generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Run util/openssl-format-source -v -c .

Browse Source 
Reviewed-by: Tim Hudson <tjh@openssl.org>
This commit is contained in:
Matt Caswell
2015-01-22 01:01:16 +00:00
parent e3db68b766
commit a8b966f48f
1020 changed files with 242626 additions and 243393 deletions
Download Patch File Download Diff File Expand all files Collapse all files

360
demos/asn1/ocsp.c
View File

@@ -1,6 +1,7 @@
/* ocsp.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 2000.
*/
/* ====================================================================
* Copyright (c) 2000 The OpenSSL Project. All rights reserved.
@@ -10,7 +11,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -59,114 +60,111 @@
#include <openssl/asn1t.h>
#include <openssl/x509v3.h>
/*-
/*-
Example of new ASN1 code, OCSP request
OCSPRequest ::= SEQUENCE {
tbsRequest TBSRequest,
optionalSignature [0] EXPLICIT Signature OPTIONAL }
OCSPRequest ::= SEQUENCE {
tbsRequest TBSRequest,
optionalSignature [0] EXPLICIT Signature OPTIONAL }
TBSRequest ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
requestorName [1] EXPLICIT GeneralName OPTIONAL,
requestList SEQUENCE OF Request,
requestExtensions [2] EXPLICIT Extensions OPTIONAL }
TBSRequest ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
requestorName [1] EXPLICIT GeneralName OPTIONAL,
requestList SEQUENCE OF Request,
requestExtensions [2] EXPLICIT Extensions OPTIONAL }
Signature ::= SEQUENCE {
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING,
certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
Signature ::= SEQUENCE {
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING,
certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
Version ::= INTEGER { v1(0) }
Version ::= INTEGER { v1(0) }
Request ::= SEQUENCE {
reqCert CertID,
singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL }
Request ::= SEQUENCE {
reqCert CertID,
singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL }
CertID ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier,
issuerNameHash OCTET STRING, -- Hash of Issuer's DN
issuerKeyHash OCTET STRING, -- Hash of Issuers public key
serialNumber CertificateSerialNumber }
CertID ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier,
issuerNameHash OCTET STRING, -- Hash of Issuer's DN
issuerKeyHash OCTET STRING, -- Hash of Issuers public key
serialNumber CertificateSerialNumber }
OCSPResponse ::= SEQUENCE {
responseStatus OCSPResponseStatus,
responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
OCSPResponse ::= SEQUENCE {
responseStatus OCSPResponseStatus,
responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
OCSPResponseStatus ::= ENUMERATED {
successful (0), --Response has valid confirmations
malformedRequest (1), --Illegal confirmation request
internalError (2), --Internal error in issuer
tryLater (3), --Try again later
--(4) is not used
sigRequired (5), --Must sign the request
unauthorized (6) --Request unauthorized
}
OCSPResponseStatus ::= ENUMERATED {
successful (0), --Response has valid confirmations
malformedRequest (1), --Illegal confirmation request
internalError (2), --Internal error in issuer
tryLater (3), --Try again later
--(4) is not used
sigRequired (5), --Must sign the request
unauthorized (6) --Request unauthorized
}
ResponseBytes ::= SEQUENCE {
responseType OBJECT IDENTIFIER,
response OCTET STRING }
ResponseBytes ::= SEQUENCE {
responseType OBJECT IDENTIFIER,
response OCTET STRING }
BasicOCSPResponse ::= SEQUENCE {
tbsResponseData ResponseData,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING,
certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
BasicOCSPResponse ::= SEQUENCE {
tbsResponseData ResponseData,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING,
certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
ResponseData ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
responderID ResponderID,
producedAt GeneralizedTime,
responses SEQUENCE OF SingleResponse,
responseExtensions [1] EXPLICIT Extensions OPTIONAL }
ResponseData ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
responderID ResponderID,
producedAt GeneralizedTime,
responses SEQUENCE OF SingleResponse,
responseExtensions [1] EXPLICIT Extensions OPTIONAL }
ResponderID ::= CHOICE {
byName [1] Name, --EXPLICIT
byKey [2] KeyHash }
ResponderID ::= CHOICE {
byName [1] Name, --EXPLICIT
byKey [2] KeyHash }
KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
--(excluding the tag and length fields)
KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
--(excluding the tag and length fields)
SingleResponse ::= SEQUENCE {
certID CertID,
certStatus CertStatus,
thisUpdate GeneralizedTime,
nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
singleExtensions [1] EXPLICIT Extensions OPTIONAL }
SingleResponse ::= SEQUENCE {
certID CertID,
certStatus CertStatus,
thisUpdate GeneralizedTime,
nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
singleExtensions [1] EXPLICIT Extensions OPTIONAL }
CertStatus ::= CHOICE {
good [0] IMPLICIT NULL,
revoked [1] IMPLICIT RevokedInfo,
unknown [2] IMPLICIT UnknownInfo }
CertStatus ::= CHOICE {
good [0] IMPLICIT NULL,
revoked [1] IMPLICIT RevokedInfo,
unknown [2] IMPLICIT UnknownInfo }
RevokedInfo ::= SEQUENCE {
revocationTime GeneralizedTime,
revocationReason [0] EXPLICIT CRLReason OPTIONAL }
RevokedInfo ::= SEQUENCE {
revocationTime GeneralizedTime,
revocationReason [0] EXPLICIT CRLReason OPTIONAL }
UnknownInfo ::= NULL -- this can be replaced with an enumeration
UnknownInfo ::= NULL -- this can be replaced with an enumeration
ArchiveCutoff ::= GeneralizedTime
ArchiveCutoff ::= GeneralizedTime
AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER
AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER
ServiceLocator ::= SEQUENCE {
issuer Name,
locator AuthorityInfoAccessSyntax }
ServiceLocator ::= SEQUENCE {
issuer Name,
locator AuthorityInfoAccessSyntax }
-- Object Identifiers
-- Object Identifiers
id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 }
id-pkix-ocsp OBJECT IDENTIFIER ::= { id-ad-ocsp }
id-pkix-ocsp-basic OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 }
id-pkix-ocsp-nonce OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
id-pkix-ocsp-crl OBJECT IDENTIFIER ::= { id-pkix-ocsp 3 }
id-pkix-ocsp-response OBJECT IDENTIFIER ::= { id-pkix-ocsp 4 }
id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
id-pkix-ocsp-archive-cutoff OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 }
id-pkix-ocsp-service-locator OBJECT IDENTIFIER ::= { id-pkix-ocsp 7 }
id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 }
id-pkix-ocsp OBJECT IDENTIFIER ::= { id-ad-ocsp }
id-pkix-ocsp-basic OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 }
id-pkix-ocsp-nonce OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
id-pkix-ocsp-crl OBJECT IDENTIFIER ::= { id-pkix-ocsp 3 }
id-pkix-ocsp-response OBJECT IDENTIFIER ::= { id-pkix-ocsp 4 }
id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
id-pkix-ocsp-archive-cutoff OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 }
id-pkix-ocsp-service-locator OBJECT IDENTIFIER ::= { id-pkix-ocsp 7 }
*/
@@ -175,193 +173,189 @@
DECLARE_STACK_OF(Request)
typedef struct {
ASN1_INTEGER *version;
GENERAL_NAME *requestorName;
STACK_OF(Request) *requestList;
STACK_OF(X509_EXTENSION) *requestExtensions;
ASN1_INTEGER *version;
GENERAL_NAME *requestorName;
STACK_OF(Request) *requestList;
STACK_OF(X509_EXTENSION) *requestExtensions;
} TBSRequest;
typedef struct {
X509_ALGOR *signatureAlgorithm;
ASN1_BIT_STRING *signature;
STACK_OF(X509) *certs;
X509_ALGOR *signatureAlgorithm;
ASN1_BIT_STRING *signature;
STACK_OF(X509) *certs;
} Signature;
typedef struct {
TBSRequest *tbsRequest;
Signature *optionalSignature;
TBSRequest *tbsRequest;
Signature *optionalSignature;
} OCSPRequest;
typedef struct {
X509_ALGOR *hashAlgorithm;
ASN1_OCTET_STRING *issuerNameHash;
ASN1_OCTET_STRING *issuerKeyHash;
ASN1_INTEGER *certificateSerialNumber;
X509_ALGOR *hashAlgorithm;
ASN1_OCTET_STRING *issuerNameHash;
ASN1_OCTET_STRING *issuerKeyHash;
ASN1_INTEGER *certificateSerialNumber;
} CertID;
typedef struct {
CertID *reqCert;
STACK_OF(X509_EXTENSION) *singleRequestExtensions;
CertID *reqCert;
STACK_OF(X509_EXTENSION) *singleRequestExtensions;
} Request;
/* Response structures */
typedef struct {
ASN1_OBJECT *responseType;
ASN1_OCTET_STRING *response;
ASN1_OBJECT *responseType;
ASN1_OCTET_STRING *response;
} ResponseBytes;
typedef struct {
ASN1_ENUMERATED *responseStatus;
ResponseBytes *responseBytes;
ASN1_ENUMERATED *responseStatus;
ResponseBytes *responseBytes;
} OCSPResponse;
typedef struct {
int type;
union {
X509_NAME *byName;
ASN1_OCTET_STRING *byKey;
}d;
int type;
union {
X509_NAME *byName;
ASN1_OCTET_STRING *byKey;
} d;
} ResponderID;
typedef struct {
ASN1_INTEGER *version;
ResponderID *responderID;
ASN1_GENERALIZEDTIME *producedAt;
STACK_OF(SingleResponse) *responses;
STACK_OF(X509_EXTENSION) *responseExtensions;
ASN1_INTEGER *version;
ResponderID *responderID;
ASN1_GENERALIZEDTIME *producedAt;
STACK_OF(SingleResponse) *responses;
STACK_OF(X509_EXTENSION) *responseExtensions;
} ResponseData;
typedef struct {
ResponseData *tbsResponseData;
X509_ALGOR *signatureAlgorithm;
ASN1_BIT_STRING *signature;
STACK_OF(X509) *certs;
ResponseData *tbsResponseData;
X509_ALGOR *signatureAlgorithm;
ASN1_BIT_STRING *signature;
STACK_OF(X509) *certs;
} BasicOCSPResponse;
typedef struct {
ASN1_GENERALIZEDTIME *revocationTime;
ASN1_ENUMERATED * revocationReason;
ASN1_GENERALIZEDTIME *revocationTime;
ASN1_ENUMERATED *revocationReason;
} RevokedInfo;
typedef struct {
int type;
union {
ASN1_NULL *good;
RevokedInfo *revoked;
ASN1_NULL *unknown;
} d;
int type;
union {
ASN1_NULL *good;
RevokedInfo *revoked;
ASN1_NULL *unknown;
} d;
} CertStatus;
typedef struct {
CertID *certID;
CertStatus *certStatus;
ASN1_GENERALIZEDTIME *thisUpdate;
ASN1_GENERALIZEDTIME *nextUpdate;
STACK_OF(X509_EXTENSION) *singleExtensions;
CertID *certID;
CertStatus *certStatus;
ASN1_GENERALIZEDTIME *thisUpdate;
ASN1_GENERALIZEDTIME *nextUpdate;
STACK_OF(X509_EXTENSION) *singleExtensions;
} SingleResponse;
typedef struct {
X509_NAME *issuer;
STACK_OF(ACCESS_DESCRIPTION) *locator;
} ServiceLocator;
/* Now the ASN1 templates */
IMPLEMENT_COMPAT_ASN1(X509);
IMPLEMENT_COMPAT_ASN1(X509_ALGOR);
//IMPLEMENT_COMPAT_ASN1(X509_EXTENSION);
// IMPLEMENT_COMPAT_ASN1(X509_EXTENSION);
IMPLEMENT_COMPAT_ASN1(GENERAL_NAME);
IMPLEMENT_COMPAT_ASN1(X509_NAME);
ASN1_SEQUENCE(X509_EXTENSION) = {
ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),
ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING)
ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),
ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING)
} ASN1_SEQUENCE_END(X509_EXTENSION);
ASN1_SEQUENCE(Signature) = {
ASN1_SIMPLE(Signature, signatureAlgorithm, X509_ALGOR),
ASN1_SIMPLE(Signature, signature, ASN1_BIT_STRING),
ASN1_SEQUENCE_OF(Signature, certs, X509)
ASN1_SIMPLE(Signature, signatureAlgorithm, X509_ALGOR),
ASN1_SIMPLE(Signature, signature, ASN1_BIT_STRING),
ASN1_SEQUENCE_OF(Signature, certs, X509)
} ASN1_SEQUENCE_END(Signature);
ASN1_SEQUENCE(CertID) = {
ASN1_SIMPLE(CertID, hashAlgorithm, X509_ALGOR),
ASN1_SIMPLE(CertID, issuerNameHash, ASN1_OCTET_STRING),
ASN1_SIMPLE(CertID, issuerKeyHash, ASN1_OCTET_STRING),
ASN1_SIMPLE(CertID, certificateSerialNumber, ASN1_INTEGER)
ASN1_SIMPLE(CertID, hashAlgorithm, X509_ALGOR),
ASN1_SIMPLE(CertID, issuerNameHash, ASN1_OCTET_STRING),
ASN1_SIMPLE(CertID, issuerKeyHash, ASN1_OCTET_STRING),
ASN1_SIMPLE(CertID, certificateSerialNumber, ASN1_INTEGER)
} ASN1_SEQUENCE_END(CertID);
ASN1_SEQUENCE(Request) = {
ASN1_SIMPLE(Request, reqCert, CertID),
ASN1_EXP_SEQUENCE_OF_OPT(Request, singleRequestExtensions, X509_EXTENSION, 0)
ASN1_SIMPLE(Request, reqCert, CertID),
ASN1_EXP_SEQUENCE_OF_OPT(Request, singleRequestExtensions, X509_EXTENSION, 0)
} ASN1_SEQUENCE_END(Request);
ASN1_SEQUENCE(TBSRequest) = {
ASN1_EXP_OPT(TBSRequest, version, ASN1_INTEGER, 0),
ASN1_EXP_OPT(TBSRequest, requestorName, GENERAL_NAME, 1),
ASN1_SEQUENCE_OF(TBSRequest, requestList, Request),
ASN1_EXP_SEQUENCE_OF_OPT(TBSRequest, requestExtensions, X509_EXTENSION, 2)
ASN1_EXP_OPT(TBSRequest, version, ASN1_INTEGER, 0),
ASN1_EXP_OPT(TBSRequest, requestorName, GENERAL_NAME, 1),
ASN1_SEQUENCE_OF(TBSRequest, requestList, Request),
ASN1_EXP_SEQUENCE_OF_OPT(TBSRequest, requestExtensions, X509_EXTENSION, 2)
} ASN1_SEQUENCE_END(TBSRequest);
ASN1_SEQUENCE(OCSPRequest) = {
ASN1_SIMPLE(OCSPRequest, tbsRequest, TBSRequest),
ASN1_EXP_OPT(OCSPRequest, optionalSignature, Signature, 0)
ASN1_SIMPLE(OCSPRequest, tbsRequest, TBSRequest),
ASN1_EXP_OPT(OCSPRequest, optionalSignature, Signature, 0)
} ASN1_SEQUENCE_END(OCSPRequest);
/* Response templates */
ASN1_SEQUENCE(ResponseBytes) = {
ASN1_SIMPLE(ResponseBytes, responseType, ASN1_OBJECT),
ASN1_SIMPLE(ResponseBytes, response, ASN1_OCTET_STRING)
ASN1_SIMPLE(ResponseBytes, responseType, ASN1_OBJECT),
ASN1_SIMPLE(ResponseBytes, response, ASN1_OCTET_STRING)
} ASN1_SEQUENCE_END(ResponseBytes);
ASN1_SEQUENCE(OCSPResponse) = {
ASN1_SIMPLE(OCSPResponse, responseStatus, ASN1_ENUMERATED),
ASN1_EXP_OPT(OCSPResponse, responseBytes, ResponseBytes, 0)
ASN1_SIMPLE(OCSPResponse, responseStatus, ASN1_ENUMERATED),
ASN1_EXP_OPT(OCSPResponse, responseBytes, ResponseBytes, 0)
} ASN1_SEQUENCE_END(OCSPResponse);
ASN1_CHOICE(ResponderID) = {
ASN1_EXP(ResponderID, d.byName, X509_NAME, 1),
ASN1_IMP(ResponderID, d.byKey, ASN1_OCTET_STRING, 2)
ASN1_EXP(ResponderID, d.byName, X509_NAME, 1),
ASN1_IMP(ResponderID, d.byKey, ASN1_OCTET_STRING, 2)
} ASN1_CHOICE_END(ResponderID);
ASN1_SEQUENCE(RevokedInfo) = {
ASN1_SIMPLE(RevokedInfo, revocationTime, ASN1_GENERALIZEDTIME),
ASN1_EXP_OPT(RevokedInfo, revocationReason, ASN1_ENUMERATED, 0)
ASN1_SIMPLE(RevokedInfo, revocationTime, ASN1_GENERALIZEDTIME),
ASN1_EXP_OPT(RevokedInfo, revocationReason, ASN1_ENUMERATED, 0)
} ASN1_SEQUENCE_END(RevokedInfo);
ASN1_CHOICE(CertStatus) = {
ASN1_IMP(CertStatus, d.good, ASN1_NULL, 0),
ASN1_IMP(CertStatus, d.revoked, RevokedInfo, 1),
ASN1_IMP(CertStatus, d.unknown, ASN1_NULL, 2)
ASN1_IMP(CertStatus, d.good, ASN1_NULL, 0),
ASN1_IMP(CertStatus, d.revoked, RevokedInfo, 1),
ASN1_IMP(CertStatus, d.unknown, ASN1_NULL, 2)
} ASN1_CHOICE_END(CertStatus);
ASN1_SEQUENCE(SingleResponse) = {
ASN1_SIMPLE(SingleResponse, certID, CertID),
ASN1_SIMPLE(SingleResponse, certStatus, CertStatus),
ASN1_SIMPLE(SingleResponse, thisUpdate, ASN1_GENERALIZEDTIME),
ASN1_EXP_OPT(SingleResponse, nextUpdate, ASN1_GENERALIZEDTIME, 0),
ASN1_EXP_SEQUENCE_OF_OPT(SingleResponse, singleExtensions, X509_EXTENSION, 1)
ASN1_SIMPLE(SingleResponse, certID, CertID),
ASN1_SIMPLE(SingleResponse, certStatus, CertStatus),
ASN1_SIMPLE(SingleResponse, thisUpdate, ASN1_GENERALIZEDTIME),
ASN1_EXP_OPT(SingleResponse, nextUpdate, ASN1_GENERALIZEDTIME, 0),
ASN1_EXP_SEQUENCE_OF_OPT(SingleResponse, singleExtensions, X509_EXTENSION, 1)
} ASN1_SEQUENCE_END(SingleResponse);
ASN1_SEQUENCE(ResponseData) = {
ASN1_EXP_OPT(ResponseData, version, ASN1_INTEGER, 0),
ASN1_SIMPLE(ResponseData, responderID, ResponderID),
ASN1_SIMPLE(ResponseData, producedAt, ASN1_GENERALIZEDTIME),
ASN1_SEQUENCE_OF(ResponseData, responses, SingleResponse),
ASN1_EXP_SEQUENCE_OF_OPT(ResponseData, responseExtensions, X509_EXTENSION, 1)
ASN1_EXP_OPT(ResponseData, version, ASN1_INTEGER, 0),
ASN1_SIMPLE(ResponseData, responderID, ResponderID),
ASN1_SIMPLE(ResponseData, producedAt, ASN1_GENERALIZEDTIME),
ASN1_SEQUENCE_OF(ResponseData, responses, SingleResponse),
ASN1_EXP_SEQUENCE_OF_OPT(ResponseData, responseExtensions, X509_EXTENSION, 1)
} ASN1_SEQUENCE_END(ResponseData);
ASN1_SEQUENCE(BasicOCSPResponse) = {
ASN1_SIMPLE(BasicOCSPResponse, tbsResponseData, ResponseData),
ASN1_SIMPLE(BasicOCSPResponse, signatureAlgorithm, X509_ALGOR),
ASN1_SIMPLE(BasicOCSPResponse, signature, ASN1_BIT_STRING),
ASN1_EXP_SEQUENCE_OF_OPT(BasicOCSPResponse, certs, X509, 0)
ASN1_SIMPLE(BasicOCSPResponse, tbsResponseData, ResponseData),
ASN1_SIMPLE(BasicOCSPResponse, signatureAlgorithm, X509_ALGOR),
ASN1_SIMPLE(BasicOCSPResponse, signature, ASN1_BIT_STRING),
ASN1_EXP_SEQUENCE_OF_OPT(BasicOCSPResponse, certs, X509, 0)
} ASN1_SEQUENCE_END(BasicOCSPResponse);

347
demos/b64.c
View File

@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -71,198 +71,185 @@
#undef BSIZE
#undef PROG
#define SIZE (512)
#define BSIZE (8*1024)
#define PROG enc_main
#define SIZE (512)
#define BSIZE (8*1024)
#define PROG enc_main
int main(argc,argv)
int main(argc, argv)
int argc;
char **argv;
{
char *strbuf=NULL;
unsigned char *buff=NULL,*bufsize=NULL;
int bsize=BSIZE,verbose=0;
int ret=1,inl;
char *str=NULL;
char *hkey=NULL,*hiv=NULL;
int enc=1,printkey=0,i,base64=0;
int debug=0;
EVP_CIPHER *cipher=NULL,*c;
char *inf=NULL,*outf=NULL;
BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
{
char *strbuf = NULL;
unsigned char *buff = NULL, *bufsize = NULL;
int bsize = BSIZE, verbose = 0;
int ret = 1, inl;
char *str = NULL;
char *hkey = NULL, *hiv = NULL;
int enc = 1, printkey = 0, i, base64 = 0;
int debug = 0;
EVP_CIPHER *cipher = NULL, *c;
char *inf = NULL, *outf = NULL;
BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL, *rbio =
NULL, *wbio = NULL;
#define PROG_NAME_SIZE 39
apps_startup();
apps_startup();
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE);
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
base64 = 1;
base64=1;
argc--;
argv++;
while (argc >= 1) {
if (strcmp(*argv, "-e") == 0)
enc = 1;
if (strcmp(*argv, "-in") == 0) {
if (--argc < 1)
goto bad;
inf = *(++argv);
} else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
outf = *(++argv);
} else if (strcmp(*argv, "-d") == 0)
enc = 0;
else if (strcmp(*argv, "-v") == 0)
verbose = 1;
else if (strcmp(*argv, "-debug") == 0)
debug = 1;
else if (strcmp(*argv, "-bufsize") == 0) {
if (--argc < 1)
goto bad;
bufsize = (unsigned char *)*(++argv);
} else {
BIO_printf(bio_err, "unknown option '%s'\n", *argv);
bad:
BIO_printf(bio_err, "options are\n");
BIO_printf(bio_err, "%-14s input file\n", "-in <file>");
BIO_printf(bio_err, "%-14s output file\n", "-out <file>");
BIO_printf(bio_err, "%-14s encode\n", "-e");
BIO_printf(bio_err, "%-14s decode\n", "-d");
BIO_printf(bio_err, "%-14s buffer size\n", "-bufsize <n>");
argc--;
argv++;
while (argc >= 1)
{
if (strcmp(*argv,"-e") == 0)
enc=1;
if (strcmp(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
inf= *(++argv);
}
else if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outf= *(++argv);
}
else if (strcmp(*argv,"-d") == 0)
enc=0;
else if (strcmp(*argv,"-v") == 0)
verbose=1;
else if (strcmp(*argv,"-debug") == 0)
debug=1;
else if (strcmp(*argv,"-bufsize") == 0)
{
if (--argc < 1) goto bad;
bufsize=(unsigned char *)*(++argv);
}
else
{
BIO_printf(bio_err,"unknown option '%s'\n",*argv);
bad:
BIO_printf(bio_err,"options are\n");
BIO_printf(bio_err,"%-14s input file\n","-in <file>");
BIO_printf(bio_err,"%-14s output file\n","-out <file>");
BIO_printf(bio_err,"%-14s encode\n","-e");
BIO_printf(bio_err,"%-14s decode\n","-d");
BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
goto end;
}
argc--;
argv++;
}
goto end;
}
argc--;
argv++;
}
if (bufsize != NULL) {
int i;
unsigned long n;
if (bufsize != NULL)
{
int i;
unsigned long n;
for (n = 0; *bufsize; bufsize++) {
i = *bufsize;
if ((i <= '9') && (i >= '0'))
n = n * 10 + i - '0';
else if (i == 'k') {
n *= 1024;
bufsize++;
break;
}
}
if (*bufsize != '\0') {
BIO_printf(bio_err, "invalid 'bufsize' specified.\n");
goto end;
}
for (n=0; *bufsize; bufsize++)
{
i= *bufsize;
if ((i <= '9') && (i >= '0'))
n=n*10+i-'0';
else if (i == 'k')
{
n*=1024;
bufsize++;
break;
}
}
if (*bufsize != '\0')
{
BIO_printf(bio_err,"invalid 'bufsize' specified.\n");
goto end;
}
/* It must be large enough for a base64 encoded line */
if (n < 80)
n = 80;
/* It must be large enough for a base64 encoded line */
if (n < 80) n=80;
bsize = (int)n;
if (verbose)
BIO_printf(bio_err, "bufsize=%d\n", bsize);
}
bsize=(int)n;
if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
}
strbuf = OPENSSL_malloc(SIZE);
buff = (unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize));
if ((buff == NULL) || (strbuf == NULL)) {
BIO_printf(bio_err, "OPENSSL_malloc failure\n");
goto end;
}
strbuf=OPENSSL_malloc(SIZE);
buff=(unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize));
if ((buff == NULL) || (strbuf == NULL))
{
BIO_printf(bio_err,"OPENSSL_malloc failure\n");
goto end;
}
in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL)) {
ERR_print_errors(bio_err);
goto end;
}
if (debug) {
BIO_set_callback(in, BIO_debug_callback);
BIO_set_callback(out, BIO_debug_callback);
BIO_set_callback_arg(in, bio_err);
BIO_set_callback_arg(out, bio_err);
}
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
{
ERR_print_errors(bio_err);
goto end;
}
if (debug)
{
BIO_set_callback(in,BIO_debug_callback);
BIO_set_callback(out,BIO_debug_callback);
BIO_set_callback_arg(in,bio_err);
BIO_set_callback_arg(out,bio_err);
}
if (inf == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
if (BIO_read_filename(in, inf) <= 0) {
perror(inf);
goto end;
}
}
if (inf == NULL)
BIO_set_fp(in,stdin,BIO_NOCLOSE);
else
{
if (BIO_read_filename(in,inf) <= 0)
{
perror(inf);
goto end;
}
}
if (outf == NULL)
BIO_set_fp(out, stdout, BIO_NOCLOSE);
else {
if (BIO_write_filename(out, outf) <= 0) {
perror(outf);
goto end;
}
}
if (outf == NULL)
BIO_set_fp(out,stdout,BIO_NOCLOSE);
else
{
if (BIO_write_filename(out,outf) <= 0)
{
perror(outf);
goto end;
}
}
rbio = in;
wbio = out;
rbio=in;
wbio=out;
if (base64) {
if ((b64 = BIO_new(BIO_f_base64())) == NULL)
goto end;
if (debug) {
BIO_set_callback(b64, BIO_debug_callback);
BIO_set_callback_arg(b64, bio_err);
}
if (enc)
wbio = BIO_push(b64, wbio);
else
rbio = BIO_push(b64, rbio);
}
if (base64)
{
if ((b64=BIO_new(BIO_f_base64())) == NULL)
goto end;
if (debug)
{
BIO_set_callback(b64,BIO_debug_callback);
BIO_set_callback_arg(b64,bio_err);
}
if (enc)
wbio=BIO_push(b64,wbio);
else
rbio=BIO_push(b64,rbio);
}
for (;;)
{
inl=BIO_read(rbio,(char *)buff,bsize);
if (inl <= 0) break;
if (BIO_write(wbio,(char *)buff,inl) != inl)
{
BIO_printf(bio_err,"error writing output file\n");
goto end;
}
}
BIO_flush(wbio);
ret=0;
if (verbose)
{
BIO_printf(bio_err,"bytes read :%8ld\n",BIO_number_read(in));
BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out));
}
end:
if (strbuf != NULL) OPENSSL_free(strbuf);
if (buff != NULL) OPENSSL_free(buff);
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free(out);
if (benc != NULL) BIO_free(benc);
if (b64 != NULL) BIO_free(b64);
EXIT(ret);
}
for (;;) {
inl = BIO_read(rbio, (char *)buff, bsize);
if (inl <= 0)
break;
if (BIO_write(wbio, (char *)buff, inl) != inl) {
BIO_printf(bio_err, "error writing output file\n");
goto end;
}
}
BIO_flush(wbio);
ret = 0;
if (verbose) {
BIO_printf(bio_err, "bytes read :%8ld\n", BIO_number_read(in));
BIO_printf(bio_err, "bytes written:%8ld\n", BIO_number_written(out));
}
end:
if (strbuf != NULL)
OPENSSL_free(strbuf);
if (buff != NULL)
OPENSSL_free(buff);
if (in != NULL)
BIO_free(in);
if (out != NULL)
BIO_free(out);
if (benc != NULL)
BIO_free(benc);
if (b64 != NULL)
BIO_free(b64);
EXIT(ret);
}

152
demos/bio/saccept.c
View File

@@ -16,98 +16,102 @@
#include <openssl/err.h>
#include <openssl/ssl.h>
#define CERT_FILE "server.pem"
#define CERT_FILE "server.pem"
BIO *in=NULL;
BIO *in = NULL;
void close_up()
{
if (in != NULL)
BIO_free(in);
}
{
if (in != NULL)
BIO_free(in);
}
int main(argc,argv)
int main(argc, argv)
int argc;
char *argv[];
{
char *port=NULL;
BIO *ssl_bio,*tmp;
SSL_CTX *ctx;
SSL *ssl;
char buf[512];
int ret=1,i;
{
char *port = NULL;
BIO *ssl_bio, *tmp;
SSL_CTX *ctx;
SSL *ssl;
char buf[512];
int ret = 1, i;
if (argc <= 1)
port="*:4433";
else
port=argv[1];
if (argc <= 1)
port = "*:4433";
else
port = argv[1];
signal(SIGINT,close_up);
signal(SIGINT, close_up);
SSL_load_error_strings();
SSL_load_error_strings();
#ifdef WATT32
dbug_init();
sock_init();
dbug_init();
sock_init();
#endif
/* Add ciphers and message digests */
OpenSSL_add_ssl_algorithms();
/* Add ciphers and message digests */
OpenSSL_add_ssl_algorithms();
ctx=SSL_CTX_new(SSLv23_server_method());
if (!SSL_CTX_use_certificate_file(ctx,CERT_FILE,SSL_FILETYPE_PEM))
goto err;
if (!SSL_CTX_use_PrivateKey_file(ctx,CERT_FILE,SSL_FILETYPE_PEM))
goto err;
if (!SSL_CTX_check_private_key(ctx))
goto err;
ctx = SSL_CTX_new(SSLv23_server_method());
if (!SSL_CTX_use_certificate_file(ctx, CERT_FILE, SSL_FILETYPE_PEM))
goto err;
if (!SSL_CTX_use_PrivateKey_file(ctx, CERT_FILE, SSL_FILETYPE_PEM))
goto err;
if (!SSL_CTX_check_private_key(ctx))
goto err;
/* Setup server side SSL bio */
ssl=SSL_new(ctx);
ssl_bio=BIO_new_ssl(ctx,0);
/* Setup server side SSL bio */
ssl = SSL_new(ctx);
ssl_bio = BIO_new_ssl(ctx, 0);
if ((in=BIO_new_accept(port)) == NULL) goto err;
if ((in = BIO_new_accept(port)) == NULL)
goto err;
/* This means that when a new connection is acceptede on 'in',
* The ssl_bio will be 'dupilcated' and have the new socket
* BIO push into it. Basically it means the SSL BIO will be
* automatically setup */
BIO_set_accept_bios(in,ssl_bio);
/*
* This means that when a new connection is acceptede on 'in', The
* ssl_bio will be 'dupilcated' and have the new socket BIO push into it.
* Basically it means the SSL BIO will be automatically setup
*/
BIO_set_accept_bios(in, ssl_bio);
again:
/* The first call will setup the accept socket, and the second
* will get a socket. In this loop, the first actual accept
* will occur in the BIO_read() function. */
again:
/*
* The first call will setup the accept socket, and the second will get a
* socket. In this loop, the first actual accept will occur in the
* BIO_read() function.
*/
if (BIO_do_accept(in) <= 0) goto err;
if (BIO_do_accept(in) <= 0)
goto err;
for (;;)
{
i=BIO_read(in,buf,512);
if (i == 0)
{
/* If we have finished, remove the underlying
* BIO stack so the next time we call any function
* for this BIO, it will attempt to do an
* accept */
printf("Done\n");
tmp=BIO_pop(in);
BIO_free_all(tmp);
goto again;
}
if (i < 0) goto err;
fwrite(buf,1,i,stdout);
fflush(stdout);
}
ret=0;
err:
if (ret)
{
ERR_print_errors_fp(stderr);
}
if (in != NULL) BIO_free(in);
exit(ret);
return(!ret);
}
for (;;) {
i = BIO_read(in, buf, 512);
if (i == 0) {
/*
* If we have finished, remove the underlying BIO stack so the
* next time we call any function for this BIO, it will attempt
* to do an accept
*/
printf("Done\n");
tmp = BIO_pop(in);
BIO_free_all(tmp);
goto again;
}
if (i < 0)
goto err;
fwrite(buf, 1, i, stdout);
fflush(stdout);
}
ret = 0;
err:
if (ret) {
ERR_print_errors_fp(stderr);
}
if (in != NULL)
BIO_free(in);
exit(ret);
return (!ret);
}

167
demos/bio/sconnect.c
View File

@@ -16,107 +16,98 @@
extern int errno;
int main(argc,argv)
int main(argc, argv)
int argc;
char *argv[];
{
char *host;
BIO *out;
char buf[1024*10],*p;
SSL_CTX *ssl_ctx=NULL;
SSL *ssl;
BIO *ssl_bio;
int i,len,off,ret=1;
{
char *host;
BIO *out;
char buf[1024 * 10], *p;
SSL_CTX *ssl_ctx = NULL;
SSL *ssl;
BIO *ssl_bio;
int i, len, off, ret = 1;
if (argc <= 1)
host="localhost:4433";
else
host=argv[1];
if (argc <= 1)
host = "localhost:4433";
else
host = argv[1];
#ifdef WATT32
dbug_init();
sock_init();
dbug_init();
sock_init();
#endif
/* Lets get nice error messages */
SSL_load_error_strings();
/* Lets get nice error messages */
SSL_load_error_strings();
/* Setup all the global SSL stuff */
OpenSSL_add_ssl_algorithms();
ssl_ctx=SSL_CTX_new(SSLv23_client_method());
/* Setup all the global SSL stuff */
OpenSSL_add_ssl_algorithms();
ssl_ctx = SSL_CTX_new(SSLv23_client_method());
/* Lets make a SSL structure */
ssl=SSL_new(ssl_ctx);
SSL_set_connect_state(ssl);
/* Lets make a SSL structure */
ssl = SSL_new(ssl_ctx);
SSL_set_connect_state(ssl);
/* Use it inside an SSL BIO */
ssl_bio=BIO_new(BIO_f_ssl());
BIO_set_ssl(ssl_bio,ssl,BIO_CLOSE);
/* Use it inside an SSL BIO */
ssl_bio = BIO_new(BIO_f_ssl());
BIO_set_ssl(ssl_bio, ssl, BIO_CLOSE);
/* Lets use a connect BIO under the SSL BIO */
out=BIO_new(BIO_s_connect());
BIO_set_conn_hostname(out,host);
BIO_set_nbio(out,1);
out=BIO_push(ssl_bio,out);
/* Lets use a connect BIO under the SSL BIO */
out = BIO_new(BIO_s_connect());
BIO_set_conn_hostname(out, host);
BIO_set_nbio(out, 1);
out = BIO_push(ssl_bio, out);
p="GET / HTTP/1.0\r\n\r\n";
len=strlen(p);
p = "GET / HTTP/1.0\r\n\r\n";
len = strlen(p);
off=0;
for (;;)
{
i=BIO_write(out,&(p[off]),len);
if (i <= 0)
{
if (BIO_should_retry(out))
{
fprintf(stderr,"write DELAY\n");
sleep(1);
continue;
}
else
{
goto err;
}
}
off+=i;
len-=i;
if (len <= 0) break;
}
off = 0;
for (;;) {
i = BIO_write(out, &(p[off]), len);
if (i <= 0) {
if (BIO_should_retry(out)) {
fprintf(stderr, "write DELAY\n");
sleep(1);
continue;
} else {
goto err;
}
}
off += i;
len -= i;
if (len <= 0)
break;
}
for (;;)
{
i=BIO_read(out,buf,sizeof(buf));
if (i == 0) break;
if (i < 0)
{
if (BIO_should_retry(out))
{
fprintf(stderr,"read DELAY\n");
sleep(1);
continue;
}
goto err;
}
fwrite(buf,1,i,stdout);
}
for (;;) {
i = BIO_read(out, buf, sizeof(buf));
if (i == 0)
break;
if (i < 0) {
if (BIO_should_retry(out)) {
fprintf(stderr, "read DELAY\n");
sleep(1);
continue;
}
goto err;
}
fwrite(buf, 1, i, stdout);
}
ret=1;
if (0)
{
err:
if (ERR_peek_error() == 0) /* system call error */
{
fprintf(stderr,"errno=%d ",errno);
perror("error");
}
else
ERR_print_errors_fp(stderr);
}
BIO_free_all(out);
if (ssl_ctx != NULL) SSL_CTX_free(ssl_ctx);
exit(!ret);
return(ret);
}
ret = 1;
if (0) {
err:
if (ERR_peek_error() == 0) { /* system call error */
fprintf(stderr, "errno=%d ", errno);
perror("error");
} else
ERR_print_errors_fp(stderr);
}
BIO_free_all(out);
if (ssl_ctx != NULL)
SSL_CTX_free(ssl_ctx);
exit(!ret);
return (ret);
}

79
demos/cms/cms_comp.c
View File

@@ -4,58 +4,57 @@
#include <openssl/err.h>
int main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL;
CMS_ContentInfo *cms = NULL;
int ret = 1;
{
BIO *in = NULL, *out = NULL;
CMS_ContentInfo *cms = NULL;
int ret = 1;
/*
* On OpenSSL 1.0.0+ only:
* for streaming set CMS_STREAM
*/
int flags = CMS_STREAM;
/*
* On OpenSSL 1.0.0+ only:
* for streaming set CMS_STREAM
*/
int flags = CMS_STREAM;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
/* Open content being compressed */
/* Open content being compressed */
in = BIO_new_file("comp.txt", "r");
in = BIO_new_file("comp.txt", "r");
if (!in)
goto err;
if (!in)
goto err;
/* compress content */
cms = CMS_compress(in, NID_zlib_compression, flags);
/* compress content */
cms = CMS_compress(in, NID_zlib_compression, flags);
if (!cms)
goto err;
if (!cms)
goto err;
out = BIO_new_file("smcomp.txt", "w");
if (!out)
goto err;
out = BIO_new_file("smcomp.txt", "w");
if (!out)
goto err;
/* Write out S/MIME message */
if (!SMIME_write_CMS(out, cms, in, flags))
goto err;
/* Write out S/MIME message */
if (!SMIME_write_CMS(out, cms, in, flags))
goto err;
ret = 0;
ret = 0;
err:
err:
if (ret)
{
fprintf(stderr, "Error Compressing Data\n");
ERR_print_errors_fp(stderr);
}
if (ret) {
fprintf(stderr, "Error Compressing Data\n");
ERR_print_errors_fp(stderr);
}
if (cms)
CMS_ContentInfo_free(cms);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (cms)
CMS_ContentInfo_free(cms);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
return ret;
return ret;
}
}

120
demos/cms/cms_ddec.c
View File

@@ -1,89 +1,89 @@
/* S/MIME detached data decrypt example: rarely done but
* should the need arise this is an example....
/*
* S/MIME detached data decrypt example: rarely done but should the need
* arise this is an example....
*/
#include <openssl/pem.h>
#include <openssl/cms.h>
#include <openssl/err.h>
int main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL, *tbio = NULL, *dcont = NULL;
X509 *rcert = NULL;
EVP_PKEY *rkey = NULL;
CMS_ContentInfo *cms = NULL;
int ret = 1;
{
BIO *in = NULL, *out = NULL, *tbio = NULL, *dcont = NULL;
X509 *rcert = NULL;
EVP_PKEY *rkey = NULL;
CMS_ContentInfo *cms = NULL;
int ret = 1;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
/* Read in recipient certificate and private key */
tbio = BIO_new_file("signer.pem", "r");
/* Read in recipient certificate and private key */
tbio = BIO_new_file("signer.pem", "r");
if (!tbio)
goto err;
if (!tbio)
goto err;
rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
BIO_reset(tbio);
BIO_reset(tbio);
rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
if (!rcert || !rkey)
goto err;
if (!rcert || !rkey)
goto err;
/* Open PEM file containing enveloped data */
/* Open PEM file containing enveloped data */
in = BIO_new_file("smencr.pem", "r");
in = BIO_new_file("smencr.pem", "r");
if (!in)
goto err;
if (!in)
goto err;
/* Parse PEM content */
cms = PEM_read_bio_CMS(in, NULL, 0, NULL);
/* Parse PEM content */
cms = PEM_read_bio_CMS(in, NULL, 0, NULL);
if (!cms)
goto err;
if (!cms)
goto err;
/* Open file containing detached content */
dcont = BIO_new_file("smencr.out", "rb");
/* Open file containing detached content */
dcont = BIO_new_file("smencr.out", "rb");
if (!in)
goto err;
if (!in)
goto err;
out = BIO_new_file("encrout.txt", "w");
if (!out)
goto err;
out = BIO_new_file("encrout.txt", "w");
if (!out)
goto err;
/* Decrypt S/MIME message */
if (!CMS_decrypt(cms, rkey, rcert, dcont, out, 0))
goto err;
/* Decrypt S/MIME message */
if (!CMS_decrypt(cms, rkey, rcert, dcont, out, 0))
goto err;
ret = 0;
ret = 0;
err:
err:
if (ret)
{
fprintf(stderr, "Error Decrypting Data\n");
ERR_print_errors_fp(stderr);
}
if (ret) {
fprintf(stderr, "Error Decrypting Data\n");
ERR_print_errors_fp(stderr);
}
if (cms)
CMS_ContentInfo_free(cms);
if (rcert)
X509_free(rcert);
if (rkey)
EVP_PKEY_free(rkey);
if (cms)
CMS_ContentInfo_free(cms);
if (rcert)
X509_free(rcert);
if (rkey)
EVP_PKEY_free(rkey);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
if (dcont)
BIO_free(dcont);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
if (dcont)
BIO_free(dcont);
return ret;
return ret;
}
}

103
demos/cms/cms_dec.c
View File

@@ -4,76 +4,75 @@
#include <openssl/err.h>
int main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL, *tbio = NULL;
X509 *rcert = NULL;
EVP_PKEY *rkey = NULL;
CMS_ContentInfo *cms = NULL;
int ret = 1;
{
BIO *in = NULL, *out = NULL, *tbio = NULL;
X509 *rcert = NULL;
EVP_PKEY *rkey = NULL;
CMS_ContentInfo *cms = NULL;
int ret = 1;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
/* Read in recipient certificate and private key */
tbio = BIO_new_file("signer.pem", "r");
/* Read in recipient certificate and private key */
tbio = BIO_new_file("signer.pem", "r");
if (!tbio)
goto err;
if (!tbio)
goto err;
rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
BIO_reset(tbio);
BIO_reset(tbio);
rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
if (!rcert || !rkey)
goto err;
if (!rcert || !rkey)
goto err;
/* Open S/MIME message to decrypt */
/* Open S/MIME message to decrypt */
in = BIO_new_file("smencr.txt", "r");
in = BIO_new_file("smencr.txt", "r");
if (!in)
goto err;
if (!in)
goto err;
/* Parse message */
cms = SMIME_read_CMS(in, NULL);
/* Parse message */
cms = SMIME_read_CMS(in, NULL);
if (!cms)
goto err;
if (!cms)
goto err;
out = BIO_new_file("decout.txt", "w");
if (!out)
goto err;
out = BIO_new_file("decout.txt", "w");
if (!out)
goto err;
/* Decrypt S/MIME message */
if (!CMS_decrypt(cms, rkey, rcert, NULL, out, 0))
goto err;
/* Decrypt S/MIME message */
if (!CMS_decrypt(cms, rkey, rcert, NULL, out, 0))
goto err;
ret = 0;
ret = 0;
err:
err:
if (ret)
{
fprintf(stderr, "Error Decrypting Data\n");
ERR_print_errors_fp(stderr);
}
if (ret) {
fprintf(stderr, "Error Decrypting Data\n");
ERR_print_errors_fp(stderr);
}
if (cms)
CMS_ContentInfo_free(cms);
if (rcert)
X509_free(rcert);
if (rkey)
EVP_PKEY_free(rkey);
if (cms)
CMS_ContentInfo_free(cms);
if (rcert)
X509_free(rcert);
if (rkey)
EVP_PKEY_free(rkey);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
return ret;
return ret;
}
}

133
demos/cms/cms_denc.c
View File

@@ -1,97 +1,98 @@
/* S/MIME detached data encrypt example: rarely done but
* should the need arise this is an example....
/*
* S/MIME detached data encrypt example: rarely done but should the need
* arise this is an example....
*/
#include <openssl/pem.h>
#include <openssl/cms.h>
#include <openssl/err.h>
int main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL, *tbio = NULL, *dout = NULL;
X509 *rcert = NULL;
STACK_OF(X509) *recips = NULL;
CMS_ContentInfo *cms = NULL;
int ret = 1;
{
BIO *in = NULL, *out = NULL, *tbio = NULL, *dout = NULL;
X509 *rcert = NULL;
STACK_OF(X509) *recips = NULL;
CMS_ContentInfo *cms = NULL;
int ret = 1;
int flags = CMS_STREAM|CMS_DETACHED;
int flags = CMS_STREAM | CMS_DETACHED;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
/* Read in recipient certificate */
tbio = BIO_new_file("signer.pem", "r");
/* Read in recipient certificate */
tbio = BIO_new_file("signer.pem", "r");
if (!tbio)
goto err;
if (!tbio)
goto err;
rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
if (!rcert)
goto err;
if (!rcert)
goto err;
/* Create recipient STACK and add recipient cert to it */
recips = sk_X509_new_null();
/* Create recipient STACK and add recipient cert to it */
recips = sk_X509_new_null();
if (!recips || !sk_X509_push(recips, rcert))
goto err;
if (!recips || !sk_X509_push(recips, rcert))
goto err;
/* sk_X509_pop_free will free up recipient STACK and its contents
* so set rcert to NULL so it isn't freed up twice.
*/
rcert = NULL;
/*
* sk_X509_pop_free will free up recipient STACK and its contents so set
* rcert to NULL so it isn't freed up twice.
*/
rcert = NULL;
/* Open content being encrypted */
/* Open content being encrypted */
in = BIO_new_file("encr.txt", "r");
in = BIO_new_file("encr.txt", "r");
dout = BIO_new_file("smencr.out", "wb");
dout = BIO_new_file("smencr.out", "wb");
if (!in)
goto err;
if (!in)
goto err;
/* encrypt content */
cms = CMS_encrypt(recips, in, EVP_des_ede3_cbc(), flags);
/* encrypt content */
cms = CMS_encrypt(recips, in, EVP_des_ede3_cbc(), flags);
if (!cms)
goto err;
if (!cms)
goto err;
out = BIO_new_file("smencr.pem", "w");
if (!out)
goto err;
out = BIO_new_file("smencr.pem", "w");
if (!out)
goto err;
if (!CMS_final(cms, in, dout, flags))
goto err;
if (!CMS_final(cms, in, dout, flags))
goto err;
/* Write out CMS structure without content */
if (!PEM_write_bio_CMS(out, cms))
goto err;
/* Write out CMS structure without content */
if (!PEM_write_bio_CMS(out, cms))
goto err;
ret = 0;
ret = 0;
err:
err:
if (ret)
{
fprintf(stderr, "Error Encrypting Data\n");
ERR_print_errors_fp(stderr);
}
if (ret) {
fprintf(stderr, "Error Encrypting Data\n");
ERR_print_errors_fp(stderr);
}
if (cms)
CMS_ContentInfo_free(cms);
if (rcert)
X509_free(rcert);
if (recips)
sk_X509_pop_free(recips, X509_free);
if (cms)
CMS_ContentInfo_free(cms);
if (rcert)
X509_free(rcert);
if (recips)
sk_X509_pop_free(recips, X509_free);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (dout)
BIO_free(dout);
if (tbio)
BIO_free(tbio);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (dout)
BIO_free(dout);
if (tbio)
BIO_free(tbio);
return ret;
return ret;
}
}

126
demos/cms/cms_enc.c
View File

@@ -4,89 +4,89 @@
#include <openssl/err.h>
int main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL, *tbio = NULL;
X509 *rcert = NULL;
STACK_OF(X509) *recips = NULL;
CMS_ContentInfo *cms = NULL;
int ret = 1;
{
BIO *in = NULL, *out = NULL, *tbio = NULL;
X509 *rcert = NULL;
STACK_OF(X509) *recips = NULL;
CMS_ContentInfo *cms = NULL;
int ret = 1;
/*
* On OpenSSL 1.0.0 and later only:
* for streaming set CMS_STREAM
*/
int flags = CMS_STREAM;
/*
* On OpenSSL 1.0.0 and later only:
* for streaming set CMS_STREAM
*/
int flags = CMS_STREAM;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
/* Read in recipient certificate */
tbio = BIO_new_file("signer.pem", "r");
/* Read in recipient certificate */
tbio = BIO_new_file("signer.pem", "r");
if (!tbio)
goto err;
if (!tbio)
goto err;
rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
if (!rcert)
goto err;
if (!rcert)
goto err;
/* Create recipient STACK and add recipient cert to it */
recips = sk_X509_new_null();
/* Create recipient STACK and add recipient cert to it */
recips = sk_X509_new_null();
if (!recips || !sk_X509_push(recips, rcert))
goto err;
if (!recips || !sk_X509_push(recips, rcert))
goto err;
/* sk_X509_pop_free will free up recipient STACK and its contents
* so set rcert to NULL so it isn't freed up twice.
*/
rcert = NULL;
/*
* sk_X509_pop_free will free up recipient STACK and its contents so set
* rcert to NULL so it isn't freed up twice.
*/
rcert = NULL;
/* Open content being encrypted */
/* Open content being encrypted */
in = BIO_new_file("encr.txt", "r");
in = BIO_new_file("encr.txt", "r");
if (!in)
goto err;
if (!in)
goto err;
/* encrypt content */
cms = CMS_encrypt(recips, in, EVP_des_ede3_cbc(), flags);
/* encrypt content */
cms = CMS_encrypt(recips, in, EVP_des_ede3_cbc(), flags);
if (!cms)
goto err;
if (!cms)
goto err;
out = BIO_new_file("smencr.txt", "w");
if (!out)
goto err;
out = BIO_new_file("smencr.txt", "w");
if (!out)
goto err;
/* Write out S/MIME message */
if (!SMIME_write_CMS(out, cms, in, flags))
goto err;
/* Write out S/MIME message */
if (!SMIME_write_CMS(out, cms, in, flags))
goto err;
ret = 0;
ret = 0;
err:
err:
if (ret)
{
fprintf(stderr, "Error Encrypting Data\n");
ERR_print_errors_fp(stderr);
}
if (ret) {
fprintf(stderr, "Error Encrypting Data\n");
ERR_print_errors_fp(stderr);
}
if (cms)
CMS_ContentInfo_free(cms);
if (rcert)
X509_free(rcert);
if (recips)
sk_X509_pop_free(recips, X509_free);
if (cms)
CMS_ContentInfo_free(cms);
if (rcert)
X509_free(rcert);
if (recips)
sk_X509_pop_free(recips, X509_free);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
return ret;
return ret;
}
}

119
demos/cms/cms_sign.c
View File

@@ -4,86 +4,85 @@
#include <openssl/err.h>
int main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL, *tbio = NULL;
X509 *scert = NULL;
EVP_PKEY *skey = NULL;
CMS_ContentInfo *cms = NULL;
int ret = 1;
{
BIO *in = NULL, *out = NULL, *tbio = NULL;
X509 *scert = NULL;
EVP_PKEY *skey = NULL;
CMS_ContentInfo *cms = NULL;
int ret = 1;
/* For simple S/MIME signing use CMS_DETACHED.
* On OpenSSL 1.0.0 only:
* for streaming detached set CMS_DETACHED|CMS_STREAM
* for streaming non-detached set CMS_STREAM
*/
int flags = CMS_DETACHED|CMS_STREAM;
/*
* For simple S/MIME signing use CMS_DETACHED. On OpenSSL 1.0.0 only: for
* streaming detached set CMS_DETACHED|CMS_STREAM for streaming
* non-detached set CMS_STREAM
*/
int flags = CMS_DETACHED | CMS_STREAM;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
/* Read in signer certificate and private key */
tbio = BIO_new_file("signer.pem", "r");
/* Read in signer certificate and private key */
tbio = BIO_new_file("signer.pem", "r");
if (!tbio)
goto err;
if (!tbio)
goto err;
scert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
scert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
BIO_reset(tbio);
BIO_reset(tbio);
skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
if (!scert || !skey)
goto err;
if (!scert || !skey)
goto err;
/* Open content being signed */
/* Open content being signed */
in = BIO_new_file("sign.txt", "r");
in = BIO_new_file("sign.txt", "r");
if (!in)
goto err;
if (!in)
goto err;
/* Sign content */
cms = CMS_sign(scert, skey, NULL, in, flags);
/* Sign content */
cms = CMS_sign(scert, skey, NULL, in, flags);
if (!cms)
goto err;
if (!cms)
goto err;
out = BIO_new_file("smout.txt", "w");
if (!out)
goto err;
out = BIO_new_file("smout.txt", "w");
if (!out)
goto err;
if (!(flags & CMS_STREAM))
BIO_reset(in);
if (!(flags & CMS_STREAM))
BIO_reset(in);
/* Write out S/MIME message */
if (!SMIME_write_CMS(out, cms, in, flags))
goto err;
/* Write out S/MIME message */
if (!SMIME_write_CMS(out, cms, in, flags))
goto err;
ret = 0;
ret = 0;
err:
err:
if (ret)
{
fprintf(stderr, "Error Signing Data\n");
ERR_print_errors_fp(stderr);
}
if (ret) {
fprintf(stderr, "Error Signing Data\n");
ERR_print_errors_fp(stderr);
}
if (cms)
CMS_ContentInfo_free(cms);
if (scert)
X509_free(scert);
if (skey)
EVP_PKEY_free(skey);
if (cms)
CMS_ContentInfo_free(cms);
if (scert)
X509_free(scert);
if (skey)
EVP_PKEY_free(skey);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
return ret;
return ret;
}
}

129
demos/cms/cms_sign2.c
View File

@@ -4,100 +4,99 @@
#include <openssl/err.h>
int main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL, *tbio = NULL;
X509 *scert = NULL, *scert2 = NULL;
EVP_PKEY *skey = NULL, *skey2 = NULL;
CMS_ContentInfo *cms = NULL;
int ret = 1;
{
BIO *in = NULL, *out = NULL, *tbio = NULL;
X509 *scert = NULL, *scert2 = NULL;
EVP_PKEY *skey = NULL, *skey2 = NULL;
CMS_ContentInfo *cms = NULL;
int ret = 1;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
tbio = BIO_new_file("signer.pem", "r");
tbio = BIO_new_file("signer.pem", "r");
if (!tbio)
goto err;
if (!tbio)
goto err;
scert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
scert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
BIO_reset(tbio);
BIO_reset(tbio);
skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
BIO_free(tbio);
BIO_free(tbio);
tbio = BIO_new_file("signer2.pem", "r");
tbio = BIO_new_file("signer2.pem", "r");
if (!tbio)
goto err;
if (!tbio)
goto err;
scert2 = PEM_read_bio_X509(tbio, NULL, 0, NULL);
scert2 = PEM_read_bio_X509(tbio, NULL, 0, NULL);
BIO_reset(tbio);
BIO_reset(tbio);
skey2 = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
skey2 = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
if (!scert2 || !skey2)
goto err;
if (!scert2 || !skey2)
goto err;
in = BIO_new_file("sign.txt", "r");
in = BIO_new_file("sign.txt", "r");
if (!in)
goto err;
if (!in)
goto err;
cms = CMS_sign(NULL, NULL, NULL, in, CMS_STREAM|CMS_PARTIAL);
cms = CMS_sign(NULL, NULL, NULL, in, CMS_STREAM | CMS_PARTIAL);
if (!cms)
goto err;
if (!cms)
goto err;
/* Add each signer in turn */
/* Add each signer in turn */
if (!CMS_add1_signer(cms, scert, skey, NULL, 0))
goto err;
if (!CMS_add1_signer(cms, scert, skey, NULL, 0))
goto err;
if (!CMS_add1_signer(cms, scert2, skey2, NULL, 0))
goto err;
if (!CMS_add1_signer(cms, scert2, skey2, NULL, 0))
goto err;
out = BIO_new_file("smout.txt", "w");
if (!out)
goto err;
out = BIO_new_file("smout.txt", "w");
if (!out)
goto err;
/* NB: content included and finalized by SMIME_write_CMS */
/* NB: content included and finalized by SMIME_write_CMS */
if (!SMIME_write_CMS(out, cms, in, CMS_STREAM))
goto err;
if (!SMIME_write_CMS(out, cms, in, CMS_STREAM))
goto err;
ret = 0;
ret = 0;
err:
err:
if (ret)
{
fprintf(stderr, "Error Signing Data\n");
ERR_print_errors_fp(stderr);
}
if (ret) {
fprintf(stderr, "Error Signing Data\n");
ERR_print_errors_fp(stderr);
}
if (cms)
CMS_ContentInfo_free(cms);
if (cms)
CMS_ContentInfo_free(cms);
if (scert)
X509_free(scert);
if (skey)
EVP_PKEY_free(skey);
if (scert)
X509_free(scert);
if (skey)
EVP_PKEY_free(skey);
if (scert2)
X509_free(scert2);
if (skey)
EVP_PKEY_free(skey2);
if (scert2)
X509_free(scert2);
if (skey)
EVP_PKEY_free(skey2);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
return ret;
return ret;
}
}

69
demos/cms/cms_uncomp.c
View File

@@ -4,53 +4,52 @@
#include <openssl/err.h>
int main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL;
CMS_ContentInfo *cms = NULL;
int ret = 1;
{
BIO *in = NULL, *out = NULL;
CMS_ContentInfo *cms = NULL;
int ret = 1;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
/* Open compressed content */
/* Open compressed content */
in = BIO_new_file("smcomp.txt", "r");
in = BIO_new_file("smcomp.txt", "r");
if (!in)
goto err;
if (!in)
goto err;
/* Sign content */
cms = SMIME_read_CMS(in, NULL);
/* Sign content */
cms = SMIME_read_CMS(in, NULL);
if (!cms)
goto err;
if (!cms)
goto err;
out = BIO_new_file("smuncomp.txt", "w");
if (!out)
goto err;
out = BIO_new_file("smuncomp.txt", "w");
if (!out)
goto err;
/* Uncompress S/MIME message */
if (!CMS_uncompress(cms, out, NULL, 0))
goto err;
/* Uncompress S/MIME message */
if (!CMS_uncompress(cms, out, NULL, 0))
goto err;
ret = 0;
ret = 0;
err:
err:
if (ret)
{
fprintf(stderr, "Error Uncompressing Data\n");
ERR_print_errors_fp(stderr);
}
if (ret) {
fprintf(stderr, "Error Uncompressing Data\n");
ERR_print_errors_fp(stderr);
}
if (cms)
CMS_ContentInfo_free(cms);
if (cms)
CMS_ContentInfo_free(cms);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
return ret;
return ret;
}
}

110
demos/cms/cms_ver.c
View File

@@ -4,84 +4,82 @@
#include <openssl/err.h>
int main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL, *tbio = NULL, *cont = NULL;
X509_STORE *st = NULL;
X509 *cacert = NULL;
CMS_ContentInfo *cms = NULL;
{
BIO *in = NULL, *out = NULL, *tbio = NULL, *cont = NULL;
X509_STORE *st = NULL;
X509 *cacert = NULL;
CMS_ContentInfo *cms = NULL;
int ret = 1;
int ret = 1;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
/* Set up trusted CA certificate store */
/* Set up trusted CA certificate store */
st = X509_STORE_new();
st = X509_STORE_new();
/* Read in CA certificate */
tbio = BIO_new_file("cacert.pem", "r");
/* Read in CA certificate */
tbio = BIO_new_file("cacert.pem", "r");
if (!tbio)
goto err;
if (!tbio)
goto err;
cacert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
cacert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
if (!cacert)
goto err;
if (!cacert)
goto err;
if (!X509_STORE_add_cert(st, cacert))
goto err;
if (!X509_STORE_add_cert(st, cacert))
goto err;
/* Open message being verified */
/* Open message being verified */
in = BIO_new_file("smout.txt", "r");
in = BIO_new_file("smout.txt", "r");
if (!in)
goto err;
if (!in)
goto err;
/* parse message */
cms = SMIME_read_CMS(in, &cont);
/* parse message */
cms = SMIME_read_CMS(in, &cont);
if (!cms)
goto err;
if (!cms)
goto err;
/* File to output verified content to */
out = BIO_new_file("smver.txt", "w");
if (!out)
goto err;
/* File to output verified content to */
out = BIO_new_file("smver.txt", "w");
if (!out)
goto err;
if (!CMS_verify(cms, NULL, st, cont, out, 0))
{
fprintf(stderr, "Verification Failure\n");
goto err;
}
if (!CMS_verify(cms, NULL, st, cont, out, 0)) {
fprintf(stderr, "Verification Failure\n");
goto err;
}
fprintf(stderr, "Verification Successful\n");
fprintf(stderr, "Verification Successful\n");
ret = 0;
ret = 0;
err:
err:
if (ret)
{
fprintf(stderr, "Error Verifying Data\n");
ERR_print_errors_fp(stderr);
}
if (ret) {
fprintf(stderr, "Error Verifying Data\n");
ERR_print_errors_fp(stderr);
}
if (cms)
CMS_ContentInfo_free(cms);
if (cms)
CMS_ContentInfo_free(cms);
if (cacert)
X509_free(cacert);
if (cacert)
X509_free(cacert);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
return ret;
return ret;
}
}

1205
demos/easy_tls/easy-tls.c
View File

File diff suppressed because it is too large Load Diff

37
demos/easy_tls/easy-tls.h
View File

@@ -8,26 +8,26 @@
*/
#ifndef HEADER_TLS_H
#define HEADER_TLS_H
# define HEADER_TLS_H
#ifndef HEADER_SSL_H
# ifndef HEADER_SSL_H
typedef struct ssl_ctx_st SSL_CTX;
#endif
# endif
#define TLS_INFO_SIZE 512 /* max. # of bytes written to infofd */
# define TLS_INFO_SIZE 512 /* max. # of bytes written to infofd */
void tls_set_dhe1024(int i, void* apparg);
/* Generate DHE parameters:
* i >= 0 deterministic (i selects seed), i < 0 random (may take a while).
* tls_create_ctx calls this with random non-negative i if the application
* has never called it.*/
void tls_set_dhe1024(int i, void *apparg);
/*
* Generate DHE parameters: i >= 0 deterministic (i selects seed), i < 0
* random (may take a while). tls_create_ctx calls this with random
* non-negative i if the application has never called it.
*/
void tls_rand_seed(void);
int tls_rand_seed_from_file(const char *filename, size_t n, void *apparg);
void tls_rand_seed_from_memory(const void *buf, size_t n);
struct tls_create_ctx_args
{
struct tls_create_ctx_args {
int client_p;
const char *certificate_file;
const char *key_file;
@@ -37,12 +37,13 @@ struct tls_create_ctx_args
int export_p;
};
struct tls_create_ctx_args tls_create_ctx_defaultargs(void);
/* struct tls_create_ctx_args is similar to a conventional argument list,
* but it can provide default values and allows for future extension. */
/*
* struct tls_create_ctx_args is similar to a conventional argument list, but
* it can provide default values and allows for future extension.
*/
SSL_CTX *tls_create_ctx(struct tls_create_ctx_args, void *apparg);
struct tls_start_proxy_args
{
struct tls_start_proxy_args {
int fd;
int client_p;
SSL_CTX *ctx;
@@ -50,8 +51,10 @@ struct tls_start_proxy_args
int *infofd;
};
struct tls_start_proxy_args tls_start_proxy_defaultargs(void);
/* tls_start_proxy return value *MUST* be checked!
* 0 means ok, otherwise we've probably run out of some resources. */
/*
* tls_start_proxy return value *MUST* be checked! 0 means ok, otherwise
* we've probably run out of some resources.
*/
int tls_start_proxy(struct tls_start_proxy_args, void *apparg);
#endif

348
demos/easy_tls/test.c
View File

@@ -20,21 +20,19 @@
#include "test.h"
#include "easy-tls.h"
void
test_process_init(int fd, int client_p, void *apparg)
void test_process_init(int fd, int client_p, void *apparg)
{
fprintf(stderr, "test_process_init(fd = %d, client_p = %d, apparg = %p)\n", fd, client_p, apparg);
fprintf(stderr,
"test_process_init(fd = %d, client_p = %d, apparg = %p)\n", fd,
client_p, apparg);
}
void
test_errflush(int child_p, char *errbuf, size_t num, void *apparg)
void test_errflush(int child_p, char *errbuf, size_t num, void *apparg)
{
fputs(errbuf, stderr);
}
int
main(int argc, char *argv[])
int main(int argc, char *argv[])
{
int s, fd, r;
FILE *conn_in;
@@ -47,198 +45,204 @@ main(int argc, char *argv[])
char infobuf[TLS_INFO_SIZE + 1];
if (argc > 1 && argv[1][0] == '-') {
fputs("Usage: test [port] -- server\n"
" test num.num.num.num [port] -- client\n",
stderr);
exit(1);
fputs("Usage: test [port] -- server\n"
" test num.num.num.num [port] -- client\n", stderr);
exit(1);
}
if (argc > 1) {
if (strchr(argv[1], '.')) {
client_p = 1;
}
if (strchr(argv[1], '.')) {
client_p = 1;
}
}
fputs(client_p ? "Client\n" : "Server\n", stderr);
{
struct tls_create_ctx_args a = tls_create_ctx_defaultargs();
a.client_p = client_p;
a.certificate_file = "cert.pem";
a.key_file = "cert.pem";
a.ca_file = "cacerts.pem";
ctx = tls_create_ctx(a, NULL);
if (ctx == NULL)
exit(1);
struct tls_create_ctx_args a = tls_create_ctx_defaultargs();
a.client_p = client_p;
a.certificate_file = "cert.pem";
a.key_file = "cert.pem";
a.ca_file = "cacerts.pem";
ctx = tls_create_ctx(a, NULL);
if (ctx == NULL)
exit(1);
}
s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (s == -1) {
perror("socket");
exit(1);
perror("socket");
exit(1);
}
if (client_p) {
struct sockaddr_in addr;
size_t addr_len = sizeof addr;
addr.sin_family = AF_INET;
assert(argc > 1);
if (argc > 2)
sscanf(argv[2], "%d", &port);
else
port = C_PORT;
addr.sin_port = htons(port);
addr.sin_addr.s_addr = inet_addr(argv[1]);
r = connect(s, &addr, addr_len);
if (r != 0) {
perror("connect");
exit(1);
}
fd = s;
fprintf(stderr, "Connect (fd = %d).\n", fd);
struct sockaddr_in addr;
size_t addr_len = sizeof addr;
addr.sin_family = AF_INET;
assert(argc > 1);
if (argc > 2)
sscanf(argv[2], "%d", &port);
else
port = C_PORT;
addr.sin_port = htons(port);
addr.sin_addr.s_addr = inet_addr(argv[1]);
r = connect(s, &addr, addr_len);
if (r != 0) {
perror("connect");
exit(1);
}
fd = s;
fprintf(stderr, "Connect (fd = %d).\n", fd);
} else {
/* server */
{
int i = 1;
/* server */
{
int i = 1;
r = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *) &i, sizeof i);
if (r == -1) {
perror("setsockopt");
exit(1);
}
}
{
struct sockaddr_in addr;
size_t addr_len = sizeof addr;
if (argc > 1)
sscanf(argv[1], "%d", &port);
else
port = L_PORT;
addr.sin_family = AF_INET;
addr.sin_port = htons(port);
addr.sin_addr.s_addr = INADDR_ANY;
r = bind(s, &addr, addr_len);
if (r != 0) {
perror("bind");
exit(1);
}
}
r = listen(s, 1);
if (r == -1) {
perror("listen");
exit(1);
}
r = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&i, sizeof i);
if (r == -1) {
perror("setsockopt");
exit(1);
}
}
fprintf(stderr, "Listening at port %i.\n", port);
fd = accept(s, NULL, 0);
if (fd == -1) {
perror("accept");
exit(1);
}
fprintf(stderr, "Accept (fd = %d).\n", fd);
{
struct sockaddr_in addr;
size_t addr_len = sizeof addr;
if (argc > 1)
sscanf(argv[1], "%d", &port);
else
port = L_PORT;
addr.sin_family = AF_INET;
addr.sin_port = htons(port);
addr.sin_addr.s_addr = INADDR_ANY;
r = bind(s, &addr, addr_len);
if (r != 0) {
perror("bind");
exit(1);
}
}
r = listen(s, 1);
if (r == -1) {
perror("listen");
exit(1);
}
fprintf(stderr, "Listening at port %i.\n", port);
fd = accept(s, NULL, 0);
if (fd == -1) {
perror("accept");
exit(1);
}
fprintf(stderr, "Accept (fd = %d).\n", fd);
}
conn_in = fdopen(fd, "r");
if (conn_in == NULL) {
perror("fdopen");
exit(1);
perror("fdopen");
exit(1);
}
conn_out = fdopen(fd, "w");
if (conn_out == NULL) {
perror("fdopen");
exit(1);
perror("fdopen");
exit(1);
}
setvbuf(conn_in, NULL, _IOLBF, 256);
setvbuf(conn_out, NULL, _IOLBF, 256);
while (fgets(buf, sizeof buf, stdin) != NULL) {
if (buf[0] == 'W') {
fprintf(conn_out, "%.*s\r\n", (int)(strlen(buf + 1) - 1), buf + 1);
fprintf(stderr, ">>> %.*s\n", (int)(strlen(buf + 1) - 1), buf + 1);
} else if (buf[0] == 'C') {
fprintf(stderr, "Closing.\n");
fclose(conn_in);
fclose(conn_out);
exit(0);
} else if (buf[0] == 'R') {
int lines = 0;
if (buf[0] == 'W') {
fprintf(conn_out, "%.*s\r\n", (int)(strlen(buf + 1) - 1),
buf + 1);
fprintf(stderr, ">>> %.*s\n", (int)(strlen(buf + 1) - 1),
buf + 1);
} else if (buf[0] == 'C') {
fprintf(stderr, "Closing.\n");
fclose(conn_in);
fclose(conn_out);
exit(0);
} else if (buf[0] == 'R') {
int lines = 0;
sscanf(buf + 1, "%d", &lines);
do {
if (fgets(buf, sizeof buf, conn_in) == NULL) {
if (ferror(conn_in)) {
fprintf(stderr, "ERROR\n");
exit(1);
}
fprintf(stderr, "CLOSED\n");
return 0;
}
fprintf(stderr, "<<< %s", buf);
} while (--lines > 0);
} else if (buf[0] == 'T') {
int infofd;
sscanf(buf + 1, "%d", &lines);
do {
if (fgets(buf, sizeof buf, conn_in) == NULL) {
if (ferror(conn_in)) {
fprintf(stderr, "ERROR\n");
exit(1);
}
fprintf(stderr, "CLOSED\n");
return 0;
}
fprintf(stderr, "<<< %s", buf);
} while (--lines > 0);
} else if (buf[0] == 'T') {
int infofd;
tls++;
{
struct tls_start_proxy_args a = tls_start_proxy_defaultargs();
a.fd = fd;
a.client_p = client_p;
a.ctx = ctx;
a.infofd = &infofd;
r = tls_start_proxy(a, NULL);
}
assert(r != 1);
if (r != 0) {
fprintf(stderr, "tls_start_proxy failed: %d\n", r);
switch (r) {
case -1:
fputs("socketpair", stderr); break;
case 2:
fputs("FD_SETSIZE exceeded", stderr); break;
case -3:
fputs("pipe", stderr); break;
case -4:
fputs("fork", stderr); break;
case -5:
fputs("dup2", stderr); break;
default:
fputs("?", stderr);
}
if (r < 0)
perror("");
else
fputc('\n', stderr);
exit(1);
}
r = read(infofd, infobuf, sizeof infobuf - 1);
if (r > 0) {
const char *info = infobuf;
const char *eol;
infobuf[r] = '\0';
while ((eol = strchr(info, '\n')) != NULL) {
fprintf(stderr, "+++ `%.*s'\n", eol - info, info);
info = eol+1;
}
close (infofd);
}
} else {
fprintf(stderr, "W... write line to network\n"
"R[n] read line (n lines) from network\n"
"C close\n"
"T start %sTLS proxy\n", tls ? "another " : "");
}
tls++;
{
struct tls_start_proxy_args a = tls_start_proxy_defaultargs();
a.fd = fd;
a.client_p = client_p;
a.ctx = ctx;
a.infofd = &infofd;
r = tls_start_proxy(a, NULL);
}
assert(r != 1);
if (r != 0) {
fprintf(stderr, "tls_start_proxy failed: %d\n", r);
switch (r) {
case -1:
fputs("socketpair", stderr);
break;
case 2:
fputs("FD_SETSIZE exceeded", stderr);
break;
case -3:
fputs("pipe", stderr);
break;
case -4:
fputs("fork", stderr);
break;
case -5:
fputs("dup2", stderr);
break;
default:
fputs("?", stderr);
}
if (r < 0)
perror("");
else
fputc('\n', stderr);
exit(1);
}
r = read(infofd, infobuf, sizeof infobuf - 1);
if (r > 0) {
const char *info = infobuf;
const char *eol;
infobuf[r] = '\0';
while ((eol = strchr(info, '\n')) != NULL) {
fprintf(stderr, "+++ `%.*s'\n", eol - info, info);
info = eol + 1;
}
close(infofd);
}
} else {
fprintf(stderr, "W... write line to network\n"
"R[n] read line (n lines) from network\n"
"C close\n"
"T start %sTLS proxy\n", tls ? "another " : "");
}
}
return 0;
}

1
demos/easy_tls/test.h
View File

@@ -1,7 +1,6 @@
/* test.h */
/* $Id: test.h,v 1.1 2001/09/17 19:07:00 bodo Exp $ */
void test_process_init(int fd, int client_p, void *apparg);
#define TLS_APP_PROCESS_INIT test_process_init

46
demos/engines/cluster_labs/cluster_labs.h
View File

@@ -1,35 +1,33 @@
typedef int cl_engine_init(void);
typedef int cl_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *cgx);
const BIGNUM *m, BN_CTX *cgx);
typedef int cl_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
const BIGNUM *iqmp, BN_CTX *ctx);
const BIGNUM *q, const BIGNUM *dmp1,
const BIGNUM *dmq1, const BIGNUM *iqmp,
BN_CTX *ctx);
typedef int cl_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
typedef int cl_rsa_pub_enc(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
unsigned char *to, RSA *rsa, int padding);
typedef int cl_rsa_pub_dec(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
typedef int cl_rsa_priv_enc(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
typedef int cl_rsa_priv_dec(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
unsigned char *to, RSA *rsa, int padding);
typedef int cl_rsa_priv_enc(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
typedef int cl_rsa_priv_dec(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
typedef int cl_rand_bytes(unsigned char *buf, int num);
typedef DSA_SIG *cl_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
typedef int cl_dsa_verify(const unsigned char *dgst, int dgst_len,
DSA_SIG *sig, DSA *dsa);
DSA_SIG *sig, DSA *dsa);
static const char *CLUSTER_LABS_LIB_NAME = "cluster_labs";
static const char *CLUSTER_LABS_F1 = "hw_engine_init";
static const char *CLUSTER_LABS_F2 = "hw_mod_exp";
static const char *CLUSTER_LABS_F3 = "hw_mod_exp_crt";
static const char *CLUSTER_LABS_F4 = "hw_rsa_mod_exp";
static const char *CLUSTER_LABS_F5 = "hw_rsa_priv_enc";
static const char *CLUSTER_LABS_F6 = "hw_rsa_priv_dec";
static const char *CLUSTER_LABS_F7 = "hw_rsa_pub_enc";
static const char *CLUSTER_LABS_F8 = "hw_rsa_pub_dec";
static const char *CLUSTER_LABS_F20 = "hw_rand_bytes";
static const char *CLUSTER_LABS_F30 = "hw_dsa_sign";
static const char *CLUSTER_LABS_F31 = "hw_dsa_verify";
static const char *CLUSTER_LABS_F1 = "hw_engine_init";
static const char *CLUSTER_LABS_F2 = "hw_mod_exp";
static const char *CLUSTER_LABS_F3 = "hw_mod_exp_crt";
static const char *CLUSTER_LABS_F4 = "hw_rsa_mod_exp";
static const char *CLUSTER_LABS_F5 = "hw_rsa_priv_enc";
static const char *CLUSTER_LABS_F6 = "hw_rsa_priv_dec";
static const char *CLUSTER_LABS_F7 = "hw_rsa_pub_enc";
static const char *CLUSTER_LABS_F8 = "hw_rsa_pub_dec";
static const char *CLUSTER_LABS_F20 = "hw_rand_bytes";
static const char *CLUSTER_LABS_F30 = "hw_dsa_sign";
static const char *CLUSTER_LABS_F31 = "hw_dsa_verify";

1071
demos/engines/cluster_labs/hw_cluster_labs.c
View File

File diff suppressed because it is too large Load Diff

127
demos/engines/cluster_labs/hw_cluster_labs_err.c
View File

@@ -7,7 +7,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
*
*/
/* NOTE: this file was auto generated by the mkerr.pl script: any changes
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
@@ -64,88 +65,88 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
static ERR_STRING_DATA CL_str_functs[]=
{
{ERR_PACK(0,CL_F_CLUSTER_LABS_CTRL,0), "CLUSTER_LABS_CTRL"},
{ERR_PACK(0,CL_F_CLUSTER_LABS_DSA_SIGN,0), "CLUSTER_LABS_DSA_SIGN"},
{ERR_PACK(0,CL_F_CLUSTER_LABS_DSA_VERIFY,0), "CLUSTER_LABS_DSA_VERIFY"},
{ERR_PACK(0,CL_F_CLUSTER_LABS_FINISH,0), "CLUSTER_LABS_FINISH"},
{ERR_PACK(0,CL_F_CLUSTER_LABS_INIT,0), "CLUSTER_LABS_INIT"},
{ERR_PACK(0,CL_F_CLUSTER_LABS_MOD_EXP,0), "CLUSTER_LABS_MOD_EXP"},
{ERR_PACK(0,CL_F_CLUSTER_LABS_MOD_EXP_CRT,0), "CLUSTER_LABS_MOD_EXP_CRT"},
{ERR_PACK(0,CL_F_CLUSTER_LABS_RAND_BYTES,0), "CLUSTER_LABS_RAND_BYTES"},
{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_MOD_EXP,0), "CLUSTER_LABS_RSA_MOD_EXP"},
{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PRIV_DEC,0), "CLUSTER_LABS_RSA_PRIV_DEC"},
{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PRIV_ENC,0), "CLUSTER_LABS_RSA_PRIV_ENC"},
{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PUB_DEC,0), "CLUSTER_LABS_RSA_PUB_DEC"},
{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PUB_ENC,0), "CLUSTER_LABS_RSA_PUB_ENC"},
{0,NULL}
};
static ERR_STRING_DATA CL_str_functs[] = {
{ERR_PACK(0, CL_F_CLUSTER_LABS_CTRL, 0), "CLUSTER_LABS_CTRL"},
{ERR_PACK(0, CL_F_CLUSTER_LABS_DSA_SIGN, 0), "CLUSTER_LABS_DSA_SIGN"},
{ERR_PACK(0, CL_F_CLUSTER_LABS_DSA_VERIFY, 0), "CLUSTER_LABS_DSA_VERIFY"},
{ERR_PACK(0, CL_F_CLUSTER_LABS_FINISH, 0), "CLUSTER_LABS_FINISH"},
{ERR_PACK(0, CL_F_CLUSTER_LABS_INIT, 0), "CLUSTER_LABS_INIT"},
{ERR_PACK(0, CL_F_CLUSTER_LABS_MOD_EXP, 0), "CLUSTER_LABS_MOD_EXP"},
{ERR_PACK(0, CL_F_CLUSTER_LABS_MOD_EXP_CRT, 0),
"CLUSTER_LABS_MOD_EXP_CRT"},
{ERR_PACK(0, CL_F_CLUSTER_LABS_RAND_BYTES, 0), "CLUSTER_LABS_RAND_BYTES"},
{ERR_PACK(0, CL_F_CLUSTER_LABS_RSA_MOD_EXP, 0),
"CLUSTER_LABS_RSA_MOD_EXP"},
{ERR_PACK(0, CL_F_CLUSTER_LABS_RSA_PRIV_DEC, 0),
"CLUSTER_LABS_RSA_PRIV_DEC"},
{ERR_PACK(0, CL_F_CLUSTER_LABS_RSA_PRIV_ENC, 0),
"CLUSTER_LABS_RSA_PRIV_ENC"},
{ERR_PACK(0, CL_F_CLUSTER_LABS_RSA_PUB_DEC, 0),
"CLUSTER_LABS_RSA_PUB_DEC"},
{ERR_PACK(0, CL_F_CLUSTER_LABS_RSA_PUB_ENC, 0),
"CLUSTER_LABS_RSA_PUB_ENC"},
{0, NULL}
};
static ERR_STRING_DATA CL_str_reasons[]=
{
{CL_R_ALREADY_LOADED ,"already loaded"},
{CL_R_COMMAND_NOT_IMPLEMENTED ,"command not implemented"},
{CL_R_DSO_FAILURE ,"dso failure"},
{CL_R_FUNCTION_NOT_BINDED ,"function not binded"},
{CL_R_INIT_FAILED ,"init failed"},
{CL_R_NOT_LOADED ,"not loaded"},
{0,NULL}
};
static ERR_STRING_DATA CL_str_reasons[] = {
{CL_R_ALREADY_LOADED, "already loaded"},
{CL_R_COMMAND_NOT_IMPLEMENTED, "command not implemented"},
{CL_R_DSO_FAILURE, "dso failure"},
{CL_R_FUNCTION_NOT_BINDED, "function not binded"},
{CL_R_INIT_FAILED, "init failed"},
{CL_R_NOT_LOADED, "not loaded"},
{0, NULL}
};
#endif
#ifdef CL_LIB_NAME
static ERR_STRING_DATA CL_lib_name[]=
{
{0 ,CL_LIB_NAME},
{0,NULL}
};
static ERR_STRING_DATA CL_lib_name[] = {
{0, CL_LIB_NAME},
{0, NULL}
};
#endif
static int CL_lib_error_code=0;
static int CL_error_init=1;
static int CL_lib_error_code = 0;
static int CL_error_init = 1;
static void ERR_load_CL_strings(void)
{
if (CL_lib_error_code == 0)
CL_lib_error_code=ERR_get_next_error_library();
{
if (CL_lib_error_code == 0)
CL_lib_error_code = ERR_get_next_error_library();
if (CL_error_init)
{
CL_error_init=0;
if (CL_error_init) {
CL_error_init = 0;
#ifndef OPENSSL_NO_ERR
ERR_load_strings(CL_lib_error_code,CL_str_functs);
ERR_load_strings(CL_lib_error_code,CL_str_reasons);
ERR_load_strings(CL_lib_error_code, CL_str_functs);
ERR_load_strings(CL_lib_error_code, CL_str_reasons);
#endif
#ifdef CL_LIB_NAME
CL_lib_name->error = ERR_PACK(CL_lib_error_code,0,0);
ERR_load_strings(0,CL_lib_name);
CL_lib_name->error = ERR_PACK(CL_lib_error_code, 0, 0);
ERR_load_strings(0, CL_lib_name);
#endif
}
}
}
}
static void ERR_unload_CL_strings(void)
{
if (CL_error_init == 0)
{
{
if (CL_error_init == 0) {
#ifndef OPENSSL_NO_ERR
ERR_unload_strings(CL_lib_error_code,CL_str_functs);
ERR_unload_strings(CL_lib_error_code,CL_str_reasons);
ERR_unload_strings(CL_lib_error_code, CL_str_functs);
ERR_unload_strings(CL_lib_error_code, CL_str_reasons);
#endif
#ifdef CL_LIB_NAME
ERR_unload_strings(0,CL_lib_name);
ERR_unload_strings(0, CL_lib_name);
#endif
CL_error_init=1;
}
}
CL_error_init = 1;
}
}
static void ERR_CL_error(int function, int reason, char *file, int line)
{
if (CL_lib_error_code == 0)
CL_lib_error_code=ERR_get_next_error_library();
ERR_PUT_error(CL_lib_error_code,function,reason,file,line);
}
{
if (CL_lib_error_code == 0)
CL_lib_error_code = ERR_get_next_error_library();
ERR_PUT_error(CL_lib_error_code, function, reason, file, line);
}

47
demos/engines/cluster_labs/hw_cluster_labs_err.h
View File

@@ -6,7 +6,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -53,45 +53,46 @@
*/
#ifndef HEADER_CL_ERR_H
#define HEADER_CL_ERR_H
# define HEADER_CL_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_CL_strings(void);
static void ERR_unload_CL_strings(void);
static void ERR_CL_error(int function, int reason, char *file, int line);
#define CLerr(f,r) ERR_CL_error((f),(r),__FILE__,__LINE__)
# define CLerr(f,r) ERR_CL_error((f),(r),__FILE__,__LINE__)
/* Error codes for the CL functions. */
/* Function codes. */
#define CL_F_CLUSTER_LABS_CTRL 100
#define CL_F_CLUSTER_LABS_DSA_SIGN 101
#define CL_F_CLUSTER_LABS_DSA_VERIFY 102
#define CL_F_CLUSTER_LABS_FINISH 103
#define CL_F_CLUSTER_LABS_INIT 104
#define CL_F_CLUSTER_LABS_MOD_EXP 105
#define CL_F_CLUSTER_LABS_MOD_EXP_CRT 106
#define CL_F_CLUSTER_LABS_RAND_BYTES 107
#define CL_F_CLUSTER_LABS_RSA_MOD_EXP 108
#define CL_F_CLUSTER_LABS_RSA_PRIV_DEC 109
#define CL_F_CLUSTER_LABS_RSA_PRIV_ENC 110
#define CL_F_CLUSTER_LABS_RSA_PUB_DEC 111
#define CL_F_CLUSTER_LABS_RSA_PUB_ENC 112
# define CL_F_CLUSTER_LABS_CTRL 100
# define CL_F_CLUSTER_LABS_DSA_SIGN 101
# define CL_F_CLUSTER_LABS_DSA_VERIFY 102
# define CL_F_CLUSTER_LABS_FINISH 103
# define CL_F_CLUSTER_LABS_INIT 104
# define CL_F_CLUSTER_LABS_MOD_EXP 105
# define CL_F_CLUSTER_LABS_MOD_EXP_CRT 106
# define CL_F_CLUSTER_LABS_RAND_BYTES 107
# define CL_F_CLUSTER_LABS_RSA_MOD_EXP 108
# define CL_F_CLUSTER_LABS_RSA_PRIV_DEC 109
# define CL_F_CLUSTER_LABS_RSA_PRIV_ENC 110
# define CL_F_CLUSTER_LABS_RSA_PUB_DEC 111
# define CL_F_CLUSTER_LABS_RSA_PUB_ENC 112
/* Reason codes. */
#define CL_R_ALREADY_LOADED 100
#define CL_R_COMMAND_NOT_IMPLEMENTED 101
#define CL_R_DSO_FAILURE 102
#define CL_R_FUNCTION_NOT_BINDED 103
#define CL_R_INIT_FAILED 104
#define CL_R_NOT_LOADED 105
# define CL_R_ALREADY_LOADED 100
# define CL_R_COMMAND_NOT_IMPLEMENTED 101
# define CL_R_DSO_FAILURE 102
# define CL_R_FUNCTION_NOT_BINDED 103
# define CL_R_INIT_FAILED 104
# define CL_R_NOT_LOADED 105
#ifdef __cplusplus
}

1294
demos/engines/ibmca/hw_ibmca.c
View File

File diff suppressed because it is too large Load Diff

127
demos/engines/ibmca/hw_ibmca_err.c
View File

@@ -7,7 +7,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
*
*/
/* NOTE: this file was auto generated by the mkerr.pl script: any changes
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
@@ -64,91 +65,85 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
static ERR_STRING_DATA IBMCA_str_functs[]=
{
{ERR_PACK(0,IBMCA_F_IBMCA_CTRL,0), "IBMCA_CTRL"},
{ERR_PACK(0,IBMCA_F_IBMCA_FINISH,0), "IBMCA_FINISH"},
{ERR_PACK(0,IBMCA_F_IBMCA_INIT,0), "IBMCA_INIT"},
{ERR_PACK(0,IBMCA_F_IBMCA_MOD_EXP,0), "IBMCA_MOD_EXP"},
{ERR_PACK(0,IBMCA_F_IBMCA_MOD_EXP_CRT,0), "IBMCA_MOD_EXP_CRT"},
{ERR_PACK(0,IBMCA_F_IBMCA_RAND_BYTES,0), "IBMCA_RAND_BYTES"},
{ERR_PACK(0,IBMCA_F_IBMCA_RSA_MOD_EXP,0), "IBMCA_RSA_MOD_EXP"},
{0,NULL}
};
static ERR_STRING_DATA IBMCA_str_functs[] = {
{ERR_PACK(0, IBMCA_F_IBMCA_CTRL, 0), "IBMCA_CTRL"},
{ERR_PACK(0, IBMCA_F_IBMCA_FINISH, 0), "IBMCA_FINISH"},
{ERR_PACK(0, IBMCA_F_IBMCA_INIT, 0), "IBMCA_INIT"},
{ERR_PACK(0, IBMCA_F_IBMCA_MOD_EXP, 0), "IBMCA_MOD_EXP"},
{ERR_PACK(0, IBMCA_F_IBMCA_MOD_EXP_CRT, 0), "IBMCA_MOD_EXP_CRT"},
{ERR_PACK(0, IBMCA_F_IBMCA_RAND_BYTES, 0), "IBMCA_RAND_BYTES"},
{ERR_PACK(0, IBMCA_F_IBMCA_RSA_MOD_EXP, 0), "IBMCA_RSA_MOD_EXP"},
{0, NULL}
};
static ERR_STRING_DATA IBMCA_str_reasons[]=
{
{IBMCA_R_ALREADY_LOADED ,"already loaded"},
{IBMCA_R_BN_CTX_FULL ,"bn ctx full"},
{IBMCA_R_BN_EXPAND_FAIL ,"bn expand fail"},
{IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"},
{IBMCA_R_DSO_FAILURE ,"dso failure"},
{IBMCA_R_MEXP_LENGTH_TO_LARGE ,"mexp length to large"},
{IBMCA_R_MISSING_KEY_COMPONENTS ,"missing key components"},
{IBMCA_R_NOT_INITIALISED ,"not initialised"},
{IBMCA_R_NOT_LOADED ,"not loaded"},
{IBMCA_R_OPERANDS_TO_LARGE ,"operands to large"},
{IBMCA_R_OUTLEN_TO_LARGE ,"outlen to large"},
{IBMCA_R_REQUEST_FAILED ,"request failed"},
{IBMCA_R_UNDERFLOW_CONDITION ,"underflow condition"},
{IBMCA_R_UNDERFLOW_KEYRECORD ,"underflow keyrecord"},
{IBMCA_R_UNIT_FAILURE ,"unit failure"},
{0,NULL}
};
static ERR_STRING_DATA IBMCA_str_reasons[] = {
{IBMCA_R_ALREADY_LOADED, "already loaded"},
{IBMCA_R_BN_CTX_FULL, "bn ctx full"},
{IBMCA_R_BN_EXPAND_FAIL, "bn expand fail"},
{IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED, "ctrl command not implemented"},
{IBMCA_R_DSO_FAILURE, "dso failure"},
{IBMCA_R_MEXP_LENGTH_TO_LARGE, "mexp length to large"},
{IBMCA_R_MISSING_KEY_COMPONENTS, "missing key components"},
{IBMCA_R_NOT_INITIALISED, "not initialised"},
{IBMCA_R_NOT_LOADED, "not loaded"},
{IBMCA_R_OPERANDS_TO_LARGE, "operands to large"},
{IBMCA_R_OUTLEN_TO_LARGE, "outlen to large"},
{IBMCA_R_REQUEST_FAILED, "request failed"},
{IBMCA_R_UNDERFLOW_CONDITION, "underflow condition"},
{IBMCA_R_UNDERFLOW_KEYRECORD, "underflow keyrecord"},
{IBMCA_R_UNIT_FAILURE, "unit failure"},
{0, NULL}
};
#endif
#ifdef IBMCA_LIB_NAME
static ERR_STRING_DATA IBMCA_lib_name[]=
{
{0 ,IBMCA_LIB_NAME},
{0,NULL}
};
static ERR_STRING_DATA IBMCA_lib_name[] = {
{0, IBMCA_LIB_NAME},
{0, NULL}
};
#endif
static int IBMCA_lib_error_code=0;
static int IBMCA_error_init=1;
static int IBMCA_lib_error_code = 0;
static int IBMCA_error_init = 1;
static void ERR_load_IBMCA_strings(void)
{
if (IBMCA_lib_error_code == 0)
IBMCA_lib_error_code=ERR_get_next_error_library();
{
if (IBMCA_lib_error_code == 0)
IBMCA_lib_error_code = ERR_get_next_error_library();
if (IBMCA_error_init)
{
IBMCA_error_init=0;
if (IBMCA_error_init) {
IBMCA_error_init = 0;
#ifndef OPENSSL_NO_ERR
ERR_load_strings(IBMCA_lib_error_code,IBMCA_str_functs);
ERR_load_strings(IBMCA_lib_error_code,IBMCA_str_reasons);
ERR_load_strings(IBMCA_lib_error_code, IBMCA_str_functs);
ERR_load_strings(IBMCA_lib_error_code, IBMCA_str_reasons);
#endif
#ifdef IBMCA_LIB_NAME
IBMCA_lib_name->error = ERR_PACK(IBMCA_lib_error_code,0,0);
ERR_load_strings(0,IBMCA_lib_name);
IBMCA_lib_name->error = ERR_PACK(IBMCA_lib_error_code, 0, 0);
ERR_load_strings(0, IBMCA_lib_name);
#endif
}
}
}
}
static void ERR_unload_IBMCA_strings(void)
{
if (IBMCA_error_init == 0)
{
{
if (IBMCA_error_init == 0) {
#ifndef OPENSSL_NO_ERR
ERR_unload_strings(IBMCA_lib_error_code,IBMCA_str_functs);
ERR_unload_strings(IBMCA_lib_error_code,IBMCA_str_reasons);
ERR_unload_strings(IBMCA_lib_error_code, IBMCA_str_functs);
ERR_unload_strings(IBMCA_lib_error_code, IBMCA_str_reasons);
#endif
#ifdef IBMCA_LIB_NAME
ERR_unload_strings(0,IBMCA_lib_name);
ERR_unload_strings(0, IBMCA_lib_name);
#endif
IBMCA_error_init=1;
}
}
IBMCA_error_init = 1;
}
}
static void ERR_IBMCA_error(int function, int reason, char *file, int line)
{
if (IBMCA_lib_error_code == 0)
IBMCA_lib_error_code=ERR_get_next_error_library();
ERR_PUT_error(IBMCA_lib_error_code,function,reason,file,line);
}
{
if (IBMCA_lib_error_code == 0)
IBMCA_lib_error_code = ERR_get_next_error_library();
ERR_PUT_error(IBMCA_lib_error_code, function, reason, file, line);
}

53
demos/engines/ibmca/hw_ibmca_err.h
View File

@@ -6,7 +6,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -53,48 +53,49 @@
*/
#ifndef HEADER_IBMCA_ERR_H
#define HEADER_IBMCA_ERR_H
# define HEADER_IBMCA_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_IBMCA_strings(void);
static void ERR_unload_IBMCA_strings(void);
static void ERR_IBMCA_error(int function, int reason, char *file, int line);
#define IBMCAerr(f,r) ERR_IBMCA_error((f),(r),__FILE__,__LINE__)
# define IBMCAerr(f,r) ERR_IBMCA_error((f),(r),__FILE__,__LINE__)
/* Error codes for the IBMCA functions. */
/* Function codes. */
#define IBMCA_F_IBMCA_CTRL 100
#define IBMCA_F_IBMCA_FINISH 101
#define IBMCA_F_IBMCA_INIT 102
#define IBMCA_F_IBMCA_MOD_EXP 103
#define IBMCA_F_IBMCA_MOD_EXP_CRT 104
#define IBMCA_F_IBMCA_RAND_BYTES 105
#define IBMCA_F_IBMCA_RSA_MOD_EXP 106
# define IBMCA_F_IBMCA_CTRL 100
# define IBMCA_F_IBMCA_FINISH 101
# define IBMCA_F_IBMCA_INIT 102
# define IBMCA_F_IBMCA_MOD_EXP 103
# define IBMCA_F_IBMCA_MOD_EXP_CRT 104
# define IBMCA_F_IBMCA_RAND_BYTES 105
# define IBMCA_F_IBMCA_RSA_MOD_EXP 106
/* Reason codes. */
#define IBMCA_R_ALREADY_LOADED 100
#define IBMCA_R_BN_CTX_FULL 101
#define IBMCA_R_BN_EXPAND_FAIL 102
#define IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
#define IBMCA_R_DSO_FAILURE 104
#define IBMCA_R_MEXP_LENGTH_TO_LARGE 105
#define IBMCA_R_MISSING_KEY_COMPONENTS 106
#define IBMCA_R_NOT_INITIALISED 107
#define IBMCA_R_NOT_LOADED 108
#define IBMCA_R_OPERANDS_TO_LARGE 109
#define IBMCA_R_OUTLEN_TO_LARGE 110
#define IBMCA_R_REQUEST_FAILED 111
#define IBMCA_R_UNDERFLOW_CONDITION 112
#define IBMCA_R_UNDERFLOW_KEYRECORD 113
#define IBMCA_R_UNIT_FAILURE 114
# define IBMCA_R_ALREADY_LOADED 100
# define IBMCA_R_BN_CTX_FULL 101
# define IBMCA_R_BN_EXPAND_FAIL 102
# define IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
# define IBMCA_R_DSO_FAILURE 104
# define IBMCA_R_MEXP_LENGTH_TO_LARGE 105
# define IBMCA_R_MISSING_KEY_COMPONENTS 106
# define IBMCA_R_NOT_INITIALISED 107
# define IBMCA_R_NOT_LOADED 108
# define IBMCA_R_OPERANDS_TO_LARGE 109
# define IBMCA_R_OUTLEN_TO_LARGE 110
# define IBMCA_R_REQUEST_FAILED 111
# define IBMCA_R_UNDERFLOW_CONDITION 112
# define IBMCA_R_UNDERFLOW_KEYRECORD 113
# define IBMCA_R_UNIT_FAILURE 114
#ifdef __cplusplus
}

250
demos/engines/ibmca/ica_openssl_api.h
View File

@@ -1,64 +1,63 @@
#ifndef __ICA_OPENSSL_API_H__
#define __ICA_OPENSSL_API_H__
# define __ICA_OPENSSL_API_H__
/**
** abstract data types for API
**/
#define ICA_ADAPTER_HANDLE int
# define ICA_ADAPTER_HANDLE int
#if defined(linux) || defined (_AIX)
#define ICA_CALL
#endif
# if defined(linux) || defined (_AIX)
# define ICA_CALL
# endif
#if defined(WIN32) || defined(_WIN32)
#define ICA_CALL __stdcall
#endif
# if defined(WIN32) || defined(_WIN32)
# define ICA_CALL __stdcall
# endif
/*------------------------------------------------*
/* -----------------------------------------------*
| RSA defines and typedefs |
*------------------------------------------------*/
/*
* All data elements of the RSA key are in big-endian format
* Modulus-Exponent form of key
*
*/
#define MAX_EXP_SIZE 256
#define MAX_MODULUS_SIZE 256
#define MAX_MODEXP_SIZE (MAX_EXP_SIZE + MAX_MODULUS_SIZE)
* All data elements of the RSA key are in big-endian format
* Modulus-Exponent form of key
*
*/
# define MAX_EXP_SIZE 256
# define MAX_MODULUS_SIZE 256
# define MAX_MODEXP_SIZE (MAX_EXP_SIZE + MAX_MODULUS_SIZE)
#define MAX_OPERAND_SIZE MAX_EXP_SIZE
# define MAX_OPERAND_SIZE MAX_EXP_SIZE
typedef unsigned char ICA_KEY_RSA_MODEXPO_REC[MAX_MODEXP_SIZE];
typedef unsigned char ICA_KEY_RSA_MODEXPO_REC[MAX_MODEXP_SIZE];
/*
* All data elements of the RSA key are in big-endian format
* Chinese Remainder Thereom(CRT) form of key
* Used only for Decrypt, the encrypt form is typically Modulus-Exponent
*
*/
#define MAX_BP_SIZE 136
#define MAX_BQ_SIZE 128
#define MAX_NP_SIZE 136
#define MAX_NQ_SIZE 128
#define MAX_QINV_SIZE 136
#define MAX_RSACRT_SIZE (MAX_BP_SIZE+MAX_BQ_SIZE+MAX_NP_SIZE+MAX_NQ_SIZE+MAX_QINV_SIZE)
* All data elements of the RSA key are in big-endian format
* Chinese Remainder Thereom(CRT) form of key
* Used only for Decrypt, the encrypt form is typically Modulus-Exponent
*
*/
# define MAX_BP_SIZE 136
# define MAX_BQ_SIZE 128
# define MAX_NP_SIZE 136
# define MAX_NQ_SIZE 128
# define MAX_QINV_SIZE 136
# define MAX_RSACRT_SIZE (MAX_BP_SIZE+MAX_BQ_SIZE+MAX_NP_SIZE+MAX_NQ_SIZE+MAX_QINV_SIZE)
#define RSA_GEN_OPERAND_MAX 256 /* bytes */
# define RSA_GEN_OPERAND_MAX 256/* bytes */
typedef unsigned char ICA_KEY_RSA_CRT_REC[MAX_RSACRT_SIZE];
/*------------------------------------------------*
/* -----------------------------------------------*
| RSA key token types |
*------------------------------------------------*/
#define RSA_PUBLIC_MODULUS_EXPONENT 3
#define RSA_PKCS_PRIVATE_CHINESE_REMAINDER 6
# define RSA_PUBLIC_MODULUS_EXPONENT 3
# define RSA_PKCS_PRIVATE_CHINESE_REMAINDER 6
#define KEYTYPE_MODEXPO 1
#define KEYTYPE_PKCSCRT 2
# define KEYTYPE_MODEXPO 1
# define KEYTYPE_PKCSCRT 2
/*------------------------------------------------*
/* -----------------------------------------------*
| RSA Key Token format |
*------------------------------------------------*/
@@ -68,23 +67,23 @@ typedef unsigned char ICA_KEY_RSA_CRT_REC[MAX_RSACRT_SIZE];
* stored in big-endian format
*/
typedef struct _ICA_KEY_RSA_MODEXPO
{ unsigned int keyType; /* RSA key type. */
unsigned int keyLength; /* Total length of the token. */
unsigned int modulusBitLength; /* Modulus n bit length. */
/* -- Start of the data length.*/
unsigned int nLength; /* Modulus n = p * q */
unsigned int expLength; /* exponent (public or private)*/
/* e = 1/d * mod(p-1)(q-1) */
/* -- Start of the data offsets*/
unsigned int nOffset; /* Modulus n . */
unsigned int expOffset; /* exponent (public or private)*/
unsigned char reserved[112]; /* reserved area */
/* -- Start of the variable -- */
/* -- length token data. -- */
typedef struct _ICA_KEY_RSA_MODEXPO {
unsigned int keyType; /* RSA key type. */
unsigned int keyLength; /* Total length of the token. */
unsigned int modulusBitLength; /* Modulus n bit length. */
/* -- Start of the data length. */
unsigned int nLength; /* Modulus n = p * q */
unsigned int expLength; /* exponent (public or private) */
/* e = 1/d * mod(p-1)(q-1) */
/* -- Start of the data offsets */
unsigned int nOffset; /* Modulus n . */
unsigned int expOffset; /* exponent (public or private) */
unsigned char reserved[112]; /* reserved area */
/* -- Start of the variable -- */
/* -- length token data. -- */
ICA_KEY_RSA_MODEXPO_REC keyRecord;
} ICA_KEY_RSA_MODEXPO;
#define SZ_HEADER_MODEXPO (sizeof(ICA_KEY_RSA_MODEXPO) - sizeof(ICA_KEY_RSA_MODEXPO_REC))
# define SZ_HEADER_MODEXPO (sizeof(ICA_KEY_RSA_MODEXPO) - sizeof(ICA_KEY_RSA_MODEXPO_REC))
/*-
* NOTE: All the fields in the ICA_KEY_RSA_CRT structure
@@ -92,98 +91,93 @@ typedef struct _ICA_KEY_RSA_MODEXPO
* stored in big-endian format
*/
typedef struct _ICA_KEY_RSA_CRT
{ unsigned int keyType; /* RSA key type. */
unsigned int keyLength; /* Total length of the token. */
unsigned int modulusBitLength; /* Modulus n bit length. */
/* -- Start of the data length.*/
#if _AIX
unsigned int nLength; /* Modulus n = p * q */
#endif
unsigned int pLength; /* Prime number p . */
unsigned int qLength; /* Prime number q . */
unsigned int dpLength; /* dp = d * mod(p-1) . */
unsigned int dqLength; /* dq = d * mod(q-1) . */
unsigned int qInvLength; /* PKCS: qInv = Ap/q */
/* -- Start of the data offsets*/
#if _AIX
unsigned int nOffset; /* Modulus n . */
#endif
unsigned int pOffset; /* Prime number p . */
unsigned int qOffset; /* Prime number q . */
unsigned int dpOffset; /* dp . */
unsigned int dqOffset; /* dq . */
unsigned int qInvOffset; /* qInv for PKCS */
#if _AIX
unsigned char reserved[80]; /* reserved area */
#else
unsigned char reserved[88]; /* reserved area */
#endif
/* -- Start of the variable -- */
/* -- length token data. -- */
typedef struct _ICA_KEY_RSA_CRT {
unsigned int keyType; /* RSA key type. */
unsigned int keyLength; /* Total length of the token. */
unsigned int modulusBitLength; /* Modulus n bit length. */
/* -- Start of the data length. */
# if _AIX
unsigned int nLength; /* Modulus n = p * q */
# endif
unsigned int pLength; /* Prime number p . */
unsigned int qLength; /* Prime number q . */
unsigned int dpLength; /* dp = d * mod(p-1) . */
unsigned int dqLength; /* dq = d * mod(q-1) . */
unsigned int qInvLength; /* PKCS: qInv = Ap/q */
/* -- Start of the data offsets */
# if _AIX
unsigned int nOffset; /* Modulus n . */
# endif
unsigned int pOffset; /* Prime number p . */
unsigned int qOffset; /* Prime number q . */
unsigned int dpOffset; /* dp . */
unsigned int dqOffset; /* dq . */
unsigned int qInvOffset; /* qInv for PKCS */
# if _AIX
unsigned char reserved[80]; /* reserved area */
# else
unsigned char reserved[88]; /* reserved area */
# endif
/* -- Start of the variable -- */
/* -- length token data. -- */
ICA_KEY_RSA_CRT_REC keyRecord;
} ICA_KEY_RSA_CRT;
#define SZ_HEADER_CRT (sizeof(ICA_KEY_RSA_CRT) - sizeof(ICA_KEY_RSA_CRT_REC))
# define SZ_HEADER_CRT (sizeof(ICA_KEY_RSA_CRT) - sizeof(ICA_KEY_RSA_CRT_REC))
unsigned int
icaOpenAdapter( unsigned int adapterId,
ICA_ADAPTER_HANDLE *pAdapterHandle );
icaOpenAdapter(unsigned int adapterId, ICA_ADAPTER_HANDLE * pAdapterHandle);
unsigned int icaCloseAdapter(ICA_ADAPTER_HANDLE adapterHandle);
unsigned int
icaCloseAdapter( ICA_ADAPTER_HANDLE adapterHandle );
icaRsaModExpo(ICA_ADAPTER_HANDLE hAdapterHandle,
unsigned int inputDataLength,
unsigned char *pInputData,
ICA_KEY_RSA_MODEXPO *pKeyModExpo,
unsigned int *pOutputDataLength, unsigned char *pOutputData);
unsigned int
icaRsaModExpo( ICA_ADAPTER_HANDLE hAdapterHandle,
unsigned int inputDataLength,
unsigned char *pInputData,
ICA_KEY_RSA_MODEXPO *pKeyModExpo,
unsigned int *pOutputDataLength,
unsigned char *pOutputData );
icaRsaCrt(ICA_ADAPTER_HANDLE hAdapterHandle,
unsigned int inputDataLength,
unsigned char *pInputData,
ICA_KEY_RSA_CRT *pKeyCrt,
unsigned int *pOutputDataLength, unsigned char *pOutputData);
unsigned int
icaRsaCrt( ICA_ADAPTER_HANDLE hAdapterHandle,
unsigned int inputDataLength,
unsigned char *pInputData,
ICA_KEY_RSA_CRT *pKeyCrt,
unsigned int *pOutputDataLength,
unsigned char *pOutputData );
icaRandomNumberGenerate(ICA_ADAPTER_HANDLE hAdapterHandle,
unsigned int outputDataLength,
unsigned char *pOutputData);
unsigned int
icaRandomNumberGenerate( ICA_ADAPTER_HANDLE hAdapterHandle,
unsigned int outputDataLength,
unsigned char *pOutputData );
/* Specific macros and definitions to not have IFDEF;s all over the
main code */
#if (_AIX)
static const char *IBMCA_LIBNAME = "/lib/libica.a(shr.o)";
#elif (WIN32)
static const char *IBMCA_LIBNAME = "cryptica";
#else
static const char *IBMCA_LIBNAME = "ica";
#endif
#if (WIN32)
/*
The ICA_KEY_RSA_MODEXPO & ICA_KEY_RSA_CRT lengths and
offsets must be in big-endian format.
* Specific macros and definitions to not have IFDEF;s all over the main code
*/
*/
#define CORRECT_ENDIANNESS(b) ( \
# if (_AIX)
static const char *IBMCA_LIBNAME = "/lib/libica.a(shr.o)";
# elif (WIN32)
static const char *IBMCA_LIBNAME = "cryptica";
# else
static const char *IBMCA_LIBNAME = "ica";
# endif
# if (WIN32)
/*
* The ICA_KEY_RSA_MODEXPO & ICA_KEY_RSA_CRT lengths and offsets must be in
* big-endian format.
*
*/
# define CORRECT_ENDIANNESS(b) ( \
(((unsigned long) (b) & 0x000000ff) << 24) | \
(((unsigned long) (b) & 0x0000ff00) << 8) | \
(((unsigned long) (b) & 0x00ff0000) >> 8) | \
(((unsigned long) (b) & 0xff000000) >> 24) \
)
#define CRT_KEY_TYPE RSA_PKCS_PRIVATE_CHINESE_REMAINDER
#define ME_KEY_TYPE RSA_PUBLIC_MODULUS_EXPONENT
#else
#define CORRECT_ENDIANNESS(b) (b)
#define CRT_KEY_TYPE KEYTYPE_PKCSCRT
#define ME_KEY_TYPE KEYTYPE_MODEXPO
#endif
# define CRT_KEY_TYPE RSA_PKCS_PRIVATE_CHINESE_REMAINDER
# define ME_KEY_TYPE RSA_PUBLIC_MODULUS_EXPONENT
# else
# define CORRECT_ENDIANNESS(b) (b)
# define CRT_KEY_TYPE KEYTYPE_PKCSCRT
# define ME_KEY_TYPE KEYTYPE_MODEXPO
# endif
#endif /* __ICA_OPENSSL_API_H__ */
#endif /* __ICA_OPENSSL_API_H__ */

1014
demos/engines/rsaref/rsaref.c
View File

File diff suppressed because it is too large Load Diff

143
demos/engines/rsaref/rsaref_err.c
View File

@@ -7,7 +7,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
*
*/
/* NOTE: this file was auto generated by the mkerr.pl script: any changes
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
@@ -64,98 +65,94 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
static ERR_STRING_DATA RSAREF_str_functs[]=
{
{ERR_PACK(0,RSAREF_F_BNREF_MOD_EXP,0), "BNREF_MOD_EXP"},
{ERR_PACK(0,RSAREF_F_CIPHER_DES_CBC_CODE,0), "CIPHER_DES_CBC_CODE"},
{ERR_PACK(0,RSAREF_F_RSAREF_BN2BIN,0), "RSAREF_BN2BIN"},
{ERR_PACK(0,RSAREF_F_RSAREF_MOD_EXP,0), "RSAREF_MOD_EXP"},
{ERR_PACK(0,RSAREF_F_RSAREF_PRIVATE_DECRYPT,0), "RSAREF_PRIVATE_DECRYPT"},
{ERR_PACK(0,RSAREF_F_RSAREF_PRIVATE_ENCRYPT,0), "RSAREF_PRIVATE_ENCRYPT"},
{ERR_PACK(0,RSAREF_F_RSAREF_PUBLIC_DECRYPT,0), "RSAREF_PUBLIC_DECRYPT"},
{ERR_PACK(0,RSAREF_F_RSAREF_PUBLIC_ENCRYPT,0), "RSAREF_PUBLIC_ENCRYPT"},
{ERR_PACK(0,RSAREF_F_RSA_BN2BIN,0), "RSA_BN2BIN"},
{ERR_PACK(0,RSAREF_F_RSA_PRIVATE_DECRYPT,0), "RSA_PRIVATE_DECRYPT"},
{ERR_PACK(0,RSAREF_F_RSA_PRIVATE_ENCRYPT,0), "RSA_PRIVATE_ENCRYPT"},
{ERR_PACK(0,RSAREF_F_RSA_PUBLIC_DECRYPT,0), "RSA_PUBLIC_DECRYPT"},
{ERR_PACK(0,RSAREF_F_RSA_PUBLIC_ENCRYPT,0), "RSA_PUBLIC_ENCRYPT"},
{0,NULL}
};
static ERR_STRING_DATA RSAREF_str_functs[] = {
{ERR_PACK(0, RSAREF_F_BNREF_MOD_EXP, 0), "BNREF_MOD_EXP"},
{ERR_PACK(0, RSAREF_F_CIPHER_DES_CBC_CODE, 0), "CIPHER_DES_CBC_CODE"},
{ERR_PACK(0, RSAREF_F_RSAREF_BN2BIN, 0), "RSAREF_BN2BIN"},
{ERR_PACK(0, RSAREF_F_RSAREF_MOD_EXP, 0), "RSAREF_MOD_EXP"},
{ERR_PACK(0, RSAREF_F_RSAREF_PRIVATE_DECRYPT, 0),
"RSAREF_PRIVATE_DECRYPT"},
{ERR_PACK(0, RSAREF_F_RSAREF_PRIVATE_ENCRYPT, 0),
"RSAREF_PRIVATE_ENCRYPT"},
{ERR_PACK(0, RSAREF_F_RSAREF_PUBLIC_DECRYPT, 0), "RSAREF_PUBLIC_DECRYPT"},
{ERR_PACK(0, RSAREF_F_RSAREF_PUBLIC_ENCRYPT, 0), "RSAREF_PUBLIC_ENCRYPT"},
{ERR_PACK(0, RSAREF_F_RSA_BN2BIN, 0), "RSA_BN2BIN"},
{ERR_PACK(0, RSAREF_F_RSA_PRIVATE_DECRYPT, 0), "RSA_PRIVATE_DECRYPT"},
{ERR_PACK(0, RSAREF_F_RSA_PRIVATE_ENCRYPT, 0), "RSA_PRIVATE_ENCRYPT"},
{ERR_PACK(0, RSAREF_F_RSA_PUBLIC_DECRYPT, 0), "RSA_PUBLIC_DECRYPT"},
{ERR_PACK(0, RSAREF_F_RSA_PUBLIC_ENCRYPT, 0), "RSA_PUBLIC_ENCRYPT"},
{0, NULL}
};
static ERR_STRING_DATA RSAREF_str_reasons[]=
{
{RSAREF_R_CONTENT_ENCODING ,"content encoding"},
{RSAREF_R_DATA ,"data"},
{RSAREF_R_DIGEST_ALGORITHM ,"digest algorithm"},
{RSAREF_R_ENCODING ,"encoding"},
{RSAREF_R_ENCRYPTION_ALGORITHM ,"encryption algorithm"},
{RSAREF_R_KEY ,"key"},
{RSAREF_R_KEY_ENCODING ,"key encoding"},
{RSAREF_R_LEN ,"len"},
{RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED ,"length not block aligned"},
{RSAREF_R_MODULUS_LEN ,"modulus len"},
{RSAREF_R_NEED_RANDOM ,"need random"},
{RSAREF_R_PRIVATE_KEY ,"private key"},
{RSAREF_R_PUBLIC_KEY ,"public key"},
{RSAREF_R_SIGNATURE ,"signature"},
{RSAREF_R_SIGNATURE_ENCODING ,"signature encoding"},
{RSAREF_R_UNKNOWN_FAULT ,"unknown fault"},
{0,NULL}
};
static ERR_STRING_DATA RSAREF_str_reasons[] = {
{RSAREF_R_CONTENT_ENCODING, "content encoding"},
{RSAREF_R_DATA, "data"},
{RSAREF_R_DIGEST_ALGORITHM, "digest algorithm"},
{RSAREF_R_ENCODING, "encoding"},
{RSAREF_R_ENCRYPTION_ALGORITHM, "encryption algorithm"},
{RSAREF_R_KEY, "key"},
{RSAREF_R_KEY_ENCODING, "key encoding"},
{RSAREF_R_LEN, "len"},
{RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED, "length not block aligned"},
{RSAREF_R_MODULUS_LEN, "modulus len"},
{RSAREF_R_NEED_RANDOM, "need random"},
{RSAREF_R_PRIVATE_KEY, "private key"},
{RSAREF_R_PUBLIC_KEY, "public key"},
{RSAREF_R_SIGNATURE, "signature"},
{RSAREF_R_SIGNATURE_ENCODING, "signature encoding"},
{RSAREF_R_UNKNOWN_FAULT, "unknown fault"},
{0, NULL}
};
#endif
#ifdef RSAREF_LIB_NAME
static ERR_STRING_DATA RSAREF_lib_name[]=
{
{0 ,RSAREF_LIB_NAME},
{0,NULL}
};
static ERR_STRING_DATA RSAREF_lib_name[] = {
{0, RSAREF_LIB_NAME},
{0, NULL}
};
#endif
static int RSAREF_lib_error_code=0;
static int RSAREF_error_init=1;
static int RSAREF_lib_error_code = 0;
static int RSAREF_error_init = 1;
static void ERR_load_RSAREF_strings(void)
{
if (RSAREF_lib_error_code == 0)
RSAREF_lib_error_code=ERR_get_next_error_library();
{
if (RSAREF_lib_error_code == 0)
RSAREF_lib_error_code = ERR_get_next_error_library();
if (RSAREF_error_init)
{
RSAREF_error_init=0;
if (RSAREF_error_init) {
RSAREF_error_init = 0;
#ifndef OPENSSL_NO_ERR
ERR_load_strings(RSAREF_lib_error_code,RSAREF_str_functs);
ERR_load_strings(RSAREF_lib_error_code,RSAREF_str_reasons);
ERR_load_strings(RSAREF_lib_error_code, RSAREF_str_functs);
ERR_load_strings(RSAREF_lib_error_code, RSAREF_str_reasons);
#endif
#ifdef RSAREF_LIB_NAME
RSAREF_lib_name->error = ERR_PACK(RSAREF_lib_error_code,0,0);
ERR_load_strings(0,RSAREF_lib_name);
RSAREF_lib_name->error = ERR_PACK(RSAREF_lib_error_code, 0, 0);
ERR_load_strings(0, RSAREF_lib_name);
#endif
}
}
}
}
static void ERR_unload_RSAREF_strings(void)
{
if (RSAREF_error_init == 0)
{
{
if (RSAREF_error_init == 0) {
#ifndef OPENSSL_NO_ERR
ERR_unload_strings(RSAREF_lib_error_code,RSAREF_str_functs);
ERR_unload_strings(RSAREF_lib_error_code,RSAREF_str_reasons);
ERR_unload_strings(RSAREF_lib_error_code, RSAREF_str_functs);
ERR_unload_strings(RSAREF_lib_error_code, RSAREF_str_reasons);
#endif
#ifdef RSAREF_LIB_NAME
ERR_unload_strings(0,RSAREF_lib_name);
ERR_unload_strings(0, RSAREF_lib_name);
#endif
RSAREF_error_init=1;
}
}
RSAREF_error_init = 1;
}
}
static void ERR_RSAREF_error(int function, int reason, char *file, int line)
{
if (RSAREF_lib_error_code == 0)
RSAREF_lib_error_code=ERR_get_next_error_library();
ERR_PUT_error(RSAREF_lib_error_code,function,reason,file,line);
}
{
if (RSAREF_lib_error_code == 0)
RSAREF_lib_error_code = ERR_get_next_error_library();
ERR_PUT_error(RSAREF_lib_error_code, function, reason, file, line);
}

67
demos/engines/rsaref/rsaref_err.h
View File

@@ -7,7 +7,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -54,54 +54,55 @@
*/
#ifndef HEADER_RSAREF_ERR_H
#define HEADER_RSAREF_ERR_H
# define HEADER_RSAREF_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_RSAREF_strings(void);
static void ERR_unload_RSAREF_strings(void);
static void ERR_RSAREF_error(int function, int reason, char *file, int line);
#define RSAREFerr(f,r) ERR_RSAREF_error((f),(r),__FILE__,__LINE__)
# define RSAREFerr(f,r) ERR_RSAREF_error((f),(r),__FILE__,__LINE__)
/* Error codes for the RSAREF functions. */
/* Function codes. */
#define RSAREF_F_BNREF_MOD_EXP 100
#define RSAREF_F_CIPHER_DES_CBC_CODE 112
#define RSAREF_F_RSAREF_BN2BIN 101
#define RSAREF_F_RSAREF_MOD_EXP 102
#define RSAREF_F_RSAREF_PRIVATE_DECRYPT 103
#define RSAREF_F_RSAREF_PRIVATE_ENCRYPT 104
#define RSAREF_F_RSAREF_PUBLIC_DECRYPT 105
#define RSAREF_F_RSAREF_PUBLIC_ENCRYPT 106
#define RSAREF_F_RSA_BN2BIN 107
#define RSAREF_F_RSA_PRIVATE_DECRYPT 108
#define RSAREF_F_RSA_PRIVATE_ENCRYPT 109
#define RSAREF_F_RSA_PUBLIC_DECRYPT 110
#define RSAREF_F_RSA_PUBLIC_ENCRYPT 111
# define RSAREF_F_BNREF_MOD_EXP 100
# define RSAREF_F_CIPHER_DES_CBC_CODE 112
# define RSAREF_F_RSAREF_BN2BIN 101
# define RSAREF_F_RSAREF_MOD_EXP 102
# define RSAREF_F_RSAREF_PRIVATE_DECRYPT 103
# define RSAREF_F_RSAREF_PRIVATE_ENCRYPT 104
# define RSAREF_F_RSAREF_PUBLIC_DECRYPT 105
# define RSAREF_F_RSAREF_PUBLIC_ENCRYPT 106
# define RSAREF_F_RSA_BN2BIN 107
# define RSAREF_F_RSA_PRIVATE_DECRYPT 108
# define RSAREF_F_RSA_PRIVATE_ENCRYPT 109
# define RSAREF_F_RSA_PUBLIC_DECRYPT 110
# define RSAREF_F_RSA_PUBLIC_ENCRYPT 111
/* Reason codes. */
#define RSAREF_R_CONTENT_ENCODING 100
#define RSAREF_R_DATA 101
#define RSAREF_R_DIGEST_ALGORITHM 102
#define RSAREF_R_ENCODING 103
#define RSAREF_R_ENCRYPTION_ALGORITHM 104
#define RSAREF_R_KEY 105
#define RSAREF_R_KEY_ENCODING 106
#define RSAREF_R_LEN 107
#define RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED 114
#define RSAREF_R_MODULUS_LEN 108
#define RSAREF_R_NEED_RANDOM 109
#define RSAREF_R_PRIVATE_KEY 110
#define RSAREF_R_PUBLIC_KEY 111
#define RSAREF_R_SIGNATURE 112
#define RSAREF_R_SIGNATURE_ENCODING 113
#define RSAREF_R_UNKNOWN_FAULT 115
# define RSAREF_R_CONTENT_ENCODING 100
# define RSAREF_R_DATA 101
# define RSAREF_R_DIGEST_ALGORITHM 102
# define RSAREF_R_ENCODING 103
# define RSAREF_R_ENCRYPTION_ALGORITHM 104
# define RSAREF_R_KEY 105
# define RSAREF_R_KEY_ENCODING 106
# define RSAREF_R_LEN 107
# define RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED 114
# define RSAREF_R_MODULUS_LEN 108
# define RSAREF_R_NEED_RANDOM 109
# define RSAREF_R_PRIVATE_KEY 110
# define RSAREF_R_PUBLIC_KEY 111
# define RSAREF_R_SIGNATURE 112
# define RSAREF_R_SIGNATURE_ENCODING 113
# define RSAREF_R_UNKNOWN_FAULT 115
#ifdef __cplusplus
}

2970
demos/engines/zencod/hw_zencod.c
View File

File diff suppressed because it is too large Load Diff

216
demos/engines/zencod/hw_zencod.h
View File

@@ -4,113 +4,108 @@
* for "zencod" ENGINE integration in OpenSSL project.
*/
#ifndef _HW_ZENCOD_H_
# define _HW_ZENCOD_H_
#ifndef _HW_ZENCOD_H_
#define _HW_ZENCOD_H_
# include <stdio.h>
#include <stdio.h>
#ifdef __cplusplus
# ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
# endif /* __cplusplus */
#define ZENBRIDGE_MAX_KEYSIZE_RSA 2048
#define ZENBRIDGE_MAX_KEYSIZE_RSA_CRT 1024
#define ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN 1024
#define ZENBRIDGE_MAX_KEYSIZE_DSA_VRFY 1024
# define ZENBRIDGE_MAX_KEYSIZE_RSA 2048
# define ZENBRIDGE_MAX_KEYSIZE_RSA_CRT 1024
# define ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN 1024
# define ZENBRIDGE_MAX_KEYSIZE_DSA_VRFY 1024
/* Library version computation */
#define ZENBRIDGE_VERSION_MAJOR(x) (((x) >> 16) | 0xff)
#define ZENBRIDGE_VERSION_MINOR(x) (((x) >> 8) | 0xff)
#define ZENBRIDGE_VERSION_PATCH(x) (((x) >> 0) | 0xff)
#define ZENBRIDGE_VERSION(x, y, z) ((x) << 16 | (y) << 8 | (z))
# define ZENBRIDGE_VERSION_MAJOR(x) (((x) >> 16) | 0xff)
# define ZENBRIDGE_VERSION_MINOR(x) (((x) >> 8) | 0xff)
# define ZENBRIDGE_VERSION_PATCH(x) (((x) >> 0) | 0xff)
# define ZENBRIDGE_VERSION(x, y, z) ((x) << 16 | (y) << 8 | (z))
/*
* Memory type
*/
typedef struct zencod_number_s {
unsigned long len;
unsigned char *data;
} zen_nb_t;
/*
* Memory type
*/
typedef struct zencod_number_s {
unsigned long len;
unsigned char *data;
} zen_nb_t;
#define KEY zen_nb_t
# define KEY zen_nb_t
/*
* Misc
*/
typedef int t_zencod_lib_version(void);
typedef int t_zencod_hw_version(void);
typedef int t_zencod_test(void);
typedef int t_zencod_dump_key(FILE *stream, char *msg, KEY * key);
/*
* Misc
*/
typedef int t_zencod_lib_version (void);
typedef int t_zencod_hw_version (void);
typedef int t_zencod_test (void);
typedef int t_zencod_dump_key (FILE *stream, char *msg, KEY *key);
/*
* Key management tools
*/
typedef KEY *t_zencod_new_number(unsigned long len, unsigned char *data);
typedef int t_zencod_init_number(KEY * n, unsigned long len,
unsigned char *data);
typedef unsigned long t_zencod_bytes2bits(unsigned char *n,
unsigned long bytes);
typedef unsigned long t_zencod_bits2bytes(unsigned long bits);
/*
* Key management tools
*/
typedef KEY *t_zencod_new_number (unsigned long len, unsigned char *data);
typedef int t_zencod_init_number (KEY *n, unsigned long len, unsigned char *data);
typedef unsigned long t_zencod_bytes2bits (unsigned char *n, unsigned long bytes);
typedef unsigned long t_zencod_bits2bytes (unsigned long bits);
/*
* RSA API
*/
/*
* RSA API
*/
/* Compute modular exponential : y = x**e | n */
typedef int t_zencod_rsa_mod_exp (KEY *y, KEY *x, KEY *n, KEY *e);
/* Compute modular exponential : y1 = (x | p)**edp | p, y2 = (x | p)**edp | p, y = y2 + (qinv * (y1 - y2) | p) * q */
typedef int t_zencod_rsa_mod_exp_crt (KEY *y, KEY *x, KEY *p, KEY *q,
KEY *edp, KEY *edq, KEY *qinv);
typedef int t_zencod_rsa_mod_exp(KEY * y, KEY * x, KEY * n, KEY * e);
/*
* Compute modular exponential : y1 = (x | p)**edp | p, y2 = (x | p)**edp
* | p, y = y2 + (qinv * (y1 - y2) | p) * q
*/
typedef int t_zencod_rsa_mod_exp_crt(KEY * y, KEY * x, KEY * p, KEY * q,
KEY * edp, KEY * edq, KEY * qinv);
/*
* DSA API
*/
typedef int t_zencod_dsa_do_sign(unsigned int hash, KEY * data,
KEY * random, KEY * p, KEY * q, KEY * g,
KEY * x, KEY * r, KEY * s);
typedef int t_zencod_dsa_do_verify(unsigned int hash, KEY * data, KEY * p,
KEY * q, KEY * g, KEY * y, KEY * r,
KEY * s, KEY * v);
/*
* DSA API
*/
typedef int t_zencod_dsa_do_sign (unsigned int hash, KEY *data, KEY *random,
KEY *p, KEY *q, KEY *g, KEY *x, KEY *r, KEY *s);
typedef int t_zencod_dsa_do_verify (unsigned int hash, KEY *data,
KEY *p, KEY *q, KEY *g, KEY *y,
KEY *r, KEY *s, KEY *v);
/*
* DH API
*/
/* Key generation : compute public value y = g**x | n */
typedef int t_zencod_dh_generate_key(KEY * y, KEY * x, KEY * g, KEY * n,
int gen_x);
typedef int t_zencod_dh_compute_key(KEY * k, KEY * y, KEY * x, KEY * n);
/*
* RNG API
*/
# define ZENBRIDGE_RNG_DIRECT 0
# define ZENBRIDGE_RNG_SHA1 1
typedef int t_zencod_rand_bytes(KEY * rand, unsigned int flags);
/*
* DH API
*/
/* Key generation : compute public value y = g**x | n */
typedef int t_zencod_dh_generate_key (KEY *y, KEY *x, KEY *g, KEY *n, int gen_x);
typedef int t_zencod_dh_compute_key (KEY *k, KEY *y, KEY *x, KEY *n);
/*
* Math API
*/
typedef int t_zencod_math_mod_exp(KEY * r, KEY * a, KEY * e, KEY * n);
/*
* RNG API
*/
#define ZENBRIDGE_RNG_DIRECT 0
#define ZENBRIDGE_RNG_SHA1 1
typedef int t_zencod_rand_bytes (KEY *rand, unsigned int flags);
/*
* Math API
*/
typedef int t_zencod_math_mod_exp (KEY *r, KEY *a, KEY *e, KEY *n);
/*
* Symetric API
*/
/*
* Symetric API
*/
/* Define a data structure for digests operations */
typedef struct ZEN_data_st
{
unsigned int HashBufferSize ;
unsigned char *HashBuffer ;
} ZEN_MD_DATA ;
typedef struct ZEN_data_st {
unsigned int HashBufferSize;
unsigned char *HashBuffer;
} ZEN_MD_DATA;
/*
* Functions for Digest (MD5, SHA1) stuff
*/
/*
* Functions for Digest (MD5, SHA1) stuff
*/
/* output : output data buffer */
/* input : input data buffer */
/* algo : hash algorithm, MD5 or SHA1 */
@@ -119,26 +114,29 @@ typedef struct ZEN_data_st
* typedef int t_zencod_sha_hash ( KEY *output, const KEY *input, int algo ) ;
*/
/* For now separate this stuff that mad it easier to test */
typedef int t_zencod_md5_init ( ZEN_MD_DATA *data ) ;
typedef int t_zencod_md5_update ( ZEN_MD_DATA *data, const KEY *input ) ;
typedef int t_zencod_md5_do_final ( ZEN_MD_DATA *data, KEY *output ) ;
typedef int t_zencod_md5_init(ZEN_MD_DATA *data);
typedef int t_zencod_md5_update(ZEN_MD_DATA *data, const KEY * input);
typedef int t_zencod_md5_do_final(ZEN_MD_DATA *data, KEY * output);
typedef int t_zencod_sha1_init ( ZEN_MD_DATA *data ) ;
typedef int t_zencod_sha1_update ( ZEN_MD_DATA *data, const KEY *input ) ;
typedef int t_zencod_sha1_do_final ( ZEN_MD_DATA *data, KEY *output ) ;
typedef int t_zencod_sha1_init(ZEN_MD_DATA *data);
typedef int t_zencod_sha1_update(ZEN_MD_DATA *data, const KEY * input);
typedef int t_zencod_sha1_do_final(ZEN_MD_DATA *data, KEY * output);
/*
* Functions for Cipher (RC4, DES, 3DES) stuff
*/
/*
* Functions for Cipher (RC4, DES, 3DES) stuff
*/
/* output : output data buffer */
/* input : input data buffer */
/* key : rc4 key data */
/* index_1 : value of index x from RC4 key structure */
/* index_2 : value of index y from RC4 key structure */
/* Be carefull : RC4 key should be expanded before calling this method (Should we provide an expand function ??) */
typedef int t_zencod_rc4_cipher ( KEY *output, const KEY *input, const KEY *key,
unsigned char *index_1, unsigned char *index_2, int mode ) ;
/*
* Be carefull : RC4 key should be expanded before calling this method
* (Should we provide an expand function ??)
*/
typedef int t_zencod_rc4_cipher(KEY * output, const KEY * input,
const KEY * key, unsigned char *index_1,
unsigned char *index_2, int mode);
/* output : output data buffer */
/* input : input data buffer */
@@ -148,14 +146,14 @@ typedef int t_zencod_rc4_cipher ( KEY *output, const KEY *input, const KEY *key,
/* iv : initial vector */
/* mode : xdes mode (encrypt or decrypt) */
/* Be carefull : In DES mode key_1 = key_2 = key_3 (as far as i can see !!) */
typedef int t_zencod_xdes_cipher ( KEY *output, const KEY *input, const KEY *key_1,
const KEY *key_2, const KEY *key_3, const KEY *iv, int mode ) ;
typedef int t_zencod_xdes_cipher(KEY * output, const KEY * input,
const KEY * key_1, const KEY * key_2,
const KEY * key_3, const KEY * iv,
int mode);
# undef KEY
#undef KEY
#ifdef __cplusplus
# ifdef __cplusplus
}
#endif /* __cplusplus */
#endif /* !_HW_ZENCOD_H_ */
# endif /* __cplusplus */
#endif /* !_HW_ZENCOD_H_ */

122
demos/engines/zencod/hw_zencod_err.c
View File

@@ -7,7 +7,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
*
*/
/* NOTE: this file was auto generated by the mkerr.pl script: any changes
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
@@ -64,88 +65,83 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
static ERR_STRING_DATA ZENCOD_str_functs[]=
{
{ERR_PACK(0,ZENCOD_F_ZENCOD_BN_MOD_EXP,0), "ZENCOD_BN_MOD_EXP"},
{ERR_PACK(0,ZENCOD_F_ZENCOD_CTRL,0), "ZENCOD_CTRL"},
{ERR_PACK(0,ZENCOD_F_ZENCOD_DH_COMPUTE,0), "ZENCOD_DH_COMPUTE"},
{ERR_PACK(0,ZENCOD_F_ZENCOD_DH_GENERATE,0), "ZENCOD_DH_GENERATE"},
{ERR_PACK(0,ZENCOD_F_ZENCOD_DSA_DO_SIGN,0), "ZENCOD_DSA_DO_SIGN"},
{ERR_PACK(0,ZENCOD_F_ZENCOD_DSA_DO_VERIFY,0), "ZENCOD_DSA_DO_VERIFY"},
{ERR_PACK(0,ZENCOD_F_ZENCOD_FINISH,0), "ZENCOD_FINISH"},
{ERR_PACK(0,ZENCOD_F_ZENCOD_INIT,0), "ZENCOD_INIT"},
{ERR_PACK(0,ZENCOD_F_ZENCOD_RAND,0), "ZENCOD_RAND"},
{ERR_PACK(0,ZENCOD_F_ZENCOD_RSA_MOD_EXP,0), "ZENCOD_RSA_MOD_EXP"},
{ERR_PACK(0,ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT,0), "ZENCOD_RSA_MOD_EXP_CRT"},
{0,NULL}
};
static ERR_STRING_DATA ZENCOD_str_functs[] = {
{ERR_PACK(0, ZENCOD_F_ZENCOD_BN_MOD_EXP, 0), "ZENCOD_BN_MOD_EXP"},
{ERR_PACK(0, ZENCOD_F_ZENCOD_CTRL, 0), "ZENCOD_CTRL"},
{ERR_PACK(0, ZENCOD_F_ZENCOD_DH_COMPUTE, 0), "ZENCOD_DH_COMPUTE"},
{ERR_PACK(0, ZENCOD_F_ZENCOD_DH_GENERATE, 0), "ZENCOD_DH_GENERATE"},
{ERR_PACK(0, ZENCOD_F_ZENCOD_DSA_DO_SIGN, 0), "ZENCOD_DSA_DO_SIGN"},
{ERR_PACK(0, ZENCOD_F_ZENCOD_DSA_DO_VERIFY, 0), "ZENCOD_DSA_DO_VERIFY"},
{ERR_PACK(0, ZENCOD_F_ZENCOD_FINISH, 0), "ZENCOD_FINISH"},
{ERR_PACK(0, ZENCOD_F_ZENCOD_INIT, 0), "ZENCOD_INIT"},
{ERR_PACK(0, ZENCOD_F_ZENCOD_RAND, 0), "ZENCOD_RAND"},
{ERR_PACK(0, ZENCOD_F_ZENCOD_RSA_MOD_EXP, 0), "ZENCOD_RSA_MOD_EXP"},
{ERR_PACK(0, ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, 0),
"ZENCOD_RSA_MOD_EXP_CRT"},
{0, NULL}
};
static ERR_STRING_DATA ZENCOD_str_reasons[]=
{
{ZENCOD_R_ALREADY_LOADED ,"already loaded"},
{ZENCOD_R_BAD_KEY_COMPONENTS ,"bad key components"},
{ZENCOD_R_BN_EXPAND_FAIL ,"bn expand fail"},
{ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"},
{ZENCOD_R_DSO_FAILURE ,"dso failure"},
{ZENCOD_R_NOT_LOADED ,"not loaded"},
{ZENCOD_R_REQUEST_FAILED ,"request failed"},
{ZENCOD_R_UNIT_FAILURE ,"unit failure"},
{0,NULL}
};
static ERR_STRING_DATA ZENCOD_str_reasons[] = {
{ZENCOD_R_ALREADY_LOADED, "already loaded"},
{ZENCOD_R_BAD_KEY_COMPONENTS, "bad key components"},
{ZENCOD_R_BN_EXPAND_FAIL, "bn expand fail"},
{ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED, "ctrl command not implemented"},
{ZENCOD_R_DSO_FAILURE, "dso failure"},
{ZENCOD_R_NOT_LOADED, "not loaded"},
{ZENCOD_R_REQUEST_FAILED, "request failed"},
{ZENCOD_R_UNIT_FAILURE, "unit failure"},
{0, NULL}
};
#endif
#ifdef ZENCOD_LIB_NAME
static ERR_STRING_DATA ZENCOD_lib_name[]=
{
{0 ,ZENCOD_LIB_NAME},
{0,NULL}
};
static ERR_STRING_DATA ZENCOD_lib_name[] = {
{0, ZENCOD_LIB_NAME},
{0, NULL}
};
#endif
static int ZENCOD_lib_error_code=0;
static int ZENCOD_error_init=1;
static int ZENCOD_lib_error_code = 0;
static int ZENCOD_error_init = 1;
static void ERR_load_ZENCOD_strings(void)
{
if (ZENCOD_lib_error_code == 0)
ZENCOD_lib_error_code=ERR_get_next_error_library();
{
if (ZENCOD_lib_error_code == 0)
ZENCOD_lib_error_code = ERR_get_next_error_library();
if (ZENCOD_error_init)
{
ZENCOD_error_init=0;
if (ZENCOD_error_init) {
ZENCOD_error_init = 0;
#ifndef OPENSSL_NO_ERR
ERR_load_strings(ZENCOD_lib_error_code,ZENCOD_str_functs);
ERR_load_strings(ZENCOD_lib_error_code,ZENCOD_str_reasons);
ERR_load_strings(ZENCOD_lib_error_code, ZENCOD_str_functs);
ERR_load_strings(ZENCOD_lib_error_code, ZENCOD_str_reasons);
#endif
#ifdef ZENCOD_LIB_NAME
ZENCOD_lib_name->error = ERR_PACK(ZENCOD_lib_error_code,0,0);
ERR_load_strings(0,ZENCOD_lib_name);
ZENCOD_lib_name->error = ERR_PACK(ZENCOD_lib_error_code, 0, 0);
ERR_load_strings(0, ZENCOD_lib_name);
#endif
}
}
}
}
static void ERR_unload_ZENCOD_strings(void)
{
if (ZENCOD_error_init == 0)
{
{
if (ZENCOD_error_init == 0) {
#ifndef OPENSSL_NO_ERR
ERR_unload_strings(ZENCOD_lib_error_code,ZENCOD_str_functs);
ERR_unload_strings(ZENCOD_lib_error_code,ZENCOD_str_reasons);
ERR_unload_strings(ZENCOD_lib_error_code, ZENCOD_str_functs);
ERR_unload_strings(ZENCOD_lib_error_code, ZENCOD_str_reasons);
#endif
#ifdef ZENCOD_LIB_NAME
ERR_unload_strings(0,ZENCOD_lib_name);
ERR_unload_strings(0, ZENCOD_lib_name);
#endif
ZENCOD_error_init=1;
}
}
ZENCOD_error_init = 1;
}
}
static void ERR_ZENCOD_error(int function, int reason, char *file, int line)
{
if (ZENCOD_lib_error_code == 0)
ZENCOD_lib_error_code=ERR_get_next_error_library();
ERR_PUT_error(ZENCOD_lib_error_code,function,reason,file,line);
}
{
if (ZENCOD_lib_error_code == 0)
ZENCOD_lib_error_code = ERR_get_next_error_library();
ERR_PUT_error(ZENCOD_lib_error_code, function, reason, file, line);
}

47
demos/engines/zencod/hw_zencod_err.h
View File

@@ -6,7 +6,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -53,45 +53,46 @@
*/
#ifndef HEADER_ZENCOD_ERR_H
#define HEADER_ZENCOD_ERR_H
# define HEADER_ZENCOD_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_ZENCOD_strings(void);
static void ERR_unload_ZENCOD_strings(void);
static void ERR_ZENCOD_error(int function, int reason, char *file, int line);
#define ZENCODerr(f,r) ERR_ZENCOD_error((f),(r),__FILE__,__LINE__)
# define ZENCODerr(f,r) ERR_ZENCOD_error((f),(r),__FILE__,__LINE__)
/* Error codes for the ZENCOD functions. */
/* Function codes. */
#define ZENCOD_F_ZENCOD_BN_MOD_EXP 100
#define ZENCOD_F_ZENCOD_CTRL 101
#define ZENCOD_F_ZENCOD_DH_COMPUTE 102
#define ZENCOD_F_ZENCOD_DH_GENERATE 103
#define ZENCOD_F_ZENCOD_DSA_DO_SIGN 104
#define ZENCOD_F_ZENCOD_DSA_DO_VERIFY 105
#define ZENCOD_F_ZENCOD_FINISH 106
#define ZENCOD_F_ZENCOD_INIT 107
#define ZENCOD_F_ZENCOD_RAND 108
#define ZENCOD_F_ZENCOD_RSA_MOD_EXP 109
#define ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT 110
# define ZENCOD_F_ZENCOD_BN_MOD_EXP 100
# define ZENCOD_F_ZENCOD_CTRL 101
# define ZENCOD_F_ZENCOD_DH_COMPUTE 102
# define ZENCOD_F_ZENCOD_DH_GENERATE 103
# define ZENCOD_F_ZENCOD_DSA_DO_SIGN 104
# define ZENCOD_F_ZENCOD_DSA_DO_VERIFY 105
# define ZENCOD_F_ZENCOD_FINISH 106
# define ZENCOD_F_ZENCOD_INIT 107
# define ZENCOD_F_ZENCOD_RAND 108
# define ZENCOD_F_ZENCOD_RSA_MOD_EXP 109
# define ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT 110
/* Reason codes. */
#define ZENCOD_R_ALREADY_LOADED 100
#define ZENCOD_R_BAD_KEY_COMPONENTS 101
#define ZENCOD_R_BN_EXPAND_FAIL 102
#define ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
#define ZENCOD_R_DSO_FAILURE 104
#define ZENCOD_R_NOT_LOADED 105
#define ZENCOD_R_REQUEST_FAILED 106
#define ZENCOD_R_UNIT_FAILURE 107
# define ZENCOD_R_ALREADY_LOADED 100
# define ZENCOD_R_BAD_KEY_COMPONENTS 101
# define ZENCOD_R_BN_EXPAND_FAIL 102
# define ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
# define ZENCOD_R_DSO_FAILURE 104
# define ZENCOD_R_NOT_LOADED 105
# define ZENCOD_R_REQUEST_FAILED 106
# define ZENCOD_R_UNIT_FAILURE 107
#ifdef __cplusplus
}

96
demos/pkcs12/pkread.c
View File

@@ -10,52 +10,52 @@
int main(int argc, char **argv)
{
FILE *fp;
EVP_PKEY *pkey;
X509 *cert;
STACK_OF(X509) *ca = NULL;
PKCS12 *p12;
int i;
if (argc != 4) {
fprintf(stderr, "Usage: pkread p12file password opfile\n");
exit (1);
}
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
if (!(fp = fopen(argv[1], "rb"))) {
fprintf(stderr, "Error opening file %s\n", argv[1]);
exit(1);
}
p12 = d2i_PKCS12_fp(fp, NULL);
fclose (fp);
if (!p12) {
fprintf(stderr, "Error reading PKCS#12 file\n");
ERR_print_errors_fp(stderr);
exit (1);
}
if (!PKCS12_parse(p12, argv[2], &pkey, &cert, &ca)) {
fprintf(stderr, "Error parsing PKCS#12 file\n");
ERR_print_errors_fp(stderr);
exit (1);
}
PKCS12_free(p12);
if (!(fp = fopen(argv[3], "w"))) {
fprintf(stderr, "Error opening file %s\n", argv[1]);
exit(1);
}
if (pkey) {
fprintf(fp, "***Private Key***\n");
PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL);
}
if (cert) {
fprintf(fp, "***User Certificate***\n");
PEM_write_X509_AUX(fp, cert);
}
if (ca && sk_X509_num(ca)) {
fprintf(fp, "***Other Certificates***\n");
for (i = 0; i < sk_X509_num(ca); i++)
PEM_write_X509_AUX(fp, sk_X509_value(ca, i));
}
fclose(fp);
return 0;
FILE *fp;
EVP_PKEY *pkey;
X509 *cert;
STACK_OF(X509) *ca = NULL;
PKCS12 *p12;
int i;
if (argc != 4) {
fprintf(stderr, "Usage: pkread p12file password opfile\n");
exit(1);
}
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
if (!(fp = fopen(argv[1], "rb"))) {
fprintf(stderr, "Error opening file %s\n", argv[1]);
exit(1);
}
p12 = d2i_PKCS12_fp(fp, NULL);
fclose(fp);
if (!p12) {
fprintf(stderr, "Error reading PKCS#12 file\n");
ERR_print_errors_fp(stderr);
exit(1);
}
if (!PKCS12_parse(p12, argv[2], &pkey, &cert, &ca)) {
fprintf(stderr, "Error parsing PKCS#12 file\n");
ERR_print_errors_fp(stderr);
exit(1);
}
PKCS12_free(p12);
if (!(fp = fopen(argv[3], "w"))) {
fprintf(stderr, "Error opening file %s\n", argv[1]);
exit(1);
}
if (pkey) {
fprintf(fp, "***Private Key***\n");
PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL);
}
if (cert) {
fprintf(fp, "***User Certificate***\n");
PEM_write_X509_AUX(fp, cert);
}
if (ca && sk_X509_num(ca)) {
fprintf(fp, "***Other Certificates***\n");
for (i = 0; i < sk_X509_num(ca); i++)
PEM_write_X509_AUX(fp, sk_X509_value(ca, i));
}
fclose(fp);
return 0;
}

66
demos/pkcs12/pkwrite.c
View File

@@ -10,37 +10,37 @@
int main(int argc, char **argv)
{
FILE *fp;
EVP_PKEY *pkey;
X509 *cert;
PKCS12 *p12;
if (argc != 5) {
fprintf(stderr, "Usage: pkwrite infile password name p12file\n");
exit(1);
}
SSLeay_add_all_algorithms();
ERR_load_crypto_strings();
if (!(fp = fopen(argv[1], "r"))) {
fprintf(stderr, "Error opening file %s\n", argv[1]);
exit(1);
}
cert = PEM_read_X509(fp, NULL, NULL, NULL);
rewind(fp);
pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
fclose(fp);
p12 = PKCS12_create(argv[2], argv[3], pkey, cert, NULL, 0,0,0,0,0);
if(!p12) {
fprintf(stderr, "Error creating PKCS#12 structure\n");
ERR_print_errors_fp(stderr);
exit(1);
}
if (!(fp = fopen(argv[4], "wb"))) {
fprintf(stderr, "Error opening file %s\n", argv[1]);
ERR_print_errors_fp(stderr);
exit(1);
}
i2d_PKCS12_fp(fp, p12);
PKCS12_free(p12);
fclose(fp);
return 0;
FILE *fp;
EVP_PKEY *pkey;
X509 *cert;
PKCS12 *p12;
if (argc != 5) {
fprintf(stderr, "Usage: pkwrite infile password name p12file\n");
exit(1);
}
SSLeay_add_all_algorithms();
ERR_load_crypto_strings();
if (!(fp = fopen(argv[1], "r"))) {
fprintf(stderr, "Error opening file %s\n", argv[1]);
exit(1);
}
cert = PEM_read_X509(fp, NULL, NULL, NULL);
rewind(fp);
pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
fclose(fp);
p12 = PKCS12_create(argv[2], argv[3], pkey, cert, NULL, 0, 0, 0, 0, 0);
if (!p12) {
fprintf(stderr, "Error creating PKCS#12 structure\n");
ERR_print_errors_fp(stderr);
exit(1);
}
if (!(fp = fopen(argv[4], "wb"))) {
fprintf(stderr, "Error opening file %s\n", argv[1]);
ERR_print_errors_fp(stderr);
exit(1);
}
i2d_PKCS12_fp(fp, p12);
PKCS12_free(p12);
fclose(fp);
return 0;
}

81
demos/prime/prime.c
View File

@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -58,44 +58,45 @@
#include <stdio.h>
#include <stdlib.h>
#include <openssl/bn.h>
#include <openssl/bn.h>
void callback(type,num)
int type,num;
{
if (type == 0)
fprintf(stderr,".");
else if (type == 1)
fprintf(stderr,"+");
else if (type == 2)
fprintf(stderr,"*");
fflush(stderr);
}
void callback(type, num)
int type, num;
{
if (type == 0)
fprintf(stderr, ".");
else if (type == 1)
fprintf(stderr, "+");
else if (type == 2)
fprintf(stderr, "*");
fflush(stderr);
}
int main(argc,argv)
int main(argc, argv)
int argc;
char *argv[];
{
BIGNUM *rand;
int num=256;
{
BIGNUM *rand;
int num = 256;
/* we should really call RAND_seed(char *bytes,int num);
* to fully initalise the random number generator */
if (argc >= 2)
{
num=atoi(argv[1]);
if (num == 0) num=256;
}
/*
* we should really call RAND_seed(char *bytes,int num); to fully
* initalise the random number generator
*/
if (argc >= 2) {
num = atoi(argv[1]);
if (num == 0)
num = 256;
}
fprintf(stderr,"generate a strong prime\n");
rand=BN_generate_prime(NULL,num,1,NULL,NULL,callback,NULL);
/* change the third parameter to 1 for a strong prime */
fprintf(stderr,"\n");
BN_print_fp(stdout,rand);
fprintf(stdout,"\n");
BN_free(rand);
exit(0);
return(0);
}
fprintf(stderr, "generate a strong prime\n");
rand = BN_generate_prime(NULL, num, 1, NULL, NULL, callback, NULL);
/* change the third parameter to 1 for a strong prime */
fprintf(stderr, "\n");
BN_print_fp(stdout, rand);
fprintf(stdout, "\n");
BN_free(rand);
exit(0);
return (0);
}

238
demos/selfsign.c
View File

@@ -11,170 +11,166 @@
int mkit(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
int main()
{
BIO *bio_err;
X509 *x509=NULL;
EVP_PKEY *pkey=NULL;
{
BIO *bio_err;
X509 *x509 = NULL;
EVP_PKEY *pkey = NULL;
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
bio_err=BIO_new_fp(stderr, BIO_NOCLOSE);
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
mkit(&x509,&pkey,512,0,365);
mkit(&x509, &pkey, 512, 0, 365);
RSA_print_fp(stdout,pkey->pkey.rsa,0);
X509_print_fp(stdout,x509);
RSA_print_fp(stdout, pkey->pkey.rsa, 0);
X509_print_fp(stdout, x509);
PEM_write_PrivateKey(stdout,pkey,NULL,NULL,0,NULL, NULL);
PEM_write_X509(stdout,x509);
PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL);
PEM_write_X509(stdout, x509);
X509_free(x509);
EVP_PKEY_free(pkey);
X509_free(x509);
EVP_PKEY_free(pkey);
#ifdef CUSTOM_EXT
/* Only needed if we add objects or custom extensions */
X509V3_EXT_cleanup();
OBJ_cleanup();
/* Only needed if we add objects or custom extensions */
X509V3_EXT_cleanup();
OBJ_cleanup();
#endif
CRYPTO_mem_leaks(bio_err);
BIO_free(bio_err);
return(0);
}
CRYPTO_mem_leaks(bio_err);
BIO_free(bio_err);
return (0);
}
#ifdef WIN16
# define MS_CALLBACK _far _loadds
# define MS_FAR _far
# define MS_CALLBACK _far _loadds
# define MS_FAR _far
#else
# define MS_CALLBACK
# define MS_FAR
# define MS_CALLBACK
# define MS_FAR
#endif
static void MS_CALLBACK callback(p, n, arg)
int p;
int n;
void *arg;
{
char c='B';
{
char c = 'B';
if (p == 0) c='.';
if (p == 1) c='+';
if (p == 2) c='*';
if (p == 3) c='\n';
fputc(c,stderr);
}
if (p == 0)
c = '.';
if (p == 1)
c = '+';
if (p == 2)
c = '*';
if (p == 3)
c = '\n';
fputc(c, stderr);
}
int mkit(x509p,pkeyp,bits,serial,days)
int mkit(x509p, pkeyp, bits, serial, days)
X509 **x509p;
EVP_PKEY **pkeyp;
int bits;
int serial;
int days;
{
X509 *x;
EVP_PKEY *pk;
RSA *rsa;
X509_NAME *name=NULL;
X509_NAME_ENTRY *ne=NULL;
X509_EXTENSION *ex=NULL;
{
X509 *x;
EVP_PKEY *pk;
RSA *rsa;
X509_NAME *name = NULL;
X509_NAME_ENTRY *ne = NULL;
X509_EXTENSION *ex = NULL;
if ((pkeyp == NULL) || (*pkeyp == NULL))
{
if ((pk=EVP_PKEY_new()) == NULL)
{
abort();
return(0);
}
}
else
pk= *pkeyp;
if ((pkeyp == NULL) || (*pkeyp == NULL)) {
if ((pk = EVP_PKEY_new()) == NULL) {
abort();
return (0);
}
} else
pk = *pkeyp;
if ((x509p == NULL) || (*x509p == NULL))
{
if ((x=X509_new()) == NULL)
goto err;
}
else
x= *x509p;
if ((x509p == NULL) || (*x509p == NULL)) {
if ((x = X509_new()) == NULL)
goto err;
} else
x = *x509p;
rsa=RSA_generate_key(bits,RSA_F4,callback,NULL);
if (!EVP_PKEY_assign_RSA(pk,rsa))
{
abort();
goto err;
}
rsa=NULL;
rsa = RSA_generate_key(bits, RSA_F4, callback, NULL);
if (!EVP_PKEY_assign_RSA(pk, rsa)) {
abort();
goto err;
}
rsa = NULL;
X509_set_version(x,3);
ASN1_INTEGER_set(X509_get_serialNumber(x),serial);
X509_gmtime_adj(X509_get_notBefore(x),0);
X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
X509_set_pubkey(x,pk);
X509_set_version(x, 3);
ASN1_INTEGER_set(X509_get_serialNumber(x), serial);
X509_gmtime_adj(X509_get_notBefore(x), 0);
X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * days);
X509_set_pubkey(x, pk);
name=X509_get_subject_name(x);
name = X509_get_subject_name(x);
/* This function creates and adds the entry, working out the
* correct string type and performing checks on its length.
* Normally we'd check the return value for errors...
*/
X509_NAME_add_entry_by_txt(name,"C",
MBSTRING_ASC, "UK", -1, -1, 0);
X509_NAME_add_entry_by_txt(name,"CN",
MBSTRING_ASC, "OpenSSL Group", -1, -1, 0);
/*
* This function creates and adds the entry, working out the correct
* string type and performing checks on its length. Normally we'd check
* the return value for errors...
*/
X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, "UK", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "CN",
MBSTRING_ASC, "OpenSSL Group", -1, -1, 0);
X509_set_issuer_name(x,name);
X509_set_issuer_name(x, name);
/* Add extension using V3 code: we can set the config file as NULL
* because we wont reference any other sections. We can also set
* the context to NULL because none of these extensions below will need
* to access it.
*/
/*
* Add extension using V3 code: we can set the config file as NULL
* because we wont reference any other sections. We can also set the
* context to NULL because none of these extensions below will need to
* access it.
*/
ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_cert_type, "server");
X509_add_ext(x,ex,-1);
X509_EXTENSION_free(ex);
ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_cert_type, "server");
X509_add_ext(x, ex, -1);
X509_EXTENSION_free(ex);
ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_comment,
"example comment extension");
X509_add_ext(x,ex,-1);
X509_EXTENSION_free(ex);
ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_comment,
"example comment extension");
X509_add_ext(x, ex, -1);
X509_EXTENSION_free(ex);
ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_ssl_server_name,
"www.openssl.org");
ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_ssl_server_name,
"www.openssl.org");
X509_add_ext(x,ex,-1);
X509_EXTENSION_free(ex);
X509_add_ext(x, ex, -1);
X509_EXTENSION_free(ex);
#if 0
/* might want something like this too.... */
ex = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,
"critical,CA:TRUE");
/* might want something like this too.... */
ex = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,
"critical,CA:TRUE");
X509_add_ext(x,ex,-1);
X509_EXTENSION_free(ex);
X509_add_ext(x, ex, -1);
X509_EXTENSION_free(ex);
#endif
#ifdef CUSTOM_EXT
/* Maybe even add our own extension based on existing */
{
int nid;
nid = OBJ_create("1.2.3.4", "MyAlias", "My Test Alias Extension");
X509V3_EXT_add_alias(nid, NID_netscape_comment);
ex = X509V3_EXT_conf_nid(NULL, NULL, nid,
"example comment alias");
X509_add_ext(x,ex,-1);
X509_EXTENSION_free(ex);
}
/* Maybe even add our own extension based on existing */
{
int nid;
nid = OBJ_create("1.2.3.4", "MyAlias", "My Test Alias Extension");
X509V3_EXT_add_alias(nid, NID_netscape_comment);
ex = X509V3_EXT_conf_nid(NULL, NULL, nid, "example comment alias");
X509_add_ext(x, ex, -1);
X509_EXTENSION_free(ex);
}
#endif
if (!X509_sign(x,pk,EVP_md5()))
goto err;
*x509p=x;
*pkeyp=pk;
return(1);
err:
return(0);
}
if (!X509_sign(x, pk, EVP_md5()))
goto err;
*x509p = x;
*pkeyp = pk;
return (1);
err:
return (0);
}

161
demos/sign/sign.c
View File

@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,19 +49,22 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* sign-it.cpp - Simple test app using SSLeay envelopes to sign data
29.9.1996, Sampo Kellomaki <sampo@iki.fi> */
/*
* sign-it.cpp - Simple test app using SSLeay envelopes to sign data
* 29.9.1996, Sampo Kellomaki <sampo@iki.fi>
*/
/* converted to C - eay :-) */
/* reformated a bit and converted to use the more common functions: this was
/*
* reformated a bit and converted to use the more common functions: this was
* initially written at the dawn of time :-) - Steve.
*/
@@ -74,80 +77,84 @@
#include <openssl/pem.h>
#include <openssl/ssl.h>
int main ()
int main()
{
int err;
int sig_len;
unsigned char sig_buf [4096];
static char certfile[] = "cert.pem";
static char keyfile[] = "key.pem";
static char data[] = "I owe you...";
EVP_MD_CTX md_ctx;
EVP_PKEY * pkey;
FILE * fp;
X509 * x509;
int err;
int sig_len;
unsigned char sig_buf[4096];
static char certfile[] = "cert.pem";
static char keyfile[] = "key.pem";
static char data[] = "I owe you...";
EVP_MD_CTX md_ctx;
EVP_PKEY *pkey;
FILE *fp;
X509 *x509;
/* Just load the crypto library error strings,
* SSL_load_error_strings() loads the crypto AND the SSL ones */
/* SSL_load_error_strings();*/
ERR_load_crypto_strings();
/* Read private key */
fp = fopen (keyfile, "r");
if (fp == NULL) exit (1);
pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
fclose (fp);
/*
* Just load the crypto library error strings, SSL_load_error_strings()
* loads the crypto AND the SSL ones
*/
/* SSL_load_error_strings(); */
ERR_load_crypto_strings();
if (pkey == NULL) {
ERR_print_errors_fp (stderr);
exit (1);
}
/* Do the signature */
EVP_SignInit (&md_ctx, EVP_sha1());
EVP_SignUpdate (&md_ctx, data, strlen(data));
sig_len = sizeof(sig_buf);
err = EVP_SignFinal (&md_ctx, sig_buf, &sig_len, pkey);
/* Read private key */
if (err != 1) {
ERR_print_errors_fp(stderr);
exit (1);
}
fp = fopen(keyfile, "r");
if (fp == NULL)
exit(1);
pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
fclose(fp);
EVP_PKEY_free (pkey);
/* Read public key */
fp = fopen (certfile, "r");
if (fp == NULL) exit (1);
x509 = PEM_read_X509(fp, NULL, NULL, NULL);
fclose (fp);
if (pkey == NULL) {
ERR_print_errors_fp(stderr);
exit(1);
}
if (x509 == NULL) {
ERR_print_errors_fp (stderr);
exit (1);
}
/* Get public key - eay */
pkey=X509_get_pubkey(x509);
if (pkey == NULL) {
ERR_print_errors_fp (stderr);
exit (1);
}
/* Do the signature */
/* Verify the signature */
EVP_VerifyInit (&md_ctx, EVP_sha1());
EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data));
err = EVP_VerifyFinal (&md_ctx, sig_buf, sig_len, pkey);
EVP_PKEY_free (pkey);
EVP_SignInit(&md_ctx, EVP_sha1());
EVP_SignUpdate(&md_ctx, data, strlen(data));
sig_len = sizeof(sig_buf);
err = EVP_SignFinal(&md_ctx, sig_buf, &sig_len, pkey);
if (err != 1) {
ERR_print_errors_fp (stderr);
exit (1);
}
printf ("Signature Verified Ok.\n");
return(0);
if (err != 1) {
ERR_print_errors_fp(stderr);
exit(1);
}
EVP_PKEY_free(pkey);
/* Read public key */
fp = fopen(certfile, "r");
if (fp == NULL)
exit(1);
x509 = PEM_read_X509(fp, NULL, NULL, NULL);
fclose(fp);
if (x509 == NULL) {
ERR_print_errors_fp(stderr);
exit(1);
}
/* Get public key - eay */
pkey = X509_get_pubkey(x509);
if (pkey == NULL) {
ERR_print_errors_fp(stderr);
exit(1);
}
/* Verify the signature */
EVP_VerifyInit(&md_ctx, EVP_sha1());
EVP_VerifyUpdate(&md_ctx, data, strlen((char *)data));
err = EVP_VerifyFinal(&md_ctx, sig_buf, sig_len, pkey);
EVP_PKEY_free(pkey);
if (err != 1) {
ERR_print_errors_fp(stderr);
exit(1);
}
printf("Signature Verified Ok.\n");
return (0);
}

107
demos/smime/smdec.c
View File

@@ -4,80 +4,75 @@
#include <openssl/err.h>
int main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL, *tbio = NULL;
X509 *rcert = NULL;
EVP_PKEY *rkey = NULL;
PKCS7 *p7 = NULL;
int ret = 1;
{
BIO *in = NULL, *out = NULL, *tbio = NULL;
X509 *rcert = NULL;
EVP_PKEY *rkey = NULL;
PKCS7 *p7 = NULL;
int ret = 1;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
/* Read in recipient certificate and private key */
tbio = BIO_new_file("signer.pem", "r");
/* Read in recipient certificate and private key */
tbio = BIO_new_file("signer.pem", "r");
if (!tbio)
goto err;
if (!tbio)
goto err;
rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
BIO_reset(tbio);
BIO_reset(tbio);
rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
if (!rcert || !rkey)
goto err;
if (!rcert || !rkey)
goto err;
/* Open content being signed */
/* Open content being signed */
in = BIO_new_file("smencr.txt", "r");
in = BIO_new_file("smencr.txt", "r");
if (!in)
goto err;
if (!in)
goto err;
/* Sign content */
p7 = SMIME_read_PKCS7(in, NULL);
/* Sign content */
p7 = SMIME_read_PKCS7(in, NULL);
if (!p7)
goto err;
if (!p7)
goto err;
out = BIO_new_file("encrout.txt", "w");
if (!out)
goto err;
out = BIO_new_file("encrout.txt", "w");
if (!out)
goto err;
/* Decrypt S/MIME message */
if (!PKCS7_decrypt(p7, rkey, rcert, out, 0))
goto err;
/* Decrypt S/MIME message */
if (!PKCS7_decrypt(p7, rkey, rcert, out, 0))
goto err;
ret = 0;
ret = 0;
err:
err:
if (ret)
{
fprintf(stderr, "Error Signing Data\n");
ERR_print_errors_fp(stderr);
}
if (p7)
PKCS7_free(p7);
if (rcert)
X509_free(rcert);
if (rkey)
EVP_PKEY_free(rkey);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
return ret;
}
if (ret) {
fprintf(stderr, "Error Signing Data\n");
ERR_print_errors_fp(stderr);
}
if (p7)
PKCS7_free(p7);
if (rcert)
X509_free(rcert);
if (rkey)
EVP_PKEY_free(rkey);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
return ret;
}

126
demos/smime/smenc.c
View File

@@ -4,89 +4,89 @@
#include <openssl/err.h>
int main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL, *tbio = NULL;
X509 *rcert = NULL;
STACK_OF(X509) *recips = NULL;
PKCS7 *p7 = NULL;
int ret = 1;
{
BIO *in = NULL, *out = NULL, *tbio = NULL;
X509 *rcert = NULL;
STACK_OF(X509) *recips = NULL;
PKCS7 *p7 = NULL;
int ret = 1;
/*
* On OpenSSL 0.9.9 only:
* for streaming set PKCS7_STREAM
*/
int flags = PKCS7_STREAM;
/*
* On OpenSSL 0.9.9 only:
* for streaming set PKCS7_STREAM
*/
int flags = PKCS7_STREAM;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
/* Read in recipient certificate */
tbio = BIO_new_file("signer.pem", "r");
/* Read in recipient certificate */
tbio = BIO_new_file("signer.pem", "r");
if (!tbio)
goto err;
if (!tbio)
goto err;
rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
if (!rcert)
goto err;
if (!rcert)
goto err;
/* Create recipient STACK and add recipient cert to it */
recips = sk_X509_new_null();
/* Create recipient STACK and add recipient cert to it */
recips = sk_X509_new_null();
if (!recips || !sk_X509_push(recips, rcert))
goto err;
if (!recips || !sk_X509_push(recips, rcert))
goto err;
/* sk_X509_pop_free will free up recipient STACK and its contents
* so set rcert to NULL so it isn't freed up twice.
*/
rcert = NULL;
/*
* sk_X509_pop_free will free up recipient STACK and its contents so set
* rcert to NULL so it isn't freed up twice.
*/
rcert = NULL;
/* Open content being encrypted */
/* Open content being encrypted */
in = BIO_new_file("encr.txt", "r");
in = BIO_new_file("encr.txt", "r");
if (!in)
goto err;
if (!in)
goto err;
/* encrypt content */
p7 = PKCS7_encrypt(recips, in, EVP_des_ede3_cbc(), flags);
/* encrypt content */
p7 = PKCS7_encrypt(recips, in, EVP_des_ede3_cbc(), flags);
if (!p7)
goto err;
if (!p7)
goto err;
out = BIO_new_file("smencr.txt", "w");
if (!out)
goto err;
out = BIO_new_file("smencr.txt", "w");
if (!out)
goto err;
/* Write out S/MIME message */
if (!SMIME_write_PKCS7(out, p7, in, flags))
goto err;
/* Write out S/MIME message */
if (!SMIME_write_PKCS7(out, p7, in, flags))
goto err;
ret = 0;
ret = 0;
err:
err:
if (ret)
{
fprintf(stderr, "Error Encrypting Data\n");
ERR_print_errors_fp(stderr);
}
if (ret) {
fprintf(stderr, "Error Encrypting Data\n");
ERR_print_errors_fp(stderr);
}
if (p7)
PKCS7_free(p7);
if (rcert)
X509_free(rcert);
if (recips)
sk_X509_pop_free(recips, X509_free);
if (p7)
PKCS7_free(p7);
if (rcert)
X509_free(rcert);
if (recips)
sk_X509_pop_free(recips, X509_free);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
return ret;
return ret;
}
}

119
demos/smime/smsign.c
View File

@@ -4,86 +4,85 @@
#include <openssl/err.h>
int main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL, *tbio = NULL;
X509 *scert = NULL;
EVP_PKEY *skey = NULL;
PKCS7 *p7 = NULL;
int ret = 1;
{
BIO *in = NULL, *out = NULL, *tbio = NULL;
X509 *scert = NULL;
EVP_PKEY *skey = NULL;
PKCS7 *p7 = NULL;
int ret = 1;
/* For simple S/MIME signing use PKCS7_DETACHED.
* On OpenSSL 0.9.9 only:
* for streaming detached set PKCS7_DETACHED|PKCS7_STREAM
* for streaming non-detached set PKCS7_STREAM
*/
int flags = PKCS7_DETACHED|PKCS7_STREAM;
/*
* For simple S/MIME signing use PKCS7_DETACHED. On OpenSSL 0.9.9 only:
* for streaming detached set PKCS7_DETACHED|PKCS7_STREAM for streaming
* non-detached set PKCS7_STREAM
*/
int flags = PKCS7_DETACHED | PKCS7_STREAM;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
/* Read in signer certificate and private key */
tbio = BIO_new_file("signer.pem", "r");
/* Read in signer certificate and private key */
tbio = BIO_new_file("signer.pem", "r");
if (!tbio)
goto err;
if (!tbio)
goto err;
scert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
scert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
BIO_reset(tbio);
BIO_reset(tbio);
skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
if (!scert || !skey)
goto err;
if (!scert || !skey)
goto err;
/* Open content being signed */
/* Open content being signed */
in = BIO_new_file("sign.txt", "r");
in = BIO_new_file("sign.txt", "r");
if (!in)
goto err;
if (!in)
goto err;
/* Sign content */
p7 = PKCS7_sign(scert, skey, NULL, in, flags);
/* Sign content */
p7 = PKCS7_sign(scert, skey, NULL, in, flags);
if (!p7)
goto err;
if (!p7)
goto err;
out = BIO_new_file("smout.txt", "w");
if (!out)
goto err;
out = BIO_new_file("smout.txt", "w");
if (!out)
goto err;
if (!(flags & PKCS7_STREAM))
BIO_reset(in);
if (!(flags & PKCS7_STREAM))
BIO_reset(in);
/* Write out S/MIME message */
if (!SMIME_write_PKCS7(out, p7, in, flags))
goto err;
/* Write out S/MIME message */
if (!SMIME_write_PKCS7(out, p7, in, flags))
goto err;
ret = 0;
ret = 0;
err:
err:
if (ret)
{
fprintf(stderr, "Error Signing Data\n");
ERR_print_errors_fp(stderr);
}
if (ret) {
fprintf(stderr, "Error Signing Data\n");
ERR_print_errors_fp(stderr);
}
if (p7)
PKCS7_free(p7);
if (scert)
X509_free(scert);
if (skey)
EVP_PKEY_free(skey);
if (p7)
PKCS7_free(p7);
if (scert)
X509_free(scert);
if (skey)
EVP_PKEY_free(skey);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
return ret;
return ret;
}
}

133
demos/smime/smsign2.c
View File

@@ -4,104 +4,99 @@
#include <openssl/err.h>
int main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL, *tbio = NULL;
X509 *scert = NULL, *scert2 = NULL;
EVP_PKEY *skey = NULL, *skey2 = NULL;
PKCS7 *p7 = NULL;
int ret = 1;
{
BIO *in = NULL, *out = NULL, *tbio = NULL;
X509 *scert = NULL, *scert2 = NULL;
EVP_PKEY *skey = NULL, *skey2 = NULL;
PKCS7 *p7 = NULL;
int ret = 1;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
tbio = BIO_new_file("signer.pem", "r");
tbio = BIO_new_file("signer.pem", "r");
if (!tbio)
goto err;
if (!tbio)
goto err;
scert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
scert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
BIO_reset(tbio);
BIO_reset(tbio);
skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
BIO_free(tbio);
BIO_free(tbio);
tbio = BIO_new_file("signer2.pem", "r");
tbio = BIO_new_file("signer2.pem", "r");
if (!tbio)
goto err;
if (!tbio)
goto err;
scert2 = PEM_read_bio_X509(tbio, NULL, 0, NULL);
scert2 = PEM_read_bio_X509(tbio, NULL, 0, NULL);
BIO_reset(tbio);
BIO_reset(tbio);
skey2 = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
skey2 = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
if (!scert2 || !skey2)
goto err;
if (!scert2 || !skey2)
goto err;
in = BIO_new_file("sign.txt", "r");
in = BIO_new_file("sign.txt", "r");
if (!in)
goto err;
if (!in)
goto err;
p7 = PKCS7_sign(NULL, NULL, NULL, in, PKCS7_STREAM|PKCS7_PARTIAL);
p7 = PKCS7_sign(NULL, NULL, NULL, in, PKCS7_STREAM | PKCS7_PARTIAL);
if (!p7)
goto err;
if (!p7)
goto err;
/* Add each signer in turn */
/* Add each signer in turn */
if (!PKCS7_sign_add_signer(p7, scert, skey, NULL, 0))
goto err;
if (!PKCS7_sign_add_signer(p7, scert, skey, NULL, 0))
goto err;
if (!PKCS7_sign_add_signer(p7, scert2, skey2, NULL, 0))
goto err;
if (!PKCS7_sign_add_signer(p7, scert2, skey2, NULL, 0))
goto err;
out = BIO_new_file("smout.txt", "w");
if (!out)
goto err;
out = BIO_new_file("smout.txt", "w");
if (!out)
goto err;
/* NB: content included and finalized by SMIME_write_PKCS7 */
/* NB: content included and finalized by SMIME_write_PKCS7 */
if (!SMIME_write_PKCS7(out, p7, in, PKCS7_STREAM))
goto err;
if (!SMIME_write_PKCS7(out, p7, in, PKCS7_STREAM))
goto err;
ret = 0;
ret = 0;
err:
err:
if (ret)
{
fprintf(stderr, "Error Signing Data\n");
ERR_print_errors_fp(stderr);
}
if (ret) {
fprintf(stderr, "Error Signing Data\n");
ERR_print_errors_fp(stderr);
}
if (p7)
PKCS7_free(p7);
if (p7)
PKCS7_free(p7);
if (scert)
X509_free(scert);
if (skey)
EVP_PKEY_free(skey);
if (scert2)
X509_free(scert2);
if (skey)
EVP_PKEY_free(skey2);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
return ret;
}
if (scert)
X509_free(scert);
if (skey)
EVP_PKEY_free(skey);
if (scert2)
X509_free(scert2);
if (skey)
EVP_PKEY_free(skey2);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
return ret;
}

110
demos/smime/smver.c
View File

@@ -4,84 +4,82 @@
#include <openssl/err.h>
int main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL, *tbio = NULL, *cont = NULL;
X509_STORE *st = NULL;
X509 *cacert = NULL;
PKCS7 *p7 = NULL;
{
BIO *in = NULL, *out = NULL, *tbio = NULL, *cont = NULL;
X509_STORE *st = NULL;
X509 *cacert = NULL;
PKCS7 *p7 = NULL;
int ret = 1;
int ret = 1;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
/* Set up trusted CA certificate store */
/* Set up trusted CA certificate store */
st = X509_STORE_new();
st = X509_STORE_new();
/* Read in signer certificate and private key */
tbio = BIO_new_file("cacert.pem", "r");
/* Read in signer certificate and private key */
tbio = BIO_new_file("cacert.pem", "r");
if (!tbio)
goto err;
if (!tbio)
goto err;
cacert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
cacert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
if (!cacert)
goto err;
if (!cacert)
goto err;
if (!X509_STORE_add_cert(st, cacert))
goto err;
if (!X509_STORE_add_cert(st, cacert))
goto err;
/* Open content being signed */
/* Open content being signed */
in = BIO_new_file("smout.txt", "r");
in = BIO_new_file("smout.txt", "r");
if (!in)
goto err;
if (!in)
goto err;
/* Sign content */
p7 = SMIME_read_PKCS7(in, &cont);
/* Sign content */
p7 = SMIME_read_PKCS7(in, &cont);
if (!p7)
goto err;
if (!p7)
goto err;
/* File to output verified content to */
out = BIO_new_file("smver.txt", "w");
if (!out)
goto err;
/* File to output verified content to */
out = BIO_new_file("smver.txt", "w");
if (!out)
goto err;
if (!PKCS7_verify(p7, NULL, st, cont, out, 0))
{
fprintf(stderr, "Verification Failure\n");
goto err;
}
if (!PKCS7_verify(p7, NULL, st, cont, out, 0)) {
fprintf(stderr, "Verification Failure\n");
goto err;
}
fprintf(stderr, "Verification Successful\n");
fprintf(stderr, "Verification Successful\n");
ret = 0;
ret = 0;
err:
err:
if (ret)
{
fprintf(stderr, "Error Verifying Data\n");
ERR_print_errors_fp(stderr);
}
if (ret) {
fprintf(stderr, "Error Verifying Data\n");
ERR_print_errors_fp(stderr);
}
if (p7)
PKCS7_free(p7);
if (p7)
PKCS7_free(p7);
if (cacert)
X509_free(cacert);
if (cacert)
X509_free(cacert);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
return ret;
return ret;
}
}

254
demos/spkigen.c
View File

@@ -1,9 +1,9 @@
/* NOCW */
/*-
* demos/spkigen.c
* 18-Mar-1997 - eay - A quick hack :-)
* version 1.1, it would probably help to save or load the
* private key :-)
* 18-Mar-1997 - eay - A quick hack :-)
* version 1.1, it would probably help to save or load the
* private key :-)
*/
#include <stdio.h>
#include <stdlib.h>
@@ -14,149 +14,159 @@
#include <openssl/x509.h>
#include <openssl/pem.h>
/* The following two don't exist in SSLeay but they are in here as
* examples */
/*
* The following two don't exist in SSLeay but they are in here as examples
*/
#define PEM_write_SPKI(fp,x) \
PEM_ASN1_write((int (*)())i2d_NETSCAPE_SPKI,"SPKI",fp,\
(char *)x,NULL,NULL,0,NULL)
PEM_ASN1_write((int (*)())i2d_NETSCAPE_SPKI,"SPKI",fp,\
(char *)x,NULL,NULL,0,NULL)
int SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
/* These are defined in the next version of SSLeay */
int EVP_PKEY_assign(EVP_PKEY *pkey, int type,char *key);
#define RSA_F4 0x10001
int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key);
#define RSA_F4 0x10001
#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
(char *)(rsa))
(char *)(rsa))
int main(argc,argv)
int main(argc, argv)
int argc;
char *argv[];
{
RSA *rsa=NULL;
NETSCAPE_SPKI *spki=NULL;
EVP_PKEY *pkey=NULL;
char buf[128];
int ok=0,i;
FILE *fp;
{
RSA *rsa = NULL;
NETSCAPE_SPKI *spki = NULL;
EVP_PKEY *pkey = NULL;
char buf[128];
int ok = 0, i;
FILE *fp;
pkey=EVP_PKEY_new();
if (argc < 2)
{
/* Generate an RSA key, the random state should have been seeded
* with lots of calls to RAND_seed(....) */
fprintf(stderr,"generating RSA key, could take some time...\n");
if ((rsa=RSA_generate_key(512,RSA_F4,NULL)) == NULL) goto err;
}
else
{
if ((fp=fopen(argv[1],"r")) == NULL)
{ perror(argv[1]); goto err; }
if ((rsa=PEM_read_RSAPrivateKey(fp,NULL,NULL)) == NULL)
goto err;
fclose(fp);
}
if (!EVP_PKEY_assign_RSA(pkey,rsa)) goto err;
rsa=NULL;
pkey = EVP_PKEY_new();
/* lets make the spki and set the public key and challenge */
if ((spki=NETSCAPE_SPKI_new()) == NULL) goto err;
if (argc < 2) {
/*
* Generate an RSA key, the random state should have been seeded with
* lots of calls to RAND_seed(....)
*/
fprintf(stderr, "generating RSA key, could take some time...\n");
if ((rsa = RSA_generate_key(512, RSA_F4, NULL)) == NULL)
goto err;
} else {
if ((fp = fopen(argv[1], "r")) == NULL) {
perror(argv[1]);
goto err;
}
if ((rsa = PEM_read_RSAPrivateKey(fp, NULL, NULL)) == NULL)
goto err;
fclose(fp);
}
if (!SPKI_set_pubkey(spki,pkey)) goto err;
if (!EVP_PKEY_assign_RSA(pkey, rsa))
goto err;
rsa = NULL;
fprintf(stderr,"please enter challenge string:");
fflush(stderr);
buf[0]='\0';
fgets(buf,sizeof buf,stdin);
i=strlen(buf);
if (i > 0) buf[--i]='\0';
if (!ASN1_STRING_set((ASN1_STRING *)spki->spkac->challenge,
buf,i)) goto err;
/* lets make the spki and set the public key and challenge */
if ((spki = NETSCAPE_SPKI_new()) == NULL)
goto err;
if (!NETSCAPE_SPKI_sign(spki,pkey,EVP_md5())) goto err;
PEM_write_SPKI(stdout,spki);
if (argc < 2)
PEM_write_RSAPrivateKey(stdout,pkey->pkey.rsa,NULL,NULL,0,NULL);
if (!SPKI_set_pubkey(spki, pkey))
goto err;
ok=1;
err:
if (!ok)
{
fprintf(stderr,"something bad happened....");
ERR_print_errors_fp(stderr);
}
NETSCAPE_SPKI_free(spki);
EVP_PKEY_free(pkey);
exit(!ok);
}
fprintf(stderr, "please enter challenge string:");
fflush(stderr);
buf[0] = '\0';
fgets(buf, sizeof buf, stdin);
i = strlen(buf);
if (i > 0)
buf[--i] = '\0';
if (!ASN1_STRING_set((ASN1_STRING *)spki->spkac->challenge, buf, i))
goto err;
if (!NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()))
goto err;
PEM_write_SPKI(stdout, spki);
if (argc < 2)
PEM_write_RSAPrivateKey(stdout, pkey->pkey.rsa, NULL, NULL, 0, NULL);
ok = 1;
err:
if (!ok) {
fprintf(stderr, "something bad happened....");
ERR_print_errors_fp(stderr);
}
NETSCAPE_SPKI_free(spki);
EVP_PKEY_free(pkey);
exit(!ok);
}
/* This function is in the next version of SSLeay */
int EVP_PKEY_assign(pkey,type,key)
int EVP_PKEY_assign(pkey, type, key)
EVP_PKEY *pkey;
int type;
char *key;
{
if (pkey == NULL) return(0);
if (pkey->pkey.ptr != NULL)
{
if (pkey->type == EVP_PKEY_RSA)
RSA_free(pkey->pkey.rsa);
/* else memory leak */
}
pkey->type=type;
pkey->pkey.ptr=key;
return(1);
}
{
if (pkey == NULL)
return (0);
if (pkey->pkey.ptr != NULL) {
if (pkey->type == EVP_PKEY_RSA)
RSA_free(pkey->pkey.rsa);
/* else memory leak */
}
pkey->type = type;
pkey->pkey.ptr = key;
return (1);
}
/* While I have a
* X509_set_pubkey() and X509_REQ_set_pubkey(), SPKI_set_pubkey() does
* not currently exist so here is a version of it.
* The next SSLeay release will probably have
* X509_set_pubkey(),
* X509_REQ_set_pubkey() and
* NETSCAPE_SPKI_set_pubkey()
* as macros calling the same function */
int SPKI_set_pubkey(x,pkey)
/*
* While I have a X509_set_pubkey() and X509_REQ_set_pubkey(),
* SPKI_set_pubkey() does not currently exist so here is a version of it. The
* next SSLeay release will probably have X509_set_pubkey(),
* X509_REQ_set_pubkey() and NETSCAPE_SPKI_set_pubkey() as macros calling the
* same function
*/
int SPKI_set_pubkey(x, pkey)
NETSCAPE_SPKI *x;
EVP_PKEY *pkey;
{
int ok=0;
X509_PUBKEY *pk;
X509_ALGOR *a;
ASN1_OBJECT *o;
unsigned char *s,*p;
int i;
{
int ok = 0;
X509_PUBKEY *pk;
X509_ALGOR *a;
ASN1_OBJECT *o;
unsigned char *s, *p;
int i;
if (x == NULL) return(0);
if (x == NULL)
return (0);
if ((pk=X509_PUBKEY_new()) == NULL) goto err;
a=pk->algor;
if ((pk = X509_PUBKEY_new()) == NULL)
goto err;
a = pk->algor;
/* set the algorithm id */
if ((o=OBJ_nid2obj(pkey->type)) == NULL) goto err;
ASN1_OBJECT_free(a->algorithm);
a->algorithm=o;
/* set the algorithm id */
if ((o = OBJ_nid2obj(pkey->type)) == NULL)
goto err;
ASN1_OBJECT_free(a->algorithm);
a->algorithm = o;
/* Set the parameter list */
if ((a->parameter == NULL) || (a->parameter->type != V_ASN1_NULL))
{
ASN1_TYPE_free(a->parameter);
a->parameter=ASN1_TYPE_new();
a->parameter->type=V_ASN1_NULL;
}
i=i2d_PublicKey(pkey,NULL);
if ((s=(unsigned char *)malloc(i+1)) == NULL) goto err;
p=s;
i2d_PublicKey(pkey,&p);
if (!ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err;
free(s);
X509_PUBKEY_free(x->spkac->pubkey);
x->spkac->pubkey=pk;
pk=NULL;
ok=1;
err:
if (pk != NULL) X509_PUBKEY_free(pk);
return(ok);
}
/* Set the parameter list */
if ((a->parameter == NULL) || (a->parameter->type != V_ASN1_NULL)) {
ASN1_TYPE_free(a->parameter);
a->parameter = ASN1_TYPE_new();
a->parameter->type = V_ASN1_NULL;
}
i = i2d_PublicKey(pkey, NULL);
if ((s = (unsigned char *)malloc(i + 1)) == NULL)
goto err;
p = s;
i2d_PublicKey(pkey, &p);
if (!ASN1_BIT_STRING_set(pk->public_key, s, i))
goto err;
free(s);
X509_PUBKEY_free(x->spkac->pubkey);
x->spkac->pubkey = pk;
pk = NULL;
ok = 1;
err:
if (pk != NULL)
X509_PUBKEY_free(pk);
return (ok);
}

463
demos/state_machine/state_machine.c
View File

@@ -6,7 +6,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -83,334 +83,325 @@
#include <sys/socket.h>
#include <netinet/in.h>
/* die_unless is intended to work like assert, except that it happens
always, even if NDEBUG is defined. Use assert as a stopgap. */
/*
* die_unless is intended to work like assert, except that it happens always,
* even if NDEBUG is defined. Use assert as a stopgap.
*/
#define die_unless(x) assert(x)
#define die_unless(x) assert(x)
typedef struct
{
typedef struct {
SSL_CTX *pCtx;
BIO *pbioRead;
BIO *pbioWrite;
SSL *pSSL;
} SSLStateMachine;
} SSLStateMachine;
void SSLStateMachine_print_error(SSLStateMachine *pMachine,const char *szErr)
{
void SSLStateMachine_print_error(SSLStateMachine * pMachine,
const char *szErr)
{
unsigned long l;
fprintf(stderr,"%s\n",szErr);
while((l=ERR_get_error()))
{
char buf[1024];
fprintf(stderr, "%s\n", szErr);
while ((l = ERR_get_error())) {
char buf[1024];
ERR_error_string_n(l,buf,sizeof buf);
fprintf(stderr,"Error %lx: %s\n",l,buf);
}
ERR_error_string_n(l, buf, sizeof buf);
fprintf(stderr, "Error %lx: %s\n", l, buf);
}
}
SSLStateMachine *SSLStateMachine_new(const char *szCertificateFile,
const char *szKeyFile)
{
SSLStateMachine *pMachine=malloc(sizeof *pMachine);
const char *szKeyFile)
{
SSLStateMachine *pMachine = malloc(sizeof *pMachine);
int n;
die_unless(pMachine);
pMachine->pCtx=SSL_CTX_new(SSLv23_server_method());
pMachine->pCtx = SSL_CTX_new(SSLv23_server_method());
die_unless(pMachine->pCtx);
n=SSL_CTX_use_certificate_file(pMachine->pCtx,szCertificateFile,
SSL_FILETYPE_PEM);
n = SSL_CTX_use_certificate_file(pMachine->pCtx, szCertificateFile,
SSL_FILETYPE_PEM);
die_unless(n > 0);
n=SSL_CTX_use_PrivateKey_file(pMachine->pCtx,szKeyFile,SSL_FILETYPE_PEM);
n = SSL_CTX_use_PrivateKey_file(pMachine->pCtx, szKeyFile,
SSL_FILETYPE_PEM);
die_unless(n > 0);
pMachine->pSSL=SSL_new(pMachine->pCtx);
pMachine->pSSL = SSL_new(pMachine->pCtx);
die_unless(pMachine->pSSL);
pMachine->pbioRead=BIO_new(BIO_s_mem());
pMachine->pbioRead = BIO_new(BIO_s_mem());
pMachine->pbioWrite=BIO_new(BIO_s_mem());
pMachine->pbioWrite = BIO_new(BIO_s_mem());
SSL_set_bio(pMachine->pSSL,pMachine->pbioRead,pMachine->pbioWrite);
SSL_set_bio(pMachine->pSSL, pMachine->pbioRead, pMachine->pbioWrite);
SSL_set_accept_state(pMachine->pSSL);
return pMachine;
}
}
void SSLStateMachine_read_inject(SSLStateMachine *pMachine,
const unsigned char *aucBuf,int nBuf)
{
int n=BIO_write(pMachine->pbioRead,aucBuf,nBuf);
/* If it turns out this assert fails, then buffer the data here
* and just feed it in in churn instead. Seems to me that it
* should be guaranteed to succeed, though.
void SSLStateMachine_read_inject(SSLStateMachine * pMachine,
const unsigned char *aucBuf, int nBuf)
{
int n = BIO_write(pMachine->pbioRead, aucBuf, nBuf);
/*
* If it turns out this assert fails, then buffer the data here and just
* feed it in in churn instead. Seems to me that it should be guaranteed
* to succeed, though.
*/
assert(n == nBuf);
fprintf(stderr,"%d bytes of encrypted data fed to state machine\n",n);
}
fprintf(stderr, "%d bytes of encrypted data fed to state machine\n", n);
}
int SSLStateMachine_read_extract(SSLStateMachine *pMachine,
unsigned char *aucBuf,int nBuf)
{
int SSLStateMachine_read_extract(SSLStateMachine * pMachine,
unsigned char *aucBuf, int nBuf)
{
int n;
if(!SSL_is_init_finished(pMachine->pSSL))
{
fprintf(stderr,"Doing SSL_accept\n");
n=SSL_accept(pMachine->pSSL);
if(n == 0)
fprintf(stderr,"SSL_accept returned zero\n");
if(n < 0)
{
int err;
if (!SSL_is_init_finished(pMachine->pSSL)) {
fprintf(stderr, "Doing SSL_accept\n");
n = SSL_accept(pMachine->pSSL);
if (n == 0)
fprintf(stderr, "SSL_accept returned zero\n");
if (n < 0) {
int err;
if((err=SSL_get_error(pMachine->pSSL,n)) == SSL_ERROR_WANT_READ)
{
fprintf(stderr,"SSL_accept wants more data\n");
return 0;
}
if ((err =
SSL_get_error(pMachine->pSSL, n)) == SSL_ERROR_WANT_READ) {
fprintf(stderr, "SSL_accept wants more data\n");
return 0;
}
SSLStateMachine_print_error(pMachine,"SSL_accept error");
exit(7);
}
return 0;
}
n=SSL_read(pMachine->pSSL,aucBuf,nBuf);
if(n < 0)
{
int err=SSL_get_error(pMachine->pSSL,n);
if(err == SSL_ERROR_WANT_READ)
{
fprintf(stderr,"SSL_read wants more data\n");
return 0;
}
SSLStateMachine_print_error(pMachine,"SSL_read error");
exit(8);
}
fprintf(stderr,"%d bytes of decrypted data read from state machine\n",n);
return n;
SSLStateMachine_print_error(pMachine, "SSL_accept error");
exit(7);
}
return 0;
}
int SSLStateMachine_write_can_extract(SSLStateMachine *pMachine)
{
int n=BIO_pending(pMachine->pbioWrite);
if(n)
fprintf(stderr,"There is encrypted data available to write\n");
n = SSL_read(pMachine->pSSL, aucBuf, nBuf);
if (n < 0) {
int err = SSL_get_error(pMachine->pSSL, n);
if (err == SSL_ERROR_WANT_READ) {
fprintf(stderr, "SSL_read wants more data\n");
return 0;
}
SSLStateMachine_print_error(pMachine, "SSL_read error");
exit(8);
}
fprintf(stderr, "%d bytes of decrypted data read from state machine\n",
n);
return n;
}
int SSLStateMachine_write_can_extract(SSLStateMachine * pMachine)
{
int n = BIO_pending(pMachine->pbioWrite);
if (n)
fprintf(stderr, "There is encrypted data available to write\n");
else
fprintf(stderr,"There is no encrypted data available to write\n");
fprintf(stderr, "There is no encrypted data available to write\n");
return n;
}
}
int SSLStateMachine_write_extract(SSLStateMachine *pMachine,
unsigned char *aucBuf,int nBuf)
{
int SSLStateMachine_write_extract(SSLStateMachine * pMachine,
unsigned char *aucBuf, int nBuf)
{
int n;
n=BIO_read(pMachine->pbioWrite,aucBuf,nBuf);
fprintf(stderr,"%d bytes of encrypted data read from state machine\n",n);
n = BIO_read(pMachine->pbioWrite, aucBuf, nBuf);
fprintf(stderr, "%d bytes of encrypted data read from state machine\n",
n);
return n;
}
}
void SSLStateMachine_write_inject(SSLStateMachine *pMachine,
const unsigned char *aucBuf,int nBuf)
{
int n=SSL_write(pMachine->pSSL,aucBuf,nBuf);
/* If it turns out this assert fails, then buffer the data here
* and just feed it in in churn instead. Seems to me that it
* should be guaranteed to succeed, though.
void SSLStateMachine_write_inject(SSLStateMachine * pMachine,
const unsigned char *aucBuf, int nBuf)
{
int n = SSL_write(pMachine->pSSL, aucBuf, nBuf);
/*
* If it turns out this assert fails, then buffer the data here and just
* feed it in in churn instead. Seems to me that it should be guaranteed
* to succeed, though.
*/
assert(n == nBuf);
fprintf(stderr,"%d bytes of unencrypted data fed to state machine\n",n);
}
fprintf(stderr, "%d bytes of unencrypted data fed to state machine\n", n);
}
int OpenSocket(int nPort)
{
{
int nSocket;
struct sockaddr_in saServer;
struct sockaddr_in saClient;
int one=1;
int one = 1;
int nSize;
int nFD;
int nLen;
nSocket=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
if(nSocket < 0)
{
perror("socket");
exit(1);
}
if(setsockopt(nSocket,SOL_SOCKET,SO_REUSEADDR,(char *)&one,sizeof one) < 0)
{
perror("setsockopt");
exit(2);
}
memset(&saServer,0,sizeof saServer);
saServer.sin_family=AF_INET;
saServer.sin_port=htons(nPort);
nSize=sizeof saServer;
if(bind(nSocket,(struct sockaddr *)&saServer,nSize) < 0)
{
perror("bind");
exit(3);
}
if(listen(nSocket,512) < 0)
{
perror("listen");
exit(4);
}
nLen=sizeof saClient;
nFD=accept(nSocket,(struct sockaddr *)&saClient,&nLen);
if(nFD < 0)
{
perror("accept");
exit(5);
}
fprintf(stderr,"Incoming accepted on port %d\n",nPort);
return nFD;
nSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (nSocket < 0) {
perror("socket");
exit(1);
}
int main(int argc,char **argv)
{
if (setsockopt
(nSocket, SOL_SOCKET, SO_REUSEADDR, (char *)&one, sizeof one) < 0) {
perror("setsockopt");
exit(2);
}
memset(&saServer, 0, sizeof saServer);
saServer.sin_family = AF_INET;
saServer.sin_port = htons(nPort);
nSize = sizeof saServer;
if (bind(nSocket, (struct sockaddr *)&saServer, nSize) < 0) {
perror("bind");
exit(3);
}
if (listen(nSocket, 512) < 0) {
perror("listen");
exit(4);
}
nLen = sizeof saClient;
nFD = accept(nSocket, (struct sockaddr *)&saClient, &nLen);
if (nFD < 0) {
perror("accept");
exit(5);
}
fprintf(stderr, "Incoming accepted on port %d\n", nPort);
return nFD;
}
int main(int argc, char **argv)
{
SSLStateMachine *pMachine;
int nPort;
int nFD;
const char *szCertificateFile;
const char *szKeyFile;
char rbuf[1];
int nrbuf=0;
int nrbuf = 0;
if(argc != 4)
{
fprintf(stderr,"%s <port> <certificate file> <key file>\n",argv[0]);
exit(6);
}
if (argc != 4) {
fprintf(stderr, "%s <port> <certificate file> <key file>\n", argv[0]);
exit(6);
}
nPort=atoi(argv[1]);
szCertificateFile=argv[2];
szKeyFile=argv[3];
nPort = atoi(argv[1]);
szCertificateFile = argv[2];
szKeyFile = argv[3];
SSL_library_init();
OpenSSL_add_ssl_algorithms();
SSL_load_error_strings();
ERR_load_crypto_strings();
nFD=OpenSocket(nPort);
nFD = OpenSocket(nPort);
pMachine=SSLStateMachine_new(szCertificateFile,szKeyFile);
pMachine = SSLStateMachine_new(szCertificateFile, szKeyFile);
for( ; ; )
{
fd_set rfds,wfds;
unsigned char buf[1024];
int n;
for (;;) {
fd_set rfds, wfds;
unsigned char buf[1024];
int n;
FD_ZERO(&rfds);
FD_ZERO(&wfds);
FD_ZERO(&rfds);
FD_ZERO(&wfds);
/* Select socket for input */
FD_SET(nFD,&rfds);
/* Select socket for input */
FD_SET(nFD, &rfds);
/* check whether there's decrypted data */
if(!nrbuf)
nrbuf=SSLStateMachine_read_extract(pMachine,rbuf,1);
/* check whether there's decrypted data */
if (!nrbuf)
nrbuf = SSLStateMachine_read_extract(pMachine, rbuf, 1);
/* if there's decrypted data, check whether we can write it */
if(nrbuf)
FD_SET(1,&wfds);
/* if there's decrypted data, check whether we can write it */
if (nrbuf)
FD_SET(1, &wfds);
/* Select socket for output */
if(SSLStateMachine_write_can_extract(pMachine))
FD_SET(nFD,&wfds);
/* Select socket for output */
if (SSLStateMachine_write_can_extract(pMachine))
FD_SET(nFD, &wfds);
/* Select stdin for input */
FD_SET(0,&rfds);
/* Select stdin for input */
FD_SET(0, &rfds);
/* Wait for something to do something */
n=select(nFD+1,&rfds,&wfds,NULL,NULL);
assert(n > 0);
/* Wait for something to do something */
n = select(nFD + 1, &rfds, &wfds, NULL, NULL);
assert(n > 0);
/* Socket is ready for input */
if(FD_ISSET(nFD,&rfds))
{
n=read(nFD,buf,sizeof buf);
if(n == 0)
{
fprintf(stderr,"Got EOF on socket\n");
exit(0);
}
assert(n > 0);
/* Socket is ready for input */
if (FD_ISSET(nFD, &rfds)) {
n = read(nFD, buf, sizeof buf);
if (n == 0) {
fprintf(stderr, "Got EOF on socket\n");
exit(0);
}
assert(n > 0);
SSLStateMachine_read_inject(pMachine,buf,n);
}
SSLStateMachine_read_inject(pMachine, buf, n);
}
/* stdout is ready for output (and hence we have some to send it) */
if(FD_ISSET(1,&wfds))
{
assert(nrbuf == 1);
buf[0]=rbuf[0];
nrbuf=0;
/* stdout is ready for output (and hence we have some to send it) */
if (FD_ISSET(1, &wfds)) {
assert(nrbuf == 1);
buf[0] = rbuf[0];
nrbuf = 0;
n=SSLStateMachine_read_extract(pMachine,buf+1,sizeof buf-1);
if(n < 0)
{
SSLStateMachine_print_error(pMachine,"read extract failed");
break;
}
assert(n >= 0);
++n;
if(n > 0) /* FIXME: has to be true now */
{
int w;
w=write(1,buf,n);
/* FIXME: we should push back any unwritten data */
assert(w == n);
}
}
n = SSLStateMachine_read_extract(pMachine, buf + 1,
sizeof buf - 1);
if (n < 0) {
SSLStateMachine_print_error(pMachine, "read extract failed");
break;
}
assert(n >= 0);
++n;
if (n > 0) { /* FIXME: has to be true now */
int w;
/* Socket is ready for output (and therefore we have output to send) */
if(FD_ISSET(nFD,&wfds))
{
int w;
w = write(1, buf, n);
/* FIXME: we should push back any unwritten data */
assert(w == n);
}
}
n=SSLStateMachine_write_extract(pMachine,buf,sizeof buf);
assert(n > 0);
/*
* Socket is ready for output (and therefore we have output to send)
*/
if (FD_ISSET(nFD, &wfds)) {
int w;
w=write(nFD,buf,n);
/* FIXME: we should push back any unwritten data */
assert(w == n);
}
n = SSLStateMachine_write_extract(pMachine, buf, sizeof buf);
assert(n > 0);
/* Stdin is ready for input */
if(FD_ISSET(0,&rfds))
{
n=read(0,buf,sizeof buf);
if(n == 0)
{
fprintf(stderr,"Got EOF on stdin\n");
exit(0);
}
assert(n > 0);
w = write(nFD, buf, n);
/* FIXME: we should push back any unwritten data */
assert(w == n);
}
SSLStateMachine_write_inject(pMachine,buf,n);
}
}
/* Stdin is ready for input */
if (FD_ISSET(0, &rfds)) {
n = read(0, buf, sizeof buf);
if (n == 0) {
fprintf(stderr, "Got EOF on stdin\n");
exit(0);
}
assert(n > 0);
SSLStateMachine_write_inject(pMachine, buf, n);
}
}
/* not reached */
return 0;
}
}

106
demos/tunala/breakage.c
View File

@@ -3,64 +3,66 @@
int int_strtoul(const char *str, unsigned long *val)
{
#ifdef HAVE_STRTOUL
char *tmp;
unsigned long ret = strtoul(str, &tmp, 10);
if((str == tmp) || (*tmp != '\0'))
/* The value didn't parse cleanly */
return 0;
if(ret == ULONG_MAX)
/* We hit a limit */
return 0;
*val = ret;
return 1;
char *tmp;
unsigned long ret = strtoul(str, &tmp, 10);
if ((str == tmp) || (*tmp != '\0'))
/* The value didn't parse cleanly */
return 0;
if (ret == ULONG_MAX)
/* We hit a limit */
return 0;
*val = ret;
return 1;
#else
char buf[2];
unsigned long ret = 0;
buf[1] = '\0';
if(str == '\0')
/* An empty string ... */
return 0;
while(*str != '\0') {
/* We have to multiply 'ret' by 10 before absorbing the next
* digit. If this will overflow, catch it now. */
if(ret && (((ULONG_MAX + 10) / ret) < 10))
return 0;
ret *= 10;
if(!isdigit(*str))
return 0;
buf[0] = *str;
ret += atoi(buf);
str++;
}
*val = ret;
return 1;
char buf[2];
unsigned long ret = 0;
buf[1] = '\0';
if (str == '\0')
/* An empty string ... */
return 0;
while (*str != '\0') {
/*
* We have to multiply 'ret' by 10 before absorbing the next digit.
* If this will overflow, catch it now.
*/
if (ret && (((ULONG_MAX + 10) / ret) < 10))
return 0;
ret *= 10;
if (!isdigit(*str))
return 0;
buf[0] = *str;
ret += atoi(buf);
str++;
}
*val = ret;
return 1;
#endif
}
#ifndef HAVE_STRSTR
char *int_strstr(const char *haystack, const char *needle)
{
const char *sub_haystack = haystack, *sub_needle = needle;
unsigned int offset = 0;
if(!needle)
return haystack;
if(!haystack)
return NULL;
while((*sub_haystack != '\0') && (*sub_needle != '\0')) {
if(sub_haystack[offset] == sub_needle) {
/* sub_haystack is still a candidate */
offset++;
sub_needle++;
} else {
/* sub_haystack is no longer a possibility */
sub_haystack++;
offset = 0;
sub_needle = needle;
}
}
if(*sub_haystack == '\0')
/* Found nothing */
return NULL;
return sub_haystack;
const char *sub_haystack = haystack, *sub_needle = needle;
unsigned int offset = 0;
if (!needle)
return haystack;
if (!haystack)
return NULL;
while ((*sub_haystack != '\0') && (*sub_needle != '\0')) {
if (sub_haystack[offset] == sub_needle) {
/* sub_haystack is still a candidate */
offset++;
sub_needle++;
} else {
/* sub_haystack is no longer a possibility */
sub_haystack++;
offset = 0;
sub_needle = needle;
}
}
if (*sub_haystack == '\0')
/* Found nothing */
return NULL;
return sub_haystack;
}
#endif

343
demos/tunala/buffer.c
View File

@@ -2,204 +2,235 @@
#ifndef NO_BUFFER
void buffer_init(buffer_t *buf)
void buffer_init(buffer_t * buf)
{
buf->used = 0;
buf->total_in = buf->total_out = 0;
buf->used = 0;
buf->total_in = buf->total_out = 0;
}
void buffer_close(buffer_t *buf)
void buffer_close(buffer_t * buf)
{
/* Our data is static - nothing needs "release", just reset it */
buf->used = 0;
/* Our data is static - nothing needs "release", just reset it */
buf->used = 0;
}
/* Code these simple ones in compact form */
unsigned int buffer_used(buffer_t *buf) {
return buf->used; }
unsigned int buffer_unused(buffer_t *buf) {
return (MAX_DATA_SIZE - buf->used); }
int buffer_full(buffer_t *buf) {
return (buf->used == MAX_DATA_SIZE ? 1 : 0); }
int buffer_notfull(buffer_t *buf) {
return (buf->used < MAX_DATA_SIZE ? 1 : 0); }
int buffer_empty(buffer_t *buf) {
return (buf->used == 0 ? 1 : 0); }
int buffer_notempty(buffer_t *buf) {
return (buf->used > 0 ? 1 : 0); }
unsigned long buffer_total_in(buffer_t *buf) {
return buf->total_in; }
unsigned long buffer_total_out(buffer_t *buf) {
return buf->total_out; }
unsigned int buffer_used(buffer_t * buf)
{
return buf->used;
}
/* These 3 static (internal) functions don't adjust the "total" variables as
unsigned int buffer_unused(buffer_t * buf)
{
return (MAX_DATA_SIZE - buf->used);
}
int buffer_full(buffer_t * buf)
{
return (buf->used == MAX_DATA_SIZE ? 1 : 0);
}
int buffer_notfull(buffer_t * buf)
{
return (buf->used < MAX_DATA_SIZE ? 1 : 0);
}
int buffer_empty(buffer_t * buf)
{
return (buf->used == 0 ? 1 : 0);
}
int buffer_notempty(buffer_t * buf)
{
return (buf->used > 0 ? 1 : 0);
}
unsigned long buffer_total_in(buffer_t * buf)
{
return buf->total_in;
}
unsigned long buffer_total_out(buffer_t * buf)
{
return buf->total_out;
}
/*
* These 3 static (internal) functions don't adjust the "total" variables as
* it's not sure when they're called how it should be interpreted. Only the
* higher-level "buffer_[to|from]_[fd|SSL|BIO]" functions should alter these
* values. */
#if 0 /* To avoid "unused" warnings */
static unsigned int buffer_adddata(buffer_t *buf, const unsigned char *ptr,
unsigned int size)
* values.
*/
# if 0 /* To avoid "unused" warnings */
static unsigned int buffer_adddata(buffer_t * buf, const unsigned char *ptr,
unsigned int size)
{
unsigned int added = MAX_DATA_SIZE - buf->used;
if(added > size)
added = size;
if(added == 0)
return 0;
memcpy(buf->data + buf->used, ptr, added);
buf->used += added;
buf->total_in += added;
return added;
unsigned int added = MAX_DATA_SIZE - buf->used;
if (added > size)
added = size;
if (added == 0)
return 0;
memcpy(buf->data + buf->used, ptr, added);
buf->used += added;
buf->total_in += added;
return added;
}
static unsigned int buffer_tobuffer(buffer_t *to, buffer_t *from, int cap)
static unsigned int buffer_tobuffer(buffer_t * to, buffer_t * from, int cap)
{
unsigned int moved, tomove = from->used;
if((int)tomove > cap)
tomove = cap;
if(tomove == 0)
return 0;
moved = buffer_adddata(to, from->data, tomove);
if(moved == 0)
return 0;
buffer_takedata(from, NULL, moved);
return moved;
unsigned int moved, tomove = from->used;
if ((int)tomove > cap)
tomove = cap;
if (tomove == 0)
return 0;
moved = buffer_adddata(to, from->data, tomove);
if (moved == 0)
return 0;
buffer_takedata(from, NULL, moved);
return moved;
}
#endif
# endif
static unsigned int buffer_takedata(buffer_t *buf, unsigned char *ptr,
unsigned int size)
static unsigned int buffer_takedata(buffer_t * buf, unsigned char *ptr,
unsigned int size)
{
unsigned int taken = buf->used;
if(taken > size)
taken = size;
if(taken == 0)
return 0;
if(ptr)
memcpy(ptr, buf->data, taken);
buf->used -= taken;
/* Do we have to scroll? */
if(buf->used > 0)
memmove(buf->data, buf->data + taken, buf->used);
return taken;
unsigned int taken = buf->used;
if (taken > size)
taken = size;
if (taken == 0)
return 0;
if (ptr)
memcpy(ptr, buf->data, taken);
buf->used -= taken;
/* Do we have to scroll? */
if (buf->used > 0)
memmove(buf->data, buf->data + taken, buf->used);
return taken;
}
#ifndef NO_IP
# ifndef NO_IP
int buffer_from_fd(buffer_t *buf, int fd)
int buffer_from_fd(buffer_t * buf, int fd)
{
int toread = buffer_unused(buf);
if(toread == 0)
/* Shouldn't be called in this case! */
abort();
toread = read(fd, buf->data + buf->used, toread);
if(toread > 0) {
buf->used += toread;
buf->total_in += toread;
}
return toread;
int toread = buffer_unused(buf);
if (toread == 0)
/* Shouldn't be called in this case! */
abort();
toread = read(fd, buf->data + buf->used, toread);
if (toread > 0) {
buf->used += toread;
buf->total_in += toread;
}
return toread;
}
int buffer_to_fd(buffer_t *buf, int fd)
int buffer_to_fd(buffer_t * buf, int fd)
{
int towrite = buffer_used(buf);
if(towrite == 0)
/* Shouldn't be called in this case! */
abort();
towrite = write(fd, buf->data, towrite);
if(towrite > 0) {
buffer_takedata(buf, NULL, towrite);
buf->total_out += towrite;
}
return towrite;
int towrite = buffer_used(buf);
if (towrite == 0)
/* Shouldn't be called in this case! */
abort();
towrite = write(fd, buf->data, towrite);
if (towrite > 0) {
buffer_takedata(buf, NULL, towrite);
buf->total_out += towrite;
}
return towrite;
}
#endif /* !defined(NO_IP) */
# endif /* !defined(NO_IP) */
#ifndef NO_OPENSSL
# ifndef NO_OPENSSL
static void int_ssl_check(SSL *s, int ret)
{
int e = SSL_get_error(s, ret);
switch(e) {
/* These seem to be harmless and already "dealt with" by our
* non-blocking environment. NB: "ZERO_RETURN" is the clean
* "error" indicating a successfully closed SSL tunnel. We let
* this happen because our IO loop should not appear to have
* broken on this condition - and outside the IO loop, the
* "shutdown" state is checked. */
case SSL_ERROR_NONE:
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE:
case SSL_ERROR_WANT_X509_LOOKUP:
case SSL_ERROR_ZERO_RETURN:
return;
/* These seem to be indications of a genuine error that should
* result in the SSL tunnel being regarded as "dead". */
case SSL_ERROR_SYSCALL:
case SSL_ERROR_SSL:
SSL_set_app_data(s, (char *)1);
return;
default:
break;
}
/* For any other errors that (a) exist, and (b) crop up - we need to
* interpret what to do with them - so "politely inform" the caller that
* the code needs updating here. */
abort();
int e = SSL_get_error(s, ret);
switch (e) {
/*
* These seem to be harmless and already "dealt with" by our
* non-blocking environment. NB: "ZERO_RETURN" is the clean "error"
* indicating a successfully closed SSL tunnel. We let this happen
* because our IO loop should not appear to have broken on this
* condition - and outside the IO loop, the "shutdown" state is
* checked.
*/
case SSL_ERROR_NONE:
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE:
case SSL_ERROR_WANT_X509_LOOKUP:
case SSL_ERROR_ZERO_RETURN:
return;
/*
* These seem to be indications of a genuine error that should result
* in the SSL tunnel being regarded as "dead".
*/
case SSL_ERROR_SYSCALL:
case SSL_ERROR_SSL:
SSL_set_app_data(s, (char *)1);
return;
default:
break;
}
/*
* For any other errors that (a) exist, and (b) crop up - we need to
* interpret what to do with them - so "politely inform" the caller that
* the code needs updating here.
*/
abort();
}
void buffer_from_SSL(buffer_t *buf, SSL *ssl)
void buffer_from_SSL(buffer_t * buf, SSL *ssl)
{
int ret;
if(!ssl || buffer_full(buf))
return;
ret = SSL_read(ssl, buf->data + buf->used, buffer_unused(buf));
if(ret > 0) {
buf->used += ret;
buf->total_in += ret;
}
if(ret < 0)
int_ssl_check(ssl, ret);
int ret;
if (!ssl || buffer_full(buf))
return;
ret = SSL_read(ssl, buf->data + buf->used, buffer_unused(buf));
if (ret > 0) {
buf->used += ret;
buf->total_in += ret;
}
if (ret < 0)
int_ssl_check(ssl, ret);
}
void buffer_to_SSL(buffer_t *buf, SSL *ssl)
void buffer_to_SSL(buffer_t * buf, SSL *ssl)
{
int ret;
if(!ssl || buffer_empty(buf))
return;
ret = SSL_write(ssl, buf->data, buf->used);
if(ret > 0) {
buffer_takedata(buf, NULL, ret);
buf->total_out += ret;
}
if(ret < 0)
int_ssl_check(ssl, ret);
int ret;
if (!ssl || buffer_empty(buf))
return;
ret = SSL_write(ssl, buf->data, buf->used);
if (ret > 0) {
buffer_takedata(buf, NULL, ret);
buf->total_out += ret;
}
if (ret < 0)
int_ssl_check(ssl, ret);
}
void buffer_from_BIO(buffer_t *buf, BIO *bio)
void buffer_from_BIO(buffer_t * buf, BIO *bio)
{
int ret;
if(!bio || buffer_full(buf))
return;
ret = BIO_read(bio, buf->data + buf->used, buffer_unused(buf));
if(ret > 0) {
buf->used += ret;
buf->total_in += ret;
}
int ret;
if (!bio || buffer_full(buf))
return;
ret = BIO_read(bio, buf->data + buf->used, buffer_unused(buf));
if (ret > 0) {
buf->used += ret;
buf->total_in += ret;
}
}
void buffer_to_BIO(buffer_t *buf, BIO *bio)
void buffer_to_BIO(buffer_t * buf, BIO *bio)
{
int ret;
if(!bio || buffer_empty(buf))
return;
ret = BIO_write(bio, buf->data, buf->used);
if(ret > 0) {
buffer_takedata(buf, NULL, ret);
buf->total_out += ret;
}
int ret;
if (!bio || buffer_empty(buf))
return;
ret = BIO_write(bio, buf->data, buf->used);
if (ret > 0) {
buffer_takedata(buf, NULL, ret);
buf->total_out += ret;
}
}
#endif /* !defined(NO_OPENSSL) */
# endif /* !defined(NO_OPENSSL) */
#endif /* !defined(NO_BUFFER) */
#endif /* !defined(NO_BUFFER) */

224
demos/tunala/cb.c
View File

@@ -16,148 +16,158 @@ static unsigned int cb_ssl_verify_level = 1;
/* Other static rubbish (to mirror s_cb.c where required) */
static int int_verify_depth = 10;
/* This function is largely borrowed from the one used in OpenSSL's "s_client"
* and "s_server" utilities. */
/*
* This function is largely borrowed from the one used in OpenSSL's
* "s_client" and "s_server" utilities.
*/
void cb_ssl_info(const SSL *s, int where, int ret)
{
const char *str1, *str2;
int w;
const char *str1, *str2;
int w;
if(!fp_cb_ssl_info)
return;
if (!fp_cb_ssl_info)
return;
w = where & ~SSL_ST_MASK;
str1 = (w & SSL_ST_CONNECT ? "SSL_connect" : (w & SSL_ST_ACCEPT ?
"SSL_accept" : "undefined")),
str2 = SSL_state_string_long(s);
w = where & ~SSL_ST_MASK;
str1 = (w & SSL_ST_CONNECT ? "SSL_connect" : (w & SSL_ST_ACCEPT ?
"SSL_accept" :
"undefined")), str2 =
SSL_state_string_long(s);
if (where & SSL_CB_LOOP)
fprintf(fp_cb_ssl_info, "(%s) %s\n", str1, str2);
else if (where & SSL_CB_EXIT) {
if (ret == 0)
fprintf(fp_cb_ssl_info, "(%s) failed in %s\n", str1, str2);
/* In a non-blocking model, we get a few of these "error"s simply because we're
* calling "reads" and "writes" on the state-machine that are virtual NOPs
* simply to avoid wasting the time seeing if we *should* call them. Removing
* this case makes the "-out_state" output a lot easier on the eye. */
#if 0
else if (ret < 0)
fprintf(fp_cb_ssl_info, "%s:error in %s\n", str1, str2);
#endif
}
if (where & SSL_CB_LOOP)
fprintf(fp_cb_ssl_info, "(%s) %s\n", str1, str2);
else if (where & SSL_CB_EXIT) {
if (ret == 0)
fprintf(fp_cb_ssl_info, "(%s) failed in %s\n", str1, str2);
/*
* In a non-blocking model, we get a few of these "error"s simply
* because we're calling "reads" and "writes" on the state-machine
* that are virtual NOPs simply to avoid wasting the time seeing if
* we *should* call them. Removing this case makes the "-out_state"
* output a lot easier on the eye.
*/
# if 0
else if (ret < 0)
fprintf(fp_cb_ssl_info, "%s:error in %s\n", str1, str2);
# endif
}
}
void cb_ssl_info_set_output(FILE *fp)
{
fp_cb_ssl_info = fp;
fp_cb_ssl_info = fp;
}
static const char *int_reason_no_issuer = "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT";
static const char *int_reason_no_issuer =
"X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT";
static const char *int_reason_not_yet = "X509_V_ERR_CERT_NOT_YET_VALID";
static const char *int_reason_before = "X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD";
static const char *int_reason_before =
"X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD";
static const char *int_reason_expired = "X509_V_ERR_CERT_HAS_EXPIRED";
static const char *int_reason_after = "X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD";
static const char *int_reason_after =
"X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD";
/* Stolen wholesale from apps/s_cb.c :-) And since then, mutilated ... */
int cb_ssl_verify(int ok, X509_STORE_CTX *ctx)
{
char buf1[256]; /* Used for the subject name */
char buf2[256]; /* Used for the issuer name */
const char *reason = NULL; /* Error reason (if any) */
X509 *err_cert;
int err, depth;
char buf1[256]; /* Used for the subject name */
char buf2[256]; /* Used for the issuer name */
const char *reason = NULL; /* Error reason (if any) */
X509 *err_cert;
int err, depth;
if(!fp_cb_ssl_verify || (cb_ssl_verify_level == 0))
return ok;
err_cert = X509_STORE_CTX_get_current_cert(ctx);
err = X509_STORE_CTX_get_error(ctx);
depth = X509_STORE_CTX_get_error_depth(ctx);
if (!fp_cb_ssl_verify || (cb_ssl_verify_level == 0))
return ok;
err_cert = X509_STORE_CTX_get_current_cert(ctx);
err = X509_STORE_CTX_get_error(ctx);
depth = X509_STORE_CTX_get_error_depth(ctx);
buf1[0] = buf2[0] = '\0';
/* Fill buf1 */
X509_NAME_oneline(X509_get_subject_name(err_cert), buf1, 256);
/* Fill buf2 */
X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf2, 256);
switch (ctx->error) {
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
reason = int_reason_no_issuer;
break;
case X509_V_ERR_CERT_NOT_YET_VALID:
reason = int_reason_not_yet;
break;
case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
reason = int_reason_before;
break;
case X509_V_ERR_CERT_HAS_EXPIRED:
reason = int_reason_expired;
break;
case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
reason = int_reason_after;
break;
}
buf1[0] = buf2[0] = '\0';
/* Fill buf1 */
X509_NAME_oneline(X509_get_subject_name(err_cert), buf1, 256);
/* Fill buf2 */
X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf2, 256);
switch (ctx->error) {
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
reason = int_reason_no_issuer;
break;
case X509_V_ERR_CERT_NOT_YET_VALID:
reason = int_reason_not_yet;
break;
case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
reason = int_reason_before;
break;
case X509_V_ERR_CERT_HAS_EXPIRED:
reason = int_reason_expired;
break;
case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
reason = int_reason_after;
break;
}
if((cb_ssl_verify_level == 1) && ok)
return ok;
fprintf(fp_cb_ssl_verify, "chain-depth=%d, ", depth);
if(reason)
fprintf(fp_cb_ssl_verify, "error=%s\n", reason);
else
fprintf(fp_cb_ssl_verify, "error=%d\n", err);
if(cb_ssl_verify_level < 3)
return ok;
fprintf(fp_cb_ssl_verify, "--> subject = %s\n", buf1);
fprintf(fp_cb_ssl_verify, "--> issuer = %s\n", buf2);
if(!ok)
fprintf(fp_cb_ssl_verify,"--> verify error:num=%d:%s\n",err,
X509_verify_cert_error_string(err));
fprintf(fp_cb_ssl_verify, "--> verify return:%d\n",ok);
return ok;
if ((cb_ssl_verify_level == 1) && ok)
return ok;
fprintf(fp_cb_ssl_verify, "chain-depth=%d, ", depth);
if (reason)
fprintf(fp_cb_ssl_verify, "error=%s\n", reason);
else
fprintf(fp_cb_ssl_verify, "error=%d\n", err);
if (cb_ssl_verify_level < 3)
return ok;
fprintf(fp_cb_ssl_verify, "--> subject = %s\n", buf1);
fprintf(fp_cb_ssl_verify, "--> issuer = %s\n", buf2);
if (!ok)
fprintf(fp_cb_ssl_verify, "--> verify error:num=%d:%s\n", err,
X509_verify_cert_error_string(err));
fprintf(fp_cb_ssl_verify, "--> verify return:%d\n", ok);
return ok;
}
void cb_ssl_verify_set_output(FILE *fp)
{
fp_cb_ssl_verify = fp;
fp_cb_ssl_verify = fp;
}
void cb_ssl_verify_set_depth(unsigned int verify_depth)
{
int_verify_depth = verify_depth;
int_verify_depth = verify_depth;
}
void cb_ssl_verify_set_level(unsigned int level)
{
if(level < 4)
cb_ssl_verify_level = level;
if (level < 4)
cb_ssl_verify_level = level;
}
RSA *cb_generate_tmp_rsa(SSL *s, int is_export, int keylength)
{
/* TODO: Perhaps make it so our global key can be generated on-the-fly
* after certain intervals? */
static RSA *rsa_tmp = NULL;
BIGNUM *bn = NULL;
int ok = 1;
if(!rsa_tmp) {
ok = 0;
if(!(bn = BN_new()))
goto end;
if(!BN_set_word(bn, RSA_F4))
goto end;
if(!(rsa_tmp = RSA_new()))
goto end;
if(!RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL))
goto end;
ok = 1;
}
end:
if(bn)
BN_free(bn);
if(!ok) {
RSA_free(rsa_tmp);
rsa_tmp = NULL;
}
return rsa_tmp;
/*
* TODO: Perhaps make it so our global key can be generated on-the-fly
* after certain intervals?
*/
static RSA *rsa_tmp = NULL;
BIGNUM *bn = NULL;
int ok = 1;
if (!rsa_tmp) {
ok = 0;
if (!(bn = BN_new()))
goto end;
if (!BN_set_word(bn, RSA_F4))
goto end;
if (!(rsa_tmp = RSA_new()))
goto end;
if (!RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL))
goto end;
ok = 1;
}
end:
if (bn)
BN_free(bn);
if (!ok) {
RSA_free(rsa_tmp);
rsa_tmp = NULL;
}
return rsa_tmp;
}
#endif /* !defined(NO_OPENSSL) */
#endif /* !defined(NO_OPENSSL) */

213
demos/tunala/ip.c
View File

@@ -2,145 +2,148 @@
#ifndef NO_IP
#define IP_LISTENER_BACKLOG 511 /* So if it gets masked by 256 or some other
such value it'll still be respectable */
# define IP_LISTENER_BACKLOG 511/* So if it gets masked by 256 or some other
* such value it'll still be respectable */
/* Any IP-related initialisations. For now, this means blocking SIGPIPE */
int ip_initialise(void)
{
struct sigaction sa;
struct sigaction sa;
sa.sa_handler = SIG_IGN;
sa.sa_flags = 0;
sigemptyset(&sa.sa_mask);
if(sigaction(SIGPIPE, &sa, NULL) != 0)
return 0;
return 1;
sa.sa_handler = SIG_IGN;
sa.sa_flags = 0;
sigemptyset(&sa.sa_mask);
if (sigaction(SIGPIPE, &sa, NULL) != 0)
return 0;
return 1;
}
int ip_create_listener_split(const char *ip, unsigned short port)
{
struct sockaddr_in in_addr;
int fd = -1;
int reuseVal = 1;
struct sockaddr_in in_addr;
int fd = -1;
int reuseVal = 1;
/* Create the socket */
if((fd = socket(PF_INET, SOCK_STREAM, 0)) == -1)
goto err;
/* Set the SO_REUSEADDR flag - servers act weird without it */
if(setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (char *)(&reuseVal),
sizeof(reuseVal)) != 0)
goto err;
/* Prepare the listen address stuff */
in_addr.sin_family = AF_INET;
memcpy(&in_addr.sin_addr.s_addr, ip, 4);
in_addr.sin_port = htons(port);
/* Bind to the required port/address/interface */
if(bind(fd, (struct sockaddr *)&in_addr, sizeof(struct sockaddr_in)) != 0)
goto err;
/* Start "listening" */
if(listen(fd, IP_LISTENER_BACKLOG) != 0)
goto err;
return fd;
err:
if(fd != -1)
close(fd);
return -1;
/* Create the socket */
if ((fd = socket(PF_INET, SOCK_STREAM, 0)) == -1)
goto err;
/* Set the SO_REUSEADDR flag - servers act weird without it */
if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (char *)(&reuseVal),
sizeof(reuseVal)) != 0)
goto err;
/* Prepare the listen address stuff */
in_addr.sin_family = AF_INET;
memcpy(&in_addr.sin_addr.s_addr, ip, 4);
in_addr.sin_port = htons(port);
/* Bind to the required port/address/interface */
if (bind(fd, (struct sockaddr *)&in_addr, sizeof(struct sockaddr_in)) !=
0)
goto err;
/* Start "listening" */
if (listen(fd, IP_LISTENER_BACKLOG) != 0)
goto err;
return fd;
err:
if (fd != -1)
close(fd);
return -1;
}
int ip_create_connection_split(const char *ip, unsigned short port)
{
struct sockaddr_in in_addr;
int flags, fd = -1;
struct sockaddr_in in_addr;
int flags, fd = -1;
/* Create the socket */
if((fd = socket(PF_INET, SOCK_STREAM, 0)) == -1)
goto err;
/* Make it non-blocking */
if(((flags = fcntl(fd, F_GETFL, 0)) < 0) ||
(fcntl(fd, F_SETFL, flags | O_NONBLOCK) < 0))
goto err;
/* Prepare the connection address stuff */
in_addr.sin_family = AF_INET;
memcpy(&in_addr.sin_addr.s_addr, ip, 4);
in_addr.sin_port = htons(port);
/* Start a connect (non-blocking, in all likelihood) */
if((connect(fd, (struct sockaddr *)&in_addr,
sizeof(struct sockaddr_in)) != 0) &&
(errno != EINPROGRESS))
goto err;
return fd;
err:
if(fd != -1)
close(fd);
return -1;
/* Create the socket */
if ((fd = socket(PF_INET, SOCK_STREAM, 0)) == -1)
goto err;
/* Make it non-blocking */
if (((flags = fcntl(fd, F_GETFL, 0)) < 0) ||
(fcntl(fd, F_SETFL, flags | O_NONBLOCK) < 0))
goto err;
/* Prepare the connection address stuff */
in_addr.sin_family = AF_INET;
memcpy(&in_addr.sin_addr.s_addr, ip, 4);
in_addr.sin_port = htons(port);
/* Start a connect (non-blocking, in all likelihood) */
if ((connect(fd, (struct sockaddr *)&in_addr,
sizeof(struct sockaddr_in)) != 0) && (errno != EINPROGRESS))
goto err;
return fd;
err:
if (fd != -1)
close(fd);
return -1;
}
static char all_local_ip[] = {0x00,0x00,0x00,0x00};
static char all_local_ip[] = { 0x00, 0x00, 0x00, 0x00 };
int ip_parse_address(const char *address, const char **parsed_ip,
unsigned short *parsed_port, int accept_all_ip)
unsigned short *parsed_port, int accept_all_ip)
{
char buf[256];
struct hostent *lookup;
unsigned long port;
const char *ptr = strstr(address, ":");
const char *ip = all_local_ip;
char buf[256];
struct hostent *lookup;
unsigned long port;
const char *ptr = strstr(address, ":");
const char *ip = all_local_ip;
if(!ptr) {
/* We assume we're listening on all local interfaces and have
* only specified a port. */
if(!accept_all_ip)
return 0;
ptr = address;
goto determine_port;
}
if((ptr - address) > 255)
return 0;
memset(buf, 0, 256);
memcpy(buf, address, ptr - address);
ptr++;
if((lookup = gethostbyname(buf)) == NULL) {
/* Spit a message to differentiate between lookup failures and
* bad strings. */
fprintf(stderr, "hostname lookup for '%s' failed\n", buf);
return 0;
}
ip = lookup->h_addr_list[0];
determine_port:
if(strlen(ptr) < 1)
return 0;
if(!int_strtoul(ptr, &port) || (port > 65535))
return 0;
*parsed_ip = ip;
*parsed_port = (unsigned short)port;
return 1;
if (!ptr) {
/*
* We assume we're listening on all local interfaces and have only
* specified a port.
*/
if (!accept_all_ip)
return 0;
ptr = address;
goto determine_port;
}
if ((ptr - address) > 255)
return 0;
memset(buf, 0, 256);
memcpy(buf, address, ptr - address);
ptr++;
if ((lookup = gethostbyname(buf)) == NULL) {
/*
* Spit a message to differentiate between lookup failures and bad
* strings.
*/
fprintf(stderr, "hostname lookup for '%s' failed\n", buf);
return 0;
}
ip = lookup->h_addr_list[0];
determine_port:
if (strlen(ptr) < 1)
return 0;
if (!int_strtoul(ptr, &port) || (port > 65535))
return 0;
*parsed_ip = ip;
*parsed_port = (unsigned short)port;
return 1;
}
int ip_create_listener(const char *address)
{
const char *ip;
unsigned short port;
const char *ip;
unsigned short port;
if(!ip_parse_address(address, &ip, &port, 1))
return -1;
return ip_create_listener_split(ip, port);
if (!ip_parse_address(address, &ip, &port, 1))
return -1;
return ip_create_listener_split(ip, port);
}
int ip_create_connection(const char *address)
{
const char *ip;
unsigned short port;
const char *ip;
unsigned short port;
if(!ip_parse_address(address, &ip, &port, 0))
return -1;
return ip_create_connection_split(ip, port);
if (!ip_parse_address(address, &ip, &port, 0))
return -1;
return ip_create_connection_split(ip, port);
}
int ip_accept_connection(int listen_fd)
{
return accept(listen_fd, NULL, NULL);
return accept(listen_fd, NULL, NULL);
}
#endif /* !defined(NO_IP) */
#endif /* !defined(NO_IP) */

255
demos/tunala/sm.c
View File

@@ -2,150 +2,163 @@
#ifndef NO_TUNALA
void state_machine_init(state_machine_t *machine)
void state_machine_init(state_machine_t * machine)
{
machine->ssl = NULL;
machine->bio_intossl = machine->bio_fromssl = NULL;
buffer_init(&machine->clean_in);
buffer_init(&machine->clean_out);
buffer_init(&machine->dirty_in);
buffer_init(&machine->dirty_out);
machine->ssl = NULL;
machine->bio_intossl = machine->bio_fromssl = NULL;
buffer_init(&machine->clean_in);
buffer_init(&machine->clean_out);
buffer_init(&machine->dirty_in);
buffer_init(&machine->dirty_out);
}
void state_machine_close(state_machine_t *machine)
void state_machine_close(state_machine_t * machine)
{
if(machine->ssl)
SSL_free(machine->ssl);
/* SSL_free seems to decrement the reference counts already so doing this goes
* kaboom. */
#if 0
if(machine->bio_intossl)
BIO_free(machine->bio_intossl);
if(machine->bio_fromssl)
BIO_free(machine->bio_fromssl);
#endif
buffer_close(&machine->clean_in);
buffer_close(&machine->clean_out);
buffer_close(&machine->dirty_in);
buffer_close(&machine->dirty_out);
state_machine_init(machine);
if (machine->ssl)
SSL_free(machine->ssl);
/*
* SSL_free seems to decrement the reference counts already so doing this
* goes kaboom.
*/
# if 0
if (machine->bio_intossl)
BIO_free(machine->bio_intossl);
if (machine->bio_fromssl)
BIO_free(machine->bio_fromssl);
# endif
buffer_close(&machine->clean_in);
buffer_close(&machine->clean_out);
buffer_close(&machine->dirty_in);
buffer_close(&machine->dirty_out);
state_machine_init(machine);
}
buffer_t *state_machine_get_buffer(state_machine_t *machine, sm_buffer_t type)
buffer_t *state_machine_get_buffer(state_machine_t * machine,
sm_buffer_t type)
{
switch(type) {
case SM_CLEAN_IN:
return &machine->clean_in;
case SM_CLEAN_OUT:
return &machine->clean_out;
case SM_DIRTY_IN:
return &machine->dirty_in;
case SM_DIRTY_OUT:
return &machine->dirty_out;
default:
break;
}
/* Should never get here */
abort();
return NULL;
switch (type) {
case SM_CLEAN_IN:
return &machine->clean_in;
case SM_CLEAN_OUT:
return &machine->clean_out;
case SM_DIRTY_IN:
return &machine->dirty_in;
case SM_DIRTY_OUT:
return &machine->dirty_out;
default:
break;
}
/* Should never get here */
abort();
return NULL;
}
SSL *state_machine_get_SSL(state_machine_t *machine)
SSL *state_machine_get_SSL(state_machine_t * machine)
{
return machine->ssl;
return machine->ssl;
}
int state_machine_set_SSL(state_machine_t *machine, SSL *ssl, int is_server)
int state_machine_set_SSL(state_machine_t * machine, SSL *ssl, int is_server)
{
if(machine->ssl)
/* Shouldn't ever be set twice */
abort();
machine->ssl = ssl;
/* Create the BIOs to handle the dirty side of the SSL */
if((machine->bio_intossl = BIO_new(BIO_s_mem())) == NULL)
abort();
if((machine->bio_fromssl = BIO_new(BIO_s_mem())) == NULL)
abort();
/* Hook up the BIOs on the dirty side of the SSL */
SSL_set_bio(machine->ssl, machine->bio_intossl, machine->bio_fromssl);
if(is_server)
SSL_set_accept_state(machine->ssl);
else
SSL_set_connect_state(machine->ssl);
/* If we're the first one to generate traffic - do it now otherwise we
* go into the next select empty-handed and our peer will not send data
* but will similarly wait for us. */
return state_machine_churn(machine);
if (machine->ssl)
/* Shouldn't ever be set twice */
abort();
machine->ssl = ssl;
/* Create the BIOs to handle the dirty side of the SSL */
if ((machine->bio_intossl = BIO_new(BIO_s_mem())) == NULL)
abort();
if ((machine->bio_fromssl = BIO_new(BIO_s_mem())) == NULL)
abort();
/* Hook up the BIOs on the dirty side of the SSL */
SSL_set_bio(machine->ssl, machine->bio_intossl, machine->bio_fromssl);
if (is_server)
SSL_set_accept_state(machine->ssl);
else
SSL_set_connect_state(machine->ssl);
/*
* If we're the first one to generate traffic - do it now otherwise we go
* into the next select empty-handed and our peer will not send data but
* will similarly wait for us.
*/
return state_machine_churn(machine);
}
/* Performs the data-IO loop and returns zero if the machine should close */
int state_machine_churn(state_machine_t *machine)
int state_machine_churn(state_machine_t * machine)
{
unsigned int loop;
if(machine->ssl == NULL) {
if(buffer_empty(&machine->clean_out))
/* Time to close this state-machine altogether */
return 0;
else
/* Still buffered data on the clean side to go out */
return 1;
}
/* Do this loop twice to cover any dependencies about which precise
* order of reads and writes is required. */
for(loop = 0; loop < 2; loop++) {
buffer_to_SSL(&machine->clean_in, machine->ssl);
buffer_to_BIO(&machine->dirty_in, machine->bio_intossl);
buffer_from_SSL(&machine->clean_out, machine->ssl);
buffer_from_BIO(&machine->dirty_out, machine->bio_fromssl);
}
/* We close on the SSL side if the info callback noticed some problems
* or an SSL shutdown was underway and shutdown traffic had all been
* sent. */
if(SSL_get_app_data(machine->ssl) || (SSL_get_shutdown(machine->ssl) &&
buffer_empty(&machine->dirty_out))) {
/* Great, we can seal off the dirty side completely */
if(!state_machine_close_dirty(machine))
return 0;
}
/* Either the SSL is alive and well, or the closing process still has
* outgoing data waiting to be sent */
return 1;
unsigned int loop;
if (machine->ssl == NULL) {
if (buffer_empty(&machine->clean_out))
/* Time to close this state-machine altogether */
return 0;
else
/* Still buffered data on the clean side to go out */
return 1;
}
/*
* Do this loop twice to cover any dependencies about which precise order
* of reads and writes is required.
*/
for (loop = 0; loop < 2; loop++) {
buffer_to_SSL(&machine->clean_in, machine->ssl);
buffer_to_BIO(&machine->dirty_in, machine->bio_intossl);
buffer_from_SSL(&machine->clean_out, machine->ssl);
buffer_from_BIO(&machine->dirty_out, machine->bio_fromssl);
}
/*
* We close on the SSL side if the info callback noticed some problems or
* an SSL shutdown was underway and shutdown traffic had all been sent.
*/
if (SSL_get_app_data(machine->ssl) || (SSL_get_shutdown(machine->ssl) &&
buffer_empty(&machine->dirty_out)))
{
/* Great, we can seal off the dirty side completely */
if (!state_machine_close_dirty(machine))
return 0;
}
/*
* Either the SSL is alive and well, or the closing process still has
* outgoing data waiting to be sent
*/
return 1;
}
/* Called when the clean side of the SSL has lost its connection */
int state_machine_close_clean(state_machine_t *machine)
int state_machine_close_clean(state_machine_t * machine)
{
/* Well, first thing to do is null out the clean-side buffers - they're
* no use any more. */
buffer_close(&machine->clean_in);
buffer_close(&machine->clean_out);
/* And start an SSL shutdown */
if(machine->ssl)
SSL_shutdown(machine->ssl);
/* This is an "event", so flush the SSL of any generated traffic */
state_machine_churn(machine);
if(buffer_empty(&machine->dirty_in) &&
buffer_empty(&machine->dirty_out))
return 0;
return 1;
/*
* Well, first thing to do is null out the clean-side buffers - they're
* no use any more.
*/
buffer_close(&machine->clean_in);
buffer_close(&machine->clean_out);
/* And start an SSL shutdown */
if (machine->ssl)
SSL_shutdown(machine->ssl);
/* This is an "event", so flush the SSL of any generated traffic */
state_machine_churn(machine);
if (buffer_empty(&machine->dirty_in) && buffer_empty(&machine->dirty_out))
return 0;
return 1;
}
/* Called when the dirty side of the SSL has lost its connection. This is pretty
* terminal as all that can be left to do is send any buffered output on the
* clean side - after that, we're done. */
int state_machine_close_dirty(state_machine_t *machine)
/*
* Called when the dirty side of the SSL has lost its connection. This is
* pretty terminal as all that can be left to do is send any buffered output
* on the clean side - after that, we're done.
*/
int state_machine_close_dirty(state_machine_t * machine)
{
buffer_close(&machine->dirty_in);
buffer_close(&machine->dirty_out);
buffer_close(&machine->clean_in);
if(machine->ssl)
SSL_free(machine->ssl);
machine->ssl = NULL;
machine->bio_intossl = machine->bio_fromssl = NULL;
if(buffer_empty(&machine->clean_out))
return 0;
return 1;
buffer_close(&machine->dirty_in);
buffer_close(&machine->dirty_out);
buffer_close(&machine->clean_in);
if (machine->ssl)
SSL_free(machine->ssl);
machine->ssl = NULL;
machine->bio_intossl = machine->bio_fromssl = NULL;
if (buffer_empty(&machine->clean_out))
return 0;
return 1;
}
#endif /* !defined(NO_TUNALA) */
#endif /* !defined(NO_TUNALA) */

1928
demos/tunala/tunala.c
View File

File diff suppressed because it is too large Load Diff

342
demos/tunala/tunala.h
View File

@@ -1,146 +1,163 @@
/* Tunala ("Tunneler with a New Zealand accent")
*
* Written by Geoff Thorpe, but endorsed/supported by noone. Please use this is
* if it's useful or informative to you, but it's only here as a scratchpad for
* ideas about how you might (or might not) program with OpenSSL. If you deploy
* this is in a mission-critical environment, and have not read, understood,
* audited, and modified this code to your satisfaction, and the result is that
* all hell breaks loose and you are looking for a new employer, then it proves
* nothing except perhaps that Darwinism is alive and well. Let's just say, *I*
* don't use this in a mission-critical environment, so it would be stupid for
* anyone to assume that it is solid and/or tested enough when even its author
* doesn't place that much trust in it. You have been warned.
*
/*
* Tunala ("Tunneler with a New Zealand accent") Written by Geoff Thorpe,
* but endorsed/supported by noone. Please use this is if it's useful or
* informative to you, but it's only here as a scratchpad for ideas about how
* you might (or might not) program with OpenSSL. If you deploy this is in a
* mission-critical environment, and have not read, understood, audited, and
* modified this code to your satisfaction, and the result is that all hell
* breaks loose and you are looking for a new employer, then it proves
* nothing except perhaps that Darwinism is alive and well. Let's just say,
* *I* don't use this in a mission-critical environment, so it would be
* stupid for anyone to assume that it is solid and/or tested enough when
* even its author doesn't place that much trust in it. You have been warned.
* With thanks to Cryptographic Appliances, Inc.
*/
#ifndef _TUNALA_H
#define _TUNALA_H
# define _TUNALA_H
/* pull in autoconf fluff */
#ifndef NO_CONFIG_H
#include "config.h"
#else
/* We don't have autoconf, we have to set all of these unless a tweaked Makefile
* tells us not to ... */
# ifndef NO_CONFIG_H
# include "config.h"
# else
/*
* We don't have autoconf, we have to set all of these unless a tweaked
* Makefile tells us not to ...
*/
/* headers */
#ifndef NO_HAVE_SELECT
#define HAVE_SELECT
#endif
#ifndef NO_HAVE_SOCKET
#define HAVE_SOCKET
#endif
#ifndef NO_HAVE_UNISTD_H
#define HAVE_UNISTD_H
#endif
#ifndef NO_HAVE_FCNTL_H
#define HAVE_FCNTL_H
#endif
#ifndef NO_HAVE_LIMITS_H
#define HAVE_LIMITS_H
#endif
# ifndef NO_HAVE_SELECT
# define HAVE_SELECT
# endif
# ifndef NO_HAVE_SOCKET
# define HAVE_SOCKET
# endif
# ifndef NO_HAVE_UNISTD_H
# define HAVE_UNISTD_H
# endif
# ifndef NO_HAVE_FCNTL_H
# define HAVE_FCNTL_H
# endif
# ifndef NO_HAVE_LIMITS_H
# define HAVE_LIMITS_H
# endif
/* features */
#ifndef NO_HAVE_STRSTR
#define HAVE_STRSTR
#endif
#ifndef NO_HAVE_STRTOUL
#define HAVE_STRTOUL
#endif
#endif
# ifndef NO_HAVE_STRSTR
# define HAVE_STRSTR
# endif
# ifndef NO_HAVE_STRTOUL
# define HAVE_STRTOUL
# endif
# endif
#if !defined(HAVE_SELECT) || !defined(HAVE_SOCKET)
#error "can't build without some network basics like select() and socket()"
#endif
# if !defined(HAVE_SELECT) || !defined(HAVE_SOCKET)
# error "can't build without some network basics like select() and socket()"
# endif
#include <stdlib.h>
#ifndef NO_SYSTEM_H
#include <string.h>
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
#ifdef HAVE_LIMITS_H
#include <limits.h>
#endif
#include <netdb.h>
#include <signal.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#endif /* !defined(NO_SYSTEM_H) */
# include <stdlib.h>
# ifndef NO_SYSTEM_H
# include <string.h>
# ifdef HAVE_UNISTD_H
# include <unistd.h>
# endif
# ifdef HAVE_FCNTL_H
# include <fcntl.h>
# endif
# ifdef HAVE_LIMITS_H
# include <limits.h>
# endif
# include <netdb.h>
# include <signal.h>
# include <sys/socket.h>
# include <sys/types.h>
# include <netinet/in.h>
# endif /* !defined(NO_SYSTEM_H) */
#ifndef NO_OPENSSL
#include <openssl/err.h>
#include <openssl/engine.h>
#include <openssl/ssl.h>
#endif /* !defined(NO_OPENSSL) */
# ifndef NO_OPENSSL
# include <openssl/err.h>
# include <openssl/engine.h>
# include <openssl/ssl.h>
# endif /* !defined(NO_OPENSSL) */
#ifndef OPENSSL_NO_BUFFER
/* This is the generic "buffer" type that is used when feeding the
# ifndef OPENSSL_NO_BUFFER
/*
* This is the generic "buffer" type that is used when feeding the
* state-machine. It's basically a FIFO with respect to the "adddata" &
* "takedata" type functions that operate on it. */
#define MAX_DATA_SIZE 16384
* "takedata" type functions that operate on it.
*/
# define MAX_DATA_SIZE 16384
typedef struct _buffer_t {
unsigned char data[MAX_DATA_SIZE];
unsigned int used;
/* Statistical values - counts the total number of bytes read in and
* read out (respectively) since "buffer_init()" */
unsigned long total_in, total_out;
unsigned char data[MAX_DATA_SIZE];
unsigned int used;
/*
* Statistical values - counts the total number of bytes read in and read
* out (respectively) since "buffer_init()"
*/
unsigned long total_in, total_out;
} buffer_t;
/* Initialise a buffer structure before use */
void buffer_init(buffer_t *buf);
/* Cleanup a buffer structure - presently not needed, but if buffer_t is
* converted to using dynamic allocation, this would be required - so should be
* called to protect against an explosion of memory leaks later if the change is
* made. */
void buffer_close(buffer_t *buf);
void buffer_init(buffer_t * buf);
/*
* Cleanup a buffer structure - presently not needed, but if buffer_t is
* converted to using dynamic allocation, this would be required - so should
* be called to protect against an explosion of memory leaks later if the
* change is made.
*/
void buffer_close(buffer_t * buf);
/* Basic functions to manipulate buffers */
unsigned int buffer_used(buffer_t *buf); /* How much data in the buffer */
unsigned int buffer_unused(buffer_t *buf); /* How much space in the buffer */
int buffer_full(buffer_t *buf); /* Boolean, is it full? */
int buffer_notfull(buffer_t *buf); /* Boolean, is it not full? */
int buffer_empty(buffer_t *buf); /* Boolean, is it empty? */
int buffer_notempty(buffer_t *buf); /* Boolean, is it not empty? */
unsigned long buffer_total_in(buffer_t *buf); /* Total bytes written to buffer */
unsigned long buffer_total_out(buffer_t *buf); /* Total bytes read from buffer */
unsigned int buffer_used(buffer_t * buf); /* How much data in the buffer */
unsigned int buffer_unused(buffer_t * buf); /* How much space in the buffer */
int buffer_full(buffer_t * buf); /* Boolean, is it full? */
int buffer_notfull(buffer_t * buf); /* Boolean, is it not full? */
int buffer_empty(buffer_t * buf); /* Boolean, is it empty? */
int buffer_notempty(buffer_t * buf); /* Boolean, is it not empty? */
unsigned long buffer_total_in(buffer_t * buf); /* Total bytes written to
* buffer */
unsigned long buffer_total_out(buffer_t * buf); /* Total bytes read from
* buffer */
#if 0 /* Currently used only within buffer.c - better to expose only
* higher-level functions anyway */
/* Add data to the tail of the buffer, returns the amount that was actually
* added (so, you need to check if return value is less than size) */
unsigned int buffer_adddata(buffer_t *buf, const unsigned char *ptr,
unsigned int size);
# if 0 /* Currently used only within buffer.c -
* better to expose only higher-level
* functions anyway */
/*
* Add data to the tail of the buffer, returns the amount that was actually
* added (so, you need to check if return value is less than size)
*/
unsigned int buffer_adddata(buffer_t * buf, const unsigned char *ptr,
unsigned int size);
/* Take data from the front of the buffer (and scroll the rest forward). If
/*
* Take data from the front of the buffer (and scroll the rest forward). If
* "ptr" is NULL, this just removes data off the front of the buffer. Return
* value is the amount actually removed (can be less than size if the buffer has
* too little data). */
unsigned int buffer_takedata(buffer_t *buf, unsigned char *ptr,
unsigned int size);
* value is the amount actually removed (can be less than size if the buffer
* has too little data).
*/
unsigned int buffer_takedata(buffer_t * buf, unsigned char *ptr,
unsigned int size);
/* Flushes as much data as possible out of the "from" buffer into the "to"
* buffer. Return value is the amount moved. The amount moved can be restricted
* to a maximum by specifying "cap" - setting it to -1 means no limit. */
unsigned int buffer_tobuffer(buffer_t *to, buffer_t *from, int cap);
#endif
/*
* Flushes as much data as possible out of the "from" buffer into the "to"
* buffer. Return value is the amount moved. The amount moved can be
* restricted to a maximum by specifying "cap" - setting it to -1 means no
* limit.
*/
unsigned int buffer_tobuffer(buffer_t * to, buffer_t * from, int cap);
# endif
#ifndef NO_IP
# ifndef NO_IP
/* Read or write between a file-descriptor and a buffer */
int buffer_from_fd(buffer_t *buf, int fd);
int buffer_to_fd(buffer_t *buf, int fd);
#endif /* !defined(NO_IP) */
int buffer_from_fd(buffer_t * buf, int fd);
int buffer_to_fd(buffer_t * buf, int fd);
# endif /* !defined(NO_IP) */
#ifndef NO_OPENSSL
# ifndef NO_OPENSSL
/* Read or write between an SSL or BIO and a buffer */
void buffer_from_SSL(buffer_t *buf, SSL *ssl);
void buffer_to_SSL(buffer_t *buf, SSL *ssl);
void buffer_from_BIO(buffer_t *buf, BIO *bio);
void buffer_to_BIO(buffer_t *buf, BIO *bio);
void buffer_from_SSL(buffer_t * buf, SSL *ssl);
void buffer_to_SSL(buffer_t * buf, SSL *ssl);
void buffer_from_BIO(buffer_t * buf, BIO *bio);
void buffer_to_BIO(buffer_t * buf, BIO *bio);
/* Callbacks */
void cb_ssl_info(const SSL *s, int where, int ret);
@@ -151,66 +168,77 @@ void cb_ssl_verify_set_output(FILE *fp);
void cb_ssl_verify_set_depth(unsigned int verify_depth);
void cb_ssl_verify_set_level(unsigned int level);
RSA *cb_generate_tmp_rsa(SSL *s, int is_export, int keylength);
#endif /* !defined(NO_OPENSSL) */
#endif /* !defined(OPENSSL_NO_BUFFER) */
# endif /* !defined(NO_OPENSSL) */
# endif /* !defined(OPENSSL_NO_BUFFER) */
#ifndef NO_TUNALA
#ifdef OPENSSL_NO_BUFFER
#error "TUNALA section of tunala.h requires BUFFER support"
#endif
# ifndef NO_TUNALA
# ifdef OPENSSL_NO_BUFFER
# error "TUNALA section of tunala.h requires BUFFER support"
# endif
typedef struct _state_machine_t {
SSL *ssl;
BIO *bio_intossl;
BIO *bio_fromssl;
buffer_t clean_in, clean_out;
buffer_t dirty_in, dirty_out;
SSL *ssl;
BIO *bio_intossl;
BIO *bio_fromssl;
buffer_t clean_in, clean_out;
buffer_t dirty_in, dirty_out;
} state_machine_t;
typedef enum {
SM_CLEAN_IN, SM_CLEAN_OUT,
SM_DIRTY_IN, SM_DIRTY_OUT
SM_CLEAN_IN, SM_CLEAN_OUT,
SM_DIRTY_IN, SM_DIRTY_OUT
} sm_buffer_t;
void state_machine_init(state_machine_t *machine);
void state_machine_close(state_machine_t *machine);
buffer_t *state_machine_get_buffer(state_machine_t *machine, sm_buffer_t type);
SSL *state_machine_get_SSL(state_machine_t *machine);
int state_machine_set_SSL(state_machine_t *machine, SSL *ssl, int is_server);
void state_machine_init(state_machine_t * machine);
void state_machine_close(state_machine_t * machine);
buffer_t *state_machine_get_buffer(state_machine_t * machine,
sm_buffer_t type);
SSL *state_machine_get_SSL(state_machine_t * machine);
int state_machine_set_SSL(state_machine_t * machine, SSL *ssl, int is_server);
/* Performs the data-IO loop and returns zero if the machine should close */
int state_machine_churn(state_machine_t *machine);
/* Is used to handle closing conditions - namely when one side of the tunnel has
* closed but the other should finish flushing. */
int state_machine_close_clean(state_machine_t *machine);
int state_machine_close_dirty(state_machine_t *machine);
#endif /* !defined(NO_TUNALA) */
int state_machine_churn(state_machine_t * machine);
/*
* Is used to handle closing conditions - namely when one side of the tunnel
* has closed but the other should finish flushing.
*/
int state_machine_close_clean(state_machine_t * machine);
int state_machine_close_dirty(state_machine_t * machine);
# endif /* !defined(NO_TUNALA) */
#ifndef NO_IP
/* Initialise anything related to the networking. This includes blocking pesky
* SIGPIPE signals. */
# ifndef NO_IP
/*
* Initialise anything related to the networking. This includes blocking
* pesky SIGPIPE signals.
*/
int ip_initialise(void);
/* ip is the 4-byte ip address (eg. 127.0.0.1 is {0x7F,0x00,0x00,0x01}), port is
* the port to listen on (host byte order), and the return value is the
* file-descriptor or -1 on error. */
/*
* ip is the 4-byte ip address (eg. 127.0.0.1 is {0x7F,0x00,0x00,0x01}), port
* is the port to listen on (host byte order), and the return value is the
* file-descriptor or -1 on error.
*/
int ip_create_listener_split(const char *ip, unsigned short port);
/* Same semantics as above. */
int ip_create_connection_split(const char *ip, unsigned short port);
/* Converts a string into the ip/port before calling the above */
int ip_create_listener(const char *address);
int ip_create_connection(const char *address);
/* Just does a string conversion on its own. NB: If accept_all_ip is non-zero,
* then the address string could be just a port. Ie. it's suitable for a
* listening address but not a connecting address. */
/*
* Just does a string conversion on its own. NB: If accept_all_ip is
* non-zero, then the address string could be just a port. Ie. it's suitable
* for a listening address but not a connecting address.
*/
int ip_parse_address(const char *address, const char **parsed_ip,
unsigned short *port, int accept_all_ip);
/* Accepts an incoming connection through the listener. Assumes selects and
* what-not have deemed it an appropriate thing to do. */
unsigned short *port, int accept_all_ip);
/*
* Accepts an incoming connection through the listener. Assumes selects and
* what-not have deemed it an appropriate thing to do.
*/
int ip_accept_connection(int listen_fd);
#endif /* !defined(NO_IP) */
# endif /* !defined(NO_IP) */
/* These functions wrap up things that can be portability hassles. */
int int_strtoul(const char *str, unsigned long *val);
#ifdef HAVE_STRSTR
#define int_strstr strstr
#else
# ifdef HAVE_STRSTR
# define int_strstr strstr
# else
char *int_strstr(const char *haystack, const char *needle);
#endif
# endif
#endif /* !defined(_TUNALA_H) */
#endif /* !defined(_TUNALA_H) */

241
demos/x509/mkcert.c
View File

@@ -1,8 +1,7 @@
/* Certificate creation. Demonstrates some certificate related
* operations.
/*
* Certificate creation. Demonstrates some certificate related operations.
*/
#include <stdio.h>
#include <stdlib.h>
@@ -10,163 +9,161 @@
#include <openssl/conf.h>
#include <openssl/x509v3.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
# include <openssl/engine.h>
#endif
int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
int add_ext(X509 *cert, int nid, char *value);
int main(int argc, char **argv)
{
BIO *bio_err;
X509 *x509=NULL;
EVP_PKEY *pkey=NULL;
{
BIO *bio_err;
X509 *x509 = NULL;
EVP_PKEY *pkey = NULL;
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
bio_err=BIO_new_fp(stderr, BIO_NOCLOSE);
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
mkcert(&x509,&pkey,512,0,365);
mkcert(&x509, &pkey, 512, 0, 365);
RSA_print_fp(stdout,pkey->pkey.rsa,0);
X509_print_fp(stdout,x509);
RSA_print_fp(stdout, pkey->pkey.rsa, 0);
X509_print_fp(stdout, x509);
PEM_write_PrivateKey(stdout,pkey,NULL,NULL,0,NULL, NULL);
PEM_write_X509(stdout,x509);
PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL);
PEM_write_X509(stdout, x509);
X509_free(x509);
EVP_PKEY_free(pkey);
X509_free(x509);
EVP_PKEY_free(pkey);
#ifndef OPENSSL_NO_ENGINE
ENGINE_cleanup();
ENGINE_cleanup();
#endif
CRYPTO_cleanup_all_ex_data();
CRYPTO_cleanup_all_ex_data();
CRYPTO_mem_leaks(bio_err);
BIO_free(bio_err);
return(0);
}
CRYPTO_mem_leaks(bio_err);
BIO_free(bio_err);
return (0);
}
static void callback(int p, int n, void *arg)
{
char c='B';
{
char c = 'B';
if (p == 0) c='.';
if (p == 1) c='+';
if (p == 2) c='*';
if (p == 3) c='\n';
fputc(c,stderr);
}
if (p == 0)
c = '.';
if (p == 1)
c = '+';
if (p == 2)
c = '*';
if (p == 3)
c = '\n';
fputc(c, stderr);
}
int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days)
{
X509 *x;
EVP_PKEY *pk;
RSA *rsa;
X509_NAME *name=NULL;
if ((pkeyp == NULL) || (*pkeyp == NULL))
{
if ((pk=EVP_PKEY_new()) == NULL)
{
abort();
return(0);
}
}
else
pk= *pkeyp;
{
X509 *x;
EVP_PKEY *pk;
RSA *rsa;
X509_NAME *name = NULL;
if ((x509p == NULL) || (*x509p == NULL))
{
if ((x=X509_new()) == NULL)
goto err;
}
else
x= *x509p;
if ((pkeyp == NULL) || (*pkeyp == NULL)) {
if ((pk = EVP_PKEY_new()) == NULL) {
abort();
return (0);
}
} else
pk = *pkeyp;
rsa=RSA_generate_key(bits,RSA_F4,callback,NULL);
if (!EVP_PKEY_assign_RSA(pk,rsa))
{
abort();
goto err;
}
rsa=NULL;
if ((x509p == NULL) || (*x509p == NULL)) {
if ((x = X509_new()) == NULL)
goto err;
} else
x = *x509p;
X509_set_version(x,2);
ASN1_INTEGER_set(X509_get_serialNumber(x),serial);
X509_gmtime_adj(X509_get_notBefore(x),0);
X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
X509_set_pubkey(x,pk);
rsa = RSA_generate_key(bits, RSA_F4, callback, NULL);
if (!EVP_PKEY_assign_RSA(pk, rsa)) {
abort();
goto err;
}
rsa = NULL;
name=X509_get_subject_name(x);
X509_set_version(x, 2);
ASN1_INTEGER_set(X509_get_serialNumber(x), serial);
X509_gmtime_adj(X509_get_notBefore(x), 0);
X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * days);
X509_set_pubkey(x, pk);
/* This function creates and adds the entry, working out the
* correct string type and performing checks on its length.
* Normally we'd check the return value for errors...
*/
X509_NAME_add_entry_by_txt(name,"C",
MBSTRING_ASC, "UK", -1, -1, 0);
X509_NAME_add_entry_by_txt(name,"CN",
MBSTRING_ASC, "OpenSSL Group", -1, -1, 0);
name = X509_get_subject_name(x);
/* Its self signed so set the issuer name to be the same as the
* subject.
*/
X509_set_issuer_name(x,name);
/*
* This function creates and adds the entry, working out the correct
* string type and performing checks on its length. Normally we'd check
* the return value for errors...
*/
X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, "UK", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "CN",
MBSTRING_ASC, "OpenSSL Group", -1, -1, 0);
/* Add various extensions: standard extensions */
add_ext(x, NID_basic_constraints, "critical,CA:TRUE");
add_ext(x, NID_key_usage, "critical,keyCertSign,cRLSign");
/*
* Its self signed so set the issuer name to be the same as the subject.
*/
X509_set_issuer_name(x, name);
add_ext(x, NID_subject_key_identifier, "hash");
/* Add various extensions: standard extensions */
add_ext(x, NID_basic_constraints, "critical,CA:TRUE");
add_ext(x, NID_key_usage, "critical,keyCertSign,cRLSign");
/* Some Netscape specific extensions */
add_ext(x, NID_netscape_cert_type, "sslCA");
add_ext(x, NID_subject_key_identifier, "hash");
add_ext(x, NID_netscape_comment, "example comment extension");
/* Some Netscape specific extensions */
add_ext(x, NID_netscape_cert_type, "sslCA");
add_ext(x, NID_netscape_comment, "example comment extension");
#ifdef CUSTOM_EXT
/* Maybe even add our own extension based on existing */
{
int nid;
nid = OBJ_create("1.2.3.4", "MyAlias", "My Test Alias Extension");
X509V3_EXT_add_alias(nid, NID_netscape_comment);
add_ext(x, nid, "example comment alias");
}
/* Maybe even add our own extension based on existing */
{
int nid;
nid = OBJ_create("1.2.3.4", "MyAlias", "My Test Alias Extension");
X509V3_EXT_add_alias(nid, NID_netscape_comment);
add_ext(x, nid, "example comment alias");
}
#endif
if (!X509_sign(x,pk,EVP_sha1()))
goto err;
*x509p=x;
*pkeyp=pk;
return(1);
err:
return(0);
}
if (!X509_sign(x, pk, EVP_sha1()))
goto err;
/* Add extension using V3 code: we can set the config file as NULL
* because we wont reference any other sections.
*x509p = x;
*pkeyp = pk;
return (1);
err:
return (0);
}
/*
* Add extension using V3 code: we can set the config file as NULL because we
* wont reference any other sections.
*/
int add_ext(X509 *cert, int nid, char *value)
{
X509_EXTENSION *ex;
X509V3_CTX ctx;
/* This sets the 'context' of the extensions. */
/* No configuration database */
X509V3_set_ctx_nodb(&ctx);
/* Issuer and subject certs: both the target since it is self signed,
* no request and no CRL
*/
X509V3_set_ctx(&ctx, cert, cert, NULL, NULL, 0);
ex = X509V3_EXT_conf_nid(NULL, &ctx, nid, value);
if (!ex)
return 0;
{
X509_EXTENSION *ex;
X509V3_CTX ctx;
/* This sets the 'context' of the extensions. */
/* No configuration database */
X509V3_set_ctx_nodb(&ctx);
/*
* Issuer and subject certs: both the target since it is self signed, no
* request and no CRL
*/
X509V3_set_ctx(&ctx, cert, cert, NULL, NULL, 0);
ex = X509V3_EXT_conf_nid(NULL, &ctx, nid, value);
if (!ex)
return 0;
X509_add_ext(cert,ex,-1);
X509_EXTENSION_free(ex);
return 1;
}
X509_add_ext(cert, ex, -1);
X509_EXTENSION_free(ex);
return 1;
}

214
demos/x509/mkreq.c
View File

@@ -1,4 +1,5 @@
/* Certificate request creation. Demonstrates some request related
/*
* Certificate request creation. Demonstrates some request related
* operations.
*/
@@ -10,153 +11,158 @@
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
# include <openssl/engine.h>
#endif
int mkreq(X509_REQ **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
int add_ext(STACK_OF(X509_EXTENSION) *sk, int nid, char *value);
int main(int argc, char **argv)
{
BIO *bio_err;
X509_REQ *req=NULL;
EVP_PKEY *pkey=NULL;
{
BIO *bio_err;
X509_REQ *req = NULL;
EVP_PKEY *pkey = NULL;
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
bio_err=BIO_new_fp(stderr, BIO_NOCLOSE);
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
mkreq(&req,&pkey,512,0,365);
mkreq(&req, &pkey, 512, 0, 365);
RSA_print_fp(stdout,pkey->pkey.rsa,0);
X509_REQ_print_fp(stdout,req);
RSA_print_fp(stdout, pkey->pkey.rsa, 0);
X509_REQ_print_fp(stdout, req);
PEM_write_X509_REQ(stdout,req);
PEM_write_X509_REQ(stdout, req);
X509_REQ_free(req);
EVP_PKEY_free(pkey);
X509_REQ_free(req);
EVP_PKEY_free(pkey);
#ifndef OPENSSL_NO_ENGINE
ENGINE_cleanup();
ENGINE_cleanup();
#endif
CRYPTO_cleanup_all_ex_data();
CRYPTO_cleanup_all_ex_data();
CRYPTO_mem_leaks(bio_err);
BIO_free(bio_err);
return(0);
}
CRYPTO_mem_leaks(bio_err);
BIO_free(bio_err);
return (0);
}
static void callback(int p, int n, void *arg)
{
char c='B';
{
char c = 'B';
if (p == 0) c='.';
if (p == 1) c='+';
if (p == 2) c='*';
if (p == 3) c='\n';
fputc(c,stderr);
}
if (p == 0)
c = '.';
if (p == 1)
c = '+';
if (p == 2)
c = '*';
if (p == 3)
c = '\n';
fputc(c, stderr);
}
int mkreq(X509_REQ **req, EVP_PKEY **pkeyp, int bits, int serial, int days)
{
X509_REQ *x;
EVP_PKEY *pk;
RSA *rsa;
X509_NAME *name=NULL;
STACK_OF(X509_EXTENSION) *exts = NULL;
if ((pk=EVP_PKEY_new()) == NULL)
goto err;
{
X509_REQ *x;
EVP_PKEY *pk;
RSA *rsa;
X509_NAME *name = NULL;
STACK_OF(X509_EXTENSION) *exts = NULL;
if ((x=X509_REQ_new()) == NULL)
goto err;
if ((pk = EVP_PKEY_new()) == NULL)
goto err;
rsa=RSA_generate_key(bits,RSA_F4,callback,NULL);
if (!EVP_PKEY_assign_RSA(pk,rsa))
goto err;
if ((x = X509_REQ_new()) == NULL)
goto err;
rsa=NULL;
rsa = RSA_generate_key(bits, RSA_F4, callback, NULL);
if (!EVP_PKEY_assign_RSA(pk, rsa))
goto err;
X509_REQ_set_pubkey(x,pk);
rsa = NULL;
name=X509_REQ_get_subject_name(x);
X509_REQ_set_pubkey(x, pk);
/* This function creates and adds the entry, working out the
* correct string type and performing checks on its length.
* Normally we'd check the return value for errors...
*/
X509_NAME_add_entry_by_txt(name,"C",
MBSTRING_ASC, "UK", -1, -1, 0);
X509_NAME_add_entry_by_txt(name,"CN",
MBSTRING_ASC, "OpenSSL Group", -1, -1, 0);
name = X509_REQ_get_subject_name(x);
/*
* This function creates and adds the entry, working out the correct
* string type and performing checks on its length. Normally we'd check
* the return value for errors...
*/
X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, "UK", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "CN",
MBSTRING_ASC, "OpenSSL Group", -1, -1, 0);
#ifdef REQUEST_EXTENSIONS
/* Certificate requests can contain extensions, which can be used
* to indicate the extensions the requestor would like added to
* their certificate. CAs might ignore them however or even choke
* if they are present.
*/
/*
* Certificate requests can contain extensions, which can be used to
* indicate the extensions the requestor would like added to their
* certificate. CAs might ignore them however or even choke if they are
* present.
*/
/* For request extensions they are all packed in a single attribute.
* We save them in a STACK and add them all at once later...
*/
/*
* For request extensions they are all packed in a single attribute. We
* save them in a STACK and add them all at once later...
*/
exts = sk_X509_EXTENSION_new_null();
/* Standard extenions */
exts = sk_X509_EXTENSION_new_null();
/* Standard extenions */
add_ext(exts, NID_key_usage, "critical,digitalSignature,keyEncipherment");
add_ext(exts, NID_key_usage, "critical,digitalSignature,keyEncipherment");
/* This is a typical use for request extensions: requesting a value for
* subject alternative name.
*/
/*
* This is a typical use for request extensions: requesting a value for
* subject alternative name.
*/
add_ext(exts, NID_subject_alt_name, "email:steve@openssl.org");
add_ext(exts, NID_subject_alt_name, "email:steve@openssl.org");
/* Some Netscape specific extensions */
add_ext(exts, NID_netscape_cert_type, "client,email");
/* Some Netscape specific extensions */
add_ext(exts, NID_netscape_cert_type, "client,email");
# ifdef CUSTOM_EXT
/* Maybe even add our own extension based on existing */
{
int nid;
nid = OBJ_create("1.2.3.4", "MyAlias", "My Test Alias Extension");
X509V3_EXT_add_alias(nid, NID_netscape_comment);
add_ext(x, nid, "example comment alias");
}
# endif
/* Now we've created the extensions we add them to the request */
#ifdef CUSTOM_EXT
/* Maybe even add our own extension based on existing */
{
int nid;
nid = OBJ_create("1.2.3.4", "MyAlias", "My Test Alias Extension");
X509V3_EXT_add_alias(nid, NID_netscape_comment);
add_ext(x, nid, "example comment alias");
}
#endif
X509_REQ_add_extensions(x, exts);
/* Now we've created the extensions we add them to the request */
X509_REQ_add_extensions(x, exts);
sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
#endif
if (!X509_REQ_sign(x,pk,EVP_sha1()))
goto err;
*req=x;
*pkeyp=pk;
return(1);
err:
return(0);
}
if (!X509_REQ_sign(x, pk, EVP_sha1()))
goto err;
/* Add extension using V3 code: we can set the config file as NULL
* because we wont reference any other sections.
*req = x;
*pkeyp = pk;
return (1);
err:
return (0);
}
/*
* Add extension using V3 code: we can set the config file as NULL because we
* wont reference any other sections.
*/
int add_ext(STACK_OF(X509_EXTENSION) *sk, int nid, char *value)
{
X509_EXTENSION *ex;
ex = X509V3_EXT_conf_nid(NULL, NULL, nid, value);
if (!ex)
return 0;
sk_X509_EXTENSION_push(sk, ex);
{
X509_EXTENSION *ex;
ex = X509V3_EXT_conf_nid(NULL, NULL, nid, value);
if (!ex)
return 0;
sk_X509_EXTENSION_push(sk, ex);
return 1;
}
return 1;
}