diff options
| author | kris <kris@FreeBSD.org> | 2000-01-10 06:22:05 +0000 |
|---|---|---|
| committer | kris <kris@FreeBSD.org> | 2000-01-10 06:22:05 +0000 |
| commit | 2e467dc342d6641955ef59a1a671ff929444d45b (patch) | |
| tree | b5683ff3d44c93978826763313683673904c6bd9 /crypto/openssl/apps | |
| parent | e829abb179a8846d90fb31e1bcab4ea0aec4590f (diff) | |
| download | FreeBSD-src-2e467dc342d6641955ef59a1a671ff929444d45b.zip FreeBSD-src-2e467dc342d6641955ef59a1a671ff929444d45b.tar.gz | |
Initial import of OpenSSL 0.9.4, sans IDEA and RSA code for patent
infringement reasons.
Diffstat (limited to 'crypto/openssl/apps')
87 files changed, 21394 insertions, 0 deletions
diff --git a/crypto/openssl/apps/CA.pl b/crypto/openssl/apps/CA.pl new file mode 100755 index 0000000..7c023ae --- /dev/null +++ b/crypto/openssl/apps/CA.pl @@ -0,0 +1,153 @@ +#!/usr/local/bin/perl +# +# CA - wrapper around ca to make it easier to use ... basically ca requires +# some setup stuff to be done before you can use it and this makes +# things easier between now and when Eric is convinced to fix it :-) +# +# CA -newca ... will setup the right stuff +# CA -newreq ... will generate a certificate request +# CA -sign ... will sign the generated request and output +# +# At the end of that grab newreq.pem and newcert.pem (one has the key +# and the other the certificate) and cat them together and that is what +# you want/need ... I'll make even this a little cleaner later. +# +# +# 12-Jan-96 tjh Added more things ... including CA -signcert which +# converts a certificate to a request and then signs it. +# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG +# environment variable so this can be driven from +# a script. +# 25-Jul-96 eay Cleaned up filenames some more. +# 11-Jun-96 eay Fixed a few filename missmatches. +# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'. +# 18-Apr-96 tjh Original hacking +# +# Tim Hudson +# tjh@cryptsoft.com +# + +# 27-Apr-98 snh Translation into perl, fix existing CA bug. +# +# +# Steve Henson +# shenson@bigfoot.com + +# default openssl.cnf file has setup as per the following +# demoCA ... where everything is stored + +$DAYS="-days 365"; +$REQ="openssl req $SSLEAY_CONFIG"; +$CA="openssl ca $SSLEAY_CONFIG"; +$VERIFY="openssl verify"; +$X509="openssl x509"; + +$CATOP="./demoCA"; +$CAKEY="cakey.pem"; +$CACERT="cacert.pem"; + +$DIRMODE = 0777; + +$RET = 0; + +foreach (@ARGV) { + if ( /^(-\?|-h|-help)$/ ) { + print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n"; + exit 0; + } elsif (/^-newcert$/) { + # create a certificate + system ("$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS"); + $RET=$?; + print "Certificate (and private key) is in newreq.pem\n" + } elsif (/^-newreq$/) { + # create a certificate request + system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS"); + $RET=$?; + print "Request (and private key) is in newreq.pem\n"; + } elsif (/^-newca$/) { + # if explictly asked for or it doesn't exist then setup the + # directory structure that Eric likes to manage things + $NEW="1"; + if ( "$NEW" || ! -f "${CATOP}/serial" ) { + # create the directory hierarchy + mkdir $CATOP, $DIRMODE; + mkdir "${CATOP}/certs", $DIRMODE; + mkdir "${CATOP}/crl", $DIRMODE ; + mkdir "${CATOP}/newcerts", $DIRMODE; + mkdir "${CATOP}/private", $DIRMODE; + open OUT, ">${CATOP}/serial"; + print OUT "01\n"; + close OUT; + open OUT, ">${CATOP}/index.txt"; + close OUT; + } + if ( ! -f "${CATOP}/private/$CAKEY" ) { + print "CA certificate filename (or enter to create)\n"; + $FILE = <STDIN>; + + chop $FILE; + + # ask user for existing CA certificate + if ($FILE) { + cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE"); + cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE"); + $RET=$?; + } else { + print "Making CA certificate ...\n"; + system ("$REQ -new -x509 -keyout " . + "${CATOP}/private/$CAKEY -out ${CATOP}/$CACERT $DAYS"); + $RET=$?; + } + } + } elsif (/^-xsign$/) { + system ("$CA -policy policy_anything -infiles newreq.pem"); + $RET=$?; + } elsif (/^(-sign|-signreq)$/) { + system ("$CA -policy policy_anything -out newcert.pem " . + "-infiles newreq.pem"); + $RET=$?; + print "Signed certificate is in newcert.pem\n"; + } elsif (/^-signcert$/) { + system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " . + "-out tmp.pem"); + system ("$CA -policy policy_anything -out newcert.pem " . + "-infiles tmp.pem"); + $RET = $?; + print "Signed certificate is in newcert.pem\n"; + } elsif (/^-verify$/) { + if (shift) { + foreach $j (@ARGV) { + system ("$VERIFY -CAfile $CATOP/$CACERT $j"); + $RET=$? if ($? != 0); + } + exit $RET; + } else { + system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem"); + $RET=$?; + exit 0; + } + } else { + print STDERR "Unknown arg $_\n"; + print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n"; + exit 1; + } +} + +exit $RET; + +sub cp_pem { +my ($infile, $outfile, $bound) = @_; +open IN, $infile; +open OUT, ">$outfile"; +my $flag = 0; +while (<IN>) { + $flag = 1 if (/^-----BEGIN.*$bound/) ; + print OUT $_ if ($flag); + if (/^-----END.*$bound/) { + close IN; + close OUT; + return; + } +} +} + diff --git a/crypto/openssl/apps/CA.sh b/crypto/openssl/apps/CA.sh new file mode 100644 index 0000000..728f5bf --- /dev/null +++ b/crypto/openssl/apps/CA.sh @@ -0,0 +1,132 @@ +#!/bin/sh +# +# CA - wrapper around ca to make it easier to use ... basically ca requires +# some setup stuff to be done before you can use it and this makes +# things easier between now and when Eric is convinced to fix it :-) +# +# CA -newca ... will setup the right stuff +# CA -newreq ... will generate a certificate request +# CA -sign ... will sign the generated request and output +# +# At the end of that grab newreq.pem and newcert.pem (one has the key +# and the other the certificate) and cat them together and that is what +# you want/need ... I'll make even this a little cleaner later. +# +# +# 12-Jan-96 tjh Added more things ... including CA -signcert which +# converts a certificate to a request and then signs it. +# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG +# environment variable so this can be driven from +# a script. +# 25-Jul-96 eay Cleaned up filenames some more. +# 11-Jun-96 eay Fixed a few filename missmatches. +# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'. +# 18-Apr-96 tjh Original hacking +# +# Tim Hudson +# tjh@cryptsoft.com +# + +# default openssl.cnf file has setup as per the following +# demoCA ... where everything is stored + +DAYS="-days 365" +REQ="openssl req $SSLEAY_CONFIG" +CA="openssl ca $SSLEAY_CONFIG" +VERIFY="openssl verify" +X509="openssl x509" + +CATOP=./demoCA +CAKEY=./cakey.pem +CACERT=./cacert.pem + +for i +do +case $i in +-\?|-h|-help) + echo "usage: CA -newcert|-newreq|-newca|-sign|-verify" >&2 + exit 0 + ;; +-newcert) + # create a certificate + $REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS + RET=$? + echo "Certificate (and private key) is in newreq.pem" + ;; +-newreq) + # create a certificate request + $REQ -new -keyout newreq.pem -out newreq.pem $DAYS + RET=$? + echo "Request (and private key) is in newreq.pem" + ;; +-newca) + # if explictly asked for or it doesn't exist then setup the directory + # structure that Eric likes to manage things + NEW="1" + if [ "$NEW" -o ! -f ${CATOP}/serial ]; then + # create the directory hierarchy + mkdir ${CATOP} + mkdir ${CATOP}/certs + mkdir ${CATOP}/crl + mkdir ${CATOP}/newcerts + mkdir ${CATOP}/private + echo "01" > ${CATOP}/serial + touch ${CATOP}/index.txt + fi + if [ ! -f ${CATOP}/private/$CAKEY ]; then + echo "CA certificate filename (or enter to create)" + read FILE + + # ask user for existing CA certificate + if [ "$FILE" ]; then + cp $FILE ${CATOP}/private/$CAKEY + RET=$? + else + echo "Making CA certificate ..." + $REQ -new -x509 -keyout ${CATOP}/private/$CAKEY \ + -out ${CATOP}/$CACERT $DAYS + RET=$? + fi + fi + ;; +-xsign) + $CA -policy policy_anything -infiles newreq.pem + RET=$? + ;; +-sign|-signreq) + $CA -policy policy_anything -out newcert.pem -infiles newreq.pem + RET=$? + cat newcert.pem + echo "Signed certificate is in newcert.pem" + ;; +-signcert) + echo "Cert passphrase will be requested twice - bug?" + $X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem + $CA -policy policy_anything -out newcert.pem -infiles tmp.pem + cat newcert.pem + echo "Signed certificate is in newcert.pem" + ;; +-verify) + shift + if [ -z "$1" ]; then + $VERIFY -CAfile $CATOP/$CACERT newcert.pem + RET=$? + else + for j + do + $VERIFY -CAfile $CATOP/$CACERT $j + if [ $? != 0 ]; then + RET=$? + fi + done + fi + exit 0 + ;; +*) + echo "Unknown arg $i"; + exit 1 + ;; +esac +done +exit $RET + diff --git a/crypto/openssl/apps/Makefile.ssl b/crypto/openssl/apps/Makefile.ssl new file mode 100644 index 0000000..8363ec9 --- /dev/null +++ b/crypto/openssl/apps/Makefile.ssl @@ -0,0 +1,727 @@ +# +# apps/Makefile.ssl +# + +DIR= apps +TOP= .. +CC= cc +INCLUDES= -I../include +CFLAG= -g -static +INSTALL_PREFIX= +INSTALLTOP= /usr/local/ssl +OPENSSLDIR= /usr/local/ssl +MAKE= make -f Makefile.ssl +MAKEDEPEND= $(TOP)/util/domd $(TOP) +MAKEFILE= Makefile.ssl +RM= rm -f + +PEX_LIBS= +EX_LIBS= + +CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG) + +GENERAL=Makefile makeapps.com install.com + +DLIBCRYPTO=../libcrypto.a +DLIBSSL=../libssl.a +LIBCRYPTO=-L.. -lcrypto +LIBSSL=-L.. -lssl + +PROGRAM= openssl + +SCRIPTS=CA.sh CA.pl der_chop + +EXE= $(PROGRAM) + +E_EXE= verify asn1pars req dgst dh enc gendh errstr ca crl \ + rsa dsa dsaparam \ + x509 genrsa gendsa s_server s_client speed \ + s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \ + pkcs8 + +PROGS= $(PROGRAM).c + +A_OBJ=apps.o +A_SRC=apps.c +S_OBJ= s_cb.o s_socket.o +S_SRC= s_cb.c s_socket.c + +E_OBJ= verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o \ + pkcs7.o crl2p7.o crl.o \ + rsa.o dsa.o dsaparam.o \ + x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \ + s_time.o $(A_OBJ) $(S_OBJ) version.o sess_id.o \ + ciphers.o nseq.o pkcs12.o pkcs8.o + +# pem_mail.o + +E_SRC= verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c \ + pkcs7.c crl2p7.c crl.c \ + rsa.c dsa.c dsaparam.c \ + x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \ + s_time.c $(A_SRC) $(S_SRC) version.c sess_id.c \ + ciphers.c nseq.c pkcs12.c pkcs8.c + +# pem_mail.c + +SRC=$(E_SRC) + +EXHEADER= +HEADER= apps.h progs.h s_apps.h \ + testdsa.h testrsa.h \ + $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + @(cd ..; $(MAKE) DIRS=$(DIR) all) + +all: exe + +exe: $(EXE) + +req: sreq.o $(A_OBJ) $(DLIBCRYPTO) + $(CC) -o req $(CFLAG) sreq.o $(A_OBJ) $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +sreq.o: req.c + $(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c + +files: + $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + +install: + @for i in $(EXE); \ + do \ + (echo installing $$i; \ + cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \ + chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \ + done; + @for i in $(SCRIPTS); \ + do \ + (echo installing $$i; \ + cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i; \ + chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \ + done + @cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR); \ + chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf + +tags: + ctags $(SRC) + +tests: + +links: + @$(TOP)/util/point.sh Makefile.ssl Makefile + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(SRC) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) + rm -f req + +$(DLIBSSL): + (cd ../ssl; $(MAKE)) + +$(DLIBCRYPTO): + (cd ../crypto; $(MAKE)) + +$(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL) + $(RM) $(PROGRAM) + $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS) + @(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs) + +progs.h: + $(PERL) ./progs.pl $(E_EXE) >progs.h + $(RM) $(PROGRAM).o + +# DO NOT DELETE THIS LINE -- make depend depends on it. + +apps.o: ../include/openssl/bio.h ../include/openssl/buffer.h +apps.o: ../include/openssl/crypto.h ../include/openssl/e_os.h +apps.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h +apps.o: ../include/openssl/opensslv.h ../include/openssl/stack.h apps.h progs.h +asn1pars.o: ../include/openssl/asn1.h ../include/openssl/bio.h +asn1pars.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +asn1pars.o: ../include/openssl/buffer.h ../include/openssl/cast.h +asn1pars.o: ../include/openssl/crypto.h ../include/openssl/des.h +asn1pars.o: ../include/openssl/dh.h ../include/openssl/dsa.h +asn1pars.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +asn1pars.o: ../include/openssl/err.h ../include/openssl/evp.h +asn1pars.o: ../include/openssl/idea.h ../include/openssl/md2.h +asn1pars.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +asn1pars.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +asn1pars.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +asn1pars.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +asn1pars.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +asn1pars.o: ../include/openssl/sha.h ../include/openssl/stack.h +asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +asn1pars.o: progs.h +ca.o: ../include/openssl/asn1.h ../include/openssl/bio.h +ca.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +ca.o: ../include/openssl/buffer.h ../include/openssl/cast.h +ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h +ca.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h +ca.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +ca.o: ../include/openssl/err.h ../include/openssl/evp.h +ca.o: ../include/openssl/idea.h ../include/openssl/lhash.h +ca.o: ../include/openssl/md2.h ../include/openssl/md5.h +ca.o: ../include/openssl/mdc2.h ../include/openssl/objects.h +ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ca.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +ca.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +ca.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +ca.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ca.o: ../include/openssl/stack.h ../include/openssl/txt_db.h +ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ca.o: ../include/openssl/x509v3.h apps.h progs.h +ciphers.o: ../include/openssl/asn1.h ../include/openssl/bio.h +ciphers.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +ciphers.o: ../include/openssl/buffer.h ../include/openssl/cast.h +ciphers.o: ../include/openssl/crypto.h ../include/openssl/des.h +ciphers.o: ../include/openssl/dh.h ../include/openssl/dsa.h +ciphers.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h +ciphers.o: ../include/openssl/idea.h ../include/openssl/lhash.h +ciphers.o: ../include/openssl/md2.h ../include/openssl/md5.h +ciphers.o: ../include/openssl/mdc2.h ../include/openssl/objects.h +ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +ciphers.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +ciphers.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ciphers.o: ../include/openssl/stack.h ../include/openssl/tls1.h +ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +ciphers.o: progs.h +crl.o: ../include/openssl/asn1.h ../include/openssl/bio.h +crl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +crl.o: ../include/openssl/buffer.h ../include/openssl/cast.h +crl.o: ../include/openssl/conf.h ../include/openssl/crypto.h +crl.o: ../include/openssl/des.h ../include/openssl/dh.h +crl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h +crl.o: ../include/openssl/e_os2.h ../include/openssl/err.h +crl.o: ../include/openssl/evp.h ../include/openssl/idea.h +crl.o: ../include/openssl/lhash.h ../include/openssl/md2.h +crl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +crl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +crl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +crl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +crl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +crl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +crl.o: ../include/openssl/sha.h ../include/openssl/stack.h +crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +crl.o: ../include/openssl/x509v3.h apps.h progs.h +crl2p7.o: ../include/openssl/asn1.h ../include/openssl/bio.h +crl2p7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +crl2p7.o: ../include/openssl/buffer.h ../include/openssl/cast.h +crl2p7.o: ../include/openssl/crypto.h ../include/openssl/des.h +crl2p7.o: ../include/openssl/dh.h ../include/openssl/dsa.h +crl2p7.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +crl2p7.o: ../include/openssl/err.h ../include/openssl/evp.h +crl2p7.o: ../include/openssl/idea.h ../include/openssl/md2.h +crl2p7.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +crl2p7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +crl2p7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +crl2p7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +crl2p7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +crl2p7.o: ../include/openssl/sha.h ../include/openssl/stack.h +crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +crl2p7.o: progs.h +dgst.o: ../include/openssl/asn1.h ../include/openssl/bio.h +dgst.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +dgst.o: ../include/openssl/buffer.h ../include/openssl/cast.h +dgst.o: ../include/openssl/crypto.h ../include/openssl/des.h +dgst.o: ../include/openssl/dh.h ../include/openssl/dsa.h +dgst.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +dgst.o: ../include/openssl/err.h ../include/openssl/evp.h +dgst.o: ../include/openssl/idea.h ../include/openssl/md2.h +dgst.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +dgst.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +dgst.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +dgst.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +dgst.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +dgst.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h +dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h +dh.o: ../include/openssl/asn1.h ../include/openssl/bio.h +dh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +dh.o: ../include/openssl/buffer.h ../include/openssl/cast.h +dh.o: ../include/openssl/crypto.h ../include/openssl/des.h +dh.o: ../include/openssl/dh.h ../include/openssl/dsa.h +dh.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +dh.o: ../include/openssl/err.h ../include/openssl/evp.h +dh.o: ../include/openssl/idea.h ../include/openssl/md2.h +dh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +dh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +dh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +dh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +dh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +dh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +dh.o: ../include/openssl/sha.h ../include/openssl/stack.h +dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h +dsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h +dsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +dsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h +dsa.o: ../include/openssl/crypto.h ../include/openssl/des.h +dsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h +dsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +dsa.o: ../include/openssl/err.h ../include/openssl/evp.h +dsa.o: ../include/openssl/idea.h ../include/openssl/md2.h +dsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +dsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +dsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +dsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +dsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +dsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +dsa.o: ../include/openssl/sha.h ../include/openssl/stack.h +dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h +dsaparam.o: ../include/openssl/asn1.h ../include/openssl/bio.h +dsaparam.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +dsaparam.o: ../include/openssl/buffer.h ../include/openssl/cast.h +dsaparam.o: ../include/openssl/crypto.h ../include/openssl/des.h +dsaparam.o: ../include/openssl/dh.h ../include/openssl/dsa.h +dsaparam.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +dsaparam.o: ../include/openssl/err.h ../include/openssl/evp.h +dsaparam.o: ../include/openssl/idea.h ../include/openssl/md2.h +dsaparam.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +dsaparam.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +dsaparam.o: ../include/openssl/rand.h ../include/openssl/rc2.h +dsaparam.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +dsaparam.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h +dsaparam.o: ../include/openssl/stack.h ../include/openssl/x509.h +dsaparam.o: ../include/openssl/x509_vfy.h apps.h progs.h +enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h +enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h +enc.o: ../include/openssl/crypto.h ../include/openssl/des.h +enc.o: ../include/openssl/dh.h ../include/openssl/dsa.h +enc.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +enc.o: ../include/openssl/err.h ../include/openssl/evp.h +enc.o: ../include/openssl/idea.h ../include/openssl/md2.h +enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +enc.o: ../include/openssl/sha.h ../include/openssl/stack.h +enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h +errstr.o: ../include/openssl/asn1.h ../include/openssl/bio.h +errstr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +errstr.o: ../include/openssl/buffer.h ../include/openssl/cast.h +errstr.o: ../include/openssl/crypto.h ../include/openssl/des.h +errstr.o: ../include/openssl/dh.h ../include/openssl/dsa.h +errstr.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +errstr.o: ../include/openssl/err.h ../include/openssl/evp.h +errstr.o: ../include/openssl/idea.h ../include/openssl/lhash.h +errstr.o: ../include/openssl/md2.h ../include/openssl/md5.h +errstr.o: ../include/openssl/mdc2.h ../include/openssl/objects.h +errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h +errstr.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +errstr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +errstr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h +errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +errstr.o: ../include/openssl/stack.h ../include/openssl/tls1.h +errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +errstr.o: progs.h +gendh.o: ../include/openssl/asn1.h ../include/openssl/bio.h +gendh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +gendh.o: ../include/openssl/buffer.h ../include/openssl/cast.h +gendh.o: ../include/openssl/crypto.h ../include/openssl/des.h +gendh.o: ../include/openssl/dh.h ../include/openssl/dsa.h +gendh.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +gendh.o: ../include/openssl/err.h ../include/openssl/evp.h +gendh.o: ../include/openssl/idea.h ../include/openssl/md2.h +gendh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +gendh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +gendh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +gendh.o: ../include/openssl/rand.h ../include/openssl/rc2.h +gendh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +gendh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h +gendh.o: ../include/openssl/stack.h ../include/openssl/x509.h +gendh.o: ../include/openssl/x509_vfy.h apps.h progs.h +gendsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h +gendsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +gendsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h +gendsa.o: ../include/openssl/crypto.h ../include/openssl/des.h +gendsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h +gendsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h +gendsa.o: ../include/openssl/idea.h ../include/openssl/md2.h +gendsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +gendsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +gendsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +gendsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h +gendsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +gendsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h +gendsa.o: ../include/openssl/stack.h ../include/openssl/x509.h +gendsa.o: ../include/openssl/x509_vfy.h apps.h progs.h +genrsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h +genrsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +genrsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h +genrsa.o: ../include/openssl/crypto.h ../include/openssl/des.h +genrsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h +genrsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +genrsa.o: ../include/openssl/err.h ../include/openssl/evp.h +genrsa.o: ../include/openssl/idea.h ../include/openssl/md2.h +genrsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +genrsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +genrsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +genrsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h +genrsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +genrsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h +genrsa.o: ../include/openssl/stack.h ../include/openssl/x509.h +genrsa.o: ../include/openssl/x509_vfy.h apps.h progs.h +nseq.o: ../include/openssl/asn1.h ../include/openssl/bio.h +nseq.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +nseq.o: ../include/openssl/buffer.h ../include/openssl/cast.h +nseq.o: ../include/openssl/crypto.h ../include/openssl/des.h +nseq.o: ../include/openssl/dh.h ../include/openssl/dsa.h +nseq.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +nseq.o: ../include/openssl/err.h ../include/openssl/evp.h +nseq.o: ../include/openssl/idea.h ../include/openssl/md2.h +nseq.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +nseq.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +nseq.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +nseq.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +nseq.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +nseq.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +nseq.o: ../include/openssl/sha.h ../include/openssl/stack.h +nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h +openssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h +openssl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +openssl.o: ../include/openssl/buffer.h ../include/openssl/cast.h +openssl.o: ../include/openssl/conf.h ../include/openssl/crypto.h +openssl.o: ../include/openssl/des.h ../include/openssl/dh.h +openssl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h +openssl.o: ../include/openssl/e_os2.h ../include/openssl/err.h +openssl.o: ../include/openssl/evp.h ../include/openssl/idea.h +openssl.o: ../include/openssl/lhash.h ../include/openssl/md2.h +openssl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +openssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +openssl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +openssl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +openssl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +openssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h +openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +openssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h +openssl.o: ../include/openssl/x509_vfy.h apps.h progs.h s_apps.h +pkcs12.o: ../include/openssl/asn1.h ../include/openssl/bio.h +pkcs12.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +pkcs12.o: ../include/openssl/buffer.h ../include/openssl/cast.h +pkcs12.o: ../include/openssl/crypto.h ../include/openssl/des.h +pkcs12.o: ../include/openssl/dh.h ../include/openssl/dsa.h +pkcs12.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h +pkcs12.o: ../include/openssl/idea.h ../include/openssl/md2.h +pkcs12.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +pkcs12.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h +pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +pkcs12.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +pkcs12.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +pkcs12.o: ../include/openssl/safestack.h ../include/openssl/sha.h +pkcs12.o: ../include/openssl/stack.h ../include/openssl/x509.h +pkcs12.o: ../include/openssl/x509_vfy.h apps.h progs.h +pkcs7.o: ../include/openssl/asn1.h ../include/openssl/bio.h +pkcs7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +pkcs7.o: ../include/openssl/buffer.h ../include/openssl/cast.h +pkcs7.o: ../include/openssl/crypto.h ../include/openssl/des.h +pkcs7.o: ../include/openssl/dh.h ../include/openssl/dsa.h +pkcs7.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h +pkcs7.o: ../include/openssl/idea.h ../include/openssl/md2.h +pkcs7.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +pkcs7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +pkcs7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +pkcs7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +pkcs7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +pkcs7.o: ../include/openssl/sha.h ../include/openssl/stack.h +pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h +pkcs8.o: ../include/openssl/asn1.h ../include/openssl/bio.h +pkcs8.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +pkcs8.o: ../include/openssl/buffer.h ../include/openssl/cast.h +pkcs8.o: ../include/openssl/crypto.h ../include/openssl/des.h +pkcs8.o: ../include/openssl/dh.h ../include/openssl/dsa.h +pkcs8.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h +pkcs8.o: ../include/openssl/idea.h ../include/openssl/md2.h +pkcs8.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +pkcs8.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h +pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +pkcs8.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +pkcs8.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h +pkcs8.o: ../include/openssl/stack.h ../include/openssl/x509.h +pkcs8.o: ../include/openssl/x509_vfy.h apps.h progs.h +req.o: ../include/openssl/asn1.h ../include/openssl/bio.h +req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +req.o: ../include/openssl/buffer.h ../include/openssl/cast.h +req.o: ../include/openssl/conf.h ../include/openssl/crypto.h +req.o: ../include/openssl/des.h ../include/openssl/dh.h +req.o: ../include/openssl/dsa.h ../include/openssl/e_os.h +req.o: ../include/openssl/e_os2.h ../include/openssl/err.h +req.o: ../include/openssl/evp.h ../include/openssl/idea.h +req.o: ../include/openssl/lhash.h ../include/openssl/md2.h +req.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +req.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +req.o: ../include/openssl/rand.h ../include/openssl/rc2.h +req.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +req.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +req.o: ../include/openssl/safestack.h ../include/openssl/sha.h +req.o: ../include/openssl/stack.h ../include/openssl/x509.h +req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h progs.h +rsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h +rsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +rsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h +rsa.o: ../include/openssl/crypto.h ../include/openssl/des.h +rsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h +rsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +rsa.o: ../include/openssl/err.h ../include/openssl/evp.h +rsa.o: ../include/openssl/idea.h ../include/openssl/md2.h +rsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +rsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +rsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +rsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +rsa.o: ../include/openssl/sha.h ../include/openssl/stack.h +rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h +s_cb.o: ../include/openssl/asn1.h ../include/openssl/bio.h +s_cb.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +s_cb.o: ../include/openssl/buffer.h ../include/openssl/cast.h +s_cb.o: ../include/openssl/crypto.h ../include/openssl/des.h +s_cb.o: ../include/openssl/dh.h ../include/openssl/dsa.h +s_cb.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h +s_cb.o: ../include/openssl/idea.h ../include/openssl/lhash.h +s_cb.o: ../include/openssl/md2.h ../include/openssl/md5.h +s_cb.o: ../include/openssl/mdc2.h ../include/openssl/objects.h +s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +s_cb.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +s_cb.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s_cb.o: ../include/openssl/stack.h ../include/openssl/tls1.h +s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h +s_cb.o: s_apps.h +s_client.o: ../include/openssl/asn1.h ../include/openssl/bio.h +s_client.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +s_client.o: ../include/openssl/buffer.h ../include/openssl/cast.h +s_client.o: ../include/openssl/crypto.h ../include/openssl/des.h +s_client.o: ../include/openssl/dh.h ../include/openssl/dsa.h +s_client.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +s_client.o: ../include/openssl/err.h ../include/openssl/evp.h +s_client.o: ../include/openssl/idea.h ../include/openssl/lhash.h +s_client.o: ../include/openssl/md2.h ../include/openssl/md5.h +s_client.o: ../include/openssl/mdc2.h ../include/openssl/objects.h +s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s_client.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +s_client.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +s_client.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s_client.o: ../include/openssl/stack.h ../include/openssl/tls1.h +s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +s_client.o: progs.h s_apps.h +s_server.o: ../include/openssl/asn1.h ../include/openssl/bio.h +s_server.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +s_server.o: ../include/openssl/buffer.h ../include/openssl/cast.h +s_server.o: ../include/openssl/crypto.h ../include/openssl/des.h +s_server.o: ../include/openssl/dh.h ../include/openssl/dsa.h +s_server.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +s_server.o: ../include/openssl/err.h ../include/openssl/evp.h +s_server.o: ../include/openssl/idea.h ../include/openssl/lhash.h +s_server.o: ../include/openssl/md2.h ../include/openssl/md5.h +s_server.o: ../include/openssl/mdc2.h ../include/openssl/objects.h +s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s_server.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +s_server.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +s_server.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s_server.o: ../include/openssl/stack.h ../include/openssl/tls1.h +s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +s_server.o: progs.h s_apps.h +s_socket.o: ../include/openssl/asn1.h ../include/openssl/bio.h +s_socket.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +s_socket.o: ../include/openssl/buffer.h ../include/openssl/cast.h +s_socket.o: ../include/openssl/crypto.h ../include/openssl/des.h +s_socket.o: ../include/openssl/dh.h ../include/openssl/dsa.h +s_socket.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +s_socket.o: ../include/openssl/evp.h ../include/openssl/idea.h +s_socket.o: ../include/openssl/lhash.h ../include/openssl/md2.h +s_socket.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +s_socket.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s_socket.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s_socket.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +s_socket.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +s_socket.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s_socket.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s_socket.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s_socket.o: ../include/openssl/x509_vfy.h apps.h progs.h s_apps.h +s_time.o: ../include/openssl/asn1.h ../include/openssl/bio.h +s_time.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +s_time.o: ../include/openssl/buffer.h ../include/openssl/cast.h +s_time.o: ../include/openssl/crypto.h ../include/openssl/des.h +s_time.o: ../include/openssl/dh.h ../include/openssl/dsa.h +s_time.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +s_time.o: ../include/openssl/err.h ../include/openssl/evp.h +s_time.o: ../include/openssl/idea.h ../include/openssl/lhash.h +s_time.o: ../include/openssl/md2.h ../include/openssl/md5.h +s_time.o: ../include/openssl/mdc2.h ../include/openssl/objects.h +s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s_time.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +s_time.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +s_time.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s_time.o: ../include/openssl/stack.h ../include/openssl/tls1.h +s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +s_time.o: progs.h s_apps.h +sess_id.o: ../include/openssl/asn1.h ../include/openssl/bio.h +sess_id.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +sess_id.o: ../include/openssl/buffer.h ../include/openssl/cast.h +sess_id.o: ../include/openssl/crypto.h ../include/openssl/des.h +sess_id.o: ../include/openssl/dh.h ../include/openssl/dsa.h +sess_id.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h +sess_id.o: ../include/openssl/idea.h ../include/openssl/lhash.h +sess_id.o: ../include/openssl/md2.h ../include/openssl/md5.h +sess_id.o: ../include/openssl/mdc2.h ../include/openssl/objects.h +sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h +sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +sess_id.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +sess_id.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h +sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +sess_id.o: ../include/openssl/stack.h ../include/openssl/tls1.h +sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +sess_id.o: progs.h +speed.o: ../include/openssl/asn1.h ../include/openssl/bio.h +speed.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +speed.o: ../include/openssl/buffer.h ../include/openssl/cast.h +speed.o: ../include/openssl/crypto.h ../include/openssl/des.h +speed.o: ../include/openssl/dh.h ../include/openssl/dsa.h +speed.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +speed.o: ../include/openssl/err.h ../include/openssl/evp.h +speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h +speed.o: ../include/openssl/md2.h ../include/openssl/md5.h +speed.o: ../include/openssl/mdc2.h ../include/openssl/objects.h +speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +speed.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +speed.o: ../include/openssl/sha.h ../include/openssl/stack.h +speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ./testdsa.h +speed.o: ./testrsa.h apps.h progs.h +verify.o: ../include/openssl/asn1.h ../include/openssl/bio.h +verify.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +verify.o: ../include/openssl/buffer.h ../include/openssl/cast.h +verify.o: ../include/openssl/crypto.h ../include/openssl/des.h +verify.o: ../include/openssl/dh.h ../include/openssl/dsa.h +verify.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +verify.o: ../include/openssl/err.h ../include/openssl/evp.h +verify.o: ../include/openssl/idea.h ../include/openssl/md2.h +verify.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +verify.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +verify.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +verify.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +verify.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +verify.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +verify.o: ../include/openssl/sha.h ../include/openssl/stack.h +verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +verify.o: progs.h +version.o: ../include/openssl/asn1.h ../include/openssl/bio.h +version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +version.o: ../include/openssl/buffer.h ../include/openssl/cast.h +version.o: ../include/openssl/crypto.h ../include/openssl/des.h +version.o: ../include/openssl/dh.h ../include/openssl/dsa.h +version.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +version.o: ../include/openssl/evp.h ../include/openssl/idea.h +version.o: ../include/openssl/md2.h ../include/openssl/md5.h +version.o: ../include/openssl/mdc2.h ../include/openssl/objects.h +version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +version.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +version.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +version.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +version.o: ../include/openssl/sha.h ../include/openssl/stack.h apps.h progs.h +x509.o: ../include/openssl/asn1.h ../include/openssl/bio.h +x509.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +x509.o: ../include/openssl/buffer.h ../include/openssl/cast.h +x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h +x509.o: ../include/openssl/des.h ../include/openssl/dh.h +x509.o: ../include/openssl/dsa.h ../include/openssl/e_os.h +x509.o: ../include/openssl/e_os2.h ../include/openssl/err.h +x509.o: ../include/openssl/evp.h ../include/openssl/idea.h +x509.o: ../include/openssl/lhash.h ../include/openssl/md2.h +x509.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +x509.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +x509.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +x509.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +x509.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +x509.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +x509.o: ../include/openssl/sha.h ../include/openssl/stack.h +x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +x509.o: ../include/openssl/x509v3.h apps.h progs.h diff --git a/crypto/openssl/apps/apps.c b/crypto/openssl/apps/apps.c new file mode 100644 index 0000000..8fb5e8a --- /dev/null +++ b/crypto/openssl/apps/apps.c @@ -0,0 +1,326 @@ +/* apps/apps.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <sys/types.h> +#include <sys/stat.h> +#define NON_MAIN +#include "apps.h" +#undef NON_MAIN + +#ifdef WINDOWS +# include "bss_file.c" +#endif + +int app_init(long mesgwin); +#ifdef undef /* never finished - probably never will be :-) */ +int args_from_file(char *file, int *argc, char **argv[]) + { + FILE *fp; + int num,i; + unsigned int len; + static char *buf=NULL; + static char **arg=NULL; + char *p; + struct stat stbuf; + + if (stat(file,&stbuf) < 0) return(0); + + fp=fopen(file,"r"); + if (fp == NULL) + return(0); + + *argc=0; + *argv=NULL; + + len=(unsigned int)stbuf.st_size; + if (buf != NULL) Free(buf); + buf=(char *)Malloc(len+1); + if (buf == NULL) return(0); + + len=fread(buf,1,len,fp); + if (len <= 1) return(0); + buf[len]='\0'; + + i=0; + for (p=buf; *p; p++) + if (*p == '\n') i++; + if (arg != NULL) Free(arg); + arg=(char **)Malloc(sizeof(char *)*(i*2)); + + *argv=arg; + num=0; + p=buf; + for (;;) + { + if (!*p) break; + if (*p == '#') /* comment line */ + { + while (*p && (*p != '\n')) p++; + continue; + } + /* else we have a line */ + *(arg++)=p; + num++; + while (*p && ((*p != ' ') && (*p != '\t') && (*p != '\n'))) + p++; + if (!*p) break; + if (*p == '\n') + { + *(p++)='\0'; + continue; + } + /* else it is a tab or space */ + p++; + while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n'))) + p++; + if (!*p) break; + if (*p == '\n') + { + p++; + continue; + } + *(arg++)=p++; + num++; + while (*p && (*p != '\n')) p++; + if (!*p) break; + /* else *p == '\n' */ + *(p++)='\0'; + } + *argc=num; + return(1); + } +#endif + +int str2fmt(char *s) + { + if ((*s == 'D') || (*s == 'd')) + return(FORMAT_ASN1); + else if ((*s == 'T') || (*s == 't')) + return(FORMAT_TEXT); + else if ((*s == 'P') || (*s == 'p')) + return(FORMAT_PEM); + else if ((*s == 'N') || (*s == 'n')) + return(FORMAT_NETSCAPE); + else + return(FORMAT_UNDEF); + } + +#if defined(MSDOS) || defined(WIN32) || defined(WIN16) +void program_name(char *in, char *out, int size) + { + int i,n; + char *p=NULL; + + n=strlen(in); + /* find the last '/', '\' or ':' */ + for (i=n-1; i>0; i--) + { + if ((in[i] == '/') || (in[i] == '\\') || (in[i] == ':')) + { + p= &(in[i+1]); + break; + } + } + if (p == NULL) + p=in; + n=strlen(p); + /* strip off trailing .exe if present. */ + if ((n > 4) && (p[n-4] == '.') && + ((p[n-3] == 'e') || (p[n-3] == 'E')) && + ((p[n-2] == 'x') || (p[n-2] == 'X')) && + ((p[n-1] == 'e') || (p[n-1] == 'E'))) + n-=4; + if (n > size-1) + n=size-1; + + for (i=0; i<n; i++) + { + if ((p[i] >= 'A') && (p[i] <= 'Z')) + out[i]=p[i]-'A'+'a'; + else + out[i]=p[i]; + } + out[n]='\0'; + } +#else +#ifdef VMS +void program_name(char *in, char *out, int size) + { + char *p=in, *q; + char *chars=":]>"; + + while(*chars != '\0') + { + q=strrchr(p,*chars); + if (q > p) + p = q + 1; + chars++; + } + + q=strrchr(p,'.'); + if (q == NULL) + q = in+size; + strncpy(out,p,q-p); + out[q-p]='\0'; + } +#else +void program_name(char *in, char *out, int size) + { + char *p; + + p=strrchr(in,'/'); + if (p != NULL) + p++; + else + p=in; + strncpy(out,p,size-1); + out[size-1]='\0'; + } +#endif +#endif + +#ifdef WIN32 +int WIN32_rename(char *from, char *to) + { +#ifdef WINNT + int ret; +/* Note: MoveFileEx() doesn't work under Win95, Win98 */ + + ret=MoveFileEx(from,to,MOVEFILE_REPLACE_EXISTING|MOVEFILE_COPY_ALLOWED); + return(ret?0:-1); +#else + unlink(to); + return MoveFile(from, to); +#endif + } +#endif + +int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[]) + { + int num,len,i; + char *p; + + *argc=0; + *argv=NULL; + + len=strlen(buf); + i=0; + if (arg->count == 0) + { + arg->count=20; + arg->data=(char **)Malloc(sizeof(char *)*arg->count); + } + for (i=0; i<arg->count; i++) + arg->data[i]=NULL; + + num=0; + p=buf; + for (;;) + { + /* first scan over white space */ + if (!*p) break; + while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n'))) + p++; + if (!*p) break; + + /* The start of something good :-) */ + if (num >= arg->count) + { + arg->count+=20; + arg->data=(char **)Realloc(arg->data, + sizeof(char *)*arg->count); + if (argc == 0) return(0); + } + arg->data[num++]=p; + + /* now look for the end of this */ + if ((*p == '\'') || (*p == '\"')) /* scan for closing quote */ + { + i= *(p++); + arg->data[num-1]++; /* jump over quote */ + while (*p && (*p != i)) + p++; + *p='\0'; + } + else + { + while (*p && ((*p != ' ') && + (*p != '\t') && (*p != '\n'))) + p++; + + if (*p == '\0') + p--; + else + *p='\0'; + } + p++; + } + *argc=num; + *argv=arg->data; + return(1); + } + +#ifndef APP_INIT +int app_init(long mesgwin) + { + return(1); + } +#endif diff --git a/crypto/openssl/apps/apps.h b/crypto/openssl/apps/apps.h new file mode 100644 index 0000000..063f9c6 --- /dev/null +++ b/crypto/openssl/apps/apps.h @@ -0,0 +1,141 @@ +/* apps/apps.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_APPS_H +#define HEADER_APPS_H + +#include "openssl/e_os.h" + +#include <openssl/buffer.h> +#include <openssl/bio.h> +#include <openssl/crypto.h> +#include "progs.h" + +#ifdef NO_STDIO +BIO_METHOD *BIO_s_file(); +#endif + +#ifdef WIN32 +#define rename(from,to) WIN32_rename((from),(to)) +int WIN32_rename(char *oldname,char *newname); +#endif + +#ifndef MONOLITH + +#define MAIN(a,v) main(a,v) + +#ifndef NON_MAIN +BIO *bio_err=NULL; +#else +extern BIO *bio_err; +#endif + +#else + +#define MAIN(a,v) PROG(a,v) +#include <openssl/conf.h> +extern LHASH *config; +extern char *default_config_file; +extern BIO *bio_err; + +#endif + +#include <signal.h> + +#ifdef SIGPIPE +#define do_pipe_sig() signal(SIGPIPE,SIG_IGN) +#else +#define do_pipe_sig() +#endif + +#if defined(MONOLITH) && !defined(SSLEAY) +# define apps_startup() do_pipe_sig() +#else +# if defined(MSDOS) || defined(WIN16) || defined(WIN32) +# ifdef _O_BINARY +# define apps_startup() \ + _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ + SSLeay_add_all_algorithms() +# else +# define apps_startup() \ + _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ + SSLeay_add_all_algorithms() +# endif +# else +# define apps_startup() do_pipe_sig(); SSLeay_add_all_algorithms(); +# endif +#endif + +typedef struct args_st + { + char **data; + int count; + } ARGS; + +int should_retry(int i); +int args_from_file(char *file, int *argc, char **argv[]); +int str2fmt(char *s); +void program_name(char *in,char *out,int size); +int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]); +#define FORMAT_UNDEF 0 +#define FORMAT_ASN1 1 +#define FORMAT_TEXT 2 +#define FORMAT_PEM 3 +#define FORMAT_NETSCAPE 4 + +#endif diff --git a/crypto/openssl/apps/asn1pars.c b/crypto/openssl/apps/asn1pars.c new file mode 100644 index 0000000..1b272b2 --- /dev/null +++ b/crypto/openssl/apps/asn1pars.c @@ -0,0 +1,309 @@ +/* apps/asn1pars.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* A nice addition from Dr Stephen Henson <shenson@bigfoot.com> to + * add the -strparse option which parses nested binary structures + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include "apps.h" +#include <openssl/err.h> +#include <openssl/evp.h> +#include <openssl/x509.h> +#include <openssl/pem.h> + +/* -inform arg - input format - default PEM (DER or PEM) + * -in arg - input file - default stdin + * -i - indent the details by depth + * -offset - where in the file to start + * -length - how many bytes to use + * -oid file - extra oid decription file + */ + +#undef PROG +#define PROG asn1parse_main + +int MAIN(int argc, char **argv) + { + int i,badops=0,offset=0,ret=1,j; + unsigned int length=0; + long num,tmplen; + BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL; + int informat,indent=0; + char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL; + unsigned char *tmpbuf; + BUF_MEM *buf=NULL; + STACK *osk=NULL; + ASN1_TYPE *at=NULL; + + informat=FORMAT_PEM; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + prog=argv[0]; + argc--; + argv++; + if ((osk=sk_new_null()) == NULL) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto end; + } + while (argc >= 1) + { + if (strcmp(*argv,"-inform") == 0) + { + if (--argc < 1) goto bad; + informat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + derfile= *(++argv); + } + else if (strcmp(*argv,"-i") == 0) + { + indent=1; + } + else if (strcmp(*argv,"-oid") == 0) + { + if (--argc < 1) goto bad; + oidfile= *(++argv); + } + else if (strcmp(*argv,"-offset") == 0) + { + if (--argc < 1) goto bad; + offset= atoi(*(++argv)); + } + else if (strcmp(*argv,"-length") == 0) + { + if (--argc < 1) goto bad; + length= atoi(*(++argv)); + if (length == 0) goto bad; + } + else if (strcmp(*argv,"-strparse") == 0) + { + if (--argc < 1) goto bad; + sk_push(osk,*(++argv)); + } + else + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { +bad: + BIO_printf(bio_err,"%s [options] <infile\n",prog); + BIO_printf(bio_err,"where options are\n"); + BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n"); + BIO_printf(bio_err," -in arg input file\n"); + BIO_printf(bio_err," -offset arg offset into file\n"); + BIO_printf(bio_err," -length arg lenth of section in file\n"); + BIO_printf(bio_err," -i indent entries\n"); + BIO_printf(bio_err," -oid file file of extra oid definitions\n"); + BIO_printf(bio_err," -strparse offset\n"); + BIO_printf(bio_err," a series of these can be used to 'dig' into multiple\n"); + BIO_printf(bio_err," ASN1 blob wrappings\n"); + BIO_printf(bio_err," -out filename output DER encoding to file\n"); + goto end; + } + + ERR_load_crypto_strings(); + + in=BIO_new(BIO_s_file()); + out=BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL)) + { + ERR_print_errors(bio_err); + goto end; + } + BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); + + if (oidfile != NULL) + { + if (BIO_read_filename(in,oidfile) <= 0) + { + BIO_printf(bio_err,"problems opening %s\n",oidfile); + ERR_print_errors(bio_err); + goto end; + } + OBJ_create_objects(in); + } + + if (infile == NULL) + BIO_set_fp(in,stdin,BIO_NOCLOSE); + else + { + if (BIO_read_filename(in,infile) <= 0) + { + perror(infile); + goto end; + } + } + + if (derfile) { + if(!(derout = BIO_new_file(derfile, "wb"))) { + BIO_printf(bio_err,"problems opening %s\n",derfile); + ERR_print_errors(bio_err); + goto end; + } + } + + if ((buf=BUF_MEM_new()) == NULL) goto end; + if (!BUF_MEM_grow(buf,BUFSIZ*8)) goto end; /* Pre-allocate :-) */ + + if (informat == FORMAT_PEM) + { + BIO *tmp; + + if ((b64=BIO_new(BIO_f_base64())) == NULL) + goto end; + BIO_push(b64,in); + tmp=in; + in=b64; + b64=tmp; + } + + num=0; + for (;;) + { + if (!BUF_MEM_grow(buf,(int)num+BUFSIZ)) goto end; + i=BIO_read(in,&(buf->data[num]),BUFSIZ); + if (i <= 0) break; + num+=i; + } + str=buf->data; + + /* If any structs to parse go through in sequence */ + + if (sk_num(osk)) + { + tmpbuf=(unsigned char *)str; + tmplen=num; + for (i=0; i<sk_num(osk); i++) + { + ASN1_TYPE *atmp; + j=atoi(sk_value(osk,i)); + if (j == 0) + { + BIO_printf(bio_err,"'%s' is an invalid number\n",sk_value(osk,i)); + continue; + } + tmpbuf+=j; + tmplen-=j; + atmp = at; + at = d2i_ASN1_TYPE(NULL,&tmpbuf,tmplen); + ASN1_TYPE_free(atmp); + if(!at) + { + BIO_printf(bio_err,"Error parsing structure\n"); + ERR_print_errors(bio_err); + goto end; + } + /* hmm... this is a little evil but it works */ + tmpbuf=at->value.asn1_string->data; + tmplen=at->value.asn1_string->length; + } + str=(char *)tmpbuf; + num=tmplen; + } + + if (length == 0) length=(unsigned int)num; + if(derout) { + if(BIO_write(derout, str + offset, length) != (int)length) { + BIO_printf(bio_err, "Error writing output\n"); + ERR_print_errors(bio_err); + goto end; + } + } + if (!ASN1_parse(out,(unsigned char *)&(str[offset]),length,indent)) + { + ERR_print_errors(bio_err); + goto end; + } + ret=0; +end: + BIO_free(derout); + if (in != NULL) BIO_free(in); + if (out != NULL) BIO_free(out); + if (b64 != NULL) BIO_free(b64); + if (ret != 0) + ERR_print_errors(bio_err); + if (buf != NULL) BUF_MEM_free(buf); + if (at != NULL) ASN1_TYPE_free(at); + if (osk != NULL) sk_free(osk); + OBJ_cleanup(); + EXIT(ret); + } + diff --git a/crypto/openssl/apps/ca-cert.srl b/crypto/openssl/apps/ca-cert.srl new file mode 100644 index 0000000..eeee65e --- /dev/null +++ b/crypto/openssl/apps/ca-cert.srl @@ -0,0 +1 @@ +05 diff --git a/crypto/openssl/apps/ca-key.pem b/crypto/openssl/apps/ca-key.pem new file mode 100644 index 0000000..3a520b2 --- /dev/null +++ b/crypto/openssl/apps/ca-key.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425 +gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd +2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB +AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6 +hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2 +J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs +HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL +21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s +nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz +MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa +pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb +KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2 +XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ +-----END RSA PRIVATE KEY----- diff --git a/crypto/openssl/apps/ca-req.pem b/crypto/openssl/apps/ca-req.pem new file mode 100644 index 0000000..77bf7ec --- /dev/null +++ b/crypto/openssl/apps/ca-req.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBmTCCAQICAQAwWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx +GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgx +MDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgy +bTsZDCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/d +FXSv1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUe +cQU2mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAKlk7 +cxu9gCJN3/iQFyJXQ6YphaiQAT5VBXTx9ftRrQIjA3vxlDzPWGDy+V5Tqa7h8PtR +5Bn00JShII2zf0hjyjKils6x/UkWmjEiwSiFp4hR70iE8XwSNEHY2P6j6nQEIpgW +kbfgmmUqk7dl2V+ossTJ80B8SBpEhrn81V/cHxA= +-----END CERTIFICATE REQUEST----- diff --git a/crypto/openssl/apps/ca.c b/crypto/openssl/apps/ca.c new file mode 100644 index 0000000..9ed100d --- /dev/null +++ b/crypto/openssl/apps/ca.c @@ -0,0 +1,2232 @@ +/* apps/ca.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* The PPKI stuff has been donated by Jeff Barber <jeffb@issl.atl.hp.com> */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <sys/types.h> +#include <sys/stat.h> +#include "apps.h" +#include <openssl/conf.h> +#include <openssl/bio.h> +#include <openssl/err.h> +#include <openssl/bn.h> +#include <openssl/txt_db.h> +#include <openssl/evp.h> +#include <openssl/x509.h> +#include <openssl/x509v3.h> +#include <openssl/objects.h> +#include <openssl/pem.h> + +#ifndef W_OK +# ifdef VMS +# if defined(__DECC) +# include <unistd.h> +# else +# include <unixlib.h> +# endif +# else +# include <sys/file.h> +# endif +#endif + +#ifndef W_OK +# define F_OK 0 +# define X_OK 1 +# define W_OK 2 +# define R_OK 4 +#endif + +#undef PROG +#define PROG ca_main + +#define BASE_SECTION "ca" +#define CONFIG_FILE "openssl.cnf" + +#define ENV_DEFAULT_CA "default_ca" + +#define ENV_DIR "dir" +#define ENV_CERTS "certs" +#define ENV_CRL_DIR "crl_dir" +#define ENV_CA_DB "CA_DB" +#define ENV_NEW_CERTS_DIR "new_certs_dir" +#define ENV_CERTIFICATE "certificate" +#define ENV_SERIAL "serial" +#define ENV_CRL "crl" +#define ENV_PRIVATE_KEY "private_key" +#define ENV_RANDFILE "RANDFILE" +#define ENV_DEFAULT_DAYS "default_days" +#define ENV_DEFAULT_STARTDATE "default_startdate" +#define ENV_DEFAULT_ENDDATE "default_enddate" +#define ENV_DEFAULT_CRL_DAYS "default_crl_days" +#define ENV_DEFAULT_CRL_HOURS "default_crl_hours" +#define ENV_DEFAULT_MD "default_md" +#define ENV_PRESERVE "preserve" +#define ENV_POLICY "policy" +#define ENV_EXTENSIONS "x509_extensions" +#define ENV_CRLEXT "crl_extensions" +#define ENV_MSIE_HACK "msie_hack" + +#define ENV_DATABASE "database" + +#define DB_type 0 +#define DB_exp_date 1 +#define DB_rev_date 2 +#define DB_serial 3 /* index - unique */ +#define DB_file 4 +#define DB_name 5 /* index - unique for active */ +#define DB_NUMBER 6 + +#define DB_TYPE_REV 'R' +#define DB_TYPE_EXP 'E' +#define DB_TYPE_VAL 'V' + +static char *ca_usage[]={ +"usage: ca args\n", +"\n", +" -verbose - Talk alot while doing things\n", +" -config file - A config file\n", +" -name arg - The particular CA definition to use\n", +" -gencrl - Generate a new CRL\n", +" -crldays days - Days is when the next CRL is due\n", +" -crlhours hours - Hours is when the next CRL is due\n", +" -days arg - number of days to certify the certificate for\n", +" -md arg - md to use, one of md2, md5, sha or sha1\n", +" -policy arg - The CA 'policy' to support\n", +" -keyfile arg - PEM private key file\n", +" -key arg - key to decode the private key if it is encrypted\n", +" -cert file - The CA certificate\n", +" -in file - The input PEM encoded certificate request(s)\n", +" -out file - Where to put the output file(s)\n", +" -outdir dir - Where to put output certificates\n", +" -infiles .... - The last argument, requests to process\n", +" -spkac file - File contains DN and signed public key and challenge\n", +" -ss_cert file - File contains a self signed cert to sign\n", +" -preserveDN - Don't re-order the DN\n", +" -batch - Don't ask questions\n", +" -msie_hack - msie modifications to handle all those universal strings\n", +" -revoke file - Revoke a certificate (given in file)\n", +NULL +}; + +#ifdef EFENCE +extern int EF_PROTECT_FREE; +extern int EF_PROTECT_BELOW; +extern int EF_ALIGNMENT; +#endif + +static int add_oid_section(LHASH *conf); +static void lookup_fail(char *name,char *tag); +static int MS_CALLBACK key_callback(char *buf,int len,int verify,void *u); +static unsigned long index_serial_hash(char **a); +static int index_serial_cmp(char **a, char **b); +static unsigned long index_name_hash(char **a); +static int index_name_qual(char **a); +static int index_name_cmp(char **a,char **b); +static BIGNUM *load_serial(char *serialfile); +static int save_serial(char *serialfile, BIGNUM *serial); +static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, + const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,TXT_DB *db, + BIGNUM *serial, char *startdate,char *enddate, int days, + int batch, char *ext_sect, LHASH *conf,int verbose); +static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, + const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, + TXT_DB *db, BIGNUM *serial,char *startdate, + char *enddate, int days, int batch, char *ext_sect, + LHASH *conf,int verbose); +static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, + const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, + TXT_DB *db, BIGNUM *serial,char *startdate, + char *enddate, int days, char *ext_sect,LHASH *conf, + int verbose); +static int fix_data(int nid, int *type); +static void write_new_certificate(BIO *bp, X509 *x, int output_der); +static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, + STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial, + char *startdate, char *enddate, int days, int batch, int verbose, + X509_REQ *req, char *ext_sect, LHASH *conf); +static int do_revoke(X509 *x509, TXT_DB *db); +static int check_time_format(char *str); +static LHASH *conf; +static char *key=NULL; +static char *section=NULL; + +static int preserve=0; +static int msie_hack=0; + +int MAIN(int argc, char **argv) + { + int total=0; + int total_done=0; + int badops=0; + int ret=1; + int req=0; + int verbose=0; + int gencrl=0; + int dorevoke=0; + long crldays=0; + long crlhours=0; + long errorline= -1; + char *configfile=NULL; + char *md=NULL; + char *policy=NULL; + char *keyfile=NULL; + char *certfile=NULL; + char *infile=NULL; + char *spkac_file=NULL; + char *ss_cert_file=NULL; + EVP_PKEY *pkey=NULL; + int output_der = 0; + char *outfile=NULL; + char *outdir=NULL; + char *serialfile=NULL; + char *extensions=NULL; + char *crl_ext=NULL; + BIGNUM *serial=NULL; + char *startdate=NULL; + char *enddate=NULL; + int days=0; + int batch=0; + X509 *x509=NULL; + X509 *x=NULL; + BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL; + char *dbfile=NULL; + TXT_DB *db=NULL; + X509_CRL *crl=NULL; + X509_CRL_INFO *ci=NULL; + X509_REVOKED *r=NULL; + char **pp,*p,*f; + int i,j; + long l; + const EVP_MD *dgst=NULL; + STACK_OF(CONF_VALUE) *attribs=NULL; + STACK *cert_sk=NULL; + BIO *hex=NULL; +#undef BSIZE +#define BSIZE 256 + MS_STATIC char buf[3][BSIZE]; + +#ifdef EFENCE +EF_PROTECT_FREE=1; +EF_PROTECT_BELOW=1; +EF_ALIGNMENT=0; +#endif + + apps_startup(); + + X509V3_add_standard_extensions(); + + preserve=0; + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-verbose") == 0) + verbose=1; + else if (strcmp(*argv,"-config") == 0) + { + if (--argc < 1) goto bad; + configfile= *(++argv); + } + else if (strcmp(*argv,"-name") == 0) + { + if (--argc < 1) goto bad; + section= *(++argv); + } + else if (strcmp(*argv,"-startdate") == 0) + { + if (--argc < 1) goto bad; + startdate= *(++argv); + } + else if (strcmp(*argv,"-enddate") == 0) + { + if (--argc < 1) goto bad; + enddate= *(++argv); + } + else if (strcmp(*argv,"-days") == 0) + { + if (--argc < 1) goto bad; + days=atoi(*(++argv)); + } + else if (strcmp(*argv,"-md") == 0) + { + if (--argc < 1) goto bad; + md= *(++argv); + } + else if (strcmp(*argv,"-policy") == 0) + { + if (--argc < 1) goto bad; + policy= *(++argv); + } + else if (strcmp(*argv,"-keyfile") == 0) + { + if (--argc < 1) goto bad; + keyfile= *(++argv); + } + else if (strcmp(*argv,"-key") == 0) + { + if (--argc < 1) goto bad; + key= *(++argv); + } + else if (strcmp(*argv,"-cert") == 0) + { + if (--argc < 1) goto bad; + certfile= *(++argv); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + req=1; + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-outdir") == 0) + { + if (--argc < 1) goto bad; + outdir= *(++argv); + } + else if (strcmp(*argv,"-batch") == 0) + batch=1; + else if (strcmp(*argv,"-preserveDN") == 0) + preserve=1; + else if (strcmp(*argv,"-gencrl") == 0) + gencrl=1; + else if (strcmp(*argv,"-msie_hack") == 0) + msie_hack=1; + else if (strcmp(*argv,"-crldays") == 0) + { + if (--argc < 1) goto bad; + crldays= atol(*(++argv)); + } + else if (strcmp(*argv,"-crlhours") == 0) + { + if (--argc < 1) goto bad; + crlhours= atol(*(++argv)); + } + else if (strcmp(*argv,"-infiles") == 0) + { + argc--; + argv++; + req=1; + break; + } + else if (strcmp(*argv, "-ss_cert") == 0) + { + if (--argc < 1) goto bad; + ss_cert_file = *(++argv); + req=1; + } + else if (strcmp(*argv, "-spkac") == 0) + { + if (--argc < 1) goto bad; + spkac_file = *(++argv); + req=1; + } + else if (strcmp(*argv,"-revoke") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + dorevoke=1; + } + else + { +bad: + BIO_printf(bio_err,"unknown option %s\n",*argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { + for (pp=ca_usage; (*pp != NULL); pp++) + BIO_printf(bio_err,*pp); + goto err; + } + + ERR_load_crypto_strings(); + + /*****************************************************************/ + if (configfile == NULL) configfile = getenv("OPENSSL_CONF"); + if (configfile == NULL) configfile = getenv("SSLEAY_CONF"); + if (configfile == NULL) + { + /* We will just use 'buf[0]' as a temporary buffer. */ +#ifdef VMS + strncpy(buf[0],X509_get_default_cert_area(), + sizeof(buf[0])-1-sizeof(CONFIG_FILE)); +#else + strncpy(buf[0],X509_get_default_cert_area(), + sizeof(buf[0])-2-sizeof(CONFIG_FILE)); + strcat(buf[0],"/"); +#endif + strcat(buf[0],CONFIG_FILE); + configfile=buf[0]; + } + + BIO_printf(bio_err,"Using configuration from %s\n",configfile); + if ((conf=CONF_load(NULL,configfile,&errorline)) == NULL) + { + if (errorline <= 0) + BIO_printf(bio_err,"error loading the config file '%s'\n", + configfile); + else + BIO_printf(bio_err,"error on line %ld of config file '%s'\n" + ,errorline,configfile); + goto err; + } + + /* Lets get the config section we are using */ + if (section == NULL) + { + section=CONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA); + if (section == NULL) + { + lookup_fail(BASE_SECTION,ENV_DEFAULT_CA); + goto err; + } + } + + if (conf != NULL) + { + p=CONF_get_string(conf,NULL,"oid_file"); + if (p != NULL) + { + BIO *oid_bio; + + oid_bio=BIO_new_file(p,"r"); + if (oid_bio == NULL) + { + /* + BIO_printf(bio_err,"problems opening %s for extra oid's\n",p); + ERR_print_errors(bio_err); + */ + ERR_clear_error(); + } + else + { + OBJ_create_objects(oid_bio); + BIO_free(oid_bio); + } + } + } + if(!add_oid_section(conf)) { + ERR_print_errors(bio_err); + goto err; + } + + in=BIO_new(BIO_s_file()); + out=BIO_new(BIO_s_file()); + Sout=BIO_new(BIO_s_file()); + Cout=BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL) || (Sout == NULL) || (Cout == NULL)) + { + ERR_print_errors(bio_err); + goto err; + } + + /*****************************************************************/ + /* we definitly need an public key, so lets get it */ + + if ((keyfile == NULL) && ((keyfile=CONF_get_string(conf, + section,ENV_PRIVATE_KEY)) == NULL)) + { + lookup_fail(section,ENV_PRIVATE_KEY); + goto err; + } + if (BIO_read_filename(in,keyfile) <= 0) + { + perror(keyfile); + BIO_printf(bio_err,"trying to load CA private key\n"); + goto err; + } + if (key == NULL) + pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL); + else + { + pkey=PEM_read_bio_PrivateKey(in,NULL,key_callback,NULL); + memset(key,0,strlen(key)); + } + if (pkey == NULL) + { + BIO_printf(bio_err,"unable to load CA private key\n"); + goto err; + } + + /*****************************************************************/ + /* we need a certificate */ + if ((certfile == NULL) && ((certfile=CONF_get_string(conf, + section,ENV_CERTIFICATE)) == NULL)) + { + lookup_fail(section,ENV_CERTIFICATE); + goto err; + } + if (BIO_read_filename(in,certfile) <= 0) + { + perror(certfile); + BIO_printf(bio_err,"trying to load CA certificate\n"); + goto err; + } + x509=PEM_read_bio_X509(in,NULL,NULL,NULL); + if (x509 == NULL) + { + BIO_printf(bio_err,"unable to load CA certificate\n"); + goto err; + } + + if (!X509_check_private_key(x509,pkey)) + { + BIO_printf(bio_err,"CA certificate and CA private key do not match\n"); + goto err; + } + + f=CONF_get_string(conf,BASE_SECTION,ENV_PRESERVE); + if ((f != NULL) && ((*f == 'y') || (*f == 'Y'))) + preserve=1; + f=CONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK); + if ((f != NULL) && ((*f == 'y') || (*f == 'Y'))) + msie_hack=1; + + /*****************************************************************/ + /* lookup where to write new certificates */ + if ((outdir == NULL) && (req)) + { + struct stat sb; + + if ((outdir=CONF_get_string(conf,section,ENV_NEW_CERTS_DIR)) + == NULL) + { + BIO_printf(bio_err,"there needs to be defined a directory for new certificate to be placed in\n"); + goto err; + } +#ifdef VMS + /* For technical reasons, VMS misbehaves with X_OK */ + if (access(outdir,R_OK|W_OK) != 0) +#else + if (access(outdir,R_OK|W_OK|X_OK) != 0) +#endif + { + BIO_printf(bio_err,"I am unable to acces the %s directory\n",outdir); + perror(outdir); + goto err; + } + + if (stat(outdir,&sb) != 0) + { + BIO_printf(bio_err,"unable to stat(%s)\n",outdir); + perror(outdir); + goto err; + } + if (!(sb.st_mode & S_IFDIR)) + { + BIO_printf(bio_err,"%s need to be a directory\n",outdir); + perror(outdir); + goto err; + } + } + + /*****************************************************************/ + /* we need to load the database file */ + if ((dbfile=CONF_get_string(conf,section,ENV_DATABASE)) == NULL) + { + lookup_fail(section,ENV_DATABASE); + goto err; + } + if (BIO_read_filename(in,dbfile) <= 0) + { + perror(dbfile); + BIO_printf(bio_err,"unable to open '%s'\n",dbfile); + goto err; + } + db=TXT_DB_read(in,DB_NUMBER); + if (db == NULL) goto err; + + /* Lets check some fields */ + for (i=0; i<sk_num(db->data); i++) + { + pp=(char **)sk_value(db->data,i); + if ((pp[DB_type][0] != DB_TYPE_REV) && + (pp[DB_rev_date][0] != '\0')) + { + BIO_printf(bio_err,"entry %d: not revoked yet, but has a revocation date\n",i+1); + goto err; + } + if ((pp[DB_type][0] == DB_TYPE_REV) && + !check_time_format(pp[DB_rev_date])) + { + BIO_printf(bio_err,"entry %d: invalid revocation date\n", + i+1); + goto err; + } + if (!check_time_format(pp[DB_exp_date])) + { + BIO_printf(bio_err,"entry %d: invalid expiry date\n",i+1); + goto err; + } + p=pp[DB_serial]; + j=strlen(p); + if ((j&1) || (j < 2)) + { + BIO_printf(bio_err,"entry %d: bad serial number length (%d)\n",i+1,j); + goto err; + } + while (*p) + { + if (!( ((*p >= '0') && (*p <= '9')) || + ((*p >= 'A') && (*p <= 'F')) || + ((*p >= 'a') && (*p <= 'f'))) ) + { + BIO_printf(bio_err,"entry %d: bad serial number characters, char pos %ld, char is '%c'\n",i+1,(long)(p-pp[DB_serial]),*p); + goto err; + } + p++; + } + } + if (verbose) + { + BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail */ + TXT_DB_write(out,db); + BIO_printf(bio_err,"%d entries loaded from the database\n", + db->data->num); + BIO_printf(bio_err,"generating indexs\n"); + } + + if (!TXT_DB_create_index(db,DB_serial,NULL,index_serial_hash, + index_serial_cmp)) + { + BIO_printf(bio_err,"error creating serial number index:(%ld,%ld,%ld)\n",db->error,db->arg1,db->arg2); + goto err; + } + + if (!TXT_DB_create_index(db,DB_name,index_name_qual,index_name_hash, + index_name_cmp)) + { + BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n", + db->error,db->arg1,db->arg2); + goto err; + } + + /*****************************************************************/ + if (req || gencrl) + { + if (outfile != NULL) + { + + if (BIO_write_filename(Sout,outfile) <= 0) + { + perror(outfile); + goto err; + } + } + else + BIO_set_fp(Sout,stdout,BIO_NOCLOSE|BIO_FP_TEXT); + } + + if (req) + { + if ((md == NULL) && ((md=CONF_get_string(conf, + section,ENV_DEFAULT_MD)) == NULL)) + { + lookup_fail(section,ENV_DEFAULT_MD); + goto err; + } + if ((dgst=EVP_get_digestbyname(md)) == NULL) + { + BIO_printf(bio_err,"%s is an unsupported message digest type\n",md); + goto err; + } + if (verbose) + BIO_printf(bio_err,"message digest is %s\n", + OBJ_nid2ln(dgst->type)); + if ((policy == NULL) && ((policy=CONF_get_string(conf, + section,ENV_POLICY)) == NULL)) + { + lookup_fail(section,ENV_POLICY); + goto err; + } + if (verbose) + BIO_printf(bio_err,"policy is %s\n",policy); + + if ((serialfile=CONF_get_string(conf,section,ENV_SERIAL)) + == NULL) + { + lookup_fail(section,ENV_SERIAL); + goto err; + } + + extensions=CONF_get_string(conf,section,ENV_EXTENSIONS); + if(extensions) { + /* Check syntax of file */ + X509V3_CTX ctx; + X509V3_set_ctx_test(&ctx); + X509V3_set_conf_lhash(&ctx, conf); + if(!X509V3_EXT_add_conf(conf, &ctx, extensions, NULL)) { + BIO_printf(bio_err, + "Error Loading extension section %s\n", + extensions); + ret = 1; + goto err; + } + } + + if (startdate == NULL) + { + startdate=CONF_get_string(conf,section, + ENV_DEFAULT_STARTDATE); + } + if (startdate && !ASN1_UTCTIME_set_string(NULL,startdate)) + { + BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSSZ\n"); + goto err; + } + if (startdate == NULL) startdate="today"; + + if (enddate == NULL) + { + enddate=CONF_get_string(conf,section, + ENV_DEFAULT_ENDDATE); + } + if (enddate && !ASN1_UTCTIME_set_string(NULL,enddate)) + { + BIO_printf(bio_err,"end date is invalid, it should be YYMMDDHHMMSSZ\n"); + goto err; + } + + if (days == 0) + { + days=(int)CONF_get_number(conf,section, + ENV_DEFAULT_DAYS); + } + if (!enddate && (days == 0)) + { + BIO_printf(bio_err,"cannot lookup how many days to certify for\n"); + goto err; + } + + if ((serial=load_serial(serialfile)) == NULL) + { + BIO_printf(bio_err,"error while loading serial number\n"); + goto err; + } + if (verbose) + { + if ((f=BN_bn2hex(serial)) == NULL) goto err; + BIO_printf(bio_err,"next serial number is %s\n",f); + Free(f); + } + + if ((attribs=CONF_get_section(conf,policy)) == NULL) + { + BIO_printf(bio_err,"unable to find 'section' for %s\n",policy); + goto err; + } + + if ((cert_sk=sk_new_null()) == NULL) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + if (spkac_file != NULL) + { + total++; + j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db, + serial,startdate,enddate, days,extensions,conf, + verbose); + if (j < 0) goto err; + if (j > 0) + { + total_done++; + BIO_printf(bio_err,"\n"); + if (!BN_add_word(serial,1)) goto err; + if (!sk_push(cert_sk,(char *)x)) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + if (outfile) + { + output_der = 1; + batch = 1; + } + } + } + if (ss_cert_file != NULL) + { + total++; + j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,attribs, + db,serial,startdate,enddate,days,batch, + extensions,conf,verbose); + if (j < 0) goto err; + if (j > 0) + { + total_done++; + BIO_printf(bio_err,"\n"); + if (!BN_add_word(serial,1)) goto err; + if (!sk_push(cert_sk,(char *)x)) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + } + } + if (infile != NULL) + { + total++; + j=certify(&x,infile,pkey,x509,dgst,attribs,db, + serial,startdate,enddate,days,batch, + extensions,conf,verbose); + if (j < 0) goto err; + if (j > 0) + { + total_done++; + BIO_printf(bio_err,"\n"); + if (!BN_add_word(serial,1)) goto err; + if (!sk_push(cert_sk,(char *)x)) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + } + } + for (i=0; i<argc; i++) + { + total++; + j=certify(&x,argv[i],pkey,x509,dgst,attribs,db, + serial,startdate,enddate,days,batch, + extensions,conf,verbose); + if (j < 0) goto err; + if (j > 0) + { + total_done++; + BIO_printf(bio_err,"\n"); + if (!BN_add_word(serial,1)) goto err; + if (!sk_push(cert_sk,(char *)x)) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + } + } + /* we have a stack of newly certified certificates + * and a data base and serial number that need + * updating */ + + if (sk_num(cert_sk) > 0) + { + if (!batch) + { + BIO_printf(bio_err,"\n%d out of %d certificate requests certified, commit? [y/n]",total_done,total); + (void)BIO_flush(bio_err); + buf[0][0]='\0'; + fgets(buf[0],10,stdin); + if ((buf[0][0] != 'y') && (buf[0][0] != 'Y')) + { + BIO_printf(bio_err,"CERTIFICATION CANCELED\n"); + ret=0; + goto err; + } + } + + BIO_printf(bio_err,"Write out database with %d new entries\n",sk_num(cert_sk)); + + strncpy(buf[0],serialfile,BSIZE-4); + +#ifdef VMS + strcat(buf[0],"-new"); +#else + strcat(buf[0],".new"); +#endif + + if (!save_serial(buf[0],serial)) goto err; + + strncpy(buf[1],dbfile,BSIZE-4); + +#ifdef VMS + strcat(buf[1],"-new"); +#else + strcat(buf[1],".new"); +#endif + + if (BIO_write_filename(out,buf[1]) <= 0) + { + perror(dbfile); + BIO_printf(bio_err,"unable to open '%s'\n",dbfile); + goto err; + } + l=TXT_DB_write(out,db); + if (l <= 0) goto err; + } + + if (verbose) + BIO_printf(bio_err,"writing new certificates\n"); + for (i=0; i<sk_num(cert_sk); i++) + { + int k; + unsigned char *n; + + x=(X509 *)sk_value(cert_sk,i); + + j=x->cert_info->serialNumber->length; + p=(char *)x->cert_info->serialNumber->data; + + strncpy(buf[2],outdir,BSIZE-(j*2)-6); + +#ifndef VMS + strcat(buf[2],"/"); +#endif + + n=(unsigned char *)&(buf[2][strlen(buf[2])]); + if (j > 0) + { + for (k=0; k<j; k++) + { + sprintf((char *)n,"%02X",(unsigned char)*(p++)); + n+=2; + } + } + else + { + *(n++)='0'; + *(n++)='0'; + } + *(n++)='.'; *(n++)='p'; *(n++)='e'; *(n++)='m'; + *n='\0'; + if (verbose) + BIO_printf(bio_err,"writing %s\n",buf[2]); + + if (BIO_write_filename(Cout,buf[2]) <= 0) + { + perror(buf[2]); + goto err; + } + write_new_certificate(Cout,x, 0); + write_new_certificate(Sout,x, output_der); + } + + if (sk_num(cert_sk)) + { + /* Rename the database and the serial file */ + strncpy(buf[2],serialfile,BSIZE-4); + +#ifdef VMS + strcat(buf[2],"-old"); +#else + strcat(buf[2],".old"); +#endif + + BIO_free(in); + BIO_free(out); + in=NULL; + out=NULL; + if (rename(serialfile,buf[2]) < 0) + { + BIO_printf(bio_err,"unabel to rename %s to %s\n", + serialfile,buf[2]); + perror("reason"); + goto err; + } + if (rename(buf[0],serialfile) < 0) + { + BIO_printf(bio_err,"unabel to rename %s to %s\n", + buf[0],serialfile); + perror("reason"); + rename(buf[2],serialfile); + goto err; + } + + strncpy(buf[2],dbfile,BSIZE-4); + +#ifdef VMS + strcat(buf[2],"-old"); +#else + strcat(buf[2],".old"); +#endif + + if (rename(dbfile,buf[2]) < 0) + { + BIO_printf(bio_err,"unabel to rename %s to %s\n", + dbfile,buf[2]); + perror("reason"); + goto err; + } + if (rename(buf[1],dbfile) < 0) + { + BIO_printf(bio_err,"unabel to rename %s to %s\n", + buf[1],dbfile); + perror("reason"); + rename(buf[2],dbfile); + goto err; + } + BIO_printf(bio_err,"Data Base Updated\n"); + } + } + + /*****************************************************************/ + if (gencrl) + { + crl_ext=CONF_get_string(conf,section,ENV_CRLEXT); + if(crl_ext) { + /* Check syntax of file */ + X509V3_CTX ctx; + X509V3_set_ctx_test(&ctx); + X509V3_set_conf_lhash(&ctx, conf); + if(!X509V3_EXT_add_conf(conf, &ctx, crl_ext, NULL)) { + BIO_printf(bio_err, + "Error Loading CRL extension section %s\n", + crl_ext); + ret = 1; + goto err; + } + } + if ((hex=BIO_new(BIO_s_mem())) == NULL) goto err; + + if (!crldays && !crlhours) + { + crldays=CONF_get_number(conf,section, + ENV_DEFAULT_CRL_DAYS); + crlhours=CONF_get_number(conf,section, + ENV_DEFAULT_CRL_HOURS); + } + if ((crldays == 0) && (crlhours == 0)) + { + BIO_printf(bio_err,"cannot lookup how long until the next CRL is issuer\n"); + goto err; + } + + if (verbose) BIO_printf(bio_err,"making CRL\n"); + if ((crl=X509_CRL_new()) == NULL) goto err; + ci=crl->crl; + X509_NAME_free(ci->issuer); + ci->issuer=X509_NAME_dup(x509->cert_info->subject); + if (ci->issuer == NULL) goto err; + + X509_gmtime_adj(ci->lastUpdate,0); + if (ci->nextUpdate == NULL) + ci->nextUpdate=ASN1_UTCTIME_new(); + X509_gmtime_adj(ci->nextUpdate,(crldays*24+crlhours)*60*60); + + for (i=0; i<sk_num(db->data); i++) + { + pp=(char **)sk_value(db->data,i); + if (pp[DB_type][0] == DB_TYPE_REV) + { + if ((r=X509_REVOKED_new()) == NULL) goto err; + ASN1_STRING_set((ASN1_STRING *) + r->revocationDate, + (unsigned char *)pp[DB_rev_date], + strlen(pp[DB_rev_date])); + /* strcpy(r->revocationDate,pp[DB_rev_date]);*/ + + (void)BIO_reset(hex); + if (!BIO_puts(hex,pp[DB_serial])) + goto err; + if (!a2i_ASN1_INTEGER(hex,r->serialNumber, + buf[0],BSIZE)) goto err; + + sk_X509_REVOKED_push(ci->revoked,r); + } + } + /* sort the data so it will be written in serial + * number order */ + sk_X509_REVOKED_sort(ci->revoked); + for (i=0; i<sk_X509_REVOKED_num(ci->revoked); i++) + { + r=sk_X509_REVOKED_value(ci->revoked,i); + r->sequence=i; + } + + /* we now have a CRL */ + if (verbose) BIO_printf(bio_err,"signing CRL\n"); + if (md != NULL) + { + if ((dgst=EVP_get_digestbyname(md)) == NULL) + { + BIO_printf(bio_err,"%s is an unsupported message digest type\n",md); + goto err; + } + } + else + { +#ifndef NO_DSA + if (pkey->type == EVP_PKEY_DSA) + dgst=EVP_dss1(); + else +#endif + dgst=EVP_md5(); + } + + /* Add any extensions asked for */ + + if(crl_ext) { + X509V3_CTX crlctx; + if (ci->version == NULL) + if ((ci->version=ASN1_INTEGER_new()) == NULL) goto err; + ASN1_INTEGER_set(ci->version,1); /* version 2 CRL */ + X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0); + X509V3_set_conf_lhash(&crlctx, conf); + + if(!X509V3_EXT_CRL_add_conf(conf, &crlctx, + crl_ext, crl)) goto err; + } + + if (!X509_CRL_sign(crl,pkey,dgst)) goto err; + + PEM_write_bio_X509_CRL(Sout,crl); + } + /*****************************************************************/ + if (dorevoke) + { + in=BIO_new(BIO_s_file()); + out=BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL)) + { + ERR_print_errors(bio_err); + goto err; + } + if (infile == NULL) + { + BIO_printf(bio_err,"no input files\n"); + goto err; + } + else + { + if (BIO_read_filename(in,infile) <= 0) + { + perror(infile); + BIO_printf(bio_err,"error trying to load '%s' certificate\n",infile); + goto err; + } + x509=PEM_read_bio_X509(in,NULL,NULL,NULL); + if (x509 == NULL) + { + BIO_printf(bio_err,"unable to load '%s' certificate\n",infile); + goto err; + } + j=do_revoke(x509,db); + + strncpy(buf[0],dbfile,BSIZE-4); + strcat(buf[0],".new"); + if (BIO_write_filename(out,buf[0]) <= 0) + { + perror(dbfile); + BIO_printf(bio_err,"unable to open '%s'\n",dbfile); + goto err; + } + j=TXT_DB_write(out,db); + if (j <= 0) goto err; + BIO_free(in); + BIO_free(out); + in=NULL; + out=NULL; + strncpy(buf[1],dbfile,BSIZE-4); + strcat(buf[1],".old"); + if (rename(dbfile,buf[1]) < 0) + { + BIO_printf(bio_err,"unable to rename %s to %s\n", dbfile, buf[1]); + perror("reason"); + goto err; + } + if (rename(buf[0],dbfile) < 0) + { + BIO_printf(bio_err,"unable to rename %s to %s\n", buf[0],dbfile); + perror("reason"); + rename(buf[1],dbfile); + goto err; + } + BIO_printf(bio_err,"Data Base Updated\n"); + } + } + /*****************************************************************/ + ret=0; +err: + BIO_free(hex); + BIO_free(Cout); + BIO_free(Sout); + BIO_free(out); + BIO_free(in); + + sk_pop_free(cert_sk,X509_free); + + if (ret) ERR_print_errors(bio_err); + BN_free(serial); + TXT_DB_free(db); + EVP_PKEY_free(pkey); + X509_free(x509); + X509_CRL_free(crl); + CONF_free(conf); + X509V3_EXT_cleanup(); + OBJ_cleanup(); + EXIT(ret); + } + +static void lookup_fail(char *name, char *tag) + { + BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag); + } + +static int MS_CALLBACK key_callback(char *buf, int len, int verify, void *u) + { + int i; + + if (key == NULL) return(0); + i=strlen(key); + i=(i > len)?len:i; + memcpy(buf,key,i); + return(i); + } + +static unsigned long index_serial_hash(char **a) + { + char *n; + + n=a[DB_serial]; + while (*n == '0') n++; + return(lh_strhash(n)); + } + +static int index_serial_cmp(char **a, char **b) + { + char *aa,*bb; + + for (aa=a[DB_serial]; *aa == '0'; aa++); + for (bb=b[DB_serial]; *bb == '0'; bb++); + return(strcmp(aa,bb)); + } + +static unsigned long index_name_hash(char **a) + { return(lh_strhash(a[DB_name])); } + +static int index_name_qual(char **a) + { return(a[0][0] == 'V'); } + +static int index_name_cmp(char **a, char **b) + { return(strcmp(a[DB_name], + b[DB_name])); } + +static BIGNUM *load_serial(char *serialfile) + { + BIO *in=NULL; + BIGNUM *ret=NULL; + MS_STATIC char buf[1024]; + ASN1_INTEGER *ai=NULL; + + if ((in=BIO_new(BIO_s_file())) == NULL) + { + ERR_print_errors(bio_err); + goto err; + } + + if (BIO_read_filename(in,serialfile) <= 0) + { + perror(serialfile); + goto err; + } + ai=ASN1_INTEGER_new(); + if (ai == NULL) goto err; + if (!a2i_ASN1_INTEGER(in,ai,buf,1024)) + { + BIO_printf(bio_err,"unable to load number from %s\n", + serialfile); + goto err; + } + ret=ASN1_INTEGER_to_BN(ai,NULL); + if (ret == NULL) + { + BIO_printf(bio_err,"error converting number from bin to BIGNUM"); + goto err; + } +err: + if (in != NULL) BIO_free(in); + if (ai != NULL) ASN1_INTEGER_free(ai); + return(ret); + } + +static int save_serial(char *serialfile, BIGNUM *serial) + { + BIO *out; + int ret=0; + ASN1_INTEGER *ai=NULL; + + out=BIO_new(BIO_s_file()); + if (out == NULL) + { + ERR_print_errors(bio_err); + goto err; + } + if (BIO_write_filename(out,serialfile) <= 0) + { + perror(serialfile); + goto err; + } + + if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL) + { + BIO_printf(bio_err,"error converting serial to ASN.1 format\n"); + goto err; + } + i2a_ASN1_INTEGER(out,ai); + BIO_puts(out,"\n"); + ret=1; +err: + if (out != NULL) BIO_free(out); + if (ai != NULL) ASN1_INTEGER_free(ai); + return(ret); + } + +static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, + const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, + BIGNUM *serial, char *startdate, char *enddate, int days, + int batch, char *ext_sect, LHASH *lconf, int verbose) + { + X509_REQ *req=NULL; + BIO *in=NULL; + EVP_PKEY *pktmp=NULL; + int ok= -1,i; + + in=BIO_new(BIO_s_file()); + + if (BIO_read_filename(in,infile) <= 0) + { + perror(infile); + goto err; + } + if ((req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL)) == NULL) + { + BIO_printf(bio_err,"Error reading certificate request in %s\n", + infile); + goto err; + } + if (verbose) + X509_REQ_print(bio_err,req); + + BIO_printf(bio_err,"Check that the request matches the signature\n"); + + if ((pktmp=X509_REQ_get_pubkey(req)) == NULL) + { + BIO_printf(bio_err,"error unpacking public key\n"); + goto err; + } + i=X509_REQ_verify(req,pktmp); + EVP_PKEY_free(pktmp); + if (i < 0) + { + ok=0; + BIO_printf(bio_err,"Signature verification problems....\n"); + goto err; + } + if (i == 0) + { + ok=0; + BIO_printf(bio_err,"Signature did not match the certificate request\n"); + goto err; + } + else + BIO_printf(bio_err,"Signature ok\n"); + + ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate, enddate, + days,batch,verbose,req,ext_sect,lconf); + +err: + if (req != NULL) X509_REQ_free(req); + if (in != NULL) BIO_free(in); + return(ok); + } + +static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, + const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, + BIGNUM *serial, char *startdate, char *enddate, int days, + int batch, char *ext_sect, LHASH *lconf, int verbose) + { + X509 *req=NULL; + X509_REQ *rreq=NULL; + BIO *in=NULL; + EVP_PKEY *pktmp=NULL; + int ok= -1,i; + + in=BIO_new(BIO_s_file()); + + if (BIO_read_filename(in,infile) <= 0) + { + perror(infile); + goto err; + } + if ((req=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) + { + BIO_printf(bio_err,"Error reading self signed certificate in %s\n",infile); + goto err; + } + if (verbose) + X509_print(bio_err,req); + + BIO_printf(bio_err,"Check that the request matches the signature\n"); + + if ((pktmp=X509_get_pubkey(req)) == NULL) + { + BIO_printf(bio_err,"error unpacking public key\n"); + goto err; + } + i=X509_verify(req,pktmp); + EVP_PKEY_free(pktmp); + if (i < 0) + { + ok=0; + BIO_printf(bio_err,"Signature verification problems....\n"); + goto err; + } + if (i == 0) + { + ok=0; + BIO_printf(bio_err,"Signature did not match the certificate\n"); + goto err; + } + else + BIO_printf(bio_err,"Signature ok\n"); + + if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL) + goto err; + + ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,enddate,days, + batch,verbose,rreq,ext_sect,lconf); + +err: + if (rreq != NULL) X509_REQ_free(rreq); + if (req != NULL) X509_free(req); + if (in != NULL) BIO_free(in); + return(ok); + } + +static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, + STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial, + char *startdate, char *enddate, int days, int batch, int verbose, + X509_REQ *req, char *ext_sect, LHASH *lconf) + { + X509_NAME *name=NULL,*CAname=NULL,*subject=NULL; + ASN1_UTCTIME *tm,*tmptm; + ASN1_STRING *str,*str2; + ASN1_OBJECT *obj; + X509 *ret=NULL; + X509_CINF *ci; + X509_NAME_ENTRY *ne; + X509_NAME_ENTRY *tne,*push; + EVP_PKEY *pktmp; + int ok= -1,i,j,last,nid; + char *p; + CONF_VALUE *cv; + char *row[DB_NUMBER],**rrow,**irow=NULL; + char buf[25],*pbuf; + + tmptm=ASN1_UTCTIME_new(); + if (tmptm == NULL) + { + BIO_printf(bio_err,"malloc error\n"); + return(0); + } + + for (i=0; i<DB_NUMBER; i++) + row[i]=NULL; + + BIO_printf(bio_err,"The Subjects Distinguished Name is as follows\n"); + name=X509_REQ_get_subject_name(req); + for (i=0; i<X509_NAME_entry_count(name); i++) + { + ne=(X509_NAME_ENTRY *)X509_NAME_get_entry(name,i); + obj=X509_NAME_ENTRY_get_object(ne); + j=i2a_ASN1_OBJECT(bio_err,obj); + str=X509_NAME_ENTRY_get_data(ne); + pbuf=buf; + for (j=22-j; j>0; j--) + *(pbuf++)=' '; + *(pbuf++)=':'; + *(pbuf++)='\0'; + BIO_puts(bio_err,buf); + + if (msie_hack) + { + /* assume all type should be strings */ + nid=OBJ_obj2nid(ne->object); + + if (str->type == V_ASN1_UNIVERSALSTRING) + ASN1_UNIVERSALSTRING_to_string(str); + + if ((str->type == V_ASN1_IA5STRING) && + (nid != NID_pkcs9_emailAddress)) + str->type=V_ASN1_T61STRING; + + if ((nid == NID_pkcs9_emailAddress) && + (str->type == V_ASN1_PRINTABLESTRING)) + str->type=V_ASN1_IA5STRING; + } + + if (str->type == V_ASN1_PRINTABLESTRING) + BIO_printf(bio_err,"PRINTABLE:'"); + else if (str->type == V_ASN1_T61STRING) + BIO_printf(bio_err,"T61STRING:'"); + else if (str->type == V_ASN1_IA5STRING) + BIO_printf(bio_err,"IA5STRING:'"); + else if (str->type == V_ASN1_UNIVERSALSTRING) + BIO_printf(bio_err,"UNIVERSALSTRING:'"); + else + BIO_printf(bio_err,"ASN.1 %2d:'",str->type); + + /* check some things */ + if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) && + (str->type != V_ASN1_IA5STRING)) + { + BIO_printf(bio_err,"\nemailAddress type needs to be of type IA5STRING\n"); + goto err; + } + j=ASN1_PRINTABLE_type(str->data,str->length); + if ( ((j == V_ASN1_T61STRING) && + (str->type != V_ASN1_T61STRING)) || + ((j == V_ASN1_IA5STRING) && + (str->type == V_ASN1_PRINTABLESTRING))) + { + BIO_printf(bio_err,"\nThe string contains characters that are illegal for the ASN.1 type\n"); + goto err; + } + + p=(char *)str->data; + for (j=str->length; j>0; j--) + { + if ((*p >= ' ') && (*p <= '~')) + BIO_printf(bio_err,"%c",*p); + else if (*p & 0x80) + BIO_printf(bio_err,"\\0x%02X",*p); + else if ((unsigned char)*p == 0xf7) + BIO_printf(bio_err,"^?"); + else BIO_printf(bio_err,"^%c",*p+'@'); + p++; + } + BIO_printf(bio_err,"'\n"); + } + + /* Ok, now we check the 'policy' stuff. */ + if ((subject=X509_NAME_new()) == NULL) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + + /* take a copy of the issuer name before we mess with it. */ + CAname=X509_NAME_dup(x509->cert_info->subject); + if (CAname == NULL) goto err; + str=str2=NULL; + + for (i=0; i<sk_CONF_VALUE_num(policy); i++) + { + cv=sk_CONF_VALUE_value(policy,i); /* get the object id */ + if ((j=OBJ_txt2nid(cv->name)) == NID_undef) + { + BIO_printf(bio_err,"%s:unknown object type in 'policy' configuration\n",cv->name); + goto err; + } + obj=OBJ_nid2obj(j); + + last= -1; + for (;;) + { + /* lookup the object in the supplied name list */ + j=X509_NAME_get_index_by_OBJ(name,obj,last); + if (j < 0) + { + if (last != -1) break; + tne=NULL; + } + else + { + tne=X509_NAME_get_entry(name,j); + } + last=j; + + /* depending on the 'policy', decide what to do. */ + push=NULL; + if (strcmp(cv->value,"optional") == 0) + { + if (tne != NULL) + push=tne; + } + else if (strcmp(cv->value,"supplied") == 0) + { + if (tne == NULL) + { + BIO_printf(bio_err,"The %s field needed to be supplied and was missing\n",cv->name); + goto err; + } + else + push=tne; + } + else if (strcmp(cv->value,"match") == 0) + { + int last2; + + if (tne == NULL) + { + BIO_printf(bio_err,"The mandatory %s field was missing\n",cv->name); + goto err; + } + + last2= -1; + +again2: + j=X509_NAME_get_index_by_OBJ(CAname,obj,last2); + if ((j < 0) && (last2 == -1)) + { + BIO_printf(bio_err,"The %s field does not exist in the CA certificate,\nthe 'policy' is misconfigured\n",cv->name); + goto err; + } + if (j >= 0) + { + push=X509_NAME_get_entry(CAname,j); + str=X509_NAME_ENTRY_get_data(tne); + str2=X509_NAME_ENTRY_get_data(push); + last2=j; + if (ASN1_STRING_cmp(str,str2) != 0) + goto again2; + } + if (j < 0) + { + BIO_printf(bio_err,"The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n",cv->name,((str == NULL)?"NULL":(char *)str->data),((str2 == NULL)?"NULL":(char *)str2->data)); + goto err; + } + } + else + { + BIO_printf(bio_err,"%s:invalid type in 'policy' configuration\n",cv->value); + goto err; + } + + if (push != NULL) + { + if (!X509_NAME_add_entry(subject,push, + X509_NAME_entry_count(subject),0)) + { + if (push != NULL) + X509_NAME_ENTRY_free(push); + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + } + if (j < 0) break; + } + } + + if (preserve) + { + X509_NAME_free(subject); + subject=X509_NAME_dup(X509_REQ_get_subject_name(req)); + if (subject == NULL) goto err; + } + + if (verbose) + BIO_printf(bio_err,"The subject name apears to be ok, checking data base for clashes\n"); + + row[DB_name]=X509_NAME_oneline(subject,NULL,0); + row[DB_serial]=BN_bn2hex(serial); + if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + + rrow=TXT_DB_get_by_index(db,DB_name,row); + if (rrow != NULL) + { + BIO_printf(bio_err,"ERROR:There is already a certificate for %s\n", + row[DB_name]); + } + else + { + rrow=TXT_DB_get_by_index(db,DB_serial,row); + if (rrow != NULL) + { + BIO_printf(bio_err,"ERROR:Serial number %s has already been issued,\n", + row[DB_serial]); + BIO_printf(bio_err," check the database/serial_file for corruption\n"); + } + } + + if (rrow != NULL) + { + BIO_printf(bio_err, + "The matching entry has the following details\n"); + if (rrow[DB_type][0] == 'E') + p="Expired"; + else if (rrow[DB_type][0] == 'R') + p="Revoked"; + else if (rrow[DB_type][0] == 'V') + p="Valid"; + else + p="\ninvalid type, Data base error\n"; + BIO_printf(bio_err,"Type :%s\n",p);; + if (rrow[DB_type][0] == 'R') + { + p=rrow[DB_exp_date]; if (p == NULL) p="undef"; + BIO_printf(bio_err,"Was revoked on:%s\n",p); + } + p=rrow[DB_exp_date]; if (p == NULL) p="undef"; + BIO_printf(bio_err,"Expires on :%s\n",p); + p=rrow[DB_serial]; if (p == NULL) p="undef"; + BIO_printf(bio_err,"Serial Number :%s\n",p); + p=rrow[DB_file]; if (p == NULL) p="undef"; + BIO_printf(bio_err,"File name :%s\n",p); + p=rrow[DB_name]; if (p == NULL) p="undef"; + BIO_printf(bio_err,"Subject Name :%s\n",p); + ok= -1; /* This is now a 'bad' error. */ + goto err; + } + + /* We are now totaly happy, lets make and sign the certificate */ + if (verbose) + BIO_printf(bio_err,"Everything appears to be ok, creating and signing the certificate\n"); + + if ((ret=X509_new()) == NULL) goto err; + ci=ret->cert_info; + +#ifdef X509_V3 + /* Make it an X509 v3 certificate. */ + if (!X509_set_version(x509,2)) goto err; +#endif + + if (BN_to_ASN1_INTEGER(serial,ci->serialNumber) == NULL) + goto err; + if (!X509_set_issuer_name(ret,X509_get_subject_name(x509))) + goto err; + + BIO_printf(bio_err,"Certificate is to be certified until "); + if (strcmp(startdate,"today") == 0) + X509_gmtime_adj(X509_get_notBefore(ret),0); + else ASN1_UTCTIME_set_string(X509_get_notBefore(ret),startdate); + + if (enddate == NULL) + X509_gmtime_adj(X509_get_notAfter(ret),(long)60*60*24*days); + else ASN1_UTCTIME_set_string(X509_get_notAfter(ret),enddate); + + ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret)); + if(days) BIO_printf(bio_err," (%d days)",days); + BIO_printf(bio_err, "\n"); + + if (!X509_set_subject_name(ret,subject)) goto err; + + pktmp=X509_REQ_get_pubkey(req); + i = X509_set_pubkey(ret,pktmp); + EVP_PKEY_free(pktmp); + if (!i) goto err; + + /* Lets add the extensions, if there are any */ + if (ext_sect) + { + X509V3_CTX ctx; + if (ci->version == NULL) + if ((ci->version=ASN1_INTEGER_new()) == NULL) + goto err; + ASN1_INTEGER_set(ci->version,2); /* version 3 certificate */ + + /* Free the current entries if any, there should not + * be any I belive */ + if (ci->extensions != NULL) + sk_X509_EXTENSION_pop_free(ci->extensions, + X509_EXTENSION_free); + + ci->extensions = NULL; + + X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0); + X509V3_set_conf_lhash(&ctx, lconf); + + if(!X509V3_EXT_add_conf(lconf, &ctx, ext_sect, ret)) goto err; + + } + + + if (!batch) + { + BIO_printf(bio_err,"Sign the certificate? [y/n]:"); + (void)BIO_flush(bio_err); + buf[0]='\0'; + fgets(buf,sizeof(buf)-1,stdin); + if (!((buf[0] == 'y') || (buf[0] == 'Y'))) + { + BIO_printf(bio_err,"CERTIFICATE WILL NOT BE CERTIFIED\n"); + ok=0; + goto err; + } + } + + +#ifndef NO_DSA + if (pkey->type == EVP_PKEY_DSA) dgst=EVP_dss1(); + pktmp=X509_get_pubkey(ret); + if (EVP_PKEY_missing_parameters(pktmp) && + !EVP_PKEY_missing_parameters(pkey)) + EVP_PKEY_copy_parameters(pktmp,pkey); + EVP_PKEY_free(pktmp); +#endif + + if (!X509_sign(ret,pkey,dgst)) + goto err; + + /* We now just add it to the database */ + row[DB_type]=(char *)Malloc(2); + + tm=X509_get_notAfter(ret); + row[DB_exp_date]=(char *)Malloc(tm->length+1); + memcpy(row[DB_exp_date],tm->data,tm->length); + row[DB_exp_date][tm->length]='\0'; + + row[DB_rev_date]=NULL; + + /* row[DB_serial] done already */ + row[DB_file]=(char *)Malloc(8); + /* row[DB_name] done already */ + + if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) || + (row[DB_file] == NULL)) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + strcpy(row[DB_file],"unknown"); + row[DB_type][0]='V'; + row[DB_type][1]='\0'; + + if ((irow=(char **)Malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + + for (i=0; i<DB_NUMBER; i++) + { + irow[i]=row[i]; + row[i]=NULL; + } + irow[DB_NUMBER]=NULL; + + if (!TXT_DB_insert(db,irow)) + { + BIO_printf(bio_err,"failed to update database\n"); + BIO_printf(bio_err,"TXT_DB error number %ld\n",db->error); + goto err; + } + ok=1; +err: + for (i=0; i<DB_NUMBER; i++) + if (row[i] != NULL) Free(row[i]); + + if (CAname != NULL) + X509_NAME_free(CAname); + if (subject != NULL) + X509_NAME_free(subject); + if (ok <= 0) + { + if (ret != NULL) X509_free(ret); + ret=NULL; + } + else + *xret=ret; + return(ok); + } + +static void write_new_certificate(BIO *bp, X509 *x, int output_der) + { + char *f; + char buf[256]; + + if (output_der) + { + (void)i2d_X509_bio(bp,x); + return; + } + + f=X509_NAME_oneline(X509_get_issuer_name(x),buf,256); + BIO_printf(bp,"issuer :%s\n",f); + + f=X509_NAME_oneline(X509_get_subject_name(x),buf,256); + BIO_printf(bp,"subject:%s\n",f); + + BIO_puts(bp,"serial :"); + i2a_ASN1_INTEGER(bp,x->cert_info->serialNumber); + BIO_puts(bp,"\n\n"); + X509_print(bp,x); + BIO_puts(bp,"\n"); + PEM_write_bio_X509(bp,x); + BIO_puts(bp,"\n"); + } + +static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, + const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, + BIGNUM *serial, char *startdate, char *enddate, int days, + char *ext_sect, LHASH *lconf, int verbose) + { + STACK_OF(CONF_VALUE) *sk=NULL; + LHASH *parms=NULL; + X509_REQ *req=NULL; + CONF_VALUE *cv=NULL; + NETSCAPE_SPKI *spki = NULL; + unsigned char *spki_der = NULL,*p; + X509_REQ_INFO *ri; + char *type,*buf; + EVP_PKEY *pktmp=NULL; + X509_NAME *n=NULL; + X509_NAME_ENTRY *ne=NULL; + int ok= -1,i,j; + long errline; + int nid; + + /* + * Load input file into a hash table. (This is just an easy + * way to read and parse the file, then put it into a convenient + * STACK format). + */ + parms=CONF_load(NULL,infile,&errline); + if (parms == NULL) + { + BIO_printf(bio_err,"error on line %ld of %s\n",errline,infile); + ERR_print_errors(bio_err); + goto err; + } + + sk=CONF_get_section(parms, "default"); + if (sk_CONF_VALUE_num(sk) == 0) + { + BIO_printf(bio_err, "no name/value pairs found in %s\n", infile); + CONF_free(parms); + goto err; + } + + /* + * Now create a dummy X509 request structure. We don't actually + * have an X509 request, but we have many of the components + * (a public key, various DN components). The idea is that we + * put these components into the right X509 request structure + * and we can use the same code as if you had a real X509 request. + */ + req=X509_REQ_new(); + if (req == NULL) + { + ERR_print_errors(bio_err); + goto err; + } + + /* + * Build up the subject name set. + */ + ri=req->req_info; + n = ri->subject; + + for (i = 0; ; i++) + { + if (sk_CONF_VALUE_num(sk) <= i) break; + + cv=sk_CONF_VALUE_value(sk,i); + type=cv->name; + buf=cv->value; + + if ((nid=OBJ_txt2nid(type)) == NID_undef) + { + if (strcmp(type, "SPKAC") == 0) + { + spki_der=(unsigned char *)Malloc( + strlen(cv->value)+1); + if (spki_der == NULL) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + j = EVP_DecodeBlock(spki_der, (unsigned char *)cv->value, + strlen(cv->value)); + if (j <= 0) + { + BIO_printf(bio_err, "Can't b64 decode SPKAC structure\n"); + goto err; + } + + p=spki_der; + spki = d2i_NETSCAPE_SPKI(&spki, &p, j); + Free(spki_der); + spki_der = NULL; + if (spki == NULL) + { + BIO_printf(bio_err,"unable to load Netscape SPKAC structure\n"); + ERR_print_errors(bio_err); + goto err; + } + } + continue; + } + + j=ASN1_PRINTABLE_type((unsigned char *)buf,-1); + if (fix_data(nid, &j) == 0) + { + BIO_printf(bio_err, + "invalid characters in string %s\n",buf); + goto err; + } + + if ((ne=X509_NAME_ENTRY_create_by_NID(&ne,nid,j, + (unsigned char *)buf, + strlen(buf))) == NULL) + goto err; + + if (!X509_NAME_add_entry(n,ne,X509_NAME_entry_count(n),0)) + goto err; + } + if (spki == NULL) + { + BIO_printf(bio_err,"Netscape SPKAC structure not found in %s\n", + infile); + goto err; + } + + /* + * Now extract the key from the SPKI structure. + */ + + BIO_printf(bio_err,"Check that the SPKAC request matches the signature\n"); + + if ((pktmp=X509_PUBKEY_get(spki->spkac->pubkey)) == NULL) + { + BIO_printf(bio_err,"error unpacking SPKAC public key\n"); + goto err; + } + + j = NETSCAPE_SPKI_verify(spki, pktmp); + if (j <= 0) + { + BIO_printf(bio_err,"signature verification failed on SPKAC public key\n"); + goto err; + } + BIO_printf(bio_err,"Signature ok\n"); + + X509_REQ_set_pubkey(req,pktmp); + EVP_PKEY_free(pktmp); + ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,enddate, + days,1,verbose,req,ext_sect,lconf); +err: + if (req != NULL) X509_REQ_free(req); + if (parms != NULL) CONF_free(parms); + if (spki_der != NULL) Free(spki_der); + if (spki != NULL) NETSCAPE_SPKI_free(spki); + if (ne != NULL) X509_NAME_ENTRY_free(ne); + + return(ok); + } + +static int fix_data(int nid, int *type) + { + if (nid == NID_pkcs9_emailAddress) + *type=V_ASN1_IA5STRING; + if ((nid == NID_commonName) && (*type == V_ASN1_IA5STRING)) + *type=V_ASN1_T61STRING; + if ((nid == NID_pkcs9_challengePassword) && (*type == V_ASN1_IA5STRING)) + *type=V_ASN1_T61STRING; + if ((nid == NID_pkcs9_unstructuredName) && (*type == V_ASN1_T61STRING)) + return(0); + if (nid == NID_pkcs9_unstructuredName) + *type=V_ASN1_IA5STRING; + return(1); + } + +static int check_time_format(char *str) + { + ASN1_UTCTIME tm; + + tm.data=(unsigned char *)str; + tm.length=strlen(str); + tm.type=V_ASN1_UTCTIME; + return(ASN1_UTCTIME_check(&tm)); + } + +static int add_oid_section(LHASH *hconf) +{ + char *p; + STACK_OF(CONF_VALUE) *sktmp; + CONF_VALUE *cnf; + int i; + if(!(p=CONF_get_string(hconf,NULL,"oid_section"))) return 1; + if(!(sktmp = CONF_get_section(hconf, p))) { + BIO_printf(bio_err, "problem loading oid section %s\n", p); + return 0; + } + for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) { + cnf = sk_CONF_VALUE_value(sktmp, i); + if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) { + BIO_printf(bio_err, "problem creating object %s=%s\n", + cnf->name, cnf->value); + return 0; + } + } + return 1; +} + +static int do_revoke(X509 *x509, TXT_DB *db) +{ + ASN1_UTCTIME *tm=NULL; + char *row[DB_NUMBER],**rrow,**irow; + int ok=-1,i; + + for (i=0; i<DB_NUMBER; i++) + row[i]=NULL; + row[DB_name]=X509_NAME_oneline(x509->cert_info->subject,NULL,0); + row[DB_serial]=BN_bn2hex(ASN1_INTEGER_to_BN(x509->cert_info->serialNumber,NULL)); + if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + rrow=TXT_DB_get_by_index(db,DB_name,row); + if (rrow == NULL) + { + BIO_printf(bio_err,"Adding Entry to DB for %s\n", row[DB_name]); + + /* We now just add it to the database */ + row[DB_type]=(char *)Malloc(2); + + tm=X509_get_notAfter(x509); + row[DB_exp_date]=(char *)Malloc(tm->length+1); + memcpy(row[DB_exp_date],tm->data,tm->length); + row[DB_exp_date][tm->length]='\0'; + + row[DB_rev_date]=NULL; + + /* row[DB_serial] done already */ + row[DB_file]=(char *)Malloc(8); + + /* row[DB_name] done already */ + + if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) || + (row[DB_file] == NULL)) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + strcpy(row[DB_file],"unknown"); + row[DB_type][0]='V'; + row[DB_type][1]='\0'; + + if ((irow=(char **)Malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + + for (i=0; i<DB_NUMBER; i++) + { + irow[i]=row[i]; + row[i]=NULL; + } + irow[DB_NUMBER]=NULL; + + if (!TXT_DB_insert(db,irow)) + { + BIO_printf(bio_err,"failed to update database\n"); + BIO_printf(bio_err,"TXT_DB error number %ld\n",db->error); + goto err; + } + + /* Revoke Certificate */ + do_revoke(x509,db); + + ok=1; + goto err; + + } + else if (index_serial_cmp(row,rrow)) + { + BIO_printf(bio_err,"ERROR:no same serial number %s\n", + row[DB_serial]); + goto err; + } + else if (rrow[DB_type][0]=='R') + { + BIO_printf(bio_err,"ERROR:Already revoked, serial number %s\n", + row[DB_serial]); + goto err; + } + else + { + BIO_printf(bio_err,"Revoking Certificate %s.\n", rrow[DB_serial]); + tm=X509_gmtime_adj(tm,0); + rrow[DB_type][0]='R'; + rrow[DB_type][1]='\0'; + rrow[DB_rev_date]=(char *)Malloc(tm->length+1); + memcpy(rrow[DB_rev_date],tm->data,tm->length); + rrow[DB_rev_date][tm->length]='\0'; + } + ok=1; +err: + for (i=0; i<DB_NUMBER; i++) + { + if (row[i] != NULL) + Free(row[i]); + } + ASN1_UTCTIME_free(tm); + return(ok); +} + diff --git a/crypto/openssl/apps/cert.pem b/crypto/openssl/apps/cert.pem new file mode 100644 index 0000000..de4a77a --- /dev/null +++ b/crypto/openssl/apps/cert.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBoDCCAUoCAQAwDQYJKoZIhvcNAQEEBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV +BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD +VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw05NzA5MDkwMzQxMjZa +Fw05NzEwMDkwMzQxMjZaMF4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0 +YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxFzAVBgNVBAMT +DkVyaWMgdGhlIFlvdW5nMFEwCQYFKw4DAgwFAANEAAJBALVEqPODnpI4rShlY8S7 +tB713JNvabvn6Gned7zylwLLiXQAo/PAT6mfdWPTyCX9RlId/Aroh1ou893BA32Q +sggwDQYJKoZIhvcNAQEEBQADQQCU5SSgapJSdRXJoX+CpCvFy+JVh9HpSjCpSNKO +19raHv98hKAUJuP9HyM+SUsffO6mAIgitUaqW8/wDMePhEC3 +-----END CERTIFICATE----- diff --git a/crypto/openssl/apps/ciphers.c b/crypto/openssl/apps/ciphers.c new file mode 100644 index 0000000..08e47be --- /dev/null +++ b/crypto/openssl/apps/ciphers.c @@ -0,0 +1,194 @@ +/* apps/ciphers.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#ifdef NO_STDIO +#define APPS_WIN16 +#endif +#include "apps.h" +#include <openssl/err.h> +#include <openssl/ssl.h> + +#if defined(NO_RSA) && !defined(NO_SSL2) +#define NO_SSL2 +#endif + +#undef PROG +#define PROG ciphers_main + +static char *ciphers_usage[]={ +"usage: ciphers args\n", +" -v - verbose mode, a textual listing of the ciphers in SSLeay\n", +" -ssl2 - SSL2 mode\n", +" -ssl3 - SSL3 mode\n", +NULL +}; + +int MAIN(int argc, char **argv) + { + int ret=1,i; + int verbose=0; + char **pp; + const char *p; + int badops=0; + SSL_CTX *ctx=NULL; + SSL *ssl=NULL; + char *ciphers=NULL; + SSL_METHOD *meth=NULL; + STACK_OF(SSL_CIPHER) *sk; + char buf[512]; + BIO *STDout=NULL; + +#if !defined(NO_SSL2) && !defined(NO_SSL3) + meth=SSLv23_server_method(); +#elif !defined(NO_SSL3) + meth=SSLv3_server_method(); +#elif !defined(NO_SSL2) + meth=SSLv2_server_method(); +#endif + + apps_startup(); + + if (bio_err == NULL) + bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); + STDout=BIO_new_fp(stdout,BIO_NOCLOSE); + + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-v") == 0) + verbose=1; +#ifndef NO_SSL2 + else if (strcmp(*argv,"-ssl2") == 0) + meth=SSLv2_client_method(); +#endif +#ifndef NO_SSL3 + else if (strcmp(*argv,"-ssl3") == 0) + meth=SSLv3_client_method(); +#endif + else if ((strncmp(*argv,"-h",2) == 0) || + (strcmp(*argv,"-?") == 0)) + { + badops=1; + break; + } + else + { + ciphers= *argv; + } + argc--; + argv++; + } + + if (badops) + { + for (pp=ciphers_usage; (*pp != NULL); pp++) + BIO_printf(bio_err,*pp); + goto end; + } + + SSLeay_add_ssl_algorithms(); + + ctx=SSL_CTX_new(meth); + if (ctx == NULL) goto err; + if (ciphers != NULL) + SSL_CTX_set_cipher_list(ctx,ciphers); + ssl=SSL_new(ctx); + if (ssl == NULL) goto err; + + + if (!verbose) + { + for (i=0; ; i++) + { + p=SSL_get_cipher_list(ssl,i); + if (p == NULL) break; + if (i != 0) BIO_printf(STDout,":"); + BIO_printf(STDout,"%s",p); + } + BIO_printf(STDout,"\n"); + } + else + { + sk=SSL_get_ciphers(ssl); + + for (i=0; i<sk_SSL_CIPHER_num(sk); i++) + { + BIO_puts(STDout,SSL_CIPHER_description( + sk_SSL_CIPHER_value(sk,i), + buf,512)); + } + } + + ret=0; + if (0) + { +err: + SSL_load_error_strings(); + ERR_print_errors(bio_err); + } +end: + if (ctx != NULL) SSL_CTX_free(ctx); + if (ssl != NULL) SSL_free(ssl); + if (STDout != NULL) BIO_free(STDout); + EXIT(ret); + } + diff --git a/crypto/openssl/apps/client.pem b/crypto/openssl/apps/client.pem new file mode 100644 index 0000000..307910e --- /dev/null +++ b/crypto/openssl/apps/client.pem @@ -0,0 +1,24 @@ +issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit) +subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Client test cert (512 bit) +-----BEGIN CERTIFICATE----- +MIIB6TCCAVICAQIwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV +BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD +VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzU2WhcNOTgwNjA5 +MTM1NzU2WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG +A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGkNsaWVudCB0ZXN0IGNl +cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALtv55QyzG6i2Plw +Z1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexmq/R4KedLjFEIYjocDui+IXs62NNt +XrT8odkCAwEAATANBgkqhkiG9w0BAQQFAAOBgQBwtMmI7oGUG8nKmftQssATViH5 +NRRtoEw07DxJp/LfatHdrhqQB73eGdL5WILZJXk46Xz2e9WMSUjVCSYhdKxtflU3 +UR2Ajv1Oo0sTNdfz0wDqJNirLNtzyhhsaq8qMTrLwXrCP31VxBiigFSQSUFnZyTE +9TKwhS4GlwbtCfxSKQ== +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIIBOwIBAAJBALtv55QyzG6i2PlwZ1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexm +q/R4KedLjFEIYjocDui+IXs62NNtXrT8odkCAwEAAQJAbwXq0vJ/+uyEvsNgxLko +/V86mGXQ/KrSkeKlL0r4ENxjcyeMAGoKu6J9yMY7+X9+Zm4nxShNfTsf/+Freoe1 +HQIhAPOSm5Q1YI+KIsII2GeVJx1U69+wnd71OasIPakS1L1XAiEAxQAW+J3/JWE0 +ftEYakbhUOKL8tD1OaFZS71/5GdG7E8CIQCefUMmySSvwd6kC0VlATSWbW+d+jp/ +nWmM1KvqnAo5uQIhALqEADu5U1Wvt8UN8UDGBRPQulHWNycuNV45d3nnskWPAiAw +ueTyr6WsZ5+SD8g/Hy3xuvF3nPmJRH+rwvVihlcFOg== +-----END RSA PRIVATE KEY----- diff --git a/crypto/openssl/apps/crl.c b/crypto/openssl/apps/crl.c new file mode 100644 index 0000000..f7bdf76 --- /dev/null +++ b/crypto/openssl/apps/crl.c @@ -0,0 +1,299 @@ +/* apps/crl.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include "apps.h" +#include <openssl/bio.h> +#include <openssl/err.h> +#include <openssl/x509.h> +#include <openssl/x509v3.h> +#include <openssl/pem.h> + +#undef PROG +#define PROG crl_main + +#undef POSTFIX +#define POSTFIX ".rvk" + +static char *crl_usage[]={ +"usage: crl args\n", +"\n", +" -inform arg - input format - default PEM (one of DER, TXT or PEM)\n", +" -outform arg - output format - default PEM\n", +" -text - print out a text format version\n", +" -in arg - input file - default stdin\n", +" -out arg - output file - default stdout\n", +" -hash - print hash value\n", +" -issuer - print issuer DN\n", +" -lastupdate - lastUpdate field\n", +" -nextupdate - nextUpdate field\n", +" -noout - no CRL output\n", +NULL +}; + +static X509_CRL *load_crl(char *file, int format); +static BIO *bio_out=NULL; + +int MAIN(int argc, char **argv) + { + X509_CRL *x=NULL; + int ret=1,i,num,badops=0; + BIO *out=NULL; + int informat,outformat; + char *infile=NULL,*outfile=NULL; + int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0; + char **pp,buf[256]; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + if (bio_out == NULL) + if ((bio_out=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_out,stdout,BIO_NOCLOSE); + + informat=FORMAT_PEM; + outformat=FORMAT_PEM; + + argc--; + argv++; + num=0; + while (argc >= 1) + { +#ifdef undef + if (strcmp(*argv,"-p") == 0) + { + if (--argc < 1) goto bad; + if (!args_from_file(++argv,Nargc,Nargv)) { goto end; }*/ + } +#endif + if (strcmp(*argv,"-inform") == 0) + { + if (--argc < 1) goto bad; + informat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-outform") == 0) + { + if (--argc < 1) goto bad; + outformat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-text") == 0) + text = 1; + else if (strcmp(*argv,"-hash") == 0) + hash= ++num; + else if (strcmp(*argv,"-issuer") == 0) + issuer= ++num; + else if (strcmp(*argv,"-lastupdate") == 0) + lastupdate= ++num; + else if (strcmp(*argv,"-nextupdate") == 0) + nextupdate= ++num; + else if (strcmp(*argv,"-noout") == 0) + noout= ++num; + else + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { +bad: + for (pp=crl_usage; (*pp != NULL); pp++) + BIO_printf(bio_err,*pp); + goto end; + } + + ERR_load_crypto_strings(); + X509V3_add_standard_extensions(); + x=load_crl(infile,informat); + if (x == NULL) { goto end; } + + if (num) + { + for (i=1; i<=num; i++) + { + if (issuer == i) + { + X509_NAME_oneline(x->crl->issuer,buf,256); + BIO_printf(bio_out,"issuer= %s\n",buf); + } + + if (hash == i) + { + BIO_printf(bio_out,"%08lx\n", + X509_NAME_hash(x->crl->issuer)); + } + if (lastupdate == i) + { + BIO_printf(bio_out,"lastUpdate="); + ASN1_TIME_print(bio_out,x->crl->lastUpdate); + BIO_printf(bio_out,"\n"); + } + if (nextupdate == i) + { + BIO_printf(bio_out,"nextUpdate="); + if (x->crl->nextUpdate != NULL) + ASN1_TIME_print(bio_out,x->crl->nextUpdate); + else + BIO_printf(bio_out,"NONE"); + BIO_printf(bio_out,"\n"); + } + } + } + + out=BIO_new(BIO_s_file()); + if (out == NULL) + { + ERR_print_errors(bio_err); + goto end; + } + + if (outfile == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if (BIO_write_filename(out,outfile) <= 0) + { + perror(outfile); + goto end; + } + } + + if (text) X509_CRL_print(out, x); + + if (noout) goto end; + + if (outformat == FORMAT_ASN1) + i=(int)i2d_X509_CRL_bio(out,x); + else if (outformat == FORMAT_PEM) + i=PEM_write_bio_X509_CRL(out,x); + else + { + BIO_printf(bio_err,"bad output format specified for outfile\n"); + goto end; + } + if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; } + ret=0; +end: + BIO_free(out); + BIO_free(bio_out); + X509_CRL_free(x); + X509V3_EXT_cleanup(); + EXIT(ret); + } + +static X509_CRL *load_crl(char *infile, int format) + { + X509_CRL *x=NULL; + BIO *in=NULL; + + in=BIO_new(BIO_s_file()); + if (in == NULL) + { + ERR_print_errors(bio_err); + goto end; + } + + if (infile == NULL) + BIO_set_fp(in,stdin,BIO_NOCLOSE); + else + { + if (BIO_read_filename(in,infile) <= 0) + { + perror(infile); + goto end; + } + } + if (format == FORMAT_ASN1) + x=d2i_X509_CRL_bio(in,NULL); + else if (format == FORMAT_PEM) + x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL); + else { + BIO_printf(bio_err,"bad input format specified for input crl\n"); + goto end; + } + if (x == NULL) + { + BIO_printf(bio_err,"unable to load CRL\n"); + ERR_print_errors(bio_err); + goto end; + } + +end: + BIO_free(in); + return(x); + } + diff --git a/crypto/openssl/apps/crl2p7.c b/crypto/openssl/apps/crl2p7.c new file mode 100644 index 0000000..8634e3a --- /dev/null +++ b/crypto/openssl/apps/crl2p7.c @@ -0,0 +1,333 @@ +/* apps/crl2p7.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* This was written by Gordon Chaffee <chaffee@plateau.cs.berkeley.edu> + * and donated 'to the cause' along with lots and lots of other fixes to + * the library. */ + +#include <stdio.h> +#include <string.h> +#include <sys/types.h> +#include <sys/stat.h> +#include "apps.h" +#include <openssl/err.h> +#include <openssl/evp.h> +#include <openssl/x509.h> +#include <openssl/pkcs7.h> +#include <openssl/pem.h> +#include <openssl/objects.h> + +static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile); +#undef PROG +#define PROG crl2pkcs7_main + +/* -inform arg - input format - default PEM (one of DER, TXT or PEM) + * -outform arg - output format - default PEM + * -in arg - input file - default stdin + * -out arg - output file - default stdout + */ + +int MAIN(int argc, char **argv) + { + int i,badops=0; + BIO *in=NULL,*out=NULL; + int informat,outformat; + char *infile,*outfile,*prog,*certfile; + PKCS7 *p7 = NULL; + PKCS7_SIGNED *p7s = NULL; + X509_CRL *crl=NULL; + STACK *certflst=NULL; + STACK_OF(X509_CRL) *crl_stack=NULL; + STACK_OF(X509) *cert_stack=NULL; + int ret=1,nocrl=0; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + infile=NULL; + outfile=NULL; + informat=FORMAT_PEM; + outformat=FORMAT_PEM; + + prog=argv[0]; + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-inform") == 0) + { + if (--argc < 1) goto bad; + informat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-outform") == 0) + { + if (--argc < 1) goto bad; + outformat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-nocrl") == 0) + { + nocrl=1; + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-certfile") == 0) + { + if (--argc < 1) goto bad; + if(!certflst) certflst = sk_new(NULL); + sk_push(certflst,*(++argv)); + } + else + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { +bad: + BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); + BIO_printf(bio_err,"where options are\n"); + BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n"); + BIO_printf(bio_err," -outform arg output format - one of DER TXT PEM\n"); + BIO_printf(bio_err," -in arg input file\n"); + BIO_printf(bio_err," -out arg output file\n"); + BIO_printf(bio_err," -certfile arg certificates file of chain to a trusted CA\n"); + BIO_printf(bio_err," (can be used more than once)\n"); + BIO_printf(bio_err," -nocrl no crl to load, just certs from '-certfile'\n"); + EXIT(1); + } + + ERR_load_crypto_strings(); + + in=BIO_new(BIO_s_file()); + out=BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL)) + { + ERR_print_errors(bio_err); + goto end; + } + + if (!nocrl) + { + if (infile == NULL) + BIO_set_fp(in,stdin,BIO_NOCLOSE); + else + { + if (BIO_read_filename(in,infile) <= 0) + { + perror(infile); + goto end; + } + } + + if (informat == FORMAT_ASN1) + crl=d2i_X509_CRL_bio(in,NULL); + else if (informat == FORMAT_PEM) + crl=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL); + else { + BIO_printf(bio_err,"bad input format specified for input crl\n"); + goto end; + } + if (crl == NULL) + { + BIO_printf(bio_err,"unable to load CRL\n"); + ERR_print_errors(bio_err); + goto end; + } + } + + if ((p7=PKCS7_new()) == NULL) goto end; + if ((p7s=PKCS7_SIGNED_new()) == NULL) goto end; + p7->type=OBJ_nid2obj(NID_pkcs7_signed); + p7->d.sign=p7s; + p7s->contents->type=OBJ_nid2obj(NID_pkcs7_data); + + if (!ASN1_INTEGER_set(p7s->version,1)) goto end; + if ((crl_stack=sk_X509_CRL_new(NULL)) == NULL) goto end; + p7s->crl=crl_stack; + if (crl != NULL) + { + sk_X509_CRL_push(crl_stack,crl); + crl=NULL; /* now part of p7 for Freeing */ + } + + if ((cert_stack=sk_X509_new(NULL)) == NULL) goto end; + p7s->cert=cert_stack; + + if(certflst) for(i = 0; i < sk_num(certflst); i++) { + certfile = sk_value(certflst, i); + if (add_certs_from_file(cert_stack,certfile) < 0) + { + BIO_printf(bio_err, "error loading certificates\n"); + ERR_print_errors(bio_err); + goto end; + } + } + + sk_free(certflst); + + if (outfile == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if (BIO_write_filename(out,outfile) <= 0) + { + perror(outfile); + goto end; + } + } + + if (outformat == FORMAT_ASN1) + i=i2d_PKCS7_bio(out,p7); + else if (outformat == FORMAT_PEM) + i=PEM_write_bio_PKCS7(out,p7); + else { + BIO_printf(bio_err,"bad output format specified for outfile\n"); + goto end; + } + if (!i) + { + BIO_printf(bio_err,"unable to write pkcs7 object\n"); + ERR_print_errors(bio_err); + goto end; + } + ret=0; +end: + if (in != NULL) BIO_free(in); + if (out != NULL) BIO_free(out); + if (p7 != NULL) PKCS7_free(p7); + if (crl != NULL) X509_CRL_free(crl); + + EXIT(ret); + } + +/* + *---------------------------------------------------------------------- + * int add_certs_from_file + * + * Read a list of certificates to be checked from a file. + * + * Results: + * number of certs added if successful, -1 if not. + *---------------------------------------------------------------------- + */ +static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile) + { + struct stat st; + BIO *in=NULL; + int count=0; + int ret= -1; + STACK_OF(X509_INFO) *sk=NULL; + X509_INFO *xi; + + if ((stat(certfile,&st) != 0)) + { + BIO_printf(bio_err,"unable to load the file, %s\n",certfile); + goto end; + } + + in=BIO_new(BIO_s_file()); + if ((in == NULL) || (BIO_read_filename(in,certfile) <= 0)) + { + BIO_printf(bio_err,"error opening the file, %s\n",certfile); + goto end; + } + + /* This loads from a file, a stack of x509/crl/pkey sets */ + sk=PEM_X509_INFO_read_bio(in,NULL,NULL,NULL); + if (sk == NULL) { + BIO_printf(bio_err,"error reading the file, %s\n",certfile); + goto end; + } + + /* scan over it and pull out the CRL's */ + while (sk_X509_INFO_num(sk)) + { + xi=sk_X509_INFO_shift(sk); + if (xi->x509 != NULL) + { + sk_X509_push(stack,xi->x509); + xi->x509=NULL; + count++; + } + X509_INFO_free(xi); + } + + ret=count; +end: + /* never need to Free x */ + if (in != NULL) BIO_free(in); + if (sk != NULL) sk_X509_INFO_free(sk); + return(ret); + } + diff --git a/crypto/openssl/apps/demoCA/cacert.pem b/crypto/openssl/apps/demoCA/cacert.pem new file mode 100644 index 0000000..affbce3 --- /dev/null +++ b/crypto/openssl/apps/demoCA/cacert.pem @@ -0,0 +1,14 @@ +subject=/C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server +issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA +-----BEGIN X509 CERTIFICATE----- + +MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV +BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz +MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM +RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV +BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3 +LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb +/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0 +DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn +IMs6ZOZB +-----END X509 CERTIFICATE----- diff --git a/crypto/openssl/apps/demoCA/index.txt b/crypto/openssl/apps/demoCA/index.txt new file mode 100644 index 0000000..2cdd252 --- /dev/null +++ b/crypto/openssl/apps/demoCA/index.txt @@ -0,0 +1,39 @@ +R 980705233205Z 951009233205Z 01 certs/00000001 /CN=Eric Young +E 951009233205Z 02 certs/00000002 /CN=Duncan Young +R 980705233205Z 951201010000Z 03 certs/00000003 /CN=Tim Hudson +V 980705233205Z 04 certs/00000004 /CN=Eric Young4 +V 980705233205Z 05 certs/00000004 /CN=Eric Young5 +V 980705233205Z 06 certs/00000004 /CN=Eric Young6 +V 980705233205Z 07 certs/00000004 /CN=Eric Young7 +V 980705233205Z 08 certs/00000004 /CN=Eric Young8 +V 980705233205Z 09 certs/00000004 /CN=Eric Young9 +V 980705233205Z 0A certs/00000004 /CN=Eric YoungA +V 980705233205Z 0B certs/00000004 /CN=Eric YoungB +V 980705233205Z 0C certs/00000004 /CN=Eric YoungC +V 980705233205Z 0D certs/00000004 /CN=Eric YoungD +V 980705233205Z 0E certs/00000004 /CN=Eric YoungE +V 980705233205Z 0F certs/00000004 /CN=Eric YoungF +V 980705233205Z 10 certs/00000004 /CN=Eric Young10 +V 980705233205Z 11 certs/00000004 /CN=Eric Young11 +V 980705233205Z 12 certs/00000004 /CN=Eric Young12 +V 980705233205Z 13 certs/00000004 /CN=Eric Young13 +V 980705233205Z 14 certs/00000004 /CN=Eric Young14 +V 980705233205Z 15 certs/00000004 /CN=Eric Young15 +V 980705233205Z 16 certs/00000004 /CN=Eric Young16 +V 980705233205Z 17 certs/00000004 /CN=Eric Young17 +V 961206150305Z 010C unknown /C=AU/SP=QLD/O=Mincom Pty. Ltd./OU=MTR/CN=Eric Young/Email=eay@mincom.oz.au +V 961206153245Z 010D unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=Eric Young/Email=eay@mincom.oz.au +V 970322074816Z 010E unknown /CN=Eric Young/Email=eay@mincom.oz.au +V 970322075152Z 010F unknown /CN=Eric Young +V 970322075906Z 0110 unknown /CN=Eric Youngg +V 970324092238Z 0111 unknown /C=AU/SP=Queensland/CN=Eric Young +V 970324221931Z 0112 unknown /CN=Fred +V 970324224934Z 0113 unknown /C=AU/CN=eay +V 971001005237Z 0114 unknown /C=AU/SP=QLD/O=Mincom Pty Ltd/OU=MTR/CN=x509v3 test +V 971001010331Z 0115 unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test again - x509v3 +V 971001013945Z 0117 unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=x509v3 test +V 971014225415Z 0118 unknown /C=AU/SP=Queensland/CN=test +V 971015004448Z 0119 unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test2 +V 971016035001Z 011A unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test64 +V 971016080129Z 011B unknown /C=FR/O=ALCATEL/OU=Alcatel Mobile Phones/CN=bourque/Email=bourque@art.alcatel.fr +V 971016224000Z 011D unknown /L=Bedford/O=Cranfield University/OU=Computer Centre/CN=Peter R Lister/Email=P.Lister@cranfield.ac.uk diff --git a/crypto/openssl/apps/demoCA/private/cakey.pem b/crypto/openssl/apps/demoCA/private/cakey.pem new file mode 100644 index 0000000..48fb18c --- /dev/null +++ b/crypto/openssl/apps/demoCA/private/cakey.pem @@ -0,0 +1,24 @@ +issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA +subject=/C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server +-----BEGIN X509 CERTIFICATE----- + +MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV +BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz +MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM +RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV +BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3 +LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb +/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0 +DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn +IMs6ZOZB +-----END X509 CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- + +MIIBPAIBAAJBALcsJdxJxa5rQ8UuQcEubZV6OqkDUXhFDyrRWNGI9p+PH9n9pYfe +Kl0xW+4kZr/AVdv+cMUsOV9an6gI/CEG1U8CAwEAAQJAXJMBZ34ZXHd1vtgL/3hZ +hexKbVTx/djZO4imXO/dxPGRzG2ylYZpHmG32/T1kaHpZlCHoEPgHoSzmxYXfxjG +sQIhAPmZ/bQOjmRUHM/VM2X5zrjjM6z18R1P6l3ObFwt9FGdAiEAu943Yh9SqMRw +tL0xHGxKmM/YJueUw1gB6sLkETN71NsCIQCeT3RhoqXfrpXDoEcEU+gwzjI1bpxq +agiNTOLfqGoA5QIhAIQFYjgzONxex7FLrsKBm16N2SFl5pXsN9SpRqqL2n63AiEA +g9VNIQ3xwpw7og3IbONifeku+J9qGMGQJMKwSTwrFtI= +-----END RSA PRIVATE KEY----- diff --git a/crypto/openssl/apps/demoCA/serial b/crypto/openssl/apps/demoCA/serial new file mode 100644 index 0000000..69fa0ff --- /dev/null +++ b/crypto/openssl/apps/demoCA/serial @@ -0,0 +1 @@ +011E diff --git a/crypto/openssl/apps/der_chop b/crypto/openssl/apps/der_chop new file mode 100644 index 0000000..fbd2889 --- /dev/null +++ b/crypto/openssl/apps/der_chop @@ -0,0 +1,305 @@ +#!/usr/local/bin/perl5 +# +# der_chop ... this is one total hack that Eric is really not proud of +# so don't look at it and don't ask for support +# +# The "documentation" for this (i.e. all the comments) are my fault --tjh +# +# This program takes the "raw" output of derparse/asn1parse and +# converts it into tokens and then runs regular expression matches +# to try to figure out what to grab to get the things that are needed +# and it is possible that this will do the wrong thing as it is a *hack* +# +# SSLeay 0.5.2+ should have direct read support for x509 (via -inform NET) +# [I know ... promises promises :-)] +# +# To convert a Netscape Certificate: +# der_chop < ServerCert.der > cert.pem +# To convert a Netscape Key (and encrypt it again to protect it) +# rsa -inform NET -in ServerKey.der -des > key.pem +# +# 23-Apr-96 eay Added the extra ASN.1 string types, I still think this +# is an evil hack. If nothing else the parsing should +# be relative, not absolute. +# 19-Apr-96 tjh hacked (with eay) into 0.5.x format +# +# Tim Hudson +# tjh@cryptsoft.com +# + + +require 'getopts.pl'; + +$debug=0; + +# this was the 0.4.x way of doing things ... +$cmd="derparse"; +$x509_cmd="x509"; +$crl_cmd="crl"; +$rc4_cmd="rc4"; +$md2_cmd="md2"; +$md4_cmd="md4"; +$rsa_cmd="rsa -des -inform der "; + +# this was the 0.5.x way of doing things ... +$cmd="openssl asn1parse"; +$x509_cmd="openssl x509"; +$crl_cmd="openssl crl"; +$rc4_cmd="openssl rc4"; +$md2_cmd="openssl md2"; +$md4_cmd="openssl md4"; +$rsa_cmd="openssl rsa -des -inform der "; + +&Getopts('vd:') || die "usage:$0 [-v] [-d num] file"; +$depth=($opt_d =~ /^\d+$/)?$opt_d:0; + +&init_der(); + +if ($#ARGV != -1) + { + foreach $file (@ARGV) + { + print STDERR "doing $file\n"; + &dofile($file); + } + } +else + { + $file="/tmp/a$$.DER"; + open(OUT,">$file") || die "unable to open $file:$!\n"; + for (;;) + { + $i=sysread(STDIN,$b,1024*10); + last if ($i <= 0); + $i=syswrite(OUT,$b,$i); + } + &dofile($file); + unlink($file); + } + +sub dofile + { + local($file)=@_; + local(@p); + + $b=&load_file($file); + @p=&load_file_parse($file); + + foreach $_ (@p) + { + ($off,$d,$hl,$len)=&parse_line($_); + $d-=$depth; + next if ($d != 0); + next if ($len == 0); + + $o=substr($b,$off,$len+$hl); + ($str,@data)=&der_str($o); + print "$str\n" if ($opt_v); + if ($str =~ /^$crl/) + { + open(OUT,"|$crl_cmd -inform d -hash -issuer") || + die "unable to run $crl_cmd:$!\n"; + print OUT $o; + close(OUT); + } + elsif ($str =~ /^$x509/) + { + open(OUT,"|$x509_cmd -inform d -hash -subject -issuer") + || die "unable to run $x509_cmd:$!\n"; + print OUT $o; + close(OUT); + } + elsif ($str =~ /^$rsa/) + { + ($type)=($data[3] =~ /OBJECT_IDENTIFIER :(.*)\s*$/); + next unless ($type eq "rsaEncryption"); + ($off,$d,$hl,$len)=&parse_line($data[5]); + $os=substr($o,$off+$hl,$len); + open(OUT,"|$rsa_cmd") + || die "unable to run $rsa_cmd:$!\n"; + print OUT $os; + close(OUT); + } + elsif ($str =~ /^0G-1D-1G/) + { + ($off,$d,$hl,$len)=&parse_line($data[1]); + $os=substr($o,$off+$hl,$len); + print STDERR "<$os>\n" if $opt_v; + &do_certificate($o,@data) + if (($os eq "certificate") && + ($str =! /^0G-1D-1G-2G-3F-3E-2D/)); + &do_private_key($o,@data) + if (($os eq "private-key") && + ($str =! /^0G-1D-1G-2G-3F-3E-2D/)); + } + } + } + +sub der_str + { + local($str)=@_; + local(*OUT,*IN,@a,$t,$d,$ret); + local($file)="/tmp/b$$.DER"; + local(@ret); + + open(OUT,">$file"); + print OUT $str; + close(OUT); + open(IN,"$cmd -inform 'd' -in $file |") || + die "unable to run $cmd:$!\n"; + $ret=""; + while (<IN>) + { + chop; + push(@ret,$_); + + print STDERR "$_\n" if ($debug); + + @a=split(/\s*:\s*/); + ($d)=($a[1] =~ /d=\s*(\d+)/); + $a[2] =~ s/\s+$//; + $t=$DER_s2i{$a[2]}; + $ret.="$d$t-"; + } + close(IN); + unlink($file); + chop $ret; + $ret =~ s/(-3H(-4G-5F-5[IJKMQRS])+)+/-NAME/g; + $ret =~ s/(-3G-4B-4L)+/-RCERT/g; + return($ret,@ret); + } + +sub init_der + { + $crl= "0G-1G-2G-3F-3E-2G-NAME-2L-2L-2G-RCERT-1G-2F-2E-1C"; + $x509="0G-1G-2B-2G-3F-3E-2G-NAME-2G-3L-3L-2G-NAME-2G-3G-4F-4E-3C-1G-2F-2E-1C"; + $rsa= "0G-1B-1G-2F-2E-1D"; + + %DER_i2s=( + # SSLeay 0.4.x has this list + "A","EOC", + "B","INTEGER", + "C","BIT STRING", + "D","OCTET STRING", + "E","NULL", + "F","OBJECT", + "G","SEQUENCE", + "H","SET", + "I","PRINTABLESTRING", + "J","T61STRING", + "K","IA5STRING", + "L","UTCTIME", + "M","NUMERICSTRING", + "N","VIDEOTEXSTRING", + "O","GENERALIZEDTIME", + "P","GRAPHICSTRING", + "Q","ISO64STRING", + "R","GENERALSTRING", + "S","UNIVERSALSTRING", + + # SSLeay 0.5.x changed some things ... and I'm + # leaving in the old stuff but adding in these + # to handle the new as well --tjh + # - Well I've just taken them out and added the extra new + # ones :-) - eay + ); + + foreach (keys %DER_i2s) + { $DER_s2i{$DER_i2s{$_}}=$_; } + } + +sub parse_line + { + local($_)=@_; + + return(/\s*(\d+):d=\s*(\d+)\s+hl=\s*(\d+)\s+l=\s*(\d+|inf)\s/); + } + +# 0:d=0 hl=4 l=377 cons: univ: SEQUENCE +# 4:d=1 hl=2 l= 11 prim: univ: OCTET_STRING +# 17:d=1 hl=4 l=360 cons: univ: SEQUENCE +# 21:d=2 hl=2 l= 12 cons: univ: SEQUENCE +# 23:d=3 hl=2 l= 8 prim: univ: OBJECT_IDENTIFIER :rc4 +# 33:d=3 hl=2 l= 0 prim: univ: NULL +# 35:d=2 hl=4 l=342 prim: univ: OCTET_STRING +sub do_private_key + { + local($data,@struct)=@_; + local($file)="/tmp/b$$.DER"; + local($off,$d,$hl,$len,$_,$b,@p,$s); + + ($type)=($struct[4] =~ /OBJECT_IDENTIFIER :(.*)\s*$/); + if ($type eq "rc4") + { + ($off,$d,$hl,$len)=&parse_line($struct[6]); + open(OUT,"|$rc4_cmd >$file") || + die "unable to run $rc4_cmd:$!\n"; + print OUT substr($data,$off+$hl,$len); + close(OUT); + + $b=&load_file($file); + unlink($file); + + ($s,@p)=&der_str($b); + die "unknown rsa key type\n$s\n" + if ($s ne '0G-1B-1G-2F-2E-1D'); + local($off,$d,$hl,$len)=&parse_line($p[5]); + $b=substr($b,$off+$hl,$len); + ($s,@p)=&der_str($b); + open(OUT,"|$rsa_cmd") || die "unable to run $rsa_cmd:$!\n"; + print OUT $b; + close(OUT); + } + else + { + print "'$type' is unknown\n"; + exit(1); + } + } + +sub do_certificate + { + local($data,@struct)=@_; + local($file)="/tmp/b$$.DER"; + local($off,$d,$hl,$len,$_,$b,@p,$s); + + ($off,$d,$hl,$len)=&parse_line($struct[2]); + $b=substr($data,$off,$len+$hl); + + open(OUT,"|$x509_cmd -inform d") || die "unable to run $x509_cmd:$!\n"; + print OUT $b; + close(OUT); + } + +sub load_file + { + local($file)=@_; + local(*IN,$r,$b,$i); + + $r=""; + open(IN,"<$file") || die "unable to open $file:$!\n"; + for (;;) + { + $i=sysread(IN,$b,10240); + last if ($i <= 0); + $r.=$b; + } + close(IN); + return($r); + } + +sub load_file_parse + { + local($file)=@_; + local(*IN,$r,@ret,$_,$i,$n,$b); + + open(IN,"$cmd -inform d -in $file|") + || die "unable to run der_parse\n"; + while (<IN>) + { + chop; + push(@ret,$_); + } + return($r,@ret); + } + diff --git a/crypto/openssl/apps/der_chop.in b/crypto/openssl/apps/der_chop.in new file mode 100644 index 0000000..9070b03 --- /dev/null +++ b/crypto/openssl/apps/der_chop.in @@ -0,0 +1,305 @@ +#!/usr/local/bin/perl +# +# der_chop ... this is one total hack that Eric is really not proud of +# so don't look at it and don't ask for support +# +# The "documentation" for this (i.e. all the comments) are my fault --tjh +# +# This program takes the "raw" output of derparse/asn1parse and +# converts it into tokens and then runs regular expression matches +# to try to figure out what to grab to get the things that are needed +# and it is possible that this will do the wrong thing as it is a *hack* +# +# SSLeay 0.5.2+ should have direct read support for x509 (via -inform NET) +# [I know ... promises promises :-)] +# +# To convert a Netscape Certificate: +# der_chop < ServerCert.der > cert.pem +# To convert a Netscape Key (and encrypt it again to protect it) +# rsa -inform NET -in ServerKey.der -des > key.pem +# +# 23-Apr-96 eay Added the extra ASN.1 string types, I still think this +# is an evil hack. If nothing else the parsing should +# be relative, not absolute. +# 19-Apr-96 tjh hacked (with eay) into 0.5.x format +# +# Tim Hudson +# tjh@cryptsoft.com +# + + +require 'getopts.pl'; + +$debug=0; + +# this was the 0.4.x way of doing things ... +$cmd="derparse"; +$x509_cmd="x509"; +$crl_cmd="crl"; +$rc4_cmd="rc4"; +$md2_cmd="md2"; +$md4_cmd="md4"; +$rsa_cmd="rsa -des -inform der "; + +# this was the 0.5.x way of doing things ... +$cmd="openssl asn1parse"; +$x509_cmd="openssl x509"; +$crl_cmd="openssl crl"; +$rc4_cmd="openssl rc4"; +$md2_cmd="openssl md2"; +$md4_cmd="openssl md4"; +$rsa_cmd="openssl rsa -des -inform der "; + +&Getopts('vd:') || die "usage:$0 [-v] [-d num] file"; +$depth=($opt_d =~ /^\d+$/)?$opt_d:0; + +&init_der(); + +if ($#ARGV != -1) + { + foreach $file (@ARGV) + { + print STDERR "doing $file\n"; + &dofile($file); + } + } +else + { + $file="/tmp/a$$.DER"; + open(OUT,">$file") || die "unable to open $file:$!\n"; + for (;;) + { + $i=sysread(STDIN,$b,1024*10); + last if ($i <= 0); + $i=syswrite(OUT,$b,$i); + } + &dofile($file); + unlink($file); + } + +sub dofile + { + local($file)=@_; + local(@p); + + $b=&load_file($file); + @p=&load_file_parse($file); + + foreach $_ (@p) + { + ($off,$d,$hl,$len)=&parse_line($_); + $d-=$depth; + next if ($d != 0); + next if ($len == 0); + + $o=substr($b,$off,$len+$hl); + ($str,@data)=&der_str($o); + print "$str\n" if ($opt_v); + if ($str =~ /^$crl/) + { + open(OUT,"|$crl_cmd -inform d -hash -issuer") || + die "unable to run $crl_cmd:$!\n"; + print OUT $o; + close(OUT); + } + elsif ($str =~ /^$x509/) + { + open(OUT,"|$x509_cmd -inform d -hash -subject -issuer") + || die "unable to run $x509_cmd:$!\n"; + print OUT $o; + close(OUT); + } + elsif ($str =~ /^$rsa/) + { + ($type)=($data[3] =~ /OBJECT_IDENTIFIER :(.*)\s*$/); + next unless ($type eq "rsaEncryption"); + ($off,$d,$hl,$len)=&parse_line($data[5]); + $os=substr($o,$off+$hl,$len); + open(OUT,"|$rsa_cmd") + || die "unable to run $rsa_cmd:$!\n"; + print OUT $os; + close(OUT); + } + elsif ($str =~ /^0G-1D-1G/) + { + ($off,$d,$hl,$len)=&parse_line($data[1]); + $os=substr($o,$off+$hl,$len); + print STDERR "<$os>\n" if $opt_v; + &do_certificate($o,@data) + if (($os eq "certificate") && + ($str =! /^0G-1D-1G-2G-3F-3E-2D/)); + &do_private_key($o,@data) + if (($os eq "private-key") && + ($str =! /^0G-1D-1G-2G-3F-3E-2D/)); + } + } + } + +sub der_str + { + local($str)=@_; + local(*OUT,*IN,@a,$t,$d,$ret); + local($file)="/tmp/b$$.DER"; + local(@ret); + + open(OUT,">$file"); + print OUT $str; + close(OUT); + open(IN,"$cmd -inform 'd' -in $file |") || + die "unable to run $cmd:$!\n"; + $ret=""; + while (<IN>) + { + chop; + push(@ret,$_); + + print STDERR "$_\n" if ($debug); + + @a=split(/\s*:\s*/); + ($d)=($a[1] =~ /d=\s*(\d+)/); + $a[2] =~ s/\s+$//; + $t=$DER_s2i{$a[2]}; + $ret.="$d$t-"; + } + close(IN); + unlink($file); + chop $ret; + $ret =~ s/(-3H(-4G-5F-5[IJKMQRS])+)+/-NAME/g; + $ret =~ s/(-3G-4B-4L)+/-RCERT/g; + return($ret,@ret); + } + +sub init_der + { + $crl= "0G-1G-2G-3F-3E-2G-NAME-2L-2L-2G-RCERT-1G-2F-2E-1C"; + $x509="0G-1G-2B-2G-3F-3E-2G-NAME-2G-3L-3L-2G-NAME-2G-3G-4F-4E-3C-1G-2F-2E-1C"; + $rsa= "0G-1B-1G-2F-2E-1D"; + + %DER_i2s=( + # SSLeay 0.4.x has this list + "A","EOC", + "B","INTEGER", + "C","BIT STRING", + "D","OCTET STRING", + "E","NULL", + "F","OBJECT", + "G","SEQUENCE", + "H","SET", + "I","PRINTABLESTRING", + "J","T61STRING", + "K","IA5STRING", + "L","UTCTIME", + "M","NUMERICSTRING", + "N","VIDEOTEXSTRING", + "O","GENERALIZEDTIME", + "P","GRAPHICSTRING", + "Q","ISO64STRING", + "R","GENERALSTRING", + "S","UNIVERSALSTRING", + + # SSLeay 0.5.x changed some things ... and I'm + # leaving in the old stuff but adding in these + # to handle the new as well --tjh + # - Well I've just taken them out and added the extra new + # ones :-) - eay + ); + + foreach (keys %DER_i2s) + { $DER_s2i{$DER_i2s{$_}}=$_; } + } + +sub parse_line + { + local($_)=@_; + + return(/\s*(\d+):d=\s*(\d+)\s+hl=\s*(\d+)\s+l=\s*(\d+|inf)\s/); + } + +# 0:d=0 hl=4 l=377 cons: univ: SEQUENCE +# 4:d=1 hl=2 l= 11 prim: univ: OCTET_STRING +# 17:d=1 hl=4 l=360 cons: univ: SEQUENCE +# 21:d=2 hl=2 l= 12 cons: univ: SEQUENCE +# 23:d=3 hl=2 l= 8 prim: univ: OBJECT_IDENTIFIER :rc4 +# 33:d=3 hl=2 l= 0 prim: univ: NULL +# 35:d=2 hl=4 l=342 prim: univ: OCTET_STRING +sub do_private_key + { + local($data,@struct)=@_; + local($file)="/tmp/b$$.DER"; + local($off,$d,$hl,$len,$_,$b,@p,$s); + + ($type)=($struct[4] =~ /OBJECT_IDENTIFIER :(.*)\s*$/); + if ($type eq "rc4") + { + ($off,$d,$hl,$len)=&parse_line($struct[6]); + open(OUT,"|$rc4_cmd >$file") || + die "unable to run $rc4_cmd:$!\n"; + print OUT substr($data,$off+$hl,$len); + close(OUT); + + $b=&load_file($file); + unlink($file); + + ($s,@p)=&der_str($b); + die "unknown rsa key type\n$s\n" + if ($s ne '0G-1B-1G-2F-2E-1D'); + local($off,$d,$hl,$len)=&parse_line($p[5]); + $b=substr($b,$off+$hl,$len); + ($s,@p)=&der_str($b); + open(OUT,"|$rsa_cmd") || die "unable to run $rsa_cmd:$!\n"; + print OUT $b; + close(OUT); + } + else + { + print "'$type' is unknown\n"; + exit(1); + } + } + +sub do_certificate + { + local($data,@struct)=@_; + local($file)="/tmp/b$$.DER"; + local($off,$d,$hl,$len,$_,$b,@p,$s); + + ($off,$d,$hl,$len)=&parse_line($struct[2]); + $b=substr($data,$off,$len+$hl); + + open(OUT,"|$x509_cmd -inform d") || die "unable to run $x509_cmd:$!\n"; + print OUT $b; + close(OUT); + } + +sub load_file + { + local($file)=@_; + local(*IN,$r,$b,$i); + + $r=""; + open(IN,"<$file") || die "unable to open $file:$!\n"; + for (;;) + { + $i=sysread(IN,$b,10240); + last if ($i <= 0); + $r.=$b; + } + close(IN); + return($r); + } + +sub load_file_parse + { + local($file)=@_; + local(*IN,$r,@ret,$_,$i,$n,$b); + + open(IN,"$cmd -inform d -in $file|") + || die "unable to run der_parse\n"; + while (<IN>) + { + chop; + push(@ret,$_); + } + return($r,@ret); + } + diff --git a/crypto/openssl/apps/dgst.c b/crypto/openssl/apps/dgst.c new file mode 100644 index 0000000..5f0506e --- /dev/null +++ b/crypto/openssl/apps/dgst.c @@ -0,0 +1,219 @@ +/* apps/dgst.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <string.h> +#include <stdlib.h> +#include "apps.h" +#include <openssl/bio.h> +#include <openssl/err.h> +#include <openssl/evp.h> +#include <openssl/objects.h> +#include <openssl/x509.h> +#include <openssl/pem.h> + +#undef BUFSIZE +#define BUFSIZE 1024*8 + +#undef PROG +#define PROG dgst_main + +void do_fp(unsigned char *buf,BIO *f,int sep); +int MAIN(int argc, char **argv) + { + unsigned char *buf=NULL; + int i,err=0; + const EVP_MD *md=NULL,*m; + BIO *in=NULL,*inp; + BIO *bmd=NULL; + const char *name; +#define PROG_NAME_SIZE 16 + char pname[PROG_NAME_SIZE]; + int separator=0; + int debug=0; + + apps_startup(); + + if ((buf=(unsigned char *)Malloc(BUFSIZE)) == NULL) + { + BIO_printf(bio_err,"out of memory\n"); + goto end; + } + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + /* first check the program name */ + program_name(argv[0],pname,PROG_NAME_SIZE); + + md=EVP_get_digestbyname(pname); + + argc--; + argv++; + while (argc > 0) + { + if ((*argv)[0] != '-') break; + if (strcmp(*argv,"-c") == 0) + separator=1; + else if (strcmp(*argv,"-d") == 0) + debug=1; + else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL) + md=m; + else + break; + argc--; + argv++; + } + + if (md == NULL) + md=EVP_md5(); + + if ((argc > 0) && (argv[0][0] == '-')) /* bad option */ + { + BIO_printf(bio_err,"unknown option '%s'\n",*argv); + BIO_printf(bio_err,"options are\n"); + BIO_printf(bio_err,"-c to output the digest with separating colons\n"); + BIO_printf(bio_err,"-d to output debug info\n"); + BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n", + LN_md5,LN_md5); + BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + LN_md2,LN_md2); + BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + LN_sha1,LN_sha1); + BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + LN_sha,LN_sha); + BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + LN_mdc2,LN_mdc2); + BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + LN_ripemd160,LN_ripemd160); + err=1; + goto end; + } + + in=BIO_new(BIO_s_file()); + bmd=BIO_new(BIO_f_md()); + if (debug) + { + BIO_set_callback(in,BIO_debug_callback); + /* needed for windows 3.1 */ + BIO_set_callback_arg(in,bio_err); + } + + if ((in == NULL) || (bmd == NULL)) + { + ERR_print_errors(bio_err); + goto end; + } + + /* we use md as a filter, reading from 'in' */ + BIO_set_md(bmd,md); + inp=BIO_push(bmd,in); + + if (argc == 0) + { + BIO_set_fp(in,stdin,BIO_NOCLOSE); + do_fp(buf,inp,separator); + } + else + { + name=OBJ_nid2sn(md->type); + for (i=0; i<argc; i++) + { + if (BIO_read_filename(in,argv[i]) <= 0) + { + perror(argv[i]); + err++; + continue; + } + printf("%s(%s)= ",name,argv[i]); + do_fp(buf,inp,separator); + (void)BIO_reset(bmd); + } + } +end: + if (buf != NULL) + { + memset(buf,0,BUFSIZE); + Free(buf); + } + if (in != NULL) BIO_free(in); + if (bmd != NULL) BIO_free(bmd); + EXIT(err); + } + +void do_fp(unsigned char *buf, BIO *bp, int sep) + { + int len; + int i; + + for (;;) + { + i=BIO_read(bp,(char *)buf,BUFSIZE); + if (i <= 0) break; + } + len=BIO_gets(bp,(char *)buf,BUFSIZE); + + for (i=0; i<len; i++) + { + if (sep && (i != 0)) + putc(':',stdout); + printf("%02x",buf[i]); + } + printf("\n"); + } + diff --git a/crypto/openssl/apps/dh.c b/crypto/openssl/apps/dh.c new file mode 100644 index 0000000..9efdcd7 --- /dev/null +++ b/crypto/openssl/apps/dh.c @@ -0,0 +1,312 @@ +/* apps/dh.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef NO_DH +#include <stdio.h> +#include <stdlib.h> +#include <time.h> +#include <string.h> +#include "apps.h" +#include <openssl/bio.h> +#include <openssl/err.h> +#include <openssl/bn.h> +#include <openssl/dh.h> +#include <openssl/x509.h> +#include <openssl/pem.h> + +#undef PROG +#define PROG dh_main + +/* -inform arg - input format - default PEM (one of DER, TXT or PEM) + * -outform arg - output format - default PEM + * -in arg - input file - default stdin + * -out arg - output file - default stdout + * -check - check the parameters are ok + * -noout + * -text + * -C + */ + +int MAIN(int argc, char **argv) + { + DH *dh=NULL; + int i,badops=0,text=0; + BIO *in=NULL,*out=NULL; + int informat,outformat,check=0,noout=0,C=0,ret=1; + char *infile,*outfile,*prog; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + infile=NULL; + outfile=NULL; + informat=FORMAT_PEM; + outformat=FORMAT_PEM; + + prog=argv[0]; + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-inform") == 0) + { + if (--argc < 1) goto bad; + informat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-outform") == 0) + { + if (--argc < 1) goto bad; + outformat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-check") == 0) + check=1; + else if (strcmp(*argv,"-text") == 0) + text=1; + else if (strcmp(*argv,"-C") == 0) + C=1; + else if (strcmp(*argv,"-noout") == 0) + noout=1; + else + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { +bad: + BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); + BIO_printf(bio_err,"where options are\n"); + BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n"); + BIO_printf(bio_err," -outform arg output format - one of DER TXT PEM\n"); + BIO_printf(bio_err," -in arg input file\n"); + BIO_printf(bio_err," -out arg output file\n"); + BIO_printf(bio_err," -check check the DH parameters\n"); + BIO_printf(bio_err," -text print a text form of the DH parameters\n"); + BIO_printf(bio_err," -C Output C code\n"); + BIO_printf(bio_err," -noout no output\n"); + goto end; + } + + ERR_load_crypto_strings(); + + in=BIO_new(BIO_s_file()); + out=BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL)) + { + ERR_print_errors(bio_err); + goto end; + } + + if (infile == NULL) + BIO_set_fp(in,stdin,BIO_NOCLOSE); + else + { + if (BIO_read_filename(in,infile) <= 0) + { + perror(infile); + goto end; + } + } + if (outfile == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if (BIO_write_filename(out,outfile) <= 0) + { + perror(outfile); + goto end; + } + } + + if (informat == FORMAT_ASN1) + dh=d2i_DHparams_bio(in,NULL); + else if (informat == FORMAT_PEM) + dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL); + else + { + BIO_printf(bio_err,"bad input format specified\n"); + goto end; + } + if (dh == NULL) + { + BIO_printf(bio_err,"unable to load DH parameters\n"); + ERR_print_errors(bio_err); + goto end; + } + + + + if (text) + { + DHparams_print(out,dh); +#ifdef undef + printf("p="); + BN_print(stdout,dh->p); + printf("\ng="); + BN_print(stdout,dh->g); + printf("\n"); + if (dh->length != 0) + printf("recomented private length=%ld\n",dh->length); +#endif + } + + if (check) + { + if (!DH_check(dh,&i)) + { + ERR_print_errors(bio_err); + goto end; + } + if (i & DH_CHECK_P_NOT_PRIME) + printf("p value is not prime\n"); + if (i & DH_CHECK_P_NOT_STRONG_PRIME) + printf("p value is not a strong prime\n"); + if (i & DH_UNABLE_TO_CHECK_GENERATOR) + printf("unable to check the generator value\n"); + if (i & DH_NOT_SUITABLE_GENERATOR) + printf("the g value is not a generator\n"); + if (i == 0) + printf("DH parameters appear to be ok.\n"); + } + if (C) + { + unsigned char *data; + int len,l,bits; + + len=BN_num_bytes(dh->p); + bits=BN_num_bits(dh->p); + data=(unsigned char *)Malloc(len); + if (data == NULL) + { + perror("Malloc"); + goto end; + } + l=BN_bn2bin(dh->p,data); + printf("static unsigned char dh%d_p[]={",bits); + for (i=0; i<l; i++) + { + if ((i%12) == 0) printf("\n\t"); + printf("0x%02X,",data[i]); + } + printf("\n\t};\n"); + + l=BN_bn2bin(dh->g,data); + printf("static unsigned char dh%d_g[]={",bits); + for (i=0; i<l; i++) + { + if ((i%12) == 0) printf("\n\t"); + printf("0x%02X,",data[i]); + } + printf("\n\t};\n\n"); + + printf("DH *get_dh%d()\n\t{\n",bits); + printf("\tDH *dh;\n\n"); + printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n"); + printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n", + bits,bits); + printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n", + bits,bits); + printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n"); + printf("\t\treturn(NULL);\n"); + printf("\treturn(dh);\n\t}\n"); + } + + + if (!noout) + { + if (outformat == FORMAT_ASN1) + i=i2d_DHparams_bio(out,dh); + else if (outformat == FORMAT_PEM) + i=PEM_write_bio_DHparams(out,dh); + else { + BIO_printf(bio_err,"bad output format specified for outfile\n"); + goto end; + } + if (!i) + { + BIO_printf(bio_err,"unable to write DH paramaters\n"); + ERR_print_errors(bio_err); + goto end; + } + } + ret=0; +end: + if (in != NULL) BIO_free(in); + if (out != NULL) BIO_free(out); + if (dh != NULL) DH_free(dh); + EXIT(ret); + } +#endif diff --git a/crypto/openssl/apps/dh1024.pem b/crypto/openssl/apps/dh1024.pem new file mode 100644 index 0000000..81d43f6 --- /dev/null +++ b/crypto/openssl/apps/dh1024.pem @@ -0,0 +1,5 @@ +-----BEGIN DH PARAMETERS----- +MIGHAoGBAJf2QmHKtQXdKCjhPx1ottPb0PMTBH9A6FbaWMsTuKG/K3g6TG1Z1fkq +/Gz/PWk/eLI9TzFgqVAuPvr3q14a1aZeVUMTgo2oO5/y2UHe6VaJ+trqCTat3xlx +/mNbIK9HA2RgPC3gWfVLZQrY+gz3ASHHR5nXWHEyvpuZm7m3h+irAgEC +-----END DH PARAMETERS----- diff --git a/crypto/openssl/apps/dsa-ca.pem b/crypto/openssl/apps/dsa-ca.pem new file mode 100644 index 0000000..cccc142 --- /dev/null +++ b/crypto/openssl/apps/dsa-ca.pem @@ -0,0 +1,40 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBugIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ +PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel +u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH +Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso +hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu +SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y +Mu0OArgCgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuHvSLw9YUrJahcBHmbpvt4 +94lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUqAylOVFJJJXuirVJ+o+0T +tOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u3enxhqnDGQIUB78dhW77 +J6zsFbSEHaQGUmfSeoM= +-----END DSA PRIVATE KEY----- +-----BEGIN CERTIFICATE REQUEST----- +MIICUjCCAhECAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx +ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAxMCQ0Ew +ggG0MIIBKQYFKw4DAgwwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaW +sxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5m +rmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHk +cJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVo +bzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqR +CZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxB +F5WS6wG1c6Vqftgy7Q4CuAOBhAACgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuH +vSLw9YUrJahcBHmbpvt494lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUq +AylOVFJJJXuirVJ+o+0TtOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u +3enxhqnDGaAAMAkGBSsOAwIbBQADMAAwLQIVAJGVuFsG/0DBuSZ0jF7ypdU0/G0v +AhQfeF5BoMMDbX/kidUVpQ6gadPlZA== +-----END CERTIFICATE REQUEST----- +-----BEGIN CERTIFICATE----- +MIIBrjCCAWwCAQswCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK +U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww +CgYDVQQDEwNQQ0EwHhcNOTcwNjE1MDIxNDI5WhcNOTcwNzE1MDIxNDI5WjBSMQsw +CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu +ZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDEwJDQTCBkjAJBgUrDgMCDAUAA4GE +AAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfsi4e9IvD1hSslqFwEeZum+3j3iUXi +ALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj25SoDKU5UUkkle6KtUn6j7RO04UMh +MQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17ry7d6fGGqcMZMAkGBSsOAwIbBQAD +MQAwLgIVAJ4wtQsANPxHo7Q4IQZYsL12SKdbAhUAjJ9n38zxT+iai2164xS+LIfa +C1Q= +-----END CERTIFICATE----- + diff --git a/crypto/openssl/apps/dsa-pca.pem b/crypto/openssl/apps/dsa-pca.pem new file mode 100644 index 0000000..d23774e --- /dev/null +++ b/crypto/openssl/apps/dsa-pca.pem @@ -0,0 +1,46 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBvAIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ +PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel +u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH +Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso +hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu +SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y +Mu0OArgCgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk +umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A +29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUCFQDNvrBz +6TicfImU7UFRn9h00j0lJQ== +-----END DSA PRIVATE KEY----- +-----BEGIN CERTIFICATE REQUEST----- +MIICVTCCAhMCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx +ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAxMDUENB +MIIBtTCCASkGBSsOAwIMMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2G +lrMV4FMuj+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7O +Zq5riDb77Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR +5HCVW1DNSQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnl +aG8w42nh5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6 +kQmdtvFNnFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15Als +QReVkusBtXOlan7YMu0OArgDgYUAAoGBAKbtuR5AdW+ICjCFe2ixjUiJJzM2IKwe +6NZEMXg39+HQ1UTPTmfLZLps+rZfolHDXuRKMXbGFdSF0nXYzotPCzi7GauwEJTZ +yr27ZZjA1C6apGSQ9GzuwNvZ4rCXystVEagAS8OQ4H3D4dWS17Zg31ICb5o4E5r0 +z09o/Uz46u0VoAAwCQYFKw4DAhsFAAMxADAuAhUArRubTxsbIXy3AhtjQ943AbNB +nSICFQCu+g1iW3jwF+gOcbroD4S/ZcvB3w== +-----END CERTIFICATE REQUEST----- +-----BEGIN CERTIFICATE----- +MIIC0zCCApECAQAwCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK +U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww +CgYDVQQDEwNQQ0EwHhcNOTcwNjE0MjI1NDQ1WhcNOTcwNzE0MjI1NDQ1WjBTMQsw +CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu +ZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNQQ0EwggG1MIIBKQYFKw4DAgww +ggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaWsxXgUy6P4FmCc5A+dTGZ +R3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5mrmuINvvsKNzC16W75Sw5 +JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHkcJVbUM1JAhUA9wcx7fps +BgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVobzDjaeHls12YuyiGSPze +mQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqRCZ228U2cVA9YBu5JdAfO +VX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxBF5WS6wG1c6Vqftgy7Q4C +uAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk +umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A +29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUwCQYFKw4D +AhsFAAMxADAuAhUAvtv6AkMolix1Jvy3UnVEIUqdCUICFQC+jq8P49mwrY9oJ24n +5rKUjNBhSg== +-----END CERTIFICATE----- + diff --git a/crypto/openssl/apps/dsa.c b/crypto/openssl/apps/dsa.c new file mode 100644 index 0000000..fedecf2 --- /dev/null +++ b/crypto/openssl/apps/dsa.c @@ -0,0 +1,256 @@ +/* apps/dsa.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef NO_DSA +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <time.h> +#include "apps.h" +#include <openssl/bio.h> +#include <openssl/err.h> +#include <openssl/dsa.h> +#include <openssl/evp.h> +#include <openssl/x509.h> +#include <openssl/pem.h> + +#undef PROG +#define PROG dsa_main + +/* -inform arg - input format - default PEM (one of DER, NET or PEM) + * -outform arg - output format - default PEM + * -in arg - input file - default stdin + * -out arg - output file - default stdout + * -des - encrypt output if PEM format with DES in cbc mode + * -des3 - encrypt output if PEM format + * -idea - encrypt output if PEM format + * -text - print a text version + * -modulus - print the DSA public key + */ + +int MAIN(int argc, char **argv) + { + int ret=1; + DSA *dsa=NULL; + int i,badops=0; + const EVP_CIPHER *enc=NULL; + BIO *in=NULL,*out=NULL; + int informat,outformat,text=0,noout=0; + char *infile,*outfile,*prog; + int modulus=0; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + infile=NULL; + outfile=NULL; + informat=FORMAT_PEM; + outformat=FORMAT_PEM; + + prog=argv[0]; + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-inform") == 0) + { + if (--argc < 1) goto bad; + informat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-outform") == 0) + { + if (--argc < 1) goto bad; + outformat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-noout") == 0) + noout=1; + else if (strcmp(*argv,"-text") == 0) + text=1; + else if (strcmp(*argv,"-modulus") == 0) + modulus=1; + else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL) + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { +bad: + BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); + BIO_printf(bio_err,"where options are\n"); + BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n"); + BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n"); + BIO_printf(bio_err," -in arg input file\n"); + BIO_printf(bio_err," -out arg output file\n"); + BIO_printf(bio_err," -des encrypt PEM output with cbc des\n"); + BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); +#ifndef NO_IDEA + BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n"); +#endif + BIO_printf(bio_err," -text print the key in text\n"); + BIO_printf(bio_err," -noout don't print key out\n"); + BIO_printf(bio_err," -modulus print the DSA public value\n"); + goto end; + } + + ERR_load_crypto_strings(); + + in=BIO_new(BIO_s_file()); + out=BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL)) + { + ERR_print_errors(bio_err); + goto end; + } + + if (infile == NULL) + BIO_set_fp(in,stdin,BIO_NOCLOSE); + else + { + if (BIO_read_filename(in,infile) <= 0) + { + perror(infile); + goto end; + } + } + + BIO_printf(bio_err,"read DSA private key\n"); + if (informat == FORMAT_ASN1) + dsa=d2i_DSAPrivateKey_bio(in,NULL); + else if (informat == FORMAT_PEM) + dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL,NULL); + else + { + BIO_printf(bio_err,"bad input format specified for key\n"); + goto end; + } + if (dsa == NULL) + { + BIO_printf(bio_err,"unable to load Private Key\n"); + ERR_print_errors(bio_err); + goto end; + } + + if (outfile == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if (BIO_write_filename(out,outfile) <= 0) + { + perror(outfile); + goto end; + } + } + + if (text) + if (!DSA_print(out,dsa,0)) + { + perror(outfile); + ERR_print_errors(bio_err); + goto end; + } + + if (modulus) + { + fprintf(stdout,"Public Key="); + BN_print(out,dsa->pub_key); + fprintf(stdout,"\n"); + } + + if (noout) goto end; + BIO_printf(bio_err,"writing DSA private key\n"); + if (outformat == FORMAT_ASN1) + i=i2d_DSAPrivateKey_bio(out,dsa); + else if (outformat == FORMAT_PEM) + i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL,NULL); + else { + BIO_printf(bio_err,"bad output format specified for outfile\n"); + goto end; + } + if (!i) + { + BIO_printf(bio_err,"unable to write private key\n"); + ERR_print_errors(bio_err); + } + else + ret=0; +end: + if (in != NULL) BIO_free(in); + if (out != NULL) BIO_free(out); + if (dsa != NULL) DSA_free(dsa); + EXIT(ret); + } +#endif diff --git a/crypto/openssl/apps/dsa1024.pem b/crypto/openssl/apps/dsa1024.pem new file mode 100644 index 0000000..082dec3 --- /dev/null +++ b/crypto/openssl/apps/dsa1024.pem @@ -0,0 +1,9 @@ +-----BEGIN DSA PARAMETERS----- +MIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQPnUx +mUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtelu+Us +OSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcHMe36 +bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLsohkj8 +3pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbuSXQH +zlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7YMu0O +Arg= +-----END DSA PARAMETERS----- diff --git a/crypto/openssl/apps/dsa512.pem b/crypto/openssl/apps/dsa512.pem new file mode 100644 index 0000000..5f86d1a --- /dev/null +++ b/crypto/openssl/apps/dsa512.pem @@ -0,0 +1,6 @@ +-----BEGIN DSA PARAMETERS----- +MIGdAkEAnRtpjibb8isRcBmG9hnI+BnyGFOURgbQYlAzSwI8UjADizv5X9EkBk97 +TLqqQJv9luQ3M7stWtdaEUBmonZ9MQIVAPtT71C0QJIxVoZTeuiLIppJ+3GPAkEA +gz6I5cWJc847bAFJv7PHnwrqRJHlMKrZvltftxDXibeOdPvPKR7rqCxUUbgQ3qDO +L8wka5B33qJoplISogOdIA== +-----END DSA PARAMETERS----- diff --git a/crypto/openssl/apps/dsap.pem b/crypto/openssl/apps/dsap.pem new file mode 100644 index 0000000..d4dfdb3 --- /dev/null +++ b/crypto/openssl/apps/dsap.pem @@ -0,0 +1,6 @@ +-----BEGIN DSA PARAMETERS----- +MIGcAkEA+ZiKEvZmc9MtnaFZh4NiZ3oZS4J1PHvPrm9MXj5ntVheDPkdmBDTncya +GAJcMjwsyB/GvLDGd6yGCw/8eF+09wIVAK3VagOxGd/Q4Af5NbxR5FB7CXEjAkA2 +t/q7HgVLi0KeKvcDG8BRl3wuy7bCvpjgtWiJc/tpvcuzeuAayH89UofjAGueKjXD +ADiRffvSdhrNw5dkqdql +-----END DSA PARAMETERS----- diff --git a/crypto/openssl/apps/dsaparam.c b/crypto/openssl/apps/dsaparam.c new file mode 100644 index 0000000..fb8d471 --- /dev/null +++ b/crypto/openssl/apps/dsaparam.c @@ -0,0 +1,353 @@ +/* apps/dsaparam.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef NO_DSA +#include <stdio.h> +#include <stdlib.h> +#include <time.h> +#include <string.h> +#include "apps.h" +#include <openssl/bio.h> +#include <openssl/err.h> +#include <openssl/bn.h> +#include <openssl/rand.h> +#include <openssl/dsa.h> +#include <openssl/x509.h> +#include <openssl/pem.h> + +#undef PROG +#define PROG dsaparam_main + +/* -inform arg - input format - default PEM (one of DER, TXT or PEM) + * -outform arg - output format - default PEM + * -in arg - input file - default stdin + * -out arg - output file - default stdout + * -noout + * -text + * -C + * -noout + * -genkey + */ + +static void MS_CALLBACK dsa_cb(int p, int n, char *arg); +int MAIN(int argc, char **argv) + { + DSA *dsa=NULL; + int i,badops=0,text=0; + BIO *in=NULL,*out=NULL; + int informat,outformat,noout=0,C=0,ret=1; + char *infile,*outfile,*prog,*inrand=NULL; + int numbits= -1,num,genkey=0; + char buffer[200],*randfile=NULL; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + infile=NULL; + outfile=NULL; + informat=FORMAT_PEM; + outformat=FORMAT_PEM; + + prog=argv[0]; + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-inform") == 0) + { + if (--argc < 1) goto bad; + informat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-outform") == 0) + { + if (--argc < 1) goto bad; + outformat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-text") == 0) + text=1; + else if (strcmp(*argv,"-C") == 0) + C=1; + else if (strcmp(*argv,"-genkey") == 0) + genkey=1; + else if (strcmp(*argv,"-rand") == 0) + { + if (--argc < 1) goto bad; + inrand= *(++argv); + } + else if (strcmp(*argv,"-noout") == 0) + noout=1; + else if (sscanf(*argv,"%d",&num) == 1) + { + /* generate a key */ + numbits=num; + } + else + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { +bad: + BIO_printf(bio_err,"%s [options] [bits] <infile >outfile\n",prog); + BIO_printf(bio_err,"where options are\n"); + BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n"); + BIO_printf(bio_err," -outform arg output format - one of DER TXT PEM\n"); + BIO_printf(bio_err," -in arg input file\n"); + BIO_printf(bio_err," -out arg output file\n"); + BIO_printf(bio_err," -text check the DSA parameters\n"); + BIO_printf(bio_err," -C Output C code\n"); + BIO_printf(bio_err," -noout no output\n"); + BIO_printf(bio_err," -rand files to use for random number input\n"); + BIO_printf(bio_err," number number of bits to use for generating private key\n"); + goto end; + } + + ERR_load_crypto_strings(); + + in=BIO_new(BIO_s_file()); + out=BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL)) + { + ERR_print_errors(bio_err); + goto end; + } + + if (infile == NULL) + BIO_set_fp(in,stdin,BIO_NOCLOSE); + else + { + if (BIO_read_filename(in,infile) <= 0) + { + perror(infile); + goto end; + } + } + if (outfile == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if (BIO_write_filename(out,outfile) <= 0) + { + perror(outfile); + goto end; + } + } + + if (numbits > 0) + { + randfile=RAND_file_name(buffer,200); + RAND_load_file(randfile,1024L*1024L); + + BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num); + BIO_printf(bio_err,"This could take some time\n"); + dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL, + dsa_cb,(char *)bio_err); + } + else if (informat == FORMAT_ASN1) + dsa=d2i_DSAparams_bio(in,NULL); + else if (informat == FORMAT_PEM) + dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL); + else + { + BIO_printf(bio_err,"bad input format specified\n"); + goto end; + } + if (dsa == NULL) + { + BIO_printf(bio_err,"unable to load DSA parameters\n"); + ERR_print_errors(bio_err); + goto end; + } + + if (text) + { + DSAparams_print(out,dsa); + } + + if (C) + { + unsigned char *data; + int l,len,bits_p,bits_q,bits_g; + + len=BN_num_bytes(dsa->p); + bits_p=BN_num_bits(dsa->p); + bits_q=BN_num_bits(dsa->q); + bits_g=BN_num_bits(dsa->g); + data=(unsigned char *)Malloc(len+20); + if (data == NULL) + { + perror("Malloc"); + goto end; + } + l=BN_bn2bin(dsa->p,data); + printf("static unsigned char dsa%d_p[]={",bits_p); + for (i=0; i<l; i++) + { + if ((i%12) == 0) printf("\n\t"); + printf("0x%02X,",data[i]); + } + printf("\n\t};\n"); + + l=BN_bn2bin(dsa->q,data); + printf("static unsigned char dsa%d_q[]={",bits_p); + for (i=0; i<l; i++) + { + if ((i%12) == 0) printf("\n\t"); + printf("0x%02X,",data[i]); + } + printf("\n\t};\n"); + + l=BN_bn2bin(dsa->g,data); + printf("static unsigned char dsa%d_g[]={",bits_p); + for (i=0; i<l; i++) + { + if ((i%12) == 0) printf("\n\t"); + printf("0x%02X,",data[i]); + } + printf("\n\t};\n\n"); + + printf("DSA *get_dsa%d()\n\t{\n",bits_p); + printf("\tDSA *dsa;\n\n"); + printf("\tif ((dsa=DSA_new()) == NULL) return(NULL);\n"); + printf("\tdsa->p=BN_bin2bn(dsa%d_p,sizeof(dsa%d_p),NULL);\n", + bits_p,bits_p); + printf("\tdsa->q=BN_bin2bn(dsa%d_q,sizeof(dsa%d_q),NULL);\n", + bits_p,bits_p); + printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n", + bits_p,bits_p); + printf("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n"); + printf("\t\treturn(NULL);\n"); + printf("\treturn(dsa);\n\t}\n"); + } + + + if (!noout) + { + if (outformat == FORMAT_ASN1) + i=i2d_DSAparams_bio(out,dsa); + else if (outformat == FORMAT_PEM) + i=PEM_write_bio_DSAparams(out,dsa); + else { + BIO_printf(bio_err,"bad output format specified for outfile\n"); + goto end; + } + if (!i) + { + BIO_printf(bio_err,"unable to write DSA paramaters\n"); + ERR_print_errors(bio_err); + goto end; + } + } + if (genkey) + { + DSA *dsakey; + + if ((dsakey=DSAparams_dup(dsa)) == NULL) goto end; + if (!DSA_generate_key(dsakey)) goto end; + if (outformat == FORMAT_ASN1) + i=i2d_DSAPrivateKey_bio(out,dsakey); + else if (outformat == FORMAT_PEM) + i=PEM_write_bio_DSAPrivateKey(out,dsakey,NULL,NULL,0,NULL,NULL); + else { + BIO_printf(bio_err,"bad output format specified for outfile\n"); + goto end; + } + DSA_free(dsakey); + } + ret=0; +end: + if (in != NULL) BIO_free(in); + if (out != NULL) BIO_free(out); + if (dsa != NULL) DSA_free(dsa); + EXIT(ret); + } + +static void MS_CALLBACK dsa_cb(int p, int n, char *arg) + { + char c='*'; + + if (p == 0) c='.'; + if (p == 1) c='+'; + if (p == 2) c='*'; + if (p == 3) c='\n'; + BIO_write((BIO *)arg,&c,1); + (void)BIO_flush((BIO *)arg); +#ifdef LINT + p=n; +#endif + } +#endif diff --git a/crypto/openssl/apps/eay.c b/crypto/openssl/apps/eay.c new file mode 100644 index 0000000..a84aa38 --- /dev/null +++ b/crypto/openssl/apps/eay.c @@ -0,0 +1,131 @@ +/* apps/eay.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#define MONOLITH +#define USE_SOCKETS + +#include "openssl/e_os.h" + +#include <openssl/bio.h> +#include <openssl/stack.h> +#include <openssl/lhash.h> + +#include <openssl/err.h> + +#include <openssl/bn.h> + +#include <openssl/evp.h> + +#include <openssl/rand.h> +#include <openssl/conf.h> +#include <openssl/txt_db.h> + +#include <openssl/err.h> + +#include <openssl/x509.h> +#include <openssl/pkcs7.h> +#include <openssl/pem.h> +#include <openssl/asn1.h> +#include <openssl/objects.h> + +#define MONOLITH + +#include "openssl.c" +#include "apps.c" +#include "asn1pars.c" +#ifndef NO_RSA +#include "ca.c" +#include "genrsa.c" +#include "req.c" +#include "rsa.c" +#endif +#ifndef NO_DH +#include "gendh.c" +#include "dh.c" +#endif +#include "crl.c" +#include "crl2p7.c" +#include "dgst.c" +#include "enc.c" +#include "errstr.c" +#if !defined(NO_SSL2) || !defined(NO_SSL3) +#ifndef NO_SOCK +#include "s_cb.c" +#include "s_client.c" +#include "s_server.c" +#include "s_socket.c" +#include "s_time.c" +#endif +#endif +#include "speed.c" +#include "verify.c" +#include "version.c" +#include "x509.c" +#include "ciphers.c" +#include "sess_id.c" +#include "pkcs7.c" +#ifndef NO_DSA +#include "dsaparam.c" +#include "dsa.c" +#include "gendsa.c" +#endif + diff --git a/crypto/openssl/apps/enc.c b/crypto/openssl/apps/enc.c new file mode 100644 index 0000000..bce936a --- /dev/null +++ b/crypto/openssl/apps/enc.c @@ -0,0 +1,551 @@ +/* apps/enc.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include "apps.h" +#include <openssl/bio.h> +#include <openssl/err.h> +#include <openssl/evp.h> +#include <openssl/objects.h> +#include <openssl/x509.h> +#ifndef NO_MD5 +#include <openssl/md5.h> +#endif +#include <openssl/pem.h> + +int set_hex(char *in,unsigned char *out,int size); +#undef SIZE +#undef BSIZE +#undef PROG + +#define SIZE (512) +#define BSIZE (8*1024) +#define PROG enc_main + +int MAIN(int argc, char **argv) + { + char *strbuf=NULL; + unsigned char *buff=NULL,*bufsize=NULL; + int bsize=BSIZE,verbose=0; + int ret=1,inl; + unsigned char key[24],iv[MD5_DIGEST_LENGTH]; + char *str=NULL; + char *hkey=NULL,*hiv=NULL; + int enc=1,printkey=0,i,base64=0; + int debug=0,olb64=0; + const EVP_CIPHER *cipher=NULL,*c; + char *inf=NULL,*outf=NULL; + BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL; +#define PROG_NAME_SIZE 16 + char pname[PROG_NAME_SIZE]; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + /* first check the program name */ + program_name(argv[0],pname,PROG_NAME_SIZE); + if (strcmp(pname,"base64") == 0) + base64=1; + + cipher=EVP_get_cipherbyname(pname); + if (!base64 && (cipher == NULL) && (strcmp(pname,"enc") != 0)) + { + BIO_printf(bio_err,"%s is an unknown cipher\n",pname); + goto bad; + } + + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-e") == 0) + enc=1; + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + inf= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outf= *(++argv); + } + else if (strcmp(*argv,"-d") == 0) + enc=0; + else if (strcmp(*argv,"-p") == 0) + printkey=1; + else if (strcmp(*argv,"-v") == 0) + verbose=1; + else if ((strcmp(*argv,"-debug") == 0) || + (strcmp(*argv,"-d") == 0)) + debug=1; + else if (strcmp(*argv,"-P") == 0) + printkey=2; + else if (strcmp(*argv,"-A") == 0) + olb64=1; + else if (strcmp(*argv,"-a") == 0) + base64=1; + else if (strcmp(*argv,"-base64") == 0) + base64=1; + else if (strcmp(*argv,"-bufsize") == 0) + { + if (--argc < 1) goto bad; + bufsize=(unsigned char *)*(++argv); + } + else if (strcmp(*argv,"-k") == 0) + { + if (--argc < 1) goto bad; + str= *(++argv); + } + else if (strcmp(*argv,"-kfile") == 0) + { + static char buf[128]; + FILE *infile; + char *file; + + if (--argc < 1) goto bad; + file= *(++argv); + infile=fopen(file,"r"); + if (infile == NULL) + { + BIO_printf(bio_err,"unable to read key from '%s'\n", + file); + goto bad; + } + buf[0]='\0'; + fgets(buf,128,infile); + fclose(infile); + i=strlen(buf); + if ((i > 0) && + ((buf[i-1] == '\n') || (buf[i-1] == '\r'))) + buf[--i]='\0'; + if ((i > 0) && + ((buf[i-1] == '\n') || (buf[i-1] == '\r'))) + buf[--i]='\0'; + if (i < 1) + { + BIO_printf(bio_err,"zero length password\n"); + goto bad; + } + str=buf; + } + else if (strcmp(*argv,"-K") == 0) + { + if (--argc < 1) goto bad; + hkey= *(++argv); + } + else if (strcmp(*argv,"-iv") == 0) + { + if (--argc < 1) goto bad; + hiv= *(++argv); + } + else if ((argv[0][0] == '-') && + ((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) + { + cipher=c; + } + else if (strcmp(*argv,"-none") == 0) + cipher=NULL; + else + { + BIO_printf(bio_err,"unknown option '%s'\n",*argv); +bad: + BIO_printf(bio_err,"options are\n"); + BIO_printf(bio_err,"%-14s input file\n","-in <file>"); + BIO_printf(bio_err,"%-14s output fileencrypt\n","-out <file>"); + BIO_printf(bio_err,"%-14s encrypt\n","-e"); + BIO_printf(bio_err,"%-14s decrypt\n","-d"); + BIO_printf(bio_err,"%-14s base64 encode/decode, depending on encryption flag\n","-a/-base64"); + BIO_printf(bio_err,"%-14s key is the next argument\n","-k"); + BIO_printf(bio_err,"%-14s key is the first line of the file argument\n","-kfile"); + BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv"); + BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]"); + BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>"); + + BIO_printf(bio_err,"Cipher Types\n"); + BIO_printf(bio_err,"des : 56 bit key DES encryption\n"); + BIO_printf(bio_err,"des_ede :112 bit key ede DES encryption\n"); + BIO_printf(bio_err,"des_ede3:168 bit key ede DES encryption\n"); +#ifndef NO_IDEA + BIO_printf(bio_err,"idea :128 bit key IDEA encryption\n"); +#endif +#ifndef NO_RC4 + BIO_printf(bio_err,"rc2 :128 bit key RC2 encryption\n"); +#endif +#ifndef NO_BF + BIO_printf(bio_err,"bf :128 bit key BlowFish encryption\n"); +#endif +#ifndef NO_RC4 + BIO_printf(bio_err," -%-5s :128 bit key RC4 encryption\n", + LN_rc4); +#endif + + BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s", + LN_des_ecb,LN_des_cbc, + LN_des_cfb64,LN_des_ofb64); + BIO_printf(bio_err," -%-4s (%s)\n", + "des", LN_des_cbc); + + BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s", + LN_des_ede,LN_des_ede_cbc, + LN_des_ede_cfb64,LN_des_ede_ofb64); + BIO_printf(bio_err," -desx -none\n"); + + + BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s", + LN_des_ede3,LN_des_ede3_cbc, + LN_des_ede3_cfb64,LN_des_ede3_ofb64); + BIO_printf(bio_err," -%-4s (%s)\n", + "des3", LN_des_ede3_cbc); + +#ifndef NO_IDEA + BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s", + LN_idea_ecb, LN_idea_cbc, + LN_idea_cfb64, LN_idea_ofb64); + BIO_printf(bio_err," -%-4s (%s)\n","idea",LN_idea_cbc); +#endif +#ifndef NO_RC2 + BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s", + LN_rc2_ecb, LN_rc2_cbc, + LN_rc2_cfb64, LN_rc2_ofb64); + BIO_printf(bio_err," -%-4s (%s)\n","rc2", LN_rc2_cbc); +#endif +#ifndef NO_BF + BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s", + LN_bf_ecb, LN_bf_cbc, + LN_bf_cfb64, LN_bf_ofb64); + BIO_printf(bio_err," -%-4s (%s)\n","bf", LN_bf_cbc); +#endif +#ifndef NO_CAST + BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s", + LN_cast5_ecb, LN_cast5_cbc, + LN_cast5_cfb64, LN_cast5_ofb64); + BIO_printf(bio_err," -%-4s (%s)\n","cast", LN_cast5_cbc); +#endif +#ifndef NO_RC5 + BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s", + LN_rc5_ecb, LN_rc5_cbc, + LN_rc5_cfb64, LN_rc5_ofb64); + BIO_printf(bio_err," -%-4s (%s)\n","rc5", LN_rc5_cbc); +#endif + goto end; + } + argc--; + argv++; + } + + if (bufsize != NULL) + { + unsigned long n; + + for (n=0; *bufsize; bufsize++) + { + i= *bufsize; + if ((i <= '9') && (i >= '0')) + n=n*10+i-'0'; + else if (i == 'k') + { + n*=1024; + bufsize++; + break; + } + } + if (*bufsize != '\0') + { + BIO_printf(bio_err,"invalid 'bufsize' specified.\n"); + goto end; + } + + /* It must be large enough for a base64 encoded line */ + if (n < 80) n=80; + + bsize=(int)n; + if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize); + } + + strbuf=Malloc(SIZE); + buff=(unsigned char *)Malloc(EVP_ENCODE_LENGTH(bsize)); + if ((buff == NULL) || (strbuf == NULL)) + { + BIO_printf(bio_err,"Malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize)); + goto end; + } + + in=BIO_new(BIO_s_file()); + out=BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL)) + { + ERR_print_errors(bio_err); + goto end; + } + if (debug) + { + BIO_set_callback(in,BIO_debug_callback); + BIO_set_callback(out,BIO_debug_callback); + BIO_set_callback_arg(in,bio_err); + BIO_set_callback_arg(out,bio_err); + } + + if (inf == NULL) + BIO_set_fp(in,stdin,BIO_NOCLOSE); + else + { + if (BIO_read_filename(in,inf) <= 0) + { + perror(inf); + goto end; + } + } + + if ((str == NULL) && (cipher != NULL) && (hkey == NULL)) + { + for (;;) + { + char buf[200]; + + sprintf(buf,"enter %s %s password:", + OBJ_nid2ln(EVP_CIPHER_nid(cipher)), + (enc)?"encryption":"decryption"); + strbuf[0]='\0'; + i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc); + if (i == 0) + { + if (strbuf[0] == '\0') + { + ret=1; + goto end; + } + str=strbuf; + break; + } + if (i < 0) + { + BIO_printf(bio_err,"bad password read\n"); + goto end; + } + } + } + + if (cipher != NULL) + { + if (str != NULL) + { + EVP_BytesToKey(cipher,EVP_md5(),NULL, + (unsigned char *)str, + strlen(str),1,key,iv); + /* zero the complete buffer or the string + * passed from the command line + * bug picked up by + * Larry J. Hughes Jr. <hughes@indiana.edu> */ + if (str == strbuf) + memset(str,0,SIZE); + else + memset(str,0,strlen(str)); + } + if ((hiv != NULL) && !set_hex(hiv,iv,8)) + { + BIO_printf(bio_err,"invalid hex iv value\n"); + goto end; + } + if ((hkey != NULL) && !set_hex(hkey,key,24)) + { + BIO_printf(bio_err,"invalid hex key value\n"); + goto end; + } + + if ((benc=BIO_new(BIO_f_cipher())) == NULL) + goto end; + BIO_set_cipher(benc,cipher,key,iv,enc); + if (debug) + { + BIO_set_callback(benc,BIO_debug_callback); + BIO_set_callback_arg(benc,bio_err); + } + + if (printkey) + { + if (cipher->key_len > 0) + { + printf("key="); + for (i=0; i<cipher->key_len; i++) + printf("%02X",key[i]); + printf("\n"); + } + if (cipher->iv_len > 0) + { + printf("iv ="); + for (i=0; i<cipher->iv_len; i++) + printf("%02X",iv[i]); + printf("\n"); + } + if (printkey == 2) + { + ret=0; + goto end; + } + } + } + + + if (outf == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if (BIO_write_filename(out,outf) <= 0) + { + perror(outf); + goto end; + } + } + + rbio=in; + wbio=out; + + if (base64) + { + if ((b64=BIO_new(BIO_f_base64())) == NULL) + goto end; + if (debug) + { + BIO_set_callback(b64,BIO_debug_callback); + BIO_set_callback_arg(b64,bio_err); + } + if (olb64) + BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL); + if (enc) + wbio=BIO_push(b64,wbio); + else + rbio=BIO_push(b64,rbio); + } + + /* Only encrypt/decrypt as we write the file */ + if (benc != NULL) + wbio=BIO_push(benc,wbio); + + for (;;) + { + inl=BIO_read(rbio,(char *)buff,bsize); + if (inl <= 0) break; + if (BIO_write(wbio,(char *)buff,inl) != inl) + { + BIO_printf(bio_err,"error writing output file\n"); + goto end; + } + } + if (!BIO_flush(wbio)) + { + BIO_printf(bio_err,"bad decrypt\n"); + goto end; + } + + ret=0; + if (verbose) + { + BIO_printf(bio_err,"bytes read :%8ld\n",BIO_number_read(in)); + BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out)); + } +end: + if (strbuf != NULL) Free(strbuf); + if (buff != NULL) Free(buff); + if (in != NULL) BIO_free(in); + if (out != NULL) BIO_free(out); + if (benc != NULL) BIO_free(benc); + if (b64 != NULL) BIO_free(b64); + EXIT(ret); + } + +int set_hex(char *in, unsigned char *out, int size) + { + int i,n; + unsigned char j; + + n=strlen(in); + if (n > (size*2)) + { + BIO_printf(bio_err,"hex string is too long\n"); + return(0); + } + memset(out,0,size); + for (i=0; i<n; i++) + { + j=(unsigned char)*in; + *(in++)='\0'; + if (j == 0) break; + if ((j >= '0') && (j <= '9')) + j-='0'; + else if ((j >= 'A') && (j <= 'F')) + j=j-'A'+10; + else if ((j >= 'a') && (j <= 'f')) + j=j-'a'+10; + else + { + BIO_printf(bio_err,"non-hex digit\n"); + return(0); + } + if (i&1) + out[i/2]|=j; + else + out[i/2]=(j<<4); + } + return(1); + } diff --git a/crypto/openssl/apps/errstr.c b/crypto/openssl/apps/errstr.c new file mode 100644 index 0000000..c86b5d9 --- /dev/null +++ b/crypto/openssl/apps/errstr.c @@ -0,0 +1,114 @@ +/* apps/errstr.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include "apps.h" +#include <openssl/bio.h> +#include <openssl/lhash.h> +#include <openssl/err.h> +#include <openssl/ssl.h> + +#undef PROG +#define PROG errstr_main + +int MAIN(int argc, char **argv) + { + int i,ret=0; + char buf[256]; + unsigned long l; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + SSL_load_error_strings(); + + if ((argc > 1) && (strcmp(argv[1],"-stats") == 0)) + { + BIO *out=NULL; + + out=BIO_new(BIO_s_file()); + if ((out != NULL) && BIO_set_fp(out,stdout,BIO_NOCLOSE)) + { + lh_node_stats_bio((LHASH *)ERR_get_string_table(),out); + lh_stats_bio((LHASH *)ERR_get_string_table(),out); + lh_node_usage_stats_bio((LHASH *) + ERR_get_string_table(),out); + } + if (out != NULL) BIO_free(out); + argc--; + argv++; + } + + for (i=1; i<argc; i++) + { + if (sscanf(argv[i],"%lx",&l)) + printf("%s\n",ERR_error_string(l,buf)); + else + { + printf("%s: bad error code\n",argv[i]); + printf("usage: errstr [-stats] <errno> ...\n"); + ret++; + } + } + EXIT(ret); + } diff --git a/crypto/openssl/apps/gendh.c b/crypto/openssl/apps/gendh.c new file mode 100644 index 0000000..3d50948 --- /dev/null +++ b/crypto/openssl/apps/gendh.c @@ -0,0 +1,223 @@ +/* apps/gendh.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef NO_DH +#include <stdio.h> +#include <string.h> +#include <sys/types.h> +#include <sys/stat.h> +#include "apps.h" +#include <openssl/bio.h> +#include <openssl/rand.h> +#include <openssl/err.h> +#include <openssl/bn.h> +#include <openssl/dh.h> +#include <openssl/x509.h> +#include <openssl/pem.h> + +#define DEFBITS 512 +#undef PROG +#define PROG gendh_main + +static void MS_CALLBACK dh_cb(int p, int n, void *arg); +static long dh_load_rand(char *names); +int MAIN(int argc, char **argv) + { + char buffer[200]; + DH *dh=NULL; + int ret=1,num=DEFBITS; + int g=2; + char *outfile=NULL; + char *inrand=NULL,*randfile; + BIO *out=NULL; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + argv++; + argc--; + for (;;) + { + if (argc <= 0) break; + if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-2") == 0) + g=2; + /* else if (strcmp(*argv,"-3") == 0) + g=3; */ + else if (strcmp(*argv,"-5") == 0) + g=5; + else if (strcmp(*argv,"-rand") == 0) + { + if (--argc < 1) goto bad; + inrand= *(++argv); + } + else + break; + argv++; + argc--; + } + if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0))) + { +bad: + BIO_printf(bio_err,"usage: gendh [args] [numbits]\n"); + BIO_printf(bio_err," -out file - output the key to 'file\n"); + BIO_printf(bio_err," -2 use 2 as the generator value\n"); + /* BIO_printf(bio_err," -3 use 3 as the generator value\n"); */ + BIO_printf(bio_err," -5 use 5 as the generator value\n"); + BIO_printf(bio_err," -rand file:file:...\n"); + BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); + BIO_printf(bio_err," the random number generator\n"); + goto end; + } + + out=BIO_new(BIO_s_file()); + if (out == NULL) + { + ERR_print_errors(bio_err); + goto end; + } + + if (outfile == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if (BIO_write_filename(out,outfile) <= 0) + { + perror(outfile); + goto end; + } + } + + randfile=RAND_file_name(buffer,200); + if ((randfile == NULL)|| !RAND_load_file(randfile,1024L*1024L)) + BIO_printf(bio_err,"unable to load 'random state'\n"); + + if (inrand == NULL) + BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); + else + { + BIO_printf(bio_err,"%ld semi-random bytes loaded\n", + dh_load_rand(inrand)); + } + + BIO_printf(bio_err,"Generating DH parameters, %d bit long strong prime, generator of %d\n",num,g); + BIO_printf(bio_err,"This is going to take a long time\n"); + dh=DH_generate_parameters(num,g,dh_cb,bio_err); + + if (dh == NULL) goto end; + + if (randfile == NULL) + BIO_printf(bio_err,"unable to write 'random state'\n"); + else + RAND_write_file(randfile); + + if (!PEM_write_bio_DHparams(out,dh)) + goto end; + ret=0; +end: + if (ret != 0) + ERR_print_errors(bio_err); + if (out != NULL) BIO_free(out); + if (dh != NULL) DH_free(dh); + EXIT(ret); + } + +static void MS_CALLBACK dh_cb(int p, int n, void *arg) + { + char c='*'; + + if (p == 0) c='.'; + if (p == 1) c='+'; + if (p == 2) c='*'; + if (p == 3) c='\n'; + BIO_write((BIO *)arg,&c,1); + (void)BIO_flush((BIO *)arg); +#ifdef LINT + p=n; +#endif + } + +static long dh_load_rand(char *name) + { + char *p,*n; + int last; + long tot=0; + + for (;;) + { + last=0; + for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++); + if (*p == '\0') last=1; + *p='\0'; + n=name; + name=p+1; + if (*n == '\0') break; + + tot+=RAND_load_file(n,1); + if (last) break; + } + return(tot); + } +#endif diff --git a/crypto/openssl/apps/gendsa.c b/crypto/openssl/apps/gendsa.c new file mode 100644 index 0000000..5f00b89 --- /dev/null +++ b/crypto/openssl/apps/gendsa.c @@ -0,0 +1,232 @@ +/* apps/gendsa.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef NO_DSA +#include <stdio.h> +#include <string.h> +#include <sys/types.h> +#include <sys/stat.h> +#include "apps.h" +#include <openssl/bio.h> +#include <openssl/rand.h> +#include <openssl/err.h> +#include <openssl/bn.h> +#include <openssl/dsa.h> +#include <openssl/x509.h> +#include <openssl/pem.h> + +#define DEFBITS 512 +#undef PROG +#define PROG gendsa_main + +static long dsa_load_rand(char *names); +int MAIN(int argc, char **argv) + { + char buffer[200]; + DSA *dsa=NULL; + int ret=1; + char *outfile=NULL; + char *inrand=NULL,*randfile,*dsaparams=NULL; + BIO *out=NULL,*in=NULL; + EVP_CIPHER *enc=NULL; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + argv++; + argc--; + for (;;) + { + if (argc <= 0) break; + if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-rand") == 0) + { + if (--argc < 1) goto bad; + inrand= *(++argv); + } + else if (strcmp(*argv,"-") == 0) + goto bad; +#ifndef NO_DES + else if (strcmp(*argv,"-des") == 0) + enc=EVP_des_cbc(); + else if (strcmp(*argv,"-des3") == 0) + enc=EVP_des_ede3_cbc(); +#endif +#ifndef NO_IDEA + else if (strcmp(*argv,"-idea") == 0) + enc=EVP_idea_cbc(); +#endif + else if (**argv != '-' && dsaparams == NULL) + { + dsaparams = *argv; + } + else + goto bad; + argv++; + argc--; + } + + if (dsaparams == NULL) + { +bad: + BIO_printf(bio_err,"usage: gendsa [args] dsaparam-file\n"); + BIO_printf(bio_err," -out file - output the key to 'file'\n"); +#ifndef NO_DES + BIO_printf(bio_err," -des - encrypt the generated key with DES in cbc mode\n"); + BIO_printf(bio_err," -des3 - encrypt the generated key with DES in ede cbc mode (168 bit key)\n"); +#endif +#ifndef NO_IDEA + BIO_printf(bio_err," -idea - encrypt the generated key with IDEA in cbc mode\n"); +#endif + BIO_printf(bio_err," -rand file:file:...\n"); + BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); + BIO_printf(bio_err," the random number generator\n"); + BIO_printf(bio_err," dsaparam-file\n"); + BIO_printf(bio_err," - a DSA parameter file as generated by the dsaparam command\n"); + goto end; + } + + in=BIO_new(BIO_s_file()); + if (!(BIO_read_filename(in,dsaparams))) + { + perror(dsaparams); + goto end; + } + + if ((dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL)) == NULL) + { + BIO_printf(bio_err,"unable to load DSA parameter file\n"); + goto end; + } + BIO_free(in); + + out=BIO_new(BIO_s_file()); + if (out == NULL) goto end; + + if (outfile == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if (BIO_write_filename(out,outfile) <= 0) + { + perror(outfile); + goto end; + } + } + + randfile=RAND_file_name(buffer,200); + if ((randfile == NULL)|| !RAND_load_file(randfile,1024L*1024L)) + BIO_printf(bio_err,"unable to load 'random state'\n"); + + if (inrand == NULL) + BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); + else + { + BIO_printf(bio_err,"%ld semi-random bytes loaded\n", + dsa_load_rand(inrand)); + } + + BIO_printf(bio_err,"Generating DSA key, %d bits\n", + BN_num_bits(dsa->p)); + if (!DSA_generate_key(dsa)) goto end; + + if (randfile == NULL) + BIO_printf(bio_err,"unable to write 'random state'\n"); + else + RAND_write_file(randfile); + + if (!PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL,NULL)) + goto end; + ret=0; +end: + if (ret != 0) + ERR_print_errors(bio_err); + if (out != NULL) BIO_free(out); + if (dsa != NULL) DSA_free(dsa); + EXIT(ret); + } + +static long dsa_load_rand(char *name) + { + char *p,*n; + int last; + long tot=0; + + for (;;) + { + last=0; + for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++); + if (*p == '\0') last=1; + *p='\0'; + n=name; + name=p+1; + if (*n == '\0') break; + + tot+=RAND_load_file(n,1); + if (last) break; + } + return(tot); + } +#endif diff --git a/crypto/openssl/apps/genrsa.c b/crypto/openssl/apps/genrsa.c new file mode 100644 index 0000000..6738206 --- /dev/null +++ b/crypto/openssl/apps/genrsa.c @@ -0,0 +1,266 @@ +/* apps/genrsa.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef NO_RSA +#include <stdio.h> +#include <string.h> +#include <sys/types.h> +#include <sys/stat.h> +#include "apps.h" +#include <openssl/bio.h> +#include <openssl/rand.h> +#include <openssl/err.h> +#include <openssl/bn.h> +#include <openssl/rsa.h> +#include <openssl/evp.h> +#include <openssl/x509.h> +#include <openssl/pem.h> + +#define DEFBITS 512 +#undef PROG +#define PROG genrsa_main + +static void MS_CALLBACK genrsa_cb(int p, int n, void *arg); +static long gr_load_rand(char *names); +int MAIN(int argc, char **argv) + { + int ret=1; + char buffer[200]; + RSA *rsa=NULL; + int i,num=DEFBITS; + long rnum=0,l; + EVP_CIPHER *enc=NULL; + unsigned long f4=RSA_F4; + char *outfile=NULL; + char *inrand=NULL,*randfile; + BIO *out=NULL; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if ((out=BIO_new(BIO_s_file())) == NULL) + { + BIO_printf(bio_err,"unable to creat BIO for output\n"); + goto err; + } + + argv++; + argc--; + for (;;) + { + if (argc <= 0) break; + if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-3") == 0) + f4=3; + else if (strcmp(*argv,"-F4") == 0) + f4=RSA_F4; + else if (strcmp(*argv,"-rand") == 0) + { + if (--argc < 1) goto bad; + inrand= *(++argv); + } +#ifndef NO_DES + else if (strcmp(*argv,"-des") == 0) + enc=EVP_des_cbc(); + else if (strcmp(*argv,"-des3") == 0) + enc=EVP_des_ede3_cbc(); +#endif +#ifndef NO_IDEA + else if (strcmp(*argv,"-idea") == 0) + enc=EVP_idea_cbc(); +#endif + else + break; + argv++; + argc--; + } + if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0))) + { +bad: + BIO_printf(bio_err,"usage: genrsa [args] [numbits]\n"); + BIO_printf(bio_err," -des - encrypt the generated key with DES in cbc mode\n"); + BIO_printf(bio_err," -des3 - encrypt the generated key with DES in ede cbc mode (168 bit key)\n"); +#ifndef NO_IDEA + BIO_printf(bio_err," -idea - encrypt the generated key with IDEA in cbc mode\n"); +#endif + BIO_printf(bio_err," -out file - output the key to 'file\n"); + BIO_printf(bio_err," -f4 - use F4 (0x10001) for the E value\n"); + BIO_printf(bio_err," -3 - use 3 for the E value\n"); + BIO_printf(bio_err," -rand file:file:...\n"); + BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); + BIO_printf(bio_err," the random number generator\n"); + goto err; + } + + ERR_load_crypto_strings(); + if (outfile == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if (BIO_write_filename(out,outfile) <= 0) + { + perror(outfile); + goto err; + } + } + +#ifdef WINDOWS + BIO_printf(bio_err,"Loading 'screen' into random state -"); + BIO_flush(bio_err); + RAND_screen(); + BIO_printf(bio_err," done\n"); +#endif + randfile=RAND_file_name(buffer,200); + if ((randfile == NULL) || + !(rnum=(long)RAND_load_file(randfile,1024L*1024L))) + { + BIO_printf(bio_err,"unable to load 'random state'\n"); + } + + if (inrand == NULL) + { + if (rnum == 0) + { + BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); + } + } + else + { + rnum+=gr_load_rand(inrand); + } + if (rnum != 0) + BIO_printf(bio_err,"%ld semi-random bytes loaded\n",rnum); + + BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n", + num); + rsa=RSA_generate_key(num,f4,genrsa_cb,bio_err); + + if (randfile == NULL) + BIO_printf(bio_err,"unable to write 'random state'\n"); + else + RAND_write_file(randfile); + + if (rsa == NULL) goto err; + + /* We need to do the folloing for when the base number size is < + * long, esp windows 3.1 :-(. */ + l=0L; + for (i=0; i<rsa->e->top; i++) + { +#ifndef SIXTY_FOUR_BIT + l<<=BN_BITS4; + l<<=BN_BITS4; +#endif + l+=rsa->e->d[i]; + } + BIO_printf(bio_err,"e is %ld (0x%lX)\n",l,l); + if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL,NULL)) + goto err; + + ret=0; +err: + if (rsa != NULL) RSA_free(rsa); + if (out != NULL) BIO_free(out); + if (ret != 0) + ERR_print_errors(bio_err); + EXIT(ret); + } + +static void MS_CALLBACK genrsa_cb(int p, int n, void *arg) + { + char c='*'; + + if (p == 0) c='.'; + if (p == 1) c='+'; + if (p == 2) c='*'; + if (p == 3) c='\n'; + BIO_write((BIO *)arg,&c,1); + (void)BIO_flush((BIO *)arg); +#ifdef LINT + p=n; +#endif + } + +static long gr_load_rand(char *name) + { + char *p,*n; + int last; + long tot=0; + + for (;;) + { + last=0; + for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++); + if (*p == '\0') last=1; + *p='\0'; + n=name; + name=p+1; + if (*n == '\0') break; + + tot+=RAND_load_file(n,1024L*1024L); + if (last) break; + } + return(tot); + } +#endif diff --git a/crypto/openssl/apps/nseq.c b/crypto/openssl/apps/nseq.c new file mode 100644 index 0000000..d9d0165 --- /dev/null +++ b/crypto/openssl/apps/nseq.c @@ -0,0 +1,174 @@ +/* nseq.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include <string.h> +#include <openssl/pem.h> +#include <openssl/err.h> +#include "apps.h" + +#undef PROG +#define PROG nseq_main + +static int dump_cert_text(BIO *out, X509 *x); + +int MAIN(int argc, char **argv) +{ + char **args, *infile = NULL, *outfile = NULL; + BIO *in = NULL, *out = NULL; + int toseq = 0; + X509 *x509 = NULL; + NETSCAPE_CERT_SEQUENCE *seq = NULL; + int i, ret = 1; + int badarg = 0; + if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); + ERR_load_crypto_strings(); + args = argv + 1; + while (!badarg && *args && *args[0] == '-') { + if (!strcmp (*args, "-toseq")) toseq = 1; + else if (!strcmp (*args, "-in")) { + if (args[1]) { + args++; + infile = *args; + } else badarg = 1; + } else if (!strcmp (*args, "-out")) { + if (args[1]) { + args++; + outfile = *args; + } else badarg = 1; + } else badarg = 1; + args++; + } + + if (badarg) { + BIO_printf (bio_err, "Netscape certificate sequence utility\n"); + BIO_printf (bio_err, "Usage nseq [options]\n"); + BIO_printf (bio_err, "where options are\n"); + BIO_printf (bio_err, "-in file input file\n"); + BIO_printf (bio_err, "-out file output file\n"); + BIO_printf (bio_err, "-toseq output NS Sequence file\n"); + EXIT(1); + } + + if (infile) { + if (!(in = BIO_new_file (infile, "r"))) { + BIO_printf (bio_err, + "Can't open input file %s\n", infile); + goto end; + } + } else in = BIO_new_fp(stdin, BIO_NOCLOSE); + + if (outfile) { + if (!(out = BIO_new_file (outfile, "w"))) { + BIO_printf (bio_err, + "Can't open output file %s\n", outfile); + goto end; + } + } else out = BIO_new_fp(stdout, BIO_NOCLOSE); + + if (toseq) { + seq = NETSCAPE_CERT_SEQUENCE_new(); + seq->certs = sk_X509_new(NULL); + while((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL))) + sk_X509_push(seq->certs,x509); + + if(!sk_X509_num(seq->certs)) + { + BIO_printf (bio_err, "Error reading certs file %s\n", infile); + ERR_print_errors(bio_err); + goto end; + } + PEM_write_bio_NETSCAPE_CERT_SEQUENCE(out, seq); + ret = 0; + goto end; + } + + if (!(seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL))) { + BIO_printf (bio_err, "Error reading sequence file %s\n", infile); + ERR_print_errors(bio_err); + goto end; + } + + for(i = 0; i < sk_X509_num(seq->certs); i++) { + x509 = sk_X509_value(seq->certs, i); + dump_cert_text(out, x509); + PEM_write_bio_X509(out, x509); + } + ret = 0; +end: + BIO_free(in); + BIO_free(out); + NETSCAPE_CERT_SEQUENCE_free(seq); + + EXIT(ret); +} + +static int dump_cert_text(BIO *out, X509 *x) +{ + char buf[256]; + X509_NAME_oneline(X509_get_subject_name(x),buf,256); + BIO_puts(out,"subject="); + BIO_puts(out,buf); + + X509_NAME_oneline(X509_get_issuer_name(x),buf,256); + BIO_puts(out,"\nissuer= "); + BIO_puts(out,buf); + BIO_puts(out,"\n"); + return 0; +} + diff --git a/crypto/openssl/apps/oid.cnf b/crypto/openssl/apps/oid.cnf new file mode 100644 index 0000000..faf425a --- /dev/null +++ b/crypto/openssl/apps/oid.cnf @@ -0,0 +1,6 @@ +2.99999.1 SET.ex1 SET x509v3 extension 1 +2.99999.2 SET.ex2 SET x509v3 extension 2 +2.99999.3 SET.ex3 SET x509v3 extension 3 +2.99999.4 SET.ex4 SET x509v3 extension 4 +2.99999.5 SET.ex5 SET x509v3 extension 5 +2.99999.6 SET.ex6 SET x509v3 extension 6 diff --git a/crypto/openssl/apps/openssl.c b/crypto/openssl/apps/openssl.c new file mode 100644 index 0000000..9a337fb --- /dev/null +++ b/crypto/openssl/apps/openssl.c @@ -0,0 +1,373 @@ +/* apps/openssl.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef DEBUG +#undef DEBUG +#endif + +#include <stdio.h> +#include <string.h> +#include <stdlib.h> +#include <openssl/bio.h> +#include <openssl/crypto.h> +#include <openssl/lhash.h> +#include <openssl/conf.h> +#include <openssl/x509.h> +#include <openssl/pem.h> +#include <openssl/ssl.h> +#define SSLEAY /* turn off a few special case MONOLITH macros */ +#define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */ +#define SSLEAY_SRC +#include "apps.h" +#include "s_apps.h" +#include <openssl/err.h> + +/* +#ifdef WINDOWS +#include "bss_file.c" +#endif +*/ + +static unsigned long MS_CALLBACK hash(FUNCTION *a); +static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b); +static LHASH *prog_init(void ); +static int do_cmd(LHASH *prog,int argc,char *argv[]); +LHASH *config=NULL; +char *default_config_file=NULL; + +#ifdef DEBUG +static void sig_stop(int i) + { + char *a=NULL; + + *a='\0'; + } +#endif + +/* Make sure there is only one when MONOLITH is defined */ +#ifdef MONOLITH +BIO *bio_err=NULL; +#endif + +int main(int Argc, char *Argv[]) + { + ARGS arg; +#define PROG_NAME_SIZE 16 + char pname[PROG_NAME_SIZE]; + FUNCTION f,*fp; + MS_STATIC char *prompt,buf[1024],config_name[256]; + int n,i,ret=0; + int argc; + char **argv,*p; + LHASH *prog=NULL; + long errline; + + arg.data=NULL; + arg.count=0; + + /* SSLeay_add_ssl_algorithms(); is called in apps_startup() */ + apps_startup(); + +#if defined(DEBUG) && !defined(WINDOWS) && !defined(MSDOS) +#ifdef SIGBUS + signal(SIGBUS,sig_stop); +#endif +#ifdef SIGSEGV + signal(SIGSEGV,sig_stop); +#endif +#endif + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + ERR_load_crypto_strings(); + + /* Lets load up our environment a little */ + p=getenv("OPENSSL_CONF"); + if (p == NULL) + p=getenv("SSLEAY_CONF"); + if (p == NULL) + { + strcpy(config_name,X509_get_default_cert_area()); +#ifndef VMS + strcat(config_name,"/"); +#endif + strcat(config_name,OPENSSL_CONF); + p=config_name; + } + + default_config_file=p; + + config=CONF_load(config,p,&errline); + if (config == NULL) ERR_clear_error(); + + prog=prog_init(); + + /* first check the program name */ + program_name(Argv[0],pname,PROG_NAME_SIZE); + + f.name=pname; + fp=(FUNCTION *)lh_retrieve(prog,(char *)&f); + if (fp != NULL) + { + Argv[0]=pname; + ret=fp->func(Argc,Argv); + goto end; + } + + /* ok, now check that there are not arguments, if there are, + * run with them, shifting the ssleay off the front */ + if (Argc != 1) + { + Argc--; + Argv++; + ret=do_cmd(prog,Argc,Argv); + if (ret < 0) ret=0; + goto end; + } + + /* ok, lets enter the old 'OpenSSL>' mode */ + + for (;;) + { + ret=0; + p=buf; + n=1024; + i=0; + for (;;) + { + p[0]='\0'; + if (i++) + prompt=">"; + else prompt="OpenSSL> "; + fputs(prompt,stdout); + fflush(stdout); + fgets(p,n,stdin); + if (p[0] == '\0') goto end; + i=strlen(p); + if (i <= 1) break; + if (p[i-2] != '\\') break; + i-=2; + p+=i; + n-=i; + } + if (!chopup_args(&arg,buf,&argc,&argv)) break; + + ret=do_cmd(prog,argc,argv); + if (ret < 0) + { + ret=0; + goto end; + } + if (ret != 0) + BIO_printf(bio_err,"error in %s\n",argv[0]); + (void)BIO_flush(bio_err); + } + BIO_printf(bio_err,"bad exit\n"); + ret=1; +end: + if (config != NULL) + { + CONF_free(config); + config=NULL; + } + if (prog != NULL) lh_free(prog); + if (arg.data != NULL) Free(arg.data); + ERR_remove_state(0); + + EVP_cleanup(); + ERR_free_strings(); + + CRYPTO_mem_leaks(bio_err); + if (bio_err != NULL) + { + BIO_free(bio_err); + bio_err=NULL; + } + EXIT(ret); + } + +#define LIST_STANDARD_COMMANDS "list-standard-commands" +#define LIST_MESSAGE_DIGEST_COMMANDS "list-message-digest-commands" +#define LIST_CIPHER_COMMANDS "list-cipher-commands" + +static int do_cmd(LHASH *prog, int argc, char *argv[]) + { + FUNCTION f,*fp; + int i,ret=1,tp,nl; + + if ((argc <= 0) || (argv[0] == NULL)) + { ret=0; goto end; } + f.name=argv[0]; + fp=(FUNCTION *)lh_retrieve(prog,(char *)&f); + if (fp != NULL) + { + ret=fp->func(argc,argv); + } + else if ((strcmp(argv[0],"quit") == 0) || + (strcmp(argv[0],"q") == 0) || + (strcmp(argv[0],"exit") == 0) || + (strcmp(argv[0],"bye") == 0)) + { + ret= -1; + goto end; + } + else if ((strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0) || + (strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0) || + (strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0)) + { + int list_type; + BIO *bio_stdout; + + if (strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0) + list_type = FUNC_TYPE_GENERAL; + else if (strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0) + list_type = FUNC_TYPE_MD; + else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */ + list_type = FUNC_TYPE_CIPHER; + bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE); + + for (fp=functions; fp->name != NULL; fp++) + if (fp->type == list_type) + BIO_printf(bio_stdout, "%s\n", fp->name); + BIO_free(bio_stdout); + ret=0; + goto end; + } + else + { + BIO_printf(bio_err,"openssl:Error: '%s' is an invalid command.\n", + argv[0]); + BIO_printf(bio_err, "\nStandard commands"); + i=0; + tp=0; + for (fp=functions; fp->name != NULL; fp++) + { + nl=0; + if (((i++) % 5) == 0) + { + BIO_printf(bio_err,"\n"); + nl=1; + } + if (fp->type != tp) + { + tp=fp->type; + if (!nl) BIO_printf(bio_err,"\n"); + if (tp == FUNC_TYPE_MD) + { + i=1; + BIO_printf(bio_err, + "\nMessage Digest commands (see the `dgst' command for more details)\n"); + } + else if (tp == FUNC_TYPE_CIPHER) + { + i=1; + BIO_printf(bio_err,"\nCipher commands (see the `enc' command for more details)\n"); + } + } + BIO_printf(bio_err,"%-15s",fp->name); + } + BIO_printf(bio_err,"\n\n"); + ret=0; + } +end: + return(ret); + } + +static int SortFnByName(const void *_f1,const void *_f2) + { + const FUNCTION *f1=_f1; + const FUNCTION *f2=_f2; + + if(f1->type != f2->type) + return f1->type-f2->type; + return strcmp(f1->name,f2->name); + } + +static LHASH *prog_init(void) + { + LHASH *ret; + FUNCTION *f; + int i; + + /* Purely so it looks nice when the user hits ? */ + for(i=0,f=functions ; f->name != NULL ; ++f,++i) + ; + qsort(functions,i,sizeof *functions,SortFnByName); + + if ((ret=lh_new(hash,cmp)) == NULL) return(NULL); + + for (f=functions; f->name != NULL; f++) + lh_insert(ret,(char *)f); + return(ret); + } + +static int MS_CALLBACK cmp(FUNCTION *a, FUNCTION *b) + { + return(strncmp(a->name,b->name,8)); + } + +static unsigned long MS_CALLBACK hash(FUNCTION *a) + { + return(lh_strhash(a->name)); + } + +#undef SSLEAY diff --git a/crypto/openssl/apps/openssl.cnf b/crypto/openssl/apps/openssl.cnf new file mode 100644 index 0000000..d70dd25 --- /dev/null +++ b/crypto/openssl/apps/openssl.cnf @@ -0,0 +1,214 @@ +# +# OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +RANDFILE = $ENV::HOME/.rnd +oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca' and 'req'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./demoCA # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cakey.pem# The private key +RANDFILE = $dir/private/.rand # private random number file + +x509_extensions = usr_cert # The extentions to add to the cert + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = md5 # which md to use. +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (eg, YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 40 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +[ v3_ca ] + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer:always + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# RAW DER hex encoding of an extension: beware experts only! +# 1.2.3.5=RAW:02:03 +# You can even override a supported extension: +# basicConstraints= critical, RAW:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always,issuer:always diff --git a/crypto/openssl/apps/pca-cert.srl b/crypto/openssl/apps/pca-cert.srl new file mode 100644 index 0000000..8a0f05e --- /dev/null +++ b/crypto/openssl/apps/pca-cert.srl @@ -0,0 +1 @@ +01 diff --git a/crypto/openssl/apps/pca-key.pem b/crypto/openssl/apps/pca-key.pem new file mode 100644 index 0000000..20029ab --- /dev/null +++ b/crypto/openssl/apps/pca-key.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg +wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ +vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB +AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc +z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz +xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7 +HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD +yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS +xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj +7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG +h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL +QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q +hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc= +-----END RSA PRIVATE KEY----- diff --git a/crypto/openssl/apps/pca-req.pem b/crypto/openssl/apps/pca-req.pem new file mode 100644 index 0000000..33f1553 --- /dev/null +++ b/crypto/openssl/apps/pca-req.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBmjCCAQMCAQAwXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx +GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAo +MTAyNCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfj +Irkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUX +MRsp22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3 +vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAEzz +IG8NnfpnPTQSCN5zJhOfy6p9AcDyQzuJirYv1HR/qoYWalPh/U2uiK0lAim7qMcv +wOlK3I7A8B7/4dLqvIqgtUj9b1WT8zIrnwdvJI4osLI2BY+c1pVlp174DHLMol1L +Cl1e3N5BTm7lCitTYjuUhsw6hiA8IcdNKDo6sktV +-----END CERTIFICATE REQUEST----- diff --git a/crypto/openssl/apps/pem_mail.c b/crypto/openssl/apps/pem_mail.c new file mode 100644 index 0000000..f85c7b1 --- /dev/null +++ b/crypto/openssl/apps/pem_mail.c @@ -0,0 +1,170 @@ +/* apps/pem_mail.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef NO_RSA +#include <stdio.h> +#include <openssl/rsa.h> +#include <openssl/evp.h> +#include <openssl/objects.h> +#include <openssl/x509.h> +#include <openssl/err.h> +#include <openssl/pem.h> +#include "apps.h" + +#undef PROG +#define PROG pem_mail_main + +static char *usage[]={ +"usage: pem_mail args\n", +"\n", +" -in arg - input file - default stdin\n", +" -out arg - output file - default stdout\n", +" -cert arg - the certificate to use\n", +" -key arg - the private key to use\n", +" -MIC - sign the message\n", +" -enc arg - encrypt with one of cbc-des\n", +NULL +}; + + +typedef struct lines_St + { + char *line; + struct lines_st *next; + } LINES; + +int main(int argc, char **argv) + { + FILE *in; + RSA *rsa=NULL; + EVP_MD_CTX ctx; + unsigned int mic=0,i,n; + unsigned char buf[1024*15]; + char *prog,*infile=NULL,*outfile=NULL,*key=NULL; + int badops=0; + + apps_startup(); + + prog=argv[0]; + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-key") == 0) + { + if (--argc < 1) goto bad; + key= *(++argv); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-mic") == 0) + mic=1; + else + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { +bad: + BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); + BIO_printf(bio_err,"where options are\n"); + EXIT(1); + } + + if (key == NULL) + { BIO_printf(bio_err,"you need to specify a key\n"); EXIT(1); } + in=fopen(key,"r"); + if (in == NULL) { perror(key); EXIT(1); } + rsa=PEM_read_RSAPrivateKey(in,NULL,NULL); + if (rsa == NULL) + { + BIO_printf(bio_err,"unable to load Private Key\n"); + ERR_print_errors(bio_err); + EXIT(1); + } + fclose(in); + + PEM_SignInit(&ctx,EVP_md5()); + for (;;) + { + i=fread(buf,1,1024*10,stdin); + if (i <= 0) break; + PEM_SignUpdate(&ctx,buf,i); + } + if (!PEM_SignFinal(&ctx,buf,&n,rsa)) goto err; + BIO_printf(bio_err,"%s\n",buf); + EXIT(0); +err: + ERR_print_errors(bio_err); + EXIT(1); + } +#endif diff --git a/crypto/openssl/apps/pkcs12.c b/crypto/openssl/apps/pkcs12.c new file mode 100644 index 0000000..5defdde --- /dev/null +++ b/crypto/openssl/apps/pkcs12.c @@ -0,0 +1,703 @@ +/* pkcs12.c */ +#if !defined(NO_DES) && !defined(NO_SHA1) + +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <openssl/des.h> +#include <openssl/pem.h> +#include <openssl/err.h> +#include <openssl/pkcs12.h> + +#include "apps.h" +#define PROG pkcs12_main + +EVP_CIPHER *enc; + + +#define NOKEYS 0x1 +#define NOCERTS 0x2 +#define INFO 0x4 +#define CLCERTS 0x8 +#define CACERTS 0x10 + +int get_cert_chain(X509 *cert, STACK_OF(X509) **chain); +int dump_cert_text (BIO *out, X509 *x); +int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options); +int dump_certs_pkeys_bags(BIO *out, STACK *bags, char *pass, int passlen, int options); +int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options); +int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name); +void hex_prin(BIO *out, unsigned char *buf, int len); +int alg_print(BIO *x, X509_ALGOR *alg); +int cert_load(BIO *in, STACK_OF(X509) *sk); +int MAIN(int argc, char **argv) +{ + char *infile=NULL, *outfile=NULL, *keyname = NULL; + char *certfile=NULL; + BIO *in=NULL, *out = NULL, *inkey = NULL, *certsin = NULL; + char **args; + char *name = NULL; + PKCS12 *p12 = NULL; + char pass[50], macpass[50]; + int export_cert = 0; + int options = 0; + int chain = 0; + int badarg = 0; + int iter = PKCS12_DEFAULT_ITER; + int maciter = 1; + int twopass = 0; + int keytype = 0; + int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; + int ret = 1; + int macver = 1; + int noprompt = 0; + STACK *canames = NULL; + char *cpass = NULL, *mpass = NULL; + + apps_startup(); + + enc = EVP_des_ede3_cbc(); + if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); + + args = argv + 1; + + + while (*args) { + if (*args[0] == '-') { + if (!strcmp (*args, "-nokeys")) options |= NOKEYS; + else if (!strcmp (*args, "-keyex")) keytype = KEY_EX; + else if (!strcmp (*args, "-keysig")) keytype = KEY_SIG; + else if (!strcmp (*args, "-nocerts")) options |= NOCERTS; + else if (!strcmp (*args, "-clcerts")) options |= CLCERTS; + else if (!strcmp (*args, "-cacerts")) options |= CACERTS; + else if (!strcmp (*args, "-noout")) options |= (NOKEYS|NOCERTS); + else if (!strcmp (*args, "-info")) options |= INFO; + else if (!strcmp (*args, "-chain")) chain = 1; + else if (!strcmp (*args, "-twopass")) twopass = 1; + else if (!strcmp (*args, "-nomacver")) macver = 0; + else if (!strcmp (*args, "-descert")) + cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; + else if (!strcmp (*args, "-export")) export_cert = 1; + else if (!strcmp (*args, "-des")) enc=EVP_des_cbc(); +#ifndef NO_IDEA + else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc(); +#endif + else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc(); + else if (!strcmp (*args, "-noiter")) iter = 1; + else if (!strcmp (*args, "-maciter")) + maciter = PKCS12_DEFAULT_ITER; + else if (!strcmp (*args, "-nodes")) enc=NULL; + else if (!strcmp (*args, "-inkey")) { + if (args[1]) { + args++; + keyname = *args; + } else badarg = 1; + } else if (!strcmp (*args, "-certfile")) { + if (args[1]) { + args++; + certfile = *args; + } else badarg = 1; + } else if (!strcmp (*args, "-name")) { + if (args[1]) { + args++; + name = *args; + } else badarg = 1; + } else if (!strcmp (*args, "-caname")) { + if (args[1]) { + args++; + if (!canames) canames = sk_new(NULL); + sk_push(canames, *args); + } else badarg = 1; + } else if (!strcmp (*args, "-in")) { + if (args[1]) { + args++; + infile = *args; + } else badarg = 1; + } else if (!strcmp (*args, "-out")) { + if (args[1]) { + args++; + outfile = *args; + } else badarg = 1; + } else if (!strcmp (*args, "-envpass")) { + if (args[1]) { + args++; + if(!(cpass = getenv(*args))) { + BIO_printf(bio_err, + "Can't read environment variable %s\n", *args); + goto end; + } + noprompt = 1; + } else badarg = 1; + } else if (!strcmp (*args, "-password")) { + if (args[1]) { + args++; + cpass = *args; + noprompt = 1; + } else badarg = 1; + } else badarg = 1; + + } else badarg = 1; + args++; + } + + if (badarg) { + BIO_printf (bio_err, "Usage: pkcs12 [options]\n"); + BIO_printf (bio_err, "where options are\n"); + BIO_printf (bio_err, "-export output PKCS12 file\n"); + BIO_printf (bio_err, "-chain add certificate chain\n"); + BIO_printf (bio_err, "-inkey file private key if not infile\n"); + BIO_printf (bio_err, "-certfile f add all certs in f\n"); + BIO_printf (bio_err, "-name \"name\" use name as friendly name\n"); + BIO_printf (bio_err, "-caname \"nm\" use nm as CA friendly name (can be used more than once).\n"); + BIO_printf (bio_err, "-in infile input filename\n"); + BIO_printf (bio_err, "-out outfile output filename\n"); + BIO_printf (bio_err, "-noout don't output anything, just verify.\n"); + BIO_printf (bio_err, "-nomacver don't verify MAC.\n"); + BIO_printf (bio_err, "-nocerts don't output certificates.\n"); + BIO_printf (bio_err, "-clcerts only output client certificates.\n"); + BIO_printf (bio_err, "-cacerts only output CA certificates.\n"); + BIO_printf (bio_err, "-nokeys don't output private keys.\n"); + BIO_printf (bio_err, "-info give info about PKCS#12 structure.\n"); + BIO_printf (bio_err, "-des encrypt private keys with DES\n"); + BIO_printf (bio_err, "-des3 encrypt private keys with triple DES (default)\n"); +#ifndef NO_IDEA + BIO_printf (bio_err, "-idea encrypt private keys with idea\n"); +#endif + BIO_printf (bio_err, "-nodes don't encrypt private keys\n"); + BIO_printf (bio_err, "-noiter don't use encryption iteration\n"); + BIO_printf (bio_err, "-maciter use MAC iteration\n"); + BIO_printf (bio_err, "-twopass separate MAC, encryption passwords\n"); + BIO_printf (bio_err, "-descert encrypt PKCS#12 certificates with triple DES (default RC2-40)\n"); + BIO_printf (bio_err, "-keyex set MS key exchange type\n"); + BIO_printf (bio_err, "-keysig set MS key signature type\n"); + BIO_printf (bio_err, "-password p set import/export password (NOT RECOMMENDED)\n"); + BIO_printf (bio_err, "-envpass p set import/export password from environment\n"); + goto end; + } + + if(cpass) mpass = cpass; + else { + cpass = pass; + mpass = macpass; + } + + ERR_load_crypto_strings(); + + if (!infile) in = BIO_new_fp(stdin, BIO_NOCLOSE); + else in = BIO_new_file(infile, "rb"); + if (!in) { + BIO_printf(bio_err, "Error opening input file %s\n", + infile ? infile : "<stdin>"); + perror (infile); + goto end; + } + + if (certfile) { + if(!(certsin = BIO_new_file(certfile, "r"))) { + BIO_printf(bio_err, "Can't open certificate file %s\n", certfile); + perror (certfile); + goto end; + } + } + + if (keyname) { + if(!(inkey = BIO_new_file(keyname, "r"))) { + BIO_printf(bio_err, "Can't key certificate file %s\n", keyname); + perror (keyname); + goto end; + } + } + + if (!outfile) out = BIO_new_fp(stdout, BIO_NOCLOSE); + else out = BIO_new_file(outfile, "wb"); + if (!out) { + BIO_printf(bio_err, "Error opening output file %s\n", + outfile ? outfile : "<stdout>"); + perror (outfile); + goto end; + } + if (twopass) { + if(EVP_read_pw_string (macpass, 50, "Enter MAC Password:", export_cert)) + { + BIO_printf (bio_err, "Can't read Password\n"); + goto end; + } + } + +if (export_cert) { + EVP_PKEY *key; + STACK *bags, *safes; + PKCS12_SAFEBAG *bag; + PKCS8_PRIV_KEY_INFO *p8; + PKCS7 *authsafe; + X509 *cert = NULL, *ucert = NULL; + STACK_OF(X509) *certs; + char *catmp; + int i; + unsigned char keyid[EVP_MAX_MD_SIZE]; + unsigned int keyidlen = 0; + key = PEM_read_bio_PrivateKey(inkey ? inkey : in, NULL, NULL, NULL); + if (!inkey) (void) BIO_reset(in); + if (!key) { + BIO_printf (bio_err, "Error loading private key\n"); + ERR_print_errors(bio_err); + goto end; + } + + certs = sk_X509_new(NULL); + + /* Load in all certs in input file */ + if(!cert_load(in, certs)) { + BIO_printf(bio_err, "Error loading certificates from input\n"); + ERR_print_errors(bio_err); + goto end; + } + + for(i = 0; i < sk_X509_num(certs); i++) { + ucert = sk_X509_value(certs, i); + if(X509_check_private_key(ucert, key)) { + X509_digest(cert, EVP_sha1(), keyid, &keyidlen); + break; + } + } + + if(!keyidlen) { + BIO_printf(bio_err, "No certificate matches private key\n"); + goto end; + } + + bags = sk_new (NULL); + + /* Add any more certificates asked for */ + if (certsin) { + if(!cert_load(certsin, certs)) { + BIO_printf(bio_err, "Error loading certificates from certfile\n"); + ERR_print_errors(bio_err); + goto end; + } + BIO_free(certsin); + } + + /* If chaining get chain from user cert */ + if (chain) { + int vret; + STACK_OF(X509) *chain2; + vret = get_cert_chain (ucert, &chain2); + if (vret) { + BIO_printf (bio_err, "Error %s getting chain.\n", + X509_verify_cert_error_string(vret)); + goto end; + } + /* Exclude verified certificate */ + for (i = 1; i < sk_X509_num (chain2) ; i++) + sk_X509_push(certs, sk_X509_value (chain2, i)); + sk_X509_free(chain2); + + } + + /* We now have loads of certificates: include them all */ + for(i = 0; i < sk_X509_num(certs); i++) { + cert = sk_X509_value(certs, i); + bag = M_PKCS12_x5092certbag(cert); + /* If it matches private key set id */ + if(cert == ucert) { + if(name) PKCS12_add_friendlyname(bag, name, -1); + PKCS12_add_localkeyid(bag, keyid, keyidlen); + } else if((catmp = sk_shift(canames))) + PKCS12_add_friendlyname(bag, catmp, -1); + sk_push(bags, (char *)bag); + } + + if (canames) sk_free(canames); + + if(!noprompt && + EVP_read_pw_string(pass, 50, "Enter Export Password:", 1)) { + BIO_printf (bio_err, "Can't read Password\n"); + goto end; + } + if (!twopass) strcpy(macpass, pass); + /* Turn certbags into encrypted authsafe */ + authsafe = PKCS12_pack_p7encdata(cert_pbe, cpass, -1, NULL, 0, + iter, bags); + sk_pop_free(bags, PKCS12_SAFEBAG_free); + + if (!authsafe) { + ERR_print_errors (bio_err); + goto end; + } + + safes = sk_new (NULL); + sk_push (safes, (char *)authsafe); + + /* Make a shrouded key bag */ + p8 = EVP_PKEY2PKCS8 (key); + EVP_PKEY_free(key); + if(keytype) PKCS8_add_keyusage(p8, keytype); + bag = PKCS12_MAKE_SHKEYBAG(NID_pbe_WithSHA1And3_Key_TripleDES_CBC, + cpass, -1, NULL, 0, iter, p8); + PKCS8_PRIV_KEY_INFO_free(p8); + if (name) PKCS12_add_friendlyname (bag, name, -1); + PKCS12_add_localkeyid (bag, keyid, keyidlen); + bags = sk_new(NULL); + sk_push (bags, (char *)bag); + /* Turn it into unencrypted safe bag */ + authsafe = PKCS12_pack_p7data (bags); + sk_pop_free(bags, PKCS12_SAFEBAG_free); + sk_push (safes, (char *)authsafe); + + p12 = PKCS12_init (NID_pkcs7_data); + + M_PKCS12_pack_authsafes (p12, safes); + + sk_pop_free(safes, PKCS7_free); + + PKCS12_set_mac (p12, mpass, -1, NULL, 0, maciter, NULL); + + i2d_PKCS12_bio (out, p12); + + PKCS12_free(p12); + + ret = 0; + goto end; + + } + + if (!(p12 = d2i_PKCS12_bio (in, NULL))) { + ERR_print_errors(bio_err); + goto end; + } + + if(!noprompt && EVP_read_pw_string(pass, 50, "Enter Import Password:", 0)) { + BIO_printf (bio_err, "Can't read Password\n"); + goto end; + } + + if (!twopass) strcpy(macpass, pass); + + if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1); + if(macver) { + if (!PKCS12_verify_mac (p12, mpass, -1)) { + BIO_printf (bio_err, "Mac verify errror: invalid password?\n"); + ERR_print_errors (bio_err); + goto end; + } else BIO_printf (bio_err, "MAC verified OK\n"); + } + + if (!dump_certs_keys_p12 (out, p12, cpass, -1, options)) { + BIO_printf(bio_err, "Error outputting keys and certificates\n"); + ERR_print_errors (bio_err); + goto end; + } + PKCS12_free(p12); + ret = 0; + end: + BIO_free(out); + EXIT(ret); +} + +int dump_cert_text (BIO *out, X509 *x) +{ + char buf[256]; + X509_NAME_oneline(X509_get_subject_name(x),buf,256); + BIO_puts(out,"subject="); + BIO_puts(out,buf); + + X509_NAME_oneline(X509_get_issuer_name(x),buf,256); + BIO_puts(out,"\nissuer= "); + BIO_puts(out,buf); + BIO_puts(out,"\n"); + return 0; +} + +int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass, + int passlen, int options) +{ + STACK *asafes, *bags; + int i, bagnid; + PKCS7 *p7; + if (!( asafes = M_PKCS12_unpack_authsafes (p12))) return 0; + for (i = 0; i < sk_num (asafes); i++) { + p7 = (PKCS7 *) sk_value (asafes, i); + bagnid = OBJ_obj2nid (p7->type); + if (bagnid == NID_pkcs7_data) { + bags = M_PKCS12_unpack_p7data (p7); + if (options & INFO) BIO_printf (bio_err, "PKCS7 Data\n"); + } else if (bagnid == NID_pkcs7_encrypted) { + if (options & INFO) { + BIO_printf (bio_err, "PKCS7 Encrypted data: "); + alg_print (bio_err, + p7->d.encrypted->enc_data->algorithm); + } + bags = M_PKCS12_unpack_p7encdata (p7, pass, passlen); + } else continue; + if (!bags) return 0; + if (!dump_certs_pkeys_bags (out, bags, pass, passlen, + options)) { + sk_pop_free (bags, PKCS12_SAFEBAG_free); + return 0; + } + sk_pop_free (bags, PKCS12_SAFEBAG_free); + } + sk_pop_free (asafes, PKCS7_free); + return 1; +} + +int dump_certs_pkeys_bags (BIO *out, STACK *bags, char *pass, + int passlen, int options) +{ + int i; + for (i = 0; i < sk_num (bags); i++) { + if (!dump_certs_pkeys_bag (out, + (PKCS12_SAFEBAG *)sk_value (bags, i), pass, passlen, + options)) return 0; + } + return 1; +} + +int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass, + int passlen, int options) +{ + EVP_PKEY *pkey; + PKCS8_PRIV_KEY_INFO *p8; + X509 *x509; + + switch (M_PKCS12_bag_type(bag)) + { + case NID_keyBag: + if (options & INFO) BIO_printf (bio_err, "Key bag\n"); + if (options & NOKEYS) return 1; + print_attribs (out, bag->attrib, "Bag Attributes"); + p8 = bag->value.keybag; + if (!(pkey = EVP_PKCS82PKEY (p8))) return 0; + print_attribs (out, p8->attributes, "Key Attributes"); + PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, NULL); + EVP_PKEY_free(pkey); + break; + + case NID_pkcs8ShroudedKeyBag: + if (options & INFO) { + BIO_printf (bio_err, "Shrouded Keybag: "); + alg_print (bio_err, bag->value.shkeybag->algor); + } + if (options & NOKEYS) return 1; + print_attribs (out, bag->attrib, "Bag Attributes"); + if (!(p8 = M_PKCS12_decrypt_skey (bag, pass, passlen))) + return 0; + if (!(pkey = EVP_PKCS82PKEY (p8))) return 0; + print_attribs (out, p8->attributes, "Key Attributes"); + PKCS8_PRIV_KEY_INFO_free(p8); + PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, NULL); + EVP_PKEY_free(pkey); + break; + + case NID_certBag: + if (options & INFO) BIO_printf (bio_err, "Certificate bag\n"); + if (options & NOCERTS) return 1; + if (PKCS12_get_attr(bag, NID_localKeyID)) { + if (options & CACERTS) return 1; + } else if (options & CLCERTS) return 1; + print_attribs (out, bag->attrib, "Bag Attributes"); + if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate ) + return 1; + if (!(x509 = M_PKCS12_certbag2x509(bag))) return 0; + dump_cert_text (out, x509); + PEM_write_bio_X509 (out, x509); + X509_free(x509); + break; + + case NID_safeContentsBag: + if (options & INFO) BIO_printf (bio_err, "Safe Contents bag\n"); + print_attribs (out, bag->attrib, "Bag Attributes"); + return dump_certs_pkeys_bags (out, bag->value.safes, pass, + passlen, options); + + default: + BIO_printf (bio_err, "Warning unsupported bag type: "); + i2a_ASN1_OBJECT (bio_err, bag->type); + BIO_printf (bio_err, "\n"); + return 1; + break; + } + return 1; +} + +/* Given a single certificate return a verified chain or NULL if error */ + +/* Hope this is OK .... */ + +int get_cert_chain (X509 *cert, STACK_OF(X509) **chain) +{ + X509_STORE *store; + X509_STORE_CTX store_ctx; + STACK_OF(X509) *chn; + int i; + X509 *x; + store = X509_STORE_new (); + X509_STORE_set_default_paths (store); + X509_STORE_CTX_init(&store_ctx, store, cert, NULL); + if (X509_verify_cert(&store_ctx) <= 0) { + i = X509_STORE_CTX_get_error (&store_ctx); + goto err; + } + chn = sk_X509_dup(X509_STORE_CTX_get_chain (&store_ctx)); + for (i = 0; i < sk_X509_num(chn); i++) { + x = sk_X509_value(chn, i); + CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); + } + i = 0; + *chain = chn; +err: + X509_STORE_CTX_cleanup(&store_ctx); + X509_STORE_free(store); + + return i; +} + +int alg_print (BIO *x, X509_ALGOR *alg) +{ + PBEPARAM *pbe; + unsigned char *p; + p = alg->parameter->value.sequence->data; + pbe = d2i_PBEPARAM (NULL, &p, alg->parameter->value.sequence->length); + BIO_printf (bio_err, "%s, Iteration %d\n", + OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)), ASN1_INTEGER_get(pbe->iter)); + PBEPARAM_free (pbe); + return 0; +} + +/* Load all certificates from a given file */ + +int cert_load(BIO *in, STACK_OF(X509) *sk) +{ + int ret; + X509 *cert; + ret = 0; + while((cert = PEM_read_bio_X509(in, NULL, NULL, NULL))) { + ret = 1; + sk_X509_push(sk, cert); + } + if(ret) ERR_clear_error(); + return ret; +} + +/* Generalised attribute print: handle PKCS#8 and bag attributes */ + +int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name) +{ + X509_ATTRIBUTE *attr; + ASN1_TYPE *av; + char *value; + int i, attr_nid; + if(!attrlst) { + BIO_printf(out, "%s: <No Attributes>\n", name); + return 1; + } + if(!sk_X509_ATTRIBUTE_num(attrlst)) { + BIO_printf(out, "%s: <Empty Attributes>\n", name); + return 1; + } + BIO_printf(out, "%s\n", name); + for(i = 0; i < sk_X509_ATTRIBUTE_num(attrlst); i++) { + attr = sk_X509_ATTRIBUTE_value(attrlst, i); + attr_nid = OBJ_obj2nid(attr->object); + BIO_printf(out, " "); + if(attr_nid == NID_undef) { + i2a_ASN1_OBJECT (out, attr->object); + BIO_printf(out, ": "); + } else BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid)); + + if(sk_ASN1_TYPE_num(attr->value.set)) { + av = sk_ASN1_TYPE_value(attr->value.set, 0); + switch(av->type) { + case V_ASN1_BMPSTRING: + value = uni2asc(av->value.bmpstring->data, + av->value.bmpstring->length); + BIO_printf(out, "%s\n", value); + Free(value); + break; + + case V_ASN1_OCTET_STRING: + hex_prin(out, av->value.bit_string->data, + av->value.bit_string->length); + BIO_printf(out, "\n"); + break; + + case V_ASN1_BIT_STRING: + hex_prin(out, av->value.octet_string->data, + av->value.octet_string->length); + BIO_printf(out, "\n"); + break; + + default: + BIO_printf(out, "<Unsupported tag %d>\n", av->type); + break; + } + } else BIO_printf(out, "<No Values>\n"); + } + return 1; +} + +void hex_prin(BIO *out, unsigned char *buf, int len) +{ + int i; + for (i = 0; i < len; i++) BIO_printf (out, "%02X ", buf[i]); +} + +#endif diff --git a/crypto/openssl/apps/pkcs7.c b/crypto/openssl/apps/pkcs7.c new file mode 100644 index 0000000..0e1427c --- /dev/null +++ b/crypto/openssl/apps/pkcs7.c @@ -0,0 +1,313 @@ +/* apps/pkcs7.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <time.h> +#include "apps.h" +#include <openssl/err.h> +#include <openssl/objects.h> +#include <openssl/evp.h> +#include <openssl/x509.h> +#include <openssl/pkcs7.h> +#include <openssl/pem.h> + +#undef PROG +#define PROG pkcs7_main + +/* -inform arg - input format - default PEM (one of DER, TXT or PEM) + * -outform arg - output format - default PEM + * -in arg - input file - default stdin + * -out arg - output file - default stdout + * -des - encrypt output if PEM format with DES in cbc mode + * -des3 - encrypt output if PEM format + * -idea - encrypt output if PEM format + * -print_certs + */ + +int MAIN(int argc, char **argv) + { + PKCS7 *p7=NULL; + int i,badops=0; +#if !defined(NO_DES) || !defined(NO_IDEA) + EVP_CIPHER *enc=NULL; +#endif + BIO *in=NULL,*out=NULL; + int informat,outformat; + char *infile,*outfile,*prog,buf[256]; + int print_certs=0; + int ret=0; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + infile=NULL; + outfile=NULL; + informat=FORMAT_PEM; + outformat=FORMAT_PEM; + + prog=argv[0]; + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-inform") == 0) + { + if (--argc < 1) goto bad; + informat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-outform") == 0) + { + if (--argc < 1) goto bad; + outformat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-print_certs") == 0) + print_certs=1; +#ifndef NO_DES + else if (strcmp(*argv,"-des") == 0) + enc=EVP_des_cbc(); + else if (strcmp(*argv,"-des3") == 0) + enc=EVP_des_ede3_cbc(); +#endif +#ifndef NO_IDEA + else if (strcmp(*argv,"-idea") == 0) + enc=EVP_idea_cbc(); +#endif + else + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { +bad: + BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); + BIO_printf(bio_err,"where options are\n"); + BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n"); + BIO_printf(bio_err," -outform arg output format - one of DER TXT PEM\n"); + BIO_printf(bio_err," -in arg input file\n"); + BIO_printf(bio_err," -out arg output file\n"); + BIO_printf(bio_err," -print_certs print any certs or crl in the input\n"); + BIO_printf(bio_err," -des encrypt PEM output with cbc des\n"); + BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); +#ifndef NO_IDEA + BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n"); +#endif + EXIT(1); + } + + ERR_load_crypto_strings(); + + in=BIO_new(BIO_s_file()); + out=BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL)) + { + ERR_print_errors(bio_err); + goto end; + } + + if (infile == NULL) + BIO_set_fp(in,stdin,BIO_NOCLOSE); + else + { + if (BIO_read_filename(in,infile) <= 0) + if (in == NULL) + { + perror(infile); + goto end; + } + } + + if (informat == FORMAT_ASN1) + p7=d2i_PKCS7_bio(in,NULL); + else if (informat == FORMAT_PEM) + p7=PEM_read_bio_PKCS7(in,NULL,NULL,NULL); + else + { + BIO_printf(bio_err,"bad input format specified for pkcs7 object\n"); + goto end; + } + if (p7 == NULL) + { + BIO_printf(bio_err,"unable to load PKCS7 object\n"); + ERR_print_errors(bio_err); + goto end; + } + + if (outfile == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if (BIO_write_filename(out,outfile) <= 0) + { + perror(outfile); + goto end; + } + } + + if (print_certs) + { + STACK_OF(X509) *certs=NULL; + STACK_OF(X509_CRL) *crls=NULL; + + i=OBJ_obj2nid(p7->type); + switch (i) + { + case NID_pkcs7_signed: + certs=p7->d.sign->cert; + crls=p7->d.sign->crl; + break; + case NID_pkcs7_signedAndEnveloped: + certs=p7->d.signed_and_enveloped->cert; + crls=p7->d.signed_and_enveloped->crl; + break; + default: + break; + } + + if (certs != NULL) + { + X509 *x; + + for (i=0; i<sk_X509_num(certs); i++) + { + x=sk_X509_value(certs,i); + + X509_NAME_oneline(X509_get_subject_name(x), + buf,256); + BIO_puts(out,"subject="); + BIO_puts(out,buf); + + X509_NAME_oneline(X509_get_issuer_name(x), + buf,256); + BIO_puts(out,"\nissuer= "); + BIO_puts(out,buf); + BIO_puts(out,"\n"); + + PEM_write_bio_X509(out,x); + BIO_puts(out,"\n"); + } + } + if (crls != NULL) + { + X509_CRL *crl; + + for (i=0; i<sk_X509_CRL_num(crls); i++) + { + crl=sk_X509_CRL_value(crls,i); + + X509_NAME_oneline(crl->crl->issuer,buf,256); + BIO_puts(out,"issuer= "); + BIO_puts(out,buf); + + BIO_puts(out,"\nlast update="); + ASN1_TIME_print(out,crl->crl->lastUpdate); + BIO_puts(out,"\nnext update="); + ASN1_TIME_print(out,crl->crl->nextUpdate); + BIO_puts(out,"\n"); + + PEM_write_bio_X509_CRL(out,crl); + BIO_puts(out,"\n"); + } + } + + ret=0; + goto end; + } + + if (outformat == FORMAT_ASN1) + i=i2d_PKCS7_bio(out,p7); + else if (outformat == FORMAT_PEM) + i=PEM_write_bio_PKCS7(out,p7); + else { + BIO_printf(bio_err,"bad output format specified for outfile\n"); + goto end; + } + + if (!i) + { + BIO_printf(bio_err,"unable to write pkcs7 object\n"); + ERR_print_errors(bio_err); + goto end; + } + ret=0; +end: + if (p7 != NULL) PKCS7_free(p7); + if (in != NULL) BIO_free(in); + if (out != NULL) BIO_free(out); + EXIT(ret); + } diff --git a/crypto/openssl/apps/pkcs8.c b/crypto/openssl/apps/pkcs8.c new file mode 100644 index 0000000..a053883 --- /dev/null +++ b/crypto/openssl/apps/pkcs8.c @@ -0,0 +1,274 @@ +/* pkcs8.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +#include <stdio.h> +#include <string.h> +#include <openssl/pem.h> +#include <openssl/err.h> +#include <openssl/evp.h> +#include <openssl/pkcs12.h> + +#include "apps.h" +#define PROG pkcs8_main + + +int MAIN(int argc, char **argv) +{ + char **args, *infile = NULL, *outfile = NULL; + BIO *in = NULL, *out = NULL; + int topk8 = 0; + int pbe_nid = -1; + const EVP_CIPHER *cipher = NULL; + int iter = PKCS12_DEFAULT_ITER; + int informat, outformat; + int p8_broken = PKCS8_OK; + int nocrypt = 0; + X509_SIG *p8; + PKCS8_PRIV_KEY_INFO *p8inf; + EVP_PKEY *pkey; + char pass[50]; + int badarg = 0; + if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); + informat=FORMAT_PEM; + outformat=FORMAT_PEM; + ERR_load_crypto_strings(); + SSLeay_add_all_algorithms(); + args = argv + 1; + while (!badarg && *args && *args[0] == '-') { + if (!strcmp(*args,"-v2")) { + if (args[1]) { + args++; + cipher=EVP_get_cipherbyname(*args); + if(!cipher) { + BIO_printf(bio_err, + "Unknown cipher %s\n", *args); + badarg = 1; + } + } else badarg = 1; + } else if (!strcmp(*args,"-inform")) { + if (args[1]) { + args++; + informat=str2fmt(*args); + } else badarg = 1; + } else if (!strcmp(*args,"-outform")) { + if (args[1]) { + args++; + outformat=str2fmt(*args); + } else badarg = 1; + } else if (!strcmp (*args, "-topk8")) topk8 = 1; + else if (!strcmp (*args, "-noiter")) iter = 1; + else if (!strcmp (*args, "-nocrypt")) nocrypt = 1; + else if (!strcmp (*args, "-nooct")) p8_broken = PKCS8_NO_OCTET; + else if (!strcmp (*args, "-in")) { + if (args[1]) { + args++; + infile = *args; + } else badarg = 1; + } else if (!strcmp (*args, "-out")) { + if (args[1]) { + args++; + outfile = *args; + } else badarg = 1; + } else badarg = 1; + args++; + } + + if (badarg) { + BIO_printf (bio_err, "Usage pkcs8 [options]\n"); + BIO_printf (bio_err, "where options are\n"); + BIO_printf (bio_err, "-in file input file\n"); + BIO_printf (bio_err, "-inform X input format (DER or PEM)\n"); + BIO_printf (bio_err, "-outform X output format (DER or PEM)\n"); + BIO_printf (bio_err, "-out file output file\n"); + BIO_printf (bio_err, "-topk8 output PKCS8 file\n"); + BIO_printf (bio_err, "-nooct use (broken) no octet form\n"); + BIO_printf (bio_err, "-noiter use 1 as iteration count\n"); + BIO_printf (bio_err, "-nocrypt use or expect unencrypted private key\n"); + BIO_printf (bio_err, "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n"); + return (1); + } + + if ((pbe_nid == -1) && !cipher) pbe_nid = NID_pbeWithMD5AndDES_CBC; + + if (infile) { + if (!(in = BIO_new_file (infile, "rb"))) { + BIO_printf (bio_err, + "Can't open input file %s\n", infile); + return (1); + } + } else in = BIO_new_fp (stdin, BIO_NOCLOSE); + + if (outfile) { + if (!(out = BIO_new_file (outfile, "wb"))) { + BIO_printf (bio_err, + "Can't open output file %s\n", outfile); + return (1); + } + } else out = BIO_new_fp (stdout, BIO_NOCLOSE); + + if (topk8) { + if (!(pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL))) { + BIO_printf (bio_err, "Error reading key\n", outfile); + ERR_print_errors(bio_err); + return (1); + } + BIO_free(in); + if (!(p8inf = EVP_PKEY2PKCS8(pkey))) { + BIO_printf (bio_err, "Error converting key\n", outfile); + ERR_print_errors(bio_err); + return (1); + } + PKCS8_set_broken(p8inf, p8_broken); + if(nocrypt) { + if(outformat == FORMAT_PEM) + PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf); + else if(outformat == FORMAT_ASN1) + i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf); + else { + BIO_printf(bio_err, "Bad format specified for key\n"); + return (1); + } + } else { + EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1); + if (!(p8 = PKCS8_encrypt(pbe_nid, cipher, + pass, strlen(pass), + NULL, 0, iter, p8inf))) { + BIO_printf (bio_err, "Error encrypting key\n", + outfile); + ERR_print_errors(bio_err); + return (1); + } + if(outformat == FORMAT_PEM) + PEM_write_bio_PKCS8 (out, p8); + else if(outformat == FORMAT_ASN1) + i2d_PKCS8_bio(out, p8); + else { + BIO_printf(bio_err, "Bad format specified for key\n"); + return (1); + } + X509_SIG_free(p8); + } + PKCS8_PRIV_KEY_INFO_free (p8inf); + EVP_PKEY_free(pkey); + BIO_free(out); + return (0); + } + + if(nocrypt) { + if(informat == FORMAT_PEM) + p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in,NULL,NULL, NULL); + else if(informat == FORMAT_ASN1) + p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL); + else { + BIO_printf(bio_err, "Bad format specified for key\n"); + return (1); + } + } else { + if(informat == FORMAT_PEM) + p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL); + else if(informat == FORMAT_ASN1) + p8 = d2i_PKCS8_bio(in, NULL); + else { + BIO_printf(bio_err, "Bad format specified for key\n"); + return (1); + } + + if (!p8) { + BIO_printf (bio_err, "Error reading key\n", outfile); + ERR_print_errors(bio_err); + return (1); + } + EVP_read_pw_string(pass, 50, "Enter Password:", 0); + p8inf = M_PKCS8_decrypt(p8, pass, strlen(pass)); + X509_SIG_free(p8); + } + + if (!p8inf) { + BIO_printf(bio_err, "Error decrypting key\n", outfile); + ERR_print_errors(bio_err); + return (1); + } + + if (!(pkey = EVP_PKCS82PKEY(p8inf))) { + BIO_printf(bio_err, "Error converting key\n", outfile); + ERR_print_errors(bio_err); + return (1); + } + + if (p8inf->broken) { + BIO_printf(bio_err, "Warning: broken key encoding: "); + switch (p8inf->broken) { + case PKCS8_NO_OCTET: + BIO_printf(bio_err, "No Octet String\n"); + break; + + default: + BIO_printf(bio_err, "Unknown broken type\n"); + break; + } + } + + PKCS8_PRIV_KEY_INFO_free(p8inf); + + PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, NULL); + + EVP_PKEY_free(pkey); + BIO_free(out); + BIO_free(in); + + return (0); +} diff --git a/crypto/openssl/apps/privkey.pem b/crypto/openssl/apps/privkey.pem new file mode 100644 index 0000000..0af4647 --- /dev/null +++ b/crypto/openssl/apps/privkey.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,BA26229A1653B7FF + +6nhWG8PKhTPO/s3ZvjUa6226NlKdvPDZFsNXOOoSUs9ejxpb/aj5huhs6qRYzsz9 +Year47uaAZYhGD0vAagnNiBnYmjWEpN9G/wQxG7pgZThK1ZxDi63qn8aQ8UjuGHo +F6RpnnBQIAnWTWqr/Qsybtc5EoNkrj/Cpx0OfbSr6gZsFBCxwX1R1hT3/mhJ45f3 +XMofY32Vdfx9/vtw1O7HmlHXQnXaqnbd9/nn1EpvFJG9+UjPoW7gV4jCOLuR4deE +jS8hm+cpkwXmFtk3VGjT9tQXPpMv3JpYfBqgGQoMAJ5Toq0DWcHi6Wg08PsD8lgy +vmTioPsRg+JGkJkJ8GnusgLpQdlQJbjzd7wGE6ElUFLfOxLo8bLlRHoriHNdWYhh +JjY0LyeTkovcmWxVjImc6ZyBz5Ly4t0BYf1gq3OkjsV91Q1taBxnhiavfizqMCAf +PPB3sLQnlXG77TOXkNxpqbZfEYrVZW2Nsqqdn8s07Uj4IMONZyq2odYKWFPMJBiM +POYwXjMAOcmFMTHYsVlhcUJuV6LOuipw/FEbTtPH/MYMxLe4zx65dYo1rb4iLKLS +gMtB0o/Wl4Xno3ZXh1ucicYnV2J7NpVcjVq+3SFiCRu2SrSkZHZ23EPS13Ec6fcz +8X/YGA2vTJ8MAOozAzQUwHQYvLk7bIoQVekqDq4p0AZQbhdspHpArCk0Ifqqzg/v +Uyky/zZiQYanzDenTSRVI/8wac3olxpU8QvbySxYqmbkgq6bTpXJfYFQfnAttEsC +dA4S5UFgyOPZluxCAM4yaJF3Ft6neutNwftuJQMbgCUi9vYg2tGdSw== +-----END RSA PRIVATE KEY----- diff --git a/crypto/openssl/apps/progs.h b/crypto/openssl/apps/progs.h new file mode 100644 index 0000000..df06718 --- /dev/null +++ b/crypto/openssl/apps/progs.h @@ -0,0 +1,233 @@ +/* This file was generated by progs.pl. */ + +extern int verify_main(int argc,char *argv[]); +extern int asn1parse_main(int argc,char *argv[]); +extern int req_main(int argc,char *argv[]); +extern int dgst_main(int argc,char *argv[]); +extern int dh_main(int argc,char *argv[]); +extern int enc_main(int argc,char *argv[]); +extern int gendh_main(int argc,char *argv[]); +extern int errstr_main(int argc,char *argv[]); +extern int ca_main(int argc,char *argv[]); +extern int crl_main(int argc,char *argv[]); +extern int rsa_main(int argc,char *argv[]); +extern int dsa_main(int argc,char *argv[]); +extern int dsaparam_main(int argc,char *argv[]); +extern int x509_main(int argc,char *argv[]); +extern int genrsa_main(int argc,char *argv[]); +extern int gendsa_main(int argc,char *argv[]); +extern int s_server_main(int argc,char *argv[]); +extern int s_client_main(int argc,char *argv[]); +extern int speed_main(int argc,char *argv[]); +extern int s_time_main(int argc,char *argv[]); +extern int version_main(int argc,char *argv[]); +extern int pkcs7_main(int argc,char *argv[]); +extern int crl2pkcs7_main(int argc,char *argv[]); +extern int sess_id_main(int argc,char *argv[]); +extern int ciphers_main(int argc,char *argv[]); +extern int nseq_main(int argc,char *argv[]); +extern int pkcs12_main(int argc,char *argv[]); +extern int pkcs8_main(int argc,char *argv[]); + +#ifdef SSLEAY_SRC /* Defined only in openssl.c. */ + +#define FUNC_TYPE_GENERAL 1 +#define FUNC_TYPE_MD 2 +#define FUNC_TYPE_CIPHER 3 + +typedef struct { + int type; + char *name; + int (*func)(); + } FUNCTION; + +FUNCTION functions[] = { + {FUNC_TYPE_GENERAL,"verify",verify_main}, + {FUNC_TYPE_GENERAL,"asn1parse",asn1parse_main}, + {FUNC_TYPE_GENERAL,"req",req_main}, + {FUNC_TYPE_GENERAL,"dgst",dgst_main}, +#ifndef NO_DH + {FUNC_TYPE_GENERAL,"dh",dh_main}, +#endif + {FUNC_TYPE_GENERAL,"enc",enc_main}, +#ifndef NO_DH + {FUNC_TYPE_GENERAL,"gendh",gendh_main}, +#endif + {FUNC_TYPE_GENERAL,"errstr",errstr_main}, + {FUNC_TYPE_GENERAL,"ca",ca_main}, + {FUNC_TYPE_GENERAL,"crl",crl_main}, +#ifndef NO_RSA + {FUNC_TYPE_GENERAL,"rsa",rsa_main}, +#endif +#ifndef NO_DSA + {FUNC_TYPE_GENERAL,"dsa",dsa_main}, +#endif +#ifndef NO_DSA + {FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main}, +#endif + {FUNC_TYPE_GENERAL,"x509",x509_main}, +#ifndef NO_RSA + {FUNC_TYPE_GENERAL,"genrsa",genrsa_main}, +#endif +#ifndef NO_DSA + {FUNC_TYPE_GENERAL,"gendsa",gendsa_main}, +#endif +#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3)) + {FUNC_TYPE_GENERAL,"s_server",s_server_main}, +#endif +#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3)) + {FUNC_TYPE_GENERAL,"s_client",s_client_main}, +#endif + {FUNC_TYPE_GENERAL,"speed",speed_main}, +#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3)) + {FUNC_TYPE_GENERAL,"s_time",s_time_main}, +#endif + {FUNC_TYPE_GENERAL,"version",version_main}, + {FUNC_TYPE_GENERAL,"pkcs7",pkcs7_main}, + {FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main}, + {FUNC_TYPE_GENERAL,"sess_id",sess_id_main}, +#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3)) + {FUNC_TYPE_GENERAL,"ciphers",ciphers_main}, +#endif + {FUNC_TYPE_GENERAL,"nseq",nseq_main}, +#if !defined(NO_DES) && !defined(NO_SHA1) + {FUNC_TYPE_GENERAL,"pkcs12",pkcs12_main}, +#endif + {FUNC_TYPE_GENERAL,"pkcs8",pkcs8_main}, + {FUNC_TYPE_MD,"md2",dgst_main}, + {FUNC_TYPE_MD,"md5",dgst_main}, + {FUNC_TYPE_MD,"sha",dgst_main}, + {FUNC_TYPE_MD,"sha1",dgst_main}, + {FUNC_TYPE_MD,"mdc2",dgst_main}, + {FUNC_TYPE_MD,"rmd160",dgst_main}, + {FUNC_TYPE_CIPHER,"base64",enc_main}, +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des3",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"desx",enc_main}, +#endif +#ifndef NO_IDEA + {FUNC_TYPE_CIPHER,"idea",enc_main}, +#endif +#ifndef NO_RC4 + {FUNC_TYPE_CIPHER,"rc4",enc_main}, +#endif +#ifndef NO_RC2 + {FUNC_TYPE_CIPHER,"rc2",enc_main}, +#endif +#ifndef NO_BF + {FUNC_TYPE_CIPHER,"bf",enc_main}, +#endif +#ifndef NO_CAST + {FUNC_TYPE_CIPHER,"cast",enc_main}, +#endif +#ifndef NO_RC5 + {FUNC_TYPE_CIPHER,"rc5",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des-ecb",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des-ede",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des-ede3",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des-cbc",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des-ede-cbc",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des-ede3-cbc",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des-cfb",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des-ede-cfb",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des-ede3-cfb",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des-ofb",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des-ede-ofb",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des-ede3-ofb",enc_main}, +#endif +#ifndef NO_IDEA + {FUNC_TYPE_CIPHER,"idea-cbc",enc_main}, +#endif +#ifndef NO_IDEA + {FUNC_TYPE_CIPHER,"idea-ecb",enc_main}, +#endif +#ifndef NO_IDEA + {FUNC_TYPE_CIPHER,"idea-cfb",enc_main}, +#endif +#ifndef NO_IDEA + {FUNC_TYPE_CIPHER,"idea-ofb",enc_main}, +#endif +#ifndef NO_RC2 + {FUNC_TYPE_CIPHER,"rc2-cbc",enc_main}, +#endif +#ifndef NO_RC2 + {FUNC_TYPE_CIPHER,"rc2-ecb",enc_main}, +#endif +#ifndef NO_RC2 + {FUNC_TYPE_CIPHER,"rc2-cfb",enc_main}, +#endif +#ifndef NO_RC2 + {FUNC_TYPE_CIPHER,"rc2-ofb",enc_main}, +#endif +#ifndef NO_BF + {FUNC_TYPE_CIPHER,"bf-cbc",enc_main}, +#endif +#ifndef NO_BF + {FUNC_TYPE_CIPHER,"bf-ecb",enc_main}, +#endif +#ifndef NO_BF + {FUNC_TYPE_CIPHER,"bf-cfb",enc_main}, +#endif +#ifndef NO_BF + {FUNC_TYPE_CIPHER,"bf-ofb",enc_main}, +#endif +#ifndef NO_CAST + {FUNC_TYPE_CIPHER,"cast5-cbc",enc_main}, +#endif +#ifndef NO_CAST + {FUNC_TYPE_CIPHER,"cast5-ecb",enc_main}, +#endif +#ifndef NO_CAST + {FUNC_TYPE_CIPHER,"cast5-cfb",enc_main}, +#endif +#ifndef NO_CAST + {FUNC_TYPE_CIPHER,"cast5-ofb",enc_main}, +#endif +#ifndef NO_CAST + {FUNC_TYPE_CIPHER,"cast-cbc",enc_main}, +#endif +#ifndef NO_RC5 + {FUNC_TYPE_CIPHER,"rc5-cbc",enc_main}, +#endif +#ifndef NO_RC5 + {FUNC_TYPE_CIPHER,"rc5-ecb",enc_main}, +#endif +#ifndef NO_RC5 + {FUNC_TYPE_CIPHER,"rc5-cfb",enc_main}, +#endif +#ifndef NO_RC5 + {FUNC_TYPE_CIPHER,"rc5-ofb",enc_main}, +#endif + {0,NULL,NULL} + }; +#endif + diff --git a/crypto/openssl/apps/progs.pl b/crypto/openssl/apps/progs.pl new file mode 100644 index 0000000..7a69fc7 --- /dev/null +++ b/crypto/openssl/apps/progs.pl @@ -0,0 +1,77 @@ +#!/usr/local/bin/perl + +print "/* This file was generated by progs.pl. */\n\n"; + +grep(s/^asn1pars$/asn1parse/,@ARGV); + +foreach (@ARGV) + { printf "extern int %s_main(int argc,char *argv[]);\n",$_; } + +print <<'EOF'; + +#ifdef SSLEAY_SRC /* Defined only in openssl.c. */ + +#define FUNC_TYPE_GENERAL 1 +#define FUNC_TYPE_MD 2 +#define FUNC_TYPE_CIPHER 3 + +typedef struct { + int type; + char *name; + int (*func)(); + } FUNCTION; + +FUNCTION functions[] = { +EOF + +foreach (@ARGV) + { + push(@files,$_); + $str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n"; + if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/)) + { print "#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))\n${str}#endif\n"; } + elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) ) + { print "#ifndef NO_RSA\n${str}#endif\n"; } + elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/)) + { print "#ifndef NO_DSA\n${str}#endif\n"; } + elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/)) + { print "#ifndef NO_DH\n${str}#endif\n"; } + else + { print $str; } + } + +foreach ("md2","md5","sha","sha1","mdc2","rmd160") + { + push(@files,$_); + printf "\t{FUNC_TYPE_MD,\"%s\",dgst_main},\n",$_; + } + +foreach ( + "base64", + "des", "des3", "desx", "idea", "rc4", "rc2","bf","cast","rc5", + "des-ecb", "des-ede", "des-ede3", + "des-cbc", "des-ede-cbc","des-ede3-cbc", + "des-cfb", "des-ede-cfb","des-ede3-cfb", + "des-ofb", "des-ede-ofb","des-ede3-ofb", + "idea-cbc","idea-ecb", "idea-cfb", "idea-ofb", + "rc2-cbc", "rc2-ecb", "rc2-cfb", "rc2-ofb", + "bf-cbc", "bf-ecb", "bf-cfb", "bf-ofb", + "cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb", + "cast-cbc", "rc5-cbc", "rc5-ecb", "rc5-cfb", "rc5-ofb") + { + push(@files,$_); + + $t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_); + if ($_ =~ /des/) { $t="#ifndef NO_DES\n${t}#endif\n"; } + elsif ($_ =~ /idea/) { $t="#ifndef NO_IDEA\n${t}#endif\n"; } + elsif ($_ =~ /rc4/) { $t="#ifndef NO_RC4\n${t}#endif\n"; } + elsif ($_ =~ /rc2/) { $t="#ifndef NO_RC2\n${t}#endif\n"; } + elsif ($_ =~ /bf/) { $t="#ifndef NO_BF\n${t}#endif\n"; } + elsif ($_ =~ /cast/) { $t="#ifndef NO_CAST\n${t}#endif\n"; } + elsif ($_ =~ /rc5/) { $t="#ifndef NO_RC5\n${t}#endif\n"; } + print $t; + } + +print "\t{0,NULL,NULL}\n\t};\n"; +print "#endif\n\n"; + diff --git a/crypto/openssl/apps/req.c b/crypto/openssl/apps/req.c new file mode 100644 index 0000000..463ac15 --- /dev/null +++ b/crypto/openssl/apps/req.c @@ -0,0 +1,1197 @@ +/* apps/req.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <stdlib.h> +#include <time.h> +#include <string.h> +#ifdef NO_STDIO +#define APPS_WIN16 +#endif +#include "apps.h" +#include <openssl/bio.h> +#include <openssl/evp.h> +#include <openssl/rand.h> +#include <openssl/conf.h> +#include <openssl/err.h> +#include <openssl/asn1.h> +#include <openssl/x509.h> +#include <openssl/x509v3.h> +#include <openssl/objects.h> +#include <openssl/pem.h> + +#define SECTION "req" + +#define BITS "default_bits" +#define KEYFILE "default_keyfile" +#define DISTINGUISHED_NAME "distinguished_name" +#define ATTRIBUTES "attributes" +#define V3_EXTENSIONS "x509_extensions" + +#define DEFAULT_KEY_LENGTH 512 +#define MIN_KEY_LENGTH 384 + +#undef PROG +#define PROG req_main + +/* -inform arg - input format - default PEM (one of DER, TXT or PEM) + * -outform arg - output format - default PEM + * -in arg - input file - default stdin + * -out arg - output file - default stdout + * -verify - check request signature + * -noout - don't print stuff out. + * -text - print out human readable text. + * -nodes - no des encryption + * -config file - Load configuration file. + * -key file - make a request using key in file (or use it for verification). + * -keyform - key file format. + * -newkey - make a key and a request. + * -modulus - print RSA modulus. + * -x509 - output a self signed X509 structure instead. + * -asn1-kludge - output new certificate request in a format that some CA's + * require. This format is wrong + */ + +static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,int attribs); +static int add_attribute_object(STACK_OF(X509_ATTRIBUTE) *n, char *text, + char *def, char *value, int nid, int min, + int max); +static int add_DN_object(X509_NAME *n, char *text, char *def, char *value, + int nid,int min,int max); +static void MS_CALLBACK req_cb(int p,int n,void *arg); +static int req_fix_data(int nid,int *type,int len,int min,int max); +static int check_end(char *str, char *end); +static int add_oid_section(LHASH *conf); +#ifndef MONOLITH +static char *default_config_file=NULL; +static LHASH *config=NULL; +#endif +static LHASH *req_conf=NULL; + +#define TYPE_RSA 1 +#define TYPE_DSA 2 +#define TYPE_DH 3 + +int MAIN(int argc, char **argv) + { +#ifndef NO_DSA + DSA *dsa_params=NULL; +#endif + int ex=1,x509=0,days=30; + X509 *x509ss=NULL; + X509_REQ *req=NULL; + EVP_PKEY *pkey=NULL; + int i,badops=0,newreq=0,newkey= -1,pkey_type=0; + BIO *in=NULL,*out=NULL; + int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM; + int nodes=0,kludge=0; + char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL; + char *extensions = NULL; + EVP_CIPHER *cipher=NULL; + int modulus=0; + char *p; + const EVP_MD *md_alg=NULL,*digest=EVP_md5(); +#ifndef MONOLITH + MS_STATIC char config_name[256]; +#endif + +#ifndef NO_DES + cipher=EVP_des_ede3_cbc(); +#endif + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + infile=NULL; + outfile=NULL; + informat=FORMAT_PEM; + outformat=FORMAT_PEM; + + prog=argv[0]; + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-inform") == 0) + { + if (--argc < 1) goto bad; + informat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-outform") == 0) + { + if (--argc < 1) goto bad; + outformat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-key") == 0) + { + if (--argc < 1) goto bad; + keyfile= *(++argv); + } + else if (strcmp(*argv,"-new") == 0) + { + pkey_type=TYPE_RSA; + newreq=1; + } + else if (strcmp(*argv,"-config") == 0) + { + if (--argc < 1) goto bad; + template= *(++argv); + } + else if (strcmp(*argv,"-keyform") == 0) + { + if (--argc < 1) goto bad; + keyform=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-keyout") == 0) + { + if (--argc < 1) goto bad; + keyout= *(++argv); + } + else if (strcmp(*argv,"-newkey") == 0) + { + int is_numeric; + + if (--argc < 1) goto bad; + p= *(++argv); + is_numeric = p[0] >= '0' && p[0] <= '9'; + if (strncmp("rsa:",p,4) == 0 || is_numeric) + { + pkey_type=TYPE_RSA; + if(!is_numeric) + p+=4; + newkey= atoi(p); + } + else +#ifndef NO_DSA + if (strncmp("dsa:",p,4) == 0) + { + X509 *xtmp=NULL; + EVP_PKEY *dtmp; + + pkey_type=TYPE_DSA; + p+=4; + if ((in=BIO_new_file(p,"r")) == NULL) + { + perror(p); + goto end; + } + if ((dsa_params=PEM_read_bio_DSAparams(in,NULL,NULL,NULL)) == NULL) + { + ERR_clear_error(); + (void)BIO_reset(in); + if ((xtmp=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) + { + BIO_printf(bio_err,"unable to load DSA parameters from file\n"); + goto end; + } + + dtmp=X509_get_pubkey(xtmp); + if (dtmp->type == EVP_PKEY_DSA) + dsa_params=DSAparams_dup(dtmp->pkey.dsa); + EVP_PKEY_free(dtmp); + X509_free(xtmp); + if (dsa_params == NULL) + { + BIO_printf(bio_err,"Certificate does not contain DSA parameters\n"); + goto end; + } + } + BIO_free(in); + newkey=BN_num_bits(dsa_params->p); + in=NULL; + } + else +#endif +#ifndef NO_DH + if (strncmp("dh:",p,4) == 0) + { + pkey_type=TYPE_DH; + p+=3; + } + else +#endif + pkey_type=TYPE_RSA; + + newreq=1; + } + else if (strcmp(*argv,"-modulus") == 0) + modulus=1; + else if (strcmp(*argv,"-verify") == 0) + verify=1; + else if (strcmp(*argv,"-nodes") == 0) + nodes=1; + else if (strcmp(*argv,"-noout") == 0) + noout=1; + else if (strcmp(*argv,"-text") == 0) + text=1; + else if (strcmp(*argv,"-x509") == 0) + x509=1; + else if (strcmp(*argv,"-asn1-kludge") == 0) + kludge=1; + else if (strcmp(*argv,"-no-asn1-kludge") == 0) + kludge=0; + else if (strcmp(*argv,"-days") == 0) + { + if (--argc < 1) goto bad; + days= atoi(*(++argv)); + if (days == 0) days=30; + } + else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL) + { + /* ok */ + digest=md_alg; + } + else + + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { +bad: + BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); + BIO_printf(bio_err,"where options are\n"); + BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n"); + BIO_printf(bio_err," -outform arg output format - one of DER TXT PEM\n"); + BIO_printf(bio_err," -in arg input file\n"); + BIO_printf(bio_err," -out arg output file\n"); + BIO_printf(bio_err," -text text form of request\n"); + BIO_printf(bio_err," -noout do not output REQ\n"); + BIO_printf(bio_err," -verify verify signature on REQ\n"); + BIO_printf(bio_err," -modulus RSA modulus\n"); + BIO_printf(bio_err," -nodes don't encrypt the output key\n"); + BIO_printf(bio_err," -key file use the private key contained in file\n"); + BIO_printf(bio_err," -keyform arg key file format\n"); + BIO_printf(bio_err," -keyout arg file to send the key to\n"); + BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n"); + BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n"); + + BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2)\n"); + BIO_printf(bio_err," -config file request template file.\n"); + BIO_printf(bio_err," -new new request.\n"); + BIO_printf(bio_err," -x509 output a x509 structure instead of a cert. req.\n"); + BIO_printf(bio_err," -days number of days a x509 generated by -x509 is valid for.\n"); + BIO_printf(bio_err," -asn1-kludge Output the 'request' in a format that is wrong but some CA's\n"); + BIO_printf(bio_err," have been reported as requiring\n"); + BIO_printf(bio_err," [ It is now always turned on but can be turned off with -no-asn1-kludge ]\n"); + goto end; + } + + ERR_load_crypto_strings(); + X509V3_add_standard_extensions(); + +#ifndef MONOLITH + /* Lets load up our environment a little */ + p=getenv("OPENSSL_CONF"); + if (p == NULL) + p=getenv("SSLEAY_CONF"); + if (p == NULL) + { + strcpy(config_name,X509_get_default_cert_area()); +#ifndef VMS + strcat(config_name,"/"); +#endif + strcat(config_name,OPENSSL_CONF); + p=config_name; + } + default_config_file=p; + config=CONF_load(config,p,NULL); +#endif + + if (template != NULL) + { + long errline; + + BIO_printf(bio_err,"Using configuration from %s\n",template); + req_conf=CONF_load(NULL,template,&errline); + if (req_conf == NULL) + { + BIO_printf(bio_err,"error on line %ld of %s\n",errline,template); + goto end; + } + } + else + { + req_conf=config; + BIO_printf(bio_err,"Using configuration from %s\n", + default_config_file); + if (req_conf == NULL) + { + BIO_printf(bio_err,"Unable to load config info\n"); + } + } + + if (req_conf != NULL) + { + p=CONF_get_string(req_conf,NULL,"oid_file"); + if (p != NULL) + { + BIO *oid_bio; + + oid_bio=BIO_new_file(p,"r"); + if (oid_bio == NULL) + { + /* + BIO_printf(bio_err,"problems opening %s for extra oid's\n",p); + ERR_print_errors(bio_err); + */ + } + else + { + OBJ_create_objects(oid_bio); + BIO_free(oid_bio); + } + } + } + if(!add_oid_section(req_conf)) goto end; + + if ((md_alg == NULL) && + ((p=CONF_get_string(req_conf,SECTION,"default_md")) != NULL)) + { + if ((md_alg=EVP_get_digestbyname(p)) != NULL) + digest=md_alg; + } + + extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS); + if(extensions) { + /* Check syntax of file */ + X509V3_CTX ctx; + X509V3_set_ctx_test(&ctx); + X509V3_set_conf_lhash(&ctx, req_conf); + if(!X509V3_EXT_add_conf(req_conf, &ctx, extensions, NULL)) { + BIO_printf(bio_err, + "Error Loading extension section %s\n", extensions); + goto end; + } + } + + in=BIO_new(BIO_s_file()); + out=BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL)) + goto end; + + if (keyfile != NULL) + { + if (BIO_read_filename(in,keyfile) <= 0) + { + perror(keyfile); + goto end; + } + +/* if (keyform == FORMAT_ASN1) + rsa=d2i_RSAPrivateKey_bio(in,NULL); + else */ + if (keyform == FORMAT_PEM) + pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL); + else + { + BIO_printf(bio_err,"bad input format specified for X509 request\n"); + goto end; + } + + if (pkey == NULL) + { + BIO_printf(bio_err,"unable to load Private key\n"); + goto end; + } + } + + if (newreq && (pkey == NULL)) + { + char *randfile; + char buffer[200]; + + if ((randfile=CONF_get_string(req_conf,SECTION,"RANDFILE")) == NULL) + randfile=RAND_file_name(buffer,200); +#ifdef WINDOWS + BIO_printf(bio_err,"Loading 'screen' into random state -"); + BIO_flush(bio_err); + RAND_screen(); + BIO_printf(bio_err," done\n"); +#endif + if ((randfile == NULL) || !RAND_load_file(randfile,1024L*1024L)) + { + BIO_printf(bio_err,"unable to load 'random state'\n"); + BIO_printf(bio_err,"What this means is that the random number generator has not been seeded\n"); + BIO_printf(bio_err,"with much random data.\n"); + BIO_printf(bio_err,"Consider setting the RANDFILE environment variable to point at a file that\n"); + BIO_printf(bio_err,"'random' data can be kept in.\n"); + } + if (newkey <= 0) + { + newkey=(int)CONF_get_number(req_conf,SECTION,BITS); + if (newkey <= 0) + newkey=DEFAULT_KEY_LENGTH; + } + + if (newkey < MIN_KEY_LENGTH) + { + BIO_printf(bio_err,"private key length is too short,\n"); + BIO_printf(bio_err,"it needs to be at least %d bits, not %d\n",MIN_KEY_LENGTH,newkey); + goto end; + } + BIO_printf(bio_err,"Generating a %d bit %s private key\n", + newkey,(pkey_type == TYPE_RSA)?"RSA":"DSA"); + + if ((pkey=EVP_PKEY_new()) == NULL) goto end; + +#ifndef NO_RSA + if (pkey_type == TYPE_RSA) + { + if (!EVP_PKEY_assign_RSA(pkey, + RSA_generate_key(newkey,0x10001, + req_cb,bio_err))) + goto end; + } + else +#endif +#ifndef NO_DSA + if (pkey_type == TYPE_DSA) + { + if (!DSA_generate_key(dsa_params)) goto end; + if (!EVP_PKEY_assign_DSA(pkey,dsa_params)) goto end; + dsa_params=NULL; + } +#endif + + if ((randfile == NULL) || (RAND_write_file(randfile) == 0)) + BIO_printf(bio_err,"unable to write 'random state'\n"); + + if (pkey == NULL) goto end; + + if (keyout == NULL) + keyout=CONF_get_string(req_conf,SECTION,KEYFILE); + + if (keyout == NULL) + { + BIO_printf(bio_err,"writing new private key to stdout\n"); + BIO_set_fp(out,stdout,BIO_NOCLOSE); + } + else + { + BIO_printf(bio_err,"writing new private key to '%s'\n",keyout); + if (BIO_write_filename(out,keyout) <= 0) + { + perror(keyout); + goto end; + } + } + + p=CONF_get_string(req_conf,SECTION,"encrypt_rsa_key"); + if (p == NULL) + p=CONF_get_string(req_conf,SECTION,"encrypt_key"); + if ((p != NULL) && (strcmp(p,"no") == 0)) + cipher=NULL; + if (nodes) cipher=NULL; + + i=0; +loop: + if (!PEM_write_bio_PrivateKey(out,pkey,cipher, + NULL,0,NULL,NULL)) + { + if ((ERR_GET_REASON(ERR_peek_error()) == + PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3)) + { + ERR_clear_error(); + i++; + goto loop; + } + goto end; + } + BIO_printf(bio_err,"-----\n"); + } + + if (!newreq) + { + /* Since we are using a pre-existing certificate + * request, the kludge 'format' info should not be + * changed. */ + kludge= -1; + if (infile == NULL) + BIO_set_fp(in,stdin,BIO_NOCLOSE); + else + { + if (BIO_read_filename(in,infile) <= 0) + { + perror(infile); + goto end; + } + } + + if (informat == FORMAT_ASN1) + req=d2i_X509_REQ_bio(in,NULL); + else if (informat == FORMAT_PEM) + req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL); + else + { + BIO_printf(bio_err,"bad input format specified for X509 request\n"); + goto end; + } + if (req == NULL) + { + BIO_printf(bio_err,"unable to load X509 request\n"); + goto end; + } + } + + if (newreq || x509) + { +#ifndef NO_DSA + if (pkey->type == EVP_PKEY_DSA) + digest=EVP_dss1(); +#endif + + if (pkey == NULL) + { + BIO_printf(bio_err,"you need to specify a private key\n"); + goto end; + } + if (req == NULL) + { + req=X509_REQ_new(); + if (req == NULL) + { + goto end; + } + + i=make_REQ(req,pkey,!x509); + if (kludge >= 0) + req->req_info->req_kludge=kludge; + if (!i) + { + BIO_printf(bio_err,"problems making Certificate Request\n"); + goto end; + } + } + if (x509) + { + EVP_PKEY *tmppkey; + X509V3_CTX ext_ctx; + if ((x509ss=X509_new()) == NULL) goto end; + + /* Set version to V3 */ + if(!X509_set_version(x509ss, 2)) goto end; + ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L); + + X509_set_issuer_name(x509ss, + X509_REQ_get_subject_name(req)); + X509_gmtime_adj(X509_get_notBefore(x509ss),0); + X509_gmtime_adj(X509_get_notAfter(x509ss), + (long)60*60*24*days); + X509_set_subject_name(x509ss, + X509_REQ_get_subject_name(req)); + tmppkey = X509_REQ_get_pubkey(req); + X509_set_pubkey(x509ss,tmppkey); + EVP_PKEY_free(tmppkey); + + /* Set up V3 context struct */ + + X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0); + X509V3_set_conf_lhash(&ext_ctx, req_conf); + + /* Add extensions */ + if(extensions && !X509V3_EXT_add_conf(req_conf, + &ext_ctx, extensions, x509ss)) + { + BIO_printf(bio_err, + "Error Loading extension section %s\n", + extensions); + goto end; + } + + if (!(i=X509_sign(x509ss,pkey,digest))) + goto end; + } + else + { + if (!(i=X509_REQ_sign(req,pkey,digest))) + goto end; + } + } + + if (verify && !x509) + { + int tmp=0; + + if (pkey == NULL) + { + pkey=X509_REQ_get_pubkey(req); + tmp=1; + if (pkey == NULL) goto end; + } + + i=X509_REQ_verify(req,pkey); + if (tmp) { + EVP_PKEY_free(pkey); + pkey=NULL; + } + + if (i < 0) + { + goto end; + } + else if (i == 0) + { + BIO_printf(bio_err,"verify failure\n"); + } + else /* if (i > 0) */ + BIO_printf(bio_err,"verify OK\n"); + } + + if (noout && !text && !modulus) + { + ex=0; + goto end; + } + + if (outfile == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if ((keyout != NULL) && (strcmp(outfile,keyout) == 0)) + i=(int)BIO_append_filename(out,outfile); + else + i=(int)BIO_write_filename(out,outfile); + if (!i) + { + perror(outfile); + goto end; + } + } + + if (text) + { + if (x509) + X509_print(out,x509ss); + else + X509_REQ_print(out,req); + } + + if (modulus) + { + EVP_PKEY *pubkey; + + if (x509) + pubkey=X509_get_pubkey(x509ss); + else + pubkey=X509_REQ_get_pubkey(req); + if (pubkey == NULL) + { + fprintf(stdout,"Modulus=unavailable\n"); + goto end; + } + fprintf(stdout,"Modulus="); +#ifndef NO_RSA + if (pubkey->type == EVP_PKEY_RSA) + BN_print(out,pubkey->pkey.rsa->n); + else +#endif + fprintf(stdout,"Wrong Algorithm type"); + fprintf(stdout,"\n"); + } + + if (!noout && !x509) + { + if (outformat == FORMAT_ASN1) + i=i2d_X509_REQ_bio(out,req); + else if (outformat == FORMAT_PEM) + i=PEM_write_bio_X509_REQ(out,req); + else { + BIO_printf(bio_err,"bad output format specified for outfile\n"); + goto end; + } + if (!i) + { + BIO_printf(bio_err,"unable to write X509 request\n"); + goto end; + } + } + if (!noout && x509 && (x509ss != NULL)) + { + if (outformat == FORMAT_ASN1) + i=i2d_X509_bio(out,x509ss); + else if (outformat == FORMAT_PEM) + i=PEM_write_bio_X509(out,x509ss); + else { + BIO_printf(bio_err,"bad output format specified for outfile\n"); + goto end; + } + if (!i) + { + BIO_printf(bio_err,"unable to write X509 certificate\n"); + goto end; + } + } + ex=0; +end: + if (ex) + { + ERR_print_errors(bio_err); + } + if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf); + BIO_free(in); + BIO_free(out); + EVP_PKEY_free(pkey); + X509_REQ_free(req); + X509_free(x509ss); + X509V3_EXT_cleanup(); + OBJ_cleanup(); +#ifndef NO_DSA + if (dsa_params != NULL) DSA_free(dsa_params); +#endif + EXIT(ex); + } + +static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs) + { + int ret=0,i; + char *p,*q; + X509_REQ_INFO *ri; + char buf[100]; + int nid,min,max; + char *type,*def,*tmp,*value,*tmp_attr; + STACK_OF(CONF_VALUE) *sk, *attr=NULL; + CONF_VALUE *v; + + tmp=CONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME); + if (tmp == NULL) + { + BIO_printf(bio_err,"unable to find '%s' in config\n", + DISTINGUISHED_NAME); + goto err; + } + sk=CONF_get_section(req_conf,tmp); + if (sk == NULL) + { + BIO_printf(bio_err,"unable to get '%s' section\n",tmp); + goto err; + } + + tmp_attr=CONF_get_string(req_conf,SECTION,ATTRIBUTES); + if (tmp_attr == NULL) + attr=NULL; + else + { + attr=CONF_get_section(req_conf,tmp_attr); + if (attr == NULL) + { + BIO_printf(bio_err,"unable to get '%s' section\n",tmp_attr); + goto err; + } + } + + ri=req->req_info; + + BIO_printf(bio_err,"You are about to be asked to enter information that will be incorporated\n"); + BIO_printf(bio_err,"into your certificate request.\n"); + BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n"); + BIO_printf(bio_err,"There are quite a few fields but you can leave some blank\n"); + BIO_printf(bio_err,"For some fields there will be a default value,\n"); + BIO_printf(bio_err,"If you enter '.', the field will be left blank.\n"); + BIO_printf(bio_err,"-----\n"); + + /* setup version number */ + if (!ASN1_INTEGER_set(ri->version,0L)) goto err; /* version 1 */ + + if (sk_CONF_VALUE_num(sk)) + { + i= -1; +start: for (;;) + { + i++; + if (sk_CONF_VALUE_num(sk) <= i) break; + + v=sk_CONF_VALUE_value(sk,i); + p=q=NULL; + type=v->name; + if(!check_end(type,"_min") || !check_end(type,"_max") || + !check_end(type,"_default") || + !check_end(type,"_value")) continue; + /* Skip past any leading X. X: X, etc to allow for + * multiple instances + */ + for(p = v->name; *p ; p++) + if ((*p == ':') || (*p == ',') || + (*p == '.')) { + p++; + if(*p) type = p; + break; + } + /* If OBJ not recognised ignore it */ + if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start; + sprintf(buf,"%s_default",v->name); + if ((def=CONF_get_string(req_conf,tmp,buf)) == NULL) + def=""; + + sprintf(buf,"%s_value",v->name); + if ((value=CONF_get_string(req_conf,tmp,buf)) == NULL) + value=NULL; + + sprintf(buf,"%s_min",v->name); + min=(int)CONF_get_number(req_conf,tmp,buf); + + sprintf(buf,"%s_max",v->name); + max=(int)CONF_get_number(req_conf,tmp,buf); + + if (!add_DN_object(ri->subject,v->value,def,value,nid, + min,max)) + goto err; + } + if (sk_X509_NAME_ENTRY_num(ri->subject->entries) == 0) + { + BIO_printf(bio_err,"error, no objects specified in config file\n"); + goto err; + } + + if (attribs) + { + if ((attr != NULL) && (sk_CONF_VALUE_num(attr) > 0)) + { + BIO_printf(bio_err,"\nPlease enter the following 'extra' attributes\n"); + BIO_printf(bio_err,"to be sent with your certificate request\n"); + } + + i= -1; +start2: for (;;) + { + i++; + if ((attr == NULL) || + (sk_CONF_VALUE_num(attr) <= i)) + break; + + v=sk_CONF_VALUE_value(attr,i); + type=v->name; + if ((nid=OBJ_txt2nid(type)) == NID_undef) + goto start2; + + sprintf(buf,"%s_default",type); + if ((def=CONF_get_string(req_conf,tmp_attr,buf)) + == NULL) + def=""; + + sprintf(buf,"%s_value",type); + if ((value=CONF_get_string(req_conf,tmp_attr,buf)) + == NULL) + value=NULL; + + sprintf(buf,"%s_min",type); + min=(int)CONF_get_number(req_conf,tmp_attr,buf); + + sprintf(buf,"%s_max",type); + max=(int)CONF_get_number(req_conf,tmp_attr,buf); + + if (!add_attribute_object(ri->attributes, + v->value,def,value,nid,min,max)) + goto err; + } + } + } + else + { + BIO_printf(bio_err,"No template, please set one up.\n"); + goto err; + } + + X509_REQ_set_pubkey(req,pkey); + + ret=1; +err: + return(ret); + } + +static int add_DN_object(X509_NAME *n, char *text, char *def, char *value, + int nid, int min, int max) + { + int i,j,ret=0; + X509_NAME_ENTRY *ne=NULL; + MS_STATIC char buf[1024]; + + BIO_printf(bio_err,"%s [%s]:",text,def); + (void)BIO_flush(bio_err); + if (value != NULL) + { + strcpy(buf,value); + strcat(buf,"\n"); + BIO_printf(bio_err,"%s\n",value); + } + else + { + buf[0]='\0'; + fgets(buf,1024,stdin); + } + + if (buf[0] == '\0') return(0); + else if (buf[0] == '\n') + { + if ((def == NULL) || (def[0] == '\0')) + return(1); + strcpy(buf,def); + strcat(buf,"\n"); + } + else if ((buf[0] == '.') && (buf[1] == '\n')) return(1); + + i=strlen(buf); + if (buf[i-1] != '\n') + { + BIO_printf(bio_err,"weird input :-(\n"); + return(0); + } + buf[--i]='\0'; + + j=ASN1_PRINTABLE_type((unsigned char *)buf,-1); + if (req_fix_data(nid,&j,i,min,max) == 0) + goto err; +#ifdef CHARSET_EBCDIC + ebcdic2ascii(buf, buf, i); +#endif + if ((ne=X509_NAME_ENTRY_create_by_NID(NULL,nid,j,(unsigned char *)buf, + strlen(buf))) + == NULL) goto err; + if (!X509_NAME_add_entry(n,ne,X509_NAME_entry_count(n),0)) + goto err; + + ret=1; +err: + if (ne != NULL) X509_NAME_ENTRY_free(ne); + return(ret); + } + +static int add_attribute_object(STACK_OF(X509_ATTRIBUTE) *n, char *text, + char *def, char *value, int nid, int min, + int max) + { + int i,z; + X509_ATTRIBUTE *xa=NULL; + static char buf[1024]; + ASN1_BIT_STRING *bs=NULL; + ASN1_TYPE *at=NULL; + +start: + BIO_printf(bio_err,"%s [%s]:",text,def); + (void)BIO_flush(bio_err); + if (value != NULL) + { + strcpy(buf,value); + strcat(buf,"\n"); + BIO_printf(bio_err,"%s\n",value); + } + else + { + buf[0]='\0'; + fgets(buf,1024,stdin); + } + + if (buf[0] == '\0') return(0); + else if (buf[0] == '\n') + { + if ((def == NULL) || (def[0] == '\0')) + return(1); + strcpy(buf,def); + strcat(buf,"\n"); + } + else if ((buf[0] == '.') && (buf[1] == '\n')) return(1); + + i=strlen(buf); + if (buf[i-1] != '\n') + { + BIO_printf(bio_err,"weird input :-(\n"); + return(0); + } + buf[--i]='\0'; + + /* add object plus value */ + if ((xa=X509_ATTRIBUTE_new()) == NULL) + goto err; + if ((xa->value.set=sk_ASN1_TYPE_new_null()) == NULL) + goto err; + xa->set=1; + + if (xa->object != NULL) ASN1_OBJECT_free(xa->object); + xa->object=OBJ_nid2obj(nid); + + if ((bs=ASN1_BIT_STRING_new()) == NULL) goto err; + + bs->type=ASN1_PRINTABLE_type((unsigned char *)buf,-1); + + z=req_fix_data(nid,&bs->type,i,min,max); + if (z == 0) + { + if (value == NULL) + goto start; + else goto err; + } + + if (!ASN1_STRING_set(bs,(unsigned char *)buf,i+1)) + { BIO_printf(bio_err,"Malloc failure\n"); goto err; } + + if ((at=ASN1_TYPE_new()) == NULL) + { BIO_printf(bio_err,"Malloc failure\n"); goto err; } + + ASN1_TYPE_set(at,bs->type,(char *)bs); + sk_ASN1_TYPE_push(xa->value.set,at); + bs=NULL; + at=NULL; + /* only one item per attribute */ + + if (!sk_X509_ATTRIBUTE_push(n,xa)) goto err; + return(1); +err: + if (xa != NULL) X509_ATTRIBUTE_free(xa); + if (at != NULL) ASN1_TYPE_free(at); + if (bs != NULL) ASN1_BIT_STRING_free(bs); + return(0); + } + +static void MS_CALLBACK req_cb(int p, int n, void *arg) + { + char c='*'; + + if (p == 0) c='.'; + if (p == 1) c='+'; + if (p == 2) c='*'; + if (p == 3) c='\n'; + BIO_write((BIO *)arg,&c,1); + (void)BIO_flush((BIO *)arg); +#ifdef LINT + p=n; +#endif + } + +static int req_fix_data(int nid, int *type, int len, int min, int max) + { + if (nid == NID_pkcs9_emailAddress) + *type=V_ASN1_IA5STRING; + if ((nid == NID_commonName) && (*type == V_ASN1_IA5STRING)) + *type=V_ASN1_T61STRING; + if ((nid == NID_pkcs9_challengePassword) && + (*type == V_ASN1_IA5STRING)) + *type=V_ASN1_T61STRING; + + if ((nid == NID_pkcs9_unstructuredName) && + (*type == V_ASN1_T61STRING)) + { + BIO_printf(bio_err,"invalid characters in string, please re-enter the string\n"); + return(0); + } + if (nid == NID_pkcs9_unstructuredName) + *type=V_ASN1_IA5STRING; + + if (len < min) + { + BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",min); + return(0); + } + if ((max != 0) && (len > max)) + { + BIO_printf(bio_err,"string is too long, it needs to be less than %d bytes long\n",max); + return(0); + } + return(1); + } + +/* Check if the end of a string matches 'end' */ +static int check_end(char *str, char *end) +{ + int elen, slen; + char *tmp; + elen = strlen(end); + slen = strlen(str); + if(elen > slen) return 1; + tmp = str + slen - elen; + return strcmp(tmp, end); +} + +static int add_oid_section(LHASH *conf) +{ + char *p; + STACK_OF(CONF_VALUE) *sktmp; + CONF_VALUE *cnf; + int i; + if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1; + if(!(sktmp = CONF_get_section(conf, p))) { + BIO_printf(bio_err, "problem loading oid section %s\n", p); + return 0; + } + for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) { + cnf = sk_CONF_VALUE_value(sktmp, i); + if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) { + BIO_printf(bio_err, "problem creating object %s=%s\n", + cnf->name, cnf->value); + return 0; + } + } + return 1; +} diff --git a/crypto/openssl/apps/req.pem b/crypto/openssl/apps/req.pem new file mode 100644 index 0000000..5537df6 --- /dev/null +++ b/crypto/openssl/apps/req.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBlzCCAVcCAQAwXjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx +ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAxMORXJp +YyB0aGUgWW91bmcwge8wgaYGBSsOAwIMMIGcAkEA+ZiKEvZmc9MtnaFZh4NiZ3oZ +S4J1PHvPrm9MXj5ntVheDPkdmBDTncyaGAJcMjwsyB/GvLDGd6yGCw/8eF+09wIV +AK3VagOxGd/Q4Af5NbxR5FB7CXEjAkA2t/q7HgVLi0KeKvcDG8BRl3wuy7bCvpjg +tWiJc/tpvcuzeuAayH89UofjAGueKjXDADiRffvSdhrNw5dkqdqlA0QAAkEAtUSo +84OekjitKGVjxLu0HvXck29pu+foad53vPKXAsuJdACj88BPqZ91Y9PIJf1GUh38 +CuiHWi7z3cEDfZCyCKAAMAkGBSsOAwIbBQADLwAwLAIUTg8amKVBE9oqC5B75dDQ +Chy3LdQCFHKodGEj3LjuTzdm/RTe2KZL9Uzf +-----END CERTIFICATE REQUEST----- diff --git a/crypto/openssl/apps/rsa.c b/crypto/openssl/apps/rsa.c new file mode 100644 index 0000000..9b723ee --- /dev/null +++ b/crypto/openssl/apps/rsa.c @@ -0,0 +1,333 @@ +/* apps/rsa.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef NO_RSA +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <time.h> +#include "apps.h" +#include <openssl/bio.h> +#include <openssl/err.h> +#include <openssl/rsa.h> +#include <openssl/evp.h> +#include <openssl/x509.h> +#include <openssl/pem.h> + +#undef PROG +#define PROG rsa_main + +/* -inform arg - input format - default PEM (one of DER, NET or PEM) + * -outform arg - output format - default PEM + * -in arg - input file - default stdin + * -out arg - output file - default stdout + * -des - encrypt output if PEM format with DES in cbc mode + * -des3 - encrypt output if PEM format + * -idea - encrypt output if PEM format + * -text - print a text version + * -modulus - print the RSA key modulus + * -check - verify key consistency + */ + +int MAIN(int argc, char **argv) + { + int ret=1; + RSA *rsa=NULL; + int i,badops=0; + const EVP_CIPHER *enc=NULL; + BIO *in=NULL,*out=NULL; + int informat,outformat,text=0,check=0,noout=0; + char *infile,*outfile,*prog; + int modulus=0; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + infile=NULL; + outfile=NULL; + informat=FORMAT_PEM; + outformat=FORMAT_PEM; + + prog=argv[0]; + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-inform") == 0) + { + if (--argc < 1) goto bad; + informat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-outform") == 0) + { + if (--argc < 1) goto bad; + outformat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-noout") == 0) + noout=1; + else if (strcmp(*argv,"-text") == 0) + text=1; + else if (strcmp(*argv,"-modulus") == 0) + modulus=1; + else if (strcmp(*argv,"-check") == 0) + check=1; + else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL) + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { +bad: + BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); + BIO_printf(bio_err,"where options are\n"); + BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n"); + BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n"); + BIO_printf(bio_err," -in arg input file\n"); + BIO_printf(bio_err," -out arg output file\n"); + BIO_printf(bio_err," -des encrypt PEM output with cbc des\n"); + BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); +#ifndef NO_IDEA + BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n"); +#endif + BIO_printf(bio_err," -text print the key in text\n"); + BIO_printf(bio_err," -noout don't print key out\n"); + BIO_printf(bio_err," -modulus print the RSA key modulus\n"); + BIO_printf(bio_err," -check verify key consistency\n"); + goto end; + } + + ERR_load_crypto_strings(); + + in=BIO_new(BIO_s_file()); + out=BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL)) + { + ERR_print_errors(bio_err); + goto end; + } + + if (infile == NULL) + BIO_set_fp(in,stdin,BIO_NOCLOSE); + else + { + if (BIO_read_filename(in,infile) <= 0) + { + perror(infile); + goto end; + } + } + + BIO_printf(bio_err,"read RSA private key\n"); + if (informat == FORMAT_ASN1) + rsa=d2i_RSAPrivateKey_bio(in,NULL); +#ifndef NO_RC4 + else if (informat == FORMAT_NETSCAPE) + { + BUF_MEM *buf=NULL; + unsigned char *p; + int size=0; + + buf=BUF_MEM_new(); + for (;;) + { + if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10))) + goto end; + i=BIO_read(in,&(buf->data[size]),1024*10); + size+=i; + if (i == 0) break; + if (i < 0) + { + perror("reading private key"); + BUF_MEM_free(buf); + goto end; + } + } + p=(unsigned char *)buf->data; + rsa=(RSA *)d2i_Netscape_RSA(NULL,&p,(long)size,NULL); + BUF_MEM_free(buf); + } +#endif + else if (informat == FORMAT_PEM) + rsa=PEM_read_bio_RSAPrivateKey(in,NULL,NULL,NULL); + else + { + BIO_printf(bio_err,"bad input format specified for key\n"); + goto end; + } + if (rsa == NULL) + { + BIO_printf(bio_err,"unable to load Private Key\n"); + ERR_print_errors(bio_err); + goto end; + } + + if (outfile == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if (BIO_write_filename(out,outfile) <= 0) + { + perror(outfile); + goto end; + } + } + + if (text) + if (!RSA_print(out,rsa,0)) + { + perror(outfile); + ERR_print_errors(bio_err); + goto end; + } + + if (modulus) + { + fprintf(stdout,"Modulus="); + BN_print(out,rsa->n); + fprintf(stdout,"\n"); + } + + if (check) + { + int r = RSA_check_key(rsa); + + if (r == 1) + BIO_printf(out,"RSA key ok\n"); + else if (r == 0) + { + long e; + + while ((e = ERR_peek_error()) != 0 && + ERR_GET_LIB(e) == ERR_LIB_RSA && + ERR_GET_FUNC(e) == RSA_F_RSA_CHECK_KEY && + ERR_GET_REASON(e) != ERR_R_MALLOC_FAILURE) + { + BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(e)); + ERR_get_error(); /* remove e from error stack */ + } + } + + if (r == -1 || ERR_peek_error() != 0) /* should happen only if r == -1 */ + { + ERR_print_errors(bio_err); + goto end; + } + } + + if (noout) goto end; + BIO_printf(bio_err,"writing RSA private key\n"); + if (outformat == FORMAT_ASN1) + i=i2d_RSAPrivateKey_bio(out,rsa); +#ifndef NO_RC4 + else if (outformat == FORMAT_NETSCAPE) + { + unsigned char *p,*pp; + int size; + + i=1; + size=i2d_Netscape_RSA(rsa,NULL,NULL); + if ((p=(unsigned char *)Malloc(size)) == NULL) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto end; + } + pp=p; + i2d_Netscape_RSA(rsa,&p,NULL); + BIO_write(out,(char *)pp,size); + Free(pp); + } +#endif + else if (outformat == FORMAT_PEM) + i=PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL,NULL); + else { + BIO_printf(bio_err,"bad output format specified for outfile\n"); + goto end; + } + if (!i) + { + BIO_printf(bio_err,"unable to write private key\n"); + ERR_print_errors(bio_err); + } + else + ret=0; +end: + if (in != NULL) BIO_free(in); + if (out != NULL) BIO_free(out); + if (rsa != NULL) RSA_free(rsa); + EXIT(ret); + } +#endif diff --git a/crypto/openssl/apps/rsa/01.pem b/crypto/openssl/apps/rsa/01.pem new file mode 100644 index 0000000..36ec575 --- /dev/null +++ b/crypto/openssl/apps/rsa/01.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICTjCCAbsCEGiuFKTJn6nzmiPPLxUZs1owDQYJKoZIhvcNAQEEBQAwXzELMAkG +A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD +VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk4 +MDUxODAwMDAwMFoXDTk5MDUxODIzNTk1OVowdTELMAkGA1UEBhMCVVMxETAPBgNV +BAgTCE5ldyBZb3JrMREwDwYDVQQHFAhOZXcgWW9yazEeMBwGA1UEChQVSW5kdXN0 +cmlhbCBQcmVzcyBJbmMuMSAwHgYDVQQDFBd3d3cuaW5kdXN0cmlhbHByZXNzLmNv +bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqiH9xUJNHvqCmaDon27ValJb +qTLymF3yKKWBxbODLWjX7yKjewoqWhotaEARI6jXPqomU87gFU1tH4r/bgwh3FmU +MK3qo92XOsvwNAHzXzWRXQNJmm54g2F1RUt00pgYiOximDse1t9RL5POCDEbfX8D +gugrE/WwkS2FrSoc5/cCAwEAATANBgkqhkiG9w0BAQQFAAN+AIw7fvF0EtEvrNS/ +LYuqAgUw/tH0FLgCkqKLmYYm/yR+Z0hD2eP/UhF+jAwmV8rHtBnaTM7oN23RVW2k +Cf8soiGfr2PYtfufpXtd7azUFa+WJCWnp0N29EG0BR1JOFC0Q/4dh/X9qulM8luq +Pjrmw2eSgbdmmdumWAcNPVbV +-----END CERTIFICATE----- diff --git a/crypto/openssl/apps/rsa/1.txt b/crypto/openssl/apps/rsa/1.txt new file mode 100644 index 0000000..95a862e --- /dev/null +++ b/crypto/openssl/apps/rsa/1.txt @@ -0,0 +1,50 @@ +issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority +subject=/C=US/ST=New York/L=New York/O=Industrial Press Inc./CN=www.industrialpress.com +Certificate: + Data: + Version: 1 (0x0) + Serial Number: + 68:ae:14:a4:c9:9f:a9:f3:9a:23:cf:2f:15:19:b3:5a + Signature Algorithm: md5WithRSAEncryption + Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority + Validity + Not Before: May 18 00:00:00 1998 GMT + Not After : May 18 23:59:59 1999 GMT + Subject: C=US, ST=New York, L=New York, O=Industrial Press Inc., CN=www.industrialpress.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:aa:21:fd:c5:42:4d:1e:fa:82:99:a0:e8:9f:6e: + d5:6a:52:5b:a9:32:f2:98:5d:f2:28:a5:81:c5:b3: + 83:2d:68:d7:ef:22:a3:7b:0a:2a:5a:1a:2d:68:40: + 11:23:a8:d7:3e:aa:26:53:ce:e0:15:4d:6d:1f:8a: + ff:6e:0c:21:dc:59:94:30:ad:ea:a3:dd:97:3a:cb: + f0:34:01:f3:5f:35:91:5d:03:49:9a:6e:78:83:61: + 75:45:4b:74:d2:98:18:88:ec:62:98:3b:1e:d6:df: + 51:2f:93:ce:08:31:1b:7d:7f:03:82:e8:2b:13:f5: + b0:91:2d:85:ad:2a:1c:e7:f7 + Exponent: 65537 (0x10001) + Signature Algorithm: md5WithRSAEncryption + 8c:3b:7e:f1:74:12:d1:2f:ac:d4:bf:2d:8b:aa:02:05:30:fe: + d1:f4:14:b8:02:92:a2:8b:99:86:26:ff:24:7e:67:48:43:d9: + e3:ff:52:11:7e:8c:0c:26:57:ca:c7:b4:19:da:4c:ce:e8:37: + 6d:d1:55:6d:a4:09:ff:2c:a2:21:9f:af:63:d8:b5:fb:9f:a5: + 7b:5d:ed:ac:d4:15:af:96:24:25:a7:a7:43:76:f4:41:b4:05: + 1d:49:38:50:b4:43:fe:1d:87:f5:fd:aa:e9:4c:f2:5b:aa:3e: + 3a:e6:c3:67:92:81:b7:66:99:db:a6:58:07:0d:3d:56:d5 +-----BEGIN CERTIFICATE----- +MIICTjCCAbsCEGiuFKTJn6nzmiPPLxUZs1owDQYJKoZIhvcNAQEEBQAwXzELMAkG +A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD +VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk4 +MDUxODAwMDAwMFoXDTk5MDUxODIzNTk1OVowdTELMAkGA1UEBhMCVVMxETAPBgNV +BAgTCE5ldyBZb3JrMREwDwYDVQQHFAhOZXcgWW9yazEeMBwGA1UEChQVSW5kdXN0 +cmlhbCBQcmVzcyBJbmMuMSAwHgYDVQQDFBd3d3cuaW5kdXN0cmlhbHByZXNzLmNv +bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqiH9xUJNHvqCmaDon27ValJb +qTLymF3yKKWBxbODLWjX7yKjewoqWhotaEARI6jXPqomU87gFU1tH4r/bgwh3FmU +MK3qo92XOsvwNAHzXzWRXQNJmm54g2F1RUt00pgYiOximDse1t9RL5POCDEbfX8D +gugrE/WwkS2FrSoc5/cCAwEAATANBgkqhkiG9w0BAQQFAAN+AIw7fvF0EtEvrNS/ +LYuqAgUw/tH0FLgCkqKLmYYm/yR+Z0hD2eP/UhF+jAwmV8rHtBnaTM7oN23RVW2k +Cf8soiGfr2PYtfufpXtd7azUFa+WJCWnp0N29EG0BR1JOFC0Q/4dh/X9qulM8luq +Pjrmw2eSgbdmmdumWAcNPVbV +-----END CERTIFICATE----- diff --git a/crypto/openssl/apps/rsa/SecureServer.pem b/crypto/openssl/apps/rsa/SecureServer.pem new file mode 100644 index 0000000..7c8ffb2 --- /dev/null +++ b/crypto/openssl/apps/rsa/SecureServer.pem @@ -0,0 +1,47 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: + 02:ad:66:7e:4e:45:fe:5e:57:6f:3c:98:19:5e:dd:c0 + Signature Algorithm: md2WithRSAEncryption + Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority + Validity + Not Before: Nov 9 00:00:00 1994 GMT + Not After : Jan 7 23:59:59 2010 GMT + Subject: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1000 bit) + Modulus (1000 bit): + 00:92:ce:7a:c1:ae:83:3e:5a:aa:89:83:57:ac:25: + 01:76:0c:ad:ae:8e:2c:37:ce:eb:35:78:64:54:03: + e5:84:40:51:c9:bf:8f:08:e2:8a:82:08:d2:16:86: + 37:55:e9:b1:21:02:ad:76:68:81:9a:05:a2:4b:c9: + 4b:25:66:22:56:6c:88:07:8f:f7:81:59:6d:84:07: + 65:70:13:71:76:3e:9b:77:4c:e3:50:89:56:98:48: + b9:1d:a7:29:1a:13:2e:4a:11:59:9c:1e:15:d5:49: + 54:2c:73:3a:69:82:b1:97:39:9c:6d:70:67:48:e5: + dd:2d:d6:c8:1e:7b + Exponent: 65537 (0x10001) + Signature Algorithm: md2WithRSAEncryption + 65:dd:7e:e1:b2:ec:b0:e2:3a:e0:ec:71:46:9a:19:11:b8:d3: + c7:a0:b4:03:40:26:02:3e:09:9c:e1:12:b3:d1:5a:f6:37:a5: + b7:61:03:b6:5b:16:69:3b:c6:44:08:0c:88:53:0c:6b:97:49: + c7:3e:35:dc:6c:b9:bb:aa:df:5c:bb:3a:2f:93:60:b6:a9:4b: + 4d:f2:20:f7:cd:5f:7f:64:7b:8e:dc:00:5c:d7:fa:77:ca:39: + 16:59:6f:0e:ea:d3:b5:83:7f:4d:4d:42:56:76:b4:c9:5f:04: + f8:38:f8:eb:d2:5f:75:5f:cd:7b:fc:e5:8e:80:7c:fc:50 +-----BEGIN CERTIFICATE----- +MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG +A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD +VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0 +MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV +BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy +dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ +ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII +0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI +uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI +hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3 +YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc +1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA== +-----END CERTIFICATE----- diff --git a/crypto/openssl/apps/rsa/s.txt b/crypto/openssl/apps/rsa/s.txt new file mode 100644 index 0000000..7de7e07 --- /dev/null +++ b/crypto/openssl/apps/rsa/s.txt @@ -0,0 +1,49 @@ +issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority +subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority +Certificate: + Data: + Version: 1 (0x0) + Serial Number: + 02:ad:66:7e:4e:45:fe:5e:57:6f:3c:98:19:5e:dd:c0 + Signature Algorithm: md2WithRSAEncryption + Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority + Validity + Not Before: Nov 9 00:00:00 1994 GMT + Not After : Jan 7 23:59:59 2010 GMT + Subject: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1000 bit) + Modulus (1000 bit): + 00:92:ce:7a:c1:ae:83:3e:5a:aa:89:83:57:ac:25: + 01:76:0c:ad:ae:8e:2c:37:ce:eb:35:78:64:54:03: + e5:84:40:51:c9:bf:8f:08:e2:8a:82:08:d2:16:86: + 37:55:e9:b1:21:02:ad:76:68:81:9a:05:a2:4b:c9: + 4b:25:66:22:56:6c:88:07:8f:f7:81:59:6d:84:07: + 65:70:13:71:76:3e:9b:77:4c:e3:50:89:56:98:48: + b9:1d:a7:29:1a:13:2e:4a:11:59:9c:1e:15:d5:49: + 54:2c:73:3a:69:82:b1:97:39:9c:6d:70:67:48:e5: + dd:2d:d6:c8:1e:7b + Exponent: 65537 (0x10001) + Signature Algorithm: md2WithRSAEncryption + 65:dd:7e:e1:b2:ec:b0:e2:3a:e0:ec:71:46:9a:19:11:b8:d3: + c7:a0:b4:03:40:26:02:3e:09:9c:e1:12:b3:d1:5a:f6:37:a5: + b7:61:03:b6:5b:16:69:3b:c6:44:08:0c:88:53:0c:6b:97:49: + c7:3e:35:dc:6c:b9:bb:aa:df:5c:bb:3a:2f:93:60:b6:a9:4b: + 4d:f2:20:f7:cd:5f:7f:64:7b:8e:dc:00:5c:d7:fa:77:ca:39: + 16:59:6f:0e:ea:d3:b5:83:7f:4d:4d:42:56:76:b4:c9:5f:04: + f8:38:f8:eb:d2:5f:75:5f:cd:7b:fc:e5:8e:80:7c:fc:50 +-----BEGIN CERTIFICATE----- +MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG +A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD +VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0 +MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV +BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy +dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ +ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII +0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI +uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI +hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3 +YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc +1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA== +-----END CERTIFICATE----- diff --git a/crypto/openssl/apps/rsa8192.pem b/crypto/openssl/apps/rsa8192.pem new file mode 100644 index 0000000..946a6e5 --- /dev/null +++ b/crypto/openssl/apps/rsa8192.pem @@ -0,0 +1,101 @@ +-----BEGIN RSA PRIVATE KEY----- + +MIISKAIBAAKCBAEAiQ2f1X6Bte1DKD0OoCBKEikzPW+5w3oXk3WwnE97Wxzy6wJZ +ebbZC3CZKKBnJeBMrysPf+lK+9+fP6Vm8bp1wvbcSIA59BDrX6irFSuM/bdnkbuF +MFlDjt+uVrxwoyqfPi2IPot1HQg3l5mdyBqcTWvbOnU2L9HZxJfPUCjfzdTMPrMY +55/A20XL7tlV2opEfwhy3uVlveQBM0DnZ3MUQfrk+lRRNWv7yE4ScbOfER9fjvOm +yJc3ZbOa3e+AMGGU9OqJ/fyOl0SGYyP2k23omy/idBV4uOs8QWdnAvq8UOzDdua3 +tuf5Tn17XBurPJ8juwyPBNispkwwn8BjxAZVPhwUIcxFBg339IxJ9cW0WdVy4nNA +LWo/8Ahlf+kZNnFNGCPFytU9gGMLMhab9w/rLrwa9qNe4L8Fmu1JxONn1WfhMOKE +aFmycf2olJsYLgUIGYZrjnYu0p/7P3yhTOv8JIhmK+SzmA/I0xiQoF84rpaQzH2d +PvxICOA9oQSowou0gLuBSZWm6LiXirg1DZCziU46v33ErQlWM1dSyNaUSzihcV59 +mVD0nmzboXH75lGiyiZlp8cLbozzoCwvk9rYqpUGSBzbAy0ECCpabGpzO2Ug+oDi +71e5z4WMpeoR4IS8MaOG/GsJnwaXhiB/gNYfK+8pRADVk5StEAZDE2alSuCbDs0z +d9zYr4/em5T9VZsLetxRE7pm/Es9yELuViz8/Tm0/8MVdmNYc/xZU1t6qYYFdyQ2 +wlGDTiNPsjR8yXCkmBjKwqnuleu1X6LaZu3VPhEkXGcyFAquQUkSiMv0Yu74qAe0 +bQ2v+jjZzP6AM9LUo89cW4Kd8SGD96BdNlAVPNMXoBcIOsZBwsOtETBd4KAyvkXE +Ob17u+PLl4UPnSxm9ypKZunUNFRPxtKUyjySYnvlGL+kTjAXrIrZwKJqIn0uhnfa +Ck3o7bU6yVMK22ODxy2/Vi3E0P6k5JLwnrF0VIOBqGhts66qo6mWDP8l6MZHARFd +pU+nofssVmr8tLKmMmjYGMM5GmKIXRNBs0ksTwFnKRs9AmpE5owC8tTSVdTAkGuS +os7QwLvyvNzq7BGJiVr0Iy3Dhsl1vzR35acNOrCsDl3DcCQONKJ2sVXV4pD3dBah +mG3sR/jHgjasffJJ35uiGoAua9dbT7HG/+D0z1SHYaVqH8zO4VZSOnGJh/P9rtxx +cckFDbiag/JMWig2lbnCjebTtp/BcUsK3TNaDOb7vb0LvbAeRJadd1EFu6PSlH3K +LykSUPm4UedvUU3cWjqkSY5lITFJkVaIYOv/EljYtK7p7kFZFTaEwMAWxgsXU3pQ +tTzVmq1gZ4vXPwcUq0zK50Frq0F7SQc21ZsunwIDAQABAoIEADuQAkDEpBausJsS +PgL1RXuzECPJJJCBxTE+2qx0FoY4hJICCWTORHGmU8nGPE3Ht0wBiNDsULw6KXl9 +psmzYW6D3qRbpdQebky6fu/KZ5H0XTyGpJGomaXELH5hkwo2gdKB805LSXB+m7p0 +9o96kSdMkpBLVGtf5iZ8W4rY2LsZmlI9f7taQHSLVt/M8HTz1mTnBRU92QO3zZW6 +xVa+OrWaFl18u3ZeIaSh2X40tBK68cqstXVD0r2OWuXNKobcQeJW8/XABzBShZ0c +ihL0lzyqiN4uXrLu+Nbr22b+FU2OODy6dGk3U6/69NvI4piMCPlHsfhHOnFjd1ZW +RIVywyUlCtLNdcn11CchuRro+0J3c2Ba+i9Cl9r3qzT11xFEGF8/XLyUBBCB+uGf +1dR/xJQhCA7cXWWLXyI/semxcvTaGpImP6kiIl1MAjHjXZTSdvyw4JmfXyYGhSjI +P0mw3Xn7FXxJ/os9gOfNKz2nZHjr0q4sgWRYO+4vllkeL0GteZrg4oVaVpmZb7LH +77afhodLylhijlEtV5skfkPujbBLQk6E5Ez3U/huEt2NLg6guADmwxMxfBRliZO4 +4Ex/td4cuggpEj3FGJV74qRvdvj/MF/uF7IxC/3WapPIsFBFH4zrJsUYt6u3L68I +/KC/bfioDeUR/8ANw1DNh+UsnPV3GJIwDkIJKdppi2uXPahJyJQQ8Inps53nn8Gg +GifS+HnOXNgMoKOJnZ9IDGjXpfjIs8dJNrGfDHF0mH30N2WARq2v/a3cNUC+f8Bq +HSKQ9YrZopktMunsut8u7ZYbTmjIqJpXCaM0CCrSlzSMTDHFSj2tzLk6+qnxeGxB +ZwIdShbdeK+0ETG91lE1e9RPQs/uXQP9+uCHJV0YpqQcA6pkCLYJfYpoSMu/Bafy +AgfVZz6l5tyEnV0wCcbopsQShc1k9xtTbYNF1h9AQHknj6zeDW4iZMvmVeh3RovT +52OA2R8oLyauF+QaG6x2wUjEx13SJlaBarJZ4seZIOJ+a8+oNzKsbgokXc2cyC9p +5FAZz1OsOb68o93qD1Xvl7bY97fq2q55L7G1XHPPLtZE5lGiLGDtnAuwY8UPrdpr +7Mv2yIxB7xVGurXyHb5PvusR88XED6HMPfLBG/55ENHTal7G5mRix+IWSBAIkxA5 +KZ0j8r5Ng4+wELZhqFQai39799bIAyiV6CEz4kyDXlo0kSSexp8o4iz5sPq5vp6h +cCb7rdRw7uRnbXrHmXahxoB+ibXaurgV/6B2yurrU/UFoxEp2sHp8LXZGfF6ztY1 +dMhSQAACK2vGy5yNagbkTHLgVaHicG5zavJBqzCE+lbPlCqhOUQPdOIwvjHNjdS/ +DL3WV/ECggIBAMbW65wPk/i43nSyeZeYwcHtR1SUJqDXavYfBPC0VRhKz+7DVMFw +Nwnocn6gITABc445W1yl7U3uww+LGuDlSlFnd8WuiXpVYud9/jeNu6Mu4wvNsnWr +f4f4ua8CcS03GmqmcbROD2Z6by1AblCZ2UL1kv9cUX1FLVjPP1ESAGKoePt3BmZQ +J1uJfK8HilNT8dcUlj/5CBi2uHxttDhoG0sxXE/SVsG9OD/Pjme0mj7gdzc6Ztd+ +TALuvpNQR4pRzfo5XWDZBcEYntcEE3PxYJB1+vnZ8509ew5/yLHTbLjFxIcx71zY +fhH0gM36Sz7mz37r0+E/QkRkc5bVIDC4LDnWmjpAde6QUx0d218ShNx6sJo4kt5c +Dd7tEVx8nuX8AIZYgwsOb382anLyFRkkmEdK3gRvwQ6SWR36Ez5L7/mHWODpLAX5 +mVBKSG4/ccFbc633/g0xHw0Nwajir/klckdakuYPlwF0yAxJSKDLhmNctDhRmxjC +YP+fISkl5oTvFRzJH6HEyNu8M3ybRvmpPIjM5J5JpnB2IYbohYBR+T6/97C1DKrd +mzL5PjlrWm0c1/d7LlDoP65fOShDMmj2zCiBAHHOM0Alokx+v5LmMd8NJumZIwGJ +Rt5OpeMOhowz6j1AjYxYgV7PmJL6Ovpfb775od/aLaUbbwHz2uWIvfF7AoICAQCw +c7NaO7oJVLJClhYw6OCvjT6oqtgNVWaennnDiJgzY9lv5HEgV0MAG0eYuB3hvj+w +Y1P9DJxP1D+R+cshYrAFg8yU/3kaYVNI0Bl3ygX0eW1b/0HZTdocs+8kM/9PZQDR +WrKQoU5lHvqRt99dXlD4NWGI2YQtzdZ8iet9QLqnjwRZabgE96mF01qKisMnFcsh +KjT7ieheU4J15TZj/mdZRNK126d7e3q/rNj73e5EJ9tkYLcolSr4gpknUMJULSEi +JH1/Qx7C/mTAMRsN5SkOthnGq0djCNWfPv/3JV0H67Uf5krFlnwLebrgfTYoPPdo +yO7iBUNJzv6Qh22malLp4P8gzACkD7DGlSTnoB5cLwcjmDGg+i9WrUBbOiVTeQfZ +kOj1o+Tz35ndpq/DDUVlqliB9krcxva+QHeJPH53EGI+YVg1nD+s/vUDZ3mQMGX9 +DQou2L8uU6RnWNv/BihGcL8QvS4Ty6QyPOUPpD3zc70JQAEcQk9BxQNaELgJX0IN +22cYn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU +ojF5U6cwextMja1ZIIZgh9eugIRUeIE7319nQNDzuXWjRCcoBLA25P7wnpHWDRpz +D9ovXCIvdja74lL5psqobV6L5+fbLPkSgXoImKR0LQKCAgAIC9Jk8kxumCyIVGCP +PeM5Uby9M3GMuKrfYsn0Y5e97+kSJF1dpojTodBgR2KQar6eVrvXt+8uZCcIjfx8 +dUrYmHNEUJfHl4T1ESgkX1vkcpVFeQFruZDjk7EP3+1sgvpSroGTZkVBRFsTXbQZ +FuCv0Pgt1TKG+zGmklxhj3TsiRy8MEjWAxBUp++ftZJnZNI4feDGnfEx7tLwVhAg +6DWSiWDO6hgQpvOLwX5lu+0x9itc1MQsnDO/OqIDnBAJDN5k7cVVkfKlqbVjxgpz +eqUJs3yAd81f44kDQTCB4ahYocgeIGsrOqd/WoGL1EEPPo/O9wQP7VtlIRt8UwuG +bS18+a4sBUfAa56xYu/pnPo7YcubsgZfcSIujzFQqMpVTClJRnOnEuJ4J1+PXzRz +XAO9fs4VJ+CMEmgAyonUz4Xadxulnknlw//sO9VKgM69oFHCDHL/XamAAbqAdwvf +7R/+uy+Ol7romC0wMhb6SsIZazrvvH2mNtduAKZ638nAP1x/WbQp+6iVG7yJok7w +82Q7tO7baOePTXh12Rrt4mNPor0HLYxhra4GFgfqkumJ2Mz0esuZAozxJXFOq8ly +beo9CVtXP5zbT6qNpeNismX6PLICaev8t+1iOZSE56WSLtefuuj/cOVrTMNDz1Rr +pUkEVV2zjUSjlcScM538A9iL2QKCAgBLbBk0r6T0ihRsK9UucMxhnYEz/Vq+UEu9 +70Vi1AciqEJv9nh4d3Q3HnH7EHANZxG4Jqzm1DYYVUQa9GfkTFeq88xFv/GW2hUM +YY8RSfRDrIeXNEOETCe37x2AHw25dRXlZtw+wARPau91y9+Y/FCl18NqCHfcUEin +ERjsf/eI2bPlODAlR2tZvZ7M60VBdqpN8cmV3zvI3e88z43xLfQlDyr1+v7a5Evy +lEJnXlSTI2o+vKxtl103vjMSwA1gh63K90gBVsJWXQDZueOzi8mB9UqNRfcMmOEe +4YHttTXPxeu0x+4cCRfam9zKShsVFgI28vRQ/ijl6qmbQ5gV8wqf18GV1j1L4z0P +lP6iVynDA4MMrug/w9DqPsHsfK0pwekeETfSj4y0xVXyjWZBfHG2ZBrS6mDTf+RG +LC4sJgR0hjdILLnUqIX7PzuhieBHRrjBcopwvcryVWRHnI7kslAS0+yHjiWc5oW3 +x5mtlum4HzelNYuD9cAE/95P6CeSMfp9CyIE/KSX4VvsRm6gQVkoQRKMxnQIFQ3w +O5gl1l88vhjoo2HxYScgCp70BsDwiUNTqIR3NM+ZBHYFweVf3Gwz5LzHZT2rEZtD +6VXRP75Q/2wOLnqCO4bK4BUs6sqxcQZmOldruPkPynrY0oPfHHExjxZDvQu4/r80 +Ls3n0L8yvQKCAgEAnYWS6EikwaQNpJEfiUnOlglgFz4EE1eVkrDbBY4J3oPU+doz +DrqmsvgpSZIAfd2MUbkN4pOMsMTjbeIYWDnZDa1RoctKs3FhwFPHwAjQpznab4mn +Bp81FMHM40qyb0NaNuFRwghdXvoQvBBX1p8oEnFzDRvTiuS/vTPTA8KDY8IeRp8R +oGzKHpfziNwq/URpqj7pwi9odNjGZvR2IwYw9jCLPIqaEbMoSOdI0mg4MoYyqP4q +nm7d4wqSDwrYxiXZ6f3nYpkhEY1lb0Wbksp1ig8sKSF4nDZRGK1RSfE+6gjBp94H +X/Wog6Zb6NC9ZpusTiDLvuIUXcyUJvmHiWjSNqiTv8jurlwEsgSwhziEQfqLrtdV +QI3PRMolBkD1iCk+HFE53r05LMf1bp3r4MS+naaQrLbIrl1kgDNGwVdgS+SCM7Bg +TwEgE67iOb2iIoUpon/NyP4LesMzvdpsu2JFlfz13PmmQ34mFI7tWvOb3NA5DP3c +46C6SaWI0TD9B11nJbHGTYN3Si9n0EBgoDJEXUKeh3km9O47dgvkSug4WzhYsvrE +rMlMLtKfp2w8HlMZpsUlToNCx6CI+tJrohzcs3BAVAbjFAXRKWGijB1rxwyDdHPv +I+/wJTNaRNPQ1M0SwtEL/zJd21y3KSPn4eL+GP3efhlDSjtlDvZqkdAUsU8= +-----END RSA PRIVATE KEY----- + diff --git a/crypto/openssl/apps/s1024key.pem b/crypto/openssl/apps/s1024key.pem new file mode 100644 index 0000000..19e0403 --- /dev/null +++ b/crypto/openssl/apps/s1024key.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQCzEfU8E+ZGTGtHXV5XhvM2Lg32fXUIjydXb34BGVPX6oN7+aNV +S9eWayvW/+9/vUb0aCqilJrpFesgItV2T8VhhjOE++XUz46uNpcMU7wHMEAXUufP +pztpFm8ZEk2tFKvadkSSoN8lb11juvZVkSkPlB65pFhSe4QKSp6J4HrkYwIDAQAB +AoGBAKy8jvb0Lzby8q11yNLf7+78wCVdYi7ugMHcYA1JVFK8+zb1WfSm44FLQo/0 +dSChAjgz36TTexeLODPYxleJndjVcOMVzsLJjSM8dLpXsTS4FCeMbhw2s2u+xqKY +bbPWfk+HOTyJjfnkcC5Nbg44eOmruq0gSmBeUXVM5UntlTnxAkEA7TGCA3h7kx5E +Bl4zl2pc3gPAGt+dyfk5Po9mGJUUXhF5p2zueGmYWW74TmOWB1kzt4QRdYMzFePq +zfDNXEa1CwJBAMFErdY0xp0UJ13WwBbUTk8rujqQdHtjw0klhpbuKkjxu2hN0wwM +6p0D9qxF7JHaghqVRI0fAW/EE0OzdHMR9QkCQQDNR26dMFXKsoPu+vItljj/UEGf +QG7gERiQ4yxaFBPHgdpGo0kT31eh9x9hQGDkxTe0GNG/YSgCRvm8+C3TMcKXAkBD +dhGn36wkUFCddMSAM4NSJ1VN8/Z0y5HzCmI8dM3VwGtGMUQlxKxwOl30LEQzdS5M +0SWojNYXiT2gOBfBwtbhAkEAhafl5QEOIgUz+XazS/IlZ8goNKdDVfYgK3mHHjvv +nY5G+AuGebdNkXJr4KSWxDcN+C2i47zuj4QXA16MAOandA== +-----END RSA PRIVATE KEY----- diff --git a/crypto/openssl/apps/s1024req.pem b/crypto/openssl/apps/s1024req.pem new file mode 100644 index 0000000..bb75e7e --- /dev/null +++ b/crypto/openssl/apps/s1024req.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBojCCAQsCAQAwZDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx +GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSQwIgYDVQQDExtTZXJ2ZXIgdGVz +dCBjZXJ0ICgxMDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALMR +9TwT5kZMa0ddXleG8zYuDfZ9dQiPJ1dvfgEZU9fqg3v5o1VL15ZrK9b/73+9RvRo +KqKUmukV6yAi1XZPxWGGM4T75dTPjq42lwxTvAcwQBdS58+nO2kWbxkSTa0Uq9p2 +RJKg3yVvXWO69lWRKQ+UHrmkWFJ7hApKnongeuRjAgMBAAEwDQYJKoZIhvcNAQEE +BQADgYEAStHlk4pBbwiNeQ2/PKTPPXzITYC8Gn0XMbrU94e/6JIKiO7aArq9Espq +nrBSvC14dHcNl6NNvnkEKdQ7hAkcACfBbnOXA/oQvMBd4GD78cH3k0jVDoVUEjil +frLfWlckW6WzpTktt0ZPDdAjJCmKVh0ABHimi7Bo9FC3wIGIe5M= +-----END CERTIFICATE REQUEST----- diff --git a/crypto/openssl/apps/s512-key.pem b/crypto/openssl/apps/s512-key.pem new file mode 100644 index 0000000..0e3ff2d --- /dev/null +++ b/crypto/openssl/apps/s512-key.pem @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD +TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu +OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj +gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz +rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b +PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA +vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU= +-----END RSA PRIVATE KEY----- diff --git a/crypto/openssl/apps/s512-req.pem b/crypto/openssl/apps/s512-req.pem new file mode 100644 index 0000000..ea314be --- /dev/null +++ b/crypto/openssl/apps/s512-req.pem @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBGzCBxgIBADBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEa +MBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0 +IGNlcnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8S +MVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8E +y2//Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAANBAAB+uQi+qwn6qRSHB8EUTvsm +5TNTHzYDeN39nyIbZNX2s0se3Srn2Bxft5YCwD3moFZ9QoyDHxE0h6qLX5yjD+8= +-----END CERTIFICATE REQUEST----- diff --git a/crypto/openssl/apps/s_apps.h b/crypto/openssl/apps/s_apps.h new file mode 100644 index 0000000..1a0e9f9 --- /dev/null +++ b/crypto/openssl/apps/s_apps.h @@ -0,0 +1,120 @@ +/* apps/s_apps.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <sys/types.h> +#if (defined(VMS) || defined(__VMS)) && !defined(FD_SET) +/* VAX C does not defined fd_set and friends, but it's actually quite simple */ +/* These definitions are borrowed from SOCKETSHR. /Richard Levitte */ +#define MAX_NOFILE 32 +#define NBBY 8 /* number of bits in a byte */ + +#ifndef FD_SETSIZE +#define FD_SETSIZE MAX_NOFILE +#endif /* FD_SETSIZE */ + +/* How many things we'll allow select to use. 0 if unlimited */ +#define MAXSELFD MAX_NOFILE +typedef int fd_mask; /* int here! VMS prototypes int, not long */ +#define NFDBITS (sizeof(fd_mask) * NBBY) /* bits per mask (power of 2!)*/ +#define NFDSHIFT 5 /* Shift based on above */ + +typedef fd_mask fd_set; +#define FD_SET(n, p) (*(p) |= (1 << ((n) % NFDBITS))) +#define FD_CLR(n, p) (*(p) &= ~(1 << ((n) % NFDBITS))) +#define FD_ISSET(n, p) (*(p) & (1 << ((n) % NFDBITS))) +#define FD_ZERO(p) memset((char *)(p), 0, sizeof(*(p))) +#endif + +#define PORT 4433 +#define PORT_STR "4433" +#define PROTOCOL "tcp" + +int do_accept(int acc_sock, int *sock, char **host); +int do_server(int port, int *ret, int (*cb) (), char *context); +#ifdef HEADER_X509_H +int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); +#else +int MS_CALLBACK verify_callback(int ok, char *ctx); +#endif +#ifdef HEADER_SSL_H +int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file); +#else +int set_cert_stuff(char *ctx, char *cert_file, char *key_file); +#endif +int init_client(int *sock, char *server, int port); +int init_client_ip(int *sock,unsigned char ip[4], int port); +int nbio_init_client_ip(int *sock,unsigned char ip[4], int port); +int nbio_sock_error(int sock); +int spawn(int argc, char **argv, int *in, int *out); +int init_server(int *sock, int port); +int init_server_long(int *sock, int port,char *ip); +int should_retry(int i); +void sock_cleanup(void ); +int extract_port(char *str, short *port_ptr); +int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p); +int host_ip(char *str, unsigned char ip[4]); + +long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, + int argi, long argl, long ret); + +#ifdef HEADER_SSL_H +void MS_CALLBACK apps_ssl_info_callback(SSL *s, int where, int ret); +#else +void MS_CALLBACK apps_ssl_info_callback(char *s, int where, int ret); +#endif + diff --git a/crypto/openssl/apps/s_cb.c b/crypto/openssl/apps/s_cb.c new file mode 100644 index 0000000..fdb11a1 --- /dev/null +++ b/crypto/openssl/apps/s_cb.c @@ -0,0 +1,238 @@ +/* apps/s_cb.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <stdlib.h> +#define USE_SOCKETS +#define NON_MAIN +#include "apps.h" +#undef NON_MAIN +#undef USE_SOCKETS +#include <openssl/err.h> +#include <openssl/x509.h> +#include <openssl/ssl.h> +#include "s_apps.h" + +int verify_depth=0; +int verify_error=X509_V_OK; + +int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) + { + char buf[256]; + X509 *err_cert; + int err,depth; + + err_cert=X509_STORE_CTX_get_current_cert(ctx); + err= X509_STORE_CTX_get_error(ctx); + depth= X509_STORE_CTX_get_error_depth(ctx); + + X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256); + BIO_printf(bio_err,"depth=%d %s\n",depth,buf); + if (!ok) + { + BIO_printf(bio_err,"verify error:num=%d:%s\n",err, + X509_verify_cert_error_string(err)); + if (verify_depth >= depth) + { + ok=1; + verify_error=X509_V_OK; + } + else + { + ok=0; + verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG; + } + } + switch (ctx->error) + { + case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: + X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256); + BIO_printf(bio_err,"issuer= %s\n",buf); + break; + case X509_V_ERR_CERT_NOT_YET_VALID: + case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: + BIO_printf(bio_err,"notBefore="); + ASN1_TIME_print(bio_err,X509_get_notBefore(ctx->current_cert)); + BIO_printf(bio_err,"\n"); + break; + case X509_V_ERR_CERT_HAS_EXPIRED: + case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: + BIO_printf(bio_err,"notAfter="); + ASN1_TIME_print(bio_err,X509_get_notAfter(ctx->current_cert)); + BIO_printf(bio_err,"\n"); + break; + } + BIO_printf(bio_err,"verify return:%d\n",ok); + return(ok); + } + +int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) + { + if (cert_file != NULL) + { + /* + SSL *ssl; + X509 *x509; + */ + + if (SSL_CTX_use_certificate_file(ctx,cert_file, + SSL_FILETYPE_PEM) <= 0) + { + BIO_printf(bio_err,"unable to get certificate from '%s'\n",cert_file); + ERR_print_errors(bio_err); + return(0); + } + if (key_file == NULL) key_file=cert_file; + if (SSL_CTX_use_PrivateKey_file(ctx,key_file, + SSL_FILETYPE_PEM) <= 0) + { + BIO_printf(bio_err,"unable to get private key from '%s'\n",key_file); + ERR_print_errors(bio_err); + return(0); + } + + /* + In theory this is no longer needed + ssl=SSL_new(ctx); + x509=SSL_get_certificate(ssl); + + if (x509 != NULL) { + EVP_PKEY *pktmp; + pktmp = X509_get_pubkey(x509); + EVP_PKEY_copy_parameters(pktmp, + SSL_get_privatekey(ssl)); + EVP_PKEY_free(pktmp); + } + SSL_free(ssl); + */ + + /* If we are using DSA, we can copy the parameters from + * the private key */ + + + /* Now we know that a key and cert have been set against + * the SSL context */ + if (!SSL_CTX_check_private_key(ctx)) + { + BIO_printf(bio_err,"Private key does not match the certificate public key\n"); + return(0); + } + } + return(1); + } + +long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi, + long argl, long ret) + { + BIO *out; + + out=(BIO *)BIO_get_callback_arg(bio); + if (out == NULL) return(ret); + + if (cmd == (BIO_CB_READ|BIO_CB_RETURN)) + { + BIO_printf(out,"read from %08X [%08lX] (%d bytes => %ld (0x%X))\n", + bio,argp,argi,ret,ret); + BIO_dump(out,argp,(int)ret); + return(ret); + } + else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN)) + { + BIO_printf(out,"write to %08X [%08lX] (%d bytes => %ld (0x%X))\n", + bio,argp,argi,ret,ret); + BIO_dump(out,argp,(int)ret); + } + return(ret); + } + +void MS_CALLBACK apps_ssl_info_callback(SSL *s, int where, int ret) + { + char *str; + int w; + + w=where& ~SSL_ST_MASK; + + if (w & SSL_ST_CONNECT) str="SSL_connect"; + else if (w & SSL_ST_ACCEPT) str="SSL_accept"; + else str="undefined"; + + if (where & SSL_CB_LOOP) + { + BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s)); + } + else if (where & SSL_CB_ALERT) + { + str=(where & SSL_CB_READ)?"read":"write"; + BIO_printf(bio_err,"SSL3 alert %s:%s:%s\n", + str, + SSL_alert_type_string_long(ret), + SSL_alert_desc_string_long(ret)); + } + else if (where & SSL_CB_EXIT) + { + if (ret == 0) + BIO_printf(bio_err,"%s:failed in %s\n", + str,SSL_state_string_long(s)); + else if (ret < 0) + { + BIO_printf(bio_err,"%s:error in %s\n", + str,SSL_state_string_long(s)); + } + } + } + diff --git a/crypto/openssl/apps/s_client.c b/crypto/openssl/apps/s_client.c new file mode 100644 index 0000000..b0610413 --- /dev/null +++ b/crypto/openssl/apps/s_client.c @@ -0,0 +1,840 @@ +/* apps/s_client.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifdef APPS_CRLF +# include <assert.h> +#endif +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#ifdef NO_STDIO +#define APPS_WIN16 +#endif + +/* With IPv6, it looks like Digital has mixed up the proper order of + recursive header file inclusion, resulting in the compiler complaining + that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which + is needed to have fileno() declared correctly... So let's define u_int */ +#if defined(VMS) && defined(__DECC) && !defined(__U_INT) +#define __U_INT +typedef unsigned int u_int; +#endif + +#define USE_SOCKETS +#include "apps.h" +#include <openssl/x509.h> +#include <openssl/ssl.h> +#include <openssl/err.h> +#include <openssl/pem.h> +#include "s_apps.h" + +#if (defined(VMS) && __VMS_VER < 70000000) +/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ +#undef FIONBIO +#endif + +#if defined(NO_RSA) && !defined(NO_SSL2) +#define NO_SSL2 +#endif + +#undef PROG +#define PROG s_client_main + +/*#define SSL_HOST_NAME "www.netscape.com" */ +/*#define SSL_HOST_NAME "193.118.187.102" */ +#define SSL_HOST_NAME "localhost" + +/*#define TEST_CERT "client.pem" */ /* no default cert. */ + +#undef BUFSIZZ +#define BUFSIZZ 1024*8 + +extern int verify_depth; +extern int verify_error; + +#ifdef FIONBIO +static int c_nbio=0; +#endif +static int c_Pause=0; +static int c_debug=0; +static int c_showcerts=0; + +static void sc_usage(void); +static void print_stuff(BIO *berr,SSL *con,int full); +static BIO *bio_c_out=NULL; +static int c_quiet=0; + +static void sc_usage(void) + { + BIO_printf(bio_err,"usage: s_client args\n"); + BIO_printf(bio_err,"\n"); + BIO_printf(bio_err," -host host - use -connect instead\n"); + BIO_printf(bio_err," -port port - use -connect instead\n"); + BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR); + + BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); + BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n"); + BIO_printf(bio_err," -key arg - Private key file to use, PEM format assumed, in cert file if\n"); + BIO_printf(bio_err," not specified but cert file is.\n"); + BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); + BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); + BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n"); + BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n"); + BIO_printf(bio_err," -showcerts - show all certificates in the chain\n"); + BIO_printf(bio_err," -debug - extra output\n"); + BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n"); + BIO_printf(bio_err," -state - print the 'ssl' states\n"); +#ifdef FIONBIO + BIO_printf(bio_err," -nbio - Run with non-blocking IO\n"); +#endif +#ifdef APPS_CRLF /* won't be #ifdef'd in next release */ + BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n"); +#endif + BIO_printf(bio_err," -quiet - no s_client output\n"); + BIO_printf(bio_err," -ssl2 - just use SSLv2\n"); + BIO_printf(bio_err," -ssl3 - just use SSLv3\n"); + BIO_printf(bio_err," -tls1 - just use TLSv1\n"); + BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n"); + BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n"); + BIO_printf(bio_err," -cipher - prefered cipher to use, use the 'openssl ciphers'\n"); + BIO_printf(bio_err," command to see what is available\n"); + + } + +int MAIN(int argc, char **argv) + { + int off=0; + SSL *con=NULL,*con2=NULL; + int s,k,width,state=0; + char *cbuf=NULL,*sbuf=NULL; + int cbuf_len,cbuf_off; + int sbuf_len,sbuf_off; + fd_set readfds,writefds; + short port=PORT; + int full_log=1; + char *host=SSL_HOST_NAME; + char *cert_file=NULL,*key_file=NULL; + char *CApath=NULL,*CAfile=NULL,*cipher=NULL; + int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0; +#ifdef APPS_CRLF + int crlf=0; +#endif + int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending; + SSL_CTX *ctx=NULL; + int ret=1,in_init=1,i,nbio_test=0; + SSL_METHOD *meth=NULL; + BIO *sbio; + /*static struct timeval timeout={10,0};*/ + +#if !defined(NO_SSL2) && !defined(NO_SSL3) + meth=SSLv23_client_method(); +#elif !defined(NO_SSL3) + meth=SSLv3_client_method(); +#elif !defined(NO_SSL2) + meth=SSLv2_client_method(); +#endif + + apps_startup(); + c_Pause=0; + c_quiet=0; + c_debug=0; + c_showcerts=0; + + if (bio_err == NULL) + bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); + + if ( ((cbuf=Malloc(BUFSIZZ)) == NULL) || + ((sbuf=Malloc(BUFSIZZ)) == NULL)) + { + BIO_printf(bio_err,"out of memory\n"); + goto end; + } + + verify_depth=0; + verify_error=X509_V_OK; +#ifdef FIONBIO + c_nbio=0; +#endif + + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-host") == 0) + { + if (--argc < 1) goto bad; + host= *(++argv); + } + else if (strcmp(*argv,"-port") == 0) + { + if (--argc < 1) goto bad; + port=atoi(*(++argv)); + if (port == 0) goto bad; + } + else if (strcmp(*argv,"-connect") == 0) + { + if (--argc < 1) goto bad; + if (!extract_host_port(*(++argv),&host,NULL,&port)) + goto bad; + } + else if (strcmp(*argv,"-verify") == 0) + { + verify=SSL_VERIFY_PEER; + if (--argc < 1) goto bad; + verify_depth=atoi(*(++argv)); + BIO_printf(bio_err,"verify depth is %d\n",verify_depth); + } + else if (strcmp(*argv,"-cert") == 0) + { + if (--argc < 1) goto bad; + cert_file= *(++argv); + } +#ifdef APPS_CRLF + else if (strcmp(*argv,"-crlf") == 0) + crlf=1; +#endif + else if (strcmp(*argv,"-quiet") == 0) + c_quiet=1; + else if (strcmp(*argv,"-pause") == 0) + c_Pause=1; + else if (strcmp(*argv,"-debug") == 0) + c_debug=1; + else if (strcmp(*argv,"-showcerts") == 0) + c_showcerts=1; + else if (strcmp(*argv,"-nbio_test") == 0) + nbio_test=1; + else if (strcmp(*argv,"-state") == 0) + state=1; +#ifndef NO_SSL2 + else if (strcmp(*argv,"-ssl2") == 0) + meth=SSLv2_client_method(); +#endif +#ifndef NO_SSL3 + else if (strcmp(*argv,"-ssl3") == 0) + meth=SSLv3_client_method(); +#endif +#ifndef NO_TLS1 + else if (strcmp(*argv,"-tls1") == 0) + meth=TLSv1_client_method(); +#endif + else if (strcmp(*argv,"-bugs") == 0) + bugs=1; + else if (strcmp(*argv,"-key") == 0) + { + if (--argc < 1) goto bad; + key_file= *(++argv); + } + else if (strcmp(*argv,"-reconnect") == 0) + { + reconnect=5; + } + else if (strcmp(*argv,"-CApath") == 0) + { + if (--argc < 1) goto bad; + CApath= *(++argv); + } + else if (strcmp(*argv,"-CAfile") == 0) + { + if (--argc < 1) goto bad; + CAfile= *(++argv); + } + else if (strcmp(*argv,"-no_tls1") == 0) + off|=SSL_OP_NO_TLSv1; + else if (strcmp(*argv,"-no_ssl3") == 0) + off|=SSL_OP_NO_SSLv3; + else if (strcmp(*argv,"-no_ssl2") == 0) + off|=SSL_OP_NO_SSLv2; + else if (strcmp(*argv,"-cipher") == 0) + { + if (--argc < 1) goto bad; + cipher= *(++argv); + } +#ifdef FIONBIO + else if (strcmp(*argv,"-nbio") == 0) + { c_nbio=1; } +#endif + else + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badop=1; + break; + } + argc--; + argv++; + } + if (badop) + { +bad: + sc_usage(); + goto end; + } + + if (bio_c_out == NULL) + { + if (c_quiet) + { + bio_c_out=BIO_new(BIO_s_null()); + } + else + { + if (bio_c_out == NULL) + bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE); + } + } + + SSLeay_add_ssl_algorithms(); + ctx=SSL_CTX_new(meth); + if (ctx == NULL) + { + ERR_print_errors(bio_err); + goto end; + } + + if (bugs) + SSL_CTX_set_options(ctx,SSL_OP_ALL|off); + else + SSL_CTX_set_options(ctx,off); + + if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); + if (cipher != NULL) + SSL_CTX_set_cipher_list(ctx,cipher); +#if 0 + else + SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER")); +#endif + + SSL_CTX_set_verify(ctx,verify,verify_callback); + if (!set_cert_stuff(ctx,cert_file,key_file)) + goto end; + + if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || + (!SSL_CTX_set_default_verify_paths(ctx))) + { + /* BIO_printf(bio_err,"error seting default verify locations\n"); */ + ERR_print_errors(bio_err); + /* goto end; */ + } + + SSL_load_error_strings(); + + con=(SSL *)SSL_new(ctx); +/* SSL_set_cipher_list(con,"RC4-MD5"); */ + +re_start: + + if (init_client(&s,host,port) == 0) + { + BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error()); + SHUTDOWN(s); + goto end; + } + BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s); + +#ifdef FIONBIO + if (c_nbio) + { + unsigned long l=1; + BIO_printf(bio_c_out,"turning on non blocking io\n"); + if (BIO_socket_ioctl(s,FIONBIO,&l) < 0) + { + ERR_print_errors(bio_err); + goto end; + } + } +#endif + if (c_Pause & 0x01) con->debug=1; + sbio=BIO_new_socket(s,BIO_NOCLOSE); + + if (nbio_test) + { + BIO *test; + + test=BIO_new(BIO_f_nbio_test()); + sbio=BIO_push(test,sbio); + } + + if (c_debug) + { + con->debug=1; + BIO_set_callback(sbio,bio_dump_cb); + BIO_set_callback_arg(sbio,bio_c_out); + } + + SSL_set_bio(con,sbio,sbio); + SSL_set_connect_state(con); + + /* ok, lets connect */ + width=SSL_get_fd(con)+1; + + read_tty=1; + write_tty=0; + tty_on=0; + read_ssl=1; + write_ssl=1; + + cbuf_len=0; + cbuf_off=0; + sbuf_len=0; + sbuf_off=0; + + for (;;) + { + FD_ZERO(&readfds); + FD_ZERO(&writefds); + + if (SSL_in_init(con) && !SSL_total_renegotiations(con)) + { + in_init=1; + tty_on=0; + } + else + { + tty_on=1; + if (in_init) + { + in_init=0; + print_stuff(bio_c_out,con,full_log); + if (full_log > 0) full_log--; + + if (reconnect) + { + reconnect--; + BIO_printf(bio_c_out,"drop connection and then reconnect\n"); + SSL_shutdown(con); + SSL_set_connect_state(con); + SHUTDOWN(SSL_get_fd(con)); + goto re_start; + } + } + } + + ssl_pending = read_ssl && SSL_pending(con); + + if (!ssl_pending) + { +#ifndef WINDOWS + if (tty_on) + { + if (read_tty) FD_SET(fileno(stdin),&readfds); + if (write_tty) FD_SET(fileno(stdout),&writefds); + } +#endif + if (read_ssl) + FD_SET(SSL_get_fd(con),&readfds); + if (write_ssl) + FD_SET(SSL_get_fd(con),&writefds); + +/* printf("mode tty(%d %d%d) ssl(%d%d)\n", + tty_on,read_tty,write_tty,read_ssl,write_ssl);*/ + + /* Note: under VMS with SOCKETSHR the second parameter + * is currently of type (int *) whereas under other + * systems it is (void *) if you don't have a cast it + * will choke the compiler: if you do have a cast then + * you can either go for (int *) or (void *). + */ + i=select(width,(void *)&readfds,(void *)&writefds, + NULL,NULL); + if ( i < 0) + { + BIO_printf(bio_err,"bad select %d\n", + get_last_socket_error()); + goto shut; + /* goto end; */ + } + } + + if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds)) + { + k=SSL_write(con,&(cbuf[cbuf_off]), + (unsigned int)cbuf_len); + switch (SSL_get_error(con,k)) + { + case SSL_ERROR_NONE: + cbuf_off+=k; + cbuf_len-=k; + if (k <= 0) goto end; + /* we have done a write(con,NULL,0); */ + if (cbuf_len <= 0) + { + read_tty=1; + write_ssl=0; + } + else /* if (cbuf_len > 0) */ + { + read_tty=0; + write_ssl=1; + } + break; + case SSL_ERROR_WANT_WRITE: + BIO_printf(bio_c_out,"write W BLOCK\n"); + write_ssl=1; + read_tty=0; + break; + case SSL_ERROR_WANT_READ: + BIO_printf(bio_c_out,"write R BLOCK\n"); + write_tty=0; + read_ssl=1; + write_ssl=0; + break; + case SSL_ERROR_WANT_X509_LOOKUP: + BIO_printf(bio_c_out,"write X BLOCK\n"); + break; + case SSL_ERROR_ZERO_RETURN: + if (cbuf_len != 0) + { + BIO_printf(bio_c_out,"shutdown\n"); + goto shut; + } + else + { + read_tty=1; + write_ssl=0; + break; + } + + case SSL_ERROR_SYSCALL: + if ((k != 0) || (cbuf_len != 0)) + { + BIO_printf(bio_err,"write:errno=%d\n", + get_last_socket_error()); + goto shut; + } + else + { + read_tty=1; + write_ssl=0; + } + break; + case SSL_ERROR_SSL: + ERR_print_errors(bio_err); + goto shut; + } + } +#ifndef WINDOWS + else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds)) + { +#ifdef CHARSET_EBCDIC + ascii2ebcdic(&(sbuf[sbuf_off]),&(sbuf[sbuf_off]),sbuf_len); +#endif + i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len); + + if (i <= 0) + { + BIO_printf(bio_c_out,"DONE\n"); + goto shut; + /* goto end; */ + } + + sbuf_len-=i;; + sbuf_off+=i; + if (sbuf_len <= 0) + { + read_ssl=1; + write_tty=0; + } + } +#endif + else if (ssl_pending || FD_ISSET(SSL_get_fd(con),&readfds)) + { +#ifdef RENEG +{ static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } } +#endif +#if 1 + k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ ); +#else +/* Demo for pending and peek :-) */ + k=SSL_read(con,sbuf,16); +{ char zbuf[10240]; +printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240)); +} +#endif + + switch (SSL_get_error(con,k)) + { + case SSL_ERROR_NONE: + if (k <= 0) + goto end; + sbuf_off=0; + sbuf_len=k; + + read_ssl=0; + write_tty=1; + break; + case SSL_ERROR_WANT_WRITE: + BIO_printf(bio_c_out,"read W BLOCK\n"); + write_ssl=1; + read_tty=0; + break; + case SSL_ERROR_WANT_READ: + BIO_printf(bio_c_out,"read R BLOCK\n"); + write_tty=0; + read_ssl=1; + if ((read_tty == 0) && (write_ssl == 0)) + write_ssl=1; + break; + case SSL_ERROR_WANT_X509_LOOKUP: + BIO_printf(bio_c_out,"read X BLOCK\n"); + break; + case SSL_ERROR_SYSCALL: + BIO_printf(bio_err,"read:errno=%d\n",get_last_socket_error()); + goto shut; + case SSL_ERROR_ZERO_RETURN: + BIO_printf(bio_c_out,"closed\n"); + goto shut; + case SSL_ERROR_SSL: + ERR_print_errors(bio_err); + goto shut; + /* break; */ + } + } + +#ifndef WINDOWS + else if (FD_ISSET(fileno(stdin),&readfds)) + { +#ifdef APPS_CRLF + if (crlf) + { + int j, lf_num; + + i=read(fileno(stdin),cbuf,BUFSIZZ/2); + lf_num = 0; + /* both loops are skipped when i <= 0 */ + for (j = 0; j < i; j++) + if (cbuf[j] == '\n') + lf_num++; + for (j = i-1; j >= 0; j--) + { + cbuf[j+lf_num] = cbuf[j]; + if (cbuf[j] == '\n') + { + lf_num--; + i++; + cbuf[j+lf_num] = '\r'; + } + } + assert(lf_num == 0); + } + else +#endif + i=read(fileno(stdin),cbuf,BUFSIZZ); + + if ((!c_quiet) && ((i <= 0) || (cbuf[0] == 'Q'))) + { + BIO_printf(bio_err,"DONE\n"); + goto shut; + } + + if ((!c_quiet) && (cbuf[0] == 'R')) + { + BIO_printf(bio_err,"RENEGOTIATING\n"); + SSL_renegotiate(con); + cbuf_len=0; + } + else + { + cbuf_len=i; + cbuf_off=0; +#ifdef CHARSET_EBCDIC + ebcdic2ascii(cbuf, cbuf, i); +#endif + } + + write_ssl=1; + read_tty=0; + } +#endif + } +shut: + SSL_shutdown(con); + SHUTDOWN(SSL_get_fd(con)); + ret=0; +end: + if (con != NULL) SSL_free(con); + if (con2 != NULL) SSL_free(con2); + if (ctx != NULL) SSL_CTX_free(ctx); + if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); Free(cbuf); } + if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); Free(sbuf); } + if (bio_c_out != NULL) + { + BIO_free(bio_c_out); + bio_c_out=NULL; + } + EXIT(ret); + } + + +static void print_stuff(BIO *bio, SSL *s, int full) + { + X509 *peer=NULL; + char *p; + static char *space=" "; + char buf[BUFSIZ]; + STACK_OF(X509) *sk; + STACK_OF(X509_NAME) *sk2; + SSL_CIPHER *c; + X509_NAME *xn; + int j,i; + + if (full) + { + int got_a_chain = 0; + + sk=SSL_get_peer_cert_chain(s); + if (sk != NULL) + { + got_a_chain = 1; /* we don't have it for SSL2 (yet) */ + + BIO_printf(bio,"---\nCertificate chain\n"); + for (i=0; i<sk_X509_num(sk); i++) + { + X509_NAME_oneline(X509_get_subject_name( + sk_X509_value(sk,i)),buf,BUFSIZ); + BIO_printf(bio,"%2d s:%s\n",i,buf); + X509_NAME_oneline(X509_get_issuer_name( + sk_X509_value(sk,i)),buf,BUFSIZ); + BIO_printf(bio," i:%s\n",buf); + if (c_showcerts) + PEM_write_bio_X509(bio,sk_X509_value(sk,i)); + } + } + + BIO_printf(bio,"---\n"); + peer=SSL_get_peer_certificate(s); + if (peer != NULL) + { + BIO_printf(bio,"Server certificate\n"); + if (!(c_showcerts && got_a_chain)) /* Redundant if we showed the whole chain */ + PEM_write_bio_X509(bio,peer); + X509_NAME_oneline(X509_get_subject_name(peer), + buf,BUFSIZ); + BIO_printf(bio,"subject=%s\n",buf); + X509_NAME_oneline(X509_get_issuer_name(peer), + buf,BUFSIZ); + BIO_printf(bio,"issuer=%s\n",buf); + } + else + BIO_printf(bio,"no peer certificate available\n"); + + sk2=SSL_get_client_CA_list(s); + if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0)) + { + BIO_printf(bio,"---\nAcceptable client certificate CA names\n"); + for (i=0; i<sk_X509_NAME_num(sk2); i++) + { + xn=sk_X509_NAME_value(sk2,i); + X509_NAME_oneline(xn,buf,sizeof(buf)); + BIO_write(bio,buf,strlen(buf)); + BIO_write(bio,"\n",1); + } + } + else + { + BIO_printf(bio,"---\nNo client certificate CA names sent\n"); + } + p=SSL_get_shared_ciphers(s,buf,BUFSIZ); + if (p != NULL) + { + /* This works only for SSL 2. In later protocol + * versions, the client does not know what other + * ciphers (in addition to the one to be used + * in the current connection) the server supports. */ + + BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n"); + j=i=0; + while (*p) + { + if (*p == ':') + { + BIO_write(bio,space,15-j%25); + i++; + j=0; + BIO_write(bio,((i%3)?" ":"\n"),1); + } + else + { + BIO_write(bio,p,1); + j++; + } + p++; + } + BIO_write(bio,"\n",1); + } + + BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n", + BIO_number_read(SSL_get_rbio(s)), + BIO_number_written(SSL_get_wbio(s))); + } + BIO_printf(bio,((s->hit)?"---\nReused, ":"---\nNew, ")); + c=SSL_get_current_cipher(s); + BIO_printf(bio,"%s, Cipher is %s\n", + SSL_CIPHER_get_version(c), + SSL_CIPHER_get_name(c)); + if (peer != NULL) { + EVP_PKEY *pktmp; + pktmp = X509_get_pubkey(peer); + BIO_printf(bio,"Server public key is %d bit\n", + EVP_PKEY_bits(pktmp)); + EVP_PKEY_free(pktmp); + } + SSL_SESSION_print(bio,SSL_get_session(s)); + BIO_printf(bio,"---\n"); + if (peer != NULL) + X509_free(peer); + } + diff --git a/crypto/openssl/apps/s_server.c b/crypto/openssl/apps/s_server.c new file mode 100644 index 0000000..9a81418 --- /dev/null +++ b/crypto/openssl/apps/s_server.c @@ -0,0 +1,1464 @@ +/* apps/s_server.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifdef APPS_CRLF +# include <assert.h> +#endif +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <sys/types.h> +#include <sys/stat.h> +#ifdef NO_STDIO +#define APPS_WIN16 +#endif + +/* With IPv6, it looks like Digital has mixed up the proper order of + recursive header file inclusion, resulting in the compiler complaining + that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which + is needed to have fileno() declared correctly... So let's define u_int */ +#if defined(VMS) && defined(__DECC) && !defined(__U_INT) +#define __U_INT +typedef unsigned int u_int; +#endif + +#include <openssl/lhash.h> +#include <openssl/bn.h> +#define USE_SOCKETS +#include "apps.h" +#include <openssl/err.h> +#include <openssl/pem.h> +#include <openssl/x509.h> +#include <openssl/ssl.h> +#include "s_apps.h" + +#if (defined(VMS) && __VMS_VER < 70000000) +/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ +#undef FIONBIO +#endif + +#if defined(NO_RSA) && !defined(NO_SSL2) +#define NO_SSL2 +#endif + +#ifndef NO_RSA +static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength); +#endif +static int sv_body(char *hostname, int s, unsigned char *context); +static int www_body(char *hostname, int s, unsigned char *context); +static void close_accept_socket(void ); +static void sv_usage(void); +static int init_ssl_connection(SSL *s); +static void print_stats(BIO *bp,SSL_CTX *ctx); +#ifndef NO_DH +static DH *load_dh_param(void ); +static DH *get_dh512(void); +#endif +/* static void s_server_init(void);*/ + +#ifndef S_ISDIR +# if defined(_S_IFMT) && defined(_S_IFDIR) +# define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR) +# else +# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR) +# endif +#endif + +#ifndef NO_DH +static unsigned char dh512_p[]={ + 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75, + 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F, + 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3, + 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12, + 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C, + 0x47,0x74,0xE8,0x33, + }; +static unsigned char dh512_g[]={ + 0x02, + }; + +static DH *get_dh512(void) + { + DH *dh=NULL; + + if ((dh=DH_new()) == NULL) return(NULL); + dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL); + dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL); + if ((dh->p == NULL) || (dh->g == NULL)) + return(NULL); + return(dh); + } +#endif + +/* static int load_CA(SSL_CTX *ctx, char *file);*/ + +#undef BUFSIZZ +#define BUFSIZZ 16*1024 +static int bufsize=32; +static int accept_socket= -1; + +#define TEST_CERT "server.pem" +#undef PROG +#define PROG s_server_main + +#define DH_PARAM "server.pem" + +extern int verify_depth; + +static char *cipher=NULL; +static int s_server_verify=SSL_VERIFY_NONE; +static int s_server_session_id_context = 1; /* anything will do */ +static char *s_cert_file=TEST_CERT,*s_key_file=NULL; +static char *s_dcert_file=NULL,*s_dkey_file=NULL; +#ifdef FIONBIO +static int s_nbio=0; +#endif +static int s_nbio_test=0; +#ifdef APPS_CRLF /* won't be #ifdef'd in next release */ +int s_crlf=0; +#endif +static SSL_CTX *ctx=NULL; +static int www=0; + +static BIO *bio_s_out=NULL; +static int s_debug=0; +static int s_quiet=0; + +#if 0 +static void s_server_init(void) + { + cipher=NULL; + s_server_verify=SSL_VERIFY_NONE; + s_dcert_file=NULL; + s_dkey_file=NULL; + s_cert_file=TEST_CERT; + s_key_file=NULL; +#ifdef FIONBIO + s_nbio=0; +#endif + s_nbio_test=0; + ctx=NULL; + www=0; + + bio_s_out=NULL; + s_debug=0; + s_quiet=0; + } +#endif + +static void sv_usage(void) + { + BIO_printf(bio_err,"usage: s_server [args ...]\n"); + BIO_printf(bio_err,"\n"); + BIO_printf(bio_err," -accept arg - port to accept on (default is %d)\n",PORT); + BIO_printf(bio_err," -context arg - set session ID context\n"); + BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); + BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n"); + BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n"); + BIO_printf(bio_err," (default is %s)\n",TEST_CERT); + BIO_printf(bio_err," -key arg - RSA file to use, PEM format assumed, in cert file if\n"); + BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT); + BIO_printf(bio_err," -dcert arg - second certificate file to use (usually for DSA)\n"); + BIO_printf(bio_err," -dkey arg - second private key file to use (usually for DSA)\n"); +#ifdef FIONBIO + BIO_printf(bio_err," -nbio - Run with non-blocking IO\n"); +#endif + BIO_printf(bio_err," -nbio_test - test with the non-blocking test bio\n"); +#ifdef APPS_CRLF + BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n"); +#endif + BIO_printf(bio_err," -debug - Print more output\n"); + BIO_printf(bio_err," -state - Print the SSL states\n"); + BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); + BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); + BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n"); + BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n"); + BIO_printf(bio_err," -quiet - No server output\n"); + BIO_printf(bio_err," -no_tmp_rsa - Do not generate a tmp RSA key\n"); + BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n"); + BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n"); + BIO_printf(bio_err," -tls1 - Just talk TLSv1\n"); + BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n"); + BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n"); + BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n"); +#ifndef NO_DH + BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n"); +#endif + BIO_printf(bio_err," -bugs - Turn on SSL bug compatability\n"); + BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n"); + BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n"); + } + +static int local_argc=0; +static char **local_argv; +static int hack=0; + +#ifdef CHARSET_EBCDIC +static int ebcdic_new(BIO *bi); +static int ebcdic_free(BIO *a); +static int ebcdic_read(BIO *b, char *out, int outl); +static int ebcdic_write(BIO *b, char *in, int inl); +static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr); +static int ebcdic_gets(BIO *bp, char *buf, int size); +static int ebcdic_puts(BIO *bp, char *str); + +#define BIO_TYPE_EBCDIC_FILTER (18|0x0200) +static BIO_METHOD methods_ebcdic= + { + BIO_TYPE_EBCDIC_FILTER, + "EBCDIC/ASCII filter", + ebcdic_write, + ebcdic_read, + ebcdic_puts, + ebcdic_gets, + ebcdic_ctrl, + ebcdic_new, + ebcdic_free, + }; + +typedef struct +{ + size_t alloced; + char buff[1]; +} EBCDIC_OUTBUFF; + +BIO_METHOD *BIO_f_ebcdic_filter() +{ + return(&methods_ebcdic); +} + +static int ebcdic_new(BIO *bi) +{ + EBCDIC_OUTBUFF *wbuf; + + wbuf = (EBCDIC_OUTBUFF *)Malloc(sizeof(EBCDIC_OUTBUFF) + 1024); + wbuf->alloced = 1024; + wbuf->buff[0] = '\0'; + + bi->ptr=(char *)wbuf; + bi->init=1; + bi->flags=0; + return(1); +} + +static int ebcdic_free(BIO *a) +{ + if (a == NULL) return(0); + if (a->ptr != NULL) + Free(a->ptr); + a->ptr=NULL; + a->init=0; + a->flags=0; + return(1); +} + +static int ebcdic_read(BIO *b, char *out, int outl) +{ + int ret=0; + + if (out == NULL || outl == 0) return(0); + if (b->next_bio == NULL) return(0); + + ret=BIO_read(b->next_bio,out,outl); + if (ret > 0) + ascii2ebcdic(out,out,ret); + return(ret); +} + +static int ebcdic_write(BIO *b, char *in, int inl) +{ + EBCDIC_OUTBUFF *wbuf; + int ret=0; + int num; + unsigned char n; + + if ((in == NULL) || (inl <= 0)) return(0); + if (b->next_bio == NULL) return(0); + + wbuf=(EBCDIC_OUTBUFF *)b->ptr; + + if (inl > (num = wbuf->alloced)) + { + num = num + num; /* double the size */ + if (num < inl) + num = inl; + Free((char*)wbuf); + wbuf=(EBCDIC_OUTBUFF *)Malloc(sizeof(EBCDIC_OUTBUFF) + num); + + wbuf->alloced = num; + wbuf->buff[0] = '\0'; + + b->ptr=(char *)wbuf; + } + + ebcdic2ascii(wbuf->buff, in, inl); + + ret=BIO_write(b->next_bio, wbuf->buff, inl); + + return(ret); +} + +static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr) +{ + long ret; + + if (b->next_bio == NULL) return(0); + switch (cmd) + { + case BIO_CTRL_DUP: + ret=0L; + break; + default: + ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + break; + } + return(ret); +} + +static int ebcdic_gets(BIO *bp, char *buf, int size) +{ + int i, ret; + if (bp->next_bio == NULL) return(0); +/* return(BIO_gets(bp->next_bio,buf,size));*/ + for (i=0; i<size-1; ++i) + { + ret = ebcdic_read(bp,&buf[i],1); + if (ret <= 0) + break; + else if (buf[i] == '\n') + { + ++i; + break; + } + } + if (i < size) + buf[i] = '\0'; + return (ret < 0 && i == 0) ? ret : i; +} + +static int ebcdic_puts(BIO *bp, char *str) +{ + if (bp->next_bio == NULL) return(0); + return ebcdic_write(bp, str, strlen(str)); +} +#endif + +int MAIN(int argc, char *argv[]) + { + short port=PORT; + char *CApath=NULL,*CAfile=NULL; + char *context = NULL; + int badop=0,bugs=0; + int ret=1; + int off=0; + int no_tmp_rsa=0,no_dhe=0,nocert=0; + int state=0; + SSL_METHOD *meth=NULL; +#ifndef NO_DH + DH *dh=NULL; +#endif + +#if !defined(NO_SSL2) && !defined(NO_SSL3) + meth=SSLv23_server_method(); +#elif !defined(NO_SSL3) + meth=SSLv3_server_method(); +#elif !defined(NO_SSL2) + meth=SSLv2_server_method(); +#endif + + local_argc=argc; + local_argv=argv; + + apps_startup(); + s_quiet=0; + s_debug=0; + + if (bio_err == NULL) + bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); + + verify_depth=0; +#ifdef FIONBIO + s_nbio=0; +#endif + s_nbio_test=0; + + argc--; + argv++; + + while (argc >= 1) + { + if ((strcmp(*argv,"-port") == 0) || + (strcmp(*argv,"-accept") == 0)) + { + if (--argc < 1) goto bad; + if (!extract_port(*(++argv),&port)) + goto bad; + } + else if (strcmp(*argv,"-verify") == 0) + { + s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE; + if (--argc < 1) goto bad; + verify_depth=atoi(*(++argv)); + BIO_printf(bio_err,"verify depth is %d\n",verify_depth); + } + else if (strcmp(*argv,"-Verify") == 0) + { + s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT| + SSL_VERIFY_CLIENT_ONCE; + if (--argc < 1) goto bad; + verify_depth=atoi(*(++argv)); + BIO_printf(bio_err,"verify depth is %d, must return a certificate\n",verify_depth); + } + else if (strcmp(*argv,"-context") == 0) + { + if (--argc < 1) goto bad; + context= *(++argv); + } + else if (strcmp(*argv,"-cert") == 0) + { + if (--argc < 1) goto bad; + s_cert_file= *(++argv); + } + else if (strcmp(*argv,"-key") == 0) + { + if (--argc < 1) goto bad; + s_key_file= *(++argv); + } + else if (strcmp(*argv,"-dcert") == 0) + { + if (--argc < 1) goto bad; + s_dcert_file= *(++argv); + } + else if (strcmp(*argv,"-dkey") == 0) + { + if (--argc < 1) goto bad; + s_dkey_file= *(++argv); + } + else if (strcmp(*argv,"-nocert") == 0) + { + nocert=1; + } + else if (strcmp(*argv,"-CApath") == 0) + { + if (--argc < 1) goto bad; + CApath= *(++argv); + } + else if (strcmp(*argv,"-cipher") == 0) + { + if (--argc < 1) goto bad; + cipher= *(++argv); + } + else if (strcmp(*argv,"-CAfile") == 0) + { + if (--argc < 1) goto bad; + CAfile= *(++argv); + } +#ifdef FIONBIO + else if (strcmp(*argv,"-nbio") == 0) + { s_nbio=1; } +#endif + else if (strcmp(*argv,"-nbio_test") == 0) + { +#ifdef FIONBIO + s_nbio=1; +#endif + s_nbio_test=1; + } + else if (strcmp(*argv,"-debug") == 0) + { s_debug=1; } + else if (strcmp(*argv,"-hack") == 0) + { hack=1; } + else if (strcmp(*argv,"-state") == 0) + { state=1; } +#ifdef APPS_CRLF + else if (strcmp(*argv,"-crlf") == 0) + { s_crlf=1; } +#endif + else if (strcmp(*argv,"-quiet") == 0) + { s_quiet=1; } + else if (strcmp(*argv,"-bugs") == 0) + { bugs=1; } + else if (strcmp(*argv,"-no_tmp_rsa") == 0) + { no_tmp_rsa=1; } + else if (strcmp(*argv,"-no_dhe") == 0) + { no_dhe=1; } + else if (strcmp(*argv,"-www") == 0) + { www=1; } + else if (strcmp(*argv,"-WWW") == 0) + { www=2; } + else if (strcmp(*argv,"-no_ssl2") == 0) + { off|=SSL_OP_NO_SSLv2; } + else if (strcmp(*argv,"-no_ssl3") == 0) + { off|=SSL_OP_NO_SSLv3; } + else if (strcmp(*argv,"-no_tls1") == 0) + { off|=SSL_OP_NO_TLSv1; } +#ifndef NO_SSL2 + else if (strcmp(*argv,"-ssl2") == 0) + { meth=SSLv2_server_method(); } +#endif +#ifndef NO_SSL3 + else if (strcmp(*argv,"-ssl3") == 0) + { meth=SSLv3_server_method(); } +#endif +#ifndef NO_TLS1 + else if (strcmp(*argv,"-tls1") == 0) + { meth=TLSv1_server_method(); } +#endif + else + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badop=1; + break; + } + argc--; + argv++; + } + if (badop) + { +bad: + sv_usage(); + goto end; + } + + if (bio_s_out == NULL) + { + if (s_quiet && !s_debug) + { + bio_s_out=BIO_new(BIO_s_null()); + } + else + { + if (bio_s_out == NULL) + bio_s_out=BIO_new_fp(stdout,BIO_NOCLOSE); + } + } + +#if !defined(NO_RSA) || !defined(NO_DSA) + if (nocert) +#endif + { + s_cert_file=NULL; + s_key_file=NULL; + s_dcert_file=NULL; + s_dkey_file=NULL; + } + + SSL_load_error_strings(); + SSLeay_add_ssl_algorithms(); + + ctx=SSL_CTX_new(meth); + if (ctx == NULL) + { + ERR_print_errors(bio_err); + goto end; + } + + SSL_CTX_set_quiet_shutdown(ctx,1); + if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL); + if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); + SSL_CTX_set_options(ctx,off); + if (hack) SSL_CTX_set_options(ctx,SSL_OP_NON_EXPORT_FIRST); + + if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); + + SSL_CTX_sess_set_cache_size(ctx,128); + +#if 0 + if (cipher == NULL) cipher=getenv("SSL_CIPHER"); +#endif + +#if 0 + if (s_cert_file == NULL) + { + BIO_printf(bio_err,"You must specify a certificate file for the server to use\n"); + goto end; + } +#endif + + if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || + (!SSL_CTX_set_default_verify_paths(ctx))) + { + /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */ + ERR_print_errors(bio_err); + /* goto end; */ + } + +#ifndef NO_DH + if (!no_dhe) + { + /* EAY EAY EAY evil hack */ + dh=load_dh_param(); + if (dh != NULL) + { + BIO_printf(bio_s_out,"Setting temp DH parameters\n"); + } + else + { + BIO_printf(bio_s_out,"Using default temp DH parameters\n"); + dh=get_dh512(); + } + (void)BIO_flush(bio_s_out); + + SSL_CTX_set_tmp_dh(ctx,dh); + DH_free(dh); + } +#endif + + if (!set_cert_stuff(ctx,s_cert_file,s_key_file)) + goto end; + if (s_dcert_file != NULL) + { + if (!set_cert_stuff(ctx,s_dcert_file,s_dkey_file)) + goto end; + } + +#ifndef NO_RSA +#if 1 + SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb); +#else + if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx)) + { + RSA *rsa; + + BIO_printf(bio_s_out,"Generating temp (512 bit) RSA key..."); + BIO_flush(bio_s_out); + + rsa=RSA_generate_key(512,RSA_F4,NULL); + + if (!SSL_CTX_set_tmp_rsa(ctx,rsa)) + { + ERR_print_errors(bio_err); + goto end; + } + RSA_free(rsa); + BIO_printf(bio_s_out,"\n"); + } +#endif +#endif + + if (cipher != NULL) + SSL_CTX_set_cipher_list(ctx,cipher); + SSL_CTX_set_verify(ctx,s_server_verify,verify_callback); + SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context, + sizeof s_server_session_id_context); + + SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile)); + + BIO_printf(bio_s_out,"ACCEPT\n"); + if (www) + do_server(port,&accept_socket,www_body, context); + else + do_server(port,&accept_socket,sv_body, context); + print_stats(bio_s_out,ctx); + ret=0; +end: + if (ctx != NULL) SSL_CTX_free(ctx); + if (bio_s_out != NULL) + { + BIO_free(bio_s_out); + bio_s_out=NULL; + } + EXIT(ret); + } + +static void print_stats(BIO *bio, SSL_CTX *ssl_ctx) + { + BIO_printf(bio,"%4ld items in the session cache\n", + SSL_CTX_sess_number(ssl_ctx)); + BIO_printf(bio,"%4d client connects (SSL_connect())\n", + SSL_CTX_sess_connect(ssl_ctx)); + BIO_printf(bio,"%4d client renegotiates (SSL_connect())\n", + SSL_CTX_sess_connect_renegotiate(ssl_ctx)); + BIO_printf(bio,"%4d client connects that finished\n", + SSL_CTX_sess_connect_good(ssl_ctx)); + BIO_printf(bio,"%4d server accepts (SSL_accept())\n", + SSL_CTX_sess_accept(ssl_ctx)); + BIO_printf(bio,"%4d server renegotiates (SSL_accept())\n", + SSL_CTX_sess_accept_renegotiate(ssl_ctx)); + BIO_printf(bio,"%4d server accepts that finished\n", + SSL_CTX_sess_accept_good(ssl_ctx)); + BIO_printf(bio,"%4d session cache hits\n",SSL_CTX_sess_hits(ssl_ctx)); + BIO_printf(bio,"%4d session cache misses\n",SSL_CTX_sess_misses(ssl_ctx)); + BIO_printf(bio,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx)); + BIO_printf(bio,"%4d callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx)); + BIO_printf(bio,"%4d cache full overflows (%d allowed)\n", + SSL_CTX_sess_cache_full(ssl_ctx), + SSL_CTX_sess_get_cache_size(ssl_ctx)); + } + +static int sv_body(char *hostname, int s, unsigned char *context) + { + char *buf=NULL; + fd_set readfds; + int ret=1,width; + int k,i; + unsigned long l; + SSL *con=NULL; + BIO *sbio; + + if ((buf=Malloc(bufsize)) == NULL) + { + BIO_printf(bio_err,"out of memory\n"); + goto err; + } +#ifdef FIONBIO + if (s_nbio) + { + unsigned long sl=1; + + if (!s_quiet) + BIO_printf(bio_err,"turning on non blocking io\n"); + if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0) + ERR_print_errors(bio_err); + } +#endif + + if (con == NULL) { + con=(SSL *)SSL_new(ctx); + if(context) + SSL_set_session_id_context(con, context, + strlen((char *)context)); + } + SSL_clear(con); + + sbio=BIO_new_socket(s,BIO_NOCLOSE); + if (s_nbio_test) + { + BIO *test; + + test=BIO_new(BIO_f_nbio_test()); + sbio=BIO_push(test,sbio); + } + SSL_set_bio(con,sbio,sbio); + SSL_set_accept_state(con); + /* SSL_set_fd(con,s); */ + + if (s_debug) + { + con->debug=1; + BIO_set_callback(SSL_get_rbio(con),bio_dump_cb); + BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out); + } + + width=s+1; + for (;;) + { + FD_ZERO(&readfds); +#ifndef WINDOWS + FD_SET(fileno(stdin),&readfds); +#endif + FD_SET(s,&readfds); + /* Note: under VMS with SOCKETSHR the second parameter is + * currently of type (int *) whereas under other systems + * it is (void *) if you don't have a cast it will choke + * the compiler: if you do have a cast then you can either + * go for (int *) or (void *). + */ + i=select(width,(void *)&readfds,NULL,NULL,NULL); + if (i <= 0) continue; + if (FD_ISSET(fileno(stdin),&readfds)) + { +#ifdef APPS_CRLF + if (s_crlf) + { + int j, lf_num; + + i=read(fileno(stdin), buf, bufsize/2); + lf_num = 0; + /* both loops are skipped when i <= 0 */ + for (j = 0; j < i; j++) + if (buf[j] == '\n') + lf_num++; + for (j = i-1; j >= 0; j--) + { + buf[j+lf_num] = buf[j]; + if (buf[j] == '\n') + { + lf_num--; + i++; + buf[j+lf_num] = '\r'; + } + } + assert(lf_num == 0); + } + else +#endif + i=read(fileno(stdin),buf,bufsize); + if (!s_quiet) + { + if ((i <= 0) || (buf[0] == 'Q')) + { + BIO_printf(bio_s_out,"DONE\n"); + SHUTDOWN(s); + close_accept_socket(); + ret= -11; + goto err; + } + if ((i <= 0) || (buf[0] == 'q')) + { + BIO_printf(bio_s_out,"DONE\n"); + SHUTDOWN(s); + /* close_accept_socket(); + ret= -11;*/ + goto err; + } + if ((buf[0] == 'r') && + ((buf[1] == '\n') || (buf[1] == '\r'))) + { + SSL_renegotiate(con); + i=SSL_do_handshake(con); + printf("SSL_do_handshake -> %d\n",i); + i=0; /*13; */ + continue; + /* strcpy(buf,"server side RE-NEGOTIATE\n"); */ + } + if ((buf[0] == 'R') && + ((buf[1] == '\n') || (buf[1] == '\r'))) + { + SSL_set_verify(con, + SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL); + SSL_renegotiate(con); + i=SSL_do_handshake(con); + printf("SSL_do_handshake -> %d\n",i); + i=0; /* 13; */ + continue; + /* strcpy(buf,"server side RE-NEGOTIATE asking for client cert\n"); */ + } + if (buf[0] == 'P') + { + static char *str="Lets print some clear text\n"; + BIO_write(SSL_get_wbio(con),str,strlen(str)); + } + if (buf[0] == 'S') + { + print_stats(bio_s_out,SSL_get_SSL_CTX(con)); + } + } +#ifdef CHARSET_EBCDIC + ebcdic2ascii(buf,buf,i); +#endif + l=k=0; + for (;;) + { + /* should do a select for the write */ +#ifdef RENEG +{ static count=0; if (++count == 100) { count=0; SSL_renegotiate(con); } } +#endif + k=SSL_write(con,&(buf[l]),(unsigned int)i); + switch (SSL_get_error(con,k)) + { + case SSL_ERROR_NONE: + break; + case SSL_ERROR_WANT_WRITE: + case SSL_ERROR_WANT_READ: + case SSL_ERROR_WANT_X509_LOOKUP: + BIO_printf(bio_s_out,"Write BLOCK\n"); + break; + case SSL_ERROR_SYSCALL: + case SSL_ERROR_SSL: + BIO_printf(bio_s_out,"ERROR\n"); + ERR_print_errors(bio_err); + ret=1; + goto err; + /* break; */ + case SSL_ERROR_ZERO_RETURN: + BIO_printf(bio_s_out,"DONE\n"); + ret=1; + goto err; + } + l+=k; + i-=k; + if (i <= 0) break; + } + } + if (FD_ISSET(s,&readfds)) + { + if (!SSL_is_init_finished(con)) + { + i=init_ssl_connection(con); + + if (i < 0) + { + ret=0; + goto err; + } + else if (i == 0) + { + ret=1; + goto err; + } + } + else + { +again: + i=SSL_read(con,(char *)buf,bufsize); + switch (SSL_get_error(con,i)) + { + case SSL_ERROR_NONE: +#ifdef CHARSET_EBCDIC + ascii2ebcdic(buf,buf,i); +#endif + write(fileno(stdout),buf, + (unsigned int)i); + if (SSL_pending(con)) goto again; + break; + case SSL_ERROR_WANT_WRITE: + case SSL_ERROR_WANT_READ: + case SSL_ERROR_WANT_X509_LOOKUP: + BIO_printf(bio_s_out,"Read BLOCK\n"); + break; + case SSL_ERROR_SYSCALL: + case SSL_ERROR_SSL: + BIO_printf(bio_s_out,"ERROR\n"); + ERR_print_errors(bio_err); + ret=1; + goto err; + case SSL_ERROR_ZERO_RETURN: + BIO_printf(bio_s_out,"DONE\n"); + ret=1; + goto err; + } + } + } + } +err: + BIO_printf(bio_s_out,"shutting down SSL\n"); +#if 1 + SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); +#else + SSL_shutdown(con); +#endif + if (con != NULL) SSL_free(con); + BIO_printf(bio_s_out,"CONNECTION CLOSED\n"); + if (buf != NULL) + { + memset(buf,0,bufsize); + Free(buf); + } + if (ret >= 0) + BIO_printf(bio_s_out,"ACCEPT\n"); + return(ret); + } + +static void close_accept_socket(void) + { + BIO_printf(bio_err,"shutdown accept socket\n"); + if (accept_socket >= 0) + { + SHUTDOWN2(accept_socket); + } + } + +static int init_ssl_connection(SSL *con) + { + int i; + const char *str; + X509 *peer; + long verify_error; + MS_STATIC char buf[BUFSIZ]; + + if ((i=SSL_accept(con)) <= 0) + { + if (BIO_sock_should_retry(i)) + { + BIO_printf(bio_s_out,"DELAY\n"); + return(1); + } + + BIO_printf(bio_err,"ERROR\n"); + verify_error=SSL_get_verify_result(con); + if (verify_error != X509_V_OK) + { + BIO_printf(bio_err,"verify error:%s\n", + X509_verify_cert_error_string(verify_error)); + } + else + ERR_print_errors(bio_err); + return(0); + } + + PEM_write_bio_SSL_SESSION(bio_s_out,SSL_get_session(con)); + + peer=SSL_get_peer_certificate(con); + if (peer != NULL) + { + BIO_printf(bio_s_out,"Client certificate\n"); + PEM_write_bio_X509(bio_s_out,peer); + X509_NAME_oneline(X509_get_subject_name(peer),buf,BUFSIZ); + BIO_printf(bio_s_out,"subject=%s\n",buf); + X509_NAME_oneline(X509_get_issuer_name(peer),buf,BUFSIZ); + BIO_printf(bio_s_out,"issuer=%s\n",buf); + X509_free(peer); + } + + if (SSL_get_shared_ciphers(con,buf,BUFSIZ) != NULL) + BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf); + str=SSL_CIPHER_get_name(SSL_get_current_cipher(con)); + BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)"); + if (con->hit) BIO_printf(bio_s_out,"Reused session-id\n"); + if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) & + TLS1_FLAGS_TLS_PADDING_BUG) + BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n"); + + return(1); + } + +#ifndef NO_DH +static DH *load_dh_param(void) + { + DH *ret=NULL; + BIO *bio; + + if ((bio=BIO_new_file(DH_PARAM,"r")) == NULL) + goto err; + ret=PEM_read_bio_DHparams(bio,NULL,NULL,NULL); +err: + if (bio != NULL) BIO_free(bio); + return(ret); + } +#endif + +#if 0 +static int load_CA(SSL_CTX *ctx, char *file) + { + FILE *in; + X509 *x=NULL; + + if ((in=fopen(file,"r")) == NULL) + return(0); + + for (;;) + { + if (PEM_read_X509(in,&x,NULL) == NULL) + break; + SSL_CTX_add_client_CA(ctx,x); + } + if (x != NULL) X509_free(x); + fclose(in); + return(1); + } +#endif + +static int www_body(char *hostname, int s, unsigned char *context) + { + char *buf=NULL; + int ret=1; + int i,j,k,blank,dot; + struct stat st_buf; + SSL *con; + SSL_CIPHER *c; + BIO *io,*ssl_bio,*sbio; + long total_bytes; + + buf=Malloc(bufsize); + if (buf == NULL) return(0); + io=BIO_new(BIO_f_buffer()); + ssl_bio=BIO_new(BIO_f_ssl()); + if ((io == NULL) || (ssl_bio == NULL)) goto err; + +#ifdef FIONBIO + if (s_nbio) + { + unsigned long sl=1; + + if (!s_quiet) + BIO_printf(bio_err,"turning on non blocking io\n"); + if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0) + ERR_print_errors(bio_err); + } +#endif + + /* lets make the output buffer a reasonable size */ + if (!BIO_set_write_buffer_size(io,bufsize)) goto err; + + if ((con=(SSL *)SSL_new(ctx)) == NULL) goto err; + if(context) SSL_set_session_id_context(con, context, + strlen((char *)context)); + + sbio=BIO_new_socket(s,BIO_NOCLOSE); + if (s_nbio_test) + { + BIO *test; + + test=BIO_new(BIO_f_nbio_test()); + sbio=BIO_push(test,sbio); + } + SSL_set_bio(con,sbio,sbio); + SSL_set_accept_state(con); + + /* SSL_set_fd(con,s); */ + BIO_set_ssl(ssl_bio,con,BIO_CLOSE); + BIO_push(io,ssl_bio); +#ifdef CHARSET_EBCDIC + io = BIO_push(BIO_new(BIO_f_ebcdic_filter()),io); +#endif + + if (s_debug) + { + con->debug=1; + BIO_set_callback(SSL_get_rbio(con),bio_dump_cb); + BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out); + } + + blank=0; + for (;;) + { + if (hack) + { + i=SSL_accept(con); + + switch (SSL_get_error(con,i)) + { + case SSL_ERROR_NONE: + break; + case SSL_ERROR_WANT_WRITE: + case SSL_ERROR_WANT_READ: + case SSL_ERROR_WANT_X509_LOOKUP: + continue; + case SSL_ERROR_SYSCALL: + case SSL_ERROR_SSL: + case SSL_ERROR_ZERO_RETURN: + ret=1; + goto err; + /* break; */ + } + + SSL_renegotiate(con); + SSL_write(con,NULL,0); + } + + i=BIO_gets(io,buf,bufsize-1); + if (i < 0) /* error */ + { + if (!BIO_should_retry(io)) + { + if (!s_quiet) + ERR_print_errors(bio_err); + goto err; + } + else + { + BIO_printf(bio_s_out,"read R BLOCK\n"); +#ifndef MSDOS + sleep(1); +#endif + continue; + } + } + else if (i == 0) /* end of input */ + { + ret=1; + goto end; + } + + /* else we have data */ + if ( ((www == 1) && (strncmp("GET ",buf,4) == 0)) || + ((www == 2) && (strncmp("GET /stats ",buf,10) == 0))) + { + char *p; + X509 *peer; + STACK_OF(SSL_CIPHER) *sk; + static char *space=" "; + + BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); + BIO_puts(io,"<HTML><BODY BGCOLOR=\"#ffffff\">\n"); + BIO_puts(io,"<pre>\n"); +/* BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/ + BIO_puts(io,"\n"); + for (i=0; i<local_argc; i++) + { + BIO_puts(io,local_argv[i]); + BIO_write(io," ",1); + } + BIO_puts(io,"\n"); + + /* The following is evil and should not really + * be done */ + BIO_printf(io,"Ciphers supported in s_server binary\n"); + sk=SSL_get_ciphers(con); + j=sk_SSL_CIPHER_num(sk); + for (i=0; i<j; i++) + { + c=sk_SSL_CIPHER_value(sk,i); + BIO_printf(io,"%-11s:%-25s", + SSL_CIPHER_get_version(c), + SSL_CIPHER_get_name(c)); + if ((((i+1)%2) == 0) && (i+1 != j)) + BIO_puts(io,"\n"); + } + BIO_puts(io,"\n"); + p=SSL_get_shared_ciphers(con,buf,bufsize); + if (p != NULL) + { + BIO_printf(io,"---\nCiphers common between both SSL end points:\n"); + j=i=0; + while (*p) + { + if (*p == ':') + { + BIO_write(io,space,26-j); + i++; + j=0; + BIO_write(io,((i%3)?" ":"\n"),1); + } + else + { + BIO_write(io,p,1); + j++; + } + p++; + } + BIO_puts(io,"\n"); + } + BIO_printf(io,((con->hit) + ?"---\nReused, " + :"---\nNew, ")); + c=SSL_get_current_cipher(con); + BIO_printf(io,"%s, Cipher is %s\n", + SSL_CIPHER_get_version(c), + SSL_CIPHER_get_name(c)); + SSL_SESSION_print(io,SSL_get_session(con)); + BIO_printf(io,"---\n"); + print_stats(io,SSL_get_SSL_CTX(con)); + BIO_printf(io,"---\n"); + peer=SSL_get_peer_certificate(con); + if (peer != NULL) + { + BIO_printf(io,"Client certificate\n"); + X509_print(io,peer); + PEM_write_bio_X509(io,peer); + } + else + BIO_puts(io,"no client certificate available\n"); + BIO_puts(io,"</BODY></HTML>\r\n\r\n"); + break; + } + else if ((www == 2) && (strncmp("GET /",buf,5) == 0)) + { + BIO *file; + char *p,*e; + static char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"; + + /* skip the '/' */ + p= &(buf[5]); + dot=0; + for (e=p; *e != '\0'; e++) + { + if (e[0] == ' ') break; + if ( (e[0] == '.') && + (strncmp(&(e[-1]),"/../",4) == 0)) + dot=1; + } + + + if (*e == '\0') + { + BIO_puts(io,text); + BIO_printf(io,"'%s' is an invalid file name\r\n",p); + break; + } + *e='\0'; + + if (dot) + { + BIO_puts(io,text); + BIO_printf(io,"'%s' contains '..' reference\r\n",p); + break; + } + + if (*p == '/') + { + BIO_puts(io,text); + BIO_printf(io,"'%s' is an invalid path\r\n",p); + break; + } + + /* append if a directory lookup */ + if (e[-1] == '/') + strcat(p,"index.html"); + + /* if a directory, do the index thang */ + if (stat(p,&st_buf) < 0) + { + BIO_puts(io,text); + BIO_printf(io,"Error accessing '%s'\r\n",p); + ERR_print_errors(io); + break; + } + if (S_ISDIR(st_buf.st_mode)) + { + strcat(p,"/index.html"); + } + + if ((file=BIO_new_file(p,"r")) == NULL) + { + BIO_puts(io,text); + BIO_printf(io,"Error opening '%s'\r\n",p); + ERR_print_errors(io); + break; + } + + if (!s_quiet) + BIO_printf(bio_err,"FILE:%s\n",p); + + i=strlen(p); + if ( ((i > 5) && (strcmp(&(p[i-5]),".html") == 0)) || + ((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) || + ((i > 4) && (strcmp(&(p[i-4]),".htm") == 0))) + BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); + else + BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"); + /* send the file */ + total_bytes=0; + for (;;) + { + i=BIO_read(file,buf,bufsize); + if (i <= 0) break; + +#ifdef RENEG + total_bytes+=i; + fprintf(stderr,"%d\n",i); + if (total_bytes > 3*1024) + { + total_bytes=0; + fprintf(stderr,"RENEGOTIATE\n"); + SSL_renegotiate(con); + } +#endif + + for (j=0; j<i; ) + { +#ifdef RENEG +{ static count=0; if (++count == 13) { SSL_renegotiate(con); } } +#endif + k=BIO_write(io,&(buf[j]),i-j); + if (k <= 0) + { + if (!BIO_should_retry(io)) + goto write_error; + else + { + BIO_printf(bio_s_out,"rwrite W BLOCK\n"); + } + } + else + { + j+=k; + } + } + } +write_error: + BIO_free(file); + break; + } + } + + for (;;) + { + i=(int)BIO_flush(io); + if (i <= 0) + { + if (!BIO_should_retry(io)) + break; + } + else + break; + } +end: +#if 1 + /* make sure we re-use sessions */ + SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); +#else + /* This kills performace */ +/* SSL_shutdown(con); A shutdown gets sent in the + * BIO_free_all(io) procession */ +#endif + +err: + + if (ret >= 0) + BIO_printf(bio_s_out,"ACCEPT\n"); + + if (buf != NULL) Free(buf); + if (io != NULL) BIO_free_all(io); +/* if (ssl_bio != NULL) BIO_free(ssl_bio);*/ + return(ret); + } + +#ifndef NO_RSA +static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength) + { + static RSA *rsa_tmp=NULL; + + if (rsa_tmp == NULL) + { + if (!s_quiet) + { + BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength); + (void)BIO_flush(bio_err); + } + rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL); + if (!s_quiet) + { + BIO_printf(bio_err,"\n"); + (void)BIO_flush(bio_err); + } + } + return(rsa_tmp); + } +#endif diff --git a/crypto/openssl/apps/s_socket.c b/crypto/openssl/apps/s_socket.c new file mode 100644 index 0000000..888b66d --- /dev/null +++ b/crypto/openssl/apps/s_socket.c @@ -0,0 +1,674 @@ +/* apps/s_socket.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <errno.h> +#include <signal.h> + +/* With IPv6, it looks like Digital has mixed up the proper order of + recursive header file inclusion, resulting in the compiler complaining + that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which + is needed to have fileno() declared correctly... So let's define u_int */ +#if defined(VMS) && defined(__DECC) && !defined(__U_INT) +#define __U_INT +typedef unsigned int u_int; +#endif + +#define USE_SOCKETS +#define NON_MAIN +#include "apps.h" +#undef USE_SOCKETS +#undef NON_MAIN +#include "s_apps.h" +#include <openssl/ssl.h> + +#ifdef VMS +#if (__VMS_VER < 70000000) /* FIONBIO used as a switch to enable ioctl, + and that isn't in VMS < 7.0 */ +#undef FIONBIO +#endif +#include <processes.h> /* for vfork() */ +#endif + +static struct hostent *GetHostByName(char *name); +int sock_init(void ); +#ifdef WIN16 +#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ +#else +#define SOCKET_PROTOCOL IPPROTO_TCP +#endif + +#ifdef WINDOWS +static struct WSAData wsa_state; +static int wsa_init_done=0; + +#ifdef WIN16 +static HWND topWnd=0; +static FARPROC lpTopWndProc=NULL; +static FARPROC lpTopHookProc=NULL; +extern HINSTANCE _hInstance; /* nice global CRT provides */ + +static LONG FAR PASCAL topHookProc(HWND hwnd, UINT message, WPARAM wParam, + LPARAM lParam) + { + if (hwnd == topWnd) + { + switch(message) + { + case WM_DESTROY: + case WM_CLOSE: + SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopWndProc); + sock_cleanup(); + break; + } + } + return CallWindowProc(lpTopWndProc,hwnd,message,wParam,lParam); + } + +static BOOL CALLBACK enumproc(HWND hwnd,LPARAM lParam) + { + topWnd=hwnd; + return(FALSE); + } + +#endif /* WIN32 */ +#endif /* WINDOWS */ + +void sock_cleanup(void) + { +#ifdef WINDOWS + if (wsa_init_done) + { + wsa_init_done=0; + WSACancelBlockingCall(); + WSACleanup(); + } +#endif + } + +int sock_init(void) + { +#ifdef WINDOWS + if (!wsa_init_done) + { + int err; + +#ifdef SIGINT + signal(SIGINT,(void (*)(int))sock_cleanup); +#endif + wsa_init_done=1; + memset(&wsa_state,0,sizeof(wsa_state)); + if (WSAStartup(0x0101,&wsa_state)!=0) + { + err=WSAGetLastError(); + BIO_printf(bio_err,"unable to start WINSOCK, error code=%d\n",err); + return(0); + } + +#ifdef WIN16 + EnumTaskWindows(GetCurrentTask(),enumproc,0L); + lpTopWndProc=(FARPROC)GetWindowLong(topWnd,GWL_WNDPROC); + lpTopHookProc=MakeProcInstance((FARPROC)topHookProc,_hInstance); + + SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopHookProc); +#endif /* WIN16 */ + } +#endif /* WINDOWS */ + return(1); + } + +int init_client(int *sock, char *host, int port) + { + unsigned char ip[4]; + short p=0; + + if (!host_ip(host,&(ip[0]))) + { + return(0); + } + if (p != 0) port=p; + return(init_client_ip(sock,ip,port)); + } + +int init_client_ip(int *sock, unsigned char ip[4], int port) + { + unsigned long addr; + struct sockaddr_in them; + int s,i; + + if (!sock_init()) return(0); + + memset((char *)&them,0,sizeof(them)); + them.sin_family=AF_INET; + them.sin_port=htons((unsigned short)port); + addr=(unsigned long) + ((unsigned long)ip[0]<<24L)| + ((unsigned long)ip[1]<<16L)| + ((unsigned long)ip[2]<< 8L)| + ((unsigned long)ip[3]); + them.sin_addr.s_addr=htonl(addr); + + s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); + if (s == INVALID_SOCKET) { perror("socket"); return(0); } + + i=0; + i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i)); + if (i < 0) { perror("keepalive"); return(0); } + + if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1) + { close(s); perror("connect"); return(0); } + *sock=s; + return(1); + } + +int nbio_sock_error(int sock) + { + int j,i; + int size; + + size=sizeof(int); + /* Note: under VMS with SOCKETSHR the third parameter is currently + * of type (int *) whereas under other systems it is (void *) if + * you don't have a cast it will choke the compiler: if you do + * have a cast then you can either go for (int *) or (void *). + */ + i=getsockopt(sock,SOL_SOCKET,SO_ERROR,(char *)&j,(void *)&size); + if (i < 0) + return(1); + else + return(j); + } + +int nbio_init_client_ip(int *sock, unsigned char ip[4], int port) + { + unsigned long addr; + struct sockaddr_in them; + int s,i; + + if (!sock_init()) return(0); + + memset((char *)&them,0,sizeof(them)); + them.sin_family=AF_INET; + them.sin_port=htons((unsigned short)port); + addr= (unsigned long) + ((unsigned long)ip[0]<<24L)| + ((unsigned long)ip[1]<<16L)| + ((unsigned long)ip[2]<< 8L)| + ((unsigned long)ip[3]); + them.sin_addr.s_addr=htonl(addr); + + if (*sock <= 0) + { +#ifdef FIONBIO + unsigned long l=1; +#endif + + s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); + if (s == INVALID_SOCKET) { perror("socket"); return(0); } + + i=0; + i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i)); + if (i < 0) { perror("keepalive"); return(0); } + *sock=s; + +#ifdef FIONBIO + BIO_socket_ioctl(s,FIONBIO,&l); +#endif + } + else + s= *sock; + + i=connect(s,(struct sockaddr *)&them,sizeof(them)); + if (i == INVALID_SOCKET) + { + if (BIO_sock_should_retry(i)) + return(-1); + else + return(0); + } + else + return(1); + } + +int do_server(int port, int *ret, int (*cb)(), char *context) + { + int sock; + char *name; + int accept_socket; + int i; + + if (!init_server(&accept_socket,port)) return(0); + + if (ret != NULL) + { + *ret=accept_socket; + /* return(1);*/ + } + for (;;) + { + if (do_accept(accept_socket,&sock,&name) == 0) + { + SHUTDOWN(accept_socket); + return(0); + } + i=(*cb)(name,sock, context); + if (name != NULL) Free(name); + SHUTDOWN2(sock); + if (i < 0) + { + SHUTDOWN2(accept_socket); + return(i); + } + } + } + +int init_server_long(int *sock, int port, char *ip) + { + int ret=0; + struct sockaddr_in server; + int s= -1,i; + + if (!sock_init()) return(0); + + memset((char *)&server,0,sizeof(server)); + server.sin_family=AF_INET; + server.sin_port=htons((unsigned short)port); + if (ip == NULL) + server.sin_addr.s_addr=INADDR_ANY; + else +/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */ +#ifndef BIT_FIELD_LIMITS + memcpy(&server.sin_addr.s_addr,ip,4); +#else + memcpy(&server.sin_addr,ip,4); +#endif + s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); + + if (s == INVALID_SOCKET) goto err; +#if defined SOL_SOCKET && defined SO_REUSEADDR + { + int j = 1; + setsockopt(s, SOL_SOCKET, SO_REUSEADDR, + (void *) &j, sizeof j); + } +#endif + if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1) + { +#ifndef WINDOWS + perror("bind"); +#endif + goto err; + } + /* Make it 128 for linux */ + if (listen(s,128) == -1) goto err; + i=0; + *sock=s; + ret=1; +err: + if ((ret == 0) && (s != -1)) + { + SHUTDOWN(s); + } + return(ret); + } + +int init_server(int *sock, int port) + { + return(init_server_long(sock, port, NULL)); + } + +int do_accept(int acc_sock, int *sock, char **host) + { + int ret,i; + struct hostent *h1,*h2; + static struct sockaddr_in from; + int len; +/* struct linger ling; */ + + if (!sock_init()) return(0); + +#ifndef WINDOWS +redoit: +#endif + + memset((char *)&from,0,sizeof(from)); + len=sizeof(from); + /* Note: under VMS with SOCKETSHR the fourth parameter is currently + * of type (int *) whereas under other systems it is (void *) if + * you don't have a cast it will choke the compiler: if you do + * have a cast then you can either go for (int *) or (void *). + */ + ret=accept(acc_sock,(struct sockaddr *)&from,(void *)&len); + if (ret == INVALID_SOCKET) + { +#ifdef WINDOWS + i=WSAGetLastError(); + BIO_printf(bio_err,"accept error %d\n",i); +#else + if (errno == EINTR) + { + /*check_timeout(); */ + goto redoit; + } + fprintf(stderr,"errno=%d ",errno); + perror("accept"); +#endif + return(0); + } + +/* + ling.l_onoff=1; + ling.l_linger=0; + i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling)); + if (i < 0) { perror("linger"); return(0); } + i=0; + i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i)); + if (i < 0) { perror("keepalive"); return(0); } +*/ + + if (host == NULL) goto end; +#ifndef BIT_FIELD_LIMITS + /* I should use WSAAsyncGetHostByName() under windows */ + h1=gethostbyaddr((char *)&from.sin_addr.s_addr, + sizeof(from.sin_addr.s_addr),AF_INET); +#else + h1=gethostbyaddr((char *)&from.sin_addr, + sizeof(struct in_addr),AF_INET); +#endif + if (h1 == NULL) + { + BIO_printf(bio_err,"bad gethostbyaddr\n"); + *host=NULL; + /* return(0); */ + } + else + { + if ((*host=(char *)Malloc(strlen(h1->h_name)+1)) == NULL) + { + perror("Malloc"); + return(0); + } + strcpy(*host,h1->h_name); + + h2=GetHostByName(*host); + if (h2 == NULL) + { + BIO_printf(bio_err,"gethostbyname failure\n"); + return(0); + } + i=0; + if (h2->h_addrtype != AF_INET) + { + BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n"); + return(0); + } + } +end: + *sock=ret; + return(1); + } + +int extract_host_port(char *str, char **host_ptr, unsigned char *ip, + short *port_ptr) + { + char *h,*p; + + h=str; + p=strchr(str,':'); + if (p == NULL) + { + BIO_printf(bio_err,"no port defined\n"); + return(0); + } + *(p++)='\0'; + + if ((ip != NULL) && !host_ip(str,ip)) + goto err; + if (host_ptr != NULL) *host_ptr=h; + + if (!extract_port(p,port_ptr)) + goto err; + return(1); +err: + return(0); + } + +int host_ip(char *str, unsigned char ip[4]) + { + unsigned int in[4]; + int i; + + if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4) + { + for (i=0; i<4; i++) + if (in[i] > 255) + { + BIO_printf(bio_err,"invalid IP address\n"); + goto err; + } + ip[0]=in[0]; + ip[1]=in[1]; + ip[2]=in[2]; + ip[3]=in[3]; + } + else + { /* do a gethostbyname */ + struct hostent *he; + + if (!sock_init()) return(0); + + he=GetHostByName(str); + if (he == NULL) + { + BIO_printf(bio_err,"gethostbyname failure\n"); + goto err; + } + /* cast to short because of win16 winsock definition */ + if ((short)he->h_addrtype != AF_INET) + { + BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n"); + return(0); + } + ip[0]=he->h_addr_list[0][0]; + ip[1]=he->h_addr_list[0][1]; + ip[2]=he->h_addr_list[0][2]; + ip[3]=he->h_addr_list[0][3]; + } + return(1); +err: + return(0); + } + +int extract_port(char *str, short *port_ptr) + { + int i; + struct servent *s; + + i=atoi(str); + if (i != 0) + *port_ptr=(unsigned short)i; + else + { + s=getservbyname(str,"tcp"); + if (s == NULL) + { + BIO_printf(bio_err,"getservbyname failure for %s\n",str); + return(0); + } + *port_ptr=ntohs((unsigned short)s->s_port); + } + return(1); + } + +#define GHBN_NUM 4 +static struct ghbn_cache_st + { + char name[128]; + struct hostent ent; + unsigned long order; + } ghbn_cache[GHBN_NUM]; + +static unsigned long ghbn_hits=0L; +static unsigned long ghbn_miss=0L; + +static struct hostent *GetHostByName(char *name) + { + struct hostent *ret; + int i,lowi=0; + unsigned long low= (unsigned long)-1; + + for (i=0; i<GHBN_NUM; i++) + { + if (low > ghbn_cache[i].order) + { + low=ghbn_cache[i].order; + lowi=i; + } + if (ghbn_cache[i].order > 0) + { + if (strncmp(name,ghbn_cache[i].name,128) == 0) + break; + } + } + if (i == GHBN_NUM) /* no hit*/ + { + ghbn_miss++; + ret=gethostbyname(name); + if (ret == NULL) return(NULL); + /* else add to cache */ + strncpy(ghbn_cache[lowi].name,name,128); + memcpy((char *)&(ghbn_cache[lowi].ent),ret,sizeof(struct hostent)); + ghbn_cache[lowi].order=ghbn_miss+ghbn_hits; + return(ret); + } + else + { + ghbn_hits++; + ret= &(ghbn_cache[i].ent); + ghbn_cache[i].order=ghbn_miss+ghbn_hits; + return(ret); + } + } + +#ifndef MSDOS +int spawn(int argc, char **argv, int *in, int *out) + { + int pid; +#define CHILD_READ p1[0] +#define CHILD_WRITE p2[1] +#define PARENT_READ p2[0] +#define PARENT_WRITE p1[1] + int p1[2],p2[2]; + + if ((pipe(p1) < 0) || (pipe(p2) < 0)) return(-1); + +#ifdef VMS + if ((pid=vfork()) == 0) +#else + if ((pid=fork()) == 0) +#endif + { /* child */ + if (dup2(CHILD_WRITE,fileno(stdout)) < 0) + perror("dup2"); + if (dup2(CHILD_WRITE,fileno(stderr)) < 0) + perror("dup2"); + if (dup2(CHILD_READ,fileno(stdin)) < 0) + perror("dup2"); + close(CHILD_READ); + close(CHILD_WRITE); + + close(PARENT_READ); + close(PARENT_WRITE); + execvp(argv[0],argv); + perror("child"); + exit(1); + } + + /* parent */ + *in= PARENT_READ; + *out=PARENT_WRITE; + close(CHILD_READ); + close(CHILD_WRITE); + return(pid); + } +#endif /* MSDOS */ + + +#ifdef undef + /* Turn on synchronous sockets so that we can do a WaitForMultipleObjects + * on sockets */ + { + SOCKET s; + int optionValue = SO_SYNCHRONOUS_NONALERT; + int err; + + err = setsockopt( + INVALID_SOCKET, + SOL_SOCKET, + SO_OPENTYPE, + (char *)&optionValue, + sizeof(optionValue)); + if (err != NO_ERROR) { + /* failed for some reason... */ + BIO_printf(bio_err, "failed to setsockopt(SO_OPENTYPE, SO_SYNCHRONOUS_ALERT) - %d\n", + WSAGetLastError()); + } + } +#endif diff --git a/crypto/openssl/apps/s_time.c b/crypto/openssl/apps/s_time.c new file mode 100644 index 0000000..a529e2a --- /dev/null +++ b/crypto/openssl/apps/s_time.c @@ -0,0 +1,694 @@ +/* apps/s_time.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#define NO_SHUTDOWN + +/*----------------------------------------- + s_time - SSL client connection timer program + Written and donated by Larry Streepy <streepy@healthcare.com> + -----------------------------------------*/ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#if defined(NO_RSA) && !defined(NO_SSL2) +#define NO_SSL2 +#endif + +#ifdef NO_STDIO +#define APPS_WIN16 +#endif +#define USE_SOCKETS +#include <openssl/x509.h> +#include <openssl/ssl.h> +#include <openssl/pem.h> +#include "apps.h" +#include "s_apps.h" +#include <openssl/err.h> +#ifdef WIN32_STUFF +#include "winmain.h" +#include "wintext.h" +#endif + +#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC)) +#define TIMES +#endif + +#ifndef _IRIX +#include <time.h> +#endif +#ifdef TIMES +#include <sys/types.h> +#include <sys/times.h> +#endif + +/* Depending on the VMS version, the tms structure is perhaps defined. + The __TMS macro will show if it was. If it wasn't defined, we should + undefine TIMES, since that tells the rest of the program how things + should be handled. -- Richard Levitte */ +#if defined(VMS) && defined(__DECC) && !defined(__TMS) +#undef TIMES +#endif + +#ifndef TIMES +#include <sys/timeb.h> +#endif + +#ifdef _AIX +#include <sys/select.h> +#endif + +#if defined(sun) || defined(__ultrix) +#define _POSIX_SOURCE +#include <limits.h> +#include <sys/param.h> +#endif + +/* The following if from times(3) man page. It may need to be changed +*/ +#ifndef HZ +#ifndef CLK_TCK +#define HZ 100.0 +#else /* CLK_TCK */ +#define HZ ((double)CLK_TCK) +#endif +#endif + +#undef PROG +#define PROG s_time_main + +#undef ioctl +#define ioctl ioctlsocket + +#define SSL_CONNECT_NAME "localhost:4433" + +/*#define TEST_CERT "client.pem" */ /* no default cert. */ + +#undef BUFSIZZ +#define BUFSIZZ 1024*10 + +#define min(a,b) (((a) < (b)) ? (a) : (b)) +#define max(a,b) (((a) > (b)) ? (a) : (b)) + +#undef SECONDS +#define SECONDS 30 +extern int verify_depth; +extern int verify_error; + +static void s_time_usage(void); +static int parseArgs( int argc, char **argv ); +static SSL *doConnection( SSL *scon ); +static void s_time_init(void); + +/*********************************************************************** + * Static data declarations + */ + +/* static char *port=PORT_STR;*/ +static char *host=SSL_CONNECT_NAME; +static char *t_cert_file=NULL; +static char *t_key_file=NULL; +static char *CApath=NULL; +static char *CAfile=NULL; +static char *tm_cipher=NULL; +static int tm_verify = SSL_VERIFY_NONE; +static int maxTime = SECONDS; +static SSL_CTX *tm_ctx=NULL; +static SSL_METHOD *s_time_meth=NULL; +static char *s_www_path=NULL; +static long bytes_read=0; +static int st_bugs=0; +static int perform=0; +#ifdef FIONBIO +static int t_nbio=0; +#endif +#ifdef WIN32 +static int exitNow = 0; /* Set when it's time to exit main */ +#endif + +static void s_time_init(void) + { + host=SSL_CONNECT_NAME; + t_cert_file=NULL; + t_key_file=NULL; + CApath=NULL; + CAfile=NULL; + tm_cipher=NULL; + tm_verify = SSL_VERIFY_NONE; + maxTime = SECONDS; + tm_ctx=NULL; + s_time_meth=NULL; + s_www_path=NULL; + bytes_read=0; + st_bugs=0; + perform=0; + +#ifdef FIONBIO + t_nbio=0; +#endif +#ifdef WIN32 + exitNow = 0; /* Set when it's time to exit main */ +#endif + } + +/*********************************************************************** + * usage - display usage message + */ +static void s_time_usage(void) +{ + static char umsg[] = "\ +-time arg - max number of seconds to collect data, default %d\n\ +-verify arg - turn on peer certificate verification, arg == depth\n\ +-cert arg - certificate file to use, PEM format assumed\n\ +-key arg - RSA file to use, PEM format assumed, key is in cert file\n\ + file if not specified by this option\n\ +-CApath arg - PEM format directory of CA's\n\ +-CAfile arg - PEM format file of CA's\n\ +-cipher - prefered cipher to use, play with 'openssl ciphers'\n\n"; + + printf( "usage: s_time <args>\n\n" ); + + printf("-connect host:port - host:port to connect to (default is %s)\n",SSL_CONNECT_NAME); +#ifdef FIONBIO + printf("-nbio - Run with non-blocking IO\n"); + printf("-ssl2 - Just use SSLv2\n"); + printf("-ssl3 - Just use SSLv3\n"); + printf("-bugs - Turn on SSL bug compatability\n"); + printf("-new - Just time new connections\n"); + printf("-reuse - Just time connection reuse\n"); + printf("-www page - Retrieve 'page' from the site\n"); +#endif + printf( umsg,SECONDS ); +} + +/*********************************************************************** + * parseArgs - Parse command line arguments and initialize data + * + * Returns 0 if ok, -1 on bad args + */ +static int parseArgs(int argc, char **argv) +{ + int badop = 0; + + verify_depth=0; + verify_error=X509_V_OK; +#ifdef FIONBIO + t_nbio=0; +#endif + + apps_startup(); + s_time_init(); + + if (bio_err == NULL) + bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); + + argc--; + argv++; + + while (argc >= 1) { + if (strcmp(*argv,"-connect") == 0) + { + if (--argc < 1) goto bad; + host= *(++argv); + } +#if 0 + else if( strcmp(*argv,"-host") == 0) + { + if (--argc < 1) goto bad; + host= *(++argv); + } + else if( strcmp(*argv,"-port") == 0) + { + if (--argc < 1) goto bad; + port= *(++argv); + } +#endif + else if (strcmp(*argv,"-reuse") == 0) + perform=2; + else if (strcmp(*argv,"-new") == 0) + perform=1; + else if( strcmp(*argv,"-verify") == 0) { + + tm_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE; + if (--argc < 1) goto bad; + verify_depth=atoi(*(++argv)); + BIO_printf(bio_err,"verify depth is %d\n",verify_depth); + + } else if( strcmp(*argv,"-cert") == 0) { + + if (--argc < 1) goto bad; + t_cert_file= *(++argv); + + } else if( strcmp(*argv,"-key") == 0) { + + if (--argc < 1) goto bad; + t_key_file= *(++argv); + + } else if( strcmp(*argv,"-CApath") == 0) { + + if (--argc < 1) goto bad; + CApath= *(++argv); + + } else if( strcmp(*argv,"-CAfile") == 0) { + + if (--argc < 1) goto bad; + CAfile= *(++argv); + + } else if( strcmp(*argv,"-cipher") == 0) { + + if (--argc < 1) goto bad; + tm_cipher= *(++argv); + } +#ifdef FIONBIO + else if(strcmp(*argv,"-nbio") == 0) { + t_nbio=1; + } +#endif + else if(strcmp(*argv,"-www") == 0) + { + if (--argc < 1) goto bad; + s_www_path= *(++argv); + } + else if(strcmp(*argv,"-bugs") == 0) + st_bugs=1; +#ifndef NO_SSL2 + else if(strcmp(*argv,"-ssl2") == 0) + s_time_meth=SSLv2_client_method(); +#endif +#ifndef NO_SSL3 + else if(strcmp(*argv,"-ssl3") == 0) + s_time_meth=SSLv3_client_method(); +#endif + else if( strcmp(*argv,"-time") == 0) { + + if (--argc < 1) goto bad; + maxTime= atoi(*(++argv)); + } + else { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badop=1; + break; + } + + argc--; + argv++; + } + + if (perform == 0) perform=3; + + if(badop) { +bad: + s_time_usage(); + return -1; + } + + return 0; /* Valid args */ +} + +/*********************************************************************** + * TIME - time functions + */ +#define START 0 +#define STOP 1 + +static double tm_Time_F(int s) + { + static double ret; +#ifdef TIMES + static struct tms tstart,tend; + + if(s == START) { + times(&tstart); + return(0); + } else { + times(&tend); + ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; + return((ret == 0.0)?1e-6:ret); + } +#else /* !times() */ + static struct timeb tstart,tend; + long i; + + if(s == START) { + ftime(&tstart); + return(0); + } else { + ftime(&tend); + i=(long)tend.millitm-(long)tstart.millitm; + ret=((double)(tend.time-tstart.time))+((double)i)/1000.0; + return((ret == 0.0)?1e-6:ret); + } +#endif +} + +/*********************************************************************** + * MAIN - main processing area for client + * real name depends on MONOLITH + */ +int MAIN(int argc, char **argv) + { + double totalTime = 0.0; + int nConn = 0; + SSL *scon=NULL; + long finishtime=0; + int ret=1,i; + MS_STATIC char buf[1024*8]; + int ver; + +#if !defined(NO_SSL2) && !defined(NO_SSL3) + s_time_meth=SSLv23_client_method(); +#elif !defined(NO_SSL3) + s_time_meth=SSLv3_client_method(); +#elif !defined(NO_SSL2) + s_time_meth=SSLv2_client_method(); +#endif + + /* parse the command line arguments */ + if( parseArgs( argc, argv ) < 0 ) + goto end; + + SSLeay_add_ssl_algorithms(); + if ((tm_ctx=SSL_CTX_new(s_time_meth)) == NULL) return(1); + + SSL_CTX_set_quiet_shutdown(tm_ctx,1); + + if (st_bugs) SSL_CTX_set_options(tm_ctx,SSL_OP_ALL); + SSL_CTX_set_cipher_list(tm_ctx,tm_cipher); + if(!set_cert_stuff(tm_ctx,t_cert_file,t_key_file)) + goto end; + + SSL_load_error_strings(); + + if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) || + (!SSL_CTX_set_default_verify_paths(tm_ctx))) + { + /* BIO_printf(bio_err,"error seting default verify locations\n"); */ + ERR_print_errors(bio_err); + /* goto end; */ + } + + if (tm_cipher == NULL) + tm_cipher = getenv("SSL_CIPHER"); + + if (tm_cipher == NULL ) { + fprintf( stderr, "No CIPHER specified\n" ); +/* EXIT(1); */ + } + + if (!(perform & 1)) goto next; + printf( "Collecting connection statistics for %d seconds\n", maxTime ); + + /* Loop and time how long it takes to make connections */ + + bytes_read=0; + finishtime=(long)time(NULL)+maxTime; + tm_Time_F(START); + for (;;) + { + if (finishtime < time(NULL)) break; +#ifdef WIN32_STUFF + + if( flushWinMsgs(0) == -1 ) + goto end; + + if( waitingToDie || exitNow ) /* we're dead */ + goto end; +#endif + + if( (scon = doConnection( NULL )) == NULL ) + goto end; + + if (s_www_path != NULL) + { + sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); + SSL_write(scon,buf,strlen(buf)); + while ((i=SSL_read(scon,buf,sizeof(buf))) > 0) + bytes_read+=i; + } + +#ifdef NO_SHUTDOWN + SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); +#else + SSL_shutdown(scon); +#endif + SHUTDOWN2(SSL_get_fd(scon)); + + nConn += 1; + if (SSL_session_reused(scon)) + ver='r'; + else + { + ver=SSL_version(scon); + if (ver == TLS1_VERSION) + ver='t'; + else if (ver == SSL3_VERSION) + ver='3'; + else if (ver == SSL2_VERSION) + ver='2'; + else + ver='*'; + } + fputc(ver,stdout); + fflush(stdout); + + SSL_free( scon ); + scon=NULL; + } + totalTime += tm_Time_F(STOP); /* Add the time for this iteration */ + + i=(int)(time(NULL)-finishtime+maxTime); + printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read); + printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,time(NULL)-finishtime+maxTime,bytes_read/nConn); + + /* Now loop and time connections using the same session id over and over */ + +next: + if (!(perform & 2)) goto end; + printf( "\n\nNow timing with session id reuse.\n" ); + + /* Get an SSL object so we can reuse the session id */ + if( (scon = doConnection( NULL )) == NULL ) + { + fprintf( stderr, "Unable to get connection\n" ); + goto end; + } + + if (s_www_path != NULL) + { + sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); + SSL_write(scon,buf,strlen(buf)); + while (SSL_read(scon,buf,sizeof(buf)) > 0) + ; + } +#ifdef NO_SHUTDOWN + SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); +#else + SSL_shutdown(scon); +#endif + SHUTDOWN2(SSL_get_fd(scon)); + + nConn = 0; + totalTime = 0.0; + + finishtime=time(NULL)+maxTime; + + printf( "starting\n" ); + bytes_read=0; + tm_Time_F(START); + + for (;;) + { + if (finishtime < time(NULL)) break; + +#ifdef WIN32_STUFF + if( flushWinMsgs(0) == -1 ) + goto end; + + if( waitingToDie || exitNow ) /* we're dead */ + goto end; +#endif + + if( (doConnection( scon )) == NULL ) + goto end; + + if (s_www_path) + { + sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); + SSL_write(scon,buf,strlen(buf)); + while ((i=SSL_read(scon,buf,sizeof(buf))) > 0) + bytes_read+=i; + } + +#ifdef NO_SHUTDOWN + SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); +#else + SSL_shutdown(scon); +#endif + SHUTDOWN2(SSL_get_fd(scon)); + + nConn += 1; + if (SSL_session_reused(scon)) + ver='r'; + else + { + ver=SSL_version(scon); + if (ver == TLS1_VERSION) + ver='t'; + else if (ver == SSL3_VERSION) + ver='3'; + else if (ver == SSL2_VERSION) + ver='2'; + else + ver='*'; + } + fputc(ver,stdout); + fflush(stdout); + } + totalTime += tm_Time_F(STOP); /* Add the time for this iteration*/ + + + printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read); + printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,time(NULL)-finishtime+maxTime,bytes_read/nConn); + + ret=0; +end: + if (scon != NULL) SSL_free(scon); + + if (tm_ctx != NULL) + { + SSL_CTX_free(tm_ctx); + tm_ctx=NULL; + } + EXIT(ret); + } + +/*********************************************************************** + * doConnection - make a connection + * Args: + * scon = earlier ssl connection for session id, or NULL + * Returns: + * SSL * = the connection pointer. + */ +static SSL *doConnection(SSL *scon) + { + BIO *conn; + SSL *serverCon; + int width, i; + fd_set readfds; + + if ((conn=BIO_new(BIO_s_connect())) == NULL) + return(NULL); + +/* BIO_set_conn_port(conn,port);*/ + BIO_set_conn_hostname(conn,host); + + if (scon == NULL) + serverCon=(SSL *)SSL_new(tm_ctx); + else + { + serverCon=scon; + SSL_set_connect_state(serverCon); + } + + SSL_set_bio(serverCon,conn,conn); + +#if 0 + if( scon != NULL ) + SSL_set_session(serverCon,SSL_get_session(scon)); +#endif + + /* ok, lets connect */ + for(;;) { + i=SSL_connect(serverCon); + if (BIO_sock_should_retry(i)) + { + BIO_printf(bio_err,"DELAY\n"); + + i=SSL_get_fd(serverCon); + width=i+1; + FD_ZERO(&readfds); + FD_SET(i,&readfds); + /* Note: under VMS with SOCKETSHR the 2nd parameter + * is currently of type (int *) whereas under other + * systems it is (void *) if you don't have a cast it + * will choke the compiler: if you do have a cast then + * you can either go for (int *) or (void *). + */ + select(width,(void *)&readfds,NULL,NULL,NULL); + continue; + } + break; + } + if(i <= 0) + { + BIO_printf(bio_err,"ERROR\n"); + if (verify_error != X509_V_OK) + BIO_printf(bio_err,"verify error:%s\n", + X509_verify_cert_error_string(verify_error)); + else + ERR_print_errors(bio_err); + if (scon == NULL) + SSL_free(serverCon); + return NULL; + } + + return serverCon; + } + + diff --git a/crypto/openssl/apps/server.pem b/crypto/openssl/apps/server.pem new file mode 100644 index 0000000..c57b325 --- /dev/null +++ b/crypto/openssl/apps/server.pem @@ -0,0 +1,369 @@ +issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit) +subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit) +-----BEGIN CERTIFICATE----- +MIIB6TCCAVICAQQwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV +BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD +VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTgwNjI5MjM1MjQwWhcNMDAwNjI4 +MjM1MjQwWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG +A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl +cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP +Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2// +Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCVvvfkGSe2GHgDFfmOua4Isjb9 +JVhImWMASiOClkZlMESDJjsszg/6+d/W+8TrbObhazpl95FivXBVucbj9dudh7AO +IZu1h1MAPlyknc9Ud816vz3FejB4qqUoaXjnlkrIgEbr/un7jSS86WOe0hRhwHkJ +FUGcPZf9ND22Etc+AQ== +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD +TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu +OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj +gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz +rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b +PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA +vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU= +-----END RSA PRIVATE KEY----- +subject=/C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA +issuer= /C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA +notBefore=950413210656Z +notAfter =970412210656Z +-----BEGIN X509 CERTIFICATE----- + +MIICCDCCAXECAQAwDQYJKoZIhvcNAQEEBQAwTjELMAkGA1UEBhMCVVMxHzAdBgNV +BAoUFkFUJlQgQmVsbCBMYWJvcmF0b3JpZXMxHjAcBgNVBAsUFVByb3RvdHlwZSBS +ZXNlYXJjaCBDQTAeFw05NTA0MTMyMTA2NTZaFw05NzA0MTIyMTA2NTZaME4xCzAJ +BgNVBAYTAlVTMR8wHQYDVQQKFBZBVCZUIEJlbGwgTGFib3JhdG9yaWVzMR4wHAYD +VQQLFBVQcm90b3R5cGUgUmVzZWFyY2ggQ0EwgZwwDQYJKoZIhvcNAQEBBQADgYoA +MIGGAoGAebOmgtSCl+wCYZc86UGYeTLY8cjmW2P0FN8ToT/u2pECCoFdrlycX0OR +3wt0ZhpFXLVNeDnHwEE9veNUih7pCL2ZBFqoIoQkB1lZmXRiVtjGonz8BLm/qrFM +YHb0lme/Ol+s118mwKVxnn6bSAeI/OXKhLaVdYZWk+aEaxEDkVkCAQ8wDQYJKoZI +hvcNAQEEBQADgYEAAZMG14lZmZ8bahkaHaTV9dQf4p2FZiQTFwHP9ZyGsXPC+LT5 +dG5iTaRmyjNIJdPWohZDl97kAci79aBndvuEvRKOjLHs3WRGBIwERnAcnY9Mz8u/ +zIHK23PjYVxGGaZd669OJwD0CYyqH22HH9nFUGaoJdsv39ChW0NRdLE9+y8= +-----END X509 CERTIFICATE----- +issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit) +subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit) +-----BEGIN CERTIFICATE----- +MIICJjCCAY8CAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV +BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD +VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0M1oXDTAxMDYw +OTEzNTc0M1owWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY +BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgxMDI0 +IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgybTsZ +DCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/dFXSv +1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUecQU2 +mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAM7achv3v +hLQJcv/65eGEpBXM40ZDVoFQFFJWaY5p883HTqLB1x4FdzsXHH0QKBTcKpWwqyu4 +YDm3fb8oDugw72bCzfyZK/zVZPR/hVlqI/fvU109Qoc+7oPvIXWky71HfcK6ZBCA +q30KIqGM/uoM60INq97qjDmCJapagcNBGQs= +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425 +gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd +2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB +AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6 +hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2 +J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs +HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL +21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s +nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz +MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa +pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb +KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2 +XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ +-----END RSA PRIVATE KEY----- +-----BEGIN X509 CERTIFICATE----- +MIICYDCCAiACAgEoMAkGBSsOAwINBQAwfDELMAkGA1UEBhMCVVMxNjA0BgNVBAoT +LU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZ +MBcGA1UECxMQVGVzdCBFbnZpcm9ubWVudDEaMBgGA1UECxMRRFNTLU5BU0EtUGls +b3QtQ0EwHhcNOTYwMjI2MTYzMjQ1WhcNOTcwMjI1MTYzMjQ1WjB8MQswCQYDVQQG +EwJVUzE2MDQGA1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFk +bWluaXN0cmF0aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MRowGAYDVQQL +ExFEU1MtTkFTQS1QaWxvdC1DQTCB8jAJBgUrDgMCDAUAA4HkADCB4AJBAMA/ssKb +hPNUG7ZlASfVwEJU21O5OyF/iyBzgHI1O8eOhJGUYO8cc8wDMjR508Mr9cp6Uhl/ +ZB7FV5GkLNEnRHYCQQDUEaSg45P2qrDwixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLb +bn3QK74T2IxY1yY+kCNq8XrIqf5fJJzIH0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3 +fVd0geUCQQCzCFUQAh+ZkEmp5804cs6ZWBhrUAfnra8lJItYo9xPcXgdIfLfibcX +R71UsyO77MRD7B0+Ag2tq794IleCVcEEMAkGBSsOAwINBQADLwAwLAIUUayDfreR +Yh2WeU86/pHNdkUC1IgCFEfxe1f0oMpxJyrJ5XIxTi7vGdoK +-----END X509 CERTIFICATE----- +-----BEGIN X509 CERTIFICATE----- + +MIICGTCCAdgCAwCqTDAJBgUrDgMCDQUAMHwxCzAJBgNVBAYTAlVTMTYwNAYDVQQK +Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x +GTAXBgNVBAsTEFRlc3QgRW52aXJvbm1lbnQxGjAYBgNVBAsTEURTUy1OQVNBLVBp +bG90LUNBMB4XDTk2MDUxNDE3MDE0MVoXDTk3MDUxNDE3MDE0MVowMzELMAkGA1UE +BhMCQVUxDzANBgNVBAoTBk1pbmNvbTETMBEGA1UEAxMKRXJpYyBZb3VuZzCB8jAJ +BgUrDgMCDAUAA4HkADCB4AJBAKbfHz6vE6pXXMTpswtGUec2tvnfLJUsoxE9qs4+ +ObZX7LmLvragNPUeiTJx7UOWZ5DfBj6bXLc8eYne0lP1g3ACQQDUEaSg45P2qrDw +ixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLbbn3QK74T2IxY1yY+kCNq8XrIqf5fJJzI +H0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3fVd0geUCQQCzCFUQAh+ZkEmp5804cs6Z +WBhrUAfnra8lJItYo9xPcXgdIfLfibcXR71UsyO77MRD7B0+Ag2tq794IleCVcEE +MAkGBSsOAwINBQADMAAwLQIUWsuuJRE3VT4ueWkWMAJMJaZjj1ECFQCYY0zX4bzM +LC7obsrHD8XAHG+ZRG== +-----END X509 CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICTTCCAbagAwIBAgIBADANBgkqhkiG9w0BAQQFADBMMQswCQYDVQQGEwJHQjEM +MAoGA1UEChMDVUNMMRgwFgYDVQQLEw9JQ0UtVEVMIFByb2plY3QxFTATBgNVBAMT +DFRydXN0RmFjdG9yeTAeFw05NzA0MjIxNDM5MTRaFw05ODA0MjIxNDM5MTRaMEwx +CzAJBgNVBAYTAkdCMQwwCgYDVQQKEwNVQ0wxGDAWBgNVBAsTD0lDRS1URUwgUHJv +amVjdDEVMBMGA1UEAxMMVHJ1c3RGYWN0b3J5MIGcMAoGBFUIAQECAgQAA4GNADCB +iQKBgQCEieR8NcXkUW1f0G6aC6u0i8q/98JqS6RxK5YmHIGKCkuTWAUjzLfUa4dt +U9igGCjTuxaDqlzEim+t/02pmiBZT9HaX++35MjQPUWmsChcYU5WyzGErXi+rQaw +zlwS73zM8qiPj/97lXYycWhgL0VaiDSPxRXEUdWoaGruom4mNQIDAQABo0IwQDAd +BgNVHQ4EFgQUHal1LZr7oVg5z6lYzrhTgZRCmcUwDgYDVR0PAQH/BAQDAgH2MA8G +A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAfaggfl6FZoioecjv0dq8 +/DXo/u11iMZvXn08gjX/zl2b4wtPbShOSY5FhkSm8GeySasz+/Nwb/uzfnIhokWi +lfPZHtlCWtXbIy/TN51eJyq04ceDCQDWvLC2enVg9KB+GJ34b5c5VaPRzq8MBxsA +S7ELuYGtmYgYm9NZOIr7yU0= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB6jCCAZQCAgEtMA0GCSqGSIb3DQEBBAUAMIGAMQswCQYDVQQGEwJVUzE2MDQG +A1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFkbWluaXN0cmF0 +aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MR4wHAYDVQQLExVNRDUtUlNB +LU5BU0EtUGlsb3QtQ0EwHhcNOTYwNDMwMjIwNTAwWhcNOTcwNDMwMjIwNTAwWjCB +gDELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu +ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZMBcGA1UECxMQVGVzdCBFbnZpcm9ubWVu +dDEeMBwGA1UECxMVTUQ1LVJTQS1OQVNBLVBpbG90LUNBMFkwCgYEVQgBAQICAgAD +SwAwSAJBALmmX5+GqAvcrWK13rfDrNX9UfeA7f+ijyBgeFQjYUoDpFqapw4nzQBL +bAXug8pKkRwa2Zh8YODhXsRWu2F/UckCAwEAATANBgkqhkiG9w0BAQQFAANBAH9a +OBA+QCsjxXgnSqHx04gcU8S49DVUb1f2XVoLnHlIb8RnX0k5O6mpHT5eti9bLkiW +GJNMJ4L0AJ/ac+SmHZc= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICajCCAdMCBDGA0QUwDQYJKoZIhvcNAQEEBQAwfTELMAkGA1UEBhMCQ2ExDzAN +BgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmlsaXR5IEFjY2VwdGVkMR8w +HQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRwwGgYDVQQDExNFbnRydXN0 +IERlbW8gV2ViIENBMB4XDTk2MDQyNjEzMzUwMVoXDTA2MDQyNjEzMzUwMVowfTEL +MAkGA1UEBhMCQ2ExDzANBgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmls +aXR5IEFjY2VwdGVkMR8wHQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRww +GgYDVQQDExNFbnRydXN0IERlbW8gV2ViIENBMIGdMA0GCSqGSIb3DQEBAQUAA4GL +ADCBhwKBgQCaroS7O1DA0hm4IefNYU1cx/nqOmzEnk291d1XqznDeF4wEgakbkCc +zTKxK791yNpXG5RmngqH7cygDRTHZJ6mfCRn0wGC+AI00F2vYTGqPGRQL1N3lZT0 +YDKFC0SQeMMjFIZ1aeQigroFQnHo0VB3zWIMpNkka8PY9lxHZAmWwQIBAzANBgkq +hkiG9w0BAQQFAAOBgQBAx0UMVA1s54lMQyXjMX5kj99FJN5itb8bK1Rk+cegPQPF +cWO9SEWyEjjBjIkjjzAwBkaEszFsNGxemxtXvwjIm1xEUMTVlPEWTs2qnDvAUA9W +YqhWbhH0toGT36236QAsqCZ76rbTRVSSX2BHyJwJMG2tCRv7kRJ//NIgxj3H4w== +-----END CERTIFICATE----- + +issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit) +subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit) +-----BEGIN CERTIFICATE----- +MIICJzCCAZACAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV +BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD +VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTczN1oXDTAxMDYw +OTEzNTczN1owXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY +BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy +NCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfjIrkg +40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp +22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3vR1Y +BEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABNA1u/S +Cg/LJZWb7GliiKJsvuhxlE4E5JxQF2zMub/CSNbF97//tYSyj96sxeFQxZXbcjm9 +xt6mr/xNLA4szNQMJ4P+L7b5e/jC5DSqlwS+CUYJgaFs/SP+qJoCSu1bR3IM9XWO +cRBpDmcBbYLkSyB92WURvsZ1LtjEcn+cdQVI +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg +wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ +vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB +AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc +z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz +xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7 +HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD +yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS +xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj +7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG +h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL +QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q +hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc= +-----END RSA PRIVATE KEY----- +subject=/C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority +issuer= /C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority +notBefore=941104185834Z +notAfter =991103185834Z +-----BEGIN X509 CERTIFICATE----- + +MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw +HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy +Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05 +OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT +ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u +IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o +975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/ +touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE +7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j +9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI +0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb +MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU= +-----END X509 CERTIFICATE----- +subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority +issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority +notBefore=941109235417Z +notAfter =991231235417Z +-----BEGIN X509 CERTIFICATE----- + +MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw +HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl +IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda +Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0 +YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB +roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12 +aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc +HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A +iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7 +suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h +cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk= +-----END X509 CERTIFICATE----- +subject=/C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc + /OU=Certification Services Division/CN=Thawte Server CA + /Email=server-certs@thawte.com +issuer= /C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc + /OU=Certification Services Division/CN=Thawte Server CA + /Email=server-certs@thawte.com +-----BEGIN CERTIFICATE----- +MIIC+TCCAmICAQAwDQYJKoZIhvcNAQEEBQAwgcQxCzAJBgNVBAYTAlpBMRUwEwYD +VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU +VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy +dmljZXMgRGl2aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkq +hkiG9w0BCQEWF3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMB4XDTk2MDcyNzE4MDc1 +N1oXDTk4MDcyNzE4MDc1N1owgcQxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0 +ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMUVGhhd3RlIENv +bnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2 +aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkqhkiG9w0BCQEW +F3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQDTpFBuyP9Wa+bPXbbqDGh1R6KqwtqEJfyo9EdR2oW1IHSUhh4PdcnpCGH1 +Bm0wbhUZAulSwGLbTZme4moMRDjN/r7jZAlwxf6xaym2L0nIO9QnBCUQly/nkG3A +KEKZ10xD3sP1IW1Un13DWOHA5NlbsLjctHvfNjrCtWYiEtaHDQIDAQABMA0GCSqG +SIb3DQEBBAUAA4GBAIsvn7ifX3RUIrvYXtpI4DOfARkTogwm6o7OwVdl93yFhDcX +7h5t0XZ11MUAMziKdde3rmTvzUYIUCYoY5b032IwGMTvdiclK+STN6NP2m5nvFAM +qJT5gC5O+j/jBuZRQ4i0AMYQr5F4lT8oBJnhgafw6PL8aDY2vMHGSPl9+7uf +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIDDTCCAnYCAQAwDQYJKoZIhvcNAQEEBQAwgc4xCzAJBgNVBAYTAlpBMRUwEwYD +VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU +VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy +dmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBD +QTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTAeFw05 +NjA3MjcxODA3MTRaFw05ODA3MjcxODA3MTRaMIHOMQswCQYDVQQGEwJaQTEVMBMG +A1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAbBgNVBAoT +FFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNl +cnZpY2VzIERpdmlzaW9uMSEwHwYDVQQDExhUaGF3dGUgUHJlbWl1bSBTZXJ2ZXIg +Q0ExKDAmBgkqhkiG9w0BCQEWGXByZW1pdW0tc2VydmVyQHRoYXd0ZS5jb20wgZ8w +DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANI2NmqL18JbntqBQWKPOO5JBFXW0O8c +G5UWR+8YSDU6UvQragaPOy/qVuOvho2eF/eetGV1Ak3vywmiIVHYm9Bn0LoNkgYU +c9STy5cqAJxcTgy8+hVS/PJEbtoRSm4Iny8t4/mqOoZztkZTWMiJBb2DEbhzP6oH +jfRCTedAnRw3AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAutFIgTRZVYerIZfL9lvR +w9Eifvvo5KTZ3h+Bj+VzNnyw4Qc/IyXkPOu6SIiH9LQ3sCmWBdxpe+qr4l77rLj2 +GYuMtESFfn1XVALzkYgC7JcPuTOjMfIiMByt+uFf8AV8x0IW/Qkuv+hEQcyM9vxK +3VZdLbCVIhNoEsysrxCpxcI= +-----END CERTIFICATE----- +Tims test GCI CA + +-----BEGIN CERTIFICATE----- +MIIB8DCCAZoCAQAwDQYJKoZIhvcNAQEEBQAwgYIxCzAJBgNVBAYTAkFVMRMwEQYD +VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5 +cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBD +cnlwdFNvZnQgRGV2IENBMB4XDTk3MDMyMjEzMzQwNFoXDTk4MDMyMjEzMzQwNFow +gYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhC +cmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2Rl +dmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQgRGV2IENBMFwwDQYJKoZIhvcN +AQEBBQADSwAwSAJBAOAOAqogG5QwAmLhzyO4CoRnx/wVy4NZP4dxJy83O1EnL0rw +OdsamJKvPOLHgSXo3gDu9uVyvCf/QJmZAmC5ml8CAwEAATANBgkqhkiG9w0BAQQF +AANBADRRS/GVdd7rAqRW6SdmgLJduOU2yq3avBu99kRqbp9A/dLu6r6jU+eP4oOA +TfdbFZtAAD2Hx9jUtY3tfdrJOb8= +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIICVjCCAgACAQAwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAkFVMRMwEQYD +VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5 +cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsTI1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9O +IEFVVEhPUklUSUVTMTQwMgYDVQQDEytaRVJPIFZBTFVFIENBIC0gREVNT05TVFJB +VElPTiBQVVJQT1NFUyBPTkxZMB4XDTk3MDQwMzEzMjI1NFoXDTk4MDQwMzEzMjI1 +NFowgbUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH +EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsT +I1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9OIEFVVEhPUklUSUVTMTQwMgYDVQQDEyta +RVJPIFZBTFVFIENBIC0gREVNT05TVFJBVElPTiBQVVJQT1NFUyBPTkxZMFwwDQYJ +KoZIhvcNAQEBBQADSwAwSAJBAOZ7T7yqP/tyspcko3yPY1y0Cm2EmwNvzW4QgVXR +Fjs3HmJ4xtSpXdo6mwcGezL3Abt/aQXaxv9PU8xt+Jr0OFUCAwEAATANBgkqhkiG +9w0BAQQFAANBAOQpYmGgyCqCy1OljgJhCqQOu627oVlHzK1L+t9vBaMfn40AVUR4 +WzQVWO31KTgi5vTK1U+3h46fgUWqQ0h+6rU= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIAwgKADAgECAgEAMA0GCSqGSIb3DQEBBAUAMGIxETAPBgNVBAcTCEludGVybmV0 +MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh +c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw05NjA0MDgxMDIwMjda +Fw05NzA0MDgxMDIwMjdaMGIxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5W +ZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIElu +ZGl2aWR1YWwgU3Vic2NyaWJlcjCAMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2 +FKbPTdAFDdjKI9BvqrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7j +W80GqLd5HUQq7XPysVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cari +QPJUObwW7s987LrbP2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABAAAAADANBgkqhkiG +9w0BAQQFAAOBgQA+1nJryNt8VBRjRr07ArDAV/3jAH7GjDc9jsrxZS68ost9v06C +TvTNKGL+LISNmFLXl+JXhgGB0JZ9fvyYzNgHQ46HBUng1H6voalfJgS2KdEo50wW +8EFZYMDkT1k4uynwJqkVN2QJK/2q4/A/VCov5h6SlM8Affg2W+1TLqvqkwAA +-----END CERTIFICATE----- + + subject=/L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber + issuer= /L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber + +-----BEGIN CERTIFICATE----- +MIIEkzCCA/ygAwIBAgIRANDTUpSRL3nTFeMrMayFSPAwDQYJKoZIhvcNAQECBQAw +YjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQw +MgYDVQQLEytWZXJpU2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3Jp +YmVyMB4XDTk2MDYwNDAwMDAwMFoXDTk4MDYwNDIzNTk1OVowYjERMA8GA1UEBxMI +SW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJp +U2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMIGfMA0GCSqG +SIb3DQEBAQUAA4GNADCBiQKBgQC6A+2czKGRcYMfm8gdnk+0de99TDDzsqo0v5nb +RsbUmMcdRQ7nsMbRWe0SAb/9QoLTZ/cJ0iOBqdrkz7UpqqKarVoTSdlSMVM92tWp +3bJncZHQD1t4xd6lQVdI1/T6R+5J0T1ukOdsI9Jmf+F28S6g3R3L1SFwiHKeZKZv +z+793wIDAQABo4ICRzCCAkMwggIpBgNVHQMBAf8EggIdMIICGTCCAhUwggIRBgtg +hkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0ZXMg +YnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0IHRv +LCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQg +KENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQ +Uy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBv +ciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1v +dW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04ODMw +IENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0cyBS +ZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJQUJJ +TElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQECMC8w +LRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMDAU +BglghkgBhvhCAQEBAf8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEApRJRkNBqLLgs +53IR/d18ODdLOWMTZ+QOOxBrq460iBEdUwgF8vmPRX1ku7UiDeNzaLlurE6eFqHq +2zPyK5j60zfTLVJMWKcQWwTJLjHtXrW8pxhNtFc6Fdvy5ZkHnC/9NIl7/t4U6WqB +p4y+p7SdMIkEwIZfds0VbnQyX5MRUJY= +-----END CERTIFICATE----- + + subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority + issuer= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority +-----BEGIN CERTIFICATE----- +MIICMTCCAZoCBQKhAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw +FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMg +UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa +Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln +biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyVxZ +nvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqoRAWq7AMfeH+ek7ma +AKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4rCNfcCk2pMmG57Ga +IMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATANBgkqhkiG9w0BAQIF +AAOBgQB1Zmw+0c2B27X4LzZRtvdCvM1Cr9wO+hVs+GeTVzrrtpLotgHKjLeOQ7RJ +Zfk+7r11Ri7J/CVdqMcvi5uPaM+0nJcYwE3vH9mvgrPmZLiEXIqaB1JDYft0nls6 +NvxMsvwaPxUupVs8G5DsiCnkWRb5zget7Ond2tIxik/W2O8XjQ== +-----END CERTIFICATE----- + subject=/C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority + issuer= /C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority +-----BEGIN CERTIFICATE----- +MIICMTCCAZoCBQKmAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw +FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMg +UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa +Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln +biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LJ1 +9njQrlpQ9OlQqZ+M1++RlHDo0iSQdomF1t+s5gEXMoDwnZNHvJplnR+Xrr/phnVj +IIm9gFidBAydqMEk6QvlMXi9/C0MN2qeeIDpRnX57aP7E3vIwUzSo+/1PLBij0pd +O92VZ48TucE81qcmm+zDO3rZTbxtm+gVAePwR6kCAwEAATANBgkqhkiG9w0BAQIF +AAOBgQBT3dPwnCR+QKri/AAa19oM/DJhuBUNlvP6Vxt/M3yv6ZiaYch6s7f/sdyZ +g9ysEvxwyR84Qu1E9oAuW2szaayc01znX1oYx7EteQSWQZGZQbE8DbqEOcY7l/Am +yY7uvcxClf8exwI/VAx49byqYHwCaejcrOICdmHEPgPq0ook0Q== +-----END CERTIFICATE----- diff --git a/crypto/openssl/apps/server.srl b/crypto/openssl/apps/server.srl new file mode 100644 index 0000000..8a0f05e --- /dev/null +++ b/crypto/openssl/apps/server.srl @@ -0,0 +1 @@ +01 diff --git a/crypto/openssl/apps/server2.pem b/crypto/openssl/apps/server2.pem new file mode 100644 index 0000000..8bb6641 --- /dev/null +++ b/crypto/openssl/apps/server2.pem @@ -0,0 +1,376 @@ +issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit) +subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (1024 bit) +-----BEGIN CERTIFICATE----- +MIICLjCCAZcCAQEwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV +BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD +VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzU0WhcNOTgwNjA5 +MTM1NzU0WjBkMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG +A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxJDAiBgNVBAMTG1NlcnZlciB0ZXN0IGNl +cnQgKDEwMjQgYml0KTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsxH1PBPm +RkxrR11eV4bzNi4N9n11CI8nV29+ARlT1+qDe/mjVUvXlmsr1v/vf71G9GgqopSa +6RXrICLVdk/FYYYzhPvl1M+OrjaXDFO8BzBAF1Lnz6c7aRZvGRJNrRSr2nZEkqDf +JW9dY7r2VZEpD5QeuaRYUnuECkqeieB65GMCAwEAATANBgkqhkiG9w0BAQQFAAOB +gQCWsOta6C0wiVzXz8wPmJKyTrurMlgUss2iSuW9366iwofZddsNg7FXniMzkIf6 +dp7jnmWZwKZ9cXsNUS2o4OL07qOk2HOywC0YsNZQsOBu1CBTYYkIefDiKFL1zQHh +8lwwNd4NP+OE3NzUNkCfh4DnFfg9WHkXUlD5UpxNRJ4gJA== +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQCzEfU8E+ZGTGtHXV5XhvM2Lg32fXUIjydXb34BGVPX6oN7+aNV +S9eWayvW/+9/vUb0aCqilJrpFesgItV2T8VhhjOE++XUz46uNpcMU7wHMEAXUufP +pztpFm8ZEk2tFKvadkSSoN8lb11juvZVkSkPlB65pFhSe4QKSp6J4HrkYwIDAQAB +AoGBAKy8jvb0Lzby8q11yNLf7+78wCVdYi7ugMHcYA1JVFK8+zb1WfSm44FLQo/0 +dSChAjgz36TTexeLODPYxleJndjVcOMVzsLJjSM8dLpXsTS4FCeMbhw2s2u+xqKY +bbPWfk+HOTyJjfnkcC5Nbg44eOmruq0gSmBeUXVM5UntlTnxAkEA7TGCA3h7kx5E +Bl4zl2pc3gPAGt+dyfk5Po9mGJUUXhF5p2zueGmYWW74TmOWB1kzt4QRdYMzFePq +zfDNXEa1CwJBAMFErdY0xp0UJ13WwBbUTk8rujqQdHtjw0klhpbuKkjxu2hN0wwM +6p0D9qxF7JHaghqVRI0fAW/EE0OzdHMR9QkCQQDNR26dMFXKsoPu+vItljj/UEGf +QG7gERiQ4yxaFBPHgdpGo0kT31eh9x9hQGDkxTe0GNG/YSgCRvm8+C3TMcKXAkBD +dhGn36wkUFCddMSAM4NSJ1VN8/Z0y5HzCmI8dM3VwGtGMUQlxKxwOl30LEQzdS5M +0SWojNYXiT2gOBfBwtbhAkEAhafl5QEOIgUz+XazS/IlZ8goNKdDVfYgK3mHHjvv +nY5G+AuGebdNkXJr4KSWxDcN+C2i47zuj4QXA16MAOandA== +-----END RSA PRIVATE KEY----- +subject=/C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA +issuer= /C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA +notBefore=950413210656Z +notAfter =970412210656Z +-----BEGIN X509 CERTIFICATE----- + +MIICCDCCAXECAQAwDQYJKoZIhvcNAQEEBQAwTjELMAkGA1UEBhMCVVMxHzAdBgNV +BAoUFkFUJlQgQmVsbCBMYWJvcmF0b3JpZXMxHjAcBgNVBAsUFVByb3RvdHlwZSBS +ZXNlYXJjaCBDQTAeFw05NTA0MTMyMTA2NTZaFw05NzA0MTIyMTA2NTZaME4xCzAJ +BgNVBAYTAlVTMR8wHQYDVQQKFBZBVCZUIEJlbGwgTGFib3JhdG9yaWVzMR4wHAYD +VQQLFBVQcm90b3R5cGUgUmVzZWFyY2ggQ0EwgZwwDQYJKoZIhvcNAQEBBQADgYoA +MIGGAoGAebOmgtSCl+wCYZc86UGYeTLY8cjmW2P0FN8ToT/u2pECCoFdrlycX0OR +3wt0ZhpFXLVNeDnHwEE9veNUih7pCL2ZBFqoIoQkB1lZmXRiVtjGonz8BLm/qrFM +YHb0lme/Ol+s118mwKVxnn6bSAeI/OXKhLaVdYZWk+aEaxEDkVkCAQ8wDQYJKoZI +hvcNAQEEBQADgYEAAZMG14lZmZ8bahkaHaTV9dQf4p2FZiQTFwHP9ZyGsXPC+LT5 +dG5iTaRmyjNIJdPWohZDl97kAci79aBndvuEvRKOjLHs3WRGBIwERnAcnY9Mz8u/ +zIHK23PjYVxGGaZd669OJwD0CYyqH22HH9nFUGaoJdsv39ChW0NRdLE9+y8= +-----END X509 CERTIFICATE----- +issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit) +subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit) +-----BEGIN CERTIFICATE----- +MIICJjCCAY8CAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV +BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD +VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0M1oXDTAxMDYw +OTEzNTc0M1owWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY +BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgxMDI0 +IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgybTsZ +DCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/dFXSv +1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUecQU2 +mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAM7achv3v +hLQJcv/65eGEpBXM40ZDVoFQFFJWaY5p883HTqLB1x4FdzsXHH0QKBTcKpWwqyu4 +YDm3fb8oDugw72bCzfyZK/zVZPR/hVlqI/fvU109Qoc+7oPvIXWky71HfcK6ZBCA +q30KIqGM/uoM60INq97qjDmCJapagcNBGQs= +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425 +gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd +2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB +AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6 +hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2 +J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs +HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL +21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s +nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz +MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa +pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb +KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2 +XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ +-----END RSA PRIVATE KEY----- +-----BEGIN X509 CERTIFICATE----- +MIICYDCCAiACAgEoMAkGBSsOAwINBQAwfDELMAkGA1UEBhMCVVMxNjA0BgNVBAoT +LU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZ +MBcGA1UECxMQVGVzdCBFbnZpcm9ubWVudDEaMBgGA1UECxMRRFNTLU5BU0EtUGls +b3QtQ0EwHhcNOTYwMjI2MTYzMjQ1WhcNOTcwMjI1MTYzMjQ1WjB8MQswCQYDVQQG +EwJVUzE2MDQGA1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFk +bWluaXN0cmF0aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MRowGAYDVQQL +ExFEU1MtTkFTQS1QaWxvdC1DQTCB8jAJBgUrDgMCDAUAA4HkADCB4AJBAMA/ssKb +hPNUG7ZlASfVwEJU21O5OyF/iyBzgHI1O8eOhJGUYO8cc8wDMjR508Mr9cp6Uhl/ +ZB7FV5GkLNEnRHYCQQDUEaSg45P2qrDwixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLb +bn3QK74T2IxY1yY+kCNq8XrIqf5fJJzIH0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3 +fVd0geUCQQCzCFUQAh+ZkEmp5804cs6ZWBhrUAfnra8lJItYo9xPcXgdIfLfibcX +R71UsyO77MRD7B0+Ag2tq794IleCVcEEMAkGBSsOAwINBQADLwAwLAIUUayDfreR +Yh2WeU86/pHNdkUC1IgCFEfxe1f0oMpxJyrJ5XIxTi7vGdoK +-----END X509 CERTIFICATE----- +-----BEGIN X509 CERTIFICATE----- + +MIICGTCCAdgCAwCqTDAJBgUrDgMCDQUAMHwxCzAJBgNVBAYTAlVTMTYwNAYDVQQK +Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x +GTAXBgNVBAsTEFRlc3QgRW52aXJvbm1lbnQxGjAYBgNVBAsTEURTUy1OQVNBLVBp +bG90LUNBMB4XDTk2MDUxNDE3MDE0MVoXDTk3MDUxNDE3MDE0MVowMzELMAkGA1UE +BhMCQVUxDzANBgNVBAoTBk1pbmNvbTETMBEGA1UEAxMKRXJpYyBZb3VuZzCB8jAJ +BgUrDgMCDAUAA4HkADCB4AJBAKbfHz6vE6pXXMTpswtGUec2tvnfLJUsoxE9qs4+ +ObZX7LmLvragNPUeiTJx7UOWZ5DfBj6bXLc8eYne0lP1g3ACQQDUEaSg45P2qrDw +ixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLbbn3QK74T2IxY1yY+kCNq8XrIqf5fJJzI +H0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3fVd0geUCQQCzCFUQAh+ZkEmp5804cs6Z +WBhrUAfnra8lJItYo9xPcXgdIfLfibcXR71UsyO77MRD7B0+Ag2tq794IleCVcEE +MAkGBSsOAwINBQADMAAwLQIUWsuuJRE3VT4ueWkWMAJMJaZjj1ECFQCYY0zX4bzM +LC7obsrHD8XAHG+ZRG== +-----END X509 CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICTTCCAbagAwIBAgIBADANBgkqhkiG9w0BAQQFADBMMQswCQYDVQQGEwJHQjEM +MAoGA1UEChMDVUNMMRgwFgYDVQQLEw9JQ0UtVEVMIFByb2plY3QxFTATBgNVBAMT +DFRydXN0RmFjdG9yeTAeFw05NzA0MjIxNDM5MTRaFw05ODA0MjIxNDM5MTRaMEwx +CzAJBgNVBAYTAkdCMQwwCgYDVQQKEwNVQ0wxGDAWBgNVBAsTD0lDRS1URUwgUHJv +amVjdDEVMBMGA1UEAxMMVHJ1c3RGYWN0b3J5MIGcMAoGBFUIAQECAgQAA4GNADCB +iQKBgQCEieR8NcXkUW1f0G6aC6u0i8q/98JqS6RxK5YmHIGKCkuTWAUjzLfUa4dt +U9igGCjTuxaDqlzEim+t/02pmiBZT9HaX++35MjQPUWmsChcYU5WyzGErXi+rQaw +zlwS73zM8qiPj/97lXYycWhgL0VaiDSPxRXEUdWoaGruom4mNQIDAQABo0IwQDAd +BgNVHQ4EFgQUHal1LZr7oVg5z6lYzrhTgZRCmcUwDgYDVR0PAQH/BAQDAgH2MA8G +A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAfaggfl6FZoioecjv0dq8 +/DXo/u11iMZvXn08gjX/zl2b4wtPbShOSY5FhkSm8GeySasz+/Nwb/uzfnIhokWi +lfPZHtlCWtXbIy/TN51eJyq04ceDCQDWvLC2enVg9KB+GJ34b5c5VaPRzq8MBxsA +S7ELuYGtmYgYm9NZOIr7yU0= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB6jCCAZQCAgEtMA0GCSqGSIb3DQEBBAUAMIGAMQswCQYDVQQGEwJVUzE2MDQG +A1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFkbWluaXN0cmF0 +aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MR4wHAYDVQQLExVNRDUtUlNB +LU5BU0EtUGlsb3QtQ0EwHhcNOTYwNDMwMjIwNTAwWhcNOTcwNDMwMjIwNTAwWjCB +gDELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu +ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZMBcGA1UECxMQVGVzdCBFbnZpcm9ubWVu +dDEeMBwGA1UECxMVTUQ1LVJTQS1OQVNBLVBpbG90LUNBMFkwCgYEVQgBAQICAgAD +SwAwSAJBALmmX5+GqAvcrWK13rfDrNX9UfeA7f+ijyBgeFQjYUoDpFqapw4nzQBL +bAXug8pKkRwa2Zh8YODhXsRWu2F/UckCAwEAATANBgkqhkiG9w0BAQQFAANBAH9a +OBA+QCsjxXgnSqHx04gcU8S49DVUb1f2XVoLnHlIb8RnX0k5O6mpHT5eti9bLkiW +GJNMJ4L0AJ/ac+SmHZc= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICajCCAdMCBDGA0QUwDQYJKoZIhvcNAQEEBQAwfTELMAkGA1UEBhMCQ2ExDzAN +BgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmlsaXR5IEFjY2VwdGVkMR8w +HQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRwwGgYDVQQDExNFbnRydXN0 +IERlbW8gV2ViIENBMB4XDTk2MDQyNjEzMzUwMVoXDTA2MDQyNjEzMzUwMVowfTEL +MAkGA1UEBhMCQ2ExDzANBgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmls +aXR5IEFjY2VwdGVkMR8wHQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRww +GgYDVQQDExNFbnRydXN0IERlbW8gV2ViIENBMIGdMA0GCSqGSIb3DQEBAQUAA4GL +ADCBhwKBgQCaroS7O1DA0hm4IefNYU1cx/nqOmzEnk291d1XqznDeF4wEgakbkCc +zTKxK791yNpXG5RmngqH7cygDRTHZJ6mfCRn0wGC+AI00F2vYTGqPGRQL1N3lZT0 +YDKFC0SQeMMjFIZ1aeQigroFQnHo0VB3zWIMpNkka8PY9lxHZAmWwQIBAzANBgkq +hkiG9w0BAQQFAAOBgQBAx0UMVA1s54lMQyXjMX5kj99FJN5itb8bK1Rk+cegPQPF +cWO9SEWyEjjBjIkjjzAwBkaEszFsNGxemxtXvwjIm1xEUMTVlPEWTs2qnDvAUA9W +YqhWbhH0toGT36236QAsqCZ76rbTRVSSX2BHyJwJMG2tCRv7kRJ//NIgxj3H4w== +-----END CERTIFICATE----- + +issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit) +subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit) +-----BEGIN CERTIFICATE----- +MIICJzCCAZACAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV +BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD +VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTczN1oXDTAxMDYw +OTEzNTczN1owXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY +BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy +NCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfjIrkg +40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp +22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3vR1Y +BEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABNA1u/S +Cg/LJZWb7GliiKJsvuhxlE4E5JxQF2zMub/CSNbF97//tYSyj96sxeFQxZXbcjm9 +xt6mr/xNLA4szNQMJ4P+L7b5e/jC5DSqlwS+CUYJgaFs/SP+qJoCSu1bR3IM9XWO +cRBpDmcBbYLkSyB92WURvsZ1LtjEcn+cdQVI +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg +wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ +vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB +AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc +z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz +xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7 +HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD +yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS +xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj +7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG +h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL +QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q +hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc= +-----END RSA PRIVATE KEY----- +subject=/C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority +issuer= /C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority +notBefore=941104185834Z +notAfter =991103185834Z +-----BEGIN X509 CERTIFICATE----- + +MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw +HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy +Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05 +OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT +ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u +IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o +975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/ +touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE +7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j +9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI +0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb +MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU= +-----END X509 CERTIFICATE----- +subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority +issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority +notBefore=941109235417Z +notAfter =991231235417Z +-----BEGIN X509 CERTIFICATE----- + +MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw +HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl +IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda +Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0 +YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB +roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12 +aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc +HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A +iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7 +suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h +cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk= +-----END X509 CERTIFICATE----- +subject=/C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc + /OU=Certification Services Division/CN=Thawte Server CA + /Email=server-certs@thawte.com +issuer= /C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc + /OU=Certification Services Division/CN=Thawte Server CA + /Email=server-certs@thawte.com +-----BEGIN CERTIFICATE----- +MIIC+TCCAmICAQAwDQYJKoZIhvcNAQEEBQAwgcQxCzAJBgNVBAYTAlpBMRUwEwYD +VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU +VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy +dmljZXMgRGl2aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkq +hkiG9w0BCQEWF3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMB4XDTk2MDcyNzE4MDc1 +N1oXDTk4MDcyNzE4MDc1N1owgcQxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0 +ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMUVGhhd3RlIENv +bnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2 +aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkqhkiG9w0BCQEW +F3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQDTpFBuyP9Wa+bPXbbqDGh1R6KqwtqEJfyo9EdR2oW1IHSUhh4PdcnpCGH1 +Bm0wbhUZAulSwGLbTZme4moMRDjN/r7jZAlwxf6xaym2L0nIO9QnBCUQly/nkG3A +KEKZ10xD3sP1IW1Un13DWOHA5NlbsLjctHvfNjrCtWYiEtaHDQIDAQABMA0GCSqG +SIb3DQEBBAUAA4GBAIsvn7ifX3RUIrvYXtpI4DOfARkTogwm6o7OwVdl93yFhDcX +7h5t0XZ11MUAMziKdde3rmTvzUYIUCYoY5b032IwGMTvdiclK+STN6NP2m5nvFAM +qJT5gC5O+j/jBuZRQ4i0AMYQr5F4lT8oBJnhgafw6PL8aDY2vMHGSPl9+7uf +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIDDTCCAnYCAQAwDQYJKoZIhvcNAQEEBQAwgc4xCzAJBgNVBAYTAlpBMRUwEwYD +VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU +VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy +dmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBD +QTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTAeFw05 +NjA3MjcxODA3MTRaFw05ODA3MjcxODA3MTRaMIHOMQswCQYDVQQGEwJaQTEVMBMG +A1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAbBgNVBAoT +FFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNl +cnZpY2VzIERpdmlzaW9uMSEwHwYDVQQDExhUaGF3dGUgUHJlbWl1bSBTZXJ2ZXIg +Q0ExKDAmBgkqhkiG9w0BCQEWGXByZW1pdW0tc2VydmVyQHRoYXd0ZS5jb20wgZ8w +DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANI2NmqL18JbntqBQWKPOO5JBFXW0O8c +G5UWR+8YSDU6UvQragaPOy/qVuOvho2eF/eetGV1Ak3vywmiIVHYm9Bn0LoNkgYU +c9STy5cqAJxcTgy8+hVS/PJEbtoRSm4Iny8t4/mqOoZztkZTWMiJBb2DEbhzP6oH +jfRCTedAnRw3AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAutFIgTRZVYerIZfL9lvR +w9Eifvvo5KTZ3h+Bj+VzNnyw4Qc/IyXkPOu6SIiH9LQ3sCmWBdxpe+qr4l77rLj2 +GYuMtESFfn1XVALzkYgC7JcPuTOjMfIiMByt+uFf8AV8x0IW/Qkuv+hEQcyM9vxK +3VZdLbCVIhNoEsysrxCpxcI= +-----END CERTIFICATE----- +Tims test GCI CA + +-----BEGIN CERTIFICATE----- +MIIB8DCCAZoCAQAwDQYJKoZIhvcNAQEEBQAwgYIxCzAJBgNVBAYTAkFVMRMwEQYD +VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5 +cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBD +cnlwdFNvZnQgRGV2IENBMB4XDTk3MDMyMjEzMzQwNFoXDTk4MDMyMjEzMzQwNFow +gYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhC +cmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2Rl +dmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQgRGV2IENBMFwwDQYJKoZIhvcN +AQEBBQADSwAwSAJBAOAOAqogG5QwAmLhzyO4CoRnx/wVy4NZP4dxJy83O1EnL0rw +OdsamJKvPOLHgSXo3gDu9uVyvCf/QJmZAmC5ml8CAwEAATANBgkqhkiG9w0BAQQF +AANBADRRS/GVdd7rAqRW6SdmgLJduOU2yq3avBu99kRqbp9A/dLu6r6jU+eP4oOA +TfdbFZtAAD2Hx9jUtY3tfdrJOb8= +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIICVjCCAgACAQAwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAkFVMRMwEQYD +VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5 +cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsTI1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9O +IEFVVEhPUklUSUVTMTQwMgYDVQQDEytaRVJPIFZBTFVFIENBIC0gREVNT05TVFJB +VElPTiBQVVJQT1NFUyBPTkxZMB4XDTk3MDQwMzEzMjI1NFoXDTk4MDQwMzEzMjI1 +NFowgbUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH +EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsT +I1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9OIEFVVEhPUklUSUVTMTQwMgYDVQQDEyta +RVJPIFZBTFVFIENBIC0gREVNT05TVFJBVElPTiBQVVJQT1NFUyBPTkxZMFwwDQYJ +KoZIhvcNAQEBBQADSwAwSAJBAOZ7T7yqP/tyspcko3yPY1y0Cm2EmwNvzW4QgVXR +Fjs3HmJ4xtSpXdo6mwcGezL3Abt/aQXaxv9PU8xt+Jr0OFUCAwEAATANBgkqhkiG +9w0BAQQFAANBAOQpYmGgyCqCy1OljgJhCqQOu627oVlHzK1L+t9vBaMfn40AVUR4 +WzQVWO31KTgi5vTK1U+3h46fgUWqQ0h+6rU= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIAwgKADAgECAgEAMA0GCSqGSIb3DQEBBAUAMGIxETAPBgNVBAcTCEludGVybmV0 +MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh +c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw05NjA0MDgxMDIwMjda +Fw05NzA0MDgxMDIwMjdaMGIxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5W +ZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIElu +ZGl2aWR1YWwgU3Vic2NyaWJlcjCAMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2 +FKbPTdAFDdjKI9BvqrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7j +W80GqLd5HUQq7XPysVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cari +QPJUObwW7s987LrbP2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABAAAAADANBgkqhkiG +9w0BAQQFAAOBgQA+1nJryNt8VBRjRr07ArDAV/3jAH7GjDc9jsrxZS68ost9v06C +TvTNKGL+LISNmFLXl+JXhgGB0JZ9fvyYzNgHQ46HBUng1H6voalfJgS2KdEo50wW +8EFZYMDkT1k4uynwJqkVN2QJK/2q4/A/VCov5h6SlM8Affg2W+1TLqvqkwAA +-----END CERTIFICATE----- + + subject=/L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber + issuer= /L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber + +-----BEGIN CERTIFICATE----- +MIIEkzCCA/ygAwIBAgIRANDTUpSRL3nTFeMrMayFSPAwDQYJKoZIhvcNAQECBQAw +YjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQw +MgYDVQQLEytWZXJpU2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3Jp +YmVyMB4XDTk2MDYwNDAwMDAwMFoXDTk4MDYwNDIzNTk1OVowYjERMA8GA1UEBxMI +SW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJp +U2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMIGfMA0GCSqG +SIb3DQEBAQUAA4GNADCBiQKBgQC6A+2czKGRcYMfm8gdnk+0de99TDDzsqo0v5nb +RsbUmMcdRQ7nsMbRWe0SAb/9QoLTZ/cJ0iOBqdrkz7UpqqKarVoTSdlSMVM92tWp +3bJncZHQD1t4xd6lQVdI1/T6R+5J0T1ukOdsI9Jmf+F28S6g3R3L1SFwiHKeZKZv +z+793wIDAQABo4ICRzCCAkMwggIpBgNVHQMBAf8EggIdMIICGTCCAhUwggIRBgtg +hkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0ZXMg +YnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0IHRv +LCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQg +KENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQ +Uy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBv +ciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1v +dW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04ODMw +IENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0cyBS +ZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJQUJJ +TElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQECMC8w +LRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMDAU +BglghkgBhvhCAQEBAf8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEApRJRkNBqLLgs +53IR/d18ODdLOWMTZ+QOOxBrq460iBEdUwgF8vmPRX1ku7UiDeNzaLlurE6eFqHq +2zPyK5j60zfTLVJMWKcQWwTJLjHtXrW8pxhNtFc6Fdvy5ZkHnC/9NIl7/t4U6WqB +p4y+p7SdMIkEwIZfds0VbnQyX5MRUJY= +-----END CERTIFICATE----- + + subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority + issuer= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority +-----BEGIN CERTIFICATE----- +MIICMTCCAZoCBQKhAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw +FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMg +UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa +Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln +biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyVxZ +nvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqoRAWq7AMfeH+ek7ma +AKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4rCNfcCk2pMmG57Ga +IMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATANBgkqhkiG9w0BAQIF +AAOBgQB1Zmw+0c2B27X4LzZRtvdCvM1Cr9wO+hVs+GeTVzrrtpLotgHKjLeOQ7RJ +Zfk+7r11Ri7J/CVdqMcvi5uPaM+0nJcYwE3vH9mvgrPmZLiEXIqaB1JDYft0nls6 +NvxMsvwaPxUupVs8G5DsiCnkWRb5zget7Ond2tIxik/W2O8XjQ== +-----END CERTIFICATE----- + subject=/C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority + issuer= /C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority +-----BEGIN CERTIFICATE----- +MIICMTCCAZoCBQKmAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw +FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMg +UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa +Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln +biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LJ1 +9njQrlpQ9OlQqZ+M1++RlHDo0iSQdomF1t+s5gEXMoDwnZNHvJplnR+Xrr/phnVj +IIm9gFidBAydqMEk6QvlMXi9/C0MN2qeeIDpRnX57aP7E3vIwUzSo+/1PLBij0pd +O92VZ48TucE81qcmm+zDO3rZTbxtm+gVAePwR6kCAwEAATANBgkqhkiG9w0BAQIF +AAOBgQBT3dPwnCR+QKri/AAa19oM/DJhuBUNlvP6Vxt/M3yv6ZiaYch6s7f/sdyZ +g9ysEvxwyR84Qu1E9oAuW2szaayc01znX1oYx7EteQSWQZGZQbE8DbqEOcY7l/Am +yY7uvcxClf8exwI/VAx49byqYHwCaejcrOICdmHEPgPq0ook0Q== +-----END CERTIFICATE----- diff --git a/crypto/openssl/apps/sess_id.c b/crypto/openssl/apps/sess_id.c new file mode 100644 index 0000000..8ac118d --- /dev/null +++ b/crypto/openssl/apps/sess_id.c @@ -0,0 +1,308 @@ +/* apps/sess_id.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include "apps.h" +#include <openssl/bio.h> +#include <openssl/err.h> +#include <openssl/x509.h> +#include <openssl/pem.h> +#include <openssl/ssl.h> + +#undef PROG +#define PROG sess_id_main + +static char *sess_id_usage[]={ +"usage: sess_id args\n", +"\n", +" -inform arg - input format - default PEM (one of DER, TXT or PEM)\n", +" -outform arg - output format - default PEM\n", +" -in arg - input file - default stdin\n", +" -out arg - output file - default stdout\n", +" -text - print ssl session id details\n", +" -cert - output certificate \n", +" -noout - no CRL output\n", +" -context arg - set the session ID context\n", +NULL +}; + +static SSL_SESSION *load_sess_id(char *file, int format); +int MAIN(int argc, char **argv) + { + SSL_SESSION *x=NULL; + int ret=1,i,num,badops=0; + BIO *out=NULL; + int informat,outformat; + char *infile=NULL,*outfile=NULL,*context=NULL; + int cert=0,noout=0,text=0; + char **pp; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + informat=FORMAT_PEM; + outformat=FORMAT_PEM; + + argc--; + argv++; + num=0; + while (argc >= 1) + { + if (strcmp(*argv,"-inform") == 0) + { + if (--argc < 1) goto bad; + informat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-outform") == 0) + { + if (--argc < 1) goto bad; + outformat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-text") == 0) + text= ++num; + else if (strcmp(*argv,"-cert") == 0) + cert= ++num; + else if (strcmp(*argv,"-noout") == 0) + noout= ++num; + else if (strcmp(*argv,"-context") == 0) + { + if(--argc < 1) goto bad; + context=*++argv; + } + else + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { +bad: + for (pp=sess_id_usage; (*pp != NULL); pp++) + BIO_printf(bio_err,*pp); + goto end; + } + + ERR_load_crypto_strings(); + x=load_sess_id(infile,informat); + if (x == NULL) { goto end; } + + if(context) + { + x->sid_ctx_length=strlen(context); + if(x->sid_ctx_length > SSL_MAX_SID_CTX_LENGTH) + { + BIO_printf(bio_err,"Context too long\n"); + goto end; + } + memcpy(x->sid_ctx,context,x->sid_ctx_length); + } + +#ifdef undef + /* just testing for memory leaks :-) */ + { + SSL_SESSION *s; + char buf[1024*10],*p; + int i; + + s=SSL_SESSION_new(); + + p= &buf; + i=i2d_SSL_SESSION(x,&p); + p= &buf; + d2i_SSL_SESSION(&s,&p,(long)i); + p= &buf; + d2i_SSL_SESSION(&s,&p,(long)i); + p= &buf; + d2i_SSL_SESSION(&s,&p,(long)i); + SSL_SESSION_free(s); + } +#endif + + if (!noout || text) + { + out=BIO_new(BIO_s_file()); + if (out == NULL) + { + ERR_print_errors(bio_err); + goto end; + } + + if (outfile == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if (BIO_write_filename(out,outfile) <= 0) + { + perror(outfile); + goto end; + } + } + } + + if (text) + { + SSL_SESSION_print(out,x); + + if (cert) + { + if (x->peer == NULL) + BIO_puts(out,"No certificate present\n"); + else + X509_print(out,x->peer); + } + } + + if (!noout && !cert) + { + if (outformat == FORMAT_ASN1) + i=(int)i2d_SSL_SESSION_bio(out,x); + else if (outformat == FORMAT_PEM) + i=PEM_write_bio_SSL_SESSION(out,x); + else { + BIO_printf(bio_err,"bad output format specified for outfile\n"); + goto end; + } + if (!i) { + BIO_printf(bio_err,"unable to write SSL_SESSION\n"); + goto end; + } + } + else if (!noout && (x->peer != NULL)) /* just print the certificate */ + { + if (outformat == FORMAT_ASN1) + i=(int)i2d_X509_bio(out,x->peer); + else if (outformat == FORMAT_PEM) + i=PEM_write_bio_X509(out,x->peer); + else { + BIO_printf(bio_err,"bad output format specified for outfile\n"); + goto end; + } + if (!i) { + BIO_printf(bio_err,"unable to write X509\n"); + goto end; + } + } + ret=0; +end: + if (out != NULL) BIO_free(out); + if (x != NULL) SSL_SESSION_free(x); + EXIT(ret); + } + +static SSL_SESSION *load_sess_id(char *infile, int format) + { + SSL_SESSION *x=NULL; + BIO *in=NULL; + + in=BIO_new(BIO_s_file()); + if (in == NULL) + { + ERR_print_errors(bio_err); + goto end; + } + + if (infile == NULL) + BIO_set_fp(in,stdin,BIO_NOCLOSE); + else + { + if (BIO_read_filename(in,infile) <= 0) + { + perror(infile); + goto end; + } + } + if (format == FORMAT_ASN1) + x=d2i_SSL_SESSION_bio(in,NULL); + else if (format == FORMAT_PEM) + x=PEM_read_bio_SSL_SESSION(in,NULL,NULL,NULL); + else { + BIO_printf(bio_err,"bad input format specified for input crl\n"); + goto end; + } + if (x == NULL) + { + BIO_printf(bio_err,"unable to load SSL_SESSION\n"); + ERR_print_errors(bio_err); + goto end; + } + +end: + if (in != NULL) BIO_free(in); + return(x); + } + diff --git a/crypto/openssl/apps/set/set-g-ca.pem b/crypto/openssl/apps/set/set-g-ca.pem new file mode 100644 index 0000000..78499f0 --- /dev/null +++ b/crypto/openssl/apps/set/set-g-ca.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDeDCCAuGgAwIBAgIgYCYUeg8NJ9kO1q3z6vGCkAmPRfu5+Nur0FyGF79MADMw +DQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC0JDQTEwMTcx +MTA0MSAwHgYDVQQDExdCcmFuZCBOYW1lOlByb2R1Y3QgVHlwZTAeFw05NjEwMjIw +MDAwMDBaFw05NjExMjEyMzU5NTlaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtQ +Q0ExMDIxMTgyODEgMB4GA1UEAxMXQnJhbmQgTmFtZTpQcm9kdWN0IFR5cGUwgZ8w +DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJyi5V7l1HohY6hN/2N9x6mvWeMy8rD1 +6lfXjgmiuGmhpaszWYaalesMcS2OGuG8Lq3PkaSzpVzqASKfIOjxLMsdpYyYJRub +vRPDWi3xd8wlp9xUwWHKqn+ki8mPo0yN4eONwZZ4rcZr6K+tWd+5EJZSjuENJoQ/ +SRRmGRzdcS7XAgMBAAGjggFXMIIBUzBUBgNVHSMETTBLoSekJTAjMQswCQYDVQQG +EwJVUzEUMBIGA1UEChMLUkNBMTAxMTE4MjmCIGApUs14Ad7t9VTGq2PpV8DylPQ7 +aATM2mor7lc1fWvZMA4GA1UdDwEB/wQEAwIBBjAuBgNVHRABAf8EJDAigA8xOTk2 +MTAyMjAxMjIwMFqBDzE5OTYxMTIxMjM1OTU5WjAbBgNVHSABAf8EETAPMA0GC2CG +SAGG+EUBBwEBMBIGA1UdEwEB/wQIMAYBAf8CAQAwDwYEho1vAwEB/wQEAwICBDB5 +BgSGjW8HAQH/BG4wbDAkAgEAMAkGBSsOAwIaBQAEFDJmNzRiMWFmNGZjYzA2MGY3 +Njc2Ew90ZXJzZSBzdGF0ZW1lbnSAF2h0dHA6Ly93d3cudmVyaXNpZ24uY29tgRpn +ZXRzZXQtY2VudGVyQHZlcmlzaWduLmNvbTANBgkqhkiG9w0BAQUFAAOBgQBn19R2 +AgGvpJDmfXrHTDdCoYyMkaP2MPzw0hFRwh+wqnw0/pqUXa7MrLXMqtD3rUyOWaNR +9fYpJZd0Bh/1OeIc2+U+VNfUovLLuZ8nNemdxyq2KMYnHtnh7UdO7atZ+PFLVu8x +a+J2Mtj8MGy12CJNTJcjLSrJ/1f3AuVrwELjlQ== +-----END CERTIFICATE----- diff --git a/crypto/openssl/apps/set/set-m-ca.pem b/crypto/openssl/apps/set/set-m-ca.pem new file mode 100644 index 0000000..0e74caf --- /dev/null +++ b/crypto/openssl/apps/set/set-m-ca.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDeDCCAuGgAwIBAgIgEGvcf5aUnufALdVMa/dmPdflq1CoORGeK5DUwbqhVYcw +DQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC0JDQTEwMTcx +MTA0MSAwHgYDVQQDExdCcmFuZCBOYW1lOlByb2R1Y3QgVHlwZTAeFw05NjEwMjIw +MDAwMDBaFw05NjExMjEyMzU5NTlaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtN +Q0ExMDIxMTgyNzEgMB4GA1UEAxMXQnJhbmQgTmFtZTpQcm9kdWN0IFR5cGUwgZ8w +DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALuWwr63YrT1GIZpYKfIeiVFHESG/FZO +7RAJKml/p12ZyZ7D5YPP4BBXVsa1H8e8arR1LKC4rdCArrtKKlBeBiMo9+NB+u35 +FnLnTmfzM4iZ2Syw35DXY8+Xn/LM7RJ1RG+vMNcTqpoUg7QPye7flq2Pt7vVROPn +SZxPyVxmILe3AgMBAAGjggFXMIIBUzBUBgNVHSMETTBLoSekJTAjMQswCQYDVQQG +EwJVUzEUMBIGA1UEChMLUkNBMTAxMTE4MjmCIGApUs14Ad7t9VTGq2PpV8DylPQ7 +aATM2mor7lc1fWvZMA4GA1UdDwEB/wQEAwIBBjAuBgNVHRABAf8EJDAigA8xOTk2 +MTAyMjAxMjEwMFqBDzE5OTYxMTIxMjM1OTU5WjAbBgNVHSABAf8EETAPMA0GC2CG +SAGG+EUBBwEBMBIGA1UdEwEB/wQIMAYBAf8CAQAwDwYEho1vAwEB/wQEAwIDCDB5 +BgSGjW8HAQH/BG4wbDAkAgEAMAkGBSsOAwIaBQAEFDJmNzRiMWFmNGZjYzA2MGY3 +Njc2Ew90ZXJzZSBzdGF0ZW1lbnSAF2h0dHA6Ly93d3cudmVyaXNpZ24uY29tgRpn +ZXRzZXQtY2VudGVyQHZlcmlzaWduLmNvbTANBgkqhkiG9w0BAQUFAAOBgQApaj0W +GgyR47URZEZ7z83yivvnVErqtodub/nR1fMgJ4bDC0ofjA0SzXBP1/3eDq9VkPuS +EKUw9BpM2XrSUKhJ6F1CbBjWpM0M7GC1nTSxMxmV+XL+Ab/Gn2SwozUApWtht29/ +x9VLB8qsi6wN2aOsVdQMl5iVCjGQYfEkyuoIgA== +-----END CERTIFICATE----- diff --git a/crypto/openssl/apps/set/set_b_ca.pem b/crypto/openssl/apps/set/set_b_ca.pem new file mode 100644 index 0000000..eba7d5c --- /dev/null +++ b/crypto/openssl/apps/set/set_b_ca.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID1zCCAr+gAwIBAgIgYClSzXgB3u31VMarY+lXwPKU9DtoBMzaaivuVzV9a9kw +DQYJKoZIhvcNAQEFBQAwIzELMAkGA1UEBhMCVVMxFDASBgNVBAoTC1JDQTEwMTEx +ODI5MB4XDTk2MTAxNzAwMDAwMFoXDTk2MTExNjIzNTk1OVowRTELMAkGA1UEBhMC +VVMxFDASBgNVBAoTC0JDQTEwMTcxMTA0MSAwHgYDVQQDExdCcmFuZCBOYW1lOlBy +b2R1Y3QgVHlwZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApPewvR0BwV02 +9E12ic48pMY/aMB6SkMEWPDx2hURr0DKYGJ6qMvzZn2pSfaVH1BqDtK6oK4Ye5Mj +ItywwQIdXXO9Ut8+TLnvtzq9ByCJ0YThjZJBc7ZcpJxSV7QAoBON/lzxZuAVq3+L +3uc39MgRwmBpRllZEpWrkojxs6166X0CAwEAAaOCAVcwggFTMFQGA1UdIwRNMEuh +J6QlMCMxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtSQ0ExMDExMTgyOYIgVqenwCYv +mmxUIvi9gUMCa+uJGJ60mZecw9HrISXnLaYwDgYDVR0PAQH/BAQDAgEGMC4GA1Ud +EAEB/wQkMCKADzE5OTYxMDE3MTc1NzAwWoEPMTk5NjExMTYyMzU5NTlaMBsGA1Ud +IAEB/wQRMA8wDQYLYIZIAYb4RQEHAQEwEgYDVR0TAQH/BAgwBgEB/wIBATAPBgSG +jW8DAQH/BAQDAgABMHkGBIaNbwcBAf8EbjBsMCQCAQAwCQYFKw4DAhoFAAQUMmY3 +NGIxYWY0ZmNjMDYwZjc2NzYTD3RlcnNlIHN0YXRlbWVudIAXaHR0cDovL3d3dy52 +ZXJpc2lnbi5jb22BGmdldHNldC1jZW50ZXJAdmVyaXNpZ24uY29tMA0GCSqGSIb3 +DQEBBQUAA4IBAQAWoMS8Aj2sO0LDxRoMcnWTKY8nd8Jw2vl2Mgsm+0qCvcndICM5 +43N0y9uHlP8WeCZULbFz95gTL8mfP/QTu4EctMUkQgRHJnx80f0XSF3HE/X6zBbI +9rit/bF6yP1mhkdss/vGanReDpki7q8pLx+VIIcxWst/366HP3dW1Fb7ECW/WmVV +VMN93f/xqk9I4sXchVZcVKQT3W4tzv+qQvugrEi1dSEkbAy1CITEAEGiaFhGUyCe +WPox3guRXaEHoINNeajGrISe6d//alsz5EEroBoLnM2ryqWfLAtRsf4rjNzTgklw +lbiz0fw7bNkXKp5ZVr0wlnOjQnoSM6dTI0AV +-----END CERTIFICATE----- diff --git a/crypto/openssl/apps/set/set_c_ca.pem b/crypto/openssl/apps/set/set_c_ca.pem new file mode 100644 index 0000000..48b2cbd --- /dev/null +++ b/crypto/openssl/apps/set/set_c_ca.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDeDCCAuGgAwIBAgIgOnl8J6lAYNDdTWtIojWCGnloNf4ufHjOZ4Fkxwg5xOsw +DQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC0JDQTEwMTcx +MTA0MSAwHgYDVQQDExdCcmFuZCBOYW1lOlByb2R1Y3QgVHlwZTAeFw05NjEwMjIw +MDAwMDBaFw05NjExMjEyMzU5NTlaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtD +Q0ExMDIxMTYxNjEgMB4GA1UEAxMXQnJhbmQgTmFtZTpQcm9kdWN0IFR5cGUwgZ8w +DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANA3a9+U8oXU3Dv1wJf8g0A7HjCRZAXc +Y8E4OLOdye5aUssxifCE05qTPVqHMXo6cnCYcfroMdURhjQlswyTGtjQybgUnXjp +pchw+V4D1DkN0ThErrMCh9ZFSykC0lUhQTRLESvbIb4Gal/HMAFAF5sj0GoOFi2H +RRj7gpzBIU3xAgMBAAGjggFXMIIBUzBUBgNVHSMETTBLoSekJTAjMQswCQYDVQQG +EwJVUzEUMBIGA1UEChMLUkNBMTAxMTE4MjmCIGApUs14Ad7t9VTGq2PpV8DylPQ7 +aATM2mor7lc1fWvZMA4GA1UdDwEB/wQEAwIBBjAuBgNVHRABAf8EJDAigA8xOTk2 +MTAyMjAxMTAwMFqBDzE5OTYxMTIxMjM1OTU5WjAbBgNVHSABAf8EETAPMA0GC2CG +SAGG+EUBBwEBMBIGA1UdEwEB/wQIMAYBAf8CAQAwDwYEho1vAwEB/wQEAwIEEDB5 +BgSGjW8HAQH/BG4wbDAkAgEAMAkGBSsOAwIaBQAEFDJmNzRiMWFmNGZjYzA2MGY3 +Njc2Ew90ZXJzZSBzdGF0ZW1lbnSAF2h0dHA6Ly93d3cudmVyaXNpZ24uY29tgRpn +ZXRzZXQtY2VudGVyQHZlcmlzaWduLmNvbTANBgkqhkiG9w0BAQUFAAOBgQBteLaZ +u/TASC64UWPfhxYAUdys9DQ1pG/J1qPWNTkjOmpXFvW+7l/3nkxyRPgUoFNwx1e7 +XVVPr6zhy8LaaXppwfIZvVryzAUdbtijiUf/MO0hvV3w7e9NlCVProdU5H9EvCXr ++IV8rH8fdEkirIVyw0JGHkuWhkmtS1HEwai9vg== +-----END CERTIFICATE----- diff --git a/crypto/openssl/apps/set/set_d_ct.pem b/crypto/openssl/apps/set/set_d_ct.pem new file mode 100644 index 0000000..9f8c7d8 --- /dev/null +++ b/crypto/openssl/apps/set/set_d_ct.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDdjCCAt+gAwIBAgIgRU5t24v72xVDpZ4iHpyoOAQaQmfio1yhTZAOkBfT2uUw +DQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC0NDQTEwMjEx +NjE2MSAwHgYDVQQDExdCcmFuZCBOYW1lOlByb2R1Y3QgVHlwZTAeFw05NjEwMjQw +MDAwMDBaFw05NjExMjMyMzU5NTlaMG4xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdC +cmFuZElEMSYwJAYDVQQLEx1Jc3N1aW5nIEZpbmFuY2lhbCBJbnN0aXR1dGlvbjEl +MCMGA1UEAxMcR2lYb0t0VjViN1V0MHZKa2hkSG5RYmNzc2JrPTBcMA0GCSqGSIb3 +DQEBAQUAA0sAMEgCQQDIUxgpNB1aoSW585WErtN8WInCRWCqDj3RGT2mJye0F4SM +/iT5ywdWMasmw18vpEpDlMypfZnRkUAdfyHcRABVAgMBAAGjggFwMIIBbDB2BgNV +HSMEbzBtoUmkRzBFMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLQkNBMTAxNzExMDQx +IDAeBgNVBAMTF0JyYW5kIE5hbWU6UHJvZHVjdCBUeXBlgiA6eXwnqUBg0N1Na0ii +NYIaeWg1/i58eM5ngWTHCDnE6zAOBgNVHQ8BAf8EBAMCB4AwLgYDVR0QAQH/BCQw +IoAPMTk5NjEwMjQwMTA0MDBagQ8xOTk2MTEyMzIzNTk1OVowGAYDVR0gBBEwDzAN +BgtghkgBhvhFAQcBATAMBgNVHRMBAf8EAjAAMA8GBIaNbwMBAf8EBAMCB4AweQYE +ho1vBwEB/wRuMGwwJAIBADAJBgUrDgMCGgUABBQzOTgyMzk4NzIzNzg5MTM0OTc4 +MhMPdGVyc2Ugc3RhdGVtZW50gBdodHRwOi8vd3d3LnZlcmlzaWduLmNvbYEaZ2V0 +c2V0LWNlbnRlckB2ZXJpc2lnbi5jb20wDQYJKoZIhvcNAQEFBQADgYEAVHCjhxeD +mIFSkm3DpQAq7pGfcAFPWvSM9I9bK8qeFT1M5YQ+5fbPqaWlNcQlGKIe3cHd4+0P +ndL5lb6UBhhA0kTzEYA38+HtBxPe/lokCv0bYfyWY9asUmvfbUrTYta0yjN7ixnV +UqvxxHQHOAwhf6bcc7xNHapOxloWzGUU0RQ= +-----END CERTIFICATE----- diff --git a/crypto/openssl/apps/set/set_root.pem b/crypto/openssl/apps/set/set_root.pem new file mode 100644 index 0000000..8dd104f --- /dev/null +++ b/crypto/openssl/apps/set/set_root.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDZzCCAk+gAwIBAgIgVqenwCYvmmxUIvi9gUMCa+uJGJ60mZecw9HrISXnLaYw +DQYJKoZIhvcNAQEFBQAwIzELMAkGA1UEBhMCVVMxFDASBgNVBAoTC1JDQTEwMTEx +ODI5MB4XDTk2MTAxMjAwMDAwMFoXDTk2MTExMTIzNTk1OVowIzELMAkGA1UEBhMC +VVMxFDASBgNVBAoTC1JDQTEwMTExODI5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAukca0PVUGFIYX7EyrShi+dVi9GTNzG0V2Wtdw6DqFzKfedba/KpE +zqnRDV/wRZlBn3oXPS6kNCFiBPRV9mEFXI7y2W+q8/vPurjRDIXMsqQ+dAhKwf4q +rofJBTiET4NUN0YTtpx6aYuoVubjiOgKdbqnUArxAWWP2Dkco17ipEYyUtd4sTAe +/xKR02AHpbYGYPSHjMDS/nzUJ7uX4d51phs0rt7If48ExJSnDV/KoHMfm42mdmH2 +g23005qdHKY3UXeh10tZmb3QtGTSvF6OqpRZ+e9/ALklu7ZcIjqbb944ci4QWemb +ZNWiDFrWWUoO1k942BI/iZ8Fh8pETYSDBQIDAQABo4GGMIGDMA4GA1UdDwEB/wQE +AwIBBjAuBgNVHRABAf8EJDAigA8xOTk2MTAxMjAxMzQwMFqBDzE5OTYxMTExMjM1 +OTU5WjAbBgNVHSABAf8EETAPMA0GC2CGSAGG+EUBBwEBMBIGA1UdEwEB/wQIMAYB +Af8CAQIwEAYEho1vAwEB/wQFAwMHAIAwDQYJKoZIhvcNAQEFBQADggEBAK4tntea +y+ws7PdULwfqAS5osaoNvw73uBn5lROTpx91uhQbJyf0oZ3XG9GUuHZBpqG9qmr9 +vIL40RsvRpNMYgaNHKTxF716yx6rZmruAYZsrE3SpV63tQJCckKLPSge2E5uDhSQ +O8UjusG+IRT9fKMXUHLv4OmZPOQVOSl1qTCN2XoJFqEPtC3Y9P4YR4xHL0P2jb1l +DLdIbruuh+6omH+0XUZd5fKnQZTTi6gjl0iunj3wGnkcqGZtwr3j87ONiB/8tDwY +vz8ceII4YYdX12PrNzn+fu3R5rChvPW4/ah/SaYQ2VQ0AupaIF4xrNJ/gLYYw0YO +bxCrVJLd8tu9WgA= +-----END CERTIFICATE----- diff --git a/crypto/openssl/apps/speed.c b/crypto/openssl/apps/speed.c new file mode 100644 index 0000000..3cfb4db --- /dev/null +++ b/crypto/openssl/apps/speed.c @@ -0,0 +1,1205 @@ +/* apps/speed.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* most of this code has been pilfered from my libdes speed.c program */ + +#undef SECONDS +#define SECONDS 3 +#define RSA_SECONDS 10 +#define DSA_SECONDS 10 + +/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */ +/* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */ + +#undef PROG +#define PROG speed_main + +#include <stdio.h> +#include <stdlib.h> +#include <signal.h> +#include <string.h> +#include <math.h> +#include "apps.h" +#ifdef NO_STDIO +#define APPS_WIN16 +#endif +#include <openssl/crypto.h> +#include <openssl/rand.h> +#include <openssl/err.h> + +#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC)) +#define TIMES +#endif + +#ifndef _IRIX +#include <time.h> +#endif +#ifdef TIMES +#include <sys/types.h> +#include <sys/times.h> +#endif + +/* Depending on the VMS version, the tms structure is perhaps defined. + The __TMS macro will show if it was. If it wasn't defined, we should + undefine TIMES, since that tells the rest of the program how things + should be handled. -- Richard Levitte */ +#if defined(VMS) && defined(__DECC) && !defined(__TMS) +#undef TIMES +#endif + +#ifndef TIMES +#include <sys/timeb.h> +#endif + +#if defined(sun) || defined(__ultrix) +#define _POSIX_SOURCE +#include <limits.h> +#include <sys/param.h> +#endif + +#ifndef NO_DES +#include <openssl/des.h> +#endif +#ifndef NO_MD2 +#include <openssl/md2.h> +#endif +#ifndef NO_MDC2 +#include <openssl/mdc2.h> +#endif +#ifndef NO_MD5 +#include <openssl/md5.h> +#endif +#ifndef NO_HMAC +#include <openssl/hmac.h> +#endif +#include <openssl/evp.h> +#ifndef NO_SHA +#include <openssl/sha.h> +#endif +#ifndef NO_RIPEMD +#include <openssl/ripemd.h> +#endif +#ifndef NO_RC4 +#include <openssl/rc4.h> +#endif +#ifndef NO_RC5 +#include <openssl/rc5.h> +#endif +#ifndef NO_RC2 +#include <openssl/rc2.h> +#endif +#ifndef NO_IDEA +#include <openssl/idea.h> +#endif +#ifndef NO_BF +#include <openssl/blowfish.h> +#endif +#ifndef NO_CAST +#include <openssl/cast.h> +#endif +#ifndef NO_RSA +#include <openssl/rsa.h> +#include "./testrsa.h" +#endif +#include <openssl/x509.h> +#ifndef NO_DSA +#include "./testdsa.h" +#endif + +/* The following if from times(3) man page. It may need to be changed */ +#ifndef HZ +# ifndef CLK_TCK +# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */ +# define HZ 100.0 +# else /* _BSD_CLK_TCK_ */ +# define HZ ((double)_BSD_CLK_TCK_) +# endif +# else /* CLK_TCK */ +# define HZ ((double)CLK_TCK) +# endif +#endif + +#undef BUFSIZE +#define BUFSIZE ((long)1024*8+1) +int run=0; + +static double Time_F(int s); +static void print_message(char *s,long num,int length); +static void pkey_print_message(char *str,char *str2,long num,int bits,int sec); +#ifdef SIGALRM +#if defined(__STDC__) || defined(sgi) || defined(_AIX) +#define SIGRETTYPE void +#else +#define SIGRETTYPE int +#endif + +static SIGRETTYPE sig_done(int sig); +static SIGRETTYPE sig_done(int sig) + { + signal(SIGALRM,sig_done); + run=0; +#ifdef LINT + sig=sig; +#endif + } +#endif + +#define START 0 +#define STOP 1 + +static double Time_F(int s) + { + double ret; +#ifdef TIMES + static struct tms tstart,tend; + + if (s == START) + { + times(&tstart); + return(0); + } + else + { + times(&tend); + ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; + return((ret < 1e-3)?1e-3:ret); + } +#else /* !times() */ + static struct timeb tstart,tend; + long i; + + if (s == START) + { + ftime(&tstart); + return(0); + } + else + { + ftime(&tend); + i=(long)tend.millitm-(long)tstart.millitm; + ret=((double)(tend.time-tstart.time))+((double)i)/1000.0; + return((ret < 0.001)?0.001:ret); + } +#endif + } + +int MAIN(int argc, char **argv) + { + unsigned char *buf=NULL,*buf2=NULL; + int ret=1; +#define ALGOR_NUM 14 +#define SIZE_NUM 5 +#define RSA_NUM 4 +#define DSA_NUM 3 + long count,rsa_count; + int i,j,k,rsa_num,rsa_num2; +#ifndef NO_MD2 + unsigned char md2[MD2_DIGEST_LENGTH]; +#endif +#ifndef NO_MDC2 + unsigned char mdc2[MDC2_DIGEST_LENGTH]; +#endif +#ifndef NO_MD5 + unsigned char md5[MD5_DIGEST_LENGTH]; + unsigned char hmac[MD5_DIGEST_LENGTH]; +#endif +#ifndef NO_SHA + unsigned char sha[SHA_DIGEST_LENGTH]; +#endif +#ifndef NO_RIPEMD + unsigned char rmd160[RIPEMD160_DIGEST_LENGTH]; +#endif +#ifndef NO_RC4 + RC4_KEY rc4_ks; +#endif +#ifndef NO_RC5 + RC5_32_KEY rc5_ks; +#endif +#ifndef NO_RC2 + RC2_KEY rc2_ks; +#endif +#ifndef NO_IDEA + IDEA_KEY_SCHEDULE idea_ks; +#endif +#ifndef NO_BF + BF_KEY bf_ks; +#endif +#ifndef NO_CAST + CAST_KEY cast_ks; +#endif + static unsigned char key16[16]= + {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0, + 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12}; + unsigned char iv[8]; +#ifndef NO_DES + des_cblock *buf_as_des_cblock = NULL; + static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0}; + static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12}; + static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34}; + des_key_schedule sch,sch2,sch3; +#endif +#define D_MD2 0 +#define D_MDC2 1 +#define D_MD5 2 +#define D_HMAC 3 +#define D_SHA1 4 +#define D_RMD160 5 +#define D_RC4 6 +#define D_CBC_DES 7 +#define D_EDE3_DES 8 +#define D_CBC_IDEA 9 +#define D_CBC_RC2 10 +#define D_CBC_RC5 11 +#define D_CBC_BF 12 +#define D_CBC_CAST 13 + double d,results[ALGOR_NUM][SIZE_NUM]; + static int lengths[SIZE_NUM]={8,64,256,1024,8*1024}; + long c[ALGOR_NUM][SIZE_NUM]; + static char *names[ALGOR_NUM]={ + "md2","mdc2","md5","hmac(md5)","sha1","rmd160","rc4", + "des cbc","des ede3","idea cbc", + "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc"}; +#define R_DSA_512 0 +#define R_DSA_1024 1 +#define R_DSA_2048 2 +#define R_RSA_512 0 +#define R_RSA_1024 1 +#define R_RSA_2048 2 +#define R_RSA_4096 3 +#ifndef NO_RSA + RSA *rsa_key[RSA_NUM]; + long rsa_c[RSA_NUM][2]; + double rsa_results[RSA_NUM][2]; + static unsigned int rsa_bits[RSA_NUM]={512,1024,2048,4096}; + static unsigned char *rsa_data[RSA_NUM]= + {test512,test1024,test2048,test4096}; + static int rsa_data_length[RSA_NUM]={ + sizeof(test512),sizeof(test1024), + sizeof(test2048),sizeof(test4096)}; +#endif +#ifndef NO_DSA + DSA *dsa_key[DSA_NUM]; + long dsa_c[DSA_NUM][2]; + double dsa_results[DSA_NUM][2]; + static unsigned int dsa_bits[DSA_NUM]={512,1024,2048}; +#endif + int rsa_doit[RSA_NUM]; + int dsa_doit[DSA_NUM]; + int doit[ALGOR_NUM]; + int pr_header=0; + + apps_startup(); +#ifndef NO_DSA + memset(dsa_key,0,sizeof(dsa_key)); +#endif + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + +#ifndef NO_RSA + memset(rsa_key,0,sizeof(rsa_key)); + for (i=0; i<RSA_NUM; i++) + rsa_key[i]=NULL; +#endif + + if ((buf=(unsigned char *)Malloc((int)BUFSIZE)) == NULL) + { + BIO_printf(bio_err,"out of memory\n"); + goto end; + } +#ifndef NO_DES + buf_as_des_cblock = (des_cblock *)buf; +#endif + if ((buf2=(unsigned char *)Malloc((int)BUFSIZE)) == NULL) + { + BIO_printf(bio_err,"out of memory\n"); + goto end; + } + + memset(c,0,sizeof(c)); + memset(iv,0,sizeof(iv)); + + for (i=0; i<ALGOR_NUM; i++) + doit[i]=0; + for (i=0; i<RSA_NUM; i++) + rsa_doit[i]=0; + for (i=0; i<DSA_NUM; i++) + dsa_doit[i]=0; + + j=0; + argc--; + argv++; + while (argc) + { +#ifndef NO_MD2 + if (strcmp(*argv,"md2") == 0) doit[D_MD2]=1; + else +#endif +#ifndef NO_MDC2 + if (strcmp(*argv,"mdc2") == 0) doit[D_MDC2]=1; + else +#endif +#ifndef NO_MD5 + if (strcmp(*argv,"md5") == 0) doit[D_MD5]=1; + else +#endif +#ifndef NO_MD5 + if (strcmp(*argv,"hmac") == 0) doit[D_HMAC]=1; + else +#endif +#ifndef NO_SHA + if (strcmp(*argv,"sha1") == 0) doit[D_SHA1]=1; + else + if (strcmp(*argv,"sha") == 0) doit[D_SHA1]=1; + else +#endif +#ifndef NO_RIPEMD + if (strcmp(*argv,"ripemd") == 0) doit[D_RMD160]=1; + else + if (strcmp(*argv,"rmd160") == 0) doit[D_RMD160]=1; + else + if (strcmp(*argv,"ripemd160") == 0) doit[D_RMD160]=1; + else +#endif +#ifndef NO_RC4 + if (strcmp(*argv,"rc4") == 0) doit[D_RC4]=1; + else +#endif +#ifndef NO_DEF + if (strcmp(*argv,"des-cbc") == 0) doit[D_CBC_DES]=1; + else if (strcmp(*argv,"des-ede3") == 0) doit[D_EDE3_DES]=1; + else +#endif +#ifndef NO_RSA +#ifdef RSAref + if (strcmp(*argv,"rsaref") == 0) + { + RSA_set_default_method(RSA_PKCS1_RSAref()); + j--; + } + else +#endif + if (strcmp(*argv,"openssl") == 0) + { + RSA_set_default_method(RSA_PKCS1_SSLeay()); + j--; + } + else +#endif /* !NO_RSA */ + if (strcmp(*argv,"dsa512") == 0) dsa_doit[R_DSA_512]=2; + else if (strcmp(*argv,"dsa1024") == 0) dsa_doit[R_DSA_1024]=2; + else if (strcmp(*argv,"dsa2048") == 0) dsa_doit[R_DSA_2048]=2; + else if (strcmp(*argv,"rsa512") == 0) rsa_doit[R_RSA_512]=2; + else if (strcmp(*argv,"rsa1024") == 0) rsa_doit[R_RSA_1024]=2; + else if (strcmp(*argv,"rsa2048") == 0) rsa_doit[R_RSA_2048]=2; + else if (strcmp(*argv,"rsa4096") == 0) rsa_doit[R_RSA_4096]=2; + else +#ifndef NO_RC2 + if (strcmp(*argv,"rc2-cbc") == 0) doit[D_CBC_RC2]=1; + else if (strcmp(*argv,"rc2") == 0) doit[D_CBC_RC2]=1; + else +#endif +#ifndef NO_RC5 + if (strcmp(*argv,"rc5-cbc") == 0) doit[D_CBC_RC5]=1; + else if (strcmp(*argv,"rc5") == 0) doit[D_CBC_RC5]=1; + else +#endif +#ifndef NO_IDEA + if (strcmp(*argv,"idea-cbc") == 0) doit[D_CBC_IDEA]=1; + else if (strcmp(*argv,"idea") == 0) doit[D_CBC_IDEA]=1; + else +#endif +#ifndef NO_BF + if (strcmp(*argv,"bf-cbc") == 0) doit[D_CBC_BF]=1; + else if (strcmp(*argv,"blowfish") == 0) doit[D_CBC_BF]=1; + else if (strcmp(*argv,"bf") == 0) doit[D_CBC_BF]=1; + else +#endif +#ifndef NO_CAST + if (strcmp(*argv,"cast-cbc") == 0) doit[D_CBC_CAST]=1; + else if (strcmp(*argv,"cast") == 0) doit[D_CBC_CAST]=1; + else if (strcmp(*argv,"cast5") == 0) doit[D_CBC_CAST]=1; + else +#endif +#ifndef NO_DES + if (strcmp(*argv,"des") == 0) + { + doit[D_CBC_DES]=1; + doit[D_EDE3_DES]=1; + } + else +#endif +#ifndef NO_RSA + if (strcmp(*argv,"rsa") == 0) + { + rsa_doit[R_RSA_512]=1; + rsa_doit[R_RSA_1024]=1; + rsa_doit[R_RSA_2048]=1; + rsa_doit[R_RSA_4096]=1; + } + else +#endif +#ifndef NO_DSA + if (strcmp(*argv,"dsa") == 0) + { + dsa_doit[R_DSA_512]=1; + dsa_doit[R_DSA_1024]=1; + } + else +#endif + { + BIO_printf(bio_err,"bad value, pick one of\n"); + BIO_printf(bio_err,"md2 mdc2 md5 hmac sha1 rmd160\n"); +#ifndef NO_IDEA + BIO_printf(bio_err,"idea-cbc "); +#endif +#ifndef NO_RC2 + BIO_printf(bio_err,"rc2-cbc "); +#endif +#ifndef NO_RC5 + BIO_printf(bio_err,"rc5-cbc "); +#endif +#ifndef NO_BF + BIO_printf(bio_err,"bf-cbc"); +#endif +#if !defined(NO_IDEA) && !defined(NO_RC2) && !defined(NO_BF) && !defined(NO_RC5) + BIO_printf(bio_err,"\n"); +#endif + BIO_printf(bio_err,"des-cbc des-ede3 "); +#ifndef NO_RC4 + BIO_printf(bio_err,"rc4"); +#endif +#ifndef NO_RSA + BIO_printf(bio_err,"\nrsa512 rsa1024 rsa2048 rsa4096\n"); +#endif +#ifndef NO_DSA + BIO_printf(bio_err,"\ndsa512 dsa1024 dsa2048\n"); +#endif + BIO_printf(bio_err,"idea rc2 des rsa blowfish\n"); + goto end; + } + argc--; + argv++; + j++; + } + + if (j == 0) + { + for (i=0; i<ALGOR_NUM; i++) + doit[i]=1; + for (i=0; i<RSA_NUM; i++) + rsa_doit[i]=1; + for (i=0; i<DSA_NUM; i++) + dsa_doit[i]=1; + } + for (i=0; i<ALGOR_NUM; i++) + if (doit[i]) pr_header++; + +#ifndef TIMES + BIO_printf(bio_err,"To get the most accurate results, try to run this\n"); + BIO_printf(bio_err,"program when this computer is idle.\n"); +#endif + +#ifndef NO_RSA + for (i=0; i<RSA_NUM; i++) + { + unsigned char *p; + + p=rsa_data[i]; + rsa_key[i]=d2i_RSAPrivateKey(NULL,&p,rsa_data_length[i]); + if (rsa_key[i] == NULL) + { + BIO_printf(bio_err,"internal error loading RSA key number %d\n",i); + goto end; + } +#if 0 + else + { + BIO_printf(bio_err,"Loaded RSA key, %d bit modulus and e= 0x",BN_num_bits(rsa_key[i]->n)); + BN_print(bio_err,rsa_key[i]->e); + BIO_printf(bio_err,"\n"); + } +#endif + } +#endif + +#ifndef NO_DSA + dsa_key[0]=get_dsa512(); + dsa_key[1]=get_dsa1024(); + dsa_key[2]=get_dsa2048(); +#endif + +#ifndef NO_DES + des_set_key(&key,sch); + des_set_key(&key2,sch2); + des_set_key(&key3,sch3); +#endif +#ifndef NO_IDEA + idea_set_encrypt_key(key16,&idea_ks); +#endif +#ifndef NO_RC4 + RC4_set_key(&rc4_ks,16,key16); +#endif +#ifndef NO_RC2 + RC2_set_key(&rc2_ks,16,key16,128); +#endif +#ifndef NO_RC5 + RC5_32_set_key(&rc5_ks,16,key16,12); +#endif +#ifndef NO_BF + BF_set_key(&bf_ks,16,key16); +#endif +#ifndef NO_CAST + CAST_set_key(&cast_ks,16,key16); +#endif +#ifndef NO_RSA + memset(rsa_c,0,sizeof(rsa_c)); +#endif +#ifndef SIGALRM + BIO_printf(bio_err,"First we calculate the approximate speed ...\n"); + count=10; + do { + long i; + count*=2; + Time_F(START); + for (i=count; i; i--) + des_ecb_encrypt(buf_as_des_cblock,buf_as_des_cblock, + &(sch[0]),DES_ENCRYPT); + d=Time_F(STOP); + } while (d <3); + c[D_MD2][0]=count/10; + c[D_MDC2][0]=count/10; + c[D_MD5][0]=count; + c[D_HMAC][0]=count; + c[D_SHA1][0]=count; + c[D_RMD160][0]=count; + c[D_RC4][0]=count*5; + c[D_CBC_DES][0]=count; + c[D_EDE3_DES][0]=count/3; + c[D_CBC_IDEA][0]=count; + c[D_CBC_RC2][0]=count; + c[D_CBC_RC5][0]=count; + c[D_CBC_BF][0]=count; + c[D_CBC_CAST][0]=count; + + for (i=1; i<SIZE_NUM; i++) + { + c[D_MD2][i]=c[D_MD2][0]*4*lengths[0]/lengths[i]; + c[D_MDC2][i]=c[D_MDC2][0]*4*lengths[0]/lengths[i]; + c[D_MD5][i]=c[D_MD5][0]*4*lengths[0]/lengths[i]; + c[D_HMAC][i]=c[D_HMAC][0]*4*lengths[0]/lengths[i]; + c[D_SHA1][i]=c[D_SHA1][0]*4*lengths[0]/lengths[i]; + c[D_RMD160][i]=c[D_RMD160][0]*4*lengths[0]/lengths[i]; + } + for (i=1; i<SIZE_NUM; i++) + { + long l0,l1; + + l0=(long)lengths[i-1]; + l1=(long)lengths[i]; + c[D_RC4][i]=c[D_RC4][i-1]*l0/l1; + c[D_CBC_DES][i]=c[D_CBC_DES][i-1]*l0/l1; + c[D_EDE3_DES][i]=c[D_EDE3_DES][i-1]*l0/l1; + c[D_CBC_IDEA][i]=c[D_CBC_IDEA][i-1]*l0/l1; + c[D_CBC_RC2][i]=c[D_CBC_RC2][i-1]*l0/l1; + c[D_CBC_RC5][i]=c[D_CBC_RC5][i-1]*l0/l1; + c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1; + c[D_CBC_CAST][i]=c[D_CBC_CAST][i-1]*l0/l1; + } +#ifndef NO_RSA + rsa_c[R_RSA_512][0]=count/2000; + rsa_c[R_RSA_512][1]=count/400; + for (i=1; i<RSA_NUM; i++) + { + rsa_c[i][0]=rsa_c[i-1][0]/8; + rsa_c[i][1]=rsa_c[i-1][1]/4; + if ((rsa_doit[i] <= 1) && (rsa_c[i][0] == 0)) + rsa_doit[i]=0; + else + { + if (rsa_c[i][0] == 0) + { + rsa_c[i][0]=1; + rsa_c[i][1]=20; + } + } + } +#endif + + dsa_c[R_DSA_512][0]=count/1000; + dsa_c[R_DSA_512][1]=count/1000/2; + for (i=1; i<DSA_NUM; i++) + { + dsa_c[i][0]=dsa_c[i-1][0]/4; + dsa_c[i][1]=dsa_c[i-1][1]/4; + if ((dsa_doit[i] <= 1) && (dsa_c[i][0] == 0)) + dsa_doit[i]=0; + else + { + if (dsa_c[i] == 0) + { + dsa_c[i][0]=1; + dsa_c[i][1]=1; + } + } + } + +#define COND(d) (count < (d)) +#define COUNT(d) (d) +#else +#define COND(c) (run) +#define COUNT(d) (count) + signal(SIGALRM,sig_done); +#endif + +#ifndef NO_MD2 + if (doit[D_MD2]) + { + for (j=0; j<SIZE_NUM; j++) + { + print_message(names[D_MD2],c[D_MD2][j],lengths[j]); + Time_F(START); + for (count=0,run=1; COND(c[D_MD2][j]); count++) + MD2(buf,(unsigned long)lengths[j],&(md2[0])); + d=Time_F(STOP); + BIO_printf(bio_err,"%ld %s's in %.2fs\n", + count,names[D_MD2],d); + results[D_MD2][j]=((double)count)/d*lengths[j]; + } + } +#endif +#ifndef NO_MDC2 + if (doit[D_MDC2]) + { + for (j=0; j<SIZE_NUM; j++) + { + print_message(names[D_MDC2],c[D_MDC2][j],lengths[j]); + Time_F(START); + for (count=0,run=1; COND(c[D_MDC2][j]); count++) + MDC2(buf,(unsigned long)lengths[j],&(mdc2[0])); + d=Time_F(STOP); + BIO_printf(bio_err,"%ld %s's in %.2fs\n", + count,names[D_MDC2],d); + results[D_MDC2][j]=((double)count)/d*lengths[j]; + } + } +#endif + +#ifndef NO_MD5 + if (doit[D_MD5]) + { + for (j=0; j<SIZE_NUM; j++) + { + print_message(names[D_MD5],c[D_MD5][j],lengths[j]); + Time_F(START); + for (count=0,run=1; COND(c[D_MD5][j]); count++) + MD5(&(buf[0]),(unsigned long)lengths[j],&(md5[0])); + d=Time_F(STOP); + BIO_printf(bio_err,"%ld %s's in %.2fs\n", + count,names[D_MD5],d); + results[D_MD5][j]=((double)count)/d*lengths[j]; + } + } +#endif + +#if !defined(NO_MD5) && !defined(NO_HMAC) + if (doit[D_HMAC]) + { + HMAC_CTX hctx; + HMAC_Init(&hctx,(unsigned char *)"This is a key...", + 16,EVP_md5()); + + for (j=0; j<SIZE_NUM; j++) + { + print_message(names[D_HMAC],c[D_HMAC][j],lengths[j]); + Time_F(START); + for (count=0,run=1; COND(c[D_HMAC][j]); count++) + { + HMAC_Init(&hctx,NULL,0,NULL); + HMAC_Update(&hctx,buf,lengths[j]); + HMAC_Final(&hctx,&(hmac[0]),NULL); + } + d=Time_F(STOP); + BIO_printf(bio_err,"%ld %s's in %.2fs\n", + count,names[D_HMAC],d); + results[D_HMAC][j]=((double)count)/d*lengths[j]; + } + } +#endif +#ifndef NO_SHA + if (doit[D_SHA1]) + { + for (j=0; j<SIZE_NUM; j++) + { + print_message(names[D_SHA1],c[D_SHA1][j],lengths[j]); + Time_F(START); + for (count=0,run=1; COND(c[D_SHA1][j]); count++) + SHA1(buf,(unsigned long)lengths[j],&(sha[0])); + d=Time_F(STOP); + BIO_printf(bio_err,"%ld %s's in %.2fs\n", + count,names[D_SHA1],d); + results[D_SHA1][j]=((double)count)/d*lengths[j]; + } + } +#endif +#ifndef NO_RIPEMD + if (doit[D_RMD160]) + { + for (j=0; j<SIZE_NUM; j++) + { + print_message(names[D_RMD160],c[D_RMD160][j],lengths[j]); + Time_F(START); + for (count=0,run=1; COND(c[D_RMD160][j]); count++) + RIPEMD160(buf,(unsigned long)lengths[j],&(rmd160[0])); + d=Time_F(STOP); + BIO_printf(bio_err,"%ld %s's in %.2fs\n", + count,names[D_RMD160],d); + results[D_RMD160][j]=((double)count)/d*lengths[j]; + } + } +#endif +#ifndef NO_RC4 + if (doit[D_RC4]) + { + for (j=0; j<SIZE_NUM; j++) + { + print_message(names[D_RC4],c[D_RC4][j],lengths[j]); + Time_F(START); + for (count=0,run=1; COND(c[D_RC4][j]); count++) + RC4(&rc4_ks,(unsigned int)lengths[j], + buf,buf); + d=Time_F(STOP); + BIO_printf(bio_err,"%ld %s's in %.2fs\n", + count,names[D_RC4],d); + results[D_RC4][j]=((double)count)/d*lengths[j]; + } + } +#endif +#ifndef NO_DES + if (doit[D_CBC_DES]) + { + for (j=0; j<SIZE_NUM; j++) + { + print_message(names[D_CBC_DES],c[D_CBC_DES][j],lengths[j]); + Time_F(START); + for (count=0,run=1; COND(c[D_CBC_DES][j]); count++) + des_ncbc_encrypt(buf,buf,lengths[j],sch, + &iv,DES_ENCRYPT); + d=Time_F(STOP); + BIO_printf(bio_err,"%ld %s's in %.2fs\n", + count,names[D_CBC_DES],d); + results[D_CBC_DES][j]=((double)count)/d*lengths[j]; + } + } + + if (doit[D_EDE3_DES]) + { + for (j=0; j<SIZE_NUM; j++) + { + print_message(names[D_EDE3_DES],c[D_EDE3_DES][j],lengths[j]); + Time_F(START); + for (count=0,run=1; COND(c[D_EDE3_DES][j]); count++) + des_ede3_cbc_encrypt(buf,buf,lengths[j], + sch,sch2,sch3, + &iv,DES_ENCRYPT); + d=Time_F(STOP); + BIO_printf(bio_err,"%ld %s's in %.2fs\n", + count,names[D_EDE3_DES],d); + results[D_EDE3_DES][j]=((double)count)/d*lengths[j]; + } + } +#endif +#ifndef NO_IDEA + if (doit[D_CBC_IDEA]) + { + for (j=0; j<SIZE_NUM; j++) + { + print_message(names[D_CBC_IDEA],c[D_CBC_IDEA][j],lengths[j]); + Time_F(START); + for (count=0,run=1; COND(c[D_CBC_IDEA][j]); count++) + idea_cbc_encrypt(buf,buf, + (unsigned long)lengths[j],&idea_ks, + iv,IDEA_ENCRYPT); + d=Time_F(STOP); + BIO_printf(bio_err,"%ld %s's in %.2fs\n", + count,names[D_CBC_IDEA],d); + results[D_CBC_IDEA][j]=((double)count)/d*lengths[j]; + } + } +#endif +#ifndef NO_RC2 + if (doit[D_CBC_RC2]) + { + for (j=0; j<SIZE_NUM; j++) + { + print_message(names[D_CBC_RC2],c[D_CBC_RC2][j],lengths[j]); + Time_F(START); + for (count=0,run=1; COND(c[D_CBC_RC2][j]); count++) + RC2_cbc_encrypt(buf,buf, + (unsigned long)lengths[j],&rc2_ks, + iv,RC2_ENCRYPT); + d=Time_F(STOP); + BIO_printf(bio_err,"%ld %s's in %.2fs\n", + count,names[D_CBC_RC2],d); + results[D_CBC_RC2][j]=((double)count)/d*lengths[j]; + } + } +#endif +#ifndef NO_RC5 + if (doit[D_CBC_RC5]) + { + for (j=0; j<SIZE_NUM; j++) + { + print_message(names[D_CBC_RC5],c[D_CBC_RC5][j],lengths[j]); + Time_F(START); + for (count=0,run=1; COND(c[D_CBC_RC5][j]); count++) + RC5_32_cbc_encrypt(buf,buf, + (unsigned long)lengths[j],&rc5_ks, + iv,RC5_ENCRYPT); + d=Time_F(STOP); + BIO_printf(bio_err,"%ld %s's in %.2fs\n", + count,names[D_CBC_RC5],d); + results[D_CBC_RC5][j]=((double)count)/d*lengths[j]; + } + } +#endif +#ifndef NO_BF + if (doit[D_CBC_BF]) + { + for (j=0; j<SIZE_NUM; j++) + { + print_message(names[D_CBC_BF],c[D_CBC_BF][j],lengths[j]); + Time_F(START); + for (count=0,run=1; COND(c[D_CBC_BF][j]); count++) + BF_cbc_encrypt(buf,buf, + (unsigned long)lengths[j],&bf_ks, + iv,BF_ENCRYPT); + d=Time_F(STOP); + BIO_printf(bio_err,"%ld %s's in %.2fs\n", + count,names[D_CBC_BF],d); + results[D_CBC_BF][j]=((double)count)/d*lengths[j]; + } + } +#endif +#ifndef NO_CAST + if (doit[D_CBC_CAST]) + { + for (j=0; j<SIZE_NUM; j++) + { + print_message(names[D_CBC_CAST],c[D_CBC_CAST][j],lengths[j]); + Time_F(START); + for (count=0,run=1; COND(c[D_CBC_CAST][j]); count++) + CAST_cbc_encrypt(buf,buf, + (unsigned long)lengths[j],&cast_ks, + iv,CAST_ENCRYPT); + d=Time_F(STOP); + BIO_printf(bio_err,"%ld %s's in %.2fs\n", + count,names[D_CBC_CAST],d); + results[D_CBC_CAST][j]=((double)count)/d*lengths[j]; + } + } +#endif + + RAND_bytes(buf,30); +#ifndef NO_RSA + for (j=0; j<RSA_NUM; j++) + { + if (!rsa_doit[j]) continue; + rsa_num=RSA_private_encrypt(30,buf,buf2,rsa_key[j], + RSA_PKCS1_PADDING); + pkey_print_message("private","rsa",rsa_c[j][0],rsa_bits[j], + RSA_SECONDS); +/* RSA_blinding_on(rsa_key[j],NULL); */ + Time_F(START); + for (count=0,run=1; COND(rsa_c[j][0]); count++) + { + rsa_num=RSA_private_encrypt(30,buf,buf2,rsa_key[j], + RSA_PKCS1_PADDING); + if (rsa_num <= 0) + { + BIO_printf(bio_err,"RSA private encrypt failure\n"); + ERR_print_errors(bio_err); + count=1; + break; + } + } + d=Time_F(STOP); + BIO_printf(bio_err,"%ld %d bit private RSA's in %.2fs\n", + count,rsa_bits[j],d); + rsa_results[j][0]=d/(double)count; + rsa_count=count; + +#if 1 + rsa_num2=RSA_public_decrypt(rsa_num,buf2,buf,rsa_key[j], + RSA_PKCS1_PADDING); + pkey_print_message("public","rsa",rsa_c[j][1],rsa_bits[j], + RSA_SECONDS); + Time_F(START); + for (count=0,run=1; COND(rsa_c[j][1]); count++) + { + rsa_num2=RSA_public_decrypt(rsa_num,buf2,buf,rsa_key[j], + RSA_PKCS1_PADDING); + if (rsa_num2 <= 0) + { + BIO_printf(bio_err,"RSA public encrypt failure\n"); + ERR_print_errors(bio_err); + count=1; + break; + } + } + d=Time_F(STOP); + BIO_printf(bio_err,"%ld %d bit public RSA's in %.2fs\n", + count,rsa_bits[j],d); + rsa_results[j][1]=d/(double)count; +#endif + + if (rsa_count <= 1) + { + /* if longer than 10s, don't do any more */ + for (j++; j<RSA_NUM; j++) + rsa_doit[j]=0; + } + } +#endif + + RAND_bytes(buf,20); +#ifndef NO_DSA + for (j=0; j<DSA_NUM; j++) + { + unsigned int kk; + + if (!dsa_doit[j]) continue; + DSA_generate_key(dsa_key[j]); +/* DSA_sign_setup(dsa_key[j],NULL); */ + rsa_num=DSA_sign(EVP_PKEY_DSA,buf,20,buf2, + &kk,dsa_key[j]); + pkey_print_message("sign","dsa",dsa_c[j][0],dsa_bits[j], + DSA_SECONDS); + Time_F(START); + for (count=0,run=1; COND(dsa_c[j][0]); count++) + { + rsa_num=DSA_sign(EVP_PKEY_DSA,buf,20,buf2, + &kk,dsa_key[j]); + if (rsa_num <= 0) + { + BIO_printf(bio_err,"DSA sign failure\n"); + ERR_print_errors(bio_err); + count=1; + break; + } + } + d=Time_F(STOP); + BIO_printf(bio_err,"%ld %d bit DSA signs in %.2fs\n", + count,dsa_bits[j],d); + dsa_results[j][0]=d/(double)count; + rsa_count=count; + + rsa_num2=DSA_verify(EVP_PKEY_DSA,buf,20,buf2, + kk,dsa_key[j]); + pkey_print_message("verify","dsa",dsa_c[j][1],dsa_bits[j], + DSA_SECONDS); + Time_F(START); + for (count=0,run=1; COND(dsa_c[j][1]); count++) + { + rsa_num2=DSA_verify(EVP_PKEY_DSA,buf,20,buf2, + kk,dsa_key[j]); + if (rsa_num2 <= 0) + { + BIO_printf(bio_err,"DSA verify failure\n"); + ERR_print_errors(bio_err); + count=1; + break; + } + } + d=Time_F(STOP); + BIO_printf(bio_err,"%ld %d bit DSA verify in %.2fs\n", + count,dsa_bits[j],d); + dsa_results[j][1]=d/(double)count; + + if (rsa_count <= 1) + { + /* if longer than 10s, don't do any more */ + for (j++; j<DSA_NUM; j++) + dsa_doit[j]=0; + } + } +#endif + + fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_VERSION)); + fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_BUILT_ON)); + printf("options:"); + printf("%s ",BN_options()); +#ifndef NO_MD2 + printf("%s ",MD2_options()); +#endif +#ifndef NO_RC4 + printf("%s ",RC4_options()); +#endif +#ifndef NO_DES + printf("%s ",des_options()); +#endif +#ifndef NO_IDEA + printf("%s ",idea_options()); +#endif +#ifndef NO_BF + printf("%s ",BF_options()); +#endif + fprintf(stdout,"\n%s\n",SSLeay_version(SSLEAY_CFLAGS)); + + if (pr_header) + { + fprintf(stdout,"The 'numbers' are in 1000s of bytes per second processed.\n"); + fprintf(stdout,"type "); + for (j=0; j<SIZE_NUM; j++) + fprintf(stdout,"%7d bytes",lengths[j]); + fprintf(stdout,"\n"); + } + + for (k=0; k<ALGOR_NUM; k++) + { + if (!doit[k]) continue; + fprintf(stdout,"%-13s",names[k]); + for (j=0; j<SIZE_NUM; j++) + { + if (results[k][j] > 10000) + fprintf(stdout," %11.2fk",results[k][j]/1e3); + else + fprintf(stdout," %11.2f ",results[k][j]); + } + fprintf(stdout,"\n"); + } +#ifndef NO_RSA + j=1; + for (k=0; k<RSA_NUM; k++) + { + if (!rsa_doit[k]) continue; + if (j) + { + printf("%18ssign verify sign/s verify/s\n"," "); + j=0; + } + fprintf(stdout,"rsa %4u bits %8.4fs %8.4fs %8.1f %8.1f", + rsa_bits[k],rsa_results[k][0],rsa_results[k][1], + 1.0/rsa_results[k][0],1.0/rsa_results[k][1]); + fprintf(stdout,"\n"); + } +#endif +#ifndef NO_DSA + j=1; + for (k=0; k<DSA_NUM; k++) + { + if (!dsa_doit[k]) continue; + if (j) { + printf("%18ssign verify sign/s verify/s\n"," "); + j=0; + } + fprintf(stdout,"dsa %4u bits %8.4fs %8.4fs %8.1f %8.1f", + dsa_bits[k],dsa_results[k][0],dsa_results[k][1], + 1.0/dsa_results[k][0],1.0/dsa_results[k][1]); + fprintf(stdout,"\n"); + } +#endif + ret=0; +end: + if (buf != NULL) Free(buf); + if (buf2 != NULL) Free(buf2); +#ifndef NO_RSA + for (i=0; i<RSA_NUM; i++) + if (rsa_key[i] != NULL) + RSA_free(rsa_key[i]); +#endif +#ifndef NO_DSA + for (i=0; i<DSA_NUM; i++) + if (dsa_key[i] != NULL) + DSA_free(dsa_key[i]); +#endif + EXIT(ret); + } + +static void print_message(char *s, long num, int length) + { +#ifdef SIGALRM + BIO_printf(bio_err,"Doing %s for %ds on %d size blocks: ",s,SECONDS,length); + (void)BIO_flush(bio_err); + alarm(SECONDS); +#else + BIO_printf(bio_err,"Doing %s %ld times on %d size blocks: ",s,num,length); + (void)BIO_flush(bio_err); +#endif +#ifdef LINT + num=num; +#endif + } + +static void pkey_print_message(char *str, char *str2, long num, int bits, + int tm) + { +#ifdef SIGALRM + BIO_printf(bio_err,"Doing %d bit %s %s's for %ds: ",bits,str,str2,tm); + (void)BIO_flush(bio_err); + alarm(RSA_SECONDS); +#else + BIO_printf(bio_err,"Doing %ld %d bit %s %s's: ",num,bits,str,str2); + (void)BIO_flush(bio_err); +#endif +#ifdef LINT + num=num; +#endif + } + diff --git a/crypto/openssl/apps/testCA.pem b/crypto/openssl/apps/testCA.pem new file mode 100644 index 0000000..dcb710a --- /dev/null +++ b/crypto/openssl/apps/testCA.pem @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBBzCBsgIBADBNMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEX +MBUGA1UEChMOTWluY29tIFB0eSBMdGQxEDAOBgNVBAMTB1RFU1QgQ0EwXDANBgkq +hkiG9w0BAQEFAANLADBIAkEAzW9brgA8efT2ODB+NrsflJZj3KKqKsm4OrXTRqfL +VETj1ws/zCXl42XJAxdWQMCP0liKfc9Ut4xi1qCVI7N07wIDAQABoAAwDQYJKoZI +hvcNAQEEBQADQQBjZZ42Det9Uw0AFwJy4ufUEy5Cv74pxBp5SZnljgHY+Az0Hs2S +uNkIegr2ITX5azKi9nOkg9ZmsmGG13FIjiC/ +-----END CERTIFICATE REQUEST----- diff --git a/crypto/openssl/apps/testdsa.h b/crypto/openssl/apps/testdsa.h new file mode 100644 index 0000000..a322978 --- /dev/null +++ b/crypto/openssl/apps/testdsa.h @@ -0,0 +1,148 @@ +/* NOCW */ +DSA *get_dsa512(void ); +DSA *get_dsa1024(void ); +DSA *get_dsa2048(void ); +static unsigned char dsa512_p[]={ + 0x9D,0x1B,0x69,0x8E,0x26,0xDB,0xF2,0x2B,0x11,0x70,0x19,0x86, + 0xF6,0x19,0xC8,0xF8,0x19,0xF2,0x18,0x53,0x94,0x46,0x06,0xD0, + 0x62,0x50,0x33,0x4B,0x02,0x3C,0x52,0x30,0x03,0x8B,0x3B,0xF9, + 0x5F,0xD1,0x24,0x06,0x4F,0x7B,0x4C,0xBA,0xAA,0x40,0x9B,0xFD, + 0x96,0xE4,0x37,0x33,0xBB,0x2D,0x5A,0xD7,0x5A,0x11,0x40,0x66, + 0xA2,0x76,0x7D,0x31, + }; +static unsigned char dsa512_q[]={ + 0xFB,0x53,0xEF,0x50,0xB4,0x40,0x92,0x31,0x56,0x86,0x53,0x7A, + 0xE8,0x8B,0x22,0x9A,0x49,0xFB,0x71,0x8F, + }; +static unsigned char dsa512_g[]={ + 0x83,0x3E,0x88,0xE5,0xC5,0x89,0x73,0xCE,0x3B,0x6C,0x01,0x49, + 0xBF,0xB3,0xC7,0x9F,0x0A,0xEA,0x44,0x91,0xE5,0x30,0xAA,0xD9, + 0xBE,0x5B,0x5F,0xB7,0x10,0xD7,0x89,0xB7,0x8E,0x74,0xFB,0xCF, + 0x29,0x1E,0xEB,0xA8,0x2C,0x54,0x51,0xB8,0x10,0xDE,0xA0,0xCE, + 0x2F,0xCC,0x24,0x6B,0x90,0x77,0xDE,0xA2,0x68,0xA6,0x52,0x12, + 0xA2,0x03,0x9D,0x20, + }; + +DSA *get_dsa512() + { + DSA *dsa; + + if ((dsa=DSA_new()) == NULL) return(NULL); + dsa->p=BN_bin2bn(dsa512_p,sizeof(dsa512_p),NULL); + dsa->q=BN_bin2bn(dsa512_q,sizeof(dsa512_q),NULL); + dsa->g=BN_bin2bn(dsa512_g,sizeof(dsa512_g),NULL); + if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL)) + return(NULL); + return(dsa); + } + +static unsigned char dsa1024_p[]={ + 0xA7,0x3F,0x6E,0x85,0xBF,0x41,0x6A,0x29,0x7D,0xF0,0x9F,0x47, + 0x19,0x30,0x90,0x9A,0x09,0x1D,0xDA,0x6A,0x33,0x1E,0xC5,0x3D, + 0x86,0x96,0xB3,0x15,0xE0,0x53,0x2E,0x8F,0xE0,0x59,0x82,0x73, + 0x90,0x3E,0x75,0x31,0x99,0x47,0x7A,0x52,0xFB,0x85,0xE4,0xD9, + 0xA6,0x7B,0x38,0x9B,0x68,0x8A,0x84,0x9B,0x87,0xC6,0x1E,0xB5, + 0x7E,0x86,0x4B,0x53,0x5B,0x59,0xCF,0x71,0x65,0x19,0x88,0x6E, + 0xCE,0x66,0xAE,0x6B,0x88,0x36,0xFB,0xEC,0x28,0xDC,0xC2,0xD7, + 0xA5,0xBB,0xE5,0x2C,0x39,0x26,0x4B,0xDA,0x9A,0x70,0x18,0x95, + 0x37,0x95,0x10,0x56,0x23,0xF6,0x15,0xED,0xBA,0x04,0x5E,0xDE, + 0x39,0x4F,0xFD,0xB7,0x43,0x1F,0xB5,0xA4,0x65,0x6F,0xCD,0x80, + 0x11,0xE4,0x70,0x95,0x5B,0x50,0xCD,0x49, + }; +static unsigned char dsa1024_q[]={ + 0xF7,0x07,0x31,0xED,0xFA,0x6C,0x06,0x03,0xD5,0x85,0x8A,0x1C, + 0xAC,0x9C,0x65,0xE7,0x50,0x66,0x65,0x6F, + }; +static unsigned char dsa1024_g[]={ + 0x4D,0xDF,0x4C,0x03,0xA6,0x91,0x8A,0xF5,0x19,0x6F,0x50,0x46, + 0x25,0x99,0xE5,0x68,0x6F,0x30,0xE3,0x69,0xE1,0xE5,0xB3,0x5D, + 0x98,0xBB,0x28,0x86,0x48,0xFC,0xDE,0x99,0x04,0x3F,0x5F,0x88, + 0x0C,0x9C,0x73,0x24,0x0D,0x20,0x5D,0xB9,0x2A,0x9A,0x3F,0x18, + 0x96,0x27,0xE4,0x62,0x87,0xC1,0x7B,0x74,0x62,0x53,0xFC,0x61, + 0x27,0xA8,0x7A,0x91,0x09,0x9D,0xB6,0xF1,0x4D,0x9C,0x54,0x0F, + 0x58,0x06,0xEE,0x49,0x74,0x07,0xCE,0x55,0x7E,0x23,0xCE,0x16, + 0xF6,0xCA,0xDC,0x5A,0x61,0x01,0x7E,0xC9,0x71,0xB5,0x4D,0xF6, + 0xDC,0x34,0x29,0x87,0x68,0xF6,0x5E,0x20,0x93,0xB3,0xDB,0xF5, + 0xE4,0x09,0x6C,0x41,0x17,0x95,0x92,0xEB,0x01,0xB5,0x73,0xA5, + 0x6A,0x7E,0xD8,0x32,0xED,0x0E,0x02,0xB8, + }; + +DSA *get_dsa1024() + { + DSA *dsa; + + if ((dsa=DSA_new()) == NULL) return(NULL); + dsa->p=BN_bin2bn(dsa1024_p,sizeof(dsa1024_p),NULL); + dsa->q=BN_bin2bn(dsa1024_q,sizeof(dsa1024_q),NULL); + dsa->g=BN_bin2bn(dsa1024_g,sizeof(dsa1024_g),NULL); + if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL)) + return(NULL); + return(dsa); + } + +static unsigned char dsa2048_p[]={ + 0xA0,0x25,0xFA,0xAD,0xF4,0x8E,0xB9,0xE5,0x99,0xF3,0x5D,0x6F, + 0x4F,0x83,0x34,0xE2,0x7E,0xCF,0x6F,0xBF,0x30,0xAF,0x6F,0x81, + 0xEB,0xF8,0xC4,0x13,0xD9,0xA0,0x5D,0x8B,0x5C,0x8E,0xDC,0xC2, + 0x1D,0x0B,0x41,0x32,0xB0,0x1F,0xFE,0xEF,0x0C,0xC2,0xA2,0x7E, + 0x68,0x5C,0x28,0x21,0xE9,0xF5,0xB1,0x58,0x12,0x63,0x4C,0x19, + 0x4E,0xFF,0x02,0x4B,0x92,0xED,0xD2,0x07,0x11,0x4D,0x8C,0x58, + 0x16,0x5C,0x55,0x8E,0xAD,0xA3,0x67,0x7D,0xB9,0x86,0x6E,0x0B, + 0xE6,0x54,0x6F,0x40,0xAE,0x0E,0x67,0x4C,0xF9,0x12,0x5B,0x3C, + 0x08,0x7A,0xF7,0xFC,0x67,0x86,0x69,0xE7,0x0A,0x94,0x40,0xBF, + 0x8B,0x76,0xFE,0x26,0xD1,0xF2,0xA1,0x1A,0x84,0xA1,0x43,0x56, + 0x28,0xBC,0x9A,0x5F,0xD7,0x3B,0x69,0x89,0x8A,0x36,0x2C,0x51, + 0xDF,0x12,0x77,0x2F,0x57,0x7B,0xA0,0xAA,0xDD,0x7F,0xA1,0x62, + 0x3B,0x40,0x7B,0x68,0x1A,0x8F,0x0D,0x38,0xBB,0x21,0x5D,0x18, + 0xFC,0x0F,0x46,0xF7,0xA3,0xB0,0x1D,0x23,0xC3,0xD2,0xC7,0x72, + 0x51,0x18,0xDF,0x46,0x95,0x79,0xD9,0xBD,0xB5,0x19,0x02,0x2C, + 0x87,0xDC,0xE7,0x57,0x82,0x7E,0xF1,0x8B,0x06,0x3D,0x00,0xA5, + 0x7B,0x6B,0x26,0x27,0x91,0x0F,0x6A,0x77,0xE4,0xD5,0x04,0xE4, + 0x12,0x2C,0x42,0xFF,0xD2,0x88,0xBB,0xD3,0x92,0xA0,0xF9,0xC8, + 0x51,0x64,0x14,0x5C,0xD8,0xF9,0x6C,0x47,0x82,0xB4,0x1C,0x7F, + 0x09,0xB8,0xF0,0x25,0x83,0x1D,0x3F,0x3F,0x05,0xB3,0x21,0x0A, + 0x5D,0xA7,0xD8,0x54,0xC3,0x65,0x7D,0xC3,0xB0,0x1D,0xBF,0xAE, + 0xF8,0x68,0xCF,0x9B, + }; +static unsigned char dsa2048_q[]={ + 0x97,0xE7,0x33,0x4D,0xD3,0x94,0x3E,0x0B,0xDB,0x62,0x74,0xC6, + 0xA1,0x08,0xDD,0x19,0xA3,0x75,0x17,0x1B, + }; +static unsigned char dsa2048_g[]={ + 0x2C,0x78,0x16,0x59,0x34,0x63,0xF4,0xF3,0x92,0xFC,0xB5,0xA5, + 0x4F,0x13,0xDE,0x2F,0x1C,0xA4,0x3C,0xAE,0xAD,0x38,0x3F,0x7E, + 0x90,0xBF,0x96,0xA6,0xAE,0x25,0x90,0x72,0xF5,0x8E,0x80,0x0C, + 0x39,0x1C,0xD9,0xEC,0xBA,0x90,0x5B,0x3A,0xE8,0x58,0x6C,0x9E, + 0x30,0x42,0x37,0x02,0x31,0x82,0xBC,0x6A,0xDF,0x6A,0x09,0x29, + 0xE3,0xC0,0x46,0xD1,0xCB,0x85,0xEC,0x0C,0x30,0x5E,0xEA,0xC8, + 0x39,0x8E,0x22,0x9F,0x22,0x10,0xD2,0x34,0x61,0x68,0x37,0x3D, + 0x2E,0x4A,0x5B,0x9A,0xF5,0xC1,0x48,0xC6,0xF6,0xDC,0x63,0x1A, + 0xD3,0x96,0x64,0xBA,0x34,0xC9,0xD1,0xA0,0xD1,0xAE,0x6C,0x2F, + 0x48,0x17,0x93,0x14,0x43,0xED,0xF0,0x21,0x30,0x19,0xC3,0x1B, + 0x5F,0xDE,0xA3,0xF0,0x70,0x78,0x18,0xE1,0xA8,0xE4,0xEE,0x2E, + 0x00,0xA5,0xE4,0xB3,0x17,0xC8,0x0C,0x7D,0x6E,0x42,0xDC,0xB7, + 0x46,0x00,0x36,0x4D,0xD4,0x46,0xAA,0x3D,0x3C,0x46,0x89,0x40, + 0xBF,0x1D,0x84,0x77,0x0A,0x75,0xF3,0x87,0x1D,0x08,0x4C,0xA6, + 0xD1,0xA9,0x1C,0x1E,0x12,0x1E,0xE1,0xC7,0x30,0x28,0x76,0xA5, + 0x7F,0x6C,0x85,0x96,0x2B,0x6F,0xDB,0x80,0x66,0x26,0xAE,0xF5, + 0x93,0xC7,0x8E,0xAE,0x9A,0xED,0xE4,0xCA,0x04,0xEA,0x3B,0x72, + 0xEF,0xDC,0x87,0xED,0x0D,0xA5,0x4C,0x4A,0xDD,0x71,0x22,0x64, + 0x59,0x69,0x4E,0x8E,0xBF,0x43,0xDC,0xAB,0x8E,0x66,0xBB,0x01, + 0xB6,0xF4,0xE7,0xFD,0xD2,0xAD,0x9F,0x36,0xC1,0xA0,0x29,0x99, + 0xD1,0x96,0x70,0x59,0x06,0x78,0x35,0xBD,0x65,0x55,0x52,0x9E, + 0xF8,0xB2,0xE5,0x38, + }; + +DSA *get_dsa2048() + { + DSA *dsa; + + if ((dsa=DSA_new()) == NULL) return(NULL); + dsa->p=BN_bin2bn(dsa2048_p,sizeof(dsa2048_p),NULL); + dsa->q=BN_bin2bn(dsa2048_q,sizeof(dsa2048_q),NULL); + dsa->g=BN_bin2bn(dsa2048_g,sizeof(dsa2048_g),NULL); + if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL)) + return(NULL); + return(dsa); + } + diff --git a/crypto/openssl/apps/testrsa.h b/crypto/openssl/apps/testrsa.h new file mode 100644 index 0000000..9a0e811 --- /dev/null +++ b/crypto/openssl/apps/testrsa.h @@ -0,0 +1,517 @@ +/* apps/testrsa.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +static unsigned char test512[]={ + 0x30,0x82,0x01,0x3a,0x02,0x01,0x00,0x02,0x41,0x00, + 0xd6,0x33,0xb9,0xc8,0xfb,0x4f,0x3c,0x7d,0xc0,0x01, + 0x86,0xd0,0xe7,0xa0,0x55,0xf2,0x95,0x93,0xcc,0x4f, + 0xb7,0x5b,0x67,0x5b,0x94,0x68,0xc9,0x34,0x15,0xde, + 0xa5,0x2e,0x1c,0x33,0xc2,0x6e,0xfc,0x34,0x5e,0x71, + 0x13,0xb7,0xd6,0xee,0xd8,0xa5,0x65,0x05,0x72,0x87, + 0xa8,0xb0,0x77,0xfe,0x57,0xf5,0xfc,0x5f,0x55,0x83, + 0x87,0xdd,0x57,0x49,0x02,0x03,0x01,0x00,0x01,0x02, + 0x41,0x00,0xa7,0xf7,0x91,0xc5,0x0f,0x84,0x57,0xdc, + 0x07,0xf7,0x6a,0x7f,0x60,0x52,0xb3,0x72,0xf1,0x66, + 0x1f,0x7d,0x97,0x3b,0x9e,0xb6,0x0a,0x8f,0x8c,0xcf, + 0x42,0x23,0x00,0x04,0xd4,0x28,0x0e,0x1c,0x90,0xc4, + 0x11,0x25,0x25,0xa5,0x93,0xa5,0x2f,0x70,0x02,0xdf, + 0x81,0x9c,0x49,0x03,0xa0,0xf8,0x6d,0x54,0x2e,0x26, + 0xde,0xaa,0x85,0x59,0xa8,0x31,0x02,0x21,0x00,0xeb, + 0x47,0xd7,0x3b,0xf6,0xc3,0xdd,0x5a,0x46,0xc5,0xb9, + 0x2b,0x9a,0xa0,0x09,0x8f,0xa6,0xfb,0xf3,0x78,0x7a, + 0x33,0x70,0x9d,0x0f,0x42,0x6b,0x13,0x68,0x24,0xd3, + 0x15,0x02,0x21,0x00,0xe9,0x10,0xb0,0xb3,0x0d,0xe2, + 0x82,0x68,0x77,0x8a,0x6e,0x7c,0xda,0xbc,0x3e,0x53, + 0x83,0xfb,0xd6,0x22,0xe7,0xb5,0xae,0x6e,0x80,0xda, + 0x00,0x55,0x97,0xc1,0xd0,0x65,0x02,0x20,0x4c,0xf8, + 0x73,0xb1,0x6a,0x49,0x29,0x61,0x1f,0x46,0x10,0x0d, + 0xf3,0xc7,0xe7,0x58,0xd7,0x88,0x15,0x5e,0x94,0x9b, + 0xbf,0x7b,0xa2,0x42,0x58,0x45,0x41,0x0c,0xcb,0x01, + 0x02,0x20,0x12,0x11,0xba,0x31,0x57,0x9d,0x3d,0x11, + 0x0e,0x5b,0x8c,0x2f,0x5f,0xe2,0x02,0x4f,0x05,0x47, + 0x8c,0x15,0x8e,0xb3,0x56,0x3f,0xb8,0xfb,0xad,0xd4, + 0xf4,0xfc,0x10,0xc5,0x02,0x20,0x18,0xa1,0x29,0x99, + 0x5b,0xd9,0xc8,0xd4,0xfc,0x49,0x7a,0x2a,0x21,0x2c, + 0x49,0xe4,0x4f,0xeb,0xef,0x51,0xf1,0xab,0x6d,0xfb, + 0x4b,0x14,0xe9,0x4b,0x52,0xb5,0x82,0x2c, + }; + +static unsigned char test1024[]={ + 0x30,0x82,0x02,0x5c,0x02,0x01,0x00,0x02,0x81,0x81, + 0x00,0xdc,0x98,0x43,0xe8,0x3d,0x43,0x5b,0xe4,0x05, + 0xcd,0xd0,0xa9,0x3e,0xcb,0x83,0x75,0xf6,0xb5,0xa5, + 0x9f,0x6b,0xe9,0x34,0x41,0x29,0x18,0xfa,0x6a,0x55, + 0x4d,0x70,0xfc,0xec,0xae,0x87,0x38,0x0a,0x20,0xa9, + 0xc0,0x45,0x77,0x6e,0x57,0x60,0x57,0xf4,0xed,0x96, + 0x22,0xcb,0x8f,0xe1,0x33,0x3a,0x17,0x1f,0xed,0x37, + 0xa5,0x6f,0xeb,0xa6,0xbc,0x12,0x80,0x1d,0x53,0xbd, + 0x70,0xeb,0x21,0x76,0x3e,0xc9,0x2f,0x1a,0x45,0x24, + 0x82,0xff,0xcd,0x59,0x32,0x06,0x2e,0x12,0x3b,0x23, + 0x78,0xed,0x12,0x3d,0xe0,0x8d,0xf9,0x67,0x4f,0x37, + 0x4e,0x47,0x02,0x4c,0x2d,0xc0,0x4f,0x1f,0xb3,0x94, + 0xe1,0x41,0x2e,0x2d,0x90,0x10,0xfc,0x82,0x91,0x8b, + 0x0f,0x22,0xd4,0xf2,0xfc,0x2c,0xab,0x53,0x55,0x02, + 0x03,0x01,0x00,0x01,0x02,0x81,0x80,0x2b,0xcc,0x3f, + 0x8f,0x58,0xba,0x8b,0x00,0x16,0xf6,0xea,0x3a,0xf0, + 0x30,0xd0,0x05,0x17,0xda,0xb0,0xeb,0x9a,0x2d,0x4f, + 0x26,0xb0,0xd6,0x38,0xc1,0xeb,0xf5,0xd8,0x3d,0x1f, + 0x70,0xf7,0x7f,0xf4,0xe2,0xcf,0x51,0x51,0x79,0x88, + 0xfa,0xe8,0x32,0x0e,0x7b,0x2d,0x97,0xf2,0xfa,0xba, + 0x27,0xc5,0x9c,0xd9,0xc5,0xeb,0x8a,0x79,0x52,0x3c, + 0x64,0x34,0x7d,0xc2,0xcf,0x28,0xc7,0x4e,0xd5,0x43, + 0x0b,0xd1,0xa6,0xca,0x6d,0x03,0x2d,0x72,0x23,0xbc, + 0x6d,0x05,0xfa,0x16,0x09,0x2f,0x2e,0x5c,0xb6,0xee, + 0x74,0xdd,0xd2,0x48,0x8e,0x36,0x0c,0x06,0x3d,0x4d, + 0xe5,0x10,0x82,0xeb,0x6a,0xf3,0x4b,0x9f,0xd6,0xed, + 0x11,0xb1,0x6e,0xec,0xf4,0xfe,0x8e,0x75,0x94,0x20, + 0x2f,0xcb,0xac,0x46,0xf1,0x02,0x41,0x00,0xf9,0x8c, + 0xa3,0x85,0xb1,0xdd,0x29,0xaf,0x65,0xc1,0x33,0xf3, + 0x95,0xc5,0x52,0x68,0x0b,0xd4,0xf1,0xe5,0x0e,0x02, + 0x9f,0x4f,0xfa,0x77,0xdc,0x46,0x9e,0xc7,0xa6,0xe4, + 0x16,0x29,0xda,0xb0,0x07,0xcf,0x5b,0xa9,0x12,0x8a, + 0xdd,0x63,0x0a,0xde,0x2e,0x8c,0x66,0x8b,0x8c,0xdc, + 0x19,0xa3,0x7e,0xf4,0x3b,0xd0,0x1a,0x8c,0xa4,0xc2, + 0xe1,0xd3,0x02,0x41,0x00,0xe2,0x4c,0x05,0xf2,0x04, + 0x86,0x4e,0x61,0x43,0xdb,0xb0,0xb9,0x96,0x86,0x52, + 0x2c,0xca,0x8d,0x7b,0xab,0x0b,0x13,0x0d,0x7e,0x38, + 0x5b,0xe2,0x2e,0x7b,0x0e,0xe7,0x19,0x99,0x38,0xe7, + 0xf2,0x21,0xbd,0x85,0x85,0xe3,0xfd,0x28,0x77,0x20, + 0x31,0x71,0x2c,0xd0,0xff,0xfb,0x2e,0xaf,0x85,0xb4, + 0x86,0xca,0xf3,0xbb,0xca,0xaa,0x0f,0x95,0x37,0x02, + 0x40,0x0e,0x41,0x9a,0x95,0xe8,0xb3,0x59,0xce,0x4b, + 0x61,0xde,0x35,0xec,0x38,0x79,0x9c,0xb8,0x10,0x52, + 0x41,0x63,0xab,0x82,0xae,0x6f,0x00,0xa9,0xf4,0xde, + 0xdd,0x49,0x0b,0x7e,0xb8,0xa5,0x65,0xa9,0x0c,0x8f, + 0x8f,0xf9,0x1f,0x35,0xc6,0x92,0xb8,0x5e,0xb0,0x66, + 0xab,0x52,0x40,0xc0,0xb6,0x36,0x6a,0x7d,0x80,0x46, + 0x04,0x02,0xe5,0x9f,0x41,0x02,0x41,0x00,0xc0,0xad, + 0xcc,0x4e,0x21,0xee,0x1d,0x24,0x91,0xfb,0xa7,0x80, + 0x8d,0x9a,0xb6,0xb3,0x2e,0x8f,0xc2,0xe1,0x82,0xdf, + 0x69,0x18,0xb4,0x71,0xff,0xa6,0x65,0xde,0xed,0x84, + 0x8d,0x42,0xb7,0xb3,0x21,0x69,0x56,0x1c,0x07,0x60, + 0x51,0x29,0x04,0xff,0x34,0x06,0xdd,0xb9,0x67,0x2c, + 0x7c,0x04,0x93,0x0e,0x46,0x15,0xbb,0x2a,0xb7,0x1b, + 0xe7,0x87,0x02,0x40,0x78,0xda,0x5d,0x07,0x51,0x0c, + 0x16,0x7a,0x9f,0x29,0x20,0x84,0x0d,0x42,0xfa,0xd7, + 0x00,0xd8,0x77,0x7e,0xb0,0xb0,0x6b,0xd6,0x5b,0x53, + 0xb8,0x9b,0x7a,0xcd,0xc7,0x2b,0xb8,0x6a,0x63,0xa9, + 0xfb,0x6f,0xa4,0x72,0xbf,0x4c,0x5d,0x00,0x14,0xba, + 0xfa,0x59,0x88,0xed,0xe4,0xe0,0x8c,0xa2,0xec,0x14, + 0x7e,0x2d,0xe2,0xf0,0x46,0x49,0x95,0x45, + }; + +static unsigned char test2048[]={ + 0x30,0x82,0x04,0xa3,0x02,0x01,0x00,0x02,0x82,0x01, + 0x01,0x00,0xc0,0xc0,0xce,0x3e,0x3c,0x53,0x67,0x3f, + 0x4f,0xc5,0x2f,0xa4,0xc2,0x5a,0x2f,0x58,0xfd,0x27, + 0x52,0x6a,0xe8,0xcf,0x4a,0x73,0x47,0x8d,0x25,0x0f, + 0x5f,0x03,0x26,0x78,0xef,0xf0,0x22,0x12,0xd3,0xde, + 0x47,0xb2,0x1c,0x0b,0x38,0x63,0x1a,0x6c,0x85,0x7a, + 0x80,0xc6,0x8f,0xa0,0x41,0xaf,0x62,0xc4,0x67,0x32, + 0x88,0xf8,0xa6,0x9c,0xf5,0x23,0x1d,0xe4,0xac,0x3f, + 0x29,0xf9,0xec,0xe1,0x8b,0x26,0x03,0x2c,0xb2,0xab, + 0xf3,0x7d,0xb5,0xca,0x49,0xc0,0x8f,0x1c,0xdf,0x33, + 0x3a,0x60,0xda,0x3c,0xb0,0x16,0xf8,0xa9,0x12,0x8f, + 0x64,0xac,0x23,0x0c,0x69,0x64,0x97,0x5d,0x99,0xd4, + 0x09,0x83,0x9b,0x61,0xd3,0xac,0xf0,0xde,0xdd,0x5e, + 0x9f,0x44,0x94,0xdb,0x3a,0x4d,0x97,0xe8,0x52,0x29, + 0xf7,0xdb,0x94,0x07,0x45,0x90,0x78,0x1e,0x31,0x0b, + 0x80,0xf7,0x57,0xad,0x1c,0x79,0xc5,0xcb,0x32,0xb0, + 0xce,0xcd,0x74,0xb3,0xe2,0x94,0xc5,0x78,0x2f,0x34, + 0x1a,0x45,0xf7,0x8c,0x52,0xa5,0xbc,0x8d,0xec,0xd1, + 0x2f,0x31,0x3b,0xf0,0x49,0x59,0x5e,0x88,0x9d,0x15, + 0x92,0x35,0x32,0xc1,0xe7,0x61,0xec,0x50,0x48,0x7c, + 0xba,0x05,0xf9,0xf8,0xf8,0xa7,0x8c,0x83,0xe8,0x66, + 0x5b,0xeb,0xfe,0xd8,0x4f,0xdd,0x6d,0x36,0xc0,0xb2, + 0x90,0x0f,0xb8,0x52,0xf9,0x04,0x9b,0x40,0x2c,0x27, + 0xd6,0x36,0x8e,0xc2,0x1b,0x44,0xf3,0x92,0xd5,0x15, + 0x9e,0x9a,0xbc,0xf3,0x7d,0x03,0xd7,0x02,0x14,0x20, + 0xe9,0x10,0x92,0xfd,0xf9,0xfc,0x8f,0xe5,0x18,0xe1, + 0x95,0xcc,0x9e,0x60,0xa6,0xfa,0x38,0x4d,0x02,0x03, + 0x01,0x00,0x01,0x02,0x82,0x01,0x00,0x00,0xc3,0xc3, + 0x0d,0xb4,0x27,0x90,0x8d,0x4b,0xbf,0xb8,0x84,0xaa, + 0xd0,0xb8,0xc7,0x5d,0x99,0xbe,0x55,0xf6,0x3e,0x7c, + 0x49,0x20,0xcb,0x8a,0x8e,0x19,0x0e,0x66,0x24,0xac, + 0xaf,0x03,0x33,0x97,0xeb,0x95,0xd5,0x3b,0x0f,0x40, + 0x56,0x04,0x50,0xd1,0xe6,0xbe,0x84,0x0b,0x25,0xd3, + 0x9c,0xe2,0x83,0x6c,0xf5,0x62,0x5d,0xba,0x2b,0x7d, + 0x3d,0x7a,0x6c,0xe1,0xd2,0x0e,0x54,0x93,0x80,0x01, + 0x91,0x51,0x09,0xe8,0x5b,0x8e,0x47,0xbd,0x64,0xe4, + 0x0e,0x03,0x83,0x55,0xcf,0x5a,0x37,0xf0,0x25,0xb5, + 0x7d,0x21,0xd7,0x69,0xdf,0x6f,0xc2,0xcf,0x10,0xc9, + 0x8a,0x40,0x9f,0x7a,0x70,0xc0,0xe8,0xe8,0xc0,0xe6, + 0x9a,0x15,0x0a,0x8d,0x4e,0x46,0xcb,0x7a,0xdb,0xb3, + 0xcb,0x83,0x02,0xc4,0xf0,0xab,0xeb,0x02,0x01,0x0e, + 0x23,0xfc,0x1d,0xc4,0xbd,0xd4,0xaa,0x5d,0x31,0x46, + 0x99,0xce,0x9e,0xf8,0x04,0x75,0x10,0x67,0xc4,0x53, + 0x47,0x44,0xfa,0xc2,0x25,0x73,0x7e,0xd0,0x8e,0x59, + 0xd1,0xb2,0x5a,0xf4,0xc7,0x18,0x92,0x2f,0x39,0xab, + 0xcd,0xa3,0xb5,0xc2,0xb9,0xc7,0xb9,0x1b,0x9f,0x48, + 0xfa,0x13,0xc6,0x98,0x4d,0xca,0x84,0x9c,0x06,0xca, + 0xe7,0x89,0x01,0x04,0xc4,0x6c,0xfd,0x29,0x59,0x35, + 0xe7,0xf3,0xdd,0xce,0x64,0x59,0xbf,0x21,0x13,0xa9, + 0x9f,0x0e,0xc5,0xff,0xbd,0x33,0x00,0xec,0xac,0x6b, + 0x11,0xef,0x51,0x5e,0xad,0x07,0x15,0xde,0xb8,0x5f, + 0xc6,0xb9,0xa3,0x22,0x65,0x46,0x83,0x14,0xdf,0xd0, + 0xf1,0x44,0x8a,0xe1,0x9c,0x23,0x33,0xb4,0x97,0x33, + 0xe6,0x6b,0x81,0x02,0x81,0x81,0x00,0xec,0x12,0xa7, + 0x59,0x74,0x6a,0xde,0x3e,0xad,0xd8,0x36,0x80,0x50, + 0xa2,0xd5,0x21,0x81,0x07,0xf1,0xd0,0x91,0xf2,0x6c, + 0x12,0x2f,0x9d,0x1a,0x26,0xf8,0x30,0x65,0xdf,0xe8, + 0xc0,0x9b,0x6a,0x30,0x98,0x82,0x87,0xec,0xa2,0x56, + 0x87,0x62,0x6f,0xe7,0x9f,0xf6,0x56,0xe6,0x71,0x8f, + 0x49,0x86,0x93,0x5a,0x4d,0x34,0x58,0xfe,0xd9,0x04, + 0x13,0xaf,0x79,0xb7,0xad,0x11,0xd1,0x30,0x9a,0x14, + 0x06,0xa0,0xfa,0xb7,0x55,0xdc,0x6c,0x5a,0x4c,0x2c, + 0x59,0x56,0xf6,0xe8,0x9d,0xaf,0x0a,0x78,0x99,0x06, + 0x06,0x9e,0xe7,0x9c,0x51,0x55,0x43,0xfc,0x3b,0x6c, + 0x0b,0xbf,0x2d,0x41,0xa7,0xaf,0xb7,0xe0,0xe8,0x28, + 0x18,0xb4,0x13,0xd1,0xe6,0x97,0xd0,0x9f,0x6a,0x80, + 0xca,0xdd,0x1a,0x7e,0x15,0x02,0x81,0x81,0x00,0xd1, + 0x06,0x0c,0x1f,0xe3,0xd0,0xab,0xd6,0xca,0x7c,0xbc, + 0x7d,0x13,0x35,0xce,0x27,0xcd,0xd8,0x49,0x51,0x63, + 0x64,0x0f,0xca,0x06,0x12,0xfc,0x07,0x3e,0xaf,0x61, + 0x6d,0xe2,0x53,0x39,0x27,0xae,0xc3,0x11,0x9e,0x94, + 0x01,0x4f,0xe3,0xf3,0x67,0xf9,0x77,0xf9,0xe7,0x95, + 0x3a,0x6f,0xe2,0x20,0x73,0x3e,0xa4,0x7a,0x28,0xd4, + 0x61,0x97,0xf6,0x17,0xa0,0x23,0x10,0x2b,0xce,0x84, + 0x57,0x7e,0x25,0x1f,0xf4,0xa8,0x54,0xd2,0x65,0x94, + 0xcc,0x95,0x0a,0xab,0x30,0xc1,0x59,0x1f,0x61,0x8e, + 0xb9,0x6b,0xd7,0x4e,0xb9,0x83,0x43,0x79,0x85,0x11, + 0xbc,0x0f,0xae,0x25,0x20,0x05,0xbc,0xd2,0x48,0xa1, + 0x68,0x09,0x84,0xf6,0x12,0x9a,0x66,0xb9,0x2b,0xbb, + 0x76,0x03,0x17,0x46,0x4e,0x97,0x59,0x02,0x81,0x80, + 0x09,0x4c,0xfa,0xd6,0xe5,0x65,0x48,0x78,0x43,0xb5, + 0x1f,0x00,0x93,0x2c,0xb7,0x24,0xe8,0xc6,0x7d,0x5a, + 0x70,0x45,0x92,0xc8,0x6c,0xa3,0xcd,0xe1,0xf7,0x29, + 0x40,0xfa,0x3f,0x5b,0x47,0x44,0x39,0xc1,0xe8,0x72, + 0x9e,0x7a,0x0e,0xda,0xaa,0xa0,0x2a,0x09,0xfd,0x54, + 0x93,0x23,0xaa,0x37,0x85,0x5b,0xcc,0xd4,0xf9,0xd8, + 0xff,0xc1,0x61,0x0d,0xbd,0x7e,0x18,0x24,0x73,0x6d, + 0x40,0x72,0xf1,0x93,0x09,0x48,0x97,0x6c,0x84,0x90, + 0xa8,0x46,0x14,0x01,0x39,0x11,0xe5,0x3c,0x41,0x27, + 0x32,0x75,0x24,0xed,0xa1,0xd9,0x12,0x29,0x8a,0x28, + 0x71,0x89,0x8d,0xca,0x30,0xb0,0x01,0xc4,0x2f,0x82, + 0x19,0x14,0x4c,0x70,0x1c,0xb8,0x23,0x2e,0xe8,0x90, + 0x49,0x97,0x92,0x97,0x6b,0x7a,0x9d,0xb9,0x02,0x81, + 0x80,0x0f,0x0e,0xa1,0x76,0xf6,0xa1,0x44,0x8f,0xaf, + 0x7c,0x76,0xd3,0x87,0xbb,0xbb,0x83,0x10,0x88,0x01, + 0x18,0x14,0xd1,0xd3,0x75,0x59,0x24,0xaa,0xf5,0x16, + 0xa5,0xe9,0x9d,0xd1,0xcc,0xee,0xf4,0x15,0xd9,0xc5, + 0x7e,0x27,0xe9,0x44,0x49,0x06,0x72,0xb9,0xfc,0xd3, + 0x8a,0xc4,0x2c,0x36,0x7d,0x12,0x9b,0x5a,0xaa,0xdc, + 0x85,0xee,0x6e,0xad,0x54,0xb3,0xf4,0xfc,0x31,0xa1, + 0x06,0x3a,0x70,0x57,0x0c,0xf3,0x95,0x5b,0x3e,0xe8, + 0xfd,0x1a,0x4f,0xf6,0x78,0x93,0x46,0x6a,0xd7,0x31, + 0xb4,0x84,0x64,0x85,0x09,0x38,0x89,0x92,0x94,0x1c, + 0xbf,0xe2,0x3c,0x2a,0xe0,0xff,0x99,0xa3,0xf0,0x2b, + 0x31,0xc2,0x36,0xcd,0x60,0xbf,0x9d,0x2d,0x74,0x32, + 0xe8,0x9c,0x93,0x6e,0xbb,0x91,0x7b,0xfd,0xd9,0x02, + 0x81,0x81,0x00,0xa2,0x71,0x25,0x38,0xeb,0x2a,0xe9, + 0x37,0xcd,0xfe,0x44,0xce,0x90,0x3f,0x52,0x87,0x84, + 0x52,0x1b,0xae,0x8d,0x22,0x94,0xce,0x38,0xe6,0x04, + 0x88,0x76,0x85,0x9a,0xd3,0x14,0x09,0xe5,0x69,0x9a, + 0xff,0x58,0x92,0x02,0x6a,0x7d,0x7c,0x1e,0x2c,0xfd, + 0xa8,0xca,0x32,0x14,0x4f,0x0d,0x84,0x0d,0x37,0x43, + 0xbf,0xe4,0x5d,0x12,0xc8,0x24,0x91,0x27,0x8d,0x46, + 0xd9,0x54,0x53,0xe7,0x62,0x71,0xa8,0x2b,0x71,0x41, + 0x8d,0x75,0xf8,0x3a,0xa0,0x61,0x29,0x46,0xa6,0xe5, + 0x82,0xfa,0x3a,0xd9,0x08,0xfa,0xfc,0x63,0xfd,0x6b, + 0x30,0xbc,0xf4,0x4e,0x9e,0x8c,0x25,0x0c,0xb6,0x55, + 0xe7,0x3c,0xd4,0x4e,0x0b,0xfd,0x8b,0xc3,0x0e,0x1d, + 0x9c,0x44,0x57,0x8f,0x1f,0x86,0xf7,0xd5,0x1b,0xe4, + 0x95, + }; + +static unsigned char test4096[]={ + 0x30,0x82,0x09,0x29,0x02,0x01,0x00,0x02,0x82,0x02, + 0x01,0x00,0xc0,0x71,0xac,0x1a,0x13,0x88,0x82,0x43, + 0x3b,0x51,0x57,0x71,0x8d,0xb6,0x2b,0x82,0x65,0x21, + 0x53,0x5f,0x28,0x29,0x4f,0x8d,0x7c,0x8a,0xb9,0x44, + 0xb3,0x28,0x41,0x4f,0xd3,0xfa,0x6a,0xf8,0xb9,0x28, + 0x50,0x39,0x67,0x53,0x2c,0x3c,0xd7,0xcb,0x96,0x41, + 0x40,0x32,0xbb,0xeb,0x70,0xae,0x1f,0xb0,0x65,0xf7, + 0x3a,0xd9,0x22,0xfd,0x10,0xae,0xbd,0x02,0xe2,0xdd, + 0xf3,0xc2,0x79,0x3c,0xc6,0xfc,0x75,0xbb,0xaf,0x4e, + 0x3a,0x36,0xc2,0x4f,0xea,0x25,0xdf,0x13,0x16,0x4b, + 0x20,0xfe,0x4b,0x69,0x16,0xc4,0x7f,0x1a,0x43,0xa6, + 0x17,0x1b,0xb9,0x0a,0xf3,0x09,0x86,0x28,0x89,0xcf, + 0x2c,0xd0,0xd4,0x81,0xaf,0xc6,0x6d,0xe6,0x21,0x8d, + 0xee,0xef,0xea,0xdc,0xb7,0xc6,0x3b,0x63,0x9f,0x0e, + 0xad,0x89,0x78,0x23,0x18,0xbf,0x70,0x7e,0x84,0xe0, + 0x37,0xec,0xdb,0x8e,0x9c,0x3e,0x6a,0x19,0xcc,0x99, + 0x72,0xe6,0xb5,0x7d,0x6d,0xfa,0xe5,0xd3,0xe4,0x90, + 0xb5,0xb2,0xb2,0x12,0x70,0x4e,0xca,0xf8,0x10,0xf8, + 0xa3,0x14,0xc2,0x48,0x19,0xeb,0x60,0x99,0xbb,0x2a, + 0x1f,0xb1,0x7a,0xb1,0x3d,0x24,0xfb,0xa0,0x29,0xda, + 0xbd,0x1b,0xd7,0xa4,0xbf,0xef,0x60,0x2d,0x22,0xca, + 0x65,0x98,0xf1,0xc4,0xe1,0xc9,0x02,0x6b,0x16,0x28, + 0x2f,0xa1,0xaa,0x79,0x00,0xda,0xdc,0x7c,0x43,0xf7, + 0x42,0x3c,0xa0,0xef,0x68,0xf7,0xdf,0xb9,0x69,0xfb, + 0x8e,0x01,0xed,0x01,0x42,0xb5,0x4e,0x57,0xa6,0x26, + 0xb8,0xd0,0x7b,0x56,0x6d,0x03,0xc6,0x40,0x8c,0x8c, + 0x2a,0x55,0xd7,0x9c,0x35,0x00,0x94,0x93,0xec,0x03, + 0xeb,0x22,0xef,0x77,0xbb,0x79,0x13,0x3f,0x15,0xa1, + 0x8f,0xca,0xdf,0xfd,0xd3,0xb8,0xe1,0xd4,0xcc,0x09, + 0x3f,0x3c,0x2c,0xdb,0xd1,0x49,0x7f,0x38,0x07,0x83, + 0x6d,0xeb,0x08,0x66,0xe9,0x06,0x44,0x12,0xac,0x95, + 0x22,0x90,0x23,0x67,0xd4,0x08,0xcc,0xf4,0xb7,0xdc, + 0xcc,0x87,0xd4,0xac,0x69,0x35,0x4c,0xb5,0x39,0x36, + 0xcd,0xa4,0xd2,0x95,0xca,0x0d,0xc5,0xda,0xc2,0xc5, + 0x22,0x32,0x28,0x08,0xe3,0xd2,0x8b,0x38,0x30,0xdc, + 0x8c,0x75,0x4f,0x6a,0xec,0x7a,0xac,0x16,0x3e,0xa8, + 0xd4,0x6a,0x45,0xe1,0xa8,0x4f,0x2e,0x80,0x34,0xaa, + 0x54,0x1b,0x02,0x95,0x7d,0x8a,0x6d,0xcc,0x79,0xca, + 0xf2,0xa4,0x2e,0x8d,0xfb,0xfe,0x15,0x51,0x10,0x0e, + 0x4d,0x88,0xb1,0xc7,0xf4,0x79,0xdb,0xf0,0xb4,0x56, + 0x44,0x37,0xca,0x5a,0xc1,0x8c,0x48,0xac,0xae,0x48, + 0x80,0x83,0x01,0x3f,0xde,0xd9,0xd3,0x2c,0x51,0x46, + 0xb1,0x41,0xb6,0xc6,0x91,0x72,0xf9,0x83,0x55,0x1b, + 0x8c,0xba,0xf3,0x73,0xe5,0x2c,0x74,0x50,0x3a,0xbe, + 0xc5,0x2f,0xa7,0xb2,0x6d,0x8c,0x9e,0x13,0x77,0xa3, + 0x13,0xcd,0x6d,0x8c,0x45,0xe1,0xfc,0x0b,0xb7,0x69, + 0xe9,0x27,0xbc,0x65,0xc3,0xfa,0x9b,0xd0,0xef,0xfe, + 0xe8,0x1f,0xb3,0x5e,0x34,0xf4,0x8c,0xea,0xfc,0xd3, + 0x81,0xbf,0x3d,0x30,0xb2,0xb4,0x01,0xe8,0x43,0x0f, + 0xba,0x02,0x23,0x42,0x76,0x82,0x31,0x73,0x91,0xed, + 0x07,0x46,0x61,0x0d,0x39,0x83,0x40,0xce,0x7a,0xd4, + 0xdb,0x80,0x2c,0x1f,0x0d,0xd1,0x34,0xd4,0x92,0xe3, + 0xd4,0xf1,0xc2,0x01,0x02,0x03,0x01,0x00,0x01,0x02, + 0x82,0x02,0x01,0x00,0x97,0x6c,0xda,0x6e,0xea,0x4f, + 0xcf,0xaf,0xf7,0x4c,0xd9,0xf1,0x90,0x00,0x77,0xdb, + 0xf2,0x97,0x76,0x72,0xb9,0xb7,0x47,0xd1,0x9c,0xdd, + 0xcb,0x4a,0x33,0x6e,0xc9,0x75,0x76,0xe6,0xe4,0xa5, + 0x31,0x8c,0x77,0x13,0xb4,0x29,0xcd,0xf5,0x52,0x17, + 0xef,0xf3,0x08,0x00,0xe3,0xbd,0x2e,0xbc,0xd4,0x52, + 0x88,0xe9,0x30,0x75,0x0b,0x02,0xf5,0xcd,0x89,0x0c, + 0x6c,0x57,0x19,0x27,0x3d,0x1e,0x85,0xb4,0xc1,0x2f, + 0x1d,0x92,0x00,0x5c,0x76,0x29,0x4b,0xa4,0xe1,0x12, + 0xb3,0xc8,0x09,0xfe,0x0e,0x78,0x72,0x61,0xcb,0x61, + 0x6f,0x39,0x91,0x95,0x4e,0xd5,0x3e,0xc7,0x8f,0xb8, + 0xf6,0x36,0xfe,0x9c,0x93,0x9a,0x38,0x25,0x7a,0xf4, + 0x4a,0x12,0xd4,0xa0,0x13,0xbd,0xf9,0x1d,0x12,0x3e, + 0x21,0x39,0xfb,0x72,0xe0,0x05,0x3d,0xc3,0xe5,0x50, + 0xa8,0x5d,0x85,0xa3,0xea,0x5f,0x1c,0xb2,0x3f,0xea, + 0x6d,0x03,0x91,0x55,0xd8,0x19,0x0a,0x21,0x12,0x16, + 0xd9,0x12,0xc4,0xe6,0x07,0x18,0x5b,0x26,0xa4,0xae, + 0xed,0x2b,0xb7,0xa6,0xed,0xf8,0xad,0xec,0x77,0xe6, + 0x7f,0x4f,0x76,0x00,0xc0,0xfa,0x15,0x92,0xb4,0x2c, + 0x22,0xc2,0xeb,0x6a,0xad,0x14,0x05,0xb2,0xe5,0x8a, + 0x9e,0x85,0x83,0xcc,0x04,0xf1,0x56,0x78,0x44,0x5e, + 0xde,0xe0,0x60,0x1a,0x65,0x79,0x31,0x23,0x05,0xbb, + 0x01,0xff,0xdd,0x2e,0xb7,0xb3,0xaa,0x74,0xe0,0xa5, + 0x94,0xaf,0x4b,0xde,0x58,0x0f,0x55,0xde,0x33,0xf6, + 0xe3,0xd6,0x34,0x36,0x57,0xd6,0x79,0x91,0x2e,0xbe, + 0x3b,0xd9,0x4e,0xb6,0x9d,0x21,0x5c,0xd3,0x48,0x14, + 0x7f,0x4a,0xc4,0x60,0xa9,0x29,0xf8,0x53,0x7f,0x88, + 0x11,0x2d,0xb5,0xc5,0x2d,0x6f,0xee,0x85,0x0b,0xf7, + 0x8d,0x9a,0xbe,0xb0,0x42,0xf2,0x2e,0x71,0xaf,0x19, + 0x31,0x6d,0xec,0xcd,0x6f,0x2b,0x23,0xdf,0xb4,0x40, + 0xaf,0x2c,0x0a,0xc3,0x1b,0x7d,0x7d,0x03,0x1d,0x4b, + 0xf3,0xb5,0xe0,0x85,0xd8,0xdf,0x91,0x6b,0x0a,0x69, + 0xf7,0xf2,0x69,0x66,0x5b,0xf1,0xcf,0x46,0x7d,0xe9, + 0x70,0xfa,0x6d,0x7e,0x75,0x4e,0xa9,0x77,0xe6,0x8c, + 0x02,0xf7,0x14,0x4d,0xa5,0x41,0x8f,0x3f,0xc1,0x62, + 0x1e,0x71,0x5e,0x38,0xb4,0xd6,0xe6,0xe1,0x4b,0xc2, + 0x2c,0x30,0x83,0x81,0x6f,0x49,0x2e,0x96,0xe6,0xc9, + 0x9a,0xf7,0x5d,0x09,0xa0,0x55,0x02,0xa5,0x3a,0x25, + 0x23,0xd0,0x92,0xc3,0xa3,0xe3,0x0e,0x12,0x2f,0x4d, + 0xef,0xf3,0x55,0x5a,0xbe,0xe6,0x19,0x86,0x31,0xab, + 0x75,0x9a,0xd3,0xf0,0x2c,0xc5,0x41,0x92,0xd9,0x1f, + 0x5f,0x11,0x8c,0x75,0x1c,0x63,0xd0,0x02,0x80,0x2c, + 0x68,0xcb,0x93,0xfb,0x51,0x73,0x49,0xb4,0x60,0xda, + 0xe2,0x26,0xaf,0xa9,0x46,0x12,0xb8,0xec,0x50,0xdd, + 0x12,0x06,0x5f,0xce,0x59,0xe6,0xf6,0x1c,0xe0,0x54, + 0x10,0xad,0xf6,0xcd,0x98,0xcc,0x0f,0xfb,0xcb,0x41, + 0x14,0x9d,0xed,0xe4,0xb4,0x74,0x5f,0x09,0x60,0xc7, + 0x12,0xf6,0x7b,0x3c,0x8f,0xa7,0x20,0xbc,0xe4,0xb1, + 0xef,0xeb,0xa4,0x93,0xc5,0x06,0xca,0x9a,0x27,0x9d, + 0x87,0xf3,0xde,0xca,0xe5,0xe7,0xf6,0x1c,0x01,0x65, + 0x5b,0xfb,0x19,0x79,0x6e,0x08,0x26,0xc5,0xc8,0x28, + 0x0e,0xb6,0x3b,0x07,0x08,0xc1,0x02,0x82,0x01,0x01, + 0x00,0xe8,0x1c,0x73,0xa6,0xb8,0xe0,0x0e,0x6d,0x8d, + 0x1b,0xb9,0x53,0xed,0x58,0x94,0xe6,0x1d,0x60,0x14, + 0x5c,0x76,0x43,0xc4,0x58,0x19,0xc4,0x24,0xe8,0xbc, + 0x1b,0x3b,0x0b,0x13,0x24,0x45,0x54,0x0e,0xcc,0x37, + 0xf0,0xe0,0x63,0x7d,0xc3,0xf7,0xfb,0x81,0x74,0x81, + 0xc4,0x0f,0x1a,0x21,0x48,0xaf,0xce,0xc1,0xc4,0x94, + 0x18,0x06,0x44,0x8d,0xd3,0xd2,0x22,0x2d,0x2d,0x3e, + 0x5a,0x31,0xdc,0x95,0x8e,0xf4,0x41,0xfc,0x58,0xc9, + 0x40,0x92,0x17,0x5f,0xe3,0xda,0xac,0x9e,0x3f,0x1c, + 0x2a,0x6b,0x58,0x5f,0x48,0x78,0x20,0xb1,0xaf,0x24, + 0x9b,0x3c,0x20,0x8b,0x93,0x25,0x9e,0xe6,0x6b,0xbc, + 0x13,0x42,0x14,0x6c,0x36,0x31,0xff,0x7a,0xd1,0xc1, + 0x1a,0x26,0x14,0x7f,0xa9,0x76,0xa7,0x0c,0xf8,0xcc, + 0xed,0x07,0x6a,0xd2,0xdf,0x62,0xee,0x0a,0x7c,0x84, + 0xcb,0x49,0x90,0xb2,0x03,0x0d,0xa2,0x82,0x06,0x77, + 0xf1,0xcd,0x67,0xf2,0x47,0x21,0x02,0x3f,0x43,0x21, + 0xf0,0x46,0x30,0x62,0x51,0x72,0xb1,0xe7,0x48,0xc6, + 0x67,0x12,0xcd,0x9e,0xd6,0x15,0xe5,0x21,0xed,0xfa, + 0x8f,0x30,0xa6,0x41,0xfe,0xb6,0xfa,0x8f,0x34,0x14, + 0x19,0xe8,0x11,0xf7,0xa5,0x77,0x3e,0xb7,0xf9,0x39, + 0x07,0x8c,0x67,0x2a,0xab,0x7b,0x08,0xf8,0xb0,0x06, + 0xa8,0xea,0x2f,0x8f,0xfa,0xcc,0xcc,0x40,0xce,0xf3, + 0x70,0x4f,0x3f,0x7f,0xe2,0x0c,0xea,0x76,0x4a,0x35, + 0x4e,0x47,0xad,0x2b,0xa7,0x97,0x5d,0x74,0x43,0x97, + 0x90,0xd2,0xfb,0xd9,0xf9,0x96,0x01,0x33,0x05,0xed, + 0x7b,0x03,0x05,0xad,0xf8,0x49,0x03,0x02,0x82,0x01, + 0x01,0x00,0xd4,0x40,0x17,0x66,0x10,0x92,0x95,0xc8, + 0xec,0x62,0xa9,0x7a,0xcb,0x93,0x8e,0xe6,0x53,0xd4, + 0x80,0x48,0x27,0x4b,0x41,0xce,0x61,0xdf,0xbf,0x94, + 0xa4,0x3d,0x71,0x03,0x0b,0xed,0x25,0x71,0x98,0xa4, + 0xd6,0xd5,0x4a,0x57,0xf5,0x6c,0x1b,0xda,0x21,0x7d, + 0x35,0x45,0xb3,0xf3,0x6a,0xd9,0xd3,0x43,0xe8,0x5c, + 0x54,0x1c,0x83,0x1b,0xb4,0x5f,0xf2,0x97,0x24,0x2e, + 0xdc,0x40,0xde,0x92,0x23,0x59,0x8e,0xbc,0xd2,0xa1, + 0xf2,0xe0,0x4c,0xdd,0x0b,0xd1,0xe7,0xae,0x65,0xbc, + 0xb5,0xf5,0x5b,0x98,0xe9,0xd7,0xc2,0xb7,0x0e,0x55, + 0x71,0x0e,0x3c,0x0a,0x24,0x6b,0xa6,0xe6,0x14,0x61, + 0x11,0xfd,0x33,0x42,0x99,0x2b,0x84,0x77,0x74,0x92, + 0x91,0xf5,0x79,0x79,0xcf,0xad,0x8e,0x04,0xef,0x80, + 0x1e,0x57,0xf4,0x14,0xf5,0x35,0x09,0x74,0xb2,0x13, + 0x71,0x58,0x6b,0xea,0x32,0x5d,0xf3,0xd3,0x76,0x48, + 0x39,0x10,0x23,0x84,0x9d,0xbe,0x92,0x77,0x4a,0xed, + 0x70,0x3e,0x1a,0xa2,0x6c,0xb3,0x81,0x00,0xc3,0xc9, + 0xe4,0x52,0xc8,0x24,0x88,0x0c,0x41,0xad,0x87,0x5a, + 0xea,0xa3,0x7a,0x85,0x1c,0x5e,0x31,0x7f,0xc3,0x35, + 0xc6,0xfa,0x10,0xc8,0x75,0x10,0xc4,0x96,0x99,0xe7, + 0xfe,0x01,0xb4,0x74,0xdb,0xb4,0x11,0xc3,0xc8,0x8c, + 0xf6,0xf7,0x3b,0x66,0x50,0xfc,0xdb,0xeb,0xca,0x47, + 0x85,0x89,0xe1,0x65,0xd9,0x62,0x34,0x3c,0x70,0xd8, + 0x2e,0xb4,0x2f,0x65,0x3c,0x4a,0xa6,0x2a,0xe7,0xc7, + 0xd8,0x41,0x8f,0x8a,0x43,0xbf,0x42,0xf2,0x4d,0xbc, + 0xfc,0x9e,0x27,0x95,0xfb,0x75,0xff,0xab,0x02,0x82, + 0x01,0x00,0x41,0x2f,0x44,0x57,0x6d,0x12,0x17,0x5b, + 0x32,0xc6,0xb7,0x6c,0x57,0x7a,0x8a,0x0e,0x79,0xef, + 0x72,0xa8,0x68,0xda,0x2d,0x38,0xe4,0xbb,0x8d,0xf6, + 0x02,0x65,0xcf,0x56,0x13,0xe1,0x1a,0xcb,0x39,0x80, + 0xa6,0xb1,0x32,0x03,0x1e,0xdd,0xbb,0x35,0xd9,0xac, + 0x43,0x89,0x31,0x08,0x90,0x92,0x5e,0x35,0x3d,0x7b, + 0x9c,0x6f,0x86,0xcb,0x17,0xdd,0x85,0xe4,0xed,0x35, + 0x08,0x8e,0xc1,0xf4,0x05,0xd8,0x68,0xc6,0x63,0x3c, + 0xf7,0xff,0xf7,0x47,0x33,0x39,0xc5,0x3e,0xb7,0x0e, + 0x58,0x35,0x9d,0x81,0xea,0xf8,0x6a,0x2c,0x1c,0x5a, + 0x68,0x78,0x64,0x11,0x6b,0xc1,0x3e,0x4e,0x7a,0xbd, + 0x84,0xcb,0x0f,0xc2,0xb6,0x85,0x1d,0xd3,0x76,0xc5, + 0x93,0x6a,0x69,0x89,0x56,0x34,0xdc,0x4a,0x9b,0xbc, + 0xff,0xa8,0x0d,0x6e,0x35,0x9c,0x60,0xa7,0x23,0x30, + 0xc7,0x06,0x64,0x39,0x8b,0x94,0x89,0xee,0xba,0x7f, + 0x60,0x8d,0xfa,0xb6,0x97,0x76,0xdc,0x51,0x4a,0x3c, + 0xeb,0x3a,0x14,0x2c,0x20,0x60,0x69,0x4a,0x86,0xfe, + 0x8c,0x21,0x84,0x49,0x54,0xb3,0x20,0xe1,0x01,0x7f, + 0x58,0xdf,0x7f,0xb5,0x21,0x51,0x8c,0x47,0x9f,0x91, + 0xeb,0x97,0x3e,0xf2,0x54,0xcf,0x16,0x46,0xf9,0xd9, + 0xb6,0xe7,0x64,0xc9,0xd0,0x54,0xea,0x2f,0xa1,0xcf, + 0xa5,0x7f,0x28,0x8d,0x84,0xec,0xd5,0x39,0x03,0x76, + 0x5b,0x2d,0x8e,0x43,0xf2,0x01,0x24,0xc9,0x6f,0xc0, + 0xf5,0x69,0x6f,0x7d,0xb5,0x85,0xd2,0x5f,0x7f,0x78, + 0x40,0x07,0x7f,0x09,0x15,0xb5,0x1f,0x28,0x65,0x10, + 0xe4,0x19,0xa8,0xc6,0x9e,0x8d,0xdc,0xcb,0x02,0x82, + 0x01,0x00,0x13,0x01,0xee,0x56,0x80,0x93,0x70,0x00, + 0x7f,0x52,0xd2,0x94,0xa1,0x98,0x84,0x4a,0x92,0x25, + 0x4c,0x9b,0xa9,0x91,0x2e,0xc2,0x79,0xb7,0x5c,0xe3, + 0xc5,0xd5,0x8e,0xc2,0x54,0x16,0x17,0xad,0x55,0x9b, + 0x25,0x76,0x12,0x63,0x50,0x22,0x2f,0x58,0x58,0x79, + 0x6b,0x04,0xe3,0xf9,0x9f,0x8f,0x04,0x41,0x67,0x94, + 0xa5,0x1f,0xac,0x8a,0x15,0x9c,0x26,0x10,0x6c,0xf8, + 0x19,0x57,0x61,0xd7,0x3a,0x7d,0x31,0xb0,0x2d,0x38, + 0xbd,0x94,0x62,0xad,0xc4,0xfa,0x36,0x42,0x42,0xf0, + 0x24,0x67,0x65,0x9d,0x8b,0x0b,0x7c,0x6f,0x82,0x44, + 0x1a,0x8c,0xc8,0xc9,0xab,0xbb,0x4c,0x45,0xfc,0x7b, + 0x38,0xee,0x30,0xe1,0xfc,0xef,0x8d,0xbc,0x58,0xdf, + 0x2b,0x5d,0x0d,0x54,0xe0,0x49,0x4d,0x97,0x99,0x8f, + 0x22,0xa8,0x83,0xbe,0x40,0xbb,0x50,0x2e,0x78,0x28, + 0x0f,0x95,0x78,0x8c,0x8f,0x98,0x24,0x56,0xc2,0x97, + 0xf3,0x2c,0x43,0xd2,0x03,0x82,0x66,0x81,0x72,0x5f, + 0x53,0x16,0xec,0xb1,0xb1,0x04,0x5e,0x40,0x20,0x48, + 0x7b,0x3f,0x02,0x97,0x6a,0xeb,0x96,0x12,0x21,0x35, + 0xfe,0x1f,0x47,0xc0,0x95,0xea,0xc5,0x8a,0x08,0x84, + 0x4f,0x5e,0x63,0x94,0x60,0x0f,0x71,0x5b,0x7f,0x4a, + 0xec,0x4f,0x60,0xc6,0xba,0x4a,0x24,0xf1,0x20,0x8b, + 0xa7,0x2e,0x3a,0xce,0x8d,0xe0,0x27,0x1d,0xb5,0x8e, + 0xb4,0x21,0xc5,0xe2,0xa6,0x16,0x0a,0x51,0x83,0x55, + 0x88,0xd1,0x30,0x11,0x63,0xd5,0xd7,0x8d,0xae,0x16, + 0x12,0x82,0xc4,0x85,0x00,0x4e,0x27,0x83,0xa5,0x7c, + 0x90,0x2e,0xe5,0xa2,0xa3,0xd3,0x4c,0x63,0x02,0x82, + 0x01,0x01,0x00,0x86,0x08,0x98,0x98,0xa5,0x00,0x05, + 0x39,0x77,0xd9,0x66,0xb3,0xcf,0xca,0xa0,0x71,0xb3, + 0x50,0xce,0x3d,0xb1,0x93,0x95,0x35,0xc4,0xd4,0x2e, + 0x90,0xdf,0x0f,0xfc,0x60,0xc1,0x94,0x68,0x61,0x43, + 0xca,0x9a,0x23,0x4a,0x1e,0x45,0x72,0x99,0xb5,0x1e, + 0x61,0x8d,0x77,0x0f,0xa0,0xbb,0xd7,0x77,0xb4,0x2a, + 0x15,0x11,0x88,0x2d,0xb3,0x56,0x61,0x5e,0x6a,0xed, + 0xa4,0x46,0x4a,0x3f,0x50,0x11,0xd6,0xba,0xb6,0xd7, + 0x95,0x65,0x53,0xc3,0xa1,0x8f,0xe0,0xa3,0xf5,0x1c, + 0xfd,0xaf,0x6e,0x43,0xd7,0x17,0xa7,0xd3,0x81,0x1b, + 0xa4,0xdf,0xe0,0x97,0x8a,0x46,0x03,0xd3,0x46,0x0e, + 0x83,0x48,0x4e,0xd2,0x02,0xcb,0xc0,0xad,0x79,0x95, + 0x8c,0x96,0xba,0x40,0x34,0x11,0x71,0x5e,0xe9,0x11, + 0xf9,0xc5,0x4a,0x5e,0x91,0x9d,0xf5,0x92,0x4f,0xeb, + 0xc6,0x70,0x02,0x2d,0x3d,0x04,0xaa,0xe9,0x3a,0x8e, + 0xd5,0xa8,0xad,0xf7,0xce,0x0d,0x16,0xb2,0xec,0x0a, + 0x9c,0xf5,0x94,0x39,0xb9,0x8a,0xfc,0x1e,0xf9,0xcc, + 0xf2,0x5f,0x21,0x31,0x74,0x72,0x6b,0x64,0xae,0x35, + 0x61,0x8d,0x0d,0xcb,0xe7,0xda,0x39,0xca,0xf3,0x21, + 0x66,0x0b,0x95,0xd7,0x0a,0x7c,0xca,0xa1,0xa9,0x5a, + 0xe8,0xac,0xe0,0x71,0x54,0xaf,0x28,0xcf,0xd5,0x70, + 0x89,0xe0,0xf3,0x9e,0x43,0x6c,0x8d,0x7b,0x99,0x01, + 0x68,0x4d,0xa1,0x45,0x46,0x0c,0x43,0xbc,0xcc,0x2c, + 0xdd,0xc5,0x46,0xc8,0x4e,0x0e,0xbe,0xed,0xb9,0x26, + 0xab,0x2e,0xdb,0xeb,0x8f,0xff,0xdb,0xb0,0xc6,0x55, + 0xaf,0xf8,0x2a,0x91,0x9d,0x50,0x44,0x21,0x17, + }; diff --git a/crypto/openssl/apps/tkca b/crypto/openssl/apps/tkca new file mode 100644 index 0000000..bdaf216 --- /dev/null +++ b/crypto/openssl/apps/tkca @@ -0,0 +1,66 @@ +#!/usr/local/bin/perl5 +# +# This is only something I'm playing with, it does not work :-) +# + +use Tk; + +my $main=MainWindow->new(); +my $f=$main->Frame(-relief => "ridge", -borderwidth => 2); +$f->pack(-fill => 'x'); + +my $ff=$f->Frame; +$ff->pack(-fill => 'x'); +my $l=$ff->Label(-text => "TkCA - SSLeay", + -relief => "ridge", -borderwidth => 2); +$l->pack(-fill => 'x', -ipady => 5); + +my $l=$ff->Button(-text => "Certify"); +$l->pack(-fill => 'x', -ipady => 5); + +my $l=$ff->Button(-text => "Review"); +$l->pack(-fill => 'x', -ipady => 5); + +my $l=$ff->Button(-text => "Revoke"); +$l->pack(-fill => 'x', -ipady => 5); + +my $l=$ff->Button(-text => "Generate CRL"); +$l->pack(-fill => 'x', -ipady => 5); + +my($db)=&load_db("demoCA/index.txt"); + +MainLoop; + +sub load_db + { + my(%ret); + my($file)=@_; + my(*IN); + my(%db_serial,%db_name,@f,@db_s); + + $ret{'serial'}=\%db_serial; + $ret{'name'}=\%db_name; + + open(IN,"<$file") || die "unable to open $file:$!\n"; + while (<IN>) + { + chop; + s/([^\\])\t/\1\t\t/g; + my(@f)=split(/\t\t/); + die "wrong number of fields in $file, line $.\n" + if ($#f != 5); + + my(%f); + $f{'type'}=$f[0]; + $f{'exp'}=$f[1]; + $f{'rev'}=$f[2]; + $f{'serial'}=$f[3]; + $f{'file'}=$f[4]; + $f{'name'}=$f[5]; + die "serial number $f{'serial'} appears twice (line $.)\n" + if (defined($db{$f{'serial'}})) + $db_serial{$f{'serial'}}=\%f; + $db_name{$f{'name'}}.=$f{'serial'}." "; + } + return \%ret; + } diff --git a/crypto/openssl/apps/verify.c b/crypto/openssl/apps/verify.c new file mode 100644 index 0000000..093fe09 --- /dev/null +++ b/crypto/openssl/apps/verify.c @@ -0,0 +1,229 @@ +/* apps/verify.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include "apps.h" +#include <openssl/bio.h> +#include <openssl/err.h> +#include <openssl/x509.h> +#include <openssl/pem.h> + +#undef PROG +#define PROG verify_main + +static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx); +static int check(X509_STORE *ctx,char *file); +static int v_verbose=0; + +int MAIN(int argc, char **argv) + { + int i,ret=1; + char *CApath=NULL,*CAfile=NULL; + X509_STORE *cert_ctx=NULL; + X509_LOOKUP *lookup=NULL; + + cert_ctx=X509_STORE_new(); + if (cert_ctx == NULL) goto end; + X509_STORE_set_verify_cb_func(cert_ctx,cb); + + ERR_load_crypto_strings(); + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + argc--; + argv++; + for (;;) + { + if (argc >= 1) + { + if (strcmp(*argv,"-CApath") == 0) + { + if (argc-- < 1) goto end; + CApath= *(++argv); + } + else if (strcmp(*argv,"-CAfile") == 0) + { + if (argc-- < 1) goto end; + CAfile= *(++argv); + } + else if (strcmp(*argv,"-help") == 0) + goto end; + else if (strcmp(*argv,"-verbose") == 0) + v_verbose=1; + else if (argv[0][0] == '-') + goto end; + else + break; + argc--; + argv++; + } + else + break; + } + + lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file()); + if (lookup == NULL) abort(); + if (!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) + X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT); + + lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_hash_dir()); + if (lookup == NULL) abort(); + if (!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) + X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT); + + + ERR_clear_error(); + if (argc < 1) check(cert_ctx,NULL); + else + for (i=0; i<argc; i++) + check(cert_ctx,argv[i]); + ret=0; +end: + if (ret == 1) + BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] cert1 cert2 ...\n"); + if (cert_ctx != NULL) X509_STORE_free(cert_ctx); + EXIT(ret); + } + +static int check(X509_STORE *ctx, char *file) + { + X509 *x=NULL; + BIO *in=NULL; + int i=0,ret=0; + X509_STORE_CTX csc; + + in=BIO_new(BIO_s_file()); + if (in == NULL) + { + ERR_print_errors(bio_err); + goto end; + } + + if (file == NULL) + BIO_set_fp(in,stdin,BIO_NOCLOSE); + else + { + if (BIO_read_filename(in,file) <= 0) + { + perror(file); + goto end; + } + } + + x=PEM_read_bio_X509(in,NULL,NULL,NULL); + if (x == NULL) + { + fprintf(stdout,"%s: unable to load certificate file\n", + (file == NULL)?"stdin":file); + ERR_print_errors(bio_err); + goto end; + } + fprintf(stdout,"%s: ",(file == NULL)?"stdin":file); + + X509_STORE_CTX_init(&csc,ctx,x,NULL); + i=X509_verify_cert(&csc); + X509_STORE_CTX_cleanup(&csc); + + ret=0; +end: + if (i) + { + fprintf(stdout,"OK\n"); + ret=1; + } + else + ERR_print_errors(bio_err); + if (x != NULL) X509_free(x); + if (in != NULL) BIO_free(in); + + return(ret); + } + +static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx) + { + char buf[256]; + + if (!ok) + { + /* since we are just checking the certificates, it is + * ok if they are self signed. */ + if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) + ok=1; + else + { + X509_NAME_oneline( + X509_get_subject_name(ctx->current_cert),buf,256); + printf("%s\n",buf); + printf("error %d at %d depth lookup:%s\n",ctx->error, + ctx->error_depth, + X509_verify_cert_error_string(ctx->error)); + if (ctx->error == X509_V_ERR_CERT_HAS_EXPIRED) + ok=1; + } + } + if (!v_verbose) + ERR_clear_error(); + return(ok); + } + diff --git a/crypto/openssl/apps/version.c b/crypto/openssl/apps/version.c new file mode 100644 index 0000000..a567f34 --- /dev/null +++ b/crypto/openssl/apps/version.c @@ -0,0 +1,130 @@ +/* apps/version.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include "apps.h" +#include <openssl/evp.h> +#include <openssl/crypto.h> + +#undef PROG +#define PROG version_main + +int MAIN(int argc, char **argv) + { + int i,ret=0; + int cflags=0,version=0,date=0,options=0,platform=0; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + if (argc == 1) version=1; + for (i=1; i<argc; i++) + { + if (strcmp(argv[i],"-v") == 0) + version=1; + else if (strcmp(argv[i],"-b") == 0) + date=1; + else if (strcmp(argv[i],"-f") == 0) + cflags=1; + else if (strcmp(argv[i],"-o") == 0) + options=1; + else if (strcmp(argv[i],"-p") == 0) + platform=1; + else if (strcmp(argv[i],"-a") == 0) + date=version=cflags=options=platform=1; + else + { + BIO_printf(bio_err,"usage:version -[avbofp]\n"); + ret=1; + goto end; + } + } + + if (version) printf("%s\n",SSLeay_version(SSLEAY_VERSION)); + if (date) printf("%s\n",SSLeay_version(SSLEAY_BUILT_ON)); + if (platform) printf("%s\n",SSLeay_version(SSLEAY_PLATFORM)); + if (options) + { + printf("options: "); + printf("%s ",BN_options()); +#ifndef NO_MD2 + printf("%s ",MD2_options()); +#endif +#ifndef NO_RC4 + printf("%s ",RC4_options()); +#endif +#ifndef NO_DES + printf("%s ",des_options()); +#endif +#ifndef NO_IDEA + printf("%s ",idea_options()); +#endif +#ifndef NO_BF + printf("%s ",BF_options()); +#endif + printf("\n"); + } + if (cflags) printf("%s\n",SSLeay_version(SSLEAY_CFLAGS)); +end: + EXIT(ret); + } diff --git a/crypto/openssl/apps/x509.c b/crypto/openssl/apps/x509.c new file mode 100644 index 0000000..2e2d18b --- /dev/null +++ b/crypto/openssl/apps/x509.c @@ -0,0 +1,1086 @@ +/* apps/x509.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#ifdef NO_STDIO +#define APPS_WIN16 +#endif +#include "apps.h" +#include <openssl/bio.h> +#include <openssl/asn1.h> +#include <openssl/err.h> +#include <openssl/bn.h> +#include <openssl/evp.h> +#include <openssl/x509.h> +#include <openssl/x509v3.h> +#include <openssl/objects.h> +#include <openssl/pem.h> + +#undef PROG +#define PROG x509_main + +#undef POSTFIX +#define POSTFIX ".srl" +#define DEF_DAYS 30 + +#define CERT_HDR "certificate" + +static char *x509_usage[]={ +"usage: x509 args\n", +" -inform arg - input format - default PEM (one of DER, NET or PEM)\n", +" -outform arg - output format - default PEM (one of DER, NET or PEM)\n", +" -keyform arg - private key format - default PEM\n", +" -CAform arg - CA format - default PEM\n", +" -CAkeyform arg - CA key format - default PEM\n", +" -in arg - input file - default stdin\n", +" -out arg - output file - default stdout\n", +" -serial - print serial number value\n", +" -hash - print hash value\n", +" -subject - print subject DN\n", +" -issuer - print issuer DN\n", +" -startdate - notBefore field\n", +" -enddate - notAfter field\n", +" -dates - both Before and After dates\n", +" -modulus - print the RSA key modulus\n", +" -fingerprint - print the certificate fingerprint\n", +" -noout - no certificate output\n", + +" -days arg - How long till expiry of a signed certificate - def 30 days\n", +" -signkey arg - self sign cert with arg\n", +" -x509toreq - output a certification request object\n", +" -req - input is a certificate request, sign and output.\n", +" -CA arg - set the CA certificate, must be PEM format.\n", +" -CAkey arg - set the CA key, must be PEM format\n", +" missing, it is asssumed to be in the CA file.\n", +" -CAcreateserial - create serial number file if it does not exist\n", +" -CAserial - serial file\n", +" -text - print the certificate in text form\n", +" -C - print out C code forms\n", +" -md2/-md5/-sha1/-mdc2 - digest to do an RSA sign with\n", +" -extfile - configuration file with X509V3 extensions to add\n", +NULL +}; + +static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx); +static EVP_PKEY *load_key(char *file, int format); +static X509 *load_cert(char *file, int format); +static int sign (X509 *x, EVP_PKEY *pkey,int days,const EVP_MD *digest, + LHASH *conf, char *section); +static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest, + X509 *x,X509 *xca,EVP_PKEY *pkey,char *serial, + int create,int days, LHASH *conf, char *section); +static int reqfile=0; + +int MAIN(int argc, char **argv) + { + int ret=1; + X509_REQ *req=NULL; + X509 *x=NULL,*xca=NULL; + EVP_PKEY *Upkey=NULL,*CApkey=NULL; + int i,num,badops=0; + BIO *out=NULL; + BIO *STDout=NULL; + int informat,outformat,keyformat,CAformat,CAkeyformat; + char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL; + char *CAkeyfile=NULL,*CAserial=NULL; + int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0; + int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0; + int C=0; + int x509req=0,days=DEF_DAYS,modulus=0; + char **pp; + X509_STORE *ctx=NULL; + X509_REQ *rq=NULL; + int fingerprint=0; + char buf[256]; + const EVP_MD *md_alg,*digest=EVP_md5(); + LHASH *extconf = NULL; + char *extsect = NULL, *extfile = NULL; + + reqfile=0; + + apps_startup(); + + if (bio_err == NULL) + bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); + STDout=BIO_new_fp(stdout,BIO_NOCLOSE); + + informat=FORMAT_PEM; + outformat=FORMAT_PEM; + keyformat=FORMAT_PEM; + CAformat=FORMAT_PEM; + CAkeyformat=FORMAT_PEM; + + ctx=X509_STORE_new(); + if (ctx == NULL) goto end; + X509_STORE_set_verify_cb_func(ctx,callb); + + argc--; + argv++; + num=0; + while (argc >= 1) + { + if (strcmp(*argv,"-inform") == 0) + { + if (--argc < 1) goto bad; + informat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-outform") == 0) + { + if (--argc < 1) goto bad; + outformat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-keyform") == 0) + { + if (--argc < 1) goto bad; + keyformat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-req") == 0) + reqfile=1; + else if (strcmp(*argv,"-CAform") == 0) + { + if (--argc < 1) goto bad; + CAformat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-CAkeyform") == 0) + { + if (--argc < 1) goto bad; + CAformat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-days") == 0) + { + if (--argc < 1) goto bad; + days=atoi(*(++argv)); + if (days == 0) + { + BIO_printf(STDout,"bad number of days\n"); + goto bad; + } + } + else if (strcmp(*argv,"-extfile") == 0) + { + if (--argc < 1) goto bad; + extfile= *(++argv); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-signkey") == 0) + { + if (--argc < 1) goto bad; + keyfile= *(++argv); + sign_flag= ++num; + } + else if (strcmp(*argv,"-CA") == 0) + { + if (--argc < 1) goto bad; + CAfile= *(++argv); + CA_flag= ++num; + } + else if (strcmp(*argv,"-CAkey") == 0) + { + if (--argc < 1) goto bad; + CAkeyfile= *(++argv); + } + else if (strcmp(*argv,"-CAserial") == 0) + { + if (--argc < 1) goto bad; + CAserial= *(++argv); + } + else if (strcmp(*argv,"-C") == 0) + C= ++num; + else if (strcmp(*argv,"-serial") == 0) + serial= ++num; + else if (strcmp(*argv,"-modulus") == 0) + modulus= ++num; + else if (strcmp(*argv,"-x509toreq") == 0) + x509req= ++num; + else if (strcmp(*argv,"-text") == 0) + text= ++num; + else if (strcmp(*argv,"-hash") == 0) + hash= ++num; + else if (strcmp(*argv,"-subject") == 0) + subject= ++num; + else if (strcmp(*argv,"-issuer") == 0) + issuer= ++num; + else if (strcmp(*argv,"-fingerprint") == 0) + fingerprint= ++num; + else if (strcmp(*argv,"-dates") == 0) + { + startdate= ++num; + enddate= ++num; + } + else if (strcmp(*argv,"-startdate") == 0) + startdate= ++num; + else if (strcmp(*argv,"-enddate") == 0) + enddate= ++num; + else if (strcmp(*argv,"-noout") == 0) + noout= ++num; + else if (strcmp(*argv,"-CAcreateserial") == 0) + CA_createserial= ++num; + else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL) + { + /* ok */ + digest=md_alg; + } + else + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { +bad: + for (pp=x509_usage; (*pp != NULL); pp++) + BIO_printf(bio_err,*pp); + goto end; + } + + ERR_load_crypto_strings(); + X509V3_add_standard_extensions(); + + if (!X509_STORE_set_default_paths(ctx)) + { + ERR_print_errors(bio_err); + goto end; + } + + if ((CAkeyfile == NULL) && (CA_flag) && (CAformat == FORMAT_PEM)) + { CAkeyfile=CAfile; } + else if ((CA_flag) && (CAkeyfile == NULL)) + { + BIO_printf(bio_err,"need to specify a CAkey if using the CA command\n"); + goto end; + } + + if (extfile) { + long errorline; + X509V3_CTX ctx2; + if (!(extconf=CONF_load(NULL,extfile,&errorline))) { + if (errorline <= 0) + BIO_printf(bio_err, + "error loading the config file '%s'\n", + extfile); + else + BIO_printf(bio_err, + "error on line %ld of config file '%s'\n" + ,errorline,extfile); + goto end; + } + if(!(extsect = CONF_get_string(extconf, "default", + "extensions"))) extsect = "default"; + X509V3_set_ctx_test(&ctx2); + X509V3_set_conf_lhash(&ctx2, extconf); + if(!X509V3_EXT_add_conf(extconf, &ctx2, extsect, NULL)) { + BIO_printf(bio_err, + "Error Loading extension section %s\n", + extsect); + ERR_print_errors(bio_err); + goto end; + } + } + + + if (reqfile) + { + EVP_PKEY *pkey; + X509_CINF *ci; + BIO *in; + + if (!sign_flag && !CA_flag) + { + BIO_printf(bio_err,"We need a private key to sign with\n"); + goto end; + } + in=BIO_new(BIO_s_file()); + if (in == NULL) + { + ERR_print_errors(bio_err); + goto end; + } + + if (infile == NULL) + BIO_set_fp(in,stdin,BIO_NOCLOSE|BIO_FP_TEXT); + else + { + if (BIO_read_filename(in,infile) <= 0) + { + perror(infile); + goto end; + } + } + req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL); + BIO_free(in); + + if (req == NULL) { perror(infile); goto end; } + + if ( (req->req_info == NULL) || + (req->req_info->pubkey == NULL) || + (req->req_info->pubkey->public_key == NULL) || + (req->req_info->pubkey->public_key->data == NULL)) + { + BIO_printf(bio_err,"The certificate request appears to corrupted\n"); + BIO_printf(bio_err,"It does not contain a public key\n"); + goto end; + } + if ((pkey=X509_REQ_get_pubkey(req)) == NULL) + { + BIO_printf(bio_err,"error unpacking public key\n"); + goto end; + } + i=X509_REQ_verify(req,pkey); + EVP_PKEY_free(pkey); + if (i < 0) + { + BIO_printf(bio_err,"Signature verification error\n"); + ERR_print_errors(bio_err); + goto end; + } + if (i == 0) + { + BIO_printf(bio_err,"Signature did not match the certificate request\n"); + goto end; + } + else + BIO_printf(bio_err,"Signature ok\n"); + + X509_NAME_oneline(req->req_info->subject,buf,256); + BIO_printf(bio_err,"subject=%s\n",buf); + + if ((x=X509_new()) == NULL) goto end; + ci=x->cert_info; + + if (!ASN1_INTEGER_set(X509_get_serialNumber(x),0)) goto end; + if (!X509_set_issuer_name(x,req->req_info->subject)) goto end; + if (!X509_set_subject_name(x,req->req_info->subject)) goto end; + + X509_gmtime_adj(X509_get_notBefore(x),0); + X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days); + +#if 0 + X509_PUBKEY_free(ci->key); + ci->key=req->req_info->pubkey; + req->req_info->pubkey=NULL; +#else + pkey = X509_REQ_get_pubkey(req); + X509_set_pubkey(x,pkey); + EVP_PKEY_free(pkey); +#endif + } + else + x=load_cert(infile,informat); + + if (x == NULL) goto end; + if (CA_flag) + { + xca=load_cert(CAfile,CAformat); + if (xca == NULL) goto end; + } + + if (!noout || text) + { + OBJ_create("2.99999.3", + "SET.ex3","SET x509v3 extension 3"); + + out=BIO_new(BIO_s_file()); + if (out == NULL) + { + ERR_print_errors(bio_err); + goto end; + } + if (outfile == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if (BIO_write_filename(out,outfile) <= 0) + { + perror(outfile); + goto end; + } + } + } + + if (num) + { + for (i=1; i<=num; i++) + { + if (issuer == i) + { + X509_NAME_oneline(X509_get_issuer_name(x), + buf,256); + BIO_printf(STDout,"issuer= %s\n",buf); + } + else if (subject == i) + { + X509_NAME_oneline(X509_get_subject_name(x), + buf,256); + BIO_printf(STDout,"subject=%s\n",buf); + } + else if (serial == i) + { + BIO_printf(STDout,"serial="); + i2a_ASN1_INTEGER(STDout,x->cert_info->serialNumber); + BIO_printf(STDout,"\n"); + } + else if (hash == i) + { + BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x)); + } + else + if (modulus == i) + { + EVP_PKEY *pkey; + + pkey=X509_get_pubkey(x); + if (pkey == NULL) + { + BIO_printf(bio_err,"Modulus=unavailable\n"); + ERR_print_errors(bio_err); + goto end; + } + BIO_printf(STDout,"Modulus="); +#ifndef NO_RSA + if (pkey->type == EVP_PKEY_RSA) + BN_print(STDout,pkey->pkey.rsa->n); + else +#endif +#ifndef NO_DSA + if (pkey->type == EVP_PKEY_DSA) + BN_print(STDout,pkey->pkey.dsa->pub_key); + else +#endif + BIO_printf(STDout,"Wrong Algorithm type"); + BIO_printf(STDout,"\n"); + EVP_PKEY_free(pkey); + } + else + if (C == i) + { + unsigned char *d; + char *m; + int y,z; + + X509_NAME_oneline(X509_get_subject_name(x), + buf,256); + BIO_printf(STDout,"/* subject:%s */\n",buf); + m=X509_NAME_oneline( + X509_get_issuer_name(x),buf,256); + BIO_printf(STDout,"/* issuer :%s */\n",buf); + + z=i2d_X509(x,NULL); + m=Malloc(z); + + d=(unsigned char *)m; + z=i2d_X509_NAME(X509_get_subject_name(x),&d); + BIO_printf(STDout,"unsigned char XXX_subject_name[%d]={\n",z); + d=(unsigned char *)m; + for (y=0; y<z; y++) + { + BIO_printf(STDout,"0x%02X,",d[y]); + if ((y & 0x0f) == 0x0f) BIO_printf(STDout,"\n"); + } + if (y%16 != 0) BIO_printf(STDout,"\n"); + BIO_printf(STDout,"};\n"); + + z=i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x),&d); + BIO_printf(STDout,"unsigned char XXX_public_key[%d]={\n",z); + d=(unsigned char *)m; + for (y=0; y<z; y++) + { + BIO_printf(STDout,"0x%02X,",d[y]); + if ((y & 0x0f) == 0x0f) + BIO_printf(STDout,"\n"); + } + if (y%16 != 0) BIO_printf(STDout,"\n"); + BIO_printf(STDout,"};\n"); + + z=i2d_X509(x,&d); + BIO_printf(STDout,"unsigned char XXX_certificate[%d]={\n",z); + d=(unsigned char *)m; + for (y=0; y<z; y++) + { + BIO_printf(STDout,"0x%02X,",d[y]); + if ((y & 0x0f) == 0x0f) + BIO_printf(STDout,"\n"); + } + if (y%16 != 0) BIO_printf(STDout,"\n"); + BIO_printf(STDout,"};\n"); + + Free(m); + } + else if (text == i) + { + X509_print(out,x); + } + else if (startdate == i) + { + BIO_puts(STDout,"notBefore="); + ASN1_TIME_print(STDout,X509_get_notBefore(x)); + BIO_puts(STDout,"\n"); + } + else if (enddate == i) + { + BIO_puts(STDout,"notAfter="); + ASN1_TIME_print(STDout,X509_get_notAfter(x)); + BIO_puts(STDout,"\n"); + } + else if (fingerprint == i) + { + int j; + unsigned int n; + unsigned char md[EVP_MAX_MD_SIZE]; + + if (!X509_digest(x,EVP_md5(),md,&n)) + { + BIO_printf(bio_err,"out of memory\n"); + goto end; + } + BIO_printf(STDout,"MD5 Fingerprint="); + for (j=0; j<(int)n; j++) + { + BIO_printf(STDout,"%02X%c",md[j], + (j+1 == (int)n) + ?'\n':':'); + } + } + + /* should be in the library */ + else if ((sign_flag == i) && (x509req == 0)) + { + BIO_printf(bio_err,"Getting Private key\n"); + if (Upkey == NULL) + { + Upkey=load_key(keyfile,keyformat); + if (Upkey == NULL) goto end; + } +#ifndef NO_DSA + if (Upkey->type == EVP_PKEY_DSA) + digest=EVP_dss1(); +#endif + + if (!sign(x,Upkey,days,digest, + extconf, extsect)) goto end; + } + else if (CA_flag == i) + { + BIO_printf(bio_err,"Getting CA Private Key\n"); + if (CAkeyfile != NULL) + { + CApkey=load_key(CAkeyfile,CAkeyformat); + if (CApkey == NULL) goto end; + } +#ifndef NO_DSA + if (CApkey->type == EVP_PKEY_DSA) + digest=EVP_dss1(); +#endif + + if (!x509_certify(ctx,CAfile,digest,x,xca, + CApkey, CAserial,CA_createserial,days, + extconf, extsect)) + goto end; + } + else if (x509req == i) + { + EVP_PKEY *pk; + + BIO_printf(bio_err,"Getting request Private Key\n"); + if (keyfile == NULL) + { + BIO_printf(bio_err,"no request key file specified\n"); + goto end; + } + else + { + pk=load_key(keyfile,FORMAT_PEM); + if (pk == NULL) goto end; + } + + BIO_printf(bio_err,"Generating certificate request\n"); + + rq=X509_to_X509_REQ(x,pk,EVP_md5()); + EVP_PKEY_free(pk); + if (rq == NULL) + { + ERR_print_errors(bio_err); + goto end; + } + if (!noout) + { + X509_REQ_print(out,rq); + PEM_write_bio_X509_REQ(out,rq); + } + noout=1; + } + } + } + + if (noout) + { + ret=0; + goto end; + } + + if (outformat == FORMAT_ASN1) + i=i2d_X509_bio(out,x); + else if (outformat == FORMAT_PEM) + i=PEM_write_bio_X509(out,x); + else if (outformat == FORMAT_NETSCAPE) + { + ASN1_HEADER ah; + ASN1_OCTET_STRING os; + + os.data=(unsigned char *)CERT_HDR; + os.length=strlen(CERT_HDR); + ah.header= &os; + ah.data=(char *)x; + ah.meth=X509_asn1_meth(); + + /* no macro for this one yet */ + i=ASN1_i2d_bio(i2d_ASN1_HEADER,out,(unsigned char *)&ah); + } + else { + BIO_printf(bio_err,"bad output format specified for outfile\n"); + goto end; + } + if (!i) { + BIO_printf(bio_err,"unable to write certificate\n"); + ERR_print_errors(bio_err); + goto end; + } + ret=0; +end: + OBJ_cleanup(); + CONF_free(extconf); + BIO_free(out); + BIO_free(STDout); + X509_STORE_free(ctx); + X509_REQ_free(req); + X509_free(x); + X509_free(xca); + EVP_PKEY_free(Upkey); + EVP_PKEY_free(CApkey); + X509_REQ_free(rq); + X509V3_EXT_cleanup(); + EXIT(ret); + } + +static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, + X509 *x, X509 *xca, EVP_PKEY *pkey, char *serialfile, int create, + int days, LHASH *conf, char *section) + { + int ret=0; + BIO *io=NULL; + MS_STATIC char buf2[1024]; + char *buf=NULL,*p; + BIGNUM *serial=NULL; + ASN1_INTEGER *bs=NULL,bs2; + X509_STORE_CTX xsc; + EVP_PKEY *upkey; + + upkey = X509_get_pubkey(xca); + EVP_PKEY_copy_parameters(upkey,pkey); + EVP_PKEY_free(upkey); + + X509_STORE_CTX_init(&xsc,ctx,x,NULL); + buf=(char *)Malloc(EVP_PKEY_size(pkey)*2+ + ((serialfile == NULL) + ?(strlen(CAfile)+strlen(POSTFIX)+1) + :(strlen(serialfile)))+1); + if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; } + if (serialfile == NULL) + { + strcpy(buf,CAfile); + for (p=buf; *p; p++) + if (*p == '.') + { + *p='\0'; + break; + } + strcat(buf,POSTFIX); + } + else + strcpy(buf,serialfile); + serial=BN_new(); + bs=ASN1_INTEGER_new(); + if ((serial == NULL) || (bs == NULL)) + { + ERR_print_errors(bio_err); + goto end; + } + + io=BIO_new(BIO_s_file()); + if (io == NULL) + { + ERR_print_errors(bio_err); + goto end; + } + + if (BIO_read_filename(io,buf) <= 0) + { + if (!create) + { + perror(buf); + goto end; + } + else + { + ASN1_INTEGER_set(bs,0); + BN_zero(serial); + } + } + else + { + if (!a2i_ASN1_INTEGER(io,bs,buf2,1024)) + { + BIO_printf(bio_err,"unable to load serial number from %s\n",buf); + ERR_print_errors(bio_err); + goto end; + } + else + { + serial=BN_bin2bn(bs->data,bs->length,serial); + if (serial == NULL) + { + BIO_printf(bio_err,"error converting bin 2 bn"); + goto end; + } + } + } + + if (!BN_add_word(serial,1)) + { BIO_printf(bio_err,"add_word failure\n"); goto end; } + bs2.data=(unsigned char *)buf2; + bs2.length=BN_bn2bin(serial,bs2.data); + + if (BIO_write_filename(io,buf) <= 0) + { + BIO_printf(bio_err,"error attempting to write serial number file\n"); + perror(buf); + goto end; + } + i2a_ASN1_INTEGER(io,&bs2); + BIO_puts(io,"\n"); + BIO_free(io); + io=NULL; + + if (!X509_STORE_add_cert(ctx,x)) goto end; + + /* NOTE: this certificate can/should be self signed, unless it was + * a certificate request in which case it is not. */ + X509_STORE_CTX_set_cert(&xsc,x); + if (!reqfile && !X509_verify_cert(&xsc)) + goto end; + + if (!X509_check_private_key(xca,pkey)) + { + BIO_printf(bio_err,"CA certificate and CA private key do not match\n"); + goto end; + } + + if (!X509_set_issuer_name(x,X509_get_subject_name(xca))) goto end; + if (!X509_set_serialNumber(x,bs)) goto end; + + if (X509_gmtime_adj(X509_get_notBefore(x),0L) == NULL) + goto end; + + /* hardwired expired */ + if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL) + goto end; + + if(conf) { + X509V3_CTX ctx2; + X509_set_version(x,2); /* version 3 certificate */ + X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0); + X509V3_set_conf_lhash(&ctx2, conf); + if(!X509V3_EXT_add_conf(conf, &ctx2, section, x)) goto end; + } + + if (!X509_sign(x,pkey,digest)) goto end; + ret=1; +end: + X509_STORE_CTX_cleanup(&xsc); + if (!ret) + ERR_print_errors(bio_err); + if (buf != NULL) Free(buf); + if (bs != NULL) ASN1_INTEGER_free(bs); + if (io != NULL) BIO_free(io); + if (serial != NULL) BN_free(serial); + return(ret); + } + +static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx) + { + char buf[256]; + int err; + X509 *err_cert; + + /* it is ok to use a self signed certificate + * This case will catch both the initial ok == 0 and the + * final ok == 1 calls to this function */ + err=X509_STORE_CTX_get_error(ctx); + if (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) + return(1); + + /* BAD we should have gotten an error. Normally if everything + * worked X509_STORE_CTX_get_error(ctx) will still be set to + * DEPTH_ZERO_SELF_.... */ + if (ok) + { + BIO_printf(bio_err,"error with certificate to be certified - should be self signed\n"); + return(0); + } + else + { + err_cert=X509_STORE_CTX_get_current_cert(ctx); + X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256); + BIO_printf(bio_err,"%s\n",buf); + BIO_printf(bio_err,"error with certificate - error %d at depth %d\n%s\n", + err,X509_STORE_CTX_get_error_depth(ctx), + X509_verify_cert_error_string(err)); + return(1); + } + } + +static EVP_PKEY *load_key(char *file, int format) + { + BIO *key=NULL; + EVP_PKEY *pkey=NULL; + + if (file == NULL) + { + BIO_printf(bio_err,"no keyfile specified\n"); + goto end; + } + key=BIO_new(BIO_s_file()); + if (key == NULL) + { + ERR_print_errors(bio_err); + goto end; + } + if (BIO_read_filename(key,file) <= 0) + { + perror(file); + goto end; + } +#ifndef NO_RSA + if (format == FORMAT_ASN1) + { + RSA *rsa; + + rsa=d2i_RSAPrivateKey_bio(key,NULL); + if (rsa != NULL) + { + if ((pkey=EVP_PKEY_new()) != NULL) + EVP_PKEY_assign_RSA(pkey,rsa); + else + RSA_free(rsa); + } + } + else +#endif + if (format == FORMAT_PEM) + { + pkey=PEM_read_bio_PrivateKey(key,NULL,NULL,NULL); + } + else + { + BIO_printf(bio_err,"bad input format specified for key\n"); + goto end; + } +end: + if (key != NULL) BIO_free(key); + if (pkey == NULL) + BIO_printf(bio_err,"unable to load Private Key\n"); + return(pkey); + } + +static X509 *load_cert(char *file, int format) + { + ASN1_HEADER *ah=NULL; + BUF_MEM *buf=NULL; + X509 *x=NULL; + BIO *cert; + + if ((cert=BIO_new(BIO_s_file())) == NULL) + { + ERR_print_errors(bio_err); + goto end; + } + + if (file == NULL) + BIO_set_fp(cert,stdin,BIO_NOCLOSE); + else + { + if (BIO_read_filename(cert,file) <= 0) + { + perror(file); + goto end; + } + } + if (format == FORMAT_ASN1) + x=d2i_X509_bio(cert,NULL); + else if (format == FORMAT_NETSCAPE) + { + unsigned char *p,*op; + int size=0,i; + + /* We sort of have to do it this way because it is sort of nice + * to read the header first and check it, then + * try to read the certificate */ + buf=BUF_MEM_new(); + for (;;) + { + if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10))) + goto end; + i=BIO_read(cert,&(buf->data[size]),1024*10); + size+=i; + if (i == 0) break; + if (i < 0) + { + perror("reading certificate"); + goto end; + } + } + p=(unsigned char *)buf->data; + op=p; + + /* First load the header */ + if ((ah=d2i_ASN1_HEADER(NULL,&p,(long)size)) == NULL) + goto end; + if ((ah->header == NULL) || (ah->header->data == NULL) || + (strncmp(CERT_HDR,(char *)ah->header->data, + ah->header->length) != 0)) + { + BIO_printf(bio_err,"Error reading header on certificate\n"); + goto end; + } + /* header is ok, so now read the object */ + p=op; + ah->meth=X509_asn1_meth(); + if ((ah=d2i_ASN1_HEADER(&ah,&p,(long)size)) == NULL) + goto end; + x=(X509 *)ah->data; + ah->data=NULL; + } + else if (format == FORMAT_PEM) + x=PEM_read_bio_X509(cert,NULL,NULL,NULL); + else { + BIO_printf(bio_err,"bad input format specified for input cert\n"); + goto end; + } +end: + if (x == NULL) + { + BIO_printf(bio_err,"unable to load certificate\n"); + ERR_print_errors(bio_err); + } + if (ah != NULL) ASN1_HEADER_free(ah); + if (cert != NULL) BIO_free(cert); + if (buf != NULL) BUF_MEM_free(buf); + return(x); + } + +/* self sign */ +static int sign(X509 *x, EVP_PKEY *pkey, int days, const EVP_MD *digest, + LHASH *conf, char *section) + { + + EVP_PKEY *pktmp; + + pktmp = X509_get_pubkey(x); + EVP_PKEY_copy_parameters(pktmp,pkey); + EVP_PKEY_save_parameters(pktmp,1); + EVP_PKEY_free(pktmp); + + if (!X509_set_issuer_name(x,X509_get_subject_name(x))) goto err; + if (X509_gmtime_adj(X509_get_notBefore(x),0) == NULL) goto err; + + /* Lets just make it 12:00am GMT, Jan 1 1970 */ + /* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */ + /* 28 days to be certified */ + + if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL) + goto err; + + if (!X509_set_pubkey(x,pkey)) goto err; + if(conf) { + X509V3_CTX ctx; + X509_set_version(x,2); /* version 3 certificate */ + X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0); + X509V3_set_conf_lhash(&ctx, conf); + if(!X509V3_EXT_add_conf(conf, &ctx, section, x)) goto err; + } + if (!X509_sign(x,pkey,digest)) goto err; + return(1); +err: + ERR_print_errors(bio_err); + return(0); + } |
