mirror of https://github.com/lukechilds/node.git
Bert Belder
12 years ago
774 changed files with 126286 additions and 5766 deletions
@ -0,0 +1,236 @@ |
|||
$! CA - wrapper around ca to make it easier to use ... basically ca requires |
|||
$! some setup stuff to be done before you can use it and this makes |
|||
$! things easier between now and when Eric is convinced to fix it :-) |
|||
$! |
|||
$! CA -newca ... will setup the right stuff |
|||
$! CA -newreq ... will generate a certificate request |
|||
$! CA -sign ... will sign the generated request and output |
|||
$! |
|||
$! At the end of that grab newreq.pem and newcert.pem (one has the key |
|||
$! and the other the certificate) and cat them together and that is what |
|||
$! you want/need ... I'll make even this a little cleaner later. |
|||
$! |
|||
$! |
|||
$! 12-Jan-96 tjh Added more things ... including CA -signcert which |
|||
$! converts a certificate to a request and then signs it. |
|||
$! 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG |
|||
$! environment variable so this can be driven from |
|||
$! a script. |
|||
$! 25-Jul-96 eay Cleaned up filenames some more. |
|||
$! 11-Jun-96 eay Fixed a few filename missmatches. |
|||
$! 03-May-96 eay Modified to use 'openssl cmd' instead of 'cmd'. |
|||
$! 18-Apr-96 tjh Original hacking |
|||
$! |
|||
$! Tim Hudson |
|||
$! tjh@cryptsoft.com |
|||
$! |
|||
$! |
|||
$! default ssleay.cnf file has setup as per the following |
|||
$! demoCA ... where everything is stored |
|||
$ |
|||
$ IF F$TYPE(SSLEAY_CONFIG) .EQS. "" THEN SSLEAY_CONFIG := SSLLIB:SSLEAY.CNF |
|||
$ |
|||
$ DAYS = "-days 365" |
|||
$ REQ = openssl + " req " + SSLEAY_CONFIG |
|||
$ CA = openssl + " ca " + SSLEAY_CONFIG |
|||
$ VERIFY = openssl + " verify" |
|||
$ X509 = openssl + " x509" |
|||
$ PKCS12 = openssl + " pkcs12" |
|||
$ echo = "write sys$Output" |
|||
$ RET = 1 |
|||
$! |
|||
$! 2010-12-20 SMS. |
|||
$! Use a concealed logical name to reduce command line lengths, to |
|||
$! avoid DCL errors on VAX: |
|||
$! %DCL-W-TKNOVF, command element is too long - shorten |
|||
$! (Path segments like "openssl-1_0_1-stable-SNAP-20101217" accumulate |
|||
$! quickly.) |
|||
$! |
|||
$ CATOP = F$PARSE( F$ENVIRONMENT( "DEFAULT"), "[]")- "].;"+ ".demoCA.]" |
|||
$ define /translation_attributes = concealed CATOP 'CATOP' |
|||
$! |
|||
$ on error then goto clean_up |
|||
$ on control_y then goto clean_up |
|||
$! |
|||
$ CAKEY = "CATOP:[private]cakey.pem" |
|||
$ CACERT = "CATOP:[000000]cacert.pem" |
|||
$ |
|||
$ __INPUT := SYS$COMMAND |
|||
$! |
|||
$ i = 1 |
|||
$opt_loop: |
|||
$ if i .gt. 8 then goto opt_loop_end |
|||
$ |
|||
$ prog_opt = F$EDIT(P'i',"lowercase") |
|||
$ |
|||
$ IF (prog_opt .EQS. "?" .OR. prog_opt .EQS. "-h" .OR. prog_opt .EQS. "-help") |
|||
$ THEN |
|||
$ echo "usage: CA -newcert|-newreq|-newca|-sign|-verify" |
|||
$ goto clean_up |
|||
$ ENDIF |
|||
$! |
|||
$ IF (prog_opt .EQS. "-input") |
|||
$ THEN |
|||
$ ! Get input from somewhere other than SYS$COMMAND |
|||
$ i = i + 1 |
|||
$ __INPUT = P'i' |
|||
$ GOTO opt_loop_continue |
|||
$ ENDIF |
|||
$! |
|||
$ IF (prog_opt .EQS. "-newcert") |
|||
$ THEN |
|||
$ ! Create a certificate. |
|||
$ DEFINE /USER_MODE SYS$INPUT '__INPUT' |
|||
$ REQ -new -x509 -keyout newreq.pem -out newreq.pem 'DAYS' |
|||
$ RET=$STATUS |
|||
$ echo "Certificate (and private key) is in newreq.pem" |
|||
$ GOTO opt_loop_continue |
|||
$ ENDIF |
|||
$! |
|||
$ IF (prog_opt .EQS. "-newreq") |
|||
$ THEN |
|||
$ ! Create a certificate request |
|||
$ DEFINE /USER_MODE SYS$INPUT '__INPUT' |
|||
$ REQ -new -keyout newreq.pem -out newreq.pem 'DAYS' |
|||
$ RET=$STATUS |
|||
$ echo "Request (and private key) is in newreq.pem" |
|||
$ GOTO opt_loop_continue |
|||
$ ENDIF |
|||
$! |
|||
$ IF (prog_opt .EQS. "-newca") |
|||
$ THEN |
|||
$ ! If explicitly asked for or it doesn't exist then setup the directory |
|||
$ ! structure that Eric likes to manage things. |
|||
$ IF F$SEARCH( "CATOP:[000000]serial.") .EQS. "" |
|||
$ THEN |
|||
$ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[000000] |
|||
$ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[certs] |
|||
$ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[crl] |
|||
$ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[newcerts] |
|||
$ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[private] |
|||
$ |
|||
$ OPEN /WRITE ser_file CATOP:[000000]serial. |
|||
$ WRITE ser_file "01" |
|||
$ CLOSE ser_file |
|||
$ APPEND /NEW_VERSION NL: CATOP:[000000]index.txt |
|||
$ |
|||
$ ! The following is to make sure access() doesn't get confused. It |
|||
$ ! really needs one file in the directory to give correct answers... |
|||
$ COPY NLA0: CATOP:[certs].; |
|||
$ COPY NLA0: CATOP:[crl].; |
|||
$ COPY NLA0: CATOP:[newcerts].; |
|||
$ COPY NLA0: CATOP:[private].; |
|||
$ ENDIF |
|||
$! |
|||
$ IF F$SEARCH( CAKEY) .EQS. "" |
|||
$ THEN |
|||
$ READ '__INPUT' FILE - |
|||
/PROMPT="CA certificate filename (or enter to create): " |
|||
$ IF (FILE .NES. "") .AND. (F$SEARCH(FILE) .NES. "") |
|||
$ THEN |
|||
$ COPY 'FILE' 'CAKEY' |
|||
$ RET=$STATUS |
|||
$ ELSE |
|||
$ echo "Making CA certificate ..." |
|||
$ DEFINE /USER_MODE SYS$INPUT '__INPUT' |
|||
$ REQ -new -x509 -keyout 'CAKEY' -out 'CACERT' 'DAYS' |
|||
$ RET=$STATUS |
|||
$ ENDIF |
|||
$ ENDIF |
|||
$ GOTO opt_loop_continue |
|||
$ ENDIF |
|||
$! |
|||
$ IF (prog_opt .EQS. "-pkcs12") |
|||
$ THEN |
|||
$ i = i + 1 |
|||
$ cname = P'i' |
|||
$ IF cname .EQS. "" THEN cname = "My certificate" |
|||
$ PKCS12 -in newcert.pem -inkey newreq.pem -certfile 'CACERT' - |
|||
-out newcert.p12 -export -name "''cname'" |
|||
$ RET=$STATUS |
|||
$ goto clean_up |
|||
$ ENDIF |
|||
$! |
|||
$ IF (prog_opt .EQS. "-xsign") |
|||
$ THEN |
|||
$! |
|||
$ DEFINE /USER_MODE SYS$INPUT '__INPUT' |
|||
$ CA -policy policy_anything -infiles newreq.pem |
|||
$ RET=$STATUS |
|||
$ GOTO opt_loop_continue |
|||
$ ENDIF |
|||
$! |
|||
$ IF ((prog_opt .EQS. "-sign") .OR. (prog_opt .EQS. "-signreq")) |
|||
$ THEN |
|||
$! |
|||
$ DEFINE /USER_MODE SYS$INPUT '__INPUT' |
|||
$ CA -policy policy_anything -out newcert.pem -infiles newreq.pem |
|||
$ RET=$STATUS |
|||
$ type newcert.pem |
|||
$ echo "Signed certificate is in newcert.pem" |
|||
$ GOTO opt_loop_continue |
|||
$ ENDIF |
|||
$! |
|||
$ IF (prog_opt .EQS. "-signcert") |
|||
$ THEN |
|||
$! |
|||
$ echo "Cert passphrase will be requested twice - bug?" |
|||
$ DEFINE /USER_MODE SYS$INPUT '__INPUT' |
|||
$ X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem |
|||
$ DEFINE /USER_MODE SYS$INPUT '__INPUT' |
|||
$ CA -policy policy_anything -out newcert.pem -infiles tmp.pem |
|||
y |
|||
y |
|||
$ type newcert.pem |
|||
$ echo "Signed certificate is in newcert.pem" |
|||
$ GOTO opt_loop_continue |
|||
$ ENDIF |
|||
$! |
|||
$ IF (prog_opt .EQS. "-verify") |
|||
$ THEN |
|||
$! |
|||
$ i = i + 1 |
|||
$ IF (p'i' .EQS. "") |
|||
$ THEN |
|||
$ DEFINE /USER_MODE SYS$INPUT '__INPUT' |
|||
$ VERIFY "-CAfile" 'CACERT' newcert.pem |
|||
$ ELSE |
|||
$ j = i |
|||
$ verify_opt_loop: |
|||
$ IF j .GT. 8 THEN GOTO verify_opt_loop_end |
|||
$ IF p'j' .NES. "" |
|||
$ THEN |
|||
$ DEFINE /USER_MODE SYS$INPUT '__INPUT' |
|||
$ __tmp = p'j' |
|||
$ VERIFY "-CAfile" 'CACERT' '__tmp' |
|||
$ tmp=$STATUS |
|||
$ IF tmp .NE. 0 THEN RET=tmp |
|||
$ ENDIF |
|||
$ j = j + 1 |
|||
$ GOTO verify_opt_loop |
|||
$ verify_opt_loop_end: |
|||
$ ENDIF |
|||
$ |
|||
$ GOTO opt_loop_end |
|||
$ ENDIF |
|||
$! |
|||
$ IF (prog_opt .NES. "") |
|||
$ THEN |
|||
$! |
|||
$ echo "Unknown argument ''prog_opt'" |
|||
$ RET = 3 |
|||
$ goto clean_up |
|||
$ ENDIF |
|||
$ |
|||
$opt_loop_continue: |
|||
$ i = i + 1 |
|||
$ GOTO opt_loop |
|||
$ |
|||
$opt_loop_end: |
|||
$! |
|||
$clean_up: |
|||
$! |
|||
$ if f$trnlnm( "CATOP", "LNM$PROCESS") .nes. "" then - |
|||
deassign /process CATOP |
|||
$! |
|||
$ EXIT 'RET' |
@ -0,0 +1,189 @@ |
|||
#!/usr/bin/perl |
|||
# |
|||
# CA - wrapper around ca to make it easier to use ... basically ca requires |
|||
# some setup stuff to be done before you can use it and this makes |
|||
# things easier between now and when Eric is convinced to fix it :-) |
|||
# |
|||
# CA -newca ... will setup the right stuff |
|||
# CA -newreq[-nodes] ... will generate a certificate request |
|||
# CA -sign ... will sign the generated request and output |
|||
# |
|||
# At the end of that grab newreq.pem and newcert.pem (one has the key |
|||
# and the other the certificate) and cat them together and that is what |
|||
# you want/need ... I'll make even this a little cleaner later. |
|||
# |
|||
# |
|||
# 12-Jan-96 tjh Added more things ... including CA -signcert which |
|||
# converts a certificate to a request and then signs it. |
|||
# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG |
|||
# environment variable so this can be driven from |
|||
# a script. |
|||
# 25-Jul-96 eay Cleaned up filenames some more. |
|||
# 11-Jun-96 eay Fixed a few filename missmatches. |
|||
# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'. |
|||
# 18-Apr-96 tjh Original hacking |
|||
# |
|||
# Tim Hudson |
|||
# tjh@cryptsoft.com |
|||
# |
|||
|
|||
# 27-Apr-98 snh Translation into perl, fix existing CA bug. |
|||
# |
|||
# |
|||
# Steve Henson |
|||
# shenson@bigfoot.com |
|||
|
|||
# default openssl.cnf file has setup as per the following |
|||
# demoCA ... where everything is stored |
|||
|
|||
my $openssl; |
|||
if(defined $ENV{OPENSSL}) { |
|||
$openssl = $ENV{OPENSSL}; |
|||
} else { |
|||
$openssl = "openssl"; |
|||
$ENV{OPENSSL} = $openssl; |
|||
} |
|||
|
|||
$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"}; |
|||
$DAYS="-days 365"; # 1 year |
|||
$CADAYS="-days 1095"; # 3 years |
|||
$REQ="$openssl req $SSLEAY_CONFIG"; |
|||
$CA="$openssl ca $SSLEAY_CONFIG"; |
|||
$VERIFY="$openssl verify"; |
|||
$X509="$openssl x509"; |
|||
$PKCS12="$openssl pkcs12"; |
|||
|
|||
$CATOP="./demoCA"; |
|||
$CAKEY="cakey.pem"; |
|||
$CAREQ="careq.pem"; |
|||
$CACERT="cacert.pem"; |
|||
|
|||
$DIRMODE = 0777; |
|||
|
|||
$RET = 0; |
|||
|
|||
foreach (@ARGV) { |
|||
if ( /^(-\?|-h|-help)$/ ) { |
|||
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; |
|||
exit 0; |
|||
} elsif (/^-newcert$/) { |
|||
# create a certificate |
|||
system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS"); |
|||
$RET=$?; |
|||
print "Certificate is in newcert.pem, private key is in newkey.pem\n" |
|||
} elsif (/^-newreq$/) { |
|||
# create a certificate request |
|||
system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS"); |
|||
$RET=$?; |
|||
print "Request is in newreq.pem, private key is in newkey.pem\n"; |
|||
} elsif (/^-newreq-nodes$/) { |
|||
# create a certificate request |
|||
system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS"); |
|||
$RET=$?; |
|||
print "Request is in newreq.pem, private key is in newkey.pem\n"; |
|||
} elsif (/^-newca$/) { |
|||
# if explicitly asked for or it doesn't exist then setup the |
|||
# directory structure that Eric likes to manage things |
|||
$NEW="1"; |
|||
if ( "$NEW" || ! -f "${CATOP}/serial" ) { |
|||
# create the directory hierarchy |
|||
mkdir $CATOP, $DIRMODE; |
|||
mkdir "${CATOP}/certs", $DIRMODE; |
|||
mkdir "${CATOP}/crl", $DIRMODE ; |
|||
mkdir "${CATOP}/newcerts", $DIRMODE; |
|||
mkdir "${CATOP}/private", $DIRMODE; |
|||
open OUT, ">${CATOP}/index.txt"; |
|||
close OUT; |
|||
open OUT, ">${CATOP}/crlnumber"; |
|||
print OUT "01\n"; |
|||
close OUT; |
|||
} |
|||
if ( ! -f "${CATOP}/private/$CAKEY" ) { |
|||
print "CA certificate filename (or enter to create)\n"; |
|||
$FILE = <STDIN>; |
|||
|
|||
chop $FILE; |
|||
|
|||
# ask user for existing CA certificate |
|||
if ($FILE) { |
|||
cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE"); |
|||
cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE"); |
|||
$RET=$?; |
|||
} else { |
|||
print "Making CA certificate ...\n"; |
|||
system ("$REQ -new -keyout " . |
|||
"${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ"); |
|||
system ("$CA -create_serial " . |
|||
"-out ${CATOP}/$CACERT $CADAYS -batch " . |
|||
"-keyfile ${CATOP}/private/$CAKEY -selfsign " . |
|||
"-extensions v3_ca " . |
|||
"-infiles ${CATOP}/$CAREQ "); |
|||
$RET=$?; |
|||
} |
|||
} |
|||
} elsif (/^-pkcs12$/) { |
|||
my $cname = $ARGV[1]; |
|||
$cname = "My Certificate" unless defined $cname; |
|||
system ("$PKCS12 -in newcert.pem -inkey newkey.pem " . |
|||
"-certfile ${CATOP}/$CACERT -out newcert.p12 " . |
|||
"-export -name \"$cname\""); |
|||
$RET=$?; |
|||
print "PKCS #12 file is in newcert.p12\n"; |
|||
exit $RET; |
|||
} elsif (/^-xsign$/) { |
|||
system ("$CA -policy policy_anything -infiles newreq.pem"); |
|||
$RET=$?; |
|||
} elsif (/^(-sign|-signreq)$/) { |
|||
system ("$CA -policy policy_anything -out newcert.pem " . |
|||
"-infiles newreq.pem"); |
|||
$RET=$?; |
|||
print "Signed certificate is in newcert.pem\n"; |
|||
} elsif (/^(-signCA)$/) { |
|||
system ("$CA -policy policy_anything -out newcert.pem " . |
|||
"-extensions v3_ca -infiles newreq.pem"); |
|||
$RET=$?; |
|||
print "Signed CA certificate is in newcert.pem\n"; |
|||
} elsif (/^-signcert$/) { |
|||
system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " . |
|||
"-out tmp.pem"); |
|||
system ("$CA -policy policy_anything -out newcert.pem " . |
|||
"-infiles tmp.pem"); |
|||
$RET = $?; |
|||
print "Signed certificate is in newcert.pem\n"; |
|||
} elsif (/^-verify$/) { |
|||
if (shift) { |
|||
foreach $j (@ARGV) { |
|||
system ("$VERIFY -CAfile $CATOP/$CACERT $j"); |
|||
$RET=$? if ($? != 0); |
|||
} |
|||
exit $RET; |
|||
} else { |
|||
system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem"); |
|||
$RET=$?; |
|||
exit 0; |
|||
} |
|||
} else { |
|||
print STDERR "Unknown arg $_\n"; |
|||
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; |
|||
exit 1; |
|||
} |
|||
} |
|||
|
|||
exit $RET; |
|||
|
|||
sub cp_pem { |
|||
my ($infile, $outfile, $bound) = @_; |
|||
open IN, $infile; |
|||
open OUT, ">$outfile"; |
|||
my $flag = 0; |
|||
while (<IN>) { |
|||
$flag = 1 if (/^-----BEGIN.*$bound/) ; |
|||
print OUT $_ if ($flag); |
|||
if (/^-----END.*$bound/) { |
|||
close IN; |
|||
close OUT; |
|||
return; |
|||
} |
|||
} |
|||
} |
|||
|
@ -0,0 +1,189 @@ |
|||
#!/usr/local/bin/perl |
|||
# |
|||
# CA - wrapper around ca to make it easier to use ... basically ca requires |
|||
# some setup stuff to be done before you can use it and this makes |
|||
# things easier between now and when Eric is convinced to fix it :-) |
|||
# |
|||
# CA -newca ... will setup the right stuff |
|||
# CA -newreq[-nodes] ... will generate a certificate request |
|||
# CA -sign ... will sign the generated request and output |
|||
# |
|||
# At the end of that grab newreq.pem and newcert.pem (one has the key |
|||
# and the other the certificate) and cat them together and that is what |
|||
# you want/need ... I'll make even this a little cleaner later. |
|||
# |
|||
# |
|||
# 12-Jan-96 tjh Added more things ... including CA -signcert which |
|||
# converts a certificate to a request and then signs it. |
|||
# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG |
|||
# environment variable so this can be driven from |
|||
# a script. |
|||
# 25-Jul-96 eay Cleaned up filenames some more. |
|||
# 11-Jun-96 eay Fixed a few filename missmatches. |
|||
# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'. |
|||
# 18-Apr-96 tjh Original hacking |
|||
# |
|||
# Tim Hudson |
|||
# tjh@cryptsoft.com |
|||
# |
|||
|
|||
# 27-Apr-98 snh Translation into perl, fix existing CA bug. |
|||
# |
|||
# |
|||
# Steve Henson |
|||
# shenson@bigfoot.com |
|||
|
|||
# default openssl.cnf file has setup as per the following |
|||
# demoCA ... where everything is stored |
|||
|
|||
my $openssl; |
|||
if(defined $ENV{OPENSSL}) { |
|||
$openssl = $ENV{OPENSSL}; |
|||
} else { |
|||
$openssl = "openssl"; |
|||
$ENV{OPENSSL} = $openssl; |
|||
} |
|||
|
|||
$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"}; |
|||
$DAYS="-days 365"; # 1 year |
|||
$CADAYS="-days 1095"; # 3 years |
|||
$REQ="$openssl req $SSLEAY_CONFIG"; |
|||
$CA="$openssl ca $SSLEAY_CONFIG"; |
|||
$VERIFY="$openssl verify"; |
|||
$X509="$openssl x509"; |
|||
$PKCS12="$openssl pkcs12"; |
|||
|
|||
$CATOP="./demoCA"; |
|||
$CAKEY="cakey.pem"; |
|||
$CAREQ="careq.pem"; |
|||
$CACERT="cacert.pem"; |
|||
|
|||
$DIRMODE = 0777; |
|||
|
|||
$RET = 0; |
|||
|
|||
foreach (@ARGV) { |
|||
if ( /^(-\?|-h|-help)$/ ) { |
|||
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; |
|||
exit 0; |
|||
} elsif (/^-newcert$/) { |
|||
# create a certificate |
|||
system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS"); |
|||
$RET=$?; |
|||
print "Certificate is in newcert.pem, private key is in newkey.pem\n" |
|||
} elsif (/^-newreq$/) { |
|||
# create a certificate request |
|||
system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS"); |
|||
$RET=$?; |
|||
print "Request is in newreq.pem, private key is in newkey.pem\n"; |
|||
} elsif (/^-newreq-nodes$/) { |
|||
# create a certificate request |
|||
system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS"); |
|||
$RET=$?; |
|||
print "Request is in newreq.pem, private key is in newkey.pem\n"; |
|||
} elsif (/^-newca$/) { |
|||
# if explicitly asked for or it doesn't exist then setup the |
|||
# directory structure that Eric likes to manage things |
|||
$NEW="1"; |
|||
if ( "$NEW" || ! -f "${CATOP}/serial" ) { |
|||
# create the directory hierarchy |
|||
mkdir $CATOP, $DIRMODE; |
|||
mkdir "${CATOP}/certs", $DIRMODE; |
|||
mkdir "${CATOP}/crl", $DIRMODE ; |
|||
mkdir "${CATOP}/newcerts", $DIRMODE; |
|||
mkdir "${CATOP}/private", $DIRMODE; |
|||
open OUT, ">${CATOP}/index.txt"; |
|||
close OUT; |
|||
open OUT, ">${CATOP}/crlnumber"; |
|||
print OUT "01\n"; |
|||
close OUT; |
|||
} |
|||
if ( ! -f "${CATOP}/private/$CAKEY" ) { |
|||
print "CA certificate filename (or enter to create)\n"; |
|||
$FILE = <STDIN>; |
|||
|
|||
chop $FILE; |
|||
|
|||
# ask user for existing CA certificate |
|||
if ($FILE) { |
|||
cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE"); |
|||
cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE"); |
|||
$RET=$?; |
|||
} else { |
|||
print "Making CA certificate ...\n"; |
|||
system ("$REQ -new -keyout " . |
|||
"${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ"); |
|||
system ("$CA -create_serial " . |
|||
"-out ${CATOP}/$CACERT $CADAYS -batch " . |
|||
"-keyfile ${CATOP}/private/$CAKEY -selfsign " . |
|||
"-extensions v3_ca " . |
|||
"-infiles ${CATOP}/$CAREQ "); |
|||
$RET=$?; |
|||
} |
|||
} |
|||
} elsif (/^-pkcs12$/) { |
|||
my $cname = $ARGV[1]; |
|||
$cname = "My Certificate" unless defined $cname; |
|||
system ("$PKCS12 -in newcert.pem -inkey newkey.pem " . |
|||
"-certfile ${CATOP}/$CACERT -out newcert.p12 " . |
|||
"-export -name \"$cname\""); |
|||
$RET=$?; |
|||
print "PKCS #12 file is in newcert.p12\n"; |
|||
exit $RET; |
|||
} elsif (/^-xsign$/) { |
|||
system ("$CA -policy policy_anything -infiles newreq.pem"); |
|||
$RET=$?; |
|||
} elsif (/^(-sign|-signreq)$/) { |
|||
system ("$CA -policy policy_anything -out newcert.pem " . |
|||
"-infiles newreq.pem"); |
|||
$RET=$?; |
|||
print "Signed certificate is in newcert.pem\n"; |
|||
} elsif (/^(-signCA)$/) { |
|||
system ("$CA -policy policy_anything -out newcert.pem " . |
|||
"-extensions v3_ca -infiles newreq.pem"); |
|||
$RET=$?; |
|||
print "Signed CA certificate is in newcert.pem\n"; |
|||
} elsif (/^-signcert$/) { |
|||
system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " . |
|||
"-out tmp.pem"); |
|||
system ("$CA -policy policy_anything -out newcert.pem " . |
|||
"-infiles tmp.pem"); |
|||
$RET = $?; |
|||
print "Signed certificate is in newcert.pem\n"; |
|||
} elsif (/^-verify$/) { |
|||
if (shift) { |
|||
foreach $j (@ARGV) { |
|||
system ("$VERIFY -CAfile $CATOP/$CACERT $j"); |
|||
$RET=$? if ($? != 0); |
|||
} |
|||
exit $RET; |
|||
} else { |
|||
system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem"); |
|||
$RET=$?; |
|||
exit 0; |
|||
} |
|||
} else { |
|||
print STDERR "Unknown arg $_\n"; |
|||
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; |
|||
exit 1; |
|||
} |
|||
} |
|||
|
|||
exit $RET; |
|||
|
|||
sub cp_pem { |
|||
my ($infile, $outfile, $bound) = @_; |
|||
open IN, $infile; |
|||
open OUT, ">$outfile"; |
|||
my $flag = 0; |
|||
while (<IN>) { |
|||
$flag = 1 if (/^-----BEGIN.*$bound/) ; |
|||
print OUT $_ if ($flag); |
|||
if (/^-----END.*$bound/) { |
|||
close IN; |
|||
close OUT; |
|||
return; |
|||
} |
|||
} |
|||
} |
|||
|
@ -0,0 +1,198 @@ |
|||
#!/bin/sh |
|||
# |
|||
# CA - wrapper around ca to make it easier to use ... basically ca requires |
|||
# some setup stuff to be done before you can use it and this makes |
|||
# things easier between now and when Eric is convinced to fix it :-) |
|||
# |
|||
# CA -newca ... will setup the right stuff |
|||
# CA -newreq ... will generate a certificate request |
|||
# CA -sign ... will sign the generated request and output |
|||
# |
|||
# At the end of that grab newreq.pem and newcert.pem (one has the key |
|||
# and the other the certificate) and cat them together and that is what |
|||
# you want/need ... I'll make even this a little cleaner later. |
|||
# |
|||
# |
|||
# 12-Jan-96 tjh Added more things ... including CA -signcert which |
|||
# converts a certificate to a request and then signs it. |
|||
# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG |
|||
# environment variable so this can be driven from |
|||
# a script. |
|||
# 25-Jul-96 eay Cleaned up filenames some more. |
|||
# 11-Jun-96 eay Fixed a few filename missmatches. |
|||
# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'. |
|||
# 18-Apr-96 tjh Original hacking |
|||
# |
|||
# Tim Hudson |
|||
# tjh@cryptsoft.com |
|||
# |
|||
|
|||
# default openssl.cnf file has setup as per the following |
|||
# demoCA ... where everything is stored |
|||
cp_pem() { |
|||
infile=$1 |
|||
outfile=$2 |
|||
bound=$3 |
|||
flag=0 |
|||
exec <$infile; |
|||
while read line; do |
|||
if [ $flag -eq 1 ]; then |
|||
echo $line|grep "^-----END.*$bound" 2>/dev/null 1>/dev/null |
|||
if [ $? -eq 0 ] ; then |
|||
echo $line >>$outfile |
|||
break |
|||
else |
|||
echo $line >>$outfile |
|||
fi |
|||
fi |
|||
|
|||
echo $line|grep "^-----BEGIN.*$bound" 2>/dev/null 1>/dev/null |
|||
if [ $? -eq 0 ]; then |
|||
echo $line >$outfile |
|||
flag=1 |
|||
fi |
|||
done |
|||
} |
|||
|
|||
usage() { |
|||
echo "usage: $0 -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify" >&2 |
|||
} |
|||
|
|||
if [ -z "$OPENSSL" ]; then OPENSSL=openssl; fi |
|||
|
|||
if [ -z "$DAYS" ] ; then DAYS="-days 365" ; fi # 1 year |
|||
CADAYS="-days 1095" # 3 years |
|||
REQ="$OPENSSL req $SSLEAY_CONFIG" |
|||
CA="$OPENSSL ca $SSLEAY_CONFIG" |
|||
VERIFY="$OPENSSL verify" |
|||
X509="$OPENSSL x509" |
|||
PKCS12="openssl pkcs12" |
|||
|
|||
if [ -z "$CATOP" ] ; then CATOP=./demoCA ; fi |
|||
CAKEY=./cakey.pem |
|||
CAREQ=./careq.pem |
|||
CACERT=./cacert.pem |
|||
|
|||
RET=0 |
|||
|
|||
while [ "$1" != "" ] ; do |
|||
case $1 in |
|||
-\?|-h|-help) |
|||
usage |
|||
exit 0 |
|||
;; |
|||
-newcert) |
|||
# create a certificate |
|||
$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS |
|||
RET=$? |
|||
echo "Certificate is in newcert.pem, private key is in newkey.pem" |
|||
;; |
|||
-newreq) |
|||
# create a certificate request |
|||
$REQ -new -keyout newkey.pem -out newreq.pem $DAYS |
|||
RET=$? |
|||
echo "Request is in newreq.pem, private key is in newkey.pem" |
|||
;; |
|||
-newreq-nodes) |
|||
# create a certificate request |
|||
$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS |
|||
RET=$? |
|||
echo "Request (and private key) is in newreq.pem" |
|||
;; |
|||
-newca) |
|||
# if explicitly asked for or it doesn't exist then setup the directory |
|||
# structure that Eric likes to manage things |
|||
NEW="1" |
|||
if [ "$NEW" -o ! -f ${CATOP}/serial ]; then |
|||
# create the directory hierarchy |
|||
mkdir -p ${CATOP} |
|||
mkdir -p ${CATOP}/certs |
|||
mkdir -p ${CATOP}/crl |
|||
mkdir -p ${CATOP}/newcerts |
|||
mkdir -p ${CATOP}/private |
|||
touch ${CATOP}/index.txt |
|||
fi |
|||
if [ ! -f ${CATOP}/private/$CAKEY ]; then |
|||
echo "CA certificate filename (or enter to create)" |
|||
read FILE |
|||
|
|||
# ask user for existing CA certificate |
|||
if [ "$FILE" ]; then |
|||
cp_pem $FILE ${CATOP}/private/$CAKEY PRIVATE |
|||
cp_pem $FILE ${CATOP}/$CACERT CERTIFICATE |
|||
RET=$? |
|||
if [ ! -f "${CATOP}/serial" ]; then |
|||
$X509 -in ${CATOP}/$CACERT -noout -next_serial \ |
|||
-out ${CATOP}/serial |
|||
fi |
|||
else |
|||
echo "Making CA certificate ..." |
|||
$REQ -new -keyout ${CATOP}/private/$CAKEY \ |
|||
-out ${CATOP}/$CAREQ |
|||
$CA -create_serial -out ${CATOP}/$CACERT $CADAYS -batch \ |
|||
-keyfile ${CATOP}/private/$CAKEY -selfsign \ |
|||
-extensions v3_ca \ |
|||
-infiles ${CATOP}/$CAREQ |
|||
RET=$? |
|||
fi |
|||
fi |
|||
;; |
|||
-xsign) |
|||
$CA -policy policy_anything -infiles newreq.pem |
|||
RET=$? |
|||
;; |
|||
-pkcs12) |
|||
if [ -z "$2" ] ; then |
|||
CNAME="My Certificate" |
|||
else |
|||
CNAME="$2" |
|||
fi |
|||
$PKCS12 -in newcert.pem -inkey newreq.pem -certfile ${CATOP}/$CACERT \ |
|||
-out newcert.p12 -export -name "$CNAME" |
|||
RET=$? |
|||
exit $RET |
|||
;; |
|||
-sign|-signreq) |
|||
$CA -policy policy_anything -out newcert.pem -infiles newreq.pem |
|||
RET=$? |
|||
cat newcert.pem |
|||
echo "Signed certificate is in newcert.pem" |
|||
;; |
|||
-signCA) |
|||
$CA -policy policy_anything -out newcert.pem -extensions v3_ca -infiles newreq.pem |
|||
RET=$? |
|||
echo "Signed CA certificate is in newcert.pem" |
|||
;; |
|||
-signcert) |
|||
echo "Cert passphrase will be requested twice - bug?" |
|||
$X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem |
|||
$CA -policy policy_anything -out newcert.pem -infiles tmp.pem |
|||
RET=$? |
|||
cat newcert.pem |
|||
echo "Signed certificate is in newcert.pem" |
|||
;; |
|||
-verify) |
|||
shift |
|||
if [ -z "$1" ]; then |
|||
$VERIFY -CAfile $CATOP/$CACERT newcert.pem |
|||
RET=$? |
|||
else |
|||
for j |
|||
do |
|||
$VERIFY -CAfile $CATOP/$CACERT $j |
|||
if [ $? != 0 ]; then |
|||
RET=$? |
|||
fi |
|||
done |
|||
fi |
|||
exit $RET |
|||
;; |
|||
*) |
|||
echo "Unknown arg $i" >&2 |
|||
usage |
|||
exit 1 |
|||
;; |
|||
esac |
|||
shift |
|||
done |
|||
exit $RET |
File diff suppressed because it is too large
@ -0,0 +1,218 @@ |
|||
/* apps/app_rand.c */ |
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
|||
* All rights reserved. |
|||
* |
|||
* This package is an SSL implementation written |
|||
* by Eric Young (eay@cryptsoft.com). |
|||
* The implementation was written so as to conform with Netscapes SSL. |
|||
* |
|||
* This library is free for commercial and non-commercial use as long as |
|||
* the following conditions are aheared to. The following conditions |
|||
* apply to all code found in this distribution, be it the RC4, RSA, |
|||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
|||
* included with this distribution is covered by the same copyright terms |
|||
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
|||
* |
|||
* Copyright remains Eric Young's, and as such any Copyright notices in |
|||
* the code are not to be removed. |
|||
* If this package is used in a product, Eric Young should be given attribution |
|||
* as the author of the parts of the library used. |
|||
* This can be in the form of a textual message at program startup or |
|||
* in documentation (online or textual) provided with the package. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* 1. Redistributions of source code must retain the copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in the |
|||
* documentation and/or other materials provided with the distribution. |
|||
* 3. All advertising materials mentioning features or use of this software |
|||
* must display the following acknowledgement: |
|||
* "This product includes cryptographic software written by |
|||
* Eric Young (eay@cryptsoft.com)" |
|||
* The word 'cryptographic' can be left out if the rouines from the library |
|||
* being used are not cryptographic related :-). |
|||
* 4. If you include any Windows specific code (or a derivative thereof) from |
|||
* the apps directory (application code) you must include an acknowledgement: |
|||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|||
* SUCH DAMAGE. |
|||
* |
|||
* The licence and distribution terms for any publically available version or |
|||
* derivative of this code cannot be changed. i.e. this code cannot simply be |
|||
* copied and put under another distribution licence |
|||
* [including the GNU Public Licence.] |
|||
*/ |
|||
/* ====================================================================
|
|||
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* |
|||
* 1. Redistributions of source code must retain the above copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in |
|||
* the documentation and/or other materials provided with the |
|||
* distribution. |
|||
* |
|||
* 3. All advertising materials mentioning features or use of this |
|||
* software must display the following acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
|||
* |
|||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|||
* endorse or promote products derived from this software without |
|||
* prior written permission. For written permission, please contact |
|||
* openssl-core@openssl.org. |
|||
* |
|||
* 5. Products derived from this software may not be called "OpenSSL" |
|||
* nor may "OpenSSL" appear in their names without prior written |
|||
* permission of the OpenSSL Project. |
|||
* |
|||
* 6. Redistributions of any form whatsoever must retain the following |
|||
* acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|||
* OF THE POSSIBILITY OF SUCH DAMAGE. |
|||
* ==================================================================== |
|||
* |
|||
* This product includes cryptographic software written by Eric Young |
|||
* (eay@cryptsoft.com). This product includes software written by Tim |
|||
* Hudson (tjh@cryptsoft.com). |
|||
* |
|||
*/ |
|||
|
|||
#define NON_MAIN |
|||
#include "apps.h" |
|||
#undef NON_MAIN |
|||
#include <openssl/bio.h> |
|||
#include <openssl/rand.h> |
|||
|
|||
|
|||
static int seeded = 0; |
|||
static int egdsocket = 0; |
|||
|
|||
int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn) |
|||
{ |
|||
int consider_randfile = (file == NULL); |
|||
char buffer[200]; |
|||
|
|||
#ifdef OPENSSL_SYS_WINDOWS |
|||
BIO_printf(bio_e,"Loading 'screen' into random state -"); |
|||
BIO_flush(bio_e); |
|||
RAND_screen(); |
|||
BIO_printf(bio_e," done\n"); |
|||
#endif |
|||
|
|||
if (file == NULL) |
|||
file = RAND_file_name(buffer, sizeof buffer); |
|||
else if (RAND_egd(file) > 0) |
|||
{ |
|||
/* we try if the given filename is an EGD socket.
|
|||
if it is, we don't write anything back to the file. */ |
|||
egdsocket = 1; |
|||
return 1; |
|||
} |
|||
if (file == NULL || !RAND_load_file(file, -1)) |
|||
{ |
|||
if (RAND_status() == 0) |
|||
{ |
|||
if (!dont_warn) |
|||
{ |
|||
BIO_printf(bio_e,"unable to load 'random state'\n"); |
|||
BIO_printf(bio_e,"This means that the random number generator has not been seeded\n"); |
|||
BIO_printf(bio_e,"with much random data.\n"); |
|||
if (consider_randfile) /* explanation does not apply when a file is explicitly named */ |
|||
{ |
|||
BIO_printf(bio_e,"Consider setting the RANDFILE environment variable to point at a file that\n"); |
|||
BIO_printf(bio_e,"'random' data can be kept in (the file will be overwritten).\n"); |
|||
} |
|||
} |
|||
return 0; |
|||
} |
|||
} |
|||
seeded = 1; |
|||
return 1; |
|||
} |
|||
|
|||
long app_RAND_load_files(char *name) |
|||
{ |
|||
char *p,*n; |
|||
int last; |
|||
long tot=0; |
|||
int egd; |
|||
|
|||
for (;;) |
|||
{ |
|||
last=0; |
|||
for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++); |
|||
if (*p == '\0') last=1; |
|||
*p='\0'; |
|||
n=name; |
|||
name=p+1; |
|||
if (*n == '\0') break; |
|||
|
|||
egd=RAND_egd(n); |
|||
if (egd > 0) |
|||
tot+=egd; |
|||
else |
|||
tot+=RAND_load_file(n,-1); |
|||
if (last) break; |
|||
} |
|||
if (tot > 512) |
|||
app_RAND_allow_write_file(); |
|||
return(tot); |
|||
} |
|||
|
|||
int app_RAND_write_file(const char *file, BIO *bio_e) |
|||
{ |
|||
char buffer[200]; |
|||
|
|||
if (egdsocket || !seeded) |
|||
/* If we did not manage to read the seed file,
|
|||
* we should not write a low-entropy seed file back -- |
|||
* it would suppress a crucial warning the next time |
|||
* we want to use it. */ |
|||
return 0; |
|||
|
|||
if (file == NULL) |
|||
file = RAND_file_name(buffer, sizeof buffer); |
|||
if (file == NULL || !RAND_write_file(file)) |
|||
{ |
|||
BIO_printf(bio_e,"unable to write 'random state'\n"); |
|||
return 0; |
|||
} |
|||
return 1; |
|||
} |
|||
|
|||
void app_RAND_allow_write_file(void) |
|||
{ |
|||
seeded = 1; |
|||
} |
File diff suppressed because it is too large
@ -0,0 +1,373 @@ |
|||
/* apps/apps.h */ |
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
|||
* All rights reserved. |
|||
* |
|||
* This package is an SSL implementation written |
|||
* by Eric Young (eay@cryptsoft.com). |
|||
* The implementation was written so as to conform with Netscapes SSL. |
|||
* |
|||
* This library is free for commercial and non-commercial use as long as |
|||
* the following conditions are aheared to. The following conditions |
|||
* apply to all code found in this distribution, be it the RC4, RSA, |
|||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
|||
* included with this distribution is covered by the same copyright terms |
|||
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
|||
* |
|||
* Copyright remains Eric Young's, and as such any Copyright notices in |
|||
* the code are not to be removed. |
|||
* If this package is used in a product, Eric Young should be given attribution |
|||
* as the author of the parts of the library used. |
|||
* This can be in the form of a textual message at program startup or |
|||
* in documentation (online or textual) provided with the package. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* 1. Redistributions of source code must retain the copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in the |
|||
* documentation and/or other materials provided with the distribution. |
|||
* 3. All advertising materials mentioning features or use of this software |
|||
* must display the following acknowledgement: |
|||
* "This product includes cryptographic software written by |
|||
* Eric Young (eay@cryptsoft.com)" |
|||
* The word 'cryptographic' can be left out if the rouines from the library |
|||
* being used are not cryptographic related :-). |
|||
* 4. If you include any Windows specific code (or a derivative thereof) from |
|||
* the apps directory (application code) you must include an acknowledgement: |
|||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|||
* SUCH DAMAGE. |
|||
* |
|||
* The licence and distribution terms for any publically available version or |
|||
* derivative of this code cannot be changed. i.e. this code cannot simply be |
|||
* copied and put under another distribution licence |
|||
* [including the GNU Public Licence.] |
|||
*/ |
|||
/* ====================================================================
|
|||
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* |
|||
* 1. Redistributions of source code must retain the above copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in |
|||
* the documentation and/or other materials provided with the |
|||
* distribution. |
|||
* |
|||
* 3. All advertising materials mentioning features or use of this |
|||
* software must display the following acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
|||
* |
|||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|||
* endorse or promote products derived from this software without |
|||
* prior written permission. For written permission, please contact |
|||
* openssl-core@openssl.org. |
|||
* |
|||
* 5. Products derived from this software may not be called "OpenSSL" |
|||
* nor may "OpenSSL" appear in their names without prior written |
|||
* permission of the OpenSSL Project. |
|||
* |
|||
* 6. Redistributions of any form whatsoever must retain the following |
|||
* acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|||
* OF THE POSSIBILITY OF SUCH DAMAGE. |
|||
* ==================================================================== |
|||
* |
|||
* This product includes cryptographic software written by Eric Young |
|||
* (eay@cryptsoft.com). This product includes software written by Tim |
|||
* Hudson (tjh@cryptsoft.com). |
|||
* |
|||
*/ |
|||
|
|||
#ifndef HEADER_APPS_H |
|||
#define HEADER_APPS_H |
|||
|
|||
#include "e_os.h" |
|||
|
|||
#include <openssl/bio.h> |
|||
#include <openssl/x509.h> |
|||
#include <openssl/lhash.h> |
|||
#include <openssl/conf.h> |
|||
#include <openssl/txt_db.h> |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
#include <openssl/engine.h> |
|||
#endif |
|||
#ifndef OPENSSL_NO_OCSP |
|||
#include <openssl/ocsp.h> |
|||
#endif |
|||
#include <openssl/ossl_typ.h> |
|||
|
|||
int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn); |
|||
int app_RAND_write_file(const char *file, BIO *bio_e); |
|||
/* When `file' is NULL, use defaults.
|
|||
* `bio_e' is for error messages. */ |
|||
void app_RAND_allow_write_file(void); |
|||
long app_RAND_load_files(char *file); /* `file' is a list of files to read,
|
|||
* separated by LIST_SEPARATOR_CHAR |
|||
* (see e_os.h). The string is |
|||
* destroyed! */ |
|||
|
|||
#ifndef MONOLITH |
|||
|
|||
#define MAIN(a,v) main(a,v) |
|||
|
|||
#ifndef NON_MAIN |
|||
CONF *config=NULL; |
|||
BIO *bio_err=NULL; |
|||
#else |
|||
extern CONF *config; |
|||
extern BIO *bio_err; |
|||
#endif |
|||
|
|||
#else |
|||
|
|||
#define MAIN(a,v) PROG(a,v) |
|||
extern CONF *config; |
|||
extern char *default_config_file; |
|||
extern BIO *bio_err; |
|||
|
|||
#endif |
|||
|
|||
#ifndef OPENSSL_SYS_NETWARE |
|||
#include <signal.h> |
|||
#endif |
|||
|
|||
#ifdef SIGPIPE |
|||
#define do_pipe_sig() signal(SIGPIPE,SIG_IGN) |
|||
#else |
|||
#define do_pipe_sig() |
|||
#endif |
|||
|
|||
#ifdef OPENSSL_NO_COMP |
|||
#define zlib_cleanup() |
|||
#else |
|||
#define zlib_cleanup() COMP_zlib_cleanup() |
|||
#endif |
|||
|
|||
#if defined(MONOLITH) && !defined(OPENSSL_C) |
|||
# define apps_startup() \ |
|||
do_pipe_sig() |
|||
# define apps_shutdown() |
|||
#else |
|||
# ifndef OPENSSL_NO_ENGINE |
|||
# define apps_startup() \ |
|||
do { do_pipe_sig(); CRYPTO_malloc_init(); \ |
|||
ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ |
|||
ENGINE_load_builtin_engines(); setup_ui_method(); } while(0) |
|||
# define apps_shutdown() \ |
|||
do { CONF_modules_unload(1); destroy_ui_method(); \ |
|||
OBJ_cleanup(); EVP_cleanup(); ENGINE_cleanup(); \ |
|||
CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \ |
|||
ERR_free_strings(); zlib_cleanup();} while(0) |
|||
# else |
|||
# define apps_startup() \ |
|||
do { do_pipe_sig(); CRYPTO_malloc_init(); \ |
|||
ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ |
|||
setup_ui_method(); } while(0) |
|||
# define apps_shutdown() \ |
|||
do { CONF_modules_unload(1); destroy_ui_method(); \ |
|||
OBJ_cleanup(); EVP_cleanup(); \ |
|||
CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \ |
|||
ERR_free_strings(); zlib_cleanup(); } while(0) |
|||
# endif |
|||
#endif |
|||
|
|||
#ifdef OPENSSL_SYSNAME_WIN32 |
|||
# define openssl_fdset(a,b) FD_SET((unsigned int)a, b) |
|||
#else |
|||
# define openssl_fdset(a,b) FD_SET(a, b) |
|||
#endif |
|||
|
|||
|
|||
typedef struct args_st |
|||
{ |
|||
char **data; |
|||
int count; |
|||
} ARGS; |
|||
|
|||
#define PW_MIN_LENGTH 4 |
|||
typedef struct pw_cb_data |
|||
{ |
|||
const void *password; |
|||
const char *prompt_info; |
|||
} PW_CB_DATA; |
|||
|
|||
int password_callback(char *buf, int bufsiz, int verify, |
|||
PW_CB_DATA *cb_data); |
|||
|
|||
int setup_ui_method(void); |
|||
void destroy_ui_method(void); |
|||
|
|||
int should_retry(int i); |
|||
int args_from_file(char *file, int *argc, char **argv[]); |
|||
int str2fmt(char *s); |
|||
void program_name(char *in,char *out,int size); |
|||
int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]); |
|||
#ifdef HEADER_X509_H |
|||
int dump_cert_text(BIO *out, X509 *x); |
|||
void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags); |
|||
#endif |
|||
int set_cert_ex(unsigned long *flags, const char *arg); |
|||
int set_name_ex(unsigned long *flags, const char *arg); |
|||
int set_ext_copy(int *copy_type, const char *arg); |
|||
int copy_extensions(X509 *x, X509_REQ *req, int copy_type); |
|||
int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2); |
|||
int add_oid_section(BIO *err, CONF *conf); |
|||
X509 *load_cert(BIO *err, const char *file, int format, |
|||
const char *pass, ENGINE *e, const char *cert_descrip); |
|||
EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin, |
|||
const char *pass, ENGINE *e, const char *key_descrip); |
|||
EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, |
|||
const char *pass, ENGINE *e, const char *key_descrip); |
|||
STACK_OF(X509) *load_certs(BIO *err, const char *file, int format, |
|||
const char *pass, ENGINE *e, const char *cert_descrip); |
|||
STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format, |
|||
const char *pass, ENGINE *e, const char *cert_descrip); |
|||
X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath); |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
ENGINE *setup_engine(BIO *err, const char *engine, int debug); |
|||
#endif |
|||
|
|||
#ifndef OPENSSL_NO_OCSP |
|||
OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req, |
|||
char *host, char *path, char *port, int use_ssl, |
|||
STACK_OF(CONF_VALUE) *headers, |
|||
int req_timeout); |
|||
#endif |
|||
|
|||
int load_config(BIO *err, CONF *cnf); |
|||
char *make_config_name(void); |
|||
|
|||
/* Functions defined in ca.c and also used in ocsp.c */ |
|||
int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, |
|||
ASN1_GENERALIZEDTIME **pinvtm, const char *str); |
|||
|
|||
#define DB_type 0 |
|||
#define DB_exp_date 1 |
|||
#define DB_rev_date 2 |
|||
#define DB_serial 3 /* index - unique */ |
|||
#define DB_file 4 |
|||
#define DB_name 5 /* index - unique when active and not disabled */ |
|||
#define DB_NUMBER 6 |
|||
|
|||
#define DB_TYPE_REV 'R' |
|||
#define DB_TYPE_EXP 'E' |
|||
#define DB_TYPE_VAL 'V' |
|||
|
|||
typedef struct db_attr_st |
|||
{ |
|||
int unique_subject; |
|||
} DB_ATTR; |
|||
typedef struct ca_db_st |
|||
{ |
|||
DB_ATTR attributes; |
|||
TXT_DB *db; |
|||
} CA_DB; |
|||
|
|||
BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai); |
|||
int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai); |
|||
int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix); |
|||
int rand_serial(BIGNUM *b, ASN1_INTEGER *ai); |
|||
CA_DB *load_index(char *dbfile, DB_ATTR *dbattr); |
|||
int index_index(CA_DB *db); |
|||
int save_index(const char *dbfile, const char *suffix, CA_DB *db); |
|||
int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix); |
|||
void free_index(CA_DB *db); |
|||
#define index_name_cmp_noconst(a, b) \ |
|||
index_name_cmp((const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, a), \ |
|||
(const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, b)) |
|||
int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b); |
|||
int parse_yesno(const char *str, int def); |
|||
|
|||
X509_NAME *parse_name(char *str, long chtype, int multirdn); |
|||
int args_verify(char ***pargs, int *pargc, |
|||
int *badarg, BIO *err, X509_VERIFY_PARAM **pm); |
|||
void policies_print(BIO *out, X509_STORE_CTX *ctx); |
|||
int bio_to_mem(unsigned char **out, int maxlen, BIO *in); |
|||
int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value); |
|||
int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx, |
|||
const char *algname, ENGINE *e, int do_param); |
|||
int do_X509_sign(BIO *err, X509 *x, EVP_PKEY *pkey, const EVP_MD *md, |
|||
STACK_OF(OPENSSL_STRING) *sigopts); |
|||
int do_X509_REQ_sign(BIO *err, X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md, |
|||
STACK_OF(OPENSSL_STRING) *sigopts); |
|||
int do_X509_CRL_sign(BIO *err, X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md, |
|||
STACK_OF(OPENSSL_STRING) *sigopts); |
|||
#ifndef OPENSSL_NO_PSK |
|||
extern char *psk_key; |
|||
#endif |
|||
#ifndef OPENSSL_NO_JPAKE |
|||
void jpake_client_auth(BIO *out, BIO *conn, const char *secret); |
|||
void jpake_server_auth(BIO *out, BIO *conn, const char *secret); |
|||
#endif |
|||
|
|||
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) |
|||
unsigned char *next_protos_parse(unsigned short *outlen, const char *in); |
|||
#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */ |
|||
|
|||
#define FORMAT_UNDEF 0 |
|||
#define FORMAT_ASN1 1 |
|||
#define FORMAT_TEXT 2 |
|||
#define FORMAT_PEM 3 |
|||
#define FORMAT_NETSCAPE 4 |
|||
#define FORMAT_PKCS12 5 |
|||
#define FORMAT_SMIME 6 |
|||
#define FORMAT_ENGINE 7 |
|||
#define FORMAT_IISSGC 8 /* XXX this stupid macro helps us to avoid |
|||
* adding yet another param to load_*key() */ |
|||
#define FORMAT_PEMRSA 9 /* PEM RSAPubicKey format */ |
|||
#define FORMAT_ASN1RSA 10 /* DER RSAPubicKey format */ |
|||
#define FORMAT_MSBLOB 11 /* MS Key blob format */ |
|||
#define FORMAT_PVK 12 /* MS PVK file format */ |
|||
|
|||
#define EXT_COPY_NONE 0 |
|||
#define EXT_COPY_ADD 1 |
|||
#define EXT_COPY_ALL 2 |
|||
|
|||
#define NETSCAPE_CERT_HDR "certificate" |
|||
|
|||
#define APP_PASS_LEN 1024 |
|||
|
|||
#define SERIAL_RAND_BITS 64 |
|||
|
|||
int app_isdir(const char *); |
|||
int raw_read_stdin(void *,int); |
|||
int raw_write_stdout(const void *,int); |
|||
|
|||
#define TM_START 0 |
|||
#define TM_STOP 1 |
|||
double app_tminterval (int stop,int usertime); |
|||
|
|||
#define OPENSSL_NO_SSL_INTERN |
|||
|
|||
#endif |
@ -0,0 +1,445 @@ |
|||
/* apps/asn1pars.c */ |
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
|||
* All rights reserved. |
|||
* |
|||
* This package is an SSL implementation written |
|||
* by Eric Young (eay@cryptsoft.com). |
|||
* The implementation was written so as to conform with Netscapes SSL. |
|||
* |
|||
* This library is free for commercial and non-commercial use as long as |
|||
* the following conditions are aheared to. The following conditions |
|||
* apply to all code found in this distribution, be it the RC4, RSA, |
|||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
|||
* included with this distribution is covered by the same copyright terms |
|||
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
|||
* |
|||
* Copyright remains Eric Young's, and as such any Copyright notices in |
|||
* the code are not to be removed. |
|||
* If this package is used in a product, Eric Young should be given attribution |
|||
* as the author of the parts of the library used. |
|||
* This can be in the form of a textual message at program startup or |
|||
* in documentation (online or textual) provided with the package. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* 1. Redistributions of source code must retain the copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in the |
|||
* documentation and/or other materials provided with the distribution. |
|||
* 3. All advertising materials mentioning features or use of this software |
|||
* must display the following acknowledgement: |
|||
* "This product includes cryptographic software written by |
|||
* Eric Young (eay@cryptsoft.com)" |
|||
* The word 'cryptographic' can be left out if the rouines from the library |
|||
* being used are not cryptographic related :-). |
|||
* 4. If you include any Windows specific code (or a derivative thereof) from |
|||
* the apps directory (application code) you must include an acknowledgement: |
|||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|||
* SUCH DAMAGE. |
|||
* |
|||
* The licence and distribution terms for any publically available version or |
|||
* derivative of this code cannot be changed. i.e. this code cannot simply be |
|||
* copied and put under another distribution licence |
|||
* [including the GNU Public Licence.] |
|||
*/ |
|||
|
|||
/* A nice addition from Dr Stephen Henson <steve@openssl.org> to
|
|||
* add the -strparse option which parses nested binary structures |
|||
*/ |
|||
|
|||
#include <stdio.h> |
|||
#include <stdlib.h> |
|||
#include <string.h> |
|||
#include "apps.h" |
|||
#include <openssl/err.h> |
|||
#include <openssl/evp.h> |
|||
#include <openssl/x509.h> |
|||
#include <openssl/pem.h> |
|||
|
|||
/* -inform arg - input format - default PEM (DER or PEM)
|
|||
* -in arg - input file - default stdin |
|||
* -i - indent the details by depth |
|||
* -offset - where in the file to start |
|||
* -length - how many bytes to use |
|||
* -oid file - extra oid description file |
|||
*/ |
|||
|
|||
#undef PROG |
|||
#define PROG asn1parse_main |
|||
|
|||
int MAIN(int, char **); |
|||
|
|||
static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
int i,badops=0,offset=0,ret=1,j; |
|||
unsigned int length=0; |
|||
long num,tmplen; |
|||
BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL; |
|||
int informat,indent=0, noout = 0, dump = 0; |
|||
char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL; |
|||
char *genstr=NULL, *genconf=NULL; |
|||
unsigned char *tmpbuf; |
|||
const unsigned char *ctmpbuf; |
|||
BUF_MEM *buf=NULL; |
|||
STACK_OF(OPENSSL_STRING) *osk=NULL; |
|||
ASN1_TYPE *at=NULL; |
|||
|
|||
informat=FORMAT_PEM; |
|||
|
|||
apps_startup(); |
|||
|
|||
if (bio_err == NULL) |
|||
if ((bio_err=BIO_new(BIO_s_file())) != NULL) |
|||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); |
|||
|
|||
if (!load_config(bio_err, NULL)) |
|||
goto end; |
|||
|
|||
prog=argv[0]; |
|||
argc--; |
|||
argv++; |
|||
if ((osk=sk_OPENSSL_STRING_new_null()) == NULL) |
|||
{ |
|||
BIO_printf(bio_err,"Memory allocation failure\n"); |
|||
goto end; |
|||
} |
|||
while (argc >= 1) |
|||
{ |
|||
if (strcmp(*argv,"-inform") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
informat=str2fmt(*(++argv)); |
|||
} |
|||
else if (strcmp(*argv,"-in") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
infile= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-out") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
derfile= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-i") == 0) |
|||
{ |
|||
indent=1; |
|||
} |
|||
else if (strcmp(*argv,"-noout") == 0) noout = 1; |
|||
else if (strcmp(*argv,"-oid") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
oidfile= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-offset") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
offset= atoi(*(++argv)); |
|||
} |
|||
else if (strcmp(*argv,"-length") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
length= atoi(*(++argv)); |
|||
if (length == 0) goto bad; |
|||
} |
|||
else if (strcmp(*argv,"-dump") == 0) |
|||
{ |
|||
dump= -1; |
|||
} |
|||
else if (strcmp(*argv,"-dlimit") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
dump= atoi(*(++argv)); |
|||
if (dump <= 0) goto bad; |
|||
} |
|||
else if (strcmp(*argv,"-strparse") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
sk_OPENSSL_STRING_push(osk,*(++argv)); |
|||
} |
|||
else if (strcmp(*argv,"-genstr") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
genstr= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-genconf") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
genconf= *(++argv); |
|||
} |
|||
else |
|||
{ |
|||
BIO_printf(bio_err,"unknown option %s\n",*argv); |
|||
badops=1; |
|||
break; |
|||
} |
|||
argc--; |
|||
argv++; |
|||
} |
|||
|
|||
if (badops) |
|||
{ |
|||
bad: |
|||
BIO_printf(bio_err,"%s [options] <infile\n",prog); |
|||
BIO_printf(bio_err,"where options are\n"); |
|||
BIO_printf(bio_err," -inform arg input format - one of DER PEM\n"); |
|||
BIO_printf(bio_err," -in arg input file\n"); |
|||
BIO_printf(bio_err," -out arg output file (output format is always DER\n"); |
|||
BIO_printf(bio_err," -noout arg don't produce any output\n"); |
|||
BIO_printf(bio_err," -offset arg offset into file\n"); |
|||
BIO_printf(bio_err," -length arg length of section in file\n"); |
|||
BIO_printf(bio_err," -i indent entries\n"); |
|||
BIO_printf(bio_err," -dump dump unknown data in hex form\n"); |
|||
BIO_printf(bio_err," -dlimit arg dump the first arg bytes of unknown data in hex form\n"); |
|||
BIO_printf(bio_err," -oid file file of extra oid definitions\n"); |
|||
BIO_printf(bio_err," -strparse offset\n"); |
|||
BIO_printf(bio_err," a series of these can be used to 'dig' into multiple\n"); |
|||
BIO_printf(bio_err," ASN1 blob wrappings\n"); |
|||
BIO_printf(bio_err," -genstr str string to generate ASN1 structure from\n"); |
|||
BIO_printf(bio_err," -genconf file file to generate ASN1 structure from\n"); |
|||
goto end; |
|||
} |
|||
|
|||
ERR_load_crypto_strings(); |
|||
|
|||
in=BIO_new(BIO_s_file()); |
|||
out=BIO_new(BIO_s_file()); |
|||
if ((in == NULL) || (out == NULL)) |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
out = BIO_push(tmpbio, out); |
|||
} |
|||
#endif |
|||
|
|||
if (oidfile != NULL) |
|||
{ |
|||
if (BIO_read_filename(in,oidfile) <= 0) |
|||
{ |
|||
BIO_printf(bio_err,"problems opening %s\n",oidfile); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
OBJ_create_objects(in); |
|||
} |
|||
|
|||
if (infile == NULL) |
|||
BIO_set_fp(in,stdin,BIO_NOCLOSE); |
|||
else |
|||
{ |
|||
if (BIO_read_filename(in,infile) <= 0) |
|||
{ |
|||
perror(infile); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
if (derfile) { |
|||
if(!(derout = BIO_new_file(derfile, "wb"))) { |
|||
BIO_printf(bio_err,"problems opening %s\n",derfile); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
if ((buf=BUF_MEM_new()) == NULL) goto end; |
|||
if (!BUF_MEM_grow(buf,BUFSIZ*8)) goto end; /* Pre-allocate :-) */ |
|||
|
|||
if (genstr || genconf) |
|||
{ |
|||
num = do_generate(bio_err, genstr, genconf, buf); |
|||
if (num < 0) |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
else |
|||
{ |
|||
|
|||
if (informat == FORMAT_PEM) |
|||
{ |
|||
BIO *tmp; |
|||
|
|||
if ((b64=BIO_new(BIO_f_base64())) == NULL) |
|||
goto end; |
|||
BIO_push(b64,in); |
|||
tmp=in; |
|||
in=b64; |
|||
b64=tmp; |
|||
} |
|||
|
|||
num=0; |
|||
for (;;) |
|||
{ |
|||
if (!BUF_MEM_grow(buf,(int)num+BUFSIZ)) goto end; |
|||
i=BIO_read(in,&(buf->data[num]),BUFSIZ); |
|||
if (i <= 0) break; |
|||
num+=i; |
|||
} |
|||
} |
|||
str=buf->data; |
|||
|
|||
/* If any structs to parse go through in sequence */ |
|||
|
|||
if (sk_OPENSSL_STRING_num(osk)) |
|||
{ |
|||
tmpbuf=(unsigned char *)str; |
|||
tmplen=num; |
|||
for (i=0; i<sk_OPENSSL_STRING_num(osk); i++) |
|||
{ |
|||
ASN1_TYPE *atmp; |
|||
int typ; |
|||
j=atoi(sk_OPENSSL_STRING_value(osk,i)); |
|||
if (j == 0) |
|||
{ |
|||
BIO_printf(bio_err,"'%s' is an invalid number\n",sk_OPENSSL_STRING_value(osk,i)); |
|||
continue; |
|||
} |
|||
tmpbuf+=j; |
|||
tmplen-=j; |
|||
atmp = at; |
|||
ctmpbuf = tmpbuf; |
|||
at = d2i_ASN1_TYPE(NULL,&ctmpbuf,tmplen); |
|||
ASN1_TYPE_free(atmp); |
|||
if(!at) |
|||
{ |
|||
BIO_printf(bio_err,"Error parsing structure\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
typ = ASN1_TYPE_get(at); |
|||
if ((typ == V_ASN1_OBJECT) |
|||
|| (typ == V_ASN1_NULL)) |
|||
{ |
|||
BIO_printf(bio_err, "Can't parse %s type\n", |
|||
typ == V_ASN1_NULL ? "NULL" : "OBJECT"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
/* hmm... this is a little evil but it works */ |
|||
tmpbuf=at->value.asn1_string->data; |
|||
tmplen=at->value.asn1_string->length; |
|||
} |
|||
str=(char *)tmpbuf; |
|||
num=tmplen; |
|||
} |
|||
|
|||
if (offset >= num) |
|||
{ |
|||
BIO_printf(bio_err, "Error: offset too large\n"); |
|||
goto end; |
|||
} |
|||
|
|||
num -= offset; |
|||
|
|||
if ((length == 0) || ((long)length > num)) length=(unsigned int)num; |
|||
if(derout) { |
|||
if(BIO_write(derout, str + offset, length) != (int)length) { |
|||
BIO_printf(bio_err, "Error writing output\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
} |
|||
if (!noout && |
|||
!ASN1_parse_dump(out,(unsigned char *)&(str[offset]),length, |
|||
indent,dump)) |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
ret=0; |
|||
end: |
|||
BIO_free(derout); |
|||
if (in != NULL) BIO_free(in); |
|||
if (out != NULL) BIO_free_all(out); |
|||
if (b64 != NULL) BIO_free(b64); |
|||
if (ret != 0) |
|||
ERR_print_errors(bio_err); |
|||
if (buf != NULL) BUF_MEM_free(buf); |
|||
if (at != NULL) ASN1_TYPE_free(at); |
|||
if (osk != NULL) sk_OPENSSL_STRING_free(osk); |
|||
OBJ_cleanup(); |
|||
apps_shutdown(); |
|||
OPENSSL_EXIT(ret); |
|||
} |
|||
|
|||
static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf) |
|||
{ |
|||
CONF *cnf = NULL; |
|||
int len; |
|||
long errline; |
|||
unsigned char *p; |
|||
ASN1_TYPE *atyp = NULL; |
|||
|
|||
if (genconf) |
|||
{ |
|||
cnf = NCONF_new(NULL); |
|||
if (!NCONF_load(cnf, genconf, &errline)) |
|||
goto conferr; |
|||
if (!genstr) |
|||
genstr = NCONF_get_string(cnf, "default", "asn1"); |
|||
if (!genstr) |
|||
{ |
|||
BIO_printf(bio, "Can't find 'asn1' in '%s'\n", genconf); |
|||
goto err; |
|||
} |
|||
} |
|||
|
|||
atyp = ASN1_generate_nconf(genstr, cnf); |
|||
NCONF_free(cnf); |
|||
cnf = NULL; |
|||
|
|||
if (!atyp) |
|||
return -1; |
|||
|
|||
len = i2d_ASN1_TYPE(atyp, NULL); |
|||
|
|||
if (len <= 0) |
|||
goto err; |
|||
|
|||
if (!BUF_MEM_grow(buf,len)) |
|||
goto err; |
|||
|
|||
p=(unsigned char *)buf->data; |
|||
|
|||
i2d_ASN1_TYPE(atyp, &p); |
|||
|
|||
ASN1_TYPE_free(atyp); |
|||
return len; |
|||
|
|||
conferr: |
|||
|
|||
if (errline > 0) |
|||
BIO_printf(bio, "Error on line %ld of config file '%s'\n", |
|||
errline, genconf); |
|||
else |
|||
BIO_printf(bio, "Error loading config file '%s'\n", genconf); |
|||
|
|||
err: |
|||
NCONF_free(cnf); |
|||
ASN1_TYPE_free(atyp); |
|||
|
|||
return -1; |
|||
|
|||
} |
@ -0,0 +1 @@ |
|||
07 |
@ -0,0 +1,15 @@ |
|||
-----BEGIN RSA PRIVATE KEY----- |
|||
MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425 |
|||
gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd |
|||
2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB |
|||
AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6 |
|||
hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2 |
|||
J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs |
|||
HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL |
|||
21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s |
|||
nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz |
|||
MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa |
|||
pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb |
|||
KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2 |
|||
XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ |
|||
-----END RSA PRIVATE KEY----- |
@ -0,0 +1,11 @@ |
|||
-----BEGIN CERTIFICATE REQUEST----- |
|||
MIIBmTCCAQICAQAwWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx |
|||
GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgx |
|||
MDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgy |
|||
bTsZDCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/d |
|||
FXSv1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUe |
|||
cQU2mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAKlk7 |
|||
cxu9gCJN3/iQFyJXQ6YphaiQAT5VBXTx9ftRrQIjA3vxlDzPWGDy+V5Tqa7h8PtR |
|||
5Bn00JShII2zf0hjyjKils6x/UkWmjEiwSiFp4hR70iE8XwSNEHY2P6j6nQEIpgW |
|||
kbfgmmUqk7dl2V+ossTJ80B8SBpEhrn81V/cHxA= |
|||
-----END CERTIFICATE REQUEST----- |
File diff suppressed because it is too large
@ -0,0 +1,11 @@ |
|||
-----BEGIN CERTIFICATE----- |
|||
MIIBoDCCAUoCAQAwDQYJKoZIhvcNAQEEBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV |
|||
BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD |
|||
VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw05NzA5MDkwMzQxMjZa |
|||
Fw05NzEwMDkwMzQxMjZaMF4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0 |
|||
YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxFzAVBgNVBAMT |
|||
DkVyaWMgdGhlIFlvdW5nMFEwCQYFKw4DAgwFAANEAAJBALVEqPODnpI4rShlY8S7 |
|||
tB713JNvabvn6Gned7zylwLLiXQAo/PAT6mfdWPTyCX9RlId/Aroh1ou893BA32Q |
|||
sggwDQYJKoZIhvcNAQEEBQADQQCU5SSgapJSdRXJoX+CpCvFy+JVh9HpSjCpSNKO |
|||
19raHv98hKAUJuP9HyM+SUsffO6mAIgitUaqW8/wDMePhEC3 |
|||
-----END CERTIFICATE----- |
@ -0,0 +1,231 @@ |
|||
/* apps/ciphers.c */ |
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
|||
* All rights reserved. |
|||
* |
|||
* This package is an SSL implementation written |
|||
* by Eric Young (eay@cryptsoft.com). |
|||
* The implementation was written so as to conform with Netscapes SSL. |
|||
* |
|||
* This library is free for commercial and non-commercial use as long as |
|||
* the following conditions are aheared to. The following conditions |
|||
* apply to all code found in this distribution, be it the RC4, RSA, |
|||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
|||
* included with this distribution is covered by the same copyright terms |
|||
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
|||
* |
|||
* Copyright remains Eric Young's, and as such any Copyright notices in |
|||
* the code are not to be removed. |
|||
* If this package is used in a product, Eric Young should be given attribution |
|||
* as the author of the parts of the library used. |
|||
* This can be in the form of a textual message at program startup or |
|||
* in documentation (online or textual) provided with the package. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* 1. Redistributions of source code must retain the copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in the |
|||
* documentation and/or other materials provided with the distribution. |
|||
* 3. All advertising materials mentioning features or use of this software |
|||
* must display the following acknowledgement: |
|||
* "This product includes cryptographic software written by |
|||
* Eric Young (eay@cryptsoft.com)" |
|||
* The word 'cryptographic' can be left out if the rouines from the library |
|||
* being used are not cryptographic related :-). |
|||
* 4. If you include any Windows specific code (or a derivative thereof) from |
|||
* the apps directory (application code) you must include an acknowledgement: |
|||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|||
* SUCH DAMAGE. |
|||
* |
|||
* The licence and distribution terms for any publically available version or |
|||
* derivative of this code cannot be changed. i.e. this code cannot simply be |
|||
* copied and put under another distribution licence |
|||
* [including the GNU Public Licence.] |
|||
*/ |
|||
|
|||
#include <stdio.h> |
|||
#include <stdlib.h> |
|||
#include <string.h> |
|||
#ifdef OPENSSL_NO_STDIO |
|||
#define APPS_WIN16 |
|||
#endif |
|||
#include "apps.h" |
|||
#include <openssl/err.h> |
|||
#include <openssl/ssl.h> |
|||
|
|||
#undef PROG |
|||
#define PROG ciphers_main |
|||
|
|||
static const char *ciphers_usage[]={ |
|||
"usage: ciphers args\n", |
|||
" -v - verbose mode, a textual listing of the SSL/TLS ciphers in OpenSSL\n", |
|||
" -V - even more verbose\n", |
|||
" -ssl2 - SSL2 mode\n", |
|||
" -ssl3 - SSL3 mode\n", |
|||
" -tls1 - TLS1 mode\n", |
|||
NULL |
|||
}; |
|||
|
|||
int MAIN(int, char **); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
int ret=1,i; |
|||
int verbose=0,Verbose=0; |
|||
const char **pp; |
|||
const char *p; |
|||
int badops=0; |
|||
SSL_CTX *ctx=NULL; |
|||
SSL *ssl=NULL; |
|||
char *ciphers=NULL; |
|||
const SSL_METHOD *meth=NULL; |
|||
STACK_OF(SSL_CIPHER) *sk; |
|||
char buf[512]; |
|||
BIO *STDout=NULL; |
|||
|
|||
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) |
|||
meth=SSLv23_server_method(); |
|||
#elif !defined(OPENSSL_NO_SSL3) |
|||
meth=SSLv3_server_method(); |
|||
#elif !defined(OPENSSL_NO_SSL2) |
|||
meth=SSLv2_server_method(); |
|||
#endif |
|||
|
|||
apps_startup(); |
|||
|
|||
if (bio_err == NULL) |
|||
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); |
|||
STDout=BIO_new_fp(stdout,BIO_NOCLOSE); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
STDout = BIO_push(tmpbio, STDout); |
|||
} |
|||
#endif |
|||
if (!load_config(bio_err, NULL)) |
|||
goto end; |
|||
|
|||
argc--; |
|||
argv++; |
|||
while (argc >= 1) |
|||
{ |
|||
if (strcmp(*argv,"-v") == 0) |
|||
verbose=1; |
|||
else if (strcmp(*argv,"-V") == 0) |
|||
verbose=Verbose=1; |
|||
#ifndef OPENSSL_NO_SSL2 |
|||
else if (strcmp(*argv,"-ssl2") == 0) |
|||
meth=SSLv2_client_method(); |
|||
#endif |
|||
#ifndef OPENSSL_NO_SSL3 |
|||
else if (strcmp(*argv,"-ssl3") == 0) |
|||
meth=SSLv3_client_method(); |
|||
#endif |
|||
#ifndef OPENSSL_NO_TLS1 |
|||
else if (strcmp(*argv,"-tls1") == 0) |
|||
meth=TLSv1_client_method(); |
|||
#endif |
|||
else if ((strncmp(*argv,"-h",2) == 0) || |
|||
(strcmp(*argv,"-?") == 0)) |
|||
{ |
|||
badops=1; |
|||
break; |
|||
} |
|||
else |
|||
{ |
|||
ciphers= *argv; |
|||
} |
|||
argc--; |
|||
argv++; |
|||
} |
|||
|
|||
if (badops) |
|||
{ |
|||
for (pp=ciphers_usage; (*pp != NULL); pp++) |
|||
BIO_printf(bio_err,"%s",*pp); |
|||
goto end; |
|||
} |
|||
|
|||
OpenSSL_add_ssl_algorithms(); |
|||
|
|||
ctx=SSL_CTX_new(meth); |
|||
if (ctx == NULL) goto err; |
|||
if (ciphers != NULL) { |
|||
if(!SSL_CTX_set_cipher_list(ctx,ciphers)) { |
|||
BIO_printf(bio_err, "Error in cipher list\n"); |
|||
goto err; |
|||
} |
|||
} |
|||
ssl=SSL_new(ctx); |
|||
if (ssl == NULL) goto err; |
|||
|
|||
|
|||
if (!verbose) |
|||
{ |
|||
for (i=0; ; i++) |
|||
{ |
|||
p=SSL_get_cipher_list(ssl,i); |
|||
if (p == NULL) break; |
|||
if (i != 0) BIO_printf(STDout,":"); |
|||
BIO_printf(STDout,"%s",p); |
|||
} |
|||
BIO_printf(STDout,"\n"); |
|||
} |
|||
else /* verbose */ |
|||
{ |
|||
sk=SSL_get_ciphers(ssl); |
|||
|
|||
for (i=0; i<sk_SSL_CIPHER_num(sk); i++) |
|||
{ |
|||
SSL_CIPHER *c; |
|||
|
|||
c = sk_SSL_CIPHER_value(sk,i); |
|||
|
|||
if (Verbose) |
|||
{ |
|||
unsigned long id = SSL_CIPHER_get_id(c); |
|||
int id0 = (int)(id >> 24); |
|||
int id1 = (int)((id >> 16) & 0xffL); |
|||
int id2 = (int)((id >> 8) & 0xffL); |
|||
int id3 = (int)(id & 0xffL); |
|||
|
|||
if ((id & 0xff000000L) == 0x02000000L) |
|||
BIO_printf(STDout, " 0x%02X,0x%02X,0x%02X - ", id1, id2, id3); /* SSL2 cipher */ |
|||
else if ((id & 0xff000000L) == 0x03000000L) |
|||
BIO_printf(STDout, " 0x%02X,0x%02X - ", id2, id3); /* SSL3 cipher */ |
|||
else |
|||
BIO_printf(STDout, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */ |
|||
} |
|||
|
|||
BIO_puts(STDout,SSL_CIPHER_description(c,buf,sizeof buf)); |
|||
} |
|||
} |
|||
|
|||
ret=0; |
|||
if (0) |
|||
{ |
|||
err: |
|||
SSL_load_error_strings(); |
|||
ERR_print_errors(bio_err); |
|||
} |
|||
end: |
|||
if (ctx != NULL) SSL_CTX_free(ctx); |
|||
if (ssl != NULL) SSL_free(ssl); |
|||
if (STDout != NULL) BIO_free_all(STDout); |
|||
apps_shutdown(); |
|||
OPENSSL_EXIT(ret); |
|||
} |
|||
|
@ -0,0 +1,52 @@ |
|||
subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Client Cert |
|||
issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA |
|||
-----BEGIN CERTIFICATE----- |
|||
MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6yMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV |
|||
BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT |
|||
VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt |
|||
ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZDELMAkG |
|||
A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU |
|||
RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgQ2xpZW50IENlcnQw |
|||
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0ranbHRLcLVqN+0BzcZpY |
|||
+yOLqxzDWT1LD9eW1stC4NzXX9/DCtSIVyN7YIHdGLrIPr64IDdXXaMRzgZ2rOKs |
|||
lmHCAiFpO/ja99gGCJRxH0xwQatqAULfJVHeUhs7OEGOZc2nWifjqKvGfNTilP7D |
|||
nwi69ipQFq9oS19FmhwVHk2wg7KZGHI1qDyG04UrfCZMRitvS9+UVhPpIPjuiBi2 |
|||
x3/FZIpL5gXJvvFK6xHY63oq2asyzBATntBgnP4qJFWWcvRx24wF1PnZabxuVoL2 |
|||
bPnQ/KvONDrw3IdqkKhYNTul7jEcu3OlcZIMw+7DiaKJLAzKb/bBF5gm/pwW6As9 |
|||
AgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJYIZI |
|||
AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW |
|||
BBSZHKyLoTh7Mb409Zn/mK1ceSDAjDAfBgNVHSMEGDAWgBQ2w2yI55X+sL3szj49 |
|||
hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEAD0mL7PtPYgCEuDyOQSbLpeND5hVS |
|||
curxQdGnrJ6Acrhodb7E9ccATokeb0PLx6HBLQUicxhTZIQ9FbO43YkQcOU6C3BB |
|||
IlwskqmtN6+VmrQzNolHCDzvxNZs9lYL2VbGPGqVRyjZeHpoAlf9cQr8PgDb4d4b |
|||
vUx2KAhHQvV2nkmYvKyXcgnRuHggumF87mkxidriGAEFwH4qfOqetUg64WyxP7P2 |
|||
QLipm04SyQa7ONtIApfVXgHcE42Py4/f4arzCzMjKe3VyhGkS7nsT55X/fWgTaRm |
|||
CQPkO+H94P958WTvQDt77bQ+D3IvYaVvfil8n6HJMOJfFT0LJuSUbpSXJg== |
|||
-----END CERTIFICATE----- |
|||
-----BEGIN RSA PRIVATE KEY----- |
|||
MIIEpQIBAAKCAQEAtK2p2x0S3C1ajftAc3GaWPsji6scw1k9Sw/XltbLQuDc11/f |
|||
wwrUiFcje2CB3Ri6yD6+uCA3V12jEc4GdqzirJZhwgIhaTv42vfYBgiUcR9McEGr |
|||
agFC3yVR3lIbOzhBjmXNp1on46irxnzU4pT+w58IuvYqUBavaEtfRZocFR5NsIOy |
|||
mRhyNag8htOFK3wmTEYrb0vflFYT6SD47ogYtsd/xWSKS+YFyb7xSusR2Ot6Ktmr |
|||
MswQE57QYJz+KiRVlnL0cduMBdT52Wm8blaC9mz50PyrzjQ68NyHapCoWDU7pe4x |
|||
HLtzpXGSDMPuw4miiSwMym/2wReYJv6cFugLPQIDAQABAoIBAAZOyc9MhIwLSU4L |
|||
p4RgQvM4UVVe8/Id+3XTZ8NsXExJbWxXfIhiqGjaIfL8u4vsgRjcl+v1s/jo2/iT |
|||
KMab4o4D8gXD7UavQVDjtjb/ta79WL3SjRl2Uc9YjjMkyq6WmDNQeo2NKDdafCTB |
|||
1uzSJtLNipB8Z53ELPuHJhxX9QMHrMnuha49riQgXZ7buP9iQrHJFhImBjSzbxJx |
|||
L+TI6rkyLSf9Wi0Pd3L27Ob3QWNfNRYNSeTE+08eSRChkur5W0RuXAcuAICdQlCl |
|||
LBvWO/LmmvbzCqiDcgy/TliSb6CGGwgiNG7LJZmlkYNj8laGwalNlYZs3UrVv6NO |
|||
Br2loAECgYEA2kvCvPGj0Dg/6g7WhXDvAkEbcaL1tSeCxBbNH+6HS2UWMWvyTtCn |
|||
/bbD519QIdkvayy1QjEf32GV/UjUVmlULMLBcDy0DGjtL3+XpIhLKWDNxN1v1/ai |
|||
1oz23ZJCOgnk6K4qtFtlRS1XtynjA+rBetvYvLP9SKeFrnpzCgaA2r0CgYEA0+KX |
|||
1ACXDTNH5ySX3kMjSS9xdINf+OOw4CvPHFwbtc9aqk2HePlEsBTz5I/W3rKwXva3 |
|||
NqZ/bRqVVeZB/hHKFywgdUQk2Uc5z/S7Lw70/w1HubNTXGU06Ngb6zOFAo/o/TwZ |
|||
zTP1BMIKSOB6PAZPS3l+aLO4FRIRotfFhgRHOoECgYEAmiZbqt8cJaJDB/5YYDzC |
|||
mp3tSk6gIb936Q6M5VqkMYp9pIKsxhk0N8aDCnTU+kIK6SzWBpr3/d9Ecmqmfyq7 |
|||
5SvWO3KyVf0WWK9KH0abhOm2BKm2HBQvI0DB5u8sUx2/hsvOnjPYDISbZ11t0MtK |
|||
u35Zy89yMYcSsIYJjG/ROCUCgYEAgI2P9G5PNxEP5OtMwOsW84Y3Xat/hPAQFlI+ |
|||
HES+AzbFGWJkeT8zL2nm95tVkFP1sggZ7Kxjz3w7cpx7GX0NkbWSE9O+T51pNASV |
|||
tN1sQ3p5M+/a+cnlqgfEGJVvc7iAcXQPa3LEi5h2yPR49QYXAgG6cifn3dDSpmwn |
|||
SUI7PQECgYEApGCIIpSRPLAEHTGmP87RBL1smurhwmy2s/pghkvUkWehtxg0sGHh |
|||
kuaqDWcskogv+QC0sVdytiLSz8G0DwcEcsHK1Fkyb8A+ayiw6jWJDo2m9+IF4Fww |
|||
1Te6jFPYDESnbhq7+TLGgHGhtwcu5cnb4vSuYXGXKupZGzoLOBbv1Zw= |
|||
-----END RSA PRIVATE KEY----- |
File diff suppressed because it is too large
@ -0,0 +1,446 @@ |
|||
/* apps/crl.c */ |
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
|||
* All rights reserved. |
|||
* |
|||
* This package is an SSL implementation written |
|||
* by Eric Young (eay@cryptsoft.com). |
|||
* The implementation was written so as to conform with Netscapes SSL. |
|||
* |
|||
* This library is free for commercial and non-commercial use as long as |
|||
* the following conditions are aheared to. The following conditions |
|||
* apply to all code found in this distribution, be it the RC4, RSA, |
|||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
|||
* included with this distribution is covered by the same copyright terms |
|||
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
|||
* |
|||
* Copyright remains Eric Young's, and as such any Copyright notices in |
|||
* the code are not to be removed. |
|||
* If this package is used in a product, Eric Young should be given attribution |
|||
* as the author of the parts of the library used. |
|||
* This can be in the form of a textual message at program startup or |
|||
* in documentation (online or textual) provided with the package. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* 1. Redistributions of source code must retain the copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in the |
|||
* documentation and/or other materials provided with the distribution. |
|||
* 3. All advertising materials mentioning features or use of this software |
|||
* must display the following acknowledgement: |
|||
* "This product includes cryptographic software written by |
|||
* Eric Young (eay@cryptsoft.com)" |
|||
* The word 'cryptographic' can be left out if the rouines from the library |
|||
* being used are not cryptographic related :-). |
|||
* 4. If you include any Windows specific code (or a derivative thereof) from |
|||
* the apps directory (application code) you must include an acknowledgement: |
|||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|||
* SUCH DAMAGE. |
|||
* |
|||
* The licence and distribution terms for any publically available version or |
|||
* derivative of this code cannot be changed. i.e. this code cannot simply be |
|||
* copied and put under another distribution licence |
|||
* [including the GNU Public Licence.] |
|||
*/ |
|||
|
|||
#include <stdio.h> |
|||
#include <stdlib.h> |
|||
#include <string.h> |
|||
#include "apps.h" |
|||
#include <openssl/bio.h> |
|||
#include <openssl/err.h> |
|||
#include <openssl/x509.h> |
|||
#include <openssl/x509v3.h> |
|||
#include <openssl/pem.h> |
|||
|
|||
#undef PROG |
|||
#define PROG crl_main |
|||
|
|||
#undef POSTFIX |
|||
#define POSTFIX ".rvk" |
|||
|
|||
static const char *crl_usage[]={ |
|||
"usage: crl args\n", |
|||
"\n", |
|||
" -inform arg - input format - default PEM (DER or PEM)\n", |
|||
" -outform arg - output format - default PEM\n", |
|||
" -text - print out a text format version\n", |
|||
" -in arg - input file - default stdin\n", |
|||
" -out arg - output file - default stdout\n", |
|||
" -hash - print hash value\n", |
|||
" -fingerprint - print the crl fingerprint\n", |
|||
" -issuer - print issuer DN\n", |
|||
" -lastupdate - lastUpdate field\n", |
|||
" -nextupdate - nextUpdate field\n", |
|||
" -crlnumber - print CRL number\n", |
|||
" -noout - no CRL output\n", |
|||
" -CAfile name - verify CRL using certificates in file \"name\"\n", |
|||
" -CApath dir - verify CRL using certificates in \"dir\"\n", |
|||
" -nameopt arg - various certificate name options\n", |
|||
NULL |
|||
}; |
|||
|
|||
static X509_CRL *load_crl(char *file, int format); |
|||
static BIO *bio_out=NULL; |
|||
|
|||
int MAIN(int, char **); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
unsigned long nmflag = 0; |
|||
X509_CRL *x=NULL; |
|||
char *CAfile = NULL, *CApath = NULL; |
|||
int ret=1,i,num,badops=0; |
|||
BIO *out=NULL; |
|||
int informat,outformat; |
|||
char *infile=NULL,*outfile=NULL; |
|||
int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0; |
|||
int fingerprint = 0, crlnumber = 0; |
|||
const char **pp; |
|||
X509_STORE *store = NULL; |
|||
X509_STORE_CTX ctx; |
|||
X509_LOOKUP *lookup = NULL; |
|||
X509_OBJECT xobj; |
|||
EVP_PKEY *pkey; |
|||
int do_ver = 0; |
|||
const EVP_MD *md_alg,*digest=EVP_sha1(); |
|||
|
|||
apps_startup(); |
|||
|
|||
if (bio_err == NULL) |
|||
if ((bio_err=BIO_new(BIO_s_file())) != NULL) |
|||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); |
|||
|
|||
if (!load_config(bio_err, NULL)) |
|||
goto end; |
|||
|
|||
if (bio_out == NULL) |
|||
if ((bio_out=BIO_new(BIO_s_file())) != NULL) |
|||
{ |
|||
BIO_set_fp(bio_out,stdout,BIO_NOCLOSE); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
bio_out = BIO_push(tmpbio, bio_out); |
|||
} |
|||
#endif |
|||
} |
|||
|
|||
informat=FORMAT_PEM; |
|||
outformat=FORMAT_PEM; |
|||
|
|||
argc--; |
|||
argv++; |
|||
num=0; |
|||
while (argc >= 1) |
|||
{ |
|||
#ifdef undef |
|||
if (strcmp(*argv,"-p") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
if (!args_from_file(++argv,Nargc,Nargv)) { goto end; }*/ |
|||
} |
|||
#endif |
|||
if (strcmp(*argv,"-inform") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
informat=str2fmt(*(++argv)); |
|||
} |
|||
else if (strcmp(*argv,"-outform") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
outformat=str2fmt(*(++argv)); |
|||
} |
|||
else if (strcmp(*argv,"-in") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
infile= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-out") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
outfile= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-CApath") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
CApath = *(++argv); |
|||
do_ver = 1; |
|||
} |
|||
else if (strcmp(*argv,"-CAfile") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
CAfile = *(++argv); |
|||
do_ver = 1; |
|||
} |
|||
else if (strcmp(*argv,"-verify") == 0) |
|||
do_ver = 1; |
|||
else if (strcmp(*argv,"-text") == 0) |
|||
text = 1; |
|||
else if (strcmp(*argv,"-hash") == 0) |
|||
hash= ++num; |
|||
else if (strcmp(*argv,"-nameopt") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
if (!set_name_ex(&nmflag, *(++argv))) goto bad; |
|||
} |
|||
else if (strcmp(*argv,"-issuer") == 0) |
|||
issuer= ++num; |
|||
else if (strcmp(*argv,"-lastupdate") == 0) |
|||
lastupdate= ++num; |
|||
else if (strcmp(*argv,"-nextupdate") == 0) |
|||
nextupdate= ++num; |
|||
else if (strcmp(*argv,"-noout") == 0) |
|||
noout= ++num; |
|||
else if (strcmp(*argv,"-fingerprint") == 0) |
|||
fingerprint= ++num; |
|||
else if (strcmp(*argv,"-crlnumber") == 0) |
|||
crlnumber= ++num; |
|||
else if ((md_alg=EVP_get_digestbyname(*argv + 1))) |
|||
{ |
|||
/* ok */ |
|||
digest=md_alg; |
|||
} |
|||
else |
|||
{ |
|||
BIO_printf(bio_err,"unknown option %s\n",*argv); |
|||
badops=1; |
|||
break; |
|||
} |
|||
argc--; |
|||
argv++; |
|||
} |
|||
|
|||
if (badops) |
|||
{ |
|||
bad: |
|||
for (pp=crl_usage; (*pp != NULL); pp++) |
|||
BIO_printf(bio_err,"%s",*pp); |
|||
goto end; |
|||
} |
|||
|
|||
ERR_load_crypto_strings(); |
|||
x=load_crl(infile,informat); |
|||
if (x == NULL) { goto end; } |
|||
|
|||
if(do_ver) { |
|||
store = X509_STORE_new(); |
|||
lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file()); |
|||
if (lookup == NULL) goto end; |
|||
if (!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) |
|||
X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT); |
|||
|
|||
lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir()); |
|||
if (lookup == NULL) goto end; |
|||
if (!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) |
|||
X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT); |
|||
ERR_clear_error(); |
|||
|
|||
if(!X509_STORE_CTX_init(&ctx, store, NULL, NULL)) { |
|||
BIO_printf(bio_err, |
|||
"Error initialising X509 store\n"); |
|||
goto end; |
|||
} |
|||
|
|||
i = X509_STORE_get_by_subject(&ctx, X509_LU_X509, |
|||
X509_CRL_get_issuer(x), &xobj); |
|||
if(i <= 0) { |
|||
BIO_printf(bio_err, |
|||
"Error getting CRL issuer certificate\n"); |
|||
goto end; |
|||
} |
|||
pkey = X509_get_pubkey(xobj.data.x509); |
|||
X509_OBJECT_free_contents(&xobj); |
|||
if(!pkey) { |
|||
BIO_printf(bio_err, |
|||
"Error getting CRL issuer public key\n"); |
|||
goto end; |
|||
} |
|||
i = X509_CRL_verify(x, pkey); |
|||
EVP_PKEY_free(pkey); |
|||
if(i < 0) goto end; |
|||
if(i == 0) BIO_printf(bio_err, "verify failure\n"); |
|||
else BIO_printf(bio_err, "verify OK\n"); |
|||
} |
|||
|
|||
if (num) |
|||
{ |
|||
for (i=1; i<=num; i++) |
|||
{ |
|||
if (issuer == i) |
|||
{ |
|||
print_name(bio_out, "issuer=", X509_CRL_get_issuer(x), nmflag); |
|||
} |
|||
if (crlnumber == i) |
|||
{ |
|||
ASN1_INTEGER *crlnum; |
|||
crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number, |
|||
NULL, NULL); |
|||
BIO_printf(bio_out,"crlNumber="); |
|||
if (crlnum) |
|||
{ |
|||
i2a_ASN1_INTEGER(bio_out, crlnum); |
|||
ASN1_INTEGER_free(crlnum); |
|||
} |
|||
else |
|||
BIO_puts(bio_out, "<NONE>"); |
|||
BIO_printf(bio_out,"\n"); |
|||
} |
|||
if (hash == i) |
|||
{ |
|||
BIO_printf(bio_out,"%08lx\n", |
|||
X509_NAME_hash(X509_CRL_get_issuer(x))); |
|||
} |
|||
if (lastupdate == i) |
|||
{ |
|||
BIO_printf(bio_out,"lastUpdate="); |
|||
ASN1_TIME_print(bio_out, |
|||
X509_CRL_get_lastUpdate(x)); |
|||
BIO_printf(bio_out,"\n"); |
|||
} |
|||
if (nextupdate == i) |
|||
{ |
|||
BIO_printf(bio_out,"nextUpdate="); |
|||
if (X509_CRL_get_nextUpdate(x)) |
|||
ASN1_TIME_print(bio_out, |
|||
X509_CRL_get_nextUpdate(x)); |
|||
else |
|||
BIO_printf(bio_out,"NONE"); |
|||
BIO_printf(bio_out,"\n"); |
|||
} |
|||
if (fingerprint == i) |
|||
{ |
|||
int j; |
|||
unsigned int n; |
|||
unsigned char md[EVP_MAX_MD_SIZE]; |
|||
|
|||
if (!X509_CRL_digest(x,digest,md,&n)) |
|||
{ |
|||
BIO_printf(bio_err,"out of memory\n"); |
|||
goto end; |
|||
} |
|||
BIO_printf(bio_out,"%s Fingerprint=", |
|||
OBJ_nid2sn(EVP_MD_type(digest))); |
|||
for (j=0; j<(int)n; j++) |
|||
{ |
|||
BIO_printf(bio_out,"%02X%c",md[j], |
|||
(j+1 == (int)n) |
|||
?'\n':':'); |
|||
} |
|||
} |
|||
} |
|||
} |
|||
|
|||
out=BIO_new(BIO_s_file()); |
|||
if (out == NULL) |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
if (outfile == NULL) |
|||
{ |
|||
BIO_set_fp(out,stdout,BIO_NOCLOSE); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
out = BIO_push(tmpbio, out); |
|||
} |
|||
#endif |
|||
} |
|||
else |
|||
{ |
|||
if (BIO_write_filename(out,outfile) <= 0) |
|||
{ |
|||
perror(outfile); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
if (text) X509_CRL_print(out, x); |
|||
|
|||
if (noout) |
|||
{ |
|||
ret = 0; |
|||
goto end; |
|||
} |
|||
|
|||
if (outformat == FORMAT_ASN1) |
|||
i=(int)i2d_X509_CRL_bio(out,x); |
|||
else if (outformat == FORMAT_PEM) |
|||
i=PEM_write_bio_X509_CRL(out,x); |
|||
else |
|||
{ |
|||
BIO_printf(bio_err,"bad output format specified for outfile\n"); |
|||
goto end; |
|||
} |
|||
if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; } |
|||
ret=0; |
|||
end: |
|||
BIO_free_all(out); |
|||
BIO_free_all(bio_out); |
|||
bio_out=NULL; |
|||
X509_CRL_free(x); |
|||
if(store) { |
|||
X509_STORE_CTX_cleanup(&ctx); |
|||
X509_STORE_free(store); |
|||
} |
|||
apps_shutdown(); |
|||
OPENSSL_EXIT(ret); |
|||
} |
|||
|
|||
static X509_CRL *load_crl(char *infile, int format) |
|||
{ |
|||
X509_CRL *x=NULL; |
|||
BIO *in=NULL; |
|||
|
|||
in=BIO_new(BIO_s_file()); |
|||
if (in == NULL) |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
if (infile == NULL) |
|||
BIO_set_fp(in,stdin,BIO_NOCLOSE); |
|||
else |
|||
{ |
|||
if (BIO_read_filename(in,infile) <= 0) |
|||
{ |
|||
perror(infile); |
|||
goto end; |
|||
} |
|||
} |
|||
if (format == FORMAT_ASN1) |
|||
x=d2i_X509_CRL_bio(in,NULL); |
|||
else if (format == FORMAT_PEM) |
|||
x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL); |
|||
else { |
|||
BIO_printf(bio_err,"bad input format specified for input crl\n"); |
|||
goto end; |
|||
} |
|||
if (x == NULL) |
|||
{ |
|||
BIO_printf(bio_err,"unable to load CRL\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
end: |
|||
BIO_free(in); |
|||
return(x); |
|||
} |
|||
|
@ -0,0 +1,337 @@ |
|||
/* apps/crl2p7.c */ |
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
|||
* All rights reserved. |
|||
* |
|||
* This package is an SSL implementation written |
|||
* by Eric Young (eay@cryptsoft.com). |
|||
* The implementation was written so as to conform with Netscapes SSL. |
|||
* |
|||
* This library is free for commercial and non-commercial use as long as |
|||
* the following conditions are aheared to. The following conditions |
|||
* apply to all code found in this distribution, be it the RC4, RSA, |
|||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
|||
* included with this distribution is covered by the same copyright terms |
|||
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
|||
* |
|||
* Copyright remains Eric Young's, and as such any Copyright notices in |
|||
* the code are not to be removed. |
|||
* If this package is used in a product, Eric Young should be given attribution |
|||
* as the author of the parts of the library used. |
|||
* This can be in the form of a textual message at program startup or |
|||
* in documentation (online or textual) provided with the package. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* 1. Redistributions of source code must retain the copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in the |
|||
* documentation and/or other materials provided with the distribution. |
|||
* 3. All advertising materials mentioning features or use of this software |
|||
* must display the following acknowledgement: |
|||
* "This product includes cryptographic software written by |
|||
* Eric Young (eay@cryptsoft.com)" |
|||
* The word 'cryptographic' can be left out if the rouines from the library |
|||
* being used are not cryptographic related :-). |
|||
* 4. If you include any Windows specific code (or a derivative thereof) from |
|||
* the apps directory (application code) you must include an acknowledgement: |
|||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|||
* SUCH DAMAGE. |
|||
* |
|||
* The licence and distribution terms for any publically available version or |
|||
* derivative of this code cannot be changed. i.e. this code cannot simply be |
|||
* copied and put under another distribution licence |
|||
* [including the GNU Public Licence.] |
|||
*/ |
|||
|
|||
/* This was written by Gordon Chaffee <chaffee@plateau.cs.berkeley.edu>
|
|||
* and donated 'to the cause' along with lots and lots of other fixes to |
|||
* the library. */ |
|||
|
|||
#include <stdio.h> |
|||
#include <string.h> |
|||
#include <sys/types.h> |
|||
#include "apps.h" |
|||
#include <openssl/err.h> |
|||
#include <openssl/evp.h> |
|||
#include <openssl/x509.h> |
|||
#include <openssl/pkcs7.h> |
|||
#include <openssl/pem.h> |
|||
#include <openssl/objects.h> |
|||
|
|||
static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile); |
|||
#undef PROG |
|||
#define PROG crl2pkcs7_main |
|||
|
|||
/* -inform arg - input format - default PEM (DER or PEM)
|
|||
* -outform arg - output format - default PEM |
|||
* -in arg - input file - default stdin |
|||
* -out arg - output file - default stdout |
|||
*/ |
|||
|
|||
int MAIN(int, char **); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
int i,badops=0; |
|||
BIO *in=NULL,*out=NULL; |
|||
int informat,outformat; |
|||
char *infile,*outfile,*prog,*certfile; |
|||
PKCS7 *p7 = NULL; |
|||
PKCS7_SIGNED *p7s = NULL; |
|||
X509_CRL *crl=NULL; |
|||
STACK_OF(OPENSSL_STRING) *certflst=NULL; |
|||
STACK_OF(X509_CRL) *crl_stack=NULL; |
|||
STACK_OF(X509) *cert_stack=NULL; |
|||
int ret=1,nocrl=0; |
|||
|
|||
apps_startup(); |
|||
|
|||
if (bio_err == NULL) |
|||
if ((bio_err=BIO_new(BIO_s_file())) != NULL) |
|||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); |
|||
|
|||
infile=NULL; |
|||
outfile=NULL; |
|||
informat=FORMAT_PEM; |
|||
outformat=FORMAT_PEM; |
|||
|
|||
prog=argv[0]; |
|||
argc--; |
|||
argv++; |
|||
while (argc >= 1) |
|||
{ |
|||
if (strcmp(*argv,"-inform") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
informat=str2fmt(*(++argv)); |
|||
} |
|||
else if (strcmp(*argv,"-outform") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
outformat=str2fmt(*(++argv)); |
|||
} |
|||
else if (strcmp(*argv,"-in") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
infile= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-nocrl") == 0) |
|||
{ |
|||
nocrl=1; |
|||
} |
|||
else if (strcmp(*argv,"-out") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
outfile= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-certfile") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
if(!certflst) certflst = sk_OPENSSL_STRING_new_null(); |
|||
sk_OPENSSL_STRING_push(certflst,*(++argv)); |
|||
} |
|||
else |
|||
{ |
|||
BIO_printf(bio_err,"unknown option %s\n",*argv); |
|||
badops=1; |
|||
break; |
|||
} |
|||
argc--; |
|||
argv++; |
|||
} |
|||
|
|||
if (badops) |
|||
{ |
|||
bad: |
|||
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); |
|||
BIO_printf(bio_err,"where options are\n"); |
|||
BIO_printf(bio_err," -inform arg input format - DER or PEM\n"); |
|||
BIO_printf(bio_err," -outform arg output format - DER or PEM\n"); |
|||
BIO_printf(bio_err," -in arg input file\n"); |
|||
BIO_printf(bio_err," -out arg output file\n"); |
|||
BIO_printf(bio_err," -certfile arg certificates file of chain to a trusted CA\n"); |
|||
BIO_printf(bio_err," (can be used more than once)\n"); |
|||
BIO_printf(bio_err," -nocrl no crl to load, just certs from '-certfile'\n"); |
|||
ret = 1; |
|||
goto end; |
|||
} |
|||
|
|||
ERR_load_crypto_strings(); |
|||
|
|||
in=BIO_new(BIO_s_file()); |
|||
out=BIO_new(BIO_s_file()); |
|||
if ((in == NULL) || (out == NULL)) |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
if (!nocrl) |
|||
{ |
|||
if (infile == NULL) |
|||
BIO_set_fp(in,stdin,BIO_NOCLOSE); |
|||
else |
|||
{ |
|||
if (BIO_read_filename(in,infile) <= 0) |
|||
{ |
|||
perror(infile); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
if (informat == FORMAT_ASN1) |
|||
crl=d2i_X509_CRL_bio(in,NULL); |
|||
else if (informat == FORMAT_PEM) |
|||
crl=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL); |
|||
else { |
|||
BIO_printf(bio_err,"bad input format specified for input crl\n"); |
|||
goto end; |
|||
} |
|||
if (crl == NULL) |
|||
{ |
|||
BIO_printf(bio_err,"unable to load CRL\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
if ((p7=PKCS7_new()) == NULL) goto end; |
|||
if ((p7s=PKCS7_SIGNED_new()) == NULL) goto end; |
|||
p7->type=OBJ_nid2obj(NID_pkcs7_signed); |
|||
p7->d.sign=p7s; |
|||
p7s->contents->type=OBJ_nid2obj(NID_pkcs7_data); |
|||
|
|||
if (!ASN1_INTEGER_set(p7s->version,1)) goto end; |
|||
if ((crl_stack=sk_X509_CRL_new_null()) == NULL) goto end; |
|||
p7s->crl=crl_stack; |
|||
if (crl != NULL) |
|||
{ |
|||
sk_X509_CRL_push(crl_stack,crl); |
|||
crl=NULL; /* now part of p7 for OPENSSL_freeing */ |
|||
} |
|||
|
|||
if ((cert_stack=sk_X509_new_null()) == NULL) goto end; |
|||
p7s->cert=cert_stack; |
|||
|
|||
if(certflst) for(i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) { |
|||
certfile = sk_OPENSSL_STRING_value(certflst, i); |
|||
if (add_certs_from_file(cert_stack,certfile) < 0) |
|||
{ |
|||
BIO_printf(bio_err, "error loading certificates\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
sk_OPENSSL_STRING_free(certflst); |
|||
|
|||
if (outfile == NULL) |
|||
{ |
|||
BIO_set_fp(out,stdout,BIO_NOCLOSE); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
out = BIO_push(tmpbio, out); |
|||
} |
|||
#endif |
|||
} |
|||
else |
|||
{ |
|||
if (BIO_write_filename(out,outfile) <= 0) |
|||
{ |
|||
perror(outfile); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
if (outformat == FORMAT_ASN1) |
|||
i=i2d_PKCS7_bio(out,p7); |
|||
else if (outformat == FORMAT_PEM) |
|||
i=PEM_write_bio_PKCS7(out,p7); |
|||
else { |
|||
BIO_printf(bio_err,"bad output format specified for outfile\n"); |
|||
goto end; |
|||
} |
|||
if (!i) |
|||
{ |
|||
BIO_printf(bio_err,"unable to write pkcs7 object\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
ret=0; |
|||
end: |
|||
if (in != NULL) BIO_free(in); |
|||
if (out != NULL) BIO_free_all(out); |
|||
if (p7 != NULL) PKCS7_free(p7); |
|||
if (crl != NULL) X509_CRL_free(crl); |
|||
|
|||
apps_shutdown(); |
|||
OPENSSL_EXIT(ret); |
|||
} |
|||
|
|||
/*
|
|||
*---------------------------------------------------------------------- |
|||
* int add_certs_from_file |
|||
* |
|||
* Read a list of certificates to be checked from a file. |
|||
* |
|||
* Results: |
|||
* number of certs added if successful, -1 if not. |
|||
*---------------------------------------------------------------------- |
|||
*/ |
|||
static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile) |
|||
{ |
|||
BIO *in=NULL; |
|||
int count=0; |
|||
int ret= -1; |
|||
STACK_OF(X509_INFO) *sk=NULL; |
|||
X509_INFO *xi; |
|||
|
|||
in=BIO_new(BIO_s_file()); |
|||
if ((in == NULL) || (BIO_read_filename(in,certfile) <= 0)) |
|||
{ |
|||
BIO_printf(bio_err,"error opening the file, %s\n",certfile); |
|||
goto end; |
|||
} |
|||
|
|||
/* This loads from a file, a stack of x509/crl/pkey sets */ |
|||
sk=PEM_X509_INFO_read_bio(in,NULL,NULL,NULL); |
|||
if (sk == NULL) { |
|||
BIO_printf(bio_err,"error reading the file, %s\n",certfile); |
|||
goto end; |
|||
} |
|||
|
|||
/* scan over it and pull out the CRL's */ |
|||
while (sk_X509_INFO_num(sk)) |
|||
{ |
|||
xi=sk_X509_INFO_shift(sk); |
|||
if (xi->x509 != NULL) |
|||
{ |
|||
sk_X509_push(stack,xi->x509); |
|||
xi->x509=NULL; |
|||
count++; |
|||
} |
|||
X509_INFO_free(xi); |
|||
} |
|||
|
|||
ret=count; |
|||
end: |
|||
/* never need to OPENSSL_free x */ |
|||
if (in != NULL) BIO_free(in); |
|||
if (sk != NULL) sk_X509_INFO_free(sk); |
|||
return(ret); |
|||
} |
|||
|
@ -0,0 +1,14 @@ |
|||
subject=/C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server |
|||
issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA |
|||
-----BEGIN X509 CERTIFICATE----- |
|||
|
|||
MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV |
|||
BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz |
|||
MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM |
|||
RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV |
|||
BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3 |
|||
LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb |
|||
/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0 |
|||
DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn |
|||
IMs6ZOZB |
|||
-----END X509 CERTIFICATE----- |
@ -0,0 +1,39 @@ |
|||
R 980705233205Z 951009233205Z 01 certs/00000001 /CN=Eric Young |
|||
E 951009233205Z 02 certs/00000002 /CN=Duncan Young |
|||
R 980705233205Z 951201010000Z 03 certs/00000003 /CN=Tim Hudson |
|||
V 980705233205Z 04 certs/00000004 /CN=Eric Young4 |
|||
V 980705233205Z 05 certs/00000004 /CN=Eric Young5 |
|||
V 980705233205Z 06 certs/00000004 /CN=Eric Young6 |
|||
V 980705233205Z 07 certs/00000004 /CN=Eric Young7 |
|||
V 980705233205Z 08 certs/00000004 /CN=Eric Young8 |
|||
V 980705233205Z 09 certs/00000004 /CN=Eric Young9 |
|||
V 980705233205Z 0A certs/00000004 /CN=Eric YoungA |
|||
V 980705233205Z 0B certs/00000004 /CN=Eric YoungB |
|||
V 980705233205Z 0C certs/00000004 /CN=Eric YoungC |
|||
V 980705233205Z 0D certs/00000004 /CN=Eric YoungD |
|||
V 980705233205Z 0E certs/00000004 /CN=Eric YoungE |
|||
V 980705233205Z 0F certs/00000004 /CN=Eric YoungF |
|||
V 980705233205Z 10 certs/00000004 /CN=Eric Young10 |
|||
V 980705233205Z 11 certs/00000004 /CN=Eric Young11 |
|||
V 980705233205Z 12 certs/00000004 /CN=Eric Young12 |
|||
V 980705233205Z 13 certs/00000004 /CN=Eric Young13 |
|||
V 980705233205Z 14 certs/00000004 /CN=Eric Young14 |
|||
V 980705233205Z 15 certs/00000004 /CN=Eric Young15 |
|||
V 980705233205Z 16 certs/00000004 /CN=Eric Young16 |
|||
V 980705233205Z 17 certs/00000004 /CN=Eric Young17 |
|||
V 961206150305Z 010C unknown /C=AU/SP=QLD/O=Mincom Pty. Ltd./OU=MTR/CN=Eric Young/Email=eay@mincom.oz.au |
|||
V 961206153245Z 010D unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=Eric Young/Email=eay@mincom.oz.au |
|||
V 970322074816Z 010E unknown /CN=Eric Young/Email=eay@mincom.oz.au |
|||
V 970322075152Z 010F unknown /CN=Eric Young |
|||
V 970322075906Z 0110 unknown /CN=Eric Youngg |
|||
V 970324092238Z 0111 unknown /C=AU/SP=Queensland/CN=Eric Young |
|||
V 970324221931Z 0112 unknown /CN=Fred |
|||
V 970324224934Z 0113 unknown /C=AU/CN=eay |
|||
V 971001005237Z 0114 unknown /C=AU/SP=QLD/O=Mincom Pty Ltd/OU=MTR/CN=x509v3 test |
|||
V 971001010331Z 0115 unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test again - x509v3 |
|||
V 971001013945Z 0117 unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=x509v3 test |
|||
V 971014225415Z 0118 unknown /C=AU/SP=Queensland/CN=test |
|||
V 971015004448Z 0119 unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test2 |
|||
V 971016035001Z 011A unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test64 |
|||
V 971016080129Z 011B unknown /C=FR/O=ALCATEL/OU=Alcatel Mobile Phones/CN=bourque/Email=bourque@art.alcatel.fr |
|||
V 971016224000Z 011D unknown /L=Bedford/O=Cranfield University/OU=Computer Centre/CN=Peter R Lister/Email=P.Lister@cranfield.ac.uk |
@ -0,0 +1,24 @@ |
|||
issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA |
|||
subject=/C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server |
|||
-----BEGIN X509 CERTIFICATE----- |
|||
|
|||
MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV |
|||
BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz |
|||
MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM |
|||
RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV |
|||
BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3 |
|||
LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb |
|||
/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0 |
|||
DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn |
|||
IMs6ZOZB |
|||
-----END X509 CERTIFICATE----- |
|||
-----BEGIN RSA PRIVATE KEY----- |
|||
|
|||
MIIBPAIBAAJBALcsJdxJxa5rQ8UuQcEubZV6OqkDUXhFDyrRWNGI9p+PH9n9pYfe |
|||
Kl0xW+4kZr/AVdv+cMUsOV9an6gI/CEG1U8CAwEAAQJAXJMBZ34ZXHd1vtgL/3hZ |
|||
hexKbVTx/djZO4imXO/dxPGRzG2ylYZpHmG32/T1kaHpZlCHoEPgHoSzmxYXfxjG |
|||
sQIhAPmZ/bQOjmRUHM/VM2X5zrjjM6z18R1P6l3ObFwt9FGdAiEAu943Yh9SqMRw |
|||
tL0xHGxKmM/YJueUw1gB6sLkETN71NsCIQCeT3RhoqXfrpXDoEcEU+gwzjI1bpxq |
|||
agiNTOLfqGoA5QIhAIQFYjgzONxex7FLrsKBm16N2SFl5pXsN9SpRqqL2n63AiEA |
|||
g9VNIQ3xwpw7og3IbONifeku+J9qGMGQJMKwSTwrFtI= |
|||
-----END RSA PRIVATE KEY----- |
@ -0,0 +1 @@ |
|||
011E |
@ -0,0 +1,6 @@ |
|||
# This is a file that will be filled by the openssl srp routine. |
|||
# You can initialize the file with additional groups, these are |
|||
# records starting with a I followed by the g and N values and the id. |
|||
# The exact values ... you have to dig this out from the source of srp.c |
|||
# or srp_vfy.c |
|||
# The last value of an I is used as the default group for new users. |
@ -0,0 +1 @@ |
|||
unique_subject = yes |
@ -0,0 +1,644 @@ |
|||
/* apps/dgst.c */ |
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
|||
* All rights reserved. |
|||
* |
|||
* This package is an SSL implementation written |
|||
* by Eric Young (eay@cryptsoft.com). |
|||
* The implementation was written so as to conform with Netscapes SSL. |
|||
* |
|||
* This library is free for commercial and non-commercial use as long as |
|||
* the following conditions are aheared to. The following conditions |
|||
* apply to all code found in this distribution, be it the RC4, RSA, |
|||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
|||
* included with this distribution is covered by the same copyright terms |
|||
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
|||
* |
|||
* Copyright remains Eric Young's, and as such any Copyright notices in |
|||
* the code are not to be removed. |
|||
* If this package is used in a product, Eric Young should be given attribution |
|||
* as the author of the parts of the library used. |
|||
* This can be in the form of a textual message at program startup or |
|||
* in documentation (online or textual) provided with the package. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* 1. Redistributions of source code must retain the copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in the |
|||
* documentation and/or other materials provided with the distribution. |
|||
* 3. All advertising materials mentioning features or use of this software |
|||
* must display the following acknowledgement: |
|||
* "This product includes cryptographic software written by |
|||
* Eric Young (eay@cryptsoft.com)" |
|||
* The word 'cryptographic' can be left out if the rouines from the library |
|||
* being used are not cryptographic related :-). |
|||
* 4. If you include any Windows specific code (or a derivative thereof) from |
|||
* the apps directory (application code) you must include an acknowledgement: |
|||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|||
* SUCH DAMAGE. |
|||
* |
|||
* The licence and distribution terms for any publically available version or |
|||
* derivative of this code cannot be changed. i.e. this code cannot simply be |
|||
* copied and put under another distribution licence |
|||
* [including the GNU Public Licence.] |
|||
*/ |
|||
|
|||
#include <stdio.h> |
|||
#include <string.h> |
|||
#include <stdlib.h> |
|||
#include "apps.h" |
|||
#include <openssl/bio.h> |
|||
#include <openssl/err.h> |
|||
#include <openssl/evp.h> |
|||
#include <openssl/objects.h> |
|||
#include <openssl/x509.h> |
|||
#include <openssl/pem.h> |
|||
#include <openssl/hmac.h> |
|||
|
|||
#undef BUFSIZE |
|||
#define BUFSIZE 1024*8 |
|||
|
|||
#undef PROG |
|||
#define PROG dgst_main |
|||
|
|||
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, |
|||
EVP_PKEY *key, unsigned char *sigin, int siglen, |
|||
const char *sig_name, const char *md_name, |
|||
const char *file,BIO *bmd); |
|||
|
|||
static void list_md_fn(const EVP_MD *m, |
|||
const char *from, const char *to, void *arg) |
|||
{ |
|||
const char *mname; |
|||
/* Skip aliases */ |
|||
if (!m) |
|||
return; |
|||
mname = OBJ_nid2ln(EVP_MD_type(m)); |
|||
/* Skip shortnames */ |
|||
if (strcmp(from, mname)) |
|||
return; |
|||
/* Skip clones */ |
|||
if (EVP_MD_flags(m) & EVP_MD_FLAG_PKEY_DIGEST) |
|||
return; |
|||
if (strchr(mname, ' ')) |
|||
mname= EVP_MD_name(m); |
|||
BIO_printf(arg, "-%-14s to use the %s message digest algorithm\n", |
|||
mname, mname); |
|||
} |
|||
|
|||
int MAIN(int, char **); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
ENGINE *e = NULL; |
|||
unsigned char *buf=NULL; |
|||
int i,err=1; |
|||
const EVP_MD *md=NULL,*m; |
|||
BIO *in=NULL,*inp; |
|||
BIO *bmd=NULL; |
|||
BIO *out = NULL; |
|||
#define PROG_NAME_SIZE 39 |
|||
char pname[PROG_NAME_SIZE+1]; |
|||
int separator=0; |
|||
int debug=0; |
|||
int keyform=FORMAT_PEM; |
|||
const char *outfile = NULL, *keyfile = NULL; |
|||
const char *sigfile = NULL, *randfile = NULL; |
|||
int out_bin = -1, want_pub = 0, do_verify = 0; |
|||
EVP_PKEY *sigkey = NULL; |
|||
unsigned char *sigbuf = NULL; |
|||
int siglen = 0; |
|||
char *passargin = NULL, *passin = NULL; |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
char *engine=NULL; |
|||
#endif |
|||
char *hmac_key=NULL; |
|||
char *mac_name=NULL; |
|||
int non_fips_allow = 0; |
|||
STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL; |
|||
|
|||
apps_startup(); |
|||
|
|||
if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL) |
|||
{ |
|||
BIO_printf(bio_err,"out of memory\n"); |
|||
goto end; |
|||
} |
|||
if (bio_err == NULL) |
|||
if ((bio_err=BIO_new(BIO_s_file())) != NULL) |
|||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); |
|||
|
|||
if (!load_config(bio_err, NULL)) |
|||
goto end; |
|||
|
|||
/* first check the program name */ |
|||
program_name(argv[0],pname,sizeof pname); |
|||
|
|||
md=EVP_get_digestbyname(pname); |
|||
|
|||
argc--; |
|||
argv++; |
|||
while (argc > 0) |
|||
{ |
|||
if ((*argv)[0] != '-') break; |
|||
if (strcmp(*argv,"-c") == 0) |
|||
separator=1; |
|||
else if (strcmp(*argv,"-r") == 0) |
|||
separator=2; |
|||
else if (strcmp(*argv,"-rand") == 0) |
|||
{ |
|||
if (--argc < 1) break; |
|||
randfile=*(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-out") == 0) |
|||
{ |
|||
if (--argc < 1) break; |
|||
outfile=*(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-sign") == 0) |
|||
{ |
|||
if (--argc < 1) break; |
|||
keyfile=*(++argv); |
|||
} |
|||
else if (!strcmp(*argv,"-passin")) |
|||
{ |
|||
if (--argc < 1) |
|||
break; |
|||
passargin=*++argv; |
|||
} |
|||
else if (strcmp(*argv,"-verify") == 0) |
|||
{ |
|||
if (--argc < 1) break; |
|||
keyfile=*(++argv); |
|||
want_pub = 1; |
|||
do_verify = 1; |
|||
} |
|||
else if (strcmp(*argv,"-prverify") == 0) |
|||
{ |
|||
if (--argc < 1) break; |
|||
keyfile=*(++argv); |
|||
do_verify = 1; |
|||
} |
|||
else if (strcmp(*argv,"-signature") == 0) |
|||
{ |
|||
if (--argc < 1) break; |
|||
sigfile=*(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-keyform") == 0) |
|||
{ |
|||
if (--argc < 1) break; |
|||
keyform=str2fmt(*(++argv)); |
|||
} |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
else if (strcmp(*argv,"-engine") == 0) |
|||
{ |
|||
if (--argc < 1) break; |
|||
engine= *(++argv); |
|||
e = setup_engine(bio_err, engine, 0); |
|||
} |
|||
#endif |
|||
else if (strcmp(*argv,"-hex") == 0) |
|||
out_bin = 0; |
|||
else if (strcmp(*argv,"-binary") == 0) |
|||
out_bin = 1; |
|||
else if (strcmp(*argv,"-d") == 0) |
|||
debug=1; |
|||
else if (strcmp(*argv,"-non-fips-allow") == 0) |
|||
non_fips_allow=1; |
|||
else if (!strcmp(*argv,"-fips-fingerprint")) |
|||
hmac_key = "etaonrishdlcupfm"; |
|||
else if (!strcmp(*argv,"-hmac")) |
|||
{ |
|||
if (--argc < 1) |
|||
break; |
|||
hmac_key=*++argv; |
|||
} |
|||
else if (!strcmp(*argv,"-mac")) |
|||
{ |
|||
if (--argc < 1) |
|||
break; |
|||
mac_name=*++argv; |
|||
} |
|||
else if (strcmp(*argv,"-sigopt") == 0) |
|||
{ |
|||
if (--argc < 1) |
|||
break; |
|||
if (!sigopts) |
|||
sigopts = sk_OPENSSL_STRING_new_null(); |
|||
if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv))) |
|||
break; |
|||
} |
|||
else if (strcmp(*argv,"-macopt") == 0) |
|||
{ |
|||
if (--argc < 1) |
|||
break; |
|||
if (!macopts) |
|||
macopts = sk_OPENSSL_STRING_new_null(); |
|||
if (!macopts || !sk_OPENSSL_STRING_push(macopts, *(++argv))) |
|||
break; |
|||
} |
|||
else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL) |
|||
md=m; |
|||
else |
|||
break; |
|||
argc--; |
|||
argv++; |
|||
} |
|||
|
|||
|
|||
if(do_verify && !sigfile) { |
|||
BIO_printf(bio_err, "No signature to verify: use the -signature option\n"); |
|||
goto end; |
|||
} |
|||
|
|||
if ((argc > 0) && (argv[0][0] == '-')) /* bad option */ |
|||
{ |
|||
BIO_printf(bio_err,"unknown option '%s'\n",*argv); |
|||
BIO_printf(bio_err,"options are\n"); |
|||
BIO_printf(bio_err,"-c to output the digest with separating colons\n"); |
|||
BIO_printf(bio_err,"-r to output the digest in coreutils format\n"); |
|||
BIO_printf(bio_err,"-d to output debug info\n"); |
|||
BIO_printf(bio_err,"-hex output as hex dump\n"); |
|||
BIO_printf(bio_err,"-binary output in binary form\n"); |
|||
BIO_printf(bio_err,"-sign file sign digest using private key in file\n"); |
|||
BIO_printf(bio_err,"-verify file verify a signature using public key in file\n"); |
|||
BIO_printf(bio_err,"-prverify file verify a signature using private key in file\n"); |
|||
BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGINE)\n"); |
|||
BIO_printf(bio_err,"-out filename output to filename rather than stdout\n"); |
|||
BIO_printf(bio_err,"-signature file signature to verify\n"); |
|||
BIO_printf(bio_err,"-sigopt nm:v signature parameter\n"); |
|||
BIO_printf(bio_err,"-hmac key create hashed MAC with key\n"); |
|||
BIO_printf(bio_err,"-mac algorithm create MAC (not neccessarily HMAC)\n"); |
|||
BIO_printf(bio_err,"-macopt nm:v MAC algorithm parameters or key\n"); |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n"); |
|||
#endif |
|||
|
|||
EVP_MD_do_all_sorted(list_md_fn, bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
in=BIO_new(BIO_s_file()); |
|||
bmd=BIO_new(BIO_f_md()); |
|||
if (debug) |
|||
{ |
|||
BIO_set_callback(in,BIO_debug_callback); |
|||
/* needed for windows 3.1 */ |
|||
BIO_set_callback_arg(in,(char *)bio_err); |
|||
} |
|||
|
|||
if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) |
|||
{ |
|||
BIO_printf(bio_err, "Error getting password\n"); |
|||
goto end; |
|||
} |
|||
|
|||
if ((in == NULL) || (bmd == NULL)) |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
if(out_bin == -1) { |
|||
if(keyfile) |
|||
out_bin = 1; |
|||
else |
|||
out_bin = 0; |
|||
} |
|||
|
|||
if(randfile) |
|||
app_RAND_load_file(randfile, bio_err, 0); |
|||
|
|||
if(outfile) { |
|||
if(out_bin) |
|||
out = BIO_new_file(outfile, "wb"); |
|||
else out = BIO_new_file(outfile, "w"); |
|||
} else { |
|||
out = BIO_new_fp(stdout, BIO_NOCLOSE); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
out = BIO_push(tmpbio, out); |
|||
} |
|||
#endif |
|||
} |
|||
|
|||
if(!out) { |
|||
BIO_printf(bio_err, "Error opening output file %s\n", |
|||
outfile ? outfile : "(stdout)"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
if ((!!mac_name + !!keyfile + !!hmac_key) > 1) |
|||
{ |
|||
BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n"); |
|||
goto end; |
|||
} |
|||
|
|||
if(keyfile) |
|||
{ |
|||
if (want_pub) |
|||
sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL, |
|||
e, "key file"); |
|||
else |
|||
sigkey = load_key(bio_err, keyfile, keyform, 0, passin, |
|||
e, "key file"); |
|||
if (!sigkey) |
|||
{ |
|||
/* load_[pub]key() has already printed an appropriate
|
|||
message */ |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
if (mac_name) |
|||
{ |
|||
EVP_PKEY_CTX *mac_ctx = NULL; |
|||
int r = 0; |
|||
if (!init_gen_str(bio_err, &mac_ctx, mac_name,e, 0)) |
|||
goto mac_end; |
|||
if (macopts) |
|||
{ |
|||
char *macopt; |
|||
for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) |
|||
{ |
|||
macopt = sk_OPENSSL_STRING_value(macopts, i); |
|||
if (pkey_ctrl_string(mac_ctx, macopt) <= 0) |
|||
{ |
|||
BIO_printf(bio_err, |
|||
"MAC parameter error \"%s\"\n", |
|||
macopt); |
|||
ERR_print_errors(bio_err); |
|||
goto mac_end; |
|||
} |
|||
} |
|||
} |
|||
if (EVP_PKEY_keygen(mac_ctx, &sigkey) <= 0) |
|||
{ |
|||
BIO_puts(bio_err, "Error generating key\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto mac_end; |
|||
} |
|||
r = 1; |
|||
mac_end: |
|||
if (mac_ctx) |
|||
EVP_PKEY_CTX_free(mac_ctx); |
|||
if (r == 0) |
|||
goto end; |
|||
} |
|||
|
|||
if (non_fips_allow) |
|||
{ |
|||
EVP_MD_CTX *md_ctx; |
|||
BIO_get_md_ctx(bmd,&md_ctx); |
|||
EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); |
|||
} |
|||
|
|||
if (hmac_key) |
|||
{ |
|||
sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, e, |
|||
(unsigned char *)hmac_key, -1); |
|||
if (!sigkey) |
|||
goto end; |
|||
} |
|||
|
|||
if (sigkey) |
|||
{ |
|||
EVP_MD_CTX *mctx = NULL; |
|||
EVP_PKEY_CTX *pctx = NULL; |
|||
int r; |
|||
if (!BIO_get_md_ctx(bmd, &mctx)) |
|||
{ |
|||
BIO_printf(bio_err, "Error getting context\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
if (do_verify) |
|||
r = EVP_DigestVerifyInit(mctx, &pctx, md, e, sigkey); |
|||
else |
|||
r = EVP_DigestSignInit(mctx, &pctx, md, e, sigkey); |
|||
if (!r) |
|||
{ |
|||
BIO_printf(bio_err, "Error setting context\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
if (sigopts) |
|||
{ |
|||
char *sigopt; |
|||
for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) |
|||
{ |
|||
sigopt = sk_OPENSSL_STRING_value(sigopts, i); |
|||
if (pkey_ctrl_string(pctx, sigopt) <= 0) |
|||
{ |
|||
BIO_printf(bio_err, |
|||
"parameter error \"%s\"\n", |
|||
sigopt); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
} |
|||
} |
|||
} |
|||
/* we use md as a filter, reading from 'in' */ |
|||
else |
|||
{ |
|||
if (md == NULL) |
|||
md = EVP_md5(); |
|||
if (!BIO_set_md(bmd,md)) |
|||
{ |
|||
BIO_printf(bio_err, "Error setting digest %s\n", pname); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
if(sigfile && sigkey) { |
|||
BIO *sigbio; |
|||
sigbio = BIO_new_file(sigfile, "rb"); |
|||
siglen = EVP_PKEY_size(sigkey); |
|||
sigbuf = OPENSSL_malloc(siglen); |
|||
if(!sigbio) { |
|||
BIO_printf(bio_err, "Error opening signature file %s\n", |
|||
sigfile); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
siglen = BIO_read(sigbio, sigbuf, siglen); |
|||
BIO_free(sigbio); |
|||
if(siglen <= 0) { |
|||
BIO_printf(bio_err, "Error reading signature file %s\n", |
|||
sigfile); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
} |
|||
inp=BIO_push(bmd,in); |
|||
|
|||
if (md == NULL) |
|||
{ |
|||
EVP_MD_CTX *tctx; |
|||
BIO_get_md_ctx(bmd, &tctx); |
|||
md = EVP_MD_CTX_md(tctx); |
|||
} |
|||
|
|||
if (argc == 0) |
|||
{ |
|||
BIO_set_fp(in,stdin,BIO_NOCLOSE); |
|||
err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf, |
|||
siglen,NULL,NULL,"stdin",bmd); |
|||
} |
|||
else |
|||
{ |
|||
const char *md_name = NULL, *sig_name = NULL; |
|||
if(!out_bin) |
|||
{ |
|||
if (sigkey) |
|||
{ |
|||
const EVP_PKEY_ASN1_METHOD *ameth; |
|||
ameth = EVP_PKEY_get0_asn1(sigkey); |
|||
if (ameth) |
|||
EVP_PKEY_asn1_get0_info(NULL, NULL, |
|||
NULL, NULL, &sig_name, ameth); |
|||
} |
|||
md_name = EVP_MD_name(md); |
|||
} |
|||
err = 0; |
|||
for (i=0; i<argc; i++) |
|||
{ |
|||
int r; |
|||
if (BIO_read_filename(in,argv[i]) <= 0) |
|||
{ |
|||
perror(argv[i]); |
|||
err++; |
|||
continue; |
|||
} |
|||
else |
|||
r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf, |
|||
siglen,sig_name,md_name, argv[i],bmd); |
|||
if(r) |
|||
err=r; |
|||
(void)BIO_reset(bmd); |
|||
} |
|||
} |
|||
end: |
|||
if (buf != NULL) |
|||
{ |
|||
OPENSSL_cleanse(buf,BUFSIZE); |
|||
OPENSSL_free(buf); |
|||
} |
|||
if (in != NULL) BIO_free(in); |
|||
if (passin) |
|||
OPENSSL_free(passin); |
|||
BIO_free_all(out); |
|||
EVP_PKEY_free(sigkey); |
|||
if (sigopts) |
|||
sk_OPENSSL_STRING_free(sigopts); |
|||
if (macopts) |
|||
sk_OPENSSL_STRING_free(macopts); |
|||
if(sigbuf) OPENSSL_free(sigbuf); |
|||
if (bmd != NULL) BIO_free(bmd); |
|||
apps_shutdown(); |
|||
OPENSSL_EXIT(err); |
|||
} |
|||
|
|||
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, |
|||
EVP_PKEY *key, unsigned char *sigin, int siglen, |
|||
const char *sig_name, const char *md_name, |
|||
const char *file,BIO *bmd) |
|||
{ |
|||
size_t len; |
|||
int i; |
|||
|
|||
for (;;) |
|||
{ |
|||
i=BIO_read(bp,(char *)buf,BUFSIZE); |
|||
if(i < 0) |
|||
{ |
|||
BIO_printf(bio_err, "Read Error in %s\n",file); |
|||
ERR_print_errors(bio_err); |
|||
return 1; |
|||
} |
|||
if (i == 0) break; |
|||
} |
|||
if(sigin) |
|||
{ |
|||
EVP_MD_CTX *ctx; |
|||
BIO_get_md_ctx(bp, &ctx); |
|||
i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int)siglen); |
|||
if(i > 0) |
|||
BIO_printf(out, "Verified OK\n"); |
|||
else if(i == 0) |
|||
{ |
|||
BIO_printf(out, "Verification Failure\n"); |
|||
return 1; |
|||
} |
|||
else |
|||
{ |
|||
BIO_printf(bio_err, "Error Verifying Data\n"); |
|||
ERR_print_errors(bio_err); |
|||
return 1; |
|||
} |
|||
return 0; |
|||
} |
|||
if(key) |
|||
{ |
|||
EVP_MD_CTX *ctx; |
|||
BIO_get_md_ctx(bp, &ctx); |
|||
len = BUFSIZE; |
|||
if(!EVP_DigestSignFinal(ctx, buf, &len)) |
|||
{ |
|||
BIO_printf(bio_err, "Error Signing Data\n"); |
|||
ERR_print_errors(bio_err); |
|||
return 1; |
|||
} |
|||
} |
|||
else |
|||
{ |
|||
len=BIO_gets(bp,(char *)buf,BUFSIZE); |
|||
if ((int)len <0) |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
return 1; |
|||
} |
|||
} |
|||
|
|||
if(binout) BIO_write(out, buf, len); |
|||
else if (sep == 2) |
|||
{ |
|||
for (i=0; i<(int)len; i++) |
|||
BIO_printf(out, "%02x",buf[i]); |
|||
BIO_printf(out, " *%s\n", file); |
|||
} |
|||
else |
|||
{ |
|||
if (sig_name) |
|||
BIO_printf(out, "%s-%s(%s)= ", sig_name, md_name, file); |
|||
else if (md_name) |
|||
BIO_printf(out, "%s(%s)= ", md_name, file); |
|||
else |
|||
BIO_printf(out, "(%s)= ", file); |
|||
for (i=0; i<(int)len; i++) |
|||
{ |
|||
if (sep && (i != 0)) |
|||
BIO_printf(out, ":"); |
|||
BIO_printf(out, "%02x",buf[i]); |
|||
} |
|||
BIO_printf(out, "\n"); |
|||
} |
|||
return 0; |
|||
} |
|||
|
@ -0,0 +1,355 @@ |
|||
/* apps/dh.c */ |
|||
/* obsoleted by dhparam.c */ |
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
|||
* All rights reserved. |
|||
* |
|||
* This package is an SSL implementation written |
|||
* by Eric Young (eay@cryptsoft.com). |
|||
* The implementation was written so as to conform with Netscapes SSL. |
|||
* |
|||
* This library is free for commercial and non-commercial use as long as |
|||
* the following conditions are aheared to. The following conditions |
|||
* apply to all code found in this distribution, be it the RC4, RSA, |
|||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
|||
* included with this distribution is covered by the same copyright terms |
|||
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
|||
* |
|||
* Copyright remains Eric Young's, and as such any Copyright notices in |
|||
* the code are not to be removed. |
|||
* If this package is used in a product, Eric Young should be given attribution |
|||
* as the author of the parts of the library used. |
|||
* This can be in the form of a textual message at program startup or |
|||
* in documentation (online or textual) provided with the package. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* 1. Redistributions of source code must retain the copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in the |
|||
* documentation and/or other materials provided with the distribution. |
|||
* 3. All advertising materials mentioning features or use of this software |
|||
* must display the following acknowledgement: |
|||
* "This product includes cryptographic software written by |
|||
* Eric Young (eay@cryptsoft.com)" |
|||
* The word 'cryptographic' can be left out if the rouines from the library |
|||
* being used are not cryptographic related :-). |
|||
* 4. If you include any Windows specific code (or a derivative thereof) from |
|||
* the apps directory (application code) you must include an acknowledgement: |
|||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|||
* SUCH DAMAGE. |
|||
* |
|||
* The licence and distribution terms for any publically available version or |
|||
* derivative of this code cannot be changed. i.e. this code cannot simply be |
|||
* copied and put under another distribution licence |
|||
* [including the GNU Public Licence.] |
|||
*/ |
|||
|
|||
#include <openssl/opensslconf.h> /* for OPENSSL_NO_DH */ |
|||
#ifndef OPENSSL_NO_DH |
|||
#include <stdio.h> |
|||
#include <stdlib.h> |
|||
#include <time.h> |
|||
#include <string.h> |
|||
#include "apps.h" |
|||
#include <openssl/bio.h> |
|||
#include <openssl/err.h> |
|||
#include <openssl/bn.h> |
|||
#include <openssl/dh.h> |
|||
#include <openssl/x509.h> |
|||
#include <openssl/pem.h> |
|||
|
|||
#undef PROG |
|||
#define PROG dh_main |
|||
|
|||
/* -inform arg - input format - default PEM (DER or PEM)
|
|||
* -outform arg - output format - default PEM |
|||
* -in arg - input file - default stdin |
|||
* -out arg - output file - default stdout |
|||
* -check - check the parameters are ok |
|||
* -noout |
|||
* -text |
|||
* -C |
|||
*/ |
|||
|
|||
int MAIN(int, char **); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
DH *dh=NULL; |
|||
int i,badops=0,text=0; |
|||
BIO *in=NULL,*out=NULL; |
|||
int informat,outformat,check=0,noout=0,C=0,ret=1; |
|||
char *infile,*outfile,*prog; |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
char *engine; |
|||
#endif |
|||
|
|||
apps_startup(); |
|||
|
|||
if (bio_err == NULL) |
|||
if ((bio_err=BIO_new(BIO_s_file())) != NULL) |
|||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); |
|||
|
|||
if (!load_config(bio_err, NULL)) |
|||
goto end; |
|||
|
|||
#ifndef OPENSSL_NO_ENGINE |
|||
engine=NULL; |
|||
#endif |
|||
infile=NULL; |
|||
outfile=NULL; |
|||
informat=FORMAT_PEM; |
|||
outformat=FORMAT_PEM; |
|||
|
|||
prog=argv[0]; |
|||
argc--; |
|||
argv++; |
|||
while (argc >= 1) |
|||
{ |
|||
if (strcmp(*argv,"-inform") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
informat=str2fmt(*(++argv)); |
|||
} |
|||
else if (strcmp(*argv,"-outform") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
outformat=str2fmt(*(++argv)); |
|||
} |
|||
else if (strcmp(*argv,"-in") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
infile= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-out") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
outfile= *(++argv); |
|||
} |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
else if (strcmp(*argv,"-engine") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
engine= *(++argv); |
|||
} |
|||
#endif |
|||
else if (strcmp(*argv,"-check") == 0) |
|||
check=1; |
|||
else if (strcmp(*argv,"-text") == 0) |
|||
text=1; |
|||
else if (strcmp(*argv,"-C") == 0) |
|||
C=1; |
|||
else if (strcmp(*argv,"-noout") == 0) |
|||
noout=1; |
|||
else |
|||
{ |
|||
BIO_printf(bio_err,"unknown option %s\n",*argv); |
|||
badops=1; |
|||
break; |
|||
} |
|||
argc--; |
|||
argv++; |
|||
} |
|||
|
|||
if (badops) |
|||
{ |
|||
bad: |
|||
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); |
|||
BIO_printf(bio_err,"where options are\n"); |
|||
BIO_printf(bio_err," -inform arg input format - one of DER PEM\n"); |
|||
BIO_printf(bio_err," -outform arg output format - one of DER PEM\n"); |
|||
BIO_printf(bio_err," -in arg input file\n"); |
|||
BIO_printf(bio_err," -out arg output file\n"); |
|||
BIO_printf(bio_err," -check check the DH parameters\n"); |
|||
BIO_printf(bio_err," -text print a text form of the DH parameters\n"); |
|||
BIO_printf(bio_err," -C Output C code\n"); |
|||
BIO_printf(bio_err," -noout no output\n"); |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); |
|||
#endif |
|||
goto end; |
|||
} |
|||
|
|||
ERR_load_crypto_strings(); |
|||
|
|||
#ifndef OPENSSL_NO_ENGINE |
|||
setup_engine(bio_err, engine, 0); |
|||
#endif |
|||
|
|||
in=BIO_new(BIO_s_file()); |
|||
out=BIO_new(BIO_s_file()); |
|||
if ((in == NULL) || (out == NULL)) |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
if (infile == NULL) |
|||
BIO_set_fp(in,stdin,BIO_NOCLOSE); |
|||
else |
|||
{ |
|||
if (BIO_read_filename(in,infile) <= 0) |
|||
{ |
|||
perror(infile); |
|||
goto end; |
|||
} |
|||
} |
|||
if (outfile == NULL) |
|||
{ |
|||
BIO_set_fp(out,stdout,BIO_NOCLOSE); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
out = BIO_push(tmpbio, out); |
|||
} |
|||
#endif |
|||
} |
|||
else |
|||
{ |
|||
if (BIO_write_filename(out,outfile) <= 0) |
|||
{ |
|||
perror(outfile); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
if (informat == FORMAT_ASN1) |
|||
dh=d2i_DHparams_bio(in,NULL); |
|||
else if (informat == FORMAT_PEM) |
|||
dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL); |
|||
else |
|||
{ |
|||
BIO_printf(bio_err,"bad input format specified\n"); |
|||
goto end; |
|||
} |
|||
if (dh == NULL) |
|||
{ |
|||
BIO_printf(bio_err,"unable to load DH parameters\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
|
|||
|
|||
if (text) |
|||
{ |
|||
DHparams_print(out,dh); |
|||
#ifdef undef |
|||
printf("p="); |
|||
BN_print(stdout,dh->p); |
|||
printf("\ng="); |
|||
BN_print(stdout,dh->g); |
|||
printf("\n"); |
|||
if (dh->length != 0) |
|||
printf("recommended private length=%ld\n",dh->length); |
|||
#endif |
|||
} |
|||
|
|||
if (check) |
|||
{ |
|||
if (!DH_check(dh,&i)) |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
if (i & DH_CHECK_P_NOT_PRIME) |
|||
printf("p value is not prime\n"); |
|||
if (i & DH_CHECK_P_NOT_SAFE_PRIME) |
|||
printf("p value is not a safe prime\n"); |
|||
if (i & DH_UNABLE_TO_CHECK_GENERATOR) |
|||
printf("unable to check the generator value\n"); |
|||
if (i & DH_NOT_SUITABLE_GENERATOR) |
|||
printf("the g value is not a generator\n"); |
|||
if (i == 0) |
|||
printf("DH parameters appear to be ok.\n"); |
|||
} |
|||
if (C) |
|||
{ |
|||
unsigned char *data; |
|||
int len,l,bits; |
|||
|
|||
len=BN_num_bytes(dh->p); |
|||
bits=BN_num_bits(dh->p); |
|||
data=(unsigned char *)OPENSSL_malloc(len); |
|||
if (data == NULL) |
|||
{ |
|||
perror("OPENSSL_malloc"); |
|||
goto end; |
|||
} |
|||
l=BN_bn2bin(dh->p,data); |
|||
printf("static unsigned char dh%d_p[]={",bits); |
|||
for (i=0; i<l; i++) |
|||
{ |
|||
if ((i%12) == 0) printf("\n\t"); |
|||
printf("0x%02X,",data[i]); |
|||
} |
|||
printf("\n\t};\n"); |
|||
|
|||
l=BN_bn2bin(dh->g,data); |
|||
printf("static unsigned char dh%d_g[]={",bits); |
|||
for (i=0; i<l; i++) |
|||
{ |
|||
if ((i%12) == 0) printf("\n\t"); |
|||
printf("0x%02X,",data[i]); |
|||
} |
|||
printf("\n\t};\n\n"); |
|||
|
|||
printf("DH *get_dh%d()\n\t{\n",bits); |
|||
printf("\tDH *dh;\n\n"); |
|||
printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n"); |
|||
printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n", |
|||
bits,bits); |
|||
printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n", |
|||
bits,bits); |
|||
printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n"); |
|||
printf("\t\treturn(NULL);\n"); |
|||
printf("\treturn(dh);\n\t}\n"); |
|||
OPENSSL_free(data); |
|||
} |
|||
|
|||
|
|||
if (!noout) |
|||
{ |
|||
if (outformat == FORMAT_ASN1) |
|||
i=i2d_DHparams_bio(out,dh); |
|||
else if (outformat == FORMAT_PEM) |
|||
i=PEM_write_bio_DHparams(out,dh); |
|||
else { |
|||
BIO_printf(bio_err,"bad output format specified for outfile\n"); |
|||
goto end; |
|||
} |
|||
if (!i) |
|||
{ |
|||
BIO_printf(bio_err,"unable to write DH parameters\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
} |
|||
ret=0; |
|||
end: |
|||
if (in != NULL) BIO_free(in); |
|||
if (out != NULL) BIO_free_all(out); |
|||
if (dh != NULL) DH_free(dh); |
|||
apps_shutdown(); |
|||
OPENSSL_EXIT(ret); |
|||
} |
|||
#else /* !OPENSSL_NO_DH */ |
|||
|
|||
# if PEDANTIC |
|||
static void *dummy=&dummy; |
|||
# endif |
|||
|
|||
#endif |
@ -0,0 +1,10 @@ |
|||
-----BEGIN DH PARAMETERS----- |
|||
MIGHAoGBAPSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsY |
|||
jY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6 |
|||
ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpL3jHAgEC |
|||
-----END DH PARAMETERS----- |
|||
|
|||
These are the 1024 bit DH parameters from "Assigned Number for SKIP Protocols" |
|||
(http://www.skip-vpn.org/spec/numbers.html). |
|||
See there for how they were generated. |
|||
Note that g is not a generator, but this is not a problem since p is a safe prime. |
@ -0,0 +1,12 @@ |
|||
-----BEGIN DH PARAMETERS----- |
|||
MIIBCAKCAQEA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV |
|||
89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50 |
|||
T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknb |
|||
zSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdX |
|||
Q6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbT |
|||
CD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwIBAg== |
|||
-----END DH PARAMETERS----- |
|||
|
|||
These are the 2048 bit DH parameters from "Assigned Number for SKIP Protocols" |
|||
(http://www.skip-vpn.org/spec/numbers.html). |
|||
See there for how they were generated. |
@ -0,0 +1,18 @@ |
|||
-----BEGIN DH PARAMETERS----- |
|||
MIICCAKCAgEA+hRyUsFN4VpJ1O8JLcCo/VWr19k3BCgJ4uk+d+KhehjdRqNDNyOQ |
|||
l/MOyQNQfWXPeGKmOmIig6Ev/nm6Nf9Z2B1h3R4hExf+zTiHnvVPeRBhjdQi81rt |
|||
Xeoh6TNrSBIKIHfUJWBh3va0TxxjQIs6IZOLeVNRLMqzeylWqMf49HsIXqbcokUS |
|||
Vt1BkvLdW48j8PPv5DsKRN3tloTxqDJGo9tKvj1Fuk74A+Xda1kNhB7KFlqMyN98 |
|||
VETEJ6c7KpfOo30mnK30wqw3S8OtaIR/maYX72tGOno2ehFDkq3pnPtEbD2CScxc |
|||
alJC+EL7RPk5c/tgeTvCngvc1KZn92Y//EI7G9tPZtylj2b56sHtMftIoYJ9+ODM |
|||
sccD5Piz/rejE3Ome8EOOceUSCYAhXn8b3qvxVI1ddd1pED6FHRhFvLrZxFvBEM9 |
|||
ERRMp5QqOaHJkM+Dxv8Cj6MqrCbfC4u+ZErxodzuusgDgvZiLF22uxMZbobFWyte |
|||
OvOzKGtwcTqO/1wV5gKkzu1ZVswVUQd5Gg8lJicwqRWyyNRczDDoG9jVDxmogKTH |
|||
AaqLulO7R8Ifa1SwF2DteSGVtgWEN8gDpN3RBmmPTDngyF2DHb5qmpnznwtFKdTL |
|||
KWbuHn491xNO25CQWMtem80uKw+pTnisBRF/454n1Jnhub144YRBoN8CAQI= |
|||
-----END DH PARAMETERS----- |
|||
|
|||
These are the 4096 bit DH parameters from "Assigned Number for SKIP Protocols" |
|||
(http://www.skip-vpn.org/spec/numbers.html). |
|||
See there for how they were generated. |
|||
Note that g is not a generator, but this is not a problem since p is a safe prime. |
@ -0,0 +1,9 @@ |
|||
-----BEGIN DH PARAMETERS----- |
|||
MEYCQQD1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWak |
|||
XUGfnHy9iUsiGSa6q6Jew1XpKgVfAgEC |
|||
-----END DH PARAMETERS----- |
|||
|
|||
These are the 512 bit DH parameters from "Assigned Number for SKIP Protocols" |
|||
(http://www.skip-vpn.org/spec/numbers.html). |
|||
See there for how they were generated. |
|||
Note that g is not a generator, but this is not a problem since p is a safe prime. |
@ -0,0 +1,560 @@ |
|||
/* apps/dhparam.c */ |
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
|||
* All rights reserved. |
|||
* |
|||
* This package is an SSL implementation written |
|||
* by Eric Young (eay@cryptsoft.com). |
|||
* The implementation was written so as to conform with Netscapes SSL. |
|||
* |
|||
* This library is free for commercial and non-commercial use as long as |
|||
* the following conditions are aheared to. The following conditions |
|||
* apply to all code found in this distribution, be it the RC4, RSA, |
|||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
|||
* included with this distribution is covered by the same copyright terms |
|||
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
|||
* |
|||
* Copyright remains Eric Young's, and as such any Copyright notices in |
|||
* the code are not to be removed. |
|||
* If this package is used in a product, Eric Young should be given attribution |
|||
* as the author of the parts of the library used. |
|||
* This can be in the form of a textual message at program startup or |
|||
* in documentation (online or textual) provided with the package. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* 1. Redistributions of source code must retain the copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in the |
|||
* documentation and/or other materials provided with the distribution. |
|||
* 3. All advertising materials mentioning features or use of this software |
|||
* must display the following acknowledgement: |
|||
* "This product includes cryptographic software written by |
|||
* Eric Young (eay@cryptsoft.com)" |
|||
* The word 'cryptographic' can be left out if the rouines from the library |
|||
* being used are not cryptographic related :-). |
|||
* 4. If you include any Windows specific code (or a derivative thereof) from |
|||
* the apps directory (application code) you must include an acknowledgement: |
|||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|||
* SUCH DAMAGE. |
|||
* |
|||
* The licence and distribution terms for any publically available version or |
|||
* derivative of this code cannot be changed. i.e. this code cannot simply be |
|||
* copied and put under another distribution licence |
|||
* [including the GNU Public Licence.] |
|||
*/ |
|||
/* ====================================================================
|
|||
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* |
|||
* 1. Redistributions of source code must retain the above copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in |
|||
* the documentation and/or other materials provided with the |
|||
* distribution. |
|||
* |
|||
* 3. All advertising materials mentioning features or use of this |
|||
* software must display the following acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
|||
* |
|||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|||
* endorse or promote products derived from this software without |
|||
* prior written permission. For written permission, please contact |
|||
* openssl-core@openssl.org. |
|||
* |
|||
* 5. Products derived from this software may not be called "OpenSSL" |
|||
* nor may "OpenSSL" appear in their names without prior written |
|||
* permission of the OpenSSL Project. |
|||
* |
|||
* 6. Redistributions of any form whatsoever must retain the following |
|||
* acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|||
* OF THE POSSIBILITY OF SUCH DAMAGE. |
|||
* ==================================================================== |
|||
* |
|||
* This product includes cryptographic software written by Eric Young |
|||
* (eay@cryptsoft.com). This product includes software written by Tim |
|||
* Hudson (tjh@cryptsoft.com). |
|||
* |
|||
*/ |
|||
|
|||
#include <openssl/opensslconf.h> /* for OPENSSL_NO_DH */ |
|||
#ifndef OPENSSL_NO_DH |
|||
#include <stdio.h> |
|||
#include <stdlib.h> |
|||
#include <time.h> |
|||
#include <string.h> |
|||
#include "apps.h" |
|||
#include <openssl/bio.h> |
|||
#include <openssl/err.h> |
|||
#include <openssl/bn.h> |
|||
#include <openssl/dh.h> |
|||
#include <openssl/x509.h> |
|||
#include <openssl/pem.h> |
|||
|
|||
#ifndef OPENSSL_NO_DSA |
|||
#include <openssl/dsa.h> |
|||
#endif |
|||
|
|||
#undef PROG |
|||
#define PROG dhparam_main |
|||
|
|||
#define DEFBITS 512 |
|||
|
|||
/* -inform arg - input format - default PEM (DER or PEM)
|
|||
* -outform arg - output format - default PEM |
|||
* -in arg - input file - default stdin |
|||
* -out arg - output file - default stdout |
|||
* -dsaparam - read or generate DSA parameters, convert to DH |
|||
* -check - check the parameters are ok |
|||
* -noout |
|||
* -text |
|||
* -C |
|||
*/ |
|||
|
|||
static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb); |
|||
|
|||
int MAIN(int, char **); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
DH *dh=NULL; |
|||
int i,badops=0,text=0; |
|||
#ifndef OPENSSL_NO_DSA |
|||
int dsaparam=0; |
|||
#endif |
|||
BIO *in=NULL,*out=NULL; |
|||
int informat,outformat,check=0,noout=0,C=0,ret=1; |
|||
char *infile,*outfile,*prog; |
|||
char *inrand=NULL; |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
char *engine=NULL; |
|||
#endif |
|||
int num = 0, g = 0; |
|||
|
|||
apps_startup(); |
|||
|
|||
if (bio_err == NULL) |
|||
if ((bio_err=BIO_new(BIO_s_file())) != NULL) |
|||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); |
|||
|
|||
if (!load_config(bio_err, NULL)) |
|||
goto end; |
|||
|
|||
infile=NULL; |
|||
outfile=NULL; |
|||
informat=FORMAT_PEM; |
|||
outformat=FORMAT_PEM; |
|||
|
|||
prog=argv[0]; |
|||
argc--; |
|||
argv++; |
|||
while (argc >= 1) |
|||
{ |
|||
if (strcmp(*argv,"-inform") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
informat=str2fmt(*(++argv)); |
|||
} |
|||
else if (strcmp(*argv,"-outform") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
outformat=str2fmt(*(++argv)); |
|||
} |
|||
else if (strcmp(*argv,"-in") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
infile= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-out") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
outfile= *(++argv); |
|||
} |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
else if (strcmp(*argv,"-engine") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
engine= *(++argv); |
|||
} |
|||
#endif |
|||
else if (strcmp(*argv,"-check") == 0) |
|||
check=1; |
|||
else if (strcmp(*argv,"-text") == 0) |
|||
text=1; |
|||
#ifndef OPENSSL_NO_DSA |
|||
else if (strcmp(*argv,"-dsaparam") == 0) |
|||
dsaparam=1; |
|||
#endif |
|||
else if (strcmp(*argv,"-C") == 0) |
|||
C=1; |
|||
else if (strcmp(*argv,"-noout") == 0) |
|||
noout=1; |
|||
else if (strcmp(*argv,"-2") == 0) |
|||
g=2; |
|||
else if (strcmp(*argv,"-5") == 0) |
|||
g=5; |
|||
else if (strcmp(*argv,"-rand") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
inrand= *(++argv); |
|||
} |
|||
else if (((sscanf(*argv,"%d",&num) == 0) || (num <= 0))) |
|||
goto bad; |
|||
argv++; |
|||
argc--; |
|||
} |
|||
|
|||
if (badops) |
|||
{ |
|||
bad: |
|||
BIO_printf(bio_err,"%s [options] [numbits]\n",prog); |
|||
BIO_printf(bio_err,"where options are\n"); |
|||
BIO_printf(bio_err," -inform arg input format - one of DER PEM\n"); |
|||
BIO_printf(bio_err," -outform arg output format - one of DER PEM\n"); |
|||
BIO_printf(bio_err," -in arg input file\n"); |
|||
BIO_printf(bio_err," -out arg output file\n"); |
|||
#ifndef OPENSSL_NO_DSA |
|||
BIO_printf(bio_err," -dsaparam read or generate DSA parameters, convert to DH\n"); |
|||
#endif |
|||
BIO_printf(bio_err," -check check the DH parameters\n"); |
|||
BIO_printf(bio_err," -text print a text form of the DH parameters\n"); |
|||
BIO_printf(bio_err," -C Output C code\n"); |
|||
BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n"); |
|||
BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n"); |
|||
BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n"); |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); |
|||
#endif |
|||
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); |
|||
BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); |
|||
BIO_printf(bio_err," the random number generator\n"); |
|||
BIO_printf(bio_err," -noout no output\n"); |
|||
goto end; |
|||
} |
|||
|
|||
ERR_load_crypto_strings(); |
|||
|
|||
#ifndef OPENSSL_NO_ENGINE |
|||
setup_engine(bio_err, engine, 0); |
|||
#endif |
|||
|
|||
if (g && !num) |
|||
num = DEFBITS; |
|||
|
|||
#ifndef OPENSSL_NO_DSA |
|||
if (dsaparam) |
|||
{ |
|||
if (g) |
|||
{ |
|||
BIO_printf(bio_err, "generator may not be chosen for DSA parameters\n"); |
|||
goto end; |
|||
} |
|||
} |
|||
else |
|||
#endif |
|||
{ |
|||
/* DH parameters */ |
|||
if (num && !g) |
|||
g = 2; |
|||
} |
|||
|
|||
if(num) { |
|||
|
|||
BN_GENCB cb; |
|||
BN_GENCB_set(&cb, dh_cb, bio_err); |
|||
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) |
|||
{ |
|||
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); |
|||
} |
|||
if (inrand != NULL) |
|||
BIO_printf(bio_err,"%ld semi-random bytes loaded\n", |
|||
app_RAND_load_files(inrand)); |
|||
|
|||
#ifndef OPENSSL_NO_DSA |
|||
if (dsaparam) |
|||
{ |
|||
DSA *dsa = DSA_new(); |
|||
|
|||
BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num); |
|||
if(!dsa || !DSA_generate_parameters_ex(dsa, num, |
|||
NULL, 0, NULL, NULL, &cb)) |
|||
{ |
|||
if(dsa) DSA_free(dsa); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
dh = DSA_dup_DH(dsa); |
|||
DSA_free(dsa); |
|||
if (dh == NULL) |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
} |
|||
else |
|||
#endif |
|||
{ |
|||
dh = DH_new(); |
|||
BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g); |
|||
BIO_printf(bio_err,"This is going to take a long time\n"); |
|||
if(!dh || !DH_generate_parameters_ex(dh, num, g, &cb)) |
|||
{ |
|||
if(dh) DH_free(dh); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
app_RAND_write_file(NULL, bio_err); |
|||
} else { |
|||
|
|||
in=BIO_new(BIO_s_file()); |
|||
if (in == NULL) |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
if (infile == NULL) |
|||
BIO_set_fp(in,stdin,BIO_NOCLOSE); |
|||
else |
|||
{ |
|||
if (BIO_read_filename(in,infile) <= 0) |
|||
{ |
|||
perror(infile); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
if (informat != FORMAT_ASN1 && informat != FORMAT_PEM) |
|||
{ |
|||
BIO_printf(bio_err,"bad input format specified\n"); |
|||
goto end; |
|||
} |
|||
|
|||
#ifndef OPENSSL_NO_DSA |
|||
if (dsaparam) |
|||
{ |
|||
DSA *dsa; |
|||
|
|||
if (informat == FORMAT_ASN1) |
|||
dsa=d2i_DSAparams_bio(in,NULL); |
|||
else /* informat == FORMAT_PEM */ |
|||
dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL); |
|||
|
|||
if (dsa == NULL) |
|||
{ |
|||
BIO_printf(bio_err,"unable to load DSA parameters\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
dh = DSA_dup_DH(dsa); |
|||
DSA_free(dsa); |
|||
if (dh == NULL) |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
} |
|||
else |
|||
#endif |
|||
{ |
|||
if (informat == FORMAT_ASN1) |
|||
dh=d2i_DHparams_bio(in,NULL); |
|||
else /* informat == FORMAT_PEM */ |
|||
dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL); |
|||
|
|||
if (dh == NULL) |
|||
{ |
|||
BIO_printf(bio_err,"unable to load DH parameters\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
/* dh != NULL */ |
|||
} |
|||
|
|||
out=BIO_new(BIO_s_file()); |
|||
if (out == NULL) |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
if (outfile == NULL) |
|||
{ |
|||
BIO_set_fp(out,stdout,BIO_NOCLOSE); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
out = BIO_push(tmpbio, out); |
|||
} |
|||
#endif |
|||
} |
|||
else |
|||
{ |
|||
if (BIO_write_filename(out,outfile) <= 0) |
|||
{ |
|||
perror(outfile); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
|
|||
if (text) |
|||
{ |
|||
DHparams_print(out,dh); |
|||
} |
|||
|
|||
if (check) |
|||
{ |
|||
if (!DH_check(dh,&i)) |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
if (i & DH_CHECK_P_NOT_PRIME) |
|||
printf("p value is not prime\n"); |
|||
if (i & DH_CHECK_P_NOT_SAFE_PRIME) |
|||
printf("p value is not a safe prime\n"); |
|||
if (i & DH_UNABLE_TO_CHECK_GENERATOR) |
|||
printf("unable to check the generator value\n"); |
|||
if (i & DH_NOT_SUITABLE_GENERATOR) |
|||
printf("the g value is not a generator\n"); |
|||
if (i == 0) |
|||
printf("DH parameters appear to be ok.\n"); |
|||
} |
|||
if (C) |
|||
{ |
|||
unsigned char *data; |
|||
int len,l,bits; |
|||
|
|||
len=BN_num_bytes(dh->p); |
|||
bits=BN_num_bits(dh->p); |
|||
data=(unsigned char *)OPENSSL_malloc(len); |
|||
if (data == NULL) |
|||
{ |
|||
perror("OPENSSL_malloc"); |
|||
goto end; |
|||
} |
|||
printf("#ifndef HEADER_DH_H\n" |
|||
"#include <openssl/dh.h>\n" |
|||
"#endif\n"); |
|||
printf("DH *get_dh%d()\n\t{\n",bits); |
|||
|
|||
l=BN_bn2bin(dh->p,data); |
|||
printf("\tstatic unsigned char dh%d_p[]={",bits); |
|||
for (i=0; i<l; i++) |
|||
{ |
|||
if ((i%12) == 0) printf("\n\t\t"); |
|||
printf("0x%02X,",data[i]); |
|||
} |
|||
printf("\n\t\t};\n"); |
|||
|
|||
l=BN_bn2bin(dh->g,data); |
|||
printf("\tstatic unsigned char dh%d_g[]={",bits); |
|||
for (i=0; i<l; i++) |
|||
{ |
|||
if ((i%12) == 0) printf("\n\t\t"); |
|||
printf("0x%02X,",data[i]); |
|||
} |
|||
printf("\n\t\t};\n"); |
|||
|
|||
printf("\tDH *dh;\n\n"); |
|||
printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n"); |
|||
printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n", |
|||
bits,bits); |
|||
printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n", |
|||
bits,bits); |
|||
printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n"); |
|||
printf("\t\t{ DH_free(dh); return(NULL); }\n"); |
|||
if (dh->length) |
|||
printf("\tdh->length = %ld;\n", dh->length); |
|||
printf("\treturn(dh);\n\t}\n"); |
|||
OPENSSL_free(data); |
|||
} |
|||
|
|||
|
|||
if (!noout) |
|||
{ |
|||
if (outformat == FORMAT_ASN1) |
|||
i=i2d_DHparams_bio(out,dh); |
|||
else if (outformat == FORMAT_PEM) |
|||
i=PEM_write_bio_DHparams(out,dh); |
|||
else { |
|||
BIO_printf(bio_err,"bad output format specified for outfile\n"); |
|||
goto end; |
|||
} |
|||
if (!i) |
|||
{ |
|||
BIO_printf(bio_err,"unable to write DH parameters\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
} |
|||
ret=0; |
|||
end: |
|||
if (in != NULL) BIO_free(in); |
|||
if (out != NULL) BIO_free_all(out); |
|||
if (dh != NULL) DH_free(dh); |
|||
apps_shutdown(); |
|||
OPENSSL_EXIT(ret); |
|||
} |
|||
|
|||
/* dh_cb is identical to dsa_cb in apps/dsaparam.c */ |
|||
static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb) |
|||
{ |
|||
char c='*'; |
|||
|
|||
if (p == 0) c='.'; |
|||
if (p == 1) c='+'; |
|||
if (p == 2) c='*'; |
|||
if (p == 3) c='\n'; |
|||
BIO_write(cb->arg,&c,1); |
|||
(void)BIO_flush(cb->arg); |
|||
#ifdef LINT |
|||
p=n; |
|||
#endif |
|||
return 1; |
|||
} |
|||
|
|||
#else /* !OPENSSL_NO_DH */ |
|||
|
|||
# if PEDANTIC |
|||
static void *dummy=&dummy; |
|||
# endif |
|||
|
|||
#endif |
@ -0,0 +1,40 @@ |
|||
-----BEGIN DSA PRIVATE KEY----- |
|||
MIIBugIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ |
|||
PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel |
|||
u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH |
|||
Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso |
|||
hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu |
|||
SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y |
|||
Mu0OArgCgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuHvSLw9YUrJahcBHmbpvt4 |
|||
94lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUqAylOVFJJJXuirVJ+o+0T |
|||
tOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u3enxhqnDGQIUB78dhW77 |
|||
J6zsFbSEHaQGUmfSeoM= |
|||
-----END DSA PRIVATE KEY----- |
|||
-----BEGIN CERTIFICATE REQUEST----- |
|||
MIICUjCCAhECAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx |
|||
ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAxMCQ0Ew |
|||
ggG0MIIBKQYFKw4DAgwwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaW |
|||
sxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5m |
|||
rmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHk |
|||
cJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVo |
|||
bzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqR |
|||
CZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxB |
|||
F5WS6wG1c6Vqftgy7Q4CuAOBhAACgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuH |
|||
vSLw9YUrJahcBHmbpvt494lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUq |
|||
AylOVFJJJXuirVJ+o+0TtOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u |
|||
3enxhqnDGaAAMAkGBSsOAwIbBQADMAAwLQIVAJGVuFsG/0DBuSZ0jF7ypdU0/G0v |
|||
AhQfeF5BoMMDbX/kidUVpQ6gadPlZA== |
|||
-----END CERTIFICATE REQUEST----- |
|||
-----BEGIN CERTIFICATE----- |
|||
MIIBrjCCAWwCAQswCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK |
|||
U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww |
|||
CgYDVQQDEwNQQ0EwHhcNOTcwNjE1MDIxNDI5WhcNOTcwNzE1MDIxNDI5WjBSMQsw |
|||
CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu |
|||
ZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDEwJDQTCBkjAJBgUrDgMCDAUAA4GE |
|||
AAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfsi4e9IvD1hSslqFwEeZum+3j3iUXi |
|||
ALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj25SoDKU5UUkkle6KtUn6j7RO04UMh |
|||
MQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17ry7d6fGGqcMZMAkGBSsOAwIbBQAD |
|||
MQAwLgIVAJ4wtQsANPxHo7Q4IQZYsL12SKdbAhUAjJ9n38zxT+iai2164xS+LIfa |
|||
C1Q= |
|||
-----END CERTIFICATE----- |
|||
|
@ -0,0 +1,46 @@ |
|||
-----BEGIN DSA PRIVATE KEY----- |
|||
MIIBvAIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ |
|||
PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel |
|||
u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH |
|||
Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso |
|||
hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu |
|||
SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y |
|||
Mu0OArgCgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk |
|||
umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A |
|||
29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUCFQDNvrBz |
|||
6TicfImU7UFRn9h00j0lJQ== |
|||
-----END DSA PRIVATE KEY----- |
|||
-----BEGIN CERTIFICATE REQUEST----- |
|||
MIICVTCCAhMCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx |
|||
ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAxMDUENB |
|||
MIIBtTCCASkGBSsOAwIMMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2G |
|||
lrMV4FMuj+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7O |
|||
Zq5riDb77Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR |
|||
5HCVW1DNSQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnl |
|||
aG8w42nh5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6 |
|||
kQmdtvFNnFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15Als |
|||
QReVkusBtXOlan7YMu0OArgDgYUAAoGBAKbtuR5AdW+ICjCFe2ixjUiJJzM2IKwe |
|||
6NZEMXg39+HQ1UTPTmfLZLps+rZfolHDXuRKMXbGFdSF0nXYzotPCzi7GauwEJTZ |
|||
yr27ZZjA1C6apGSQ9GzuwNvZ4rCXystVEagAS8OQ4H3D4dWS17Zg31ICb5o4E5r0 |
|||
z09o/Uz46u0VoAAwCQYFKw4DAhsFAAMxADAuAhUArRubTxsbIXy3AhtjQ943AbNB |
|||
nSICFQCu+g1iW3jwF+gOcbroD4S/ZcvB3w== |
|||
-----END CERTIFICATE REQUEST----- |
|||
-----BEGIN CERTIFICATE----- |
|||
MIIC0zCCApECAQAwCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK |
|||
U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww |
|||
CgYDVQQDEwNQQ0EwHhcNOTcwNjE0MjI1NDQ1WhcNOTcwNzE0MjI1NDQ1WjBTMQsw |
|||
CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu |
|||
ZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNQQ0EwggG1MIIBKQYFKw4DAgww |
|||
ggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaWsxXgUy6P4FmCc5A+dTGZ |
|||
R3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5mrmuINvvsKNzC16W75Sw5 |
|||
JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHkcJVbUM1JAhUA9wcx7fps |
|||
BgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVobzDjaeHls12YuyiGSPze |
|||
mQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqRCZ228U2cVA9YBu5JdAfO |
|||
VX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxBF5WS6wG1c6Vqftgy7Q4C |
|||
uAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk |
|||
umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A |
|||
29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUwCQYFKw4D |
|||
AhsFAAMxADAuAhUAvtv6AkMolix1Jvy3UnVEIUqdCUICFQC+jq8P49mwrY9oJ24n |
|||
5rKUjNBhSg== |
|||
-----END CERTIFICATE----- |
|||
|
@ -0,0 +1,376 @@ |
|||
/* apps/dsa.c */ |
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
|||
* All rights reserved. |
|||
* |
|||
* This package is an SSL implementation written |
|||
* by Eric Young (eay@cryptsoft.com). |
|||
* The implementation was written so as to conform with Netscapes SSL. |
|||
* |
|||
* This library is free for commercial and non-commercial use as long as |
|||
* the following conditions are aheared to. The following conditions |
|||
* apply to all code found in this distribution, be it the RC4, RSA, |
|||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
|||
* included with this distribution is covered by the same copyright terms |
|||
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
|||
* |
|||
* Copyright remains Eric Young's, and as such any Copyright notices in |
|||
* the code are not to be removed. |
|||
* If this package is used in a product, Eric Young should be given attribution |
|||
* as the author of the parts of the library used. |
|||
* This can be in the form of a textual message at program startup or |
|||
* in documentation (online or textual) provided with the package. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* 1. Redistributions of source code must retain the copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in the |
|||
* documentation and/or other materials provided with the distribution. |
|||
* 3. All advertising materials mentioning features or use of this software |
|||
* must display the following acknowledgement: |
|||
* "This product includes cryptographic software written by |
|||
* Eric Young (eay@cryptsoft.com)" |
|||
* The word 'cryptographic' can be left out if the rouines from the library |
|||
* being used are not cryptographic related :-). |
|||
* 4. If you include any Windows specific code (or a derivative thereof) from |
|||
* the apps directory (application code) you must include an acknowledgement: |
|||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|||
* SUCH DAMAGE. |
|||
* |
|||
* The licence and distribution terms for any publically available version or |
|||
* derivative of this code cannot be changed. i.e. this code cannot simply be |
|||
* copied and put under another distribution licence |
|||
* [including the GNU Public Licence.] |
|||
*/ |
|||
|
|||
#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */ |
|||
#ifndef OPENSSL_NO_DSA |
|||
#include <stdio.h> |
|||
#include <stdlib.h> |
|||
#include <string.h> |
|||
#include <time.h> |
|||
#include "apps.h" |
|||
#include <openssl/bio.h> |
|||
#include <openssl/err.h> |
|||
#include <openssl/dsa.h> |
|||
#include <openssl/evp.h> |
|||
#include <openssl/x509.h> |
|||
#include <openssl/pem.h> |
|||
#include <openssl/bn.h> |
|||
|
|||
#undef PROG |
|||
#define PROG dsa_main |
|||
|
|||
/* -inform arg - input format - default PEM (one of DER, NET or PEM)
|
|||
* -outform arg - output format - default PEM |
|||
* -in arg - input file - default stdin |
|||
* -out arg - output file - default stdout |
|||
* -des - encrypt output if PEM format with DES in cbc mode |
|||
* -des3 - encrypt output if PEM format |
|||
* -idea - encrypt output if PEM format |
|||
* -aes128 - encrypt output if PEM format |
|||
* -aes192 - encrypt output if PEM format |
|||
* -aes256 - encrypt output if PEM format |
|||
* -camellia128 - encrypt output if PEM format |
|||
* -camellia192 - encrypt output if PEM format |
|||
* -camellia256 - encrypt output if PEM format |
|||
* -seed - encrypt output if PEM format |
|||
* -text - print a text version |
|||
* -modulus - print the DSA public key |
|||
*/ |
|||
|
|||
int MAIN(int, char **); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
ENGINE *e = NULL; |
|||
int ret=1; |
|||
DSA *dsa=NULL; |
|||
int i,badops=0; |
|||
const EVP_CIPHER *enc=NULL; |
|||
BIO *in=NULL,*out=NULL; |
|||
int informat,outformat,text=0,noout=0; |
|||
int pubin = 0, pubout = 0; |
|||
char *infile,*outfile,*prog; |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
char *engine; |
|||
#endif |
|||
char *passargin = NULL, *passargout = NULL; |
|||
char *passin = NULL, *passout = NULL; |
|||
int modulus=0; |
|||
|
|||
int pvk_encr = 2; |
|||
|
|||
apps_startup(); |
|||
|
|||
if (bio_err == NULL) |
|||
if ((bio_err=BIO_new(BIO_s_file())) != NULL) |
|||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); |
|||
|
|||
if (!load_config(bio_err, NULL)) |
|||
goto end; |
|||
|
|||
#ifndef OPENSSL_NO_ENGINE |
|||
engine=NULL; |
|||
#endif |
|||
infile=NULL; |
|||
outfile=NULL; |
|||
informat=FORMAT_PEM; |
|||
outformat=FORMAT_PEM; |
|||
|
|||
prog=argv[0]; |
|||
argc--; |
|||
argv++; |
|||
while (argc >= 1) |
|||
{ |
|||
if (strcmp(*argv,"-inform") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
informat=str2fmt(*(++argv)); |
|||
} |
|||
else if (strcmp(*argv,"-outform") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
outformat=str2fmt(*(++argv)); |
|||
} |
|||
else if (strcmp(*argv,"-in") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
infile= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-out") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
outfile= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-passin") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
passargin= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-passout") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
passargout= *(++argv); |
|||
} |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
else if (strcmp(*argv,"-engine") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
engine= *(++argv); |
|||
} |
|||
#endif |
|||
else if (strcmp(*argv,"-pvk-strong") == 0) |
|||
pvk_encr=2; |
|||
else if (strcmp(*argv,"-pvk-weak") == 0) |
|||
pvk_encr=1; |
|||
else if (strcmp(*argv,"-pvk-none") == 0) |
|||
pvk_encr=0; |
|||
else if (strcmp(*argv,"-noout") == 0) |
|||
noout=1; |
|||
else if (strcmp(*argv,"-text") == 0) |
|||
text=1; |
|||
else if (strcmp(*argv,"-modulus") == 0) |
|||
modulus=1; |
|||
else if (strcmp(*argv,"-pubin") == 0) |
|||
pubin=1; |
|||
else if (strcmp(*argv,"-pubout") == 0) |
|||
pubout=1; |
|||
else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL) |
|||
{ |
|||
BIO_printf(bio_err,"unknown option %s\n",*argv); |
|||
badops=1; |
|||
break; |
|||
} |
|||
argc--; |
|||
argv++; |
|||
} |
|||
|
|||
if (badops) |
|||
{ |
|||
bad: |
|||
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); |
|||
BIO_printf(bio_err,"where options are\n"); |
|||
BIO_printf(bio_err," -inform arg input format - DER or PEM\n"); |
|||
BIO_printf(bio_err," -outform arg output format - DER or PEM\n"); |
|||
BIO_printf(bio_err," -in arg input file\n"); |
|||
BIO_printf(bio_err," -passin arg input file pass phrase source\n"); |
|||
BIO_printf(bio_err," -out arg output file\n"); |
|||
BIO_printf(bio_err," -passout arg output file pass phrase source\n"); |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); |
|||
#endif |
|||
BIO_printf(bio_err," -des encrypt PEM output with cbc des\n"); |
|||
BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); |
|||
#ifndef OPENSSL_NO_IDEA |
|||
BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n"); |
|||
#endif |
|||
#ifndef OPENSSL_NO_AES |
|||
BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); |
|||
BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); |
|||
#endif |
|||
#ifndef OPENSSL_NO_CAMELLIA |
|||
BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n"); |
|||
BIO_printf(bio_err," encrypt PEM output with cbc camellia\n"); |
|||
#endif |
|||
#ifndef OPENSSL_NO_SEED |
|||
BIO_printf(bio_err," -seed encrypt PEM output with cbc seed\n"); |
|||
#endif |
|||
BIO_printf(bio_err," -text print the key in text\n"); |
|||
BIO_printf(bio_err," -noout don't print key out\n"); |
|||
BIO_printf(bio_err," -modulus print the DSA public value\n"); |
|||
goto end; |
|||
} |
|||
|
|||
ERR_load_crypto_strings(); |
|||
|
|||
#ifndef OPENSSL_NO_ENGINE |
|||
e = setup_engine(bio_err, engine, 0); |
|||
#endif |
|||
|
|||
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { |
|||
BIO_printf(bio_err, "Error getting passwords\n"); |
|||
goto end; |
|||
} |
|||
|
|||
in=BIO_new(BIO_s_file()); |
|||
out=BIO_new(BIO_s_file()); |
|||
if ((in == NULL) || (out == NULL)) |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
if (infile == NULL) |
|||
BIO_set_fp(in,stdin,BIO_NOCLOSE); |
|||
else |
|||
{ |
|||
if (BIO_read_filename(in,infile) <= 0) |
|||
{ |
|||
perror(infile); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
BIO_printf(bio_err,"read DSA key\n"); |
|||
|
|||
{ |
|||
EVP_PKEY *pkey; |
|||
|
|||
if (pubin) |
|||
pkey = load_pubkey(bio_err, infile, informat, 1, |
|||
passin, e, "Public Key"); |
|||
else |
|||
pkey = load_key(bio_err, infile, informat, 1, |
|||
passin, e, "Private Key"); |
|||
|
|||
if (pkey) |
|||
{ |
|||
dsa = EVP_PKEY_get1_DSA(pkey); |
|||
EVP_PKEY_free(pkey); |
|||
} |
|||
} |
|||
if (dsa == NULL) |
|||
{ |
|||
BIO_printf(bio_err,"unable to load Key\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
if (outfile == NULL) |
|||
{ |
|||
BIO_set_fp(out,stdout,BIO_NOCLOSE); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
out = BIO_push(tmpbio, out); |
|||
} |
|||
#endif |
|||
} |
|||
else |
|||
{ |
|||
if (BIO_write_filename(out,outfile) <= 0) |
|||
{ |
|||
perror(outfile); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
if (text) |
|||
if (!DSA_print(out,dsa,0)) |
|||
{ |
|||
perror(outfile); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
if (modulus) |
|||
{ |
|||
fprintf(stdout,"Public Key="); |
|||
BN_print(out,dsa->pub_key); |
|||
fprintf(stdout,"\n"); |
|||
} |
|||
|
|||
if (noout) goto end; |
|||
BIO_printf(bio_err,"writing DSA key\n"); |
|||
if (outformat == FORMAT_ASN1) { |
|||
if(pubin || pubout) i=i2d_DSA_PUBKEY_bio(out,dsa); |
|||
else i=i2d_DSAPrivateKey_bio(out,dsa); |
|||
} else if (outformat == FORMAT_PEM) { |
|||
if(pubin || pubout) |
|||
i=PEM_write_bio_DSA_PUBKEY(out,dsa); |
|||
else i=PEM_write_bio_DSAPrivateKey(out,dsa,enc, |
|||
NULL,0,NULL, passout); |
|||
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_RC4) |
|||
} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) { |
|||
EVP_PKEY *pk; |
|||
pk = EVP_PKEY_new(); |
|||
EVP_PKEY_set1_DSA(pk, dsa); |
|||
if (outformat == FORMAT_PVK) |
|||
i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout); |
|||
else if (pubin || pubout) |
|||
i = i2b_PublicKey_bio(out, pk); |
|||
else |
|||
i = i2b_PrivateKey_bio(out, pk); |
|||
EVP_PKEY_free(pk); |
|||
#endif |
|||
} else { |
|||
BIO_printf(bio_err,"bad output format specified for outfile\n"); |
|||
goto end; |
|||
} |
|||
if (i <= 0) |
|||
{ |
|||
BIO_printf(bio_err,"unable to write private key\n"); |
|||
ERR_print_errors(bio_err); |
|||
} |
|||
else |
|||
ret=0; |
|||
end: |
|||
if(in != NULL) BIO_free(in); |
|||
if(out != NULL) BIO_free_all(out); |
|||
if(dsa != NULL) DSA_free(dsa); |
|||
if(passin) OPENSSL_free(passin); |
|||
if(passout) OPENSSL_free(passout); |
|||
apps_shutdown(); |
|||
OPENSSL_EXIT(ret); |
|||
} |
|||
#else /* !OPENSSL_NO_DSA */ |
|||
|
|||
# if PEDANTIC |
|||
static void *dummy=&dummy; |
|||
# endif |
|||
|
|||
#endif |
@ -0,0 +1,9 @@ |
|||
-----BEGIN DSA PARAMETERS----- |
|||
MIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQPnUx |
|||
mUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtelu+Us |
|||
OSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcHMe36 |
|||
bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLsohkj8 |
|||
3pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbuSXQH |
|||
zlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7YMu0O |
|||
Arg= |
|||
-----END DSA PARAMETERS----- |
@ -0,0 +1,6 @@ |
|||
-----BEGIN DSA PARAMETERS----- |
|||
MIGdAkEAnRtpjibb8isRcBmG9hnI+BnyGFOURgbQYlAzSwI8UjADizv5X9EkBk97 |
|||
TLqqQJv9luQ3M7stWtdaEUBmonZ9MQIVAPtT71C0QJIxVoZTeuiLIppJ+3GPAkEA |
|||
gz6I5cWJc847bAFJv7PHnwrqRJHlMKrZvltftxDXibeOdPvPKR7rqCxUUbgQ3qDO |
|||
L8wka5B33qJoplISogOdIA== |
|||
-----END DSA PARAMETERS----- |
@ -0,0 +1,6 @@ |
|||
-----BEGIN DSA PARAMETERS----- |
|||
MIGcAkEA+ZiKEvZmc9MtnaFZh4NiZ3oZS4J1PHvPrm9MXj5ntVheDPkdmBDTncya |
|||
GAJcMjwsyB/GvLDGd6yGCw/8eF+09wIVAK3VagOxGd/Q4Af5NbxR5FB7CXEjAkA2 |
|||
t/q7HgVLi0KeKvcDG8BRl3wuy7bCvpjgtWiJc/tpvcuzeuAayH89UofjAGueKjXD |
|||
ADiRffvSdhrNw5dkqdql |
|||
-----END DSA PARAMETERS----- |
@ -0,0 +1,479 @@ |
|||
/* apps/dsaparam.c */ |
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
|||
* All rights reserved. |
|||
* |
|||
* This package is an SSL implementation written |
|||
* by Eric Young (eay@cryptsoft.com). |
|||
* The implementation was written so as to conform with Netscapes SSL. |
|||
* |
|||
* This library is free for commercial and non-commercial use as long as |
|||
* the following conditions are aheared to. The following conditions |
|||
* apply to all code found in this distribution, be it the RC4, RSA, |
|||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
|||
* included with this distribution is covered by the same copyright terms |
|||
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
|||
* |
|||
* Copyright remains Eric Young's, and as such any Copyright notices in |
|||
* the code are not to be removed. |
|||
* If this package is used in a product, Eric Young should be given attribution |
|||
* as the author of the parts of the library used. |
|||
* This can be in the form of a textual message at program startup or |
|||
* in documentation (online or textual) provided with the package. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* 1. Redistributions of source code must retain the copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in the |
|||
* documentation and/or other materials provided with the distribution. |
|||
* 3. All advertising materials mentioning features or use of this software |
|||
* must display the following acknowledgement: |
|||
* "This product includes cryptographic software written by |
|||
* Eric Young (eay@cryptsoft.com)" |
|||
* The word 'cryptographic' can be left out if the rouines from the library |
|||
* being used are not cryptographic related :-). |
|||
* 4. If you include any Windows specific code (or a derivative thereof) from |
|||
* the apps directory (application code) you must include an acknowledgement: |
|||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|||
* SUCH DAMAGE. |
|||
* |
|||
* The licence and distribution terms for any publically available version or |
|||
* derivative of this code cannot be changed. i.e. this code cannot simply be |
|||
* copied and put under another distribution licence |
|||
* [including the GNU Public Licence.] |
|||
*/ |
|||
|
|||
#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */ |
|||
/* Until the key-gen callbacks are modified to use newer prototypes, we allow
|
|||
* deprecated functions for openssl-internal code */ |
|||
#ifdef OPENSSL_NO_DEPRECATED |
|||
#undef OPENSSL_NO_DEPRECATED |
|||
#endif |
|||
|
|||
#ifndef OPENSSL_NO_DSA |
|||
#include <assert.h> |
|||
#include <stdio.h> |
|||
#include <stdlib.h> |
|||
#include <time.h> |
|||
#include <string.h> |
|||
#include "apps.h" |
|||
#include <openssl/bio.h> |
|||
#include <openssl/err.h> |
|||
#include <openssl/bn.h> |
|||
#include <openssl/dsa.h> |
|||
#include <openssl/x509.h> |
|||
#include <openssl/pem.h> |
|||
|
|||
#undef PROG |
|||
#define PROG dsaparam_main |
|||
|
|||
/* -inform arg - input format - default PEM (DER or PEM)
|
|||
* -outform arg - output format - default PEM |
|||
* -in arg - input file - default stdin |
|||
* -out arg - output file - default stdout |
|||
* -noout |
|||
* -text |
|||
* -C |
|||
* -noout |
|||
* -genkey |
|||
* #ifdef GENCB_TEST |
|||
* -timebomb n - interrupt keygen after <n> seconds |
|||
* #endif |
|||
*/ |
|||
|
|||
#ifdef GENCB_TEST |
|||
|
|||
static int stop_keygen_flag = 0; |
|||
|
|||
static void timebomb_sigalarm(int foo) |
|||
{ |
|||
stop_keygen_flag = 1; |
|||
} |
|||
|
|||
#endif |
|||
|
|||
static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb); |
|||
|
|||
int MAIN(int, char **); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
DSA *dsa=NULL; |
|||
int i,badops=0,text=0; |
|||
BIO *in=NULL,*out=NULL; |
|||
int informat,outformat,noout=0,C=0,ret=1; |
|||
char *infile,*outfile,*prog,*inrand=NULL; |
|||
int numbits= -1,num,genkey=0; |
|||
int need_rand=0; |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
char *engine=NULL; |
|||
#endif |
|||
#ifdef GENCB_TEST |
|||
int timebomb=0; |
|||
#endif |
|||
|
|||
apps_startup(); |
|||
|
|||
if (bio_err == NULL) |
|||
if ((bio_err=BIO_new(BIO_s_file())) != NULL) |
|||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); |
|||
|
|||
if (!load_config(bio_err, NULL)) |
|||
goto end; |
|||
|
|||
infile=NULL; |
|||
outfile=NULL; |
|||
informat=FORMAT_PEM; |
|||
outformat=FORMAT_PEM; |
|||
|
|||
prog=argv[0]; |
|||
argc--; |
|||
argv++; |
|||
while (argc >= 1) |
|||
{ |
|||
if (strcmp(*argv,"-inform") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
informat=str2fmt(*(++argv)); |
|||
} |
|||
else if (strcmp(*argv,"-outform") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
outformat=str2fmt(*(++argv)); |
|||
} |
|||
else if (strcmp(*argv,"-in") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
infile= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-out") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
outfile= *(++argv); |
|||
} |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
else if(strcmp(*argv, "-engine") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
engine = *(++argv); |
|||
} |
|||
#endif |
|||
#ifdef GENCB_TEST |
|||
else if(strcmp(*argv, "-timebomb") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
timebomb = atoi(*(++argv)); |
|||
} |
|||
#endif |
|||
else if (strcmp(*argv,"-text") == 0) |
|||
text=1; |
|||
else if (strcmp(*argv,"-C") == 0) |
|||
C=1; |
|||
else if (strcmp(*argv,"-genkey") == 0) |
|||
{ |
|||
genkey=1; |
|||
need_rand=1; |
|||
} |
|||
else if (strcmp(*argv,"-rand") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
inrand= *(++argv); |
|||
need_rand=1; |
|||
} |
|||
else if (strcmp(*argv,"-noout") == 0) |
|||
noout=1; |
|||
else if (sscanf(*argv,"%d",&num) == 1) |
|||
{ |
|||
/* generate a key */ |
|||
numbits=num; |
|||
need_rand=1; |
|||
} |
|||
else |
|||
{ |
|||
BIO_printf(bio_err,"unknown option %s\n",*argv); |
|||
badops=1; |
|||
break; |
|||
} |
|||
argc--; |
|||
argv++; |
|||
} |
|||
|
|||
if (badops) |
|||
{ |
|||
bad: |
|||
BIO_printf(bio_err,"%s [options] [bits] <infile >outfile\n",prog); |
|||
BIO_printf(bio_err,"where options are\n"); |
|||
BIO_printf(bio_err," -inform arg input format - DER or PEM\n"); |
|||
BIO_printf(bio_err," -outform arg output format - DER or PEM\n"); |
|||
BIO_printf(bio_err," -in arg input file\n"); |
|||
BIO_printf(bio_err," -out arg output file\n"); |
|||
BIO_printf(bio_err," -text print as text\n"); |
|||
BIO_printf(bio_err," -C Output C code\n"); |
|||
BIO_printf(bio_err," -noout no output\n"); |
|||
BIO_printf(bio_err," -genkey generate a DSA key\n"); |
|||
BIO_printf(bio_err," -rand files to use for random number input\n"); |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); |
|||
#endif |
|||
#ifdef GENCB_TEST |
|||
BIO_printf(bio_err," -timebomb n interrupt keygen after <n> seconds\n"); |
|||
#endif |
|||
BIO_printf(bio_err," number number of bits to use for generating private key\n"); |
|||
goto end; |
|||
} |
|||
|
|||
ERR_load_crypto_strings(); |
|||
|
|||
in=BIO_new(BIO_s_file()); |
|||
out=BIO_new(BIO_s_file()); |
|||
if ((in == NULL) || (out == NULL)) |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
if (infile == NULL) |
|||
BIO_set_fp(in,stdin,BIO_NOCLOSE); |
|||
else |
|||
{ |
|||
if (BIO_read_filename(in,infile) <= 0) |
|||
{ |
|||
perror(infile); |
|||
goto end; |
|||
} |
|||
} |
|||
if (outfile == NULL) |
|||
{ |
|||
BIO_set_fp(out,stdout,BIO_NOCLOSE); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
out = BIO_push(tmpbio, out); |
|||
} |
|||
#endif |
|||
} |
|||
else |
|||
{ |
|||
if (BIO_write_filename(out,outfile) <= 0) |
|||
{ |
|||
perror(outfile); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
#ifndef OPENSSL_NO_ENGINE |
|||
setup_engine(bio_err, engine, 0); |
|||
#endif |
|||
|
|||
if (need_rand) |
|||
{ |
|||
app_RAND_load_file(NULL, bio_err, (inrand != NULL)); |
|||
if (inrand != NULL) |
|||
BIO_printf(bio_err,"%ld semi-random bytes loaded\n", |
|||
app_RAND_load_files(inrand)); |
|||
} |
|||
|
|||
if (numbits > 0) |
|||
{ |
|||
BN_GENCB cb; |
|||
BN_GENCB_set(&cb, dsa_cb, bio_err); |
|||
assert(need_rand); |
|||
dsa = DSA_new(); |
|||
if(!dsa) |
|||
{ |
|||
BIO_printf(bio_err,"Error allocating DSA object\n"); |
|||
goto end; |
|||
} |
|||
BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num); |
|||
BIO_printf(bio_err,"This could take some time\n"); |
|||
#ifdef GENCB_TEST |
|||
if(timebomb > 0) |
|||
{ |
|||
struct sigaction act; |
|||
act.sa_handler = timebomb_sigalarm; |
|||
act.sa_flags = 0; |
|||
BIO_printf(bio_err,"(though I'll stop it if not done within %d secs)\n", |
|||
timebomb); |
|||
if(sigaction(SIGALRM, &act, NULL) != 0) |
|||
{ |
|||
BIO_printf(bio_err,"Error, couldn't set SIGALRM handler\n"); |
|||
goto end; |
|||
} |
|||
alarm(timebomb); |
|||
} |
|||
#endif |
|||
if(!DSA_generate_parameters_ex(dsa,num,NULL,0,NULL,NULL, &cb)) |
|||
{ |
|||
#ifdef GENCB_TEST |
|||
if(stop_keygen_flag) |
|||
{ |
|||
BIO_printf(bio_err,"DSA key generation time-stopped\n"); |
|||
/* This is an asked-for behaviour! */ |
|||
ret = 0; |
|||
goto end; |
|||
} |
|||
#endif |
|||
BIO_printf(bio_err,"Error, DSA key generation failed\n"); |
|||
goto end; |
|||
} |
|||
} |
|||
else if (informat == FORMAT_ASN1) |
|||
dsa=d2i_DSAparams_bio(in,NULL); |
|||
else if (informat == FORMAT_PEM) |
|||
dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL); |
|||
else |
|||
{ |
|||
BIO_printf(bio_err,"bad input format specified\n"); |
|||
goto end; |
|||
} |
|||
if (dsa == NULL) |
|||
{ |
|||
BIO_printf(bio_err,"unable to load DSA parameters\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
if (text) |
|||
{ |
|||
DSAparams_print(out,dsa); |
|||
} |
|||
|
|||
if (C) |
|||
{ |
|||
unsigned char *data; |
|||
int l,len,bits_p; |
|||
|
|||
len=BN_num_bytes(dsa->p); |
|||
bits_p=BN_num_bits(dsa->p); |
|||
data=(unsigned char *)OPENSSL_malloc(len+20); |
|||
if (data == NULL) |
|||
{ |
|||
perror("OPENSSL_malloc"); |
|||
goto end; |
|||
} |
|||
l=BN_bn2bin(dsa->p,data); |
|||
printf("static unsigned char dsa%d_p[]={",bits_p); |
|||
for (i=0; i<l; i++) |
|||
{ |
|||
if ((i%12) == 0) printf("\n\t"); |
|||
printf("0x%02X,",data[i]); |
|||
} |
|||
printf("\n\t};\n"); |
|||
|
|||
l=BN_bn2bin(dsa->q,data); |
|||
printf("static unsigned char dsa%d_q[]={",bits_p); |
|||
for (i=0; i<l; i++) |
|||
{ |
|||
if ((i%12) == 0) printf("\n\t"); |
|||
printf("0x%02X,",data[i]); |
|||
} |
|||
printf("\n\t};\n"); |
|||
|
|||
l=BN_bn2bin(dsa->g,data); |
|||
printf("static unsigned char dsa%d_g[]={",bits_p); |
|||
for (i=0; i<l; i++) |
|||
{ |
|||
if ((i%12) == 0) printf("\n\t"); |
|||
printf("0x%02X,",data[i]); |
|||
} |
|||
printf("\n\t};\n\n"); |
|||
|
|||
printf("DSA *get_dsa%d()\n\t{\n",bits_p); |
|||
printf("\tDSA *dsa;\n\n"); |
|||
printf("\tif ((dsa=DSA_new()) == NULL) return(NULL);\n"); |
|||
printf("\tdsa->p=BN_bin2bn(dsa%d_p,sizeof(dsa%d_p),NULL);\n", |
|||
bits_p,bits_p); |
|||
printf("\tdsa->q=BN_bin2bn(dsa%d_q,sizeof(dsa%d_q),NULL);\n", |
|||
bits_p,bits_p); |
|||
printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n", |
|||
bits_p,bits_p); |
|||
printf("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n"); |
|||
printf("\t\t{ DSA_free(dsa); return(NULL); }\n"); |
|||
printf("\treturn(dsa);\n\t}\n"); |
|||
} |
|||
|
|||
|
|||
if (!noout) |
|||
{ |
|||
if (outformat == FORMAT_ASN1) |
|||
i=i2d_DSAparams_bio(out,dsa); |
|||
else if (outformat == FORMAT_PEM) |
|||
i=PEM_write_bio_DSAparams(out,dsa); |
|||
else { |
|||
BIO_printf(bio_err,"bad output format specified for outfile\n"); |
|||
goto end; |
|||
} |
|||
if (!i) |
|||
{ |
|||
BIO_printf(bio_err,"unable to write DSA parameters\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
} |
|||
if (genkey) |
|||
{ |
|||
DSA *dsakey; |
|||
|
|||
assert(need_rand); |
|||
if ((dsakey=DSAparams_dup(dsa)) == NULL) goto end; |
|||
if (!DSA_generate_key(dsakey)) goto end; |
|||
if (outformat == FORMAT_ASN1) |
|||
i=i2d_DSAPrivateKey_bio(out,dsakey); |
|||
else if (outformat == FORMAT_PEM) |
|||
i=PEM_write_bio_DSAPrivateKey(out,dsakey,NULL,NULL,0,NULL,NULL); |
|||
else { |
|||
BIO_printf(bio_err,"bad output format specified for outfile\n"); |
|||
goto end; |
|||
} |
|||
DSA_free(dsakey); |
|||
} |
|||
if (need_rand) |
|||
app_RAND_write_file(NULL, bio_err); |
|||
ret=0; |
|||
end: |
|||
if (in != NULL) BIO_free(in); |
|||
if (out != NULL) BIO_free_all(out); |
|||
if (dsa != NULL) DSA_free(dsa); |
|||
apps_shutdown(); |
|||
OPENSSL_EXIT(ret); |
|||
} |
|||
|
|||
static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb) |
|||
{ |
|||
char c='*'; |
|||
|
|||
if (p == 0) c='.'; |
|||
if (p == 1) c='+'; |
|||
if (p == 2) c='*'; |
|||
if (p == 3) c='\n'; |
|||
BIO_write(cb->arg,&c,1); |
|||
(void)BIO_flush(cb->arg); |
|||
#ifdef LINT |
|||
p=n; |
|||
#endif |
|||
#ifdef GENCB_TEST |
|||
if(stop_keygen_flag) |
|||
return 0; |
|||
#endif |
|||
return 1; |
|||
} |
|||
#else /* !OPENSSL_NO_DSA */ |
|||
|
|||
# if PEDANTIC |
|||
static void *dummy=&dummy; |
|||
# endif |
|||
|
|||
#endif |
@ -0,0 +1,406 @@ |
|||
/* apps/ec.c */ |
|||
/*
|
|||
* Written by Nils Larsch for the OpenSSL project. |
|||
*/ |
|||
/* ====================================================================
|
|||
* Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* |
|||
* 1. Redistributions of source code must retain the above copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in |
|||
* the documentation and/or other materials provided with the |
|||
* distribution. |
|||
* |
|||
* 3. All advertising materials mentioning features or use of this |
|||
* software must display the following acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
|||
* |
|||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|||
* endorse or promote products derived from this software without |
|||
* prior written permission. For written permission, please contact |
|||
* openssl-core@openssl.org. |
|||
* |
|||
* 5. Products derived from this software may not be called "OpenSSL" |
|||
* nor may "OpenSSL" appear in their names without prior written |
|||
* permission of the OpenSSL Project. |
|||
* |
|||
* 6. Redistributions of any form whatsoever must retain the following |
|||
* acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|||
* OF THE POSSIBILITY OF SUCH DAMAGE. |
|||
* ==================================================================== |
|||
* |
|||
* This product includes cryptographic software written by Eric Young |
|||
* (eay@cryptsoft.com). This product includes software written by Tim |
|||
* Hudson (tjh@cryptsoft.com). |
|||
* |
|||
*/ |
|||
|
|||
#include <openssl/opensslconf.h> |
|||
#ifndef OPENSSL_NO_EC |
|||
#include <stdio.h> |
|||
#include <stdlib.h> |
|||
#include <string.h> |
|||
#include "apps.h" |
|||
#include <openssl/bio.h> |
|||
#include <openssl/err.h> |
|||
#include <openssl/evp.h> |
|||
#include <openssl/pem.h> |
|||
|
|||
#undef PROG |
|||
#define PROG ec_main |
|||
|
|||
/* -inform arg - input format - default PEM (one of DER, NET or PEM)
|
|||
* -outform arg - output format - default PEM |
|||
* -in arg - input file - default stdin |
|||
* -out arg - output file - default stdout |
|||
* -des - encrypt output if PEM format with DES in cbc mode |
|||
* -text - print a text version |
|||
* -param_out - print the elliptic curve parameters |
|||
* -conv_form arg - specifies the point encoding form |
|||
* -param_enc arg - specifies the parameter encoding |
|||
*/ |
|||
|
|||
int MAIN(int, char **); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
int ret = 1; |
|||
EC_KEY *eckey = NULL; |
|||
const EC_GROUP *group; |
|||
int i, badops = 0; |
|||
const EVP_CIPHER *enc = NULL; |
|||
BIO *in = NULL, *out = NULL; |
|||
int informat, outformat, text=0, noout=0; |
|||
int pubin = 0, pubout = 0, param_out = 0; |
|||
char *infile, *outfile, *prog, *engine; |
|||
char *passargin = NULL, *passargout = NULL; |
|||
char *passin = NULL, *passout = NULL; |
|||
point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED; |
|||
int new_form = 0; |
|||
int asn1_flag = OPENSSL_EC_NAMED_CURVE; |
|||
int new_asn1_flag = 0; |
|||
|
|||
apps_startup(); |
|||
|
|||
if (bio_err == NULL) |
|||
if ((bio_err=BIO_new(BIO_s_file())) != NULL) |
|||
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); |
|||
|
|||
if (!load_config(bio_err, NULL)) |
|||
goto end; |
|||
|
|||
engine = NULL; |
|||
infile = NULL; |
|||
outfile = NULL; |
|||
informat = FORMAT_PEM; |
|||
outformat = FORMAT_PEM; |
|||
|
|||
prog = argv[0]; |
|||
argc--; |
|||
argv++; |
|||
while (argc >= 1) |
|||
{ |
|||
if (strcmp(*argv,"-inform") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
informat=str2fmt(*(++argv)); |
|||
} |
|||
else if (strcmp(*argv,"-outform") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
outformat=str2fmt(*(++argv)); |
|||
} |
|||
else if (strcmp(*argv,"-in") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
infile= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-out") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
outfile= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-passin") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
passargin= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-passout") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
passargout= *(++argv); |
|||
} |
|||
else if (strcmp(*argv, "-engine") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
engine= *(++argv); |
|||
} |
|||
else if (strcmp(*argv, "-noout") == 0) |
|||
noout = 1; |
|||
else if (strcmp(*argv, "-text") == 0) |
|||
text = 1; |
|||
else if (strcmp(*argv, "-conv_form") == 0) |
|||
{ |
|||
if (--argc < 1) |
|||
goto bad; |
|||
++argv; |
|||
new_form = 1; |
|||
if (strcmp(*argv, "compressed") == 0) |
|||
form = POINT_CONVERSION_COMPRESSED; |
|||
else if (strcmp(*argv, "uncompressed") == 0) |
|||
form = POINT_CONVERSION_UNCOMPRESSED; |
|||
else if (strcmp(*argv, "hybrid") == 0) |
|||
form = POINT_CONVERSION_HYBRID; |
|||
else |
|||
goto bad; |
|||
} |
|||
else if (strcmp(*argv, "-param_enc") == 0) |
|||
{ |
|||
if (--argc < 1) |
|||
goto bad; |
|||
++argv; |
|||
new_asn1_flag = 1; |
|||
if (strcmp(*argv, "named_curve") == 0) |
|||
asn1_flag = OPENSSL_EC_NAMED_CURVE; |
|||
else if (strcmp(*argv, "explicit") == 0) |
|||
asn1_flag = 0; |
|||
else |
|||
goto bad; |
|||
} |
|||
else if (strcmp(*argv, "-param_out") == 0) |
|||
param_out = 1; |
|||
else if (strcmp(*argv, "-pubin") == 0) |
|||
pubin=1; |
|||
else if (strcmp(*argv, "-pubout") == 0) |
|||
pubout=1; |
|||
else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL) |
|||
{ |
|||
BIO_printf(bio_err, "unknown option %s\n", *argv); |
|||
badops=1; |
|||
break; |
|||
} |
|||
argc--; |
|||
argv++; |
|||
} |
|||
|
|||
if (badops) |
|||
{ |
|||
bad: |
|||
BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog); |
|||
BIO_printf(bio_err, "where options are\n"); |
|||
BIO_printf(bio_err, " -inform arg input format - " |
|||
"DER or PEM\n"); |
|||
BIO_printf(bio_err, " -outform arg output format - " |
|||
"DER or PEM\n"); |
|||
BIO_printf(bio_err, " -in arg input file\n"); |
|||
BIO_printf(bio_err, " -passin arg input file pass " |
|||
"phrase source\n"); |
|||
BIO_printf(bio_err, " -out arg output file\n"); |
|||
BIO_printf(bio_err, " -passout arg output file pass " |
|||
"phrase source\n"); |
|||
BIO_printf(bio_err, " -engine e use engine e, " |
|||
"possibly a hardware device.\n"); |
|||
BIO_printf(bio_err, " -des encrypt PEM output, " |
|||
"instead of 'des' every other \n" |
|||
" cipher " |
|||
"supported by OpenSSL can be used\n"); |
|||
BIO_printf(bio_err, " -text print the key\n"); |
|||
BIO_printf(bio_err, " -noout don't print key out\n"); |
|||
BIO_printf(bio_err, " -param_out print the elliptic " |
|||
"curve parameters\n"); |
|||
BIO_printf(bio_err, " -conv_form arg specifies the " |
|||
"point conversion form \n"); |
|||
BIO_printf(bio_err, " possible values:" |
|||
" compressed\n"); |
|||
BIO_printf(bio_err, " " |
|||
" uncompressed (default)\n"); |
|||
BIO_printf(bio_err, " " |
|||
" hybrid\n"); |
|||
BIO_printf(bio_err, " -param_enc arg specifies the way" |
|||
" the ec parameters are encoded\n"); |
|||
BIO_printf(bio_err, " in the asn1 der " |
|||
"encoding\n"); |
|||
BIO_printf(bio_err, " possible values:" |
|||
" named_curve (default)\n"); |
|||
BIO_printf(bio_err," " |
|||
"explicit\n"); |
|||
goto end; |
|||
} |
|||
|
|||
ERR_load_crypto_strings(); |
|||
|
|||
#ifndef OPENSSL_NO_ENGINE |
|||
setup_engine(bio_err, engine, 0); |
|||
#endif |
|||
|
|||
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) |
|||
{ |
|||
BIO_printf(bio_err, "Error getting passwords\n"); |
|||
goto end; |
|||
} |
|||
|
|||
in = BIO_new(BIO_s_file()); |
|||
out = BIO_new(BIO_s_file()); |
|||
if ((in == NULL) || (out == NULL)) |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
if (infile == NULL) |
|||
BIO_set_fp(in, stdin, BIO_NOCLOSE); |
|||
else |
|||
{ |
|||
if (BIO_read_filename(in, infile) <= 0) |
|||
{ |
|||
perror(infile); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
BIO_printf(bio_err, "read EC key\n"); |
|||
if (informat == FORMAT_ASN1) |
|||
{ |
|||
if (pubin) |
|||
eckey = d2i_EC_PUBKEY_bio(in, NULL); |
|||
else |
|||
eckey = d2i_ECPrivateKey_bio(in, NULL); |
|||
} |
|||
else if (informat == FORMAT_PEM) |
|||
{ |
|||
if (pubin) |
|||
eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, |
|||
NULL); |
|||
else |
|||
eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL, |
|||
passin); |
|||
} |
|||
else |
|||
{ |
|||
BIO_printf(bio_err, "bad input format specified for key\n"); |
|||
goto end; |
|||
} |
|||
if (eckey == NULL) |
|||
{ |
|||
BIO_printf(bio_err,"unable to load Key\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
if (outfile == NULL) |
|||
{ |
|||
BIO_set_fp(out, stdout, BIO_NOCLOSE); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
out = BIO_push(tmpbio, out); |
|||
} |
|||
#endif |
|||
} |
|||
else |
|||
{ |
|||
if (BIO_write_filename(out, outfile) <= 0) |
|||
{ |
|||
perror(outfile); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
group = EC_KEY_get0_group(eckey); |
|||
|
|||
if (new_form) |
|||
EC_KEY_set_conv_form(eckey, form); |
|||
|
|||
if (new_asn1_flag) |
|||
EC_KEY_set_asn1_flag(eckey, asn1_flag); |
|||
|
|||
if (text) |
|||
if (!EC_KEY_print(out, eckey, 0)) |
|||
{ |
|||
perror(outfile); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
if (noout) |
|||
{ |
|||
ret = 0; |
|||
goto end; |
|||
} |
|||
|
|||
BIO_printf(bio_err, "writing EC key\n"); |
|||
if (outformat == FORMAT_ASN1) |
|||
{ |
|||
if (param_out) |
|||
i = i2d_ECPKParameters_bio(out, group); |
|||
else if (pubin || pubout) |
|||
i = i2d_EC_PUBKEY_bio(out, eckey); |
|||
else |
|||
i = i2d_ECPrivateKey_bio(out, eckey); |
|||
} |
|||
else if (outformat == FORMAT_PEM) |
|||
{ |
|||
if (param_out) |
|||
i = PEM_write_bio_ECPKParameters(out, group); |
|||
else if (pubin || pubout) |
|||
i = PEM_write_bio_EC_PUBKEY(out, eckey); |
|||
else |
|||
i = PEM_write_bio_ECPrivateKey(out, eckey, enc, |
|||
NULL, 0, NULL, passout); |
|||
} |
|||
else |
|||
{ |
|||
BIO_printf(bio_err, "bad output format specified for " |
|||
"outfile\n"); |
|||
goto end; |
|||
} |
|||
|
|||
if (!i) |
|||
{ |
|||
BIO_printf(bio_err, "unable to write private key\n"); |
|||
ERR_print_errors(bio_err); |
|||
} |
|||
else |
|||
ret=0; |
|||
end: |
|||
if (in) |
|||
BIO_free(in); |
|||
if (out) |
|||
BIO_free_all(out); |
|||
if (eckey) |
|||
EC_KEY_free(eckey); |
|||
if (passin) |
|||
OPENSSL_free(passin); |
|||
if (passout) |
|||
OPENSSL_free(passout); |
|||
apps_shutdown(); |
|||
OPENSSL_EXIT(ret); |
|||
} |
|||
#else /* !OPENSSL_NO_EC */ |
|||
|
|||
# if PEDANTIC |
|||
static void *dummy=&dummy; |
|||
# endif |
|||
|
|||
#endif |
@ -0,0 +1,731 @@ |
|||
/* apps/ecparam.c */ |
|||
/*
|
|||
* Written by Nils Larsch for the OpenSSL project. |
|||
*/ |
|||
/* ====================================================================
|
|||
* Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* |
|||
* 1. Redistributions of source code must retain the above copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in |
|||
* the documentation and/or other materials provided with the |
|||
* distribution. |
|||
* |
|||
* 3. All advertising materials mentioning features or use of this |
|||
* software must display the following acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
|||
* |
|||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|||
* endorse or promote products derived from this software without |
|||
* prior written permission. For written permission, please contact |
|||
* openssl-core@openssl.org. |
|||
* |
|||
* 5. Products derived from this software may not be called "OpenSSL" |
|||
* nor may "OpenSSL" appear in their names without prior written |
|||
* permission of the OpenSSL Project. |
|||
* |
|||
* 6. Redistributions of any form whatsoever must retain the following |
|||
* acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|||
* OF THE POSSIBILITY OF SUCH DAMAGE. |
|||
* ==================================================================== |
|||
* |
|||
* This product includes cryptographic software written by Eric Young |
|||
* (eay@cryptsoft.com). This product includes software written by Tim |
|||
* Hudson (tjh@cryptsoft.com). |
|||
* |
|||
*/ |
|||
/* ====================================================================
|
|||
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. |
|||
* |
|||
* Portions of the attached software ("Contribution") are developed by |
|||
* SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. |
|||
* |
|||
* The Contribution is licensed pursuant to the OpenSSL open source |
|||
* license provided above. |
|||
* |
|||
* The elliptic curve binary polynomial software is originally written by |
|||
* Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. |
|||
* |
|||
*/ |
|||
|
|||
#include <openssl/opensslconf.h> |
|||
#ifndef OPENSSL_NO_EC |
|||
#include <assert.h> |
|||
#include <stdio.h> |
|||
#include <stdlib.h> |
|||
#include <time.h> |
|||
#include <string.h> |
|||
#include "apps.h" |
|||
#include <openssl/bio.h> |
|||
#include <openssl/err.h> |
|||
#include <openssl/bn.h> |
|||
#include <openssl/ec.h> |
|||
#include <openssl/x509.h> |
|||
#include <openssl/pem.h> |
|||
|
|||
#undef PROG |
|||
#define PROG ecparam_main |
|||
|
|||
/* -inform arg - input format - default PEM (DER or PEM)
|
|||
* -outform arg - output format - default PEM |
|||
* -in arg - input file - default stdin |
|||
* -out arg - output file - default stdout |
|||
* -noout - do not print the ec parameter |
|||
* -text - print the ec parameters in text form |
|||
* -check - validate the ec parameters |
|||
* -C - print a 'C' function creating the parameters |
|||
* -name arg - use the ec parameters with 'short name' name |
|||
* -list_curves - prints a list of all currently available curve 'short names' |
|||
* -conv_form arg - specifies the point conversion form |
|||
* - possible values: compressed |
|||
* uncompressed (default) |
|||
* hybrid |
|||
* -param_enc arg - specifies the way the ec parameters are encoded |
|||
* in the asn1 der encoding |
|||
* possible values: named_curve (default) |
|||
* explicit |
|||
* -no_seed - if 'explicit' parameters are choosen do not use the seed |
|||
* -genkey - generate ec key |
|||
* -rand file - files to use for random number input |
|||
* -engine e - use engine e, possibly a hardware device |
|||
*/ |
|||
|
|||
|
|||
static int ecparam_print_var(BIO *,BIGNUM *,const char *,int,unsigned char *); |
|||
|
|||
int MAIN(int, char **); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
EC_GROUP *group = NULL; |
|||
point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED; |
|||
int new_form = 0; |
|||
int asn1_flag = OPENSSL_EC_NAMED_CURVE; |
|||
int new_asn1_flag = 0; |
|||
char *curve_name = NULL, *inrand = NULL; |
|||
int list_curves = 0, no_seed = 0, check = 0, |
|||
badops = 0, text = 0, i, need_rand = 0, genkey = 0; |
|||
char *infile = NULL, *outfile = NULL, *prog; |
|||
BIO *in = NULL, *out = NULL; |
|||
int informat, outformat, noout = 0, C = 0, ret = 1; |
|||
char *engine = NULL; |
|||
|
|||
BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL, |
|||
*ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL; |
|||
unsigned char *buffer = NULL; |
|||
|
|||
apps_startup(); |
|||
|
|||
if (bio_err == NULL) |
|||
if ((bio_err=BIO_new(BIO_s_file())) != NULL) |
|||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); |
|||
|
|||
if (!load_config(bio_err, NULL)) |
|||
goto end; |
|||
|
|||
informat=FORMAT_PEM; |
|||
outformat=FORMAT_PEM; |
|||
|
|||
prog=argv[0]; |
|||
argc--; |
|||
argv++; |
|||
while (argc >= 1) |
|||
{ |
|||
if (strcmp(*argv,"-inform") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
informat=str2fmt(*(++argv)); |
|||
} |
|||
else if (strcmp(*argv,"-outform") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
outformat=str2fmt(*(++argv)); |
|||
} |
|||
else if (strcmp(*argv,"-in") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
infile= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-out") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
outfile= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-text") == 0) |
|||
text = 1; |
|||
else if (strcmp(*argv,"-C") == 0) |
|||
C = 1; |
|||
else if (strcmp(*argv,"-check") == 0) |
|||
check = 1; |
|||
else if (strcmp (*argv, "-name") == 0) |
|||
{ |
|||
if (--argc < 1) |
|||
goto bad; |
|||
curve_name = *(++argv); |
|||
} |
|||
else if (strcmp(*argv, "-list_curves") == 0) |
|||
list_curves = 1; |
|||
else if (strcmp(*argv, "-conv_form") == 0) |
|||
{ |
|||
if (--argc < 1) |
|||
goto bad; |
|||
++argv; |
|||
new_form = 1; |
|||
if (strcmp(*argv, "compressed") == 0) |
|||
form = POINT_CONVERSION_COMPRESSED; |
|||
else if (strcmp(*argv, "uncompressed") == 0) |
|||
form = POINT_CONVERSION_UNCOMPRESSED; |
|||
else if (strcmp(*argv, "hybrid") == 0) |
|||
form = POINT_CONVERSION_HYBRID; |
|||
else |
|||
goto bad; |
|||
} |
|||
else if (strcmp(*argv, "-param_enc") == 0) |
|||
{ |
|||
if (--argc < 1) |
|||
goto bad; |
|||
++argv; |
|||
new_asn1_flag = 1; |
|||
if (strcmp(*argv, "named_curve") == 0) |
|||
asn1_flag = OPENSSL_EC_NAMED_CURVE; |
|||
else if (strcmp(*argv, "explicit") == 0) |
|||
asn1_flag = 0; |
|||
else |
|||
goto bad; |
|||
} |
|||
else if (strcmp(*argv, "-no_seed") == 0) |
|||
no_seed = 1; |
|||
else if (strcmp(*argv, "-noout") == 0) |
|||
noout=1; |
|||
else if (strcmp(*argv,"-genkey") == 0) |
|||
{ |
|||
genkey=1; |
|||
need_rand=1; |
|||
} |
|||
else if (strcmp(*argv, "-rand") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
inrand= *(++argv); |
|||
need_rand=1; |
|||
} |
|||
else if(strcmp(*argv, "-engine") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
engine = *(++argv); |
|||
} |
|||
else |
|||
{ |
|||
BIO_printf(bio_err,"unknown option %s\n",*argv); |
|||
badops=1; |
|||
break; |
|||
} |
|||
argc--; |
|||
argv++; |
|||
} |
|||
|
|||
if (badops) |
|||
{ |
|||
bad: |
|||
BIO_printf(bio_err, "%s [options] <infile >outfile\n",prog); |
|||
BIO_printf(bio_err, "where options are\n"); |
|||
BIO_printf(bio_err, " -inform arg input format - " |
|||
"default PEM (DER or PEM)\n"); |
|||
BIO_printf(bio_err, " -outform arg output format - " |
|||
"default PEM\n"); |
|||
BIO_printf(bio_err, " -in arg input file - " |
|||
"default stdin\n"); |
|||
BIO_printf(bio_err, " -out arg output file - " |
|||
"default stdout\n"); |
|||
BIO_printf(bio_err, " -noout do not print the " |
|||
"ec parameter\n"); |
|||
BIO_printf(bio_err, " -text print the ec " |
|||
"parameters in text form\n"); |
|||
BIO_printf(bio_err, " -check validate the ec " |
|||
"parameters\n"); |
|||
BIO_printf(bio_err, " -C print a 'C' " |
|||
"function creating the parameters\n"); |
|||
BIO_printf(bio_err, " -name arg use the " |
|||
"ec parameters with 'short name' name\n"); |
|||
BIO_printf(bio_err, " -list_curves prints a list of " |
|||
"all currently available curve 'short names'\n"); |
|||
BIO_printf(bio_err, " -conv_form arg specifies the " |
|||
"point conversion form \n"); |
|||
BIO_printf(bio_err, " possible values:" |
|||
" compressed\n"); |
|||
BIO_printf(bio_err, " " |
|||
" uncompressed (default)\n"); |
|||
BIO_printf(bio_err, " " |
|||
" hybrid\n"); |
|||
BIO_printf(bio_err, " -param_enc arg specifies the way" |
|||
" the ec parameters are encoded\n"); |
|||
BIO_printf(bio_err, " in the asn1 der " |
|||
"encoding\n"); |
|||
BIO_printf(bio_err, " possible values:" |
|||
" named_curve (default)\n"); |
|||
BIO_printf(bio_err, " " |
|||
" explicit\n"); |
|||
BIO_printf(bio_err, " -no_seed if 'explicit'" |
|||
" parameters are choosen do not" |
|||
" use the seed\n"); |
|||
BIO_printf(bio_err, " -genkey generate ec" |
|||
" key\n"); |
|||
BIO_printf(bio_err, " -rand file files to use for" |
|||
" random number input\n"); |
|||
BIO_printf(bio_err, " -engine e use engine e, " |
|||
"possibly a hardware device\n"); |
|||
goto end; |
|||
} |
|||
|
|||
ERR_load_crypto_strings(); |
|||
|
|||
in=BIO_new(BIO_s_file()); |
|||
out=BIO_new(BIO_s_file()); |
|||
if ((in == NULL) || (out == NULL)) |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
if (infile == NULL) |
|||
BIO_set_fp(in,stdin,BIO_NOCLOSE); |
|||
else |
|||
{ |
|||
if (BIO_read_filename(in,infile) <= 0) |
|||
{ |
|||
perror(infile); |
|||
goto end; |
|||
} |
|||
} |
|||
if (outfile == NULL) |
|||
{ |
|||
BIO_set_fp(out,stdout,BIO_NOCLOSE); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
out = BIO_push(tmpbio, out); |
|||
} |
|||
#endif |
|||
} |
|||
else |
|||
{ |
|||
if (BIO_write_filename(out,outfile) <= 0) |
|||
{ |
|||
perror(outfile); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
#ifndef OPENSSL_NO_ENGINE |
|||
setup_engine(bio_err, engine, 0); |
|||
#endif |
|||
|
|||
if (list_curves) |
|||
{ |
|||
EC_builtin_curve *curves = NULL; |
|||
size_t crv_len = 0; |
|||
size_t n = 0; |
|||
|
|||
crv_len = EC_get_builtin_curves(NULL, 0); |
|||
|
|||
curves = OPENSSL_malloc((int)(sizeof(EC_builtin_curve) * crv_len)); |
|||
|
|||
if (curves == NULL) |
|||
goto end; |
|||
|
|||
if (!EC_get_builtin_curves(curves, crv_len)) |
|||
{ |
|||
OPENSSL_free(curves); |
|||
goto end; |
|||
} |
|||
|
|||
|
|||
for (n = 0; n < crv_len; n++) |
|||
{ |
|||
const char *comment; |
|||
const char *sname; |
|||
comment = curves[n].comment; |
|||
sname = OBJ_nid2sn(curves[n].nid); |
|||
if (comment == NULL) |
|||
comment = "CURVE DESCRIPTION NOT AVAILABLE"; |
|||
if (sname == NULL) |
|||
sname = ""; |
|||
|
|||
BIO_printf(out, " %-10s: ", sname); |
|||
BIO_printf(out, "%s\n", comment); |
|||
} |
|||
|
|||
OPENSSL_free(curves); |
|||
ret = 0; |
|||
goto end; |
|||
} |
|||
|
|||
if (curve_name != NULL) |
|||
{ |
|||
int nid; |
|||
|
|||
/* workaround for the SECG curve names secp192r1
|
|||
* and secp256r1 (which are the same as the curves |
|||
* prime192v1 and prime256v1 defined in X9.62) |
|||
*/ |
|||
if (!strcmp(curve_name, "secp192r1")) |
|||
{ |
|||
BIO_printf(bio_err, "using curve name prime192v1 " |
|||
"instead of secp192r1\n"); |
|||
nid = NID_X9_62_prime192v1; |
|||
} |
|||
else if (!strcmp(curve_name, "secp256r1")) |
|||
{ |
|||
BIO_printf(bio_err, "using curve name prime256v1 " |
|||
"instead of secp256r1\n"); |
|||
nid = NID_X9_62_prime256v1; |
|||
} |
|||
else |
|||
nid = OBJ_sn2nid(curve_name); |
|||
|
|||
if (nid == 0) |
|||
{ |
|||
BIO_printf(bio_err, "unknown curve name (%s)\n", |
|||
curve_name); |
|||
goto end; |
|||
} |
|||
|
|||
group = EC_GROUP_new_by_curve_name(nid); |
|||
if (group == NULL) |
|||
{ |
|||
BIO_printf(bio_err, "unable to create curve (%s)\n", |
|||
curve_name); |
|||
goto end; |
|||
} |
|||
EC_GROUP_set_asn1_flag(group, asn1_flag); |
|||
EC_GROUP_set_point_conversion_form(group, form); |
|||
} |
|||
else if (informat == FORMAT_ASN1) |
|||
{ |
|||
group = d2i_ECPKParameters_bio(in, NULL); |
|||
} |
|||
else if (informat == FORMAT_PEM) |
|||
{ |
|||
group = PEM_read_bio_ECPKParameters(in,NULL,NULL,NULL); |
|||
} |
|||
else |
|||
{ |
|||
BIO_printf(bio_err, "bad input format specified\n"); |
|||
goto end; |
|||
} |
|||
|
|||
if (group == NULL) |
|||
{ |
|||
BIO_printf(bio_err, |
|||
"unable to load elliptic curve parameters\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
if (new_form) |
|||
EC_GROUP_set_point_conversion_form(group, form); |
|||
|
|||
if (new_asn1_flag) |
|||
EC_GROUP_set_asn1_flag(group, asn1_flag); |
|||
|
|||
if (no_seed) |
|||
{ |
|||
EC_GROUP_set_seed(group, NULL, 0); |
|||
} |
|||
|
|||
if (text) |
|||
{ |
|||
if (!ECPKParameters_print(out, group, 0)) |
|||
goto end; |
|||
} |
|||
|
|||
if (check) |
|||
{ |
|||
if (group == NULL) |
|||
BIO_printf(bio_err, "no elliptic curve parameters\n"); |
|||
BIO_printf(bio_err, "checking elliptic curve parameters: "); |
|||
if (!EC_GROUP_check(group, NULL)) |
|||
{ |
|||
BIO_printf(bio_err, "failed\n"); |
|||
ERR_print_errors(bio_err); |
|||
} |
|||
else |
|||
BIO_printf(bio_err, "ok\n"); |
|||
|
|||
} |
|||
|
|||
if (C) |
|||
{ |
|||
size_t buf_len = 0, tmp_len = 0; |
|||
const EC_POINT *point; |
|||
int is_prime, len = 0; |
|||
const EC_METHOD *meth = EC_GROUP_method_of(group); |
|||
|
|||
if ((ec_p = BN_new()) == NULL || (ec_a = BN_new()) == NULL || |
|||
(ec_b = BN_new()) == NULL || (ec_gen = BN_new()) == NULL || |
|||
(ec_order = BN_new()) == NULL || |
|||
(ec_cofactor = BN_new()) == NULL ) |
|||
{ |
|||
perror("OPENSSL_malloc"); |
|||
goto end; |
|||
} |
|||
|
|||
is_prime = (EC_METHOD_get_field_type(meth) == |
|||
NID_X9_62_prime_field); |
|||
|
|||
if (is_prime) |
|||
{ |
|||
if (!EC_GROUP_get_curve_GFp(group, ec_p, ec_a, |
|||
ec_b, NULL)) |
|||
goto end; |
|||
} |
|||
else |
|||
{ |
|||
/* TODO */ |
|||
goto end; |
|||
} |
|||
|
|||
if ((point = EC_GROUP_get0_generator(group)) == NULL) |
|||
goto end; |
|||
if (!EC_POINT_point2bn(group, point, |
|||
EC_GROUP_get_point_conversion_form(group), ec_gen, |
|||
NULL)) |
|||
goto end; |
|||
if (!EC_GROUP_get_order(group, ec_order, NULL)) |
|||
goto end; |
|||
if (!EC_GROUP_get_cofactor(group, ec_cofactor, NULL)) |
|||
goto end; |
|||
|
|||
if (!ec_p || !ec_a || !ec_b || !ec_gen || |
|||
!ec_order || !ec_cofactor) |
|||
goto end; |
|||
|
|||
len = BN_num_bits(ec_order); |
|||
|
|||
if ((tmp_len = (size_t)BN_num_bytes(ec_p)) > buf_len) |
|||
buf_len = tmp_len; |
|||
if ((tmp_len = (size_t)BN_num_bytes(ec_a)) > buf_len) |
|||
buf_len = tmp_len; |
|||
if ((tmp_len = (size_t)BN_num_bytes(ec_b)) > buf_len) |
|||
buf_len = tmp_len; |
|||
if ((tmp_len = (size_t)BN_num_bytes(ec_gen)) > buf_len) |
|||
buf_len = tmp_len; |
|||
if ((tmp_len = (size_t)BN_num_bytes(ec_order)) > buf_len) |
|||
buf_len = tmp_len; |
|||
if ((tmp_len = (size_t)BN_num_bytes(ec_cofactor)) > buf_len) |
|||
buf_len = tmp_len; |
|||
|
|||
buffer = (unsigned char *)OPENSSL_malloc(buf_len); |
|||
|
|||
if (buffer == NULL) |
|||
{ |
|||
perror("OPENSSL_malloc"); |
|||
goto end; |
|||
} |
|||
|
|||
ecparam_print_var(out, ec_p, "ec_p", len, buffer); |
|||
ecparam_print_var(out, ec_a, "ec_a", len, buffer); |
|||
ecparam_print_var(out, ec_b, "ec_b", len, buffer); |
|||
ecparam_print_var(out, ec_gen, "ec_gen", len, buffer); |
|||
ecparam_print_var(out, ec_order, "ec_order", len, buffer); |
|||
ecparam_print_var(out, ec_cofactor, "ec_cofactor", len, |
|||
buffer); |
|||
|
|||
BIO_printf(out, "\n\n"); |
|||
|
|||
BIO_printf(out, "EC_GROUP *get_ec_group_%d(void)\n\t{\n", len); |
|||
BIO_printf(out, "\tint ok=0;\n"); |
|||
BIO_printf(out, "\tEC_GROUP *group = NULL;\n"); |
|||
BIO_printf(out, "\tEC_POINT *point = NULL;\n"); |
|||
BIO_printf(out, "\tBIGNUM *tmp_1 = NULL, *tmp_2 = NULL, " |
|||
"*tmp_3 = NULL;\n\n"); |
|||
BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_p_%d, " |
|||
"sizeof(ec_p_%d), NULL)) == NULL)\n\t\t" |
|||
"goto err;\n", len, len); |
|||
BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_a_%d, " |
|||
"sizeof(ec_a_%d), NULL)) == NULL)\n\t\t" |
|||
"goto err;\n", len, len); |
|||
BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_b_%d, " |
|||
"sizeof(ec_b_%d), NULL)) == NULL)\n\t\t" |
|||
"goto err;\n", len, len); |
|||
if (is_prime) |
|||
{ |
|||
BIO_printf(out, "\tif ((group = EC_GROUP_new_curve_" |
|||
"GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)" |
|||
"\n\t\tgoto err;\n\n"); |
|||
} |
|||
else |
|||
{ |
|||
/* TODO */ |
|||
goto end; |
|||
} |
|||
BIO_printf(out, "\t/* build generator */\n"); |
|||
BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_gen_%d, " |
|||
"sizeof(ec_gen_%d), tmp_1)) == NULL)" |
|||
"\n\t\tgoto err;\n", len, len); |
|||
BIO_printf(out, "\tpoint = EC_POINT_bn2point(group, tmp_1, " |
|||
"NULL, NULL);\n"); |
|||
BIO_printf(out, "\tif (point == NULL)\n\t\tgoto err;\n"); |
|||
BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_order_%d, " |
|||
"sizeof(ec_order_%d), tmp_2)) == NULL)" |
|||
"\n\t\tgoto err;\n", len, len); |
|||
BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_cofactor_%d, " |
|||
"sizeof(ec_cofactor_%d), tmp_3)) == NULL)" |
|||
"\n\t\tgoto err;\n", len, len); |
|||
BIO_printf(out, "\tif (!EC_GROUP_set_generator(group, point," |
|||
" tmp_2, tmp_3))\n\t\tgoto err;\n"); |
|||
BIO_printf(out, "\n\tok=1;\n"); |
|||
BIO_printf(out, "err:\n"); |
|||
BIO_printf(out, "\tif (tmp_1)\n\t\tBN_free(tmp_1);\n"); |
|||
BIO_printf(out, "\tif (tmp_2)\n\t\tBN_free(tmp_2);\n"); |
|||
BIO_printf(out, "\tif (tmp_3)\n\t\tBN_free(tmp_3);\n"); |
|||
BIO_printf(out, "\tif (point)\n\t\tEC_POINT_free(point);\n"); |
|||
BIO_printf(out, "\tif (!ok)\n"); |
|||
BIO_printf(out, "\t\t{\n"); |
|||
BIO_printf(out, "\t\tEC_GROUP_free(group);\n"); |
|||
BIO_printf(out, "\t\tgroup = NULL;\n"); |
|||
BIO_printf(out, "\t\t}\n"); |
|||
BIO_printf(out, "\treturn(group);\n\t}\n"); |
|||
} |
|||
|
|||
if (!noout) |
|||
{ |
|||
if (outformat == FORMAT_ASN1) |
|||
i = i2d_ECPKParameters_bio(out, group); |
|||
else if (outformat == FORMAT_PEM) |
|||
i = PEM_write_bio_ECPKParameters(out, group); |
|||
else |
|||
{ |
|||
BIO_printf(bio_err,"bad output format specified for" |
|||
" outfile\n"); |
|||
goto end; |
|||
} |
|||
if (!i) |
|||
{ |
|||
BIO_printf(bio_err, "unable to write elliptic " |
|||
"curve parameters\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
if (need_rand) |
|||
{ |
|||
app_RAND_load_file(NULL, bio_err, (inrand != NULL)); |
|||
if (inrand != NULL) |
|||
BIO_printf(bio_err,"%ld semi-random bytes loaded\n", |
|||
app_RAND_load_files(inrand)); |
|||
} |
|||
|
|||
if (genkey) |
|||
{ |
|||
EC_KEY *eckey = EC_KEY_new(); |
|||
|
|||
if (eckey == NULL) |
|||
goto end; |
|||
|
|||
assert(need_rand); |
|||
|
|||
if (EC_KEY_set_group(eckey, group) == 0) |
|||
goto end; |
|||
|
|||
if (!EC_KEY_generate_key(eckey)) |
|||
{ |
|||
EC_KEY_free(eckey); |
|||
goto end; |
|||
} |
|||
if (outformat == FORMAT_ASN1) |
|||
i = i2d_ECPrivateKey_bio(out, eckey); |
|||
else if (outformat == FORMAT_PEM) |
|||
i = PEM_write_bio_ECPrivateKey(out, eckey, NULL, |
|||
NULL, 0, NULL, NULL); |
|||
else |
|||
{ |
|||
BIO_printf(bio_err, "bad output format specified " |
|||
"for outfile\n"); |
|||
EC_KEY_free(eckey); |
|||
goto end; |
|||
} |
|||
EC_KEY_free(eckey); |
|||
} |
|||
|
|||
if (need_rand) |
|||
app_RAND_write_file(NULL, bio_err); |
|||
|
|||
ret=0; |
|||
end: |
|||
if (ec_p) |
|||
BN_free(ec_p); |
|||
if (ec_a) |
|||
BN_free(ec_a); |
|||
if (ec_b) |
|||
BN_free(ec_b); |
|||
if (ec_gen) |
|||
BN_free(ec_gen); |
|||
if (ec_order) |
|||
BN_free(ec_order); |
|||
if (ec_cofactor) |
|||
BN_free(ec_cofactor); |
|||
if (buffer) |
|||
OPENSSL_free(buffer); |
|||
if (in != NULL) |
|||
BIO_free(in); |
|||
if (out != NULL) |
|||
BIO_free_all(out); |
|||
if (group != NULL) |
|||
EC_GROUP_free(group); |
|||
apps_shutdown(); |
|||
OPENSSL_EXIT(ret); |
|||
} |
|||
|
|||
static int ecparam_print_var(BIO *out, BIGNUM *in, const char *var, |
|||
int len, unsigned char *buffer) |
|||
{ |
|||
BIO_printf(out, "static unsigned char %s_%d[] = {", var, len); |
|||
if (BN_is_zero(in)) |
|||
BIO_printf(out, "\n\t0x00"); |
|||
else |
|||
{ |
|||
int i, l; |
|||
|
|||
l = BN_bn2bin(in, buffer); |
|||
for (i=0; i<l-1; i++) |
|||
{ |
|||
if ((i%12) == 0) |
|||
BIO_printf(out, "\n\t"); |
|||
BIO_printf(out, "0x%02X,", buffer[i]); |
|||
} |
|||
if ((i%12) == 0) |
|||
BIO_printf(out, "\n\t"); |
|||
BIO_printf(out, "0x%02X", buffer[i]); |
|||
} |
|||
BIO_printf(out, "\n\t};\n\n"); |
|||
return 1; |
|||
} |
|||
#else /* !OPENSSL_NO_EC */ |
|||
|
|||
# if PEDANTIC |
|||
static void *dummy=&dummy; |
|||
# endif |
|||
|
|||
#endif |
@ -0,0 +1,732 @@ |
|||
/* apps/enc.c */ |
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
|||
* All rights reserved. |
|||
* |
|||
* This package is an SSL implementation written |
|||
* by Eric Young (eay@cryptsoft.com). |
|||
* The implementation was written so as to conform with Netscapes SSL. |
|||
* |
|||
* This library is free for commercial and non-commercial use as long as |
|||
* the following conditions are aheared to. The following conditions |
|||
* apply to all code found in this distribution, be it the RC4, RSA, |
|||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
|||
* included with this distribution is covered by the same copyright terms |
|||
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
|||
* |
|||
* Copyright remains Eric Young's, and as such any Copyright notices in |
|||
* the code are not to be removed. |
|||
* If this package is used in a product, Eric Young should be given attribution |
|||
* as the author of the parts of the library used. |
|||
* This can be in the form of a textual message at program startup or |
|||
* in documentation (online or textual) provided with the package. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* 1. Redistributions of source code must retain the copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in the |
|||
* documentation and/or other materials provided with the distribution. |
|||
* 3. All advertising materials mentioning features or use of this software |
|||
* must display the following acknowledgement: |
|||
* "This product includes cryptographic software written by |
|||
* Eric Young (eay@cryptsoft.com)" |
|||
* The word 'cryptographic' can be left out if the rouines from the library |
|||
* being used are not cryptographic related :-). |
|||
* 4. If you include any Windows specific code (or a derivative thereof) from |
|||
* the apps directory (application code) you must include an acknowledgement: |
|||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|||
* SUCH DAMAGE. |
|||
* |
|||
* The licence and distribution terms for any publically available version or |
|||
* derivative of this code cannot be changed. i.e. this code cannot simply be |
|||
* copied and put under another distribution licence |
|||
* [including the GNU Public Licence.] |
|||
*/ |
|||
|
|||
#include <stdio.h> |
|||
#include <stdlib.h> |
|||
#include <string.h> |
|||
#include "apps.h" |
|||
#include <openssl/bio.h> |
|||
#include <openssl/err.h> |
|||
#include <openssl/evp.h> |
|||
#include <openssl/objects.h> |
|||
#include <openssl/x509.h> |
|||
#include <openssl/rand.h> |
|||
#include <openssl/pem.h> |
|||
#include <openssl/comp.h> |
|||
#include <ctype.h> |
|||
|
|||
int set_hex(char *in,unsigned char *out,int size); |
|||
#undef SIZE |
|||
#undef BSIZE |
|||
#undef PROG |
|||
|
|||
#define SIZE (512) |
|||
#define BSIZE (8*1024) |
|||
#define PROG enc_main |
|||
|
|||
static void show_ciphers(const OBJ_NAME *name,void *bio_) |
|||
{ |
|||
BIO *bio=bio_; |
|||
static int n; |
|||
|
|||
if(!islower((unsigned char)*name->name)) |
|||
return; |
|||
|
|||
BIO_printf(bio,"-%-25s",name->name); |
|||
if(++n == 3) |
|||
{ |
|||
BIO_printf(bio,"\n"); |
|||
n=0; |
|||
} |
|||
else |
|||
BIO_printf(bio," "); |
|||
} |
|||
|
|||
int MAIN(int, char **); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
static const char magic[]="Salted__"; |
|||
char mbuf[sizeof magic-1]; |
|||
char *strbuf=NULL; |
|||
unsigned char *buff=NULL,*bufsize=NULL; |
|||
int bsize=BSIZE,verbose=0; |
|||
int ret=1,inl; |
|||
int nopad = 0; |
|||
unsigned char key[EVP_MAX_KEY_LENGTH],iv[EVP_MAX_IV_LENGTH]; |
|||
unsigned char salt[PKCS5_SALT_LEN]; |
|||
char *str=NULL, *passarg = NULL, *pass = NULL; |
|||
char *hkey=NULL,*hiv=NULL,*hsalt = NULL; |
|||
char *md=NULL; |
|||
int enc=1,printkey=0,i,base64=0; |
|||
#ifdef ZLIB |
|||
int do_zlib=0; |
|||
BIO *bzl = NULL; |
|||
#endif |
|||
int debug=0,olb64=0,nosalt=0; |
|||
const EVP_CIPHER *cipher=NULL,*c; |
|||
EVP_CIPHER_CTX *ctx = NULL; |
|||
char *inf=NULL,*outf=NULL; |
|||
BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL; |
|||
#define PROG_NAME_SIZE 39 |
|||
char pname[PROG_NAME_SIZE+1]; |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
char *engine = NULL; |
|||
#endif |
|||
const EVP_MD *dgst=NULL; |
|||
int non_fips_allow = 0; |
|||
|
|||
apps_startup(); |
|||
|
|||
if (bio_err == NULL) |
|||
if ((bio_err=BIO_new(BIO_s_file())) != NULL) |
|||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); |
|||
|
|||
if (!load_config(bio_err, NULL)) |
|||
goto end; |
|||
|
|||
/* first check the program name */ |
|||
program_name(argv[0],pname,sizeof pname); |
|||
if (strcmp(pname,"base64") == 0) |
|||
base64=1; |
|||
#ifdef ZLIB |
|||
if (strcmp(pname,"zlib") == 0) |
|||
do_zlib=1; |
|||
#endif |
|||
|
|||
cipher=EVP_get_cipherbyname(pname); |
|||
#ifdef ZLIB |
|||
if (!do_zlib && !base64 && (cipher == NULL) |
|||
&& (strcmp(pname,"enc") != 0)) |
|||
#else |
|||
if (!base64 && (cipher == NULL) && (strcmp(pname,"enc") != 0)) |
|||
#endif |
|||
{ |
|||
BIO_printf(bio_err,"%s is an unknown cipher\n",pname); |
|||
goto bad; |
|||
} |
|||
|
|||
argc--; |
|||
argv++; |
|||
while (argc >= 1) |
|||
{ |
|||
if (strcmp(*argv,"-e") == 0) |
|||
enc=1; |
|||
else if (strcmp(*argv,"-in") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
inf= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-out") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
outf= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-pass") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
passarg= *(++argv); |
|||
} |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
else if (strcmp(*argv,"-engine") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
engine= *(++argv); |
|||
} |
|||
#endif |
|||
else if (strcmp(*argv,"-d") == 0) |
|||
enc=0; |
|||
else if (strcmp(*argv,"-p") == 0) |
|||
printkey=1; |
|||
else if (strcmp(*argv,"-v") == 0) |
|||
verbose=1; |
|||
else if (strcmp(*argv,"-nopad") == 0) |
|||
nopad=1; |
|||
else if (strcmp(*argv,"-salt") == 0) |
|||
nosalt=0; |
|||
else if (strcmp(*argv,"-nosalt") == 0) |
|||
nosalt=1; |
|||
else if (strcmp(*argv,"-debug") == 0) |
|||
debug=1; |
|||
else if (strcmp(*argv,"-P") == 0) |
|||
printkey=2; |
|||
else if (strcmp(*argv,"-A") == 0) |
|||
olb64=1; |
|||
else if (strcmp(*argv,"-a") == 0) |
|||
base64=1; |
|||
else if (strcmp(*argv,"-base64") == 0) |
|||
base64=1; |
|||
#ifdef ZLIB |
|||
else if (strcmp(*argv,"-z") == 0) |
|||
do_zlib=1; |
|||
#endif |
|||
else if (strcmp(*argv,"-bufsize") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
bufsize=(unsigned char *)*(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-k") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
str= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-kfile") == 0) |
|||
{ |
|||
static char buf[128]; |
|||
FILE *infile; |
|||
char *file; |
|||
|
|||
if (--argc < 1) goto bad; |
|||
file= *(++argv); |
|||
infile=fopen(file,"r"); |
|||
if (infile == NULL) |
|||
{ |
|||
BIO_printf(bio_err,"unable to read key from '%s'\n", |
|||
file); |
|||
goto bad; |
|||
} |
|||
buf[0]='\0'; |
|||
if (!fgets(buf,sizeof buf,infile)) |
|||
{ |
|||
BIO_printf(bio_err,"unable to read key from '%s'\n", |
|||
file); |
|||
goto bad; |
|||
} |
|||
fclose(infile); |
|||
i=strlen(buf); |
|||
if ((i > 0) && |
|||
((buf[i-1] == '\n') || (buf[i-1] == '\r'))) |
|||
buf[--i]='\0'; |
|||
if ((i > 0) && |
|||
((buf[i-1] == '\n') || (buf[i-1] == '\r'))) |
|||
buf[--i]='\0'; |
|||
if (i < 1) |
|||
{ |
|||
BIO_printf(bio_err,"zero length password\n"); |
|||
goto bad; |
|||
} |
|||
str=buf; |
|||
} |
|||
else if (strcmp(*argv,"-K") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
hkey= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-S") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
hsalt= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-iv") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
hiv= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-md") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
md= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-non-fips-allow") == 0) |
|||
non_fips_allow = 1; |
|||
else if ((argv[0][0] == '-') && |
|||
((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) |
|||
{ |
|||
cipher=c; |
|||
} |
|||
else if (strcmp(*argv,"-none") == 0) |
|||
cipher=NULL; |
|||
else |
|||
{ |
|||
BIO_printf(bio_err,"unknown option '%s'\n",*argv); |
|||
bad: |
|||
BIO_printf(bio_err,"options are\n"); |
|||
BIO_printf(bio_err,"%-14s input file\n","-in <file>"); |
|||
BIO_printf(bio_err,"%-14s output file\n","-out <file>"); |
|||
BIO_printf(bio_err,"%-14s pass phrase source\n","-pass <arg>"); |
|||
BIO_printf(bio_err,"%-14s encrypt\n","-e"); |
|||
BIO_printf(bio_err,"%-14s decrypt\n","-d"); |
|||
BIO_printf(bio_err,"%-14s base64 encode/decode, depending on encryption flag\n","-a/-base64"); |
|||
BIO_printf(bio_err,"%-14s passphrase is the next argument\n","-k"); |
|||
BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile"); |
|||
BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md"); |
|||
BIO_printf(bio_err,"%-14s from a passphrase. One of md2, md5, sha or sha1\n",""); |
|||
BIO_printf(bio_err,"%-14s salt in hex is the next argument\n","-S"); |
|||
BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv"); |
|||
BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]"); |
|||
BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>"); |
|||
BIO_printf(bio_err,"%-14s disable standard block padding\n","-nopad"); |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e"); |
|||
#endif |
|||
|
|||
BIO_printf(bio_err,"Cipher Types\n"); |
|||
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, |
|||
show_ciphers, |
|||
bio_err); |
|||
BIO_printf(bio_err,"\n"); |
|||
|
|||
goto end; |
|||
} |
|||
argc--; |
|||
argv++; |
|||
} |
|||
|
|||
#ifndef OPENSSL_NO_ENGINE |
|||
setup_engine(bio_err, engine, 0); |
|||
#endif |
|||
|
|||
if (md && (dgst=EVP_get_digestbyname(md)) == NULL) |
|||
{ |
|||
BIO_printf(bio_err,"%s is an unsupported message digest type\n",md); |
|||
goto end; |
|||
} |
|||
|
|||
if (dgst == NULL) |
|||
{ |
|||
dgst = EVP_md5(); |
|||
} |
|||
|
|||
if (bufsize != NULL) |
|||
{ |
|||
unsigned long n; |
|||
|
|||
for (n=0; *bufsize; bufsize++) |
|||
{ |
|||
i= *bufsize; |
|||
if ((i <= '9') && (i >= '0')) |
|||
n=n*10+i-'0'; |
|||
else if (i == 'k') |
|||
{ |
|||
n*=1024; |
|||
bufsize++; |
|||
break; |
|||
} |
|||
} |
|||
if (*bufsize != '\0') |
|||
{ |
|||
BIO_printf(bio_err,"invalid 'bufsize' specified.\n"); |
|||
goto end; |
|||
} |
|||
|
|||
/* It must be large enough for a base64 encoded line */ |
|||
if (base64 && n < 80) n=80; |
|||
|
|||
bsize=(int)n; |
|||
if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize); |
|||
} |
|||
|
|||
strbuf=OPENSSL_malloc(SIZE); |
|||
buff=(unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize)); |
|||
if ((buff == NULL) || (strbuf == NULL)) |
|||
{ |
|||
BIO_printf(bio_err,"OPENSSL_malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize)); |
|||
goto end; |
|||
} |
|||
|
|||
in=BIO_new(BIO_s_file()); |
|||
out=BIO_new(BIO_s_file()); |
|||
if ((in == NULL) || (out == NULL)) |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
if (debug) |
|||
{ |
|||
BIO_set_callback(in,BIO_debug_callback); |
|||
BIO_set_callback(out,BIO_debug_callback); |
|||
BIO_set_callback_arg(in,(char *)bio_err); |
|||
BIO_set_callback_arg(out,(char *)bio_err); |
|||
} |
|||
|
|||
if (inf == NULL) |
|||
{ |
|||
#ifndef OPENSSL_NO_SETVBUF_IONBF |
|||
if (bufsize != NULL) |
|||
setvbuf(stdin, (char *)NULL, _IONBF, 0); |
|||
#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ |
|||
BIO_set_fp(in,stdin,BIO_NOCLOSE); |
|||
} |
|||
else |
|||
{ |
|||
if (BIO_read_filename(in,inf) <= 0) |
|||
{ |
|||
perror(inf); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
if(!str && passarg) { |
|||
if(!app_passwd(bio_err, passarg, NULL, &pass, NULL)) { |
|||
BIO_printf(bio_err, "Error getting password\n"); |
|||
goto end; |
|||
} |
|||
str = pass; |
|||
} |
|||
|
|||
if ((str == NULL) && (cipher != NULL) && (hkey == NULL)) |
|||
{ |
|||
for (;;) |
|||
{ |
|||
char buf[200]; |
|||
|
|||
BIO_snprintf(buf,sizeof buf,"enter %s %s password:", |
|||
OBJ_nid2ln(EVP_CIPHER_nid(cipher)), |
|||
(enc)?"encryption":"decryption"); |
|||
strbuf[0]='\0'; |
|||
i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc); |
|||
if (i == 0) |
|||
{ |
|||
if (strbuf[0] == '\0') |
|||
{ |
|||
ret=1; |
|||
goto end; |
|||
} |
|||
str=strbuf; |
|||
break; |
|||
} |
|||
if (i < 0) |
|||
{ |
|||
BIO_printf(bio_err,"bad password read\n"); |
|||
goto end; |
|||
} |
|||
} |
|||
} |
|||
|
|||
|
|||
if (outf == NULL) |
|||
{ |
|||
BIO_set_fp(out,stdout,BIO_NOCLOSE); |
|||
#ifndef OPENSSL_NO_SETVBUF_IONBF |
|||
if (bufsize != NULL) |
|||
setvbuf(stdout, (char *)NULL, _IONBF, 0); |
|||
#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
out = BIO_push(tmpbio, out); |
|||
} |
|||
#endif |
|||
} |
|||
else |
|||
{ |
|||
if (BIO_write_filename(out,outf) <= 0) |
|||
{ |
|||
perror(outf); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
rbio=in; |
|||
wbio=out; |
|||
|
|||
#ifdef ZLIB |
|||
|
|||
if (do_zlib) |
|||
{ |
|||
if ((bzl=BIO_new(BIO_f_zlib())) == NULL) |
|||
goto end; |
|||
if (enc) |
|||
wbio=BIO_push(bzl,wbio); |
|||
else |
|||
rbio=BIO_push(bzl,rbio); |
|||
} |
|||
#endif |
|||
|
|||
if (base64) |
|||
{ |
|||
if ((b64=BIO_new(BIO_f_base64())) == NULL) |
|||
goto end; |
|||
if (debug) |
|||
{ |
|||
BIO_set_callback(b64,BIO_debug_callback); |
|||
BIO_set_callback_arg(b64,(char *)bio_err); |
|||
} |
|||
if (olb64) |
|||
BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL); |
|||
if (enc) |
|||
wbio=BIO_push(b64,wbio); |
|||
else |
|||
rbio=BIO_push(b64,rbio); |
|||
} |
|||
|
|||
if (cipher != NULL) |
|||
{ |
|||
/* Note that str is NULL if a key was passed on the command
|
|||
* line, so we get no salt in that case. Is this a bug? |
|||
*/ |
|||
if (str != NULL) |
|||
{ |
|||
/* Salt handling: if encrypting generate a salt and
|
|||
* write to output BIO. If decrypting read salt from |
|||
* input BIO. |
|||
*/ |
|||
unsigned char *sptr; |
|||
if(nosalt) sptr = NULL; |
|||
else { |
|||
if(enc) { |
|||
if(hsalt) { |
|||
if(!set_hex(hsalt,salt,sizeof salt)) { |
|||
BIO_printf(bio_err, |
|||
"invalid hex salt value\n"); |
|||
goto end; |
|||
} |
|||
} else if (RAND_pseudo_bytes(salt, sizeof salt) < 0) |
|||
goto end; |
|||
/* If -P option then don't bother writing */ |
|||
if((printkey != 2) |
|||
&& (BIO_write(wbio,magic, |
|||
sizeof magic-1) != sizeof magic-1 |
|||
|| BIO_write(wbio, |
|||
(char *)salt, |
|||
sizeof salt) != sizeof salt)) { |
|||
BIO_printf(bio_err,"error writing output file\n"); |
|||
goto end; |
|||
} |
|||
} else if(BIO_read(rbio,mbuf,sizeof mbuf) != sizeof mbuf |
|||
|| BIO_read(rbio, |
|||
(unsigned char *)salt, |
|||
sizeof salt) != sizeof salt) { |
|||
BIO_printf(bio_err,"error reading input file\n"); |
|||
goto end; |
|||
} else if(memcmp(mbuf,magic,sizeof magic-1)) { |
|||
BIO_printf(bio_err,"bad magic number\n"); |
|||
goto end; |
|||
} |
|||
|
|||
sptr = salt; |
|||
} |
|||
|
|||
EVP_BytesToKey(cipher,dgst,sptr, |
|||
(unsigned char *)str, |
|||
strlen(str),1,key,iv); |
|||
/* zero the complete buffer or the string
|
|||
* passed from the command line |
|||
* bug picked up by |
|||
* Larry J. Hughes Jr. <hughes@indiana.edu> */ |
|||
if (str == strbuf) |
|||
OPENSSL_cleanse(str,SIZE); |
|||
else |
|||
OPENSSL_cleanse(str,strlen(str)); |
|||
} |
|||
if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv)) |
|||
{ |
|||
BIO_printf(bio_err,"invalid hex iv value\n"); |
|||
goto end; |
|||
} |
|||
if ((hiv == NULL) && (str == NULL) |
|||
&& EVP_CIPHER_iv_length(cipher) != 0) |
|||
{ |
|||
/* No IV was explicitly set and no IV was generated
|
|||
* during EVP_BytesToKey. Hence the IV is undefined, |
|||
* making correct decryption impossible. */ |
|||
BIO_printf(bio_err, "iv undefined\n"); |
|||
goto end; |
|||
} |
|||
if ((hkey != NULL) && !set_hex(hkey,key,sizeof key)) |
|||
{ |
|||
BIO_printf(bio_err,"invalid hex key value\n"); |
|||
goto end; |
|||
} |
|||
|
|||
if ((benc=BIO_new(BIO_f_cipher())) == NULL) |
|||
goto end; |
|||
|
|||
/* Since we may be changing parameters work on the encryption
|
|||
* context rather than calling BIO_set_cipher(). |
|||
*/ |
|||
|
|||
BIO_get_cipher_ctx(benc, &ctx); |
|||
|
|||
if (non_fips_allow) |
|||
EVP_CIPHER_CTX_set_flags(ctx, |
|||
EVP_CIPH_FLAG_NON_FIPS_ALLOW); |
|||
|
|||
if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) |
|||
{ |
|||
BIO_printf(bio_err, "Error setting cipher %s\n", |
|||
EVP_CIPHER_name(cipher)); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
if (nopad) |
|||
EVP_CIPHER_CTX_set_padding(ctx, 0); |
|||
|
|||
if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) |
|||
{ |
|||
BIO_printf(bio_err, "Error setting cipher %s\n", |
|||
EVP_CIPHER_name(cipher)); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
if (debug) |
|||
{ |
|||
BIO_set_callback(benc,BIO_debug_callback); |
|||
BIO_set_callback_arg(benc,(char *)bio_err); |
|||
} |
|||
|
|||
if (printkey) |
|||
{ |
|||
if (!nosalt) |
|||
{ |
|||
printf("salt="); |
|||
for (i=0; i<(int)sizeof(salt); i++) |
|||
printf("%02X",salt[i]); |
|||
printf("\n"); |
|||
} |
|||
if (cipher->key_len > 0) |
|||
{ |
|||
printf("key="); |
|||
for (i=0; i<cipher->key_len; i++) |
|||
printf("%02X",key[i]); |
|||
printf("\n"); |
|||
} |
|||
if (cipher->iv_len > 0) |
|||
{ |
|||
printf("iv ="); |
|||
for (i=0; i<cipher->iv_len; i++) |
|||
printf("%02X",iv[i]); |
|||
printf("\n"); |
|||
} |
|||
if (printkey == 2) |
|||
{ |
|||
ret=0; |
|||
goto end; |
|||
} |
|||
} |
|||
} |
|||
|
|||
/* Only encrypt/decrypt as we write the file */ |
|||
if (benc != NULL) |
|||
wbio=BIO_push(benc,wbio); |
|||
|
|||
for (;;) |
|||
{ |
|||
inl=BIO_read(rbio,(char *)buff,bsize); |
|||
if (inl <= 0) break; |
|||
if (BIO_write(wbio,(char *)buff,inl) != inl) |
|||
{ |
|||
BIO_printf(bio_err,"error writing output file\n"); |
|||
goto end; |
|||
} |
|||
} |
|||
if (!BIO_flush(wbio)) |
|||
{ |
|||
BIO_printf(bio_err,"bad decrypt\n"); |
|||
goto end; |
|||
} |
|||
|
|||
ret=0; |
|||
if (verbose) |
|||
{ |
|||
BIO_printf(bio_err,"bytes read :%8ld\n",BIO_number_read(in)); |
|||
BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out)); |
|||
} |
|||
end: |
|||
ERR_print_errors(bio_err); |
|||
if (strbuf != NULL) OPENSSL_free(strbuf); |
|||
if (buff != NULL) OPENSSL_free(buff); |
|||
if (in != NULL) BIO_free(in); |
|||
if (out != NULL) BIO_free_all(out); |
|||
if (benc != NULL) BIO_free(benc); |
|||
if (b64 != NULL) BIO_free(b64); |
|||
#ifdef ZLIB |
|||
if (bzl != NULL) BIO_free(bzl); |
|||
#endif |
|||
if(pass) OPENSSL_free(pass); |
|||
apps_shutdown(); |
|||
OPENSSL_EXIT(ret); |
|||
} |
|||
|
|||
int set_hex(char *in, unsigned char *out, int size) |
|||
{ |
|||
int i,n; |
|||
unsigned char j; |
|||
|
|||
n=strlen(in); |
|||
if (n > (size*2)) |
|||
{ |
|||
BIO_printf(bio_err,"hex string is too long\n"); |
|||
return(0); |
|||
} |
|||
memset(out,0,size); |
|||
for (i=0; i<n; i++) |
|||
{ |
|||
j=(unsigned char)*in; |
|||
*(in++)='\0'; |
|||
if (j == 0) break; |
|||
if ((j >= '0') && (j <= '9')) |
|||
j-='0'; |
|||
else if ((j >= 'A') && (j <= 'F')) |
|||
j=j-'A'+10; |
|||
else if ((j >= 'a') && (j <= 'f')) |
|||
j=j-'a'+10; |
|||
else |
|||
{ |
|||
BIO_printf(bio_err,"non-hex digit\n"); |
|||
return(0); |
|||
} |
|||
if (i&1) |
|||
out[i/2]|=j; |
|||
else |
|||
out[i/2]=(j<<4); |
|||
} |
|||
return(1); |
|||
} |
@ -0,0 +1,549 @@ |
|||
/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */ |
|||
/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
|
|||
* project 2000. |
|||
*/ |
|||
/* ====================================================================
|
|||
* Copyright (c) 2000 The OpenSSL Project. All rights reserved. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* |
|||
* 1. Redistributions of source code must retain the above copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in |
|||
* the documentation and/or other materials provided with the |
|||
* distribution. |
|||
* |
|||
* 3. All advertising materials mentioning features or use of this |
|||
* software must display the following acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
|
|||
* |
|||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|||
* endorse or promote products derived from this software without |
|||
* prior written permission. For written permission, please contact |
|||
* licensing@OpenSSL.org. |
|||
* |
|||
* 5. Products derived from this software may not be called "OpenSSL" |
|||
* nor may "OpenSSL" appear in their names without prior written |
|||
* permission of the OpenSSL Project. |
|||
* |
|||
* 6. Redistributions of any form whatsoever must retain the following |
|||
* acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
|
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|||
* OF THE POSSIBILITY OF SUCH DAMAGE. |
|||
* ==================================================================== |
|||
* |
|||
* This product includes cryptographic software written by Eric Young |
|||
* (eay@cryptsoft.com). This product includes software written by Tim |
|||
* Hudson (tjh@cryptsoft.com). |
|||
* |
|||
*/ |
|||
|
|||
|
|||
#include <stdio.h> |
|||
#include <stdlib.h> |
|||
#include <string.h> |
|||
#ifdef OPENSSL_NO_STDIO |
|||
#define APPS_WIN16 |
|||
#endif |
|||
#include "apps.h" |
|||
#include <openssl/err.h> |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
#include <openssl/engine.h> |
|||
#include <openssl/ssl.h> |
|||
|
|||
#undef PROG |
|||
#define PROG engine_main |
|||
|
|||
static const char *engine_usage[]={ |
|||
"usage: engine opts [engine ...]\n", |
|||
" -v[v[v[v]]] - verbose mode, for each engine, list its 'control commands'\n", |
|||
" -vv will additionally display each command's description\n", |
|||
" -vvv will also add the input flags for each command\n", |
|||
" -vvvv will also show internal input flags\n", |
|||
" -c - for each engine, also list the capabilities\n", |
|||
" -t[t] - for each engine, check that they are really available\n", |
|||
" -tt will display error trace for unavailable engines\n", |
|||
" -pre <cmd> - runs command 'cmd' against the ENGINE before any attempts\n", |
|||
" to load it (if -t is used)\n", |
|||
" -post <cmd> - runs command 'cmd' against the ENGINE after loading it\n", |
|||
" (only used if -t is also provided)\n", |
|||
" NB: -pre and -post will be applied to all ENGINEs supplied on the command\n", |
|||
" line, or all supported ENGINEs if none are specified.\n", |
|||
" Eg. '-pre \"SO_PATH:/lib/libdriver.so\"' calls command \"SO_PATH\" with\n", |
|||
" argument \"/lib/libdriver.so\".\n", |
|||
NULL |
|||
}; |
|||
|
|||
static void identity(char *ptr) |
|||
{ |
|||
return; |
|||
} |
|||
|
|||
static int append_buf(char **buf, const char *s, int *size, int step) |
|||
{ |
|||
int l = strlen(s); |
|||
|
|||
if (*buf == NULL) |
|||
{ |
|||
*size = step; |
|||
*buf = OPENSSL_malloc(*size); |
|||
if (*buf == NULL) |
|||
return 0; |
|||
**buf = '\0'; |
|||
} |
|||
|
|||
if (**buf != '\0') |
|||
l += 2; /* ", " */ |
|||
|
|||
if (strlen(*buf) + strlen(s) >= (unsigned int)*size) |
|||
{ |
|||
*size += step; |
|||
*buf = OPENSSL_realloc(*buf, *size); |
|||
} |
|||
|
|||
if (*buf == NULL) |
|||
return 0; |
|||
|
|||
if (**buf != '\0') |
|||
BUF_strlcat(*buf, ", ", *size); |
|||
BUF_strlcat(*buf, s, *size); |
|||
|
|||
return 1; |
|||
} |
|||
|
|||
static int util_flags(BIO *bio_out, unsigned int flags, const char *indent) |
|||
{ |
|||
int started = 0, err = 0; |
|||
/* Indent before displaying input flags */ |
|||
BIO_printf(bio_out, "%s%s(input flags): ", indent, indent); |
|||
if(flags == 0) |
|||
{ |
|||
BIO_printf(bio_out, "<no flags>\n"); |
|||
return 1; |
|||
} |
|||
/* If the object is internal, mark it in a way that shows instead of
|
|||
* having it part of all the other flags, even if it really is. */ |
|||
if(flags & ENGINE_CMD_FLAG_INTERNAL) |
|||
{ |
|||
BIO_printf(bio_out, "[Internal] "); |
|||
} |
|||
|
|||
if(flags & ENGINE_CMD_FLAG_NUMERIC) |
|||
{ |
|||
BIO_printf(bio_out, "NUMERIC"); |
|||
started = 1; |
|||
} |
|||
/* Now we check that no combinations of the mutually exclusive NUMERIC,
|
|||
* STRING, and NO_INPUT flags have been used. Future flags that can be |
|||
* OR'd together with these would need to added after these to preserve |
|||
* the testing logic. */ |
|||
if(flags & ENGINE_CMD_FLAG_STRING) |
|||
{ |
|||
if(started) |
|||
{ |
|||
BIO_printf(bio_out, "|"); |
|||
err = 1; |
|||
} |
|||
BIO_printf(bio_out, "STRING"); |
|||
started = 1; |
|||
} |
|||
if(flags & ENGINE_CMD_FLAG_NO_INPUT) |
|||
{ |
|||
if(started) |
|||
{ |
|||
BIO_printf(bio_out, "|"); |
|||
err = 1; |
|||
} |
|||
BIO_printf(bio_out, "NO_INPUT"); |
|||
started = 1; |
|||
} |
|||
/* Check for unknown flags */ |
|||
flags = flags & ~ENGINE_CMD_FLAG_NUMERIC & |
|||
~ENGINE_CMD_FLAG_STRING & |
|||
~ENGINE_CMD_FLAG_NO_INPUT & |
|||
~ENGINE_CMD_FLAG_INTERNAL; |
|||
if(flags) |
|||
{ |
|||
if(started) BIO_printf(bio_out, "|"); |
|||
BIO_printf(bio_out, "<0x%04X>", flags); |
|||
} |
|||
if(err) |
|||
BIO_printf(bio_out, " <illegal flags!>"); |
|||
BIO_printf(bio_out, "\n"); |
|||
return 1; |
|||
} |
|||
|
|||
static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent) |
|||
{ |
|||
static const int line_wrap = 78; |
|||
int num; |
|||
int ret = 0; |
|||
char *name = NULL; |
|||
char *desc = NULL; |
|||
int flags; |
|||
int xpos = 0; |
|||
STACK_OF(OPENSSL_STRING) *cmds = NULL; |
|||
if(!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) || |
|||
((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE, |
|||
0, NULL, NULL)) <= 0)) |
|||
{ |
|||
#if 0 |
|||
BIO_printf(bio_out, "%s<no control commands>\n", indent); |
|||
#endif |
|||
return 1; |
|||
} |
|||
|
|||
cmds = sk_OPENSSL_STRING_new_null(); |
|||
|
|||
if(!cmds) |
|||
goto err; |
|||
do { |
|||
int len; |
|||
/* Get the command input flags */ |
|||
if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, |
|||
NULL, NULL)) < 0) |
|||
goto err; |
|||
if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4) |
|||
{ |
|||
/* Get the command name */ |
|||
if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num, |
|||
NULL, NULL)) <= 0) |
|||
goto err; |
|||
if((name = OPENSSL_malloc(len + 1)) == NULL) |
|||
goto err; |
|||
if(ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name, |
|||
NULL) <= 0) |
|||
goto err; |
|||
/* Get the command description */ |
|||
if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num, |
|||
NULL, NULL)) < 0) |
|||
goto err; |
|||
if(len > 0) |
|||
{ |
|||
if((desc = OPENSSL_malloc(len + 1)) == NULL) |
|||
goto err; |
|||
if(ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc, |
|||
NULL) <= 0) |
|||
goto err; |
|||
} |
|||
/* Now decide on the output */ |
|||
if(xpos == 0) |
|||
/* Do an indent */ |
|||
xpos = BIO_puts(bio_out, indent); |
|||
else |
|||
/* Otherwise prepend a ", " */ |
|||
xpos += BIO_printf(bio_out, ", "); |
|||
if(verbose == 1) |
|||
{ |
|||
/* We're just listing names, comma-delimited */ |
|||
if((xpos > (int)strlen(indent)) && |
|||
(xpos + (int)strlen(name) > line_wrap)) |
|||
{ |
|||
BIO_printf(bio_out, "\n"); |
|||
xpos = BIO_puts(bio_out, indent); |
|||
} |
|||
xpos += BIO_printf(bio_out, "%s", name); |
|||
} |
|||
else |
|||
{ |
|||
/* We're listing names plus descriptions */ |
|||
BIO_printf(bio_out, "%s: %s\n", name, |
|||
(desc == NULL) ? "<no description>" : desc); |
|||
/* ... and sometimes input flags */ |
|||
if((verbose >= 3) && !util_flags(bio_out, flags, |
|||
indent)) |
|||
goto err; |
|||
xpos = 0; |
|||
} |
|||
} |
|||
OPENSSL_free(name); name = NULL; |
|||
if(desc) { OPENSSL_free(desc); desc = NULL; } |
|||
/* Move to the next command */ |
|||
num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE, |
|||
num, NULL, NULL); |
|||
} while(num > 0); |
|||
if(xpos > 0) |
|||
BIO_printf(bio_out, "\n"); |
|||
ret = 1; |
|||
err: |
|||
if(cmds) sk_OPENSSL_STRING_pop_free(cmds, identity); |
|||
if(name) OPENSSL_free(name); |
|||
if(desc) OPENSSL_free(desc); |
|||
return ret; |
|||
} |
|||
|
|||
static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds, |
|||
BIO *bio_out, const char *indent) |
|||
{ |
|||
int loop, res, num = sk_OPENSSL_STRING_num(cmds); |
|||
|
|||
if(num < 0) |
|||
{ |
|||
BIO_printf(bio_out, "[Error]: internal stack error\n"); |
|||
return; |
|||
} |
|||
for(loop = 0; loop < num; loop++) |
|||
{ |
|||
char buf[256]; |
|||
const char *cmd, *arg; |
|||
cmd = sk_OPENSSL_STRING_value(cmds, loop); |
|||
res = 1; /* assume success */ |
|||
/* Check if this command has no ":arg" */ |
|||
if((arg = strstr(cmd, ":")) == NULL) |
|||
{ |
|||
if(!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0)) |
|||
res = 0; |
|||
} |
|||
else |
|||
{ |
|||
if((int)(arg - cmd) > 254) |
|||
{ |
|||
BIO_printf(bio_out,"[Error]: command name too long\n"); |
|||
return; |
|||
} |
|||
memcpy(buf, cmd, (int)(arg - cmd)); |
|||
buf[arg-cmd] = '\0'; |
|||
arg++; /* Move past the ":" */ |
|||
/* Call the command with the argument */ |
|||
if(!ENGINE_ctrl_cmd_string(e, buf, arg, 0)) |
|||
res = 0; |
|||
} |
|||
if(res) |
|||
BIO_printf(bio_out, "[Success]: %s\n", cmd); |
|||
else |
|||
{ |
|||
BIO_printf(bio_out, "[Failure]: %s\n", cmd); |
|||
ERR_print_errors(bio_out); |
|||
} |
|||
} |
|||
} |
|||
|
|||
int MAIN(int, char **); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
int ret=1,i; |
|||
const char **pp; |
|||
int verbose=0, list_cap=0, test_avail=0, test_avail_noise = 0; |
|||
ENGINE *e; |
|||
STACK_OF(OPENSSL_STRING) *engines = sk_OPENSSL_STRING_new_null(); |
|||
STACK_OF(OPENSSL_STRING) *pre_cmds = sk_OPENSSL_STRING_new_null(); |
|||
STACK_OF(OPENSSL_STRING) *post_cmds = sk_OPENSSL_STRING_new_null(); |
|||
int badops=1; |
|||
BIO *bio_out=NULL; |
|||
const char *indent = " "; |
|||
|
|||
apps_startup(); |
|||
SSL_load_error_strings(); |
|||
|
|||
if (bio_err == NULL) |
|||
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); |
|||
|
|||
if (!load_config(bio_err, NULL)) |
|||
goto end; |
|||
bio_out=BIO_new_fp(stdout,BIO_NOCLOSE); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
bio_out = BIO_push(tmpbio, bio_out); |
|||
} |
|||
#endif |
|||
|
|||
argc--; |
|||
argv++; |
|||
while (argc >= 1) |
|||
{ |
|||
if (strncmp(*argv,"-v",2) == 0) |
|||
{ |
|||
if(strspn(*argv + 1, "v") < strlen(*argv + 1)) |
|||
goto skip_arg_loop; |
|||
if((verbose=strlen(*argv + 1)) > 4) |
|||
goto skip_arg_loop; |
|||
} |
|||
else if (strcmp(*argv,"-c") == 0) |
|||
list_cap=1; |
|||
else if (strncmp(*argv,"-t",2) == 0) |
|||
{ |
|||
test_avail=1; |
|||
if(strspn(*argv + 1, "t") < strlen(*argv + 1)) |
|||
goto skip_arg_loop; |
|||
if((test_avail_noise = strlen(*argv + 1) - 1) > 1) |
|||
goto skip_arg_loop; |
|||
} |
|||
else if (strcmp(*argv,"-pre") == 0) |
|||
{ |
|||
argc--; argv++; |
|||
if (argc == 0) |
|||
goto skip_arg_loop; |
|||
sk_OPENSSL_STRING_push(pre_cmds,*argv); |
|||
} |
|||
else if (strcmp(*argv,"-post") == 0) |
|||
{ |
|||
argc--; argv++; |
|||
if (argc == 0) |
|||
goto skip_arg_loop; |
|||
sk_OPENSSL_STRING_push(post_cmds,*argv); |
|||
} |
|||
else if ((strncmp(*argv,"-h",2) == 0) || |
|||
(strcmp(*argv,"-?") == 0)) |
|||
goto skip_arg_loop; |
|||
else |
|||
sk_OPENSSL_STRING_push(engines,*argv); |
|||
argc--; |
|||
argv++; |
|||
} |
|||
/* Looks like everything went OK */ |
|||
badops = 0; |
|||
skip_arg_loop: |
|||
|
|||
if (badops) |
|||
{ |
|||
for (pp=engine_usage; (*pp != NULL); pp++) |
|||
BIO_printf(bio_err,"%s",*pp); |
|||
goto end; |
|||
} |
|||
|
|||
if (sk_OPENSSL_STRING_num(engines) == 0) |
|||
{ |
|||
for(e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) |
|||
{ |
|||
sk_OPENSSL_STRING_push(engines,(char *)ENGINE_get_id(e)); |
|||
} |
|||
} |
|||
|
|||
for (i=0; i<sk_OPENSSL_STRING_num(engines); i++) |
|||
{ |
|||
const char *id = sk_OPENSSL_STRING_value(engines,i); |
|||
if ((e = ENGINE_by_id(id)) != NULL) |
|||
{ |
|||
const char *name = ENGINE_get_name(e); |
|||
/* Do "id" first, then "name". Easier to auto-parse. */ |
|||
BIO_printf(bio_out, "(%s) %s\n", id, name); |
|||
util_do_cmds(e, pre_cmds, bio_out, indent); |
|||
if (strcmp(ENGINE_get_id(e), id) != 0) |
|||
{ |
|||
BIO_printf(bio_out, "Loaded: (%s) %s\n", |
|||
ENGINE_get_id(e), ENGINE_get_name(e)); |
|||
} |
|||
if (list_cap) |
|||
{ |
|||
int cap_size = 256; |
|||
char *cap_buf = NULL; |
|||
int k,n; |
|||
const int *nids; |
|||
ENGINE_CIPHERS_PTR fn_c; |
|||
ENGINE_DIGESTS_PTR fn_d; |
|||
ENGINE_PKEY_METHS_PTR fn_pk; |
|||
|
|||
if (ENGINE_get_RSA(e) != NULL |
|||
&& !append_buf(&cap_buf, "RSA", |
|||
&cap_size, 256)) |
|||
goto end; |
|||
if (ENGINE_get_DSA(e) != NULL |
|||
&& !append_buf(&cap_buf, "DSA", |
|||
&cap_size, 256)) |
|||
goto end; |
|||
if (ENGINE_get_DH(e) != NULL |
|||
&& !append_buf(&cap_buf, "DH", |
|||
&cap_size, 256)) |
|||
goto end; |
|||
if (ENGINE_get_RAND(e) != NULL |
|||
&& !append_buf(&cap_buf, "RAND", |
|||
&cap_size, 256)) |
|||
goto end; |
|||
|
|||
fn_c = ENGINE_get_ciphers(e); |
|||
if(!fn_c) goto skip_ciphers; |
|||
n = fn_c(e, NULL, &nids, 0); |
|||
for(k=0 ; k < n ; ++k) |
|||
if(!append_buf(&cap_buf, |
|||
OBJ_nid2sn(nids[k]), |
|||
&cap_size, 256)) |
|||
goto end; |
|||
|
|||
skip_ciphers: |
|||
fn_d = ENGINE_get_digests(e); |
|||
if(!fn_d) goto skip_digests; |
|||
n = fn_d(e, NULL, &nids, 0); |
|||
for(k=0 ; k < n ; ++k) |
|||
if(!append_buf(&cap_buf, |
|||
OBJ_nid2sn(nids[k]), |
|||
&cap_size, 256)) |
|||
goto end; |
|||
|
|||
skip_digests: |
|||
fn_pk = ENGINE_get_pkey_meths(e); |
|||
if(!fn_pk) goto skip_pmeths; |
|||
n = fn_pk(e, NULL, &nids, 0); |
|||
for(k=0 ; k < n ; ++k) |
|||
if(!append_buf(&cap_buf, |
|||
OBJ_nid2sn(nids[k]), |
|||
&cap_size, 256)) |
|||
goto end; |
|||
skip_pmeths: |
|||
if (cap_buf && (*cap_buf != '\0')) |
|||
BIO_printf(bio_out, " [%s]\n", cap_buf); |
|||
|
|||
OPENSSL_free(cap_buf); |
|||
} |
|||
if(test_avail) |
|||
{ |
|||
BIO_printf(bio_out, "%s", indent); |
|||
if (ENGINE_init(e)) |
|||
{ |
|||
BIO_printf(bio_out, "[ available ]\n"); |
|||
util_do_cmds(e, post_cmds, bio_out, indent); |
|||
ENGINE_finish(e); |
|||
} |
|||
else |
|||
{ |
|||
BIO_printf(bio_out, "[ unavailable ]\n"); |
|||
if(test_avail_noise) |
|||
ERR_print_errors_fp(stdout); |
|||
ERR_clear_error(); |
|||
} |
|||
} |
|||
if((verbose > 0) && !util_verbose(e, verbose, bio_out, indent)) |
|||
goto end; |
|||
ENGINE_free(e); |
|||
} |
|||
else |
|||
ERR_print_errors(bio_err); |
|||
} |
|||
|
|||
ret=0; |
|||
end: |
|||
|
|||
ERR_print_errors(bio_err); |
|||
sk_OPENSSL_STRING_pop_free(engines, identity); |
|||
sk_OPENSSL_STRING_pop_free(pre_cmds, identity); |
|||
sk_OPENSSL_STRING_pop_free(post_cmds, identity); |
|||
if (bio_out != NULL) BIO_free_all(bio_out); |
|||
apps_shutdown(); |
|||
OPENSSL_EXIT(ret); |
|||
} |
|||
#else |
|||
|
|||
# if PEDANTIC |
|||
static void *dummy=&dummy; |
|||
# endif |
|||
|
|||
#endif |
@ -0,0 +1,128 @@ |
|||
/* apps/errstr.c */ |
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
|||
* All rights reserved. |
|||
* |
|||
* This package is an SSL implementation written |
|||
* by Eric Young (eay@cryptsoft.com). |
|||
* The implementation was written so as to conform with Netscapes SSL. |
|||
* |
|||
* This library is free for commercial and non-commercial use as long as |
|||
* the following conditions are aheared to. The following conditions |
|||
* apply to all code found in this distribution, be it the RC4, RSA, |
|||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
|||
* included with this distribution is covered by the same copyright terms |
|||
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
|||
* |
|||
* Copyright remains Eric Young's, and as such any Copyright notices in |
|||
* the code are not to be removed. |
|||
* If this package is used in a product, Eric Young should be given attribution |
|||
* as the author of the parts of the library used. |
|||
* This can be in the form of a textual message at program startup or |
|||
* in documentation (online or textual) provided with the package. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* 1. Redistributions of source code must retain the copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in the |
|||
* documentation and/or other materials provided with the distribution. |
|||
* 3. All advertising materials mentioning features or use of this software |
|||
* must display the following acknowledgement: |
|||
* "This product includes cryptographic software written by |
|||
* Eric Young (eay@cryptsoft.com)" |
|||
* The word 'cryptographic' can be left out if the rouines from the library |
|||
* being used are not cryptographic related :-). |
|||
* 4. If you include any Windows specific code (or a derivative thereof) from |
|||
* the apps directory (application code) you must include an acknowledgement: |
|||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|||
* SUCH DAMAGE. |
|||
* |
|||
* The licence and distribution terms for any publically available version or |
|||
* derivative of this code cannot be changed. i.e. this code cannot simply be |
|||
* copied and put under another distribution licence |
|||
* [including the GNU Public Licence.] |
|||
*/ |
|||
|
|||
#include <stdio.h> |
|||
#include <stdlib.h> |
|||
#include <string.h> |
|||
#include "apps.h" |
|||
#include <openssl/bio.h> |
|||
#include <openssl/lhash.h> |
|||
#include <openssl/err.h> |
|||
#include <openssl/ssl.h> |
|||
|
|||
#undef PROG |
|||
#define PROG errstr_main |
|||
|
|||
int MAIN(int, char **); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
int i,ret=0; |
|||
char buf[256]; |
|||
unsigned long l; |
|||
|
|||
apps_startup(); |
|||
|
|||
if (bio_err == NULL) |
|||
if ((bio_err=BIO_new(BIO_s_file())) != NULL) |
|||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); |
|||
|
|||
SSL_load_error_strings(); |
|||
|
|||
if ((argc > 1) && (strcmp(argv[1],"-stats") == 0)) |
|||
{ |
|||
BIO *out=NULL; |
|||
|
|||
out=BIO_new(BIO_s_file()); |
|||
if ((out != NULL) && BIO_set_fp(out,stdout,BIO_NOCLOSE)) |
|||
{ |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
out = BIO_push(tmpbio, out); |
|||
} |
|||
#endif |
|||
lh_ERR_STRING_DATA_node_stats_bio( |
|||
ERR_get_string_table(), out); |
|||
lh_ERR_STRING_DATA_stats_bio(ERR_get_string_table(), |
|||
out); |
|||
lh_ERR_STRING_DATA_node_usage_stats_bio( |
|||
ERR_get_string_table(),out); |
|||
} |
|||
if (out != NULL) BIO_free_all(out); |
|||
argc--; |
|||
argv++; |
|||
} |
|||
|
|||
for (i=1; i<argc; i++) |
|||
{ |
|||
if (sscanf(argv[i],"%lx",&l)) |
|||
{ |
|||
ERR_error_string_n(l, buf, sizeof buf); |
|||
printf("%s\n",buf); |
|||
} |
|||
else |
|||
{ |
|||
printf("%s: bad error code\n",argv[i]); |
|||
printf("usage: errstr [-stats] <errno> ...\n"); |
|||
ret++; |
|||
} |
|||
} |
|||
apps_shutdown(); |
|||
OPENSSL_EXIT(ret); |
|||
} |
@ -0,0 +1,241 @@ |
|||
/* apps/gendh.c */ |
|||
/* obsoleted by dhparam.c */ |
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
|||
* All rights reserved. |
|||
* |
|||
* This package is an SSL implementation written |
|||
* by Eric Young (eay@cryptsoft.com). |
|||
* The implementation was written so as to conform with Netscapes SSL. |
|||
* |
|||
* This library is free for commercial and non-commercial use as long as |
|||
* the following conditions are aheared to. The following conditions |
|||
* apply to all code found in this distribution, be it the RC4, RSA, |
|||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
|||
* included with this distribution is covered by the same copyright terms |
|||
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
|||
* |
|||
* Copyright remains Eric Young's, and as such any Copyright notices in |
|||
* the code are not to be removed. |
|||
* If this package is used in a product, Eric Young should be given attribution |
|||
* as the author of the parts of the library used. |
|||
* This can be in the form of a textual message at program startup or |
|||
* in documentation (online or textual) provided with the package. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* 1. Redistributions of source code must retain the copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in the |
|||
* documentation and/or other materials provided with the distribution. |
|||
* 3. All advertising materials mentioning features or use of this software |
|||
* must display the following acknowledgement: |
|||
* "This product includes cryptographic software written by |
|||
* Eric Young (eay@cryptsoft.com)" |
|||
* The word 'cryptographic' can be left out if the rouines from the library |
|||
* being used are not cryptographic related :-). |
|||
* 4. If you include any Windows specific code (or a derivative thereof) from |
|||
* the apps directory (application code) you must include an acknowledgement: |
|||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|||
* SUCH DAMAGE. |
|||
* |
|||
* The licence and distribution terms for any publically available version or |
|||
* derivative of this code cannot be changed. i.e. this code cannot simply be |
|||
* copied and put under another distribution licence |
|||
* [including the GNU Public Licence.] |
|||
*/ |
|||
|
|||
#include <openssl/opensslconf.h> |
|||
/* Until the key-gen callbacks are modified to use newer prototypes, we allow
|
|||
* deprecated functions for openssl-internal code */ |
|||
#ifdef OPENSSL_NO_DEPRECATED |
|||
#undef OPENSSL_NO_DEPRECATED |
|||
#endif |
|||
|
|||
#ifndef OPENSSL_NO_DH |
|||
#include <stdio.h> |
|||
#include <string.h> |
|||
#include <sys/types.h> |
|||
#include <sys/stat.h> |
|||
#include "apps.h" |
|||
#include <openssl/bio.h> |
|||
#include <openssl/rand.h> |
|||
#include <openssl/err.h> |
|||
#include <openssl/bn.h> |
|||
#include <openssl/dh.h> |
|||
#include <openssl/x509.h> |
|||
#include <openssl/pem.h> |
|||
|
|||
#define DEFBITS 512 |
|||
#undef PROG |
|||
#define PROG gendh_main |
|||
|
|||
static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb); |
|||
|
|||
int MAIN(int, char **); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
BN_GENCB cb; |
|||
DH *dh=NULL; |
|||
int ret=1,num=DEFBITS; |
|||
int g=2; |
|||
char *outfile=NULL; |
|||
char *inrand=NULL; |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
char *engine=NULL; |
|||
#endif |
|||
BIO *out=NULL; |
|||
|
|||
apps_startup(); |
|||
|
|||
BN_GENCB_set(&cb, dh_cb, bio_err); |
|||
if (bio_err == NULL) |
|||
if ((bio_err=BIO_new(BIO_s_file())) != NULL) |
|||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); |
|||
|
|||
if (!load_config(bio_err, NULL)) |
|||
goto end; |
|||
|
|||
argv++; |
|||
argc--; |
|||
for (;;) |
|||
{ |
|||
if (argc <= 0) break; |
|||
if (strcmp(*argv,"-out") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
outfile= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-2") == 0) |
|||
g=2; |
|||
/* else if (strcmp(*argv,"-3") == 0)
|
|||
g=3; */ |
|||
else if (strcmp(*argv,"-5") == 0) |
|||
g=5; |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
else if (strcmp(*argv,"-engine") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
engine= *(++argv); |
|||
} |
|||
#endif |
|||
else if (strcmp(*argv,"-rand") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
inrand= *(++argv); |
|||
} |
|||
else |
|||
break; |
|||
argv++; |
|||
argc--; |
|||
} |
|||
if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0))) |
|||
{ |
|||
bad: |
|||
BIO_printf(bio_err,"usage: gendh [args] [numbits]\n"); |
|||
BIO_printf(bio_err," -out file - output the key to 'file\n"); |
|||
BIO_printf(bio_err," -2 - use 2 as the generator value\n"); |
|||
/* BIO_printf(bio_err," -3 - use 3 as the generator value\n"); */ |
|||
BIO_printf(bio_err," -5 - use 5 as the generator value\n"); |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n"); |
|||
#endif |
|||
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); |
|||
BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); |
|||
BIO_printf(bio_err," the random number generator\n"); |
|||
goto end; |
|||
} |
|||
|
|||
#ifndef OPENSSL_NO_ENGINE |
|||
setup_engine(bio_err, engine, 0); |
|||
#endif |
|||
|
|||
out=BIO_new(BIO_s_file()); |
|||
if (out == NULL) |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
if (outfile == NULL) |
|||
{ |
|||
BIO_set_fp(out,stdout,BIO_NOCLOSE); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
out = BIO_push(tmpbio, out); |
|||
} |
|||
#endif |
|||
} |
|||
else |
|||
{ |
|||
if (BIO_write_filename(out,outfile) <= 0) |
|||
{ |
|||
perror(outfile); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) |
|||
{ |
|||
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); |
|||
} |
|||
if (inrand != NULL) |
|||
BIO_printf(bio_err,"%ld semi-random bytes loaded\n", |
|||
app_RAND_load_files(inrand)); |
|||
|
|||
BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g); |
|||
BIO_printf(bio_err,"This is going to take a long time\n"); |
|||
|
|||
if(((dh = DH_new()) == NULL) || !DH_generate_parameters_ex(dh, num, g, &cb)) |
|||
goto end; |
|||
|
|||
app_RAND_write_file(NULL, bio_err); |
|||
|
|||
if (!PEM_write_bio_DHparams(out,dh)) |
|||
goto end; |
|||
ret=0; |
|||
end: |
|||
if (ret != 0) |
|||
ERR_print_errors(bio_err); |
|||
if (out != NULL) BIO_free_all(out); |
|||
if (dh != NULL) DH_free(dh); |
|||
apps_shutdown(); |
|||
OPENSSL_EXIT(ret); |
|||
} |
|||
|
|||
static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb) |
|||
{ |
|||
char c='*'; |
|||
|
|||
if (p == 0) c='.'; |
|||
if (p == 1) c='+'; |
|||
if (p == 2) c='*'; |
|||
if (p == 3) c='\n'; |
|||
BIO_write(cb->arg,&c,1); |
|||
(void)BIO_flush(cb->arg); |
|||
#ifdef LINT |
|||
p=n; |
|||
#endif |
|||
return 1; |
|||
} |
|||
#else /* !OPENSSL_NO_DH */ |
|||
|
|||
# if PEDANTIC |
|||
static void *dummy=&dummy; |
|||
# endif |
|||
|
|||
#endif |
@ -0,0 +1,285 @@ |
|||
/* apps/gendsa.c */ |
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
|||
* All rights reserved. |
|||
* |
|||
* This package is an SSL implementation written |
|||
* by Eric Young (eay@cryptsoft.com). |
|||
* The implementation was written so as to conform with Netscapes SSL. |
|||
* |
|||
* This library is free for commercial and non-commercial use as long as |
|||
* the following conditions are aheared to. The following conditions |
|||
* apply to all code found in this distribution, be it the RC4, RSA, |
|||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
|||
* included with this distribution is covered by the same copyright terms |
|||
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
|||
* |
|||
* Copyright remains Eric Young's, and as such any Copyright notices in |
|||
* the code are not to be removed. |
|||
* If this package is used in a product, Eric Young should be given attribution |
|||
* as the author of the parts of the library used. |
|||
* This can be in the form of a textual message at program startup or |
|||
* in documentation (online or textual) provided with the package. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* 1. Redistributions of source code must retain the copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in the |
|||
* documentation and/or other materials provided with the distribution. |
|||
* 3. All advertising materials mentioning features or use of this software |
|||
* must display the following acknowledgement: |
|||
* "This product includes cryptographic software written by |
|||
* Eric Young (eay@cryptsoft.com)" |
|||
* The word 'cryptographic' can be left out if the rouines from the library |
|||
* being used are not cryptographic related :-). |
|||
* 4. If you include any Windows specific code (or a derivative thereof) from |
|||
* the apps directory (application code) you must include an acknowledgement: |
|||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|||
* SUCH DAMAGE. |
|||
* |
|||
* The licence and distribution terms for any publically available version or |
|||
* derivative of this code cannot be changed. i.e. this code cannot simply be |
|||
* copied and put under another distribution licence |
|||
* [including the GNU Public Licence.] |
|||
*/ |
|||
|
|||
#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */ |
|||
#ifndef OPENSSL_NO_DSA |
|||
#include <stdio.h> |
|||
#include <string.h> |
|||
#include <sys/types.h> |
|||
#include <sys/stat.h> |
|||
#include "apps.h" |
|||
#include <openssl/bio.h> |
|||
#include <openssl/err.h> |
|||
#include <openssl/bn.h> |
|||
#include <openssl/dsa.h> |
|||
#include <openssl/x509.h> |
|||
#include <openssl/pem.h> |
|||
|
|||
#define DEFBITS 512 |
|||
#undef PROG |
|||
#define PROG gendsa_main |
|||
|
|||
int MAIN(int, char **); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
DSA *dsa=NULL; |
|||
int ret=1; |
|||
char *outfile=NULL; |
|||
char *inrand=NULL,*dsaparams=NULL; |
|||
char *passargout = NULL, *passout = NULL; |
|||
BIO *out=NULL,*in=NULL; |
|||
const EVP_CIPHER *enc=NULL; |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
char *engine=NULL; |
|||
#endif |
|||
|
|||
apps_startup(); |
|||
|
|||
if (bio_err == NULL) |
|||
if ((bio_err=BIO_new(BIO_s_file())) != NULL) |
|||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); |
|||
|
|||
if (!load_config(bio_err, NULL)) |
|||
goto end; |
|||
|
|||
argv++; |
|||
argc--; |
|||
for (;;) |
|||
{ |
|||
if (argc <= 0) break; |
|||
if (strcmp(*argv,"-out") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
outfile= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-passout") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
passargout= *(++argv); |
|||
} |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
else if (strcmp(*argv,"-engine") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
engine= *(++argv); |
|||
} |
|||
#endif |
|||
else if (strcmp(*argv,"-rand") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
inrand= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-") == 0) |
|||
goto bad; |
|||
#ifndef OPENSSL_NO_DES |
|||
else if (strcmp(*argv,"-des") == 0) |
|||
enc=EVP_des_cbc(); |
|||
else if (strcmp(*argv,"-des3") == 0) |
|||
enc=EVP_des_ede3_cbc(); |
|||
#endif |
|||
#ifndef OPENSSL_NO_IDEA |
|||
else if (strcmp(*argv,"-idea") == 0) |
|||
enc=EVP_idea_cbc(); |
|||
#endif |
|||
#ifndef OPENSSL_NO_SEED |
|||
else if (strcmp(*argv,"-seed") == 0) |
|||
enc=EVP_seed_cbc(); |
|||
#endif |
|||
#ifndef OPENSSL_NO_AES |
|||
else if (strcmp(*argv,"-aes128") == 0) |
|||
enc=EVP_aes_128_cbc(); |
|||
else if (strcmp(*argv,"-aes192") == 0) |
|||
enc=EVP_aes_192_cbc(); |
|||
else if (strcmp(*argv,"-aes256") == 0) |
|||
enc=EVP_aes_256_cbc(); |
|||
#endif |
|||
#ifndef OPENSSL_NO_CAMELLIA |
|||
else if (strcmp(*argv,"-camellia128") == 0) |
|||
enc=EVP_camellia_128_cbc(); |
|||
else if (strcmp(*argv,"-camellia192") == 0) |
|||
enc=EVP_camellia_192_cbc(); |
|||
else if (strcmp(*argv,"-camellia256") == 0) |
|||
enc=EVP_camellia_256_cbc(); |
|||
#endif |
|||
else if (**argv != '-' && dsaparams == NULL) |
|||
{ |
|||
dsaparams = *argv; |
|||
} |
|||
else |
|||
goto bad; |
|||
argv++; |
|||
argc--; |
|||
} |
|||
|
|||
if (dsaparams == NULL) |
|||
{ |
|||
bad: |
|||
BIO_printf(bio_err,"usage: gendsa [args] dsaparam-file\n"); |
|||
BIO_printf(bio_err," -out file - output the key to 'file'\n"); |
|||
#ifndef OPENSSL_NO_DES |
|||
BIO_printf(bio_err," -des - encrypt the generated key with DES in cbc mode\n"); |
|||
BIO_printf(bio_err," -des3 - encrypt the generated key with DES in ede cbc mode (168 bit key)\n"); |
|||
#endif |
|||
#ifndef OPENSSL_NO_IDEA |
|||
BIO_printf(bio_err," -idea - encrypt the generated key with IDEA in cbc mode\n"); |
|||
#endif |
|||
#ifndef OPENSSL_NO_SEED |
|||
BIO_printf(bio_err," -seed\n"); |
|||
BIO_printf(bio_err," encrypt PEM output with cbc seed\n"); |
|||
#endif |
|||
#ifndef OPENSSL_NO_AES |
|||
BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); |
|||
BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); |
|||
#endif |
|||
#ifndef OPENSSL_NO_CAMELLIA |
|||
BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n"); |
|||
BIO_printf(bio_err," encrypt PEM output with cbc camellia\n"); |
|||
#endif |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n"); |
|||
#endif |
|||
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); |
|||
BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); |
|||
BIO_printf(bio_err," the random number generator\n"); |
|||
BIO_printf(bio_err," dsaparam-file\n"); |
|||
BIO_printf(bio_err," - a DSA parameter file as generated by the dsaparam command\n"); |
|||
goto end; |
|||
} |
|||
|
|||
#ifndef OPENSSL_NO_ENGINE |
|||
setup_engine(bio_err, engine, 0); |
|||
#endif |
|||
|
|||
if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) { |
|||
BIO_printf(bio_err, "Error getting password\n"); |
|||
goto end; |
|||
} |
|||
|
|||
|
|||
in=BIO_new(BIO_s_file()); |
|||
if (!(BIO_read_filename(in,dsaparams))) |
|||
{ |
|||
perror(dsaparams); |
|||
goto end; |
|||
} |
|||
|
|||
if ((dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL)) == NULL) |
|||
{ |
|||
BIO_printf(bio_err,"unable to load DSA parameter file\n"); |
|||
goto end; |
|||
} |
|||
BIO_free(in); |
|||
in = NULL; |
|||
|
|||
out=BIO_new(BIO_s_file()); |
|||
if (out == NULL) goto end; |
|||
|
|||
if (outfile == NULL) |
|||
{ |
|||
BIO_set_fp(out,stdout,BIO_NOCLOSE); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
out = BIO_push(tmpbio, out); |
|||
} |
|||
#endif |
|||
} |
|||
else |
|||
{ |
|||
if (BIO_write_filename(out,outfile) <= 0) |
|||
{ |
|||
perror(outfile); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) |
|||
{ |
|||
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); |
|||
} |
|||
if (inrand != NULL) |
|||
BIO_printf(bio_err,"%ld semi-random bytes loaded\n", |
|||
app_RAND_load_files(inrand)); |
|||
|
|||
BIO_printf(bio_err,"Generating DSA key, %d bits\n", |
|||
BN_num_bits(dsa->p)); |
|||
if (!DSA_generate_key(dsa)) goto end; |
|||
|
|||
app_RAND_write_file(NULL, bio_err); |
|||
|
|||
if (!PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL, passout)) |
|||
goto end; |
|||
ret=0; |
|||
end: |
|||
if (ret != 0) |
|||
ERR_print_errors(bio_err); |
|||
if (in != NULL) BIO_free(in); |
|||
if (out != NULL) BIO_free_all(out); |
|||
if (dsa != NULL) DSA_free(dsa); |
|||
if(passout) OPENSSL_free(passout); |
|||
apps_shutdown(); |
|||
OPENSSL_EXIT(ret); |
|||
} |
|||
#else /* !OPENSSL_NO_DSA */ |
|||
|
|||
# if PEDANTIC |
|||
static void *dummy=&dummy; |
|||
# endif |
|||
|
|||
#endif |
@ -0,0 +1,440 @@ |
|||
/* apps/genpkey.c */ |
|||
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
|
|||
* project 2006 |
|||
*/ |
|||
/* ====================================================================
|
|||
* Copyright (c) 2006 The OpenSSL Project. All rights reserved. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* |
|||
* 1. Redistributions of source code must retain the above copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in |
|||
* the documentation and/or other materials provided with the |
|||
* distribution. |
|||
* |
|||
* 3. All advertising materials mentioning features or use of this |
|||
* software must display the following acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
|
|||
* |
|||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|||
* endorse or promote products derived from this software without |
|||
* prior written permission. For written permission, please contact |
|||
* licensing@OpenSSL.org. |
|||
* |
|||
* 5. Products derived from this software may not be called "OpenSSL" |
|||
* nor may "OpenSSL" appear in their names without prior written |
|||
* permission of the OpenSSL Project. |
|||
* |
|||
* 6. Redistributions of any form whatsoever must retain the following |
|||
* acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
|
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|||
* OF THE POSSIBILITY OF SUCH DAMAGE. |
|||
* ==================================================================== |
|||
* |
|||
* This product includes cryptographic software written by Eric Young |
|||
* (eay@cryptsoft.com). This product includes software written by Tim |
|||
* Hudson (tjh@cryptsoft.com). |
|||
* |
|||
*/ |
|||
#include <stdio.h> |
|||
#include <string.h> |
|||
#include "apps.h" |
|||
#include <openssl/pem.h> |
|||
#include <openssl/err.h> |
|||
#include <openssl/evp.h> |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
#include <openssl/engine.h> |
|||
#endif |
|||
|
|||
static int init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx, |
|||
const char *file, ENGINE *e); |
|||
static int genpkey_cb(EVP_PKEY_CTX *ctx); |
|||
|
|||
#define PROG genpkey_main |
|||
|
|||
int MAIN(int, char **); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
ENGINE *e = NULL; |
|||
char **args, *outfile = NULL; |
|||
char *passarg = NULL; |
|||
BIO *in = NULL, *out = NULL; |
|||
const EVP_CIPHER *cipher = NULL; |
|||
int outformat; |
|||
int text = 0; |
|||
EVP_PKEY *pkey=NULL; |
|||
EVP_PKEY_CTX *ctx = NULL; |
|||
char *pass = NULL; |
|||
int badarg = 0; |
|||
int ret = 1, rv; |
|||
|
|||
int do_param = 0; |
|||
|
|||
if (bio_err == NULL) |
|||
bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); |
|||
|
|||
if (!load_config(bio_err, NULL)) |
|||
goto end; |
|||
|
|||
outformat=FORMAT_PEM; |
|||
|
|||
ERR_load_crypto_strings(); |
|||
OpenSSL_add_all_algorithms(); |
|||
args = argv + 1; |
|||
while (!badarg && *args && *args[0] == '-') |
|||
{ |
|||
if (!strcmp(*args,"-outform")) |
|||
{ |
|||
if (args[1]) |
|||
{ |
|||
args++; |
|||
outformat=str2fmt(*args); |
|||
} |
|||
else badarg = 1; |
|||
} |
|||
else if (!strcmp(*args,"-pass")) |
|||
{ |
|||
if (!args[1]) goto bad; |
|||
passarg= *(++args); |
|||
} |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
else if (strcmp(*args,"-engine") == 0) |
|||
{ |
|||
if (!args[1]) |
|||
goto bad; |
|||
e = setup_engine(bio_err, *(++args), 0); |
|||
} |
|||
#endif |
|||
else if (!strcmp (*args, "-paramfile")) |
|||
{ |
|||
if (!args[1]) |
|||
goto bad; |
|||
args++; |
|||
if (do_param == 1) |
|||
goto bad; |
|||
if (!init_keygen_file(bio_err, &ctx, *args, e)) |
|||
goto end; |
|||
} |
|||
else if (!strcmp (*args, "-out")) |
|||
{ |
|||
if (args[1]) |
|||
{ |
|||
args++; |
|||
outfile = *args; |
|||
} |
|||
else badarg = 1; |
|||
} |
|||
else if (strcmp(*args,"-algorithm") == 0) |
|||
{ |
|||
if (!args[1]) |
|||
goto bad; |
|||
if (!init_gen_str(bio_err, &ctx, *(++args),e, do_param)) |
|||
goto end; |
|||
} |
|||
else if (strcmp(*args,"-pkeyopt") == 0) |
|||
{ |
|||
if (!args[1]) |
|||
goto bad; |
|||
if (!ctx) |
|||
{ |
|||
BIO_puts(bio_err, "No keytype specified\n"); |
|||
goto bad; |
|||
} |
|||
else if (pkey_ctrl_string(ctx, *(++args)) <= 0) |
|||
{ |
|||
BIO_puts(bio_err, "parameter setting error\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
} |
|||
else if (strcmp(*args,"-genparam") == 0) |
|||
{ |
|||
if (ctx) |
|||
goto bad; |
|||
do_param = 1; |
|||
} |
|||
else if (strcmp(*args,"-text") == 0) |
|||
text=1; |
|||
else |
|||
{ |
|||
cipher = EVP_get_cipherbyname(*args + 1); |
|||
if (!cipher) |
|||
{ |
|||
BIO_printf(bio_err, "Unknown cipher %s\n", |
|||
*args + 1); |
|||
badarg = 1; |
|||
} |
|||
if (do_param == 1) |
|||
badarg = 1; |
|||
} |
|||
args++; |
|||
} |
|||
|
|||
if (!ctx) |
|||
badarg = 1; |
|||
|
|||
if (badarg) |
|||
{ |
|||
bad: |
|||
BIO_printf(bio_err, "Usage: genpkey [options]\n"); |
|||
BIO_printf(bio_err, "where options may be\n"); |
|||
BIO_printf(bio_err, "-out file output file\n"); |
|||
BIO_printf(bio_err, "-outform X output format (DER or PEM)\n"); |
|||
BIO_printf(bio_err, "-pass arg output file pass phrase source\n"); |
|||
BIO_printf(bio_err, "-<cipher> use cipher <cipher> to encrypt the key\n"); |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n"); |
|||
#endif |
|||
BIO_printf(bio_err, "-paramfile file parameters file\n"); |
|||
BIO_printf(bio_err, "-algorithm alg the public key algorithm\n"); |
|||
BIO_printf(bio_err, "-pkeyopt opt:value set the public key algorithm option <opt>\n" |
|||
" to value <value>\n"); |
|||
BIO_printf(bio_err, "-genparam generate parameters, not key\n"); |
|||
BIO_printf(bio_err, "-text print the in text\n"); |
|||
BIO_printf(bio_err, "NB: options order may be important! See the manual page.\n"); |
|||
goto end; |
|||
} |
|||
|
|||
if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) |
|||
{ |
|||
BIO_puts(bio_err, "Error getting password\n"); |
|||
goto end; |
|||
} |
|||
|
|||
if (outfile) |
|||
{ |
|||
if (!(out = BIO_new_file (outfile, "wb"))) |
|||
{ |
|||
BIO_printf(bio_err, |
|||
"Can't open output file %s\n", outfile); |
|||
goto end; |
|||
} |
|||
} |
|||
else |
|||
{ |
|||
out = BIO_new_fp (stdout, BIO_NOCLOSE); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
out = BIO_push(tmpbio, out); |
|||
} |
|||
#endif |
|||
} |
|||
|
|||
EVP_PKEY_CTX_set_cb(ctx, genpkey_cb); |
|||
EVP_PKEY_CTX_set_app_data(ctx, bio_err); |
|||
|
|||
if (do_param) |
|||
{ |
|||
if (EVP_PKEY_paramgen(ctx, &pkey) <= 0) |
|||
{ |
|||
BIO_puts(bio_err, "Error generating parameters\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
} |
|||
else |
|||
{ |
|||
if (EVP_PKEY_keygen(ctx, &pkey) <= 0) |
|||
{ |
|||
BIO_puts(bio_err, "Error generating key\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
if (do_param) |
|||
rv = PEM_write_bio_Parameters(out, pkey); |
|||
else if (outformat == FORMAT_PEM) |
|||
rv = PEM_write_bio_PrivateKey(out, pkey, cipher, NULL, 0, |
|||
NULL, pass); |
|||
else if (outformat == FORMAT_ASN1) |
|||
rv = i2d_PrivateKey_bio(out, pkey); |
|||
else |
|||
{ |
|||
BIO_printf(bio_err, "Bad format specified for key\n"); |
|||
goto end; |
|||
} |
|||
|
|||
if (rv <= 0) |
|||
{ |
|||
BIO_puts(bio_err, "Error writing key\n"); |
|||
ERR_print_errors(bio_err); |
|||
} |
|||
|
|||
if (text) |
|||
{ |
|||
if (do_param) |
|||
rv = EVP_PKEY_print_params(out, pkey, 0, NULL); |
|||
else |
|||
rv = EVP_PKEY_print_private(out, pkey, 0, NULL); |
|||
|
|||
if (rv <= 0) |
|||
{ |
|||
BIO_puts(bio_err, "Error printing key\n"); |
|||
ERR_print_errors(bio_err); |
|||
} |
|||
} |
|||
|
|||
ret = 0; |
|||
|
|||
end: |
|||
if (pkey) |
|||
EVP_PKEY_free(pkey); |
|||
if (ctx) |
|||
EVP_PKEY_CTX_free(ctx); |
|||
if (out) |
|||
BIO_free_all(out); |
|||
BIO_free(in); |
|||
if (pass) |
|||
OPENSSL_free(pass); |
|||
|
|||
return ret; |
|||
} |
|||
|
|||
static int init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx, |
|||
const char *file, ENGINE *e) |
|||
{ |
|||
BIO *pbio; |
|||
EVP_PKEY *pkey = NULL; |
|||
EVP_PKEY_CTX *ctx = NULL; |
|||
if (*pctx) |
|||
{ |
|||
BIO_puts(err, "Parameters already set!\n"); |
|||
return 0; |
|||
} |
|||
|
|||
pbio = BIO_new_file(file, "r"); |
|||
if (!pbio) |
|||
{ |
|||
BIO_printf(err, "Can't open parameter file %s\n", file); |
|||
return 0; |
|||
} |
|||
|
|||
pkey = PEM_read_bio_Parameters(pbio, NULL); |
|||
BIO_free(pbio); |
|||
|
|||
if (!pkey) |
|||
{ |
|||
BIO_printf(bio_err, "Error reading parameter file %s\n", file); |
|||
return 0; |
|||
} |
|||
|
|||
ctx = EVP_PKEY_CTX_new(pkey, e); |
|||
if (!ctx) |
|||
goto err; |
|||
if (EVP_PKEY_keygen_init(ctx) <= 0) |
|||
goto err; |
|||
EVP_PKEY_free(pkey); |
|||
*pctx = ctx; |
|||
return 1; |
|||
|
|||
err: |
|||
BIO_puts(err, "Error initializing context\n"); |
|||
ERR_print_errors(err); |
|||
if (ctx) |
|||
EVP_PKEY_CTX_free(ctx); |
|||
if (pkey) |
|||
EVP_PKEY_free(pkey); |
|||
return 0; |
|||
|
|||
} |
|||
|
|||
int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx, |
|||
const char *algname, ENGINE *e, int do_param) |
|||
{ |
|||
EVP_PKEY_CTX *ctx = NULL; |
|||
const EVP_PKEY_ASN1_METHOD *ameth; |
|||
ENGINE *tmpeng = NULL; |
|||
int pkey_id; |
|||
|
|||
if (*pctx) |
|||
{ |
|||
BIO_puts(err, "Algorithm already set!\n"); |
|||
return 0; |
|||
} |
|||
|
|||
ameth = EVP_PKEY_asn1_find_str(&tmpeng, algname, -1); |
|||
|
|||
#ifndef OPENSSL_NO_ENGINE |
|||
if (!ameth && e) |
|||
ameth = ENGINE_get_pkey_asn1_meth_str(e, algname, -1); |
|||
#endif |
|||
|
|||
if (!ameth) |
|||
{ |
|||
BIO_printf(bio_err, "Algorithm %s not found\n", algname); |
|||
return 0; |
|||
} |
|||
|
|||
ERR_clear_error(); |
|||
|
|||
EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth); |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
if (tmpeng) |
|||
ENGINE_finish(tmpeng); |
|||
#endif |
|||
ctx = EVP_PKEY_CTX_new_id(pkey_id, e); |
|||
|
|||
if (!ctx) |
|||
goto err; |
|||
if (do_param) |
|||
{ |
|||
if (EVP_PKEY_paramgen_init(ctx) <= 0) |
|||
goto err; |
|||
} |
|||
else |
|||
{ |
|||
if (EVP_PKEY_keygen_init(ctx) <= 0) |
|||
goto err; |
|||
} |
|||
|
|||
*pctx = ctx; |
|||
return 1; |
|||
|
|||
err: |
|||
BIO_printf(err, "Error initializing %s context\n", algname); |
|||
ERR_print_errors(err); |
|||
if (ctx) |
|||
EVP_PKEY_CTX_free(ctx); |
|||
return 0; |
|||
|
|||
} |
|||
|
|||
static int genpkey_cb(EVP_PKEY_CTX *ctx) |
|||
{ |
|||
char c='*'; |
|||
BIO *b = EVP_PKEY_CTX_get_app_data(ctx); |
|||
int p; |
|||
p = EVP_PKEY_CTX_get_keygen_info(ctx, 0); |
|||
if (p == 0) c='.'; |
|||
if (p == 1) c='+'; |
|||
if (p == 2) c='*'; |
|||
if (p == 3) c='\n'; |
|||
BIO_write(b,&c,1); |
|||
(void)BIO_flush(b); |
|||
#ifdef LINT |
|||
p=n; |
|||
#endif |
|||
return 1; |
|||
} |
@ -0,0 +1,335 @@ |
|||
/* apps/genrsa.c */ |
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
|||
* All rights reserved. |
|||
* |
|||
* This package is an SSL implementation written |
|||
* by Eric Young (eay@cryptsoft.com). |
|||
* The implementation was written so as to conform with Netscapes SSL. |
|||
* |
|||
* This library is free for commercial and non-commercial use as long as |
|||
* the following conditions are aheared to. The following conditions |
|||
* apply to all code found in this distribution, be it the RC4, RSA, |
|||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
|||
* included with this distribution is covered by the same copyright terms |
|||
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
|||
* |
|||
* Copyright remains Eric Young's, and as such any Copyright notices in |
|||
* the code are not to be removed. |
|||
* If this package is used in a product, Eric Young should be given attribution |
|||
* as the author of the parts of the library used. |
|||
* This can be in the form of a textual message at program startup or |
|||
* in documentation (online or textual) provided with the package. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* 1. Redistributions of source code must retain the copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in the |
|||
* documentation and/or other materials provided with the distribution. |
|||
* 3. All advertising materials mentioning features or use of this software |
|||
* must display the following acknowledgement: |
|||
* "This product includes cryptographic software written by |
|||
* Eric Young (eay@cryptsoft.com)" |
|||
* The word 'cryptographic' can be left out if the rouines from the library |
|||
* being used are not cryptographic related :-). |
|||
* 4. If you include any Windows specific code (or a derivative thereof) from |
|||
* the apps directory (application code) you must include an acknowledgement: |
|||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|||
* SUCH DAMAGE. |
|||
* |
|||
* The licence and distribution terms for any publically available version or |
|||
* derivative of this code cannot be changed. i.e. this code cannot simply be |
|||
* copied and put under another distribution licence |
|||
* [including the GNU Public Licence.] |
|||
*/ |
|||
|
|||
#include <openssl/opensslconf.h> |
|||
/* Until the key-gen callbacks are modified to use newer prototypes, we allow
|
|||
* deprecated functions for openssl-internal code */ |
|||
#ifdef OPENSSL_NO_DEPRECATED |
|||
#undef OPENSSL_NO_DEPRECATED |
|||
#endif |
|||
|
|||
#ifndef OPENSSL_NO_RSA |
|||
#include <stdio.h> |
|||
#include <string.h> |
|||
#include <sys/types.h> |
|||
#include <sys/stat.h> |
|||
#include "apps.h" |
|||
#include <openssl/bio.h> |
|||
#include <openssl/err.h> |
|||
#include <openssl/bn.h> |
|||
#include <openssl/rsa.h> |
|||
#include <openssl/evp.h> |
|||
#include <openssl/x509.h> |
|||
#include <openssl/pem.h> |
|||
#include <openssl/rand.h> |
|||
|
|||
#define DEFBITS 512 |
|||
#undef PROG |
|||
#define PROG genrsa_main |
|||
|
|||
static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb); |
|||
|
|||
int MAIN(int, char **); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
BN_GENCB cb; |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
ENGINE *e = NULL; |
|||
#endif |
|||
int ret=1; |
|||
int i,num=DEFBITS; |
|||
long l; |
|||
const EVP_CIPHER *enc=NULL; |
|||
unsigned long f4=RSA_F4; |
|||
char *outfile=NULL; |
|||
char *passargout = NULL, *passout = NULL; |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
char *engine=NULL; |
|||
#endif |
|||
char *inrand=NULL; |
|||
BIO *out=NULL; |
|||
BIGNUM *bn = BN_new(); |
|||
RSA *rsa = NULL; |
|||
|
|||
if(!bn) goto err; |
|||
|
|||
apps_startup(); |
|||
BN_GENCB_set(&cb, genrsa_cb, bio_err); |
|||
|
|||
if (bio_err == NULL) |
|||
if ((bio_err=BIO_new(BIO_s_file())) != NULL) |
|||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); |
|||
|
|||
if (!load_config(bio_err, NULL)) |
|||
goto err; |
|||
if ((out=BIO_new(BIO_s_file())) == NULL) |
|||
{ |
|||
BIO_printf(bio_err,"unable to create BIO for output\n"); |
|||
goto err; |
|||
} |
|||
|
|||
argv++; |
|||
argc--; |
|||
for (;;) |
|||
{ |
|||
if (argc <= 0) break; |
|||
if (strcmp(*argv,"-out") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
outfile= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-3") == 0) |
|||
f4=3; |
|||
else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0) |
|||
f4=RSA_F4; |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
else if (strcmp(*argv,"-engine") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
engine= *(++argv); |
|||
} |
|||
#endif |
|||
else if (strcmp(*argv,"-rand") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
inrand= *(++argv); |
|||
} |
|||
#ifndef OPENSSL_NO_DES |
|||
else if (strcmp(*argv,"-des") == 0) |
|||
enc=EVP_des_cbc(); |
|||
else if (strcmp(*argv,"-des3") == 0) |
|||
enc=EVP_des_ede3_cbc(); |
|||
#endif |
|||
#ifndef OPENSSL_NO_IDEA |
|||
else if (strcmp(*argv,"-idea") == 0) |
|||
enc=EVP_idea_cbc(); |
|||
#endif |
|||
#ifndef OPENSSL_NO_SEED |
|||
else if (strcmp(*argv,"-seed") == 0) |
|||
enc=EVP_seed_cbc(); |
|||
#endif |
|||
#ifndef OPENSSL_NO_AES |
|||
else if (strcmp(*argv,"-aes128") == 0) |
|||
enc=EVP_aes_128_cbc(); |
|||
else if (strcmp(*argv,"-aes192") == 0) |
|||
enc=EVP_aes_192_cbc(); |
|||
else if (strcmp(*argv,"-aes256") == 0) |
|||
enc=EVP_aes_256_cbc(); |
|||
#endif |
|||
#ifndef OPENSSL_NO_CAMELLIA |
|||
else if (strcmp(*argv,"-camellia128") == 0) |
|||
enc=EVP_camellia_128_cbc(); |
|||
else if (strcmp(*argv,"-camellia192") == 0) |
|||
enc=EVP_camellia_192_cbc(); |
|||
else if (strcmp(*argv,"-camellia256") == 0) |
|||
enc=EVP_camellia_256_cbc(); |
|||
#endif |
|||
else if (strcmp(*argv,"-passout") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
passargout= *(++argv); |
|||
} |
|||
else |
|||
break; |
|||
argv++; |
|||
argc--; |
|||
} |
|||
if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0))) |
|||
{ |
|||
bad: |
|||
BIO_printf(bio_err,"usage: genrsa [args] [numbits]\n"); |
|||
BIO_printf(bio_err," -des encrypt the generated key with DES in cbc mode\n"); |
|||
BIO_printf(bio_err," -des3 encrypt the generated key with DES in ede cbc mode (168 bit key)\n"); |
|||
#ifndef OPENSSL_NO_IDEA |
|||
BIO_printf(bio_err," -idea encrypt the generated key with IDEA in cbc mode\n"); |
|||
#endif |
|||
#ifndef OPENSSL_NO_SEED |
|||
BIO_printf(bio_err," -seed\n"); |
|||
BIO_printf(bio_err," encrypt PEM output with cbc seed\n"); |
|||
#endif |
|||
#ifndef OPENSSL_NO_AES |
|||
BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); |
|||
BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); |
|||
#endif |
|||
#ifndef OPENSSL_NO_CAMELLIA |
|||
BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n"); |
|||
BIO_printf(bio_err," encrypt PEM output with cbc camellia\n"); |
|||
#endif |
|||
BIO_printf(bio_err," -out file output the key to 'file\n"); |
|||
BIO_printf(bio_err," -passout arg output file pass phrase source\n"); |
|||
BIO_printf(bio_err," -f4 use F4 (0x10001) for the E value\n"); |
|||
BIO_printf(bio_err," -3 use 3 for the E value\n"); |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); |
|||
#endif |
|||
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); |
|||
BIO_printf(bio_err," load the file (or the files in the directory) into\n"); |
|||
BIO_printf(bio_err," the random number generator\n"); |
|||
goto err; |
|||
} |
|||
|
|||
ERR_load_crypto_strings(); |
|||
|
|||
if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) { |
|||
BIO_printf(bio_err, "Error getting password\n"); |
|||
goto err; |
|||
} |
|||
|
|||
#ifndef OPENSSL_NO_ENGINE |
|||
e = setup_engine(bio_err, engine, 0); |
|||
#endif |
|||
|
|||
if (outfile == NULL) |
|||
{ |
|||
BIO_set_fp(out,stdout,BIO_NOCLOSE); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
out = BIO_push(tmpbio, out); |
|||
} |
|||
#endif |
|||
} |
|||
else |
|||
{ |
|||
if (BIO_write_filename(out,outfile) <= 0) |
|||
{ |
|||
perror(outfile); |
|||
goto err; |
|||
} |
|||
} |
|||
|
|||
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL |
|||
&& !RAND_status()) |
|||
{ |
|||
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); |
|||
} |
|||
if (inrand != NULL) |
|||
BIO_printf(bio_err,"%ld semi-random bytes loaded\n", |
|||
app_RAND_load_files(inrand)); |
|||
|
|||
BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n", |
|||
num); |
|||
#ifdef OPENSSL_NO_ENGINE |
|||
rsa = RSA_new(); |
|||
#else |
|||
rsa = RSA_new_method(e); |
|||
#endif |
|||
if (!rsa) |
|||
goto err; |
|||
|
|||
if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb)) |
|||
goto err; |
|||
|
|||
app_RAND_write_file(NULL, bio_err); |
|||
|
|||
/* We need to do the following for when the base number size is <
|
|||
* long, esp windows 3.1 :-(. */ |
|||
l=0L; |
|||
for (i=0; i<rsa->e->top; i++) |
|||
{ |
|||
#ifndef SIXTY_FOUR_BIT |
|||
l<<=BN_BITS4; |
|||
l<<=BN_BITS4; |
|||
#endif |
|||
l+=rsa->e->d[i]; |
|||
} |
|||
BIO_printf(bio_err,"e is %ld (0x%lX)\n",l,l); |
|||
{ |
|||
PW_CB_DATA cb_data; |
|||
cb_data.password = passout; |
|||
cb_data.prompt_info = outfile; |
|||
if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0, |
|||
(pem_password_cb *)password_callback,&cb_data)) |
|||
goto err; |
|||
} |
|||
|
|||
ret=0; |
|||
err: |
|||
if (bn) BN_free(bn); |
|||
if (rsa) RSA_free(rsa); |
|||
if (out) BIO_free_all(out); |
|||
if(passout) OPENSSL_free(passout); |
|||
if (ret != 0) |
|||
ERR_print_errors(bio_err); |
|||
apps_shutdown(); |
|||
OPENSSL_EXIT(ret); |
|||
} |
|||
|
|||
static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb) |
|||
{ |
|||
char c='*'; |
|||
|
|||
if (p == 0) c='.'; |
|||
if (p == 1) c='+'; |
|||
if (p == 2) c='*'; |
|||
if (p == 3) c='\n'; |
|||
BIO_write(cb->arg,&c,1); |
|||
(void)BIO_flush(cb->arg); |
|||
#ifdef LINT |
|||
p=n; |
|||
#endif |
|||
return 1; |
|||
} |
|||
#else /* !OPENSSL_NO_RSA */ |
|||
|
|||
# if PEDANTIC |
|||
static void *dummy=&dummy; |
|||
# endif |
|||
|
|||
#endif |
@ -0,0 +1,107 @@ |
|||
$! INSTALL.COM -- Installs the files in a given directory tree |
|||
$! |
|||
$! Author: Richard Levitte <richard@levitte.org> |
|||
$! Time of creation: 22-MAY-1998 10:13 |
|||
$! |
|||
$! P1 root of the directory tree |
|||
$! P2 "64" for 64-bit pointers. |
|||
$! |
|||
$! |
|||
$! Announce/identify. |
|||
$! |
|||
$ proc = f$environment( "procedure") |
|||
$ write sys$output "@@@ "+ - |
|||
f$parse( proc, , , "name")+ f$parse( proc, , , "type") |
|||
$! |
|||
$ on error then goto tidy |
|||
$ on control_c then goto tidy |
|||
$! |
|||
$ if (p1 .eqs. "") |
|||
$ then |
|||
$ write sys$output "First argument missing." |
|||
$ write sys$output - |
|||
"It should be the directory where you want things installed." |
|||
$ exit |
|||
$ endif |
|||
$! |
|||
$ if (f$getsyi("cpu") .lt. 128) |
|||
$ then |
|||
$ arch = "VAX" |
|||
$ else |
|||
$ arch = f$edit( f$getsyi( "arch_name"), "upcase") |
|||
$ if (arch .eqs. "") then arch = "UNK" |
|||
$ endif |
|||
$! |
|||
$ archd = arch |
|||
$! |
|||
$ if (p2 .nes. "") |
|||
$ then |
|||
$ if (p2 .eqs. "64") |
|||
$ then |
|||
$ archd = arch+ "_64" |
|||
$ else |
|||
$ if (p2 .nes. "32") |
|||
$ then |
|||
$ write sys$output "Second argument invalid." |
|||
$ write sys$output "It should be "32", "64", or nothing." |
|||
$ exit |
|||
$ endif |
|||
$ endif |
|||
$ endif |
|||
$! |
|||
$ root = f$parse( p1, "[]A.;0", , , "syntax_only, no_conceal") - "A.;0" |
|||
$ root_dev = f$parse(root,,,"device","syntax_only") |
|||
$ root_dir = f$parse(root,,,"directory","syntax_only") - - |
|||
"[000000." - "][" - "[" - "]" |
|||
$ root = root_dev + "[" + root_dir |
|||
$! |
|||
$ define /nolog wrk_sslroot 'root'.] /trans=conc |
|||
$ define /nolog wrk_sslxexe wrk_sslroot:['archd'_exe] |
|||
$! |
|||
$ if f$parse("wrk_sslroot:[000000]") .eqs. "" then - |
|||
create /directory /log wrk_sslroot:[000000] |
|||
$ if f$parse("wrk_sslxexe:") .eqs. "" then - |
|||
create /directory /log wrk_sslxexe: |
|||
$! |
|||
$ exe := openssl |
|||
$! |
|||
$ exe_dir := [-.'archd'.exe.apps] |
|||
$! |
|||
$! Executables. |
|||
$! |
|||
$ i = 0 |
|||
$ loop_exe: |
|||
$ e = f$edit(f$element( i, ",", exe), "trim") |
|||
$ i = i + 1 |
|||
$ if e .eqs. "," then goto loop_exe_end |
|||
$ set noon |
|||
$ file = exe_dir+ e+ ".exe" |
|||
$ if f$search( file) .nes. "" |
|||
$ then |
|||
$ copy /protection = w:re 'file' wrk_sslxexe: /log |
|||
$ endif |
|||
$ set on |
|||
$ goto loop_exe |
|||
$ loop_exe_end: |
|||
$! |
|||
$! Miscellaneous. |
|||
$! |
|||
$ set noon |
|||
$ copy /protection = w:re ca.com wrk_sslxexe:ca.com /log |
|||
$ copy /protection = w:re openssl-vms.cnf wrk_sslroot:[000000]openssl.cnf /log |
|||
$ set on |
|||
$! |
|||
$ tidy: |
|||
$! |
|||
$ call deass wrk_sslroot |
|||
$ call deass wrk_sslxexe |
|||
$! |
|||
$ exit |
|||
$! |
|||
$ deass: subroutine |
|||
$ if (f$trnlnm( p1, "LNM$PROCESS") .nes. "") |
|||
$ then |
|||
$ deassign /process 'p1' |
|||
$ endif |
|||
$ endsubroutine |
|||
$! |
File diff suppressed because it is too large
@ -0,0 +1 @@ |
|||
../crypto/md4/md4.c |
@ -0,0 +1,167 @@ |
|||
/* nseq.c */ |
|||
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
|
|||
* project 1999. |
|||
*/ |
|||
/* ====================================================================
|
|||
* Copyright (c) 1999 The OpenSSL Project. All rights reserved. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* |
|||
* 1. Redistributions of source code must retain the above copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in |
|||
* the documentation and/or other materials provided with the |
|||
* distribution. |
|||
* |
|||
* 3. All advertising materials mentioning features or use of this |
|||
* software must display the following acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
|
|||
* |
|||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|||
* endorse or promote products derived from this software without |
|||
* prior written permission. For written permission, please contact |
|||
* licensing@OpenSSL.org. |
|||
* |
|||
* 5. Products derived from this software may not be called "OpenSSL" |
|||
* nor may "OpenSSL" appear in their names without prior written |
|||
* permission of the OpenSSL Project. |
|||
* |
|||
* 6. Redistributions of any form whatsoever must retain the following |
|||
* acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
|
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|||
* OF THE POSSIBILITY OF SUCH DAMAGE. |
|||
* ==================================================================== |
|||
* |
|||
* This product includes cryptographic software written by Eric Young |
|||
* (eay@cryptsoft.com). This product includes software written by Tim |
|||
* Hudson (tjh@cryptsoft.com). |
|||
* |
|||
*/ |
|||
|
|||
#include <stdio.h> |
|||
#include <string.h> |
|||
#include "apps.h" |
|||
#include <openssl/pem.h> |
|||
#include <openssl/err.h> |
|||
|
|||
#undef PROG |
|||
#define PROG nseq_main |
|||
|
|||
int MAIN(int, char **); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
char **args, *infile = NULL, *outfile = NULL; |
|||
BIO *in = NULL, *out = NULL; |
|||
int toseq = 0; |
|||
X509 *x509 = NULL; |
|||
NETSCAPE_CERT_SEQUENCE *seq = NULL; |
|||
int i, ret = 1; |
|||
int badarg = 0; |
|||
if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); |
|||
ERR_load_crypto_strings(); |
|||
args = argv + 1; |
|||
while (!badarg && *args && *args[0] == '-') { |
|||
if (!strcmp (*args, "-toseq")) toseq = 1; |
|||
else if (!strcmp (*args, "-in")) { |
|||
if (args[1]) { |
|||
args++; |
|||
infile = *args; |
|||
} else badarg = 1; |
|||
} else if (!strcmp (*args, "-out")) { |
|||
if (args[1]) { |
|||
args++; |
|||
outfile = *args; |
|||
} else badarg = 1; |
|||
} else badarg = 1; |
|||
args++; |
|||
} |
|||
|
|||
if (badarg) { |
|||
BIO_printf (bio_err, "Netscape certificate sequence utility\n"); |
|||
BIO_printf (bio_err, "Usage nseq [options]\n"); |
|||
BIO_printf (bio_err, "where options are\n"); |
|||
BIO_printf (bio_err, "-in file input file\n"); |
|||
BIO_printf (bio_err, "-out file output file\n"); |
|||
BIO_printf (bio_err, "-toseq output NS Sequence file\n"); |
|||
OPENSSL_EXIT(1); |
|||
} |
|||
|
|||
if (infile) { |
|||
if (!(in = BIO_new_file (infile, "r"))) { |
|||
BIO_printf (bio_err, |
|||
"Can't open input file %s\n", infile); |
|||
goto end; |
|||
} |
|||
} else in = BIO_new_fp(stdin, BIO_NOCLOSE); |
|||
|
|||
if (outfile) { |
|||
if (!(out = BIO_new_file (outfile, "w"))) { |
|||
BIO_printf (bio_err, |
|||
"Can't open output file %s\n", outfile); |
|||
goto end; |
|||
} |
|||
} else { |
|||
out = BIO_new_fp(stdout, BIO_NOCLOSE); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
out = BIO_push(tmpbio, out); |
|||
} |
|||
#endif |
|||
} |
|||
if (toseq) { |
|||
seq = NETSCAPE_CERT_SEQUENCE_new(); |
|||
seq->certs = sk_X509_new_null(); |
|||
while((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL))) |
|||
sk_X509_push(seq->certs,x509); |
|||
|
|||
if(!sk_X509_num(seq->certs)) |
|||
{ |
|||
BIO_printf (bio_err, "Error reading certs file %s\n", infile); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
PEM_write_bio_NETSCAPE_CERT_SEQUENCE(out, seq); |
|||
ret = 0; |
|||
goto end; |
|||
} |
|||
|
|||
if (!(seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL))) { |
|||
BIO_printf (bio_err, "Error reading sequence file %s\n", infile); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
for(i = 0; i < sk_X509_num(seq->certs); i++) { |
|||
x509 = sk_X509_value(seq->certs, i); |
|||
dump_cert_text(out, x509); |
|||
PEM_write_bio_X509(out, x509); |
|||
} |
|||
ret = 0; |
|||
end: |
|||
BIO_free(in); |
|||
BIO_free_all(out); |
|||
NETSCAPE_CERT_SEQUENCE_free(seq); |
|||
|
|||
OPENSSL_EXIT(ret); |
|||
} |
|||
|
File diff suppressed because it is too large
@ -0,0 +1,6 @@ |
|||
2.99999.1 SET.ex1 SET x509v3 extension 1 |
|||
2.99999.2 SET.ex2 SET x509v3 extension 2 |
|||
2.99999.3 SET.ex3 SET x509v3 extension 3 |
|||
2.99999.4 SET.ex4 SET x509v3 extension 4 |
|||
2.99999.5 SET.ex5 SET x509v3 extension 5 |
|||
2.99999.6 SET.ex6 SET x509v3 extension 6 |
@ -0,0 +1,350 @@ |
|||
# |
|||
# OpenSSL example configuration file. |
|||
# This is mostly being used for generation of certificate requests. |
|||
# |
|||
|
|||
# This definition stops the following lines choking if HOME isn't |
|||
# defined. |
|||
HOME = . |
|||
RANDFILE = $ENV::HOME/.rnd |
|||
|
|||
# Extra OBJECT IDENTIFIER info: |
|||
#oid_file = $ENV::HOME/.oid |
|||
oid_section = new_oids |
|||
|
|||
# To use this configuration file with the "-extfile" option of the |
|||
# "openssl x509" utility, name here the section containing the |
|||
# X.509v3 extensions to use: |
|||
# extensions = |
|||
# (Alternatively, use a configuration file that has only |
|||
# X.509v3 extensions in its main [= default] section.) |
|||
|
|||
[ new_oids ] |
|||
|
|||
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'. |
|||
# Add a simple OID like this: |
|||
# testoid1=1.2.3.4 |
|||
# Or use config file substitution like this: |
|||
# testoid2=${testoid1}.5.6 |
|||
|
|||
# Policies used by the TSA examples. |
|||
tsa_policy1 = 1.2.3.4.1 |
|||
tsa_policy2 = 1.2.3.4.5.6 |
|||
tsa_policy3 = 1.2.3.4.5.7 |
|||
|
|||
#################################################################### |
|||
[ ca ] |
|||
default_ca = CA_default # The default ca section |
|||
|
|||
#################################################################### |
|||
[ CA_default ] |
|||
|
|||
dir = sys\$disk:[.demoCA # Where everything is kept |
|||
certs = $dir.certs] # Where the issued certs are kept |
|||
crl_dir = $dir.crl] # Where the issued crl are kept |
|||
database = $dir]index.txt # database index file. |
|||
#unique_subject = no # Set to 'no' to allow creation of |
|||
# several ctificates with same subject. |
|||
new_certs_dir = $dir.newcerts] # default place for new certs. |
|||
|
|||
certificate = $dir]cacert.pem # The CA certificate |
|||
serial = $dir]serial. # The current serial number |
|||
crlnumber = $dir]crlnumber. # the current crl number |
|||
# must be commented out to leave a V1 CRL |
|||
crl = $dir]crl.pem # The current CRL |
|||
private_key = $dir.private]cakey.pem# The private key |
|||
RANDFILE = $dir.private].rand # private random number file |
|||
|
|||
x509_extensions = usr_cert # The extentions to add to the cert |
|||
|
|||
# Comment out the following two lines for the "traditional" |
|||
# (and highly broken) format. |
|||
name_opt = ca_default # Subject Name options |
|||
cert_opt = ca_default # Certificate field options |
|||
|
|||
# Extension copying option: use with caution. |
|||
# copy_extensions = copy |
|||
|
|||
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs |
|||
# so this is commented out by default to leave a V1 CRL. |
|||
# crlnumber must also be commented out to leave a V1 CRL. |
|||
# crl_extensions = crl_ext |
|||
|
|||
default_days = 365 # how long to certify for |
|||
default_crl_days= 30 # how long before next CRL |
|||
default_md = default # use public key default MD |
|||
preserve = no # keep passed DN ordering |
|||
|
|||
# A few difference way of specifying how similar the request should look |
|||
# For type CA, the listed attributes must be the same, and the optional |
|||
# and supplied fields are just that :-) |
|||
policy = policy_match |
|||
|
|||
# For the CA policy |
|||
[ policy_match ] |
|||
countryName = match |
|||
stateOrProvinceName = match |
|||
organizationName = match |
|||
organizationalUnitName = optional |
|||
commonName = supplied |
|||
emailAddress = optional |
|||
|
|||
# For the 'anything' policy |
|||
# At this point in time, you must list all acceptable 'object' |
|||
# types. |
|||
[ policy_anything ] |
|||
countryName = optional |
|||
stateOrProvinceName = optional |
|||
localityName = optional |
|||
organizationName = optional |
|||
organizationalUnitName = optional |
|||
commonName = supplied |
|||
emailAddress = optional |
|||
|
|||
#################################################################### |
|||
[ req ] |
|||
default_bits = 1024 |
|||
default_keyfile = privkey.pem |
|||
distinguished_name = req_distinguished_name |
|||
attributes = req_attributes |
|||
x509_extensions = v3_ca # The extentions to add to the self signed cert |
|||
|
|||
# Passwords for private keys if not present they will be prompted for |
|||
# input_password = secret |
|||
# output_password = secret |
|||
|
|||
# This sets a mask for permitted string types. There are several options. |
|||
# default: PrintableString, T61String, BMPString. |
|||
# pkix : PrintableString, BMPString (PKIX recommendation before 2004) |
|||
# utf8only: only UTF8Strings (PKIX recommendation after 2004). |
|||
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). |
|||
# MASK:XXXX a literal mask value. |
|||
# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. |
|||
string_mask = utf8only |
|||
|
|||
# req_extensions = v3_req # The extensions to add to a certificate request |
|||
|
|||
[ req_distinguished_name ] |
|||
countryName = Country Name (2 letter code) |
|||
countryName_default = AU |
|||
countryName_min = 2 |
|||
countryName_max = 2 |
|||
|
|||
stateOrProvinceName = State or Province Name (full name) |
|||
stateOrProvinceName_default = Some-State |
|||
|
|||
localityName = Locality Name (eg, city) |
|||
|
|||
0.organizationName = Organization Name (eg, company) |
|||
0.organizationName_default = Internet Widgits Pty Ltd |
|||
|
|||
# we can do this but it is not needed normally :-) |
|||
#1.organizationName = Second Organization Name (eg, company) |
|||
#1.organizationName_default = World Wide Web Pty Ltd |
|||
|
|||
organizationalUnitName = Organizational Unit Name (eg, section) |
|||
#organizationalUnitName_default = |
|||
|
|||
commonName = Common Name (e.g. server FQDN or YOUR name) |
|||
commonName_max = 64 |
|||
|
|||
emailAddress = Email Address |
|||
emailAddress_max = 64 |
|||
|
|||
# SET-ex3 = SET extension number 3 |
|||
|
|||
[ req_attributes ] |
|||
challengePassword = A challenge password |
|||
challengePassword_min = 4 |
|||
challengePassword_max = 20 |
|||
|
|||
unstructuredName = An optional company name |
|||
|
|||
[ usr_cert ] |
|||
|
|||
# These extensions are added when 'ca' signs a request. |
|||
|
|||
# This goes against PKIX guidelines but some CAs do it and some software |
|||
# requires this to avoid interpreting an end user certificate as a CA. |
|||
|
|||
basicConstraints=CA:FALSE |
|||
|
|||
# Here are some examples of the usage of nsCertType. If it is omitted |
|||
# the certificate can be used for anything *except* object signing. |
|||
|
|||
# This is OK for an SSL server. |
|||
# nsCertType = server |
|||
|
|||
# For an object signing certificate this would be used. |
|||
# nsCertType = objsign |
|||
|
|||
# For normal client use this is typical |
|||
# nsCertType = client, email |
|||
|
|||
# and for everything including object signing: |
|||
# nsCertType = client, email, objsign |
|||
|
|||
# This is typical in keyUsage for a client certificate. |
|||
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment |
|||
|
|||
# This will be displayed in Netscape's comment listbox. |
|||
nsComment = "OpenSSL Generated Certificate" |
|||
|
|||
# PKIX recommendations harmless if included in all certificates. |
|||
subjectKeyIdentifier=hash |
|||
authorityKeyIdentifier=keyid,issuer |
|||
|
|||
# This stuff is for subjectAltName and issuerAltname. |
|||
# Import the email address. |
|||
# subjectAltName=email:copy |
|||
# An alternative to produce certificates that aren't |
|||
# deprecated according to PKIX. |
|||
# subjectAltName=email:move |
|||
|
|||
# Copy subject details |
|||
# issuerAltName=issuer:copy |
|||
|
|||
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem |
|||
#nsBaseUrl |
|||
#nsRevocationUrl |
|||
#nsRenewalUrl |
|||
#nsCaPolicyUrl |
|||
#nsSslServerName |
|||
|
|||
# This is required for TSA certificates. |
|||
# extendedKeyUsage = critical,timeStamping |
|||
|
|||
[ v3_req ] |
|||
|
|||
# Extensions to add to a certificate request |
|||
|
|||
basicConstraints = CA:FALSE |
|||
keyUsage = nonRepudiation, digitalSignature, keyEncipherment |
|||
|
|||
[ v3_ca ] |
|||
|
|||
|
|||
# Extensions for a typical CA |
|||
|
|||
|
|||
# PKIX recommendation. |
|||
|
|||
subjectKeyIdentifier=hash |
|||
|
|||
authorityKeyIdentifier=keyid:always,issuer |
|||
|
|||
# This is what PKIX recommends but some broken software chokes on critical |
|||
# extensions. |
|||
#basicConstraints = critical,CA:true |
|||
# So we do this instead. |
|||
basicConstraints = CA:true |
|||
|
|||
# Key usage: this is typical for a CA certificate. However since it will |
|||
# prevent it being used as an test self-signed certificate it is best |
|||
# left out by default. |
|||
# keyUsage = cRLSign, keyCertSign |
|||
|
|||
# Some might want this also |
|||
# nsCertType = sslCA, emailCA |
|||
|
|||
# Include email address in subject alt name: another PKIX recommendation |
|||
# subjectAltName=email:copy |
|||
# Copy issuer details |
|||
# issuerAltName=issuer:copy |
|||
|
|||
# DER hex encoding of an extension: beware experts only! |
|||
# obj=DER:02:03 |
|||
# Where 'obj' is a standard or added object |
|||
# You can even override a supported extension: |
|||
# basicConstraints= critical, DER:30:03:01:01:FF |
|||
|
|||
[ crl_ext ] |
|||
|
|||
# CRL extensions. |
|||
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. |
|||
|
|||
# issuerAltName=issuer:copy |
|||
authorityKeyIdentifier=keyid:always |
|||
|
|||
[ proxy_cert_ext ] |
|||
# These extensions should be added when creating a proxy certificate |
|||
|
|||
# This goes against PKIX guidelines but some CAs do it and some software |
|||
# requires this to avoid interpreting an end user certificate as a CA. |
|||
|
|||
basicConstraints=CA:FALSE |
|||
|
|||
# Here are some examples of the usage of nsCertType. If it is omitted |
|||
# the certificate can be used for anything *except* object signing. |
|||
|
|||
# This is OK for an SSL server. |
|||
# nsCertType = server |
|||
|
|||
# For an object signing certificate this would be used. |
|||
# nsCertType = objsign |
|||
|
|||
# For normal client use this is typical |
|||
# nsCertType = client, email |
|||
|
|||
# and for everything including object signing: |
|||
# nsCertType = client, email, objsign |
|||
|
|||
# This is typical in keyUsage for a client certificate. |
|||
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment |
|||
|
|||
# This will be displayed in Netscape's comment listbox. |
|||
nsComment = "OpenSSL Generated Certificate" |
|||
|
|||
# PKIX recommendations harmless if included in all certificates. |
|||
subjectKeyIdentifier=hash |
|||
authorityKeyIdentifier=keyid,issuer |
|||
|
|||
# This stuff is for subjectAltName and issuerAltname. |
|||
# Import the email address. |
|||
# subjectAltName=email:copy |
|||
# An alternative to produce certificates that aren't |
|||
# deprecated according to PKIX. |
|||
# subjectAltName=email:move |
|||
|
|||
# Copy subject details |
|||
# issuerAltName=issuer:copy |
|||
|
|||
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem |
|||
#nsBaseUrl |
|||
#nsRevocationUrl |
|||
#nsRenewalUrl |
|||
#nsCaPolicyUrl |
|||
#nsSslServerName |
|||
|
|||
# This really needs to be in place for it to be a proxy certificate. |
|||
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo |
|||
|
|||
#################################################################### |
|||
[ tsa ] |
|||
|
|||
default_tsa = tsa_config1 # the default TSA section |
|||
|
|||
[ tsa_config1 ] |
|||
|
|||
# These are used by the TSA reply generation only. |
|||
dir = sys\$disk:[.demoCA # TSA root directory |
|||
serial = $dir]tsaserial. # The current serial number (mandatory) |
|||
crypto_device = builtin # OpenSSL engine to use for signing |
|||
signer_cert = $dir/tsacert.pem # The TSA signing certificate |
|||
# (optional) |
|||
certs = $dir.cacert.pem] # Certificate chain to include in reply |
|||
# (optional) |
|||
signer_key = $dir/private/tsakey.pem # The TSA private key (optional) |
|||
|
|||
default_policy = tsa_policy1 # Policy if request did not specify it |
|||
# (optional) |
|||
other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) |
|||
digests = md5, sha1 # Acceptable message digests (mandatory) |
|||
accuracy = secs:1, millisecs:500, microsecs:100 # (optional) |
|||
clock_precision_digits = 0 # number of digits after dot. (optional) |
|||
ordering = yes # Is ordering defined for timestamps? |
|||
# (optional, default: no) |
|||
tsa_name = yes # Must the TSA name be included in the reply? |
|||
# (optional, default: no) |
|||
ess_cert_id_chain = no # Must the ESS cert id chain be included? |
|||
# (optional, default: no) |
@ -0,0 +1,728 @@ |
|||
/* apps/openssl.c */ |
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
|||
* All rights reserved. |
|||
* |
|||
* This package is an SSL implementation written |
|||
* by Eric Young (eay@cryptsoft.com). |
|||
* The implementation was written so as to conform with Netscapes SSL. |
|||
* |
|||
* This library is free for commercial and non-commercial use as long as |
|||
* the following conditions are aheared to. The following conditions |
|||
* apply to all code found in this distribution, be it the RC4, RSA, |
|||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
|||
* included with this distribution is covered by the same copyright terms |
|||
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
|||
* |
|||
* Copyright remains Eric Young's, and as such any Copyright notices in |
|||
* the code are not to be removed. |
|||
* If this package is used in a product, Eric Young should be given attribution |
|||
* as the author of the parts of the library used. |
|||
* This can be in the form of a textual message at program startup or |
|||
* in documentation (online or textual) provided with the package. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* 1. Redistributions of source code must retain the copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in the |
|||
* documentation and/or other materials provided with the distribution. |
|||
* 3. All advertising materials mentioning features or use of this software |
|||
* must display the following acknowledgement: |
|||
* "This product includes cryptographic software written by |
|||
* Eric Young (eay@cryptsoft.com)" |
|||
* The word 'cryptographic' can be left out if the rouines from the library |
|||
* being used are not cryptographic related :-). |
|||
* 4. If you include any Windows specific code (or a derivative thereof) from |
|||
* the apps directory (application code) you must include an acknowledgement: |
|||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|||
* SUCH DAMAGE. |
|||
* |
|||
* The licence and distribution terms for any publically available version or |
|||
* derivative of this code cannot be changed. i.e. this code cannot simply be |
|||
* copied and put under another distribution licence |
|||
* [including the GNU Public Licence.] |
|||
*/ |
|||
/* ====================================================================
|
|||
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* |
|||
* 1. Redistributions of source code must retain the above copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in |
|||
* the documentation and/or other materials provided with the |
|||
* distribution. |
|||
* |
|||
* 3. All advertising materials mentioning features or use of this |
|||
* software must display the following acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
|||
* |
|||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|||
* endorse or promote products derived from this software without |
|||
* prior written permission. For written permission, please contact |
|||
* openssl-core@openssl.org. |
|||
* |
|||
* 5. Products derived from this software may not be called "OpenSSL" |
|||
* nor may "OpenSSL" appear in their names without prior written |
|||
* permission of the OpenSSL Project. |
|||
* |
|||
* 6. Redistributions of any form whatsoever must retain the following |
|||
* acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|||
* OF THE POSSIBILITY OF SUCH DAMAGE. |
|||
* ==================================================================== |
|||
* |
|||
* This product includes cryptographic software written by Eric Young |
|||
* (eay@cryptsoft.com). This product includes software written by Tim |
|||
* Hudson (tjh@cryptsoft.com). |
|||
* |
|||
*/ |
|||
|
|||
|
|||
#include <stdio.h> |
|||
#include <string.h> |
|||
#include <stdlib.h> |
|||
#define OPENSSL_C /* tells apps.h to use complete apps_startup() */ |
|||
#include "apps.h" |
|||
#include <openssl/bio.h> |
|||
#include <openssl/crypto.h> |
|||
#include <openssl/lhash.h> |
|||
#include <openssl/conf.h> |
|||
#include <openssl/x509.h> |
|||
#include <openssl/pem.h> |
|||
#include <openssl/ssl.h> |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
#include <openssl/engine.h> |
|||
#endif |
|||
#define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */ |
|||
#include "progs.h" |
|||
#include "s_apps.h" |
|||
#include <openssl/err.h> |
|||
#ifdef OPENSSL_FIPS |
|||
#include <openssl/fips.h> |
|||
#endif |
|||
|
|||
/* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the
|
|||
* base prototypes (we cast each variable inside the function to the required |
|||
* type of "FUNCTION*"). This removes the necessity for macro-generated wrapper |
|||
* functions. */ |
|||
|
|||
static LHASH_OF(FUNCTION) *prog_init(void ); |
|||
static int do_cmd(LHASH_OF(FUNCTION) *prog,int argc,char *argv[]); |
|||
static void list_pkey(BIO *out); |
|||
static void list_cipher(BIO *out); |
|||
static void list_md(BIO *out); |
|||
char *default_config_file=NULL; |
|||
|
|||
/* Make sure there is only one when MONOLITH is defined */ |
|||
#ifdef MONOLITH |
|||
CONF *config=NULL; |
|||
BIO *bio_err=NULL; |
|||
#endif |
|||
|
|||
|
|||
static void lock_dbg_cb(int mode, int type, const char *file, int line) |
|||
{ |
|||
static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */ |
|||
const char *errstr = NULL; |
|||
int rw; |
|||
|
|||
rw = mode & (CRYPTO_READ|CRYPTO_WRITE); |
|||
if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE))) |
|||
{ |
|||
errstr = "invalid mode"; |
|||
goto err; |
|||
} |
|||
|
|||
if (type < 0 || type >= CRYPTO_NUM_LOCKS) |
|||
{ |
|||
errstr = "type out of bounds"; |
|||
goto err; |
|||
} |
|||
|
|||
if (mode & CRYPTO_LOCK) |
|||
{ |
|||
if (modes[type]) |
|||
{ |
|||
errstr = "already locked"; |
|||
/* must not happen in a single-threaded program
|
|||
* (would deadlock) */ |
|||
goto err; |
|||
} |
|||
|
|||
modes[type] = rw; |
|||
} |
|||
else if (mode & CRYPTO_UNLOCK) |
|||
{ |
|||
if (!modes[type]) |
|||
{ |
|||
errstr = "not locked"; |
|||
goto err; |
|||
} |
|||
|
|||
if (modes[type] != rw) |
|||
{ |
|||
errstr = (rw == CRYPTO_READ) ? |
|||
"CRYPTO_r_unlock on write lock" : |
|||
"CRYPTO_w_unlock on read lock"; |
|||
} |
|||
|
|||
modes[type] = 0; |
|||
} |
|||
else |
|||
{ |
|||
errstr = "invalid mode"; |
|||
goto err; |
|||
} |
|||
|
|||
err: |
|||
if (errstr) |
|||
{ |
|||
/* we cannot use bio_err here */ |
|||
fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n", |
|||
errstr, mode, type, file, line); |
|||
} |
|||
} |
|||
|
|||
#if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64) |
|||
# define ARGV _Argv |
|||
#else |
|||
# define ARGV Argv |
|||
#endif |
|||
|
|||
int main(int Argc, char *ARGV[]) |
|||
{ |
|||
ARGS arg; |
|||
#define PROG_NAME_SIZE 39 |
|||
char pname[PROG_NAME_SIZE+1]; |
|||
FUNCTION f,*fp; |
|||
MS_STATIC const char *prompt; |
|||
MS_STATIC char buf[1024]; |
|||
char *to_free=NULL; |
|||
int n,i,ret=0; |
|||
int argc; |
|||
char **argv,*p; |
|||
LHASH_OF(FUNCTION) *prog=NULL; |
|||
long errline; |
|||
|
|||
#if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64) |
|||
/* 2011-03-22 SMS.
|
|||
* If we have 32-bit pointers everywhere, then we're safe, and |
|||
* we bypass this mess, as on non-VMS systems. (See ARGV, |
|||
* above.) |
|||
* Problem 1: Compaq/HP C before V7.3 always used 32-bit |
|||
* pointers for argv[]. |
|||
* Fix 1: For a 32-bit argv[], when we're using 64-bit pointers |
|||
* everywhere else, we always allocate and use a 64-bit |
|||
* duplicate of argv[]. |
|||
* Problem 2: Compaq/HP C V7.3 (Alpha, IA64) before ECO1 failed |
|||
* to NULL-terminate a 64-bit argv[]. (As this was written, the |
|||
* compiler ECO was available only on IA64.) |
|||
* Fix 2: Unless advised not to (VMS_TRUST_ARGV), we test a |
|||
* 64-bit argv[argc] for NULL, and, if necessary, use a |
|||
* (properly) NULL-terminated (64-bit) duplicate of argv[]. |
|||
* The same code is used in either case to duplicate argv[]. |
|||
* Some of these decisions could be handled in preprocessing, |
|||
* but the code tends to get even uglier, and the penalty for |
|||
* deciding at compile- or run-time is tiny. |
|||
*/ |
|||
char **Argv = NULL; |
|||
int free_Argv = 0; |
|||
|
|||
if ((sizeof( _Argv) < 8) /* 32-bit argv[]. */ |
|||
# if !defined( VMS_TRUST_ARGV) |
|||
|| (_Argv[ Argc] != NULL) /* Untrusted argv[argc] not NULL. */ |
|||
# endif |
|||
) |
|||
{ |
|||
int i; |
|||
Argv = OPENSSL_malloc( (Argc+ 1)* sizeof( char *)); |
|||
if (Argv == NULL) |
|||
{ ret = -1; goto end; } |
|||
for(i = 0; i < Argc; i++) |
|||
Argv[i] = _Argv[i]; |
|||
Argv[ Argc] = NULL; /* Certain NULL termination. */ |
|||
free_Argv = 1; |
|||
} |
|||
else |
|||
{ |
|||
/* Use the known-good 32-bit argv[] (which needs the
|
|||
* type cast to satisfy the compiler), or the trusted or |
|||
* tested-good 64-bit argv[] as-is. */ |
|||
Argv = (char **)_Argv; |
|||
} |
|||
#endif /* defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64) */ |
|||
|
|||
arg.data=NULL; |
|||
arg.count=0; |
|||
|
|||
if (bio_err == NULL) |
|||
if ((bio_err=BIO_new(BIO_s_file())) != NULL) |
|||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); |
|||
|
|||
if (getenv("OPENSSL_DEBUG_MEMORY") != NULL) /* if not defined, use compiled-in library defaults */ |
|||
{ |
|||
if (!(0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))) |
|||
{ |
|||
CRYPTO_malloc_debug_init(); |
|||
CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); |
|||
} |
|||
else |
|||
{ |
|||
/* OPENSSL_DEBUG_MEMORY=off */ |
|||
CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0); |
|||
} |
|||
} |
|||
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); |
|||
|
|||
#if 0 |
|||
if (getenv("OPENSSL_DEBUG_LOCKING") != NULL) |
|||
#endif |
|||
{ |
|||
CRYPTO_set_locking_callback(lock_dbg_cb); |
|||
} |
|||
|
|||
if(getenv("OPENSSL_FIPS")) { |
|||
#ifdef OPENSSL_FIPS |
|||
if (!FIPS_mode_set(1)) { |
|||
ERR_load_crypto_strings(); |
|||
ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); |
|||
EXIT(1); |
|||
} |
|||
#else |
|||
fprintf(stderr, "FIPS mode not supported.\n"); |
|||
EXIT(1); |
|||
#endif |
|||
} |
|||
|
|||
apps_startup(); |
|||
|
|||
/* Lets load up our environment a little */ |
|||
p=getenv("OPENSSL_CONF"); |
|||
if (p == NULL) |
|||
p=getenv("SSLEAY_CONF"); |
|||
if (p == NULL) |
|||
p=to_free=make_config_name(); |
|||
|
|||
default_config_file=p; |
|||
|
|||
config=NCONF_new(NULL); |
|||
i=NCONF_load(config,p,&errline); |
|||
if (i == 0) |
|||
{ |
|||
if (ERR_GET_REASON(ERR_peek_last_error()) |
|||
== CONF_R_NO_SUCH_FILE) |
|||
{ |
|||
BIO_printf(bio_err, |
|||
"WARNING: can't open config file: %s\n",p); |
|||
ERR_clear_error(); |
|||
NCONF_free(config); |
|||
config = NULL; |
|||
} |
|||
else |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
NCONF_free(config); |
|||
exit(1); |
|||
} |
|||
} |
|||
|
|||
prog=prog_init(); |
|||
|
|||
/* first check the program name */ |
|||
program_name(Argv[0],pname,sizeof pname); |
|||
|
|||
f.name=pname; |
|||
fp=lh_FUNCTION_retrieve(prog,&f); |
|||
if (fp != NULL) |
|||
{ |
|||
Argv[0]=pname; |
|||
ret=fp->func(Argc,Argv); |
|||
goto end; |
|||
} |
|||
|
|||
/* ok, now check that there are not arguments, if there are,
|
|||
* run with them, shifting the ssleay off the front */ |
|||
if (Argc != 1) |
|||
{ |
|||
Argc--; |
|||
Argv++; |
|||
ret=do_cmd(prog,Argc,Argv); |
|||
if (ret < 0) ret=0; |
|||
goto end; |
|||
} |
|||
|
|||
/* ok, lets enter the old 'OpenSSL>' mode */ |
|||
|
|||
for (;;) |
|||
{ |
|||
ret=0; |
|||
p=buf; |
|||
n=sizeof buf; |
|||
i=0; |
|||
for (;;) |
|||
{ |
|||
p[0]='\0'; |
|||
if (i++) |
|||
prompt=">"; |
|||
else prompt="OpenSSL> "; |
|||
fputs(prompt,stdout); |
|||
fflush(stdout); |
|||
if (!fgets(p,n,stdin)) |
|||
goto end; |
|||
if (p[0] == '\0') goto end; |
|||
i=strlen(p); |
|||
if (i <= 1) break; |
|||
if (p[i-2] != '\\') break; |
|||
i-=2; |
|||
p+=i; |
|||
n-=i; |
|||
} |
|||
if (!chopup_args(&arg,buf,&argc,&argv)) break; |
|||
|
|||
ret=do_cmd(prog,argc,argv); |
|||
if (ret < 0) |
|||
{ |
|||
ret=0; |
|||
goto end; |
|||
} |
|||
if (ret != 0) |
|||
BIO_printf(bio_err,"error in %s\n",argv[0]); |
|||
(void)BIO_flush(bio_err); |
|||
} |
|||
BIO_printf(bio_err,"bad exit\n"); |
|||
ret=1; |
|||
end: |
|||
if (to_free) |
|||
OPENSSL_free(to_free); |
|||
if (config != NULL) |
|||
{ |
|||
NCONF_free(config); |
|||
config=NULL; |
|||
} |
|||
if (prog != NULL) lh_FUNCTION_free(prog); |
|||
if (arg.data != NULL) OPENSSL_free(arg.data); |
|||
|
|||
apps_shutdown(); |
|||
|
|||
CRYPTO_mem_leaks(bio_err); |
|||
if (bio_err != NULL) |
|||
{ |
|||
BIO_free(bio_err); |
|||
bio_err=NULL; |
|||
} |
|||
#if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64) |
|||
/* Free any duplicate Argv[] storage. */ |
|||
if (free_Argv) |
|||
{ |
|||
OPENSSL_free(Argv); |
|||
} |
|||
#endif |
|||
OPENSSL_EXIT(ret); |
|||
} |
|||
|
|||
#define LIST_STANDARD_COMMANDS "list-standard-commands" |
|||
#define LIST_MESSAGE_DIGEST_COMMANDS "list-message-digest-commands" |
|||
#define LIST_MESSAGE_DIGEST_ALGORITHMS "list-message-digest-algorithms" |
|||
#define LIST_CIPHER_COMMANDS "list-cipher-commands" |
|||
#define LIST_CIPHER_ALGORITHMS "list-cipher-algorithms" |
|||
#define LIST_PUBLIC_KEY_ALGORITHMS "list-public-key-algorithms" |
|||
|
|||
|
|||
static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[]) |
|||
{ |
|||
FUNCTION f,*fp; |
|||
int i,ret=1,tp,nl; |
|||
|
|||
if ((argc <= 0) || (argv[0] == NULL)) |
|||
{ ret=0; goto end; } |
|||
f.name=argv[0]; |
|||
fp=lh_FUNCTION_retrieve(prog,&f); |
|||
if (fp == NULL) |
|||
{ |
|||
if (EVP_get_digestbyname(argv[0])) |
|||
{ |
|||
f.type = FUNC_TYPE_MD; |
|||
f.func = dgst_main; |
|||
fp = &f; |
|||
} |
|||
else if (EVP_get_cipherbyname(argv[0])) |
|||
{ |
|||
f.type = FUNC_TYPE_CIPHER; |
|||
f.func = enc_main; |
|||
fp = &f; |
|||
} |
|||
} |
|||
if (fp != NULL) |
|||
{ |
|||
ret=fp->func(argc,argv); |
|||
} |
|||
else if ((strncmp(argv[0],"no-",3)) == 0) |
|||
{ |
|||
BIO *bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
bio_stdout = BIO_push(tmpbio, bio_stdout); |
|||
} |
|||
#endif |
|||
f.name=argv[0]+3; |
|||
ret = (lh_FUNCTION_retrieve(prog,&f) != NULL); |
|||
if (!ret) |
|||
BIO_printf(bio_stdout, "%s\n", argv[0]); |
|||
else |
|||
BIO_printf(bio_stdout, "%s\n", argv[0]+3); |
|||
BIO_free_all(bio_stdout); |
|||
goto end; |
|||
} |
|||
else if ((strcmp(argv[0],"quit") == 0) || |
|||
(strcmp(argv[0],"q") == 0) || |
|||
(strcmp(argv[0],"exit") == 0) || |
|||
(strcmp(argv[0],"bye") == 0)) |
|||
{ |
|||
ret= -1; |
|||
goto end; |
|||
} |
|||
else if ((strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0) || |
|||
(strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0) || |
|||
(strcmp(argv[0],LIST_MESSAGE_DIGEST_ALGORITHMS) == 0) || |
|||
(strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0) || |
|||
(strcmp(argv[0],LIST_CIPHER_ALGORITHMS) == 0) || |
|||
(strcmp(argv[0],LIST_PUBLIC_KEY_ALGORITHMS) == 0)) |
|||
{ |
|||
int list_type; |
|||
BIO *bio_stdout; |
|||
|
|||
if (strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0) |
|||
list_type = FUNC_TYPE_GENERAL; |
|||
else if (strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0) |
|||
list_type = FUNC_TYPE_MD; |
|||
else if (strcmp(argv[0],LIST_MESSAGE_DIGEST_ALGORITHMS) == 0) |
|||
list_type = FUNC_TYPE_MD_ALG; |
|||
else if (strcmp(argv[0],LIST_PUBLIC_KEY_ALGORITHMS) == 0) |
|||
list_type = FUNC_TYPE_PKEY; |
|||
else if (strcmp(argv[0],LIST_CIPHER_ALGORITHMS) == 0) |
|||
list_type = FUNC_TYPE_CIPHER_ALG; |
|||
else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */ |
|||
list_type = FUNC_TYPE_CIPHER; |
|||
bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
bio_stdout = BIO_push(tmpbio, bio_stdout); |
|||
} |
|||
#endif |
|||
|
|||
if (!load_config(bio_err, NULL)) |
|||
goto end; |
|||
|
|||
if (list_type == FUNC_TYPE_PKEY) |
|||
list_pkey(bio_stdout); |
|||
if (list_type == FUNC_TYPE_MD_ALG) |
|||
list_md(bio_stdout); |
|||
if (list_type == FUNC_TYPE_CIPHER_ALG) |
|||
list_cipher(bio_stdout); |
|||
else |
|||
{ |
|||
for (fp=functions; fp->name != NULL; fp++) |
|||
if (fp->type == list_type) |
|||
BIO_printf(bio_stdout, "%s\n", |
|||
fp->name); |
|||
} |
|||
BIO_free_all(bio_stdout); |
|||
ret=0; |
|||
goto end; |
|||
} |
|||
else |
|||
{ |
|||
BIO_printf(bio_err,"openssl:Error: '%s' is an invalid command.\n", |
|||
argv[0]); |
|||
BIO_printf(bio_err, "\nStandard commands"); |
|||
i=0; |
|||
tp=0; |
|||
for (fp=functions; fp->name != NULL; fp++) |
|||
{ |
|||
nl=0; |
|||
#ifdef OPENSSL_NO_CAMELLIA |
|||
if (((i++) % 5) == 0) |
|||
#else |
|||
if (((i++) % 4) == 0) |
|||
#endif |
|||
{ |
|||
BIO_printf(bio_err,"\n"); |
|||
nl=1; |
|||
} |
|||
if (fp->type != tp) |
|||
{ |
|||
tp=fp->type; |
|||
if (!nl) BIO_printf(bio_err,"\n"); |
|||
if (tp == FUNC_TYPE_MD) |
|||
{ |
|||
i=1; |
|||
BIO_printf(bio_err, |
|||
"\nMessage Digest commands (see the `dgst' command for more details)\n"); |
|||
} |
|||
else if (tp == FUNC_TYPE_CIPHER) |
|||
{ |
|||
i=1; |
|||
BIO_printf(bio_err,"\nCipher commands (see the `enc' command for more details)\n"); |
|||
} |
|||
} |
|||
#ifdef OPENSSL_NO_CAMELLIA |
|||
BIO_printf(bio_err,"%-15s",fp->name); |
|||
#else |
|||
BIO_printf(bio_err,"%-18s",fp->name); |
|||
#endif |
|||
} |
|||
BIO_printf(bio_err,"\n\n"); |
|||
ret=0; |
|||
} |
|||
end: |
|||
return(ret); |
|||
} |
|||
|
|||
static int SortFnByName(const void *_f1,const void *_f2) |
|||
{ |
|||
const FUNCTION *f1=_f1; |
|||
const FUNCTION *f2=_f2; |
|||
|
|||
if(f1->type != f2->type) |
|||
return f1->type-f2->type; |
|||
return strcmp(f1->name,f2->name); |
|||
} |
|||
|
|||
static void list_pkey(BIO *out) |
|||
{ |
|||
int i; |
|||
for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) |
|||
{ |
|||
const EVP_PKEY_ASN1_METHOD *ameth; |
|||
int pkey_id, pkey_base_id, pkey_flags; |
|||
const char *pinfo, *pem_str; |
|||
ameth = EVP_PKEY_asn1_get0(i); |
|||
EVP_PKEY_asn1_get0_info(&pkey_id, &pkey_base_id, &pkey_flags, |
|||
&pinfo, &pem_str, ameth); |
|||
if (pkey_flags & ASN1_PKEY_ALIAS) |
|||
{ |
|||
BIO_printf(out, "Name: %s\n", |
|||
OBJ_nid2ln(pkey_id)); |
|||
BIO_printf(out, "\tType: Alias to %s\n", |
|||
OBJ_nid2ln(pkey_base_id)); |
|||
} |
|||
else |
|||
{ |
|||
BIO_printf(out, "Name: %s\n", pinfo); |
|||
BIO_printf(out, "\tType: %s Algorithm\n", |
|||
pkey_flags & ASN1_PKEY_DYNAMIC ? |
|||
"External" : "Builtin"); |
|||
BIO_printf(out, "\tOID: %s\n", OBJ_nid2ln(pkey_id)); |
|||
if (pem_str == NULL) |
|||
pem_str = "(none)"; |
|||
BIO_printf(out, "\tPEM string: %s\n", pem_str); |
|||
} |
|||
|
|||
} |
|||
} |
|||
|
|||
static void list_cipher_fn(const EVP_CIPHER *c, |
|||
const char *from, const char *to, void *arg) |
|||
{ |
|||
if (c) |
|||
BIO_printf(arg, "%s\n", EVP_CIPHER_name(c)); |
|||
else |
|||
{ |
|||
if (!from) |
|||
from = "<undefined>"; |
|||
if (!to) |
|||
to = "<undefined>"; |
|||
BIO_printf(arg, "%s => %s\n", from, to); |
|||
} |
|||
} |
|||
|
|||
static void list_cipher(BIO *out) |
|||
{ |
|||
EVP_CIPHER_do_all_sorted(list_cipher_fn, out); |
|||
} |
|||
|
|||
static void list_md_fn(const EVP_MD *m, |
|||
const char *from, const char *to, void *arg) |
|||
{ |
|||
if (m) |
|||
BIO_printf(arg, "%s\n", EVP_MD_name(m)); |
|||
else |
|||
{ |
|||
if (!from) |
|||
from = "<undefined>"; |
|||
if (!to) |
|||
to = "<undefined>"; |
|||
BIO_printf(arg, "%s => %s\n", from, to); |
|||
} |
|||
} |
|||
|
|||
static void list_md(BIO *out) |
|||
{ |
|||
EVP_MD_do_all_sorted(list_md_fn, out); |
|||
} |
|||
|
|||
static int MS_CALLBACK function_cmp(const FUNCTION *a, const FUNCTION *b) |
|||
{ |
|||
return strncmp(a->name,b->name,8); |
|||
} |
|||
static IMPLEMENT_LHASH_COMP_FN(function, FUNCTION) |
|||
|
|||
static unsigned long MS_CALLBACK function_hash(const FUNCTION *a) |
|||
{ |
|||
return lh_strhash(a->name); |
|||
} |
|||
static IMPLEMENT_LHASH_HASH_FN(function, FUNCTION) |
|||
|
|||
static LHASH_OF(FUNCTION) *prog_init(void) |
|||
{ |
|||
LHASH_OF(FUNCTION) *ret; |
|||
FUNCTION *f; |
|||
size_t i; |
|||
|
|||
/* Purely so it looks nice when the user hits ? */ |
|||
for(i=0,f=functions ; f->name != NULL ; ++f,++i) |
|||
; |
|||
qsort(functions,i,sizeof *functions,SortFnByName); |
|||
|
|||
if ((ret=lh_FUNCTION_new()) == NULL) |
|||
return(NULL); |
|||
|
|||
for (f=functions; f->name != NULL; f++) |
|||
(void)lh_FUNCTION_insert(ret,f); |
|||
return(ret); |
|||
} |
|||
|
@ -0,0 +1,350 @@ |
|||
# |
|||
# OpenSSL example configuration file. |
|||
# This is mostly being used for generation of certificate requests. |
|||
# |
|||
|
|||
# This definition stops the following lines choking if HOME isn't |
|||
# defined. |
|||
HOME = . |
|||
RANDFILE = $ENV::HOME/.rnd |
|||
|
|||
# Extra OBJECT IDENTIFIER info: |
|||
#oid_file = $ENV::HOME/.oid |
|||
oid_section = new_oids |
|||
|
|||
# To use this configuration file with the "-extfile" option of the |
|||
# "openssl x509" utility, name here the section containing the |
|||
# X.509v3 extensions to use: |
|||
# extensions = |
|||
# (Alternatively, use a configuration file that has only |
|||
# X.509v3 extensions in its main [= default] section.) |
|||
|
|||
[ new_oids ] |
|||
|
|||
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'. |
|||
# Add a simple OID like this: |
|||
# testoid1=1.2.3.4 |
|||
# Or use config file substitution like this: |
|||
# testoid2=${testoid1}.5.6 |
|||
|
|||
# Policies used by the TSA examples. |
|||
tsa_policy1 = 1.2.3.4.1 |
|||
tsa_policy2 = 1.2.3.4.5.6 |
|||
tsa_policy3 = 1.2.3.4.5.7 |
|||
|
|||
#################################################################### |
|||
[ ca ] |
|||
default_ca = CA_default # The default ca section |
|||
|
|||
#################################################################### |
|||
[ CA_default ] |
|||
|
|||
dir = ./demoCA # Where everything is kept |
|||
certs = $dir/certs # Where the issued certs are kept |
|||
crl_dir = $dir/crl # Where the issued crl are kept |
|||
database = $dir/index.txt # database index file. |
|||
#unique_subject = no # Set to 'no' to allow creation of |
|||
# several ctificates with same subject. |
|||
new_certs_dir = $dir/newcerts # default place for new certs. |
|||
|
|||
certificate = $dir/cacert.pem # The CA certificate |
|||
serial = $dir/serial # The current serial number |
|||
crlnumber = $dir/crlnumber # the current crl number |
|||
# must be commented out to leave a V1 CRL |
|||
crl = $dir/crl.pem # The current CRL |
|||
private_key = $dir/private/cakey.pem# The private key |
|||
RANDFILE = $dir/private/.rand # private random number file |
|||
|
|||
x509_extensions = usr_cert # The extentions to add to the cert |
|||
|
|||
# Comment out the following two lines for the "traditional" |
|||
# (and highly broken) format. |
|||
name_opt = ca_default # Subject Name options |
|||
cert_opt = ca_default # Certificate field options |
|||
|
|||
# Extension copying option: use with caution. |
|||
# copy_extensions = copy |
|||
|
|||
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs |
|||
# so this is commented out by default to leave a V1 CRL. |
|||
# crlnumber must also be commented out to leave a V1 CRL. |
|||
# crl_extensions = crl_ext |
|||
|
|||
default_days = 365 # how long to certify for |
|||
default_crl_days= 30 # how long before next CRL |
|||
default_md = default # use public key default MD |
|||
preserve = no # keep passed DN ordering |
|||
|
|||
# A few difference way of specifying how similar the request should look |
|||
# For type CA, the listed attributes must be the same, and the optional |
|||
# and supplied fields are just that :-) |
|||
policy = policy_match |
|||
|
|||
# For the CA policy |
|||
[ policy_match ] |
|||
countryName = match |
|||
stateOrProvinceName = match |
|||
organizationName = match |
|||
organizationalUnitName = optional |
|||
commonName = supplied |
|||
emailAddress = optional |
|||
|
|||
# For the 'anything' policy |
|||
# At this point in time, you must list all acceptable 'object' |
|||
# types. |
|||
[ policy_anything ] |
|||
countryName = optional |
|||
stateOrProvinceName = optional |
|||
localityName = optional |
|||
organizationName = optional |
|||
organizationalUnitName = optional |
|||
commonName = supplied |
|||
emailAddress = optional |
|||
|
|||
#################################################################### |
|||
[ req ] |
|||
default_bits = 1024 |
|||
default_keyfile = privkey.pem |
|||
distinguished_name = req_distinguished_name |
|||
attributes = req_attributes |
|||
x509_extensions = v3_ca # The extentions to add to the self signed cert |
|||
|
|||
# Passwords for private keys if not present they will be prompted for |
|||
# input_password = secret |
|||
# output_password = secret |
|||
|
|||
# This sets a mask for permitted string types. There are several options. |
|||
# default: PrintableString, T61String, BMPString. |
|||
# pkix : PrintableString, BMPString (PKIX recommendation before 2004) |
|||
# utf8only: only UTF8Strings (PKIX recommendation after 2004). |
|||
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). |
|||
# MASK:XXXX a literal mask value. |
|||
# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. |
|||
string_mask = utf8only |
|||
|
|||
# req_extensions = v3_req # The extensions to add to a certificate request |
|||
|
|||
[ req_distinguished_name ] |
|||
countryName = Country Name (2 letter code) |
|||
countryName_default = AU |
|||
countryName_min = 2 |
|||
countryName_max = 2 |
|||
|
|||
stateOrProvinceName = State or Province Name (full name) |
|||
stateOrProvinceName_default = Some-State |
|||
|
|||
localityName = Locality Name (eg, city) |
|||
|
|||
0.organizationName = Organization Name (eg, company) |
|||
0.organizationName_default = Internet Widgits Pty Ltd |
|||
|
|||
# we can do this but it is not needed normally :-) |
|||
#1.organizationName = Second Organization Name (eg, company) |
|||
#1.organizationName_default = World Wide Web Pty Ltd |
|||
|
|||
organizationalUnitName = Organizational Unit Name (eg, section) |
|||
#organizationalUnitName_default = |
|||
|
|||
commonName = Common Name (e.g. server FQDN or YOUR name) |
|||
commonName_max = 64 |
|||
|
|||
emailAddress = Email Address |
|||
emailAddress_max = 64 |
|||
|
|||
# SET-ex3 = SET extension number 3 |
|||
|
|||
[ req_attributes ] |
|||
challengePassword = A challenge password |
|||
challengePassword_min = 4 |
|||
challengePassword_max = 20 |
|||
|
|||
unstructuredName = An optional company name |
|||
|
|||
[ usr_cert ] |
|||
|
|||
# These extensions are added when 'ca' signs a request. |
|||
|
|||
# This goes against PKIX guidelines but some CAs do it and some software |
|||
# requires this to avoid interpreting an end user certificate as a CA. |
|||
|
|||
basicConstraints=CA:FALSE |
|||
|
|||
# Here are some examples of the usage of nsCertType. If it is omitted |
|||
# the certificate can be used for anything *except* object signing. |
|||
|
|||
# This is OK for an SSL server. |
|||
# nsCertType = server |
|||
|
|||
# For an object signing certificate this would be used. |
|||
# nsCertType = objsign |
|||
|
|||
# For normal client use this is typical |
|||
# nsCertType = client, email |
|||
|
|||
# and for everything including object signing: |
|||
# nsCertType = client, email, objsign |
|||
|
|||
# This is typical in keyUsage for a client certificate. |
|||
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment |
|||
|
|||
# This will be displayed in Netscape's comment listbox. |
|||
nsComment = "OpenSSL Generated Certificate" |
|||
|
|||
# PKIX recommendations harmless if included in all certificates. |
|||
subjectKeyIdentifier=hash |
|||
authorityKeyIdentifier=keyid,issuer |
|||
|
|||
# This stuff is for subjectAltName and issuerAltname. |
|||
# Import the email address. |
|||
# subjectAltName=email:copy |
|||
# An alternative to produce certificates that aren't |
|||
# deprecated according to PKIX. |
|||
# subjectAltName=email:move |
|||
|
|||
# Copy subject details |
|||
# issuerAltName=issuer:copy |
|||
|
|||
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem |
|||
#nsBaseUrl |
|||
#nsRevocationUrl |
|||
#nsRenewalUrl |
|||
#nsCaPolicyUrl |
|||
#nsSslServerName |
|||
|
|||
# This is required for TSA certificates. |
|||
# extendedKeyUsage = critical,timeStamping |
|||
|
|||
[ v3_req ] |
|||
|
|||
# Extensions to add to a certificate request |
|||
|
|||
basicConstraints = CA:FALSE |
|||
keyUsage = nonRepudiation, digitalSignature, keyEncipherment |
|||
|
|||
[ v3_ca ] |
|||
|
|||
|
|||
# Extensions for a typical CA |
|||
|
|||
|
|||
# PKIX recommendation. |
|||
|
|||
subjectKeyIdentifier=hash |
|||
|
|||
authorityKeyIdentifier=keyid:always,issuer |
|||
|
|||
# This is what PKIX recommends but some broken software chokes on critical |
|||
# extensions. |
|||
#basicConstraints = critical,CA:true |
|||
# So we do this instead. |
|||
basicConstraints = CA:true |
|||
|
|||
# Key usage: this is typical for a CA certificate. However since it will |
|||
# prevent it being used as an test self-signed certificate it is best |
|||
# left out by default. |
|||
# keyUsage = cRLSign, keyCertSign |
|||
|
|||
# Some might want this also |
|||
# nsCertType = sslCA, emailCA |
|||
|
|||
# Include email address in subject alt name: another PKIX recommendation |
|||
# subjectAltName=email:copy |
|||
# Copy issuer details |
|||
# issuerAltName=issuer:copy |
|||
|
|||
# DER hex encoding of an extension: beware experts only! |
|||
# obj=DER:02:03 |
|||
# Where 'obj' is a standard or added object |
|||
# You can even override a supported extension: |
|||
# basicConstraints= critical, DER:30:03:01:01:FF |
|||
|
|||
[ crl_ext ] |
|||
|
|||
# CRL extensions. |
|||
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. |
|||
|
|||
# issuerAltName=issuer:copy |
|||
authorityKeyIdentifier=keyid:always |
|||
|
|||
[ proxy_cert_ext ] |
|||
# These extensions should be added when creating a proxy certificate |
|||
|
|||
# This goes against PKIX guidelines but some CAs do it and some software |
|||
# requires this to avoid interpreting an end user certificate as a CA. |
|||
|
|||
basicConstraints=CA:FALSE |
|||
|
|||
# Here are some examples of the usage of nsCertType. If it is omitted |
|||
# the certificate can be used for anything *except* object signing. |
|||
|
|||
# This is OK for an SSL server. |
|||
# nsCertType = server |
|||
|
|||
# For an object signing certificate this would be used. |
|||
# nsCertType = objsign |
|||
|
|||
# For normal client use this is typical |
|||
# nsCertType = client, email |
|||
|
|||
# and for everything including object signing: |
|||
# nsCertType = client, email, objsign |
|||
|
|||
# This is typical in keyUsage for a client certificate. |
|||
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment |
|||
|
|||
# This will be displayed in Netscape's comment listbox. |
|||
nsComment = "OpenSSL Generated Certificate" |
|||
|
|||
# PKIX recommendations harmless if included in all certificates. |
|||
subjectKeyIdentifier=hash |
|||
authorityKeyIdentifier=keyid,issuer |
|||
|
|||
# This stuff is for subjectAltName and issuerAltname. |
|||
# Import the email address. |
|||
# subjectAltName=email:copy |
|||
# An alternative to produce certificates that aren't |
|||
# deprecated according to PKIX. |
|||
# subjectAltName=email:move |
|||
|
|||
# Copy subject details |
|||
# issuerAltName=issuer:copy |
|||
|
|||
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem |
|||
#nsBaseUrl |
|||
#nsRevocationUrl |
|||
#nsRenewalUrl |
|||
#nsCaPolicyUrl |
|||
#nsSslServerName |
|||
|
|||
# This really needs to be in place for it to be a proxy certificate. |
|||
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo |
|||
|
|||
#################################################################### |
|||
[ tsa ] |
|||
|
|||
default_tsa = tsa_config1 # the default TSA section |
|||
|
|||
[ tsa_config1 ] |
|||
|
|||
# These are used by the TSA reply generation only. |
|||
dir = ./demoCA # TSA root directory |
|||
serial = $dir/tsaserial # The current serial number (mandatory) |
|||
crypto_device = builtin # OpenSSL engine to use for signing |
|||
signer_cert = $dir/tsacert.pem # The TSA signing certificate |
|||
# (optional) |
|||
certs = $dir/cacert.pem # Certificate chain to include in reply |
|||
# (optional) |
|||
signer_key = $dir/private/tsakey.pem # The TSA private key (optional) |
|||
|
|||
default_policy = tsa_policy1 # Policy if request did not specify it |
|||
# (optional) |
|||
other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) |
|||
digests = md5, sha1 # Acceptable message digests (mandatory) |
|||
accuracy = secs:1, millisecs:500, microsecs:100 # (optional) |
|||
clock_precision_digits = 0 # number of digits after dot. (optional) |
|||
ordering = yes # Is ordering defined for timestamps? |
|||
# (optional, default: no) |
|||
tsa_name = yes # Must the TSA name be included in the reply? |
|||
# (optional, default: no) |
|||
ess_cert_id_chain = no # Must the ESS cert id chain be included? |
|||
# (optional, default: no) |
@ -0,0 +1,512 @@ |
|||
/* apps/passwd.c */ |
|||
|
|||
#if defined OPENSSL_NO_MD5 || defined CHARSET_EBCDIC |
|||
# define NO_MD5CRYPT_1 |
|||
#endif |
|||
|
|||
#if !defined(OPENSSL_NO_DES) || !defined(NO_MD5CRYPT_1) |
|||
|
|||
#include <assert.h> |
|||
#include <string.h> |
|||
|
|||
#include "apps.h" |
|||
|
|||
#include <openssl/bio.h> |
|||
#include <openssl/err.h> |
|||
#include <openssl/evp.h> |
|||
#include <openssl/rand.h> |
|||
#ifndef OPENSSL_NO_DES |
|||
# include <openssl/des.h> |
|||
#endif |
|||
#ifndef NO_MD5CRYPT_1 |
|||
# include <openssl/md5.h> |
|||
#endif |
|||
|
|||
|
|||
#undef PROG |
|||
#define PROG passwd_main |
|||
|
|||
|
|||
static unsigned const char cov_2char[64]={ |
|||
/* from crypto/des/fcrypt.c */ |
|||
0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35, |
|||
0x36,0x37,0x38,0x39,0x41,0x42,0x43,0x44, |
|||
0x45,0x46,0x47,0x48,0x49,0x4A,0x4B,0x4C, |
|||
0x4D,0x4E,0x4F,0x50,0x51,0x52,0x53,0x54, |
|||
0x55,0x56,0x57,0x58,0x59,0x5A,0x61,0x62, |
|||
0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6A, |
|||
0x6B,0x6C,0x6D,0x6E,0x6F,0x70,0x71,0x72, |
|||
0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A |
|||
}; |
|||
|
|||
static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, |
|||
char *passwd, BIO *out, int quiet, int table, int reverse, |
|||
size_t pw_maxlen, int usecrypt, int use1, int useapr1); |
|||
|
|||
/* -crypt - standard Unix password algorithm (default)
|
|||
* -1 - MD5-based password algorithm |
|||
* -apr1 - MD5-based password algorithm, Apache variant |
|||
* -salt string - salt |
|||
* -in file - read passwords from file |
|||
* -stdin - read passwords from stdin |
|||
* -noverify - never verify when reading password from terminal |
|||
* -quiet - no warnings |
|||
* -table - format output as table |
|||
* -reverse - switch table columns |
|||
*/ |
|||
|
|||
int MAIN(int, char **); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
int ret = 1; |
|||
char *infile = NULL; |
|||
int in_stdin = 0; |
|||
int in_noverify = 0; |
|||
char *salt = NULL, *passwd = NULL, **passwds = NULL; |
|||
char *salt_malloc = NULL, *passwd_malloc = NULL; |
|||
size_t passwd_malloc_size = 0; |
|||
int pw_source_defined = 0; |
|||
BIO *in = NULL, *out = NULL; |
|||
int i, badopt, opt_done; |
|||
int passed_salt = 0, quiet = 0, table = 0, reverse = 0; |
|||
int usecrypt = 0, use1 = 0, useapr1 = 0; |
|||
size_t pw_maxlen = 0; |
|||
|
|||
apps_startup(); |
|||
|
|||
if (bio_err == NULL) |
|||
if ((bio_err=BIO_new(BIO_s_file())) != NULL) |
|||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); |
|||
|
|||
if (!load_config(bio_err, NULL)) |
|||
goto err; |
|||
out = BIO_new(BIO_s_file()); |
|||
if (out == NULL) |
|||
goto err; |
|||
BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
out = BIO_push(tmpbio, out); |
|||
} |
|||
#endif |
|||
|
|||
badopt = 0, opt_done = 0; |
|||
i = 0; |
|||
while (!badopt && !opt_done && argv[++i] != NULL) |
|||
{ |
|||
if (strcmp(argv[i], "-crypt") == 0) |
|||
usecrypt = 1; |
|||
else if (strcmp(argv[i], "-1") == 0) |
|||
use1 = 1; |
|||
else if (strcmp(argv[i], "-apr1") == 0) |
|||
useapr1 = 1; |
|||
else if (strcmp(argv[i], "-salt") == 0) |
|||
{ |
|||
if ((argv[i+1] != NULL) && (salt == NULL)) |
|||
{ |
|||
passed_salt = 1; |
|||
salt = argv[++i]; |
|||
} |
|||
else |
|||
badopt = 1; |
|||
} |
|||
else if (strcmp(argv[i], "-in") == 0) |
|||
{ |
|||
if ((argv[i+1] != NULL) && !pw_source_defined) |
|||
{ |
|||
pw_source_defined = 1; |
|||
infile = argv[++i]; |
|||
} |
|||
else |
|||
badopt = 1; |
|||
} |
|||
else if (strcmp(argv[i], "-stdin") == 0) |
|||
{ |
|||
if (!pw_source_defined) |
|||
{ |
|||
pw_source_defined = 1; |
|||
in_stdin = 1; |
|||
} |
|||
else |
|||
badopt = 1; |
|||
} |
|||
else if (strcmp(argv[i], "-noverify") == 0) |
|||
in_noverify = 1; |
|||
else if (strcmp(argv[i], "-quiet") == 0) |
|||
quiet = 1; |
|||
else if (strcmp(argv[i], "-table") == 0) |
|||
table = 1; |
|||
else if (strcmp(argv[i], "-reverse") == 0) |
|||
reverse = 1; |
|||
else if (argv[i][0] == '-') |
|||
badopt = 1; |
|||
else if (!pw_source_defined) |
|||
/* non-option arguments, use as passwords */ |
|||
{ |
|||
pw_source_defined = 1; |
|||
passwds = &argv[i]; |
|||
opt_done = 1; |
|||
} |
|||
else |
|||
badopt = 1; |
|||
} |
|||
|
|||
if (!usecrypt && !use1 && !useapr1) /* use default */ |
|||
usecrypt = 1; |
|||
if (usecrypt + use1 + useapr1 > 1) /* conflict */ |
|||
badopt = 1; |
|||
|
|||
/* reject unsupported algorithms */ |
|||
#ifdef OPENSSL_NO_DES |
|||
if (usecrypt) badopt = 1; |
|||
#endif |
|||
#ifdef NO_MD5CRYPT_1 |
|||
if (use1 || useapr1) badopt = 1; |
|||
#endif |
|||
|
|||
if (badopt) |
|||
{ |
|||
BIO_printf(bio_err, "Usage: passwd [options] [passwords]\n"); |
|||
BIO_printf(bio_err, "where options are\n"); |
|||
#ifndef OPENSSL_NO_DES |
|||
BIO_printf(bio_err, "-crypt standard Unix password algorithm (default)\n"); |
|||
#endif |
|||
#ifndef NO_MD5CRYPT_1 |
|||
BIO_printf(bio_err, "-1 MD5-based password algorithm\n"); |
|||
BIO_printf(bio_err, "-apr1 MD5-based password algorithm, Apache variant\n"); |
|||
#endif |
|||
BIO_printf(bio_err, "-salt string use provided salt\n"); |
|||
BIO_printf(bio_err, "-in file read passwords from file\n"); |
|||
BIO_printf(bio_err, "-stdin read passwords from stdin\n"); |
|||
BIO_printf(bio_err, "-noverify never verify when reading password from terminal\n"); |
|||
BIO_printf(bio_err, "-quiet no warnings\n"); |
|||
BIO_printf(bio_err, "-table format output as table\n"); |
|||
BIO_printf(bio_err, "-reverse switch table columns\n"); |
|||
|
|||
goto err; |
|||
} |
|||
|
|||
if ((infile != NULL) || in_stdin) |
|||
{ |
|||
in = BIO_new(BIO_s_file()); |
|||
if (in == NULL) |
|||
goto err; |
|||
if (infile != NULL) |
|||
{ |
|||
assert(in_stdin == 0); |
|||
if (BIO_read_filename(in, infile) <= 0) |
|||
goto err; |
|||
} |
|||
else |
|||
{ |
|||
assert(in_stdin); |
|||
BIO_set_fp(in, stdin, BIO_NOCLOSE); |
|||
} |
|||
} |
|||
|
|||
if (usecrypt) |
|||
pw_maxlen = 8; |
|||
else if (use1 || useapr1) |
|||
pw_maxlen = 256; /* arbitrary limit, should be enough for most passwords */ |
|||
|
|||
if (passwds == NULL) |
|||
{ |
|||
/* no passwords on the command line */ |
|||
|
|||
passwd_malloc_size = pw_maxlen + 2; |
|||
/* longer than necessary so that we can warn about truncation */ |
|||
passwd = passwd_malloc = OPENSSL_malloc(passwd_malloc_size); |
|||
if (passwd_malloc == NULL) |
|||
goto err; |
|||
} |
|||
|
|||
if ((in == NULL) && (passwds == NULL)) |
|||
{ |
|||
/* build a null-terminated list */ |
|||
static char *passwds_static[2] = {NULL, NULL}; |
|||
|
|||
passwds = passwds_static; |
|||
if (in == NULL) |
|||
if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", !(passed_salt || in_noverify)) != 0) |
|||
goto err; |
|||
passwds[0] = passwd_malloc; |
|||
} |
|||
|
|||
if (in == NULL) |
|||
{ |
|||
assert(passwds != NULL); |
|||
assert(*passwds != NULL); |
|||
|
|||
do /* loop over list of passwords */ |
|||
{ |
|||
passwd = *passwds++; |
|||
if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out, |
|||
quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1)) |
|||
goto err; |
|||
} |
|||
while (*passwds != NULL); |
|||
} |
|||
else |
|||
/* in != NULL */ |
|||
{ |
|||
int done; |
|||
|
|||
assert (passwd != NULL); |
|||
do |
|||
{ |
|||
int r = BIO_gets(in, passwd, pw_maxlen + 1); |
|||
if (r > 0) |
|||
{ |
|||
char *c = (strchr(passwd, '\n')) ; |
|||
if (c != NULL) |
|||
*c = 0; /* truncate at newline */ |
|||
else |
|||
{ |
|||
/* ignore rest of line */ |
|||
char trash[BUFSIZ]; |
|||
do |
|||
r = BIO_gets(in, trash, sizeof trash); |
|||
while ((r > 0) && (!strchr(trash, '\n'))); |
|||
} |
|||
|
|||
if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out, |
|||
quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1)) |
|||
goto err; |
|||
} |
|||
done = (r <= 0); |
|||
} |
|||
while (!done); |
|||
} |
|||
ret = 0; |
|||
|
|||
err: |
|||
ERR_print_errors(bio_err); |
|||
if (salt_malloc) |
|||
OPENSSL_free(salt_malloc); |
|||
if (passwd_malloc) |
|||
OPENSSL_free(passwd_malloc); |
|||
if (in) |
|||
BIO_free(in); |
|||
if (out) |
|||
BIO_free_all(out); |
|||
apps_shutdown(); |
|||
OPENSSL_EXIT(ret); |
|||
} |
|||
|
|||
|
|||
#ifndef NO_MD5CRYPT_1 |
|||
/* MD5-based password algorithm (should probably be available as a library
|
|||
* function; then the static buffer would not be acceptable). |
|||
* For magic string "1", this should be compatible to the MD5-based BSD |
|||
* password algorithm. |
|||
* For 'magic' string "apr1", this is compatible to the MD5-based Apache |
|||
* password algorithm. |
|||
* (Apparently, the Apache password algorithm is identical except that the |
|||
* 'magic' string was changed -- the laziest application of the NIH principle |
|||
* I've ever encountered.) |
|||
*/ |
|||
static char *md5crypt(const char *passwd, const char *magic, const char *salt) |
|||
{ |
|||
static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */ |
|||
unsigned char buf[MD5_DIGEST_LENGTH]; |
|||
char *salt_out; |
|||
int n; |
|||
unsigned int i; |
|||
EVP_MD_CTX md,md2; |
|||
size_t passwd_len, salt_len; |
|||
|
|||
passwd_len = strlen(passwd); |
|||
out_buf[0] = '$'; |
|||
out_buf[1] = 0; |
|||
assert(strlen(magic) <= 4); /* "1" or "apr1" */ |
|||
strncat(out_buf, magic, 4); |
|||
strncat(out_buf, "$", 1); |
|||
strncat(out_buf, salt, 8); |
|||
assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */ |
|||
salt_out = out_buf + 2 + strlen(magic); |
|||
salt_len = strlen(salt_out); |
|||
assert(salt_len <= 8); |
|||
|
|||
EVP_MD_CTX_init(&md); |
|||
EVP_DigestInit_ex(&md,EVP_md5(), NULL); |
|||
EVP_DigestUpdate(&md, passwd, passwd_len); |
|||
EVP_DigestUpdate(&md, "$", 1); |
|||
EVP_DigestUpdate(&md, magic, strlen(magic)); |
|||
EVP_DigestUpdate(&md, "$", 1); |
|||
EVP_DigestUpdate(&md, salt_out, salt_len); |
|||
|
|||
EVP_MD_CTX_init(&md2); |
|||
EVP_DigestInit_ex(&md2,EVP_md5(), NULL); |
|||
EVP_DigestUpdate(&md2, passwd, passwd_len); |
|||
EVP_DigestUpdate(&md2, salt_out, salt_len); |
|||
EVP_DigestUpdate(&md2, passwd, passwd_len); |
|||
EVP_DigestFinal_ex(&md2, buf, NULL); |
|||
|
|||
for (i = passwd_len; i > sizeof buf; i -= sizeof buf) |
|||
EVP_DigestUpdate(&md, buf, sizeof buf); |
|||
EVP_DigestUpdate(&md, buf, i); |
|||
|
|||
n = passwd_len; |
|||
while (n) |
|||
{ |
|||
EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1); |
|||
n >>= 1; |
|||
} |
|||
EVP_DigestFinal_ex(&md, buf, NULL); |
|||
|
|||
for (i = 0; i < 1000; i++) |
|||
{ |
|||
EVP_DigestInit_ex(&md2,EVP_md5(), NULL); |
|||
EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *) passwd : buf, |
|||
(i & 1) ? passwd_len : sizeof buf); |
|||
if (i % 3) |
|||
EVP_DigestUpdate(&md2, salt_out, salt_len); |
|||
if (i % 7) |
|||
EVP_DigestUpdate(&md2, passwd, passwd_len); |
|||
EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *) passwd, |
|||
(i & 1) ? sizeof buf : passwd_len); |
|||
EVP_DigestFinal_ex(&md2, buf, NULL); |
|||
} |
|||
EVP_MD_CTX_cleanup(&md2); |
|||
|
|||
{ |
|||
/* transform buf into output string */ |
|||
|
|||
unsigned char buf_perm[sizeof buf]; |
|||
int dest, source; |
|||
char *output; |
|||
|
|||
/* silly output permutation */ |
|||
for (dest = 0, source = 0; dest < 14; dest++, source = (source + 6) % 17) |
|||
buf_perm[dest] = buf[source]; |
|||
buf_perm[14] = buf[5]; |
|||
buf_perm[15] = buf[11]; |
|||
#ifndef PEDANTIC /* Unfortunately, this generates a "no effect" warning */ |
|||
assert(16 == sizeof buf_perm); |
|||
#endif |
|||
|
|||
output = salt_out + salt_len; |
|||
assert(output == out_buf + strlen(out_buf)); |
|||
|
|||
*output++ = '$'; |
|||
|
|||
for (i = 0; i < 15; i += 3) |
|||
{ |
|||
*output++ = cov_2char[buf_perm[i+2] & 0x3f]; |
|||
*output++ = cov_2char[((buf_perm[i+1] & 0xf) << 2) | |
|||
(buf_perm[i+2] >> 6)]; |
|||
*output++ = cov_2char[((buf_perm[i] & 3) << 4) | |
|||
(buf_perm[i+1] >> 4)]; |
|||
*output++ = cov_2char[buf_perm[i] >> 2]; |
|||
} |
|||
assert(i == 15); |
|||
*output++ = cov_2char[buf_perm[i] & 0x3f]; |
|||
*output++ = cov_2char[buf_perm[i] >> 6]; |
|||
*output = 0; |
|||
assert(strlen(out_buf) < sizeof(out_buf)); |
|||
} |
|||
EVP_MD_CTX_cleanup(&md); |
|||
|
|||
return out_buf; |
|||
} |
|||
#endif |
|||
|
|||
|
|||
static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, |
|||
char *passwd, BIO *out, int quiet, int table, int reverse, |
|||
size_t pw_maxlen, int usecrypt, int use1, int useapr1) |
|||
{ |
|||
char *hash = NULL; |
|||
|
|||
assert(salt_p != NULL); |
|||
assert(salt_malloc_p != NULL); |
|||
|
|||
/* first make sure we have a salt */ |
|||
if (!passed_salt) |
|||
{ |
|||
#ifndef OPENSSL_NO_DES |
|||
if (usecrypt) |
|||
{ |
|||
if (*salt_malloc_p == NULL) |
|||
{ |
|||
*salt_p = *salt_malloc_p = OPENSSL_malloc(3); |
|||
if (*salt_malloc_p == NULL) |
|||
goto err; |
|||
} |
|||
if (RAND_pseudo_bytes((unsigned char *)*salt_p, 2) < 0) |
|||
goto err; |
|||
(*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */ |
|||
(*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */ |
|||
(*salt_p)[2] = 0; |
|||
#ifdef CHARSET_EBCDIC |
|||
ascii2ebcdic(*salt_p, *salt_p, 2); /* des_crypt will convert
|
|||
* back to ASCII */ |
|||
#endif |
|||
} |
|||
#endif /* !OPENSSL_NO_DES */ |
|||
|
|||
#ifndef NO_MD5CRYPT_1 |
|||
if (use1 || useapr1) |
|||
{ |
|||
int i; |
|||
|
|||
if (*salt_malloc_p == NULL) |
|||
{ |
|||
*salt_p = *salt_malloc_p = OPENSSL_malloc(9); |
|||
if (*salt_malloc_p == NULL) |
|||
goto err; |
|||
} |
|||
if (RAND_pseudo_bytes((unsigned char *)*salt_p, 8) < 0) |
|||
goto err; |
|||
|
|||
for (i = 0; i < 8; i++) |
|||
(*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */ |
|||
(*salt_p)[8] = 0; |
|||
} |
|||
#endif /* !NO_MD5CRYPT_1 */ |
|||
} |
|||
|
|||
assert(*salt_p != NULL); |
|||
|
|||
/* truncate password if necessary */ |
|||
if ((strlen(passwd) > pw_maxlen)) |
|||
{ |
|||
if (!quiet) |
|||
/* XXX: really we should know how to print a size_t, not cast it */ |
|||
BIO_printf(bio_err, "Warning: truncating password to %u characters\n", (unsigned)pw_maxlen); |
|||
passwd[pw_maxlen] = 0; |
|||
} |
|||
assert(strlen(passwd) <= pw_maxlen); |
|||
|
|||
/* now compute password hash */ |
|||
#ifndef OPENSSL_NO_DES |
|||
if (usecrypt) |
|||
hash = DES_crypt(passwd, *salt_p); |
|||
#endif |
|||
#ifndef NO_MD5CRYPT_1 |
|||
if (use1 || useapr1) |
|||
hash = md5crypt(passwd, (use1 ? "1" : "apr1"), *salt_p); |
|||
#endif |
|||
assert(hash != NULL); |
|||
|
|||
if (table && !reverse) |
|||
BIO_printf(out, "%s\t%s\n", passwd, hash); |
|||
else if (table && reverse) |
|||
BIO_printf(out, "%s\t%s\n", hash, passwd); |
|||
else |
|||
BIO_printf(out, "%s\n", hash); |
|||
return 1; |
|||
|
|||
err: |
|||
return 0; |
|||
} |
|||
#else |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
fputs("Program not available.\n", stderr) |
|||
OPENSSL_EXIT(1); |
|||
} |
|||
#endif |
@ -0,0 +1 @@ |
|||
07 |
@ -0,0 +1,15 @@ |
|||
-----BEGIN RSA PRIVATE KEY----- |
|||
MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg |
|||
wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ |
|||
vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB |
|||
AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc |
|||
z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz |
|||
xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7 |
|||
HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD |
|||
yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS |
|||
xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj |
|||
7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG |
|||
h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL |
|||
QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q |
|||
hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc= |
|||
-----END RSA PRIVATE KEY----- |
@ -0,0 +1,11 @@ |
|||
-----BEGIN CERTIFICATE REQUEST----- |
|||
MIIBmjCCAQMCAQAwXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx |
|||
GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAo |
|||
MTAyNCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfj |
|||
Irkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUX |
|||
MRsp22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3 |
|||
vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAEzz |
|||
IG8NnfpnPTQSCN5zJhOfy6p9AcDyQzuJirYv1HR/qoYWalPh/U2uiK0lAim7qMcv |
|||
wOlK3I7A8B7/4dLqvIqgtUj9b1WT8zIrnwdvJI4osLI2BY+c1pVlp174DHLMol1L |
|||
Cl1e3N5BTm7lCitTYjuUhsw6hiA8IcdNKDo6sktV |
|||
-----END CERTIFICATE REQUEST----- |
@ -0,0 +1,977 @@ |
|||
/* pkcs12.c */ |
|||
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
|
|||
* project. |
|||
*/ |
|||
/* ====================================================================
|
|||
* Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* |
|||
* 1. Redistributions of source code must retain the above copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in |
|||
* the documentation and/or other materials provided with the |
|||
* distribution. |
|||
* |
|||
* 3. All advertising materials mentioning features or use of this |
|||
* software must display the following acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
|
|||
* |
|||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|||
* endorse or promote products derived from this software without |
|||
* prior written permission. For written permission, please contact |
|||
* licensing@OpenSSL.org. |
|||
* |
|||
* 5. Products derived from this software may not be called "OpenSSL" |
|||
* nor may "OpenSSL" appear in their names without prior written |
|||
* permission of the OpenSSL Project. |
|||
* |
|||
* 6. Redistributions of any form whatsoever must retain the following |
|||
* acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
|
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|||
* OF THE POSSIBILITY OF SUCH DAMAGE. |
|||
* ==================================================================== |
|||
* |
|||
* This product includes cryptographic software written by Eric Young |
|||
* (eay@cryptsoft.com). This product includes software written by Tim |
|||
* Hudson (tjh@cryptsoft.com). |
|||
* |
|||
*/ |
|||
|
|||
#include <openssl/opensslconf.h> |
|||
#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1) |
|||
|
|||
#include <stdio.h> |
|||
#include <stdlib.h> |
|||
#include <string.h> |
|||
#include "apps.h" |
|||
#include <openssl/crypto.h> |
|||
#include <openssl/err.h> |
|||
#include <openssl/pem.h> |
|||
#include <openssl/pkcs12.h> |
|||
|
|||
#define PROG pkcs12_main |
|||
|
|||
const EVP_CIPHER *enc; |
|||
|
|||
|
|||
#define NOKEYS 0x1 |
|||
#define NOCERTS 0x2 |
|||
#define INFO 0x4 |
|||
#define CLCERTS 0x8 |
|||
#define CACERTS 0x10 |
|||
|
|||
int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain); |
|||
int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options, char *pempass); |
|||
int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass, |
|||
int passlen, int options, char *pempass); |
|||
int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass); |
|||
int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name); |
|||
void hex_prin(BIO *out, unsigned char *buf, int len); |
|||
int alg_print(BIO *x, X509_ALGOR *alg); |
|||
int cert_load(BIO *in, STACK_OF(X509) *sk); |
|||
static int set_pbe(BIO *err, int *ppbe, const char *str); |
|||
|
|||
int MAIN(int, char **); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
ENGINE *e = NULL; |
|||
char *infile=NULL, *outfile=NULL, *keyname = NULL; |
|||
char *certfile=NULL; |
|||
BIO *in=NULL, *out = NULL; |
|||
char **args; |
|||
char *name = NULL; |
|||
char *csp_name = NULL; |
|||
int add_lmk = 0; |
|||
PKCS12 *p12 = NULL; |
|||
char pass[50], macpass[50]; |
|||
int export_cert = 0; |
|||
int options = 0; |
|||
int chain = 0; |
|||
int badarg = 0; |
|||
int iter = PKCS12_DEFAULT_ITER; |
|||
int maciter = PKCS12_DEFAULT_ITER; |
|||
int twopass = 0; |
|||
int keytype = 0; |
|||
int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; |
|||
int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; |
|||
int ret = 1; |
|||
int macver = 1; |
|||
int noprompt = 0; |
|||
STACK_OF(OPENSSL_STRING) *canames = NULL; |
|||
char *cpass = NULL, *mpass = NULL; |
|||
char *passargin = NULL, *passargout = NULL, *passarg = NULL; |
|||
char *passin = NULL, *passout = NULL; |
|||
char *inrand = NULL; |
|||
char *macalg = NULL; |
|||
char *CApath = NULL, *CAfile = NULL; |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
char *engine=NULL; |
|||
#endif |
|||
|
|||
apps_startup(); |
|||
|
|||
enc = EVP_des_ede3_cbc(); |
|||
if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); |
|||
|
|||
if (!load_config(bio_err, NULL)) |
|||
goto end; |
|||
|
|||
args = argv + 1; |
|||
|
|||
|
|||
while (*args) { |
|||
if (*args[0] == '-') { |
|||
if (!strcmp (*args, "-nokeys")) options |= NOKEYS; |
|||
else if (!strcmp (*args, "-keyex")) keytype = KEY_EX; |
|||
else if (!strcmp (*args, "-keysig")) keytype = KEY_SIG; |
|||
else if (!strcmp (*args, "-nocerts")) options |= NOCERTS; |
|||
else if (!strcmp (*args, "-clcerts")) options |= CLCERTS; |
|||
else if (!strcmp (*args, "-cacerts")) options |= CACERTS; |
|||
else if (!strcmp (*args, "-noout")) options |= (NOKEYS|NOCERTS); |
|||
else if (!strcmp (*args, "-info")) options |= INFO; |
|||
else if (!strcmp (*args, "-chain")) chain = 1; |
|||
else if (!strcmp (*args, "-twopass")) twopass = 1; |
|||
else if (!strcmp (*args, "-nomacver")) macver = 0; |
|||
else if (!strcmp (*args, "-descert")) |
|||
cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; |
|||
else if (!strcmp (*args, "-export")) export_cert = 1; |
|||
else if (!strcmp (*args, "-des")) enc=EVP_des_cbc(); |
|||
else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc(); |
|||
#ifndef OPENSSL_NO_IDEA |
|||
else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc(); |
|||
#endif |
|||
#ifndef OPENSSL_NO_SEED |
|||
else if (!strcmp(*args, "-seed")) enc=EVP_seed_cbc(); |
|||
#endif |
|||
#ifndef OPENSSL_NO_AES |
|||
else if (!strcmp(*args,"-aes128")) enc=EVP_aes_128_cbc(); |
|||
else if (!strcmp(*args,"-aes192")) enc=EVP_aes_192_cbc(); |
|||
else if (!strcmp(*args,"-aes256")) enc=EVP_aes_256_cbc(); |
|||
#endif |
|||
#ifndef OPENSSL_NO_CAMELLIA |
|||
else if (!strcmp(*args,"-camellia128")) enc=EVP_camellia_128_cbc(); |
|||
else if (!strcmp(*args,"-camellia192")) enc=EVP_camellia_192_cbc(); |
|||
else if (!strcmp(*args,"-camellia256")) enc=EVP_camellia_256_cbc(); |
|||
#endif |
|||
else if (!strcmp (*args, "-noiter")) iter = 1; |
|||
else if (!strcmp (*args, "-maciter")) |
|||
maciter = PKCS12_DEFAULT_ITER; |
|||
else if (!strcmp (*args, "-nomaciter")) |
|||
maciter = 1; |
|||
else if (!strcmp (*args, "-nomac")) |
|||
maciter = -1; |
|||
else if (!strcmp (*args, "-macalg")) |
|||
if (args[1]) { |
|||
args++; |
|||
macalg = *args; |
|||
} else badarg = 1; |
|||
else if (!strcmp (*args, "-nodes")) enc=NULL; |
|||
else if (!strcmp (*args, "-certpbe")) { |
|||
if (!set_pbe(bio_err, &cert_pbe, *++args)) |
|||
badarg = 1; |
|||
} else if (!strcmp (*args, "-keypbe")) { |
|||
if (!set_pbe(bio_err, &key_pbe, *++args)) |
|||
badarg = 1; |
|||
} else if (!strcmp (*args, "-rand")) { |
|||
if (args[1]) { |
|||
args++; |
|||
inrand = *args; |
|||
} else badarg = 1; |
|||
} else if (!strcmp (*args, "-inkey")) { |
|||
if (args[1]) { |
|||
args++; |
|||
keyname = *args; |
|||
} else badarg = 1; |
|||
} else if (!strcmp (*args, "-certfile")) { |
|||
if (args[1]) { |
|||
args++; |
|||
certfile = *args; |
|||
} else badarg = 1; |
|||
} else if (!strcmp (*args, "-name")) { |
|||
if (args[1]) { |
|||
args++; |
|||
name = *args; |
|||
} else badarg = 1; |
|||
} else if (!strcmp (*args, "-LMK")) |
|||
add_lmk = 1; |
|||
else if (!strcmp (*args, "-CSP")) { |
|||
if (args[1]) { |
|||
args++; |
|||
csp_name = *args; |
|||
} else badarg = 1; |
|||
} else if (!strcmp (*args, "-caname")) { |
|||
if (args[1]) { |
|||
args++; |
|||
if (!canames) canames = sk_OPENSSL_STRING_new_null(); |
|||
sk_OPENSSL_STRING_push(canames, *args); |
|||
} else badarg = 1; |
|||
} else if (!strcmp (*args, "-in")) { |
|||
if (args[1]) { |
|||
args++; |
|||
infile = *args; |
|||
} else badarg = 1; |
|||
} else if (!strcmp (*args, "-out")) { |
|||
if (args[1]) { |
|||
args++; |
|||
outfile = *args; |
|||
} else badarg = 1; |
|||
} else if (!strcmp(*args,"-passin")) { |
|||
if (args[1]) { |
|||
args++; |
|||
passargin = *args; |
|||
} else badarg = 1; |
|||
} else if (!strcmp(*args,"-passout")) { |
|||
if (args[1]) { |
|||
args++; |
|||
passargout = *args; |
|||
} else badarg = 1; |
|||
} else if (!strcmp (*args, "-password")) { |
|||
if (args[1]) { |
|||
args++; |
|||
passarg = *args; |
|||
noprompt = 1; |
|||
} else badarg = 1; |
|||
} else if (!strcmp(*args,"-CApath")) { |
|||
if (args[1]) { |
|||
args++; |
|||
CApath = *args; |
|||
} else badarg = 1; |
|||
} else if (!strcmp(*args,"-CAfile")) { |
|||
if (args[1]) { |
|||
args++; |
|||
CAfile = *args; |
|||
} else badarg = 1; |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
} else if (!strcmp(*args,"-engine")) { |
|||
if (args[1]) { |
|||
args++; |
|||
engine = *args; |
|||
} else badarg = 1; |
|||
#endif |
|||
} else badarg = 1; |
|||
|
|||
} else badarg = 1; |
|||
args++; |
|||
} |
|||
|
|||
if (badarg) { |
|||
BIO_printf (bio_err, "Usage: pkcs12 [options]\n"); |
|||
BIO_printf (bio_err, "where options are\n"); |
|||
BIO_printf (bio_err, "-export output PKCS12 file\n"); |
|||
BIO_printf (bio_err, "-chain add certificate chain\n"); |
|||
BIO_printf (bio_err, "-inkey file private key if not infile\n"); |
|||
BIO_printf (bio_err, "-certfile f add all certs in f\n"); |
|||
BIO_printf (bio_err, "-CApath arg - PEM format directory of CA's\n"); |
|||
BIO_printf (bio_err, "-CAfile arg - PEM format file of CA's\n"); |
|||
BIO_printf (bio_err, "-name \"name\" use name as friendly name\n"); |
|||
BIO_printf (bio_err, "-caname \"nm\" use nm as CA friendly name (can be used more than once).\n"); |
|||
BIO_printf (bio_err, "-in infile input filename\n"); |
|||
BIO_printf (bio_err, "-out outfile output filename\n"); |
|||
BIO_printf (bio_err, "-noout don't output anything, just verify.\n"); |
|||
BIO_printf (bio_err, "-nomacver don't verify MAC.\n"); |
|||
BIO_printf (bio_err, "-nocerts don't output certificates.\n"); |
|||
BIO_printf (bio_err, "-clcerts only output client certificates.\n"); |
|||
BIO_printf (bio_err, "-cacerts only output CA certificates.\n"); |
|||
BIO_printf (bio_err, "-nokeys don't output private keys.\n"); |
|||
BIO_printf (bio_err, "-info give info about PKCS#12 structure.\n"); |
|||
BIO_printf (bio_err, "-des encrypt private keys with DES\n"); |
|||
BIO_printf (bio_err, "-des3 encrypt private keys with triple DES (default)\n"); |
|||
#ifndef OPENSSL_NO_IDEA |
|||
BIO_printf (bio_err, "-idea encrypt private keys with idea\n"); |
|||
#endif |
|||
#ifndef OPENSSL_NO_SEED |
|||
BIO_printf (bio_err, "-seed encrypt private keys with seed\n"); |
|||
#endif |
|||
#ifndef OPENSSL_NO_AES |
|||
BIO_printf (bio_err, "-aes128, -aes192, -aes256\n"); |
|||
BIO_printf (bio_err, " encrypt PEM output with cbc aes\n"); |
|||
#endif |
|||
#ifndef OPENSSL_NO_CAMELLIA |
|||
BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n"); |
|||
BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n"); |
|||
#endif |
|||
BIO_printf (bio_err, "-nodes don't encrypt private keys\n"); |
|||
BIO_printf (bio_err, "-noiter don't use encryption iteration\n"); |
|||
BIO_printf (bio_err, "-nomaciter don't use MAC iteration\n"); |
|||
BIO_printf (bio_err, "-maciter use MAC iteration\n"); |
|||
BIO_printf (bio_err, "-nomac don't generate MAC\n"); |
|||
BIO_printf (bio_err, "-twopass separate MAC, encryption passwords\n"); |
|||
BIO_printf (bio_err, "-descert encrypt PKCS#12 certificates with triple DES (default RC2-40)\n"); |
|||
BIO_printf (bio_err, "-certpbe alg specify certificate PBE algorithm (default RC2-40)\n"); |
|||
BIO_printf (bio_err, "-keypbe alg specify private key PBE algorithm (default 3DES)\n"); |
|||
BIO_printf (bio_err, "-macalg alg digest algorithm used in MAC (default SHA1)\n"); |
|||
BIO_printf (bio_err, "-keyex set MS key exchange type\n"); |
|||
BIO_printf (bio_err, "-keysig set MS key signature type\n"); |
|||
BIO_printf (bio_err, "-password p set import/export password source\n"); |
|||
BIO_printf (bio_err, "-passin p input file pass phrase source\n"); |
|||
BIO_printf (bio_err, "-passout p output file pass phrase source\n"); |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n"); |
|||
#endif |
|||
BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); |
|||
BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); |
|||
BIO_printf(bio_err, " the random number generator\n"); |
|||
BIO_printf(bio_err, "-CSP name Microsoft CSP name\n"); |
|||
BIO_printf(bio_err, "-LMK Add local machine keyset attribute to private key\n"); |
|||
goto end; |
|||
} |
|||
|
|||
#ifndef OPENSSL_NO_ENGINE |
|||
e = setup_engine(bio_err, engine, 0); |
|||
#endif |
|||
|
|||
if(passarg) { |
|||
if(export_cert) passargout = passarg; |
|||
else passargin = passarg; |
|||
} |
|||
|
|||
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { |
|||
BIO_printf(bio_err, "Error getting passwords\n"); |
|||
goto end; |
|||
} |
|||
|
|||
if(!cpass) { |
|||
if(export_cert) cpass = passout; |
|||
else cpass = passin; |
|||
} |
|||
|
|||
if(cpass) { |
|||
mpass = cpass; |
|||
noprompt = 1; |
|||
} else { |
|||
cpass = pass; |
|||
mpass = macpass; |
|||
} |
|||
|
|||
if(export_cert || inrand) { |
|||
app_RAND_load_file(NULL, bio_err, (inrand != NULL)); |
|||
if (inrand != NULL) |
|||
BIO_printf(bio_err,"%ld semi-random bytes loaded\n", |
|||
app_RAND_load_files(inrand)); |
|||
} |
|||
ERR_load_crypto_strings(); |
|||
|
|||
#ifdef CRYPTO_MDEBUG |
|||
CRYPTO_push_info("read files"); |
|||
#endif |
|||
|
|||
if (!infile) in = BIO_new_fp(stdin, BIO_NOCLOSE); |
|||
else in = BIO_new_file(infile, "rb"); |
|||
if (!in) { |
|||
BIO_printf(bio_err, "Error opening input file %s\n", |
|||
infile ? infile : "<stdin>"); |
|||
perror (infile); |
|||
goto end; |
|||
} |
|||
|
|||
#ifdef CRYPTO_MDEBUG |
|||
CRYPTO_pop_info(); |
|||
CRYPTO_push_info("write files"); |
|||
#endif |
|||
|
|||
if (!outfile) { |
|||
out = BIO_new_fp(stdout, BIO_NOCLOSE); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
out = BIO_push(tmpbio, out); |
|||
} |
|||
#endif |
|||
} else out = BIO_new_file(outfile, "wb"); |
|||
if (!out) { |
|||
BIO_printf(bio_err, "Error opening output file %s\n", |
|||
outfile ? outfile : "<stdout>"); |
|||
perror (outfile); |
|||
goto end; |
|||
} |
|||
if (twopass) { |
|||
#ifdef CRYPTO_MDEBUG |
|||
CRYPTO_push_info("read MAC password"); |
|||
#endif |
|||
if(EVP_read_pw_string (macpass, sizeof macpass, "Enter MAC Password:", export_cert)) |
|||
{ |
|||
BIO_printf (bio_err, "Can't read Password\n"); |
|||
goto end; |
|||
} |
|||
#ifdef CRYPTO_MDEBUG |
|||
CRYPTO_pop_info(); |
|||
#endif |
|||
} |
|||
|
|||
if (export_cert) { |
|||
EVP_PKEY *key = NULL; |
|||
X509 *ucert = NULL, *x = NULL; |
|||
STACK_OF(X509) *certs=NULL; |
|||
const EVP_MD *macmd = NULL; |
|||
unsigned char *catmp = NULL; |
|||
int i; |
|||
|
|||
if ((options & (NOCERTS|NOKEYS)) == (NOCERTS|NOKEYS)) |
|||
{ |
|||
BIO_printf(bio_err, "Nothing to do!\n"); |
|||
goto export_end; |
|||
} |
|||
|
|||
if (options & NOCERTS) |
|||
chain = 0; |
|||
|
|||
#ifdef CRYPTO_MDEBUG |
|||
CRYPTO_push_info("process -export_cert"); |
|||
CRYPTO_push_info("reading private key"); |
|||
#endif |
|||
if (!(options & NOKEYS)) |
|||
{ |
|||
key = load_key(bio_err, keyname ? keyname : infile, |
|||
FORMAT_PEM, 1, passin, e, "private key"); |
|||
if (!key) |
|||
goto export_end; |
|||
} |
|||
|
|||
#ifdef CRYPTO_MDEBUG |
|||
CRYPTO_pop_info(); |
|||
CRYPTO_push_info("reading certs from input"); |
|||
#endif |
|||
|
|||
/* Load in all certs in input file */ |
|||
if(!(options & NOCERTS)) |
|||
{ |
|||
certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e, |
|||
"certificates"); |
|||
if (!certs) |
|||
goto export_end; |
|||
|
|||
if (key) |
|||
{ |
|||
/* Look for matching private key */ |
|||
for(i = 0; i < sk_X509_num(certs); i++) |
|||
{ |
|||
x = sk_X509_value(certs, i); |
|||
if(X509_check_private_key(x, key)) |
|||
{ |
|||
ucert = x; |
|||
/* Zero keyid and alias */ |
|||
X509_keyid_set1(ucert, NULL, 0); |
|||
X509_alias_set1(ucert, NULL, 0); |
|||
/* Remove from list */ |
|||
(void)sk_X509_delete(certs, i); |
|||
break; |
|||
} |
|||
} |
|||
if (!ucert) |
|||
{ |
|||
BIO_printf(bio_err, "No certificate matches private key\n"); |
|||
goto export_end; |
|||
} |
|||
} |
|||
|
|||
} |
|||
|
|||
#ifdef CRYPTO_MDEBUG |
|||
CRYPTO_pop_info(); |
|||
CRYPTO_push_info("reading certs from input 2"); |
|||
#endif |
|||
|
|||
/* Add any more certificates asked for */ |
|||
if(certfile) |
|||
{ |
|||
STACK_OF(X509) *morecerts=NULL; |
|||
if(!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM, |
|||
NULL, e, |
|||
"certificates from certfile"))) |
|||
goto export_end; |
|||
while(sk_X509_num(morecerts) > 0) |
|||
sk_X509_push(certs, sk_X509_shift(morecerts)); |
|||
sk_X509_free(morecerts); |
|||
} |
|||
|
|||
#ifdef CRYPTO_MDEBUG |
|||
CRYPTO_pop_info(); |
|||
CRYPTO_push_info("reading certs from certfile"); |
|||
#endif |
|||
|
|||
#ifdef CRYPTO_MDEBUG |
|||
CRYPTO_pop_info(); |
|||
CRYPTO_push_info("building chain"); |
|||
#endif |
|||
|
|||
/* If chaining get chain from user cert */ |
|||
if (chain) { |
|||
int vret; |
|||
STACK_OF(X509) *chain2; |
|||
X509_STORE *store = X509_STORE_new(); |
|||
if (!store) |
|||
{ |
|||
BIO_printf (bio_err, "Memory allocation error\n"); |
|||
goto export_end; |
|||
} |
|||
if (!X509_STORE_load_locations(store, CAfile, CApath)) |
|||
X509_STORE_set_default_paths (store); |
|||
|
|||
vret = get_cert_chain (ucert, store, &chain2); |
|||
X509_STORE_free(store); |
|||
|
|||
if (!vret) { |
|||
/* Exclude verified certificate */ |
|||
for (i = 1; i < sk_X509_num (chain2) ; i++) |
|||
sk_X509_push(certs, sk_X509_value (chain2, i)); |
|||
/* Free first certificate */ |
|||
X509_free(sk_X509_value(chain2, 0)); |
|||
sk_X509_free(chain2); |
|||
} else { |
|||
if (vret >= 0) |
|||
BIO_printf (bio_err, "Error %s getting chain.\n", |
|||
X509_verify_cert_error_string(vret)); |
|||
else |
|||
ERR_print_errors(bio_err); |
|||
goto export_end; |
|||
} |
|||
} |
|||
|
|||
/* Add any CA names */ |
|||
|
|||
for (i = 0; i < sk_OPENSSL_STRING_num(canames); i++) |
|||
{ |
|||
catmp = (unsigned char *)sk_OPENSSL_STRING_value(canames, i); |
|||
X509_alias_set1(sk_X509_value(certs, i), catmp, -1); |
|||
} |
|||
|
|||
if (csp_name && key) |
|||
EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name, |
|||
MBSTRING_ASC, (unsigned char *)csp_name, -1); |
|||
|
|||
if (add_lmk && key) |
|||
EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1); |
|||
|
|||
#ifdef CRYPTO_MDEBUG |
|||
CRYPTO_pop_info(); |
|||
CRYPTO_push_info("reading password"); |
|||
#endif |
|||
|
|||
if(!noprompt && |
|||
EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1)) |
|||
{ |
|||
BIO_printf (bio_err, "Can't read Password\n"); |
|||
goto export_end; |
|||
} |
|||
if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass); |
|||
|
|||
#ifdef CRYPTO_MDEBUG |
|||
CRYPTO_pop_info(); |
|||
CRYPTO_push_info("creating PKCS#12 structure"); |
|||
#endif |
|||
|
|||
p12 = PKCS12_create(cpass, name, key, ucert, certs, |
|||
key_pbe, cert_pbe, iter, -1, keytype); |
|||
|
|||
if (!p12) |
|||
{ |
|||
ERR_print_errors (bio_err); |
|||
goto export_end; |
|||
} |
|||
|
|||
if (macalg) |
|||
{ |
|||
macmd = EVP_get_digestbyname(macalg); |
|||
if (!macmd) |
|||
{ |
|||
BIO_printf(bio_err, "Unknown digest algorithm %s\n", |
|||
macalg); |
|||
} |
|||
} |
|||
|
|||
if (maciter != -1) |
|||
PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, macmd); |
|||
|
|||
#ifdef CRYPTO_MDEBUG |
|||
CRYPTO_pop_info(); |
|||
CRYPTO_push_info("writing pkcs12"); |
|||
#endif |
|||
|
|||
i2d_PKCS12_bio(out, p12); |
|||
|
|||
ret = 0; |
|||
|
|||
export_end: |
|||
#ifdef CRYPTO_MDEBUG |
|||
CRYPTO_pop_info(); |
|||
CRYPTO_pop_info(); |
|||
CRYPTO_push_info("process -export_cert: freeing"); |
|||
#endif |
|||
|
|||
if (key) EVP_PKEY_free(key); |
|||
if (certs) sk_X509_pop_free(certs, X509_free); |
|||
if (ucert) X509_free(ucert); |
|||
|
|||
#ifdef CRYPTO_MDEBUG |
|||
CRYPTO_pop_info(); |
|||
#endif |
|||
goto end; |
|||
|
|||
} |
|||
|
|||
if (!(p12 = d2i_PKCS12_bio (in, NULL))) { |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
#ifdef CRYPTO_MDEBUG |
|||
CRYPTO_push_info("read import password"); |
|||
#endif |
|||
if(!noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", 0)) { |
|||
BIO_printf (bio_err, "Can't read Password\n"); |
|||
goto end; |
|||
} |
|||
#ifdef CRYPTO_MDEBUG |
|||
CRYPTO_pop_info(); |
|||
#endif |
|||
|
|||
if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass); |
|||
|
|||
if ((options & INFO) && p12->mac) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1); |
|||
if(macver) { |
|||
#ifdef CRYPTO_MDEBUG |
|||
CRYPTO_push_info("verify MAC"); |
|||
#endif |
|||
/* If we enter empty password try no password first */ |
|||
if(!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) { |
|||
/* If mac and crypto pass the same set it to NULL too */ |
|||
if(!twopass) cpass = NULL; |
|||
} else if (!PKCS12_verify_mac(p12, mpass, -1)) { |
|||
BIO_printf (bio_err, "Mac verify error: invalid password?\n"); |
|||
ERR_print_errors (bio_err); |
|||
goto end; |
|||
} |
|||
BIO_printf (bio_err, "MAC verified OK\n"); |
|||
#ifdef CRYPTO_MDEBUG |
|||
CRYPTO_pop_info(); |
|||
#endif |
|||
} |
|||
|
|||
#ifdef CRYPTO_MDEBUG |
|||
CRYPTO_push_info("output keys and certificates"); |
|||
#endif |
|||
if (!dump_certs_keys_p12 (out, p12, cpass, -1, options, passout)) { |
|||
BIO_printf(bio_err, "Error outputting keys and certificates\n"); |
|||
ERR_print_errors (bio_err); |
|||
goto end; |
|||
} |
|||
#ifdef CRYPTO_MDEBUG |
|||
CRYPTO_pop_info(); |
|||
#endif |
|||
ret = 0; |
|||
end: |
|||
if (p12) PKCS12_free(p12); |
|||
if(export_cert || inrand) app_RAND_write_file(NULL, bio_err); |
|||
#ifdef CRYPTO_MDEBUG |
|||
CRYPTO_remove_all_info(); |
|||
#endif |
|||
BIO_free(in); |
|||
BIO_free_all(out); |
|||
if (canames) sk_OPENSSL_STRING_free(canames); |
|||
if(passin) OPENSSL_free(passin); |
|||
if(passout) OPENSSL_free(passout); |
|||
apps_shutdown(); |
|||
OPENSSL_EXIT(ret); |
|||
} |
|||
|
|||
int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass, |
|||
int passlen, int options, char *pempass) |
|||
{ |
|||
STACK_OF(PKCS7) *asafes = NULL; |
|||
STACK_OF(PKCS12_SAFEBAG) *bags; |
|||
int i, bagnid; |
|||
int ret = 0; |
|||
PKCS7 *p7; |
|||
|
|||
if (!( asafes = PKCS12_unpack_authsafes(p12))) return 0; |
|||
for (i = 0; i < sk_PKCS7_num (asafes); i++) { |
|||
p7 = sk_PKCS7_value (asafes, i); |
|||
bagnid = OBJ_obj2nid (p7->type); |
|||
if (bagnid == NID_pkcs7_data) { |
|||
bags = PKCS12_unpack_p7data(p7); |
|||
if (options & INFO) BIO_printf (bio_err, "PKCS7 Data\n"); |
|||
} else if (bagnid == NID_pkcs7_encrypted) { |
|||
if (options & INFO) { |
|||
BIO_printf(bio_err, "PKCS7 Encrypted data: "); |
|||
alg_print(bio_err, |
|||
p7->d.encrypted->enc_data->algorithm); |
|||
} |
|||
bags = PKCS12_unpack_p7encdata(p7, pass, passlen); |
|||
} else continue; |
|||
if (!bags) goto err; |
|||
if (!dump_certs_pkeys_bags (out, bags, pass, passlen, |
|||
options, pempass)) { |
|||
sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free); |
|||
goto err; |
|||
} |
|||
sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free); |
|||
bags = NULL; |
|||
} |
|||
ret = 1; |
|||
|
|||
err: |
|||
|
|||
if (asafes) |
|||
sk_PKCS7_pop_free (asafes, PKCS7_free); |
|||
return ret; |
|||
} |
|||
|
|||
int dump_certs_pkeys_bags (BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, |
|||
char *pass, int passlen, int options, char *pempass) |
|||
{ |
|||
int i; |
|||
for (i = 0; i < sk_PKCS12_SAFEBAG_num (bags); i++) { |
|||
if (!dump_certs_pkeys_bag (out, |
|||
sk_PKCS12_SAFEBAG_value (bags, i), |
|||
pass, passlen, |
|||
options, pempass)) |
|||
return 0; |
|||
} |
|||
return 1; |
|||
} |
|||
|
|||
int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass, |
|||
int passlen, int options, char *pempass) |
|||
{ |
|||
EVP_PKEY *pkey; |
|||
PKCS8_PRIV_KEY_INFO *p8; |
|||
X509 *x509; |
|||
|
|||
switch (M_PKCS12_bag_type(bag)) |
|||
{ |
|||
case NID_keyBag: |
|||
if (options & INFO) BIO_printf (bio_err, "Key bag\n"); |
|||
if (options & NOKEYS) return 1; |
|||
print_attribs (out, bag->attrib, "Bag Attributes"); |
|||
p8 = bag->value.keybag; |
|||
if (!(pkey = EVP_PKCS82PKEY (p8))) return 0; |
|||
print_attribs (out, p8->attributes, "Key Attributes"); |
|||
PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass); |
|||
EVP_PKEY_free(pkey); |
|||
break; |
|||
|
|||
case NID_pkcs8ShroudedKeyBag: |
|||
if (options & INFO) { |
|||
BIO_printf (bio_err, "Shrouded Keybag: "); |
|||
alg_print (bio_err, bag->value.shkeybag->algor); |
|||
} |
|||
if (options & NOKEYS) return 1; |
|||
print_attribs (out, bag->attrib, "Bag Attributes"); |
|||
if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen))) |
|||
return 0; |
|||
if (!(pkey = EVP_PKCS82PKEY (p8))) { |
|||
PKCS8_PRIV_KEY_INFO_free(p8); |
|||
return 0; |
|||
} |
|||
print_attribs (out, p8->attributes, "Key Attributes"); |
|||
PKCS8_PRIV_KEY_INFO_free(p8); |
|||
PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass); |
|||
EVP_PKEY_free(pkey); |
|||
break; |
|||
|
|||
case NID_certBag: |
|||
if (options & INFO) BIO_printf (bio_err, "Certificate bag\n"); |
|||
if (options & NOCERTS) return 1; |
|||
if (PKCS12_get_attr(bag, NID_localKeyID)) { |
|||
if (options & CACERTS) return 1; |
|||
} else if (options & CLCERTS) return 1; |
|||
print_attribs (out, bag->attrib, "Bag Attributes"); |
|||
if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate ) |
|||
return 1; |
|||
if (!(x509 = PKCS12_certbag2x509(bag))) return 0; |
|||
dump_cert_text (out, x509); |
|||
PEM_write_bio_X509 (out, x509); |
|||
X509_free(x509); |
|||
break; |
|||
|
|||
case NID_safeContentsBag: |
|||
if (options & INFO) BIO_printf (bio_err, "Safe Contents bag\n"); |
|||
print_attribs (out, bag->attrib, "Bag Attributes"); |
|||
return dump_certs_pkeys_bags (out, bag->value.safes, pass, |
|||
passlen, options, pempass); |
|||
|
|||
default: |
|||
BIO_printf (bio_err, "Warning unsupported bag type: "); |
|||
i2a_ASN1_OBJECT (bio_err, bag->type); |
|||
BIO_printf (bio_err, "\n"); |
|||
return 1; |
|||
break; |
|||
} |
|||
return 1; |
|||
} |
|||
|
|||
/* Given a single certificate return a verified chain or NULL if error */ |
|||
|
|||
/* Hope this is OK .... */ |
|||
|
|||
int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain) |
|||
{ |
|||
X509_STORE_CTX store_ctx; |
|||
STACK_OF(X509) *chn; |
|||
int i = 0; |
|||
|
|||
/* FIXME: Should really check the return status of X509_STORE_CTX_init
|
|||
* for an error, but how that fits into the return value of this |
|||
* function is less obvious. */ |
|||
X509_STORE_CTX_init(&store_ctx, store, cert, NULL); |
|||
if (X509_verify_cert(&store_ctx) <= 0) { |
|||
i = X509_STORE_CTX_get_error (&store_ctx); |
|||
if (i == 0) |
|||
/* avoid returning 0 if X509_verify_cert() did not
|
|||
* set an appropriate error value in the context */ |
|||
i = -1; |
|||
chn = NULL; |
|||
goto err; |
|||
} else |
|||
chn = X509_STORE_CTX_get1_chain(&store_ctx); |
|||
err: |
|||
X509_STORE_CTX_cleanup(&store_ctx); |
|||
*chain = chn; |
|||
|
|||
return i; |
|||
} |
|||
|
|||
int alg_print (BIO *x, X509_ALGOR *alg) |
|||
{ |
|||
PBEPARAM *pbe; |
|||
const unsigned char *p; |
|||
p = alg->parameter->value.sequence->data; |
|||
pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length); |
|||
if (!pbe) |
|||
return 1; |
|||
BIO_printf (bio_err, "%s, Iteration %ld\n", |
|||
OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)), |
|||
ASN1_INTEGER_get(pbe->iter)); |
|||
PBEPARAM_free (pbe); |
|||
return 1; |
|||
} |
|||
|
|||
/* Load all certificates from a given file */ |
|||
|
|||
int cert_load(BIO *in, STACK_OF(X509) *sk) |
|||
{ |
|||
int ret; |
|||
X509 *cert; |
|||
ret = 0; |
|||
#ifdef CRYPTO_MDEBUG |
|||
CRYPTO_push_info("cert_load(): reading one cert"); |
|||
#endif |
|||
while((cert = PEM_read_bio_X509(in, NULL, NULL, NULL))) { |
|||
#ifdef CRYPTO_MDEBUG |
|||
CRYPTO_pop_info(); |
|||
#endif |
|||
ret = 1; |
|||
sk_X509_push(sk, cert); |
|||
#ifdef CRYPTO_MDEBUG |
|||
CRYPTO_push_info("cert_load(): reading one cert"); |
|||
#endif |
|||
} |
|||
#ifdef CRYPTO_MDEBUG |
|||
CRYPTO_pop_info(); |
|||
#endif |
|||
if(ret) ERR_clear_error(); |
|||
return ret; |
|||
} |
|||
|
|||
/* Generalised attribute print: handle PKCS#8 and bag attributes */ |
|||
|
|||
int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name) |
|||
{ |
|||
X509_ATTRIBUTE *attr; |
|||
ASN1_TYPE *av; |
|||
char *value; |
|||
int i, attr_nid; |
|||
if(!attrlst) { |
|||
BIO_printf(out, "%s: <No Attributes>\n", name); |
|||
return 1; |
|||
} |
|||
if(!sk_X509_ATTRIBUTE_num(attrlst)) { |
|||
BIO_printf(out, "%s: <Empty Attributes>\n", name); |
|||
return 1; |
|||
} |
|||
BIO_printf(out, "%s\n", name); |
|||
for(i = 0; i < sk_X509_ATTRIBUTE_num(attrlst); i++) { |
|||
attr = sk_X509_ATTRIBUTE_value(attrlst, i); |
|||
attr_nid = OBJ_obj2nid(attr->object); |
|||
BIO_printf(out, " "); |
|||
if(attr_nid == NID_undef) { |
|||
i2a_ASN1_OBJECT (out, attr->object); |
|||
BIO_printf(out, ": "); |
|||
} else BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid)); |
|||
|
|||
if(sk_ASN1_TYPE_num(attr->value.set)) { |
|||
av = sk_ASN1_TYPE_value(attr->value.set, 0); |
|||
switch(av->type) { |
|||
case V_ASN1_BMPSTRING: |
|||
value = OPENSSL_uni2asc(av->value.bmpstring->data, |
|||
av->value.bmpstring->length); |
|||
BIO_printf(out, "%s\n", value); |
|||
OPENSSL_free(value); |
|||
break; |
|||
|
|||
case V_ASN1_OCTET_STRING: |
|||
hex_prin(out, av->value.octet_string->data, |
|||
av->value.octet_string->length); |
|||
BIO_printf(out, "\n"); |
|||
break; |
|||
|
|||
case V_ASN1_BIT_STRING: |
|||
hex_prin(out, av->value.bit_string->data, |
|||
av->value.bit_string->length); |
|||
BIO_printf(out, "\n"); |
|||
break; |
|||
|
|||
default: |
|||
BIO_printf(out, "<Unsupported tag %d>\n", av->type); |
|||
break; |
|||
} |
|||
} else BIO_printf(out, "<No Values>\n"); |
|||
} |
|||
return 1; |
|||
} |
|||
|
|||
void hex_prin(BIO *out, unsigned char *buf, int len) |
|||
{ |
|||
int i; |
|||
for (i = 0; i < len; i++) BIO_printf (out, "%02X ", buf[i]); |
|||
} |
|||
|
|||
static int set_pbe(BIO *err, int *ppbe, const char *str) |
|||
{ |
|||
if (!str) |
|||
return 0; |
|||
if (!strcmp(str, "NONE")) |
|||
{ |
|||
*ppbe = -1; |
|||
return 1; |
|||
} |
|||
*ppbe=OBJ_txt2nid(str); |
|||
if (*ppbe == NID_undef) |
|||
{ |
|||
BIO_printf(bio_err, "Unknown PBE algorithm %s\n", str); |
|||
return 0; |
|||
} |
|||
return 1; |
|||
} |
|||
|
|||
#endif |
@ -0,0 +1,320 @@ |
|||
/* apps/pkcs7.c */ |
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
|||
* All rights reserved. |
|||
* |
|||
* This package is an SSL implementation written |
|||
* by Eric Young (eay@cryptsoft.com). |
|||
* The implementation was written so as to conform with Netscapes SSL. |
|||
* |
|||
* This library is free for commercial and non-commercial use as long as |
|||
* the following conditions are aheared to. The following conditions |
|||
* apply to all code found in this distribution, be it the RC4, RSA, |
|||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
|||
* included with this distribution is covered by the same copyright terms |
|||
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
|||
* |
|||
* Copyright remains Eric Young's, and as such any Copyright notices in |
|||
* the code are not to be removed. |
|||
* If this package is used in a product, Eric Young should be given attribution |
|||
* as the author of the parts of the library used. |
|||
* This can be in the form of a textual message at program startup or |
|||
* in documentation (online or textual) provided with the package. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* 1. Redistributions of source code must retain the copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in the |
|||
* documentation and/or other materials provided with the distribution. |
|||
* 3. All advertising materials mentioning features or use of this software |
|||
* must display the following acknowledgement: |
|||
* "This product includes cryptographic software written by |
|||
* Eric Young (eay@cryptsoft.com)" |
|||
* The word 'cryptographic' can be left out if the rouines from the library |
|||
* being used are not cryptographic related :-). |
|||
* 4. If you include any Windows specific code (or a derivative thereof) from |
|||
* the apps directory (application code) you must include an acknowledgement: |
|||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|||
* SUCH DAMAGE. |
|||
* |
|||
* The licence and distribution terms for any publically available version or |
|||
* derivative of this code cannot be changed. i.e. this code cannot simply be |
|||
* copied and put under another distribution licence |
|||
* [including the GNU Public Licence.] |
|||
*/ |
|||
|
|||
#include <stdio.h> |
|||
#include <stdlib.h> |
|||
#include <string.h> |
|||
#include <time.h> |
|||
#include "apps.h" |
|||
#include <openssl/err.h> |
|||
#include <openssl/objects.h> |
|||
#include <openssl/evp.h> |
|||
#include <openssl/x509.h> |
|||
#include <openssl/pkcs7.h> |
|||
#include <openssl/pem.h> |
|||
|
|||
#undef PROG |
|||
#define PROG pkcs7_main |
|||
|
|||
/* -inform arg - input format - default PEM (DER or PEM)
|
|||
* -outform arg - output format - default PEM |
|||
* -in arg - input file - default stdin |
|||
* -out arg - output file - default stdout |
|||
* -print_certs |
|||
*/ |
|||
|
|||
int MAIN(int, char **); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
PKCS7 *p7=NULL; |
|||
int i,badops=0; |
|||
BIO *in=NULL,*out=NULL; |
|||
int informat,outformat; |
|||
char *infile,*outfile,*prog; |
|||
int print_certs=0,text=0,noout=0,p7_print=0; |
|||
int ret=1; |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
char *engine=NULL; |
|||
#endif |
|||
|
|||
apps_startup(); |
|||
|
|||
if (bio_err == NULL) |
|||
if ((bio_err=BIO_new(BIO_s_file())) != NULL) |
|||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); |
|||
|
|||
if (!load_config(bio_err, NULL)) |
|||
goto end; |
|||
|
|||
infile=NULL; |
|||
outfile=NULL; |
|||
informat=FORMAT_PEM; |
|||
outformat=FORMAT_PEM; |
|||
|
|||
prog=argv[0]; |
|||
argc--; |
|||
argv++; |
|||
while (argc >= 1) |
|||
{ |
|||
if (strcmp(*argv,"-inform") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
informat=str2fmt(*(++argv)); |
|||
} |
|||
else if (strcmp(*argv,"-outform") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
outformat=str2fmt(*(++argv)); |
|||
} |
|||
else if (strcmp(*argv,"-in") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
infile= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-out") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
outfile= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-noout") == 0) |
|||
noout=1; |
|||
else if (strcmp(*argv,"-text") == 0) |
|||
text=1; |
|||
else if (strcmp(*argv,"-print") == 0) |
|||
p7_print=1; |
|||
else if (strcmp(*argv,"-print_certs") == 0) |
|||
print_certs=1; |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
else if (strcmp(*argv,"-engine") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
engine= *(++argv); |
|||
} |
|||
#endif |
|||
else |
|||
{ |
|||
BIO_printf(bio_err,"unknown option %s\n",*argv); |
|||
badops=1; |
|||
break; |
|||
} |
|||
argc--; |
|||
argv++; |
|||
} |
|||
|
|||
if (badops) |
|||
{ |
|||
bad: |
|||
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); |
|||
BIO_printf(bio_err,"where options are\n"); |
|||
BIO_printf(bio_err," -inform arg input format - DER or PEM\n"); |
|||
BIO_printf(bio_err," -outform arg output format - DER or PEM\n"); |
|||
BIO_printf(bio_err," -in arg input file\n"); |
|||
BIO_printf(bio_err," -out arg output file\n"); |
|||
BIO_printf(bio_err," -print_certs print any certs or crl in the input\n"); |
|||
BIO_printf(bio_err," -text print full details of certificates\n"); |
|||
BIO_printf(bio_err," -noout don't output encoded data\n"); |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); |
|||
#endif |
|||
ret = 1; |
|||
goto end; |
|||
} |
|||
|
|||
ERR_load_crypto_strings(); |
|||
|
|||
#ifndef OPENSSL_NO_ENGINE |
|||
setup_engine(bio_err, engine, 0); |
|||
#endif |
|||
|
|||
in=BIO_new(BIO_s_file()); |
|||
out=BIO_new(BIO_s_file()); |
|||
if ((in == NULL) || (out == NULL)) |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
if (infile == NULL) |
|||
BIO_set_fp(in,stdin,BIO_NOCLOSE); |
|||
else |
|||
{ |
|||
if (BIO_read_filename(in,infile) <= 0) |
|||
if (in == NULL) |
|||
{ |
|||
perror(infile); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
if (informat == FORMAT_ASN1) |
|||
p7=d2i_PKCS7_bio(in,NULL); |
|||
else if (informat == FORMAT_PEM) |
|||
p7=PEM_read_bio_PKCS7(in,NULL,NULL,NULL); |
|||
else |
|||
{ |
|||
BIO_printf(bio_err,"bad input format specified for pkcs7 object\n"); |
|||
goto end; |
|||
} |
|||
if (p7 == NULL) |
|||
{ |
|||
BIO_printf(bio_err,"unable to load PKCS7 object\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
if (outfile == NULL) |
|||
{ |
|||
BIO_set_fp(out,stdout,BIO_NOCLOSE); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
out = BIO_push(tmpbio, out); |
|||
} |
|||
#endif |
|||
} |
|||
else |
|||
{ |
|||
if (BIO_write_filename(out,outfile) <= 0) |
|||
{ |
|||
perror(outfile); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
if (p7_print) |
|||
PKCS7_print_ctx(out, p7, 0, NULL); |
|||
|
|||
if (print_certs) |
|||
{ |
|||
STACK_OF(X509) *certs=NULL; |
|||
STACK_OF(X509_CRL) *crls=NULL; |
|||
|
|||
i=OBJ_obj2nid(p7->type); |
|||
switch (i) |
|||
{ |
|||
case NID_pkcs7_signed: |
|||
certs=p7->d.sign->cert; |
|||
crls=p7->d.sign->crl; |
|||
break; |
|||
case NID_pkcs7_signedAndEnveloped: |
|||
certs=p7->d.signed_and_enveloped->cert; |
|||
crls=p7->d.signed_and_enveloped->crl; |
|||
break; |
|||
default: |
|||
break; |
|||
} |
|||
|
|||
if (certs != NULL) |
|||
{ |
|||
X509 *x; |
|||
|
|||
for (i=0; i<sk_X509_num(certs); i++) |
|||
{ |
|||
x=sk_X509_value(certs,i); |
|||
if(text) X509_print(out, x); |
|||
else dump_cert_text(out, x); |
|||
|
|||
if(!noout) PEM_write_bio_X509(out,x); |
|||
BIO_puts(out,"\n"); |
|||
} |
|||
} |
|||
if (crls != NULL) |
|||
{ |
|||
X509_CRL *crl; |
|||
|
|||
for (i=0; i<sk_X509_CRL_num(crls); i++) |
|||
{ |
|||
crl=sk_X509_CRL_value(crls,i); |
|||
|
|||
X509_CRL_print(out, crl); |
|||
|
|||
if(!noout)PEM_write_bio_X509_CRL(out,crl); |
|||
BIO_puts(out,"\n"); |
|||
} |
|||
} |
|||
|
|||
ret=0; |
|||
goto end; |
|||
} |
|||
|
|||
if(!noout) { |
|||
if (outformat == FORMAT_ASN1) |
|||
i=i2d_PKCS7_bio(out,p7); |
|||
else if (outformat == FORMAT_PEM) |
|||
i=PEM_write_bio_PKCS7(out,p7); |
|||
else { |
|||
BIO_printf(bio_err,"bad output format specified for outfile\n"); |
|||
goto end; |
|||
} |
|||
|
|||
if (!i) |
|||
{ |
|||
BIO_printf(bio_err,"unable to write pkcs7 object\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
} |
|||
ret=0; |
|||
end: |
|||
if (p7 != NULL) PKCS7_free(p7); |
|||
if (in != NULL) BIO_free(in); |
|||
if (out != NULL) BIO_free_all(out); |
|||
apps_shutdown(); |
|||
OPENSSL_EXIT(ret); |
|||
} |
@ -0,0 +1,439 @@ |
|||
/* pkcs8.c */ |
|||
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
|
|||
* project 1999-2004. |
|||
*/ |
|||
/* ====================================================================
|
|||
* Copyright (c) 1999 The OpenSSL Project. All rights reserved. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* |
|||
* 1. Redistributions of source code must retain the above copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in |
|||
* the documentation and/or other materials provided with the |
|||
* distribution. |
|||
* |
|||
* 3. All advertising materials mentioning features or use of this |
|||
* software must display the following acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
|
|||
* |
|||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|||
* endorse or promote products derived from this software without |
|||
* prior written permission. For written permission, please contact |
|||
* licensing@OpenSSL.org. |
|||
* |
|||
* 5. Products derived from this software may not be called "OpenSSL" |
|||
* nor may "OpenSSL" appear in their names without prior written |
|||
* permission of the OpenSSL Project. |
|||
* |
|||
* 6. Redistributions of any form whatsoever must retain the following |
|||
* acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
|
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|||
* OF THE POSSIBILITY OF SUCH DAMAGE. |
|||
* ==================================================================== |
|||
* |
|||
* This product includes cryptographic software written by Eric Young |
|||
* (eay@cryptsoft.com). This product includes software written by Tim |
|||
* Hudson (tjh@cryptsoft.com). |
|||
* |
|||
*/ |
|||
#include <stdio.h> |
|||
#include <string.h> |
|||
#include "apps.h" |
|||
#include <openssl/pem.h> |
|||
#include <openssl/err.h> |
|||
#include <openssl/evp.h> |
|||
#include <openssl/pkcs12.h> |
|||
|
|||
#define PROG pkcs8_main |
|||
|
|||
int MAIN(int, char **); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
ENGINE *e = NULL; |
|||
char **args, *infile = NULL, *outfile = NULL; |
|||
char *passargin = NULL, *passargout = NULL; |
|||
BIO *in = NULL, *out = NULL; |
|||
int topk8 = 0; |
|||
int pbe_nid = -1; |
|||
const EVP_CIPHER *cipher = NULL; |
|||
int iter = PKCS12_DEFAULT_ITER; |
|||
int informat, outformat; |
|||
int p8_broken = PKCS8_OK; |
|||
int nocrypt = 0; |
|||
X509_SIG *p8 = NULL; |
|||
PKCS8_PRIV_KEY_INFO *p8inf = NULL; |
|||
EVP_PKEY *pkey=NULL; |
|||
char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL; |
|||
int badarg = 0; |
|||
int ret = 1; |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
char *engine=NULL; |
|||
#endif |
|||
|
|||
if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); |
|||
|
|||
if (!load_config(bio_err, NULL)) |
|||
goto end; |
|||
|
|||
informat=FORMAT_PEM; |
|||
outformat=FORMAT_PEM; |
|||
|
|||
ERR_load_crypto_strings(); |
|||
OpenSSL_add_all_algorithms(); |
|||
args = argv + 1; |
|||
while (!badarg && *args && *args[0] == '-') |
|||
{ |
|||
if (!strcmp(*args,"-v2")) |
|||
{ |
|||
if (args[1]) |
|||
{ |
|||
args++; |
|||
cipher=EVP_get_cipherbyname(*args); |
|||
if (!cipher) |
|||
{ |
|||
BIO_printf(bio_err, |
|||
"Unknown cipher %s\n", *args); |
|||
badarg = 1; |
|||
} |
|||
} |
|||
else |
|||
badarg = 1; |
|||
} |
|||
else if (!strcmp(*args,"-v1")) |
|||
{ |
|||
if (args[1]) |
|||
{ |
|||
args++; |
|||
pbe_nid=OBJ_txt2nid(*args); |
|||
if (pbe_nid == NID_undef) |
|||
{ |
|||
BIO_printf(bio_err, |
|||
"Unknown PBE algorithm %s\n", *args); |
|||
badarg = 1; |
|||
} |
|||
} |
|||
else |
|||
badarg = 1; |
|||
} |
|||
else if (!strcmp(*args,"-inform")) |
|||
{ |
|||
if (args[1]) |
|||
{ |
|||
args++; |
|||
informat=str2fmt(*args); |
|||
} |
|||
else badarg = 1; |
|||
} |
|||
else if (!strcmp(*args,"-outform")) |
|||
{ |
|||
if (args[1]) |
|||
{ |
|||
args++; |
|||
outformat=str2fmt(*args); |
|||
} |
|||
else badarg = 1; |
|||
} |
|||
else if (!strcmp (*args, "-topk8")) |
|||
topk8 = 1; |
|||
else if (!strcmp (*args, "-noiter")) |
|||
iter = 1; |
|||
else if (!strcmp (*args, "-nocrypt")) |
|||
nocrypt = 1; |
|||
else if (!strcmp (*args, "-nooct")) |
|||
p8_broken = PKCS8_NO_OCTET; |
|||
else if (!strcmp (*args, "-nsdb")) |
|||
p8_broken = PKCS8_NS_DB; |
|||
else if (!strcmp (*args, "-embed")) |
|||
p8_broken = PKCS8_EMBEDDED_PARAM; |
|||
else if (!strcmp(*args,"-passin")) |
|||
{ |
|||
if (!args[1]) goto bad; |
|||
passargin= *(++args); |
|||
} |
|||
else if (!strcmp(*args,"-passout")) |
|||
{ |
|||
if (!args[1]) goto bad; |
|||
passargout= *(++args); |
|||
} |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
else if (strcmp(*args,"-engine") == 0) |
|||
{ |
|||
if (!args[1]) goto bad; |
|||
engine= *(++args); |
|||
} |
|||
#endif |
|||
else if (!strcmp (*args, "-in")) |
|||
{ |
|||
if (args[1]) |
|||
{ |
|||
args++; |
|||
infile = *args; |
|||
} |
|||
else badarg = 1; |
|||
} |
|||
else if (!strcmp (*args, "-out")) |
|||
{ |
|||
if (args[1]) |
|||
{ |
|||
args++; |
|||
outfile = *args; |
|||
} |
|||
else badarg = 1; |
|||
} |
|||
else badarg = 1; |
|||
args++; |
|||
} |
|||
|
|||
if (badarg) |
|||
{ |
|||
bad: |
|||
BIO_printf(bio_err, "Usage pkcs8 [options]\n"); |
|||
BIO_printf(bio_err, "where options are\n"); |
|||
BIO_printf(bio_err, "-in file input file\n"); |
|||
BIO_printf(bio_err, "-inform X input format (DER or PEM)\n"); |
|||
BIO_printf(bio_err, "-passin arg input file pass phrase source\n"); |
|||
BIO_printf(bio_err, "-outform X output format (DER or PEM)\n"); |
|||
BIO_printf(bio_err, "-out file output file\n"); |
|||
BIO_printf(bio_err, "-passout arg output file pass phrase source\n"); |
|||
BIO_printf(bio_err, "-topk8 output PKCS8 file\n"); |
|||
BIO_printf(bio_err, "-nooct use (nonstandard) no octet format\n"); |
|||
BIO_printf(bio_err, "-embed use (nonstandard) embedded DSA parameters format\n"); |
|||
BIO_printf(bio_err, "-nsdb use (nonstandard) DSA Netscape DB format\n"); |
|||
BIO_printf(bio_err, "-noiter use 1 as iteration count\n"); |
|||
BIO_printf(bio_err, "-nocrypt use or expect unencrypted private key\n"); |
|||
BIO_printf(bio_err, "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n"); |
|||
BIO_printf(bio_err, "-v1 obj use PKCS#5 v1.5 and cipher \"alg\"\n"); |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); |
|||
#endif |
|||
goto end; |
|||
} |
|||
|
|||
#ifndef OPENSSL_NO_ENGINE |
|||
e = setup_engine(bio_err, engine, 0); |
|||
#endif |
|||
|
|||
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) |
|||
{ |
|||
BIO_printf(bio_err, "Error getting passwords\n"); |
|||
goto end; |
|||
} |
|||
|
|||
if ((pbe_nid == -1) && !cipher) |
|||
pbe_nid = NID_pbeWithMD5AndDES_CBC; |
|||
|
|||
if (infile) |
|||
{ |
|||
if (!(in = BIO_new_file(infile, "rb"))) |
|||
{ |
|||
BIO_printf(bio_err, |
|||
"Can't open input file %s\n", infile); |
|||
goto end; |
|||
} |
|||
} |
|||
else |
|||
in = BIO_new_fp (stdin, BIO_NOCLOSE); |
|||
|
|||
if (outfile) |
|||
{ |
|||
if (!(out = BIO_new_file (outfile, "wb"))) |
|||
{ |
|||
BIO_printf(bio_err, |
|||
"Can't open output file %s\n", outfile); |
|||
goto end; |
|||
} |
|||
} |
|||
else |
|||
{ |
|||
out = BIO_new_fp (stdout, BIO_NOCLOSE); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
out = BIO_push(tmpbio, out); |
|||
} |
|||
#endif |
|||
} |
|||
if (topk8) |
|||
{ |
|||
pkey = load_key(bio_err, infile, informat, 1, |
|||
passin, e, "key"); |
|||
if (!pkey) |
|||
goto end; |
|||
if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) |
|||
{ |
|||
BIO_printf(bio_err, "Error converting key\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
if (nocrypt) |
|||
{ |
|||
if (outformat == FORMAT_PEM) |
|||
PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf); |
|||
else if (outformat == FORMAT_ASN1) |
|||
i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf); |
|||
else |
|||
{ |
|||
BIO_printf(bio_err, "Bad format specified for key\n"); |
|||
goto end; |
|||
} |
|||
} |
|||
else |
|||
{ |
|||
if (passout) |
|||
p8pass = passout; |
|||
else |
|||
{ |
|||
p8pass = pass; |
|||
if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1)) |
|||
goto end; |
|||
} |
|||
app_RAND_load_file(NULL, bio_err, 0); |
|||
if (!(p8 = PKCS8_encrypt(pbe_nid, cipher, |
|||
p8pass, strlen(p8pass), |
|||
NULL, 0, iter, p8inf))) |
|||
{ |
|||
BIO_printf(bio_err, "Error encrypting key\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
app_RAND_write_file(NULL, bio_err); |
|||
if (outformat == FORMAT_PEM) |
|||
PEM_write_bio_PKCS8(out, p8); |
|||
else if (outformat == FORMAT_ASN1) |
|||
i2d_PKCS8_bio(out, p8); |
|||
else |
|||
{ |
|||
BIO_printf(bio_err, "Bad format specified for key\n"); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
ret = 0; |
|||
goto end; |
|||
} |
|||
|
|||
if (nocrypt) |
|||
{ |
|||
if (informat == FORMAT_PEM) |
|||
p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in,NULL,NULL, NULL); |
|||
else if (informat == FORMAT_ASN1) |
|||
p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL); |
|||
else |
|||
{ |
|||
BIO_printf(bio_err, "Bad format specified for key\n"); |
|||
goto end; |
|||
} |
|||
} |
|||
else |
|||
{ |
|||
if (informat == FORMAT_PEM) |
|||
p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL); |
|||
else if (informat == FORMAT_ASN1) |
|||
p8 = d2i_PKCS8_bio(in, NULL); |
|||
else |
|||
{ |
|||
BIO_printf(bio_err, "Bad format specified for key\n"); |
|||
goto end; |
|||
} |
|||
|
|||
if (!p8) |
|||
{ |
|||
BIO_printf (bio_err, "Error reading key\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
if (passin) |
|||
p8pass = passin; |
|||
else |
|||
{ |
|||
p8pass = pass; |
|||
EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0); |
|||
} |
|||
p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass)); |
|||
} |
|||
|
|||
if (!p8inf) |
|||
{ |
|||
BIO_printf(bio_err, "Error decrypting key\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
if (!(pkey = EVP_PKCS82PKEY(p8inf))) |
|||
{ |
|||
BIO_printf(bio_err, "Error converting key\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
if (p8inf->broken) |
|||
{ |
|||
BIO_printf(bio_err, "Warning: broken key encoding: "); |
|||
switch (p8inf->broken) |
|||
{ |
|||
case PKCS8_NO_OCTET: |
|||
BIO_printf(bio_err, "No Octet String in PrivateKey\n"); |
|||
break; |
|||
|
|||
case PKCS8_EMBEDDED_PARAM: |
|||
BIO_printf(bio_err, "DSA parameters included in PrivateKey\n"); |
|||
break; |
|||
|
|||
case PKCS8_NS_DB: |
|||
BIO_printf(bio_err, "DSA public key include in PrivateKey\n"); |
|||
break; |
|||
|
|||
case PKCS8_NEG_PRIVKEY: |
|||
BIO_printf(bio_err, "DSA private key value is negative\n"); |
|||
break; |
|||
|
|||
default: |
|||
BIO_printf(bio_err, "Unknown broken type\n"); |
|||
break; |
|||
} |
|||
} |
|||
|
|||
if (outformat == FORMAT_PEM) |
|||
PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout); |
|||
else if (outformat == FORMAT_ASN1) |
|||
i2d_PrivateKey_bio(out, pkey); |
|||
else |
|||
{ |
|||
BIO_printf(bio_err, "Bad format specified for key\n"); |
|||
goto end; |
|||
} |
|||
ret = 0; |
|||
|
|||
end: |
|||
X509_SIG_free(p8); |
|||
PKCS8_PRIV_KEY_INFO_free(p8inf); |
|||
EVP_PKEY_free(pkey); |
|||
BIO_free_all(out); |
|||
BIO_free(in); |
|||
if (passin) |
|||
OPENSSL_free(passin); |
|||
if (passout) |
|||
OPENSSL_free(passout); |
|||
|
|||
return ret; |
|||
} |
@ -0,0 +1,284 @@ |
|||
/* apps/pkey.c */ |
|||
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
|
|||
* project 2006 |
|||
*/ |
|||
/* ====================================================================
|
|||
* Copyright (c) 2006 The OpenSSL Project. All rights reserved. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* |
|||
* 1. Redistributions of source code must retain the above copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in |
|||
* the documentation and/or other materials provided with the |
|||
* distribution. |
|||
* |
|||
* 3. All advertising materials mentioning features or use of this |
|||
* software must display the following acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
|
|||
* |
|||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|||
* endorse or promote products derived from this software without |
|||
* prior written permission. For written permission, please contact |
|||
* licensing@OpenSSL.org. |
|||
* |
|||
* 5. Products derived from this software may not be called "OpenSSL" |
|||
* nor may "OpenSSL" appear in their names without prior written |
|||
* permission of the OpenSSL Project. |
|||
* |
|||
* 6. Redistributions of any form whatsoever must retain the following |
|||
* acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
|
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|||
* OF THE POSSIBILITY OF SUCH DAMAGE. |
|||
* ==================================================================== |
|||
* |
|||
* This product includes cryptographic software written by Eric Young |
|||
* (eay@cryptsoft.com). This product includes software written by Tim |
|||
* Hudson (tjh@cryptsoft.com). |
|||
* |
|||
*/ |
|||
#include <stdio.h> |
|||
#include <string.h> |
|||
#include "apps.h" |
|||
#include <openssl/pem.h> |
|||
#include <openssl/err.h> |
|||
#include <openssl/evp.h> |
|||
|
|||
#define PROG pkey_main |
|||
|
|||
int MAIN(int, char **); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
ENGINE *e = NULL; |
|||
char **args, *infile = NULL, *outfile = NULL; |
|||
char *passargin = NULL, *passargout = NULL; |
|||
BIO *in = NULL, *out = NULL; |
|||
const EVP_CIPHER *cipher = NULL; |
|||
int informat, outformat; |
|||
int pubin = 0, pubout = 0, pubtext = 0, text = 0, noout = 0; |
|||
EVP_PKEY *pkey=NULL; |
|||
char *passin = NULL, *passout = NULL; |
|||
int badarg = 0; |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
char *engine=NULL; |
|||
#endif |
|||
int ret = 1; |
|||
|
|||
if (bio_err == NULL) |
|||
bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); |
|||
|
|||
if (!load_config(bio_err, NULL)) |
|||
goto end; |
|||
|
|||
informat=FORMAT_PEM; |
|||
outformat=FORMAT_PEM; |
|||
|
|||
ERR_load_crypto_strings(); |
|||
OpenSSL_add_all_algorithms(); |
|||
args = argv + 1; |
|||
while (!badarg && *args && *args[0] == '-') |
|||
{ |
|||
if (!strcmp(*args,"-inform")) |
|||
{ |
|||
if (args[1]) |
|||
{ |
|||
args++; |
|||
informat=str2fmt(*args); |
|||
} |
|||
else badarg = 1; |
|||
} |
|||
else if (!strcmp(*args,"-outform")) |
|||
{ |
|||
if (args[1]) |
|||
{ |
|||
args++; |
|||
outformat=str2fmt(*args); |
|||
} |
|||
else badarg = 1; |
|||
} |
|||
else if (!strcmp(*args,"-passin")) |
|||
{ |
|||
if (!args[1]) goto bad; |
|||
passargin= *(++args); |
|||
} |
|||
else if (!strcmp(*args,"-passout")) |
|||
{ |
|||
if (!args[1]) goto bad; |
|||
passargout= *(++args); |
|||
} |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
else if (strcmp(*args,"-engine") == 0) |
|||
{ |
|||
if (!args[1]) goto bad; |
|||
engine= *(++args); |
|||
} |
|||
#endif |
|||
else if (!strcmp (*args, "-in")) |
|||
{ |
|||
if (args[1]) |
|||
{ |
|||
args++; |
|||
infile = *args; |
|||
} |
|||
else badarg = 1; |
|||
} |
|||
else if (!strcmp (*args, "-out")) |
|||
{ |
|||
if (args[1]) |
|||
{ |
|||
args++; |
|||
outfile = *args; |
|||
} |
|||
else badarg = 1; |
|||
} |
|||
else if (strcmp(*args,"-pubin") == 0) |
|||
{ |
|||
pubin=1; |
|||
pubout=1; |
|||
pubtext=1; |
|||
} |
|||
else if (strcmp(*args,"-pubout") == 0) |
|||
pubout=1; |
|||
else if (strcmp(*args,"-text_pub") == 0) |
|||
{ |
|||
pubtext=1; |
|||
text=1; |
|||
} |
|||
else if (strcmp(*args,"-text") == 0) |
|||
text=1; |
|||
else if (strcmp(*args,"-noout") == 0) |
|||
noout=1; |
|||
else |
|||
{ |
|||
cipher = EVP_get_cipherbyname(*args + 1); |
|||
if (!cipher) |
|||
{ |
|||
BIO_printf(bio_err, "Unknown cipher %s\n", |
|||
*args + 1); |
|||
badarg = 1; |
|||
} |
|||
} |
|||
args++; |
|||
} |
|||
|
|||
if (badarg) |
|||
{ |
|||
bad: |
|||
BIO_printf(bio_err, "Usage pkey [options]\n"); |
|||
BIO_printf(bio_err, "where options are\n"); |
|||
BIO_printf(bio_err, "-in file input file\n"); |
|||
BIO_printf(bio_err, "-inform X input format (DER or PEM)\n"); |
|||
BIO_printf(bio_err, "-passin arg input file pass phrase source\n"); |
|||
BIO_printf(bio_err, "-outform X output format (DER or PEM)\n"); |
|||
BIO_printf(bio_err, "-out file output file\n"); |
|||
BIO_printf(bio_err, "-passout arg output file pass phrase source\n"); |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n"); |
|||
#endif |
|||
return 1; |
|||
} |
|||
|
|||
#ifndef OPENSSL_NO_ENGINE |
|||
e = setup_engine(bio_err, engine, 0); |
|||
#endif |
|||
|
|||
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) |
|||
{ |
|||
BIO_printf(bio_err, "Error getting passwords\n"); |
|||
goto end; |
|||
} |
|||
|
|||
if (outfile) |
|||
{ |
|||
if (!(out = BIO_new_file (outfile, "wb"))) |
|||
{ |
|||
BIO_printf(bio_err, |
|||
"Can't open output file %s\n", outfile); |
|||
goto end; |
|||
} |
|||
} |
|||
else |
|||
{ |
|||
out = BIO_new_fp (stdout, BIO_NOCLOSE); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
out = BIO_push(tmpbio, out); |
|||
} |
|||
#endif |
|||
} |
|||
|
|||
if (pubin) |
|||
pkey = load_pubkey(bio_err, infile, informat, 1, |
|||
passin, e, "Public Key"); |
|||
else |
|||
pkey = load_key(bio_err, infile, informat, 1, |
|||
passin, e, "key"); |
|||
if (!pkey) |
|||
goto end; |
|||
|
|||
if (!noout) |
|||
{ |
|||
if (outformat == FORMAT_PEM) |
|||
{ |
|||
if (pubout) |
|||
PEM_write_bio_PUBKEY(out,pkey); |
|||
else |
|||
PEM_write_bio_PrivateKey(out, pkey, cipher, |
|||
NULL, 0, NULL, passout); |
|||
} |
|||
else if (outformat == FORMAT_ASN1) |
|||
{ |
|||
if (pubout) |
|||
i2d_PUBKEY_bio(out, pkey); |
|||
else |
|||
i2d_PrivateKey_bio(out, pkey); |
|||
} |
|||
else |
|||
{ |
|||
BIO_printf(bio_err, "Bad format specified for key\n"); |
|||
goto end; |
|||
} |
|||
|
|||
} |
|||
|
|||
if (text) |
|||
{ |
|||
if (pubtext) |
|||
EVP_PKEY_print_public(out, pkey, 0, NULL); |
|||
else |
|||
EVP_PKEY_print_private(out, pkey, 0, NULL); |
|||
} |
|||
|
|||
ret = 0; |
|||
|
|||
end: |
|||
EVP_PKEY_free(pkey); |
|||
BIO_free_all(out); |
|||
BIO_free(in); |
|||
if (passin) |
|||
OPENSSL_free(passin); |
|||
if (passout) |
|||
OPENSSL_free(passout); |
|||
|
|||
return ret; |
|||
} |
@ -0,0 +1,200 @@ |
|||
/* apps/pkeyparam.c */ |
|||
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
|
|||
* project 2006 |
|||
*/ |
|||
/* ====================================================================
|
|||
* Copyright (c) 2006 The OpenSSL Project. All rights reserved. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* |
|||
* 1. Redistributions of source code must retain the above copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in |
|||
* the documentation and/or other materials provided with the |
|||
* distribution. |
|||
* |
|||
* 3. All advertising materials mentioning features or use of this |
|||
* software must display the following acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
|
|||
* |
|||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|||
* endorse or promote products derived from this software without |
|||
* prior written permission. For written permission, please contact |
|||
* licensing@OpenSSL.org. |
|||
* |
|||
* 5. Products derived from this software may not be called "OpenSSL" |
|||
* nor may "OpenSSL" appear in their names without prior written |
|||
* permission of the OpenSSL Project. |
|||
* |
|||
* 6. Redistributions of any form whatsoever must retain the following |
|||
* acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
|
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|||
* OF THE POSSIBILITY OF SUCH DAMAGE. |
|||
* ==================================================================== |
|||
* |
|||
* This product includes cryptographic software written by Eric Young |
|||
* (eay@cryptsoft.com). This product includes software written by Tim |
|||
* Hudson (tjh@cryptsoft.com). |
|||
* |
|||
*/ |
|||
#include <stdio.h> |
|||
#include <string.h> |
|||
#include "apps.h" |
|||
#include <openssl/pem.h> |
|||
#include <openssl/err.h> |
|||
#include <openssl/evp.h> |
|||
|
|||
#define PROG pkeyparam_main |
|||
|
|||
int MAIN(int, char **); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
char **args, *infile = NULL, *outfile = NULL; |
|||
BIO *in = NULL, *out = NULL; |
|||
int text = 0, noout = 0; |
|||
EVP_PKEY *pkey=NULL; |
|||
int badarg = 0; |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
char *engine=NULL; |
|||
#endif |
|||
int ret = 1; |
|||
|
|||
if (bio_err == NULL) |
|||
bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); |
|||
|
|||
if (!load_config(bio_err, NULL)) |
|||
goto end; |
|||
|
|||
ERR_load_crypto_strings(); |
|||
OpenSSL_add_all_algorithms(); |
|||
args = argv + 1; |
|||
while (!badarg && *args && *args[0] == '-') |
|||
{ |
|||
if (!strcmp (*args, "-in")) |
|||
{ |
|||
if (args[1]) |
|||
{ |
|||
args++; |
|||
infile = *args; |
|||
} |
|||
else badarg = 1; |
|||
} |
|||
else if (!strcmp (*args, "-out")) |
|||
{ |
|||
if (args[1]) |
|||
{ |
|||
args++; |
|||
outfile = *args; |
|||
} |
|||
else badarg = 1; |
|||
} |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
else if (strcmp(*args,"-engine") == 0) |
|||
{ |
|||
if (!args[1]) goto bad; |
|||
engine= *(++args); |
|||
} |
|||
#endif |
|||
|
|||
else if (strcmp(*args,"-text") == 0) |
|||
text=1; |
|||
else if (strcmp(*args,"-noout") == 0) |
|||
noout=1; |
|||
args++; |
|||
} |
|||
|
|||
if (badarg) |
|||
{ |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
bad: |
|||
#endif |
|||
BIO_printf(bio_err, "Usage pkeyparam [options]\n"); |
|||
BIO_printf(bio_err, "where options are\n"); |
|||
BIO_printf(bio_err, "-in file input file\n"); |
|||
BIO_printf(bio_err, "-out file output file\n"); |
|||
BIO_printf(bio_err, "-text print parameters as text\n"); |
|||
BIO_printf(bio_err, "-noout don't output encoded parameters\n"); |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n"); |
|||
#endif |
|||
return 1; |
|||
} |
|||
|
|||
#ifndef OPENSSL_NO_ENGINE |
|||
setup_engine(bio_err, engine, 0); |
|||
#endif |
|||
|
|||
if (infile) |
|||
{ |
|||
if (!(in = BIO_new_file (infile, "r"))) |
|||
{ |
|||
BIO_printf(bio_err, |
|||
"Can't open input file %s\n", infile); |
|||
goto end; |
|||
} |
|||
} |
|||
else |
|||
in = BIO_new_fp (stdin, BIO_NOCLOSE); |
|||
|
|||
if (outfile) |
|||
{ |
|||
if (!(out = BIO_new_file (outfile, "w"))) |
|||
{ |
|||
BIO_printf(bio_err, |
|||
"Can't open output file %s\n", outfile); |
|||
goto end; |
|||
} |
|||
} |
|||
else |
|||
{ |
|||
out = BIO_new_fp (stdout, BIO_NOCLOSE); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
out = BIO_push(tmpbio, out); |
|||
} |
|||
#endif |
|||
} |
|||
|
|||
pkey = PEM_read_bio_Parameters(in, NULL); |
|||
if (!pkey) |
|||
{ |
|||
BIO_printf(bio_err, "Error reading parameters\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
if (!noout) |
|||
PEM_write_bio_Parameters(out,pkey); |
|||
|
|||
if (text) |
|||
EVP_PKEY_print_params(out, pkey, 0, NULL); |
|||
|
|||
ret = 0; |
|||
|
|||
end: |
|||
EVP_PKEY_free(pkey); |
|||
BIO_free_all(out); |
|||
BIO_free(in); |
|||
|
|||
return ret; |
|||
} |
@ -0,0 +1,570 @@ |
|||
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
|
|||
* project 2006. |
|||
*/ |
|||
/* ====================================================================
|
|||
* Copyright (c) 2006 The OpenSSL Project. All rights reserved. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* |
|||
* 1. Redistributions of source code must retain the above copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in |
|||
* the documentation and/or other materials provided with the |
|||
* distribution. |
|||
* |
|||
* 3. All advertising materials mentioning features or use of this |
|||
* software must display the following acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
|
|||
* |
|||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|||
* endorse or promote products derived from this software without |
|||
* prior written permission. For written permission, please contact |
|||
* licensing@OpenSSL.org. |
|||
* |
|||
* 5. Products derived from this software may not be called "OpenSSL" |
|||
* nor may "OpenSSL" appear in their names without prior written |
|||
* permission of the OpenSSL Project. |
|||
* |
|||
* 6. Redistributions of any form whatsoever must retain the following |
|||
* acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
|
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|||
* OF THE POSSIBILITY OF SUCH DAMAGE. |
|||
* ==================================================================== |
|||
* |
|||
* This product includes cryptographic software written by Eric Young |
|||
* (eay@cryptsoft.com). This product includes software written by Tim |
|||
* Hudson (tjh@cryptsoft.com). |
|||
* |
|||
*/ |
|||
|
|||
|
|||
#include "apps.h" |
|||
#include <string.h> |
|||
#include <openssl/err.h> |
|||
#include <openssl/pem.h> |
|||
#include <openssl/evp.h> |
|||
|
|||
#define KEY_PRIVKEY 1 |
|||
#define KEY_PUBKEY 2 |
|||
#define KEY_CERT 3 |
|||
|
|||
static void usage(void); |
|||
|
|||
#undef PROG |
|||
|
|||
#define PROG pkeyutl_main |
|||
|
|||
static EVP_PKEY_CTX *init_ctx(int *pkeysize, |
|||
char *keyfile, int keyform, int key_type, |
|||
char *passargin, int pkey_op, ENGINE *e); |
|||
|
|||
static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform, |
|||
const char *file); |
|||
|
|||
static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op, |
|||
unsigned char *out, size_t *poutlen, |
|||
unsigned char *in, size_t inlen); |
|||
|
|||
int MAIN(int argc, char **); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
BIO *in = NULL, *out = NULL; |
|||
char *infile = NULL, *outfile = NULL, *sigfile = NULL; |
|||
ENGINE *e = NULL; |
|||
int pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY; |
|||
int keyform = FORMAT_PEM, peerform = FORMAT_PEM; |
|||
char badarg = 0, rev = 0; |
|||
char hexdump = 0, asn1parse = 0; |
|||
EVP_PKEY_CTX *ctx = NULL; |
|||
char *passargin = NULL; |
|||
int keysize = -1; |
|||
|
|||
unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL; |
|||
size_t buf_outlen; |
|||
int buf_inlen = 0, siglen = -1; |
|||
|
|||
int ret = 1, rv = -1; |
|||
|
|||
argc--; |
|||
argv++; |
|||
|
|||
if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); |
|||
|
|||
if (!load_config(bio_err, NULL)) |
|||
goto end; |
|||
ERR_load_crypto_strings(); |
|||
OpenSSL_add_all_algorithms(); |
|||
|
|||
while(argc >= 1) |
|||
{ |
|||
if (!strcmp(*argv,"-in")) |
|||
{ |
|||
if (--argc < 1) badarg = 1; |
|||
else infile= *(++argv); |
|||
} |
|||
else if (!strcmp(*argv,"-out")) |
|||
{ |
|||
if (--argc < 1) badarg = 1; |
|||
else outfile= *(++argv); |
|||
} |
|||
else if (!strcmp(*argv,"-sigfile")) |
|||
{ |
|||
if (--argc < 1) badarg = 1; |
|||
else sigfile= *(++argv); |
|||
} |
|||
else if(!strcmp(*argv, "-inkey")) |
|||
{ |
|||
if (--argc < 1) |
|||
badarg = 1; |
|||
else |
|||
{ |
|||
ctx = init_ctx(&keysize, |
|||
*(++argv), keyform, key_type, |
|||
passargin, pkey_op, e); |
|||
if (!ctx) |
|||
{ |
|||
BIO_puts(bio_err, |
|||
"Error initializing context\n"); |
|||
ERR_print_errors(bio_err); |
|||
badarg = 1; |
|||
} |
|||
} |
|||
} |
|||
else if (!strcmp(*argv,"-peerkey")) |
|||
{ |
|||
if (--argc < 1) |
|||
badarg = 1; |
|||
else if (!setup_peer(bio_err, ctx, peerform, *(++argv))) |
|||
badarg = 1; |
|||
} |
|||
else if (!strcmp(*argv,"-passin")) |
|||
{ |
|||
if (--argc < 1) badarg = 1; |
|||
else passargin= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-peerform") == 0) |
|||
{ |
|||
if (--argc < 1) badarg = 1; |
|||
else peerform=str2fmt(*(++argv)); |
|||
} |
|||
else if (strcmp(*argv,"-keyform") == 0) |
|||
{ |
|||
if (--argc < 1) badarg = 1; |
|||
else keyform=str2fmt(*(++argv)); |
|||
} |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
else if(!strcmp(*argv, "-engine")) |
|||
{ |
|||
if (--argc < 1) |
|||
badarg = 1; |
|||
else |
|||
e = setup_engine(bio_err, *(++argv), 0); |
|||
} |
|||
#endif |
|||
else if(!strcmp(*argv, "-pubin")) |
|||
key_type = KEY_PUBKEY; |
|||
else if(!strcmp(*argv, "-certin")) |
|||
key_type = KEY_CERT; |
|||
else if(!strcmp(*argv, "-asn1parse")) |
|||
asn1parse = 1; |
|||
else if(!strcmp(*argv, "-hexdump")) |
|||
hexdump = 1; |
|||
else if(!strcmp(*argv, "-sign")) |
|||
pkey_op = EVP_PKEY_OP_SIGN; |
|||
else if(!strcmp(*argv, "-verify")) |
|||
pkey_op = EVP_PKEY_OP_VERIFY; |
|||
else if(!strcmp(*argv, "-verifyrecover")) |
|||
pkey_op = EVP_PKEY_OP_VERIFYRECOVER; |
|||
else if(!strcmp(*argv, "-rev")) |
|||
rev = 1; |
|||
else if(!strcmp(*argv, "-encrypt")) |
|||
pkey_op = EVP_PKEY_OP_ENCRYPT; |
|||
else if(!strcmp(*argv, "-decrypt")) |
|||
pkey_op = EVP_PKEY_OP_DECRYPT; |
|||
else if(!strcmp(*argv, "-derive")) |
|||
pkey_op = EVP_PKEY_OP_DERIVE; |
|||
else if (strcmp(*argv,"-pkeyopt") == 0) |
|||
{ |
|||
if (--argc < 1) |
|||
badarg = 1; |
|||
else if (!ctx) |
|||
{ |
|||
BIO_puts(bio_err, |
|||
"-pkeyopt command before -inkey\n"); |
|||
badarg = 1; |
|||
} |
|||
else if (pkey_ctrl_string(ctx, *(++argv)) <= 0) |
|||
{ |
|||
BIO_puts(bio_err, "parameter setting error\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
} |
|||
else badarg = 1; |
|||
if(badarg) |
|||
{ |
|||
usage(); |
|||
goto end; |
|||
} |
|||
argc--; |
|||
argv++; |
|||
} |
|||
|
|||
if (!ctx) |
|||
{ |
|||
usage(); |
|||
goto end; |
|||
} |
|||
|
|||
if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY)) |
|||
{ |
|||
BIO_puts(bio_err, "Signature file specified for non verify\n"); |
|||
goto end; |
|||
} |
|||
|
|||
if (!sigfile && (pkey_op == EVP_PKEY_OP_VERIFY)) |
|||
{ |
|||
BIO_puts(bio_err, "No signature file specified for verify\n"); |
|||
goto end; |
|||
} |
|||
|
|||
/* FIXME: seed PRNG only if needed */ |
|||
app_RAND_load_file(NULL, bio_err, 0); |
|||
|
|||
if (pkey_op != EVP_PKEY_OP_DERIVE) |
|||
{ |
|||
if(infile) |
|||
{ |
|||
if(!(in = BIO_new_file(infile, "rb"))) |
|||
{ |
|||
BIO_puts(bio_err, |
|||
"Error Opening Input File\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
} |
|||
else |
|||
in = BIO_new_fp(stdin, BIO_NOCLOSE); |
|||
} |
|||
|
|||
if(outfile) |
|||
{ |
|||
if(!(out = BIO_new_file(outfile, "wb"))) |
|||
{ |
|||
BIO_printf(bio_err, "Error Creating Output File\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
} |
|||
else |
|||
{ |
|||
out = BIO_new_fp(stdout, BIO_NOCLOSE); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
out = BIO_push(tmpbio, out); |
|||
} |
|||
#endif |
|||
} |
|||
|
|||
if (sigfile) |
|||
{ |
|||
BIO *sigbio = BIO_new_file(sigfile, "rb"); |
|||
if (!sigbio) |
|||
{ |
|||
BIO_printf(bio_err, "Can't open signature file %s\n", |
|||
sigfile); |
|||
goto end; |
|||
} |
|||
siglen = bio_to_mem(&sig, keysize * 10, sigbio); |
|||
BIO_free(sigbio); |
|||
if (siglen <= 0) |
|||
{ |
|||
BIO_printf(bio_err, "Error reading signature data\n"); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
if (in) |
|||
{ |
|||
/* Read the input data */ |
|||
buf_inlen = bio_to_mem(&buf_in, keysize * 10, in); |
|||
if(buf_inlen <= 0) |
|||
{ |
|||
BIO_printf(bio_err, "Error reading input Data\n"); |
|||
exit(1); |
|||
} |
|||
if(rev) |
|||
{ |
|||
size_t i; |
|||
unsigned char ctmp; |
|||
size_t l = (size_t)buf_inlen; |
|||
for(i = 0; i < l/2; i++) |
|||
{ |
|||
ctmp = buf_in[i]; |
|||
buf_in[i] = buf_in[l - 1 - i]; |
|||
buf_in[l - 1 - i] = ctmp; |
|||
} |
|||
} |
|||
} |
|||
|
|||
if(pkey_op == EVP_PKEY_OP_VERIFY) |
|||
{ |
|||
rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen, |
|||
buf_in, (size_t)buf_inlen); |
|||
if (rv == 0) |
|||
BIO_puts(out, "Signature Verification Failure\n"); |
|||
else if (rv == 1) |
|||
BIO_puts(out, "Signature Verified Successfully\n"); |
|||
if (rv >= 0) |
|||
goto end; |
|||
} |
|||
else |
|||
{ |
|||
rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen, |
|||
buf_in, (size_t)buf_inlen); |
|||
if (rv > 0) |
|||
{ |
|||
buf_out = OPENSSL_malloc(buf_outlen); |
|||
if (!buf_out) |
|||
rv = -1; |
|||
else |
|||
rv = do_keyop(ctx, pkey_op, |
|||
buf_out, (size_t *)&buf_outlen, |
|||
buf_in, (size_t)buf_inlen); |
|||
} |
|||
} |
|||
|
|||
if(rv <= 0) |
|||
{ |
|||
BIO_printf(bio_err, "Public Key operation error\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
ret = 0; |
|||
if(asn1parse) |
|||
{ |
|||
if(!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1)) |
|||
ERR_print_errors(bio_err); |
|||
} |
|||
else if(hexdump) |
|||
BIO_dump(out, (char *)buf_out, buf_outlen); |
|||
else |
|||
BIO_write(out, buf_out, buf_outlen); |
|||
|
|||
end: |
|||
if (ctx) |
|||
EVP_PKEY_CTX_free(ctx); |
|||
BIO_free(in); |
|||
BIO_free_all(out); |
|||
if (buf_in) |
|||
OPENSSL_free(buf_in); |
|||
if (buf_out) |
|||
OPENSSL_free(buf_out); |
|||
if (sig) |
|||
OPENSSL_free(sig); |
|||
return ret; |
|||
} |
|||
|
|||
static void usage() |
|||
{ |
|||
BIO_printf(bio_err, "Usage: pkeyutl [options]\n"); |
|||
BIO_printf(bio_err, "-in file input file\n"); |
|||
BIO_printf(bio_err, "-out file output file\n"); |
|||
BIO_printf(bio_err, "-sigfile file signature file (verify operation only)\n"); |
|||
BIO_printf(bio_err, "-inkey file input key\n"); |
|||
BIO_printf(bio_err, "-keyform arg private key format - default PEM\n"); |
|||
BIO_printf(bio_err, "-pubin input is a public key\n"); |
|||
BIO_printf(bio_err, "-certin input is a certificate carrying a public key\n"); |
|||
BIO_printf(bio_err, "-pkeyopt X:Y public key options\n"); |
|||
BIO_printf(bio_err, "-sign sign with private key\n"); |
|||
BIO_printf(bio_err, "-verify verify with public key\n"); |
|||
BIO_printf(bio_err, "-verifyrecover verify with public key, recover original data\n"); |
|||
BIO_printf(bio_err, "-encrypt encrypt with public key\n"); |
|||
BIO_printf(bio_err, "-decrypt decrypt with private key\n"); |
|||
BIO_printf(bio_err, "-derive derive shared secret\n"); |
|||
BIO_printf(bio_err, "-hexdump hex dump output\n"); |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n"); |
|||
#endif |
|||
BIO_printf(bio_err, "-passin arg pass phrase source\n"); |
|||
|
|||
} |
|||
|
|||
static EVP_PKEY_CTX *init_ctx(int *pkeysize, |
|||
char *keyfile, int keyform, int key_type, |
|||
char *passargin, int pkey_op, ENGINE *e) |
|||
{ |
|||
EVP_PKEY *pkey = NULL; |
|||
EVP_PKEY_CTX *ctx = NULL; |
|||
char *passin = NULL; |
|||
int rv = -1; |
|||
X509 *x; |
|||
if(((pkey_op == EVP_PKEY_OP_SIGN) || (pkey_op == EVP_PKEY_OP_DECRYPT) |
|||
|| (pkey_op == EVP_PKEY_OP_DERIVE)) |
|||
&& (key_type != KEY_PRIVKEY)) |
|||
{ |
|||
BIO_printf(bio_err, "A private key is needed for this operation\n"); |
|||
goto end; |
|||
} |
|||
if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) |
|||
{ |
|||
BIO_printf(bio_err, "Error getting password\n"); |
|||
goto end; |
|||
} |
|||
switch(key_type) |
|||
{ |
|||
case KEY_PRIVKEY: |
|||
pkey = load_key(bio_err, keyfile, keyform, 0, |
|||
passin, e, "Private Key"); |
|||
break; |
|||
|
|||
case KEY_PUBKEY: |
|||
pkey = load_pubkey(bio_err, keyfile, keyform, 0, |
|||
NULL, e, "Public Key"); |
|||
break; |
|||
|
|||
case KEY_CERT: |
|||
x = load_cert(bio_err, keyfile, keyform, |
|||
NULL, e, "Certificate"); |
|||
if(x) |
|||
{ |
|||
pkey = X509_get_pubkey(x); |
|||
X509_free(x); |
|||
} |
|||
break; |
|||
|
|||
} |
|||
|
|||
*pkeysize = EVP_PKEY_size(pkey); |
|||
|
|||
if (!pkey) |
|||
goto end; |
|||
|
|||
ctx = EVP_PKEY_CTX_new(pkey, e); |
|||
|
|||
EVP_PKEY_free(pkey); |
|||
|
|||
if (!ctx) |
|||
goto end; |
|||
|
|||
switch(pkey_op) |
|||
{ |
|||
case EVP_PKEY_OP_SIGN: |
|||
rv = EVP_PKEY_sign_init(ctx); |
|||
break; |
|||
|
|||
case EVP_PKEY_OP_VERIFY: |
|||
rv = EVP_PKEY_verify_init(ctx); |
|||
break; |
|||
|
|||
case EVP_PKEY_OP_VERIFYRECOVER: |
|||
rv = EVP_PKEY_verify_recover_init(ctx); |
|||
break; |
|||
|
|||
case EVP_PKEY_OP_ENCRYPT: |
|||
rv = EVP_PKEY_encrypt_init(ctx); |
|||
break; |
|||
|
|||
case EVP_PKEY_OP_DECRYPT: |
|||
rv = EVP_PKEY_decrypt_init(ctx); |
|||
break; |
|||
|
|||
case EVP_PKEY_OP_DERIVE: |
|||
rv = EVP_PKEY_derive_init(ctx); |
|||
break; |
|||
} |
|||
|
|||
if (rv <= 0) |
|||
{ |
|||
EVP_PKEY_CTX_free(ctx); |
|||
ctx = NULL; |
|||
} |
|||
|
|||
end: |
|||
|
|||
if (passin) |
|||
OPENSSL_free(passin); |
|||
|
|||
return ctx; |
|||
|
|||
|
|||
} |
|||
|
|||
static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform, |
|||
const char *file) |
|||
{ |
|||
EVP_PKEY *peer = NULL; |
|||
int ret; |
|||
if (!ctx) |
|||
{ |
|||
BIO_puts(err, "-peerkey command before -inkey\n"); |
|||
return 0; |
|||
} |
|||
|
|||
peer = load_pubkey(bio_err, file, peerform, 0, NULL, NULL, "Peer Key"); |
|||
|
|||
if (!peer) |
|||
{ |
|||
BIO_printf(bio_err, "Error reading peer key %s\n", file); |
|||
ERR_print_errors(err); |
|||
return 0; |
|||
} |
|||
|
|||
ret = EVP_PKEY_derive_set_peer(ctx, peer); |
|||
|
|||
EVP_PKEY_free(peer); |
|||
if (ret <= 0) |
|||
ERR_print_errors(err); |
|||
return ret; |
|||
} |
|||
|
|||
static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op, |
|||
unsigned char *out, size_t *poutlen, |
|||
unsigned char *in, size_t inlen) |
|||
{ |
|||
int rv = 0; |
|||
switch(pkey_op) |
|||
{ |
|||
case EVP_PKEY_OP_VERIFYRECOVER: |
|||
rv = EVP_PKEY_verify_recover(ctx, out, poutlen, in, inlen); |
|||
break; |
|||
|
|||
case EVP_PKEY_OP_SIGN: |
|||
rv = EVP_PKEY_sign(ctx, out, poutlen, in, inlen); |
|||
break; |
|||
|
|||
case EVP_PKEY_OP_ENCRYPT: |
|||
rv = EVP_PKEY_encrypt(ctx, out, poutlen, in, inlen); |
|||
break; |
|||
|
|||
case EVP_PKEY_OP_DECRYPT: |
|||
rv = EVP_PKEY_decrypt(ctx, out, poutlen, in, inlen); |
|||
break; |
|||
|
|||
case EVP_PKEY_OP_DERIVE: |
|||
rv = EVP_PKEY_derive(ctx, out, poutlen); |
|||
break; |
|||
|
|||
} |
|||
return rv; |
|||
} |
@ -0,0 +1,160 @@ |
|||
/* ====================================================================
|
|||
* Copyright (c) 2004 The OpenSSL Project. All rights reserved. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* |
|||
* 1. Redistributions of source code must retain the above copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in |
|||
* the documentation and/or other materials provided with the |
|||
* distribution. |
|||
* |
|||
* 3. All advertising materials mentioning features or use of this |
|||
* software must display the following acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
|||
* |
|||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|||
* endorse or promote products derived from this software without |
|||
* prior written permission. For written permission, please contact |
|||
* openssl-core@openssl.org. |
|||
* |
|||
* 5. Products derived from this software may not be called "OpenSSL" |
|||
* nor may "OpenSSL" appear in their names without prior written |
|||
* permission of the OpenSSL Project. |
|||
* |
|||
* 6. Redistributions of any form whatsoever must retain the following |
|||
* acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|||
* OF THE POSSIBILITY OF SUCH DAMAGE. |
|||
* |
|||
*/ |
|||
|
|||
#include <string.h> |
|||
|
|||
#include "apps.h" |
|||
#include <openssl/bn.h> |
|||
|
|||
|
|||
#undef PROG |
|||
#define PROG prime_main |
|||
|
|||
int MAIN(int, char **); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
int hex=0; |
|||
int checks=20; |
|||
int generate=0; |
|||
int bits=0; |
|||
int safe=0; |
|||
BIGNUM *bn=NULL; |
|||
BIO *bio_out; |
|||
|
|||
apps_startup(); |
|||
|
|||
if (bio_err == NULL) |
|||
if ((bio_err=BIO_new(BIO_s_file())) != NULL) |
|||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); |
|||
|
|||
--argc; |
|||
++argv; |
|||
while (argc >= 1 && **argv == '-') |
|||
{ |
|||
if(!strcmp(*argv,"-hex")) |
|||
hex=1; |
|||
else if(!strcmp(*argv,"-generate")) |
|||
generate=1; |
|||
else if(!strcmp(*argv,"-bits")) |
|||
if(--argc < 1) |
|||
goto bad; |
|||
else |
|||
bits=atoi(*++argv); |
|||
else if(!strcmp(*argv,"-safe")) |
|||
safe=1; |
|||
else if(!strcmp(*argv,"-checks")) |
|||
if(--argc < 1) |
|||
goto bad; |
|||
else |
|||
checks=atoi(*++argv); |
|||
else |
|||
{ |
|||
BIO_printf(bio_err,"Unknown option '%s'\n",*argv); |
|||
goto bad; |
|||
} |
|||
--argc; |
|||
++argv; |
|||
} |
|||
|
|||
if (argv[0] == NULL && !generate) |
|||
{ |
|||
BIO_printf(bio_err,"No prime specified\n"); |
|||
goto bad; |
|||
} |
|||
|
|||
if ((bio_out=BIO_new(BIO_s_file())) != NULL) |
|||
{ |
|||
BIO_set_fp(bio_out,stdout,BIO_NOCLOSE); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
bio_out = BIO_push(tmpbio, bio_out); |
|||
} |
|||
#endif |
|||
} |
|||
|
|||
if(generate) |
|||
{ |
|||
char *s; |
|||
|
|||
if(!bits) |
|||
{ |
|||
BIO_printf(bio_err,"Specifiy the number of bits.\n"); |
|||
return 1; |
|||
} |
|||
bn=BN_new(); |
|||
BN_generate_prime_ex(bn,bits,safe,NULL,NULL,NULL); |
|||
s=hex ? BN_bn2hex(bn) : BN_bn2dec(bn); |
|||
BIO_printf(bio_out,"%s\n",s); |
|||
OPENSSL_free(s); |
|||
} |
|||
else |
|||
{ |
|||
if(hex) |
|||
BN_hex2bn(&bn,argv[0]); |
|||
else |
|||
BN_dec2bn(&bn,argv[0]); |
|||
|
|||
BN_print(bio_out,bn); |
|||
BIO_printf(bio_out," is %sprime\n", |
|||
BN_is_prime_ex(bn,checks,NULL,NULL) ? "" : "not "); |
|||
} |
|||
|
|||
BN_free(bn); |
|||
BIO_free_all(bio_out); |
|||
|
|||
return 0; |
|||
|
|||
bad: |
|||
BIO_printf(bio_err,"options are\n"); |
|||
BIO_printf(bio_err,"%-14s hex\n","-hex"); |
|||
BIO_printf(bio_err,"%-14s number of checks\n","-checks <n>"); |
|||
return 1; |
|||
} |
@ -0,0 +1,18 @@ |
|||
-----BEGIN RSA PRIVATE KEY----- |
|||
Proc-Type: 4,ENCRYPTED |
|||
DEK-Info: DES-EDE3-CBC,BA26229A1653B7FF |
|||
|
|||
6nhWG8PKhTPO/s3ZvjUa6226NlKdvPDZFsNXOOoSUs9ejxpb/aj5huhs6qRYzsz9 |
|||
Year47uaAZYhGD0vAagnNiBnYmjWEpN9G/wQxG7pgZThK1ZxDi63qn8aQ8UjuGHo |
|||
F6RpnnBQIAnWTWqr/Qsybtc5EoNkrj/Cpx0OfbSr6gZsFBCxwX1R1hT3/mhJ45f3 |
|||
XMofY32Vdfx9/vtw1O7HmlHXQnXaqnbd9/nn1EpvFJG9+UjPoW7gV4jCOLuR4deE |
|||
jS8hm+cpkwXmFtk3VGjT9tQXPpMv3JpYfBqgGQoMAJ5Toq0DWcHi6Wg08PsD8lgy |
|||
vmTioPsRg+JGkJkJ8GnusgLpQdlQJbjzd7wGE6ElUFLfOxLo8bLlRHoriHNdWYhh |
|||
JjY0LyeTkovcmWxVjImc6ZyBz5Ly4t0BYf1gq3OkjsV91Q1taBxnhiavfizqMCAf |
|||
PPB3sLQnlXG77TOXkNxpqbZfEYrVZW2Nsqqdn8s07Uj4IMONZyq2odYKWFPMJBiM |
|||
POYwXjMAOcmFMTHYsVlhcUJuV6LOuipw/FEbTtPH/MYMxLe4zx65dYo1rb4iLKLS |
|||
gMtB0o/Wl4Xno3ZXh1ucicYnV2J7NpVcjVq+3SFiCRu2SrSkZHZ23EPS13Ec6fcz |
|||
8X/YGA2vTJ8MAOozAzQUwHQYvLk7bIoQVekqDq4p0AZQbhdspHpArCk0Ifqqzg/v |
|||
Uyky/zZiQYanzDenTSRVI/8wac3olxpU8QvbySxYqmbkgq6bTpXJfYFQfnAttEsC |
|||
dA4S5UFgyOPZluxCAM4yaJF3Ft6neutNwftuJQMbgCUi9vYg2tGdSw== |
|||
-----END RSA PRIVATE KEY----- |
@ -0,0 +1,366 @@ |
|||
/* apps/progs.h */ |
|||
/* automatically generated by progs.pl for openssl.c */ |
|||
|
|||
extern int verify_main(int argc,char *argv[]); |
|||
extern int asn1parse_main(int argc,char *argv[]); |
|||
extern int req_main(int argc,char *argv[]); |
|||
extern int dgst_main(int argc,char *argv[]); |
|||
extern int dh_main(int argc,char *argv[]); |
|||
extern int dhparam_main(int argc,char *argv[]); |
|||
extern int enc_main(int argc,char *argv[]); |
|||
extern int passwd_main(int argc,char *argv[]); |
|||
extern int gendh_main(int argc,char *argv[]); |
|||
extern int errstr_main(int argc,char *argv[]); |
|||
extern int ca_main(int argc,char *argv[]); |
|||
extern int crl_main(int argc,char *argv[]); |
|||
extern int rsa_main(int argc,char *argv[]); |
|||
extern int rsautl_main(int argc,char *argv[]); |
|||
extern int dsa_main(int argc,char *argv[]); |
|||
extern int dsaparam_main(int argc,char *argv[]); |
|||
extern int ec_main(int argc,char *argv[]); |
|||
extern int ecparam_main(int argc,char *argv[]); |
|||
extern int x509_main(int argc,char *argv[]); |
|||
extern int genrsa_main(int argc,char *argv[]); |
|||
extern int gendsa_main(int argc,char *argv[]); |
|||
extern int genpkey_main(int argc,char *argv[]); |
|||
extern int s_server_main(int argc,char *argv[]); |
|||
extern int s_client_main(int argc,char *argv[]); |
|||
extern int speed_main(int argc,char *argv[]); |
|||
extern int s_time_main(int argc,char *argv[]); |
|||
extern int version_main(int argc,char *argv[]); |
|||
extern int pkcs7_main(int argc,char *argv[]); |
|||
extern int cms_main(int argc,char *argv[]); |
|||
extern int crl2pkcs7_main(int argc,char *argv[]); |
|||
extern int sess_id_main(int argc,char *argv[]); |
|||
extern int ciphers_main(int argc,char *argv[]); |
|||
extern int nseq_main(int argc,char *argv[]); |
|||
extern int pkcs12_main(int argc,char *argv[]); |
|||
extern int pkcs8_main(int argc,char *argv[]); |
|||
extern int pkey_main(int argc,char *argv[]); |
|||
extern int pkeyparam_main(int argc,char *argv[]); |
|||
extern int pkeyutl_main(int argc,char *argv[]); |
|||
extern int spkac_main(int argc,char *argv[]); |
|||
extern int smime_main(int argc,char *argv[]); |
|||
extern int rand_main(int argc,char *argv[]); |
|||
extern int engine_main(int argc,char *argv[]); |
|||
extern int ocsp_main(int argc,char *argv[]); |
|||
extern int prime_main(int argc,char *argv[]); |
|||
extern int ts_main(int argc,char *argv[]); |
|||
extern int srp_main(int argc,char *argv[]); |
|||
|
|||
#define FUNC_TYPE_GENERAL 1 |
|||
#define FUNC_TYPE_MD 2 |
|||
#define FUNC_TYPE_CIPHER 3 |
|||
#define FUNC_TYPE_PKEY 4 |
|||
#define FUNC_TYPE_MD_ALG 5 |
|||
#define FUNC_TYPE_CIPHER_ALG 6 |
|||
|
|||
typedef struct { |
|||
int type; |
|||
const char *name; |
|||
int (*func)(int argc,char *argv[]); |
|||
} FUNCTION; |
|||
DECLARE_LHASH_OF(FUNCTION); |
|||
|
|||
FUNCTION functions[] = { |
|||
{FUNC_TYPE_GENERAL,"verify",verify_main}, |
|||
{FUNC_TYPE_GENERAL,"asn1parse",asn1parse_main}, |
|||
{FUNC_TYPE_GENERAL,"req",req_main}, |
|||
{FUNC_TYPE_GENERAL,"dgst",dgst_main}, |
|||
#ifndef OPENSSL_NO_DH |
|||
{FUNC_TYPE_GENERAL,"dh",dh_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_DH |
|||
{FUNC_TYPE_GENERAL,"dhparam",dhparam_main}, |
|||
#endif |
|||
{FUNC_TYPE_GENERAL,"enc",enc_main}, |
|||
{FUNC_TYPE_GENERAL,"passwd",passwd_main}, |
|||
#ifndef OPENSSL_NO_DH |
|||
{FUNC_TYPE_GENERAL,"gendh",gendh_main}, |
|||
#endif |
|||
{FUNC_TYPE_GENERAL,"errstr",errstr_main}, |
|||
{FUNC_TYPE_GENERAL,"ca",ca_main}, |
|||
{FUNC_TYPE_GENERAL,"crl",crl_main}, |
|||
#ifndef OPENSSL_NO_RSA |
|||
{FUNC_TYPE_GENERAL,"rsa",rsa_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_RSA |
|||
{FUNC_TYPE_GENERAL,"rsautl",rsautl_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_DSA |
|||
{FUNC_TYPE_GENERAL,"dsa",dsa_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_DSA |
|||
{FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_EC |
|||
{FUNC_TYPE_GENERAL,"ec",ec_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_EC |
|||
{FUNC_TYPE_GENERAL,"ecparam",ecparam_main}, |
|||
#endif |
|||
{FUNC_TYPE_GENERAL,"x509",x509_main}, |
|||
#ifndef OPENSSL_NO_RSA |
|||
{FUNC_TYPE_GENERAL,"genrsa",genrsa_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_DSA |
|||
{FUNC_TYPE_GENERAL,"gendsa",gendsa_main}, |
|||
#endif |
|||
{FUNC_TYPE_GENERAL,"genpkey",genpkey_main}, |
|||
#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3)) |
|||
{FUNC_TYPE_GENERAL,"s_server",s_server_main}, |
|||
#endif |
|||
#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3)) |
|||
{FUNC_TYPE_GENERAL,"s_client",s_client_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_SPEED |
|||
{FUNC_TYPE_GENERAL,"speed",speed_main}, |
|||
#endif |
|||
#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3)) |
|||
{FUNC_TYPE_GENERAL,"s_time",s_time_main}, |
|||
#endif |
|||
{FUNC_TYPE_GENERAL,"version",version_main}, |
|||
{FUNC_TYPE_GENERAL,"pkcs7",pkcs7_main}, |
|||
#ifndef OPENSSL_NO_CMS |
|||
{FUNC_TYPE_GENERAL,"cms",cms_main}, |
|||
#endif |
|||
{FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main}, |
|||
{FUNC_TYPE_GENERAL,"sess_id",sess_id_main}, |
|||
#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3)) |
|||
{FUNC_TYPE_GENERAL,"ciphers",ciphers_main}, |
|||
#endif |
|||
{FUNC_TYPE_GENERAL,"nseq",nseq_main}, |
|||
#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1) |
|||
{FUNC_TYPE_GENERAL,"pkcs12",pkcs12_main}, |
|||
#endif |
|||
{FUNC_TYPE_GENERAL,"pkcs8",pkcs8_main}, |
|||
{FUNC_TYPE_GENERAL,"pkey",pkey_main}, |
|||
{FUNC_TYPE_GENERAL,"pkeyparam",pkeyparam_main}, |
|||
{FUNC_TYPE_GENERAL,"pkeyutl",pkeyutl_main}, |
|||
{FUNC_TYPE_GENERAL,"spkac",spkac_main}, |
|||
{FUNC_TYPE_GENERAL,"smime",smime_main}, |
|||
{FUNC_TYPE_GENERAL,"rand",rand_main}, |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
{FUNC_TYPE_GENERAL,"engine",engine_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_OCSP |
|||
{FUNC_TYPE_GENERAL,"ocsp",ocsp_main}, |
|||
#endif |
|||
{FUNC_TYPE_GENERAL,"prime",prime_main}, |
|||
{FUNC_TYPE_GENERAL,"ts",ts_main}, |
|||
#ifndef OPENSSL_NO_SRP |
|||
{FUNC_TYPE_GENERAL,"srp",srp_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_MD2 |
|||
{FUNC_TYPE_MD,"md2",dgst_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_MD4 |
|||
{FUNC_TYPE_MD,"md4",dgst_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_MD5 |
|||
{FUNC_TYPE_MD,"md5",dgst_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_SHA |
|||
{FUNC_TYPE_MD,"sha",dgst_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_SHA1 |
|||
{FUNC_TYPE_MD,"sha1",dgst_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_MDC2 |
|||
{FUNC_TYPE_MD,"mdc2",dgst_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_RMD160 |
|||
{FUNC_TYPE_MD,"rmd160",dgst_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_AES |
|||
{FUNC_TYPE_CIPHER,"aes-128-cbc",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_AES |
|||
{FUNC_TYPE_CIPHER,"aes-128-ecb",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_AES |
|||
{FUNC_TYPE_CIPHER,"aes-192-cbc",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_AES |
|||
{FUNC_TYPE_CIPHER,"aes-192-ecb",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_AES |
|||
{FUNC_TYPE_CIPHER,"aes-256-cbc",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_AES |
|||
{FUNC_TYPE_CIPHER,"aes-256-ecb",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_CAMELLIA |
|||
{FUNC_TYPE_CIPHER,"camellia-128-cbc",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_CAMELLIA |
|||
{FUNC_TYPE_CIPHER,"camellia-128-ecb",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_CAMELLIA |
|||
{FUNC_TYPE_CIPHER,"camellia-192-cbc",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_CAMELLIA |
|||
{FUNC_TYPE_CIPHER,"camellia-192-ecb",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_CAMELLIA |
|||
{FUNC_TYPE_CIPHER,"camellia-256-cbc",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_CAMELLIA |
|||
{FUNC_TYPE_CIPHER,"camellia-256-ecb",enc_main}, |
|||
#endif |
|||
{FUNC_TYPE_CIPHER,"base64",enc_main}, |
|||
#ifdef ZLIB |
|||
{FUNC_TYPE_CIPHER,"zlib",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_DES |
|||
{FUNC_TYPE_CIPHER,"des",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_DES |
|||
{FUNC_TYPE_CIPHER,"des3",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_DES |
|||
{FUNC_TYPE_CIPHER,"desx",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_IDEA |
|||
{FUNC_TYPE_CIPHER,"idea",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_SEED |
|||
{FUNC_TYPE_CIPHER,"seed",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_RC4 |
|||
{FUNC_TYPE_CIPHER,"rc4",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_RC4 |
|||
{FUNC_TYPE_CIPHER,"rc4-40",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_RC2 |
|||
{FUNC_TYPE_CIPHER,"rc2",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_BF |
|||
{FUNC_TYPE_CIPHER,"bf",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_CAST |
|||
{FUNC_TYPE_CIPHER,"cast",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_RC5 |
|||
{FUNC_TYPE_CIPHER,"rc5",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_DES |
|||
{FUNC_TYPE_CIPHER,"des-ecb",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_DES |
|||
{FUNC_TYPE_CIPHER,"des-ede",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_DES |
|||
{FUNC_TYPE_CIPHER,"des-ede3",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_DES |
|||
{FUNC_TYPE_CIPHER,"des-cbc",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_DES |
|||
{FUNC_TYPE_CIPHER,"des-ede-cbc",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_DES |
|||
{FUNC_TYPE_CIPHER,"des-ede3-cbc",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_DES |
|||
{FUNC_TYPE_CIPHER,"des-cfb",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_DES |
|||
{FUNC_TYPE_CIPHER,"des-ede-cfb",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_DES |
|||
{FUNC_TYPE_CIPHER,"des-ede3-cfb",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_DES |
|||
{FUNC_TYPE_CIPHER,"des-ofb",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_DES |
|||
{FUNC_TYPE_CIPHER,"des-ede-ofb",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_DES |
|||
{FUNC_TYPE_CIPHER,"des-ede3-ofb",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_IDEA |
|||
{FUNC_TYPE_CIPHER,"idea-cbc",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_IDEA |
|||
{FUNC_TYPE_CIPHER,"idea-ecb",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_IDEA |
|||
{FUNC_TYPE_CIPHER,"idea-cfb",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_IDEA |
|||
{FUNC_TYPE_CIPHER,"idea-ofb",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_SEED |
|||
{FUNC_TYPE_CIPHER,"seed-cbc",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_SEED |
|||
{FUNC_TYPE_CIPHER,"seed-ecb",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_SEED |
|||
{FUNC_TYPE_CIPHER,"seed-cfb",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_SEED |
|||
{FUNC_TYPE_CIPHER,"seed-ofb",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_RC2 |
|||
{FUNC_TYPE_CIPHER,"rc2-cbc",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_RC2 |
|||
{FUNC_TYPE_CIPHER,"rc2-ecb",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_RC2 |
|||
{FUNC_TYPE_CIPHER,"rc2-cfb",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_RC2 |
|||
{FUNC_TYPE_CIPHER,"rc2-ofb",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_RC2 |
|||
{FUNC_TYPE_CIPHER,"rc2-64-cbc",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_RC2 |
|||
{FUNC_TYPE_CIPHER,"rc2-40-cbc",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_BF |
|||
{FUNC_TYPE_CIPHER,"bf-cbc",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_BF |
|||
{FUNC_TYPE_CIPHER,"bf-ecb",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_BF |
|||
{FUNC_TYPE_CIPHER,"bf-cfb",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_BF |
|||
{FUNC_TYPE_CIPHER,"bf-ofb",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_CAST |
|||
{FUNC_TYPE_CIPHER,"cast5-cbc",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_CAST |
|||
{FUNC_TYPE_CIPHER,"cast5-ecb",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_CAST |
|||
{FUNC_TYPE_CIPHER,"cast5-cfb",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_CAST |
|||
{FUNC_TYPE_CIPHER,"cast5-ofb",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_CAST |
|||
{FUNC_TYPE_CIPHER,"cast-cbc",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_RC5 |
|||
{FUNC_TYPE_CIPHER,"rc5-cbc",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_RC5 |
|||
{FUNC_TYPE_CIPHER,"rc5-ecb",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_RC5 |
|||
{FUNC_TYPE_CIPHER,"rc5-cfb",enc_main}, |
|||
#endif |
|||
#ifndef OPENSSL_NO_RC5 |
|||
{FUNC_TYPE_CIPHER,"rc5-ofb",enc_main}, |
|||
#endif |
|||
{0,NULL,NULL} |
|||
}; |
@ -0,0 +1,104 @@ |
|||
#!/usr/local/bin/perl |
|||
|
|||
print "/* apps/progs.h */\n"; |
|||
print "/* automatically generated by progs.pl for openssl.c */\n\n"; |
|||
|
|||
grep(s/^asn1pars$/asn1parse/,@ARGV); |
|||
|
|||
foreach (@ARGV) |
|||
{ printf "extern int %s_main(int argc,char *argv[]);\n",$_; } |
|||
|
|||
print <<'EOF'; |
|||
|
|||
#define FUNC_TYPE_GENERAL 1 |
|||
#define FUNC_TYPE_MD 2 |
|||
#define FUNC_TYPE_CIPHER 3 |
|||
#define FUNC_TYPE_PKEY 4 |
|||
#define FUNC_TYPE_MD_ALG 5 |
|||
#define FUNC_TYPE_CIPHER_ALG 6 |
|||
|
|||
typedef struct { |
|||
int type; |
|||
const char *name; |
|||
int (*func)(int argc,char *argv[]); |
|||
} FUNCTION; |
|||
DECLARE_LHASH_OF(FUNCTION); |
|||
|
|||
FUNCTION functions[] = { |
|||
EOF |
|||
|
|||
foreach (@ARGV) |
|||
{ |
|||
push(@files,$_); |
|||
$str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n"; |
|||
if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/)) |
|||
{ print "#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))\n${str}#endif\n"; } |
|||
elsif ( ($_ =~ /^speed$/)) |
|||
{ print "#ifndef OPENSSL_NO_SPEED\n${str}#endif\n"; } |
|||
elsif ( ($_ =~ /^engine$/)) |
|||
{ print "#ifndef OPENSSL_NO_ENGINE\n${str}#endif\n"; } |
|||
elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) || ($_ =~ /^rsautl$/)) |
|||
{ print "#ifndef OPENSSL_NO_RSA\n${str}#endif\n"; } |
|||
elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/)) |
|||
{ print "#ifndef OPENSSL_NO_DSA\n${str}#endif\n"; } |
|||
elsif ( ($_ =~ /^ec$/) || ($_ =~ /^ecparam$/)) |
|||
{ print "#ifndef OPENSSL_NO_EC\n${str}#endif\n";} |
|||
elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/) || ($_ =~ /^dhparam$/)) |
|||
{ print "#ifndef OPENSSL_NO_DH\n${str}#endif\n"; } |
|||
elsif ( ($_ =~ /^pkcs12$/)) |
|||
{ print "#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)\n${str}#endif\n"; } |
|||
elsif ( ($_ =~ /^cms$/)) |
|||
{ print "#ifndef OPENSSL_NO_CMS\n${str}#endif\n"; } |
|||
elsif ( ($_ =~ /^ocsp$/)) |
|||
{ print "#ifndef OPENSSL_NO_OCSP\n${str}#endif\n"; } |
|||
elsif ( ($_ =~ /^srp$/)) |
|||
{ print "#ifndef OPENSSL_NO_SRP\n${str}#endif\n"; } |
|||
else |
|||
{ print $str; } |
|||
} |
|||
|
|||
foreach ("md2","md4","md5","sha","sha1","mdc2","rmd160") |
|||
{ |
|||
push(@files,$_); |
|||
printf "#ifndef OPENSSL_NO_".uc($_)."\n\t{FUNC_TYPE_MD,\"".$_."\",dgst_main},\n#endif\n"; |
|||
} |
|||
|
|||
foreach ( |
|||
"aes-128-cbc", "aes-128-ecb", |
|||
"aes-192-cbc", "aes-192-ecb", |
|||
"aes-256-cbc", "aes-256-ecb", |
|||
"camellia-128-cbc", "camellia-128-ecb", |
|||
"camellia-192-cbc", "camellia-192-ecb", |
|||
"camellia-256-cbc", "camellia-256-ecb", |
|||
"base64", "zlib", |
|||
"des", "des3", "desx", "idea", "seed", "rc4", "rc4-40", |
|||
"rc2", "bf", "cast", "rc5", |
|||
"des-ecb", "des-ede", "des-ede3", |
|||
"des-cbc", "des-ede-cbc","des-ede3-cbc", |
|||
"des-cfb", "des-ede-cfb","des-ede3-cfb", |
|||
"des-ofb", "des-ede-ofb","des-ede3-ofb", |
|||
"idea-cbc","idea-ecb", "idea-cfb", "idea-ofb", |
|||
"seed-cbc","seed-ecb", "seed-cfb", "seed-ofb", |
|||
"rc2-cbc", "rc2-ecb", "rc2-cfb","rc2-ofb", "rc2-64-cbc", "rc2-40-cbc", |
|||
"bf-cbc", "bf-ecb", "bf-cfb", "bf-ofb", |
|||
"cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb", |
|||
"cast-cbc", "rc5-cbc", "rc5-ecb", "rc5-cfb", "rc5-ofb") |
|||
{ |
|||
push(@files,$_); |
|||
|
|||
$t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_); |
|||
if ($_ =~ /des/) { $t="#ifndef OPENSSL_NO_DES\n${t}#endif\n"; } |
|||
elsif ($_ =~ /aes/) { $t="#ifndef OPENSSL_NO_AES\n${t}#endif\n"; } |
|||
elsif ($_ =~ /camellia/) { $t="#ifndef OPENSSL_NO_CAMELLIA\n${t}#endif\n"; } |
|||
elsif ($_ =~ /idea/) { $t="#ifndef OPENSSL_NO_IDEA\n${t}#endif\n"; } |
|||
elsif ($_ =~ /seed/) { $t="#ifndef OPENSSL_NO_SEED\n${t}#endif\n"; } |
|||
elsif ($_ =~ /rc4/) { $t="#ifndef OPENSSL_NO_RC4\n${t}#endif\n"; } |
|||
elsif ($_ =~ /rc2/) { $t="#ifndef OPENSSL_NO_RC2\n${t}#endif\n"; } |
|||
elsif ($_ =~ /bf/) { $t="#ifndef OPENSSL_NO_BF\n${t}#endif\n"; } |
|||
elsif ($_ =~ /cast/) { $t="#ifndef OPENSSL_NO_CAST\n${t}#endif\n"; } |
|||
elsif ($_ =~ /rc5/) { $t="#ifndef OPENSSL_NO_RC5\n${t}#endif\n"; } |
|||
elsif ($_ =~ /zlib/) { $t="#ifdef ZLIB\n${t}#endif\n"; } |
|||
print $t; |
|||
} |
|||
|
|||
print "\t{0,NULL,NULL}\n\t};\n"; |
@ -0,0 +1,245 @@ |
|||
/* apps/rand.c */ |
|||
/* ====================================================================
|
|||
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* |
|||
* 1. Redistributions of source code must retain the above copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in |
|||
* the documentation and/or other materials provided with the |
|||
* distribution. |
|||
* |
|||
* 3. All advertising materials mentioning features or use of this |
|||
* software must display the following acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
|||
* |
|||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|||
* endorse or promote products derived from this software without |
|||
* prior written permission. For written permission, please contact |
|||
* openssl-core@openssl.org. |
|||
* |
|||
* 5. Products derived from this software may not be called "OpenSSL" |
|||
* nor may "OpenSSL" appear in their names without prior written |
|||
* permission of the OpenSSL Project. |
|||
* |
|||
* 6. Redistributions of any form whatsoever must retain the following |
|||
* acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|||
* OF THE POSSIBILITY OF SUCH DAMAGE. |
|||
* ==================================================================== |
|||
* |
|||
* This product includes cryptographic software written by Eric Young |
|||
* (eay@cryptsoft.com). This product includes software written by Tim |
|||
* Hudson (tjh@cryptsoft.com). |
|||
* |
|||
*/ |
|||
|
|||
#include "apps.h" |
|||
|
|||
#include <ctype.h> |
|||
#include <stdio.h> |
|||
#include <string.h> |
|||
|
|||
#include <openssl/bio.h> |
|||
#include <openssl/err.h> |
|||
#include <openssl/rand.h> |
|||
|
|||
#undef PROG |
|||
#define PROG rand_main |
|||
|
|||
/* -out file - write to file
|
|||
* -rand file:file - PRNG seed files |
|||
* -base64 - base64 encode output |
|||
* -hex - hex encode output |
|||
* num - write 'num' bytes |
|||
*/ |
|||
|
|||
int MAIN(int, char **); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
int i, r, ret = 1; |
|||
int badopt; |
|||
char *outfile = NULL; |
|||
char *inrand = NULL; |
|||
int base64 = 0; |
|||
int hex = 0; |
|||
BIO *out = NULL; |
|||
int num = -1; |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
char *engine=NULL; |
|||
#endif |
|||
|
|||
apps_startup(); |
|||
|
|||
if (bio_err == NULL) |
|||
if ((bio_err = BIO_new(BIO_s_file())) != NULL) |
|||
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); |
|||
|
|||
if (!load_config(bio_err, NULL)) |
|||
goto err; |
|||
|
|||
badopt = 0; |
|||
i = 0; |
|||
while (!badopt && argv[++i] != NULL) |
|||
{ |
|||
if (strcmp(argv[i], "-out") == 0) |
|||
{ |
|||
if ((argv[i+1] != NULL) && (outfile == NULL)) |
|||
outfile = argv[++i]; |
|||
else |
|||
badopt = 1; |
|||
} |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
else if (strcmp(argv[i], "-engine") == 0) |
|||
{ |
|||
if ((argv[i+1] != NULL) && (engine == NULL)) |
|||
engine = argv[++i]; |
|||
else |
|||
badopt = 1; |
|||
} |
|||
#endif |
|||
else if (strcmp(argv[i], "-rand") == 0) |
|||
{ |
|||
if ((argv[i+1] != NULL) && (inrand == NULL)) |
|||
inrand = argv[++i]; |
|||
else |
|||
badopt = 1; |
|||
} |
|||
else if (strcmp(argv[i], "-base64") == 0) |
|||
{ |
|||
if (!base64) |
|||
base64 = 1; |
|||
else |
|||
badopt = 1; |
|||
} |
|||
else if (strcmp(argv[i], "-hex") == 0) |
|||
{ |
|||
if (!hex) |
|||
hex = 1; |
|||
else |
|||
badopt = 1; |
|||
} |
|||
else if (isdigit((unsigned char)argv[i][0])) |
|||
{ |
|||
if (num < 0) |
|||
{ |
|||
r = sscanf(argv[i], "%d", &num); |
|||
if (r == 0 || num < 0) |
|||
badopt = 1; |
|||
} |
|||
else |
|||
badopt = 1; |
|||
} |
|||
else |
|||
badopt = 1; |
|||
} |
|||
|
|||
if (hex && base64) |
|||
badopt = 1; |
|||
|
|||
if (num < 0) |
|||
badopt = 1; |
|||
|
|||
if (badopt) |
|||
{ |
|||
BIO_printf(bio_err, "Usage: rand [options] num\n"); |
|||
BIO_printf(bio_err, "where options are\n"); |
|||
BIO_printf(bio_err, "-out file - write to file\n"); |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
BIO_printf(bio_err, "-engine e - use engine e, possibly a hardware device.\n"); |
|||
#endif |
|||
BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); |
|||
BIO_printf(bio_err, "-base64 - base64 encode output\n"); |
|||
BIO_printf(bio_err, "-hex - hex encode output\n"); |
|||
goto err; |
|||
} |
|||
|
|||
#ifndef OPENSSL_NO_ENGINE |
|||
setup_engine(bio_err, engine, 0); |
|||
#endif |
|||
|
|||
app_RAND_load_file(NULL, bio_err, (inrand != NULL)); |
|||
if (inrand != NULL) |
|||
BIO_printf(bio_err,"%ld semi-random bytes loaded\n", |
|||
app_RAND_load_files(inrand)); |
|||
|
|||
out = BIO_new(BIO_s_file()); |
|||
if (out == NULL) |
|||
goto err; |
|||
if (outfile != NULL) |
|||
r = BIO_write_filename(out, outfile); |
|||
else |
|||
{ |
|||
r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
out = BIO_push(tmpbio, out); |
|||
} |
|||
#endif |
|||
} |
|||
if (r <= 0) |
|||
goto err; |
|||
|
|||
if (base64) |
|||
{ |
|||
BIO *b64 = BIO_new(BIO_f_base64()); |
|||
if (b64 == NULL) |
|||
goto err; |
|||
out = BIO_push(b64, out); |
|||
} |
|||
|
|||
while (num > 0) |
|||
{ |
|||
unsigned char buf[4096]; |
|||
int chunk; |
|||
|
|||
chunk = num; |
|||
if (chunk > (int)sizeof(buf)) |
|||
chunk = sizeof buf; |
|||
r = RAND_bytes(buf, chunk); |
|||
if (r <= 0) |
|||
goto err; |
|||
if (!hex) |
|||
BIO_write(out, buf, chunk); |
|||
else |
|||
{ |
|||
for (i = 0; i < chunk; i++) |
|||
BIO_printf(out, "%02x", buf[i]); |
|||
} |
|||
num -= chunk; |
|||
} |
|||
if (hex) |
|||
BIO_puts(out, "\n"); |
|||
(void)BIO_flush(out); |
|||
|
|||
app_RAND_write_file(NULL, bio_err); |
|||
ret = 0; |
|||
|
|||
err: |
|||
ERR_print_errors(bio_err); |
|||
if (out) |
|||
BIO_free_all(out); |
|||
apps_shutdown(); |
|||
OPENSSL_EXIT(ret); |
|||
} |
File diff suppressed because it is too large
@ -0,0 +1,11 @@ |
|||
-----BEGIN CERTIFICATE REQUEST----- |
|||
MIIBlzCCAVcCAQAwXjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx |
|||
ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAxMORXJp |
|||
YyB0aGUgWW91bmcwge8wgaYGBSsOAwIMMIGcAkEA+ZiKEvZmc9MtnaFZh4NiZ3oZ |
|||
S4J1PHvPrm9MXj5ntVheDPkdmBDTncyaGAJcMjwsyB/GvLDGd6yGCw/8eF+09wIV |
|||
AK3VagOxGd/Q4Af5NbxR5FB7CXEjAkA2t/q7HgVLi0KeKvcDG8BRl3wuy7bCvpjg |
|||
tWiJc/tpvcuzeuAayH89UofjAGueKjXDADiRffvSdhrNw5dkqdqlA0QAAkEAtUSo |
|||
84OekjitKGVjxLu0HvXck29pu+foad53vPKXAsuJdACj88BPqZ91Y9PIJf1GUh38 |
|||
CuiHWi7z3cEDfZCyCKAAMAkGBSsOAwIbBQADLwAwLAIUTg8amKVBE9oqC5B75dDQ |
|||
Chy3LdQCFHKodGEj3LjuTzdm/RTe2KZL9Uzf |
|||
-----END CERTIFICATE REQUEST----- |
@ -0,0 +1,450 @@ |
|||
/* apps/rsa.c */ |
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
|||
* All rights reserved. |
|||
* |
|||
* This package is an SSL implementation written |
|||
* by Eric Young (eay@cryptsoft.com). |
|||
* The implementation was written so as to conform with Netscapes SSL. |
|||
* |
|||
* This library is free for commercial and non-commercial use as long as |
|||
* the following conditions are aheared to. The following conditions |
|||
* apply to all code found in this distribution, be it the RC4, RSA, |
|||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
|||
* included with this distribution is covered by the same copyright terms |
|||
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
|||
* |
|||
* Copyright remains Eric Young's, and as such any Copyright notices in |
|||
* the code are not to be removed. |
|||
* If this package is used in a product, Eric Young should be given attribution |
|||
* as the author of the parts of the library used. |
|||
* This can be in the form of a textual message at program startup or |
|||
* in documentation (online or textual) provided with the package. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* 1. Redistributions of source code must retain the copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in the |
|||
* documentation and/or other materials provided with the distribution. |
|||
* 3. All advertising materials mentioning features or use of this software |
|||
* must display the following acknowledgement: |
|||
* "This product includes cryptographic software written by |
|||
* Eric Young (eay@cryptsoft.com)" |
|||
* The word 'cryptographic' can be left out if the rouines from the library |
|||
* being used are not cryptographic related :-). |
|||
* 4. If you include any Windows specific code (or a derivative thereof) from |
|||
* the apps directory (application code) you must include an acknowledgement: |
|||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|||
* SUCH DAMAGE. |
|||
* |
|||
* The licence and distribution terms for any publically available version or |
|||
* derivative of this code cannot be changed. i.e. this code cannot simply be |
|||
* copied and put under another distribution licence |
|||
* [including the GNU Public Licence.] |
|||
*/ |
|||
|
|||
#include <openssl/opensslconf.h> |
|||
#ifndef OPENSSL_NO_RSA |
|||
#include <stdio.h> |
|||
#include <stdlib.h> |
|||
#include <string.h> |
|||
#include <time.h> |
|||
#include "apps.h" |
|||
#include <openssl/bio.h> |
|||
#include <openssl/err.h> |
|||
#include <openssl/rsa.h> |
|||
#include <openssl/evp.h> |
|||
#include <openssl/x509.h> |
|||
#include <openssl/pem.h> |
|||
#include <openssl/bn.h> |
|||
|
|||
#undef PROG |
|||
#define PROG rsa_main |
|||
|
|||
/* -inform arg - input format - default PEM (one of DER, NET or PEM)
|
|||
* -outform arg - output format - default PEM |
|||
* -in arg - input file - default stdin |
|||
* -out arg - output file - default stdout |
|||
* -des - encrypt output if PEM format with DES in cbc mode |
|||
* -des3 - encrypt output if PEM format |
|||
* -idea - encrypt output if PEM format |
|||
* -seed - encrypt output if PEM format |
|||
* -aes128 - encrypt output if PEM format |
|||
* -aes192 - encrypt output if PEM format |
|||
* -aes256 - encrypt output if PEM format |
|||
* -camellia128 - encrypt output if PEM format |
|||
* -camellia192 - encrypt output if PEM format |
|||
* -camellia256 - encrypt output if PEM format |
|||
* -text - print a text version |
|||
* -modulus - print the RSA key modulus |
|||
* -check - verify key consistency |
|||
* -pubin - Expect a public key in input file. |
|||
* -pubout - Output a public key. |
|||
*/ |
|||
|
|||
int MAIN(int, char **); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
ENGINE *e = NULL; |
|||
int ret=1; |
|||
RSA *rsa=NULL; |
|||
int i,badops=0, sgckey=0; |
|||
const EVP_CIPHER *enc=NULL; |
|||
BIO *out=NULL; |
|||
int informat,outformat,text=0,check=0,noout=0; |
|||
int pubin = 0, pubout = 0; |
|||
char *infile,*outfile,*prog; |
|||
char *passargin = NULL, *passargout = NULL; |
|||
char *passin = NULL, *passout = NULL; |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
char *engine=NULL; |
|||
#endif |
|||
int modulus=0; |
|||
|
|||
int pvk_encr = 2; |
|||
|
|||
apps_startup(); |
|||
|
|||
if (bio_err == NULL) |
|||
if ((bio_err=BIO_new(BIO_s_file())) != NULL) |
|||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); |
|||
|
|||
if (!load_config(bio_err, NULL)) |
|||
goto end; |
|||
|
|||
infile=NULL; |
|||
outfile=NULL; |
|||
informat=FORMAT_PEM; |
|||
outformat=FORMAT_PEM; |
|||
|
|||
prog=argv[0]; |
|||
argc--; |
|||
argv++; |
|||
while (argc >= 1) |
|||
{ |
|||
if (strcmp(*argv,"-inform") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
informat=str2fmt(*(++argv)); |
|||
} |
|||
else if (strcmp(*argv,"-outform") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
outformat=str2fmt(*(++argv)); |
|||
} |
|||
else if (strcmp(*argv,"-in") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
infile= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-out") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
outfile= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-passin") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
passargin= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-passout") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
passargout= *(++argv); |
|||
} |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
else if (strcmp(*argv,"-engine") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
engine= *(++argv); |
|||
} |
|||
#endif |
|||
else if (strcmp(*argv,"-sgckey") == 0) |
|||
sgckey=1; |
|||
else if (strcmp(*argv,"-pubin") == 0) |
|||
pubin=1; |
|||
else if (strcmp(*argv,"-pubout") == 0) |
|||
pubout=1; |
|||
else if (strcmp(*argv,"-RSAPublicKey_in") == 0) |
|||
pubin = 2; |
|||
else if (strcmp(*argv,"-RSAPublicKey_out") == 0) |
|||
pubout = 2; |
|||
else if (strcmp(*argv,"-pvk-strong") == 0) |
|||
pvk_encr=2; |
|||
else if (strcmp(*argv,"-pvk-weak") == 0) |
|||
pvk_encr=1; |
|||
else if (strcmp(*argv,"-pvk-none") == 0) |
|||
pvk_encr=0; |
|||
else if (strcmp(*argv,"-noout") == 0) |
|||
noout=1; |
|||
else if (strcmp(*argv,"-text") == 0) |
|||
text=1; |
|||
else if (strcmp(*argv,"-modulus") == 0) |
|||
modulus=1; |
|||
else if (strcmp(*argv,"-check") == 0) |
|||
check=1; |
|||
else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL) |
|||
{ |
|||
BIO_printf(bio_err,"unknown option %s\n",*argv); |
|||
badops=1; |
|||
break; |
|||
} |
|||
argc--; |
|||
argv++; |
|||
} |
|||
|
|||
if (badops) |
|||
{ |
|||
bad: |
|||
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); |
|||
BIO_printf(bio_err,"where options are\n"); |
|||
BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n"); |
|||
BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n"); |
|||
BIO_printf(bio_err," -in arg input file\n"); |
|||
BIO_printf(bio_err," -sgckey Use IIS SGC key format\n"); |
|||
BIO_printf(bio_err," -passin arg input file pass phrase source\n"); |
|||
BIO_printf(bio_err," -out arg output file\n"); |
|||
BIO_printf(bio_err," -passout arg output file pass phrase source\n"); |
|||
BIO_printf(bio_err," -des encrypt PEM output with cbc des\n"); |
|||
BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); |
|||
#ifndef OPENSSL_NO_IDEA |
|||
BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n"); |
|||
#endif |
|||
#ifndef OPENSSL_NO_SEED |
|||
BIO_printf(bio_err," -seed encrypt PEM output with cbc seed\n"); |
|||
#endif |
|||
#ifndef OPENSSL_NO_AES |
|||
BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); |
|||
BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); |
|||
#endif |
|||
#ifndef OPENSSL_NO_CAMELLIA |
|||
BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n"); |
|||
BIO_printf(bio_err," encrypt PEM output with cbc camellia\n"); |
|||
#endif |
|||
BIO_printf(bio_err," -text print the key in text\n"); |
|||
BIO_printf(bio_err," -noout don't print key out\n"); |
|||
BIO_printf(bio_err," -modulus print the RSA key modulus\n"); |
|||
BIO_printf(bio_err," -check verify key consistency\n"); |
|||
BIO_printf(bio_err," -pubin expect a public key in input file\n"); |
|||
BIO_printf(bio_err," -pubout output a public key\n"); |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); |
|||
#endif |
|||
goto end; |
|||
} |
|||
|
|||
ERR_load_crypto_strings(); |
|||
|
|||
#ifndef OPENSSL_NO_ENGINE |
|||
e = setup_engine(bio_err, engine, 0); |
|||
#endif |
|||
|
|||
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { |
|||
BIO_printf(bio_err, "Error getting passwords\n"); |
|||
goto end; |
|||
} |
|||
|
|||
if(check && pubin) { |
|||
BIO_printf(bio_err, "Only private keys can be checked\n"); |
|||
goto end; |
|||
} |
|||
|
|||
out=BIO_new(BIO_s_file()); |
|||
|
|||
{ |
|||
EVP_PKEY *pkey; |
|||
|
|||
if (pubin) |
|||
{ |
|||
int tmpformat=-1; |
|||
if (pubin == 2) |
|||
{ |
|||
if (informat == FORMAT_PEM) |
|||
tmpformat = FORMAT_PEMRSA; |
|||
else if (informat == FORMAT_ASN1) |
|||
tmpformat = FORMAT_ASN1RSA; |
|||
} |
|||
else if (informat == FORMAT_NETSCAPE && sgckey) |
|||
tmpformat = FORMAT_IISSGC; |
|||
else |
|||
tmpformat = informat; |
|||
|
|||
pkey = load_pubkey(bio_err, infile, tmpformat, 1, |
|||
passin, e, "Public Key"); |
|||
} |
|||
else |
|||
pkey = load_key(bio_err, infile, |
|||
(informat == FORMAT_NETSCAPE && sgckey ? |
|||
FORMAT_IISSGC : informat), 1, |
|||
passin, e, "Private Key"); |
|||
|
|||
if (pkey != NULL) |
|||
rsa = EVP_PKEY_get1_RSA(pkey); |
|||
EVP_PKEY_free(pkey); |
|||
} |
|||
|
|||
if (rsa == NULL) |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
if (outfile == NULL) |
|||
{ |
|||
BIO_set_fp(out,stdout,BIO_NOCLOSE); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
out = BIO_push(tmpbio, out); |
|||
} |
|||
#endif |
|||
} |
|||
else |
|||
{ |
|||
if (BIO_write_filename(out,outfile) <= 0) |
|||
{ |
|||
perror(outfile); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
if (text) |
|||
if (!RSA_print(out,rsa,0)) |
|||
{ |
|||
perror(outfile); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
if (modulus) |
|||
{ |
|||
BIO_printf(out,"Modulus="); |
|||
BN_print(out,rsa->n); |
|||
BIO_printf(out,"\n"); |
|||
} |
|||
|
|||
if (check) |
|||
{ |
|||
int r = RSA_check_key(rsa); |
|||
|
|||
if (r == 1) |
|||
BIO_printf(out,"RSA key ok\n"); |
|||
else if (r == 0) |
|||
{ |
|||
unsigned long err; |
|||
|
|||
while ((err = ERR_peek_error()) != 0 && |
|||
ERR_GET_LIB(err) == ERR_LIB_RSA && |
|||
ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY && |
|||
ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE) |
|||
{ |
|||
BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(err)); |
|||
ERR_get_error(); /* remove e from error stack */ |
|||
} |
|||
} |
|||
|
|||
if (r == -1 || ERR_peek_error() != 0) /* should happen only if r == -1 */ |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
if (noout) |
|||
{ |
|||
ret = 0; |
|||
goto end; |
|||
} |
|||
BIO_printf(bio_err,"writing RSA key\n"); |
|||
if (outformat == FORMAT_ASN1) { |
|||
if(pubout || pubin) |
|||
{ |
|||
if (pubout == 2) |
|||
i=i2d_RSAPublicKey_bio(out,rsa); |
|||
else |
|||
i=i2d_RSA_PUBKEY_bio(out,rsa); |
|||
} |
|||
else i=i2d_RSAPrivateKey_bio(out,rsa); |
|||
} |
|||
#ifndef OPENSSL_NO_RC4 |
|||
else if (outformat == FORMAT_NETSCAPE) |
|||
{ |
|||
unsigned char *p,*pp; |
|||
int size; |
|||
|
|||
i=1; |
|||
size=i2d_RSA_NET(rsa,NULL,NULL, sgckey); |
|||
if ((p=(unsigned char *)OPENSSL_malloc(size)) == NULL) |
|||
{ |
|||
BIO_printf(bio_err,"Memory allocation failure\n"); |
|||
goto end; |
|||
} |
|||
pp=p; |
|||
i2d_RSA_NET(rsa,&p,NULL, sgckey); |
|||
BIO_write(out,(char *)pp,size); |
|||
OPENSSL_free(pp); |
|||
} |
|||
#endif |
|||
else if (outformat == FORMAT_PEM) { |
|||
if(pubout || pubin) |
|||
{ |
|||
if (pubout == 2) |
|||
i=PEM_write_bio_RSAPublicKey(out,rsa); |
|||
else |
|||
i=PEM_write_bio_RSA_PUBKEY(out,rsa); |
|||
} |
|||
else i=PEM_write_bio_RSAPrivateKey(out,rsa, |
|||
enc,NULL,0,NULL,passout); |
|||
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4) |
|||
} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) { |
|||
EVP_PKEY *pk; |
|||
pk = EVP_PKEY_new(); |
|||
EVP_PKEY_set1_RSA(pk, rsa); |
|||
if (outformat == FORMAT_PVK) |
|||
i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout); |
|||
else if (pubin || pubout) |
|||
i = i2b_PublicKey_bio(out, pk); |
|||
else |
|||
i = i2b_PrivateKey_bio(out, pk); |
|||
EVP_PKEY_free(pk); |
|||
#endif |
|||
} else { |
|||
BIO_printf(bio_err,"bad output format specified for outfile\n"); |
|||
goto end; |
|||
} |
|||
if (i <= 0) |
|||
{ |
|||
BIO_printf(bio_err,"unable to write key\n"); |
|||
ERR_print_errors(bio_err); |
|||
} |
|||
else |
|||
ret=0; |
|||
end: |
|||
if(out != NULL) BIO_free_all(out); |
|||
if(rsa != NULL) RSA_free(rsa); |
|||
if(passin) OPENSSL_free(passin); |
|||
if(passout) OPENSSL_free(passout); |
|||
apps_shutdown(); |
|||
OPENSSL_EXIT(ret); |
|||
} |
|||
#else /* !OPENSSL_NO_RSA */ |
|||
|
|||
# if PEDANTIC |
|||
static void *dummy=&dummy; |
|||
# endif |
|||
|
|||
#endif |
@ -0,0 +1,101 @@ |
|||
-----BEGIN RSA PRIVATE KEY----- |
|||
|
|||
MIISKAIBAAKCBAEAiQ2f1X6Bte1DKD0OoCBKEikzPW+5w3oXk3WwnE97Wxzy6wJZ |
|||
ebbZC3CZKKBnJeBMrysPf+lK+9+fP6Vm8bp1wvbcSIA59BDrX6irFSuM/bdnkbuF |
|||
MFlDjt+uVrxwoyqfPi2IPot1HQg3l5mdyBqcTWvbOnU2L9HZxJfPUCjfzdTMPrMY |
|||
55/A20XL7tlV2opEfwhy3uVlveQBM0DnZ3MUQfrk+lRRNWv7yE4ScbOfER9fjvOm |
|||
yJc3ZbOa3e+AMGGU9OqJ/fyOl0SGYyP2k23omy/idBV4uOs8QWdnAvq8UOzDdua3 |
|||
tuf5Tn17XBurPJ8juwyPBNispkwwn8BjxAZVPhwUIcxFBg339IxJ9cW0WdVy4nNA |
|||
LWo/8Ahlf+kZNnFNGCPFytU9gGMLMhab9w/rLrwa9qNe4L8Fmu1JxONn1WfhMOKE |
|||
aFmycf2olJsYLgUIGYZrjnYu0p/7P3yhTOv8JIhmK+SzmA/I0xiQoF84rpaQzH2d |
|||
PvxICOA9oQSowou0gLuBSZWm6LiXirg1DZCziU46v33ErQlWM1dSyNaUSzihcV59 |
|||
mVD0nmzboXH75lGiyiZlp8cLbozzoCwvk9rYqpUGSBzbAy0ECCpabGpzO2Ug+oDi |
|||
71e5z4WMpeoR4IS8MaOG/GsJnwaXhiB/gNYfK+8pRADVk5StEAZDE2alSuCbDs0z |
|||
d9zYr4/em5T9VZsLetxRE7pm/Es9yELuViz8/Tm0/8MVdmNYc/xZU1t6qYYFdyQ2 |
|||
wlGDTiNPsjR8yXCkmBjKwqnuleu1X6LaZu3VPhEkXGcyFAquQUkSiMv0Yu74qAe0 |
|||
bQ2v+jjZzP6AM9LUo89cW4Kd8SGD96BdNlAVPNMXoBcIOsZBwsOtETBd4KAyvkXE |
|||
Ob17u+PLl4UPnSxm9ypKZunUNFRPxtKUyjySYnvlGL+kTjAXrIrZwKJqIn0uhnfa |
|||
Ck3o7bU6yVMK22ODxy2/Vi3E0P6k5JLwnrF0VIOBqGhts66qo6mWDP8l6MZHARFd |
|||
pU+nofssVmr8tLKmMmjYGMM5GmKIXRNBs0ksTwFnKRs9AmpE5owC8tTSVdTAkGuS |
|||
os7QwLvyvNzq7BGJiVr0Iy3Dhsl1vzR35acNOrCsDl3DcCQONKJ2sVXV4pD3dBah |
|||
mG3sR/jHgjasffJJ35uiGoAua9dbT7HG/+D0z1SHYaVqH8zO4VZSOnGJh/P9rtxx |
|||
cckFDbiag/JMWig2lbnCjebTtp/BcUsK3TNaDOb7vb0LvbAeRJadd1EFu6PSlH3K |
|||
LykSUPm4UedvUU3cWjqkSY5lITFJkVaIYOv/EljYtK7p7kFZFTaEwMAWxgsXU3pQ |
|||
tTzVmq1gZ4vXPwcUq0zK50Frq0F7SQc21ZsunwIDAQABAoIEADuQAkDEpBausJsS |
|||
PgL1RXuzECPJJJCBxTE+2qx0FoY4hJICCWTORHGmU8nGPE3Ht0wBiNDsULw6KXl9 |
|||
psmzYW6D3qRbpdQebky6fu/KZ5H0XTyGpJGomaXELH5hkwo2gdKB805LSXB+m7p0 |
|||
9o96kSdMkpBLVGtf5iZ8W4rY2LsZmlI9f7taQHSLVt/M8HTz1mTnBRU92QO3zZW6 |
|||
xVa+OrWaFl18u3ZeIaSh2X40tBK68cqstXVD0r2OWuXNKobcQeJW8/XABzBShZ0c |
|||
ihL0lzyqiN4uXrLu+Nbr22b+FU2OODy6dGk3U6/69NvI4piMCPlHsfhHOnFjd1ZW |
|||
RIVywyUlCtLNdcn11CchuRro+0J3c2Ba+i9Cl9r3qzT11xFEGF8/XLyUBBCB+uGf |
|||
1dR/xJQhCA7cXWWLXyI/semxcvTaGpImP6kiIl1MAjHjXZTSdvyw4JmfXyYGhSjI |
|||
P0mw3Xn7FXxJ/os9gOfNKz2nZHjr0q4sgWRYO+4vllkeL0GteZrg4oVaVpmZb7LH |
|||
77afhodLylhijlEtV5skfkPujbBLQk6E5Ez3U/huEt2NLg6guADmwxMxfBRliZO4 |
|||
4Ex/td4cuggpEj3FGJV74qRvdvj/MF/uF7IxC/3WapPIsFBFH4zrJsUYt6u3L68I |
|||
/KC/bfioDeUR/8ANw1DNh+UsnPV3GJIwDkIJKdppi2uXPahJyJQQ8Inps53nn8Gg |
|||
GifS+HnOXNgMoKOJnZ9IDGjXpfjIs8dJNrGfDHF0mH30N2WARq2v/a3cNUC+f8Bq |
|||
HSKQ9YrZopktMunsut8u7ZYbTmjIqJpXCaM0CCrSlzSMTDHFSj2tzLk6+qnxeGxB |
|||
ZwIdShbdeK+0ETG91lE1e9RPQs/uXQP9+uCHJV0YpqQcA6pkCLYJfYpoSMu/Bafy |
|||
AgfVZz6l5tyEnV0wCcbopsQShc1k9xtTbYNF1h9AQHknj6zeDW4iZMvmVeh3RovT |
|||
52OA2R8oLyauF+QaG6x2wUjEx13SJlaBarJZ4seZIOJ+a8+oNzKsbgokXc2cyC9p |
|||
5FAZz1OsOb68o93qD1Xvl7bY97fq2q55L7G1XHPPLtZE5lGiLGDtnAuwY8UPrdpr |
|||
7Mv2yIxB7xVGurXyHb5PvusR88XED6HMPfLBG/55ENHTal7G5mRix+IWSBAIkxA5 |
|||
KZ0j8r5Ng4+wELZhqFQai39799bIAyiV6CEz4kyDXlo0kSSexp8o4iz5sPq5vp6h |
|||
cCb7rdRw7uRnbXrHmXahxoB+ibXaurgV/6B2yurrU/UFoxEp2sHp8LXZGfF6ztY1 |
|||
dMhSQAACK2vGy5yNagbkTHLgVaHicG5zavJBqzCE+lbPlCqhOUQPdOIwvjHNjdS/ |
|||
DL3WV/ECggIBAMbW65wPk/i43nSyeZeYwcHtR1SUJqDXavYfBPC0VRhKz+7DVMFw |
|||
Nwnocn6gITABc445W1yl7U3uww+LGuDlSlFnd8WuiXpVYud9/jeNu6Mu4wvNsnWr |
|||
f4f4ua8CcS03GmqmcbROD2Z6by1AblCZ2UL1kv9cUX1FLVjPP1ESAGKoePt3BmZQ |
|||
J1uJfK8HilNT8dcUlj/5CBi2uHxttDhoG0sxXE/SVsG9OD/Pjme0mj7gdzc6Ztd+ |
|||
TALuvpNQR4pRzfo5XWDZBcEYntcEE3PxYJB1+vnZ8509ew5/yLHTbLjFxIcx71zY |
|||
fhH0gM36Sz7mz37r0+E/QkRkc5bVIDC4LDnWmjpAde6QUx0d218ShNx6sJo4kt5c |
|||
Dd7tEVx8nuX8AIZYgwsOb382anLyFRkkmEdK3gRvwQ6SWR36Ez5L7/mHWODpLAX5 |
|||
mVBKSG4/ccFbc633/g0xHw0Nwajir/klckdakuYPlwF0yAxJSKDLhmNctDhRmxjC |
|||
YP+fISkl5oTvFRzJH6HEyNu8M3ybRvmpPIjM5J5JpnB2IYbohYBR+T6/97C1DKrd |
|||
mzL5PjlrWm0c1/d7LlDoP65fOShDMmj2zCiBAHHOM0Alokx+v5LmMd8NJumZIwGJ |
|||
Rt5OpeMOhowz6j1AjYxYgV7PmJL6Ovpfb775od/aLaUbbwHz2uWIvfF7AoICAQCw |
|||
c7NaO7oJVLJClhYw6OCvjT6oqtgNVWaennnDiJgzY9lv5HEgV0MAG0eYuB3hvj+w |
|||
Y1P9DJxP1D+R+cshYrAFg8yU/3kaYVNI0Bl3ygX0eW1b/0HZTdocs+8kM/9PZQDR |
|||
WrKQoU5lHvqRt99dXlD4NWGI2YQtzdZ8iet9QLqnjwRZabgE96mF01qKisMnFcsh |
|||
KjT7ieheU4J15TZj/mdZRNK126d7e3q/rNj73e5EJ9tkYLcolSr4gpknUMJULSEi |
|||
JH1/Qx7C/mTAMRsN5SkOthnGq0djCNWfPv/3JV0H67Uf5krFlnwLebrgfTYoPPdo |
|||
yO7iBUNJzv6Qh22malLp4P8gzACkD7DGlSTnoB5cLwcjmDGg+i9WrUBbOiVTeQfZ |
|||
kOj1o+Tz35ndpq/DDUVlqliB9krcxva+QHeJPH53EGI+YVg1nD+s/vUDZ3mQMGX9 |
|||
DQou2L8uU6RnWNv/BihGcL8QvS4Ty6QyPOUPpD3zc70JQAEcQk9BxQNaELgJX0IN |
|||
22cYn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU |
|||
ojF5U6cwextMja1ZIIZgh9eugIRUeIE7319nQNDzuXWjRCcoBLA25P7wnpHWDRpz |
|||
D9ovXCIvdja74lL5psqobV6L5+fbLPkSgXoImKR0LQKCAgAIC9Jk8kxumCyIVGCP |
|||
PeM5Uby9M3GMuKrfYsn0Y5e97+kSJF1dpojTodBgR2KQar6eVrvXt+8uZCcIjfx8 |
|||
dUrYmHNEUJfHl4T1ESgkX1vkcpVFeQFruZDjk7EP3+1sgvpSroGTZkVBRFsTXbQZ |
|||
FuCv0Pgt1TKG+zGmklxhj3TsiRy8MEjWAxBUp++ftZJnZNI4feDGnfEx7tLwVhAg |
|||
6DWSiWDO6hgQpvOLwX5lu+0x9itc1MQsnDO/OqIDnBAJDN5k7cVVkfKlqbVjxgpz |
|||
eqUJs3yAd81f44kDQTCB4ahYocgeIGsrOqd/WoGL1EEPPo/O9wQP7VtlIRt8UwuG |
|||
bS18+a4sBUfAa56xYu/pnPo7YcubsgZfcSIujzFQqMpVTClJRnOnEuJ4J1+PXzRz |
|||
XAO9fs4VJ+CMEmgAyonUz4Xadxulnknlw//sO9VKgM69oFHCDHL/XamAAbqAdwvf |
|||
7R/+uy+Ol7romC0wMhb6SsIZazrvvH2mNtduAKZ638nAP1x/WbQp+6iVG7yJok7w |
|||
82Q7tO7baOePTXh12Rrt4mNPor0HLYxhra4GFgfqkumJ2Mz0esuZAozxJXFOq8ly |
|||
beo9CVtXP5zbT6qNpeNismX6PLICaev8t+1iOZSE56WSLtefuuj/cOVrTMNDz1Rr |
|||
pUkEVV2zjUSjlcScM538A9iL2QKCAgBLbBk0r6T0ihRsK9UucMxhnYEz/Vq+UEu9 |
|||
70Vi1AciqEJv9nh4d3Q3HnH7EHANZxG4Jqzm1DYYVUQa9GfkTFeq88xFv/GW2hUM |
|||
YY8RSfRDrIeXNEOETCe37x2AHw25dRXlZtw+wARPau91y9+Y/FCl18NqCHfcUEin |
|||
ERjsf/eI2bPlODAlR2tZvZ7M60VBdqpN8cmV3zvI3e88z43xLfQlDyr1+v7a5Evy |
|||
lEJnXlSTI2o+vKxtl103vjMSwA1gh63K90gBVsJWXQDZueOzi8mB9UqNRfcMmOEe |
|||
4YHttTXPxeu0x+4cCRfam9zKShsVFgI28vRQ/ijl6qmbQ5gV8wqf18GV1j1L4z0P |
|||
lP6iVynDA4MMrug/w9DqPsHsfK0pwekeETfSj4y0xVXyjWZBfHG2ZBrS6mDTf+RG |
|||
LC4sJgR0hjdILLnUqIX7PzuhieBHRrjBcopwvcryVWRHnI7kslAS0+yHjiWc5oW3 |
|||
x5mtlum4HzelNYuD9cAE/95P6CeSMfp9CyIE/KSX4VvsRm6gQVkoQRKMxnQIFQ3w |
|||
O5gl1l88vhjoo2HxYScgCp70BsDwiUNTqIR3NM+ZBHYFweVf3Gwz5LzHZT2rEZtD |
|||
6VXRP75Q/2wOLnqCO4bK4BUs6sqxcQZmOldruPkPynrY0oPfHHExjxZDvQu4/r80 |
|||
Ls3n0L8yvQKCAgEAnYWS6EikwaQNpJEfiUnOlglgFz4EE1eVkrDbBY4J3oPU+doz |
|||
DrqmsvgpSZIAfd2MUbkN4pOMsMTjbeIYWDnZDa1RoctKs3FhwFPHwAjQpznab4mn |
|||
Bp81FMHM40qyb0NaNuFRwghdXvoQvBBX1p8oEnFzDRvTiuS/vTPTA8KDY8IeRp8R |
|||
oGzKHpfziNwq/URpqj7pwi9odNjGZvR2IwYw9jCLPIqaEbMoSOdI0mg4MoYyqP4q |
|||
nm7d4wqSDwrYxiXZ6f3nYpkhEY1lb0Wbksp1ig8sKSF4nDZRGK1RSfE+6gjBp94H |
|||
X/Wog6Zb6NC9ZpusTiDLvuIUXcyUJvmHiWjSNqiTv8jurlwEsgSwhziEQfqLrtdV |
|||
QI3PRMolBkD1iCk+HFE53r05LMf1bp3r4MS+naaQrLbIrl1kgDNGwVdgS+SCM7Bg |
|||
TwEgE67iOb2iIoUpon/NyP4LesMzvdpsu2JFlfz13PmmQ34mFI7tWvOb3NA5DP3c |
|||
46C6SaWI0TD9B11nJbHGTYN3Si9n0EBgoDJEXUKeh3km9O47dgvkSug4WzhYsvrE |
|||
rMlMLtKfp2w8HlMZpsUlToNCx6CI+tJrohzcs3BAVAbjFAXRKWGijB1rxwyDdHPv |
|||
I+/wJTNaRNPQ1M0SwtEL/zJd21y3KSPn4eL+GP3efhlDSjtlDvZqkdAUsU8= |
|||
-----END RSA PRIVATE KEY----- |
|||
|
@ -0,0 +1,351 @@ |
|||
/* rsautl.c */ |
|||
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
|
|||
* project 2000. |
|||
*/ |
|||
/* ====================================================================
|
|||
* Copyright (c) 2000 The OpenSSL Project. All rights reserved. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* |
|||
* 1. Redistributions of source code must retain the above copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in |
|||
* the documentation and/or other materials provided with the |
|||
* distribution. |
|||
* |
|||
* 3. All advertising materials mentioning features or use of this |
|||
* software must display the following acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
|
|||
* |
|||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|||
* endorse or promote products derived from this software without |
|||
* prior written permission. For written permission, please contact |
|||
* licensing@OpenSSL.org. |
|||
* |
|||
* 5. Products derived from this software may not be called "OpenSSL" |
|||
* nor may "OpenSSL" appear in their names without prior written |
|||
* permission of the OpenSSL Project. |
|||
* |
|||
* 6. Redistributions of any form whatsoever must retain the following |
|||
* acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
|
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|||
* OF THE POSSIBILITY OF SUCH DAMAGE. |
|||
* ==================================================================== |
|||
* |
|||
* This product includes cryptographic software written by Eric Young |
|||
* (eay@cryptsoft.com). This product includes software written by Tim |
|||
* Hudson (tjh@cryptsoft.com). |
|||
* |
|||
*/ |
|||
|
|||
#include <openssl/opensslconf.h> |
|||
#ifndef OPENSSL_NO_RSA |
|||
|
|||
#include "apps.h" |
|||
#include <string.h> |
|||
#include <openssl/err.h> |
|||
#include <openssl/pem.h> |
|||
#include <openssl/rsa.h> |
|||
|
|||
#define RSA_SIGN 1 |
|||
#define RSA_VERIFY 2 |
|||
#define RSA_ENCRYPT 3 |
|||
#define RSA_DECRYPT 4 |
|||
|
|||
#define KEY_PRIVKEY 1 |
|||
#define KEY_PUBKEY 2 |
|||
#define KEY_CERT 3 |
|||
|
|||
static void usage(void); |
|||
|
|||
#undef PROG |
|||
|
|||
#define PROG rsautl_main |
|||
|
|||
int MAIN(int argc, char **); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
ENGINE *e = NULL; |
|||
BIO *in = NULL, *out = NULL; |
|||
char *infile = NULL, *outfile = NULL; |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
char *engine = NULL; |
|||
#endif |
|||
char *keyfile = NULL; |
|||
char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY; |
|||
int keyform = FORMAT_PEM; |
|||
char need_priv = 0, badarg = 0, rev = 0; |
|||
char hexdump = 0, asn1parse = 0; |
|||
X509 *x; |
|||
EVP_PKEY *pkey = NULL; |
|||
RSA *rsa = NULL; |
|||
unsigned char *rsa_in = NULL, *rsa_out = NULL, pad; |
|||
char *passargin = NULL, *passin = NULL; |
|||
int rsa_inlen, rsa_outlen = 0; |
|||
int keysize; |
|||
|
|||
int ret = 1; |
|||
|
|||
argc--; |
|||
argv++; |
|||
|
|||
if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); |
|||
|
|||
if (!load_config(bio_err, NULL)) |
|||
goto end; |
|||
ERR_load_crypto_strings(); |
|||
OpenSSL_add_all_algorithms(); |
|||
pad = RSA_PKCS1_PADDING; |
|||
|
|||
while(argc >= 1) |
|||
{ |
|||
if (!strcmp(*argv,"-in")) { |
|||
if (--argc < 1) |
|||
badarg = 1; |
|||
else |
|||
infile= *(++argv); |
|||
} else if (!strcmp(*argv,"-out")) { |
|||
if (--argc < 1) |
|||
badarg = 1; |
|||
else |
|||
outfile= *(++argv); |
|||
} else if(!strcmp(*argv, "-inkey")) { |
|||
if (--argc < 1) |
|||
badarg = 1; |
|||
else |
|||
keyfile = *(++argv); |
|||
} else if (!strcmp(*argv,"-passin")) { |
|||
if (--argc < 1) |
|||
badarg = 1; |
|||
else |
|||
passargin= *(++argv); |
|||
} else if (strcmp(*argv,"-keyform") == 0) { |
|||
if (--argc < 1) |
|||
badarg = 1; |
|||
else |
|||
keyform=str2fmt(*(++argv)); |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
} else if(!strcmp(*argv, "-engine")) { |
|||
if (--argc < 1) |
|||
badarg = 1; |
|||
else |
|||
engine = *(++argv); |
|||
#endif |
|||
} else if(!strcmp(*argv, "-pubin")) { |
|||
key_type = KEY_PUBKEY; |
|||
} else if(!strcmp(*argv, "-certin")) { |
|||
key_type = KEY_CERT; |
|||
} |
|||
else if(!strcmp(*argv, "-asn1parse")) asn1parse = 1; |
|||
else if(!strcmp(*argv, "-hexdump")) hexdump = 1; |
|||
else if(!strcmp(*argv, "-raw")) pad = RSA_NO_PADDING; |
|||
else if(!strcmp(*argv, "-oaep")) pad = RSA_PKCS1_OAEP_PADDING; |
|||
else if(!strcmp(*argv, "-ssl")) pad = RSA_SSLV23_PADDING; |
|||
else if(!strcmp(*argv, "-pkcs")) pad = RSA_PKCS1_PADDING; |
|||
else if(!strcmp(*argv, "-x931")) pad = RSA_X931_PADDING; |
|||
else if(!strcmp(*argv, "-sign")) { |
|||
rsa_mode = RSA_SIGN; |
|||
need_priv = 1; |
|||
} else if(!strcmp(*argv, "-verify")) rsa_mode = RSA_VERIFY; |
|||
else if(!strcmp(*argv, "-rev")) rev = 1; |
|||
else if(!strcmp(*argv, "-encrypt")) rsa_mode = RSA_ENCRYPT; |
|||
else if(!strcmp(*argv, "-decrypt")) { |
|||
rsa_mode = RSA_DECRYPT; |
|||
need_priv = 1; |
|||
} else badarg = 1; |
|||
if(badarg) { |
|||
usage(); |
|||
goto end; |
|||
} |
|||
argc--; |
|||
argv++; |
|||
} |
|||
|
|||
if(need_priv && (key_type != KEY_PRIVKEY)) { |
|||
BIO_printf(bio_err, "A private key is needed for this operation\n"); |
|||
goto end; |
|||
} |
|||
|
|||
#ifndef OPENSSL_NO_ENGINE |
|||
e = setup_engine(bio_err, engine, 0); |
|||
#endif |
|||
if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { |
|||
BIO_printf(bio_err, "Error getting password\n"); |
|||
goto end; |
|||
} |
|||
|
|||
/* FIXME: seed PRNG only if needed */ |
|||
app_RAND_load_file(NULL, bio_err, 0); |
|||
|
|||
switch(key_type) { |
|||
case KEY_PRIVKEY: |
|||
pkey = load_key(bio_err, keyfile, keyform, 0, |
|||
passin, e, "Private Key"); |
|||
break; |
|||
|
|||
case KEY_PUBKEY: |
|||
pkey = load_pubkey(bio_err, keyfile, keyform, 0, |
|||
NULL, e, "Public Key"); |
|||
break; |
|||
|
|||
case KEY_CERT: |
|||
x = load_cert(bio_err, keyfile, keyform, |
|||
NULL, e, "Certificate"); |
|||
if(x) { |
|||
pkey = X509_get_pubkey(x); |
|||
X509_free(x); |
|||
} |
|||
break; |
|||
} |
|||
|
|||
if(!pkey) { |
|||
return 1; |
|||
} |
|||
|
|||
rsa = EVP_PKEY_get1_RSA(pkey); |
|||
EVP_PKEY_free(pkey); |
|||
|
|||
if(!rsa) { |
|||
BIO_printf(bio_err, "Error getting RSA key\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
|
|||
if(infile) { |
|||
if(!(in = BIO_new_file(infile, "rb"))) { |
|||
BIO_printf(bio_err, "Error Reading Input File\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
} else in = BIO_new_fp(stdin, BIO_NOCLOSE); |
|||
|
|||
if(outfile) { |
|||
if(!(out = BIO_new_file(outfile, "wb"))) { |
|||
BIO_printf(bio_err, "Error Reading Output File\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
} else { |
|||
out = BIO_new_fp(stdout, BIO_NOCLOSE); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
out = BIO_push(tmpbio, out); |
|||
} |
|||
#endif |
|||
} |
|||
|
|||
keysize = RSA_size(rsa); |
|||
|
|||
rsa_in = OPENSSL_malloc(keysize * 2); |
|||
rsa_out = OPENSSL_malloc(keysize); |
|||
|
|||
/* Read the input data */ |
|||
rsa_inlen = BIO_read(in, rsa_in, keysize * 2); |
|||
if(rsa_inlen <= 0) { |
|||
BIO_printf(bio_err, "Error reading input Data\n"); |
|||
exit(1); |
|||
} |
|||
if(rev) { |
|||
int i; |
|||
unsigned char ctmp; |
|||
for(i = 0; i < rsa_inlen/2; i++) { |
|||
ctmp = rsa_in[i]; |
|||
rsa_in[i] = rsa_in[rsa_inlen - 1 - i]; |
|||
rsa_in[rsa_inlen - 1 - i] = ctmp; |
|||
} |
|||
} |
|||
switch(rsa_mode) { |
|||
|
|||
case RSA_VERIFY: |
|||
rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad); |
|||
break; |
|||
|
|||
case RSA_SIGN: |
|||
rsa_outlen = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad); |
|||
break; |
|||
|
|||
case RSA_ENCRYPT: |
|||
rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad); |
|||
break; |
|||
|
|||
case RSA_DECRYPT: |
|||
rsa_outlen = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad); |
|||
break; |
|||
|
|||
} |
|||
|
|||
if(rsa_outlen <= 0) { |
|||
BIO_printf(bio_err, "RSA operation error\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
ret = 0; |
|||
if(asn1parse) { |
|||
if(!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) { |
|||
ERR_print_errors(bio_err); |
|||
} |
|||
} else if(hexdump) BIO_dump(out, (char *)rsa_out, rsa_outlen); |
|||
else BIO_write(out, rsa_out, rsa_outlen); |
|||
end: |
|||
RSA_free(rsa); |
|||
BIO_free(in); |
|||
BIO_free_all(out); |
|||
if(rsa_in) OPENSSL_free(rsa_in); |
|||
if(rsa_out) OPENSSL_free(rsa_out); |
|||
if(passin) OPENSSL_free(passin); |
|||
return ret; |
|||
} |
|||
|
|||
static void usage() |
|||
{ |
|||
BIO_printf(bio_err, "Usage: rsautl [options]\n"); |
|||
BIO_printf(bio_err, "-in file input file\n"); |
|||
BIO_printf(bio_err, "-out file output file\n"); |
|||
BIO_printf(bio_err, "-inkey file input key\n"); |
|||
BIO_printf(bio_err, "-keyform arg private key format - default PEM\n"); |
|||
BIO_printf(bio_err, "-pubin input is an RSA public\n"); |
|||
BIO_printf(bio_err, "-certin input is a certificate carrying an RSA public key\n"); |
|||
BIO_printf(bio_err, "-ssl use SSL v2 padding\n"); |
|||
BIO_printf(bio_err, "-raw use no padding\n"); |
|||
BIO_printf(bio_err, "-pkcs use PKCS#1 v1.5 padding (default)\n"); |
|||
BIO_printf(bio_err, "-oaep use PKCS#1 OAEP\n"); |
|||
BIO_printf(bio_err, "-sign sign with private key\n"); |
|||
BIO_printf(bio_err, "-verify verify with public key\n"); |
|||
BIO_printf(bio_err, "-encrypt encrypt with public key\n"); |
|||
BIO_printf(bio_err, "-decrypt decrypt with private key\n"); |
|||
BIO_printf(bio_err, "-hexdump hex dump output\n"); |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n"); |
|||
BIO_printf (bio_err, "-passin arg pass phrase source\n"); |
|||
#endif |
|||
|
|||
} |
|||
|
|||
#else /* !OPENSSL_NO_RSA */ |
|||
|
|||
# if PEDANTIC |
|||
static void *dummy=&dummy; |
|||
# endif |
|||
|
|||
#endif |
@ -0,0 +1,15 @@ |
|||
-----BEGIN RSA PRIVATE KEY----- |
|||
MIICXgIBAAKBgQCzEfU8E+ZGTGtHXV5XhvM2Lg32fXUIjydXb34BGVPX6oN7+aNV |
|||
S9eWayvW/+9/vUb0aCqilJrpFesgItV2T8VhhjOE++XUz46uNpcMU7wHMEAXUufP |
|||
pztpFm8ZEk2tFKvadkSSoN8lb11juvZVkSkPlB65pFhSe4QKSp6J4HrkYwIDAQAB |
|||
AoGBAKy8jvb0Lzby8q11yNLf7+78wCVdYi7ugMHcYA1JVFK8+zb1WfSm44FLQo/0 |
|||
dSChAjgz36TTexeLODPYxleJndjVcOMVzsLJjSM8dLpXsTS4FCeMbhw2s2u+xqKY |
|||
bbPWfk+HOTyJjfnkcC5Nbg44eOmruq0gSmBeUXVM5UntlTnxAkEA7TGCA3h7kx5E |
|||
Bl4zl2pc3gPAGt+dyfk5Po9mGJUUXhF5p2zueGmYWW74TmOWB1kzt4QRdYMzFePq |
|||
zfDNXEa1CwJBAMFErdY0xp0UJ13WwBbUTk8rujqQdHtjw0klhpbuKkjxu2hN0wwM |
|||
6p0D9qxF7JHaghqVRI0fAW/EE0OzdHMR9QkCQQDNR26dMFXKsoPu+vItljj/UEGf |
|||
QG7gERiQ4yxaFBPHgdpGo0kT31eh9x9hQGDkxTe0GNG/YSgCRvm8+C3TMcKXAkBD |
|||
dhGn36wkUFCddMSAM4NSJ1VN8/Z0y5HzCmI8dM3VwGtGMUQlxKxwOl30LEQzdS5M |
|||
0SWojNYXiT2gOBfBwtbhAkEAhafl5QEOIgUz+XazS/IlZ8goNKdDVfYgK3mHHjvv |
|||
nY5G+AuGebdNkXJr4KSWxDcN+C2i47zuj4QXA16MAOandA== |
|||
-----END RSA PRIVATE KEY----- |
@ -0,0 +1,11 @@ |
|||
-----BEGIN CERTIFICATE REQUEST----- |
|||
MIIBojCCAQsCAQAwZDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx |
|||
GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSQwIgYDVQQDExtTZXJ2ZXIgdGVz |
|||
dCBjZXJ0ICgxMDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALMR |
|||
9TwT5kZMa0ddXleG8zYuDfZ9dQiPJ1dvfgEZU9fqg3v5o1VL15ZrK9b/73+9RvRo |
|||
KqKUmukV6yAi1XZPxWGGM4T75dTPjq42lwxTvAcwQBdS58+nO2kWbxkSTa0Uq9p2 |
|||
RJKg3yVvXWO69lWRKQ+UHrmkWFJ7hApKnongeuRjAgMBAAEwDQYJKoZIhvcNAQEE |
|||
BQADgYEAStHlk4pBbwiNeQ2/PKTPPXzITYC8Gn0XMbrU94e/6JIKiO7aArq9Espq |
|||
nrBSvC14dHcNl6NNvnkEKdQ7hAkcACfBbnOXA/oQvMBd4GD78cH3k0jVDoVUEjil |
|||
frLfWlckW6WzpTktt0ZPDdAjJCmKVh0ABHimi7Bo9FC3wIGIe5M= |
|||
-----END CERTIFICATE REQUEST----- |
@ -0,0 +1,9 @@ |
|||
-----BEGIN RSA PRIVATE KEY----- |
|||
MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD |
|||
TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu |
|||
OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj |
|||
gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz |
|||
rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b |
|||
PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA |
|||
vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU= |
|||
-----END RSA PRIVATE KEY----- |
@ -0,0 +1,8 @@ |
|||
-----BEGIN CERTIFICATE REQUEST----- |
|||
MIIBGzCBxgIBADBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEa |
|||
MBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0 |
|||
IGNlcnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8S |
|||
MVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8E |
|||
y2//Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAANBAAB+uQi+qwn6qRSHB8EUTvsm |
|||
5TNTHzYDeN39nyIbZNX2s0se3Srn2Bxft5YCwD3moFZ9QoyDHxE0h6qLX5yjD+8= |
|||
-----END CERTIFICATE REQUEST----- |
@ -0,0 +1,176 @@ |
|||
/* apps/s_apps.h */ |
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
|||
* All rights reserved. |
|||
* |
|||
* This package is an SSL implementation written |
|||
* by Eric Young (eay@cryptsoft.com). |
|||
* The implementation was written so as to conform with Netscapes SSL. |
|||
* |
|||
* This library is free for commercial and non-commercial use as long as |
|||
* the following conditions are aheared to. The following conditions |
|||
* apply to all code found in this distribution, be it the RC4, RSA, |
|||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
|||
* included with this distribution is covered by the same copyright terms |
|||
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
|||
* |
|||
* Copyright remains Eric Young's, and as such any Copyright notices in |
|||
* the code are not to be removed. |
|||
* If this package is used in a product, Eric Young should be given attribution |
|||
* as the author of the parts of the library used. |
|||
* This can be in the form of a textual message at program startup or |
|||
* in documentation (online or textual) provided with the package. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* 1. Redistributions of source code must retain the copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in the |
|||
* documentation and/or other materials provided with the distribution. |
|||
* 3. All advertising materials mentioning features or use of this software |
|||
* must display the following acknowledgement: |
|||
* "This product includes cryptographic software written by |
|||
* Eric Young (eay@cryptsoft.com)" |
|||
* The word 'cryptographic' can be left out if the rouines from the library |
|||
* being used are not cryptographic related :-). |
|||
* 4. If you include any Windows specific code (or a derivative thereof) from |
|||
* the apps directory (application code) you must include an acknowledgement: |
|||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|||
* SUCH DAMAGE. |
|||
* |
|||
* The licence and distribution terms for any publically available version or |
|||
* derivative of this code cannot be changed. i.e. this code cannot simply be |
|||
* copied and put under another distribution licence |
|||
* [including the GNU Public Licence.] |
|||
*/ |
|||
/* ====================================================================
|
|||
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* |
|||
* 1. Redistributions of source code must retain the above copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in |
|||
* the documentation and/or other materials provided with the |
|||
* distribution. |
|||
* |
|||
* 3. All advertising materials mentioning features or use of this |
|||
* software must display the following acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
|||
* |
|||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|||
* endorse or promote products derived from this software without |
|||
* prior written permission. For written permission, please contact |
|||
* openssl-core@openssl.org. |
|||
* |
|||
* 5. Products derived from this software may not be called "OpenSSL" |
|||
* nor may "OpenSSL" appear in their names without prior written |
|||
* permission of the OpenSSL Project. |
|||
* |
|||
* 6. Redistributions of any form whatsoever must retain the following |
|||
* acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|||
* OF THE POSSIBILITY OF SUCH DAMAGE. |
|||
* ==================================================================== |
|||
* |
|||
* This product includes cryptographic software written by Eric Young |
|||
* (eay@cryptsoft.com). This product includes software written by Tim |
|||
* Hudson (tjh@cryptsoft.com). |
|||
* |
|||
*/ |
|||
#if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */ |
|||
#include <sys/types.h> |
|||
#endif |
|||
#include <openssl/opensslconf.h> |
|||
|
|||
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) |
|||
#include <conio.h> |
|||
#endif |
|||
|
|||
#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32) |
|||
#define _kbhit kbhit |
|||
#endif |
|||
|
|||
#if defined(OPENSSL_SYS_VMS) && !defined(FD_SET) |
|||
/* VAX C does not defined fd_set and friends, but it's actually quite simple */ |
|||
/* These definitions are borrowed from SOCKETSHR. /Richard Levitte */ |
|||
#define MAX_NOFILE 32 |
|||
#define NBBY 8 /* number of bits in a byte */ |
|||
|
|||
#ifndef FD_SETSIZE |
|||
#define FD_SETSIZE MAX_NOFILE |
|||
#endif /* FD_SETSIZE */ |
|||
|
|||
/* How many things we'll allow select to use. 0 if unlimited */ |
|||
#define MAXSELFD MAX_NOFILE |
|||
typedef int fd_mask; /* int here! VMS prototypes int, not long */ |
|||
#define NFDBITS (sizeof(fd_mask) * NBBY) /* bits per mask (power of 2!)*/ |
|||
#define NFDSHIFT 5 /* Shift based on above */ |
|||
|
|||
typedef fd_mask fd_set; |
|||
#define FD_SET(n, p) (*(p) |= (1 << ((n) % NFDBITS))) |
|||
#define FD_CLR(n, p) (*(p) &= ~(1 << ((n) % NFDBITS))) |
|||
#define FD_ISSET(n, p) (*(p) & (1 << ((n) % NFDBITS))) |
|||
#define FD_ZERO(p) memset((char *)(p), 0, sizeof(*(p))) |
|||
#endif |
|||
|
|||
#define PORT 4433 |
|||
#define PORT_STR "4433" |
|||
#define PROTOCOL "tcp" |
|||
|
|||
int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context); |
|||
#ifdef HEADER_X509_H |
|||
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); |
|||
#endif |
|||
#ifdef HEADER_SSL_H |
|||
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file); |
|||
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key); |
|||
#endif |
|||
int init_client(int *sock, char *server, int port, int type); |
|||
int should_retry(int i); |
|||
int extract_port(char *str, short *port_ptr); |
|||
int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p); |
|||
|
|||
long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, |
|||
int argi, long argl, long ret); |
|||
|
|||
#ifdef HEADER_SSL_H |
|||
void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret); |
|||
void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); |
|||
void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type, |
|||
unsigned char *data, int len, |
|||
void *arg); |
|||
#endif |
|||
|
|||
int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len); |
|||
int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len); |
@ -0,0 +1,928 @@ |
|||
/* apps/s_cb.c - callback functions used by s_client, s_server, and s_time */ |
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
|||
* All rights reserved. |
|||
* |
|||
* This package is an SSL implementation written |
|||
* by Eric Young (eay@cryptsoft.com). |
|||
* The implementation was written so as to conform with Netscapes SSL. |
|||
* |
|||
* This library is free for commercial and non-commercial use as long as |
|||
* the following conditions are aheared to. The following conditions |
|||
* apply to all code found in this distribution, be it the RC4, RSA, |
|||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
|||
* included with this distribution is covered by the same copyright terms |
|||
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
|||
* |
|||
* Copyright remains Eric Young's, and as such any Copyright notices in |
|||
* the code are not to be removed. |
|||
* If this package is used in a product, Eric Young should be given attribution |
|||
* as the author of the parts of the library used. |
|||
* This can be in the form of a textual message at program startup or |
|||
* in documentation (online or textual) provided with the package. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* 1. Redistributions of source code must retain the copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in the |
|||
* documentation and/or other materials provided with the distribution. |
|||
* 3. All advertising materials mentioning features or use of this software |
|||
* must display the following acknowledgement: |
|||
* "This product includes cryptographic software written by |
|||
* Eric Young (eay@cryptsoft.com)" |
|||
* The word 'cryptographic' can be left out if the rouines from the library |
|||
* being used are not cryptographic related :-). |
|||
* 4. If you include any Windows specific code (or a derivative thereof) from |
|||
* the apps directory (application code) you must include an acknowledgement: |
|||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|||
* SUCH DAMAGE. |
|||
* |
|||
* The licence and distribution terms for any publically available version or |
|||
* derivative of this code cannot be changed. i.e. this code cannot simply be |
|||
* copied and put under another distribution licence |
|||
* [including the GNU Public Licence.] |
|||
*/ |
|||
/* ====================================================================
|
|||
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* |
|||
* 1. Redistributions of source code must retain the above copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in |
|||
* the documentation and/or other materials provided with the |
|||
* distribution. |
|||
* |
|||
* 3. All advertising materials mentioning features or use of this |
|||
* software must display the following acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
|||
* |
|||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|||
* endorse or promote products derived from this software without |
|||
* prior written permission. For written permission, please contact |
|||
* openssl-core@openssl.org. |
|||
* |
|||
* 5. Products derived from this software may not be called "OpenSSL" |
|||
* nor may "OpenSSL" appear in their names without prior written |
|||
* permission of the OpenSSL Project. |
|||
* |
|||
* 6. Redistributions of any form whatsoever must retain the following |
|||
* acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|||
* OF THE POSSIBILITY OF SUCH DAMAGE. |
|||
* ==================================================================== |
|||
* |
|||
* This product includes cryptographic software written by Eric Young |
|||
* (eay@cryptsoft.com). This product includes software written by Tim |
|||
* Hudson (tjh@cryptsoft.com). |
|||
* |
|||
*/ |
|||
|
|||
#include <stdio.h> |
|||
#include <stdlib.h> |
|||
#define USE_SOCKETS |
|||
#define NON_MAIN |
|||
#include "apps.h" |
|||
#undef NON_MAIN |
|||
#undef USE_SOCKETS |
|||
#include <openssl/err.h> |
|||
#include <openssl/rand.h> |
|||
#include <openssl/x509.h> |
|||
#include <openssl/ssl.h> |
|||
#include "s_apps.h" |
|||
|
|||
#define COOKIE_SECRET_LENGTH 16 |
|||
|
|||
int verify_depth=0; |
|||
int verify_error=X509_V_OK; |
|||
int verify_return_error=0; |
|||
unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; |
|||
int cookie_initialized=0; |
|||
|
|||
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) |
|||
{ |
|||
X509 *err_cert; |
|||
int err,depth; |
|||
|
|||
err_cert=X509_STORE_CTX_get_current_cert(ctx); |
|||
err= X509_STORE_CTX_get_error(ctx); |
|||
depth= X509_STORE_CTX_get_error_depth(ctx); |
|||
|
|||
BIO_printf(bio_err,"depth=%d ",depth); |
|||
if (err_cert) |
|||
{ |
|||
X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert), |
|||
0, XN_FLAG_ONELINE); |
|||
BIO_puts(bio_err, "\n"); |
|||
} |
|||
else |
|||
BIO_puts(bio_err, "<no cert>\n"); |
|||
if (!ok) |
|||
{ |
|||
BIO_printf(bio_err,"verify error:num=%d:%s\n",err, |
|||
X509_verify_cert_error_string(err)); |
|||
if (verify_depth >= depth) |
|||
{ |
|||
if (!verify_return_error) |
|||
ok=1; |
|||
verify_error=X509_V_OK; |
|||
} |
|||
else |
|||
{ |
|||
ok=0; |
|||
verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG; |
|||
} |
|||
} |
|||
switch (err) |
|||
{ |
|||
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: |
|||
BIO_puts(bio_err,"issuer= "); |
|||
X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert), |
|||
0, XN_FLAG_ONELINE); |
|||
BIO_puts(bio_err, "\n"); |
|||
break; |
|||
case X509_V_ERR_CERT_NOT_YET_VALID: |
|||
case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: |
|||
BIO_printf(bio_err,"notBefore="); |
|||
ASN1_TIME_print(bio_err,X509_get_notBefore(err_cert)); |
|||
BIO_printf(bio_err,"\n"); |
|||
break; |
|||
case X509_V_ERR_CERT_HAS_EXPIRED: |
|||
case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: |
|||
BIO_printf(bio_err,"notAfter="); |
|||
ASN1_TIME_print(bio_err,X509_get_notAfter(err_cert)); |
|||
BIO_printf(bio_err,"\n"); |
|||
break; |
|||
case X509_V_ERR_NO_EXPLICIT_POLICY: |
|||
policies_print(bio_err, ctx); |
|||
break; |
|||
} |
|||
if (err == X509_V_OK && ok == 2) |
|||
policies_print(bio_err, ctx); |
|||
|
|||
BIO_printf(bio_err,"verify return:%d\n",ok); |
|||
return(ok); |
|||
} |
|||
|
|||
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) |
|||
{ |
|||
if (cert_file != NULL) |
|||
{ |
|||
/*
|
|||
SSL *ssl; |
|||
X509 *x509; |
|||
*/ |
|||
|
|||
if (SSL_CTX_use_certificate_file(ctx,cert_file, |
|||
SSL_FILETYPE_PEM) <= 0) |
|||
{ |
|||
BIO_printf(bio_err,"unable to get certificate from '%s'\n",cert_file); |
|||
ERR_print_errors(bio_err); |
|||
return(0); |
|||
} |
|||
if (key_file == NULL) key_file=cert_file; |
|||
if (SSL_CTX_use_PrivateKey_file(ctx,key_file, |
|||
SSL_FILETYPE_PEM) <= 0) |
|||
{ |
|||
BIO_printf(bio_err,"unable to get private key from '%s'\n",key_file); |
|||
ERR_print_errors(bio_err); |
|||
return(0); |
|||
} |
|||
|
|||
/*
|
|||
In theory this is no longer needed |
|||
ssl=SSL_new(ctx); |
|||
x509=SSL_get_certificate(ssl); |
|||
|
|||
if (x509 != NULL) { |
|||
EVP_PKEY *pktmp; |
|||
pktmp = X509_get_pubkey(x509); |
|||
EVP_PKEY_copy_parameters(pktmp, |
|||
SSL_get_privatekey(ssl)); |
|||
EVP_PKEY_free(pktmp); |
|||
} |
|||
SSL_free(ssl); |
|||
*/ |
|||
|
|||
/* If we are using DSA, we can copy the parameters from
|
|||
* the private key */ |
|||
|
|||
|
|||
/* Now we know that a key and cert have been set against
|
|||
* the SSL context */ |
|||
if (!SSL_CTX_check_private_key(ctx)) |
|||
{ |
|||
BIO_printf(bio_err,"Private key does not match the certificate public key\n"); |
|||
return(0); |
|||
} |
|||
} |
|||
return(1); |
|||
} |
|||
|
|||
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key) |
|||
{ |
|||
if (cert == NULL) |
|||
return 1; |
|||
if (SSL_CTX_use_certificate(ctx,cert) <= 0) |
|||
{ |
|||
BIO_printf(bio_err,"error setting certificate\n"); |
|||
ERR_print_errors(bio_err); |
|||
return 0; |
|||
} |
|||
if (SSL_CTX_use_PrivateKey(ctx,key) <= 0) |
|||
{ |
|||
BIO_printf(bio_err,"error setting private key\n"); |
|||
ERR_print_errors(bio_err); |
|||
return 0; |
|||
} |
|||
|
|||
|
|||
/* Now we know that a key and cert have been set against
|
|||
* the SSL context */ |
|||
if (!SSL_CTX_check_private_key(ctx)) |
|||
{ |
|||
BIO_printf(bio_err,"Private key does not match the certificate public key\n"); |
|||
return 0; |
|||
} |
|||
return 1; |
|||
} |
|||
|
|||
long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, |
|||
int argi, long argl, long ret) |
|||
{ |
|||
BIO *out; |
|||
|
|||
out=(BIO *)BIO_get_callback_arg(bio); |
|||
if (out == NULL) return(ret); |
|||
|
|||
if (cmd == (BIO_CB_READ|BIO_CB_RETURN)) |
|||
{ |
|||
BIO_printf(out,"read from %p [%p] (%lu bytes => %ld (0x%lX))\n", |
|||
(void *)bio,argp,(unsigned long)argi,ret,ret); |
|||
BIO_dump(out,argp,(int)ret); |
|||
return(ret); |
|||
} |
|||
else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN)) |
|||
{ |
|||
BIO_printf(out,"write to %p [%p] (%lu bytes => %ld (0x%lX))\n", |
|||
(void *)bio,argp,(unsigned long)argi,ret,ret); |
|||
BIO_dump(out,argp,(int)ret); |
|||
} |
|||
return(ret); |
|||
} |
|||
|
|||
void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret) |
|||
{ |
|||
const char *str; |
|||
int w; |
|||
|
|||
w=where& ~SSL_ST_MASK; |
|||
|
|||
if (w & SSL_ST_CONNECT) str="SSL_connect"; |
|||
else if (w & SSL_ST_ACCEPT) str="SSL_accept"; |
|||
else str="undefined"; |
|||
|
|||
if (where & SSL_CB_LOOP) |
|||
{ |
|||
BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s)); |
|||
} |
|||
else if (where & SSL_CB_ALERT) |
|||
{ |
|||
str=(where & SSL_CB_READ)?"read":"write"; |
|||
BIO_printf(bio_err,"SSL3 alert %s:%s:%s\n", |
|||
str, |
|||
SSL_alert_type_string_long(ret), |
|||
SSL_alert_desc_string_long(ret)); |
|||
} |
|||
else if (where & SSL_CB_EXIT) |
|||
{ |
|||
if (ret == 0) |
|||
BIO_printf(bio_err,"%s:failed in %s\n", |
|||
str,SSL_state_string_long(s)); |
|||
else if (ret < 0) |
|||
{ |
|||
BIO_printf(bio_err,"%s:error in %s\n", |
|||
str,SSL_state_string_long(s)); |
|||
} |
|||
} |
|||
} |
|||
|
|||
|
|||
void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg) |
|||
{ |
|||
BIO *bio = arg; |
|||
const char *str_write_p, *str_version, *str_content_type = "", *str_details1 = "", *str_details2= ""; |
|||
|
|||
str_write_p = write_p ? ">>>" : "<<<"; |
|||
|
|||
switch (version) |
|||
{ |
|||
case SSL2_VERSION: |
|||
str_version = "SSL 2.0"; |
|||
break; |
|||
case SSL3_VERSION: |
|||
str_version = "SSL 3.0 "; |
|||
break; |
|||
case TLS1_VERSION: |
|||
str_version = "TLS 1.0 "; |
|||
break; |
|||
case TLS1_1_VERSION: |
|||
str_version = "TLS 1.1 "; |
|||
break; |
|||
case TLS1_2_VERSION: |
|||
str_version = "TLS 1.2 "; |
|||
break; |
|||
case DTLS1_VERSION: |
|||
str_version = "DTLS 1.0 "; |
|||
break; |
|||
case DTLS1_BAD_VER: |
|||
str_version = "DTLS 1.0 (bad) "; |
|||
break; |
|||
default: |
|||
str_version = "???"; |
|||
} |
|||
|
|||
if (version == SSL2_VERSION) |
|||
{ |
|||
str_details1 = "???"; |
|||
|
|||
if (len > 0) |
|||
{ |
|||
switch (((const unsigned char*)buf)[0]) |
|||
{ |
|||
case 0: |
|||
str_details1 = ", ERROR:"; |
|||
str_details2 = " ???"; |
|||
if (len >= 3) |
|||
{ |
|||
unsigned err = (((const unsigned char*)buf)[1]<<8) + ((const unsigned char*)buf)[2]; |
|||
|
|||
switch (err) |
|||
{ |
|||
case 0x0001: |
|||
str_details2 = " NO-CIPHER-ERROR"; |
|||
break; |
|||
case 0x0002: |
|||
str_details2 = " NO-CERTIFICATE-ERROR"; |
|||
break; |
|||
case 0x0004: |
|||
str_details2 = " BAD-CERTIFICATE-ERROR"; |
|||
break; |
|||
case 0x0006: |
|||
str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR"; |
|||
break; |
|||
} |
|||
} |
|||
|
|||
break; |
|||
case 1: |
|||
str_details1 = ", CLIENT-HELLO"; |
|||
break; |
|||
case 2: |
|||
str_details1 = ", CLIENT-MASTER-KEY"; |
|||
break; |
|||
case 3: |
|||
str_details1 = ", CLIENT-FINISHED"; |
|||
break; |
|||
case 4: |
|||
str_details1 = ", SERVER-HELLO"; |
|||
break; |
|||
case 5: |
|||
str_details1 = ", SERVER-VERIFY"; |
|||
break; |
|||
case 6: |
|||
str_details1 = ", SERVER-FINISHED"; |
|||
break; |
|||
case 7: |
|||
str_details1 = ", REQUEST-CERTIFICATE"; |
|||
break; |
|||
case 8: |
|||
str_details1 = ", CLIENT-CERTIFICATE"; |
|||
break; |
|||
} |
|||
} |
|||
} |
|||
|
|||
if (version == SSL3_VERSION || |
|||
version == TLS1_VERSION || |
|||
version == DTLS1_VERSION || |
|||
version == DTLS1_BAD_VER) |
|||
{ |
|||
switch (content_type) |
|||
{ |
|||
case 20: |
|||
str_content_type = "ChangeCipherSpec"; |
|||
break; |
|||
case 21: |
|||
str_content_type = "Alert"; |
|||
break; |
|||
case 22: |
|||
str_content_type = "Handshake"; |
|||
break; |
|||
} |
|||
|
|||
if (content_type == 21) /* Alert */ |
|||
{ |
|||
str_details1 = ", ???"; |
|||
|
|||
if (len == 2) |
|||
{ |
|||
switch (((const unsigned char*)buf)[0]) |
|||
{ |
|||
case 1: |
|||
str_details1 = ", warning"; |
|||
break; |
|||
case 2: |
|||
str_details1 = ", fatal"; |
|||
break; |
|||
} |
|||
|
|||
str_details2 = " ???"; |
|||
switch (((const unsigned char*)buf)[1]) |
|||
{ |
|||
case 0: |
|||
str_details2 = " close_notify"; |
|||
break; |
|||
case 10: |
|||
str_details2 = " unexpected_message"; |
|||
break; |
|||
case 20: |
|||
str_details2 = " bad_record_mac"; |
|||
break; |
|||
case 21: |
|||
str_details2 = " decryption_failed"; |
|||
break; |
|||
case 22: |
|||
str_details2 = " record_overflow"; |
|||
break; |
|||
case 30: |
|||
str_details2 = " decompression_failure"; |
|||
break; |
|||
case 40: |
|||
str_details2 = " handshake_failure"; |
|||
break; |
|||
case 42: |
|||
str_details2 = " bad_certificate"; |
|||
break; |
|||
case 43: |
|||
str_details2 = " unsupported_certificate"; |
|||
break; |
|||
case 44: |
|||
str_details2 = " certificate_revoked"; |
|||
break; |
|||
case 45: |
|||
str_details2 = " certificate_expired"; |
|||
break; |
|||
case 46: |
|||
str_details2 = " certificate_unknown"; |
|||
break; |
|||
case 47: |
|||
str_details2 = " illegal_parameter"; |
|||
break; |
|||
case 48: |
|||
str_details2 = " unknown_ca"; |
|||
break; |
|||
case 49: |
|||
str_details2 = " access_denied"; |
|||
break; |
|||
case 50: |
|||
str_details2 = " decode_error"; |
|||
break; |
|||
case 51: |
|||
str_details2 = " decrypt_error"; |
|||
break; |
|||
case 60: |
|||
str_details2 = " export_restriction"; |
|||
break; |
|||
case 70: |
|||
str_details2 = " protocol_version"; |
|||
break; |
|||
case 71: |
|||
str_details2 = " insufficient_security"; |
|||
break; |
|||
case 80: |
|||
str_details2 = " internal_error"; |
|||
break; |
|||
case 90: |
|||
str_details2 = " user_canceled"; |
|||
break; |
|||
case 100: |
|||
str_details2 = " no_renegotiation"; |
|||
break; |
|||
case 110: |
|||
str_details2 = " unsupported_extension"; |
|||
break; |
|||
case 111: |
|||
str_details2 = " certificate_unobtainable"; |
|||
break; |
|||
case 112: |
|||
str_details2 = " unrecognized_name"; |
|||
break; |
|||
case 113: |
|||
str_details2 = " bad_certificate_status_response"; |
|||
break; |
|||
case 114: |
|||
str_details2 = " bad_certificate_hash_value"; |
|||
break; |
|||
case 115: |
|||
str_details2 = " unknown_psk_identity"; |
|||
break; |
|||
} |
|||
} |
|||
} |
|||
|
|||
if (content_type == 22) /* Handshake */ |
|||
{ |
|||
str_details1 = "???"; |
|||
|
|||
if (len > 0) |
|||
{ |
|||
switch (((const unsigned char*)buf)[0]) |
|||
{ |
|||
case 0: |
|||
str_details1 = ", HelloRequest"; |
|||
break; |
|||
case 1: |
|||
str_details1 = ", ClientHello"; |
|||
break; |
|||
case 2: |
|||
str_details1 = ", ServerHello"; |
|||
break; |
|||
case 3: |
|||
str_details1 = ", HelloVerifyRequest"; |
|||
break; |
|||
case 11: |
|||
str_details1 = ", Certificate"; |
|||
break; |
|||
case 12: |
|||
str_details1 = ", ServerKeyExchange"; |
|||
break; |
|||
case 13: |
|||
str_details1 = ", CertificateRequest"; |
|||
break; |
|||
case 14: |
|||
str_details1 = ", ServerHelloDone"; |
|||
break; |
|||
case 15: |
|||
str_details1 = ", CertificateVerify"; |
|||
break; |
|||
case 16: |
|||
str_details1 = ", ClientKeyExchange"; |
|||
break; |
|||
case 20: |
|||
str_details1 = ", Finished"; |
|||
break; |
|||
} |
|||
} |
|||
} |
|||
|
|||
#ifndef OPENSSL_NO_HEARTBEATS |
|||
if (content_type == 24) /* Heartbeat */ |
|||
{ |
|||
str_details1 = ", Heartbeat"; |
|||
|
|||
if (len > 0) |
|||
{ |
|||
switch (((const unsigned char*)buf)[0]) |
|||
{ |
|||
case 1: |
|||
str_details1 = ", HeartbeatRequest"; |
|||
break; |
|||
case 2: |
|||
str_details1 = ", HeartbeatResponse"; |
|||
break; |
|||
} |
|||
} |
|||
} |
|||
#endif |
|||
} |
|||
|
|||
BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, str_content_type, (unsigned long)len, str_details1, str_details2); |
|||
|
|||
if (len > 0) |
|||
{ |
|||
size_t num, i; |
|||
|
|||
BIO_printf(bio, " "); |
|||
num = len; |
|||
#if 0 |
|||
if (num > 16) |
|||
num = 16; |
|||
#endif |
|||
for (i = 0; i < num; i++) |
|||
{ |
|||
if (i % 16 == 0 && i > 0) |
|||
BIO_printf(bio, "\n "); |
|||
BIO_printf(bio, " %02x", ((const unsigned char*)buf)[i]); |
|||
} |
|||
if (i < len) |
|||
BIO_printf(bio, " ..."); |
|||
BIO_printf(bio, "\n"); |
|||
} |
|||
(void)BIO_flush(bio); |
|||
} |
|||
|
|||
void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type, |
|||
unsigned char *data, int len, |
|||
void *arg) |
|||
{ |
|||
BIO *bio = arg; |
|||
char *extname; |
|||
|
|||
switch(type) |
|||
{ |
|||
case TLSEXT_TYPE_server_name: |
|||
extname = "server name"; |
|||
break; |
|||
|
|||
case TLSEXT_TYPE_max_fragment_length: |
|||
extname = "max fragment length"; |
|||
break; |
|||
|
|||
case TLSEXT_TYPE_client_certificate_url: |
|||
extname = "client certificate URL"; |
|||
break; |
|||
|
|||
case TLSEXT_TYPE_trusted_ca_keys: |
|||
extname = "trusted CA keys"; |
|||
break; |
|||
|
|||
case TLSEXT_TYPE_truncated_hmac: |
|||
extname = "truncated HMAC"; |
|||
break; |
|||
|
|||
case TLSEXT_TYPE_status_request: |
|||
extname = "status request"; |
|||
break; |
|||
|
|||
case TLSEXT_TYPE_user_mapping: |
|||
extname = "user mapping"; |
|||
break; |
|||
|
|||
case TLSEXT_TYPE_client_authz: |
|||
extname = "client authz"; |
|||
break; |
|||
|
|||
case TLSEXT_TYPE_server_authz: |
|||
extname = "server authz"; |
|||
break; |
|||
|
|||
case TLSEXT_TYPE_cert_type: |
|||
extname = "cert type"; |
|||
break; |
|||
|
|||
case TLSEXT_TYPE_elliptic_curves: |
|||
extname = "elliptic curves"; |
|||
break; |
|||
|
|||
case TLSEXT_TYPE_ec_point_formats: |
|||
extname = "EC point formats"; |
|||
break; |
|||
|
|||
case TLSEXT_TYPE_srp: |
|||
extname = "SRP"; |
|||
break; |
|||
|
|||
case TLSEXT_TYPE_signature_algorithms: |
|||
extname = "signature algorithms"; |
|||
break; |
|||
|
|||
case TLSEXT_TYPE_use_srtp: |
|||
extname = "use SRTP"; |
|||
break; |
|||
|
|||
case TLSEXT_TYPE_heartbeat: |
|||
extname = "heartbeat"; |
|||
break; |
|||
|
|||
case TLSEXT_TYPE_session_ticket: |
|||
extname = "session ticket"; |
|||
break; |
|||
|
|||
case TLSEXT_TYPE_renegotiate: |
|||
extname = "renegotiation info"; |
|||
break; |
|||
|
|||
#ifdef TLSEXT_TYPE_opaque_prf_input |
|||
case TLSEXT_TYPE_opaque_prf_input: |
|||
extname = "opaque PRF input"; |
|||
break; |
|||
#endif |
|||
#ifdef TLSEXT_TYPE_next_proto_neg |
|||
case TLSEXT_TYPE_next_proto_neg: |
|||
extname = "next protocol"; |
|||
break; |
|||
#endif |
|||
|
|||
default: |
|||
extname = "unknown"; |
|||
break; |
|||
|
|||
} |
|||
|
|||
BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n", |
|||
client_server ? "server": "client", |
|||
extname, type, len); |
|||
BIO_dump(bio, (char *)data, len); |
|||
(void)BIO_flush(bio); |
|||
} |
|||
|
|||
int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len) |
|||
{ |
|||
unsigned char *buffer, result[EVP_MAX_MD_SIZE]; |
|||
unsigned int length, resultlength; |
|||
union { |
|||
struct sockaddr sa; |
|||
struct sockaddr_in s4; |
|||
#if OPENSSL_USE_IPV6 |
|||
struct sockaddr_in6 s6; |
|||
#endif |
|||
} peer; |
|||
|
|||
/* Initialize a random secret */ |
|||
if (!cookie_initialized) |
|||
{ |
|||
if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH)) |
|||
{ |
|||
BIO_printf(bio_err,"error setting random cookie secret\n"); |
|||
return 0; |
|||
} |
|||
cookie_initialized = 1; |
|||
} |
|||
|
|||
/* Read peer information */ |
|||
(void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); |
|||
|
|||
/* Create buffer with peer's address and port */ |
|||
length = 0; |
|||
switch (peer.sa.sa_family) |
|||
{ |
|||
case AF_INET: |
|||
length += sizeof(struct in_addr); |
|||
length += sizeof(peer.s4.sin_port); |
|||
break; |
|||
#if OPENSSL_USE_IPV6 |
|||
case AF_INET6: |
|||
length += sizeof(struct in6_addr); |
|||
length += sizeof(peer.s6.sin6_port); |
|||
break; |
|||
#endif |
|||
default: |
|||
OPENSSL_assert(0); |
|||
break; |
|||
} |
|||
buffer = OPENSSL_malloc(length); |
|||
|
|||
if (buffer == NULL) |
|||
{ |
|||
BIO_printf(bio_err,"out of memory\n"); |
|||
return 0; |
|||
} |
|||
|
|||
switch (peer.sa.sa_family) |
|||
{ |
|||
case AF_INET: |
|||
memcpy(buffer, |
|||
&peer.s4.sin_port, |
|||
sizeof(peer.s4.sin_port)); |
|||
memcpy(buffer + sizeof(peer.s4.sin_port), |
|||
&peer.s4.sin_addr, |
|||
sizeof(struct in_addr)); |
|||
break; |
|||
#if OPENSSL_USE_IPV6 |
|||
case AF_INET6: |
|||
memcpy(buffer, |
|||
&peer.s6.sin6_port, |
|||
sizeof(peer.s6.sin6_port)); |
|||
memcpy(buffer + sizeof(peer.s6.sin6_port), |
|||
&peer.s6.sin6_addr, |
|||
sizeof(struct in6_addr)); |
|||
break; |
|||
#endif |
|||
default: |
|||
OPENSSL_assert(0); |
|||
break; |
|||
} |
|||
|
|||
/* Calculate HMAC of buffer using the secret */ |
|||
HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, |
|||
buffer, length, result, &resultlength); |
|||
OPENSSL_free(buffer); |
|||
|
|||
memcpy(cookie, result, resultlength); |
|||
*cookie_len = resultlength; |
|||
|
|||
return 1; |
|||
} |
|||
|
|||
int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len) |
|||
{ |
|||
unsigned char *buffer, result[EVP_MAX_MD_SIZE]; |
|||
unsigned int length, resultlength; |
|||
union { |
|||
struct sockaddr sa; |
|||
struct sockaddr_in s4; |
|||
#if OPENSSL_USE_IPV6 |
|||
struct sockaddr_in6 s6; |
|||
#endif |
|||
} peer; |
|||
|
|||
/* If secret isn't initialized yet, the cookie can't be valid */ |
|||
if (!cookie_initialized) |
|||
return 0; |
|||
|
|||
/* Read peer information */ |
|||
(void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); |
|||
|
|||
/* Create buffer with peer's address and port */ |
|||
length = 0; |
|||
switch (peer.sa.sa_family) |
|||
{ |
|||
case AF_INET: |
|||
length += sizeof(struct in_addr); |
|||
length += sizeof(peer.s4.sin_port); |
|||
break; |
|||
#if OPENSSL_USE_IPV6 |
|||
case AF_INET6: |
|||
length += sizeof(struct in6_addr); |
|||
length += sizeof(peer.s6.sin6_port); |
|||
break; |
|||
#endif |
|||
default: |
|||
OPENSSL_assert(0); |
|||
break; |
|||
} |
|||
buffer = OPENSSL_malloc(length); |
|||
|
|||
if (buffer == NULL) |
|||
{ |
|||
BIO_printf(bio_err,"out of memory\n"); |
|||
return 0; |
|||
} |
|||
|
|||
switch (peer.sa.sa_family) |
|||
{ |
|||
case AF_INET: |
|||
memcpy(buffer, |
|||
&peer.s4.sin_port, |
|||
sizeof(peer.s4.sin_port)); |
|||
memcpy(buffer + sizeof(peer.s4.sin_port), |
|||
&peer.s4.sin_addr, |
|||
sizeof(struct in_addr)); |
|||
break; |
|||
#if OPENSSL_USE_IPV6 |
|||
case AF_INET6: |
|||
memcpy(buffer, |
|||
&peer.s6.sin6_port, |
|||
sizeof(peer.s6.sin6_port)); |
|||
memcpy(buffer + sizeof(peer.s6.sin6_port), |
|||
&peer.s6.sin6_addr, |
|||
sizeof(struct in6_addr)); |
|||
break; |
|||
#endif |
|||
default: |
|||
OPENSSL_assert(0); |
|||
break; |
|||
} |
|||
|
|||
/* Calculate HMAC of buffer using the secret */ |
|||
HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, |
|||
buffer, length, result, &resultlength); |
|||
OPENSSL_free(buffer); |
|||
|
|||
if (cookie_len == resultlength && memcmp(result, cookie, resultlength) == 0) |
|||
return 1; |
|||
|
|||
return 0; |
|||
} |
File diff suppressed because it is too large
File diff suppressed because it is too large
@ -0,0 +1,619 @@ |
|||
/* apps/s_socket.c - socket-related functions used by s_client and s_server */ |
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
|||
* All rights reserved. |
|||
* |
|||
* This package is an SSL implementation written |
|||
* by Eric Young (eay@cryptsoft.com). |
|||
* The implementation was written so as to conform with Netscapes SSL. |
|||
* |
|||
* This library is free for commercial and non-commercial use as long as |
|||
* the following conditions are aheared to. The following conditions |
|||
* apply to all code found in this distribution, be it the RC4, RSA, |
|||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
|||
* included with this distribution is covered by the same copyright terms |
|||
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
|||
* |
|||
* Copyright remains Eric Young's, and as such any Copyright notices in |
|||
* the code are not to be removed. |
|||
* If this package is used in a product, Eric Young should be given attribution |
|||
* as the author of the parts of the library used. |
|||
* This can be in the form of a textual message at program startup or |
|||
* in documentation (online or textual) provided with the package. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* 1. Redistributions of source code must retain the copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in the |
|||
* documentation and/or other materials provided with the distribution. |
|||
* 3. All advertising materials mentioning features or use of this software |
|||
* must display the following acknowledgement: |
|||
* "This product includes cryptographic software written by |
|||
* Eric Young (eay@cryptsoft.com)" |
|||
* The word 'cryptographic' can be left out if the rouines from the library |
|||
* being used are not cryptographic related :-). |
|||
* 4. If you include any Windows specific code (or a derivative thereof) from |
|||
* the apps directory (application code) you must include an acknowledgement: |
|||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|||
* SUCH DAMAGE. |
|||
* |
|||
* The licence and distribution terms for any publically available version or |
|||
* derivative of this code cannot be changed. i.e. this code cannot simply be |
|||
* copied and put under another distribution licence |
|||
* [including the GNU Public Licence.] |
|||
*/ |
|||
|
|||
#include <stdio.h> |
|||
#include <stdlib.h> |
|||
#include <string.h> |
|||
#include <errno.h> |
|||
#include <signal.h> |
|||
|
|||
#ifdef FLAT_INC |
|||
#include "e_os2.h" |
|||
#else |
|||
#include "../e_os2.h" |
|||
#endif |
|||
|
|||
/* With IPv6, it looks like Digital has mixed up the proper order of
|
|||
recursive header file inclusion, resulting in the compiler complaining |
|||
that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which |
|||
is needed to have fileno() declared correctly... So let's define u_int */ |
|||
#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT) |
|||
#define __U_INT |
|||
typedef unsigned int u_int; |
|||
#endif |
|||
|
|||
#define USE_SOCKETS |
|||
#define NON_MAIN |
|||
#include "apps.h" |
|||
#undef USE_SOCKETS |
|||
#undef NON_MAIN |
|||
#include "s_apps.h" |
|||
#include <openssl/ssl.h> |
|||
|
|||
#ifdef FLAT_INC |
|||
#include "e_os.h" |
|||
#else |
|||
#include "../e_os.h" |
|||
#endif |
|||
|
|||
#ifndef OPENSSL_NO_SOCK |
|||
|
|||
#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_BSDSOCK) |
|||
#include "netdb.h" |
|||
#endif |
|||
|
|||
static struct hostent *GetHostByName(char *name); |
|||
#if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)) |
|||
static void ssl_sock_cleanup(void); |
|||
#endif |
|||
static int ssl_sock_init(void); |
|||
static int init_client_ip(int *sock,unsigned char ip[4], int port, int type); |
|||
static int init_server(int *sock, int port, int type); |
|||
static int init_server_long(int *sock, int port,char *ip, int type); |
|||
static int do_accept(int acc_sock, int *sock, char **host); |
|||
static int host_ip(char *str, unsigned char ip[4]); |
|||
|
|||
#ifdef OPENSSL_SYS_WIN16 |
|||
#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ |
|||
#else |
|||
#define SOCKET_PROTOCOL IPPROTO_TCP |
|||
#endif |
|||
|
|||
#if defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK) |
|||
static int wsa_init_done=0; |
|||
#endif |
|||
|
|||
#ifdef OPENSSL_SYS_WINDOWS |
|||
static struct WSAData wsa_state; |
|||
static int wsa_init_done=0; |
|||
|
|||
#ifdef OPENSSL_SYS_WIN16 |
|||
static HWND topWnd=0; |
|||
static FARPROC lpTopWndProc=NULL; |
|||
static FARPROC lpTopHookProc=NULL; |
|||
extern HINSTANCE _hInstance; /* nice global CRT provides */ |
|||
|
|||
static LONG FAR PASCAL topHookProc(HWND hwnd, UINT message, WPARAM wParam, |
|||
LPARAM lParam) |
|||
{ |
|||
if (hwnd == topWnd) |
|||
{ |
|||
switch(message) |
|||
{ |
|||
case WM_DESTROY: |
|||
case WM_CLOSE: |
|||
SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopWndProc); |
|||
ssl_sock_cleanup(); |
|||
break; |
|||
} |
|||
} |
|||
return CallWindowProc(lpTopWndProc,hwnd,message,wParam,lParam); |
|||
} |
|||
|
|||
static BOOL CALLBACK enumproc(HWND hwnd,LPARAM lParam) |
|||
{ |
|||
topWnd=hwnd; |
|||
return(FALSE); |
|||
} |
|||
|
|||
#endif /* OPENSSL_SYS_WIN32 */ |
|||
#endif /* OPENSSL_SYS_WINDOWS */ |
|||
|
|||
#ifdef OPENSSL_SYS_WINDOWS |
|||
static void ssl_sock_cleanup(void) |
|||
{ |
|||
if (wsa_init_done) |
|||
{ |
|||
wsa_init_done=0; |
|||
#ifndef OPENSSL_SYS_WINCE |
|||
WSACancelBlockingCall(); |
|||
#endif |
|||
WSACleanup(); |
|||
} |
|||
} |
|||
#elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK) |
|||
static void sock_cleanup(void) |
|||
{ |
|||
if (wsa_init_done) |
|||
{ |
|||
wsa_init_done=0; |
|||
WSACleanup(); |
|||
} |
|||
} |
|||
#endif |
|||
|
|||
static int ssl_sock_init(void) |
|||
{ |
|||
#ifdef WATT32 |
|||
extern int _watt_do_exit; |
|||
_watt_do_exit = 0; |
|||
if (sock_init()) |
|||
return (0); |
|||
#elif defined(OPENSSL_SYS_WINDOWS) |
|||
if (!wsa_init_done) |
|||
{ |
|||
int err; |
|||
|
|||
#ifdef SIGINT |
|||
signal(SIGINT,(void (*)(int))ssl_sock_cleanup); |
|||
#endif |
|||
wsa_init_done=1; |
|||
memset(&wsa_state,0,sizeof(wsa_state)); |
|||
if (WSAStartup(0x0101,&wsa_state)!=0) |
|||
{ |
|||
err=WSAGetLastError(); |
|||
BIO_printf(bio_err,"unable to start WINSOCK, error code=%d\n",err); |
|||
return(0); |
|||
} |
|||
|
|||
#ifdef OPENSSL_SYS_WIN16 |
|||
EnumTaskWindows(GetCurrentTask(),enumproc,0L); |
|||
lpTopWndProc=(FARPROC)GetWindowLong(topWnd,GWL_WNDPROC); |
|||
lpTopHookProc=MakeProcInstance((FARPROC)topHookProc,_hInstance); |
|||
|
|||
SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopHookProc); |
|||
#endif /* OPENSSL_SYS_WIN16 */ |
|||
} |
|||
#elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK) |
|||
WORD wVerReq; |
|||
WSADATA wsaData; |
|||
int err; |
|||
|
|||
if (!wsa_init_done) |
|||
{ |
|||
|
|||
# ifdef SIGINT |
|||
signal(SIGINT,(void (*)(int))sock_cleanup); |
|||
# endif |
|||
|
|||
wsa_init_done=1; |
|||
wVerReq = MAKEWORD( 2, 0 ); |
|||
err = WSAStartup(wVerReq,&wsaData); |
|||
if (err != 0) |
|||
{ |
|||
BIO_printf(bio_err,"unable to start WINSOCK2, error code=%d\n",err); |
|||
return(0); |
|||
} |
|||
} |
|||
#endif /* OPENSSL_SYS_WINDOWS */ |
|||
return(1); |
|||
} |
|||
|
|||
int init_client(int *sock, char *host, int port, int type) |
|||
{ |
|||
unsigned char ip[4]; |
|||
|
|||
memset(ip, '\0', sizeof ip); |
|||
if (!host_ip(host,&(ip[0]))) |
|||
return 0; |
|||
return init_client_ip(sock,ip,port,type); |
|||
} |
|||
|
|||
static int init_client_ip(int *sock, unsigned char ip[4], int port, int type) |
|||
{ |
|||
unsigned long addr; |
|||
struct sockaddr_in them; |
|||
int s,i; |
|||
|
|||
if (!ssl_sock_init()) return(0); |
|||
|
|||
memset((char *)&them,0,sizeof(them)); |
|||
them.sin_family=AF_INET; |
|||
them.sin_port=htons((unsigned short)port); |
|||
addr=(unsigned long) |
|||
((unsigned long)ip[0]<<24L)| |
|||
((unsigned long)ip[1]<<16L)| |
|||
((unsigned long)ip[2]<< 8L)| |
|||
((unsigned long)ip[3]); |
|||
them.sin_addr.s_addr=htonl(addr); |
|||
|
|||
if (type == SOCK_STREAM) |
|||
s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); |
|||
else /* ( type == SOCK_DGRAM) */ |
|||
s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP); |
|||
|
|||
if (s == INVALID_SOCKET) { perror("socket"); return(0); } |
|||
|
|||
#if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE) |
|||
if (type == SOCK_STREAM) |
|||
{ |
|||
i=0; |
|||
i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i)); |
|||
if (i < 0) { perror("keepalive"); return(0); } |
|||
} |
|||
#endif |
|||
|
|||
if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1) |
|||
{ closesocket(s); perror("connect"); return(0); } |
|||
*sock=s; |
|||
return(1); |
|||
} |
|||
|
|||
int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context) |
|||
{ |
|||
int sock; |
|||
char *name = NULL; |
|||
int accept_socket = 0; |
|||
int i; |
|||
|
|||
if (!init_server(&accept_socket,port,type)) return(0); |
|||
|
|||
if (ret != NULL) |
|||
{ |
|||
*ret=accept_socket; |
|||
/* return(1);*/ |
|||
} |
|||
for (;;) |
|||
{ |
|||
if (type==SOCK_STREAM) |
|||
{ |
|||
if (do_accept(accept_socket,&sock,&name) == 0) |
|||
{ |
|||
SHUTDOWN(accept_socket); |
|||
return(0); |
|||
} |
|||
} |
|||
else |
|||
sock = accept_socket; |
|||
i=(*cb)(name,sock, context); |
|||
if (name != NULL) OPENSSL_free(name); |
|||
if (type==SOCK_STREAM) |
|||
SHUTDOWN2(sock); |
|||
if (i < 0) |
|||
{ |
|||
SHUTDOWN2(accept_socket); |
|||
return(i); |
|||
} |
|||
} |
|||
} |
|||
|
|||
static int init_server_long(int *sock, int port, char *ip, int type) |
|||
{ |
|||
int ret=0; |
|||
struct sockaddr_in server; |
|||
int s= -1; |
|||
|
|||
if (!ssl_sock_init()) return(0); |
|||
|
|||
memset((char *)&server,0,sizeof(server)); |
|||
server.sin_family=AF_INET; |
|||
server.sin_port=htons((unsigned short)port); |
|||
if (ip == NULL) |
|||
server.sin_addr.s_addr=INADDR_ANY; |
|||
else |
|||
/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */ |
|||
#ifndef BIT_FIELD_LIMITS |
|||
memcpy(&server.sin_addr.s_addr,ip,4); |
|||
#else |
|||
memcpy(&server.sin_addr,ip,4); |
|||
#endif |
|||
|
|||
if (type == SOCK_STREAM) |
|||
s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); |
|||
else /* type == SOCK_DGRAM */ |
|||
s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP); |
|||
|
|||
if (s == INVALID_SOCKET) goto err; |
|||
#if defined SOL_SOCKET && defined SO_REUSEADDR |
|||
{ |
|||
int j = 1; |
|||
setsockopt(s, SOL_SOCKET, SO_REUSEADDR, |
|||
(void *) &j, sizeof j); |
|||
} |
|||
#endif |
|||
if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1) |
|||
{ |
|||
#ifndef OPENSSL_SYS_WINDOWS |
|||
perror("bind"); |
|||
#endif |
|||
goto err; |
|||
} |
|||
/* Make it 128 for linux */ |
|||
if (type==SOCK_STREAM && listen(s,128) == -1) goto err; |
|||
*sock=s; |
|||
ret=1; |
|||
err: |
|||
if ((ret == 0) && (s != -1)) |
|||
{ |
|||
SHUTDOWN(s); |
|||
} |
|||
return(ret); |
|||
} |
|||
|
|||
static int init_server(int *sock, int port, int type) |
|||
{ |
|||
return(init_server_long(sock, port, NULL, type)); |
|||
} |
|||
|
|||
static int do_accept(int acc_sock, int *sock, char **host) |
|||
{ |
|||
int ret; |
|||
struct hostent *h1,*h2; |
|||
static struct sockaddr_in from; |
|||
int len; |
|||
/* struct linger ling; */ |
|||
|
|||
if (!ssl_sock_init()) return(0); |
|||
|
|||
#ifndef OPENSSL_SYS_WINDOWS |
|||
redoit: |
|||
#endif |
|||
|
|||
memset((char *)&from,0,sizeof(from)); |
|||
len=sizeof(from); |
|||
/* Note: under VMS with SOCKETSHR the fourth parameter is currently
|
|||
* of type (int *) whereas under other systems it is (void *) if |
|||
* you don't have a cast it will choke the compiler: if you do |
|||
* have a cast then you can either go for (int *) or (void *). |
|||
*/ |
|||
ret=accept(acc_sock,(struct sockaddr *)&from,(void *)&len); |
|||
if (ret == INVALID_SOCKET) |
|||
{ |
|||
#if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)) |
|||
int i; |
|||
i=WSAGetLastError(); |
|||
BIO_printf(bio_err,"accept error %d\n",i); |
|||
#else |
|||
if (errno == EINTR) |
|||
{ |
|||
/*check_timeout(); */ |
|||
goto redoit; |
|||
} |
|||
fprintf(stderr,"errno=%d ",errno); |
|||
perror("accept"); |
|||
#endif |
|||
return(0); |
|||
} |
|||
|
|||
/*
|
|||
ling.l_onoff=1; |
|||
ling.l_linger=0; |
|||
i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling)); |
|||
if (i < 0) { perror("linger"); return(0); } |
|||
i=0; |
|||
i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i)); |
|||
if (i < 0) { perror("keepalive"); return(0); } |
|||
*/ |
|||
|
|||
if (host == NULL) goto end; |
|||
#ifndef BIT_FIELD_LIMITS |
|||
/* I should use WSAAsyncGetHostByName() under windows */ |
|||
h1=gethostbyaddr((char *)&from.sin_addr.s_addr, |
|||
sizeof(from.sin_addr.s_addr),AF_INET); |
|||
#else |
|||
h1=gethostbyaddr((char *)&from.sin_addr, |
|||
sizeof(struct in_addr),AF_INET); |
|||
#endif |
|||
if (h1 == NULL) |
|||
{ |
|||
BIO_printf(bio_err,"bad gethostbyaddr\n"); |
|||
*host=NULL; |
|||
/* return(0); */ |
|||
} |
|||
else |
|||
{ |
|||
if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL) |
|||
{ |
|||
perror("OPENSSL_malloc"); |
|||
return(0); |
|||
} |
|||
BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1); |
|||
|
|||
h2=GetHostByName(*host); |
|||
if (h2 == NULL) |
|||
{ |
|||
BIO_printf(bio_err,"gethostbyname failure\n"); |
|||
return(0); |
|||
} |
|||
if (h2->h_addrtype != AF_INET) |
|||
{ |
|||
BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n"); |
|||
return(0); |
|||
} |
|||
} |
|||
end: |
|||
*sock=ret; |
|||
return(1); |
|||
} |
|||
|
|||
int extract_host_port(char *str, char **host_ptr, unsigned char *ip, |
|||
short *port_ptr) |
|||
{ |
|||
char *h,*p; |
|||
|
|||
h=str; |
|||
p=strchr(str,':'); |
|||
if (p == NULL) |
|||
{ |
|||
BIO_printf(bio_err,"no port defined\n"); |
|||
return(0); |
|||
} |
|||
*(p++)='\0'; |
|||
|
|||
if ((ip != NULL) && !host_ip(str,ip)) |
|||
goto err; |
|||
if (host_ptr != NULL) *host_ptr=h; |
|||
|
|||
if (!extract_port(p,port_ptr)) |
|||
goto err; |
|||
return(1); |
|||
err: |
|||
return(0); |
|||
} |
|||
|
|||
static int host_ip(char *str, unsigned char ip[4]) |
|||
{ |
|||
unsigned int in[4]; |
|||
int i; |
|||
|
|||
if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4) |
|||
{ |
|||
for (i=0; i<4; i++) |
|||
if (in[i] > 255) |
|||
{ |
|||
BIO_printf(bio_err,"invalid IP address\n"); |
|||
goto err; |
|||
} |
|||
ip[0]=in[0]; |
|||
ip[1]=in[1]; |
|||
ip[2]=in[2]; |
|||
ip[3]=in[3]; |
|||
} |
|||
else |
|||
{ /* do a gethostbyname */ |
|||
struct hostent *he; |
|||
|
|||
if (!ssl_sock_init()) return(0); |
|||
|
|||
he=GetHostByName(str); |
|||
if (he == NULL) |
|||
{ |
|||
BIO_printf(bio_err,"gethostbyname failure\n"); |
|||
goto err; |
|||
} |
|||
/* cast to short because of win16 winsock definition */ |
|||
if ((short)he->h_addrtype != AF_INET) |
|||
{ |
|||
BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n"); |
|||
return(0); |
|||
} |
|||
ip[0]=he->h_addr_list[0][0]; |
|||
ip[1]=he->h_addr_list[0][1]; |
|||
ip[2]=he->h_addr_list[0][2]; |
|||
ip[3]=he->h_addr_list[0][3]; |
|||
} |
|||
return(1); |
|||
err: |
|||
return(0); |
|||
} |
|||
|
|||
int extract_port(char *str, short *port_ptr) |
|||
{ |
|||
int i; |
|||
struct servent *s; |
|||
|
|||
i=atoi(str); |
|||
if (i != 0) |
|||
*port_ptr=(unsigned short)i; |
|||
else |
|||
{ |
|||
s=getservbyname(str,"tcp"); |
|||
if (s == NULL) |
|||
{ |
|||
BIO_printf(bio_err,"getservbyname failure for %s\n",str); |
|||
return(0); |
|||
} |
|||
*port_ptr=ntohs((unsigned short)s->s_port); |
|||
} |
|||
return(1); |
|||
} |
|||
|
|||
#define GHBN_NUM 4 |
|||
static struct ghbn_cache_st |
|||
{ |
|||
char name[128]; |
|||
struct hostent ent; |
|||
unsigned long order; |
|||
} ghbn_cache[GHBN_NUM]; |
|||
|
|||
static unsigned long ghbn_hits=0L; |
|||
static unsigned long ghbn_miss=0L; |
|||
|
|||
static struct hostent *GetHostByName(char *name) |
|||
{ |
|||
struct hostent *ret; |
|||
int i,lowi=0; |
|||
unsigned long low= (unsigned long)-1; |
|||
|
|||
for (i=0; i<GHBN_NUM; i++) |
|||
{ |
|||
if (low > ghbn_cache[i].order) |
|||
{ |
|||
low=ghbn_cache[i].order; |
|||
lowi=i; |
|||
} |
|||
if (ghbn_cache[i].order > 0) |
|||
{ |
|||
if (strncmp(name,ghbn_cache[i].name,128) == 0) |
|||
break; |
|||
} |
|||
} |
|||
if (i == GHBN_NUM) /* no hit*/ |
|||
{ |
|||
ghbn_miss++; |
|||
ret=gethostbyname(name); |
|||
if (ret == NULL) return(NULL); |
|||
/* else add to cache */ |
|||
if(strlen(name) < sizeof ghbn_cache[0].name) |
|||
{ |
|||
strcpy(ghbn_cache[lowi].name,name); |
|||
memcpy((char *)&(ghbn_cache[lowi].ent),ret,sizeof(struct hostent)); |
|||
ghbn_cache[lowi].order=ghbn_miss+ghbn_hits; |
|||
} |
|||
return(ret); |
|||
} |
|||
else |
|||
{ |
|||
ghbn_hits++; |
|||
ret= &(ghbn_cache[i].ent); |
|||
ghbn_cache[i].order=ghbn_miss+ghbn_hits; |
|||
return(ret); |
|||
} |
|||
} |
|||
|
|||
#endif |
@ -0,0 +1,632 @@ |
|||
/* apps/s_time.c */ |
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
|||
* All rights reserved. |
|||
* |
|||
* This package is an SSL implementation written |
|||
* by Eric Young (eay@cryptsoft.com). |
|||
* The implementation was written so as to conform with Netscapes SSL. |
|||
* |
|||
* This library is free for commercial and non-commercial use as long as |
|||
* the following conditions are aheared to. The following conditions |
|||
* apply to all code found in this distribution, be it the RC4, RSA, |
|||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
|||
* included with this distribution is covered by the same copyright terms |
|||
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
|||
* |
|||
* Copyright remains Eric Young's, and as such any Copyright notices in |
|||
* the code are not to be removed. |
|||
* If this package is used in a product, Eric Young should be given attribution |
|||
* as the author of the parts of the library used. |
|||
* This can be in the form of a textual message at program startup or |
|||
* in documentation (online or textual) provided with the package. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* 1. Redistributions of source code must retain the copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in the |
|||
* documentation and/or other materials provided with the distribution. |
|||
* 3. All advertising materials mentioning features or use of this software |
|||
* must display the following acknowledgement: |
|||
* "This product includes cryptographic software written by |
|||
* Eric Young (eay@cryptsoft.com)" |
|||
* The word 'cryptographic' can be left out if the rouines from the library |
|||
* being used are not cryptographic related :-). |
|||
* 4. If you include any Windows specific code (or a derivative thereof) from |
|||
* the apps directory (application code) you must include an acknowledgement: |
|||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|||
* SUCH DAMAGE. |
|||
* |
|||
* The licence and distribution terms for any publically available version or |
|||
* derivative of this code cannot be changed. i.e. this code cannot simply be |
|||
* copied and put under another distribution licence |
|||
* [including the GNU Public Licence.] |
|||
*/ |
|||
|
|||
#define NO_SHUTDOWN |
|||
|
|||
/*-----------------------------------------
|
|||
s_time - SSL client connection timer program |
|||
Written and donated by Larry Streepy <streepy@healthcare.com> |
|||
-----------------------------------------*/ |
|||
|
|||
#include <stdio.h> |
|||
#include <stdlib.h> |
|||
#include <string.h> |
|||
|
|||
#define USE_SOCKETS |
|||
#include "apps.h" |
|||
#ifdef OPENSSL_NO_STDIO |
|||
#define APPS_WIN16 |
|||
#endif |
|||
#include <openssl/x509.h> |
|||
#include <openssl/ssl.h> |
|||
#include <openssl/pem.h> |
|||
#include "s_apps.h" |
|||
#include <openssl/err.h> |
|||
#ifdef WIN32_STUFF |
|||
#include "winmain.h" |
|||
#include "wintext.h" |
|||
#endif |
|||
#if !defined(OPENSSL_SYS_MSDOS) |
|||
#include OPENSSL_UNISTD |
|||
#endif |
|||
|
|||
#undef PROG |
|||
#define PROG s_time_main |
|||
|
|||
#undef ioctl |
|||
#define ioctl ioctlsocket |
|||
|
|||
#define SSL_CONNECT_NAME "localhost:4433" |
|||
|
|||
/*#define TEST_CERT "client.pem" */ /* no default cert. */ |
|||
|
|||
#undef BUFSIZZ |
|||
#define BUFSIZZ 1024*10 |
|||
|
|||
#define MYBUFSIZ 1024*8 |
|||
|
|||
#undef min |
|||
#undef max |
|||
#define min(a,b) (((a) < (b)) ? (a) : (b)) |
|||
#define max(a,b) (((a) > (b)) ? (a) : (b)) |
|||
|
|||
#undef SECONDS |
|||
#define SECONDS 30 |
|||
extern int verify_depth; |
|||
extern int verify_error; |
|||
|
|||
static void s_time_usage(void); |
|||
static int parseArgs( int argc, char **argv ); |
|||
static SSL *doConnection( SSL *scon ); |
|||
static void s_time_init(void); |
|||
|
|||
/***********************************************************************
|
|||
* Static data declarations |
|||
*/ |
|||
|
|||
/* static char *port=PORT_STR;*/ |
|||
static char *host=SSL_CONNECT_NAME; |
|||
static char *t_cert_file=NULL; |
|||
static char *t_key_file=NULL; |
|||
static char *CApath=NULL; |
|||
static char *CAfile=NULL; |
|||
static char *tm_cipher=NULL; |
|||
static int tm_verify = SSL_VERIFY_NONE; |
|||
static int maxTime = SECONDS; |
|||
static SSL_CTX *tm_ctx=NULL; |
|||
static const SSL_METHOD *s_time_meth=NULL; |
|||
static char *s_www_path=NULL; |
|||
static long bytes_read=0; |
|||
static int st_bugs=0; |
|||
static int perform=0; |
|||
#ifdef FIONBIO |
|||
static int t_nbio=0; |
|||
#endif |
|||
#ifdef OPENSSL_SYS_WIN32 |
|||
static int exitNow = 0; /* Set when it's time to exit main */ |
|||
#endif |
|||
|
|||
static void s_time_init(void) |
|||
{ |
|||
host=SSL_CONNECT_NAME; |
|||
t_cert_file=NULL; |
|||
t_key_file=NULL; |
|||
CApath=NULL; |
|||
CAfile=NULL; |
|||
tm_cipher=NULL; |
|||
tm_verify = SSL_VERIFY_NONE; |
|||
maxTime = SECONDS; |
|||
tm_ctx=NULL; |
|||
s_time_meth=NULL; |
|||
s_www_path=NULL; |
|||
bytes_read=0; |
|||
st_bugs=0; |
|||
perform=0; |
|||
|
|||
#ifdef FIONBIO |
|||
t_nbio=0; |
|||
#endif |
|||
#ifdef OPENSSL_SYS_WIN32 |
|||
exitNow = 0; /* Set when it's time to exit main */ |
|||
#endif |
|||
} |
|||
|
|||
/***********************************************************************
|
|||
* usage - display usage message |
|||
*/ |
|||
static void s_time_usage(void) |
|||
{ |
|||
static char umsg[] = "\
|
|||
-time arg - max number of seconds to collect data, default %d\n\ |
|||
-verify arg - turn on peer certificate verification, arg == depth\n\ |
|||
-cert arg - certificate file to use, PEM format assumed\n\ |
|||
-key arg - RSA file to use, PEM format assumed, key is in cert file\n\ |
|||
file if not specified by this option\n\ |
|||
-CApath arg - PEM format directory of CA's\n\ |
|||
-CAfile arg - PEM format file of CA's\n\ |
|||
-cipher - preferred cipher to use, play with 'openssl ciphers'\n\n"; |
|||
|
|||
printf( "usage: s_time <args>\n\n" ); |
|||
|
|||
printf("-connect host:port - host:port to connect to (default is %s)\n",SSL_CONNECT_NAME); |
|||
#ifdef FIONBIO |
|||
printf("-nbio - Run with non-blocking IO\n"); |
|||
printf("-ssl2 - Just use SSLv2\n"); |
|||
printf("-ssl3 - Just use SSLv3\n"); |
|||
printf("-bugs - Turn on SSL bug compatibility\n"); |
|||
printf("-new - Just time new connections\n"); |
|||
printf("-reuse - Just time connection reuse\n"); |
|||
printf("-www page - Retrieve 'page' from the site\n"); |
|||
#endif |
|||
printf( umsg,SECONDS ); |
|||
} |
|||
|
|||
/***********************************************************************
|
|||
* parseArgs - Parse command line arguments and initialize data |
|||
* |
|||
* Returns 0 if ok, -1 on bad args |
|||
*/ |
|||
static int parseArgs(int argc, char **argv) |
|||
{ |
|||
int badop = 0; |
|||
|
|||
verify_depth=0; |
|||
verify_error=X509_V_OK; |
|||
|
|||
argc--; |
|||
argv++; |
|||
|
|||
while (argc >= 1) { |
|||
if (strcmp(*argv,"-connect") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
host= *(++argv); |
|||
} |
|||
#if 0 |
|||
else if( strcmp(*argv,"-host") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
host= *(++argv); |
|||
} |
|||
else if( strcmp(*argv,"-port") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
port= *(++argv); |
|||
} |
|||
#endif |
|||
else if (strcmp(*argv,"-reuse") == 0) |
|||
perform=2; |
|||
else if (strcmp(*argv,"-new") == 0) |
|||
perform=1; |
|||
else if( strcmp(*argv,"-verify") == 0) { |
|||
|
|||
tm_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE; |
|||
if (--argc < 1) goto bad; |
|||
verify_depth=atoi(*(++argv)); |
|||
BIO_printf(bio_err,"verify depth is %d\n",verify_depth); |
|||
|
|||
} else if( strcmp(*argv,"-cert") == 0) { |
|||
|
|||
if (--argc < 1) goto bad; |
|||
t_cert_file= *(++argv); |
|||
|
|||
} else if( strcmp(*argv,"-key") == 0) { |
|||
|
|||
if (--argc < 1) goto bad; |
|||
t_key_file= *(++argv); |
|||
|
|||
} else if( strcmp(*argv,"-CApath") == 0) { |
|||
|
|||
if (--argc < 1) goto bad; |
|||
CApath= *(++argv); |
|||
|
|||
} else if( strcmp(*argv,"-CAfile") == 0) { |
|||
|
|||
if (--argc < 1) goto bad; |
|||
CAfile= *(++argv); |
|||
|
|||
} else if( strcmp(*argv,"-cipher") == 0) { |
|||
|
|||
if (--argc < 1) goto bad; |
|||
tm_cipher= *(++argv); |
|||
} |
|||
#ifdef FIONBIO |
|||
else if(strcmp(*argv,"-nbio") == 0) { |
|||
t_nbio=1; |
|||
} |
|||
#endif |
|||
else if(strcmp(*argv,"-www") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
s_www_path= *(++argv); |
|||
if(strlen(s_www_path) > MYBUFSIZ-100) |
|||
{ |
|||
BIO_printf(bio_err,"-www option too long\n"); |
|||
badop=1; |
|||
} |
|||
} |
|||
else if(strcmp(*argv,"-bugs") == 0) |
|||
st_bugs=1; |
|||
#ifndef OPENSSL_NO_SSL2 |
|||
else if(strcmp(*argv,"-ssl2") == 0) |
|||
s_time_meth=SSLv2_client_method(); |
|||
#endif |
|||
#ifndef OPENSSL_NO_SSL3 |
|||
else if(strcmp(*argv,"-ssl3") == 0) |
|||
s_time_meth=SSLv3_client_method(); |
|||
#endif |
|||
else if( strcmp(*argv,"-time") == 0) { |
|||
|
|||
if (--argc < 1) goto bad; |
|||
maxTime= atoi(*(++argv)); |
|||
} |
|||
else { |
|||
BIO_printf(bio_err,"unknown option %s\n",*argv); |
|||
badop=1; |
|||
break; |
|||
} |
|||
|
|||
argc--; |
|||
argv++; |
|||
} |
|||
|
|||
if (perform == 0) perform=3; |
|||
|
|||
if(badop) { |
|||
bad: |
|||
s_time_usage(); |
|||
return -1; |
|||
} |
|||
|
|||
return 0; /* Valid args */ |
|||
} |
|||
|
|||
/***********************************************************************
|
|||
* TIME - time functions |
|||
*/ |
|||
#define START 0 |
|||
#define STOP 1 |
|||
|
|||
static double tm_Time_F(int s) |
|||
{ |
|||
return app_tminterval(s,1); |
|||
} |
|||
|
|||
/***********************************************************************
|
|||
* MAIN - main processing area for client |
|||
* real name depends on MONOLITH |
|||
*/ |
|||
int MAIN(int, char **); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
double totalTime = 0.0; |
|||
int nConn = 0; |
|||
SSL *scon=NULL; |
|||
long finishtime=0; |
|||
int ret=1,i; |
|||
MS_STATIC char buf[1024*8]; |
|||
int ver; |
|||
|
|||
apps_startup(); |
|||
s_time_init(); |
|||
|
|||
if (bio_err == NULL) |
|||
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); |
|||
|
|||
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) |
|||
s_time_meth=SSLv23_client_method(); |
|||
#elif !defined(OPENSSL_NO_SSL3) |
|||
s_time_meth=SSLv3_client_method(); |
|||
#elif !defined(OPENSSL_NO_SSL2) |
|||
s_time_meth=SSLv2_client_method(); |
|||
#endif |
|||
|
|||
/* parse the command line arguments */ |
|||
if( parseArgs( argc, argv ) < 0 ) |
|||
goto end; |
|||
|
|||
OpenSSL_add_ssl_algorithms(); |
|||
if ((tm_ctx=SSL_CTX_new(s_time_meth)) == NULL) return(1); |
|||
|
|||
SSL_CTX_set_quiet_shutdown(tm_ctx,1); |
|||
|
|||
if (st_bugs) SSL_CTX_set_options(tm_ctx,SSL_OP_ALL); |
|||
SSL_CTX_set_cipher_list(tm_ctx,tm_cipher); |
|||
if(!set_cert_stuff(tm_ctx,t_cert_file,t_key_file)) |
|||
goto end; |
|||
|
|||
SSL_load_error_strings(); |
|||
|
|||
if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) || |
|||
(!SSL_CTX_set_default_verify_paths(tm_ctx))) |
|||
{ |
|||
/* BIO_printf(bio_err,"error setting default verify locations\n"); */ |
|||
ERR_print_errors(bio_err); |
|||
/* goto end; */ |
|||
} |
|||
|
|||
if (tm_cipher == NULL) |
|||
tm_cipher = getenv("SSL_CIPHER"); |
|||
|
|||
if (tm_cipher == NULL ) { |
|||
fprintf( stderr, "No CIPHER specified\n" ); |
|||
} |
|||
|
|||
if (!(perform & 1)) goto next; |
|||
printf( "Collecting connection statistics for %d seconds\n", maxTime ); |
|||
|
|||
/* Loop and time how long it takes to make connections */ |
|||
|
|||
bytes_read=0; |
|||
finishtime=(long)time(NULL)+maxTime; |
|||
tm_Time_F(START); |
|||
for (;;) |
|||
{ |
|||
if (finishtime < (long)time(NULL)) break; |
|||
#ifdef WIN32_STUFF |
|||
|
|||
if( flushWinMsgs(0) == -1 ) |
|||
goto end; |
|||
|
|||
if( waitingToDie || exitNow ) /* we're dead */ |
|||
goto end; |
|||
#endif |
|||
|
|||
if( (scon = doConnection( NULL )) == NULL ) |
|||
goto end; |
|||
|
|||
if (s_www_path != NULL) |
|||
{ |
|||
BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); |
|||
SSL_write(scon,buf,strlen(buf)); |
|||
while ((i=SSL_read(scon,buf,sizeof(buf))) > 0) |
|||
bytes_read+=i; |
|||
} |
|||
|
|||
#ifdef NO_SHUTDOWN |
|||
SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); |
|||
#else |
|||
SSL_shutdown(scon); |
|||
#endif |
|||
SHUTDOWN2(SSL_get_fd(scon)); |
|||
|
|||
nConn += 1; |
|||
if (SSL_session_reused(scon)) |
|||
ver='r'; |
|||
else |
|||
{ |
|||
ver=SSL_version(scon); |
|||
if (ver == TLS1_VERSION) |
|||
ver='t'; |
|||
else if (ver == SSL3_VERSION) |
|||
ver='3'; |
|||
else if (ver == SSL2_VERSION) |
|||
ver='2'; |
|||
else |
|||
ver='*'; |
|||
} |
|||
fputc(ver,stdout); |
|||
fflush(stdout); |
|||
|
|||
SSL_free( scon ); |
|||
scon=NULL; |
|||
} |
|||
totalTime += tm_Time_F(STOP); /* Add the time for this iteration */ |
|||
|
|||
i=(int)((long)time(NULL)-finishtime+maxTime); |
|||
printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read); |
|||
printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn); |
|||
|
|||
/* Now loop and time connections using the same session id over and over */ |
|||
|
|||
next: |
|||
if (!(perform & 2)) goto end; |
|||
printf( "\n\nNow timing with session id reuse.\n" ); |
|||
|
|||
/* Get an SSL object so we can reuse the session id */ |
|||
if( (scon = doConnection( NULL )) == NULL ) |
|||
{ |
|||
fprintf( stderr, "Unable to get connection\n" ); |
|||
goto end; |
|||
} |
|||
|
|||
if (s_www_path != NULL) |
|||
{ |
|||
BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); |
|||
SSL_write(scon,buf,strlen(buf)); |
|||
while (SSL_read(scon,buf,sizeof(buf)) > 0) |
|||
; |
|||
} |
|||
#ifdef NO_SHUTDOWN |
|||
SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); |
|||
#else |
|||
SSL_shutdown(scon); |
|||
#endif |
|||
SHUTDOWN2(SSL_get_fd(scon)); |
|||
|
|||
nConn = 0; |
|||
totalTime = 0.0; |
|||
|
|||
finishtime=(long)time(NULL)+maxTime; |
|||
|
|||
printf( "starting\n" ); |
|||
bytes_read=0; |
|||
tm_Time_F(START); |
|||
|
|||
for (;;) |
|||
{ |
|||
if (finishtime < (long)time(NULL)) break; |
|||
|
|||
#ifdef WIN32_STUFF |
|||
if( flushWinMsgs(0) == -1 ) |
|||
goto end; |
|||
|
|||
if( waitingToDie || exitNow ) /* we're dead */ |
|||
goto end; |
|||
#endif |
|||
|
|||
if( (doConnection( scon )) == NULL ) |
|||
goto end; |
|||
|
|||
if (s_www_path) |
|||
{ |
|||
BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); |
|||
SSL_write(scon,buf,strlen(buf)); |
|||
while ((i=SSL_read(scon,buf,sizeof(buf))) > 0) |
|||
bytes_read+=i; |
|||
} |
|||
|
|||
#ifdef NO_SHUTDOWN |
|||
SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); |
|||
#else |
|||
SSL_shutdown(scon); |
|||
#endif |
|||
SHUTDOWN2(SSL_get_fd(scon)); |
|||
|
|||
nConn += 1; |
|||
if (SSL_session_reused(scon)) |
|||
ver='r'; |
|||
else |
|||
{ |
|||
ver=SSL_version(scon); |
|||
if (ver == TLS1_VERSION) |
|||
ver='t'; |
|||
else if (ver == SSL3_VERSION) |
|||
ver='3'; |
|||
else if (ver == SSL2_VERSION) |
|||
ver='2'; |
|||
else |
|||
ver='*'; |
|||
} |
|||
fputc(ver,stdout); |
|||
fflush(stdout); |
|||
} |
|||
totalTime += tm_Time_F(STOP); /* Add the time for this iteration*/ |
|||
|
|||
|
|||
printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read); |
|||
printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn); |
|||
|
|||
ret=0; |
|||
end: |
|||
if (scon != NULL) SSL_free(scon); |
|||
|
|||
if (tm_ctx != NULL) |
|||
{ |
|||
SSL_CTX_free(tm_ctx); |
|||
tm_ctx=NULL; |
|||
} |
|||
apps_shutdown(); |
|||
OPENSSL_EXIT(ret); |
|||
} |
|||
|
|||
/***********************************************************************
|
|||
* doConnection - make a connection |
|||
* Args: |
|||
* scon = earlier ssl connection for session id, or NULL |
|||
* Returns: |
|||
* SSL * = the connection pointer. |
|||
*/ |
|||
static SSL *doConnection(SSL *scon) |
|||
{ |
|||
BIO *conn; |
|||
SSL *serverCon; |
|||
int width, i; |
|||
fd_set readfds; |
|||
|
|||
if ((conn=BIO_new(BIO_s_connect())) == NULL) |
|||
return(NULL); |
|||
|
|||
/* BIO_set_conn_port(conn,port);*/ |
|||
BIO_set_conn_hostname(conn,host); |
|||
|
|||
if (scon == NULL) |
|||
serverCon=SSL_new(tm_ctx); |
|||
else |
|||
{ |
|||
serverCon=scon; |
|||
SSL_set_connect_state(serverCon); |
|||
} |
|||
|
|||
SSL_set_bio(serverCon,conn,conn); |
|||
|
|||
#if 0 |
|||
if( scon != NULL ) |
|||
SSL_set_session(serverCon,SSL_get_session(scon)); |
|||
#endif |
|||
|
|||
/* ok, lets connect */ |
|||
for(;;) { |
|||
i=SSL_connect(serverCon); |
|||
if (BIO_sock_should_retry(i)) |
|||
{ |
|||
BIO_printf(bio_err,"DELAY\n"); |
|||
|
|||
i=SSL_get_fd(serverCon); |
|||
width=i+1; |
|||
FD_ZERO(&readfds); |
|||
openssl_fdset(i,&readfds); |
|||
/* Note: under VMS with SOCKETSHR the 2nd parameter
|
|||
* is currently of type (int *) whereas under other |
|||
* systems it is (void *) if you don't have a cast it |
|||
* will choke the compiler: if you do have a cast then |
|||
* you can either go for (int *) or (void *). |
|||
*/ |
|||
select(width,(void *)&readfds,NULL,NULL,NULL); |
|||
continue; |
|||
} |
|||
break; |
|||
} |
|||
if(i <= 0) |
|||
{ |
|||
BIO_printf(bio_err,"ERROR\n"); |
|||
if (verify_error != X509_V_OK) |
|||
BIO_printf(bio_err,"verify error:%s\n", |
|||
X509_verify_cert_error_string(verify_error)); |
|||
else |
|||
ERR_print_errors(bio_err); |
|||
if (scon == NULL) |
|||
SSL_free(serverCon); |
|||
return NULL; |
|||
} |
|||
|
|||
return serverCon; |
|||
} |
|||
|
|||
|
@ -0,0 +1,52 @@ |
|||
subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Server Cert |
|||
issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA |
|||
-----BEGIN CERTIFICATE----- |
|||
MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6zMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV |
|||
BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT |
|||
VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt |
|||
ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZDELMAkG |
|||
A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU |
|||
RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgU2VydmVyIENlcnQw |
|||
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzhPOSNtyyRspmeuUpxfNJ |
|||
KCLTuf7g3uQ4zu4iHOmRO5TQci+HhVlLZrHF9XqFXcIP0y4pWDbMSGuiorUmzmfi |
|||
R7bfSdI/+qIQt8KXRH6HNG1t8ou0VSvWId5TS5Dq/er5ODUr9OaaDva7EquHIcMv |
|||
vPQGuI+OEAcnleVCy9HVEIySrO4P3CNIicnGkwwiAud05yUAq/gPXBC1hTtmlPD7 |
|||
TVcGVSEiJdvzqqlgv02qedGrkki6GY4S7GjZxrrf7Foc2EP+51LJzwLQx3/JfrCU |
|||
41NEWAsu/Sl0tQabXESN+zJ1pDqoZ3uHMgpQjeGiE0olr+YcsSW/tJmiU9OiAr8R |
|||
AgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJYIZI |
|||
AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW |
|||
BBSCvM8AABPR9zklmifnr9LvIBturDAfBgNVHSMEGDAWgBQ2w2yI55X+sL3szj49 |
|||
hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEAqb1NV0B0/pbpK9Z4/bNjzPQLTRLK |
|||
WnSNm/Jh5v0GEUOE/Beg7GNjNrmeNmqxAlpqWz9qoeoFZax+QBpIZYjROU3TS3fp |
|||
yLsrnlr0CDQ5R7kCCDGa8dkXxemmpZZLbUCpW2Uoy8sAA4JjN9OtsZY7dvUXFgJ7 |
|||
vVNTRnI01ghknbtD+2SxSQd3CWF6QhcRMAzZJ1z1cbbwGDDzfvGFPzJ+Sq+zEPds |
|||
xoVLLSetCiBc+40ZcDS5dV98h9XD7JMTQfxzA7mNGv73JoZJA6nFgj+ADSlJsY/t |
|||
JBv+z1iQRueoh9Qeee+ZbRifPouCB8FDx+AltvHTANdAq0t/K3o+pplMVA== |
|||
-----END CERTIFICATE----- |
|||
-----BEGIN RSA PRIVATE KEY----- |
|||
MIIEpAIBAAKCAQEA84TzkjbcskbKZnrlKcXzSSgi07n+4N7kOM7uIhzpkTuU0HIv |
|||
h4VZS2axxfV6hV3CD9MuKVg2zEhroqK1Js5n4ke230nSP/qiELfCl0R+hzRtbfKL |
|||
tFUr1iHeU0uQ6v3q+Tg1K/Tmmg72uxKrhyHDL7z0BriPjhAHJ5XlQsvR1RCMkqzu |
|||
D9wjSInJxpMMIgLndOclAKv4D1wQtYU7ZpTw+01XBlUhIiXb86qpYL9NqnnRq5JI |
|||
uhmOEuxo2ca63+xaHNhD/udSyc8C0Md/yX6wlONTRFgLLv0pdLUGm1xEjfsydaQ6 |
|||
qGd7hzIKUI3hohNKJa/mHLElv7SZolPTogK/EQIDAQABAoIBAADq9FwNtuE5IRQn |
|||
zGtO4q7Y5uCzZ8GDNYr9RKp+P2cbuWDbvVAecYq2NV9QoIiWJOAYZKklOvekIju3 |
|||
r0UZLA0PRiIrTg6NrESx3JrjWDK8QNlUO7CPTZ39/K+FrmMkV9lem9yxjJjyC34D |
|||
AQB+YRTx+l14HppjdxNwHjAVQpIx/uO2F5xAMuk32+3K+pq9CZUtrofe1q4Agj9R |
|||
5s8mSy9pbRo9kW9wl5xdEotz1LivFOEiqPUJTUq5J5PeMKao3vdK726XI4Z455Nm |
|||
W2/MA0YV0ug2FYinHcZdvKM6dimH8GLfa3X8xKRfzjGjTiMSwsdjgMa4awY3tEHH |
|||
674jhAECgYEA/zqMrc0zsbNk83sjgaYIug5kzEpN4ic020rSZsmQxSCerJTgNhmg |
|||
utKSCt0Re09Jt3LqG48msahX8ycqDsHNvlEGPQSbMu9IYeO3Wr3fAm75GEtFWePY |
|||
BhM73I7gkRt4s8bUiUepMG/wY45c5tRF23xi8foReHFFe9MDzh8fJFECgYEA9EFX |
|||
4qAik1pOJGNei9BMwmx0I0gfVEIgu0tzeVqT45vcxbxr7RkTEaDoAG6PlbWP6D9a |
|||
WQNLp4gsgRM90ZXOJ4up5DsAWDluvaF4/omabMA+MJJ5kGZ0gCj5rbZbKqUws7x8 |
|||
bp+6iBfUPJUbcqNqFmi/08Yt7vrDnMnyMw2A/sECgYEAiiuRMxnuzVm34hQcsbhH |
|||
6ymVqf7j0PW2qK0F4H1ocT9qhzWFd+RB3kHWrCjnqODQoI6GbGr/4JepHUpre1ex |
|||
4UEN5oSS3G0ru0rC3U4C59dZ5KwDHFm7ffZ1pr52ljfQDUsrjjIMRtuiwNK2OoRa |
|||
WSsqiaL+SDzSB+nBmpnAizECgYBdt/y6rerWUx4MhDwwtTnel7JwHyo2MDFS6/5g |
|||
n8qC2Lj6/fMDRE22w+CA2esp7EJNQJGv+b27iFpbJEDh+/Lf5YzIT4MwVskQ5bYB |
|||
JFcmRxUVmf4e09D7o705U/DjCgMH09iCsbLmqQ38ONIRSHZaJtMDtNTHD1yi+jF+ |
|||
OT43gQKBgQC/2OHZoko6iRlNOAQ/tMVFNq7fL81GivoQ9F1U0Qr+DH3ZfaH8eIkX |
|||
xT0ToMPJUzWAn8pZv0snA0um6SIgvkCuxO84OkANCVbttzXImIsL7pFzfcwV/ERK |
|||
UM6j0ZuSMFOCr/lGPAoOQU0fskidGEHi1/kW+suSr28TqsyYZpwBDQ== |
|||
-----END RSA PRIVATE KEY----- |
@ -0,0 +1 @@ |
|||
01 |
@ -0,0 +1,52 @@ |
|||
subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Server Cert #2 |
|||
issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA |
|||
-----BEGIN CERTIFICATE----- |
|||
MIID6jCCAtKgAwIBAgIJALnu1NlVpZ60MA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV |
|||
BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT |
|||
VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt |
|||
ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZzELMAkG |
|||
A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU |
|||
RVNUSU5HIFBVUlBPU0VTIE9OTFkxHDAaBgNVBAMME1Rlc3QgU2VydmVyIENlcnQg |
|||
IzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrdi7j9yctG+L4EjBy |
|||
gjPmEqZzOJEQba26MoQGzglU7e5Xf59Rb/hgVQuKAoiZe7/R8rK4zJ4W7iXdXw0L |
|||
qBpyG8B5aGKeI32w+A9TcBApoXXL2CrYQEQjZwUIpLlYBIi2NkJj3nVkq5dgl1gO |
|||
ALiQ+W8jg3kzg5Ec9rimp9r93N8wsSL3awsafurmYCvOf7leHaMP1WJ/zDRGUNHG |
|||
/WtDjXc8ZUG1+6EXU9Jc2Fs+2Omf7fcN0l00AK/wPg8OaNS0rKyGq9JdIT9FRGV1 |
|||
bXe/rx58FaE5CItdwCSYhJvF/O95LWQoxJXye5bCFLmvDTEyVq9FMSCptfsmbXjE |
|||
ZGsXAgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJ |
|||
YIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud |
|||
DgQWBBR52UaWWTKzZGDH/X4mWNcuqeQVazAfBgNVHSMEGDAWgBQ2w2yI55X+sL3s |
|||
zj49hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEANBW+XYLlHBqVY/31ie+3gRlS |
|||
LPfy4SIqn0t3RJjagT29MXprblBO2cbMO8VGjkQdKGpmMXjxbht2arOOUXRHX4n/ |
|||
XTyn/QHEf0bcwIITMReO3DZUPAEw8hSjn9xEOM0IRVOCP+mH5fi74QzzQaZVCyYg |
|||
5VtLKdww/+sc0nCbKl2KWgDluriH0nfVx95qgW3mg9dhXRr0zmf1w2zkBHYpARYL |
|||
Dew6Z8EE4tS3HJu8/qM6meWzNtrfonQ3eiiMxjZBxzV46jchBwa2z9XYhP6AmpPb |
|||
oeTSzcQNbWsxaGYzWo46oLDUZmJOwSBawbS31bZNMCoPIY6ukoesCzFSsUKZww== |
|||
-----END CERTIFICATE----- |
|||
-----BEGIN RSA PRIVATE KEY----- |
|||
MIIEowIBAAKCAQEA63Yu4/cnLRvi+BIwcoIz5hKmcziREG2tujKEBs4JVO3uV3+f |
|||
UW/4YFULigKImXu/0fKyuMyeFu4l3V8NC6gachvAeWhiniN9sPgPU3AQKaF1y9gq |
|||
2EBEI2cFCKS5WASItjZCY951ZKuXYJdYDgC4kPlvI4N5M4ORHPa4pqfa/dzfMLEi |
|||
92sLGn7q5mArzn+5Xh2jD9Vif8w0RlDRxv1rQ413PGVBtfuhF1PSXNhbPtjpn+33 |
|||
DdJdNACv8D4PDmjUtKyshqvSXSE/RURldW13v68efBWhOQiLXcAkmISbxfzveS1k |
|||
KMSV8nuWwhS5rw0xMlavRTEgqbX7Jm14xGRrFwIDAQABAoIBAHLsTPihIfLnYIE5 |
|||
x4GsQQ5zXeBw5ITDM37ktwHnQDC+rIzyUl1aLD1AZRBoKinXd4lOTqLZ4/NHKx4A |
|||
DYr58mZtWyUmqLOMmQVuHXTZBlp7XtYuXMMNovQwjQlp9LicBeoBU6gQ5PVMtubD |
|||
F4xGF89Sn0cTHW3iMkqTtQ5KcR1j57OcJO0FEb1vPvk2MXI5ZyAatUYE7YacbEzd |
|||
rg02uIwx3FqNSkuSI79uz4hMdV5TPtuhxx9nTwj9aLUhXFeZ0mn2PVgVzEnnMoJb |
|||
+znlsZDgzDlJqdaD744YGWh8Z3OEssB35KfzFcdOeO6yH8lmv2Zfznk7pNPT7LTb |
|||
Lae9VgkCgYEA92p1qnAB3NtJtNcaW53i0S5WJgS1hxWKvUDx3lTB9s8X9fHpqL1a |
|||
E94fDfWzp/hax6FefUKIvBOukPLQ6bYjTMiFoOHzVirghAIuIUoMI5VtLhwD1hKs |
|||
Lr7l/dptMgKb1nZHyXoKHRBthsy3K4+udsPi8TzMvYElgEqyQIe/Rk0CgYEA86GL |
|||
8HC6zLszzKERDPBxrboRmoFvVUCTQDhsfj1M8aR3nQ8V5LkdIJc7Wqm/Ggfk9QRf |
|||
rJ8M2WUMlU5CNnCn/KCrKzCNZIReze3fV+HnKdbcXGLvgbHPrhnz8yYehUFG+RGq |
|||
bVyDWRU94T38izy2s5qMYrMJWZEYyXncSPbfcPMCgYAtaXfxcZ+V5xYPQFARMtiX |
|||
5nZfggvDoJuXgx0h3tK/N2HBfcaSdzbaYLG4gTmZggc/jwnl2dl5E++9oSPhUdIG |
|||
3ONSFUbxsOsGr9PBvnKd8WZZyUCXAVRjPBzAzF+whzQNWCZy/5htnz9LN7YDI9s0 |
|||
5113Q96cheDZPFydZY0hHQKBgQDVbEhNukM5xCiNcu+f2SaMnLp9EjQ4h5g3IvaP |
|||
5B16daw/Dw8LzcohWboqIxeAsze0GD/D1ZUJAEd0qBjC3g+a9BjefervCjKOzXng |
|||
38mEUm+6EwVjJSQcjSmycEs+Sr/kwr/8i5WYvU32+jk4tFgMoC+o6tQe/Uesf68k |
|||
z/dPVwKBgGbF7Vv1/3SmhlOy+zYyvJ0CrWtKxH9QP6tLIEgEpd8x7YTSuCH94yok |
|||
kToMXYA3sWNPt22GbRDZ+rcp4c7HkDx6I6vpdP9aQEwJTp0EPy0sgWr2XwYmreIQ |
|||
NFmkk8Itn9EY2R9VBaP7GLv5kvwxDdLAnmwGmzVtbmaVdxCaBwUk |
|||
-----END RSA PRIVATE KEY----- |
Some files were not shown because too many files changed in this diff
Loading…
Reference in new issue