diff options
author | simon <simon@FreeBSD.org> | 2006-07-29 19:10:21 +0000 |
---|---|---|
committer | simon <simon@FreeBSD.org> | 2006-07-29 19:10:21 +0000 |
commit | fb3c70eda88d3175627edc6a3316b4508b3d29c5 (patch) | |
tree | 213a0c4d5ba3869f66ecf970819532048fed4a9d /crypto/openssl/apps | |
parent | 3c8d7d9993705e30bc69e55cd19d8a298e582292 (diff) | |
download | FreeBSD-src-fb3c70eda88d3175627edc6a3316b4508b3d29c5.zip FreeBSD-src-fb3c70eda88d3175627edc6a3316b4508b3d29c5.tar.gz |
Vendor import of OpenSSL 0.9.8b
Diffstat (limited to 'crypto/openssl/apps')
48 files changed, 5036 insertions, 1846 deletions
diff --git a/crypto/openssl/apps/CA.pl b/crypto/openssl/apps/CA.pl index a52a004..a3965ec 100755 --- a/crypto/openssl/apps/CA.pl +++ b/crypto/openssl/apps/CA.pl @@ -36,16 +36,26 @@ # default openssl.cnf file has setup as per the following # demoCA ... where everything is stored +my $openssl; +if(defined $ENV{OPENSSL}) { + $openssl = $ENV{OPENSSL}; +} else { + $openssl = "openssl"; + $ENV{OPENSSL} = $openssl; +} + $SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"}; -$DAYS="-days 365"; -$REQ="openssl req $SSLEAY_CONFIG"; -$CA="openssl ca $SSLEAY_CONFIG"; -$VERIFY="openssl verify"; -$X509="openssl x509"; -$PKCS12="openssl pkcs12"; +$DAYS="-days 365"; # 1 year +$CADAYS="-days 1095"; # 3 years +$REQ="$openssl req $SSLEAY_CONFIG"; +$CA="$openssl ca $SSLEAY_CONFIG"; +$VERIFY="$openssl verify"; +$X509="$openssl x509"; +$PKCS12="$openssl pkcs12"; $CATOP="./demoCA"; $CAKEY="cakey.pem"; +$CAREQ="careq.pem"; $CACERT="cacert.pem"; $DIRMODE = 0777; @@ -58,19 +68,19 @@ foreach (@ARGV) { exit 0; } elsif (/^-newcert$/) { # create a certificate - system ("$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS"); + system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS"); $RET=$?; - print "Certificate (and private key) is in newreq.pem\n" + print "Certificate is in newcert.pem, private key is in newkey.pem\n" } elsif (/^-newreq$/) { # create a certificate request - system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS"); + system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS"); $RET=$?; - print "Request (and private key) is in newreq.pem\n"; + print "Request is in newreq.pem, private key is in newkey.pem\n"; } elsif (/^-newreq-nodes$/) { # create a certificate request - system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS"); + system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS"); $RET=$?; - print "Request (and private key) is in newreq.pem\n"; + print "Request is in newreq.pem, private key is in newkey.pem\n"; } elsif (/^-newca$/) { # if explicitly asked for or it doesn't exist then setup the # directory structure that Eric likes to manage things @@ -84,6 +94,9 @@ foreach (@ARGV) { mkdir "${CATOP}/private", $DIRMODE; open OUT, ">${CATOP}/index.txt"; close OUT; + open OUT, ">${CATOP}/crlnumber"; + print OUT "01\n"; + close OUT; } if ( ! -f "${CATOP}/private/$CAKEY" ) { print "CA certificate filename (or enter to create)\n"; @@ -98,22 +111,24 @@ foreach (@ARGV) { $RET=$?; } else { print "Making CA certificate ...\n"; - system ("$REQ -new -x509 -keyout " . - "${CATOP}/private/$CAKEY -out ${CATOP}/$CACERT $DAYS"); + system ("$REQ -new -keyout " . + "${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ"); + system ("$CA -create_serial " . + "-out ${CATOP}/$CACERT $CADAYS -batch " . + "-keyfile ${CATOP}/private/$CAKEY -selfsign " . + "-extensions v3_ca " . + "-infiles ${CATOP}/$CAREQ "); $RET=$?; } } - if (! -f "${CATOP}/serial" ) { - system ("$X509 -in ${CATOP}/$CACERT -noout " - . "-next_serial -out ${CATOP}/serial"); - } } elsif (/^-pkcs12$/) { my $cname = $ARGV[1]; $cname = "My Certificate" unless defined $cname; - system ("$PKCS12 -in newcert.pem -inkey newreq.pem " . + system ("$PKCS12 -in newcert.pem -inkey newkey.pem " . "-certfile ${CATOP}/$CACERT -out newcert.p12 " . "-export -name \"$cname\""); $RET=$?; + print "PKCS #12 file is in newcert.p12\n"; exit $RET; } elsif (/^-xsign$/) { system ("$CA -policy policy_anything -infiles newreq.pem"); diff --git a/crypto/openssl/apps/CA.pl.in b/crypto/openssl/apps/CA.pl.in index ae7d9c0..c783a6e 100644 --- a/crypto/openssl/apps/CA.pl.in +++ b/crypto/openssl/apps/CA.pl.in @@ -36,16 +36,26 @@ # default openssl.cnf file has setup as per the following # demoCA ... where everything is stored +my $openssl; +if(defined $ENV{OPENSSL}) { + $openssl = $ENV{OPENSSL}; +} else { + $openssl = "openssl"; + $ENV{OPENSSL} = $openssl; +} + $SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"}; -$DAYS="-days 365"; -$REQ="openssl req $SSLEAY_CONFIG"; -$CA="openssl ca $SSLEAY_CONFIG"; -$VERIFY="openssl verify"; -$X509="openssl x509"; -$PKCS12="openssl pkcs12"; +$DAYS="-days 365"; # 1 year +$CADAYS="-days 1095"; # 3 years +$REQ="$openssl req $SSLEAY_CONFIG"; +$CA="$openssl ca $SSLEAY_CONFIG"; +$VERIFY="$openssl verify"; +$X509="$openssl x509"; +$PKCS12="$openssl pkcs12"; $CATOP="./demoCA"; $CAKEY="cakey.pem"; +$CAREQ="careq.pem"; $CACERT="cacert.pem"; $DIRMODE = 0777; @@ -58,19 +68,19 @@ foreach (@ARGV) { exit 0; } elsif (/^-newcert$/) { # create a certificate - system ("$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS"); + system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS"); $RET=$?; - print "Certificate (and private key) is in newreq.pem\n" + print "Certificate is in newcert.pem, private key is in newkey.pem\n" } elsif (/^-newreq$/) { # create a certificate request - system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS"); + system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS"); $RET=$?; - print "Request (and private key) is in newreq.pem\n"; + print "Request is in newreq.pem, private key is in newkey.pem\n"; } elsif (/^-newreq-nodes$/) { # create a certificate request - system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS"); + system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS"); $RET=$?; - print "Request (and private key) is in newreq.pem\n"; + print "Request is in newreq.pem, private key is in newkey.pem\n"; } elsif (/^-newca$/) { # if explicitly asked for or it doesn't exist then setup the # directory structure that Eric likes to manage things @@ -84,6 +94,9 @@ foreach (@ARGV) { mkdir "${CATOP}/private", $DIRMODE; open OUT, ">${CATOP}/index.txt"; close OUT; + open OUT, ">${CATOP}/crlnumber"; + print OUT "01\n"; + close OUT; } if ( ! -f "${CATOP}/private/$CAKEY" ) { print "CA certificate filename (or enter to create)\n"; @@ -98,22 +111,24 @@ foreach (@ARGV) { $RET=$?; } else { print "Making CA certificate ...\n"; - system ("$REQ -new -x509 -keyout " . - "${CATOP}/private/$CAKEY -out ${CATOP}/$CACERT $DAYS"); + system ("$REQ -new -keyout " . + "${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ"); + system ("$CA -create_serial " . + "-out ${CATOP}/$CACERT $CADAYS -batch " . + "-keyfile ${CATOP}/private/$CAKEY -selfsign " . + "-extensions v3_ca " . + "-infiles ${CATOP}/$CAREQ "); $RET=$?; } } - if (! -f "${CATOP}/serial" ) { - system ("$X509 -in ${CATOP}/$CACERT -noout " - . "-next_serial -out ${CATOP}/serial"); - } } elsif (/^-pkcs12$/) { my $cname = $ARGV[1]; $cname = "My Certificate" unless defined $cname; - system ("$PKCS12 -in newcert.pem -inkey newreq.pem " . + system ("$PKCS12 -in newcert.pem -inkey newkey.pem " . "-certfile ${CATOP}/$CACERT -out newcert.p12 " . "-export -name \"$cname\""); $RET=$?; + print "PKCS #12 file is in newcert.p12\n"; exit $RET; } elsif (/^-xsign$/) { system ("$CA -policy policy_anything -infiles newreq.pem"); diff --git a/crypto/openssl/apps/CA.sh b/crypto/openssl/apps/CA.sh index d9f3069..a0b20d8 100644 --- a/crypto/openssl/apps/CA.sh +++ b/crypto/openssl/apps/CA.sh @@ -30,14 +30,18 @@ # default openssl.cnf file has setup as per the following # demoCA ... where everything is stored -DAYS="-days 365" -REQ="openssl req $SSLEAY_CONFIG" -CA="openssl ca $SSLEAY_CONFIG" -VERIFY="openssl verify" -X509="openssl x509" +if [ -z "$OPENSSL" ]; then OPENSSL=openssl; fi + +DAYS="-days 365" # 1 year +CADAYS="-days 1095" # 3 years +REQ="$OPENSSL req $SSLEAY_CONFIG" +CA="$OPENSSL ca $SSLEAY_CONFIG" +VERIFY="$OPENSSL verify" +X509="$OPENSSL x509" CATOP=./demoCA CAKEY=./cakey.pem +CAREQ=./careq.pem CACERT=./cacert.pem for i @@ -49,15 +53,15 @@ case $i in ;; -newcert) # create a certificate - $REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS + $REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS RET=$? - echo "Certificate (and private key) is in newreq.pem" + echo "Certificate is in newcert.pem, private key is in newkey.pem" ;; -newreq) # create a certificate request - $REQ -new -keyout newreq.pem -out newreq.pem $DAYS + $REQ -new -keyout newkey.pem -out newreq.pem $DAYS RET=$? - echo "Request (and private key) is in newreq.pem" + echo "Request is in newreq.pem, private key is in newkey.pem" ;; -newca) # if explicitly asked for or it doesn't exist then setup the directory @@ -70,7 +74,7 @@ case $i in mkdir ${CATOP}/crl mkdir ${CATOP}/newcerts mkdir ${CATOP}/private - echo "01" > ${CATOP}/serial + echo "00" > ${CATOP}/serial touch ${CATOP}/index.txt fi if [ ! -f ${CATOP}/private/$CAKEY ]; then @@ -83,8 +87,11 @@ case $i in RET=$? else echo "Making CA certificate ..." - $REQ -new -x509 -keyout ${CATOP}/private/$CAKEY \ - -out ${CATOP}/$CACERT $DAYS + $REQ -new -keyout ${CATOP}/private/$CAKEY \ + -out ${CATOP}/$CAREQ + $CA -out ${CATOP}/$CACERT $CADAYS -batch \ + -keyfile ${CATOP}/private/$CAKEY -selfsign \ + -infiles ${CATOP}/$CAREQ RET=$? fi fi diff --git a/crypto/openssl/apps/Makefile b/crypto/openssl/apps/Makefile index b44c8fa..79ea8a7 100644 --- a/crypto/openssl/apps/Makefile +++ b/crypto/openssl/apps/Makefile @@ -7,11 +7,6 @@ TOP= .. CC= cc INCLUDES= -I$(TOP) -I../include $(KRB5_INCLUDES) CFLAG= -g -static -INSTALL_PREFIX= -INSTALLTOP= /usr/local/ssl -OPENSSLDIR= /usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile PERL= perl RM= rm -f @@ -36,12 +31,12 @@ LIBSSL=-L.. -lssl PROGRAM= openssl -SCRIPTS=CA.sh CA.pl der_chop +SCRIPTS=CA.sh CA.pl EXE= $(PROGRAM)$(EXE_EXT) E_EXE= verify asn1pars req dgst dh dhparam enc passwd gendh errstr \ - ca crl rsa rsautl dsa dsaparam \ + ca crl rsa rsautl dsa dsaparam ec ecparam \ x509 genrsa gendsa s_server s_client speed \ s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \ pkcs8 spkac smime rand engine ocsp prime @@ -57,17 +52,19 @@ RAND_SRC=app_rand.c E_OBJ= verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o \ ca.o pkcs7.o crl2p7.o crl.o \ - rsa.o rsautl.o dsa.o dsaparam.o \ + rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o \ x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \ s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \ - ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o ocsp.o prime.o + ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o \ + ocsp.o prime.o E_SRC= verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \ pkcs7.c crl2p7.c crl.c \ - rsa.c rsautl.c dsa.c dsaparam.c \ + rsa.c rsautl.c dsa.c dsaparam.c ec.c ecparam.c \ x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \ s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \ - ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c engine.c ocsp.c prime.c + ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c engine.c \ + ocsp.c prime.c SRC=$(E_SRC) @@ -86,8 +83,13 @@ all: exe exe: $(EXE) req: sreq.o $(A_OBJ) $(DLIBCRYPTO) - LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \ - $(CC) -o req $(CFLAG) sreq.o $(A_OBJ) $(RAND_OBJ) $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + $(MAKE) -f $(TOP)/Makefile.shared -e \ + APPNAME=req OBJECTS="sreq.o $(A_OBJ) $(RAND_OBJ)" \ + LIBDEPS="$(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)" \ + link_app.$${shlib_target} sreq.o: req.c $(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c @@ -96,14 +98,15 @@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO install: - @for i in $(EXE); \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @set -e; for i in $(EXE); \ do \ (echo installing $$i; \ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \ done; - @for i in $(SCRIPTS); \ + @set -e; for i in $(SCRIPTS); \ do \ (echo installing $$i; \ cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \ @@ -125,7 +128,11 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC) + @if [ -z "$(THIS)" ]; then \ + $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \ + else \ + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \ + fi dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new @@ -143,23 +150,21 @@ $(DLIBCRYPTO): $(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL) $(RM) $(EXE) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(EXE) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO) $(EX_LIBS) ; \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "darwin-shared" ] ; then \ + LIBRARIES="$(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO)" ; \ else \ - LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \ - $(CC) -o $(EXE) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi - if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \ - TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(EXE); \ - fi - -(cd ..; OPENSSL="`pwd`/apps/$(EXE)"; export OPENSSL; \ - LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \ - DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \ - SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \ - LIBPATH="`pwd`:$$LIBPATH"; \ - if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \ - export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \ - $(PERL) tools/c_rehash certs) + LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \ + fi; \ + $(MAKE) -f $(TOP)/Makefile.shared -e \ + APPNAME=$(EXE) OBJECTS="$(PROGRAM).o $(E_OBJ)" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + link_app.$${shlib_target} + -(cd ..; \ + OPENSSL="`pwd`/util/opensslwrap.sh"; export OPENSSL; \ + $(PERL) tools/c_rehash certs) progs.h: progs.pl $(PERL) progs.pl $(E_EXE) >progs.h @@ -167,1005 +172,729 @@ progs.h: progs.pl # DO NOT DELETE THIS LINE -- make depend depends on it. -app_rand.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -app_rand.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -app_rand.o: ../include/openssl/bn.h ../include/openssl/buffer.h -app_rand.o: ../include/openssl/cast.h ../include/openssl/conf.h -app_rand.o: ../include/openssl/crypto.h ../include/openssl/des.h -app_rand.o: ../include/openssl/des_old.h ../include/openssl/dh.h -app_rand.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -app_rand.o: ../include/openssl/engine.h ../include/openssl/err.h -app_rand.o: ../include/openssl/evp.h ../include/openssl/idea.h -app_rand.o: ../include/openssl/lhash.h ../include/openssl/md2.h -app_rand.o: ../include/openssl/md4.h ../include/openssl/md5.h -app_rand.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -app_rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -app_rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -app_rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -app_rand.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -app_rand.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -app_rand.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +app_rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +app_rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h +app_rand.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +app_rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +app_rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +app_rand.o: ../include/openssl/evp.h ../include/openssl/lhash.h +app_rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +app_rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +app_rand.o: ../include/openssl/rand.h ../include/openssl/safestack.h app_rand.o: ../include/openssl/sha.h ../include/openssl/stack.h app_rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -app_rand.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h app_rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h app_rand.c app_rand.o: apps.h -apps.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -apps.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +apps.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h apps.o: ../include/openssl/bn.h ../include/openssl/buffer.h -apps.o: ../include/openssl/cast.h ../include/openssl/conf.h -apps.o: ../include/openssl/crypto.h ../include/openssl/des.h -apps.o: ../include/openssl/des_old.h ../include/openssl/dh.h -apps.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h +apps.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +apps.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h apps.o: ../include/openssl/engine.h ../include/openssl/err.h -apps.o: ../include/openssl/evp.h ../include/openssl/idea.h -apps.o: ../include/openssl/lhash.h ../include/openssl/md2.h -apps.o: ../include/openssl/md4.h ../include/openssl/md5.h -apps.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -apps.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -apps.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -apps.o: ../include/openssl/pem.h ../include/openssl/pem2.h -apps.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h -apps.o: ../include/openssl/rand.h ../include/openssl/rc2.h -apps.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -apps.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +apps.o: ../include/openssl/evp.h ../include/openssl/lhash.h +apps.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +apps.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h +apps.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h apps.o: ../include/openssl/stack.h ../include/openssl/symhacks.h apps.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -apps.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h -apps.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.c apps.h -asn1pars.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -asn1pars.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -asn1pars.o: ../include/openssl/bn.h ../include/openssl/buffer.h -asn1pars.o: ../include/openssl/cast.h ../include/openssl/conf.h -asn1pars.o: ../include/openssl/crypto.h ../include/openssl/des.h -asn1pars.o: ../include/openssl/des_old.h ../include/openssl/dh.h -asn1pars.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -asn1pars.o: ../include/openssl/engine.h ../include/openssl/err.h -asn1pars.o: ../include/openssl/evp.h ../include/openssl/idea.h -asn1pars.o: ../include/openssl/lhash.h ../include/openssl/md2.h -asn1pars.o: ../include/openssl/md4.h ../include/openssl/md5.h -asn1pars.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +apps.o: ../include/openssl/x509v3.h apps.c apps.h +asn1pars.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +asn1pars.o: ../include/openssl/buffer.h ../include/openssl/conf.h +asn1pars.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +asn1pars.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +asn1pars.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +asn1pars.o: ../include/openssl/err.h ../include/openssl/evp.h +asn1pars.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h asn1pars.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h asn1pars.o: ../include/openssl/pem.h ../include/openssl/pem2.h -asn1pars.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -asn1pars.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -asn1pars.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -asn1pars.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +asn1pars.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h asn1pars.o: ../include/openssl/sha.h ../include/openssl/stack.h asn1pars.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -asn1pars.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h asn1pars.o: asn1pars.c -ca.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -ca.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +ca.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ca.o: ../include/openssl/bn.h ../include/openssl/buffer.h -ca.o: ../include/openssl/cast.h ../include/openssl/conf.h -ca.o: ../include/openssl/crypto.h ../include/openssl/des.h -ca.o: ../include/openssl/des_old.h ../include/openssl/dh.h -ca.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h +ca.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +ca.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ca.o: ../include/openssl/engine.h ../include/openssl/err.h -ca.o: ../include/openssl/evp.h ../include/openssl/idea.h -ca.o: ../include/openssl/lhash.h ../include/openssl/md2.h -ca.o: ../include/openssl/md4.h ../include/openssl/md5.h -ca.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -ca.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ca.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ca.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ca.o: ../include/openssl/rand.h ../include/openssl/rc2.h -ca.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -ca.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -ca.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ca.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ca.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -ca.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h -ca.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ca.c -ciphers.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -ciphers.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +ca.o: ../include/openssl/evp.h ../include/openssl/lhash.h +ca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ca.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +ca.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ca.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +ca.o: ../include/openssl/sha.h ../include/openssl/stack.h +ca.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ca.o: ../include/openssl/x509v3.h apps.h ca.c +ciphers.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ciphers.o: ../include/openssl/bn.h ../include/openssl/buffer.h -ciphers.o: ../include/openssl/cast.h ../include/openssl/comp.h -ciphers.o: ../include/openssl/conf.h ../include/openssl/crypto.h -ciphers.o: ../include/openssl/des.h ../include/openssl/des_old.h -ciphers.o: ../include/openssl/dh.h ../include/openssl/dsa.h -ciphers.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h -ciphers.o: ../include/openssl/idea.h ../include/openssl/kssl.h -ciphers.o: ../include/openssl/lhash.h ../include/openssl/md2.h -ciphers.o: ../include/openssl/md4.h ../include/openssl/md5.h -ciphers.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +ciphers.o: ../include/openssl/comp.h ../include/openssl/conf.h +ciphers.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h +ciphers.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +ciphers.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +ciphers.o: ../include/openssl/engine.h ../include/openssl/err.h +ciphers.o: ../include/openssl/evp.h ../include/openssl/kssl.h +ciphers.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h ciphers.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h ciphers.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -ciphers.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -ciphers.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -ciphers.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +ciphers.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h ciphers.o: ../include/openssl/sha.h ../include/openssl/ssl.h ciphers.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h ciphers.o: ../include/openssl/ssl3.h ../include/openssl/stack.h ciphers.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ciphers.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -ciphers.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +ciphers.o: ../include/openssl/txt_db.h ../include/openssl/x509.h ciphers.o: ../include/openssl/x509_vfy.h apps.h ciphers.c -crl.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -crl.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -crl.o: ../include/openssl/bn.h ../include/openssl/buffer.h -crl.o: ../include/openssl/cast.h ../include/openssl/conf.h -crl.o: ../include/openssl/crypto.h ../include/openssl/des.h -crl.o: ../include/openssl/des_old.h ../include/openssl/dh.h -crl.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -crl.o: ../include/openssl/engine.h ../include/openssl/err.h -crl.o: ../include/openssl/evp.h ../include/openssl/idea.h -crl.o: ../include/openssl/lhash.h ../include/openssl/md2.h -crl.o: ../include/openssl/md4.h ../include/openssl/md5.h -crl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +crl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +crl.o: ../include/openssl/buffer.h ../include/openssl/conf.h +crl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +crl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +crl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +crl.o: ../include/openssl/err.h ../include/openssl/evp.h +crl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h crl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h crl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h crl.o: ../include/openssl/pem.h ../include/openssl/pem2.h -crl.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -crl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -crl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -crl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +crl.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h crl.o: ../include/openssl/sha.h ../include/openssl/stack.h crl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -crl.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h crl.o: ../include/openssl/x509v3.h apps.h crl.c -crl2p7.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -crl2p7.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -crl2p7.o: ../include/openssl/bn.h ../include/openssl/buffer.h -crl2p7.o: ../include/openssl/cast.h ../include/openssl/conf.h -crl2p7.o: ../include/openssl/crypto.h ../include/openssl/des.h -crl2p7.o: ../include/openssl/des_old.h ../include/openssl/dh.h -crl2p7.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -crl2p7.o: ../include/openssl/engine.h ../include/openssl/err.h -crl2p7.o: ../include/openssl/evp.h ../include/openssl/idea.h -crl2p7.o: ../include/openssl/lhash.h ../include/openssl/md2.h -crl2p7.o: ../include/openssl/md4.h ../include/openssl/md5.h -crl2p7.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +crl2p7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +crl2p7.o: ../include/openssl/buffer.h ../include/openssl/conf.h +crl2p7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +crl2p7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +crl2p7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +crl2p7.o: ../include/openssl/err.h ../include/openssl/evp.h +crl2p7.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h crl2p7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h crl2p7.o: ../include/openssl/pem.h ../include/openssl/pem2.h -crl2p7.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -crl2p7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -crl2p7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -crl2p7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +crl2p7.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h crl2p7.o: ../include/openssl/sha.h ../include/openssl/stack.h crl2p7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -crl2p7.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h crl2p7.o: crl2p7.c -dgst.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -dgst.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -dgst.o: ../include/openssl/bn.h ../include/openssl/buffer.h -dgst.o: ../include/openssl/cast.h ../include/openssl/conf.h -dgst.o: ../include/openssl/crypto.h ../include/openssl/des.h -dgst.o: ../include/openssl/des_old.h ../include/openssl/dh.h -dgst.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -dgst.o: ../include/openssl/engine.h ../include/openssl/err.h -dgst.o: ../include/openssl/evp.h ../include/openssl/hmac.h -dgst.o: ../include/openssl/idea.h ../include/openssl/lhash.h -dgst.o: ../include/openssl/md2.h ../include/openssl/md4.h -dgst.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -dgst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -dgst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -dgst.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -dgst.o: ../include/openssl/rand.h ../include/openssl/rc2.h -dgst.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -dgst.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h -dgst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -dgst.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -dgst.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h -dgst.o: ../include/openssl/x509_vfy.h apps.h dgst.c -dh.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -dh.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +dgst.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +dgst.o: ../include/openssl/buffer.h ../include/openssl/conf.h +dgst.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +dgst.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +dgst.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +dgst.o: ../include/openssl/err.h ../include/openssl/evp.h +dgst.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +dgst.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +dgst.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +dgst.o: ../include/openssl/pem.h ../include/openssl/pem2.h +dgst.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h +dgst.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dgst.c +dh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h dh.o: ../include/openssl/bn.h ../include/openssl/buffer.h -dh.o: ../include/openssl/cast.h ../include/openssl/conf.h -dh.o: ../include/openssl/crypto.h ../include/openssl/des.h -dh.o: ../include/openssl/des_old.h ../include/openssl/dh.h -dh.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -dh.o: ../include/openssl/engine.h ../include/openssl/err.h -dh.o: ../include/openssl/evp.h ../include/openssl/idea.h -dh.o: ../include/openssl/lhash.h ../include/openssl/md2.h -dh.o: ../include/openssl/md4.h ../include/openssl/md5.h -dh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h +dh.o: ../include/openssl/dh.h ../include/openssl/e_os2.h +dh.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +dh.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +dh.o: ../include/openssl/err.h ../include/openssl/evp.h +dh.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h dh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h dh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h -dh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -dh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -dh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -dh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +dh.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h dh.o: ../include/openssl/sha.h ../include/openssl/stack.h dh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -dh.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dh.c -dsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -dsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +dsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h dsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h -dsa.o: ../include/openssl/cast.h ../include/openssl/conf.h -dsa.o: ../include/openssl/crypto.h ../include/openssl/des.h -dsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h +dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -dsa.o: ../include/openssl/engine.h ../include/openssl/err.h -dsa.o: ../include/openssl/evp.h ../include/openssl/idea.h -dsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h -dsa.o: ../include/openssl/md4.h ../include/openssl/md5.h -dsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +dsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +dsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +dsa.o: ../include/openssl/err.h ../include/openssl/evp.h +dsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h dsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h dsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h dsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h -dsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -dsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -dsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -dsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +dsa.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h dsa.o: ../include/openssl/sha.h ../include/openssl/stack.h dsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -dsa.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dsa.c -dsaparam.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -dsaparam.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +dsaparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h dsaparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h -dsaparam.o: ../include/openssl/cast.h ../include/openssl/conf.h -dsaparam.o: ../include/openssl/crypto.h ../include/openssl/des.h -dsaparam.o: ../include/openssl/des_old.h ../include/openssl/dh.h -dsaparam.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h +dsaparam.o: ../include/openssl/dh.h ../include/openssl/dsa.h +dsaparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +dsaparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h -dsaparam.o: ../include/openssl/evp.h ../include/openssl/idea.h -dsaparam.o: ../include/openssl/lhash.h ../include/openssl/md2.h -dsaparam.o: ../include/openssl/md4.h ../include/openssl/md5.h -dsaparam.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -dsaparam.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -dsaparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h -dsaparam.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -dsaparam.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -dsaparam.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -dsaparam.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -dsaparam.o: ../include/openssl/sha.h ../include/openssl/stack.h +dsaparam.o: ../include/openssl/evp.h ../include/openssl/lhash.h +dsaparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +dsaparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +dsaparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +dsaparam.o: ../include/openssl/rand.h ../include/openssl/rsa.h +dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h +dsaparam.o: ../include/openssl/stack.h ../include/openssl/store.h dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -dsaparam.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -dsaparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -dsaparam.o: dsaparam.c -enc.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -enc.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h -enc.o: ../include/openssl/cast.h ../include/openssl/conf.h -enc.o: ../include/openssl/crypto.h ../include/openssl/des.h -enc.o: ../include/openssl/des_old.h ../include/openssl/dh.h -enc.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -enc.o: ../include/openssl/engine.h ../include/openssl/err.h -enc.o: ../include/openssl/evp.h ../include/openssl/idea.h -enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h -enc.o: ../include/openssl/md4.h ../include/openssl/md5.h -enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +dsaparam.o: ../include/openssl/ui.h ../include/openssl/x509.h +dsaparam.o: ../include/openssl/x509_vfy.h apps.h dsaparam.c +ec.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +ec.o: ../include/openssl/buffer.h ../include/openssl/conf.h +ec.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +ec.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +ec.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +ec.o: ../include/openssl/err.h ../include/openssl/evp.h +ec.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ec.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ec.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ec.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ec.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +ec.o: ../include/openssl/sha.h ../include/openssl/stack.h +ec.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +ec.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h ec.c +ecparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +ecparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h +ecparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h +ecparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +ecparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +ecparam.o: ../include/openssl/engine.h ../include/openssl/err.h +ecparam.o: ../include/openssl/evp.h ../include/openssl/lhash.h +ecparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ecparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ecparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ecparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ecparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ecparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ecparam.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +ecparam.o: ../include/openssl/x509_vfy.h apps.h ecparam.c +enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +enc.o: ../include/openssl/buffer.h ../include/openssl/conf.h +enc.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +enc.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +enc.o: ../include/openssl/err.h ../include/openssl/evp.h +enc.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h enc.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -enc.o: ../include/openssl/sha.h ../include/openssl/stack.h -enc.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -enc.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h enc.c -engine.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -engine.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h +enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +enc.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +enc.o: ../include/openssl/x509_vfy.h apps.h enc.c +engine.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h engine.o: ../include/openssl/bn.h ../include/openssl/buffer.h -engine.o: ../include/openssl/cast.h ../include/openssl/comp.h -engine.o: ../include/openssl/conf.h ../include/openssl/crypto.h -engine.o: ../include/openssl/des.h ../include/openssl/des_old.h -engine.o: ../include/openssl/dh.h ../include/openssl/dsa.h -engine.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -engine.o: ../include/openssl/err.h ../include/openssl/evp.h -engine.o: ../include/openssl/idea.h ../include/openssl/kssl.h -engine.o: ../include/openssl/lhash.h ../include/openssl/md2.h -engine.o: ../include/openssl/md4.h ../include/openssl/md5.h -engine.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +engine.o: ../include/openssl/comp.h ../include/openssl/conf.h +engine.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h +engine.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +engine.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +engine.o: ../include/openssl/engine.h ../include/openssl/err.h +engine.o: ../include/openssl/evp.h ../include/openssl/kssl.h +engine.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h engine.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h engine.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h engine.o: ../include/openssl/pem.h ../include/openssl/pem2.h -engine.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -engine.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -engine.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -engine.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +engine.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +engine.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h engine.o: ../include/openssl/sha.h ../include/openssl/ssl.h engine.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h engine.o: ../include/openssl/ssl3.h ../include/openssl/stack.h engine.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -engine.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -engine.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +engine.o: ../include/openssl/txt_db.h ../include/openssl/x509.h engine.o: ../include/openssl/x509_vfy.h apps.h engine.c -errstr.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -errstr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +errstr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h errstr.o: ../include/openssl/bn.h ../include/openssl/buffer.h -errstr.o: ../include/openssl/cast.h ../include/openssl/comp.h -errstr.o: ../include/openssl/conf.h ../include/openssl/crypto.h -errstr.o: ../include/openssl/des.h ../include/openssl/des_old.h -errstr.o: ../include/openssl/dh.h ../include/openssl/dsa.h -errstr.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -errstr.o: ../include/openssl/err.h ../include/openssl/evp.h -errstr.o: ../include/openssl/idea.h ../include/openssl/kssl.h -errstr.o: ../include/openssl/lhash.h ../include/openssl/md2.h -errstr.o: ../include/openssl/md4.h ../include/openssl/md5.h -errstr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +errstr.o: ../include/openssl/comp.h ../include/openssl/conf.h +errstr.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h +errstr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +errstr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +errstr.o: ../include/openssl/engine.h ../include/openssl/err.h +errstr.o: ../include/openssl/evp.h ../include/openssl/kssl.h +errstr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h errstr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h errstr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h -errstr.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -errstr.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -errstr.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -errstr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +errstr.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +errstr.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h errstr.o: ../include/openssl/sha.h ../include/openssl/ssl.h errstr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h errstr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h errstr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -errstr.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -errstr.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +errstr.o: ../include/openssl/txt_db.h ../include/openssl/x509.h errstr.o: ../include/openssl/x509_vfy.h apps.h errstr.c -gendh.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -gendh.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +gendh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h -gendh.o: ../include/openssl/cast.h ../include/openssl/conf.h -gendh.o: ../include/openssl/crypto.h ../include/openssl/des.h -gendh.o: ../include/openssl/des_old.h ../include/openssl/dh.h -gendh.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h +gendh.o: ../include/openssl/dh.h ../include/openssl/dsa.h +gendh.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +gendh.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h gendh.o: ../include/openssl/engine.h ../include/openssl/err.h -gendh.o: ../include/openssl/evp.h ../include/openssl/idea.h -gendh.o: ../include/openssl/lhash.h ../include/openssl/md2.h -gendh.o: ../include/openssl/md4.h ../include/openssl/md5.h -gendh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -gendh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -gendh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -gendh.o: ../include/openssl/pem.h ../include/openssl/pem2.h -gendh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -gendh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -gendh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -gendh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -gendh.o: ../include/openssl/sha.h ../include/openssl/stack.h +gendh.o: ../include/openssl/evp.h ../include/openssl/lhash.h +gendh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +gendh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +gendh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +gendh.o: ../include/openssl/rand.h ../include/openssl/rsa.h +gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h +gendh.o: ../include/openssl/stack.h ../include/openssl/store.h gendh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -gendh.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h gendh.c -gendsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -gendsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +gendh.o: ../include/openssl/ui.h ../include/openssl/x509.h +gendh.o: ../include/openssl/x509_vfy.h apps.h gendh.c +gendsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h -gendsa.o: ../include/openssl/cast.h ../include/openssl/conf.h -gendsa.o: ../include/openssl/crypto.h ../include/openssl/des.h -gendsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h +gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -gendsa.o: ../include/openssl/engine.h ../include/openssl/err.h -gendsa.o: ../include/openssl/evp.h ../include/openssl/idea.h -gendsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h -gendsa.o: ../include/openssl/md4.h ../include/openssl/md5.h -gendsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +gendsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +gendsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h +gendsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h gendsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h gendsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h gendsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h -gendsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -gendsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -gendsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -gendsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +gendsa.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h gendsa.o: ../include/openssl/sha.h ../include/openssl/stack.h gendsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -gendsa.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h gendsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h gendsa.o: gendsa.c -genrsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -genrsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +genrsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h genrsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h -genrsa.o: ../include/openssl/cast.h ../include/openssl/conf.h -genrsa.o: ../include/openssl/crypto.h ../include/openssl/des.h -genrsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h -genrsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h +genrsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h +genrsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +genrsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h -genrsa.o: ../include/openssl/evp.h ../include/openssl/idea.h -genrsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h -genrsa.o: ../include/openssl/md4.h ../include/openssl/md5.h -genrsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -genrsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -genrsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -genrsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h -genrsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -genrsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -genrsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -genrsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -genrsa.o: ../include/openssl/sha.h ../include/openssl/stack.h +genrsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h +genrsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +genrsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +genrsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +genrsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h +genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h +genrsa.o: ../include/openssl/stack.h ../include/openssl/store.h genrsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -genrsa.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -genrsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -genrsa.o: genrsa.c -nseq.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -nseq.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -nseq.o: ../include/openssl/bn.h ../include/openssl/buffer.h -nseq.o: ../include/openssl/cast.h ../include/openssl/conf.h -nseq.o: ../include/openssl/crypto.h ../include/openssl/des.h -nseq.o: ../include/openssl/des_old.h ../include/openssl/dh.h -nseq.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -nseq.o: ../include/openssl/engine.h ../include/openssl/err.h -nseq.o: ../include/openssl/evp.h ../include/openssl/idea.h -nseq.o: ../include/openssl/lhash.h ../include/openssl/md2.h -nseq.o: ../include/openssl/md4.h ../include/openssl/md5.h -nseq.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +genrsa.o: ../include/openssl/ui.h ../include/openssl/x509.h +genrsa.o: ../include/openssl/x509_vfy.h apps.h genrsa.c +nseq.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +nseq.o: ../include/openssl/buffer.h ../include/openssl/conf.h +nseq.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +nseq.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +nseq.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +nseq.o: ../include/openssl/err.h ../include/openssl/evp.h +nseq.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h nseq.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h nseq.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h nseq.o: ../include/openssl/pem.h ../include/openssl/pem2.h -nseq.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -nseq.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -nseq.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -nseq.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +nseq.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h nseq.o: ../include/openssl/sha.h ../include/openssl/stack.h nseq.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -nseq.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h nseq.c -ocsp.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -ocsp.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +ocsp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ocsp.o: ../include/openssl/bn.h ../include/openssl/buffer.h -ocsp.o: ../include/openssl/cast.h ../include/openssl/comp.h -ocsp.o: ../include/openssl/conf.h ../include/openssl/crypto.h -ocsp.o: ../include/openssl/des.h ../include/openssl/des_old.h -ocsp.o: ../include/openssl/dh.h ../include/openssl/dsa.h -ocsp.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -ocsp.o: ../include/openssl/err.h ../include/openssl/evp.h -ocsp.o: ../include/openssl/idea.h ../include/openssl/kssl.h -ocsp.o: ../include/openssl/lhash.h ../include/openssl/md2.h -ocsp.o: ../include/openssl/md4.h ../include/openssl/md5.h -ocsp.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +ocsp.o: ../include/openssl/comp.h ../include/openssl/conf.h +ocsp.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h +ocsp.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +ocsp.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +ocsp.o: ../include/openssl/engine.h ../include/openssl/err.h +ocsp.o: ../include/openssl/evp.h ../include/openssl/kssl.h +ocsp.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h ocsp.o: ../include/openssl/objects.h ../include/openssl/ocsp.h ocsp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h ocsp.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h ocsp.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ocsp.o: ../include/openssl/rand.h ../include/openssl/rc2.h -ocsp.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -ocsp.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +ocsp.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h ocsp.o: ../include/openssl/safestack.h ../include/openssl/sha.h ocsp.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h ocsp.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h ocsp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h ocsp.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -ocsp.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h ocsp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ocsp.o: ../include/openssl/x509v3.h apps.h ocsp.c -openssl.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -openssl.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h openssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h -openssl.o: ../include/openssl/cast.h ../include/openssl/comp.h -openssl.o: ../include/openssl/conf.h ../include/openssl/crypto.h -openssl.o: ../include/openssl/des.h ../include/openssl/des_old.h -openssl.o: ../include/openssl/dh.h ../include/openssl/dsa.h -openssl.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -openssl.o: ../include/openssl/err.h ../include/openssl/evp.h -openssl.o: ../include/openssl/fips.h ../include/openssl/idea.h -openssl.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -openssl.o: ../include/openssl/md2.h ../include/openssl/md4.h -openssl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -openssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -openssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -openssl.o: ../include/openssl/rand.h ../include/openssl/rc2.h -openssl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -openssl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h -openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -openssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -openssl.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -openssl.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -openssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -openssl.o: openssl.c progs.h s_apps.h -passwd.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -passwd.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -passwd.o: ../include/openssl/bn.h ../include/openssl/buffer.h -passwd.o: ../include/openssl/cast.h ../include/openssl/conf.h +openssl.o: ../include/openssl/comp.h ../include/openssl/conf.h +openssl.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h +openssl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +openssl.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +openssl.o: ../include/openssl/engine.h ../include/openssl/err.h +openssl.o: ../include/openssl/evp.h ../include/openssl/kssl.h +openssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +openssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +openssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +openssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h +openssl.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +openssl.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h +openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h +openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +openssl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +openssl.o: ../include/openssl/x509_vfy.h apps.h openssl.c progs.h s_apps.h +passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +passwd.o: ../include/openssl/buffer.h ../include/openssl/conf.h passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h -passwd.o: ../include/openssl/des_old.h ../include/openssl/dh.h -passwd.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -passwd.o: ../include/openssl/engine.h ../include/openssl/err.h -passwd.o: ../include/openssl/evp.h ../include/openssl/idea.h -passwd.o: ../include/openssl/lhash.h ../include/openssl/md2.h -passwd.o: ../include/openssl/md4.h ../include/openssl/md5.h -passwd.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -passwd.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -passwd.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -passwd.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -passwd.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -passwd.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -passwd.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +passwd.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h +passwd.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +passwd.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +passwd.o: ../include/openssl/err.h ../include/openssl/evp.h +passwd.o: ../include/openssl/lhash.h ../include/openssl/md5.h +passwd.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +passwd.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +passwd.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +passwd.o: ../include/openssl/rand.h ../include/openssl/safestack.h passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h passwd.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h passwd.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h passwd.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h passwd.o: passwd.c -pkcs12.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -pkcs12.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -pkcs12.o: ../include/openssl/bn.h ../include/openssl/buffer.h -pkcs12.o: ../include/openssl/cast.h ../include/openssl/conf.h -pkcs12.o: ../include/openssl/crypto.h ../include/openssl/des.h -pkcs12.o: ../include/openssl/des_old.h ../include/openssl/dh.h -pkcs12.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -pkcs12.o: ../include/openssl/engine.h ../include/openssl/err.h -pkcs12.o: ../include/openssl/evp.h ../include/openssl/idea.h -pkcs12.o: ../include/openssl/lhash.h ../include/openssl/md2.h -pkcs12.o: ../include/openssl/md4.h ../include/openssl/md5.h -pkcs12.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +pkcs12.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +pkcs12.o: ../include/openssl/buffer.h ../include/openssl/conf.h +pkcs12.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +pkcs12.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +pkcs12.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h +pkcs12.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h pkcs12.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h pkcs12.o: ../include/openssl/pem.h ../include/openssl/pem2.h pkcs12.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h -pkcs12.o: ../include/openssl/rand.h ../include/openssl/rc2.h -pkcs12.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -pkcs12.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h pkcs12.o: ../include/openssl/safestack.h ../include/openssl/sha.h pkcs12.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -pkcs12.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -pkcs12.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +pkcs12.o: ../include/openssl/txt_db.h ../include/openssl/x509.h pkcs12.o: ../include/openssl/x509_vfy.h apps.h pkcs12.c -pkcs7.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -pkcs7.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -pkcs7.o: ../include/openssl/bn.h ../include/openssl/buffer.h -pkcs7.o: ../include/openssl/cast.h ../include/openssl/conf.h -pkcs7.o: ../include/openssl/crypto.h ../include/openssl/des.h -pkcs7.o: ../include/openssl/des_old.h ../include/openssl/dh.h -pkcs7.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -pkcs7.o: ../include/openssl/engine.h ../include/openssl/err.h -pkcs7.o: ../include/openssl/evp.h ../include/openssl/idea.h -pkcs7.o: ../include/openssl/lhash.h ../include/openssl/md2.h -pkcs7.o: ../include/openssl/md4.h ../include/openssl/md5.h -pkcs7.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +pkcs7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +pkcs7.o: ../include/openssl/buffer.h ../include/openssl/conf.h +pkcs7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +pkcs7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +pkcs7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h +pkcs7.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h pkcs7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h pkcs7.o: ../include/openssl/pem.h ../include/openssl/pem2.h -pkcs7.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -pkcs7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -pkcs7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -pkcs7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +pkcs7.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h pkcs7.o: ../include/openssl/sha.h ../include/openssl/stack.h pkcs7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -pkcs7.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h pkcs7.c -pkcs8.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -pkcs8.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -pkcs8.o: ../include/openssl/bn.h ../include/openssl/buffer.h -pkcs8.o: ../include/openssl/cast.h ../include/openssl/conf.h -pkcs8.o: ../include/openssl/crypto.h ../include/openssl/des.h -pkcs8.o: ../include/openssl/des_old.h ../include/openssl/dh.h -pkcs8.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -pkcs8.o: ../include/openssl/engine.h ../include/openssl/err.h -pkcs8.o: ../include/openssl/evp.h ../include/openssl/idea.h -pkcs8.o: ../include/openssl/lhash.h ../include/openssl/md2.h -pkcs8.o: ../include/openssl/md4.h ../include/openssl/md5.h -pkcs8.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +pkcs8.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +pkcs8.o: ../include/openssl/buffer.h ../include/openssl/conf.h +pkcs8.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +pkcs8.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +pkcs8.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h +pkcs8.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h pkcs8.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h pkcs8.o: ../include/openssl/pem.h ../include/openssl/pem2.h pkcs8.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h -pkcs8.o: ../include/openssl/rand.h ../include/openssl/rc2.h -pkcs8.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -pkcs8.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h pkcs8.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -pkcs8.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -pkcs8.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +pkcs8.o: ../include/openssl/txt_db.h ../include/openssl/x509.h pkcs8.o: ../include/openssl/x509_vfy.h apps.h pkcs8.c -prime.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -prime.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +prime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h prime.o: ../include/openssl/bn.h ../include/openssl/buffer.h -prime.o: ../include/openssl/cast.h ../include/openssl/conf.h -prime.o: ../include/openssl/crypto.h ../include/openssl/des.h -prime.o: ../include/openssl/des_old.h ../include/openssl/dh.h -prime.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -prime.o: ../include/openssl/engine.h ../include/openssl/err.h -prime.o: ../include/openssl/evp.h ../include/openssl/idea.h -prime.o: ../include/openssl/lhash.h ../include/openssl/md2.h -prime.o: ../include/openssl/md4.h ../include/openssl/md5.h -prime.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +prime.o: ../include/openssl/conf.h ../include/openssl/crypto.h +prime.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +prime.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +prime.o: ../include/openssl/engine.h ../include/openssl/evp.h +prime.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h prime.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h prime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -prime.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -prime.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -prime.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -prime.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +prime.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h prime.o: ../include/openssl/sha.h ../include/openssl/stack.h prime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -prime.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h prime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h prime.c -rand.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -rand.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -rand.o: ../include/openssl/bn.h ../include/openssl/buffer.h -rand.o: ../include/openssl/cast.h ../include/openssl/conf.h -rand.o: ../include/openssl/crypto.h ../include/openssl/des.h -rand.o: ../include/openssl/des_old.h ../include/openssl/dh.h -rand.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -rand.o: ../include/openssl/engine.h ../include/openssl/err.h -rand.o: ../include/openssl/evp.h ../include/openssl/idea.h -rand.o: ../include/openssl/lhash.h ../include/openssl/md2.h -rand.o: ../include/openssl/md4.h ../include/openssl/md5.h -rand.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h +rand.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +rand.o: ../include/openssl/err.h ../include/openssl/evp.h +rand.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -rand.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -rand.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -rand.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -rand.o: ../include/openssl/sha.h ../include/openssl/stack.h -rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -rand.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h rand.c -req.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h -req.o: ../include/openssl/asn1.h ../include/openssl/bio.h -req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -req.o: ../include/openssl/buffer.h ../include/openssl/cast.h +rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h +rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +rand.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +rand.o: ../include/openssl/x509_vfy.h apps.h rand.c +req.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +req.o: ../include/openssl/bn.h ../include/openssl/buffer.h req.o: ../include/openssl/conf.h ../include/openssl/crypto.h -req.o: ../include/openssl/des.h ../include/openssl/des_old.h req.o: ../include/openssl/dh.h ../include/openssl/dsa.h -req.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -req.o: ../include/openssl/err.h ../include/openssl/evp.h -req.o: ../include/openssl/idea.h ../include/openssl/lhash.h -req.o: ../include/openssl/md2.h ../include/openssl/md4.h -req.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +req.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +req.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +req.o: ../include/openssl/engine.h ../include/openssl/err.h +req.o: ../include/openssl/evp.h ../include/openssl/lhash.h req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h req.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -req.o: ../include/openssl/rand.h ../include/openssl/rc2.h -req.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -req.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +req.o: ../include/openssl/rand.h ../include/openssl/rsa.h req.o: ../include/openssl/safestack.h ../include/openssl/sha.h -req.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -req.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -req.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +req.o: ../include/openssl/stack.h ../include/openssl/store.h +req.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +req.o: ../include/openssl/ui.h ../include/openssl/x509.h req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c -rsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -rsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h -rsa.o: ../include/openssl/cast.h ../include/openssl/conf.h -rsa.o: ../include/openssl/crypto.h ../include/openssl/des.h -rsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h -rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h +rsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +rsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h rsa.o: ../include/openssl/engine.h ../include/openssl/err.h -rsa.o: ../include/openssl/evp.h ../include/openssl/idea.h -rsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h -rsa.o: ../include/openssl/md4.h ../include/openssl/md5.h -rsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -rsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h -rsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -rsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -rsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +rsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h +rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h rsa.o: ../include/openssl/sha.h ../include/openssl/stack.h rsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -rsa.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h rsa.c -rsautl.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -rsautl.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -rsautl.o: ../include/openssl/bn.h ../include/openssl/buffer.h -rsautl.o: ../include/openssl/cast.h ../include/openssl/conf.h -rsautl.o: ../include/openssl/crypto.h ../include/openssl/des.h -rsautl.o: ../include/openssl/des_old.h ../include/openssl/dh.h -rsautl.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -rsautl.o: ../include/openssl/engine.h ../include/openssl/err.h -rsautl.o: ../include/openssl/evp.h ../include/openssl/idea.h -rsautl.o: ../include/openssl/lhash.h ../include/openssl/md2.h -rsautl.o: ../include/openssl/md4.h ../include/openssl/md5.h -rsautl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +rsautl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +rsautl.o: ../include/openssl/buffer.h ../include/openssl/conf.h +rsautl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +rsautl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +rsautl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +rsautl.o: ../include/openssl/err.h ../include/openssl/evp.h +rsautl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h rsautl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h rsautl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h rsautl.o: ../include/openssl/pem.h ../include/openssl/pem2.h -rsautl.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -rsautl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -rsautl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -rsautl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -rsautl.o: ../include/openssl/sha.h ../include/openssl/stack.h -rsautl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -rsautl.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -rsautl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -rsautl.o: rsautl.c -s_cb.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -s_cb.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +rsautl.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +rsautl.o: ../include/openssl/safestack.h ../include/openssl/sha.h +rsautl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +rsautl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +rsautl.o: ../include/openssl/x509_vfy.h apps.h rsautl.c +s_cb.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_cb.o: ../include/openssl/bn.h ../include/openssl/buffer.h -s_cb.o: ../include/openssl/cast.h ../include/openssl/comp.h -s_cb.o: ../include/openssl/conf.h ../include/openssl/crypto.h -s_cb.o: ../include/openssl/des.h ../include/openssl/des_old.h -s_cb.o: ../include/openssl/dh.h ../include/openssl/dsa.h -s_cb.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h -s_cb.o: ../include/openssl/idea.h ../include/openssl/kssl.h -s_cb.o: ../include/openssl/lhash.h ../include/openssl/md2.h -s_cb.o: ../include/openssl/md4.h ../include/openssl/md5.h -s_cb.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +s_cb.o: ../include/openssl/comp.h ../include/openssl/conf.h +s_cb.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h +s_cb.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +s_cb.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +s_cb.o: ../include/openssl/engine.h ../include/openssl/err.h +s_cb.o: ../include/openssl/evp.h ../include/openssl/kssl.h +s_cb.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h s_cb.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h s_cb.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -s_cb.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -s_cb.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -s_cb.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s_cb.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h s_cb.o: ../include/openssl/sha.h ../include/openssl/ssl.h s_cb.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h s_cb.o: ../include/openssl/ssl3.h ../include/openssl/stack.h s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s_cb.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -s_cb.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +s_cb.o: ../include/openssl/txt_db.h ../include/openssl/x509.h s_cb.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_cb.c -s_client.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -s_client.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +s_client.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h -s_client.o: ../include/openssl/cast.h ../include/openssl/comp.h -s_client.o: ../include/openssl/conf.h ../include/openssl/crypto.h -s_client.o: ../include/openssl/des.h ../include/openssl/des_old.h -s_client.o: ../include/openssl/dh.h ../include/openssl/dsa.h -s_client.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -s_client.o: ../include/openssl/err.h ../include/openssl/evp.h -s_client.o: ../include/openssl/idea.h ../include/openssl/kssl.h -s_client.o: ../include/openssl/lhash.h ../include/openssl/md2.h -s_client.o: ../include/openssl/md4.h ../include/openssl/md5.h -s_client.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h +s_client.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h +s_client.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +s_client.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +s_client.o: ../include/openssl/engine.h ../include/openssl/err.h +s_client.o: ../include/openssl/evp.h ../include/openssl/kssl.h +s_client.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h s_client.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h s_client.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s_client.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -s_client.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -s_client.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -s_client.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s_client.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s_client.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s_client.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s_client.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -s_client.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h -s_client.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_client.c -s_server.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -s_server.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +s_client.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s_client.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s_client.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s_client.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +s_client.o: s_apps.h s_client.c timeouts.h +s_server.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h -s_server.o: ../include/openssl/cast.h ../include/openssl/comp.h -s_server.o: ../include/openssl/conf.h ../include/openssl/crypto.h -s_server.o: ../include/openssl/des.h ../include/openssl/des_old.h -s_server.o: ../include/openssl/dh.h ../include/openssl/dsa.h -s_server.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -s_server.o: ../include/openssl/err.h ../include/openssl/evp.h -s_server.o: ../include/openssl/idea.h ../include/openssl/kssl.h -s_server.o: ../include/openssl/lhash.h ../include/openssl/md2.h -s_server.o: ../include/openssl/md4.h ../include/openssl/md5.h -s_server.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h +s_server.o: ../include/openssl/crypto.h ../include/openssl/dh.h +s_server.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h +s_server.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +s_server.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +s_server.o: ../include/openssl/engine.h ../include/openssl/err.h +s_server.o: ../include/openssl/evp.h ../include/openssl/kssl.h +s_server.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h s_server.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h s_server.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s_server.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -s_server.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -s_server.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +s_server.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s_server.o: ../include/openssl/pqueue.h ../include/openssl/rand.h s_server.o: ../include/openssl/rsa.h ../include/openssl/safestack.h s_server.o: ../include/openssl/sha.h ../include/openssl/ssl.h s_server.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h s_server.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s_server.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -s_server.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h -s_server.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_server.c -s_socket.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -s_socket.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +s_server.o: ../include/openssl/store.h ../include/openssl/symhacks.h +s_server.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +s_server.o: ../include/openssl/ui.h ../include/openssl/x509.h +s_server.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_server.c timeouts.h +s_socket.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_socket.o: ../include/openssl/bn.h ../include/openssl/buffer.h -s_socket.o: ../include/openssl/cast.h ../include/openssl/comp.h -s_socket.o: ../include/openssl/conf.h ../include/openssl/crypto.h -s_socket.o: ../include/openssl/des.h ../include/openssl/des_old.h -s_socket.o: ../include/openssl/dh.h ../include/openssl/dsa.h -s_socket.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -s_socket.o: ../include/openssl/err.h ../include/openssl/evp.h -s_socket.o: ../include/openssl/idea.h ../include/openssl/kssl.h -s_socket.o: ../include/openssl/lhash.h ../include/openssl/md2.h -s_socket.o: ../include/openssl/md4.h ../include/openssl/md5.h -s_socket.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -s_socket.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s_socket.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s_socket.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s_socket.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -s_socket.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -s_socket.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -s_socket.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s_socket.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s_socket.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s_socket.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -s_socket.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h -s_socket.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_socket.c -s_time.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -s_time.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +s_socket.o: ../include/openssl/comp.h ../include/openssl/conf.h +s_socket.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h +s_socket.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +s_socket.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +s_socket.o: ../include/openssl/engine.h ../include/openssl/evp.h +s_socket.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s_socket.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s_socket.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s_socket.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s_socket.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +s_socket.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s_socket.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s_socket.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s_socket.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s_socket.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +s_socket.o: s_apps.h s_socket.c +s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_time.o: ../include/openssl/bn.h ../include/openssl/buffer.h -s_time.o: ../include/openssl/cast.h ../include/openssl/comp.h -s_time.o: ../include/openssl/conf.h ../include/openssl/crypto.h -s_time.o: ../include/openssl/des.h ../include/openssl/des_old.h -s_time.o: ../include/openssl/dh.h ../include/openssl/dsa.h -s_time.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -s_time.o: ../include/openssl/err.h ../include/openssl/evp.h -s_time.o: ../include/openssl/idea.h ../include/openssl/kssl.h -s_time.o: ../include/openssl/lhash.h ../include/openssl/md2.h -s_time.o: ../include/openssl/md4.h ../include/openssl/md5.h -s_time.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +s_time.o: ../include/openssl/comp.h ../include/openssl/conf.h +s_time.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h +s_time.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +s_time.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +s_time.o: ../include/openssl/engine.h ../include/openssl/err.h +s_time.o: ../include/openssl/evp.h ../include/openssl/kssl.h +s_time.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h s_time.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h s_time.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s_time.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -s_time.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -s_time.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -s_time.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s_time.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s_time.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h s_time.o: ../include/openssl/sha.h ../include/openssl/ssl.h s_time.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h s_time.o: ../include/openssl/ssl3.h ../include/openssl/stack.h s_time.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s_time.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -s_time.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +s_time.o: ../include/openssl/txt_db.h ../include/openssl/x509.h s_time.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_time.c -sess_id.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -sess_id.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +sess_id.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h sess_id.o: ../include/openssl/bn.h ../include/openssl/buffer.h -sess_id.o: ../include/openssl/cast.h ../include/openssl/comp.h -sess_id.o: ../include/openssl/conf.h ../include/openssl/crypto.h -sess_id.o: ../include/openssl/des.h ../include/openssl/des_old.h -sess_id.o: ../include/openssl/dh.h ../include/openssl/dsa.h -sess_id.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h -sess_id.o: ../include/openssl/idea.h ../include/openssl/kssl.h -sess_id.o: ../include/openssl/lhash.h ../include/openssl/md2.h -sess_id.o: ../include/openssl/md4.h ../include/openssl/md5.h -sess_id.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +sess_id.o: ../include/openssl/comp.h ../include/openssl/conf.h +sess_id.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h +sess_id.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +sess_id.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +sess_id.o: ../include/openssl/engine.h ../include/openssl/err.h +sess_id.o: ../include/openssl/evp.h ../include/openssl/kssl.h +sess_id.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h sess_id.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h sess_id.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h -sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -sess_id.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -sess_id.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -sess_id.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +sess_id.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h sess_id.o: ../include/openssl/sha.h ../include/openssl/ssl.h sess_id.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h sess_id.o: ../include/openssl/ssl3.h ../include/openssl/stack.h sess_id.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -sess_id.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -sess_id.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +sess_id.o: ../include/openssl/txt_db.h ../include/openssl/x509.h sess_id.o: ../include/openssl/x509_vfy.h apps.h sess_id.c -smime.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -smime.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -smime.o: ../include/openssl/bn.h ../include/openssl/buffer.h -smime.o: ../include/openssl/cast.h ../include/openssl/conf.h -smime.o: ../include/openssl/crypto.h ../include/openssl/des.h -smime.o: ../include/openssl/des_old.h ../include/openssl/dh.h -smime.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -smime.o: ../include/openssl/engine.h ../include/openssl/err.h -smime.o: ../include/openssl/evp.h ../include/openssl/idea.h -smime.o: ../include/openssl/lhash.h ../include/openssl/md2.h -smime.o: ../include/openssl/md4.h ../include/openssl/md5.h -smime.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +smime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +smime.o: ../include/openssl/buffer.h ../include/openssl/conf.h +smime.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +smime.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +smime.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +smime.o: ../include/openssl/err.h ../include/openssl/evp.h +smime.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h smime.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h smime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h smime.o: ../include/openssl/pem.h ../include/openssl/pem2.h -smime.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -smime.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -smime.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -smime.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +smime.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h smime.o: ../include/openssl/sha.h ../include/openssl/stack.h smime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -smime.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -smime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h smime.c +smime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +smime.o: ../include/openssl/x509v3.h apps.h smime.c speed.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h speed.o: ../include/openssl/bio.h ../include/openssl/blowfish.h speed.o: ../include/openssl/bn.h ../include/openssl/buffer.h speed.o: ../include/openssl/cast.h ../include/openssl/conf.h speed.o: ../include/openssl/crypto.h ../include/openssl/des.h -speed.o: ../include/openssl/des_old.h ../include/openssl/dh.h -speed.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +speed.o: ../include/openssl/des_old.h ../include/openssl/dsa.h +speed.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +speed.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h speed.o: ../include/openssl/engine.h ../include/openssl/err.h speed.o: ../include/openssl/evp.h ../include/openssl/hmac.h speed.o: ../include/openssl/idea.h ../include/openssl/lhash.h speed.o: ../include/openssl/md2.h ../include/openssl/md4.h -speed.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -speed.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h -speed.o: ../include/openssl/rand.h ../include/openssl/rc2.h -speed.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +speed.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h +speed.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +speed.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h speed.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h speed.o: ../include/openssl/safestack.h ../include/openssl/sha.h speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h speed.o: ../include/openssl/txt_db.h ../include/openssl/ui.h speed.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h speed.o: ../include/openssl/x509_vfy.h apps.h speed.c testdsa.h testrsa.h -spkac.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -spkac.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -spkac.o: ../include/openssl/bn.h ../include/openssl/buffer.h -spkac.o: ../include/openssl/cast.h ../include/openssl/conf.h -spkac.o: ../include/openssl/crypto.h ../include/openssl/des.h -spkac.o: ../include/openssl/des_old.h ../include/openssl/dh.h -spkac.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -spkac.o: ../include/openssl/engine.h ../include/openssl/err.h -spkac.o: ../include/openssl/evp.h ../include/openssl/idea.h -spkac.o: ../include/openssl/lhash.h ../include/openssl/md2.h -spkac.o: ../include/openssl/md4.h ../include/openssl/md5.h -spkac.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +spkac.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +spkac.o: ../include/openssl/buffer.h ../include/openssl/conf.h +spkac.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +spkac.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +spkac.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +spkac.o: ../include/openssl/err.h ../include/openssl/evp.h +spkac.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h spkac.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h spkac.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h spkac.o: ../include/openssl/pem.h ../include/openssl/pem2.h -spkac.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -spkac.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -spkac.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -spkac.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +spkac.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h spkac.o: ../include/openssl/sha.h ../include/openssl/stack.h spkac.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -spkac.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h spkac.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h spkac.c -verify.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -verify.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -verify.o: ../include/openssl/bn.h ../include/openssl/buffer.h -verify.o: ../include/openssl/cast.h ../include/openssl/conf.h -verify.o: ../include/openssl/crypto.h ../include/openssl/des.h -verify.o: ../include/openssl/des_old.h ../include/openssl/dh.h -verify.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -verify.o: ../include/openssl/engine.h ../include/openssl/err.h -verify.o: ../include/openssl/evp.h ../include/openssl/idea.h -verify.o: ../include/openssl/lhash.h ../include/openssl/md2.h -verify.o: ../include/openssl/md4.h ../include/openssl/md5.h -verify.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +verify.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +verify.o: ../include/openssl/buffer.h ../include/openssl/conf.h +verify.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +verify.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +verify.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +verify.o: ../include/openssl/err.h ../include/openssl/evp.h +verify.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h verify.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h verify.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h verify.o: ../include/openssl/pem.h ../include/openssl/pem2.h -verify.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -verify.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -verify.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -verify.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +verify.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h verify.o: ../include/openssl/sha.h ../include/openssl/stack.h verify.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -verify.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h verify.o: ../include/openssl/x509v3.h apps.h verify.c -version.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -version.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -version.o: ../include/openssl/bn.h ../include/openssl/buffer.h -version.o: ../include/openssl/cast.h ../include/openssl/conf.h +version.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +version.o: ../include/openssl/buffer.h ../include/openssl/conf.h version.o: ../include/openssl/crypto.h ../include/openssl/des.h -version.o: ../include/openssl/des_old.h ../include/openssl/dh.h -version.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -version.o: ../include/openssl/engine.h ../include/openssl/err.h +version.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h +version.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +version.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h version.o: ../include/openssl/evp.h ../include/openssl/idea.h version.o: ../include/openssl/lhash.h ../include/openssl/md2.h -version.o: ../include/openssl/md4.h ../include/openssl/md5.h -version.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -version.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -version.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -version.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -version.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -version.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -version.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +version.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +version.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +version.o: ../include/openssl/rc4.h ../include/openssl/safestack.h version.o: ../include/openssl/sha.h ../include/openssl/stack.h version.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h version.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h version.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h version.o: version.c -x509.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -x509.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +x509.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h x509.o: ../include/openssl/bn.h ../include/openssl/buffer.h -x509.o: ../include/openssl/cast.h ../include/openssl/conf.h -x509.o: ../include/openssl/crypto.h ../include/openssl/des.h -x509.o: ../include/openssl/des_old.h ../include/openssl/dh.h +x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h x509.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -x509.o: ../include/openssl/engine.h ../include/openssl/err.h -x509.o: ../include/openssl/evp.h ../include/openssl/idea.h -x509.o: ../include/openssl/lhash.h ../include/openssl/md2.h -x509.o: ../include/openssl/md4.h ../include/openssl/md5.h -x509.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +x509.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +x509.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +x509.o: ../include/openssl/err.h ../include/openssl/evp.h +x509.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h x509.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h x509.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h x509.o: ../include/openssl/pem.h ../include/openssl/pem2.h -x509.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -x509.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -x509.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -x509.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -x509.o: ../include/openssl/sha.h ../include/openssl/stack.h -x509.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -x509.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -x509.o: ../include/openssl/x509v3.h apps.h x509.c +x509.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +x509.o: ../include/openssl/safestack.h ../include/openssl/sha.h +x509.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +x509.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +x509.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h x509.c diff --git a/crypto/openssl/apps/apps.c b/crypto/openssl/apps/apps.c index b747e2d..613c3ba 100644 --- a/crypto/openssl/apps/apps.c +++ b/crypto/openssl/apps/apps.c @@ -125,13 +125,17 @@ #ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> #endif +#ifndef OPENSSL_NO_RSA +#include <openssl/rsa.h> +#endif +#include <openssl/bn.h> #define NON_MAIN #include "apps.h" #undef NON_MAIN typedef struct { - char *name; + const char *name; unsigned long flag; unsigned long mask; } NAME_EX_TBL; @@ -250,7 +254,7 @@ int str2fmt(char *s) return(FORMAT_UNDEF); } -#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) +#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_NETWARE) void program_name(char *in, char *out, int size) { int i,n; @@ -269,12 +273,23 @@ void program_name(char *in, char *out, int size) if (p == NULL) p=in; n=strlen(p); + +#if defined(OPENSSL_SYS_NETWARE) + /* strip off trailing .nlm if present. */ + if ((n > 4) && (p[n-4] == '.') && + ((p[n-3] == 'n') || (p[n-3] == 'N')) && + ((p[n-2] == 'l') || (p[n-2] == 'L')) && + ((p[n-1] == 'm') || (p[n-1] == 'M'))) + n-=4; +#else /* strip off trailing .exe if present. */ if ((n > 4) && (p[n-4] == '.') && ((p[n-3] == 'e') || (p[n-3] == 'E')) && ((p[n-2] == 'x') || (p[n-2] == 'X')) && ((p[n-1] == 'e') || (p[n-1] == 'E'))) n-=4; +#endif + if (n > size-1) n=size-1; @@ -330,22 +345,6 @@ void program_name(char *in, char *out, int size) #endif #endif -#ifdef OPENSSL_SYS_VMS -int VMS_strcasecmp(const char *str1, const char *str2) - { - while (*str1 && *str2) - { - int res = toupper(*str1) - toupper(*str2); - if (res) return res < 0 ? -1 : 1; - } - if (*str1) - return 1; - if (*str2) - return -1; - return 0; - } -#endif - int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[]) { int num,len,i; @@ -377,10 +376,17 @@ int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[]) /* The start of something good :-) */ if (num >= arg->count) { - arg->count+=20; - arg->data=(char **)OPENSSL_realloc(arg->data, - sizeof(char *)*arg->count); - if (argc == 0) return(0); + char **tmp_p; + int tlen = arg->count + 20; + tmp_p = (char **)OPENSSL_realloc(arg->data, + sizeof(char *)*tlen); + if (tmp_p == NULL) + return 0; + arg->data = tmp_p; + arg->count = tlen; + /* initialize newly allocated data */ + for (i = num; i < arg->count; i++) + arg->data[i] = NULL; } arg->data[num++]=p; @@ -542,7 +548,7 @@ int password_callback(char *buf, int bufsiz, int verify, char *prompt = NULL; prompt = UI_construct_prompt(ui, "pass phrase", - cb_data->prompt_info); + prompt_info); ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD; UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0); @@ -691,6 +697,51 @@ int add_oid_section(BIO *err, CONF *conf) return 1; } +static int load_pkcs12(BIO *err, BIO *in, const char *desc, + pem_password_cb *pem_cb, void *cb_data, + EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca) + { + const char *pass; + char tpass[PEM_BUFSIZE]; + int len, ret = 0; + PKCS12 *p12; + p12 = d2i_PKCS12_bio(in, NULL); + if (p12 == NULL) + { + BIO_printf(err, "Error loading PKCS12 file for %s\n", desc); + goto die; + } + /* See if an empty password will do */ + if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0)) + pass = ""; + else + { + if (!pem_cb) + pem_cb = (pem_password_cb *)password_callback; + len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data); + if (len < 0) + { + BIO_printf(err, "Passpharse callback error for %s\n", + desc); + goto die; + } + if (len < PEM_BUFSIZE) + tpass[len] = 0; + if (!PKCS12_verify_mac(p12, tpass, len)) + { + BIO_printf(err, + "Mac verify error (wrong password?) in PKCS12 file for %s\n", desc); + goto die; + } + pass = tpass; + } + ret = PKCS12_parse(p12, pass, pkey, cert, ca); + die: + if (p12) + PKCS12_free(p12); + return ret; + } + X509 *load_cert(BIO *err, const char *file, int format, const char *pass, ENGINE *e, const char *cert_descrip) { @@ -725,7 +776,7 @@ X509 *load_cert(BIO *err, const char *file, int format, x=d2i_X509_bio(cert,NULL); else if (format == FORMAT_NETSCAPE) { - unsigned char *p,*op; + const unsigned char *p,*op; int size=0,i; /* We sort of have to do it this way because it is sort of nice @@ -771,11 +822,9 @@ X509 *load_cert(BIO *err, const char *file, int format, (pem_password_cb *)password_callback, NULL); else if (format == FORMAT_PKCS12) { - PKCS12 *p12 = d2i_PKCS12_bio(cert, NULL); - - PKCS12_parse(p12, NULL, NULL, &x, NULL); - PKCS12_free(p12); - p12 = NULL; + if (!load_pkcs12(err, cert,cert_descrip, NULL, NULL, + NULL, &x, NULL)) + goto end; } else { BIO_printf(err,"bad input format specified for %s\n", @@ -854,11 +903,10 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin, #endif else if (format == FORMAT_PKCS12) { - PKCS12 *p12 = d2i_PKCS12_bio(key, NULL); - - PKCS12_parse(p12, pass, &pkey, NULL, NULL); - PKCS12_free(p12); - p12 = NULL; + if (!load_pkcs12(err, key, key_descrip, + (pem_password_cb *)password_callback, &cb_data, + &pkey, NULL, NULL)) + goto end; } else { @@ -1230,7 +1278,7 @@ static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_T return 0; } -void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags) +void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags) { char *buf; char mline = 0; @@ -1565,8 +1613,9 @@ int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix) { if (errno != ENOENT #ifdef ENOTDIR - && errno != ENOTDIR) + && errno != ENOTDIR #endif + ) goto err; } else @@ -1697,23 +1746,10 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr) char *p = NCONF_get_string(dbattr_conf,NULL,"unique_subject"); if (p) { +#ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG[load_index]: unique_subject = \"%s\"\n", p); - switch(*p) - { - case 'f': /* false */ - case 'F': /* FALSE */ - case 'n': /* no */ - case 'N': /* NO */ - retdb->attributes.unique_subject = 0; - break; - case 't': /* true */ - case 'T': /* TRUE */ - case 'y': /* yes */ - case 'Y': /* YES */ - default: - retdb->attributes.unique_subject = 1; - break; - } +#endif + retdb->attributes.unique_subject = parse_yesno(p,1); } } @@ -1748,7 +1784,7 @@ int index_index(CA_DB *db) return 1; } -int save_index(char *dbfile, char *suffix, CA_DB *db) +int save_index(const char *dbfile, const char *suffix, CA_DB *db) { char buf[3][BSIZE]; BIO *out = BIO_new(BIO_s_file()); @@ -1815,7 +1851,7 @@ int save_index(char *dbfile, char *suffix, CA_DB *db) return 0; } -int rotate_index(char *dbfile, char *new_suffix, char *old_suffix) +int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix) { char buf[5][BSIZE]; int i,j; @@ -1867,8 +1903,9 @@ int rotate_index(char *dbfile, char *new_suffix, char *old_suffix) { if (errno != ENOENT #ifdef ENOTDIR - && errno != ENOTDIR) + && errno != ENOTDIR #endif + ) goto err; } else @@ -1903,8 +1940,9 @@ int rotate_index(char *dbfile, char *new_suffix, char *old_suffix) { if (errno != ENOENT #ifdef ENOTDIR - && errno != ENOTDIR) + && errno != ENOTDIR #endif + ) goto err; } else @@ -1953,9 +1991,174 @@ void free_index(CA_DB *db) } } +int parse_yesno(const char *str, int def) + { + int ret = def; + if (str) + { + switch (*str) + { + case 'f': /* false */ + case 'F': /* FALSE */ + case 'n': /* no */ + case 'N': /* NO */ + case '0': /* 0 */ + ret = 0; + break; + case 't': /* true */ + case 'T': /* TRUE */ + case 'y': /* yes */ + case 'Y': /* YES */ + case '1': /* 1 */ + ret = 0; + break; + default: + ret = def; + break; + } + } + return ret; + } + +/* + * subject is expected to be in the format /type0=value0/type1=value1/type2=... + * where characters may be escaped by \ + */ +X509_NAME *parse_name(char *subject, long chtype, int multirdn) + { + size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */ + char *buf = OPENSSL_malloc(buflen); + size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */ + char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *)); + char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *)); + int *mval = OPENSSL_malloc (max_ne * sizeof (int)); + + char *sp = subject, *bp = buf; + int i, ne_num = 0; + + X509_NAME *n = NULL; + int nid; + + if (!buf || !ne_types || !ne_values) + { + BIO_printf(bio_err, "malloc error\n"); + goto error; + } + + if (*subject != '/') + { + BIO_printf(bio_err, "Subject does not start with '/'.\n"); + goto error; + } + sp++; /* skip leading / */ + + /* no multivalued RDN by default */ + mval[ne_num] = 0; + + while (*sp) + { + /* collect type */ + ne_types[ne_num] = bp; + while (*sp) + { + if (*sp == '\\') /* is there anything to escape in the type...? */ + { + if (*++sp) + *bp++ = *sp++; + else + { + BIO_printf(bio_err, "escape character at end of string\n"); + goto error; + } + } + else if (*sp == '=') + { + sp++; + *bp++ = '\0'; + break; + } + else + *bp++ = *sp++; + } + if (!*sp) + { + BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num); + goto error; + } + ne_values[ne_num] = bp; + while (*sp) + { + if (*sp == '\\') + { + if (*++sp) + *bp++ = *sp++; + else + { + BIO_printf(bio_err, "escape character at end of string\n"); + goto error; + } + } + else if (*sp == '/') + { + sp++; + /* no multivalued RDN by default */ + mval[ne_num+1] = 0; + break; + } + else if (*sp == '+' && multirdn) + { + /* a not escaped + signals a mutlivalued RDN */ + sp++; + mval[ne_num+1] = -1; + break; + } + else + *bp++ = *sp++; + } + *bp++ = '\0'; + ne_num++; + } + + if (!(n = X509_NAME_new())) + goto error; + + for (i = 0; i < ne_num; i++) + { + if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef) + { + BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]); + continue; + } + + if (!*ne_values[i]) + { + BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]); + continue; + } + + if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,mval[i])) + goto error; + } + + OPENSSL_free(ne_values); + OPENSSL_free(ne_types); + OPENSSL_free(buf); + return n; + +error: + X509_NAME_free(n); + if (ne_values) + OPENSSL_free(ne_values); + if (ne_types) + OPENSSL_free(ne_types); + if (buf) + OPENSSL_free(buf); + return NULL; +} + /* This code MUST COME AFTER anything that uses rename() */ #ifdef OPENSSL_SYS_WIN32 -int WIN32_rename(char *from, char *to) +int WIN32_rename(const char *from, const char *to) { #ifndef OPENSSL_SYS_WINCE /* Windows rename gives an error if 'to' exists, so delete it @@ -1991,3 +2194,142 @@ int WIN32_rename(char *from, char *to) #endif } #endif + +int args_verify(char ***pargs, int *pargc, + int *badarg, BIO *err, X509_VERIFY_PARAM **pm) + { + ASN1_OBJECT *otmp = NULL; + unsigned long flags = 0; + int i; + int purpose = 0; + char **oldargs = *pargs; + char *arg = **pargs, *argn = (*pargs)[1]; + if (!strcmp(arg, "-policy")) + { + if (!argn) + *badarg = 1; + else + { + otmp = OBJ_txt2obj(argn, 0); + if (!otmp) + { + BIO_printf(err, "Invalid Policy \"%s\"\n", + argn); + *badarg = 1; + } + } + (*pargs)++; + } + else if (strcmp(arg,"-purpose") == 0) + { + X509_PURPOSE *xptmp; + if (!argn) + *badarg = 1; + else + { + i = X509_PURPOSE_get_by_sname(argn); + if(i < 0) + { + BIO_printf(err, "unrecognized purpose\n"); + *badarg = 1; + } + else + { + xptmp = X509_PURPOSE_get0(i); + purpose = X509_PURPOSE_get_id(xptmp); + } + } + (*pargs)++; + } + else if (!strcmp(arg, "-ignore_critical")) + flags |= X509_V_FLAG_IGNORE_CRITICAL; + else if (!strcmp(arg, "-issuer_checks")) + flags |= X509_V_FLAG_CB_ISSUER_CHECK; + else if (!strcmp(arg, "-crl_check")) + flags |= X509_V_FLAG_CRL_CHECK; + else if (!strcmp(arg, "-crl_check_all")) + flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL; + else if (!strcmp(arg, "-policy_check")) + flags |= X509_V_FLAG_POLICY_CHECK; + else if (!strcmp(arg, "-explicit_policy")) + flags |= X509_V_FLAG_EXPLICIT_POLICY; + else if (!strcmp(arg, "-x509_strict")) + flags |= X509_V_FLAG_X509_STRICT; + else if (!strcmp(arg, "-policy_print")) + flags |= X509_V_FLAG_NOTIFY_POLICY; + else + return 0; + + if (*badarg) + { + if (*pm) + X509_VERIFY_PARAM_free(*pm); + *pm = NULL; + goto end; + } + + if (!*pm && !(*pm = X509_VERIFY_PARAM_new())) + { + *badarg = 1; + goto end; + } + + if (otmp) + X509_VERIFY_PARAM_add0_policy(*pm, otmp); + if (flags) + X509_VERIFY_PARAM_set_flags(*pm, flags); + + if (purpose) + X509_VERIFY_PARAM_set_purpose(*pm, purpose); + + end: + + (*pargs)++; + + if (pargc) + *pargc -= *pargs - oldargs; + + return 1; + + } + +static void nodes_print(BIO *out, const char *name, + STACK_OF(X509_POLICY_NODE) *nodes) + { + X509_POLICY_NODE *node; + int i; + BIO_printf(out, "%s Policies:", name); + if (nodes) + { + BIO_puts(out, "\n"); + for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++) + { + node = sk_X509_POLICY_NODE_value(nodes, i); + X509_POLICY_NODE_print(out, node, 2); + } + } + else + BIO_puts(out, " <empty>\n"); + } + +void policies_print(BIO *out, X509_STORE_CTX *ctx) + { + X509_POLICY_TREE *tree; + int explicit_policy; + int free_out = 0; + if (out == NULL) + { + out = BIO_new_fp(stderr, BIO_NOCLOSE); + free_out = 1; + } + tree = X509_STORE_CTX_get0_policy_tree(ctx); + explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx); + + BIO_printf(out, "Require explicit Policy: %s\n", + explicit_policy ? "True" : "False"); + + nodes_print(out, "Authority", X509_policy_tree_get0_policies(tree)); + nodes_print(out, "User", X509_policy_tree_get0_user_policies(tree)); + if (free_out) + BIO_free(out); + } diff --git a/crypto/openssl/apps/apps.h b/crypto/openssl/apps/apps.h index 4320410..26dcbc5 100644 --- a/crypto/openssl/apps/apps.h +++ b/crypto/openssl/apps/apps.h @@ -114,9 +114,7 @@ #include "e_os.h" -#include <openssl/buffer.h> #include <openssl/bio.h> -#include <openssl/crypto.h> #include <openssl/x509.h> #include <openssl/lhash.h> #include <openssl/conf.h> @@ -138,7 +136,7 @@ long app_RAND_load_files(char *file); /* `file' is a list of files to read, #ifdef OPENSSL_SYS_WIN32 #define rename(from,to) WIN32_rename((from),(to)) -int WIN32_rename(char *oldname,char *newname); +int WIN32_rename(const char *oldname,const char *newname); #endif #ifndef MONOLITH @@ -148,11 +146,9 @@ int WIN32_rename(char *oldname,char *newname); #ifndef NON_MAIN CONF *config=NULL; BIO *bio_err=NULL; -int in_FIPS_mode=0; #else extern CONF *config; extern BIO *bio_err; -extern int in_FIPS_mode; #endif #else @@ -161,11 +157,12 @@ extern int in_FIPS_mode; extern CONF *config; extern char *default_config_file; extern BIO *bio_err; -extern int in_FIPS_mode; #endif +#ifndef OPENSSL_SYS_NETWARE #include <signal.h> +#endif #ifdef SIGPIPE #define do_pipe_sig() signal(SIGPIPE,SIG_IGN) @@ -257,7 +254,7 @@ void program_name(char *in,char *out,int size); int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]); #ifdef HEADER_X509_H int dump_cert_text(BIO *out, X509 *x); -void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags); +void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags); #endif int set_cert_ex(unsigned long *flags, const char *arg); int set_name_ex(unsigned long *flags, const char *arg); @@ -283,7 +280,7 @@ char *make_config_name(void); /* Functions defined in ca.c and also used in ocsp.c */ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, - ASN1_GENERALIZEDTIME **pinvtm, char *str); + ASN1_GENERALIZEDTIME **pinvtm, const char *str); #define DB_type 0 #define DB_exp_date 1 @@ -313,12 +310,16 @@ int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix); int rand_serial(BIGNUM *b, ASN1_INTEGER *ai); CA_DB *load_index(char *dbfile, DB_ATTR *dbattr); int index_index(CA_DB *db); -int save_index(char *dbfile, char *suffix, CA_DB *db); -int rotate_index(char *dbfile, char *new_suffix, char *old_suffix); +int save_index(const char *dbfile, const char *suffix, CA_DB *db); +int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix); void free_index(CA_DB *db); int index_name_cmp(const char **a, const char **b); +int parse_yesno(const char *str, int def); -X509_NAME *do_subject(char *str, long chtype); +X509_NAME *parse_name(char *str, long chtype, int multirdn); +int args_verify(char ***pargs, int *pargc, + int *badarg, BIO *err, X509_VERIFY_PARAM **pm); +void policies_print(BIO *out, X509_STORE_CTX *ctx); #define FORMAT_UNDEF 0 #define FORMAT_ASN1 1 diff --git a/crypto/openssl/apps/asn1pars.c b/crypto/openssl/apps/asn1pars.c index c89b358..b1a7c8e 100644 --- a/crypto/openssl/apps/asn1pars.c +++ b/crypto/openssl/apps/asn1pars.c @@ -82,6 +82,8 @@ int MAIN(int, char **); +static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf); + int MAIN(int argc, char **argv) { int i,badops=0,offset=0,ret=1,j; @@ -90,7 +92,9 @@ int MAIN(int argc, char **argv) BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL; int informat,indent=0, noout = 0, dump = 0; char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL; + char *genstr=NULL, *genconf=NULL; unsigned char *tmpbuf; + const unsigned char *ctmpbuf; BUF_MEM *buf=NULL; STACK *osk=NULL; ASN1_TYPE *at=NULL; @@ -167,6 +171,16 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; sk_push(osk,*(++argv)); } + else if (strcmp(*argv,"-genstr") == 0) + { + if (--argc < 1) goto bad; + genstr= *(++argv); + } + else if (strcmp(*argv,"-genconf") == 0) + { + if (--argc < 1) goto bad; + genconf= *(++argv); + } else { BIO_printf(bio_err,"unknown option %s\n",*argv); @@ -182,7 +196,7 @@ int MAIN(int argc, char **argv) bad: BIO_printf(bio_err,"%s [options] <infile\n",prog); BIO_printf(bio_err,"where options are\n"); - BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n"); + BIO_printf(bio_err," -inform arg input format - one of DER PEM\n"); BIO_printf(bio_err," -in arg input file\n"); BIO_printf(bio_err," -out arg output file (output format is always DER\n"); BIO_printf(bio_err," -noout arg don't produce any output\n"); @@ -195,6 +209,8 @@ bad: BIO_printf(bio_err," -strparse offset\n"); BIO_printf(bio_err," a series of these can be used to 'dig' into multiple\n"); BIO_printf(bio_err," ASN1 blob wrappings\n"); + BIO_printf(bio_err," -genstr str string to generate ASN1 structure from\n"); + BIO_printf(bio_err," -genconf file file to generate ASN1 structure from\n"); goto end; } @@ -248,25 +264,39 @@ bad: if ((buf=BUF_MEM_new()) == NULL) goto end; if (!BUF_MEM_grow(buf,BUFSIZ*8)) goto end; /* Pre-allocate :-) */ - if (informat == FORMAT_PEM) + if (genstr || genconf) { - BIO *tmp; - - if ((b64=BIO_new(BIO_f_base64())) == NULL) + num = do_generate(bio_err, genstr, genconf, buf); + if (num < 0) + { + ERR_print_errors(bio_err); goto end; - BIO_push(b64,in); - tmp=in; - in=b64; - b64=tmp; + } } - num=0; - for (;;) + else { - if (!BUF_MEM_grow(buf,(int)num+BUFSIZ)) goto end; - i=BIO_read(in,&(buf->data[num]),BUFSIZ); - if (i <= 0) break; - num+=i; + + if (informat == FORMAT_PEM) + { + BIO *tmp; + + if ((b64=BIO_new(BIO_f_base64())) == NULL) + goto end; + BIO_push(b64,in); + tmp=in; + in=b64; + b64=tmp; + } + + num=0; + for (;;) + { + if (!BUF_MEM_grow(buf,(int)num+BUFSIZ)) goto end; + i=BIO_read(in,&(buf->data[num]),BUFSIZ); + if (i <= 0) break; + num+=i; + } } str=buf->data; @@ -278,8 +308,8 @@ bad: tmplen=num; for (i=0; i<sk_num(osk); i++) { - int typ; ASN1_TYPE *atmp; + int typ; j=atoi(sk_value(osk,i)); if (j == 0) { @@ -289,7 +319,8 @@ bad: tmpbuf+=j; tmplen-=j; atmp = at; - at = d2i_ASN1_TYPE(NULL,&tmpbuf,tmplen); + ctmpbuf = tmpbuf; + at = d2i_ASN1_TYPE(NULL,&ctmpbuf,tmplen); ASN1_TYPE_free(atmp); if(!at) { @@ -353,3 +384,61 @@ end: OPENSSL_EXIT(ret); } +static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf) + { + CONF *cnf = NULL; + int len; + long errline; + unsigned char *p; + ASN1_TYPE *atyp = NULL; + + if (genconf) + { + cnf = NCONF_new(NULL); + if (!NCONF_load(cnf, genconf, &errline)) + goto conferr; + if (!genstr) + genstr = NCONF_get_string(cnf, "default", "asn1"); + if (!genstr) + { + BIO_printf(bio, "Can't find 'asn1' in '%s'\n", genconf); + goto err; + } + } + + atyp = ASN1_generate_nconf(genstr, cnf); + NCONF_free(cnf); + + if (!atyp) + return -1; + + len = i2d_ASN1_TYPE(atyp, NULL); + + if (len <= 0) + goto err; + + if (!BUF_MEM_grow(buf,len)) + goto err; + + p=(unsigned char *)buf->data; + + i2d_ASN1_TYPE(atyp, &p); + + ASN1_TYPE_free(atyp); + return len; + + conferr: + + if (errline > 0) + BIO_printf(bio, "Error on line %ld of config file '%s'\n", + errline, genconf); + else + BIO_printf(bio, "Error loading config file '%s'\n", genconf); + + err: + NCONF_free(cnf); + ASN1_TYPE_free(atyp); + + return -1; + + } diff --git a/crypto/openssl/apps/ca.c b/crypto/openssl/apps/ca.c index cacacb6..210b5e1 100644 --- a/crypto/openssl/apps/ca.c +++ b/crypto/openssl/apps/ca.c @@ -83,7 +83,7 @@ # else # include <unixlib.h> # endif -# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) +# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_NETWARE) # include <sys/file.h> # endif #endif @@ -105,6 +105,9 @@ #define ENV_DEFAULT_CA "default_ca" +#define STRING_MASK "string_mask" +#define UTF8_IN "utf8" + #define ENV_DIR "dir" #define ENV_CERTS "certs" #define ENV_CRL_DIR "crl_dir" @@ -131,6 +134,7 @@ #define ENV_NAMEOPT "name_opt" #define ENV_CERTOPT "cert_opt" #define ENV_EXTCOPY "copy_extensions" +#define ENV_UNIQUE_SUBJECT "unique_subject" #define ENV_DATABASE "database" @@ -142,7 +146,7 @@ #define REV_KEY_COMPROMISE 3 /* Value is cert key compromise time */ #define REV_CA_COMPROMISE 4 /* Value is CA key compromise time */ -static char *ca_usage[]={ +static const char *ca_usage[]={ "usage: ca args\n", "\n", " -verbose - Talk alot while doing things\n", @@ -160,6 +164,7 @@ static char *ca_usage[]={ " -keyform arg - private key file format (PEM or ENGINE)\n", " -key arg - key to decode the private key if it is encrypted\n", " -cert file - The CA certificate\n", +" -selfsign - sign a certificate with the key associated with it\n", " -in file - The input PEM encoded certificate request(s)\n", " -out file - Where to put the output file(s)\n", " -outdir dir - Where to put output certificates\n", @@ -172,6 +177,8 @@ static char *ca_usage[]={ " -msie_hack - msie modifications to handle all those universal strings\n", " -revoke file - Revoke a certificate (given in file)\n", " -subj arg - Use arg instead of request's subject\n", +" -utf8 - input characters are UTF8 (default ASCII)\n", +" -multivalue-rdn - enable support for multivalued RDNs\n", " -extensions .. - Extension section (override value in config file)\n", " -extfile file - Configuration file with X509v3 extentions to add\n", " -crlexts .. - CRL extension section (override value in config file)\n", @@ -189,40 +196,40 @@ extern int EF_PROTECT_BELOW; extern int EF_ALIGNMENT; #endif -static void lookup_fail(char *name,char *tag); +static void lookup_fail(const char *name, const char *tag); static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,CA_DB *db, - BIGNUM *serial, char *subj, int email_dn, char *startdate, + BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *conf, int verbose, unsigned long certopt, unsigned long nameopt, - int default_op, int ext_copy); + int default_op, int ext_copy, int selfsign); static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, - CA_DB *db, BIGNUM *serial, char *subj, int email_dn, + CA_DB *db, BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *conf,int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, ENGINE *e); static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, - CA_DB *db, BIGNUM *serial,char *subj, int email_dn, + CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, char *ext_sect, CONF *conf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy); static int fix_data(int nid, int *type); static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext); static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, - STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj, + STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, int verbose, X509_REQ *req, char *ext_sect, CONF *conf, unsigned long certopt, unsigned long nameopt, int default_op, - int ext_copy); + int ext_copy, int selfsign); static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval); static int get_certificate_status(const char *ser_status, CA_DB *db); static int do_updatedb(CA_DB *db); static int check_time_format(char *str); char *make_revocation_str(int rev_type, char *rev_arg); -int make_revoked(X509_REVOKED *rev, char *str); +int make_revoked(X509_REVOKED *rev, const char *str); int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str); static CONF *conf=NULL; static CONF *extconf=NULL; @@ -272,6 +279,8 @@ int MAIN(int argc, char **argv) char *extensions=NULL; char *extfile=NULL; char *subj=NULL; + unsigned long chtype = MBSTRING_ASC; + int multirdn = 0; char *tmp_email_dn=NULL; char *crl_ext=NULL; int rev_type = REV_NONE; @@ -286,7 +295,8 @@ int MAIN(int argc, char **argv) unsigned long nameopt = 0, certopt = 0; int default_op = 1; int ext_copy = EXT_COPY_NONE; - X509 *x509=NULL; + int selfsign = 0; + X509 *x509=NULL, *x509p = NULL; X509 *x=NULL; BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL; char *dbfile=NULL; @@ -295,7 +305,8 @@ int MAIN(int argc, char **argv) X509_REVOKED *r=NULL; ASN1_TIME *tmptm; ASN1_INTEGER *tmpser; - char **pp,*p,*f; + char *f; + const char *p, **pp; int i,j; const EVP_MD *dgst=NULL; STACK_OF(CONF_VALUE) *attribs=NULL; @@ -350,6 +361,12 @@ EF_ALIGNMENT=0; subj= *(++argv); /* preserve=1; */ } + else if (strcmp(*argv,"-utf8") == 0) + chtype = MBSTRING_UTF8; + else if (strcmp(*argv,"-create_serial") == 0) + create_ser = 1; + else if (strcmp(*argv,"-multivalue-rdn") == 0) + multirdn=1; else if (strcmp(*argv,"-startdate") == 0) { if (--argc < 1) goto bad; @@ -400,6 +417,8 @@ EF_ALIGNMENT=0; if (--argc < 1) goto bad; certfile= *(++argv); } + else if (strcmp(*argv,"-selfsign") == 0) + selfsign=1; else if (strcmp(*argv,"-in") == 0) { if (--argc < 1) goto bad; @@ -633,29 +652,31 @@ bad: ERR_clear_error(); app_RAND_load_file(randfile, bio_err, 0); + f = NCONF_get_string(conf, section, STRING_MASK); + if (!f) + ERR_clear_error(); + + if(f && !ASN1_STRING_set_default_mask_asc(f)) { + BIO_printf(bio_err, "Invalid global string mask setting %s\n", f); + goto err; + } + + if (chtype != MBSTRING_UTF8){ + f = NCONF_get_string(conf, section, UTF8_IN); + if (!f) + ERR_clear_error(); + else if (!strcmp(f, "yes")) + chtype = MBSTRING_UTF8; + } + db_attr.unique_subject = 1; - p = NCONF_get_string(conf, section, "unique_subject"); + p = NCONF_get_string(conf, section, ENV_UNIQUE_SUBJECT); if (p) { #ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG: unique_subject = \"%s\"\n", p); #endif - switch(*p) - { - case 'f': /* false */ - case 'F': /* FALSE */ - case 'n': /* no */ - case 'N': /* NO */ - db_attr.unique_subject = 0; - break; - case 't': /* true */ - case 'T': /* TRUE */ - case 'y': /* yes */ - case 'Y': /* YES */ - default: - db_attr.unique_subject = 1; - break; - } + db_attr.unique_subject = parse_yesno(p,1); } else ERR_clear_error(); @@ -699,7 +720,7 @@ bad: } /*****************************************************************/ - /* we definitely need a public key, so let's get it */ + /* we definitely need a private key, so let's get it */ if ((keyfile == NULL) && ((keyfile=NCONF_get_string(conf, section,ENV_PRIVATE_KEY)) == NULL)) @@ -727,22 +748,27 @@ bad: /*****************************************************************/ /* we need a certificate */ - if ((certfile == NULL) && ((certfile=NCONF_get_string(conf, - section,ENV_CERTIFICATE)) == NULL)) + if (!selfsign || spkac_file || ss_cert_file || gencrl) { - lookup_fail(section,ENV_CERTIFICATE); - goto err; - } - x509=load_cert(bio_err, certfile, FORMAT_PEM, NULL, e, - "CA certificate"); - if (x509 == NULL) - goto err; + if ((certfile == NULL) + && ((certfile=NCONF_get_string(conf, + section,ENV_CERTIFICATE)) == NULL)) + { + lookup_fail(section,ENV_CERTIFICATE); + goto err; + } + x509=load_cert(bio_err, certfile, FORMAT_PEM, NULL, e, + "CA certificate"); + if (x509 == NULL) + goto err; - if (!X509_check_private_key(x509,pkey)) - { - BIO_printf(bio_err,"CA certificate and CA private key do not match\n"); - goto err; + if (!X509_check_private_key(x509,pkey)) + { + BIO_printf(bio_err,"CA certificate and CA private key do not match\n"); + goto err; + } } + if (!selfsign) x509p = x509; f=NCONF_get_string(conf,BASE_SECTION,ENV_PRESERVE); if (f == NULL) @@ -856,7 +882,7 @@ bad: /* Lets check some fields */ for (i=0; i<sk_num(db->db->data); i++) { - pp=(char **)sk_value(db->db->data,i); + pp=(const char **)sk_value(db->db->data,i); if ((pp[DB_type][0] != DB_TYPE_REV) && (pp[DB_rev_date][0] != '\0')) { @@ -869,7 +895,7 @@ bad: BIO_printf(bio_err," in entry %d\n", i+1); goto err; } - if (!check_time_format(pp[DB_exp_date])) + if (!check_time_format((char *)pp[DB_exp_date])) { BIO_printf(bio_err,"entry %d: invalid expiry date\n",i+1); goto err; @@ -943,7 +969,6 @@ bad: if (verbose) BIO_printf(bio_err, "Done. %d entries marked as expired\n",i); } - goto err; } /*****************************************************************/ @@ -994,25 +1019,27 @@ bad: } } + if ((md == NULL) && ((md=NCONF_get_string(conf, + section,ENV_DEFAULT_MD)) == NULL)) + { + lookup_fail(section,ENV_DEFAULT_MD); + goto err; + } + + if ((dgst=EVP_get_digestbyname(md)) == NULL) + { + BIO_printf(bio_err,"%s is an unsupported message digest type\n",md); + goto err; + } + if (req) { - if ((md == NULL) && ((md=NCONF_get_string(conf, - section,ENV_DEFAULT_MD)) == NULL)) - { - lookup_fail(section,ENV_DEFAULT_MD); - goto err; - } if ((email_dn == 1) && ((tmp_email_dn=NCONF_get_string(conf, section,ENV_DEFAULT_EMAIL_DN)) != NULL )) { if(strcmp(tmp_email_dn,"no") == 0) email_dn=0; } - if ((dgst=EVP_get_digestbyname(md)) == NULL) - { - BIO_printf(bio_err,"%s is an unsupported message digest type\n",md); - goto err; - } if (verbose) BIO_printf(bio_err,"message digest is %s\n", OBJ_nid2ln(dgst->type)); @@ -1131,7 +1158,7 @@ bad: { total++; j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db, - serial,subj,email_dn,startdate,enddate,days,extensions, + serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,extensions, conf,verbose,certopt,nameopt,default_op,ext_copy); if (j < 0) goto err; if (j > 0) @@ -1155,7 +1182,7 @@ bad: { total++; j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,attribs, - db,serial,subj,email_dn,startdate,enddate,days,batch, + db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch, extensions,conf,verbose, certopt, nameopt, default_op, ext_copy, e); if (j < 0) goto err; @@ -1174,10 +1201,10 @@ bad: if (infile != NULL) { total++; - j=certify(&x,infile,pkey,x509,dgst,attribs,db, - serial,subj,email_dn,startdate,enddate,days,batch, + j=certify(&x,infile,pkey,x509p,dgst,attribs,db, + serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch, extensions,conf,verbose, certopt, nameopt, - default_op, ext_copy); + default_op, ext_copy, selfsign); if (j < 0) goto err; if (j > 0) { @@ -1194,10 +1221,10 @@ bad: for (i=0; i<argc; i++) { total++; - j=certify(&x,argv[i],pkey,x509,dgst,attribs,db, - serial,subj,email_dn,startdate,enddate,days,batch, + j=certify(&x,argv[i],pkey,x509p,dgst,attribs,db, + serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch, extensions,conf,verbose, certopt, nameopt, - default_op, ext_copy); + default_op, ext_copy, selfsign); if (j < 0) goto err; if (j > 0) { @@ -1248,7 +1275,7 @@ bad: x=sk_X509_value(cert_sk,i); j=x->cert_info->serialNumber->length; - p=(char *)x->cert_info->serialNumber->data; + p=(const char *)x->cert_info->serialNumber->data; if(strlen(outdir) >= (size_t)(j ? BSIZE-j*2-6 : BSIZE-8)) { @@ -1369,7 +1396,7 @@ bad: for (i=0; i<sk_num(db->db->data); i++) { - pp=(char **)sk_value(db->db->data,i); + pp=(const char **)sk_value(db->db->data,i); if (pp[DB_type][0] == DB_TYPE_REV) { if ((r=X509_REVOKED_new()) == NULL) goto err; @@ -1395,23 +1422,15 @@ bad: /* we now have a CRL */ if (verbose) BIO_printf(bio_err,"signing CRL\n"); - if (md != NULL) - { - if ((dgst=EVP_get_digestbyname(md)) == NULL) - { - BIO_printf(bio_err,"%s is an unsupported message digest type\n",md); - goto err; - } - } - else - { #ifndef OPENSSL_NO_DSA - if (pkey->type == EVP_PKEY_DSA) - dgst=EVP_dss1(); - else + if (pkey->type == EVP_PKEY_DSA) + dgst=EVP_dss1(); + else +#endif +#ifndef OPENSSL_NO_ECDSA + if (pkey->type == EVP_PKEY_EC) + dgst=EVP_ecdsa(); #endif - dgst=EVP_md5(); - } /* Add any extensions asked for */ @@ -1498,7 +1517,7 @@ err: BN_free(serial); free_index(db); EVP_PKEY_free(pkey); - X509_free(x509); + if (x509) X509_free(x509); X509_CRL_free(crl); NCONF_free(conf); OBJ_cleanup(); @@ -1506,17 +1525,17 @@ err: OPENSSL_EXIT(ret); } -static void lookup_fail(char *name, char *tag) +static void lookup_fail(const char *name, const char *tag) { BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag); } static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, - BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, + BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, - int ext_copy) + int ext_copy, int selfsign) { X509_REQ *req=NULL; BIO *in=NULL; @@ -1541,6 +1560,12 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, BIO_printf(bio_err,"Check that the request matches the signature\n"); + if (selfsign && !X509_REQ_check_private_key(req,pkey)) + { + BIO_printf(bio_err,"Certificate request and CA private key do not match\n"); + ok=0; + goto err; + } if ((pktmp=X509_REQ_get_pubkey(req)) == NULL) { BIO_printf(bio_err,"error unpacking public key\n"); @@ -1563,9 +1588,9 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, else BIO_printf(bio_err,"Signature ok\n"); - ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj, email_dn, + ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn, email_dn, startdate,enddate,days,batch,verbose,req,ext_sect,lconf, - certopt, nameopt, default_op, ext_copy); + certopt, nameopt, default_op, ext_copy, selfsign); err: if (req != NULL) X509_REQ_free(req); @@ -1575,7 +1600,7 @@ err: static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, - BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, + BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, ENGINE *e) @@ -1617,9 +1642,9 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL) goto err; - ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,email_dn,startdate,enddate, + ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn,email_dn,startdate,enddate, days,batch,verbose,rreq,ext_sect,lconf, certopt, nameopt, default_op, - ext_copy); + ext_copy, 0); err: if (rreq != NULL) X509_REQ_free(rreq); @@ -1629,10 +1654,11 @@ err: static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, + unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, int verbose, X509_REQ *req, char *ext_sect, CONF *lconf, unsigned long certopt, unsigned long nameopt, int default_op, - int ext_copy) + int ext_copy, int selfsign) { X509_NAME *name=NULL,*CAname=NULL,*subject=NULL, *dn_subject=NULL; ASN1_UTCTIME *tm,*tmptm; @@ -1644,7 +1670,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, X509_NAME_ENTRY *tne,*push; EVP_PKEY *pktmp; int ok= -1,i,j,last,nid; - char *p; + const char *p; CONF_VALUE *cv; char *row[DB_NUMBER],**rrow=NULL,**irow=NULL; char buf[25]; @@ -1661,7 +1687,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, if (subj) { - X509_NAME *n = do_subject(subj, MBSTRING_ASC); + X509_NAME *n = parse_name(subj, chtype, multirdn); if (!n) { @@ -1736,7 +1762,10 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, } /* take a copy of the issuer name before we mess with it. */ - CAname=X509_NAME_dup(x509->cert_info->subject); + if (selfsign) + CAname=X509_NAME_dup(name); + else + CAname=X509_NAME_dup(x509->cert_info->subject); if (CAname == NULL) goto err; str=str2=NULL; @@ -1948,8 +1977,16 @@ again2: if (BN_to_ASN1_INTEGER(serial,ci->serialNumber) == NULL) goto err; - if (!X509_set_issuer_name(ret,X509_get_subject_name(x509))) - goto err; + if (selfsign) + { + if (!X509_set_issuer_name(ret,subject)) + goto err; + } + else + { + if (!X509_set_issuer_name(ret,X509_get_subject_name(x509))) + goto err; + } if (strcmp(startdate,"today") == 0) X509_gmtime_adj(X509_get_notBefore(ret),0); @@ -1984,7 +2021,10 @@ again2: ci->extensions = NULL; /* Initialize the context structure */ - X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0); + if (selfsign) + X509V3_set_ctx(&ctx, ret, ret, req, NULL, 0); + else + X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0); if (extconf) { @@ -2051,7 +2091,7 @@ again2: BIO_printf(bio_err,"Certificate is to be certified until "); ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret)); - if (days) BIO_printf(bio_err," (%d days)",days); + if (days) BIO_printf(bio_err," (%ld days)",days); BIO_printf(bio_err, "\n"); if (!batch) @@ -2078,6 +2118,16 @@ again2: EVP_PKEY_copy_parameters(pktmp,pkey); EVP_PKEY_free(pktmp); #endif +#ifndef OPENSSL_NO_ECDSA + if (pkey->type == EVP_PKEY_EC) + dgst = EVP_ecdsa(); + pktmp = X509_get_pubkey(ret); + if (EVP_PKEY_missing_parameters(pktmp) && + !EVP_PKEY_missing_parameters(pkey)) + EVP_PKEY_copy_parameters(pktmp, pkey); + EVP_PKEY_free(pktmp); +#endif + if (!X509_sign(ret,pkey,dgst)) goto err; @@ -2174,7 +2224,7 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext) static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, - BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, + BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy) { @@ -2315,9 +2365,9 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, X509_REQ_set_pubkey(req,pktmp); EVP_PKEY_free(pktmp); - ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,email_dn,startdate,enddate, + ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn,email_dn,startdate,enddate, days,1,verbose,req,ext_sect,lconf, certopt, nameopt, default_op, - ext_copy); + ext_copy, 0); err: if (req != NULL) X509_REQ_free(req); if (parms != NULL) CONF_free(parms); @@ -2628,7 +2678,7 @@ err: return (cnt); } -static char *crl_reasons[] = { +static const char *crl_reasons[] = { /* CRL reason strings */ "unspecified", "keyCompromise", @@ -2656,7 +2706,8 @@ static char *crl_reasons[] = { char *make_revocation_str(int rev_type, char *rev_arg) { - char *reason = NULL, *other = NULL, *str; + char *other = NULL, *str; + const char *reason = NULL; ASN1_OBJECT *otmp; ASN1_UTCTIME *revtm = NULL; int i; @@ -2750,7 +2801,7 @@ char *make_revocation_str(int rev_type, char *rev_arg) */ -int make_revoked(X509_REVOKED *rev, char *str) +int make_revoked(X509_REVOKED *rev, const char *str) { char *tmp = NULL; int reason_code = -1; @@ -2804,129 +2855,6 @@ int make_revoked(X509_REVOKED *rev, char *str) return ret; } -/* - * subject is expected to be in the format /type0=value0/type1=value1/type2=... - * where characters may be escaped by \ - */ -X509_NAME *do_subject(char *subject, long chtype) - { - size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */ - char *buf = OPENSSL_malloc(buflen); - size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */ - char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *)); - char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *)); - - char *sp = subject, *bp = buf; - int i, ne_num = 0; - - X509_NAME *n = NULL; - int nid; - - if (!buf || !ne_types || !ne_values) - { - BIO_printf(bio_err, "malloc error\n"); - goto error; - } - - if (*subject != '/') - { - BIO_printf(bio_err, "Subject does not start with '/'.\n"); - goto error; - } - sp++; /* skip leading / */ - - while (*sp) - { - /* collect type */ - ne_types[ne_num] = bp; - while (*sp) - { - if (*sp == '\\') /* is there anything to escape in the type...? */ - { - if (*++sp) - *bp++ = *sp++; - else - { - BIO_printf(bio_err, "escape character at end of string\n"); - goto error; - } - } - else if (*sp == '=') - { - sp++; - *bp++ = '\0'; - break; - } - else - *bp++ = *sp++; - } - if (!*sp) - { - BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num); - goto error; - } - ne_values[ne_num] = bp; - while (*sp) - { - if (*sp == '\\') - { - if (*++sp) - *bp++ = *sp++; - else - { - BIO_printf(bio_err, "escape character at end of string\n"); - goto error; - } - } - else if (*sp == '/') - { - sp++; - break; - } - else - *bp++ = *sp++; - } - *bp++ = '\0'; - ne_num++; - } - - if (!(n = X509_NAME_new())) - goto error; - - for (i = 0; i < ne_num; i++) - { - if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef) - { - BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]); - continue; - } - - if (!*ne_values[i]) - { - BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]); - continue; - } - - if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,0)) - goto error; - } - - OPENSSL_free(ne_values); - OPENSSL_free(ne_types); - OPENSSL_free(buf); - return n; - -error: - X509_NAME_free(n); - if (ne_values) - OPENSSL_free(ne_values); - if (ne_types) - OPENSSL_free(ne_types); - if (buf) - OPENSSL_free(buf); - return NULL; -} - int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str) { char buf[25],*pbuf, *p; @@ -2966,12 +2894,13 @@ int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str) return 1; } -int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME **pinvtm, char *str) +int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME **pinvtm, const char *str) { char *tmp = NULL; char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p; int reason_code = -1; - int i, ret = 0; + int ret = 0; + unsigned int i; ASN1_OBJECT *hold = NULL; ASN1_GENERALIZEDTIME *comp_time = NULL; tmp = BUF_strdup(str); diff --git a/crypto/openssl/apps/ciphers.c b/crypto/openssl/apps/ciphers.c index 7c62fc5..43f0ac5 100644 --- a/crypto/openssl/apps/ciphers.c +++ b/crypto/openssl/apps/ciphers.c @@ -69,7 +69,7 @@ #undef PROG #define PROG ciphers_main -static char *ciphers_usage[]={ +static const char *ciphers_usage[]={ "usage: ciphers args\n", " -v - verbose mode, a textual listing of the ciphers in SSLeay\n", " -ssl2 - SSL2 mode\n", @@ -84,7 +84,7 @@ int MAIN(int argc, char **argv) { int ret=1,i; int verbose=0; - char **pp; + const char **pp; const char *p; int badops=0; SSL_CTX *ctx=NULL; diff --git a/crypto/openssl/apps/crl.c b/crypto/openssl/apps/crl.c index 81d6658..a0040fb 100644 --- a/crypto/openssl/apps/crl.c +++ b/crypto/openssl/apps/crl.c @@ -72,7 +72,7 @@ #undef POSTFIX #define POSTFIX ".rvk" -static char *crl_usage[]={ +static const char *crl_usage[]={ "usage: crl args\n", "\n", " -inform arg - input format - default PEM (DER or PEM)\n", @@ -108,14 +108,14 @@ int MAIN(int argc, char **argv) char *infile=NULL,*outfile=NULL; int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0; int fingerprint = 0; - char **pp; + const char **pp; X509_STORE *store = NULL; X509_STORE_CTX ctx; X509_LOOKUP *lookup = NULL; X509_OBJECT xobj; EVP_PKEY *pkey; int do_ver = 0; - const EVP_MD *md_alg,*digest=EVP_md5(); + const EVP_MD *md_alg,*digest=EVP_sha1(); apps_startup(); @@ -355,7 +355,11 @@ bad: if (text) X509_CRL_print(out, x); - if (noout) goto end; + if (noout) + { + ret = 0; + goto end; + } if (outformat == FORMAT_ASN1) i=(int)i2d_X509_CRL_bio(out,x); diff --git a/crypto/openssl/apps/dgst.c b/crypto/openssl/apps/dgst.c index f8d9a70..c13535f 100644 --- a/crypto/openssl/apps/dgst.c +++ b/crypto/openssl/apps/dgst.c @@ -66,7 +66,6 @@ #include <openssl/objects.h> #include <openssl/x509.h> #include <openssl/pem.h> -#include <openssl/hmac.h> #undef BUFSIZE #define BUFSIZE 1024*8 @@ -74,11 +73,9 @@ #undef PROG #define PROG dgst_main -static HMAC_CTX hmac_ctx; - int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title, - const char *file,BIO *bmd,const char *hmac_key); + const char *file); int MAIN(int, char **); @@ -103,10 +100,10 @@ int MAIN(int argc, char **argv) EVP_PKEY *sigkey = NULL; unsigned char *sigbuf = NULL; int siglen = 0; + char *passargin = NULL, *passin = NULL; #ifndef OPENSSL_NO_ENGINE char *engine=NULL; #endif - char *hmac_key=NULL; apps_startup(); @@ -149,6 +146,12 @@ int MAIN(int argc, char **argv) if (--argc < 1) break; keyfile=*(++argv); } + else if (!strcmp(*argv,"-passin")) + { + if (--argc < 1) + break; + passargin=*++argv; + } else if (strcmp(*argv,"-verify") == 0) { if (--argc < 1) break; @@ -185,12 +188,6 @@ int MAIN(int argc, char **argv) out_bin = 1; else if (strcmp(*argv,"-d") == 0) debug=1; - else if (!strcmp(*argv,"-hmac")) - { - if (--argc < 1) - break; - hmac_key=*++argv; - } else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL) md=m; else @@ -232,10 +229,20 @@ int MAIN(int argc, char **argv) LN_md4,LN_md4); BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", LN_md2,LN_md2); +#ifndef OPENSSL_NO_SHA BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", LN_sha1,LN_sha1); BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", LN_sha,LN_sha); +#ifndef OPENSSL_NO_SHA256 + BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + LN_sha256,LN_sha256); +#endif +#ifndef OPENSSL_NO_SHA512 + BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + LN_sha512,LN_sha512); +#endif +#endif BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", LN_mdc2,LN_mdc2); BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", @@ -245,7 +252,7 @@ int MAIN(int argc, char **argv) } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + e = setup_engine(bio_err, engine, 0); #endif in=BIO_new(BIO_s_file()); @@ -257,6 +264,12 @@ int MAIN(int argc, char **argv) BIO_set_callback_arg(in,bio_err); } + if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) + { + BIO_printf(bio_err, "Error getting password\n"); + goto end; + } + if ((in == NULL) || (bmd == NULL)) { ERR_print_errors(bio_err); @@ -298,7 +311,7 @@ int MAIN(int argc, char **argv) sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL, e, "key file"); else - sigkey = load_key(bio_err, keyfile, keyform, 0, NULL, + sigkey = load_key(bio_err, keyfile, keyform, 0, passin, e, "key file"); if (!sigkey) { @@ -328,6 +341,8 @@ int MAIN(int argc, char **argv) goto end; } } + + /* we use md as a filter, reading from 'in' */ if (!BIO_set_md(bmd,md)) @@ -343,7 +358,7 @@ int MAIN(int argc, char **argv) { BIO_set_fp(in,stdin,BIO_NOCLOSE); err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf, - siglen,"","(stdin)",bmd,hmac_key); + siglen,"","(stdin)"); } else { @@ -361,15 +376,14 @@ int MAIN(int argc, char **argv) } if(!out_bin) { - size_t len = strlen(name)+strlen(argv[i])+(hmac_key ? 5 : 0)+5; + size_t len = strlen(name)+strlen(argv[i])+5; tmp=tofree=OPENSSL_malloc(len); - BIO_snprintf(tmp,len,"%s%s(%s)= ", - hmac_key ? "HMAC-" : "",name,argv[i]); + BIO_snprintf(tmp,len,"%s(%s)= ",name,argv[i]); } else tmp=""; r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf, - siglen,tmp,argv[i],bmd,hmac_key); + siglen,tmp,argv[i]); if(r) err=r; if(tofree) @@ -384,6 +398,8 @@ end: OPENSSL_free(buf); } if (in != NULL) BIO_free(in); + if (passin) + OPENSSL_free(passin); BIO_free_all(out); EVP_PKEY_free(sigkey); if(sigbuf) OPENSSL_free(sigbuf); @@ -394,21 +410,11 @@ end: int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title, - const char *file,BIO *bmd,const char *hmac_key) + const char *file) { - unsigned int len; + int len; int i; - EVP_MD_CTX *md_ctx; - if (hmac_key) - { - EVP_MD *md; - - BIO_get_md(bmd,&md); - HMAC_Init(&hmac_ctx,hmac_key,strlen(hmac_key),md); - BIO_get_md_ctx(bmd,&md_ctx); - BIO_set_md_ctx(bmd,&hmac_ctx.md_ctx); - } for (;;) { i=BIO_read(bp,(char *)buf,BUFSIZE); @@ -451,11 +457,6 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, return 1; } } - else if(hmac_key) - { - HMAC_Final(&hmac_ctx,buf,&len); - HMAC_CTX_cleanup(&hmac_ctx); - } else len=BIO_gets(bp,(char *)buf,BUFSIZE); @@ -463,7 +464,7 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, else { BIO_write(out,title,strlen(title)); - for (i=0; (unsigned int)i<len; i++) + for (i=0; i<len; i++) { if (sep && (i != 0)) BIO_printf(out, ":"); @@ -471,10 +472,6 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, } BIO_printf(out, "\n"); } - if (hmac_key) - { - BIO_set_md_ctx(bmd,md_ctx); - } return 0; } diff --git a/crypto/openssl/apps/dh.c b/crypto/openssl/apps/dh.c index cd01fed..c4d891e 100644 --- a/crypto/openssl/apps/dh.c +++ b/crypto/openssl/apps/dh.c @@ -57,6 +57,7 @@ * [including the GNU Public Licence.] */ +#include <openssl/opensslconf.h> /* for OPENSSL_NO_DH */ #ifndef OPENSSL_NO_DH #include <stdio.h> #include <stdlib.h> diff --git a/crypto/openssl/apps/dhparam.c b/crypto/openssl/apps/dhparam.c index dc00355..04bd57c 100644 --- a/crypto/openssl/apps/dhparam.c +++ b/crypto/openssl/apps/dhparam.c @@ -109,6 +109,7 @@ * */ +#include <openssl/opensslconf.h> /* for OPENSSL_NO_DH */ #ifndef OPENSSL_NO_DH #include <stdio.h> #include <stdlib.h> @@ -142,7 +143,7 @@ * -C */ -static void MS_CALLBACK dh_cb(int p, int n, void *arg); +static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb); int MAIN(int, char **); @@ -294,6 +295,8 @@ bad: if(num) { + BN_GENCB cb; + BN_GENCB_set(&cb, dh_cb, bio_err); if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) { BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); @@ -305,12 +308,13 @@ bad: #ifndef OPENSSL_NO_DSA if (dsaparam) { - DSA *dsa; + DSA *dsa = DSA_new(); BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num); - dsa = DSA_generate_parameters(num, NULL, 0, NULL, NULL, dh_cb, bio_err); - if (dsa == NULL) + if(!dsa || !DSA_generate_parameters_ex(dsa, num, + NULL, 0, NULL, NULL, &cb)) { + if(dsa) DSA_free(dsa); ERR_print_errors(bio_err); goto end; } @@ -326,12 +330,12 @@ bad: else #endif { + dh = DH_new(); BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g); BIO_printf(bio_err,"This is going to take a long time\n"); - dh=DH_generate_parameters(num,g,dh_cb,bio_err); - - if (dh == NULL) + if(!dh || !DH_generate_parameters_ex(dh, num, g, &cb)) { + if(dh) DH_free(dh); ERR_print_errors(bio_err); goto end; } @@ -534,7 +538,7 @@ end: } /* dh_cb is identical to dsa_cb in apps/dsaparam.c */ -static void MS_CALLBACK dh_cb(int p, int n, void *arg) +static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb) { char c='*'; @@ -542,11 +546,12 @@ static void MS_CALLBACK dh_cb(int p, int n, void *arg) if (p == 1) c='+'; if (p == 2) c='*'; if (p == 3) c='\n'; - BIO_write((BIO *)arg,&c,1); - (void)BIO_flush((BIO *)arg); + BIO_write(cb->arg,&c,1); + (void)BIO_flush(cb->arg); #ifdef LINT p=n; #endif + return 1; } #endif diff --git a/crypto/openssl/apps/dsa.c b/crypto/openssl/apps/dsa.c index e9de3a3..a5ec5d7 100644 --- a/crypto/openssl/apps/dsa.c +++ b/crypto/openssl/apps/dsa.c @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */ #ifndef OPENSSL_NO_DSA #include <stdio.h> #include <stdlib.h> @@ -68,6 +69,7 @@ #include <openssl/evp.h> #include <openssl/x509.h> #include <openssl/pem.h> +#include <openssl/bn.h> #undef PROG #define PROG dsa_main diff --git a/crypto/openssl/apps/dsaparam.c b/crypto/openssl/apps/dsaparam.c index 04861e8..c301e81 100644 --- a/crypto/openssl/apps/dsaparam.c +++ b/crypto/openssl/apps/dsaparam.c @@ -56,6 +56,13 @@ * [including the GNU Public Licence.] */ +#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */ +/* Until the key-gen callbacks are modified to use newer prototypes, we allow + * deprecated functions for openssl-internal code */ +#ifdef OPENSSL_NO_DEPRECATED +#undef OPENSSL_NO_DEPRECATED +#endif + #ifndef OPENSSL_NO_DSA #include <assert.h> #include <stdio.h> @@ -82,9 +89,23 @@ * -C * -noout * -genkey + * #ifdef GENCB_TEST + * -timebomb n - interrupt keygen after <n> seconds + * #endif */ -static void MS_CALLBACK dsa_cb(int p, int n, void *arg); +#ifdef GENCB_TEST + +static int stop_keygen_flag = 0; + +static void timebomb_sigalarm(int foo) + { + stop_keygen_flag = 1; + } + +#endif + +static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb); int MAIN(int, char **); @@ -103,6 +124,9 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_ENGINE char *engine=NULL; #endif +#ifdef GENCB_TEST + int timebomb=0; +#endif apps_startup(); @@ -150,6 +174,13 @@ int MAIN(int argc, char **argv) engine = *(++argv); } #endif +#ifdef GENCB_TEST + else if(strcmp(*argv, "-timebomb") == 0) + { + if (--argc < 1) goto bad; + timebomb = atoi(*(++argv)); + } +#endif else if (strcmp(*argv,"-text") == 0) text=1; else if (strcmp(*argv,"-C") == 0) @@ -200,6 +231,9 @@ bad: #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); #endif +#ifdef GENCB_TEST + BIO_printf(bio_err," -timebomb n interrupt keygen after <n> seconds\n"); +#endif BIO_printf(bio_err," number number of bits to use for generating private key\n"); goto end; } @@ -257,10 +291,47 @@ bad: if (numbits > 0) { + BN_GENCB cb; + BN_GENCB_set(&cb, dsa_cb, bio_err); assert(need_rand); + dsa = DSA_new(); + if(!dsa) + { + BIO_printf(bio_err,"Error allocating DSA object\n"); + goto end; + } BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num); BIO_printf(bio_err,"This could take some time\n"); - dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL, dsa_cb,bio_err); +#ifdef GENCB_TEST + if(timebomb > 0) + { + struct sigaction act; + act.sa_handler = timebomb_sigalarm; + act.sa_flags = 0; + BIO_printf(bio_err,"(though I'll stop it if not done within %d secs)\n", + timebomb); + if(sigaction(SIGALRM, &act, NULL) != 0) + { + BIO_printf(bio_err,"Error, couldn't set SIGALRM handler\n"); + goto end; + } + alarm(timebomb); + } +#endif + if(!DSA_generate_parameters_ex(dsa,num,NULL,0,NULL,NULL, &cb)) + { +#ifdef GENCB_TEST + if(stop_keygen_flag) + { + BIO_printf(bio_err,"DSA key generation time-stopped\n"); + /* This is an asked-for behaviour! */ + ret = 0; + goto end; + } +#endif + BIO_printf(bio_err,"Error, DSA key generation failed\n"); + goto end; + } } else if (informat == FORMAT_ASN1) dsa=d2i_DSAparams_bio(in,NULL); @@ -385,7 +456,7 @@ end: OPENSSL_EXIT(ret); } -static void MS_CALLBACK dsa_cb(int p, int n, void *arg) +static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb) { char c='*'; @@ -393,10 +464,15 @@ static void MS_CALLBACK dsa_cb(int p, int n, void *arg) if (p == 1) c='+'; if (p == 2) c='*'; if (p == 3) c='\n'; - BIO_write(arg,&c,1); - (void)BIO_flush(arg); + BIO_write(cb->arg,&c,1); + (void)BIO_flush(cb->arg); #ifdef LINT p=n; #endif +#ifdef GENCB_TEST + if(stop_keygen_flag) + return 0; +#endif + return 1; } #endif diff --git a/crypto/openssl/apps/ec.c b/crypto/openssl/apps/ec.c new file mode 100644 index 0000000..9ddaddf --- /dev/null +++ b/crypto/openssl/apps/ec.c @@ -0,0 +1,400 @@ +/* apps/ec.c */ +/* + * Written by Nils Larsch for the OpenSSL project. + */ +/* ==================================================================== + * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <openssl/opensslconf.h> +#ifndef OPENSSL_NO_EC +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include "apps.h" +#include <openssl/bio.h> +#include <openssl/err.h> +#include <openssl/evp.h> +#include <openssl/pem.h> + +#undef PROG +#define PROG ec_main + +/* -inform arg - input format - default PEM (one of DER, NET or PEM) + * -outform arg - output format - default PEM + * -in arg - input file - default stdin + * -out arg - output file - default stdout + * -des - encrypt output if PEM format with DES in cbc mode + * -text - print a text version + * -param_out - print the elliptic curve parameters + * -conv_form arg - specifies the point encoding form + * -param_enc arg - specifies the parameter encoding + */ + +int MAIN(int, char **); + +int MAIN(int argc, char **argv) +{ +#ifndef OPENSSL_NO_ENGINE + ENGINE *e = NULL; +#endif + int ret = 1; + EC_KEY *eckey = NULL; + const EC_GROUP *group; + int i, badops = 0; + const EVP_CIPHER *enc = NULL; + BIO *in = NULL, *out = NULL; + int informat, outformat, text=0, noout=0; + int pubin = 0, pubout = 0, param_out = 0; + char *infile, *outfile, *prog, *engine; + char *passargin = NULL, *passargout = NULL; + char *passin = NULL, *passout = NULL; + point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED; + int new_form = 0; + int asn1_flag = OPENSSL_EC_NAMED_CURVE; + int new_asn1_flag = 0; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); + + if (!load_config(bio_err, NULL)) + goto end; + + engine = NULL; + infile = NULL; + outfile = NULL; + informat = FORMAT_PEM; + outformat = FORMAT_PEM; + + prog = argv[0]; + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-inform") == 0) + { + if (--argc < 1) goto bad; + informat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-outform") == 0) + { + if (--argc < 1) goto bad; + outformat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-passin") == 0) + { + if (--argc < 1) goto bad; + passargin= *(++argv); + } + else if (strcmp(*argv,"-passout") == 0) + { + if (--argc < 1) goto bad; + passargout= *(++argv); + } + else if (strcmp(*argv, "-engine") == 0) + { + if (--argc < 1) goto bad; + engine= *(++argv); + } + else if (strcmp(*argv, "-noout") == 0) + noout = 1; + else if (strcmp(*argv, "-text") == 0) + text = 1; + else if (strcmp(*argv, "-conv_form") == 0) + { + if (--argc < 1) + goto bad; + ++argv; + new_form = 1; + if (strcmp(*argv, "compressed") == 0) + form = POINT_CONVERSION_COMPRESSED; + else if (strcmp(*argv, "uncompressed") == 0) + form = POINT_CONVERSION_UNCOMPRESSED; + else if (strcmp(*argv, "hybrid") == 0) + form = POINT_CONVERSION_HYBRID; + else + goto bad; + } + else if (strcmp(*argv, "-param_enc") == 0) + { + if (--argc < 1) + goto bad; + ++argv; + new_asn1_flag = 1; + if (strcmp(*argv, "named_curve") == 0) + asn1_flag = OPENSSL_EC_NAMED_CURVE; + else if (strcmp(*argv, "explicit") == 0) + asn1_flag = 0; + else + goto bad; + } + else if (strcmp(*argv, "-param_out") == 0) + param_out = 1; + else if (strcmp(*argv, "-pubin") == 0) + pubin=1; + else if (strcmp(*argv, "-pubout") == 0) + pubout=1; + else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL) + { + BIO_printf(bio_err, "unknown option %s\n", *argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { +bad: + BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog); + BIO_printf(bio_err, "where options are\n"); + BIO_printf(bio_err, " -inform arg input format - " + "DER or PEM\n"); + BIO_printf(bio_err, " -outform arg output format - " + "DER or PEM\n"); + BIO_printf(bio_err, " -in arg input file\n"); + BIO_printf(bio_err, " -passin arg input file pass " + "phrase source\n"); + BIO_printf(bio_err, " -out arg output file\n"); + BIO_printf(bio_err, " -passout arg output file pass " + "phrase source\n"); + BIO_printf(bio_err, " -engine e use engine e, " + "possibly a hardware device.\n"); + BIO_printf(bio_err, " -des encrypt PEM output, " + "instead of 'des' every other \n" + " cipher " + "supported by OpenSSL can be used\n"); + BIO_printf(bio_err, " -text print the key\n"); + BIO_printf(bio_err, " -noout don't print key out\n"); + BIO_printf(bio_err, " -param_out print the elliptic " + "curve parameters\n"); + BIO_printf(bio_err, " -conv_form arg specifies the " + "point conversion form \n"); + BIO_printf(bio_err, " possible values:" + " compressed\n"); + BIO_printf(bio_err, " " + " uncompressed (default)\n"); + BIO_printf(bio_err, " " + " hybrid\n"); + BIO_printf(bio_err, " -param_enc arg specifies the way" + " the ec parameters are encoded\n"); + BIO_printf(bio_err, " in the asn1 der " + "encoding\n"); + BIO_printf(bio_err, " possilbe values:" + " named_curve (default)\n"); + BIO_printf(bio_err," " + "explicit\n"); + goto end; + } + + ERR_load_crypto_strings(); + +#ifndef OPENSSL_NO_ENGINE + e = setup_engine(bio_err, engine, 0); +#endif + + if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) + { + BIO_printf(bio_err, "Error getting passwords\n"); + goto end; + } + + in = BIO_new(BIO_s_file()); + out = BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL)) + { + ERR_print_errors(bio_err); + goto end; + } + + if (infile == NULL) + BIO_set_fp(in, stdin, BIO_NOCLOSE); + else + { + if (BIO_read_filename(in, infile) <= 0) + { + perror(infile); + goto end; + } + } + + BIO_printf(bio_err, "read EC key\n"); + if (informat == FORMAT_ASN1) + { + if (pubin) + eckey = d2i_EC_PUBKEY_bio(in, NULL); + else + eckey = d2i_ECPrivateKey_bio(in, NULL); + } + else if (informat == FORMAT_PEM) + { + if (pubin) + eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, + NULL); + else + eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL, + passin); + } + else + { + BIO_printf(bio_err, "bad input format specified for key\n"); + goto end; + } + if (eckey == NULL) + { + BIO_printf(bio_err,"unable to load Key\n"); + ERR_print_errors(bio_err); + goto end; + } + + if (outfile == NULL) + { + BIO_set_fp(out, stdout, BIO_NOCLOSE); +#ifdef OPENSSL_SYS_VMS + { + BIO *tmpbio = BIO_new(BIO_f_linebuffer()); + out = BIO_push(tmpbio, out); + } +#endif + } + else + { + if (BIO_write_filename(out, outfile) <= 0) + { + perror(outfile); + goto end; + } + } + + group = EC_KEY_get0_group(eckey); + + if (new_form) + EC_KEY_set_conv_form(eckey, form); + + if (new_asn1_flag) + EC_KEY_set_asn1_flag(eckey, asn1_flag); + + if (text) + if (!EC_KEY_print(out, eckey, 0)) + { + perror(outfile); + ERR_print_errors(bio_err); + goto end; + } + + if (noout) + goto end; + + BIO_printf(bio_err, "writing EC key\n"); + if (outformat == FORMAT_ASN1) + { + if (param_out) + i = i2d_ECPKParameters_bio(out, group); + else if (pubin || pubout) + i = i2d_EC_PUBKEY_bio(out, eckey); + else + i = i2d_ECPrivateKey_bio(out, eckey); + } + else if (outformat == FORMAT_PEM) + { + if (param_out) + i = PEM_write_bio_ECPKParameters(out, group); + else if (pubin || pubout) + i = PEM_write_bio_EC_PUBKEY(out, eckey); + else + i = PEM_write_bio_ECPrivateKey(out, eckey, enc, + NULL, 0, NULL, passout); + } + else + { + BIO_printf(bio_err, "bad output format specified for " + "outfile\n"); + goto end; + } + + if (!i) + { + BIO_printf(bio_err, "unable to write private key\n"); + ERR_print_errors(bio_err); + } + else + ret=0; +end: + if (in) + BIO_free(in); + if (out) + BIO_free_all(out); + if (eckey) + EC_KEY_free(eckey); + if (passin) + OPENSSL_free(passin); + if (passout) + OPENSSL_free(passout); + apps_shutdown(); + OPENSSL_EXIT(ret); +} +#endif diff --git a/crypto/openssl/apps/ecparam.c b/crypto/openssl/apps/ecparam.c new file mode 100644 index 0000000..4e1fc83 --- /dev/null +++ b/crypto/openssl/apps/ecparam.c @@ -0,0 +1,728 @@ +/* apps/ecparam.c */ +/* + * Written by Nils Larsch for the OpenSSL project. + */ +/* ==================================================================== + * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the OpenSSL open source + * license provided above. + * + * The elliptic curve binary polynomial software is originally written by + * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. + * + */ + +#include <openssl/opensslconf.h> +#ifndef OPENSSL_NO_EC +#include <assert.h> +#include <stdio.h> +#include <stdlib.h> +#include <time.h> +#include <string.h> +#include "apps.h" +#include <openssl/bio.h> +#include <openssl/err.h> +#include <openssl/bn.h> +#include <openssl/ec.h> +#include <openssl/x509.h> +#include <openssl/pem.h> + +#undef PROG +#define PROG ecparam_main + +/* -inform arg - input format - default PEM (DER or PEM) + * -outform arg - output format - default PEM + * -in arg - input file - default stdin + * -out arg - output file - default stdout + * -noout - do not print the ec parameter + * -text - print the ec parameters in text form + * -check - validate the ec parameters + * -C - print a 'C' function creating the parameters + * -name arg - use the ec parameters with 'short name' name + * -list_curves - prints a list of all currently available curve 'short names' + * -conv_form arg - specifies the point conversion form + * - possible values: compressed + * uncompressed (default) + * hybrid + * -param_enc arg - specifies the way the ec parameters are encoded + * in the asn1 der encoding + * possible values: named_curve (default) + * explicit + * -no_seed - if 'explicit' parameters are choosen do not use the seed + * -genkey - generate ec key + * -rand file - files to use for random number input + * -engine e - use engine e, possibly a hardware device + */ + + +static int ecparam_print_var(BIO *,BIGNUM *,const char *,int,unsigned char *); + +int MAIN(int, char **); + +int MAIN(int argc, char **argv) + { + EC_GROUP *group = NULL; + point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED; + int new_form = 0; + int asn1_flag = OPENSSL_EC_NAMED_CURVE; + int new_asn1_flag = 0; + char *curve_name = NULL, *inrand = NULL; + int list_curves = 0, no_seed = 0, check = 0, + badops = 0, text = 0, i, need_rand = 0, genkey = 0; + char *infile = NULL, *outfile = NULL, *prog; + BIO *in = NULL, *out = NULL; + int informat, outformat, noout = 0, C = 0, ret = 1; +#ifndef OPENSSL_NO_ENGINE + ENGINE *e = NULL; +#endif + char *engine = NULL; + + BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL, + *ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL; + unsigned char *buffer = NULL; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + if (!load_config(bio_err, NULL)) + goto end; + + informat=FORMAT_PEM; + outformat=FORMAT_PEM; + + prog=argv[0]; + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-inform") == 0) + { + if (--argc < 1) goto bad; + informat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-outform") == 0) + { + if (--argc < 1) goto bad; + outformat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-text") == 0) + text = 1; + else if (strcmp(*argv,"-C") == 0) + C = 1; + else if (strcmp(*argv,"-check") == 0) + check = 1; + else if (strcmp (*argv, "-name") == 0) + { + if (--argc < 1) + goto bad; + curve_name = *(++argv); + } + else if (strcmp(*argv, "-list_curves") == 0) + list_curves = 1; + else if (strcmp(*argv, "-conv_form") == 0) + { + if (--argc < 1) + goto bad; + ++argv; + new_form = 1; + if (strcmp(*argv, "compressed") == 0) + form = POINT_CONVERSION_COMPRESSED; + else if (strcmp(*argv, "uncompressed") == 0) + form = POINT_CONVERSION_UNCOMPRESSED; + else if (strcmp(*argv, "hybrid") == 0) + form = POINT_CONVERSION_HYBRID; + else + goto bad; + } + else if (strcmp(*argv, "-param_enc") == 0) + { + if (--argc < 1) + goto bad; + ++argv; + new_asn1_flag = 1; + if (strcmp(*argv, "named_curve") == 0) + asn1_flag = OPENSSL_EC_NAMED_CURVE; + else if (strcmp(*argv, "explicit") == 0) + asn1_flag = 0; + else + goto bad; + } + else if (strcmp(*argv, "-no_seed") == 0) + no_seed = 1; + else if (strcmp(*argv, "-noout") == 0) + noout=1; + else if (strcmp(*argv,"-genkey") == 0) + { + genkey=1; + need_rand=1; + } + else if (strcmp(*argv, "-rand") == 0) + { + if (--argc < 1) goto bad; + inrand= *(++argv); + need_rand=1; + } + else if(strcmp(*argv, "-engine") == 0) + { + if (--argc < 1) goto bad; + engine = *(++argv); + } + else + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { +bad: + BIO_printf(bio_err, "%s [options] <infile >outfile\n",prog); + BIO_printf(bio_err, "where options are\n"); + BIO_printf(bio_err, " -inform arg input format - " + "default PEM (DER or PEM)\n"); + BIO_printf(bio_err, " -outform arg output format - " + "default PEM\n"); + BIO_printf(bio_err, " -in arg input file - " + "default stdin\n"); + BIO_printf(bio_err, " -out arg output file - " + "default stdout\n"); + BIO_printf(bio_err, " -noout do not print the " + "ec parameter\n"); + BIO_printf(bio_err, " -text print the ec " + "parameters in text form\n"); + BIO_printf(bio_err, " -check validate the ec " + "parameters\n"); + BIO_printf(bio_err, " -C print a 'C' " + "function creating the parameters\n"); + BIO_printf(bio_err, " -name arg use the " + "ec parameters with 'short name' name\n"); + BIO_printf(bio_err, " -list_curves prints a list of " + "all currently available curve 'short names'\n"); + BIO_printf(bio_err, " -conv_form arg specifies the " + "point conversion form \n"); + BIO_printf(bio_err, " possible values:" + " compressed\n"); + BIO_printf(bio_err, " " + " uncompressed (default)\n"); + BIO_printf(bio_err, " " + " hybrid\n"); + BIO_printf(bio_err, " -param_enc arg specifies the way" + " the ec parameters are encoded\n"); + BIO_printf(bio_err, " in the asn1 der " + "encoding\n"); + BIO_printf(bio_err, " possible values:" + " named_curve (default)\n"); + BIO_printf(bio_err, " " + " explicit\n"); + BIO_printf(bio_err, " -no_seed if 'explicit'" + " parameters are choosen do not" + " use the seed\n"); + BIO_printf(bio_err, " -genkey generate ec" + " key\n"); + BIO_printf(bio_err, " -rand file files to use for" + " random number input\n"); + BIO_printf(bio_err, " -engine e use engine e, " + "possibly a hardware device\n"); + goto end; + } + + ERR_load_crypto_strings(); + + in=BIO_new(BIO_s_file()); + out=BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL)) + { + ERR_print_errors(bio_err); + goto end; + } + + if (infile == NULL) + BIO_set_fp(in,stdin,BIO_NOCLOSE); + else + { + if (BIO_read_filename(in,infile) <= 0) + { + perror(infile); + goto end; + } + } + if (outfile == NULL) + { + BIO_set_fp(out,stdout,BIO_NOCLOSE); +#ifdef OPENSSL_SYS_VMS + { + BIO *tmpbio = BIO_new(BIO_f_linebuffer()); + out = BIO_push(tmpbio, out); + } +#endif + } + else + { + if (BIO_write_filename(out,outfile) <= 0) + { + perror(outfile); + goto end; + } + } + +#ifndef OPENSSL_NO_ENGINE + e = setup_engine(bio_err, engine, 0); +#endif + + if (list_curves) + { + EC_builtin_curve *curves = NULL; + size_t crv_len = 0; + size_t n = 0; + + crv_len = EC_get_builtin_curves(NULL, 0); + + curves = OPENSSL_malloc((int)(sizeof(EC_builtin_curve) * crv_len)); + + if (curves == NULL) + goto end; + + if (!EC_get_builtin_curves(curves, crv_len)) + { + OPENSSL_free(curves); + goto end; + } + + + for (n = 0; n < crv_len; n++) + { + const char *comment; + const char *sname; + comment = curves[n].comment; + sname = OBJ_nid2sn(curves[n].nid); + if (comment == NULL) + comment = "CURVE DESCRIPTION NOT AVAILABLE"; + if (sname == NULL) + sname = ""; + + BIO_printf(out, " %-10s: ", sname); + BIO_printf(out, "%s\n", comment); + } + + OPENSSL_free(curves); + ret = 0; + goto end; + } + + if (curve_name != NULL) + { + int nid; + + /* workaround for the SECG curve names secp192r1 + * and secp256r1 (which are the same as the curves + * prime192v1 and prime256v1 defined in X9.62) + */ + if (!strcmp(curve_name, "secp192r1")) + { + BIO_printf(bio_err, "using curve name prime192v1 " + "instead of secp192r1\n"); + nid = NID_X9_62_prime192v1; + } + else if (!strcmp(curve_name, "secp256r1")) + { + BIO_printf(bio_err, "using curve name prime256v1 " + "instead of secp256r1\n"); + nid = NID_X9_62_prime256v1; + } + else + nid = OBJ_sn2nid(curve_name); + + if (nid == 0) + { + BIO_printf(bio_err, "unknown curve name (%s)\n", + curve_name); + goto end; + } + + group = EC_GROUP_new_by_curve_name(nid); + if (group == NULL) + { + BIO_printf(bio_err, "unable to create curve (%s)\n", + curve_name); + goto end; + } + EC_GROUP_set_asn1_flag(group, asn1_flag); + EC_GROUP_set_point_conversion_form(group, form); + } + else if (informat == FORMAT_ASN1) + { + group = d2i_ECPKParameters_bio(in, NULL); + } + else if (informat == FORMAT_PEM) + { + group = PEM_read_bio_ECPKParameters(in,NULL,NULL,NULL); + } + else + { + BIO_printf(bio_err, "bad input format specified\n"); + goto end; + } + + if (group == NULL) + { + BIO_printf(bio_err, + "unable to load elliptic curve parameters\n"); + ERR_print_errors(bio_err); + goto end; + } + + if (new_form) + EC_GROUP_set_point_conversion_form(group, form); + + if (new_asn1_flag) + EC_GROUP_set_asn1_flag(group, asn1_flag); + + if (no_seed) + { + EC_GROUP_set_seed(group, NULL, 0); + } + + if (text) + { + if (!ECPKParameters_print(out, group, 0)) + goto end; + } + + if (check) + { + if (group == NULL) + BIO_printf(bio_err, "no elliptic curve parameters\n"); + BIO_printf(bio_err, "checking elliptic curve parameters: "); + if (!EC_GROUP_check(group, NULL)) + { + BIO_printf(bio_err, "failed\n"); + ERR_print_errors(bio_err); + } + else + BIO_printf(bio_err, "ok\n"); + + } + + if (C) + { + size_t buf_len = 0, tmp_len = 0; + const EC_POINT *point; + int is_prime, len = 0; + const EC_METHOD *meth = EC_GROUP_method_of(group); + + if ((ec_p = BN_new()) == NULL || (ec_a = BN_new()) == NULL || + (ec_b = BN_new()) == NULL || (ec_gen = BN_new()) == NULL || + (ec_order = BN_new()) == NULL || + (ec_cofactor = BN_new()) == NULL ) + { + perror("OPENSSL_malloc"); + goto end; + } + + is_prime = (EC_METHOD_get_field_type(meth) == + NID_X9_62_prime_field); + + if (is_prime) + { + if (!EC_GROUP_get_curve_GFp(group, ec_p, ec_a, + ec_b, NULL)) + goto end; + } + else + { + /* TODO */ + goto end; + } + + if ((point = EC_GROUP_get0_generator(group)) == NULL) + goto end; + if (!EC_POINT_point2bn(group, point, + EC_GROUP_get_point_conversion_form(group), ec_gen, + NULL)) + goto end; + if (!EC_GROUP_get_order(group, ec_order, NULL)) + goto end; + if (!EC_GROUP_get_cofactor(group, ec_cofactor, NULL)) + goto end; + + if (!ec_p || !ec_a || !ec_b || !ec_gen || + !ec_order || !ec_cofactor) + goto end; + + len = BN_num_bits(ec_order); + + if ((tmp_len = (size_t)BN_num_bytes(ec_p)) > buf_len) + buf_len = tmp_len; + if ((tmp_len = (size_t)BN_num_bytes(ec_a)) > buf_len) + buf_len = tmp_len; + if ((tmp_len = (size_t)BN_num_bytes(ec_b)) > buf_len) + buf_len = tmp_len; + if ((tmp_len = (size_t)BN_num_bytes(ec_gen)) > buf_len) + buf_len = tmp_len; + if ((tmp_len = (size_t)BN_num_bytes(ec_order)) > buf_len) + buf_len = tmp_len; + if ((tmp_len = (size_t)BN_num_bytes(ec_cofactor)) > buf_len) + buf_len = tmp_len; + + buffer = (unsigned char *)OPENSSL_malloc(buf_len); + + if (buffer == NULL) + { + perror("OPENSSL_malloc"); + goto end; + } + + ecparam_print_var(out, ec_p, "ec_p", len, buffer); + ecparam_print_var(out, ec_a, "ec_a", len, buffer); + ecparam_print_var(out, ec_b, "ec_b", len, buffer); + ecparam_print_var(out, ec_gen, "ec_gen", len, buffer); + ecparam_print_var(out, ec_order, "ec_order", len, buffer); + ecparam_print_var(out, ec_cofactor, "ec_cofactor", len, + buffer); + + BIO_printf(out, "\n\n"); + + BIO_printf(out, "EC_GROUP *get_ec_group_%d(void)\n\t{\n", len); + BIO_printf(out, "\tint ok=0;\n"); + BIO_printf(out, "\tEC_GROUP *group = NULL;\n"); + BIO_printf(out, "\tEC_POINT *point = NULL;\n"); + BIO_printf(out, "\tBIGNUM *tmp_1 = NULL, *tmp_2 = NULL, " + "*tmp_3 = NULL;\n\n"); + BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_p_%d, " + "sizeof(ec_p_%d), NULL)) == NULL)\n\t\t" + "goto err;\n", len, len); + BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_a_%d, " + "sizeof(ec_a_%d), NULL)) == NULL)\n\t\t" + "goto err;\n", len, len); + BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_b_%d, " + "sizeof(ec_b_%d), NULL)) == NULL)\n\t\t" + "goto err;\n", len, len); + if (is_prime) + { + BIO_printf(out, "\tif ((group = EC_GROUP_new_curve_" + "GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)" + "\n\t\tgoto err;\n\n"); + } + else + { + /* TODO */ + goto end; + } + BIO_printf(out, "\t/* build generator */\n"); + BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_gen_%d, " + "sizeof(ec_gen_%d), tmp_1)) == NULL)" + "\n\t\tgoto err;\n", len, len); + BIO_printf(out, "\tpoint = EC_POINT_bn2point(group, tmp_1, " + "NULL, NULL);\n"); + BIO_printf(out, "\tif (point == NULL)\n\t\tgoto err;\n"); + BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_order_%d, " + "sizeof(ec_order_%d), tmp_2)) == NULL)" + "\n\t\tgoto err;\n", len, len); + BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_cofactor_%d, " + "sizeof(ec_cofactor_%d), tmp_3)) == NULL)" + "\n\t\tgoto err;\n", len, len); + BIO_printf(out, "\tif (!EC_GROUP_set_generator(group, point," + " tmp_2, tmp_3))\n\t\tgoto err;\n"); + BIO_printf(out, "\n\tok=1;\n"); + BIO_printf(out, "err:\n"); + BIO_printf(out, "\tif (tmp_1)\n\t\tBN_free(tmp_1);\n"); + BIO_printf(out, "\tif (tmp_2)\n\t\tBN_free(tmp_2);\n"); + BIO_printf(out, "\tif (tmp_3)\n\t\tBN_free(tmp_3);\n"); + BIO_printf(out, "\tif (point)\n\t\tEC_POINT_free(point);\n"); + BIO_printf(out, "\tif (!ok)\n"); + BIO_printf(out, "\t\t{\n"); + BIO_printf(out, "\t\tEC_GROUP_free(group);\n"); + BIO_printf(out, "\t\tgroup = NULL;\n"); + BIO_printf(out, "\t\t}\n"); + BIO_printf(out, "\treturn(group);\n\t}\n"); + } + + if (!noout) + { + if (outformat == FORMAT_ASN1) + i = i2d_ECPKParameters_bio(out, group); + else if (outformat == FORMAT_PEM) + i = PEM_write_bio_ECPKParameters(out, group); + else + { + BIO_printf(bio_err,"bad output format specified for" + " outfile\n"); + goto end; + } + if (!i) + { + BIO_printf(bio_err, "unable to write elliptic " + "curve parameters\n"); + ERR_print_errors(bio_err); + goto end; + } + } + + if (need_rand) + { + app_RAND_load_file(NULL, bio_err, (inrand != NULL)); + if (inrand != NULL) + BIO_printf(bio_err,"%ld semi-random bytes loaded\n", + app_RAND_load_files(inrand)); + } + + if (genkey) + { + EC_KEY *eckey = EC_KEY_new(); + + if (eckey == NULL) + goto end; + + assert(need_rand); + + if (EC_KEY_set_group(eckey, group) == 0) + goto end; + + if (!EC_KEY_generate_key(eckey)) + { + EC_KEY_free(eckey); + goto end; + } + if (outformat == FORMAT_ASN1) + i = i2d_ECPrivateKey_bio(out, eckey); + else if (outformat == FORMAT_PEM) + i = PEM_write_bio_ECPrivateKey(out, eckey, NULL, + NULL, 0, NULL, NULL); + else + { + BIO_printf(bio_err, "bad output format specified " + "for outfile\n"); + EC_KEY_free(eckey); + goto end; + } + EC_KEY_free(eckey); + } + + if (need_rand) + app_RAND_write_file(NULL, bio_err); + + ret=0; +end: + if (ec_p) + BN_free(ec_p); + if (ec_a) + BN_free(ec_a); + if (ec_b) + BN_free(ec_b); + if (ec_gen) + BN_free(ec_gen); + if (ec_order) + BN_free(ec_order); + if (ec_cofactor) + BN_free(ec_cofactor); + if (buffer) + OPENSSL_free(buffer); + if (in != NULL) + BIO_free(in); + if (out != NULL) + BIO_free_all(out); + if (group != NULL) + EC_GROUP_free(group); + apps_shutdown(); + OPENSSL_EXIT(ret); +} + +static int ecparam_print_var(BIO *out, BIGNUM *in, const char *var, + int len, unsigned char *buffer) + { + BIO_printf(out, "static unsigned char %s_%d[] = {", var, len); + if (BN_is_zero(in)) + BIO_printf(out, "\n\t0x00"); + else + { + int i, l; + + l = BN_bn2bin(in, buffer); + for (i=0; i<l-1; i++) + { + if ((i%12) == 0) + BIO_printf(out, "\n\t"); + BIO_printf(out, "0x%02X,", buffer[i]); + } + if ((i%12) == 0) + BIO_printf(out, "\n\t"); + BIO_printf(out, "0x%02X", buffer[i]); + } + BIO_printf(out, "\n\t};\n\n"); + return 1; + } +#endif diff --git a/crypto/openssl/apps/enc.c b/crypto/openssl/apps/enc.c index cf1d98c..ea948f8 100644 --- a/crypto/openssl/apps/enc.c +++ b/crypto/openssl/apps/enc.c @@ -118,6 +118,7 @@ int MAIN(int argc, char **argv) int enc=1,printkey=0,i,base64=0; int debug=0,olb64=0,nosalt=0; const EVP_CIPHER *cipher=NULL,*c; + EVP_CIPHER_CTX *ctx = NULL; char *inf=NULL,*outf=NULL; BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL; #define PROG_NAME_SIZE 39 @@ -313,10 +314,7 @@ bad: if (dgst == NULL) { - if (in_FIPS_mode) - dgst = EVP_sha1(); - else - dgst = EVP_md5(); + dgst = EVP_md5(); } if (bufsize != NULL) @@ -539,13 +537,31 @@ bad: if ((benc=BIO_new(BIO_f_cipher())) == NULL) goto end; - BIO_set_cipher(benc,cipher,key,iv,enc); - if (nopad) + + /* Since we may be changing parameters work on the encryption + * context rather than calling BIO_set_cipher(). + */ + + BIO_get_cipher_ctx(benc, &ctx); + if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) { - EVP_CIPHER_CTX *ctx; - BIO_get_cipher_ctx(benc, &ctx); + BIO_printf(bio_err, "Error setting cipher %s\n", + EVP_CIPHER_name(cipher)); + ERR_print_errors(bio_err); + goto end; + } + + if (nopad) EVP_CIPHER_CTX_set_padding(ctx, 0); + + if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) + { + BIO_printf(bio_err, "Error setting cipher %s\n", + EVP_CIPHER_name(cipher)); + ERR_print_errors(bio_err); + goto end; } + if (debug) { BIO_set_callback(benc,BIO_debug_callback); @@ -557,7 +573,7 @@ bad: if (!nosalt) { printf("salt="); - for (i=0; i<sizeof salt; i++) + for (i=0; i<(int)sizeof(salt); i++) printf("%02X",salt[i]); printf("\n"); } diff --git a/crypto/openssl/apps/engine.c b/crypto/openssl/apps/engine.c index 12283d0..25c8617 100644 --- a/crypto/openssl/apps/engine.c +++ b/crypto/openssl/apps/engine.c @@ -72,14 +72,15 @@ #undef PROG #define PROG engine_main -static char *engine_usage[]={ +static const char *engine_usage[]={ "usage: engine opts [engine ...]\n", " -v[v[v[v]]] - verbose mode, for each engine, list its 'control commands'\n", " -vv will additionally display each command's description\n", " -vvv will also add the input flags for each command\n", " -vvvv will also show internal input flags\n", " -c - for each engine, also list the capabilities\n", -" -t - for each engine, check that they are really available\n", +" -t[t] - for each engine, check that they are really available\n", +" -tt will display error trace for unavailable engines\n", " -pre <cmd> - runs command 'cmd' against the ENGINE before any attempts\n", " to load it (if -t is used)\n", " -post <cmd> - runs command 'cmd' against the ENGINE after loading it\n", @@ -343,8 +344,8 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { int ret=1,i; - char **pp; - int verbose=0, list_cap=0, test_avail=0; + const char **pp; + int verbose=0, list_cap=0, test_avail=0, test_avail_noise = 0; ENGINE *e; STACK *engines = sk_new_null(); STACK *pre_cmds = sk_new_null(); @@ -382,16 +383,26 @@ int MAIN(int argc, char **argv) } else if (strcmp(*argv,"-c") == 0) list_cap=1; - else if (strcmp(*argv,"-t") == 0) + else if (strncmp(*argv,"-t",2) == 0) + { test_avail=1; + if(strspn(*argv + 1, "t") < strlen(*argv + 1)) + goto skip_arg_loop; + if((test_avail_noise = strlen(*argv + 1) - 1) > 1) + goto skip_arg_loop; + } else if (strcmp(*argv,"-pre") == 0) { argc--; argv++; + if (argc == 0) + goto skip_arg_loop; sk_push(pre_cmds,*argv); } else if (strcmp(*argv,"-post") == 0) { argc--; argv++; + if (argc == 0) + goto skip_arg_loop; sk_push(post_cmds,*argv); } else if ((strncmp(*argv,"-h",2) == 0) || @@ -498,7 +509,8 @@ skip_digests: else { BIO_printf(bio_out, "[ unavailable ]\n"); - ERR_print_errors_fp(stdout); + if(test_avail_noise) + ERR_print_errors_fp(stdout); ERR_clear_error(); } } @@ -512,6 +524,7 @@ skip_digests: ret=0; end: + ERR_print_errors(bio_err); sk_pop_free(engines, identity); sk_pop_free(pre_cmds, identity); diff --git a/crypto/openssl/apps/gendh.c b/crypto/openssl/apps/gendh.c index a34a862..4749786 100644 --- a/crypto/openssl/apps/gendh.c +++ b/crypto/openssl/apps/gendh.c @@ -57,6 +57,13 @@ * [including the GNU Public Licence.] */ +#include <openssl/opensslconf.h> +/* Until the key-gen callbacks are modified to use newer prototypes, we allow + * deprecated functions for openssl-internal code */ +#ifdef OPENSSL_NO_DEPRECATED +#undef OPENSSL_NO_DEPRECATED +#endif + #ifndef OPENSSL_NO_DH #include <stdio.h> #include <string.h> @@ -75,12 +82,13 @@ #undef PROG #define PROG gendh_main -static void MS_CALLBACK dh_cb(int p, int n, void *arg); +static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb); int MAIN(int, char **); int MAIN(int argc, char **argv) { + BN_GENCB cb; #ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; #endif @@ -96,6 +104,7 @@ int MAIN(int argc, char **argv) apps_startup(); + BN_GENCB_set(&cb, dh_cb, bio_err); if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); @@ -193,10 +202,10 @@ bad: BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g); BIO_printf(bio_err,"This is going to take a long time\n"); - dh=DH_generate_parameters(num,g,dh_cb,bio_err); - - if (dh == NULL) goto end; + if(((dh = DH_new()) == NULL) || !DH_generate_parameters_ex(dh, num, g, &cb)) + goto end; + app_RAND_write_file(NULL, bio_err); if (!PEM_write_bio_DHparams(out,dh)) @@ -211,7 +220,7 @@ end: OPENSSL_EXIT(ret); } -static void MS_CALLBACK dh_cb(int p, int n, void *arg) +static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb) { char c='*'; @@ -219,10 +228,11 @@ static void MS_CALLBACK dh_cb(int p, int n, void *arg) if (p == 1) c='+'; if (p == 2) c='*'; if (p == 3) c='\n'; - BIO_write((BIO *)arg,&c,1); - (void)BIO_flush((BIO *)arg); + BIO_write(cb->arg,&c,1); + (void)BIO_flush(cb->arg); #ifdef LINT p=n; #endif + return 1; } #endif diff --git a/crypto/openssl/apps/gendsa.c b/crypto/openssl/apps/gendsa.c index 6d2ed06..828e27f 100644 --- a/crypto/openssl/apps/gendsa.c +++ b/crypto/openssl/apps/gendsa.c @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */ #ifndef OPENSSL_NO_DSA #include <stdio.h> #include <string.h> diff --git a/crypto/openssl/apps/genrsa.c b/crypto/openssl/apps/genrsa.c index 63be873..4f62cfd 100644 --- a/crypto/openssl/apps/genrsa.c +++ b/crypto/openssl/apps/genrsa.c @@ -56,6 +56,13 @@ * [including the GNU Public Licence.] */ +#include <openssl/opensslconf.h> +/* Until the key-gen callbacks are modified to use newer prototypes, we allow + * deprecated functions for openssl-internal code */ +#ifdef OPENSSL_NO_DEPRECATED +#undef OPENSSL_NO_DEPRECATED +#endif + #ifndef OPENSSL_NO_RSA #include <stdio.h> #include <string.h> @@ -75,17 +82,17 @@ #undef PROG #define PROG genrsa_main -static void MS_CALLBACK genrsa_cb(int p, int n, void *arg); +static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb); int MAIN(int, char **); int MAIN(int argc, char **argv) { + BN_GENCB cb; #ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; #endif int ret=1; - RSA *rsa=NULL; int i,num=DEFBITS; long l; const EVP_CIPHER *enc=NULL; @@ -97,8 +104,13 @@ int MAIN(int argc, char **argv) #endif char *inrand=NULL; BIO *out=NULL; + BIGNUM *bn = BN_new(); + RSA *rsa = RSA_new(); + + if(!bn || !rsa) goto err; apps_startup(); + BN_GENCB_set(&cb, genrsa_cb, bio_err); if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) @@ -233,12 +245,12 @@ bad: BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n", num); - rsa=RSA_generate_key(num,f4,genrsa_cb,bio_err); + + if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb)) + goto err; app_RAND_write_file(NULL, bio_err); - if (rsa == NULL) goto err; - /* We need to do the following for when the base number size is < * long, esp windows 3.1 :-(. */ l=0L; @@ -262,8 +274,9 @@ bad: ret=0; err: - if (rsa != NULL) RSA_free(rsa); - if (out != NULL) BIO_free_all(out); + if (bn) BN_free(bn); + if (rsa) RSA_free(rsa); + if (out) BIO_free_all(out); if(passout) OPENSSL_free(passout); if (ret != 0) ERR_print_errors(bio_err); @@ -271,7 +284,7 @@ err: OPENSSL_EXIT(ret); } -static void MS_CALLBACK genrsa_cb(int p, int n, void *arg) +static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb) { char c='*'; @@ -279,11 +292,12 @@ static void MS_CALLBACK genrsa_cb(int p, int n, void *arg) if (p == 1) c='+'; if (p == 2) c='*'; if (p == 3) c='\n'; - BIO_write((BIO *)arg,&c,1); - (void)BIO_flush((BIO *)arg); + BIO_write(cb->arg,&c,1); + (void)BIO_flush(cb->arg); #ifdef LINT p=n; #endif + return 1; } #else /* !OPENSSL_NO_RSA */ diff --git a/crypto/openssl/apps/ocsp.c b/crypto/openssl/apps/ocsp.c index 856b797..52af592 100644 --- a/crypto/openssl/apps/ocsp.c +++ b/crypto/openssl/apps/ocsp.c @@ -64,6 +64,7 @@ #include <openssl/ocsp.h> #include <openssl/err.h> #include <openssl/ssl.h> +#include <openssl/bn.h> /* Maximum leeway in validity period: default 5 minutes */ #define MAX_VALIDITY_PERIOD (5 * 60) @@ -784,7 +785,7 @@ int MAIN(int argc, char **argv) if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) { - BIO_printf(out, "Responder Error: %s (%ld)\n", + BIO_printf(out, "Responder Error: %s (%d)\n", OCSP_response_status_str(i), i); if (ignore_err) goto redo_accept; @@ -850,7 +851,7 @@ int MAIN(int argc, char **argv) if(i <= 0) { - BIO_printf(bio_err, "Response Verify Failure\n", i); + BIO_printf(bio_err, "Response Verify Failure\n"); ERR_print_errors(bio_err); } else diff --git a/crypto/openssl/apps/openssl.c b/crypto/openssl/apps/openssl.c index 9a9ef91..02d86d5 100644 --- a/crypto/openssl/apps/openssl.c +++ b/crypto/openssl/apps/openssl.c @@ -129,7 +129,6 @@ #include "progs.h" #include "s_apps.h" #include <openssl/err.h> -#include <openssl/fips.h> /* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the * base prototypes (we cast each variable inside the function to the required @@ -148,7 +147,6 @@ char *default_config_file=NULL; #ifdef MONOLITH CONF *config=NULL; BIO *bio_err=NULL; -int in_FIPS_mode=0; #endif @@ -222,38 +220,18 @@ int main(int Argc, char *Argv[]) #define PROG_NAME_SIZE 39 char pname[PROG_NAME_SIZE+1]; FUNCTION f,*fp; - MS_STATIC char *prompt,buf[1024]; + MS_STATIC const char *prompt; + MS_STATIC char buf[1024]; char *to_free=NULL; int n,i,ret=0; int argc; char **argv,*p; LHASH *prog=NULL; long errline; - + arg.data=NULL; arg.count=0; - in_FIPS_mode = 0; - -#ifdef OPENSSL_FIPS - if(getenv("OPENSSL_FIPS")) { -#if defined(_WIN32) - char filename[MAX_PATH] = ""; - GetModuleFileName( NULL, filename, MAX_PATH) ; - p = filename; -#else - p = Argv[0]; -#endif - if (!FIPS_mode_set(1,p)) { - ERR_load_crypto_strings(); - ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); - exit(1); - } - in_FIPS_mode = 1; - if (getenv("OPENSSL_FIPS_MD5")) - FIPS_allow_md5(1); - } -#endif if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); @@ -511,7 +489,7 @@ static LHASH *prog_init(void) { LHASH *ret; FUNCTION *f; - int i; + size_t i; /* Purely so it looks nice when the user hits ? */ for(i=0,f=functions ; f->name != NULL ; ++f,++i) @@ -529,12 +507,12 @@ static LHASH *prog_init(void) /* static int MS_CALLBACK cmp(FUNCTION *a, FUNCTION *b) */ static int MS_CALLBACK cmp(const void *a_void, const void *b_void) { - return(strncmp(((FUNCTION *)a_void)->name, - ((FUNCTION *)b_void)->name,8)); + return(strncmp(((const FUNCTION *)a_void)->name, + ((const FUNCTION *)b_void)->name,8)); } /* static unsigned long MS_CALLBACK hash(FUNCTION *a) */ static unsigned long MS_CALLBACK hash(const void *a_void) { - return(lh_strhash(((FUNCTION *)a_void)->name)); + return(lh_strhash(((const FUNCTION *)a_void)->name)); } diff --git a/crypto/openssl/apps/openssl.cnf b/crypto/openssl/apps/openssl.cnf index af688a4..9e59020 100644 --- a/crypto/openssl/apps/openssl.cnf +++ b/crypto/openssl/apps/openssl.cnf @@ -44,8 +44,8 @@ new_certs_dir = $dir/newcerts # default place for new certs. certificate = $dir/cacert.pem # The CA certificate serial = $dir/serial # The current serial number -#crlnumber = $dir/crlnumber # the current crl number must be - # commented out to leave a V1 CRL +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL crl = $dir/crl.pem # The current CRL private_key = $dir/private/cakey.pem# The private key RANDFILE = $dir/private/.rand # private random number file @@ -67,7 +67,7 @@ cert_opt = ca_default # Certificate field options default_days = 365 # how long to certify for default_crl_days= 30 # how long before next CRL -default_md = md5 # which md to use. +default_md = sha1 # which md to use. preserve = no # keep passed DN ordering # A few difference way of specifying how similar the request should look @@ -188,7 +188,7 @@ nsComment = "OpenSSL Generated Certificate" # PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer:always +authorityKeyIdentifier=keyid,issuer # This stuff is for subjectAltName and issuerAltname. # Import the email address. @@ -258,3 +258,56 @@ basicConstraints = CA:true # issuerAltName=issuer:copy authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo diff --git a/crypto/openssl/apps/passwd.c b/crypto/openssl/apps/passwd.c index 3ad91d8..9ca25dd 100644 --- a/crypto/openssl/apps/passwd.c +++ b/crypto/openssl/apps/passwd.c @@ -312,7 +312,8 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */ unsigned char buf[MD5_DIGEST_LENGTH]; char *salt_out; - int n, i; + int n; + unsigned int i; EVP_MD_CTX md,md2; size_t passwd_len, salt_len; @@ -358,13 +359,13 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) for (i = 0; i < 1000; i++) { EVP_DigestInit_ex(&md2,EVP_md5(), NULL); - EVP_DigestUpdate(&md2, (i & 1) ? (unsigned char *) passwd : buf, + EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *) passwd : buf, (i & 1) ? passwd_len : sizeof buf); if (i % 3) EVP_DigestUpdate(&md2, salt_out, salt_len); if (i % 7) EVP_DigestUpdate(&md2, passwd, passwd_len); - EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned char *) passwd, + EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *) passwd, (i & 1) ? sizeof buf : passwd_len); EVP_DigestFinal_ex(&md2, buf, NULL); } @@ -473,7 +474,8 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, if ((strlen(passwd) > pw_maxlen)) { if (!quiet) - BIO_printf(bio_err, "Warning: truncating password to %u characters\n", pw_maxlen); + /* XXX: really we should know how to print a size_t, not cast it */ + BIO_printf(bio_err, "Warning: truncating password to %u characters\n", (unsigned)pw_maxlen); passwd[pw_maxlen] = 0; } assert(strlen(passwd) <= pw_maxlen); diff --git a/crypto/openssl/apps/pkcs12.c b/crypto/openssl/apps/pkcs12.c index 71192bd..c22c00f 100644 --- a/crypto/openssl/apps/pkcs12.c +++ b/crypto/openssl/apps/pkcs12.c @@ -1,11 +1,9 @@ /* pkcs12.c */ -#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1) - /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. + * project. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -58,6 +56,9 @@ * */ +#include <openssl/opensslconf.h> +#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1) + #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -83,7 +84,7 @@ int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int opti int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass, int passlen, int options, char *pempass); int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass); -int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name); +int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name); void hex_prin(BIO *out, unsigned char *buf, int len); int alg_print(BIO *x, X509_ALGOR *alg); int cert_load(BIO *in, STACK_OF(X509) *sk); @@ -166,10 +167,14 @@ int MAIN(int argc, char **argv) maciter = PKCS12_DEFAULT_ITER; else if (!strcmp (*args, "-nomaciter")) maciter = 1; + else if (!strcmp (*args, "-nomac")) + maciter = -1; else if (!strcmp (*args, "-nodes")) enc=NULL; else if (!strcmp (*args, "-certpbe")) { if (args[1]) { args++; + if (!strcmp(*args, "NONE")) + cert_pbe = -1; cert_pbe=OBJ_txt2nid(*args); if(cert_pbe == NID_undef) { BIO_printf(bio_err, @@ -180,7 +185,10 @@ int MAIN(int argc, char **argv) } else if (!strcmp (*args, "-keypbe")) { if (args[1]) { args++; - key_pbe=OBJ_txt2nid(*args); + if (!strcmp(*args, "NONE")) + key_pbe = -1; + else + key_pbe=OBJ_txt2nid(*args); if(key_pbe == NID_undef) { BIO_printf(bio_err, "Unknown PBE algorithm %s\n", *args); @@ -365,24 +373,6 @@ int MAIN(int argc, char **argv) goto end; } -#if 0 - if (certfile) { - if(!(certsin = BIO_new_file(certfile, "r"))) { - BIO_printf(bio_err, "Can't open certificate file %s\n", certfile); - perror (certfile); - goto end; - } - } - - if (keyname) { - if(!(inkey = BIO_new_file(keyname, "r"))) { - BIO_printf(bio_err, "Can't key certificate file %s\n", keyname); - perror (keyname); - goto end; - } - } -#endif - #ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); CRYPTO_push_info("write files"); @@ -419,27 +409,31 @@ int MAIN(int argc, char **argv) if (export_cert) { EVP_PKEY *key = NULL; - STACK_OF(PKCS12_SAFEBAG) *bags = NULL; - STACK_OF(PKCS7) *safes = NULL; - PKCS12_SAFEBAG *bag = NULL; - PKCS8_PRIV_KEY_INFO *p8 = NULL; - PKCS7 *authsafe = NULL; - X509 *ucert = NULL; + X509 *ucert = NULL, *x = NULL; STACK_OF(X509) *certs=NULL; - char *catmp = NULL; + unsigned char *catmp = NULL; int i; - unsigned char keyid[EVP_MAX_MD_SIZE]; - unsigned int keyidlen = 0; + + if ((options & (NOCERTS|NOKEYS)) == (NOCERTS|NOKEYS)) + { + BIO_printf(bio_err, "Nothing to do!\n"); + goto export_end; + } + + if (options & NOCERTS) + chain = 0; #ifdef CRYPTO_MDEBUG CRYPTO_push_info("process -export_cert"); CRYPTO_push_info("reading private key"); #endif - key = load_key(bio_err, keyname ? keyname : infile, FORMAT_PEM, 1, - passin, e, "private key"); - if (!key) { - goto export_end; - } + if (!(options & NOKEYS)) + { + key = load_key(bio_err, keyname ? keyname : infile, + FORMAT_PEM, 1, passin, e, "private key"); + if (!key) + goto export_end; + } #ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); @@ -447,49 +441,61 @@ int MAIN(int argc, char **argv) #endif /* Load in all certs in input file */ - if(!(certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e, - "certificates"))) { - goto export_end; - } + if(!(options & NOCERTS)) + { + certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e, + "certificates"); + if (!certs) + goto export_end; -#ifdef CRYPTO_MDEBUG - CRYPTO_pop_info(); - CRYPTO_push_info("reading certs from input 2"); -#endif + if (key) + { + /* Look for matching private key */ + for(i = 0; i < sk_X509_num(certs); i++) + { + x = sk_X509_value(certs, i); + if(X509_check_private_key(x, key)) + { + ucert = x; + /* Zero keyid and alias */ + X509_keyid_set1(ucert, NULL, 0); + X509_alias_set1(ucert, NULL, 0); + /* Remove from list */ + sk_X509_delete(certs, i); + break; + } + } + if (!ucert) + { + BIO_printf(bio_err, "No certificate matches private key\n"); + goto export_end; + } + } - for(i = 0; i < sk_X509_num(certs); i++) { - ucert = sk_X509_value(certs, i); - if(X509_check_private_key(ucert, key)) { - X509_digest(ucert, EVP_sha1(), keyid, &keyidlen); - break; } - } - if(!keyidlen) { - ucert = NULL; - BIO_printf(bio_err, "No certificate matches private key\n"); - goto export_end; - } - + #ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); - CRYPTO_push_info("reading certs from certfile"); + CRYPTO_push_info("reading certs from input 2"); #endif - bags = sk_PKCS12_SAFEBAG_new_null (); - /* Add any more certificates asked for */ - if (certfile) { + if(certfile) + { STACK_OF(X509) *morecerts=NULL; if(!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM, NULL, e, - "certificates from certfile"))) { + "certificates from certfile"))) goto export_end; - } - while(sk_X509_num(morecerts) > 0) { + while(sk_X509_num(morecerts) > 0) sk_X509_push(certs, sk_X509_shift(morecerts)); - } sk_X509_free(morecerts); - } + } + +#ifdef CRYPTO_MDEBUG + CRYPTO_pop_info(); + CRYPTO_push_info("reading certs from certfile"); +#endif #ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); @@ -526,100 +532,55 @@ int MAIN(int argc, char **argv) } } -#ifdef CRYPTO_MDEBUG - CRYPTO_pop_info(); - CRYPTO_push_info("building bags"); -#endif - - /* We now have loads of certificates: include them all */ - for(i = 0; i < sk_X509_num(certs); i++) { - X509 *cert = NULL; - cert = sk_X509_value(certs, i); - bag = PKCS12_x5092certbag(cert); - /* If it matches private key set id */ - if(cert == ucert) { - if(name) PKCS12_add_friendlyname(bag, name, -1); - PKCS12_add_localkeyid(bag, keyid, keyidlen); - } else if((catmp = sk_shift(canames))) - PKCS12_add_friendlyname(bag, catmp, -1); - sk_PKCS12_SAFEBAG_push(bags, bag); - } - sk_X509_pop_free(certs, X509_free); - certs = NULL; - -#ifdef CRYPTO_MDEBUG - CRYPTO_pop_info(); - CRYPTO_push_info("encrypting bags"); -#endif - - if(!noprompt && - EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1)) { - BIO_printf (bio_err, "Can't read Password\n"); - goto export_end; - } - if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass); - /* Turn certbags into encrypted authsafe */ - authsafe = PKCS12_pack_p7encdata(cert_pbe, cpass, -1, NULL, 0, - iter, bags); - sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); - bags = NULL; - - if (!authsafe) { - ERR_print_errors (bio_err); - goto export_end; - } - - safes = sk_PKCS7_new_null (); - sk_PKCS7_push (safes, authsafe); + /* Add any CA names */ -#ifdef CRYPTO_MDEBUG - CRYPTO_pop_info(); - CRYPTO_push_info("building shrouded key bag"); -#endif + for (i = 0; i < sk_num(canames); i++) + { + catmp = (unsigned char *)sk_value(canames, i); + X509_alias_set1(sk_X509_value(certs, i), catmp, -1); + } - /* Make a shrouded key bag */ - p8 = EVP_PKEY2PKCS8 (key); - if(keytype) PKCS8_add_keyusage(p8, keytype); - bag = PKCS12_MAKE_SHKEYBAG(key_pbe, cpass, -1, NULL, 0, iter, p8); - PKCS8_PRIV_KEY_INFO_free(p8); - p8 = NULL; - if (name) PKCS12_add_friendlyname (bag, name, -1); - if(csp_name) PKCS12_add_CSPName_asc(bag, csp_name, -1); - PKCS12_add_localkeyid (bag, keyid, keyidlen); - bags = sk_PKCS12_SAFEBAG_new_null(); - sk_PKCS12_SAFEBAG_push (bags, bag); + if (csp_name && key) + EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name, + MBSTRING_ASC, (unsigned char *)csp_name, -1); + #ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); - CRYPTO_push_info("encrypting shrouded key bag"); + CRYPTO_push_info("reading password"); #endif - /* Turn it into unencrypted safe bag */ - authsafe = PKCS12_pack_p7data (bags); - sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); - bags = NULL; - sk_PKCS7_push (safes, authsafe); + if(!noprompt && + EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1)) + { + BIO_printf (bio_err, "Can't read Password\n"); + goto export_end; + } + if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass); #ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); - CRYPTO_push_info("building pkcs12"); + CRYPTO_push_info("creating PKCS#12 structure"); #endif - p12 = PKCS12_init(NID_pkcs7_data); - - PKCS12_pack_authsafes(p12, safes); + p12 = PKCS12_create(cpass, name, key, ucert, certs, + key_pbe, cert_pbe, iter, -1, keytype); - sk_PKCS7_pop_free(safes, PKCS7_free); - safes = NULL; + if (!p12) + { + ERR_print_errors (bio_err); + goto export_end; + } - PKCS12_set_mac (p12, mpass, -1, NULL, 0, maciter, NULL); + if (maciter != -1) + PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, NULL); #ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); CRYPTO_push_info("writing pkcs12"); #endif - i2d_PKCS12_bio (out, p12); + i2d_PKCS12_bio(out, p12); ret = 0; @@ -632,8 +593,7 @@ int MAIN(int argc, char **argv) if (key) EVP_PKEY_free(key); if (certs) sk_X509_pop_free(certs, X509_free); - if (safes) sk_PKCS7_pop_free(safes, PKCS7_free); - if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); + if (ucert) X509_free(ucert); #ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); @@ -666,7 +626,7 @@ int MAIN(int argc, char **argv) CRYPTO_push_info("verify MAC"); #endif /* If we enter empty password try no password first */ - if(!macpass[0] && PKCS12_verify_mac(p12, NULL, 0)) { + if(!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) { /* If mac and crypto pass the same set it to NULL too */ if(!twopass) cpass = NULL; } else if (!PKCS12_verify_mac(p12, mpass, -1)) { @@ -710,9 +670,10 @@ int MAIN(int argc, char **argv) int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass, int passlen, int options, char *pempass) { - STACK_OF(PKCS7) *asafes; + STACK_OF(PKCS7) *asafes = NULL; STACK_OF(PKCS12_SAFEBAG) *bags; int i, bagnid; + int ret = 0; PKCS7 *p7; if (!( asafes = PKCS12_unpack_authsafes(p12))) return 0; @@ -730,16 +691,22 @@ int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass, } bags = PKCS12_unpack_p7encdata(p7, pass, passlen); } else continue; - if (!bags) return 0; + if (!bags) goto err; if (!dump_certs_pkeys_bags (out, bags, pass, passlen, options, pempass)) { sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free); - return 0; + goto err; } sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free); + bags = NULL; } - sk_PKCS7_pop_free (asafes, PKCS7_free); - return 1; + ret = 1; + + err: + + if (asafes) + sk_PKCS7_pop_free (asafes, PKCS7_free); + return ret; } int dump_certs_pkeys_bags (BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, @@ -856,11 +823,12 @@ err: int alg_print (BIO *x, X509_ALGOR *alg) { PBEPARAM *pbe; - unsigned char *p; + const unsigned char *p; p = alg->parameter->value.sequence->data; pbe = d2i_PBEPARAM (NULL, &p, alg->parameter->value.sequence->length); - BIO_printf (bio_err, "%s, Iteration %d\n", - OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)), ASN1_INTEGER_get(pbe->iter)); + BIO_printf (bio_err, "%s, Iteration %ld\n", + OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)), + ASN1_INTEGER_get(pbe->iter)); PBEPARAM_free (pbe); return 0; } @@ -894,7 +862,7 @@ int cert_load(BIO *in, STACK_OF(X509) *sk) /* Generalised attribute print: handle PKCS#8 and bag attributes */ -int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name) +int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name) { X509_ATTRIBUTE *attr; ASN1_TYPE *av; diff --git a/crypto/openssl/apps/prime.c b/crypto/openssl/apps/prime.c index 5c731a7..af2fed1 100644 --- a/crypto/openssl/apps/prime.c +++ b/crypto/openssl/apps/prime.c @@ -56,12 +56,14 @@ #undef PROG #define PROG prime_main +int MAIN(int, char **); + int MAIN(int argc, char **argv) { int hex=0; int checks=20; BIGNUM *bn=NULL; - BIO *bio_out=NULL; + BIO *bio_out; apps_startup(); @@ -69,18 +71,6 @@ int MAIN(int argc, char **argv) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); - if (bio_out == NULL) - if ((bio_out=BIO_new(BIO_s_file())) != NULL) - { - BIO_set_fp(bio_out,stdout,BIO_NOCLOSE); -#ifdef OPENSSL_SYS_VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - bio_out = BIO_push(tmpbio, bio_out); - } -#endif - } - --argc; ++argv; while (argc >= 1 && **argv == '-') @@ -95,16 +85,29 @@ int MAIN(int argc, char **argv) else { BIO_printf(bio_err,"Unknown option '%s'\n",*argv); - bad: - BIO_printf(bio_err,"options are\n"); - BIO_printf(bio_err,"%-14s hex\n","-hex"); - BIO_printf(bio_err,"%-14s number of checks\n","-checks <n>"); - exit(1); + goto bad; } --argc; ++argv; } + if (argv[0] == NULL) + { + BIO_printf(bio_err,"No prime specified\n"); + goto bad; + } + + if ((bio_out=BIO_new(BIO_s_file())) != NULL) + { + BIO_set_fp(bio_out,stdout,BIO_NOCLOSE); +#ifdef OPENSSL_SYS_VMS + { + BIO *tmpbio = BIO_new(BIO_f_linebuffer()); + bio_out = BIO_push(tmpbio, bio_out); + } +#endif + } + if(hex) BN_hex2bn(&bn,argv[0]); else @@ -112,7 +115,16 @@ int MAIN(int argc, char **argv) BN_print(bio_out,bn); BIO_printf(bio_out," is %sprime\n", - BN_is_prime(bn,checks,NULL,NULL,NULL) ? "" : "not "); + BN_is_prime_ex(bn,checks,NULL,NULL) ? "" : "not "); + + BN_free(bn); + BIO_free_all(bio_out); return 0; + + bad: + BIO_printf(bio_err,"options are\n"); + BIO_printf(bio_err,"%-14s hex\n","-hex"); + BIO_printf(bio_err,"%-14s number of checks\n","-checks <n>"); + return 1; } diff --git a/crypto/openssl/apps/progs.h b/crypto/openssl/apps/progs.h index 0493257..dc665c5 100644 --- a/crypto/openssl/apps/progs.h +++ b/crypto/openssl/apps/progs.h @@ -17,6 +17,8 @@ extern int rsa_main(int argc,char *argv[]); extern int rsautl_main(int argc,char *argv[]); extern int dsa_main(int argc,char *argv[]); extern int dsaparam_main(int argc,char *argv[]); +extern int ec_main(int argc,char *argv[]); +extern int ecparam_main(int argc,char *argv[]); extern int x509_main(int argc,char *argv[]); extern int genrsa_main(int argc,char *argv[]); extern int gendsa_main(int argc,char *argv[]); @@ -35,11 +37,9 @@ extern int pkcs8_main(int argc,char *argv[]); extern int spkac_main(int argc,char *argv[]); extern int smime_main(int argc,char *argv[]); extern int rand_main(int argc,char *argv[]); -extern int prime_main(int argc,char *argv[]); -#ifndef OPENSSL_NO_ENGINE extern int engine_main(int argc,char *argv[]); -#endif extern int ocsp_main(int argc,char *argv[]); +extern int prime_main(int argc,char *argv[]); #define FUNC_TYPE_GENERAL 1 #define FUNC_TYPE_MD 2 @@ -47,8 +47,8 @@ extern int ocsp_main(int argc,char *argv[]); typedef struct { int type; - char *name; - int (*func)(); + const char *name; + int (*func)(int argc,char *argv[]); } FUNCTION; FUNCTION functions[] = { @@ -82,6 +82,12 @@ FUNCTION functions[] = { #ifndef OPENSSL_NO_DSA {FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main}, #endif +#ifndef OPENSSL_NO_EC + {FUNC_TYPE_GENERAL,"ec",ec_main}, +#endif +#ifndef OPENSSL_NO_EC + {FUNC_TYPE_GENERAL,"ecparam",ecparam_main}, +#endif {FUNC_TYPE_GENERAL,"x509",x509_main}, #ifndef OPENSSL_NO_RSA {FUNC_TYPE_GENERAL,"genrsa",genrsa_main}, @@ -116,11 +122,11 @@ FUNCTION functions[] = { {FUNC_TYPE_GENERAL,"spkac",spkac_main}, {FUNC_TYPE_GENERAL,"smime",smime_main}, {FUNC_TYPE_GENERAL,"rand",rand_main}, - {FUNC_TYPE_GENERAL,"prime",prime_main}, #ifndef OPENSSL_NO_ENGINE {FUNC_TYPE_GENERAL,"engine",engine_main}, #endif {FUNC_TYPE_GENERAL,"ocsp",ocsp_main}, + {FUNC_TYPE_GENERAL,"prime",prime_main}, #ifndef OPENSSL_NO_MD2 {FUNC_TYPE_MD,"md2",dgst_main}, #endif diff --git a/crypto/openssl/apps/progs.pl b/crypto/openssl/apps/progs.pl index d6a40ed..36569d2 100644 --- a/crypto/openssl/apps/progs.pl +++ b/crypto/openssl/apps/progs.pl @@ -16,8 +16,8 @@ print <<'EOF'; typedef struct { int type; - char *name; - int (*func)(); + const char *name; + int (*func)(int argc,char *argv[]); } FUNCTION; FUNCTION functions[] = { @@ -29,10 +29,16 @@ foreach (@ARGV) $str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n"; if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/)) { print "#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))\n${str}#endif\n"; } + elsif ( ($_ =~ /^speed$/)) + { print "#ifndef OPENSSL_NO_SPEED\n${str}#endif\n"; } + elsif ( ($_ =~ /^engine$/)) + { print "#ifndef OPENSSL_NO_ENGINE\n${str}#endif\n"; } elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) || ($_ =~ /^rsautl$/)) { print "#ifndef OPENSSL_NO_RSA\n${str}#endif\n"; } elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/)) { print "#ifndef OPENSSL_NO_DSA\n${str}#endif\n"; } + elsif ( ($_ =~ /^ec$/) || ($_ =~ /^ecparam$/)) + { print "#ifndef OPENSSL_NO_EC\n${str}#endif\n";} elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/) || ($_ =~ /^dhparam$/)) { print "#ifndef OPENSSL_NO_DH\n${str}#endif\n"; } elsif ( ($_ =~ /^pkcs12$/)) diff --git a/crypto/openssl/apps/rand.c b/crypto/openssl/apps/rand.c index 63724bc..a893896 100644 --- a/crypto/openssl/apps/rand.c +++ b/crypto/openssl/apps/rand.c @@ -205,7 +205,7 @@ int MAIN(int argc, char **argv) int chunk; chunk = num; - if (chunk > sizeof buf) + if (chunk > (int)sizeof(buf)) chunk = sizeof buf; r = RAND_bytes(buf, chunk); if (r <= 0) diff --git a/crypto/openssl/apps/req.c b/crypto/openssl/apps/req.c index 046bb3d..f58e65e 100644 --- a/crypto/openssl/apps/req.c +++ b/crypto/openssl/apps/req.c @@ -56,6 +56,12 @@ * [including the GNU Public Licence.] */ +/* Until the key-gen callbacks are modified to use newer prototypes, we allow + * deprecated functions for openssl-internal code */ +#ifdef OPENSSL_NO_DEPRECATED +#undef OPENSSL_NO_DEPRECATED +#endif + #include <stdio.h> #include <stdlib.h> #include <time.h> @@ -73,7 +79,13 @@ #include <openssl/x509v3.h> #include <openssl/objects.h> #include <openssl/pem.h> -#include "../crypto/cryptlib.h" +#include <openssl/bn.h> +#ifndef OPENSSL_NO_RSA +#include <openssl/rsa.h> +#endif +#ifndef OPENSSL_NO_DSA +#include <openssl/dsa.h> +#endif #define SECTION "req" @@ -113,9 +125,10 @@ * require. This format is wrong */ -static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,char *dn,int attribs, - unsigned long chtype); -static int build_subject(X509_REQ *req, char *subj, unsigned long chtype); +static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,char *dn,int mutlirdn, + int attribs,unsigned long chtype); +static int build_subject(X509_REQ *req, char *subj, unsigned long chtype, + int multirdn); static int prompt_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect, STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs, @@ -123,16 +136,16 @@ static int prompt_info(X509_REQ *req, static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk, STACK_OF(CONF_VALUE) *attr, int attribs, unsigned long chtype); -static int add_attribute_object(X509_REQ *req, char *text, - char *def, char *value, int nid, int n_min, +static int add_attribute_object(X509_REQ *req, char *text, const char *def, + char *value, int nid, int n_min, int n_max, unsigned long chtype); -static int add_DN_object(X509_NAME *n, char *text, char *def, char *value, - int nid,int n_min,int n_max, unsigned long chtype); +static int add_DN_object(X509_NAME *n, char *text, const char *def, char *value, + int nid,int n_min,int n_max, unsigned long chtype, int mval); #ifndef OPENSSL_NO_RSA -static void MS_CALLBACK req_cb(int p,int n,void *arg); +static int MS_CALLBACK req_cb(int p, int n, BN_GENCB *cb); #endif static int req_check_len(int len,int n_min,int n_max); -static int check_end(char *str, char *end); +static int check_end(const char *str, const char *end); #ifndef MONOLITH static char *default_config_file=NULL; #endif @@ -142,6 +155,7 @@ static int batch=0; #define TYPE_RSA 1 #define TYPE_DSA 2 #define TYPE_DH 3 +#define TYPE_EC 4 int MAIN(int, char **); @@ -151,6 +165,9 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_DSA DSA *dsa_params=NULL; #endif +#ifndef OPENSSL_NO_ECDSA + EC_KEY *ec_params = NULL; +#endif unsigned long nmflag = 0, reqflag = 0; int ex=1,x509=0,days=30; X509 *x509ss=NULL; @@ -175,7 +192,8 @@ int MAIN(int argc, char **argv) char *passin = NULL, *passout = NULL; char *p; char *subj = NULL; - const EVP_MD *md_alg=NULL,*digest=EVP_md5(); + int multirdn = 0; + const EVP_MD *md_alg=NULL,*digest=EVP_sha1(); unsigned long chtype = MBSTRING_ASC; #ifndef MONOLITH char *to_free; @@ -322,11 +340,64 @@ int MAIN(int argc, char **argv) } } BIO_free(in); - newkey=BN_num_bits(dsa_params->p); in=NULL; + newkey=BN_num_bits(dsa_params->p); } else #endif +#ifndef OPENSSL_NO_ECDSA + if (strncmp("ec:",p,3) == 0) + { + X509 *xtmp=NULL; + EVP_PKEY *dtmp; + EC_GROUP *group; + + pkey_type=TYPE_EC; + p+=3; + if ((in=BIO_new_file(p,"r")) == NULL) + { + perror(p); + goto end; + } + if ((ec_params = EC_KEY_new()) == NULL) + goto end; + group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL); + if (group == NULL) + { + EC_KEY_free(ec_params); + ERR_clear_error(); + (void)BIO_reset(in); + if ((xtmp=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) + { + BIO_printf(bio_err,"unable to load EC parameters from file\n"); + goto end; + } + + if ((dtmp=X509_get_pubkey(xtmp))==NULL) + goto end; + if (dtmp->type == EVP_PKEY_EC) + ec_params = EC_KEY_dup(dtmp->pkey.ec); + EVP_PKEY_free(dtmp); + X509_free(xtmp); + if (ec_params == NULL) + { + BIO_printf(bio_err,"Certificate does not contain EC parameters\n"); + goto end; + } + } + else + { + if (EC_KEY_set_group(ec_params, group) == 0) + goto end; + EC_GROUP_free(group); + } + + BIO_free(in); + in=NULL; + newkey = EC_GROUP_get_degree(EC_KEY_get0_group(ec_params)); + } + else +#endif #ifndef OPENSSL_NO_DH if (strncmp("dh:",p,4) == 0) { @@ -335,7 +406,9 @@ int MAIN(int argc, char **argv) } else #endif - pkey_type=TYPE_RSA; + { + goto bad; + } newreq=1; } @@ -380,6 +453,8 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; subj= *(++argv); } + else if (strcmp(*argv,"-multivalue-rdn") == 0) + multirdn=1; else if (strcmp(*argv,"-days") == 0) { if (--argc < 1) goto bad; @@ -445,9 +520,13 @@ bad: BIO_printf(bio_err," the random number generator\n"); BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n"); BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n"); +#ifndef OPENSSL_NO_ECDSA + BIO_printf(bio_err," -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n"); +#endif BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)\n"); BIO_printf(bio_err," -config file request template file.\n"); BIO_printf(bio_err," -subj arg set or modify request subject\n"); + BIO_printf(bio_err," -multivalue-rdn enable support for multivalued RDNs\n"); BIO_printf(bio_err," -new new request.\n"); BIO_printf(bio_err," -batch do not ask anything during request generation\n"); BIO_printf(bio_err," -x509 output a x509 structure instead of a cert. req.\n"); @@ -499,13 +578,16 @@ bad: else { req_conf=config; - if( verbose ) - BIO_printf(bio_err,"Using configuration from %s\n", - default_config_file); + if (req_conf == NULL) { - BIO_printf(bio_err,"Unable to load config info\n"); + BIO_printf(bio_err,"Unable to load config info from %s\n", default_config_file); + if (newreq) + goto end; } + else if( verbose ) + BIO_printf(bio_err,"Using configuration from %s\n", + default_config_file); } if (req_conf != NULL) @@ -637,7 +719,8 @@ bad: message */ goto end; } - if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) + if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA || + EVP_PKEY_type(pkey->type) == EVP_PKEY_EC) { char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE"); if (randfile == NULL) @@ -648,6 +731,9 @@ bad: if (newreq && (pkey == NULL)) { +#ifndef OPENSSL_NO_RSA + BN_GENCB cb; +#endif char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE"); if (randfile == NULL) ERR_clear_error(); @@ -661,24 +747,33 @@ bad: newkey=DEFAULT_KEY_LENGTH; } - if (newkey < MIN_KEY_LENGTH) + if (newkey < MIN_KEY_LENGTH && (pkey_type == TYPE_RSA || pkey_type == TYPE_DSA)) { BIO_printf(bio_err,"private key length is too short,\n"); - BIO_printf(bio_err,"it needs to be at least %d bits, not %d\n",MIN_KEY_LENGTH,newkey); + BIO_printf(bio_err,"it needs to be at least %d bits, not %ld\n",MIN_KEY_LENGTH,newkey); goto end; } - BIO_printf(bio_err,"Generating a %d bit %s private key\n", - newkey,(pkey_type == TYPE_RSA)?"RSA":"DSA"); + BIO_printf(bio_err,"Generating a %ld bit %s private key\n", + newkey,(pkey_type == TYPE_RSA)?"RSA": + (pkey_type == TYPE_DSA)?"DSA":"EC"); if ((pkey=EVP_PKEY_new()) == NULL) goto end; #ifndef OPENSSL_NO_RSA + BN_GENCB_set(&cb, req_cb, bio_err); if (pkey_type == TYPE_RSA) { - if (!EVP_PKEY_assign_RSA(pkey, - RSA_generate_key(newkey,0x10001, - req_cb,bio_err))) + RSA *rsa = RSA_new(); + BIGNUM *bn = BN_new(); + if(!bn || !rsa || !BN_set_word(bn, 0x10001) || + !RSA_generate_key_ex(rsa, newkey, bn, &cb) || + !EVP_PKEY_assign_RSA(pkey, rsa)) + { + if(bn) BN_free(bn); + if(rsa) RSA_free(rsa); goto end; + } + BN_free(bn); } else #endif @@ -690,6 +785,15 @@ bad: dsa_params=NULL; } #endif +#ifndef OPENSSL_NO_ECDSA + if (pkey_type == TYPE_EC) + { + if (!EC_KEY_generate_key(ec_params)) goto end; + if (!EVP_PKEY_assign_EC_KEY(pkey, ec_params)) + goto end; + ec_params = NULL; + } +#endif app_RAND_write_file(randfile, bio_err); @@ -796,6 +900,10 @@ loop: if (pkey->type == EVP_PKEY_DSA) digest=EVP_dss1(); #endif +#ifndef OPENSSL_NO_ECDSA + if (pkey->type == EVP_PKEY_EC) + digest=EVP_ecdsa(); +#endif if (req == NULL) { req=X509_REQ_new(); @@ -804,7 +912,7 @@ loop: goto end; } - i=make_REQ(req,pkey,subj,!x509, chtype); + i=make_REQ(req,pkey,subj,multirdn,!x509, chtype); subj=NULL; /* done processing '-subj' option */ if ((kludge > 0) && !sk_X509_ATTRIBUTE_num(req->req_info->attributes)) { @@ -899,7 +1007,7 @@ loop: print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), nmflag); } - if (build_subject(req, subj, chtype) == 0) + if (build_subject(req, subj, chtype, multirdn) == 0) { BIO_printf(bio_err, "ERROR: cannot modify subject\n"); ex=1; @@ -1083,12 +1191,15 @@ end: #ifndef OPENSSL_NO_DSA if (dsa_params != NULL) DSA_free(dsa_params); #endif +#ifndef OPENSSL_NO_ECDSA + if (ec_params != NULL) EC_KEY_free(ec_params); +#endif apps_shutdown(); OPENSSL_EXIT(ex); } -static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs, - unsigned long chtype) +static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn, + int attribs, unsigned long chtype) { int ret=0,i; char no_prompt = 0; @@ -1138,7 +1249,7 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs, else { if (subj) - i = build_subject(req, subj, chtype); + i = build_subject(req, subj, chtype, multirdn); else i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs, chtype); } @@ -1155,11 +1266,11 @@ err: * subject is expected to be in the format /type0=value0/type1=value1/type2=... * where characters may be escaped by \ */ -static int build_subject(X509_REQ *req, char *subject, unsigned long chtype) +static int build_subject(X509_REQ *req, char *subject, unsigned long chtype, int multirdn) { X509_NAME *n; - if (!(n = do_subject(subject, chtype))) + if (!(n = parse_name(subject, chtype, multirdn))) return 0; if (!X509_REQ_set_subject_name(req, n)) @@ -1180,9 +1291,10 @@ static int prompt_info(X509_REQ *req, int i; char *p,*q; char buf[100]; - int nid; + int nid, mval; long n_min,n_max; - char *type,*def,*value; + char *type, *value; + const char *def; CONF_VALUE *v; X509_NAME *subj; subj = X509_REQ_get_subject_name(req); @@ -1223,10 +1335,17 @@ start: for (;;) if(*p) type = p; break; } + if (*type == '+') + { + mval = -1; + type++; + } + else + mval = 0; /* If OBJ not recognised ignore it */ if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start; if (BIO_snprintf(buf,sizeof buf,"%s_default",v->name) - >= sizeof buf) + >= (int)sizeof(buf)) { BIO_printf(bio_err,"Name '%s' too long\n",v->name); return 0; @@ -1260,7 +1379,7 @@ start: for (;;) } if (!add_DN_object(subj,v->value,def,value,nid, - n_min,n_max, chtype)) + n_min,n_max, chtype, mval)) return 0; } if (X509_NAME_entry_count(subj) == 0) @@ -1291,7 +1410,7 @@ start2: for (;;) goto start2; if (BIO_snprintf(buf,sizeof buf,"%s_default",type) - >= sizeof buf) + >= (int)sizeof(buf)) { BIO_printf(bio_err,"Name '%s' too long\n",v->name); return 0; @@ -1350,6 +1469,7 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk, for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) { + int mval; v=sk_CONF_VALUE_value(dn_sk,i); p=q=NULL; type=v->name; @@ -1366,8 +1486,19 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk, if(*p) type = p; break; } +#ifndef CHARSET_EBCDIC + if (*p == '+') +#else + if (*p == os_toascii['+']) +#endif + { + p++; + mval = -1; + } + else + mval = 0; if (!X509_NAME_add_entry_by_txt(subj,type, chtype, - (unsigned char *) v->value,-1,-1,0)) return 0; + (unsigned char *) v->value,-1,-1,mval)) return 0; } @@ -1389,8 +1520,8 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk, } -static int add_DN_object(X509_NAME *n, char *text, char *def, char *value, - int nid, int n_min, int n_max, unsigned long chtype) +static int add_DN_object(X509_NAME *n, char *text, const char *def, char *value, + int nid, int n_min, int n_max, unsigned long chtype, int mval) { int i,ret=0; MS_STATIC char buf[1024]; @@ -1439,14 +1570,14 @@ start: #endif if(!req_check_len(i, n_min, n_max)) goto start; if (!X509_NAME_add_entry_by_NID(n,nid, chtype, - (unsigned char *) buf, -1,-1,0)) goto err; + (unsigned char *) buf, -1,-1,mval)) goto err; ret=1; err: return(ret); } -static int add_attribute_object(X509_REQ *req, char *text, - char *def, char *value, int nid, int n_min, +static int add_attribute_object(X509_REQ *req, char *text, const char *def, + char *value, int nid, int n_min, int n_max, unsigned long chtype) { int i; @@ -1510,7 +1641,7 @@ err: } #ifndef OPENSSL_NO_RSA -static void MS_CALLBACK req_cb(int p, int n, void *arg) +static int MS_CALLBACK req_cb(int p, int n, BN_GENCB *cb) { char c='*'; @@ -1518,11 +1649,12 @@ static void MS_CALLBACK req_cb(int p, int n, void *arg) if (p == 1) c='+'; if (p == 2) c='*'; if (p == 3) c='\n'; - BIO_write((BIO *)arg,&c,1); - (void)BIO_flush((BIO *)arg); + BIO_write(cb->arg,&c,1); + (void)BIO_flush(cb->arg); #ifdef LINT p=n; #endif + return 1; } #endif @@ -1542,10 +1674,10 @@ static int req_check_len(int len, int n_min, int n_max) } /* Check if the end of a string matches 'end' */ -static int check_end(char *str, char *end) +static int check_end(const char *str, const char *end) { int elen, slen; - char *tmp; + const char *tmp; elen = strlen(end); slen = strlen(str); if(elen > slen) return 1; diff --git a/crypto/openssl/apps/rsa.c b/crypto/openssl/apps/rsa.c index 0acdb08..d5cb7b7 100644 --- a/crypto/openssl/apps/rsa.c +++ b/crypto/openssl/apps/rsa.c @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include <openssl/opensslconf.h> #ifndef OPENSSL_NO_RSA #include <stdio.h> #include <stdlib.h> @@ -68,6 +69,7 @@ #include <openssl/evp.h> #include <openssl/x509.h> #include <openssl/pem.h> +#include <openssl/bn.h> #undef PROG #define PROG rsa_main @@ -307,7 +309,7 @@ bad: BIO_printf(out,"RSA key ok\n"); else if (r == 0) { - long err; + unsigned long err; while ((err = ERR_peek_error()) != 0 && ERR_GET_LIB(err) == ERR_LIB_RSA && diff --git a/crypto/openssl/apps/rsautl.c b/crypto/openssl/apps/rsautl.c index 5db6fe7..4638909 100644 --- a/crypto/openssl/apps/rsautl.c +++ b/crypto/openssl/apps/rsautl.c @@ -56,12 +56,14 @@ * */ +#include <openssl/opensslconf.h> #ifndef OPENSSL_NO_RSA #include "apps.h" #include <string.h> #include <openssl/err.h> #include <openssl/pem.h> +#include <openssl/rsa.h> #define RSA_SIGN 1 #define RSA_VERIFY 2 @@ -147,6 +149,7 @@ int MAIN(int argc, char **argv) else if(!strcmp(*argv, "-oaep")) pad = RSA_PKCS1_OAEP_PADDING; else if(!strcmp(*argv, "-ssl")) pad = RSA_SSLV23_PADDING; else if(!strcmp(*argv, "-pkcs")) pad = RSA_PKCS1_PADDING; + else if(!strcmp(*argv, "-x931")) pad = RSA_X931_PADDING; else if(!strcmp(*argv, "-sign")) { rsa_mode = RSA_SIGN; need_priv = 1; diff --git a/crypto/openssl/apps/s_apps.h b/crypto/openssl/apps/s_apps.h index 66b6edd..886a95a 100644 --- a/crypto/openssl/apps/s_apps.h +++ b/crypto/openssl/apps/s_apps.h @@ -108,8 +108,9 @@ * Hudson (tjh@cryptsoft.com). * */ - +#if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */ #include <sys/types.h> +#endif #include <openssl/opensslconf.h> #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) @@ -147,19 +148,20 @@ typedef fd_mask fd_set; #define PORT_STR "4433" #define PROTOCOL "tcp" -int do_server(int port, int *ret, int (*cb) (), char *context); +int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context); #ifdef HEADER_X509_H int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); #endif #ifdef HEADER_SSL_H int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file); +int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key); #endif -int init_client(int *sock, char *server, int port); +int init_client(int *sock, char *server, int port, int type); int should_retry(int i); int extract_port(char *str, short *port_ptr); int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p); -long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, +long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, int argi, long argl, long ret); #ifdef HEADER_SSL_H diff --git a/crypto/openssl/apps/s_cb.c b/crypto/openssl/apps/s_cb.c index 675527d..9a35d46 100644 --- a/crypto/openssl/apps/s_cb.c +++ b/crypto/openssl/apps/s_cb.c @@ -229,8 +229,36 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) return(1); } -long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi, - long argl, long ret) +int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key) + { + if (cert == NULL) + return 1; + if (SSL_CTX_use_certificate(ctx,cert) <= 0) + { + BIO_printf(bio_err,"error setting certificate\n"); + ERR_print_errors(bio_err); + return 0; + } + if (SSL_CTX_use_PrivateKey(ctx,key) <= 0) + { + BIO_printf(bio_err,"error setting private key\n"); + ERR_print_errors(bio_err); + return 0; + } + + + /* Now we know that a key and cert have been set against + * the SSL context */ + if (!SSL_CTX_check_private_key(ctx)) + { + BIO_printf(bio_err,"Private key does not match the certificate public key\n"); + return 0; + } + return 1; + } + +long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, + int argi, long argl, long ret) { BIO *out; @@ -239,15 +267,15 @@ long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi, if (cmd == (BIO_CB_READ|BIO_CB_RETURN)) { - BIO_printf(out,"read from %08X [%08lX] (%d bytes => %ld (0x%X))\n", - bio,argp,argi,ret,ret); + BIO_printf(out,"read from %p [%p] (%d bytes => %ld (0x%lX))\n", + (void *)bio,argp,argi,ret,ret); BIO_dump(out,argp,(int)ret); return(ret); } else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN)) { - BIO_printf(out,"write to %08X [%08lX] (%d bytes => %ld (0x%X))\n", - bio,argp,argi,ret,ret); + BIO_printf(out,"write to %p [%p] (%d bytes => %ld (0x%lX))\n", + (void *)bio,argp,argi,ret,ret); BIO_dump(out,argp,(int)ret); } return(ret); @@ -255,7 +283,7 @@ long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi, void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret) { - char *str; + const char *str; int w; w=where& ~SSL_ST_MASK; @@ -318,14 +346,14 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * if (len > 0) { - switch (((unsigned char*)buf)[0]) + switch (((const unsigned char*)buf)[0]) { case 0: str_details1 = ", ERROR:"; str_details2 = " ???"; if (len >= 3) { - unsigned err = (((unsigned char*)buf)[1]<<8) + ((unsigned char*)buf)[2]; + unsigned err = (((const unsigned char*)buf)[1]<<8) + ((const unsigned char*)buf)[2]; switch (err) { @@ -394,7 +422,7 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * if (len == 2) { - switch (((unsigned char*)buf)[0]) + switch (((const unsigned char*)buf)[0]) { case 1: str_details1 = ", warning"; @@ -405,7 +433,7 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * } str_details2 = " ???"; - switch (((unsigned char*)buf)[1]) + switch (((const unsigned char*)buf)[1]) { case 0: str_details2 = " close_notify"; @@ -486,7 +514,7 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * if (len > 0) { - switch (((unsigned char*)buf)[0]) + switch (((const unsigned char*)buf)[0]) { case 0: str_details1 = ", HelloRequest"; @@ -539,7 +567,7 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * { if (i % 16 == 0 && i > 0) BIO_printf(bio, "\n "); - BIO_printf(bio, " %02x", ((unsigned char*)buf)[i]); + BIO_printf(bio, " %02x", ((const unsigned char*)buf)[i]); } if (i < len) BIO_printf(bio, " ..."); diff --git a/crypto/openssl/apps/s_client.c b/crypto/openssl/apps/s_client.c index eb6fd7c..4a1857f 100644 --- a/crypto/openssl/apps/s_client.c +++ b/crypto/openssl/apps/s_client.c @@ -135,6 +135,7 @@ typedef unsigned int u_int; #include <openssl/pem.h> #include <openssl/rand.h> #include "s_apps.h" +#include "timeouts.h" #ifdef OPENSSL_SYS_WINCE /* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */ @@ -187,16 +188,22 @@ static void sc_usage(void) BIO_printf(bio_err," -port port - use -connect instead\n"); BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR); - BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); + BIO_printf(bio_err," -verify depth - turn on peer certificate verification\n"); BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n"); - BIO_printf(bio_err," -key arg - Private key file to use, PEM format assumed, in cert file if\n"); + BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n"); + BIO_printf(bio_err," -key arg - Private key file to use, in cert file if\n"); BIO_printf(bio_err," not specified but cert file is.\n"); + BIO_printf(bio_err," -keyform arg - key format (PEM or DER) PEM default\n"); + BIO_printf(bio_err," -pass arg - private key file pass phrase source\n"); BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n"); BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n"); BIO_printf(bio_err," -showcerts - show all certificates in the chain\n"); BIO_printf(bio_err," -debug - extra output\n"); +#ifdef WATT32 + BIO_printf(bio_err," -wdebug - WATT-32 tcp debugging\n"); +#endif BIO_printf(bio_err," -msg - Show protocol messages\n"); BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n"); BIO_printf(bio_err," -state - print the 'ssl' states\n"); @@ -209,6 +216,8 @@ static void sc_usage(void) BIO_printf(bio_err," -ssl2 - just use SSLv2\n"); BIO_printf(bio_err," -ssl3 - just use SSLv3\n"); BIO_printf(bio_err," -tls1 - just use TLSv1\n"); + BIO_printf(bio_err," -dtls1 - just use DTLSv1\n"); + BIO_printf(bio_err," -mtu - set the MTU\n"); BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n"); BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n"); BIO_printf(bio_err," -serverpref - Use server's cipher preferences (only SSLv2)\n"); @@ -241,6 +250,10 @@ int MAIN(int argc, char **argv) int full_log=1; char *host=SSL_HOST_NAME; char *cert_file=NULL,*key_file=NULL; + int cert_format = FORMAT_PEM, key_format = FORMAT_PEM; + char *passarg = NULL, *pass = NULL; + X509 *cert = NULL; + EVP_PKEY *key = NULL; char *CApath=NULL,*CAfile=NULL,*cipher=NULL; int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0; int crlf=0; @@ -250,16 +263,25 @@ int MAIN(int argc, char **argv) int starttls_proto = 0; int prexit = 0, vflags = 0; SSL_METHOD *meth=NULL; +#ifdef sock_type +#undef sock_type +#endif + int sock_type=SOCK_STREAM; BIO *sbio; char *inrand=NULL; #ifndef OPENSSL_NO_ENGINE char *engine_id=NULL; ENGINE *e=NULL; #endif -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) struct timeval tv; #endif + struct sockaddr peer; + int peerlen = sizeof(peer); + int enable_timeouts = 0 ; + long mtu = 0; + #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) meth=SSLv23_client_method(); #elif !defined(OPENSSL_NO_SSL3) @@ -329,6 +351,11 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; cert_file= *(++argv); } + else if (strcmp(*argv,"-certform") == 0) + { + if (--argc < 1) goto bad; + cert_format = str2fmt(*(++argv)); + } else if (strcmp(*argv,"-crl_check") == 0) vflags |= X509_V_FLAG_CRL_CHECK; else if (strcmp(*argv,"-crl_check_all") == 0) @@ -348,6 +375,10 @@ int MAIN(int argc, char **argv) c_Pause=1; else if (strcmp(*argv,"-debug") == 0) c_debug=1; +#ifdef WATT32 + else if (strcmp(*argv,"-wdebug") == 0) + dbug_init(); +#endif else if (strcmp(*argv,"-msg") == 0) c_msg=1; else if (strcmp(*argv,"-showcerts") == 0) @@ -368,8 +399,32 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv,"-tls1") == 0) meth=TLSv1_client_method(); #endif +#ifndef OPENSSL_NO_DTLS1 + else if (strcmp(*argv,"-dtls1") == 0) + { + meth=DTLSv1_client_method(); + sock_type=SOCK_DGRAM; + } + else if (strcmp(*argv,"-timeout") == 0) + enable_timeouts=1; + else if (strcmp(*argv,"-mtu") == 0) + { + if (--argc < 1) goto bad; + mtu = atol(*(++argv)); + } +#endif else if (strcmp(*argv,"-bugs") == 0) bugs=1; + else if (strcmp(*argv,"-keyform") == 0) + { + if (--argc < 1) goto bad; + key_format = str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-pass") == 0) + { + if (--argc < 1) goto bad; + passarg = *(++argv); + } else if (strcmp(*argv,"-key") == 0) { if (--argc < 1) goto bad; @@ -451,6 +506,42 @@ bad: #ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine_id, 1); #endif + if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) + { + BIO_printf(bio_err, "Error getting password\n"); + goto end; + } + + if (key_file == NULL) + key_file = cert_file; + + + if (key_file) + + { + + key = load_key(bio_err, key_file, key_format, 0, pass, e, + "client certificate private key file"); + if (!key) + { + ERR_print_errors(bio_err); + goto end; + } + + } + + if (cert_file) + + { + cert = load_cert(bio_err,cert_file,cert_format, + NULL, e, "client certificate file"); + + if (!cert) + { + ERR_print_errors(bio_err); + goto end; + } + } if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL && !RAND_status()) @@ -485,6 +576,10 @@ bad: SSL_CTX_set_options(ctx,SSL_OP_ALL|off); else SSL_CTX_set_options(ctx,off); + /* DTLS: partial reads end up discarding unread UDP bytes :-( + * Setting read ahead solves this problem. + */ + if (sock_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1); if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); if (cipher != NULL) @@ -499,7 +594,7 @@ bad: #endif SSL_CTX_set_verify(ctx,verify,verify_callback); - if (!set_cert_stuff(ctx,cert_file,key_file)) + if (!set_cert_key_stuff(ctx,cert,key)) goto end; if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || @@ -524,7 +619,7 @@ bad: re_start: - if (init_client(&s,host,port) == 0) + if (init_client(&s,host,port,sock_type) == 0) { BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error()); SHUTDOWN(s); @@ -545,7 +640,46 @@ re_start: } #endif if (c_Pause & 0x01) con->debug=1; - sbio=BIO_new_socket(s,BIO_NOCLOSE); + + if ( SSL_version(con) == DTLS1_VERSION) + { + struct timeval timeout; + + sbio=BIO_new_dgram(s,BIO_NOCLOSE); + if (getsockname(s, &peer, (void *)&peerlen) < 0) + { + BIO_printf(bio_err, "getsockname:errno=%d\n", + get_last_socket_error()); + SHUTDOWN(s); + goto end; + } + + BIO_ctrl_set_connected(sbio, 1, &peer); + + if ( enable_timeouts) + { + timeout.tv_sec = 0; + timeout.tv_usec = DGRAM_RCV_TIMEOUT; + BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout); + + timeout.tv_sec = 0; + timeout.tv_usec = DGRAM_SND_TIMEOUT; + BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout); + } + + if ( mtu > 0) + { + SSL_set_options(con, SSL_OP_NO_QUERY_MTU); + SSL_set_mtu(con, mtu); + } + else + /* want to do MTU discovery */ + BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); + } + else + sbio=BIO_new_socket(s,BIO_NOCLOSE); + + if (nbio_test) { @@ -558,7 +692,7 @@ re_start: if (c_debug) { con->debug=1; - BIO_set_callback(sbio,bio_dump_cb); + BIO_set_callback(sbio,bio_dump_callback); BIO_set_callback_arg(sbio,bio_c_out); } if (c_msg) @@ -640,7 +774,7 @@ re_start: if (!ssl_pending) { -#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) +#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) if (tty_on) { if (read_tty) FD_SET(fileno(stdin),&readfds); @@ -690,6 +824,16 @@ re_start: } else i=select(width,(void *)&readfds,(void *)&writefds, NULL,NULL); } +#elif defined(OPENSSL_SYS_NETWARE) + if(!write_tty) { + if(read_tty) { + tv.tv_sec = 1; + tv.tv_usec = 0; + i=select(width,(void *)&readfds,(void *)&writefds, + NULL,&tv); + } else i=select(width,(void *)&readfds,(void *)&writefds, + NULL,NULL); + } #else i=select(width,(void *)&readfds,(void *)&writefds, NULL,NULL); @@ -770,7 +914,7 @@ re_start: goto shut; } } -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) /* Assume Windows/DOS can always write */ else if (!ssl_pending && write_tty) #else @@ -857,6 +1001,8 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240 #else else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) #endif +#elif defined (OPENSSL_SYS_NETWARE) + else if (_kbhit()) #else else if (FD_ISSET(fileno(stdin),&readfds)) #endif @@ -920,6 +1066,12 @@ end: if (con != NULL) SSL_free(con); if (con2 != NULL) SSL_free(con2); if (ctx != NULL) SSL_CTX_free(ctx); + if (cert) + X509_free(cert); + if (key) + EVP_PKEY_free(key); + if (pass) + OPENSSL_free(pass); if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); } if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); } if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); } @@ -937,13 +1089,16 @@ static void print_stuff(BIO *bio, SSL *s, int full) { X509 *peer=NULL; char *p; - static char *space=" "; + static const char *space=" "; char buf[BUFSIZ]; STACK_OF(X509) *sk; STACK_OF(X509_NAME) *sk2; SSL_CIPHER *c; X509_NAME *xn; int j,i; +#ifndef OPENSSL_NO_COMP + const COMP_METHOD *comp, *expansion; +#endif if (full) { @@ -1046,6 +1201,14 @@ static void print_stuff(BIO *bio, SSL *s, int full) EVP_PKEY_bits(pktmp)); EVP_PKEY_free(pktmp); } +#ifndef OPENSSL_NO_COMP + comp=SSL_get_current_compression(s); + expansion=SSL_get_current_expansion(s); + BIO_printf(bio,"Compression: %s\n", + comp ? SSL_COMP_get_name(comp) : "NONE"); + BIO_printf(bio,"Expansion: %s\n", + expansion ? SSL_COMP_get_name(expansion) : "NONE"); +#endif SSL_SESSION_print(bio,SSL_get_session(s)); BIO_printf(bio,"---\n"); if (peer != NULL) diff --git a/crypto/openssl/apps/s_server.c b/crypto/openssl/apps/s_server.c index ff4ab6e..0d6727c 100644 --- a/crypto/openssl/apps/s_server.c +++ b/crypto/openssl/apps/s_server.c @@ -108,18 +108,33 @@ * Hudson (tjh@cryptsoft.com). * */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECC cipher suite support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + +/* Until the key-gen callbacks are modified to use newer prototypes, we allow + * deprecated functions for openssl-internal code */ +#ifdef OPENSSL_NO_DEPRECATED +#undef OPENSSL_NO_DEPRECATED +#endif #include <assert.h> #include <stdio.h> #include <stdlib.h> #include <string.h> -#include <sys/types.h> + #include <sys/stat.h> #include <openssl/e_os2.h> #ifdef OPENSSL_NO_STDIO #define APPS_WIN16 #endif +#if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */ +#include <sys/types.h> +#endif + /* With IPv6, it looks like Digital has mixed up the proper order of recursive header file inclusion, resulting in the compiler complaining that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which @@ -138,7 +153,14 @@ typedef unsigned int u_int; #include <openssl/x509.h> #include <openssl/ssl.h> #include <openssl/rand.h> +#ifndef OPENSSL_NO_DH +#include <openssl/dh.h> +#endif +#ifndef OPENSSL_NO_RSA +#include <openssl/rsa.h> +#endif #include "s_apps.h" +#include "timeouts.h" #ifdef OPENSSL_SYS_WINCE /* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */ @@ -165,9 +187,10 @@ static void print_stats(BIO *bp,SSL_CTX *ctx); static int generate_session_id(const SSL *ssl, unsigned char *id, unsigned int *id_len); #ifndef OPENSSL_NO_DH -static DH *load_dh_param(char *dhfile); +static DH *load_dh_param(const char *dhfile); static DH *get_dh512(void); #endif + #ifdef MONOLITH static void s_server_init(void); #endif @@ -206,6 +229,7 @@ static DH *get_dh512(void) } #endif + /* static int load_CA(SSL_CTX *ctx, char *file);*/ #undef BUFSIZZ @@ -222,7 +246,7 @@ extern int verify_depth; static char *cipher=NULL; static int s_server_verify=SSL_VERIFY_NONE; static int s_server_session_id_context = 1; /* anything will do */ -static char *s_cert_file=TEST_CERT,*s_key_file=NULL; +static const char *s_cert_file=TEST_CERT,*s_key_file=NULL; static char *s_dcert_file=NULL,*s_dkey_file=NULL; #ifdef FIONBIO static int s_nbio=0; @@ -243,6 +267,14 @@ static char *engine_id=NULL; #endif static const char *session_id_prefix=NULL; +static int enable_timeouts = 0; +#ifdef mtu +#undef mtu +#endif +static long mtu; +static int cert_chain = 0; + + #ifdef MONOLITH static void s_server_init(void) { @@ -279,14 +311,25 @@ static void sv_usage(void) BIO_printf(bio_err," -context arg - set session ID context\n"); BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n"); - BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n"); + BIO_printf(bio_err," -cert arg - certificate file to use\n"); BIO_printf(bio_err," (default is %s)\n",TEST_CERT); - BIO_printf(bio_err," -key arg - Private Key file to use, PEM format assumed, in cert file if\n"); + BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n"); + BIO_printf(bio_err," -key arg - Private Key file to use, in cert file if\n"); BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT); + BIO_printf(bio_err," -keyform arg - key format (PEM, DER or ENGINE) PEM default\n"); + BIO_printf(bio_err," -pass arg - private key file pass phrase source\n"); BIO_printf(bio_err," -dcert arg - second certificate file to use (usually for DSA)\n"); + BIO_printf(bio_err," -dcertform x - second certificate format (PEM or DER) PEM default\n"); BIO_printf(bio_err," -dkey arg - second private key file to use (usually for DSA)\n"); + BIO_printf(bio_err," -dkeyform arg - second key format (PEM, DER or ENGINE) PEM default\n"); + BIO_printf(bio_err," -dpass arg - second private key file pass phrase source\n"); BIO_printf(bio_err," -dhparam arg - DH parameter file to use, in cert file if not specified\n"); BIO_printf(bio_err," or a default set of parameters is used\n"); +#ifndef OPENSSL_NO_ECDH + BIO_printf(bio_err," -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \ + " Use \"openssl ecparam -list_curves\" for all names\n" \ + " (default is sect163r2).\n"); +#endif #ifdef FIONBIO BIO_printf(bio_err," -nbio - Run with non-blocking IO\n"); #endif @@ -305,12 +348,19 @@ static void sv_usage(void) BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n"); BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n"); BIO_printf(bio_err," -tls1 - Just talk TLSv1\n"); + BIO_printf(bio_err," -dtls1 - Just talk DTLSv1\n"); + BIO_printf(bio_err," -timeout - Enable timeouts\n"); + BIO_printf(bio_err," -mtu - Set MTU\n"); + BIO_printf(bio_err," -chain - Read a certificate chain\n"); BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n"); BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n"); BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n"); #ifndef OPENSSL_NO_DH BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n"); #endif +#ifndef OPENSSL_NO_ECDH + BIO_printf(bio_err," -no_ecdhe - Disable ephemeral ECDH\n"); +#endif BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n"); BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n"); BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n"); @@ -484,18 +534,31 @@ int MAIN(int argc, char *argv[]) int vflags = 0; short port=PORT; char *CApath=NULL,*CAfile=NULL; - char *context = NULL; + unsigned char *context = NULL; char *dhfile = NULL; +#ifndef OPENSSL_NO_ECDH + char *named_curve = NULL; +#endif int badop=0,bugs=0; int ret=1; int off=0; - int no_tmp_rsa=0,no_dhe=0,nocert=0; + int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0; int state=0; SSL_METHOD *meth=NULL; +#ifdef sock_type +#undef sock_type +#endif + int sock_type=SOCK_STREAM; #ifndef OPENSSL_NO_ENGINE ENGINE *e=NULL; #endif char *inrand=NULL; + int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM; + char *passarg = NULL, *pass = NULL; + char *dpassarg = NULL, *dpass = NULL; + int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM; + X509 *s_cert = NULL, *s_dcert = NULL; + EVP_PKEY *s_key = NULL, *s_dkey = NULL; #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) meth=SSLv23_server_method(); @@ -555,28 +618,65 @@ int MAIN(int argc, char *argv[]) else if (strcmp(*argv,"-context") == 0) { if (--argc < 1) goto bad; - context= *(++argv); + context= (unsigned char *)*(++argv); } else if (strcmp(*argv,"-cert") == 0) { if (--argc < 1) goto bad; s_cert_file= *(++argv); } + else if (strcmp(*argv,"-certform") == 0) + { + if (--argc < 1) goto bad; + s_cert_format = str2fmt(*(++argv)); + } else if (strcmp(*argv,"-key") == 0) { if (--argc < 1) goto bad; s_key_file= *(++argv); } + else if (strcmp(*argv,"-keyform") == 0) + { + if (--argc < 1) goto bad; + s_key_format = str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-pass") == 0) + { + if (--argc < 1) goto bad; + passarg = *(++argv); + } else if (strcmp(*argv,"-dhparam") == 0) { if (--argc < 1) goto bad; dhfile = *(++argv); } +#ifndef OPENSSL_NO_ECDH + else if (strcmp(*argv,"-named_curve") == 0) + { + if (--argc < 1) goto bad; + named_curve = *(++argv); + } +#endif + else if (strcmp(*argv,"-dcertform") == 0) + { + if (--argc < 1) goto bad; + s_dcert_format = str2fmt(*(++argv)); + } else if (strcmp(*argv,"-dcert") == 0) { if (--argc < 1) goto bad; s_dcert_file= *(++argv); } + else if (strcmp(*argv,"-dkeyform") == 0) + { + if (--argc < 1) goto bad; + s_dkey_format = str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-dpass") == 0) + { + if (--argc < 1) goto bad; + dpassarg = *(++argv); + } else if (strcmp(*argv,"-dkey") == 0) { if (--argc < 1) goto bad; @@ -640,6 +740,8 @@ int MAIN(int argc, char *argv[]) { no_tmp_rsa=1; } else if (strcmp(*argv,"-no_dhe") == 0) { no_dhe=1; } + else if (strcmp(*argv,"-no_ecdhe") == 0) + { no_ecdhe=1; } else if (strcmp(*argv,"-www") == 0) { www=1; } else if (strcmp(*argv,"-WWW") == 0) @@ -664,6 +766,22 @@ int MAIN(int argc, char *argv[]) else if (strcmp(*argv,"-tls1") == 0) { meth=TLSv1_server_method(); } #endif +#ifndef OPENSSL_NO_DTLS1 + else if (strcmp(*argv,"-dtls1") == 0) + { + meth=DTLSv1_server_method(); + sock_type = SOCK_DGRAM; + } + else if (strcmp(*argv,"-timeout") == 0) + enable_timeouts = 1; + else if (strcmp(*argv,"-mtu") == 0) + { + if (--argc < 1) goto bad; + mtu = atol(*(++argv)); + } + else if (strcmp(*argv, "-chain") == 0) + cert_chain = 1; +#endif else if (strcmp(*argv, "-id_prefix") == 0) { if (--argc < 1) goto bad; @@ -704,6 +822,62 @@ bad: e = setup_engine(bio_err, engine_id, 1); #endif + if (!app_passwd(bio_err, passarg, dpassarg, &pass, &dpass)) + { + BIO_printf(bio_err, "Error getting password\n"); + goto end; + } + + + if (s_key_file == NULL) + s_key_file = s_cert_file; + + if (nocert == 0) + { + s_key = load_key(bio_err, s_key_file, s_key_format, 0, pass, e, + "server certificate private key file"); + if (!s_key) + { + ERR_print_errors(bio_err); + goto end; + } + + s_cert = load_cert(bio_err,s_cert_file,s_cert_format, + NULL, e, "server certificate file"); + + if (!s_cert) + { + ERR_print_errors(bio_err); + goto end; + } + } + + if (s_dcert_file) + { + + if (s_dkey_file == NULL) + s_dkey_file = s_dcert_file; + + s_dkey = load_key(bio_err, s_dkey_file, s_dkey_format, + 0, dpass, e, + "second certificate private key file"); + if (!s_dkey) + { + ERR_print_errors(bio_err); + goto end; + } + + s_dcert = load_cert(bio_err,s_dcert_file,s_dcert_format, + NULL, e, "second server certificate file"); + + if (!s_dcert) + { + ERR_print_errors(bio_err); + goto end; + } + + } + if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL && !RAND_status()) { @@ -726,7 +900,7 @@ bad: } } -#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) +#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) if (nocert) #endif { @@ -762,6 +936,10 @@ bad: if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL); if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); SSL_CTX_set_options(ctx,off); + /* DTLS: partial reads end up discarding unread UDP bytes :-( + * Setting read ahead solves this problem. + */ + if (sock_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1); if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); @@ -814,12 +992,57 @@ bad: DH_free(dh); } #endif + +#ifndef OPENSSL_NO_ECDH + if (!no_ecdhe) + { + EC_KEY *ecdh=NULL; + + if (named_curve) + { + int nid = OBJ_sn2nid(named_curve); + + if (nid == 0) + { + BIO_printf(bio_err, "unknown curve name (%s)\n", + named_curve); + goto end; + } + ecdh = EC_KEY_new_by_curve_name(nid); + if (ecdh == NULL) + { + BIO_printf(bio_err, "unable to create curve (%s)\n", + named_curve); + goto end; + } + } + + if (ecdh != NULL) + { + BIO_printf(bio_s_out,"Setting temp ECDH parameters\n"); + } + else + { + BIO_printf(bio_s_out,"Using default temp ECDH parameters\n"); + ecdh = EC_KEY_new_by_curve_name(NID_sect163r2); + if (ecdh == NULL) + { + BIO_printf(bio_err, "unable to create curve (sect163r2)\n"); + goto end; + } + } + (void)BIO_flush(bio_s_out); + + SSL_CTX_set_tmp_ecdh(ctx,ecdh); + EC_KEY_free(ecdh); + } +#endif - if (!set_cert_stuff(ctx,s_cert_file,s_key_file)) + if (!set_cert_key_stuff(ctx,s_cert,s_key)) goto end; - if (s_dcert_file != NULL) + if (s_dcert != NULL) { - if (!set_cert_stuff(ctx,s_dcert_file,s_dkey_file)) + if (!set_cert_key_stuff(ctx,s_dcert,s_dkey)) goto end; } @@ -863,16 +1086,28 @@ bad: BIO_printf(bio_s_out,"ACCEPT\n"); if (www) - do_server(port,&accept_socket,www_body, context); + do_server(port,sock_type,&accept_socket,www_body, context); else - do_server(port,&accept_socket,sv_body, context); + do_server(port,sock_type,&accept_socket,sv_body, context); print_stats(bio_s_out,ctx); ret=0; end: if (ctx != NULL) SSL_CTX_free(ctx); + if (s_cert) + X509_free(s_cert); + if (s_dcert) + X509_free(s_dcert); + if (s_key) + EVP_PKEY_free(s_key); + if (s_dkey) + EVP_PKEY_free(s_dkey); + if (pass) + OPENSSL_free(pass); + if (dpass) + OPENSSL_free(dpass); if (bio_s_out != NULL) { - BIO_free(bio_s_out); + BIO_free(bio_s_out); bio_s_out=NULL; } apps_shutdown(); @@ -883,23 +1118,23 @@ static void print_stats(BIO *bio, SSL_CTX *ssl_ctx) { BIO_printf(bio,"%4ld items in the session cache\n", SSL_CTX_sess_number(ssl_ctx)); - BIO_printf(bio,"%4d client connects (SSL_connect())\n", + BIO_printf(bio,"%4ld client connects (SSL_connect())\n", SSL_CTX_sess_connect(ssl_ctx)); - BIO_printf(bio,"%4d client renegotiates (SSL_connect())\n", + BIO_printf(bio,"%4ld client renegotiates (SSL_connect())\n", SSL_CTX_sess_connect_renegotiate(ssl_ctx)); - BIO_printf(bio,"%4d client connects that finished\n", + BIO_printf(bio,"%4ld client connects that finished\n", SSL_CTX_sess_connect_good(ssl_ctx)); - BIO_printf(bio,"%4d server accepts (SSL_accept())\n", + BIO_printf(bio,"%4ld server accepts (SSL_accept())\n", SSL_CTX_sess_accept(ssl_ctx)); - BIO_printf(bio,"%4d server renegotiates (SSL_accept())\n", + BIO_printf(bio,"%4ld server renegotiates (SSL_accept())\n", SSL_CTX_sess_accept_renegotiate(ssl_ctx)); - BIO_printf(bio,"%4d server accepts that finished\n", + BIO_printf(bio,"%4ld server accepts that finished\n", SSL_CTX_sess_accept_good(ssl_ctx)); - BIO_printf(bio,"%4d session cache hits\n",SSL_CTX_sess_hits(ssl_ctx)); - BIO_printf(bio,"%4d session cache misses\n",SSL_CTX_sess_misses(ssl_ctx)); - BIO_printf(bio,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx)); - BIO_printf(bio,"%4d callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx)); - BIO_printf(bio,"%4d cache full overflows (%d allowed)\n", + BIO_printf(bio,"%4ld session cache hits\n",SSL_CTX_sess_hits(ssl_ctx)); + BIO_printf(bio,"%4ld session cache misses\n",SSL_CTX_sess_misses(ssl_ctx)); + BIO_printf(bio,"%4ld session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx)); + BIO_printf(bio,"%4ld callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx)); + BIO_printf(bio,"%4ld cache full overflows (%ld allowed)\n", SSL_CTX_sess_cache_full(ssl_ctx), SSL_CTX_sess_get_cache_size(ssl_ctx)); } @@ -913,7 +1148,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) unsigned long l; SSL *con=NULL; BIO *sbio; -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) struct timeval tv; #endif @@ -951,7 +1186,39 @@ static int sv_body(char *hostname, int s, unsigned char *context) } SSL_clear(con); - sbio=BIO_new_socket(s,BIO_NOCLOSE); + if (SSL_version(con) == DTLS1_VERSION) + { + struct timeval timeout; + + sbio=BIO_new_dgram(s,BIO_NOCLOSE); + + if ( enable_timeouts) + { + timeout.tv_sec = 0; + timeout.tv_usec = DGRAM_RCV_TIMEOUT; + BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout); + + timeout.tv_sec = 0; + timeout.tv_usec = DGRAM_SND_TIMEOUT; + BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout); + } + + + if ( mtu > 0) + { + SSL_set_options(con, SSL_OP_NO_QUERY_MTU); + SSL_set_mtu(con, mtu); + } + else + /* want to do MTU discovery */ + BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); + + /* turn on cookie exchange */ + SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE); + } + else + sbio=BIO_new_socket(s,BIO_NOCLOSE); + if (s_nbio_test) { BIO *test; @@ -966,7 +1233,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) if (s_debug) { con->debug=1; - BIO_set_callback(SSL_get_rbio(con),bio_dump_cb); + BIO_set_callback(SSL_get_rbio(con),bio_dump_callback); BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out); } if (s_msg) @@ -987,7 +1254,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) if (!read_from_sslcon) { FD_ZERO(&readfds); -#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) +#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) FD_SET(fileno(stdin),&readfds); #endif FD_SET(s,&readfds); @@ -997,7 +1264,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) * the compiler: if you do have a cast then you can either * go for (int *) or (void *). */ -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) /* Under DOS (non-djgpp) and Windows we can't select on stdin: only * on sockets. As a workaround we timeout the select every * second and check for any keypress. In a proper Windows @@ -1057,7 +1324,8 @@ static int sv_body(char *hostname, int s, unsigned char *context) if ((i <= 0) || (buf[0] == 'q')) { BIO_printf(bio_s_out,"DONE\n"); - SHUTDOWN(s); + if (SSL_version(con) != DTLS1_VERSION) + SHUTDOWN(s); /* close_accept_socket(); ret= -11;*/ goto err; @@ -1086,7 +1354,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) } if (buf[0] == 'P') { - static char *str="Lets print some clear text\n"; + static const char *str="Lets print some clear text\n"; BIO_write(SSL_get_wbio(con),str,strlen(str)); } if (buf[0] == 'S') @@ -1270,7 +1538,7 @@ static int init_ssl_connection(SSL *con) } #ifndef OPENSSL_NO_DH -static DH *load_dh_param(char *dhfile) +static DH *load_dh_param(const char *dhfile) { DH *ret=NULL; BIO *bio; @@ -1369,7 +1637,7 @@ static int www_body(char *hostname, int s, unsigned char *context) if (s_debug) { con->debug=1; - BIO_set_callback(SSL_get_rbio(con),bio_dump_cb); + BIO_set_callback(SSL_get_rbio(con),bio_dump_callback); BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out); } if (s_msg) @@ -1417,7 +1685,9 @@ static int www_body(char *hostname, int s, unsigned char *context) else { BIO_printf(bio_s_out,"read R BLOCK\n"); -#if !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__) +#if defined(OPENSSL_SYS_NETWARE) + delay(1000); +#elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__) sleep(1); #endif continue; @@ -1436,7 +1706,7 @@ static int www_body(char *hostname, int s, unsigned char *context) char *p; X509 *peer; STACK_OF(SSL_CIPHER) *sk; - static char *space=" "; + static const char *space=" "; BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); BIO_puts(io,"<HTML><BODY BGCOLOR=\"#ffffff\">\n"); @@ -1516,7 +1786,7 @@ static int www_body(char *hostname, int s, unsigned char *context) { BIO *file; char *p,*e; - static char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"; + static const char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"; /* skip the '/' */ p= &(buf[5]); @@ -1692,21 +1962,30 @@ err: #ifndef OPENSSL_NO_RSA static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength) { + BIGNUM *bn = NULL; static RSA *rsa_tmp=NULL; - if (rsa_tmp == NULL) + if (!rsa_tmp && ((bn = BN_new()) == NULL)) + BIO_printf(bio_err,"Allocation error in generating RSA key\n"); + if (!rsa_tmp && bn) { if (!s_quiet) { BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength); (void)BIO_flush(bio_err); } - rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL); + if(!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) || + !RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) + { + if(rsa_tmp) RSA_free(rsa_tmp); + rsa_tmp = NULL; + } if (!s_quiet) { BIO_printf(bio_err,"\n"); (void)BIO_flush(bio_err); } + BN_free(bn); } return(rsa_tmp); } diff --git a/crypto/openssl/apps/s_socket.c b/crypto/openssl/apps/s_socket.c index 1867890..4a922e1 100644 --- a/crypto/openssl/apps/s_socket.c +++ b/crypto/openssl/apps/s_socket.c @@ -62,8 +62,6 @@ #include <errno.h> #include <signal.h> -#include <openssl/e_os2.h> - /* With IPv6, it looks like Digital has mixed up the proper order of recursive header file inclusion, resulting in the compiler complaining that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which @@ -81,14 +79,26 @@ typedef unsigned int u_int; #include "s_apps.h" #include <openssl/ssl.h> +#ifdef FLAT_INC +#include "e_os.h" +#else +#include "../e_os.h" +#endif + +#ifndef OPENSSL_NO_SOCK + +#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_BSDSOCK) +#include "netdb.h" +#endif + static struct hostent *GetHostByName(char *name); -#ifdef OPENSSL_SYS_WINDOWS +#if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)) static void ssl_sock_cleanup(void); #endif static int ssl_sock_init(void); -static int init_client_ip(int *sock,unsigned char ip[4], int port); -static int init_server(int *sock, int port); -static int init_server_long(int *sock, int port,char *ip); +static int init_client_ip(int *sock,unsigned char ip[4], int port, int type); +static int init_server(int *sock, int port, int type); +static int init_server_long(int *sock, int port,char *ip, int type); static int do_accept(int acc_sock, int *sock, char **host); static int host_ip(char *str, unsigned char ip[4]); @@ -98,6 +108,10 @@ static int host_ip(char *str, unsigned char ip[4]); #define SOCKET_PROTOCOL IPPROTO_TCP #endif +#if defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK) +static int wsa_init_done=0; +#endif + #ifdef OPENSSL_SYS_WINDOWS static struct WSAData wsa_state; static int wsa_init_done=0; @@ -146,6 +160,15 @@ static void ssl_sock_cleanup(void) WSACleanup(); } } +#elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK) +static void sock_cleanup(void) + { + if (wsa_init_done) + { + wsa_init_done=0; + WSACleanup(); + } + } #endif static int ssl_sock_init(void) @@ -153,7 +176,6 @@ static int ssl_sock_init(void) #ifdef WATT32 extern int _watt_do_exit; _watt_do_exit = 0; - dbug_init(); if (sock_init()) return (0); #elif defined(OPENSSL_SYS_WINDOWS) @@ -181,11 +203,32 @@ static int ssl_sock_init(void) SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopHookProc); #endif /* OPENSSL_SYS_WIN16 */ } +#elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK) + WORD wVerReq; + WSADATA wsaData; + int err; + + if (!wsa_init_done) + { + +# ifdef SIGINT + signal(SIGINT,(void (*)(int))sock_cleanup); +# endif + + wsa_init_done=1; + wVerReq = MAKEWORD( 2, 0 ); + err = WSAStartup(wVerReq,&wsaData); + if (err != 0) + { + BIO_printf(bio_err,"unable to start WINSOCK2, error code=%d\n",err); + return(0); + } + } #endif /* OPENSSL_SYS_WINDOWS */ return(1); } -int init_client(int *sock, char *host, int port) +int init_client(int *sock, char *host, int port, int type) { unsigned char ip[4]; short p=0; @@ -195,10 +238,10 @@ int init_client(int *sock, char *host, int port) return(0); } if (p != 0) port=p; - return(init_client_ip(sock,ip,port)); + return(init_client_ip(sock,ip,port,type)); } -static int init_client_ip(int *sock, unsigned char ip[4], int port) +static int init_client_ip(int *sock, unsigned char ip[4], int port, int type) { unsigned long addr; struct sockaddr_in them; @@ -216,13 +259,20 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port) ((unsigned long)ip[3]); them.sin_addr.s_addr=htonl(addr); - s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); + if (type == SOCK_STREAM) + s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); + else /* ( type == SOCK_DGRAM) */ + s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP); + if (s == INVALID_SOCKET) { perror("socket"); return(0); } #ifndef OPENSSL_SYS_MPE - i=0; - i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i)); - if (i < 0) { perror("keepalive"); return(0); } + if (type == SOCK_STREAM) + { + i=0; + i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i)); + if (i < 0) { perror("keepalive"); return(0); } + } #endif if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1) @@ -231,30 +281,36 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port) return(1); } -int do_server(int port, int *ret, int (*cb)(), char *context) +int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context) { int sock; - char *name; + char *name = NULL; int accept_socket; int i; - if (!init_server(&accept_socket,port)) return(0); + if (!init_server(&accept_socket,port,type)) return(0); if (ret != NULL) { *ret=accept_socket; /* return(1);*/ } - for (;;) - { - if (do_accept(accept_socket,&sock,&name) == 0) + for (;;) + { + if (type==SOCK_STREAM) { - SHUTDOWN(accept_socket); - return(0); + if (do_accept(accept_socket,&sock,&name) == 0) + { + SHUTDOWN(accept_socket); + return(0); + } } + else + sock = accept_socket; i=(*cb)(name,sock, context); if (name != NULL) OPENSSL_free(name); - SHUTDOWN2(sock); + if (type==SOCK_STREAM) + SHUTDOWN2(sock); if (i < 0) { SHUTDOWN2(accept_socket); @@ -263,7 +319,7 @@ int do_server(int port, int *ret, int (*cb)(), char *context) } } -static int init_server_long(int *sock, int port, char *ip) +static int init_server_long(int *sock, int port, char *ip, int type) { int ret=0; struct sockaddr_in server; @@ -283,7 +339,11 @@ static int init_server_long(int *sock, int port, char *ip) #else memcpy(&server.sin_addr,ip,4); #endif - s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); + + if (type == SOCK_STREAM) + s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); + else /* type == SOCK_DGRAM */ + s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP); if (s == INVALID_SOCKET) goto err; #if defined SOL_SOCKET && defined SO_REUSEADDR @@ -301,7 +361,7 @@ static int init_server_long(int *sock, int port, char *ip) goto err; } /* Make it 128 for linux */ - if (listen(s,128) == -1) goto err; + if (type==SOCK_STREAM && listen(s,128) == -1) goto err; i=0; *sock=s; ret=1; @@ -313,9 +373,9 @@ err: return(ret); } -static int init_server(int *sock, int port) +static int init_server(int *sock, int port, int type) { - return(init_server_long(sock, port, NULL)); + return(init_server_long(sock, port, NULL, type)); } static int do_accept(int acc_sock, int *sock, char **host) @@ -342,7 +402,7 @@ redoit: ret=accept(acc_sock,(struct sockaddr *)&from,(void *)&len); if (ret == INVALID_SOCKET) { -#ifdef OPENSSL_SYS_WINDOWS +#if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)) i=WSAGetLastError(); BIO_printf(bio_err,"accept error %d\n",i); #else @@ -553,3 +613,5 @@ static struct hostent *GetHostByName(char *name) return(ret); } } + +#endif diff --git a/crypto/openssl/apps/s_time.c b/crypto/openssl/apps/s_time.c index 7d47057..904945e 100644 --- a/crypto/openssl/apps/s_time.c +++ b/crypto/openssl/apps/s_time.c @@ -85,7 +85,7 @@ #include OPENSSL_UNISTD #endif -#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) +#if !defined(OPENSSL_SYS_NETWARE) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) #define TIMES #endif @@ -105,7 +105,7 @@ #undef TIMES #endif -#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS) +#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE) #include <sys/timeb.h> #endif @@ -384,6 +384,20 @@ static double tm_Time_F(int s) ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; return((ret == 0.0)?1e-6:ret); } +#elif defined(OPENSSL_SYS_NETWARE) + static clock_t tstart,tend; + + if (s == START) + { + tstart=clock(); + return(0); + } + else + { + tend=clock(); + ret=(double)((double)(tend)-(double)(tstart)); + return((ret < 0.001)?0.001:ret); + } #elif defined(OPENSSL_SYS_VXWORKS) { static unsigned long tick_start, tick_end; diff --git a/crypto/openssl/apps/sess_id.c b/crypto/openssl/apps/sess_id.c index d91d84d..b99179f 100644 --- a/crypto/openssl/apps/sess_id.c +++ b/crypto/openssl/apps/sess_id.c @@ -69,7 +69,7 @@ #undef PROG #define PROG sess_id_main -static char *sess_id_usage[]={ +static const char *sess_id_usage[]={ "usage: sess_id args\n", "\n", " -inform arg - input format - default PEM (DER or PEM)\n", @@ -95,7 +95,7 @@ int MAIN(int argc, char **argv) int informat,outformat; char *infile=NULL,*outfile=NULL,*context=NULL; int cert=0,noout=0,text=0; - char **pp; + const char **pp; apps_startup(); @@ -241,7 +241,7 @@ bad: if (!noout && !cert) { if (outformat == FORMAT_ASN1) - i=(int)i2d_SSL_SESSION_bio(out,x); + i=i2d_SSL_SESSION_bio(out,x); else if (outformat == FORMAT_PEM) i=PEM_write_bio_SSL_SESSION(out,x); else { diff --git a/crypto/openssl/apps/smime.c b/crypto/openssl/apps/smime.c index 51bc893..250fd69 100644 --- a/crypto/openssl/apps/smime.c +++ b/crypto/openssl/apps/smime.c @@ -1,9 +1,9 @@ /* smime.c */ /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. + * project. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -64,10 +64,13 @@ #include <openssl/crypto.h> #include <openssl/pem.h> #include <openssl/err.h> +#include <openssl/x509_vfy.h> +#include <openssl/x509v3.h> #undef PROG #define PROG smime_main static int save_certs(char *signerfile, STACK_OF(X509) *signers); +static int smime_cb(int ok, X509_STORE_CTX *ctx); #define SMIME_OP 0x10 #define SMIME_ENCRYPT (1 | SMIME_OP) @@ -79,12 +82,12 @@ static int save_certs(char *signerfile, STACK_OF(X509) *signers); int MAIN(int, char **); int MAIN(int argc, char **argv) -{ + { ENGINE *e = NULL; int operation = 0; int ret = 0; char **args; - char *inmode = "r", *outmode = "w"; + const char *inmode = "r", *outmode = "w"; char *infile = NULL, *outfile = NULL; char *signerfile = NULL, *recipfile = NULL; char *certfile = NULL, *keyfile = NULL, *contfile=NULL; @@ -96,7 +99,7 @@ int MAIN(int argc, char **argv) STACK_OF(X509) *encerts = NULL, *other = NULL; BIO *in = NULL, *out = NULL, *indata = NULL; int badarg = 0; - int flags = PKCS7_DETACHED, store_flags = 0; + int flags = PKCS7_DETACHED; char *to = NULL, *from = NULL, *subject = NULL; char *CAfile = NULL, *CApath = NULL; char *passargin = NULL, *passin = NULL; @@ -108,24 +111,34 @@ int MAIN(int argc, char **argv) char *engine=NULL; #endif + X509_VERIFY_PARAM *vpm = NULL; + args = argv + 1; ret = 1; apps_startup(); if (bio_err == NULL) + { if ((bio_err = BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); + } if (!load_config(bio_err, NULL)) goto end; - while (!badarg && *args && *args[0] == '-') { - if (!strcmp (*args, "-encrypt")) operation = SMIME_ENCRYPT; - else if (!strcmp (*args, "-decrypt")) operation = SMIME_DECRYPT; - else if (!strcmp (*args, "-sign")) operation = SMIME_SIGN; - else if (!strcmp (*args, "-verify")) operation = SMIME_VERIFY; - else if (!strcmp (*args, "-pk7out")) operation = SMIME_PK7OUT; + while (!badarg && *args && *args[0] == '-') + { + if (!strcmp (*args, "-encrypt")) + operation = SMIME_ENCRYPT; + else if (!strcmp (*args, "-decrypt")) + operation = SMIME_DECRYPT; + else if (!strcmp (*args, "-sign")) + operation = SMIME_SIGN; + else if (!strcmp (*args, "-verify")) + operation = SMIME_VERIFY; + else if (!strcmp (*args, "-pk7out")) + operation = SMIME_PK7OUT; #ifndef OPENSSL_NO_DES else if (!strcmp (*args, "-des3")) cipher = EVP_des_ede3_cbc(); @@ -172,127 +185,225 @@ int MAIN(int argc, char **argv) flags |= PKCS7_NOOLDMIMETYPE; else if (!strcmp (*args, "-crlfeol")) flags |= PKCS7_CRLFEOL; - else if (!strcmp (*args, "-crl_check")) - store_flags |= X509_V_FLAG_CRL_CHECK; - else if (!strcmp (*args, "-crl_check_all")) - store_flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL; - else if (!strcmp(*args,"-rand")) { - if (args[1]) { + else if (!strcmp(*args,"-rand")) + { + if (args[1]) + { args++; inrand = *args; - } else badarg = 1; + } + else + badarg = 1; need_rand = 1; + } #ifndef OPENSSL_NO_ENGINE - } else if (!strcmp(*args,"-engine")) { - if (args[1]) { + else if (!strcmp(*args,"-engine")) + { + if (args[1]) + { args++; engine = *args; - } else badarg = 1; + } + else badarg = 1; + } #endif - } else if (!strcmp(*args,"-passin")) { - if (args[1]) { + else if (!strcmp(*args,"-passin")) + { + if (args[1]) + { args++; passargin = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-to")) { - if (args[1]) { + } + else + badarg = 1; + } + else if (!strcmp (*args, "-to")) + { + if (args[1]) + { args++; to = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-from")) { - if (args[1]) { + } + else + badarg = 1; + } + else if (!strcmp (*args, "-from")) + { + if (args[1]) + { args++; from = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-subject")) { - if (args[1]) { + } + else badarg = 1; + } + else if (!strcmp (*args, "-subject")) + { + if (args[1]) + { args++; subject = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-signer")) { - if (args[1]) { + } + else + badarg = 1; + } + else if (!strcmp (*args, "-signer")) + { + if (args[1]) + { args++; signerfile = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-recip")) { - if (args[1]) { + } + else + badarg = 1; + } + else if (!strcmp (*args, "-recip")) + { + if (args[1]) + { args++; recipfile = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-inkey")) { - if (args[1]) { + } + else badarg = 1; + } + else if (!strcmp (*args, "-inkey")) + { + if (args[1]) + { args++; keyfile = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-keyform")) { - if (args[1]) { + } + else + badarg = 1; + } + else if (!strcmp (*args, "-keyform")) + { + if (args[1]) + { args++; keyform = str2fmt(*args); - } else badarg = 1; - } else if (!strcmp (*args, "-certfile")) { - if (args[1]) { + } + else + badarg = 1; + } + else if (!strcmp (*args, "-certfile")) + { + if (args[1]) + { args++; certfile = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-CAfile")) { - if (args[1]) { + } + else + badarg = 1; + } + else if (!strcmp (*args, "-CAfile")) + { + if (args[1]) + { args++; CAfile = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-CApath")) { - if (args[1]) { + } + else + badarg = 1; + } + else if (!strcmp (*args, "-CApath")) + { + if (args[1]) + { args++; CApath = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-in")) { - if (args[1]) { + } + else + badarg = 1; + } + else if (!strcmp (*args, "-in")) + { + if (args[1]) + { args++; infile = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-inform")) { - if (args[1]) { + } + else + badarg = 1; + } + else if (!strcmp (*args, "-inform")) + { + if (args[1]) + { args++; informat = str2fmt(*args); - } else badarg = 1; - } else if (!strcmp (*args, "-outform")) { - if (args[1]) { + } + else + badarg = 1; + } + else if (!strcmp (*args, "-outform")) + { + if (args[1]) + { args++; outformat = str2fmt(*args); - } else badarg = 1; - } else if (!strcmp (*args, "-out")) { - if (args[1]) { + } + else + badarg = 1; + } + else if (!strcmp (*args, "-out")) + { + if (args[1]) + { args++; outfile = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-content")) { - if (args[1]) { + } + else + badarg = 1; + } + else if (!strcmp (*args, "-content")) + { + if (args[1]) + { args++; contfile = *args; - } else badarg = 1; - } else badarg = 1; + } + else + badarg = 1; + } + else if (args_verify(&args, NULL, &badarg, bio_err, &vpm)) + continue; + else + badarg = 1; args++; - } + } - if(operation == SMIME_SIGN) { - if(!signerfile) { + + if (operation == SMIME_SIGN) + { + if (!signerfile) + { BIO_printf(bio_err, "No signer certificate specified\n"); badarg = 1; - } + } need_rand = 1; - } else if(operation == SMIME_DECRYPT) { - if(!recipfile) { - BIO_printf(bio_err, "No recipient certificate and key specified\n"); + } + else if (operation == SMIME_DECRYPT) + { + if (!recipfile && !keyfile) + { + BIO_printf(bio_err, "No recipient certificate or key specified\n"); badarg = 1; + } } - } else if(operation == SMIME_ENCRYPT) { - if(!*args) { + else if (operation == SMIME_ENCRYPT) + { + if (!*args) + { BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); badarg = 1; - } + } need_rand = 1; - } else if(!operation) badarg = 1; + } + else if (!operation) + badarg = 1; - if (badarg) { + if (badarg) + { BIO_printf (bio_err, "Usage smime [options] cert.pem ...\n"); BIO_printf (bio_err, "where options are\n"); BIO_printf (bio_err, "-encrypt encrypt message\n"); @@ -347,121 +458,155 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, " the random number generator\n"); BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n"); goto end; - } + } #ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); #endif - if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { + if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) + { BIO_printf(bio_err, "Error getting password\n"); goto end; - } + } - if (need_rand) { + if (need_rand) + { app_RAND_load_file(NULL, bio_err, (inrand != NULL)); if (inrand != NULL) BIO_printf(bio_err,"%ld semi-random bytes loaded\n", app_RAND_load_files(inrand)); - } + } ret = 2; - if(operation != SMIME_SIGN) flags &= ~PKCS7_DETACHED; + if (operation != SMIME_SIGN) + flags &= ~PKCS7_DETACHED; - if(operation & SMIME_OP) { - if(flags & PKCS7_BINARY) inmode = "rb"; - if(outformat == FORMAT_ASN1) outmode = "wb"; - } else { - if(flags & PKCS7_BINARY) outmode = "wb"; - if(informat == FORMAT_ASN1) inmode = "rb"; - } + if (operation & SMIME_OP) + { + if (flags & PKCS7_BINARY) + inmode = "rb"; + if (outformat == FORMAT_ASN1) + outmode = "wb"; + } + else + { + if (flags & PKCS7_BINARY) + outmode = "wb"; + if (informat == FORMAT_ASN1) + inmode = "rb"; + } - if(operation == SMIME_ENCRYPT) { - if (!cipher) { + if (operation == SMIME_ENCRYPT) + { + if (!cipher) + { #ifndef OPENSSL_NO_RC2 cipher = EVP_rc2_40_cbc(); #else BIO_printf(bio_err, "No cipher selected\n"); goto end; #endif - } + } encerts = sk_X509_new_null(); - while (*args) { - if(!(cert = load_cert(bio_err,*args,FORMAT_PEM, - NULL, e, "recipient certificate file"))) { + while (*args) + { + if (!(cert = load_cert(bio_err,*args,FORMAT_PEM, + NULL, e, "recipient certificate file"))) + { #if 0 /* An appropriate message is already printed */ BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args); #endif goto end; - } + } sk_X509_push(encerts, cert); cert = NULL; args++; + } } - } - if(signerfile && (operation == SMIME_SIGN)) { - if(!(signer = load_cert(bio_err,signerfile,FORMAT_PEM, NULL, - e, "signer certificate"))) { + if (signerfile && (operation == SMIME_SIGN)) + { + if (!(signer = load_cert(bio_err,signerfile,FORMAT_PEM, NULL, + e, "signer certificate"))) + { #if 0 /* An appropri message has already been printed */ BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile); #endif goto end; + } } - } - if(certfile) { - if(!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL, - e, "certificate file"))) { + if (certfile) + { + if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL, + e, "certificate file"))) + { #if 0 /* An appropriate message has already been printed */ BIO_printf(bio_err, "Can't read certificate file %s\n", certfile); #endif ERR_print_errors(bio_err); goto end; + } } - } - if(recipfile && (operation == SMIME_DECRYPT)) { - if(!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL, - e, "recipient certificate file"))) { + if (recipfile && (operation == SMIME_DECRYPT)) + { + if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL, + e, "recipient certificate file"))) + { #if 0 /* An appropriate message has alrady been printed */ BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile); #endif ERR_print_errors(bio_err); goto end; + } } - } - if(operation == SMIME_DECRYPT) { - if(!keyfile) keyfile = recipfile; - } else if(operation == SMIME_SIGN) { - if(!keyfile) keyfile = signerfile; - } else keyfile = NULL; + if (operation == SMIME_DECRYPT) + { + if (!keyfile) + keyfile = recipfile; + } + else if (operation == SMIME_SIGN) + { + if (!keyfile) + keyfile = signerfile; + } + else keyfile = NULL; - if(keyfile) { + if (keyfile) + { key = load_key(bio_err, keyfile, keyform, 0, passin, e, "signing key file"); - if (!key) { + if (!key) goto end; - } - } + } - if (infile) { - if (!(in = BIO_new_file(infile, inmode))) { + if (infile) + { + if (!(in = BIO_new_file(infile, inmode))) + { BIO_printf (bio_err, "Can't open input file %s\n", infile); goto end; + } } - } else in = BIO_new_fp(stdin, BIO_NOCLOSE); + else + in = BIO_new_fp(stdin, BIO_NOCLOSE); - if (outfile) { - if (!(out = BIO_new_file(outfile, outmode))) { + if (outfile) + { + if (!(out = BIO_new_file(outfile, outmode))) + { BIO_printf (bio_err, "Can't open output file %s\n", outfile); goto end; + } } - } else { + else + { out = BIO_new_fp(stdout, BIO_NOCLOSE); #ifdef OPENSSL_SYS_VMS { @@ -469,100 +614,133 @@ int MAIN(int argc, char **argv) out = BIO_push(tmpbio, out); } #endif - } + } - if(operation == SMIME_VERIFY) { - if(!(store = setup_verify(bio_err, CAfile, CApath))) goto end; - X509_STORE_set_flags(store, store_flags); - } + if (operation == SMIME_VERIFY) + { + if (!(store = setup_verify(bio_err, CAfile, CApath))) + goto end; + X509_STORE_set_verify_cb_func(store, smime_cb); + if (vpm) + X509_STORE_set1_param(store, vpm); + } ret = 3; - if(operation == SMIME_ENCRYPT) { + if (operation == SMIME_ENCRYPT) p7 = PKCS7_encrypt(encerts, in, cipher, flags); - } else if(operation == SMIME_SIGN) { + else if (operation == SMIME_SIGN) + { + /* If detached data and SMIME output enable partial + * signing. + */ + if ((flags & PKCS7_DETACHED) && (outformat == FORMAT_SMIME)) + flags |= PKCS7_STREAM; p7 = PKCS7_sign(signer, key, other, in, flags); - if (BIO_reset(in) != 0 && (flags & PKCS7_DETACHED)) { - BIO_printf(bio_err, "Can't rewind input file\n"); - goto end; + /* Don't need to rewind for partial signing */ + if (!(flags & PKCS7_STREAM) && (BIO_reset(in) != 0)) + { + BIO_printf(bio_err, "Can't rewind input file\n"); + goto end; + } } - } else { - if(informat == FORMAT_SMIME) + else + { + if (informat == FORMAT_SMIME) p7 = SMIME_read_PKCS7(in, &indata); - else if(informat == FORMAT_PEM) + else if (informat == FORMAT_PEM) p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); - else if(informat == FORMAT_ASN1) + else if (informat == FORMAT_ASN1) p7 = d2i_PKCS7_bio(in, NULL); - else { + else + { BIO_printf(bio_err, "Bad input format for PKCS#7 file\n"); goto end; - } + } - if(!p7) { + if (!p7) + { BIO_printf(bio_err, "Error reading S/MIME message\n"); goto end; - } - if(contfile) { + } + if (contfile) + { BIO_free(indata); - if(!(indata = BIO_new_file(contfile, "rb"))) { + if (!(indata = BIO_new_file(contfile, "rb"))) + { BIO_printf(bio_err, "Can't read content file %s\n", contfile); goto end; + } } } - } - if(!p7) { + if (!p7) + { BIO_printf(bio_err, "Error creating PKCS#7 structure\n"); goto end; - } + } ret = 4; - if(operation == SMIME_DECRYPT) { - if(!PKCS7_decrypt(p7, key, recip, out, flags)) { + if (operation == SMIME_DECRYPT) + { + if (!PKCS7_decrypt(p7, key, recip, out, flags)) + { BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n"); goto end; + } } - } else if(operation == SMIME_VERIFY) { + else if (operation == SMIME_VERIFY) + { STACK_OF(X509) *signers; - if(PKCS7_verify(p7, other, store, indata, out, flags)) { + if (PKCS7_verify(p7, other, store, indata, out, flags)) BIO_printf(bio_err, "Verification successful\n"); - } else { + else + { BIO_printf(bio_err, "Verification failure\n"); goto end; - } + } signers = PKCS7_get0_signers(p7, other, flags); - if(!save_certs(signerfile, signers)) { + if (!save_certs(signerfile, signers)) + { BIO_printf(bio_err, "Error writing signers to %s\n", signerfile); ret = 5; goto end; - } + } sk_X509_free(signers); - } else if(operation == SMIME_PK7OUT) { + } + else if (operation == SMIME_PK7OUT) PEM_write_bio_PKCS7(out, p7); - } else { - if(to) BIO_printf(out, "To: %s\n", to); - if(from) BIO_printf(out, "From: %s\n", from); - if(subject) BIO_printf(out, "Subject: %s\n", subject); - if(outformat == FORMAT_SMIME) + else + { + if (to) + BIO_printf(out, "To: %s\n", to); + if (from) + BIO_printf(out, "From: %s\n", from); + if (subject) + BIO_printf(out, "Subject: %s\n", subject); + if (outformat == FORMAT_SMIME) SMIME_write_PKCS7(out, p7, in, flags); - else if(outformat == FORMAT_PEM) + else if (outformat == FORMAT_PEM) PEM_write_bio_PKCS7(out,p7); - else if(outformat == FORMAT_ASN1) + else if (outformat == FORMAT_ASN1) i2d_PKCS7_bio(out,p7); - else { + else + { BIO_printf(bio_err, "Bad output format for PKCS#7 file\n"); goto end; + } } - } ret = 0; end: if (need_rand) app_RAND_write_file(NULL, bio_err); - if(ret) ERR_print_errors(bio_err); + if (ret) ERR_print_errors(bio_err); sk_X509_pop_free(encerts, X509_free); sk_X509_pop_free(other, X509_free); + if (vpm) + X509_VERIFY_PARAM_free(vpm); X509_STORE_free(store); X509_free(cert); X509_free(recip); @@ -572,20 +750,39 @@ end: BIO_free(in); BIO_free(indata); BIO_free_all(out); - if(passin) OPENSSL_free(passin); + if (passin) OPENSSL_free(passin); return (ret); } static int save_certs(char *signerfile, STACK_OF(X509) *signers) -{ + { int i; BIO *tmp; - if(!signerfile) return 1; + if (!signerfile) + return 1; tmp = BIO_new_file(signerfile, "w"); - if(!tmp) return 0; + if (!tmp) return 0; for(i = 0; i < sk_X509_num(signers); i++) PEM_write_bio_X509(tmp, sk_X509_value(signers, i)); BIO_free(tmp); return 1; -} + } + +/* Minimal callback just to output policy info (if any) */ + +static int smime_cb(int ok, X509_STORE_CTX *ctx) + { + int error; + + error = X509_STORE_CTX_get_error(ctx); + + if ((error != X509_V_ERR_NO_EXPLICIT_POLICY) + && ((error != X509_V_OK) || (ok != 2))) + return ok; + + policies_print(NULL, ctx); + + return ok; + + } diff --git a/crypto/openssl/apps/speed.c b/crypto/openssl/apps/speed.c index 5ed510c..7082c37 100644 --- a/crypto/openssl/apps/speed.c +++ b/crypto/openssl/apps/speed.c @@ -55,6 +55,19 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the OpenSSL open source + * license provided above. + * + * The ECDH and ECDSA speed test software is originally written by + * Sumit Gupta of Sun Microsystems Laboratories. + * + */ /* most of this code has been pilfered from my libdes speed.c program */ @@ -64,6 +77,8 @@ #define SECONDS 3 #define RSA_SECONDS 10 #define DSA_SECONDS 10 +#define ECDSA_SECONDS 10 +#define ECDH_SECONDS 10 /* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */ /* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */ @@ -73,7 +88,7 @@ #include <stdio.h> #include <stdlib.h> -#include <signal.h> + #include <string.h> #include <math.h> #include "apps.h" @@ -89,6 +104,10 @@ #include OPENSSL_UNISTD #endif +#ifndef OPENSSL_SYS_NETWARE +#include <signal.h> +#endif + #if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(OPENSSL_SYS_MACOSX) # define USE_TOD #elif !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) @@ -98,6 +117,12 @@ # define TIMEB #endif +#if defined(OPENSSL_SYS_NETWARE) +#undef TIMES +#undef TIMEB +#include <time.h> +#endif + #ifndef _IRIX # include <time.h> #endif @@ -122,7 +147,7 @@ #include <sys/timeb.h> #endif -#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(OPENSSL_SYS_VXWORKS) +#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE) #error "It seems neither struct tms nor struct timeb is supported in this platform!" #endif @@ -132,6 +157,7 @@ #include <sys/param.h> #endif +#include <openssl/bn.h> #ifndef OPENSSL_NO_DES #include <openssl/des.h> #endif @@ -184,14 +210,31 @@ #endif #include <openssl/x509.h> #ifndef OPENSSL_NO_DSA +#include <openssl/dsa.h> #include "./testdsa.h" #endif +#ifndef OPENSSL_NO_ECDSA +#include <openssl/ecdsa.h> +#endif +#ifndef OPENSSL_NO_ECDH +#include <openssl/ecdh.h> +#endif + +/* + * The following "HZ" timing stuff should be sync'd up with the code in + * crypto/tmdiff.[ch]. That appears to try to do the same job, though I think + * this code is more up to date than libcrypto's so there may be features to + * migrate over first. This is used in two places further down AFAICS. + * The point is that nothing in openssl actually *uses* that tmdiff stuff, so + * either speed.c should be using it or it should go because it's obviously not + * useful enough. Anyone want to do a janitorial job on this? + */ /* The following if from times(3) man page. It may need to be changed */ #ifndef HZ # if defined(_SC_CLK_TCK) \ && (!defined(OPENSSL_SYS_VMS) || __CTRL_VER >= 70000000) -# define HZ ((double)sysconf(_SC_CLK_TCK)) +# define HZ sysconf(_SC_CLK_TCK) # else # ifndef CLK_TCK # ifndef _BSD_CLK_TCK_ /* FreeBSD hack */ @@ -205,7 +248,7 @@ # endif #endif -#if !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_OS2) +#if !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_OS2) && !defined(OPENSSL_SYS_NETWARE) # define HAVE_FORK 1 #endif @@ -219,25 +262,41 @@ static int usertime=1; static double Time_F(int s); static void print_message(const char *s,long num,int length); -static void pkey_print_message(char *str,char *str2,long num,int bits,int sec); +static void pkey_print_message(const char *str, const char *str2, + long num, int bits, int sec); static void print_result(int alg,int run_no,int count,double time_used); #ifdef HAVE_FORK static int do_multi(int multi); #endif -#define ALGOR_NUM 19 +#define ALGOR_NUM 21 #define SIZE_NUM 5 #define RSA_NUM 4 #define DSA_NUM 3 + +#define EC_NUM 16 +#define MAX_ECDH_SIZE 256 + static const char *names[ALGOR_NUM]={ "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4", "des cbc","des ede3","idea cbc", "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc", - "aes-128 cbc","aes-192 cbc","aes-256 cbc"}; + "aes-128 cbc","aes-192 cbc","aes-256 cbc","evp","sha256","sha512"}; static double results[ALGOR_NUM][SIZE_NUM]; static int lengths[SIZE_NUM]={16,64,256,1024,8*1024}; static double rsa_results[RSA_NUM][2]; static double dsa_results[DSA_NUM][2]; +#ifndef OPENSSL_NO_ECDSA +static double ecdsa_results[EC_NUM][2]; +#endif +#ifndef OPENSSL_NO_ECDH +static double ecdh_results[EC_NUM][1]; +#endif + +#if defined(OPENSSL_NO_DSA) && !(defined(OPENSSL_NO_ECDSA) && defined(OPENSSL_NO_ECDH)) +static const char rnd_seed[] = "string to make the random number generator think it has entropy"; +static int rnd_fake = 0; +#endif #ifdef SIGALRM #if defined(__STDC__) || defined(sgi) || defined(_AIX) @@ -260,13 +319,39 @@ static SIGRETTYPE sig_done(int sig) #define START 0 #define STOP 1 +#if defined(OPENSSL_SYS_NETWARE) + + /* for NetWare the best we can do is use clock() which returns the + * time, in hundredths of a second, since the NLM began executing + */ +static double Time_F(int s) + { + double ret; + + static clock_t tstart,tend; + + if (s == START) + { + tstart=clock(); + return(0); + } + else + { + tend=clock(); + ret=(double)((double)(tend)-(double)(tstart)); + return((ret < 0.001)?0.001:ret); + } + } + +#else + static double Time_F(int s) { double ret; #ifdef USE_TOD if(usertime) - { + { static struct rusage tstart,tend; getrusage_used = 1; @@ -321,7 +406,8 @@ static double Time_F(int s) else { times(&tend); - ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; + ret = HZ; + ret=(double)(tend.tms_utime-tstart.tms_utime) / ret; return((ret < 1e-3)?1e-3:ret); } } @@ -367,6 +453,25 @@ static double Time_F(int s) # endif #endif } +#endif /* if defined(OPENSSL_SYS_NETWARE) */ + + +#ifndef OPENSSL_NO_ECDH +static const int KDF1_SHA1_len = 20; +static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) + { +#ifndef OPENSSL_NO_SHA + if (*outlen < SHA_DIGEST_LENGTH) + return NULL; + else + *outlen = SHA_DIGEST_LENGTH; + return SHA1(in, inlen, out); +#else + return NULL; +#endif /* OPENSSL_NO_SHA */ + } +#endif /* OPENSSL_NO_ECDH */ + int MAIN(int, char **); @@ -401,6 +506,12 @@ int MAIN(int argc, char **argv) #endif #ifndef OPENSSL_NO_SHA unsigned char sha[SHA_DIGEST_LENGTH]; +#ifndef OPENSSL_NO_SHA256 + unsigned char sha256[SHA256_DIGEST_LENGTH]; +#endif +#ifndef OPENSSL_NO_SHA512 + unsigned char sha512[SHA512_DIGEST_LENGTH]; +#endif #endif #ifndef OPENSSL_NO_RIPEMD unsigned char rmd160[RIPEMD160_DIGEST_LENGTH]; @@ -426,6 +537,7 @@ int MAIN(int argc, char **argv) static const unsigned char key16[16]= {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0, 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12}; +#ifndef OPENSSL_NO_AES static const unsigned char key24[24]= {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0, 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12, @@ -435,6 +547,7 @@ int MAIN(int argc, char **argv) 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12, 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34, 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56}; +#endif #ifndef OPENSSL_NO_AES #define MAX_BLOCK_SIZE 128 #else @@ -473,6 +586,8 @@ int MAIN(int argc, char **argv) #define D_CBC_192_AES 16 #define D_CBC_256_AES 17 #define D_EVP 18 +#define D_SHA256 19 +#define D_SHA512 20 double d=0.0; long c[ALGOR_NUM][SIZE_NUM]; #define R_DSA_512 0 @@ -482,6 +597,24 @@ int MAIN(int argc, char **argv) #define R_RSA_1024 1 #define R_RSA_2048 2 #define R_RSA_4096 3 + +#define R_EC_P160 0 +#define R_EC_P192 1 +#define R_EC_P224 2 +#define R_EC_P256 3 +#define R_EC_P384 4 +#define R_EC_P521 5 +#define R_EC_K163 6 +#define R_EC_K233 7 +#define R_EC_K283 8 +#define R_EC_K409 9 +#define R_EC_K571 10 +#define R_EC_B163 11 +#define R_EC_B233 12 +#define R_EC_B283 13 +#define R_EC_B409 14 +#define R_EC_B571 15 + #ifndef OPENSSL_NO_RSA RSA *rsa_key[RSA_NUM]; long rsa_c[RSA_NUM][2]; @@ -497,8 +630,87 @@ int MAIN(int argc, char **argv) long dsa_c[DSA_NUM][2]; static unsigned int dsa_bits[DSA_NUM]={512,1024,2048}; #endif +#ifndef OPENSSL_NO_EC + /* We only test over the following curves as they are representative, + * To add tests over more curves, simply add the curve NID + * and curve name to the following arrays and increase the + * EC_NUM value accordingly. + */ + static unsigned int test_curves[EC_NUM] = + { + /* Prime Curves */ + NID_secp160r1, + NID_X9_62_prime192v1, + NID_secp224r1, + NID_X9_62_prime256v1, + NID_secp384r1, + NID_secp521r1, + /* Binary Curves */ + NID_sect163k1, + NID_sect233k1, + NID_sect283k1, + NID_sect409k1, + NID_sect571k1, + NID_sect163r2, + NID_sect233r1, + NID_sect283r1, + NID_sect409r1, + NID_sect571r1 + }; + static const char * test_curves_names[EC_NUM] = + { + /* Prime Curves */ + "secp160r1", + "nistp192", + "nistp224", + "nistp256", + "nistp384", + "nistp521", + /* Binary Curves */ + "nistk163", + "nistk233", + "nistk283", + "nistk409", + "nistk571", + "nistb163", + "nistb233", + "nistb283", + "nistb409", + "nistb571" + }; + static int test_curves_bits[EC_NUM] = + { + 160, 192, 224, 256, 384, 521, + 163, 233, 283, 409, 571, + 163, 233, 283, 409, 571 + }; + +#endif + +#ifndef OPENSSL_NO_ECDSA + unsigned char ecdsasig[256]; + unsigned int ecdsasiglen; + EC_KEY *ecdsa[EC_NUM]; + long ecdsa_c[EC_NUM][2]; +#endif + +#ifndef OPENSSL_NO_ECDH + EC_KEY *ecdh_a[EC_NUM], *ecdh_b[EC_NUM]; + unsigned char secret_a[MAX_ECDH_SIZE], secret_b[MAX_ECDH_SIZE]; + int secret_size_a, secret_size_b; + int ecdh_checks = 0; + int secret_idx = 0; + long ecdh_c[EC_NUM][2]; +#endif + int rsa_doit[RSA_NUM]; int dsa_doit[DSA_NUM]; +#ifndef OPENSSL_NO_ECDSA + int ecdsa_doit[EC_NUM]; +#endif +#ifndef OPENSSL_NO_ECDH + int ecdh_doit[EC_NUM]; +#endif int doit[ALGOR_NUM]; int pr_header=0; const EVP_CIPHER *evp_cipher=NULL; @@ -517,6 +729,17 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_DSA memset(dsa_key,0,sizeof(dsa_key)); #endif +#ifndef OPENSSL_NO_ECDSA + for (i=0; i<EC_NUM; i++) ecdsa[i] = NULL; +#endif +#ifndef OPENSSL_NO_ECDH + for (i=0; i<EC_NUM; i++) + { + ecdh_a[i] = NULL; + ecdh_b[i] = NULL; + } +#endif + if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) @@ -555,6 +778,15 @@ int MAIN(int argc, char **argv) rsa_doit[i]=0; for (i=0; i<DSA_NUM; i++) dsa_doit[i]=0; +#ifndef OPENSSL_NO_ECDSA + for (i=0; i<EC_NUM; i++) + ecdsa_doit[i]=0; +#endif +#ifndef OPENSSL_NO_ECDH + for (i=0; i<EC_NUM; i++) + ecdh_doit[i]=0; +#endif + j=0; argc--; @@ -662,9 +894,19 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_SHA if (strcmp(*argv,"sha1") == 0) doit[D_SHA1]=1; else - if (strcmp(*argv,"sha") == 0) doit[D_SHA1]=1; + if (strcmp(*argv,"sha") == 0) doit[D_SHA1]=1, + doit[D_SHA256]=1, + doit[D_SHA512]=1; + else +#ifndef OPENSSL_NO_SHA256 + if (strcmp(*argv,"sha256") == 0) doit[D_SHA256]=1; else #endif +#ifndef OPENSSL_NO_SHA512 + if (strcmp(*argv,"sha512") == 0) doit[D_SHA512]=1; + else +#endif +#endif #ifndef OPENSSL_NO_RIPEMD if (strcmp(*argv,"ripemd") == 0) doit[D_RMD160]=1; else @@ -777,6 +1019,54 @@ int MAIN(int argc, char **argv) } else #endif +#ifndef OPENSSL_NO_ECDSA + if (strcmp(*argv,"ecdsap160") == 0) ecdsa_doit[R_EC_P160]=2; + else if (strcmp(*argv,"ecdsap192") == 0) ecdsa_doit[R_EC_P192]=2; + else if (strcmp(*argv,"ecdsap224") == 0) ecdsa_doit[R_EC_P224]=2; + else if (strcmp(*argv,"ecdsap256") == 0) ecdsa_doit[R_EC_P256]=2; + else if (strcmp(*argv,"ecdsap384") == 0) ecdsa_doit[R_EC_P384]=2; + else if (strcmp(*argv,"ecdsap521") == 0) ecdsa_doit[R_EC_P521]=2; + else if (strcmp(*argv,"ecdsak163") == 0) ecdsa_doit[R_EC_K163]=2; + else if (strcmp(*argv,"ecdsak233") == 0) ecdsa_doit[R_EC_K233]=2; + else if (strcmp(*argv,"ecdsak283") == 0) ecdsa_doit[R_EC_K283]=2; + else if (strcmp(*argv,"ecdsak409") == 0) ecdsa_doit[R_EC_K409]=2; + else if (strcmp(*argv,"ecdsak571") == 0) ecdsa_doit[R_EC_K571]=2; + else if (strcmp(*argv,"ecdsab163") == 0) ecdsa_doit[R_EC_B163]=2; + else if (strcmp(*argv,"ecdsab233") == 0) ecdsa_doit[R_EC_B233]=2; + else if (strcmp(*argv,"ecdsab283") == 0) ecdsa_doit[R_EC_B283]=2; + else if (strcmp(*argv,"ecdsab409") == 0) ecdsa_doit[R_EC_B409]=2; + else if (strcmp(*argv,"ecdsab571") == 0) ecdsa_doit[R_EC_B571]=2; + else if (strcmp(*argv,"ecdsa") == 0) + { + for (i=0; i < EC_NUM; i++) + ecdsa_doit[i]=1; + } + else +#endif +#ifndef OPENSSL_NO_ECDH + if (strcmp(*argv,"ecdhp160") == 0) ecdh_doit[R_EC_P160]=2; + else if (strcmp(*argv,"ecdhp192") == 0) ecdh_doit[R_EC_P192]=2; + else if (strcmp(*argv,"ecdhp224") == 0) ecdh_doit[R_EC_P224]=2; + else if (strcmp(*argv,"ecdhp256") == 0) ecdh_doit[R_EC_P256]=2; + else if (strcmp(*argv,"ecdhp384") == 0) ecdh_doit[R_EC_P384]=2; + else if (strcmp(*argv,"ecdhp521") == 0) ecdh_doit[R_EC_P521]=2; + else if (strcmp(*argv,"ecdhk163") == 0) ecdh_doit[R_EC_K163]=2; + else if (strcmp(*argv,"ecdhk233") == 0) ecdh_doit[R_EC_K233]=2; + else if (strcmp(*argv,"ecdhk283") == 0) ecdh_doit[R_EC_K283]=2; + else if (strcmp(*argv,"ecdhk409") == 0) ecdh_doit[R_EC_K409]=2; + else if (strcmp(*argv,"ecdhk571") == 0) ecdh_doit[R_EC_K571]=2; + else if (strcmp(*argv,"ecdhb163") == 0) ecdh_doit[R_EC_B163]=2; + else if (strcmp(*argv,"ecdhb233") == 0) ecdh_doit[R_EC_B233]=2; + else if (strcmp(*argv,"ecdhb283") == 0) ecdh_doit[R_EC_B283]=2; + else if (strcmp(*argv,"ecdhb409") == 0) ecdh_doit[R_EC_B409]=2; + else if (strcmp(*argv,"ecdhb571") == 0) ecdh_doit[R_EC_B571]=2; + else if (strcmp(*argv,"ecdh") == 0) + { + for (i=0; i < EC_NUM; i++) + ecdh_doit[i]=1; + } + else +#endif { BIO_printf(bio_err,"Error: bad option or value\n"); BIO_printf(bio_err,"\n"); @@ -799,6 +1089,12 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_SHA1 BIO_printf(bio_err,"sha1 "); #endif +#ifndef OPENSSL_NO_SHA256 + BIO_printf(bio_err,"sha256 "); +#endif +#ifndef OPENSSL_NO_SHA512 + BIO_printf(bio_err,"sha512 "); +#endif #ifndef OPENSSL_NO_RIPEMD160 BIO_printf(bio_err,"rmd160"); #endif @@ -842,6 +1138,18 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_DSA BIO_printf(bio_err,"dsa512 dsa1024 dsa2048\n"); #endif +#ifndef OPENSSL_NO_ECDSA + BIO_printf(bio_err,"ecdsap160 ecdsap192 ecdsap224 ecdsap256 ecdsap384 ecdsap521\n"); + BIO_printf(bio_err,"ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n"); + BIO_printf(bio_err,"ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n"); + BIO_printf(bio_err,"ecdsa\n"); +#endif +#ifndef OPENSSL_NO_ECDH + BIO_printf(bio_err,"ecdhp160 ecdhp192 ecdhp224 ecdhp256 ecdhp384 ecdhp521\n"); + BIO_printf(bio_err,"ecdhk163 ecdhk233 ecdhk283 ecdhk409 ecdhk571\n"); + BIO_printf(bio_err,"ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571\n"); + BIO_printf(bio_err,"ecdh\n"); +#endif #ifndef OPENSSL_NO_IDEA BIO_printf(bio_err,"idea "); @@ -983,10 +1291,10 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err,"First we calculate the approximate speed ...\n"); count=10; do { - long i; + long it; count*=2; Time_F(START); - for (i=count; i; i--) + for (it=count; it; it--) DES_ecb_encrypt(buf_as_des_cblock,buf_as_des_cblock, &sch,DES_ENCRYPT); d=Time_F(STOP); @@ -1010,6 +1318,8 @@ int MAIN(int argc, char **argv) c[D_CBC_128_AES][0]=count; c[D_CBC_192_AES][0]=count; c[D_CBC_256_AES][0]=count; + c[D_SHA256][0]=count; + c[D_SHA512][0]=count; for (i=1; i<SIZE_NUM; i++) { @@ -1020,6 +1330,8 @@ int MAIN(int argc, char **argv) c[D_HMAC][i]=c[D_HMAC][0]*4*lengths[0]/lengths[i]; c[D_SHA1][i]=c[D_SHA1][0]*4*lengths[0]/lengths[i]; c[D_RMD160][i]=c[D_RMD160][0]*4*lengths[0]/lengths[i]; + c[D_SHA256][i]=c[D_SHA256][0]*4*lengths[0]/lengths[i]; + c[D_SHA512][i]=c[D_SHA512][0]*4*lengths[0]/lengths[i]; } for (i=1; i<SIZE_NUM; i++) { @@ -1079,6 +1391,114 @@ int MAIN(int argc, char **argv) } #endif +#ifndef OPENSSL_NO_ECDSA + ecdsa_c[R_EC_P160][0]=count/1000; + ecdsa_c[R_EC_P160][1]=count/1000/2; + for (i=R_EC_P192; i<=R_EC_P521; i++) + { + ecdsa_c[i][0]=ecdsa_c[i-1][0]/2; + ecdsa_c[i][1]=ecdsa_c[i-1][1]/2; + if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0)) + ecdsa_doit[i]=0; + else + { + if (ecdsa_c[i] == 0) + { + ecdsa_c[i][0]=1; + ecdsa_c[i][1]=1; + } + } + } + ecdsa_c[R_EC_K163][0]=count/1000; + ecdsa_c[R_EC_K163][1]=count/1000/2; + for (i=R_EC_K233; i<=R_EC_K571; i++) + { + ecdsa_c[i][0]=ecdsa_c[i-1][0]/2; + ecdsa_c[i][1]=ecdsa_c[i-1][1]/2; + if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0)) + ecdsa_doit[i]=0; + else + { + if (ecdsa_c[i] == 0) + { + ecdsa_c[i][0]=1; + ecdsa_c[i][1]=1; + } + } + } + ecdsa_c[R_EC_B163][0]=count/1000; + ecdsa_c[R_EC_B163][1]=count/1000/2; + for (i=R_EC_B233; i<=R_EC_B571; i++) + { + ecdsa_c[i][0]=ecdsa_c[i-1][0]/2; + ecdsa_c[i][1]=ecdsa_c[i-1][1]/2; + if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0)) + ecdsa_doit[i]=0; + else + { + if (ecdsa_c[i] == 0) + { + ecdsa_c[i][0]=1; + ecdsa_c[i][1]=1; + } + } + } +#endif + +#ifndef OPENSSL_NO_ECDH + ecdh_c[R_EC_P160][0]=count/1000; + ecdh_c[R_EC_P160][1]=count/1000; + for (i=R_EC_P192; i<=R_EC_P521; i++) + { + ecdh_c[i][0]=ecdh_c[i-1][0]/2; + ecdh_c[i][1]=ecdh_c[i-1][1]/2; + if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0)) + ecdh_doit[i]=0; + else + { + if (ecdh_c[i] == 0) + { + ecdh_c[i][0]=1; + ecdh_c[i][1]=1; + } + } + } + ecdh_c[R_EC_K163][0]=count/1000; + ecdh_c[R_EC_K163][1]=count/1000; + for (i=R_EC_K233; i<=R_EC_K571; i++) + { + ecdh_c[i][0]=ecdh_c[i-1][0]/2; + ecdh_c[i][1]=ecdh_c[i-1][1]/2; + if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0)) + ecdh_doit[i]=0; + else + { + if (ecdh_c[i] == 0) + { + ecdh_c[i][0]=1; + ecdh_c[i][1]=1; + } + } + } + ecdh_c[R_EC_B163][0]=count/1000; + ecdh_c[R_EC_B163][1]=count/1000; + for (i=R_EC_B233; i<=R_EC_B571; i++) + { + ecdh_c[i][0]=ecdh_c[i-1][0]/2; + ecdh_c[i][1]=ecdh_c[i-1][1]/2; + if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0)) + ecdh_doit[i]=0; + else + { + if (ecdh_c[i] == 0) + { + ecdh_c[i][0]=1; + ecdh_c[i][1]=1; + } + } + } +#endif + #define COND(d) (count < (d)) #define COUNT(d) (d) #else @@ -1188,6 +1608,37 @@ int MAIN(int argc, char **argv) print_result(D_SHA1,j,count,d); } } + +#ifndef OPENSSL_NO_SHA256 + if (doit[D_SHA256]) + { + for (j=0; j<SIZE_NUM; j++) + { + print_message(names[D_SHA256],c[D_SHA256][j],lengths[j]); + Time_F(START); + for (count=0,run=1; COND(c[D_SHA256][j]); count++) + SHA256(buf,lengths[j],sha256); + d=Time_F(STOP); + print_result(D_SHA256,j,count,d); + } + } +#endif + +#ifndef OPENSSL_NO_SHA512 + if (doit[D_SHA512]) + { + for (j=0; j<SIZE_NUM; j++) + { + print_message(names[D_SHA512],c[D_SHA512][j],lengths[j]); + Time_F(START); + for (count=0,run=1; COND(c[D_SHA512][j]); count++) + SHA512(buf,lengths[j],sha512); + d=Time_F(STOP); + print_result(D_SHA512,j,count,d); + } + } +#endif + #endif #ifndef OPENSSL_NO_RIPEMD if (doit[D_RMD160]) @@ -1605,6 +2056,217 @@ int MAIN(int argc, char **argv) } if (rnd_fake) RAND_cleanup(); #endif + +#ifndef OPENSSL_NO_ECDSA + if (RAND_status() != 1) + { + RAND_seed(rnd_seed, sizeof rnd_seed); + rnd_fake = 1; + } + for (j=0; j<EC_NUM; j++) + { + int ret; + + if (!ecdsa_doit[j]) continue; /* Ignore Curve */ + ecdsa[j] = EC_KEY_new_by_curve_name(test_curves[j]); + if (ecdsa[j] == NULL) + { + BIO_printf(bio_err,"ECDSA failure.\n"); + ERR_print_errors(bio_err); + rsa_count=1; + } + else + { +#if 1 + EC_KEY_precompute_mult(ecdsa[j], NULL); +#endif + /* Perform ECDSA signature test */ + EC_KEY_generate_key(ecdsa[j]); + ret = ECDSA_sign(0, buf, 20, ecdsasig, + &ecdsasiglen, ecdsa[j]); + if (ret == 0) + { + BIO_printf(bio_err,"ECDSA sign failure. No ECDSA sign will be done.\n"); + ERR_print_errors(bio_err); + rsa_count=1; + } + else + { + pkey_print_message("sign","ecdsa", + ecdsa_c[j][0], + test_curves_bits[j], + ECDSA_SECONDS); + + Time_F(START); + for (count=0,run=1; COND(ecdsa_c[j][0]); + count++) + { + ret=ECDSA_sign(0, buf, 20, + ecdsasig, &ecdsasiglen, + ecdsa[j]); + if (ret == 0) + { + BIO_printf(bio_err, "ECDSA sign failure\n"); + ERR_print_errors(bio_err); + count=1; + break; + } + } + d=Time_F(STOP); + + BIO_printf(bio_err, mr ? "+R5:%ld:%d:%.2f\n" : + "%ld %d bit ECDSA signs in %.2fs \n", + count, test_curves_bits[j], d); + ecdsa_results[j][0]=d/(double)count; + rsa_count=count; + } + + /* Perform ECDSA verification test */ + ret=ECDSA_verify(0, buf, 20, ecdsasig, + ecdsasiglen, ecdsa[j]); + if (ret != 1) + { + BIO_printf(bio_err,"ECDSA verify failure. No ECDSA verify will be done.\n"); + ERR_print_errors(bio_err); + ecdsa_doit[j] = 0; + } + else + { + pkey_print_message("verify","ecdsa", + ecdsa_c[j][1], + test_curves_bits[j], + ECDSA_SECONDS); + Time_F(START); + for (count=0,run=1; COND(ecdsa_c[j][1]); count++) + { + ret=ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[j]); + if (ret != 1) + { + BIO_printf(bio_err, "ECDSA verify failure\n"); + ERR_print_errors(bio_err); + count=1; + break; + } + } + d=Time_F(STOP); + BIO_printf(bio_err, mr? "+R6:%ld:%d:%.2f\n" + : "%ld %d bit ECDSA verify in %.2fs\n", + count, test_curves_bits[j], d); + ecdsa_results[j][1]=d/(double)count; + } + + if (rsa_count <= 1) + { + /* if longer than 10s, don't do any more */ + for (j++; j<EC_NUM; j++) + ecdsa_doit[j]=0; + } + } + } + if (rnd_fake) RAND_cleanup(); +#endif + +#ifndef OPENSSL_NO_ECDH + if (RAND_status() != 1) + { + RAND_seed(rnd_seed, sizeof rnd_seed); + rnd_fake = 1; + } + for (j=0; j<EC_NUM; j++) + { + if (!ecdh_doit[j]) continue; + ecdh_a[j] = EC_KEY_new_by_curve_name(test_curves[j]); + ecdh_b[j] = EC_KEY_new_by_curve_name(test_curves[j]); + if ((ecdh_a[j] == NULL) || (ecdh_b[j] == NULL)) + { + BIO_printf(bio_err,"ECDH failure.\n"); + ERR_print_errors(bio_err); + rsa_count=1; + } + else + { + /* generate two ECDH key pairs */ + if (!EC_KEY_generate_key(ecdh_a[j]) || + !EC_KEY_generate_key(ecdh_b[j])) + { + BIO_printf(bio_err,"ECDH key generation failure.\n"); + ERR_print_errors(bio_err); + rsa_count=1; + } + else + { + /* If field size is not more than 24 octets, then use SHA-1 hash of result; + * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt). + */ + int field_size, outlen; + void *(*kdf)(const void *in, size_t inlen, void *out, size_t *xoutlen); + field_size = EC_GROUP_get_degree(EC_KEY_get0_group(ecdh_a[j])); + if (field_size <= 24 * 8) + { + outlen = KDF1_SHA1_len; + kdf = KDF1_SHA1; + } + else + { + outlen = (field_size+7)/8; + kdf = NULL; + } + secret_size_a = ECDH_compute_key(secret_a, outlen, + EC_KEY_get0_public_key(ecdh_b[j]), + ecdh_a[j], kdf); + secret_size_b = ECDH_compute_key(secret_b, outlen, + EC_KEY_get0_public_key(ecdh_a[j]), + ecdh_b[j], kdf); + if (secret_size_a != secret_size_b) + ecdh_checks = 0; + else + ecdh_checks = 1; + + for (secret_idx = 0; + (secret_idx < secret_size_a) + && (ecdh_checks == 1); + secret_idx++) + { + if (secret_a[secret_idx] != secret_b[secret_idx]) + ecdh_checks = 0; + } + + if (ecdh_checks == 0) + { + BIO_printf(bio_err,"ECDH computations don't match.\n"); + ERR_print_errors(bio_err); + rsa_count=1; + } + + pkey_print_message("","ecdh", + ecdh_c[j][0], + test_curves_bits[j], + ECDH_SECONDS); + Time_F(START); + for (count=0,run=1; COND(ecdh_c[j][0]); count++) + { + ECDH_compute_key(secret_a, outlen, + EC_KEY_get0_public_key(ecdh_b[j]), + ecdh_a[j], kdf); + } + d=Time_F(STOP); + BIO_printf(bio_err, mr ? "+R7:%ld:%d:%.2f\n" :"%ld %d-bit ECDH ops in %.2fs\n", + count, test_curves_bits[j], d); + ecdh_results[j][0]=d/(double)count; + rsa_count=count; + } + } + + + if (rsa_count <= 1) + { + /* if longer than 10s, don't do any more */ + for (j++; j<EC_NUM; j++) + ecdh_doit[j]=0; + } + } + if (rnd_fake) RAND_cleanup(); +#endif #ifdef HAVE_FORK show_res: #endif @@ -1645,7 +2307,10 @@ show_res: #endif #ifdef HZ #define as_string(s) (#s) - printf("HZ=%g", (double)HZ); + { + double dbl = HZ; + printf("HZ=%g", dbl); + } # ifdef _SC_CLK_TCK printf(" [sysconf value]"); # endif @@ -1706,7 +2371,7 @@ show_res: k,rsa_bits[k],rsa_results[k][0], rsa_results[k][1]); else - fprintf(stdout,"rsa %4u bits %8.4fs %8.4fs %8.1f %8.1f\n", + fprintf(stdout,"rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n", rsa_bits[k],rsa_results[k][0],rsa_results[k][1], 1.0/rsa_results[k][0],1.0/rsa_results[k][1]); } @@ -1725,12 +2390,62 @@ show_res: fprintf(stdout,"+F3:%u:%u:%f:%f\n", k,dsa_bits[k],dsa_results[k][0],dsa_results[k][1]); else - fprintf(stdout,"dsa %4u bits %8.4fs %8.4fs %8.1f %8.1f\n", + fprintf(stdout,"dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n", dsa_bits[k],dsa_results[k][0],dsa_results[k][1], 1.0/dsa_results[k][0],1.0/dsa_results[k][1]); } #endif +#ifndef OPENSSL_NO_ECDSA + j=1; + for (k=0; k<EC_NUM; k++) + { + if (!ecdsa_doit[k]) continue; + if (j && !mr) + { + printf("%30ssign verify sign/s verify/s\n"," "); + j=0; + } + + if (mr) + fprintf(stdout,"+F4:%u:%u:%f:%f\n", + k, test_curves_bits[k], + ecdsa_results[k][0],ecdsa_results[k][1]); + else + fprintf(stdout, + "%4u bit ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n", + test_curves_bits[k], + test_curves_names[k], + ecdsa_results[k][0],ecdsa_results[k][1], + 1.0/ecdsa_results[k][0],1.0/ecdsa_results[k][1]); + } +#endif + + +#ifndef OPENSSL_NO_ECDH + j=1; + for (k=0; k<EC_NUM; k++) + { + if (!ecdh_doit[k]) continue; + if (j && !mr) + { + printf("%30sop op/s\n"," "); + j=0; + } + if (mr) + fprintf(stdout,"+F5:%u:%u:%f:%f\n", + k, test_curves_bits[k], + ecdh_results[k][0], 1.0/ecdh_results[k][0]); + + else + fprintf(stdout,"%4u bit ecdh (%s) %8.4fs %8.1f\n", + test_curves_bits[k], + test_curves_names[k], + ecdh_results[k][0], 1.0/ecdh_results[k][0]); + } +#endif + mret=0; + end: ERR_print_errors(bio_err); if (buf != NULL) OPENSSL_free(buf); @@ -1745,6 +2460,22 @@ end: if (dsa_key[i] != NULL) DSA_free(dsa_key[i]); #endif + +#ifndef OPENSSL_NO_ECDSA + for (i=0; i<EC_NUM; i++) + if (ecdsa[i] != NULL) + EC_KEY_free(ecdsa[i]); +#endif +#ifndef OPENSSL_NO_ECDH + for (i=0; i<EC_NUM; i++) + { + if (ecdh_a[i] != NULL) + EC_KEY_free(ecdh_a[i]); + if (ecdh_b[i] != NULL) + EC_KEY_free(ecdh_b[i]); + } +#endif + apps_shutdown(); OPENSSL_EXIT(mret); } @@ -1766,8 +2497,8 @@ static void print_message(const char *s, long num, int length) #endif } -static void pkey_print_message(char *str, char *str2, long num, int bits, - int tm) +static void pkey_print_message(const char *str, const char *str2, long num, + int bits, int tm) { #ifdef SIGALRM BIO_printf(bio_err,mr ? "+DTP:%d:%s:%s:%d\n" @@ -1786,11 +2517,12 @@ static void pkey_print_message(char *str, char *str2, long num, int bits, static void print_result(int alg,int run_no,int count,double time_used) { - BIO_printf(bio_err,mr ? "+R:%ld:%s:%f\n" - : "%ld %s's in %.2fs\n",count,names[alg],time_used); + BIO_printf(bio_err,mr ? "+R:%d:%s:%f\n" + : "%d %s's in %.2fs\n",count,names[alg],time_used); results[alg][run_no]=((double)count)/time_used*lengths[run_no]; } +#ifdef HAVE_FORK static char *sstrsep(char **string, const char *delim) { char isdelim[256]; @@ -1822,7 +2554,6 @@ static char *sstrsep(char **string, const char *delim) return token; } -#ifdef HAVE_FORK static int do_multi(int multi) { int n; @@ -1946,6 +2677,49 @@ static int do_multi(int multi) else dsa_results[k][1]=d; } +#ifndef OPENSSL_NO_ECDSA + else if(!strncmp(buf,"+F4:",4)) + { + int k; + double d; + + p=buf+4; + k=atoi(sstrsep(&p,sep)); + sstrsep(&p,sep); + + d=atof(sstrsep(&p,sep)); + if(n) + ecdsa_results[k][0]=1/(1/ecdsa_results[k][0]+1/d); + else + ecdsa_results[k][0]=d; + + d=atof(sstrsep(&p,sep)); + if(n) + ecdsa_results[k][1]=1/(1/ecdsa_results[k][1]+1/d); + else + ecdsa_results[k][1]=d; + } +#endif + +#ifndef OPENSSL_NO_ECDH + else if(!strncmp(buf,"+F5:",4)) + { + int k; + double d; + + p=buf+4; + k=atoi(sstrsep(&p,sep)); + sstrsep(&p,sep); + + d=atof(sstrsep(&p,sep)); + if(n) + ecdh_results[k][0]=1/(1/ecdh_results[k][0]+1/d); + else + ecdh_results[k][0]=d; + + } +#endif + else if(!strncmp(buf,"+H:",3)) { } diff --git a/crypto/openssl/apps/spkac.c b/crypto/openssl/apps/spkac.c index 47ee53f..0191d0a 100644 --- a/crypto/openssl/apps/spkac.c +++ b/crypto/openssl/apps/spkac.c @@ -87,7 +87,8 @@ int MAIN(int argc, char **argv) int verify=0,noout=0,pubkey=0; char *infile = NULL,*outfile = NULL,*prog; char *passargin = NULL, *passin = NULL; - char *spkac = "SPKAC", *spksect = "default", *spkstr = NULL; + const char *spkac = "SPKAC", *spksect = "default"; + char *spkstr = NULL; char *challenge = NULL, *keyfile = NULL; CONF *conf = NULL; NETSCAPE_SPKI *spki = NULL; @@ -200,7 +201,7 @@ bad: } spki = NETSCAPE_SPKI_new(); if(challenge) ASN1_STRING_set(spki->spkac->challenge, - challenge, strlen(challenge)); + challenge, (int)strlen(challenge)); NETSCAPE_SPKI_set_pubkey(spki, pkey); NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); spkstr = NETSCAPE_SPKI_b64_encode(spki); diff --git a/crypto/openssl/apps/timeouts.h b/crypto/openssl/apps/timeouts.h new file mode 100644 index 0000000..89b5dc7 --- /dev/null +++ b/crypto/openssl/apps/timeouts.h @@ -0,0 +1,67 @@ +/* apps/timeouts.h */ +/* + * DTLS implementation written by Nagendra Modadugu + * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. + */ +/* ==================================================================== + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef INCLUDED_TIMEOUTS_H +#define INCLUDED_TIMEOUTS_H + +/* numbers in us */ +#define DGRAM_RCV_TIMEOUT 250000 +#define DGRAM_SND_TIMEOUT 250000 + +#endif /* ! INCLUDED_TIMEOUTS_H */ diff --git a/crypto/openssl/apps/verify.c b/crypto/openssl/apps/verify.c index 6a93c01..9ff32cb 100644 --- a/crypto/openssl/apps/verify.c +++ b/crypto/openssl/apps/verify.c @@ -79,13 +79,14 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { ENGINE *e = NULL; - int i,ret=1; + int i,ret=1, badarg = 0; int purpose = -1; char *CApath=NULL,*CAfile=NULL; char *untfile = NULL, *trustfile = NULL; STACK_OF(X509) *untrusted = NULL, *trusted = NULL; X509_STORE *cert_ctx=NULL; X509_LOOKUP *lookup=NULL; + X509_VERIFY_PARAM *vpm = NULL; #ifndef OPENSSL_NO_ENGINE char *engine=NULL; #endif @@ -121,18 +122,12 @@ int MAIN(int argc, char **argv) if (argc-- < 1) goto end; CAfile= *(++argv); } - else if (strcmp(*argv,"-purpose") == 0) + else if (args_verify(&argv, &argc, &badarg, bio_err, + &vpm)) { - X509_PURPOSE *xptmp; - if (argc-- < 1) goto end; - i = X509_PURPOSE_get_by_sname(*(++argv)); - if(i < 0) - { - BIO_printf(bio_err, "unrecognized purpose\n"); + if (badarg) goto end; - } - xptmp = X509_PURPOSE_get0(i); - purpose = X509_PURPOSE_get_id(xptmp); + continue; } else if (strcmp(*argv,"-untrusted") == 0) { @@ -153,14 +148,6 @@ int MAIN(int argc, char **argv) #endif else if (strcmp(*argv,"-help") == 0) goto end; - else if (strcmp(*argv,"-ignore_critical") == 0) - vflags |= X509_V_FLAG_IGNORE_CRITICAL; - else if (strcmp(*argv,"-issuer_checks") == 0) - vflags |= X509_V_FLAG_CB_ISSUER_CHECK; - else if (strcmp(*argv,"-crl_check") == 0) - vflags |= X509_V_FLAG_CRL_CHECK; - else if (strcmp(*argv,"-crl_check_all") == 0) - vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL; else if (strcmp(*argv,"-verbose") == 0) v_verbose=1; else if (argv[0][0] == '-') @@ -178,6 +165,9 @@ int MAIN(int argc, char **argv) e = setup_engine(bio_err, engine, 0); #endif + if (vpm) + X509_STORE_set1_param(cert_ctx, vpm); + lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file()); if (lookup == NULL) abort(); if (CAfile) { @@ -238,6 +228,7 @@ end: X509_PURPOSE_get0_name(ptmp)); } } + if (vpm) X509_VERIFY_PARAM_free(vpm); if (cert_ctx != NULL) X509_STORE_free(cert_ctx); sk_X509_pop_free(untrusted, X509_free); sk_X509_pop_free(trusted, X509_free); @@ -339,10 +330,13 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx) if (!ok) { - X509_NAME_oneline( + if (ctx->current_cert) + { + X509_NAME_oneline( X509_get_subject_name(ctx->current_cert),buf, sizeof buf); - printf("%s\n",buf); + printf("%s\n",buf); + } printf("error %d at %d depth lookup:%s\n",ctx->error, ctx->error_depth, X509_verify_cert_error_string(ctx->error)); @@ -354,13 +348,21 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx) if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1; /* Continue after extension errors too */ if (ctx->error == X509_V_ERR_INVALID_CA) ok=1; + if (ctx->error == X509_V_ERR_INVALID_NON_CA) ok=1; if (ctx->error == X509_V_ERR_PATH_LENGTH_EXCEEDED) ok=1; if (ctx->error == X509_V_ERR_INVALID_PURPOSE) ok=1; if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1; if (ctx->error == X509_V_ERR_CRL_HAS_EXPIRED) ok=1; if (ctx->error == X509_V_ERR_CRL_NOT_YET_VALID) ok=1; if (ctx->error == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) ok=1; + + if (ctx->error == X509_V_ERR_NO_EXPLICIT_POLICY) + policies_print(NULL, ctx); + return ok; + } + if ((ctx->error == X509_V_OK) && (ok == 2)) + policies_print(NULL, ctx); if (!v_verbose) ERR_clear_error(); return(ok); diff --git a/crypto/openssl/apps/version.c b/crypto/openssl/apps/version.c index 0843b67..69ef3e1 100644 --- a/crypto/openssl/apps/version.c +++ b/crypto/openssl/apps/version.c @@ -115,6 +115,7 @@ #include "apps.h" #include <openssl/evp.h> #include <openssl/crypto.h> +#include <openssl/bn.h> #ifndef OPENSSL_NO_MD2 # include <openssl/md2.h> #endif @@ -172,7 +173,19 @@ int MAIN(int argc, char **argv) } } - if (version) printf("%s\n",SSLeay_version(SSLEAY_VERSION)); + if (version) + { + if (SSLeay() == SSLEAY_VERSION_NUMBER) + { + printf("%s\n",SSLeay_version(SSLEAY_VERSION)); + } + else + { + printf("%s (Library: %s)\n", + OPENSSL_VERSION_TEXT, + SSLeay_version(SSLEAY_VERSION)); + } + } if (date) printf("%s\n",SSLeay_version(SSLEAY_BUILT_ON)); if (platform) printf("%s\n",SSLeay_version(SSLEAY_PLATFORM)); if (options) diff --git a/crypto/openssl/apps/x509.c b/crypto/openssl/apps/x509.c index dedd9f1..5f61eb5 100644 --- a/crypto/openssl/apps/x509.c +++ b/crypto/openssl/apps/x509.c @@ -73,6 +73,12 @@ #include <openssl/x509v3.h> #include <openssl/objects.h> #include <openssl/pem.h> +#ifndef OPENSSL_NO_RSA +#include <openssl/rsa.h> +#endif +#ifndef OPENSSL_NO_DSA +#include <openssl/dsa.h> +#endif #undef PROG #define PROG x509_main @@ -81,7 +87,7 @@ #define POSTFIX ".srl" #define DEF_DAYS 30 -static char *x509_usage[]={ +static const char *x509_usage[]={ "usage: x509 args\n", " -inform arg - input format - default PEM (one of DER, NET or PEM)\n", " -outform arg - output format - default PEM (one of DER, NET or PEM)\n", @@ -92,7 +98,9 @@ static char *x509_usage[]={ " -out arg - output file - default stdout\n", " -passin arg - private key password source\n", " -serial - print serial number value\n", -" -hash - print hash value\n", +" -subject_hash - print subject hash value\n", +" -issuer_hash - print issuer hash value\n", +" -hash - synonym for -subject_hash\n", " -subject - print subject DN\n", " -issuer - print issuer DN\n", " -email - print email address(es)\n", @@ -167,19 +175,20 @@ int MAIN(int argc, char **argv) char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL; char *CAkeyfile=NULL,*CAserial=NULL; char *alias=NULL; - int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0; - int next_serial=0,ocspid=0; + int text=0,serial=0,subject=0,issuer=0,startdate=0,enddate=0; + int next_serial=0; + int subject_hash=0,issuer_hash=0,ocspid=0; int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0; int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0; int C=0; int x509req=0,days=DEF_DAYS,modulus=0,pubkey=0; int pprint = 0; - char **pp; + const char **pp; X509_STORE *ctx=NULL; X509_REQ *rq=NULL; int fingerprint=0; char buf[256]; - const EVP_MD *md_alg,*digest=EVP_md5(); + const EVP_MD *md_alg,*digest=EVP_sha1(); CONF *extconf = NULL; char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL; int need_rand = 0; @@ -381,8 +390,11 @@ int MAIN(int argc, char **argv) x509req= ++num; else if (strcmp(*argv,"-text") == 0) text= ++num; - else if (strcmp(*argv,"-hash") == 0) - hash= ++num; + else if (strcmp(*argv,"-hash") == 0 + || strcmp(*argv,"-subject_hash") == 0) + subject_hash= ++num; + else if (strcmp(*argv,"-issuer_hash") == 0) + issuer_hash= ++num; else if (strcmp(*argv,"-subject") == 0) subject= ++num; else if (strcmp(*argv,"-issuer") == 0) @@ -598,9 +610,12 @@ bad: sno = ASN1_INTEGER_new(); if (!sno || !rand_serial(NULL, sno)) goto end; + if (!X509_set_serialNumber(x, sno)) + goto end; + ASN1_INTEGER_free(sno); + sno = NULL; } - - if (!X509_set_serialNumber(x, sno)) + else if (!X509_set_serialNumber(x, sno)) goto end; if (!X509_set_issuer_name(x,req->req_info->subject)) goto end; @@ -694,7 +709,8 @@ bad: else if (serial == i) { BIO_printf(STDout,"serial="); - i2a_ASN1_INTEGER(STDout,x->cert_info->serialNumber); + i2a_ASN1_INTEGER(STDout, + X509_get_serialNumber(x)); BIO_printf(STDout,"\n"); } else if (next_serial == i) @@ -731,10 +747,14 @@ bad: if (alstr) BIO_printf(STDout,"%s\n", alstr); else BIO_puts(STDout,"<No Alias>\n"); } - else if (hash == i) + else if (subject_hash == i) { BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x)); } + else if (issuer_hash == i) + { + BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash(x)); + } else if (pprint == i) { X509_PURPOSE *ptmp; @@ -896,6 +916,10 @@ bad: if (Upkey->type == EVP_PKEY_DSA) digest=EVP_dss1(); #endif +#ifndef OPENSSL_NO_ECDSA + if (Upkey->type == EVP_PKEY_EC) + digest=EVP_ecdsa(); +#endif assert(need_rand); if (!sign(x,Upkey,days,clrext,digest, @@ -916,6 +940,10 @@ bad: if (CApkey->type == EVP_PKEY_DSA) digest=EVP_dss1(); #endif +#ifndef OPENSSL_NO_ECDSA + if (CApkey->type == EVP_PKEY_EC) + digest = EVP_ecdsa(); +#endif assert(need_rand); if (!x509_certify(ctx,CAfile,digest,x,xca, @@ -947,6 +975,10 @@ bad: if (pk->type == EVP_PKEY_DSA) digest=EVP_dss1(); #endif +#ifndef OPENSSL_NO_ECDSA + if (pk->type == EVP_PKEY_EC) + digest=EVP_ecdsa(); +#endif rq=X509_to_X509_REQ(x,pk,digest); EVP_PKEY_free(pk); @@ -971,9 +1003,9 @@ bad: if (checkend) { - time_t tnow=time(NULL); + time_t tcheck=time(NULL) + checkoffset; - if (ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(x), tnow+checkoffset) == -1) + if (X509_cmp_time(X509_get_notAfter(x), &tcheck) < 0) { BIO_printf(out,"Certificate will expire\n"); ret=1; @@ -1010,8 +1042,7 @@ bad: ah.data=(char *)x; ah.meth=X509_asn1_meth(); - /* no macro for this one yet */ - i=ASN1_i2d_bio(i2d_ASN1_HEADER,out,(unsigned char *)&ah); + i=ASN1_i2d_bio_of(ASN1_HEADER,i2d_ASN1_HEADER,out,&ah); } else { BIO_printf(bio_err,"bad output format specified for outfile\n"); |