);
} }
} } else {
else
{
if (informat == FORMAT_PEM) if (informat == FORMAT_PEM)
p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL); p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);
else if (informat == FORMAT_ASN1) else if (informat == FORMAT_ASN1)
p8 = d2i_PKCS8_bio(in, NULL); p8 = d2i_PKCS8_bio(in, NULL);
else else {
{
BIO_printf(bio_err, "Bad format specified for key\n"); BIO_printf(bio_err, "Bad format specified for key\n");
return (1); return (1);
} }
if (!p8) if (!p8) {
{
BIO_printf(bio_err, "Error reading key\n"); BIO_printf(bio_err, "Error reading key\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
return (1); return (1);
} }
if (passin) if (passin)
p8pass = passin; p8pass = passin;
else else {
{
p8pass = pass; p8pass = pass;
EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0); EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0);
} }
@@ -399,25 +355,21 @@ int MAIN(int argc, char **argv)
X509_SIG_free(p8); X509_SIG_free(p8);
} }
if (!p8inf) if (!p8inf) {
{
BIO_printf(bio_err, "Error decrypting key\n"); BIO_printf(bio_err, "Error decrypting key\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
return (1); return (1);
} }
if (!(pkey = EVP_PKCS82PKEY(p8inf))) if (!(pkey = EVP_PKCS82PKEY(p8inf))) {
{
BIO_printf(bio_err, "Error converting key\n"); BIO_printf(bio_err, "Error converting key\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
return (1); return (1);
} }
if (p8inf->broken) if (p8inf->broken) {
{
BIO_printf(bio_err, "Warning: broken key encoding: "); BIO_printf(bio_err, "Warning: broken key encoding: ");
switch (p8inf->broken) switch (p8inf->broken) {
{
case PKCS8_NO_OCTET: case PKCS8_NO_OCTET:
BIO_printf(bio_err, "No Octet String in PrivateKey\n"); BIO_printf(bio_err, "No Octet String in PrivateKey\n");
break; break;
@@ -441,8 +393,7 @@ int MAIN(int argc, char **argv)
PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout); PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
else if (outformat == FORMAT_ASN1) else if (outformat == FORMAT_ASN1)
i2d_PrivateKey_bio(out, pkey); i2d_PrivateKey_bio(out, pkey);
else else {
{
BIO_printf(bio_err, "Bad format specified for key\n"); BIO_printf(bio_err, "Bad format specified for key\n");
return (1); return (1);
} }

13
apps/prime.c
View File

@@ -52,7 +52,6 @@
#include "apps.h" #include "apps.h"
#include <openssl/bn.h> #include <openssl/bn.h>
#undef PROG #undef PROG
#define PROG prime_main #define PROG prime_main
@@ -73,8 +72,7 @@ int MAIN(int argc, char **argv)
--argc; --argc;
++argv; ++argv;
while (argc >= 1 && **argv == '-') while (argc >= 1 && **argv == '-') {
{
if (!strcmp(*argv, "-hex")) if (!strcmp(*argv, "-hex"))
hex = 1; hex = 1;
else if (!strcmp(*argv, "-checks")) else if (!strcmp(*argv, "-checks"))
@@ -82,8 +80,7 @@ int MAIN(int argc, char **argv)
goto bad; goto bad;
else else
checks = atoi(*++argv); checks = atoi(*++argv);
else else {
{
BIO_printf(bio_err, "Unknown option '%s'\n", *argv); BIO_printf(bio_err, "Unknown option '%s'\n", *argv);
goto bad; goto bad;
} }
@@ -91,14 +88,12 @@ int MAIN(int argc, char **argv)
++argv; ++argv;
} }
if (argv[0] == NULL) if (argv[0] == NULL) {
{
BIO_printf(bio_err, "No prime specified\n"); BIO_printf(bio_err, "No prime specified\n");
goto bad; goto bad;
} }
if ((bio_out=BIO_new(BIO_s_file())) != NULL) if ((bio_out = BIO_new(BIO_s_file())) != NULL) {
{
BIO_set_fp(bio_out, stdout, BIO_NOCLOSE); BIO_set_fp(bio_out, stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS #ifdef OPENSSL_SYS_VMS
{ {

55
apps/rand.c
View File

@@ -101,57 +101,44 @@ int MAIN(int argc, char **argv)
badopt = 0; badopt = 0;
i = 0; i = 0;
while (!badopt && argv[++i] != NULL) while (!badopt && argv[++i] != NULL) {
{ if (strcmp(argv[i], "-out") == 0) {
if (strcmp(argv[i], "-out") == 0)
{
if ((argv[i + 1] != NULL) && (outfile == NULL)) if ((argv[i + 1] != NULL) && (outfile == NULL))
outfile = argv[++i]; outfile = argv[++i];
else else
badopt = 1; badopt = 1;
} }
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
else if (strcmp(argv[i], "-engine") == 0) else if (strcmp(argv[i], "-engine") == 0) {
{
if ((argv[i + 1] != NULL) && (engine == NULL)) if ((argv[i + 1] != NULL) && (engine == NULL))
engine = argv[++i]; engine = argv[++i];
else else
badopt = 1; badopt = 1;
} }
#endif #endif
else if (strcmp(argv[i], "-rand") == 0) else if (strcmp(argv[i], "-rand") == 0) {
{
if ((argv[i + 1] != NULL) && (inrand == NULL)) if ((argv[i + 1] != NULL) && (inrand == NULL))
inrand = argv[++i]; inrand = argv[++i];
else else
badopt = 1; badopt = 1;
} } else if (strcmp(argv[i], "-base64") == 0) {
else if (strcmp(argv[i], "-base64") == 0)
{
if (!base64) if (!base64)
base64 = 1; base64 = 1;
else else
badopt = 1; badopt = 1;
} } else if (strcmp(argv[i], "-hex") == 0) {
else if (strcmp(argv[i], "-hex") == 0)
{
if (!hex) if (!hex)
hex = 1; hex = 1;
else else
badopt = 1; badopt = 1;
} } else if (isdigit((unsigned char)argv[i][0])) {
else if (isdigit((unsigned char)argv[i][0])) if (num < 0) {
{
if (num < 0)
{
r = sscanf(argv[i], "%d", &num); r = sscanf(argv[i], "%d", &num);
if (r == 0 || num < 0) if (r == 0 || num < 0)
badopt = 1; badopt = 1;
} } else
else
badopt = 1; badopt = 1;
} } else
else
badopt = 1; badopt = 1;
} }
@@ -161,20 +148,20 @@ int MAIN(int argc, char **argv)
if (num < 0) if (num < 0)
badopt = 1; badopt = 1;
if (badopt) if (badopt) {
{
BIO_printf(bio_err, "Usage: rand [options] num\n"); BIO_printf(bio_err, "Usage: rand [options] num\n");
BIO_printf(bio_err, "where options are\n"); BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, "-out file - write to file\n"); BIO_printf(bio_err, "-out file - write to file\n");
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, "-engine e - use engine e, possibly a hardware device.\n"); BIO_printf(bio_err,
"-engine e - use engine e, possibly a hardware device.\n");
#endif #endif
BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n",
LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, "-base64 - base64 encode output\n"); BIO_printf(bio_err, "-base64 - base64 encode output\n");
BIO_printf(bio_err, "-hex - hex encode output\n"); BIO_printf(bio_err, "-hex - hex encode output\n");
goto err; goto err;
} }
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0); setup_engine(bio_err, engine, 0);
#endif #endif
@@ -189,8 +176,7 @@ int MAIN(int argc, char **argv)
goto err; goto err;
if (outfile != NULL) if (outfile != NULL)
r = BIO_write_filename(out, outfile); r = BIO_write_filename(out, outfile);
else else {
{
r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
#ifdef OPENSSL_SYS_VMS #ifdef OPENSSL_SYS_VMS
{ {
@@ -202,16 +188,14 @@ int MAIN(int argc, char **argv)
if (r <= 0) if (r <= 0)
goto err; goto err;
if (base64) if (base64) {
{
BIO *b64 = BIO_new(BIO_f_base64()); BIO *b64 = BIO_new(BIO_f_base64());
if (b64 == NULL) if (b64 == NULL)
goto err; goto err;
out = BIO_push(b64, out); out = BIO_push(b64, out);
} }
while (num > 0) while (num > 0) {
{
unsigned char buf[4096]; unsigned char buf[4096];
int chunk; int chunk;
@@ -223,8 +207,7 @@ int MAIN(int argc, char **argv)
goto err; goto err;
if (!hex) if (!hex)
BIO_write(out, buf, chunk); BIO_write(out, buf, chunk);
else else {
{
for (i = 0; i < chunk; i++) for (i = 0; i < chunk; i++)
BIO_printf(out, "%02x", buf[i]); BIO_printf(out, "%02x", buf[i]);
} }

1004
apps/req.c
View File

File diff suppressed because it is too large Load Diff

163
apps/rsa.c
View File

@@ -133,42 +133,36 @@ int MAIN(int argc, char **argv)
prog = argv[0]; prog = argv[0];
argc--; argc--;
argv++; argv++;
while (argc >= 1) while (argc >= 1) {
{ if (strcmp(*argv, "-inform") == 0) {
if (strcmp(*argv,"-inform") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
informat = str2fmt(*(++argv)); informat = str2fmt(*(++argv));
} } else if (strcmp(*argv, "-outform") == 0) {
else if (strcmp(*argv,"-outform") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
outformat = str2fmt(*(++argv)); outformat = str2fmt(*(++argv));
} } else if (strcmp(*argv, "-in") == 0) {
else if (strcmp(*argv,"-in") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
infile = *(++argv); infile = *(++argv);
} } else if (strcmp(*argv, "-out") == 0) {
else if (strcmp(*argv,"-out") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
outfile = *(++argv); outfile = *(++argv);
} } else if (strcmp(*argv, "-passin") == 0) {
else if (strcmp(*argv,"-passin") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
passargin = *(++argv); passargin = *(++argv);
} } else if (strcmp(*argv, "-passout") == 0) {
else if (strcmp(*argv,"-passout") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
passargout = *(++argv); passargout = *(++argv);
} }
# ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0) else if (strcmp(*argv, "-engine") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
engine = *(++argv); engine = *(++argv);
} }
# endif # endif
@@ -186,8 +180,7 @@ int MAIN(int argc, char **argv)
modulus = 1; modulus = 1;
else if (strcmp(*argv, "-check") == 0) else if (strcmp(*argv, "-check") == 0)
check = 1; check = 1;
else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL) else if ((enc = EVP_get_cipherbyname(&(argv[0][1]))) == NULL) {
{
BIO_printf(bio_err, "unknown option %s\n", *argv); BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1; badops = 1;
break; break;
@@ -196,42 +189,53 @@ int MAIN(int argc, char **argv)
argv++; argv++;
} }
if (badops) if (badops) {
{
bad: bad:
BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog); BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
BIO_printf(bio_err, "where options are\n"); BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n"); BIO_printf(bio_err,
BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n"); " -inform arg input format - one of DER NET PEM\n");
BIO_printf(bio_err,
" -outform arg output format - one of DER NET PEM\n");
BIO_printf(bio_err, " -in arg input file\n"); BIO_printf(bio_err, " -in arg input file\n");
BIO_printf(bio_err, " -sgckey Use IIS SGC key format\n"); BIO_printf(bio_err, " -sgckey Use IIS SGC key format\n");
BIO_printf(bio_err," -passin arg input file pass phrase source\n"); BIO_printf(bio_err,
" -passin arg input file pass phrase source\n");
BIO_printf(bio_err, " -out arg output file\n"); BIO_printf(bio_err, " -out arg output file\n");
BIO_printf(bio_err," -passout arg output file pass phrase source\n"); BIO_printf(bio_err,
BIO_printf(bio_err," -des encrypt PEM output with cbc des\n"); " -passout arg output file pass phrase source\n");
BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); BIO_printf(bio_err,
" -des encrypt PEM output with cbc des\n");
BIO_printf(bio_err,
" -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
# ifndef OPENSSL_NO_IDEA # ifndef OPENSSL_NO_IDEA
BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n"); BIO_printf(bio_err,
" -idea encrypt PEM output with cbc idea\n");
# endif # endif
# ifndef OPENSSL_NO_SEED # ifndef OPENSSL_NO_SEED
BIO_printf(bio_err," -seed encrypt PEM output with cbc seed\n"); BIO_printf(bio_err,
" -seed encrypt PEM output with cbc seed\n");
# endif # endif
# ifndef OPENSSL_NO_AES # ifndef OPENSSL_NO_AES
BIO_printf(bio_err, " -aes128, -aes192, -aes256\n"); BIO_printf(bio_err, " -aes128, -aes192, -aes256\n");
BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); BIO_printf(bio_err,
" encrypt PEM output with cbc aes\n");
# endif # endif
# ifndef OPENSSL_NO_CAMELLIA # ifndef OPENSSL_NO_CAMELLIA
BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n"); BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n");
BIO_printf(bio_err," encrypt PEM output with cbc camellia\n"); BIO_printf(bio_err,
" encrypt PEM output with cbc camellia\n");
# endif # endif
BIO_printf(bio_err, " -text print the key in text\n"); BIO_printf(bio_err, " -text print the key in text\n");
BIO_printf(bio_err, " -noout don't print key out\n"); BIO_printf(bio_err, " -noout don't print key out\n");
BIO_printf(bio_err, " -modulus print the RSA key modulus\n"); BIO_printf(bio_err, " -modulus print the RSA key modulus\n");
BIO_printf(bio_err, " -check verify key consistency\n"); BIO_printf(bio_err, " -check verify key consistency\n");
BIO_printf(bio_err," -pubin expect a public key in input file\n"); BIO_printf(bio_err,
" -pubin expect a public key in input file\n");
BIO_printf(bio_err, " -pubout output a public key\n"); BIO_printf(bio_err, " -pubout output a public key\n");
# ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err,
" -engine e use engine e, possibly a hardware device.\n");
# endif # endif
goto end; goto end;
} }
@@ -273,14 +277,12 @@ bad:
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
} }
if (rsa == NULL) if (rsa == NULL) {
{
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
if (outfile == NULL) if (outfile == NULL) {
{
BIO_set_fp(out, stdout, BIO_NOCLOSE); BIO_set_fp(out, stdout, BIO_NOCLOSE);
# ifdef OPENSSL_SYS_VMS # ifdef OPENSSL_SYS_VMS
{ {
@@ -288,78 +290,70 @@ bad:
out = BIO_push(tmpbio, out); out = BIO_push(tmpbio, out);
} }
# endif # endif
} } else {
else if (BIO_write_filename(out, outfile) <= 0) {
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile); perror(outfile);
goto end; goto end;
} }
} }
if (text) if (text)
if (!RSA_print(out,rsa,0)) if (!RSA_print(out, rsa, 0)) {
{
perror(outfile); perror(outfile);
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
if (modulus) if (modulus) {
{
BIO_printf(out, "Modulus="); BIO_printf(out, "Modulus=");
BN_print(out, rsa->n); BN_print(out, rsa->n);
BIO_printf(out, "\n"); BIO_printf(out, "\n");
} }
if (check) if (check) {
{
int r = RSA_check_key(rsa); int r = RSA_check_key(rsa);
if (r == 1) if (r == 1)
BIO_printf(out, "RSA key ok\n"); BIO_printf(out, "RSA key ok\n");
else if (r == 0) else if (r == 0) {
{
unsigned long err; unsigned long err;
while ((err = ERR_peek_error()) != 0 && while ((err = ERR_peek_error()) != 0 &&
ERR_GET_LIB(err) == ERR_LIB_RSA && ERR_GET_LIB(err) == ERR_LIB_RSA &&
ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY && ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY &&
ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE) ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE) {
{ BIO_printf(out, "RSA key error: %s\n",
BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(err)); ERR_reason_error_string(err));
ERR_get_error(); /* remove e from error stack */ ERR_get_error(); /* remove e from error stack */
} }
} }
if (r == -1 || ERR_peek_error() != 0) /* should happen only if r == -1 */ if (r == -1 || ERR_peek_error() != 0) { /* should happen only if r ==
{ * -1 */
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
} }
if (noout) if (noout) {
{
ret = 0; ret = 0;
goto end; goto end;
} }
BIO_printf(bio_err, "writing RSA key\n"); BIO_printf(bio_err, "writing RSA key\n");
if (outformat == FORMAT_ASN1) { if (outformat == FORMAT_ASN1) {
if(pubout || pubin) i=i2d_RSA_PUBKEY_bio(out,rsa); if (pubout || pubin)
else i=i2d_RSAPrivateKey_bio(out,rsa); i = i2d_RSA_PUBKEY_bio(out, rsa);
else
i = i2d_RSAPrivateKey_bio(out, rsa);
} }
# ifndef OPENSSL_NO_RC4 # ifndef OPENSSL_NO_RC4
else if (outformat == FORMAT_NETSCAPE) else if (outformat == FORMAT_NETSCAPE) {
{
unsigned char *p, *pp; unsigned char *p, *pp;
int size; int size;
i = 1; i = 1;
size = i2d_RSA_NET(rsa, NULL, NULL, sgckey); size = i2d_RSA_NET(rsa, NULL, NULL, sgckey);
if ((p=(unsigned char *)OPENSSL_malloc(size)) == NULL) if ((p = (unsigned char *)OPENSSL_malloc(size)) == NULL) {
{
BIO_printf(bio_err, "Memory allocation failure\n"); BIO_printf(bio_err, "Memory allocation failure\n");
goto end; goto end;
} }
@@ -372,24 +366,27 @@ bad:
else if (outformat == FORMAT_PEM) { else if (outformat == FORMAT_PEM) {
if (pubout || pubin) if (pubout || pubin)
i = PEM_write_bio_RSA_PUBKEY(out, rsa); i = PEM_write_bio_RSA_PUBKEY(out, rsa);
else i=PEM_write_bio_RSAPrivateKey(out,rsa, else
i = PEM_write_bio_RSAPrivateKey(out, rsa,
enc, NULL, 0, NULL, passout); enc, NULL, 0, NULL, passout);
} else { } else {
BIO_printf(bio_err, "bad output format specified for outfile\n"); BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end; goto end;
} }
if (!i) if (!i) {
{
BIO_printf(bio_err, "unable to write key\n"); BIO_printf(bio_err, "unable to write key\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
} } else
else
ret = 0; ret = 0;
end: end:
if(out != NULL) BIO_free_all(out); if (out != NULL)
if(rsa != NULL) RSA_free(rsa); BIO_free_all(out);
if(passin) OPENSSL_free(passin); if (rsa != NULL)
if(passout) OPENSSL_free(passout); RSA_free(rsa);
if (passin)
OPENSSL_free(passin);
if (passout)
OPENSSL_free(passout);
apps_shutdown(); apps_shutdown();
OPENSSL_EXIT(ret); OPENSSL_EXIT(ret);
} }

83
apps/rsautl.c
View File

@@ -1,6 +1,7 @@
/* rsautl.c */ /* rsautl.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL /*
* project 2000. * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 2000.
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 2000 The OpenSSL Project. All rights reserved. * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
@@ -108,7 +109,8 @@ int MAIN(int argc, char **argv)
argc--; argc--;
argv++; argv++;
if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); if (!bio_err)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL)) if (!load_config(bio_err, NULL))
goto end; goto end;
@@ -116,8 +118,7 @@ int MAIN(int argc, char **argv)
OpenSSL_add_all_algorithms(); OpenSSL_add_all_algorithms();
pad = RSA_PKCS1_PADDING; pad = RSA_PKCS1_PADDING;
while(argc >= 1) while (argc >= 1) {
{
if (!strcmp(*argv, "-in")) { if (!strcmp(*argv, "-in")) {
if (--argc < 1) if (--argc < 1)
badarg = 1; badarg = 1;
@@ -154,24 +155,34 @@ int MAIN(int argc, char **argv)
key_type = KEY_PUBKEY; key_type = KEY_PUBKEY;
} else if (!strcmp(*argv, "-certin")) { } else if (!strcmp(*argv, "-certin")) {
key_type = KEY_CERT; key_type = KEY_CERT;
} } else if (!strcmp(*argv, "-asn1parse"))
else if(!strcmp(*argv, "-asn1parse")) asn1parse = 1; asn1parse = 1;
else if(!strcmp(*argv, "-hexdump")) hexdump = 1; else if (!strcmp(*argv, "-hexdump"))
else if(!strcmp(*argv, "-raw")) pad = RSA_NO_PADDING; hexdump = 1;
else if(!strcmp(*argv, "-oaep")) pad = RSA_PKCS1_OAEP_PADDING; else if (!strcmp(*argv, "-raw"))
else if(!strcmp(*argv, "-ssl")) pad = RSA_SSLV23_PADDING; pad = RSA_NO_PADDING;
else if(!strcmp(*argv, "-pkcs")) pad = RSA_PKCS1_PADDING; else if (!strcmp(*argv, "-oaep"))
else if(!strcmp(*argv, "-x931")) pad = RSA_X931_PADDING; pad = RSA_PKCS1_OAEP_PADDING;
else if (!strcmp(*argv, "-ssl"))
pad = RSA_SSLV23_PADDING;
else if (!strcmp(*argv, "-pkcs"))
pad = RSA_PKCS1_PADDING;
else if (!strcmp(*argv, "-x931"))
pad = RSA_X931_PADDING;
else if (!strcmp(*argv, "-sign")) { else if (!strcmp(*argv, "-sign")) {
rsa_mode = RSA_SIGN; rsa_mode = RSA_SIGN;
need_priv = 1; need_priv = 1;
} else if(!strcmp(*argv, "-verify")) rsa_mode = RSA_VERIFY; } else if (!strcmp(*argv, "-verify"))
else if(!strcmp(*argv, "-rev")) rev = 1; rsa_mode = RSA_VERIFY;
else if(!strcmp(*argv, "-encrypt")) rsa_mode = RSA_ENCRYPT; else if (!strcmp(*argv, "-rev"))
rev = 1;
else if (!strcmp(*argv, "-encrypt"))
rsa_mode = RSA_ENCRYPT;
else if (!strcmp(*argv, "-decrypt")) { else if (!strcmp(*argv, "-decrypt")) {
rsa_mode = RSA_DECRYPT; rsa_mode = RSA_DECRYPT;
need_priv = 1; need_priv = 1;
} else badarg = 1; } else
badarg = 1;
if (badarg) { if (badarg) {
usage(); usage();
goto end; goto end;
@@ -184,7 +195,6 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "A private key is needed for this operation\n"); BIO_printf(bio_err, "A private key is needed for this operation\n");
goto end; goto end;
} }
# ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0); e = setup_engine(bio_err, engine, 0);
# endif # endif
@@ -208,8 +218,7 @@ int MAIN(int argc, char **argv)
break; break;
case KEY_CERT: case KEY_CERT:
x = load_cert(bio_err, keyfile, keyform, x = load_cert(bio_err, keyfile, keyform, NULL, e, "Certificate");
NULL, e, "Certificate");
if (x) { if (x) {
pkey = X509_get_pubkey(x); pkey = X509_get_pubkey(x);
X509_free(x); X509_free(x);
@@ -230,14 +239,14 @@ int MAIN(int argc, char **argv)
goto end; goto end;
} }
if (infile) { if (infile) {
if (!(in = BIO_new_file(infile, "rb"))) { if (!(in = BIO_new_file(infile, "rb"))) {
BIO_printf(bio_err, "Error Reading Input File\n"); BIO_printf(bio_err, "Error Reading Input File\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
} else in = BIO_new_fp(stdin, BIO_NOCLOSE); } else
in = BIO_new_fp(stdin, BIO_NOCLOSE);
if (outfile) { if (outfile) {
if (!(out = BIO_new_file(outfile, "wb"))) { if (!(out = BIO_new_file(outfile, "wb"))) {
@@ -282,7 +291,8 @@ int MAIN(int argc, char **argv)
break; break;
case RSA_SIGN: case RSA_SIGN:
rsa_outlen = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad); rsa_outlen =
RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
break; break;
case RSA_ENCRYPT: case RSA_ENCRYPT:
@@ -290,7 +300,8 @@ int MAIN(int argc, char **argv)
break; break;
case RSA_DECRYPT: case RSA_DECRYPT:
rsa_outlen = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad); rsa_outlen =
RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
break; break;
} }
@@ -305,15 +316,20 @@ int MAIN(int argc, char **argv)
if (!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) { if (!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) {
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
} }
} else if(hexdump) BIO_dump(out, (char *)rsa_out, rsa_outlen); } else if (hexdump)
else BIO_write(out, rsa_out, rsa_outlen); BIO_dump(out, (char *)rsa_out, rsa_outlen);
else
BIO_write(out, rsa_out, rsa_outlen);
end: end:
RSA_free(rsa); RSA_free(rsa);
BIO_free(in); BIO_free(in);
BIO_free_all(out); BIO_free_all(out);
if(rsa_in) OPENSSL_free(rsa_in); if (rsa_in)
if(rsa_out) OPENSSL_free(rsa_out); OPENSSL_free(rsa_in);
if(passin) OPENSSL_free(passin); if (rsa_out)
OPENSSL_free(rsa_out);
if (passin)
OPENSSL_free(passin);
return ret; return ret;
} }
@@ -325,10 +341,12 @@ static void usage()
BIO_printf(bio_err, "-inkey file input key\n"); BIO_printf(bio_err, "-inkey file input key\n");
BIO_printf(bio_err, "-keyform arg private key format - default PEM\n"); BIO_printf(bio_err, "-keyform arg private key format - default PEM\n");
BIO_printf(bio_err, "-pubin input is an RSA public\n"); BIO_printf(bio_err, "-pubin input is an RSA public\n");
BIO_printf(bio_err, "-certin input is a certificate carrying an RSA public key\n"); BIO_printf(bio_err,
"-certin input is a certificate carrying an RSA public key\n");
BIO_printf(bio_err, "-ssl use SSL v2 padding\n"); BIO_printf(bio_err, "-ssl use SSL v2 padding\n");
BIO_printf(bio_err, "-raw use no padding\n"); BIO_printf(bio_err, "-raw use no padding\n");
BIO_printf(bio_err, "-pkcs use PKCS#1 v1.5 padding (default)\n"); BIO_printf(bio_err,
"-pkcs use PKCS#1 v1.5 padding (default)\n");
BIO_printf(bio_err, "-oaep use PKCS#1 OAEP\n"); BIO_printf(bio_err, "-oaep use PKCS#1 OAEP\n");
BIO_printf(bio_err, "-sign sign with private key\n"); BIO_printf(bio_err, "-sign sign with private key\n");
BIO_printf(bio_err, "-verify verify with public key\n"); BIO_printf(bio_err, "-verify verify with public key\n");
@@ -336,7 +354,8 @@ static void usage()
BIO_printf(bio_err, "-decrypt decrypt with private key\n"); BIO_printf(bio_err, "-decrypt decrypt with private key\n");
BIO_printf(bio_err, "-hexdump hex dump output\n"); BIO_printf(bio_err, "-hexdump hex dump output\n");
# ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err,
"-engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err, "-passin arg pass phrase source\n"); BIO_printf(bio_err, "-passin arg pass phrase source\n");
# endif # endif

23
apps/s_apps.h
View File

@@ -123,7 +123,9 @@
#endif #endif
#if defined(OPENSSL_SYS_VMS) && !defined(FD_SET) #if defined(OPENSSL_SYS_VMS) && !defined(FD_SET)
/* VAX C does not defined fd_set and friends, but it's actually quite simple */ /*
* VAX C does not defined fd_set and friends, but it's actually quite simple
*/
/* These definitions are borrowed from SOCKETSHR. /Richard Levitte */ /* These definitions are borrowed from SOCKETSHR. /Richard Levitte */
# define MAX_NOFILE 32 # define MAX_NOFILE 32
# define NBBY 8 /* number of bits in a byte */ # define NBBY 8 /* number of bits in a byte */
@@ -149,7 +151,9 @@ typedef fd_mask fd_set;
#define PORT_STR "4433" #define PORT_STR "4433"
#define PROTOCOL "tcp" #define PROTOCOL "tcp"
int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context); int do_server(int port, int type, int *ret,
int (*cb) (char *hostname, int s, unsigned char *context),
unsigned char *context);
#ifdef HEADER_X509_H #ifdef HEADER_X509_H
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
#endif #endif
@@ -160,18 +164,21 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
int init_client(int *sock, char *server, int port, int type); int init_client(int *sock, char *server, int port, int type);
int should_retry(int i); int should_retry(int i);
int extract_port(char *str, short *port_ptr); int extract_port(char *str, short *port_ptr);
int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p); int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
short *p);
long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
int argi, long argl, long ret); int argi, long argl, long ret);
#ifdef HEADER_SSL_H #ifdef HEADER_SSL_H
void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret); void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret);
void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); void MS_CALLBACK msg_cb(int write_p, int version, int content_type,
const void *buf, size_t len, SSL *ssl, void *arg);
void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type, void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
unsigned char *data, int len, unsigned char *data, int len, void *arg);
void *arg);
#endif #endif
int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len); int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie,
int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len); unsigned int *cookie_len);
int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie,
unsigned int cookie_len);

208
apps/s_cb.c
View File

@@ -141,25 +141,21 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof buf); X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof buf);
BIO_printf(bio_err, "depth=%d %s\n", depth, buf); BIO_printf(bio_err, "depth=%d %s\n", depth, buf);
if (!ok) if (!ok) {
{
BIO_printf(bio_err, "verify error:num=%d:%s\n", err, BIO_printf(bio_err, "verify error:num=%d:%s\n", err,
X509_verify_cert_error_string(err)); X509_verify_cert_error_string(err));
if (verify_depth >= depth) if (verify_depth >= depth) {
{
ok = 1; ok = 1;
verify_error = X509_V_OK; verify_error = X509_V_OK;
} } else {
else
{
ok = 0; ok = 0;
verify_error = X509_V_ERR_CERT_CHAIN_TOO_LONG; verify_error = X509_V_ERR_CERT_CHAIN_TOO_LONG;
} }
} }
switch (ctx->error) switch (ctx->error) {
{
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,sizeof buf); X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf,
sizeof buf);
BIO_printf(bio_err, "issuer= %s\n", buf); BIO_printf(bio_err, "issuer= %s\n", buf);
break; break;
case X509_V_ERR_CERT_NOT_YET_VALID: case X509_V_ERR_CERT_NOT_YET_VALID:
@@ -181,25 +177,24 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
{ {
if (cert_file != NULL) if (cert_file != NULL) {
{
/*- /*-
SSL *ssl; SSL *ssl;
X509 *x509; X509 *x509;
*/ */
if (SSL_CTX_use_certificate_file(ctx, cert_file, if (SSL_CTX_use_certificate_file(ctx, cert_file,
SSL_FILETYPE_PEM) <= 0) SSL_FILETYPE_PEM) <= 0) {
{ BIO_printf(bio_err, "unable to get certificate from '%s'\n",
BIO_printf(bio_err,"unable to get certificate from '%s'\n",cert_file); cert_file);
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
return (0); return (0);
} }
if (key_file == NULL) key_file=cert_file; if (key_file == NULL)
if (SSL_CTX_use_PrivateKey_file(ctx,key_file, key_file = cert_file;
SSL_FILETYPE_PEM) <= 0) if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) <= 0) {
{ BIO_printf(bio_err, "unable to get private key from '%s'\n",
BIO_printf(bio_err,"unable to get private key from '%s'\n",key_file); key_file);
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
return (0); return (0);
} }
@@ -219,15 +214,18 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
SSL_free(ssl); SSL_free(ssl);
*/ */
/* If we are using DSA, we can copy the parameters from /*
* the private key */ * If we are using DSA, we can copy the parameters from the private
* key
*/
/*
/* Now we know that a key and cert have been set against * Now we know that a key and cert have been set against the SSL
* the SSL context */ * context
if (!SSL_CTX_check_private_key(ctx)) */
{ if (!SSL_CTX_check_private_key(ctx)) {
BIO_printf(bio_err,"Private key does not match the certificate public key\n"); BIO_printf(bio_err,
"Private key does not match the certificate public key\n");
return (0); return (0);
} }
} }
@@ -238,25 +236,23 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key)
{ {
if (cert == NULL) if (cert == NULL)
return 1; return 1;
if (SSL_CTX_use_certificate(ctx,cert) <= 0) if (SSL_CTX_use_certificate(ctx, cert) <= 0) {
{
BIO_printf(bio_err, "error setting certificate\n"); BIO_printf(bio_err, "error setting certificate\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
return 0; return 0;
} }
if (SSL_CTX_use_PrivateKey(ctx,key) <= 0) if (SSL_CTX_use_PrivateKey(ctx, key) <= 0) {
{
BIO_printf(bio_err, "error setting private key\n"); BIO_printf(bio_err, "error setting private key\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
return 0; return 0;
} }
/*
/* Now we know that a key and cert have been set against * Now we know that a key and cert have been set against the SSL context
* the SSL context */ */
if (!SSL_CTX_check_private_key(ctx)) if (!SSL_CTX_check_private_key(ctx)) {
{ BIO_printf(bio_err,
BIO_printf(bio_err,"Private key does not match the certificate public key\n"); "Private key does not match the certificate public key\n");
return 0; return 0;
} }
return 1; return 1;
@@ -268,17 +264,15 @@ long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
BIO *out; BIO *out;
out = (BIO *)BIO_get_callback_arg(bio); out = (BIO *)BIO_get_callback_arg(bio);
if (out == NULL) return(ret); if (out == NULL)
return (ret);
if (cmd == (BIO_CB_READ|BIO_CB_RETURN)) if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) {
{
BIO_printf(out, "read from %p [%p] (%d bytes => %ld (0x%lX))\n", BIO_printf(out, "read from %p [%p] (%d bytes => %ld (0x%lX))\n",
(void *)bio, argp, argi, ret, ret); (void *)bio, argp, argi, ret, ret);
BIO_dump(out, argp, (int)ret); BIO_dump(out, argp, (int)ret);
return (ret); return (ret);
} } else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) {
else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN))
{
BIO_printf(out, "write to %p [%p] (%d bytes => %ld (0x%lX))\n", BIO_printf(out, "write to %p [%p] (%d bytes => %ld (0x%lX))\n",
(void *)bio, argp, argi, ret, ret); (void *)bio, argp, argi, ret, ret);
BIO_dump(out, argp, (int)ret); BIO_dump(out, argp, (int)ret);
@@ -293,45 +287,42 @@ void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret)
w = where & ~SSL_ST_MASK; w = where & ~SSL_ST_MASK;
if (w & SSL_ST_CONNECT) str="SSL_connect"; if (w & SSL_ST_CONNECT)
else if (w & SSL_ST_ACCEPT) str="SSL_accept"; str = "SSL_connect";
else str="undefined"; else if (w & SSL_ST_ACCEPT)
str = "SSL_accept";
else
str = "undefined";
if (where & SSL_CB_LOOP) if (where & SSL_CB_LOOP) {
{
BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s)); BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s));
} } else if (where & SSL_CB_ALERT) {
else if (where & SSL_CB_ALERT)
{
str = (where & SSL_CB_READ) ? "read" : "write"; str = (where & SSL_CB_READ) ? "read" : "write";
BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n", BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n",
str, str,
SSL_alert_type_string_long(ret), SSL_alert_type_string_long(ret),
SSL_alert_desc_string_long(ret)); SSL_alert_desc_string_long(ret));
} } else if (where & SSL_CB_EXIT) {
else if (where & SSL_CB_EXIT)
{
if (ret == 0) if (ret == 0)
BIO_printf(bio_err, "%s:failed in %s\n", BIO_printf(bio_err, "%s:failed in %s\n",
str, SSL_state_string_long(s)); str, SSL_state_string_long(s));
else if (ret < 0) else if (ret < 0) {
{
BIO_printf(bio_err, "%s:error in %s\n", BIO_printf(bio_err, "%s:error in %s\n",
str, SSL_state_string_long(s)); str, SSL_state_string_long(s));
} }
} }
} }
void MS_CALLBACK msg_cb(int write_p, int version, int content_type,
void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg) const void *buf, size_t len, SSL *ssl, void *arg)
{ {
BIO *bio = arg; BIO *bio = arg;
const char *str_write_p, *str_version, *str_content_type = "", *str_details1 = "", *str_details2= ""; const char *str_write_p, *str_version, *str_content_type =
"", *str_details1 = "", *str_details2 = "";
str_write_p = write_p ? ">>>" : "<<<"; str_write_p = write_p ? ">>>" : "<<<";
switch (version) switch (version) {
{
case SSL2_VERSION: case SSL2_VERSION:
str_version = "SSL 2.0"; str_version = "SSL 2.0";
break; break;
@@ -351,23 +342,20 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *
break; break;
} }
if (version == SSL2_VERSION) if (version == SSL2_VERSION) {
{
str_details1 = "???"; str_details1 = "???";
if (len > 0) if (len > 0) {
{ switch (((const unsigned char *)buf)[0]) {
switch (((const unsigned char*)buf)[0])
{
case 0: case 0:
str_details1 = ", ERROR:"; str_details1 = ", ERROR:";
str_details2 = " ???"; str_details2 = " ???";
if (len >= 3) if (len >= 3) {
{ unsigned err =
unsigned err = (((const unsigned char*)buf)[1]<<8) + ((const unsigned char*)buf)[2]; (((const unsigned char *)buf)[1] << 8) +
((const unsigned char *)buf)[2];
switch (err) switch (err) {
{
case 0x0001: case 0x0001:
str_details2 = " NO-CIPHER-ERROR"; str_details2 = " NO-CIPHER-ERROR";
break; break;
@@ -414,11 +402,8 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *
if (version == SSL3_VERSION || if (version == SSL3_VERSION ||
version == TLS1_VERSION || version == TLS1_VERSION ||
version == DTLS1_VERSION || version == DTLS1_VERSION || version == DTLS1_BAD_VER) {
version == DTLS1_BAD_VER) switch (content_type) {
{
switch (content_type)
{
case 20: case 20:
str_content_type = "ChangeCipherSpec"; str_content_type = "ChangeCipherSpec";
break; break;
@@ -430,14 +415,11 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *
break; break;
} }
if (content_type == 21) /* Alert */ if (content_type == 21) { /* Alert */
{
str_details1 = ", ???"; str_details1 = ", ???";
if (len == 2) if (len == 2) {
{ switch (((const unsigned char *)buf)[0]) {
switch (((const unsigned char*)buf)[0])
{
case 1: case 1:
str_details1 = ", warning"; str_details1 = ", warning";
break; break;
@@ -447,8 +429,7 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *
} }
str_details2 = " ???"; str_details2 = " ???";
switch (((const unsigned char*)buf)[1]) switch (((const unsigned char *)buf)[1]) {
{
case 0: case 0:
str_details2 = " close_notify"; str_details2 = " close_notify";
break; break;
@@ -540,14 +521,11 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *
} }
} }
if (content_type == 22) /* Handshake */ if (content_type == 22) { /* Handshake */
{
str_details1 = "???"; str_details1 = "???";
if (len > 0) if (len > 0) {
{ switch (((const unsigned char *)buf)[0]) {
switch (((const unsigned char*)buf)[0])
{
case 0: case 0:
str_details1 = ", HelloRequest"; str_details1 = ", HelloRequest";
break; break;
@@ -586,10 +564,11 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *
} }
} }
BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, str_content_type, (unsigned long)len, str_details1, str_details2); BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version,
str_content_type, (unsigned long)len, str_details1,
str_details2);
if (len > 0) if (len > 0) {
{
size_t num, i; size_t num, i;
BIO_printf(bio, " "); BIO_printf(bio, " ");
@@ -598,8 +577,7 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *
if (num > 16) if (num > 16)
num = 16; num = 16;
#endif #endif
for (i = 0; i < num; i++) for (i = 0; i < num; i++) {
{
if (i % 16 == 0 && i > 0) if (i % 16 == 0 && i > 0)
BIO_printf(bio, "\n "); BIO_printf(bio, "\n ");
BIO_printf(bio, " %02x", ((const unsigned char *)buf)[i]); BIO_printf(bio, " %02x", ((const unsigned char *)buf)[i]);
@@ -612,14 +590,12 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *
} }
void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type, void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
unsigned char *data, int len, unsigned char *data, int len, void *arg)
void *arg)
{ {
BIO *bio = arg; BIO *bio = arg;
char *extname; char *extname;
switch(type) switch (type) {
{
case TLSEXT_TYPE_server_name: case TLSEXT_TYPE_server_name:
extname = "server name"; extname = "server name";
break; break;
@@ -667,23 +643,21 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
} }
BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n", BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n",
client_server ? "server": "client", client_server ? "server" : "client", extname, type, len);
extname, type, len);
BIO_dump(bio, (char *)data, len); BIO_dump(bio, (char *)data, len);
(void)BIO_flush(bio); (void)BIO_flush(bio);
} }
int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len) int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie,
unsigned int *cookie_len)
{ {
unsigned char *buffer, result[EVP_MAX_MD_SIZE]; unsigned char *buffer, result[EVP_MAX_MD_SIZE];
unsigned int length, resultlength; unsigned int length, resultlength;
struct sockaddr_in peer; struct sockaddr_in peer;
/* Initialize a random secret */ /* Initialize a random secret */
if (!cookie_initialized) if (!cookie_initialized) {
{ if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH)) {
if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH))
{
BIO_printf(bio_err, "error setting random cookie secret\n"); BIO_printf(bio_err, "error setting random cookie secret\n");
return 0; return 0;
} }
@@ -698,14 +672,14 @@ int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsign
length += sizeof(peer.sin_port); length += sizeof(peer.sin_port);
buffer = OPENSSL_malloc(length); buffer = OPENSSL_malloc(length);
if (buffer == NULL) if (buffer == NULL) {
{
BIO_printf(bio_err, "out of memory\n"); BIO_printf(bio_err, "out of memory\n");
return 0; return 0;
} }
memcpy(buffer, &peer.sin_addr, sizeof(peer.sin_addr)); memcpy(buffer, &peer.sin_addr, sizeof(peer.sin_addr));
memcpy(buffer + sizeof(peer.sin_addr), &peer.sin_port, sizeof(peer.sin_port)); memcpy(buffer + sizeof(peer.sin_addr), &peer.sin_port,
sizeof(peer.sin_port));
/* Calculate HMAC of buffer using the secret */ /* Calculate HMAC of buffer using the secret */
HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
@@ -718,7 +692,8 @@ int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsign
return 1; return 1;
} }
int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len) int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie,
unsigned int cookie_len)
{ {
unsigned char *buffer, result[EVP_MAX_MD_SIZE]; unsigned char *buffer, result[EVP_MAX_MD_SIZE];
unsigned int length, resultlength; unsigned int length, resultlength;
@@ -736,21 +711,22 @@ int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned
length += sizeof(peer.sin_port); length += sizeof(peer.sin_port);
buffer = (unsigned char *)OPENSSL_malloc(length); buffer = (unsigned char *)OPENSSL_malloc(length);
if (buffer == NULL) if (buffer == NULL) {
{
BIO_printf(bio_err, "out of memory\n"); BIO_printf(bio_err, "out of memory\n");
return 0; return 0;
} }
memcpy(buffer, &peer.sin_addr, sizeof(peer.sin_addr)); memcpy(buffer, &peer.sin_addr, sizeof(peer.sin_addr));
memcpy(buffer + sizeof(peer.sin_addr), &peer.sin_port, sizeof(peer.sin_port)); memcpy(buffer + sizeof(peer.sin_addr), &peer.sin_port,
sizeof(peer.sin_port));
/* Calculate HMAC of buffer using the secret */ /* Calculate HMAC of buffer using the secret */
HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
buffer, length, result, &resultlength); buffer, length, result, &resultlength);
OPENSSL_free(buffer); OPENSSL_free(buffer);
if (cookie_len == resultlength && memcmp(result, cookie, resultlength) == 0) if (cookie_len == resultlength
&& memcmp(result, cookie, resultlength) == 0)
return 1; return 1;
return 0; return 0;

806
apps/s_client.c
View File

File diff suppressed because it is too large Load Diff

1272
apps/s_server.c
View File

File diff suppressed because it is too large Load Diff

225
apps/s_socket.c
View File

@@ -1,4 +1,6 @@
/* apps/s_socket.c - socket-related functions used by s_client and s_server */ /*
* apps/s_socket.c - socket-related functions used by s_client and s_server
*/
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved. * All rights reserved.
* *
@@ -68,10 +70,12 @@
# include "../e_os2.h" # include "../e_os2.h"
#endif #endif
/* With IPv6, it looks like Digital has mixed up the proper order of /*
recursive header file inclusion, resulting in the compiler complaining * With IPv6, it looks like Digital has mixed up the proper order of
that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which * recursive header file inclusion, resulting in the compiler complaining
is needed to have fileno() declared correctly... So let's define u_int */ * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is
* needed to have fileno() declared correctly... So let's define u_int
*/
#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT) #if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
# define __U_INT # define __U_INT
typedef unsigned int u_int; typedef unsigned int u_int;
@@ -131,10 +135,8 @@ extern HINSTANCE _hInstance; /* nice global CRT provides */
static LONG FAR PASCAL topHookProc(HWND hwnd, UINT message, WPARAM wParam, static LONG FAR PASCAL topHookProc(HWND hwnd, UINT message, WPARAM wParam,
LPARAM lParam) LPARAM lParam)
{ {
if (hwnd == topWnd) if (hwnd == topWnd) {
{ switch (message) {
switch(message)
{
case WM_DESTROY: case WM_DESTROY:
case WM_CLOSE: case WM_CLOSE:
SetWindowLong(topWnd, GWL_WNDPROC, (LONG) lpTopWndProc); SetWindowLong(topWnd, GWL_WNDPROC, (LONG) lpTopWndProc);
@@ -157,8 +159,7 @@ static BOOL CALLBACK enumproc(HWND hwnd,LPARAM lParam)
# ifdef OPENSSL_SYS_WINDOWS # ifdef OPENSSL_SYS_WINDOWS
static void ssl_sock_cleanup(void) static void ssl_sock_cleanup(void)
{ {
if (wsa_init_done) if (wsa_init_done) {
{
wsa_init_done = 0; wsa_init_done = 0;
# ifndef OPENSSL_SYS_WINCE # ifndef OPENSSL_SYS_WINCE
WSACancelBlockingCall(); WSACancelBlockingCall();
@@ -169,8 +170,7 @@ static void ssl_sock_cleanup(void)
# elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK) # elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
static void sock_cleanup(void) static void sock_cleanup(void)
{ {
if (wsa_init_done) if (wsa_init_done) {
{
wsa_init_done = 0; wsa_init_done = 0;
WSACleanup(); WSACleanup();
} }
@@ -185,8 +185,7 @@ static int ssl_sock_init(void)
if (sock_init()) if (sock_init())
return (0); return (0);
# elif defined(OPENSSL_SYS_WINDOWS) # elif defined(OPENSSL_SYS_WINDOWS)
if (!wsa_init_done) if (!wsa_init_done) {
{
int err; int err;
# ifdef SIGINT # ifdef SIGINT
@@ -194,13 +193,12 @@ static int ssl_sock_init(void)
# endif # endif
wsa_init_done = 1; wsa_init_done = 1;
memset(&wsa_state, 0, sizeof(wsa_state)); memset(&wsa_state, 0, sizeof(wsa_state));
if (WSAStartup(0x0101,&wsa_state)!=0) if (WSAStartup(0x0101, &wsa_state) != 0) {
{
err = WSAGetLastError(); err = WSAGetLastError();
BIO_printf(bio_err,"unable to start WINSOCK, error code=%d\n",err); BIO_printf(bio_err, "unable to start WINSOCK, error code=%d\n",
err);
return (0); return (0);
} }
# ifdef OPENSSL_SYS_WIN16 # ifdef OPENSSL_SYS_WIN16
EnumTaskWindows(GetCurrentTask(), enumproc, 0L); EnumTaskWindows(GetCurrentTask(), enumproc, 0L);
lpTopWndProc = (FARPROC) GetWindowLong(topWnd, GWL_WNDPROC); lpTopWndProc = (FARPROC) GetWindowLong(topWnd, GWL_WNDPROC);
@@ -214,8 +212,7 @@ static int ssl_sock_init(void)
WSADATA wsaData; WSADATA wsaData;
int err; int err;
if (!wsa_init_done) if (!wsa_init_done) {
{
# ifdef SIGINT # ifdef SIGINT
signal(SIGINT, (void (*)(int))sock_cleanup); signal(SIGINT, (void (*)(int))sock_cleanup);
@@ -224,9 +221,9 @@ static int ssl_sock_init(void)
wsa_init_done = 1; wsa_init_done = 1;
wVerReq = MAKEWORD(2, 0); wVerReq = MAKEWORD(2, 0);
err = WSAStartup(wVerReq, &wsaData); err = WSAStartup(wVerReq, &wsaData);
if (err != 0) if (err != 0) {
{ BIO_printf(bio_err, "unable to start WINSOCK2, error code=%d\n",
BIO_printf(bio_err,"unable to start WINSOCK2, error code=%d\n",err); err);
return (0); return (0);
} }
} }
@@ -239,11 +236,11 @@ int init_client(int *sock, char *host, int port, int type)
unsigned char ip[4]; unsigned char ip[4];
short p = 0; short p = 0;
if (!host_ip(host,&(ip[0]))) if (!host_ip(host, &(ip[0]))) {
{
return (0); return (0);
} }
if (p != 0) port=p; if (p != 0)
port = p;
return (init_client_ip(sock, ip, port, type)); return (init_client_ip(sock, ip, port, type));
} }
@@ -253,7 +250,8 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
struct sockaddr_in them; struct sockaddr_in them;
int s, i; int s, i;
if (!ssl_sock_init()) return(0); if (!ssl_sock_init())
return (0);
memset((char *)&them, 0, sizeof(them)); memset((char *)&them, 0, sizeof(them));
them.sin_family = AF_INET; them.sin_family = AF_INET;
@@ -261,8 +259,7 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
addr = (unsigned long) addr = (unsigned long)
((unsigned long)ip[0] << 24L) | ((unsigned long)ip[0] << 24L) |
((unsigned long)ip[1] << 16L) | ((unsigned long)ip[1] << 16L) |
((unsigned long)ip[2]<< 8L)| ((unsigned long)ip[2] << 8L) | ((unsigned long)ip[3]);
((unsigned long)ip[3]);
them.sin_addr.s_addr = htonl(addr); them.sin_addr.s_addr = htonl(addr);
if (type == SOCK_STREAM) if (type == SOCK_STREAM)
@@ -270,55 +267,60 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
else /* ( type == SOCK_DGRAM) */ else /* ( type == SOCK_DGRAM) */
s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
if (s == INVALID_SOCKET) { perror("socket"); return(0); } if (s == INVALID_SOCKET) {
perror("socket");
return (0);
}
# ifndef OPENSSL_SYS_MPE # ifndef OPENSSL_SYS_MPE
if (type == SOCK_STREAM) if (type == SOCK_STREAM) {
{
i = 0; i = 0;
i = setsockopt(s, SOL_SOCKET, SO_KEEPALIVE, (char *)&i, sizeof(i)); i = setsockopt(s, SOL_SOCKET, SO_KEEPALIVE, (char *)&i, sizeof(i));
if (i < 0) { perror("keepalive"); return(0); } if (i < 0) {
perror("keepalive");
return (0);
}
} }
# endif # endif
if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1) if (connect(s, (struct sockaddr *)&them, sizeof(them)) == -1) {
{ close(s); perror("connect"); return(0); } close(s);
perror("connect");
return (0);
}
*sock = s; *sock = s;
return (1); return (1);
} }
int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context) int do_server(int port, int type, int *ret,
int (*cb) (char *hostname, int s, unsigned char *context),
unsigned char *context)
{ {
int sock; int sock;
char *name = NULL; char *name = NULL;
int accept_socket; int accept_socket;
int i; int i;
if (!init_server(&accept_socket,port,type)) return(0); if (!init_server(&accept_socket, port, type))
return (0);
if (ret != NULL) if (ret != NULL) {
{
*ret = accept_socket; *ret = accept_socket;
/* return(1); */ /* return(1); */
} }
for (;;) for (;;) {
{ if (type == SOCK_STREAM) {
if (type==SOCK_STREAM) if (do_accept(accept_socket, &sock, &name) == 0) {
{
if (do_accept(accept_socket,&sock,&name) == 0)
{
SHUTDOWN(accept_socket); SHUTDOWN(accept_socket);
return (0); return (0);
} }
} } else
else
sock = accept_socket; sock = accept_socket;
i = (*cb) (name, sock, context); i = (*cb) (name, sock, context);
if (name != NULL) OPENSSL_free(name); if (name != NULL)
OPENSSL_free(name);
if (type == SOCK_STREAM) if (type == SOCK_STREAM)
SHUTDOWN2(sock); SHUTDOWN2(sock);
if (i < 0) if (i < 0) {
{
SHUTDOWN2(accept_socket); SHUTDOWN2(accept_socket);
return (i); return (i);
} }
@@ -331,7 +333,8 @@ static int init_server_long(int *sock, int port, char *ip, int type)
struct sockaddr_in server; struct sockaddr_in server;
int s = -1; int s = -1;
if (!ssl_sock_init()) return(0); if (!ssl_sock_init())
return (0);
memset((char *)&server, 0, sizeof(server)); memset((char *)&server, 0, sizeof(server));
server.sin_family = AF_INET; server.sin_family = AF_INET;
@@ -351,28 +354,27 @@ static int init_server_long(int *sock, int port, char *ip, int type)
else /* type == SOCK_DGRAM */ else /* type == SOCK_DGRAM */
s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
if (s == INVALID_SOCKET) goto err; if (s == INVALID_SOCKET)
goto err;
# if defined SOL_SOCKET && defined SO_REUSEADDR # if defined SOL_SOCKET && defined SO_REUSEADDR
{ {
int j = 1; int j = 1;
setsockopt(s, SOL_SOCKET, SO_REUSEADDR, setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j);
(void *) &j, sizeof j);
} }
# endif # endif
if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1) if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) {
{
# ifndef OPENSSL_SYS_WINDOWS # ifndef OPENSSL_SYS_WINDOWS
perror("bind"); perror("bind");
# endif # endif
goto err; goto err;
} }
/* Make it 128 for linux */ /* Make it 128 for linux */
if (type==SOCK_STREAM && listen(s,128) == -1) goto err; if (type == SOCK_STREAM && listen(s, 128) == -1)
goto err;
*sock = s; *sock = s;
ret = 1; ret = 1;
err: err:
if ((ret == 0) && (s != -1)) if ((ret == 0) && (s != -1)) {
{
SHUTDOWN(s); SHUTDOWN(s);
} }
return (ret); return (ret);
@@ -391,7 +393,8 @@ static int do_accept(int acc_sock, int *sock, char **host)
int len; int len;
/* struct linger ling; */ /* struct linger ling; */
if (!ssl_sock_init()) return(0); if (!ssl_sock_init())
return (0);
# ifndef OPENSSL_SYS_WINDOWS # ifndef OPENSSL_SYS_WINDOWS
redoit: redoit:
@@ -399,22 +402,23 @@ redoit:
memset((char *)&from, 0, sizeof(from)); memset((char *)&from, 0, sizeof(from));
len = sizeof(from); len = sizeof(from);
/* Note: under VMS with SOCKETSHR the fourth parameter is currently /*
* of type (int *) whereas under other systems it is (void *) if * Note: under VMS with SOCKETSHR the fourth parameter is currently of
* you don't have a cast it will choke the compiler: if you do * type (int *) whereas under other systems it is (void *) if you don't
* have a cast then you can either go for (int *) or (void *). * have a cast it will choke the compiler: if you do have a cast then you
* can either go for (int *) or (void *).
*/ */
ret = accept(acc_sock, (struct sockaddr *)&from, (void *)&len); ret = accept(acc_sock, (struct sockaddr *)&from, (void *)&len);
if (ret == INVALID_SOCKET) if (ret == INVALID_SOCKET) {
{
# if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)) # if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
int i; int i;
i = WSAGetLastError(); i = WSAGetLastError();
BIO_printf(bio_err, "accept error %d\n", i); BIO_printf(bio_err, "accept error %d\n", i);
# else # else
if (errno == EINTR) if (errno == EINTR) {
{ /*
/*check_timeout(); */ * check_timeout();
*/
goto redoit; goto redoit;
} }
fprintf(stderr, "errno=%d ", errno); fprintf(stderr, "errno=%d ", errno);
@@ -433,7 +437,8 @@ redoit:
if (i < 0) { perror("keepalive"); return(0); } if (i < 0) { perror("keepalive"); return(0); }
*/ */
if (host == NULL) goto end; if (host == NULL)
goto end;
# ifndef BIT_FIELD_LIMITS # ifndef BIT_FIELD_LIMITS
/* I should use WSAAsyncGetHostByName() under windows */ /* I should use WSAAsyncGetHostByName() under windows */
h1 = gethostbyaddr((char *)&from.sin_addr.s_addr, h1 = gethostbyaddr((char *)&from.sin_addr.s_addr,
@@ -442,29 +447,23 @@ redoit:
h1 = gethostbyaddr((char *)&from.sin_addr, h1 = gethostbyaddr((char *)&from.sin_addr,
sizeof(struct in_addr), AF_INET); sizeof(struct in_addr), AF_INET);
# endif # endif
if (h1 == NULL) if (h1 == NULL) {
{
BIO_printf(bio_err, "bad gethostbyaddr\n"); BIO_printf(bio_err, "bad gethostbyaddr\n");
*host = NULL; *host = NULL;
/* return(0); */ /* return(0); */
} } else {
else if ((*host = (char *)OPENSSL_malloc(strlen(h1->h_name) + 1)) == NULL) {
{
if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL)
{
perror("OPENSSL_malloc"); perror("OPENSSL_malloc");
return (0); return (0);
} }
BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1); BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1);
h2 = GetHostByName(*host); h2 = GetHostByName(*host);
if (h2 == NULL) if (h2 == NULL) {
{
BIO_printf(bio_err, "gethostbyname failure\n"); BIO_printf(bio_err, "gethostbyname failure\n");
return (0); return (0);
} }
if (h2->h_addrtype != AF_INET) if (h2->h_addrtype != AF_INET) {
{
BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n"); BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
return (0); return (0);
} }
@@ -481,8 +480,7 @@ int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
h = str; h = str;
p = strchr(str, ':'); p = strchr(str, ':');
if (p == NULL) if (p == NULL) {
{
BIO_printf(bio_err, "no port defined\n"); BIO_printf(bio_err, "no port defined\n");
return (0); return (0);
} }
@@ -490,7 +488,8 @@ int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
if ((ip != NULL) && !host_ip(str, ip)) if ((ip != NULL) && !host_ip(str, ip))
goto err; goto err;
if (host_ptr != NULL) *host_ptr=h; if (host_ptr != NULL)
*host_ptr = h;
if (!extract_port(p, port_ptr)) if (!extract_port(p, port_ptr))
goto err; goto err;
@@ -504,11 +503,10 @@ static int host_ip(char *str, unsigned char ip[4])
unsigned int in[4]; unsigned int in[4];
int i; int i;
if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4) if (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) ==
{ 4) {
for (i = 0; i < 4; i++) for (i = 0; i < 4; i++)
if (in[i] > 255) if (in[i] > 255) {
{
BIO_printf(bio_err, "invalid IP address\n"); BIO_printf(bio_err, "invalid IP address\n");
goto err; goto err;
} }
@@ -516,22 +514,19 @@ static int host_ip(char *str, unsigned char ip[4])
ip[1] = in[1]; ip[1] = in[1];
ip[2] = in[2]; ip[2] = in[2];
ip[3] = in[3]; ip[3] = in[3];
} } else { /* do a gethostbyname */
else
{ /* do a gethostbyname */
struct hostent *he; struct hostent *he;
if (!ssl_sock_init()) return(0); if (!ssl_sock_init())
return (0);
he = GetHostByName(str); he = GetHostByName(str);
if (he == NULL) if (he == NULL) {
{
BIO_printf(bio_err, "gethostbyname failure\n"); BIO_printf(bio_err, "gethostbyname failure\n");
goto err; goto err;
} }
/* cast to short because of win16 winsock definition */ /* cast to short because of win16 winsock definition */
if ((short)he->h_addrtype != AF_INET) if ((short)he->h_addrtype != AF_INET) {
{
BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n"); BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
return (0); return (0);
} }
@@ -553,11 +548,9 @@ int extract_port(char *str, short *port_ptr)
i = atoi(str); i = atoi(str);
if (i != 0) if (i != 0)
*port_ptr = (unsigned short)i; *port_ptr = (unsigned short)i;
else else {
{
s = getservbyname(str, "tcp"); s = getservbyname(str, "tcp");
if (s == NULL) if (s == NULL) {
{
BIO_printf(bio_err, "getservbyname failure for %s\n", str); BIO_printf(bio_err, "getservbyname failure for %s\n", str);
return (0); return (0);
} }
@@ -567,8 +560,7 @@ int extract_port(char *str, short *port_ptr)
} }
# define GHBN_NUM 4 # define GHBN_NUM 4
static struct ghbn_cache_st static struct ghbn_cache_st {
{
char name[128]; char name[128];
struct hostent ent; struct hostent ent;
unsigned long order; unsigned long order;
@@ -583,35 +575,30 @@ static struct hostent *GetHostByName(char *name)
int i, lowi = 0; int i, lowi = 0;
unsigned long low = (unsigned long)-1; unsigned long low = (unsigned long)-1;
for (i=0; i<GHBN_NUM; i++) for (i = 0; i < GHBN_NUM; i++) {
{ if (low > ghbn_cache[i].order) {
if (low > ghbn_cache[i].order)
{
low = ghbn_cache[i].order; low = ghbn_cache[i].order;
lowi = i; lowi = i;
} }
if (ghbn_cache[i].order > 0) if (ghbn_cache[i].order > 0) {
{
if (strncmp(name, ghbn_cache[i].name, 128) == 0) if (strncmp(name, ghbn_cache[i].name, 128) == 0)
break; break;
} }
} }
if (i == GHBN_NUM) /* no hit*/ if (i == GHBN_NUM) { /* no hit */
{
ghbn_miss++; ghbn_miss++;
ret = gethostbyname(name); ret = gethostbyname(name);
if (ret == NULL) return(NULL); if (ret == NULL)
return (NULL);
/* else add to cache */ /* else add to cache */
if(strlen(name) < sizeof ghbn_cache[0].name) if (strlen(name) < sizeof ghbn_cache[0].name) {
{
strcpy(ghbn_cache[lowi].name, name); strcpy(ghbn_cache[lowi].name, name);
memcpy((char *)&(ghbn_cache[lowi].ent),ret,sizeof(struct hostent)); memcpy((char *)&(ghbn_cache[lowi].ent), ret,
sizeof(struct hostent));
ghbn_cache[lowi].order = ghbn_miss + ghbn_hits; ghbn_cache[lowi].order = ghbn_miss + ghbn_hits;
} }
return (ret); return (ret);
} } else {
else
{
ghbn_hits++; ghbn_hits++;
ret = &(ghbn_cache[i].ent); ret = &(ghbn_cache[i].ent);
ghbn_cache[i].order = ghbn_miss + ghbn_hits; ghbn_cache[i].order = ghbn_miss + ghbn_hits;

202
apps/s_time.c
View File

@@ -58,7 +58,7 @@
#define NO_SHUTDOWN #define NO_SHUTDOWN
/*----------------------------------------- /* ----------------------------------------
s_time - SSL client connection timer program s_time - SSL client connection timer program
Written and donated by Larry Streepy <streepy@healthcare.com> Written and donated by Larry Streepy <streepy@healthcare.com>
-----------------------------------------*/ -----------------------------------------*/
@@ -97,10 +97,12 @@
# include <sys/times.h> # include <sys/times.h>
#endif #endif
/* Depending on the VMS version, the tms structure is perhaps defined. /*
The __TMS macro will show if it was. If it wasn't defined, we should * Depending on the VMS version, the tms structure is perhaps defined. The
undefine TIMES, since that tells the rest of the program how things * __TMS macro will show if it was. If it wasn't defined, we should undefine
should be handled. -- Richard Levitte */ * TIMES, since that tells the rest of the program how things should be
* handled. -- Richard Levitte
*/
#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS) #if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
# undef TIMES # undef TIMES
#endif #endif
@@ -115,7 +117,8 @@
# include <sys/param.h> # include <sys/param.h>
#endif #endif
/* The following if from times(3) man page. It may need to be changed /*
* The following if from times(3) man page. It may need to be changed
*/ */
#ifndef HZ #ifndef HZ
# ifdef _SC_CLK_TCK # ifdef _SC_CLK_TCK
@@ -142,7 +145,9 @@
#define SSL_CONNECT_NAME "localhost:4433" #define SSL_CONNECT_NAME "localhost:4433"
/* no default cert. */ /* no default cert. */
/*#define TEST_CERT "client.pem" */ /*
* #define TEST_CERT "client.pem"
*/
#undef BUFSIZZ #undef BUFSIZZ
#define BUFSIZZ 1024*10 #define BUFSIZZ 1024*10
@@ -232,7 +237,8 @@ static void s_time_usage(void)
printf("usage: s_time <args>\n\n"); printf("usage: s_time <args>\n\n");
printf("-connect host:port - host:port to connect to (default is %s)\n",SSL_CONNECT_NAME); printf("-connect host:port - host:port to connect to (default is %s)\n",
SSL_CONNECT_NAME);
#ifdef FIONBIO #ifdef FIONBIO
printf("-nbio - Run with non-blocking IO\n"); printf("-nbio - Run with non-blocking IO\n");
printf("-ssl2 - Just use SSLv2\n"); printf("-ssl2 - Just use SSLv2\n");
@@ -261,20 +267,19 @@ static int parseArgs(int argc, char **argv)
argv++; argv++;
while (argc >= 1) { while (argc >= 1) {
if (strcmp(*argv,"-connect") == 0) if (strcmp(*argv, "-connect") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
host = *(++argv); host = *(++argv);
} }
#if 0 #if 0
else if( strcmp(*argv,"-host") == 0) else if (strcmp(*argv, "-host") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
host = *(++argv); host = *(++argv);
} } else if (strcmp(*argv, "-port") == 0) {
else if( strcmp(*argv,"-port") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
port = *(++argv); port = *(++argv);
} }
#endif #endif
@@ -285,33 +290,39 @@ static int parseArgs(int argc, char **argv)
else if (strcmp(*argv, "-verify") == 0) { else if (strcmp(*argv, "-verify") == 0) {
tm_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE; tm_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
if (--argc < 1) goto bad; if (--argc < 1)
goto bad;
verify_depth = atoi(*(++argv)); verify_depth = atoi(*(++argv));
BIO_printf(bio_err, "verify depth is %d\n", verify_depth); BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
} else if (strcmp(*argv, "-cert") == 0) { } else if (strcmp(*argv, "-cert") == 0) {
if (--argc < 1) goto bad; if (--argc < 1)
goto bad;
t_cert_file = *(++argv); t_cert_file = *(++argv);
} else if (strcmp(*argv, "-key") == 0) { } else if (strcmp(*argv, "-key") == 0) {
if (--argc < 1) goto bad; if (--argc < 1)
goto bad;
t_key_file = *(++argv); t_key_file = *(++argv);
} else if (strcmp(*argv, "-CApath") == 0) { } else if (strcmp(*argv, "-CApath") == 0) {
if (--argc < 1) goto bad; if (--argc < 1)
goto bad;
CApath = *(++argv); CApath = *(++argv);
} else if (strcmp(*argv, "-CAfile") == 0) { } else if (strcmp(*argv, "-CAfile") == 0) {
if (--argc < 1) goto bad; if (--argc < 1)
goto bad;
CAfile = *(++argv); CAfile = *(++argv);
} else if (strcmp(*argv, "-cipher") == 0) { } else if (strcmp(*argv, "-cipher") == 0) {
if (--argc < 1) goto bad; if (--argc < 1)
goto bad;
tm_cipher = *(++argv); tm_cipher = *(++argv);
} }
#ifdef FIONBIO #ifdef FIONBIO
@@ -319,17 +330,15 @@ static int parseArgs(int argc, char **argv)
t_nbio = 1; t_nbio = 1;
} }
#endif #endif
else if(strcmp(*argv,"-www") == 0) else if (strcmp(*argv, "-www") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
s_www_path = *(++argv); s_www_path = *(++argv);
if(strlen(s_www_path) > MYBUFSIZ-100) if (strlen(s_www_path) > MYBUFSIZ - 100) {
{
BIO_printf(bio_err, "-www option too long\n"); BIO_printf(bio_err, "-www option too long\n");
badop = 1; badop = 1;
} }
} } else if (strcmp(*argv, "-bugs") == 0)
else if(strcmp(*argv,"-bugs") == 0)
st_bugs = 1; st_bugs = 1;
#ifndef OPENSSL_NO_SSL2 #ifndef OPENSSL_NO_SSL2
else if (strcmp(*argv, "-ssl2") == 0) else if (strcmp(*argv, "-ssl2") == 0)
@@ -341,10 +350,10 @@ static int parseArgs(int argc, char **argv)
#endif #endif
else if (strcmp(*argv, "-time") == 0) { else if (strcmp(*argv, "-time") == 0) {
if (--argc < 1) goto bad; if (--argc < 1)
goto bad;
maxTime = atoi(*(++argv)); maxTime = atoi(*(++argv));
} } else {
else {
BIO_printf(bio_err, "unknown option %s\n", *argv); BIO_printf(bio_err, "unknown option %s\n", *argv);
badop = 1; badop = 1;
break; break;
@@ -354,7 +363,8 @@ static int parseArgs(int argc, char **argv)
argv++; argv++;
} }
if (perform == 0) perform=3; if (perform == 0)
perform = 3;
if (badop) { if (badop) {
bad: bad:
@@ -388,13 +398,10 @@ static double tm_Time_F(int s)
#elif defined(OPENSSL_SYS_NETWARE) #elif defined(OPENSSL_SYS_NETWARE)
static clock_t tstart, tend; static clock_t tstart, tend;
if (s == START) if (s == START) {
{
tstart = clock(); tstart = clock();
return (0); return (0);
} } else {
else
{
tend = clock(); tend = clock();
ret = (double)((double)(tend) - (double)(tstart)); ret = (double)((double)(tend) - (double)(tstart));
return ((ret < 0.001) ? 0.001 : ret); return ((ret < 0.001) ? 0.001 : ret);
@@ -403,13 +410,10 @@ static double tm_Time_F(int s)
{ {
static unsigned long tick_start, tick_end; static unsigned long tick_start, tick_end;
if( s == START ) if (s == START) {
{
tick_start = tickGet(); tick_start = tickGet();
return 0; return 0;
} } else {
else
{
tick_end = tickGet(); tick_end = tickGet();
ret = (double)(tick_end - tick_start) / (double)sysClkRateGet(); ret = (double)(tick_end - tick_start) / (double)sysClkRateGet();
return ((ret == 0.0) ? 1e-6 : ret); return ((ret == 0.0) ? 1e-6 : ret);
@@ -466,11 +470,13 @@ int MAIN(int argc, char **argv)
goto end; goto end;
OpenSSL_add_ssl_algorithms(); OpenSSL_add_ssl_algorithms();
if ((tm_ctx=SSL_CTX_new(s_time_meth)) == NULL) return(1); if ((tm_ctx = SSL_CTX_new(s_time_meth)) == NULL)
return (1);
SSL_CTX_set_quiet_shutdown(tm_ctx, 1); SSL_CTX_set_quiet_shutdown(tm_ctx, 1);
if (st_bugs) SSL_CTX_set_options(tm_ctx,SSL_OP_ALL); if (st_bugs)
SSL_CTX_set_options(tm_ctx, SSL_OP_ALL);
SSL_CTX_set_cipher_list(tm_ctx, tm_cipher); SSL_CTX_set_cipher_list(tm_ctx, tm_cipher);
if (!set_cert_stuff(tm_ctx, t_cert_file, t_key_file)) if (!set_cert_stuff(tm_ctx, t_cert_file, t_key_file))
goto end; goto end;
@@ -478,9 +484,10 @@ int MAIN(int argc, char **argv)
SSL_load_error_strings(); SSL_load_error_strings();
if ((!SSL_CTX_load_verify_locations(tm_ctx, CAfile, CApath)) || if ((!SSL_CTX_load_verify_locations(tm_ctx, CAfile, CApath)) ||
(!SSL_CTX_set_default_verify_paths(tm_ctx))) (!SSL_CTX_set_default_verify_paths(tm_ctx))) {
{ /*
/* BIO_printf(bio_err,"error setting default verify locations\n"); */ * BIO_printf(bio_err,"error setting default verify locations\n");
*/
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
/* goto end; */ /* goto end; */
} }
@@ -492,7 +499,8 @@ int MAIN(int argc, char **argv)
fprintf(stderr, "No CIPHER specified\n"); fprintf(stderr, "No CIPHER specified\n");
} }
if (!(perform & 1)) goto next; if (!(perform & 1))
goto next;
printf("Collecting connection statistics for %d seconds\n", maxTime); printf("Collecting connection statistics for %d seconds\n", maxTime);
/* Loop and time how long it takes to make connections */ /* Loop and time how long it takes to make connections */
@@ -500,9 +508,9 @@ int MAIN(int argc, char **argv)
bytes_read = 0; bytes_read = 0;
finishtime = (long)time(NULL) + maxTime; finishtime = (long)time(NULL) + maxTime;
tm_Time_F(START); tm_Time_F(START);
for (;;) for (;;) {
{ if (finishtime < (long)time(NULL))
if (finishtime < (long)time(NULL)) break; break;
#ifdef WIN32_STUFF #ifdef WIN32_STUFF
if (flushWinMsgs(0) == -1) if (flushWinMsgs(0) == -1)
@@ -515,14 +523,13 @@ int MAIN(int argc, char **argv)
if ((scon = doConnection(NULL)) == NULL) if ((scon = doConnection(NULL)) == NULL)
goto end; goto end;
if (s_www_path != NULL) if (s_www_path != NULL) {
{ BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n",
BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); s_www_path);
SSL_write(scon, buf, strlen(buf)); SSL_write(scon, buf, strlen(buf));
while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
bytes_read += i; bytes_read += i;
} }
#ifdef NO_SHUTDOWN #ifdef NO_SHUTDOWN
SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
#else #else
@@ -533,8 +540,7 @@ int MAIN(int argc, char **argv)
nConn += 1; nConn += 1;
if (SSL_session_reused(scon)) if (SSL_session_reused(scon))
ver = 'r'; ver = 'r';
else else {
{
ver = SSL_version(scon); ver = SSL_version(scon);
if (ver == TLS1_VERSION) if (ver == TLS1_VERSION)
ver = 't'; ver = 't';
@@ -554,28 +560,32 @@ int MAIN(int argc, char **argv)
totalTime += tm_Time_F(STOP); /* Add the time for this iteration */ totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
i = (int)((long)time(NULL) - finishtime + maxTime); i = (int)((long)time(NULL) - finishtime + maxTime);
printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read); printf
printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn); ("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
nConn, totalTime, ((double)nConn / totalTime), bytes_read);
printf
("%d connections in %ld real seconds, %ld bytes read per connection\n",
nConn, (long)time(NULL) - finishtime + maxTime, bytes_read / nConn);
/* Now loop and time connections using the same session id over and over */ /*
* Now loop and time connections using the same session id over and over
*/
next: next:
if (!(perform & 2)) goto end; if (!(perform & 2))
goto end;
printf("\n\nNow timing with session id reuse.\n"); printf("\n\nNow timing with session id reuse.\n");
/* Get an SSL object so we can reuse the session id */ /* Get an SSL object so we can reuse the session id */
if( (scon = doConnection( NULL )) == NULL ) if ((scon = doConnection(NULL)) == NULL) {
{
fprintf(stderr, "Unable to get connection\n"); fprintf(stderr, "Unable to get connection\n");
goto end; goto end;
} }
if (s_www_path != NULL) if (s_www_path != NULL) {
{
BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", s_www_path); BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", s_www_path);
SSL_write(scon, buf, strlen(buf)); SSL_write(scon, buf, strlen(buf));
while (SSL_read(scon,buf,sizeof(buf)) > 0) while (SSL_read(scon, buf, sizeof(buf)) > 0) ;
;
} }
#ifdef NO_SHUTDOWN #ifdef NO_SHUTDOWN
SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
@@ -593,9 +603,9 @@ next:
bytes_read = 0; bytes_read = 0;
tm_Time_F(START); tm_Time_F(START);
for (;;) for (;;) {
{ if (finishtime < (long)time(NULL))
if (finishtime < (long)time(NULL)) break; break;
#ifdef WIN32_STUFF #ifdef WIN32_STUFF
if (flushWinMsgs(0) == -1) if (flushWinMsgs(0) == -1)
@@ -608,14 +618,13 @@ next:
if ((doConnection(scon)) == NULL) if ((doConnection(scon)) == NULL)
goto end; goto end;
if (s_www_path) if (s_www_path) {
{ BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n",
BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); s_www_path);
SSL_write(scon, buf, strlen(buf)); SSL_write(scon, buf, strlen(buf));
while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
bytes_read += i; bytes_read += i;
} }
#ifdef NO_SHUTDOWN #ifdef NO_SHUTDOWN
SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
#else #else
@@ -626,8 +635,7 @@ next:
nConn += 1; nConn += 1;
if (SSL_session_reused(scon)) if (SSL_session_reused(scon))
ver = 'r'; ver = 'r';
else else {
{
ver = SSL_version(scon); ver = SSL_version(scon);
if (ver == TLS1_VERSION) if (ver == TLS1_VERSION)
ver = 't'; ver = 't';
@@ -643,16 +651,19 @@ next:
} }
totalTime += tm_Time_F(STOP); /* Add the time for this iteration */ totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
printf
printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read); ("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn); nConn, totalTime, ((double)nConn / totalTime), bytes_read);
printf
("%d connections in %ld real seconds, %ld bytes read per connection\n",
nConn, (long)time(NULL) - finishtime + maxTime, bytes_read / nConn);
ret = 0; ret = 0;
end: end:
if (scon != NULL) SSL_free(scon); if (scon != NULL)
SSL_free(scon);
if (tm_ctx != NULL) if (tm_ctx != NULL) {
{
SSL_CTX_free(tm_ctx); SSL_CTX_free(tm_ctx);
tm_ctx = NULL; tm_ctx = NULL;
} }
@@ -682,8 +693,7 @@ static SSL *doConnection(SSL *scon)
if (scon == NULL) if (scon == NULL)
serverCon = SSL_new(tm_ctx); serverCon = SSL_new(tm_ctx);
else else {
{
serverCon = scon; serverCon = scon;
SSL_set_connect_state(serverCon); SSL_set_connect_state(serverCon);
} }
@@ -698,27 +708,25 @@ static SSL *doConnection(SSL *scon)
/* ok, lets connect */ /* ok, lets connect */
for (;;) { for (;;) {
i = SSL_connect(serverCon); i = SSL_connect(serverCon);
if (BIO_sock_should_retry(i)) if (BIO_sock_should_retry(i)) {
{
BIO_printf(bio_err, "DELAY\n"); BIO_printf(bio_err, "DELAY\n");
i = SSL_get_fd(serverCon); i = SSL_get_fd(serverCon);
width = i + 1; width = i + 1;
FD_ZERO(&readfds); FD_ZERO(&readfds);
FD_SET(i, &readfds); FD_SET(i, &readfds);
/* Note: under VMS with SOCKETSHR the 2nd parameter /*
* is currently of type (int *) whereas under other * Note: under VMS with SOCKETSHR the 2nd parameter is currently
* systems it is (void *) if you don't have a cast it * of type (int *) whereas under other systems it is (void *) if
* will choke the compiler: if you do have a cast then * you don't have a cast it will choke the compiler: if you do
* you can either go for (int *) or (void *). * have a cast then you can either go for (int *) or (void *).
*/ */
select(width, (void *)&readfds, NULL, NULL, NULL); select(width, (void *)&readfds, NULL, NULL, NULL);
continue; continue;
} }
break; break;
} }
if(i <= 0) if (i <= 0) {
{
BIO_printf(bio_err, "ERROR\n"); BIO_printf(bio_err, "ERROR\n");
if (verify_error != X509_V_OK) if (verify_error != X509_V_OK)
BIO_printf(bio_err, "verify error:%s\n", BIO_printf(bio_err, "verify error:%s\n",
@@ -732,5 +740,3 @@ static SSL *doConnection(SSL *scon)
return serverCon; return serverCon;
} }

108
apps/sess_id.c
View File

@@ -109,41 +109,34 @@ int MAIN(int argc, char **argv)
argc--; argc--;
argv++; argv++;
num = 0; num = 0;
while (argc >= 1) while (argc >= 1) {
{ if (strcmp(*argv, "-inform") == 0) {
if (strcmp(*argv,"-inform") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
informat = str2fmt(*(++argv)); informat = str2fmt(*(++argv));
} } else if (strcmp(*argv, "-outform") == 0) {
else if (strcmp(*argv,"-outform") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
outformat = str2fmt(*(++argv)); outformat = str2fmt(*(++argv));
} } else if (strcmp(*argv, "-in") == 0) {
else if (strcmp(*argv,"-in") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
infile = *(++argv); infile = *(++argv);
} } else if (strcmp(*argv, "-out") == 0) {
else if (strcmp(*argv,"-out") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
outfile = *(++argv); outfile = *(++argv);
} } else if (strcmp(*argv, "-text") == 0)
else if (strcmp(*argv,"-text") == 0)
text = ++num; text = ++num;
else if (strcmp(*argv, "-cert") == 0) else if (strcmp(*argv, "-cert") == 0)
cert = ++num; cert = ++num;
else if (strcmp(*argv, "-noout") == 0) else if (strcmp(*argv, "-noout") == 0)
noout = ++num; noout = ++num;
else if (strcmp(*argv,"-context") == 0) else if (strcmp(*argv, "-context") == 0) {
{ if (--argc < 1)
if(--argc < 1) goto bad; goto bad;
context = *++argv; context = *++argv;
} } else {
else
{
BIO_printf(bio_err, "unknown option %s\n", *argv); BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1; badops = 1;
break; break;
@@ -152,8 +145,7 @@ int MAIN(int argc, char **argv)
argv++; argv++;
} }
if (badops) if (badops) {
{
bad: bad:
for (pp = sess_id_usage; (*pp != NULL); pp++) for (pp = sess_id_usage; (*pp != NULL); pp++)
BIO_printf(bio_err, "%s", *pp); BIO_printf(bio_err, "%s", *pp);
@@ -162,19 +154,18 @@ bad:
ERR_load_crypto_strings(); ERR_load_crypto_strings();
x = load_sess_id(infile, informat); x = load_sess_id(infile, informat);
if (x == NULL) { goto end; } if (x == NULL) {
goto end;
}
if(context) if (context) {
{
x->sid_ctx_length = strlen(context); x->sid_ctx_length = strlen(context);
if(x->sid_ctx_length > SSL_MAX_SID_CTX_LENGTH) if (x->sid_ctx_length > SSL_MAX_SID_CTX_LENGTH) {
{
BIO_printf(bio_err, "Context too long\n"); BIO_printf(bio_err, "Context too long\n");
goto end; goto end;
} }
memcpy(x->sid_ctx, context, x->sid_ctx_length); memcpy(x->sid_ctx, context, x->sid_ctx_length);
} }
#ifdef undef #ifdef undef
/* just testing for memory leaks :-) */ /* just testing for memory leaks :-) */
{ {
@@ -196,17 +187,14 @@ bad:
} }
#endif #endif
if (!noout || text) if (!noout || text) {
{
out = BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file());
if (out == NULL) if (out == NULL) {
{
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
if (outfile == NULL) if (outfile == NULL) {
{
BIO_set_fp(out, stdout, BIO_NOCLOSE); BIO_set_fp(out, stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS #ifdef OPENSSL_SYS_VMS
{ {
@@ -214,23 +202,18 @@ bad:
out = BIO_push(tmpbio, out); out = BIO_push(tmpbio, out);
} }
#endif #endif
} } else {
else if (BIO_write_filename(out, outfile) <= 0) {
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile); perror(outfile);
goto end; goto end;
} }
} }
} }
if (text) if (text) {
{
SSL_SESSION_print(out, x); SSL_SESSION_print(out, x);
if (cert) if (cert) {
{
if (x->peer == NULL) if (x->peer == NULL)
BIO_puts(out, "No certificate present\n"); BIO_puts(out, "No certificate present\n");
else else
@@ -238,8 +221,7 @@ bad:
} }
} }
if (!noout && !cert) if (!noout && !cert) {
{
if (outformat == FORMAT_ASN1) if (outformat == FORMAT_ASN1)
i = i2d_SSL_SESSION_bio(out, x); i = i2d_SSL_SESSION_bio(out, x);
else if (outformat == FORMAT_PEM) else if (outformat == FORMAT_PEM)
@@ -252,9 +234,7 @@ bad:
BIO_printf(bio_err, "unable to write SSL_SESSION\n"); BIO_printf(bio_err, "unable to write SSL_SESSION\n");
goto end; goto end;
} }
} } else if (!noout && (x->peer != NULL)) { /* just print the certificate */
else if (!noout && (x->peer != NULL)) /* just print the certificate */
{
if (outformat == FORMAT_ASN1) if (outformat == FORMAT_ASN1)
i = (int)i2d_X509_bio(out, x->peer); i = (int)i2d_X509_bio(out, x->peer);
else if (outformat == FORMAT_PEM) else if (outformat == FORMAT_PEM)
@@ -270,8 +250,10 @@ bad:
} }
ret = 0; ret = 0;
end: end:
if (out != NULL) BIO_free_all(out); if (out != NULL)
if (x != NULL) SSL_SESSION_free(x); BIO_free_all(out);
if (x != NULL)
SSL_SESSION_free(x);
apps_shutdown(); apps_shutdown();
OPENSSL_EXIT(ret); OPENSSL_EXIT(ret);
} }
@@ -282,18 +264,15 @@ static SSL_SESSION *load_sess_id(char *infile, int format)
BIO *in = NULL; BIO *in = NULL;
in = BIO_new(BIO_s_file()); in = BIO_new(BIO_s_file());
if (in == NULL) if (in == NULL) {
{
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
if (infile == NULL) if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE); BIO_set_fp(in, stdin, BIO_NOCLOSE);
else else {
{ if (BIO_read_filename(in, infile) <= 0) {
if (BIO_read_filename(in,infile) <= 0)
{
perror(infile); perror(infile);
goto end; goto end;
} }
@@ -306,15 +285,14 @@ static SSL_SESSION *load_sess_id(char *infile, int format)
BIO_printf(bio_err, "bad input format specified for input crl\n"); BIO_printf(bio_err, "bad input format specified for input crl\n");
goto end; goto end;
} }
if (x == NULL) if (x == NULL) {
{
BIO_printf(bio_err, "unable to load SSL_SESSION\n"); BIO_printf(bio_err, "unable to load SSL_SESSION\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
end: end:
if (in != NULL) BIO_free(in); if (in != NULL)
BIO_free(in);
return (x); return (x);
} }

458
apps/smime.c
View File

@@ -1,5 +1,6 @@
/* smime.c */ /* smime.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL /*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project. * project.
*/ */
/* ==================================================================== /* ====================================================================
@@ -118,8 +119,7 @@ int MAIN(int argc, char **argv)
apps_startup(); apps_startup();
if (bio_err == NULL) if (bio_err == NULL) {
{
if ((bio_err = BIO_new(BIO_s_file())) != NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
} }
@@ -127,8 +127,7 @@ int MAIN(int argc, char **argv)
if (!load_config(bio_err, NULL)) if (!load_config(bio_err, NULL))
goto end; goto end;
while (!badarg && *args && *args[0] == '-') while (!badarg && *args && *args[0] == '-') {
{
if (!strcmp(*args, "-encrypt")) if (!strcmp(*args, "-encrypt"))
operation = SMIME_ENCRYPT; operation = SMIME_ENCRYPT;
else if (!strcmp(*args, "-decrypt")) else if (!strcmp(*args, "-decrypt"))
@@ -197,225 +196,148 @@ int MAIN(int argc, char **argv)
flags |= PKCS7_NOOLDMIMETYPE; flags |= PKCS7_NOOLDMIMETYPE;
else if (!strcmp(*args, "-crlfeol")) else if (!strcmp(*args, "-crlfeol"))
flags |= PKCS7_CRLFEOL; flags |= PKCS7_CRLFEOL;
else if (!strcmp(*args,"-rand")) else if (!strcmp(*args, "-rand")) {
{ if (args[1]) {
if (args[1])
{
args++; args++;
inrand = *args; inrand = *args;
} } else
else
badarg = 1; badarg = 1;
need_rand = 1; need_rand = 1;
} }
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
else if (!strcmp(*args,"-engine")) else if (!strcmp(*args, "-engine")) {
{ if (args[1]) {
if (args[1])
{
args++; args++;
engine = *args; engine = *args;
} } else
else badarg = 1; badarg = 1;
} }
#endif #endif
else if (!strcmp(*args,"-passin")) else if (!strcmp(*args, "-passin")) {
{ if (args[1]) {
if (args[1])
{
args++; args++;
passargin = *args; passargin = *args;
} } else
else
badarg = 1; badarg = 1;
} } else if (!strcmp(*args, "-to")) {
else if (!strcmp (*args, "-to")) if (args[1]) {
{
if (args[1])
{
args++; args++;
to = *args; to = *args;
} } else
else
badarg = 1; badarg = 1;
} } else if (!strcmp(*args, "-from")) {
else if (!strcmp (*args, "-from")) if (args[1]) {
{
if (args[1])
{
args++; args++;
from = *args; from = *args;
} } else
else badarg = 1; badarg = 1;
} } else if (!strcmp(*args, "-subject")) {
else if (!strcmp (*args, "-subject")) if (args[1]) {
{
if (args[1])
{
args++; args++;
subject = *args; subject = *args;
} } else
else
badarg = 1; badarg = 1;
} } else if (!strcmp(*args, "-signer")) {
else if (!strcmp (*args, "-signer")) if (args[1]) {
{
if (args[1])
{
args++; args++;
signerfile = *args; signerfile = *args;
} } else
else
badarg = 1; badarg = 1;
} } else if (!strcmp(*args, "-recip")) {
else if (!strcmp (*args, "-recip")) if (args[1]) {
{
if (args[1])
{
args++; args++;
recipfile = *args; recipfile = *args;
} } else
else badarg = 1; badarg = 1;
} } else if (!strcmp(*args, "-inkey")) {
else if (!strcmp (*args, "-inkey")) if (args[1]) {
{
if (args[1])
{
args++; args++;
keyfile = *args; keyfile = *args;
} } else
else
badarg = 1; badarg = 1;
} } else if (!strcmp(*args, "-keyform")) {
else if (!strcmp (*args, "-keyform")) if (args[1]) {
{
if (args[1])
{
args++; args++;
keyform = str2fmt(*args); keyform = str2fmt(*args);
} } else
else
badarg = 1; badarg = 1;
} } else if (!strcmp(*args, "-certfile")) {
else if (!strcmp (*args, "-certfile")) if (args[1]) {
{
if (args[1])
{
args++; args++;
certfile = *args; certfile = *args;
} } else
else
badarg = 1; badarg = 1;
} } else if (!strcmp(*args, "-CAfile")) {
else if (!strcmp (*args, "-CAfile")) if (args[1]) {
{
if (args[1])
{
args++; args++;
CAfile = *args; CAfile = *args;
} } else
else
badarg = 1; badarg = 1;
} } else if (!strcmp(*args, "-CApath")) {
else if (!strcmp (*args, "-CApath")) if (args[1]) {
{
if (args[1])
{
args++; args++;
CApath = *args; CApath = *args;
} } else
else
badarg = 1; badarg = 1;
} } else if (!strcmp(*args, "-in")) {
else if (!strcmp (*args, "-in")) if (args[1]) {
{
if (args[1])
{
args++; args++;
infile = *args; infile = *args;
} } else
else
badarg = 1; badarg = 1;
} } else if (!strcmp(*args, "-inform")) {
else if (!strcmp (*args, "-inform")) if (args[1]) {
{
if (args[1])
{
args++; args++;
informat = str2fmt(*args); informat = str2fmt(*args);
} } else
else
badarg = 1; badarg = 1;
} } else if (!strcmp(*args, "-outform")) {
else if (!strcmp (*args, "-outform")) if (args[1]) {
{
if (args[1])
{
args++; args++;
outformat = str2fmt(*args); outformat = str2fmt(*args);
} } else
else
badarg = 1; badarg = 1;
} } else if (!strcmp(*args, "-out")) {
else if (!strcmp (*args, "-out")) if (args[1]) {
{
if (args[1])
{
args++; args++;
outfile = *args; outfile = *args;
} } else
else
badarg = 1; badarg = 1;
} } else if (!strcmp(*args, "-content")) {
else if (!strcmp (*args, "-content")) if (args[1]) {
{
if (args[1])
{
args++; args++;
contfile = *args; contfile = *args;
} } else
else
badarg = 1; badarg = 1;
} } else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
continue; continue;
else else
badarg = 1; badarg = 1;
args++; args++;
} }
if (operation == SMIME_SIGN) {
if (operation == SMIME_SIGN) if (!signerfile) {
{
if (!signerfile)
{
BIO_printf(bio_err, "No signer certificate specified\n"); BIO_printf(bio_err, "No signer certificate specified\n");
badarg = 1; badarg = 1;
} }
need_rand = 1; need_rand = 1;
} } else if (operation == SMIME_DECRYPT) {
else if (operation == SMIME_DECRYPT) if (!recipfile && !keyfile) {
{ BIO_printf(bio_err,
if (!recipfile && !keyfile) "No recipient certificate or key specified\n");
{
BIO_printf(bio_err, "No recipient certificate or key specified\n");
badarg = 1; badarg = 1;
} }
} } else if (operation == SMIME_ENCRYPT) {
else if (operation == SMIME_ENCRYPT) if (!*args) {
{
if (!*args)
{
BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
badarg = 1; badarg = 1;
} }
need_rand = 1; need_rand = 1;
} } else if (!operation)
else if (!operation)
badarg = 1; badarg = 1;
if (badarg) if (badarg) {
{
BIO_printf(bio_err, "Usage smime [options] cert.pem ...\n"); BIO_printf(bio_err, "Usage smime [options] cert.pem ...\n");
BIO_printf(bio_err, "where options are\n"); BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, "-encrypt encrypt message\n"); BIO_printf(bio_err, "-encrypt encrypt message\n");
@@ -437,60 +359,79 @@ int MAIN(int argc, char **argv)
#endif #endif
#ifndef OPENSSL_NO_AES #ifndef OPENSSL_NO_AES
BIO_printf(bio_err, "-aes128, -aes192, -aes256\n"); BIO_printf(bio_err, "-aes128, -aes192, -aes256\n");
BIO_printf (bio_err, " encrypt PEM output with cbc aes\n"); BIO_printf(bio_err,
" encrypt PEM output with cbc aes\n");
#endif #endif
#ifndef OPENSSL_NO_CAMELLIA #ifndef OPENSSL_NO_CAMELLIA
BIO_printf(bio_err, "-camellia128, -camellia192, -camellia256\n"); BIO_printf(bio_err, "-camellia128, -camellia192, -camellia256\n");
BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n"); BIO_printf(bio_err,
" encrypt PEM output with cbc camellia\n");
#endif #endif
BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n"); BIO_printf(bio_err,
BIO_printf (bio_err, "-nosigs don't verify message signature\n"); "-nointern don't search certificates in message for signer\n");
BIO_printf (bio_err, "-noverify don't verify signers certificate\n"); BIO_printf(bio_err,
BIO_printf (bio_err, "-nocerts don't include signers certificate when signing\n"); "-nosigs don't verify message signature\n");
BIO_printf(bio_err,
"-noverify don't verify signers certificate\n");
BIO_printf(bio_err,
"-nocerts don't include signers certificate when signing\n");
BIO_printf(bio_err, "-nodetach use opaque signing\n"); BIO_printf(bio_err, "-nodetach use opaque signing\n");
BIO_printf (bio_err, "-noattr don't include any signed attributes\n"); BIO_printf(bio_err,
BIO_printf (bio_err, "-binary don't translate message to text\n"); "-noattr don't include any signed attributes\n");
BIO_printf(bio_err,
"-binary don't translate message to text\n");
BIO_printf(bio_err, "-certfile file other certificates file\n"); BIO_printf(bio_err, "-certfile file other certificates file\n");
BIO_printf(bio_err, "-signer file signer certificate file\n"); BIO_printf(bio_err, "-signer file signer certificate file\n");
BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n"); BIO_printf(bio_err,
"-recip file recipient certificate file for decryption\n");
BIO_printf(bio_err, "-in file input file\n"); BIO_printf(bio_err, "-in file input file\n");
BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n"); BIO_printf(bio_err,
BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n"); "-inform arg input format SMIME (default), PEM or DER\n");
BIO_printf (bio_err, "-keyform arg input private key format (PEM or ENGINE)\n"); BIO_printf(bio_err,
"-inkey file input private key (if not signer or recipient)\n");
BIO_printf(bio_err,
"-keyform arg input private key format (PEM or ENGINE)\n");
BIO_printf(bio_err, "-out file output file\n"); BIO_printf(bio_err, "-out file output file\n");
BIO_printf (bio_err, "-outform arg output format SMIME (default), PEM or DER\n"); BIO_printf(bio_err,
BIO_printf (bio_err, "-content file supply or override content for detached signature\n"); "-outform arg output format SMIME (default), PEM or DER\n");
BIO_printf(bio_err,
"-content file supply or override content for detached signature\n");
BIO_printf(bio_err, "-to addr to address\n"); BIO_printf(bio_err, "-to addr to address\n");
BIO_printf(bio_err, "-from ad from address\n"); BIO_printf(bio_err, "-from ad from address\n");
BIO_printf(bio_err, "-subject s subject\n"); BIO_printf(bio_err, "-subject s subject\n");
BIO_printf (bio_err, "-text include or delete text MIME headers\n"); BIO_printf(bio_err,
BIO_printf (bio_err, "-CApath dir trusted certificates directory\n"); "-text include or delete text MIME headers\n");
BIO_printf(bio_err,
"-CApath dir trusted certificates directory\n");
BIO_printf(bio_err, "-CAfile file trusted certificates file\n"); BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); BIO_printf(bio_err,
BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n"); "-crl_check check revocation status of signer's certificate using CRLs\n");
BIO_printf(bio_err,
"-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err,
"-engine e use engine e, possibly a hardware device.\n");
#endif #endif
BIO_printf(bio_err, "-passin arg input file pass phrase source\n"); BIO_printf(bio_err, "-passin arg input file pass phrase source\n");
BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); LIST_SEPARATOR_CHAR);
BIO_printf(bio_err,
" load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n"); BIO_printf(bio_err, " the random number generator\n");
BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n"); BIO_printf(bio_err,
"cert.pem recipient certificate(s) for encryption\n");
goto end; goto end;
} }
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0); e = setup_engine(bio_err, engine, 0);
#endif #endif
if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
{
BIO_printf(bio_err, "Error getting password\n"); BIO_printf(bio_err, "Error getting password\n");
goto end; goto end;
} }
if (need_rand) if (need_rand) {
{
app_RAND_load_file(NULL, bio_err, (inrand != NULL)); app_RAND_load_file(NULL, bio_err, (inrand != NULL));
if (inrand != NULL) if (inrand != NULL)
BIO_printf(bio_err, "%ld semi-random bytes loaded\n", BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
@@ -502,25 +443,20 @@ int MAIN(int argc, char **argv)
if (operation != SMIME_SIGN) if (operation != SMIME_SIGN)
flags &= ~PKCS7_DETACHED; flags &= ~PKCS7_DETACHED;
if (operation & SMIME_OP) if (operation & SMIME_OP) {
{
if (flags & PKCS7_BINARY) if (flags & PKCS7_BINARY)
inmode = "rb"; inmode = "rb";
if (outformat == FORMAT_ASN1) if (outformat == FORMAT_ASN1)
outmode = "wb"; outmode = "wb";
} } else {
else
{
if (flags & PKCS7_BINARY) if (flags & PKCS7_BINARY)
outmode = "wb"; outmode = "wb";
if (informat == FORMAT_ASN1) if (informat == FORMAT_ASN1)
inmode = "rb"; inmode = "rb";
} }
if (operation == SMIME_ENCRYPT) if (operation == SMIME_ENCRYPT) {
{ if (!cipher) {
if (!cipher)
{
#ifndef OPENSSL_NO_DES #ifndef OPENSSL_NO_DES
cipher = EVP_des_ede3_cbc(); cipher = EVP_des_ede3_cbc();
#else #else
@@ -529,13 +465,13 @@ int MAIN(int argc, char **argv)
#endif #endif
} }
encerts = sk_X509_new_null(); encerts = sk_X509_new_null();
while (*args) while (*args) {
{
if (!(cert = load_cert(bio_err, *args, FORMAT_PEM, if (!(cert = load_cert(bio_err, *args, FORMAT_PEM,
NULL, e, "recipient certificate file"))) NULL, e, "recipient certificate file"))) {
{
#if 0 /* An appropriate message is already printed */ #if 0 /* An appropriate message is already printed */
BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args); BIO_printf(bio_err,
"Can't read recipient certificate file %s\n",
*args);
#endif #endif
goto end; goto end;
} }
@@ -545,24 +481,23 @@ int MAIN(int argc, char **argv)
} }
} }
if (signerfile && (operation == SMIME_SIGN)) if (signerfile && (operation == SMIME_SIGN)) {
{
if (!(signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL, if (!(signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL,
e, "signer certificate"))) e, "signer certificate"))) {
{ #if 0 /* An appropri message has already been
#if 0 /* An appropri message has already been printed */ * printed */
BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile); BIO_printf(bio_err, "Can't read signer certificate file %s\n",
signerfile);
#endif #endif
goto end; goto end;
} }
} }
if (certfile) if (certfile) {
{
if (!(other = load_certs(bio_err, certfile, FORMAT_PEM, NULL, if (!(other = load_certs(bio_err, certfile, FORMAT_PEM, NULL,
e, "certificate file"))) e, "certificate file"))) {
{ #if 0 /* An appropriate message has already been
#if 0 /* An appropriate message has already been printed */ * printed */
BIO_printf(bio_err, "Can't read certificate file %s\n", certfile); BIO_printf(bio_err, "Can't read certificate file %s\n", certfile);
#endif #endif
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
@@ -570,62 +505,49 @@ int MAIN(int argc, char **argv)
} }
} }
if (recipfile && (operation == SMIME_DECRYPT)) if (recipfile && (operation == SMIME_DECRYPT)) {
{
if (!(recip = load_cert(bio_err, recipfile, FORMAT_PEM, NULL, if (!(recip = load_cert(bio_err, recipfile, FORMAT_PEM, NULL,
e, "recipient certificate file"))) e, "recipient certificate file"))) {
{ #if 0 /* An appropriate message has alrady been
#if 0 /* An appropriate message has alrady been printed */ * printed */
BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile); BIO_printf(bio_err, "Can't read recipient certificate file %s\n",
recipfile);
#endif #endif
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
} }
if (operation == SMIME_DECRYPT) if (operation == SMIME_DECRYPT) {
{
if (!keyfile) if (!keyfile)
keyfile = recipfile; keyfile = recipfile;
} } else if (operation == SMIME_SIGN) {
else if (operation == SMIME_SIGN)
{
if (!keyfile) if (!keyfile)
keyfile = signerfile; keyfile = signerfile;
} } else
else keyfile = NULL; keyfile = NULL;
if (keyfile) if (keyfile) {
{
key = load_key(bio_err, keyfile, keyform, 0, passin, e, key = load_key(bio_err, keyfile, keyform, 0, passin, e,
"signing key file"); "signing key file");
if (!key) if (!key)
goto end; goto end;
} }
if (infile) if (infile) {
{ if (!(in = BIO_new_file(infile, inmode))) {
if (!(in = BIO_new_file(infile, inmode))) BIO_printf(bio_err, "Can't open input file %s\n", infile);
{
BIO_printf (bio_err,
"Can't open input file %s\n", infile);
goto end; goto end;
} }
} } else
else
in = BIO_new_fp(stdin, BIO_NOCLOSE); in = BIO_new_fp(stdin, BIO_NOCLOSE);
if (outfile) if (outfile) {
{ if (!(out = BIO_new_file(outfile, outmode))) {
if (!(out = BIO_new_file(outfile, outmode))) BIO_printf(bio_err, "Can't open output file %s\n", outfile);
{
BIO_printf (bio_err,
"Can't open output file %s\n", outfile);
goto end; goto end;
} }
} } else {
else
{
out = BIO_new_fp(stdout, BIO_NOCLOSE); out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS #ifdef OPENSSL_SYS_VMS
{ {
@@ -635,8 +557,7 @@ int MAIN(int argc, char **argv)
#endif #endif
} }
if (operation == SMIME_VERIFY) if (operation == SMIME_VERIFY) {
{
if (!(store = setup_verify(bio_err, CAfile, CApath))) if (!(store = setup_verify(bio_err, CAfile, CApath)))
goto end; goto end;
X509_STORE_set_verify_cb_func(store, smime_cb); X509_STORE_set_verify_cb_func(store, smime_cb);
@@ -644,89 +565,71 @@ int MAIN(int argc, char **argv)
X509_STORE_set1_param(store, vpm); X509_STORE_set1_param(store, vpm);
} }
ret = 3; ret = 3;
if (operation == SMIME_ENCRYPT) if (operation == SMIME_ENCRYPT)
p7 = PKCS7_encrypt(encerts, in, cipher, flags); p7 = PKCS7_encrypt(encerts, in, cipher, flags);
else if (operation == SMIME_SIGN) else if (operation == SMIME_SIGN) {
{ /*
/* If detached data and SMIME output enable partial * If detached data and SMIME output enable partial signing.
* signing.
*/ */
if ((flags & PKCS7_DETACHED) && (outformat == FORMAT_SMIME)) if ((flags & PKCS7_DETACHED) && (outformat == FORMAT_SMIME))
flags |= PKCS7_STREAM; flags |= PKCS7_STREAM;
p7 = PKCS7_sign(signer, key, other, in, flags); p7 = PKCS7_sign(signer, key, other, in, flags);
} } else {
else
{
if (informat == FORMAT_SMIME) if (informat == FORMAT_SMIME)
p7 = SMIME_read_PKCS7(in, &indata); p7 = SMIME_read_PKCS7(in, &indata);
else if (informat == FORMAT_PEM) else if (informat == FORMAT_PEM)
p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
else if (informat == FORMAT_ASN1) else if (informat == FORMAT_ASN1)
p7 = d2i_PKCS7_bio(in, NULL); p7 = d2i_PKCS7_bio(in, NULL);
else else {
{
BIO_printf(bio_err, "Bad input format for PKCS#7 file\n"); BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");
goto end; goto end;
} }
if (!p7) if (!p7) {
{
BIO_printf(bio_err, "Error reading S/MIME message\n"); BIO_printf(bio_err, "Error reading S/MIME message\n");
goto end; goto end;
} }
if (contfile) if (contfile) {
{
BIO_free(indata); BIO_free(indata);
if (!(indata = BIO_new_file(contfile, "rb"))) if (!(indata = BIO_new_file(contfile, "rb"))) {
{
BIO_printf(bio_err, "Can't read content file %s\n", contfile); BIO_printf(bio_err, "Can't read content file %s\n", contfile);
goto end; goto end;
} }
} }
} }
if (!p7) if (!p7) {
{
BIO_printf(bio_err, "Error creating PKCS#7 structure\n"); BIO_printf(bio_err, "Error creating PKCS#7 structure\n");
goto end; goto end;
} }
ret = 4; ret = 4;
if (operation == SMIME_DECRYPT) if (operation == SMIME_DECRYPT) {
{ if (!PKCS7_decrypt(p7, key, recip, out, flags)) {
if (!PKCS7_decrypt(p7, key, recip, out, flags))
{
BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n"); BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n");
goto end; goto end;
} }
} } else if (operation == SMIME_VERIFY) {
else if (operation == SMIME_VERIFY)
{
STACK_OF(X509) *signers; STACK_OF(X509) *signers;
if (PKCS7_verify(p7, other, store, indata, out, flags)) if (PKCS7_verify(p7, other, store, indata, out, flags))
BIO_printf(bio_err, "Verification successful\n"); BIO_printf(bio_err, "Verification successful\n");
else else {
{
BIO_printf(bio_err, "Verification failure\n"); BIO_printf(bio_err, "Verification failure\n");
goto end; goto end;
} }
signers = PKCS7_get0_signers(p7, other, flags); signers = PKCS7_get0_signers(p7, other, flags);
if (!save_certs(signerfile, signers)) if (!save_certs(signerfile, signers)) {
{ BIO_printf(bio_err, "Error writing signers to %s\n", signerfile);
BIO_printf(bio_err, "Error writing signers to %s\n",
signerfile);
ret = 5; ret = 5;
goto end; goto end;
} }
sk_X509_free(signers); sk_X509_free(signers);
} } else if (operation == SMIME_PK7OUT)
else if (operation == SMIME_PK7OUT)
PEM_write_bio_PKCS7(out, p7); PEM_write_bio_PKCS7(out, p7);
else else {
{
if (to) if (to)
BIO_printf(out, "To: %s\n", to); BIO_printf(out, "To: %s\n", to);
if (from) if (from)
@@ -739,8 +642,7 @@ int MAIN(int argc, char **argv)
PEM_write_bio_PKCS7(out, p7); PEM_write_bio_PKCS7(out, p7);
else if (outformat == FORMAT_ASN1) else if (outformat == FORMAT_ASN1)
i2d_PKCS7_bio(out, p7); i2d_PKCS7_bio(out, p7);
else else {
{
BIO_printf(bio_err, "Bad output format for PKCS#7 file\n"); BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");
goto end; goto end;
} }
@@ -749,7 +651,8 @@ int MAIN(int argc, char **argv)
end: end:
if (need_rand) if (need_rand)
app_RAND_write_file(NULL, bio_err); app_RAND_write_file(NULL, bio_err);
if (ret) ERR_print_errors(bio_err); if (ret)
ERR_print_errors(bio_err);
sk_X509_pop_free(encerts, X509_free); sk_X509_pop_free(encerts, X509_free);
sk_X509_pop_free(other, X509_free); sk_X509_pop_free(other, X509_free);
if (vpm) if (vpm)
@@ -763,7 +666,8 @@ end:
BIO_free(in); BIO_free(in);
BIO_free(indata); BIO_free(indata);
BIO_free_all(out); BIO_free_all(out);
if (passin) OPENSSL_free(passin); if (passin)
OPENSSL_free(passin);
return (ret); return (ret);
} }
@@ -774,14 +678,14 @@ static int save_certs(char *signerfile, STACK_OF(X509) *signers)
if (!signerfile) if (!signerfile)
return 1; return 1;
tmp = BIO_new_file(signerfile, "w"); tmp = BIO_new_file(signerfile, "w");
if (!tmp) return 0; if (!tmp)
return 0;
for (i = 0; i < sk_X509_num(signers); i++) for (i = 0; i < sk_X509_num(signers); i++)
PEM_write_bio_X509(tmp, sk_X509_value(signers, i)); PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
BIO_free(tmp); BIO_free(tmp);
return 1; return 1;
} }
/* Minimal callback just to output policy info (if any) */ /* Minimal callback just to output policy info (if any) */
static int smime_cb(int ok, X509_STORE_CTX *ctx) static int smime_cb(int ok, X509_STORE_CTX *ctx)

1304
apps/speed.c
View File

File diff suppressed because it is too large Load Diff

111
apps/spkac.c
View File

@@ -1,8 +1,8 @@
/* apps/spkac.c */ /* apps/spkac.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL /*
* project 1999. Based on an original idea by Massimiliano Pala * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* (madwolf@openca.org). * 1999. Based on an original idea by Massimiliano Pala (madwolf@openca.org).
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved. * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
@@ -100,7 +100,8 @@ int MAIN(int argc, char **argv)
apps_startup(); apps_startup();
if (!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); if (!bio_err)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL)) if (!load_config(bio_err, NULL))
goto end; goto end;
@@ -108,47 +109,40 @@ int MAIN(int argc, char **argv)
prog = argv[0]; prog = argv[0];
argc--; argc--;
argv++; argv++;
while (argc >= 1) while (argc >= 1) {
{ if (strcmp(*argv, "-in") == 0) {
if (strcmp(*argv,"-in") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
infile = *(++argv); infile = *(++argv);
} } else if (strcmp(*argv, "-out") == 0) {
else if (strcmp(*argv,"-out") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
outfile = *(++argv); outfile = *(++argv);
} } else if (strcmp(*argv, "-passin") == 0) {
else if (strcmp(*argv,"-passin") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
passargin = *(++argv); passargin = *(++argv);
} } else if (strcmp(*argv, "-key") == 0) {
else if (strcmp(*argv,"-key") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
keyfile = *(++argv); keyfile = *(++argv);
} } else if (strcmp(*argv, "-challenge") == 0) {
else if (strcmp(*argv,"-challenge") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
challenge = *(++argv); challenge = *(++argv);
} } else if (strcmp(*argv, "-spkac") == 0) {
else if (strcmp(*argv,"-spkac") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
spkac = *(++argv); spkac = *(++argv);
} } else if (strcmp(*argv, "-spksect") == 0) {
else if (strcmp(*argv,"-spksect") == 0) if (--argc < 1)
{ goto bad;
if (--argc < 1) goto bad;
spksect = *(++argv); spksect = *(++argv);
} }
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0) else if (strcmp(*argv, "-engine") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto bad; goto bad;
engine = *(++argv); engine = *(++argv);
} }
#endif #endif
@@ -158,27 +152,30 @@ int MAIN(int argc, char **argv)
pubkey = 1; pubkey = 1;
else if (strcmp(*argv, "-verify") == 0) else if (strcmp(*argv, "-verify") == 0)
verify = 1; verify = 1;
else badops = 1; else
badops = 1;
argc--; argc--;
argv++; argv++;
} }
if (badops) if (badops) {
{
bad: bad:
BIO_printf(bio_err, "%s [options]\n", prog); BIO_printf(bio_err, "%s [options]\n", prog);
BIO_printf(bio_err, "where options are\n"); BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, " -in arg input file\n"); BIO_printf(bio_err, " -in arg input file\n");
BIO_printf(bio_err, " -out arg output file\n"); BIO_printf(bio_err, " -out arg output file\n");
BIO_printf(bio_err," -key arg create SPKAC using private key\n"); BIO_printf(bio_err,
BIO_printf(bio_err," -passin arg input file pass phrase source\n"); " -key arg create SPKAC using private key\n");
BIO_printf(bio_err,
" -passin arg input file pass phrase source\n");
BIO_printf(bio_err, " -challenge arg challenge string\n"); BIO_printf(bio_err, " -challenge arg challenge string\n");
BIO_printf(bio_err, " -spkac arg alternative SPKAC name\n"); BIO_printf(bio_err, " -spkac arg alternative SPKAC name\n");
BIO_printf(bio_err, " -noout don't print SPKAC\n"); BIO_printf(bio_err, " -noout don't print SPKAC\n");
BIO_printf(bio_err, " -pubkey output public key\n"); BIO_printf(bio_err, " -pubkey output public key\n");
BIO_printf(bio_err, " -verify verify SPKAC signature\n"); BIO_printf(bio_err, " -verify verify SPKAC signature\n");
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err,
" -engine e use engine e, possibly a hardware device.\n");
#endif #endif
goto end; goto end;
} }
@@ -188,7 +185,6 @@ bad:
BIO_printf(bio_err, "Error getting password\n"); BIO_printf(bio_err, "Error getting password\n");
goto end; goto end;
} }
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0); e = setup_engine(bio_err, engine, 0);
#endif #endif
@@ -201,13 +197,15 @@ bad:
goto end; goto end;
} }
spki = NETSCAPE_SPKI_new(); spki = NETSCAPE_SPKI_new();
if(challenge) ASN1_STRING_set(spki->spkac->challenge, if (challenge)
ASN1_STRING_set(spki->spkac->challenge,
challenge, (int)strlen(challenge)); challenge, (int)strlen(challenge));
NETSCAPE_SPKI_set_pubkey(spki, pkey); NETSCAPE_SPKI_set_pubkey(spki, pkey);
NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
spkstr = NETSCAPE_SPKI_b64_encode(spki); spkstr = NETSCAPE_SPKI_b64_encode(spki);
if (outfile) out = BIO_new_file(outfile, "w"); if (outfile)
out = BIO_new_file(outfile, "w");
else { else {
out = BIO_new_fp(stdout, BIO_NOCLOSE); out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS #ifdef OPENSSL_SYS_VMS
@@ -229,10 +227,10 @@ bad:
goto end; goto end;
} }
if (infile)
in = BIO_new_file(infile, "r");
if (infile) in = BIO_new_file(infile, "r"); else
else in = BIO_new_fp(stdin, BIO_NOCLOSE); in = BIO_new_fp(stdin, BIO_NOCLOSE);
if (!in) { if (!in) {
BIO_printf(bio_err, "Error opening input file\n"); BIO_printf(bio_err, "Error opening input file\n");
@@ -265,7 +263,8 @@ bad:
goto end; goto end;
} }
if (outfile) out = BIO_new_file(outfile, "w"); if (outfile)
out = BIO_new_file(outfile, "w");
else { else {
out = BIO_new_fp(stdout, BIO_NOCLOSE); out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS #ifdef OPENSSL_SYS_VMS
@@ -282,18 +281,21 @@ bad:
goto end; goto end;
} }
if(!noout) NETSCAPE_SPKI_print(out, spki); if (!noout)
NETSCAPE_SPKI_print(out, spki);
pkey = NETSCAPE_SPKI_get_pubkey(spki); pkey = NETSCAPE_SPKI_get_pubkey(spki);
if (verify) { if (verify) {
i = NETSCAPE_SPKI_verify(spki, pkey); i = NETSCAPE_SPKI_verify(spki, pkey);
if (i > 0) BIO_printf(bio_err, "Signature OK\n"); if (i > 0)
BIO_printf(bio_err, "Signature OK\n");
else { else {
BIO_printf(bio_err, "Signature Failure\n"); BIO_printf(bio_err, "Signature Failure\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
} }
if(pubkey) PEM_write_bio_PUBKEY(out, pkey); if (pubkey)
PEM_write_bio_PUBKEY(out, pkey);
ret = 0; ret = 0;
@@ -303,7 +305,8 @@ end:
BIO_free(in); BIO_free(in);
BIO_free_all(out); BIO_free_all(out);
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
if(passin) OPENSSL_free(passin); if (passin)
OPENSSL_free(passin);
apps_shutdown(); apps_shutdown();
OPENSSL_EXIT(ret); OPENSSL_EXIT(ret);
} }

36
apps/testdsa.h
View File

@@ -7,6 +7,7 @@ static unsigned char dsa512_priv[] = {
0x65, 0xe5, 0xc7, 0x38, 0x60, 0x24, 0xb5, 0x89, 0xd4, 0x9c, 0xeb, 0x4c, 0x65, 0xe5, 0xc7, 0x38, 0x60, 0x24, 0xb5, 0x89, 0xd4, 0x9c, 0xeb, 0x4c,
0x9c, 0x1d, 0x7a, 0x22, 0xbd, 0xd1, 0xc2, 0xd2, 0x9c, 0x1d, 0x7a, 0x22, 0xbd, 0xd1, 0xc2, 0xd2,
}; };
static unsigned char dsa512_pub[] = { static unsigned char dsa512_pub[] = {
0x00, 0x95, 0xa7, 0x0d, 0xec, 0x93, 0x68, 0xba, 0x5f, 0xf7, 0x5f, 0x07, 0x00, 0x95, 0xa7, 0x0d, 0xec, 0x93, 0x68, 0xba, 0x5f, 0xf7, 0x5f, 0x07,
0xf2, 0x3b, 0xad, 0x6b, 0x01, 0xdc, 0xbe, 0xec, 0xde, 0x04, 0x7a, 0x3a, 0xf2, 0x3b, 0xad, 0x6b, 0x01, 0xdc, 0xbe, 0xec, 0xde, 0x04, 0x7a, 0x3a,
@@ -15,6 +16,7 @@ static unsigned char dsa512_pub[] = {
0x8c, 0x38, 0x5d, 0x83, 0x56, 0x7d, 0xee, 0x53, 0x05, 0x3e, 0x24, 0x84, 0x8c, 0x38, 0x5d, 0x83, 0x56, 0x7d, 0xee, 0x53, 0x05, 0x3e, 0x24, 0x84,
0xbe, 0xba, 0x0a, 0x6b, 0xc8, 0xbe, 0xba, 0x0a, 0x6b, 0xc8,
}; };
static unsigned char dsa512_p[] = { static unsigned char dsa512_p[] = {
0x9D, 0x1B, 0x69, 0x8E, 0x26, 0xDB, 0xF2, 0x2B, 0x11, 0x70, 0x19, 0x86, 0x9D, 0x1B, 0x69, 0x8E, 0x26, 0xDB, 0xF2, 0x2B, 0x11, 0x70, 0x19, 0x86,
0xF6, 0x19, 0xC8, 0xF8, 0x19, 0xF2, 0x18, 0x53, 0x94, 0x46, 0x06, 0xD0, 0xF6, 0x19, 0xC8, 0xF8, 0x19, 0xF2, 0x18, 0x53, 0x94, 0x46, 0x06, 0xD0,
@@ -23,10 +25,12 @@ static unsigned char dsa512_p[]={
0x96, 0xE4, 0x37, 0x33, 0xBB, 0x2D, 0x5A, 0xD7, 0x5A, 0x11, 0x40, 0x66, 0x96, 0xE4, 0x37, 0x33, 0xBB, 0x2D, 0x5A, 0xD7, 0x5A, 0x11, 0x40, 0x66,
0xA2, 0x76, 0x7D, 0x31, 0xA2, 0x76, 0x7D, 0x31,
}; };
static unsigned char dsa512_q[] = { static unsigned char dsa512_q[] = {
0xFB, 0x53, 0xEF, 0x50, 0xB4, 0x40, 0x92, 0x31, 0x56, 0x86, 0x53, 0x7A, 0xFB, 0x53, 0xEF, 0x50, 0xB4, 0x40, 0x92, 0x31, 0x56, 0x86, 0x53, 0x7A,
0xE8, 0x8B, 0x22, 0x9A, 0x49, 0xFB, 0x71, 0x8F, 0xE8, 0x8B, 0x22, 0x9A, 0x49, 0xFB, 0x71, 0x8F,
}; };
static unsigned char dsa512_g[] = { static unsigned char dsa512_g[] = {
0x83, 0x3E, 0x88, 0xE5, 0xC5, 0x89, 0x73, 0xCE, 0x3B, 0x6C, 0x01, 0x49, 0x83, 0x3E, 0x88, 0xE5, 0xC5, 0x89, 0x73, 0xCE, 0x3B, 0x6C, 0x01, 0x49,
0xBF, 0xB3, 0xC7, 0x9F, 0x0A, 0xEA, 0x44, 0x91, 0xE5, 0x30, 0xAA, 0xD9, 0xBF, 0xB3, 0xC7, 0x9F, 0x0A, 0xEA, 0x44, 0x91, 0xE5, 0x30, 0xAA, 0xD9,
@@ -40,14 +44,15 @@ DSA *get_dsa512()
{ {
DSA *dsa; DSA *dsa;
if ((dsa=DSA_new()) == NULL) return(NULL); if ((dsa = DSA_new()) == NULL)
return (NULL);
dsa->priv_key = BN_bin2bn(dsa512_priv, sizeof(dsa512_priv), NULL); dsa->priv_key = BN_bin2bn(dsa512_priv, sizeof(dsa512_priv), NULL);
dsa->pub_key = BN_bin2bn(dsa512_pub, sizeof(dsa512_pub), NULL); dsa->pub_key = BN_bin2bn(dsa512_pub, sizeof(dsa512_pub), NULL);
dsa->p = BN_bin2bn(dsa512_p, sizeof(dsa512_p), NULL); dsa->p = BN_bin2bn(dsa512_p, sizeof(dsa512_p), NULL);
dsa->q = BN_bin2bn(dsa512_q, sizeof(dsa512_q), NULL); dsa->q = BN_bin2bn(dsa512_q, sizeof(dsa512_q), NULL);
dsa->g = BN_bin2bn(dsa512_g, sizeof(dsa512_g), NULL); dsa->g = BN_bin2bn(dsa512_g, sizeof(dsa512_g), NULL);
if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) || if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL)
(dsa->q == NULL) || (dsa->g == NULL)) || (dsa->q == NULL) || (dsa->g == NULL))
return (NULL); return (NULL);
return (dsa); return (dsa);
} }
@@ -56,6 +61,7 @@ static unsigned char dsa1024_priv[]={
0x7d, 0x21, 0xda, 0xbb, 0x62, 0x15, 0x47, 0x36, 0x07, 0x67, 0x12, 0xe8, 0x7d, 0x21, 0xda, 0xbb, 0x62, 0x15, 0x47, 0x36, 0x07, 0x67, 0x12, 0xe8,
0x8c, 0xaa, 0x1c, 0xcd, 0x38, 0x12, 0x61, 0x18, 0x8c, 0xaa, 0x1c, 0xcd, 0x38, 0x12, 0x61, 0x18,
}; };
static unsigned char dsa1024_pub[] = { static unsigned char dsa1024_pub[] = {
0x3c, 0x4e, 0x9c, 0x2a, 0x7f, 0x16, 0xc1, 0x25, 0xeb, 0xac, 0x78, 0x63, 0x3c, 0x4e, 0x9c, 0x2a, 0x7f, 0x16, 0xc1, 0x25, 0xeb, 0xac, 0x78, 0x63,
0x90, 0x14, 0x8c, 0x8b, 0xf4, 0x68, 0x43, 0x3c, 0x2d, 0xee, 0x65, 0x50, 0x90, 0x14, 0x8c, 0x8b, 0xf4, 0x68, 0x43, 0x3c, 0x2d, 0xee, 0x65, 0x50,
@@ -69,6 +75,7 @@ static unsigned char dsa1024_pub[]={
0x2c, 0x0b, 0xc3, 0x13, 0x50, 0x61, 0xe5, 0xad, 0xbd, 0x36, 0xb8, 0x97, 0x2c, 0x0b, 0xc3, 0x13, 0x50, 0x61, 0xe5, 0xad, 0xbd, 0x36, 0xb8, 0x97,
0x4e, 0x40, 0x7d, 0xe8, 0x83, 0x0d, 0xbc, 0x4b 0x4e, 0x40, 0x7d, 0xe8, 0x83, 0x0d, 0xbc, 0x4b
}; };
static unsigned char dsa1024_p[] = { static unsigned char dsa1024_p[] = {
0xA7, 0x3F, 0x6E, 0x85, 0xBF, 0x41, 0x6A, 0x29, 0x7D, 0xF0, 0x9F, 0x47, 0xA7, 0x3F, 0x6E, 0x85, 0xBF, 0x41, 0x6A, 0x29, 0x7D, 0xF0, 0x9F, 0x47,
0x19, 0x30, 0x90, 0x9A, 0x09, 0x1D, 0xDA, 0x6A, 0x33, 0x1E, 0xC5, 0x3D, 0x19, 0x30, 0x90, 0x9A, 0x09, 0x1D, 0xDA, 0x6A, 0x33, 0x1E, 0xC5, 0x3D,
@@ -82,10 +89,12 @@ static unsigned char dsa1024_p[]={
0x39, 0x4F, 0xFD, 0xB7, 0x43, 0x1F, 0xB5, 0xA4, 0x65, 0x6F, 0xCD, 0x80, 0x39, 0x4F, 0xFD, 0xB7, 0x43, 0x1F, 0xB5, 0xA4, 0x65, 0x6F, 0xCD, 0x80,
0x11, 0xE4, 0x70, 0x95, 0x5B, 0x50, 0xCD, 0x49, 0x11, 0xE4, 0x70, 0x95, 0x5B, 0x50, 0xCD, 0x49,
}; };
static unsigned char dsa1024_q[] = { static unsigned char dsa1024_q[] = {
0xF7, 0x07, 0x31, 0xED, 0xFA, 0x6C, 0x06, 0x03, 0xD5, 0x85, 0x8A, 0x1C, 0xF7, 0x07, 0x31, 0xED, 0xFA, 0x6C, 0x06, 0x03, 0xD5, 0x85, 0x8A, 0x1C,
0xAC, 0x9C, 0x65, 0xE7, 0x50, 0x66, 0x65, 0x6F, 0xAC, 0x9C, 0x65, 0xE7, 0x50, 0x66, 0x65, 0x6F,
}; };
static unsigned char dsa1024_g[] = { static unsigned char dsa1024_g[] = {
0x4D, 0xDF, 0x4C, 0x03, 0xA6, 0x91, 0x8A, 0xF5, 0x19, 0x6F, 0x50, 0x46, 0x4D, 0xDF, 0x4C, 0x03, 0xA6, 0x91, 0x8A, 0xF5, 0x19, 0x6F, 0x50, 0x46,
0x25, 0x99, 0xE5, 0x68, 0x6F, 0x30, 0xE3, 0x69, 0xE1, 0xE5, 0xB3, 0x5D, 0x25, 0x99, 0xE5, 0x68, 0x6F, 0x30, 0xE3, 0x69, 0xE1, 0xE5, 0xB3, 0x5D,
@@ -104,14 +113,15 @@ DSA *get_dsa1024()
{ {
DSA *dsa; DSA *dsa;
if ((dsa=DSA_new()) == NULL) return(NULL); if ((dsa = DSA_new()) == NULL)
return (NULL);
dsa->priv_key = BN_bin2bn(dsa1024_priv, sizeof(dsa1024_priv), NULL); dsa->priv_key = BN_bin2bn(dsa1024_priv, sizeof(dsa1024_priv), NULL);
dsa->pub_key = BN_bin2bn(dsa1024_pub, sizeof(dsa1024_pub), NULL); dsa->pub_key = BN_bin2bn(dsa1024_pub, sizeof(dsa1024_pub), NULL);
dsa->p = BN_bin2bn(dsa1024_p, sizeof(dsa1024_p), NULL); dsa->p = BN_bin2bn(dsa1024_p, sizeof(dsa1024_p), NULL);
dsa->q = BN_bin2bn(dsa1024_q, sizeof(dsa1024_q), NULL); dsa->q = BN_bin2bn(dsa1024_q, sizeof(dsa1024_q), NULL);
dsa->g = BN_bin2bn(dsa1024_g, sizeof(dsa1024_g), NULL); dsa->g = BN_bin2bn(dsa1024_g, sizeof(dsa1024_g), NULL);
if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) || if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL)
(dsa->q == NULL) || (dsa->g == NULL)) || (dsa->q == NULL) || (dsa->g == NULL))
return (NULL); return (NULL);
return (dsa); return (dsa);
} }
@@ -120,6 +130,7 @@ static unsigned char dsa2048_priv[]={
0x32, 0x67, 0x92, 0xf6, 0xc4, 0xe2, 0xe2, 0xe8, 0xa0, 0x8b, 0x6b, 0x45, 0x32, 0x67, 0x92, 0xf6, 0xc4, 0xe2, 0xe2, 0xe8, 0xa0, 0x8b, 0x6b, 0x45,
0x0c, 0x8a, 0x76, 0xb0, 0xee, 0xcf, 0x91, 0xa7, 0x0c, 0x8a, 0x76, 0xb0, 0xee, 0xcf, 0x91, 0xa7,
}; };
static unsigned char dsa2048_pub[] = { static unsigned char dsa2048_pub[] = {
0x17, 0x8f, 0xa8, 0x11, 0x84, 0x92, 0xec, 0x83, 0x47, 0xc7, 0x6a, 0xb0, 0x17, 0x8f, 0xa8, 0x11, 0x84, 0x92, 0xec, 0x83, 0x47, 0xc7, 0x6a, 0xb0,
0x92, 0xaf, 0x5a, 0x20, 0x37, 0xa3, 0x64, 0x79, 0xd2, 0xd0, 0x3d, 0xcd, 0x92, 0xaf, 0x5a, 0x20, 0x37, 0xa3, 0x64, 0x79, 0xd2, 0xd0, 0x3d, 0xcd,
@@ -144,6 +155,7 @@ static unsigned char dsa2048_pub[]={
0x72, 0xf4, 0x10, 0xe6, 0x8d, 0x52, 0x16, 0x7f, 0xf2, 0xc9, 0xf8, 0x33, 0x72, 0xf4, 0x10, 0xe6, 0x8d, 0x52, 0x16, 0x7f, 0xf2, 0xc9, 0xf8, 0x33,
0x8b, 0x33, 0xb7, 0xce, 0x8b, 0x33, 0xb7, 0xce,
}; };
static unsigned char dsa2048_p[] = { static unsigned char dsa2048_p[] = {
0xA0, 0x25, 0xFA, 0xAD, 0xF4, 0x8E, 0xB9, 0xE5, 0x99, 0xF3, 0x5D, 0x6F, 0xA0, 0x25, 0xFA, 0xAD, 0xF4, 0x8E, 0xB9, 0xE5, 0x99, 0xF3, 0x5D, 0x6F,
0x4F, 0x83, 0x34, 0xE2, 0x7E, 0xCF, 0x6F, 0xBF, 0x30, 0xAF, 0x6F, 0x81, 0x4F, 0x83, 0x34, 0xE2, 0x7E, 0xCF, 0x6F, 0xBF, 0x30, 0xAF, 0x6F, 0x81,
@@ -168,10 +180,12 @@ static unsigned char dsa2048_p[]={
0x5D, 0xA7, 0xD8, 0x54, 0xC3, 0x65, 0x7D, 0xC3, 0xB0, 0x1D, 0xBF, 0xAE, 0x5D, 0xA7, 0xD8, 0x54, 0xC3, 0x65, 0x7D, 0xC3, 0xB0, 0x1D, 0xBF, 0xAE,
0xF8, 0x68, 0xCF, 0x9B, 0xF8, 0x68, 0xCF, 0x9B,
}; };
static unsigned char dsa2048_q[] = { static unsigned char dsa2048_q[] = {
0x97, 0xE7, 0x33, 0x4D, 0xD3, 0x94, 0x3E, 0x0B, 0xDB, 0x62, 0x74, 0xC6, 0x97, 0xE7, 0x33, 0x4D, 0xD3, 0x94, 0x3E, 0x0B, 0xDB, 0x62, 0x74, 0xC6,
0xA1, 0x08, 0xDD, 0x19, 0xA3, 0x75, 0x17, 0x1B, 0xA1, 0x08, 0xDD, 0x19, 0xA3, 0x75, 0x17, 0x1B,
}; };
static unsigned char dsa2048_g[] = { static unsigned char dsa2048_g[] = {
0x2C, 0x78, 0x16, 0x59, 0x34, 0x63, 0xF4, 0xF3, 0x92, 0xFC, 0xB5, 0xA5, 0x2C, 0x78, 0x16, 0x59, 0x34, 0x63, 0xF4, 0xF3, 0x92, 0xFC, 0xB5, 0xA5,
0x4F, 0x13, 0xDE, 0x2F, 0x1C, 0xA4, 0x3C, 0xAE, 0xAD, 0x38, 0x3F, 0x7E, 0x4F, 0x13, 0xDE, 0x2F, 0x1C, 0xA4, 0x3C, 0xAE, 0xAD, 0x38, 0x3F, 0x7E,
@@ -201,17 +215,19 @@ DSA *get_dsa2048()
{ {
DSA *dsa; DSA *dsa;
if ((dsa=DSA_new()) == NULL) return(NULL); if ((dsa = DSA_new()) == NULL)
return (NULL);
dsa->priv_key = BN_bin2bn(dsa2048_priv, sizeof(dsa2048_priv), NULL); dsa->priv_key = BN_bin2bn(dsa2048_priv, sizeof(dsa2048_priv), NULL);
dsa->pub_key = BN_bin2bn(dsa2048_pub, sizeof(dsa2048_pub), NULL); dsa->pub_key = BN_bin2bn(dsa2048_pub, sizeof(dsa2048_pub), NULL);
dsa->p = BN_bin2bn(dsa2048_p, sizeof(dsa2048_p), NULL); dsa->p = BN_bin2bn(dsa2048_p, sizeof(dsa2048_p), NULL);
dsa->q = BN_bin2bn(dsa2048_q, sizeof(dsa2048_q), NULL); dsa->q = BN_bin2bn(dsa2048_q, sizeof(dsa2048_q), NULL);
dsa->g = BN_bin2bn(dsa2048_g, sizeof(dsa2048_g), NULL); dsa->g = BN_bin2bn(dsa2048_g, sizeof(dsa2048_g), NULL);
if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) || if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL)
(dsa->q == NULL) || (dsa->g == NULL)) || (dsa->q == NULL) || (dsa->g == NULL))
return (NULL); return (NULL);
return (dsa); return (dsa);
} }
static const char rnd_seed[] = "string to make the random number generator think it has entropy"; static const char rnd_seed[] =
"string to make the random number generator think it has entropy";
static int rnd_fake = 0; static int rnd_fake = 0;

161
apps/verify.c
View File

@@ -70,7 +70,8 @@
#define PROG verify_main #define PROG verify_main
static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx); static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx);
static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose, ENGINE *e); static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain,
STACK_OF(X509) *tchain, int purpose, ENGINE *e);
static STACK_OF(X509) *load_untrusted(char *file); static STACK_OF(X509) *load_untrusted(char *file);
static int v_verbose = 0, vflags = 0; static int v_verbose = 0, vflags = 0;
@@ -92,7 +93,8 @@ int MAIN(int argc, char **argv)
#endif #endif
cert_ctx = X509_STORE_new(); cert_ctx = X509_STORE_new();
if (cert_ctx == NULL) goto end; if (cert_ctx == NULL)
goto end;
X509_STORE_set_verify_cb_func(cert_ctx, cb); X509_STORE_set_verify_cb_func(cert_ctx, cb);
ERR_load_crypto_strings(); ERR_load_crypto_strings();
@@ -108,41 +110,33 @@ int MAIN(int argc, char **argv)
argc--; argc--;
argv++; argv++;
for (;;) for (;;) {
{ if (argc >= 1) {
if (argc >= 1) if (strcmp(*argv, "-CApath") == 0) {
{ if (argc-- < 1)
if (strcmp(*argv,"-CApath") == 0) goto end;
{
if (argc-- < 1) goto end;
CApath = *(++argv); CApath = *(++argv);
} } else if (strcmp(*argv, "-CAfile") == 0) {
else if (strcmp(*argv,"-CAfile") == 0) if (argc-- < 1)
{ goto end;
if (argc-- < 1) goto end;
CAfile = *(++argv); CAfile = *(++argv);
} } else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) {
else if (args_verify(&argv, &argc, &badarg, bio_err,
&vpm))
{
if (badarg) if (badarg)
goto end; goto end;
continue; continue;
} } else if (strcmp(*argv, "-untrusted") == 0) {
else if (strcmp(*argv,"-untrusted") == 0) if (argc-- < 1)
{ goto end;
if (argc-- < 1) goto end;
untfile = *(++argv); untfile = *(++argv);
} } else if (strcmp(*argv, "-trusted") == 0) {
else if (strcmp(*argv,"-trusted") == 0) if (argc-- < 1)
{ goto end;
if (argc-- < 1) goto end;
trustfile = *(++argv); trustfile = *(++argv);
} }
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0) else if (strcmp(*argv, "-engine") == 0) {
{ if (--argc < 1)
if (--argc < 1) goto end; goto end;
engine = *(++argv); engine = *(++argv);
} }
#endif #endif
@@ -156,8 +150,7 @@ int MAIN(int argc, char **argv)
break; break;
argc--; argc--;
argv++; argv++;
} } else
else
break; break;
} }
@@ -169,7 +162,8 @@ int MAIN(int argc, char **argv)
X509_STORE_set1_param(cert_ctx, vpm); X509_STORE_set1_param(cert_ctx, vpm);
lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file()); lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
if (lookup == NULL) abort(); if (lookup == NULL)
abort();
if (CAfile) { if (CAfile) {
i = X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM); i = X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM);
if (!i) { if (!i) {
@@ -177,10 +171,12 @@ int MAIN(int argc, char **argv)
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
} else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT); } else
X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir()); lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir());
if (lookup == NULL) abort(); if (lookup == NULL)
abort();
if (CApath) { if (CApath) {
i = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM); i = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM);
if (!i) { if (!i) {
@@ -188,7 +184,8 @@ int MAIN(int argc, char **argv)
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
} else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT); } else
X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
ERR_clear_error(); ERR_clear_error();
@@ -202,20 +199,23 @@ int MAIN(int argc, char **argv)
if (trustfile) { if (trustfile) {
if (!(trusted = load_untrusted(trustfile))) { if (!(trusted = load_untrusted(trustfile))) {
BIO_printf(bio_err, "Error loading untrusted file %s\n", trustfile); BIO_printf(bio_err, "Error loading untrusted file %s\n",
trustfile);
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
} }
if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, purpose, e); if (argc < 1)
check(cert_ctx, NULL, untrusted, trusted, purpose, e);
else else
for (i = 0; i < argc; i++) for (i = 0; i < argc; i++)
check(cert_ctx, argv[i], untrusted, trusted, purpose, e); check(cert_ctx, argv[i], untrusted, trusted, purpose, e);
ret = 0; ret = 0;
end: end:
if (ret == 1) { if (ret == 1) {
BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]"); BIO_printf(bio_err,
"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, " [-engine e]"); BIO_printf(bio_err, " [-engine e]");
#endif #endif
@@ -224,19 +224,23 @@ end:
for (i = 0; i < X509_PURPOSE_get_count(); i++) { for (i = 0; i < X509_PURPOSE_get_count(); i++) {
X509_PURPOSE *ptmp; X509_PURPOSE *ptmp;
ptmp = X509_PURPOSE_get0(i); ptmp = X509_PURPOSE_get0(i);
BIO_printf(bio_err, "\t%-10s\t%s\n", X509_PURPOSE_get0_sname(ptmp), BIO_printf(bio_err, "\t%-10s\t%s\n",
X509_PURPOSE_get0_sname(ptmp),
X509_PURPOSE_get0_name(ptmp)); X509_PURPOSE_get0_name(ptmp));
} }
} }
if (vpm) X509_VERIFY_PARAM_free(vpm); if (vpm)
if (cert_ctx != NULL) X509_STORE_free(cert_ctx); X509_VERIFY_PARAM_free(vpm);
if (cert_ctx != NULL)
X509_STORE_free(cert_ctx);
sk_X509_pop_free(untrusted, X509_free); sk_X509_pop_free(untrusted, X509_free);
sk_X509_pop_free(trusted, X509_free); sk_X509_pop_free(trusted, X509_free);
apps_shutdown(); apps_shutdown();
OPENSSL_EXIT(ret); OPENSSL_EXIT(ret);
} }
static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose, ENGINE *e) static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain,
STACK_OF(X509) *tchain, int purpose, ENGINE *e)
{ {
X509 *x = NULL; X509 *x = NULL;
int i = 0, ret = 0; int i = 0, ret = 0;
@@ -248,32 +252,31 @@ static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X
fprintf(stdout, "%s: ", (file == NULL) ? "stdin" : file); fprintf(stdout, "%s: ", (file == NULL) ? "stdin" : file);
csc = X509_STORE_CTX_new(); csc = X509_STORE_CTX_new();
if (csc == NULL) if (csc == NULL) {
{
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
X509_STORE_set_flags(ctx, vflags); X509_STORE_set_flags(ctx, vflags);
if(!X509_STORE_CTX_init(csc,ctx,x,uchain)) if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) {
{
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
if(tchain) X509_STORE_CTX_trusted_stack(csc, tchain); if (tchain)
if(purpose >= 0) X509_STORE_CTX_set_purpose(csc, purpose); X509_STORE_CTX_trusted_stack(csc, tchain);
if (purpose >= 0)
X509_STORE_CTX_set_purpose(csc, purpose);
i = X509_verify_cert(csc); i = X509_verify_cert(csc);
X509_STORE_CTX_free(csc); X509_STORE_CTX_free(csc);
ret = 0; ret = 0;
end: end:
if (i > 0) if (i > 0) {
{
fprintf(stdout, "OK\n"); fprintf(stdout, "OK\n");
ret = 1; ret = 1;
} } else
else
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
if (x != NULL) X509_free(x); if (x != NULL)
X509_free(x);
return (ret); return (ret);
} }
@@ -302,11 +305,9 @@ static STACK_OF(X509) *load_untrusted(char *certfile)
} }
/* scan over it and pull out the certs */ /* scan over it and pull out the certs */
while (sk_X509_INFO_num(sk)) while (sk_X509_INFO_num(sk)) {
{
xi = sk_X509_INFO_shift(sk); xi = sk_X509_INFO_shift(sk);
if (xi->x509 != NULL) if (xi->x509 != NULL) {
{
sk_X509_push(stack, xi->x509); sk_X509_push(stack, xi->x509);
xi->x509 = NULL; xi->x509 = NULL;
} }
@@ -328,33 +329,39 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
{ {
char buf[256]; char buf[256];
if (!ok) if (!ok) {
{ if (ctx->current_cert) {
if (ctx->current_cert) X509_NAME_oneline(X509_get_subject_name(ctx->current_cert), buf,
{
X509_NAME_oneline(
X509_get_subject_name(ctx->current_cert),buf,
sizeof buf); sizeof buf);
printf("%s\n", buf); printf("%s\n", buf);
} }
printf("error %d at %d depth lookup:%s\n", ctx->error, printf("error %d at %d depth lookup:%s\n", ctx->error,
ctx->error_depth, ctx->error_depth, X509_verify_cert_error_string(ctx->error));
X509_verify_cert_error_string(ctx->error)); if (ctx->error == X509_V_ERR_CERT_HAS_EXPIRED)
if (ctx->error == X509_V_ERR_CERT_HAS_EXPIRED) ok=1; ok = 1;
/* since we are just checking the certificates, it is /*
* ok if they are self signed. But we should still warn * since we are just checking the certificates, it is ok if they are
* the user. * self signed. But we should still warn the user.
*/ */
if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1; if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
ok = 1;
/* Continue after extension errors too */ /* Continue after extension errors too */
if (ctx->error == X509_V_ERR_INVALID_CA) ok=1; if (ctx->error == X509_V_ERR_INVALID_CA)
if (ctx->error == X509_V_ERR_INVALID_NON_CA) ok=1; ok = 1;
if (ctx->error == X509_V_ERR_PATH_LENGTH_EXCEEDED) ok=1; if (ctx->error == X509_V_ERR_INVALID_NON_CA)
if (ctx->error == X509_V_ERR_INVALID_PURPOSE) ok=1; ok = 1;
if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1; if (ctx->error == X509_V_ERR_PATH_LENGTH_EXCEEDED)
if (ctx->error == X509_V_ERR_CRL_HAS_EXPIRED) ok=1; ok = 1;
if (ctx->error == X509_V_ERR_CRL_NOT_YET_VALID) ok=1; if (ctx->error == X509_V_ERR_INVALID_PURPOSE)
if (ctx->error == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) ok=1; ok = 1;
if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
ok = 1;
if (ctx->error == X509_V_ERR_CRL_HAS_EXPIRED)
ok = 1;
if (ctx->error == X509_V_ERR_CRL_NOT_YET_VALID)
ok = 1;
if (ctx->error == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION)
ok = 1;
if (ctx->error == X509_V_ERR_NO_EXPLICIT_POLICY) if (ctx->error == X509_V_ERR_NO_EXPLICIT_POLICY)
policies_print(NULL, ctx); policies_print(NULL, ctx);

37
apps/version.c
View File

@@ -148,9 +148,9 @@ int MAIN(int argc, char **argv)
if ((bio_err = BIO_new(BIO_s_file())) != NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (argc == 1) version=1; if (argc == 1)
for (i=1; i<argc; i++) version = 1;
{ for (i = 1; i < argc; i++) {
if (strcmp(argv[i], "-v") == 0) if (strcmp(argv[i], "-v") == 0)
version = 1; version = 1;
else if (strcmp(argv[i], "-b") == 0) else if (strcmp(argv[i], "-b") == 0)
@@ -165,31 +165,26 @@ int MAIN(int argc, char **argv)
dir = 1; dir = 1;
else if (strcmp(argv[i], "-a") == 0) else if (strcmp(argv[i], "-a") == 0)
date = version = cflags = options = platform = dir = 1; date = version = cflags = options = platform = dir = 1;
else else {
{
BIO_printf(bio_err, "usage:version -[avbofpd]\n"); BIO_printf(bio_err, "usage:version -[avbofpd]\n");
ret = 1; ret = 1;
goto end; goto end;
} }
} }
if (version) if (version) {
{ if (SSLeay() == SSLEAY_VERSION_NUMBER) {
if (SSLeay() == SSLEAY_VERSION_NUMBER)
{
printf("%s\n", SSLeay_version(SSLEAY_VERSION)); printf("%s\n", SSLeay_version(SSLEAY_VERSION));
} } else {
else
{
printf("%s (Library: %s)\n", printf("%s (Library: %s)\n",
OPENSSL_VERSION_TEXT, OPENSSL_VERSION_TEXT, SSLeay_version(SSLEAY_VERSION));
SSLeay_version(SSLEAY_VERSION));
} }
} }
if (date) printf("%s\n",SSLeay_version(SSLEAY_BUILT_ON)); if (date)
if (platform) printf("%s\n",SSLeay_version(SSLEAY_PLATFORM)); printf("%s\n", SSLeay_version(SSLEAY_BUILT_ON));
if (options) if (platform)
{ printf("%s\n", SSLeay_version(SSLEAY_PLATFORM));
if (options) {
printf("options: "); printf("options: ");
printf("%s ", BN_options()); printf("%s ", BN_options());
#ifndef OPENSSL_NO_MD2 #ifndef OPENSSL_NO_MD2
@@ -209,8 +204,10 @@ int MAIN(int argc, char **argv)
#endif #endif
printf("\n"); printf("\n");
} }
if (cflags) printf("%s\n",SSLeay_version(SSLEAY_CFLAGS)); if (cflags)
if (dir) printf("%s\n",SSLeay_version(SSLEAY_DIR)); printf("%s\n", SSLeay_version(SSLEAY_CFLAGS));
if (dir)
printf("%s\n", SSLeay_version(SSLEAY_DIR));
end: end:
apps_shutdown(); apps_shutdown();
OPENSSL_EXIT(ret); OPENSSL_EXIT(ret);

13
apps/winrand.c
View File

@@ -99,14 +99,13 @@ int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
hwnd = CreateWindow(appname, OPENSSL_VERSION_TEXT, hwnd = CreateWindow(appname, OPENSSL_VERSION_TEXT,
WS_OVERLAPPEDWINDOW, CW_USEDEFAULT, CW_USEDEFAULT, WS_OVERLAPPEDWINDOW, CW_USEDEFAULT, CW_USEDEFAULT,
CW_USEDEFAULT, CW_USEDEFAULT, NULL, NULL, hInstance, NULL); CW_USEDEFAULT, CW_USEDEFAULT, NULL, NULL, hInstance,
NULL);
ShowWindow(hwnd, iCmdShow); ShowWindow(hwnd, iCmdShow);
UpdateWindow(hwnd); UpdateWindow(hwnd);
while (GetMessage(&msg, NULL, 0, 0)) {
while (GetMessage(&msg, NULL, 0, 0))
{
TranslateMessage(&msg); TranslateMessage(&msg);
DispatchMessage(&msg); DispatchMessage(&msg);
} }
@@ -121,8 +120,7 @@ LRESULT CALLBACK WndProc(HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam)
RECT rect; RECT rect;
static int seeded = 0; static int seeded = 0;
switch (iMsg) switch (iMsg) {
{
case WM_PAINT: case WM_PAINT:
hdc = BeginPaint(hwnd, &ps); hdc = BeginPaint(hwnd, &ps);
GetClientRect(hwnd, &rect); GetClientRect(hwnd, &rect);
@@ -136,8 +134,7 @@ LRESULT CALLBACK WndProc(HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam)
return 0; return 0;
} }
if (RAND_event(iMsg, wParam, lParam) == 1 && seeded == 0) if (RAND_event(iMsg, wParam, lParam) == 1 && seeded == 0) {
{
seeded = 1; seeded = 1;
if (RAND_write_file(filename) <= 0) if (RAND_write_file(filename) <= 0)
MessageBox(hwnd, "Couldn't write random file!", MessageBox(hwnd, "Couldn't write random file!",

756
apps/x509.c
View File

File diff suppressed because it is too large Load Diff

10
bugs/alpha.c
View File

@@ -56,9 +56,10 @@
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
/* while not exactly a bug (ASN1 C leaves this undefined) it is /*
* something to watch out for. This was fine on linux/NT/Solaris but not * while not exactly a bug (ASN1 C leaves this undefined) it is something to
* Alpha */ * watch out for. This was fine on linux/NT/Solaris but not Alpha
*/
/*- /*-
* it is basically an example of * it is basically an example of
@@ -85,8 +86,7 @@ main()
p = data; p = data;
for (i=0; i<4; i++) for (i = 0; i < 4; i++) {
{
func(p, *(p++)); func(p, *(p++));
} }
} }

21
bugs/dggccbug.c
View File

@@ -4,15 +4,15 @@
#include <stdio.h> #include <stdio.h>
/* There is a bug in /*
* gcc version 2.5.8 (88open OCS/BCS, DG-2.5.8.3, Oct 14 1994) * There is a bug in gcc version 2.5.8 (88open OCS/BCS, DG-2.5.8.3, Oct 14
* as shipped with DGUX 5.4R3.10 that can be bypassed by defining * 1994) as shipped with DGUX 5.4R3.10 that can be bypassed by defining
* DG_GCC_BUG in my code. * DG_GCC_BUG in my code. The bug manifests itself by the vaule of a pointer
* The bug manifests itself by the vaule of a pointer that is * that is used only by reference, not having it's value change when it is
* used only by reference, not having it's value change when it is used * used to check for exiting the loop. Probably caused by there being 2
* to check for exiting the loop. Probably caused by there being 2 * copies of the valiable, one in a register and one being an address that is
* copies of the valiable, one in a register and one being an address * passed.
* that is passed. */ */
/*- /*-
* compare the out put from * compare the out put from
@@ -35,8 +35,7 @@ main()
int dummy; int dummy;
#endif #endif
while (p<3) while (p < 3) {
{
fprintf(stderr, "%08X\n", p); fprintf(stderr, "%08X\n", p);
inc(&p); inc(&p);
#ifdef FIXBUG #ifdef FIXBUG

22
bugs/sgiccbug.c
View File

@@ -4,11 +4,11 @@
#include <stdio.h> #include <stdio.h>
/* This compiler bug it present on IRIX 5.3, 5.1 and 4.0.5 (these are /*
* the only versions of IRIX I have access to. * This compiler bug it present on IRIX 5.3, 5.1 and 4.0.5 (these are the
* defining FIXBUG removes the bug. * only versions of IRIX I have access to. defining FIXBUG removes the bug.
* (bug is still present in IRIX 6.3 according to * (bug is still present in IRIX 6.3 according to Gage
* Gage <agage@forgetmenot.Mines.EDU> * <agage@forgetmenot.Mines.EDU>
*/ */
/*- /*-
@@ -18,9 +18,12 @@
* cc -O sgiccbug.c; ./a.out * cc -O sgiccbug.c; ./a.out
*/ */
static unsigned long a[4]={0x01234567,0x89ABCDEF,0xFEDCBA98,0x76543210}; static unsigned long a[4] =
static unsigned long b[4]={0x89ABCDEF,0xFEDCBA98,0x76543210,0x01234567}; { 0x01234567, 0x89ABCDEF, 0xFEDCBA98, 0x76543210 };
static unsigned long c[4]={0x77777778,0x8ACF1357,0x88888888,0x7530ECA9}; static unsigned long b[4] =
{ 0x89ABCDEF, 0xFEDCBA98, 0x76543210, 0x01234567 };
static unsigned long c[4] =
{ 0x77777778, 0x8ACF1357, 0x88888888, 0x7530ECA9 };
main() main()
{ {
@@ -45,8 +48,7 @@ unsigned long *r,*a,*b;
bp = b; bp = b;
rp = r; rp = r;
carry = 0; carry = 0;
for (i=0; i<4; i++) for (i = 0; i < 4; i++) {
{
t1 = *(ap++); t1 = *(ap++);
t2 = *(bp++); t2 = *(bp++);
t1 = (t1 - t2); t1 = (t1 - t2);

5
bugs/stream.c
View File

@@ -64,8 +64,9 @@
# include <openssl/des.h> # include <openssl/des.h>
#endif #endif
/* show how stream ciphers are not very good. The mac has no affect /*
* on RC4 while it does for cfb DES * show how stream ciphers are not very good. The mac has no affect on RC4
* while it does for cfb DES
*/ */
main() main()

4
bugs/ultrixcc.c
View File

@@ -21,8 +21,7 @@ main()
int f(a) int f(a)
int a; int a;
{ {
switch(a&7) switch (a & 7) {
{
case 7: case 7:
printf("7\n"); printf("7\n");
case 6: case 6:
@@ -43,4 +42,3 @@ int a;
#endif #endif
} }
} }

9
crypto/LPdir_nyi.c
View File

@@ -1,4 +1,6 @@
/* $LP: LPlib/source/LPdir_win.c,v 1.1 2004/06/14 10:07:56 _cvs_levitte Exp $ */ /*
* $LP: LPlib/source/LPdir_win.c,v 1.1 2004/06/14 10:07:56 _cvs_levitte Exp $
*/
/* /*
* Copyright (c) 2004, Richard Levitte <richard@levitte.org> * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
* All rights reserved. * All rights reserved.
@@ -29,12 +31,15 @@
# include "LPdir.h" # include "LPdir.h"
#endif #endif
struct LP_dir_context_st { void *dummy; }; struct LP_dir_context_st {
void *dummy;
};
const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
{ {
errno = EINVAL; errno = EINVAL;
return 0; return 0;
} }
int LP_find_file_end(LP_DIR_CTX **ctx) int LP_find_file_end(LP_DIR_CTX **ctx)
{ {
errno = EINVAL; errno = EINVAL;

53
crypto/LPdir_unix.c
View File

@@ -1,4 +1,7 @@
/* $LP: LPlib/source/LPdir_unix.c,v 1.11 2004/09/23 22:07:22 _cvs_levitte Exp $ */ /*
* $LP: LPlib/source/LPdir_unix.c,v 1.11 2004/09/23 22:07:22 _cvs_levitte Exp
* $
*/
/* /*
* Copyright (c) 2004, Richard Levitte <richard@levitte.org> * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
* All rights reserved. * All rights reserved.
@@ -36,28 +39,30 @@
# include "LPdir.h" # include "LPdir.h"
#endif #endif
/* The POSIXly macro for the maximum number of characters in a file path /*
is NAME_MAX. However, some operating systems use PATH_MAX instead. * The POSIXly macro for the maximum number of characters in a file path is
Therefore, it seems natural to first check for PATH_MAX and use that, * NAME_MAX. However, some operating systems use PATH_MAX instead.
and if it doesn't exist, use NAME_MAX. */ * Therefore, it seems natural to first check for PATH_MAX and use that, and
* if it doesn't exist, use NAME_MAX.
*/
#if defined(PATH_MAX) #if defined(PATH_MAX)
# define LP_ENTRY_SIZE PATH_MAX # define LP_ENTRY_SIZE PATH_MAX
#elif defined(NAME_MAX) #elif defined(NAME_MAX)
# define LP_ENTRY_SIZE NAME_MAX # define LP_ENTRY_SIZE NAME_MAX
#endif #endif
/* Of course, there's the possibility that neither PATH_MAX nor NAME_MAX /*
exist. It's also possible that NAME_MAX exists but is define to a * Of course, there's the possibility that neither PATH_MAX nor NAME_MAX
very small value (HP-UX offers 14), so we need to check if we got a * exist. It's also possible that NAME_MAX exists but is define to a very
result, and if it meets a minimum standard, and create or change it * small value (HP-UX offers 14), so we need to check if we got a result, and
if not. */ * if it meets a minimum standard, and create or change it if not.
*/
#if !defined(LP_ENTRY_SIZE) || LP_ENTRY_SIZE<255 #if !defined(LP_ENTRY_SIZE) || LP_ENTRY_SIZE<255
# undef LP_ENTRY_SIZE # undef LP_ENTRY_SIZE
# define LP_ENTRY_SIZE 255 # define LP_ENTRY_SIZE 255
#endif #endif
struct LP_dir_context_st struct LP_dir_context_st {
{
DIR *dir; DIR *dir;
char entry_name[LP_ENTRY_SIZE + 1]; char entry_name[LP_ENTRY_SIZE + 1];
}; };
@@ -66,26 +71,22 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
{ {
struct dirent *direntry = NULL; struct dirent *direntry = NULL;
if (ctx == NULL || directory == NULL) if (ctx == NULL || directory == NULL) {
{
errno = EINVAL; errno = EINVAL;
return 0; return 0;
} }
errno = 0; errno = 0;
if (*ctx == NULL) if (*ctx == NULL) {
{
*ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX)); *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
if (*ctx == NULL) if (*ctx == NULL) {
{
errno = ENOMEM; errno = ENOMEM;
return 0; return 0;
} }
memset(*ctx, '\0', sizeof(LP_DIR_CTX)); memset(*ctx, '\0', sizeof(LP_DIR_CTX));
(*ctx)->dir = opendir(directory); (*ctx)->dir = opendir(directory);
if ((*ctx)->dir == NULL) if ((*ctx)->dir == NULL) {
{
int save_errno = errno; /* Probably not needed, but I'm paranoid */ int save_errno = errno; /* Probably not needed, but I'm paranoid */
free(*ctx); free(*ctx);
*ctx = NULL; *ctx = NULL;
@@ -95,25 +96,23 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
} }
direntry = readdir((*ctx)->dir); direntry = readdir((*ctx)->dir);
if (direntry == NULL) if (direntry == NULL) {
{
return 0; return 0;
} }
strncpy((*ctx)->entry_name, direntry->d_name, sizeof((*ctx)->entry_name) - 1); strncpy((*ctx)->entry_name, direntry->d_name,
sizeof((*ctx)->entry_name) - 1);
(*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0'; (*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0';
return (*ctx)->entry_name; return (*ctx)->entry_name;
} }
int LP_find_file_end(LP_DIR_CTX **ctx) int LP_find_file_end(LP_DIR_CTX **ctx)
{ {
if (ctx != NULL && *ctx != NULL) if (ctx != NULL && *ctx != NULL) {
{
int ret = closedir((*ctx)->dir); int ret = closedir((*ctx)->dir);
free(*ctx); free(*ctx);
switch (ret) switch (ret) {
{
case 0: case 0:
return 1; return 1;
case -1: case -1:

54
crypto/LPdir_vms.c
View File

@@ -45,8 +45,7 @@
# define EVMSERR 65535 /* error for non-translatable VMS errors */ # define EVMSERR 65535 /* error for non-translatable VMS errors */
#endif #endif
struct LP_dir_context_st struct LP_dir_context_st {
{
unsigned long VMS_context; unsigned long VMS_context;
#ifdef NAML$C_MAXRSS #ifdef NAML$C_MAXRSS
char filespec[NAML$C_MAXRSS + 1]; char filespec[NAML$C_MAXRSS + 1];
@@ -69,20 +68,17 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
flags |= LIB$M_FIL_LONG_NAMES; flags |= LIB$M_FIL_LONG_NAMES;
#endif #endif
if (ctx == NULL || directory == NULL) if (ctx == NULL || directory == NULL) {
{
errno = EINVAL; errno = EINVAL;
return 0; return 0;
} }
errno = 0; errno = 0;
if (*ctx == NULL) if (*ctx == NULL) {
{
size_t filespeclen = strlen(directory); size_t filespeclen = strlen(directory);
char *filespec = NULL; char *filespec = NULL;
if (filespeclen == 0) if (filespeclen == 0) {
{
errno = ENOENT; errno = ENOENT;
return 0; return 0;
} }
@@ -90,8 +86,7 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
/* MUST be a VMS directory specification! Let's estimate if it is. */ /* MUST be a VMS directory specification! Let's estimate if it is. */
if (directory[filespeclen - 1] != ']' if (directory[filespeclen - 1] != ']'
&& directory[filespeclen - 1] != '>' && directory[filespeclen - 1] != '>'
&& directory[filespeclen-1] != ':') && directory[filespeclen - 1] != ':') {
{
errno = EINVAL; errno = EINVAL;
return 0; return 0;
} }
@@ -104,15 +99,13 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
#else #else
255 255
#endif #endif
) ) {
{
errno = ENAMETOOLONG; errno = ENAMETOOLONG;
return 0; return 0;
} }
*ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX)); *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
if (*ctx == NULL) if (*ctx == NULL) {
{
errno = ENOMEM; errno = ENOMEM;
return 0; return 0;
} }
@@ -138,38 +131,32 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
status = lib$find_file(&(*ctx)->filespec_dsc, &(*ctx)->result_dsc, status = lib$find_file(&(*ctx)->filespec_dsc, &(*ctx)->result_dsc,
&(*ctx)->VMS_context, 0, 0, 0, &flags); &(*ctx)->VMS_context, 0, 0, 0, &flags);
if (status == RMS$_NMF) if (status == RMS$_NMF) {
{
errno = 0; errno = 0;
vaxc$errno = status; vaxc$errno = status;
return NULL; return NULL;
} }
if(!$VMS_STATUS_SUCCESS(status)) if (!$VMS_STATUS_SUCCESS(status)) {
{
errno = EVMSERR; errno = EVMSERR;
vaxc$errno = status; vaxc$errno = status;
return NULL; return NULL;
} }
/* Quick, cheap and dirty way to discard any device and directory, /*
since we only want file names */ * Quick, cheap and dirty way to discard any device and directory, since
* we only want file names
*/
l = (*ctx)->result_dsc.dsc$w_length; l = (*ctx)->result_dsc.dsc$w_length;
p = (*ctx)->result_dsc.dsc$a_pointer; p = (*ctx)->result_dsc.dsc$a_pointer;
r = p; r = p;
for (; *p; p++) for (; *p; p++) {
{ if (*p == '^' && p[1] != '\0') { /* Take care of ODS-5 escapes */
if (*p == '^' && p[1] != '\0') /* Take care of ODS-5 escapes */
{
p++; p++;
} } else if (*p == ':' || *p == '>' || *p == ']') {
else if (*p == ':' || *p == '>' || *p == ']')
{
l -= p + 1 - r; l -= p + 1 - r;
r = p + 1; r = p + 1;
} } else if (*p == ';') {
else if (*p == ';')
{
l = p - r; l = p - r;
break; break;
} }
@@ -184,14 +171,12 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
int LP_find_file_end(LP_DIR_CTX **ctx) int LP_find_file_end(LP_DIR_CTX **ctx)
{ {
if (ctx != NULL && *ctx != NULL) if (ctx != NULL && *ctx != NULL) {
{
int status = lib$find_file_end(&(*ctx)->VMS_context); int status = lib$find_file_end(&(*ctx)->VMS_context);
free(*ctx); free(*ctx);
if(!$VMS_STATUS_SUCCESS(status)) if (!$VMS_STATUS_SUCCESS(status)) {
{
errno = EVMSERR; errno = EVMSERR;
vaxc$errno = status; vaxc$errno = status;
return 0; return 0;
@@ -201,4 +186,3 @@ int LP_find_file_end(LP_DIR_CTX **ctx)
errno = EINVAL; errno = EINVAL;
return 0; return 0;
} }

75
crypto/LPdir_win.c
View File

@@ -29,10 +29,11 @@
# include "LPdir.h" # include "LPdir.h"
#endif #endif
/* We're most likely overcautious here, but let's reserve for /*
broken WinCE headers and explicitly opt for UNICODE call. * We're most likely overcautious here, but let's reserve for broken WinCE
Keep in mind that our WinCE builds are compiled with -DUNICODE * headers and explicitly opt for UNICODE call. Keep in mind that our WinCE
[as well as -D_UNICODE]. */ * builds are compiled with -DUNICODE [as well as -D_UNICODE].
*/
#if defined(LP_SYS_WINCE) && !defined(FindFirstFile) #if defined(LP_SYS_WINCE) && !defined(FindFirstFile)
# define FindFirstFile FindFirstFileW # define FindFirstFile FindFirstFileW
#endif #endif
@@ -44,8 +45,7 @@
# define NAME_MAX 255 # define NAME_MAX 255
#endif #endif
struct LP_dir_context_st struct LP_dir_context_st {
{
WIN32_FIND_DATA ctx; WIN32_FIND_DATA ctx;
HANDLE handle; HANDLE handle;
char entry_name[NAME_MAX + 1]; char entry_name[NAME_MAX + 1];
@@ -55,38 +55,32 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
{ {
struct dirent *direntry = NULL; struct dirent *direntry = NULL;
if (ctx == NULL || directory == NULL) if (ctx == NULL || directory == NULL) {
{
errno = EINVAL; errno = EINVAL;
return 0; return 0;
} }
errno = 0; errno = 0;
if (*ctx == NULL) if (*ctx == NULL) {
{
const char *extdir = directory; const char *extdir = directory;
char *extdirbuf = NULL; char *extdirbuf = NULL;
size_t dirlen = strlen(directory); size_t dirlen = strlen(directory);
if (dirlen == 0) if (dirlen == 0) {
{
errno = ENOENT; errno = ENOENT;
return 0; return 0;
} }
*ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX)); *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
if (*ctx == NULL) if (*ctx == NULL) {
{
errno = ENOMEM; errno = ENOMEM;
return 0; return 0;
} }
memset(*ctx, '\0', sizeof(LP_DIR_CTX)); memset(*ctx, '\0', sizeof(LP_DIR_CTX));
if (directory[dirlen-1] != '*') if (directory[dirlen - 1] != '*') {
{
extdirbuf = (char *)malloc(dirlen + 3); extdirbuf = (char *)malloc(dirlen + 3);
if (extdirbuf == NULL) if (extdirbuf == NULL) {
{
free(*ctx); free(*ctx);
*ctx = NULL; *ctx = NULL;
errno = ENOMEM; errno = ENOMEM;
@@ -98,17 +92,14 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
extdir = strcat(strcpy(extdirbuf, directory), "*"); extdir = strcat(strcpy(extdirbuf, directory), "*");
} }
if (sizeof(TCHAR) != sizeof(char)) if (sizeof(TCHAR) != sizeof(char)) {
{
TCHAR *wdir = NULL; TCHAR *wdir = NULL;
/* len_0 denotes string length *with* trailing 0 */ /* len_0 denotes string length *with* trailing 0 */
size_t index = 0, len_0 = strlen(extdir) + 1; size_t index = 0, len_0 = strlen(extdir) + 1;
wdir = (TCHAR *)calloc(len_0, sizeof(TCHAR)); wdir = (TCHAR *)calloc(len_0, sizeof(TCHAR));
if (wdir == NULL) if (wdir == NULL) {
{ if (extdirbuf != NULL) {
if (extdirbuf != NULL)
{
free(extdirbuf); free(extdirbuf);
} }
free(*ctx); free(*ctx);
@@ -116,9 +107,9 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
errno = ENOMEM; errno = ENOMEM;
return 0; return 0;
} }
#ifdef LP_MULTIBYTE_AVAILABLE #ifdef LP_MULTIBYTE_AVAILABLE
if (!MultiByteToWideChar(CP_ACP, 0, extdir, len_0, (WCHAR *)wdir, len_0)) if (!MultiByteToWideChar
(CP_ACP, 0, extdir, len_0, (WCHAR *)wdir, len_0))
#endif #endif
for (index = 0; index < len_0; index++) for (index = 0; index < len_0; index++)
wdir[index] = (TCHAR)extdir[index]; wdir[index] = (TCHAR)extdir[index];
@@ -126,47 +117,40 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
(*ctx)->handle = FindFirstFile(wdir, &(*ctx)->ctx); (*ctx)->handle = FindFirstFile(wdir, &(*ctx)->ctx);
free(wdir); free(wdir);
} } else {
else
{
(*ctx)->handle = FindFirstFile((TCHAR *)extdir, &(*ctx)->ctx); (*ctx)->handle = FindFirstFile((TCHAR *)extdir, &(*ctx)->ctx);
} }
if (extdirbuf != NULL) if (extdirbuf != NULL) {
{
free(extdirbuf); free(extdirbuf);
} }
if ((*ctx)->handle == INVALID_HANDLE_VALUE) if ((*ctx)->handle == INVALID_HANDLE_VALUE) {
{
free(*ctx); free(*ctx);
*ctx = NULL; *ctx = NULL;
errno = EINVAL; errno = EINVAL;
return 0; return 0;
} }
} } else {
else if (FindNextFile((*ctx)->handle, &(*ctx)->ctx) == FALSE) {
{
if (FindNextFile((*ctx)->handle, &(*ctx)->ctx) == FALSE)
{
return 0; return 0;
} }
} }
if (sizeof(TCHAR) != sizeof(char)) if (sizeof(TCHAR) != sizeof(char)) {
{
TCHAR *wdir = (*ctx)->ctx.cFileName; TCHAR *wdir = (*ctx)->ctx.cFileName;
size_t index, len_0 = 0; size_t index, len_0 = 0;
while (wdir[len_0] && len_0 < (sizeof((*ctx)->entry_name) - 1)) len_0++; while (wdir[len_0] && len_0 < (sizeof((*ctx)->entry_name) - 1))
len_0++;
len_0++; len_0++;
#ifdef LP_MULTIBYTE_AVAILABLE #ifdef LP_MULTIBYTE_AVAILABLE
if (!WideCharToMultiByte(CP_ACP, 0, (WCHAR *)wdir, len_0, (*ctx)->entry_name, if (!WideCharToMultiByte
(CP_ACP, 0, (WCHAR *)wdir, len_0, (*ctx)->entry_name,
sizeof((*ctx)->entry_name), NULL, 0)) sizeof((*ctx)->entry_name), NULL, 0))
#endif #endif
for (index = 0; index < len_0; index++) for (index = 0; index < len_0; index++)
(*ctx)->entry_name[index] = (char)wdir[index]; (*ctx)->entry_name[index] = (char)wdir[index];
} } else
else
strncpy((*ctx)->entry_name, (const char *)(*ctx)->ctx.cFileName, strncpy((*ctx)->entry_name, (const char *)(*ctx)->ctx.cFileName,
sizeof((*ctx)->entry_name) - 1); sizeof((*ctx)->entry_name) - 1);
@@ -177,8 +161,7 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
int LP_find_file_end(LP_DIR_CTX **ctx) int LP_find_file_end(LP_DIR_CTX **ctx)
{ {
if (ctx != NULL && *ctx != NULL) if (ctx != NULL && *ctx != NULL) {
{
FindClose((*ctx)->handle); FindClose((*ctx)->handle);
free(*ctx); free(*ctx);
*ctx = NULL; *ctx = NULL;

5
crypto/LPdir_win32.c
View File

@@ -1,4 +1,7 @@
/* $LP: LPlib/source/LPdir_win32.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp $ */ /*
* $LP: LPlib/source/LPdir_win32.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp
* $
*/
/* /*
* Copyright (c) 2004, Richard Levitte <richard@levitte.org> * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
* All rights reserved. * All rights reserved.

11
crypto/LPdir_wince.c
View File

@@ -1,4 +1,7 @@
/* $LP: LPlib/source/LPdir_wince.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp $ */ /*
* $LP: LPlib/source/LPdir_wince.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp
* $
*/
/* /*
* Copyright (c) 2004, Richard Levitte <richard@levitte.org> * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
* All rights reserved. * All rights reserved.
@@ -26,6 +29,8 @@
*/ */
#define LP_SYS_WINCE #define LP_SYS_WINCE
/* We might want to define LP_MULTIBYTE_AVAILABLE here. It's currently /*
under investigation what the exact conditions would be */ * We might want to define LP_MULTIBYTE_AVAILABLE here. It's currently under
* investigation what the exact conditions would be
*/
#include "LPdir_win.c" #include "LPdir_win.c"

6
crypto/aes/aes.h
View File

@@ -61,8 +61,10 @@
# define AES_ENCRYPT 1 # define AES_ENCRYPT 1
# define AES_DECRYPT 0 # define AES_DECRYPT 0
/* Because array size can't be a const in C, the following two are macros. /*
Both sizes are in bytes. */ * Because array size can't be a const in C, the following two are macros.
* Both sizes are in bytes.
*/
# define AES_MAXNR 14 # define AES_MAXNR 14
# define AES_BLOCK_SIZE 16 # define AES_BLOCK_SIZE 16

3
crypto/aes/aes_cbc.c
View File

@@ -62,7 +62,8 @@
#if !defined(OPENSSL_FIPS_AES_ASM) #if !defined(OPENSSL_FIPS_AES_ASM)
void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
const unsigned long length, const AES_KEY *key, const unsigned long length, const AES_KEY *key,
unsigned char *ivec, const int enc) { unsigned char *ivec, const int enc)
{
unsigned long n; unsigned long n;
unsigned long len = length; unsigned long len = length;

26
crypto/aes/aes_cfb.c
View File

@@ -116,14 +116,16 @@
#include "aes_locl.h" #include "aes_locl.h"
#include "e_os.h" #include "e_os.h"
/* The input and output encrypted as though 128bit cfb mode is being /*
* used. The extra state information to record how much of the * The input and output encrypted as though 128bit cfb mode is being used.
* 128bit block we have used is contained in *num; * The extra state information to record how much of the 128bit block we have
* used is contained in *num;
*/ */
void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
const unsigned long length, const AES_KEY *key, const unsigned long length, const AES_KEY *key,
unsigned char *ivec, int *num, const int enc) { unsigned char *ivec, int *num, const int enc)
{
unsigned int n; unsigned int n;
unsigned long l = length; unsigned long l = length;
@@ -156,8 +158,10 @@ void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
*num = n; *num = n;
} }
/* This expects a single block of size nbits for both in and out. Note that /*
it corrupts any extra bits in the last byte of out */ * This expects a single block of size nbits for both in and out. Note that
* it corrupts any extra bits in the last byte of out
*/
void AES_cfbr_encrypt_block(const unsigned char *in, unsigned char *out, void AES_cfbr_encrypt_block(const unsigned char *in, unsigned char *out,
const int nbits, const AES_KEY *key, const int nbits, const AES_KEY *key,
unsigned char *ivec, const int enc) unsigned char *ivec, const int enc)
@@ -165,7 +169,8 @@ void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
int n, rem, num; int n, rem, num;
unsigned char ovec[AES_BLOCK_SIZE * 2]; unsigned char ovec[AES_BLOCK_SIZE * 2];
if (nbits<=0 || nbits>128) return; if (nbits <= 0 || nbits > 128)
return;
/* fill in the first half of the new IV with the current IV */ /* fill in the first half of the new IV with the current IV */
memcpy(ovec, ivec, AES_BLOCK_SIZE); memcpy(ovec, ivec, AES_BLOCK_SIZE);
@@ -201,11 +206,11 @@ void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
assert(in && out && key && ivec && num); assert(in && out && key && ivec && num);
assert(*num == 0); assert(*num == 0);
for(n=0 ; n < length ; ++n) for (n = 0; n < length; ++n) {
{
c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
AES_cfbr_encrypt_block(c, d, 1, key, ivec, enc); AES_cfbr_encrypt_block(c, d, 1, key, ivec, enc);
out[n/8]=(out[n/8]&~(1 << (7-n%8)))|((d[0]&0x80) >> (n%8)); out[n / 8] =
(out[n / 8] & ~(1 << (7 - n % 8))) | ((d[0] & 0x80) >> (n % 8));
} }
} }
@@ -221,4 +226,3 @@ void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
for (n = 0; n < length; ++n) for (n = 0; n < length; ++n)
AES_cfbr_encrypt_block(&in[n], &out[n], 8, key, ivec, enc); AES_cfbr_encrypt_block(&in[n], &out[n], 8, key, ivec, enc);
} }

46
crypto/aes/aes_ctr.c
View File

@@ -59,16 +59,20 @@
#include <openssl/aes.h> #include <openssl/aes.h>
#include "aes_locl.h" #include "aes_locl.h"
/* NOTE: the IV/counter CTR mode is big-endian. The rest of the AES code /*
* is endian-neutral. */ * NOTE: the IV/counter CTR mode is big-endian. The rest of the AES code is
* endian-neutral.
*/
/* increment counter (128-bit int) by 1 */ /* increment counter (128-bit int) by 1 */
static void AES_ctr128_inc(unsigned char *counter) { static void AES_ctr128_inc(unsigned char *counter)
{
unsigned long c; unsigned long c;
/* Grab bottom dword of counter and increment */ /* Grab bottom dword of counter and increment */
c = GETU32(counter + 12); c = GETU32(counter + 12);
c++; c &= 0xFFFFFFFF; c++;
c &= 0xFFFFFFFF;
PUTU32(counter + 12, c); PUTU32(counter + 12, c);
/* if no overflow, we're done */ /* if no overflow, we're done */
@@ -77,7 +81,8 @@ static void AES_ctr128_inc(unsigned char *counter) {
/* Grab 1st dword of counter and increment */ /* Grab 1st dword of counter and increment */
c = GETU32(counter + 8); c = GETU32(counter + 8);
c++; c &= 0xFFFFFFFF; c++;
c &= 0xFFFFFFFF;
PUTU32(counter + 8, c); PUTU32(counter + 8, c);
/* if no overflow, we're done */ /* if no overflow, we're done */
@@ -86,7 +91,8 @@ static void AES_ctr128_inc(unsigned char *counter) {
/* Grab 2nd dword of counter and increment */ /* Grab 2nd dword of counter and increment */
c = GETU32(counter + 4); c = GETU32(counter + 4);
c++; c &= 0xFFFFFFFF; c++;
c &= 0xFFFFFFFF;
PUTU32(counter + 4, c); PUTU32(counter + 4, c);
/* if no overflow, we're done */ /* if no overflow, we're done */
@@ -95,28 +101,28 @@ static void AES_ctr128_inc(unsigned char *counter) {
/* Grab top dword of counter and increment */ /* Grab top dword of counter and increment */
c = GETU32(counter + 0); c = GETU32(counter + 0);
c++; c &= 0xFFFFFFFF; c++;
c &= 0xFFFFFFFF;
PUTU32(counter + 0, c); PUTU32(counter + 0, c);
} }
/* The input encrypted as though 128bit counter mode is being /*
* used. The extra state information to record how much of the * The input encrypted as though 128bit counter mode is being used. The
* 128bit block we have used is contained in *num, and the * extra state information to record how much of the 128bit block we have
* encrypted counter is kept in ecount_buf. Both *num and * used is contained in *num, and the encrypted counter is kept in
* ecount_buf must be initialised with zeros before the first * ecount_buf. Both *num and ecount_buf must be initialised with zeros
* call to AES_ctr128_encrypt(). * before the first call to AES_ctr128_encrypt(). This algorithm assumes
* * that the counter is in the x lower bits of the IV (ivec), and that the
* This algorithm assumes that the counter is in the x lower bits * application has full control over overflow and the rest of the IV. This
* of the IV (ivec), and that the application has full control over * implementation takes NO responsability for checking that the counter
* overflow and the rest of the IV. This implementation takes NO * doesn't overflow into the rest of the IV when incremented.
* responsability for checking that the counter doesn't overflow
* into the rest of the IV when incremented.
*/ */
void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
const unsigned long length, const AES_KEY *key, const unsigned long length, const AES_KEY *key,
unsigned char ivec[AES_BLOCK_SIZE], unsigned char ivec[AES_BLOCK_SIZE],
unsigned char ecount_buf[AES_BLOCK_SIZE], unsigned char ecount_buf[AES_BLOCK_SIZE],
unsigned int *num) { unsigned int *num)
{
unsigned int n; unsigned int n;
unsigned long l = length; unsigned long l = length;

4
crypto/aes/aes_ecb.c
View File

@@ -60,7 +60,8 @@
#include "aes_locl.h" #include "aes_locl.h"
void AES_ecb_encrypt(const unsigned char *in, unsigned char *out, void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
const AES_KEY *key, const int enc) { const AES_KEY *key, const int enc)
{
assert(in && out && key); assert(in && out && key);
assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc)); assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc));
@@ -70,4 +71,3 @@ void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
else else
AES_decrypt(in, out, key); AES_decrypt(in, out, key);
} }

94
crypto/aes/aes_ige.c
View File

@@ -89,22 +89,22 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
len = length / AES_BLOCK_SIZE; len = length / AES_BLOCK_SIZE;
if (AES_ENCRYPT == enc) if (AES_ENCRYPT == enc) {
{
if (in != out && if (in != out &&
(UNALIGNED_MEMOPS_ARE_FAST || ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(long)==0)) (UNALIGNED_MEMOPS_ARE_FAST
{ || ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(long) ==
0)) {
aes_block_t *ivp = (aes_block_t *) ivec; aes_block_t *ivp = (aes_block_t *) ivec;
aes_block_t *iv2p = (aes_block_t *) (ivec + AES_BLOCK_SIZE); aes_block_t *iv2p = (aes_block_t *) (ivec + AES_BLOCK_SIZE);
while (len) while (len) {
{
aes_block_t *inp = (aes_block_t *) in; aes_block_t *inp = (aes_block_t *) in;
aes_block_t *outp = (aes_block_t *) out; aes_block_t *outp = (aes_block_t *) out;
for (n = 0; n < N_WORDS; ++n) for (n = 0; n < N_WORDS; ++n)
outp->data[n] = inp->data[n] ^ ivp->data[n]; outp->data[n] = inp->data[n] ^ ivp->data[n];
AES_encrypt((unsigned char *)outp->data, (unsigned char *)outp->data, key); AES_encrypt((unsigned char *)outp->data,
(unsigned char *)outp->data, key);
for (n = 0; n < N_WORDS; ++n) for (n = 0; n < N_WORDS; ++n)
outp->data[n] ^= iv2p->data[n]; outp->data[n] ^= iv2p->data[n];
ivp = outp; ivp = outp;
@@ -115,9 +115,7 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
} }
memcpy(ivec, ivp->data, AES_BLOCK_SIZE); memcpy(ivec, ivp->data, AES_BLOCK_SIZE);
memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE); memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);
} } else {
else
{
aes_block_t tmp, tmp2; aes_block_t tmp, tmp2;
aes_block_t iv; aes_block_t iv;
aes_block_t iv2; aes_block_t iv2;
@@ -125,12 +123,12 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
load_block(iv, ivec); load_block(iv, ivec);
load_block(iv2, ivec + AES_BLOCK_SIZE); load_block(iv2, ivec + AES_BLOCK_SIZE);
while (len) while (len) {
{
load_block(tmp, in); load_block(tmp, in);
for (n = 0; n < N_WORDS; ++n) for (n = 0; n < N_WORDS; ++n)
tmp2.data[n] = tmp.data[n] ^ iv.data[n]; tmp2.data[n] = tmp.data[n] ^ iv.data[n];
AES_encrypt((unsigned char *)tmp2.data, (unsigned char *)tmp2.data, key); AES_encrypt((unsigned char *)tmp2.data,
(unsigned char *)tmp2.data, key);
for (n = 0; n < N_WORDS; ++n) for (n = 0; n < N_WORDS; ++n)
tmp2.data[n] ^= iv2.data[n]; tmp2.data[n] ^= iv2.data[n];
store_block(out, tmp2); store_block(out, tmp2);
@@ -143,24 +141,23 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
memcpy(ivec, iv.data, AES_BLOCK_SIZE); memcpy(ivec, iv.data, AES_BLOCK_SIZE);
memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE); memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE);
} }
} } else {
else
{
if (in != out && if (in != out &&
(UNALIGNED_MEMOPS_ARE_FAST || ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(long)==0)) (UNALIGNED_MEMOPS_ARE_FAST
{ || ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(long) ==
0)) {
aes_block_t *ivp = (aes_block_t *) ivec; aes_block_t *ivp = (aes_block_t *) ivec;
aes_block_t *iv2p = (aes_block_t *) (ivec + AES_BLOCK_SIZE); aes_block_t *iv2p = (aes_block_t *) (ivec + AES_BLOCK_SIZE);
while (len) while (len) {
{
aes_block_t tmp; aes_block_t tmp;
aes_block_t *inp = (aes_block_t *) in; aes_block_t *inp = (aes_block_t *) in;
aes_block_t *outp = (aes_block_t *) out; aes_block_t *outp = (aes_block_t *) out;
for (n = 0; n < N_WORDS; ++n) for (n = 0; n < N_WORDS; ++n)
tmp.data[n] = inp->data[n] ^ iv2p->data[n]; tmp.data[n] = inp->data[n] ^ iv2p->data[n];
AES_decrypt((unsigned char *)tmp.data, (unsigned char *)outp->data, key); AES_decrypt((unsigned char *)tmp.data,
(unsigned char *)outp->data, key);
for (n = 0; n < N_WORDS; ++n) for (n = 0; n < N_WORDS; ++n)
outp->data[n] ^= ivp->data[n]; outp->data[n] ^= ivp->data[n];
ivp = inp; ivp = inp;
@@ -171,9 +168,7 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
} }
memcpy(ivec, ivp->data, AES_BLOCK_SIZE); memcpy(ivec, ivp->data, AES_BLOCK_SIZE);
memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE); memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);
} } else {
else
{
aes_block_t tmp, tmp2; aes_block_t tmp, tmp2;
aes_block_t iv; aes_block_t iv;
aes_block_t iv2; aes_block_t iv2;
@@ -181,13 +176,13 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
load_block(iv, ivec); load_block(iv, ivec);
load_block(iv2, ivec + AES_BLOCK_SIZE); load_block(iv2, ivec + AES_BLOCK_SIZE);
while (len) while (len) {
{
load_block(tmp, in); load_block(tmp, in);
tmp2 = tmp; tmp2 = tmp;
for (n = 0; n < N_WORDS; ++n) for (n = 0; n < N_WORDS; ++n)
tmp.data[n] ^= iv2.data[n]; tmp.data[n] ^= iv2.data[n];
AES_decrypt((unsigned char *)tmp.data, (unsigned char *)tmp.data, key); AES_decrypt((unsigned char *)tmp.data,
(unsigned char *)tmp.data, key);
for (n = 0; n < N_WORDS; ++n) for (n = 0; n < N_WORDS; ++n)
tmp.data[n] ^= iv.data[n]; tmp.data[n] ^= iv.data[n];
store_block(out, tmp); store_block(out, tmp);
@@ -228,16 +223,16 @@ void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
OPENSSL_assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc)); OPENSSL_assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc));
OPENSSL_assert((length % AES_BLOCK_SIZE) == 0); OPENSSL_assert((length % AES_BLOCK_SIZE) == 0);
if (AES_ENCRYPT == enc) if (AES_ENCRYPT == enc) {
{ /*
/* XXX: Do a separate case for when in != out (strictly should * XXX: Do a separate case for when in != out (strictly should check
check for overlap, too) */ * for overlap, too)
*/
/* First the forward pass */ /* First the forward pass */
iv = ivec; iv = ivec;
iv2 = ivec + AES_BLOCK_SIZE; iv2 = ivec + AES_BLOCK_SIZE;
while (len >= AES_BLOCK_SIZE) while (len >= AES_BLOCK_SIZE) {
{
for (n = 0; n < AES_BLOCK_SIZE; ++n) for (n = 0; n < AES_BLOCK_SIZE; ++n)
out[n] = in[n] ^ iv[n]; out[n] = in[n] ^ iv[n];
AES_encrypt(out, out, key); AES_encrypt(out, out, key);
@@ -255,35 +250,41 @@ void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
iv = ivec + AES_BLOCK_SIZE * 2; iv = ivec + AES_BLOCK_SIZE * 2;
iv2 = ivec + AES_BLOCK_SIZE * 3; iv2 = ivec + AES_BLOCK_SIZE * 3;
len = length; len = length;
while(len >= AES_BLOCK_SIZE) while (len >= AES_BLOCK_SIZE) {
{
out -= AES_BLOCK_SIZE; out -= AES_BLOCK_SIZE;
/* XXX: reduce copies by alternating between buffers */ /*
* XXX: reduce copies by alternating between buffers
*/
memcpy(tmp, out, AES_BLOCK_SIZE); memcpy(tmp, out, AES_BLOCK_SIZE);
for (n = 0; n < AES_BLOCK_SIZE; ++n) for (n = 0; n < AES_BLOCK_SIZE; ++n)
out[n] ^= iv[n]; out[n] ^= iv[n];
/* hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE); */ /*
* hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE);
*/
AES_encrypt(out, out, key); AES_encrypt(out, out, key);
/* hexdump(stdout,"enc", out, AES_BLOCK_SIZE); */ /*
/* hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); */ * hexdump(stdout,"enc", out, AES_BLOCK_SIZE);
*/
/*
* hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE);
*/
for (n = 0; n < AES_BLOCK_SIZE; ++n) for (n = 0; n < AES_BLOCK_SIZE; ++n)
out[n] ^= iv2[n]; out[n] ^= iv2[n];
/* hexdump(stdout,"out", out, AES_BLOCK_SIZE); */ /*
* hexdump(stdout,"out", out, AES_BLOCK_SIZE);
*/
iv = out; iv = out;
memcpy(prev, tmp, AES_BLOCK_SIZE); memcpy(prev, tmp, AES_BLOCK_SIZE);
iv2 = prev; iv2 = prev;
len -= AES_BLOCK_SIZE; len -= AES_BLOCK_SIZE;
} }
} } else {
else
{
/* First backwards */ /* First backwards */
iv = ivec + AES_BLOCK_SIZE * 2; iv = ivec + AES_BLOCK_SIZE * 2;
iv2 = ivec + AES_BLOCK_SIZE * 3; iv2 = ivec + AES_BLOCK_SIZE * 3;
in += length; in += length;
out += length; out += length;
while (len >= AES_BLOCK_SIZE) while (len >= AES_BLOCK_SIZE) {
{
in -= AES_BLOCK_SIZE; in -= AES_BLOCK_SIZE;
out -= AES_BLOCK_SIZE; out -= AES_BLOCK_SIZE;
memcpy(tmp, in, AES_BLOCK_SIZE); memcpy(tmp, in, AES_BLOCK_SIZE);
@@ -303,8 +304,7 @@ void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
iv = ivec; iv = ivec;
iv2 = ivec + AES_BLOCK_SIZE; iv2 = ivec + AES_BLOCK_SIZE;
len = length; len = length;
while (len >= AES_BLOCK_SIZE) while (len >= AES_BLOCK_SIZE) {
{
memcpy(tmp, out, AES_BLOCK_SIZE); memcpy(tmp, out, AES_BLOCK_SIZE);
memcpy(tmp2, out, AES_BLOCK_SIZE); memcpy(tmp2, out, AES_BLOCK_SIZE);
for (n = 0; n < AES_BLOCK_SIZE; ++n) for (n = 0; n < AES_BLOCK_SIZE; ++n)

3
crypto/aes/aes_misc.c
View File

@@ -55,7 +55,8 @@
const char AES_version[] = "AES" OPENSSL_VERSION_PTEXT; const char AES_version[] = "AES" OPENSSL_VERSION_PTEXT;
const char *AES_options(void) { const char *AES_options(void)
{
#ifdef FULL_UNROLL #ifdef FULL_UNROLL
return "aes(full)"; return "aes(full)";
#else #else

10
crypto/aes/aes_ofb.c
View File

@@ -115,13 +115,15 @@
#include <openssl/aes.h> #include <openssl/aes.h>
#include "aes_locl.h" #include "aes_locl.h"
/* The input and output encrypted as though 128bit ofb mode is being /*
* used. The extra state information to record how much of the * The input and output encrypted as though 128bit ofb mode is being used.
* 128bit block we have used is contained in *num; * The extra state information to record how much of the 128bit block we have
* used is contained in *num;
*/ */
void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
const unsigned long length, const AES_KEY *key, const unsigned long length, const AES_KEY *key,
unsigned char *ivec, int *num) { unsigned char *ivec, int *num)
{
unsigned int n; unsigned int n;
unsigned long l = length; unsigned long l = length;

27
crypto/aes/aes_wrap.c
View File

@@ -1,5 +1,6 @@
/* crypto/aes/aes_wrap.c */ /* crypto/aes/aes_wrap.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL /*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project. * project.
*/ */
/* ==================================================================== /* ====================================================================
@@ -75,16 +76,13 @@ int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
memcpy(A, iv, 8); memcpy(A, iv, 8);
for (j = 0; j < 6; j++) for (j = 0; j < 6; j++) {
{
R = out + 8; R = out + 8;
for (i = 0; i < inlen; i += 8, t++, R += 8) for (i = 0; i < inlen; i += 8, t++, R += 8) {
{
memcpy(B + 8, R, 8); memcpy(B + 8, R, 8);
AES_encrypt(B, B, key); AES_encrypt(B, B, key);
A[7] ^= (unsigned char)(t & 0xff); A[7] ^= (unsigned char)(t & 0xff);
if (t > 0xff) if (t > 0xff) {
{
A[6] ^= (unsigned char)((t >> 8) & 0xff); A[6] ^= (unsigned char)((t >> 8) & 0xff);
A[5] ^= (unsigned char)((t >> 16) & 0xff); A[5] ^= (unsigned char)((t >> 16) & 0xff);
A[4] ^= (unsigned char)((t >> 24) & 0xff); A[4] ^= (unsigned char)((t >> 24) & 0xff);
@@ -111,14 +109,11 @@ int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
t = 6 * (inlen >> 3); t = 6 * (inlen >> 3);
memcpy(A, in, 8); memcpy(A, in, 8);
memcpy(out, in + 8, inlen); memcpy(out, in + 8, inlen);
for (j = 0; j < 6; j++) for (j = 0; j < 6; j++) {
{
R = out + inlen - 8; R = out + inlen - 8;
for (i = 0; i < inlen; i += 8, t--, R -= 8) for (i = 0; i < inlen; i += 8, t--, R -= 8) {
{
A[7] ^= (unsigned char)(t & 0xff); A[7] ^= (unsigned char)(t & 0xff);
if (t > 0xff) if (t > 0xff) {
{
A[6] ^= (unsigned char)((t >> 8) & 0xff); A[6] ^= (unsigned char)((t >> 8) & 0xff);
A[5] ^= (unsigned char)((t >> 16) & 0xff); A[5] ^= (unsigned char)((t >> 16) & 0xff);
A[4] ^= (unsigned char)((t >> 24) & 0xff); A[4] ^= (unsigned char)((t >> 24) & 0xff);
@@ -130,8 +125,7 @@ int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
} }
if (!iv) if (!iv)
iv = default_iv; iv = default_iv;
if (memcmp(A, iv, 8)) if (memcmp(A, iv, 8)) {
{
OPENSSL_cleanse(out, inlen); OPENSSL_cleanse(out, inlen);
return 0; return 0;
} }
@@ -180,8 +174,6 @@ int AES_wrap_unwrap_test(const unsigned char *kek, int keybits,
} }
int main(int argc, char **argv) int main(int argc, char **argv)
{ {
@@ -255,5 +247,4 @@ static const unsigned char e6[] = {
fprintf(stderr, "Key test result %d\n", ret); fprintf(stderr, "Key test result %d\n", ret);
} }
#endif #endif

118
crypto/asn1/a_bitstr.c
View File

@@ -61,46 +61,54 @@
#include <openssl/asn1.h> #include <openssl/asn1.h>
int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len) int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
{ return M_ASN1_BIT_STRING_set(x, d, len); } {
return M_ASN1_BIT_STRING_set(x, d, len);
}
int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp) int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
{ {
int ret, j, bits, len; int ret, j, bits, len;
unsigned char *p, *d; unsigned char *p, *d;
if (a == NULL) return(0); if (a == NULL)
return (0);
len = a->length; len = a->length;
if (len > 0) if (len > 0) {
{ if (a->flags & ASN1_STRING_FLAG_BITS_LEFT) {
if (a->flags & ASN1_STRING_FLAG_BITS_LEFT)
{
bits = (int)a->flags & 0x07; bits = (int)a->flags & 0x07;
} } else {
else for (; len > 0; len--) {
{ if (a->data[len - 1])
for ( ; len > 0; len--) break;
{
if (a->data[len-1]) break;
} }
j = a->data[len - 1]; j = a->data[len - 1];
if (j & 0x01) bits=0; if (j & 0x01)
else if (j & 0x02) bits=1; bits = 0;
else if (j & 0x04) bits=2; else if (j & 0x02)
else if (j & 0x08) bits=3; bits = 1;
else if (j & 0x10) bits=4; else if (j & 0x04)
else if (j & 0x20) bits=5; bits = 2;
else if (j & 0x40) bits=6; else if (j & 0x08)
else if (j & 0x80) bits=7; bits = 3;
else bits=0; /* should not happen */ else if (j & 0x10)
} bits = 4;
} else if (j & 0x20)
bits = 5;
else if (j & 0x40)
bits = 6;
else if (j & 0x80)
bits = 7;
else else
bits = 0; /* should not happen */
}
} else
bits = 0; bits = 0;
ret = 1 + len; ret = 1 + len;
if (pp == NULL) return(ret); if (pp == NULL)
return (ret);
p = *pp; p = *pp;
@@ -108,7 +116,8 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
d = a->data; d = a->data;
memcpy(p, d, len); memcpy(p, d, len);
p += len; p += len;
if (len > 0) p[-1]&=(0xff<<bits); if (len > 0)
p[-1] &= (0xff << bits);
*pp = p; *pp = p;
return (ret); return (ret);
} }
@@ -121,52 +130,49 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
unsigned char *s; unsigned char *s;
int i; int i;
if (len < 1) if (len < 1) {
{
i = ASN1_R_STRING_TOO_SHORT; i = ASN1_R_STRING_TOO_SHORT;
goto err; goto err;
} }
if ((a == NULL) || ((*a) == NULL)) if ((a == NULL) || ((*a) == NULL)) {
{ if ((ret = M_ASN1_BIT_STRING_new()) == NULL)
if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL); return (NULL);
} } else
else
ret = (*a); ret = (*a);
p = *pp; p = *pp;
i = *(p++); i = *(p++);
if (i > 7) if (i > 7) {
{
i = ASN1_R_INVALID_BIT_STRING_BITS_LEFT; i = ASN1_R_INVALID_BIT_STRING_BITS_LEFT;
goto err; goto err;
} }
/* We do this to preserve the settings. If we modify /*
* the settings, via the _set_bit function, we will recalculate * We do this to preserve the settings. If we modify the settings, via
* on output */ * the _set_bit function, we will recalculate on output
*/
ret->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear */ ret->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear */
ret->flags |= (ASN1_STRING_FLAG_BITS_LEFT | i); /* set */ ret->flags |= (ASN1_STRING_FLAG_BITS_LEFT | i); /* set */
if (len-- > 1) /* using one because of the bits left byte */ if (len-- > 1) { /* using one because of the bits left byte */
{
s = (unsigned char *)OPENSSL_malloc((int)len); s = (unsigned char *)OPENSSL_malloc((int)len);
if (s == NULL) if (s == NULL) {
{
i = ERR_R_MALLOC_FAILURE; i = ERR_R_MALLOC_FAILURE;
goto err; goto err;
} }
memcpy(s, p, (int)len); memcpy(s, p, (int)len);
s[len - 1] &= (0xff << i); s[len - 1] &= (0xff << i);
p += len; p += len;
} } else
else
s = NULL; s = NULL;
ret->length = (int)len; ret->length = (int)len;
if (ret->data != NULL) OPENSSL_free(ret->data); if (ret->data != NULL)
OPENSSL_free(ret->data);
ret->data = s; ret->data = s;
ret->type = V_ASN1_BIT_STRING; ret->type = V_ASN1_BIT_STRING;
if (a != NULL) (*a)=ret; if (a != NULL)
(*a) = ret;
*pp = p; *pp = p;
return (ret); return (ret);
err: err:
@@ -176,7 +182,8 @@ err:
return (NULL); return (NULL);
} }
/* These next 2 functions from Goetz Babin-Ebell <babinebell@trustcenter.de> /*
* These next 2 functions from Goetz Babin-Ebell <babinebell@trustcenter.de>
*/ */
int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value) int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
{ {
@@ -186,28 +193,28 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
w = n / 8; w = n / 8;
v = 1 << (7 - (n & 0x07)); v = 1 << (7 - (n & 0x07));
iv = ~v; iv = ~v;
if (!value) v=0; if (!value)
v = 0;
if (a == NULL) if (a == NULL)
return 0; return 0;
a->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear, set on write */ a->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear, set on write */
if ((a->length < (w+1)) || (a->data == NULL)) if ((a->length < (w + 1)) || (a->data == NULL)) {
{ if (!value)
if (!value) return(1); /* Don't need to set */ return (1); /* Don't need to set */
if (a->data == NULL) if (a->data == NULL)
c = (unsigned char *)OPENSSL_malloc(w + 1); c = (unsigned char *)OPENSSL_malloc(w + 1);
else else
c = (unsigned char *)OPENSSL_realloc_clean(a->data, c = (unsigned char *)OPENSSL_realloc_clean(a->data,
a->length, a->length, w + 1);
w+1); if (c == NULL) {
if (c == NULL)
{
ASN1err(ASN1_F_ASN1_BIT_STRING_SET_BIT, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_ASN1_BIT_STRING_SET_BIT, ERR_R_MALLOC_FAILURE);
return 0; return 0;
} }
if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length); if (w + 1 - a->length > 0)
memset(c + a->length, 0, w + 1 - a->length);
a->data = c; a->data = c;
a->length = w + 1; a->length = w + 1;
} }
@@ -227,4 +234,3 @@ int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n)
return (0); return (0);
return ((a->data[w] & v) != 0); return ((a->data[w] & v) != 0);
} }

17
crypto/asn1/a_bool.c
View File

@@ -66,7 +66,8 @@ int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
unsigned char *p; unsigned char *p;
r = ASN1_object_size(0, 1, V_ASN1_BOOLEAN); r = ASN1_object_size(0, 1, V_ASN1_BOOLEAN);
if (pp == NULL) return(r); if (pp == NULL)
return (r);
p = *pp; p = *pp;
ASN1_put_object(&p, 0, 1, V_ASN1_BOOLEAN, V_ASN1_UNIVERSAL); ASN1_put_object(&p, 0, 1, V_ASN1_BOOLEAN, V_ASN1_UNIVERSAL);
@@ -85,30 +86,26 @@ int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length)
p = *pp; p = *pp;
inf = ASN1_get_object(&p, &len, &tag, &xclass, length); inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
if (inf & 0x80) if (inf & 0x80) {
{
i = ASN1_R_BAD_OBJECT_HEADER; i = ASN1_R_BAD_OBJECT_HEADER;
goto err; goto err;
} }
if (tag != V_ASN1_BOOLEAN) if (tag != V_ASN1_BOOLEAN) {
{
i = ASN1_R_EXPECTING_A_BOOLEAN; i = ASN1_R_EXPECTING_A_BOOLEAN;
goto err; goto err;
} }
if (len != 1) if (len != 1) {
{
i = ASN1_R_BOOLEAN_IS_WRONG_LENGTH; i = ASN1_R_BOOLEAN_IS_WRONG_LENGTH;
goto err; goto err;
} }
ret = (int)*(p++); ret = (int)*(p++);
if (a != NULL) (*a)=ret; if (a != NULL)
(*a) = ret;
*pp = p; *pp = p;
return (ret); return (ret);
err: err:
ASN1err(ASN1_F_D2I_ASN1_BOOLEAN, i); ASN1err(ASN1_F_D2I_ASN1_BOOLEAN, i);
return (ret); return (ret);
} }

146
crypto/asn1/a_bytes.c
View File

@@ -61,7 +61,8 @@
#include <openssl/asn1.h> #include <openssl/asn1.h>
static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c); static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c);
/* type is a 'bitmap' of acceptable string types. /*
* type is a 'bitmap' of acceptable string types.
*/ */
ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp, ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp,
long length, int type) long length, int type)
@@ -75,15 +76,14 @@ ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp,
p = *pp; p = *pp;
inf = ASN1_get_object(&p, &len, &tag, &xclass, length); inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
if (inf & 0x80) goto err; if (inf & 0x80)
goto err;
if (tag >= 32) if (tag >= 32) {
{
i = ASN1_R_TAG_VALUE_TOO_HIGH; i = ASN1_R_TAG_VALUE_TOO_HIGH;
goto err; goto err;
} }
if (!(ASN1_tag2bit(tag) & type)) if (!(ASN1_tag2bit(tag) & type)) {
{
i = ASN1_R_WRONG_TYPE; i = ASN1_R_WRONG_TYPE;
goto err; goto err;
} }
@@ -92,33 +92,31 @@ ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp,
if (tag == V_ASN1_BIT_STRING) if (tag == V_ASN1_BIT_STRING)
return (d2i_ASN1_BIT_STRING(a, pp, length)); return (d2i_ASN1_BIT_STRING(a, pp, length));
if ((a == NULL) || ((*a) == NULL)) if ((a == NULL) || ((*a) == NULL)) {
{ if ((ret = ASN1_STRING_new()) == NULL)
if ((ret=ASN1_STRING_new()) == NULL) return(NULL); return (NULL);
} } else
else
ret = (*a); ret = (*a);
if (len != 0) if (len != 0) {
{
s = (unsigned char *)OPENSSL_malloc((int)len + 1); s = (unsigned char *)OPENSSL_malloc((int)len + 1);
if (s == NULL) if (s == NULL) {
{
i = ERR_R_MALLOC_FAILURE; i = ERR_R_MALLOC_FAILURE;
goto err; goto err;
} }
memcpy(s, p, (int)len); memcpy(s, p, (int)len);
s[len] = '\0'; s[len] = '\0';
p += len; p += len;
} } else
else
s = NULL; s = NULL;
if (ret->data != NULL) OPENSSL_free(ret->data); if (ret->data != NULL)
OPENSSL_free(ret->data);
ret->length = (int)len; ret->length = (int)len;
ret->data = s; ret->data = s;
ret->type = tag; ret->type = tag;
if (a != NULL) (*a)=ret; if (a != NULL)
(*a) = ret;
*pp = p; *pp = p;
return (ret); return (ret);
err: err:
@@ -133,14 +131,16 @@ int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass)
int ret, r, constructed; int ret, r, constructed;
unsigned char *p; unsigned char *p;
if (a == NULL) return(0); if (a == NULL)
return (0);
if (tag == V_ASN1_BIT_STRING) if (tag == V_ASN1_BIT_STRING)
return (i2d_ASN1_BIT_STRING(a, pp)); return (i2d_ASN1_BIT_STRING(a, pp));
ret = a->length; ret = a->length;
r = ASN1_object_size(0, ret, tag); r = ASN1_object_size(0, ret, tag);
if (pp == NULL) return(r); if (pp == NULL)
return (r);
p = *pp; p = *pp;
if ((tag == V_ASN1_SEQUENCE) || (tag == V_ASN1_SET)) if ((tag == V_ASN1_SEQUENCE) || (tag == V_ASN1_SET))
@@ -164,29 +164,25 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
int inf, tag, xclass; int inf, tag, xclass;
int i = 0; int i = 0;
if ((a == NULL) || ((*a) == NULL)) if ((a == NULL) || ((*a) == NULL)) {
{ if ((ret = ASN1_STRING_new()) == NULL)
if ((ret=ASN1_STRING_new()) == NULL) return(NULL); return (NULL);
} } else
else
ret = (*a); ret = (*a);
p = *pp; p = *pp;
inf = ASN1_get_object(&p, &len, &tag, &xclass, length); inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
if (inf & 0x80) if (inf & 0x80) {
{
i = ASN1_R_BAD_OBJECT_HEADER; i = ASN1_R_BAD_OBJECT_HEADER;
goto err; goto err;
} }
if (tag != Ptag) if (tag != Ptag) {
{
i = ASN1_R_WRONG_TAG; i = ASN1_R_WRONG_TAG;
goto err; goto err;
} }
if (inf & V_ASN1_CONSTRUCTED) if (inf & V_ASN1_CONSTRUCTED) {
{
ASN1_const_CTX c; ASN1_const_CTX c;
c.pp = pp; c.pp = pp;
@@ -198,35 +194,28 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
c.max = (length == 0) ? 0 : (p + length); c.max = (length == 0) ? 0 : (p + length);
if (!asn1_collate_primitive(ret, &c)) if (!asn1_collate_primitive(ret, &c))
goto err; goto err;
else else {
{
p = c.p; p = c.p;
} }
} } else {
else if (len != 0) {
{ if ((ret->length < len) || (ret->data == NULL)) {
if (len != 0) if (ret->data != NULL)
{ OPENSSL_free(ret->data);
if ((ret->length < len) || (ret->data == NULL))
{
if (ret->data != NULL) OPENSSL_free(ret->data);
s = (unsigned char *)OPENSSL_malloc((int)len + 1); s = (unsigned char *)OPENSSL_malloc((int)len + 1);
if (s == NULL) if (s == NULL) {
{
i = ERR_R_MALLOC_FAILURE; i = ERR_R_MALLOC_FAILURE;
goto err; goto err;
} }
} } else
else
s = ret->data; s = ret->data;
memcpy(s, p, (int)len); memcpy(s, p, (int)len);
s[len] = '\0'; s[len] = '\0';
p += len; p += len;
} } else {
else
{
s = NULL; s = NULL;
if (ret->data != NULL) OPENSSL_free(ret->data); if (ret->data != NULL)
OPENSSL_free(ret->data);
} }
ret->length = (int)len; ret->length = (int)len;
@@ -234,7 +223,8 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
ret->type = Ptag; ret->type = Ptag;
} }
if (a != NULL) (*a)=ret; if (a != NULL)
(*a) = ret;
*pp = p; *pp = p;
return (ret); return (ret);
err: err:
@@ -244,11 +234,14 @@ err:
return (NULL); return (NULL);
} }
/*
/* We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapse * We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapse them
* them into the one structure that is then returned */ * into the one structure that is then returned
/* There have been a few bug fixes for this function from */
* Paul Keogh <paul.keogh@sse.ie>, many thanks to him */ /*
* There have been a few bug fixes for this function from Paul Keogh
* <paul.keogh@sse.ie>, many thanks to him
*/
static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c) static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c)
{ {
ASN1_STRING *os = NULL; ASN1_STRING *os = NULL;
@@ -259,36 +252,31 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c)
b.max = 0; b.max = 0;
b.data = NULL; b.data = NULL;
if (a == NULL) if (a == NULL) {
{
c->error = ERR_R_PASSED_NULL_PARAMETER; c->error = ERR_R_PASSED_NULL_PARAMETER;
goto err; goto err;
} }
num = 0; num = 0;
for (;;) for (;;) {
{ if (c->inf & 1) {
if (c->inf & 1)
{
c->eos = ASN1_const_check_infinite_end(&c->p, c->eos = ASN1_const_check_infinite_end(&c->p,
(long)(c->max - c->p)); (long)(c->max - c->p));
if (c->eos) break; if (c->eos)
} break;
else } else {
{ if (c->slen <= 0)
if (c->slen <= 0) break; break;
} }
c->q = c->p; c->q = c->p;
if (d2i_ASN1_bytes(&os, &c->p, c->max - c->p, c->tag, c->xclass) if (d2i_ASN1_bytes(&os, &c->p, c->max - c->p, c->tag, c->xclass)
== NULL) == NULL) {
{
c->error = ERR_R_ASN1_LIB; c->error = ERR_R_ASN1_LIB;
goto err; goto err;
} }
if (!BUF_MEM_grow_clean(&b,num+os->length)) if (!BUF_MEM_grow_clean(&b, num + os->length)) {
{
c->error = ERR_R_BUF_LIB; c->error = ERR_R_BUF_LIB;
goto err; goto err;
} }
@@ -298,17 +286,21 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c)
num += os->length; num += os->length;
} }
if (!asn1_const_Finish(c)) goto err; if (!asn1_const_Finish(c))
goto err;
a->length = num; a->length = num;
if (a->data != NULL) OPENSSL_free(a->data); if (a->data != NULL)
OPENSSL_free(a->data);
a->data = (unsigned char *)b.data; a->data = (unsigned char *)b.data;
if (os != NULL) ASN1_STRING_free(os); if (os != NULL)
ASN1_STRING_free(os);
return (1); return (1);
err: err:
ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE, c->error); ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE, c->error);
if (os != NULL) ASN1_STRING_free(os); if (os != NULL)
if (b.data != NULL) OPENSSL_free(b.data); ASN1_STRING_free(os);
if (b.data != NULL)
OPENSSL_free(b.data);
return (0); return (0);
} }

92
crypto/asn1/a_d2i_fp.c
View File

@@ -72,8 +72,7 @@ void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x)
BIO *b; BIO *b;
void *ret; void *ret;
if ((b=BIO_new(BIO_s_file())) == NULL) if ((b = BIO_new(BIO_s_file())) == NULL) {
{
ASN1err(ASN1_F_ASN1_D2I_FP, ERR_R_BUF_LIB); ASN1err(ASN1_F_ASN1_D2I_FP, ERR_R_BUF_LIB);
return (NULL); return (NULL);
} }
@@ -92,12 +91,14 @@ void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x)
int len; int len;
len = asn1_d2i_read_bio(in, &b); len = asn1_d2i_read_bio(in, &b);
if(len < 0) goto err; if (len < 0)
goto err;
p = (unsigned char *)b->data; p = (unsigned char *)b->data;
ret = d2i(x, &p, len); ret = d2i(x, &p, len);
err: err:
if (b != NULL) BUF_MEM_free(b); if (b != NULL)
BUF_MEM_free(b);
return (ret); return (ret);
} }
@@ -111,12 +112,14 @@ void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
int len; int len;
len = asn1_d2i_read_bio(in, &b); len = asn1_d2i_read_bio(in, &b);
if(len < 0) goto err; if (len < 0)
goto err;
p = (const unsigned char *)b->data; p = (const unsigned char *)b->data;
ret = ASN1_item_d2i(x, &p, len, it); ret = ASN1_item_d2i(x, &p, len, it);
err: err:
if (b != NULL) BUF_MEM_free(b); if (b != NULL)
BUF_MEM_free(b);
return (ret); return (ret);
} }
@@ -126,8 +129,7 @@ void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
BIO *b; BIO *b;
char *ret; char *ret;
if ((b=BIO_new(BIO_s_file())) == NULL) if ((b = BIO_new(BIO_s_file())) == NULL) {
{
ASN1err(ASN1_F_ASN1_ITEM_D2I_FP, ERR_R_BUF_LIB); ASN1err(ASN1_F_ASN1_ITEM_D2I_FP, ERR_R_BUF_LIB);
return (NULL); return (NULL);
} }
@@ -151,34 +153,27 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
size_t len = 0; size_t len = 0;
b = BUF_MEM_new(); b = BUF_MEM_new();
if (b == NULL) if (b == NULL) {
{
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
return -1; return -1;
} }
ERR_clear_error(); ERR_clear_error();
for (;;) for (;;) {
{ if (want >= (len - off)) {
if (want >= (len-off))
{
want -= (len - off); want -= (len - off);
if (len + want < len || !BUF_MEM_grow_clean(b,len+want)) if (len + want < len || !BUF_MEM_grow_clean(b, len + want)) {
{
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
goto err; goto err;
} }
i = BIO_read(in, &(b->data[len]), want); i = BIO_read(in, &(b->data[len]), want);
if ((i < 0) && ((len-off) == 0)) if ((i < 0) && ((len - off) == 0)) {
{
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_NOT_ENOUGH_DATA); ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_NOT_ENOUGH_DATA);
goto err; goto err;
} }
if (i > 0) if (i > 0) {
{ if (len + i < len) {
if (len+i < len)
{
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG); ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
goto err; goto err;
} }
@@ -191,8 +186,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
c.p = p; c.p = p;
c.inf = ASN1_get_object(&(c.p), &(c.slen), &(c.tag), &(c.xclass), c.inf = ASN1_get_object(&(c.p), &(c.slen), &(c.tag), &(c.xclass),
len - off); len - off);
if (c.inf & 0x80) if (c.inf & 0x80) {
{
unsigned long e; unsigned long e;
e = ERR_GET_REASON(ERR_peek_error()); e = ERR_GET_REASON(ERR_peek_error());
@@ -204,76 +198,63 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
i = c.p - p; /* header length */ i = c.p - p; /* header length */
off += i; /* end of data */ off += i; /* end of data */
if (c.inf & 1) if (c.inf & 1) {
{
/* no data body so go round again */ /* no data body so go round again */
eos++; eos++;
if (eos < 0) if (eos < 0) {
{
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_HEADER_TOO_LONG); ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_HEADER_TOO_LONG);
goto err; goto err;
} }
want = HEADER_SIZE; want = HEADER_SIZE;
} } else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC)) {
else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC))
{
/* eos value, so go back and read another header */ /* eos value, so go back and read another header */
eos--; eos--;
if (eos <= 0) if (eos <= 0)
break; break;
else else
want = HEADER_SIZE; want = HEADER_SIZE;
} } else {
else
{
/* suck in c.slen bytes of data */ /* suck in c.slen bytes of data */
want = c.slen; want = c.slen;
if (want > (len-off)) if (want > (len - off)) {
{
want -= (len - off); want -= (len - off);
if (want > INT_MAX /* BIO_read takes an int length */ || if (want > INT_MAX /* BIO_read takes an int length */ ||
len+want < len) len + want < len) {
{
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG); ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
goto err; goto err;
} }
if (!BUF_MEM_grow_clean(b,len+want)) if (!BUF_MEM_grow_clean(b, len + want)) {
{
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
goto err; goto err;
} }
while (want > 0) while (want > 0) {
{
i = BIO_read(in, &(b->data[len]), want); i = BIO_read(in, &(b->data[len]), want);
if (i <= 0) if (i <= 0) {
{
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
ASN1_R_NOT_ENOUGH_DATA); ASN1_R_NOT_ENOUGH_DATA);
goto err; goto err;
} }
/* This can't overflow because /*
* |len+want| didn't overflow. */ * This can't overflow because |len+want| didn't
* overflow.
*/
len += i; len += i;
want -= i; want -= i;
} }
} }
if (off + c.slen < off) if (off + c.slen < off) {
{
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG); ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
goto err; goto err;
} }
off += c.slen; off += c.slen;
if (eos <= 0) if (eos <= 0) {
{
break; break;
} } else
else
want = HEADER_SIZE; want = HEADER_SIZE;
} }
} }
if (off > INT_MAX) if (off > INT_MAX) {
{
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG); ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
goto err; goto err;
} }
@@ -281,6 +262,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
*pb = b; *pb = b;
return off; return off;
err: err:
if (b != NULL) BUF_MEM_free(b); if (b != NULL)
BUF_MEM_free(b);
return -1; return -1;
} }

8
crypto/asn1/a_digest.c
View File

@@ -79,8 +79,7 @@ int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
unsigned char *str, *p; unsigned char *str, *p;
i = i2d(data, NULL); i = i2d(data, NULL);
if ((str=(unsigned char *)OPENSSL_malloc(i)) == NULL) if ((str = (unsigned char *)OPENSSL_malloc(i)) == NULL) {
{
ASN1err(ASN1_F_ASN1_DIGEST, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_ASN1_DIGEST, ERR_R_MALLOC_FAILURE);
return (0); return (0);
} }
@@ -94,7 +93,6 @@ int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
#endif #endif
int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn, int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
unsigned char *md, unsigned int *len) unsigned char *md, unsigned int *len)
{ {
@@ -102,10 +100,10 @@ int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
unsigned char *str = NULL; unsigned char *str = NULL;
i = ASN1_item_i2d(asn, &str, it); i = ASN1_item_i2d(asn, &str, it);
if (!str) return(0); if (!str)
return (0);
EVP_Digest(str, i, md, len, type, NULL); EVP_Digest(str, i, md, len, type, NULL);
OPENSSL_free(str); OPENSSL_free(str);
return (1); return (1);
} }

26
crypto/asn1/a_dup.c
View File

@@ -69,12 +69,15 @@ void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x)
int i; int i;
char *ret; char *ret;
if (x == NULL) return(NULL); if (x == NULL)
return (NULL);
i = i2d(x, NULL); i = i2d(x, NULL);
b = OPENSSL_malloc(i + 10); b = OPENSSL_malloc(i + 10);
if (b == NULL) if (b == NULL) {
{ ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); } ASN1err(ASN1_F_ASN1_DUP, ERR_R_MALLOC_FAILURE);
return (NULL);
}
p = b; p = b;
i = i2d(x, &p); i = i2d(x, &p);
p2 = b; p2 = b;
@@ -85,9 +88,11 @@ void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x)
#endif #endif
/* ASN1_ITEM version of dup: this follows the model above except we don't need /*
* to allocate the buffer. At some point this could be rewritten to directly dup * ASN1_ITEM version of dup: this follows the model above except we don't
* the underlying structure instead of doing and encode and decode. * need to allocate the buffer. At some point this could be rewritten to
* directly dup the underlying structure instead of doing and encode and
* decode.
*/ */
void *ASN1_item_dup(const ASN1_ITEM *it, void *x) void *ASN1_item_dup(const ASN1_ITEM *it, void *x)
@@ -97,11 +102,14 @@ void *ASN1_item_dup(const ASN1_ITEM *it, void *x)
long i; long i;
void *ret; void *ret;
if (x == NULL) return(NULL); if (x == NULL)
return (NULL);
i = ASN1_item_i2d(x, &b, it); i = ASN1_item_i2d(x, &b, it);
if (b == NULL) if (b == NULL) {
{ ASN1err(ASN1_F_ASN1_ITEM_DUP,ERR_R_MALLOC_FAILURE); return(NULL); } ASN1err(ASN1_F_ASN1_ITEM_DUP, ERR_R_MALLOC_FAILURE);
return (NULL);
}
p = b; p = b;
ret = ASN1_item_d2i(NULL, &p, i, it); ret = ASN1_item_d2i(NULL, &p, i, it);
OPENSSL_free(b); OPENSSL_free(b);

51
crypto/asn1/a_enum.c
View File

@@ -74,28 +74,26 @@ int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
long d; long d;
a->type = V_ASN1_ENUMERATED; a->type = V_ASN1_ENUMERATED;
if (a->length < (int)(sizeof(long)+1)) if (a->length < (int)(sizeof(long) + 1)) {
{
if (a->data != NULL) if (a->data != NULL)
OPENSSL_free(a->data); OPENSSL_free(a->data);
if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL) if ((a->data =
(unsigned char *)OPENSSL_malloc(sizeof(long) + 1)) != NULL)
memset((char *)a->data, 0, sizeof(long) + 1); memset((char *)a->data, 0, sizeof(long) + 1);
} }
if (a->data == NULL) if (a->data == NULL) {
{
ASN1err(ASN1_F_ASN1_ENUMERATED_SET, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_ASN1_ENUMERATED_SET, ERR_R_MALLOC_FAILURE);
return (0); return (0);
} }
d = v; d = v;
if (d < 0) if (d < 0) {
{
d = -d; d = -d;
a->type = V_ASN1_NEG_ENUMERATED; a->type = V_ASN1_NEG_ENUMERATED;
} }
for (i=0; i<sizeof(long); i++) for (i = 0; i < sizeof(long); i++) {
{ if (d == 0)
if (d == 0) break; break;
buf[i] = (int)d & 0xff; buf[i] = (int)d & 0xff;
d >>= 8; d >>= 8;
} }
@@ -111,27 +109,27 @@ long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
int neg = 0, i; int neg = 0, i;
long r = 0; long r = 0;
if (a == NULL) return(0L); if (a == NULL)
return (0L);
i = a->type; i = a->type;
if (i == V_ASN1_NEG_ENUMERATED) if (i == V_ASN1_NEG_ENUMERATED)
neg = 1; neg = 1;
else if (i != V_ASN1_ENUMERATED) else if (i != V_ASN1_ENUMERATED)
return -1; return -1;
if (a->length > (int)sizeof(long)) if (a->length > (int)sizeof(long)) {
{
/* hmm... a bit ugly */ /* hmm... a bit ugly */
return (0xffffffffL); return (0xffffffffL);
} }
if (a->data == NULL) if (a->data == NULL)
return 0; return 0;
for (i=0; i<a->length; i++) for (i = 0; i < a->length; i++) {
{
r <<= 8; r <<= 8;
r |= (unsigned char)a->data[i]; r |= (unsigned char)a->data[i];
} }
if (neg) r= -r; if (neg)
r = -r;
return (r); return (r);
} }
@@ -144,20 +142,19 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
ret = M_ASN1_ENUMERATED_new(); ret = M_ASN1_ENUMERATED_new();
else else
ret = ai; ret = ai;
if (ret == NULL) if (ret == NULL) {
{
ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED, ERR_R_NESTED_ASN1_ERROR); ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED, ERR_R_NESTED_ASN1_ERROR);
goto err; goto err;
} }
if(BN_is_negative(bn)) ret->type = V_ASN1_NEG_ENUMERATED; if (BN_is_negative(bn))
else ret->type=V_ASN1_ENUMERATED; ret->type = V_ASN1_NEG_ENUMERATED;
else
ret->type = V_ASN1_ENUMERATED;
j = BN_num_bits(bn); j = BN_num_bits(bn);
len = ((j == 0) ? 0 : ((j / 8) + 1)); len = ((j == 0) ? 0 : ((j / 8) + 1));
if (ret->length < len+4) if (ret->length < len + 4) {
{
unsigned char *new_data = OPENSSL_realloc(ret->data, len + 4); unsigned char *new_data = OPENSSL_realloc(ret->data, len + 4);
if (!new_data) if (!new_data) {
{
ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE);
goto err; goto err;
} }
@@ -167,7 +164,8 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
ret->length = BN_bn2bin(bn, ret->data); ret->length = BN_bn2bin(bn, ret->data);
return (ret); return (ret);
err: err:
if (ret != ai) M_ASN1_ENUMERATED_free(ret); if (ret != ai)
M_ASN1_ENUMERATED_free(ret);
return (NULL); return (NULL);
} }
@@ -177,6 +175,7 @@ BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn)
if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL) if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL)
ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN, ASN1_R_BN_LIB); ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN, ASN1_R_BN_LIB);
else if(ai->type == V_ASN1_NEG_ENUMERATED) BN_set_negative(ret,1); else if (ai->type == V_ASN1_NEG_ENUMERATED)
BN_set_negative(ret, 1);
return (ret); return (ret);
} }

119
crypto/asn1/a_gentm.c
View File

@@ -56,7 +56,9 @@
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
/* GENERALIZEDTIME implementation, written by Steve Henson. Based on UTCTIME */ /*
* GENERALIZEDTIME implementation, written by Steve Henson. Based on UTCTIME
*/
#include <stdio.h> #include <stdio.h>
#include <time.h> #include <time.h>
@@ -84,24 +86,24 @@ int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp)
V_ASN1_GENERALIZEDTIME, V_ASN1_UNIVERSAL)); V_ASN1_GENERALIZEDTIME, V_ASN1_UNIVERSAL));
} }
ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a, ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a,
unsigned char **pp, long length) unsigned char **pp,
long length)
{ {
ASN1_GENERALIZEDTIME *ret = NULL; ASN1_GENERALIZEDTIME *ret = NULL;
ret=(ASN1_GENERALIZEDTIME *)d2i_ASN1_bytes((ASN1_STRING **)a,pp,length, ret =
V_ASN1_GENERALIZEDTIME,V_ASN1_UNIVERSAL); (ASN1_GENERALIZEDTIME *)d2i_ASN1_bytes((ASN1_STRING **)a, pp, length,
if (ret == NULL) V_ASN1_GENERALIZEDTIME,
{ V_ASN1_UNIVERSAL);
if (ret == NULL) {
ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME, ERR_R_NESTED_ASN1_ERROR); ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME, ERR_R_NESTED_ASN1_ERROR);
return (NULL); return (NULL);
} }
# ifdef CHARSET_EBCDIC # ifdef CHARSET_EBCDIC
ascii2ebcdic(ret->data, ret->data, ret->length); ascii2ebcdic(ret->data, ret->data, ret->length);
# endif # endif
if (!ASN1_GENERALIZEDTIME_check(ret)) if (!ASN1_GENERALIZEDTIME_check(ret)) {
{
ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME, ASN1_R_INVALID_TIME_FORMAT); ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME, ASN1_R_INVALID_TIME_FORMAT);
goto err; goto err;
} }
@@ -122,57 +124,69 @@ int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
char *a; char *a;
int n, i, l, o; int n, i, l, o;
if (d->type != V_ASN1_GENERALIZEDTIME) return(0); if (d->type != V_ASN1_GENERALIZEDTIME)
return (0);
l = d->length; l = d->length;
a = (char *)d->data; a = (char *)d->data;
o = 0; o = 0;
/* GENERALIZEDTIME is similar to UTCTIME except the year is /*
* represented as YYYY. This stuff treats everything as a two digit * GENERALIZEDTIME is similar to UTCTIME except the year is represented
* field so make first two fields 00 to 99 * as YYYY. This stuff treats everything as a two digit field so make
* first two fields 00 to 99
*/ */
if (l < 13) goto err; if (l < 13)
for (i=0; i<7; i++) goto err;
{ for (i = 0; i < 7; i++) {
if ((i == 6) && ((a[o] == 'Z') || if ((i == 6) && ((a[o] == 'Z') || (a[o] == '+') || (a[o] == '-'))) {
(a[o] == '+') || (a[o] == '-'))) i++;
{ i++; break; } break;
if ((a[o] < '0') || (a[o] > '9')) goto err;
n= a[o]-'0';
if (++o > l) goto err;
if ((a[o] < '0') || (a[o] > '9')) goto err;
n=(n*10)+ a[o]-'0';
if (++o > l) goto err;
if ((n < min[i]) || (n > max[i])) goto err;
} }
/* Optional fractional seconds: decimal point followed by one if ((a[o] < '0') || (a[o] > '9'))
* or more digits. goto err;
n = a[o] - '0';
if (++o > l)
goto err;
if ((a[o] < '0') || (a[o] > '9'))
goto err;
n = (n * 10) + a[o] - '0';
if (++o > l)
goto err;
if ((n < min[i]) || (n > max[i]))
goto err;
}
/*
* Optional fractional seconds: decimal point followed by one or more
* digits.
*/ */
if (a[o] == '.') if (a[o] == '.') {
{ if (++o > l)
if (++o > l) goto err; goto err;
i = o; i = o;
while ((a[o] >= '0') && (a[o] <= '9') && (o <= l)) while ((a[o] >= '0') && (a[o] <= '9') && (o <= l))
o++; o++;
/* Must have at least one digit after decimal point */ /* Must have at least one digit after decimal point */
if (i == o) goto err; if (i == o)
goto err;
} }
if (a[o] == 'Z') if (a[o] == 'Z')
o++; o++;
else if ((a[o] == '+') || (a[o] == '-')) else if ((a[o] == '+') || (a[o] == '-')) {
{
o++; o++;
if (o+4 > l) goto err; if (o + 4 > l)
for (i=7; i<9; i++) goto err;
{ for (i = 7; i < 9; i++) {
if ((a[o] < '0') || (a[o] > '9')) goto err; if ((a[o] < '0') || (a[o] > '9'))
goto err;
n = a[o] - '0'; n = a[o] - '0';
o++; o++;
if ((a[o] < '0') || (a[o] > '9')) goto err; if ((a[o] < '0') || (a[o] > '9'))
goto err;
n = (n * 10) + a[o] - '0'; n = (n * 10) + a[o] - '0';
if ((n < min[i]) || (n > max[i])) goto err; if ((n < min[i]) || (n > max[i]))
goto err;
o++; o++;
} }
} }
@@ -188,18 +202,15 @@ int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str)
t.type = V_ASN1_GENERALIZEDTIME; t.type = V_ASN1_GENERALIZEDTIME;
t.length = strlen(str); t.length = strlen(str);
t.data = (unsigned char *)str; t.data = (unsigned char *)str;
if (ASN1_GENERALIZEDTIME_check(&t)) if (ASN1_GENERALIZEDTIME_check(&t)) {
{ if (s != NULL) {
if (s != NULL)
{
if (!ASN1_STRING_set((ASN1_STRING *)s, if (!ASN1_STRING_set((ASN1_STRING *)s,
(unsigned char *)str, t.length)) (unsigned char *)str, t.length))
return 0; return 0;
s->type = V_ASN1_GENERALIZEDTIME; s->type = V_ASN1_GENERALIZEDTIME;
} }
return (1); return (1);
} } else
else
return (0); return (0);
} }
@@ -221,13 +232,10 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
return (NULL); return (NULL);
p = (char *)s->data; p = (char *)s->data;
if ((p == NULL) || ((size_t)s->length < len)) if ((p == NULL) || ((size_t)s->length < len)) {
{
p = OPENSSL_malloc(len); p = OPENSSL_malloc(len);
if (p == NULL) if (p == NULL) {
{ ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_SET, ERR_R_MALLOC_FAILURE);
ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_SET,
ERR_R_MALLOC_FAILURE);
return (NULL); return (NULL);
} }
if (s->data != NULL) if (s->data != NULL)
@@ -236,7 +244,8 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
} }
BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ", ts->tm_year + 1900, BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ", ts->tm_year + 1900,
ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec); ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min,
ts->tm_sec);
s->length = strlen(p); s->length = strlen(p);
s->type = V_ASN1_GENERALIZEDTIME; s->type = V_ASN1_GENERALIZEDTIME;
#ifdef CHARSET_EBCDIC_not #ifdef CHARSET_EBCDIC_not

13
crypto/asn1/a_hdr.c
View File

@@ -84,13 +84,11 @@ ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a, const unsigned char **pp,
M_ASN1_D2I_Init(); M_ASN1_D2I_Init();
M_ASN1_D2I_start_sequence(); M_ASN1_D2I_start_sequence();
M_ASN1_D2I_get_x(ASN1_OCTET_STRING, ret->header, d2i_ASN1_OCTET_STRING); M_ASN1_D2I_get_x(ASN1_OCTET_STRING, ret->header, d2i_ASN1_OCTET_STRING);
if (ret->meth != NULL) if (ret->meth != NULL) {
{
M_ASN1_D2I_get_x(void, ret->data, ret->meth->d2i); M_ASN1_D2I_get_x(void, ret->data, ret->meth->d2i);
} } else {
else if (a != NULL)
{ (*a) = ret;
if (a != NULL) (*a)=ret;
return (ret); return (ret);
} }
M_ASN1_D2I_Finish(a, ASN1_HEADER_free, ASN1_F_D2I_ASN1_HEADER); M_ASN1_D2I_Finish(a, ASN1_HEADER_free, ASN1_F_D2I_ASN1_HEADER);
@@ -111,7 +109,8 @@ ASN1_HEADER *ASN1_HEADER_new(void)
void ASN1_HEADER_free(ASN1_HEADER * a) void ASN1_HEADER_free(ASN1_HEADER * a)
{ {
if (a == NULL) return; if (a == NULL)
return;
M_ASN1_OCTET_STRING_free(a->header); M_ASN1_OCTET_STRING_free(a->header);
if (a->meth != NULL) if (a->meth != NULL)
a->meth->destroy(a->data); a->meth->destroy(a->data);

30
crypto/asn1/a_i2d_fp.c
View File

@@ -69,8 +69,7 @@ int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x)
BIO *b; BIO *b;
int ret; int ret;
if ((b=BIO_new(BIO_s_file())) == NULL) if ((b = BIO_new(BIO_s_file())) == NULL) {
{
ASN1err(ASN1_F_ASN1_I2D_FP, ERR_R_BUF_LIB); ASN1err(ASN1_F_ASN1_I2D_FP, ERR_R_BUF_LIB);
return (0); return (0);
} }
@@ -89,8 +88,7 @@ int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x)
n = i2d(x, NULL); n = i2d(x, NULL);
b = (char *)OPENSSL_malloc(n); b = (char *)OPENSSL_malloc(n);
if (b == NULL) if (b == NULL) {
{
ASN1err(ASN1_F_ASN1_I2D_BIO, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_ASN1_I2D_BIO, ERR_R_MALLOC_FAILURE);
return (0); return (0);
} }
@@ -98,12 +96,11 @@ int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x)
p = (unsigned char *)b; p = (unsigned char *)b;
i2d(x, &p); i2d(x, &p);
for (;;) for (;;) {
{
i = BIO_write(out, &(b[j]), n); i = BIO_write(out, &(b[j]), n);
if (i == n) break; if (i == n)
if (i <= 0) break;
{ if (i <= 0) {
ret = 0; ret = 0;
break; break;
} }
@@ -122,8 +119,7 @@ int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x)
BIO *b; BIO *b;
int ret; int ret;
if ((b=BIO_new(BIO_s_file())) == NULL) if ((b = BIO_new(BIO_s_file())) == NULL) {
{
ASN1err(ASN1_F_ASN1_ITEM_I2D_FP, ERR_R_BUF_LIB); ASN1err(ASN1_F_ASN1_ITEM_I2D_FP, ERR_R_BUF_LIB);
return (0); return (0);
} }
@@ -140,18 +136,16 @@ int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x)
int i, j = 0, n, ret = 1; int i, j = 0, n, ret = 1;
n = ASN1_item_i2d(x, &b, it); n = ASN1_item_i2d(x, &b, it);
if (b == NULL) if (b == NULL) {
{
ASN1err(ASN1_F_ASN1_ITEM_I2D_BIO, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_ASN1_ITEM_I2D_BIO, ERR_R_MALLOC_FAILURE);
return (0); return (0);
} }
for (;;) for (;;) {
{
i = BIO_write(out, &(b[j]), n); i = BIO_write(out, &(b[j]), n);
if (i == n) break; if (i == n)
if (i <= 0) break;
{ if (i <= 0) {
ret = 0; ret = 0;
break; break;
} }

172
crypto/asn1/a_int.c
View File

@@ -62,15 +62,16 @@
#include <openssl/bn.h> #include <openssl/bn.h>
ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x) ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x)
{ return M_ASN1_INTEGER_dup(x);} {
return M_ASN1_INTEGER_dup(x);
}
int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y) int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y)
{ {
int neg, ret; int neg, ret;
/* Compare signs */ /* Compare signs */
neg = x->type & V_ASN1_NEG; neg = x->type & V_ASN1_NEG;
if (neg != (y->type & V_ASN1_NEG)) if (neg != (y->type & V_ASN1_NEG)) {
{
if (neg) if (neg)
return -1; return -1;
else else
@@ -85,7 +86,6 @@ int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y)
return ret; return ret;
} }
/*- /*-
* This converts an ASN1 INTEGER into its content encoding. * This converts an ASN1 INTEGER into its content encoding.
* The internal representation is an ASN1_STRING whose data is a big endian * The internal representation is an ASN1_STRING whose data is a big endian
@@ -116,12 +116,12 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
int pad = 0, ret, i, neg; int pad = 0, ret, i, neg;
unsigned char *p, *n, pb = 0; unsigned char *p, *n, pb = 0;
if (a == NULL) return(0); if (a == NULL)
return (0);
neg = a->type & V_ASN1_NEG; neg = a->type & V_ASN1_NEG;
if (a->length == 0) if (a->length == 0)
ret = 1; ret = 1;
else else {
{
ret = a->length; ret = a->length;
i = a->data[0]; i = a->data[0];
if (!neg && (i > 127)) { if (!neg && (i > 127)) {
@@ -136,7 +136,8 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
* Special case: if any other bytes non zero we pad: * Special case: if any other bytes non zero we pad:
* otherwise we don't. * otherwise we don't.
*/ */
for(i = 1; i < a->length; i++) if(a->data[i]) { for (i = 1; i < a->length; i++)
if (a->data[i]) {
pad = 1; pad = 1;
pb = 0xFF; pb = 0xFF;
break; break;
@@ -145,12 +146,16 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
} }
ret += pad; ret += pad;
} }
if (pp == NULL) return(ret); if (pp == NULL)
return (ret);
p = *pp; p = *pp;
if (pad) *(p++)=pb; if (pad)
if (a->length == 0) *(p++)=0; *(p++) = pb;
else if (!neg) memcpy(p,a->data,(unsigned int)a->length); if (a->length == 0)
*(p++) = 0;
else if (!neg)
memcpy(p, a->data, (unsigned int)a->length);
else { else {
/* Begin at the end of the encoding */ /* Begin at the end of the encoding */
n = a->data + a->length - 1; n = a->data + a->length - 1;
@@ -166,7 +171,8 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
*(p--) = ((*(n--)) ^ 0xff) + 1; *(p--) = ((*(n--)) ^ 0xff) + 1;
i--; i--;
/* Complement any octets left */ /* Complement any octets left */
for(;i > 0; i--) *(p--) = *(n--) ^ 0xff; for (; i > 0; i--)
*(p--) = *(n--) ^ 0xff;
} }
*pp += ret; *pp += ret;
@@ -183,33 +189,32 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
unsigned char *to, *s; unsigned char *to, *s;
int i; int i;
if ((a == NULL) || ((*a) == NULL)) if ((a == NULL) || ((*a) == NULL)) {
{ if ((ret = M_ASN1_INTEGER_new()) == NULL)
if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL); return (NULL);
ret->type = V_ASN1_INTEGER; ret->type = V_ASN1_INTEGER;
} } else
else
ret = (*a); ret = (*a);
p = *pp; p = *pp;
pend = p + len; pend = p + len;
/* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it /*
* signifies a missing NULL parameter. */ * We must OPENSSL_malloc stuff, even for 0 bytes otherwise it signifies
* a missing NULL parameter.
*/
s = (unsigned char *)OPENSSL_malloc((int)len + 1); s = (unsigned char *)OPENSSL_malloc((int)len + 1);
if (s == NULL) if (s == NULL) {
{
i = ERR_R_MALLOC_FAILURE; i = ERR_R_MALLOC_FAILURE;
goto err; goto err;
} }
to = s; to = s;
if (!len) { if (!len) {
/* Strictly speaking this is an illegal INTEGER but we /*
* tolerate it. * Strictly speaking this is an illegal INTEGER but we tolerate it.
*/ */
ret->type = V_ASN1_INTEGER; ret->type = V_ASN1_INTEGER;
} else if (*p & 0x80) /* a negative number */ } else if (*p & 0x80) { /* a negative number */
{
ret->type = V_ASN1_NEG_INTEGER; ret->type = V_ASN1_NEG_INTEGER;
if ((*p == 0xff) && (len != 1)) { if ((*p == 0xff) && (len != 1)) {
p++; p++;
@@ -223,12 +228,13 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
i--; i--;
p--; p--;
} }
/* Special case: if all zeros then the number will be of /*
* the form FF followed by n zero bytes: this corresponds to * Special case: if all zeros then the number will be of the form FF
* 1 followed by n zero bytes. We've already written n zeros * followed by n zero bytes: this corresponds to 1 followed by n zero
* so we just append an extra one and set the first byte to * bytes. We've already written n zeros so we just append an extra
* a 1. This is treated separately because it is the only case * one and set the first byte to a 1. This is treated separately
* where the number of bytes is larger than len. * because it is the only case where the number of bytes is larger
* than len.
*/ */
if (!i) { if (!i) {
*s = 1; *s = 1;
@@ -237,22 +243,24 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
} else { } else {
*(to--) = (*(p--) ^ 0xff) + 1; *(to--) = (*(p--) ^ 0xff) + 1;
i--; i--;
for(;i > 0; i--) *(to--) = *(p--) ^ 0xff; for (; i > 0; i--)
*(to--) = *(p--) ^ 0xff;
} }
} else { } else {
ret->type = V_ASN1_INTEGER; ret->type = V_ASN1_INTEGER;
if ((*p == 0) && (len != 1)) if ((*p == 0) && (len != 1)) {
{
p++; p++;
len--; len--;
} }
memcpy(s, p, (int)len); memcpy(s, p, (int)len);
} }
if (ret->data != NULL) OPENSSL_free(ret->data); if (ret->data != NULL)
OPENSSL_free(ret->data);
ret->data = s; ret->data = s;
ret->length = (int)len; ret->length = (int)len;
if (a != NULL) (*a)=ret; if (a != NULL)
(*a) = ret;
*pp = pend; *pp = pend;
return (ret); return (ret);
err: err:
@@ -262,10 +270,10 @@ err:
return (NULL); return (NULL);
} }
/*
/* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of * This is a version of d2i_ASN1_INTEGER that ignores the sign bit of ASN1
* ASN1 integers: some broken software can encode a positive INTEGER * integers: some broken software can encode a positive INTEGER with its MSB
* with its MSB set as negative (it doesn't add a padding zero). * set as negative (it doesn't add a padding zero).
*/ */
ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
@@ -278,40 +286,37 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
int inf, tag, xclass; int inf, tag, xclass;
int i; int i;
if ((a == NULL) || ((*a) == NULL)) if ((a == NULL) || ((*a) == NULL)) {
{ if ((ret = M_ASN1_INTEGER_new()) == NULL)
if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL); return (NULL);
ret->type = V_ASN1_INTEGER; ret->type = V_ASN1_INTEGER;
} } else
else
ret = (*a); ret = (*a);
p = *pp; p = *pp;
inf = ASN1_get_object(&p, &len, &tag, &xclass, length); inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
if (inf & 0x80) if (inf & 0x80) {
{
i = ASN1_R_BAD_OBJECT_HEADER; i = ASN1_R_BAD_OBJECT_HEADER;
goto err; goto err;
} }
if (tag != V_ASN1_INTEGER) if (tag != V_ASN1_INTEGER) {
{
i = ASN1_R_EXPECTING_AN_INTEGER; i = ASN1_R_EXPECTING_AN_INTEGER;
goto err; goto err;
} }
/* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it /*
* signifies a missing NULL parameter. */ * We must OPENSSL_malloc stuff, even for 0 bytes otherwise it signifies
* a missing NULL parameter.
*/
s = (unsigned char *)OPENSSL_malloc((int)len + 1); s = (unsigned char *)OPENSSL_malloc((int)len + 1);
if (s == NULL) if (s == NULL) {
{
i = ERR_R_MALLOC_FAILURE; i = ERR_R_MALLOC_FAILURE;
goto err; goto err;
} }
ret->type = V_ASN1_INTEGER; ret->type = V_ASN1_INTEGER;
if (len) { if (len) {
if ((*p == 0) && (len != 1)) if ((*p == 0) && (len != 1)) {
{
p++; p++;
len--; len--;
} }
@@ -319,10 +324,12 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
p += len; p += len;
} }
if (ret->data != NULL) OPENSSL_free(ret->data); if (ret->data != NULL)
OPENSSL_free(ret->data);
ret->data = s; ret->data = s;
ret->length = (int)len; ret->length = (int)len;
if (a != NULL) (*a)=ret; if (a != NULL)
(*a) = ret;
*pp = p; *pp = p;
return (ret); return (ret);
err: err:
@@ -340,28 +347,26 @@ int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
long d; long d;
a->type = V_ASN1_INTEGER; a->type = V_ASN1_INTEGER;
if (a->length < (int)(sizeof(long)+1)) if (a->length < (int)(sizeof(long) + 1)) {
{
if (a->data != NULL) if (a->data != NULL)
OPENSSL_free(a->data); OPENSSL_free(a->data);
if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL) if ((a->data =
(unsigned char *)OPENSSL_malloc(sizeof(long) + 1)) != NULL)
memset((char *)a->data, 0, sizeof(long) + 1); memset((char *)a->data, 0, sizeof(long) + 1);
} }
if (a->data == NULL) if (a->data == NULL) {
{
ASN1err(ASN1_F_ASN1_INTEGER_SET, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_ASN1_INTEGER_SET, ERR_R_MALLOC_FAILURE);
return (0); return (0);
} }
d = v; d = v;
if (d < 0) if (d < 0) {
{
d = -d; d = -d;
a->type = V_ASN1_NEG_INTEGER; a->type = V_ASN1_NEG_INTEGER;
} }
for (i=0; i<sizeof(long); i++) for (i = 0; i < sizeof(long); i++) {
{ if (d == 0)
if (d == 0) break; break;
buf[i] = (int)d & 0xff; buf[i] = (int)d & 0xff;
d >>= 8; d >>= 8;
} }
@@ -377,27 +382,27 @@ long ASN1_INTEGER_get(ASN1_INTEGER *a)
int neg = 0, i; int neg = 0, i;
long r = 0; long r = 0;
if (a == NULL) return(0L); if (a == NULL)
return (0L);
i = a->type; i = a->type;
if (i == V_ASN1_NEG_INTEGER) if (i == V_ASN1_NEG_INTEGER)
neg = 1; neg = 1;
else if (i != V_ASN1_INTEGER) else if (i != V_ASN1_INTEGER)
return -1; return -1;
if (a->length > (int)sizeof(long)) if (a->length > (int)sizeof(long)) {
{
/* hmm... a bit ugly */ /* hmm... a bit ugly */
return (0xffffffffL); return (0xffffffffL);
} }
if (a->data == NULL) if (a->data == NULL)
return 0; return 0;
for (i=0; i<a->length; i++) for (i = 0; i < a->length; i++) {
{
r <<= 8; r <<= 8;
r |= (unsigned char)a->data[i]; r |= (unsigned char)a->data[i];
} }
if (neg) r= -r; if (neg)
r = -r;
return (r); return (r);
} }
@@ -410,21 +415,19 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
ret = M_ASN1_INTEGER_new(); ret = M_ASN1_INTEGER_new();
else else
ret = ai; ret = ai;
if (ret == NULL) if (ret == NULL) {
{
ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_NESTED_ASN1_ERROR); ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_NESTED_ASN1_ERROR);
goto err; goto err;
} }
if (BN_is_negative(bn)) if (BN_is_negative(bn))
ret->type = V_ASN1_NEG_INTEGER; ret->type = V_ASN1_NEG_INTEGER;
else ret->type=V_ASN1_INTEGER; else
ret->type = V_ASN1_INTEGER;
j = BN_num_bits(bn); j = BN_num_bits(bn);
len = ((j == 0) ? 0 : ((j / 8) + 1)); len = ((j == 0) ? 0 : ((j / 8) + 1));
if (ret->length < len+4) if (ret->length < len + 4) {
{
unsigned char *new_data = OPENSSL_realloc(ret->data, len + 4); unsigned char *new_data = OPENSSL_realloc(ret->data, len + 4);
if (!new_data) if (!new_data) {
{
ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
goto err; goto err;
} }
@@ -432,14 +435,14 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
} }
ret->length = BN_bn2bin(bn, ret->data); ret->length = BN_bn2bin(bn, ret->data);
/* Correct zero case */ /* Correct zero case */
if(!ret->length) if (!ret->length) {
{
ret->data[0] = 0; ret->data[0] = 0;
ret->length = 1; ret->length = 1;
} }
return (ret); return (ret);
err: err:
if (ret != ai) M_ASN1_INTEGER_free(ret); if (ret != ai)
M_ASN1_INTEGER_free(ret);
return (NULL); return (NULL);
} }
@@ -455,4 +458,5 @@ BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn)
} }
IMPLEMENT_STACK_OF(ASN1_INTEGER) IMPLEMENT_STACK_OF(ASN1_INTEGER)
IMPLEMENT_ASN1_SET_OF(ASN1_INTEGER) IMPLEMENT_ASN1_SET_OF(ASN1_INTEGER)

103
crypto/asn1/a_mbstr.c
View File

@@ -1,6 +1,7 @@
/* a_mbstr.c */ /* a_mbstr.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL /*
* project 1999. * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 1999.
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved. * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
@@ -62,7 +63,8 @@
#include <openssl/asn1.h> #include <openssl/asn1.h>
static int traverse_string(const unsigned char *p, int len, int inform, static int traverse_string(const unsigned char *p, int len, int inform,
int (*rfunc)(unsigned long value, void *in), void *arg); int (*rfunc) (unsigned long value, void *in),
void *arg);
static int in_utf8(unsigned long value, void *arg); static int in_utf8(unsigned long value, void *arg);
static int out_utf8(unsigned long value, void *arg); static int out_utf8(unsigned long value, void *arg);
static int type_str(unsigned long value, void *arg); static int type_str(unsigned long value, void *arg);
@@ -72,12 +74,13 @@ static int cpy_univ(unsigned long value, void *arg);
static int cpy_utf8(unsigned long value, void *arg); static int cpy_utf8(unsigned long value, void *arg);
static int is_printable(unsigned long value); static int is_printable(unsigned long value);
/* These functions take a string in UTF8, ASCII or multibyte form and /*
* a mask of permissible ASN1 string types. It then works out the minimal * These functions take a string in UTF8, ASCII or multibyte form and a mask
* type (using the order Printable < IA5 < T61 < BMP < Universal < UTF8) * of permissible ASN1 string types. It then works out the minimal type
* and creates a string of the correct type with the supplied data. * (using the order Printable < IA5 < T61 < BMP < Universal < UTF8) and
* Yes this is horrible: it has to be :-( * creates a string of the correct type with the supplied data. Yes this is
* The 'ncopy' form checks minimum and maximum size limits too. * horrible: it has to be :-( The 'ncopy' form checks minimum and maximum
* size limits too.
*/ */
int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len, int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
@@ -99,8 +102,10 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
int nchar; int nchar;
char strbuf[32]; char strbuf[32];
int (*cpyfunc) (unsigned long, void *) = NULL; int (*cpyfunc) (unsigned long, void *) = NULL;
if(len == -1) len = strlen((const char *)in); if (len == -1)
if(!mask) mask = DIRSTRING_TYPE; len = strlen((const char *)in);
if (!mask)
mask = DIRSTRING_TYPE;
/* First do a string check and work out the number of characters */ /* First do a string check and work out the number of characters */
switch (inform) { switch (inform) {
@@ -128,8 +133,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
/* This counts the characters and does utf8 syntax checking */ /* This counts the characters and does utf8 syntax checking */
ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar); ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar);
if (ret < 0) { if (ret < 0) {
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_INVALID_UTF8STRING);
ASN1_R_INVALID_UTF8STRING);
return -1; return -1;
} }
break; break;
@@ -163,12 +167,14 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
return -1; return -1;
} }
/* Now work out output format and string type */ /* Now work out output format and string type */
outform = MBSTRING_ASC; outform = MBSTRING_ASC;
if(mask & B_ASN1_PRINTABLESTRING) str_type = V_ASN1_PRINTABLESTRING; if (mask & B_ASN1_PRINTABLESTRING)
else if(mask & B_ASN1_IA5STRING) str_type = V_ASN1_IA5STRING; str_type = V_ASN1_PRINTABLESTRING;
else if(mask & B_ASN1_T61STRING) str_type = V_ASN1_T61STRING; else if (mask & B_ASN1_IA5STRING)
str_type = V_ASN1_IA5STRING;
else if (mask & B_ASN1_T61STRING)
str_type = V_ASN1_T61STRING;
else if (mask & B_ASN1_BMPSTRING) { else if (mask & B_ASN1_BMPSTRING) {
str_type = V_ASN1_BMPSTRING; str_type = V_ASN1_BMPSTRING;
outform = MBSTRING_BMP; outform = MBSTRING_BMP;
@@ -179,7 +185,8 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
str_type = V_ASN1_UTF8STRING; str_type = V_ASN1_UTF8STRING;
outform = MBSTRING_UTF8; outform = MBSTRING_UTF8;
} }
if(!out) return str_type; if (!out)
return str_type;
if (*out) { if (*out) {
free_out = 0; free_out = 0;
dest = *out; dest = *out;
@@ -193,8 +200,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
free_out = 1; free_out = 1;
dest = ASN1_STRING_type_new(str_type); dest = ASN1_STRING_type_new(str_type);
if (!dest) { if (!dest) {
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE);
ERR_R_MALLOC_FAILURE);
return -1; return -1;
} }
*out = dest; *out = dest;
@@ -232,7 +238,8 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
break; break;
} }
if (!(p = OPENSSL_malloc(outlen + 1))) { if (!(p = OPENSSL_malloc(outlen + 1))) {
if(free_out) ASN1_STRING_free(dest); if (free_out)
ASN1_STRING_free(dest);
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE);
return -1; return -1;
} }
@@ -243,12 +250,14 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
return str_type; return str_type;
} }
/* This function traverses a string and passes the value of each character /*
* to an optional function along with a void * argument. * This function traverses a string and passes the value of each character to
* an optional function along with a void * argument.
*/ */
static int traverse_string(const unsigned char *p, int len, int inform, static int traverse_string(const unsigned char *p, int len, int inform,
int (*rfunc)(unsigned long value, void *in), void *arg) int (*rfunc) (unsigned long value, void *in),
void *arg)
{ {
unsigned long value; unsigned long value;
int ret; int ret;
@@ -268,13 +277,15 @@ static int traverse_string(const unsigned char *p, int len, int inform,
len -= 4; len -= 4;
} else { } else {
ret = UTF8_getc(p, len, &value); ret = UTF8_getc(p, len, &value);
if(ret < 0) return -1; if (ret < 0)
return -1;
len -= ret; len -= ret;
p += ret; p += ret;
} }
if (rfunc) { if (rfunc) {
ret = rfunc(value, arg); ret = rfunc(value, arg);
if(ret <= 0) return ret; if (ret <= 0)
return ret;
} }
} }
return 1; return 1;
@@ -302,8 +313,9 @@ static int out_utf8(unsigned long value, void *arg)
return 1; return 1;
} }
/* Determine the "type" of a string: check each character against a /*
* supplied "mask". * Determine the "type" of a string: check each character against a supplied
* "mask".
*/ */
static int type_str(unsigned long value, void *arg) static int type_str(unsigned long value, void *arg)
@@ -318,7 +330,8 @@ static int type_str(unsigned long value, void *arg)
types &= ~B_ASN1_T61STRING; types &= ~B_ASN1_T61STRING;
if ((types & B_ASN1_BMPSTRING) && (value > 0xffff)) if ((types & B_ASN1_BMPSTRING) && (value > 0xffff))
types &= ~B_ASN1_BMPSTRING; types &= ~B_ASN1_BMPSTRING;
if(!types) return -1; if (!types)
return -1;
*((unsigned long *)arg) = types; *((unsigned long *)arg) = types;
return 1; return 1;
} }
@@ -380,21 +393,31 @@ static int cpy_utf8(unsigned long value, void *arg)
static int is_printable(unsigned long value) static int is_printable(unsigned long value)
{ {
int ch; int ch;
if(value > 0x7f) return 0; if (value > 0x7f)
return 0;
ch = (int)value; ch = (int)value;
/* Note: we can't use 'isalnum' because certain accented /*
* characters may count as alphanumeric in some environments. * Note: we can't use 'isalnum' because certain accented characters may
* count as alphanumeric in some environments.
*/ */
#ifndef CHARSET_EBCDIC #ifndef CHARSET_EBCDIC
if((ch >= 'a') && (ch <= 'z')) return 1; if ((ch >= 'a') && (ch <= 'z'))
if((ch >= 'A') && (ch <= 'Z')) return 1; return 1;
if((ch >= '0') && (ch <= '9')) return 1; if ((ch >= 'A') && (ch <= 'Z'))
if ((ch == ' ') || strchr("'()+,-./:=?", ch)) return 1; return 1;
if ((ch >= '0') && (ch <= '9'))
return 1;
if ((ch == ' ') || strchr("'()+,-./:=?", ch))
return 1;
#else /* CHARSET_EBCDIC */ #else /* CHARSET_EBCDIC */
if((ch >= os_toascii['a']) && (ch <= os_toascii['z'])) return 1; if ((ch >= os_toascii['a']) && (ch <= os_toascii['z']))
if((ch >= os_toascii['A']) && (ch <= os_toascii['Z'])) return 1; return 1;
if((ch >= os_toascii['0']) && (ch <= os_toascii['9'])) return 1; if ((ch >= os_toascii['A']) && (ch <= os_toascii['Z']))
if ((ch == os_toascii[' ']) || strchr("'()+,-./:=?", os_toebcdic[ch])) return 1; return 1;
if ((ch >= os_toascii['0']) && (ch <= os_toascii['9']))
return 1;
if ((ch == os_toascii[' ']) || strchr("'()+,-./:=?", os_toebcdic[ch]))
return 1;
#endif /* CHARSET_EBCDIC */ #endif /* CHARSET_EBCDIC */
return 0; return 0;
} }

6
crypto/asn1/a_meth.c
View File

@@ -65,13 +65,15 @@ static ASN1_METHOD ia5string_meth={
(I2D_OF(void)) i2d_ASN1_IA5STRING, (I2D_OF(void)) i2d_ASN1_IA5STRING,
(D2I_OF(void)) d2i_ASN1_IA5STRING, (D2I_OF(void)) d2i_ASN1_IA5STRING,
(void *(*)(void))ASN1_STRING_new, (void *(*)(void))ASN1_STRING_new,
(void (*)(void *))ASN1_STRING_free}; (void (*)(void *))ASN1_STRING_free
};
static ASN1_METHOD bit_string_meth = { static ASN1_METHOD bit_string_meth = {
(I2D_OF(void)) i2d_ASN1_BIT_STRING, (I2D_OF(void)) i2d_ASN1_BIT_STRING,
(D2I_OF(void)) d2i_ASN1_BIT_STRING, (D2I_OF(void)) d2i_ASN1_BIT_STRING,
(void *(*)(void))ASN1_STRING_new, (void *(*)(void))ASN1_STRING_new,
(void (*)(void *))ASN1_STRING_free}; (void (*)(void *))ASN1_STRING_free
};
ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void) ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void)
{ {

169
crypto/asn1/a_object.c
View File

@@ -69,10 +69,12 @@ int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
unsigned char *p; unsigned char *p;
int objsize; int objsize;
if ((a == NULL) || (a->data == NULL)) return(0); if ((a == NULL) || (a->data == NULL))
return (0);
objsize = ASN1_object_size(0, a->length, V_ASN1_OBJECT); objsize = ASN1_object_size(0, a->length, V_ASN1_OBJECT);
if (pp == NULL) return objsize; if (pp == NULL)
return objsize;
p = *pp; p = *pp;
ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL); ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL);
@@ -100,85 +102,71 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
p = buf; p = buf;
c = *(p++); c = *(p++);
num--; num--;
if ((c >= '0') && (c <= '2')) if ((c >= '0') && (c <= '2')) {
{
first = c - '0'; first = c - '0';
} } else {
else
{
ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_FIRST_NUM_TOO_LARGE); ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_FIRST_NUM_TOO_LARGE);
goto err; goto err;
} }
if (num <= 0) if (num <= 0) {
{
ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_MISSING_SECOND_NUMBER); ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_MISSING_SECOND_NUMBER);
goto err; goto err;
} }
c = *(p++); c = *(p++);
num--; num--;
for (;;) for (;;) {
{ if (num <= 0)
if (num <= 0) break; break;
if ((c != '.') && (c != ' ')) if ((c != '.') && (c != ' ')) {
{
ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_INVALID_SEPARATOR); ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_INVALID_SEPARATOR);
goto err; goto err;
} }
l = 0; l = 0;
use_bn = 0; use_bn = 0;
for (;;) for (;;) {
{ if (num <= 0)
if (num <= 0) break; break;
num--; num--;
c = *(p++); c = *(p++);
if ((c == ' ') || (c == '.')) if ((c == ' ') || (c == '.'))
break; break;
if ((c < '0') || (c > '9')) if ((c < '0') || (c > '9')) {
{
ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_INVALID_DIGIT); ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_INVALID_DIGIT);
goto err; goto err;
} }
if (!use_bn && l >= ((ULONG_MAX - 80) / 10L)) if (!use_bn && l >= ((ULONG_MAX - 80) / 10L)) {
{
use_bn = 1; use_bn = 1;
if (!bl) if (!bl)
bl = BN_new(); bl = BN_new();
if (!bl || !BN_set_word(bl, l)) if (!bl || !BN_set_word(bl, l))
goto err; goto err;
} }
if (use_bn) if (use_bn) {
{
if (!BN_mul_word(bl, 10L) if (!BN_mul_word(bl, 10L)
|| !BN_add_word(bl, c - '0')) || !BN_add_word(bl, c - '0'))
goto err; goto err;
} } else
else
l = l * 10L + (long)(c - '0'); l = l * 10L + (long)(c - '0');
} }
if (len == 0) if (len == 0) {
{ if ((first < 2) && (l >= 40)) {
if ((first < 2) && (l >= 40)) ASN1err(ASN1_F_A2D_ASN1_OBJECT,
{ ASN1_R_SECOND_NUMBER_TOO_LARGE);
ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_SECOND_NUMBER_TOO_LARGE);
goto err; goto err;
} }
if (use_bn) if (use_bn) {
{
if (!BN_add_word(bl, first * 40)) if (!BN_add_word(bl, first * 40))
goto err; goto err;
} } else
else
l += (long)first *40; l += (long)first *40;
} }
i = 0; i = 0;
if (use_bn) if (use_bn) {
{
int blsize; int blsize;
blsize = BN_num_bits(bl); blsize = BN_num_bits(bl);
blsize = (blsize + 6) / 7; blsize = (blsize + 6) / 7;
if (blsize > tmpsize) if (blsize > tmpsize) {
{
if (tmp != ftmp) if (tmp != ftmp)
OPENSSL_free(tmp); OPENSSL_free(tmp);
tmpsize = blsize + 32; tmpsize = blsize + 32;
@@ -188,30 +176,25 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
} }
while (blsize--) while (blsize--)
tmp[i++] = (unsigned char)BN_div_word(bl, 0x80L); tmp[i++] = (unsigned char)BN_div_word(bl, 0x80L);
} } else {
else
{
for (;;) for (;;) {
{
tmp[i++] = (unsigned char)l & 0x7f; tmp[i++] = (unsigned char)l & 0x7f;
l >>= 7L; l >>= 7L;
if (l == 0L) break; if (l == 0L)
break;
} }
} }
if (out != NULL) if (out != NULL) {
{ if (len + i > olen) {
if (len+i > olen)
{
ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_BUFFER_TOO_SMALL); ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_BUFFER_TOO_SMALL);
goto err; goto err;
} }
while (--i > 0) while (--i > 0)
out[len++] = tmp[i] | 0x80; out[len++] = tmp[i] | 0x80;
out[len++] = tmp[0]; out[len++] = tmp[0];
} } else
else
len += i; len += i;
} }
if (tmp != ftmp) if (tmp != ftmp)
@@ -240,8 +223,7 @@ int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
if ((a == NULL) || (a->data == NULL)) if ((a == NULL) || (a->data == NULL))
return (BIO_write(bp, "NULL", 4)); return (BIO_write(bp, "NULL", 4));
i = i2t_ASN1_OBJECT(buf, sizeof buf, a); i = i2t_ASN1_OBJECT(buf, sizeof buf, a);
if (i > (int)(sizeof(buf) - 1)) if (i > (int)(sizeof(buf) - 1)) {
{
p = OPENSSL_malloc(i + 1); p = OPENSSL_malloc(i + 1);
if (!p) if (!p)
return -1; return -1;
@@ -265,19 +247,18 @@ ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
ASN1_OBJECT *ret = NULL; ASN1_OBJECT *ret = NULL;
p = *pp; p = *pp;
inf = ASN1_get_object(&p, &len, &tag, &xclass, length); inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
if (inf & 0x80) if (inf & 0x80) {
{
i = ASN1_R_BAD_OBJECT_HEADER; i = ASN1_R_BAD_OBJECT_HEADER;
goto err; goto err;
} }
if (tag != V_ASN1_OBJECT) if (tag != V_ASN1_OBJECT) {
{
i = ASN1_R_EXPECTING_AN_OBJECT; i = ASN1_R_EXPECTING_AN_OBJECT;
goto err; goto err;
} }
ret = c2i_ASN1_OBJECT(a, &p, len); ret = c2i_ASN1_OBJECT(a, &p, len);
if(ret) *pp = p; if (ret)
*pp = p;
return ret; return ret;
err: err:
ASN1err(ASN1_F_D2I_ASN1_OBJECT, i); ASN1err(ASN1_F_D2I_ASN1_OBJECT, i);
@@ -293,45 +274,46 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
const unsigned char *p; const unsigned char *p;
int i, length; int i, length;
/* Sanity check OID encoding. /*
* Need at least one content octet. * Sanity check OID encoding. Need at least one content octet. MSB must
* MSB must be clear in the last octet. * be clear in the last octet. can't have leading 0x80 in subidentifiers,
* can't have leading 0x80 in subidentifiers, see: X.690 8.19.2 * see: X.690 8.19.2
*/ */
if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL || if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL ||
p[len - 1] & 0x80) p[len - 1] & 0x80) {
{
ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING); ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING);
return NULL; return NULL;
} }
/* Now 0 < len <= INT_MAX, so the cast is safe. */ /* Now 0 < len <= INT_MAX, so the cast is safe. */
length = (int)len; length = (int)len;
for (i = 0; i < length; i++, p++) for (i = 0; i < length; i++, p++) {
{ if (*p == 0x80 && (!i || !(p[-1] & 0x80))) {
if (*p == 0x80 && (!i || !(p[-1] & 0x80)))
{
ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING); ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING);
return NULL; return NULL;
} }
} }
/* only the ASN1_OBJECTs from the 'table' will have values /*
* for ->sn or ->ln */ * only the ASN1_OBJECTs from the 'table' will have values for ->sn or
* ->ln
*/
if ((a == NULL) || ((*a) == NULL) || if ((a == NULL) || ((*a) == NULL) ||
!((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) {
{ if ((ret = ASN1_OBJECT_new()) == NULL)
if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL); return (NULL);
} } else
else ret=(*a); ret = (*a);
p = *pp; p = *pp;
if ((ret->data == NULL) || (ret->length < length)) if ((ret->data == NULL) || (ret->length < length)) {
{ if (ret->data != NULL)
if (ret->data != NULL) OPENSSL_free(ret->data); OPENSSL_free(ret->data);
ret->data = (unsigned char *)OPENSSL_malloc(length); ret->data = (unsigned char *)OPENSSL_malloc(length);
ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA; ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA;
if (ret->data == NULL) if (ret->data == NULL) {
{ i=ERR_R_MALLOC_FAILURE; goto err; } i = ERR_R_MALLOC_FAILURE;
goto err;
}
} }
memcpy(ret->data, p, length); memcpy(ret->data, p, length);
ret->length = length; ret->length = length;
@@ -340,7 +322,8 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
/* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */ /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */
p += length; p += length;
if (a != NULL) (*a)=ret; if (a != NULL)
(*a) = ret;
*pp = p; *pp = p;
return (ret); return (ret);
err: err:
@@ -355,8 +338,7 @@ ASN1_OBJECT *ASN1_OBJECT_new(void)
ASN1_OBJECT *ret; ASN1_OBJECT *ret;
ret = (ASN1_OBJECT *)OPENSSL_malloc(sizeof(ASN1_OBJECT)); ret = (ASN1_OBJECT *)OPENSSL_malloc(sizeof(ASN1_OBJECT));
if (ret == NULL) if (ret == NULL) {
{
ASN1err(ASN1_F_ASN1_OBJECT_NEW, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_ASN1_OBJECT_NEW, ERR_R_MALLOC_FAILURE);
return (NULL); return (NULL);
} }
@@ -371,18 +353,22 @@ ASN1_OBJECT *ASN1_OBJECT_new(void)
void ASN1_OBJECT_free(ASN1_OBJECT *a) void ASN1_OBJECT_free(ASN1_OBJECT *a)
{ {
if (a == NULL) return; if (a == NULL)
if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) return;
{ if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) {
#ifndef CONST_STRICT /* disable purely for compile-time strict const checking. Doing this on a "real" compile will cause memory leaks */ #ifndef CONST_STRICT /* disable purely for compile-time strict
if (a->sn != NULL) OPENSSL_free((void *)a->sn); * const checking. Doing this on a "real"
if (a->ln != NULL) OPENSSL_free((void *)a->ln); * compile will cause memory leaks */
if (a->sn != NULL)
OPENSSL_free((void *)a->sn);
if (a->ln != NULL)
OPENSSL_free((void *)a->ln);
#endif #endif
a->sn = a->ln = NULL; a->sn = a->ln = NULL;
} }
if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) {
{ if (a->data != NULL)
if (a->data != NULL) OPENSSL_free(a->data); OPENSSL_free(a->data);
a->data = NULL; a->data = NULL;
a->length = 0; a->length = 0;
} }
@@ -406,4 +392,5 @@ ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
} }
IMPLEMENT_STACK_OF(ASN1_OBJECT) IMPLEMENT_STACK_OF(ASN1_OBJECT)
IMPLEMENT_ASN1_SET_OF(ASN1_OBJECT) IMPLEMENT_ASN1_SET_OF(ASN1_OBJECT)

16
crypto/asn1/a_octet.c
View File

@@ -61,11 +61,17 @@
#include <openssl/asn1.h> #include <openssl/asn1.h>
ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *x) ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *x)
{ return M_ASN1_OCTET_STRING_dup(x); } {
return M_ASN1_OCTET_STRING_dup(x);
}
int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b) int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b)
{ return M_ASN1_OCTET_STRING_cmp(a, b); } {
return M_ASN1_OCTET_STRING_cmp(a, b);
int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d, int len) }
{ return M_ASN1_OCTET_STRING_set(x, d, len); }
int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d,
int len)
{
return M_ASN1_OCTET_STRING_set(x, d, len);
}

36
crypto/asn1/a_print.c
View File

@@ -66,11 +66,12 @@ int ASN1_PRINTABLE_type(const unsigned char *s, int len)
int ia5 = 0; int ia5 = 0;
int t61 = 0; int t61 = 0;
if (len <= 0) len= -1; if (len <= 0)
if (s == NULL) return(V_ASN1_PRINTABLESTRING); len = -1;
if (s == NULL)
return (V_ASN1_PRINTABLESTRING);
while ((*s) && (len-- != 0)) while ((*s) && (len-- != 0)) {
{
c = *(s++); c = *(s++);
#ifndef CHARSET_EBCDIC #ifndef CHARSET_EBCDIC
if (!(((c >= 'a') && (c <= 'z')) || if (!(((c >= 'a') && (c <= 'z')) ||
@@ -81,21 +82,21 @@ int ASN1_PRINTABLE_type(const unsigned char *s, int len)
(c == '(') || (c == ')') || (c == '(') || (c == ')') ||
(c == '+') || (c == ',') || (c == '+') || (c == ',') ||
(c == '-') || (c == '.') || (c == '-') || (c == '.') ||
(c == '/') || (c == ':') || (c == '/') || (c == ':') || (c == '=') || (c == '?')))
(c == '=') || (c == '?')))
ia5 = 1; ia5 = 1;
if (c & 0x80) if (c & 0x80)
t61 = 1; t61 = 1;
#else #else
if (!isalnum(c) && (c != ' ') && if (!isalnum(c) && (c != ' ') && strchr("'()+,-./:=?", c) == NULL)
strchr("'()+,-./:=?", c) == NULL)
ia5 = 1; ia5 = 1;
if (os_toascii[c] & 0x80) if (os_toascii[c] & 0x80)
t61 = 1; t61 = 1;
#endif #endif
} }
if (t61) return(V_ASN1_T61STRING); if (t61)
if (ia5) return(V_ASN1_IA5STRING); return (V_ASN1_T61STRING);
if (ia5)
return (V_ASN1_IA5STRING);
return (V_ASN1_PRINTABLESTRING); return (V_ASN1_PRINTABLESTRING);
} }
@@ -104,20 +105,21 @@ int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s)
int i; int i;
unsigned char *p; unsigned char *p;
if (s->type != V_ASN1_UNIVERSALSTRING) return(0); if (s->type != V_ASN1_UNIVERSALSTRING)
if ((s->length%4) != 0) return(0); return (0);
if ((s->length % 4) != 0)
return (0);
p = s->data; p = s->data;
for (i=0; i<s->length; i+=4) for (i = 0; i < s->length; i += 4) {
{
if ((p[0] != '\0') || (p[1] != '\0') || (p[2] != '\0')) if ((p[0] != '\0') || (p[1] != '\0') || (p[2] != '\0'))
break; break;
else else
p += 4; p += 4;
} }
if (i < s->length) return(0); if (i < s->length)
return (0);
p = s->data; p = s->data;
for (i=3; i<s->length; i+=4) for (i = 3; i < s->length; i += 4) {
{
*(p++) = s->data[i]; *(p++) = s->data[i];
} }
*(p) = '\0'; *(p) = '\0';

92
crypto/asn1/a_set.c
View File

@@ -62,14 +62,13 @@
#ifndef NO_ASN1_OLD #ifndef NO_ASN1_OLD
typedef struct typedef struct {
{
unsigned char *pbData; unsigned char *pbData;
int cbData; int cbData;
} MYBLOB; } MYBLOB;
/* SetBlobCmp /*
* This function compares two elements of SET_OF block * SetBlobCmp This function compares two elements of SET_OF block
*/ */
static int SetBlobCmp(const void *elem1, const void *elem2) static int SetBlobCmp(const void *elem1, const void *elem2)
{ {
@@ -84,7 +83,9 @@ static int SetBlobCmp(const void *elem1, const void *elem2 )
return b1->cbData - b2->cbData; return b1->cbData - b2->cbData;
} }
/* int is_set: if TRUE, then sort the contents (i.e. it isn't a SEQUENCE) */ /*
* int is_set: if TRUE, then sort the contents (i.e. it isn't a SEQUENCE)
*/
int i2d_ASN1_SET(STACK * a, unsigned char **pp, i2d_of_void *i2d, int ex_tag, int i2d_ASN1_SET(STACK * a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,
int ex_class, int is_set) int ex_class, int is_set)
{ {
@@ -95,11 +96,13 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,
MYBLOB *rgSetBlob; MYBLOB *rgSetBlob;
int totSize; int totSize;
if (a == NULL) return(0); if (a == NULL)
return (0);
for (i = sk_num(a) - 1; i >= 0; i--) for (i = sk_num(a) - 1; i >= 0; i--)
ret += i2d(sk_value(a, i), NULL); ret += i2d(sk_value(a, i), NULL);
r = ASN1_object_size(1, ret, ex_tag); r = ASN1_object_size(1, ret, ex_tag);
if (pp == NULL) return(r); if (pp == NULL)
return (r);
p = *pp; p = *pp;
ASN1_put_object(&p, 1, ret, ex_tag, ex_class); ASN1_put_object(&p, 1, ret, ex_tag, ex_class);
@@ -108,8 +111,7 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,
/* And then again by Ben */ /* And then again by Ben */
/* And again by Steve */ /* And again by Steve */
if(!is_set || (sk_num(a) < 2)) if (!is_set || (sk_num(a) < 2)) {
{
for (i = 0; i < sk_num(a); i++) for (i = 0; i < sk_num(a); i++)
i2d(sk_value(a, i), &p); i2d(sk_value(a, i), &p);
@@ -120,36 +122,33 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,
pStart = p; /* Catch the beg of Setblobs */ pStart = p; /* Catch the beg of Setblobs */
/* In this array we will store the SET blobs */ /* In this array we will store the SET blobs */
rgSetBlob = (MYBLOB *) OPENSSL_malloc(sk_num(a) * sizeof(MYBLOB)); rgSetBlob = (MYBLOB *) OPENSSL_malloc(sk_num(a) * sizeof(MYBLOB));
if (rgSetBlob == NULL) if (rgSetBlob == NULL) {
{
ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE);
return (0); return (0);
} }
for (i=0; i<sk_num(a); i++) for (i = 0; i < sk_num(a); i++) {
{
rgSetBlob[i].pbData = p; /* catch each set encode blob */ rgSetBlob[i].pbData = p; /* catch each set encode blob */
i2d(sk_value(a, i), &p); i2d(sk_value(a, i), &p);
rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this
SetBlob * SetBlob */
*/
} }
*pp = p; *pp = p;
totSize = p - pStart; /* This is the total size of all set blobs */ totSize = p - pStart; /* This is the total size of all set blobs */
/* Now we have to sort the blobs. I am using a simple algo. /*
*Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/ * Now we have to sort the blobs. I am using a simple algo. *Sort ptrs
* *Copy to temp-mem *Copy from temp-mem to user-mem
*/
qsort(rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp); qsort(rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
if (!(pTempMem = OPENSSL_malloc(totSize))) if (!(pTempMem = OPENSSL_malloc(totSize))) {
{
ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE);
return (0); return (0);
} }
/* Copy to temp mem */ /* Copy to temp mem */
p = pTempMem; p = pTempMem;
for(i=0; i<sk_num(a); ++i) for (i = 0; i < sk_num(a); ++i) {
{
memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData); memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData);
p += rgSetBlob[i].cbData; p += rgSetBlob[i].cbData;
} }
@@ -169,64 +168,63 @@ STACK *d2i_ASN1_SET(STACK **a, const unsigned char **pp, long length,
ASN1_const_CTX c; ASN1_const_CTX c;
STACK *ret = NULL; STACK *ret = NULL;
if ((a == NULL) || ((*a) == NULL)) if ((a == NULL) || ((*a) == NULL)) {
{ if ((ret = sk_new_null()) == NULL) {
if ((ret=sk_new_null()) == NULL)
{
ASN1err(ASN1_F_D2I_ASN1_SET, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_D2I_ASN1_SET, ERR_R_MALLOC_FAILURE);
goto err; goto err;
} }
} } else
else
ret = (*a); ret = (*a);
c.p = *pp; c.p = *pp;
c.max = (length == 0) ? 0 : (c.p + length); c.max = (length == 0) ? 0 : (c.p + length);
c.inf = ASN1_get_object(&c.p, &c.slen, &c.tag, &c.xclass, c.max - c.p); c.inf = ASN1_get_object(&c.p, &c.slen, &c.tag, &c.xclass, c.max - c.p);
if (c.inf & 0x80) goto err; if (c.inf & 0x80)
if (ex_class != c.xclass) goto err;
{ if (ex_class != c.xclass) {
ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_BAD_CLASS); ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_BAD_CLASS);
goto err; goto err;
} }
if (ex_tag != c.tag) if (ex_tag != c.tag) {
{
ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_BAD_TAG); ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_BAD_TAG);
goto err; goto err;
} }
if ((c.slen+c.p) > c.max) if ((c.slen + c.p) > c.max) {
{
ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_LENGTH_ERROR); ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_LENGTH_ERROR);
goto err; goto err;
} }
/* check for infinite constructed - it can be as long /*
* as the amount of data passed to us */ * check for infinite constructed - it can be as long as the amount of
* data passed to us
*/
if (c.inf == (V_ASN1_CONSTRUCTED + 1)) if (c.inf == (V_ASN1_CONSTRUCTED + 1))
c.slen = length + *pp - c.p; c.slen = length + *pp - c.p;
c.max = c.p + c.slen; c.max = c.p + c.slen;
while (c.p < c.max) while (c.p < c.max) {
{
char *s; char *s;
if (M_ASN1_D2I_end_sequence()) break; if (M_ASN1_D2I_end_sequence())
/* XXX: This was called with 4 arguments, incorrectly, it seems break;
if ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL) */ /*
if ((s=d2i(NULL,&c.p,c.slen)) == NULL) * XXX: This was called with 4 arguments, incorrectly, it seems if
{ * ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL)
*/
if ((s = d2i(NULL, &c.p, c.slen)) == NULL) {
ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_ERROR_PARSING_SET_ELEMENT); ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_ERROR_PARSING_SET_ELEMENT);
asn1_add_error(*pp, (int)(c.q - *pp)); asn1_add_error(*pp, (int)(c.q - *pp));
goto err; goto err;
} }
if (!sk_push(ret,s)) goto err; if (!sk_push(ret, s))
goto err;
} }
if (a != NULL) (*a)=ret; if (a != NULL)
(*a) = ret;
*pp = c.p; *pp = c.p;
return (ret); return (ret);
err: err:
if ((ret != NULL) && ((a == NULL) || (*a != ret))) if ((ret != NULL) && ((a == NULL) || (*a != ret))) {
{
if (free_func != NULL) if (free_func != NULL)
sk_pop_free(ret, free_func); sk_pop_free(ret, free_func);
else else

127
crypto/asn1/a_sign.c
View File

@@ -136,37 +136,36 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
X509_ALGOR *a; X509_ALGOR *a;
EVP_MD_CTX_init(&ctx); EVP_MD_CTX_init(&ctx);
for (i=0; i<2; i++) for (i = 0; i < 2; i++) {
{
if (i == 0) if (i == 0)
a = algor1; a = algor1;
else else
a = algor2; a = algor2;
if (a == NULL) continue; if (a == NULL)
if (type->pkey_type == NID_dsaWithSHA1) continue;
{ if (type->pkey_type == NID_dsaWithSHA1) {
/* special case: RFC 2459 tells us to omit 'parameters' /*
* with id-dsa-with-sha1 */ * special case: RFC 2459 tells us to omit 'parameters' with
* id-dsa-with-sha1
*/
ASN1_TYPE_free(a->parameter); ASN1_TYPE_free(a->parameter);
a->parameter = NULL; a->parameter = NULL;
} } else if ((a->parameter == NULL) ||
else if ((a->parameter == NULL) || (a->parameter->type != V_ASN1_NULL)) {
(a->parameter->type != V_ASN1_NULL))
{
ASN1_TYPE_free(a->parameter); ASN1_TYPE_free(a->parameter);
if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err; if ((a->parameter = ASN1_TYPE_new()) == NULL)
goto err;
a->parameter->type = V_ASN1_NULL; a->parameter->type = V_ASN1_NULL;
} }
ASN1_OBJECT_free(a->algorithm); ASN1_OBJECT_free(a->algorithm);
a->algorithm = OBJ_nid2obj(type->pkey_type); a->algorithm = OBJ_nid2obj(type->pkey_type);
if (a->algorithm == NULL) if (a->algorithm == NULL) {
{
ASN1err(ASN1_F_ASN1_SIGN, ASN1_R_UNKNOWN_OBJECT_TYPE); ASN1err(ASN1_F_ASN1_SIGN, ASN1_R_UNKNOWN_OBJECT_TYPE);
goto err; goto err;
} }
if (a->algorithm->length == 0) if (a->algorithm->length == 0) {
{ ASN1err(ASN1_F_ASN1_SIGN,
ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
goto err; goto err;
} }
} }
@@ -174,8 +173,7 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
buf_in = (unsigned char *)OPENSSL_malloc((unsigned int)inl); buf_in = (unsigned char *)OPENSSL_malloc((unsigned int)inl);
outll = outl = EVP_PKEY_size(pkey); outll = outl = EVP_PKEY_size(pkey);
buf_out = (unsigned char *)OPENSSL_malloc((unsigned int)outl); buf_out = (unsigned char *)OPENSSL_malloc((unsigned int)outl);
if ((buf_in == NULL) || (buf_out == NULL)) if ((buf_in == NULL) || (buf_out == NULL)) {
{
outl = 0; outl = 0;
ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE);
goto err; goto err;
@@ -186,35 +184,40 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
EVP_SignInit_ex(&ctx, type, NULL); EVP_SignInit_ex(&ctx, type, NULL);
EVP_SignUpdate(&ctx, (unsigned char *)buf_in, inl); EVP_SignUpdate(&ctx, (unsigned char *)buf_in, inl);
if (!EVP_SignFinal(&ctx, (unsigned char *)buf_out, if (!EVP_SignFinal(&ctx, (unsigned char *)buf_out,
(unsigned int *)&outl,pkey)) (unsigned int *)&outl, pkey)) {
{
outl = 0; outl = 0;
ASN1err(ASN1_F_ASN1_SIGN, ERR_R_EVP_LIB); ASN1err(ASN1_F_ASN1_SIGN, ERR_R_EVP_LIB);
goto err; goto err;
} }
if (signature->data != NULL) OPENSSL_free(signature->data); if (signature->data != NULL)
OPENSSL_free(signature->data);
signature->data = buf_out; signature->data = buf_out;
buf_out = NULL; buf_out = NULL;
signature->length = outl; signature->length = outl;
/* In the interests of compatibility, I'll make sure that /*
* the bit string has a 'not-used bits' value of 0 * In the interests of compatibility, I'll make sure that the bit string
* has a 'not-used bits' value of 0
*/ */
signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
err: err:
EVP_MD_CTX_cleanup(&ctx); EVP_MD_CTX_cleanup(&ctx);
if (buf_in != NULL) if (buf_in != NULL) {
{ OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); } OPENSSL_cleanse((char *)buf_in, (unsigned int)inl);
if (buf_out != NULL) OPENSSL_free(buf_in);
{ OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); } }
if (buf_out != NULL) {
OPENSSL_cleanse((char *)buf_out, outll);
OPENSSL_free(buf_out);
}
return (outl); return (outl);
} }
#endif #endif
int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey, X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn,
const EVP_MD *type) EVP_PKEY *pkey, const EVP_MD *type)
{ {
EVP_MD_CTX ctx; EVP_MD_CTX ctx;
unsigned char *buf_in = NULL, *buf_out = NULL; unsigned char *buf_in = NULL, *buf_out = NULL;
@@ -222,79 +225,81 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
X509_ALGOR *a; X509_ALGOR *a;
EVP_MD_CTX_init(&ctx); EVP_MD_CTX_init(&ctx);
for (i=0; i<2; i++) for (i = 0; i < 2; i++) {
{
if (i == 0) if (i == 0)
a = algor1; a = algor1;
else else
a = algor2; a = algor2;
if (a == NULL) continue; if (a == NULL)
continue;
if (type->pkey_type == NID_dsaWithSHA1 || if (type->pkey_type == NID_dsaWithSHA1 ||
type->pkey_type == NID_ecdsa_with_SHA1) type->pkey_type == NID_ecdsa_with_SHA1) {
{ /*
/* special case: RFC 3279 tells us to omit 'parameters' * special case: RFC 3279 tells us to omit 'parameters' with
* with id-dsa-with-sha1 and ecdsa-with-SHA1 */ * id-dsa-with-sha1 and ecdsa-with-SHA1
*/
ASN1_TYPE_free(a->parameter); ASN1_TYPE_free(a->parameter);
a->parameter = NULL; a->parameter = NULL;
} } else if ((a->parameter == NULL) ||
else if ((a->parameter == NULL) || (a->parameter->type != V_ASN1_NULL)) {
(a->parameter->type != V_ASN1_NULL))
{
ASN1_TYPE_free(a->parameter); ASN1_TYPE_free(a->parameter);
if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err; if ((a->parameter = ASN1_TYPE_new()) == NULL)
goto err;
a->parameter->type = V_ASN1_NULL; a->parameter->type = V_ASN1_NULL;
} }
ASN1_OBJECT_free(a->algorithm); ASN1_OBJECT_free(a->algorithm);
a->algorithm = OBJ_nid2obj(type->pkey_type); a->algorithm = OBJ_nid2obj(type->pkey_type);
if (a->algorithm == NULL) if (a->algorithm == NULL) {
{
ASN1err(ASN1_F_ASN1_ITEM_SIGN, ASN1_R_UNKNOWN_OBJECT_TYPE); ASN1err(ASN1_F_ASN1_ITEM_SIGN, ASN1_R_UNKNOWN_OBJECT_TYPE);
goto err; goto err;
} }
if (a->algorithm->length == 0) if (a->algorithm->length == 0) {
{ ASN1err(ASN1_F_ASN1_ITEM_SIGN,
ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
goto err; goto err;
} }
} }
inl = ASN1_item_i2d(asn, &buf_in, it); inl = ASN1_item_i2d(asn, &buf_in, it);
outll = outl = EVP_PKEY_size(pkey); outll = outl = EVP_PKEY_size(pkey);
buf_out = (unsigned char *)OPENSSL_malloc((unsigned int)outl); buf_out = (unsigned char *)OPENSSL_malloc((unsigned int)outl);
if ((buf_in == NULL) || (buf_out == NULL)) if ((buf_in == NULL) || (buf_out == NULL)) {
{
outl = 0; outl = 0;
ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_MALLOC_FAILURE);
goto err; goto err;
} }
if (!EVP_SignInit_ex(&ctx,type, NULL)) if (!EVP_SignInit_ex(&ctx, type, NULL)) {
{
outl = 0; outl = 0;
ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_EVP_LIB); ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_EVP_LIB);
goto err; goto err;
} }
EVP_SignUpdate(&ctx, (unsigned char *)buf_in, inl); EVP_SignUpdate(&ctx, (unsigned char *)buf_in, inl);
if (!EVP_SignFinal(&ctx, (unsigned char *)buf_out, if (!EVP_SignFinal(&ctx, (unsigned char *)buf_out,
(unsigned int *)&outl,pkey)) (unsigned int *)&outl, pkey)) {
{
outl = 0; outl = 0;
ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_EVP_LIB); ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_EVP_LIB);
goto err; goto err;
} }
if (signature->data != NULL) OPENSSL_free(signature->data); if (signature->data != NULL)
OPENSSL_free(signature->data);
signature->data = buf_out; signature->data = buf_out;
buf_out = NULL; buf_out = NULL;
signature->length = outl; signature->length = outl;
/* In the interests of compatibility, I'll make sure that /*
* the bit string has a 'not-used bits' value of 0 * In the interests of compatibility, I'll make sure that the bit string
* has a 'not-used bits' value of 0
*/ */
signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
err: err:
EVP_MD_CTX_cleanup(&ctx); EVP_MD_CTX_cleanup(&ctx);
if (buf_in != NULL) if (buf_in != NULL) {
{ OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); } OPENSSL_cleanse((char *)buf_in, (unsigned int)inl);
if (buf_out != NULL) OPENSSL_free(buf_in);
{ OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); } }
if (buf_out != NULL) {
OPENSSL_cleanse((char *)buf_out, outll);
OPENSSL_free(buf_out);
}
return (outl); return (outl);
} }

303
crypto/asn1/a_strex.c
View File

@@ -1,6 +1,7 @@
/* a_strex.c */ /* a_strex.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL /*
* project 2000. * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 2000.
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 2000 The OpenSSL Project. All rights reserved. * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
@@ -65,13 +66,12 @@
#include "charmap.h" #include "charmap.h"
/* ASN1_STRING_print_ex() and X509_NAME_print_ex(). /*
* Enhanced string and name printing routines handling * ASN1_STRING_print_ex() and X509_NAME_print_ex(). Enhanced string and name
* multibyte characters, RFC2253 and a host of other * printing routines handling multibyte characters, RFC2253 and a host of
* options. * other options.
*/ */
#define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253) #define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253)
#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \ #define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
@@ -79,15 +79,16 @@
ASN1_STRFLGS_ESC_CTRL | \ ASN1_STRFLGS_ESC_CTRL | \
ASN1_STRFLGS_ESC_MSB) ASN1_STRFLGS_ESC_MSB)
/*
/* Three IO functions for sending data to memory, a BIO and * Three IO functions for sending data to memory, a BIO and and a FILE
* and a FILE pointer. * pointer.
*/ */
#if 0 /* never used */ #if 0 /* never used */
static int send_mem_chars(void *arg, const void *buf, int len) static int send_mem_chars(void *arg, const void *buf, int len)
{ {
unsigned char **out = arg; unsigned char **out = arg;
if(!out) return 1; if (!out)
return 1;
memcpy(*out, buf, len); memcpy(*out, buf, len);
*out += len; *out += len;
return 1; return 1;
@@ -96,28 +97,32 @@ static int send_mem_chars(void *arg, const void *buf, int len)
static int send_bio_chars(void *arg, const void *buf, int len) static int send_bio_chars(void *arg, const void *buf, int len)
{ {
if(!arg) return 1; if (!arg)
if(BIO_write(arg, buf, len) != len) return 0; return 1;
if (BIO_write(arg, buf, len) != len)
return 0;
return 1; return 1;
} }
static int send_fp_chars(void *arg, const void *buf, int len) static int send_fp_chars(void *arg, const void *buf, int len)
{ {
if(!arg) return 1; if (!arg)
if(fwrite(buf, 1, len, arg) != (unsigned int)len) return 0; return 1;
if (fwrite(buf, 1, len, arg) != (unsigned int)len)
return 0;
return 1; return 1;
} }
typedef int char_io (void *arg, const void *buf, int len); typedef int char_io (void *arg, const void *buf, int len);
/* This function handles display of /*
* strings, one character at a time. * This function handles display of strings, one character at a time. It is
* It is passed an unsigned long for each * passed an unsigned long for each character because it could come from 2 or
* character because it could come from 2 or even * even 4 byte forms.
* 4 byte forms.
*/ */
static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, char_io *io_ch, void *arg) static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes,
char_io *io_ch, void *arg)
{ {
unsigned char chflgs, chtmp; unsigned char chflgs, chtmp;
char tmphex[HEX_SIZE(long) + 3]; char tmphex[HEX_SIZE(long) + 3];
@@ -126,54 +131,68 @@ static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, ch
return -1; return -1;
if (c > 0xffff) { if (c > 0xffff) {
BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c); BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c);
if(!io_ch(arg, tmphex, 10)) return -1; if (!io_ch(arg, tmphex, 10))
return -1;
return 10; return 10;
} }
if (c > 0xff) { if (c > 0xff) {
BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c); BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c);
if(!io_ch(arg, tmphex, 6)) return -1; if (!io_ch(arg, tmphex, 6))
return -1;
return 6; return 6;
} }
chtmp = (unsigned char)c; chtmp = (unsigned char)c;
if(chtmp > 0x7f) chflgs = flags & ASN1_STRFLGS_ESC_MSB; if (chtmp > 0x7f)
else chflgs = char_type[chtmp] & flags; chflgs = flags & ASN1_STRFLGS_ESC_MSB;
else
chflgs = char_type[chtmp] & flags;
if (chflgs & CHARTYPE_BS_ESC) { if (chflgs & CHARTYPE_BS_ESC) {
/* If we don't escape with quotes, signal we need quotes */ /* If we don't escape with quotes, signal we need quotes */
if (chflgs & ASN1_STRFLGS_ESC_QUOTE) { if (chflgs & ASN1_STRFLGS_ESC_QUOTE) {
if(do_quotes) *do_quotes = 1; if (do_quotes)
if(!io_ch(arg, &chtmp, 1)) return -1; *do_quotes = 1;
if (!io_ch(arg, &chtmp, 1))
return -1;
return 1; return 1;
} }
if(!io_ch(arg, "\\", 1)) return -1; if (!io_ch(arg, "\\", 1))
if(!io_ch(arg, &chtmp, 1)) return -1; return -1;
if (!io_ch(arg, &chtmp, 1))
return -1;
return 2; return 2;
} }
if (chflgs & (ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB)) { if (chflgs & (ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB)) {
BIO_snprintf(tmphex, 11, "\\%02X", chtmp); BIO_snprintf(tmphex, 11, "\\%02X", chtmp);
if(!io_ch(arg, tmphex, 3)) return -1; if (!io_ch(arg, tmphex, 3))
return -1;
return 3; return 3;
} }
/* If we get this far and do any escaping at all must escape /*
* the escape character itself: backslash. * If we get this far and do any escaping at all must escape the escape
* character itself: backslash.
*/ */
if (chtmp == '\\' && flags & ESC_FLAGS) { if (chtmp == '\\' && flags & ESC_FLAGS) {
if(!io_ch(arg, "\\\\", 2)) return -1; if (!io_ch(arg, "\\\\", 2))
return -1;
return 2; return 2;
} }
if(!io_ch(arg, &chtmp, 1)) return -1; if (!io_ch(arg, &chtmp, 1))
return -1;
return 1; return 1;
} }
#define BUF_TYPE_WIDTH_MASK 0x7 #define BUF_TYPE_WIDTH_MASK 0x7
#define BUF_TYPE_CONVUTF8 0x8 #define BUF_TYPE_CONVUTF8 0x8
/* This function sends each character in a buffer to /*
* do_esc_char(). It interprets the content formats * This function sends each character in a buffer to do_esc_char(). It
* and converts to or from UTF8 as appropriate. * interprets the content formats and converts to or from UTF8 as
* appropriate.
*/ */
static int do_buf(unsigned char *buf, int buflen, static int do_buf(unsigned char *buf, int buflen,
int type, unsigned char flags, char *quotes, char_io *io_ch, void *arg) int type, unsigned char flags, char *quotes, char_io *io_ch,
void *arg)
{ {
int i, outlen, len; int i, outlen, len;
unsigned char orflags, *p, *q; unsigned char orflags, *p, *q;
@@ -182,8 +201,10 @@ static int do_buf(unsigned char *buf, int buflen,
q = buf + buflen; q = buf + buflen;
outlen = 0; outlen = 0;
while (p != q) { while (p != q) {
if(p == buf && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_FIRST_ESC_2253; if (p == buf && flags & ASN1_STRFLGS_ESC_2253)
else orflags = 0; orflags = CHARTYPE_FIRST_ESC_2253;
else
orflags = 0;
switch (type & BUF_TYPE_WIDTH_MASK) { switch (type & BUF_TYPE_WIDTH_MASK) {
case 4: case 4:
c = ((unsigned long)*p++) << 24; c = ((unsigned long)*p++) << 24;
@@ -203,30 +224,39 @@ static int do_buf(unsigned char *buf, int buflen,
case 0: case 0:
i = UTF8_getc(p, buflen, &c); i = UTF8_getc(p, buflen, &c);
if(i < 0) return -1; /* Invalid UTF8String */ if (i < 0)
return -1; /* Invalid UTF8String */
p += i; p += i;
break; break;
default: default:
return -1; /* invalid width */ return -1; /* invalid width */
} }
if (p == q && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_LAST_ESC_2253; if (p == q && flags & ASN1_STRFLGS_ESC_2253)
orflags = CHARTYPE_LAST_ESC_2253;
if (type & BUF_TYPE_CONVUTF8) { if (type & BUF_TYPE_CONVUTF8) {
unsigned char utfbuf[6]; unsigned char utfbuf[6];
int utflen; int utflen;
utflen = UTF8_putc(utfbuf, sizeof utfbuf, c); utflen = UTF8_putc(utfbuf, sizeof utfbuf, c);
for (i = 0; i < utflen; i++) { for (i = 0; i < utflen; i++) {
/* We don't need to worry about setting orflags correctly /*
* We don't need to worry about setting orflags correctly
* because if utflen==1 its value will be correct anyway * because if utflen==1 its value will be correct anyway
* otherwise each character will be > 0x7f and so the * otherwise each character will be > 0x7f and so the
* character will never be escaped on first and last. * character will never be escaped on first and last.
*/ */
len = do_esc_char(utfbuf[i], (unsigned char)(flags | orflags), quotes, io_ch, arg); len =
if(len < 0) return -1; do_esc_char(utfbuf[i], (unsigned char)(flags | orflags),
quotes, io_ch, arg);
if (len < 0)
return -1;
outlen += len; outlen += len;
} }
} else { } else {
len = do_esc_char(c, (unsigned char)(flags | orflags), quotes, io_ch, arg); len =
if(len < 0) return -1; do_esc_char(c, (unsigned char)(flags | orflags), quotes,
io_ch, arg);
if (len < 0)
return -1;
outlen += len; outlen += len;
} }
} }
@@ -235,7 +265,8 @@ static int do_buf(unsigned char *buf, int buflen,
/* This function hex dumps a buffer of characters */ /* This function hex dumps a buffer of characters */
static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen) static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf,
int buflen)
{ {
static const char hexdig[] = "0123456789ABCDEF"; static const char hexdig[] = "0123456789ABCDEF";
unsigned char *p, *q; unsigned char *p, *q;
@@ -246,51 +277,59 @@ static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen
while (p != q) { while (p != q) {
hextmp[0] = hexdig[*p >> 4]; hextmp[0] = hexdig[*p >> 4];
hextmp[1] = hexdig[*p & 0xf]; hextmp[1] = hexdig[*p & 0xf];
if(!io_ch(arg, hextmp, 2)) return -1; if (!io_ch(arg, hextmp, 2))
return -1;
p++; p++;
} }
} }
return buflen << 1; return buflen << 1;
} }
/* "dump" a string. This is done when the type is unknown, /*
* or the flags request it. We can either dump the content * "dump" a string. This is done when the type is unknown, or the flags
* octets or the entire DER encoding. This uses the RFC2253 * request it. We can either dump the content octets or the entire DER
* #01234 format. * encoding. This uses the RFC2253 #01234 format.
*/ */
static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str) static int do_dump(unsigned long lflags, char_io *io_ch, void *arg,
ASN1_STRING *str)
{ {
/* Placing the ASN1_STRING in a temp ASN1_TYPE allows /*
* the DER encoding to readily obtained * Placing the ASN1_STRING in a temp ASN1_TYPE allows the DER encoding to
* readily obtained
*/ */
ASN1_TYPE t; ASN1_TYPE t;
unsigned char *der_buf, *p; unsigned char *der_buf, *p;
int outlen, der_len; int outlen, der_len;
if(!io_ch(arg, "#", 1)) return -1; if (!io_ch(arg, "#", 1))
return -1;
/* If we don't dump DER encoding just dump content octets */ /* If we don't dump DER encoding just dump content octets */
if (!(lflags & ASN1_STRFLGS_DUMP_DER)) { if (!(lflags & ASN1_STRFLGS_DUMP_DER)) {
outlen = do_hex_dump(io_ch, arg, str->data, str->length); outlen = do_hex_dump(io_ch, arg, str->data, str->length);
if(outlen < 0) return -1; if (outlen < 0)
return -1;
return outlen + 1; return outlen + 1;
} }
t.type = str->type; t.type = str->type;
t.value.ptr = (char *)str; t.value.ptr = (char *)str;
der_len = i2d_ASN1_TYPE(&t, NULL); der_len = i2d_ASN1_TYPE(&t, NULL);
der_buf = OPENSSL_malloc(der_len); der_buf = OPENSSL_malloc(der_len);
if(!der_buf) return -1; if (!der_buf)
return -1;
p = der_buf; p = der_buf;
i2d_ASN1_TYPE(&t, &p); i2d_ASN1_TYPE(&t, &p);
outlen = do_hex_dump(io_ch, arg, der_buf, der_len); outlen = do_hex_dump(io_ch, arg, der_buf, der_len);
OPENSSL_free(der_buf); OPENSSL_free(der_buf);
if(outlen < 0) return -1; if (outlen < 0)
return -1;
return outlen + 1; return outlen + 1;
} }
/* Lookup table to convert tags to character widths, /*
* 0 = UTF8 encoded, -1 is used for non string types * Lookup table to convert tags to character widths, 0 = UTF8 encoded, -1 is
* otherwise it is the number of bytes per character * used for non string types otherwise it is the number of bytes per
* character
*/ */
static const signed char tag2nbyte[] = { static const signed char tag2nbyte[] = {
@@ -304,14 +343,14 @@ static const signed char tag2nbyte[] = {
4, -1, 2 /* 28-30 */ 4, -1, 2 /* 28-30 */
}; };
/* This is the main function, print out an /*
* ASN1_STRING taking note of various escape * This is the main function, print out an ASN1_STRING taking note of various
* and display options. Returns number of * escape and display options. Returns number of characters written or -1 if
* characters written or -1 if an error * an error occurred.
* occurred.
*/ */
static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, ASN1_STRING *str) static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags,
ASN1_STRING *str)
{ {
int outlen, len; int outlen, len;
int type; int type;
@@ -325,54 +364,67 @@ static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, ASN1_STR
outlen = 0; outlen = 0;
if (lflags & ASN1_STRFLGS_SHOW_TYPE) { if (lflags & ASN1_STRFLGS_SHOW_TYPE) {
const char *tagname; const char *tagname;
tagname = ASN1_tag2str(type); tagname = ASN1_tag2str(type);
outlen += strlen(tagname); outlen += strlen(tagname);
if(!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1)) return -1; if (!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1))
return -1;
outlen++; outlen++;
} }
/* Decide what to do with type, either dump content or display it */ /* Decide what to do with type, either dump content or display it */
/* Dump everything */ /* Dump everything */
if(lflags & ASN1_STRFLGS_DUMP_ALL) type = -1; if (lflags & ASN1_STRFLGS_DUMP_ALL)
type = -1;
/* Ignore the string type */ /* Ignore the string type */
else if(lflags & ASN1_STRFLGS_IGNORE_TYPE) type = 1; else if (lflags & ASN1_STRFLGS_IGNORE_TYPE)
type = 1;
else { else {
/* Else determine width based on type */ /* Else determine width based on type */
if((type > 0) && (type < 31)) type = tag2nbyte[type]; if ((type > 0) && (type < 31))
else type = -1; type = tag2nbyte[type];
if((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN)) type = 1; else
type = -1;
if ((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN))
type = 1;
} }
if (type == -1) { if (type == -1) {
len = do_dump(lflags, io_ch, arg, str); len = do_dump(lflags, io_ch, arg, str);
if(len < 0) return -1; if (len < 0)
return -1;
outlen += len; outlen += len;
return outlen; return outlen;
} }
if (lflags & ASN1_STRFLGS_UTF8_CONVERT) { if (lflags & ASN1_STRFLGS_UTF8_CONVERT) {
/* Note: if string is UTF8 and we want /*
* to convert to UTF8 then we just interpret * Note: if string is UTF8 and we want to convert to UTF8 then we
* it as 1 byte per character to avoid converting * just interpret it as 1 byte per character to avoid converting
* twice. * twice.
*/ */
if(!type) type = 1; if (!type)
else type |= BUF_TYPE_CONVUTF8; type = 1;
else
type |= BUF_TYPE_CONVUTF8;
} }
len = do_buf(str->data, str->length, type, flags, &quotes, io_ch, NULL); len = do_buf(str->data, str->length, type, flags, &quotes, io_ch, NULL);
if(len < 0) return -1; if (len < 0)
return -1;
outlen += len; outlen += len;
if(quotes) outlen += 2; if (quotes)
if(!arg) return outlen; outlen += 2;
if(quotes && !io_ch(arg, "\"", 1)) return -1; if (!arg)
return outlen;
if (quotes && !io_ch(arg, "\"", 1))
return -1;
if (do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0) if (do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0)
return -1; return -1;
if(quotes && !io_ch(arg, "\"", 1)) return -1; if (quotes && !io_ch(arg, "\"", 1))
return -1;
return outlen; return outlen;
} }
@@ -382,7 +434,8 @@ static int do_indent(char_io *io_ch, void *arg, int indent)
{ {
int i; int i;
for (i = 0; i < indent; i++) for (i = 0; i < indent; i++)
if(!io_ch(arg, " ", 1)) return 0; if (!io_ch(arg, " ", 1))
return 0;
return 1; return 1;
} }
@@ -402,11 +455,12 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
int outlen, len; int outlen, len;
char *sep_dn, *sep_mv, *sep_eq; char *sep_dn, *sep_mv, *sep_eq;
int sep_dn_len, sep_mv_len, sep_eq_len; int sep_dn_len, sep_mv_len, sep_eq_len;
if(indent < 0) indent = 0; if (indent < 0)
indent = 0;
outlen = indent; outlen = indent;
if(!do_indent(io_ch, arg, indent)) return -1; if (!do_indent(io_ch, arg, indent))
switch (flags & XN_FLAG_SEP_MASK) return -1;
{ switch (flags & XN_FLAG_SEP_MASK) {
case XN_FLAG_SEP_MULTILINE: case XN_FLAG_SEP_MULTILINE:
sep_dn = "\n"; sep_dn = "\n";
sep_dn_len = 1; sep_dn_len = 1;
@@ -456,15 +510,19 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
for (i = 0; i < cnt; i++) { for (i = 0; i < cnt; i++) {
if (flags & XN_FLAG_DN_REV) if (flags & XN_FLAG_DN_REV)
ent = X509_NAME_get_entry(n, cnt - i - 1); ent = X509_NAME_get_entry(n, cnt - i - 1);
else ent = X509_NAME_get_entry(n, i); else
ent = X509_NAME_get_entry(n, i);
if (prev != -1) { if (prev != -1) {
if (prev == ent->set) { if (prev == ent->set) {
if(!io_ch(arg, sep_mv, sep_mv_len)) return -1; if (!io_ch(arg, sep_mv, sep_mv_len))
return -1;
outlen += sep_mv_len; outlen += sep_mv_len;
} else { } else {
if(!io_ch(arg, sep_dn, sep_dn_len)) return -1; if (!io_ch(arg, sep_dn, sep_dn_len))
return -1;
outlen += sep_dn_len; outlen += sep_dn_len;
if(!do_indent(io_ch, arg, indent)) return -1; if (!do_indent(io_ch, arg, indent))
return -1;
outlen += indent; outlen += indent;
} }
} }
@@ -491,24 +549,30 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
} }
} }
objlen = strlen(objbuf); objlen = strlen(objbuf);
if(!io_ch(arg, objbuf, objlen)) return -1; if (!io_ch(arg, objbuf, objlen))
return -1;
if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) { if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) {
if (!do_indent(io_ch, arg, fld_len - objlen)) return -1; if (!do_indent(io_ch, arg, fld_len - objlen))
return -1;
outlen += fld_len - objlen; outlen += fld_len - objlen;
} }
if(!io_ch(arg, sep_eq, sep_eq_len)) return -1; if (!io_ch(arg, sep_eq, sep_eq_len))
return -1;
outlen += objlen + sep_eq_len; outlen += objlen + sep_eq_len;
} }
/* If the field name is unknown then fix up the DER dump /*
* flag. We might want to limit this further so it will * If the field name is unknown then fix up the DER dump flag. We
* DER dump on anything other than a few 'standard' fields. * might want to limit this further so it will DER dump on anything
* other than a few 'standard' fields.
*/ */
if ((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS)) if ((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS))
orflags = ASN1_STRFLGS_DUMP_ALL; orflags = ASN1_STRFLGS_DUMP_ALL;
else orflags = 0; else
orflags = 0;
len = do_print_ex(io_ch, arg, flags | orflags, val); len = do_print_ex(io_ch, arg, flags | orflags, val);
if(len < 0) return -1; if (len < 0)
return -1;
outlen += len; outlen += len;
} }
return outlen; return outlen;
@@ -516,7 +580,8 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
/* Wrappers round the main functions */ /* Wrappers round the main functions */
int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags) int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent,
unsigned long flags)
{ {
if (flags == XN_FLAG_COMPAT) if (flags == XN_FLAG_COMPAT)
return X509_NAME_print(out, nm, indent); return X509_NAME_print(out, nm, indent);
@@ -524,14 +589,15 @@ int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags)
} }
#ifndef OPENSSL_NO_FP_API #ifndef OPENSSL_NO_FP_API
int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags) int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent,
{ unsigned long flags)
if(flags == XN_FLAG_COMPAT)
{ {
if (flags == XN_FLAG_COMPAT) {
BIO *btmp; BIO *btmp;
int ret; int ret;
btmp = BIO_new_fp(fp, BIO_NOCLOSE); btmp = BIO_new_fp(fp, BIO_NOCLOSE);
if(!btmp) return -1; if (!btmp)
return -1;
ret = X509_NAME_print(btmp, nm, indent); ret = X509_NAME_print(btmp, nm, indent);
BIO_free(btmp); BIO_free(btmp);
return ret; return ret;
@@ -552,7 +618,8 @@ int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags)
} }
#endif #endif
/* Utility function: convert any string type to UTF8, returns number of bytes /*
* Utility function: convert any string type to UTF8, returns number of bytes
* in output string or a negative error code * in output string or a negative error code
*/ */
@@ -560,16 +627,22 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
{ {
ASN1_STRING stmp, *str = &stmp; ASN1_STRING stmp, *str = &stmp;
int mbflag, type, ret; int mbflag, type, ret;
if(!in) return -1; if (!in)
return -1;
type = in->type; type = in->type;
if((type < 0) || (type > 30)) return -1; if ((type < 0) || (type > 30))
return -1;
mbflag = tag2nbyte[type]; mbflag = tag2nbyte[type];
if(mbflag == -1) return -1; if (mbflag == -1)
return -1;
mbflag |= MBSTRING_FLAG; mbflag |= MBSTRING_FLAG;
stmp.data = NULL; stmp.data = NULL;
stmp.length = 0; stmp.length = 0;
ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING); ret =
if(ret < 0) return ret; ASN1_mbstring_copy(&str, in->data, in->length, mbflag,
B_ASN1_UTF8STRING);
if (ret < 0)
return ret;
*out = stmp.data; *out = stmp.data;
return stmp.length; return stmp.length;
} }

113
crypto/asn1/a_strnid.c
View File

@@ -1,6 +1,7 @@
/* a_strnid.c */ /* a_strnid.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL /*
* project 1999. * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 1999.
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved. * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
@@ -62,17 +63,16 @@
#include <openssl/asn1.h> #include <openssl/asn1.h>
#include <openssl/objects.h> #include <openssl/objects.h>
static STACK_OF(ASN1_STRING_TABLE) *stable = NULL; static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;
static void st_free(ASN1_STRING_TABLE *tbl); static void st_free(ASN1_STRING_TABLE *tbl);
static int sk_table_cmp(const ASN1_STRING_TABLE *const *a, static int sk_table_cmp(const ASN1_STRING_TABLE *const *a,
const ASN1_STRING_TABLE *const *b); const ASN1_STRING_TABLE *const *b);
static int table_cmp(const void *a, const void *b); static int table_cmp(const void *a, const void *b);
/*
/* This is the global mask for the mbstring functions: this is use to * This is the global mask for the mbstring functions: this is use to mask
* mask out certain types (such as BMPString and UTF8String) because * out certain types (such as BMPString and UTF8String) because certain
* certain software (e.g. Netscape) has problems with them. * software (e.g. Netscape) has problems with them.
*/ */
static unsigned long global_mask = B_ASN1_UTF8STRING; static unsigned long global_mask = B_ASN1_UTF8STRING;
@@ -102,46 +102,59 @@ int ASN1_STRING_set_default_mask_asc(const char *p)
unsigned long mask; unsigned long mask;
char *end; char *end;
if (!strncmp(p, "MASK:", 5)) { if (!strncmp(p, "MASK:", 5)) {
if(!p[5]) return 0; if (!p[5])
return 0;
mask = strtoul(p + 5, &end, 0); mask = strtoul(p + 5, &end, 0);
if(*end) return 0; if (*end)
return 0;
} else if (!strcmp(p, "nombstr")) } else if (!strcmp(p, "nombstr"))
mask = ~((unsigned long)(B_ASN1_BMPSTRING | B_ASN1_UTF8STRING)); mask = ~((unsigned long)(B_ASN1_BMPSTRING | B_ASN1_UTF8STRING));
else if (!strcmp(p, "pkix")) else if (!strcmp(p, "pkix"))
mask = ~((unsigned long)B_ASN1_T61STRING); mask = ~((unsigned long)B_ASN1_T61STRING);
else if(!strcmp(p, "utf8only")) mask = B_ASN1_UTF8STRING; else if (!strcmp(p, "utf8only"))
mask = B_ASN1_UTF8STRING;
else if (!strcmp(p, "default")) else if (!strcmp(p, "default"))
mask = 0xFFFFFFFFL; mask = 0xFFFFFFFFL;
else return 0; else
return 0;
ASN1_STRING_set_default_mask(mask); ASN1_STRING_set_default_mask(mask);
return 1; return 1;
} }
/* The following function generates an ASN1_STRING based on limits in a table. /*
* Frequently the types and length of an ASN1_STRING are restricted by a * The following function generates an ASN1_STRING based on limits in a
* corresponding OID. For example certificates and certificate requests. * table. Frequently the types and length of an ASN1_STRING are restricted by
* a corresponding OID. For example certificates and certificate requests.
*/ */
ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out,
int inlen, int inform, int nid) const unsigned char *in, int inlen,
int inform, int nid)
{ {
ASN1_STRING_TABLE *tbl; ASN1_STRING_TABLE *tbl;
ASN1_STRING *str = NULL; ASN1_STRING *str = NULL;
unsigned long mask; unsigned long mask;
int ret; int ret;
if(!out) out = &str; if (!out)
out = &str;
tbl = ASN1_STRING_TABLE_get(nid); tbl = ASN1_STRING_TABLE_get(nid);
if (tbl) { if (tbl) {
mask = tbl->mask; mask = tbl->mask;
if(!(tbl->flags & STABLE_NO_MASK)) mask &= global_mask; if (!(tbl->flags & STABLE_NO_MASK))
mask &= global_mask;
ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask, ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask,
tbl->minsize, tbl->maxsize); tbl->minsize, tbl->maxsize);
} else ret = ASN1_mbstring_copy(out, in, inlen, inform, DIRSTRING_TYPE & global_mask); } else
if(ret <= 0) return NULL; ret =
ASN1_mbstring_copy(out, in, inlen, inform,
DIRSTRING_TYPE & global_mask);
if (ret <= 0)
return NULL;
return *out; return *out;
} }
/* Now the tables and helper functions for the string table: /*
* Now the tables and helper functions for the string table:
*/ */
/* size limits: this stuff is taken straight from RFC3280 */ /* size limits: this stuff is taken straight from RFC3280 */
@@ -156,7 +169,6 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
#define ub_email_address 128 #define ub_email_address 128
#define ub_serial_number 64 #define ub_serial_number 64
/* This table must be kept in NID order */ /* This table must be kept in NID order */
static ASN1_STRING_TABLE tbl_standard[] = { static ASN1_STRING_TABLE tbl_standard[] = {
@@ -165,15 +177,18 @@ static ASN1_STRING_TABLE tbl_standard[] = {
{NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0}, {NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0},
{NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0}, {NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0},
{NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0}, {NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0},
{NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE, 0}, {NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE,
{NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING, STABLE_NO_MASK}, 0},
{NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING,
STABLE_NO_MASK},
{NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0}, {NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0},
{NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0}, {NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0},
{NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0}, {NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0},
{NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0}, {NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0},
{NID_surname, 1, ub_name, DIRSTRING_TYPE, 0}, {NID_surname, 1, ub_name, DIRSTRING_TYPE, 0},
{NID_initials, 1, ub_name, DIRSTRING_TYPE, 0}, {NID_initials, 1, ub_name, DIRSTRING_TYPE, 0},
{NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, {NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING,
STABLE_NO_MASK},
{NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, {NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
{NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, {NID_name, 1, ub_name, DIRSTRING_TYPE, 0},
{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
@@ -201,12 +216,17 @@ ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
fnd.nid = nid; fnd.nid = nid;
ttmp = (ASN1_STRING_TABLE *)OBJ_bsearch((char *)&fnd, ttmp = (ASN1_STRING_TABLE *)OBJ_bsearch((char *)&fnd,
(char *)tbl_standard, (char *)tbl_standard,
sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE), sizeof(tbl_standard) /
sizeof(ASN1_STRING_TABLE), table_cmp); sizeof(ASN1_STRING_TABLE),
if(ttmp) return ttmp; sizeof(ASN1_STRING_TABLE),
if(!stable) return NULL; table_cmp);
if (ttmp)
return ttmp;
if (!stable)
return NULL;
idx = sk_ASN1_STRING_TABLE_find(stable, &fnd); idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);
if(idx < 0) return NULL; if (idx < 0)
return NULL;
return sk_ASN1_STRING_TABLE_value(stable, idx); return sk_ASN1_STRING_TABLE_value(stable, idx);
} }
@@ -217,7 +237,8 @@ int ASN1_STRING_TABLE_add(int nid,
ASN1_STRING_TABLE *tmp; ASN1_STRING_TABLE *tmp;
char new_nid = 0; char new_nid = 0;
flags &= ~STABLE_FLAGS_MALLOC; flags &= ~STABLE_FLAGS_MALLOC;
if(!stable) stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp); if (!stable)
stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp);
if (!stable) { if (!stable) {
ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE);
return 0; return 0;
@@ -225,18 +246,21 @@ int ASN1_STRING_TABLE_add(int nid,
if (!(tmp = ASN1_STRING_TABLE_get(nid))) { if (!(tmp = ASN1_STRING_TABLE_get(nid))) {
tmp = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE)); tmp = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE));
if (!tmp) { if (!tmp) {
ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE);
ERR_R_MALLOC_FAILURE);
return 0; return 0;
} }
tmp->flags = flags | STABLE_FLAGS_MALLOC; tmp->flags = flags | STABLE_FLAGS_MALLOC;
tmp->nid = nid; tmp->nid = nid;
new_nid = 1; new_nid = 1;
} else tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags; } else
if(minsize != -1) tmp->minsize = minsize; tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags;
if(maxsize != -1) tmp->maxsize = maxsize; if (minsize != -1)
tmp->minsize = minsize;
if (maxsize != -1)
tmp->maxsize = maxsize;
tmp->mask = mask; tmp->mask = mask;
if(new_nid) sk_ASN1_STRING_TABLE_push(stable, tmp); if (new_nid)
sk_ASN1_STRING_TABLE_push(stable, tmp);
return 1; return 1;
} }
@@ -244,14 +268,16 @@ void ASN1_STRING_TABLE_cleanup(void)
{ {
STACK_OF(ASN1_STRING_TABLE) *tmp; STACK_OF(ASN1_STRING_TABLE) *tmp;
tmp = stable; tmp = stable;
if(!tmp) return; if (!tmp)
return;
stable = NULL; stable = NULL;
sk_ASN1_STRING_TABLE_pop_free(tmp, st_free); sk_ASN1_STRING_TABLE_pop_free(tmp, st_free);
} }
static void st_free(ASN1_STRING_TABLE *tbl) static void st_free(ASN1_STRING_TABLE *tbl)
{ {
if(tbl->flags & STABLE_FLAGS_MALLOC) OPENSSL_free(tbl); if (tbl->flags & STABLE_FLAGS_MALLOC)
OPENSSL_free(tbl);
} }
@@ -265,18 +291,15 @@ main()
int i, last_nid = -1; int i, last_nid = -1;
for (tmp = tbl_standard, i = 0; for (tmp = tbl_standard, i = 0;
i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++) i < sizeof(tbl_standard) / sizeof(ASN1_STRING_TABLE); i++, tmp++) {
{ if (tmp->nid < last_nid) {
if (tmp->nid < last_nid)
{
last_nid = 0; last_nid = 0;
break; break;
} }
last_nid = tmp->nid; last_nid = tmp->nid;
} }
if (last_nid != 0) if (last_nid != 0) {
{
printf("Table order OK\n"); printf("Table order OK\n");
exit(0); exit(0);
} }

33
crypto/asn1/a_time.c
View File

@@ -53,7 +53,6 @@
* *
*/ */
/*- /*-
* This is an implementation of the ASN1 Time structure which is: * This is an implementation of the ASN1 Time structure which is:
* Time ::= CHOICE { * Time ::= CHOICE {
@@ -85,7 +84,8 @@ int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp)
tmpstr = *(ASN1_STRING *)a; tmpstr = *(ASN1_STRING *)a;
len = tmpstr.length; len = tmpstr.length;
ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len); ebcdic2ascii(tmp, tmpstr.data,
(len >= sizeof tmp) ? sizeof tmp : len);
tmpstr.data = tmp; tmpstr.data = tmp;
a = (ASN1_GENERALIZEDTIME *)&tmpstr; a = (ASN1_GENERALIZEDTIME *)&tmpstr;
} }
@@ -98,15 +98,13 @@ int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp)
} }
#endif #endif
ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t) ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
{ {
struct tm *ts; struct tm *ts;
struct tm data; struct tm data;
ts = OPENSSL_gmtime(&t, &data); ts = OPENSSL_gmtime(&t, &data);
if (ts == NULL) if (ts == NULL) {
{
ASN1err(ASN1_F_ASN1_TIME_SET, ASN1_R_ERROR_GETTING_TIME); ASN1err(ASN1_F_ASN1_TIME_SET, ASN1_R_ERROR_GETTING_TIME);
return NULL; return NULL;
} }
@@ -125,25 +123,26 @@ int ASN1_TIME_check(ASN1_TIME *t)
} }
/* Convert an ASN1_TIME structure to GeneralizedTime */ /* Convert an ASN1_TIME structure to GeneralizedTime */
ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out) ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t,
ASN1_GENERALIZEDTIME **out)
{ {
ASN1_GENERALIZEDTIME *ret; ASN1_GENERALIZEDTIME *ret;
char *str; char *str;
int newlen; int newlen;
if (!ASN1_TIME_check(t)) return NULL; if (!ASN1_TIME_check(t))
return NULL;
if (!out || !*out) if (!out || !*out) {
{
if (!(ret = ASN1_GENERALIZEDTIME_new())) if (!(ret = ASN1_GENERALIZEDTIME_new()))
return NULL; return NULL;
if (out) *out = ret; if (out)
} *out = ret;
else ret = *out; } else
ret = *out;
/* If already GeneralizedTime just copy across */ /* If already GeneralizedTime just copy across */
if (t->type == V_ASN1_GENERALIZEDTIME) if (t->type == V_ASN1_GENERALIZEDTIME) {
{
if (!ASN1_STRING_set(ret, t->data, t->length)) if (!ASN1_STRING_set(ret, t->data, t->length))
return NULL; return NULL;
return ret; return ret;
@@ -156,8 +155,10 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZE
newlen = t->length + 2 + 1; newlen = t->length + 2 + 1;
str = (char *)ret->data; str = (char *)ret->data;
/* Work out the century and prepend */ /* Work out the century and prepend */
if (t->data[0] >= '5') BUF_strlcpy(str, "19", newlen); if (t->data[0] >= '5')
else BUF_strlcpy(str, "20", newlen); BUF_strlcpy(str, "19", newlen);
else
BUF_strlcpy(str, "20", newlen);
BUF_strlcat(str, (char *)t->data, newlen); BUF_strlcat(str, (char *)t->data, newlen);

21
crypto/asn1/a_type.c
View File

@@ -71,8 +71,7 @@ int ASN1_TYPE_get(ASN1_TYPE *a)
void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value) void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
{ {
if (a->value.ptr != NULL) if (a->value.ptr != NULL) {
{
ASN1_TYPE **tmp_a = &a; ASN1_TYPE **tmp_a = &a;
ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL); ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL);
} }
@@ -82,21 +81,16 @@ void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value) int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value)
{ {
if (!value || (type == V_ASN1_BOOLEAN)) if (!value || (type == V_ASN1_BOOLEAN)) {
{
void *p = (void *)value; void *p = (void *)value;
ASN1_TYPE_set(a, type, p); ASN1_TYPE_set(a, type, p);
} } else if (type == V_ASN1_OBJECT) {
else if (type == V_ASN1_OBJECT)
{
ASN1_OBJECT *odup; ASN1_OBJECT *odup;
odup = OBJ_dup(value); odup = OBJ_dup(value);
if (!odup) if (!odup)
return 0; return 0;
ASN1_TYPE_set(a, type, odup); ASN1_TYPE_set(a, type, odup);
} } else {
else
{
ASN1_STRING *sdup; ASN1_STRING *sdup;
sdup = ASN1_STRING_dup((ASN1_STRING *)value); sdup = ASN1_STRING_dup((ASN1_STRING *)value);
if (!sdup) if (!sdup)
@@ -107,6 +101,7 @@ int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value)
} }
IMPLEMENT_STACK_OF(ASN1_TYPE) IMPLEMENT_STACK_OF(ASN1_TYPE)
IMPLEMENT_ASN1_SET_OF(ASN1_TYPE) IMPLEMENT_ASN1_SET_OF(ASN1_TYPE)
/* Returns 0 if they are equal, != 0 otherwise. */ /* Returns 0 if they are equal, != 0 otherwise. */
@@ -114,10 +109,10 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b)
{ {
int result = -1; int result = -1;
if (!a || !b || a->type != b->type) return -1; if (!a || !b || a->type != b->type)
return -1;
switch (a->type) switch (a->type) {
{
case V_ASN1_OBJECT: case V_ASN1_OBJECT:
result = OBJ_cmp(a->value.object, b->value.object); result = OBJ_cmp(a->value.object, b->value.object);
break; break;

82
crypto/asn1/a_utctm.c
View File

@@ -81,7 +81,6 @@ int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp)
# endif # endif
} }
ASN1_UTCTIME *d2i_ASN1_UTCTIME(ASN1_UTCTIME **a, unsigned char **pp, ASN1_UTCTIME *d2i_ASN1_UTCTIME(ASN1_UTCTIME **a, unsigned char **pp,
long length) long length)
{ {
@@ -89,16 +88,14 @@ ASN1_UTCTIME *d2i_ASN1_UTCTIME(ASN1_UTCTIME **a, unsigned char **pp,
ret = (ASN1_UTCTIME *)d2i_ASN1_bytes((ASN1_STRING **)a, pp, length, ret = (ASN1_UTCTIME *)d2i_ASN1_bytes((ASN1_STRING **)a, pp, length,
V_ASN1_UTCTIME, V_ASN1_UNIVERSAL); V_ASN1_UTCTIME, V_ASN1_UNIVERSAL);
if (ret == NULL) if (ret == NULL) {
{
ASN1err(ASN1_F_D2I_ASN1_UTCTIME, ERR_R_NESTED_ASN1_ERROR); ASN1err(ASN1_F_D2I_ASN1_UTCTIME, ERR_R_NESTED_ASN1_ERROR);
return (NULL); return (NULL);
} }
# ifdef CHARSET_EBCDIC # ifdef CHARSET_EBCDIC
ascii2ebcdic(ret->data, ret->data, ret->length); ascii2ebcdic(ret->data, ret->data, ret->length);
# endif # endif
if (!ASN1_UTCTIME_check(ret)) if (!ASN1_UTCTIME_check(ret)) {
{
ASN1err(ASN1_F_D2I_ASN1_UTCTIME, ASN1_R_INVALID_TIME_FORMAT); ASN1err(ASN1_F_D2I_ASN1_UTCTIME, ASN1_R_INVALID_TIME_FORMAT);
goto err; goto err;
} }
@@ -119,41 +116,50 @@ int ASN1_UTCTIME_check(ASN1_UTCTIME *d)
char *a; char *a;
int n, i, l, o; int n, i, l, o;
if (d->type != V_ASN1_UTCTIME) return(0); if (d->type != V_ASN1_UTCTIME)
return (0);
l = d->length; l = d->length;
a = (char *)d->data; a = (char *)d->data;
o = 0; o = 0;
if (l < 11) goto err; if (l < 11)
for (i=0; i<6; i++) goto err;
{ for (i = 0; i < 6; i++) {
if ((i == 5) && ((a[o] == 'Z') || if ((i == 5) && ((a[o] == 'Z') || (a[o] == '+') || (a[o] == '-'))) {
(a[o] == '+') || (a[o] == '-'))) i++;
{ i++; break; } break;
if ((a[o] < '0') || (a[o] > '9')) goto err; }
if ((a[o] < '0') || (a[o] > '9'))
goto err;
n = a[o] - '0'; n = a[o] - '0';
if (++o > l) goto err; if (++o > l)
goto err;
if ((a[o] < '0') || (a[o] > '9')) goto err; if ((a[o] < '0') || (a[o] > '9'))
goto err;
n = (n * 10) + a[o] - '0'; n = (n * 10) + a[o] - '0';
if (++o > l) goto err; if (++o > l)
goto err;
if ((n < min[i]) || (n > max[i])) goto err; if ((n < min[i]) || (n > max[i]))
goto err;
} }
if (a[o] == 'Z') if (a[o] == 'Z')
o++; o++;
else if ((a[o] == '+') || (a[o] == '-')) else if ((a[o] == '+') || (a[o] == '-')) {
{
o++; o++;
if (o+4 > l) goto err; if (o + 4 > l)
for (i=6; i<8; i++) goto err;
{ for (i = 6; i < 8; i++) {
if ((a[o] < '0') || (a[o] > '9')) goto err; if ((a[o] < '0') || (a[o] > '9'))
goto err;
n = a[o] - '0'; n = a[o] - '0';
o++; o++;
if ((a[o] < '0') || (a[o] > '9')) goto err; if ((a[o] < '0') || (a[o] > '9'))
goto err;
n = (n * 10) + a[o] - '0'; n = (n * 10) + a[o] - '0';
if ((n < min[i]) || (n > max[i])) goto err; if ((n < min[i]) || (n > max[i]))
goto err;
o++; o++;
} }
} }
@@ -169,18 +175,15 @@ int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str)
t.type = V_ASN1_UTCTIME; t.type = V_ASN1_UTCTIME;
t.length = strlen(str); t.length = strlen(str);
t.data = (unsigned char *)str; t.data = (unsigned char *)str;
if (ASN1_UTCTIME_check(&t)) if (ASN1_UTCTIME_check(&t)) {
{ if (s != NULL) {
if (s != NULL)
{
if (!ASN1_STRING_set((ASN1_STRING *)s, if (!ASN1_STRING_set((ASN1_STRING *)s,
(unsigned char *)str, t.length)) (unsigned char *)str, t.length))
return 0; return 0;
s->type = V_ASN1_UTCTIME; s->type = V_ASN1_UTCTIME;
} }
return (1); return (1);
} } else
else
return (0); return (0);
} }
@@ -201,11 +204,9 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
return (NULL); return (NULL);
p = (char *)s->data; p = (char *)s->data;
if ((p == NULL) || ((size_t)s->length < len)) if ((p == NULL) || ((size_t)s->length < len)) {
{
p = OPENSSL_malloc(len); p = OPENSSL_malloc(len);
if (p == NULL) if (p == NULL) {
{
ASN1err(ASN1_F_ASN1_UTCTIME_SET, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_ASN1_UTCTIME_SET, ERR_R_MALLOC_FAILURE);
return (NULL); return (NULL);
} }
@@ -215,7 +216,8 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
} }
BIO_snprintf(p, len, "%02d%02d%02d%02d%02d%02dZ", ts->tm_year % 100, BIO_snprintf(p, len, "%02d%02d%02d%02d%02d%02dZ", ts->tm_year % 100,
ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec); ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min,
ts->tm_sec);
s->length = strlen(p); s->length = strlen(p);
s->type = V_ASN1_UTCTIME; s->type = V_ASN1_UTCTIME;
#ifdef CHARSET_EBCDIC_not #ifdef CHARSET_EBCDIC_not
@@ -224,7 +226,6 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
return (s); return (s);
} }
int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t) int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
{ {
struct tm *tm; struct tm *tm;
@@ -236,8 +237,7 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
if (s->data[12] == 'Z') if (s->data[12] == 'Z')
offset = 0; offset = 0;
else else {
{
offset = g2(s->data + 13) * 60 + g2(s->data + 15); offset = g2(s->data + 13) * 60 + g2(s->data + 15);
if (s->data[12] == '-') if (s->data[12] == '-')
offset = -offset; offset = -offset;
@@ -263,7 +263,6 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
return 0; return 0;
} }
#if 0 #if 0
time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s) time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s)
{ {
@@ -283,8 +282,7 @@ time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s)
tm.tm_sec = g2(s->data + 10); tm.tm_sec = g2(s->data + 10);
if (s->data[12] == 'Z') if (s->data[12] == 'Z')
offset = 0; offset = 0;
else else {
{
offset = g2(s->data + 13) * 60 + g2(s->data + 15); offset = g2(s->data + 13) * 60 + g2(s->data + 15);
if (s->data[12] == '-') if (s->data[12] == '-')
offset = -offset; offset = -offset;

87
crypto/asn1/a_utf8.c
View File

@@ -60,7 +60,6 @@
#include "cryptlib.h" #include "cryptlib.h"
#include <openssl/asn1.h> #include <openssl/asn1.h>
/* UTF8 utilities */ /* UTF8 utilities */
/*- /*-
@@ -79,7 +78,8 @@ int UTF8_getc(const unsigned char *str, int len, unsigned long *val)
const unsigned char *p; const unsigned char *p;
unsigned long value; unsigned long value;
int ret; int ret;
if(len <= 0) return 0; if (len <= 0)
return 0;
p = str; p = str;
/* Check syntax and work out the encoded value (if correct) */ /* Check syntax and work out the encoded value (if correct) */
@@ -87,82 +87,103 @@ int UTF8_getc(const unsigned char *str, int len, unsigned long *val)
value = *p++ & 0x7f; value = *p++ & 0x7f;
ret = 1; ret = 1;
} else if ((*p & 0xe0) == 0xc0) { } else if ((*p & 0xe0) == 0xc0) {
if(len < 2) return -1; if (len < 2)
if((p[1] & 0xc0) != 0x80) return -3; return -1;
if ((p[1] & 0xc0) != 0x80)
return -3;
value = (*p++ & 0x1f) << 6; value = (*p++ & 0x1f) << 6;
value |= *p++ & 0x3f; value |= *p++ & 0x3f;
if(value < 0x80) return -4; if (value < 0x80)
return -4;
ret = 2; ret = 2;
} else if ((*p & 0xf0) == 0xe0) { } else if ((*p & 0xf0) == 0xe0) {
if(len < 3) return -1; if (len < 3)
return -1;
if (((p[1] & 0xc0) != 0x80) if (((p[1] & 0xc0) != 0x80)
|| ((p[2] & 0xc0) != 0x80) ) return -3; || ((p[2] & 0xc0) != 0x80))
return -3;
value = (*p++ & 0xf) << 12; value = (*p++ & 0xf) << 12;
value |= (*p++ & 0x3f) << 6; value |= (*p++ & 0x3f) << 6;
value |= *p++ & 0x3f; value |= *p++ & 0x3f;
if(value < 0x800) return -4; if (value < 0x800)
return -4;
ret = 3; ret = 3;
} else if ((*p & 0xf8) == 0xf0) { } else if ((*p & 0xf8) == 0xf0) {
if(len < 4) return -1; if (len < 4)
return -1;
if (((p[1] & 0xc0) != 0x80) if (((p[1] & 0xc0) != 0x80)
|| ((p[2] & 0xc0) != 0x80) || ((p[2] & 0xc0) != 0x80)
|| ((p[3] & 0xc0) != 0x80) ) return -3; || ((p[3] & 0xc0) != 0x80))
return -3;
value = ((unsigned long)(*p++ & 0x7)) << 18; value = ((unsigned long)(*p++ & 0x7)) << 18;
value |= (*p++ & 0x3f) << 12; value |= (*p++ & 0x3f) << 12;
value |= (*p++ & 0x3f) << 6; value |= (*p++ & 0x3f) << 6;
value |= *p++ & 0x3f; value |= *p++ & 0x3f;
if(value < 0x10000) return -4; if (value < 0x10000)
return -4;
ret = 4; ret = 4;
} else if ((*p & 0xfc) == 0xf8) { } else if ((*p & 0xfc) == 0xf8) {
if(len < 5) return -1; if (len < 5)
return -1;
if (((p[1] & 0xc0) != 0x80) if (((p[1] & 0xc0) != 0x80)
|| ((p[2] & 0xc0) != 0x80) || ((p[2] & 0xc0) != 0x80)
|| ((p[3] & 0xc0) != 0x80) || ((p[3] & 0xc0) != 0x80)
|| ((p[4] & 0xc0) != 0x80) ) return -3; || ((p[4] & 0xc0) != 0x80))
return -3;
value = ((unsigned long)(*p++ & 0x3)) << 24; value = ((unsigned long)(*p++ & 0x3)) << 24;
value |= ((unsigned long)(*p++ & 0x3f)) << 18; value |= ((unsigned long)(*p++ & 0x3f)) << 18;
value |= ((unsigned long)(*p++ & 0x3f)) << 12; value |= ((unsigned long)(*p++ & 0x3f)) << 12;
value |= (*p++ & 0x3f) << 6; value |= (*p++ & 0x3f) << 6;
value |= *p++ & 0x3f; value |= *p++ & 0x3f;
if(value < 0x200000) return -4; if (value < 0x200000)
return -4;
ret = 5; ret = 5;
} else if ((*p & 0xfe) == 0xfc) { } else if ((*p & 0xfe) == 0xfc) {
if(len < 6) return -1; if (len < 6)
return -1;
if (((p[1] & 0xc0) != 0x80) if (((p[1] & 0xc0) != 0x80)
|| ((p[2] & 0xc0) != 0x80) || ((p[2] & 0xc0) != 0x80)
|| ((p[3] & 0xc0) != 0x80) || ((p[3] & 0xc0) != 0x80)
|| ((p[4] & 0xc0) != 0x80) || ((p[4] & 0xc0) != 0x80)
|| ((p[5] & 0xc0) != 0x80) ) return -3; || ((p[5] & 0xc0) != 0x80))
return -3;
value = ((unsigned long)(*p++ & 0x1)) << 30; value = ((unsigned long)(*p++ & 0x1)) << 30;
value |= ((unsigned long)(*p++ & 0x3f)) << 24; value |= ((unsigned long)(*p++ & 0x3f)) << 24;
value |= ((unsigned long)(*p++ & 0x3f)) << 18; value |= ((unsigned long)(*p++ & 0x3f)) << 18;
value |= ((unsigned long)(*p++ & 0x3f)) << 12; value |= ((unsigned long)(*p++ & 0x3f)) << 12;
value |= (*p++ & 0x3f) << 6; value |= (*p++ & 0x3f) << 6;
value |= *p++ & 0x3f; value |= *p++ & 0x3f;
if(value < 0x4000000) return -4; if (value < 0x4000000)
return -4;
ret = 6; ret = 6;
} else return -2; } else
return -2;
*val = value; *val = value;
return ret; return ret;
} }
/* This takes a character 'value' and writes the UTF8 encoded value in /*
* 'str' where 'str' is a buffer containing 'len' characters. Returns * This takes a character 'value' and writes the UTF8 encoded value in 'str'
* the number of characters written or -1 if 'len' is too small. 'str' can * where 'str' is a buffer containing 'len' characters. Returns the number of
* be set to NULL in which case it just returns the number of characters. * characters written or -1 if 'len' is too small. 'str' can be set to NULL
* It will need at most 6 characters. * in which case it just returns the number of characters. It will need at
* most 6 characters.
*/ */
int UTF8_putc(unsigned char *str, int len, unsigned long value) int UTF8_putc(unsigned char *str, int len, unsigned long value)
{ {
if(!str) len = 6; /* Maximum we will need */ if (!str)
else if(len <= 0) return -1; len = 6; /* Maximum we will need */
else if (len <= 0)
return -1;
if (value < 0x80) { if (value < 0x80) {
if(str) *str = (unsigned char)value; if (str)
*str = (unsigned char)value;
return 1; return 1;
} }
if (value < 0x800) { if (value < 0x800) {
if(len < 2) return -1; if (len < 2)
return -1;
if (str) { if (str) {
*str++ = (unsigned char)(((value >> 6) & 0x1f) | 0xc0); *str++ = (unsigned char)(((value >> 6) & 0x1f) | 0xc0);
*str = (unsigned char)((value & 0x3f) | 0x80); *str = (unsigned char)((value & 0x3f) | 0x80);
@@ -170,7 +191,8 @@ int UTF8_putc(unsigned char *str, int len, unsigned long value)
return 2; return 2;
} }
if (value < 0x10000) { if (value < 0x10000) {
if(len < 3) return -1; if (len < 3)
return -1;
if (str) { if (str) {
*str++ = (unsigned char)(((value >> 12) & 0xf) | 0xe0); *str++ = (unsigned char)(((value >> 12) & 0xf) | 0xe0);
*str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80); *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
@@ -179,7 +201,8 @@ int UTF8_putc(unsigned char *str, int len, unsigned long value)
return 3; return 3;
} }
if (value < 0x200000) { if (value < 0x200000) {
if(len < 4) return -1; if (len < 4)
return -1;
if (str) { if (str) {
*str++ = (unsigned char)(((value >> 18) & 0x7) | 0xf0); *str++ = (unsigned char)(((value >> 18) & 0x7) | 0xf0);
*str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80); *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
@@ -189,7 +212,8 @@ int UTF8_putc(unsigned char *str, int len, unsigned long value)
return 4; return 4;
} }
if (value < 0x4000000) { if (value < 0x4000000) {
if(len < 5) return -1; if (len < 5)
return -1;
if (str) { if (str) {
*str++ = (unsigned char)(((value >> 24) & 0x3) | 0xf8); *str++ = (unsigned char)(((value >> 24) & 0x3) | 0xf8);
*str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80); *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80);
@@ -199,7 +223,8 @@ int UTF8_putc(unsigned char *str, int len, unsigned long value)
} }
return 5; return 5;
} }
if(len < 6) return -1; if (len < 6)
return -1;
if (str) { if (str) {
*str++ = (unsigned char)(((value >> 30) & 0x1) | 0xfc); *str++ = (unsigned char)(((value >> 30) & 0x1) | 0xfc);
*str++ = (unsigned char)(((value >> 24) & 0x3f) | 0x80); *str++ = (unsigned char)(((value >> 24) & 0x3f) | 0x80);

55
crypto/asn1/a_verify.c
View File

@@ -84,30 +84,26 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
EVP_MD_CTX_init(&ctx); EVP_MD_CTX_init(&ctx);
i = OBJ_obj2nid(a->algorithm); i = OBJ_obj2nid(a->algorithm);
type = EVP_get_digestbyname(OBJ_nid2sn(i)); type = EVP_get_digestbyname(OBJ_nid2sn(i));
if (type == NULL) if (type == NULL) {
{
ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
goto err; goto err;
} }
if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) {
{
ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
goto err; goto err;
} }
inl = i2d(data, NULL); inl = i2d(data, NULL);
buf_in = OPENSSL_malloc((unsigned int)inl); buf_in = OPENSSL_malloc((unsigned int)inl);
if (buf_in == NULL) if (buf_in == NULL) {
{
ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE);
goto err; goto err;
} }
p = buf_in; p = buf_in;
i2d(data, &p); i2d(data, &p);
if (!EVP_VerifyInit_ex(&ctx,type, NULL)) if (!EVP_VerifyInit_ex(&ctx, type, NULL)) {
{
ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB); ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB);
ret = 0; ret = 0;
goto err; goto err;
@@ -118,14 +114,15 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
OPENSSL_free(buf_in); OPENSSL_free(buf_in);
if (EVP_VerifyFinal(&ctx, (unsigned char *)signature->data, if (EVP_VerifyFinal(&ctx, (unsigned char *)signature->data,
(unsigned int)signature->length,pkey) <= 0) (unsigned int)signature->length, pkey) <= 0) {
{
ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB); ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB);
ret = 0; ret = 0;
goto err; goto err;
} }
/* we don't need to zero the 'ctx' because we just checked /*
* public information */ * we don't need to zero the 'ctx' because we just checked public
* information
*/
/* memset(&ctx,0,sizeof(ctx)); */ /* memset(&ctx,0,sizeof(ctx)); */
ret = 1; ret = 1;
err: err:
@@ -135,23 +132,20 @@ err:
#endif #endif
int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature, ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey)
void *asn, EVP_PKEY *pkey)
{ {
EVP_MD_CTX ctx; EVP_MD_CTX ctx;
const EVP_MD *type; const EVP_MD *type;
unsigned char *buf_in = NULL; unsigned char *buf_in = NULL;
int ret = -1, i, inl; int ret = -1, i, inl;
if (!pkey) if (!pkey) {
{
ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER); ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
return -1; return -1;
} }
if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) {
{
ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
return -1; return -1;
} }
@@ -159,14 +153,13 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
EVP_MD_CTX_init(&ctx); EVP_MD_CTX_init(&ctx);
i = OBJ_obj2nid(a->algorithm); i = OBJ_obj2nid(a->algorithm);
type = EVP_get_digestbyname(OBJ_nid2sn(i)); type = EVP_get_digestbyname(OBJ_nid2sn(i));
if (type == NULL) if (type == NULL) {
{ ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
goto err; goto err;
} }
if (!EVP_VerifyInit_ex(&ctx,type, NULL)) if (!EVP_VerifyInit_ex(&ctx, type, NULL)) {
{
ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
ret = 0; ret = 0;
goto err; goto err;
@@ -174,8 +167,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
inl = ASN1_item_i2d(asn, &buf_in, it); inl = ASN1_item_i2d(asn, &buf_in, it);
if (buf_in == NULL) if (buf_in == NULL) {
{
ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE);
goto err; goto err;
} }
@@ -186,19 +178,18 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
OPENSSL_free(buf_in); OPENSSL_free(buf_in);
if (EVP_VerifyFinal(&ctx, (unsigned char *)signature->data, if (EVP_VerifyFinal(&ctx, (unsigned char *)signature->data,
(unsigned int)signature->length,pkey) <= 0) (unsigned int)signature->length, pkey) <= 0) {
{
ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
ret = 0; ret = 0;
goto err; goto err;
} }
/* we don't need to zero the 'ctx' because we just checked /*
* public information */ * we don't need to zero the 'ctx' because we just checked public
* information
*/
/* memset(&ctx,0,sizeof(ctx)); */ /* memset(&ctx,0,sizeof(ctx)); */
ret = 1; ret = 1;
err: err:
EVP_MD_CTX_cleanup(&ctx); EVP_MD_CTX_cleanup(&ctx);
return (ret); return (ret);
} }

205
crypto/asn1/asn1.h
View File

@@ -129,7 +129,6 @@ extern "C" {
# define V_ASN1_GENERALSTRING 27 /**/ # define V_ASN1_GENERALSTRING 27 /**/
# define V_ASN1_UNIVERSALSTRING 28 /**/ # define V_ASN1_UNIVERSALSTRING 28 /**/
# define V_ASN1_BMPSTRING 30 # define V_ASN1_BMPSTRING 30
/* For use with d2i_ASN1_type_bytes() */ /* For use with d2i_ASN1_type_bytes() */
# define B_ASN1_NUMERICSTRING 0x0001 # define B_ASN1_NUMERICSTRING 0x0001
# define B_ASN1_PRINTABLESTRING 0x0002 # define B_ASN1_PRINTABLESTRING 0x0002
@@ -150,32 +149,30 @@ extern "C" {
# define B_ASN1_UTCTIME 0x4000 # define B_ASN1_UTCTIME 0x4000
# define B_ASN1_GENERALIZEDTIME 0x8000 # define B_ASN1_GENERALIZEDTIME 0x8000
# define B_ASN1_SEQUENCE 0x10000 # define B_ASN1_SEQUENCE 0x10000
/* For use with ASN1_mbstring_copy() */ /* For use with ASN1_mbstring_copy() */
# define MBSTRING_FLAG 0x1000 # define MBSTRING_FLAG 0x1000
# define MBSTRING_UTF8 (MBSTRING_FLAG) # define MBSTRING_UTF8 (MBSTRING_FLAG)
# define MBSTRING_ASC (MBSTRING_FLAG|1) # define MBSTRING_ASC (MBSTRING_FLAG|1)
# define MBSTRING_BMP (MBSTRING_FLAG|2) # define MBSTRING_BMP (MBSTRING_FLAG|2)
# define MBSTRING_UNIV (MBSTRING_FLAG|4) # define MBSTRING_UNIV (MBSTRING_FLAG|4)
# define SMIME_OLDMIME 0x400 # define SMIME_OLDMIME 0x400
# define SMIME_CRLFEOL 0x800 # define SMIME_CRLFEOL 0x800
# define SMIME_STREAM 0x1000 # define SMIME_STREAM 0x1000
struct X509_algor_st; struct X509_algor_st;
DECLARE_STACK_OF(X509_ALGOR) DECLARE_STACK_OF(X509_ALGOR)
# define DECLARE_ASN1_SET_OF(type)/* filled in by mkstack.pl */ # define DECLARE_ASN1_SET_OF(type)/* filled in by mkstack.pl */
# define IMPLEMENT_ASN1_SET_OF(type)/* nothing, no longer needed */ # define IMPLEMENT_ASN1_SET_OF(type)/* nothing, no longer needed */
/* We MUST make sure that, except for constness, asn1_ctx_st and /*
asn1_const_ctx are exactly the same. Fortunately, as soon as * We MUST make sure that, except for constness, asn1_ctx_st and
the old ASN1 parsing macros are gone, we can throw this away * asn1_const_ctx are exactly the same. Fortunately, as soon as the old ASN1
as well... */ * parsing macros are gone, we can throw this away as well...
typedef struct asn1_ctx_st */
{ typedef struct asn1_ctx_st {
unsigned char *p; /* work char pointer */ unsigned char *p; /* work char pointer */
int eos; /* end of sequence read for indefinite encoding */ int eos; /* end of sequence read for indefinite
* encoding */
int error; /* error code to use when returning an error */ int error; /* error code to use when returning an error */
int inf; /* constructed if 0x20, indefinite is 0x21 */ int inf; /* constructed if 0x20, indefinite is 0x21 */
int tag; /* tag from last 'get object' */ int tag; /* tag from last 'get object' */
@@ -187,10 +184,10 @@ typedef struct asn1_ctx_st
int line; /* used in error processing */ int line; /* used in error processing */
} ASN1_CTX; } ASN1_CTX;
typedef struct asn1_const_ctx_st typedef struct asn1_const_ctx_st {
{
const unsigned char *p; /* work char pointer */ const unsigned char *p; /* work char pointer */
int eos; /* end of sequence read for indefinite encoding */ int eos; /* end of sequence read for indefinite
* encoding */
int error; /* error code to use when returning an error */ int error; /* error code to use when returning an error */
int inf; /* constructed if 0x20, indefinite is 0x21 */ int inf; /* constructed if 0x20, indefinite is 0x21 */
int tag; /* tag from last 'get object' */ int tag; /* tag from last 'get object' */
@@ -202,14 +199,15 @@ typedef struct asn1_const_ctx_st
int line; /* used in error processing */ int line; /* used in error processing */
} ASN1_const_CTX; } ASN1_const_CTX;
/* These are used internally in the ASN1_OBJECT to keep track of /*
* whether the names and data need to be free()ed */ * These are used internally in the ASN1_OBJECT to keep track of whether the
* names and data need to be free()ed
*/
# define ASN1_OBJECT_FLAG_DYNAMIC 0x01/* internal use */ # define ASN1_OBJECT_FLAG_DYNAMIC 0x01/* internal use */
# define ASN1_OBJECT_FLAG_CRITICAL 0x02/* critical x509v3 object id */ # define ASN1_OBJECT_FLAG_CRITICAL 0x02/* critical x509v3 object id */
# define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04/* internal use */ # define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04/* internal use */
# define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08/* internal use */ # define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08/* internal use */
typedef struct asn1_object_st typedef struct asn1_object_st {
{
const char *sn, *ln; const char *sn, *ln;
int nid; int nid;
int length; int length;
@@ -218,38 +216,40 @@ typedef struct asn1_object_st
} ASN1_OBJECT; } ASN1_OBJECT;
# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */ # define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
/* This indicates that the ASN1_STRING is not a real value but just a place /*
* holder for the location where indefinite length constructed data should * This indicates that the ASN1_STRING is not a real value but just a place
* be inserted in the memory buffer * holder for the location where indefinite length constructed data should be
* inserted in the memory buffer
*/ */
# define ASN1_STRING_FLAG_NDEF 0x010 # define ASN1_STRING_FLAG_NDEF 0x010
/* This flag is used by the CMS code to indicate that a string is not /*
* complete and is a place holder for content when it had all been * This flag is used by the CMS code to indicate that a string is not
* accessed. The flag will be reset when content has been written to it. * complete and is a place holder for content when it had all been accessed.
* The flag will be reset when content has been written to it.
*/ */
# define ASN1_STRING_FLAG_CONT 0x020 # define ASN1_STRING_FLAG_CONT 0x020
/* This is the base type that holds just about everything :-) */ /* This is the base type that holds just about everything :-) */
typedef struct asn1_string_st typedef struct asn1_string_st {
{
int length; int length;
int type; int type;
unsigned char *data; unsigned char *data;
/* The value of the following field depends on the type being /*
* held. It is mostly being used for BIT_STRING so if the * The value of the following field depends on the type being held. It
* input data has a non-zero 'unused bits' value, it will be * is mostly being used for BIT_STRING so if the input data has a
* handled correctly */ * non-zero 'unused bits' value, it will be handled correctly
*/
long flags; long flags;
} ASN1_STRING; } ASN1_STRING;
/* ASN1_ENCODING structure: this is used to save the received /*
* encoding of an ASN1 type. This is useful to get round * ASN1_ENCODING structure: this is used to save the received encoding of an
* problems with invalid encodings which can break signatures. * ASN1 type. This is useful to get round problems with invalid encodings
* which can break signatures.
*/ */
typedef struct ASN1_ENCODING_st typedef struct ASN1_ENCODING_st {
{
unsigned char *enc; /* DER encoding */ unsigned char *enc; /* DER encoding */
long len; /* Length of encoding */ long len; /* Length of encoding */
int modified; /* set to 1 if 'enc' is invalid */ int modified; /* set to 1 if 'enc' is invalid */
@@ -285,8 +285,8 @@ DECLARE_STACK_OF(ASN1_STRING_TABLE)
# define ub_title 64 # define ub_title 64
# define ub_email_address 128 # define ub_email_address 128
/* Declarations for template structures: for full definitions /*
* see asn1t.h * Declarations for template structures: for full definitions see asn1t.h
*/ */
typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE; typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;
typedef struct ASN1_ITEM_st ASN1_ITEM; typedef struct ASN1_ITEM_st ASN1_ITEM;
@@ -407,8 +407,9 @@ typedef const ASN1_ITEM ASN1_ITEM_EXP;
# else # else
/* Platforms that can't easily handle shared global variables are declared /*
* as functions returning ASN1_ITEM pointers. * Platforms that can't easily handle shared global variables are declared as
* functions returning ASN1_ITEM pointers.
*/ */
/* ASN1_ITEM pointer exported type */ /* ASN1_ITEM pointer exported type */
@@ -429,24 +430,22 @@ typedef const ASN1_ITEM * ASN1_ITEM_EXP(void);
/* Parameters used by ASN1_STRING_print_ex() */ /* Parameters used by ASN1_STRING_print_ex() */
/* These determine which characters to escape: /*
* RFC2253 special characters, control characters and * These determine which characters to escape: RFC2253 special characters,
* MSB set characters * control characters and MSB set characters
*/ */
# define ASN1_STRFLGS_ESC_2253 1 # define ASN1_STRFLGS_ESC_2253 1
# define ASN1_STRFLGS_ESC_CTRL 2 # define ASN1_STRFLGS_ESC_CTRL 2
# define ASN1_STRFLGS_ESC_MSB 4 # define ASN1_STRFLGS_ESC_MSB 4
/*
/* This flag determines how we do escaping: normally * This flag determines how we do escaping: normally RC2253 backslash only,
* RC2253 backslash only, set this to use backslash and * set this to use backslash and quote.
* quote.
*/ */
# define ASN1_STRFLGS_ESC_QUOTE 8 # define ASN1_STRFLGS_ESC_QUOTE 8
/* These three flags are internal use only. */ /* These three flags are internal use only. */
/* Character is a valid PrintableString character */ /* Character is a valid PrintableString character */
@@ -456,19 +455,21 @@ typedef const ASN1_ITEM * ASN1_ITEM_EXP(void);
/* Character needs escaping if it is the last character */ /* Character needs escaping if it is the last character */
# define CHARTYPE_LAST_ESC_2253 0x40 # define CHARTYPE_LAST_ESC_2253 0x40
/* NB the internal flags are safely reused below by flags /*
* handled at the top level. * NB the internal flags are safely reused below by flags handled at the top
* level.
*/ */
/* If this is set we convert all character strings /*
* to UTF8 first * If this is set we convert all character strings to UTF8 first
*/ */
# define ASN1_STRFLGS_UTF8_CONVERT 0x10 # define ASN1_STRFLGS_UTF8_CONVERT 0x10
/* If this is set we don't attempt to interpret content: /*
* just assume all strings are 1 byte per character. This * If this is set we don't attempt to interpret content: just assume all
* will produce some pretty odd looking output! * strings are 1 byte per character. This will produce some pretty odd
* looking output!
*/ */
# define ASN1_STRFLGS_IGNORE_TYPE 0x20 # define ASN1_STRFLGS_IGNORE_TYPE 0x20
@@ -476,27 +477,27 @@ typedef const ASN1_ITEM * ASN1_ITEM_EXP(void);
/* If this is set we include the string type in the output */ /* If this is set we include the string type in the output */
# define ASN1_STRFLGS_SHOW_TYPE 0x40 # define ASN1_STRFLGS_SHOW_TYPE 0x40
/* This determines which strings to display and which to /*
* 'dump' (hex dump of content octets or DER encoding). We can * This determines which strings to display and which to 'dump' (hex dump of
* only dump non character strings or everything. If we * content octets or DER encoding). We can only dump non character strings or
* don't dump 'unknown' they are interpreted as character * everything. If we don't dump 'unknown' they are interpreted as character
* strings with 1 octet per character and are subject to * strings with 1 octet per character and are subject to the usual escaping
* the usual escaping options. * options.
*/ */
# define ASN1_STRFLGS_DUMP_ALL 0x80 # define ASN1_STRFLGS_DUMP_ALL 0x80
# define ASN1_STRFLGS_DUMP_UNKNOWN 0x100 # define ASN1_STRFLGS_DUMP_UNKNOWN 0x100
/* These determine what 'dumping' does, we can dump the /*
* content octets or the DER encoding: both use the * These determine what 'dumping' does, we can dump the content octets or the
* RFC2253 #XXXXX notation. * DER encoding: both use the RFC2253 #XXXXX notation.
*/ */
# define ASN1_STRFLGS_DUMP_DER 0x200 # define ASN1_STRFLGS_DUMP_DER 0x200
/* All the string flags consistent with RFC2253, /*
* escaping control characters isn't essential in * All the string flags consistent with RFC2253, escaping control characters
* RFC2253 but it is advisable anyway. * isn't essential in RFC2253 but it is advisable anyway.
*/ */
# define ASN1_STRFLGS_RFC2253 (ASN1_STRFLGS_ESC_2253 | \ # define ASN1_STRFLGS_RFC2253 (ASN1_STRFLGS_ESC_2253 | \
@@ -511,8 +512,7 @@ DECLARE_ASN1_SET_OF(ASN1_INTEGER)
DECLARE_STACK_OF(ASN1_GENERALSTRING) DECLARE_STACK_OF(ASN1_GENERALSTRING)
typedef struct asn1_type_st typedef struct asn1_type_st {
{
int type; int type;
union { union {
char *ptr; char *ptr;
@@ -533,8 +533,10 @@ typedef struct asn1_type_st
ASN1_GENERALIZEDTIME *generalizedtime; ASN1_GENERALIZEDTIME *generalizedtime;
ASN1_VISIBLESTRING *visiblestring; ASN1_VISIBLESTRING *visiblestring;
ASN1_UTF8STRING *utf8string; ASN1_UTF8STRING *utf8string;
/* set and sequence are left complete and still /*
* contain the set or sequence bytes */ * set and sequence are left complete and still contain the set or
* sequence bytes
*/
ASN1_STRING *set; ASN1_STRING *set;
ASN1_STRING *sequence; ASN1_STRING *sequence;
ASN1_VALUE *asn1_value; ASN1_VALUE *asn1_value;
@@ -544,8 +546,7 @@ typedef struct asn1_type_st
DECLARE_STACK_OF(ASN1_TYPE) DECLARE_STACK_OF(ASN1_TYPE)
DECLARE_ASN1_SET_OF(ASN1_TYPE) DECLARE_ASN1_SET_OF(ASN1_TYPE)
typedef struct asn1_method_st typedef struct asn1_method_st {
{
i2d_of_void *i2d; i2d_of_void *i2d;
d2i_of_void *d2i; d2i_of_void *d2i;
void *(*create) (void); void *(*create) (void);
@@ -553,8 +554,7 @@ typedef struct asn1_method_st
} ASN1_METHOD; } ASN1_METHOD;
/* This is used when parsing some Netscape objects */ /* This is used when parsing some Netscape objects */
typedef struct asn1_header_st typedef struct asn1_header_st {
{
ASN1_OCTET_STRING *header; ASN1_OCTET_STRING *header;
void *data; void *data;
ASN1_METHOD *meth; ASN1_METHOD *meth;
@@ -567,7 +567,6 @@ typedef struct BIT_STRING_BITNAME_st {
const char *sname; const char *sname;
} BIT_STRING_BITNAME; } BIT_STRING_BITNAME;
# define M_ASN1_STRING_length(x) ((x)->length) # define M_ASN1_STRING_length(x) ((x)->length)
# define M_ASN1_STRING_length_set(x, n) ((x)->length = (n)) # define M_ASN1_STRING_length_set(x, n) ((x)->length = (n))
# define M_ASN1_STRING_type(x) ((x)->type) # define M_ASN1_STRING_type(x) ((x)->type)
@@ -790,8 +789,10 @@ void ASN1_STRING_free(ASN1_STRING *a);
ASN1_STRING *ASN1_STRING_dup(ASN1_STRING *a); ASN1_STRING *ASN1_STRING_dup(ASN1_STRING *a);
ASN1_STRING *ASN1_STRING_type_new(int type); ASN1_STRING *ASN1_STRING_type_new(int type);
int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b); int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b);
/* Since this is used to store all sorts of things, via macros, for now, make /*
its data void * */ * Since this is used to store all sorts of things, via macros, for now,
* make its data void *
*/
int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len); void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len);
int ASN1_STRING_length(ASN1_STRING *x); int ASN1_STRING_length(ASN1_STRING *x);
@@ -801,10 +802,9 @@ unsigned char * ASN1_STRING_data(ASN1_STRING *x);
DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING) DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING)
int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp); int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp);
ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,const unsigned char **pp, ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
long length); const unsigned char **pp, long length);
int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length);
int length );
int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value); int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n); int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);
@@ -839,13 +839,15 @@ time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s);
# endif # endif
int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a); int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t); ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
time_t t);
int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str); int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str);
DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING) DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *a); ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *a);
int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b); int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b);
int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, int len); int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data,
int len);
DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING) DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING) DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)
@@ -872,7 +874,8 @@ DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF)
ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t);
int ASN1_TIME_check(ASN1_TIME *t); int ASN1_TIME_check(ASN1_TIME *t);
ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out); ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME
**out);
int i2d_ASN1_SET(STACK * a, unsigned char **pp, int i2d_ASN1_SET(STACK * a, unsigned char **pp,
i2d_of_void *i2d, int ex_tag, int ex_class, int is_set); i2d_of_void *i2d, int ex_tag, int ex_class, int is_set);
@@ -1009,13 +1012,15 @@ int ASN1_TIME_print(BIO *fp,ASN1_TIME *a);
int ASN1_STRING_print(BIO *bp, ASN1_STRING *v); int ASN1_STRING_print(BIO *bp, ASN1_STRING *v);
int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags); int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags);
int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent); int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent);
int ASN1_parse_dump(BIO *bp,const unsigned char *pp,long len,int indent,int dump); int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent,
int dump);
# endif # endif
const char *ASN1_tag2str(int tag); const char *ASN1_tag2str(int tag);
/* Used to load and write netscape format cert/key */ /* Used to load and write netscape format cert/key */
int i2d_ASN1_HEADER(ASN1_HEADER * a, unsigned char **pp); int i2d_ASN1_HEADER(ASN1_HEADER * a, unsigned char **pp);
ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a,const unsigned char **pp, long length); ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER ** a, const unsigned char **pp,
long length);
ASN1_HEADER *ASN1_HEADER_new(void); ASN1_HEADER *ASN1_HEADER_new(void);
void ASN1_HEADER_free(ASN1_HEADER * a); void ASN1_HEADER_free(ASN1_HEADER * a);
@@ -1027,10 +1032,8 @@ ASN1_METHOD *RSAPrivateKey_asn1_meth(void);
ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void); ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void);
ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void); ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void);
int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len);
unsigned char *data, int len); int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data, int max_len);
int ASN1_TYPE_get_octetstring(ASN1_TYPE *a,
unsigned char *data, int max_len);
int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num,
unsigned char *data, int len); unsigned char *data, int len);
int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num, int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num,
@@ -1050,7 +1053,8 @@ ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d,
CHECKED_I2D_OF(type, i2d), \ CHECKED_I2D_OF(type, i2d), \
oct)) oct))
ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct); ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
ASN1_OCTET_STRING **oct);
void ASN1_STRING_set_default_mask(unsigned long mask); void ASN1_STRING_set_default_mask(unsigned long mask);
int ASN1_STRING_set_default_mask_asc(const char *p); int ASN1_STRING_set_default_mask_asc(const char *p);
@@ -1062,7 +1066,8 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
long minsize, long maxsize); long minsize, long maxsize);
ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out,
const unsigned char *in, int inlen, int inform, int nid); const unsigned char *in, int inlen,
int inform, int nid);
ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid); ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid);
int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long); int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long);
void ASN1_STRING_TABLE_cleanup(void); void ASN1_STRING_TABLE_cleanup(void);
@@ -1072,27 +1077,29 @@ void ASN1_STRING_TABLE_cleanup(void);
/* Old API compatible functions */ /* Old API compatible functions */
ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it); ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it);
void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it); void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it);
ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it); ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in,
long len, const ASN1_ITEM *it);
int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out,
const ASN1_ITEM *it);
void ASN1_add_oid_module(void); void ASN1_add_oid_module(void);
ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf); ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);
ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf); ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);
typedef int asn1_output_data_fn(BIO *out, BIO *data, ASN1_VALUE *val, int flags, typedef int asn1_output_data_fn(BIO *out, BIO *data, ASN1_VALUE *val,
const ASN1_ITEM *it); int flags, const ASN1_ITEM *it);
int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
int ctype_nid, int econt_nid, int ctype_nid, int econt_nid,
STACK_OF(X509_ALGOR) *mdalgs, STACK_OF(X509_ALGOR) *mdalgs,
asn1_output_data_fn *data_fn, asn1_output_data_fn * data_fn, const ASN1_ITEM *it);
const ASN1_ITEM *it);
ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it); ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it);
/* BEGIN ERROR CODES */ /* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes /*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run. * made after this point may be overwritten when the script is next run.
*/ */
void ERR_load_ASN1_strings(void); void ERR_load_ASN1_strings(void);

72
crypto/asn1/asn1_err.c
View File

@@ -53,7 +53,8 @@
* *
*/ */
/* NOTE: this file was auto generated by the mkerr.pl script: any changes /*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file, * made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved. * only reason strings will be preserved.
*/ */
@@ -68,8 +69,7 @@
# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ASN1,func,0) # define ERR_FUNC(func) ERR_PACK(ERR_LIB_ASN1,func,0)
# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ASN1,0,reason) # define ERR_REASON(reason) ERR_PACK(ERR_LIB_ASN1,0,reason)
static ERR_STRING_DATA ASN1_str_functs[]= static ERR_STRING_DATA ASN1_str_functs[] = {
{
{ERR_FUNC(ASN1_F_A2D_ASN1_OBJECT), "a2d_ASN1_OBJECT"}, {ERR_FUNC(ASN1_F_A2D_ASN1_OBJECT), "a2d_ASN1_OBJECT"},
{ERR_FUNC(ASN1_F_A2I_ASN1_ENUMERATED), "a2i_ASN1_ENUMERATED"}, {ERR_FUNC(ASN1_F_A2I_ASN1_ENUMERATED), "a2i_ASN1_ENUMERATED"},
{ERR_FUNC(ASN1_F_A2I_ASN1_INTEGER), "a2i_ASN1_INTEGER"}, {ERR_FUNC(ASN1_F_A2I_ASN1_INTEGER), "a2i_ASN1_INTEGER"},
@@ -125,7 +125,8 @@ static ERR_STRING_DATA ASN1_str_functs[]=
{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW), "ASN1_TEMPLATE_NEW"}, {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW), "ASN1_TEMPLATE_NEW"},
{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I), "ASN1_TEMPLATE_NOEXP_D2I"}, {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I), "ASN1_TEMPLATE_NOEXP_D2I"},
{ERR_FUNC(ASN1_F_ASN1_TIME_SET), "ASN1_TIME_set"}, {ERR_FUNC(ASN1_F_ASN1_TIME_SET), "ASN1_TIME_set"},
{ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING), "ASN1_TYPE_get_int_octetstring"}, {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING),
"ASN1_TYPE_get_int_octetstring"},
{ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING), "ASN1_TYPE_get_octetstring"}, {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING), "ASN1_TYPE_get_octetstring"},
{ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING), "ASN1_unpack_string"}, {ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING), "ASN1_unpack_string"},
{ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET), "ASN1_UTCTIME_set"}, {ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET), "ASN1_UTCTIME_set"},
@@ -185,8 +186,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
{0, NULL} {0, NULL}
}; };
static ERR_STRING_DATA ASN1_str_reasons[]= static ERR_STRING_DATA ASN1_str_reasons[] = {
{
{ERR_REASON(ASN1_R_ADDING_OBJECT), "adding object"}, {ERR_REASON(ASN1_R_ADDING_OBJECT), "adding object"},
{ERR_REASON(ASN1_R_ASN1_PARSE_ERROR), "asn1 parse error"}, {ERR_REASON(ASN1_R_ASN1_PARSE_ERROR), "asn1 parse error"},
{ERR_REASON(ASN1_R_ASN1_SIG_PARSE_ERROR), "asn1 sig parse error"}, {ERR_REASON(ASN1_R_ASN1_SIG_PARSE_ERROR), "asn1 sig parse error"},
@@ -195,11 +195,13 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
{ERR_REASON(ASN1_R_BAD_OBJECT_HEADER), "bad object header"}, {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER), "bad object header"},
{ERR_REASON(ASN1_R_BAD_PASSWORD_READ), "bad password read"}, {ERR_REASON(ASN1_R_BAD_PASSWORD_READ), "bad password read"},
{ERR_REASON(ASN1_R_BAD_TAG), "bad tag"}, {ERR_REASON(ASN1_R_BAD_TAG), "bad tag"},
{ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),"bmpstring is wrong length"}, {ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),
"bmpstring is wrong length"},
{ERR_REASON(ASN1_R_BN_LIB), "bn lib"}, {ERR_REASON(ASN1_R_BN_LIB), "bn lib"},
{ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH), "boolean is wrong length"}, {ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH), "boolean is wrong length"},
{ERR_REASON(ASN1_R_BUFFER_TOO_SMALL), "buffer too small"}, {ERR_REASON(ASN1_R_BUFFER_TOO_SMALL), "buffer too small"},
{ERR_REASON(ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"}, {ERR_REASON(ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),
"cipher has no object identifier"},
{ERR_REASON(ASN1_R_DATA_IS_WRONG), "data is wrong"}, {ERR_REASON(ASN1_R_DATA_IS_WRONG), "data is wrong"},
{ERR_REASON(ASN1_R_DECODE_ERROR), "decode error"}, {ERR_REASON(ASN1_R_DECODE_ERROR), "decode error"},
{ERR_REASON(ASN1_R_DECODING_ERROR), "decoding error"}, {ERR_REASON(ASN1_R_DECODING_ERROR), "decoding error"},
@@ -207,14 +209,17 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
{ERR_REASON(ASN1_R_ENCODE_ERROR), "encode error"}, {ERR_REASON(ASN1_R_ENCODE_ERROR), "encode error"},
{ERR_REASON(ASN1_R_ERROR_GETTING_TIME), "error getting time"}, {ERR_REASON(ASN1_R_ERROR_GETTING_TIME), "error getting time"},
{ERR_REASON(ASN1_R_ERROR_LOADING_SECTION), "error loading section"}, {ERR_REASON(ASN1_R_ERROR_LOADING_SECTION), "error loading section"},
{ERR_REASON(ASN1_R_ERROR_PARSING_SET_ELEMENT),"error parsing set element"}, {ERR_REASON(ASN1_R_ERROR_PARSING_SET_ELEMENT),
{ERR_REASON(ASN1_R_ERROR_SETTING_CIPHER_PARAMS),"error setting cipher params"}, "error parsing set element"},
{ERR_REASON(ASN1_R_ERROR_SETTING_CIPHER_PARAMS),
"error setting cipher params"},
{ERR_REASON(ASN1_R_EXPECTING_AN_INTEGER), "expecting an integer"}, {ERR_REASON(ASN1_R_EXPECTING_AN_INTEGER), "expecting an integer"},
{ERR_REASON(ASN1_R_EXPECTING_AN_OBJECT), "expecting an object"}, {ERR_REASON(ASN1_R_EXPECTING_AN_OBJECT), "expecting an object"},
{ERR_REASON(ASN1_R_EXPECTING_A_BOOLEAN), "expecting a boolean"}, {ERR_REASON(ASN1_R_EXPECTING_A_BOOLEAN), "expecting a boolean"},
{ERR_REASON(ASN1_R_EXPECTING_A_TIME), "expecting a time"}, {ERR_REASON(ASN1_R_EXPECTING_A_TIME), "expecting a time"},
{ERR_REASON(ASN1_R_EXPLICIT_LENGTH_MISMATCH), "explicit length mismatch"}, {ERR_REASON(ASN1_R_EXPLICIT_LENGTH_MISMATCH), "explicit length mismatch"},
{ERR_REASON(ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED),"explicit tag not constructed"}, {ERR_REASON(ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED),
"explicit tag not constructed"},
{ERR_REASON(ASN1_R_FIELD_MISSING), "field missing"}, {ERR_REASON(ASN1_R_FIELD_MISSING), "field missing"},
{ERR_REASON(ASN1_R_FIRST_NUM_TOO_LARGE), "first num too large"}, {ERR_REASON(ASN1_R_FIRST_NUM_TOO_LARGE), "first num too large"},
{ERR_REASON(ASN1_R_HEADER_TOO_LONG), "header too long"}, {ERR_REASON(ASN1_R_HEADER_TOO_LONG), "header too long"},
@@ -230,12 +235,15 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
{ERR_REASON(ASN1_R_ILLEGAL_NULL_VALUE), "illegal null value"}, {ERR_REASON(ASN1_R_ILLEGAL_NULL_VALUE), "illegal null value"},
{ERR_REASON(ASN1_R_ILLEGAL_OBJECT), "illegal object"}, {ERR_REASON(ASN1_R_ILLEGAL_OBJECT), "illegal object"},
{ERR_REASON(ASN1_R_ILLEGAL_OPTIONAL_ANY), "illegal optional any"}, {ERR_REASON(ASN1_R_ILLEGAL_OPTIONAL_ANY), "illegal optional any"},
{ERR_REASON(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE),"illegal options on item template"}, {ERR_REASON(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE),
"illegal options on item template"},
{ERR_REASON(ASN1_R_ILLEGAL_TAGGED_ANY), "illegal tagged any"}, {ERR_REASON(ASN1_R_ILLEGAL_TAGGED_ANY), "illegal tagged any"},
{ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE), "illegal time value"}, {ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE), "illegal time value"},
{ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT), "integer not ascii format"}, {ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT), "integer not ascii format"},
{ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"}, {ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),
{ERR_REASON(ASN1_R_INVALID_BIT_STRING_BITS_LEFT),"invalid bit string bits left"}, "integer too large for long"},
{ERR_REASON(ASN1_R_INVALID_BIT_STRING_BITS_LEFT),
"invalid bit string bits left"},
{ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH), "invalid bmpstring length"}, {ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH), "invalid bmpstring length"},
{ERR_REASON(ASN1_R_INVALID_DIGIT), "invalid digit"}, {ERR_REASON(ASN1_R_INVALID_DIGIT), "invalid digit"},
{ERR_REASON(ASN1_R_INVALID_MIME_TYPE), "invalid mime type"}, {ERR_REASON(ASN1_R_INVALID_MIME_TYPE), "invalid mime type"},
@@ -244,7 +252,8 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
{ERR_REASON(ASN1_R_INVALID_OBJECT_ENCODING), "invalid object encoding"}, {ERR_REASON(ASN1_R_INVALID_OBJECT_ENCODING), "invalid object encoding"},
{ERR_REASON(ASN1_R_INVALID_SEPARATOR), "invalid separator"}, {ERR_REASON(ASN1_R_INVALID_SEPARATOR), "invalid separator"},
{ERR_REASON(ASN1_R_INVALID_TIME_FORMAT), "invalid time format"}, {ERR_REASON(ASN1_R_INVALID_TIME_FORMAT), "invalid time format"},
{ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),"invalid universalstring length"}, {ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),
"invalid universalstring length"},
{ERR_REASON(ASN1_R_INVALID_UTF8STRING), "invalid utf8string"}, {ERR_REASON(ASN1_R_INVALID_UTF8STRING), "invalid utf8string"},
{ERR_REASON(ASN1_R_IV_TOO_LARGE), "iv too large"}, {ERR_REASON(ASN1_R_IV_TOO_LARGE), "iv too large"},
{ERR_REASON(ASN1_R_LENGTH_ERROR), "length error"}, {ERR_REASON(ASN1_R_LENGTH_ERROR), "length error"},
@@ -263,42 +272,52 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
{ERR_REASON(ASN1_R_NOT_ENOUGH_DATA), "not enough data"}, {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA), "not enough data"},
{ERR_REASON(ASN1_R_NO_CONTENT_TYPE), "no content type"}, {ERR_REASON(ASN1_R_NO_CONTENT_TYPE), "no content type"},
{ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE), "no matching choice type"}, {ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE), "no matching choice type"},
{ERR_REASON(ASN1_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"}, {ERR_REASON(ASN1_R_NO_MULTIPART_BODY_FAILURE),
"no multipart body failure"},
{ERR_REASON(ASN1_R_NO_MULTIPART_BOUNDARY), "no multipart boundary"}, {ERR_REASON(ASN1_R_NO_MULTIPART_BOUNDARY), "no multipart boundary"},
{ERR_REASON(ASN1_R_NO_SIG_CONTENT_TYPE), "no sig content type"}, {ERR_REASON(ASN1_R_NO_SIG_CONTENT_TYPE), "no sig content type"},
{ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH), "null is wrong length"}, {ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH), "null is wrong length"},
{ERR_REASON(ASN1_R_OBJECT_NOT_ASCII_FORMAT), "object not ascii format"}, {ERR_REASON(ASN1_R_OBJECT_NOT_ASCII_FORMAT), "object not ascii format"},
{ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS), "odd number of chars"}, {ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS), "odd number of chars"},
{ERR_REASON(ASN1_R_PRIVATE_KEY_HEADER_MISSING),"private key header missing"}, {ERR_REASON(ASN1_R_PRIVATE_KEY_HEADER_MISSING),
"private key header missing"},
{ERR_REASON(ASN1_R_SECOND_NUMBER_TOO_LARGE), "second number too large"}, {ERR_REASON(ASN1_R_SECOND_NUMBER_TOO_LARGE), "second number too large"},
{ERR_REASON(ASN1_R_SEQUENCE_LENGTH_MISMATCH), "sequence length mismatch"}, {ERR_REASON(ASN1_R_SEQUENCE_LENGTH_MISMATCH), "sequence length mismatch"},
{ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED), "sequence not constructed"}, {ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED), "sequence not constructed"},
{ERR_REASON(ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG),"sequence or set needs config"}, {ERR_REASON(ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG),
"sequence or set needs config"},
{ERR_REASON(ASN1_R_SHORT_LINE), "short line"}, {ERR_REASON(ASN1_R_SHORT_LINE), "short line"},
{ERR_REASON(ASN1_R_SIG_INVALID_MIME_TYPE), "sig invalid mime type"}, {ERR_REASON(ASN1_R_SIG_INVALID_MIME_TYPE), "sig invalid mime type"},
{ERR_REASON(ASN1_R_STREAMING_NOT_SUPPORTED), "streaming not supported"}, {ERR_REASON(ASN1_R_STREAMING_NOT_SUPPORTED), "streaming not supported"},
{ERR_REASON(ASN1_R_STRING_TOO_LONG), "string too long"}, {ERR_REASON(ASN1_R_STRING_TOO_LONG), "string too long"},
{ERR_REASON(ASN1_R_STRING_TOO_SHORT), "string too short"}, {ERR_REASON(ASN1_R_STRING_TOO_SHORT), "string too short"},
{ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH), "tag value too high"}, {ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH), "tag value too high"},
{ERR_REASON(ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"}, {ERR_REASON(ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),
"the asn1 object identifier is not known for this md"},
{ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT), "time not ascii format"}, {ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT), "time not ascii format"},
{ERR_REASON(ASN1_R_TOO_LONG), "too long"}, {ERR_REASON(ASN1_R_TOO_LONG), "too long"},
{ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED), "type not constructed"}, {ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED), "type not constructed"},
{ERR_REASON(ASN1_R_TYPE_NOT_PRIMITIVE), "type not primitive"}, {ERR_REASON(ASN1_R_TYPE_NOT_PRIMITIVE), "type not primitive"},
{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY), "unable to decode rsa key"}, {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY), "unable to decode rsa key"},
{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"}, {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),
"unable to decode rsa private key"},
{ERR_REASON(ASN1_R_UNEXPECTED_EOC), "unexpected eoc"}, {ERR_REASON(ASN1_R_UNEXPECTED_EOC), "unexpected eoc"},
{ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),"universalstring is wrong length"}, {ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),
"universalstring is wrong length"},
{ERR_REASON(ASN1_R_UNKNOWN_FORMAT), "unknown format"}, {ERR_REASON(ASN1_R_UNKNOWN_FORMAT), "unknown format"},
{ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"}, {ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),
"unknown message digest algorithm"},
{ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE), "unknown object type"}, {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE), "unknown object type"},
{ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE), "unknown public key type"}, {ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE), "unknown public key type"},
{ERR_REASON(ASN1_R_UNKNOWN_TAG), "unknown tag"}, {ERR_REASON(ASN1_R_UNKNOWN_TAG), "unknown tag"},
{ERR_REASON(ASN1_R_UNKOWN_FORMAT), "unkown format"}, {ERR_REASON(ASN1_R_UNKOWN_FORMAT), "unkown format"},
{ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"}, {ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),
"unsupported any defined by type"},
{ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER), "unsupported cipher"}, {ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER), "unsupported cipher"},
{ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"}, {ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),
{ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE),"unsupported public key type"}, "unsupported encryption algorithm"},
{ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE),
"unsupported public key type"},
{ERR_REASON(ASN1_R_UNSUPPORTED_TYPE), "unsupported type"}, {ERR_REASON(ASN1_R_UNSUPPORTED_TYPE), "unsupported type"},
{ERR_REASON(ASN1_R_WRONG_TAG), "wrong tag"}, {ERR_REASON(ASN1_R_WRONG_TAG), "wrong tag"},
{ERR_REASON(ASN1_R_WRONG_TYPE), "wrong type"}, {ERR_REASON(ASN1_R_WRONG_TYPE), "wrong type"},
@@ -311,8 +330,7 @@ void ERR_load_ASN1_strings(void)
{ {
#ifndef OPENSSL_NO_ERR #ifndef OPENSSL_NO_ERR
if (ERR_func_error_string(ASN1_str_functs[0].error) == NULL) if (ERR_func_error_string(ASN1_str_functs[0].error) == NULL) {
{
ERR_load_strings(0, ASN1_str_functs); ERR_load_strings(0, ASN1_str_functs);
ERR_load_strings(0, ASN1_str_reasons); ERR_load_strings(0, ASN1_str_reasons);
} }

227
crypto/asn1/asn1_gen.c
View File

@@ -1,6 +1,7 @@
/* asn1_gen.c */ /* asn1_gen.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL /*
* project 2002. * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 2002.
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 2002 The OpenSSL Project. All rights reserved. * Copyright (c) 2002 The OpenSSL Project. All rights reserved.
@@ -85,16 +86,13 @@
/* List of bits */ /* List of bits */
#define ASN1_GEN_FORMAT_BITLIST 4 #define ASN1_GEN_FORMAT_BITLIST 4
struct tag_name_st {
struct tag_name_st
{
const char *strnam; const char *strnam;
int len; int len;
int tag; int tag;
}; };
typedef struct typedef struct {
{
int exp_tag; int exp_tag;
int exp_class; int exp_class;
int exp_constructed; int exp_constructed;
@@ -102,8 +100,7 @@ typedef struct
long exp_len; long exp_len;
} tag_exp_type; } tag_exp_type;
typedef struct typedef struct {
{
int imp_tag; int imp_tag;
int imp_class; int imp_class;
int utype; int utype;
@@ -115,8 +112,10 @@ typedef struct
static int bitstr_cb(const char *elem, int len, void *bitstr); static int bitstr_cb(const char *elem, int len, void *bitstr);
static int asn1_cb(const char *elem, int len, void *bitstr); static int asn1_cb(const char *elem, int len, void *bitstr);
static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok); static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class,
static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass); int exp_constructed, int exp_pad, int imp_ok);
static int parse_tagging(const char *vstart, int vlen, int *ptag,
int *pclass);
static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf); static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf);
static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype); static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);
static int asn1_str2tag(const char *tagstr, int len); static int asn1_str2tag(const char *tagstr, int len);
@@ -156,16 +155,15 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0) if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0)
return NULL; return NULL;
if ((asn1_tags.utype == V_ASN1_SEQUENCE) || (asn1_tags.utype == V_ASN1_SET)) if ((asn1_tags.utype == V_ASN1_SEQUENCE)
{ || (asn1_tags.utype == V_ASN1_SET)) {
if (!cnf) if (!cnf) {
{ ASN1err(ASN1_F_ASN1_GENERATE_V3,
ASN1err(ASN1_F_ASN1_GENERATE_V3, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG); ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG);
return NULL; return NULL;
} }
ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf); ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf);
} } else
else
ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype); ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype);
if (!ret) if (!ret)
@@ -183,40 +181,38 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
cpy_start = orig_der; cpy_start = orig_der;
/* Do we need IMPLICIT tagging? */ /* Do we need IMPLICIT tagging? */
if (asn1_tags.imp_tag != -1) if (asn1_tags.imp_tag != -1) {
{
/* If IMPLICIT we will replace the underlying tag */ /* If IMPLICIT we will replace the underlying tag */
/* Skip existing tag+len */ /* Skip existing tag+len */
r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class, cpy_len); r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class,
cpy_len);
if (r & 0x80) if (r & 0x80)
goto err; goto err;
/* Update copy length */ /* Update copy length */
cpy_len -= cpy_start - orig_der; cpy_len -= cpy_start - orig_der;
/* For IMPLICIT tagging the length should match the /*
* original length and constructed flag should be * For IMPLICIT tagging the length should match the original length
* consistent. * and constructed flag should be consistent.
*/ */
if (r & 0x1) if (r & 0x1) {
{
/* Indefinite length constructed */ /* Indefinite length constructed */
hdr_constructed = 2; hdr_constructed = 2;
hdr_len = 0; hdr_len = 0;
} } else
else
/* Just retain constructed flag */ /* Just retain constructed flag */
hdr_constructed = r & V_ASN1_CONSTRUCTED; hdr_constructed = r & V_ASN1_CONSTRUCTED;
/* Work out new length with IMPLICIT tag: ignore constructed /*
* because it will mess up if indefinite length * Work out new length with IMPLICIT tag: ignore constructed because
* it will mess up if indefinite length
*/ */
len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag); len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag);
} } else
else
len = cpy_len; len = cpy_len;
/* Work out length in any EXPLICIT, starting from end */ /* Work out length in any EXPLICIT, starting from end */
for(i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1; i < asn1_tags.exp_count; i++, etmp--) for (i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1;
{ i < asn1_tags.exp_count; i++, etmp--) {
/* Content length: number of content octets + any padding */ /* Content length: number of content octets + any padding */
len += etmp->exp_pad; len += etmp->exp_pad;
etmp->exp_len = len; etmp->exp_len = len;
@@ -236,8 +232,8 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
/* Output explicit tags first */ /* Output explicit tags first */
for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count; i++, etmp++) for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count;
{ i++, etmp++) {
ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len, ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len,
etmp->exp_tag, etmp->exp_class); etmp->exp_tag, etmp->exp_class);
if (etmp->exp_pad) if (etmp->exp_pad)
@@ -278,11 +274,9 @@ static int asn1_cb(const char *elem, int len, void *bitstr)
int tmp_tag, tmp_class; int tmp_tag, tmp_class;
for(i = 0, p = elem; i < len; p++, i++) for (i = 0, p = elem; i < len; p++, i++) {
{
/* Look for the ':' in name value pairs */ /* Look for the ':' in name value pairs */
if (*p == ':') if (*p == ':') {
{
vstart = p + 1; vstart = p + 1;
vlen = len - (vstart - elem); vlen = len - (vstart - elem);
len = p - elem; len = p - elem;
@@ -292,34 +286,29 @@ static int asn1_cb(const char *elem, int len, void *bitstr)
utype = asn1_str2tag(elem, len); utype = asn1_str2tag(elem, len);
if (utype == -1) if (utype == -1) {
{
ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_TAG); ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_TAG);
ERR_add_error_data(2, "tag=", elem); ERR_add_error_data(2, "tag=", elem);
return -1; return -1;
} }
/* If this is not a modifier mark end of string and exit */ /* If this is not a modifier mark end of string and exit */
if (!(utype & ASN1_GEN_FLAG)) if (!(utype & ASN1_GEN_FLAG)) {
{
arg->utype = utype; arg->utype = utype;
arg->str = vstart; arg->str = vstart;
/* If no value and not end of string, error */ /* If no value and not end of string, error */
if (!vstart && elem[len]) if (!vstart && elem[len]) {
{
ASN1err(ASN1_F_ASN1_CB, ASN1_R_MISSING_VALUE); ASN1err(ASN1_F_ASN1_CB, ASN1_R_MISSING_VALUE);
return -1; return -1;
} }
return 0; return 0;
} }
switch(utype) switch (utype) {
{
case ASN1_GEN_FLAG_IMP: case ASN1_GEN_FLAG_IMP:
/* Check for illegal multiple IMPLICIT tagging */ /* Check for illegal multiple IMPLICIT tagging */
if (arg->imp_tag != -1) if (arg->imp_tag != -1) {
{
ASN1err(ASN1_F_ASN1_CB, ASN1_R_ILLEGAL_NESTED_TAGGING); ASN1err(ASN1_F_ASN1_CB, ASN1_R_ILLEGAL_NESTED_TAGGING);
return -1; return -1;
} }
@@ -364,8 +353,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr)
arg->format = ASN1_GEN_FORMAT_HEX; arg->format = ASN1_GEN_FORMAT_HEX;
else if (!strncmp(vstart, "BITLIST", 3)) else if (!strncmp(vstart, "BITLIST", 3))
arg->format = ASN1_GEN_FORMAT_BITLIST; arg->format = ASN1_GEN_FORMAT_BITLIST;
else else {
{
ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKOWN_FORMAT); ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKOWN_FORMAT);
return -1; return -1;
} }
@@ -388,8 +376,7 @@ static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)
/* Check we haven't gone past max length: should be impossible */ /* Check we haven't gone past max length: should be impossible */
if (eptr && *eptr && (eptr > vstart + vlen)) if (eptr && *eptr && (eptr > vstart + vlen))
return 0; return 0;
if (tag_num < 0) if (tag_num < 0) {
{
ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_NUMBER); ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_NUMBER);
return 0; return 0;
} }
@@ -399,10 +386,8 @@ static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)
vlen -= eptr - vstart; vlen -= eptr - vstart;
else else
vlen = 0; vlen = 0;
if (vlen) if (vlen) {
{ switch (*eptr) {
switch (*eptr)
{
case 'U': case 'U':
*pclass = V_ASN1_UNIVERSAL; *pclass = V_ASN1_UNIVERSAL;
@@ -429,8 +414,7 @@ static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)
break; break;
} }
} } else
else
*pclass = V_ASN1_CONTEXT_SPECIFIC; *pclass = V_ASN1_CONTEXT_SPECIFIC;
return 1; return 1;
@@ -450,15 +434,13 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
sk = sk_ASN1_TYPE_new_null(); sk = sk_ASN1_TYPE_new_null();
if (!sk) if (!sk)
goto bad; goto bad;
if (section) if (section) {
{
if (!cnf) if (!cnf)
goto bad; goto bad;
sect = X509V3_get_section(cnf, (char *)section); sect = X509V3_get_section(cnf, (char *)section);
if (!sect) if (!sect)
goto bad; goto bad;
for (i = 0; i < sk_CONF_VALUE_num(sect); i++) for (i = 0; i < sk_CONF_VALUE_num(sect); i++) {
{
typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf); typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf);
if (!typ) if (!typ)
goto bad; goto bad;
@@ -468,14 +450,15 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
} }
} }
/* Now we has a STACK of the components, convert to the correct form */ /*
* Now we has a STACK of the components, convert to the correct form
*/
if (utype == V_ASN1_SET) if (utype == V_ASN1_SET)
is_set = 1; is_set = 1;
else else
is_set = 0; is_set = 0;
derlen = i2d_ASN1_SET_OF_ASN1_TYPE(sk, NULL, i2d_ASN1_TYPE, utype, derlen = i2d_ASN1_SET_OF_ASN1_TYPE(sk, NULL, i2d_ASN1_TYPE, utype,
V_ASN1_UNIVERSAL, is_set); V_ASN1_UNIVERSAL, is_set);
der = OPENSSL_malloc(derlen); der = OPENSSL_malloc(derlen);
@@ -513,36 +496,33 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
return ret; return ret;
} }
static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok) static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class,
int exp_constructed, int exp_pad, int imp_ok)
{ {
tag_exp_type *exp_tmp; tag_exp_type *exp_tmp;
/* Can only have IMPLICIT if permitted */ /* Can only have IMPLICIT if permitted */
if ((arg->imp_tag != -1) && !imp_ok) if ((arg->imp_tag != -1) && !imp_ok) {
{
ASN1err(ASN1_F_APPEND_EXP, ASN1_R_ILLEGAL_IMPLICIT_TAG); ASN1err(ASN1_F_APPEND_EXP, ASN1_R_ILLEGAL_IMPLICIT_TAG);
return 0; return 0;
} }
if (arg->exp_count == ASN1_FLAG_EXP_MAX) if (arg->exp_count == ASN1_FLAG_EXP_MAX) {
{
ASN1err(ASN1_F_APPEND_EXP, ASN1_R_DEPTH_EXCEEDED); ASN1err(ASN1_F_APPEND_EXP, ASN1_R_DEPTH_EXCEEDED);
return 0; return 0;
} }
exp_tmp = &arg->exp_list[arg->exp_count++]; exp_tmp = &arg->exp_list[arg->exp_count++];
/* If IMPLICIT set tag to implicit value then /*
* reset implicit tag since it has been used. * If IMPLICIT set tag to implicit value then reset implicit tag since it
* has been used.
*/ */
if (arg->imp_tag != -1) if (arg->imp_tag != -1) {
{
exp_tmp->exp_tag = arg->imp_tag; exp_tmp->exp_tag = arg->imp_tag;
exp_tmp->exp_class = arg->imp_class; exp_tmp->exp_class = arg->imp_class;
arg->imp_tag = -1; arg->imp_tag = -1;
arg->imp_class = -1; arg->imp_class = -1;
} } else {
else
{
exp_tmp->exp_tag = exp_tag; exp_tmp->exp_tag = exp_tag;
exp_tmp->exp_class = exp_class; exp_tmp->exp_class = exp_class;
} }
@@ -552,7 +532,6 @@ static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_cons
return 1; return 1;
} }
static int asn1_str2tag(const char *tagstr, int len) static int asn1_str2tag(const char *tagstr, int len)
{ {
unsigned int i; unsigned int i;
@@ -619,8 +598,7 @@ static int asn1_str2tag(const char *tagstr, int len)
len = strlen(tagstr); len = strlen(tagstr);
tntmp = tnst; tntmp = tnst;
for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++) for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++) {
{
if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len)) if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len))
return tntmp->tag; return tntmp->tag;
} }
@@ -639,8 +617,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
int no_unused = 1; int no_unused = 1;
if (!(atmp = ASN1_TYPE_new())) if (!(atmp = ASN1_TYPE_new())) {
{
ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
return NULL; return NULL;
} }
@@ -648,28 +625,24 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
if (!str) if (!str)
str = ""; str = "";
switch(utype) switch (utype) {
{
case V_ASN1_NULL: case V_ASN1_NULL:
if (str && *str) if (str && *str) {
{
ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_NULL_VALUE); ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_NULL_VALUE);
goto bad_form; goto bad_form;
} }
break; break;
case V_ASN1_BOOLEAN: case V_ASN1_BOOLEAN:
if (format != ASN1_GEN_FORMAT_ASCII) if (format != ASN1_GEN_FORMAT_ASCII) {
{
ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_NOT_ASCII_FORMAT); ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_NOT_ASCII_FORMAT);
goto bad_form; goto bad_form;
} }
vtmp.name = NULL; vtmp.name = NULL;
vtmp.section = NULL; vtmp.section = NULL;
vtmp.value = (char *)str; vtmp.value = (char *)str;
if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean)) if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean)) {
{
ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BOOLEAN); ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BOOLEAN);
goto bad_str; goto bad_str;
} }
@@ -677,26 +650,22 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
case V_ASN1_INTEGER: case V_ASN1_INTEGER:
case V_ASN1_ENUMERATED: case V_ASN1_ENUMERATED:
if (format != ASN1_GEN_FORMAT_ASCII) if (format != ASN1_GEN_FORMAT_ASCII) {
{
ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_INTEGER_NOT_ASCII_FORMAT); ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_INTEGER_NOT_ASCII_FORMAT);
goto bad_form; goto bad_form;
} }
if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str))) if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str))) {
{
ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_INTEGER); ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_INTEGER);
goto bad_str; goto bad_str;
} }
break; break;
case V_ASN1_OBJECT: case V_ASN1_OBJECT:
if (format != ASN1_GEN_FORMAT_ASCII) if (format != ASN1_GEN_FORMAT_ASCII) {
{
ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_OBJECT_NOT_ASCII_FORMAT); ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_OBJECT_NOT_ASCII_FORMAT);
goto bad_form; goto bad_form;
} }
if (!(atmp->value.object = OBJ_txt2obj(str, 0))) if (!(atmp->value.object = OBJ_txt2obj(str, 0))) {
{
ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_OBJECT); ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_OBJECT);
goto bad_str; goto bad_str;
} }
@@ -704,24 +673,20 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
case V_ASN1_UTCTIME: case V_ASN1_UTCTIME:
case V_ASN1_GENERALIZEDTIME: case V_ASN1_GENERALIZEDTIME:
if (format != ASN1_GEN_FORMAT_ASCII) if (format != ASN1_GEN_FORMAT_ASCII) {
{
ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_TIME_NOT_ASCII_FORMAT); ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_TIME_NOT_ASCII_FORMAT);
goto bad_form; goto bad_form;
} }
if (!(atmp->value.asn1_string = ASN1_STRING_new())) if (!(atmp->value.asn1_string = ASN1_STRING_new())) {
{
ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
goto bad_str; goto bad_str;
} }
if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1)) if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1)) {
{
ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
goto bad_str; goto bad_str;
} }
atmp->value.asn1_string->type = utype; atmp->value.asn1_string->type = utype;
if (!ASN1_TIME_check(atmp->value.asn1_string)) if (!ASN1_TIME_check(atmp->value.asn1_string)) {
{
ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_TIME_VALUE); ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_TIME_VALUE);
goto bad_str; goto bad_str;
} }
@@ -741,38 +706,31 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
format = MBSTRING_ASC; format = MBSTRING_ASC;
else if (format == ASN1_GEN_FORMAT_UTF8) else if (format == ASN1_GEN_FORMAT_UTF8)
format = MBSTRING_UTF8; format = MBSTRING_UTF8;
else else {
{
ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_FORMAT); ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_FORMAT);
goto bad_form; goto bad_form;
} }
if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str, if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str,
-1, format, ASN1_tag2bit(utype)) <= 0) -1, format, ASN1_tag2bit(utype)) <= 0) {
{
ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
goto bad_str; goto bad_str;
} }
break; break;
case V_ASN1_BIT_STRING: case V_ASN1_BIT_STRING:
case V_ASN1_OCTET_STRING: case V_ASN1_OCTET_STRING:
if (!(atmp->value.asn1_string = ASN1_STRING_new())) if (!(atmp->value.asn1_string = ASN1_STRING_new())) {
{
ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
goto bad_form; goto bad_form;
} }
if (format == ASN1_GEN_FORMAT_HEX) if (format == ASN1_GEN_FORMAT_HEX) {
{
if (!(rdata = string_to_hex((char *)str, &rdlen))) if (!(rdata = string_to_hex((char *)str, &rdlen))) {
{
ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_HEX); ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_HEX);
goto bad_str; goto bad_str;
} }
@@ -781,34 +739,28 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
atmp->value.asn1_string->length = rdlen; atmp->value.asn1_string->length = rdlen;
atmp->value.asn1_string->type = utype; atmp->value.asn1_string->type = utype;
} } else if (format == ASN1_GEN_FORMAT_ASCII)
else if (format == ASN1_GEN_FORMAT_ASCII)
ASN1_STRING_set(atmp->value.asn1_string, str, -1); ASN1_STRING_set(atmp->value.asn1_string, str, -1);
else if ((format == ASN1_GEN_FORMAT_BITLIST) && (utype == V_ASN1_BIT_STRING)) else if ((format == ASN1_GEN_FORMAT_BITLIST)
{ && (utype == V_ASN1_BIT_STRING)) {
if (!CONF_parse_list(str, ',', 1, bitstr_cb, atmp->value.bit_string)) if (!CONF_parse_list
{ (str, ',', 1, bitstr_cb, atmp->value.bit_string)) {
ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_LIST_ERROR); ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_LIST_ERROR);
goto bad_str; goto bad_str;
} }
no_unused = 0; no_unused = 0;
} } else {
else
{
ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BITSTRING_FORMAT); ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BITSTRING_FORMAT);
goto bad_form; goto bad_form;
} }
if ((utype == V_ASN1_BIT_STRING) && no_unused) if ((utype == V_ASN1_BIT_STRING) && no_unused) {
{
atmp->value.asn1_string->flags atmp->value.asn1_string->flags
&= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
atmp->value.asn1_string->flags atmp->value.asn1_string->flags |= ASN1_STRING_FLAG_BITS_LEFT;
|= ASN1_STRING_FLAG_BITS_LEFT;
} }
break; break;
default: default:
@@ -817,11 +769,9 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
break; break;
} }
atmp->type = utype; atmp->type = utype;
return atmp; return atmp;
bad_str: bad_str:
ERR_add_error_data(2, "string=", str); ERR_add_error_data(2, "string=", str);
bad_form: bad_form:
@@ -840,16 +790,13 @@ static int bitstr_cb(const char *elem, int len, void *bitstr)
bitnum = strtoul(elem, &eptr, 10); bitnum = strtoul(elem, &eptr, 10);
if (eptr && *eptr && (eptr != elem + len)) if (eptr && *eptr && (eptr != elem + len))
return 0; return 0;
if (bitnum < 0) if (bitnum < 0) {
{
ASN1err(ASN1_F_BITSTR_CB, ASN1_R_INVALID_NUMBER); ASN1err(ASN1_F_BITSTR_CB, ASN1_R_INVALID_NUMBER);
return 0; return 0;
} }
if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1)) if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1)) {
{
ASN1err(ASN1_F_BITSTR_CB, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_BITSTR_CB, ERR_R_MALLOC_FAILURE);
return 0; return 0;
} }
return 1; return 1;
} }

Some files were not shown because too many files have changed in this diff Show More