generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Big apps cleanup (option-parsing, etc)

Browse Source 
This is merges the old "rsalz-monolith" branch over to master.  The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt.  Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that.  There have been many other changes and code-cleanup, see
bullet list below.

Special thanks to Matt for the long and detailed code review.

TEMPORARY:
        For now, comment out CRYPTO_mem_leaks() at end of main

Tickets closed:
        RT3515: Use 3DES in pkcs12 if built with no-rc2
        RT1766: s_client -reconnect and -starttls broke
        RT2932: Catch write errors
        RT2604: port should be 'unsigned short'
        RT2983: total_bytes undeclared #ifdef RENEG
        RT1523: Add -nocert to fix output in x509 app
        RT3508: Remove unused variable introduced by b09eb24
        RT3511: doc fix; req default serial is random
        RT1325,2973: Add more extensions to c_rehash
        RT2119,3407: Updated to dgst.pod
        RT2379: Additional typo fix
        RT2693: Extra include of string.h
        RT2880: HFS is case-insensitive filenames
        RT3246: req command prints version number wrong

Other changes; incompatibilities marked with *:
        Add SCSV support
        Add -misalign to speed command
        Make dhparam, dsaparam, ecparam, x509 output C in proper style
        Make some internal ocsp.c functions void
        Only display cert usages with -help in verify
        Use global bio_err, remove "BIO*err" parameter from functions
        For filenames, - always means stdin (or stdout as appropriate)
        Add aliases for -des/aes "wrap" ciphers.
        *Remove support for IISSGC (server gated crypto)
        *The undocumented OCSP -header flag is now "-header name=value"
        *Documented the OCSP -header flag

Reviewed-by: Matt Caswell <matt@openssl.org>
This commit is contained in:
Rich Salz 2015-04-24 15:26:15 -04:00
parent 53dd4ddf71
commit 7e1b748570
65 changed files with 10893 additions and 13269 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

264
apps/Makefile
View File

@ -6,7 +6,7 @@ DIR= apps
TOP= ..
CC= cc
INCLUDES= -I$(TOP) -I../include $(KRB5_INCLUDES)
CFLAG= -g -static
CFLAG= -g -static -Wswitch
MAKEFILE= Makefile
PERL= perl
RM= rm -f
@ -20,7 +20,7 @@ EXE_EXT=
SHLIB_TARGET=
CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG)
CFLAGS= $(INCLUDES) $(CFLAG)
GENERAL=Makefile makeapps.com install.com
@ -29,49 +29,48 @@ DLIBSSL=../libssl.a
LIBCRYPTO=-L.. -lcrypto
LIBSSL=-L.. -lssl
PROGRAM= openssl
SCRIPTS=CA.pl tsget
EXE= openssl$(EXE_EXT)
EXE= $(PROGRAM)$(EXE_EXT)
COMMANDS= \
asn1pars.o ca.o ciphers.o cms.o crl.o crl2p7.o dgst.o dhparam.o \
dsa.o dsaparam.o ec.o ecparam.o enc.o engine.o errstr.o gendsa.o \
genpkey.o genrsa.o nseq.o ocsp.o passwd.o pkcs12.o pkcs7.o pkcs8.o \
pkey.o pkeyparam.o pkeyutl.o prime.o rand.o req.o rsa.o rsautl.o \
s_client.o s_server.o s_time.o sess_id.o smime.o speed.o spkac.o \
srp.o ts.o verify.o version.o x509.o
E_EXE= verify asn1pars req dgst dh dhparam enc passwd gendh errstr \
ca crl rsa rsautl dsa dsaparam ec ecparam \
x509 genrsa gendsa genpkey s_server s_client speed \
s_time version pkcs7 cms crl2pkcs7 sess_id ciphers nseq pkcs12 \
pkcs8 pkey pkeyparam pkeyutl spkac smime rand engine ocsp prime ts srp
PROGS= $(PROGRAM).c
A_OBJ=apps.o
A_SRC=apps.c
A_OBJ=apps.o opt.o
A_SRC=apps.c opt.c
S_OBJ= s_cb.o s_socket.o
S_SRC= s_cb.c s_socket.c
RAND_OBJ=app_rand.o
RAND_SRC=app_rand.c
E_OBJ= verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o \
ca.o pkcs7.o crl2p7.o crl.o \
rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o \
x509.o genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o \
s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \
ciphers.o nseq.o pkcs12.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o \
spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o srp.o
OBJ = \
asn1pars.o ca.o ciphers.o cms.o crl.o crl2p7.o dgst.o dhparam.o \
dsa.o dsaparam.o ec.o ecparam.o enc.o engine.o errstr.o gendsa.o \
genpkey.o genrsa.o nseq.o ocsp.o passwd.o pkcs12.o pkcs7.o pkcs8.o \
pkey.o pkeyparam.o pkeyutl.o prime.o rand.o req.o rsa.o rsautl.o \
s_client.o s_server.o s_time.o sess_id.o smime.o speed.o spkac.o \
srp.o ts.o verify.o version.o x509.o
E_SRC= verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \
pkcs7.c crl2p7.c crl.c \
rsa.c rsautl.c dsa.c dsaparam.c ec.c ecparam.c \
x509.c genrsa.c gendsa.c genpkey.c s_server.c s_client.c speed.c \
s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \
ciphers.c nseq.c pkcs12.c pkcs8.c pkey.c pkeyparam.c pkeyutl.c \
spkac.c smime.c cms.c rand.c engine.c ocsp.c prime.c ts.c srp.c
SRC=$(E_SRC)
SRC = \
asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c dhparam.c \
dsa.c dsaparam.c ec.c ecparam.c enc.c engine.c errstr.c gendsa.c \
genpkey.c genrsa.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c pkcs8.c \
pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c \
s_client.c s_server.c s_time.c sess_id.c smime.c speed.c spkac.c \
srp.c ts.c verify.c version.c x509.c
EXE_OBJ = openssl.o $(OBJ) $(A_OBJ) $(S_OBJ) $(RAND_OBJ)
EXE_SRC = openssl.c $(SRC) $(A_SRC) $(S_SRC) $(RAND_SRC)
HEADER= apps.h progs.h s_apps.h \
testdsa.h testrsa.h
testdsa.h testrsa.h timeouts.h
ALL= $(GENERAL) $(SRC) $(HEADER)
ALL= $(GENERAL) $(EXE_SRC) $(HEADER)
top:
@(cd ..; $(MAKE) DIRS=$(DIR) all)
@ -80,18 +79,6 @@ all: exe
exe: $(EXE)
req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
shlib_target="$(SHLIB_TARGET)"; \
fi; \
$(MAKE) -f $(TOP)/Makefile.shared -e \
APPNAME=req OBJECTS="sreq.o $(A_OBJ) $(RAND_OBJ)" \
LIBDEPS="$(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)" \
link_app.$${shlib_target}
sreq.o: req.c
$(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@ -129,18 +116,18 @@ uninstall:
$(RM) $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf
tags:
ctags $(SRC)
ctags $(EXE_SRC) $(HEADER)
tests:
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
echo nope >fluff
depend:
@if [ -z "$(THIS)" ]; then \
$(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \
else \
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(EXE_SRC); \
fi
dclean:
@ -157,21 +144,22 @@ $(DLIBSSL):
$(DLIBCRYPTO):
(cd ..; $(MAKE) DIRS=crypto all)
$(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
$(EXE): progs.h $(EXE_OBJ) $(DLIBCRYPTO) $(DLIBSSL)
$(RM) $(EXE)
shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
shlib_target="$(SHLIB_TARGET)"; \
fi; \
LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \
$(MAKE) -f $(TOP)/Makefile.shared -e \
APPNAME=$(EXE) OBJECTS="$(PROGRAM).o $(E_OBJ)" \
APPNAME=$(EXE) OBJECTS="$(EXE_OBJ)" \
LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
link_app.$${shlib_target}
@(cd ..; $(MAKE) rehash)
progs.h: progs.pl
$(PERL) progs.pl $(E_EXE) >progs.h
$(RM) $(PROGRAM).o
progs.h: progs.pl Makefile
$(RM) progs.h
$(PERL) progs.pl $(COMMANDS) >progs.h
$(RM) openssl.o
# DO NOT DELETE THIS LINE -- make depend depends on it.
@ -189,24 +177,30 @@ app_rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
app_rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
app_rand.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
app_rand.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h
app_rand.o: app_rand.c apps.h
app_rand.o: app_rand.c apps.h progs.h
apps.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
apps.o: ../include/openssl/bn.h ../include/openssl/buffer.h
apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h
apps.o: ../include/openssl/comp.h ../include/openssl/conf.h
apps.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
apps.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
apps.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
apps.o: ../include/openssl/engine.h ../include/openssl/err.h
apps.o: ../include/openssl/evp.h ../include/openssl/lhash.h
apps.o: ../include/openssl/evp.h ../include/openssl/hmac.h
apps.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
apps.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
apps.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
apps.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
apps.o: ../include/openssl/pem.h ../include/openssl/pem2.h
apps.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
apps.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
apps.o: ../include/openssl/sha.h ../include/openssl/stack.h
apps.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
apps.o: ../include/openssl/ui.h ../include/openssl/x509.h
apps.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.c apps.h
apps.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h
apps.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
apps.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
apps.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
apps.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
apps.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
apps.o: ../include/openssl/x509v3.h apps.c apps.h progs.h
asn1pars.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
asn1pars.o: ../include/openssl/buffer.h ../include/openssl/conf.h
asn1pars.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@ -222,7 +216,7 @@ asn1pars.o: ../include/openssl/safestack.h ../include/openssl/sha.h
asn1pars.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
asn1pars.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
asn1pars.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
asn1pars.o: asn1pars.c
asn1pars.o: asn1pars.c progs.h
ca.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
ca.o: ../include/openssl/bn.h ../include/openssl/buffer.h
ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@ -238,7 +232,7 @@ ca.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
ca.o: ../include/openssl/sha.h ../include/openssl/stack.h
ca.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
ca.o: ../include/openssl/x509v3.h apps.h ca.c
ca.o: ../include/openssl/x509v3.h apps.h ca.c progs.h
ciphers.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
ciphers.o: ../include/openssl/buffer.h ../include/openssl/comp.h
ciphers.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@ -259,7 +253,7 @@ ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
ciphers.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
ciphers.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
ciphers.o: ../include/openssl/x509v3.h apps.h ciphers.c
ciphers.o: ../include/openssl/x509v3.h apps.h ciphers.c progs.h
cms.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
cms.o: ../include/openssl/buffer.h ../include/openssl/cms.h
cms.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@ -275,7 +269,7 @@ cms.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
cms.o: ../include/openssl/sha.h ../include/openssl/stack.h
cms.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
cms.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
cms.o: ../include/openssl/x509v3.h apps.h cms.c
cms.o: ../include/openssl/x509v3.h apps.h cms.c progs.h
crl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
crl.o: ../include/openssl/buffer.h ../include/openssl/conf.h
crl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@ -291,6 +285,7 @@ crl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
crl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
crl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
crl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h crl.c
crl.o: progs.h
crl2p7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
crl2p7.o: ../include/openssl/buffer.h ../include/openssl/conf.h
crl2p7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@ -306,7 +301,7 @@ crl2p7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
crl2p7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
crl2p7.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
crl2p7.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
crl2p7.o: crl2p7.c
crl2p7.o: crl2p7.c progs.h
dgst.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
dgst.o: ../include/openssl/buffer.h ../include/openssl/conf.h
dgst.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@ -322,23 +317,24 @@ dgst.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h
dgst.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
dgst.o: ../include/openssl/x509v3.h apps.h dgst.c
dh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
dh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
dh.o: ../include/openssl/dh.h ../include/openssl/e_os2.h
dh.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
dh.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
dh.o: ../include/openssl/err.h ../include/openssl/evp.h
dh.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
dh.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
dh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
dh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
dh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
dh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
dh.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
dh.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h dh.c
dgst.o: ../include/openssl/x509v3.h apps.h dgst.c progs.h
dhparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
dhparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
dhparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
dhparam.o: ../include/openssl/dh.h ../include/openssl/dsa.h
dhparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
dhparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
dhparam.o: ../include/openssl/engine.h ../include/openssl/err.h
dhparam.o: ../include/openssl/evp.h ../include/openssl/lhash.h
dhparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
dhparam.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
dhparam.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
dhparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h
dhparam.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
dhparam.o: ../include/openssl/sha.h ../include/openssl/stack.h
dhparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
dhparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
dhparam.o: ../include/openssl/x509v3.h apps.h dhparam.c progs.h
dsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
dsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@ -355,6 +351,7 @@ dsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
dsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
dsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
dsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h dsa.c
dsa.o: progs.h
dsaparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
dsaparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@ -371,7 +368,7 @@ dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
dsaparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
dsaparam.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
dsaparam.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
dsaparam.o: dsaparam.c
dsaparam.o: dsaparam.c progs.h
ec.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
ec.o: ../include/openssl/buffer.h ../include/openssl/conf.h
ec.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@ -387,6 +384,7 @@ ec.o: ../include/openssl/safestack.h ../include/openssl/sha.h
ec.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
ec.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
ec.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ec.c
ec.o: progs.h
ecparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
ecparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
ecparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@ -402,7 +400,7 @@ ecparam.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
ecparam.o: ../include/openssl/sha.h ../include/openssl/stack.h
ecparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
ecparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
ecparam.o: ../include/openssl/x509v3.h apps.h ecparam.c
ecparam.o: ../include/openssl/x509v3.h apps.h ecparam.c progs.h
enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
enc.o: ../include/openssl/buffer.h ../include/openssl/comp.h
enc.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@ -419,6 +417,7 @@ enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
enc.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
enc.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h enc.c
enc.o: progs.h
engine.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
engine.o: ../include/openssl/buffer.h ../include/openssl/comp.h
engine.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@ -439,7 +438,7 @@ engine.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
engine.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
engine.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
engine.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
engine.o: ../include/openssl/x509v3.h apps.h engine.c
engine.o: ../include/openssl/x509v3.h apps.h engine.c progs.h
errstr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
errstr.o: ../include/openssl/buffer.h ../include/openssl/comp.h
errstr.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@ -460,24 +459,7 @@ errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
errstr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
errstr.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
errstr.o: ../include/openssl/x509v3.h apps.h errstr.c
gendh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
gendh.o: ../include/openssl/dh.h ../include/openssl/e_os2.h
gendh.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
gendh.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
gendh.o: ../include/openssl/err.h ../include/openssl/evp.h
gendh.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
gendh.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
gendh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
gendh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
gendh.o: ../include/openssl/rand.h ../include/openssl/safestack.h
gendh.o: ../include/openssl/sha.h ../include/openssl/stack.h
gendh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
gendh.o: ../include/openssl/x509v3.h apps.h gendh.c
errstr.o: ../include/openssl/x509v3.h apps.h errstr.c progs.h
gendsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@ -494,7 +476,7 @@ gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
gendsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
gendsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
gendsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
gendsa.o: gendsa.c
gendsa.o: gendsa.c progs.h
genpkey.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
genpkey.o: ../include/openssl/buffer.h ../include/openssl/conf.h
genpkey.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@ -510,7 +492,7 @@ genpkey.o: ../include/openssl/safestack.h ../include/openssl/sha.h
genpkey.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
genpkey.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
genpkey.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
genpkey.o: genpkey.c
genpkey.o: genpkey.c progs.h
genrsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
genrsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@ -527,7 +509,7 @@ genrsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
genrsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
genrsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
genrsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
genrsa.o: ../include/openssl/x509v3.h apps.h genrsa.c
genrsa.o: ../include/openssl/x509v3.h apps.h genrsa.c progs.h
nseq.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
nseq.o: ../include/openssl/buffer.h ../include/openssl/conf.h
nseq.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@ -543,6 +525,7 @@ nseq.o: ../include/openssl/safestack.h ../include/openssl/sha.h
nseq.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
nseq.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
nseq.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h nseq.c
nseq.o: progs.h
ocsp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
ocsp.o: ../include/openssl/bn.h ../include/openssl/buffer.h
ocsp.o: ../include/openssl/comp.h ../include/openssl/conf.h
@ -564,6 +547,7 @@ ocsp.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
ocsp.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
ocsp.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
ocsp.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ocsp.c
ocsp.o: progs.h
openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
openssl.o: ../include/openssl/buffer.h ../include/openssl/comp.h
openssl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@ -586,6 +570,20 @@ openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
openssl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
openssl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
openssl.o: openssl.c progs.h s_apps.h
opt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
opt.o: ../include/openssl/buffer.h ../include/openssl/conf.h
opt.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
opt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
opt.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
opt.o: ../include/openssl/evp.h ../include/openssl/lhash.h
opt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
opt.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
opt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
opt.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
opt.o: ../include/openssl/sha.h ../include/openssl/stack.h
opt.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
opt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
opt.o: ../include/openssl/x509v3.h apps.h opt.c progs.h
passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
passwd.o: ../include/openssl/buffer.h ../include/openssl/conf.h
passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h
@ -601,7 +599,7 @@ passwd.o: ../include/openssl/rand.h ../include/openssl/safestack.h
passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h
passwd.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
passwd.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
passwd.o: ../include/openssl/x509v3.h apps.h passwd.c
passwd.o: ../include/openssl/x509v3.h apps.h passwd.c progs.h
pkcs12.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
pkcs12.o: ../include/openssl/buffer.h ../include/openssl/conf.h
pkcs12.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@ -617,7 +615,7 @@ pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
pkcs12.o: ../include/openssl/sha.h ../include/openssl/stack.h
pkcs12.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
pkcs12.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
pkcs12.o: ../include/openssl/x509v3.h apps.h pkcs12.c
pkcs12.o: ../include/openssl/x509v3.h apps.h pkcs12.c progs.h
pkcs7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
pkcs7.o: ../include/openssl/buffer.h ../include/openssl/conf.h
pkcs7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@ -633,7 +631,7 @@ pkcs7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
pkcs7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
pkcs7.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
pkcs7.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
pkcs7.o: pkcs7.c
pkcs7.o: pkcs7.c progs.h
pkcs8.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
pkcs8.o: ../include/openssl/buffer.h ../include/openssl/conf.h
pkcs8.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@ -649,7 +647,7 @@ pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
pkcs8.o: ../include/openssl/sha.h ../include/openssl/stack.h
pkcs8.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
pkcs8.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
pkcs8.o: ../include/openssl/x509v3.h apps.h pkcs8.c
pkcs8.o: ../include/openssl/x509v3.h apps.h pkcs8.c progs.h
pkey.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
pkey.o: ../include/openssl/buffer.h ../include/openssl/conf.h
pkey.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@ -665,6 +663,7 @@ pkey.o: ../include/openssl/safestack.h ../include/openssl/sha.h
pkey.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
pkey.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
pkey.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h pkey.c
pkey.o: progs.h
pkeyparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
pkeyparam.o: ../include/openssl/buffer.h ../include/openssl/conf.h
pkeyparam.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@ -680,7 +679,7 @@ pkeyparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
pkeyparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
pkeyparam.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
pkeyparam.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
pkeyparam.o: pkeyparam.c
pkeyparam.o: pkeyparam.c progs.h
pkeyutl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
pkeyutl.o: ../include/openssl/buffer.h ../include/openssl/conf.h
pkeyutl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@ -696,7 +695,7 @@ pkeyutl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
pkeyutl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
pkeyutl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
pkeyutl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
pkeyutl.o: pkeyutl.c
pkeyutl.o: pkeyutl.c progs.h
prime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
prime.o: ../include/openssl/bn.h ../include/openssl/buffer.h
prime.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@ -711,7 +710,7 @@ prime.o: ../include/openssl/safestack.h ../include/openssl/sha.h
prime.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
prime.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
prime.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
prime.o: prime.c
prime.o: prime.c progs.h
rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h
rand.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@ -726,7 +725,7 @@ rand.o: ../include/openssl/rand.h ../include/openssl/safestack.h
rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
rand.o: ../include/openssl/x509v3.h apps.h rand.c
rand.o: ../include/openssl/x509v3.h apps.h progs.h rand.c
req.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
req.o: ../include/openssl/bn.h ../include/openssl/buffer.h
req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@ -743,7 +742,7 @@ req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
req.o: ../include/openssl/sha.h ../include/openssl/stack.h
req.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
req.o: ../include/openssl/x509v3.h apps.h req.c
req.o: ../include/openssl/x509v3.h apps.h progs.h req.c
rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@ -759,7 +758,8 @@ rsa.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
rsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
rsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h rsa.c
rsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h progs.h
rsa.o: rsa.c
rsautl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
rsautl.o: ../include/openssl/buffer.h ../include/openssl/conf.h
rsautl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@ -775,7 +775,7 @@ rsautl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
rsautl.o: ../include/openssl/sha.h ../include/openssl/stack.h
rsautl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
rsautl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
rsautl.o: ../include/openssl/x509v3.h apps.h rsautl.c
rsautl.o: ../include/openssl/x509v3.h apps.h progs.h rsautl.c
s_cb.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
s_cb.o: ../include/openssl/bn.h ../include/openssl/buffer.h
s_cb.o: ../include/openssl/comp.h ../include/openssl/conf.h
@ -798,7 +798,7 @@ s_cb.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
s_cb.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
s_cb.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
s_cb.o: s_apps.h s_cb.c
s_cb.o: progs.h s_apps.h s_cb.c
s_client.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h
s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h
@ -821,7 +821,7 @@ s_client.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
s_client.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
s_client.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
s_client.o: s_apps.h s_client.c timeouts.h
s_client.o: progs.h s_apps.h s_client.c timeouts.h
s_server.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h
s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h
@ -845,7 +845,7 @@ s_server.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
s_server.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
s_server.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
s_server.o: s_apps.h s_server.c timeouts.h
s_server.o: progs.h s_apps.h s_server.c timeouts.h
s_socket.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
s_socket.o: ../include/openssl/buffer.h ../include/openssl/comp.h
s_socket.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@ -866,7 +866,7 @@ s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
s_socket.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
s_socket.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
s_socket.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
s_socket.o: s_apps.h s_socket.c
s_socket.o: progs.h s_apps.h s_socket.c
s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
s_time.o: ../include/openssl/buffer.h ../include/openssl/comp.h
s_time.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@ -887,7 +887,7 @@ s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
s_time.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
s_time.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
s_time.o: ../include/openssl/x509v3.h apps.h s_apps.h s_time.c
s_time.o: ../include/openssl/x509v3.h apps.h progs.h s_apps.h s_time.c
sess_id.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
sess_id.o: ../include/openssl/buffer.h ../include/openssl/comp.h
sess_id.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@ -908,7 +908,7 @@ sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
sess_id.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
sess_id.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
sess_id.o: ../include/openssl/x509v3.h apps.h sess_id.c
sess_id.o: ../include/openssl/x509v3.h apps.h progs.h sess_id.c
smime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
smime.o: ../include/openssl/buffer.h ../include/openssl/conf.h
smime.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@ -924,7 +924,7 @@ smime.o: ../include/openssl/safestack.h ../include/openssl/sha.h
smime.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
smime.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
smime.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
smime.o: smime.c
smime.o: progs.h smime.c
speed.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
speed.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
speed.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@ -949,7 +949,7 @@ speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
speed.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
speed.o: ../include/openssl/whrlpool.h ../include/openssl/x509.h
speed.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
speed.o: speed.c testdsa.h testrsa.h
speed.o: progs.h speed.c testdsa.h testrsa.h
spkac.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
spkac.o: ../include/openssl/buffer.h ../include/openssl/conf.h
spkac.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@ -965,7 +965,7 @@ spkac.o: ../include/openssl/safestack.h ../include/openssl/sha.h
spkac.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
spkac.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
spkac.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
spkac.o: spkac.c
spkac.o: progs.h spkac.c
srp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
srp.o: ../include/openssl/bn.h ../include/openssl/buffer.h
srp.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@ -980,7 +980,8 @@ srp.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
srp.o: ../include/openssl/sha.h ../include/openssl/srp.h
srp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
srp.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
srp.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h srp.c
srp.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h progs.h
srp.o: srp.c
ts.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
ts.o: ../include/openssl/bn.h ../include/openssl/buffer.h
ts.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@ -998,7 +999,8 @@ ts.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
ts.o: ../include/openssl/sha.h ../include/openssl/stack.h
ts.o: ../include/openssl/symhacks.h ../include/openssl/ts.h
ts.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
ts.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ts.c
ts.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h progs.h
ts.o: ts.c
verify.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
verify.o: ../include/openssl/buffer.h ../include/openssl/conf.h
verify.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@ -1014,7 +1016,7 @@ verify.o: ../include/openssl/safestack.h ../include/openssl/sha.h
verify.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
verify.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
verify.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
verify.o: verify.c
verify.o: progs.h verify.c
version.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
version.o: ../include/openssl/buffer.h ../include/openssl/conf.h
@ -1031,7 +1033,7 @@ version.o: ../include/openssl/safestack.h ../include/openssl/sha.h
version.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
version.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
version.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
version.o: version.c
version.o: progs.h version.c
x509.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
x509.o: ../include/openssl/bn.h ../include/openssl/buffer.h
x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@ -1048,4 +1050,4 @@ x509.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
x509.o: ../include/openssl/sha.h ../include/openssl/stack.h
x509.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
x509.o: ../include/openssl/x509v3.h apps.h x509.c
x509.o: ../include/openssl/x509v3.h apps.h progs.h x509.c

25
apps/app_rand.c
View File

@ -1,4 +1,3 @@
/* apps/app_rand.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -109,25 +108,23 @@
*
*/
#define NON_MAIN
#include "apps.h"
#undef NON_MAIN
#include <openssl/bio.h>
#include <openssl/rand.h>
static int seeded = 0;
static int egdsocket = 0;
int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
int app_RAND_load_file(const char *file, int dont_warn)
{
int consider_randfile = (file == NULL);
char buffer[200];
#ifdef OPENSSL_SYS_WINDOWS
BIO_printf(bio_e, "Loading 'screen' into random state -");
BIO_flush(bio_e);
BIO_printf(bio_err, "Loading 'screen' into random state -");
BIO_flush(bio_err);
RAND_screen();
BIO_printf(bio_e, " done\n");
BIO_printf(bio_err, " done\n");
#endif
if (file == NULL)
@ -143,15 +140,15 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
if (file == NULL || !RAND_load_file(file, -1)) {
if (RAND_status() == 0) {
if (!dont_warn) {
BIO_printf(bio_e, "unable to load 'random state'\n");
BIO_printf(bio_e,
BIO_printf(bio_err, "unable to load 'random state'\n");
BIO_printf(bio_err,
"This means that the random number generator has not been seeded\n");
BIO_printf(bio_e, "with much random data.\n");
BIO_printf(bio_err, "with much random data.\n");
if (consider_randfile) { /* explanation does not apply when a
* file is explicitly named */
BIO_printf(bio_e,
BIO_printf(bio_err,
"Consider setting the RANDFILE environment variable to point at a file that\n");
BIO_printf(bio_e,
BIO_printf(bio_err,
"'random' data can be kept in (the file will be overwritten).\n");
}
}
@ -193,7 +190,7 @@ long app_RAND_load_files(char *name)
return (tot);
}
int app_RAND_write_file(const char *file, BIO *bio_e)
int app_RAND_write_file(const char *file)
{
char buffer[200];
@ -208,7 +205,7 @@ int app_RAND_write_file(const char *file, BIO *bio_e)
if (file == NULL)
file = RAND_file_name(buffer, sizeof buffer);
if (file == NULL || !RAND_write_file(file)) {
BIO_printf(bio_e, "unable to write 'random state'\n");
BIO_printf(bio_err, "unable to write 'random state'\n");
return 0;
}
return 1;

886
apps/apps.c
View File

File diff suppressed because it is too large Load Diff

360
apps/apps.h
View File

@ -126,9 +126,18 @@
# include <openssl/ocsp.h>
# endif
# include <openssl/ossl_typ.h>
# ifndef OPENSSL_SYS_NETWARE
# include <signal.h>
# endif
int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
int app_RAND_write_file(const char *file, BIO *bio_e);
# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINCE)
# define openssl_fdset(a,b) FD_SET((unsigned int)a, b)
# else
# define openssl_fdset(a,b) FD_SET(a, b)
# endif
int app_RAND_load_file(const char *file, int dont_warn);
int app_RAND_write_file(const char *file);
/*
* When `file' is NULL, use defaults. `bio_e' is for error messages.
*/
@ -138,82 +147,246 @@ long app_RAND_load_files(char *file); /* `file' is a list of files to read,
* (see e_os.h). The string is
* destroyed! */
# ifndef MONOLITH
# define MAIN(a,v) main(a,v)
# ifndef NON_MAIN
CONF *config = NULL;
BIO *bio_err = NULL;
# else
extern CONF *config;
extern BIO *bio_err;
# endif
# else
# define MAIN(a,v) PROG(a,v)
extern CONF *config;
extern char *default_config_file;
extern BIO *bio_in;
extern BIO *bio_out;
extern BIO *bio_err;
BIO *dup_bio_in(void);
BIO *dup_bio_out(void);
BIO *bio_open_default(const char *filename, const char *mode);
void unbuffer(FILE *fp);
# endif
/* Often used in calls to bio_open_default. */
# define RB(xformat) ((xformat) == FORMAT_ASN1 ? "rb" : "r")
# define WB(xformat) ((xformat) == FORMAT_ASN1 ? "wb" : "w")
# ifndef OPENSSL_SYS_NETWARE
# include <signal.h>
# endif
/*
* Common verification options.
*/
# define OPT_V_ENUM \
OPT_V__FIRST=2000, \
OPT_V_POLICY, OPT_V_PURPOSE, OPT_V_VERIFY_NAME, OPT_V_VERIFY_DEPTH, \
OPT_V_ATTIME, OPT_V_VERIFY_HOSTNAME, OPT_V_VERIFY_EMAIL, \
OPT_V_VERIFY_IP, OPT_V_IGNORE_CRITICAL, OPT_V_ISSUER_CHECKS, \
OPT_V_CRL_CHECK, OPT_V_CRL_CHECK_ALL, OPT_V_POLICY_CHECK, \
OPT_V_EXPLICIT_POLICY, OPT_V_INHIBIT_ANY, OPT_V_INHIBIT_MAP, \
OPT_V_X509_STRICT, OPT_V_EXTENDED_CRL, OPT_V_USE_DELTAS, \
OPT_V_POLICY_PRINT, OPT_V_CHECK_SS_SIG, OPT_V_TRUSTED_FIRST, \
OPT_V_SUITEB_128_ONLY, OPT_V_SUITEB_128, OPT_V_SUITEB_192, \
OPT_V_PARTIAL_CHAIN, OPT_V_NO_ALT_CHAINS, \
OPT_V__LAST
# ifdef SIGPIPE
# define do_pipe_sig() signal(SIGPIPE,SIG_IGN)
# else
# define do_pipe_sig()
# endif
# define OPT_V_OPTIONS \
{ "policy", OPT_V_POLICY, 's' }, \
{ "purpose", OPT_V_PURPOSE, 's' }, \
{ "verify_name", OPT_V_VERIFY_NAME, 's' }, \
{ "verify_depth", OPT_V_VERIFY_DEPTH, 'p' }, \
{ "attime", OPT_V_ATTIME, 'p' }, \
{ "verify_hostname", OPT_V_VERIFY_HOSTNAME, 's' }, \
{ "verify_email", OPT_V_VERIFY_EMAIL, 's' }, \
{ "verify_ip", OPT_V_VERIFY_IP, 's' }, \
{ "ignore_critical", OPT_V_IGNORE_CRITICAL, '-' }, \
{ "issuer_checks", OPT_V_ISSUER_CHECKS, '-' }, \
{ "crl_check", OPT_V_CRL_CHECK, '-', "Check that peer cert has not been revoked" }, \
{ "crl_check_all", OPT_V_CRL_CHECK_ALL, '-', "Also check all certs in the chain" }, \
{ "policy_check", OPT_V_POLICY_CHECK, '-' }, \
{ "explicit_policy", OPT_V_EXPLICIT_POLICY, '-' }, \
{ "inhibit_any", OPT_V_INHIBIT_ANY, '-' }, \
{ "inhibit_map", OPT_V_INHIBIT_MAP, '-' }, \
{ "x509_strict", OPT_V_X509_STRICT, '-' }, \
{ "extended_crl", OPT_V_EXTENDED_CRL, '-' }, \
{ "use_deltas", OPT_V_USE_DELTAS, '-' }, \
{ "policy_print", OPT_V_POLICY_PRINT, '-' }, \
{ "check_ss_sig", OPT_V_CHECK_SS_SIG, '-' }, \
{ "trusted_first", OPT_V_TRUSTED_FIRST, '-', "Use locally-trusted CA's first in building chain" }, \
{ "suiteB_128_only", OPT_V_SUITEB_128_ONLY, '-' }, \
{ "suiteB_128", OPT_V_SUITEB_128, '-' }, \
{ "suiteB_192", OPT_V_SUITEB_192, '-' }, \
{ "partial_chain", OPT_V_PARTIAL_CHAIN, '-' }, \
{ "no_alt_chains", OPT_V_NO_ALT_CHAINS, '-', "Only use the first cert chain found" }
# ifdef OPENSSL_NO_COMP
# define zlib_cleanup()
# else
# define zlib_cleanup() COMP_zlib_cleanup()
# endif
# define OPT_V_CASES \
OPT_V__FIRST: case OPT_V__LAST: break; \
case OPT_V_POLICY: \
case OPT_V_PURPOSE: \
case OPT_V_VERIFY_NAME: \
case OPT_V_VERIFY_DEPTH: \
case OPT_V_ATTIME: \
case OPT_V_VERIFY_HOSTNAME: \
case OPT_V_VERIFY_EMAIL: \
case OPT_V_VERIFY_IP: \
case OPT_V_IGNORE_CRITICAL: \
case OPT_V_ISSUER_CHECKS: \
case OPT_V_CRL_CHECK: \
case OPT_V_CRL_CHECK_ALL: \
case OPT_V_POLICY_CHECK: \
case OPT_V_EXPLICIT_POLICY: \
case OPT_V_INHIBIT_ANY: \
case OPT_V_INHIBIT_MAP: \
case OPT_V_X509_STRICT: \
case OPT_V_EXTENDED_CRL: \
case OPT_V_USE_DELTAS: \
case OPT_V_POLICY_PRINT: \
case OPT_V_CHECK_SS_SIG: \
case OPT_V_TRUSTED_FIRST: \
case OPT_V_SUITEB_128_ONLY: \
case OPT_V_SUITEB_128: \
case OPT_V_SUITEB_192: \
case OPT_V_PARTIAL_CHAIN: \
case OPT_V_NO_ALT_CHAINS
# if defined(MONOLITH) && !defined(OPENSSL_C)
# define apps_startup() \
do_pipe_sig()
# define apps_shutdown()
# else
# ifndef OPENSSL_NO_ENGINE
# define apps_startup() \
do { do_pipe_sig(); CRYPTO_malloc_init(); \
ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
# define apps_shutdown() \
do { CONF_modules_unload(1); destroy_ui_method(); \
OBJ_cleanup(); EVP_cleanup(); ENGINE_cleanup(); \
CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \
RAND_cleanup(); \
ERR_free_strings(); zlib_cleanup();} while(0)
# else
# define apps_startup() \
do { do_pipe_sig(); CRYPTO_malloc_init(); \
ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
setup_ui_method(); } while(0)
# define apps_shutdown() \
do { CONF_modules_unload(1); destroy_ui_method(); \
OBJ_cleanup(); EVP_cleanup(); \
CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \
RAND_cleanup(); \
ERR_free_strings(); zlib_cleanup(); } while(0)
# endif
# endif
/*
* Common "extended"? options.
*/
# define OPT_X_ENUM \
OPT_X__FIRST=1000, \
OPT_X_KEY, OPT_X_CERT, OPT_X_CHAIN, OPT_X_CHAIN_BUILD, \
OPT_X_CERTFORM, OPT_X_KEYFORM, \
OPT_X__LAST
# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINCE)
# define openssl_fdset(a,b) FD_SET((unsigned int)a, b)
# else
# define openssl_fdset(a,b) FD_SET(a, b)
# endif
# define OPT_X_OPTIONS \
{ "xkey", OPT_X_KEY, '<' }, \
{ "xcert", OPT_X_CERT, '<' }, \
{ "xchain", OPT_X_CHAIN, '<' }, \
{ "xchain_build", OPT_X_CHAIN_BUILD, '-' }, \
{ "xcertform", OPT_X_CERTFORM, 'F' }, \
{ "xkeyform", OPT_X_KEYFORM, 'F' }
# define OPT_X_CASES \
OPT_X__FIRST: case OPT_X__LAST: break; \
case OPT_X_KEY: \
case OPT_X_CERT: \
case OPT_X_CHAIN: \
case OPT_X_CHAIN_BUILD: \
case OPT_X_CERTFORM: \
case OPT_X_KEYFORM
/*
* Common SSL options.
* Any changes here must be coordinated with ../ssl/ssl_conf.c
*/
# define OPT_S_ENUM \
OPT_S__FIRST=3000, \
OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \
OPT_S_BUGS, OPT_S_NOCOMP, OPT_S_ECDHSINGLE, OPT_S_NOTICKET, \
OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \
OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_STRICT, OPT_S_SIGALGS, \
OPT_S_CLIENTSIGALGS, OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, \
OPT_S_DHPARAM, OPT_S_DEBUGBROKE, \
OPT_S__LAST
# define OPT_S_OPTIONS \
{"no_ssl3", OPT_S_NOSSL3, '-' }, \
{"no_tls1", OPT_S_NOTLS1, '-' }, \
{"no_tls1_1", OPT_S_NOTLS1_1, '-' }, \
{"no_tls1_2", OPT_S_NOTLS1_2, '-' }, \
{"bugs", OPT_S_BUGS, '-' }, \
{"no_comp", OPT_S_NOCOMP, '-' }, \
{"ecdh_single", OPT_S_ECDHSINGLE, '-' }, \
{"no_ticket", OPT_S_NOTICKET, '-' }, \
{"serverpref", OPT_S_SERVERPREF, '-' }, \
{"legacy_renegotiation", OPT_S_LEGACYRENEG, '-' }, \
{"legacy_server_connect", OPT_S_LEGACYCONN, '-' }, \
{"no_resumption_on_reneg", OPT_S_ONRESUMP, '-' }, \
{"no_legacy_server_connect", OPT_S_NOLEGACYCONN, '-' }, \
{"strict", OPT_S_STRICT, '-' }, \
{"sigalgs", OPT_S_SIGALGS, 's', }, \
{"client_sigalgs", OPT_S_CLIENTSIGALGS, 's', }, \
{"curves", OPT_S_CURVES, 's', }, \
{"named_curve", OPT_S_NAMEDCURVE, 's', }, \
{"cipher", OPT_S_CIPHER, 's', }, \
{"dhparam", OPT_S_DHPARAM, '<' }, \
{"debug_broken_protocol", OPT_S_DEBUGBROKE, '-' }
# define OPT_S_CASES \
OPT_S__FIRST: case OPT_S__LAST: break; \
case OPT_S_NOSSL3: \
case OPT_S_NOTLS1: \
case OPT_S_NOTLS1_1: \
case OPT_S_NOTLS1_2: \
case OPT_S_BUGS: \
case OPT_S_NOCOMP: \
case OPT_S_ECDHSINGLE: \
case OPT_S_NOTICKET: \
case OPT_S_SERVERPREF: \
case OPT_S_LEGACYRENEG: \
case OPT_S_LEGACYCONN: \
case OPT_S_ONRESUMP: \
case OPT_S_NOLEGACYCONN: \
case OPT_S_STRICT: \
case OPT_S_SIGALGS: \
case OPT_S_CLIENTSIGALGS: \
case OPT_S_CURVES: \
case OPT_S_NAMEDCURVE: \
case OPT_S_CIPHER: \
case OPT_S_DHPARAM: \
case OPT_S_DEBUGBROKE
/*
* Option parsing.
*/
extern const char OPT_HELP_STR[];
extern const char OPT_MORE_STR[];
typedef struct options_st {
const char *name;
int retval;
/*
* value type: - no value (also the value zero), n number, p positive
* number, u unsigned, s string, < input file, > output file, f der/pem
* format, F any format identifier. n and u include zero; p does not.
*/
int valtype;
const char *helpstr;
} OPTIONS;
typedef struct opt_pair_st {
const char *name;
int retval;
} OPT_PAIR;
/* Flags to pass into opt_format; see FORMAT_xxx, below. */
# define OPT_FMT_PEMDER (1L << 1)
# define OPT_FMT_PKCS12 (1L << 2)
# define OPT_FMT_SMIME (1L << 3)
# define OPT_FMT_ENGINE (1L << 4)
# define OPT_FMT_MSBLOB (1L << 5)
# define OPT_FMT_NETSCAPE (1L << 6)
# define OPT_FMT_NSS (1L << 7)
# define OPT_FMT_TEXT (1L << 8)
# define OPT_FMT_HTTP (1L << 9)
# define OPT_FMT_PVK (1L << 10)
# define OPT_FMT_ANY ( \
OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \
OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NETSCAPE | \
OPT_FMT_NSS | OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK)
char *opt_progname(const char *argv0);
char *opt_getprog(void);
char *opt_init(int ac, char **av, const OPTIONS * o);
int opt_next();
int opt_format(const char *s, unsigned long flags, int *result);
int opt_int(const char *arg, int *result);
int opt_ulong(const char *arg, unsigned long *result);
int opt_long(const char *arg, long *result);
int opt_pair(const char *arg, const OPT_PAIR * pairs, int *result);
int opt_cipher(const char *name, const EVP_CIPHER **cipherp);
int opt_md(const char *name, const EVP_MD **mdp);
char *opt_arg(void);
char *opt_flag(void);
char *opt_unknown(void);
char *opt_reset(void);
char **opt_rest(void);
int opt_num_rest(void);
int opt_verify(int i, X509_VERIFY_PARAM *vpm);
void opt_help(const OPTIONS * list);
int opt_format_error(const char *s, unsigned long flags);
int opt_next(void);
typedef struct args_st {
char **data;
int count;
int size;
int argc;
char **argv;
} ARGS;
# define PW_MIN_LENGTH 4
@ -227,53 +400,48 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data);
int setup_ui_method(void);
void destroy_ui_method(void);
int should_retry(int i);
int args_from_file(char *file, int *argc, char **argv[]);
int str2fmt(char *s);
void program_name(char *in, char *out, int size);
int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[]);
int chopup_args(ARGS *arg, char *buf);
# ifdef HEADER_X509_H
int dump_cert_text(BIO *out, X509 *x);
void print_name(BIO *out, const char *title, X509_NAME *nm,
unsigned long lflags);
# endif
void print_bignum_var(BIO *, BIGNUM *, const char*, int, unsigned char *);
void print_array(BIO *, const char *, int, const unsigned char *);
int set_cert_ex(unsigned long *flags, const char *arg);
int set_name_ex(unsigned long *flags, const char *arg);
int set_ext_copy(int *copy_type, const char *arg);
int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
int add_oid_section(BIO *err, CONF *conf);
X509 *load_cert(BIO *err, const char *file, int format,
int app_passwd(char *arg1, char *arg2, char **pass1, char **pass2);
int add_oid_section(CONF *conf);
X509 *load_cert(const char *file, int format,
const char *pass, ENGINE *e, const char *cert_descrip);
X509_CRL *load_crl(const char *infile, int format);
int load_cert_crl_http(const char *url, BIO *err,
X509 **pcert, X509_CRL **pcrl);
EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl);
EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *key_descrip);
EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *key_descrip);
STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
STACK_OF(X509) *load_certs(const char *file, int format,
const char *pass, ENGINE *e,
const char *cert_descrip);
STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format,
STACK_OF(X509_CRL) *load_crls(const char *file, int format,
const char *pass, ENGINE *e,
const char *cert_descrip);
X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
X509_STORE *setup_verify(char *CAfile, char *CApath);
int ctx_set_verify_locations(SSL_CTX *ctx,
const char *CAfile, const char *CApath);
# ifndef OPENSSL_NO_ENGINE
ENGINE *setup_engine(BIO *err, const char *engine, int debug);
ENGINE *setup_engine(const char *engine, int debug);
# endif
# ifndef OPENSSL_NO_OCSP
OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
OCSP_RESPONSE *process_responder(OCSP_REQUEST *req,
const char *host, const char *path,
const char *port, int use_ssl,
const STACK_OF(CONF_VALUE) *headers,
int req_timeout);
# endif
int load_config(BIO *err, CONF *cnf);
char *make_config_name(void);
/* Functions defined in ca.c and also used in ocsp.c */
int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
ASN1_GENERALIZEDTIME **pinvtm, const char *str);
@ -318,17 +486,17 @@ int parse_yesno(const char *str, int def);
X509_NAME *parse_name(char *str, long chtype, int multirdn);
int args_verify(char ***pargs, int *pargc,
int *badarg, BIO *err, X509_VERIFY_PARAM **pm);
int *badarg, X509_VERIFY_PARAM **pm);
void policies_print(BIO *out, X509_STORE_CTX *ctx);
int bio_to_mem(unsigned char **out, int maxlen, BIO *in);
int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value);
int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
int init_gen_str(EVP_PKEY_CTX **pctx,
const char *algname, ENGINE *e, int do_param);
int do_X509_sign(BIO *err, X509 *x, EVP_PKEY *pkey, const EVP_MD *md,
int do_X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md,
STACK_OF(OPENSSL_STRING) *sigopts);
int do_X509_REQ_sign(BIO *err, X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md,
int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md,
STACK_OF(OPENSSL_STRING) *sigopts);
int do_X509_CRL_sign(BIO *err, X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
STACK_OF(OPENSSL_STRING) *sigopts);
# ifndef OPENSSL_NO_PSK
extern char *psk_key;
@ -348,6 +516,7 @@ void print_cert_checks(BIO *bio, X509 *x,
void store_setup_crl_download(X509_STORE *st);
/* See OPT_FMT_xxx, above. */
# define FORMAT_UNDEF 0
# define FORMAT_ASN1 1
# define FORMAT_TEXT 2
@ -356,8 +525,6 @@ void store_setup_crl_download(X509_STORE *st);
# define FORMAT_PKCS12 5
# define FORMAT_SMIME 6
# define FORMAT_ENGINE 7
# define FORMAT_IISSGC 8 /* XXX this stupid macro helps us to avoid
* adding yet another param to load_*key() */
# define FORMAT_PEMRSA 9 /* PEM RSAPubicKey format */
# define FORMAT_ASN1RSA 10 /* DER RSAPubicKey format */
# define FORMAT_MSBLOB 11 /* MS Key blob format */
@ -376,6 +543,7 @@ void store_setup_crl_download(X509_STORE *st);
# define SERIAL_RAND_BITS 64
int app_isdir(const char *);
int app_access(const char *, int flag);
int raw_read_stdin(void *, int);
int raw_write_stdout(const void *, int);
@ -383,4 +551,6 @@ int raw_write_stdout(const void *, int);
# define TM_STOP 1
double app_tminterval(int stop, int usertime);
# include "progs.h"
#endif

267
apps/asn1pars.c
View File

@ -1,4 +1,3 @@
/* apps/asn1pars.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -70,190 +69,136 @@
#include <openssl/x509.h>
#include <openssl/pem.h>
/*-
* -inform arg - input format - default PEM (DER or PEM)
* -in arg - input file - default stdin
* -i - indent the details by depth
* -offset - where in the file to start
* -length - how many bytes to use
* -oid file - extra oid description file
*/
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_IN, OPT_OUT, OPT_INDENT, OPT_NOOUT,
OPT_OID, OPT_OFFSET, OPT_LENGTH, OPT_DUMP, OPT_DLIMIT,
OPT_STRPARSE, OPT_GENSTR, OPT_GENCONF, OPT_STRICTPEM
} OPTION_CHOICE;
#undef PROG
#define PROG asn1parse_main
int MAIN(int, char **);
OPTIONS asn1parse_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'F', "input format - one of DER PEM"},
{"in", OPT_IN, '<', "input file"},
{"out", OPT_OUT, '>', "output file (output format is always DER)"},
{"i", OPT_INDENT, 0, "entries"},
{"noout", OPT_NOOUT, 0, "don't produce any output"},
{"offset", OPT_OFFSET, 'p', "offset into file"},
{"length", OPT_LENGTH, 'p', "length of section in file"},
{"oid", OPT_OID, '<', "file of extra oid definitions"},
{"dump", OPT_DUMP, 0, "unknown data in hex form"},
{"dlimit", OPT_DLIMIT, 'p',
"dump the first arg bytes of unknown data in hex form"},
{"strparse", OPT_STRPARSE, 's',
"offset; a series of these can be used to 'dig'"},
{OPT_MORE_STR, 0, 0, "into multiple ASN1 blob wrappings"},
{"genstr", OPT_GENSTR, 's', "string to generate ASN1 structure from"},
{"genconf", OPT_GENCONF, 's', "file to generate ASN1 structure from"},
{OPT_MORE_STR, 0, 0, "(-inform will be ignored)"},
{"strictpem", OPT_STRICTPEM, 0,
"do not attempt base64 decode outside PEM markers"},
{NULL}
};
static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf);
int MAIN(int argc, char **argv)
int asn1parse_main(int argc, char **argv)
{
int i, badops = 0, offset = 0, ret = 1, j;
unsigned int length = 0;
long num, tmplen;
BIO *in = NULL, *out = NULL, *b64 = NULL, *derout = NULL;
int informat, indent = 0, noout = 0, dump = 0, strictpem = 0;
char *infile = NULL, *str = NULL, *prog, *oidfile = NULL, *derfile =
NULL, *name = NULL, *header = NULL;
char *genstr = NULL, *genconf = NULL;
unsigned char *tmpbuf;
const unsigned char *ctmpbuf;
ASN1_TYPE *at = NULL;
BIO *in = NULL, *b64 = NULL, *derout = NULL;
BUF_MEM *buf = NULL;
STACK_OF(OPENSSL_STRING) *osk = NULL;
ASN1_TYPE *at = NULL;
char *genstr = NULL, *genconf = NULL;
char *infile = NULL, *str = NULL, *oidfile = NULL, *derfile = NULL;
char *name = NULL, *header = NULL, *prog;
const unsigned char *ctmpbuf;
int indent = 0, noout = 0, dump = 0, strictpem = 0, informat = FORMAT_PEM;
int offset = 0, ret = 1, i, j;
long num, tmplen;
unsigned char *tmpbuf;
unsigned int length = 0;
OPTION_CHOICE o;
informat = FORMAT_PEM;
prog = opt_init(argc, argv, asn1parse_options);
apps_startup();
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
prog = argv[0];
argc--;
argv++;
if ((osk = sk_OPENSSL_STRING_new_null()) == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
BIO_printf(bio_err, "%s: Memory allocation failure\n", prog);
goto end;
}
while (argc >= 1) {
if (strcmp(*argv, "-inform") == 0) {
if (--argc < 1)
goto bad;
informat = str2fmt(*(++argv));
} else if (strcmp(*argv, "-in") == 0) {
if (--argc < 1)
goto bad;
infile = *(++argv);
} else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
derfile = *(++argv);
} else if (strcmp(*argv, "-i") == 0) {
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(asn1parse_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
goto opthelp;
goto end;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUT:
derfile = opt_arg();
break;
case OPT_INDENT:
indent = 1;
} else if (strcmp(*argv, "-noout") == 0)
break;
case OPT_NOOUT:
noout = 1;
else if (strcmp(*argv, "-oid") == 0) {
if (--argc < 1)
goto bad;
oidfile = *(++argv);
} else if (strcmp(*argv, "-offset") == 0) {
if (--argc < 1)
goto bad;
offset = atoi(*(++argv));
} else if (strcmp(*argv, "-length") == 0) {
if (--argc < 1)
goto bad;
length = atoi(*(++argv));
if (length == 0)
goto bad;
} else if (strcmp(*argv, "-dump") == 0) {
break;
case OPT_OID:
oidfile = opt_arg();
break;
case OPT_OFFSET:
offset = strtol(opt_arg(), NULL, 0);
break;
case OPT_LENGTH:
length = atoi(opt_arg());
break;
case OPT_DUMP:
dump = -1;
} else if (strcmp(*argv, "-dlimit") == 0) {
if (--argc < 1)
goto bad;
dump = atoi(*(++argv));
if (dump <= 0)
goto bad;
} else if (strcmp(*argv, "-strparse") == 0) {
if (--argc < 1)
goto bad;
sk_OPENSSL_STRING_push(osk, *(++argv));
} else if (strcmp(*argv, "-genstr") == 0) {
if (--argc < 1)
goto bad;
genstr = *(++argv);
} else if (strcmp(*argv, "-genconf") == 0) {
if (--argc < 1)
goto bad;
genconf = *(++argv);
} else if (strcmp(*argv, "-strictpem") == 0) {
break;
case OPT_DLIMIT:
dump = atoi(opt_arg());
break;
case OPT_STRPARSE:
sk_OPENSSL_STRING_push(osk, opt_arg());
break;
case OPT_GENSTR:
genstr = opt_arg();
break;
case OPT_GENCONF:
genconf = opt_arg();
break;
case OPT_STRICTPEM:
strictpem = 1;
informat = FORMAT_PEM;
} else {
BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1;
break;
}
argc--;
argv++;
}
if (badops) {
bad:
BIO_printf(bio_err, "%s [options] <infile\n", prog);
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, " -inform arg input format - one of DER PEM\n");
BIO_printf(bio_err, " -in arg input file\n");
BIO_printf(bio_err,
" -out arg output file (output format is always DER\n");
BIO_printf(bio_err, " -noout arg don't produce any output\n");
BIO_printf(bio_err, " -offset arg offset into file\n");
BIO_printf(bio_err, " -length arg length of section in file\n");
BIO_printf(bio_err, " -i indent entries\n");
BIO_printf(bio_err, " -dump dump unknown data in hex form\n");
BIO_printf(bio_err,
" -dlimit arg dump the first arg bytes of unknown data in hex form\n");
BIO_printf(bio_err, " -oid file file of extra oid definitions\n");
BIO_printf(bio_err, " -strparse offset\n");
BIO_printf(bio_err,
" a series of these can be used to 'dig' into multiple\n");
BIO_printf(bio_err, " ASN1 blob wrappings\n");
BIO_printf(bio_err,
" -genstr str string to generate ASN1 structure from\n");
BIO_printf(bio_err,
" -genconf file file to generate ASN1 structure from\n");
BIO_printf(bio_err,
" -strictpem do not attempt base64 decode outside PEM markers (-inform \n");
BIO_printf(bio_err, " will be ignored)\n");
goto end;
}
ERR_load_crypto_strings();
in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL)) {
ERR_print_errors(bio_err);
goto end;
}
BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
argc = opt_num_rest();
argv = opt_rest();
if (oidfile != NULL) {
if (BIO_read_filename(in, oidfile) <= 0) {
BIO_printf(bio_err, "problems opening %s\n", oidfile);
ERR_print_errors(bio_err);
in = bio_open_default(oidfile, "r");
if (in == NULL)
goto end;
}
OBJ_create_objects(in);
BIO_free(in);
}
if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
if (BIO_read_filename(in, infile) <= 0) {
perror(infile);
goto end;
}
}
if ((in = bio_open_default(infile, "r")) == NULL)
goto end;
if (derfile) {
if (!(derout = BIO_new_file(derfile, "wb"))) {
BIO_printf(bio_err, "problems opening %s\n", derfile);
ERR_print_errors(bio_err);
goto end;
}
}
if (derfile && (derout = bio_open_default(derfile, "wb")) == NULL)
goto end;
if (strictpem) {
if (PEM_read_bio(in, &name, &header, (unsigned char **)&str, &num) !=
@ -362,7 +307,7 @@ int MAIN(int argc, char **argv)
}
}
if (!noout &&
!ASN1_parse_dump(out, (unsigned char *)&(str[offset]), length,
!ASN1_parse_dump(bio_out, (unsigned char *)&(str[offset]), length,
indent, dump)) {
ERR_print_errors(bio_err);
goto end;
@ -371,7 +316,6 @@ int MAIN(int argc, char **argv)
end:
BIO_free(derout);
BIO_free(in);
BIO_free_all(out);
BIO_free(b64);
if (ret != 0)
ERR_print_errors(bio_err);
@ -388,8 +332,7 @@ int MAIN(int argc, char **argv)
if (osk != NULL)
sk_OPENSSL_STRING_free(osk);
OBJ_cleanup();
apps_shutdown();
OPENSSL_EXIT(ret);
return (ret);
}
static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)

1037
apps/ca.c
View File

File diff suppressed because it is too large Load Diff

163
apps/ciphers.c
View File

@ -1,4 +1,3 @@
/* apps/ciphers.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -63,91 +62,91 @@
#include <openssl/err.h>
#include <openssl/ssl.h>
#undef PROG
#define PROG ciphers_main
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
#ifndef OPENSSL_NO_SSL_TRACE
OPT_STDNAME,
#endif
#ifndef OPENSSL_NO_SSL3
OPT_SSL3,
#endif
OPT_TLS1,
OPT_V, OPT_UPPER_V, OPT_S
} OPTION_CHOICE;
static const char *ciphers_usage[] = {
"usage: ciphers args\n",
" -v - verbose mode, a textual listing of the SSL/TLS ciphers in OpenSSL\n",
" -V - even more verbose\n",
" -ssl3 - SSL3 mode\n",
" -tls1 - TLS1 mode\n",
NULL
OPTIONS ciphers_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"},
{"V", OPT_UPPER_V, '-', "Even more verbose"},
{"s", OPT_S, '-', "Only supported ciphers"},
#ifndef OPENSSL_NO_SSL_TRACE
{"stdname", OPT_STDNAME, '-', "Show standard cipher names"},
#endif
#ifndef OPENSSL_NO_SSL3
{"ssl3", OPT_SSL3, '-', "SSL3 mode"},
#endif
{"tls1", OPT_TLS1, '-', "TLS1 mode"},
{NULL}
};
int MAIN(int, char **);
int MAIN(int argc, char **argv)
int ciphers_main(int argc, char **argv)
{
int ret = 1, i;
int verbose = 0, Verbose = 0;
int use_supported = 0;
SSL_CTX *ctx = NULL;
SSL *ssl = NULL;
STACK_OF(SSL_CIPHER) *sk = NULL;
const SSL_METHOD *meth = SSLv23_server_method();
int ret = 1, i, verbose = 0, Verbose = 0, use_supported = 0;
#ifndef OPENSSL_NO_SSL_TRACE
int stdname = 0;
#endif
const char **pp;
const char *p;
int badops = 0;
SSL_CTX *ctx = NULL;
SSL *ssl = NULL;
char *ciphers = NULL;
const SSL_METHOD *meth = NULL;
STACK_OF(SSL_CIPHER) *sk = NULL;
char *ciphers = NULL, *prog;
char buf[512];
BIO *STDout = NULL;
OPTION_CHOICE o;
meth = SSLv23_server_method();
apps_startup();
if (bio_err == NULL)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
STDout = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
STDout = BIO_push(tmpbio, STDout);
}
#endif
if (!load_config(bio_err, NULL))
goto end;
argc--;
argv++;
while (argc >= 1) {
if (strcmp(*argv, "-v") == 0)
prog = opt_init(argc, argv, ciphers_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(ciphers_options);
ret = 0;
goto end;
case OPT_V:
verbose = 1;
else if (strcmp(*argv, "-V") == 0)
break;
case OPT_UPPER_V:
verbose = Verbose = 1;
else if (strcmp(*argv, "-s") == 0)
break;
case OPT_S:
use_supported = 1;
break;
#ifndef OPENSSL_NO_SSL_TRACE
else if (strcmp(*argv, "-stdname") == 0)
case OPT_STDNAME:
stdname = verbose = 1;
break;
#endif
#ifndef OPENSSL_NO_SSL3
else if (strcmp(*argv, "-ssl3") == 0)
case OPT_SSL3:
meth = SSLv3_client_method();
#endif
else if (strcmp(*argv, "-tls1") == 0)
meth = TLSv1_client_method();
else if ((strncmp(*argv, "-h", 2) == 0) || (strcmp(*argv, "-?") == 0)) {
badops = 1;
break;
} else {
ciphers = *argv;
#endif
case OPT_TLS1:
meth = TLSv1_client_method();
break;
}
argc--;
argv++;
}
argv = opt_rest();
argc = opt_num_rest();
if (badops) {
for (pp = ciphers_usage; (*pp != NULL); pp++)
BIO_printf(bio_err, "%s", *pp);
goto end;
}
OpenSSL_add_ssl_algorithms();
if (argc == 1)
ciphers = *argv;
else if (argc != 0)
goto opthelp;
ctx = SSL_CTX_new(meth);
if (ctx == NULL)
@ -174,11 +173,11 @@ int MAIN(int argc, char **argv)
if (p == NULL)
break;
if (i != 0)
BIO_printf(STDout, ":");
BIO_printf(STDout, "%s", p);
BIO_printf(bio_out, ":");
BIO_printf(bio_out, "%s", p);
}
BIO_printf(STDout, "\n");
} else { /* verbose */
BIO_printf(bio_out, "\n");
} else {
for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
SSL_CIPHER *c;
@ -192,40 +191,32 @@ int MAIN(int argc, char **argv)
int id2 = (int)((id >> 8) & 0xffL);
int id3 = (int)(id & 0xffL);
if ((id & 0xff000000L) == 0x03000000L) {
/* SSL3 cipher */
BIO_printf(STDout, " 0x%02X,0x%02X - ", id2,
id3);
} else {
/* whatever */
BIO_printf(STDout, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0,
id1, id2, id3);
}
if ((id & 0xff000000L) == 0x03000000L)
BIO_printf(bio_out, " 0x%02X,0x%02X - ", id2, id3); /* SSL3
* cipher */
else
BIO_printf(bio_out, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */
}
#ifndef OPENSSL_NO_SSL_TRACE
if (stdname) {
const char *nm = SSL_CIPHER_standard_name(c);
if (nm == NULL)
nm = "UNKNOWN";
BIO_printf(STDout, "%s - ", nm);
BIO_printf(bio_out, "%s - ", nm);
}
#endif
BIO_puts(STDout, SSL_CIPHER_description(c, buf, sizeof buf));
BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof buf));
}
}
ret = 0;
if (0) {
goto end;
err:
SSL_load_error_strings();
ERR_print_errors(bio_err);
}
ERR_print_errors(bio_err);
end:
if (use_supported && sk)
sk_SSL_CIPHER_free(sk);
SSL_CTX_free(ctx);
SSL_free(ssl);
BIO_free_all(STDout);
apps_shutdown();
OPENSSL_EXIT(ret);
return (ret);
}

971
apps/cms.c
View File

File diff suppressed because it is too large Load Diff

341
apps/crl.c
View File

@ -1,4 +1,3 @@
/* apps/crl.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -66,199 +65,168 @@
#include <openssl/x509v3.h>
#include <openssl/pem.h>
#undef PROG
#define PROG crl_main
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_IN, OPT_OUTFORM, OPT_OUT, OPT_KEYFORM, OPT_KEY,
OPT_ISSUER, OPT_LASTUPDATE, OPT_NEXTUPDATE, OPT_FINGERPRINT,
OPT_CRLNUMBER, OPT_BADSIG, OPT_GENDELTA, OPT_CAPATH, OPT_CAFILE,
OPT_VERIFY, OPT_TEXT, OPT_HASH, OPT_HASH_OLD, OPT_NOOUT,
OPT_NAMEOPT, OPT_MD
} OPTION_CHOICE;
#undef POSTFIX
#define POSTFIX ".rvk"
static const char *crl_usage[] = {
"usage: crl args\n",
"\n",
" -inform arg - input format - default PEM (DER or PEM)\n",
" -outform arg - output format - default PEM\n",
" -text - print out a text format version\n",
" -in arg - input file - default stdin\n",
" -out arg - output file - default stdout\n",
" -hash - print hash value\n",
OPTIONS crl_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'F', "Input format; default PEM"},
{"in", OPT_IN, '<', "Input file - default stdin"},
{"outform", OPT_OUTFORM, 'F', "Output format - default PEM"},
{"out", OPT_OUT, '>', "output file - default stdout"},
{"keyform", OPT_KEYFORM, 'F'},
{"key", OPT_KEY, '<'},
{"issuer", OPT_ISSUER, '-', "Print issuer DN"},
{"lastupdate", OPT_LASTUPDATE, '-', "Set lastUpdate field"},
{"nextupdate", OPT_NEXTUPDATE, '-', "Set nextUpdate field"},
{"noout", OPT_NOOUT, '-', "No CRL output"},
{"fingerprint", OPT_FINGERPRINT, '-', "Print the crl fingerprint"},
{"crlnumber", OPT_CRLNUMBER, '-', "Print CRL number"},
{"badsig", OPT_BADSIG, '-'},
{"gendelta", OPT_GENDELTA, '<'},
{"CApath", OPT_CAPATH, '/', "Verify CRL using certificates in dir"},
{"CAfile", OPT_CAFILE, '<', "Verify CRL using certificates in file name"},
{"verify", OPT_VERIFY, '-'},
{"text", OPT_TEXT, '-', "Print out a text format version"},
{"hash", OPT_HASH, '-', "Print hash value"},
#ifndef OPENSSL_NO_MD5
" -hash_old - print old-style (MD5) hash value\n",
{"hash_old", OPT_HASH_OLD, '-', "Print old-style (MD5) hash value"},
#endif
" -fingerprint - print the crl fingerprint\n",
" -issuer - print issuer DN\n",
" -lastupdate - lastUpdate field\n",
" -nextupdate - nextUpdate field\n",
" -crlnumber - print CRL number\n",
" -noout - no CRL output\n",
" -CAfile name - verify CRL using certificates in file \"name\"\n",
" -CApath dir - verify CRL using certificates in \"dir\"\n",
" -nameopt arg - various certificate name options\n",
NULL
{"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
{"", OPT_MD, '-', "Any supported digest"},
{NULL}
};
static BIO *bio_out = NULL;
int MAIN(int, char **);
int MAIN(int argc, char **argv)
int crl_main(int argc, char **argv)
{
unsigned long nmflag = 0;
X509_CRL *x = NULL;
char *CAfile = NULL, *CApath = NULL;
int ret = 1, i, num, badops = 0, badsig = 0;
BIO *out = NULL;
int informat, outformat, keyformat;
char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL;
int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout =
0, text = 0;
#ifndef OPENSSL_NO_MD5
int hash_old = 0;
#endif
int fingerprint = 0, crlnumber = 0;
const char **pp;
X509_STORE *store = NULL;
X509_STORE_CTX ctx;
X509_LOOKUP *lookup = NULL;
X509_OBJECT xobj;
EVP_PKEY *pkey;
int do_ver = 0;
const EVP_MD *md_alg, *digest = EVP_sha1();
apps_startup();
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
if (bio_out == NULL)
if ((bio_out = BIO_new(BIO_s_file())) != NULL) {
BIO_set_fp(bio_out, stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
bio_out = BIO_push(tmpbio, bio_out);
}
#endif
}
informat = FORMAT_PEM;
outformat = FORMAT_PEM;
keyformat = FORMAT_PEM;
argc--;
argv++;
num = 0;
while (argc >= 1) {
if (strcmp(*argv, "-inform") == 0) {
if (--argc < 1)
goto bad;
informat = str2fmt(*(++argv));
} else if (strcmp(*argv, "-outform") == 0) {
if (--argc < 1)
goto bad;
outformat = str2fmt(*(++argv));
} else if (strcmp(*argv, "-in") == 0) {
if (--argc < 1)
goto bad;
infile = *(++argv);
} else if (strcmp(*argv, "-gendelta") == 0) {
if (--argc < 1)
goto bad;
crldiff = *(++argv);
} else if (strcmp(*argv, "-key") == 0) {
if (--argc < 1)
goto bad;
keyfile = *(++argv);
} else if (strcmp(*argv, "-keyform") == 0) {
if (--argc < 1)
goto bad;
keyformat = str2fmt(*(++argv));
} else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
outfile = *(++argv);
} else if (strcmp(*argv, "-CApath") == 0) {
if (--argc < 1)
goto bad;
CApath = *(++argv);
do_ver = 1;
} else if (strcmp(*argv, "-CAfile") == 0) {
if (--argc < 1)
goto bad;
CAfile = *(++argv);
do_ver = 1;
} else if (strcmp(*argv, "-verify") == 0)
do_ver = 1;
else if (strcmp(*argv, "-text") == 0)
text = 1;
else if (strcmp(*argv, "-hash") == 0)
hash = ++num;
const EVP_MD *digest = EVP_sha1();
unsigned long nmflag = 0;
char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL;
char *CAfile = NULL, *CApath = NULL, *prog;
OPTION_CHOICE o;
int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout =
0, text = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM;
int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber =
0, i, do_ver = 0;
#ifndef OPENSSL_NO_MD5
else if (strcmp(*argv, "-hash_old") == 0)
hash_old = ++num;
int hash_old = 0;
#endif
else if (strcmp(*argv, "-nameopt") == 0) {
if (--argc < 1)
goto bad;
if (!set_name_ex(&nmflag, *(++argv)))
goto bad;
} else if (strcmp(*argv, "-issuer") == 0)
issuer = ++num;
else if (strcmp(*argv, "-lastupdate") == 0)
lastupdate = ++num;
else if (strcmp(*argv, "-nextupdate") == 0)
nextupdate = ++num;
else if (strcmp(*argv, "-noout") == 0)
noout = ++num;
else if (strcmp(*argv, "-fingerprint") == 0)
fingerprint = ++num;
else if (strcmp(*argv, "-crlnumber") == 0)
crlnumber = ++num;
else if (strcmp(*argv, "-badsig") == 0)
badsig = 1;
else if ((md_alg = EVP_get_digestbyname(*argv + 1))) {
/* ok */
digest = md_alg;
} else {
BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1;
prog = opt_init(argc, argv, crl_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(crl_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_KEYFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &keyformat))
goto opthelp;
break;
case OPT_KEY:
keyfile = opt_arg();
break;
case OPT_GENDELTA:
crldiff = opt_arg();
break;
case OPT_CAPATH:
CApath = opt_arg();
do_ver = 1;
break;
case OPT_CAFILE:
CAfile = opt_arg();
do_ver = 1;
break;
#ifndef OPENSSL_NO_MD5
case OPT_HASH_OLD:
hash_old = ++num;
break;
#endif
case OPT_VERIFY:
do_ver = 1;
break;
case OPT_TEXT:
text = 1;
break;
case OPT_HASH:
hash = ++num;
break;
case OPT_ISSUER:
issuer = ++num;
break;
case OPT_LASTUPDATE:
lastupdate = ++num;
break;
case OPT_NEXTUPDATE:
nextupdate = ++num;
break;
case OPT_NOOUT:
noout = ++num;
break;
case OPT_FINGERPRINT:
fingerprint = ++num;
break;
case OPT_CRLNUMBER:
crlnumber = ++num;
break;
case OPT_BADSIG:
badsig = 1;
break;
case OPT_NAMEOPT:
if (!set_name_ex(&nmflag, opt_arg()))
goto opthelp;
break;
case OPT_MD:
if (!opt_md(opt_unknown(), &digest))
goto opthelp;
}
argc--;
argv++;
}
argc = opt_num_rest();
argv = opt_rest();
if (badops) {
bad:
for (pp = crl_usage; (*pp != NULL); pp++)
BIO_printf(bio_err, "%s", *pp);
goto end;
}
ERR_load_crypto_strings();
x = load_crl(infile, informat);
if (x == NULL) {
if (x == NULL)
goto end;
}
if (do_ver) {
store = X509_STORE_new();
if (!(store = setup_verify(CAfile, CApath)))
goto end;
lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
if (lookup == NULL)
goto end;
if (!X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM))
X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
if (lookup == NULL)
goto end;
if (!X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM))
X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
ERR_clear_error();
if (!X509_STORE_CTX_init(&ctx, store, NULL, NULL)) {
BIO_printf(bio_err, "Error initialising X509 store\n");
goto end;
@ -295,8 +263,7 @@ int MAIN(int argc, char **argv)
newcrl = load_crl(crldiff, informat);
if (!newcrl)
goto end;
pkey = load_key(bio_err, keyfile, keyformat, 0, NULL, NULL,
"CRL signing key");
pkey = load_key(keyfile, keyformat, 0, NULL, NULL, "CRL signing key");
if (!pkey) {
X509_CRL_free(newcrl);
goto end;
@ -371,27 +338,9 @@ int MAIN(int argc, char **argv)
}
}
}
out = BIO_new(BIO_s_file());
if (out == NULL) {
ERR_print_errors(bio_err);
out = bio_open_default(outfile, "w");
if (out == NULL)
goto end;
}
if (outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
} else {
if (BIO_write_filename(out, outfile) <= 0) {
perror(outfile);
goto end;
}
}
if (text)
X509_CRL_print(out, x);
@ -406,28 +355,22 @@ int MAIN(int argc, char **argv)
if (outformat == FORMAT_ASN1)
i = (int)i2d_X509_CRL_bio(out, x);
else if (outformat == FORMAT_PEM)
else
i = PEM_write_bio_X509_CRL(out, x);
else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
}
if (!i) {
BIO_printf(bio_err, "unable to write CRL\n");
goto end;
}
ret = 0;
end:
if (ret != 0)
ERR_print_errors(bio_err);
BIO_free_all(out);
BIO_free_all(bio_out);
bio_out = NULL;
X509_CRL_free(x);
if (store) {
X509_STORE_CTX_cleanup(&ctx);
X509_STORE_free(store);
}
apps_shutdown();
OPENSSL_EXIT(ret);
return (ret);
}

183
apps/crl2p7.c
View File

@ -1,4 +1,3 @@
/* apps/crl2p7.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -74,129 +73,89 @@
#include <openssl/objects.h>
static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
#undef PROG
#define PROG crl2pkcs7_main
/*-
* -inform arg - input format - default PEM (DER or PEM)
* -outform arg - output format - default PEM
* -in arg - input file - default stdin
* -out arg - output file - default stdout
*/
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOCRL, OPT_CERTFILE
} OPTION_CHOICE;
int MAIN(int, char **);
OPTIONS crl2pkcs7_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
{"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
{"in", OPT_IN, '<', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
{"nocrl", OPT_NOCRL, '-', "No crl to load, just certs from '-certfile'"},
{"certfile", OPT_CERTFILE, '<',
"File of chain of certs to a trusted CA; can be repeated"},
{NULL}
};
int MAIN(int argc, char **argv)
int crl2pkcs7_main(int argc, char **argv)
{
int i, badops = 0;
BIO *in = NULL, *out = NULL;
int informat, outformat;
char *infile, *outfile, *prog, *certfile;
PKCS7 *p7 = NULL;
PKCS7_SIGNED *p7s = NULL;
X509_CRL *crl = NULL;
STACK_OF(OPENSSL_STRING) *certflst = NULL;
STACK_OF(X509_CRL) *crl_stack = NULL;
STACK_OF(X509) *cert_stack = NULL;
int ret = 1, nocrl = 0;
STACK_OF(X509_CRL) *crl_stack = NULL;
X509_CRL *crl = NULL;
char *infile = NULL, *outfile = NULL, *prog, *certfile;
int i = 0, informat = FORMAT_PEM, outformat = FORMAT_PEM, ret = 1, nocrl =
0;
OPTION_CHOICE o;
apps_startup();
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
infile = NULL;
outfile = NULL;
informat = FORMAT_PEM;
outformat = FORMAT_PEM;
prog = argv[0];
argc--;
argv++;
while (argc >= 1) {
if (strcmp(*argv, "-inform") == 0) {
if (--argc < 1)
goto bad;
informat = str2fmt(*(++argv));
} else if (strcmp(*argv, "-outform") == 0) {
if (--argc < 1)
goto bad;
outformat = str2fmt(*(++argv));
} else if (strcmp(*argv, "-in") == 0) {
if (--argc < 1)
goto bad;
infile = *(++argv);
} else if (strcmp(*argv, "-nocrl") == 0) {
prog = opt_init(argc, argv, crl2pkcs7_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(crl2pkcs7_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
goto opthelp;
break;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_NOCRL:
nocrl = 1;
} else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
outfile = *(++argv);
} else if (strcmp(*argv, "-certfile") == 0) {
if (--argc < 1)
goto bad;
if (!certflst)
certflst = sk_OPENSSL_STRING_new_null();
if (!certflst)
break;
case OPT_CERTFILE:
if (!certflst && !(certflst = sk_OPENSSL_STRING_new_null()))
goto end;
if (!sk_OPENSSL_STRING_push(certflst, *(++argv))) {
sk_OPENSSL_STRING_free(certflst);
goto end;
}
} else {
BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1;
break;
}
argc--;
argv++;
}
if (badops) {
bad:
BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, " -inform arg input format - DER or PEM\n");
BIO_printf(bio_err, " -outform arg output format - DER or PEM\n");
BIO_printf(bio_err, " -in arg input file\n");
BIO_printf(bio_err, " -out arg output file\n");
BIO_printf(bio_err,
" -certfile arg certificates file of chain to a trusted CA\n");
BIO_printf(bio_err, " (can be used more than once)\n");
BIO_printf(bio_err,
" -nocrl no crl to load, just certs from '-certfile'\n");
ret = 1;
goto end;
}
ERR_load_crypto_strings();
in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL)) {
ERR_print_errors(bio_err);
goto end;
}
argc = opt_num_rest();
argv = opt_rest();
if (!nocrl) {
if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
if (BIO_read_filename(in, infile) <= 0) {
perror(infile);
goto end;
}
}
in = bio_open_default(infile, RB(informat));
if (in == NULL)
goto end;
if (informat == FORMAT_ASN1)
crl = d2i_X509_CRL_bio(in, NULL);
else if (informat == FORMAT_PEM)
crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
else {
BIO_printf(bio_err, "bad input format specified for input crl\n");
goto end;
}
if (crl == NULL) {
BIO_printf(bio_err, "unable to load CRL\n");
ERR_print_errors(bio_err);
@ -238,29 +197,14 @@ int MAIN(int argc, char **argv)
sk_OPENSSL_STRING_free(certflst);
if (outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
} else {
if (BIO_write_filename(out, outfile) <= 0) {
perror(outfile);
goto end;
}
}
out = bio_open_default(outfile, WB(outformat));
if (out == NULL)
goto end;
if (outformat == FORMAT_ASN1)
i = i2d_PKCS7_bio(out, p7);
else if (outformat == FORMAT_PEM)
i = PEM_write_bio_PKCS7(out, p7);
else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
}
if (!i) {
BIO_printf(bio_err, "unable to write pkcs7 object\n");
ERR_print_errors(bio_err);
@ -274,8 +218,7 @@ int MAIN(int argc, char **argv)
if (crl != NULL)
X509_CRL_free(crl);
apps_shutdown();
OPENSSL_EXIT(ret);
return (ret);
}
/*-
@ -296,8 +239,8 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
STACK_OF(X509_INFO) *sk = NULL;
X509_INFO *xi;
in = BIO_new(BIO_s_file());
if ((in == NULL) || (BIO_read_filename(in, certfile) <= 0)) {
in = BIO_new_file(certfile, "r");
if (in == NULL) {
BIO_printf(bio_err, "error opening the file, %s\n", certfile);
goto end;
}

368
apps/dgst.c
View File

@ -1,4 +1,3 @@
/* apps/dgst.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -71,221 +70,186 @@
#undef BUFSIZE
#define BUFSIZE 1024*8
#undef PROG
#define PROG dgst_main
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
EVP_PKEY *key, unsigned char *sigin, int siglen,
const char *sig_name, const char *md_name,
const char *file, BIO *bmd);
static void list_md_fn(const EVP_MD *m,
const char *from, const char *to, void *arg)
{
const char *mname;
/* Skip aliases */
if (!m)
return;
mname = OBJ_nid2ln(EVP_MD_type(m));
/* Skip shortnames */
if (strcmp(from, mname))
return;
/* Skip clones */
if (EVP_MD_flags(m) & EVP_MD_FLAG_PKEY_DIGEST)
return;
if (strchr(mname, ' '))
mname = EVP_MD_name(m);
BIO_printf(arg, "-%-14s to use the %s message digest algorithm\n",
mname, mname);
}
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_C, OPT_R, OPT_RAND, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY,
OPT_PRVERIFY, OPT_SIGNATURE, OPT_KEYFORM, OPT_ENGINE, OPT_ENGINE_IMPL,
OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT,
OPT_NON_FIPS_ALLOW, OPT_HMAC, OPT_MAC, OPT_SIGOPT, OPT_MACOPT,
OPT_DIGEST
} OPTION_CHOICE;
int MAIN(int, char **);
OPTIONS dgst_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [options] [file...]\n"},
{OPT_HELP_STR, 1, '-',
" file... files to digest (default is stdin)\n"},
{"help", OPT_HELP, '-', "Display this summary"},
{"c", OPT_C, '-', "Print the digest with separating colons"},
{"r", OPT_R, '-', "Print the digest in coreutils format"},
{"rand", OPT_RAND, 's'},
{"out", OPT_OUT, '>', "Output to filename rather than stdout"},
{"passin", OPT_PASSIN, 's'},
{"sign", OPT_SIGN, '<', "Sign digest using private key in file"},
{"verify", OPT_VERIFY, '<',
"Verify a signature using public key in file"},
{"prverify", OPT_PRVERIFY, '<',
"Verify a signature using private key in file"},
{"signature", OPT_SIGNATURE, '<', "File with signature to verify"},
{"keyform", OPT_KEYFORM, 'f', "Key file format (PEM or ENGINE)"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
#endif
{"engine_impl", OPT_ENGINE_IMPL, '-'},
{"hex", OPT_HEX, '-', "Print as hex dump"},
{"binary", OPT_BINARY, '-', "Print in binary form"},
{"d", OPT_DEBUG, '-', "Print debug info"},
{"debug", OPT_DEBUG, '-'},
{"fips-fingerprint", OPT_FIPS_FINGERPRINT, '-'},
{"non-fips-allow", OPT_NON_FIPS_ALLOW, '-'},
{"hmac", OPT_HMAC, 's', "Create hashed MAC with key"},
{"mac", OPT_MAC, 's', "Create MAC (not neccessarily HMAC)"},
{"sigop", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
{"macop", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key"},
{"", OPT_DIGEST, '-', "Any supported digest"},
{NULL}
};
int MAIN(int argc, char **argv)
int dgst_main(int argc, char **argv)
{
BIO *in = NULL, *inp, *bmd = NULL, *out = NULL;
ENGINE *e = NULL, *impl = NULL;
unsigned char *buf = NULL;
int i, err = 1;
const EVP_MD *md = NULL, *m;
BIO *in = NULL, *inp;
BIO *bmd = NULL;
BIO *out = NULL;
#define PROG_NAME_SIZE 39
char pname[PROG_NAME_SIZE + 1];
int separator = 0;
int debug = 0;
int keyform = FORMAT_PEM;
const char *outfile = NULL, *keyfile = NULL;
const char *sigfile = NULL, *randfile = NULL;
int out_bin = -1, want_pub = 0, do_verify = 0;
EVP_PKEY *sigkey = NULL;
unsigned char *sigbuf = NULL;
int siglen = 0;
char *passargin = NULL, *passin = NULL;
STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL;
char *hmac_key = NULL;
char *mac_name = NULL;
char *passinarg = NULL, *passin = NULL;
const EVP_MD *md = NULL, *m;
const char *outfile = NULL, *keyfile = NULL, *prog = NULL;
const char *sigfile = NULL, *randfile = NULL;
OPTION_CHOICE o;
int separator = 0, debug = 0, keyform = FORMAT_PEM, siglen = 0;
int i, ret = 1, out_bin = -1, want_pub = 0, do_verify =
0, non_fips_allow = 0;
unsigned char *buf = NULL, *sigbuf = NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
int engine_impl = 0;
#endif
char *hmac_key = NULL;
char *mac_name = NULL;
int non_fips_allow = 0;
STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL;
apps_startup();
prog = opt_progname(argv[0]);
if ((buf = (unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL) {
BIO_printf(bio_err, "out of memory\n");
BIO_printf(bio_err, "%s: out of memory\n", prog);
goto end;
}
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
md = EVP_get_digestbyname(prog);
if (!load_config(bio_err, NULL))
goto end;
/* first check the program name */
program_name(argv[0], pname, sizeof pname);
md = EVP_get_digestbyname(pname);
argc--;
argv++;
while (argc > 0) {
if ((*argv)[0] != '-')
break;
if (strcmp(*argv, "-c") == 0)
prog = opt_init(argc, argv, dgst_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(dgst_options);
ret = 0;
goto end;
case OPT_C:
separator = 1;
else if (strcmp(*argv, "-r") == 0)
break;
case OPT_R:
separator = 2;
else if (strcmp(*argv, "-rand") == 0) {
if (--argc < 1)
break;
randfile = *(++argv);
} else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
break;
outfile = *(++argv);
} else if (strcmp(*argv, "-sign") == 0) {
if (--argc < 1)
break;
keyfile = *(++argv);
} else if (!strcmp(*argv, "-passin")) {
if (--argc < 1)
break;
passargin = *++argv;
} else if (strcmp(*argv, "-verify") == 0) {
if (--argc < 1)
break;
keyfile = *(++argv);
want_pub = 1;
break;
case OPT_RAND:
randfile = opt_arg();
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_SIGN:
keyfile = opt_arg();
break;
case OPT_PASSIN:
passinarg = opt_arg();
break;
case OPT_VERIFY:
keyfile = opt_arg();
want_pub = do_verify = 1;
break;
case OPT_PRVERIFY:
keyfile = opt_arg();
do_verify = 1;
} else if (strcmp(*argv, "-prverify") == 0) {
if (--argc < 1)
break;
keyfile = *(++argv);
do_verify = 1;
} else if (strcmp(*argv, "-signature") == 0) {
if (--argc < 1)
break;
sigfile = *(++argv);
} else if (strcmp(*argv, "-keyform") == 0) {
if (--argc < 1)
break;
keyform = str2fmt(*(++argv));
}
break;
case OPT_SIGNATURE:
sigfile = opt_arg();
break;
case OPT_KEYFORM:
if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform))
goto opthelp;
break;
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv, "-engine") == 0) {
if (--argc < 1)
break;
engine = *(++argv);
e = setup_engine(bio_err, engine, 0);
} else if (strcmp(*argv, "-engine_impl") == 0)
case OPT_ENGINE:
engine = opt_arg();
e = setup_engine(engine, 0);
break;
case OPT_ENGINE_IMPL:
engine_impl = 1;
break;
#endif
else if (strcmp(*argv, "-hex") == 0)
case OPT_HEX:
out_bin = 0;
else if (strcmp(*argv, "-binary") == 0)
break;
case OPT_BINARY:
out_bin = 1;
else if (strcmp(*argv, "-d") == 0)
break;
case OPT_DEBUG:
debug = 1;
else if (!strcmp(*argv, "-fips-fingerprint"))
break;
case OPT_FIPS_FINGERPRINT:
hmac_key = "etaonrishdlcupfm";
else if (strcmp(*argv, "-non-fips-allow") == 0)
break;
case OPT_NON_FIPS_ALLOW:
non_fips_allow = 1;
else if (!strcmp(*argv, "-hmac")) {
if (--argc < 1)
break;
hmac_key = *++argv;
} else if (!strcmp(*argv, "-mac")) {
if (--argc < 1)
break;
mac_name = *++argv;
} else if (strcmp(*argv, "-sigopt") == 0) {
if (--argc < 1)
break;
break;
case OPT_HMAC:
hmac_key = opt_arg();
break;
case OPT_MAC:
mac_name = opt_arg();
break;
case OPT_SIGOPT:
if (!sigopts)
sigopts = sk_OPENSSL_STRING_new_null();
if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
break;
} else if (strcmp(*argv, "-macopt") == 0) {
if (--argc < 1)
break;
if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg()))
goto opthelp;
break;
case OPT_MACOPT:
if (!macopts)
macopts = sk_OPENSSL_STRING_new_null();
if (!macopts || !sk_OPENSSL_STRING_push(macopts, *(++argv)))
break;
} else if ((m = EVP_get_digestbyname(&((*argv)[1]))) != NULL)
md = m;
else
if (!macopts || !sk_OPENSSL_STRING_push(macopts, opt_arg()))
goto opthelp;
break;
argc--;
argv++;
case OPT_DIGEST:
if (!opt_md(opt_unknown(), &m))
goto opthelp;
md = m;
break;
}
}
argc = opt_num_rest();
argv = opt_rest();
if (do_verify && !sigfile) {
BIO_printf(bio_err,
"No signature to verify: use the -signature option\n");
goto end;
}
if ((argc > 0) && (argv[0][0] == '-')) { /* bad option */
BIO_printf(bio_err, "unknown option '%s'\n", *argv);
BIO_printf(bio_err, "options are\n");
BIO_printf(bio_err,
"-c to output the digest with separating colons\n");
BIO_printf(bio_err,
"-r to output the digest in coreutils format\n");
BIO_printf(bio_err, "-d to output debug info\n");
BIO_printf(bio_err, "-hex output as hex dump\n");
BIO_printf(bio_err, "-binary output in binary form\n");
BIO_printf(bio_err, "-hmac arg set the HMAC key to arg\n");
BIO_printf(bio_err, "-non-fips-allow allow use of non FIPS digest\n");
BIO_printf(bio_err,
"-sign file sign digest using private key in file\n");
BIO_printf(bio_err,
"-verify file verify a signature using public key in file\n");
BIO_printf(bio_err,
"-prverify file verify a signature using private key in file\n");
BIO_printf(bio_err,
"-keyform arg key file format (PEM or ENGINE)\n");
BIO_printf(bio_err,
"-out filename output to filename rather than stdout\n");
BIO_printf(bio_err, "-signature file signature to verify\n");
BIO_printf(bio_err, "-sigopt nm:v signature parameter\n");
BIO_printf(bio_err, "-hmac key create hashed MAC with key\n");
BIO_printf(bio_err,
"-mac algorithm create MAC (not neccessarily HMAC)\n");
BIO_printf(bio_err,
"-macopt nm:v MAC algorithm parameters or key\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,
"-engine e use engine e, possibly a hardware device.\n");
#endif
EVP_MD_do_all_sorted(list_md_fn, bio_err);
goto end;
}
#ifndef OPENSSL_NO_ENGINE
if (engine_impl)
impl = e;
@ -304,7 +268,7 @@ int MAIN(int argc, char **argv)
BIO_set_callback_arg(in, (char *)bio_err);
}
if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
if (!app_passwd(passinarg, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
@ -317,29 +281,12 @@ int MAIN(int argc, char **argv)
}
if (randfile)
app_RAND_load_file(randfile, bio_err, 0);
app_RAND_load_file(randfile, 0);
if (outfile) {
if (out_bin)
out = BIO_new_file(outfile, "wb");
else
out = BIO_new_file(outfile, "w");
} else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
if (!out) {
BIO_printf(bio_err, "Error opening output file %s\n",
outfile ? outfile : "(stdout)");
ERR_print_errors(bio_err);
out = bio_open_default(outfile, out_bin ? "wb" : "w");
if (out == NULL)
goto end;
}
if ((! !mac_name + ! !keyfile + ! !hmac_key) > 1) {
BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n");
goto end;
@ -347,11 +294,9 @@ int MAIN(int argc, char **argv)
if (keyfile) {
if (want_pub)
sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL,
e, "key file");
sigkey = load_pubkey(keyfile, keyform, 0, NULL, e, "key file");
else
sigkey = load_key(bio_err, keyfile, keyform, 0, passin,
e, "key file");
sigkey = load_key(keyfile, keyform, 0, passin, e, "key file");
if (!sigkey) {
/*
* load_[pub]key() has already printed an appropriate message
@ -363,7 +308,7 @@ int MAIN(int argc, char **argv)
if (mac_name) {
EVP_PKEY_CTX *mac_ctx = NULL;
int r = 0;
if (!init_gen_str(bio_err, &mac_ctx, mac_name, impl, 0))
if (!init_gen_str(&mac_ctx, mac_name, impl, 0))
goto mac_end;
if (macopts) {
char *macopt;
@ -443,25 +388,23 @@ int MAIN(int argc, char **argv)
if (md == NULL)
md = EVP_md5();
if (!EVP_DigestInit_ex(mctx, md, impl)) {
BIO_printf(bio_err, "Error setting digest %s\n", pname);
BIO_printf(bio_err, "Error setting digest\n");
ERR_print_errors(bio_err);
goto end;
}
}
if (sigfile && sigkey) {
BIO *sigbio;
sigbio = BIO_new_file(sigfile, "rb");
siglen = EVP_PKEY_size(sigkey);
sigbuf = OPENSSL_malloc(siglen);
BIO *sigbio = BIO_new_file(sigfile, "rb");
if (!sigbio) {
BIO_printf(bio_err, "Error opening signature file %s\n", sigfile);
ERR_print_errors(bio_err);
goto end;
}
siglen = EVP_PKEY_size(sigkey);
sigbuf = OPENSSL_malloc(siglen);
if (!sigbuf) {
BIO_printf(bio_err, "Out of memory\n");
ERR_print_errors(bio_err);
goto end;
}
siglen = BIO_read(sigbio, sigbuf, siglen);
@ -482,7 +425,7 @@ int MAIN(int argc, char **argv)
if (argc == 0) {
BIO_set_fp(in, stdin, BIO_NOCLOSE);
err = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
ret = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
siglen, NULL, NULL, "stdin", bmd);
} else {
const char *md_name = NULL, *sig_name = NULL;
@ -497,18 +440,18 @@ int MAIN(int argc, char **argv)
if (md)
md_name = EVP_MD_name(md);
}
err = 0;
ret = 0;
for (i = 0; i < argc; i++) {
int r;
if (BIO_read_filename(in, argv[i]) <= 0) {
perror(argv[i]);
err++;
ret++;
continue;
} else
r = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
siglen, sig_name, md_name, argv[i], bmd);
if (r)
err = r;
ret = r;
(void)BIO_reset(bmd);
}
}
@ -529,8 +472,7 @@ int MAIN(int argc, char **argv)
if (sigbuf)
OPENSSL_free(sigbuf);
BIO_free(bmd);
apps_shutdown();
OPENSSL_EXIT(err);
return (ret);
}
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,

325
apps/dh.c
View File

@ -1,325 +0,0 @@
/* apps/dh.c */
/* obsoleted by dhparam.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <openssl/opensslconf.h> /* for OPENSSL_NO_DH */
#ifndef OPENSSL_NO_DH
# include <stdio.h>
# include <stdlib.h>
# include <time.h>
# include <string.h>
# include "apps.h"
# include <openssl/bio.h>
# include <openssl/err.h>
# include <openssl/bn.h>
# include <openssl/dh.h>
# include <openssl/x509.h>
# include <openssl/pem.h>
# undef PROG
# define PROG dh_main
/*-
* -inform arg - input format - default PEM (DER or PEM)
* -outform arg - output format - default PEM
* -in arg - input file - default stdin
* -out arg - output file - default stdout
* -check - check the parameters are ok
* -noout
* -text
* -C
*/
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
DH *dh = NULL;
int i, badops = 0, text = 0;
BIO *in = NULL, *out = NULL;
int informat, outformat, check = 0, noout = 0, C = 0, ret = 1;
char *infile, *outfile, *prog;
# ifndef OPENSSL_NO_ENGINE
char *engine;
# endif
apps_startup();
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
# ifndef OPENSSL_NO_ENGINE
engine = NULL;
# endif
infile = NULL;
outfile = NULL;
informat = FORMAT_PEM;
outformat = FORMAT_PEM;
prog = argv[0];
argc--;
argv++;
while (argc >= 1) {
if (strcmp(*argv, "-inform") == 0) {
if (--argc < 1)
goto bad;
informat = str2fmt(*(++argv));
} else if (strcmp(*argv, "-outform") == 0) {
if (--argc < 1)
goto bad;
outformat = str2fmt(*(++argv));
} else if (strcmp(*argv, "-in") == 0) {
if (--argc < 1)
goto bad;
infile = *(++argv);
} else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
outfile = *(++argv);
}
# ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv, "-engine") == 0) {
if (--argc < 1)
goto bad;
engine = *(++argv);
}
# endif
else if (strcmp(*argv, "-check") == 0)
check = 1;
else if (strcmp(*argv, "-text") == 0)
text = 1;
else if (strcmp(*argv, "-C") == 0)
C = 1;
else if (strcmp(*argv, "-noout") == 0)
noout = 1;
else {
BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1;
break;
}
argc--;
argv++;
}
if (badops) {
bad:
BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, " -inform arg input format - one of DER PEM\n");
BIO_printf(bio_err,
" -outform arg output format - one of DER PEM\n");
BIO_printf(bio_err, " -in arg input file\n");
BIO_printf(bio_err, " -out arg output file\n");
BIO_printf(bio_err, " -check check the DH parameters\n");
BIO_printf(bio_err,
" -text print a text form of the DH parameters\n");
BIO_printf(bio_err, " -C Output C code\n");
BIO_printf(bio_err, " -noout no output\n");
# ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,
" -engine e use engine e, possibly a hardware device.\n");
# endif
goto end;
}
ERR_load_crypto_strings();
# ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
# endif
in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL)) {
ERR_print_errors(bio_err);
goto end;
}
if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
if (BIO_read_filename(in, infile) <= 0) {
perror(infile);
goto end;
}
}
if (outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
# ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
# endif
} else {
if (BIO_write_filename(out, outfile) <= 0) {
perror(outfile);
goto end;
}
}
if (informat == FORMAT_ASN1)
dh = d2i_DHparams_bio(in, NULL);
else if (informat == FORMAT_PEM)
dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
else {
BIO_printf(bio_err, "bad input format specified\n");
goto end;
}
if (dh == NULL) {
BIO_printf(bio_err, "unable to load DH parameters\n");
ERR_print_errors(bio_err);
goto end;
}
if (text) {
DHparams_print(out, dh);
}
if (check) {
if (!DH_check(dh, &i)) {
ERR_print_errors(bio_err);
goto end;
}
if (i & DH_CHECK_P_NOT_PRIME)
printf("p value is not prime\n");
if (i & DH_CHECK_P_NOT_SAFE_PRIME)
printf("p value is not a safe prime\n");
if (i & DH_UNABLE_TO_CHECK_GENERATOR)
printf("unable to check the generator value\n");
if (i & DH_NOT_SUITABLE_GENERATOR)
printf("the g value is not a generator\n");
if (i == 0)
printf("DH parameters appear to be ok.\n");
}
if (C) {
unsigned char *data;
int len, l, bits;
len = BN_num_bytes(dh->p);
bits = BN_num_bits(dh->p);
data = (unsigned char *)OPENSSL_malloc(len);
if (data == NULL) {
perror("OPENSSL_malloc");
goto end;
}
l = BN_bn2bin(dh->p, data);
printf("static unsigned char dh%d_p[]={", bits);
for (i = 0; i < l; i++) {
if ((i % 12) == 0)
printf("\n\t");
printf("0x%02X,", data[i]);
}
printf("\n\t};\n");
l = BN_bn2bin(dh->g, data);
printf("static unsigned char dh%d_g[]={", bits);
for (i = 0; i < l; i++) {
if ((i % 12) == 0)
printf("\n\t");
printf("0x%02X,", data[i]);
}
printf("\n\t};\n\n");
printf("DH *get_dh%d()\n\t{\n", bits);
printf("\tDH *dh;\n\n");
printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n");
printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n",
bits, bits);
printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n",
bits, bits);
printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
printf("\t\treturn(NULL);\n");
printf("\treturn(dh);\n\t}\n");
OPENSSL_free(data);
}
if (!noout) {
if (outformat == FORMAT_ASN1)
i = i2d_DHparams_bio(out, dh);
else if (outformat == FORMAT_PEM)
i = PEM_write_bio_DHparams(out, dh);
else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
}
if (!i) {
BIO_printf(bio_err, "unable to write DH parameters\n");
ERR_print_errors(bio_err);
goto end;
}
}
ret = 0;
end:
BIO_free(in);
BIO_free_all(out);
DH_free(dh);
apps_shutdown();
OPENSSL_EXIT(ret);
}
#else /* !OPENSSL_NO_DH */
# if PEDANTIC
static void *dummy = &dummy;
# endif
#endif

349
apps/dhparam.c
View File

@ -1,4 +1,3 @@
/* apps/dhparam.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -127,170 +126,131 @@
# include <openssl/dsa.h>
# endif
# undef PROG
# define PROG dhparam_main
# define DEFBITS 2048
/*-
* -inform arg - input format - default PEM (DER or PEM)
* -outform arg - output format - default PEM
* -in arg - input file - default stdin
* -out arg - output file - default stdout
* -dsaparam - read or generate DSA parameters, convert to DH
* -check - check the parameters are ok
* -noout
* -text
* -C
*/
static int dh_cb(int p, int n, BN_GENCB *cb);
int MAIN(int, char **);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT,
OPT_ENGINE, OPT_CHECK, OPT_TEXT, OPT_NOOUT,
OPT_RAND, OPT_DSAPARAM, OPT_C, OPT_2, OPT_5
} OPTION_CHOICE;
int MAIN(int argc, char **argv)
OPTIONS dhparam_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [flags] [numbits]\n"},
{OPT_HELP_STR, 1, '-', "Valid options are:\n"},
{"help", OPT_HELP, '-', "Display this summary"},
{"in", OPT_IN, '<', "Input file"},
{"inform", OPT_INFORM, 'F', "Input format, DER or PEM"},
{"outform", OPT_OUTFORM, 'F', "Output format, DER or PEM"},
{"out", OPT_OUT, '>', "Output file"},
{"check", OPT_CHECK, '-', "Check the DH parameters"},
{"text", OPT_TEXT, '-', "Print a text form of the DH parameters"},
{"noout", OPT_NOOUT, '-'},
{"rand", OPT_RAND, 's',
"Load the file(s) into the random number generator"},
{"C", OPT_C, '-', "Print C code"},
{"2", OPT_2, '-', "Generate parameters using 2 as the generator value"},
{"5", OPT_5, '-', "Generate parameters using 5 as the generator value"},
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
# endif
# ifndef OPENSSL_NO_DSA
{"dsaparam", OPT_DSAPARAM, '-',
"Read or generate DSA parameters, convert to DH"},
# endif
{NULL}
};
int dhparam_main(int argc, char **argv)
{
DH *dh = NULL;
int i, badops = 0, text = 0;
# ifndef OPENSSL_NO_DSA
int dsaparam = 0;
# endif
BIO *in = NULL, *out = NULL;
int informat, outformat, check = 0, noout = 0, C = 0, ret = 1;
char *infile, *outfile, *prog;
char *inrand = NULL;
# ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
# endif
int num = 0, g = 0;
DH *dh = NULL;
char *engine = NULL, *infile = NULL, *outfile = NULL, *prog, *inrand =
NULL;
int dsaparam = 0, i, text = 0, C = 0, ret = 1, num = 0, g = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, check = 0, noout = 0;
OPTION_CHOICE o;
apps_startup();
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
infile = NULL;
outfile = NULL;
informat = FORMAT_PEM;
outformat = FORMAT_PEM;
prog = argv[0];
argc--;
argv++;
while (argc >= 1) {
if (strcmp(*argv, "-inform") == 0) {
if (--argc < 1)
goto bad;
informat = str2fmt(*(++argv));
} else if (strcmp(*argv, "-outform") == 0) {
if (--argc < 1)
goto bad;
outformat = str2fmt(*(++argv));
} else if (strcmp(*argv, "-in") == 0) {
if (--argc < 1)
goto bad;
infile = *(++argv);
} else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
outfile = *(++argv);
}
# ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv, "-engine") == 0) {
if (--argc < 1)
goto bad;
engine = *(++argv);
}
# endif
else if (strcmp(*argv, "-check") == 0)
prog = opt_init(argc, argv, dhparam_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(dhparam_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
goto opthelp;
break;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_ENGINE:
engine = opt_arg();
break;
case OPT_CHECK:
check = 1;
else if (strcmp(*argv, "-text") == 0)
break;
case OPT_TEXT:
text = 1;
# ifndef OPENSSL_NO_DSA
else if (strcmp(*argv, "-dsaparam") == 0)
break;
case OPT_DSAPARAM:
dsaparam = 1;
# endif
else if (strcmp(*argv, "-C") == 0)
break;
case OPT_C:
C = 1;
else if (strcmp(*argv, "-noout") == 0)
noout = 1;
else if (strcmp(*argv, "-2") == 0)
break;
case OPT_2:
g = 2;
else if (strcmp(*argv, "-5") == 0)
break;
case OPT_5:
g = 5;
else if (strcmp(*argv, "-rand") == 0) {
if (--argc < 1)
goto bad;
inrand = *(++argv);
} else if (((sscanf(*argv, "%d", &num) == 0) || (num <= 0)))
goto bad;
argv++;
argc--;
break;
case OPT_NOOUT:
noout = 1;
break;
case OPT_RAND:
inrand = opt_arg();
break;
}
}
argc = opt_num_rest();
argv = opt_rest();
if (badops) {
bad:
BIO_printf(bio_err, "%s [options] [numbits]\n", prog);
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, " -inform arg input format - one of DER PEM\n");
BIO_printf(bio_err,
" -outform arg output format - one of DER PEM\n");
BIO_printf(bio_err, " -in arg input file\n");
BIO_printf(bio_err, " -out arg output file\n");
# ifndef OPENSSL_NO_DSA
BIO_printf(bio_err,
" -dsaparam read or generate DSA parameters, convert to DH\n");
# endif
BIO_printf(bio_err, " -check check the DH parameters\n");
BIO_printf(bio_err,
" -text print a text form of the DH parameters\n");
BIO_printf(bio_err, " -C Output C code\n");
BIO_printf(bio_err,
" -2 generate parameters using 2 as the generator value\n");
BIO_printf(bio_err,
" -5 generate parameters using 5 as the generator value\n");
BIO_printf(bio_err,
" numbits number of bits in to generate (default 2048)\n");
# ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,
" -engine e use engine e, possibly a hardware device.\n");
# endif
BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
LIST_SEPARATOR_CHAR);
BIO_printf(bio_err,
" - load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n");
BIO_printf(bio_err, " -noout no output\n");
if (argv[0] && (!opt_int(argv[0], &num) || num <= 0))
goto end;
}
ERR_load_crypto_strings();
# ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
setup_engine(engine, 0);
# endif
if (g && !num)
num = DEFBITS;
# ifndef OPENSSL_NO_DSA
if (dsaparam) {
if (g) {
BIO_printf(bio_err,
"generator may not be chosen for DSA parameters\n");
goto end;
}
} else
# endif
{
/* DH parameters */
if (num && !g)
g = 2;
if (dsaparam && g) {
BIO_printf(bio_err,
"generator may not be chosen for DSA parameters\n");
goto end;
}
# endif
/* DH parameters */
if (num && !g)
g = 2;
if (num) {
@ -302,7 +262,7 @@ int MAIN(int argc, char **argv)
}
BN_GENCB_set(cb, dh_cb, bio_err);
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) {
if (!app_RAND_load_file(NULL, 1) && inrand == NULL) {
BIO_printf(bio_err,
"warning, not much extra random data, consider using the -rand option\n");
}
@ -348,27 +308,13 @@ int MAIN(int argc, char **argv)
}
BN_GENCB_free(cb);
app_RAND_write_file(NULL, bio_err);
app_RAND_write_file(NULL);
} else {
in = BIO_new(BIO_s_file());
if (in == NULL) {
ERR_print_errors(bio_err);
in = bio_open_default(infile, RB(informat));
if (in == NULL)
goto end;
}
if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
if (BIO_read_filename(in, infile) <= 0) {
perror(infile);
goto end;
}
}
if (informat != FORMAT_ASN1 && informat != FORMAT_PEM) {
BIO_printf(bio_err, "bad input format specified\n");
goto end;
}
# ifndef OPENSSL_NO_DSA
if (dsaparam) {
DSA *dsa;
@ -408,25 +354,9 @@ int MAIN(int argc, char **argv)
/* dh != NULL */
}
out = BIO_new(BIO_s_file());
if (out == NULL) {
ERR_print_errors(bio_err);
out = bio_open_default(outfile, "w");
if (out == NULL)
goto end;
}
if (outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
# ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
# endif
} else {
if (BIO_write_filename(out, outfile) <= 0) {
perror(outfile);
goto end;
}
}
if (text) {
DHparams_print(out, dh);
@ -450,7 +380,7 @@ int MAIN(int argc, char **argv)
}
if (C) {
unsigned char *data;
int len, l, bits;
int len, bits;
len = BN_num_bytes(dh->p);
bits = BN_num_bits(dh->p);
@ -459,54 +389,39 @@ int MAIN(int argc, char **argv)
perror("OPENSSL_malloc");
goto end;
}
printf("#ifndef HEADER_DH_H\n"
"#include <openssl/dh.h>\n" "#endif\n");
printf("DH *get_dh%d()\n\t{\n", bits);
l = BN_bn2bin(dh->p, data);
printf("\tstatic unsigned char dh%d_p[]={", bits);
for (i = 0; i < l; i++) {
if ((i % 12) == 0)
printf("\n\t\t");
printf("0x%02X,", data[i]);
}
printf("\n\t\t};\n");
l = BN_bn2bin(dh->g, data);
printf("\tstatic unsigned char dh%d_g[]={", bits);
for (i = 0; i < l; i++) {
if ((i % 12) == 0)
printf("\n\t\t");
printf("0x%02X,", data[i]);
}
printf("\n\t\t};\n");
printf("\tDH *dh;\n\n");
printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n");
printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n",
BIO_printf(out, "#ifndef HEADER_DH_H\n"
"# include <openssl/dh.h>\n"
"#endif\n"
"\n");
BIO_printf(out, "DH *get_dh%d()\n{\n", bits);
print_bignum_var(out, dh->p, "dhp", bits, data);
print_bignum_var(out, dh->g, "dhg", bits, data);
BIO_printf(out, " DH *dh = DN_new();\n"
"\n"
" if (dh == NULL)\n"
" return NULL;\n");
BIO_printf(out, " dh->p = BN_bin2bn(dhp_%d, sizeof (dhp_%d), NULL);\n",
bits, bits);
printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n",
BIO_printf(out, " dh->g = BN_bin2bn(dhg_%d, sizeof (dhg_%d), NULL);\n",
bits, bits);
printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
printf("\t\t{ DH_free(dh); return(NULL); }\n");
BIO_printf(out, " if (!dh->p || !dh->g) {\n"
" DH_free(dh);\n"
" return NULL;\n"
" }\n");
if (dh->length)
printf("\tdh->length = %ld;\n", dh->length);
printf("\treturn(dh);\n\t}\n");
BIO_printf(out,
" dh->length = %ld;\n", dh->length);
BIO_printf(out, " return dh;\n}\n");
OPENSSL_free(data);
}
if (!noout) {
if (outformat == FORMAT_ASN1)
i = i2d_DHparams_bio(out, dh);
else if (outformat == FORMAT_PEM) {
if (dh->q)
i = PEM_write_bio_DHxparams(out, dh);
else
i = PEM_write_bio_DHparams(out, dh);
} else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
}
else if (dh->q)
i = PEM_write_bio_DHxparams(out, dh);
else
i = PEM_write_bio_DHparams(out, dh);
if (!i) {
BIO_printf(bio_err, "unable to write DH parameters\n");
ERR_print_errors(bio_err);
@ -518,11 +433,9 @@ int MAIN(int argc, char **argv)
BIO_free(in);
BIO_free_all(out);
DH_free(dh);
apps_shutdown();
OPENSSL_EXIT(ret);
return (ret);
}
/* dh_cb is identical to dsa_cb in apps/dsaparam.c */
static int dh_cb(int p, int n, BN_GENCB *cb)
{
char c = '*';

314
apps/dsa.c
View File

@ -1,4 +1,3 @@
/* apps/dsa.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -71,214 +70,145 @@
# include <openssl/pem.h>
# include <openssl/bn.h>
# undef PROG
# define PROG dsa_main
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT,
OPT_ENGINE, OPT_PVK_STRONG, OPT_PVK_WEAK,
OPT_PVK_NONE, OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_PUBIN,
OPT_PUBOUT, OPT_CIPHER, OPT_PASSIN, OPT_PASSOUT
} OPTION_CHOICE;
/*-
* -inform arg - input format - default PEM (one of DER, NET or PEM)
* -outform arg - output format - default PEM
* -in arg - input file - default stdin
* -out arg - output file - default stdout
* -des - encrypt output if PEM format with DES in cbc mode
* -des3 - encrypt output if PEM format
* -idea - encrypt output if PEM format
* -aes128 - encrypt output if PEM format
* -aes192 - encrypt output if PEM format
* -aes256 - encrypt output if PEM format
* -camellia128 - encrypt output if PEM format
* -camellia192 - encrypt output if PEM format
* -camellia256 - encrypt output if PEM format
* -seed - encrypt output if PEM format
* -text - print a text version
* -modulus - print the DSA public key
*/
OPTIONS dsa_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'F', "Input format, DER PEM PVK"},
{"outform", OPT_OUTFORM, 'F', "Output format, DER PEM PVK"},
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
# endif
{"in", OPT_IN, '<', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
{"pvk-strong", OPT_PVK_STRONG, '-'},
{"pvk-weak", OPT_PVK_WEAK, '-'},
{"pvk-none", OPT_PVK_NONE, '-'},
{"noout", OPT_NOOUT, '-', "Don't print key out"},
{"text", OPT_TEXT, '-', "Print the key in text"},
{"modulus", OPT_MODULUS, '-', "Print the DSA public value"},
{"pubin", OPT_PUBIN, '-'},
{"pubout", OPT_PUBOUT, '-'},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
{NULL}
};
int MAIN(int, char **);
int MAIN(int argc, char **argv)
int dsa_main(int argc, char **argv)
{
ENGINE *e = NULL;
int ret = 1;
BIO *out = NULL;
DSA *dsa = NULL;
int i, badops = 0;
ENGINE *e = NULL;
const EVP_CIPHER *enc = NULL;
BIO *in = NULL, *out = NULL;
int informat, outformat, text = 0, noout = 0;
int pubin = 0, pubout = 0;
char *infile, *outfile, *prog;
# ifndef OPENSSL_NO_ENGINE
char *engine;
# endif
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
int modulus = 0;
char *engine = NULL, *infile = NULL, *outfile = NULL, *prog;
char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg =
NULL;
OPTION_CHOICE o;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0;
int i, modulus = 0, pubin = 0, pubout = 0, pvk_encr = 2, ret = 1;
#ifndef OPENSSL_NO_RC4
int pvk_encr = 2;
prog = opt_init(argc, argv, dsa_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
#ifdef OPENSSL_NO_RC4
case OPT_PVK_STRONG:
case OPT_PVK_WEAK:
case OPT_PVK_NONE:
#endif
apps_startup();
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
# ifndef OPENSSL_NO_ENGINE
engine = NULL;
# endif
infile = NULL;
outfile = NULL;
informat = FORMAT_PEM;
outformat = FORMAT_PEM;
prog = argv[0];
argc--;
argv++;
while (argc >= 1) {
if (strcmp(*argv, "-inform") == 0) {
if (--argc < 1)
goto bad;
informat = str2fmt(*(++argv));
} else if (strcmp(*argv, "-outform") == 0) {
if (--argc < 1)
goto bad;
outformat = str2fmt(*(++argv));
} else if (strcmp(*argv, "-in") == 0) {
if (--argc < 1)
goto bad;
infile = *(++argv);
} else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
outfile = *(++argv);
} else if (strcmp(*argv, "-passin") == 0) {
if (--argc < 1)
goto bad;
passargin = *(++argv);
} else if (strcmp(*argv, "-passout") == 0) {
if (--argc < 1)
goto bad;
passargout = *(++argv);
}
# ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv, "-engine") == 0) {
if (--argc < 1)
goto bad;
engine = *(++argv);
}
# endif
opthelp:
ret = 0;
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(dsa_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format
(opt_arg(), OPT_FMT_PEMDER | OPT_FMT_PVK, &informat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUTFORM:
if (!opt_format
(opt_arg(), OPT_FMT_PEMDER | OPT_FMT_PVK, &outformat))
goto opthelp;
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_ENGINE:
engine = opt_arg();
break;
case OPT_PASSIN:
passinarg = opt_arg();
break;
case OPT_PASSOUT:
passoutarg = opt_arg();
break;
#ifndef OPENSSL_NO_RC4
else if (strcmp(*argv, "-pvk-strong") == 0)
case OPT_PVK_STRONG:
pvk_encr = 2;
else if (strcmp(*argv, "-pvk-weak") == 0)
break;
case OPT_PVK_WEAK:
pvk_encr = 1;
else if (strcmp(*argv, "-pvk-none") == 0)
break;
case OPT_PVK_NONE:
pvk_encr = 0;
break;
#endif
else if (strcmp(*argv, "-noout") == 0)
case OPT_NOOUT:
noout = 1;
else if (strcmp(*argv, "-text") == 0)
break;
case OPT_TEXT:
text = 1;
else if (strcmp(*argv, "-modulus") == 0)
break;
case OPT_MODULUS:
modulus = 1;
else if (strcmp(*argv, "-pubin") == 0)
break;
case OPT_PUBIN:
pubin = 1;
else if (strcmp(*argv, "-pubout") == 0)
break;
case OPT_PUBOUT:
pubout = 1;
else if ((enc = EVP_get_cipherbyname(&(argv[0][1]))) == NULL) {
BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1;
break;
case OPT_CIPHER:
if (!opt_cipher(opt_unknown(), &enc))
goto end;
break;
}
argc--;
argv++;
}
if (badops) {
bad:
BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, " -inform arg input format - DER or PEM\n");
BIO_printf(bio_err, " -outform arg output format - DER or PEM\n");
BIO_printf(bio_err, " -in arg input file\n");
BIO_printf(bio_err,
" -passin arg input file pass phrase source\n");
BIO_printf(bio_err, " -out arg output file\n");
BIO_printf(bio_err,
" -passout arg output file pass phrase source\n");
# ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,
" -engine e use engine e, possibly a hardware device.\n");
# endif
BIO_printf(bio_err,
" -des encrypt PEM output with cbc des\n");
BIO_printf(bio_err,
" -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
# ifndef OPENSSL_NO_IDEA
BIO_printf(bio_err,
" -idea encrypt PEM output with cbc idea\n");
# endif
# ifndef OPENSSL_NO_AES
BIO_printf(bio_err, " -aes128, -aes192, -aes256\n");
BIO_printf(bio_err,
" encrypt PEM output with cbc aes\n");
# endif
# ifndef OPENSSL_NO_CAMELLIA
BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n");
BIO_printf(bio_err,
" encrypt PEM output with cbc camellia\n");
# endif
# ifndef OPENSSL_NO_SEED
BIO_printf(bio_err,
" -seed encrypt PEM output with cbc seed\n");
# endif
BIO_printf(bio_err, " -text print the key in text\n");
BIO_printf(bio_err, " -noout don't print key out\n");
BIO_printf(bio_err, " -modulus print the DSA public value\n");
goto end;
}
ERR_load_crypto_strings();
argc = opt_num_rest();
argv = opt_rest();
# ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
e = setup_engine(engine, 0);
# endif
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL)) {
ERR_print_errors(bio_err);
goto end;
}
if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
if (BIO_read_filename(in, infile) <= 0) {
perror(infile);
goto end;
}
}
BIO_printf(bio_err, "read DSA key\n");
{
EVP_PKEY *pkey;
if (pubin)
pkey = load_pubkey(bio_err, infile, informat, 1,
passin, e, "Public Key");
pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key");
else
pkey = load_key(bio_err, infile, informat, 1,
passin, e, "Private Key");
pkey = load_key(infile, informat, 1, passin, e, "Private Key");
if (pkey) {
dsa = EVP_PKEY_get1_DSA(pkey);
@ -291,20 +221,9 @@ int MAIN(int argc, char **argv)
goto end;
}
if (outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
# ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
# endif
} else {
if (BIO_write_filename(out, outfile) <= 0) {
perror(outfile);
goto end;
}
}
out = bio_open_default(outfile, "w");
if (out == NULL)
goto end;
if (text)
if (!DSA_print(out, dsa, 0)) {
@ -314,13 +233,15 @@ int MAIN(int argc, char **argv)
}
if (modulus) {
fprintf(stdout, "Public Key=");
BIO_printf(out, "Public Key=");
BN_print(out, dsa->pub_key);
fprintf(stdout, "\n");
BIO_printf(out, "\n");
}
if (noout)
if (noout) {
ret = 0;
goto end;
}
BIO_printf(bio_err, "writing DSA key\n");
if (outformat == FORMAT_ASN1) {
if (pubin || pubout)
@ -353,18 +274,17 @@ int MAIN(int argc, char **argv)
if (i <= 0) {
BIO_printf(bio_err, "unable to write private key\n");
ERR_print_errors(bio_err);
} else
ret = 0;
goto end;
}
ret = 0;
end:
BIO_free(in);
BIO_free_all(out);
DSA_free(dsa);
if (passin)
OPENSSL_free(passin);
if (passout)
OPENSSL_free(passout);
apps_shutdown();
OPENSSL_EXIT(ret);
return (ret);
}
#else /* !OPENSSL_NO_DSA */

329
apps/dsaparam.c
View File

@ -1,4 +1,3 @@
/* apps/dsaparam.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -72,24 +71,6 @@
# include <openssl/x509.h>
# include <openssl/pem.h>
# undef PROG
# define PROG dsaparam_main
/*-
* -inform arg - input format - default PEM (DER or PEM)
* -outform arg - output format - default PEM
* -in arg - input file - default stdin
* -out arg - output file - default stdout
* -noout
* -text
* -C
* -noout
* -genkey
* #ifdef GENCB_TEST
* -timebomb n - interrupt keygen after <n> seconds
* #endif
*/
# ifdef GENCB_TEST
static int stop_keygen_flag = 0;
@ -103,169 +84,129 @@ static void timebomb_sigalarm(int foo)
static int dsa_cb(int p, int n, BN_GENCB *cb);
int MAIN(int, char **);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, OPT_C,
OPT_NOOUT, OPT_GENKEY, OPT_RAND, OPT_NON_FIPS_ALLOW, OPT_ENGINE,
OPT_TIMEBOMB
} OPTION_CHOICE;
int MAIN(int argc, char **argv)
OPTIONS dsaparam_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
{"in", OPT_IN, '<', "Input file"},
{"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
{"out", OPT_OUT, '>', "Output file"},
{"text", OPT_TEXT, '-', "Print as text"},
{"C", OPT_C, '-', "Output C code"},
{"noout", OPT_NOOUT, '-', "No output"},
{"genkey", OPT_GENKEY, '-', "Generate a DSA key"},
{"rand", OPT_RAND, 's', "Files to use for random number input"},
{"non-fips-allow", OPT_NON_FIPS_ALLOW, '-'},
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
# endif
# ifdef GENCB_TEST
{"timebomb", OPT_TIMEBOMB, 'p', "Interrupt keygen after 'pnum' seconds"},
# endif
{NULL}
};
int dsaparam_main(int argc, char **argv)
{
DSA *dsa = NULL;
int i, badops = 0, text = 0;
BIO *in = NULL, *out = NULL;
int informat, outformat, noout = 0, C = 0, ret = 1;
char *infile, *outfile, *prog, *inrand = NULL;
int numbits = -1, num, genkey = 0;
int need_rand = 0;
int non_fips_allow = 0;
BN_GENCB *cb = NULL;
# ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
# endif
int numbits = -1, num, genkey = 0, need_rand = 0, non_fips_allow = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0, C = 0, ret =
1;
int i, text = 0;
# ifdef GENCB_TEST
int timebomb = 0;
# endif
char *infile = NULL, *outfile = NULL, *prog, *inrand = NULL, *engine =
NULL;
OPTION_CHOICE o;
apps_startup();
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
infile = NULL;
outfile = NULL;
informat = FORMAT_PEM;
outformat = FORMAT_PEM;
prog = argv[0];
argc--;
argv++;
while (argc >= 1) {
if (strcmp(*argv, "-inform") == 0) {
if (--argc < 1)
goto bad;
informat = str2fmt(*(++argv));
} else if (strcmp(*argv, "-outform") == 0) {
if (--argc < 1)
goto bad;
outformat = str2fmt(*(++argv));
} else if (strcmp(*argv, "-in") == 0) {
if (--argc < 1)
goto bad;
infile = *(++argv);
} else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
outfile = *(++argv);
}
# ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv, "-engine") == 0) {
if (--argc < 1)
goto bad;
engine = *(++argv);
}
# endif
prog = opt_init(argc, argv, dsaparam_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(dsaparam_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_ENGINE:
engine = opt_arg();
break;
case OPT_TIMEBOMB:
# ifdef GENCB_TEST
else if (strcmp(*argv, "-timebomb") == 0) {
if (--argc < 1)
goto bad;
timebomb = atoi(*(++argv));
}
timebomb = atoi(opt_arg());
break;
# endif
else if (strcmp(*argv, "-text") == 0)
case OPT_TEXT:
text = 1;
else if (strcmp(*argv, "-C") == 0)
break;
case OPT_C:
C = 1;
else if (strcmp(*argv, "-genkey") == 0) {
genkey = 1;
break;
case OPT_GENKEY:
genkey = need_rand = 1;
break;
case OPT_RAND:
inrand = opt_arg();
need_rand = 1;
} else if (strcmp(*argv, "-rand") == 0) {
if (--argc < 1)
goto bad;
inrand = *(++argv);
need_rand = 1;
} else if (strcmp(*argv, "-noout") == 0)
break;
case OPT_NOOUT:
noout = 1;
else if (strcmp(*argv, "-non-fips-allow") == 0)
break;
case OPT_NON_FIPS_ALLOW:
non_fips_allow = 1;
else if (sscanf(*argv, "%d", &num) == 1) {
/* generate a key */
numbits = num;
need_rand = 1;
} else {
BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1;
break;
}
argc--;
argv++;
}
argc = opt_num_rest();
argv = opt_rest();
if (badops) {
bad:
BIO_printf(bio_err, "%s [options] [bits] <infile >outfile\n", prog);
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, " -inform arg input format - DER or PEM\n");
BIO_printf(bio_err, " -outform arg output format - DER or PEM\n");
BIO_printf(bio_err, " -in arg input file\n");
BIO_printf(bio_err, " -out arg output file\n");
BIO_printf(bio_err, " -text print as text\n");
BIO_printf(bio_err, " -C Output C code\n");
BIO_printf(bio_err, " -noout no output\n");
BIO_printf(bio_err, " -genkey generate a DSA key\n");
BIO_printf(bio_err,
" -rand files to use for random number input\n");
# ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,
" -engine e use engine e, possibly a hardware device.\n");
# endif
# ifdef GENCB_TEST
BIO_printf(bio_err,
" -timebomb n interrupt keygen after <n> seconds\n");
# endif
BIO_printf(bio_err,
" number number of bits to use for generating private key\n");
goto end;
}
ERR_load_crypto_strings();
in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL)) {
ERR_print_errors(bio_err);
goto end;
}
if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
if (BIO_read_filename(in, infile) <= 0) {
perror(infile);
if (argc == 1) {
if (!opt_int(argv[0], &num))
goto end;
}
}
if (outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
# ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
# endif
} else {
if (BIO_write_filename(out, outfile) <= 0) {
perror(outfile);
goto end;
}
/* generate a key */
numbits = num;
need_rand = 1;
}
in = bio_open_default(infile, "r");
if (in == NULL)
goto end;
out = bio_open_default(outfile, "w");
if (out == NULL)
goto end;
# ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
setup_engine(engine, 0);
# endif
if (need_rand) {
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
app_RAND_load_file(NULL, (inrand != NULL));
if (inrand != NULL)
BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
@ -319,12 +260,8 @@ int MAIN(int argc, char **argv)
}
} else if (informat == FORMAT_ASN1)
dsa = d2i_DSAparams_bio(in, NULL);
else if (informat == FORMAT_PEM)
else
dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL);
else {
BIO_printf(bio_err, "bad input format specified\n");
goto end;
}
if (dsa == NULL) {
BIO_printf(bio_err, "unable to load DSA parameters\n");
ERR_print_errors(bio_err);
@ -337,7 +274,7 @@ int MAIN(int argc, char **argv)
if (C) {
unsigned char *data;
int l, len, bits_p;
int len, bits_p;
len = BN_num_bytes(dsa->p);
bits_p = BN_num_bits(dsa->p);
@ -346,57 +283,33 @@ int MAIN(int argc, char **argv)
perror("OPENSSL_malloc");
goto end;
}
l = BN_bn2bin(dsa->p, data);
printf("static unsigned char dsa%d_p[]={", bits_p);
for (i = 0; i < l; i++) {
if ((i % 12) == 0)
printf("\n\t");
printf("0x%02X,", data[i]);
}
printf("\n\t};\n");
l = BN_bn2bin(dsa->q, data);
printf("static unsigned char dsa%d_q[]={", bits_p);
for (i = 0; i < l; i++) {
if ((i % 12) == 0)
printf("\n\t");
printf("0x%02X,", data[i]);
}
printf("\n\t};\n");
l = BN_bn2bin(dsa->g, data);
printf("static unsigned char dsa%d_g[]={", bits_p);
for (i = 0; i < l; i++) {
if ((i % 12) == 0)
printf("\n\t");
printf("0x%02X,", data[i]);
}
printf("\n\t};\n\n");
printf("DSA *get_dsa%d()\n\t{\n", bits_p);
printf("\tDSA *dsa;\n\n");
printf("\tif ((dsa=DSA_new()) == NULL) return(NULL);\n");
printf("\tdsa->p=BN_bin2bn(dsa%d_p,sizeof(dsa%d_p),NULL);\n",
BIO_printf(bio_out, "DSA *get_dsa%d()\n{\n", bits_p);
print_bignum_var(bio_out, dsa->p, "dsap", len, data);
print_bignum_var(bio_out, dsa->q, "dsaq", len, data);
print_bignum_var(bio_out, dsa->g, "dsag", len, data);
BIO_printf(bio_out, " DSA *dsa = DSA_new();\n"
"\n");
BIO_printf(bio_out, " if (dsa == NULL)\n"
" return NULL;\n");
BIO_printf(bio_out, " dsa->p = BN_bin2bn(dsap_%d, sizeof (dsap_%d), NULL);\n",
bits_p, bits_p);
printf("\tdsa->q=BN_bin2bn(dsa%d_q,sizeof(dsa%d_q),NULL);\n",
BIO_printf(bio_out, " dsa->q = BN_bin2bn(dsaq_%d, sizeof (dsaq_%d), NULL);\n",
bits_p, bits_p);
printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n",
BIO_printf(bio_out, " dsa->g = BN_bin2bn(dsag_%d, sizeof (dsag_%d), NULL);\n",
bits_p, bits_p);
printf
("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n");
printf("\t\t{ DSA_free(dsa); return(NULL); }\n");
printf("\treturn(dsa);\n\t}\n");
BIO_printf(bio_out, " if (!dsa->p || !dsa->q || !dsa->g) {\n"
" DSA_free(dsa);\n"
" return NULL;\n"
" }\n"
" return(dsa);\n}\n");
}
if (!noout) {
if (outformat == FORMAT_ASN1)
i = i2d_DSAparams_bio(out, dsa);
else if (outformat == FORMAT_PEM)
else
i = PEM_write_bio_DSAparams(out, dsa);
else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
}
if (!i) {
BIO_printf(bio_err, "unable to write DSA parameters\n");
ERR_print_errors(bio_err);
@ -418,18 +331,13 @@ int MAIN(int argc, char **argv)
}
if (outformat == FORMAT_ASN1)
i = i2d_DSAPrivateKey_bio(out, dsakey);
else if (outformat == FORMAT_PEM)
else
i = PEM_write_bio_DSAPrivateKey(out, dsakey, NULL, NULL, 0, NULL,
NULL);
else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
DSA_free(dsakey);
goto end;
}
DSA_free(dsakey);
}
if (need_rand)
app_RAND_write_file(NULL, bio_err);
app_RAND_write_file(NULL);
ret = 0;
end:
if (cb != NULL)
@ -437,8 +345,7 @@ int MAIN(int argc, char **argv)
BIO_free(in);
BIO_free_all(out);
DSA_free(dsa);
apps_shutdown();
OPENSSL_EXIT(ret);
return (ret);
}
static int dsa_cb(int p, int n, BN_GENCB *cb)

311
apps/ec.c
View File

@ -1,4 +1,3 @@
/* apps/ec.c */
/*
* Written by Nils Larsch for the OpenSSL project.
*/
@ -67,198 +66,146 @@
# include <openssl/evp.h>
# include <openssl/pem.h>
# undef PROG
# define PROG ec_main
static OPT_PAIR conv_forms[] = {
{"compressed", POINT_CONVERSION_COMPRESSED},
{"uncompressed", POINT_CONVERSION_UNCOMPRESSED},
{"hybrid", POINT_CONVERSION_HYBRID},
{NULL}
};
/*-
* -inform arg - input format - default PEM (one of DER, NET or PEM)
* -outform arg - output format - default PEM
* -in arg - input file - default stdin
* -out arg - output file - default stdout
* -des - encrypt output if PEM format with DES in cbc mode
* -text - print a text version
* -param_out - print the elliptic curve parameters
* -conv_form arg - specifies the point encoding form
* -param_enc arg - specifies the parameter encoding
*/
static OPT_PAIR param_enc[] = {
{"named_curve", OPENSSL_EC_NAMED_CURVE},
{"explicit", 0},
{NULL}
};
int MAIN(int, char **);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
OPT_NOOUT, OPT_TEXT, OPT_PARAM_OUT, OPT_PUBIN, OPT_PUBOUT,
OPT_PASSIN, OPT_PASSOUT, OPT_PARAM_ENC, OPT_CONV_FORM, OPT_CIPHER
} OPTION_CHOICE;
int MAIN(int argc, char **argv)
OPTIONS ec_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"in", OPT_IN, '<', "Input file"},
{"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
{"out", OPT_OUT, '>', "Output file"},
{"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
{"noout", OPT_NOOUT, '-', "Don't print key out"},
{"text", OPT_TEXT, '-', "Print the key"},
{"param_out", OPT_PARAM_OUT, '-', "Print the elliptic curve parameters"},
{"pubin", OPT_PUBIN, '-'},
{"pubout", OPT_PUBOUT, '-'},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
{"param_enc", OPT_PARAM_ENC, 's',
"Specifies the way the ec parameters are encoded"},
{"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "},
{"", OPT_CIPHER, '-', "Any supported cipher"},
{NULL}
};
int ec_main(int argc, char **argv)
{
int ret = 1;
BIO *in = NULL, *out = NULL;
EC_KEY *eckey = NULL;
const EC_GROUP *group;
int i, badops = 0;
const EVP_CIPHER *enc = NULL;
BIO *in = NULL, *out = NULL;
int informat, outformat, text = 0, noout = 0;
int pubin = 0, pubout = 0, param_out = 0;
char *infile, *outfile, *prog, *engine;
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
int new_form = 0;
int asn1_flag = OPENSSL_EC_NAMED_CURVE;
int new_asn1_flag = 0;
char *infile = NULL, *outfile = NULL, *prog, *engine = NULL;
char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg =
NULL;
OPTION_CHOICE o;
int asn1_flag = OPENSSL_EC_NAMED_CURVE, new_form = 0, new_asn1_flag = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0;
int pubin = 0, pubout = 0, param_out = 0, i, ret = 1;
apps_startup();
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
engine = NULL;
infile = NULL;
outfile = NULL;
informat = FORMAT_PEM;
outformat = FORMAT_PEM;
prog = argv[0];
argc--;
argv++;
while (argc >= 1) {
if (strcmp(*argv, "-inform") == 0) {
if (--argc < 1)
goto bad;
informat = str2fmt(*(++argv));
} else if (strcmp(*argv, "-outform") == 0) {
if (--argc < 1)
goto bad;
outformat = str2fmt(*(++argv));
} else if (strcmp(*argv, "-in") == 0) {
if (--argc < 1)
goto bad;
infile = *(++argv);
} else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
outfile = *(++argv);
} else if (strcmp(*argv, "-passin") == 0) {
if (--argc < 1)
goto bad;
passargin = *(++argv);
} else if (strcmp(*argv, "-passout") == 0) {
if (--argc < 1)
goto bad;
passargout = *(++argv);
} else if (strcmp(*argv, "-engine") == 0) {
if (--argc < 1)
goto bad;
engine = *(++argv);
} else if (strcmp(*argv, "-noout") == 0)
prog = opt_init(argc, argv, ec_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(ec_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_NOOUT:
noout = 1;
else if (strcmp(*argv, "-text") == 0)
break;
case OPT_TEXT:
text = 1;
else if (strcmp(*argv, "-conv_form") == 0) {
if (--argc < 1)
goto bad;
++argv;
new_form = 1;
if (strcmp(*argv, "compressed") == 0)
form = POINT_CONVERSION_COMPRESSED;
else if (strcmp(*argv, "uncompressed") == 0)
form = POINT_CONVERSION_UNCOMPRESSED;
else if (strcmp(*argv, "hybrid") == 0)
form = POINT_CONVERSION_HYBRID;
else
goto bad;
} else if (strcmp(*argv, "-param_enc") == 0) {
if (--argc < 1)
goto bad;
++argv;
new_asn1_flag = 1;
if (strcmp(*argv, "named_curve") == 0)
asn1_flag = OPENSSL_EC_NAMED_CURVE;
else if (strcmp(*argv, "explicit") == 0)
asn1_flag = 0;
else
goto bad;
} else if (strcmp(*argv, "-param_out") == 0)
break;
case OPT_PARAM_OUT:
param_out = 1;
else if (strcmp(*argv, "-pubin") == 0)
break;
case OPT_PUBIN:
pubin = 1;
else if (strcmp(*argv, "-pubout") == 0)
break;
case OPT_PUBOUT:
pubout = 1;
else if ((enc = EVP_get_cipherbyname(&(argv[0][1]))) == NULL) {
BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1;
break;
case OPT_PASSIN:
passinarg = opt_arg();
break;
case OPT_PASSOUT:
passoutarg = opt_arg();
break;
case OPT_ENGINE:
engine = opt_arg();
break;
case OPT_CIPHER:
if (!opt_cipher(opt_unknown(), &enc))
goto opthelp;
case OPT_CONV_FORM:
if (!opt_pair(opt_arg(), conv_forms, &i))
goto opthelp;
new_form = 1;
form = i;
break;
case OPT_PARAM_ENC:
if (!opt_pair(opt_arg(), param_enc, &i))
goto opthelp;
new_asn1_flag = 1;
asn1_flag = i;
break;
}
argc--;
argv++;
}
if (badops) {
bad:
BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, " -inform arg input format - "
"DER or PEM\n");
BIO_printf(bio_err, " -outform arg output format - "
"DER or PEM\n");
BIO_printf(bio_err, " -in arg input file\n");
BIO_printf(bio_err, " -passin arg input file pass "
"phrase source\n");
BIO_printf(bio_err, " -out arg output file\n");
BIO_printf(bio_err, " -passout arg output file pass "
"phrase source\n");
BIO_printf(bio_err, " -engine e use engine e, "
"possibly a hardware device.\n");
BIO_printf(bio_err, " -des encrypt PEM output, "
"instead of 'des' every other \n"
" cipher "
"supported by OpenSSL can be used\n");
BIO_printf(bio_err, " -text print the key\n");
BIO_printf(bio_err, " -noout don't print key out\n");
BIO_printf(bio_err, " -param_out print the elliptic "
"curve parameters\n");
BIO_printf(bio_err, " -conv_form arg specifies the "
"point conversion form \n");
BIO_printf(bio_err, " possible values:"
" compressed\n");
BIO_printf(bio_err, " "
" uncompressed (default)\n");
BIO_printf(bio_err, " " " hybrid\n");
BIO_printf(bio_err, " -param_enc arg specifies the way"
" the ec parameters are encoded\n");
BIO_printf(bio_err, " in the asn1 der " "encoding\n");
BIO_printf(bio_err, " possible values:"
" named_curve (default)\n");
BIO_printf(bio_err, " "
"explicit\n");
goto end;
}
ERR_load_crypto_strings();
argc = opt_num_rest();
argv = opt_rest();
# ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
setup_engine(engine, 0);
# endif
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL)) {
ERR_print_errors(bio_err);
in = bio_open_default(infile, RB(informat));
if (in == NULL)
goto end;
}
if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
if (BIO_read_filename(in, infile) <= 0) {
perror(infile);
goto end;
}
}
BIO_printf(bio_err, "read EC key\n");
if (informat == FORMAT_ASN1) {
@ -266,14 +213,11 @@ int MAIN(int argc, char **argv)
eckey = d2i_EC_PUBKEY_bio(in, NULL);
else
eckey = d2i_ECPrivateKey_bio(in, NULL);
} else if (informat == FORMAT_PEM) {
} else {
if (pubin)
eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, NULL);
else
eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL, passin);
} else {
BIO_printf(bio_err, "bad input format specified for key\n");
goto end;
}
if (eckey == NULL) {
BIO_printf(bio_err, "unable to load Key\n");
@ -281,20 +225,9 @@ int MAIN(int argc, char **argv)
goto end;
}
if (outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
# ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
# endif
} else {
if (BIO_write_filename(out, outfile) <= 0) {
perror(outfile);
goto end;
}
}
out = bio_open_default(outfile, WB(outformat));
if (out == NULL)
goto end;
group = EC_KEY_get0_group(eckey);
@ -324,7 +257,7 @@ int MAIN(int argc, char **argv)
i = i2d_EC_PUBKEY_bio(out, eckey);
else
i = i2d_ECPrivateKey_bio(out, eckey);
} else if (outformat == FORMAT_PEM) {
} else {
if (param_out)
i = PEM_write_bio_ECPKParameters(out, group);
else if (pubin || pubout)
@ -332,9 +265,6 @@ int MAIN(int argc, char **argv)
else
i = PEM_write_bio_ECPrivateKey(out, eckey, enc,
NULL, 0, NULL, passout);
} else {
BIO_printf(bio_err, "bad output format specified for " "outfile\n");
goto end;
}
if (!i) {
@ -350,8 +280,7 @@ int MAIN(int argc, char **argv)
OPENSSL_free(passin);
if (passout)
OPENSSL_free(passout);
apps_shutdown();
OPENSSL_EXIT(ret);
return (ret);
}
#else /* !OPENSSL_NO_EC */

506
apps/ecparam.c
View File

@ -1,4 +1,3 @@
/* apps/ecparam.c */
/*
* Written by Nils Larsch for the OpenSSL project.
*/
@ -84,235 +83,152 @@
# include <openssl/x509.h>
# include <openssl/pem.h>
# undef PROG
# define PROG ecparam_main
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, OPT_C,
OPT_CHECK, OPT_LIST_CURVES, OPT_NO_SEED, OPT_NOOUT, OPT_NAME,
OPT_CONV_FORM, OPT_PARAM_ENC, OPT_GENKEY, OPT_RAND, OPT_ENGINE
} OPTION_CHOICE;
/*-
* -inform arg - input format - default PEM (DER or PEM)
* -outform arg - output format - default PEM
* -in arg - input file - default stdin
* -out arg - output file - default stdout
* -noout - do not print the ec parameter
* -text - print the ec parameters in text form
* -check - validate the ec parameters
* -C - print a 'C' function creating the parameters
* -name arg - use the ec parameters with 'short name' name
* -list_curves - prints a list of all currently available curve 'short names'
* -conv_form arg - specifies the point conversion form
* - possible values: compressed
* uncompressed (default)
* hybrid
* -param_enc arg - specifies the way the ec parameters are encoded
* in the asn1 der encoding
* possible values: named_curve (default)
* explicit
* -no_seed - if 'explicit' parameters are chosen do not use the seed
* -genkey - generate ec key
* -rand file - files to use for random number input
* -engine e - use engine e, possibly a hardware device
*/
OPTIONS ecparam_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'F', "Input format - default PEM (DER or PEM)"},
{"outform", OPT_OUTFORM, 'F', "Output format - default PEM"},
{"in", OPT_IN, '<', "Input file - default stdin"},
{"out", OPT_OUT, '>', "Output file - default stdout"},
{"text", OPT_TEXT, '-', "Print the ec parameters in text form"},
{"C", OPT_C, '-', "Print a 'C' function creating the parameters"},
{"check", OPT_CHECK, '-', "Validate the ec parameters"},
{"list_curves", OPT_LIST_CURVES, '-',
"Prints a list of all curve 'short names'"},
{"no_seed", OPT_NO_SEED, '-',
"If 'explicit' parameters are chosen do not use the seed"},
{"noout", OPT_NOOUT, '-', "Do not print the ec parameter"},
{"name", OPT_NAME, 's',
"Use the ec parameters with specified 'short name'"},
{"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "},
{"param_enc", OPT_PARAM_ENC, 's',
"Specifies the way the ec parameters are encoded"},
{"genkey", OPT_GENKEY, '-', "Generate ec key"},
{"rand", OPT_RAND, 's', "Files to use for random number input"},
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
{NULL}
};
static int ecparam_print_var(BIO *, BIGNUM *, const char *, int,
unsigned char *);
OPT_PAIR forms[] = {
{"compressed", POINT_CONVERSION_COMPRESSED},
{"uncompressed", POINT_CONVERSION_UNCOMPRESSED},
{"hybrid", POINT_CONVERSION_HYBRID},
{NULL}
};
int MAIN(int, char **);
OPT_PAIR encodings[] = {
{"named_curve", OPENSSL_EC_NAMED_CURVE},
{"explicit", 0},
{NULL}
};
int MAIN(int argc, char **argv)
int ecparam_main(int argc, char **argv)
{
BIGNUM *ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL;
BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL;
BIO *in = NULL, *out = NULL;
EC_GROUP *group = NULL;
point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
int new_form = 0;
int asn1_flag = OPENSSL_EC_NAMED_CURVE;
int new_asn1_flag = 0;
char *curve_name = NULL, *inrand = NULL;
int list_curves = 0, no_seed = 0, check = 0,
badops = 0, text = 0, i, need_rand = 0, genkey = 0;
char *infile = NULL, *outfile = NULL, *prog;
BIO *in = NULL, *out = NULL;
int informat, outformat, noout = 0, C = 0, ret = 1;
char *engine = NULL;
BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL,
*ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL;
char *engine = NULL, *infile = NULL, *outfile = NULL, *prog;
unsigned char *buffer = NULL;
OPTION_CHOICE o;
int asn1_flag = OPENSSL_EC_NAMED_CURVE, new_asn1_flag = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0, C = 0, ret =
1;
int list_curves = 0, no_seed = 0, check = 0, new_form = 0;
int text = 0, i, need_rand = 0, genkey = 0;
apps_startup();
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
informat = FORMAT_PEM;
outformat = FORMAT_PEM;
prog = argv[0];
argc--;
argv++;
while (argc >= 1) {
if (strcmp(*argv, "-inform") == 0) {
if (--argc < 1)
goto bad;
informat = str2fmt(*(++argv));
} else if (strcmp(*argv, "-outform") == 0) {
if (--argc < 1)
goto bad;
outformat = str2fmt(*(++argv));
} else if (strcmp(*argv, "-in") == 0) {
if (--argc < 1)
goto bad;
infile = *(++argv);
} else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
outfile = *(++argv);
} else if (strcmp(*argv, "-text") == 0)
prog = opt_init(argc, argv, ecparam_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(ecparam_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_TEXT:
text = 1;
else if (strcmp(*argv, "-C") == 0)
break;
case OPT_C:
C = 1;
else if (strcmp(*argv, "-check") == 0)
break;
case OPT_CHECK:
check = 1;
else if (strcmp(*argv, "-name") == 0) {
if (--argc < 1)
goto bad;
curve_name = *(++argv);
} else if (strcmp(*argv, "-list_curves") == 0)
break;
case OPT_LIST_CURVES:
list_curves = 1;
else if (strcmp(*argv, "-conv_form") == 0) {
if (--argc < 1)
goto bad;
++argv;
new_form = 1;
if (strcmp(*argv, "compressed") == 0)
form = POINT_CONVERSION_COMPRESSED;
else if (strcmp(*argv, "uncompressed") == 0)
form = POINT_CONVERSION_UNCOMPRESSED;
else if (strcmp(*argv, "hybrid") == 0)
form = POINT_CONVERSION_HYBRID;
else
goto bad;
} else if (strcmp(*argv, "-param_enc") == 0) {
if (--argc < 1)
goto bad;
++argv;
new_asn1_flag = 1;
if (strcmp(*argv, "named_curve") == 0)
asn1_flag = OPENSSL_EC_NAMED_CURVE;
else if (strcmp(*argv, "explicit") == 0)
asn1_flag = 0;
else
goto bad;
} else if (strcmp(*argv, "-no_seed") == 0)
break;
case OPT_NO_SEED:
no_seed = 1;
else if (strcmp(*argv, "-noout") == 0)
break;
case OPT_NOOUT:
noout = 1;
else if (strcmp(*argv, "-genkey") == 0) {
genkey = 1;
break;
case OPT_NAME:
curve_name = opt_arg();
break;
case OPT_CONV_FORM:
if (!opt_pair(opt_arg(), forms, &new_form))
goto opthelp;
form = new_form;
new_form = 1;
break;
case OPT_PARAM_ENC:
if (!opt_pair(opt_arg(), encodings, &asn1_flag))
goto opthelp;
new_asn1_flag = 1;
break;
case OPT_GENKEY:
genkey = need_rand = 1;
break;
case OPT_RAND:
inrand = opt_arg();
need_rand = 1;
} else if (strcmp(*argv, "-rand") == 0) {
if (--argc < 1)
goto bad;
inrand = *(++argv);
need_rand = 1;
} else if (strcmp(*argv, "-engine") == 0) {
if (--argc < 1)
goto bad;
engine = *(++argv);
} else {
BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1;
break;
case OPT_ENGINE:
engine = opt_arg();
break;
}
argc--;
argv++;
}
argc = opt_num_rest();
argv = opt_rest();
if (badops) {
bad:
BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, " -inform arg input format - "
"default PEM (DER or PEM)\n");
BIO_printf(bio_err, " -outform arg output format - "
"default PEM\n");
BIO_printf(bio_err, " -in arg input file - "
"default stdin\n");
BIO_printf(bio_err, " -out arg output file - "
"default stdout\n");
BIO_printf(bio_err, " -noout do not print the "
"ec parameter\n");
BIO_printf(bio_err, " -text print the ec "
"parameters in text form\n");
BIO_printf(bio_err, " -check validate the ec "
"parameters\n");
BIO_printf(bio_err, " -C print a 'C' "
"function creating the parameters\n");
BIO_printf(bio_err, " -name arg use the "
"ec parameters with 'short name' name\n");
BIO_printf(bio_err, " -list_curves prints a list of "
"all currently available curve 'short names'\n");
BIO_printf(bio_err, " -conv_form arg specifies the "
"point conversion form \n");
BIO_printf(bio_err, " possible values:"
" compressed\n");
BIO_printf(bio_err, " "
" uncompressed (default)\n");
BIO_printf(bio_err, " "
" hybrid\n");
BIO_printf(bio_err, " -param_enc arg specifies the way"
" the ec parameters are encoded\n");
BIO_printf(bio_err, " in the asn1 der "
"encoding\n");
BIO_printf(bio_err, " possible values:"
" named_curve (default)\n");
BIO_printf(bio_err, " "
" explicit\n");
BIO_printf(bio_err, " -no_seed if 'explicit'"
" parameters are chosen do not" " use the seed\n");
BIO_printf(bio_err, " -genkey generate ec" " key\n");
BIO_printf(bio_err, " -rand file files to use for"
" random number input\n");
BIO_printf(bio_err, " -engine e use engine e, "
"possibly a hardware device\n");
in = bio_open_default(infile, RB(informat));
if (in == NULL)
goto end;
}
ERR_load_crypto_strings();
in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL)) {
ERR_print_errors(bio_err);
out = bio_open_default(outfile, WB(outformat));
if (out == NULL)
goto end;
}
if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
if (BIO_read_filename(in, infile) <= 0) {
perror(infile);
goto end;
}
}
if (outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
# ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
# endif
} else {
if (BIO_write_filename(out, outfile) <= 0) {
perror(outfile);
goto end;
}
}
# ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
setup_engine(engine, 0);
# endif
if (list_curves) {
@ -385,15 +301,10 @@ int MAIN(int argc, char **argv)
}
EC_GROUP_set_asn1_flag(group, asn1_flag);
EC_GROUP_set_point_conversion_form(group, form);
} else if (informat == FORMAT_ASN1) {
} else if (informat == FORMAT_ASN1)
group = d2i_ECPKParameters_bio(in, NULL);
} else if (informat == FORMAT_PEM) {
else
group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL);
} else {
BIO_printf(bio_err, "bad input format specified\n");
goto end;
}
if (group == NULL) {
BIO_printf(bio_err, "unable to load elliptic curve parameters\n");
ERR_print_errors(bio_err);
@ -433,24 +344,25 @@ int MAIN(int argc, char **argv)
int is_prime, len = 0;
const EC_METHOD *meth = EC_GROUP_method_of(group);
if ((ec_p = BN_new()) == NULL || (ec_a = BN_new()) == NULL ||
(ec_b = BN_new()) == NULL || (ec_gen = BN_new()) == NULL ||
(ec_order = BN_new()) == NULL ||
(ec_cofactor = BN_new()) == NULL) {
if ((ec_p = BN_new()) == NULL
|| (ec_a = BN_new()) == NULL
|| (ec_b = BN_new()) == NULL
|| (ec_gen = BN_new()) == NULL
|| (ec_order = BN_new()) == NULL
|| (ec_cofactor = BN_new()) == NULL) {
perror("OPENSSL_malloc");
goto end;
}
is_prime = (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field);
if (is_prime) {
if (!EC_GROUP_get_curve_GFp(group, ec_p, ec_a, ec_b, NULL))
goto end;
} else {
/* TODO */
if (!is_prime) {
BIO_printf(bio_err, "Can only handle X9.62 prime fields\n");
goto end;
}
if (!EC_GROUP_get_curve_GFp(group, ec_p, ec_a, ec_b, NULL))
goto end;
if ((point = EC_GROUP_get0_generator(group)) == NULL)
goto end;
if (!EC_POINT_point2bn(group, point,
@ -487,77 +399,62 @@ int MAIN(int argc, char **argv)
goto end;
}
ecparam_print_var(out, ec_p, "ec_p", len, buffer);
ecparam_print_var(out, ec_a, "ec_a", len, buffer);
ecparam_print_var(out, ec_b, "ec_b", len, buffer);
ecparam_print_var(out, ec_gen, "ec_gen", len, buffer);
ecparam_print_var(out, ec_order, "ec_order", len, buffer);
ecparam_print_var(out, ec_cofactor, "ec_cofactor", len, buffer);
BIO_printf(out, "EC_GROUP *get_ec_group_%d(void)\n{\n", len);
print_bignum_var(out, ec_p, "ec_p", len, buffer);
print_bignum_var(out, ec_a, "ec_a", len, buffer);
print_bignum_var(out, ec_b, "ec_b", len, buffer);
print_bignum_var(out, ec_gen, "ec_gen", len, buffer);
print_bignum_var(out, ec_order, "ec_order", len, buffer);
print_bignum_var(out, ec_cofactor, "ec_cofactor", len, buffer);
BIO_printf(out, " int ok = 0;\n"
" EC_GROUP *group = NULL;\n"
" EC_POINT *point = NULL;\n"
" BIGNUM *tmp_1 = NULL;\n"
" BIGNUM *tmp_2 = NULL;\n"
" BIGNUM *tmp_3 = NULL;\n"
"\n");
BIO_printf(out, "\n\n");
BIO_printf(out, "EC_GROUP *get_ec_group_%d(void)\n\t{\n", len);
BIO_printf(out, "\tint ok=0;\n");
BIO_printf(out, "\tEC_GROUP *group = NULL;\n");
BIO_printf(out, "\tEC_POINT *point = NULL;\n");
BIO_printf(out, "\tBIGNUM *tmp_1 = NULL, *tmp_2 = NULL, "
"*tmp_3 = NULL;\n\n");
BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_p_%d, "
"sizeof(ec_p_%d), NULL)) == NULL)\n\t\t"
"goto err;\n", len, len);
BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_a_%d, "
"sizeof(ec_a_%d), NULL)) == NULL)\n\t\t"
"goto err;\n", len, len);
BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_b_%d, "
"sizeof(ec_b_%d), NULL)) == NULL)\n\t\t"
"goto err;\n", len, len);
if (is_prime) {
BIO_printf(out, "\tif ((group = EC_GROUP_new_curve_"
"GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)"
"\n\t\tgoto err;\n\n");
} else {
/* TODO */
goto end;
}
BIO_printf(out, "\t/* build generator */\n");
BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_gen_%d, "
"sizeof(ec_gen_%d), tmp_1)) == NULL)"
"\n\t\tgoto err;\n", len, len);
BIO_printf(out, "\tpoint = EC_POINT_bn2point(group, tmp_1, "
"NULL, NULL);\n");
BIO_printf(out, "\tif (point == NULL)\n\t\tgoto err;\n");
BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_order_%d, "
"sizeof(ec_order_%d), tmp_2)) == NULL)"
"\n\t\tgoto err;\n", len, len);
BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_cofactor_%d, "
"sizeof(ec_cofactor_%d), tmp_3)) == NULL)"
"\n\t\tgoto err;\n", len, len);
BIO_printf(out, "\tif (!EC_GROUP_set_generator(group, point,"
" tmp_2, tmp_3))\n\t\tgoto err;\n");
BIO_printf(out, "\n\tok=1;\n");
BIO_printf(out, "err:\n");
BIO_printf(out, "\tif (tmp_1)\n\t\tBN_free(tmp_1);\n");
BIO_printf(out, "\tif (tmp_2)\n\t\tBN_free(tmp_2);\n");
BIO_printf(out, "\tif (tmp_3)\n\t\tBN_free(tmp_3);\n");
BIO_printf(out, "\tif (point)\n\t\tEC_POINT_free(point);\n");
BIO_printf(out, "\tif (!ok)\n");
BIO_printf(out, "\t\t{\n");
BIO_printf(out, "\t\tEC_GROUP_free(group);\n");
BIO_printf(out, "\t\tgroup = NULL;\n");
BIO_printf(out, "\t\t}\n");
BIO_printf(out, "\treturn(group);\n\t}\n");
BIO_printf(out, " if ((tmp_1 = BN_bin2bn(ec_p_%d, sizeof (ec_p_%d), NULL)) == NULL)\n"
" goto err;\n", len, len);
BIO_printf(out, " if ((tmp_2 = BN_bin2bn(ec_a_%d, sizeof (ec_a_%d), NULL)) == NULL)\n"
" goto err;\n", len, len);
BIO_printf(out, " if ((tmp_3 = BN_bin2bn(ec_b_%d, sizeof (ec_b_%d), NULL)) == NULL)\n"
" goto err;\n", len, len);
BIO_printf(out, " if ((group = EC_GROUP_new_curve_GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)\n"
" goto err;\n"
"\n");
BIO_printf(out, " /* build generator */\n");
BIO_printf(out, " if ((tmp_1 = BN_bin2bn(ec_gen_%d, sizeof (ec_gen_%d), tmp_1)) == NULL)\n"
" goto err;\n", len, len);
BIO_printf(out, " point = EC_POINT_bn2point(group, tmp_1, NULL, NULL);\n");
BIO_printf(out, " if (point == NULL)\n"
" goto err;\n");
BIO_printf(out, " if ((tmp_2 = BN_bin2bn(ec_order_%d, sizeof (ec_order_%d), tmp_2)) == NULL)\n"
" goto err;\n", len, len);
BIO_printf(out, " if ((tmp_3 = BN_bin2bn(ec_cofactor_%d, sizeof (ec_cofactor_%d), tmp_3)) == NULL)\n"
" goto err;\n", len, len);
BIO_printf(out, " if (!EC_GROUP_set_generator(group, point, tmp_2, tmp_3))\n"
" goto err;\n"
"ok = 1;"
"\n");
BIO_printf(out, "err:\n"
" BN_free(tmp_1);\n"
" BN_free(tmp_2);\n"
" BN_free(tmp_3);\n"
" EC_POINT_free(point);\n"
" if (!ok) {\n"
" EC_GROUP_free(group);\n"
" return NULL;\n"
" }\n"
" return (group);\n"
"}\n");
}
if (!noout) {
if (outformat == FORMAT_ASN1)
i = i2d_ECPKParameters_bio(out, group);
else if (outformat == FORMAT_PEM)
else
i = PEM_write_bio_ECPKParameters(out, group);
else {
BIO_printf(bio_err, "bad output format specified for"
" outfile\n");
goto end;
}
if (!i) {
BIO_printf(bio_err, "unable to write elliptic "
"curve parameters\n");
@ -567,7 +464,7 @@ int MAIN(int argc, char **argv)
}
if (need_rand) {
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
app_RAND_load_file(NULL, (inrand != NULL));
if (inrand != NULL)
BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
@ -590,20 +487,14 @@ int MAIN(int argc, char **argv)
}
if (outformat == FORMAT_ASN1)
i = i2d_ECPrivateKey_bio(out, eckey);
else if (outformat == FORMAT_PEM)
else
i = PEM_write_bio_ECPrivateKey(out, eckey, NULL,
NULL, 0, NULL, NULL);
else {
BIO_printf(bio_err, "bad output format specified "
"for outfile\n");
EC_KEY_free(eckey);
goto end;
}
EC_KEY_free(eckey);
}
if (need_rand)
app_RAND_write_file(NULL, bio_err);
app_RAND_write_file(NULL);
ret = 0;
end:
@ -624,32 +515,9 @@ int MAIN(int argc, char **argv)
BIO_free(in);
BIO_free_all(out);
EC_GROUP_free(group);
apps_shutdown();
OPENSSL_EXIT(ret);
return (ret);
}
static int ecparam_print_var(BIO *out, BIGNUM *in, const char *var,
int len, unsigned char *buffer)
{
BIO_printf(out, "static unsigned char %s_%d[] = {", var, len);
if (BN_is_zero(in))
BIO_printf(out, "\n\t0x00");
else {
int i, l;
l = BN_bn2bin(in, buffer);
for (i = 0; i < l - 1; i++) {
if ((i % 12) == 0)
BIO_printf(out, "\n\t");
BIO_printf(out, "0x%02X,", buffer[i]);
}
if ((i % 12) == 0)
BIO_printf(out, "\n\t");
BIO_printf(out, "0x%02X", buffer[i]);
}
BIO_printf(out, "\n\t};\n\n");
return 1;
}
#else /* !OPENSSL_NO_EC */
# if PEDANTIC

535
apps/enc.c
View File

@ -1,4 +1,3 @@
/* apps/enc.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -72,307 +71,251 @@
#endif
#include <ctype.h>
int set_hex(char *in, unsigned char *out, int size);
#undef SIZE
#undef BSIZE
#undef PROG
#define SIZE (512)
#define BSIZE (8*1024)
#define PROG enc_main
static void show_ciphers(const OBJ_NAME *name, void *bio_)
{
BIO *bio = bio_;
static int n;
if (!islower((unsigned char)*name->name))
return;
BIO_printf(bio, "-%-25s", name->name);
if (++n == 3) {
BIO_printf(bio, "\n");
n = 0;
} else
BIO_printf(bio, " ");
}
int MAIN(int, char **);
int MAIN(int argc, char **argv)
static int set_hex(char *in, unsigned char *out, int size);
static void show_ciphers(const OBJ_NAME *name, void *bio_);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_E, OPT_IN, OPT_OUT, OPT_PASS, OPT_ENGINE, OPT_D, OPT_P, OPT_V,
OPT_NOPAD, OPT_SALT, OPT_NOSALT, OPT_DEBUG, OPT_UPPER_P, OPT_UPPER_A,
OPT_A, OPT_Z, OPT_BUFSIZE, OPT_K, OPT_KFILE, OPT_UPPER_K, OPT_NONE,
OPT_UPPER_S, OPT_IV, OPT_MD, OPT_NON_FIPS_ALLOW, OPT_CIPHER
} OPTION_CHOICE;
OPTIONS enc_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"in", OPT_IN, '<', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
{"pass", OPT_PASS, 's', "Passphrase source"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{"e", OPT_E, '-', "Encrypt"},
{"d", OPT_D, '-', "Decrypt"},
{"p", OPT_P, '-', "Print the iv/key"},
{"P", OPT_UPPER_P, '-', "Print the iv/key and exit"},
{"v", OPT_V, '-'},
{"nopad", OPT_NOPAD, '-', "Disable standard block padding"},
{"salt", OPT_SALT, '-'},
{"nosalt", OPT_NOSALT, '-'},
{"debug", OPT_DEBUG, '-'},
{"A", OPT_UPPER_A, '-'},
{"a", OPT_A, '-', "base64 encode/decode, depending on encryption flag"},
{"base64", OPT_A, '-', "Base64 output as a single line"},
#ifdef ZLIB
{"z", OPT_Z, '-', "Use zlib as the 'encryption'"},
#endif
{"bufsize", OPT_BUFSIZE, 's', "Buffer size"},
{"k", OPT_K, 's', "Passphrase"},
{"kfile", OPT_KFILE, '<', "Fead passphrase from file"},
{"K", OPT_UPPER_K, '-', "Same as -iv"},
{"S", OPT_UPPER_S, 's', "Salt, in hex"},
{"iv", OPT_IV, 's', "IV in hex"},
{"md", OPT_MD, 's', "Use specified digest to create key from passphrase"},
{"non-fips-allow", OPT_NON_FIPS_ALLOW, '-'},
{"none", OPT_NONE, '-', "Don't encrypt"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
{NULL}
};
int enc_main(int argc, char **argv)
{
static char buf[128];
static const char magic[] = "Salted__";
BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL, *rbio =
NULL, *wbio = NULL;
EVP_CIPHER_CTX *ctx = NULL;
const EVP_CIPHER *cipher = NULL, *c;
const EVP_MD *dgst = NULL;
char *engine = NULL, *hkey = NULL, *hiv = NULL, *hsalt = NULL, *p;
char *infile = NULL, *outfile = NULL, *prog;
char *str = NULL, *passarg = NULL, *pass = NULL, *strbuf = NULL;
char mbuf[sizeof magic - 1];
char *strbuf = NULL;
unsigned char *buff = NULL, *bufsize = NULL;
int bsize = BSIZE, verbose = 0;
int ret = 1, inl;
int nopad = 0;
OPTION_CHOICE o;
int bsize = BSIZE, verbose = 0, debug = 0, olb64 = 0, nosalt = 0;
int enc = 1, printkey = 0, i, k, base64 = 0;
int ret = 1, inl, nopad = 0, non_fips_allow = 0;
unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
unsigned char salt[PKCS5_SALT_LEN];
char *str = NULL, *passarg = NULL, *pass = NULL;
char *hkey = NULL, *hiv = NULL, *hsalt = NULL;
char *md = NULL;
int enc = 1, printkey = 0, i, base64 = 0;
unsigned char *buff = NULL, salt[PKCS5_SALT_LEN];
unsigned long n;
#ifdef ZLIB
int do_zlib = 0;
BIO *bzl = NULL;
#endif
int debug = 0, olb64 = 0, nosalt = 0;
const EVP_CIPHER *cipher = NULL, *c;
EVP_CIPHER_CTX *ctx = NULL;
char *inf = NULL, *outf = NULL;
BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL, *rbio =
NULL, *wbio = NULL;
#define PROG_NAME_SIZE 39
char pname[PROG_NAME_SIZE + 1];
#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
#endif
const EVP_MD *dgst = NULL;
int non_fips_allow = 0;
apps_startup();
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
/* first check the program name */
program_name(argv[0], pname, sizeof pname);
if (strcmp(pname, "base64") == 0)
prog = opt_progname(argv[0]);
if (strcmp(prog, "base64") == 0)
base64 = 1;
#ifdef ZLIB
if (strcmp(pname, "zlib") == 0)
else if (strcmp(prog, "zlib") == 0)
do_zlib = 1;
#endif
cipher = EVP_get_cipherbyname(pname);
#ifdef ZLIB
if (!do_zlib && !base64 && (cipher == NULL)
&& (strcmp(pname, "enc") != 0))
#else
if (!base64 && (cipher == NULL) && (strcmp(pname, "enc") != 0))
#endif
{
BIO_printf(bio_err, "%s is an unknown cipher\n", pname);
goto bad;
else {
cipher = EVP_get_cipherbyname(prog);
if (cipher == NULL && strcmp(prog, "enc") != 0) {
BIO_printf(bio_err, "%s is not a known cipher\n", prog);
goto end;
}
}
argc--;
argv++;
while (argc >= 1) {
if (strcmp(*argv, "-e") == 0)
enc = 1;
else if (strcmp(*argv, "-in") == 0) {
if (--argc < 1)
goto bad;
inf = *(++argv);
} else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
outf = *(++argv);
} else if (strcmp(*argv, "-pass") == 0) {
if (--argc < 1)
goto bad;
passarg = *(++argv);
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv, "-engine") == 0) {
if (--argc < 1)
goto bad;
engine = *(++argv);
}
#endif
else if (strcmp(*argv, "-d") == 0)
enc = 0;
else if (strcmp(*argv, "-p") == 0)
printkey = 1;
else if (strcmp(*argv, "-v") == 0)
verbose = 1;
else if (strcmp(*argv, "-nopad") == 0)
nopad = 1;
else if (strcmp(*argv, "-salt") == 0)
nosalt = 0;
else if (strcmp(*argv, "-nosalt") == 0)
nosalt = 1;
else if (strcmp(*argv, "-debug") == 0)
debug = 1;
else if (strcmp(*argv, "-P") == 0)
printkey = 2;
else if (strcmp(*argv, "-A") == 0)
olb64 = 1;
else if (strcmp(*argv, "-a") == 0)
base64 = 1;
else if (strcmp(*argv, "-base64") == 0)
base64 = 1;
#ifdef ZLIB
else if (strcmp(*argv, "-z") == 0)
do_zlib = 1;
#endif
else if (strcmp(*argv, "-bufsize") == 0) {
if (--argc < 1)
goto bad;
bufsize = (unsigned char *)*(++argv);
} else if (strcmp(*argv, "-k") == 0) {
if (--argc < 1)
goto bad;
str = *(++argv);
} else if (strcmp(*argv, "-kfile") == 0) {
static char buf[128];
FILE *infile;
char *file;
if (--argc < 1)
goto bad;
file = *(++argv);
infile = fopen(file, "r");
if (infile == NULL) {
BIO_printf(bio_err, "unable to read key from '%s'\n", file);
goto bad;
}
buf[0] = '\0';
if (!fgets(buf, sizeof buf, infile)) {
BIO_printf(bio_err, "unable to read key from '%s'\n", file);
goto bad;
}
fclose(infile);
i = strlen(buf);
if ((i > 0) && ((buf[i - 1] == '\n') || (buf[i - 1] == '\r')))
buf[--i] = '\0';
if ((i > 0) && ((buf[i - 1] == '\n') || (buf[i - 1] == '\r')))
buf[--i] = '\0';
if (i < 1) {
BIO_printf(bio_err, "zero length password\n");
goto bad;
}
str = buf;
} else if (strcmp(*argv, "-K") == 0) {
if (--argc < 1)
goto bad;
hkey = *(++argv);
} else if (strcmp(*argv, "-S") == 0) {
if (--argc < 1)
goto bad;
hsalt = *(++argv);
} else if (strcmp(*argv, "-iv") == 0) {
if (--argc < 1)
goto bad;
hiv = *(++argv);
} else if (strcmp(*argv, "-md") == 0) {
if (--argc < 1)
goto bad;
md = *(++argv);
} else if (strcmp(*argv, "-non-fips-allow") == 0)
non_fips_allow = 1;
else if ((argv[0][0] == '-') &&
((c = EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) {
cipher = c;
} else if (strcmp(*argv, "-none") == 0)
cipher = NULL;
else {
BIO_printf(bio_err, "unknown option '%s'\n", *argv);
bad:
BIO_printf(bio_err, "options are\n");
BIO_printf(bio_err, "%-14s input file\n", "-in <file>");
BIO_printf(bio_err, "%-14s output file\n", "-out <file>");
BIO_printf(bio_err, "%-14s pass phrase source\n", "-pass <arg>");
BIO_printf(bio_err, "%-14s encrypt\n", "-e");
BIO_printf(bio_err, "%-14s decrypt\n", "-d");
BIO_printf(bio_err,
"%-14s base64 encode/decode, depending on encryption flag\n",
"-a/-base64");
BIO_printf(bio_err, "%-14s passphrase is the next argument\n",
"-k");
BIO_printf(bio_err,
"%-14s passphrase is the first line of the file argument\n",
"-kfile");
BIO_printf(bio_err,
"%-14s the next argument is the md to use to create a key\n",
"-md");
BIO_printf(bio_err,
"%-14s from a passphrase. One of md2, md5, sha or sha1\n",
"");
BIO_printf(bio_err, "%-14s salt in hex is the next argument\n",
"-S");
BIO_printf(bio_err, "%-14s key/iv in hex is the next argument\n",
"-K/-iv");
BIO_printf(bio_err, "%-14s print the iv/key (then exit if -P)\n",
"-[pP]");
BIO_printf(bio_err, "%-14s buffer size\n", "-bufsize <n>");
BIO_printf(bio_err, "%-14s disable standard block padding\n",
"-nopad");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,
"%-14s use engine e, possibly a hardware device.\n",
"-engine e");
#endif
prog = opt_init(argc, argv, enc_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(enc_options);
ret = 0;
BIO_printf(bio_err, "Cipher Types\n");
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
show_ciphers, bio_err);
BIO_printf(bio_err, "\n");
goto end;
case OPT_E:
enc = 1;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_PASS:
passarg = opt_arg();
break;
case OPT_ENGINE:
engine = opt_arg();
break;
case OPT_D:
enc = 0;
break;
case OPT_P:
printkey = 1;
break;
case OPT_V:
verbose = 1;
break;
case OPT_NOPAD:
nopad = 1;
break;
case OPT_SALT:
nosalt = 0;
break;
case OPT_NOSALT:
nosalt = 1;
break;
case OPT_DEBUG:
debug = 1;
break;
case OPT_UPPER_P:
printkey = 2;
break;
case OPT_UPPER_A:
olb64 = 1;
break;
case OPT_A:
base64 = 1;
break;
case OPT_Z:
#ifdef ZLIB
do_zlib = 1;
#endif
break;
case OPT_BUFSIZE:
p = opt_arg();
i = (int)strlen(p) - 1;
k = i >= 1 && p[i] == 'k';
if (k)
p[i] = '\0';
if (!opt_ulong(opt_arg(), &n))
goto opthelp;
if (k)
n *= 1024;
bsize = (int)n;
break;
case OPT_K:
str = opt_arg();
break;
case OPT_KFILE:
in = bio_open_default(opt_arg(), "r");
if (in == NULL)
goto opthelp;
i = BIO_gets(in, buf, sizeof buf);
BIO_free(in);
in = NULL;
if (i <= 0) {
BIO_printf(bio_err,
"%s Can't read key from %s\n", prog, opt_arg());
goto opthelp;
}
while (--i > 0 && (buf[i] == '\r' || buf[i] == '\n'))
buf[i] = '\0';
if (i <= 0) {
BIO_printf(bio_err, "%s: zero length password\n", prog);
goto opthelp;
}
str = buf;
break;
case OPT_UPPER_K:
hkey = opt_arg();
break;
case OPT_UPPER_S:
hsalt = opt_arg();
break;
case OPT_IV:
hiv = opt_arg();
break;
case OPT_MD:
if (!opt_md(opt_arg(), &dgst))
goto opthelp;
break;
case OPT_NON_FIPS_ALLOW:
non_fips_allow = 1;
break;
case OPT_CIPHER:
if (!opt_cipher(opt_unknown(), &c))
goto opthelp;
cipher = c;
break;
case OPT_NONE:
cipher = NULL;
break;
}
argc--;
argv++;
}
argc = opt_num_rest();
argv = opt_rest();
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
setup_engine(engine, 0);
#endif
if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
BIO_printf(bio_err,
"AEAD ciphers not supported by the enc utility\n");
BIO_printf(bio_err, "%s: AEAD ciphers not supported\n", prog);
goto end;
}
if (cipher && (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)) {
BIO_printf(bio_err,
"Ciphers in XTS mode are not supported by the enc utility\n");
BIO_printf(bio_err, "%s XTS ciphers not supported\n", prog);
goto end;
}
if (md && (dgst = EVP_get_digestbyname(md)) == NULL) {
BIO_printf(bio_err, "%s is an unsupported message digest type\n", md);
goto end;
}
if (dgst == NULL) {
if (dgst == NULL)
dgst = EVP_md5();
}
if (bufsize != NULL) {
unsigned long n;
for (n = 0; *bufsize; bufsize++) {
i = *bufsize;
if ((i <= '9') && (i >= '0'))
n = n * 10 + i - '0';
else if (i == 'k') {
n *= 1024;
bufsize++;
break;
}
}
if (*bufsize != '\0') {
BIO_printf(bio_err, "invalid 'bufsize' specified.\n");
goto end;
}
/* It must be large enough for a base64 encoded line */
if (base64 && n < 80)
n = 80;
bsize = (int)n;
if (verbose)
BIO_printf(bio_err, "bufsize=%d\n", bsize);
}
/* It must be large enough for a base64 encoded line */
if (base64 && bsize < 80)
bsize = 80;
if (verbose)
BIO_printf(bio_err, "bufsize=%d\n", bsize);
strbuf = OPENSSL_malloc(SIZE);
buff = (unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize));
@ -382,12 +325,6 @@ int MAIN(int argc, char **argv)
goto end;
}
in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL)) {
ERR_print_errors(bio_err);
goto end;
}
if (debug) {
BIO_set_callback(in, BIO_debug_callback);
BIO_set_callback(out, BIO_debug_callback);
@ -395,19 +332,16 @@ int MAIN(int argc, char **argv)
BIO_set_callback_arg(out, (char *)bio_err);
}
if (inf == NULL) {
if (bufsize != NULL)
setbuf(stdin, NULL);
BIO_set_fp(in, stdin, BIO_NOCLOSE);
} else {
if (BIO_read_filename(in, inf) <= 0) {
perror(inf);
goto end;
}
}
if (infile == NULL) {
unbuffer(stdin);
in = dup_bio_in();
} else
in = bio_open_default(infile, "r");
if (in == NULL)
goto end;
if (!str && passarg) {
if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) {
if (!app_passwd(passarg, NULL, &pass, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
@ -416,13 +350,13 @@ int MAIN(int argc, char **argv)
if ((str == NULL) && (cipher != NULL) && (hkey == NULL)) {
for (;;) {
char buf[200];
char prompt[200];
BIO_snprintf(buf, sizeof buf, "enter %s %s password:",
BIO_snprintf(prompt, sizeof prompt, "enter %s %s password:",
OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
(enc) ? "encryption" : "decryption");
strbuf[0] = '\0';
i = EVP_read_pw_string((char *)strbuf, SIZE, buf, enc);
i = EVP_read_pw_string((char *)strbuf, SIZE, prompt, enc);
if (i == 0) {
if (strbuf[0] == '\0') {
ret = 1;
@ -438,28 +372,14 @@ int MAIN(int argc, char **argv)
}
}
if (outf == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
if (bufsize != NULL)
setbuf(stdin, NULL); /* don't do buffered reads */
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
} else {
if (BIO_write_filename(out, outf) <= 0) {
perror(outf);
goto end;
}
}
out = bio_open_default(outfile, "w");
if (out == NULL)
goto end;
rbio = in;
wbio = out;
#ifdef ZLIB
if (do_zlib) {
if ((bzl = BIO_new(BIO_f_zlib())) == NULL)
goto end;
@ -666,11 +586,26 @@ int MAIN(int argc, char **argv)
#endif
if (pass)
OPENSSL_free(pass);
apps_shutdown();
OPENSSL_EXIT(ret);
return (ret);
}
int set_hex(char *in, unsigned char *out, int size)
static void show_ciphers(const OBJ_NAME *name, void *bio_)
{
BIO *bio = bio_;
static int n;
if (!islower((unsigned char)*name->name))
return;
BIO_printf(bio, "-%-25s", name->name);
if (++n == 3) {
BIO_printf(bio, "\n");
n = 0;
} else
BIO_printf(bio, " ");
}
static int set_hex(char *in, unsigned char *out, int size)
{
int i, n;
unsigned char j;

230
apps/engine.c
View File

@ -1,4 +1,3 @@
/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */
/*
* Written by Richard Levitte <richard@levitte.org> for the OpenSSL project
* 2000.
@ -66,27 +65,26 @@
# include <openssl/engine.h>
# include <openssl/ssl.h>
# undef PROG
# define PROG engine_main
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_C, OPT_T, OPT_TT, OPT_PRE, OPT_POST,
OPT_V = 100, OPT_VV, OPT_VVV, OPT_VVVV
} OPTION_CHOICE;
static const char *engine_usage[] = {
"usage: engine opts [engine ...]\n",
" -v[v[v[v]]] - verbose mode, for each engine, list its 'control commands'\n",
" -vv will additionally display each command's description\n",
" -vvv will also add the input flags for each command\n",
" -vvvv will also show internal input flags\n",
" -c - for each engine, also list the capabilities\n",
" -t[t] - for each engine, check that they are really available\n",
" -tt will display error trace for unavailable engines\n",
" -pre <cmd> - runs command 'cmd' against the ENGINE before any attempts\n",
" to load it (if -t is used)\n",
" -post <cmd> - runs command 'cmd' against the ENGINE after loading it\n",
" (only used if -t is also provided)\n",
" NB: -pre and -post will be applied to all ENGINEs supplied on the command\n",
" line, or all supported ENGINEs if none are specified.\n",
" Eg. '-pre \"SO_PATH:/lib/libdriver.so\"' calls command \"SO_PATH\" with\n",
" argument \"/lib/libdriver.so\".\n",
NULL
OPTIONS engine_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"vvvv", OPT_VVVV, '-', "Also show internal input flags"},
{"vvv", OPT_VVV, '-', "Also add the input flags for each command"},
{"vv", OPT_VV, '-', "Also display each command's description"},
{"v", OPT_V, '-', "For each engine, list its 'control commands'"},
{"c", OPT_C, '-', "List the capabilities of each engine"},
{"t", OPT_T, '-', "Check that each engine is available"},
{"tt", OPT_TT, '-', "Display error trace for unavailable engines"},
{"pre", OPT_PRE, 's', "Run command against the ENGINE before loading it"},
{"post", OPT_POST, 's', "Run command against the ENGINE after loading it"},
{OPT_MORE_STR, OPT_EOF, 1,
"Commands are like \"SO_PATH:/lib/libdriver.so\""},
{NULL}
};
static void identity(char *ptr)
@ -124,13 +122,13 @@ static int append_buf(char **buf, const char *s, int *size, int step)
return 1;
}
static int util_flags(BIO *bio_out, unsigned int flags, const char *indent)
static int util_flags(BIO *out, unsigned int flags, const char *indent)
{
int started = 0, err = 0;
/* Indent before displaying input flags */
BIO_printf(bio_out, "%s%s(input flags): ", indent, indent);
BIO_printf(out, "%s%s(input flags): ", indent, indent);
if (flags == 0) {
BIO_printf(bio_out, "<no flags>\n");
BIO_printf(out, "<no flags>\n");
return 1;
}
/*
@ -138,11 +136,11 @@ static int util_flags(BIO *bio_out, unsigned int flags, const char *indent)
* having it part of all the other flags, even if it really is.
*/
if (flags & ENGINE_CMD_FLAG_INTERNAL) {
BIO_printf(bio_out, "[Internal] ");
BIO_printf(out, "[Internal] ");
}
if (flags & ENGINE_CMD_FLAG_NUMERIC) {
BIO_printf(bio_out, "NUMERIC");
BIO_printf(out, "NUMERIC");
started = 1;
}
/*
@ -153,18 +151,18 @@ static int util_flags(BIO *bio_out, unsigned int flags, const char *indent)
*/
if (flags & ENGINE_CMD_FLAG_STRING) {
if (started) {
BIO_printf(bio_out, "|");
BIO_printf(out, "|");
err = 1;
}
BIO_printf(bio_out, "STRING");
BIO_printf(out, "STRING");
started = 1;
}
if (flags & ENGINE_CMD_FLAG_NO_INPUT) {
if (started) {
BIO_printf(bio_out, "|");
BIO_printf(out, "|");
err = 1;
}
BIO_printf(bio_out, "NO_INPUT");
BIO_printf(out, "NO_INPUT");
started = 1;
}
/* Check for unknown flags */
@ -173,17 +171,16 @@ static int util_flags(BIO *bio_out, unsigned int flags, const char *indent)
~ENGINE_CMD_FLAG_NO_INPUT & ~ENGINE_CMD_FLAG_INTERNAL;
if (flags) {
if (started)
BIO_printf(bio_out, "|");
BIO_printf(bio_out, "<0x%04X>", flags);
BIO_printf(out, "|");
BIO_printf(out, "<0x%04X>", flags);
}
if (err)
BIO_printf(bio_out, " <illegal flags!>");
BIO_printf(bio_out, "\n");
BIO_printf(out, " <illegal flags!>");
BIO_printf(out, "\n");
return 1;
}
static int util_verbose(ENGINE *e, int verbose, BIO *bio_out,
const char *indent)
static int util_verbose(ENGINE *e, int verbose, BIO *out, const char *indent)
{
static const int line_wrap = 78;
int num;
@ -200,9 +197,9 @@ static int util_verbose(ENGINE *e, int verbose, BIO *bio_out,
}
cmds = sk_OPENSSL_STRING_new_null();
if (!cmds)
goto err;
do {
int len;
/* Get the command input flags */
@ -233,26 +230,26 @@ static int util_verbose(ENGINE *e, int verbose, BIO *bio_out,
/* Now decide on the output */
if (xpos == 0)
/* Do an indent */
xpos = BIO_puts(bio_out, indent);
xpos = BIO_puts(out, indent);
else
/* Otherwise prepend a ", " */
xpos += BIO_printf(bio_out, ", ");
xpos += BIO_printf(out, ", ");
if (verbose == 1) {
/*
* We're just listing names, comma-delimited
*/
if ((xpos > (int)strlen(indent)) &&
(xpos + (int)strlen(name) > line_wrap)) {
BIO_printf(bio_out, "\n");
xpos = BIO_puts(bio_out, indent);
BIO_printf(out, "\n");
xpos = BIO_puts(out, indent);
}
xpos += BIO_printf(bio_out, "%s", name);
xpos += BIO_printf(out, "%s", name);
} else {
/* We're listing names plus descriptions */
BIO_printf(bio_out, "%s: %s\n", name,
BIO_printf(out, "%s: %s\n", name,
(desc == NULL) ? "<no description>" : desc);
/* ... and sometimes input flags */
if ((verbose >= 3) && !util_flags(bio_out, flags, indent))
if ((verbose >= 3) && !util_flags(out, flags, indent))
goto err;
xpos = 0;
}
@ -267,7 +264,7 @@ static int util_verbose(ENGINE *e, int verbose, BIO *bio_out,
num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE, num, NULL, NULL);
} while (num > 0);
if (xpos > 0)
BIO_printf(bio_out, "\n");
BIO_printf(out, "\n");
ret = 1;
err:
if (cmds)
@ -280,12 +277,12 @@ static int util_verbose(ENGINE *e, int verbose, BIO *bio_out,
}
static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds,
BIO *bio_out, const char *indent)
BIO *out, const char *indent)
{
int loop, res, num = sk_OPENSSL_STRING_num(cmds);
if (num < 0) {
BIO_printf(bio_out, "[Error]: internal stack error\n");
BIO_printf(out, "[Error]: internal stack error\n");
return;
}
for (loop = 0; loop < num; loop++) {
@ -299,7 +296,7 @@ static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds,
res = 0;
} else {
if ((int)(arg - cmd) > 254) {
BIO_printf(bio_out, "[Error]: command name too long\n");
BIO_printf(out, "[Error]: command name too long\n");
return;
}
memcpy(buf, cmd, (int)(arg - cmd));
@ -310,90 +307,70 @@ static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds,
res = 0;
}
if (res)
BIO_printf(bio_out, "[Success]: %s\n", cmd);
BIO_printf(out, "[Success]: %s\n", cmd);
else {
BIO_printf(bio_out, "[Failure]: %s\n", cmd);
ERR_print_errors(bio_out);
BIO_printf(out, "[Failure]: %s\n", cmd);
ERR_print_errors(out);
}
}
}
int MAIN(int, char **);
int MAIN(int argc, char **argv)
int engine_main(int argc, char **argv)
{
int ret = 1, i;
const char **pp;
int verbose = 0, list_cap = 0, test_avail = 0, test_avail_noise = 0;
ENGINE *e;
STACK_OF(OPENSSL_STRING) *engines = sk_OPENSSL_STRING_new_null();
STACK_OF(OPENSSL_STRING) *pre_cmds = sk_OPENSSL_STRING_new_null();
STACK_OF(OPENSSL_STRING) *post_cmds = sk_OPENSSL_STRING_new_null();
int badops = 1;
BIO *bio_out = NULL;
BIO *out;
const char *indent = " ";
OPTION_CHOICE o;
char *prog;
apps_startup();
SSL_load_error_strings();
if (bio_err == NULL)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
out = dup_bio_out();
prog = opt_init(argc, argv, engine_options);
if (!engines || !pre_cmds || !post_cmds)
goto end;
bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
# ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
bio_out = BIO_push(tmpbio, bio_out);
}
# endif
argc--;
argv++;
while (argc >= 1) {
if (strncmp(*argv, "-v", 2) == 0) {
if (strspn(*argv + 1, "v") < strlen(*argv + 1))
goto skip_arg_loop;
if ((verbose = strlen(*argv + 1)) > 4)
goto skip_arg_loop;
} else if (strcmp(*argv, "-c") == 0)
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(engine_options);
ret = 0;
goto end;
case OPT_VVVV:
case OPT_VVV:
case OPT_VV:
case OPT_V:
/* Convert to an integer from one to four. */
i = (int)(o - OPT_V) + 1;
if (verbose < i)
verbose = i;
break;
case OPT_C:
list_cap = 1;
else if (strncmp(*argv, "-t", 2) == 0) {
test_avail = 1;
if (strspn(*argv + 1, "t") < strlen(*argv + 1))
goto skip_arg_loop;
if ((test_avail_noise = strlen(*argv + 1) - 1) > 1)
goto skip_arg_loop;
} else if (strcmp(*argv, "-pre") == 0) {
argc--;
argv++;
if (argc == 0)
goto skip_arg_loop;
sk_OPENSSL_STRING_push(pre_cmds, *argv);
} else if (strcmp(*argv, "-post") == 0) {
argc--;
argv++;
if (argc == 0)
goto skip_arg_loop;
sk_OPENSSL_STRING_push(post_cmds, *argv);
} else if ((strncmp(*argv, "-h", 2) == 0) ||
(strcmp(*argv, "-?") == 0))
goto skip_arg_loop;
else
sk_OPENSSL_STRING_push(engines, *argv);
argc--;
argv++;
}
/* Looks like everything went OK */
badops = 0;
skip_arg_loop:
if (badops) {
for (pp = engine_usage; (*pp != NULL); pp++)
BIO_printf(bio_err, "%s", *pp);
goto end;
break;
case OPT_TT:
test_avail_noise++;
case OPT_T:
test_avail++;
break;
case OPT_PRE:
sk_OPENSSL_STRING_push(pre_cmds, opt_arg());
break;
case OPT_POST:
sk_OPENSSL_STRING_push(post_cmds, opt_arg());
break;
}
}
argc = opt_num_rest();
argv = opt_rest();
for ( ; *argv; argv++)
sk_OPENSSL_STRING_push(engines, *argv);
if (sk_OPENSSL_STRING_num(engines) == 0) {
for (e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) {
@ -408,10 +385,10 @@ int MAIN(int argc, char **argv)
/*
* Do "id" first, then "name". Easier to auto-parse.
*/
BIO_printf(bio_out, "(%s) %s\n", id, name);
util_do_cmds(e, pre_cmds, bio_out, indent);
BIO_printf(out, "(%s) %s\n", id, name);
util_do_cmds(e, pre_cmds, out, indent);
if (strcmp(ENGINE_get_id(e), id) != 0) {
BIO_printf(bio_out, "Loaded: (%s) %s\n",
BIO_printf(out, "Loaded: (%s) %s\n",
ENGINE_get_id(e), ENGINE_get_name(e));
}
if (list_cap) {
@ -466,24 +443,24 @@ int MAIN(int argc, char **argv)
goto end;
skip_pmeths:
if (cap_buf && (*cap_buf != '\0'))
BIO_printf(bio_out, " [%s]\n", cap_buf);
BIO_printf(out, " [%s]\n", cap_buf);
OPENSSL_free(cap_buf);
}
if (test_avail) {
BIO_printf(bio_out, "%s", indent);
BIO_printf(out, "%s", indent);
if (ENGINE_init(e)) {
BIO_printf(bio_out, "[ available ]\n");
util_do_cmds(e, post_cmds, bio_out, indent);
BIO_printf(out, "[ available ]\n");
util_do_cmds(e, post_cmds, out, indent);
ENGINE_finish(e);
} else {
BIO_printf(bio_out, "[ unavailable ]\n");
BIO_printf(out, "[ unavailable ]\n");
if (test_avail_noise)
ERR_print_errors_fp(stdout);
ERR_clear_error();
}
}
if ((verbose > 0) && !util_verbose(e, verbose, bio_out, indent))
if ((verbose > 0) && !util_verbose(e, verbose, out, indent))
goto end;
ENGINE_free(e);
} else
@ -497,9 +474,8 @@ int MAIN(int argc, char **argv)
sk_OPENSSL_STRING_pop_free(engines, identity);
sk_OPENSSL_STRING_pop_free(pre_cmds, identity);
sk_OPENSSL_STRING_pop_free(post_cmds, identity);
BIO_free_all(bio_out);
apps_shutdown();
OPENSSL_EXIT(ret);
BIO_free_all(out);
return (ret);
}
#else

85
apps/errstr.c
View File

@ -1,4 +1,3 @@
/* apps/errstr.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -65,56 +64,60 @@
#include <openssl/err.h>
#include <openssl/ssl.h>
#undef PROG
#define PROG errstr_main
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_STATS
} OPTION_CHOICE;
int MAIN(int, char **);
OPTIONS errstr_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [options] errnum...\n"},
{OPT_HELP_STR, 1, '-', " errnum Error number\n"},
{"help", OPT_HELP, '-', "Display this summary"},
{"stats", OPT_STATS, '-',
"Print internal hashtable statistics (long!)"},
{NULL}
};
int MAIN(int argc, char **argv)
int errstr_main(int argc, char **argv)
{
int i, ret = 0;
char buf[256];
OPTION_CHOICE o;
char buf[256], *prog;
int ret = 1;
unsigned long l;
apps_startup();
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
SSL_load_error_strings();
if ((argc > 1) && (strcmp(argv[1], "-stats") == 0)) {
BIO *out = NULL;
out = BIO_new(BIO_s_file());
if ((out != NULL) && BIO_set_fp(out, stdout, BIO_NOCLOSE)) {
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
lh_ERR_STRING_DATA_node_stats_bio(ERR_get_string_table(), out);
lh_ERR_STRING_DATA_stats_bio(ERR_get_string_table(), out);
prog = opt_init(argc, argv, errstr_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(errstr_options);
ret = 0;
goto end;
case OPT_STATS:
lh_ERR_STRING_DATA_node_stats_bio(ERR_get_string_table(),
bio_out);
lh_ERR_STRING_DATA_stats_bio(ERR_get_string_table(), bio_out);
lh_ERR_STRING_DATA_node_usage_stats_bio(ERR_get_string_table(),
out);
bio_out);
ret = 0;
goto end;
}
BIO_free_all(out);
argc--;
argv++;
}
argc = opt_num_rest();
argv = opt_rest();
for (i = 1; i < argc; i++) {
if (sscanf(argv[i], "%lx", &l)) {
ERR_error_string_n(l, buf, sizeof buf);
printf("%s\n", buf);
} else {
printf("%s: bad error code\n", argv[i]);
printf("usage: errstr [-stats] <errno> ...\n");
ret = 0;
for (argv = opt_rest(); *argv; argv++) {
if (!opt_ulong(*argv, &l))
ret++;
else {
ERR_error_string_n(l, buf, sizeof buf);
BIO_printf(bio_out, "%s\n", buf);
}
}
apps_shutdown();
OPENSSL_EXIT(ret);
end:
return (ret);
}

243
apps/gendh.c
View File

@ -1,243 +0,0 @@
/* apps/gendh.c */
/* obsoleted by dhparam.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_DH
# include <stdio.h>
# include <string.h>
# include <sys/types.h>
# include <sys/stat.h>
# include "apps.h"
# include <openssl/bio.h>
# include <openssl/rand.h>
# include <openssl/err.h>
# include <openssl/bn.h>
# include <openssl/dh.h>
# include <openssl/x509.h>
# include <openssl/pem.h>
# define DEFBITS 2048
# undef PROG
# define PROG gendh_main
static int dh_cb(int p, int n, BN_GENCB *cb);
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
BN_GENCB *cb = NULL;
DH *dh = NULL;
int ret = 1, num = DEFBITS;
int g = 2;
char *outfile = NULL;
char *inrand = NULL;
# ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
# endif
BIO *out = NULL;
apps_startup();
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
cb = BN_GENCB_new();
if (!cb)
goto end;
BN_GENCB_set(cb, dh_cb, bio_err);
if (!load_config(bio_err, NULL))
goto end;
argv++;
argc--;
for (;;) {
if (argc <= 0)
break;
if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
outfile = *(++argv);
} else if (strcmp(*argv, "-2") == 0)
g = 2;
/*- else if (strcmp(*argv,"-3") == 0)
g=3; */
else if (strcmp(*argv, "-5") == 0)
g = 5;
# ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv, "-engine") == 0) {
if (--argc < 1)
goto bad;
engine = *(++argv);
}
# endif
else if (strcmp(*argv, "-rand") == 0) {
if (--argc < 1)
goto bad;
inrand = *(++argv);
} else
break;
argv++;
argc--;
}
if ((argc >= 1) && ((sscanf(*argv, "%d", &num) == 0) || (num < 0))) {
bad:
BIO_printf(bio_err, "usage: gendh [args] [numbits]\n");
BIO_printf(bio_err, " -out file - output the key to 'file\n");
BIO_printf(bio_err, " -2 - use 2 as the generator value\n");
/*
* BIO_printf(bio_err," -3 - use 3 as the generator value\n");
*/
BIO_printf(bio_err, " -5 - use 5 as the generator value\n");
# ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,
" -engine e - use engine e, possibly a hardware device.\n");
# endif
BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
LIST_SEPARATOR_CHAR);
BIO_printf(bio_err,
" - load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n");
goto end;
}
# ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
# endif
out = BIO_new(BIO_s_file());
if (out == NULL) {
ERR_print_errors(bio_err);
goto end;
}
if (outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
# ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
# endif
} else {
if (BIO_write_filename(out, outfile) <= 0) {
perror(outfile);
goto end;
}
}
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) {
BIO_printf(bio_err,
"warning, not much extra random data, consider using the -rand option\n");
}
if (inrand != NULL)
BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
BIO_printf(bio_err,
"Generating DH parameters, %d bit long safe prime, generator %d\n",
num, g);
BIO_printf(bio_err, "This is going to take a long time\n");
if (((dh = DH_new()) == NULL)
|| !DH_generate_parameters_ex(dh, num, g, cb))
goto end;
app_RAND_write_file(NULL, bio_err);
if (!PEM_write_bio_DHparams(out, dh))
goto end;
ret = 0;
end:
if (ret != 0)
ERR_print_errors(bio_err);
BIO_free_all(out);
DH_free(dh);
if (cb != NULL)
BN_GENCB_free(cb);
apps_shutdown();
OPENSSL_EXIT(ret);
}
static int dh_cb(int p, int n, BN_GENCB *cb)
{
char c = '*';
if (p == 0)
c = '.';
if (p == 1)
c = '+';
if (p == 2)
c = '*';
if (p == 3)
c = '\n';
BIO_write(BN_GENCB_get_arg(cb), &c, 1);
(void)BIO_flush(BN_GENCB_get_arg(cb));
return 1;
}
#else /* !OPENSSL_NO_DH */
# if PEDANTIC
static void *dummy = &dummy;
# endif
#endif

223
apps/gendsa.c
View File

@ -1,4 +1,3 @@
/* apps/gendsa.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -71,155 +70,86 @@
# include <openssl/pem.h>
# define DEFBITS 512
# undef PROG
# define PROG gendsa_main
int MAIN(int, char **);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_OUT, OPT_PASSOUT, OPT_ENGINE, OPT_RAND, OPT_CIPHER
} OPTION_CHOICE;
int MAIN(int argc, char **argv)
OPTIONS gendsa_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [args] dsaparam-file\n"},
{OPT_HELP_STR, 1, '-', "Valid options are:\n"},
{"help", OPT_HELP, '-', "Display this summary"},
{"out", OPT_OUT, '>', "Output the key to the specified file"},
{"passout", OPT_PASSOUT, 's'},
{"rand", OPT_RAND, 's',
"Load the file(s) into the random number generator"},
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
{"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
{NULL}
};
int gendsa_main(int argc, char **argv)
{
DSA *dsa = NULL;
int ret = 1;
char *outfile = NULL;
char *inrand = NULL, *dsaparams = NULL;
char *passargout = NULL, *passout = NULL;
BIO *out = NULL, *in = NULL;
DSA *dsa = NULL;
const EVP_CIPHER *enc = NULL;
# ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
# endif
char *engine = NULL, *inrand = NULL, *dsaparams = NULL;
char *outfile = NULL, *passoutarg = NULL, *passout = NULL, *prog;
OPTION_CHOICE o;
int ret = 1;
apps_startup();
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
argv++;
argc--;
for (;;) {
if (argc <= 0)
prog = opt_init(argc, argv, gendsa_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
ret = 0;
opt_help(gendsa_options);
goto end;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_PASSOUT:
passoutarg = opt_arg();
break;
case OPT_ENGINE:
engine = opt_arg();
break;
case OPT_RAND:
inrand = opt_arg();
break;
case OPT_CIPHER:
if (!opt_cipher(opt_unknown(), &enc))
goto end;
break;
if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
outfile = *(++argv);
} else if (strcmp(*argv, "-passout") == 0) {
if (--argc < 1)
goto bad;
passargout = *(++argv);
}
# ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv, "-engine") == 0) {
if (--argc < 1)
goto bad;
engine = *(++argv);
}
# endif
else if (strcmp(*argv, "-rand") == 0) {
if (--argc < 1)
goto bad;
inrand = *(++argv);
} else if (strcmp(*argv, "-") == 0)
goto bad;
# ifndef OPENSSL_NO_DES
else if (strcmp(*argv, "-des") == 0)
enc = EVP_des_cbc();
else if (strcmp(*argv, "-des3") == 0)
enc = EVP_des_ede3_cbc();
# endif
# ifndef OPENSSL_NO_IDEA
else if (strcmp(*argv, "-idea") == 0)
enc = EVP_idea_cbc();
# endif
# ifndef OPENSSL_NO_SEED
else if (strcmp(*argv, "-seed") == 0)
enc = EVP_seed_cbc();
# endif
# ifndef OPENSSL_NO_AES
else if (strcmp(*argv, "-aes128") == 0)
enc = EVP_aes_128_cbc();
else if (strcmp(*argv, "-aes192") == 0)
enc = EVP_aes_192_cbc();
else if (strcmp(*argv, "-aes256") == 0)
enc = EVP_aes_256_cbc();
# endif
# ifndef OPENSSL_NO_CAMELLIA
else if (strcmp(*argv, "-camellia128") == 0)
enc = EVP_camellia_128_cbc();
else if (strcmp(*argv, "-camellia192") == 0)
enc = EVP_camellia_192_cbc();
else if (strcmp(*argv, "-camellia256") == 0)
enc = EVP_camellia_256_cbc();
# endif
else if (**argv != '-' && dsaparams == NULL) {
dsaparams = *argv;
} else
goto bad;
argv++;
argc--;
}
argc = opt_num_rest();
argv = opt_rest();
if (argc != 1)
goto opthelp;
dsaparams = *argv;
if (dsaparams == NULL) {
bad:
BIO_printf(bio_err, "usage: gendsa [args] dsaparam-file\n");
BIO_printf(bio_err, " -out file - output the key to 'file'\n");
# ifndef OPENSSL_NO_DES
BIO_printf(bio_err,
" -des - encrypt the generated key with DES in cbc mode\n");
BIO_printf(bio_err,
" -des3 - encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
# endif
# ifndef OPENSSL_NO_IDEA
BIO_printf(bio_err,
" -idea - encrypt the generated key with IDEA in cbc mode\n");
# endif
# ifndef OPENSSL_NO_SEED
BIO_printf(bio_err, " -seed\n");
BIO_printf(bio_err,
" encrypt PEM output with cbc seed\n");
# endif
# ifndef OPENSSL_NO_AES
BIO_printf(bio_err, " -aes128, -aes192, -aes256\n");
BIO_printf(bio_err,
" encrypt PEM output with cbc aes\n");
# endif
# ifndef OPENSSL_NO_CAMELLIA
BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n");
BIO_printf(bio_err,
" encrypt PEM output with cbc camellia\n");
# endif
# ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,
" -engine e - use engine e, possibly a hardware device.\n");
# endif
BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
LIST_SEPARATOR_CHAR);
BIO_printf(bio_err,
" - load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n");
BIO_printf(bio_err, " dsaparam-file\n");
BIO_printf(bio_err,
" - a DSA parameter file as generated by the dsaparam command\n");
goto end;
}
# ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
setup_engine(engine, 0);
# endif
if (!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
if (!app_passwd(NULL, passoutarg, NULL, &passout)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
in = BIO_new(BIO_s_file());
if (!(BIO_read_filename(in, dsaparams))) {
perror(dsaparams);
goto end;
}
in = bio_open_default(dsaparams, "r");
if (in == NULL)
goto end2;
if ((dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL)) == NULL) {
BIO_printf(bio_err, "unable to load DSA parameter file\n");
@ -228,26 +158,11 @@ int MAIN(int argc, char **argv)
BIO_free(in);
in = NULL;
out = BIO_new(BIO_s_file());
out = bio_open_default(outfile, "w");
if (out == NULL)
goto end;
goto end2;
if (outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
# ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
# endif
} else {
if (BIO_write_filename(out, outfile) <= 0) {
perror(outfile);
goto end;
}
}
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) {
if (!app_RAND_load_file(NULL, 1) && inrand == NULL) {
BIO_printf(bio_err,
"warning, not much extra random data, consider using the -rand option\n");
}
@ -259,7 +174,7 @@ int MAIN(int argc, char **argv)
if (!DSA_generate_key(dsa))
goto end;
app_RAND_write_file(NULL, bio_err);
app_RAND_write_file(NULL);
if (!PEM_write_bio_DSAPrivateKey(out, dsa, enc, NULL, 0, NULL, passout))
goto end;
@ -267,13 +182,13 @@ int MAIN(int argc, char **argv)
end:
if (ret != 0)
ERR_print_errors(bio_err);
end2:
BIO_free(in);
BIO_free_all(out);
DSA_free(dsa);
if (passout)
OPENSSL_free(passout);
apps_shutdown();
OPENSSL_EXIT(ret);
return (ret);
}
#else /* !OPENSSL_NO_DSA */

236
apps/genpkey.c
View File

@ -1,4 +1,3 @@
/* apps/genpkey.c */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 2006
@ -66,159 +65,125 @@
# include <openssl/engine.h>
#endif
static int init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx,
const char *file, ENGINE *e);
static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e);
static int genpkey_cb(EVP_PKEY_CTX *ctx);
#define PROG genpkey_main
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_ENGINE, OPT_OUTFORM, OPT_OUT, OPT_PASS, OPT_PARAMFILE,
OPT_ALGORITHM, OPT_PKEYOPT, OPT_GENPARAM, OPT_TEXT, OPT_CIPHER
} OPTION_CHOICE;
int MAIN(int, char **);
OPTIONS genpkey_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"out", OPT_OUT, '>', "Output file"},
{"outform", OPT_OUTFORM, 'F', "output format (DER or PEM)"},
{"pass", OPT_PASS, 's', "Output file pass phrase source"},
{"paramfile", OPT_PARAMFILE, '<', "Parameters file"},
{"algorithm", OPT_ALGORITHM, 's', "The public key algorithm"},
{"pkeyopt", OPT_PKEYOPT, 's',
"Set the public key algorithm option as opt:value"},
{"genparam", OPT_GENPARAM, '-', "Generate parameters, not key"},
{"text", OPT_TEXT, '-', "Print the in text"},
{"", OPT_CIPHER, '-', "Cipher to use to encrypt the key"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{OPT_HELP_STR, 1, 1,
"Order of options may be important! See the documentation.\n"},
{NULL}
};
int MAIN(int argc, char **argv)
int genpkey_main(int argc, char **argv)
{
ENGINE *e = NULL;
char **args, *outfile = NULL;
char *passarg = NULL;
BIO *in = NULL, *out = NULL;
const EVP_CIPHER *cipher = NULL;
int outformat;
int text = 0;
ENGINE *e = NULL;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
char *pass = NULL;
int badarg = 0;
int ret = 1, rv;
char *outfile = NULL, *passarg = NULL, *pass = NULL, *prog;
const EVP_CIPHER *cipher = NULL;
OPTION_CHOICE o;
int outformat = FORMAT_PEM, text = 0, ret = 1, rv, do_param = 0;
int do_param = 0;
prog = opt_init(argc, argv, genpkey_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
ret = 0;
opt_help(genpkey_options);
goto end;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
case OPT_OUT:
outfile = opt_arg();
break;
if (bio_err == NULL)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
goto end;
outformat = FORMAT_PEM;
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
args = argv + 1;
while (!badarg && *args && *args[0] == '-') {
if (!strcmp(*args, "-outform")) {
if (args[1]) {
args++;
outformat = str2fmt(*args);
} else
badarg = 1;
} else if (!strcmp(*args, "-pass")) {
if (!args[1])
goto bad;
passarg = *(++args);
}
case OPT_PASS:
passarg = opt_arg();
break;
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*args, "-engine") == 0) {
if (!args[1])
goto bad;
e = setup_engine(bio_err, *(++args), 0);
}
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
#endif
else if (!strcmp(*args, "-paramfile")) {
if (!args[1])
goto bad;
args++;
case OPT_PARAMFILE:
if (do_param == 1)
goto bad;
if (!init_keygen_file(bio_err, &ctx, *args, e))
goto opthelp;
if (!init_keygen_file(&ctx, opt_arg(), e))
goto end;
} else if (!strcmp(*args, "-out")) {
if (args[1]) {
args++;
outfile = *args;
} else
badarg = 1;
} else if (strcmp(*args, "-algorithm") == 0) {
if (!args[1])
goto bad;
if (!init_gen_str(bio_err, &ctx, *(++args), e, do_param))
break;
case OPT_ALGORITHM:
if (!init_gen_str(&ctx, opt_arg(), e, do_param))
goto end;
} else if (strcmp(*args, "-pkeyopt") == 0) {
if (!args[1])
goto bad;
if (!ctx) {
BIO_puts(bio_err, "No keytype specified\n");
goto bad;
} else if (pkey_ctrl_string(ctx, *(++args)) <= 0) {
BIO_puts(bio_err, "parameter setting error\n");
break;
case OPT_PKEYOPT:
if (ctx == NULL) {
BIO_printf(bio_err, "%s: No keytype specified.\n", prog);
goto opthelp;
}
if (pkey_ctrl_string(ctx, opt_arg()) <= 0) {
BIO_printf(bio_err,
"%s: Error setting %s parameter:\n",
prog, opt_arg());
ERR_print_errors(bio_err);
goto end;
}
} else if (strcmp(*args, "-genparam") == 0) {
if (ctx)
goto bad;
break;
case OPT_GENPARAM:
if (ctx != NULL)
goto opthelp;
do_param = 1;
} else if (strcmp(*args, "-text") == 0)
break;
case OPT_TEXT:
text = 1;
else {
cipher = EVP_get_cipherbyname(*args + 1);
if (!cipher) {
BIO_printf(bio_err, "Unknown cipher %s\n", *args + 1);
badarg = 1;
}
if (do_param == 1)
badarg = 1;
break;
case OPT_CIPHER:
if (!opt_cipher(opt_unknown(), &cipher)
|| do_param == 1)
goto opthelp;
}
args++;
}
argc = opt_num_rest();
argv = opt_rest();
if (!ctx)
badarg = 1;
if (ctx == NULL)
goto opthelp;
if (badarg) {
bad:
BIO_printf(bio_err, "Usage: genpkey [options]\n");
BIO_printf(bio_err, "where options may be\n");
BIO_printf(bio_err, "-out file output file\n");
BIO_printf(bio_err,
"-outform X output format (DER or PEM)\n");
BIO_printf(bio_err,
"-pass arg output file pass phrase source\n");
BIO_printf(bio_err,
"-<cipher> use cipher <cipher> to encrypt the key\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,
"-engine e use engine e, possibly a hardware device.\n");
#endif
BIO_printf(bio_err, "-paramfile file parameters file\n");
BIO_printf(bio_err, "-algorithm alg the public key algorithm\n");
BIO_printf(bio_err,
"-pkeyopt opt:value set the public key algorithm option <opt>\n"
" to value <value>\n");
BIO_printf(bio_err,
"-genparam generate parameters, not key\n");
BIO_printf(bio_err, "-text print the in text\n");
BIO_printf(bio_err,
"NB: options order may be important! See the manual page.\n");
goto end;
}
if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) {
if (!app_passwd(passarg, NULL, &pass, NULL)) {
BIO_puts(bio_err, "Error getting password\n");
goto end;
}
if (outfile) {
if (!(out = BIO_new_file(outfile, "wb"))) {
BIO_printf(bio_err, "Can't open output file %s\n", outfile);
goto end;
}
} else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
out = bio_open_default(outfile, "wb");
if (out == NULL)
goto end;
EVP_PKEY_CTX_set_cb(ctx, genpkey_cb);
EVP_PKEY_CTX_set_app_data(ctx, bio_err);
@ -278,20 +243,19 @@ int MAIN(int argc, char **argv)
return ret;
}
static int init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx,
const char *file, ENGINE *e)
static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e)
{
BIO *pbio;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
if (*pctx) {
BIO_puts(err, "Parameters already set!\n");
BIO_puts(bio_err, "Parameters already set!\n");
return 0;
}
pbio = BIO_new_file(file, "r");
if (!pbio) {
BIO_printf(err, "Can't open parameter file %s\n", file);
BIO_printf(bio_err, "Can't open parameter file %s\n", file);
return 0;
}
@ -313,15 +277,15 @@ static int init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx,
return 1;
err:
BIO_puts(err, "Error initializing context\n");
ERR_print_errors(err);
BIO_puts(bio_err, "Error initializing context\n");
ERR_print_errors(bio_err);
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(pkey);
return 0;
}
int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
int init_gen_str(EVP_PKEY_CTX **pctx,
const char *algname, ENGINE *e, int do_param)
{
EVP_PKEY_CTX *ctx = NULL;
@ -330,7 +294,7 @@ int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
int pkey_id;
if (*pctx) {
BIO_puts(err, "Algorithm already set!\n");
BIO_puts(bio_err, "Algorithm already set!\n");
return 0;
}
@ -369,8 +333,8 @@ int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
return 1;
err:
BIO_printf(err, "Error initializing %s context\n", algname);
ERR_print_errors(err);
BIO_printf(bio_err, "Error initializing %s context\n", algname);
ERR_print_errors(bio_err);
EVP_PKEY_CTX_free(ctx);
return 0;

256
apps/genrsa.c
View File

@ -1,4 +1,3 @@
/* apps/genrsa.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -74,192 +73,108 @@
# include <openssl/rand.h>
# define DEFBITS 2048
# undef PROG
# define PROG genrsa_main
static int genrsa_cb(int p, int n, BN_GENCB *cb);
int MAIN(int, char **);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_3, OPT_F4, OPT_NON_FIPS_ALLOW, OPT_ENGINE,
OPT_OUT, OPT_RAND, OPT_PASSOUT, OPT_CIPHER
} OPTION_CHOICE;
int MAIN(int argc, char **argv)
OPTIONS genrsa_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"3", OPT_3, '-', "Use 3 for the E value"},
{"F4", OPT_F4, '-', "Use F4 (0x10001) for the E value"},
{"f4", OPT_F4, '-', "Use F4 (0x10001) for the E value"},
{"non-fips-allow", OPT_NON_FIPS_ALLOW, '-'},
{"out", OPT_OUT, 's', "Output the key to specified file"},
{"rand", OPT_RAND, 's',
"Load the file(s) into the random number generator"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
{"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
{NULL}
};
int genrsa_main(int argc, char **argv)
{
BN_GENCB *cb = NULL;
# ifndef OPENSSL_NO_ENGINE
BN_GENCB *cb = BN_GENCB_new();
ENGINE *e = NULL;
# endif
int ret = 1;
int non_fips_allow = 0;
int num = DEFBITS;
const EVP_CIPHER *enc = NULL;
unsigned long f4 = RSA_F4;
char *outfile = NULL;
char *passargout = NULL, *passout = NULL;
char *hexe, *dece;
# ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
# endif
char *inrand = NULL;
BIO *out = NULL;
BIGNUM *bn = BN_new();
BIO *out = NULL;
RSA *rsa = NULL;
if (!bn)
goto err;
const EVP_CIPHER *enc = NULL;
int ret = 1, non_fips_allow = 0, num = DEFBITS;
unsigned long f4 = RSA_F4;
char *outfile = NULL, *passoutarg = NULL, *passout = NULL;
char *engine = NULL, *inrand = NULL, *prog;
char *hexe, *dece;
OPTION_CHOICE o;
cb = BN_GENCB_new();
if (!cb)
goto err;
apps_startup();
if (!bn || !cb)
goto end;
BN_GENCB_set(cb, genrsa_cb, bio_err);
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto err;
if ((out = BIO_new(BIO_s_file())) == NULL) {
BIO_printf(bio_err, "unable to create BIO for output\n");
goto err;
}
argv++;
argc--;
for (;;) {
if (argc <= 0)
break;
if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
outfile = *(++argv);
} else if (strcmp(*argv, "-3") == 0)
prog = opt_init(argc, argv, genrsa_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
ret = 0;
opt_help(genrsa_options);
goto end;
case OPT_3:
f4 = 3;
else if (strcmp(*argv, "-F4") == 0 || strcmp(*argv, "-f4") == 0)
f4 = RSA_F4;
# ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv, "-engine") == 0) {
if (--argc < 1)
goto bad;
engine = *(++argv);
}
# endif
else if (strcmp(*argv, "-rand") == 0) {
if (--argc < 1)
goto bad;
inrand = *(++argv);
}
# ifndef OPENSSL_NO_DES
else if (strcmp(*argv, "-des") == 0)
enc = EVP_des_cbc();
else if (strcmp(*argv, "-des3") == 0)
enc = EVP_des_ede3_cbc();
# endif
# ifndef OPENSSL_NO_IDEA
else if (strcmp(*argv, "-idea") == 0)
enc = EVP_idea_cbc();
# endif
# ifndef OPENSSL_NO_SEED
else if (strcmp(*argv, "-seed") == 0)
enc = EVP_seed_cbc();
# endif
# ifndef OPENSSL_NO_AES
else if (strcmp(*argv, "-aes128") == 0)
enc = EVP_aes_128_cbc();
else if (strcmp(*argv, "-aes192") == 0)
enc = EVP_aes_192_cbc();
else if (strcmp(*argv, "-aes256") == 0)
enc = EVP_aes_256_cbc();
# endif
# ifndef OPENSSL_NO_CAMELLIA
else if (strcmp(*argv, "-camellia128") == 0)
enc = EVP_camellia_128_cbc();
else if (strcmp(*argv, "-camellia192") == 0)
enc = EVP_camellia_192_cbc();
else if (strcmp(*argv, "-camellia256") == 0)
enc = EVP_camellia_256_cbc();
# endif
else if (strcmp(*argv, "-passout") == 0) {
if (--argc < 1)
goto bad;
passargout = *(++argv);
} else if (strcmp(*argv, "-non-fips-allow") == 0)
non_fips_allow = 1;
else
break;
argv++;
argc--;
}
if ((argc >= 1) && ((sscanf(*argv, "%d", &num) == 0) || (num < 0))) {
bad:
BIO_printf(bio_err, "usage: genrsa [args] [numbits]\n");
BIO_printf(bio_err,
" -des encrypt the generated key with DES in cbc mode\n");
BIO_printf(bio_err,
" -des3 encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
# ifndef OPENSSL_NO_IDEA
BIO_printf(bio_err,
" -idea encrypt the generated key with IDEA in cbc mode\n");
# endif
# ifndef OPENSSL_NO_SEED
BIO_printf(bio_err, " -seed\n");
BIO_printf(bio_err,
" encrypt PEM output with cbc seed\n");
# endif
# ifndef OPENSSL_NO_AES
BIO_printf(bio_err, " -aes128, -aes192, -aes256\n");
BIO_printf(bio_err,
" encrypt PEM output with cbc aes\n");
# endif
# ifndef OPENSSL_NO_CAMELLIA
BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n");
BIO_printf(bio_err,
" encrypt PEM output with cbc camellia\n");
# endif
BIO_printf(bio_err, " -out file output the key to 'file\n");
BIO_printf(bio_err,
" -passout arg output file pass phrase source\n");
BIO_printf(bio_err,
" -f4 use F4 (0x10001) for the E value\n");
BIO_printf(bio_err, " -3 use 3 for the E value\n");
# ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,
" -engine e use engine e, possibly a hardware device.\n");
# endif
BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
LIST_SEPARATOR_CHAR);
BIO_printf(bio_err,
" load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n");
goto err;
case OPT_F4:
f4 = RSA_F4;
break;
case OPT_NON_FIPS_ALLOW:
non_fips_allow = 1;
break;
case OPT_OUT:
outfile = opt_arg();
case OPT_ENGINE:
engine = opt_arg();
break;
case OPT_RAND:
inrand = opt_arg();
break;
case OPT_PASSOUT:
passoutarg = opt_arg();
break;
case OPT_CIPHER:
if (!opt_cipher(opt_unknown(), &enc))
goto end;
break;
}
}
argc = opt_num_rest();
argv = opt_rest();
ERR_load_crypto_strings();
if (argv[0] && (!opt_int(argv[0], &num) || num <= 0))
goto end;
if (!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
if (!app_passwd(NULL, passoutarg, NULL, &passout)) {
BIO_printf(bio_err, "Error getting password\n");
goto err;
goto end;
}
# ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
e = setup_engine(engine, 0);
# endif
if (outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
# ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
# endif
} else {
if (BIO_write_filename(out, outfile) <= 0) {
perror(outfile);
goto err;
}
}
out = bio_open_default(outfile, "w");
if (out == NULL)
goto end;
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
if (!app_RAND_load_file(NULL, 1) && inrand == NULL
&& !RAND_status()) {
BIO_printf(bio_err,
"warning, not much extra random data, consider using the -rand option\n");
@ -276,15 +191,15 @@ int MAIN(int argc, char **argv)
rsa = RSA_new_method(e);
# endif
if (!rsa)
goto err;
goto end;
if (non_fips_allow)
rsa->flags |= RSA_FLAG_NON_FIPS_ALLOW;
if (!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, cb))
goto err;
goto end;
app_RAND_write_file(NULL, bio_err);
app_RAND_write_file(NULL);
hexe = BN_bn2hex(rsa->e);
dece = BN_bn2dec(rsa->e);
@ -302,11 +217,11 @@ int MAIN(int argc, char **argv)
if (!PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0,
(pem_password_cb *)password_callback,
&cb_data))
goto err;
goto end;
}
ret = 0;
err:
end:
if (bn)
BN_free(bn);
if (cb)
@ -317,8 +232,7 @@ int MAIN(int argc, char **argv)
OPENSSL_free(passout);
if (ret != 0)
ERR_print_errors(bio_err);
apps_shutdown();
OPENSSL_EXIT(ret);
return (ret);
}
static int genrsa_cb(int p, int n, BN_GENCB *cb)

2
apps/makeapps.com
View File

@ -178,7 +178,7 @@ $! NOTE: Some might think this list ugly. However, it's made this way to
$! reflect the E_OBJ variable in Makefile as closely as possible, thereby
$! making it fairly easy to verify that the lists are the same.
$!
$ LIB_OPENSSL = "VERIFY,ASN1PARS,REQ,DGST,DH,DHPARAM,ENC,PASSWD,GENDH,ERRSTR,"+-
$ LIB_OPENSSL = "VERIFY,ASN1PARS,REQ,DGST,DHPARAM,ENC,PASSWD,ERRSTR,"+-
"CA,PKCS7,CRL2P7,CRL,"+-
"RSA,RSAUTL,DSA,DSAPARAM,EC,ECPARAM,"+-
"X509,GENRSA,GENDSA,GENPKEY,S_SERVER,S_CLIENT,SPEED,"+-

120
apps/nseq.c
View File

@ -1,4 +1,3 @@
/* nseq.c */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 1999.
@ -63,84 +62,71 @@
#include <openssl/pem.h>
#include <openssl/err.h>
#undef PROG
#define PROG nseq_main
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_TOSEQ, OPT_IN, OPT_OUT
} OPTION_CHOICE;
int MAIN(int, char **);
OPTIONS nseq_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"toseq", OPT_TOSEQ, '-', "Output NS Sequence file"},
{"in", OPT_IN, '<', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
{NULL}
};
int MAIN(int argc, char **argv)
int nseq_main(int argc, char **argv)
{
char **args, *infile = NULL, *outfile = NULL;
BIO *in = NULL, *out = NULL;
int toseq = 0;
X509 *x509 = NULL;
NETSCAPE_CERT_SEQUENCE *seq = NULL;
int i, ret = 1;
int badarg = 0;
if (bio_err == NULL)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
ERR_load_crypto_strings();
args = argv + 1;
while (!badarg && *args && *args[0] == '-') {
if (!strcmp(*args, "-toseq"))
OPTION_CHOICE o;
int toseq = 0, ret = 1, i;
char *infile = NULL, *outfile = NULL, *prog;
prog = opt_init(argc, argv, nseq_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
ret = 0;
opt_help(nseq_options);
goto end;
case OPT_TOSEQ:
toseq = 1;
else if (!strcmp(*args, "-in")) {
if (args[1]) {
args++;
infile = *args;
} else
badarg = 1;
} else if (!strcmp(*args, "-out")) {
if (args[1]) {
args++;
outfile = *args;
} else
badarg = 1;
} else
badarg = 1;
args++;
}
if (badarg) {
BIO_printf(bio_err, "Netscape certificate sequence utility\n");
BIO_printf(bio_err, "Usage nseq [options]\n");
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, "-in file input file\n");
BIO_printf(bio_err, "-out file output file\n");
BIO_printf(bio_err, "-toseq output NS Sequence file\n");
OPENSSL_EXIT(1);
}
if (infile) {
if (!(in = BIO_new_file(infile, "r"))) {
BIO_printf(bio_err, "Can't open input file %s\n", infile);
goto end;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUT:
outfile = opt_arg();
break;
}
} else
in = BIO_new_fp(stdin, BIO_NOCLOSE);
if (outfile) {
if (!(out = BIO_new_file(outfile, "w"))) {
BIO_printf(bio_err, "Can't open output file %s\n", outfile);
goto end;
}
} else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
argc = opt_num_rest();
argv = opt_rest();
in = bio_open_default(infile, "r");
if (in == NULL)
goto end;
out = bio_open_default(outfile, "w");
if (out == NULL)
goto end;
if (toseq) {
seq = NETSCAPE_CERT_SEQUENCE_new();
seq->certs = sk_X509_new_null();
if (!seq->certs)
goto end;
while ((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL)))
sk_X509_push(seq->certs, x509);
if (!sk_X509_num(seq->certs)) {
BIO_printf(bio_err, "Error reading certs file %s\n", infile);
BIO_printf(bio_err, "%s: Error reading certs file %s\n",
prog, infile);
ERR_print_errors(bio_err);
goto end;
}
@ -149,8 +135,10 @@ int MAIN(int argc, char **argv)
goto end;
}
if (!(seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL))) {
BIO_printf(bio_err, "Error reading sequence file %s\n", infile);
seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL);
if (seq == NULL) {
BIO_printf(bio_err, "%s: Error reading sequence file %s\n",
prog, infile);
ERR_print_errors(bio_err);
goto end;
}
@ -166,5 +154,5 @@ int MAIN(int argc, char **argv)
BIO_free_all(out);
NETSCAPE_CERT_SEQUENCE_free(seq);
OPENSSL_EXIT(ret);
return (ret);
}

957
apps/ocsp.c
View File

File diff suppressed because it is too large Load Diff

735
apps/openssl.c
View File

@ -1,4 +1,3 @@
/* apps/openssl.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -112,9 +111,6 @@
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#define OPENSSL_C /* tells apps.h to use complete
* apps_startup() */
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/crypto.h>
#include <openssl/rand.h>
@ -126,14 +122,35 @@
#ifndef OPENSSL_NO_ENGINE
# include <openssl/engine.h>
#endif
#define USE_SOCKETS /* needed for the _O_BINARY defs in the MS
* world */
#include "progs.h"
/* needed for the _O_BINARY defs in the MS world */
#define USE_SOCKETS
#include "s_apps.h"
#include <openssl/err.h>
#ifdef OPENSSL_FIPS
# include <openssl/fips.h>
#endif
#define INCLUDE_FUNCTION_TABLE
#include "apps.h"
#if 1
# define LIST_STANDARD_COMMANDS "list-standard-commands"
# define LIST_MESSAGE_DIGEST_COMMANDS "list-message-digest-commands"
# define LIST_MESSAGE_DIGEST_ALGORITHMS "list-message-digest-algorithms"
# define LIST_CIPHER_COMMANDS "list-cipher-commands"
# define LIST_CIPHER_ALGORITHMS "list-cipher-algorithms"
# define LIST_PUBLIC_KEY_ALGORITHMS "list-public-key-algorithms"
#endif
#ifdef OPENSSL_NO_CAMELLIA
# define FORMAT "%-15s"
# define COLUMNS 5
#else
# define FORMAT "%-18s"
# define COLUMNS 4
#endif
/* Special sentinel to exit the program. */
#define EXIT_THE_PROGRAM (-1)
/*
* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with
@ -141,28 +158,103 @@
* required type of "FUNCTION*"). This removes the necessity for
* macro-generated wrapper functions.
*/
DECLARE_LHASH_OF(FUNCTION);
static LHASH_OF(FUNCTION) *prog_init(void);
static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[]);
static void list_pkey(BIO *out);
static void list_cipher(BIO *out);
static void list_md(BIO *out);
static int list_pkey(void);
static int list_cipher(void);
static int list_md(void);
static int list_type(FUNC_TYPE list_type);
char *default_config_file = NULL;
/* Make sure there is only one when MONOLITH is defined */
#ifdef MONOLITH
CONF *config = NULL;
BIO *bio_in = NULL;
BIO *bio_out = NULL;
BIO *bio_err = NULL;
static void apps_startup()
{
#ifdef SIGPIPE
signal(SIGPIPE, SIG_IGN);
#endif
CRYPTO_malloc_init();
ERR_load_crypto_strings();
ERR_load_SSL_strings();
OpenSSL_add_all_algorithms();
OpenSSL_add_ssl_algorithms();
setup_ui_method();
/*SSL_library_init();*/
#ifndef OPENSSL_NO_ENGINE
ENGINE_load_builtin_engines();
#endif
}
static void apps_shutdown()
{
#ifndef OPENSSL_NO_ENGINE
ENGINE_cleanup();
#endif
destroy_ui_method();
CONF_modules_unload(1);
#ifndef OPENSSL_NO_COMP
COMP_zlib_cleanup();
#endif
OBJ_cleanup();
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
ERR_remove_thread_state(NULL);
RAND_cleanup();
ERR_free_strings();
}
static char *make_config_name()
{
const char *t = X509_get_default_cert_area();
size_t len;
char *p;
len = strlen(t) + strlen(OPENSSL_CONF) + 2;
p = OPENSSL_malloc(len);
if (p == NULL)
return NULL;
BUF_strlcpy(p, t, len);
#ifndef OPENSSL_SYS_VMS
BUF_strlcat(p, "/", len);
#endif
BUF_strlcat(p, OPENSSL_CONF, len);
return p;
}
static int load_config(CONF *cnf)
{
static int load_config_called = 0;
if (load_config_called)
return 1;
load_config_called = 1;
if (!cnf)
cnf = config;
if (!cnf)
return 1;
OPENSSL_load_builtin_modules();
if (CONF_modules_load(cnf, NULL, 0) <= 0) {
BIO_printf(bio_err, "Error configuring OpenSSL\n");
ERR_print_errors(bio_err);
return 0;
}
return 1;
}
static void lock_dbg_cb(int mode, int type, const char *file, int line)
{
static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
static int modes[CRYPTO_NUM_LOCKS];
const char *errstr = NULL;
int rw;
int rw = mode & (CRYPTO_READ | CRYPTO_WRITE);
rw = mode & (CRYPTO_READ | CRYPTO_WRITE);
if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE))) {
if (rw != CRYPTO_READ && rw != CRYPTO_WRITE) {
errstr = "invalid mode";
goto err;
}
@ -175,12 +267,9 @@ static void lock_dbg_cb(int mode, int type, const char *file, int line)
if (mode & CRYPTO_LOCK) {
if (modes[type]) {
errstr = "already locked";
/*
* must not happen in a single-threaded program (would deadlock)
*/
/* must not happen in a single-threaded program --> deadlock! */
goto err;
}
modes[type] = rw;
} else if (mode & CRYPTO_UNLOCK) {
if (!modes[type]) {
@ -209,98 +298,83 @@ static void lock_dbg_cb(int mode, int type, const char *file, int line)
}
}
#if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64)
# define ARGV _Argv
#else
# define ARGV Argv
BIO *dup_bio_in(void)
{
return BIO_new_fp(stdin, BIO_NOCLOSE | BIO_FP_TEXT);
}
BIO *dup_bio_out(void)
{
BIO *b = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT);
#ifdef OPENSSL_SYS_VMS
b = BIO_push(BIO_new(BIO_f_linebuffer()), b);
#endif
return b;
}
void unbuffer(FILE *fp)
{
setbuf(fp, NULL);
}
BIO *bio_open_default(const char *filename, const char *mode)
{
BIO *ret;
if (filename == NULL || strcmp(filename, "-") == 0) {
ret = *mode == 'r' ? dup_bio_in() : dup_bio_out();
if (ret != NULL)
return ret;
BIO_printf(bio_err,
"Can't open %s, %s\n",
*mode == 'r' ? "stdin" : "stdout", strerror(errno));
} else {
ret = BIO_new_file(filename, mode);
if (ret != NULL)
return ret;
BIO_printf(bio_err,
"Can't open %s for %s, %s\n",
filename,
*mode == 'r' ? "reading" : "writing", strerror(errno));
}
ERR_print_errors(bio_err);
return NULL;
}
#if defined( OPENSSL_SYS_VMS)
extern char **copy_argv(int *argc, char **argv);
#endif
int main(int Argc, char *ARGV[])
int main(int argc, char *argv[])
{
ARGS arg;
#define PROG_NAME_SIZE 39
char pname[PROG_NAME_SIZE + 1];
FUNCTION f, *fp;
const char *prompt;
char buf[1024];
char *to_free = NULL;
int n, i, ret = 0;
int argc;
char **argv, *p;
LHASH_OF(FUNCTION) *prog = NULL;
char **copied_argv = NULL;
char *p, *pname, *to_free = NULL;
char buf[1024];
const char *prompt;
ARGS arg;
int first, n, i, ret = 0;
long errline;
#if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64)
/*-
* 2011-03-22 SMS.
* If we have 32-bit pointers everywhere, then we're safe, and
* we bypass this mess, as on non-VMS systems. (See ARGV,
* above.)
* Problem 1: Compaq/HP C before V7.3 always used 32-bit
* pointers for argv[].
* Fix 1: For a 32-bit argv[], when we're using 64-bit pointers
* everywhere else, we always allocate and use a 64-bit
* duplicate of argv[].
* Problem 2: Compaq/HP C V7.3 (Alpha, IA64) before ECO1 failed
* to NULL-terminate a 64-bit argv[]. (As this was written, the
* compiler ECO was available only on IA64.)
* Fix 2: Unless advised not to (VMS_TRUST_ARGV), we test a
* 64-bit argv[argc] for NULL, and, if necessary, use a
* (properly) NULL-terminated (64-bit) duplicate of argv[].
* The same code is used in either case to duplicate argv[].
* Some of these decisions could be handled in preprocessing,
* but the code tends to get even uglier, and the penalty for
* deciding at compile- or run-time is tiny.
*/
char **Argv = NULL;
int free_Argv = 0;
arg.argv = NULL;
arg.size = 0;
if ((sizeof(_Argv) < 8) /* 32-bit argv[]. */
# if !defined( VMS_TRUST_ARGV)
|| (_Argv[Argc] != NULL) /* Untrusted argv[argc] not NULL. */
# endif
) {
int i;
Argv = OPENSSL_malloc((Argc + 1) * sizeof(char *));
if (Argv == NULL) {
ret = -1;
goto end;
}
for (i = 0; i < Argc; i++)
Argv[i] = _Argv[i];
Argv[Argc] = NULL; /* Certain NULL termination. */
free_Argv = 1;
#if defined( OPENSSL_SYS_VMS)
copied_argv = argv = copy_argv(&argc, argv);
#endif
p = getenv("OPENSSL_DEBUG_MEMORY");
if (p == NULL)
/* if not set, use compiled-in default */
;
else if (strcmp(p, "off") != 0) {
CRYPTO_malloc_debug_init();
CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
} else {
/*
* Use the known-good 32-bit argv[] (which needs the type cast to
* satisfy the compiler), or the trusted or tested-good 64-bit argv[]
* as-is.
*/
Argv = (char **)_Argv;
}
#endif /* defined( OPENSSL_SYS_VMS) &&
* (__INITIAL_POINTER_SIZE == 64) */
arg.data = NULL;
arg.count = 0;
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (getenv("OPENSSL_DEBUG_MEMORY") != NULL) { /* if not defined, use
* compiled-in library
* defaults */
if (!(0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))) {
CRYPTO_malloc_debug_init();
CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
} else {
/* OPENSSL_DEBUG_MEMORY=off */
CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
}
CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
}
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
CRYPTO_set_locking_callback(lock_dbg_cb);
if (getenv("OPENSSL_FIPS")) {
@ -318,21 +392,40 @@ int main(int Argc, char *ARGV[])
apps_startup();
/*
* If first argument is a colon, skip it. Because in "interactive"
* mode our prompt is a colon and we can cut/paste whole lines
* by doing this hack.
*/
if (argv[1] && strcmp(argv[1], ":") == 0) {
argv[1] = argv[0];
argc--;
argv++;
}
prog = prog_init();
pname = opt_progname(argv[0]);
/* Lets load up our environment a little */
p = getenv("OPENSSL_CONF");
if (p == NULL)
p = getenv("SSLEAY_CONF");
if (p == NULL)
p = to_free = make_config_name();
default_config_file = p;
bio_in = dup_bio_in();
bio_out = dup_bio_out();
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
/* Determine and load the config file. */
default_config_file = getenv("OPENSSL_CONF");
if (default_config_file == NULL)
default_config_file = getenv("SSLEAY_CONF");
if (default_config_file == NULL)
default_config_file = to_free = make_config_name();
if (!load_config(NULL))
goto end;
config = NCONF_new(NULL);
i = NCONF_load(config, p, &errline);
i = NCONF_load(config, default_config_file, &errline);
if (i == 0) {
if (ERR_GET_REASON(ERR_peek_last_error())
== CONF_R_NO_SUCH_FILE) {
BIO_printf(bio_err, "WARNING: can't open config file: %s\n", p);
BIO_printf(bio_err,
"%s: WARNING: can't open config file: %s\n",
pname, default_config_file);
ERR_clear_error();
NCONF_free(config);
config = NULL;
@ -343,45 +436,31 @@ int main(int Argc, char *ARGV[])
}
}
prog = prog_init();
/* first check the program name */
program_name(Argv[0], pname, sizeof pname);
f.name = pname;
fp = lh_FUNCTION_retrieve(prog, &f);
if (fp != NULL) {
Argv[0] = pname;
ret = fp->func(Argc, Argv);
argv[0] = pname;
ret = fp->func(argc, argv);
goto end;
}
/*
* ok, now check that there are not arguments, if there are, run with
* them, shifting the ssleay off the front
*/
if (Argc != 1) {
Argc--;
Argv++;
ret = do_cmd(prog, Argc, Argv);
/* If there is stuff on the command line, run with that. */
if (argc != 1) {
argc--;
argv++;
ret = do_cmd(prog, argc, argv);
if (ret < 0)
ret = 0;
goto end;
}
/* ok, lets enter the old 'OpenSSL>' mode */
/* ok, lets enter interactive mode */
for (;;) {
ret = 0;
p = buf;
n = sizeof buf;
i = 0;
for (;;) {
for (p = buf, n = sizeof buf, i = 0, first = 1;; first = 0) {
prompt = first ? "OpenSSL> " : "> ";
p[0] = '\0';
if (i++)
prompt = ">";
else
prompt = "OpenSSL> ";
fputs(prompt, stdout);
fflush(stdout);
if (!fgets(p, n, stdin))
@ -397,21 +476,25 @@ int main(int Argc, char *ARGV[])
p += i;
n -= i;
}
if (!chopup_args(&arg, buf, &argc, &argv))
if (!chopup_args(&arg, buf)) {
BIO_printf(bio_err, "Can't parse (no memory?)\n");
break;
}
ret = do_cmd(prog, argc, argv);
if (ret < 0) {
ret = do_cmd(prog, arg.argc, arg.argv);
if (ret == EXIT_THE_PROGRAM) {
ret = 0;
goto end;
}
if (ret != 0)
BIO_printf(bio_err, "error in %s\n", argv[0]);
BIO_printf(bio_err, "error in %s\n", arg.argv[0]);
(void)BIO_flush(bio_out);
(void)BIO_flush(bio_err);
}
BIO_printf(bio_err, "bad exit\n");
ret = 1;
end:
if (copied_argv)
OPENSSL_free(copied_argv);
if (to_free)
OPENSSL_free(to_free);
if (config != NULL) {
@ -420,179 +503,222 @@ int main(int Argc, char *ARGV[])
}
if (prog != NULL)
lh_FUNCTION_free(prog);
if (arg.data != NULL)
OPENSSL_free(arg.data);
if (arg.argv != NULL)
OPENSSL_free(arg.argv);
#if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64)
/* Free any duplicate Argv[] storage. */
if (free_Argv) {
OPENSSL_free(Argv);
}
#endif
BIO_free(bio_in);
BIO_free_all(bio_out);
apps_shutdown();
CRYPTO_mem_leaks(bio_err);
/*CRYPTO_mem_leaks(bio_err);
*/
BIO_free(bio_err);
bio_err = NULL;
OPENSSL_EXIT(ret);
return (ret);
}
#define LIST_STANDARD_COMMANDS "list-standard-commands"
#define LIST_MESSAGE_DIGEST_COMMANDS "list-message-digest-commands"
#define LIST_MESSAGE_DIGEST_ALGORITHMS "list-message-digest-algorithms"
#define LIST_CIPHER_COMMANDS "list-cipher-commands"
#define LIST_CIPHER_ALGORITHMS "list-cipher-algorithms"
#define LIST_PUBLIC_KEY_ALGORITHMS "list-public-key-algorithms"
OPTIONS exit_options[] = {
{NULL}
};
/* Unified enum for help and list commands. */
typedef enum HELPLIST_CHOICE {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_COMMANDS, OPT_DIGEST_COMMANDS,
OPT_DIGEST_ALGORITHMS, OPT_CIPHER_COMMANDS, OPT_CIPHER_ALGORITHMS,
OPT_PK_ALGORITHMS
} HELPLIST_CHOICE;
OPTIONS list_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"commands", OPT_COMMANDS, '-', "List of standard commands"},
{"digest-commands", OPT_DIGEST_COMMANDS, '-',
"List of message digest commands"},
{"digest-algorithms", OPT_DIGEST_ALGORITHMS, '-',
"List of message digest algorithms"},
{"cipher-commands", OPT_CIPHER_COMMANDS, '-', "List of cipher commands"},
{"cipher-algorithms", OPT_CIPHER_ALGORITHMS, '-',
"List of cipher algorithms"},
{"public-key-algorithms", OPT_PK_ALGORITHMS, '-',
"List of public key algorithms"},
{NULL}
};
int list_main(int argc, char **argv)
{
char *prog;
HELPLIST_CHOICE o;
prog = opt_init(argc, argv, list_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
return 1;
case OPT_HELP:
opt_help(list_options);
break;
case OPT_COMMANDS:
return list_type(FT_general);
case OPT_DIGEST_COMMANDS:
return list_type(FT_md);
case OPT_DIGEST_ALGORITHMS:
return list_md();
case OPT_CIPHER_COMMANDS:
return list_type(FT_cipher);
case OPT_CIPHER_ALGORITHMS:
return list_cipher();
case OPT_PK_ALGORITHMS:
return list_pkey();
}
}
return 0;
}
OPTIONS help_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{NULL}
};
int help_main(int argc, char **argv)
{
FUNCTION *fp;
int i, nl;
FUNC_TYPE tp;
char *prog;
HELPLIST_CHOICE o;
prog = opt_init(argc, argv, help_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
default:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
return 1;
case OPT_HELP:
opt_help(help_options);
return 0;
}
}
argc = opt_num_rest();
argv = opt_rest();
if (argc != 0) {
BIO_printf(bio_err, "Usage: %s\n", prog);
return 1;
}
BIO_printf(bio_err, "\nStandard commands");
i = 0;
tp = FT_none;
for (fp = functions; fp->name != NULL; fp++) {
nl = 0;
if (((i++) % COLUMNS) == 0) {
BIO_printf(bio_err, "\n");
nl = 1;
}
if (fp->type != tp) {
tp = fp->type;
if (!nl)
BIO_printf(bio_err, "\n");
if (tp == FT_md) {
i = 1;
BIO_printf(bio_err,
"\nMessage Digest commands (see the `dgst' command for more details)\n");
} else if (tp == FT_cipher) {
i = 1;
BIO_printf(bio_err,
"\nCipher commands (see the `enc' command for more details)\n");
}
}
BIO_printf(bio_err, FORMAT, fp->name);
}
BIO_printf(bio_err, "\n\n");
return 0;
}
int exit_main(int argc, char **argv)
{
return EXIT_THE_PROGRAM;
}
static int list_type(FUNC_TYPE flist_type)
{
FUNCTION *fp;
int i = 0;
for (fp = functions; fp->name != NULL; fp++)
if (fp->type == flist_type) {
if ((i++ % COLUMNS) == 0)
BIO_printf(bio_out, "\n");
BIO_printf(bio_out, FORMAT, fp->name);
}
BIO_printf(bio_out, "\n");
return 0;
}
static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[])
{
FUNCTION f, *fp;
int i, ret = 1, tp, nl;
if ((argc <= 0) || (argv[0] == NULL)) {
ret = 0;
goto end;
}
if (argc <= 0 || argv[0] == NULL)
return (0);
f.name = argv[0];
fp = lh_FUNCTION_retrieve(prog, &f);
if (fp == NULL) {
if (EVP_get_digestbyname(argv[0])) {
f.type = FUNC_TYPE_MD;
f.type = FT_md;
f.func = dgst_main;
fp = &f;
} else if (EVP_get_cipherbyname(argv[0])) {
f.type = FUNC_TYPE_CIPHER;
f.type = FT_cipher;
f.func = enc_main;
fp = &f;
}
}
if (fp != NULL) {
ret = fp->func(argc, argv);
} else if ((strncmp(argv[0], "no-", 3)) == 0) {
BIO *bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
bio_stdout = BIO_push(tmpbio, bio_stdout);
}
#endif
f.name = argv[0] + 3;
ret = (lh_FUNCTION_retrieve(prog, &f) != NULL);
if (!ret)
BIO_printf(bio_stdout, "%s\n", argv[0]);
else
BIO_printf(bio_stdout, "%s\n", argv[0] + 3);
BIO_free_all(bio_stdout);
goto end;
} else if ((strcmp(argv[0], "quit") == 0) ||
(strcmp(argv[0], "q") == 0) ||
(strcmp(argv[0], "exit") == 0) ||
(strcmp(argv[0], "bye") == 0)) {
ret = -1;
goto end;
} else if ((strcmp(argv[0], LIST_STANDARD_COMMANDS) == 0) ||
(strcmp(argv[0], LIST_MESSAGE_DIGEST_COMMANDS) == 0) ||
(strcmp(argv[0], LIST_MESSAGE_DIGEST_ALGORITHMS) == 0) ||
(strcmp(argv[0], LIST_CIPHER_COMMANDS) == 0) ||
(strcmp(argv[0], LIST_CIPHER_ALGORITHMS) == 0) ||
(strcmp(argv[0], LIST_PUBLIC_KEY_ALGORITHMS) == 0)) {
int list_type;
BIO *bio_stdout;
if (strcmp(argv[0], LIST_STANDARD_COMMANDS) == 0)
list_type = FUNC_TYPE_GENERAL;
else if (strcmp(argv[0], LIST_MESSAGE_DIGEST_COMMANDS) == 0)
list_type = FUNC_TYPE_MD;
else if (strcmp(argv[0], LIST_MESSAGE_DIGEST_ALGORITHMS) == 0)
list_type = FUNC_TYPE_MD_ALG;
else if (strcmp(argv[0], LIST_PUBLIC_KEY_ALGORITHMS) == 0)
list_type = FUNC_TYPE_PKEY;
else if (strcmp(argv[0], LIST_CIPHER_ALGORITHMS) == 0)
list_type = FUNC_TYPE_CIPHER_ALG;
else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */
list_type = FUNC_TYPE_CIPHER;
bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
bio_stdout = BIO_push(tmpbio, bio_stdout);
}
#endif
if (!load_config(bio_err, NULL))
goto end;
if (list_type == FUNC_TYPE_PKEY)
list_pkey(bio_stdout);
if (list_type == FUNC_TYPE_MD_ALG)
list_md(bio_stdout);
if (list_type == FUNC_TYPE_CIPHER_ALG)
list_cipher(bio_stdout);
else {
for (fp = functions; fp->name != NULL; fp++)
if (fp->type == list_type)
BIO_printf(bio_stdout, "%s\n", fp->name);
}
BIO_free_all(bio_stdout);
ret = 0;
goto end;
} else {
BIO_printf(bio_err, "openssl:Error: '%s' is an invalid command.\n",
argv[0]);
BIO_printf(bio_err, "\nStandard commands");
i = 0;
tp = 0;
for (fp = functions; fp->name != NULL; fp++) {
nl = 0;
#ifdef OPENSSL_NO_CAMELLIA
if (((i++) % 5) == 0)
#else
if (((i++) % 4) == 0)
#endif
{
BIO_printf(bio_err, "\n");
nl = 1;
}
if (fp->type != tp) {
tp = fp->type;
if (!nl)
BIO_printf(bio_err, "\n");
if (tp == FUNC_TYPE_MD) {
i = 1;
BIO_printf(bio_err,
"\nMessage Digest commands (see the `dgst' command for more details)\n");
} else if (tp == FUNC_TYPE_CIPHER) {
i = 1;
BIO_printf(bio_err,
"\nCipher commands (see the `enc' command for more details)\n");
}
}
#ifdef OPENSSL_NO_CAMELLIA
BIO_printf(bio_err, "%-15s", fp->name);
#else
BIO_printf(bio_err, "%-18s", fp->name);
#endif
}
BIO_printf(bio_err, "\n\n");
ret = 0;
return (fp->func(argc, argv));
}
end:
return (ret);
if ((strncmp(argv[0], "no-", 3)) == 0) {
/*
* User is asking if foo is unsupported, by trying to "run" the
* no-foo command. Strange.
*/
f.name = argv[0] + 3;
if (lh_FUNCTION_retrieve(prog, &f) == NULL) {
BIO_printf(bio_out, "%s\n", argv[0]);
return (0);
}
BIO_printf(bio_out, "%s\n", argv[0] + 3);
return 1;
}
if (strcmp(argv[0], "quit") == 0 || strcmp(argv[0], "q") == 0 ||
strcmp(argv[0], "exit") == 0 || strcmp(argv[0], "bye") == 0)
/* Special value to mean "exit the program. */
return EXIT_THE_PROGRAM;
#ifdef LIST_STANDARD_COMMANDS
if (strcmp(argv[0], LIST_STANDARD_COMMANDS) == 0)
return list_type(FT_general);
if (strcmp(argv[0], LIST_MESSAGE_DIGEST_ALGORITHMS) == 0)
return list_md();
if (strcmp(argv[0], LIST_PUBLIC_KEY_ALGORITHMS) == 0)
return list_pkey();
if (strcmp(argv[0], LIST_CIPHER_ALGORITHMS) == 0)
return list_cipher();
if (strcmp(argv[0], LIST_CIPHER_COMMANDS) == 0)
return list_type(FT_cipher);
if (strcmp(argv[0], LIST_MESSAGE_DIGEST_COMMANDS) == 0)
return list_type(FT_md);
#endif
BIO_printf(bio_err, "Invalid command '%s'; type \"help\" for a list.\n",
argv[0]);
return (1);
}
static int SortFnByName(const void *_f1, const void *_f2)
{
const FUNCTION *f1 = _f1;
const FUNCTION *f2 = _f2;
if (f1->type != f2->type)
return f1->type - f2->type;
return strcmp(f1->name, f2->name);
}
static void list_pkey(BIO *out)
static int list_pkey(void)
{
int i;
for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
const EVP_PKEY_ASN1_METHOD *ameth;
int pkey_id, pkey_base_id, pkey_flags;
@ -601,21 +727,22 @@ static void list_pkey(BIO *out)
EVP_PKEY_asn1_get0_info(&pkey_id, &pkey_base_id, &pkey_flags,
&pinfo, &pem_str, ameth);
if (pkey_flags & ASN1_PKEY_ALIAS) {
BIO_printf(out, "Name: %s\n", OBJ_nid2ln(pkey_id));
BIO_printf(out, "\tType: Alias to %s\n",
BIO_printf(bio_out, "Name: %s\n", OBJ_nid2ln(pkey_id));
BIO_printf(bio_out, "\tAlias for: %s\n",
OBJ_nid2ln(pkey_base_id));
} else {
BIO_printf(out, "Name: %s\n", pinfo);
BIO_printf(out, "\tType: %s Algorithm\n",
BIO_printf(bio_out, "Name: %s\n", pinfo);
BIO_printf(bio_out, "\tType: %s Algorithm\n",
pkey_flags & ASN1_PKEY_DYNAMIC ?
"External" : "Builtin");
BIO_printf(out, "\tOID: %s\n", OBJ_nid2ln(pkey_id));
BIO_printf(bio_out, "\tOID: %s\n", OBJ_nid2ln(pkey_id));
if (pem_str == NULL)
pem_str = "(none)";
BIO_printf(out, "\tPEM string: %s\n", pem_str);
BIO_printf(bio_out, "\tPEM string: %s\n", pem_str);
}
}
return 0;
}
static void list_cipher_fn(const EVP_CIPHER *c,
@ -632,9 +759,10 @@ static void list_cipher_fn(const EVP_CIPHER *c,
}
}
static void list_cipher(BIO *out)
static int list_cipher(void)
{
EVP_CIPHER_do_all_sorted(list_cipher_fn, out);
EVP_CIPHER_do_all_sorted(list_cipher_fn, bio_out);
return 0;
}
static void list_md_fn(const EVP_MD *m,
@ -647,13 +775,14 @@ static void list_md_fn(const EVP_MD *m,
from = "<undefined>";
if (!to)
to = "<undefined>";
BIO_printf(arg, "%s => %s\n", from, to);
BIO_printf((BIO *)arg, "%s => %s\n", from, to);
}
}
static void list_md(BIO *out)
static int list_md(void)
{
EVP_MD_do_all_sorted(list_md_fn, out);
EVP_MD_do_all_sorted(list_md_fn, bio_out);
return 0;
}
static int function_cmp(const FUNCTION * a, const FUNCTION * b)
@ -670,13 +799,23 @@ static unsigned long function_hash(const FUNCTION * a)
static IMPLEMENT_LHASH_HASH_FN(function, FUNCTION)
static int SortFnByName(const void *_f1, const void *_f2)
{
const FUNCTION *f1 = _f1;
const FUNCTION *f2 = _f2;
if (f1->type != f2->type)
return f1->type - f2->type;
return strcmp(f1->name, f2->name);
}
static LHASH_OF(FUNCTION) *prog_init(void)
{
LHASH_OF(FUNCTION) *ret;
FUNCTION *f;
size_t i;
/* Purely so it looks nice when the user hits ? */
/* Sort alphabetically within category. For nicer help displays. */
for (i = 0, f = functions; f->name != NULL; ++f, ++i) ;
qsort(functions, i, sizeof *functions, SortFnByName);

915
apps/opt.c Normal file
View File

@ -0,0 +1,915 @@
/* ====================================================================
* Copyright (c) 2015 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
/* #define COMPILE_STANDALONE_TEST_DRIVER */
#include "apps.h"
#include <assert.h>
#include <string.h>
#if !defined(OPENSSL_SYS_MSDOS)
# include OPENSSL_UNISTD
#endif
#include <unistd.h>
#include <stdlib.h>
#include <errno.h>
#include <ctype.h>
#include <openssl/bio.h>
#define MAX_OPT_HELP_WIDTH 30
const char OPT_HELP_STR[] = "--";
const char OPT_MORE_STR[] = "---";
/* Our state */
static char **argv;
static int argc;
static int opt_index;
static char *arg;
static char *flag;
static char *dunno;
static const OPTIONS *unknown;
static const OPTIONS *opts;
static char prog[40];
/*
* Return the simple name of the program; removing various platform gunk.
*/
#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_NETWARE)
char *opt_progname(const char *argv0)
{
int i;
int n;
const char *p;
char *q;
/* find the last '/', '\' or ':' */
for (p = argv0 + strlen(argv0); --p > argv0;)
if (*p == '/' || *p == '\\' || *p == ':') {
p++;
break;
}
/* Strip off trailing nonsense. */
n = strlen(p);
if (n > 4 &&
(strcmp(&p[n - 4], ".exe") == 0 || strcmp(&p[n - 4], ".EXE") == 0)
n -= 4;
#if defined(OPENSSL_SYS_NETWARE)
if (n > 4 &&
(strcmp(&p[n - 4], ".nlm") == 0 || strcmp(&p[n - 4], ".NLM") == 0)
n -= 4;
#endif
/* Copy over the name, in lowercase. */
if (n > sizeof prog - 1)
n = sizeof prog - 1;
for (q = prog, i = 0; i < n; i++, p++)
q++ = isupper(*p) ? tolower(*p) : *p;
*q = '\0';
return prog;
}
#elif defined(OPENSSL_SYS_VMS)
char *opt_progname(const char *argv0)
{
const char *p, *q;
/* Find last special charcter sys:[foo.bar]openssl */
for (p = argv0 + strlen(argv0); --p > argv0;)
if (*p == ':' || *p == ']' || *p == '>') {
p++;
break;
}
q = strrchr(p, '.');
strncpy(prog, p, sizeof prog - 1);
prog[sizeof prog - 1] = '\0';
if (q == NULL || q - p >= sizeof prog)
prog[q - p] = '\0';
return prog;
}
#else
char *opt_progname(const char *argv0)
{
const char *p;
/* Could use strchr, but this is like the ones above. */
for (p = argv0 + strlen(argv0); --p > argv0;)
if (*p == '/') {
p++;
break;
}
strncpy(prog, p, sizeof prog - 1);
prog[sizeof prog - 1] = '\0';
return prog;
}
#endif
char *opt_getprog(void)
{
return prog;
}
/* Set up the arg parsing. */
char *opt_init(int ac, char **av, const OPTIONS *o)
{
/* Store state. */
argc = ac;
argv = av;
opt_index = 1;
opts = o;
opt_progname(av[0]);
unknown = NULL;
for (; o->name; ++o) {
const OPTIONS *next;
#ifndef NDEBUG
int i;
#endif
if (o->name == OPT_HELP_STR || o->name == OPT_MORE_STR)
continue;
#ifndef NDEBUG
i = o->valtype;
/* Make sure options are legit. */
assert(o->name[0] != '-');
assert(o->retval > 0);
assert(i == 0 || i == '-'
|| i == 'n' || i == 'p' || i == 'u'
|| i == 's' || i == '<' || i == '>' || i == '/'
|| i == 'f' || i == 'F');
/* Make sure there are no duplicates. */
for (next = o; (++next)->name;) {
/*
* do allow aliases: assert(o->retval != next->retval);
*/
assert(strcmp(o->name, next->name) != 0);
}
#endif
if (o->name[0] == '\0') {
assert(unknown == NULL);
unknown = o;
assert(unknown->valtype == 0 || unknown->valtype == '-');
}
}
return prog;
}
static OPT_PAIR formats[] = {
{"PEM/DER", OPT_FMT_PEMDER},
{"pkcs12", OPT_FMT_PKCS12},
{"smime", OPT_FMT_SMIME},
{"engine", OPT_FMT_ENGINE},
{"msblob", OPT_FMT_MSBLOB},
{"netscape", OPT_FMT_NETSCAPE},
{"nss", OPT_FMT_NSS},
{"text", OPT_FMT_TEXT},
{"http", OPT_FMT_HTTP},
{"pvk", OPT_FMT_PVK},
{NULL}
};
/* Print an error message about a failed format parse. */
int opt_format_error(const char *s, unsigned long flags)
{
OPT_PAIR *ap;
if (flags == OPT_FMT_PEMDER)
BIO_printf(bio_err, "%s: Bad format \"%s\"; must be pem or der\n",
prog, s);
else {
BIO_printf(bio_err, "%s: Bad format \"%s\"; must be one of:\n",
prog, s);
for (ap = formats; ap->name; ap++)
if (flags & ap->retval)
BIO_printf(bio_err, " %s\n", ap->name);
}
return 0;
}
/* Parse a format string, put it into *result; return 0 on failure, else 1. */
int opt_format(const char *s, unsigned long flags, int *result)
{
switch (*s) {
default:
return 0;
case 'D':
case 'd':
if ((flags & OPT_FMT_PEMDER) == 0)
return opt_format_error(s, flags);
*result = FORMAT_ASN1;
break;
case 'T':
case 't':
if ((flags & OPT_FMT_TEXT) == 0)
return opt_format_error(s, flags);
*result = FORMAT_TEXT;
break;
case 'N':
case 'n':
if (strcmp(s, "NSS") == 0 || strcmp(s, "nss") == 0) {
if ((flags & OPT_FMT_NSS) == 0)
return opt_format_error(s, flags);
*result = FORMAT_NSS;
} else {
if ((flags & OPT_FMT_NETSCAPE) == 0)
return opt_format_error(s, flags);
*result = FORMAT_NETSCAPE;
}
break;
case 'S':
case 's':
if ((flags & OPT_FMT_SMIME) == 0)
return opt_format_error(s, flags);
*result = FORMAT_SMIME;
break;
case 'M':
case 'm':
if ((flags & OPT_FMT_MSBLOB) == 0)
return opt_format_error(s, flags);
*result = FORMAT_MSBLOB;
break;
case 'E':
case 'e':
if ((flags & OPT_FMT_ENGINE) == 0)
return opt_format_error(s, flags);
*result = FORMAT_ENGINE;
break;
case 'H':
case 'h':
if ((flags & OPT_FMT_HTTP) == 0)
return opt_format_error(s, flags);
*result = FORMAT_HTTP;
break;
case '1':
if ((flags & OPT_FMT_PKCS12) == 0)
return opt_format_error(s, flags);
*result = FORMAT_PKCS12;
break;
case 'P':
case 'p':
if (s[1] == '\0' || strcmp(s, "PEM") == 0 || strcmp(s, "pem") == 0) {
if ((flags & OPT_FMT_PEMDER) == 0)
return opt_format_error(s, flags);
*result = FORMAT_PEM;
} else if (strcmp(s, "PVK") == 0 || strcmp(s, "pvk") == 0) {
if ((flags & OPT_FMT_PVK) == 0)
return opt_format_error(s, flags);
*result = FORMAT_PVK;
} else if (strcmp(s, "P12") == 0 || strcmp(s, "p12") == 0
|| strcmp(s, "PKCS12") == 0 || strcmp(s, "pkcs12") == 0) {
if ((flags & OPT_FMT_PKCS12) == 0)
return opt_format_error(s, flags);
*result = FORMAT_PKCS12;
} else
return 0;
break;
}
return 1;
}
/* Parse a cipher name, put it in *EVP_CIPHER; return 0 on failure, else 1. */
int opt_cipher(const char *name, const EVP_CIPHER **cipherp)
{
*cipherp = EVP_get_cipherbyname(name);
if (*cipherp)
return 1;
BIO_printf(bio_err, "%s: Unknown cipher %s\n", prog, name);
return 0;
}
/*
* Parse message digest name, put it in *EVP_MD; return 0 on failure, else 1.
*/
int opt_md(const char *name, const EVP_MD **mdp)
{
*mdp = EVP_get_digestbyname(name);
if (*mdp)
return 1;
BIO_printf(bio_err, "%s: Unknown digest %s\n", prog, name);
return 0;
}
/* Look through a list of name/value pairs. */
int opt_pair(const char *name, const OPT_PAIR* pairs, int *result)
{
const OPT_PAIR *pp;
for (pp = pairs; pp->name; pp++)
if (strcmp(pp->name, name) == 0) {
*result = pp->retval;
return 1;
}
BIO_printf(bio_err, "%s: Value must be one of:\n", prog);
for (pp = pairs; pp->name; pp++)
BIO_printf(bio_err, "\t%s\n", pp->name);
return 0;
}
/* See if cp looks like a hex number, in case user left off the 0x */
static int scanforhex(const char *cp)
{
if (*cp == '0' && (cp[1] == 'x' || cp[1] == 'X'))
return 16;
for (; *cp; cp++)
/* Look for a hex digit that isn't a regular digit. */
if (isxdigit(*cp) && !isdigit(*cp))
return 16;
return 0;
}
/* Parse an int, put it into *result; return 0 on failure, else 1. */
int opt_int(const char *value, int *result)
{
const char *fmt = "%d";
int base = scanforhex(value);
if (base == 16)
fmt = "%x";
else if (*value == '0')
fmt = "%o";
if (sscanf(value, fmt, result) != 1) {
BIO_printf(bio_err, "%s: Can't parse \"%s\" as a number\n",
prog, value);
return 0;
}
return 1;
}
/* Parse a long, put it into *result; return 0 on failure, else 1. */
int opt_long(const char *value, long *result)
{
char *endptr;
int base = scanforhex(value);
*result = strtol(value, &endptr, base);
if (*endptr) {
BIO_printf(bio_err,
"%s: Bad char %c in number %s\n", prog, *endptr, value);
return 0;
}
return 1;
}
/*
* Parse an unsigned long, put it into *result; return 0 on failure, else 1.
*/
int opt_ulong(const char *value, unsigned long *result)
{
char *endptr;
int base = scanforhex(value);
*result = strtoul(value, &endptr, base);
if (*endptr) {
BIO_printf(bio_err,
"%s: Bad char %c in number %s\n", prog, *endptr, value);
return 0;
}
return 1;
}
/*
* We pass opt as an int but cast it to "enum range" so that all the
* items in the OPT_V_ENUM enumeration are caught; this makes -Wswitch
* in gcc do the right thing.
*/
enum range { OPT_V_ENUM };
int opt_verify(int opt, X509_VERIFY_PARAM *vpm)
{
unsigned long ul;
int i;
ASN1_OBJECT *otmp;
X509_PURPOSE *xptmp;
const X509_VERIFY_PARAM *vtmp;
assert(vpm != NULL);
assert(opt > OPT_V__FIRST);
assert(opt < OPT_V__LAST);
switch ((enum range)opt) {
case OPT_V__FIRST:
case OPT_V__LAST:
return 0;
case OPT_V_POLICY:
otmp = OBJ_txt2obj(opt_arg(), 0);
if (otmp == NULL) {
BIO_printf(bio_err, "%s: Invalid Policy %s\n", prog, opt_arg());
return 0;
}
X509_VERIFY_PARAM_add0_policy(vpm, otmp);
break;
case OPT_V_PURPOSE:
i = X509_PURPOSE_get_by_sname(opt_arg());
if (i < 0) {
BIO_printf(bio_err, "%s: Invalid purpose %s\n", prog, opt_arg());
return 0;
}
xptmp = X509_PURPOSE_get0(i);
i = X509_PURPOSE_get_id(xptmp);
X509_VERIFY_PARAM_set_purpose(vpm, i);
break;
case OPT_V_VERIFY_NAME:
vtmp = X509_VERIFY_PARAM_lookup(opt_arg());
if (vtmp == NULL) {
BIO_printf(bio_err, "%s: Invalid verify name %s\n",
prog, opt_arg());
return 0;
}
X509_VERIFY_PARAM_set1(vpm, vtmp);
break;
case OPT_V_VERIFY_DEPTH:
i = atoi(opt_arg());
if (i >= 0)
X509_VERIFY_PARAM_set_depth(vpm, i);
break;
case OPT_V_ATTIME:
opt_ulong(opt_arg(), &ul);
if (ul)
X509_VERIFY_PARAM_set_time(vpm, (time_t)ul);
break;
case OPT_V_VERIFY_HOSTNAME:
if (!X509_VERIFY_PARAM_set1_host(vpm, opt_arg(), 0))
return 0;
break;
case OPT_V_VERIFY_EMAIL:
if (!X509_VERIFY_PARAM_set1_email(vpm, opt_arg(), 0))
return 0;
break;
case OPT_V_VERIFY_IP:
if (!X509_VERIFY_PARAM_set1_ip_asc(vpm, opt_arg()))
return 0;
break;
case OPT_V_IGNORE_CRITICAL:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_IGNORE_CRITICAL);
break;
case OPT_V_ISSUER_CHECKS:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_CB_ISSUER_CHECK);
break;
case OPT_V_CRL_CHECK:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_CRL_CHECK);
break;
case OPT_V_CRL_CHECK_ALL:
X509_VERIFY_PARAM_set_flags(vpm,
X509_V_FLAG_CRL_CHECK |
X509_V_FLAG_CRL_CHECK_ALL);
break;
case OPT_V_POLICY_CHECK:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_POLICY_CHECK);
break;
case OPT_V_EXPLICIT_POLICY:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_EXPLICIT_POLICY);
break;
case OPT_V_INHIBIT_ANY:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_INHIBIT_ANY);
break;
case OPT_V_INHIBIT_MAP:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_INHIBIT_MAP);
break;
case OPT_V_X509_STRICT:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_X509_STRICT);
break;
case OPT_V_EXTENDED_CRL:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_EXTENDED_CRL_SUPPORT);
break;
case OPT_V_USE_DELTAS:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_USE_DELTAS);
break;
case OPT_V_POLICY_PRINT:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NOTIFY_POLICY);
break;
case OPT_V_CHECK_SS_SIG:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_CHECK_SS_SIGNATURE);
break;
case OPT_V_TRUSTED_FIRST:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_TRUSTED_FIRST);
break;
case OPT_V_SUITEB_128_ONLY:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_128_LOS_ONLY);
break;
case OPT_V_SUITEB_128:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_128_LOS);
break;
case OPT_V_SUITEB_192:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_192_LOS);
break;
case OPT_V_PARTIAL_CHAIN:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_PARTIAL_CHAIN);
break;
case OPT_V_NO_ALT_CHAINS:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NO_ALT_CHAINS);
}
return 1;
}
/*
* Parse the next flag (and value if specified), return 0 if done, -1 on
* error, otherwise the flag's retval.
*/
int opt_next(void)
{
char *p;
char *endptr;
const OPTIONS *o;
int dummy;
int base;
long val;
/* Look at current arg; at end of the list? */
arg = NULL;
p = argv[opt_index];
if (p == NULL)
return 0;
/* If word doesn't start with a -, we're done. */
if (*p != '-')
return 0;
/* Hit "--" ? We're done. */
opt_index++;
if (strcmp(p, "--") == 0)
return 0;
/* Allow -nnn and --nnn */
if (*++p == '-')
p++;
flag = p - 1;
/* If we have --flag=foo, snip it off */
if ((arg = strchr(p, '=')) != NULL)
*arg++ = '\0';
for (o = opts; o->name; ++o) {
/* If not this option, move on to the next one. */
if (strcmp(p, o->name) != 0)
continue;
/* If it doesn't take a value, make sure none was given. */
if (o->valtype == 0 || o->valtype == '-') {
if (arg) {
BIO_printf(bio_err,
"%s: Option -%s does not take a value\n", prog, p);
return -1;
}
return o->retval;
}
/* Want a value; get the next param if =foo not used. */
if (arg == NULL) {
if (argv[opt_index] == NULL) {
BIO_printf(bio_err,
"%s: Option -%s needs a value\n", prog, o->name);
return -1;
}
arg = argv[opt_index++];
}
/* Syntax-check value. */
/*
* Do some basic syntax-checking on the value. These tests aren't
* perfect (ignore range overflow) but they catch common failures.
*/
switch (o->valtype) {
default:
case 's':
/* Just a string. */
break;
case '/':
if (app_isdir(arg) >= 0)
break;
BIO_printf(bio_err, "%s: Not a directory: %s\n", prog, arg);
return -1;
case '<':
/* Input file. */
if (strcmp(arg, "-") == 0 || app_access(arg, R_OK) >= 0)
break;
BIO_printf(bio_err,
"%s: Cannot open input file %s, %s\n",
prog, arg, strerror(errno));
return -1;
case '>':
/* Output file. */
if (strcmp(arg, "-") == 0 || app_access(arg, W_OK) >= 0 || errno == ENOENT)
break;
BIO_printf(bio_err,
"%s: Cannot open output file %s, %s\n",
prog, arg, strerror(errno));
return -1;
case 'p':
case 'n':
base = scanforhex(arg);
val = strtol(arg, &endptr, base);
if (*endptr == '\0') {
if (o->valtype == 'p' && val <= 0) {
BIO_printf(bio_err,
"%s: Non-positive number \"%s\" for -%s\n",
prog, arg, o->name);
return -1;
}
break;
}
BIO_printf(bio_err,
"%s: Invalid number \"%s\" for -%s\n",
prog, arg, o->name);
return -1;
case 'u':
base = scanforhex(arg);
strtoul(arg, &endptr, base);
if (*endptr == '\0')
break;
BIO_printf(bio_err,
"%s: Invalid number \"%s\" for -%s\n",
prog, arg, o->name);
return -1;
case 'f':
case 'F':
if (opt_format(arg,
o->valtype == 'F' ? OPT_FMT_PEMDER
: OPT_FMT_ANY, &dummy))
break;
BIO_printf(bio_err,
"%s: Invalid format \"%s\" for -%s\n",
prog, arg, o->name);
return -1;
}
/* Return the flag value. */
return o->retval;
}
if (unknown != NULL) {
dunno = p;
return unknown->retval;
}
BIO_printf(bio_err, "%s: Option unknown option -%s\n", prog, p);
return -1;
}
/* Return the most recent flag parameter. */
char *opt_arg(void)
{
return arg;
}
/* Return the most recent flag. */
char *opt_flag(void)
{
return flag;
}
/* Return the unknown option. */
char *opt_unknown(void)
{
return dunno;
}
/* Return the rest of the arguments after parsing flags. */
char **opt_rest(void)
{
return &argv[opt_index];
}
/* How many items in remaining args? */
int opt_num_rest(void)
{
int i = 0;
char **pp;
for (pp = opt_rest(); *pp; pp++, i++)
continue;
return i;
}
/* Return a string describing the parameter type. */
static const char *valtype2param(const OPTIONS *o)
{
switch (o->valtype) {
case '-':
return "";
case 's':
return "val";
case '/':
return "dir";
case '<':
return "infile";
case '>':
return "outfile";
case 'p':
return "pnum";
case 'n':
return "num";
case 'u':
return "unum";
case 'F':
return "der/pem";
case 'f':
return "format";
}
return "parm";
}
void opt_help(const OPTIONS *list)
{
const OPTIONS *o;
int i;
int standard_prolog;
int width = 5;
char start[80 + 1];
char *p;
const char *help;
/* Starts with its own help message? */
standard_prolog = list[0].name != OPT_HELP_STR;
/* Find the widest help. */
for (o = list; o->name; o++) {
if (o->name == OPT_MORE_STR)
continue;
i = 2 + (int)strlen(o->name);
if (o->valtype != '-')
i += 1 + strlen(valtype2param(o));
if (i < MAX_OPT_HELP_WIDTH && i > width)
width = i;
assert(i < (int)sizeof start);
}
if (standard_prolog)
BIO_printf(bio_err, "Usage: %s [options]\nValid options are:\n",
prog);
/* Now let's print. */
for (o = list; o->name; o++) {
help = o->helpstr ? o->helpstr : "(No additional info)";
if (o->name == OPT_HELP_STR) {
BIO_printf(bio_err, help, prog);
continue;
}
/* Pad out prefix */
memset(start, ' ', sizeof start - 1);
start[sizeof start - 1] = '\0';
if (o->name == OPT_MORE_STR) {
/* Continuation of previous line; padd and print. */
start[width] = '\0';
BIO_printf(bio_err, "%s %s\n", start, help);
continue;
}
/* Build up the "-flag [param]" part. */
p = start;
*p++ = ' ';
*p++ = '-';
if (o->name[0])
p += strlen(strcpy(p, o->name));
else
*p++ = '*';
if (o->valtype != '-') {
*p++ = ' ';
p += strlen(strcpy(p, valtype2param(o)));
}
*p = ' ';
if ((int)(p - start) >= MAX_OPT_HELP_WIDTH) {
*p = '\0';
BIO_printf(bio_err, "%s\n", start);
memset(start, ' ', sizeof start);
}
start[width] = '\0';
BIO_printf(bio_err, "%s %s\n", start, help);
}
}
#ifdef COMPILE_STANDALONE_TEST_DRIVER
# include <sys/stat.h>
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_IN, OPT_INFORM, OPT_OUT, OPT_COUNT, OPT_U, OPT_FLAG,
OPT_STR, OPT_NOTUSED
} OPTION_CHOICE;
static OPTIONS options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s flags\n"},
{OPT_HELP_STR, 1, '-', "Valid options are:\n"},
{"help", OPT_HELP, '-', "Display this summary"},
{"in", OPT_IN, '<', "input file"},
{OPT_MORE_STR, 1, '-', "more detail about input"},
{"inform", OPT_INFORM, 'f', "input file format; defaults to pem"},
{"out", OPT_OUT, '>', "output file"},
{"count", OPT_COUNT, 'p', "a counter greater than zero"},
{"u", OPT_U, 'u', "an unsigned number"},
{"flag", OPT_FLAG, 0, "just some flag"},
{"str", OPT_STR, 's', "the magic word"},
{"areallyverylongoption", OPT_HELP, '-', "long way for help"},
{NULL}
};
BIO *bio_err;
int app_isdir(const char *name)
{
struct stat sb;
return name != NULL && stat(name, &sb) >= 0 && S_ISDIR(sb.st_mode);
}
int main(int ac, char **av)
{
OPTION_CHOICE o;
char **rest;
char *prog;
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
prog = opt_init(ac, av, options);
while ((o = opt_next()) != OPT_EOF) {
switch (c) {
case OPT_NOTUSED:
case OPT_EOF:
case OPT_ERR:
printf("%s: Usage error; try -help.\n", prog);
return 1;
case OPT_HELP:
opt_help(options);
return 0;
case OPT_IN:
printf("in %s\n", opt_arg());
break;
case OPT_INFORM:
printf("inform %s\n", opt_arg());
break;
case OPT_OUT:
printf("out %s\n", opt_arg());
break;
case OPT_COUNT:
printf("count %s\n", opt_arg());
break;
case OPT_U:
printf("u %s\n", opt_arg());
break;
case OPT_FLAG:
printf("flag\n");
break;
case OPT_STR:
printf("str %s\n", opt_arg());
break;
}
}
argc = opt_num_rest();
argv = opt_rest();
printf("args = %d\n", argc);
if (argc)
while (*argv)
printf(" %s\n", *argv++);
return 0;
}
#endif

332
apps/passwd.c
View File

@ -1,4 +1,51 @@
/* apps/passwd.c */
/* ====================================================================
* Copyright (c) 2000-2015 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#if defined OPENSSL_NO_MD5 || defined CHARSET_EBCDIC
# define NO_MD5CRYPT_1
@ -22,9 +69,6 @@
# include <openssl/md5.h>
# endif
# undef PROG
# define PROG passwd_main
static unsigned const char cov_2char[64] = {
/* from crypto/des/fcrypt.c */
0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
@ -42,156 +86,130 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
int reverse, size_t pw_maxlen, int usecrypt, int use1,
int useapr1);
/*-
* -crypt - standard Unix password algorithm (default)
* -1 - MD5-based password algorithm
* -apr1 - MD5-based password algorithm, Apache variant
* -salt string - salt
* -in file - read passwords from file
* -stdin - read passwords from stdin
* -noverify - never verify when reading password from terminal
* -quiet - no warnings
* -table - format output as table
* -reverse - switch table columns
*/
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_IN,
OPT_NOVERIFY, OPT_QUIET, OPT_TABLE, OPT_REVERSE, OPT_APR1,
OPT_1, OPT_CRYPT, OPT_SALT, OPT_STDIN
} OPTION_CHOICE;
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
int ret = 1;
char *infile = NULL;
int in_stdin = 0;
int in_noverify = 0;
char *salt = NULL, *passwd = NULL, **passwds = NULL;
char *salt_malloc = NULL, *passwd_malloc = NULL;
size_t passwd_malloc_size = 0;
int pw_source_defined = 0;
BIO *in = NULL, *out = NULL;
int i, badopt, opt_done;
int passed_salt = 0, quiet = 0, table = 0, reverse = 0;
int usecrypt = 0, use1 = 0, useapr1 = 0;
size_t pw_maxlen = 0;
apps_startup();
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto err;
out = BIO_new(BIO_s_file());
if (out == NULL)
goto err;
BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
# ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
OPTIONS passwd_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"in", OPT_IN, '<', "Pead passwords from file"},
{"noverify", OPT_NOVERIFY, '-',
"Never verify when reading password from terminal"},
{"quiet", OPT_QUIET, '-', "No warnings"},
{"table", OPT_TABLE, '-', "Format output as table"},
{"reverse", OPT_REVERSE, '-', "Switch table columns"},
# ifndef NO_MD5CRYPT_1
{"apr1", OPT_APR1, '-', "MD5-based password algorithm, Apache variant"},
{"1", OPT_1, '-', "MD5-based password algorithm"},
# endif
# ifndef OPENSSL_NO_DES
{"crypt", OPT_CRYPT, '-', "Standard Unix password algorithm (default)"},
# endif
{"salt", OPT_SALT, 's', "Use provided salt"},
{"stdin", OPT_STDIN, '-', "Read passwords from stdin"},
{NULL}
};
badopt = 0, opt_done = 0;
i = 0;
while (!badopt && !opt_done && argv[++i] != NULL) {
if (strcmp(argv[i], "-crypt") == 0)
usecrypt = 1;
else if (strcmp(argv[i], "-1") == 0)
use1 = 1;
else if (strcmp(argv[i], "-apr1") == 0)
useapr1 = 1;
else if (strcmp(argv[i], "-salt") == 0) {
if ((argv[i + 1] != NULL) && (salt == NULL)) {
passed_salt = 1;
salt = argv[++i];
} else
badopt = 1;
} else if (strcmp(argv[i], "-in") == 0) {
if ((argv[i + 1] != NULL) && !pw_source_defined) {
pw_source_defined = 1;
infile = argv[++i];
} else
badopt = 1;
} else if (strcmp(argv[i], "-stdin") == 0) {
if (!pw_source_defined) {
pw_source_defined = 1;
in_stdin = 1;
} else
badopt = 1;
} else if (strcmp(argv[i], "-noverify") == 0)
in_noverify = 1;
else if (strcmp(argv[i], "-quiet") == 0)
quiet = 1;
else if (strcmp(argv[i], "-table") == 0)
table = 1;
else if (strcmp(argv[i], "-reverse") == 0)
reverse = 1;
else if (argv[i][0] == '-')
badopt = 1;
else if (!pw_source_defined)
/* non-option arguments, use as passwords */
{
int passwd_main(int argc, char **argv)
{
BIO *in = NULL;
char *infile = NULL, *salt = NULL, *passwd = NULL, **passwds = NULL;
char *salt_malloc = NULL, *passwd_malloc = NULL, *prog;
OPTION_CHOICE o;
int in_stdin = 0, in_noverify = 0, pw_source_defined = 0;
int passed_salt = 0, quiet = 0, table = 0, reverse = 0;
int ret = 1, usecrypt = 0, use1 = 0, useapr1 = 0;
size_t passwd_malloc_size = 0, pw_maxlen = 256;
prog = opt_init(argc, argv, passwd_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(passwd_options);
ret = 0;
goto end;
case OPT_IN:
if (pw_source_defined)
goto opthelp;
infile = opt_arg();
pw_source_defined = 1;
passwds = &argv[i];
opt_done = 1;
} else
badopt = 1;
break;
case OPT_NOVERIFY:
in_noverify = 1;
break;
case OPT_QUIET:
quiet = 1;
break;
case OPT_TABLE:
table = 1;
break;
case OPT_REVERSE:
reverse = 1;
break;
case OPT_1:
use1 = 1;
break;
case OPT_APR1:
useapr1 = 1;
break;
case OPT_CRYPT:
usecrypt = 1;
break;
case OPT_SALT:
passed_salt = 1;
salt = opt_arg();
break;
case OPT_STDIN:
if (pw_source_defined)
goto opthelp;
in_stdin = 1;
break;
}
}
argc = opt_num_rest();
argv = opt_rest();
if (*argv) {
if (pw_source_defined)
goto opthelp;
pw_source_defined = 1;
passwds = argv;
}
if (!usecrypt && !use1 && !useapr1) /* use default */
if (!usecrypt && !use1 && !useapr1) {
/* use default */
usecrypt = 1;
if (usecrypt + use1 + useapr1 > 1) /* conflict */
badopt = 1;
}
if (usecrypt + use1 + useapr1 > 1) {
/* conflict */
goto opthelp;
}
/* reject unsupported algorithms */
# ifdef OPENSSL_NO_DES
if (usecrypt)
badopt = 1;
goto opthelp;
# endif
# ifdef NO_MD5CRYPT_1
if (use1 || useapr1)
badopt = 1;
goto opthelp;
# endif
if (badopt) {
BIO_printf(bio_err, "Usage: passwd [options] [passwords]\n");
BIO_printf(bio_err, "where options are\n");
# ifndef OPENSSL_NO_DES
BIO_printf(bio_err,
"-crypt standard Unix password algorithm (default)\n");
# endif
# ifndef NO_MD5CRYPT_1
BIO_printf(bio_err,
"-1 MD5-based password algorithm\n");
BIO_printf(bio_err,
"-apr1 MD5-based password algorithm, Apache variant\n");
# endif
BIO_printf(bio_err, "-salt string use provided salt\n");
BIO_printf(bio_err, "-in file read passwords from file\n");
BIO_printf(bio_err, "-stdin read passwords from stdin\n");
BIO_printf(bio_err,
"-noverify never verify when reading password from terminal\n");
BIO_printf(bio_err, "-quiet no warnings\n");
BIO_printf(bio_err, "-table format output as table\n");
BIO_printf(bio_err, "-reverse switch table columns\n");
goto err;
if (infile && in_stdin) {
BIO_printf(bio_err, "%s: Can't combine -in and -stdin\n", prog);
goto end;
}
if ((infile != NULL) || in_stdin) {
in = BIO_new(BIO_s_file());
if (in == NULL)
goto err;
if (infile != NULL) {
assert(in_stdin == 0);
if (BIO_read_filename(in, infile) <= 0)
goto err;
} else {
assert(in_stdin);
BIO_set_fp(in, stdin, BIO_NOCLOSE);
}
}
in = bio_open_default(infile, "r");
if (in == NULL)
goto end;
if (usecrypt)
pw_maxlen = 8;
@ -208,7 +226,7 @@ int MAIN(int argc, char **argv)
*/
passwd = passwd_malloc = OPENSSL_malloc(passwd_malloc_size);
if (passwd_malloc == NULL)
goto err;
goto end;
}
if ((in == NULL) && (passwds == NULL)) {
@ -220,7 +238,7 @@ int MAIN(int argc, char **argv)
if (EVP_read_pw_string
(passwd_malloc, passwd_malloc_size, "Password: ",
!(passed_salt || in_noverify)) != 0)
goto err;
goto end;
passwds[0] = passwd_malloc;
}
@ -230,10 +248,10 @@ int MAIN(int argc, char **argv)
do { /* loop over list of passwords */
passwd = *passwds++;
if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, bio_out,
quiet, table, reverse, pw_maxlen, usecrypt, use1,
useapr1))
goto err;
goto end;
}
while (*passwds != NULL);
} else
@ -256,10 +274,10 @@ int MAIN(int argc, char **argv)
while ((r > 0) && (!strchr(trash, '\n')));
}
if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
quiet, table, reverse, pw_maxlen, usecrypt,
use1, useapr1))
goto err;
if (!do_passwd
(passed_salt, &salt, &salt_malloc, passwd, bio_out, quiet,
table, reverse, pw_maxlen, usecrypt, use1, useapr1))
goto end;
}
done = (r <= 0);
}
@ -267,16 +285,14 @@ int MAIN(int argc, char **argv)
}
ret = 0;
err:
end:
ERR_print_errors(bio_err);
if (salt_malloc)
OPENSSL_free(salt_malloc);
if (passwd_malloc)
OPENSSL_free(passwd_malloc);
BIO_free(in);
BIO_free_all(out);
apps_shutdown();
OPENSSL_EXIT(ret);
return (ret);
}
# ifndef NO_MD5CRYPT_1
@ -412,10 +428,10 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
if (*salt_malloc_p == NULL) {
*salt_p = *salt_malloc_p = OPENSSL_malloc(3);
if (*salt_malloc_p == NULL)
goto err;
goto end;
}
if (RAND_bytes((unsigned char *)*salt_p, 2) <= 0)
goto err;
goto end;
(*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */
(*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */
(*salt_p)[2] = 0;
@ -433,10 +449,10 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
if (*salt_malloc_p == NULL) {
*salt_p = *salt_malloc_p = OPENSSL_malloc(9);
if (*salt_malloc_p == NULL)
goto err;
goto end;
}
if (RAND_bytes((unsigned char *)*salt_p, 8) <= 0)
goto err;
goto end;
for (i = 0; i < 8; i++)
(*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */
@ -477,16 +493,16 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
BIO_printf(out, "%s\t%s\n", hash, passwd);
else
BIO_printf(out, "%s\n", hash);
return 1;
err:
return 0;
end:
return 1;
}
#else
int MAIN(int argc, char **argv)
int passwd_main(int argc, char **argv)
{
fputs("Program not available.\n", stderr)
OPENSSL_EXIT(1);
return (1);
}
#endif

706
apps/pkcs12.c
View File

@ -1,4 +1,3 @@
/* pkcs12.c */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
@ -69,10 +68,6 @@
# include <openssl/pem.h>
# include <openssl/pkcs12.h>
# define PROG pkcs12_main
const EVP_CIPHER *enc;
# define NOKEYS 0x1
# define NOCERTS 0x2
# define INFO 0x4
@ -81,335 +76,257 @@ const EVP_CIPHER *enc;
int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain);
int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen,
int options, char *pempass);
int options, char *pempass, const EVP_CIPHER *enc);
int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
char *pass, int passlen, int options,
char *pempass);
char *pass, int passlen, int options, char *pempass,
const EVP_CIPHER *enc);
int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass,
int passlen, int options, char *pempass);
int passlen, int options, char *pempass,
const EVP_CIPHER *enc);
int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,
const char *name);
void hex_prin(BIO *out, unsigned char *buf, int len);
int alg_print(BIO *x, X509_ALGOR *alg);
int cert_load(BIO *in, STACK_OF(X509) *sk);
static int set_pbe(BIO *err, int *ppbe, const char *str);
static int set_pbe(int *ppbe, const char *str);
int MAIN(int, char **);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_CIPHER, OPT_NOKEYS, OPT_KEYEX, OPT_KEYSIG, OPT_NOCERTS, OPT_CLCERTS,
OPT_CACERTS, OPT_NOOUT, OPT_INFO, OPT_CHAIN, OPT_TWOPASS, OPT_NOMACVER,
OPT_DESCERT, OPT_EXPORT, OPT_NOITER, OPT_MACITER, OPT_NOMACITER,
OPT_NOMAC, OPT_LMK, OPT_NODES, OPT_MACALG, OPT_CERTPBE, OPT_KEYPBE,
OPT_RAND, OPT_INKEY, OPT_CERTFILE, OPT_NAME, OPT_CSP, OPT_CANAME,
OPT_IN, OPT_OUT, OPT_PASSIN, OPT_PASSOUT, OPT_PASSWORD, OPT_CAPATH,
OPT_CAFILE, OPT_ENGINE
} OPTION_CHOICE;
int MAIN(int argc, char **argv)
OPTIONS pkcs12_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"nokeys", OPT_NOKEYS, '-', "Don't output private keys"},
{"keyex", OPT_KEYEX, '-', "Set MS key exchange type"},
{"keysig", OPT_KEYSIG, '-', "Set MS key signature type"},
{"nocerts", OPT_NOCERTS, '-', "Don't output certificates"},
{"clcerts", OPT_CLCERTS, '-', "Only output client certificates"},
{"cacerts", OPT_CACERTS, '-', "Only output CA certificates"},
{"noout", OPT_NOOUT, '-', "Don't output anything, just verify"},
{"info", OPT_INFO, '-', "Print info about PKCS#12 structure"},
{"chain", OPT_CHAIN, '-', "Add certificate chain"},
{"twopass", OPT_TWOPASS, '-', "Separate MAC, encryption passwords"},
{"nomacver", OPT_NOMACVER, '-', "Don't verify MAC"},
# ifndef OPENSSL_NO_RC2
{"descert", OPT_DESCERT, '-',
"Encrypt output with 3DES (default RC2-40)"},
{"certpbe", OPT_CERTPBE, 's',
"Certificate PBE algorithm (default RC2-40)"},
# else
{"descert", OPT_DESCERT, '-', "Encrypt output with 3DES (the default)"},
{"certpbe", OPT_CERTPBE, 's', "Certificate PBE algorithm (default 3DES)"},
# endif
{"export", OPT_EXPORT, '-', "Output PKCS12 file"},
{"noiter", OPT_NOITER, '-', "Don't use encryption iteration"},
{"maciter", OPT_MACITER, '-', "Use MAC iteration"},
{"nomaciter", OPT_NOMACITER, '-', "Don't use MAC iteration"},
{"nomac", OPT_NOMAC, '-', "Don't generate MAC"},
{"LMK", OPT_LMK, '-',
"Add local machine keyset attribute to private key"},
{"nodes", OPT_NODES, '-', "Don't encrypt private keys"},
{"macalg", OPT_MACALG, 's',
"Digest algorithm used in MAC (default SHA1)"},
{"keypbe", OPT_KEYPBE, 's', "Private key PBE algorithm (default 3DES)"},
{"rand", OPT_RAND, 's',
"Load the file(s) into the random number generator"},
{"inkey", OPT_INKEY, '<', "Private key if not infile"},
{"certfile", OPT_CERTFILE, '<', "Load certs from file"},
{"name", OPT_NAME, 's', "Use name as friendly name"},
{"CSP", OPT_CSP, 's', "Microsoft CSP name"},
{"caname", OPT_CANAME, 's',
"Use name as CA friendly name (can be repeated)"},
{"in", OPT_IN, '<', "Input filename"},
{"out", OPT_OUT, '>', "Output filename"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
{"password", OPT_PASSWORD, 's', "Set import/export password source"},
{"CApath", OPT_CAPATH, '/', "PEM-format directory of CA's"},
{"CAfile", OPT_CAFILE, '<', "PEM-format file of CA's"},
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
{"", OPT_CIPHER, '-', "Any supported cipher"},
{NULL}
};
int pkcs12_main(int argc, char **argv)
{
ENGINE *e = NULL;
char *infile = NULL, *outfile = NULL, *keyname = NULL;
char *certfile = NULL;
BIO *in = NULL, *out = NULL;
char **args;
char *name = NULL;
char *csp_name = NULL;
int add_lmk = 0;
PKCS12 *p12 = NULL;
char *infile = NULL, *outfile = NULL, *keyname = NULL, *certfile = NULL;
char *name = NULL, *csp_name = NULL;
char pass[50], macpass[50];
int export_cert = 0;
int options = 0;
int chain = 0;
int badarg = 0;
int iter = PKCS12_DEFAULT_ITER;
int maciter = PKCS12_DEFAULT_ITER;
int twopass = 0;
int keytype = 0;
int export_cert = 0, options = 0, chain = 0, twopass = 0, keytype = 0;
int iter = PKCS12_DEFAULT_ITER, maciter = PKCS12_DEFAULT_ITER;
# ifndef OPENSSL_NO_RC2
int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
# else
int cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
# endif
int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
int ret = 1;
int macver = 1;
int noprompt = 0;
int ret = 1, macver = 1, noprompt = 0, add_lmk = 0;
char *passinarg = NULL, *passoutarg = NULL, *passarg = NULL;
char *passin = NULL, *passout = NULL, *inrand = NULL, *macalg = NULL;
char *cpass = NULL, *mpass = NULL, *CApath = NULL, *CAfile = NULL;
char *engine = NULL, *prog;
ENGINE *e = NULL;
BIO *in = NULL, *out = NULL;
PKCS12 *p12 = NULL;
STACK_OF(OPENSSL_STRING) *canames = NULL;
char *cpass = NULL, *mpass = NULL;
char *passargin = NULL, *passargout = NULL, *passarg = NULL;
char *passin = NULL, *passout = NULL;
char *inrand = NULL;
char *macalg = NULL;
char *CApath = NULL, *CAfile = NULL;
# ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
# endif
const EVP_CIPHER *enc = EVP_des_ede3_cbc();
OPTION_CHOICE o;
apps_startup();
enc = EVP_des_ede3_cbc();
if (bio_err == NULL)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
goto end;
args = argv + 1;
while (*args) {
if (*args[0] == '-') {
if (!strcmp(*args, "-nokeys"))
options |= NOKEYS;
else if (!strcmp(*args, "-keyex"))
keytype = KEY_EX;
else if (!strcmp(*args, "-keysig"))
keytype = KEY_SIG;
else if (!strcmp(*args, "-nocerts"))
options |= NOCERTS;
else if (!strcmp(*args, "-clcerts"))
options |= CLCERTS;
else if (!strcmp(*args, "-cacerts"))
options |= CACERTS;
else if (!strcmp(*args, "-noout"))
options |= (NOKEYS | NOCERTS);
else if (!strcmp(*args, "-info"))
options |= INFO;
else if (!strcmp(*args, "-chain"))
chain = 1;
else if (!strcmp(*args, "-twopass"))
twopass = 1;
else if (!strcmp(*args, "-nomacver"))
macver = 0;
else if (!strcmp(*args, "-descert"))
cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
else if (!strcmp(*args, "-export"))
export_cert = 1;
else if (!strcmp(*args, "-des"))
enc = EVP_des_cbc();
else if (!strcmp(*args, "-des3"))
enc = EVP_des_ede3_cbc();
# ifndef OPENSSL_NO_IDEA
else if (!strcmp(*args, "-idea"))
enc = EVP_idea_cbc();
# endif
# ifndef OPENSSL_NO_SEED
else if (!strcmp(*args, "-seed"))
enc = EVP_seed_cbc();
# endif
# ifndef OPENSSL_NO_AES
else if (!strcmp(*args, "-aes128"))
enc = EVP_aes_128_cbc();
else if (!strcmp(*args, "-aes192"))
enc = EVP_aes_192_cbc();
else if (!strcmp(*args, "-aes256"))
enc = EVP_aes_256_cbc();
# endif
# ifndef OPENSSL_NO_CAMELLIA
else if (!strcmp(*args, "-camellia128"))
enc = EVP_camellia_128_cbc();
else if (!strcmp(*args, "-camellia192"))
enc = EVP_camellia_192_cbc();
else if (!strcmp(*args, "-camellia256"))
enc = EVP_camellia_256_cbc();
# endif
else if (!strcmp(*args, "-noiter"))
iter = 1;
else if (!strcmp(*args, "-maciter"))
maciter = PKCS12_DEFAULT_ITER;
else if (!strcmp(*args, "-nomaciter"))
maciter = 1;
else if (!strcmp(*args, "-nomac"))
maciter = -1;
else if (!strcmp(*args, "-macalg"))
if (args[1]) {
args++;
macalg = *args;
} else
badarg = 1;
else if (!strcmp(*args, "-nodes"))
enc = NULL;
else if (!strcmp(*args, "-certpbe")) {
if (!set_pbe(bio_err, &cert_pbe, *++args))
badarg = 1;
} else if (!strcmp(*args, "-keypbe")) {
if (!set_pbe(bio_err, &key_pbe, *++args))
badarg = 1;
} else if (!strcmp(*args, "-rand")) {
if (args[1]) {
args++;
inrand = *args;
} else
badarg = 1;
} else if (!strcmp(*args, "-inkey")) {
if (args[1]) {
args++;
keyname = *args;
} else
badarg = 1;
} else if (!strcmp(*args, "-certfile")) {
if (args[1]) {
args++;
certfile = *args;
} else
badarg = 1;
} else if (!strcmp(*args, "-name")) {
if (args[1]) {
args++;
name = *args;
} else
badarg = 1;
} else if (!strcmp(*args, "-LMK"))
add_lmk = 1;
else if (!strcmp(*args, "-CSP")) {
if (args[1]) {
args++;
csp_name = *args;
} else
badarg = 1;
} else if (!strcmp(*args, "-caname")) {
if (args[1]) {
args++;
if (!canames)
canames = sk_OPENSSL_STRING_new_null();
sk_OPENSSL_STRING_push(canames, *args);
} else
badarg = 1;
} else if (!strcmp(*args, "-in")) {
if (args[1]) {
args++;
infile = *args;
} else
badarg = 1;
} else if (!strcmp(*args, "-out")) {
if (args[1]) {
args++;
outfile = *args;
} else
badarg = 1;
} else if (!strcmp(*args, "-passin")) {
if (args[1]) {
args++;
passargin = *args;
} else
badarg = 1;
} else if (!strcmp(*args, "-passout")) {
if (args[1]) {
args++;
passargout = *args;
} else
badarg = 1;
} else if (!strcmp(*args, "-password")) {
if (args[1]) {
args++;
passarg = *args;
noprompt = 1;
} else
badarg = 1;
} else if (!strcmp(*args, "-CApath")) {
if (args[1]) {
args++;
CApath = *args;
} else
badarg = 1;
} else if (!strcmp(*args, "-CAfile")) {
if (args[1]) {
args++;
CAfile = *args;
} else
badarg = 1;
# ifndef OPENSSL_NO_ENGINE
} else if (!strcmp(*args, "-engine")) {
if (args[1]) {
args++;
engine = *args;
} else
badarg = 1;
# endif
} else
badarg = 1;
} else
badarg = 1;
args++;
prog = opt_init(argc, argv, pkcs12_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(pkcs12_options);
ret = 0;
goto end;
case OPT_NOKEYS:
options |= NOKEYS;
break;
case OPT_KEYEX:
keytype = KEY_EX;
break;
case OPT_KEYSIG:
keytype = KEY_SIG;
break;
case OPT_NOCERTS:
options |= NOCERTS;
break;
case OPT_CLCERTS:
options |= CLCERTS;
break;
case OPT_CACERTS:
options |= CACERTS;
break;
case OPT_NOOUT:
options |= (NOKEYS | NOCERTS);
break;
case OPT_INFO:
options |= INFO;
break;
case OPT_CHAIN:
chain = 1;
break;
case OPT_TWOPASS:
twopass = 1;
break;
case OPT_NOMACVER:
macver = 0;
break;
case OPT_DESCERT:
cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
break;
case OPT_EXPORT:
export_cert = 1;
break;
case OPT_CIPHER:
if (!opt_cipher(opt_unknown(), &enc))
goto opthelp;
break;
case OPT_NOITER:
iter = 1;
break;
case OPT_MACITER:
maciter = PKCS12_DEFAULT_ITER;
break;
case OPT_NOMACITER:
maciter = 1;
break;
case OPT_NOMAC:
maciter = -1;
break;
case OPT_MACALG:
macalg = opt_arg();
break;
case OPT_NODES:
enc = NULL;
break;
case OPT_CERTPBE:
if (!set_pbe(&cert_pbe, opt_arg()))
goto opthelp;
break;
case OPT_KEYPBE:
if (!set_pbe(&key_pbe, opt_arg()))
goto opthelp;
break;
case OPT_RAND:
inrand = opt_arg();
break;
case OPT_INKEY:
keyname = opt_arg();
break;
case OPT_CERTFILE:
certfile = opt_arg();
break;
case OPT_NAME:
name = opt_arg();
break;
case OPT_LMK:
add_lmk = 1;
break;
case OPT_CSP:
csp_name = opt_arg();
break;
case OPT_CANAME:
if (canames == NULL
&& (canames = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
sk_OPENSSL_STRING_push(canames, opt_arg());
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_PASSIN:
passinarg = opt_arg();
break;
case OPT_PASSOUT:
passoutarg = opt_arg();
break;
case OPT_PASSWORD:
passarg = opt_arg();
break;
case OPT_CAPATH:
CApath = opt_arg();
break;
case OPT_CAFILE:
CAfile = opt_arg();
break;
case OPT_ENGINE:
engine = opt_arg();
break;
}
}
argc = opt_num_rest();
argv = opt_rest();
if (badarg) {
BIO_printf(bio_err, "Usage: pkcs12 [options]\n");
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, "-export output PKCS12 file\n");
BIO_printf(bio_err, "-chain add certificate chain\n");
BIO_printf(bio_err, "-inkey file private key if not infile\n");
BIO_printf(bio_err, "-certfile f add all certs in f\n");
BIO_printf(bio_err, "-CApath arg - PEM format directory of CA's\n");
BIO_printf(bio_err, "-CAfile arg - PEM format file of CA's\n");
BIO_printf(bio_err, "-name \"name\" use name as friendly name\n");
BIO_printf(bio_err,
"-caname \"nm\" use nm as CA friendly name (can be used more than once).\n");
BIO_printf(bio_err, "-in infile input filename\n");
BIO_printf(bio_err, "-out outfile output filename\n");
BIO_printf(bio_err,
"-noout don't output anything, just verify.\n");
BIO_printf(bio_err, "-nomacver don't verify MAC.\n");
BIO_printf(bio_err, "-nocerts don't output certificates.\n");
BIO_printf(bio_err,
"-clcerts only output client certificates.\n");
BIO_printf(bio_err, "-cacerts only output CA certificates.\n");
BIO_printf(bio_err, "-nokeys don't output private keys.\n");
BIO_printf(bio_err,
"-info give info about PKCS#12 structure.\n");
BIO_printf(bio_err, "-des encrypt private keys with DES\n");
BIO_printf(bio_err,
"-des3 encrypt private keys with triple DES (default)\n");
# ifndef OPENSSL_NO_IDEA
BIO_printf(bio_err, "-idea encrypt private keys with idea\n");
# endif
# ifndef OPENSSL_NO_SEED
BIO_printf(bio_err, "-seed encrypt private keys with seed\n");
# endif
# ifndef OPENSSL_NO_AES
BIO_printf(bio_err, "-aes128, -aes192, -aes256\n");
BIO_printf(bio_err,
" encrypt PEM output with cbc aes\n");
# endif
# ifndef OPENSSL_NO_CAMELLIA
BIO_printf(bio_err, "-camellia128, -camellia192, -camellia256\n");
BIO_printf(bio_err,
" encrypt PEM output with cbc camellia\n");
# endif
BIO_printf(bio_err, "-nodes don't encrypt private keys\n");
BIO_printf(bio_err, "-noiter don't use encryption iteration\n");
BIO_printf(bio_err, "-nomaciter don't use MAC iteration\n");
BIO_printf(bio_err, "-maciter use MAC iteration\n");
BIO_printf(bio_err, "-nomac don't generate MAC\n");
BIO_printf(bio_err,
"-twopass separate MAC, encryption passwords\n");
BIO_printf(bio_err,
"-descert encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
BIO_printf(bio_err,
"-certpbe alg specify certificate PBE algorithm (default RC2-40)\n");
BIO_printf(bio_err,
"-keypbe alg specify private key PBE algorithm (default 3DES)\n");
BIO_printf(bio_err,
"-macalg alg digest algorithm used in MAC (default SHA1)\n");
BIO_printf(bio_err, "-keyex set MS key exchange type\n");
BIO_printf(bio_err, "-keysig set MS key signature type\n");
BIO_printf(bio_err,
"-password p set import/export password source\n");
BIO_printf(bio_err, "-passin p input file pass phrase source\n");
BIO_printf(bio_err, "-passout p output file pass phrase source\n");
# ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,
"-engine e use engine e, possibly a hardware device.\n");
# endif
BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
LIST_SEPARATOR_CHAR);
BIO_printf(bio_err,
" load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n");
BIO_printf(bio_err, "-CSP name Microsoft CSP name\n");
BIO_printf(bio_err,
"-LMK Add local machine keyset attribute to private key\n");
goto end;
}
# ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
e = setup_engine(engine, 0);
# endif
if (passarg) {
if (export_cert)
passargout = passarg;
passoutarg = passarg;
else
passargin = passarg;
passinarg = passarg;
}
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
@ -430,60 +347,26 @@ int MAIN(int argc, char **argv)
}
if (export_cert || inrand) {
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
app_RAND_load_file(NULL, (inrand != NULL));
if (inrand != NULL)
BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
}
ERR_load_crypto_strings();
# ifdef CRYPTO_MDEBUG
CRYPTO_push_info("read files");
# endif
if (!infile)
in = BIO_new_fp(stdin, BIO_NOCLOSE);
else
in = BIO_new_file(infile, "rb");
if (!in) {
BIO_printf(bio_err, "Error opening input file %s\n",
infile ? infile : "<stdin>");
perror(infile);
in = bio_open_default(infile, "rb");
if (in == NULL)
goto end;
}
# ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("write files");
# endif
if (!outfile) {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
# ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
# endif
} else
out = BIO_new_file(outfile, "wb");
if (!out) {
BIO_printf(bio_err, "Error opening output file %s\n",
outfile ? outfile : "<stdout>");
perror(outfile);
out = bio_open_default(outfile, "wb");
if (out == NULL)
goto end;
}
if (twopass) {
# ifdef CRYPTO_MDEBUG
CRYPTO_push_info("read MAC password");
# endif
if (EVP_read_pw_string
(macpass, sizeof macpass, "Enter MAC Password:", export_cert)) {
BIO_printf(bio_err, "Can't read Password\n");
goto end;
}
# ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
# endif
}
if (export_cert) {
@ -502,24 +385,16 @@ int MAIN(int argc, char **argv)
if (options & NOCERTS)
chain = 0;
# ifdef CRYPTO_MDEBUG
CRYPTO_push_info("process -export_cert");
CRYPTO_push_info("reading private key");
# endif
if (!(options & NOKEYS)) {
key = load_key(bio_err, keyname ? keyname : infile,
key = load_key(keyname ? keyname : infile,
FORMAT_PEM, 1, passin, e, "private key");
if (!key)
goto export_end;
}
# ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("reading certs from input");
# endif
/* Load in all certs in input file */
if (!(options & NOCERTS)) {
certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e,
certs = load_certs(infile, FORMAT_PEM, NULL, e,
"certificates");
if (!certs)
goto export_end;
@ -546,43 +421,25 @@ int MAIN(int argc, char **argv)
}
}
# ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("reading certs from input 2");
# endif
/* Add any more certificates asked for */
if (certfile) {
STACK_OF(X509) *morecerts = NULL;
if (!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM,
NULL, e,
if (!(morecerts = load_certs(certfile, FORMAT_PEM, NULL, e,
"certificates from certfile")))
goto export_end;
while (sk_X509_num(morecerts) > 0)
sk_X509_push(certs, sk_X509_shift(morecerts));
sk_X509_free(morecerts);
}
# ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("reading certs from certfile");
# endif
# ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("building chain");
# endif
/* If chaining get chain from user cert */
if (chain) {
int vret;
STACK_OF(X509) *chain2;
X509_STORE *store = X509_STORE_new();
if (!store) {
BIO_printf(bio_err, "Memory allocation error\n");
X509_STORE *store;
if (!(store = setup_verify(CAfile, CApath)))
goto export_end;
}
if (!X509_STORE_load_locations(store, CAfile, CApath))
X509_STORE_set_default_paths(store);
vret = get_cert_chain(ucert, store, &chain2);
X509_STORE_free(store);
@ -619,11 +476,6 @@ int MAIN(int argc, char **argv)
if (add_lmk && key)
EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1);
# ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("reading password");
# endif
if (!noprompt &&
EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:",
1)) {
@ -633,11 +485,6 @@ int MAIN(int argc, char **argv)
if (!twopass)
BUF_strlcpy(macpass, pass, sizeof macpass);
# ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("creating PKCS#12 structure");
# endif
p12 = PKCS12_create(cpass, name, key, ucert, certs,
key_pbe, cert_pbe, iter, -1, keytype);
@ -647,30 +494,18 @@ int MAIN(int argc, char **argv)
}
if (macalg) {
macmd = EVP_get_digestbyname(macalg);
if (!macmd) {
BIO_printf(bio_err, "Unknown digest algorithm %s\n", macalg);
}
if (!opt_md(macalg, &macmd))
goto opthelp;
}
if (maciter != -1)
PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, macmd);
# ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("writing pkcs12");
# endif
i2d_PKCS12_bio(out, p12);
ret = 0;
export_end:
# ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_pop_info();
CRYPTO_push_info("process -export_cert: freeing");
# endif
EVP_PKEY_free(key);
if (certs)
@ -678,9 +513,6 @@ int MAIN(int argc, char **argv)
if (ucert)
X509_free(ucert);
# ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
# endif
goto end;
}
@ -689,18 +521,13 @@ int MAIN(int argc, char **argv)
ERR_print_errors(bio_err);
goto end;
}
# ifdef CRYPTO_MDEBUG
CRYPTO_push_info("read import password");
# endif
if (!noprompt
&& EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:",
0)) {
BIO_printf(bio_err, "Can't read Password\n");
goto end;
}
# ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
# endif
if (!twopass)
BUF_strlcpy(macpass, pass, sizeof macpass);
@ -709,9 +536,6 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "MAC Iteration %ld\n",
p12->mac->iter ? ASN1_INTEGER_get(p12->mac->iter) : 1);
if (macver) {
# ifdef CRYPTO_MDEBUG
CRYPTO_push_info("verify MAC");
# endif
/* If we enter empty password try no password first */
if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
/* If mac and crypto pass the same set it to NULL too */
@ -722,30 +546,18 @@ int MAIN(int argc, char **argv)
ERR_print_errors(bio_err);
goto end;
}
BIO_printf(bio_err, "MAC verified OK\n");
# ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
# endif
}
# ifdef CRYPTO_MDEBUG
CRYPTO_push_info("output keys and certificates");
# endif
if (!dump_certs_keys_p12(out, p12, cpass, -1, options, passout)) {
if (!dump_certs_keys_p12(out, p12, cpass, -1, options, passout, enc)) {
BIO_printf(bio_err, "Error outputting keys and certificates\n");
ERR_print_errors(bio_err);
goto end;
}
# ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
# endif
ret = 0;
end:
PKCS12_free(p12);
if (export_cert || inrand)
app_RAND_write_file(NULL, bio_err);
# ifdef CRYPTO_MDEBUG
CRYPTO_remove_all_info();
# endif
app_RAND_write_file(NULL);
BIO_free(in);
BIO_free_all(out);
if (canames)
@ -754,12 +566,12 @@ int MAIN(int argc, char **argv)
OPENSSL_free(passin);
if (passout)
OPENSSL_free(passout);
apps_shutdown();
OPENSSL_EXIT(ret);
return (ret);
}
int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass,
int passlen, int options, char *pempass)
int passlen, int options, char *pempass,
const EVP_CIPHER *enc)
{
STACK_OF(PKCS7) *asafes = NULL;
STACK_OF(PKCS12_SAFEBAG) *bags;
@ -787,7 +599,7 @@ int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass,
if (!bags)
goto err;
if (!dump_certs_pkeys_bags(out, bags, pass, passlen,
options, pempass)) {
options, pempass, enc)) {
sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
goto err;
}
@ -802,20 +614,22 @@ int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass,
}
int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
char *pass, int passlen, int options, char *pempass)
char *pass, int passlen, int options, char *pempass,
const EVP_CIPHER *enc)
{
int i;
for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
if (!dump_certs_pkeys_bag(out,
sk_PKCS12_SAFEBAG_value(bags, i),
pass, passlen, options, pempass))
pass, passlen, options, pempass, enc))
return 0;
}
return 1;
}
int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
int passlen, int options, char *pempass)
int passlen, int options, char *pempass,
const EVP_CIPHER *enc)
{
EVP_PKEY *pkey;
PKCS8_PRIV_KEY_INFO *p8;
@ -881,7 +695,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
BIO_printf(bio_err, "Safe Contents bag\n");
print_attribs(out, bag->attrib, "Bag Attributes");
return dump_certs_pkeys_bags(out, bag->value.safes, pass,
passlen, options, pempass);
passlen, options, pempass, enc);
default:
BIO_printf(bio_err, "Warning unsupported bag type: ");
@ -949,22 +763,10 @@ int cert_load(BIO *in, STACK_OF(X509) *sk)
int ret;
X509 *cert;
ret = 0;
# ifdef CRYPTO_MDEBUG
CRYPTO_push_info("cert_load(): reading one cert");
# endif
while ((cert = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
# ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
# endif
ret = 1;
sk_X509_push(sk, cert);
# ifdef CRYPTO_MDEBUG
CRYPTO_push_info("cert_load(): reading one cert");
# endif
}
# ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
# endif
if (ret)
ERR_clear_error();
return ret;
@ -1039,7 +841,7 @@ void hex_prin(BIO *out, unsigned char *buf, int len)
BIO_printf(out, "%02X ", buf[i]);
}
static int set_pbe(BIO *err, int *ppbe, const char *str)
static int set_pbe(int *ppbe, const char *str)
{
if (!str)
return 0;

257
apps/pkcs7.c
View File

@ -1,4 +1,3 @@
/* apps/pkcs7.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -55,6 +54,54 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <stdlib.h>
@ -68,162 +115,105 @@
#include <openssl/pkcs7.h>
#include <openssl/pem.h>
#undef PROG
#define PROG pkcs7_main
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOOUT,
OPT_TEXT, OPT_PRINT, OPT_PRINT_CERTS, OPT_ENGINE
} OPTION_CHOICE;
/*-
* -inform arg - input format - default PEM (DER or PEM)
* -outform arg - output format - default PEM
* -in arg - input file - default stdin
* -out arg - output file - default stdout
* -print_certs
*/
OPTIONS pkcs7_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
{"in", OPT_IN, '<', "Input file"},
{"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
{"out", OPT_OUT, '>', "Output file"},
{"noout", OPT_NOOUT, '-', "Don't output encoded data"},
{"text", OPT_TEXT, '-', "Print full details of certificates"},
{"print", OPT_PRINT, '-'},
{"print_certs", OPT_PRINT_CERTS, '-',
"Print_certs print any certs or crl in the input"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{NULL}
};
int MAIN(int, char **);
int MAIN(int argc, char **argv)
int pkcs7_main(int argc, char **argv)
{
PKCS7 *p7 = NULL;
int i, badops = 0;
BIO *in = NULL, *out = NULL;
int informat, outformat;
char *infile, *outfile, *prog;
int print_certs = 0, text = 0, noout = 0, p7_print = 0;
int ret = 1;
#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
#endif
int informat = FORMAT_PEM, outformat = FORMAT_PEM;
char *engine = NULL, *infile = NULL, *outfile = NULL, *prog;
int i, print_certs = 0, text = 0, noout = 0, p7_print = 0, ret = 1;
OPTION_CHOICE o;
apps_startup();
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
infile = NULL;
outfile = NULL;
informat = FORMAT_PEM;
outformat = FORMAT_PEM;
prog = argv[0];
argc--;
argv++;
while (argc >= 1) {
if (strcmp(*argv, "-inform") == 0) {
if (--argc < 1)
goto bad;
informat = str2fmt(*(++argv));
} else if (strcmp(*argv, "-outform") == 0) {
if (--argc < 1)
goto bad;
outformat = str2fmt(*(++argv));
} else if (strcmp(*argv, "-in") == 0) {
if (--argc < 1)
goto bad;
infile = *(++argv);
} else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
outfile = *(++argv);
} else if (strcmp(*argv, "-noout") == 0)
prog = opt_init(argc, argv, pkcs7_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(pkcs7_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
goto opthelp;
break;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_NOOUT:
noout = 1;
else if (strcmp(*argv, "-text") == 0)
break;
case OPT_TEXT:
text = 1;
else if (strcmp(*argv, "-print") == 0)
break;
case OPT_PRINT:
p7_print = 1;
else if (strcmp(*argv, "-print_certs") == 0)
break;
case OPT_PRINT_CERTS:
print_certs = 1;
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv, "-engine") == 0) {
if (--argc < 1)
goto bad;
engine = *(++argv);
}
#endif
else {
BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1;
break;
case OPT_ENGINE:
engine = opt_arg();
break;
}
argc--;
argv++;
}
if (badops) {
bad:
BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, " -inform arg input format - DER or PEM\n");
BIO_printf(bio_err, " -outform arg output format - DER or PEM\n");
BIO_printf(bio_err, " -in arg input file\n");
BIO_printf(bio_err, " -out arg output file\n");
BIO_printf(bio_err,
" -print_certs print any certs or crl in the input\n");
BIO_printf(bio_err,
" -text print full details of certificates\n");
BIO_printf(bio_err, " -noout don't output encoded data\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,
" -engine e use engine e, possibly a hardware device.\n");
#endif
ret = 1;
goto end;
}
ERR_load_crypto_strings();
argc = opt_num_rest();
argv = opt_rest();
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
setup_engine(engine, 0);
#endif
in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL)) {
ERR_print_errors(bio_err);
in = bio_open_default(infile, RB(informat));
if (in == NULL)
goto end;
}
if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
if (BIO_read_filename(in, infile) <= 0) {
BIO_printf(bio_err, "unable to load input file\n");
ERR_print_errors(bio_err);
goto end;
}
}
if (informat == FORMAT_ASN1)
p7 = d2i_PKCS7_bio(in, NULL);
else if (informat == FORMAT_PEM)
else
p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
else {
BIO_printf(bio_err, "bad input format specified for pkcs7 object\n");
goto end;
}
if (p7 == NULL) {
BIO_printf(bio_err, "unable to load PKCS7 object\n");
ERR_print_errors(bio_err);
goto end;
}
if (outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
} else {
if (BIO_write_filename(out, outfile) <= 0) {
perror(outfile);
goto end;
}
}
out = bio_open_default(outfile, WB(outformat));
if (out == NULL)
goto end;
if (p7_print)
PKCS7_print_ctx(out, p7, 0, NULL);
@ -282,12 +272,8 @@ int MAIN(int argc, char **argv)
if (!noout) {
if (outformat == FORMAT_ASN1)
i = i2d_PKCS7_bio(out, p7);
else if (outformat == FORMAT_PEM)
else
i = PEM_write_bio_PKCS7(out, p7);
else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
}
if (!i) {
BIO_printf(bio_err, "unable to write pkcs7 object\n");
@ -300,6 +286,5 @@ int MAIN(int argc, char **argv)
PKCS7_free(p7);
BIO_free(in);
BIO_free_all(out);
apps_shutdown();
OPENSSL_EXIT(ret);
return (ret);
}

307
apps/pkcs8.c
View File

@ -1,4 +1,3 @@
/* pkcs8.c */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 1999-2004.
@ -65,180 +64,142 @@
#include <openssl/evp.h>
#include <openssl/pkcs12.h>
#define PROG pkcs8_main
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
OPT_TOPK8, OPT_NOITER, OPT_NOCRYPT, OPT_NOOCT, OPT_NSDB, OPT_EMBED,
OPT_V2, OPT_V1, OPT_V2PRF, OPT_ITER, OPT_PASSIN, OPT_PASSOUT
} OPTION_CHOICE;
int MAIN(int, char **);
OPTIONS pkcs8_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'F', "Input format (DER or PEM)"},
{"outform", OPT_OUTFORM, 'F', "Output format (DER or PEM)"},
{"in", OPT_IN, '<', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
{"topk8", OPT_TOPK8, '-', "Output PKCS8 file"},
{"noiter", OPT_NOITER, '-', "Use 1 as iteration count"},
{"nocrypt", OPT_NOCRYPT, '-', "Use or expect unencrypted private key"},
{"nooct", OPT_NOOCT, '-', "Use (nonstandard) no octet format"},
{"nsdb", OPT_NSDB, '-', "Use (nonstandard) DSA Netscape DB format"},
{"embed", OPT_EMBED, '-',
"Use (nonstandard) embedded DSA parameters format"},
{"v2", OPT_V2, 's', "Use PKCS#5 v2.0 and cipher"},
{"v1", OPT_V1, 's', "Use PKCS#5 v1.5 and cipher"},
{"v2prf", OPT_V2PRF, 's'},
{"iter", OPT_ITER, 'p', "Specify the iteration count"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{NULL}
};
int MAIN(int argc, char **argv)
int pkcs8_main(int argc, char **argv)
{
ENGINE *e = NULL;
char **args, *infile = NULL, *outfile = NULL;
char *passargin = NULL, *passargout = NULL;
BIO *in = NULL, *out = NULL;
int topk8 = 0;
int pbe_nid = -1;
const EVP_CIPHER *cipher = NULL;
int iter = PKCS12_DEFAULT_ITER;
int informat, outformat;
int p8_broken = PKCS8_OK;
int nocrypt = 0;
X509_SIG *p8 = NULL;
PKCS8_PRIV_KEY_INFO *p8inf = NULL;
ENGINE *e = NULL;
EVP_PKEY *pkey = NULL;
PKCS8_PRIV_KEY_INFO *p8inf = NULL;
X509_SIG *p8 = NULL;
const EVP_CIPHER *cipher = NULL;
char *engine = NULL, *infile = NULL, *outfile = NULL;
char *passinarg = NULL, *passoutarg = NULL, *prog;
char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
int badarg = 0;
int ret = 1;
#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
#endif
OPTION_CHOICE o;
int nocrypt = 0, ret = 1, iter = PKCS12_DEFAULT_ITER, p8_broken =
PKCS8_OK;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, topk8 = 0, pbe_nid =
-1;
if (bio_err == NULL)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
goto end;
informat = FORMAT_PEM;
outformat = FORMAT_PEM;
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
args = argv + 1;
while (!badarg && *args && *args[0] == '-') {
if (!strcmp(*args, "-v2")) {
if (args[1]) {
args++;
cipher = EVP_get_cipherbyname(*args);
if (!cipher) {
BIO_printf(bio_err, "Unknown cipher %s\n", *args);
badarg = 1;
}
} else
badarg = 1;
} else if (!strcmp(*args, "-v1")) {
if (args[1]) {
args++;
pbe_nid = OBJ_txt2nid(*args);
if (pbe_nid == NID_undef) {
BIO_printf(bio_err, "Unknown PBE algorithm %s\n", *args);
badarg = 1;
}
} else
badarg = 1;
} else if (!strcmp(*args, "-v2prf")) {
if (args[1]) {
args++;
pbe_nid = OBJ_txt2nid(*args);
if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0)) {
BIO_printf(bio_err, "Unknown PRF algorithm %s\n", *args);
badarg = 1;
}
} else
badarg = 1;
} else if (!strcmp(*args, "-inform")) {
if (args[1]) {
args++;
informat = str2fmt(*args);
} else
badarg = 1;
} else if (!strcmp(*args, "-outform")) {
if (args[1]) {
args++;
outformat = str2fmt(*args);
} else
badarg = 1;
} else if (!strcmp(*args, "-topk8"))
prog = opt_init(argc, argv, pkcs8_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(pkcs8_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_TOPK8:
topk8 = 1;
else if (!strcmp(*args, "-noiter"))
break;
case OPT_NOITER:
iter = 1;
else if (!strcmp(*args, "-iter")) {
if (args[1]) {
iter = atoi(*(++args));
if (iter <= 0)
badarg = 1;
} else
badarg = 1;
} else if (!strcmp(*args, "-nocrypt"))
break;
case OPT_NOCRYPT:
nocrypt = 1;
else if (!strcmp(*args, "-nooct"))
break;
case OPT_NOOCT:
p8_broken = PKCS8_NO_OCTET;
else if (!strcmp(*args, "-nsdb"))
break;
case OPT_NSDB:
p8_broken = PKCS8_NS_DB;
else if (!strcmp(*args, "-embed"))
break;
case OPT_EMBED:
p8_broken = PKCS8_EMBEDDED_PARAM;
else if (!strcmp(*args, "-passin")) {
if (args[1])
passargin = *(++args);
else
badarg = 1;
} else if (!strcmp(*args, "-passout")) {
if (args[1])
passargout = *(++args);
else
badarg = 1;
break;
case OPT_V2:
if (!opt_cipher(opt_arg(), &cipher))
goto opthelp;
break;
case OPT_V1:
pbe_nid = OBJ_txt2nid(opt_arg());
if (pbe_nid == NID_undef) {
BIO_printf(bio_err,
"%s: Unknown PBE algorithm %s\n", prog, opt_arg());
goto opthelp;
}
break;
case OPT_V2PRF:
pbe_nid = OBJ_txt2nid(opt_arg());
if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0)) {
BIO_printf(bio_err,
"%s: Unknown PRF algorithm %s\n", prog, opt_arg());
goto opthelp;
}
break;
case OPT_ITER:
if (!opt_int(opt_arg(), &iter))
goto opthelp;
break;
case OPT_PASSIN:
passinarg = opt_arg();
break;
case OPT_PASSOUT:
passoutarg = opt_arg();
break;
case OPT_ENGINE:
engine = opt_arg();
break;
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*args, "-engine") == 0) {
if (args[1])
engine = *(++args);
else
badarg = 1;
}
#endif
else if (!strcmp(*args, "-in")) {
if (args[1]) {
args++;
infile = *args;
} else
badarg = 1;
} else if (!strcmp(*args, "-out")) {
if (args[1]) {
args++;
outfile = *args;
} else
badarg = 1;
} else
badarg = 1;
args++;
}
argc = opt_num_rest();
argv = opt_rest();
if (badarg) {
BIO_printf(bio_err, "Usage pkcs8 [options]\n");
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, "-in file input file\n");
BIO_printf(bio_err, "-inform X input format (DER or PEM)\n");
BIO_printf(bio_err,
"-passin arg input file pass phrase source\n");
BIO_printf(bio_err, "-outform X output format (DER or PEM)\n");
BIO_printf(bio_err, "-out file output file\n");
BIO_printf(bio_err,
"-passout arg output file pass phrase source\n");
BIO_printf(bio_err, "-topk8 output PKCS8 file\n");
BIO_printf(bio_err,
"-nooct use (nonstandard) no octet format\n");
BIO_printf(bio_err,
"-embed use (nonstandard) embedded DSA parameters format\n");
BIO_printf(bio_err,
"-nsdb use (nonstandard) DSA Netscape DB format\n");
BIO_printf(bio_err, "-iter count use count as iteration count\n");
BIO_printf(bio_err, "-noiter use 1 as iteration count\n");
BIO_printf(bio_err,
"-nocrypt use or expect unencrypted private key\n");
BIO_printf(bio_err,
"-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n");
BIO_printf(bio_err,
"-v1 obj use PKCS#5 v1.5 and cipher \"alg\"\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,
" -engine e use engine e, possibly a hardware device.\n");
#endif
goto end;
}
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
e = setup_engine(engine, 0);
#endif
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
@ -246,30 +207,14 @@ int MAIN(int argc, char **argv)
if ((pbe_nid == -1) && !cipher)
pbe_nid = NID_pbeWithMD5AndDES_CBC;
if (infile) {
if (!(in = BIO_new_file(infile, "rb"))) {
BIO_printf(bio_err, "Can't open input file %s\n", infile);
goto end;
}
} else
in = BIO_new_fp(stdin, BIO_NOCLOSE);
if (outfile) {
if (!(out = BIO_new_file(outfile, "wb"))) {
BIO_printf(bio_err, "Can't open output file %s\n", outfile);
goto end;
}
} else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
in = bio_open_default(infile, "rb");
if (in == NULL)
goto end;
out = bio_open_default(outfile, "wb");
if (out == NULL)
goto end;
if (topk8) {
pkey = load_key(bio_err, infile, informat, 1, passin, e, "key");
pkey = load_key(infile, informat, 1, passin, e, "key");
if (!pkey)
goto end;
if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) {
@ -295,7 +240,7 @@ int MAIN(int argc, char **argv)
(pass, sizeof pass, "Enter Encryption Password:", 1))
goto end;
}
app_RAND_load_file(NULL, bio_err, 0);
app_RAND_load_file(NULL, 0);
if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
p8pass, strlen(p8pass),
NULL, 0, iter, p8inf))) {
@ -303,7 +248,7 @@ int MAIN(int argc, char **argv)
ERR_print_errors(bio_err);
goto end;
}
app_RAND_write_file(NULL, bio_err);
app_RAND_write_file(NULL);
if (outformat == FORMAT_PEM)
PEM_write_bio_PKCS8(out, p8);
else if (outformat == FORMAT_ASN1)

216
apps/pkey.c
View File

@ -1,4 +1,3 @@
/* apps/pkey.c */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 2006
@ -63,150 +62,121 @@
#include <openssl/err.h>
#include <openssl/evp.h>
#define PROG pkey_main
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE,
OPT_IN, OPT_OUT, OPT_PUBIN, OPT_PUBOUT, OPT_TEXT_PUB,
OPT_TEXT, OPT_NOOUT, OPT_MD
} OPTION_CHOICE;
int MAIN(int, char **);
OPTIONS pkey_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'F', "Input format (DER or PEM)"},
{"outform", OPT_OUTFORM, 'F', "Output format (DER or PEM)"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
{"in", OPT_IN, '<', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
{"pubin", OPT_PUBIN, '-',
"Read public key from input (default is private key)"},
{"pubout", OPT_PUBOUT, '-', "Output public key, not private"},
{"text_pub", OPT_TEXT_PUB, '-', "Only output public key components"},
{"text", OPT_TEXT, '-', "Output in plaintext as well"},
{"noout", OPT_NOOUT, '-', "Don't output the key"},
{"", OPT_MD, '-', "Any supported cipher"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{NULL}
};
int MAIN(int argc, char **argv)
int pkey_main(int argc, char **argv)
{
ENGINE *e = NULL;
char **args, *infile = NULL, *outfile = NULL;
char *passargin = NULL, *passargout = NULL;
BIO *in = NULL, *out = NULL;
const EVP_CIPHER *cipher = NULL;
int informat, outformat;
int pubin = 0, pubout = 0, pubtext = 0, text = 0, noout = 0;
ENGINE *e = NULL;
EVP_PKEY *pkey = NULL;
char *passin = NULL, *passout = NULL;
int badarg = 0;
#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
#endif
int ret = 1;
const EVP_CIPHER *cipher = NULL;
char *infile = NULL, *outfile = NULL, *passin = NULL, *passout = NULL;
char *passinarg = NULL, *passoutarg = NULL, *prog, *engine = NULL;
OPTION_CHOICE o;
int informat = FORMAT_PEM, outformat = FORMAT_PEM;
int pubin = 0, pubout = 0, pubtext = 0, text = 0, noout = 0, ret = 1;
if (bio_err == NULL)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
goto end;
informat = FORMAT_PEM;
outformat = FORMAT_PEM;
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
args = argv + 1;
while (!badarg && *args && *args[0] == '-') {
if (!strcmp(*args, "-inform")) {
if (args[1]) {
args++;
informat = str2fmt(*args);
} else
badarg = 1;
} else if (!strcmp(*args, "-outform")) {
if (args[1]) {
args++;
outformat = str2fmt(*args);
} else
badarg = 1;
} else if (!strcmp(*args, "-passin")) {
if (!args[1])
goto bad;
passargin = *(++args);
} else if (!strcmp(*args, "-passout")) {
if (!args[1])
goto bad;
passargout = *(++args);
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*args, "-engine") == 0) {
if (!args[1])
goto bad;
engine = *(++args);
}
#endif
else if (!strcmp(*args, "-in")) {
if (args[1]) {
args++;
infile = *args;
} else
badarg = 1;
} else if (!strcmp(*args, "-out")) {
if (args[1]) {
args++;
outfile = *args;
} else
badarg = 1;
} else if (strcmp(*args, "-pubin") == 0) {
pubin = 1;
prog = opt_init(argc, argv, pkey_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(pkey_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
goto opthelp;
break;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
case OPT_PASSIN:
passinarg = opt_arg();
break;
case OPT_PASSOUT:
passoutarg = opt_arg();
break;
case OPT_ENGINE:
engine = opt_arg();
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_PUBIN:
pubin = pubout = pubtext = 1;
break;
case OPT_PUBOUT:
pubout = 1;
pubtext = 1;
} else if (strcmp(*args, "-pubout") == 0)
pubout = 1;
else if (strcmp(*args, "-text_pub") == 0) {
pubtext = 1;
break;
case OPT_TEXT_PUB:
pubtext = text = 1;
break;
case OPT_TEXT:
text = 1;
} else if (strcmp(*args, "-text") == 0)
text = 1;
else if (strcmp(*args, "-noout") == 0)
break;
case OPT_NOOUT:
noout = 1;
else {
cipher = EVP_get_cipherbyname(*args + 1);
if (!cipher) {
BIO_printf(bio_err, "Unknown cipher %s\n", *args + 1);
badarg = 1;
}
break;
case OPT_MD:
if (!opt_cipher(opt_unknown(), &cipher))
goto opthelp;
}
args++;
}
argc = opt_num_rest();
argv = opt_rest();
if (badarg) {
bad:
BIO_printf(bio_err, "Usage pkey [options]\n");
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, "-in file input file\n");
BIO_printf(bio_err, "-inform X input format (DER or PEM)\n");
BIO_printf(bio_err,
"-passin arg input file pass phrase source\n");
BIO_printf(bio_err, "-outform X output format (DER or PEM)\n");
BIO_printf(bio_err, "-out file output file\n");
BIO_printf(bio_err,
"-passout arg output file pass phrase source\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,
"-engine e use engine e, possibly a hardware device.\n");
#endif
return 1;
}
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
e = setup_engine(engine, 0);
#endif
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
if (outfile) {
if (!(out = BIO_new_file(outfile, "wb"))) {
BIO_printf(bio_err, "Can't open output file %s\n", outfile);
goto end;
}
} else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
out = bio_open_default(outfile, "wb");
if (out == NULL)
goto end;
if (pubin)
pkey = load_pubkey(bio_err, infile, informat, 1,
passin, e, "Public Key");
pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key");
else
pkey = load_key(bio_err, infile, informat, 1, passin, e, "key");
pkey = load_key(infile, informat, 1, passin, e, "key");
if (!pkey)
goto end;

143
apps/pkeyparam.c
View File

@ -1,4 +1,3 @@
/* apps/pkeyparam.c */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 2006
@ -63,104 +62,72 @@
#include <openssl/err.h>
#include <openssl/evp.h>
#define PROG pkeyparam_main
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_IN, OPT_OUT, OPT_TEXT, OPT_NOOUT, OPT_ENGINE
} OPTION_CHOICE;
int MAIN(int, char **);
OPTIONS pkeyparam_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"in", OPT_IN, '<', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
{"text", OPT_TEXT, '-', "Print parameters as text"},
{"noout", OPT_NOOUT, '-', "Don't output encoded parameters"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{NULL}
};
int MAIN(int argc, char **argv)
int pkeyparam_main(int argc, char **argv)
{
char **args, *infile = NULL, *outfile = NULL;
BIO *in = NULL, *out = NULL;
int text = 0, noout = 0;
EVP_PKEY *pkey = NULL;
int badarg = 0;
#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
#endif
int ret = 1;
int text = 0, noout = 0, ret = 1;
OPTION_CHOICE o;
char *infile = NULL, *outfile = NULL, *prog, *engine = NULL;
if (bio_err == NULL)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
goto end;
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
args = argv + 1;
while (!badarg && *args && *args[0] == '-') {
if (!strcmp(*args, "-in")) {
if (args[1]) {
args++;
infile = *args;
} else
badarg = 1;
} else if (!strcmp(*args, "-out")) {
if (args[1]) {
args++;
outfile = *args;
} else
badarg = 1;
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*args, "-engine") == 0) {
if (!args[1])
goto bad;
engine = *(++args);
}
#endif
else if (strcmp(*args, "-text") == 0)
prog = opt_init(argc, argv, pkeyparam_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(pkeyparam_options);
ret = 0;
goto end;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_ENGINE:
engine = opt_arg();
break;
case OPT_TEXT:
text = 1;
else if (strcmp(*args, "-noout") == 0)
break;
case OPT_NOOUT:
noout = 1;
args++;
}
if (badarg) {
#ifndef OPENSSL_NO_ENGINE
bad:
#endif
BIO_printf(bio_err, "Usage pkeyparam [options]\n");
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, "-in file input file\n");
BIO_printf(bio_err, "-out file output file\n");
BIO_printf(bio_err, "-text print parameters as text\n");
BIO_printf(bio_err,
"-noout don't output encoded parameters\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,
"-engine e use engine e, possibly a hardware device.\n");
#endif
return 1;
}
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
#endif
if (infile) {
if (!(in = BIO_new_file(infile, "r"))) {
BIO_printf(bio_err, "Can't open input file %s\n", infile);
goto end;
break;
}
} else
in = BIO_new_fp(stdin, BIO_NOCLOSE);
if (outfile) {
if (!(out = BIO_new_file(outfile, "w"))) {
BIO_printf(bio_err, "Can't open output file %s\n", outfile);
goto end;
}
} else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
argc = opt_num_rest();
argv = opt_rest();
#ifndef OPENSSL_NO_ENGINE
setup_engine(engine, 0);
#endif
in = bio_open_default(infile, "r");
if (in == NULL)
goto end;
out = bio_open_default(outfile, "w");
if (out == NULL)
goto end;
pkey = PEM_read_bio_Parameters(in, NULL);
if (!pkey) {
BIO_printf(bio_err, "Error reading parameters\n");

370
apps/pkeyutl.c
View File

@ -66,200 +66,194 @@
#define KEY_PUBKEY 2
#define KEY_CERT 3
static void usage(void);
#undef PROG
#define PROG pkeyutl_main
static EVP_PKEY_CTX *init_ctx(int *pkeysize,
char *keyfile, int keyform, int key_type,
char *passargin, int pkey_op, ENGINE *e);
char *passinarg, int pkey_op, ENGINE *e);
static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
const char *file);
static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file);
static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
unsigned char *out, size_t *poutlen,
unsigned char *in, size_t inlen);
int MAIN(int argc, char **);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_ENGINE, OPT_IN, OPT_OUT,
OPT_PUBIN, OPT_CERTIN, OPT_ASN1PARSE, OPT_HEXDUMP, OPT_SIGN,
OPT_VERIFY, OPT_VERIFYRECOVER, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT,
OPT_DERIVE, OPT_SIGFILE, OPT_INKEY, OPT_PEERKEY, OPT_PASSIN,
OPT_PEERFORM, OPT_KEYFORM, OPT_PKEYOPT
} OPTION_CHOICE;
int MAIN(int argc, char **argv)
OPTIONS pkeyutl_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"in", OPT_IN, '<', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
{"pubin", OPT_PUBIN, '-', "Input is a public key"},
{"certin", OPT_CERTIN, '-', "Input is a cert with a public key"},
{"asn1parse", OPT_ASN1PARSE, '-'},
{"hexdump", OPT_HEXDUMP, '-', "Hex dump output"},
{"sign", OPT_SIGN, '-', "Sign with private key"},
{"verify", OPT_VERIFY, '-', "Verify with public key"},
{"verifyrecover", OPT_VERIFYRECOVER, '-',
"Verify with public key, recover original data"},
{"rev", OPT_REV, '-'},
{"encrypt", OPT_ENCRYPT, '-', "Encrypt with public key"},
{"decrypt", OPT_DECRYPT, '-', "Decrypt with private key"},
{"derive", OPT_DERIVE, '-', "Derive shared secret"},
{"sigfile", OPT_SIGFILE, '<', "Signature file (verify operation only)"},
{"inkey", OPT_INKEY, 's', "Input key"},
{"peerkey", OPT_PEERKEY, 's'},
{"passin", OPT_PASSIN, 's', "Pass phrase source"},
{"peerform", OPT_PEERFORM, 'F'},
{"keyform", OPT_KEYFORM, 'F', "Private key format - default PEM"},
{"pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{NULL}
};
int pkeyutl_main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL;
char *infile = NULL, *outfile = NULL, *sigfile = NULL;
ENGINE *e = NULL;
int pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY;
int keyform = FORMAT_PEM, peerform = FORMAT_PEM;
char badarg = 0, rev = 0;
char hexdump = 0, asn1parse = 0;
EVP_PKEY_CTX *ctx = NULL;
char *passargin = NULL;
int keysize = -1;
char *infile = NULL, *outfile = NULL, *sigfile = NULL, *passinarg = NULL;
char hexdump = 0, asn1parse = 0, rev = 0, *prog;
unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;
size_t buf_outlen;
int buf_inlen = 0, siglen = -1;
OPTION_CHOICE o;
int buf_inlen = 0, siglen = -1, keyform = FORMAT_PEM, peerform =
FORMAT_PEM;
int keysize = -1, pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY;
int ret = 1, rv = -1;
size_t buf_outlen;
argc--;
argv++;
if (!bio_err)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
goto end;
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
while (argc >= 1) {
if (!strcmp(*argv, "-in")) {
if (--argc < 1)
badarg = 1;
else
infile = *(++argv);
} else if (!strcmp(*argv, "-out")) {
if (--argc < 1)
badarg = 1;
else
outfile = *(++argv);
} else if (!strcmp(*argv, "-sigfile")) {
if (--argc < 1)
badarg = 1;
else
sigfile = *(++argv);
} else if (!strcmp(*argv, "-inkey")) {
if (--argc < 1)
badarg = 1;
else {
ctx = init_ctx(&keysize,
*(++argv), keyform, key_type,
passargin, pkey_op, e);
if (!ctx) {
BIO_puts(bio_err, "Error initializing context\n");
ERR_print_errors(bio_err);
badarg = 1;
}
prog = opt_init(argc, argv, pkeyutl_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(pkeyutl_options);
ret = 0;
goto end;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_SIGFILE:
sigfile = opt_arg();
break;
case OPT_INKEY:
ctx = init_ctx(&keysize, opt_arg(), keyform, key_type,
passinarg, pkey_op, e);
if (ctx == NULL) {
BIO_puts(bio_err, "%s: Error initializing context\n");
ERR_print_errors(bio_err);
goto opthelp;
}
} else if (!strcmp(*argv, "-peerkey")) {
if (--argc < 1)
badarg = 1;
else if (!setup_peer(bio_err, ctx, peerform, *(++argv)))
badarg = 1;
} else if (!strcmp(*argv, "-passin")) {
if (--argc < 1)
badarg = 1;
else
passargin = *(++argv);
} else if (strcmp(*argv, "-peerform") == 0) {
if (--argc < 1)
badarg = 1;
else
peerform = str2fmt(*(++argv));
} else if (strcmp(*argv, "-keyform") == 0) {
if (--argc < 1)
badarg = 1;
else
keyform = str2fmt(*(++argv));
}
break;
case OPT_PEERKEY:
if (!setup_peer(ctx, peerform, opt_arg()))
goto opthelp;
break;
case OPT_PASSIN:
passinarg = opt_arg();
break;
case OPT_PEERFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &peerform))
goto opthelp;
break;
case OPT_KEYFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &keyform))
goto opthelp;
break;
#ifndef OPENSSL_NO_ENGINE
else if (!strcmp(*argv, "-engine")) {
if (--argc < 1)
badarg = 1;
else
e = setup_engine(bio_err, *(++argv), 0);
}
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
#endif
else if (!strcmp(*argv, "-pubin"))
case OPT_PUBIN:
key_type = KEY_PUBKEY;
else if (!strcmp(*argv, "-certin"))
break;
case OPT_CERTIN:
key_type = KEY_CERT;
else if (!strcmp(*argv, "-asn1parse"))
break;
case OPT_ASN1PARSE:
asn1parse = 1;
else if (!strcmp(*argv, "-hexdump"))
break;
case OPT_HEXDUMP:
hexdump = 1;
else if (!strcmp(*argv, "-sign"))
break;
case OPT_SIGN:
pkey_op = EVP_PKEY_OP_SIGN;
else if (!strcmp(*argv, "-verify"))
break;
case OPT_VERIFY:
pkey_op = EVP_PKEY_OP_VERIFY;
else if (!strcmp(*argv, "-verifyrecover"))
break;
case OPT_VERIFYRECOVER:
pkey_op = EVP_PKEY_OP_VERIFYRECOVER;
else if (!strcmp(*argv, "-rev"))
break;
case OPT_REV:
rev = 1;
else if (!strcmp(*argv, "-encrypt"))
case OPT_ENCRYPT:
pkey_op = EVP_PKEY_OP_ENCRYPT;
else if (!strcmp(*argv, "-decrypt"))
break;
case OPT_DECRYPT:
pkey_op = EVP_PKEY_OP_DECRYPT;
else if (!strcmp(*argv, "-derive"))
break;
case OPT_DERIVE:
pkey_op = EVP_PKEY_OP_DERIVE;
else if (strcmp(*argv, "-pkeyopt") == 0) {
if (--argc < 1)
badarg = 1;
else if (!ctx) {
BIO_puts(bio_err, "-pkeyopt command before -inkey\n");
badarg = 1;
} else if (pkey_ctrl_string(ctx, *(++argv)) <= 0) {
BIO_puts(bio_err, "parameter setting error\n");
break;
case OPT_PKEYOPT:
if (ctx == NULL) {
BIO_printf(bio_err,
"%s: Must have -inkey before -pkeyopt\n", prog);
goto opthelp;
}
if (pkey_ctrl_string(ctx, opt_arg()) <= 0) {
BIO_printf(bio_err, "%s: Can't set parameter:\n", prog);
ERR_print_errors(bio_err);
goto end;
}
} else
badarg = 1;
if (badarg) {
usage();
goto end;
break;
}
argc--;
argv++;
}
argc = opt_num_rest();
argv = opt_rest();
if (!ctx) {
usage();
goto end;
}
if (ctx == NULL)
goto opthelp;
if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY)) {
BIO_puts(bio_err, "Signature file specified for non verify\n");
BIO_printf(bio_err,
"%s: Signature file specified for non verify\n", prog);
goto end;
}
if (!sigfile && (pkey_op == EVP_PKEY_OP_VERIFY)) {
BIO_puts(bio_err, "No signature file specified for verify\n");
BIO_printf(bio_err,
"%s: No signature file specified for verify\n", prog);
goto end;
}
/* FIXME: seed PRNG only if needed */
app_RAND_load_file(NULL, bio_err, 0);
app_RAND_load_file(NULL, 0);
if (pkey_op != EVP_PKEY_OP_DERIVE) {
if (infile) {
if (!(in = BIO_new_file(infile, "rb"))) {
BIO_puts(bio_err, "Error Opening Input File\n");
ERR_print_errors(bio_err);
goto end;
}
} else
in = BIO_new_fp(stdin, BIO_NOCLOSE);
}
if (outfile) {
if (!(out = BIO_new_file(outfile, "wb"))) {
BIO_printf(bio_err, "Error Creating Output File\n");
ERR_print_errors(bio_err);
in = bio_open_default(infile, "rb");
if (in == NULL)
goto end;
}
} else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
out = bio_open_default(outfile, "wb");
if (out == NULL)
goto end;
if (sigfile) {
BIO *sigbio = BIO_new_file(sigfile, "rb");
@ -297,32 +291,30 @@ int MAIN(int argc, char **argv)
if (pkey_op == EVP_PKEY_OP_VERIFY) {
rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen,
buf_in, (size_t)buf_inlen);
if (rv == 0)
BIO_puts(out, "Signature Verification Failure\n");
else if (rv == 1)
if (rv == 1) {
BIO_puts(out, "Signature Verified Successfully\n");
if (rv >= 0)
goto end;
} else {
rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen,
buf_in, (size_t)buf_inlen);
if (rv > 0) {
buf_out = OPENSSL_malloc(buf_outlen);
if (!buf_out)
rv = -1;
else
rv = do_keyop(ctx, pkey_op,
buf_out, (size_t *)&buf_outlen,
buf_in, (size_t)buf_inlen);
}
ret = 0;
} else
BIO_puts(out, "Signature Verification Failure\n");
goto end;
}
rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen,
buf_in, (size_t)buf_inlen);
if (rv > 0) {
buf_out = OPENSSL_malloc(buf_outlen);
if (!buf_out)
rv = -1;
else
rv = do_keyop(ctx, pkey_op,
buf_out, (size_t *)&buf_outlen,
buf_in, (size_t)buf_inlen);
}
if (rv <= 0) {
BIO_printf(bio_err, "Public Key operation error\n");
ERR_print_errors(bio_err);
goto end;
}
ret = 0;
if (asn1parse) {
if (!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1))
ERR_print_errors(bio_err);
@ -344,38 +336,9 @@ int MAIN(int argc, char **argv)
return ret;
}
static void usage()
{
BIO_printf(bio_err, "Usage: pkeyutl [options]\n");
BIO_printf(bio_err, "-in file input file\n");
BIO_printf(bio_err, "-out file output file\n");
BIO_printf(bio_err,
"-sigfile file signature file (verify operation only)\n");
BIO_printf(bio_err, "-inkey file input key\n");
BIO_printf(bio_err, "-keyform arg private key format - default PEM\n");
BIO_printf(bio_err, "-pubin input is a public key\n");
BIO_printf(bio_err,
"-certin input is a certificate carrying a public key\n");
BIO_printf(bio_err, "-pkeyopt X:Y public key options\n");
BIO_printf(bio_err, "-sign sign with private key\n");
BIO_printf(bio_err, "-verify verify with public key\n");
BIO_printf(bio_err,
"-verifyrecover verify with public key, recover original data\n");
BIO_printf(bio_err, "-encrypt encrypt with public key\n");
BIO_printf(bio_err, "-decrypt decrypt with private key\n");
BIO_printf(bio_err, "-derive derive shared secret\n");
BIO_printf(bio_err, "-hexdump hex dump output\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,
"-engine e use engine e, possibly a hardware device.\n");
#endif
BIO_printf(bio_err, "-passin arg pass phrase source\n");
}
static EVP_PKEY_CTX *init_ctx(int *pkeysize,
char *keyfile, int keyform, int key_type,
char *passargin, int pkey_op, ENGINE *e)
char *passinarg, int pkey_op, ENGINE *e)
{
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
@ -388,23 +351,21 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize,
BIO_printf(bio_err, "A private key is needed for this operation\n");
goto end;
}
if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
if (!app_passwd(passinarg, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
switch (key_type) {
case KEY_PRIVKEY:
pkey = load_key(bio_err, keyfile, keyform, 0,
passin, e, "Private Key");
pkey = load_key(keyfile, keyform, 0, passin, e, "Private Key");
break;
case KEY_PUBKEY:
pkey = load_pubkey(bio_err, keyfile, keyform, 0,
NULL, e, "Public Key");
pkey = load_pubkey(keyfile, keyform, 0, NULL, e, "Public Key");
break;
case KEY_CERT:
x = load_cert(bio_err, keyfile, keyform, NULL, e, "Certificate");
x = load_cert(keyfile, keyform, NULL, e, "Certificate");
if (x) {
pkey = X509_get_pubkey(x);
X509_free(x);
@ -465,21 +426,20 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize,
}
static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
const char *file)
static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file)
{
EVP_PKEY *peer = NULL;
int ret;
if (!ctx) {
BIO_puts(err, "-peerkey command before -inkey\n");
BIO_puts(bio_err, "-peerkey command before -inkey\n");
return 0;
}
peer = load_pubkey(bio_err, file, peerform, 0, NULL, NULL, "Peer Key");
peer = load_pubkey(file, peerform, 0, NULL, NULL, "Peer Key");
if (!peer) {
BIO_printf(bio_err, "Error reading peer key %s\n", file);
ERR_print_errors(err);
ERR_print_errors(bio_err);
return 0;
}
@ -487,7 +447,7 @@ static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
EVP_PKEY_free(peer);
if (ret <= 0)
ERR_print_errors(err);
ERR_print_errors(bio_err);
return ret;
}

129
apps/prime.c
View File

@ -52,67 +52,66 @@
#include "apps.h"
#include <openssl/bn.h>
#undef PROG
#define PROG prime_main
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_HEX, OPT_GENERATE, OPT_BITS, OPT_SAFE, OPT_CHECKS
} OPTION_CHOICE;
int MAIN(int, char **);
OPTIONS prime_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [options] [number...]\n"},
{OPT_HELP_STR, 1, '-',
" number Number to check for primarility\n"},
{"help", OPT_HELP, '-', "Display this summary"},
{"hex", OPT_HEX, '-', "Hex output"},
{"generate", OPT_GENERATE, '-', "Generate a prime"},
{"bits", OPT_BITS, 'p', "Size of number in bits"},
{"safe", OPT_SAFE, '-',
"When used with -generate, generate a safe prime"},
{"checks", OPT_CHECKS, 'p', "Number of checks"},
{NULL}
};
int MAIN(int argc, char **argv)
int prime_main(int argc, char **argv)
{
int hex = 0;
int checks = 20;
int generate = 0;
int bits = 0;
int safe = 0;
BIGNUM *bn = NULL;
BIO *bio_out;
int hex = 0, checks = 20, generate = 0, bits = 0, safe = 0, ret = 1;
char *prog;
OPTION_CHOICE o;
apps_startup();
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
--argc;
++argv;
while (argc >= 1 && **argv == '-') {
if (!strcmp(*argv, "-hex"))
prog = opt_init(argc, argv, prime_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(prime_options);
ret = 0;
goto end;
case OPT_HEX:
hex = 1;
else if (!strcmp(*argv, "-generate"))
break;
case OPT_GENERATE:
generate = 1;
else if (!strcmp(*argv, "-bits"))
if (--argc < 1)
goto bad;
else
bits = atoi(*++argv);
else if (!strcmp(*argv, "-safe"))
break;
case OPT_BITS:
bits = atoi(opt_arg());
break;
case OPT_SAFE:
safe = 1;
else if (!strcmp(*argv, "-checks"))
if (--argc < 1)
goto bad;
else
checks = atoi(*++argv);
else {
BIO_printf(bio_err, "Unknown option '%s'\n", *argv);
goto bad;
break;
case OPT_CHECKS:
checks = atoi(opt_arg());
break;
}
--argc;
++argv;
}
argc = opt_num_rest();
argv = opt_rest();
if (argv[0] == NULL && !generate) {
BIO_printf(bio_err, "No prime specified\n");
goto bad;
}
if ((bio_out = BIO_new(BIO_s_file())) != NULL) {
BIO_set_fp(bio_out, stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
bio_out = BIO_push(tmpbio, bio_out);
}
#endif
if (argc == 0 && !generate) {
BIO_printf(bio_err, "%s: No prime specified\n", prog);
goto end;
}
if (generate) {
@ -120,7 +119,7 @@ int MAIN(int argc, char **argv)
if (!bits) {
BIO_printf(bio_err, "Specifiy the number of bits.\n");
return 1;
goto end;
}
bn = BN_new();
BN_generate_prime_ex(bn, bits, safe, NULL, NULL, NULL);
@ -128,24 +127,22 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_out, "%s\n", s);
OPENSSL_free(s);
} else {
if (hex)
BN_hex2bn(&bn, argv[0]);
else
BN_dec2bn(&bn, argv[0]);
for ( ; *argv; argv++) {
if (hex)
BN_hex2bn(&bn, argv[0]);
else
BN_dec2bn(&bn, argv[0]);
BN_print(bio_out, bn);
BIO_printf(bio_out, " is %sprime\n",
BN_is_prime_ex(bn, checks, NULL, NULL) ? "" : "not ");
BN_print(bio_out, bn);
BIO_printf(bio_out, " (%s) %s prime\n",
argv[0],
BN_is_prime_ex(bn, checks, NULL, NULL)
? "is" : "is not");
}
}
BN_free(bn);
BIO_free_all(bio_out);
return 0;
bad:
BIO_printf(bio_err, "options are\n");
BIO_printf(bio_err, "%-14s hex\n", "-hex");
BIO_printf(bio_err, "%-14s number of checks\n", "-checks <n>");
return 1;
end:
return ret;
}

445
apps/progs.h
View File

@ -1,364 +1,415 @@
/* apps/progs.h */
/* automatically generated by progs.pl for openssl.c */
/*
* Automatically generated by progs.pl for openssl.c
* Copyright (c) 2008 The OpenSSL Project. All rights reserved.
* See the openssl.c for copyright details.
*/
typedef enum FUNC_TYPE {
FT_none, FT_general, FT_md, FT_cipher, FT_pkey,
FT_md_alg, FT_cipher_alg
} FUNC_TYPE;
typedef struct function_st {
FUNC_TYPE type;
const char *name;
int (*func)(int argc,char *argv[]);
const OPTIONS *help;
} FUNCTION;
extern int verify_main(int argc, char *argv[]);
extern int asn1parse_main(int argc, char *argv[]);
extern int req_main(int argc, char *argv[]);
extern int dgst_main(int argc, char *argv[]);
extern int dh_main(int argc, char *argv[]);
extern int dhparam_main(int argc, char *argv[]);
extern int enc_main(int argc, char *argv[]);
extern int passwd_main(int argc, char *argv[]);
extern int gendh_main(int argc, char *argv[]);
extern int errstr_main(int argc, char *argv[]);
extern int ca_main(int argc, char *argv[]);
extern int ciphers_main(int argc, char *argv[]);
extern int cms_main(int argc, char *argv[]);
extern int crl_main(int argc, char *argv[]);
extern int rsa_main(int argc, char *argv[]);
extern int rsautl_main(int argc, char *argv[]);
extern int crl2pkcs7_main(int argc, char *argv[]);
extern int dgst_main(int argc, char *argv[]);
extern int dhparam_main(int argc, char *argv[]);
extern int dsa_main(int argc, char *argv[]);
extern int dsaparam_main(int argc, char *argv[]);
extern int ec_main(int argc, char *argv[]);
extern int ecparam_main(int argc, char *argv[]);
extern int x509_main(int argc, char *argv[]);
extern int genrsa_main(int argc, char *argv[]);
extern int enc_main(int argc, char *argv[]);
extern int engine_main(int argc, char *argv[]);
extern int errstr_main(int argc, char *argv[]);
extern int gendsa_main(int argc, char *argv[]);
extern int genpkey_main(int argc, char *argv[]);
extern int s_server_main(int argc, char *argv[]);
extern int s_client_main(int argc, char *argv[]);
extern int speed_main(int argc, char *argv[]);
extern int s_time_main(int argc, char *argv[]);
extern int version_main(int argc, char *argv[]);
extern int pkcs7_main(int argc, char *argv[]);
extern int cms_main(int argc, char *argv[]);
extern int crl2pkcs7_main(int argc, char *argv[]);
extern int sess_id_main(int argc, char *argv[]);
extern int ciphers_main(int argc, char *argv[]);
extern int genrsa_main(int argc, char *argv[]);
extern int nseq_main(int argc, char *argv[]);
extern int ocsp_main(int argc, char *argv[]);
extern int passwd_main(int argc, char *argv[]);
extern int pkcs12_main(int argc, char *argv[]);
extern int pkcs7_main(int argc, char *argv[]);
extern int pkcs8_main(int argc, char *argv[]);
extern int pkey_main(int argc, char *argv[]);
extern int pkeyparam_main(int argc, char *argv[]);
extern int pkeyutl_main(int argc, char *argv[]);
extern int spkac_main(int argc, char *argv[]);
extern int smime_main(int argc, char *argv[]);
extern int rand_main(int argc, char *argv[]);
extern int engine_main(int argc, char *argv[]);
extern int ocsp_main(int argc, char *argv[]);
extern int prime_main(int argc, char *argv[]);
extern int ts_main(int argc, char *argv[]);
extern int rand_main(int argc, char *argv[]);
extern int req_main(int argc, char *argv[]);
extern int rsa_main(int argc, char *argv[]);
extern int rsautl_main(int argc, char *argv[]);
extern int s_client_main(int argc, char *argv[]);
extern int s_server_main(int argc, char *argv[]);
extern int s_time_main(int argc, char *argv[]);
extern int sess_id_main(int argc, char *argv[]);
extern int smime_main(int argc, char *argv[]);
extern int speed_main(int argc, char *argv[]);
extern int spkac_main(int argc, char *argv[]);
extern int srp_main(int argc, char *argv[]);
extern int ts_main(int argc, char *argv[]);
extern int verify_main(int argc, char *argv[]);
extern int version_main(int argc, char *argv[]);
extern int x509_main(int argc, char *argv[]);
extern int list_main(int argc, char *argv[]);
extern int help_main(int argc, char *argv[]);
extern int exit_main(int argc, char *argv[]);
#define FUNC_TYPE_GENERAL 1
#define FUNC_TYPE_MD 2
#define FUNC_TYPE_CIPHER 3
#define FUNC_TYPE_PKEY 4
#define FUNC_TYPE_MD_ALG 5
#define FUNC_TYPE_CIPHER_ALG 6
typedef struct {
int type;
const char *name;
int (*func) (int argc, char *argv[]);
} FUNCTION;
DECLARE_LHASH_OF(FUNCTION);
#ifdef INCLUDE_FUNCTION_TABLE
extern OPTIONS asn1parse_options[];
extern OPTIONS ca_options[];
extern OPTIONS ciphers_options[];
extern OPTIONS cms_options[];
extern OPTIONS crl_options[];
extern OPTIONS crl2pkcs7_options[];
extern OPTIONS dgst_options[];
extern OPTIONS dhparam_options[];
extern OPTIONS dsa_options[];
extern OPTIONS dsaparam_options[];
extern OPTIONS ec_options[];
extern OPTIONS ecparam_options[];
extern OPTIONS enc_options[];
extern OPTIONS engine_options[];
extern OPTIONS errstr_options[];
extern OPTIONS gendsa_options[];
extern OPTIONS genpkey_options[];
extern OPTIONS genrsa_options[];
extern OPTIONS nseq_options[];
extern OPTIONS ocsp_options[];
extern OPTIONS passwd_options[];
extern OPTIONS pkcs12_options[];
extern OPTIONS pkcs7_options[];
extern OPTIONS pkcs8_options[];
extern OPTIONS pkey_options[];
extern OPTIONS pkeyparam_options[];
extern OPTIONS pkeyutl_options[];
extern OPTIONS prime_options[];
extern OPTIONS rand_options[];
extern OPTIONS req_options[];
extern OPTIONS rsa_options[];
extern OPTIONS rsautl_options[];
extern OPTIONS s_client_options[];
extern OPTIONS s_server_options[];
extern OPTIONS s_time_options[];
extern OPTIONS sess_id_options[];
extern OPTIONS smime_options[];
extern OPTIONS speed_options[];
extern OPTIONS spkac_options[];
extern OPTIONS srp_options[];
extern OPTIONS ts_options[];
extern OPTIONS verify_options[];
extern OPTIONS version_options[];
extern OPTIONS x509_options[];
extern OPTIONS list_options[];
extern OPTIONS help_options[];
extern OPTIONS exit_options[];
FUNCTION functions[] = {
{FUNC_TYPE_GENERAL, "verify", verify_main},
{FUNC_TYPE_GENERAL, "asn1parse", asn1parse_main},
{FUNC_TYPE_GENERAL, "req", req_main},
{FUNC_TYPE_GENERAL, "dgst", dgst_main},
#ifndef OPENSSL_NO_DH
{FUNC_TYPE_GENERAL, "dh", dh_main},
#endif
#ifndef OPENSSL_NO_DH
{FUNC_TYPE_GENERAL, "dhparam", dhparam_main},
#endif
{FUNC_TYPE_GENERAL, "enc", enc_main},
{FUNC_TYPE_GENERAL, "passwd", passwd_main},
#ifndef OPENSSL_NO_DH
{FUNC_TYPE_GENERAL, "gendh", gendh_main},
#endif
{FUNC_TYPE_GENERAL, "errstr", errstr_main},
{FUNC_TYPE_GENERAL, "ca", ca_main},
{FUNC_TYPE_GENERAL, "crl", crl_main},
#ifndef OPENSSL_NO_RSA
{FUNC_TYPE_GENERAL, "rsa", rsa_main},
#endif
#ifndef OPENSSL_NO_RSA
{FUNC_TYPE_GENERAL, "rsautl", rsautl_main},
#endif
#ifndef OPENSSL_NO_DSA
{FUNC_TYPE_GENERAL, "dsa", dsa_main},
#endif
#ifndef OPENSSL_NO_DSA
{FUNC_TYPE_GENERAL, "dsaparam", dsaparam_main},
#endif
#ifndef OPENSSL_NO_EC
{FUNC_TYPE_GENERAL, "ec", ec_main},
#endif
#ifndef OPENSSL_NO_EC
{FUNC_TYPE_GENERAL, "ecparam", ecparam_main},
#endif
{FUNC_TYPE_GENERAL, "x509", x509_main},
#ifndef OPENSSL_NO_RSA
{FUNC_TYPE_GENERAL, "genrsa", genrsa_main},
#endif
#ifndef OPENSSL_NO_DSA
{FUNC_TYPE_GENERAL, "gendsa", gendsa_main},
#endif
{FUNC_TYPE_GENERAL, "genpkey", genpkey_main},
{ FT_general, "asn1parse", asn1parse_main, asn1parse_options },
{ FT_general, "ca", ca_main, ca_options },
#if !defined(OPENSSL_NO_SOCK)
{FUNC_TYPE_GENERAL, "s_server", s_server_main},
{ FT_general, "ciphers", ciphers_main, ciphers_options },
#endif
#if !defined(OPENSSL_NO_SOCK)
{FUNC_TYPE_GENERAL, "s_client", s_client_main},
#endif
{FUNC_TYPE_GENERAL, "speed", speed_main},
#if !defined(OPENSSL_NO_SOCK)
{FUNC_TYPE_GENERAL, "s_time", s_time_main},
#endif
{FUNC_TYPE_GENERAL, "version", version_main},
{FUNC_TYPE_GENERAL, "pkcs7", pkcs7_main},
#ifndef OPENSSL_NO_CMS
{FUNC_TYPE_GENERAL, "cms", cms_main},
{ FT_general, "cms", cms_main, cms_options },
#endif
{FUNC_TYPE_GENERAL, "crl2pkcs7", crl2pkcs7_main},
{FUNC_TYPE_GENERAL, "sess_id", sess_id_main},
#if !defined(OPENSSL_NO_SOCK)
{FUNC_TYPE_GENERAL, "ciphers", ciphers_main},
{ FT_general, "crl", crl_main, crl_options },
{ FT_general, "crl2pkcs7", crl2pkcs7_main, crl2pkcs7_options },
{ FT_general, "dgst", dgst_main, dgst_options },
#ifndef OPENSSL_NO_DH
{ FT_general, "dhparam", dhparam_main, dhparam_options },
#endif
{FUNC_TYPE_GENERAL, "nseq", nseq_main},
#if !defined(OPENSSL_NO_DES)
{FUNC_TYPE_GENERAL, "pkcs12", pkcs12_main},
#ifndef OPENSSL_NO_DSA
{ FT_general, "dsa", dsa_main, dsa_options },
#endif
{FUNC_TYPE_GENERAL, "pkcs8", pkcs8_main},
{FUNC_TYPE_GENERAL, "pkey", pkey_main},
{FUNC_TYPE_GENERAL, "pkeyparam", pkeyparam_main},
{FUNC_TYPE_GENERAL, "pkeyutl", pkeyutl_main},
{FUNC_TYPE_GENERAL, "spkac", spkac_main},
{FUNC_TYPE_GENERAL, "smime", smime_main},
{FUNC_TYPE_GENERAL, "rand", rand_main},
#ifndef OPENSSL_NO_DSA
{ FT_general, "dsaparam", dsaparam_main, dsaparam_options },
#endif
#ifndef OPENSSL_NO_EC
{ FT_general, "ec", ec_main, ec_options },
#endif
#ifndef OPENSSL_NO_EC
{ FT_general, "ecparam", ecparam_main, ecparam_options },
#endif
{ FT_general, "enc", enc_main, enc_options },
#ifndef OPENSSL_NO_ENGINE
{FUNC_TYPE_GENERAL, "engine", engine_main},
{ FT_general, "engine", engine_main, engine_options },
#endif
{ FT_general, "errstr", errstr_main, errstr_options },
#ifndef OPENSSL_NO_DSA
{ FT_general, "gendsa", gendsa_main, gendsa_options },
#endif
{ FT_general, "genpkey", genpkey_main, genpkey_options },
#ifndef OPENSSL_NO_RSA
{ FT_general, "genrsa", genrsa_main, genrsa_options },
#endif
{ FT_general, "nseq", nseq_main, nseq_options },
#ifndef OPENSSL_NO_OCSP
{FUNC_TYPE_GENERAL, "ocsp", ocsp_main},
{ FT_general, "ocsp", ocsp_main, ocsp_options },
#endif
{FUNC_TYPE_GENERAL, "prime", prime_main},
{FUNC_TYPE_GENERAL, "ts", ts_main},
{ FT_general, "passwd", passwd_main, passwd_options },
#if !defined(OPENSSL_NO_DES)
{ FT_general, "pkcs12", pkcs12_main, pkcs12_options },
#endif
{ FT_general, "pkcs7", pkcs7_main, pkcs7_options },
{ FT_general, "pkcs8", pkcs8_main, pkcs8_options },
{ FT_general, "pkey", pkey_main, pkey_options },
{ FT_general, "pkeyparam", pkeyparam_main, pkeyparam_options },
{ FT_general, "pkeyutl", pkeyutl_main, pkeyutl_options },
{ FT_general, "prime", prime_main, prime_options },
{ FT_general, "rand", rand_main, rand_options },
{ FT_general, "req", req_main, req_options },
#ifndef OPENSSL_NO_RSA
{ FT_general, "rsa", rsa_main, rsa_options },
#endif
#ifndef OPENSSL_NO_RSA
{ FT_general, "rsautl", rsautl_main, rsautl_options },
#endif
#if !defined(OPENSSL_NO_SOCK)
{ FT_general, "s_client", s_client_main, s_client_options },
#endif
#if !defined(OPENSSL_NO_SOCK)
{ FT_general, "s_server", s_server_main, s_server_options },
#endif
#if !defined(OPENSSL_NO_SOCK)
{ FT_general, "s_time", s_time_main, s_time_options },
#endif
{ FT_general, "sess_id", sess_id_main, sess_id_options },
{ FT_general, "smime", smime_main, smime_options },
{ FT_general, "speed", speed_main, speed_options },
{ FT_general, "spkac", spkac_main, spkac_options },
#ifndef OPENSSL_NO_SRP
{FUNC_TYPE_GENERAL, "srp", srp_main},
{ FT_general, "srp", srp_main, srp_options },
#endif
{ FT_general, "ts", ts_main, ts_options },
{ FT_general, "verify", verify_main, verify_options },
{ FT_general, "version", version_main, version_options },
{ FT_general, "x509", x509_main, x509_options },
{ FT_general, "list", list_main, list_options },
{ FT_general, "help", help_main, help_options },
{ FT_general, "exit", exit_main, exit_options },
#ifndef OPENSSL_NO_MD2
{FUNC_TYPE_MD, "md2", dgst_main},
{ FT_md, "md2", dgst_main},
#endif
#ifndef OPENSSL_NO_MD4
{FUNC_TYPE_MD, "md4", dgst_main},
{ FT_md, "md4", dgst_main},
#endif
#ifndef OPENSSL_NO_MD5
{FUNC_TYPE_MD, "md5", dgst_main},
{ FT_md, "md5", dgst_main},
#endif
{FUNC_TYPE_MD, "sha", dgst_main},
{FUNC_TYPE_MD, "sha1", dgst_main},
#ifndef OPENSSL_NO_MD_GHOST94
{ FT_md, "md_ghost94", dgst_main},
#endif
{ FT_md, "sha", dgst_main},
{ FT_md, "sha1", dgst_main},
{ FT_md, "sha224", dgst_main},
{ FT_md, "sha256", dgst_main},
{ FT_md, "sha384", dgst_main},
{ FT_md, "sha512", dgst_main},
#ifndef OPENSSL_NO_MDC2
{FUNC_TYPE_MD, "mdc2", dgst_main},
{ FT_md, "mdc2", dgst_main},
#endif
#ifndef OPENSSL_NO_RMD160
{FUNC_TYPE_MD, "rmd160", dgst_main},
#endif
{FUNC_TYPE_MD, "sha224", dgst_main},
{FUNC_TYPE_MD, "sha256", dgst_main},
{FUNC_TYPE_MD, "sha384", dgst_main},
{FUNC_TYPE_MD, "sha512", dgst_main},
#ifndef OPENSSL_NO_AES
{FUNC_TYPE_CIPHER, "aes-128-cbc", enc_main},
{ FT_md, "rmd160", dgst_main},
#endif
#ifndef OPENSSL_NO_AES
{FUNC_TYPE_CIPHER, "aes-128-ecb", enc_main},
{ FT_cipher, "aes-128-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_AES
{FUNC_TYPE_CIPHER, "aes-192-cbc", enc_main},
{ FT_cipher, "aes-128-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_AES
{FUNC_TYPE_CIPHER, "aes-192-ecb", enc_main},
{ FT_cipher, "aes-192-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_AES
{FUNC_TYPE_CIPHER, "aes-256-cbc", enc_main},
{ FT_cipher, "aes-192-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_AES
{FUNC_TYPE_CIPHER, "aes-256-ecb", enc_main},
{ FT_cipher, "aes-256-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_AES
{ FT_cipher, "aes-256-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAMELLIA
{FUNC_TYPE_CIPHER, "camellia-128-cbc", enc_main},
{ FT_cipher, "camellia-128-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAMELLIA
{FUNC_TYPE_CIPHER, "camellia-128-ecb", enc_main},
{ FT_cipher, "camellia-128-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAMELLIA
{FUNC_TYPE_CIPHER, "camellia-192-cbc", enc_main},
{ FT_cipher, "camellia-192-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAMELLIA
{FUNC_TYPE_CIPHER, "camellia-192-ecb", enc_main},
{ FT_cipher, "camellia-192-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAMELLIA
{FUNC_TYPE_CIPHER, "camellia-256-cbc", enc_main},
{ FT_cipher, "camellia-256-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAMELLIA
{FUNC_TYPE_CIPHER, "camellia-256-ecb", enc_main},
{ FT_cipher, "camellia-256-ecb", enc_main, enc_options },
#endif
{FUNC_TYPE_CIPHER, "base64", enc_main},
{ FT_cipher, "base64", enc_main, enc_options },
#ifdef ZLIB
{FUNC_TYPE_CIPHER, "zlib", enc_main},
{ FT_cipher, "zlib", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER, "des", enc_main},
{ FT_cipher, "des", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER, "des3", enc_main},
{ FT_cipher, "des3", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER, "desx", enc_main},
{ FT_cipher, "desx", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_IDEA
{FUNC_TYPE_CIPHER, "idea", enc_main},
{ FT_cipher, "idea", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_SEED
{FUNC_TYPE_CIPHER, "seed", enc_main},
{ FT_cipher, "seed", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC4
{FUNC_TYPE_CIPHER, "rc4", enc_main},
{ FT_cipher, "rc4", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC4
{FUNC_TYPE_CIPHER, "rc4-40", enc_main},
{ FT_cipher, "rc4-40", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC2
{FUNC_TYPE_CIPHER, "rc2", enc_main},
{ FT_cipher, "rc2", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_BF
{FUNC_TYPE_CIPHER, "bf", enc_main},
{ FT_cipher, "bf", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAST
{FUNC_TYPE_CIPHER, "cast", enc_main},
{ FT_cipher, "cast", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC5
{FUNC_TYPE_CIPHER, "rc5", enc_main},
{ FT_cipher, "rc5", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER, "des-ecb", enc_main},
{ FT_cipher, "des-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER, "des-ede", enc_main},
{ FT_cipher, "des-ede", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER, "des-ede3", enc_main},
{ FT_cipher, "des-ede3", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER, "des-cbc", enc_main},
{ FT_cipher, "des-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER, "des-ede-cbc", enc_main},
{ FT_cipher, "des-ede-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER, "des-ede3-cbc", enc_main},
{ FT_cipher, "des-ede3-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER, "des-cfb", enc_main},
{ FT_cipher, "des-cfb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER, "des-ede-cfb", enc_main},
{ FT_cipher, "des-ede-cfb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER, "des-ede3-cfb", enc_main},
{ FT_cipher, "des-ede3-cfb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER, "des-ofb", enc_main},
{ FT_cipher, "des-ofb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER, "des-ede-ofb", enc_main},
{ FT_cipher, "des-ede-ofb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER, "des-ede3-ofb", enc_main},
{ FT_cipher, "des-ede3-ofb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_IDEA
{FUNC_TYPE_CIPHER, "idea-cbc", enc_main},
{ FT_cipher, "idea-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_IDEA
{FUNC_TYPE_CIPHER, "idea-ecb", enc_main},
{ FT_cipher, "idea-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_IDEA
{FUNC_TYPE_CIPHER, "idea-cfb", enc_main},
{ FT_cipher, "idea-cfb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_IDEA
{FUNC_TYPE_CIPHER, "idea-ofb", enc_main},
{ FT_cipher, "idea-ofb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_SEED
{FUNC_TYPE_CIPHER, "seed-cbc", enc_main},
{ FT_cipher, "seed-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_SEED
{FUNC_TYPE_CIPHER, "seed-ecb", enc_main},
{ FT_cipher, "seed-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_SEED
{FUNC_TYPE_CIPHER, "seed-cfb", enc_main},
{ FT_cipher, "seed-cfb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_SEED
{FUNC_TYPE_CIPHER, "seed-ofb", enc_main},
{ FT_cipher, "seed-ofb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC2
{FUNC_TYPE_CIPHER, "rc2-cbc", enc_main},
{ FT_cipher, "rc2-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC2
{FUNC_TYPE_CIPHER, "rc2-ecb", enc_main},
{ FT_cipher, "rc2-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC2
{FUNC_TYPE_CIPHER, "rc2-cfb", enc_main},
{ FT_cipher, "rc2-cfb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC2
{FUNC_TYPE_CIPHER, "rc2-ofb", enc_main},
{ FT_cipher, "rc2-ofb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC2
{FUNC_TYPE_CIPHER, "rc2-64-cbc", enc_main},
{ FT_cipher, "rc2-64-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC2
{FUNC_TYPE_CIPHER, "rc2-40-cbc", enc_main},
{ FT_cipher, "rc2-40-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_BF
{FUNC_TYPE_CIPHER, "bf-cbc", enc_main},
{ FT_cipher, "bf-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_BF
{FUNC_TYPE_CIPHER, "bf-ecb", enc_main},
{ FT_cipher, "bf-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_BF
{FUNC_TYPE_CIPHER, "bf-cfb", enc_main},
{ FT_cipher, "bf-cfb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_BF
{FUNC_TYPE_CIPHER, "bf-ofb", enc_main},
{ FT_cipher, "bf-ofb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAST
{FUNC_TYPE_CIPHER, "cast5-cbc", enc_main},
{ FT_cipher, "cast5-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAST
{FUNC_TYPE_CIPHER, "cast5-ecb", enc_main},
{ FT_cipher, "cast5-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAST
{FUNC_TYPE_CIPHER, "cast5-cfb", enc_main},
{ FT_cipher, "cast5-cfb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAST
{FUNC_TYPE_CIPHER, "cast5-ofb", enc_main},
{ FT_cipher, "cast5-ofb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_CAST
{FUNC_TYPE_CIPHER, "cast-cbc", enc_main},
{ FT_cipher, "cast-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC5
{FUNC_TYPE_CIPHER, "rc5-cbc", enc_main},
{ FT_cipher, "rc5-cbc", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC5
{FUNC_TYPE_CIPHER, "rc5-ecb", enc_main},
{ FT_cipher, "rc5-ecb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC5
{FUNC_TYPE_CIPHER, "rc5-cfb", enc_main},
{ FT_cipher, "rc5-cfb", enc_main, enc_options },
#endif
#ifndef OPENSSL_NO_RC5
{FUNC_TYPE_CIPHER, "rc5-ofb", enc_main},
{ FT_cipher, "rc5-ofb", enc_main, enc_options },
#endif
{0, NULL, NULL}
{ 0, NULL, NULL}
};
#endif

165
apps/progs.pl
View File

@ -1,67 +1,80 @@
#!/usr/local/bin/perl
print "/* apps/progs.h */\n";
print "/* automatically generated by progs.pl for openssl.c */\n\n";
grep(s/^asn1pars$/asn1parse/,@ARGV);
foreach (@ARGV)
{ printf "extern int %s_main(int argc, char *argv[]);\n",$_; }
# Generate progs.h file from list of "programs" passed on the command line.
print <<'EOF';
/*
* Automatically generated by progs.pl for openssl.c
* Copyright (c) 2008 The OpenSSL Project. All rights reserved.
* See the openssl.c for copyright details.
*/
#define FUNC_TYPE_GENERAL 1
#define FUNC_TYPE_MD 2
#define FUNC_TYPE_CIPHER 3
#define FUNC_TYPE_PKEY 4
#define FUNC_TYPE_MD_ALG 5
#define FUNC_TYPE_CIPHER_ALG 6
typedef enum FUNC_TYPE {
FT_none, FT_general, FT_md, FT_cipher, FT_pkey,
FT_md_alg, FT_cipher_alg
} FUNC_TYPE;
typedef struct {
int type;
typedef struct function_st {
FUNC_TYPE type;
const char *name;
int (*func) (int argc, char *argv[]);
int (*func)(int argc,char *argv[]);
const OPTIONS *help;
} FUNCTION;
DECLARE_LHASH_OF(FUNCTION);
FUNCTION functions[] = {
EOF
foreach (@ARGV)
{
push(@files,$_);
$str=" {FUNC_TYPE_GENERAL, \"$_\", ${_}_main},\n";
if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
{ print "#if !defined(OPENSSL_NO_SOCK)\n${str}#endif\n"; }
elsif ( ($_ =~ /^engine$/))
{ print "#ifndef OPENSSL_NO_ENGINE\n${str}#endif\n"; }
elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) || ($_ =~ /^rsautl$/))
{ print "#ifndef OPENSSL_NO_RSA\n${str}#endif\n"; }
elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/))
{ print "#ifndef OPENSSL_NO_DSA\n${str}#endif\n"; }
elsif ( ($_ =~ /^ec$/) || ($_ =~ /^ecparam$/))
{ print "#ifndef OPENSSL_NO_EC\n${str}#endif\n";}
elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/) || ($_ =~ /^dhparam$/))
{ print "#ifndef OPENSSL_NO_DH\n${str}#endif\n"; }
elsif ( ($_ =~ /^pkcs12$/))
{ print "#if !defined(OPENSSL_NO_DES)\n${str}#endif\n"; }
elsif ( ($_ =~ /^cms$/))
{ print "#ifndef OPENSSL_NO_CMS\n${str}#endif\n"; }
elsif ( ($_ =~ /^ocsp$/))
{ print "#ifndef OPENSSL_NO_OCSP\n${str}#endif\n"; }
elsif ( ($_ =~ /^srp$/))
{ print "#ifndef OPENSSL_NO_SRP\n${str}#endif\n"; }
else
{ print $str; }
}
grep(s/\.o//, @ARGV);
grep(s/^asn1pars$/asn1parse/, @ARGV);
grep(s/^crl2p7$/crl2pkcs7/, @ARGV);
push @ARGV, 'list';
push @ARGV, 'help';
push @ARGV, 'exit';
foreach ("md2","md4","md5","sha","sha1","mdc2","rmd160","sha224","sha256","sha384","sha512")
{
push(@files,$_);
printf "#ifndef OPENSSL_NO_".uc($_)."\n" if ! /sha/;
printf " {FUNC_TYPE_MD, \"".$_."\", dgst_main},\n";
printf "#endif\n" if ! /sha/;
foreach (@ARGV) {
printf "extern int %s_main(int argc, char *argv[]);\n", $_;
}
printf "\n#ifdef INCLUDE_FUNCTION_TABLE\n";
foreach (@ARGV) {
printf "extern OPTIONS %s_options[];\n", $_;
}
printf "FUNCTION functions[] = {\n";
foreach (@ARGV) {
$str=" { FT_general, \"$_\", ${_}_main, ${_}_options },\n";
if (/^s_/ || /^ciphers$/) {
print "#if !defined(OPENSSL_NO_SOCK)\n${str}#endif\n";
} elsif (/^engine$/) {
print "#ifndef OPENSSL_NO_ENGINE\n${str}#endif\n";
} elsif (/^rsa$/ || /^genrsa$/ || /^rsautl$/) {
print "#ifndef OPENSSL_NO_RSA\n${str}#endif\n";
} elsif (/^dsa$/ || /^gendsa$/ || /^dsaparam$/) {
print "#ifndef OPENSSL_NO_DSA\n${str}#endif\n";
} elsif (/^ec$/ || /^ecparam$/) {
print "#ifndef OPENSSL_NO_EC\n${str}#endif\n";
} elsif (/^dh$/ || /^gendh$/ || /^dhparam$/) {
print "#ifndef OPENSSL_NO_DH\n${str}#endif\n";
} elsif (/^pkcs12$/) {
print "#if !defined(OPENSSL_NO_DES)\n${str}#endif\n";
} elsif (/^cms$/) {
print "#ifndef OPENSSL_NO_CMS\n${str}#endif\n";
} elsif (/^ocsp$/) {
print "#ifndef OPENSSL_NO_OCSP\n${str}#endif\n";
} elsif (/^srp$/) {
print "#ifndef OPENSSL_NO_SRP\n${str}#endif\n";
} else {
print $str;
}
}
foreach (
"md2", "md4", "md5",
"md_ghost94",
"sha", "sha1", "sha224", "sha256", "sha384", "sha512",
"mdc2", "rmd160"
) {
printf "#ifndef OPENSSL_NO_".uc($_)."\n" if ! /sha/;
printf " { FT_md, \"".$_."\", dgst_main},\n";
printf "#endif\n" if ! /sha/;
}
foreach (
"aes-128-cbc", "aes-128-ecb",
@ -82,23 +95,35 @@ foreach (
"rc2-cbc", "rc2-ecb", "rc2-cfb","rc2-ofb", "rc2-64-cbc", "rc2-40-cbc",
"bf-cbc", "bf-ecb", "bf-cfb", "bf-ofb",
"cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb",
"cast-cbc", "rc5-cbc", "rc5-ecb", "rc5-cfb", "rc5-ofb")
{
push(@files,$_);
$t=sprintf(" {FUNC_TYPE_CIPHER, \"%s\", enc_main},\n", $_);
if ($_ =~ /des/) { $t="#ifndef OPENSSL_NO_DES\n${t}#endif\n"; }
elsif ($_ =~ /aes/) { $t="#ifndef OPENSSL_NO_AES\n${t}#endif\n"; }
elsif ($_ =~ /camellia/) { $t="#ifndef OPENSSL_NO_CAMELLIA\n${t}#endif\n"; }
elsif ($_ =~ /idea/) { $t="#ifndef OPENSSL_NO_IDEA\n${t}#endif\n"; }
elsif ($_ =~ /seed/) { $t="#ifndef OPENSSL_NO_SEED\n${t}#endif\n"; }
elsif ($_ =~ /rc4/) { $t="#ifndef OPENSSL_NO_RC4\n${t}#endif\n"; }
elsif ($_ =~ /rc2/) { $t="#ifndef OPENSSL_NO_RC2\n${t}#endif\n"; }
elsif ($_ =~ /bf/) { $t="#ifndef OPENSSL_NO_BF\n${t}#endif\n"; }
elsif ($_ =~ /cast/) { $t="#ifndef OPENSSL_NO_CAST\n${t}#endif\n"; }
elsif ($_ =~ /rc5/) { $t="#ifndef OPENSSL_NO_RC5\n${t}#endif\n"; }
elsif ($_ =~ /zlib/) { $t="#ifdef ZLIB\n${t}#endif\n"; }
print $t;
"cast-cbc", "rc5-cbc", "rc5-ecb", "rc5-cfb", "rc5-ofb"
) {
$str=" { FT_cipher, \"$_\", enc_main, enc_options },\n";
if (/des/) {
printf "#ifndef OPENSSL_NO_DES\n${str}#endif\n";
} elsif (/aes/) {
printf "#ifndef OPENSSL_NO_AES\n${str}#endif\n";
} elsif (/camellia/) {
printf "#ifndef OPENSSL_NO_CAMELLIA\n${str}#endif\n";
} elsif (/idea/) {
printf "#ifndef OPENSSL_NO_IDEA\n${str}#endif\n";
} elsif (/seed/) {
printf "#ifndef OPENSSL_NO_SEED\n${str}#endif\n";
} elsif (/rc4/) {
printf "#ifndef OPENSSL_NO_RC4\n${str}#endif\n";
} elsif (/rc2/) {
printf "#ifndef OPENSSL_NO_RC2\n${str}#endif\n";
} elsif (/bf/) {
printf "#ifndef OPENSSL_NO_BF\n${str}#endif\n";
} elsif (/cast/) {
printf "#ifndef OPENSSL_NO_CAST\n${str}#endif\n";
} elsif (/rc5/) {
printf "#ifndef OPENSSL_NO_RC5\n${str}#endif\n";
} elsif (/zlib/) {
printf "#ifdef ZLIB\n${str}#endif\n";
} else {
print $str;
}
}
print " {0, NULL, NULL}\n};\n";
print " { 0, NULL, NULL}\n};\n";
printf "#endif\n";

179
apps/rand.c
View File

@ -1,4 +1,3 @@
/* apps/rand.c */
/* ====================================================================
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
*
@ -63,135 +62,87 @@
#include <openssl/err.h>
#include <openssl/rand.h>
#undef PROG
#define PROG rand_main
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_OUT, OPT_ENGINE, OPT_RAND, OPT_BASE64, OPT_HEX
} OPTION_CHOICE;
/*-
* -out file - write to file
* -rand file:file - PRNG seed files
* -base64 - base64 encode output
* -hex - hex encode output
* num - write 'num' bytes
*/
OPTIONS rand_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [flags] num\n"},
{OPT_HELP_STR, 1, '-', "Valid options are:\n"},
{"help", OPT_HELP, '-', "Display this summary"},
{"out", OPT_OUT, '>', "Output file"},
{"rand", OPT_RAND, 's',
"Load the file(s) into the random number generator"},
{"base64", OPT_BASE64, '-', "Base64 encode output"},
{"hex", OPT_HEX, '-', "Hex encode output"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{NULL}
};
int MAIN(int, char **);
int MAIN(int argc, char **argv)
int rand_main(int argc, char **argv)
{
int i, r, ret = 1;
int badopt;
char *outfile = NULL;
char *inrand = NULL;
int base64 = 0;
int hex = 0;
BIO *out = NULL;
int num = -1;
#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
#endif
char *engine = NULL, *inrand = NULL, *outfile = NULL, *prog;
OPTION_CHOICE o;
int base64 = 0, hex = 0, i, num = -1, r, ret = 1;
apps_startup();
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto err;
badopt = 0;
i = 0;
while (!badopt && argv[++i] != NULL) {
if (strcmp(argv[i], "-out") == 0) {
if ((argv[i + 1] != NULL) && (outfile == NULL))
outfile = argv[++i];
else
badopt = 1;
prog = opt_init(argc, argv, rand_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(rand_options);
ret = 0;
goto end;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_ENGINE:
engine = opt_arg();
break;
case OPT_RAND:
inrand = opt_arg();
break;
case OPT_BASE64:
base64 = 1;
break;
case OPT_HEX:
hex = 1;
break;
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(argv[i], "-engine") == 0) {
if ((argv[i + 1] != NULL) && (engine == NULL))
engine = argv[++i];
else
badopt = 1;
}
#endif
else if (strcmp(argv[i], "-rand") == 0) {
if ((argv[i + 1] != NULL) && (inrand == NULL))
inrand = argv[++i];
else
badopt = 1;
} else if (strcmp(argv[i], "-base64") == 0) {
if (!base64)
base64 = 1;
else
badopt = 1;
} else if (strcmp(argv[i], "-hex") == 0) {
if (!hex)
hex = 1;
else
badopt = 1;
} else if (isdigit((unsigned char)argv[i][0])) {
if (num < 0) {
r = sscanf(argv[i], "%d", &num);
if (r == 0 || num < 0)
badopt = 1;
} else
badopt = 1;
} else
badopt = 1;
}
argc = opt_num_rest();
argv = opt_rest();
if (hex && base64)
badopt = 1;
if (argc != 1 || (hex && base64))
goto opthelp;
if (sscanf(argv[0], "%d", &num) != 1 || num < 0)
goto opthelp;
if (num < 0)
badopt = 1;
if (badopt) {
BIO_printf(bio_err, "Usage: rand [options] num\n");
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, "-out file - write to file\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,
"-engine e - use engine e, possibly a hardware device.\n");
#endif
BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n",
LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, "-base64 - base64 encode output\n");
BIO_printf(bio_err, "-hex - hex encode output\n");
goto err;
}
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
setup_engine(engine, 0);
#endif
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
app_RAND_load_file(NULL, (inrand != NULL));
if (inrand != NULL)
BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
out = BIO_new(BIO_s_file());
out = bio_open_default(outfile, "w");
if (out == NULL)
goto err;
if (outfile != NULL)
r = BIO_write_filename(out, outfile);
else {
r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
if (r <= 0)
goto err;
goto end;
if (base64) {
BIO *b64 = BIO_new(BIO_f_base64());
if (b64 == NULL)
goto err;
goto end;
out = BIO_push(b64, out);
}
@ -204,7 +155,7 @@ int MAIN(int argc, char **argv)
chunk = sizeof buf;
r = RAND_bytes(buf, chunk);
if (r <= 0)
goto err;
goto end;
if (!hex)
BIO_write(out, buf, chunk);
else {
@ -217,12 +168,10 @@ int MAIN(int argc, char **argv)
BIO_puts(out, "\n");
(void)BIO_flush(out);
app_RAND_write_file(NULL, bio_err);
app_RAND_write_file(NULL);
ret = 0;
err:
ERR_print_errors(bio_err);
end:
BIO_free_all(out);
apps_shutdown();
OPENSSL_EXIT(ret);
return (ret);
}

684
apps/req.c
View File

@ -1,4 +1,3 @@
/* apps/req.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -93,30 +92,6 @@
#define DEFAULT_KEY_LENGTH 512
#define MIN_KEY_LENGTH 384
#undef PROG
#define PROG req_main
/*-
* -inform arg - input format - default PEM (DER or PEM)
* -outform arg - output format - default PEM
* -in arg - input file - default stdin
* -out arg - output file - default stdout
* -verify - check request signature
* -noout - don't print stuff out.
* -text - print out human readable text.
* -nodes - no des encryption
* -config file - Load configuration file.
* -key file - make a request using key in file (or use it for verification).
* -keyform arg - key file format.
* -rand file(s) - load the file(s) into the PRNG.
* -newkey - make a key and a request.
* -modulus - print RSA modulus.
* -pubkey - output Public Key.
* -x509 - output a self signed X509 structure instead.
* -asn1-kludge - output new certificate request in a format that some CA's
* require. This format is wrong
*/
static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *dn, int mutlirdn,
int attribs, unsigned long chtype);
static int build_subject(X509_REQ *req, char *subj, unsigned long chtype,
@ -137,323 +112,270 @@ static int add_DN_object(X509_NAME *n, char *text, const char *def,
static int genpkey_cb(EVP_PKEY_CTX *ctx);
static int req_check_len(int len, int n_min, int n_max);
static int check_end(const char *str, const char *end);
static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr,
static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
int *pkey_type, long *pkeylen,
char **palgnam, ENGINE *keygen_engine);
#ifndef MONOLITH
static char *default_config_file = NULL;
#endif
static CONF *req_conf = NULL;
static int batch = 0;
int MAIN(int, char **);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_KEYGEN_ENGINE, OPT_KEY,
OPT_PUBKEY, OPT_NEW, OPT_CONFIG, OPT_KEYFORM, OPT_IN, OPT_OUT,
OPT_KEYOUT, OPT_PASSIN, OPT_PASSOUT, OPT_RAND, OPT_NEWKEY,
OPT_PKEYOPT, OPT_SIGOPT, OPT_BATCH, OPT_NEWHDR, OPT_MODULUS,
OPT_VERIFY, OPT_NODES, OPT_NOOUT, OPT_VERBOSE, OPT_UTF8,
OPT_NAMEOPT, OPT_REQOPT, OPT_SUBJECT, OPT_TEXT, OPT_X509,
OPT_ASN1_KLUDGE, OPT_NO_ASN1_KLUDGE, OPT_MULTIVALUE_RDN,
OPT_DAYS, OPT_SET_SERIAL, OPT_EXTENSIONS, OPT_REQEXTS, OPT_MD
} OPTION_CHOICE;
int MAIN(int argc, char **argv)
OPTIONS req_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
{"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
{"in", OPT_IN, '<', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
{"keygen_engine", OPT_KEYGEN_ENGINE, 's'},
{"key", OPT_KEY, '<', "Use the private key contained in file"},
{"keyform", OPT_KEYFORM, 'F', "Key file format"},
{"pubkey", OPT_PUBKEY, '-', "Output public key"},
{"new", OPT_NEW, '-', "New request"},
{"config", OPT_CONFIG, '<', "Request template file"},
{"keyout", OPT_KEYOUT, '>', "File to send the key to"},
{"passin", OPT_PASSIN, 's', "Private key password source"},
{"passout", OPT_PASSOUT, 's'},
{"rand", OPT_RAND, 's',
"Load the file(s) into the random number generator"},
{"newkey", OPT_NEWKEY, 's', "Specify as type:bits"},
{"pkeyopt", OPT_PKEYOPT, 's'},
{"sigopt", OPT_SIGOPT, 's'},
{"batch", OPT_BATCH, '-',
"Do not ask anything during request generation"},
{"newhdr", OPT_NEWHDR, '-', "Output \"NEW\" in the header lines"},
{"modulus", OPT_MODULUS, '-', "RSA modulus"},
{"verify", OPT_VERIFY, '-', "Verify signature on REQ"},
{"nodes", OPT_NODES, '-', "Don't encrypt the output key"},
{"noout", OPT_NOOUT, '-', "Do not output REQ"},
{"verbose", OPT_VERBOSE, '-'},
{"utf8", OPT_UTF8, '-', "Input characters are UTF8 (default ASCII)"},
{"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
{"reqopt", OPT_REQOPT, 's', "Various request text options"},
{"text", OPT_TEXT, '-', "Text form of request"},
{"x509", OPT_X509, '-',
"Output a x509 structure instead of a cert request"},
{"asn1-kludge", OPT_ASN1_KLUDGE, '-',
"Output the request in a format that is wrong"},
{OPT_MORE_STR, 1, 1, "(Required by some CA's)"},
{"no-asn1-kludge", OPT_NO_ASN1_KLUDGE, '-'},
{"subject", OPT_SUBJECT, 's', "Output the request's subject"},
{"multivalue-rdn", OPT_MULTIVALUE_RDN, '-',
"Enable support for multivalued RDNs"},
{"days", OPT_DAYS, 'p', "Number of days cert is valid for"},
{"set-serial", OPT_SET_SERIAL, 'p', "Serial number to use"},
{"extensions", OPT_EXTENSIONS, 's',
"Cert extension section (override value in config file)"},
{"reqexts", OPT_REQEXTS, 's',
"Request extension section (override value in config file)"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{"", OPT_MD, '-', "Any supported digest"},
{NULL}
};
int req_main(int argc, char **argv)
{
ASN1_INTEGER *serial = NULL;
BIO *in = NULL, *out = NULL;
ENGINE *e = NULL, *gen_eng = NULL;
unsigned long nmflag = 0, reqflag = 0;
int ex = 1, x509 = 0, days = 30;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *genctx = NULL;
STACK_OF(OPENSSL_STRING) *pkeyopts = NULL, *sigopts = NULL;
X509 *x509ss = NULL;
X509_REQ *req = NULL;
EVP_PKEY_CTX *genctx = NULL;
const char *keyalg = NULL;
char *keyalgstr = NULL;
STACK_OF(OPENSSL_STRING) *pkeyopts = NULL, *sigopts = NULL;
EVP_PKEY *pkey = NULL;
int i = 0, badops = 0, newreq = 0, verbose = 0, pkey_type = -1;
long newkey = -1;
BIO *in = NULL, *out = NULL;
int informat, outformat, verify = 0, noout = 0, text = 0, keyform =
FORMAT_PEM;
int nodes = 0, kludge = 0, newhdr = 0, subject = 0, pubkey = 0;
char *infile, *outfile, *prog, *keyfile = NULL, *template =
NULL, *keyout = NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
#endif
char *extensions = NULL;
char *req_exts = NULL;
const EVP_CIPHER *cipher = NULL;
ASN1_INTEGER *serial = NULL;
int modulus = 0;
char *inrand = NULL;
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
char *p;
char *subj = NULL;
int multirdn = 0;
const EVP_MD *md_alg = NULL, *digest = NULL;
unsigned long chtype = MBSTRING_ASC;
#ifndef MONOLITH
char *to_free;
long errline;
#endif
char *engine = NULL, *extensions = NULL, *infile = NULL;
char *outfile = NULL, *keyfile = NULL, *inrand = NULL;
char *keyalgstr = NULL, *p, *prog, *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL, *req_exts = NULL, *subj = NULL;
char *template = NULL, *keyout = NULL;
const char *keyalg = NULL;
OPTION_CHOICE o;
int ret = 1, x509 = 0, days = 30, i = 0, newreq = 0, verbose =
0, pkey_type = -1;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyform = FORMAT_PEM;
int modulus = 0, multirdn = 0, verify = 0, noout = 0, text = 0;
int nodes = 0, kludge = 0, newhdr = 0, subject = 0, pubkey = 0;
long newkey = -1;
unsigned long chtype = MBSTRING_ASC, nmflag = 0, reqflag = 0;
req_conf = NULL;
#ifndef OPENSSL_NO_DES
cipher = EVP_des_ede3_cbc();
#endif
apps_startup();
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
infile = NULL;
outfile = NULL;
informat = FORMAT_PEM;
outformat = FORMAT_PEM;
prog = argv[0];
argc--;
argv++;
while (argc >= 1) {
if (strcmp(*argv, "-inform") == 0) {
if (--argc < 1)
goto bad;
informat = str2fmt(*(++argv));
} else if (strcmp(*argv, "-outform") == 0) {
if (--argc < 1)
goto bad;
outformat = str2fmt(*(++argv));
}
prog = opt_init(argc, argv, req_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(req_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
goto opthelp;
break;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv, "-engine") == 0) {
if (--argc < 1)
goto bad;
engine = *(++argv);
} else if (strcmp(*argv, "-keygen_engine") == 0) {
if (--argc < 1)
goto bad;
gen_eng = ENGINE_by_id(*(++argv));
case OPT_ENGINE:
engine = optarg;
break;
case OPT_KEYGEN_ENGINE:
gen_eng = ENGINE_by_id(opt_arg());
if (gen_eng == NULL) {
BIO_printf(bio_err, "Can't find keygen engine %s\n", *argv);
goto end;
}
}
break;
#endif
else if (strcmp(*argv, "-key") == 0) {
if (--argc < 1)
goto bad;
keyfile = *(++argv);
} else if (strcmp(*argv, "-pubkey") == 0) {
case OPT_KEY:
keyfile = opt_arg();
break;
case OPT_PUBKEY:
pubkey = 1;
} else if (strcmp(*argv, "-new") == 0) {
break;
case OPT_NEW:
newreq = 1;
} else if (strcmp(*argv, "-config") == 0) {
if (--argc < 1)
goto bad;
template = *(++argv);
} else if (strcmp(*argv, "-keyform") == 0) {
if (--argc < 1)
goto bad;
keyform = str2fmt(*(++argv));
} else if (strcmp(*argv, "-in") == 0) {
if (--argc < 1)
goto bad;
infile = *(++argv);
} else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
outfile = *(++argv);
} else if (strcmp(*argv, "-keyout") == 0) {
if (--argc < 1)
goto bad;
keyout = *(++argv);
} else if (strcmp(*argv, "-passin") == 0) {
if (--argc < 1)
goto bad;
passargin = *(++argv);
} else if (strcmp(*argv, "-passout") == 0) {
if (--argc < 1)
goto bad;
passargout = *(++argv);
} else if (strcmp(*argv, "-rand") == 0) {
if (--argc < 1)
goto bad;
inrand = *(++argv);
} else if (strcmp(*argv, "-newkey") == 0) {
if (--argc < 1)
goto bad;
keyalg = *(++argv);
break;
case OPT_CONFIG:
template = opt_arg();
break;
case OPT_KEYFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &keyform))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_KEYOUT:
keyout = opt_arg();
break;
case OPT_PASSIN:
passargin = opt_arg();
break;
case OPT_PASSOUT:
passargout = opt_arg();
break;
case OPT_RAND:
inrand = opt_arg();
break;
case OPT_NEWKEY:
keyalg = opt_arg();
newreq = 1;
} else if (strcmp(*argv, "-pkeyopt") == 0) {
if (--argc < 1)
goto bad;
break;
case OPT_PKEYOPT:
if (!pkeyopts)
pkeyopts = sk_OPENSSL_STRING_new_null();
if (!pkeyopts || !sk_OPENSSL_STRING_push(pkeyopts, *(++argv)))
goto bad;
} else if (strcmp(*argv, "-sigopt") == 0) {
if (--argc < 1)
goto bad;
if (!pkeyopts || !sk_OPENSSL_STRING_push(pkeyopts, opt_arg()))
goto opthelp;
break;
case OPT_SIGOPT:
if (!sigopts)
sigopts = sk_OPENSSL_STRING_new_null();
if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
goto bad;
} else if (strcmp(*argv, "-batch") == 0)
if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg()))
goto opthelp;
break;
case OPT_BATCH:
batch = 1;
else if (strcmp(*argv, "-newhdr") == 0)
break;
case OPT_NEWHDR:
newhdr = 1;
else if (strcmp(*argv, "-modulus") == 0)
break;
case OPT_MODULUS:
modulus = 1;
else if (strcmp(*argv, "-verify") == 0)
break;
case OPT_VERIFY:
verify = 1;
else if (strcmp(*argv, "-nodes") == 0)
break;
case OPT_NODES:
nodes = 1;
else if (strcmp(*argv, "-noout") == 0)
break;
case OPT_NOOUT:
noout = 1;
else if (strcmp(*argv, "-verbose") == 0)
break;
case OPT_VERBOSE:
verbose = 1;
else if (strcmp(*argv, "-utf8") == 0)
break;
case OPT_UTF8:
chtype = MBSTRING_UTF8;
else if (strcmp(*argv, "-nameopt") == 0) {
if (--argc < 1)
goto bad;
if (!set_name_ex(&nmflag, *(++argv)))
goto bad;
} else if (strcmp(*argv, "-reqopt") == 0) {
if (--argc < 1)
goto bad;
if (!set_cert_ex(&reqflag, *(++argv)))
goto bad;
} else if (strcmp(*argv, "-subject") == 0)
subject = 1;
else if (strcmp(*argv, "-text") == 0)
break;
case OPT_NAMEOPT:
if (!set_name_ex(&nmflag, opt_arg()))
goto opthelp;
break;
case OPT_REQOPT:
if (!set_cert_ex(&reqflag, opt_arg()))
goto opthelp;
break;
case OPT_TEXT:
text = 1;
else if (strcmp(*argv, "-x509") == 0)
break;
case OPT_X509:
x509 = 1;
else if (strcmp(*argv, "-asn1-kludge") == 0)
break;
case OPT_ASN1_KLUDGE:
kludge = 1;
else if (strcmp(*argv, "-no-asn1-kludge") == 0)
break;
case OPT_NO_ASN1_KLUDGE:
kludge = 0;
else if (strcmp(*argv, "-subj") == 0) {
if (--argc < 1)
goto bad;
subj = *(++argv);
} else if (strcmp(*argv, "-multivalue-rdn") == 0)
break;
multirdn = 1;
else if (strcmp(*argv, "-days") == 0) {
if (--argc < 1)
goto bad;
days = atoi(*(++argv));
if (days == 0)
days = 30;
} else if (strcmp(*argv, "-set_serial") == 0) {
if (--argc < 1)
goto bad;
serial = s2i_ASN1_INTEGER(NULL, *(++argv));
if (!serial)
goto bad;
} else if (strcmp(*argv, "-extensions") == 0) {
if (--argc < 1)
goto bad;
extensions = *(++argv);
} else if (strcmp(*argv, "-reqexts") == 0) {
if (--argc < 1)
goto bad;
req_exts = *(++argv);
} else if ((md_alg = EVP_get_digestbyname(&((*argv)[1]))) != NULL) {
/* ok */
case OPT_DAYS:
days = atoi(opt_arg());
break;
case OPT_SET_SERIAL:
serial = s2i_ASN1_INTEGER(NULL, opt_arg());
if (serial == NULL)
goto opthelp;
break;
case OPT_SUBJECT:
subj = opt_arg();
break;
case OPT_MULTIVALUE_RDN:
multirdn = 1;
break;
case OPT_EXTENSIONS:
extensions = opt_arg();
break;
case OPT_REQEXTS:
req_exts = opt_arg();
break;
case OPT_MD:
if (!opt_md(opt_unknown(), &md_alg))
goto opthelp;
digest = md_alg;
} else {
BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1;
break;
}
argc--;
argv++;
}
argc = opt_num_rest();
argv = opt_rest();
if (badops) {
bad:
BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, " -inform arg input format - DER or PEM\n");
BIO_printf(bio_err, " -outform arg output format - DER or PEM\n");
BIO_printf(bio_err, " -in arg input file\n");
BIO_printf(bio_err, " -out arg output file\n");
BIO_printf(bio_err, " -text text form of request\n");
BIO_printf(bio_err, " -pubkey output public key\n");
BIO_printf(bio_err, " -noout do not output REQ\n");
BIO_printf(bio_err, " -verify verify signature on REQ\n");
BIO_printf(bio_err, " -modulus RSA modulus\n");
BIO_printf(bio_err, " -nodes don't encrypt the output key\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,
" -engine e use engine e, possibly a hardware device\n");
#endif
BIO_printf(bio_err, " -subject output the request's subject\n");
BIO_printf(bio_err, " -passin private key password source\n");
BIO_printf(bio_err,
" -key file use the private key contained in file\n");
BIO_printf(bio_err, " -keyform arg key file format\n");
BIO_printf(bio_err, " -keyout arg file to send the key to\n");
BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
LIST_SEPARATOR_CHAR);
BIO_printf(bio_err,
" load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n");
BIO_printf(bio_err,
" -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
BIO_printf(bio_err,
" -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
#ifndef OPENSSL_NO_EC
BIO_printf(bio_err,
" -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n");
#endif
BIO_printf(bio_err,
" -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
BIO_printf(bio_err, " -config file request template file.\n");
BIO_printf(bio_err,
" -subj arg set or modify request subject\n");
BIO_printf(bio_err,
" -multivalue-rdn enable support for multivalued RDNs\n");
BIO_printf(bio_err, " -new new request.\n");
BIO_printf(bio_err,
" -batch do not ask anything during request generation\n");
BIO_printf(bio_err,
" -x509 output a x509 structure instead of a cert. req.\n");
BIO_printf(bio_err,
" -days number of days a certificate generated by -x509 is valid for.\n");
BIO_printf(bio_err,
" -set_serial serial number to use for a certificate generated by -x509.\n");
BIO_printf(bio_err,
" -newhdr output \"NEW\" in the header lines\n");
BIO_printf(bio_err,
" -asn1-kludge Output the 'request' in a format that is wrong but some CA's\n");
BIO_printf(bio_err,
" have been reported as requiring\n");
BIO_printf(bio_err,
" -extensions .. specify certificate extension section (override value in config file)\n");
BIO_printf(bio_err,
" -reqexts .. specify request extension section (override value in config file)\n");
BIO_printf(bio_err,
" -utf8 input characters are UTF8 (default ASCII)\n");
BIO_printf(bio_err,
" -nameopt arg - various certificate name options\n");
BIO_printf(bio_err,
" -reqopt arg - various request text options\n\n");
goto end;
}
ERR_load_crypto_strings();
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
if (!app_passwd(passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
#ifndef MONOLITH /* else this has happened in openssl.c
* (global `config') */
/* Lets load up our environment a little */
p = getenv("OPENSSL_CONF");
if (p == NULL)
p = getenv("SSLEAY_CONF");
if (p == NULL)
p = to_free = make_config_name();
default_config_file = p;
config = NCONF_new(NULL);
i = NCONF_load(config, p, &errline);
#endif
if (template != NULL) {
long errline = -1;
@ -481,8 +403,6 @@ int MAIN(int argc, char **argv)
}
if (req_conf != NULL) {
if (!load_config(bio_err, req_conf))
goto end;
p = NCONF_get_string(req_conf, NULL, "oid_file");
if (p == NULL)
ERR_clear_error();
@ -501,16 +421,17 @@ int MAIN(int argc, char **argv)
}
}
}
if (!add_oid_section(bio_err, req_conf))
if (!add_oid_section(req_conf))
goto end;
if (md_alg == NULL) {
p = NCONF_get_string(req_conf, SECTION, "default_md");
if (p == NULL)
ERR_clear_error();
if (p != NULL) {
if ((md_alg = EVP_get_digestbyname(p)) != NULL)
digest = md_alg;
else {
if (!opt_md(p, &md_alg))
goto opthelp;
digest = md_alg;
}
}
@ -577,29 +498,20 @@ int MAIN(int argc, char **argv)
goto end;
}
}
in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
goto end;
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
e = setup_engine(engine, 0);
#endif
if (keyfile != NULL) {
pkey = load_key(bio_err, keyfile, keyform, 0, passin, e,
"Private Key");
pkey = load_key(keyfile, keyform, 0, passin, e, "Private Key");
if (!pkey) {
/*
* load_key() has already printed an appropriate message
*/
/* load_key() has already printed an appropriate message */
goto end;
} else {
char *randfile = NCONF_get_string(req_conf, SECTION, "RANDFILE");
if (randfile == NULL)
ERR_clear_error();
app_RAND_load_file(randfile, bio_err, 0);
app_RAND_load_file(randfile, 0);
}
}
@ -607,7 +519,7 @@ int MAIN(int argc, char **argv)
char *randfile = NCONF_get_string(req_conf, SECTION, "RANDFILE");
if (randfile == NULL)
ERR_clear_error();
app_RAND_load_file(randfile, bio_err, 0);
app_RAND_load_file(randfile, 0);
if (inrand)
app_RAND_load_files(inrand);
@ -616,7 +528,7 @@ int MAIN(int argc, char **argv)
}
if (keyalg) {
genctx = set_keygen_ctx(bio_err, keyalg, &pkey_type, &newkey,
genctx = set_keygen_ctx(keyalg, &pkey_type, &newkey,
&keyalgstr, gen_eng);
if (!genctx)
goto end;
@ -631,7 +543,7 @@ int MAIN(int argc, char **argv)
}
if (!genctx) {
genctx = set_keygen_ctx(bio_err, NULL, &pkey_type, &newkey,
genctx = set_keygen_ctx(NULL, &pkey_type, &newkey,
&keyalgstr, gen_eng);
if (!genctx)
goto end;
@ -663,7 +575,7 @@ int MAIN(int argc, char **argv)
EVP_PKEY_CTX_free(genctx);
genctx = NULL;
app_RAND_write_file(randfile, bio_err);
app_RAND_write_file(randfile);
if (keyout == NULL) {
keyout = NCONF_get_string(req_conf, SECTION, KEYFILE);
@ -671,22 +583,13 @@ int MAIN(int argc, char **argv)
ERR_clear_error();
}
if (keyout == NULL) {
if (keyout == NULL)
BIO_printf(bio_err, "writing new private key to stdout\n");
BIO_set_fp(out, stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
} else {
else
BIO_printf(bio_err, "writing new private key to '%s'\n", keyout);
if (BIO_write_filename(out, keyout) <= 0) {
perror(keyout);
goto end;
}
}
out = bio_open_default(keyout, "w");
if (out == NULL)
goto end;
p = NCONF_get_string(req_conf, SECTION, "encrypt_rsa_key");
if (p == NULL) {
@ -721,24 +624,14 @@ int MAIN(int argc, char **argv)
* 'format' info should not be changed.
*/
kludge = -1;
if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
if (BIO_read_filename(in, infile) <= 0) {
perror(infile);
goto end;
}
}
in = bio_open_default(infile, RB(informat));
if (in == NULL)
goto end;
if (informat == FORMAT_ASN1)
req = d2i_X509_REQ_bio(in, NULL);
else if (informat == FORMAT_PEM)
else
req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL);
else {
BIO_printf(bio_err,
"bad input format specified for X509 request\n");
goto end;
}
if (req == NULL) {
BIO_printf(bio_err, "unable to load X509 request\n");
goto end;
@ -814,7 +707,7 @@ int MAIN(int argc, char **argv)
goto end;
}
i = do_X509_sign(bio_err, x509ss, pkey, digest, sigopts);
i = do_X509_sign(x509ss, pkey, digest, sigopts);
if (!i) {
ERR_print_errors(bio_err);
goto end;
@ -835,7 +728,7 @@ int MAIN(int argc, char **argv)
req_exts);
goto end;
}
i = do_X509_REQ_sign(bio_err, req, pkey, digest, sigopts);
i = do_X509_REQ_sign(req, pkey, digest, sigopts);
if (!i) {
ERR_print_errors(bio_err);
goto end;
@ -857,7 +750,7 @@ int MAIN(int argc, char **argv)
if (build_subject(req, subj, chtype, multirdn) == 0) {
BIO_printf(bio_err, "ERROR: cannot modify subject\n");
ex = 1;
ret = 1;
goto end;
}
@ -874,9 +767,9 @@ int MAIN(int argc, char **argv)
if (pkey == NULL) {
pkey = X509_REQ_get_pubkey(req);
tmp = 1;
if (pkey == NULL)
goto end;
tmp = 1;
}
i = X509_REQ_verify(req, pkey);
@ -895,28 +788,15 @@ int MAIN(int argc, char **argv)
}
if (noout && !text && !modulus && !subject && !pubkey) {
ex = 0;
ret = 0;
goto end;
}
if (outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
} else {
if ((keyout != NULL) && (strcmp(outfile, keyout) == 0))
i = (int)BIO_append_filename(out, outfile);
else
i = (int)BIO_write_filename(out, outfile);
if (!i) {
perror(outfile);
goto end;
}
}
out = bio_open_default(outfile,
keyout != NULL && outfile != NULL &&
strcmp(keyout, outfile) == 0 ? "a" : "w");
if (out == NULL)
goto end;
if (pubkey) {
EVP_PKEY *tpubkey;
@ -971,15 +851,10 @@ int MAIN(int argc, char **argv)
if (!noout && !x509) {
if (outformat == FORMAT_ASN1)
i = i2d_X509_REQ_bio(out, req);
else if (outformat == FORMAT_PEM) {
if (newhdr)
i = PEM_write_bio_X509_REQ_NEW(out, req);
else
i = PEM_write_bio_X509_REQ(out, req);
} else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
}
else if (newhdr)
i = PEM_write_bio_X509_REQ_NEW(out, req);
else
i = PEM_write_bio_X509_REQ(out, req);
if (!i) {
BIO_printf(bio_err, "unable to write X509 request\n");
goto end;
@ -988,24 +863,16 @@ int MAIN(int argc, char **argv)
if (!noout && x509 && (x509ss != NULL)) {
if (outformat == FORMAT_ASN1)
i = i2d_X509_bio(out, x509ss);
else if (outformat == FORMAT_PEM)
else
i = PEM_write_bio_X509(out, x509ss);
else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
}
if (!i) {
BIO_printf(bio_err, "unable to write X509 certificate\n");
goto end;
}
}
ex = 0;
ret = 0;
end:
#ifndef MONOLITH
if (to_free)
OPENSSL_free(to_free);
#endif
if (ex) {
if (ret) {
ERR_print_errors(bio_err);
}
if ((req_conf != NULL) && (req_conf != config))
@ -1032,8 +899,7 @@ int MAIN(int argc, char **argv)
if (passargout && passout)
OPENSSL_free(passout);
OBJ_cleanup();
apps_shutdown();
OPENSSL_EXIT(ex);
return (ret);
}
static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn,
@ -1499,7 +1365,7 @@ static int check_end(const char *str, const char *end)
return strcmp(tmp, end);
}
static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr,
static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
int *pkey_type, long *pkeylen,
char **palgnam, ENGINE *keygen_engine)
{
@ -1536,7 +1402,7 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr,
ameth = EVP_PKEY_asn1_find_str(&tmpeng, gstr, len);
if (!ameth) {
BIO_printf(err, "Unknown algorithm %.*s\n", len, gstr);
BIO_printf(bio_err, "Unknown algorithm %.*s\n", len, gstr);
return NULL;
}
@ -1558,7 +1424,7 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr,
if (paramfile) {
pbio = BIO_new_file(paramfile, "r");
if (!pbio) {
BIO_printf(err, "Can't open parameter file %s\n", paramfile);
BIO_printf(bio_err, "Can't open parameter file %s\n", paramfile);
return NULL;
}
param = PEM_read_bio_Parameters(pbio, NULL);
@ -1576,13 +1442,13 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr,
BIO_free(pbio);
if (!param) {
BIO_printf(err, "Error reading parameter file %s\n", paramfile);
BIO_printf(bio_err, "Error reading parameter file %s\n", paramfile);
return NULL;
}
if (*pkey_type == -1)
*pkey_type = EVP_PKEY_id(param);
else if (*pkey_type != EVP_PKEY_base_id(param)) {
BIO_printf(err, "Key Type does not match parameters\n");
BIO_printf(bio_err, "Key Type does not match parameters\n");
EVP_PKEY_free(param);
return NULL;
}
@ -1594,7 +1460,7 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr,
const char *anam;
ameth = EVP_PKEY_asn1_find(&tmpeng, *pkey_type);
if (!ameth) {
BIO_puts(err, "Internal error: can't find key algorithm\n");
BIO_puts(bio_err, "Internal error: can't find key algorithm\n");
return NULL;
}
EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, &anam, ameth);
@ -1613,21 +1479,21 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr,
gctx = EVP_PKEY_CTX_new_id(*pkey_type, keygen_engine);
if (!gctx) {
BIO_puts(err, "Error allocating keygen context\n");
ERR_print_errors(err);
BIO_puts(bio_err, "Error allocating keygen context\n");
ERR_print_errors(bio_err);
return NULL;
}
if (EVP_PKEY_keygen_init(gctx) <= 0) {
BIO_puts(err, "Error initializing keygen context\n");
ERR_print_errors(err);
BIO_puts(bio_err, "Error initializing keygen context\n");
ERR_print_errors(bio_err);
return NULL;
}
#ifndef OPENSSL_NO_RSA
if ((*pkey_type == EVP_PKEY_RSA) && (keylen != -1)) {
if (EVP_PKEY_CTX_set_rsa_keygen_bits(gctx, keylen) <= 0) {
BIO_puts(err, "Error setting RSA keysize\n");
ERR_print_errors(err);
BIO_puts(bio_err, "Error setting RSA keysize\n");
ERR_print_errors(bio_err);
EVP_PKEY_CTX_free(gctx);
return NULL;
}
@ -1656,18 +1522,19 @@ static int genpkey_cb(EVP_PKEY_CTX *ctx)
return 1;
}
static int do_sign_init(BIO *err, EVP_MD_CTX *ctx, EVP_PKEY *pkey,
static int do_sign_init(EVP_MD_CTX *ctx, EVP_PKEY *pkey,
const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts)
{
EVP_PKEY_CTX *pkctx = NULL;
int i;
EVP_MD_CTX_init(ctx);
if (!EVP_DigestSignInit(ctx, &pkctx, md, NULL, pkey))
return 0;
for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {
char *sigopt = sk_OPENSSL_STRING_value(sigopts, i);
if (pkey_ctrl_string(pkctx, sigopt) <= 0) {
BIO_printf(err, "parameter error \"%s\"\n", sigopt);
BIO_printf(bio_err, "parameter error \"%s\"\n", sigopt);
ERR_print_errors(bio_err);
return 0;
}
@ -1675,39 +1542,42 @@ static int do_sign_init(BIO *err, EVP_MD_CTX *ctx, EVP_PKEY *pkey,
return 1;
}
int do_X509_sign(BIO *err, X509 *x, EVP_PKEY *pkey, const EVP_MD *md,
int do_X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md,
STACK_OF(OPENSSL_STRING) *sigopts)
{
int rv;
EVP_MD_CTX mctx;
EVP_MD_CTX_init(&mctx);
rv = do_sign_init(err, &mctx, pkey, md, sigopts);
rv = do_sign_init(&mctx, pkey, md, sigopts);
if (rv > 0)
rv = X509_sign_ctx(x, &mctx);
EVP_MD_CTX_cleanup(&mctx);
return rv > 0 ? 1 : 0;
}
int do_X509_REQ_sign(BIO *err, X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md,
int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md,
STACK_OF(OPENSSL_STRING) *sigopts)
{
int rv;
EVP_MD_CTX mctx;
EVP_MD_CTX_init(&mctx);
rv = do_sign_init(err, &mctx, pkey, md, sigopts);
rv = do_sign_init(&mctx, pkey, md, sigopts);
if (rv > 0)
rv = X509_REQ_sign_ctx(x, &mctx);
EVP_MD_CTX_cleanup(&mctx);
return rv > 0 ? 1 : 0;
}
int do_X509_CRL_sign(BIO *err, X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
STACK_OF(OPENSSL_STRING) *sigopts)
{
int rv;
EVP_MD_CTX mctx;
EVP_MD_CTX_init(&mctx);
rv = do_sign_init(err, &mctx, pkey, md, sigopts);
rv = do_sign_init(&mctx, pkey, md, sigopts);
if (rv > 0)
rv = X509_CRL_sign_ctx(x, &mctx);
EVP_MD_CTX_cleanup(&mctx);

362
apps/rsa.c
View File

@ -1,4 +1,3 @@
/* apps/rsa.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -55,6 +54,54 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_RSA
@ -71,197 +118,142 @@
# include <openssl/pem.h>
# include <openssl/bn.h>
# undef PROG
# define PROG rsa_main
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
OPT_PUBIN, OPT_PUBOUT, OPT_PASSOUT, OPT_PASSIN,
OPT_RSAPUBKEY_IN, OPT_RSAPUBKEY_OUT, OPT_PVK_STRONG, OPT_PVK_WEAK,
OPT_PVK_NONE, OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_CHECK, OPT_CIPHER
} OPTION_CHOICE;
/*-
* -inform arg - input format - default PEM (one of DER, NET or PEM)
* -outform arg - output format - default PEM
* -in arg - input file - default stdin
* -out arg - output file - default stdout
* -des - encrypt output if PEM format with DES in cbc mode
* -des3 - encrypt output if PEM format
* -idea - encrypt output if PEM format
* -seed - encrypt output if PEM format
* -aes128 - encrypt output if PEM format
* -aes192 - encrypt output if PEM format
* -aes256 - encrypt output if PEM format
* -camellia128 - encrypt output if PEM format
* -camellia192 - encrypt output if PEM format
* -camellia256 - encrypt output if PEM format
* -text - print a text version
* -modulus - print the RSA key modulus
* -check - verify key consistency
* -pubin - Expect a public key in input file.
* -pubout - Output a public key.
*/
OPTIONS rsa_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'f', "Input format, one of DER NET PEM"},
{"outform", OPT_OUTFORM, 'f', "Output format, one of DER NET PEM PVK"},
{"in", OPT_IN, '<', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
{"pubin", OPT_PUBIN, '-', "Expect a public key in input file"},
{"pubout", OPT_PUBOUT, '-', "Output a public key"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"RSAPublicKey_in", OPT_RSAPUBKEY_IN, '-', "Input is an RSAPublicKye"},
{"RSAPublicKey_out", OPT_RSAPUBKEY_OUT, '-', "Output is an RSAPublicKye"},
{"pvk-strong", OPT_PVK_STRONG, '-'},
{"pvk-weak", OPT_PVK_WEAK, '-'},
{"pvk-none", OPT_PVK_NONE, '-'},
{"noout", OPT_NOOUT, '-', "Don't print key out"},
{"text", OPT_TEXT, '-', "Print the key in text"},
{"modulus", OPT_MODULUS, '-', "Print the RSA key modulus"},
{"check", OPT_CHECK, '-', "Verify key consistency"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
{NULL}
};
int MAIN(int, char **);
int MAIN(int argc, char **argv)
int rsa_main(int argc, char **argv)
{
ENGINE *e = NULL;
int ret = 1;
RSA *rsa = NULL;
int i, badops = 0, sgckey = 0;
const EVP_CIPHER *enc = NULL;
BIO *out = NULL;
int informat, outformat, text = 0, check = 0, noout = 0;
int pubin = 0, pubout = 0;
char *infile, *outfile, *prog;
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
# ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
# endif
int modulus = 0;
#ifndef OPENSSL_NO_RC4
int pvk_encr = 2;
RSA *rsa = NULL;
const EVP_CIPHER *enc = NULL;
char *engine = NULL, *infile = NULL, *outfile = NULL, *prog;
char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
int i;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, check = 0;
int noout = 0, modulus = 0, pubin = 0, pubout = 0, pvk_encr = 2, ret = 1;
OPTION_CHOICE o;
prog = opt_init(argc, argv, rsa_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
#ifdef OPENSSL_NO_RC4
case OPT_PVK_STRONG:
case OPT_PVK_WEAK:
case OPT_PVK_NONE:
#endif
apps_startup();
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
infile = NULL;
outfile = NULL;
informat = FORMAT_PEM;
outformat = FORMAT_PEM;
prog = argv[0];
argc--;
argv++;
while (argc >= 1) {
if (strcmp(*argv, "-inform") == 0) {
if (--argc < 1)
goto bad;
informat = str2fmt(*(++argv));
} else if (strcmp(*argv, "-outform") == 0) {
if (--argc < 1)
goto bad;
outformat = str2fmt(*(++argv));
} else if (strcmp(*argv, "-in") == 0) {
if (--argc < 1)
goto bad;
infile = *(++argv);
} else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
outfile = *(++argv);
} else if (strcmp(*argv, "-passin") == 0) {
if (--argc < 1)
goto bad;
passargin = *(++argv);
} else if (strcmp(*argv, "-passout") == 0) {
if (--argc < 1)
goto bad;
passargout = *(++argv);
}
# ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv, "-engine") == 0) {
if (--argc < 1)
goto bad;
engine = *(++argv);
}
# endif
else if (strcmp(*argv, "-sgckey") == 0)
sgckey = 1;
else if (strcmp(*argv, "-pubin") == 0)
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(rsa_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_ANY, &informat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_ANY, &outformat))
goto opthelp;
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_PASSIN:
passinarg = opt_arg();
break;
case OPT_PASSOUT:
passoutarg = opt_arg();
break;
case OPT_ENGINE:
engine = opt_arg();
break;
case OPT_PUBIN:
pubin = 1;
else if (strcmp(*argv, "-pubout") == 0)
break;
case OPT_PUBOUT:
pubout = 1;
else if (strcmp(*argv, "-RSAPublicKey_in") == 0)
break;
case OPT_RSAPUBKEY_IN:
pubin = 2;
else if (strcmp(*argv, "-RSAPublicKey_out") == 0)
break;
case OPT_RSAPUBKEY_OUT:
pubout = 2;
break;
#ifndef OPENSSL_NO_RC4
else if (strcmp(*argv, "-pvk-strong") == 0)
case OPT_PVK_STRONG:
pvk_encr = 2;
else if (strcmp(*argv, "-pvk-weak") == 0)
break;
case OPT_PVK_WEAK:
pvk_encr = 1;
else if (strcmp(*argv, "-pvk-none") == 0)
break;
case OPT_PVK_NONE:
pvk_encr = 0;
break;
#endif
else if (strcmp(*argv, "-noout") == 0)
case OPT_NOOUT:
noout = 1;
else if (strcmp(*argv, "-text") == 0)
break;
case OPT_TEXT:
text = 1;
else if (strcmp(*argv, "-modulus") == 0)
break;
case OPT_MODULUS:
modulus = 1;
else if (strcmp(*argv, "-check") == 0)
break;
case OPT_CHECK:
check = 1;
else if ((enc = EVP_get_cipherbyname(&(argv[0][1]))) == NULL) {
BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1;
break;
case OPT_CIPHER:
if (!opt_cipher(opt_unknown(), &enc))
goto opthelp;
break;
}
argc--;
argv++;
}
if (badops) {
bad:
BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err,
" -inform arg input format - one of DER NET PEM\n");
BIO_printf(bio_err,
" -outform arg output format - one of DER NET PEM\n");
BIO_printf(bio_err, " -in arg input file\n");
BIO_printf(bio_err, " -sgckey Use IIS SGC key format\n");
BIO_printf(bio_err,
" -passin arg input file pass phrase source\n");
BIO_printf(bio_err, " -out arg output file\n");
BIO_printf(bio_err,
" -passout arg output file pass phrase source\n");
BIO_printf(bio_err,
" -des encrypt PEM output with cbc des\n");
BIO_printf(bio_err,
" -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
# ifndef OPENSSL_NO_IDEA
BIO_printf(bio_err,
" -idea encrypt PEM output with cbc idea\n");
# endif
# ifndef OPENSSL_NO_SEED
BIO_printf(bio_err,
" -seed encrypt PEM output with cbc seed\n");
# endif
# ifndef OPENSSL_NO_AES
BIO_printf(bio_err, " -aes128, -aes192, -aes256\n");
BIO_printf(bio_err,
" encrypt PEM output with cbc aes\n");
# endif
# ifndef OPENSSL_NO_CAMELLIA
BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n");
BIO_printf(bio_err,
" encrypt PEM output with cbc camellia\n");
# endif
BIO_printf(bio_err, " -text print the key in text\n");
BIO_printf(bio_err, " -noout don't print key out\n");
BIO_printf(bio_err, " -modulus print the RSA key modulus\n");
BIO_printf(bio_err, " -check verify key consistency\n");
BIO_printf(bio_err,
" -pubin expect a public key in input file\n");
BIO_printf(bio_err, " -pubout output a public key\n");
# ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,
" -engine e use engine e, possibly a hardware device.\n");
# endif
goto end;
}
ERR_load_crypto_strings();
argc = opt_num_rest();
argv = opt_rest();
# ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
e = setup_engine(engine, 0);
# endif
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
@ -271,8 +263,6 @@ int MAIN(int argc, char **argv)
goto end;
}
out = BIO_new(BIO_s_file());
{
EVP_PKEY *pkey;
@ -283,18 +273,12 @@ int MAIN(int argc, char **argv)
tmpformat = FORMAT_PEMRSA;
else if (informat == FORMAT_ASN1)
tmpformat = FORMAT_ASN1RSA;
} else if (informat == FORMAT_NETSCAPE && sgckey)
tmpformat = FORMAT_IISSGC;
else
} else
tmpformat = informat;
pkey = load_pubkey(bio_err, infile, tmpformat, 1,
passin, e, "Public Key");
pkey = load_pubkey(infile, tmpformat, 1, passin, e, "Public Key");
} else
pkey = load_key(bio_err, infile,
(informat == FORMAT_NETSCAPE && sgckey ?
FORMAT_IISSGC : informat), 1,
passin, e, "Private Key");
pkey = load_key(infile, informat, 1, passin, e, "Private Key");
if (pkey != NULL)
rsa = EVP_PKEY_get1_RSA(pkey);
@ -306,20 +290,9 @@ int MAIN(int argc, char **argv)
goto end;
}
if (outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
# ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
# endif
} else {
if (BIO_write_filename(out, outfile) <= 0) {
perror(outfile);
goto end;
}
}
out = bio_open_default(outfile, "w");
if (out == NULL)
goto end;
if (text)
if (!RSA_print(out, rsa, 0)) {
@ -379,13 +352,13 @@ int MAIN(int argc, char **argv)
int size;
i = 1;
size = i2d_RSA_NET(rsa, NULL, NULL, sgckey);
size = i2d_RSA_NET(rsa, NULL, NULL, 0);
if ((p = (unsigned char *)OPENSSL_malloc(size)) == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto end;
}
pp = p;
i2d_RSA_NET(rsa, &p, NULL, sgckey);
i2d_RSA_NET(rsa, &p, NULL, 0);
BIO_write(out, (char *)pp, size);
OPENSSL_free(pp);
}
@ -428,8 +401,7 @@ int MAIN(int argc, char **argv)
OPENSSL_free(passin);
if (passout)
OPENSSL_free(passout);
apps_shutdown();
OPENSSL_EXIT(ret);
return (ret);
}
#else /* !OPENSSL_NO_RSA */

276
apps/rsautl.c
View File

@ -1,4 +1,3 @@
/* rsautl.c */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 2000.
@ -75,150 +74,162 @@
# define KEY_PUBKEY 2
# define KEY_CERT 3
static void usage(void);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_ENGINE, OPT_IN, OPT_OUT, OPT_ASN1PARSE, OPT_HEXDUMP,
OPT_RAW, OPT_OAEP, OPT_SSL, OPT_PKCS, OPT_X931,
OPT_SIGN, OPT_VERIFY, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT,
OPT_PUBIN, OPT_CERTIN, OPT_INKEY, OPT_PASSIN, OPT_KEYFORM
} OPTION_CHOICE;
# undef PROG
# define PROG rsautl_main
int MAIN(int argc, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
BIO *in = NULL, *out = NULL;
char *infile = NULL, *outfile = NULL;
OPTIONS rsautl_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"in", OPT_IN, '<', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
{"inkey", OPT_INKEY, '<', "Input key"},
{"keyform", OPT_KEYFORM, 'F', "Private key format - default PEM"},
{"pubin", OPT_PUBIN, '-', "Input is an RSA public"},
{"certin", OPT_CERTIN, '-', "Input is a cert carrying an RSA public key"},
{"ssl", OPT_SSL, '-', "Use SSL v2 padding"},
{"raw", OPT_RAW, '-', "Use no padding"},
{"pkcs", OPT_PKCS, '-', "Use PKCS#1 v1.5 padding (default)"},
{"oaep", OPT_OAEP, '-', "Use PKCS#1 OAEP"},
{"sign", OPT_SIGN, '-', "Sign with private key"},
{"verify", OPT_VERIFY, '-', "Verify with public key"},
{"asn1parse", OPT_ASN1PARSE, '-'},
{"hexdump", OPT_HEXDUMP, '-', "Hex dump output"},
{"x931", OPT_X931, '-', "Use ANSI X9.31 padding"},
{"rev", OPT_REV, '-'},
{"encrypt", OPT_ENCRYPT, '-', "Encrypt with public key"},
{"decrypt", OPT_DECRYPT, '-', "Decrypt with private key"},
{"passin", OPT_PASSIN, 's', "Pass phrase source"},
# ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
char *keyfile = NULL;
char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
int keyform = FORMAT_PEM;
char need_priv = 0, badarg = 0, rev = 0;
char hexdump = 0, asn1parse = 0;
X509 *x;
{NULL}
};
int rsautl_main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL;
ENGINE *e = NULL;
EVP_PKEY *pkey = NULL;
RSA *rsa = NULL;
unsigned char *rsa_in = NULL, *rsa_out = NULL, pad;
char *passargin = NULL, *passin = NULL;
int rsa_inlen, rsa_outlen = 0;
int keysize;
X509 *x;
char *engine = NULL, *infile = NULL, *outfile = NULL, *keyfile = NULL;
char *passinarg = NULL, *passin = NULL, *prog;
char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
unsigned char *rsa_in = NULL, *rsa_out = NULL, pad = RSA_PKCS1_PADDING;
int rsa_inlen, keyformat = FORMAT_PEM, keysize, ret = 1;
int rsa_outlen = 0, hexdump = 0, asn1parse = 0, need_priv = 0, rev = 0;
OPTION_CHOICE o;
int ret = 1;
argc--;
argv++;
if (!bio_err)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
goto end;
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
pad = RSA_PKCS1_PADDING;
while (argc >= 1) {
if (!strcmp(*argv, "-in")) {
if (--argc < 1)
badarg = 1;
else
infile = *(++argv);
} else if (!strcmp(*argv, "-out")) {
if (--argc < 1)
badarg = 1;
else
outfile = *(++argv);
} else if (!strcmp(*argv, "-inkey")) {
if (--argc < 1)
badarg = 1;
else
keyfile = *(++argv);
} else if (!strcmp(*argv, "-passin")) {
if (--argc < 1)
badarg = 1;
else
passargin = *(++argv);
} else if (strcmp(*argv, "-keyform") == 0) {
if (--argc < 1)
badarg = 1;
else
keyform = str2fmt(*(++argv));
# ifndef OPENSSL_NO_ENGINE
} else if (!strcmp(*argv, "-engine")) {
if (--argc < 1)
badarg = 1;
else
engine = *(++argv);
# endif
} else if (!strcmp(*argv, "-pubin")) {
key_type = KEY_PUBKEY;
} else if (!strcmp(*argv, "-certin")) {
key_type = KEY_CERT;
} else if (!strcmp(*argv, "-asn1parse"))
prog = opt_init(argc, argv, rsautl_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(rsautl_options);
ret = 0;
goto end;
case OPT_KEYFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &keyformat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_ENGINE:
engine = opt_arg();
break;
case OPT_ASN1PARSE:
asn1parse = 1;
else if (!strcmp(*argv, "-hexdump"))
break;
case OPT_HEXDUMP:
hexdump = 1;
else if (!strcmp(*argv, "-raw"))
break;
case OPT_RAW:
pad = RSA_NO_PADDING;
else if (!strcmp(*argv, "-oaep"))
break;
case OPT_OAEP:
pad = RSA_PKCS1_OAEP_PADDING;
else if (!strcmp(*argv, "-ssl"))
break;
case OPT_SSL:
pad = RSA_SSLV23_PADDING;
else if (!strcmp(*argv, "-pkcs"))
break;
case OPT_PKCS:
pad = RSA_PKCS1_PADDING;
else if (!strcmp(*argv, "-x931"))
break;
case OPT_X931:
pad = RSA_X931_PADDING;
else if (!strcmp(*argv, "-sign")) {
break;
case OPT_SIGN:
rsa_mode = RSA_SIGN;
need_priv = 1;
} else if (!strcmp(*argv, "-verify"))
break;
case OPT_VERIFY:
rsa_mode = RSA_VERIFY;
else if (!strcmp(*argv, "-rev"))
break;
case OPT_REV:
rev = 1;
else if (!strcmp(*argv, "-encrypt"))
break;
case OPT_ENCRYPT:
rsa_mode = RSA_ENCRYPT;
else if (!strcmp(*argv, "-decrypt")) {
break;
case OPT_DECRYPT:
rsa_mode = RSA_DECRYPT;
need_priv = 1;
} else
badarg = 1;
if (badarg) {
usage();
goto end;
break;
case OPT_PUBIN:
key_type = KEY_PUBKEY;
break;
case OPT_CERTIN:
key_type = KEY_CERT;
break;
case OPT_INKEY:
keyfile = opt_arg();
break;
case OPT_PASSIN:
passinarg = opt_arg();
break;
}
argc--;
argv++;
}
argc = opt_num_rest();
argv = opt_rest();
if (need_priv && (key_type != KEY_PRIVKEY)) {
BIO_printf(bio_err, "A private key is needed for this operation\n");
goto end;
}
# ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
e = setup_engine(engine, 0);
# endif
if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
if (!app_passwd(passinarg, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
/* FIXME: seed PRNG only if needed */
app_RAND_load_file(NULL, bio_err, 0);
app_RAND_load_file(NULL, 0);
switch (key_type) {
case KEY_PRIVKEY:
pkey = load_key(bio_err, keyfile, keyform, 0,
passin, e, "Private Key");
pkey = load_key(keyfile, keyformat, 0, passin, e, "Private Key");
break;
case KEY_PUBKEY:
pkey = load_pubkey(bio_err, keyfile, keyform, 0,
NULL, e, "Public Key");
pkey = load_pubkey(keyfile, keyformat, 0, NULL, e, "Public Key");
break;
case KEY_CERT:
x = load_cert(bio_err, keyfile, keyform, NULL, e, "Certificate");
x = load_cert(keyfile, keyformat, NULL, e, "Certificate");
if (x) {
pkey = X509_get_pubkey(x);
X509_free(x);
@ -239,30 +250,12 @@ int MAIN(int argc, char **argv)
goto end;
}
if (infile) {
if (!(in = BIO_new_file(infile, "rb"))) {
BIO_printf(bio_err, "Error Reading Input File\n");
ERR_print_errors(bio_err);
goto end;
}
} else
in = BIO_new_fp(stdin, BIO_NOCLOSE);
if (outfile) {
if (!(out = BIO_new_file(outfile, "wb"))) {
BIO_printf(bio_err, "Error Reading Output File\n");
ERR_print_errors(bio_err);
goto end;
}
} else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
# ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
# endif
}
in = bio_open_default(infile, "rb");
if (in == NULL)
goto end;
out = bio_open_default(outfile, "wb");
if (out == NULL)
goto end;
keysize = RSA_size(rsa);
@ -270,7 +263,6 @@ int MAIN(int argc, char **argv)
rsa_out = OPENSSL_malloc(keysize);
if (!rsa_in || !rsa_out) {
BIO_printf(bio_err, "Out of memory\n");
ERR_print_errors(bio_err);
goto end;
}
@ -278,7 +270,7 @@ int MAIN(int argc, char **argv)
rsa_inlen = BIO_read(in, rsa_in, keysize * 2);
if (rsa_inlen <= 0) {
BIO_printf(bio_err, "Error reading input Data\n");
exit(1);
goto end;
}
if (rev) {
int i;
@ -338,34 +330,6 @@ int MAIN(int argc, char **argv)
return ret;
}
static void usage()
{
BIO_printf(bio_err, "Usage: rsautl [options]\n");
BIO_printf(bio_err, "-in file input file\n");
BIO_printf(bio_err, "-out file output file\n");
BIO_printf(bio_err, "-inkey file input key\n");
BIO_printf(bio_err, "-keyform arg private key format - default PEM\n");
BIO_printf(bio_err, "-pubin input is an RSA public\n");
BIO_printf(bio_err,
"-certin input is a certificate carrying an RSA public key\n");
BIO_printf(bio_err, "-ssl use SSL v2 padding\n");
BIO_printf(bio_err, "-raw use no padding\n");
BIO_printf(bio_err,
"-pkcs use PKCS#1 v1.5 padding (default)\n");
BIO_printf(bio_err, "-oaep use PKCS#1 OAEP\n");
BIO_printf(bio_err, "-sign sign with private key\n");
BIO_printf(bio_err, "-verify verify with public key\n");
BIO_printf(bio_err, "-encrypt encrypt with public key\n");
BIO_printf(bio_err, "-decrypt decrypt with private key\n");
BIO_printf(bio_err, "-hexdump hex dump output\n");
# ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,
"-engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err, "-passin arg pass phrase source\n");
# endif
}
#else /* !OPENSSL_NO_RSA */
# if PEDANTIC

15
apps/s_apps.h
View File

@ -178,9 +178,9 @@ int init_client(int *sock, const char *server, int port, int type);
int init_client_unix(int *sock, const char *server);
#endif
int should_retry(int i);
int extract_port(const char *str, short *port_ptr);
int extract_port(const char *str, unsigned short *port_ptr);
int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
short *p);
unsigned short *p);
long bio_dump_callback(BIO *bio, int cmd, const char *argp,
int argi, long argl, long ret);
@ -202,15 +202,12 @@ typedef struct ssl_excert_st SSL_EXCERT;
void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc);
void ssl_excert_free(SSL_EXCERT *exc);
int args_excert(char ***pargs, int *pargc,
int *badarg, BIO *err, SSL_EXCERT **pexc);
int load_excert(SSL_EXCERT **pexc, BIO *err);
int args_excert(int option, SSL_EXCERT **pexc);
int load_excert(SSL_EXCERT **pexc);
void print_ssl_summary(BIO *bio, SSL *s);
#ifdef HEADER_SSL_H
int args_ssl(char ***pargs, int *pargc, SSL_CONF_CTX *cctx,
int *badarg, BIO *err, STACK_OF(OPENSSL_STRING) **pstr);
int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx,
STACK_OF(OPENSSL_STRING) *str, int no_ecdhe, int no_jpake);
int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str,
SSL_CTX *ctx, int no_ecdhe, int no_jpake);
int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls,
int crl_download);
int ssl_load_stores(SSL_CTX *ctx, const char *vfyCApath,

254
apps/s_cb.c
View File

@ -1,4 +1,3 @@
/* apps/s_cb.c - callback functions used by s_client, s_server, and s_time */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -109,12 +108,12 @@
*
*/
/* callback functions used by s_client, s_server, and s_time */
#include <stdio.h>
#include <stdlib.h>
#include <assert.h>
#define USE_SOCKETS
#define NON_MAIN
#include "apps.h"
#undef NON_MAIN
#undef USE_SOCKETS
#include <openssl/err.h>
#include <openssl/rand.h>
@ -200,11 +199,6 @@ int verify_callback(int ok, X509_STORE_CTX *ctx)
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
{
if (cert_file != NULL) {
/*-
SSL *ssl;
X509 *x509;
*/
if (SSL_CTX_use_certificate_file(ctx, cert_file,
SSL_FILETYPE_PEM) <= 0) {
BIO_printf(bio_err, "unable to get certificate from '%s'\n",
@ -221,21 +215,6 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
return (0);
}
/*-
In theory this is no longer needed
ssl=SSL_new(ctx);
x509=SSL_get_certificate(ssl);
if (x509 != NULL) {
EVP_PKEY *pktmp;
pktmp = X509_get_pubkey(x509);
EVP_PKEY_copy_parameters(pktmp,
SSL_get_privatekey(ssl));
EVP_PKEY_free(pktmp);
}
SSL_free(ssl);
*/
/*
* If we are using DSA, we can copy the parameters from the private
* key
@ -456,17 +435,17 @@ int ssl_print_curves(BIO *out, SSL *s, int noshared)
{
int i, ncurves, *curves, nid;
const char *cname;
ncurves = SSL_get1_curves(s, NULL);
if (ncurves <= 0)
return 1;
curves = OPENSSL_malloc(ncurves * sizeof(int));
if (!curves) {
BIO_puts(out, "Malloc error getting supported curves\n");
BIO_printf(out, "Out of memory\n");
return 0;
}
SSL_get1_curves(s, curves);
BIO_puts(out, "Supported Elliptic Curves: ");
for (i = 0; i < ncurves; i++) {
if (i)
@ -1178,11 +1157,10 @@ static int set_cert_cb(SSL *ssl, void *arg)
X509_NAME_print_ex(bio_err, X509_get_subject_name(exc->cert), 0,
XN_FLAG_ONELINE);
BIO_puts(bio_err, "\n");
print_chain_flags(bio_err, ssl, rv);
if (rv & CERT_PKEY_VALID) {
if (!SSL_use_certificate(ssl, exc->cert)
|| !SSL_use_PrivateKey(ssl, exc->key)) {
|| !SSL_use_PrivateKey(ssl, exc->key)) {
return 0;
}
/*
@ -1251,7 +1229,7 @@ void ssl_excert_free(SSL_EXCERT *exc)
}
}
int load_excert(SSL_EXCERT **pexc, BIO *err)
int load_excert(SSL_EXCERT **pexc)
{
SSL_EXCERT *exc = *pexc;
if (!exc)
@ -1264,25 +1242,24 @@ int load_excert(SSL_EXCERT **pexc, BIO *err)
}
for (; exc; exc = exc->next) {
if (!exc->certfile) {
BIO_printf(err, "Missing filename\n");
BIO_printf(bio_err, "Missing filename\n");
return 0;
}
exc->cert = load_cert(err, exc->certfile, exc->certform,
exc->cert = load_cert(exc->certfile, exc->certform,
NULL, NULL, "Server Certificate");
if (!exc->cert)
return 0;
if (exc->keyfile) {
exc->key = load_key(err, exc->keyfile, exc->keyform,
exc->key = load_key(exc->keyfile, exc->keyform,
0, NULL, NULL, "Server Key");
} else {
exc->key = load_key(err, exc->certfile, exc->certform,
exc->key = load_key(exc->certfile, exc->certform,
0, NULL, NULL, "Server Key");
}
if (!exc->key)
return 0;
if (exc->chainfile) {
exc->chain = load_certs(err,
exc->chainfile, FORMAT_PEM,
exc->chain = load_certs(exc->chainfile, FORMAT_PEM,
NULL, NULL, "Server Chain");
if (!exc->chain)
return 0;
@ -1291,86 +1268,70 @@ int load_excert(SSL_EXCERT **pexc, BIO *err)
return 1;
}
int args_excert(char ***pargs, int *pargc,
int *badarg, BIO *err, SSL_EXCERT **pexc)
enum range { OPT_X_ENUM };
int args_excert(int opt, SSL_EXCERT **pexc)
{
char *arg = **pargs, *argn = (*pargs)[1];
SSL_EXCERT *exc = *pexc;
int narg = 2;
if (!exc) {
if (ssl_excert_prepend(&exc))
*pexc = exc;
else {
BIO_printf(err, "Error initialising xcert\n");
*badarg = 1;
assert(opt > OPT_X__FIRST);
assert(opt < OPT_X__LAST);
if (exc == NULL) {
if (!ssl_excert_prepend(&exc)) {
BIO_printf(bio_err, " %s: Error initialising xcert\n",
opt_getprog());
goto err;
}
*pexc = exc;
}
if (strcmp(arg, "-xcert") == 0) {
if (!argn) {
*badarg = 1;
return 1;
}
if (exc->certfile && !ssl_excert_prepend(&exc)) {
BIO_printf(err, "Error adding xcert\n");
*badarg = 1;
goto err;
}
exc->certfile = argn;
} else if (strcmp(arg, "-xkey") == 0) {
if (!argn) {
*badarg = 1;
return 1;
}
if (exc->keyfile) {
BIO_printf(err, "Key already specified\n");
*badarg = 1;
return 1;
}
exc->keyfile = argn;
} else if (strcmp(arg, "-xchain") == 0) {
if (!argn) {
*badarg = 1;
return 1;
}
if (exc->chainfile) {
BIO_printf(err, "Chain already specified\n");
*badarg = 1;
return 1;
}
exc->chainfile = argn;
} else if (strcmp(arg, "-xchain_build") == 0) {
narg = 1;
exc->build_chain = 1;
} else if (strcmp(arg, "-xcertform") == 0) {
if (!argn) {
*badarg = 1;
goto err;
}
exc->certform = str2fmt(argn);
} else if (strcmp(arg, "-xkeyform") == 0) {
if (!argn) {
*badarg = 1;
goto err;
}
exc->keyform = str2fmt(argn);
} else
switch ((enum range)opt) {
case OPT_X__FIRST:
case OPT_X__LAST:
return 0;
(*pargs) += narg;
if (pargc)
*pargc -= narg;
*pexc = exc;
case OPT_X_CERT:
if (exc->certfile && !ssl_excert_prepend(&exc)) {
BIO_printf(bio_err, "%s: Error adding xcert\n", opt_getprog());
goto err;
}
exc->certfile = opt_arg();
break;
case OPT_X_KEY:
if (exc->keyfile) {
BIO_printf(bio_err, "%s: Key already specified\n", opt_getprog());
goto err;
}
exc->keyfile = opt_arg();
break;
case OPT_X_CHAIN:
if (exc->chainfile) {
BIO_printf(bio_err, "%s: Chain already specified\n",
opt_getprog());
goto err;
}
exc->chainfile = opt_arg();
break;
case OPT_X_CHAIN_BUILD:
exc->build_chain = 1;
break;
case OPT_X_CERTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &exc->certform))
return 0;
break;
case OPT_X_KEYFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &exc->keyform))
return 0;
break;
}
return 1;
err:
ERR_print_errors(err);
ssl_excert_free(exc);
ERR_print_errors(bio_err);
if (exc)
ssl_excert_free(exc);
*pexc = NULL;
return 1;
return 0;
}
static void print_raw_cipherlist(BIO *bio, SSL *s)
@ -1438,72 +1399,31 @@ void print_ssl_summary(BIO *bio, SSL *s)
#endif
}
int args_ssl(char ***pargs, int *pargc, SSL_CONF_CTX *cctx,
int *badarg, BIO *err, STACK_OF(OPENSSL_STRING) **pstr)
{
char *arg = **pargs, *argn = (*pargs)[1];
int rv;
/* Attempt to run SSL configuration command */
rv = SSL_CONF_cmd_argv(cctx, pargc, pargs);
/* If parameter not recognised just return */
if (rv == 0)
return 0;
/* see if missing argument error */
if (rv == -3) {
BIO_printf(err, "%s needs an argument\n", arg);
*badarg = 1;
goto end;
}
/* Check for some other error */
if (rv < 0) {
BIO_printf(err, "Error with command: \"%s %s\"\n",
arg, argn ? argn : "");
*badarg = 1;
goto end;
}
/* Store command and argument */
/* If only one argument processed store value as NULL */
if (rv == 1)
argn = NULL;
if (!*pstr)
*pstr = sk_OPENSSL_STRING_new_null();
if (!*pstr || !sk_OPENSSL_STRING_push(*pstr, arg) ||
!sk_OPENSSL_STRING_push(*pstr, argn)) {
BIO_puts(err, "Memory allocation failure\n");
goto end;
}
end:
if (*badarg)
ERR_print_errors(err);
return 1;
}
int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx,
STACK_OF(OPENSSL_STRING) *str, int no_ecdhe, int no_jpake)
int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str,
SSL_CTX *ctx, int no_ecdhe, int no_jpake)
{
int i;
SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
for (i = 0; i < sk_OPENSSL_STRING_num(str); i += 2) {
const char *param = sk_OPENSSL_STRING_value(str, i);
const char *value = sk_OPENSSL_STRING_value(str, i + 1);
/*
* If no_ecdhe or named curve already specified don't need a default.
*/
if (!no_ecdhe && !strcmp(param, "-named_curve"))
const char *flag = sk_OPENSSL_STRING_value(str, i);
const char *arg = sk_OPENSSL_STRING_value(str, i + 1);
/* If no_ecdhe or named curve already specified don't need a default. */
if (!no_ecdhe && !strcmp(flag, "-named_curve"))
no_ecdhe = 1;
#ifndef OPENSSL_NO_JPAKE
if (!no_jpake && !strcmp(param, "-cipher")) {
BIO_puts(err, "JPAKE sets cipher to PSK\n");
if (!no_jpake && !strcmp(flag, "-cipher")) {
BIO_puts(bio_err, "JPAKE sets cipher to PSK\n");
return 0;
}
#endif
if (SSL_CONF_cmd(cctx, param, value) <= 0) {
BIO_printf(err, "Error with command: \"%s %s\"\n",
param, value ? value : "");
ERR_print_errors(err);
if (SSL_CONF_cmd(cctx, flag, arg) <= 0) {
if (arg)
BIO_printf(bio_err, "Error with command: \"%s %s\"\n",
flag, arg);
else
BIO_printf(bio_err, "Error with command: \"%s\"\n", flag);
ERR_print_errors(bio_err);
return 0;
}
}
@ -1514,23 +1434,23 @@ int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx,
*/
if (!no_ecdhe) {
if (SSL_CONF_cmd(cctx, "-named_curve", "P-256") <= 0) {
BIO_puts(err, "Error setting EC curve\n");
ERR_print_errors(err);
BIO_puts(bio_err, "Error setting EC curve\n");
ERR_print_errors(bio_err);
return 0;
}
}
#ifndef OPENSSL_NO_JPAKE
if (!no_jpake) {
if (SSL_CONF_cmd(cctx, "-cipher", "PSK") <= 0) {
BIO_puts(err, "Error setting cipher to PSK\n");
ERR_print_errors(err);
BIO_puts(bio_err, "Error setting cipher to PSK\n");
ERR_print_errors(bio_err);
return 0;
}
}
#endif
if (!SSL_CONF_CTX_finish(cctx)) {
BIO_puts(err, "Error finishing context\n");
ERR_print_errors(err);
BIO_puts(bio_err, "Error finishing context\n");
ERR_print_errors(bio_err);
return 0;
}
return 1;

1370
apps/s_client.c
View File

File diff suppressed because it is too large Load Diff

1209
apps/s_server.c
View File

File diff suppressed because it is too large Load Diff

70
apps/s_socket.c
View File

@ -1,6 +1,3 @@
/*
* apps/s_socket.c - socket-related functions used by s_client and s_server
*/
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -57,7 +54,56 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 199-2015 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
/* socket-related functions used by s_client and s_server */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@ -76,10 +122,8 @@ typedef unsigned int u_int;
#endif
#define USE_SOCKETS
#define NON_MAIN
#include "apps.h"
#undef USE_SOCKETS
#undef NON_MAIN
#include "s_apps.h"
#include <openssl/ssl.h>
@ -185,7 +229,7 @@ static int ssl_sock_init(void)
return (0);
}
}
# endif /* OPENSSL_SYS_WINDOWS */
# endif
return (1);
}
@ -503,16 +547,6 @@ static int do_accept(int acc_sock, int *sock, char **host)
return (0);
}
/*-
ling.l_onoff=1;
ling.l_linger=0;
i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling));
if (i < 0) { perror("linger"); return(0); }
i=0;
i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
if (i < 0) { perror("keepalive"); return(0); }
*/
if (host == NULL)
goto end;
# ifndef BIT_FIELD_LIMITS
@ -580,7 +614,7 @@ static int do_accept_unix(int acc_sock, int *sock)
# endif
int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
short *port_ptr)
unsigned short *port_ptr)
{
char *h, *p;
@ -645,7 +679,7 @@ static int host_ip(const char *str, unsigned char ip[4])
return (0);
}
int extract_port(const char *str, short *port_ptr)
int extract_port(const char *str, unsigned short *port_ptr)
{
int i;
struct servent *s;

422
apps/s_time.c
View File

@ -1,4 +1,3 @@
/* apps/s_time.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -82,9 +81,6 @@
# include OPENSSL_UNISTD
#endif
#undef PROG
#define PROG s_time_main
#undef ioctl
#define ioctl ioctlsocket
@ -107,211 +103,45 @@
#undef SECONDS
#define SECONDS 30
#define SECONDSSTR "30"
extern int verify_depth;
extern int verify_error;
static void s_time_usage(void);
static int parseArgs(int argc, char **argv);
static SSL *doConnection(SSL *scon);
static void s_time_init(void);
static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx);
/***********************************************************************
* Static data declarations
*/
/* static char *port=PORT_STR;*/
static char *host = SSL_CONNECT_NAME;
static char *t_cert_file = NULL;
static char *t_key_file = NULL;
static char *CApath = NULL;
static char *CAfile = NULL;
static char *tm_cipher = NULL;
static int tm_verify = SSL_VERIFY_NONE;
static int maxTime = SECONDS;
static SSL_CTX *tm_ctx = NULL;
static const SSL_METHOD *s_time_meth = NULL;
static char *s_www_path = NULL;
static long bytes_read = 0;
static int st_bugs = 0;
static int perform = 0;
#ifdef FIONBIO
static int t_nbio = 0;
#endif
#ifdef OPENSSL_SYS_WIN32
static int exitNow = 0; /* Set when it's time to exit main */
#endif
static void s_time_init(void)
{
host = SSL_CONNECT_NAME;
t_cert_file = NULL;
t_key_file = NULL;
CApath = NULL;
CAfile = NULL;
tm_cipher = NULL;
tm_verify = SSL_VERIFY_NONE;
maxTime = SECONDS;
tm_ctx = NULL;
s_time_meth = NULL;
s_www_path = NULL;
bytes_read = 0;
st_bugs = 0;
perform = 0;
#ifdef FIONBIO
t_nbio = 0;
#endif
#ifdef OPENSSL_SYS_WIN32
exitNow = 0; /* Set when it's time to exit main */
#endif
}
/***********************************************************************
* usage - display usage message
*/
static void s_time_usage(void)
{
static char umsg[] = "\
-time arg - max number of seconds to collect data, default %d\n\
-verify arg - turn on peer certificate verification, arg == depth\n\
-cert arg - certificate file to use, PEM format assumed\n\
-key arg - RSA file to use, PEM format assumed, key is in cert file\n\
file if not specified by this option\n\
-CApath arg - PEM format directory of CA's\n\
-CAfile arg - PEM format file of CA's\n\
-cipher - preferred cipher to use, play with 'openssl ciphers'\n\n";
printf("usage: s_time <args>\n\n");
printf("-connect host:port - host:port to connect to (default is %s)\n",
SSL_CONNECT_NAME);
#ifdef FIONBIO
printf("-nbio - Run with non-blocking IO\n");
printf("-ssl3 - Just use SSLv3\n");
printf("-bugs - Turn on SSL bug compatibility\n");
printf("-new - Just time new connections\n");
printf("-reuse - Just time connection reuse\n");
printf("-www page - Retrieve 'page' from the site\n");
#endif
printf(umsg, SECONDS);
}
/***********************************************************************
* parseArgs - Parse command line arguments and initialize data
*
* Returns 0 if ok, -1 on bad args
*/
static int parseArgs(int argc, char **argv)
{
int badop = 0;
verify_depth = 0;
verify_error = X509_V_OK;
argc--;
argv++;
while (argc >= 1) {
if (strcmp(*argv, "-connect") == 0) {
if (--argc < 1)
goto bad;
host = *(++argv);
}
else if (strcmp(*argv, "-reuse") == 0)
perform = 2;
else if (strcmp(*argv, "-new") == 0)
perform = 1;
else if (strcmp(*argv, "-verify") == 0) {
tm_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
if (--argc < 1)
goto bad;
verify_depth = atoi(*(++argv));
BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
} else if (strcmp(*argv, "-cert") == 0) {
if (--argc < 1)
goto bad;
t_cert_file = *(++argv);
} else if (strcmp(*argv, "-key") == 0) {
if (--argc < 1)
goto bad;
t_key_file = *(++argv);
} else if (strcmp(*argv, "-CApath") == 0) {
if (--argc < 1)
goto bad;
CApath = *(++argv);
} else if (strcmp(*argv, "-CAfile") == 0) {
if (--argc < 1)
goto bad;
CAfile = *(++argv);
} else if (strcmp(*argv, "-cipher") == 0) {
if (--argc < 1)
goto bad;
tm_cipher = *(++argv);
}
#ifdef FIONBIO
else if (strcmp(*argv, "-nbio") == 0) {
t_nbio = 1;
}
#endif
else if (strcmp(*argv, "-www") == 0) {
if (--argc < 1)
goto bad;
s_www_path = *(++argv);
if (strlen(s_www_path) > MYBUFSIZ - 100) {
BIO_printf(bio_err, "-www option too long\n");
badop = 1;
}
} else if (strcmp(*argv, "-bugs") == 0)
st_bugs = 1;
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_CONNECT, OPT_CIPHER, OPT_CERT, OPT_KEY, OPT_CAPATH,
OPT_CAFILE, OPT_NEW, OPT_REUSE, OPT_BUGS, OPT_VERIFY, OPT_TIME,
#ifndef OPENSSL_NO_SSL3
else if (strcmp(*argv, "-ssl3") == 0)
s_time_meth = SSLv3_client_method();
OPT_SSL3,
#endif
else if (strcmp(*argv, "-time") == 0) {
OPT_WWW
} OPTION_CHOICE;
if (--argc < 1)
goto bad;
maxTime = atoi(*(++argv));
if (maxTime <= 0) {
BIO_printf(bio_err, "time must be > 0\n");
badop = 1;
}
} else {
BIO_printf(bio_err, "unknown option %s\n", *argv);
badop = 1;
break;
}
OPTIONS s_time_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"connect", OPT_CONNECT, 's',
"Where to connect as post:port (default is " SSL_CONNECT_NAME ")"},
{"cipher", OPT_CIPHER, 's', "Cipher to use, see 'openssl ciphers'"},
{"cert", OPT_CERT, '<', "Cert file to use, PEM format assumed"},
{"key", OPT_KEY, '<', "File with key, PEM; default is -cert file"},
{"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"},
{"cafile", OPT_CAFILE, '<', "PEM format file of CA's"},
{"new", OPT_NEW, '-', "Just time new connections"},
{"reuse", OPT_REUSE, '-', "Just time connection reuse"},
{"bugs", OPT_BUGS, '-', "Turn on SSL bug compatibility"},
{"verify", OPT_VERIFY, 'p',
"Turn on peer certificate verification, set depth"},
{"time", OPT_TIME, 'p', "Sf seconds to collect data, default" SECONDSSTR},
{"www", OPT_WWW, 's', "Fetch specified page from the site"},
#ifndef OPENSSL_NO_SSL3
{"ssl3", OPT_SSL3, '-', "Just use SSLv3"},
#endif
{NULL}
};
argc--;
argv++;
}
if (perform == 0)
perform = 3;
if (badop) {
bad:
s_time_usage();
return -1;
}
return 0; /* Valid args */
}
/***********************************************************************
* TIME - time functions
*/
#define START 0
#define STOP 1
@ -320,73 +150,124 @@ static double tm_Time_F(int s)
return app_tminterval(s, 1);
}
/***********************************************************************
* MAIN - main processing area for client
* real name depends on MONOLITH
*/
int MAIN(int, char **);
int MAIN(int argc, char **argv)
int s_time_main(int argc, char **argv)
{
double totalTime = 0.0;
int nConn = 0;
SSL *scon = NULL;
long finishtime = 0;
int ret = 1, i;
char buf[1024 * 8];
int ver;
SSL *scon = NULL;
SSL_CTX *ctx = NULL;
const SSL_METHOD *meth = NULL;
char *CApath = NULL, *CAfile = NULL, *cipher = NULL, *www_path = NULL;
char *host = SSL_CONNECT_NAME, *certfile = NULL, *keyfile = NULL, *prog;
double totalTime = 0.0;
int maxtime = SECONDS, nConn = 0, perform = 3, ret = 1, i, st_bugs =
0, ver;
long bytes_read = 0, finishtime = 0;
OPTION_CHOICE o;
#ifdef OPENSSL_SYS_WIN32
int exitNow = 0; /* Set when it's time to exit main */
#endif
apps_startup();
s_time_init();
meth = SSLv23_client_method();
verify_depth = 0;
verify_error = X509_V_OK;
if (bio_err == NULL)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
prog = opt_init(argc, argv, s_time_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(s_time_options);
ret = 0;
goto end;
case OPT_CONNECT:
host = opt_arg();
break;
case OPT_REUSE:
perform = 2;
break;
case OPT_NEW:
perform = 1;
break;
case OPT_VERIFY:
if (!opt_int(opt_arg(), &verify_depth))
goto opthelp;
BIO_printf(bio_err, "%s: verify depth is %d\n",
prog, verify_depth);
break;
case OPT_CERT:
certfile = opt_arg();
break;
case OPT_KEY:
keyfile = opt_arg();
break;
case OPT_CAPATH:
CApath = opt_arg();
break;
case OPT_CAFILE:
CAfile = opt_arg();
break;
case OPT_CIPHER:
cipher = opt_arg();
break;
case OPT_BUGS:
st_bugs = 1;
break;
case OPT_TIME:
if (!opt_int(opt_arg(), &maxtime))
goto opthelp;
break;
case OPT_WWW:
www_path = opt_arg();
if (strlen(www_path) > MYBUFSIZ - 100) {
BIO_printf(bio_err, "%s: -www option too long\n", prog);
goto end;
}
break;
#ifndef OPENSSL_NO_SSL3
case OPT_SSL3:
meth = SSLv3_client_method();
break;
#endif
}
}
argc = opt_num_rest();
argv = opt_rest();
s_time_meth = SSLv23_client_method();
if (cipher == NULL)
cipher = getenv("SSL_CIPHER");
if (cipher == NULL) {
fprintf(stderr, "No CIPHER specified\n");
goto end;
}
/* parse the command line arguments */
if (parseArgs(argc, argv) < 0)
if ((ctx = SSL_CTX_new(meth)) == NULL)
goto end;
OpenSSL_add_ssl_algorithms();
if ((tm_ctx = SSL_CTX_new(s_time_meth)) == NULL)
return (1);
SSL_CTX_set_quiet_shutdown(tm_ctx, 1);
SSL_CTX_set_quiet_shutdown(ctx, 1);
if (st_bugs)
SSL_CTX_set_options(tm_ctx, SSL_OP_ALL);
if (!SSL_CTX_set_cipher_list(tm_ctx, tm_cipher))
SSL_CTX_set_options(ctx, SSL_OP_ALL);
if (!SSL_CTX_set_cipher_list(ctx, cipher))
goto end;
if (!set_cert_stuff(tm_ctx, t_cert_file, t_key_file))
if (!set_cert_stuff(ctx, certfile, keyfile))
goto end;
SSL_load_error_strings();
if ((!SSL_CTX_load_verify_locations(tm_ctx, CAfile, CApath)) ||
(!SSL_CTX_set_default_verify_paths(tm_ctx))) {
/*
* BIO_printf(bio_err,"error setting default verify locations\n");
*/
if (!ctx_set_verify_locations(ctx, CAfile, CApath)) {
ERR_print_errors(bio_err);
/* goto end; */
goto end;
}
if (tm_cipher == NULL)
tm_cipher = getenv("SSL_CIPHER");
if (tm_cipher == NULL) {
fprintf(stderr, "No CIPHER specified\n");
}
if (!(perform & 1))
goto next;
printf("Collecting connection statistics for %d seconds\n", maxTime);
printf("Collecting connection statistics for %d seconds\n", maxtime);
/* Loop and time how long it takes to make connections */
bytes_read = 0;
finishtime = (long)time(NULL) + maxTime;
finishtime = (long)time(NULL) + maxtime;
tm_Time_F(START);
for (;;) {
if (finishtime < (long)time(NULL))
@ -400,12 +281,12 @@ int MAIN(int argc, char **argv)
goto end;
#endif
if ((scon = doConnection(NULL)) == NULL)
if ((scon = doConnection(NULL, host, ctx)) == NULL)
goto end;
if (s_www_path != NULL) {
if (www_path != NULL) {
BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n",
s_www_path);
www_path);
if (SSL_write(scon, buf, strlen(buf)) <= 0)
goto end;
while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
@ -438,13 +319,13 @@ int MAIN(int argc, char **argv)
}
totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
i = (int)((long)time(NULL) - finishtime + maxTime);
i = (int)((long)time(NULL) - finishtime + maxtime);
printf
("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
nConn, totalTime, ((double)nConn / totalTime), bytes_read);
printf
("%d connections in %ld real seconds, %ld bytes read per connection\n",
nConn, (long)time(NULL) - finishtime + maxTime, bytes_read / nConn);
nConn, (long)time(NULL) - finishtime + maxtime, bytes_read / nConn);
/*
* Now loop and time connections using the same session id over and over
@ -456,16 +337,17 @@ int MAIN(int argc, char **argv)
printf("\n\nNow timing with session id reuse.\n");
/* Get an SSL object so we can reuse the session id */
if ((scon = doConnection(NULL)) == NULL) {
if ((scon = doConnection(NULL, host, ctx)) == NULL) {
fprintf(stderr, "Unable to get connection\n");
goto end;
}
if (s_www_path != NULL) {
BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", s_www_path);
if (www_path != NULL) {
BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", www_path);
if (SSL_write(scon, buf, strlen(buf)) <= 0)
goto end;
while (SSL_read(scon, buf, sizeof(buf)) > 0) ;
while (SSL_read(scon, buf, sizeof(buf)) > 0)
continue;
}
#ifdef NO_SHUTDOWN
SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
@ -477,7 +359,7 @@ int MAIN(int argc, char **argv)
nConn = 0;
totalTime = 0.0;
finishtime = (long)time(NULL) + maxTime;
finishtime = (long)time(NULL) + maxtime;
printf("starting\n");
bytes_read = 0;
@ -495,12 +377,12 @@ int MAIN(int argc, char **argv)
goto end;
#endif
if ((doConnection(scon)) == NULL)
if ((doConnection(scon, host, ctx)) == NULL)
goto end;
if (s_www_path) {
if (www_path) {
BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n",
s_www_path);
www_path);
if (SSL_write(scon, buf, strlen(buf)) <= 0)
goto end;
while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
@ -535,27 +417,20 @@ int MAIN(int argc, char **argv)
nConn, totalTime, ((double)nConn / totalTime), bytes_read);
printf
("%d connections in %ld real seconds, %ld bytes read per connection\n",
nConn, (long)time(NULL) - finishtime + maxTime,
bytes_read / (nConn?nConn:1));
nConn, (long)time(NULL) - finishtime + maxtime, bytes_read / nConn);
ret = 0;
end:
SSL_free(scon);
SSL_CTX_free(tm_ctx);
tm_ctx = NULL;
apps_shutdown();
OPENSSL_EXIT(ret);
SSL_CTX_free(ctx);
return (ret);
}
/*-
* doConnection - make a connection
* Args:
* scon = earlier ssl connection for session id, or NULL
* Returns:
* SSL * = the connection pointer.
*/
static SSL *doConnection(SSL *scon)
static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx)
{
BIO *conn;
SSL *serverCon;
@ -565,11 +440,10 @@ static SSL *doConnection(SSL *scon)
if ((conn = BIO_new(BIO_s_connect())) == NULL)
return (NULL);
/* BIO_set_conn_port(conn,port);*/
BIO_set_conn_hostname(conn, host);
if (scon == NULL)
serverCon = SSL_new(tm_ctx);
serverCon = SSL_new(ctx);
else {
serverCon = scon;
SSL_set_connect_state(serverCon);

181
apps/sess_id.c
View File

@ -1,4 +1,3 @@
/* apps/sess_id.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -66,94 +65,81 @@
#include <openssl/pem.h>
#include <openssl/ssl.h>
#undef PROG
#define PROG sess_id_main
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT,
OPT_TEXT, OPT_CERT, OPT_NOOUT, OPT_CONTEXT
} OPTION_CHOICE;
static const char *sess_id_usage[] = {
"usage: sess_id args\n",
"\n",
" -inform arg - input format - default PEM (DER or PEM)\n",
" -outform arg - output format - default PEM (PEM, DER or NSS)\n",
" -in arg - input file - default stdin\n",
" -out arg - output file - default stdout\n",
" -text - print ssl session id details\n",
" -cert - output certificate \n",
" -noout - no output of encoded session info\n",
" -context arg - set the session ID context\n",
NULL
OPTIONS sess_id_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'F', "Input format - default PEM (DER or PEM)"},
{"outform", OPT_OUTFORM, 'F',
"Output format - default PEM (PEM, DER or NSS)"},
{"in", OPT_IN, 's', "Input file - default stdin"},
{"out", OPT_OUT, 's', "Output file - default stdout"},
{"text", OPT_TEXT, '-', "Print ssl session id details"},
{"cert", OPT_CERT, '-', "Output certificate "},
{"noout", OPT_NOOUT, '-', "Don't output the encoded session info"},
{"context", OPT_CONTEXT, 's', "Set the session ID context"},
{NULL}
};
static SSL_SESSION *load_sess_id(char *file, int format);
int MAIN(int, char **);
int MAIN(int argc, char **argv)
int sess_id_main(int argc, char **argv)
{
SSL_SESSION *x = NULL;
X509 *peer = NULL;
int ret = 1, i, num, badops = 0;
BIO *out = NULL;
int informat, outformat;
char *infile = NULL, *outfile = NULL, *context = NULL;
int cert = 0, noout = 0, text = 0;
const char **pp;
char *infile = NULL, *outfile = NULL, *context = NULL, *prog;
int informat = FORMAT_PEM, outformat = FORMAT_PEM;
int cert = 0, noout = 0, text = 0, ret = 1, i, num = 0;
OPTION_CHOICE o;
apps_startup();
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
informat = FORMAT_PEM;
outformat = FORMAT_PEM;
argc--;
argv++;
num = 0;
while (argc >= 1) {
if (strcmp(*argv, "-inform") == 0) {
if (--argc < 1)
goto bad;
informat = str2fmt(*(++argv));
} else if (strcmp(*argv, "-outform") == 0) {
if (--argc < 1)
goto bad;
outformat = str2fmt(*(++argv));
} else if (strcmp(*argv, "-in") == 0) {
if (--argc < 1)
goto bad;
infile = *(++argv);
} else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
outfile = *(++argv);
} else if (strcmp(*argv, "-text") == 0)
prog = opt_init(argc, argv, sess_id_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(sess_id_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
goto opthelp;
break;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_TEXT:
text = ++num;
else if (strcmp(*argv, "-cert") == 0)
break;
case OPT_CERT:
cert = ++num;
else if (strcmp(*argv, "-noout") == 0)
break;
case OPT_NOOUT:
noout = ++num;
else if (strcmp(*argv, "-context") == 0) {
if (--argc < 1)
goto bad;
context = *++argv;
} else {
BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1;
break;
case OPT_CONTEXT:
context = opt_arg();
break;
}
argc--;
argv++;
}
argc = opt_num_rest();
argv = opt_rest();
if (badops) {
bad:
for (pp = sess_id_usage; (*pp != NULL); pp++)
BIO_printf(bio_err, "%s", *pp);
goto end;
}
ERR_load_crypto_strings();
x = load_sess_id(infile, informat);
if (x == NULL) {
goto end;
@ -166,33 +152,20 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "Context too long\n");
goto end;
}
if (!SSL_SESSION_set1_id_context(x, (unsigned char *)context, ctx_len)) {
if (!SSL_SESSION_set1_id_context(x, (unsigned char *)context,
ctx_len)) {
BIO_printf(bio_err, "Error setting id context\n");
goto end;
}
}
if (!noout || text) {
out = BIO_new(BIO_s_file());
if (out == NULL) {
ERR_print_errors(bio_err);
const char* modeflag = "w";
if (outformat == FORMAT_ASN1 || outformat == FORMAT_NSS)
modeflag = "wb";
out = bio_open_default(outfile, modeflag);
if (out == NULL)
goto end;
}
if (outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
} else {
if (BIO_write_filename(out, outfile) <= 0) {
perror(outfile);
goto end;
}
}
}
if (text) {
@ -240,8 +213,7 @@ int MAIN(int argc, char **argv)
BIO_free_all(out);
if (x != NULL)
SSL_SESSION_free(x);
apps_shutdown();
OPENSSL_EXIT(ret);
return (ret);
}
static SSL_SESSION *load_sess_id(char *infile, int format)
@ -249,28 +221,13 @@ static SSL_SESSION *load_sess_id(char *infile, int format)
SSL_SESSION *x = NULL;
BIO *in = NULL;
in = BIO_new(BIO_s_file());
if (in == NULL) {
ERR_print_errors(bio_err);
in = bio_open_default(infile, RB(format));
if (in == NULL)
goto end;
}
if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
if (BIO_read_filename(in, infile) <= 0) {
perror(infile);
goto end;
}
}
if (format == FORMAT_ASN1)
x = d2i_SSL_SESSION_bio(in, NULL);
else if (format == FORMAT_PEM)
else
x = PEM_read_bio_SSL_SESSION(in, NULL, NULL, NULL);
else {
BIO_printf(bio_err, "bad input format specified for input crl\n");
goto end;
}
if (x == NULL) {
BIO_printf(bio_err, "unable to load SSL_SESSION\n");
ERR_print_errors(bio_err);

681
apps/smime.c
View File

@ -1,4 +1,3 @@
/* smime.c */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
@ -68,8 +67,6 @@
#include <openssl/x509_vfy.h>
#include <openssl/x509v3.h>
#undef PROG
#define PROG smime_main
static int save_certs(char *signerfile, STACK_OF(X509) *signers);
static int smime_cb(int ok, X509_STORE_CTX *ctx);
@ -83,277 +80,315 @@ static int smime_cb(int ok, X509_STORE_CTX *ctx);
#define SMIME_PK7OUT (5 | SMIME_IP | SMIME_OP)
#define SMIME_RESIGN (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS)
int MAIN(int, char **);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_ENCRYPT, OPT_DECRYPT, OPT_SIGN, OPT_RESIGN, OPT_VERIFY,
OPT_PK7OUT, OPT_TEXT, OPT_NOINTERN, OPT_NOVERIFY, OPT_NOCHAIN,
OPT_NOCERTS, OPT_NOATTR, OPT_NODETACH, OPT_NOSMIMECAP,
OPT_BINARY, OPT_NOSIGS, OPT_STREAM, OPT_INDEF, OPT_NOINDEF,
OPT_NOOLDMIME, OPT_CRLFEOL, OPT_RAND, OPT_ENGINE, OPT_PASSIN,
OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP, OPT_MD,
OPT_CIPHER, OPT_INKEY, OPT_KEYFORM, OPT_CERTFILE, OPT_CAFILE,
OPT_V_ENUM,
OPT_CAPATH, OPT_IN, OPT_INFORM, OPT_OUT, OPT_OUTFORM, OPT_CONTENT
} OPTION_CHOICE;
int MAIN(int argc, char **argv)
OPTIONS smime_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [options] cert.pem...\n"},
{OPT_HELP_STR, 1, '-',
" cert.pem... recipient certs for encryption\n"},
{OPT_HELP_STR, 1, '-', "Valid options are:\n"},
{"help", OPT_HELP, '-', "Display this summary"},
{"encrypt", OPT_ENCRYPT, '-', "Encrypt message"},
{"decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message"},
{"sign", OPT_SIGN, '-', "Sign message"},
{"verify", OPT_VERIFY, '-', "Verify signed message"},
{"pk7out", OPT_PK7OUT, '-', "Output PKCS#7 structure"},
{"nointern", OPT_NOINTERN, '-',
"Don't search certificates in message for signer"},
{"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"},
{"noverify", OPT_NOVERIFY, '-', "Don't verify signers certificate"},
{"nocerts", OPT_NOCERTS, '-',
"Don't include signers certificate when signing"},
{"nodetach", OPT_NODETACH, '-', "Use opaque signing"},
{"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"},
{"binary", OPT_BINARY, '-', "Don't translate message to text"},
{"certfile", OPT_CERTFILE, '<', "Other certificates file"},
{"signer", OPT_SIGNER, '<', "Signer certificate file"},
{"recip", OPT_RECIP, '<', "Recipient certificate file for decryption"},
{"in", OPT_IN, '<', "Input file"},
{"inform", OPT_INFORM, 'F', "Input format SMIME (default), PEM or DER"},
{"inkey", OPT_INKEY, '<',
"Input private key (if not signer or recipient)"},
{"keyform", OPT_KEYFORM, 'f', "Input private key format (PEM or ENGINE)"},
{"out", OPT_OUT, '>', "Output file"},
{"outform", OPT_OUTFORM, 'F',
"Output format SMIME (default), PEM or DER"},
{"content", OPT_CONTENT, '<',
"Supply or override content for detached signature"},
{"to", OPT_TO, 's', "To address"},
{"from", OPT_FROM, 's', "From address"},
{"subject", OPT_SUBJECT, 's', "Subject"},
{"text", OPT_TEXT, '-', "Include or delete text MIME headers"},
{"CApath", OPT_CAPATH, '/', "Trusted certificates directory"},
{"CAfile", OPT_CAFILE, '<', "Trusted certificates file"},
{"resign", OPT_RESIGN, '-'},
{"nochain", OPT_NOCHAIN, '-'},
{"nosmimecap", OPT_NOSMIMECAP, '-'},
{"stream", OPT_STREAM, '-'},
{"indef", OPT_INDEF, '-'},
{"noindef", OPT_NOINDEF, '-'},
{"nooldmime", OPT_NOOLDMIME, '-'},
{"crlfeol", OPT_CRLFEOL, '-'},
{"rand", OPT_RAND, 's',
"Load the file(s) into the random number generator"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"md", OPT_MD, 's'},
{"", OPT_CIPHER, '-', "Any supported cipher"},
OPT_V_OPTIONS,
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{NULL}
};
int smime_main(int argc, char **argv)
{
ENGINE *e = NULL;
int operation = 0;
int ret = 0;
char **args;
const char *inmode = "r", *outmode = "w";
char *infile = NULL, *outfile = NULL;
char *signerfile = NULL, *recipfile = NULL;
STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;
char *certfile = NULL, *keyfile = NULL, *contfile = NULL;
const EVP_CIPHER *cipher = NULL;
PKCS7 *p7 = NULL;
X509_STORE *store = NULL;
X509 *cert = NULL, *recip = NULL, *signer = NULL;
EVP_PKEY *key = NULL;
STACK_OF(X509) *encerts = NULL, *other = NULL;
BIO *in = NULL, *out = NULL, *indata = NULL;
int badarg = 0;
int flags = PKCS7_DETACHED;
char *to = NULL, *from = NULL, *subject = NULL;
char *CAfile = NULL, *CApath = NULL;
char *passargin = NULL, *passin = NULL;
char *inrand = NULL;
int need_rand = 0;
int indef = 0;
const EVP_MD *sign_md = NULL;
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
int keyform = FORMAT_PEM;
#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
#endif
EVP_PKEY *key = NULL;
PKCS7 *p7 = NULL;
STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;
STACK_OF(X509) *encerts = NULL, *other = NULL;
X509 *cert = NULL, *recip = NULL, *signer = NULL;
X509_STORE *store = NULL;
X509_VERIFY_PARAM *vpm = NULL;
args = argv + 1;
ret = 1;
apps_startup();
if (bio_err == NULL) {
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
}
if (!load_config(bio_err, NULL))
goto end;
while (!badarg && *args && *args[0] == '-') {
if (!strcmp(*args, "-encrypt"))
operation = SMIME_ENCRYPT;
else if (!strcmp(*args, "-decrypt"))
operation = SMIME_DECRYPT;
else if (!strcmp(*args, "-sign"))
operation = SMIME_SIGN;
else if (!strcmp(*args, "-resign"))
operation = SMIME_RESIGN;
else if (!strcmp(*args, "-verify"))
operation = SMIME_VERIFY;
else if (!strcmp(*args, "-pk7out"))
operation = SMIME_PK7OUT;
#ifndef OPENSSL_NO_DES
else if (!strcmp(*args, "-des3"))
cipher = EVP_des_ede3_cbc();
else if (!strcmp(*args, "-des"))
cipher = EVP_des_cbc();
#endif
#ifndef OPENSSL_NO_SEED
else if (!strcmp(*args, "-seed"))
cipher = EVP_seed_cbc();
#endif
#ifndef OPENSSL_NO_RC2
else if (!strcmp(*args, "-rc2-40"))
cipher = EVP_rc2_40_cbc();
else if (!strcmp(*args, "-rc2-128"))
cipher = EVP_rc2_cbc();
else if (!strcmp(*args, "-rc2-64"))
cipher = EVP_rc2_64_cbc();
#endif
#ifndef OPENSSL_NO_AES
else if (!strcmp(*args, "-aes128"))
cipher = EVP_aes_128_cbc();
else if (!strcmp(*args, "-aes192"))
cipher = EVP_aes_192_cbc();
else if (!strcmp(*args, "-aes256"))
cipher = EVP_aes_256_cbc();
#endif
#ifndef OPENSSL_NO_CAMELLIA
else if (!strcmp(*args, "-camellia128"))
cipher = EVP_camellia_128_cbc();
else if (!strcmp(*args, "-camellia192"))
cipher = EVP_camellia_192_cbc();
else if (!strcmp(*args, "-camellia256"))
cipher = EVP_camellia_256_cbc();
#endif
else if (!strcmp(*args, "-text"))
flags |= PKCS7_TEXT;
else if (!strcmp(*args, "-nointern"))
flags |= PKCS7_NOINTERN;
else if (!strcmp(*args, "-noverify"))
flags |= PKCS7_NOVERIFY;
else if (!strcmp(*args, "-nochain"))
flags |= PKCS7_NOCHAIN;
else if (!strcmp(*args, "-nocerts"))
flags |= PKCS7_NOCERTS;
else if (!strcmp(*args, "-noattr"))
flags |= PKCS7_NOATTR;
else if (!strcmp(*args, "-nodetach"))
flags &= ~PKCS7_DETACHED;
else if (!strcmp(*args, "-nosmimecap"))
flags |= PKCS7_NOSMIMECAP;
else if (!strcmp(*args, "-binary"))
flags |= PKCS7_BINARY;
else if (!strcmp(*args, "-nosigs"))
flags |= PKCS7_NOSIGS;
else if (!strcmp(*args, "-stream"))
indef = 1;
else if (!strcmp(*args, "-indef"))
indef = 1;
else if (!strcmp(*args, "-noindef"))
indef = 0;
else if (!strcmp(*args, "-nooldmime"))
flags |= PKCS7_NOOLDMIMETYPE;
else if (!strcmp(*args, "-crlfeol"))
flags |= PKCS7_CRLFEOL;
else if (!strcmp(*args, "-rand")) {
if (!args[1])
goto argerr;
args++;
inrand = *args;
need_rand = 1;
}
const EVP_CIPHER *cipher = NULL;
const EVP_MD *sign_md = NULL;
char *CAfile = NULL, *CApath = NULL, *inrand = NULL, *engine = NULL;
char *certfile = NULL, *keyfile = NULL, *contfile = NULL, *prog;
char *infile = NULL, *outfile = NULL, *signerfile = NULL, *recipfile =
NULL;
char *passinarg = NULL, *passin = NULL, *to = NULL, *from =
NULL, *subject = NULL;
const char *inmode = "r", *outmode = "w";
OPTION_CHOICE o;
int flags = PKCS7_DETACHED, operation = 0, ret = 0, need_rand = 0, indef =
0;
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME, keyform =
FORMAT_PEM;
int vpmtouched = 0, rv = 0;
#ifndef OPENSSL_NO_ENGINE
else if (!strcmp(*args, "-engine")) {
if (!args[1])
goto argerr;
engine = *++args;
}
ENGINE *e = NULL;
#endif
else if (!strcmp(*args, "-passin")) {
if (!args[1])
goto argerr;
passargin = *++args;
} else if (!strcmp(*args, "-to")) {
if (!args[1])
goto argerr;
to = *++args;
} else if (!strcmp(*args, "-from")) {
if (!args[1])
goto argerr;
from = *++args;
} else if (!strcmp(*args, "-subject")) {
if (!args[1])
goto argerr;
subject = *++args;
} else if (!strcmp(*args, "-signer")) {
if (!args[1])
goto argerr;
/* If previous -signer argument add signer to list */
if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
return 1;
prog = opt_init(argc, argv, smime_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(smime_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_ENCRYPT:
operation = SMIME_ENCRYPT;
break;
case OPT_DECRYPT:
operation = SMIME_DECRYPT;
break;
case OPT_SIGN:
operation = SMIME_SIGN;
break;
case OPT_RESIGN:
operation = SMIME_RESIGN;
break;
case OPT_VERIFY:
operation = SMIME_VERIFY;
break;
case OPT_PK7OUT:
operation = SMIME_PK7OUT;
break;
case OPT_TEXT:
flags |= PKCS7_TEXT;
break;
case OPT_NOINTERN:
flags |= PKCS7_NOINTERN;
break;
case OPT_NOVERIFY:
flags |= PKCS7_NOVERIFY;
break;
case OPT_NOCHAIN:
flags |= PKCS7_NOCHAIN;
break;
case OPT_NOCERTS:
flags |= PKCS7_NOCERTS;
break;
case OPT_NOATTR:
flags |= PKCS7_NOATTR;
break;
case OPT_NODETACH:
flags &= ~PKCS7_DETACHED;
break;
case OPT_NOSMIMECAP:
flags |= PKCS7_NOSMIMECAP;
break;
case OPT_BINARY:
flags |= PKCS7_BINARY;
break;
case OPT_NOSIGS:
flags |= PKCS7_NOSIGS;
break;
case OPT_STREAM:
case OPT_INDEF:
indef = 1;
break;
case OPT_NOINDEF:
indef = 0;
break;
case OPT_NOOLDMIME:
flags |= PKCS7_NOOLDMIMETYPE;
break;
case OPT_CRLFEOL:
flags |= PKCS7_CRLFEOL;
break;
case OPT_RAND:
inrand = opt_arg();
need_rand = 1;
break;
case OPT_ENGINE:
engine = opt_arg();
break;
case OPT_PASSIN:
passinarg = opt_arg();
break;
case OPT_TO:
to = opt_arg();
break;
case OPT_FROM:
from = opt_arg();
break;
case OPT_SUBJECT:
subject = opt_arg();
break;
case OPT_SIGNER:
/* If previous -signer argument add signer to list */
if (signerfile) {
if (!sksigners)
sksigners = sk_OPENSSL_STRING_new_null();
if (sksigners == NULL
&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
sk_OPENSSL_STRING_push(sksigners, signerfile);
if (!keyfile)
if (keyfile == NULL)
keyfile = signerfile;
if (!skkeys)
skkeys = sk_OPENSSL_STRING_new_null();
if (skkeys == NULL
&& (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
sk_OPENSSL_STRING_push(skkeys, keyfile);
keyfile = NULL;
}
signerfile = *++args;
} else if (!strcmp(*args, "-recip")) {
if (!args[1])
goto argerr;
recipfile = *++args;
} else if (!strcmp(*args, "-md")) {
if (!args[1])
goto argerr;
sign_md = EVP_get_digestbyname(*++args);
if (sign_md == NULL) {
BIO_printf(bio_err, "Unknown digest %s\n", *args);
goto argerr;
}
} else if (!strcmp(*args, "-inkey")) {
if (!args[1])
goto argerr;
signerfile = opt_arg();
break;
case OPT_RECIP:
recipfile = opt_arg();
break;
case OPT_MD:
if (!opt_md(opt_arg(), &sign_md))
goto opthelp;
break;
case OPT_CIPHER:
if (!opt_cipher(opt_unknown(), &cipher))
goto opthelp;
break;
case OPT_INKEY:
/* If previous -inkey arument add signer to list */
if (keyfile) {
if (!signerfile) {
BIO_puts(bio_err, "Illegal -inkey without -signer\n");
goto argerr;
if (signerfile == NULL) {
BIO_printf(bio_err,
"%s: Must have -signer before -inkey\n", prog);
goto opthelp;
}
if (!sksigners)
sksigners = sk_OPENSSL_STRING_new_null();
if (sksigners == NULL
&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
sk_OPENSSL_STRING_push(sksigners, signerfile);
signerfile = NULL;
if (!skkeys)
skkeys = sk_OPENSSL_STRING_new_null();
if (skkeys == NULL
&& (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
sk_OPENSSL_STRING_push(skkeys, keyfile);
}
keyfile = *++args;
} else if (!strcmp(*args, "-keyform")) {
if (!args[1])
goto argerr;
keyform = str2fmt(*++args);
} else if (!strcmp(*args, "-certfile")) {
if (!args[1])
goto argerr;
certfile = *++args;
} else if (!strcmp(*args, "-CAfile")) {
if (!args[1])
goto argerr;
CAfile = *++args;
} else if (!strcmp(*args, "-CApath")) {
if (!args[1])
goto argerr;
CApath = *++args;
} else if (!strcmp(*args, "-in")) {
if (!args[1])
goto argerr;
infile = *++args;
} else if (!strcmp(*args, "-inform")) {
if (!args[1])
goto argerr;
informat = str2fmt(*++args);
} else if (!strcmp(*args, "-outform")) {
if (!args[1])
goto argerr;
outformat = str2fmt(*++args);
} else if (!strcmp(*args, "-out")) {
if (!args[1])
goto argerr;
outfile = *++args;
} else if (!strcmp(*args, "-content")) {
if (!args[1])
goto argerr;
contfile = *++args;
} else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
continue;
else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL)
badarg = 1;
args++;
keyfile = opt_arg();
break;
case OPT_KEYFORM:
if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform))
goto opthelp;
break;
case OPT_CERTFILE:
certfile = opt_arg();
break;
case OPT_CAFILE:
CAfile = opt_arg();
break;
case OPT_CAPATH:
CApath = opt_arg();
break;
case OPT_CONTENT:
contfile = opt_arg();
break;
case OPT_V_CASES:
if (!opt_verify(o, vpm))
goto opthelp;
vpmtouched++;
break;
}
}
argc = opt_num_rest();
argv = opt_rest();
if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners)) {
BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
goto argerr;
goto opthelp;
}
if (operation & SMIME_SIGNERS) {
/* Check to see if any final signer needs to be appended */
if (keyfile && !signerfile) {
BIO_puts(bio_err, "Illegal -inkey without -signer\n");
goto argerr;
goto opthelp;
}
if (signerfile) {
if (!sksigners)
sksigners = sk_OPENSSL_STRING_new_null();
if (!sksigners
&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
sk_OPENSSL_STRING_push(sksigners, signerfile);
if (!skkeys)
skkeys = sk_OPENSSL_STRING_new_null();
if (!skkeys && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
if (!keyfile)
keyfile = signerfile;
sk_OPENSSL_STRING_push(skkeys, keyfile);
}
if (!sksigners) {
BIO_printf(bio_err, "No signer certificate specified\n");
badarg = 1;
goto opthelp;
}
signerfile = NULL;
keyfile = NULL;
@ -362,118 +397,28 @@ int MAIN(int argc, char **argv)
if (!recipfile && !keyfile) {
BIO_printf(bio_err,
"No recipient certificate or key specified\n");
badarg = 1;
goto opthelp;
}
} else if (operation == SMIME_ENCRYPT) {
if (!*args) {
if (argc == 0) {
BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
badarg = 1;
goto opthelp;
}
need_rand = 1;
} else if (!operation)
badarg = 1;
goto opthelp;
if (badarg) {
argerr:
BIO_printf(bio_err, "Usage smime [options] cert.pem ...\n");
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, "-encrypt encrypt message\n");
BIO_printf(bio_err, "-decrypt decrypt encrypted message\n");
BIO_printf(bio_err, "-sign sign message\n");
BIO_printf(bio_err, "-verify verify signed message\n");
BIO_printf(bio_err, "-pk7out output PKCS#7 structure\n");
#ifndef OPENSSL_NO_DES
BIO_printf(bio_err, "-des3 encrypt with triple DES\n");
BIO_printf(bio_err, "-des encrypt with DES\n");
#endif
#ifndef OPENSSL_NO_SEED
BIO_printf(bio_err, "-seed encrypt with SEED\n");
#endif
#ifndef OPENSSL_NO_RC2
BIO_printf(bio_err, "-rc2-40 encrypt with RC2-40 (default)\n");
BIO_printf(bio_err, "-rc2-64 encrypt with RC2-64\n");
BIO_printf(bio_err, "-rc2-128 encrypt with RC2-128\n");
#endif
#ifndef OPENSSL_NO_AES
BIO_printf(bio_err, "-aes128, -aes192, -aes256\n");
BIO_printf(bio_err,
" encrypt PEM output with cbc aes\n");
#endif
#ifndef OPENSSL_NO_CAMELLIA
BIO_printf(bio_err, "-camellia128, -camellia192, -camellia256\n");
BIO_printf(bio_err,
" encrypt PEM output with cbc camellia\n");
#endif
BIO_printf(bio_err,
"-nointern don't search certificates in message for signer\n");
BIO_printf(bio_err,
"-nosigs don't verify message signature\n");
BIO_printf(bio_err,
"-noverify don't verify signers certificate\n");
BIO_printf(bio_err,
"-nocerts don't include signers certificate when signing\n");
BIO_printf(bio_err, "-nodetach use opaque signing\n");
BIO_printf(bio_err,
"-noattr don't include any signed attributes\n");
BIO_printf(bio_err,
"-binary don't translate message to text\n");
BIO_printf(bio_err, "-certfile file other certificates file\n");
BIO_printf(bio_err, "-signer file signer certificate file\n");
BIO_printf(bio_err,
"-recip file recipient certificate file for decryption\n");
BIO_printf(bio_err, "-in file input file\n");
BIO_printf(bio_err,
"-inform arg input format SMIME (default), PEM or DER\n");
BIO_printf(bio_err,
"-inkey file input private key (if not signer or recipient)\n");
BIO_printf(bio_err,
"-keyform arg input private key format (PEM or ENGINE)\n");
BIO_printf(bio_err, "-out file output file\n");
BIO_printf(bio_err,
"-outform arg output format SMIME (default), PEM or DER\n");
BIO_printf(bio_err,
"-content file supply or override content for detached signature\n");
BIO_printf(bio_err, "-to addr to address\n");
BIO_printf(bio_err, "-from ad from address\n");
BIO_printf(bio_err, "-subject s subject\n");
BIO_printf(bio_err,
"-text include or delete text MIME headers\n");
BIO_printf(bio_err,
"-CApath dir trusted certificates directory\n");
BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
BIO_printf(bio_err,
"-trusted_first use locally trusted CA's first when building trust chain\n");
BIO_printf(bio_err,
"-no_alt_chains only ever use the first certificate chain found\n");
BIO_printf(bio_err,
"-crl_check check revocation status of signer's certificate using CRLs\n");
BIO_printf(bio_err,
"-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,
"-engine e use engine e, possibly a hardware device.\n");
#endif
BIO_printf(bio_err, "-passin arg input file pass phrase source\n");
BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
LIST_SEPARATOR_CHAR);
BIO_printf(bio_err,
" load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n");
BIO_printf(bio_err,
"cert.pem recipient certificate(s) for encryption\n");
goto end;
}
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
e = setup_engine(engine, 0);
#endif
if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
if (!app_passwd(passinarg, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
if (need_rand) {
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
app_RAND_load_file(NULL, (inrand != NULL));
if (inrand != NULL)
BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
@ -510,19 +455,21 @@ int MAIN(int argc, char **argv)
#endif
}
encerts = sk_X509_new_null();
while (*args) {
if (!(cert = load_cert(bio_err, *args, FORMAT_PEM,
NULL, e, "recipient certificate file"))) {
if (!encerts)
goto end;
while (*argv) {
cert = load_cert(*argv, FORMAT_PEM,
NULL, e, "recipient certificate file");
if (cert == NULL)
goto end;
}
sk_X509_push(encerts, cert);
cert = NULL;
args++;
argv++;
}
}
if (certfile) {
if (!(other = load_certs(bio_err, certfile, FORMAT_PEM, NULL,
if (!(other = load_certs(certfile, FORMAT_PEM, NULL,
e, "certificate file"))) {
ERR_print_errors(bio_err);
goto end;
@ -530,7 +477,7 @@ int MAIN(int argc, char **argv)
}
if (recipfile && (operation == SMIME_DECRYPT)) {
if (!(recip = load_cert(bio_err, recipfile, FORMAT_PEM, NULL,
if (!(recip = load_cert(recipfile, FORMAT_PEM, NULL,
e, "recipient certificate file"))) {
ERR_print_errors(bio_err);
goto end;
@ -547,19 +494,14 @@ int MAIN(int argc, char **argv)
keyfile = NULL;
if (keyfile) {
key = load_key(bio_err, keyfile, keyform, 0, passin, e,
"signing key file");
key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
if (!key)
goto end;
}
if (infile) {
if (!(in = BIO_new_file(infile, inmode))) {
BIO_printf(bio_err, "Can't open input file %s\n", infile);
goto end;
}
} else
in = BIO_new_fp(stdin, BIO_NOCLOSE);
in = bio_open_default(infile, inmode);
if (in == NULL)
goto end;
if (operation & SMIME_IP) {
if (informat == FORMAT_SMIME)
@ -586,26 +528,15 @@ int MAIN(int argc, char **argv)
}
}
if (outfile) {
if (!(out = BIO_new_file(outfile, outmode))) {
BIO_printf(bio_err, "Can't open output file %s\n", outfile);
goto end;
}
} else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
out = bio_open_default(outfile, outmode);
if (out == NULL)
goto end;
if (operation == SMIME_VERIFY) {
if (!(store = setup_verify(bio_err, CAfile, CApath)))
if (!(store = setup_verify(CAfile, CApath)))
goto end;
X509_STORE_set_verify_cb(store, smime_cb);
if (vpm)
if (vpmtouched)
X509_STORE_set1_param(store, vpm);
}
@ -642,12 +573,11 @@ int MAIN(int argc, char **argv)
for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {
signerfile = sk_OPENSSL_STRING_value(sksigners, i);
keyfile = sk_OPENSSL_STRING_value(skkeys, i);
signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL,
signer = load_cert(signerfile, FORMAT_PEM, NULL,
e, "signer certificate");
if (!signer)
goto end;
key = load_key(bio_err, keyfile, keyform, 0, passin, e,
"signing key file");
key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
if (!key)
goto end;
if (!PKCS7_sign_add_signer(p7, signer, key, sign_md, flags))
@ -701,22 +631,27 @@ int MAIN(int argc, char **argv)
BIO_printf(out, "Subject: %s\n", subject);
if (outformat == FORMAT_SMIME) {
if (operation == SMIME_RESIGN)
SMIME_write_PKCS7(out, p7, indata, flags);
rv = SMIME_write_PKCS7(out, p7, indata, flags);
else
SMIME_write_PKCS7(out, p7, in, flags);
rv = SMIME_write_PKCS7(out, p7, in, flags);
} else if (outformat == FORMAT_PEM)
PEM_write_bio_PKCS7_stream(out, p7, in, flags);
rv = PEM_write_bio_PKCS7_stream(out, p7, in, flags);
else if (outformat == FORMAT_ASN1)
i2d_PKCS7_bio_stream(out, p7, in, flags);
rv = i2d_PKCS7_bio_stream(out, p7, in, flags);
else {
BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");
goto end;
}
if (rv == 0) {
BIO_printf(bio_err, "Error writing output\n");
ret = 3;
goto end;
}
}
ret = 0;
end:
if (need_rand)
app_RAND_write_file(NULL, bio_err);
app_RAND_write_file(NULL);
if (ret)
ERR_print_errors(bio_err);
sk_X509_pop_free(encerts, X509_free);
@ -768,7 +703,7 @@ static int smime_cb(int ok, X509_STORE_CTX *ctx)
&& ((error != X509_V_OK) || (ok != 2)))
return ok;
policies_print(NULL, ctx);
policies_print(bio_err, ctx);
return ok;

1261
apps/speed.c
View File

File diff suppressed because it is too large Load Diff

233
apps/spkac.c
View File

@ -1,5 +1,3 @@
/* apps/spkac.c */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 1999. Based on an original idea by Massimiliano Pala (madwolf@openca.org).
@ -70,128 +68,105 @@
#include <openssl/x509.h>
#include <openssl/pem.h>
#undef PROG
#define PROG spkac_main
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_NOOUT, OPT_PUBKEY, OPT_VERIFY, OPT_IN, OPT_OUT,
OPT_ENGINE, OPT_KEY, OPT_CHALLENGE, OPT_PASSIN, OPT_SPKAC,
OPT_SPKSECT
} OPTION_CHOICE;
/*-
* -in arg - input file - default stdin
* -out arg - output file - default stdout
*/
OPTIONS spkac_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"in", OPT_IN, '<', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
{"key", OPT_KEY, '<', "Create SPKAC using private key"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"challenge", OPT_CHALLENGE, 's', "Challenge string"},
{"spkac", OPT_SPKAC, 's', "Alternative SPKAC name"},
{"noout", OPT_NOOUT, '-', "Don't print SPKAC"},
{"pubkey", OPT_PUBKEY, '-', "Output public key"},
{"verify", OPT_VERIFY, '-', "Verify SPKAC signature"},
{"spksect", OPT_SPKSECT, 's'},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{NULL}
};
int MAIN(int, char **);
int MAIN(int argc, char **argv)
int spkac_main(int argc, char **argv)
{
ENGINE *e = NULL;
int i, badops = 0, ret = 1;
BIO *in = NULL, *out = NULL;
int verify = 0, noout = 0, pubkey = 0;
char *infile = NULL, *outfile = NULL, *prog;
char *passargin = NULL, *passin = NULL;
const char *spkac = "SPKAC", *spksect = "default";
char *spkstr = NULL;
char *challenge = NULL, *keyfile = NULL;
CONF *conf = NULL;
NETSCAPE_SPKI *spki = NULL;
ENGINE *e = NULL;
EVP_PKEY *pkey = NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
#endif
NETSCAPE_SPKI *spki = NULL;
char *challenge = NULL, *keyfile = NULL, *engine = NULL;
char *infile = NULL, *outfile = NULL, *passinarg = NULL, *passin = NULL;
char *spkstr = NULL, *prog;
const char *spkac = "SPKAC", *spksect = "default";
int i, ret = 1, verify = 0, noout = 0, pubkey = 0;
OPTION_CHOICE o;
apps_startup();
if (!bio_err)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
goto end;
prog = argv[0];
argc--;
argv++;
while (argc >= 1) {
if (strcmp(*argv, "-in") == 0) {
if (--argc < 1)
goto bad;
infile = *(++argv);
} else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
outfile = *(++argv);
} else if (strcmp(*argv, "-passin") == 0) {
if (--argc < 1)
goto bad;
passargin = *(++argv);
} else if (strcmp(*argv, "-key") == 0) {
if (--argc < 1)
goto bad;
keyfile = *(++argv);
} else if (strcmp(*argv, "-challenge") == 0) {
if (--argc < 1)
goto bad;
challenge = *(++argv);
} else if (strcmp(*argv, "-spkac") == 0) {
if (--argc < 1)
goto bad;
spkac = *(++argv);
} else if (strcmp(*argv, "-spksect") == 0) {
if (--argc < 1)
goto bad;
spksect = *(++argv);
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv, "-engine") == 0) {
if (--argc < 1)
goto bad;
engine = *(++argv);
}
#endif
else if (strcmp(*argv, "-noout") == 0)
prog = opt_init(argc, argv, spkac_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(spkac_options);
ret = 0;
goto end;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_NOOUT:
noout = 1;
else if (strcmp(*argv, "-pubkey") == 0)
break;
case OPT_PUBKEY:
pubkey = 1;
else if (strcmp(*argv, "-verify") == 0)
break;
case OPT_VERIFY:
verify = 1;
else
badops = 1;
argc--;
argv++;
}
break;
case OPT_PASSIN:
passinarg = opt_arg();
break;
case OPT_KEY:
keyfile = opt_arg();
break;
case OPT_CHALLENGE:
challenge = opt_arg();
break;
case OPT_SPKAC:
spkac = opt_arg();
break;
case OPT_SPKSECT:
spksect = opt_arg();
break;
case OPT_ENGINE:
engine = opt_arg();
break;
if (badops) {
bad:
BIO_printf(bio_err, "%s [options]\n", prog);
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, " -in arg input file\n");
BIO_printf(bio_err, " -out arg output file\n");
BIO_printf(bio_err,
" -key arg create SPKAC using private key\n");
BIO_printf(bio_err,
" -passin arg input file pass phrase source\n");
BIO_printf(bio_err, " -challenge arg challenge string\n");
BIO_printf(bio_err, " -spkac arg alternative SPKAC name\n");
BIO_printf(bio_err, " -noout don't print SPKAC\n");
BIO_printf(bio_err, " -pubkey output public key\n");
BIO_printf(bio_err, " -verify verify SPKAC signature\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,
" -engine e use engine e, possibly a hardware device.\n");
#endif
goto end;
}
}
argc = opt_num_rest();
argv = opt_rest();
ERR_load_crypto_strings();
if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
if (!app_passwd(passinarg, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
e = setup_engine(engine, 0);
#endif
if (keyfile) {
pkey = load_key(bio_err,
strcmp(keyfile, "-") ? keyfile : NULL,
pkey = load_key(strcmp(keyfile, "-") ? keyfile : NULL,
FORMAT_PEM, 1, passin, e, "private key");
if (!pkey) {
goto end;
@ -204,39 +179,18 @@ int MAIN(int argc, char **argv)
NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
spkstr = NETSCAPE_SPKI_b64_encode(spki);
if (outfile)
out = BIO_new_file(outfile, "w");
else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
if (!out) {
BIO_printf(bio_err, "Error opening output file\n");
ERR_print_errors(bio_err);
out = bio_open_default(outfile, "w");
if (out == NULL)
goto end;
}
BIO_printf(out, "SPKAC=%s\n", spkstr);
OPENSSL_free(spkstr);
ret = 0;
goto end;
}
if (infile)
in = BIO_new_file(infile, "r");
else
in = BIO_new_fp(stdin, BIO_NOCLOSE);
if (!in) {
BIO_printf(bio_err, "Error opening input file\n");
ERR_print_errors(bio_err);
in = bio_open_default(infile, "r");
if (in == NULL)
goto end;
}
conf = NCONF_new(NULL);
i = NCONF_load_bio(conf, in, NULL);
@ -263,23 +217,9 @@ int MAIN(int argc, char **argv)
goto end;
}
if (outfile)
out = BIO_new_file(outfile, "w");
else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
if (!out) {
BIO_printf(bio_err, "Error opening output file\n");
ERR_print_errors(bio_err);
out = bio_open_default(outfile, "w");
if (out == NULL)
goto end;
}
if (!noout)
NETSCAPE_SPKI_print(out, spki);
@ -307,6 +247,5 @@ int MAIN(int argc, char **argv)
EVP_PKEY_free(pkey);
if (passin)
OPENSSL_free(passin);
apps_shutdown();
OPENSSL_EXIT(ret);
return (ret);
}

460
apps/srp.c
View File

@ -1,4 +1,3 @@
/* apps/srp.c */
/*
* Written by Peter Sylvester (peter.sylvester@edelweb.fr) for the EdelKey
* project and contributed to the OpenSSL project 2004.
@ -71,9 +70,6 @@
# include "apps.h"
# undef PROG
# define PROG srp_main
# define BASE_SECTION "srp"
# define CONFIG_FILE "openssl.cnf"
@ -82,41 +78,12 @@
# define ENV_DATABASE "srpvfile"
# define ENV_DEFAULT_SRP "default_srp"
static char *srp_usage[] = {
"usage: srp [args] [user] \n",
"\n",
" -verbose Talk a lot while doing things\n",
" -config file A config file\n",
" -name arg The particular srp definition to use\n",
" -srpvfile arg The srp verifier file name\n",
" -add add an user and srp verifier\n",
" -modify modify the srp verifier of an existing user\n",
" -delete delete user from verifier file\n",
" -list list user\n",
" -gn arg g and N values to be used for new verifier\n",
" -userinfo arg additional info to be set for user\n",
" -passin arg input file pass phrase source\n",
" -passout arg output file pass phrase source\n",
# ifndef OPENSSL_NO_ENGINE
" -engine e - use engine e, possibly a hardware device.\n",
# endif
NULL
};
# ifdef EFENCE
extern int EF_PROTECT_FREE;
extern int EF_PROTECT_BELOW;
extern int EF_ALIGNMENT;
# endif
static CONF *conf = NULL;
static char *section = NULL;
# define VERBOSE if (verbose)
# define VVERBOSE if (verbose>1)
int MAIN(int, char **);
static int get_index(CA_DB *db, char *id, char type)
{
char **pp;
@ -216,18 +183,17 @@ static char *srp_verify_user(const char *user, const char *srp_verifier,
cb_tmp.password = passin;
if (password_callback(password, 1024, 0, &cb_tmp) > 0) {
VERBOSE BIO_printf(bio,
"Validating\n"
" user=\"%s\"\n"
" srp_verifier=\"%s\"\n"
" srp_usersalt=\"%s\"\n"
" g=\"%s\"\n N=\"%s\"\n",
user, srp_verifier, srp_usersalt, g, N);
if (verbose)
BIO_printf(bio,
"Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
user, srp_verifier, srp_usersalt, g, N);
BIO_printf(bio, "Pass %s\n", password);
OPENSSL_assert(srp_usersalt != NULL);
if (!(gNid = SRP_create_verifier(user, password, &srp_usersalt,
&verifier, N, g))) {
if (!
(gNid =
SRP_create_verifier(user, password, &srp_usersalt, &verifier, N,
g))) {
BIO_printf(bio, "Internal error validating SRP verifier\n");
} else {
if (strcmp(verifier, srp_verifier))
@ -250,56 +216,66 @@ static char *srp_create_user(char *user, char **srp_verifier,
cb_tmp.password = passout;
if (password_callback(password, 1024, 1, &cb_tmp) > 0) {
VERBOSE BIO_printf(bio,
"Creating\n"
" user=\"%s\"\n"
" g=\"%s\"\n" " N=\"%s\"\n", user, g, N);
if (!(gNid = SRP_create_verifier(user, password, &salt,
srp_verifier, N, g))) {
if (verbose)
BIO_printf(bio, "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
user, g, N);
if (!
(gNid =
SRP_create_verifier(user, password, &salt, srp_verifier, N,
g))) {
BIO_printf(bio, "Internal error creating SRP verifier\n");
} else
*srp_usersalt = salt;
VVERBOSE BIO_printf(bio, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n",
gNid, salt, *srp_verifier);
if (verbose > 1)
BIO_printf(bio, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n", gNid,
salt, *srp_verifier);
}
return gNid;
}
int MAIN(int argc, char **argv)
{
int add_user = 0;
int list_user = 0;
int delete_user = 0;
int modify_user = 0;
char *user = NULL;
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_VERBOSE, OPT_CONFIG, OPT_NAME, OPT_SRPVFILE, OPT_ADD,
OPT_DELETE, OPT_MODIFY, OPT_LIST, OPT_GN, OPT_USERINFO,
OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE
} OPTION_CHOICE;
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
char *gN = NULL;
int gNindex = -1;
char **gNrow = NULL;
int maxgN = -1;
char *userinfo = NULL;
int badops = 0;
int ret = 1;
int errors = 0;
int verbose = 0;
int doupdatedb = 0;
char *configfile = NULL;
char *dbfile = NULL;
CA_DB *db = NULL;
char **pp;
int i;
long errorline = -1;
char *randfile = NULL;
OPTIONS srp_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"verbose", OPT_VERBOSE, '-', "Talk a lot while doing things"},
{"config", OPT_CONFIG, '<', "A config file"},
{"name", OPT_NAME, 's', "The particular srp definition to use"},
{"srpvfile", OPT_SRPVFILE, '<', "The srp verifier file name"},
{"add", OPT_ADD, '-', "Add a user and srp verifier"},
{"modify", OPT_MODIFY, '-',
"Modify the srp verifier of an existing user"},
{"delete", OPT_DELETE, '-', "Delete user from verifier file"},
{"list", OPT_LIST, '-', "List users"},
{"gn", OPT_GN, 's', "Set g and N values to be used for new verifier"},
{"userinfo", OPT_USERINFO, 's', "Additional info to be set for user"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
# ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
char *tofree = NULL;
{NULL}
};
int srp_main(int argc, char **argv)
{
CA_DB *db = NULL;
DB_ATTR db_attr;
CONF *conf = NULL;
int gNindex = -1, maxgN = -1, ret = 1, errors = 0, verbose =
0, i, doupdatedb = 0;
int mode = OPT_ERR;
char *user = NULL, *passinarg = NULL, *passoutarg = NULL;
char *passin = NULL, *passout = NULL, *gN = NULL, *userinfo = NULL;
char *randfile = NULL, *engine = NULL, *tofree = NULL, *section = NULL;
char **gNrow = NULL, *configfile = NULL, *dbfile = NULL, **pp, *prog;
long errorline = -1;
OPTION_CHOICE o;
# ifdef EFENCE
EF_PROTECT_FREE = 1;
@ -307,119 +283,89 @@ int MAIN(int argc, char **argv)
EF_ALIGNMENT = 0;
# endif
apps_startup();
conf = NULL;
section = NULL;
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
argc--;
argv++;
while (argc >= 1 && badops == 0) {
if (strcmp(*argv, "-verbose") == 0)
prog = opt_init(argc, argv, srp_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(srp_options);
ret = 0;
goto end;
case OPT_VERBOSE:
verbose++;
else if (strcmp(*argv, "-config") == 0) {
if (--argc < 1)
goto bad;
configfile = *(++argv);
} else if (strcmp(*argv, "-name") == 0) {
if (--argc < 1)
goto bad;
section = *(++argv);
} else if (strcmp(*argv, "-srpvfile") == 0) {
if (--argc < 1)
goto bad;
dbfile = *(++argv);
} else if (strcmp(*argv, "-add") == 0)
add_user = 1;
else if (strcmp(*argv, "-delete") == 0)
delete_user = 1;
else if (strcmp(*argv, "-modify") == 0)
modify_user = 1;
else if (strcmp(*argv, "-list") == 0)
list_user = 1;
else if (strcmp(*argv, "-gn") == 0) {
if (--argc < 1)
goto bad;
gN = *(++argv);
} else if (strcmp(*argv, "-userinfo") == 0) {
if (--argc < 1)
goto bad;
userinfo = *(++argv);
} else if (strcmp(*argv, "-passin") == 0) {
if (--argc < 1)
goto bad;
passargin = *(++argv);
} else if (strcmp(*argv, "-passout") == 0) {
if (--argc < 1)
goto bad;
passargout = *(++argv);
}
# ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv, "-engine") == 0) {
if (--argc < 1)
goto bad;
engine = *(++argv);
}
# endif
else if (**argv == '-') {
bad:
BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1;
break;
} else
case OPT_CONFIG:
configfile = opt_arg();
break;
argc--;
argv++;
case OPT_NAME:
section = opt_arg();
break;
case OPT_SRPVFILE:
dbfile = opt_arg();
break;
case OPT_ADD:
case OPT_DELETE:
case OPT_MODIFY:
case OPT_LIST:
if (mode != OPT_ERR) {
BIO_printf(bio_err,
"%s: Only one of -add/delete-modify/-list\n",
prog);
goto opthelp;
}
mode = o;
break;
case OPT_GN:
gN = opt_arg();
break;
case OPT_USERINFO:
userinfo = opt_arg();
break;
case OPT_PASSIN:
passinarg = opt_arg();
break;
case OPT_PASSOUT:
passoutarg = opt_arg();
break;
case OPT_ENGINE:
engine = opt_arg();
break;
}
}
argc = opt_num_rest();
argv = opt_rest();
if (dbfile && configfile) {
BIO_printf(bio_err,
"-dbfile and -configfile cannot be specified together.\n");
badops = 1;
goto end;
}
if (add_user + delete_user + modify_user + list_user != 1) {
BIO_printf(bio_err, "Exactly one of the options "
"-add, -delete, -modify -list must be specified.\n");
badops = 1;
if (mode == OPT_ERR) {
BIO_printf(bio_err,
"Exactly one of the options -add, -delete, -modify -list must be specified.\n");
goto opthelp;
}
if (delete_user + modify_user + delete_user == 1 && argc <= 0) {
BIO_printf(bio_err, "Need at least one user for options "
"-add, -delete, -modify. \n");
badops = 1;
if ((mode == OPT_DELETE || mode == OPT_MODIFY || OPT_ADD) && argc < 1) {
BIO_printf(bio_err,
"Need at least one user for options -add, -delete, -modify. \n");
goto opthelp;
}
if ((passin || passout) && argc != 1) {
BIO_printf(bio_err,
"-passin, -passout arguments only valid with one user.\n");
badops = 1;
goto opthelp;
}
if (badops) {
for (pp = srp_usage; (*pp != NULL); pp++)
BIO_printf(bio_err, "%s", *pp);
BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
LIST_SEPARATOR_CHAR);
BIO_printf(bio_err,
" load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n");
goto err;
}
ERR_load_crypto_strings();
# ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
setup_engine(engine, 0);
# endif
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto err;
goto end;
}
if (!dbfile) {
@ -439,7 +385,7 @@ int MAIN(int argc, char **argv)
tofree = OPENSSL_malloc(len);
if (!tofree) {
BIO_printf(bio_err, "Out of memory\n");
goto err;
goto end;
}
strcpy(tofree, s);
# else
@ -447,7 +393,7 @@ int MAIN(int argc, char **argv)
tofree = OPENSSL_malloc(len);
if (!tofree) {
BIO_printf(bio_err, "Out of memory\n");
goto err;
goto end;
}
BUF_strlcpy(tofree, s, len);
BUF_strlcat(tofree, "/", len);
@ -456,8 +402,8 @@ int MAIN(int argc, char **argv)
configfile = tofree;
}
VERBOSE BIO_printf(bio_err, "Using configuration from %s\n",
configfile);
if (verbose)
BIO_printf(bio_err, "Using configuration from %s\n", configfile);
conf = NCONF_new(NULL);
if (NCONF_load(conf, configfile, &errorline) <= 0) {
if (errorline <= 0)
@ -466,53 +412,53 @@ int MAIN(int argc, char **argv)
else
BIO_printf(bio_err, "error on line %ld of config file '%s'\n",
errorline, configfile);
goto err;
goto end;
}
if (tofree) {
OPENSSL_free(tofree);
tofree = NULL;
}
if (!load_config(bio_err, conf))
goto err;
/* Lets get the config section we are using */
if (section == NULL) {
VERBOSE BIO_printf(bio_err,
"trying to read " ENV_DEFAULT_SRP
" in \" BASE_SECTION \"\n");
if (verbose)
BIO_printf(bio_err,
"trying to read " ENV_DEFAULT_SRP
" in \" BASE_SECTION \"\n");
section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_SRP);
if (section == NULL) {
lookup_fail(BASE_SECTION, ENV_DEFAULT_SRP);
goto err;
goto end;
}
}
if (randfile == NULL && conf)
randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
VERBOSE BIO_printf(bio_err,
"trying to read " ENV_DATABASE
" in section \"%s\"\n", section);
if (verbose)
BIO_printf(bio_err,
"trying to read " ENV_DATABASE " in section \"%s\"\n",
section);
if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) {
lookup_fail(section, ENV_DATABASE);
goto err;
goto end;
}
}
if (randfile == NULL)
ERR_clear_error();
else
app_RAND_load_file(randfile, bio_err, 0);
app_RAND_load_file(randfile, 0);
VERBOSE BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n",
dbfile);
if (verbose)
BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n",
dbfile);
db = load_index(dbfile, &db_attr);
if (db == NULL)
goto err;
goto end;
/* Lets check some fields */
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
@ -527,46 +473,50 @@ int MAIN(int argc, char **argv)
}
}
VERBOSE BIO_printf(bio_err, "Database initialised\n");
if (verbose)
BIO_printf(bio_err, "Database initialised\n");
if (gNindex >= 0) {
gNrow = sk_OPENSSL_PSTRING_value(db->db->data, gNindex);
print_entry(db, bio_err, gNindex, verbose > 1, "Default g and N");
} else if (maxgN > 0 && !SRP_get_default_gN(gN)) {
BIO_printf(bio_err, "No g and N value for index \"%s\"\n", gN);
goto err;
goto end;
} else {
VERBOSE BIO_printf(bio_err, "Database has no g N information.\n");
if (verbose)
BIO_printf(bio_err, "Database has no g N information.\n");
gNrow = NULL;
}
VVERBOSE BIO_printf(bio_err, "Starting user processing\n");
if (verbose > 1)
BIO_printf(bio_err, "Starting user processing\n");
if (argc > 0)
user = *(argv++);
while (list_user || user) {
while (mode == OPT_LIST || user) {
int userindex = -1;
if (user)
VVERBOSE BIO_printf(bio_err, "Processing user \"%s\"\n", user);
if (verbose > 1)
BIO_printf(bio_err, "Processing user \"%s\"\n", user);
if ((userindex = get_index(db, user, 'U')) >= 0) {
print_user(db, bio_err, userindex, (verbose > 0) || list_user);
print_user(db, bio_err, userindex, (verbose > 0)
|| mode == OPT_LIST);
}
if (list_user) {
if (mode == OPT_LIST) {
if (user == NULL) {
BIO_printf(bio_err, "List all users\n");
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
print_user(db, bio_err, i, 1);
}
list_user = 0;
} else if (userindex < 0) {
BIO_printf(bio_err,
"user \"%s\" does not exist, ignored. t\n", user);
errors++;
}
} else if (add_user) {
} else if (mode == OPT_ADD) {
if (userindex >= 0) {
/* reactivation of a new user */
char **row =
@ -581,26 +531,31 @@ int MAIN(int argc, char **argv)
row[DB_srpverifier] = NULL;
row[DB_srpsalt] = NULL;
row[DB_srpinfo] = NULL;
if (!(gNid = srp_create_user(user, &(row[DB_srpverifier]),
&(row[DB_srpsalt]),
gNrow ? gNrow[DB_srpsalt] : gN,
gNrow ? gNrow[DB_srpverifier] :
NULL, passout, bio_err,
verbose))) {
if (!
(gNid =
srp_create_user(user, &(row[DB_srpverifier]),
&(row[DB_srpsalt]),
gNrow ? gNrow[DB_srpsalt] : gN,
gNrow ? gNrow[DB_srpverifier] : NULL,
passout, bio_err, verbose))) {
BIO_printf(bio_err,
"Cannot create srp verifier for user \"%s\","
" operation abandoned .\n", user);
"Cannot create srp verifier for user \"%s\", operation abandoned .\n",
user);
errors++;
goto err;
goto end;
}
row[DB_srpid] = BUF_strdup(user);
row[DB_srptype] = BUF_strdup("v");
row[DB_srpgN] = BUF_strdup(gNid);
if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype]
|| !row[DB_srpverifier] || !row[DB_srpsalt]
|| (userinfo
&& (!(row[DB_srpinfo] = BUF_strdup(userinfo))))
|| !row[DB_srpverifier] || !row[DB_srpsalt] || (userinfo
&&
(!(row
[DB_srpinfo]
=
BUF_strdup
(userinfo))))
|| !update_index(db, bio_err, row)) {
if (row[DB_srpid])
OPENSSL_free(row[DB_srpid]);
@ -614,11 +569,11 @@ int MAIN(int argc, char **argv)
OPENSSL_free(row[DB_srpverifier]);
if (row[DB_srpsalt])
OPENSSL_free(row[DB_srpsalt]);
goto err;
goto end;
}
doupdatedb = 1;
}
} else if (modify_user) {
} else if (mode == OPT_MODIFY) {
if (userindex < 0) {
BIO_printf(bio_err,
"user \"%s\" does not exist, operation ignored.\n",
@ -640,9 +595,10 @@ int MAIN(int argc, char **argv)
if (row[DB_srptype][0] == 'V') {
int user_gN;
char **irow = NULL;
VERBOSE BIO_printf(bio_err,
"Verifying password for user \"%s\"\n",
user);
if (verbose)
BIO_printf(bio_err,
"Verifying password for user \"%s\"\n",
user);
if ((user_gN =
get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0)
irow =
@ -658,25 +614,25 @@ int MAIN(int argc, char **argv)
"Invalid password for user \"%s\", operation abandoned.\n",
user);
errors++;
goto err;
goto end;
}
}
VERBOSE BIO_printf(bio_err,
"Password for user \"%s\" ok.\n",
user);
if (verbose)
BIO_printf(bio_err, "Password for user \"%s\" ok.\n",
user);
if (!(gNid = srp_create_user(user, &(row[DB_srpverifier]),
&(row[DB_srpsalt]),
gNrow ? gNrow[DB_srpsalt] :
NULL,
gNrow ? gNrow[DB_srpverifier]
: NULL, passout, bio_err,
verbose))) {
if (!
(gNid =
srp_create_user(user, &(row[DB_srpverifier]),
&(row[DB_srpsalt]),
gNrow ? gNrow[DB_srpsalt] : NULL,
gNrow ? gNrow[DB_srpverifier] : NULL,
passout, bio_err, verbose))) {
BIO_printf(bio_err,
"Cannot create srp verifier for user \"%s\","
" operation abandoned.\n", user);
"Cannot create srp verifier for user \"%s\", operation abandoned.\n",
user);
errors++;
goto err;
goto end;
}
row[DB_srptype][0] = 'v';
@ -686,12 +642,12 @@ int MAIN(int argc, char **argv)
|| !row[DB_srpverifier] || !row[DB_srpsalt]
|| (userinfo
&& (!(row[DB_srpinfo] = BUF_strdup(userinfo)))))
goto err;
goto end;
doupdatedb = 1;
}
}
} else if (delete_user) {
} else if (mode == OPT_DELETE) {
if (userindex < 0) {
BIO_printf(bio_err,
"user \"%s\" does not exist, operation ignored. t\n",
@ -711,11 +667,11 @@ int MAIN(int argc, char **argv)
user = *(argv++);
else {
user = NULL;
list_user = 0;
}
}
VERBOSE BIO_printf(bio_err, "User procession done.\n");
if (verbose)
BIO_printf(bio_err, "User procession done.\n");
if (doupdatedb) {
/* Lets check some fields */
@ -728,37 +684,41 @@ int MAIN(int argc, char **argv)
}
}
VERBOSE BIO_printf(bio_err, "Trying to update srpvfile.\n");
if (verbose)
BIO_printf(bio_err, "Trying to update srpvfile.\n");
if (!save_index(dbfile, "new", db))
goto err;
goto end;
VERBOSE BIO_printf(bio_err, "Temporary srpvfile created.\n");
if (verbose)
BIO_printf(bio_err, "Temporary srpvfile created.\n");
if (!rotate_index(dbfile, "new", "old"))
goto err;
goto end;
VERBOSE BIO_printf(bio_err, "srpvfile updated.\n");
if (verbose)
BIO_printf(bio_err, "srpvfile updated.\n");
}
ret = (errors != 0);
err:
end:
if (errors != 0)
VERBOSE BIO_printf(bio_err, "User errors %d.\n", errors);
if (verbose)
BIO_printf(bio_err, "User errors %d.\n", errors);
VERBOSE BIO_printf(bio_err, "SRP terminating with code %d.\n", ret);
if (verbose)
BIO_printf(bio_err, "SRP terminating with code %d.\n", ret);
if (tofree)
OPENSSL_free(tofree);
if (ret)
ERR_print_errors(bio_err);
if (randfile)
app_RAND_write_file(randfile, bio_err);
app_RAND_write_file(randfile);
if (conf)
NCONF_free(conf);
if (db)
free_index(db);
OBJ_cleanup();
apps_shutdown();
OPENSSL_EXIT(ret);
return (ret);
}
#endif

53
apps/testdsa.h
View File

@ -1,8 +1,57 @@
/* NOCW */
/* used by apps/speed.c */
/* ====================================================================
* Copyright (c) 199-2015 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
/* used by speed.c */
DSA *get_dsa512(void);
DSA *get_dsa1024(void);
DSA *get_dsa2048(void);
static unsigned char dsa512_priv[] = {
0x65, 0xe5, 0xc7, 0x38, 0x60, 0x24, 0xb5, 0x89, 0xd4, 0x9c, 0xeb, 0x4c,
0x9c, 0x1d, 0x7a, 0x22, 0xbd, 0xd1, 0xc2, 0xd2,

442
apps/ts.c
View File

@ -1,4 +1,3 @@
/* apps/ts.c */
/*
* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL project
* 2002.
@ -68,9 +67,6 @@
#include <openssl/ts.h>
#include <openssl/bn.h>
#undef PROG
#define PROG ts_main
/* Length of the nonce of the request in bits (must be a multiple of 8). */
#define NONCE_LENGTH 64
@ -86,8 +82,6 @@ static CONF *load_config_file(const char *configfile);
static int query_command(const char *data, char *digest,
const EVP_MD *md, const char *policy, int no_nonce,
int cert, const char *in, const char *out, int text);
static BIO *BIO_open_with_default(const char *file, const char *mode,
FILE *default_fp);
static TS_REQ *create_query(BIO *data_bio, char *digest, const EVP_MD *md,
const char *policy, int no_nonce, int cert);
static int create_digest(BIO *input, char *digest,
@ -102,8 +96,8 @@ static int reply_command(CONF *conf, char *section, char *engine,
int text);
static TS_RESP *read_PKCS7(BIO *in_bio);
static TS_RESP *create_response(CONF *conf, const char *section, char *engine,
char *queryfile, char *passin, char *inkey,
char *signer, char *chain,
char *queryfile, char *passin,
char *inkey, char *signer, char *chain,
const char *policy);
static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data);
static ASN1_INTEGER *next_serial(const char *serialfile);
@ -112,163 +106,201 @@ static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial);
/* Verify related functions. */
static int verify_command(char *data, char *digest, char *queryfile,
char *in, int token_in,
char *ca_path, char *ca_file, char *untrusted);
char *CApath, char *CAfile, char *untrusted);
static TS_VERIFY_CTX *create_verify_ctx(char *data, char *digest,
char *queryfile,
char *ca_path, char *ca_file,
char *CApath, char *CAfile,
char *untrusted);
static X509_STORE *create_cert_store(char *ca_path, char *ca_file);
static X509_STORE *create_cert_store(char *CApath, char *CAfile);
static int verify_cb(int ok, X509_STORE_CTX *ctx);
/* Main function definition. */
int MAIN(int, char **);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_ENGINE, OPT_CONFIG, OPT_SECTION, OPT_QUERY, OPT_DATA,
OPT_DIGEST, OPT_RAND, OPT_POLICY, OPT_NO_NONCE, OPT_CERT,
OPT_IN, OPT_TOKEN_IN, OPT_OUT, OPT_TOKEN_OUT, OPT_TEXT,
OPT_REPLY, OPT_QUERYFILE, OPT_PASSIN, OPT_INKEY, OPT_SIGNER,
OPT_CHAIN, OPT_VERIFY, OPT_CAPATH, OPT_CAFILE, OPT_UNTRUSTED,
OPT_MD
} OPTION_CHOICE;
int MAIN(int argc, char **argv)
OPTIONS ts_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"config", OPT_CONFIG, '<', "Configuration file"},
{"section", OPT_SECTION, 's', "Section to use within config file"},
{"query", OPT_QUERY, '-', "Generate a TS query"},
{"data", OPT_DATA, '<', "File to hash"},
{"digest", OPT_DIGEST, 's', "Digest (as a hex string)"},
{"rand", OPT_RAND, 's',
"Load the file(s) into the random number generator"},
{"policy", OPT_POLICY, 's', "Policy OID to use"},
{"no_nonce", OPT_NO_NONCE, '-', "Do not include a nonce"},
{"cert", OPT_CERT, '-', "Put cert request into query"},
{"in", OPT_IN, '<', "Input file"},
{"token_in", OPT_TOKEN_IN, '-', "Input is a PKCS#7 file"},
{"out", OPT_OUT, '>', "Output file"},
{"token_out", OPT_TOKEN_OUT, '-', "Output is a PKCS#7 file"},
{"text", OPT_TEXT, '-', "Output text (not DER)"},
{"reply", OPT_REPLY, '-', "Generate a TS reply"},
{"queryfile", OPT_QUERYFILE, '<', "File containing a TS query"},
{"passin", OPT_PASSIN, 's'},
{"inkey", OPT_INKEY, '<', "File with private key for reply"},
{"signer", OPT_SIGNER, 's'},
{"chain", OPT_CHAIN, '<', "File with signer CA chain"},
{"verify", OPT_VERIFY, '-', "Verify a TS response"},
{"CApath", OPT_CAPATH, '/', "Path to trusted CA files"},
{"CAfile", OPT_CAFILE, '<', "File with trusted CA certs"},
{"untrusted", OPT_UNTRUSTED, '<', "File with untrusted certs"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{"", OPT_MD, '-', "Any supported digest"},
{NULL}
};
/*
* This comand is so complex, special help is needed.
*/
static char* opt_helplist[] = {
"Typical uses:",
"ts -query [-rand file...] [-config file] [-data file]",
" [-digest hexstring] [-policy oid] [-no_nonce] [-cert]",
" [-in file] [-out file] [-text]",
" or",
"ts -reply [-config file] [-section tsa_section]",
" [-queryfile file] [-passin password]",
" [-signer tsa_cert.pem] [-inkey private_key.pem]",
" [-chain certs_file.pem] [-policy oid]",
" [-in file] [-token_in] [-out file] [-token_out]",
#ifndef OPENSSL_NO_ENGINE
" [-text]",
#else
" [-text] [-engine id]",
#endif
" or",
"ts -verify -CApath dir -CAfile file.pem -untrusted file.pem",
" [-data file] [-digest hexstring]",
" [-queryfile file] -in file [-token_in]",
NULL,
};
int ts_main(int argc, char **argv)
{
int ret = 1;
char *configfile = NULL;
char *section = NULL;
CONF *conf = NULL;
enum mode {
CMD_NONE, CMD_QUERY, CMD_REPLY, CMD_VERIFY
} mode = CMD_NONE;
char *data = NULL;
char *digest = NULL;
char *CAfile = NULL, *untrusted = NULL, *engine = NULL, *prog, **helpp;
char *configfile = NULL, *section = NULL, *password = NULL;
char *data = NULL, *digest = NULL, *rnd = NULL, *policy = NULL;
char *in = NULL, *out = NULL, *queryfile = NULL, *passin = NULL;
char *inkey = NULL, *signer = NULL, *chain = NULL, *CApath = NULL;
const EVP_MD *md = NULL;
char *rnd = NULL;
char *policy = NULL;
int no_nonce = 0;
int cert = 0;
char *in = NULL;
char *out = NULL;
int text = 0;
char *queryfile = NULL;
char *passin = NULL; /* Password source. */
char *password = NULL; /* Password itself. */
char *inkey = NULL;
char *signer = NULL;
char *chain = NULL;
char *ca_path = NULL;
char *ca_file = NULL;
char *untrusted = NULL;
char *engine = NULL;
OPTION_CHOICE o, mode = OPT_ERR;
int ret = 1, no_nonce = 0, cert = 0, text = 0;
/* Input is ContentInfo instead of TimeStampResp. */
int token_in = 0;
/* Output is ContentInfo instead of TimeStampResp. */
int token_out = 0;
int free_bio_err = 0;
ERR_load_crypto_strings();
apps_startup();
if (bio_err == NULL && (bio_err = BIO_new(BIO_s_file())) != NULL) {
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
free_bio_err = 1;
}
if (!load_config(bio_err, NULL))
goto cleanup;
for (argc--, argv++; argc > 0; argc--, argv++) {
if (strcmp(*argv, "-config") == 0) {
if (argc-- < 1)
goto usage;
configfile = *++argv;
} else if (strcmp(*argv, "-section") == 0) {
if (argc-- < 1)
goto usage;
section = *++argv;
} else if (strcmp(*argv, "-query") == 0) {
if (mode != CMD_NONE)
goto usage;
mode = CMD_QUERY;
} else if (strcmp(*argv, "-data") == 0) {
if (argc-- < 1)
goto usage;
data = *++argv;
} else if (strcmp(*argv, "-digest") == 0) {
if (argc-- < 1)
goto usage;
digest = *++argv;
} else if (strcmp(*argv, "-rand") == 0) {
if (argc-- < 1)
goto usage;
rnd = *++argv;
} else if (strcmp(*argv, "-policy") == 0) {
if (argc-- < 1)
goto usage;
policy = *++argv;
} else if (strcmp(*argv, "-no_nonce") == 0) {
prog = opt_init(argc, argv, ts_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(ts_options);
for (helpp = opt_helplist; *helpp; ++helpp)
BIO_printf(bio_err, "%s\n", *helpp);
ret = 0;
goto end;
case OPT_CONFIG:
configfile = opt_arg();
break;
case OPT_SECTION:
section = opt_arg();
break;
case OPT_QUERY:
case OPT_REPLY:
case OPT_VERIFY:
if (mode != OPT_ERR)
goto opthelp;
mode = o;
break;
case OPT_DATA:
data = opt_arg();
break;
case OPT_DIGEST:
digest = opt_arg();
break;
case OPT_RAND:
rnd = opt_arg();
break;
case OPT_POLICY:
policy = opt_arg();
break;
case OPT_NO_NONCE:
no_nonce = 1;
} else if (strcmp(*argv, "-cert") == 0) {
break;
case OPT_CERT:
cert = 1;
} else if (strcmp(*argv, "-in") == 0) {
if (argc-- < 1)
goto usage;
in = *++argv;
} else if (strcmp(*argv, "-token_in") == 0) {
break;
case OPT_IN:
in = opt_arg();
break;
case OPT_TOKEN_IN:
token_in = 1;
} else if (strcmp(*argv, "-out") == 0) {
if (argc-- < 1)
goto usage;
out = *++argv;
} else if (strcmp(*argv, "-token_out") == 0) {
break;
case OPT_OUT:
out = opt_arg();
break;
case OPT_TOKEN_OUT:
token_out = 1;
} else if (strcmp(*argv, "-text") == 0) {
break;
case OPT_TEXT:
text = 1;
} else if (strcmp(*argv, "-reply") == 0) {
if (mode != CMD_NONE)
goto usage;
mode = CMD_REPLY;
} else if (strcmp(*argv, "-queryfile") == 0) {
if (argc-- < 1)
goto usage;
queryfile = *++argv;
} else if (strcmp(*argv, "-passin") == 0) {
if (argc-- < 1)
goto usage;
passin = *++argv;
} else if (strcmp(*argv, "-inkey") == 0) {
if (argc-- < 1)
goto usage;
inkey = *++argv;
} else if (strcmp(*argv, "-signer") == 0) {
if (argc-- < 1)
goto usage;
signer = *++argv;
} else if (strcmp(*argv, "-chain") == 0) {
if (argc-- < 1)
goto usage;
chain = *++argv;
} else if (strcmp(*argv, "-verify") == 0) {
if (mode != CMD_NONE)
goto usage;
mode = CMD_VERIFY;
} else if (strcmp(*argv, "-CApath") == 0) {
if (argc-- < 1)
goto usage;
ca_path = *++argv;
} else if (strcmp(*argv, "-CAfile") == 0) {
if (argc-- < 1)
goto usage;
ca_file = *++argv;
} else if (strcmp(*argv, "-untrusted") == 0) {
if (argc-- < 1)
goto usage;
untrusted = *++argv;
} else if (strcmp(*argv, "-engine") == 0) {
if (argc-- < 1)
goto usage;
engine = *++argv;
} else if ((md = EVP_get_digestbyname(*argv + 1)) != NULL) {
/* empty. */
} else
goto usage;
break;
case OPT_QUERYFILE:
queryfile = opt_arg();
break;
case OPT_PASSIN:
passin = opt_arg();
break;
case OPT_INKEY:
inkey = opt_arg();
break;
case OPT_SIGNER:
signer = opt_arg();
break;
case OPT_CHAIN:
chain = opt_arg();
break;
case OPT_CAPATH:
CApath = opt_arg();
break;
case OPT_CAFILE:
CAfile = opt_arg();
break;
case OPT_UNTRUSTED:
untrusted = opt_arg();
break;
case OPT_ENGINE:
engine = opt_arg();
break;
case OPT_MD:
if (!opt_md(opt_unknown(), &md))
goto opthelp;
break;
}
}
argc = opt_num_rest();
argv = opt_rest();
if (mode == OPT_ERR || argc != 0)
goto opthelp;
/* Seed the random number generator if it is going to be used. */
if (mode == CMD_QUERY && !no_nonce) {
if (!app_RAND_load_file(NULL, bio_err, 1) && rnd == NULL)
if (mode == OPT_QUERY && !no_nonce) {
if (!app_RAND_load_file(NULL, 1) && rnd == NULL)
BIO_printf(bio_err, "warning, not much extra random "
"data, consider using the -rand option\n");
if (rnd != NULL)
@ -277,95 +309,68 @@ int MAIN(int argc, char **argv)
}
/* Get the password if required. */
if (mode == CMD_REPLY && passin &&
!app_passwd(bio_err, passin, NULL, &password, NULL)) {
if (mode == OPT_REPLY && passin &&
!app_passwd(passin, NULL, &password, NULL)) {
BIO_printf(bio_err, "Error getting password.\n");
goto cleanup;
goto end;
}
/*
* Check consistency of parameters and execute the appropriate function.
*/
switch (mode) {
case CMD_NONE:
goto usage;
case CMD_QUERY:
default:
case OPT_ERR:
goto opthelp;
case OPT_QUERY:
/*
* Data file and message imprint cannot be specified at the same
* time.
*/
ret = data != NULL && digest != NULL;
if (ret)
goto usage;
goto opthelp;
/* Load the config file for possible policy OIDs. */
conf = load_config_file(configfile);
ret = !query_command(data, digest, md, policy, no_nonce, cert,
in, out, text);
break;
case CMD_REPLY:
case OPT_REPLY:
conf = load_config_file(configfile);
if (in == NULL) {
ret = !(queryfile != NULL && conf != NULL && !token_in);
if (ret)
goto usage;
goto opthelp;
} else {
/* 'in' and 'queryfile' are exclusive. */
ret = !(queryfile == NULL);
if (ret)
goto usage;
goto opthelp;
}
ret = !reply_command(conf, section, engine, queryfile,
password, inkey, signer, chain, policy,
in, token_in, out, token_out, text);
break;
case CMD_VERIFY:
case OPT_VERIFY:
ret = !(((queryfile && !data && !digest)
|| (!queryfile && data && !digest)
|| (!queryfile && !data && digest))
&& in != NULL);
if (ret)
goto usage;
goto opthelp;
ret = !verify_command(data, digest, queryfile, in, token_in,
ca_path, ca_file, untrusted);
CApath, CAfile, untrusted);
}
goto cleanup;
usage:
BIO_printf(bio_err, "usage:\n"
"ts -query [-rand file%cfile%c...] [-config configfile] "
"[-data file_to_hash] [-digest digest_bytes]"
"[-md2|-md4|-md5|-sha|-sha1|-mdc2|-ripemd160] "
"[-policy object_id] [-no_nonce] [-cert] "
"[-in request.tsq] [-out request.tsq] [-text]\n",
LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, "or\n"
"ts -reply [-config configfile] [-section tsa_section] "
"[-queryfile request.tsq] [-passin password] "
"[-signer tsa_cert.pem] [-inkey private_key.pem] "
"[-chain certs_file.pem] [-policy object_id] "
"[-in response.tsr] [-token_in] "
"[-out response.tsr] [-token_out] [-text] [-engine id]\n");
BIO_printf(bio_err, "or\n"
"ts -verify [-data file_to_hash] [-digest digest_bytes] "
"[-queryfile request.tsq] "
"-in response.tsr [-token_in] "
"-CApath ca_path -CAfile ca_file.pem "
"-untrusted cert_file.pem\n");
cleanup:
end:
/* Clean up. */
app_RAND_write_file(NULL, bio_err);
app_RAND_write_file(NULL);
NCONF_free(conf);
OPENSSL_free(password);
OBJ_cleanup();
if (free_bio_err) {
BIO_free_all(bio_err);
bio_err = NULL;
}
OPENSSL_EXIT(ret);
return (ret);
}
/*
@ -418,7 +423,7 @@ static CONF *load_config_file(const char *configfile)
}
} else
ERR_clear_error();
if (!add_oid_section(bio_err, conf))
if (!add_oid_section(conf))
ERR_print_errors(bio_err);
}
return conf;
@ -427,7 +432,6 @@ static CONF *load_config_file(const char *configfile)
/*
* Query-related method definitions.
*/
static int query_command(const char *data, char *digest, const EVP_MD *md,
const char *policy, int no_nonce,
int cert, const char *in, const char *out, int text)
@ -444,20 +448,16 @@ static int query_command(const char *data, char *digest, const EVP_MD *md,
goto end;
query = d2i_TS_REQ_bio(in_bio, NULL);
} else {
/*
* Open the file if no explicit digest bytes were specified.
*/
if (!digest && !(data_bio = BIO_open_with_default(data, "rb", stdin)))
/* Open the file if no explicit digest bytes were specified. */
if (!digest && !(data_bio = bio_open_default(data, "rb")))
goto end;
/* Creating the query object. */
query = create_query(data_bio, digest, md, policy, no_nonce, cert);
/* Saving the random number generator state. */
}
if (query == NULL)
goto end;
/* Write query either in ASN.1 or in text format. */
if ((out_bio = BIO_open_with_default(out, "wb", stdout)) == NULL)
if ((out_bio = bio_open_default(out, "wb")) == NULL)
goto end;
if (text) {
/* Text output. */
@ -483,13 +483,6 @@ static int query_command(const char *data, char *digest, const EVP_MD *md,
return ret;
}
static BIO *BIO_open_with_default(const char *file, const char *mode,
FILE *default_fp)
{
return file == NULL ? BIO_new_fp(default_fp, BIO_NOCLOSE)
: BIO_new_file(file, mode);
}
static TS_REQ *create_query(BIO *data_bio, char *digest, const EVP_MD *md,
const char *policy, int no_nonce, int cert)
{
@ -686,7 +679,7 @@ static int reply_command(CONF *conf, char *section, char *engine,
goto end;
/* Write response either in ASN.1 or text format. */
if ((out_bio = BIO_open_with_default(out, "wb", stdout)) == NULL)
if ((out_bio = bio_open_default(out, "wb")) == NULL)
goto end;
if (text) {
/* Text output. */
@ -771,8 +764,9 @@ static TS_RESP *read_PKCS7(BIO *in_bio)
}
static TS_RESP *create_response(CONF *conf, const char *section, char *engine,
char *queryfile, char *passin, char *inkey,
char *signer, char *chain, const char *policy)
char *queryfile, char *passin,
char *inkey, char *signer, char *chain,
const char *policy)
{
int ret = 0;
TS_RESP *response = NULL;
@ -944,7 +938,7 @@ static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial)
static int verify_command(char *data, char *digest, char *queryfile,
char *in, int token_in,
char *ca_path, char *ca_file, char *untrusted)
char *CApath, char *CAfile, char *untrusted)
{
BIO *in_bio = NULL;
PKCS7 *token = NULL;
@ -964,7 +958,7 @@ static int verify_command(char *data, char *digest, char *queryfile,
}
if (!(verify_ctx = create_verify_ctx(data, digest, queryfile,
ca_path, ca_file, untrusted)))
CApath, CAfile, untrusted)))
goto end;
/* Checking the token or response against the request. */
@ -992,7 +986,7 @@ static int verify_command(char *data, char *digest, char *queryfile,
static TS_VERIFY_CTX *create_verify_ctx(char *data, char *digest,
char *queryfile,
char *ca_path, char *ca_file,
char *CApath, char *CAfile,
char *untrusted)
{
TS_VERIFY_CTX *ctx = NULL;
@ -1036,7 +1030,7 @@ static TS_VERIFY_CTX *create_verify_ctx(char *data, char *digest,
ctx->flags |= TS_VFY_SIGNATURE;
/* Initialising the X509_STORE object. */
if (!(ctx->store = create_cert_store(ca_path, ca_file)))
if (!(ctx->store = create_cert_store(CApath, CAfile)))
goto err;
/* Loading untrusted certificates. */
@ -1054,7 +1048,7 @@ static TS_VERIFY_CTX *create_verify_ctx(char *data, char *digest,
return ctx;
}
static X509_STORE *create_cert_store(char *ca_path, char *ca_file)
static X509_STORE *create_cert_store(char *CApath, char *CAfile)
{
X509_STORE *cert_ctx = NULL;
X509_LOOKUP *lookup = NULL;
@ -1067,29 +1061,29 @@ static X509_STORE *create_cert_store(char *ca_path, char *ca_file)
X509_STORE_set_verify_cb(cert_ctx, verify_cb);
/* Adding a trusted certificate directory source. */
if (ca_path) {
if (CApath) {
lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir());
if (lookup == NULL) {
BIO_printf(bio_err, "memory allocation failure\n");
goto err;
}
i = X509_LOOKUP_add_dir(lookup, ca_path, X509_FILETYPE_PEM);
i = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM);
if (!i) {
BIO_printf(bio_err, "Error loading directory %s\n", ca_path);
BIO_printf(bio_err, "Error loading directory %s\n", CApath);
goto err;
}
}
/* Adding a trusted certificate file source. */
if (ca_file) {
if (CAfile) {
lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
if (lookup == NULL) {
BIO_printf(bio_err, "memory allocation failure\n");
goto err;
}
i = X509_LOOKUP_load_file(lookup, ca_file, X509_FILETYPE_PEM);
i = X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM);
if (!i) {
BIO_printf(bio_err, "Error loading file %s\n", ca_file);
BIO_printf(bio_err, "Error loading file %s\n", CAfile);
goto err;
}
}
@ -1102,19 +1096,5 @@ static X509_STORE *create_cert_store(char *ca_path, char *ca_file)
static int verify_cb(int ok, X509_STORE_CTX *ctx)
{
/*-
char buf[256];
if (!ok)
{
X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),
buf, sizeof(buf));
printf("%s\n", buf);
printf("error %d at %d depth lookup: %s\n",
ctx->error, ctx->error_depth,
X509_verify_cert_error_string(ctx->error));
}
*/
return ok;
}

263
apps/verify.c
View File

@ -1,4 +1,3 @@
/* apps/verify.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -66,209 +65,173 @@
#include <openssl/x509v3.h>
#include <openssl/pem.h>
#undef PROG
#define PROG verify_main
static int cb(int ok, X509_STORE_CTX *ctx);
static int check(X509_STORE *ctx, char *file,
STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
STACK_OF(X509_CRL) *crls, ENGINE *e, int show_chain);
static int v_verbose = 0, vflags = 0;
int MAIN(int, char **);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_ENGINE, OPT_CAPATH, OPT_CAFILE, OPT_UNTRUSTED, OPT_TRUSTED,
OPT_CRLFILE, OPT_CRL_DOWNLOAD, OPT_SHOW_CHAIN,
OPT_V_ENUM,
OPT_VERBOSE
} OPTION_CHOICE;
int MAIN(int argc, char **argv)
OPTIONS verify_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [options] cert.pem...\n"},
{OPT_HELP_STR, 1, '-', "Valid options are:\n"},
{"help", OPT_HELP, '-', "Display this summary"},
{"verbose", OPT_VERBOSE, '-'},
{"CApath", OPT_CAPATH, '/'},
{"CAfile", OPT_CAFILE, '<'},
{"untrusted", OPT_UNTRUSTED, '<'},
{"trusted", OPT_TRUSTED, '<'},
{"CRLfile", OPT_CRLFILE, '<'},
{"crl_download", OPT_CRL_DOWNLOAD, '-'},
{"show_chain", OPT_SHOW_CHAIN, '-'},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
OPT_V_OPTIONS,
{NULL}
};
int verify_main(int argc, char **argv)
{
ENGINE *e = NULL;
int i, ret = 1, badarg = 0;
char *CApath = NULL, *CAfile = NULL;
char *untfile = NULL, *trustfile = NULL, *crlfile = NULL;
STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
STACK_OF(X509_CRL) *crls = NULL;
X509_STORE *cert_ctx = NULL;
X509_LOOKUP *lookup = NULL;
X509_STORE *store = NULL;
X509_VERIFY_PARAM *vpm = NULL;
int crl_download = 0, show_chain = 0;
#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
#endif
char *prog, *CApath = NULL, *CAfile = NULL, *engine = NULL;
char *untfile = NULL, *trustfile = NULL, *crlfile = NULL;
int vpmtouched = 0, crl_download = 0, show_chain = 0, i = 0, ret = 1;
OPTION_CHOICE o;
cert_ctx = X509_STORE_new();
if (cert_ctx == NULL)
goto end;
X509_STORE_set_verify_cb(cert_ctx, cb);
ERR_load_crypto_strings();
apps_startup();
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
goto end;
argc--;
argv++;
for (;;) {
if (argc >= 1) {
if (strcmp(*argv, "-CApath") == 0) {
if (argc-- < 1)
goto end;
CApath = *(++argv);
} else if (strcmp(*argv, "-CAfile") == 0) {
if (argc-- < 1)
goto end;
CAfile = *(++argv);
} else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) {
if (badarg)
goto end;
continue;
} else if (strcmp(*argv, "-untrusted") == 0) {
if (argc-- < 1)
goto end;
untfile = *(++argv);
} else if (strcmp(*argv, "-trusted") == 0) {
if (argc-- < 1)
goto end;
trustfile = *(++argv);
} else if (strcmp(*argv, "-CRLfile") == 0) {
if (argc-- < 1)
goto end;
crlfile = *(++argv);
} else if (strcmp(*argv, "-crl_download") == 0)
crl_download = 1;
else if (strcmp(*argv, "-show_chain") == 0)
show_chain = 1;
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv, "-engine") == 0) {
if (--argc < 1)
goto end;
engine = *(++argv);
prog = opt_init(argc, argv, verify_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(verify_options);
BIO_printf(bio_err, "Recognized usages:\n");
for (i = 0; i < X509_PURPOSE_get_count(); i++) {
X509_PURPOSE *ptmp;
ptmp = X509_PURPOSE_get0(i);
BIO_printf(bio_err, "\t%-10s\t%s\n",
X509_PURPOSE_get0_sname(ptmp),
X509_PURPOSE_get0_name(ptmp));
}
#endif
else if (strcmp(*argv, "-help") == 0)
BIO_printf(bio_err, "Recognized verify names:\n");
for (i = 0; i < X509_VERIFY_PARAM_get_count(); i++) {
const X509_VERIFY_PARAM *vptmp;
vptmp = X509_VERIFY_PARAM_get0(i);
BIO_printf(bio_err, "\t%-10s\n",
X509_VERIFY_PARAM_get0_name(vptmp));
}
ret = 0;
goto end;
case OPT_V_CASES:
if (!opt_verify(o, vpm))
goto end;
else if (strcmp(*argv, "-verbose") == 0)
v_verbose = 1;
else if (argv[0][0] == '-')
goto end;
else
break;
argc--;
argv++;
} else
vpmtouched++;
break;
case OPT_CAPATH:
CApath = opt_arg();
break;
case OPT_CAFILE:
CAfile = opt_arg();
break;
case OPT_UNTRUSTED:
untfile = opt_arg();
break;
case OPT_TRUSTED:
trustfile = opt_arg();
break;
case OPT_CRLFILE:
crlfile = opt_arg();
break;
case OPT_CRL_DOWNLOAD:
crl_download = 1;
break;
case OPT_SHOW_CHAIN:
show_chain = 1;
break;
case OPT_ENGINE:
engine = opt_arg();
break;
case OPT_VERBOSE:
v_verbose = 1;
break;
}
}
argc = opt_num_rest();
argv = opt_rest();
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
e = setup_engine(engine, 0);
#endif
if (!(store = setup_verify(CAfile, CApath)))
goto end;
X509_STORE_set_verify_cb(store, cb);
if (vpm)
X509_STORE_set1_param(cert_ctx, vpm);
lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
if (lookup == NULL)
abort();
if (CAfile) {
i = X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM);
if (!i) {
BIO_printf(bio_err, "Error loading file %s\n", CAfile);
ERR_print_errors(bio_err);
goto end;
}
} else
X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir());
if (lookup == NULL)
abort();
if (CApath) {
i = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM);
if (!i) {
BIO_printf(bio_err, "Error loading directory %s\n", CApath);
ERR_print_errors(bio_err);
goto end;
}
} else
X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
if (vpmtouched)
X509_STORE_set1_param(store, vpm);
ERR_clear_error();
if (untfile) {
untrusted = load_certs(bio_err, untfile, FORMAT_PEM,
untrusted = load_certs(untfile, FORMAT_PEM,
NULL, e, "untrusted certificates");
if (!untrusted)
goto end;
}
if (trustfile) {
trusted = load_certs(bio_err, trustfile, FORMAT_PEM,
trusted = load_certs(trustfile, FORMAT_PEM,
NULL, e, "trusted certificates");
if (!trusted)
goto end;
}
if (crlfile) {
crls = load_crls(bio_err, crlfile, FORMAT_PEM, NULL, e, "other CRLs");
crls = load_crls(crlfile, FORMAT_PEM, NULL, e, "other CRLs");
if (!crls)
goto end;
}
if (crl_download)
store_setup_crl_download(cert_ctx);
store_setup_crl_download(store);
ret = 0;
if (argc < 1) {
if (1 !=
check(cert_ctx, NULL, untrusted, trusted, crls, e, show_chain))
if (check(store, NULL, untrusted, trusted, crls, e, show_chain) != 1)
ret = -1;
} else {
for (i = 0; i < argc; i++)
if (1 !=
check(cert_ctx, argv[i], untrusted, trusted, crls, e,
show_chain))
if (check(store, argv[i], untrusted, trusted, crls, e,
show_chain) != 1)
ret = -1;
}
end:
if (ret == 1) {
BIO_printf(bio_err,
"usage: verify [-verbose] [-CApath path] [-CAfile file] [-trusted_first] [-purpose purpose] [-crl_check] [-no_alt_chains]");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, " [-engine e]");
#endif
BIO_printf(bio_err, " cert1 cert2 ...\n");
BIO_printf(bio_err, "recognized usages:\n");
for (i = 0; i < X509_PURPOSE_get_count(); i++) {
X509_PURPOSE *ptmp;
ptmp = X509_PURPOSE_get0(i);
BIO_printf(bio_err, "\t%-10s\t%s\n",
X509_PURPOSE_get0_sname(ptmp),
X509_PURPOSE_get0_name(ptmp));
}
BIO_printf(bio_err, "recognized verify names:\n");
for (i = 0; i < X509_VERIFY_PARAM_get_count(); i++) {
const X509_VERIFY_PARAM *vptmp;
vptmp = X509_VERIFY_PARAM_get0(i);
BIO_printf(bio_err, "\t%-10s\n",
X509_VERIFY_PARAM_get0_name(vptmp));
}
}
if (vpm)
X509_VERIFY_PARAM_free(vpm);
if (cert_ctx != NULL)
X509_STORE_free(cert_ctx);
if (store != NULL)
X509_STORE_free(store);
sk_X509_pop_free(untrusted, X509_free);
sk_X509_pop_free(trusted, X509_free);
sk_X509_CRL_pop_free(crls, X509_CRL_free);
apps_shutdown();
OPENSSL_EXIT(ret < 0 ? 2 : ret);
return (ret < 0 ? 2 : ret);
}
static int check(X509_STORE *ctx, char *file,
@ -280,10 +243,10 @@ static int check(X509_STORE *ctx, char *file,
X509_STORE_CTX *csc;
STACK_OF(X509) *chain = NULL;
x = load_cert(bio_err, file, FORMAT_PEM, NULL, e, "certificate file");
x = load_cert(file, FORMAT_PEM, NULL, e, "certificate file");
if (x == NULL)
goto end;
fprintf(stdout, "%s: ", (file == NULL) ? "stdin" : file);
printf("%s: ", (file == NULL) ? "stdin" : file);
csc = X509_STORE_CTX_new();
if (csc == NULL) {
@ -307,7 +270,7 @@ static int check(X509_STORE *ctx, char *file,
ret = 0;
end:
if (i > 0) {
fprintf(stdout, "OK\n");
printf("OK\n");
ret = 1;
} else
ERR_print_errors(bio_err);
@ -348,7 +311,7 @@ static int cb(int ok, X509_STORE_CTX *ctx)
X509_verify_cert_error_string(cert_error));
switch (cert_error) {
case X509_V_ERR_NO_EXPLICIT_POLICY:
policies_print(NULL, ctx);
policies_print(bio_err, ctx);
case X509_V_ERR_CERT_HAS_EXPIRED:
/*
@ -373,7 +336,7 @@ static int cb(int ok, X509_STORE_CTX *ctx)
}
if (cert_error == X509_V_OK && ok == 2)
policies_print(NULL, ctx);
policies_print(bio_out, ctx);
if (!v_verbose)
ERR_clear_error();
return (ok);

88
apps/version.c
View File

@ -1,4 +1,3 @@
/* apps/version.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -132,45 +131,66 @@
# include <openssl/blowfish.h>
#endif
#undef PROG
#define PROG version_main
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_B, OPT_D, OPT_F, OPT_O, OPT_P, OPT_V, OPT_A
} OPTION_CHOICE;
int MAIN(int, char **);
OPTIONS version_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"a", OPT_A, '-', "Show all data"},
{"b", OPT_B, '-', "Show build date"},
{"d", OPT_D, '-', "Show configuration directory"},
{"f", OPT_F, '-', "Show compiler flags used"},
{"o", OPT_O, '-', "Show some internal datatype options"},
{"p", OPT_P, '-', "Show target build platform"},
{"v", OPT_V, '-', "Show library version"},
{NULL}
};
int MAIN(int argc, char **argv)
int version_main(int argc, char **argv)
{
int i, ret = 0;
int ret = 1, dirty = 0;
int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0;
char *prog;
OPTION_CHOICE o;
apps_startup();
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (argc == 1)
version = 1;
for (i = 1; i < argc; i++) {
if (strcmp(argv[i], "-v") == 0)
version = 1;
else if (strcmp(argv[i], "-b") == 0)
date = 1;
else if (strcmp(argv[i], "-f") == 0)
cflags = 1;
else if (strcmp(argv[i], "-o") == 0)
options = 1;
else if (strcmp(argv[i], "-p") == 0)
platform = 1;
else if (strcmp(argv[i], "-d") == 0)
dir = 1;
else if (strcmp(argv[i], "-a") == 0)
date = version = cflags = options = platform = dir = 1;
else {
BIO_printf(bio_err, "usage:version -[avbofpd]\n");
ret = 1;
prog = opt_init(argc, argv, version_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(version_options);
ret = 0;
goto end;
case OPT_B:
dirty = date = 1;
break;
case OPT_D:
dirty = dir = 1;
break;
case OPT_F:
dirty = cflags = 1;
break;
case OPT_O:
dirty = options = 1;
break;
case OPT_P:
dirty = platform = 1;
break;
case OPT_V:
dirty = version = 1;
break;
case OPT_A:
cflags = version = date = platform = dir = 1;
break;
}
}
if (!dirty)
version = 1;
if (version) {
if (SSLeay() == SSLEAY_VERSION_NUMBER) {
@ -208,7 +228,7 @@ int MAIN(int argc, char **argv)
printf("%s\n", SSLeay_version(SSLEAY_CFLAGS));
if (dir)
printf("%s\n", SSLeay_version(SSLEAY_DIR));
ret = 0;
end:
apps_shutdown();
OPENSSL_EXIT(ret);
return (ret);
}

104
apps/vms_decc_init.c
View File

@ -1,3 +1,55 @@
/*
* Written by sms and contributed to the OpenSSL project.
*/
/* ====================================================================
* Copyright (c) 2010 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#if defined( __VMS) && !defined( OPENSSL_NO_DECC_INIT) && \
defined( __DECC) && !defined( __VAX) && (__CRTL_VER >= 70301000)
# define USE_DECC_INIT 1
@ -5,17 +57,11 @@
#ifdef USE_DECC_INIT
/*-
* 2010-04-26 SMS.
*
*----------------------------------------------------------------------
*
* decc_init()
*
* On non-VAX systems, uses LIB$INITIALIZE to set a collection of C
* RTL features without using the DECC$* logical name method.
*
*----------------------------------------------------------------------
/*
* ----------------------------------------------------------------------
* decc_init() On non-VAX systems, uses LIB$INITIALIZE to set a collection
* of C RTL features without using the DECC$* logical name method.
* ----------------------------------------------------------------------
*/
# include <stdio.h>
@ -57,6 +103,42 @@ decc_feat_t decc_feat_array[] = {
{(char *)NULL, 0}
};
char **copy_argv(int *argc, char *argv[])
{
/*-
* The note below is for historical purpose. On VMS now we always
* copy argv "safely."
*
* 2011-03-22 SMS.
* If we have 32-bit pointers everywhere, then we're safe, and
* we bypass this mess, as on non-VMS systems.
* Problem 1: Compaq/HP C before V7.3 always used 32-bit
* pointers for argv[].
* Fix 1: For a 32-bit argv[], when we're using 64-bit pointers
* everywhere else, we always allocate and use a 64-bit
* duplicate of argv[].
* Problem 2: Compaq/HP C V7.3 (Alpha, IA64) before ECO1 failed
* to NULL-terminate a 64-bit argv[]. (As this was written, the
* compiler ECO was available only on IA64.)
* Fix 2: Unless advised not to (VMS_TRUST_ARGV), we test a
* 64-bit argv[argc] for NULL, and, if necessary, use a
* (properly) NULL-terminated (64-bit) duplicate of argv[].
* The same code is used in either case to duplicate argv[].
* Some of these decisions could be handled in preprocessing,
* but the code tends to get even uglier, and the penalty for
* deciding at compile- or run-time is tiny.
*/
int i, count = *argc;
char **newargv = (char **)OPENSSL_malloc((count + 1) * sizeof *newargv);
for (i = 0; i < count; i++)
newargv[i] = argv[i];
newargv[i] = NULL;
*argc = i;
return newargv;
}
/* LIB$INITIALIZE initialization function. */
static void decc_init(void)

1
apps/winrand.c
View File

@ -1,4 +1,3 @@
/* apps/winrand.c */
/* ====================================================================
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
*

935
apps/x509.c
View File

File diff suppressed because it is too large Load Diff

7
crypto/evp/c_allc.c
View File

@ -94,6 +94,7 @@ void OpenSSL_add_all_ciphers(void)
EVP_add_cipher(EVP_des_ede());
EVP_add_cipher(EVP_des_ede3());
EVP_add_cipher(EVP_des_ede3_wrap());
EVP_add_cipher_alias(SN_id_smime_alg_CMS3DESwrap, "des3-wrap");
#endif
#ifndef OPENSSL_NO_RC4
@ -131,6 +132,9 @@ void OpenSSL_add_all_ciphers(void)
EVP_add_cipher(EVP_rc2_64_cbc());
EVP_add_cipher_alias(SN_rc2_cbc, "RC2");
EVP_add_cipher_alias(SN_rc2_cbc, "rc2");
EVP_add_cipher_alias(SN_rc2_cbc, "rc2-128");
EVP_add_cipher_alias(SN_rc2_64_cbc, "rc2-64");
EVP_add_cipher_alias(SN_rc2_40_cbc, "rc2-40");
#endif
#ifndef OPENSSL_NO_BF
@ -178,6 +182,7 @@ void OpenSSL_add_all_ciphers(void)
EVP_add_cipher(EVP_aes_128_xts());
EVP_add_cipher(EVP_aes_128_ccm());
EVP_add_cipher(EVP_aes_128_wrap());
EVP_add_cipher_alias(SN_id_aes128_wrap, "aes128-wrap");
EVP_add_cipher(EVP_aes_128_wrap_pad());
EVP_add_cipher_alias(SN_aes_128_cbc, "AES128");
EVP_add_cipher_alias(SN_aes_128_cbc, "aes128");
@ -194,6 +199,7 @@ void OpenSSL_add_all_ciphers(void)
# endif
EVP_add_cipher(EVP_aes_192_ccm());
EVP_add_cipher(EVP_aes_192_wrap());
EVP_add_cipher_alias(SN_id_aes192_wrap, "aes192-wrap");
EVP_add_cipher(EVP_aes_192_wrap_pad());
EVP_add_cipher_alias(SN_aes_192_cbc, "AES192");
EVP_add_cipher_alias(SN_aes_192_cbc, "aes192");
@ -211,6 +217,7 @@ void OpenSSL_add_all_ciphers(void)
EVP_add_cipher(EVP_aes_256_xts());
EVP_add_cipher(EVP_aes_256_ccm());
EVP_add_cipher(EVP_aes_256_wrap());
EVP_add_cipher_alias(SN_id_aes256_wrap, "aes256-wrap");
EVP_add_cipher(EVP_aes_256_wrap_pad());
EVP_add_cipher_alias(SN_aes_256_cbc, "AES256");
EVP_add_cipher_alias(SN_aes_256_cbc, "aes256");

2
ssl/ssl_conf.c
View File

@ -192,6 +192,7 @@ static int ssl_set_option_list(const char *elem, int len, void *usr)
/* Single command line switches with no argument e.g. -no_ssl3 */
static int ctrl_str_option(SSL_CONF_CTX *cctx, const char *cmd)
{
/* See apps/apps.h if you change this table. */
static const ssl_flag_tbl ssl_option_single[] = {
SSL_FLAG_TBL("no_ssl3", SSL_OP_NO_SSLv3),
SSL_FLAG_TBL("no_tls1", SSL_OP_NO_TLSv1),
@ -457,6 +458,7 @@ typedef struct {
#define SSL_CONF_CMD_STRING(name, cmdopt) \
SSL_CONF_CMD(name, cmdopt, SSL_CONF_TYPE_STRING)
/* See apps/apps.h if you change this table. */
static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
SSL_CONF_CMD_STRING(SignatureAlgorithms, "sigalgs"),
SSL_CONF_CMD_STRING(ClientSignatureAlgorithms, "client_sigalgs"),

2
util/indent.pro
View File

@ -749,3 +749,5 @@
-T ssl_trace_tbl
-T _stdcall
-T tls12_lookup
-T OPTIONS
-T OPT_PAIR

2
util/ssleay.num
View File

@ -393,3 +393,5 @@ SSL_set_wbio 427 EXIST::FUNCTION:
SSL_SESSION_get0_ticket 428 EXIST::FUNCTION:
SSL_SESSION_get_ticket_lifetime_hint 429 EXIST::FUNCTION:
SSL_set_rbio 430 EXIST::FUNCTION:
SSL_CIPHER_get_digest_nid 431 EXIST::FUNCTION:
SSL_CIPHER_get_cipher_nid 432 EXIST::FUNCTION: