diff options
author | markm <markm@FreeBSD.org> | 2003-01-28 21:43:22 +0000 |
---|---|---|
committer | markm <markm@FreeBSD.org> | 2003-01-28 21:43:22 +0000 |
commit | aad1d64cb5a8d9b503d9199642363dc1e92d2f9b (patch) | |
tree | 610a51c6e3965764fb0f1629c1376e2d23afffe8 /crypto/openssl/apps | |
parent | eba366e36e93f5da8ae5c744eb337c3ef6872641 (diff) | |
download | FreeBSD-src-aad1d64cb5a8d9b503d9199642363dc1e92d2f9b.zip FreeBSD-src-aad1d64cb5a8d9b503d9199642363dc1e92d2f9b.tar.gz |
Vendor import of OpenSSL release 0.9.7. This release includes
support for AES and OpenBSD's hardware crypto.
Diffstat (limited to 'crypto/openssl/apps')
51 files changed, 8271 insertions, 2260 deletions
diff --git a/crypto/openssl/apps/CA.pl b/crypto/openssl/apps/CA.pl index f1ac7e7..8b2ce7e 100755 --- a/crypto/openssl/apps/CA.pl +++ b/crypto/openssl/apps/CA.pl @@ -5,7 +5,7 @@ # things easier between now and when Eric is convinced to fix it :-) # # CA -newca ... will setup the right stuff -# CA -newreq ... will generate a certificate request +# CA -newreq[-nodes] ... will generate a certificate request # CA -sign ... will sign the generated request and output # # At the end of that grab newreq.pem and newcert.pem (one has the key @@ -54,7 +54,7 @@ $RET = 0; foreach (@ARGV) { if ( /^(-\?|-h|-help)$/ ) { - print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n"; + print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; exit 0; } elsif (/^-newcert$/) { # create a certificate @@ -66,6 +66,11 @@ foreach (@ARGV) { system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS"); $RET=$?; print "Request (and private key) is in newreq.pem\n"; + } elsif (/^-newreq-nodes$/) { + # create a certificate request + system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS"); + $RET=$?; + print "Request (and private key) is in newreq.pem\n"; } elsif (/^-newca$/) { # if explicitly asked for or it doesn't exist then setup the # directory structure that Eric likes to manage things @@ -143,7 +148,7 @@ foreach (@ARGV) { } } else { print STDERR "Unknown arg $_\n"; - print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n"; + print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; exit 1; } } diff --git a/crypto/openssl/apps/CA.pl.in b/crypto/openssl/apps/CA.pl.in index f1ac7e7..8b2ce7e 100644 --- a/crypto/openssl/apps/CA.pl.in +++ b/crypto/openssl/apps/CA.pl.in @@ -5,7 +5,7 @@ # things easier between now and when Eric is convinced to fix it :-) # # CA -newca ... will setup the right stuff -# CA -newreq ... will generate a certificate request +# CA -newreq[-nodes] ... will generate a certificate request # CA -sign ... will sign the generated request and output # # At the end of that grab newreq.pem and newcert.pem (one has the key @@ -54,7 +54,7 @@ $RET = 0; foreach (@ARGV) { if ( /^(-\?|-h|-help)$/ ) { - print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n"; + print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; exit 0; } elsif (/^-newcert$/) { # create a certificate @@ -66,6 +66,11 @@ foreach (@ARGV) { system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS"); $RET=$?; print "Request (and private key) is in newreq.pem\n"; + } elsif (/^-newreq-nodes$/) { + # create a certificate request + system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS"); + $RET=$?; + print "Request (and private key) is in newreq.pem\n"; } elsif (/^-newca$/) { # if explicitly asked for or it doesn't exist then setup the # directory structure that Eric likes to manage things @@ -143,7 +148,7 @@ foreach (@ARGV) { } } else { print STDERR "Unknown arg $_\n"; - print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n"; + print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; exit 1; } } diff --git a/crypto/openssl/apps/Makefile.ssl b/crypto/openssl/apps/Makefile.ssl index 0b3208f..c75d0d2 100644 --- a/crypto/openssl/apps/Makefile.ssl +++ b/crypto/openssl/apps/Makefile.ssl @@ -5,21 +5,26 @@ DIR= apps TOP= .. CC= cc -INCLUDES= -I../include +INCLUDES= -I$(TOP) -I../include $(KRB5_INCLUDES) CFLAG= -g -static INSTALL_PREFIX= INSTALLTOP= /usr/local/ssl OPENSSLDIR= /usr/local/ssl MAKE= make -f Makefile.ssl -MAKEDEPEND= $(TOP)/util/domd $(TOP) +MAKEDEPPROG= makedepend +MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile.ssl PERL= perl RM= rm -f +# KRB5 stuff +KRB5_INCLUDES= PEX_LIBS= EX_LIBS= EXE_EXT= +SHLIB_TARGET= + CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG) GENERAL=Makefile makeapps.com install.com @@ -39,7 +44,7 @@ E_EXE= verify asn1pars req dgst dh dhparam enc passwd gendh errstr \ ca crl rsa rsautl dsa dsaparam \ x509 genrsa gendsa s_server s_client speed \ s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \ - pkcs8 spkac smime rand + pkcs8 spkac smime rand engine ocsp PROGS= $(PROGRAM).c @@ -55,14 +60,14 @@ E_OBJ= verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o er rsa.o rsautl.o dsa.o dsaparam.o \ x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \ s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \ - ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o + ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o ocsp.o E_SRC= verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \ pkcs7.c crl2p7.c crl.c \ rsa.c rsautl.c dsa.c dsaparam.c \ x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \ s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \ - ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c + ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c engine.c ocsp.c SRC=$(E_SRC) @@ -93,17 +98,20 @@ install: @for i in $(EXE); \ do \ (echo installing $$i; \ - cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \ - chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \ + cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ + chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \ done; @for i in $(SCRIPTS); \ do \ (echo installing $$i; \ - cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i; \ - chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \ + cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \ + chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \ + mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \ done - @cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR); \ - chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf + @cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \ + chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \ + mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf tags: ctags $(SRC) @@ -117,7 +125,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(SRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new @@ -128,15 +136,24 @@ clean: rm -f req $(DLIBSSL): - (cd ../ssl; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}') + (cd ..; $(MAKE) DIRS=ssl all) $(DLIBCRYPTO): - (cd ../crypto; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}') + (cd ..; $(MAKE) DIRS=crypto all) $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL) $(RM) $(PROGRAM) - $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS) - -(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; $(PERL) tools/c_rehash certs) + if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO) $(EX_LIBS) ; \ + else \ + $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \ + fi + -(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; \ + LIBPATH="`pwd`"; LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; \ + if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH"; \ + elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \ + export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \ + $(PERL) tools/c_rehash certs) progs.h: progs.pl $(PERL) progs.pl $(E_EXE) >progs.h @@ -144,567 +161,724 @@ progs.h: progs.pl # DO NOT DELETE THIS LINE -- make depend depends on it. -app_rand.o: ../include/openssl/asn1.h ../include/openssl/bio.h -app_rand.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -app_rand.o: ../include/openssl/buffer.h ../include/openssl/cast.h -app_rand.o: ../include/openssl/conf.h ../include/openssl/crypto.h -app_rand.o: ../include/openssl/des.h ../include/openssl/dh.h -app_rand.o: ../include/openssl/dsa.h ../include/openssl/e_os.h -app_rand.o: ../include/openssl/e_os2.h ../include/openssl/evp.h -app_rand.o: ../include/openssl/idea.h ../include/openssl/lhash.h -app_rand.o: ../include/openssl/md2.h ../include/openssl/md4.h -app_rand.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -app_rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +app_rand.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +app_rand.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +app_rand.o: ../include/openssl/bn.h ../include/openssl/buffer.h +app_rand.o: ../include/openssl/cast.h ../include/openssl/conf.h +app_rand.o: ../include/openssl/crypto.h ../include/openssl/des.h +app_rand.o: ../include/openssl/des_old.h ../include/openssl/dh.h +app_rand.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +app_rand.o: ../include/openssl/engine.h ../include/openssl/err.h +app_rand.o: ../include/openssl/evp.h ../include/openssl/idea.h +app_rand.o: ../include/openssl/lhash.h ../include/openssl/md2.h +app_rand.o: ../include/openssl/md4.h ../include/openssl/md5.h +app_rand.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +app_rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +app_rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h app_rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h app_rand.o: ../include/openssl/rc2.h ../include/openssl/rc4.h app_rand.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h app_rand.o: ../include/openssl/rsa.h ../include/openssl/safestack.h app_rand.o: ../include/openssl/sha.h ../include/openssl/stack.h -app_rand.o: ../include/openssl/symhacks.h ../include/openssl/x509.h -app_rand.o: ../include/openssl/x509_vfy.h apps.h -apps.o: ../include/openssl/asn1.h ../include/openssl/bio.h -apps.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -apps.o: ../include/openssl/buffer.h ../include/openssl/cast.h -apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h -apps.o: ../include/openssl/des.h ../include/openssl/dh.h -apps.o: ../include/openssl/dsa.h ../include/openssl/e_os.h -apps.o: ../include/openssl/e_os2.h ../include/openssl/err.h +app_rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +app_rand.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +app_rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h app_rand.c +app_rand.o: apps.h +apps.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +apps.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +apps.o: ../include/openssl/bn.h ../include/openssl/buffer.h +apps.o: ../include/openssl/cast.h ../include/openssl/conf.h +apps.o: ../include/openssl/crypto.h ../include/openssl/des.h +apps.o: ../include/openssl/des_old.h ../include/openssl/dh.h +apps.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +apps.o: ../include/openssl/engine.h ../include/openssl/err.h apps.o: ../include/openssl/evp.h ../include/openssl/idea.h apps.o: ../include/openssl/lhash.h ../include/openssl/md2.h apps.o: ../include/openssl/md4.h ../include/openssl/md5.h apps.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h apps.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -apps.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h -apps.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +apps.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +apps.o: ../include/openssl/pem.h ../include/openssl/pem2.h +apps.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h +apps.o: ../include/openssl/rand.h ../include/openssl/rc2.h apps.o: ../include/openssl/rc4.h ../include/openssl/rc5.h apps.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h apps.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -asn1pars.o: ../include/openssl/asn1.h ../include/openssl/bio.h -asn1pars.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -asn1pars.o: ../include/openssl/buffer.h ../include/openssl/cast.h -asn1pars.o: ../include/openssl/conf.h ../include/openssl/crypto.h -asn1pars.o: ../include/openssl/des.h ../include/openssl/dh.h -asn1pars.o: ../include/openssl/dsa.h ../include/openssl/e_os.h -asn1pars.o: ../include/openssl/e_os2.h ../include/openssl/err.h +apps.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +apps.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +apps.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.c apps.h +asn1pars.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +asn1pars.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +asn1pars.o: ../include/openssl/bn.h ../include/openssl/buffer.h +asn1pars.o: ../include/openssl/cast.h ../include/openssl/conf.h +asn1pars.o: ../include/openssl/crypto.h ../include/openssl/des.h +asn1pars.o: ../include/openssl/des_old.h ../include/openssl/dh.h +asn1pars.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +asn1pars.o: ../include/openssl/engine.h ../include/openssl/err.h asn1pars.o: ../include/openssl/evp.h ../include/openssl/idea.h asn1pars.o: ../include/openssl/lhash.h ../include/openssl/md2.h asn1pars.o: ../include/openssl/md4.h ../include/openssl/md5.h asn1pars.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h asn1pars.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +asn1pars.o: ../include/openssl/pem.h ../include/openssl/pem2.h +asn1pars.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h asn1pars.o: ../include/openssl/rc2.h ../include/openssl/rc4.h asn1pars.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h asn1pars.o: ../include/openssl/rsa.h ../include/openssl/safestack.h asn1pars.o: ../include/openssl/sha.h ../include/openssl/stack.h -asn1pars.o: ../include/openssl/symhacks.h ../include/openssl/x509.h -asn1pars.o: ../include/openssl/x509_vfy.h apps.h -ca.o: ../include/openssl/asn1.h ../include/openssl/bio.h -ca.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -ca.o: ../include/openssl/buffer.h ../include/openssl/cast.h -ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h -ca.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h -ca.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h -ca.o: ../include/openssl/err.h ../include/openssl/evp.h -ca.o: ../include/openssl/idea.h ../include/openssl/lhash.h -ca.o: ../include/openssl/md2.h ../include/openssl/md4.h -ca.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -ca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +asn1pars.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +asn1pars.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +asn1pars.o: asn1pars.c +ca.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +ca.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +ca.o: ../include/openssl/bn.h ../include/openssl/buffer.h +ca.o: ../include/openssl/cast.h ../include/openssl/conf.h +ca.o: ../include/openssl/crypto.h ../include/openssl/des.h +ca.o: ../include/openssl/des_old.h ../include/openssl/dh.h +ca.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +ca.o: ../include/openssl/engine.h ../include/openssl/err.h +ca.o: ../include/openssl/evp.h ../include/openssl/idea.h +ca.o: ../include/openssl/lhash.h ../include/openssl/md2.h +ca.o: ../include/openssl/md4.h ../include/openssl/md5.h +ca.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +ca.o: ../include/openssl/objects.h ../include/openssl/ocsp.h ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ca.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +ca.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ca.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ca.o: ../include/openssl/rand.h ../include/openssl/rc2.h ca.o: ../include/openssl/rc4.h ../include/openssl/rc5.h ca.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h ca.o: ../include/openssl/safestack.h ../include/openssl/sha.h ca.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ca.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -ca.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -ciphers.o: ../include/openssl/asn1.h ../include/openssl/bio.h -ciphers.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -ciphers.o: ../include/openssl/buffer.h ../include/openssl/cast.h -ciphers.o: ../include/openssl/comp.h ../include/openssl/conf.h -ciphers.o: ../include/openssl/crypto.h ../include/openssl/des.h +ca.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +ca.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +ca.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ca.c +ciphers.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +ciphers.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +ciphers.o: ../include/openssl/bn.h ../include/openssl/buffer.h +ciphers.o: ../include/openssl/cast.h ../include/openssl/comp.h +ciphers.o: ../include/openssl/conf.h ../include/openssl/crypto.h +ciphers.o: ../include/openssl/des.h ../include/openssl/des_old.h ciphers.o: ../include/openssl/dh.h ../include/openssl/dsa.h -ciphers.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +ciphers.o: ../include/openssl/e_os2.h ../include/openssl/engine.h ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h -ciphers.o: ../include/openssl/idea.h ../include/openssl/lhash.h -ciphers.o: ../include/openssl/md2.h ../include/openssl/md4.h -ciphers.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -ciphers.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ciphers.o: ../include/openssl/idea.h ../include/openssl/kssl.h +ciphers.o: ../include/openssl/lhash.h ../include/openssl/md2.h +ciphers.o: ../include/openssl/md4.h ../include/openssl/md5.h +ciphers.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +ciphers.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ciphers.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h -ciphers.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -ciphers.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ciphers.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ciphers.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ciphers.o: ../include/openssl/x509_vfy.h apps.h -crl.o: ../include/openssl/asn1.h ../include/openssl/bio.h -crl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -crl.o: ../include/openssl/buffer.h ../include/openssl/cast.h -crl.o: ../include/openssl/conf.h ../include/openssl/crypto.h -crl.o: ../include/openssl/des.h ../include/openssl/dh.h -crl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h -crl.o: ../include/openssl/e_os2.h ../include/openssl/err.h +ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +ciphers.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +ciphers.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +ciphers.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ciphers.o: ../include/openssl/sha.h ../include/openssl/ssl.h +ciphers.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ciphers.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ciphers.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ciphers.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +ciphers.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +ciphers.o: ../include/openssl/x509_vfy.h apps.h ciphers.c +crl.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +crl.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +crl.o: ../include/openssl/bn.h ../include/openssl/buffer.h +crl.o: ../include/openssl/cast.h ../include/openssl/conf.h +crl.o: ../include/openssl/crypto.h ../include/openssl/des.h +crl.o: ../include/openssl/des_old.h ../include/openssl/dh.h +crl.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +crl.o: ../include/openssl/engine.h ../include/openssl/err.h crl.o: ../include/openssl/evp.h ../include/openssl/idea.h crl.o: ../include/openssl/lhash.h ../include/openssl/md2.h crl.o: ../include/openssl/md4.h ../include/openssl/md5.h crl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h crl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -crl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +crl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +crl.o: ../include/openssl/pem.h ../include/openssl/pem2.h +crl.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h crl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h crl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h crl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h crl.o: ../include/openssl/sha.h ../include/openssl/stack.h -crl.o: ../include/openssl/symhacks.h ../include/openssl/x509.h -crl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -crl2p7.o: ../include/openssl/asn1.h ../include/openssl/bio.h -crl2p7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -crl2p7.o: ../include/openssl/buffer.h ../include/openssl/cast.h -crl2p7.o: ../include/openssl/conf.h ../include/openssl/crypto.h -crl2p7.o: ../include/openssl/des.h ../include/openssl/dh.h -crl2p7.o: ../include/openssl/dsa.h ../include/openssl/e_os.h -crl2p7.o: ../include/openssl/e_os2.h ../include/openssl/err.h +crl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +crl.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +crl.o: ../include/openssl/x509v3.h apps.h crl.c +crl2p7.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +crl2p7.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +crl2p7.o: ../include/openssl/bn.h ../include/openssl/buffer.h +crl2p7.o: ../include/openssl/cast.h ../include/openssl/conf.h +crl2p7.o: ../include/openssl/crypto.h ../include/openssl/des.h +crl2p7.o: ../include/openssl/des_old.h ../include/openssl/dh.h +crl2p7.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +crl2p7.o: ../include/openssl/engine.h ../include/openssl/err.h crl2p7.o: ../include/openssl/evp.h ../include/openssl/idea.h crl2p7.o: ../include/openssl/lhash.h ../include/openssl/md2.h crl2p7.o: ../include/openssl/md4.h ../include/openssl/md5.h crl2p7.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h crl2p7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +crl2p7.o: ../include/openssl/pem.h ../include/openssl/pem2.h +crl2p7.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h crl2p7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h crl2p7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h crl2p7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h crl2p7.o: ../include/openssl/sha.h ../include/openssl/stack.h -crl2p7.o: ../include/openssl/symhacks.h ../include/openssl/x509.h -crl2p7.o: ../include/openssl/x509_vfy.h apps.h -dgst.o: ../include/openssl/asn1.h ../include/openssl/bio.h -dgst.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -dgst.o: ../include/openssl/buffer.h ../include/openssl/cast.h -dgst.o: ../include/openssl/conf.h ../include/openssl/crypto.h -dgst.o: ../include/openssl/des.h ../include/openssl/dh.h -dgst.o: ../include/openssl/dsa.h ../include/openssl/e_os.h -dgst.o: ../include/openssl/e_os2.h ../include/openssl/err.h +crl2p7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +crl2p7.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +crl2p7.o: crl2p7.c +dgst.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +dgst.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +dgst.o: ../include/openssl/bn.h ../include/openssl/buffer.h +dgst.o: ../include/openssl/cast.h ../include/openssl/conf.h +dgst.o: ../include/openssl/crypto.h ../include/openssl/des.h +dgst.o: ../include/openssl/des_old.h ../include/openssl/dh.h +dgst.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +dgst.o: ../include/openssl/engine.h ../include/openssl/err.h dgst.o: ../include/openssl/evp.h ../include/openssl/idea.h dgst.o: ../include/openssl/lhash.h ../include/openssl/md2.h dgst.o: ../include/openssl/md4.h ../include/openssl/md5.h dgst.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h dgst.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -dgst.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +dgst.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +dgst.o: ../include/openssl/pem.h ../include/openssl/pem2.h +dgst.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h dgst.o: ../include/openssl/rc2.h ../include/openssl/rc4.h dgst.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h dgst.o: ../include/openssl/rsa.h ../include/openssl/safestack.h dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h -dgst.o: ../include/openssl/symhacks.h ../include/openssl/x509.h -dgst.o: ../include/openssl/x509_vfy.h apps.h -dh.o: ../include/openssl/asn1.h ../include/openssl/bio.h -dh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -dh.o: ../include/openssl/buffer.h ../include/openssl/cast.h -dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h -dh.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h -dh.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h -dh.o: ../include/openssl/err.h ../include/openssl/evp.h -dh.o: ../include/openssl/idea.h ../include/openssl/lhash.h -dh.o: ../include/openssl/md2.h ../include/openssl/md4.h -dh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -dh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -dh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +dgst.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +dgst.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dgst.c +dh.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +dh.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +dh.o: ../include/openssl/bn.h ../include/openssl/buffer.h +dh.o: ../include/openssl/cast.h ../include/openssl/conf.h +dh.o: ../include/openssl/crypto.h ../include/openssl/des.h +dh.o: ../include/openssl/des_old.h ../include/openssl/dh.h +dh.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +dh.o: ../include/openssl/engine.h ../include/openssl/err.h +dh.o: ../include/openssl/evp.h ../include/openssl/idea.h +dh.o: ../include/openssl/lhash.h ../include/openssl/md2.h +dh.o: ../include/openssl/md4.h ../include/openssl/md5.h +dh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +dh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +dh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h -dh.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h -dh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -dh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -dh.o: ../include/openssl/safestack.h ../include/openssl/sha.h -dh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -dsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h -dsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -dsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h -dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h -dsa.o: ../include/openssl/des.h ../include/openssl/dh.h -dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h -dsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h +dh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +dh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +dh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +dh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +dh.o: ../include/openssl/sha.h ../include/openssl/stack.h +dh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +dh.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dh.c +dsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +dsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +dsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h +dsa.o: ../include/openssl/cast.h ../include/openssl/conf.h +dsa.o: ../include/openssl/crypto.h ../include/openssl/des.h +dsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h +dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +dsa.o: ../include/openssl/engine.h ../include/openssl/err.h dsa.o: ../include/openssl/evp.h ../include/openssl/idea.h dsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h dsa.o: ../include/openssl/md4.h ../include/openssl/md5.h dsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h dsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -dsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +dsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +dsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h +dsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h dsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h dsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h dsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h dsa.o: ../include/openssl/sha.h ../include/openssl/stack.h -dsa.o: ../include/openssl/symhacks.h ../include/openssl/x509.h -dsa.o: ../include/openssl/x509_vfy.h apps.h -dsaparam.o: ../include/openssl/asn1.h ../include/openssl/bio.h -dsaparam.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -dsaparam.o: ../include/openssl/buffer.h ../include/openssl/cast.h -dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h -dsaparam.o: ../include/openssl/des.h ../include/openssl/dh.h -dsaparam.o: ../include/openssl/dsa.h ../include/openssl/e_os.h -dsaparam.o: ../include/openssl/e_os2.h ../include/openssl/err.h +dsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +dsa.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dsa.c +dsaparam.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +dsaparam.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +dsaparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h +dsaparam.o: ../include/openssl/cast.h ../include/openssl/conf.h +dsaparam.o: ../include/openssl/crypto.h ../include/openssl/des.h +dsaparam.o: ../include/openssl/des_old.h ../include/openssl/dh.h +dsaparam.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h dsaparam.o: ../include/openssl/evp.h ../include/openssl/idea.h dsaparam.o: ../include/openssl/lhash.h ../include/openssl/md2.h dsaparam.o: ../include/openssl/md4.h ../include/openssl/md5.h dsaparam.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h dsaparam.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +dsaparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h +dsaparam.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h dsaparam.o: ../include/openssl/rc2.h ../include/openssl/rc4.h dsaparam.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h dsaparam.o: ../include/openssl/rsa.h ../include/openssl/safestack.h dsaparam.o: ../include/openssl/sha.h ../include/openssl/stack.h -dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/x509.h -dsaparam.o: ../include/openssl/x509_vfy.h apps.h -enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h -enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h -enc.o: ../include/openssl/conf.h ../include/openssl/crypto.h -enc.o: ../include/openssl/des.h ../include/openssl/dh.h -enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h -enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h +dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +dsaparam.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +dsaparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +dsaparam.o: dsaparam.c +enc.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +enc.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h +enc.o: ../include/openssl/cast.h ../include/openssl/conf.h +enc.o: ../include/openssl/crypto.h ../include/openssl/des.h +enc.o: ../include/openssl/des_old.h ../include/openssl/dh.h +enc.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +enc.o: ../include/openssl/engine.h ../include/openssl/err.h enc.o: ../include/openssl/evp.h ../include/openssl/idea.h enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h enc.o: ../include/openssl/md4.h ../include/openssl/md5.h enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -enc.o: ../include/openssl/rand.h ../include/openssl/rc2.h -enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h -enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -errstr.o: ../include/openssl/asn1.h ../include/openssl/bio.h -errstr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -errstr.o: ../include/openssl/buffer.h ../include/openssl/cast.h -errstr.o: ../include/openssl/comp.h ../include/openssl/conf.h -errstr.o: ../include/openssl/crypto.h ../include/openssl/des.h +enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h +enc.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +enc.o: ../include/openssl/sha.h ../include/openssl/stack.h +enc.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +enc.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h enc.c +engine.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +engine.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +engine.o: ../include/openssl/bn.h ../include/openssl/buffer.h +engine.o: ../include/openssl/cast.h ../include/openssl/comp.h +engine.o: ../include/openssl/conf.h ../include/openssl/crypto.h +engine.o: ../include/openssl/des.h ../include/openssl/des_old.h +engine.o: ../include/openssl/dh.h ../include/openssl/dsa.h +engine.o: ../include/openssl/e_os2.h ../include/openssl/engine.h +engine.o: ../include/openssl/err.h ../include/openssl/evp.h +engine.o: ../include/openssl/idea.h ../include/openssl/kssl.h +engine.o: ../include/openssl/lhash.h ../include/openssl/md2.h +engine.o: ../include/openssl/md4.h ../include/openssl/md5.h +engine.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +engine.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +engine.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +engine.o: ../include/openssl/pem.h ../include/openssl/pem2.h +engine.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +engine.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +engine.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +engine.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +engine.o: ../include/openssl/sha.h ../include/openssl/ssl.h +engine.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +engine.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +engine.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +engine.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +engine.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +engine.o: ../include/openssl/x509_vfy.h apps.h engine.c +errstr.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +errstr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +errstr.o: ../include/openssl/bn.h ../include/openssl/buffer.h +errstr.o: ../include/openssl/cast.h ../include/openssl/comp.h +errstr.o: ../include/openssl/conf.h ../include/openssl/crypto.h +errstr.o: ../include/openssl/des.h ../include/openssl/des_old.h errstr.o: ../include/openssl/dh.h ../include/openssl/dsa.h -errstr.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +errstr.o: ../include/openssl/e_os2.h ../include/openssl/engine.h errstr.o: ../include/openssl/err.h ../include/openssl/evp.h -errstr.o: ../include/openssl/idea.h ../include/openssl/lhash.h -errstr.o: ../include/openssl/md2.h ../include/openssl/md4.h -errstr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -errstr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +errstr.o: ../include/openssl/idea.h ../include/openssl/kssl.h +errstr.o: ../include/openssl/lhash.h ../include/openssl/md2.h +errstr.o: ../include/openssl/md4.h ../include/openssl/md5.h +errstr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +errstr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +errstr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h -errstr.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h -errstr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -errstr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h -errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -errstr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -errstr.o: ../include/openssl/tls1.h ../include/openssl/x509.h -errstr.o: ../include/openssl/x509_vfy.h apps.h -gendh.o: ../include/openssl/asn1.h ../include/openssl/bio.h -gendh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -gendh.o: ../include/openssl/buffer.h ../include/openssl/cast.h -gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h -gendh.o: ../include/openssl/des.h ../include/openssl/dh.h -gendh.o: ../include/openssl/dsa.h ../include/openssl/e_os.h -gendh.o: ../include/openssl/e_os2.h ../include/openssl/err.h +errstr.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +errstr.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +errstr.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +errstr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +errstr.o: ../include/openssl/sha.h ../include/openssl/ssl.h +errstr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +errstr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +errstr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +errstr.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +errstr.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +errstr.o: ../include/openssl/x509_vfy.h apps.h errstr.c +gendh.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +gendh.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h +gendh.o: ../include/openssl/cast.h ../include/openssl/conf.h +gendh.o: ../include/openssl/crypto.h ../include/openssl/des.h +gendh.o: ../include/openssl/des_old.h ../include/openssl/dh.h +gendh.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +gendh.o: ../include/openssl/engine.h ../include/openssl/err.h gendh.o: ../include/openssl/evp.h ../include/openssl/idea.h gendh.o: ../include/openssl/lhash.h ../include/openssl/md2.h gendh.o: ../include/openssl/md4.h ../include/openssl/md5.h gendh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h gendh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -gendh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -gendh.o: ../include/openssl/rand.h ../include/openssl/rc2.h -gendh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -gendh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h -gendh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -gendsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h -gendsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -gendsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h -gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h -gendsa.o: ../include/openssl/des.h ../include/openssl/dh.h -gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h -gendsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h +gendh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +gendh.o: ../include/openssl/pem.h ../include/openssl/pem2.h +gendh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +gendh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +gendh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +gendh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +gendh.o: ../include/openssl/sha.h ../include/openssl/stack.h +gendh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +gendh.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h gendh.c +gendsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +gendsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h +gendsa.o: ../include/openssl/cast.h ../include/openssl/conf.h +gendsa.o: ../include/openssl/crypto.h ../include/openssl/des.h +gendsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h +gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +gendsa.o: ../include/openssl/engine.h ../include/openssl/err.h gendsa.o: ../include/openssl/evp.h ../include/openssl/idea.h gendsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h gendsa.o: ../include/openssl/md4.h ../include/openssl/md5.h gendsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h gendsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -gendsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +gendsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +gendsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h +gendsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h gendsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h gendsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h gendsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h gendsa.o: ../include/openssl/sha.h ../include/openssl/stack.h -gendsa.o: ../include/openssl/symhacks.h ../include/openssl/x509.h -gendsa.o: ../include/openssl/x509_vfy.h apps.h -genrsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h -genrsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -genrsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h -genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h -genrsa.o: ../include/openssl/des.h ../include/openssl/dh.h -genrsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h -genrsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h +gendsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +gendsa.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +gendsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +gendsa.o: gendsa.c +genrsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +genrsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +genrsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h +genrsa.o: ../include/openssl/cast.h ../include/openssl/conf.h +genrsa.o: ../include/openssl/crypto.h ../include/openssl/des.h +genrsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h +genrsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h genrsa.o: ../include/openssl/evp.h ../include/openssl/idea.h genrsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h genrsa.o: ../include/openssl/md4.h ../include/openssl/md5.h genrsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h genrsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -genrsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +genrsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +genrsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h +genrsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h genrsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h genrsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h genrsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h genrsa.o: ../include/openssl/sha.h ../include/openssl/stack.h -genrsa.o: ../include/openssl/symhacks.h ../include/openssl/x509.h -genrsa.o: ../include/openssl/x509_vfy.h apps.h -nseq.o: ../include/openssl/asn1.h ../include/openssl/bio.h -nseq.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -nseq.o: ../include/openssl/buffer.h ../include/openssl/cast.h -nseq.o: ../include/openssl/conf.h ../include/openssl/crypto.h -nseq.o: ../include/openssl/des.h ../include/openssl/dh.h -nseq.o: ../include/openssl/dsa.h ../include/openssl/e_os.h -nseq.o: ../include/openssl/e_os2.h ../include/openssl/err.h +genrsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +genrsa.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +genrsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +genrsa.o: genrsa.c +nseq.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +nseq.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +nseq.o: ../include/openssl/bn.h ../include/openssl/buffer.h +nseq.o: ../include/openssl/cast.h ../include/openssl/conf.h +nseq.o: ../include/openssl/crypto.h ../include/openssl/des.h +nseq.o: ../include/openssl/des_old.h ../include/openssl/dh.h +nseq.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +nseq.o: ../include/openssl/engine.h ../include/openssl/err.h nseq.o: ../include/openssl/evp.h ../include/openssl/idea.h nseq.o: ../include/openssl/lhash.h ../include/openssl/md2.h nseq.o: ../include/openssl/md4.h ../include/openssl/md5.h nseq.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h nseq.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -nseq.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +nseq.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +nseq.o: ../include/openssl/pem.h ../include/openssl/pem2.h +nseq.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h nseq.o: ../include/openssl/rc2.h ../include/openssl/rc4.h nseq.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h nseq.o: ../include/openssl/rsa.h ../include/openssl/safestack.h nseq.o: ../include/openssl/sha.h ../include/openssl/stack.h -nseq.o: ../include/openssl/symhacks.h ../include/openssl/x509.h -nseq.o: ../include/openssl/x509_vfy.h apps.h -openssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h -openssl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -openssl.o: ../include/openssl/buffer.h ../include/openssl/cast.h -openssl.o: ../include/openssl/comp.h ../include/openssl/conf.h -openssl.o: ../include/openssl/crypto.h ../include/openssl/des.h +nseq.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +nseq.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h nseq.c +ocsp.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +ocsp.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +ocsp.o: ../include/openssl/bn.h ../include/openssl/buffer.h +ocsp.o: ../include/openssl/cast.h ../include/openssl/comp.h +ocsp.o: ../include/openssl/conf.h ../include/openssl/crypto.h +ocsp.o: ../include/openssl/des.h ../include/openssl/des_old.h +ocsp.o: ../include/openssl/dh.h ../include/openssl/dsa.h +ocsp.o: ../include/openssl/e_os2.h ../include/openssl/engine.h +ocsp.o: ../include/openssl/err.h ../include/openssl/evp.h +ocsp.o: ../include/openssl/idea.h ../include/openssl/kssl.h +ocsp.o: ../include/openssl/lhash.h ../include/openssl/md2.h +ocsp.o: ../include/openssl/md4.h ../include/openssl/md5.h +ocsp.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +ocsp.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +ocsp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ocsp.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ocsp.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ocsp.o: ../include/openssl/rand.h ../include/openssl/rc2.h +ocsp.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +ocsp.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +ocsp.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ocsp.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ocsp.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ocsp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ocsp.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +ocsp.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +ocsp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ocsp.o: ../include/openssl/x509v3.h apps.h ocsp.c +openssl.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +openssl.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +openssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h +openssl.o: ../include/openssl/cast.h ../include/openssl/comp.h +openssl.o: ../include/openssl/conf.h ../include/openssl/crypto.h +openssl.o: ../include/openssl/des.h ../include/openssl/des_old.h openssl.o: ../include/openssl/dh.h ../include/openssl/dsa.h -openssl.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +openssl.o: ../include/openssl/e_os2.h ../include/openssl/engine.h openssl.o: ../include/openssl/err.h ../include/openssl/evp.h -openssl.o: ../include/openssl/idea.h ../include/openssl/lhash.h -openssl.o: ../include/openssl/md2.h ../include/openssl/md4.h -openssl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -openssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +openssl.o: ../include/openssl/idea.h ../include/openssl/kssl.h +openssl.o: ../include/openssl/lhash.h ../include/openssl/md2.h +openssl.o: ../include/openssl/md4.h ../include/openssl/md5.h +openssl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +openssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +openssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h openssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h -openssl.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h -openssl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -openssl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h -openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -openssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -openssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h -openssl.o: ../include/openssl/x509_vfy.h apps.h progs.h s_apps.h -passwd.o: ../include/openssl/asn1.h ../include/openssl/bio.h -passwd.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -passwd.o: ../include/openssl/buffer.h ../include/openssl/cast.h -passwd.o: ../include/openssl/conf.h ../include/openssl/crypto.h -passwd.o: ../include/openssl/des.h ../include/openssl/dh.h -passwd.o: ../include/openssl/dsa.h ../include/openssl/e_os.h -passwd.o: ../include/openssl/e_os2.h ../include/openssl/err.h +openssl.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +openssl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +openssl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +openssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h +openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +openssl.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +openssl.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +openssl.o: ../include/openssl/x509_vfy.h apps.h openssl.c progs.h s_apps.h +passwd.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +passwd.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +passwd.o: ../include/openssl/bn.h ../include/openssl/buffer.h +passwd.o: ../include/openssl/cast.h ../include/openssl/conf.h +passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h +passwd.o: ../include/openssl/des_old.h ../include/openssl/dh.h +passwd.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +passwd.o: ../include/openssl/engine.h ../include/openssl/err.h passwd.o: ../include/openssl/evp.h ../include/openssl/idea.h passwd.o: ../include/openssl/lhash.h ../include/openssl/md2.h passwd.o: ../include/openssl/md4.h ../include/openssl/md5.h passwd.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h passwd.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -passwd.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h -passwd.o: ../include/openssl/rand.h ../include/openssl/rc2.h -passwd.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -passwd.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -passwd.o: ../include/openssl/safestack.h ../include/openssl/sha.h -passwd.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +passwd.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +passwd.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +passwd.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +passwd.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +passwd.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h +passwd.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +passwd.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h passwd.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -pkcs12.o: ../include/openssl/asn1.h ../include/openssl/bio.h -pkcs12.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -pkcs12.o: ../include/openssl/buffer.h ../include/openssl/cast.h -pkcs12.o: ../include/openssl/conf.h ../include/openssl/crypto.h -pkcs12.o: ../include/openssl/des.h ../include/openssl/dh.h -pkcs12.o: ../include/openssl/dsa.h ../include/openssl/e_os.h -pkcs12.o: ../include/openssl/e_os2.h ../include/openssl/err.h +passwd.o: passwd.c +pkcs12.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +pkcs12.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +pkcs12.o: ../include/openssl/bn.h ../include/openssl/buffer.h +pkcs12.o: ../include/openssl/cast.h ../include/openssl/conf.h +pkcs12.o: ../include/openssl/crypto.h ../include/openssl/des.h +pkcs12.o: ../include/openssl/des_old.h ../include/openssl/dh.h +pkcs12.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +pkcs12.o: ../include/openssl/engine.h ../include/openssl/err.h pkcs12.o: ../include/openssl/evp.h ../include/openssl/idea.h pkcs12.o: ../include/openssl/lhash.h ../include/openssl/md2.h pkcs12.o: ../include/openssl/md4.h ../include/openssl/md5.h pkcs12.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h pkcs12.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h -pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +pkcs12.o: ../include/openssl/pem.h ../include/openssl/pem2.h +pkcs12.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h +pkcs12.o: ../include/openssl/rand.h ../include/openssl/rc2.h pkcs12.o: ../include/openssl/rc4.h ../include/openssl/rc5.h pkcs12.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h pkcs12.o: ../include/openssl/safestack.h ../include/openssl/sha.h pkcs12.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -pkcs12.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -pkcs7.o: ../include/openssl/asn1.h ../include/openssl/bio.h -pkcs7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -pkcs7.o: ../include/openssl/buffer.h ../include/openssl/cast.h -pkcs7.o: ../include/openssl/conf.h ../include/openssl/crypto.h -pkcs7.o: ../include/openssl/des.h ../include/openssl/dh.h -pkcs7.o: ../include/openssl/dsa.h ../include/openssl/e_os.h -pkcs7.o: ../include/openssl/e_os2.h ../include/openssl/err.h +pkcs12.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +pkcs12.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +pkcs12.o: ../include/openssl/x509_vfy.h apps.h pkcs12.c +pkcs7.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +pkcs7.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +pkcs7.o: ../include/openssl/bn.h ../include/openssl/buffer.h +pkcs7.o: ../include/openssl/cast.h ../include/openssl/conf.h +pkcs7.o: ../include/openssl/crypto.h ../include/openssl/des.h +pkcs7.o: ../include/openssl/des_old.h ../include/openssl/dh.h +pkcs7.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +pkcs7.o: ../include/openssl/engine.h ../include/openssl/err.h pkcs7.o: ../include/openssl/evp.h ../include/openssl/idea.h pkcs7.o: ../include/openssl/lhash.h ../include/openssl/md2.h pkcs7.o: ../include/openssl/md4.h ../include/openssl/md5.h pkcs7.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h pkcs7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +pkcs7.o: ../include/openssl/pem.h ../include/openssl/pem2.h +pkcs7.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h pkcs7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h pkcs7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h pkcs7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h pkcs7.o: ../include/openssl/sha.h ../include/openssl/stack.h -pkcs7.o: ../include/openssl/symhacks.h ../include/openssl/x509.h -pkcs7.o: ../include/openssl/x509_vfy.h apps.h -pkcs8.o: ../include/openssl/asn1.h ../include/openssl/bio.h -pkcs8.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -pkcs8.o: ../include/openssl/buffer.h ../include/openssl/cast.h -pkcs8.o: ../include/openssl/conf.h ../include/openssl/crypto.h -pkcs8.o: ../include/openssl/des.h ../include/openssl/dh.h -pkcs8.o: ../include/openssl/dsa.h ../include/openssl/e_os.h -pkcs8.o: ../include/openssl/e_os2.h ../include/openssl/err.h +pkcs7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +pkcs7.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h pkcs7.c +pkcs8.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +pkcs8.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +pkcs8.o: ../include/openssl/bn.h ../include/openssl/buffer.h +pkcs8.o: ../include/openssl/cast.h ../include/openssl/conf.h +pkcs8.o: ../include/openssl/crypto.h ../include/openssl/des.h +pkcs8.o: ../include/openssl/des_old.h ../include/openssl/dh.h +pkcs8.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +pkcs8.o: ../include/openssl/engine.h ../include/openssl/err.h pkcs8.o: ../include/openssl/evp.h ../include/openssl/idea.h pkcs8.o: ../include/openssl/lhash.h ../include/openssl/md2.h pkcs8.o: ../include/openssl/md4.h ../include/openssl/md5.h pkcs8.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h pkcs8.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h -pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +pkcs8.o: ../include/openssl/pem.h ../include/openssl/pem2.h +pkcs8.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h +pkcs8.o: ../include/openssl/rand.h ../include/openssl/rc2.h pkcs8.o: ../include/openssl/rc4.h ../include/openssl/rc5.h pkcs8.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h pkcs8.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -pkcs8.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -rand.o: ../include/openssl/asn1.h ../include/openssl/bio.h -rand.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -rand.o: ../include/openssl/buffer.h ../include/openssl/cast.h -rand.o: ../include/openssl/conf.h ../include/openssl/crypto.h -rand.o: ../include/openssl/des.h ../include/openssl/dh.h -rand.o: ../include/openssl/dsa.h ../include/openssl/e_os.h -rand.o: ../include/openssl/e_os2.h ../include/openssl/err.h +pkcs8.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +pkcs8.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +pkcs8.o: ../include/openssl/x509_vfy.h apps.h pkcs8.c +rand.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +rand.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +rand.o: ../include/openssl/bn.h ../include/openssl/buffer.h +rand.o: ../include/openssl/cast.h ../include/openssl/conf.h +rand.o: ../include/openssl/crypto.h ../include/openssl/des.h +rand.o: ../include/openssl/des_old.h ../include/openssl/dh.h +rand.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +rand.o: ../include/openssl/engine.h ../include/openssl/err.h rand.o: ../include/openssl/evp.h ../include/openssl/idea.h rand.o: ../include/openssl/lhash.h ../include/openssl/md2.h rand.o: ../include/openssl/md4.h ../include/openssl/md5.h rand.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -rand.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h -rand.o: ../include/openssl/rand.h ../include/openssl/rc2.h -rand.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -rand.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h -rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +rand.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +rand.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +rand.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +rand.o: ../include/openssl/sha.h ../include/openssl/stack.h +rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +rand.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h rand.c +req.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h req.o: ../include/openssl/asn1.h ../include/openssl/bio.h req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h req.o: ../include/openssl/buffer.h ../include/openssl/cast.h req.o: ../include/openssl/conf.h ../include/openssl/crypto.h -req.o: ../include/openssl/des.h ../include/openssl/dh.h -req.o: ../include/openssl/dsa.h ../include/openssl/e_os.h -req.o: ../include/openssl/e_os2.h ../include/openssl/err.h -req.o: ../include/openssl/evp.h ../include/openssl/idea.h -req.o: ../include/openssl/lhash.h ../include/openssl/md2.h -req.o: ../include/openssl/md4.h ../include/openssl/md5.h -req.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -req.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +req.o: ../include/openssl/des.h ../include/openssl/des_old.h +req.o: ../include/openssl/dh.h ../include/openssl/dsa.h +req.o: ../include/openssl/e_os2.h ../include/openssl/engine.h +req.o: ../include/openssl/err.h ../include/openssl/evp.h +req.o: ../include/openssl/idea.h ../include/openssl/lhash.h +req.o: ../include/openssl/md2.h ../include/openssl/md4.h +req.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +req.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -req.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -req.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -req.o: ../include/openssl/sha.h ../include/openssl/stack.h -req.o: ../include/openssl/symhacks.h ../include/openssl/x509.h -req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -rsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h -rsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -rsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h -rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h -rsa.o: ../include/openssl/des.h ../include/openssl/dh.h -rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h -rsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h +req.o: ../include/openssl/rand.h ../include/openssl/rc2.h +req.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +req.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +req.o: ../include/openssl/safestack.h ../include/openssl/sha.h +req.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +req.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +req.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c +rsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +rsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h +rsa.o: ../include/openssl/cast.h ../include/openssl/conf.h +rsa.o: ../include/openssl/crypto.h ../include/openssl/des.h +rsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h +rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +rsa.o: ../include/openssl/engine.h ../include/openssl/err.h rsa.o: ../include/openssl/evp.h ../include/openssl/idea.h rsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h rsa.o: ../include/openssl/md4.h ../include/openssl/md5.h rsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -rsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +rsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h +rsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h rsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h rsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h rsa.o: ../include/openssl/sha.h ../include/openssl/stack.h -rsa.o: ../include/openssl/symhacks.h ../include/openssl/x509.h -rsa.o: ../include/openssl/x509_vfy.h apps.h -rsautl.o: ../include/openssl/asn1.h ../include/openssl/bio.h -rsautl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -rsautl.o: ../include/openssl/buffer.h ../include/openssl/cast.h -rsautl.o: ../include/openssl/conf.h ../include/openssl/crypto.h -rsautl.o: ../include/openssl/des.h ../include/openssl/dh.h -rsautl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h -rsautl.o: ../include/openssl/e_os2.h ../include/openssl/err.h +rsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +rsa.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h rsa.c +rsautl.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +rsautl.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +rsautl.o: ../include/openssl/bn.h ../include/openssl/buffer.h +rsautl.o: ../include/openssl/cast.h ../include/openssl/conf.h +rsautl.o: ../include/openssl/crypto.h ../include/openssl/des.h +rsautl.o: ../include/openssl/des_old.h ../include/openssl/dh.h +rsautl.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +rsautl.o: ../include/openssl/engine.h ../include/openssl/err.h rsautl.o: ../include/openssl/evp.h ../include/openssl/idea.h rsautl.o: ../include/openssl/lhash.h ../include/openssl/md2.h rsautl.o: ../include/openssl/md4.h ../include/openssl/md5.h rsautl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h rsautl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -rsautl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -rsautl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +rsautl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +rsautl.o: ../include/openssl/pem.h ../include/openssl/pem2.h +rsautl.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h rsautl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h rsautl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h rsautl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h rsautl.o: ../include/openssl/sha.h ../include/openssl/stack.h -rsautl.o: ../include/openssl/symhacks.h ../include/openssl/x509.h -rsautl.o: ../include/openssl/x509_vfy.h apps.h -s_cb.o: ../include/openssl/asn1.h ../include/openssl/bio.h -s_cb.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -s_cb.o: ../include/openssl/buffer.h ../include/openssl/cast.h -s_cb.o: ../include/openssl/comp.h ../include/openssl/conf.h -s_cb.o: ../include/openssl/crypto.h ../include/openssl/des.h +rsautl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +rsautl.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +rsautl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +rsautl.o: rsautl.c +s_cb.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +s_cb.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +s_cb.o: ../include/openssl/bn.h ../include/openssl/buffer.h +s_cb.o: ../include/openssl/cast.h ../include/openssl/comp.h +s_cb.o: ../include/openssl/conf.h ../include/openssl/crypto.h +s_cb.o: ../include/openssl/des.h ../include/openssl/des_old.h s_cb.o: ../include/openssl/dh.h ../include/openssl/dsa.h -s_cb.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +s_cb.o: ../include/openssl/e_os2.h ../include/openssl/engine.h s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h -s_cb.o: ../include/openssl/idea.h ../include/openssl/lhash.h -s_cb.o: ../include/openssl/md2.h ../include/openssl/md4.h -s_cb.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -s_cb.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s_cb.o: ../include/openssl/idea.h ../include/openssl/kssl.h +s_cb.o: ../include/openssl/lhash.h ../include/openssl/md2.h +s_cb.o: ../include/openssl/md4.h ../include/openssl/md5.h +s_cb.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +s_cb.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s_cb.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h -s_cb.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -s_cb.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s_cb.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s_cb.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s_cb.o: ../include/openssl/x509_vfy.h apps.h s_apps.h -s_client.o: ../include/openssl/asn1.h ../include/openssl/bio.h -s_client.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -s_client.o: ../include/openssl/buffer.h ../include/openssl/cast.h -s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h -s_client.o: ../include/openssl/crypto.h ../include/openssl/des.h +s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +s_cb.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +s_cb.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +s_cb.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s_cb.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s_cb.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s_cb.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s_cb.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +s_cb.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +s_cb.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_cb.c +s_client.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +s_client.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h +s_client.o: ../include/openssl/cast.h ../include/openssl/comp.h +s_client.o: ../include/openssl/conf.h ../include/openssl/crypto.h +s_client.o: ../include/openssl/des.h ../include/openssl/des_old.h s_client.o: ../include/openssl/dh.h ../include/openssl/dsa.h -s_client.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +s_client.o: ../include/openssl/e_os2.h ../include/openssl/engine.h s_client.o: ../include/openssl/err.h ../include/openssl/evp.h -s_client.o: ../include/openssl/idea.h ../include/openssl/lhash.h -s_client.o: ../include/openssl/md2.h ../include/openssl/md4.h -s_client.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -s_client.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s_client.o: ../include/openssl/idea.h ../include/openssl/kssl.h +s_client.o: ../include/openssl/lhash.h ../include/openssl/md2.h +s_client.o: ../include/openssl/md4.h ../include/openssl/md5.h +s_client.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +s_client.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s_client.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h s_client.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h s_client.o: ../include/openssl/rc2.h ../include/openssl/rc4.h @@ -714,21 +888,24 @@ s_client.o: ../include/openssl/sha.h ../include/openssl/ssl.h s_client.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h s_client.o: ../include/openssl/ssl3.h ../include/openssl/stack.h s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -s_client.o: s_apps.h -s_server.o: ../include/openssl/asn1.h ../include/openssl/bio.h -s_server.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -s_server.o: ../include/openssl/buffer.h ../include/openssl/cast.h -s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h -s_server.o: ../include/openssl/crypto.h ../include/openssl/des.h +s_client.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +s_client.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +s_client.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_client.c +s_server.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +s_server.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h +s_server.o: ../include/openssl/cast.h ../include/openssl/comp.h +s_server.o: ../include/openssl/conf.h ../include/openssl/crypto.h +s_server.o: ../include/openssl/des.h ../include/openssl/des_old.h s_server.o: ../include/openssl/dh.h ../include/openssl/dsa.h -s_server.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +s_server.o: ../include/openssl/e_os2.h ../include/openssl/engine.h s_server.o: ../include/openssl/err.h ../include/openssl/evp.h -s_server.o: ../include/openssl/idea.h ../include/openssl/lhash.h -s_server.o: ../include/openssl/md2.h ../include/openssl/md4.h -s_server.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -s_server.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s_server.o: ../include/openssl/idea.h ../include/openssl/kssl.h +s_server.o: ../include/openssl/lhash.h ../include/openssl/md2.h +s_server.o: ../include/openssl/md4.h ../include/openssl/md5.h +s_server.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +s_server.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s_server.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h s_server.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h s_server.o: ../include/openssl/rc2.h ../include/openssl/rc4.h @@ -738,22 +915,26 @@ s_server.o: ../include/openssl/sha.h ../include/openssl/ssl.h s_server.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h s_server.o: ../include/openssl/ssl3.h ../include/openssl/stack.h s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -s_server.o: s_apps.h -s_socket.o: ../include/openssl/asn1.h ../include/openssl/bio.h -s_socket.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -s_socket.o: ../include/openssl/buffer.h ../include/openssl/cast.h -s_socket.o: ../include/openssl/comp.h ../include/openssl/conf.h -s_socket.o: ../include/openssl/crypto.h ../include/openssl/des.h +s_server.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +s_server.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +s_server.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_server.c +s_socket.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +s_socket.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +s_socket.o: ../include/openssl/bn.h ../include/openssl/buffer.h +s_socket.o: ../include/openssl/cast.h ../include/openssl/comp.h +s_socket.o: ../include/openssl/conf.h ../include/openssl/crypto.h +s_socket.o: ../include/openssl/des.h ../include/openssl/des_old.h s_socket.o: ../include/openssl/dh.h ../include/openssl/dsa.h -s_socket.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h -s_socket.o: ../include/openssl/evp.h ../include/openssl/idea.h +s_socket.o: ../include/openssl/e_os2.h ../include/openssl/engine.h +s_socket.o: ../include/openssl/err.h ../include/openssl/evp.h +s_socket.o: ../include/openssl/idea.h ../include/openssl/kssl.h s_socket.o: ../include/openssl/lhash.h ../include/openssl/md2.h s_socket.o: ../include/openssl/md4.h ../include/openssl/md5.h s_socket.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h s_socket.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s_socket.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s_socket.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s_socket.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s_socket.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h s_socket.o: ../include/openssl/rc2.h ../include/openssl/rc4.h s_socket.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h s_socket.o: ../include/openssl/rsa.h ../include/openssl/safestack.h @@ -761,169 +942,200 @@ s_socket.o: ../include/openssl/sha.h ../include/openssl/ssl.h s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h s_socket.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -s_socket.o: s_apps.h -s_time.o: ../include/openssl/asn1.h ../include/openssl/bio.h -s_time.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -s_time.o: ../include/openssl/buffer.h ../include/openssl/cast.h -s_time.o: ../include/openssl/comp.h ../include/openssl/conf.h -s_time.o: ../include/openssl/crypto.h ../include/openssl/des.h +s_socket.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +s_socket.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +s_socket.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_socket.c +s_time.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +s_time.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +s_time.o: ../include/openssl/bn.h ../include/openssl/buffer.h +s_time.o: ../include/openssl/cast.h ../include/openssl/comp.h +s_time.o: ../include/openssl/conf.h ../include/openssl/crypto.h +s_time.o: ../include/openssl/des.h ../include/openssl/des_old.h s_time.o: ../include/openssl/dh.h ../include/openssl/dsa.h -s_time.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +s_time.o: ../include/openssl/e_os2.h ../include/openssl/engine.h s_time.o: ../include/openssl/err.h ../include/openssl/evp.h -s_time.o: ../include/openssl/idea.h ../include/openssl/lhash.h -s_time.o: ../include/openssl/md2.h ../include/openssl/md4.h -s_time.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -s_time.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s_time.o: ../include/openssl/idea.h ../include/openssl/kssl.h +s_time.o: ../include/openssl/lhash.h ../include/openssl/md2.h +s_time.o: ../include/openssl/md4.h ../include/openssl/md5.h +s_time.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +s_time.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s_time.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s_time.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h -s_time.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -s_time.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s_time.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s_time.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s_time.o: ../include/openssl/x509_vfy.h apps.h s_apps.h -sess_id.o: ../include/openssl/asn1.h ../include/openssl/bio.h -sess_id.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -sess_id.o: ../include/openssl/buffer.h ../include/openssl/cast.h -sess_id.o: ../include/openssl/comp.h ../include/openssl/conf.h -sess_id.o: ../include/openssl/crypto.h ../include/openssl/des.h +s_time.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +s_time.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +s_time.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +s_time.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s_time.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s_time.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s_time.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s_time.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s_time.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +s_time.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +s_time.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_time.c +sess_id.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +sess_id.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +sess_id.o: ../include/openssl/bn.h ../include/openssl/buffer.h +sess_id.o: ../include/openssl/cast.h ../include/openssl/comp.h +sess_id.o: ../include/openssl/conf.h ../include/openssl/crypto.h +sess_id.o: ../include/openssl/des.h ../include/openssl/des_old.h sess_id.o: ../include/openssl/dh.h ../include/openssl/dsa.h -sess_id.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +sess_id.o: ../include/openssl/e_os2.h ../include/openssl/engine.h sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h -sess_id.o: ../include/openssl/idea.h ../include/openssl/lhash.h -sess_id.o: ../include/openssl/md2.h ../include/openssl/md4.h -sess_id.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -sess_id.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +sess_id.o: ../include/openssl/idea.h ../include/openssl/kssl.h +sess_id.o: ../include/openssl/lhash.h ../include/openssl/md2.h +sess_id.o: ../include/openssl/md4.h ../include/openssl/md5.h +sess_id.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +sess_id.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +sess_id.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h -sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h -sess_id.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -sess_id.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h -sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -sess_id.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -sess_id.o: ../include/openssl/tls1.h ../include/openssl/x509.h -sess_id.o: ../include/openssl/x509_vfy.h apps.h -smime.o: ../include/openssl/asn1.h ../include/openssl/bio.h -smime.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -smime.o: ../include/openssl/buffer.h ../include/openssl/cast.h -smime.o: ../include/openssl/conf.h ../include/openssl/crypto.h -smime.o: ../include/openssl/des.h ../include/openssl/dh.h -smime.o: ../include/openssl/dsa.h ../include/openssl/e_os.h -smime.o: ../include/openssl/e_os2.h ../include/openssl/err.h +sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +sess_id.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +sess_id.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +sess_id.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +sess_id.o: ../include/openssl/sha.h ../include/openssl/ssl.h +sess_id.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +sess_id.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +sess_id.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +sess_id.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +sess_id.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +sess_id.o: ../include/openssl/x509_vfy.h apps.h sess_id.c +smime.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +smime.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +smime.o: ../include/openssl/bn.h ../include/openssl/buffer.h +smime.o: ../include/openssl/cast.h ../include/openssl/conf.h +smime.o: ../include/openssl/crypto.h ../include/openssl/des.h +smime.o: ../include/openssl/des_old.h ../include/openssl/dh.h +smime.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +smime.o: ../include/openssl/engine.h ../include/openssl/err.h smime.o: ../include/openssl/evp.h ../include/openssl/idea.h smime.o: ../include/openssl/lhash.h ../include/openssl/md2.h smime.o: ../include/openssl/md4.h ../include/openssl/md5.h smime.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h smime.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -smime.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +smime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +smime.o: ../include/openssl/pem.h ../include/openssl/pem2.h +smime.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h smime.o: ../include/openssl/rc2.h ../include/openssl/rc4.h smime.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h smime.o: ../include/openssl/rsa.h ../include/openssl/safestack.h smime.o: ../include/openssl/sha.h ../include/openssl/stack.h -smime.o: ../include/openssl/symhacks.h ../include/openssl/x509.h -smime.o: ../include/openssl/x509_vfy.h apps.h -speed.o: ../include/openssl/asn1.h ../include/openssl/bio.h -speed.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -speed.o: ../include/openssl/buffer.h ../include/openssl/cast.h -speed.o: ../include/openssl/conf.h ../include/openssl/crypto.h -speed.o: ../include/openssl/des.h ../include/openssl/dh.h -speed.o: ../include/openssl/dsa.h ../include/openssl/e_os.h -speed.o: ../include/openssl/e_os2.h ../include/openssl/err.h +smime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +smime.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +smime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h smime.c +speed.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +speed.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +speed.o: ../include/openssl/bn.h ../include/openssl/buffer.h +speed.o: ../include/openssl/cast.h ../include/openssl/conf.h +speed.o: ../include/openssl/crypto.h ../include/openssl/des.h +speed.o: ../include/openssl/des_old.h ../include/openssl/dh.h +speed.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +speed.o: ../include/openssl/engine.h ../include/openssl/err.h speed.o: ../include/openssl/evp.h ../include/openssl/hmac.h speed.o: ../include/openssl/idea.h ../include/openssl/lhash.h speed.o: ../include/openssl/md2.h ../include/openssl/md4.h speed.o: ../include/openssl/md5.h ../include/openssl/mdc2.h speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -speed.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -speed.o: ../include/openssl/sha.h ../include/openssl/stack.h -speed.o: ../include/openssl/symhacks.h ../include/openssl/x509.h -speed.o: ../include/openssl/x509_vfy.h ./testdsa.h ./testrsa.h apps.h -spkac.o: ../include/openssl/asn1.h ../include/openssl/bio.h -spkac.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -spkac.o: ../include/openssl/buffer.h ../include/openssl/cast.h -spkac.o: ../include/openssl/conf.h ../include/openssl/crypto.h -spkac.o: ../include/openssl/des.h ../include/openssl/dh.h -spkac.o: ../include/openssl/dsa.h ../include/openssl/e_os.h -spkac.o: ../include/openssl/e_os2.h ../include/openssl/err.h +speed.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +speed.o: ../include/openssl/rand.h ../include/openssl/rc2.h +speed.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +speed.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +speed.o: ../include/openssl/safestack.h ../include/openssl/sha.h +speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +speed.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +speed.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +speed.o: ../include/openssl/x509_vfy.h apps.h speed.c testdsa.h testrsa.h +spkac.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +spkac.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +spkac.o: ../include/openssl/bn.h ../include/openssl/buffer.h +spkac.o: ../include/openssl/cast.h ../include/openssl/conf.h +spkac.o: ../include/openssl/crypto.h ../include/openssl/des.h +spkac.o: ../include/openssl/des_old.h ../include/openssl/dh.h +spkac.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +spkac.o: ../include/openssl/engine.h ../include/openssl/err.h spkac.o: ../include/openssl/evp.h ../include/openssl/idea.h spkac.o: ../include/openssl/lhash.h ../include/openssl/md2.h spkac.o: ../include/openssl/md4.h ../include/openssl/md5.h spkac.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h spkac.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -spkac.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +spkac.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +spkac.o: ../include/openssl/pem.h ../include/openssl/pem2.h +spkac.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h spkac.o: ../include/openssl/rc2.h ../include/openssl/rc4.h spkac.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h spkac.o: ../include/openssl/rsa.h ../include/openssl/safestack.h spkac.o: ../include/openssl/sha.h ../include/openssl/stack.h -spkac.o: ../include/openssl/symhacks.h ../include/openssl/x509.h -spkac.o: ../include/openssl/x509_vfy.h apps.h -verify.o: ../include/openssl/asn1.h ../include/openssl/bio.h -verify.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -verify.o: ../include/openssl/buffer.h ../include/openssl/cast.h -verify.o: ../include/openssl/conf.h ../include/openssl/crypto.h -verify.o: ../include/openssl/des.h ../include/openssl/dh.h -verify.o: ../include/openssl/dsa.h ../include/openssl/e_os.h -verify.o: ../include/openssl/e_os2.h ../include/openssl/err.h +spkac.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +spkac.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +spkac.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h spkac.c +verify.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +verify.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +verify.o: ../include/openssl/bn.h ../include/openssl/buffer.h +verify.o: ../include/openssl/cast.h ../include/openssl/conf.h +verify.o: ../include/openssl/crypto.h ../include/openssl/des.h +verify.o: ../include/openssl/des_old.h ../include/openssl/dh.h +verify.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +verify.o: ../include/openssl/engine.h ../include/openssl/err.h verify.o: ../include/openssl/evp.h ../include/openssl/idea.h verify.o: ../include/openssl/lhash.h ../include/openssl/md2.h verify.o: ../include/openssl/md4.h ../include/openssl/md5.h verify.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h verify.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -verify.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +verify.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +verify.o: ../include/openssl/pem.h ../include/openssl/pem2.h +verify.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h verify.o: ../include/openssl/rc2.h ../include/openssl/rc4.h verify.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h verify.o: ../include/openssl/rsa.h ../include/openssl/safestack.h verify.o: ../include/openssl/sha.h ../include/openssl/stack.h -verify.o: ../include/openssl/symhacks.h ../include/openssl/x509.h -verify.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -version.o: ../include/openssl/asn1.h ../include/openssl/bio.h -version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -version.o: ../include/openssl/buffer.h ../include/openssl/cast.h -version.o: ../include/openssl/conf.h ../include/openssl/crypto.h -version.o: ../include/openssl/des.h ../include/openssl/dh.h -version.o: ../include/openssl/dsa.h ../include/openssl/e_os.h -version.o: ../include/openssl/e_os2.h ../include/openssl/evp.h -version.o: ../include/openssl/idea.h ../include/openssl/lhash.h -version.o: ../include/openssl/md2.h ../include/openssl/md4.h -version.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -version.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -version.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h -version.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -version.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -version.o: ../include/openssl/safestack.h ../include/openssl/sha.h -version.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +verify.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +verify.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +verify.o: ../include/openssl/x509v3.h apps.h verify.c +version.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +version.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +version.o: ../include/openssl/bn.h ../include/openssl/buffer.h +version.o: ../include/openssl/cast.h ../include/openssl/conf.h +version.o: ../include/openssl/crypto.h ../include/openssl/des.h +version.o: ../include/openssl/des_old.h ../include/openssl/dh.h +version.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +version.o: ../include/openssl/engine.h ../include/openssl/err.h +version.o: ../include/openssl/evp.h ../include/openssl/idea.h +version.o: ../include/openssl/lhash.h ../include/openssl/md2.h +version.o: ../include/openssl/md4.h ../include/openssl/md5.h +version.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +version.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +version.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +version.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +version.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +version.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +version.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +version.o: ../include/openssl/sha.h ../include/openssl/stack.h +version.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +version.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h version.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -x509.o: ../include/openssl/asn1.h ../include/openssl/bio.h -x509.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -x509.o: ../include/openssl/buffer.h ../include/openssl/cast.h -x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h -x509.o: ../include/openssl/des.h ../include/openssl/dh.h -x509.o: ../include/openssl/dsa.h ../include/openssl/e_os.h -x509.o: ../include/openssl/e_os2.h ../include/openssl/err.h +version.o: version.c +x509.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h +x509.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +x509.o: ../include/openssl/bn.h ../include/openssl/buffer.h +x509.o: ../include/openssl/cast.h ../include/openssl/conf.h +x509.o: ../include/openssl/crypto.h ../include/openssl/des.h +x509.o: ../include/openssl/des_old.h ../include/openssl/dh.h +x509.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +x509.o: ../include/openssl/engine.h ../include/openssl/err.h x509.o: ../include/openssl/evp.h ../include/openssl/idea.h x509.o: ../include/openssl/lhash.h ../include/openssl/md2.h x509.o: ../include/openssl/md4.h ../include/openssl/md5.h x509.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h x509.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -x509.o: ../include/openssl/opensslv.h ../include/openssl/pem.h -x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +x509.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +x509.o: ../include/openssl/pem.h ../include/openssl/pem2.h +x509.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h x509.o: ../include/openssl/rc2.h ../include/openssl/rc4.h x509.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h x509.o: ../include/openssl/rsa.h ../include/openssl/safestack.h x509.o: ../include/openssl/sha.h ../include/openssl/stack.h -x509.o: ../include/openssl/symhacks.h ../include/openssl/x509.h -x509.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +x509.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +x509.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +x509.o: ../include/openssl/x509v3.h apps.h x509.c diff --git a/crypto/openssl/apps/app_rand.c b/crypto/openssl/apps/app_rand.c index 8a78e12..b7b6128 100644 --- a/crypto/openssl/apps/app_rand.c +++ b/crypto/openssl/apps/app_rand.c @@ -124,7 +124,7 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn) int consider_randfile = (file == NULL); char buffer[200]; -#ifdef WINDOWS +#ifdef OPENSSL_SYS_WINDOWS BIO_printf(bio_e,"Loading 'screen' into random state -"); BIO_flush(bio_e); RAND_screen(); @@ -142,18 +142,21 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn) } if (file == NULL || !RAND_load_file(file, -1)) { - if (RAND_status() == 0 && !dont_warn) + if (RAND_status() == 0) { - BIO_printf(bio_e,"unable to load 'random state'\n"); - BIO_printf(bio_e,"This means that the random number generator has not been seeded\n"); - BIO_printf(bio_e,"with much random data.\n"); - if (consider_randfile) /* explanation does not apply when a file is explicitly named */ + if (!dont_warn) { - BIO_printf(bio_e,"Consider setting the RANDFILE environment variable to point at a file that\n"); - BIO_printf(bio_e,"'random' data can be kept in (the file will be overwritten).\n"); + BIO_printf(bio_e,"unable to load 'random state'\n"); + BIO_printf(bio_e,"This means that the random number generator has not been seeded\n"); + BIO_printf(bio_e,"with much random data.\n"); + if (consider_randfile) /* explanation does not apply when a file is explicitly named */ + { + BIO_printf(bio_e,"Consider setting the RANDFILE environment variable to point at a file that\n"); + BIO_printf(bio_e,"'random' data can be kept in (the file will be overwritten).\n"); + } } + return 0; } - return 0; } seeded = 1; return 1; diff --git a/crypto/openssl/apps/apps.c b/crypto/openssl/apps/apps.c index 618e34c..4a8c926 100644 --- a/crypto/openssl/apps/apps.c +++ b/crypto/openssl/apps/apps.c @@ -55,25 +55,111 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <sys/types.h> #include <sys/stat.h> -#define NON_MAIN -#include "apps.h" -#undef NON_MAIN +#include <ctype.h> #include <openssl/err.h> #include <openssl/x509.h> +#include <openssl/x509v3.h> #include <openssl/pem.h> #include <openssl/pkcs12.h> +#include <openssl/ui.h> #include <openssl/safestack.h> +#include <openssl/engine.h> + +#ifdef OPENSSL_SYS_WINDOWS +#define strcasecmp _stricmp +#else +# ifdef NO_STRINGS_H + int strcasecmp(); +# else +# include <strings.h> +# endif /* NO_STRINGS_H */ +#endif -#ifdef WINDOWS +#define NON_MAIN +#include "apps.h" +#undef NON_MAIN + +#ifdef OPENSSL_SYS_WINDOWS # include "bss_file.c" #endif +typedef struct { + char *name; + unsigned long flag; + unsigned long mask; +} NAME_EX_TBL; + +static UI_METHOD *ui_method = NULL; + +static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl); +static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl); + +#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) +/* Looks like this stuff is worth moving into separate function */ +static EVP_PKEY * +load_netscape_key(BIO *err, BIO *key, const char *file, + const char *key_descrip, int format); +#endif + int app_init(long mesgwin); #ifdef undef /* never finished - probably never will be :-) */ int args_from_file(char *file, int *argc, char **argv[]) @@ -170,11 +256,13 @@ int str2fmt(char *s) || (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0) || (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0)) return(FORMAT_PKCS12); + else if ((*s == 'E') || (*s == 'e')) + return(FORMAT_ENGINE); else return(FORMAT_UNDEF); } -#if defined(MSDOS) || defined(WIN32) || defined(WIN16) +#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) void program_name(char *in, char *out, int size) { int i,n; @@ -212,7 +300,7 @@ void program_name(char *in, char *out, int size) out[n]='\0'; } #else -#ifdef VMS +#ifdef OPENSSL_SYS_VMS void program_name(char *in, char *out, int size) { char *p=in, *q; @@ -249,28 +337,65 @@ void program_name(char *in, char *out, int size) p++; else p=in; - strncpy(out,p,size-1); - out[size-1]='\0'; + BUF_strlcpy(out,p,size); } #endif #endif -#ifdef WIN32 +#ifdef OPENSSL_SYS_WIN32 int WIN32_rename(char *from, char *to) { -#ifdef WINNT - int ret; -/* Note: MoveFileEx() doesn't work under Win95, Win98 */ - - ret=MoveFileEx(from,to,MOVEFILE_REPLACE_EXISTING|MOVEFILE_COPY_ALLOWED); - return(ret?0:-1); +#ifndef OPENSSL_SYS_WINCE + /* Windows rename gives an error if 'to' exists, so delete it + * first and ignore file not found errror + */ + if((remove(to) != 0) && (errno != ENOENT)) + return -1; +#undef rename + return rename(from, to); #else - unlink(to); - return MoveFile(from, to); + /* convert strings to UNICODE */ + { + BOOL result = FALSE; + WCHAR* wfrom; + WCHAR* wto; + int i; + wfrom = malloc((strlen(from)+1)*2); + wto = malloc((strlen(to)+1)*2); + if (wfrom != NULL && wto != NULL) + { + for (i=0; i<(int)strlen(from)+1; i++) + wfrom[i] = (short)from[i]; + for (i=0; i<(int)strlen(to)+1; i++) + wto[i] = (short)to[i]; + result = MoveFile(wfrom, wto); + } + if (wfrom != NULL) + free(wfrom); + if (wto != NULL) + free(wto); + return result; + } #endif } #endif +#ifdef OPENSSL_SYS_VMS +int VMS_strcasecmp(const char *str1, const char *str2) + { + while (*str1 && *str2) + { + int res = toupper(*str1) - toupper(*str2); + if (res) return res < 0 ? -1 : 1; + } + if (*str1) + return 1; + if (*str2) + return -1; + return 0; + } +#endif + int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[]) { int num,len,i; @@ -346,18 +471,175 @@ int app_init(long mesgwin) int dump_cert_text (BIO *out, X509 *x) { - char buf[256]; - X509_NAME_oneline(X509_get_subject_name(x),buf,256); + char *p; + + p=X509_NAME_oneline(X509_get_subject_name(x),NULL,0); BIO_puts(out,"subject="); - BIO_puts(out,buf); + BIO_puts(out,p); + OPENSSL_free(p); - X509_NAME_oneline(X509_get_issuer_name(x),buf,256); - BIO_puts(out,"\nissuer= "); - BIO_puts(out,buf); + p=X509_NAME_oneline(X509_get_issuer_name(x),NULL,0); + BIO_puts(out,"\nissuer="); + BIO_puts(out,p); BIO_puts(out,"\n"); - return 0; + OPENSSL_free(p); + + return 0; } +static int ui_open(UI *ui) + { + return UI_method_get_opener(UI_OpenSSL())(ui); + } +static int ui_read(UI *ui, UI_STRING *uis) + { + if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD + && UI_get0_user_data(ui)) + { + switch(UI_get_string_type(uis)) + { + case UIT_PROMPT: + case UIT_VERIFY: + { + const char *password = + ((PW_CB_DATA *)UI_get0_user_data(ui))->password; + if (password[0] != '\0') + { + UI_set_result(ui, uis, password); + return 1; + } + } + default: + break; + } + } + return UI_method_get_reader(UI_OpenSSL())(ui, uis); + } +static int ui_write(UI *ui, UI_STRING *uis) + { + if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD + && UI_get0_user_data(ui)) + { + switch(UI_get_string_type(uis)) + { + case UIT_PROMPT: + case UIT_VERIFY: + { + const char *password = + ((PW_CB_DATA *)UI_get0_user_data(ui))->password; + if (password[0] != '\0') + return 1; + } + default: + break; + } + } + return UI_method_get_writer(UI_OpenSSL())(ui, uis); + } +static int ui_close(UI *ui) + { + return UI_method_get_closer(UI_OpenSSL())(ui); + } +int setup_ui_method(void) + { + ui_method = UI_create_method("OpenSSL application user interface"); + UI_method_set_opener(ui_method, ui_open); + UI_method_set_reader(ui_method, ui_read); + UI_method_set_writer(ui_method, ui_write); + UI_method_set_closer(ui_method, ui_close); + return 0; + } +void destroy_ui_method(void) + { + if(ui_method) + { + UI_destroy_method(ui_method); + ui_method = NULL; + } + } +int password_callback(char *buf, int bufsiz, int verify, + PW_CB_DATA *cb_tmp) + { + UI *ui = NULL; + int res = 0; + const char *prompt_info = NULL; + const char *password = NULL; + PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp; + + if (cb_data) + { + if (cb_data->password) + password = cb_data->password; + if (cb_data->prompt_info) + prompt_info = cb_data->prompt_info; + } + + if (password) + { + res = strlen(password); + if (res > bufsiz) + res = bufsiz; + memcpy(buf, password, res); + return res; + } + + ui = UI_new_method(ui_method); + if (ui) + { + int ok = 0; + char *buff = NULL; + int ui_flags = 0; + char *prompt = NULL; + + prompt = UI_construct_prompt(ui, "pass phrase", + cb_data->prompt_info); + + ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD; + UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0); + + if (ok >= 0) + ok = UI_add_input_string(ui,prompt,ui_flags,buf, + PW_MIN_LENGTH,BUFSIZ-1); + if (ok >= 0 && verify) + { + buff = (char *)OPENSSL_malloc(bufsiz); + ok = UI_add_verify_string(ui,prompt,ui_flags,buff, + PW_MIN_LENGTH,BUFSIZ-1, buf); + } + if (ok >= 0) + do + { + ok = UI_process(ui); + } + while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0)); + + if (buff) + { + OPENSSL_cleanse(buff,(unsigned int)bufsiz); + OPENSSL_free(buff); + } + + if (ok >= 0) + res = strlen(buf); + if (ok == -1) + { + BIO_printf(bio_err, "User interface error\n"); + ERR_print_errors(bio_err); + OPENSSL_cleanse(buf,(unsigned int)bufsiz); + res = 0; + } + if (ok == -2) + { + BIO_printf(bio_err,"aborted!\n"); + OPENSSL_cleanse(buf,(unsigned int)bufsiz); + res = 0; + } + UI_free(ui); + OPENSSL_free(prompt); + } + return res; + } + static char *app_get_pass(BIO *err, char *arg, int keepbio); int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2) @@ -433,14 +715,18 @@ static char *app_get_pass(BIO *err, char *arg, int keepbio) return BUF_strdup(tpass); } -int add_oid_section(BIO *err, LHASH *conf) +int add_oid_section(BIO *err, CONF *conf) { char *p; STACK_OF(CONF_VALUE) *sktmp; CONF_VALUE *cnf; int i; - if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1; - if(!(sktmp = CONF_get_section(conf, p))) { + if(!(p=NCONF_get_string(conf,NULL,"oid_section"))) + { + ERR_clear_error(); + return 1; + } + if(!(sktmp = NCONF_get_section(conf, p))) { BIO_printf(err, "problem loading oid section %s\n", p); return 0; } @@ -455,7 +741,8 @@ int add_oid_section(BIO *err, LHASH *conf) return 1; } -X509 *load_cert(BIO *err, char *file, int format) +X509 *load_cert(BIO *err, const char *file, int format, + const char *pass, ENGINE *e, const char *cert_descrip) { ASN1_HEADER *ah=NULL; BUF_MEM *buf=NULL; @@ -469,12 +756,17 @@ X509 *load_cert(BIO *err, char *file, int format) } if (file == NULL) + { + setvbuf(stdin, NULL, _IONBF, 0); BIO_set_fp(cert,stdin,BIO_NOCLOSE); + } else { if (BIO_read_filename(cert,file) <= 0) { - perror(file); + BIO_printf(err, "Error opening %s %s\n", + cert_descrip, file); + ERR_print_errors(err); goto end; } } @@ -525,7 +817,8 @@ X509 *load_cert(BIO *err, char *file, int format) ah->data=NULL; } else if (format == FORMAT_PEM) - x=PEM_read_bio_X509_AUX(cert,NULL,NULL,NULL); + x=PEM_read_bio_X509_AUX(cert,NULL, + (pem_password_cb *)password_callback, NULL); else if (format == FORMAT_PKCS12) { PKCS12 *p12 = d2i_PKCS12_bio(cert, NULL); @@ -535,7 +828,8 @@ X509 *load_cert(BIO *err, char *file, int format) p12 = NULL; } else { - BIO_printf(err,"bad input format specified for input cert\n"); + BIO_printf(err,"bad input format specified for %s\n", + cert_descrip); goto end; } end: @@ -550,35 +844,62 @@ end: return(x); } -EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass) +EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin, + const char *pass, ENGINE *e, const char *key_descrip) { BIO *key=NULL; EVP_PKEY *pkey=NULL; + PW_CB_DATA cb_data; - if (file == NULL) + cb_data.password = pass; + cb_data.prompt_info = file; + + if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE)) { BIO_printf(err,"no keyfile specified\n"); goto end; } + if (format == FORMAT_ENGINE) + { + if (!e) + BIO_printf(bio_err,"no engine specified\n"); + else + pkey = ENGINE_load_private_key(e, file, + ui_method, &cb_data); + goto end; + } key=BIO_new(BIO_s_file()); if (key == NULL) { ERR_print_errors(err); goto end; } - if (BIO_read_filename(key,file) <= 0) + if (file == NULL && maybe_stdin) { - perror(file); - goto end; + setvbuf(stdin, NULL, _IONBF, 0); + BIO_set_fp(key,stdin,BIO_NOCLOSE); } + else + if (BIO_read_filename(key,file) <= 0) + { + BIO_printf(err, "Error opening %s %s\n", + key_descrip, file); + ERR_print_errors(err); + goto end; + } if (format == FORMAT_ASN1) { pkey=d2i_PrivateKey_bio(key, NULL); } else if (format == FORMAT_PEM) { - pkey=PEM_read_bio_PrivateKey(key,NULL,NULL,pass); + pkey=PEM_read_bio_PrivateKey(key,NULL, + (pem_password_cb *)password_callback, &cb_data); } +#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) + else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC) + pkey = load_netscape_key(err, key, file, key_descrip, format); +#endif else if (format == FORMAT_PKCS12) { PKCS12 *p12 = d2i_PKCS12_bio(key, NULL); @@ -589,36 +910,58 @@ EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass) } else { - BIO_printf(err,"bad input format specified for key\n"); + BIO_printf(err,"bad input format specified for key file\n"); goto end; } end: if (key != NULL) BIO_free(key); if (pkey == NULL) - BIO_printf(err,"unable to load Private Key\n"); + BIO_printf(err,"unable to load %s\n", key_descrip); return(pkey); } -EVP_PKEY *load_pubkey(BIO *err, char *file, int format) +EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, + const char *pass, ENGINE *e, const char *key_descrip) { BIO *key=NULL; EVP_PKEY *pkey=NULL; + PW_CB_DATA cb_data; - if (file == NULL) + cb_data.password = pass; + cb_data.prompt_info = file; + + if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE)) { BIO_printf(err,"no keyfile specified\n"); goto end; } + if (format == FORMAT_ENGINE) + { + if (!e) + BIO_printf(bio_err,"no engine specified\n"); + else + pkey = ENGINE_load_public_key(e, file, + ui_method, &cb_data); + goto end; + } key=BIO_new(BIO_s_file()); if (key == NULL) { ERR_print_errors(err); goto end; } - if (BIO_read_filename(key,file) <= 0) + if (file == NULL && maybe_stdin) { - perror(file); - goto end; + setvbuf(stdin, NULL, _IONBF, 0); + BIO_set_fp(key,stdin,BIO_NOCLOSE); + } + else + if (BIO_read_filename(key,file) <= 0) + { + BIO_printf(err, "Error opening %s %s\n", + key_descrip, file); + ERR_print_errors(err); + goto end; } if (format == FORMAT_ASN1) { @@ -626,27 +969,83 @@ EVP_PKEY *load_pubkey(BIO *err, char *file, int format) } else if (format == FORMAT_PEM) { - pkey=PEM_read_bio_PUBKEY(key,NULL,NULL,NULL); + pkey=PEM_read_bio_PUBKEY(key,NULL, + (pem_password_cb *)password_callback, &cb_data); } +#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) + else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC) + pkey = load_netscape_key(err, key, file, key_descrip, format); +#endif else { - BIO_printf(err,"bad input format specified for key\n"); + BIO_printf(err,"bad input format specified for key file\n"); goto end; } end: if (key != NULL) BIO_free(key); if (pkey == NULL) - BIO_printf(err,"unable to load Public Key\n"); + BIO_printf(err,"unable to load %s\n", key_descrip); return(pkey); } -STACK_OF(X509) *load_certs(BIO *err, char *file, int format) +#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) +static EVP_PKEY * +load_netscape_key(BIO *err, BIO *key, const char *file, + const char *key_descrip, int format) + { + EVP_PKEY *pkey; + BUF_MEM *buf; + RSA *rsa; + const unsigned char *p; + int size, i; + + buf=BUF_MEM_new(); + pkey = EVP_PKEY_new(); + size = 0; + if (buf == NULL || pkey == NULL) + goto error; + for (;;) + { + if (!BUF_MEM_grow_clean(buf,size+1024*10)) + goto error; + i = BIO_read(key, &(buf->data[size]), 1024*10); + size += i; + if (i == 0) + break; + if (i < 0) + { + BIO_printf(err, "Error reading %s %s", + key_descrip, file); + goto error; + } + } + p=(unsigned char *)buf->data; + rsa = d2i_RSA_NET(NULL,&p,(long)size,NULL, + (format == FORMAT_IISSGC ? 1 : 0)); + if (rsa == NULL) + goto error; + BUF_MEM_free(buf); + EVP_PKEY_set1_RSA(pkey, rsa); + return pkey; +error: + BUF_MEM_free(buf); + EVP_PKEY_free(pkey); + return NULL; + } +#endif /* ndef OPENSSL_NO_RC4 */ + +STACK_OF(X509) *load_certs(BIO *err, const char *file, int format, + const char *pass, ENGINE *e, const char *cert_descrip) { BIO *certs; int i; STACK_OF(X509) *othercerts = NULL; STACK_OF(X509_INFO) *allcerts = NULL; X509_INFO *xi; + PW_CB_DATA cb_data; + + cb_data.password = pass; + cb_data.prompt_info = file; if((certs = BIO_new(BIO_s_file())) == NULL) { @@ -660,7 +1059,9 @@ STACK_OF(X509) *load_certs(BIO *err, char *file, int format) { if (BIO_read_filename(certs,file) <= 0) { - perror(file); + BIO_printf(err, "Error opening %s %s\n", + cert_descrip, file); + ERR_print_errors(err); goto end; } } @@ -674,7 +1075,8 @@ STACK_OF(X509) *load_certs(BIO *err, char *file, int format) othercerts = NULL; goto end; } - allcerts = PEM_X509_INFO_read_bio(certs, NULL, NULL, NULL); + allcerts = PEM_X509_INFO_read_bio(certs, NULL, + (pem_password_cb *)password_callback, &cb_data); for(i = 0; i < sk_X509_INFO_num(allcerts); i++) { xi = sk_X509_INFO_value (allcerts, i); @@ -687,7 +1089,8 @@ STACK_OF(X509) *load_certs(BIO *err, char *file, int format) goto end; } else { - BIO_printf(err,"bad input format specified for input cert\n"); + BIO_printf(err,"bad input format specified for %s\n", + cert_descrip); goto end; } end: @@ -701,16 +1104,49 @@ end: return(othercerts); } -typedef struct { - char *name; - unsigned long flag; - unsigned long mask; -} NAME_EX_TBL; + +#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) +/* Return error for unknown extensions */ +#define X509V3_EXT_DEFAULT 0 +/* Print error for unknown extensions */ +#define X509V3_EXT_ERROR_UNKNOWN (1L << 16) +/* ASN1 parse unknown extensions */ +#define X509V3_EXT_PARSE_UNKNOWN (2L << 16) +/* BIO_dump unknown extensions */ +#define X509V3_EXT_DUMP_UNKNOWN (3L << 16) + +#define X509_FLAG_CA (X509_FLAG_NO_ISSUER | X509_FLAG_NO_PUBKEY | \ + X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION) + +int set_cert_ex(unsigned long *flags, const char *arg) +{ + static const NAME_EX_TBL cert_tbl[] = { + { "compatible", X509_FLAG_COMPAT, 0xffffffffl}, + { "ca_default", X509_FLAG_CA, 0xffffffffl}, + { "no_header", X509_FLAG_NO_HEADER, 0}, + { "no_version", X509_FLAG_NO_VERSION, 0}, + { "no_serial", X509_FLAG_NO_SERIAL, 0}, + { "no_signame", X509_FLAG_NO_SIGNAME, 0}, + { "no_validity", X509_FLAG_NO_VALIDITY, 0}, + { "no_subject", X509_FLAG_NO_SUBJECT, 0}, + { "no_issuer", X509_FLAG_NO_ISSUER, 0}, + { "no_pubkey", X509_FLAG_NO_PUBKEY, 0}, + { "no_extensions", X509_FLAG_NO_EXTENSIONS, 0}, + { "no_sigdump", X509_FLAG_NO_SIGDUMP, 0}, + { "no_aux", X509_FLAG_NO_AUX, 0}, + { "no_attributes", X509_FLAG_NO_ATTRIBUTES, 0}, + { "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK}, + { "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK}, + { "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK}, + { "ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK}, + { NULL, 0, 0} + }; + return set_multi_opts(flags, arg, cert_tbl); +} int set_name_ex(unsigned long *flags, const char *arg) { - char c; - const NAME_EX_TBL *ptbl, ex_tbl[] = { + static const NAME_EX_TBL ex_tbl[] = { { "esc_2253", ASN1_STRFLGS_ESC_2253, 0}, { "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0}, { "esc_msb", ASN1_STRFLGS_ESC_MSB, 0}, @@ -730,15 +1166,95 @@ int set_name_ex(unsigned long *flags, const char *arg) { "nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK}, { "sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK}, { "lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK}, + { "align", XN_FLAG_FN_ALIGN, 0}, { "oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK}, { "space_eq", XN_FLAG_SPC_EQ, 0}, { "dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0}, { "RFC2253", XN_FLAG_RFC2253, 0xffffffffL}, { "oneline", XN_FLAG_ONELINE, 0xffffffffL}, { "multiline", XN_FLAG_MULTILINE, 0xffffffffL}, + { "ca_default", XN_FLAG_MULTILINE, 0xffffffffL}, { NULL, 0, 0} }; + return set_multi_opts(flags, arg, ex_tbl); +} + +int set_ext_copy(int *copy_type, const char *arg) +{ + if (!strcasecmp(arg, "none")) + *copy_type = EXT_COPY_NONE; + else if (!strcasecmp(arg, "copy")) + *copy_type = EXT_COPY_ADD; + else if (!strcasecmp(arg, "copyall")) + *copy_type = EXT_COPY_ALL; + else + return 0; + return 1; +} + +int copy_extensions(X509 *x, X509_REQ *req, int copy_type) +{ + STACK_OF(X509_EXTENSION) *exts = NULL; + X509_EXTENSION *ext, *tmpext; + ASN1_OBJECT *obj; + int i, idx, ret = 0; + if (!x || !req || (copy_type == EXT_COPY_NONE)) + return 1; + exts = X509_REQ_get_extensions(req); + + for(i = 0; i < sk_X509_EXTENSION_num(exts); i++) { + ext = sk_X509_EXTENSION_value(exts, i); + obj = X509_EXTENSION_get_object(ext); + idx = X509_get_ext_by_OBJ(x, obj, -1); + /* Does extension exist? */ + if (idx != -1) { + /* If normal copy don't override existing extension */ + if (copy_type == EXT_COPY_ADD) + continue; + /* Delete all extensions of same type */ + do { + tmpext = X509_get_ext(x, idx); + X509_delete_ext(x, idx); + X509_EXTENSION_free(tmpext); + idx = X509_get_ext_by_OBJ(x, obj, -1); + } while (idx != -1); + } + if (!X509_add_ext(x, ext, -1)) + goto end; + } + + ret = 1; + end: + + sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); + + return ret; +} + + + + +static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl) +{ + STACK_OF(CONF_VALUE) *vals; + CONF_VALUE *val; + int i, ret = 1; + if(!arg) return 0; + vals = X509V3_parse_list(arg); + for (i = 0; i < sk_CONF_VALUE_num(vals); i++) { + val = sk_CONF_VALUE_value(vals, i); + if (!set_table_opts(flags, val->name, in_tbl)) + ret = 0; + } + sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); + return ret; +} + +static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl) +{ + char c; + const NAME_EX_TBL *ptbl; c = arg[0]; if(c == '-') { @@ -749,8 +1265,8 @@ int set_name_ex(unsigned long *flags, const char *arg) arg++; } else c = 1; - for(ptbl = ex_tbl; ptbl->name; ptbl++) { - if(!strcmp(arg, ptbl->name)) { + for(ptbl = in_tbl; ptbl->name; ptbl++) { + if(!strcasecmp(arg, ptbl->name)) { *flags &= ~ptbl->mask; if(c) *flags |= ptbl->flag; else *flags &= ~ptbl->flag; @@ -765,6 +1281,7 @@ void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags) char *buf; char mline = 0; int indent = 0; + if(title) BIO_puts(out, title); if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { mline = 1; @@ -782,3 +1299,122 @@ void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags) } } +X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath) +{ + X509_STORE *store; + X509_LOOKUP *lookup; + if(!(store = X509_STORE_new())) goto end; + lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file()); + if (lookup == NULL) goto end; + if (CAfile) { + if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) { + BIO_printf(bp, "Error loading file %s\n", CAfile); + goto end; + } + } else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT); + + lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir()); + if (lookup == NULL) goto end; + if (CApath) { + if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) { + BIO_printf(bp, "Error loading directory %s\n", CApath); + goto end; + } + } else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT); + + ERR_clear_error(); + return store; + end: + X509_STORE_free(store); + return NULL; +} + +/* Try to load an engine in a shareable library */ +static ENGINE *try_load_engine(BIO *err, const char *engine, int debug) + { + ENGINE *e = ENGINE_by_id("dynamic"); + if (e) + { + if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0) + || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)) + { + ENGINE_free(e); + e = NULL; + } + } + return e; + } + +ENGINE *setup_engine(BIO *err, const char *engine, int debug) + { + ENGINE *e = NULL; + + if (engine) + { + if(strcmp(engine, "auto") == 0) + { + BIO_printf(err,"enabling auto ENGINE support\n"); + ENGINE_register_all_complete(); + return NULL; + } + if((e = ENGINE_by_id(engine)) == NULL + && (e = try_load_engine(err, engine, debug)) == NULL) + { + BIO_printf(err,"invalid engine \"%s\"\n", engine); + ERR_print_errors(err); + return NULL; + } + if (debug) + { + ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM, + 0, err, 0); + } + ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1); + if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) + { + BIO_printf(err,"can't use that engine\n"); + ERR_print_errors(err); + ENGINE_free(e); + return NULL; + } + + BIO_printf(err,"engine \"%s\" set.\n", ENGINE_get_id(e)); + + /* Free our "structural" reference. */ + ENGINE_free(e); + } + return e; + } + +int load_config(BIO *err, CONF *cnf) + { + if (!cnf) + cnf = config; + if (!cnf) + return 1; + + OPENSSL_load_builtin_modules(); + + if (CONF_modules_load(cnf, NULL, 0) <= 0) + { + BIO_printf(err, "Error configuring OpenSSL\n"); + ERR_print_errors(err); + return 0; + } + return 1; + } + +char *make_config_name() + { + const char *t=X509_get_default_cert_area(); + char *p; + + p=OPENSSL_malloc(strlen(t)+strlen(OPENSSL_CONF)+2); + strcpy(p,t); +#ifndef OPENSSL_SYS_VMS + strcat(p,"/"); +#endif + strcat(p,OPENSSL_CONF); + + return p; + } diff --git a/crypto/openssl/apps/apps.h b/crypto/openssl/apps/apps.h index 82587b9..7b1f8de 100644 --- a/crypto/openssl/apps/apps.h +++ b/crypto/openssl/apps/apps.h @@ -55,11 +55,64 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #ifndef HEADER_APPS_H #define HEADER_APPS_H -#include "openssl/e_os.h" +#include "e_os.h" #include <openssl/buffer.h> #include <openssl/bio.h> @@ -67,6 +120,9 @@ #include <openssl/x509.h> #include <openssl/lhash.h> #include <openssl/conf.h> +#include <openssl/txt_db.h> +#include <openssl/engine.h> +#include <openssl/ossl_typ.h> int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn); int app_RAND_write_file(const char *file, BIO *bio_e); @@ -78,29 +134,33 @@ long app_RAND_load_files(char *file); /* `file' is a list of files to read, * (see e_os.h). The string is * destroyed! */ -#ifdef NO_STDIO -BIO_METHOD *BIO_s_file(); -#endif - -#ifdef WIN32 +#ifdef OPENSSL_SYS_WIN32 #define rename(from,to) WIN32_rename((from),(to)) int WIN32_rename(char *oldname,char *newname); #endif +/* VMS below version 7.0 doesn't have strcasecmp() */ +#ifdef OPENSSL_SYS_VMS +#define strcasecmp(str1,str2) VMS_strcasecmp((str1),(str2)) +int VMS_strcasecmp(const char *str1, const char *str2); +#endif + #ifndef MONOLITH #define MAIN(a,v) main(a,v) #ifndef NON_MAIN +CONF *config=NULL; BIO *bio_err=NULL; #else +extern CONF *config; extern BIO *bio_err; #endif #else #define MAIN(a,v) PROG(a,v) -extern LHASH *config; +extern CONF *config; extern char *default_config_file; extern BIO *bio_err; @@ -115,21 +175,34 @@ extern BIO *bio_err; #endif #if defined(MONOLITH) && !defined(OPENSSL_C) -# define apps_startup() do_pipe_sig() +# define apps_startup() \ + do_pipe_sig() +# define apps_shutdown() #else -# if defined(MSDOS) || defined(WIN16) || defined(WIN32) +# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \ + defined(OPENSSL_SYS_WIN32) # ifdef _O_BINARY # define apps_startup() \ - _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ - SSLeay_add_all_algorithms() + do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ + ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ + ENGINE_load_builtin_engines(); setup_ui_method(); } while(0) # else # define apps_startup() \ - _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ - SSLeay_add_all_algorithms() + do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ + ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ + ENGINE_load_builtin_engines(); setup_ui_method(); } while(0) # endif # else -# define apps_startup() do_pipe_sig(); SSLeay_add_all_algorithms(); +# define apps_startup() \ + do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \ + ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \ + setup_ui_method(); } while(0) # endif +# define apps_shutdown() \ + do { CONF_modules_unload(1); destroy_ui_method(); \ + EVP_cleanup(); ENGINE_cleanup(); \ + CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \ + ERR_free_strings(); } while(0) #endif typedef struct args_st @@ -138,6 +211,19 @@ typedef struct args_st int count; } ARGS; +#define PW_MIN_LENGTH 4 +typedef struct pw_cb_data + { + const void *password; + const char *prompt_info; + } PW_CB_DATA; + +int password_callback(char *buf, int bufsiz, int verify, + PW_CB_DATA *cb_data); + +int setup_ui_method(void); +void destroy_ui_method(void); + int should_retry(int i); int args_from_file(char *file, int *argc, char **argv[]); int str2fmt(char *s); @@ -147,13 +233,32 @@ int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]); int dump_cert_text(BIO *out, X509 *x); void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags); #endif +int set_cert_ex(unsigned long *flags, const char *arg); int set_name_ex(unsigned long *flags, const char *arg); +int set_ext_copy(int *copy_type, const char *arg); +int copy_extensions(X509 *x, X509_REQ *req, int copy_type); int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2); -int add_oid_section(BIO *err, LHASH *conf); -X509 *load_cert(BIO *err, char *file, int format); -EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass); -EVP_PKEY *load_pubkey(BIO *err, char *file, int format); -STACK_OF(X509) *load_certs(BIO *err, char *file, int format); +int add_oid_section(BIO *err, CONF *conf); +X509 *load_cert(BIO *err, const char *file, int format, + const char *pass, ENGINE *e, const char *cert_descrip); +EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin, + const char *pass, ENGINE *e, const char *key_descrip); +EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, + const char *pass, ENGINE *e, const char *key_descrip); +STACK_OF(X509) *load_certs(BIO *err, const char *file, int format, + const char *pass, ENGINE *e, const char *cert_descrip); +X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath); +ENGINE *setup_engine(BIO *err, const char *engine, int debug); + +int load_config(BIO *err, CONF *cnf); +char *make_config_name(void); + +/* Functions defined in ca.c and also used in ocsp.c */ +int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, + ASN1_GENERALIZEDTIME **pinvtm, char *str); +int make_serial_index(TXT_DB *db); + +X509_NAME *do_subject(char *str, long chtype); #define FORMAT_UNDEF 0 #define FORMAT_ASN1 1 @@ -162,6 +267,13 @@ STACK_OF(X509) *load_certs(BIO *err, char *file, int format); #define FORMAT_NETSCAPE 4 #define FORMAT_PKCS12 5 #define FORMAT_SMIME 6 +#define FORMAT_ENGINE 7 +#define FORMAT_IISSGC 8 /* XXX this stupid macro helps us to avoid + * adding yet another param to load_*key() */ + +#define EXT_COPY_NONE 0 +#define EXT_COPY_ADD 1 +#define EXT_COPY_ALL 2 #define NETSCAPE_CERT_HDR "certificate" diff --git a/crypto/openssl/apps/asn1pars.c b/crypto/openssl/apps/asn1pars.c index 5339166..8367415 100644 --- a/crypto/openssl/apps/asn1pars.c +++ b/crypto/openssl/apps/asn1pars.c @@ -103,6 +103,9 @@ int MAIN(int argc, char **argv) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if (!load_config(bio_err, NULL)) + goto end; + prog=argv[0]; argc--; argv++; @@ -205,7 +208,7 @@ bad: goto end; } BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); -#ifdef VMS +#ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); @@ -328,6 +331,7 @@ end: if (at != NULL) ASN1_TYPE_free(at); if (osk != NULL) sk_free(osk); OBJ_cleanup(); - EXIT(ret); + apps_shutdown(); + OPENSSL_EXIT(ret); } diff --git a/crypto/openssl/apps/ca.c b/crypto/openssl/apps/ca.c index 0618bb5..93e61f6 100644 --- a/crypto/openssl/apps/ca.c +++ b/crypto/openssl/apps/ca.c @@ -61,9 +61,9 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> +#include <ctype.h> #include <sys/types.h> #include <sys/stat.h> -#include "apps.h" #include <openssl/conf.h> #include <openssl/bio.h> #include <openssl/err.h> @@ -73,20 +73,33 @@ #include <openssl/x509.h> #include <openssl/x509v3.h> #include <openssl/objects.h> +#include <openssl/ocsp.h> #include <openssl/pem.h> +#ifdef OPENSSL_SYS_WINDOWS +#define strcasecmp _stricmp +#else +# ifdef NO_STRINGS_H + int strcasecmp(); +# else +# include <strings.h> +# endif /* NO_STRINGS_H */ +#endif + #ifndef W_OK -# ifdef VMS +# ifdef OPENSSL_SYS_VMS # if defined(__DECC) # include <unistd.h> # else # include <unixlib.h> # endif -# elif !defined(VXWORKS) +# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) # include <sys/file.h> # endif #endif +#include "apps.h" + #ifndef W_OK # define F_OK 0 # define X_OK 1 @@ -118,11 +131,15 @@ #define ENV_DEFAULT_CRL_DAYS "default_crl_days" #define ENV_DEFAULT_CRL_HOURS "default_crl_hours" #define ENV_DEFAULT_MD "default_md" +#define ENV_DEFAULT_EMAIL_DN "email_in_dn" #define ENV_PRESERVE "preserve" #define ENV_POLICY "policy" #define ENV_EXTENSIONS "x509_extensions" #define ENV_CRLEXT "crl_extensions" #define ENV_MSIE_HACK "msie_hack" +#define ENV_NAMEOPT "name_opt" +#define ENV_CERTOPT "cert_opt" +#define ENV_EXTCOPY "copy_extensions" #define ENV_DATABASE "database" @@ -138,6 +155,14 @@ #define DB_TYPE_EXP 'E' #define DB_TYPE_VAL 'V' +/* Additional revocation information types */ + +#define REV_NONE 0 /* No addditional information */ +#define REV_CRL_REASON 1 /* Value is CRL reason code */ +#define REV_HOLD 2 /* Value is hold instruction */ +#define REV_KEY_COMPROMISE 3 /* Value is cert key compromise time */ +#define REV_CA_COMPROMISE 4 /* Value is CA key compromise time */ + static char *ca_usage[]={ "usage: ca args\n", "\n", @@ -152,7 +177,8 @@ static char *ca_usage[]={ " -days arg - number of days to certify the certificate for\n", " -md arg - md to use, one of md2, md5, sha or sha1\n", " -policy arg - The CA 'policy' to support\n", -" -keyfile arg - PEM private key file\n", +" -keyfile arg - private key file\n", +" -keyform arg - private key file format (PEM or ENGINE)\n", " -key arg - key to decode the private key if it is encrypted\n", " -cert file - The CA certificate\n", " -in file - The input PEM encoded certificate request(s)\n", @@ -162,11 +188,17 @@ static char *ca_usage[]={ " -spkac file - File contains DN and signed public key and challenge\n", " -ss_cert file - File contains a self signed cert to sign\n", " -preserveDN - Don't re-order the DN\n", +" -noemailDN - Don't add the EMAIL field into certificate' subject\n", " -batch - Don't ask questions\n", " -msie_hack - msie modifications to handle all those universal strings\n", " -revoke file - Revoke a certificate (given in file)\n", +" -subj arg - Use arg instead of request's subject\n", " -extensions .. - Extension section (override value in config file)\n", +" -extfile file - Configuration file with X509v3 extentions to add\n", " -crlexts .. - CRL extension section (override value in config file)\n", +" -engine e - use engine e, possibly a hardware device.\n", +" -status serial - Shows certificate status given the serial number\n", +" -updatedb - Updates db for expired certificates\n", NULL }; @@ -177,54 +209,77 @@ extern int EF_ALIGNMENT; #endif static void lookup_fail(char *name,char *tag); -static unsigned long index_serial_hash(char **a); -static int index_serial_cmp(char **a, char **b); -static unsigned long index_name_hash(char **a); +static unsigned long index_serial_hash(const char **a); +static int index_serial_cmp(const char **a, const char **b); +static unsigned long index_name_hash(const char **a); static int index_name_qual(char **a); -static int index_name_cmp(char **a,char **b); +static int index_name_cmp(const char **a,const char **b); static BIGNUM *load_serial(char *serialfile); static int save_serial(char *serialfile, BIGNUM *serial); static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,TXT_DB *db, - BIGNUM *serial, char *startdate,char *enddate, int days, - int batch, char *ext_sect, LHASH *conf,int verbose); + BIGNUM *serial, char *subj, int email_dn, char *startdate, + char *enddate, long days, int batch, char *ext_sect, CONF *conf, + int verbose, unsigned long certopt, unsigned long nameopt, + int default_op, int ext_copy); static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, - TXT_DB *db, BIGNUM *serial,char *startdate, - char *enddate, int days, int batch, char *ext_sect, - LHASH *conf,int verbose); + TXT_DB *db, BIGNUM *serial, char *subj, int email_dn, + char *startdate, char *enddate, long days, int batch, + char *ext_sect, CONF *conf,int verbose, unsigned long certopt, + unsigned long nameopt, int default_op, int ext_copy, + ENGINE *e); static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, - TXT_DB *db, BIGNUM *serial,char *startdate, - char *enddate, int days, char *ext_sect,LHASH *conf, - int verbose); + TXT_DB *db, BIGNUM *serial,char *subj, int email_dn, + char *startdate, char *enddate, long days, char *ext_sect, + CONF *conf, int verbose, unsigned long certopt, + unsigned long nameopt, int default_op, int ext_copy); static int fix_data(int nid, int *type); static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext); static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, - STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial, - char *startdate, char *enddate, int days, int batch, int verbose, - X509_REQ *req, char *ext_sect, LHASH *conf); -static int do_revoke(X509 *x509, TXT_DB *db); + STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,char *subj, + int email_dn, char *startdate, char *enddate, long days, int batch, + int verbose, X509_REQ *req, char *ext_sect, CONF *conf, + unsigned long certopt, unsigned long nameopt, int default_op, + int ext_copy); +static int do_revoke(X509 *x509, TXT_DB *db, int ext, char *extval); +static int get_certificate_status(const char *ser_status, TXT_DB *db); +static int do_updatedb(TXT_DB *db); static int check_time_format(char *str); -static LHASH *conf=NULL; +char *make_revocation_str(int rev_type, char *rev_arg); +int make_revoked(X509_REVOKED *rev, char *str); +int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str); +static CONF *conf=NULL; +static CONF *extconf=NULL; static char *section=NULL; static int preserve=0; static int msie_hack=0; +static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **) +static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **) +static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **) +static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **) + + int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; char *key=NULL,*passargin=NULL; + int free_key = 0; int total=0; int total_done=0; int badops=0; int ret=1; + int email_dn=1; int req=0; int verbose=0; int gencrl=0; int dorevoke=0; + int doupdatedb=0; long crldays=0; long crlhours=0; long errorline= -1; @@ -233,41 +288,53 @@ int MAIN(int argc, char **argv) char *policy=NULL; char *keyfile=NULL; char *certfile=NULL; + int keyform=FORMAT_PEM; char *infile=NULL; char *spkac_file=NULL; char *ss_cert_file=NULL; + char *ser_status=NULL; EVP_PKEY *pkey=NULL; int output_der = 0; char *outfile=NULL; char *outdir=NULL; char *serialfile=NULL; char *extensions=NULL; + char *extfile=NULL; + char *subj=NULL; + char *tmp_email_dn=NULL; char *crl_ext=NULL; + int rev_type = REV_NONE; + char *rev_arg = NULL; BIGNUM *serial=NULL; char *startdate=NULL; char *enddate=NULL; - int days=0; + long days=0; int batch=0; int notext=0; + unsigned long nameopt = 0, certopt = 0; + int default_op = 1; + int ext_copy = EXT_COPY_NONE; X509 *x509=NULL; X509 *x=NULL; BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL; char *dbfile=NULL; TXT_DB *db=NULL; X509_CRL *crl=NULL; - X509_CRL_INFO *ci=NULL; X509_REVOKED *r=NULL; + ASN1_TIME *tmptm; + ASN1_INTEGER *tmpser; char **pp,*p,*f; int i,j; long l; const EVP_MD *dgst=NULL; STACK_OF(CONF_VALUE) *attribs=NULL; STACK_OF(X509) *cert_sk=NULL; - BIO *hex=NULL; #undef BSIZE #define BSIZE 256 MS_STATIC char buf[3][BSIZE]; char *randfile=NULL; + char *engine = NULL; + char *tofree=NULL; #ifdef EFENCE EF_PROTECT_FREE=1; @@ -303,6 +370,12 @@ EF_ALIGNMENT=0; if (--argc < 1) goto bad; section= *(++argv); } + else if (strcmp(*argv,"-subj") == 0) + { + if (--argc < 1) goto bad; + subj= *(++argv); + /* preserve=1; */ + } else if (strcmp(*argv,"-startdate") == 0) { if (--argc < 1) goto bad; @@ -333,6 +406,11 @@ EF_ALIGNMENT=0; if (--argc < 1) goto bad; keyfile= *(++argv); } + else if (strcmp(*argv,"-keyform") == 0) + { + if (--argc < 1) goto bad; + keyform=str2fmt(*(++argv)); + } else if (strcmp(*argv,"-passin") == 0) { if (--argc < 1) goto bad; @@ -370,6 +448,8 @@ EF_ALIGNMENT=0; batch=1; else if (strcmp(*argv,"-preserveDN") == 0) preserve=1; + else if (strcmp(*argv,"-noemailDN") == 0) + email_dn=0; else if (strcmp(*argv,"-gencrl") == 0) gencrl=1; else if (strcmp(*argv,"-msie_hack") == 0) @@ -414,11 +494,54 @@ EF_ALIGNMENT=0; if (--argc < 1) goto bad; extensions= *(++argv); } + else if (strcmp(*argv,"-extfile") == 0) + { + if (--argc < 1) goto bad; + extfile= *(++argv); + } + else if (strcmp(*argv,"-status") == 0) + { + if (--argc < 1) goto bad; + ser_status= *(++argv); + } + else if (strcmp(*argv,"-updatedb") == 0) + { + doupdatedb=1; + } else if (strcmp(*argv,"-crlexts") == 0) { if (--argc < 1) goto bad; crl_ext= *(++argv); } + else if (strcmp(*argv,"-crl_reason") == 0) + { + if (--argc < 1) goto bad; + rev_arg = *(++argv); + rev_type = REV_CRL_REASON; + } + else if (strcmp(*argv,"-crl_hold") == 0) + { + if (--argc < 1) goto bad; + rev_arg = *(++argv); + rev_type = REV_HOLD; + } + else if (strcmp(*argv,"-crl_compromise") == 0) + { + if (--argc < 1) goto bad; + rev_arg = *(++argv); + rev_type = REV_KEY_COMPROMISE; + } + else if (strcmp(*argv,"-crl_CA_compromise") == 0) + { + if (--argc < 1) goto bad; + rev_arg = *(++argv); + rev_type = REV_CA_COMPROMISE; + } + else if (strcmp(*argv,"-engine") == 0) + { + if (--argc < 1) goto bad; + engine= *(++argv); + } else { bad: @@ -433,32 +556,37 @@ bad: if (badops) { for (pp=ca_usage; (*pp != NULL); pp++) - BIO_printf(bio_err,*pp); + BIO_printf(bio_err,"%s",*pp); goto err; } ERR_load_crypto_strings(); + e = setup_engine(bio_err, engine, 0); + /*****************************************************************/ + tofree=NULL; if (configfile == NULL) configfile = getenv("OPENSSL_CONF"); if (configfile == NULL) configfile = getenv("SSLEAY_CONF"); if (configfile == NULL) { - /* We will just use 'buf[0]' as a temporary buffer. */ -#ifdef VMS - strncpy(buf[0],X509_get_default_cert_area(), - sizeof(buf[0])-1-sizeof(CONFIG_FILE)); + const char *s=X509_get_default_cert_area(); + +#ifdef OPENSSL_SYS_VMS + tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE)); + strcpy(tofree,s); #else - strncpy(buf[0],X509_get_default_cert_area(), - sizeof(buf[0])-2-sizeof(CONFIG_FILE)); - strcat(buf[0],"/"); + tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE)+1); + strcpy(tofree,s); + strcat(tofree,"/"); #endif - strcat(buf[0],CONFIG_FILE); - configfile=buf[0]; + strcat(tofree,CONFIG_FILE); + configfile=tofree; } BIO_printf(bio_err,"Using configuration from %s\n",configfile); - if ((conf=CONF_load(NULL,configfile,&errorline)) == NULL) + conf = NCONF_new(NULL); + if (NCONF_load(conf,configfile,&errorline) <= 0) { if (errorline <= 0) BIO_printf(bio_err,"error loading the config file '%s'\n", @@ -468,11 +596,16 @@ bad: ,errorline,configfile); goto err; } + if(tofree) + OPENSSL_free(tofree); + + if (!load_config(bio_err, conf)) + goto err; /* Lets get the config section we are using */ if (section == NULL) { - section=CONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA); + section=NCONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA); if (section == NULL) { lookup_fail(BASE_SECTION,ENV_DEFAULT_CA); @@ -482,7 +615,9 @@ bad: if (conf != NULL) { - p=CONF_get_string(conf,NULL,"oid_file"); + p=NCONF_get_string(conf,NULL,"oid_file"); + if (p == NULL) + ERR_clear_error(); if (p != NULL) { BIO *oid_bio; @@ -502,14 +637,16 @@ bad: BIO_free(oid_bio); } } - if(!add_oid_section(bio_err,conf)) + if (!add_oid_section(bio_err,conf)) { ERR_print_errors(bio_err); goto err; } } - randfile = CONF_get_string(conf, BASE_SECTION, "RANDFILE"); + randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE"); + if (randfile == NULL) + ERR_clear_error(); app_RAND_load_file(randfile, bio_err, 0); in=BIO_new(BIO_s_file()); @@ -523,53 +660,71 @@ bad: } /*****************************************************************/ - /* we definitely need an public key, so lets get it */ + /* report status of cert with serial number given on command line */ + if (ser_status) + { + if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL) + { + lookup_fail(section,ENV_DATABASE); + goto err; + } + if (BIO_read_filename(in,dbfile) <= 0) + { + perror(dbfile); + BIO_printf(bio_err,"unable to open '%s'\n",dbfile); + goto err; + } + db=TXT_DB_read(in,DB_NUMBER); + if (db == NULL) goto err; + + if (!make_serial_index(db)) + goto err; + + if (get_certificate_status(ser_status,db) != 1) + BIO_printf(bio_err,"Error verifying serial %s!\n", + ser_status); + goto err; + } + + /*****************************************************************/ + /* we definitely need a public key, so let's get it */ - if ((keyfile == NULL) && ((keyfile=CONF_get_string(conf, + if ((keyfile == NULL) && ((keyfile=NCONF_get_string(conf, section,ENV_PRIVATE_KEY)) == NULL)) { lookup_fail(section,ENV_PRIVATE_KEY); goto err; } - if(!key && !app_passwd(bio_err, passargin, NULL, &key, NULL)) + if (!key) { - BIO_printf(bio_err,"Error getting password\n"); - goto err; - } - if (BIO_read_filename(in,keyfile) <= 0) - { - perror(keyfile); - BIO_printf(bio_err,"trying to load CA private key\n"); - goto err; + free_key = 1; + if (!app_passwd(bio_err, passargin, NULL, &key, NULL)) + { + BIO_printf(bio_err,"Error getting password\n"); + goto err; + } } - pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key); - if(key) memset(key,0,strlen(key)); + pkey = load_key(bio_err, keyfile, keyform, 0, key, e, + "CA private key"); + if (key) OPENSSL_cleanse(key,strlen(key)); if (pkey == NULL) { - BIO_printf(bio_err,"unable to load CA private key\n"); + /* load_key() has already printed an appropriate message */ goto err; } /*****************************************************************/ /* we need a certificate */ - if ((certfile == NULL) && ((certfile=CONF_get_string(conf, + if ((certfile == NULL) && ((certfile=NCONF_get_string(conf, section,ENV_CERTIFICATE)) == NULL)) { lookup_fail(section,ENV_CERTIFICATE); goto err; } - if (BIO_read_filename(in,certfile) <= 0) - { - perror(certfile); - BIO_printf(bio_err,"trying to load CA certificate\n"); - goto err; - } - x509=PEM_read_bio_X509(in,NULL,NULL,NULL); + x509=load_cert(bio_err, certfile, FORMAT_PEM, NULL, e, + "CA certificate"); if (x509 == NULL) - { - BIO_printf(bio_err,"unable to load CA certificate\n"); goto err; - } if (!X509_check_private_key(x509,pkey)) { @@ -577,26 +732,72 @@ bad: goto err; } - f=CONF_get_string(conf,BASE_SECTION,ENV_PRESERVE); + f=NCONF_get_string(conf,BASE_SECTION,ENV_PRESERVE); + if (f == NULL) + ERR_clear_error(); if ((f != NULL) && ((*f == 'y') || (*f == 'Y'))) preserve=1; - f=CONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK); + f=NCONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK); + if (f == NULL) + ERR_clear_error(); if ((f != NULL) && ((*f == 'y') || (*f == 'Y'))) msie_hack=1; + f=NCONF_get_string(conf,section,ENV_NAMEOPT); + + if (f) + { + if (!set_name_ex(&nameopt, f)) + { + BIO_printf(bio_err, "Invalid name options: \"%s\"\n", f); + goto err; + } + default_op = 0; + } + else + ERR_clear_error(); + + f=NCONF_get_string(conf,section,ENV_CERTOPT); + + if (f) + { + if (!set_cert_ex(&certopt, f)) + { + BIO_printf(bio_err, "Invalid certificate options: \"%s\"\n", f); + goto err; + } + default_op = 0; + } + else + ERR_clear_error(); + + f=NCONF_get_string(conf,section,ENV_EXTCOPY); + + if (f) + { + if (!set_ext_copy(&ext_copy, f)) + { + BIO_printf(bio_err, "Invalid extension copy option: \"%s\"\n", f); + goto err; + } + } + else + ERR_clear_error(); + /*****************************************************************/ /* lookup where to write new certificates */ if ((outdir == NULL) && (req)) { struct stat sb; - if ((outdir=CONF_get_string(conf,section,ENV_NEW_CERTS_DIR)) + if ((outdir=NCONF_get_string(conf,section,ENV_NEW_CERTS_DIR)) == NULL) { BIO_printf(bio_err,"there needs to be defined a directory for new certificate to be placed in\n"); goto err; } -#ifndef VMS /* outdir is a directory spec, but access() for VMS demands a +#ifndef OPENSSL_SYS_VMS + /* outdir is a directory spec, but access() for VMS demands a filename. In any case, stat(), below, will catch the problem if outdir is not a directory spec, and the fopen() or open() will catch an error if there is no write access. @@ -605,7 +806,7 @@ bad: C routines to convert the directory syntax to Unixly, and give that to access(). However, time's too short to do that just now. - */ + */ if (access(outdir,R_OK|W_OK|X_OK) != 0) { BIO_printf(bio_err,"I am unable to access the %s directory\n",outdir); @@ -632,7 +833,7 @@ bad: /*****************************************************************/ /* we need to load the database file */ - if ((dbfile=CONF_get_string(conf,section,ENV_DATABASE)) == NULL) + if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL) { lookup_fail(section,ENV_DATABASE); goto err; @@ -657,10 +858,9 @@ bad: goto err; } if ((pp[DB_type][0] == DB_TYPE_REV) && - !check_time_format(pp[DB_rev_date])) + !make_revoked(NULL, pp[DB_rev_date])) { - BIO_printf(bio_err,"entry %d: invalid revocation date\n", - i+1); + BIO_printf(bio_err," in entry %d\n", i+1); goto err; } if (!check_time_format(pp[DB_exp_date])) @@ -670,6 +870,11 @@ bad: } p=pp[DB_serial]; j=strlen(p); + if (*p == '-') + { + p++; + j--; + } if ((j&1) || (j < 2)) { BIO_printf(bio_err,"entry %d: bad serial number length (%d)\n",i+1,j); @@ -690,7 +895,7 @@ bad: if (verbose) { BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail */ -#ifdef VMS +#ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); @@ -702,15 +907,12 @@ bad: BIO_printf(bio_err,"generating index\n"); } - if (!TXT_DB_create_index(db,DB_serial,NULL,index_serial_hash, - index_serial_cmp)) - { - BIO_printf(bio_err,"error creating serial number index:(%ld,%ld,%ld)\n",db->error,db->arg1,db->arg2); + if (!make_serial_index(db)) goto err; - } - if (!TXT_DB_create_index(db,DB_name,index_name_qual,index_name_hash, - index_name_cmp)) + if (!TXT_DB_create_index(db, DB_name, index_name_qual, + LHASH_HASH_FN(index_name_hash), + LHASH_COMP_FN(index_name_cmp))) { BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n", db->error,db->arg1,db->arg2); @@ -718,11 +920,119 @@ bad: } /*****************************************************************/ + /* Update the db file for expired certificates */ + if (doupdatedb) + { + if (verbose) + BIO_printf(bio_err, "Updating %s ...\n", + dbfile); + + i = do_updatedb(db); + if (i == -1) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + else if (i == 0) + { + if (verbose) BIO_printf(bio_err, + "No entries found to mark expired\n"); + } + else + { + out = BIO_new(BIO_s_file()); + if (out == NULL) + { + ERR_print_errors(bio_err); + goto err; + } + +#ifndef OPENSSL_SYS_VMS + j = BIO_snprintf(buf[0], sizeof buf[0], "%s.new", dbfile); +#else + j = BIO_snprintf(buf[0], sizeof buf[0], "%s-new", dbfile); +#endif + if (j < 0 || j >= sizeof buf[0]) + { + BIO_printf(bio_err, "file name too long\n"); + goto err; + } + if (BIO_write_filename(out,buf[0]) <= 0) + { + perror(dbfile); + BIO_printf(bio_err,"unable to open '%s'\n", + dbfile); + goto err; + } + j=TXT_DB_write(out,db); + if (j <= 0) goto err; + + BIO_free(out); + out = NULL; +#ifndef OPENSSL_SYS_VMS + j = BIO_snprintf(buf[1], sizeof buf[1], "%s.old", dbfile); +#else + j = BIO_snprintf(buf[1], sizeof buf[1], "%s-old", dbfile); +#endif + if (j < 0 || j >= sizeof buf[1]) + { + BIO_printf(bio_err, "file name too long\n"); + goto err; + } + if (rename(dbfile,buf[1]) < 0) + { + BIO_printf(bio_err, + "unable to rename %s to %s\n", + dbfile, buf[1]); + perror("reason"); + goto err; + } + if (rename(buf[0],dbfile) < 0) + { + BIO_printf(bio_err, + "unable to rename %s to %s\n", + buf[0],dbfile); + perror("reason"); + rename(buf[1],dbfile); + goto err; + } + + if (verbose) BIO_printf(bio_err, + "Done. %d entries marked as expired\n",i); + } + goto err; + } + + /*****************************************************************/ + /* Read extentions config file */ + if (extfile) + { + extconf = NCONF_new(NULL); + if (NCONF_load(extconf,extfile,&errorline) <= 0) + { + if (errorline <= 0) + BIO_printf(bio_err, "ERROR: loading the config file '%s'\n", + extfile); + else + BIO_printf(bio_err, "ERROR: on line %ld of config file '%s'\n", + errorline,extfile); + ret = 1; + goto err; + } + + if (verbose) + BIO_printf(bio_err, "Successfully loaded extensions file %s\n", extfile); + + /* We can have sections in the ext file */ + if (!extensions && !(extensions = NCONF_get_string(extconf, "default", "extensions"))) + extensions = "default"; + } + + /*****************************************************************/ if (req || gencrl) { if (outfile != NULL) { - if (BIO_write_filename(Sout,outfile) <= 0) { perror(outfile); @@ -732,7 +1042,7 @@ bad: else { BIO_set_fp(Sout,stdout,BIO_NOCLOSE|BIO_FP_TEXT); -#ifdef VMS +#ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); Sout = BIO_push(tmpbio, Sout); @@ -743,12 +1053,18 @@ bad: if (req) { - if ((md == NULL) && ((md=CONF_get_string(conf, + if ((md == NULL) && ((md=NCONF_get_string(conf, section,ENV_DEFAULT_MD)) == NULL)) { lookup_fail(section,ENV_DEFAULT_MD); goto err; } + if ((email_dn == 1) && ((tmp_email_dn=NCONF_get_string(conf, + section,ENV_DEFAULT_EMAIL_DN)) != NULL )) + { + if(strcmp(tmp_email_dn,"no") == 0) + email_dn=0; + } if ((dgst=EVP_get_digestbyname(md)) == NULL) { BIO_printf(bio_err,"%s is an unsupported message digest type\n",md); @@ -757,7 +1073,7 @@ bad: if (verbose) BIO_printf(bio_err,"message digest is %s\n", OBJ_nid2ln(dgst->type)); - if ((policy == NULL) && ((policy=CONF_get_string(conf, + if ((policy == NULL) && ((policy=NCONF_get_string(conf, section,ENV_POLICY)) == NULL)) { lookup_fail(section,ENV_POLICY); @@ -766,32 +1082,48 @@ bad: if (verbose) BIO_printf(bio_err,"policy is %s\n",policy); - if ((serialfile=CONF_get_string(conf,section,ENV_SERIAL)) + if ((serialfile=NCONF_get_string(conf,section,ENV_SERIAL)) == NULL) { lookup_fail(section,ENV_SERIAL); goto err; } - if(!extensions) - extensions=CONF_get_string(conf,section,ENV_EXTENSIONS); - if(extensions) { - /* Check syntax of file */ - X509V3_CTX ctx; - X509V3_set_ctx_test(&ctx); - X509V3_set_conf_lhash(&ctx, conf); - if(!X509V3_EXT_add_conf(conf, &ctx, extensions, NULL)) { - BIO_printf(bio_err, - "Error Loading extension section %s\n", + + if (!extconf) + { + /* no '-extfile' option, so we look for extensions + * in the main configuration file */ + if (!extensions) + { + extensions=NCONF_get_string(conf,section, + ENV_EXTENSIONS); + if (!extensions) + ERR_clear_error(); + } + if (extensions) + { + /* Check syntax of file */ + X509V3_CTX ctx; + X509V3_set_ctx_test(&ctx); + X509V3_set_nconf(&ctx, conf); + if (!X509V3_EXT_add_nconf(conf, &ctx, extensions, + NULL)) + { + BIO_printf(bio_err, + "Error Loading extension section %s\n", extensions); - ret = 1; - goto err; + ret = 1; + goto err; + } + } } - } if (startdate == NULL) { - startdate=CONF_get_string(conf,section, + startdate=NCONF_get_string(conf,section, ENV_DEFAULT_STARTDATE); + if (startdate == NULL) + ERR_clear_error(); } if (startdate && !ASN1_UTCTIME_set_string(NULL,startdate)) { @@ -802,8 +1134,10 @@ bad: if (enddate == NULL) { - enddate=CONF_get_string(conf,section, + enddate=NCONF_get_string(conf,section, ENV_DEFAULT_ENDDATE); + if (enddate == NULL) + ERR_clear_error(); } if (enddate && !ASN1_UTCTIME_set_string(NULL,enddate)) { @@ -813,8 +1147,8 @@ bad: if (days == 0) { - days=(int)CONF_get_number(conf,section, - ENV_DEFAULT_DAYS); + if(!NCONF_get_number(conf,section, ENV_DEFAULT_DAYS, &days)) + days = 0; } if (!enddate && (days == 0)) { @@ -829,12 +1163,17 @@ bad: } if (verbose) { - if ((f=BN_bn2hex(serial)) == NULL) goto err; - BIO_printf(bio_err,"next serial number is %s\n",f); - OPENSSL_free(f); + if (BN_is_zero(serial)) + BIO_printf(bio_err,"next serial number is 00\n"); + else + { + if ((f=BN_bn2hex(serial)) == NULL) goto err; + BIO_printf(bio_err,"next serial number is %s\n",f); + OPENSSL_free(f); + } } - if ((attribs=CONF_get_section(conf,policy)) == NULL) + if ((attribs=NCONF_get_section(conf,policy)) == NULL) { BIO_printf(bio_err,"unable to find 'section' for %s\n",policy); goto err; @@ -849,8 +1188,8 @@ bad: { total++; j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db, - serial,startdate,enddate, days,extensions,conf, - verbose); + serial,subj,email_dn,startdate,enddate,days,extensions, + conf,verbose,certopt,nameopt,default_op,ext_copy); if (j < 0) goto err; if (j > 0) { @@ -873,8 +1212,9 @@ bad: { total++; j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,attribs, - db,serial,startdate,enddate,days,batch, - extensions,conf,verbose); + db,serial,subj,email_dn,startdate,enddate,days,batch, + extensions,conf,verbose, certopt, nameopt, + default_op, ext_copy, e); if (j < 0) goto err; if (j > 0) { @@ -892,8 +1232,9 @@ bad: { total++; j=certify(&x,infile,pkey,x509,dgst,attribs,db, - serial,startdate,enddate,days,batch, - extensions,conf,verbose); + serial,subj,email_dn,startdate,enddate,days,batch, + extensions,conf,verbose, certopt, nameopt, + default_op, ext_copy); if (j < 0) goto err; if (j > 0) { @@ -911,8 +1252,9 @@ bad: { total++; j=certify(&x,argv[i],pkey,x509,dgst,attribs,db, - serial,startdate,enddate,days,batch, - extensions,conf,verbose); + serial,subj,email_dn,startdate,enddate,days,batch, + extensions,conf,verbose, certopt, nameopt, + default_op, ext_copy); if (j < 0) goto err; if (j > 0) { @@ -948,9 +1290,15 @@ bad: BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk)); - strncpy(buf[0],serialfile,BSIZE-4); + if(strlen(serialfile) > BSIZE-5 || strlen(dbfile) > BSIZE-5) + { + BIO_printf(bio_err,"file name too long\n"); + goto err; + } + + strcpy(buf[0],serialfile); -#ifdef VMS +#ifdef OPENSSL_SYS_VMS strcat(buf[0],"-new"); #else strcat(buf[0],".new"); @@ -958,9 +1306,9 @@ bad: if (!save_serial(buf[0],serial)) goto err; - strncpy(buf[1],dbfile,BSIZE-4); + strcpy(buf[1],dbfile); -#ifdef VMS +#ifdef OPENSSL_SYS_VMS strcat(buf[1],"-new"); #else strcat(buf[1],".new"); @@ -988,9 +1336,15 @@ bad: j=x->cert_info->serialNumber->length; p=(char *)x->cert_info->serialNumber->data; - strncpy(buf[2],outdir,BSIZE-(j*2)-6); + if(strlen(outdir) >= (size_t)(j ? BSIZE-j*2-6 : BSIZE-8)) + { + BIO_printf(bio_err,"certificate file name too long\n"); + goto err; + } + + strcpy(buf[2],outdir); -#ifndef VMS +#ifndef OPENSSL_SYS_VMS strcat(buf[2],"/"); #endif @@ -1026,8 +1380,9 @@ bad: { /* Rename the database and the serial file */ strncpy(buf[2],serialfile,BSIZE-4); + buf[2][BSIZE-4]='\0'; -#ifdef VMS +#ifdef OPENSSL_SYS_VMS strcat(buf[2],"-old"); #else strcat(buf[2],".old"); @@ -1054,8 +1409,9 @@ bad: } strncpy(buf[2],dbfile,BSIZE-4); + buf[2][BSIZE-4]='\0'; -#ifdef VMS +#ifdef OPENSSL_SYS_VMS strcat(buf[2],"-old"); #else strcat(buf[2],".old"); @@ -1083,28 +1439,37 @@ bad: /*****************************************************************/ if (gencrl) { - if(!crl_ext) crl_ext=CONF_get_string(conf,section,ENV_CRLEXT); - if(crl_ext) { + int crl_v2 = 0; + if (!crl_ext) + { + crl_ext=NCONF_get_string(conf,section,ENV_CRLEXT); + if (!crl_ext) + ERR_clear_error(); + } + if (crl_ext) + { /* Check syntax of file */ X509V3_CTX ctx; X509V3_set_ctx_test(&ctx); - X509V3_set_conf_lhash(&ctx, conf); - if(!X509V3_EXT_add_conf(conf, &ctx, crl_ext, NULL)) { + X509V3_set_nconf(&ctx, conf); + if (!X509V3_EXT_add_nconf(conf, &ctx, crl_ext, NULL)) + { BIO_printf(bio_err, "Error Loading CRL extension section %s\n", crl_ext); ret = 1; goto err; + } } - } - if ((hex=BIO_new(BIO_s_mem())) == NULL) goto err; if (!crldays && !crlhours) { - crldays=CONF_get_number(conf,section, - ENV_DEFAULT_CRL_DAYS); - crlhours=CONF_get_number(conf,section, - ENV_DEFAULT_CRL_HOURS); + if (!NCONF_get_number(conf,section, + ENV_DEFAULT_CRL_DAYS, &crldays)) + crldays = 0; + if (!NCONF_get_number(conf,section, + ENV_DEFAULT_CRL_HOURS, &crlhours)) + crlhours = 0; } if ((crldays == 0) && (crlhours == 0)) { @@ -1114,15 +1479,16 @@ bad: if (verbose) BIO_printf(bio_err,"making CRL\n"); if ((crl=X509_CRL_new()) == NULL) goto err; - ci=crl->crl; - X509_NAME_free(ci->issuer); - ci->issuer=X509_NAME_dup(x509->cert_info->subject); - if (ci->issuer == NULL) goto err; + if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509))) goto err; + + tmptm = ASN1_TIME_new(); + if (!tmptm) goto err; + X509_gmtime_adj(tmptm,0); + X509_CRL_set_lastUpdate(crl, tmptm); + X509_gmtime_adj(tmptm,(crldays*24+crlhours)*60*60); + X509_CRL_set_nextUpdate(crl, tmptm); - X509_gmtime_adj(ci->lastUpdate,0); - if (ci->nextUpdate == NULL) - ci->nextUpdate=ASN1_UTCTIME_new(); - X509_gmtime_adj(ci->nextUpdate,(crldays*24+crlhours)*60*60); + ASN1_TIME_free(tmptm); for (i=0; i<sk_num(db->data); i++) { @@ -1130,29 +1496,25 @@ bad: if (pp[DB_type][0] == DB_TYPE_REV) { if ((r=X509_REVOKED_new()) == NULL) goto err; - ASN1_STRING_set((ASN1_STRING *) - r->revocationDate, - (unsigned char *)pp[DB_rev_date], - strlen(pp[DB_rev_date])); - /* strcpy(r->revocationDate,pp[DB_rev_date]);*/ - - (void)BIO_reset(hex); - if (!BIO_puts(hex,pp[DB_serial])) + j = make_revoked(r, pp[DB_rev_date]); + if (!j) goto err; + if (j == 2) crl_v2 = 1; + if (!BN_hex2bn(&serial, pp[DB_serial])) goto err; - if (!a2i_ASN1_INTEGER(hex,r->serialNumber, - buf[0],BSIZE)) goto err; - - sk_X509_REVOKED_push(ci->revoked,r); + tmpser = BN_to_ASN1_INTEGER(serial, NULL); + BN_free(serial); + serial = NULL; + if (!tmpser) + goto err; + X509_REVOKED_set_serialNumber(r, tmpser); + ASN1_INTEGER_free(tmpser); + X509_CRL_add0_revoked(crl,r); } } + /* sort the data so it will be written in serial * number order */ - sk_X509_REVOKED_sort(ci->revoked); - for (i=0; i<sk_X509_REVOKED_num(ci->revoked); i++) - { - r=sk_X509_REVOKED_value(ci->revoked,i); - r->sequence=i; - } + X509_CRL_sort(crl); /* we now have a CRL */ if (verbose) BIO_printf(bio_err,"signing CRL\n"); @@ -1165,28 +1527,31 @@ bad: } } else - { -#ifndef NO_DSA - if (pkey->type == EVP_PKEY_DSA) - dgst=EVP_dss1(); - else + { +#ifndef OPENSSL_NO_DSA + if (pkey->type == EVP_PKEY_DSA) + dgst=EVP_dss1(); + else #endif - dgst=EVP_md5(); - } + dgst=EVP_md5(); + } /* Add any extensions asked for */ - if(crl_ext) { - X509V3_CTX crlctx; - if (ci->version == NULL) - if ((ci->version=ASN1_INTEGER_new()) == NULL) goto err; - ASN1_INTEGER_set(ci->version,1); /* version 2 CRL */ - X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0); - X509V3_set_conf_lhash(&crlctx, conf); + if (crl_ext) + { + X509V3_CTX crlctx; + X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0); + X509V3_set_nconf(&crlctx, conf); - if(!X509V3_EXT_CRL_add_conf(conf, &crlctx, - crl_ext, crl)) goto err; - } + if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx, + crl_ext, crl)) goto err; + } + if (crl_ext || crl_v2) + { + if (!X509_CRL_set_version(crl, 1)) + goto err; /* version 2 CRL */ + } if (!X509_CRL_sign(crl,pkey,dgst)) goto err; @@ -1203,24 +1568,22 @@ bad: else { X509 *revcert; - if (BIO_read_filename(in,infile) <= 0) - { - perror(infile); - BIO_printf(bio_err,"error trying to load '%s' certificate\n",infile); - goto err; - } - revcert=PEM_read_bio_X509(in,NULL,NULL,NULL); + revcert=load_cert(bio_err, infile, FORMAT_PEM, + NULL, e, infile); if (revcert == NULL) - { - BIO_printf(bio_err,"unable to load '%s' certificate\n",infile); goto err; - } - j=do_revoke(revcert,db); + j=do_revoke(revcert,db, rev_type, rev_arg); if (j <= 0) goto err; X509_free(revcert); - strncpy(buf[0],dbfile,BSIZE-4); -#ifndef VMS + if(strlen(dbfile) > BSIZE-5) + { + BIO_printf(bio_err,"filename too long\n"); + goto err; + } + + strcpy(buf[0],dbfile); +#ifndef OPENSSL_SYS_VMS strcat(buf[0],".new"); #else strcat(buf[0],"-new"); @@ -1233,8 +1596,13 @@ bad: } j=TXT_DB_write(out,db); if (j <= 0) goto err; + BIO_free_all(out); + out = NULL; + BIO_free_all(in); + in = NULL; strncpy(buf[1],dbfile,BSIZE-4); -#ifndef VMS + buf[1][BSIZE-4]='\0'; +#ifndef OPENSSL_SYS_VMS strcat(buf[1],".old"); #else strcat(buf[1],"-old"); @@ -1258,24 +1626,28 @@ bad: /*****************************************************************/ ret=0; err: - BIO_free(hex); + if(tofree) + OPENSSL_free(tofree); BIO_free_all(Cout); BIO_free_all(Sout); BIO_free_all(out); - BIO_free(in); + BIO_free_all(in); sk_X509_pop_free(cert_sk,X509_free); if (ret) ERR_print_errors(bio_err); app_RAND_write_file(randfile, bio_err); + if (free_key) + OPENSSL_free(key); BN_free(serial); TXT_DB_free(db); EVP_PKEY_free(pkey); X509_free(x509); X509_CRL_free(crl); - CONF_free(conf); + NCONF_free(conf); OBJ_cleanup(); - EXIT(ret); + apps_shutdown(); + OPENSSL_EXIT(ret); } static void lookup_fail(char *name, char *tag) @@ -1283,31 +1655,31 @@ static void lookup_fail(char *name, char *tag) BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag); } -static unsigned long index_serial_hash(char **a) +static unsigned long index_serial_hash(const char **a) { - char *n; + const char *n; n=a[DB_serial]; while (*n == '0') n++; return(lh_strhash(n)); } -static int index_serial_cmp(char **a, char **b) +static int index_serial_cmp(const char **a, const char **b) { - char *aa,*bb; + const char *aa,*bb; for (aa=a[DB_serial]; *aa == '0'; aa++); for (bb=b[DB_serial]; *bb == '0'; bb++); return(strcmp(aa,bb)); } -static unsigned long index_name_hash(char **a) +static unsigned long index_name_hash(const char **a) { return(lh_strhash(a[DB_name])); } static int index_name_qual(char **a) { return(a[0][0] == 'V'); } -static int index_name_cmp(char **a, char **b) +static int index_name_cmp(const char **a, const char **b) { return(strcmp(a[DB_name], b[DB_name])); } @@ -1340,7 +1712,7 @@ static BIGNUM *load_serial(char *serialfile) ret=ASN1_INTEGER_to_BN(ai,NULL); if (ret == NULL) { - BIO_printf(bio_err,"error converting number from bin to BIGNUM"); + BIO_printf(bio_err,"error converting number from bin to BIGNUM\n"); goto err; } err: @@ -1383,8 +1755,10 @@ err: static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, - BIGNUM *serial, char *startdate, char *enddate, int days, - int batch, char *ext_sect, LHASH *lconf, int verbose) + BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, + long days, int batch, char *ext_sect, CONF *lconf, int verbose, + unsigned long certopt, unsigned long nameopt, int default_op, + int ext_copy) { X509_REQ *req=NULL; BIO *in=NULL; @@ -1431,8 +1805,9 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, else BIO_printf(bio_err,"Signature ok\n"); - ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate, enddate, - days,batch,verbose,req,ext_sect,lconf); + ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj, email_dn, + startdate,enddate,days,batch,verbose,req,ext_sect,lconf, + certopt, nameopt, default_op, ext_copy); err: if (req != NULL) X509_REQ_free(req); @@ -1442,27 +1817,18 @@ err: static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, - BIGNUM *serial, char *startdate, char *enddate, int days, - int batch, char *ext_sect, LHASH *lconf, int verbose) + BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, + long days, int batch, char *ext_sect, CONF *lconf, int verbose, + unsigned long certopt, unsigned long nameopt, int default_op, + int ext_copy, ENGINE *e) { X509 *req=NULL; X509_REQ *rreq=NULL; - BIO *in=NULL; EVP_PKEY *pktmp=NULL; int ok= -1,i; - in=BIO_new(BIO_s_file()); - - if (BIO_read_filename(in,infile) <= 0) - { - perror(infile); - goto err; - } - if ((req=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) - { - BIO_printf(bio_err,"Error reading self signed certificate in %s\n",infile); + if ((req=load_cert(bio_err, infile, FORMAT_PEM, NULL, e, infile)) == NULL) goto err; - } if (verbose) X509_print(bio_err,req); @@ -1493,22 +1859,24 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL) goto err; - ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,enddate,days, - batch,verbose,rreq,ext_sect,lconf); + ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,email_dn,startdate,enddate, + days,batch,verbose,rreq,ext_sect,lconf, certopt, nameopt, default_op, + ext_copy); err: if (rreq != NULL) X509_REQ_free(rreq); if (req != NULL) X509_free(req); - if (in != NULL) BIO_free(in); return(ok); } static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, - STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial, - char *startdate, char *enddate, int days, int batch, int verbose, - X509_REQ *req, char *ext_sect, LHASH *lconf) + STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial, char *subj, + int email_dn, char *startdate, char *enddate, long days, int batch, + int verbose, X509_REQ *req, char *ext_sect, CONF *lconf, + unsigned long certopt, unsigned long nameopt, int default_op, + int ext_copy) { - X509_NAME *name=NULL,*CAname=NULL,*subject=NULL; + X509_NAME *name=NULL,*CAname=NULL,*subject=NULL, *dn_subject=NULL; ASN1_UTCTIME *tm,*tmptm; ASN1_STRING *str,*str2; ASN1_OBJECT *obj; @@ -1521,7 +1889,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, char *p; CONF_VALUE *cv; char *row[DB_NUMBER],**rrow,**irow=NULL; - char buf[25],*pbuf; + char buf[25]; tmptm=ASN1_UTCTIME_new(); if (tmptm == NULL) @@ -1533,20 +1901,29 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, for (i=0; i<DB_NUMBER; i++) row[i]=NULL; - BIO_printf(bio_err,"The Subjects Distinguished Name is as follows\n"); + if (subj) + { + X509_NAME *n = do_subject(subj, MBSTRING_ASC); + + if (!n) + { + ERR_print_errors(bio_err); + goto err; + } + X509_REQ_set_subject_name(req,n); + req->req_info->enc.modified = 1; + X509_NAME_free(n); + } + + if (default_op) + BIO_printf(bio_err,"The Subject's Distinguished Name is as follows\n"); + name=X509_REQ_get_subject_name(req); for (i=0; i<X509_NAME_entry_count(name); i++) { - ne=(X509_NAME_ENTRY *)X509_NAME_get_entry(name,i); - obj=X509_NAME_ENTRY_get_object(ne); - j=i2a_ASN1_OBJECT(bio_err,obj); + ne= X509_NAME_get_entry(name,i); str=X509_NAME_ENTRY_get_data(ne); - pbuf=buf; - for (j=22-j; j>0; j--) - *(pbuf++)=' '; - *(pbuf++)=':'; - *(pbuf++)='\0'; - BIO_puts(bio_err,buf); + obj=X509_NAME_ENTRY_get_object(ne); if (msie_hack) { @@ -1565,16 +1942,9 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, str->type=V_ASN1_IA5STRING; } - if (str->type == V_ASN1_PRINTABLESTRING) - BIO_printf(bio_err,"PRINTABLE:'"); - else if (str->type == V_ASN1_T61STRING) - BIO_printf(bio_err,"T61STRING:'"); - else if (str->type == V_ASN1_IA5STRING) - BIO_printf(bio_err,"IA5STRING:'"); - else if (str->type == V_ASN1_UNIVERSALSTRING) - BIO_printf(bio_err,"UNIVERSALSTRING:'"); - else - BIO_printf(bio_err,"ASN.1 %2d:'",str->type); + /* If no EMAIL is wanted in the subject */ + if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) && (!email_dn)) + continue; /* check some things */ if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) && @@ -1583,29 +1953,21 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, BIO_printf(bio_err,"\nemailAddress type needs to be of type IA5STRING\n"); goto err; } - j=ASN1_PRINTABLE_type(str->data,str->length); - if ( ((j == V_ASN1_T61STRING) && - (str->type != V_ASN1_T61STRING)) || - ((j == V_ASN1_IA5STRING) && - (str->type == V_ASN1_PRINTABLESTRING))) + if ((str->type != V_ASN1_BMPSTRING) && (str->type != V_ASN1_UTF8STRING)) { - BIO_printf(bio_err,"\nThe string contains characters that are illegal for the ASN.1 type\n"); - goto err; - } - - p=(char *)str->data; - for (j=str->length; j>0; j--) - { - if ((*p >= ' ') && (*p <= '~')) - BIO_printf(bio_err,"%c",*p); - else if (*p & 0x80) - BIO_printf(bio_err,"\\0x%02X",*p); - else if ((unsigned char)*p == 0xf7) - BIO_printf(bio_err,"^?"); - else BIO_printf(bio_err,"^%c",*p+'@'); - p++; + j=ASN1_PRINTABLE_type(str->data,str->length); + if ( ((j == V_ASN1_T61STRING) && + (str->type != V_ASN1_T61STRING)) || + ((j == V_ASN1_IA5STRING) && + (str->type == V_ASN1_PRINTABLESTRING))) + { + BIO_printf(bio_err,"\nThe string contains characters that are illegal for the ASN.1 type\n"); + goto err; + } } - BIO_printf(bio_err,"'\n"); + + if (default_op) + old_entry_print(bio_err, obj, str); } /* Ok, now we check the 'policy' stuff. */ @@ -1720,16 +2082,44 @@ again2: if (preserve) { X509_NAME_free(subject); - subject=X509_NAME_dup(X509_REQ_get_subject_name(req)); + /* subject=X509_NAME_dup(X509_REQ_get_subject_name(req)); */ + subject=X509_NAME_dup(name); if (subject == NULL) goto err; } if (verbose) BIO_printf(bio_err,"The subject name appears to be ok, checking data base for clashes\n"); - row[DB_name]=X509_NAME_oneline(subject,NULL,0); - row[DB_serial]=BN_bn2hex(serial); - if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) + /* Build the correct Subject if no e-mail is wanted in the subject */ + /* and add it later on because of the method extensions are added (altName) */ + + if (email_dn) + dn_subject = subject; + else + { + X509_NAME_ENTRY *tmpne; + /* Its best to dup the subject DN and then delete any email + * addresses because this retains its structure. + */ + if (!(dn_subject = X509_NAME_dup(subject))) + { + BIO_printf(bio_err,"Memory allocation failure\n"); + goto err; + } + while((i = X509_NAME_get_index_by_NID(dn_subject, + NID_pkcs9_emailAddress, -1)) >= 0) + { + tmpne = X509_NAME_get_entry(dn_subject, i); + X509_NAME_delete_entry(dn_subject, i); + X509_NAME_ENTRY_free(tmpne); + } + } + + if (BN_is_zero(serial)) + row[DB_serial]=BUF_strdup("00"); + else + row[DB_serial]=BN_bn2hex(serial); + if (row[DB_serial] == NULL) { BIO_printf(bio_err,"Memory allocation failure\n"); goto err; @@ -1799,7 +2189,6 @@ again2: if (!X509_set_issuer_name(ret,X509_get_subject_name(x509))) goto err; - BIO_printf(bio_err,"Certificate is to be certified until "); if (strcmp(startdate,"today") == 0) X509_gmtime_adj(X509_get_notBefore(ret),0); else ASN1_UTCTIME_set_string(X509_get_notBefore(ret),startdate); @@ -1808,10 +2197,6 @@ again2: X509_gmtime_adj(X509_get_notAfter(ret),(long)60*60*24*days); else ASN1_UTCTIME_set_string(X509_get_notAfter(ret),enddate); - ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret)); - if(days) BIO_printf(bio_err," (%d days)",days); - BIO_printf(bio_err, "\n"); - if (!X509_set_subject_name(ret,subject)) goto err; pktmp=X509_REQ_get_pubkey(req); @@ -1836,16 +2221,80 @@ again2: ci->extensions = NULL; + /* Initialize the context structure */ X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0); - X509V3_set_conf_lhash(&ctx, lconf); - if(!X509V3_EXT_add_conf(lconf, &ctx, ext_sect, ret)) goto err; + if (extconf) + { + if (verbose) + BIO_printf(bio_err, "Extra configuration file found\n"); + + /* Use the extconf configuration db LHASH */ + X509V3_set_nconf(&ctx, extconf); + + /* Test the structure (needed?) */ + /* X509V3_set_ctx_test(&ctx); */ + + /* Adds exts contained in the configuration file */ + if (!X509V3_EXT_add_nconf(extconf, &ctx, ext_sect,ret)) + { + BIO_printf(bio_err, + "ERROR: adding extensions in section %s\n", + ext_sect); + ERR_print_errors(bio_err); + goto err; + } + if (verbose) + BIO_printf(bio_err, "Successfully added extensions from file.\n"); + } + else if (ext_sect) + { + /* We found extensions to be set from config file */ + X509V3_set_nconf(&ctx, lconf); + + if(!X509V3_EXT_add_nconf(lconf, &ctx, ext_sect, ret)) + { + BIO_printf(bio_err, "ERROR: adding extensions in section %s\n", ext_sect); + ERR_print_errors(bio_err); + goto err; + } + + if (verbose) + BIO_printf(bio_err, "Successfully added extensions from config\n"); + } + } + + /* Copy extensions from request (if any) */ + if (!copy_extensions(ret, req, ext_copy)) + { + BIO_printf(bio_err, "ERROR: adding extensions from request\n"); + ERR_print_errors(bio_err); + goto err; + } + + /* Set the right value for the noemailDN option */ + if( email_dn == 0 ) + { + if (!X509_set_subject_name(ret,dn_subject)) goto err; + } + + if (!default_op) + { + BIO_printf(bio_err, "Certificate Details:\n"); + /* Never print signature details because signature not present */ + certopt |= X509_FLAG_NO_SIGDUMP | X509_FLAG_NO_SIGNAME; + X509_print_ex(bio_err, ret, nameopt, certopt); } + BIO_printf(bio_err,"Certificate is to be certified until "); + ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret)); + if (days) BIO_printf(bio_err," (%d days)",days); + BIO_printf(bio_err, "\n"); if (!batch) { + BIO_printf(bio_err,"Sign the certificate? [y/n]:"); (void)BIO_flush(bio_err); buf[0]='\0'; @@ -1859,7 +2308,7 @@ again2: } -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA if (pkey->type == EVP_PKEY_DSA) dgst=EVP_dss1(); pktmp=X509_get_pubkey(ret); if (EVP_PKEY_missing_parameters(pktmp) && @@ -1883,10 +2332,10 @@ again2: /* row[DB_serial] done already */ row[DB_file]=(char *)OPENSSL_malloc(8); - /* row[DB_name] done already */ + row[DB_name]=X509_NAME_oneline(X509_get_subject_name(ret),NULL,0); if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) || - (row[DB_file] == NULL)) + (row[DB_file] == NULL) || (row[DB_name] == NULL)) { BIO_printf(bio_err,"Memory allocation failure\n"); goto err; @@ -1923,6 +2372,8 @@ err: X509_NAME_free(CAname); if (subject != NULL) X509_NAME_free(subject); + if ((dn_subject != NULL) && !email_dn) + X509_NAME_free(dn_subject); if (tmptm != NULL) ASN1_UTCTIME_free(tmptm); if (ok <= 0) @@ -1955,14 +2406,15 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext) i2a_ASN1_INTEGER(bp,x->cert_info->serialNumber); BIO_puts(bp,"\n\n"); #endif - if(!notext)X509_print(bp,x); + if (!notext)X509_print(bp,x); PEM_write_bio_X509(bp,x); } static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, - BIGNUM *serial, char *startdate, char *enddate, int days, - char *ext_sect, LHASH *lconf, int verbose) + BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, + long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, + unsigned long nameopt, int default_op, int ext_copy) { STACK_OF(CONF_VALUE) *sk=NULL; LHASH *parms=NULL; @@ -2028,12 +2480,13 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, /* Skip past any leading X. X: X, etc to allow for * multiple instances */ - for(buf = cv->name; *buf ; buf++) - if ((*buf == ':') || (*buf == ',') || (*buf == '.')) { - buf++; - if(*buf) type = buf; - break; - } + for (buf = cv->name; *buf ; buf++) + if ((*buf == ':') || (*buf == ',') || (*buf == '.')) + { + buf++; + if (*buf) type = buf; + break; + } buf=cv->value; if ((nid=OBJ_txt2nid(type)) == NID_undef) @@ -2051,6 +2504,11 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, continue; } + /* + if ((nid == NID_pkcs9_emailAddress) && (email_dn == 0)) + continue; + */ + j=ASN1_PRINTABLE_type((unsigned char *)buf,-1); if (fix_data(nid, &j) == 0) { @@ -2095,8 +2553,9 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, X509_REQ_set_pubkey(req,pktmp); EVP_PKEY_free(pktmp); - ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,enddate, - days,1,verbose,req,ext_sect,lconf); + ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,email_dn,startdate,enddate, + days,1,verbose,req,ext_sect,lconf, certopt, nameopt, default_op, + ext_copy); err: if (req != NULL) X509_REQ_free(req); if (parms != NULL) CONF_free(parms); @@ -2131,10 +2590,11 @@ static int check_time_format(char *str) return(ASN1_UTCTIME_check(&tm)); } -static int do_revoke(X509 *x509, TXT_DB *db) -{ - ASN1_UTCTIME *tm=NULL, *revtm=NULL; +static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value) + { + ASN1_UTCTIME *tm=NULL; char *row[DB_NUMBER],**rrow,**irow; + char *rev_str = NULL; BIGNUM *bn = NULL; int ok=-1,i; @@ -2142,7 +2602,10 @@ static int do_revoke(X509 *x509, TXT_DB *db) row[i]=NULL; row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0); bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL); - row[DB_serial]=BN_bn2hex(bn); + if (BN_is_zero(bn)) + row[DB_serial]=BUF_strdup("00"); + else + row[DB_serial]=BN_bn2hex(bn); BN_free(bn); if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) { @@ -2203,12 +2666,12 @@ static int do_revoke(X509 *x509, TXT_DB *db) } /* Revoke Certificate */ - ok = do_revoke(x509,db); + ok = do_revoke(x509,db, type, value); goto err; } - else if (index_name_cmp(row,rrow)) + else if (index_name_cmp((const char **)row,(const char **)rrow)) { BIO_printf(bio_err,"ERROR:name does not match %s\n", row[DB_name]); @@ -2223,14 +2686,15 @@ static int do_revoke(X509 *x509, TXT_DB *db) else { BIO_printf(bio_err,"Revoking Certificate %s.\n", rrow[DB_serial]); - revtm = ASN1_UTCTIME_new(); - revtm=X509_gmtime_adj(revtm,0); + rev_str = make_revocation_str(type, value); + if (!rev_str) + { + BIO_printf(bio_err, "Error in revocation arguments\n"); + goto err; + } rrow[DB_type][0]='R'; rrow[DB_type][1]='\0'; - rrow[DB_rev_date]=(char *)OPENSSL_malloc(revtm->length+1); - memcpy(rrow[DB_rev_date],revtm->data,revtm->length); - rrow[DB_rev_date][revtm->length]='\0'; - ASN1_UTCTIME_free(revtm); + rrow[DB_rev_date] = rev_str; } ok=1; err: @@ -2240,5 +2704,622 @@ err: OPENSSL_free(row[i]); } return(ok); + } + +static int get_certificate_status(const char *serial, TXT_DB *db) + { + char *row[DB_NUMBER],**rrow; + int ok=-1,i; + + /* Free Resources */ + for (i=0; i<DB_NUMBER; i++) + row[i]=NULL; + + /* Malloc needed char spaces */ + row[DB_serial] = OPENSSL_malloc(strlen(serial) + 2); + if (row[DB_serial] == NULL) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + + if (strlen(serial) % 2) + { + /* Set the first char to 0 */; + row[DB_serial][0]='0'; + + /* Copy String from serial to row[DB_serial] */ + memcpy(row[DB_serial]+1, serial, strlen(serial)); + row[DB_serial][strlen(serial)+1]='\0'; + } + else + { + /* Copy String from serial to row[DB_serial] */ + memcpy(row[DB_serial], serial, strlen(serial)); + row[DB_serial][strlen(serial)]='\0'; + } + + /* Make it Upper Case */ + for (i=0; row[DB_serial][i] != '\0'; i++) + row[DB_serial][i] = toupper(row[DB_serial][i]); + + + ok=1; + + /* Search for the certificate */ + rrow=TXT_DB_get_by_index(db,DB_serial,row); + if (rrow == NULL) + { + BIO_printf(bio_err,"Serial %s not present in db.\n", + row[DB_serial]); + ok=-1; + goto err; + } + else if (rrow[DB_type][0]=='V') + { + BIO_printf(bio_err,"%s=Valid (%c)\n", + row[DB_serial], rrow[DB_type][0]); + goto err; + } + else if (rrow[DB_type][0]=='R') + { + BIO_printf(bio_err,"%s=Revoked (%c)\n", + row[DB_serial], rrow[DB_type][0]); + goto err; + } + else if (rrow[DB_type][0]=='E') + { + BIO_printf(bio_err,"%s=Expired (%c)\n", + row[DB_serial], rrow[DB_type][0]); + goto err; + } + else if (rrow[DB_type][0]=='S') + { + BIO_printf(bio_err,"%s=Suspended (%c)\n", + row[DB_serial], rrow[DB_type][0]); + goto err; + } + else + { + BIO_printf(bio_err,"%s=Unknown (%c).\n", + row[DB_serial], rrow[DB_type][0]); + ok=-1; + } +err: + for (i=0; i<DB_NUMBER; i++) + { + if (row[i] != NULL) + OPENSSL_free(row[i]); + } + return(ok); + } + +static int do_updatedb (TXT_DB *db) + { + ASN1_UTCTIME *a_tm = NULL; + int i, cnt = 0; + int db_y2k, a_y2k; /* flags = 1 if y >= 2000 */ + char **rrow, *a_tm_s; + + a_tm = ASN1_UTCTIME_new(); + + /* get actual time and make a string */ + a_tm = X509_gmtime_adj(a_tm, 0); + a_tm_s = (char *) OPENSSL_malloc(a_tm->length+1); + if (a_tm_s == NULL) + { + cnt = -1; + goto err; + } + + memcpy(a_tm_s, a_tm->data, a_tm->length); + a_tm_s[a_tm->length] = '\0'; + + if (strncmp(a_tm_s, "49", 2) <= 0) + a_y2k = 1; + else + a_y2k = 0; + + for (i = 0; i < sk_num(db->data); i++) + { + rrow = (char **) sk_value(db->data, i); + + if (rrow[DB_type][0] == 'V') + { + /* ignore entries that are not valid */ + if (strncmp(rrow[DB_exp_date], "49", 2) <= 0) + db_y2k = 1; + else + db_y2k = 0; + + if (db_y2k == a_y2k) + { + /* all on the same y2k side */ + if (strcmp(rrow[DB_exp_date], a_tm_s) <= 0) + { + rrow[DB_type][0] = 'E'; + rrow[DB_type][1] = '\0'; + cnt++; + + BIO_printf(bio_err, "%s=Expired\n", + rrow[DB_serial]); + } + } + else if (db_y2k < a_y2k) + { + rrow[DB_type][0] = 'E'; + rrow[DB_type][1] = '\0'; + cnt++; + + BIO_printf(bio_err, "%s=Expired\n", + rrow[DB_serial]); + } + + } + } + +err: + + ASN1_UTCTIME_free(a_tm); + OPENSSL_free(a_tm_s); + + return (cnt); + } + +static char *crl_reasons[] = { + /* CRL reason strings */ + "unspecified", + "keyCompromise", + "CACompromise", + "affiliationChanged", + "superseded", + "cessationOfOperation", + "certificateHold", + "removeFromCRL", + /* Additional pseudo reasons */ + "holdInstruction", + "keyTime", + "CAkeyTime" +}; + +#define NUM_REASONS (sizeof(crl_reasons) / sizeof(char *)) + +/* Given revocation information convert to a DB string. + * The format of the string is: + * revtime[,reason,extra]. Where 'revtime' is the + * revocation time (the current time). 'reason' is the + * optional CRL reason and 'extra' is any additional + * argument + */ + +char *make_revocation_str(int rev_type, char *rev_arg) + { + char *reason = NULL, *other = NULL, *str; + ASN1_OBJECT *otmp; + ASN1_UTCTIME *revtm = NULL; + int i; + switch (rev_type) + { + case REV_NONE: + break; + + case REV_CRL_REASON: + for (i = 0; i < 8; i++) + { + if (!strcasecmp(rev_arg, crl_reasons[i])) + { + reason = crl_reasons[i]; + break; + } + } + if (reason == NULL) + { + BIO_printf(bio_err, "Unknown CRL reason %s\n", rev_arg); + return NULL; + } + break; + + case REV_HOLD: + /* Argument is an OID */ + + otmp = OBJ_txt2obj(rev_arg, 0); + ASN1_OBJECT_free(otmp); + + if (otmp == NULL) + { + BIO_printf(bio_err, "Invalid object identifier %s\n", rev_arg); + return NULL; + } + + reason = "holdInstruction"; + other = rev_arg; + break; + + case REV_KEY_COMPROMISE: + case REV_CA_COMPROMISE: + + /* Argument is the key compromise time */ + if (!ASN1_GENERALIZEDTIME_set_string(NULL, rev_arg)) + { + BIO_printf(bio_err, "Invalid time format %s. Need YYYYMMDDHHMMSSZ\n", rev_arg); + return NULL; + } + other = rev_arg; + if (rev_type == REV_KEY_COMPROMISE) + reason = "keyTime"; + else + reason = "CAkeyTime"; + + break; + + } + + revtm = X509_gmtime_adj(NULL, 0); + + i = revtm->length + 1; + + if (reason) i += strlen(reason) + 1; + if (other) i += strlen(other) + 1; + + str = OPENSSL_malloc(i); + + if (!str) return NULL; + + strcpy(str, (char *)revtm->data); + if (reason) + { + strcat(str, ","); + strcat(str, reason); + } + if (other) + { + strcat(str, ","); + strcat(str, other); + } + ASN1_UTCTIME_free(revtm); + return str; + } + +/* Convert revocation field to X509_REVOKED entry + * return code: + * 0 error + * 1 OK + * 2 OK and some extensions added (i.e. V2 CRL) + */ + + +int make_revoked(X509_REVOKED *rev, char *str) + { + char *tmp = NULL; + int reason_code = -1; + int i, ret = 0; + ASN1_OBJECT *hold = NULL; + ASN1_GENERALIZEDTIME *comp_time = NULL; + ASN1_ENUMERATED *rtmp = NULL; + + ASN1_TIME *revDate = NULL; + + i = unpack_revinfo(&revDate, &reason_code, &hold, &comp_time, str); + + if (i == 0) + goto err; + + if (rev && !X509_REVOKED_set_revocationDate(rev, revDate)) + goto err; + + if (rev && (reason_code != OCSP_REVOKED_STATUS_NOSTATUS)) + { + rtmp = ASN1_ENUMERATED_new(); + if (!rtmp || !ASN1_ENUMERATED_set(rtmp, reason_code)) + goto err; + if (!X509_REVOKED_add1_ext_i2d(rev, NID_crl_reason, rtmp, 0, 0)) + goto err; + } + + if (rev && comp_time) + { + if (!X509_REVOKED_add1_ext_i2d(rev, NID_invalidity_date, comp_time, 0, 0)) + goto err; + } + if (rev && hold) + { + if (!X509_REVOKED_add1_ext_i2d(rev, NID_hold_instruction_code, hold, 0, 0)) + goto err; + } + + if (reason_code != OCSP_REVOKED_STATUS_NOSTATUS) + ret = 2; + else ret = 1; + + err: + + if (tmp) OPENSSL_free(tmp); + ASN1_OBJECT_free(hold); + ASN1_GENERALIZEDTIME_free(comp_time); + ASN1_ENUMERATED_free(rtmp); + ASN1_TIME_free(revDate); + + return ret; + } + +/* + * subject is expected to be in the format /type0=value0/type1=value1/type2=... + * where characters may be escaped by \ + */ +X509_NAME *do_subject(char *subject, long chtype) + { + size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */ + char *buf = OPENSSL_malloc(buflen); + size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */ + char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *)); + char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *)); + + char *sp = subject, *bp = buf; + int i, ne_num = 0; + + X509_NAME *n = NULL; + int nid; + + if (!buf || !ne_types || !ne_values) + { + BIO_printf(bio_err, "malloc error\n"); + goto error; + } + + if (*subject != '/') + { + BIO_printf(bio_err, "Subject does not start with '/'.\n"); + goto error; + } + sp++; /* skip leading / */ + + while (*sp) + { + /* collect type */ + ne_types[ne_num] = bp; + while (*sp) + { + if (*sp == '\\') /* is there anything to escape in the type...? */ + { + if (*++sp) + *bp++ = *sp++; + else + { + BIO_printf(bio_err, "escape character at end of string\n"); + goto error; + } + } + else if (*sp == '=') + { + sp++; + *bp++ = '\0'; + break; + } + else + *bp++ = *sp++; + } + if (!*sp) + { + BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num); + goto error; + } + ne_values[ne_num] = bp; + while (*sp) + { + if (*sp == '\\') + { + if (*++sp) + *bp++ = *sp++; + else + { + BIO_printf(bio_err, "escape character at end of string\n"); + goto error; + } + } + else if (*sp == '/') + { + sp++; + break; + } + else + *bp++ = *sp++; + } + *bp++ = '\0'; + ne_num++; + } + + if (!(n = X509_NAME_new())) + goto error; + + for (i = 0; i < ne_num; i++) + { + if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef) + { + BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]); + continue; + } + + if (!*ne_values[i]) + { + BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]); + continue; + } + + if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,0)) + goto error; + } + + OPENSSL_free(ne_values); + OPENSSL_free(ne_types); + OPENSSL_free(buf); + return n; + +error: + X509_NAME_free(n); + if (ne_values) + OPENSSL_free(ne_values); + if (ne_types) + OPENSSL_free(ne_types); + if (buf) + OPENSSL_free(buf); + return NULL; } +int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str) + { + char buf[25],*pbuf, *p; + int j; + j=i2a_ASN1_OBJECT(bp,obj); + pbuf=buf; + for (j=22-j; j>0; j--) + *(pbuf++)=' '; + *(pbuf++)=':'; + *(pbuf++)='\0'; + BIO_puts(bp,buf); + + if (str->type == V_ASN1_PRINTABLESTRING) + BIO_printf(bp,"PRINTABLE:'"); + else if (str->type == V_ASN1_T61STRING) + BIO_printf(bp,"T61STRING:'"); + else if (str->type == V_ASN1_IA5STRING) + BIO_printf(bp,"IA5STRING:'"); + else if (str->type == V_ASN1_UNIVERSALSTRING) + BIO_printf(bp,"UNIVERSALSTRING:'"); + else + BIO_printf(bp,"ASN.1 %2d:'",str->type); + + p=(char *)str->data; + for (j=str->length; j>0; j--) + { + if ((*p >= ' ') && (*p <= '~')) + BIO_printf(bp,"%c",*p); + else if (*p & 0x80) + BIO_printf(bp,"\\0x%02X",*p); + else if ((unsigned char)*p == 0xf7) + BIO_printf(bp,"^?"); + else BIO_printf(bp,"^%c",*p+'@'); + p++; + } + BIO_printf(bp,"'\n"); + return 1; + } + +int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME **pinvtm, char *str) + { + char *tmp = NULL; + char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p; + int reason_code = -1; + int i, ret = 0; + ASN1_OBJECT *hold = NULL; + ASN1_GENERALIZEDTIME *comp_time = NULL; + tmp = BUF_strdup(str); + + p = strchr(tmp, ','); + + rtime_str = tmp; + + if (p) + { + *p = '\0'; + p++; + reason_str = p; + p = strchr(p, ','); + if (p) + { + *p = '\0'; + arg_str = p + 1; + } + } + + if (prevtm) + { + *prevtm = ASN1_UTCTIME_new(); + if (!ASN1_UTCTIME_set_string(*prevtm, rtime_str)) + { + BIO_printf(bio_err, "invalid revocation date %s\n", rtime_str); + goto err; + } + } + if (reason_str) + { + for (i = 0; i < NUM_REASONS; i++) + { + if(!strcasecmp(reason_str, crl_reasons[i])) + { + reason_code = i; + break; + } + } + if (reason_code == OCSP_REVOKED_STATUS_NOSTATUS) + { + BIO_printf(bio_err, "invalid reason code %s\n", reason_str); + goto err; + } + + if (reason_code == 7) + reason_code = OCSP_REVOKED_STATUS_REMOVEFROMCRL; + else if (reason_code == 8) /* Hold instruction */ + { + if (!arg_str) + { + BIO_printf(bio_err, "missing hold instruction\n"); + goto err; + } + reason_code = OCSP_REVOKED_STATUS_CERTIFICATEHOLD; + hold = OBJ_txt2obj(arg_str, 0); + + if (!hold) + { + BIO_printf(bio_err, "invalid object identifier %s\n", arg_str); + goto err; + } + if (phold) *phold = hold; + } + else if ((reason_code == 9) || (reason_code == 10)) + { + if (!arg_str) + { + BIO_printf(bio_err, "missing compromised time\n"); + goto err; + } + comp_time = ASN1_GENERALIZEDTIME_new(); + if (!ASN1_GENERALIZEDTIME_set_string(comp_time, arg_str)) + { + BIO_printf(bio_err, "invalid compromised time %s\n", arg_str); + goto err; + } + if (reason_code == 9) + reason_code = OCSP_REVOKED_STATUS_KEYCOMPROMISE; + else + reason_code = OCSP_REVOKED_STATUS_CACOMPROMISE; + } + } + + if (preason) *preason = reason_code; + if (pinvtm) *pinvtm = comp_time; + else ASN1_GENERALIZEDTIME_free(comp_time); + + ret = 1; + + err: + + if (tmp) OPENSSL_free(tmp); + if (!phold) ASN1_OBJECT_free(hold); + if (!pinvtm) ASN1_GENERALIZEDTIME_free(comp_time); + + return ret; + } + +int make_serial_index(TXT_DB *db) + { + if (!TXT_DB_create_index(db, DB_serial, NULL, + LHASH_HASH_FN(index_serial_hash), + LHASH_COMP_FN(index_serial_cmp))) + { + BIO_printf(bio_err, + "error creating serial number index:(%ld,%ld,%ld)\n", + db->error,db->arg1,db->arg2); + return 0; + } + return 1; + } diff --git a/crypto/openssl/apps/ciphers.c b/crypto/openssl/apps/ciphers.c index b6e2f96..7c62fc5 100644 --- a/crypto/openssl/apps/ciphers.c +++ b/crypto/openssl/apps/ciphers.c @@ -59,7 +59,7 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> -#ifdef NO_STDIO +#ifdef OPENSSL_NO_STDIO #define APPS_WIN16 #endif #include "apps.h" @@ -95,11 +95,11 @@ int MAIN(int argc, char **argv) char buf[512]; BIO *STDout=NULL; -#if !defined(NO_SSL2) && !defined(NO_SSL3) +#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) meth=SSLv23_server_method(); -#elif !defined(NO_SSL3) +#elif !defined(OPENSSL_NO_SSL3) meth=SSLv3_server_method(); -#elif !defined(NO_SSL2) +#elif !defined(OPENSSL_NO_SSL2) meth=SSLv2_server_method(); #endif @@ -108,7 +108,7 @@ int MAIN(int argc, char **argv) if (bio_err == NULL) bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); STDout=BIO_new_fp(stdout,BIO_NOCLOSE); -#ifdef VMS +#ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); STDout = BIO_push(tmpbio, STDout); @@ -121,15 +121,15 @@ int MAIN(int argc, char **argv) { if (strcmp(*argv,"-v") == 0) verbose=1; -#ifndef NO_SSL2 +#ifndef OPENSSL_NO_SSL2 else if (strcmp(*argv,"-ssl2") == 0) meth=SSLv2_client_method(); #endif -#ifndef NO_SSL3 +#ifndef OPENSSL_NO_SSL3 else if (strcmp(*argv,"-ssl3") == 0) meth=SSLv3_client_method(); #endif -#ifndef NO_TLS1 +#ifndef OPENSSL_NO_TLS1 else if (strcmp(*argv,"-tls1") == 0) meth=TLSv1_client_method(); #endif @@ -150,7 +150,7 @@ int MAIN(int argc, char **argv) if (badops) { for (pp=ciphers_usage; (*pp != NULL); pp++) - BIO_printf(bio_err,*pp); + BIO_printf(bio_err,"%s",*pp); goto end; } @@ -187,7 +187,7 @@ int MAIN(int argc, char **argv) { BIO_puts(STDout,SSL_CIPHER_description( sk_SSL_CIPHER_value(sk,i), - buf,512)); + buf,sizeof buf)); } } @@ -202,6 +202,7 @@ end: if (ctx != NULL) SSL_CTX_free(ctx); if (ssl != NULL) SSL_free(ssl); if (STDout != NULL) BIO_free_all(STDout); - EXIT(ret); + apps_shutdown(); + OPENSSL_EXIT(ret); } diff --git a/crypto/openssl/apps/crl.c b/crypto/openssl/apps/crl.c index 3b5725f..c6089ac 100644 --- a/crypto/openssl/apps/crl.c +++ b/crypto/openssl/apps/crl.c @@ -87,6 +87,7 @@ static char *crl_usage[]={ " -noout - no CRL output\n", " -CAfile name - verify CRL using certificates in file \"name\"\n", " -CApath dir - verify CRL using certificates in \"dir\"\n", +" -nameopt arg - various certificate name options\n", NULL }; @@ -97,6 +98,7 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + unsigned long nmflag = 0; X509_CRL *x=NULL; char *CAfile = NULL, *CApath = NULL; int ret=1,i,num,badops=0; @@ -105,7 +107,7 @@ int MAIN(int argc, char **argv) char *infile=NULL,*outfile=NULL; int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0; int fingerprint = 0; - char **pp,buf[256]; + char **pp; X509_STORE *store = NULL; X509_STORE_CTX ctx; X509_LOOKUP *lookup = NULL; @@ -120,11 +122,14 @@ int MAIN(int argc, char **argv) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if (!load_config(bio_err, NULL)) + goto end; + if (bio_out == NULL) if ((bio_out=BIO_new(BIO_s_file())) != NULL) { BIO_set_fp(bio_out,stdout,BIO_NOCLOSE); -#ifdef VMS +#ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); bio_out = BIO_push(tmpbio, bio_out); @@ -185,6 +190,11 @@ int MAIN(int argc, char **argv) text = 1; else if (strcmp(*argv,"-hash") == 0) hash= ++num; + else if (strcmp(*argv,"-nameopt") == 0) + { + if (--argc < 1) goto bad; + if (!set_name_ex(&nmflag, *(++argv))) goto bad; + } else if (strcmp(*argv,"-issuer") == 0) issuer= ++num; else if (strcmp(*argv,"-lastupdate") == 0) @@ -214,7 +224,7 @@ int MAIN(int argc, char **argv) { bad: for (pp=crl_usage; (*pp != NULL); pp++) - BIO_printf(bio_err,*pp); + BIO_printf(bio_err,"%s",*pp); goto end; } @@ -235,7 +245,11 @@ bad: X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT); ERR_clear_error(); - X509_STORE_CTX_init(&ctx, store, NULL, NULL); + if(!X509_STORE_CTX_init(&ctx, store, NULL, NULL)) { + BIO_printf(bio_err, + "Error initialising X509 store\n"); + goto end; + } i = X509_STORE_get_by_subject(&ctx, X509_LU_X509, X509_CRL_get_issuer(x), &xobj); @@ -264,9 +278,7 @@ bad: { if (issuer == i) { - X509_NAME_oneline(X509_CRL_get_issuer(x), - buf,256); - BIO_printf(bio_out,"issuer= %s\n",buf); + print_name(bio_out, "issuer=", X509_CRL_get_issuer(x), nmflag); } if (hash == i) @@ -324,7 +336,7 @@ bad: if (outfile == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); -#ifdef VMS +#ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); @@ -364,7 +376,8 @@ end: X509_STORE_CTX_cleanup(&ctx); X509_STORE_free(store); } - EXIT(ret); + apps_shutdown(); + OPENSSL_EXIT(ret); } static X509_CRL *load_crl(char *infile, int format) diff --git a/crypto/openssl/apps/crl2p7.c b/crypto/openssl/apps/crl2p7.c index 7f853b6..b2f2d12 100644 --- a/crypto/openssl/apps/crl2p7.c +++ b/crypto/openssl/apps/crl2p7.c @@ -166,7 +166,8 @@ bad: BIO_printf(bio_err," -certfile arg certificates file of chain to a trusted CA\n"); BIO_printf(bio_err," (can be used more than once)\n"); BIO_printf(bio_err," -nocrl no crl to load, just certs from '-certfile'\n"); - EXIT(1); + ret = 1; + goto end; } ERR_load_crypto_strings(); @@ -241,7 +242,7 @@ bad: if (outfile == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); -#ifdef VMS +#ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); @@ -278,7 +279,8 @@ end: if (p7 != NULL) PKCS7_free(p7); if (crl != NULL) X509_CRL_free(crl); - EXIT(ret); + apps_shutdown(); + OPENSSL_EXIT(ret); } /* diff --git a/crypto/openssl/apps/dgst.c b/crypto/openssl/apps/dgst.c index 482b023..280f79b 100644 --- a/crypto/openssl/apps/dgst.c +++ b/crypto/openssl/apps/dgst.c @@ -73,13 +73,15 @@ #undef PROG #define PROG dgst_main -void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, - EVP_PKEY *key, unsigned char *sigin, int siglen); +int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, + EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title, + const char *file); int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; unsigned char *buf=NULL; int i,err=0; const EVP_MD *md=NULL,*m; @@ -91,12 +93,14 @@ int MAIN(int argc, char **argv) char pname[PROG_NAME_SIZE+1]; int separator=0; int debug=0; + int keyform=FORMAT_PEM; const char *outfile = NULL, *keyfile = NULL; const char *sigfile = NULL, *randfile = NULL; int out_bin = -1, want_pub = 0, do_verify = 0; EVP_PKEY *sigkey = NULL; unsigned char *sigbuf = NULL; int siglen = 0; + char *engine=NULL; apps_startup(); @@ -109,8 +113,11 @@ int MAIN(int argc, char **argv) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if (!load_config(bio_err, NULL)) + goto end; + /* first check the program name */ - program_name(argv[0],pname,PROG_NAME_SIZE); + program_name(argv[0],pname,sizeof pname); md=EVP_get_digestbyname(pname); @@ -154,6 +161,16 @@ int MAIN(int argc, char **argv) if (--argc < 1) break; sigfile=*(++argv); } + else if (strcmp(*argv,"-keyform") == 0) + { + if (--argc < 1) break; + keyform=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-engine") == 0) + { + if (--argc < 1) break; + engine= *(++argv); + } else if (strcmp(*argv,"-hex") == 0) out_bin = 0; else if (strcmp(*argv,"-binary") == 0) @@ -188,8 +205,10 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err,"-sign file sign digest using private key in file\n"); BIO_printf(bio_err,"-verify file verify a signature using public key in file\n"); BIO_printf(bio_err,"-prverify file verify a signature using private key in file\n"); + BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGINE)\n"); BIO_printf(bio_err,"-signature file signature to verify\n"); BIO_printf(bio_err,"-binary output in binary form\n"); + BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n", LN_md5,LN_md5); @@ -209,6 +228,8 @@ int MAIN(int argc, char **argv) goto end; } + e = setup_engine(bio_err, engine, 0); + in=BIO_new(BIO_s_file()); bmd=BIO_new(BIO_f_md()); if (debug) @@ -238,7 +259,7 @@ int MAIN(int argc, char **argv) else out = BIO_new_file(outfile, "w"); } else { out = BIO_new_fp(stdout, BIO_NOCLOSE); -#ifdef VMS +#ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); @@ -253,27 +274,21 @@ int MAIN(int argc, char **argv) goto end; } - if(keyfile) { - BIO *keybio; - keybio = BIO_new_file(keyfile, "r"); - if(!keybio) { - BIO_printf(bio_err, "Error opening key file %s\n", - keyfile); - ERR_print_errors(bio_err); - goto end; - } - - if(want_pub) - sigkey = PEM_read_bio_PUBKEY(keybio, NULL, NULL, NULL); - else sigkey = PEM_read_bio_PrivateKey(keybio, NULL, NULL, NULL); - BIO_free(keybio); - if(!sigkey) { - BIO_printf(bio_err, "Error reading key file %s\n", - keyfile); - ERR_print_errors(bio_err); + if(keyfile) + { + if (want_pub) + sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL, + e, "key file"); + else + sigkey = load_key(bio_err, keyfile, keyform, 0, NULL, + e, "key file"); + if (!sigkey) + { + /* load_[pub]key() has already printed an appropriate + message */ goto end; + } } - } if(sigfile && sigkey) { BIO *sigbio; @@ -305,29 +320,43 @@ int MAIN(int argc, char **argv) if (argc == 0) { BIO_set_fp(in,stdin,BIO_NOCLOSE); - do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf, siglen); + err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf, + siglen,"","(stdin)"); } else { name=OBJ_nid2sn(md->type); for (i=0; i<argc; i++) { + char *tmp,*tofree=NULL; + int r; + if (BIO_read_filename(in,argv[i]) <= 0) { perror(argv[i]); err++; continue; } - if(!out_bin) BIO_printf(out, "%s(%s)= ",name,argv[i]); - do_fp(out, buf,inp,separator, out_bin, sigkey, - sigbuf, siglen); + if(!out_bin) + { + tmp=tofree=OPENSSL_malloc(strlen(name)+strlen(argv[i])+5); + sprintf(tmp,"%s(%s)= ",name,argv[i]); + } + else + tmp=""; + r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf, + siglen,tmp,argv[i]); + if(r) + err=r; + if(tofree) + OPENSSL_free(tofree); (void)BIO_reset(bmd); } } end: if (buf != NULL) { - memset(buf,0,BUFSIZE); + OPENSSL_cleanse(buf,BUFSIZE); OPENSSL_free(buf); } if (in != NULL) BIO_free(in); @@ -335,11 +364,13 @@ end: EVP_PKEY_free(sigkey); if(sigbuf) OPENSSL_free(sigbuf); if (bmd != NULL) BIO_free(bmd); - EXIT(err); + apps_shutdown(); + OPENSSL_EXIT(err); } -void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, - EVP_PKEY *key, unsigned char *sigin, int siglen) +int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, + EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title, + const char *file) { int len; int i; @@ -347,21 +378,33 @@ void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, for (;;) { i=BIO_read(bp,(char *)buf,BUFSIZE); - if (i <= 0) break; + if(i < 0) + { + BIO_printf(bio_err, "Read Error in %s\n",file); + ERR_print_errors(bio_err); + return 1; + } + if (i == 0) break; } if(sigin) { EVP_MD_CTX *ctx; BIO_get_md_ctx(bp, &ctx); i = EVP_VerifyFinal(ctx, sigin, (unsigned int)siglen, key); - if(i > 0) BIO_printf(out, "Verified OK\n"); - else if(i == 0) BIO_printf(out, "Verification Failure\n"); + if(i > 0) + BIO_printf(out, "Verified OK\n"); + else if(i == 0) + { + BIO_printf(out, "Verification Failure\n"); + return 1; + } else { BIO_printf(bio_err, "Error Verifying Data\n"); ERR_print_errors(bio_err); + return 1; } - return; + return 0; } if(key) { @@ -371,7 +414,7 @@ void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, { BIO_printf(bio_err, "Error Signing Data\n"); ERR_print_errors(bio_err); - return; + return 1; } } else @@ -380,6 +423,7 @@ void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, if(binout) BIO_write(out, buf, len); else { + BIO_write(out,title,strlen(title)); for (i=0; i<len; i++) { if (sep && (i != 0)) @@ -388,5 +432,6 @@ void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, } BIO_printf(out, "\n"); } + return 0; } diff --git a/crypto/openssl/apps/dh.c b/crypto/openssl/apps/dh.c index 7465442..c10ea96 100644 --- a/crypto/openssl/apps/dh.c +++ b/crypto/openssl/apps/dh.c @@ -57,7 +57,7 @@ * [including the GNU Public Licence.] */ -#ifndef NO_DH +#ifndef OPENSSL_NO_DH #include <stdio.h> #include <stdlib.h> #include <time.h> @@ -87,11 +87,12 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; DH *dh=NULL; int i,badops=0,text=0; BIO *in=NULL,*out=NULL; int informat,outformat,check=0,noout=0,C=0,ret=1; - char *infile,*outfile,*prog; + char *infile,*outfile,*prog,*engine; apps_startup(); @@ -99,6 +100,10 @@ int MAIN(int argc, char **argv) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if (!load_config(bio_err, NULL)) + goto end; + + engine=NULL; infile=NULL; outfile=NULL; informat=FORMAT_PEM; @@ -129,6 +134,11 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; outfile= *(++argv); } + else if (strcmp(*argv,"-engine") == 0) + { + if (--argc < 1) goto bad; + engine= *(++argv); + } else if (strcmp(*argv,"-check") == 0) check=1; else if (strcmp(*argv,"-text") == 0) @@ -160,11 +170,14 @@ bad: BIO_printf(bio_err," -text print a text form of the DH parameters\n"); BIO_printf(bio_err," -C Output C code\n"); BIO_printf(bio_err," -noout no output\n"); + BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); goto end; } ERR_load_crypto_strings(); + e = setup_engine(bio_err, engine, 0); + in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); if ((in == NULL) || (out == NULL)) @@ -186,7 +199,7 @@ bad: if (outfile == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); -#ifdef VMS +#ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); @@ -319,6 +332,7 @@ end: if (in != NULL) BIO_free(in); if (out != NULL) BIO_free_all(out); if (dh != NULL) DH_free(dh); - EXIT(ret); + apps_shutdown(); + OPENSSL_EXIT(ret); } #endif diff --git a/crypto/openssl/apps/dhparam.c b/crypto/openssl/apps/dhparam.c index 5f9b601..cbc65bc 100644 --- a/crypto/openssl/apps/dhparam.c +++ b/crypto/openssl/apps/dhparam.c @@ -109,7 +109,7 @@ * */ -#ifndef NO_DH +#ifndef OPENSSL_NO_DH #include <stdio.h> #include <stdlib.h> #include <time.h> @@ -122,7 +122,7 @@ #include <openssl/x509.h> #include <openssl/pem.h> -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA #include <openssl/dsa.h> #endif @@ -148,15 +148,16 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; DH *dh=NULL; int i,badops=0,text=0; -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA int dsaparam=0; #endif BIO *in=NULL,*out=NULL; int informat,outformat,check=0,noout=0,C=0,ret=1; char *infile,*outfile,*prog; - char *inrand=NULL; + char *inrand=NULL,*engine=NULL; int num = 0, g = 0; apps_startup(); @@ -165,6 +166,9 @@ int MAIN(int argc, char **argv) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if (!load_config(bio_err, NULL)) + goto end; + infile=NULL; outfile=NULL; informat=FORMAT_PEM; @@ -195,11 +199,16 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; outfile= *(++argv); } + else if (strcmp(*argv,"-engine") == 0) + { + if (--argc < 1) goto bad; + engine= *(++argv); + } else if (strcmp(*argv,"-check") == 0) check=1; else if (strcmp(*argv,"-text") == 0) text=1; -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA else if (strcmp(*argv,"-dsaparam") == 0) dsaparam=1; #endif @@ -231,7 +240,7 @@ bad: BIO_printf(bio_err," -outform arg output format - one of DER PEM\n"); BIO_printf(bio_err," -in arg input file\n"); BIO_printf(bio_err," -out arg output file\n"); -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA BIO_printf(bio_err," -dsaparam read or generate DSA parameters, convert to DH\n"); #endif BIO_printf(bio_err," -check check the DH parameters\n"); @@ -240,6 +249,7 @@ bad: BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n"); BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n"); BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n"); + BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); BIO_printf(bio_err," the random number generator\n"); @@ -249,10 +259,12 @@ bad: ERR_load_crypto_strings(); + e = setup_engine(bio_err, engine, 0); + if (g && !num) num = DEFBITS; -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA if (dsaparam) { if (g) @@ -279,7 +291,7 @@ bad: BIO_printf(bio_err,"%ld semi-random bytes loaded\n", app_RAND_load_files(inrand)); -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA if (dsaparam) { DSA *dsa; @@ -340,7 +352,7 @@ bad: goto end; } -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA if (dsaparam) { DSA *dsa; @@ -393,7 +405,7 @@ bad: if (outfile == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); -#ifdef VMS +#ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); @@ -478,7 +490,7 @@ bad: printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n"); printf("\t\t{ DH_free(dh); return(NULL); }\n"); if (dh->length) - printf("\tdh->length = %d;\n", dh->length); + printf("\tdh->length = %ld;\n", dh->length); printf("\treturn(dh);\n\t}\n"); OPENSSL_free(data); } @@ -506,7 +518,8 @@ end: if (in != NULL) BIO_free(in); if (out != NULL) BIO_free_all(out); if (dh != NULL) DH_free(dh); - EXIT(ret); + apps_shutdown(); + OPENSSL_EXIT(ret); } /* dh_cb is identical to dsa_cb in apps/dsaparam.c */ diff --git a/crypto/openssl/apps/dsa.c b/crypto/openssl/apps/dsa.c index 7c4a46f..6598871 100644 --- a/crypto/openssl/apps/dsa.c +++ b/crypto/openssl/apps/dsa.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -79,6 +79,9 @@ * -des - encrypt output if PEM format with DES in cbc mode * -des3 - encrypt output if PEM format * -idea - encrypt output if PEM format + * -aes128 - encrypt output if PEM format + * -aes192 - encrypt output if PEM format + * -aes256 - encrypt output if PEM format * -text - print a text version * -modulus - print the DSA public key */ @@ -87,6 +90,7 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; int ret=1; DSA *dsa=NULL; int i,badops=0; @@ -94,7 +98,7 @@ int MAIN(int argc, char **argv) BIO *in=NULL,*out=NULL; int informat,outformat,text=0,noout=0; int pubin = 0, pubout = 0; - char *infile,*outfile,*prog; + char *infile,*outfile,*prog,*engine; char *passargin = NULL, *passargout = NULL; char *passin = NULL, *passout = NULL; int modulus=0; @@ -105,6 +109,10 @@ int MAIN(int argc, char **argv) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if (!load_config(bio_err, NULL)) + goto end; + + engine=NULL; infile=NULL; outfile=NULL; informat=FORMAT_PEM; @@ -145,6 +153,11 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; passargout= *(++argv); } + else if (strcmp(*argv,"-engine") == 0) + { + if (--argc < 1) goto bad; + engine= *(++argv); + } else if (strcmp(*argv,"-noout") == 0) noout=1; else if (strcmp(*argv,"-text") == 0) @@ -176,11 +189,16 @@ bad: BIO_printf(bio_err," -passin arg input file pass phrase source\n"); BIO_printf(bio_err," -out arg output file\n"); BIO_printf(bio_err," -passout arg output file pass phrase source\n"); + BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err," -des encrypt PEM output with cbc des\n"); BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); -#ifndef NO_IDEA +#ifndef OPENSSL_NO_IDEA BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n"); #endif +#ifndef OPENSSL_NO_AES + BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); + BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); +#endif BIO_printf(bio_err," -text print the key in text\n"); BIO_printf(bio_err," -noout don't print key out\n"); BIO_printf(bio_err," -modulus print the DSA public value\n"); @@ -189,6 +207,8 @@ bad: ERR_load_crypto_strings(); + e = setup_engine(bio_err, engine, 0); + if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); goto end; @@ -235,7 +255,7 @@ bad: if (outfile == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); -#ifdef VMS +#ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); @@ -293,6 +313,7 @@ end: if(dsa != NULL) DSA_free(dsa); if(passin) OPENSSL_free(passin); if(passout) OPENSSL_free(passout); - EXIT(ret); + apps_shutdown(); + OPENSSL_EXIT(ret); } #endif diff --git a/crypto/openssl/apps/dsaparam.c b/crypto/openssl/apps/dsaparam.c index 0c2529e..320d76f 100644 --- a/crypto/openssl/apps/dsaparam.c +++ b/crypto/openssl/apps/dsaparam.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA #include <assert.h> #include <stdio.h> #include <stdlib.h> @@ -90,6 +90,7 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; DSA *dsa=NULL; int i,badops=0,text=0; BIO *in=NULL,*out=NULL; @@ -97,6 +98,7 @@ int MAIN(int argc, char **argv) char *infile,*outfile,*prog,*inrand=NULL; int numbits= -1,num,genkey=0; int need_rand=0; + char *engine=NULL; apps_startup(); @@ -104,6 +106,9 @@ int MAIN(int argc, char **argv) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if (!load_config(bio_err, NULL)) + goto end; + infile=NULL; outfile=NULL; informat=FORMAT_PEM; @@ -134,6 +139,11 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; outfile= *(++argv); } + else if(strcmp(*argv, "-engine") == 0) + { + if (--argc < 1) goto bad; + engine = *(++argv); + } else if (strcmp(*argv,"-text") == 0) text=1; else if (strcmp(*argv,"-C") == 0) @@ -179,7 +189,9 @@ bad: BIO_printf(bio_err," -text print as text\n"); BIO_printf(bio_err," -C Output C code\n"); BIO_printf(bio_err," -noout no output\n"); + BIO_printf(bio_err," -genkey generate a DSA key\n"); BIO_printf(bio_err," -rand files to use for random number input\n"); + BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err," number number of bits to use for generating private key\n"); goto end; } @@ -207,7 +219,7 @@ bad: if (outfile == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); -#ifdef VMS +#ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); @@ -223,6 +235,8 @@ bad: } } + e = setup_engine(bio_err, engine, 0); + if (need_rand) { app_RAND_load_file(NULL, bio_err, (inrand != NULL)); @@ -357,7 +371,8 @@ end: if (in != NULL) BIO_free(in); if (out != NULL) BIO_free_all(out); if (dsa != NULL) DSA_free(dsa); - EXIT(ret); + apps_shutdown(); + OPENSSL_EXIT(ret); } static void MS_CALLBACK dsa_cb(int p, int n, void *arg) diff --git a/crypto/openssl/apps/enc.c b/crypto/openssl/apps/enc.c index e375363..42ddfd2 100644 --- a/crypto/openssl/apps/enc.c +++ b/crypto/openssl/apps/enc.c @@ -66,10 +66,8 @@ #include <openssl/objects.h> #include <openssl/x509.h> #include <openssl/rand.h> -#ifndef NO_MD5 -#include <openssl/md5.h> -#endif #include <openssl/pem.h> +#include <ctype.h> int set_hex(char *in,unsigned char *out,int size); #undef SIZE @@ -80,17 +78,37 @@ int set_hex(char *in,unsigned char *out,int size); #define BSIZE (8*1024) #define PROG enc_main +static void show_ciphers(const OBJ_NAME *name,void *bio_) + { + BIO *bio=bio_; + static int n; + + if(!islower((unsigned char)*name->name)) + return; + + BIO_printf(bio,"-%-25s",name->name); + if(++n == 3) + { + BIO_printf(bio,"\n"); + n=0; + } + else + BIO_printf(bio," "); + } + int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; static const char magic[]="Salted__"; - char mbuf[8]; /* should be 1 smaller than magic */ + char mbuf[sizeof magic-1]; char *strbuf=NULL; unsigned char *buff=NULL,*bufsize=NULL; int bsize=BSIZE,verbose=0; int ret=1,inl; - unsigned char key[24],iv[MD5_DIGEST_LENGTH]; + int nopad = 0; + unsigned char key[EVP_MAX_KEY_LENGTH],iv[EVP_MAX_IV_LENGTH]; unsigned char salt[PKCS5_SALT_LEN]; char *str=NULL, *passarg = NULL, *pass = NULL; char *hkey=NULL,*hiv=NULL,*hsalt = NULL; @@ -101,6 +119,7 @@ int MAIN(int argc, char **argv) BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL; #define PROG_NAME_SIZE 39 char pname[PROG_NAME_SIZE+1]; + char *engine = NULL; apps_startup(); @@ -108,8 +127,11 @@ int MAIN(int argc, char **argv) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if (!load_config(bio_err, NULL)) + goto end; + /* first check the program name */ - program_name(argv[0],pname,PROG_NAME_SIZE); + program_name(argv[0],pname,sizeof pname); if (strcmp(pname,"base64") == 0) base64=1; @@ -141,12 +163,19 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; passarg= *(++argv); } + else if (strcmp(*argv,"-engine") == 0) + { + if (--argc < 1) goto bad; + engine= *(++argv); + } else if (strcmp(*argv,"-d") == 0) enc=0; else if (strcmp(*argv,"-p") == 0) printkey=1; else if (strcmp(*argv,"-v") == 0) verbose=1; + else if (strcmp(*argv,"-nopad") == 0) + nopad=1; else if (strcmp(*argv,"-salt") == 0) nosalt=0; else if (strcmp(*argv,"-nosalt") == 0) @@ -187,7 +216,7 @@ int MAIN(int argc, char **argv) goto bad; } buf[0]='\0'; - fgets(buf,128,infile); + fgets(buf,sizeof buf,infile); fclose(infile); i=strlen(buf); if ((i > 0) && @@ -241,79 +270,22 @@ bad: BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv"); BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]"); BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>"); + BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e"); BIO_printf(bio_err,"Cipher Types\n"); - BIO_printf(bio_err,"des : 56 bit key DES encryption\n"); - BIO_printf(bio_err,"des_ede :112 bit key ede DES encryption\n"); - BIO_printf(bio_err,"des_ede3:168 bit key ede DES encryption\n"); -#ifndef NO_IDEA - BIO_printf(bio_err,"idea :128 bit key IDEA encryption\n"); -#endif -#ifndef NO_RC4 - BIO_printf(bio_err,"rc2 :128 bit key RC2 encryption\n"); -#endif -#ifndef NO_BF - BIO_printf(bio_err,"bf :128 bit key Blowfish encryption\n"); -#endif -#ifndef NO_RC4 - BIO_printf(bio_err," -%-5s :128 bit key RC4 encryption\n", - LN_rc4); -#endif + OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, + show_ciphers, + bio_err); + BIO_printf(bio_err,"\n"); - BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s", - LN_des_ecb,LN_des_cbc, - LN_des_cfb64,LN_des_ofb64); - BIO_printf(bio_err," -%-4s (%s)\n", - "des", LN_des_cbc); - - BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s", - LN_des_ede,LN_des_ede_cbc, - LN_des_ede_cfb64,LN_des_ede_ofb64); - BIO_printf(bio_err," -desx -none\n"); - - - BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s", - LN_des_ede3,LN_des_ede3_cbc, - LN_des_ede3_cfb64,LN_des_ede3_ofb64); - BIO_printf(bio_err," -%-4s (%s)\n", - "des3", LN_des_ede3_cbc); - -#ifndef NO_IDEA - BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s", - LN_idea_ecb, LN_idea_cbc, - LN_idea_cfb64, LN_idea_ofb64); - BIO_printf(bio_err," -%-4s (%s)\n","idea",LN_idea_cbc); -#endif -#ifndef NO_RC2 - BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s", - LN_rc2_ecb, LN_rc2_cbc, - LN_rc2_cfb64, LN_rc2_ofb64); - BIO_printf(bio_err," -%-4s (%s)\n","rc2", LN_rc2_cbc); -#endif -#ifndef NO_BF - BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s", - LN_bf_ecb, LN_bf_cbc, - LN_bf_cfb64, LN_bf_ofb64); - BIO_printf(bio_err," -%-4s (%s)\n","bf", LN_bf_cbc); -#endif -#ifndef NO_CAST - BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s", - LN_cast5_ecb, LN_cast5_cbc, - LN_cast5_cfb64, LN_cast5_ofb64); - BIO_printf(bio_err," -%-4s (%s)\n","cast", LN_cast5_cbc); -#endif -#ifndef NO_RC5 - BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s", - LN_rc5_ecb, LN_rc5_cbc, - LN_rc5_cfb64, LN_rc5_ofb64); - BIO_printf(bio_err," -%-4s (%s)\n","rc5", LN_rc5_cbc); -#endif goto end; } argc--; argv++; } + e = setup_engine(bio_err, engine, 0); + if (bufsize != NULL) { unsigned long n; @@ -418,7 +390,7 @@ bad: if (outf == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); -#ifdef VMS +#ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); @@ -456,6 +428,9 @@ bad: if (cipher != NULL) { + /* Note that str is NULL if a key was passed on the command + * line, so we get no salt in that case. Is this a bug? + */ if (str != NULL) { /* Salt handling: if encrypting generate a salt and @@ -467,12 +442,12 @@ bad: else { if(enc) { if(hsalt) { - if(!set_hex(hsalt,salt,PKCS5_SALT_LEN)) { + if(!set_hex(hsalt,salt,sizeof salt)) { BIO_printf(bio_err, "invalid hex salt value\n"); goto end; } - } else if (RAND_pseudo_bytes(salt, PKCS5_SALT_LEN) < 0) + } else if (RAND_pseudo_bytes(salt, sizeof salt) < 0) goto end; /* If -P option then don't bother writing */ if((printkey != 2) @@ -480,14 +455,14 @@ bad: sizeof magic-1) != sizeof magic-1 || BIO_write(wbio, (char *)salt, - PKCS5_SALT_LEN) != PKCS5_SALT_LEN)) { + sizeof salt) != sizeof salt)) { BIO_printf(bio_err,"error writing output file\n"); goto end; } } else if(BIO_read(rbio,mbuf,sizeof mbuf) != sizeof mbuf || BIO_read(rbio, (unsigned char *)salt, - PKCS5_SALT_LEN) != PKCS5_SALT_LEN) { + sizeof salt) != sizeof salt) { BIO_printf(bio_err,"error reading input file\n"); goto end; } else if(memcmp(mbuf,magic,sizeof magic-1)) { @@ -506,11 +481,11 @@ bad: * bug picked up by * Larry J. Hughes Jr. <hughes@indiana.edu> */ if (str == strbuf) - memset(str,0,SIZE); + OPENSSL_cleanse(str,SIZE); else - memset(str,0,strlen(str)); + OPENSSL_cleanse(str,strlen(str)); } - if ((hiv != NULL) && !set_hex(hiv,iv,8)) + if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv)) { BIO_printf(bio_err,"invalid hex iv value\n"); goto end; @@ -523,7 +498,7 @@ bad: BIO_printf(bio_err, "iv undefined\n"); goto end; } - if ((hkey != NULL) && !set_hex(hkey,key,24)) + if ((hkey != NULL) && !set_hex(hkey,key,sizeof key)) { BIO_printf(bio_err,"invalid hex key value\n"); goto end; @@ -532,6 +507,12 @@ bad: if ((benc=BIO_new(BIO_f_cipher())) == NULL) goto end; BIO_set_cipher(benc,cipher,key,iv,enc); + if (nopad) + { + EVP_CIPHER_CTX *ctx; + BIO_get_cipher_ctx(benc, &ctx); + EVP_CIPHER_CTX_set_padding(ctx, 0); + } if (debug) { BIO_set_callback(benc,BIO_debug_callback); @@ -543,7 +524,7 @@ bad: if (!nosalt) { printf("salt="); - for (i=0; i<PKCS5_SALT_LEN; i++) + for (i=0; i<sizeof salt; i++) printf("%02X",salt[i]); printf("\n"); } @@ -604,7 +585,8 @@ end: if (benc != NULL) BIO_free(benc); if (b64 != NULL) BIO_free(b64); if(pass) OPENSSL_free(pass); - EXIT(ret); + apps_shutdown(); + OPENSSL_EXIT(ret); } int set_hex(char *in, unsigned char *out, int size) diff --git a/crypto/openssl/apps/engine.c b/crypto/openssl/apps/engine.c new file mode 100644 index 0000000..b718ae1 --- /dev/null +++ b/crypto/openssl/apps/engine.c @@ -0,0 +1,520 @@ +/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */ +/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL + * project 2000. + */ +/* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#ifdef OPENSSL_NO_STDIO +#define APPS_WIN16 +#endif +#include "apps.h" +#include <openssl/err.h> +#include <openssl/engine.h> +#include <openssl/ssl.h> + +#undef PROG +#define PROG engine_main + +static char *engine_usage[]={ +"usage: engine opts [engine ...]\n", +" -v[v[v[v]]] - verbose mode, for each engine, list its 'control commands'\n", +" -vv will additionally display each command's description\n", +" -vvv will also add the input flags for each command\n", +" -vvvv will also show internal input flags\n", +" -c - for each engine, also list the capabilities\n", +" -t - for each engine, check that they are really available\n", +" -pre <cmd> - runs command 'cmd' against the ENGINE before any attempts\n", +" to load it (if -t is used)\n", +" -post <cmd> - runs command 'cmd' against the ENGINE after loading it\n", +" (only used if -t is also provided)\n", +" NB: -pre and -post will be applied to all ENGINEs supplied on the command\n", +" line, or all supported ENGINEs if none are specified.\n", +" Eg. '-pre \"SO_PATH:/lib/libdriver.so\"' calls command \"SO_PATH\" with\n", +" argument \"/lib/libdriver.so\".\n", +NULL +}; + +static void identity(void *ptr) + { + return; + } + +static int append_buf(char **buf, const char *s, int *size, int step) + { + int l = strlen(s); + + if (*buf == NULL) + { + *size = step; + *buf = OPENSSL_malloc(*size); + if (*buf == NULL) + return 0; + **buf = '\0'; + } + + if (**buf != '\0') + l += 2; /* ", " */ + + if (strlen(*buf) + strlen(s) >= (unsigned int)*size) + { + *size += step; + *buf = OPENSSL_realloc(*buf, *size); + } + + if (*buf == NULL) + return 0; + + if (**buf != '\0') + strcat(*buf, ", "); + strcat(*buf, s); + + return 1; + } + +static int util_flags(BIO *bio_out, unsigned int flags, const char *indent) + { + int started = 0, err = 0; + /* Indent before displaying input flags */ + BIO_printf(bio_out, "%s%s(input flags): ", indent, indent); + if(flags == 0) + { + BIO_printf(bio_out, "<no flags>\n"); + return 1; + } + /* If the object is internal, mark it in a way that shows instead of + * having it part of all the other flags, even if it really is. */ + if(flags & ENGINE_CMD_FLAG_INTERNAL) + { + BIO_printf(bio_out, "[Internal] "); + } + + if(flags & ENGINE_CMD_FLAG_NUMERIC) + { + if(started) + { + BIO_printf(bio_out, "|"); + err = 1; + } + BIO_printf(bio_out, "NUMERIC"); + started = 1; + } + /* Now we check that no combinations of the mutually exclusive NUMERIC, + * STRING, and NO_INPUT flags have been used. Future flags that can be + * OR'd together with these would need to added after these to preserve + * the testing logic. */ + if(flags & ENGINE_CMD_FLAG_STRING) + { + if(started) + { + BIO_printf(bio_out, "|"); + err = 1; + } + BIO_printf(bio_out, "STRING"); + started = 1; + } + if(flags & ENGINE_CMD_FLAG_NO_INPUT) + { + if(started) + { + BIO_printf(bio_out, "|"); + err = 1; + } + BIO_printf(bio_out, "NO_INPUT"); + started = 1; + } + /* Check for unknown flags */ + flags = flags & ~ENGINE_CMD_FLAG_NUMERIC & + ~ENGINE_CMD_FLAG_STRING & + ~ENGINE_CMD_FLAG_NO_INPUT & + ~ENGINE_CMD_FLAG_INTERNAL; + if(flags) + { + if(started) BIO_printf(bio_out, "|"); + BIO_printf(bio_out, "<0x%04X>", flags); + } + if(err) + BIO_printf(bio_out, " <illegal flags!>"); + BIO_printf(bio_out, "\n"); + return 1; + } + +static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent) + { + static const int line_wrap = 78; + int num; + int ret = 0; + char *name = NULL; + char *desc = NULL; + int flags; + int xpos = 0; + STACK *cmds = NULL; + if(!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) || + ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE, + 0, NULL, NULL)) <= 0)) + { +#if 0 + BIO_printf(bio_out, "%s<no control commands>\n", indent); +#endif + return 1; + } + + cmds = sk_new_null(); + + if(!cmds) + goto err; + do { + int len; + /* Get the command input flags */ + if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, + NULL, NULL)) < 0) + goto err; + if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4) + { + /* Get the command name */ + if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num, + NULL, NULL)) <= 0) + goto err; + if((name = OPENSSL_malloc(len + 1)) == NULL) + goto err; + if(ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name, + NULL) <= 0) + goto err; + /* Get the command description */ + if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num, + NULL, NULL)) < 0) + goto err; + if(len > 0) + { + if((desc = OPENSSL_malloc(len + 1)) == NULL) + goto err; + if(ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc, + NULL) <= 0) + goto err; + } + /* Now decide on the output */ + if(xpos == 0) + /* Do an indent */ + xpos = BIO_printf(bio_out, indent); + else + /* Otherwise prepend a ", " */ + xpos += BIO_printf(bio_out, ", "); + if(verbose == 1) + { + /* We're just listing names, comma-delimited */ + if((xpos > (int)strlen(indent)) && + (xpos + (int)strlen(name) > line_wrap)) + { + BIO_printf(bio_out, "\n"); + xpos = BIO_printf(bio_out, indent); + } + xpos += BIO_printf(bio_out, "%s", name); + } + else + { + /* We're listing names plus descriptions */ + BIO_printf(bio_out, "%s: %s\n", name, + (desc == NULL) ? "<no description>" : desc); + /* ... and sometimes input flags */ + if((verbose >= 3) && !util_flags(bio_out, flags, + indent)) + goto err; + xpos = 0; + } + } + OPENSSL_free(name); name = NULL; + if(desc) { OPENSSL_free(desc); desc = NULL; } + /* Move to the next command */ + num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE, + num, NULL, NULL); + } while(num > 0); + if(xpos > 0) + BIO_printf(bio_out, "\n"); + ret = 1; +err: + if(cmds) sk_pop_free(cmds, identity); + if(name) OPENSSL_free(name); + if(desc) OPENSSL_free(desc); + return ret; + } + +static void util_do_cmds(ENGINE *e, STACK *cmds, BIO *bio_out, const char *indent) + { + int loop, res, num = sk_num(cmds); + if(num < 0) + { + BIO_printf(bio_out, "[Error]: internal stack error\n"); + return; + } + for(loop = 0; loop < num; loop++) + { + char buf[256]; + const char *cmd, *arg; + cmd = sk_value(cmds, loop); + res = 1; /* assume success */ + /* Check if this command has no ":arg" */ + if((arg = strstr(cmd, ":")) == NULL) + { + if(!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0)) + res = 0; + } + else + { + if((int)(arg - cmd) > 254) + { + BIO_printf(bio_out,"[Error]: command name too long\n"); + return; + } + memcpy(buf, cmd, (int)(arg - cmd)); + buf[arg-cmd] = '\0'; + arg++; /* Move past the ":" */ + /* Call the command with the argument */ + if(!ENGINE_ctrl_cmd_string(e, buf, arg, 0)) + res = 0; + } + if(res) + BIO_printf(bio_out, "[Success]: %s\n", cmd); + else + { + BIO_printf(bio_out, "[Failure]: %s\n", cmd); + ERR_print_errors(bio_out); + } + } + } + +int MAIN(int, char **); + +int MAIN(int argc, char **argv) + { + int ret=1,i; + char **pp; + int verbose=0, list_cap=0, test_avail=0; + ENGINE *e; + STACK *engines = sk_new_null(); + STACK *pre_cmds = sk_new_null(); + STACK *post_cmds = sk_new_null(); + int badops=1; + BIO *bio_out=NULL; + const char *indent = " "; + + apps_startup(); + SSL_load_error_strings(); + + if (bio_err == NULL) + bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); + + if (!load_config(bio_err, NULL)) + goto end; + bio_out=BIO_new_fp(stdout,BIO_NOCLOSE); +#ifdef OPENSSL_SYS_VMS + { + BIO *tmpbio = BIO_new(BIO_f_linebuffer()); + bio_out = BIO_push(tmpbio, bio_out); + } +#endif + + argc--; + argv++; + while (argc >= 1) + { + if (strncmp(*argv,"-v",2) == 0) + { + if(strspn(*argv + 1, "v") < strlen(*argv + 1)) + goto skip_arg_loop; + if((verbose=strlen(*argv + 1)) > 4) + goto skip_arg_loop; + } + else if (strcmp(*argv,"-c") == 0) + list_cap=1; + else if (strcmp(*argv,"-t") == 0) + test_avail=1; + else if (strcmp(*argv,"-pre") == 0) + { + argc--; argv++; + sk_push(pre_cmds,*argv); + } + else if (strcmp(*argv,"-post") == 0) + { + argc--; argv++; + sk_push(post_cmds,*argv); + } + else if ((strncmp(*argv,"-h",2) == 0) || + (strcmp(*argv,"-?") == 0)) + goto skip_arg_loop; + else + sk_push(engines,*argv); + argc--; + argv++; + } + /* Looks like everything went OK */ + badops = 0; +skip_arg_loop: + + if (badops) + { + for (pp=engine_usage; (*pp != NULL); pp++) + BIO_printf(bio_err,"%s",*pp); + goto end; + } + + if (sk_num(engines) == 0) + { + for(e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) + { + sk_push(engines,(char *)ENGINE_get_id(e)); + } + } + + for (i=0; i<sk_num(engines); i++) + { + const char *id = sk_value(engines,i); + if ((e = ENGINE_by_id(id)) != NULL) + { + const char *name = ENGINE_get_name(e); + /* Do "id" first, then "name". Easier to auto-parse. */ + BIO_printf(bio_out, "(%s) %s\n", id, name); + util_do_cmds(e, pre_cmds, bio_out, indent); + if (strcmp(ENGINE_get_id(e), id) != 0) + { + BIO_printf(bio_out, "Loaded: (%s) %s\n", + ENGINE_get_id(e), ENGINE_get_name(e)); + } + if (list_cap) + { + int cap_size = 256; + char *cap_buf = NULL; + int k,n; + const int *nids; + ENGINE_CIPHERS_PTR fn_c; + ENGINE_DIGESTS_PTR fn_d; + + if (ENGINE_get_RSA(e) != NULL + && !append_buf(&cap_buf, "RSA", + &cap_size, 256)) + goto end; + if (ENGINE_get_DSA(e) != NULL + && !append_buf(&cap_buf, "DSA", + &cap_size, 256)) + goto end; + if (ENGINE_get_DH(e) != NULL + && !append_buf(&cap_buf, "DH", + &cap_size, 256)) + goto end; + if (ENGINE_get_RAND(e) != NULL + && !append_buf(&cap_buf, "RAND", + &cap_size, 256)) + goto end; + + fn_c = ENGINE_get_ciphers(e); + if(!fn_c) goto skip_ciphers; + n = fn_c(e, NULL, &nids, 0); + for(k=0 ; k < n ; ++k) + if(!append_buf(&cap_buf, + OBJ_nid2sn(nids[k]), + &cap_size, 256)) + goto end; + +skip_ciphers: + fn_d = ENGINE_get_digests(e); + if(!fn_d) goto skip_digests; + n = fn_d(e, NULL, &nids, 0); + for(k=0 ; k < n ; ++k) + if(!append_buf(&cap_buf, + OBJ_nid2sn(nids[k]), + &cap_size, 256)) + goto end; + +skip_digests: + if (cap_buf && (*cap_buf != '\0')) + BIO_printf(bio_out, " [%s]\n", cap_buf); + + OPENSSL_free(cap_buf); + } + if(test_avail) + { + BIO_printf(bio_out, "%s", indent); + if (ENGINE_init(e)) + { + BIO_printf(bio_out, "[ available ]\n"); + util_do_cmds(e, post_cmds, bio_out, indent); + ENGINE_finish(e); + } + else + { + BIO_printf(bio_out, "[ unavailable ]\n"); + ERR_print_errors_fp(stdout); + ERR_clear_error(); + } + } + if((verbose > 0) && !util_verbose(e, verbose, bio_out, indent)) + goto end; + ENGINE_free(e); + } + else + ERR_print_errors(bio_err); + } + + ret=0; +end: + ERR_print_errors(bio_err); + sk_pop_free(engines, identity); + sk_pop_free(pre_cmds, identity); + sk_pop_free(post_cmds, identity); + if (bio_out != NULL) BIO_free_all(bio_out); + apps_shutdown(); + OPENSSL_EXIT(ret); + } diff --git a/crypto/openssl/apps/errstr.c b/crypto/openssl/apps/errstr.c index e392328..19489b0 100644 --- a/crypto/openssl/apps/errstr.c +++ b/crypto/openssl/apps/errstr.c @@ -91,7 +91,7 @@ int MAIN(int argc, char **argv) out=BIO_new(BIO_s_file()); if ((out != NULL) && BIO_set_fp(out,stdout,BIO_NOCLOSE)) { -#ifdef VMS +#ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); @@ -121,5 +121,6 @@ int MAIN(int argc, char **argv) ret++; } } - EXIT(ret); + apps_shutdown(); + OPENSSL_EXIT(ret); } diff --git a/crypto/openssl/apps/gendh.c b/crypto/openssl/apps/gendh.c index e0c7889..98ee413 100644 --- a/crypto/openssl/apps/gendh.c +++ b/crypto/openssl/apps/gendh.c @@ -57,7 +57,7 @@ * [including the GNU Public Licence.] */ -#ifndef NO_DH +#ifndef OPENSSL_NO_DH #include <stdio.h> #include <string.h> #include <sys/types.h> @@ -81,11 +81,13 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; DH *dh=NULL; int ret=1,num=DEFBITS; int g=2; char *outfile=NULL; char *inrand=NULL; + char *engine=NULL; BIO *out=NULL; apps_startup(); @@ -94,6 +96,9 @@ int MAIN(int argc, char **argv) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if (!load_config(bio_err, NULL)) + goto end; + argv++; argc--; for (;;) @@ -110,6 +115,11 @@ int MAIN(int argc, char **argv) g=3; */ else if (strcmp(*argv,"-5") == 0) g=5; + else if (strcmp(*argv,"-engine") == 0) + { + if (--argc < 1) goto bad; + engine= *(++argv); + } else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; @@ -125,15 +135,18 @@ int MAIN(int argc, char **argv) bad: BIO_printf(bio_err,"usage: gendh [args] [numbits]\n"); BIO_printf(bio_err," -out file - output the key to 'file\n"); - BIO_printf(bio_err," -2 use 2 as the generator value\n"); - /* BIO_printf(bio_err," -3 use 3 as the generator value\n"); */ - BIO_printf(bio_err," -5 use 5 as the generator value\n"); + BIO_printf(bio_err," -2 - use 2 as the generator value\n"); + /* BIO_printf(bio_err," -3 - use 3 as the generator value\n"); */ + BIO_printf(bio_err," -5 - use 5 as the generator value\n"); + BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n"); BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); BIO_printf(bio_err," the random number generator\n"); goto end; } + e = setup_engine(bio_err, engine, 0); + out=BIO_new(BIO_s_file()); if (out == NULL) { @@ -144,7 +157,7 @@ bad: if (outfile == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); -#ifdef VMS +#ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); @@ -184,7 +197,8 @@ end: ERR_print_errors(bio_err); if (out != NULL) BIO_free_all(out); if (dh != NULL) DH_free(dh); - EXIT(ret); + apps_shutdown(); + OPENSSL_EXIT(ret); } static void MS_CALLBACK dh_cb(int p, int n, void *arg) diff --git a/crypto/openssl/apps/gendsa.c b/crypto/openssl/apps/gendsa.c index 6022d8f..4600711 100644 --- a/crypto/openssl/apps/gendsa.c +++ b/crypto/openssl/apps/gendsa.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA #include <stdio.h> #include <string.h> #include <sys/types.h> @@ -77,13 +77,15 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; DSA *dsa=NULL; int ret=1; char *outfile=NULL; char *inrand=NULL,*dsaparams=NULL; char *passargout = NULL, *passout = NULL; BIO *out=NULL,*in=NULL; - EVP_CIPHER *enc=NULL; + const EVP_CIPHER *enc=NULL; + char *engine=NULL; apps_startup(); @@ -91,6 +93,9 @@ int MAIN(int argc, char **argv) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if (!load_config(bio_err, NULL)) + goto end; + argv++; argc--; for (;;) @@ -106,6 +111,11 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; passargout= *(++argv); } + else if (strcmp(*argv,"-engine") == 0) + { + if (--argc < 1) goto bad; + engine= *(++argv); + } else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; @@ -113,16 +123,24 @@ int MAIN(int argc, char **argv) } else if (strcmp(*argv,"-") == 0) goto bad; -#ifndef NO_DES +#ifndef OPENSSL_NO_DES else if (strcmp(*argv,"-des") == 0) enc=EVP_des_cbc(); else if (strcmp(*argv,"-des3") == 0) enc=EVP_des_ede3_cbc(); #endif -#ifndef NO_IDEA +#ifndef OPENSSL_NO_IDEA else if (strcmp(*argv,"-idea") == 0) enc=EVP_idea_cbc(); #endif +#ifndef OPENSSL_NO_AES + else if (strcmp(*argv,"-aes128") == 0) + enc=EVP_aes_128_cbc(); + else if (strcmp(*argv,"-aes192") == 0) + enc=EVP_aes_192_cbc(); + else if (strcmp(*argv,"-aes256") == 0) + enc=EVP_aes_256_cbc(); +#endif else if (**argv != '-' && dsaparams == NULL) { dsaparams = *argv; @@ -138,13 +156,18 @@ int MAIN(int argc, char **argv) bad: BIO_printf(bio_err,"usage: gendsa [args] dsaparam-file\n"); BIO_printf(bio_err," -out file - output the key to 'file'\n"); -#ifndef NO_DES +#ifndef OPENSSL_NO_DES BIO_printf(bio_err," -des - encrypt the generated key with DES in cbc mode\n"); BIO_printf(bio_err," -des3 - encrypt the generated key with DES in ede cbc mode (168 bit key)\n"); #endif -#ifndef NO_IDEA +#ifndef OPENSSL_NO_IDEA BIO_printf(bio_err," -idea - encrypt the generated key with IDEA in cbc mode\n"); #endif +#ifndef OPENSSL_NO_AES + BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); + BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); +#endif + BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n"); BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); BIO_printf(bio_err," the random number generator\n"); @@ -153,6 +176,8 @@ bad: goto end; } + e = setup_engine(bio_err, engine, 0); + if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) { BIO_printf(bio_err, "Error getting password\n"); goto end; @@ -180,7 +205,7 @@ bad: if (outfile == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); -#ifdef VMS +#ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); @@ -220,6 +245,7 @@ end: if (out != NULL) BIO_free_all(out); if (dsa != NULL) DSA_free(dsa); if(passout) OPENSSL_free(passout); - EXIT(ret); + apps_shutdown(); + OPENSSL_EXIT(ret); } #endif diff --git a/crypto/openssl/apps/genrsa.c b/crypto/openssl/apps/genrsa.c index ac0b709..dbc23e4 100644 --- a/crypto/openssl/apps/genrsa.c +++ b/crypto/openssl/apps/genrsa.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA #include <stdio.h> #include <string.h> #include <sys/types.h> @@ -69,6 +69,7 @@ #include <openssl/evp.h> #include <openssl/x509.h> #include <openssl/pem.h> +#include <openssl/rand.h> #define DEFBITS 512 #undef PROG @@ -80,14 +81,16 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; int ret=1; RSA *rsa=NULL; int i,num=DEFBITS; long l; - EVP_CIPHER *enc=NULL; + const EVP_CIPHER *enc=NULL; unsigned long f4=RSA_F4; char *outfile=NULL; char *passargout = NULL, *passout = NULL; + char *engine=NULL; char *inrand=NULL; BIO *out=NULL; @@ -96,6 +99,9 @@ int MAIN(int argc, char **argv) if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + if (!load_config(bio_err, NULL)) + goto err; if ((out=BIO_new(BIO_s_file())) == NULL) { BIO_printf(bio_err,"unable to create BIO for output\n"); @@ -116,21 +122,34 @@ int MAIN(int argc, char **argv) f4=3; else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0) f4=RSA_F4; + else if (strcmp(*argv,"-engine") == 0) + { + if (--argc < 1) goto bad; + engine= *(++argv); + } else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; inrand= *(++argv); } -#ifndef NO_DES +#ifndef OPENSSL_NO_DES else if (strcmp(*argv,"-des") == 0) enc=EVP_des_cbc(); else if (strcmp(*argv,"-des3") == 0) enc=EVP_des_ede3_cbc(); #endif -#ifndef NO_IDEA +#ifndef OPENSSL_NO_IDEA else if (strcmp(*argv,"-idea") == 0) enc=EVP_idea_cbc(); #endif +#ifndef OPENSSL_NO_AES + else if (strcmp(*argv,"-aes128") == 0) + enc=EVP_aes_128_cbc(); + else if (strcmp(*argv,"-aes192") == 0) + enc=EVP_aes_192_cbc(); + else if (strcmp(*argv,"-aes256") == 0) + enc=EVP_aes_256_cbc(); +#endif else if (strcmp(*argv,"-passout") == 0) { if (--argc < 1) goto bad; @@ -147,13 +166,18 @@ bad: BIO_printf(bio_err,"usage: genrsa [args] [numbits]\n"); BIO_printf(bio_err," -des encrypt the generated key with DES in cbc mode\n"); BIO_printf(bio_err," -des3 encrypt the generated key with DES in ede cbc mode (168 bit key)\n"); -#ifndef NO_IDEA +#ifndef OPENSSL_NO_IDEA BIO_printf(bio_err," -idea encrypt the generated key with IDEA in cbc mode\n"); #endif +#ifndef OPENSSL_NO_AES + BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); + BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); +#endif BIO_printf(bio_err," -out file output the key to 'file\n"); BIO_printf(bio_err," -passout arg output file pass phrase source\n"); BIO_printf(bio_err," -f4 use F4 (0x10001) for the E value\n"); BIO_printf(bio_err," -3 use 3 for the E value\n"); + BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," load the file (or the files in the directory) into\n"); BIO_printf(bio_err," the random number generator\n"); @@ -167,10 +191,12 @@ bad: goto err; } + e = setup_engine(bio_err, engine, 0); + if (outfile == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); -#ifdef VMS +#ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); @@ -186,7 +212,8 @@ bad: } } - if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) + if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL + && !RAND_status()) { BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); } @@ -214,8 +241,14 @@ bad: l+=rsa->e->d[i]; } BIO_printf(bio_err,"e is %ld (0x%lX)\n",l,l); - if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL, passout)) + { + PW_CB_DATA cb_data; + cb_data.password = passout; + cb_data.prompt_info = outfile; + if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0, + (pem_password_cb *)password_callback,&cb_data)) goto err; + } ret=0; err: @@ -224,7 +257,8 @@ err: if(passout) OPENSSL_free(passout); if (ret != 0) ERR_print_errors(bio_err); - EXIT(ret); + apps_shutdown(); + OPENSSL_EXIT(ret); } static void MS_CALLBACK genrsa_cb(int p, int n, void *arg) @@ -241,7 +275,7 @@ static void MS_CALLBACK genrsa_cb(int p, int n, void *arg) p=n; #endif } -#else /* !NO_RSA */ +#else /* !OPENSSL_NO_RSA */ # if PEDANTIC static void *dummy=&dummy; diff --git a/crypto/openssl/apps/nseq.c b/crypto/openssl/apps/nseq.c index 1d73d1a..dc71d45 100644 --- a/crypto/openssl/apps/nseq.c +++ b/crypto/openssl/apps/nseq.c @@ -58,9 +58,9 @@ #include <stdio.h> #include <string.h> +#include "apps.h" #include <openssl/pem.h> #include <openssl/err.h> -#include "apps.h" #undef PROG #define PROG nseq_main @@ -102,7 +102,7 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-in file input file\n"); BIO_printf (bio_err, "-out file output file\n"); BIO_printf (bio_err, "-toseq output NS Sequence file\n"); - EXIT(1); + OPENSSL_EXIT(1); } if (infile) { @@ -121,7 +121,7 @@ int MAIN(int argc, char **argv) } } else { out = BIO_new_fp(stdout, BIO_NOCLOSE); -#ifdef VMS +#ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); @@ -162,6 +162,6 @@ end: BIO_free_all(out); NETSCAPE_CERT_SEQUENCE_free(seq); - EXIT(ret); + OPENSSL_EXIT(ret); } diff --git a/crypto/openssl/apps/ocsp.c b/crypto/openssl/apps/ocsp.c new file mode 100644 index 0000000..92922bc --- /dev/null +++ b/crypto/openssl/apps/ocsp.c @@ -0,0 +1,1228 @@ +/* ocsp.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 2000. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include <string.h> +#include "apps.h" +#include <openssl/pem.h> +#include <openssl/ocsp.h> +#include <openssl/err.h> +#include <openssl/ssl.h> + +/* Maximum leeway in validity period: default 5 minutes */ +#define MAX_VALIDITY_PERIOD (5 * 60) + +/* CA index.txt definitions */ +#define DB_type 0 +#define DB_exp_date 1 +#define DB_rev_date 2 +#define DB_serial 3 /* index - unique */ +#define DB_file 4 +#define DB_name 5 /* index - unique for active */ +#define DB_NUMBER 6 + +#define DB_TYPE_REV 'R' +#define DB_TYPE_EXP 'E' +#define DB_TYPE_VAL 'V' + +static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer, + STACK_OF(OCSP_CERTID) *ids); +static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer, + STACK_OF(OCSP_CERTID) *ids); +static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, + STACK *names, STACK_OF(OCSP_CERTID) *ids, + long nsec, long maxage); + +static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, TXT_DB *db, + X509 *ca, X509 *rcert, EVP_PKEY *rkey, + STACK_OF(X509) *rother, unsigned long flags, + int nmin, int ndays); + +static char **lookup_serial(TXT_DB *db, ASN1_INTEGER *ser); +static BIO *init_responder(char *port); +static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port); +static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp); + +#undef PROG +#define PROG ocsp_main + +int MAIN(int, char **); + +int MAIN(int argc, char **argv) + { + ENGINE *e = NULL; + char **args; + char *host = NULL, *port = NULL, *path = "/"; + char *reqin = NULL, *respin = NULL; + char *reqout = NULL, *respout = NULL; + char *signfile = NULL, *keyfile = NULL; + char *rsignfile = NULL, *rkeyfile = NULL; + char *outfile = NULL; + int add_nonce = 1, noverify = 0, use_ssl = -1; + OCSP_REQUEST *req = NULL; + OCSP_RESPONSE *resp = NULL; + OCSP_BASICRESP *bs = NULL; + X509 *issuer = NULL, *cert = NULL; + X509 *signer = NULL, *rsigner = NULL; + EVP_PKEY *key = NULL, *rkey = NULL; + BIO *acbio = NULL, *cbio = NULL; + BIO *derbio = NULL; + BIO *out = NULL; + int req_text = 0, resp_text = 0; + long nsec = MAX_VALIDITY_PERIOD, maxage = -1; + char *CAfile = NULL, *CApath = NULL; + X509_STORE *store = NULL; + SSL_CTX *ctx = NULL; + STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL; + char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL; + unsigned long sign_flags = 0, verify_flags = 0, rflags = 0; + int ret = 1; + int accept_count = -1; + int badarg = 0; + int i; + STACK *reqnames = NULL; + STACK_OF(OCSP_CERTID) *ids = NULL; + + X509 *rca_cert = NULL; + char *ridx_filename = NULL; + char *rca_filename = NULL; + TXT_DB *rdb = NULL; + int nmin = 0, ndays = -1; + + if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); + + if (!load_config(bio_err, NULL)) + goto end; + SSL_load_error_strings(); + args = argv + 1; + reqnames = sk_new_null(); + ids = sk_OCSP_CERTID_new_null(); + while (!badarg && *args && *args[0] == '-') + { + if (!strcmp(*args, "-out")) + { + if (args[1]) + { + args++; + outfile = *args; + } + else badarg = 1; + } + else if (!strcmp(*args, "-url")) + { + if (args[1]) + { + args++; + if (!OCSP_parse_url(*args, &host, &port, &path, &use_ssl)) + { + BIO_printf(bio_err, "Error parsing URL\n"); + badarg = 1; + } + } + else badarg = 1; + } + else if (!strcmp(*args, "-host")) + { + if (args[1]) + { + args++; + host = *args; + } + else badarg = 1; + } + else if (!strcmp(*args, "-port")) + { + if (args[1]) + { + args++; + port = *args; + } + else badarg = 1; + } + else if (!strcmp(*args, "-noverify")) + noverify = 1; + else if (!strcmp(*args, "-nonce")) + add_nonce = 2; + else if (!strcmp(*args, "-no_nonce")) + add_nonce = 0; + else if (!strcmp(*args, "-resp_no_certs")) + rflags |= OCSP_NOCERTS; + else if (!strcmp(*args, "-resp_key_id")) + rflags |= OCSP_RESPID_KEY; + else if (!strcmp(*args, "-no_certs")) + sign_flags |= OCSP_NOCERTS; + else if (!strcmp(*args, "-no_signature_verify")) + verify_flags |= OCSP_NOSIGS; + else if (!strcmp(*args, "-no_cert_verify")) + verify_flags |= OCSP_NOVERIFY; + else if (!strcmp(*args, "-no_chain")) + verify_flags |= OCSP_NOCHAIN; + else if (!strcmp(*args, "-no_cert_checks")) + verify_flags |= OCSP_NOCHECKS; + else if (!strcmp(*args, "-no_explicit")) + verify_flags |= OCSP_NOEXPLICIT; + else if (!strcmp(*args, "-trust_other")) + verify_flags |= OCSP_TRUSTOTHER; + else if (!strcmp(*args, "-no_intern")) + verify_flags |= OCSP_NOINTERN; + else if (!strcmp(*args, "-text")) + { + req_text = 1; + resp_text = 1; + } + else if (!strcmp(*args, "-req_text")) + req_text = 1; + else if (!strcmp(*args, "-resp_text")) + resp_text = 1; + else if (!strcmp(*args, "-reqin")) + { + if (args[1]) + { + args++; + reqin = *args; + } + else badarg = 1; + } + else if (!strcmp(*args, "-respin")) + { + if (args[1]) + { + args++; + respin = *args; + } + else badarg = 1; + } + else if (!strcmp(*args, "-signer")) + { + if (args[1]) + { + args++; + signfile = *args; + } + else badarg = 1; + } + else if (!strcmp (*args, "-VAfile")) + { + if (args[1]) + { + args++; + verify_certfile = *args; + verify_flags |= OCSP_TRUSTOTHER; + } + else badarg = 1; + } + else if (!strcmp(*args, "-sign_other")) + { + if (args[1]) + { + args++; + sign_certfile = *args; + } + else badarg = 1; + } + else if (!strcmp(*args, "-verify_other")) + { + if (args[1]) + { + args++; + verify_certfile = *args; + } + else badarg = 1; + } + else if (!strcmp (*args, "-CAfile")) + { + if (args[1]) + { + args++; + CAfile = *args; + } + else badarg = 1; + } + else if (!strcmp (*args, "-CApath")) + { + if (args[1]) + { + args++; + CApath = *args; + } + else badarg = 1; + } + else if (!strcmp (*args, "-validity_period")) + { + if (args[1]) + { + args++; + nsec = atol(*args); + if (nsec < 0) + { + BIO_printf(bio_err, + "Illegal validity period %s\n", + *args); + badarg = 1; + } + } + else badarg = 1; + } + else if (!strcmp (*args, "-status_age")) + { + if (args[1]) + { + args++; + maxage = atol(*args); + if (maxage < 0) + { + BIO_printf(bio_err, + "Illegal validity age %s\n", + *args); + badarg = 1; + } + } + else badarg = 1; + } + else if (!strcmp(*args, "-signkey")) + { + if (args[1]) + { + args++; + keyfile = *args; + } + else badarg = 1; + } + else if (!strcmp(*args, "-reqout")) + { + if (args[1]) + { + args++; + reqout = *args; + } + else badarg = 1; + } + else if (!strcmp(*args, "-respout")) + { + if (args[1]) + { + args++; + respout = *args; + } + else badarg = 1; + } + else if (!strcmp(*args, "-path")) + { + if (args[1]) + { + args++; + path = *args; + } + else badarg = 1; + } + else if (!strcmp(*args, "-issuer")) + { + if (args[1]) + { + args++; + X509_free(issuer); + issuer = load_cert(bio_err, *args, FORMAT_PEM, + NULL, e, "issuer certificate"); + if(!issuer) goto end; + } + else badarg = 1; + } + else if (!strcmp (*args, "-cert")) + { + if (args[1]) + { + args++; + X509_free(cert); + cert = load_cert(bio_err, *args, FORMAT_PEM, + NULL, e, "certificate"); + if(!cert) goto end; + if(!add_ocsp_cert(&req, cert, issuer, ids)) + goto end; + if(!sk_push(reqnames, *args)) + goto end; + } + else badarg = 1; + } + else if (!strcmp(*args, "-serial")) + { + if (args[1]) + { + args++; + if(!add_ocsp_serial(&req, *args, issuer, ids)) + goto end; + if(!sk_push(reqnames, *args)) + goto end; + } + else badarg = 1; + } + else if (!strcmp(*args, "-index")) + { + if (args[1]) + { + args++; + ridx_filename = *args; + } + else badarg = 1; + } + else if (!strcmp(*args, "-CA")) + { + if (args[1]) + { + args++; + rca_filename = *args; + } + else badarg = 1; + } + else if (!strcmp (*args, "-nmin")) + { + if (args[1]) + { + args++; + nmin = atol(*args); + if (nmin < 0) + { + BIO_printf(bio_err, + "Illegal update period %s\n", + *args); + badarg = 1; + } + } + if (ndays == -1) + ndays = 0; + else badarg = 1; + } + else if (!strcmp (*args, "-nrequest")) + { + if (args[1]) + { + args++; + accept_count = atol(*args); + if (accept_count < 0) + { + BIO_printf(bio_err, + "Illegal accept count %s\n", + *args); + badarg = 1; + } + } + else badarg = 1; + } + else if (!strcmp (*args, "-ndays")) + { + if (args[1]) + { + args++; + ndays = atol(*args); + if (ndays < 0) + { + BIO_printf(bio_err, + "Illegal update period %s\n", + *args); + badarg = 1; + } + } + else badarg = 1; + } + else if (!strcmp(*args, "-rsigner")) + { + if (args[1]) + { + args++; + rsignfile = *args; + } + else badarg = 1; + } + else if (!strcmp(*args, "-rkey")) + { + if (args[1]) + { + args++; + rkeyfile = *args; + } + else badarg = 1; + } + else if (!strcmp(*args, "-rother")) + { + if (args[1]) + { + args++; + rcertfile = *args; + } + else badarg = 1; + } + else badarg = 1; + args++; + } + + /* Have we anything to do? */ + if (!req && !reqin && !respin && !(port && ridx_filename)) badarg = 1; + + if (badarg) + { + BIO_printf (bio_err, "OCSP utility\n"); + BIO_printf (bio_err, "Usage ocsp [options]\n"); + BIO_printf (bio_err, "where options are\n"); + BIO_printf (bio_err, "-out file output filename\n"); + BIO_printf (bio_err, "-issuer file issuer certificate\n"); + BIO_printf (bio_err, "-cert file certificate to check\n"); + BIO_printf (bio_err, "-serial n serial number to check\n"); + BIO_printf (bio_err, "-signer file certificate to sign OCSP request with\n"); + BIO_printf (bio_err, "-signkey file private key to sign OCSP request with\n"); + BIO_printf (bio_err, "-sign_certs file additional certificates to include in signed request\n"); + BIO_printf (bio_err, "-no_certs don't include any certificates in signed request\n"); + BIO_printf (bio_err, "-req_text print text form of request\n"); + BIO_printf (bio_err, "-resp_text print text form of response\n"); + BIO_printf (bio_err, "-text print text form of request and response\n"); + BIO_printf (bio_err, "-reqout file write DER encoded OCSP request to \"file\"\n"); + BIO_printf (bio_err, "-respout file write DER encoded OCSP reponse to \"file\"\n"); + BIO_printf (bio_err, "-reqin file read DER encoded OCSP request from \"file\"\n"); + BIO_printf (bio_err, "-respin file read DER encoded OCSP reponse from \"file\"\n"); + BIO_printf (bio_err, "-nonce add OCSP nonce to request\n"); + BIO_printf (bio_err, "-no_nonce don't add OCSP nonce to request\n"); + BIO_printf (bio_err, "-url URL OCSP responder URL\n"); + BIO_printf (bio_err, "-host host:n send OCSP request to host on port n\n"); + BIO_printf (bio_err, "-path path to use in OCSP request\n"); + BIO_printf (bio_err, "-CApath dir trusted certificates directory\n"); + BIO_printf (bio_err, "-CAfile file trusted certificates file\n"); + BIO_printf (bio_err, "-VAfile file validator certificates file\n"); + BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n"); + BIO_printf (bio_err, "-status_age n maximum status age in seconds\n"); + BIO_printf (bio_err, "-noverify don't verify response at all\n"); + BIO_printf (bio_err, "-verify_certs file additional certificates to search for signer\n"); + BIO_printf (bio_err, "-trust_other don't verify additional certificates\n"); + BIO_printf (bio_err, "-no_intern don't search certificates contained in response for signer\n"); + BIO_printf (bio_err, "-no_sig_verify don't check signature on response\n"); + BIO_printf (bio_err, "-no_cert_verify don't check signing certificate\n"); + BIO_printf (bio_err, "-no_chain don't chain verify response\n"); + BIO_printf (bio_err, "-no_cert_checks don't do additional checks on signing certificate\n"); + BIO_printf (bio_err, "-port num port to run responder on\n"); + BIO_printf (bio_err, "-index file certificate status index file\n"); + BIO_printf (bio_err, "-CA file CA certificate\n"); + BIO_printf (bio_err, "-rsigner file responder certificate to sign responses with\n"); + BIO_printf (bio_err, "-rkey file responder key to sign responses with\n"); + BIO_printf (bio_err, "-rother file other certificates to include in response\n"); + BIO_printf (bio_err, "-resp_no_certs don't include any certificates in response\n"); + BIO_printf (bio_err, "-nmin n number of minutes before next update\n"); + BIO_printf (bio_err, "-ndays n number of days before next update\n"); + BIO_printf (bio_err, "-resp_key_id identify reponse by signing certificate key ID\n"); + BIO_printf (bio_err, "-nrequest n number of requests to accept (default unlimited)\n"); + goto end; + } + + if(outfile) out = BIO_new_file(outfile, "w"); + else out = BIO_new_fp(stdout, BIO_NOCLOSE); + + if(!out) + { + BIO_printf(bio_err, "Error opening output file\n"); + goto end; + } + + if (!req && (add_nonce != 2)) add_nonce = 0; + + if (!req && reqin) + { + derbio = BIO_new_file(reqin, "rb"); + if (!derbio) + { + BIO_printf(bio_err, "Error Opening OCSP request file\n"); + goto end; + } + req = d2i_OCSP_REQUEST_bio(derbio, NULL); + BIO_free(derbio); + if(!req) + { + BIO_printf(bio_err, "Error reading OCSP request\n"); + goto end; + } + } + + if (!req && port) + { + acbio = init_responder(port); + if (!acbio) + goto end; + } + + if (rsignfile && !rdb) + { + if (!rkeyfile) rkeyfile = rsignfile; + rsigner = load_cert(bio_err, rsignfile, FORMAT_PEM, + NULL, e, "responder certificate"); + if (!rsigner) + { + BIO_printf(bio_err, "Error loading responder certificate\n"); + goto end; + } + rca_cert = load_cert(bio_err, rca_filename, FORMAT_PEM, + NULL, e, "CA certificate"); + if (rcertfile) + { + rother = load_certs(bio_err, rcertfile, FORMAT_PEM, + NULL, e, "responder other certificates"); + if (!rother) goto end; + } + rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, 0, NULL, NULL, + "responder private key"); + if (!rkey) + goto end; + } + if(acbio) + BIO_printf(bio_err, "Waiting for OCSP client connections...\n"); + + redo_accept: + + if (acbio) + { + if (!do_responder(&req, &cbio, acbio, port)) + goto end; + if (!req) + { + resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL); + send_ocsp_response(cbio, resp); + goto done_resp; + } + } + + if (!req && (signfile || reqout || host || add_nonce || ridx_filename)) + { + BIO_printf(bio_err, "Need an OCSP request for this operation!\n"); + goto end; + } + + if (req && add_nonce) OCSP_request_add1_nonce(req, NULL, -1); + + if (signfile) + { + if (!keyfile) keyfile = signfile; + signer = load_cert(bio_err, signfile, FORMAT_PEM, + NULL, e, "signer certificate"); + if (!signer) + { + BIO_printf(bio_err, "Error loading signer certificate\n"); + goto end; + } + if (sign_certfile) + { + sign_other = load_certs(bio_err, sign_certfile, FORMAT_PEM, + NULL, e, "signer certificates"); + if (!sign_other) goto end; + } + key = load_key(bio_err, keyfile, FORMAT_PEM, 0, NULL, NULL, + "signer private key"); + if (!key) + goto end; + if (!OCSP_request_sign(req, signer, key, EVP_sha1(), sign_other, sign_flags)) + { + BIO_printf(bio_err, "Error signing OCSP request\n"); + goto end; + } + } + + if (req_text && req) OCSP_REQUEST_print(out, req, 0); + + if (reqout) + { + derbio = BIO_new_file(reqout, "wb"); + if(!derbio) + { + BIO_printf(bio_err, "Error opening file %s\n", reqout); + goto end; + } + i2d_OCSP_REQUEST_bio(derbio, req); + BIO_free(derbio); + } + + if (ridx_filename && (!rkey || !rsigner || !rca_cert)) + { + BIO_printf(bio_err, "Need a responder certificate, key and CA for this operation!\n"); + goto end; + } + + if (ridx_filename && !rdb) + { + BIO *db_bio = NULL; + db_bio = BIO_new_file(ridx_filename, "r"); + if (!db_bio) + { + BIO_printf(bio_err, "Error opening index file %s\n", ridx_filename); + goto end; + } + rdb = TXT_DB_read(db_bio, DB_NUMBER); + BIO_free(db_bio); + if (!rdb) + { + BIO_printf(bio_err, "Error reading index file %s\n", ridx_filename); + goto end; + } + if (!make_serial_index(rdb)) + goto end; + } + + if (rdb) + { + i = make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey, rother, rflags, nmin, ndays); + if (cbio) + send_ocsp_response(cbio, resp); + } + else if (host) + { + cbio = BIO_new_connect(host); + if (!cbio) + { + BIO_printf(bio_err, "Error creating connect BIO\n"); + goto end; + } + if (port) BIO_set_conn_port(cbio, port); + if (use_ssl == 1) + { + BIO *sbio; + ctx = SSL_CTX_new(SSLv23_client_method()); + SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); + sbio = BIO_new_ssl(ctx, 1); + cbio = BIO_push(sbio, cbio); + } + if (BIO_do_connect(cbio) <= 0) + { + BIO_printf(bio_err, "Error connecting BIO\n"); + goto end; + } + resp = OCSP_sendreq_bio(cbio, path, req); + BIO_free_all(cbio); + cbio = NULL; + if (!resp) + { + BIO_printf(bio_err, "Error querying OCSP responsder\n"); + goto end; + } + } + else if (respin) + { + derbio = BIO_new_file(respin, "rb"); + if (!derbio) + { + BIO_printf(bio_err, "Error Opening OCSP response file\n"); + goto end; + } + resp = d2i_OCSP_RESPONSE_bio(derbio, NULL); + BIO_free(derbio); + if(!resp) + { + BIO_printf(bio_err, "Error reading OCSP response\n"); + goto end; + } + + } + else + { + ret = 0; + goto end; + } + + done_resp: + + if (respout) + { + derbio = BIO_new_file(respout, "wb"); + if(!derbio) + { + BIO_printf(bio_err, "Error opening file %s\n", respout); + goto end; + } + i2d_OCSP_RESPONSE_bio(derbio, resp); + BIO_free(derbio); + } + + i = OCSP_response_status(resp); + + if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) + { + BIO_printf(out, "Responder Error: %s (%ld)\n", + OCSP_response_status_str(i), i); + ret = 0; + goto end; + } + + if (resp_text) OCSP_RESPONSE_print(out, resp, 0); + + /* If running as responder don't verify our own response */ + if (cbio) + { + if (accept_count > 0) + accept_count--; + /* Redo if more connections needed */ + if (accept_count) + { + BIO_free_all(cbio); + cbio = NULL; + OCSP_REQUEST_free(req); + req = NULL; + OCSP_RESPONSE_free(resp); + resp = NULL; + goto redo_accept; + } + goto end; + } + + if (!store) + store = setup_verify(bio_err, CAfile, CApath); + if (!store) + goto end; + if (verify_certfile) + { + verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM, + NULL, e, "validator certificate"); + if (!verify_other) goto end; + } + + bs = OCSP_response_get1_basic(resp); + + if (!bs) + { + BIO_printf(bio_err, "Error parsing response\n"); + goto end; + } + + if (!noverify) + { + if (req && ((i = OCSP_check_nonce(req, bs)) <= 0)) + { + if (i == -1) + BIO_printf(bio_err, "WARNING: no nonce in response\n"); + else + { + BIO_printf(bio_err, "Nonce Verify error\n"); + goto end; + } + } + + i = OCSP_basic_verify(bs, verify_other, store, verify_flags); + if (i < 0) i = OCSP_basic_verify(bs, NULL, store, 0); + + if(i <= 0) + { + BIO_printf(bio_err, "Response Verify Failure\n", i); + ERR_print_errors(bio_err); + } + else + BIO_printf(bio_err, "Response verify OK\n"); + + } + + if (!print_ocsp_summary(out, bs, req, reqnames, ids, nsec, maxage)) + goto end; + + ret = 0; + +end: + ERR_print_errors(bio_err); + X509_free(signer); + X509_STORE_free(store); + EVP_PKEY_free(key); + EVP_PKEY_free(rkey); + X509_free(issuer); + X509_free(cert); + X509_free(rsigner); + X509_free(rca_cert); + TXT_DB_free(rdb); + BIO_free_all(cbio); + BIO_free_all(acbio); + BIO_free(out); + OCSP_REQUEST_free(req); + OCSP_RESPONSE_free(resp); + OCSP_BASICRESP_free(bs); + sk_free(reqnames); + sk_OCSP_CERTID_free(ids); + sk_X509_pop_free(sign_other, X509_free); + sk_X509_pop_free(verify_other, X509_free); + + if (use_ssl != -1) + { + OPENSSL_free(host); + OPENSSL_free(port); + OPENSSL_free(path); + SSL_CTX_free(ctx); + } + + OPENSSL_EXIT(ret); +} + +static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer, + STACK_OF(OCSP_CERTID) *ids) + { + OCSP_CERTID *id; + if(!issuer) + { + BIO_printf(bio_err, "No issuer certificate specified\n"); + return 0; + } + if(!*req) *req = OCSP_REQUEST_new(); + if(!*req) goto err; + id = OCSP_cert_to_id(NULL, cert, issuer); + if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err; + if(!OCSP_request_add0_id(*req, id)) goto err; + return 1; + + err: + BIO_printf(bio_err, "Error Creating OCSP request\n"); + return 0; + } + +static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer, + STACK_OF(OCSP_CERTID) *ids) + { + OCSP_CERTID *id; + X509_NAME *iname; + ASN1_BIT_STRING *ikey; + ASN1_INTEGER *sno; + if(!issuer) + { + BIO_printf(bio_err, "No issuer certificate specified\n"); + return 0; + } + if(!*req) *req = OCSP_REQUEST_new(); + if(!*req) goto err; + iname = X509_get_subject_name(issuer); + ikey = X509_get0_pubkey_bitstr(issuer); + sno = s2i_ASN1_INTEGER(NULL, serial); + if(!sno) + { + BIO_printf(bio_err, "Error converting serial number %s\n", serial); + return 0; + } + id = OCSP_cert_id_new(EVP_sha1(), iname, ikey, sno); + ASN1_INTEGER_free(sno); + if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err; + if(!OCSP_request_add0_id(*req, id)) goto err; + return 1; + + err: + BIO_printf(bio_err, "Error Creating OCSP request\n"); + return 0; + } + +static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, + STACK *names, STACK_OF(OCSP_CERTID) *ids, + long nsec, long maxage) + { + OCSP_CERTID *id; + char *name; + int i; + + int status, reason; + + ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd; + + if (!bs || !req || !sk_num(names) || !sk_OCSP_CERTID_num(ids)) + return 1; + + for (i = 0; i < sk_OCSP_CERTID_num(ids); i++) + { + id = sk_OCSP_CERTID_value(ids, i); + name = sk_value(names, i); + BIO_printf(out, "%s: ", name); + + if(!OCSP_resp_find_status(bs, id, &status, &reason, + &rev, &thisupd, &nextupd)) + { + BIO_puts(out, "ERROR: No Status found.\n"); + continue; + } + + /* Check validity: if invalid write to output BIO so we + * know which response this refers to. + */ + if (!OCSP_check_validity(thisupd, nextupd, nsec, maxage)) + { + BIO_puts(out, "WARNING: Status times invalid.\n"); + ERR_print_errors(out); + } + BIO_printf(out, "%s\n", OCSP_cert_status_str(status)); + + BIO_puts(out, "\tThis Update: "); + ASN1_GENERALIZEDTIME_print(out, thisupd); + BIO_puts(out, "\n"); + + if(nextupd) + { + BIO_puts(out, "\tNext Update: "); + ASN1_GENERALIZEDTIME_print(out, nextupd); + BIO_puts(out, "\n"); + } + + if (status != V_OCSP_CERTSTATUS_REVOKED) + continue; + + if (reason != -1) + BIO_printf(out, "\tReason: %s\n", + OCSP_crl_reason_str(reason)); + + BIO_puts(out, "\tRevocation Time: "); + ASN1_GENERALIZEDTIME_print(out, rev); + BIO_puts(out, "\n"); + } + + return 1; + } + + +static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, TXT_DB *db, + X509 *ca, X509 *rcert, EVP_PKEY *rkey, + STACK_OF(X509) *rother, unsigned long flags, + int nmin, int ndays) + { + ASN1_TIME *thisupd = NULL, *nextupd = NULL; + OCSP_CERTID *cid, *ca_id = NULL; + OCSP_BASICRESP *bs = NULL; + int i, id_count, ret = 1; + + + id_count = OCSP_request_onereq_count(req); + + if (id_count <= 0) + { + *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL); + goto end; + } + + ca_id = OCSP_cert_to_id(EVP_sha1(), NULL, ca); + + bs = OCSP_BASICRESP_new(); + thisupd = X509_gmtime_adj(NULL, 0); + if (ndays != -1) + nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24 ); + + /* Examine each certificate id in the request */ + for (i = 0; i < id_count; i++) + { + OCSP_ONEREQ *one; + ASN1_INTEGER *serial; + char **inf; + one = OCSP_request_onereq_get0(req, i); + cid = OCSP_onereq_get0_id(one); + /* Is this request about our CA? */ + if (OCSP_id_issuer_cmp(ca_id, cid)) + { + OCSP_basic_add1_status(bs, cid, + V_OCSP_CERTSTATUS_UNKNOWN, + 0, NULL, + thisupd, nextupd); + continue; + } + OCSP_id_get0_info(NULL, NULL, NULL, &serial, cid); + inf = lookup_serial(db, serial); + if (!inf) + OCSP_basic_add1_status(bs, cid, + V_OCSP_CERTSTATUS_UNKNOWN, + 0, NULL, + thisupd, nextupd); + else if (inf[DB_type][0] == DB_TYPE_VAL) + OCSP_basic_add1_status(bs, cid, + V_OCSP_CERTSTATUS_GOOD, + 0, NULL, + thisupd, nextupd); + else if (inf[DB_type][0] == DB_TYPE_REV) + { + ASN1_OBJECT *inst = NULL; + ASN1_TIME *revtm = NULL; + ASN1_GENERALIZEDTIME *invtm = NULL; + OCSP_SINGLERESP *single; + int reason = -1; + unpack_revinfo(&revtm, &reason, &inst, &invtm, inf[DB_rev_date]); + single = OCSP_basic_add1_status(bs, cid, + V_OCSP_CERTSTATUS_REVOKED, + reason, revtm, + thisupd, nextupd); + if (invtm) + OCSP_SINGLERESP_add1_ext_i2d(single, NID_invalidity_date, invtm, 0, 0); + else if (inst) + OCSP_SINGLERESP_add1_ext_i2d(single, NID_hold_instruction_code, inst, 0, 0); + ASN1_OBJECT_free(inst); + ASN1_TIME_free(revtm); + ASN1_GENERALIZEDTIME_free(invtm); + } + } + + OCSP_copy_nonce(bs, req); + + OCSP_basic_sign(bs, rcert, rkey, EVP_sha1(), rother, flags); + + *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs); + + end: + ASN1_TIME_free(thisupd); + ASN1_TIME_free(nextupd); + OCSP_CERTID_free(ca_id); + OCSP_BASICRESP_free(bs); + return ret; + + } + +static char **lookup_serial(TXT_DB *db, ASN1_INTEGER *ser) + { + int i; + BIGNUM *bn = NULL; + char *itmp, *row[DB_NUMBER],**rrow; + for (i = 0; i < DB_NUMBER; i++) row[i] = NULL; + bn = ASN1_INTEGER_to_BN(ser,NULL); + if (BN_is_zero(bn)) + itmp = BUF_strdup("00"); + else + itmp = BN_bn2hex(bn); + row[DB_serial] = itmp; + BN_free(bn); + rrow=TXT_DB_get_by_index(db,DB_serial,row); + OPENSSL_free(itmp); + return rrow; + } + +/* Quick and dirty OCSP server: read in and parse input request */ + +static BIO *init_responder(char *port) + { + BIO *acbio = NULL, *bufbio = NULL; + bufbio = BIO_new(BIO_f_buffer()); + if (!bufbio) + goto err; + acbio = BIO_new_accept(port); + if (!acbio) + goto err; + BIO_set_accept_bios(acbio, bufbio); + bufbio = NULL; + + if (BIO_do_accept(acbio) <= 0) + { + BIO_printf(bio_err, "Error setting up accept BIO\n"); + ERR_print_errors(bio_err); + goto err; + } + + return acbio; + + err: + BIO_free_all(acbio); + BIO_free(bufbio); + return NULL; + } + +static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port) + { + int have_post = 0, len; + OCSP_REQUEST *req = NULL; + char inbuf[1024]; + BIO *cbio = NULL; + + if (BIO_do_accept(acbio) <= 0) + { + BIO_printf(bio_err, "Error accepting connection\n"); + ERR_print_errors(bio_err); + return 0; + } + + cbio = BIO_pop(acbio); + *pcbio = cbio; + + for(;;) + { + len = BIO_gets(cbio, inbuf, sizeof inbuf); + if (len <= 0) + return 1; + /* Look for "POST" signalling start of query */ + if (!have_post) + { + if(strncmp(inbuf, "POST", 4)) + { + BIO_printf(bio_err, "Invalid request\n"); + return 1; + } + have_post = 1; + } + /* Look for end of headers */ + if ((inbuf[0] == '\r') || (inbuf[0] == '\n')) + break; + } + + /* Try to read OCSP request */ + + req = d2i_OCSP_REQUEST_bio(cbio, NULL); + + if (!req) + { + BIO_printf(bio_err, "Error parsing OCSP request\n"); + ERR_print_errors(bio_err); + } + + *preq = req; + + return 1; + + } + +static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp) + { + char http_resp[] = + "HTTP/1.0 200 OK\r\nContent-type: application/ocsp-response\r\n" + "Content-Length: %d\r\n\r\n"; + if (!cbio) + return 0; + BIO_printf(cbio, http_resp, i2d_OCSP_RESPONSE(resp, NULL)); + i2d_OCSP_RESPONSE_bio(cbio, resp); + BIO_flush(cbio); + return 1; + } + diff --git a/crypto/openssl/apps/openssl.c b/crypto/openssl/apps/openssl.c index 24450dd..4789647 100644 --- a/crypto/openssl/apps/openssl.c +++ b/crypto/openssl/apps/openssl.c @@ -55,11 +55,66 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + #include <stdio.h> #include <string.h> #include <stdlib.h> #define OPENSSL_C /* tells apps.h to use complete apps_startup() */ +#include "apps.h" #include <openssl/bio.h> #include <openssl/crypto.h> #include <openssl/lhash.h> @@ -67,31 +122,104 @@ #include <openssl/x509.h> #include <openssl/pem.h> #include <openssl/ssl.h> +#include <openssl/engine.h> #define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */ -#include "apps.h" #include "progs.h" #include "s_apps.h" #include <openssl/err.h> -static unsigned long MS_CALLBACK hash(FUNCTION *a); -static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b); +/* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the + * base prototypes (we cast each variable inside the function to the required + * type of "FUNCTION*"). This removes the necessity for macro-generated wrapper + * functions. */ + +/* static unsigned long MS_CALLBACK hash(FUNCTION *a); */ +static unsigned long MS_CALLBACK hash(const void *a_void); +/* static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b); */ +static int MS_CALLBACK cmp(const void *a_void,const void *b_void); static LHASH *prog_init(void ); static int do_cmd(LHASH *prog,int argc,char *argv[]); -LHASH *config=NULL; char *default_config_file=NULL; /* Make sure there is only one when MONOLITH is defined */ #ifdef MONOLITH +CONF *config=NULL; BIO *bio_err=NULL; #endif + +static void lock_dbg_cb(int mode, int type, const char *file, int line) + { + static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */ + const char *errstr = NULL; + int rw; + + rw = mode & (CRYPTO_READ|CRYPTO_WRITE); + if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE))) + { + errstr = "invalid mode"; + goto err; + } + + if (type < 0 || type > CRYPTO_NUM_LOCKS) + { + errstr = "type out of bounds"; + goto err; + } + + if (mode & CRYPTO_LOCK) + { + if (modes[type]) + { + errstr = "already locked"; + /* must not happen in a single-threaded program + * (would deadlock) */ + goto err; + } + + modes[type] = rw; + } + else if (mode & CRYPTO_UNLOCK) + { + if (!modes[type]) + { + errstr = "not locked"; + goto err; + } + + if (modes[type] != rw) + { + errstr = (rw == CRYPTO_READ) ? + "CRYPTO_r_unlock on write lock" : + "CRYPTO_w_unlock on read lock"; + } + + modes[type] = 0; + } + else + { + errstr = "invalid mode"; + goto err; + } + + err: + if (errstr) + { + /* we cannot use bio_err here */ + fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n", + errstr, mode, type, file, line); + } + } + + int main(int Argc, char *Argv[]) { ARGS arg; #define PROG_NAME_SIZE 39 char pname[PROG_NAME_SIZE+1]; FUNCTION f,*fp; - MS_STATIC char *prompt,buf[1024],config_name[256]; + MS_STATIC char *prompt,buf[1024]; + char *to_free=NULL; int n,i,ret=0; int argc; char **argv,*p; @@ -101,41 +229,56 @@ int main(int Argc, char *Argv[]) arg.data=NULL; arg.count=0; - if (getenv("OPENSSL_DEBUG_MEMORY") != NULL) - CRYPTO_malloc_debug_init(); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - - apps_startup(); - if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); - ERR_load_crypto_strings(); + if (getenv("OPENSSL_DEBUG_MEMORY") != NULL) /* if not defined, use compiled-in library defaults */ + { + if (!(0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))) + { + CRYPTO_malloc_debug_init(); + CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); + } + else + { + /* OPENSSL_DEBUG_MEMORY=off */ + CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0); + } + } + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + +#if 0 + if (getenv("OPENSSL_DEBUG_LOCKING") != NULL) +#endif + { + CRYPTO_set_locking_callback(lock_dbg_cb); + } + + apps_startup(); /* Lets load up our environment a little */ p=getenv("OPENSSL_CONF"); if (p == NULL) p=getenv("SSLEAY_CONF"); if (p == NULL) - { - strcpy(config_name,X509_get_default_cert_area()); -#ifndef VMS - strcat(config_name,"/"); -#endif - strcat(config_name,OPENSSL_CONF); - p=config_name; - } + p=to_free=make_config_name(); default_config_file=p; - config=CONF_load(config,p,&errline); - if (config == NULL) ERR_clear_error(); + config=NCONF_new(NULL); + i=NCONF_load(config,p,&errline); + if (i == 0) + { + NCONF_free(config); + config = NULL; + ERR_clear_error(); + } prog=prog_init(); /* first check the program name */ - program_name(Argv[0],pname,PROG_NAME_SIZE); + program_name(Argv[0],pname,sizeof pname); f.name=pname; fp=(FUNCTION *)lh_retrieve(prog,&f); @@ -163,7 +306,7 @@ int main(int Argc, char *Argv[]) { ret=0; p=buf; - n=1024; + n=sizeof buf; i=0; for (;;) { @@ -197,25 +340,25 @@ int main(int Argc, char *Argv[]) BIO_printf(bio_err,"bad exit\n"); ret=1; end: + if (to_free) + OPENSSL_free(to_free); if (config != NULL) { - CONF_free(config); + NCONF_free(config); config=NULL; } if (prog != NULL) lh_free(prog); if (arg.data != NULL) OPENSSL_free(arg.data); - ERR_remove_state(0); - EVP_cleanup(); - ERR_free_strings(); - + apps_shutdown(); + CRYPTO_mem_leaks(bio_err); if (bio_err != NULL) { BIO_free(bio_err); bio_err=NULL; } - EXIT(ret); + OPENSSL_EXIT(ret); } #define LIST_STANDARD_COMMANDS "list-standard-commands" @@ -238,7 +381,7 @@ static int do_cmd(LHASH *prog, int argc, char *argv[]) else if ((strncmp(argv[0],"no-",3)) == 0) { BIO *bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE); -#ifdef VMS +#ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); bio_stdout = BIO_push(tmpbio, bio_stdout); @@ -275,7 +418,7 @@ static int do_cmd(LHASH *prog, int argc, char *argv[]) else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */ list_type = FUNC_TYPE_CIPHER; bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE); -#ifdef VMS +#ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); bio_stdout = BIO_push(tmpbio, bio_stdout); @@ -350,19 +493,23 @@ static LHASH *prog_init(void) ; qsort(functions,i,sizeof *functions,SortFnByName); - if ((ret=lh_new(hash,cmp)) == NULL) return(NULL); + if ((ret=lh_new(hash, cmp)) == NULL) + return(NULL); for (f=functions; f->name != NULL; f++) lh_insert(ret,f); return(ret); } -static int MS_CALLBACK cmp(FUNCTION *a, FUNCTION *b) +/* static int MS_CALLBACK cmp(FUNCTION *a, FUNCTION *b) */ +static int MS_CALLBACK cmp(const void *a_void, const void *b_void) { - return(strncmp(a->name,b->name,8)); + return(strncmp(((FUNCTION *)a_void)->name, + ((FUNCTION *)b_void)->name,8)); } -static unsigned long MS_CALLBACK hash(FUNCTION *a) +/* static unsigned long MS_CALLBACK hash(FUNCTION *a) */ +static unsigned long MS_CALLBACK hash(const void *a_void) { - return(lh_strhash(a->name)); + return(lh_strhash(((FUNCTION *)a_void)->name)); } diff --git a/crypto/openssl/apps/openssl.cnf b/crypto/openssl/apps/openssl.cnf index dbe8cbe..eca51c3 100644 --- a/crypto/openssl/apps/openssl.cnf +++ b/crypto/openssl/apps/openssl.cnf @@ -48,6 +48,14 @@ RANDFILE = $dir/private/.rand # private random number file x509_extensions = usr_cert # The extentions to add to the cert +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs # so this is commented out by default to leave a V1 CRL. # crl_extensions = crl_ext @@ -132,7 +140,7 @@ commonName = Common Name (eg, YOUR name) commonName_max = 64 emailAddress = Email Address -emailAddress_max = 40 +emailAddress_max = 64 # SET-ex3 = SET extension number 3 @@ -180,6 +188,9 @@ authorityKeyIdentifier=keyid,issuer:always # This stuff is for subjectAltName and issuerAltname. # Import the email address. # subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move # Copy subject details # issuerAltName=issuer:copy diff --git a/crypto/openssl/apps/passwd.c b/crypto/openssl/apps/passwd.c index ea2b089..3ad91d8 100644 --- a/crypto/openssl/apps/passwd.c +++ b/crypto/openssl/apps/passwd.c @@ -1,10 +1,10 @@ /* apps/passwd.c */ -#if defined NO_MD5 || defined CHARSET_EBCDIC +#if defined OPENSSL_NO_MD5 || defined CHARSET_EBCDIC # define NO_MD5CRYPT_1 #endif -#if !defined(NO_DES) || !defined(NO_MD5CRYPT_1) +#if !defined(OPENSSL_NO_DES) || !defined(NO_MD5CRYPT_1) #include <assert.h> #include <string.h> @@ -15,8 +15,7 @@ #include <openssl/err.h> #include <openssl/evp.h> #include <openssl/rand.h> - -#ifndef NO_DES +#ifndef OPENSSL_NO_DES # include <openssl/des.h> #endif #ifndef NO_MD5CRYPT_1 @@ -50,6 +49,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, * -salt string - salt * -in file - read passwords from file * -stdin - read passwords from stdin + * -noverify - never verify when reading password from terminal * -quiet - no warnings * -table - format output as table * -reverse - switch table columns @@ -62,6 +62,7 @@ int MAIN(int argc, char **argv) int ret = 1; char *infile = NULL; int in_stdin = 0; + int in_noverify = 0; char *salt = NULL, *passwd = NULL, **passwds = NULL; char *salt_malloc = NULL, *passwd_malloc = NULL; size_t passwd_malloc_size = 0; @@ -77,11 +78,14 @@ int MAIN(int argc, char **argv) if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + if (!load_config(bio_err, NULL)) + goto err; out = BIO_new(BIO_s_file()); if (out == NULL) goto err; BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); -#ifdef VMS +#ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); @@ -128,6 +132,8 @@ int MAIN(int argc, char **argv) else badopt = 1; } + else if (strcmp(argv[i], "-noverify") == 0) + in_noverify = 1; else if (strcmp(argv[i], "-quiet") == 0) quiet = 1; else if (strcmp(argv[i], "-table") == 0) @@ -153,7 +159,7 @@ int MAIN(int argc, char **argv) badopt = 1; /* reject unsupported algorithms */ -#ifdef NO_DES +#ifdef OPENSSL_NO_DES if (usecrypt) badopt = 1; #endif #ifdef NO_MD5CRYPT_1 @@ -164,7 +170,7 @@ int MAIN(int argc, char **argv) { BIO_printf(bio_err, "Usage: passwd [options] [passwords]\n"); BIO_printf(bio_err, "where options are\n"); -#ifndef NO_DES +#ifndef OPENSSL_NO_DES BIO_printf(bio_err, "-crypt standard Unix password algorithm (default)\n"); #endif #ifndef NO_MD5CRYPT_1 @@ -174,6 +180,7 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "-salt string use provided salt\n"); BIO_printf(bio_err, "-in file read passwords from file\n"); BIO_printf(bio_err, "-stdin read passwords from stdin\n"); + BIO_printf(bio_err, "-noverify never verify when reading password from terminal\n"); BIO_printf(bio_err, "-quiet no warnings\n"); BIO_printf(bio_err, "-table format output as table\n"); BIO_printf(bio_err, "-reverse switch table columns\n"); @@ -222,7 +229,7 @@ int MAIN(int argc, char **argv) passwds = passwds_static; if (in == NULL) - if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", 0) != 0) + if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", !(passed_salt || in_noverify)) != 0) goto err; passwds[0] = passwd_malloc; } @@ -284,7 +291,8 @@ err: BIO_free(in); if (out) BIO_free_all(out); - EXIT(ret); + apps_shutdown(); + OPENSSL_EXIT(ret); } @@ -305,7 +313,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) unsigned char buf[MD5_DIGEST_LENGTH]; char *salt_out; int n, i; - MD5_CTX md; + EVP_MD_CTX md,md2; size_t passwd_len, salt_len; passwd_len = strlen(passwd); @@ -320,49 +328,47 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) salt_len = strlen(salt_out); assert(salt_len <= 8); - MD5_Init(&md); - MD5_Update(&md, passwd, passwd_len); - MD5_Update(&md, "$", 1); - MD5_Update(&md, magic, strlen(magic)); - MD5_Update(&md, "$", 1); - MD5_Update(&md, salt_out, salt_len); + EVP_MD_CTX_init(&md); + EVP_DigestInit_ex(&md,EVP_md5(), NULL); + EVP_DigestUpdate(&md, passwd, passwd_len); + EVP_DigestUpdate(&md, "$", 1); + EVP_DigestUpdate(&md, magic, strlen(magic)); + EVP_DigestUpdate(&md, "$", 1); + EVP_DigestUpdate(&md, salt_out, salt_len); - { - MD5_CTX md2; + EVP_MD_CTX_init(&md2); + EVP_DigestInit_ex(&md2,EVP_md5(), NULL); + EVP_DigestUpdate(&md2, passwd, passwd_len); + EVP_DigestUpdate(&md2, salt_out, salt_len); + EVP_DigestUpdate(&md2, passwd, passwd_len); + EVP_DigestFinal_ex(&md2, buf, NULL); - MD5_Init(&md2); - MD5_Update(&md2, passwd, passwd_len); - MD5_Update(&md2, salt_out, salt_len); - MD5_Update(&md2, passwd, passwd_len); - MD5_Final(buf, &md2); - } for (i = passwd_len; i > sizeof buf; i -= sizeof buf) - MD5_Update(&md, buf, sizeof buf); - MD5_Update(&md, buf, i); + EVP_DigestUpdate(&md, buf, sizeof buf); + EVP_DigestUpdate(&md, buf, i); n = passwd_len; while (n) { - MD5_Update(&md, (n & 1) ? "\0" : passwd, 1); + EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1); n >>= 1; } - MD5_Final(buf, &md); + EVP_DigestFinal_ex(&md, buf, NULL); for (i = 0; i < 1000; i++) { - MD5_CTX md2; - - MD5_Init(&md2); - MD5_Update(&md2, (i & 1) ? (unsigned char *) passwd : buf, - (i & 1) ? passwd_len : sizeof buf); + EVP_DigestInit_ex(&md2,EVP_md5(), NULL); + EVP_DigestUpdate(&md2, (i & 1) ? (unsigned char *) passwd : buf, + (i & 1) ? passwd_len : sizeof buf); if (i % 3) - MD5_Update(&md2, salt_out, salt_len); + EVP_DigestUpdate(&md2, salt_out, salt_len); if (i % 7) - MD5_Update(&md2, passwd, passwd_len); - MD5_Update(&md2, (i & 1) ? buf : (unsigned char *) passwd, - (i & 1) ? sizeof buf : passwd_len); - MD5_Final(buf, &md2); + EVP_DigestUpdate(&md2, passwd, passwd_len); + EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned char *) passwd, + (i & 1) ? sizeof buf : passwd_len); + EVP_DigestFinal_ex(&md2, buf, NULL); } + EVP_MD_CTX_cleanup(&md2); { /* transform buf into output string */ @@ -400,6 +406,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) *output = 0; assert(strlen(out_buf) < sizeof(out_buf)); } + EVP_MD_CTX_cleanup(&md); return out_buf; } @@ -418,7 +425,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, /* first make sure we have a salt */ if (!passed_salt) { -#ifndef NO_DES +#ifndef OPENSSL_NO_DES if (usecrypt) { if (*salt_malloc_p == NULL) @@ -437,7 +444,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, * back to ASCII */ #endif } -#endif /* !NO_DES */ +#endif /* !OPENSSL_NO_DES */ #ifndef NO_MD5CRYPT_1 if (use1 || useapr1) @@ -472,9 +479,9 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, assert(strlen(passwd) <= pw_maxlen); /* now compute password hash */ -#ifndef NO_DES +#ifndef OPENSSL_NO_DES if (usecrypt) - hash = des_crypt(passwd, *salt_p); + hash = DES_crypt(passwd, *salt_p); #endif #ifndef NO_MD5CRYPT_1 if (use1 || useapr1) @@ -498,6 +505,6 @@ err: int MAIN(int argc, char **argv) { fputs("Program not available.\n", stderr) - EXIT(1); + OPENSSL_EXIT(1); } #endif diff --git a/crypto/openssl/apps/pkcs12.c b/crypto/openssl/apps/pkcs12.c index aeba62e..8d1babe 100644 --- a/crypto/openssl/apps/pkcs12.c +++ b/crypto/openssl/apps/pkcs12.c @@ -1,5 +1,5 @@ /* pkcs12.c */ -#if !defined(NO_DES) && !defined(NO_SHA1) +#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1) /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL * project 1999. @@ -69,7 +69,7 @@ #define PROG pkcs12_main -EVP_CIPHER *enc; +const EVP_CIPHER *enc; #define NOKEYS 0x1 @@ -92,11 +92,13 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; char *infile=NULL, *outfile=NULL, *keyname = NULL; char *certfile=NULL; - BIO *in=NULL, *out = NULL, *inkey = NULL, *certsin = NULL; + BIO *in=NULL, *out = NULL; char **args; char *name = NULL; + char *csp_name = NULL; PKCS12 *p12 = NULL; char pass[50], macpass[50]; int export_cert = 0; @@ -118,12 +120,16 @@ int MAIN(int argc, char **argv) char *passin = NULL, *passout = NULL; char *inrand = NULL; char *CApath = NULL, *CAfile = NULL; + char *engine=NULL; apps_startup(); enc = EVP_des_ede3_cbc(); if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); + if (!load_config(bio_err, NULL)) + goto end; + args = argv + 1; @@ -144,10 +150,15 @@ int MAIN(int argc, char **argv) cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; else if (!strcmp (*args, "-export")) export_cert = 1; else if (!strcmp (*args, "-des")) enc=EVP_des_cbc(); -#ifndef NO_IDEA +#ifndef OPENSSL_NO_IDEA else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc(); #endif else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc(); +#ifndef OPENSSL_NO_AES + else if (!strcmp(*args,"-aes128")) enc=EVP_aes_128_cbc(); + else if (!strcmp(*args,"-aes192")) enc=EVP_aes_192_cbc(); + else if (!strcmp(*args,"-aes256")) enc=EVP_aes_256_cbc(); +#endif else if (!strcmp (*args, "-noiter")) iter = 1; else if (!strcmp (*args, "-maciter")) maciter = PKCS12_DEFAULT_ITER; @@ -194,6 +205,11 @@ int MAIN(int argc, char **argv) args++; name = *args; } else badarg = 1; + } else if (!strcmp (*args, "-CSP")) { + if (args[1]) { + args++; + csp_name = *args; + } else badarg = 1; } else if (!strcmp (*args, "-caname")) { if (args[1]) { args++; @@ -236,6 +252,11 @@ int MAIN(int argc, char **argv) args++; CAfile = *args; } else badarg = 1; + } else if (!strcmp(*args,"-engine")) { + if (args[1]) { + args++; + engine = *args; + } else badarg = 1; } else badarg = 1; } else badarg = 1; @@ -264,9 +285,13 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-info give info about PKCS#12 structure.\n"); BIO_printf (bio_err, "-des encrypt private keys with DES\n"); BIO_printf (bio_err, "-des3 encrypt private keys with triple DES (default)\n"); -#ifndef NO_IDEA +#ifndef OPENSSL_NO_IDEA BIO_printf (bio_err, "-idea encrypt private keys with idea\n"); #endif +#ifndef OPENSSL_NO_AES + BIO_printf (bio_err, "-aes128, -aes192, -aes256\n"); + BIO_printf (bio_err, " encrypt PEM output with cbc aes\n"); +#endif BIO_printf (bio_err, "-nodes don't encrypt private keys\n"); BIO_printf (bio_err, "-noiter don't use encryption iteration\n"); BIO_printf (bio_err, "-maciter use MAC iteration\n"); @@ -279,12 +304,15 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-password p set import/export password source\n"); BIO_printf (bio_err, "-passin p input file pass phrase source\n"); BIO_printf (bio_err, "-passout p output file pass phrase source\n"); + BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); BIO_printf(bio_err, " the random number generator\n"); goto end; } + e = setup_engine(bio_err, engine, 0); + if(passarg) { if(export_cert) passargout = passarg; else passargin = passarg; @@ -329,6 +357,7 @@ int MAIN(int argc, char **argv) goto end; } +#if 0 if (certfile) { if(!(certsin = BIO_new_file(certfile, "r"))) { BIO_printf(bio_err, "Can't open certificate file %s\n", certfile); @@ -344,6 +373,7 @@ int MAIN(int argc, char **argv) goto end; } } +#endif #ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); @@ -352,7 +382,7 @@ int MAIN(int argc, char **argv) if (!outfile) { out = BIO_new_fp(stdout, BIO_NOCLOSE); -#ifdef VMS +#ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); @@ -369,7 +399,7 @@ int MAIN(int argc, char **argv) #ifdef CRYPTO_MDEBUG CRYPTO_push_info("read MAC password"); #endif - if(EVP_read_pw_string (macpass, 50, "Enter MAC Password:", export_cert)) + if(EVP_read_pw_string (macpass, sizeof macpass, "Enter MAC Password:", export_cert)) { BIO_printf (bio_err, "Can't read Password\n"); goto end; @@ -397,12 +427,9 @@ int MAIN(int argc, char **argv) CRYPTO_push_info("process -export_cert"); CRYPTO_push_info("reading private key"); #endif - key = PEM_read_bio_PrivateKey(inkey ? inkey : in, NULL, NULL, passin); - if (!inkey) (void) BIO_reset(in); - else BIO_free(inkey); + key = load_key(bio_err, keyname ? keyname : infile, FORMAT_PEM, 1, + passin, e, "private key"); if (!key) { - BIO_printf (bio_err, "Error loading private key\n"); - ERR_print_errors(bio_err); goto export_end; } @@ -411,12 +438,9 @@ int MAIN(int argc, char **argv) CRYPTO_push_info("reading certs from input"); #endif - certs = sk_X509_new_null(); - /* Load in all certs in input file */ - if(!cert_load(in, certs)) { - BIO_printf(bio_err, "Error loading certificates from input\n"); - ERR_print_errors(bio_err); + if(!(certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e, + "certificates"))) { goto export_end; } @@ -446,13 +470,17 @@ int MAIN(int argc, char **argv) bags = sk_PKCS12_SAFEBAG_new_null (); /* Add any more certificates asked for */ - if (certsin) { - if(!cert_load(certsin, certs)) { - BIO_printf(bio_err, "Error loading certificates from certfile\n"); - ERR_print_errors(bio_err); + if (certfile) { + STACK_OF(X509) *morecerts=NULL; + if(!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM, + NULL, e, + "certificates from certfile"))) { goto export_end; } - BIO_free(certsin); + while(sk_X509_num(morecerts) > 0) { + sk_X509_push(certs, sk_X509_shift(morecerts)); + } + sk_X509_free(morecerts); } #ifdef CRYPTO_MDEBUG @@ -480,9 +508,10 @@ int MAIN(int argc, char **argv) /* Exclude verified certificate */ for (i = 1; i < sk_X509_num (chain2) ; i++) sk_X509_push(certs, sk_X509_value (chain2, i)); - } - sk_X509_free(chain2); - if (vret) { + /* Free first certificate */ + X509_free(sk_X509_value(chain2, 0)); + sk_X509_free(chain2); + } else { BIO_printf (bio_err, "Error %s getting chain.\n", X509_verify_cert_error_string(vret)); goto export_end; @@ -498,7 +527,7 @@ int MAIN(int argc, char **argv) for(i = 0; i < sk_X509_num(certs); i++) { X509 *cert = NULL; cert = sk_X509_value(certs, i); - bag = M_PKCS12_x5092certbag(cert); + bag = PKCS12_x5092certbag(cert); /* If it matches private key set id */ if(cert == ucert) { if(name) PKCS12_add_friendlyname(bag, name, -1); @@ -509,8 +538,6 @@ int MAIN(int argc, char **argv) } sk_X509_pop_free(certs, X509_free); certs = NULL; - /* ucert is part of certs so it is already freed */ - ucert = NULL; #ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); @@ -518,7 +545,7 @@ int MAIN(int argc, char **argv) #endif if(!noprompt && - EVP_read_pw_string(pass, 50, "Enter Export Password:", 1)) { + EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1)) { BIO_printf (bio_err, "Can't read Password\n"); goto export_end; } @@ -549,6 +576,7 @@ int MAIN(int argc, char **argv) PKCS8_PRIV_KEY_INFO_free(p8); p8 = NULL; if (name) PKCS12_add_friendlyname (bag, name, -1); + if(csp_name) PKCS12_add_CSPName_asc(bag, csp_name, -1); PKCS12_add_localkeyid (bag, keyid, keyidlen); bags = sk_PKCS12_SAFEBAG_new_null(); sk_PKCS12_SAFEBAG_push (bags, bag); @@ -569,9 +597,9 @@ int MAIN(int argc, char **argv) CRYPTO_push_info("building pkcs12"); #endif - p12 = PKCS12_init (NID_pkcs7_data); + p12 = PKCS12_init(NID_pkcs7_data); - M_PKCS12_pack_authsafes (p12, safes); + PKCS12_pack_authsafes(p12, safes); sk_PKCS7_pop_free(safes, PKCS7_free); safes = NULL; @@ -598,7 +626,6 @@ int MAIN(int argc, char **argv) if (certs) sk_X509_pop_free(certs, X509_free); if (safes) sk_PKCS7_pop_free(safes, PKCS7_free); if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); - if (ucert) X509_free(ucert); #ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); @@ -615,7 +642,7 @@ int MAIN(int argc, char **argv) #ifdef CRYPTO_MDEBUG CRYPTO_push_info("read import password"); #endif - if(!noprompt && EVP_read_pw_string(pass, 50, "Enter Import Password:", 0)) { + if(!noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", 0)) { BIO_printf (bio_err, "Can't read Password\n"); goto end; } @@ -668,7 +695,8 @@ int MAIN(int argc, char **argv) if (canames) sk_free(canames); if(passin) OPENSSL_free(passin); if(passout) OPENSSL_free(passout); - EXIT(ret); + apps_shutdown(); + OPENSSL_EXIT(ret); } int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass, @@ -679,20 +707,20 @@ int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass, int i, bagnid; PKCS7 *p7; - if (!( asafes = M_PKCS12_unpack_authsafes (p12))) return 0; + if (!( asafes = PKCS12_unpack_authsafes(p12))) return 0; for (i = 0; i < sk_PKCS7_num (asafes); i++) { p7 = sk_PKCS7_value (asafes, i); bagnid = OBJ_obj2nid (p7->type); if (bagnid == NID_pkcs7_data) { - bags = M_PKCS12_unpack_p7data (p7); + bags = PKCS12_unpack_p7data(p7); if (options & INFO) BIO_printf (bio_err, "PKCS7 Data\n"); } else if (bagnid == NID_pkcs7_encrypted) { if (options & INFO) { - BIO_printf (bio_err, "PKCS7 Encrypted data: "); - alg_print (bio_err, + BIO_printf(bio_err, "PKCS7 Encrypted data: "); + alg_print(bio_err, p7->d.encrypted->enc_data->algorithm); } - bags = M_PKCS12_unpack_p7encdata (p7, pass, passlen); + bags = PKCS12_unpack_p7encdata(p7, pass, passlen); } else continue; if (!bags) return 0; if (!dump_certs_pkeys_bags (out, bags, pass, passlen, @@ -747,7 +775,7 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass, } if (options & NOKEYS) return 1; print_attribs (out, bag->attrib, "Bag Attributes"); - if (!(p8 = M_PKCS12_decrypt_skey (bag, pass, passlen))) + if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen))) return 0; if (!(pkey = EVP_PKCS82PKEY (p8))) { PKCS8_PRIV_KEY_INFO_free(p8); @@ -768,7 +796,7 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass, print_attribs (out, bag->attrib, "Bag Attributes"); if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate ) return 1; - if (!(x509 = M_PKCS12_certbag2x509(bag))) return 0; + if (!(x509 = PKCS12_certbag2x509(bag))) return 0; dump_cert_text (out, x509); PEM_write_bio_X509 (out, x509); X509_free(x509); @@ -800,6 +828,9 @@ int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain) STACK_OF(X509) *chn; int i; + /* FIXME: Should really check the return status of X509_STORE_CTX_init + * for an error, but how that fits into the return value of this + * function is less obvious. */ X509_STORE_CTX_init(&store_ctx, store, cert, NULL); if (X509_verify_cert(&store_ctx) <= 0) { i = X509_STORE_CTX_get_error (&store_ctx); diff --git a/crypto/openssl/apps/pkcs7.c b/crypto/openssl/apps/pkcs7.c index a9fff11..738dd85 100644 --- a/crypto/openssl/apps/pkcs7.c +++ b/crypto/openssl/apps/pkcs7.c @@ -82,6 +82,7 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; PKCS7 *p7=NULL; int i,badops=0; BIO *in=NULL,*out=NULL; @@ -89,6 +90,7 @@ int MAIN(int argc, char **argv) char *infile,*outfile,*prog; int print_certs=0,text=0,noout=0; int ret=1; + char *engine=NULL; apps_startup(); @@ -132,6 +134,11 @@ int MAIN(int argc, char **argv) text=1; else if (strcmp(*argv,"-print_certs") == 0) print_certs=1; + else if (strcmp(*argv,"-engine") == 0) + { + if (--argc < 1) goto bad; + engine= *(++argv); + } else { BIO_printf(bio_err,"unknown option %s\n",*argv); @@ -154,11 +161,15 @@ bad: BIO_printf(bio_err," -print_certs print any certs or crl in the input\n"); BIO_printf(bio_err," -text print full details of certificates\n"); BIO_printf(bio_err," -noout don't output encoded data\n"); - EXIT(1); + BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); + ret = 1; + goto end; } ERR_load_crypto_strings(); + e = setup_engine(bio_err, engine, 0); + in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); if ((in == NULL) || (out == NULL)) @@ -198,7 +209,7 @@ bad: if (outfile == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); -#ifdef VMS +#ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); @@ -289,5 +300,6 @@ end: if (p7 != NULL) PKCS7_free(p7); if (in != NULL) BIO_free(in); if (out != NULL) BIO_free_all(out); - EXIT(ret); + apps_shutdown(); + OPENSSL_EXIT(ret); } diff --git a/crypto/openssl/apps/pkcs8.c b/crypto/openssl/apps/pkcs8.c index 7b588e4..1debccb 100644 --- a/crypto/openssl/apps/pkcs8.c +++ b/crypto/openssl/apps/pkcs8.c @@ -63,13 +63,13 @@ #include <openssl/evp.h> #include <openssl/pkcs12.h> -#include "apps.h" #define PROG pkcs8_main int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; char **args, *infile = NULL, *outfile = NULL; char *passargin = NULL, *passargout = NULL; BIO *in = NULL, *out = NULL; @@ -82,12 +82,19 @@ int MAIN(int argc, char **argv) int nocrypt = 0; X509_SIG *p8; PKCS8_PRIV_KEY_INFO *p8inf; - EVP_PKEY *pkey; + EVP_PKEY *pkey=NULL; char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL; int badarg = 0; + char *engine=NULL; + if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); + + if (!load_config(bio_err, NULL)) + goto end; + informat=FORMAT_PEM; outformat=FORMAT_PEM; + ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); args = argv + 1; @@ -138,6 +145,11 @@ int MAIN(int argc, char **argv) if (!args[1]) goto bad; passargout= *(++args); } + else if (strcmp(*args,"-engine") == 0) + { + if (!args[1]) goto bad; + engine= *(++args); + } else if (!strcmp (*args, "-in")) { if (args[1]) { args++; @@ -170,9 +182,12 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "-nocrypt use or expect unencrypted private key\n"); BIO_printf(bio_err, "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n"); BIO_printf(bio_err, "-v1 obj use PKCS#5 v1.5 and cipher \"alg\"\n"); + BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); return (1); } + e = setup_engine(bio_err, engine, 0); + if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); return (1); @@ -196,28 +211,21 @@ int MAIN(int argc, char **argv) } } else { out = BIO_new_fp (stdout, BIO_NOCLOSE); -#ifdef VMS +#ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } #endif } - if (topk8) { - if(informat == FORMAT_PEM) - pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, passin); - else if(informat == FORMAT_ASN1) - pkey = d2i_PrivateKey_bio(in, NULL); - else { - BIO_printf(bio_err, "Bad format specified for key\n"); - return (1); - } + if (topk8) + { + BIO_free(in); /* Not needed in this section */ + pkey = load_key(bio_err, infile, informat, 1, + passin, e, "key"); if (!pkey) { - BIO_printf(bio_err, "Error reading key\n", outfile); - ERR_print_errors(bio_err); return (1); } - BIO_free(in); if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) { BIO_printf(bio_err, "Error converting key\n", outfile); ERR_print_errors(bio_err); @@ -236,7 +244,8 @@ int MAIN(int argc, char **argv) if(passout) p8pass = passout; else { p8pass = pass; - EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1); + if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1)) + return (1); } app_RAND_load_file(NULL, bio_err, 0); if (!(p8 = PKCS8_encrypt(pbe_nid, cipher, @@ -293,9 +302,9 @@ int MAIN(int argc, char **argv) if(passin) p8pass = passin; else { p8pass = pass; - EVP_read_pw_string(pass, 50, "Enter Password:", 0); + EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0); } - p8inf = M_PKCS8_decrypt(p8, p8pass, strlen(p8pass)); + p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass)); X509_SIG_free(p8); } @@ -342,6 +351,7 @@ int MAIN(int argc, char **argv) return (1); } + end: EVP_PKEY_free(pkey); BIO_free_all(out); BIO_free(in); diff --git a/crypto/openssl/apps/progs.h b/crypto/openssl/apps/progs.h index fbc65de..752385d 100644 --- a/crypto/openssl/apps/progs.h +++ b/crypto/openssl/apps/progs.h @@ -35,6 +35,8 @@ extern int pkcs8_main(int argc,char *argv[]); extern int spkac_main(int argc,char *argv[]); extern int smime_main(int argc,char *argv[]); extern int rand_main(int argc,char *argv[]); +extern int engine_main(int argc,char *argv[]); +extern int ocsp_main(int argc,char *argv[]); #define FUNC_TYPE_GENERAL 1 #define FUNC_TYPE_MD 2 @@ -51,205 +53,239 @@ FUNCTION functions[] = { {FUNC_TYPE_GENERAL,"asn1parse",asn1parse_main}, {FUNC_TYPE_GENERAL,"req",req_main}, {FUNC_TYPE_GENERAL,"dgst",dgst_main}, -#ifndef NO_DH +#ifndef OPENSSL_NO_DH {FUNC_TYPE_GENERAL,"dh",dh_main}, #endif -#ifndef NO_DH +#ifndef OPENSSL_NO_DH {FUNC_TYPE_GENERAL,"dhparam",dhparam_main}, #endif {FUNC_TYPE_GENERAL,"enc",enc_main}, {FUNC_TYPE_GENERAL,"passwd",passwd_main}, -#ifndef NO_DH +#ifndef OPENSSL_NO_DH {FUNC_TYPE_GENERAL,"gendh",gendh_main}, #endif {FUNC_TYPE_GENERAL,"errstr",errstr_main}, {FUNC_TYPE_GENERAL,"ca",ca_main}, {FUNC_TYPE_GENERAL,"crl",crl_main}, -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA {FUNC_TYPE_GENERAL,"rsa",rsa_main}, #endif -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA {FUNC_TYPE_GENERAL,"rsautl",rsautl_main}, #endif -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA {FUNC_TYPE_GENERAL,"dsa",dsa_main}, #endif -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA {FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main}, #endif {FUNC_TYPE_GENERAL,"x509",x509_main}, -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA {FUNC_TYPE_GENERAL,"genrsa",genrsa_main}, #endif -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA {FUNC_TYPE_GENERAL,"gendsa",gendsa_main}, #endif -#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3)) +#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3)) {FUNC_TYPE_GENERAL,"s_server",s_server_main}, #endif -#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3)) +#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3)) {FUNC_TYPE_GENERAL,"s_client",s_client_main}, #endif {FUNC_TYPE_GENERAL,"speed",speed_main}, -#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3)) +#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3)) {FUNC_TYPE_GENERAL,"s_time",s_time_main}, #endif {FUNC_TYPE_GENERAL,"version",version_main}, {FUNC_TYPE_GENERAL,"pkcs7",pkcs7_main}, {FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main}, {FUNC_TYPE_GENERAL,"sess_id",sess_id_main}, -#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3)) +#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3)) {FUNC_TYPE_GENERAL,"ciphers",ciphers_main}, #endif {FUNC_TYPE_GENERAL,"nseq",nseq_main}, -#if !defined(NO_DES) && !defined(NO_SHA1) +#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1) {FUNC_TYPE_GENERAL,"pkcs12",pkcs12_main}, #endif {FUNC_TYPE_GENERAL,"pkcs8",pkcs8_main}, {FUNC_TYPE_GENERAL,"spkac",spkac_main}, {FUNC_TYPE_GENERAL,"smime",smime_main}, {FUNC_TYPE_GENERAL,"rand",rand_main}, + {FUNC_TYPE_GENERAL,"engine",engine_main}, + {FUNC_TYPE_GENERAL,"ocsp",ocsp_main}, +#ifndef OPENSSL_NO_MD2 {FUNC_TYPE_MD,"md2",dgst_main}, +#endif +#ifndef OPENSSL_NO_MD4 {FUNC_TYPE_MD,"md4",dgst_main}, +#endif +#ifndef OPENSSL_NO_MD5 {FUNC_TYPE_MD,"md5",dgst_main}, +#endif +#ifndef OPENSSL_NO_SHA {FUNC_TYPE_MD,"sha",dgst_main}, +#endif +#ifndef OPENSSL_NO_SHA1 {FUNC_TYPE_MD,"sha1",dgst_main}, +#endif +#ifndef OPENSSL_NO_MDC2 {FUNC_TYPE_MD,"mdc2",dgst_main}, +#endif +#ifndef OPENSSL_NO_RMD160 {FUNC_TYPE_MD,"rmd160",dgst_main}, +#endif +#ifndef OPENSSL_NO_AES + {FUNC_TYPE_CIPHER,"aes-128-cbc",enc_main}, +#endif +#ifndef OPENSSL_NO_AES + {FUNC_TYPE_CIPHER,"aes-128-ecb",enc_main}, +#endif +#ifndef OPENSSL_NO_AES + {FUNC_TYPE_CIPHER,"aes-192-cbc",enc_main}, +#endif +#ifndef OPENSSL_NO_AES + {FUNC_TYPE_CIPHER,"aes-192-ecb",enc_main}, +#endif +#ifndef OPENSSL_NO_AES + {FUNC_TYPE_CIPHER,"aes-256-cbc",enc_main}, +#endif +#ifndef OPENSSL_NO_AES + {FUNC_TYPE_CIPHER,"aes-256-ecb",enc_main}, +#endif {FUNC_TYPE_CIPHER,"base64",enc_main}, -#ifndef NO_DES +#ifndef OPENSSL_NO_DES {FUNC_TYPE_CIPHER,"des",enc_main}, #endif -#ifndef NO_DES +#ifndef OPENSSL_NO_DES {FUNC_TYPE_CIPHER,"des3",enc_main}, #endif -#ifndef NO_DES +#ifndef OPENSSL_NO_DES {FUNC_TYPE_CIPHER,"desx",enc_main}, #endif -#ifndef NO_IDEA +#ifndef OPENSSL_NO_IDEA {FUNC_TYPE_CIPHER,"idea",enc_main}, #endif -#ifndef NO_RC4 +#ifndef OPENSSL_NO_RC4 {FUNC_TYPE_CIPHER,"rc4",enc_main}, #endif -#ifndef NO_RC4 +#ifndef OPENSSL_NO_RC4 {FUNC_TYPE_CIPHER,"rc4-40",enc_main}, #endif -#ifndef NO_RC2 +#ifndef OPENSSL_NO_RC2 {FUNC_TYPE_CIPHER,"rc2",enc_main}, #endif -#ifndef NO_BF +#ifndef OPENSSL_NO_BF {FUNC_TYPE_CIPHER,"bf",enc_main}, #endif -#ifndef NO_CAST +#ifndef OPENSSL_NO_CAST {FUNC_TYPE_CIPHER,"cast",enc_main}, #endif -#ifndef NO_RC5 +#ifndef OPENSSL_NO_RC5 {FUNC_TYPE_CIPHER,"rc5",enc_main}, #endif -#ifndef NO_DES +#ifndef OPENSSL_NO_DES {FUNC_TYPE_CIPHER,"des-ecb",enc_main}, #endif -#ifndef NO_DES +#ifndef OPENSSL_NO_DES {FUNC_TYPE_CIPHER,"des-ede",enc_main}, #endif -#ifndef NO_DES +#ifndef OPENSSL_NO_DES {FUNC_TYPE_CIPHER,"des-ede3",enc_main}, #endif -#ifndef NO_DES +#ifndef OPENSSL_NO_DES {FUNC_TYPE_CIPHER,"des-cbc",enc_main}, #endif -#ifndef NO_DES +#ifndef OPENSSL_NO_DES {FUNC_TYPE_CIPHER,"des-ede-cbc",enc_main}, #endif -#ifndef NO_DES +#ifndef OPENSSL_NO_DES {FUNC_TYPE_CIPHER,"des-ede3-cbc",enc_main}, #endif -#ifndef NO_DES +#ifndef OPENSSL_NO_DES {FUNC_TYPE_CIPHER,"des-cfb",enc_main}, #endif -#ifndef NO_DES +#ifndef OPENSSL_NO_DES {FUNC_TYPE_CIPHER,"des-ede-cfb",enc_main}, #endif -#ifndef NO_DES +#ifndef OPENSSL_NO_DES {FUNC_TYPE_CIPHER,"des-ede3-cfb",enc_main}, #endif -#ifndef NO_DES +#ifndef OPENSSL_NO_DES {FUNC_TYPE_CIPHER,"des-ofb",enc_main}, #endif -#ifndef NO_DES +#ifndef OPENSSL_NO_DES {FUNC_TYPE_CIPHER,"des-ede-ofb",enc_main}, #endif -#ifndef NO_DES +#ifndef OPENSSL_NO_DES {FUNC_TYPE_CIPHER,"des-ede3-ofb",enc_main}, #endif -#ifndef NO_IDEA +#ifndef OPENSSL_NO_IDEA {FUNC_TYPE_CIPHER,"idea-cbc",enc_main}, #endif -#ifndef NO_IDEA +#ifndef OPENSSL_NO_IDEA {FUNC_TYPE_CIPHER,"idea-ecb",enc_main}, #endif -#ifndef NO_IDEA +#ifndef OPENSSL_NO_IDEA {FUNC_TYPE_CIPHER,"idea-cfb",enc_main}, #endif -#ifndef NO_IDEA +#ifndef OPENSSL_NO_IDEA {FUNC_TYPE_CIPHER,"idea-ofb",enc_main}, #endif -#ifndef NO_RC2 +#ifndef OPENSSL_NO_RC2 {FUNC_TYPE_CIPHER,"rc2-cbc",enc_main}, #endif -#ifndef NO_RC2 +#ifndef OPENSSL_NO_RC2 {FUNC_TYPE_CIPHER,"rc2-ecb",enc_main}, #endif -#ifndef NO_RC2 +#ifndef OPENSSL_NO_RC2 {FUNC_TYPE_CIPHER,"rc2-cfb",enc_main}, #endif -#ifndef NO_RC2 +#ifndef OPENSSL_NO_RC2 {FUNC_TYPE_CIPHER,"rc2-ofb",enc_main}, #endif -#ifndef NO_RC2 +#ifndef OPENSSL_NO_RC2 {FUNC_TYPE_CIPHER,"rc2-64-cbc",enc_main}, #endif -#ifndef NO_RC2 +#ifndef OPENSSL_NO_RC2 {FUNC_TYPE_CIPHER,"rc2-40-cbc",enc_main}, #endif -#ifndef NO_BF +#ifndef OPENSSL_NO_BF {FUNC_TYPE_CIPHER,"bf-cbc",enc_main}, #endif -#ifndef NO_BF +#ifndef OPENSSL_NO_BF {FUNC_TYPE_CIPHER,"bf-ecb",enc_main}, #endif -#ifndef NO_BF +#ifndef OPENSSL_NO_BF {FUNC_TYPE_CIPHER,"bf-cfb",enc_main}, #endif -#ifndef NO_BF +#ifndef OPENSSL_NO_BF {FUNC_TYPE_CIPHER,"bf-ofb",enc_main}, #endif -#ifndef NO_CAST +#ifndef OPENSSL_NO_CAST {FUNC_TYPE_CIPHER,"cast5-cbc",enc_main}, #endif -#ifndef NO_CAST +#ifndef OPENSSL_NO_CAST {FUNC_TYPE_CIPHER,"cast5-ecb",enc_main}, #endif -#ifndef NO_CAST +#ifndef OPENSSL_NO_CAST {FUNC_TYPE_CIPHER,"cast5-cfb",enc_main}, #endif -#ifndef NO_CAST +#ifndef OPENSSL_NO_CAST {FUNC_TYPE_CIPHER,"cast5-ofb",enc_main}, #endif -#ifndef NO_CAST +#ifndef OPENSSL_NO_CAST {FUNC_TYPE_CIPHER,"cast-cbc",enc_main}, #endif -#ifndef NO_RC5 +#ifndef OPENSSL_NO_RC5 {FUNC_TYPE_CIPHER,"rc5-cbc",enc_main}, #endif -#ifndef NO_RC5 +#ifndef OPENSSL_NO_RC5 {FUNC_TYPE_CIPHER,"rc5-ecb",enc_main}, #endif -#ifndef NO_RC5 +#ifndef OPENSSL_NO_RC5 {FUNC_TYPE_CIPHER,"rc5-cfb",enc_main}, #endif -#ifndef NO_RC5 +#ifndef OPENSSL_NO_RC5 {FUNC_TYPE_CIPHER,"rc5-ofb",enc_main}, #endif {0,NULL,NULL} diff --git a/crypto/openssl/apps/progs.pl b/crypto/openssl/apps/progs.pl index 214025c..d6a40ed 100644 --- a/crypto/openssl/apps/progs.pl +++ b/crypto/openssl/apps/progs.pl @@ -28,15 +28,15 @@ foreach (@ARGV) push(@files,$_); $str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n"; if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/)) - { print "#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))\n${str}#endif\n"; } + { print "#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))\n${str}#endif\n"; } elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) || ($_ =~ /^rsautl$/)) - { print "#ifndef NO_RSA\n${str}#endif\n"; } + { print "#ifndef OPENSSL_NO_RSA\n${str}#endif\n"; } elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/)) - { print "#ifndef NO_DSA\n${str}#endif\n"; } + { print "#ifndef OPENSSL_NO_DSA\n${str}#endif\n"; } elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/) || ($_ =~ /^dhparam$/)) - { print "#ifndef NO_DH\n${str}#endif\n"; } + { print "#ifndef OPENSSL_NO_DH\n${str}#endif\n"; } elsif ( ($_ =~ /^pkcs12$/)) - { print "#if !defined(NO_DES) && !defined(NO_SHA1)\n${str}#endif\n"; } + { print "#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)\n${str}#endif\n"; } else { print $str; } } @@ -44,10 +44,13 @@ foreach (@ARGV) foreach ("md2","md4","md5","sha","sha1","mdc2","rmd160") { push(@files,$_); - printf "\t{FUNC_TYPE_MD,\"%s\",dgst_main},\n",$_; + printf "#ifndef OPENSSL_NO_".uc($_)."\n\t{FUNC_TYPE_MD,\"".$_."\",dgst_main},\n#endif\n"; } foreach ( + "aes-128-cbc", "aes-128-ecb", + "aes-192-cbc", "aes-192-ecb", + "aes-256-cbc", "aes-256-ecb", "base64", "des", "des3", "desx", "idea", "rc4", "rc4-40", "rc2", "bf", "cast", "rc5", @@ -64,13 +67,14 @@ foreach ( push(@files,$_); $t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_); - if ($_ =~ /des/) { $t="#ifndef NO_DES\n${t}#endif\n"; } - elsif ($_ =~ /idea/) { $t="#ifndef NO_IDEA\n${t}#endif\n"; } - elsif ($_ =~ /rc4/) { $t="#ifndef NO_RC4\n${t}#endif\n"; } - elsif ($_ =~ /rc2/) { $t="#ifndef NO_RC2\n${t}#endif\n"; } - elsif ($_ =~ /bf/) { $t="#ifndef NO_BF\n${t}#endif\n"; } - elsif ($_ =~ /cast/) { $t="#ifndef NO_CAST\n${t}#endif\n"; } - elsif ($_ =~ /rc5/) { $t="#ifndef NO_RC5\n${t}#endif\n"; } + if ($_ =~ /des/) { $t="#ifndef OPENSSL_NO_DES\n${t}#endif\n"; } + elsif ($_ =~ /aes/) { $t="#ifndef OPENSSL_NO_AES\n${t}#endif\n"; } + elsif ($_ =~ /idea/) { $t="#ifndef OPENSSL_NO_IDEA\n${t}#endif\n"; } + elsif ($_ =~ /rc4/) { $t="#ifndef OPENSSL_NO_RC4\n${t}#endif\n"; } + elsif ($_ =~ /rc2/) { $t="#ifndef OPENSSL_NO_RC2\n${t}#endif\n"; } + elsif ($_ =~ /bf/) { $t="#ifndef OPENSSL_NO_BF\n${t}#endif\n"; } + elsif ($_ =~ /cast/) { $t="#ifndef OPENSSL_NO_CAST\n${t}#endif\n"; } + elsif ($_ =~ /rc5/) { $t="#ifndef OPENSSL_NO_RC5\n${t}#endif\n"; } print $t; } diff --git a/crypto/openssl/apps/rand.c b/crypto/openssl/apps/rand.c index 04764d7..eaaa6e3 100644 --- a/crypto/openssl/apps/rand.c +++ b/crypto/openssl/apps/rand.c @@ -1,4 +1,57 @@ /* apps/rand.c */ +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #include "apps.h" @@ -23,6 +76,7 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; int i, r, ret = 1; int badopt; char *outfile = NULL; @@ -30,6 +84,7 @@ int MAIN(int argc, char **argv) int base64 = 0; BIO *out = NULL; int num = -1; + char *engine=NULL; apps_startup(); @@ -37,6 +92,9 @@ int MAIN(int argc, char **argv) if ((bio_err = BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); + if (!load_config(bio_err, NULL)) + goto err; + badopt = 0; i = 0; while (!badopt && argv[++i] != NULL) @@ -48,6 +106,13 @@ int MAIN(int argc, char **argv) else badopt = 1; } + else if (strcmp(argv[i], "-engine") == 0) + { + if ((argv[i+1] != NULL) && (engine == NULL)) + engine = argv[++i]; + else + badopt = 1; + } else if (strcmp(argv[i], "-rand") == 0) { if ((argv[i+1] != NULL) && (inrand == NULL)) @@ -84,12 +149,15 @@ int MAIN(int argc, char **argv) { BIO_printf(bio_err, "Usage: rand [options] num\n"); BIO_printf(bio_err, "where options are\n"); - BIO_printf(bio_err, "-out file - write to file\n"); - BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); - BIO_printf(bio_err, "-base64 - encode output\n"); + BIO_printf(bio_err, "-out file - write to file\n"); + BIO_printf(bio_err, "-engine e - use engine e, possibly a hardware device.\n"); + BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); + BIO_printf(bio_err, "-base64 - encode output\n"); goto err; } + e = setup_engine(bio_err, engine, 0); + app_RAND_load_file(NULL, bio_err, (inrand != NULL)); if (inrand != NULL) BIO_printf(bio_err,"%ld semi-random bytes loaded\n", @@ -103,7 +171,7 @@ int MAIN(int argc, char **argv) else { r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); -#ifdef VMS +#ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); @@ -144,5 +212,6 @@ err: ERR_print_errors(bio_err); if (out) BIO_free_all(out); - EXIT(ret); + apps_shutdown(); + OPENSSL_EXIT(ret); } diff --git a/crypto/openssl/apps/req.c b/crypto/openssl/apps/req.c index 11c4e5f..cffdcd1 100644 --- a/crypto/openssl/apps/req.c +++ b/crypto/openssl/apps/req.c @@ -60,7 +60,7 @@ #include <stdlib.h> #include <time.h> #include <string.h> -#ifdef NO_STDIO +#ifdef OPENSSL_NO_STDIO #define APPS_WIN16 #endif #include "apps.h" @@ -73,6 +73,7 @@ #include <openssl/x509v3.h> #include <openssl/objects.h> #include <openssl/pem.h> +#include "../crypto/cryptlib.h" #define SECTION "req" @@ -84,6 +85,7 @@ #define V3_EXTENSIONS "x509_extensions" #define REQ_EXTENSIONS "req_extensions" #define STRING_MASK "string_mask" +#define UTF8_IN "utf8" #define DEFAULT_KEY_LENGTH 512 #define MIN_KEY_LENGTH 384 @@ -101,36 +103,41 @@ * -nodes - no des encryption * -config file - Load configuration file. * -key file - make a request using key in file (or use it for verification). - * -keyform - key file format. + * -keyform arg - key file format. * -rand file(s) - load the file(s) into the PRNG. * -newkey - make a key and a request. * -modulus - print RSA modulus. + * -pubkey - output Public Key. * -x509 - output a self signed X509 structure instead. * -asn1-kludge - output new certificate request in a format that some CA's * require. This format is wrong */ -static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,int attribs); +static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,char *dn,int attribs, + unsigned long chtype); +static int build_subject(X509_REQ *req, char *subj, unsigned long chtype); static int prompt_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect, - STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs); + STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs, + unsigned long chtype); static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk, - STACK_OF(CONF_VALUE) *attr, int attribs); + STACK_OF(CONF_VALUE) *attr, int attribs, + unsigned long chtype); static int add_attribute_object(X509_REQ *req, char *text, - char *def, char *value, int nid, int min, - int max); + char *def, char *value, int nid, int n_min, + int n_max, unsigned long chtype); static int add_DN_object(X509_NAME *n, char *text, char *def, char *value, - int nid,int min,int max); -#ifndef NO_RSA + int nid,int n_min,int n_max, unsigned long chtype); +#ifndef OPENSSL_NO_RSA static void MS_CALLBACK req_cb(int p,int n,void *arg); #endif -static int req_check_len(int len,int min,int max); +static int req_check_len(int len,int n_min,int n_max); static int check_end(char *str, char *end); #ifndef MONOLITH static char *default_config_file=NULL; -static LHASH *config=NULL; #endif -static LHASH *req_conf=NULL; +static CONF *req_conf=NULL; +static int batch=0; #define TYPE_RSA 1 #define TYPE_DSA 2 @@ -140,33 +147,41 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef NO_DSA + ENGINE *e = NULL; +#ifndef OPENSSL_NO_DSA DSA *dsa_params=NULL; #endif + unsigned long nmflag = 0, reqflag = 0; int ex=1,x509=0,days=30; X509 *x509ss=NULL; X509_REQ *req=NULL; EVP_PKEY *pkey=NULL; - int i,badops=0,newreq=0,newkey= -1,pkey_type=0; + int i=0,badops=0,newreq=0,verbose=0,pkey_type=TYPE_RSA; + long newkey = -1; BIO *in=NULL,*out=NULL; int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM; - int nodes=0,kludge=0,newhdr=0; + int nodes=0,kludge=0,newhdr=0,subject=0,pubkey=0; char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL; + char *engine=NULL; char *extensions = NULL; char *req_exts = NULL; - EVP_CIPHER *cipher=NULL; + const EVP_CIPHER *cipher=NULL; + ASN1_INTEGER *serial = NULL; int modulus=0; char *inrand=NULL; char *passargin = NULL, *passargout = NULL; char *passin = NULL, *passout = NULL; char *p; + char *subj = NULL; const EVP_MD *md_alg=NULL,*digest=EVP_md5(); + unsigned long chtype = MBSTRING_ASC; #ifndef MONOLITH - MS_STATIC char config_name[256]; + char *to_free; + long errline; #endif req_conf = NULL; -#ifndef NO_DES +#ifndef OPENSSL_NO_DES cipher=EVP_des_ede3_cbc(); #endif apps_startup(); @@ -195,14 +210,22 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; outformat=str2fmt(*(++argv)); } + else if (strcmp(*argv,"-engine") == 0) + { + if (--argc < 1) goto bad; + engine= *(++argv); + } else if (strcmp(*argv,"-key") == 0) { if (--argc < 1) goto bad; keyfile= *(++argv); } + else if (strcmp(*argv,"-pubkey") == 0) + { + pubkey=1; + } else if (strcmp(*argv,"-new") == 0) { - pkey_type=TYPE_RSA; newreq=1; } else if (strcmp(*argv,"-config") == 0) @@ -260,7 +283,7 @@ int MAIN(int argc, char **argv) newkey= atoi(p); } else -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA if (strncmp("dsa:",p,4) == 0) { X509 *xtmp=NULL; @@ -300,7 +323,7 @@ int MAIN(int argc, char **argv) } else #endif -#ifndef NO_DH +#ifndef OPENSSL_NO_DH if (strncmp("dh:",p,4) == 0) { pkey_type=TYPE_DH; @@ -312,6 +335,8 @@ int MAIN(int argc, char **argv) newreq=1; } + else if (strcmp(*argv,"-batch") == 0) + batch=1; else if (strcmp(*argv,"-newhdr") == 0) newhdr=1; else if (strcmp(*argv,"-modulus") == 0) @@ -322,6 +347,22 @@ int MAIN(int argc, char **argv) nodes=1; else if (strcmp(*argv,"-noout") == 0) noout=1; + else if (strcmp(*argv,"-verbose") == 0) + verbose=1; + else if (strcmp(*argv,"-utf8") == 0) + chtype = MBSTRING_UTF8; + else if (strcmp(*argv,"-nameopt") == 0) + { + if (--argc < 1) goto bad; + if (!set_name_ex(&nmflag, *(++argv))) goto bad; + } + else if (strcmp(*argv,"-reqopt") == 0) + { + if (--argc < 1) goto bad; + if (!set_cert_ex(&reqflag, *(++argv))) goto bad; + } + else if (strcmp(*argv,"-subject") == 0) + subject=1; else if (strcmp(*argv,"-text") == 0) text=1; else if (strcmp(*argv,"-x509") == 0) @@ -330,12 +371,23 @@ int MAIN(int argc, char **argv) kludge=1; else if (strcmp(*argv,"-no-asn1-kludge") == 0) kludge=0; + else if (strcmp(*argv,"-subj") == 0) + { + if (--argc < 1) goto bad; + subj= *(++argv); + } else if (strcmp(*argv,"-days") == 0) { if (--argc < 1) goto bad; days= atoi(*(++argv)); if (days == 0) days=30; } + else if (strcmp(*argv,"-set_serial") == 0) + { + if (--argc < 1) goto bad; + serial = s2i_ASN1_INTEGER(NULL, *(++argv)); + if (!serial) goto bad; + } else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL) { /* ok */ @@ -371,11 +423,15 @@ bad: BIO_printf(bio_err," -in arg input file\n"); BIO_printf(bio_err," -out arg output file\n"); BIO_printf(bio_err," -text text form of request\n"); + BIO_printf(bio_err," -pubkey output public key\n"); BIO_printf(bio_err," -noout do not output REQ\n"); BIO_printf(bio_err," -verify verify signature on REQ\n"); BIO_printf(bio_err," -modulus RSA modulus\n"); BIO_printf(bio_err," -nodes don't encrypt the output key\n"); - BIO_printf(bio_err," -key file use the private key contained in file\n"); + BIO_printf(bio_err," -engine e use engine e, possibly a hardware device\n"); + BIO_printf(bio_err," -subject output the request's subject\n"); + BIO_printf(bio_err," -passin private key password source\n"); + BIO_printf(bio_err," -key file use the private key contained in file\n"); BIO_printf(bio_err," -keyform arg key file format\n"); BIO_printf(bio_err," -keyout arg file to send the key to\n"); BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); @@ -385,14 +441,20 @@ bad: BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n"); BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)\n"); BIO_printf(bio_err," -config file request template file.\n"); + BIO_printf(bio_err," -subj arg set or modify request subject\n"); BIO_printf(bio_err," -new new request.\n"); + BIO_printf(bio_err," -batch do not ask anything during request generation\n"); BIO_printf(bio_err," -x509 output a x509 structure instead of a cert. req.\n"); - BIO_printf(bio_err," -days number of days a x509 generated by -x509 is valid for.\n"); + BIO_printf(bio_err," -days number of days a certificate generated by -x509 is valid for.\n"); + BIO_printf(bio_err," -set_serial serial number to use for a certificate generated by -x509.\n"); BIO_printf(bio_err," -newhdr output \"NEW\" in the header lines\n"); BIO_printf(bio_err," -asn1-kludge Output the 'request' in a format that is wrong but some CA's\n"); BIO_printf(bio_err," have been reported as requiring\n"); BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n"); BIO_printf(bio_err," -reqexts .. specify request extension section (override value in config file)\n"); + BIO_printf(bio_err," -utf8 input characters are UTF8 (default ASCII)\n"); + BIO_printf(bio_err," -nameopt arg - various certificate name options\n"); + BIO_printf(bio_err," -reqopt arg - various request text options\n\n"); goto end; } @@ -408,25 +470,21 @@ bad: if (p == NULL) p=getenv("SSLEAY_CONF"); if (p == NULL) - { - strcpy(config_name,X509_get_default_cert_area()); -#ifndef VMS - strcat(config_name,"/"); -#endif - strcat(config_name,OPENSSL_CONF); - p=config_name; - } + p=to_free=make_config_name(); default_config_file=p; - config=CONF_load(config,p,NULL); + config=NCONF_new(NULL); + i=NCONF_load(config, p, &errline); #endif if (template != NULL) { - long errline; + long errline = -1; - BIO_printf(bio_err,"Using configuration from %s\n",template); - req_conf=CONF_load(NULL,template,&errline); - if (req_conf == NULL) + if( verbose ) + BIO_printf(bio_err,"Using configuration from %s\n",template); + req_conf=NCONF_new(NULL); + i=NCONF_load(req_conf,template,&errline); + if (i == 0) { BIO_printf(bio_err,"error on line %ld of %s\n",errline,template); goto end; @@ -435,7 +493,8 @@ bad: else { req_conf=config; - BIO_printf(bio_err,"Using configuration from %s\n", + if( verbose ) + BIO_printf(bio_err,"Using configuration from %s\n", default_config_file); if (req_conf == NULL) { @@ -445,7 +504,11 @@ bad: if (req_conf != NULL) { - p=CONF_get_string(req_conf,NULL,"oid_file"); + if (!load_config(bio_err, req_conf)) + goto end; + p=NCONF_get_string(req_conf,NULL,"oid_file"); + if (p == NULL) + ERR_clear_error(); if (p != NULL) { BIO *oid_bio; @@ -465,23 +528,32 @@ bad: } } } - if(!add_oid_section(bio_err, req_conf)) goto end; + if(!add_oid_section(bio_err, req_conf)) goto end; - if ((md_alg == NULL) && - ((p=CONF_get_string(req_conf,SECTION,"default_md")) != NULL)) + if (md_alg == NULL) { - if ((md_alg=EVP_get_digestbyname(p)) != NULL) - digest=md_alg; + p=NCONF_get_string(req_conf,SECTION,"default_md"); + if (p == NULL) + ERR_clear_error(); + if (p != NULL) + { + if ((md_alg=EVP_get_digestbyname(p)) != NULL) + digest=md_alg; + } } - if(!extensions) - extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS); - if(extensions) { + if (!extensions) + { + extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS); + if (!extensions) + ERR_clear_error(); + } + if (extensions) { /* Check syntax of file */ X509V3_CTX ctx; X509V3_set_ctx_test(&ctx); - X509V3_set_conf_lhash(&ctx, req_conf); - if(!X509V3_EXT_add_conf(req_conf, &ctx, extensions, NULL)) { + X509V3_set_nconf(&ctx, req_conf); + if(!X509V3_EXT_add_nconf(req_conf, &ctx, extensions, NULL)) { BIO_printf(bio_err, "Error Loading extension section %s\n", extensions); goto end; @@ -489,26 +561,50 @@ bad: } if(!passin) - passin = CONF_get_string(req_conf, SECTION, "input_password"); - + { + passin = NCONF_get_string(req_conf, SECTION, "input_password"); + if (!passin) + ERR_clear_error(); + } + if(!passout) - passout = CONF_get_string(req_conf, SECTION, "output_password"); + { + passout = NCONF_get_string(req_conf, SECTION, "output_password"); + if (!passout) + ERR_clear_error(); + } - p = CONF_get_string(req_conf, SECTION, STRING_MASK); + p = NCONF_get_string(req_conf, SECTION, STRING_MASK); + if (!p) + ERR_clear_error(); if(p && !ASN1_STRING_set_default_mask_asc(p)) { BIO_printf(bio_err, "Invalid global string mask setting %s\n", p); goto end; } + if (chtype != MBSTRING_UTF8) + { + p = NCONF_get_string(req_conf, SECTION, UTF8_IN); + if (!p) + ERR_clear_error(); + else if (!strcmp(p, "yes")) + chtype = MBSTRING_UTF8; + } + + if(!req_exts) - req_exts = CONF_get_string(req_conf, SECTION, REQ_EXTENSIONS); + { + req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS); + if (!req_exts) + ERR_clear_error(); + } if(req_exts) { /* Check syntax of file */ X509V3_CTX ctx; X509V3_set_ctx_test(&ctx); - X509V3_set_conf_lhash(&ctx, req_conf); - if(!X509V3_EXT_add_conf(req_conf, &ctx, req_exts, NULL)) { + X509V3_set_nconf(&ctx, req_conf); + if(!X509V3_EXT_add_nconf(req_conf, &ctx, req_exts, NULL)) { BIO_printf(bio_err, "Error Loading request extension section %s\n", req_exts); @@ -521,49 +617,39 @@ bad: if ((in == NULL) || (out == NULL)) goto end; + e = setup_engine(bio_err, engine, 0); + if (keyfile != NULL) { - if (BIO_read_filename(in,keyfile) <= 0) - { - perror(keyfile); - goto end; - } - - if (keyform == FORMAT_ASN1) - pkey=d2i_PrivateKey_bio(in,NULL); - else if (keyform == FORMAT_PEM) - { - pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,passin); - } - else + pkey = load_key(bio_err, keyfile, keyform, 0, passin, e, + "Private Key"); + if (!pkey) { - BIO_printf(bio_err,"bad input format specified for X509 request\n"); - goto end; - } - - if (pkey == NULL) - { - BIO_printf(bio_err,"unable to load Private key\n"); + /* load_key() has already printed an appropriate + message */ goto end; } - if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) + if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) { - char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE"); + char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE"); + if (randfile == NULL) + ERR_clear_error(); app_RAND_load_file(randfile, bio_err, 0); - } + } } if (newreq && (pkey == NULL)) { - char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE"); + char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE"); + if (randfile == NULL) + ERR_clear_error(); app_RAND_load_file(randfile, bio_err, 0); if (inrand) app_RAND_load_files(inrand); if (newkey <= 0) { - newkey=(int)CONF_get_number(req_conf,SECTION,BITS); - if (newkey <= 0) + if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey)) newkey=DEFAULT_KEY_LENGTH; } @@ -578,7 +664,7 @@ bad: if ((pkey=EVP_PKEY_new()) == NULL) goto end; -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA if (pkey_type == TYPE_RSA) { if (!EVP_PKEY_assign_RSA(pkey, @@ -588,7 +674,7 @@ bad: } else #endif -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA if (pkey_type == TYPE_DSA) { if (!DSA_generate_key(dsa_params)) goto end; @@ -602,13 +688,17 @@ bad: if (pkey == NULL) goto end; if (keyout == NULL) - keyout=CONF_get_string(req_conf,SECTION,KEYFILE); - + { + keyout=NCONF_get_string(req_conf,SECTION,KEYFILE); + if (keyout == NULL) + ERR_clear_error(); + } + if (keyout == NULL) { BIO_printf(bio_err,"writing new private key to stdout\n"); BIO_set_fp(out,stdout,BIO_NOCLOSE); -#ifdef VMS +#ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); @@ -625,9 +715,14 @@ bad: } } - p=CONF_get_string(req_conf,SECTION,"encrypt_rsa_key"); + p=NCONF_get_string(req_conf,SECTION,"encrypt_rsa_key"); if (p == NULL) - p=CONF_get_string(req_conf,SECTION,"encrypt_key"); + { + ERR_clear_error(); + p=NCONF_get_string(req_conf,SECTION,"encrypt_key"); + if (p == NULL) + ERR_clear_error(); + } if ((p != NULL) && (strcmp(p,"no") == 0)) cipher=NULL; if (nodes) cipher=NULL; @@ -689,7 +784,7 @@ loop: BIO_printf(bio_err,"you need to specify a private key\n"); goto end; } -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA if (pkey->type == EVP_PKEY_DSA) digest=EVP_dss1(); #endif @@ -701,9 +796,13 @@ loop: goto end; } - i=make_REQ(req,pkey,!x509); - if (kludge >= 0) - req->req_info->req_kludge=kludge; + i=make_REQ(req,pkey,subj,!x509, chtype); + subj=NULL; /* done processing '-subj' option */ + if ((kludge > 0) && !sk_X509_ATTRIBUTE_num(req->req_info->attributes)) + { + sk_X509_ATTRIBUTE_free(req->req_info->attributes); + req->req_info->attributes = NULL; + } if (!i) { BIO_printf(bio_err,"problems making Certificate Request\n"); @@ -718,7 +817,14 @@ loop: /* Set version to V3 */ if(!X509_set_version(x509ss, 2)) goto end; - if (!ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L)) goto end; + if (serial) + { + if (!X509_set_serialNumber(x509ss, serial)) goto end; + } + else + { + if (!ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L)) goto end; + } if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req))) goto end; if (!X509_gmtime_adj(X509_get_notBefore(x509ss),0)) goto end; @@ -731,18 +837,18 @@ loop: /* Set up V3 context struct */ X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0); - X509V3_set_conf_lhash(&ext_ctx, req_conf); + X509V3_set_nconf(&ext_ctx, req_conf); /* Add extensions */ - if(extensions && !X509V3_EXT_add_conf(req_conf, + if(extensions && !X509V3_EXT_add_nconf(req_conf, &ext_ctx, extensions, x509ss)) - { - BIO_printf(bio_err, - "Error Loading extension section %s\n", - extensions); - goto end; - } - + { + BIO_printf(bio_err, + "Error Loading extension section %s\n", + extensions); + goto end; + } + if (!(i=X509_sign(x509ss,pkey,digest))) goto end; } @@ -753,22 +859,51 @@ loop: /* Set up V3 context struct */ X509V3_set_ctx(&ext_ctx, NULL, NULL, req, NULL, 0); - X509V3_set_conf_lhash(&ext_ctx, req_conf); + X509V3_set_nconf(&ext_ctx, req_conf); /* Add extensions */ - if(req_exts && !X509V3_EXT_REQ_add_conf(req_conf, + if(req_exts && !X509V3_EXT_REQ_add_nconf(req_conf, &ext_ctx, req_exts, req)) - { - BIO_printf(bio_err, - "Error Loading extension section %s\n", - req_exts); - goto end; - } + { + BIO_printf(bio_err, + "Error Loading extension section %s\n", + req_exts); + goto end; + } if (!(i=X509_REQ_sign(req,pkey,digest))) goto end; } } + if (subj && x509) + { + BIO_printf(bio_err, "Cannot modifiy certificate subject\n"); + goto end; + } + + if (subj && !x509) + { + if (verbose) + { + BIO_printf(bio_err, "Modifying Request's Subject\n"); + print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), nmflag); + } + + if (build_subject(req, subj, chtype) == 0) + { + BIO_printf(bio_err, "ERROR: cannot modify subject\n"); + ex=1; + goto end; + } + + req->req_info->enc.modified = 1; + + if (verbose) + { + print_name(bio_err, "new subject=", X509_REQ_get_subject_name(req), nmflag); + } + } + if (verify && !x509) { int tmp=0; @@ -793,12 +928,13 @@ loop: else if (i == 0) { BIO_printf(bio_err,"verify failure\n"); + ERR_print_errors(bio_err); } else /* if (i > 0) */ BIO_printf(bio_err,"verify OK\n"); } - if (noout && !text && !modulus) + if (noout && !text && !modulus && !subject && !pubkey) { ex=0; goto end; @@ -807,7 +943,7 @@ loop: if (outfile == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); -#ifdef VMS +#ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); @@ -827,34 +963,57 @@ loop: } } + if (pubkey) + { + EVP_PKEY *tpubkey; + tpubkey=X509_REQ_get_pubkey(req); + if (tpubkey == NULL) + { + BIO_printf(bio_err,"Error getting public key\n"); + ERR_print_errors(bio_err); + goto end; + } + PEM_write_bio_PUBKEY(out, tpubkey); + EVP_PKEY_free(tpubkey); + } + if (text) { if (x509) - X509_print(out,x509ss); + X509_print_ex(out, x509ss, nmflag, reqflag); else - X509_REQ_print(out,req); + X509_REQ_print_ex(out, req, nmflag, reqflag); + } + + if(subject) + { + if(x509) + print_name(out, "subject=", X509_get_subject_name(x509ss), nmflag); + else + print_name(out, "subject=", X509_REQ_get_subject_name(req), nmflag); } if (modulus) { - EVP_PKEY *pubkey; + EVP_PKEY *tpubkey; if (x509) - pubkey=X509_get_pubkey(x509ss); + tpubkey=X509_get_pubkey(x509ss); else - pubkey=X509_REQ_get_pubkey(req); - if (pubkey == NULL) + tpubkey=X509_REQ_get_pubkey(req); + if (tpubkey == NULL) { fprintf(stdout,"Modulus=unavailable\n"); goto end; } fprintf(stdout,"Modulus="); -#ifndef NO_RSA - if (pubkey->type == EVP_PKEY_RSA) - BN_print(out,pubkey->pkey.rsa->n); +#ifndef OPENSSL_NO_RSA + if (tpubkey->type == EVP_PKEY_RSA) + BN_print(out,tpubkey->pkey.rsa->n); else #endif fprintf(stdout,"Wrong Algorithm type"); + EVP_PKEY_free(tpubkey); fprintf(stdout,"\n"); } @@ -893,55 +1052,67 @@ loop: } ex=0; end: +#ifndef MONOLITH + if(to_free) + OPENSSL_free(to_free); +#endif if (ex) { ERR_print_errors(bio_err); } - if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf); + if ((req_conf != NULL) && (req_conf != config)) NCONF_free(req_conf); BIO_free(in); BIO_free_all(out); EVP_PKEY_free(pkey); X509_REQ_free(req); X509_free(x509ss); + ASN1_INTEGER_free(serial); if(passargin && passin) OPENSSL_free(passin); if(passargout && passout) OPENSSL_free(passout); OBJ_cleanup(); -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA if (dsa_params != NULL) DSA_free(dsa_params); #endif - EXIT(ex); + apps_shutdown(); + OPENSSL_EXIT(ex); } -static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs) +static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs, + unsigned long chtype) { int ret=0,i; char no_prompt = 0; STACK_OF(CONF_VALUE) *dn_sk, *attr_sk = NULL; char *tmp, *dn_sect,*attr_sect; - tmp=CONF_get_string(req_conf,SECTION,PROMPT); + tmp=NCONF_get_string(req_conf,SECTION,PROMPT); + if (tmp == NULL) + ERR_clear_error(); if((tmp != NULL) && !strcmp(tmp, "no")) no_prompt = 1; - dn_sect=CONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME); + dn_sect=NCONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME); if (dn_sect == NULL) { BIO_printf(bio_err,"unable to find '%s' in config\n", DISTINGUISHED_NAME); goto err; } - dn_sk=CONF_get_section(req_conf,dn_sect); + dn_sk=NCONF_get_section(req_conf,dn_sect); if (dn_sk == NULL) { BIO_printf(bio_err,"unable to get '%s' section\n",dn_sect); goto err; } - attr_sect=CONF_get_string(req_conf,SECTION,ATTRIBUTES); + attr_sect=NCONF_get_string(req_conf,SECTION,ATTRIBUTES); if (attr_sect == NULL) + { + ERR_clear_error(); attr_sk=NULL; + } else { - attr_sk=CONF_get_section(req_conf,attr_sect); + attr_sk=NCONF_get_section(req_conf,attr_sect); if (attr_sk == NULL) { BIO_printf(bio_err,"unable to get '%s' section\n",attr_sect); @@ -952,8 +1123,15 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs) /* setup version number */ if (!X509_REQ_set_version(req,0L)) goto err; /* version 1 */ - if(no_prompt) i = auto_info(req, dn_sk, attr_sk, attribs); - else i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs); + if (no_prompt) + i = auto_info(req, dn_sk, attr_sk, attribs, chtype); + else + { + if (subj) + i = build_subject(req, subj, chtype); + else + i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs, chtype); + } if(!i) goto err; if (!X509_REQ_set_pubkey(req,pkey)) goto err; @@ -963,26 +1141,52 @@ err: return(ret); } +/* + * subject is expected to be in the format /type0=value0/type1=value1/type2=... + * where characters may be escaped by \ + */ +static int build_subject(X509_REQ *req, char *subject, unsigned long chtype) + { + X509_NAME *n; + + if (!(n = do_subject(subject, chtype))) + return 0; + + if (!X509_REQ_set_subject_name(req, n)) + { + X509_NAME_free(n); + return 0; + } + X509_NAME_free(n); + return 1; +} + static int prompt_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect, - STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs) + STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs, + unsigned long chtype) { int i; char *p,*q; char buf[100]; - int nid,min,max; + int nid; + long n_min,n_max; char *type,*def,*value; CONF_VALUE *v; X509_NAME *subj; subj = X509_REQ_get_subject_name(req); - BIO_printf(bio_err,"You are about to be asked to enter information that will be incorporated\n"); - BIO_printf(bio_err,"into your certificate request.\n"); - BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n"); - BIO_printf(bio_err,"There are quite a few fields but you can leave some blank\n"); - BIO_printf(bio_err,"For some fields there will be a default value,\n"); - BIO_printf(bio_err,"If you enter '.', the field will be left blank.\n"); - BIO_printf(bio_err,"-----\n"); + + if(!batch) + { + BIO_printf(bio_err,"You are about to be asked to enter information that will be incorporated\n"); + BIO_printf(bio_err,"into your certificate request.\n"); + BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n"); + BIO_printf(bio_err,"There are quite a few fields but you can leave some blank\n"); + BIO_printf(bio_err,"For some fields there will be a default value,\n"); + BIO_printf(bio_err,"If you enter '.', the field will be left blank.\n"); + BIO_printf(bio_err,"-----\n"); + } if (sk_CONF_VALUE_num(dn_sk)) @@ -1011,22 +1215,36 @@ start: for (;;) } /* If OBJ not recognised ignore it */ if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start; + + if(strlen(v->name) > sizeof buf-9) + { + BIO_printf(bio_err,"Name '%s' too long\n",v->name); + return 0; + } + sprintf(buf,"%s_default",v->name); - if ((def=CONF_get_string(req_conf,dn_sect,buf)) == NULL) + if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL) + { + ERR_clear_error(); def=""; - + } sprintf(buf,"%s_value",v->name); - if ((value=CONF_get_string(req_conf,dn_sect,buf)) == NULL) + if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL) + { + ERR_clear_error(); value=NULL; + } sprintf(buf,"%s_min",v->name); - min=(int)CONF_get_number(req_conf,dn_sect,buf); + if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min)) + n_min = -1; sprintf(buf,"%s_max",v->name); - max=(int)CONF_get_number(req_conf,dn_sect,buf); + if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max)) + n_max = -1; if (!add_DN_object(subj,v->value,def,value,nid, - min,max)) + n_min,n_max, chtype)) return 0; } if (X509_NAME_entry_count(subj) == 0) @@ -1037,7 +1255,7 @@ start: for (;;) if (attribs) { - if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0)) + if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0) && (!batch)) { BIO_printf(bio_err,"\nPlease enter the following 'extra' attributes\n"); BIO_printf(bio_err,"to be sent with your certificate request\n"); @@ -1056,24 +1274,39 @@ start2: for (;;) if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start2; + if(strlen(v->name) > sizeof buf-9) + { + BIO_printf(bio_err,"Name '%s' too long\n",v->name); + return 0; + } + sprintf(buf,"%s_default",type); - if ((def=CONF_get_string(req_conf,attr_sect,buf)) + if ((def=NCONF_get_string(req_conf,attr_sect,buf)) == NULL) + { + ERR_clear_error(); def=""; + } + sprintf(buf,"%s_value",type); - if ((value=CONF_get_string(req_conf,attr_sect,buf)) + if ((value=NCONF_get_string(req_conf,attr_sect,buf)) == NULL) + { + ERR_clear_error(); value=NULL; + } sprintf(buf,"%s_min",type); - min=(int)CONF_get_number(req_conf,attr_sect,buf); + if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min)) + n_min = -1; sprintf(buf,"%s_max",type); - max=(int)CONF_get_number(req_conf,attr_sect,buf); + if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max)) + n_max = -1; if (!add_attribute_object(req, - v->value,def,value,nid,min,max)) + v->value,def,value,nid,n_min,n_max, chtype)) return 0; } } @@ -1089,7 +1322,7 @@ start2: for (;;) } static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk, - STACK_OF(CONF_VALUE) *attr_sk, int attribs) + STACK_OF(CONF_VALUE) *attr_sk, int attribs, unsigned long chtype) { int i; char *p,*q; @@ -1117,7 +1350,7 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk, if(*p) type = p; break; } - if (!X509_NAME_add_entry_by_txt(subj,type, MBSTRING_ASC, + if (!X509_NAME_add_entry_by_txt(subj,type, chtype, (unsigned char *) v->value,-1,-1,0)) return 0; } @@ -1132,7 +1365,7 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk, for (i = 0; i < sk_CONF_VALUE_num(attr_sk); i++) { v=sk_CONF_VALUE_value(attr_sk,i); - if(!X509_REQ_add1_attr_by_txt(req, v->name, MBSTRING_ASC, + if(!X509_REQ_add1_attr_by_txt(req, v->name, chtype, (unsigned char *)v->value, -1)) return 0; } } @@ -1141,15 +1374,16 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk, static int add_DN_object(X509_NAME *n, char *text, char *def, char *value, - int nid, int min, int max) + int nid, int n_min, int n_max, unsigned long chtype) { int i,ret=0; MS_STATIC char buf[1024]; start: - BIO_printf(bio_err,"%s [%s]:",text,def); + if (!batch) BIO_printf(bio_err,"%s [%s]:",text,def); (void)BIO_flush(bio_err); - if (value != NULL) + if(value != NULL) { + OPENSSL_assert(strlen(value) < sizeof buf-2); strcpy(buf,value); strcat(buf,"\n"); BIO_printf(bio_err,"%s\n",value); @@ -1157,7 +1391,15 @@ start: else { buf[0]='\0'; - fgets(buf,1024,stdin); + if (!batch) + { + fgets(buf,sizeof buf,stdin); + } + else + { + buf[0] = '\n'; + buf[1] = '\0'; + } } if (buf[0] == '\0') return(0); @@ -1177,12 +1419,11 @@ start: return(0); } buf[--i]='\0'; - #ifdef CHARSET_EBCDIC ebcdic2ascii(buf, buf, i); #endif - if(!req_check_len(i, min, max)) goto start; - if (!X509_NAME_add_entry_by_NID(n,nid, MBSTRING_ASC, + if(!req_check_len(i, n_min, n_max)) goto start; + if (!X509_NAME_add_entry_by_NID(n,nid, chtype, (unsigned char *) buf, -1,-1,0)) goto err; ret=1; err: @@ -1190,17 +1431,18 @@ err: } static int add_attribute_object(X509_REQ *req, char *text, - char *def, char *value, int nid, int min, - int max) + char *def, char *value, int nid, int n_min, + int n_max, unsigned long chtype) { int i; static char buf[1024]; start: - BIO_printf(bio_err,"%s [%s]:",text,def); + if (!batch) BIO_printf(bio_err,"%s [%s]:",text,def); (void)BIO_flush(bio_err); if (value != NULL) { + OPENSSL_assert(strlen(value) < sizeof buf-2); strcpy(buf,value); strcat(buf,"\n"); BIO_printf(bio_err,"%s\n",value); @@ -1208,7 +1450,15 @@ start: else { buf[0]='\0'; - fgets(buf,1024,stdin); + if (!batch) + { + fgets(buf,sizeof buf,stdin); + } + else + { + buf[0] = '\n'; + buf[1] = '\0'; + } } if (buf[0] == '\0') return(0); @@ -1231,9 +1481,9 @@ start: #ifdef CHARSET_EBCDIC ebcdic2ascii(buf, buf, i); #endif - if(!req_check_len(i, min, max)) goto start; + if(!req_check_len(i, n_min, n_max)) goto start; - if(!X509_REQ_add1_attr_by_NID(req, nid, MBSTRING_ASC, + if(!X509_REQ_add1_attr_by_NID(req, nid, chtype, (unsigned char *)buf, -1)) { BIO_printf(bio_err, "Error adding attribute\n"); ERR_print_errors(bio_err); @@ -1245,7 +1495,7 @@ err: return(0); } -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA static void MS_CALLBACK req_cb(int p, int n, void *arg) { char c='*'; @@ -1262,16 +1512,16 @@ static void MS_CALLBACK req_cb(int p, int n, void *arg) } #endif -static int req_check_len(int len, int min, int max) +static int req_check_len(int len, int n_min, int n_max) { - if (len < min) + if ((n_min > 0) && (len < n_min)) { - BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",min); + BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",n_min); return(0); } - if ((max != 0) && (len > max)) + if ((n_max >= 0) && (len > n_max)) { - BIO_printf(bio_err,"string is too long, it needs to be less than %d bytes long\n",max); + BIO_printf(bio_err,"string is too long, it needs to be less than %d bytes long\n",n_max); return(0); } return(1); diff --git a/crypto/openssl/apps/rsa.c b/crypto/openssl/apps/rsa.c index b4b0651..aebec74 100644 --- a/crypto/openssl/apps/rsa.c +++ b/crypto/openssl/apps/rsa.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -79,6 +79,9 @@ * -des - encrypt output if PEM format with DES in cbc mode * -des3 - encrypt output if PEM format * -idea - encrypt output if PEM format + * -aes128 - encrypt output if PEM format + * -aes192 - encrypt output if PEM format + * -aes256 - encrypt output if PEM format * -text - print a text version * -modulus - print the RSA key modulus * -check - verify key consistency @@ -90,16 +93,18 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; int ret=1; RSA *rsa=NULL; int i,badops=0, sgckey=0; const EVP_CIPHER *enc=NULL; - BIO *in=NULL,*out=NULL; + BIO *out=NULL; int informat,outformat,text=0,check=0,noout=0; int pubin = 0, pubout = 0; char *infile,*outfile,*prog; char *passargin = NULL, *passargout = NULL; char *passin = NULL, *passout = NULL; + char *engine=NULL; int modulus=0; apps_startup(); @@ -108,6 +113,9 @@ int MAIN(int argc, char **argv) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if (!load_config(bio_err, NULL)) + goto end; + infile=NULL; outfile=NULL; informat=FORMAT_PEM; @@ -148,6 +156,11 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; passargout= *(++argv); } + else if (strcmp(*argv,"-engine") == 0) + { + if (--argc < 1) goto bad; + engine= *(++argv); + } else if (strcmp(*argv,"-sgckey") == 0) sgckey=1; else if (strcmp(*argv,"-pubin") == 0) @@ -186,20 +199,27 @@ bad: BIO_printf(bio_err," -passout arg output file pass phrase source\n"); BIO_printf(bio_err," -des encrypt PEM output with cbc des\n"); BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); -#ifndef NO_IDEA +#ifndef OPENSSL_NO_IDEA BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n"); #endif +#ifndef OPENSSL_NO_AES + BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); + BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); +#endif BIO_printf(bio_err," -text print the key in text\n"); BIO_printf(bio_err," -noout don't print key out\n"); BIO_printf(bio_err," -modulus print the RSA key modulus\n"); BIO_printf(bio_err," -check verify key consistency\n"); BIO_printf(bio_err," -pubin expect a public key in input file\n"); BIO_printf(bio_err," -pubout output a public key\n"); + BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); goto end; } ERR_load_crypto_strings(); + e = setup_engine(bio_err, engine, 0); + if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); goto end; @@ -210,69 +230,29 @@ bad: goto end; } - in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); - if ((in == NULL) || (out == NULL)) - { - ERR_print_errors(bio_err); - goto end; - } - if (infile == NULL) - BIO_set_fp(in,stdin,BIO_NOCLOSE); - else - { - if (BIO_read_filename(in,infile) <= 0) - { - perror(infile); - goto end; - } - } + { + EVP_PKEY *pkey; - BIO_printf(bio_err,"read RSA key\n"); - if (informat == FORMAT_ASN1) { - if (pubin) rsa=d2i_RSA_PUBKEY_bio(in,NULL); - else rsa=d2i_RSAPrivateKey_bio(in,NULL); - } -#ifndef NO_RC4 - else if (informat == FORMAT_NETSCAPE) - { - BUF_MEM *buf=NULL; - unsigned char *p; - int size=0; + if (pubin) + pkey = load_pubkey(bio_err, infile, + (informat == FORMAT_NETSCAPE && sgckey ? + FORMAT_IISSGC : informat), 1, + passin, e, "Public Key"); + else + pkey = load_key(bio_err, infile, + (informat == FORMAT_NETSCAPE && sgckey ? + FORMAT_IISSGC : informat), 1, + passin, e, "Private Key"); - buf=BUF_MEM_new(); - for (;;) - { - if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10))) - goto end; - i=BIO_read(in,&(buf->data[size]),1024*10); - size+=i; - if (i == 0) break; - if (i < 0) - { - perror("reading private key"); - BUF_MEM_free(buf); - goto end; - } - } - p=(unsigned char *)buf->data; - rsa=d2i_RSA_NET(NULL,&p,(long)size,NULL, sgckey); - BUF_MEM_free(buf); - } -#endif - else if (informat == FORMAT_PEM) { - if(pubin) rsa=PEM_read_bio_RSA_PUBKEY(in,NULL,NULL,NULL); - else rsa=PEM_read_bio_RSAPrivateKey(in,NULL, NULL,passin); + if (pkey != NULL) + rsa = pkey == NULL ? NULL : EVP_PKEY_get1_RSA(pkey); + EVP_PKEY_free(pkey); } - else - { - BIO_printf(bio_err,"bad input format specified for key\n"); - goto end; - } + if (rsa == NULL) { - BIO_printf(bio_err,"unable to load key\n"); ERR_print_errors(bio_err); goto end; } @@ -280,7 +260,7 @@ bad: if (outfile == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); -#ifdef VMS +#ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); @@ -319,14 +299,14 @@ bad: BIO_printf(out,"RSA key ok\n"); else if (r == 0) { - long e; + long err; - while ((e = ERR_peek_error()) != 0 && - ERR_GET_LIB(e) == ERR_LIB_RSA && - ERR_GET_FUNC(e) == RSA_F_RSA_CHECK_KEY && - ERR_GET_REASON(e) != ERR_R_MALLOC_FAILURE) + while ((err = ERR_peek_error()) != 0 && + ERR_GET_LIB(err) == ERR_LIB_RSA && + ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY && + ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE) { - BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(e)); + BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(err)); ERR_get_error(); /* remove e from error stack */ } } @@ -348,7 +328,7 @@ bad: if(pubout || pubin) i=i2d_RSA_PUBKEY_bio(out,rsa); else i=i2d_RSAPrivateKey_bio(out,rsa); } -#ifndef NO_RC4 +#ifndef OPENSSL_NO_RC4 else if (outformat == FORMAT_NETSCAPE) { unsigned char *p,*pp; @@ -384,14 +364,14 @@ bad: else ret=0; end: - if(in != NULL) BIO_free(in); if(out != NULL) BIO_free_all(out); if(rsa != NULL) RSA_free(rsa); if(passin) OPENSSL_free(passin); if(passout) OPENSSL_free(passout); - EXIT(ret); + apps_shutdown(); + OPENSSL_EXIT(ret); } -#else /* !NO_RSA */ +#else /* !OPENSSL_NO_RSA */ # if PEDANTIC static void *dummy=&dummy; diff --git a/crypto/openssl/apps/rsautl.c b/crypto/openssl/apps/rsautl.c index de231b0..36957e5 100644 --- a/crypto/openssl/apps/rsautl.c +++ b/crypto/openssl/apps/rsautl.c @@ -56,7 +56,7 @@ * */ -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA #include "apps.h" #include <string.h> @@ -82,8 +82,10 @@ int MAIN(int argc, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; BIO *in = NULL, *out = NULL; char *infile = NULL, *outfile = NULL; + char *engine = NULL; char *keyfile = NULL; char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY; int keyform = FORMAT_PEM; @@ -102,6 +104,9 @@ int MAIN(int argc, char **argv) argv++; if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); + + if (!load_config(bio_err, NULL)) + goto end; ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); pad = RSA_PKCS1_PADDING; @@ -117,6 +122,12 @@ int MAIN(int argc, char **argv) } else if(!strcmp(*argv, "-inkey")) { if (--argc < 1) badarg = 1; keyfile = *(++argv); + } else if (strcmp(*argv,"-keyform") == 0) { + if (--argc < 1) badarg = 1; + keyform=str2fmt(*(++argv)); + } else if(!strcmp(*argv, "-engine")) { + if (--argc < 1) badarg = 1; + engine = *(++argv); } else if(!strcmp(*argv, "-pubin")) { key_type = KEY_PUBKEY; } else if(!strcmp(*argv, "-certin")) { @@ -151,20 +162,25 @@ int MAIN(int argc, char **argv) goto end; } + e = setup_engine(bio_err, engine, 0); + /* FIXME: seed PRNG only if needed */ app_RAND_load_file(NULL, bio_err, 0); switch(key_type) { case KEY_PRIVKEY: - pkey = load_key(bio_err, keyfile, keyform, NULL); + pkey = load_key(bio_err, keyfile, keyform, 0, + NULL, e, "Private Key"); break; case KEY_PUBKEY: - pkey = load_pubkey(bio_err, keyfile, keyform); + pkey = load_pubkey(bio_err, keyfile, keyform, 0, + NULL, e, "Public Key"); break; case KEY_CERT: - x = load_cert(bio_err, keyfile, keyform); + x = load_cert(bio_err, keyfile, keyform, + NULL, e, "Certificate"); if(x) { pkey = X509_get_pubkey(x); X509_free(x); @@ -173,7 +189,6 @@ int MAIN(int argc, char **argv) } if(!pkey) { - BIO_printf(bio_err, "Error loading key\n"); return 1; } @@ -203,7 +218,7 @@ int MAIN(int argc, char **argv) } } else { out = BIO_new_fp(stdout, BIO_NOCLOSE); -#ifdef VMS +#ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); @@ -278,6 +293,7 @@ static void usage() BIO_printf(bio_err, "-in file input file\n"); BIO_printf(bio_err, "-out file output file\n"); BIO_printf(bio_err, "-inkey file input key\n"); + BIO_printf(bio_err, "-keyform arg private key format - default PEM\n"); BIO_printf(bio_err, "-pubin input is an RSA public\n"); BIO_printf(bio_err, "-certin input is a certificate carrying an RSA public key\n"); BIO_printf(bio_err, "-ssl use SSL v2 padding\n"); @@ -289,6 +305,8 @@ static void usage() BIO_printf(bio_err, "-encrypt encrypt with public key\n"); BIO_printf(bio_err, "-decrypt decrypt with private key\n"); BIO_printf(bio_err, "-hexdump hex dump output\n"); + BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n"); + } #endif diff --git a/crypto/openssl/apps/s_apps.h b/crypto/openssl/apps/s_apps.h index 57af7c0..ff18a72 100644 --- a/crypto/openssl/apps/s_apps.h +++ b/crypto/openssl/apps/s_apps.h @@ -55,9 +55,64 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #include <sys/types.h> -#if (defined(VMS) || defined(__VMS)) && !defined(FD_SET) +#include <openssl/opensslconf.h> + +#if defined(OPENSSL_SYS_VMS) && !defined(FD_SET) /* VAX C does not defined fd_set and friends, but it's actually quite simple */ /* These definitions are borrowed from SOCKETSHR. /Richard Levitte */ #define MAX_NOFILE 32 @@ -87,13 +142,9 @@ typedef fd_mask fd_set; int do_server(int port, int *ret, int (*cb) (), char *context); #ifdef HEADER_X509_H int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); -#else -int MS_CALLBACK verify_callback(int ok, char *ctx); #endif #ifdef HEADER_SSL_H int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file); -#else -int set_cert_stuff(char *ctx, char *cert_file, char *key_file); #endif int init_client(int *sock, char *server, int port); int should_retry(int i); @@ -104,8 +155,6 @@ long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi, long argl, long ret); #ifdef HEADER_SSL_H -void MS_CALLBACK apps_ssl_info_callback(SSL *s, int where, int ret); -#else -void MS_CALLBACK apps_ssl_info_callback(char *s, int where, int ret); +void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret); +void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); #endif - diff --git a/crypto/openssl/apps/s_cb.c b/crypto/openssl/apps/s_cb.c index fd62259..675527d 100644 --- a/crypto/openssl/apps/s_cb.c +++ b/crypto/openssl/apps/s_cb.c @@ -55,6 +55,59 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #include <stdio.h> #include <stdlib.h> @@ -81,7 +134,7 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) err= X509_STORE_CTX_get_error(ctx); depth= X509_STORE_CTX_get_error_depth(ctx); - X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256); + X509_NAME_oneline(X509_get_subject_name(err_cert),buf,sizeof buf); BIO_printf(bio_err,"depth=%d %s\n",depth,buf); if (!ok) { @@ -101,7 +154,7 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) switch (ctx->error) { case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: - X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256); + X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,sizeof buf); BIO_printf(bio_err,"issuer= %s\n",buf); break; case X509_V_ERR_CERT_NOT_YET_VALID: @@ -200,7 +253,7 @@ long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi, return(ret); } -void MS_CALLBACK apps_ssl_info_callback(SSL *s, int where, int ret) +void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret) { char *str; int w; @@ -236,3 +289,261 @@ void MS_CALLBACK apps_ssl_info_callback(SSL *s, int where, int ret) } } + +void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg) + { + BIO *bio = arg; + const char *str_write_p, *str_version, *str_content_type = "", *str_details1 = "", *str_details2= ""; + + str_write_p = write_p ? ">>>" : "<<<"; + + switch (version) + { + case SSL2_VERSION: + str_version = "SSL 2.0"; + break; + case SSL3_VERSION: + str_version = "SSL 3.0 "; + break; + case TLS1_VERSION: + str_version = "TLS 1.0 "; + break; + default: + str_version = "???"; + } + + if (version == SSL2_VERSION) + { + str_details1 = "???"; + + if (len > 0) + { + switch (((unsigned char*)buf)[0]) + { + case 0: + str_details1 = ", ERROR:"; + str_details2 = " ???"; + if (len >= 3) + { + unsigned err = (((unsigned char*)buf)[1]<<8) + ((unsigned char*)buf)[2]; + + switch (err) + { + case 0x0001: + str_details2 = " NO-CIPHER-ERROR"; + break; + case 0x0002: + str_details2 = " NO-CERTIFICATE-ERROR"; + break; + case 0x0004: + str_details2 = " BAD-CERTIFICATE-ERROR"; + break; + case 0x0006: + str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR"; + break; + } + } + + break; + case 1: + str_details1 = ", CLIENT-HELLO"; + break; + case 2: + str_details1 = ", CLIENT-MASTER-KEY"; + break; + case 3: + str_details1 = ", CLIENT-FINISHED"; + break; + case 4: + str_details1 = ", SERVER-HELLO"; + break; + case 5: + str_details1 = ", SERVER-VERIFY"; + break; + case 6: + str_details1 = ", SERVER-FINISHED"; + break; + case 7: + str_details1 = ", REQUEST-CERTIFICATE"; + break; + case 8: + str_details1 = ", CLIENT-CERTIFICATE"; + break; + } + } + } + + if (version == SSL3_VERSION || version == TLS1_VERSION) + { + switch (content_type) + { + case 20: + str_content_type = "ChangeCipherSpec"; + break; + case 21: + str_content_type = "Alert"; + break; + case 22: + str_content_type = "Handshake"; + break; + } + + if (content_type == 21) /* Alert */ + { + str_details1 = ", ???"; + + if (len == 2) + { + switch (((unsigned char*)buf)[0]) + { + case 1: + str_details1 = ", warning"; + break; + case 2: + str_details1 = ", fatal"; + break; + } + + str_details2 = " ???"; + switch (((unsigned char*)buf)[1]) + { + case 0: + str_details2 = " close_notify"; + break; + case 10: + str_details2 = " unexpected_message"; + break; + case 20: + str_details2 = " bad_record_mac"; + break; + case 21: + str_details2 = " decryption_failed"; + break; + case 22: + str_details2 = " record_overflow"; + break; + case 30: + str_details2 = " decompression_failure"; + break; + case 40: + str_details2 = " handshake_failure"; + break; + case 42: + str_details2 = " bad_certificate"; + break; + case 43: + str_details2 = " unsupported_certificate"; + break; + case 44: + str_details2 = " certificate_revoked"; + break; + case 45: + str_details2 = " certificate_expired"; + break; + case 46: + str_details2 = " certificate_unknown"; + break; + case 47: + str_details2 = " illegal_parameter"; + break; + case 48: + str_details2 = " unknown_ca"; + break; + case 49: + str_details2 = " access_denied"; + break; + case 50: + str_details2 = " decode_error"; + break; + case 51: + str_details2 = " decrypt_error"; + break; + case 60: + str_details2 = " export_restriction"; + break; + case 70: + str_details2 = " protocol_version"; + break; + case 71: + str_details2 = " insufficient_security"; + break; + case 80: + str_details2 = " internal_error"; + break; + case 90: + str_details2 = " user_canceled"; + break; + case 100: + str_details2 = " no_renegotiation"; + break; + } + } + } + + if (content_type == 22) /* Handshake */ + { + str_details1 = "???"; + + if (len > 0) + { + switch (((unsigned char*)buf)[0]) + { + case 0: + str_details1 = ", HelloRequest"; + break; + case 1: + str_details1 = ", ClientHello"; + break; + case 2: + str_details1 = ", ServerHello"; + break; + case 11: + str_details1 = ", Certificate"; + break; + case 12: + str_details1 = ", ServerKeyExchange"; + break; + case 13: + str_details1 = ", CertificateRequest"; + break; + case 14: + str_details1 = ", ServerHelloDone"; + break; + case 15: + str_details1 = ", CertificateVerify"; + break; + case 16: + str_details1 = ", ClientKeyExchange"; + break; + case 20: + str_details1 = ", Finished"; + break; + } + } + } + } + + BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, str_content_type, (unsigned long)len, str_details1, str_details2); + + if (len > 0) + { + size_t num, i; + + BIO_printf(bio, " "); + num = len; +#if 0 + if (num > 16) + num = 16; +#endif + for (i = 0; i < num; i++) + { + if (i % 16 == 0 && i > 0) + BIO_printf(bio, "\n "); + BIO_printf(bio, " %02x", ((unsigned char*)buf)[i]); + } + if (i < len) + BIO_printf(bio, " ..."); + BIO_printf(bio, "\n"); + } + BIO_flush(bio); + } diff --git a/crypto/openssl/apps/s_client.c b/crypto/openssl/apps/s_client.c index 9cfe2b1..738588c 100644 --- a/crypto/openssl/apps/s_client.c +++ b/crypto/openssl/apps/s_client.c @@ -55,12 +55,66 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #include <assert.h> #include <stdio.h> #include <stdlib.h> #include <string.h> -#ifdef NO_STDIO +#include <openssl/e_os2.h> +#ifdef OPENSSL_NO_STDIO #define APPS_WIN16 #endif @@ -68,7 +122,7 @@ recursive header file inclusion, resulting in the compiler complaining that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is needed to have fileno() declared correctly... So let's define u_int */ -#if defined(VMS) && defined(__DECC) && !defined(__U_INT) +#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT) #define __U_INT typedef unsigned int u_int; #endif @@ -82,12 +136,20 @@ typedef unsigned int u_int; #include <openssl/rand.h> #include "s_apps.h" -#ifdef WINDOWS +#ifdef OPENSSL_SYS_WINDOWS #include <conio.h> #endif +#ifdef OPENSSL_SYS_WINCE +/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */ +#ifdef fileno +#undef fileno +#endif +#define fileno(a) (int)_fileno(a) +#endif + -#if (defined(VMS) && __VMS_VER < 70000000) +#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ #undef FIONBIO #endif @@ -112,6 +174,7 @@ static int c_nbio=0; #endif static int c_Pause=0; static int c_debug=0; +static int c_msg=0; static int c_showcerts=0; static void sc_usage(void); @@ -138,6 +201,7 @@ static void sc_usage(void) BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n"); BIO_printf(bio_err," -showcerts - show all certificates in the chain\n"); BIO_printf(bio_err," -debug - extra output\n"); + BIO_printf(bio_err," -msg - Show protocol messages\n"); BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n"); BIO_printf(bio_err," -state - print the 'ssl' states\n"); #ifdef FIONBIO @@ -151,8 +215,14 @@ static void sc_usage(void) BIO_printf(bio_err," -tls1 - just use TLSv1\n"); BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n"); BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n"); + BIO_printf(bio_err," -serverpref - Use server's cipher preferences (only SSLv2)\n"); BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n"); BIO_printf(bio_err," command to see what is available\n"); + BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n"); + BIO_printf(bio_err," for those protocols that support it, where\n"); + BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n"); + BIO_printf(bio_err," only \"smtp\" is supported.\n"); + BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); } @@ -163,8 +233,9 @@ int MAIN(int argc, char **argv) { int off=0; SSL *con=NULL,*con2=NULL; + X509_STORE *store = NULL; int s,k,width,state=0; - char *cbuf=NULL,*sbuf=NULL; + char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL; int cbuf_len,cbuf_off; int sbuf_len,sbuf_off; fd_set readfds,writefds; @@ -178,19 +249,22 @@ int MAIN(int argc, char **argv) int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending; SSL_CTX *ctx=NULL; int ret=1,in_init=1,i,nbio_test=0; - int prexit = 0; + int smtp_starttls = 0; + int prexit = 0, vflags = 0; SSL_METHOD *meth=NULL; BIO *sbio; char *inrand=NULL; -#ifdef WINDOWS + char *engine_id=NULL; + ENGINE *e=NULL; +#ifdef OPENSSL_SYS_WINDOWS struct timeval tv; #endif -#if !defined(NO_SSL2) && !defined(NO_SSL3) +#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) meth=SSLv23_client_method(); -#elif !defined(NO_SSL3) +#elif !defined(OPENSSL_NO_SSL3) meth=SSLv3_client_method(); -#elif !defined(NO_SSL2) +#elif !defined(OPENSSL_NO_SSL2) meth=SSLv2_client_method(); #endif @@ -199,13 +273,18 @@ int MAIN(int argc, char **argv) c_quiet=0; c_ign_eof=0; c_debug=0; + c_msg=0; c_showcerts=0; if (bio_err == NULL) bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); + if (!load_config(bio_err, NULL)) + goto end; + if ( ((cbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) || - ((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL)) + ((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) || + ((mbuf=OPENSSL_malloc(BUFSIZZ)) == NULL)) { BIO_printf(bio_err,"out of memory\n"); goto end; @@ -250,6 +329,10 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; cert_file= *(++argv); } + else if (strcmp(*argv,"-crl_check") == 0) + vflags |= X509_V_FLAG_CRL_CHECK; + else if (strcmp(*argv,"-crl_check_all") == 0) + vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL; else if (strcmp(*argv,"-prexit") == 0) prexit=1; else if (strcmp(*argv,"-crlf") == 0) @@ -265,21 +348,23 @@ int MAIN(int argc, char **argv) c_Pause=1; else if (strcmp(*argv,"-debug") == 0) c_debug=1; + else if (strcmp(*argv,"-msg") == 0) + c_msg=1; else if (strcmp(*argv,"-showcerts") == 0) c_showcerts=1; else if (strcmp(*argv,"-nbio_test") == 0) nbio_test=1; else if (strcmp(*argv,"-state") == 0) state=1; -#ifndef NO_SSL2 +#ifndef OPENSSL_NO_SSL2 else if (strcmp(*argv,"-ssl2") == 0) meth=SSLv2_client_method(); #endif -#ifndef NO_SSL3 +#ifndef OPENSSL_NO_SSL3 else if (strcmp(*argv,"-ssl3") == 0) meth=SSLv3_client_method(); #endif -#ifndef NO_TLS1 +#ifndef OPENSSL_NO_TLS1 else if (strcmp(*argv,"-tls1") == 0) meth=TLSv1_client_method(); #endif @@ -310,6 +395,8 @@ int MAIN(int argc, char **argv) off|=SSL_OP_NO_SSLv3; else if (strcmp(*argv,"-no_ssl2") == 0) off|=SSL_OP_NO_SSLv2; + else if (strcmp(*argv,"-serverpref") == 0) + off|=SSL_OP_CIPHER_SERVER_PREFERENCE; else if (strcmp(*argv,"-cipher") == 0) { if (--argc < 1) goto bad; @@ -319,6 +406,20 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv,"-nbio") == 0) { c_nbio=1; } #endif + else if (strcmp(*argv,"-starttls") == 0) + { + if (--argc < 1) goto bad; + ++argv; + if (strcmp(*argv,"smtp") == 0) + smtp_starttls = 1; + else + goto bad; + } + else if (strcmp(*argv,"-engine") == 0) + { + if (--argc < 1) goto bad; + engine_id = *(++argv); + } else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; @@ -340,6 +441,11 @@ bad: goto end; } + OpenSSL_add_ssl_algorithms(); + SSL_load_error_strings(); + + e = setup_engine(bio_err, engine_id, 1); + if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL && !RAND_status()) { @@ -351,7 +457,7 @@ bad: if (bio_c_out == NULL) { - if (c_quiet) + if (c_quiet && !c_debug && !c_msg) { bio_c_out=BIO_new(BIO_s_null()); } @@ -362,8 +468,6 @@ bad: } } - OpenSSL_add_ssl_algorithms(); - SSL_load_error_strings(); ctx=SSL_CTX_new(meth); if (ctx == NULL) { @@ -400,8 +504,16 @@ bad: /* goto end; */ } + store = SSL_CTX_get_cert_store(ctx); + X509_STORE_set_flags(store, vflags); con=SSL_new(ctx); +#ifndef OPENSSL_NO_KRB5 + if (con && (con->kssl_ctx = kssl_ctx_new()) != NULL) + { + kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVER, host); + } +#endif /* OPENSSL_NO_KRB5 */ /* SSL_set_cipher_list(con,"RC4-MD5"); */ re_start: @@ -443,6 +555,11 @@ re_start: BIO_set_callback(sbio,bio_dump_cb); BIO_set_callback_arg(sbio,bio_c_out); } + if (c_msg) + { + SSL_set_msg_callback(con, msg_cb); + SSL_set_msg_callback_arg(con, bio_c_out); + } SSL_set_bio(con,sbio,sbio); SSL_set_connect_state(con); @@ -461,6 +578,14 @@ re_start: sbuf_len=0; sbuf_off=0; + /* This is an ugly hack that does a lot of assumptions */ + if (smtp_starttls) + { + BIO_read(sbio,mbuf,BUFSIZZ); + BIO_printf(sbio,"STARTTLS\r\n"); + BIO_read(sbio,sbuf,BUFSIZZ); + } + for (;;) { FD_ZERO(&readfds); @@ -480,6 +605,13 @@ re_start: print_stuff(bio_c_out,con,full_log); if (full_log > 0) full_log--; + if (smtp_starttls) + { + BIO_printf(bio_err,"%s",mbuf); + /* We don't need to know any more */ + smtp_starttls = 0; + } + if (reconnect) { reconnect--; @@ -496,7 +628,7 @@ re_start: if (!ssl_pending) { -#ifndef WINDOWS +#ifndef OPENSSL_SYS_WINDOWS if (tty_on) { if (read_tty) FD_SET(fileno(stdin),&readfds); @@ -523,7 +655,7 @@ re_start: * will choke the compiler: if you do have a cast then * you can either go for (int *) or (void *). */ -#ifdef WINDOWS +#ifdef OPENSSL_SYS_WINDOWS /* Under Windows we make the assumption that we can * always write to the tty: therefore if we need to * write to the tty we just fall through. Otherwise @@ -538,7 +670,11 @@ re_start: tv.tv_usec = 0; i=select(width,(void *)&readfds,(void *)&writefds, NULL,&tv); +#ifdef OPENSSL_SYS_WINCE + if(!i && (!_kbhit() || !read_tty) ) continue; +#else if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue; +#endif } else i=select(width,(void *)&readfds,(void *)&writefds, NULL,NULL); } @@ -622,8 +758,8 @@ re_start: goto shut; } } -#ifdef WINDOWS - /* Assume Windows can always write */ +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) + /* Assume Windows/DOS can always write */ else if (!ssl_pending && write_tty) #else else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds)) @@ -703,8 +839,12 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240 } } -#ifdef WINDOWS +#ifdef OPENSSL_SYS_WINDOWS +#ifdef OPENSSL_SYS_WINCE + else if (_kbhit()) +#else else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) +#endif #else else if (FD_ISSET(fileno(stdin),&readfds)) #endif @@ -768,14 +908,16 @@ end: if (con != NULL) SSL_free(con); if (con2 != NULL) SSL_free(con2); if (ctx != NULL) SSL_CTX_free(ctx); - if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); OPENSSL_free(cbuf); } - if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); OPENSSL_free(sbuf); } + if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); } + if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); } + if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); } if (bio_c_out != NULL) { BIO_free(bio_c_out); bio_c_out=NULL; } - EXIT(ret); + apps_shutdown(); + OPENSSL_EXIT(ret); } @@ -804,10 +946,10 @@ static void print_stuff(BIO *bio, SSL *s, int full) for (i=0; i<sk_X509_num(sk); i++) { X509_NAME_oneline(X509_get_subject_name( - sk_X509_value(sk,i)),buf,BUFSIZ); + sk_X509_value(sk,i)),buf,sizeof buf); BIO_printf(bio,"%2d s:%s\n",i,buf); X509_NAME_oneline(X509_get_issuer_name( - sk_X509_value(sk,i)),buf,BUFSIZ); + sk_X509_value(sk,i)),buf,sizeof buf); BIO_printf(bio," i:%s\n",buf); if (c_showcerts) PEM_write_bio_X509(bio,sk_X509_value(sk,i)); @@ -822,10 +964,10 @@ static void print_stuff(BIO *bio, SSL *s, int full) if (!(c_showcerts && got_a_chain)) /* Redundant if we showed the whole chain */ PEM_write_bio_X509(bio,peer); X509_NAME_oneline(X509_get_subject_name(peer), - buf,BUFSIZ); + buf,sizeof buf); BIO_printf(bio,"subject=%s\n",buf); X509_NAME_oneline(X509_get_issuer_name(peer), - buf,BUFSIZ); + buf,sizeof buf); BIO_printf(bio,"issuer=%s\n",buf); } else @@ -847,7 +989,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) { BIO_printf(bio,"---\nNo client certificate CA names sent\n"); } - p=SSL_get_shared_ciphers(s,buf,BUFSIZ); + p=SSL_get_shared_ciphers(s,buf,sizeof buf); if (p != NULL) { /* This works only for SSL 2. In later protocol diff --git a/crypto/openssl/apps/s_server.c b/crypto/openssl/apps/s_server.c index 624dfb5..44886c5 100644 --- a/crypto/openssl/apps/s_server.c +++ b/crypto/openssl/apps/s_server.c @@ -55,6 +55,59 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #include <assert.h> #include <stdio.h> @@ -62,7 +115,8 @@ #include <string.h> #include <sys/types.h> #include <sys/stat.h> -#ifdef NO_STDIO +#include <openssl/e_os2.h> +#ifdef OPENSSL_NO_STDIO #define APPS_WIN16 #endif @@ -70,7 +124,7 @@ recursive header file inclusion, resulting in the compiler complaining that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is needed to have fileno() declared correctly... So let's define u_int */ -#if defined(VMS) && defined(__DECC) && !defined(__U_INT) +#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT) #define __U_INT typedef unsigned int u_int; #endif @@ -86,16 +140,24 @@ typedef unsigned int u_int; #include <openssl/rand.h> #include "s_apps.h" -#ifdef WINDOWS +#ifdef OPENSSL_SYS_WINDOWS #include <conio.h> #endif -#if (defined(VMS) && __VMS_VER < 70000000) +#ifdef OPENSSL_SYS_WINCE +/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */ +#ifdef fileno +#undef fileno +#endif +#define fileno(a) (int)_fileno(a) +#endif + +#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ #undef FIONBIO #endif -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength); #endif static int sv_body(char *hostname, int s, unsigned char *context); @@ -104,7 +166,9 @@ static void close_accept_socket(void ); static void sv_usage(void); static int init_ssl_connection(SSL *s); static void print_stats(BIO *bp,SSL_CTX *ctx); -#ifndef NO_DH +static int generate_session_id(const SSL *ssl, unsigned char *id, + unsigned int *id_len); +#ifndef OPENSSL_NO_DH static DH *load_dh_param(char *dhfile); static DH *get_dh512(void); #endif @@ -120,7 +184,7 @@ static void s_server_init(void); # endif #endif -#ifndef NO_DH +#ifndef OPENSSL_NO_DH static unsigned char dh512_p[]={ 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75, 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F, @@ -174,9 +238,12 @@ static int www=0; static BIO *bio_s_out=NULL; static int s_debug=0; +static int s_msg=0; static int s_quiet=0; static int hack=0; +static char *engine_id=NULL; +static const char *session_id_prefix=NULL; #ifdef MONOLITH static void s_server_init(void) @@ -197,8 +264,10 @@ static void s_server_init(void) bio_s_out=NULL; s_debug=0; + s_msg=0; s_quiet=0; hack=0; + engine_id=NULL; } #endif @@ -224,11 +293,13 @@ static void sv_usage(void) BIO_printf(bio_err," -nbio_test - test with the non-blocking test bio\n"); BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n"); BIO_printf(bio_err," -debug - Print more output\n"); + BIO_printf(bio_err," -msg - Show protocol messages\n"); BIO_printf(bio_err," -state - Print the SSL states\n"); BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n"); BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n"); + BIO_printf(bio_err," -serverpref - Use server's cipher preferences\n"); BIO_printf(bio_err," -quiet - No server output\n"); BIO_printf(bio_err," -no_tmp_rsa - Do not generate a tmp RSA key\n"); BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n"); @@ -237,12 +308,16 @@ static void sv_usage(void) BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n"); BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n"); BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n"); -#ifndef NO_DH +#ifndef OPENSSL_NO_DH BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n"); #endif BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n"); BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n"); BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n"); + BIO_printf(bio_err," -HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n"); + BIO_printf(bio_err," with the assumption it contains a complete HTTP response.\n"); + BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); + BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n"); BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); } @@ -253,10 +328,10 @@ static char **local_argv; static int ebcdic_new(BIO *bi); static int ebcdic_free(BIO *a); static int ebcdic_read(BIO *b, char *out, int outl); -static int ebcdic_write(BIO *b, char *in, int inl); -static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr); +static int ebcdic_write(BIO *b, const char *in, int inl); +static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr); static int ebcdic_gets(BIO *bp, char *buf, int size); -static int ebcdic_puts(BIO *bp, char *str); +static int ebcdic_puts(BIO *bp, const char *str); #define BIO_TYPE_EBCDIC_FILTER (18|0x0200) static BIO_METHOD methods_ebcdic= @@ -321,7 +396,7 @@ static int ebcdic_read(BIO *b, char *out, int outl) return(ret); } -static int ebcdic_write(BIO *b, char *in, int inl) +static int ebcdic_write(BIO *b, const char *in, int inl) { EBCDIC_OUTBUFF *wbuf; int ret=0; @@ -354,7 +429,7 @@ static int ebcdic_write(BIO *b, char *in, int inl) return(ret); } -static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr) +static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr) { long ret; @@ -373,7 +448,7 @@ static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr) static int ebcdic_gets(BIO *bp, char *buf, int size) { - int i, ret; + int i, ret=0; if (bp->next_bio == NULL) return(0); /* return(BIO_gets(bp->next_bio,buf,size));*/ for (i=0; i<size-1; ++i) @@ -392,7 +467,7 @@ static int ebcdic_gets(BIO *bp, char *buf, int size) return (ret < 0 && i == 0) ? ret : i; } -static int ebcdic_puts(BIO *bp, char *str) +static int ebcdic_puts(BIO *bp, const char *str) { if (bp->next_bio == NULL) return(0); return ebcdic_write(bp, str, strlen(str)); @@ -403,6 +478,8 @@ int MAIN(int, char **); int MAIN(int argc, char *argv[]) { + X509_STORE *store = NULL; + int vflags = 0; short port=PORT; char *CApath=NULL,*CAfile=NULL; char *context = NULL; @@ -413,16 +490,14 @@ int MAIN(int argc, char *argv[]) int no_tmp_rsa=0,no_dhe=0,nocert=0; int state=0; SSL_METHOD *meth=NULL; + ENGINE *e=NULL; char *inrand=NULL; -#ifndef NO_DH - DH *dh=NULL; -#endif -#if !defined(NO_SSL2) && !defined(NO_SSL3) +#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) meth=SSLv23_server_method(); -#elif !defined(NO_SSL3) +#elif !defined(OPENSSL_NO_SSL3) meth=SSLv3_server_method(); -#elif !defined(NO_SSL2) +#elif !defined(OPENSSL_NO_SSL2) meth=SSLv2_server_method(); #endif @@ -437,6 +512,9 @@ int MAIN(int argc, char *argv[]) if (bio_err == NULL) bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); + if (!load_config(bio_err, NULL)) + goto end; + verify_depth=0; #ifdef FIONBIO s_nbio=0; @@ -509,6 +587,16 @@ int MAIN(int argc, char *argv[]) if (--argc < 1) goto bad; CApath= *(++argv); } + else if (strcmp(*argv,"-crl_check") == 0) + { + vflags |= X509_V_FLAG_CRL_CHECK; + } + else if (strcmp(*argv,"-crl_check") == 0) + { + vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL; + } + else if (strcmp(*argv,"-serverpref") == 0) + { off|=SSL_OP_CIPHER_SERVER_PREFERENCE; } else if (strcmp(*argv,"-cipher") == 0) { if (--argc < 1) goto bad; @@ -532,6 +620,8 @@ int MAIN(int argc, char *argv[]) } else if (strcmp(*argv,"-debug") == 0) { s_debug=1; } + else if (strcmp(*argv,"-msg") == 0) + { s_msg=1; } else if (strcmp(*argv,"-hack") == 0) { hack=1; } else if (strcmp(*argv,"-state") == 0) @@ -550,24 +640,36 @@ int MAIN(int argc, char *argv[]) { www=1; } else if (strcmp(*argv,"-WWW") == 0) { www=2; } + else if (strcmp(*argv,"-HTTP") == 0) + { www=3; } else if (strcmp(*argv,"-no_ssl2") == 0) { off|=SSL_OP_NO_SSLv2; } else if (strcmp(*argv,"-no_ssl3") == 0) { off|=SSL_OP_NO_SSLv3; } else if (strcmp(*argv,"-no_tls1") == 0) { off|=SSL_OP_NO_TLSv1; } -#ifndef NO_SSL2 +#ifndef OPENSSL_NO_SSL2 else if (strcmp(*argv,"-ssl2") == 0) { meth=SSLv2_server_method(); } #endif -#ifndef NO_SSL3 +#ifndef OPENSSL_NO_SSL3 else if (strcmp(*argv,"-ssl3") == 0) { meth=SSLv3_server_method(); } #endif -#ifndef NO_TLS1 +#ifndef OPENSSL_NO_TLS1 else if (strcmp(*argv,"-tls1") == 0) { meth=TLSv1_server_method(); } #endif + else if (strcmp(*argv, "-id_prefix") == 0) + { + if (--argc < 1) goto bad; + session_id_prefix = *(++argv); + } + else if (strcmp(*argv,"-engine") == 0) + { + if (--argc < 1) goto bad; + engine_id= *(++argv); + } else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; @@ -589,6 +691,11 @@ bad: goto end; } + SSL_load_error_strings(); + OpenSSL_add_ssl_algorithms(); + + e = setup_engine(bio_err, engine_id, 1); + if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL && !RAND_status()) { @@ -600,7 +707,7 @@ bad: if (bio_s_out == NULL) { - if (s_quiet && !s_debug) + if (s_quiet && !s_debug && !s_msg) { bio_s_out=BIO_new(BIO_s_null()); } @@ -611,7 +718,7 @@ bad: } } -#if !defined(NO_RSA) || !defined(NO_DSA) +#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) if (nocert) #endif { @@ -621,21 +728,32 @@ bad: s_dkey_file=NULL; } - SSL_load_error_strings(); - OpenSSL_add_ssl_algorithms(); - ctx=SSL_CTX_new(meth); if (ctx == NULL) { ERR_print_errors(bio_err); goto end; } - + if (session_id_prefix) + { + if(strlen(session_id_prefix) >= 32) + BIO_printf(bio_err, +"warning: id_prefix is too long, only one new session will be possible\n"); + else if(strlen(session_id_prefix) >= 16) + BIO_printf(bio_err, +"warning: id_prefix is too long if you use SSLv2\n"); + if(!SSL_CTX_set_generate_session_id(ctx, generate_session_id)) + { + BIO_printf(bio_err,"error setting 'id_prefix'\n"); + ERR_print_errors(bio_err); + goto end; + } + BIO_printf(bio_err,"id_prefix '%s' set.\n", session_id_prefix); + } SSL_CTX_set_quiet_shutdown(ctx,1); if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL); if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); SSL_CTX_set_options(ctx,off); - if (hack) SSL_CTX_set_options(ctx,SSL_OP_NON_EXPORT_FIRST); if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); @@ -660,11 +778,19 @@ bad: ERR_print_errors(bio_err); /* goto end; */ } + store = SSL_CTX_get_cert_store(ctx); + X509_STORE_set_flags(store, vflags); -#ifndef NO_DH +#ifndef OPENSSL_NO_DH if (!no_dhe) { - dh=load_dh_param(dhfile ? dhfile : s_cert_file); + DH *dh=NULL; + + if (dhfile) + dh = load_dh_param(dhfile); + else if (s_cert_file) + dh = load_dh_param(s_cert_file); + if (dh != NULL) { BIO_printf(bio_s_out,"Setting temp DH parameters\n"); @@ -689,7 +815,7 @@ bad: goto end; } -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA #if 1 if (!no_tmp_rsa) SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb); @@ -741,7 +867,8 @@ end: BIO_free(bio_s_out); bio_s_out=NULL; } - EXIT(ret); + apps_shutdown(); + OPENSSL_EXIT(ret); } static void print_stats(BIO *bio, SSL_CTX *ssl_ctx) @@ -778,7 +905,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) unsigned long l; SSL *con=NULL; BIO *sbio; -#ifdef WINDOWS +#ifdef OPENSSL_SYS_WINDOWS struct timeval tv; #endif @@ -801,6 +928,15 @@ static int sv_body(char *hostname, int s, unsigned char *context) if (con == NULL) { con=SSL_new(ctx); +#ifndef OPENSSL_NO_KRB5 + if ((con->kssl_ctx = kssl_ctx_new()) != NULL) + { + kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, + KRB5SVC); + kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, + KRB5KEYTAB); + } +#endif /* OPENSSL_NO_KRB5 */ if(context) SSL_set_session_id_context(con, context, strlen((char *)context)); @@ -825,6 +961,11 @@ static int sv_body(char *hostname, int s, unsigned char *context) BIO_set_callback(SSL_get_rbio(con),bio_dump_cb); BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out); } + if (s_msg) + { + SSL_set_msg_callback(con, msg_cb); + SSL_set_msg_callback_arg(con, bio_s_out); + } width=s+1; for (;;) @@ -838,7 +979,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) if (!read_from_sslcon) { FD_ZERO(&readfds); -#ifndef WINDOWS +#ifndef OPENSSL_SYS_WINDOWS FD_SET(fileno(stdin),&readfds); #endif FD_SET(s,&readfds); @@ -848,7 +989,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) * the compiler: if you do have a cast then you can either * go for (int *) or (void *). */ -#ifdef WINDOWS +#ifdef OPENSSL_SYS_WINDOWS /* Under Windows we can't select on stdin: only * on sockets. As a workaround we timeout the select every * second and check for any keypress. In a proper Windows @@ -1043,7 +1184,7 @@ err: BIO_printf(bio_s_out,"CONNECTION CLOSED\n"); if (buf != NULL) { - memset(buf,0,bufsize); + OPENSSL_cleanse(buf,bufsize); OPENSSL_free(buf); } if (ret >= 0) @@ -1095,14 +1236,14 @@ static int init_ssl_connection(SSL *con) { BIO_printf(bio_s_out,"Client certificate\n"); PEM_write_bio_X509(bio_s_out,peer); - X509_NAME_oneline(X509_get_subject_name(peer),buf,BUFSIZ); + X509_NAME_oneline(X509_get_subject_name(peer),buf,sizeof buf); BIO_printf(bio_s_out,"subject=%s\n",buf); - X509_NAME_oneline(X509_get_issuer_name(peer),buf,BUFSIZ); + X509_NAME_oneline(X509_get_issuer_name(peer),buf,sizeof buf); BIO_printf(bio_s_out,"issuer=%s\n",buf); X509_free(peer); } - if (SSL_get_shared_ciphers(con,buf,BUFSIZ) != NULL) + if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL) BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf); str=SSL_CIPHER_get_name(SSL_get_current_cipher(con)); BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)"); @@ -1114,7 +1255,7 @@ static int init_ssl_connection(SSL *con) return(1); } -#ifndef NO_DH +#ifndef OPENSSL_NO_DH static DH *load_dh_param(char *dhfile) { DH *ret=NULL; @@ -1183,6 +1324,13 @@ static int www_body(char *hostname, int s, unsigned char *context) if (!BIO_set_write_buffer_size(io,bufsize)) goto err; if ((con=SSL_new(ctx)) == NULL) goto err; +#ifndef OPENSSL_NO_KRB5 + if ((con->kssl_ctx = kssl_ctx_new()) != NULL) + { + kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC); + kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB); + } +#endif /* OPENSSL_NO_KRB5 */ if(context) SSL_set_session_id_context(con, context, strlen((char *)context)); @@ -1210,6 +1358,11 @@ static int www_body(char *hostname, int s, unsigned char *context) BIO_set_callback(SSL_get_rbio(con),bio_dump_cb); BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out); } + if (s_msg) + { + SSL_set_msg_callback(con, msg_cb); + SSL_set_msg_callback_arg(con, bio_s_out); + } blank=0; for (;;) @@ -1250,7 +1403,7 @@ static int www_body(char *hostname, int s, unsigned char *context) else { BIO_printf(bio_s_out,"read R BLOCK\n"); -#ifndef MSDOS +#if !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__) sleep(1); #endif continue; @@ -1344,7 +1497,8 @@ static int www_body(char *hostname, int s, unsigned char *context) BIO_puts(io,"</BODY></HTML>\r\n\r\n"); break; } - else if ((www == 2) && (strncmp("GET /",buf,5) == 0)) + else if ((www == 2 || www == 3) + && (strncmp("GET /",buf,5) == 0)) { BIO *file; char *p,*e; @@ -1434,13 +1588,16 @@ static int www_body(char *hostname, int s, unsigned char *context) if (!s_quiet) BIO_printf(bio_err,"FILE:%s\n",p); - i=strlen(p); - if ( ((i > 5) && (strcmp(&(p[i-5]),".html") == 0)) || - ((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) || - ((i > 4) && (strcmp(&(p[i-4]),".htm") == 0))) - BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); - else - BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"); + if (www == 2) + { + i=strlen(p); + if ( ((i > 5) && (strcmp(&(p[i-5]),".html") == 0)) || + ((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) || + ((i > 4) && (strcmp(&(p[i-4]),".htm") == 0))) + BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); + else + BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"); + } /* send the file */ total_bytes=0; for (;;) @@ -1518,7 +1675,7 @@ err: return(ret); } -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength) { static RSA *rsa_tmp=NULL; @@ -1540,3 +1697,26 @@ static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength) return(rsa_tmp); } #endif + +#define MAX_SESSION_ID_ATTEMPTS 10 +static int generate_session_id(const SSL *ssl, unsigned char *id, + unsigned int *id_len) + { + unsigned int count = 0; + do { + RAND_pseudo_bytes(id, *id_len); + /* Prefix the session_id with the required prefix. NB: If our + * prefix is too long, clip it - but there will be worse effects + * anyway, eg. the server could only possibly create 1 session + * ID (ie. the prefix!) so all future session negotiations will + * fail due to conflicts. */ + memcpy(id, session_id_prefix, + (strlen(session_id_prefix) < *id_len) ? + strlen(session_id_prefix) : *id_len); + } + while(SSL_has_matching_session_id(ssl, id, *id_len) && + (++count < MAX_SESSION_ID_ATTEMPTS)); + if(count >= MAX_SESSION_ID_ATTEMPTS) + return 0; + return 1; + } diff --git a/crypto/openssl/apps/s_socket.c b/crypto/openssl/apps/s_socket.c index 9812e6d..a88de6c 100644 --- a/crypto/openssl/apps/s_socket.c +++ b/crypto/openssl/apps/s_socket.c @@ -62,11 +62,13 @@ #include <errno.h> #include <signal.h> +#include <openssl/e_os2.h> + /* With IPv6, it looks like Digital has mixed up the proper order of recursive header file inclusion, resulting in the compiler complaining that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is needed to have fileno() declared correctly... So let's define u_int */ -#if defined(VMS) && defined(__DECC) && !defined(__U_INT) +#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT) #define __U_INT typedef unsigned int u_int; #endif @@ -80,27 +82,27 @@ typedef unsigned int u_int; #include <openssl/ssl.h> static struct hostent *GetHostByName(char *name); -#ifdef WINDOWS -static void sock_cleanup(void); +#ifdef OPENSSL_SYS_WINDOWS +static void ssl_sock_cleanup(void); #endif -static int sock_init(void); +static int ssl_sock_init(void); static int init_client_ip(int *sock,unsigned char ip[4], int port); static int init_server(int *sock, int port); static int init_server_long(int *sock, int port,char *ip); static int do_accept(int acc_sock, int *sock, char **host); static int host_ip(char *str, unsigned char ip[4]); -#ifdef WIN16 +#ifdef OPENSSL_SYS_WIN16 #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ #else #define SOCKET_PROTOCOL IPPROTO_TCP #endif -#ifdef WINDOWS +#ifdef OPENSSL_SYS_WINDOWS static struct WSAData wsa_state; static int wsa_init_done=0; -#ifdef WIN16 +#ifdef OPENSSL_SYS_WIN16 static HWND topWnd=0; static FARPROC lpTopWndProc=NULL; static FARPROC lpTopHookProc=NULL; @@ -116,7 +118,7 @@ static LONG FAR PASCAL topHookProc(HWND hwnd, UINT message, WPARAM wParam, case WM_DESTROY: case WM_CLOSE: SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopWndProc); - sock_cleanup(); + ssl_sock_cleanup(); break; } } @@ -129,30 +131,38 @@ static BOOL CALLBACK enumproc(HWND hwnd,LPARAM lParam) return(FALSE); } -#endif /* WIN32 */ -#endif /* WINDOWS */ +#endif /* OPENSSL_SYS_WIN32 */ +#endif /* OPENSSL_SYS_WINDOWS */ -#ifdef WINDOWS -static void sock_cleanup(void) +#ifdef OPENSSL_SYS_WINDOWS +static void ssl_sock_cleanup(void) { if (wsa_init_done) { wsa_init_done=0; +#ifndef OPENSSL_SYS_WINCE WSACancelBlockingCall(); +#endif WSACleanup(); } } #endif -static int sock_init(void) +static int ssl_sock_init(void) { -#ifdef WINDOWS +#ifdef WATT32 + extern int _watt_do_exit; + _watt_do_exit = 0; + dbug_init(); + if (sock_init()) + return (0); +#elif defined(OPENSSL_SYS_WINDOWS) if (!wsa_init_done) { int err; #ifdef SIGINT - signal(SIGINT,(void (*)(int))sock_cleanup); + signal(SIGINT,(void (*)(int))ssl_sock_cleanup); #endif wsa_init_done=1; memset(&wsa_state,0,sizeof(wsa_state)); @@ -163,15 +173,15 @@ static int sock_init(void) return(0); } -#ifdef WIN16 +#ifdef OPENSSL_SYS_WIN16 EnumTaskWindows(GetCurrentTask(),enumproc,0L); lpTopWndProc=(FARPROC)GetWindowLong(topWnd,GWL_WNDPROC); lpTopHookProc=MakeProcInstance((FARPROC)topHookProc,_hInstance); SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopHookProc); -#endif /* WIN16 */ +#endif /* OPENSSL_SYS_WIN16 */ } -#endif /* WINDOWS */ +#endif /* OPENSSL_SYS_WINDOWS */ return(1); } @@ -194,7 +204,7 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port) struct sockaddr_in them; int s,i; - if (!sock_init()) return(0); + if (!ssl_sock_init()) return(0); memset((char *)&them,0,sizeof(them)); them.sin_family=AF_INET; @@ -209,7 +219,7 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port) s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); if (s == INVALID_SOCKET) { perror("socket"); return(0); } -#ifndef MPE +#ifndef OPENSSL_SYS_MPE i=0; i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i)); if (i < 0) { perror("keepalive"); return(0); } @@ -259,7 +269,7 @@ static int init_server_long(int *sock, int port, char *ip) struct sockaddr_in server; int s= -1,i; - if (!sock_init()) return(0); + if (!ssl_sock_init()) return(0); memset((char *)&server,0,sizeof(server)); server.sin_family=AF_INET; @@ -285,7 +295,7 @@ static int init_server_long(int *sock, int port, char *ip) #endif if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1) { -#ifndef WINDOWS +#ifndef OPENSSL_SYS_WINDOWS perror("bind"); #endif goto err; @@ -316,9 +326,9 @@ static int do_accept(int acc_sock, int *sock, char **host) int len; /* struct linger ling; */ - if (!sock_init()) return(0); + if (!ssl_sock_init()) return(0); -#ifndef WINDOWS +#ifndef OPENSSL_SYS_WINDOWS redoit: #endif @@ -332,7 +342,7 @@ redoit: ret=accept(acc_sock,(struct sockaddr *)&from,(void *)&len); if (ret == INVALID_SOCKET) { -#ifdef WINDOWS +#ifdef OPENSSL_SYS_WINDOWS i=WSAGetLastError(); BIO_printf(bio_err,"accept error %d\n",i); #else @@ -446,7 +456,7 @@ static int host_ip(char *str, unsigned char ip[4]) { /* do a gethostbyname */ struct hostent *he; - if (!sock_init()) return(0); + if (!ssl_sock_init()) return(0); he=GetHostByName(str); if (he == NULL) @@ -527,9 +537,12 @@ static struct hostent *GetHostByName(char *name) ret=gethostbyname(name); if (ret == NULL) return(NULL); /* else add to cache */ - strncpy(ghbn_cache[lowi].name,name,128); - memcpy((char *)&(ghbn_cache[lowi].ent),ret,sizeof(struct hostent)); - ghbn_cache[lowi].order=ghbn_miss+ghbn_hits; + if(strlen(name) < sizeof ghbn_cache[0].name) + { + strcpy(ghbn_cache[lowi].name,name); + memcpy((char *)&(ghbn_cache[lowi].ent),ret,sizeof(struct hostent)); + ghbn_cache[lowi].order=ghbn_miss+ghbn_hits; + } return(ret); } else diff --git a/crypto/openssl/apps/s_time.c b/crypto/openssl/apps/s_time.c index 2d8e2b2..1ad16cd 100644 --- a/crypto/openssl/apps/s_time.c +++ b/crypto/openssl/apps/s_time.c @@ -67,22 +67,25 @@ #include <stdlib.h> #include <string.h> -#ifdef NO_STDIO +#define USE_SOCKETS +#include "apps.h" +#ifdef OPENSSL_NO_STDIO #define APPS_WIN16 #endif -#define USE_SOCKETS #include <openssl/x509.h> #include <openssl/ssl.h> #include <openssl/pem.h> -#include "apps.h" #include "s_apps.h" #include <openssl/err.h> #ifdef WIN32_STUFF #include "winmain.h" #include "wintext.h" #endif +#if !defined(OPENSSL_SYS_MSDOS) +#include OPENSSL_UNISTD +#endif -#if !defined(MSDOS) && !defined(VXWORKS) && (!defined(VMS) || defined(__DECC)) || defined (_DARWIN) +#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) #define TIMES #endif @@ -98,18 +101,14 @@ The __TMS macro will show if it was. If it wasn't defined, we should undefine TIMES, since that tells the rest of the program how things should be handled. -- Richard Levitte */ -#if defined(VMS) && defined(__DECC) && !defined(__TMS) +#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS) #undef TIMES #endif -#if !defined(TIMES) && !defined(VXWORKS) +#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS) #include <sys/timeb.h> #endif -#ifdef _AIX -#include <sys/select.h> -#endif - #if defined(sun) || defined(__ultrix) #define _POSIX_SOURCE #include <limits.h> @@ -119,11 +118,19 @@ /* The following if from times(3) man page. It may need to be changed */ #ifndef HZ -#ifndef CLK_TCK -#define HZ 100.0 -#else /* CLK_TCK */ -#define HZ ((double)CLK_TCK) -#endif +# ifdef _SC_CLK_TCK +# define HZ ((double)sysconf(_SC_CLK_TCK)) +# else +# ifndef CLK_TCK +# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */ +# define HZ 100.0 +# else /* _BSD_CLK_TCK_ */ +# define HZ ((double)_BSD_CLK_TCK_) +# endif +# else /* CLK_TCK */ +# define HZ ((double)CLK_TCK) +# endif +# endif #endif #undef PROG @@ -139,6 +146,8 @@ #undef BUFSIZZ #define BUFSIZZ 1024*10 +#define MYBUFSIZ 1024*8 + #undef min #undef max #define min(a,b) (((a) < (b)) ? (a) : (b)) @@ -176,7 +185,7 @@ static int perform=0; #ifdef FIONBIO static int t_nbio=0; #endif -#ifdef WIN32 +#ifdef OPENSSL_SYS_WIN32 static int exitNow = 0; /* Set when it's time to exit main */ #endif @@ -200,7 +209,7 @@ static void s_time_init(void) #ifdef FIONBIO t_nbio=0; #endif -#ifdef WIN32 +#ifdef OPENSSL_SYS_WIN32 exitNow = 0; /* Set when it's time to exit main */ #endif } @@ -313,14 +322,19 @@ static int parseArgs(int argc, char **argv) { if (--argc < 1) goto bad; s_www_path= *(++argv); + if(strlen(s_www_path) > MYBUFSIZ-100) + { + BIO_printf(bio_err,"-www option too long\n"); + badop=1; + } } else if(strcmp(*argv,"-bugs") == 0) st_bugs=1; -#ifndef NO_SSL2 +#ifndef OPENSSL_NO_SSL2 else if(strcmp(*argv,"-ssl2") == 0) s_time_meth=SSLv2_client_method(); #endif -#ifndef NO_SSL3 +#ifndef OPENSSL_NO_SSL3 else if(strcmp(*argv,"-ssl3") == 0) s_time_meth=SSLv3_client_method(); #endif @@ -370,7 +384,7 @@ static double tm_Time_F(int s) ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; return((ret == 0.0)?1e-6:ret); } -#elif defined(VXWORKS) +#elif defined(OPENSSL_SYS_VXWORKS) { static unsigned long tick_start, tick_end; @@ -424,11 +438,11 @@ int MAIN(int argc, char **argv) if (bio_err == NULL) bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); -#if !defined(NO_SSL2) && !defined(NO_SSL3) +#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) s_time_meth=SSLv23_client_method(); -#elif !defined(NO_SSL3) +#elif !defined(OPENSSL_NO_SSL3) s_time_meth=SSLv3_client_method(); -#elif !defined(NO_SSL2) +#elif !defined(OPENSSL_NO_SSL2) s_time_meth=SSLv2_client_method(); #endif @@ -461,7 +475,6 @@ int MAIN(int argc, char **argv) if (tm_cipher == NULL ) { fprintf( stderr, "No CIPHER specified\n" ); -/* EXIT(1); */ } if (!(perform & 1)) goto next; @@ -474,7 +487,7 @@ int MAIN(int argc, char **argv) tm_Time_F(START); for (;;) { - if (finishtime < time(NULL)) break; + if (finishtime < (long)time(NULL)) break; #ifdef WIN32_STUFF if( flushWinMsgs(0) == -1 ) @@ -525,9 +538,9 @@ int MAIN(int argc, char **argv) } totalTime += tm_Time_F(STOP); /* Add the time for this iteration */ - i=(int)(time(NULL)-finishtime+maxTime); + i=(int)((long)time(NULL)-finishtime+maxTime); printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read); - printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,time(NULL)-finishtime+maxTime,bytes_read/nConn); + printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn); /* Now loop and time connections using the same session id over and over */ @@ -559,7 +572,7 @@ next: nConn = 0; totalTime = 0.0; - finishtime=time(NULL)+maxTime; + finishtime=(long)time(NULL)+maxTime; printf( "starting\n" ); bytes_read=0; @@ -567,7 +580,7 @@ next: for (;;) { - if (finishtime < time(NULL)) break; + if (finishtime < (long)time(NULL)) break; #ifdef WIN32_STUFF if( flushWinMsgs(0) == -1 ) @@ -617,7 +630,7 @@ next: printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read); - printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,time(NULL)-finishtime+maxTime,bytes_read/nConn); + printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn); ret=0; end: @@ -628,7 +641,8 @@ end: SSL_CTX_free(tm_ctx); tm_ctx=NULL; } - EXIT(ret); + apps_shutdown(); + OPENSSL_EXIT(ret); } /*********************************************************************** diff --git a/crypto/openssl/apps/sess_id.c b/crypto/openssl/apps/sess_id.c index 60cc3f1..d91d84d 100644 --- a/crypto/openssl/apps/sess_id.c +++ b/crypto/openssl/apps/sess_id.c @@ -156,7 +156,7 @@ int MAIN(int argc, char **argv) { bad: for (pp=sess_id_usage; (*pp != NULL); pp++) - BIO_printf(bio_err,*pp); + BIO_printf(bio_err,"%s",*pp); goto end; } @@ -208,7 +208,7 @@ bad: if (outfile == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); -#ifdef VMS +#ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); @@ -272,7 +272,8 @@ bad: end: if (out != NULL) BIO_free_all(out); if (x != NULL) SSL_SESSION_free(x); - EXIT(ret); + apps_shutdown(); + OPENSSL_EXIT(ret); } static SSL_SESSION *load_sess_id(char *infile, int format) diff --git a/crypto/openssl/apps/smime.c b/crypto/openssl/apps/smime.c index ebdac15..ef0e477 100644 --- a/crypto/openssl/apps/smime.c +++ b/crypto/openssl/apps/smime.c @@ -67,7 +67,6 @@ #undef PROG #define PROG smime_main -static X509_STORE *setup_verify(char *CAfile, char *CApath); static int save_certs(char *signerfile, STACK_OF(X509) *signers); #define SMIME_OP 0x10 @@ -81,6 +80,7 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; int operation = 0; int ret = 0; char **args; @@ -88,7 +88,7 @@ int MAIN(int argc, char **argv) char *infile = NULL, *outfile = NULL; char *signerfile = NULL, *recipfile = NULL; char *certfile = NULL, *keyfile = NULL, *contfile=NULL; - EVP_CIPHER *cipher = NULL; + const EVP_CIPHER *cipher = NULL; PKCS7 *p7 = NULL; X509_STORE *store = NULL; X509 *cert = NULL, *recip = NULL, *signer = NULL; @@ -96,30 +96,41 @@ int MAIN(int argc, char **argv) STACK_OF(X509) *encerts = NULL, *other = NULL; BIO *in = NULL, *out = NULL, *indata = NULL; int badarg = 0; - int flags = PKCS7_DETACHED; + int flags = PKCS7_DETACHED, store_flags = 0; char *to = NULL, *from = NULL, *subject = NULL; char *CAfile = NULL, *CApath = NULL; char *passargin = NULL, *passin = NULL; char *inrand = NULL; int need_rand = 0; int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; - args = argv + 1; + int keyform = FORMAT_PEM; + char *engine=NULL; + args = argv + 1; ret = 1; + apps_startup(); + + if (bio_err == NULL) + if ((bio_err = BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); + + if (!load_config(bio_err, NULL)) + goto end; + while (!badarg && *args && *args[0] == '-') { if (!strcmp (*args, "-encrypt")) operation = SMIME_ENCRYPT; else if (!strcmp (*args, "-decrypt")) operation = SMIME_DECRYPT; else if (!strcmp (*args, "-sign")) operation = SMIME_SIGN; else if (!strcmp (*args, "-verify")) operation = SMIME_VERIFY; else if (!strcmp (*args, "-pk7out")) operation = SMIME_PK7OUT; -#ifndef NO_DES +#ifndef OPENSSL_NO_DES else if (!strcmp (*args, "-des3")) cipher = EVP_des_ede3_cbc(); else if (!strcmp (*args, "-des")) cipher = EVP_des_cbc(); #endif -#ifndef NO_RC2 +#ifndef OPENSSL_NO_RC2 else if (!strcmp (*args, "-rc2-40")) cipher = EVP_rc2_40_cbc(); else if (!strcmp (*args, "-rc2-128")) @@ -127,6 +138,14 @@ int MAIN(int argc, char **argv) else if (!strcmp (*args, "-rc2-64")) cipher = EVP_rc2_64_cbc(); #endif +#ifndef OPENSSL_NO_AES + else if (!strcmp(*args,"-aes128")) + cipher = EVP_aes_128_cbc(); + else if (!strcmp(*args,"-aes192")) + cipher = EVP_aes_192_cbc(); + else if (!strcmp(*args,"-aes256")) + cipher = EVP_aes_256_cbc(); +#endif else if (!strcmp (*args, "-text")) flags |= PKCS7_TEXT; else if (!strcmp (*args, "-nointern")) @@ -147,12 +166,21 @@ int MAIN(int argc, char **argv) flags |= PKCS7_BINARY; else if (!strcmp (*args, "-nosigs")) flags |= PKCS7_NOSIGS; + else if (!strcmp (*args, "-crl_check")) + store_flags |= X509_V_FLAG_CRL_CHECK; + else if (!strcmp (*args, "-crl_check_all")) + store_flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL; else if (!strcmp(*args,"-rand")) { if (args[1]) { args++; inrand = *args; } else badarg = 1; need_rand = 1; + } else if (!strcmp(*args,"-engine")) { + if (args[1]) { + args++; + engine = *args; + } else badarg = 1; } else if (!strcmp(*args,"-passin")) { if (args[1]) { args++; @@ -188,6 +216,11 @@ int MAIN(int argc, char **argv) args++; keyfile = *args; } else badarg = 1; + } else if (!strcmp (*args, "-keyform")) { + if (args[1]) { + args++; + keyform = str2fmt(*args); + } else badarg = 1; } else if (!strcmp (*args, "-certfile")) { if (args[1]) { args++; @@ -259,15 +292,19 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-sign sign message\n"); BIO_printf (bio_err, "-verify verify signed message\n"); BIO_printf (bio_err, "-pk7out output PKCS#7 structure\n"); -#ifndef NO_DES +#ifndef OPENSSL_NO_DES BIO_printf (bio_err, "-des3 encrypt with triple DES\n"); BIO_printf (bio_err, "-des encrypt with DES\n"); #endif -#ifndef NO_RC2 +#ifndef OPENSSL_NO_RC2 BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n"); BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n"); BIO_printf (bio_err, "-rc2-128 encrypt with RC2-128\n"); #endif +#ifndef OPENSSL_NO_AES + BIO_printf (bio_err, "-aes128, -aes192, -aes256\n"); + BIO_printf (bio_err, " encrypt PEM output with cbc aes\n"); +#endif BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n"); BIO_printf (bio_err, "-nosigs don't verify message signature\n"); BIO_printf (bio_err, "-noverify don't verify signers certificate\n"); @@ -281,6 +318,7 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-in file input file\n"); BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n"); BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n"); + BIO_printf (bio_err, "-keyform arg input private key format (PEM or ENGINE)\n"); BIO_printf (bio_err, "-out file output file\n"); BIO_printf (bio_err, "-outform arg output format SMIME (default), PEM or DER\n"); BIO_printf (bio_err, "-content file supply or override content for detached signature\n"); @@ -290,6 +328,9 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-text include or delete text MIME headers\n"); BIO_printf (bio_err, "-CApath dir trusted certificates directory\n"); BIO_printf (bio_err, "-CAfile file trusted certificates file\n"); + BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); + BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n"); + BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n"); BIO_printf (bio_err, "-passin arg input file pass phrase source\n"); BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); @@ -298,6 +339,8 @@ int MAIN(int argc, char **argv) goto end; } + e = setup_engine(bio_err, engine, 0); + if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; @@ -324,7 +367,7 @@ int MAIN(int argc, char **argv) if(operation == SMIME_ENCRYPT) { if (!cipher) { -#ifndef NO_RC2 +#ifndef OPENSSL_NO_RC2 cipher = EVP_rc2_40_cbc(); #else BIO_printf(bio_err, "No cipher selected\n"); @@ -333,8 +376,11 @@ int MAIN(int argc, char **argv) } encerts = sk_X509_new_null(); while (*args) { - if(!(cert = load_cert(bio_err,*args,FORMAT_PEM))) { + if(!(cert = load_cert(bio_err,*args,FORMAT_PEM, + NULL, e, "recipient certificate file"))) { +#if 0 /* An appropriate message is already printed */ BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args); +#endif goto end; } sk_X509_push(encerts, cert); @@ -344,23 +390,32 @@ int MAIN(int argc, char **argv) } if(signerfile && (operation == SMIME_SIGN)) { - if(!(signer = load_cert(bio_err,signerfile,FORMAT_PEM))) { + if(!(signer = load_cert(bio_err,signerfile,FORMAT_PEM, NULL, + e, "signer certificate"))) { +#if 0 /* An appropri message has already been printed */ BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile); +#endif goto end; } } if(certfile) { - if(!(other = load_certs(bio_err,certfile,FORMAT_PEM))) { + if(!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL, + e, "certificate file"))) { +#if 0 /* An appropriate message has already been printed */ BIO_printf(bio_err, "Can't read certificate file %s\n", certfile); +#endif ERR_print_errors(bio_err); goto end; } } if(recipfile && (operation == SMIME_DECRYPT)) { - if(!(recip = load_cert(bio_err,recipfile,FORMAT_PEM))) { + if(!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL, + e, "recipient certificate file"))) { +#if 0 /* An appropriate message has alrady been printed */ BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile); +#endif ERR_print_errors(bio_err); goto end; } @@ -373,11 +428,11 @@ int MAIN(int argc, char **argv) } else keyfile = NULL; if(keyfile) { - if(!(key = load_key(bio_err,keyfile, FORMAT_PEM, passin))) { - BIO_printf(bio_err, "Can't read recipient certificate file %s\n", keyfile); - ERR_print_errors(bio_err); + key = load_key(bio_err, keyfile, keyform, 0, passin, e, + "signing key file"); + if (!key) { goto end; - } + } } if (infile) { @@ -396,7 +451,7 @@ int MAIN(int argc, char **argv) } } else { out = BIO_new_fp(stdout, BIO_NOCLOSE); -#ifdef VMS +#ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); @@ -405,9 +460,11 @@ int MAIN(int argc, char **argv) } if(operation == SMIME_VERIFY) { - if(!(store = setup_verify(CAfile, CApath))) goto end; + if(!(store = setup_verify(bio_err, CAfile, CApath))) goto end; + X509_STORE_set_flags(store, store_flags); } + ret = 3; if(operation == SMIME_ENCRYPT) { @@ -507,36 +564,6 @@ end: return (ret); } -static X509_STORE *setup_verify(char *CAfile, char *CApath) -{ - X509_STORE *store; - X509_LOOKUP *lookup; - if(!(store = X509_STORE_new())) goto end; - lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file()); - if (lookup == NULL) goto end; - if (CAfile) { - if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) { - BIO_printf(bio_err, "Error loading file %s\n", CAfile); - goto end; - } - } else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT); - - lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir()); - if (lookup == NULL) goto end; - if (CApath) { - if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) { - BIO_printf(bio_err, "Error loading directory %s\n", CApath); - goto end; - } - } else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT); - - ERR_clear_error(); - return store; - end: - X509_STORE_free(store); - return NULL; -} - static int save_certs(char *signerfile, STACK_OF(X509) *signers) { int i; diff --git a/crypto/openssl/apps/speed.c b/crypto/openssl/apps/speed.c index f73deba..7f42b52 100644 --- a/crypto/openssl/apps/speed.c +++ b/crypto/openssl/apps/speed.c @@ -1,4 +1,4 @@ -/* apps/speed.c */ +/* apps/speed.c -*- mode:C; c-file-style: "eay" -*- */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -75,19 +75,24 @@ #include <string.h> #include <math.h> #include "apps.h" -#ifdef NO_STDIO +#ifdef OPENSSL_NO_STDIO #define APPS_WIN16 #endif #include <openssl/crypto.h> #include <openssl/rand.h> #include <openssl/err.h> +#include <openssl/evp.h> +#include <openssl/objects.h> +#if !defined(OPENSSL_SYS_MSDOS) +#include OPENSSL_UNISTD +#endif -#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(_DARWIN) +#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(OPENSSL_SYS_MACOSX) # define USE_TOD -#elif !defined(MSDOS) && !defined(VXWORKS) && (!defined(VMS) || defined(__DECC)) +#elif !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) # define TIMES #endif -#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE) && !defined(__NetBSD__) && !defined(_DARWIN) && !defined(VXWORKS) +#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(OPENSSL_SYS_MPE) && !defined(__NetBSD__) && !defined(OPENSSL_SYS_VXWORKS) /* FIXME */ # define TIMEB #endif @@ -107,7 +112,7 @@ The __TMS macro will show if it was. If it wasn't defined, we should undefine TIMES, since that tells the rest of the program how things should be handled. -- Richard Levitte */ -#if defined(VMS) && defined(__DECC) && !defined(__TMS) +#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS) #undef TIMES #endif @@ -115,7 +120,7 @@ #include <sys/timeb.h> #endif -#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(VXWORKS) +#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(OPENSSL_SYS_VXWORKS) #error "It seems neither struct tms nor struct timeb is supported in this platform!" #endif @@ -125,78 +130,113 @@ #include <sys/param.h> #endif -#ifndef NO_DES +#ifndef OPENSSL_NO_DES #include <openssl/des.h> #endif -#ifndef NO_MD2 +#ifndef OPENSSL_NO_AES +#include <openssl/aes.h> +#endif +#ifndef OPENSSL_NO_MD2 #include <openssl/md2.h> #endif -#ifndef NO_MDC2 +#ifndef OPENSSL_NO_MDC2 #include <openssl/mdc2.h> #endif -#ifndef NO_MD4 +#ifndef OPENSSL_NO_MD4 #include <openssl/md4.h> #endif -#ifndef NO_MD5 +#ifndef OPENSSL_NO_MD5 #include <openssl/md5.h> #endif -#ifndef NO_HMAC +#ifndef OPENSSL_NO_HMAC #include <openssl/hmac.h> #endif #include <openssl/evp.h> -#ifndef NO_SHA +#ifndef OPENSSL_NO_SHA #include <openssl/sha.h> #endif -#ifndef NO_RIPEMD +#ifndef OPENSSL_NO_RIPEMD #include <openssl/ripemd.h> #endif -#ifndef NO_RC4 +#ifndef OPENSSL_NO_RC4 #include <openssl/rc4.h> #endif -#ifndef NO_RC5 +#ifndef OPENSSL_NO_RC5 #include <openssl/rc5.h> #endif -#ifndef NO_RC2 +#ifndef OPENSSL_NO_RC2 #include <openssl/rc2.h> #endif -#ifndef NO_IDEA +#ifndef OPENSSL_NO_IDEA #include <openssl/idea.h> #endif -#ifndef NO_BF +#ifndef OPENSSL_NO_BF #include <openssl/blowfish.h> #endif -#ifndef NO_CAST +#ifndef OPENSSL_NO_CAST #include <openssl/cast.h> #endif -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA #include <openssl/rsa.h> #include "./testrsa.h" #endif #include <openssl/x509.h> -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA #include "./testdsa.h" #endif /* The following if from times(3) man page. It may need to be changed */ #ifndef HZ -# ifndef CLK_TCK -# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */ -# define HZ 100.0 -# else /* _BSD_CLK_TCK_ */ -# define HZ ((double)_BSD_CLK_TCK_) +# if defined(_SC_CLK_TCK) \ + && (!defined(OPENSSL_SYS_VMS) || __CTRL_VER >= 70000000) +# define HZ ((double)sysconf(_SC_CLK_TCK)) +# else +# ifndef CLK_TCK +# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */ +# define HZ 100.0 +# else /* _BSD_CLK_TCK_ */ +# define HZ ((double)_BSD_CLK_TCK_) +# endif +# else /* CLK_TCK */ +# define HZ ((double)CLK_TCK) # endif -# else /* CLK_TCK */ -# define HZ ((double)CLK_TCK) # endif #endif +#if !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_OS2) +# define HAVE_FORK 1 +#endif + #undef BUFSIZE #define BUFSIZE ((long)1024*8+1) int run=0; -static double Time_F(int s, int usertime); -static void print_message(char *s,long num,int length); +static char ftime_used = 0, times_used = 0, gettimeofday_used = 0, getrusage_used = 0; +static int mr=0; +static int usertime=1; + +static double Time_F(int s); +static void print_message(const char *s,long num,int length); static void pkey_print_message(char *str,char *str2,long num,int bits,int sec); +static void print_result(int alg,int run_no,int count,double time_used); +#ifdef HAVE_FORK +static int do_multi(int multi); +#endif + +#define ALGOR_NUM 19 +#define SIZE_NUM 5 +#define RSA_NUM 4 +#define DSA_NUM 3 +static const char *names[ALGOR_NUM]={ + "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4", + "des cbc","des ede3","idea cbc", + "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc", + "aes-128 cbc","aes-192 cbc","aes-256 cbc"}; +static double results[ALGOR_NUM][SIZE_NUM]; +static int lengths[SIZE_NUM]={16,64,256,1024,8*1024}; +static double rsa_results[RSA_NUM][2]; +static double dsa_results[DSA_NUM][2]; + #ifdef SIGALRM #if defined(__STDC__) || defined(sgi) || defined(_AIX) #define SIGRETTYPE void @@ -218,15 +258,16 @@ static SIGRETTYPE sig_done(int sig) #define START 0 #define STOP 1 -static double Time_F(int s, int usertime) +static double Time_F(int s) { double ret; #ifdef USE_TOD if(usertime) - { + { static struct rusage tstart,tend; + getrusage_used = 1; if (s == START) { getrusage(RUSAGE_SELF,&tstart); @@ -248,6 +289,7 @@ static double Time_F(int s, int usertime) static struct timeval tstart,tend; long i; + gettimeofday_used = 1; if (s == START) { gettimeofday(&tstart,NULL); @@ -268,6 +310,7 @@ static double Time_F(int s, int usertime) { static struct tms tstart,tend; + times_used = 1; if (s == START) { times(&tstart); @@ -284,8 +327,8 @@ static double Time_F(int s, int usertime) # if defined(TIMES) && defined(TIMEB) else # endif -# ifdef VXWORKS - { +# ifdef OPENSSL_SYS_VXWORKS + { static unsigned long tick_start, tick_end; if( s == START ) @@ -305,6 +348,7 @@ static double Time_F(int s, int usertime) static struct timeb tstart,tend; long i; + ftime_used = 1; if (s == START) { ftime(&tstart); @@ -319,7 +363,6 @@ static double Time_F(int s, int usertime) } } # endif - #endif } @@ -327,64 +370,85 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; unsigned char *buf=NULL,*buf2=NULL; int mret=1; -#define ALGOR_NUM 15 -#define SIZE_NUM 5 -#define RSA_NUM 4 -#define DSA_NUM 3 - long count,rsa_count; + long count=0,save_count=0; int i,j,k; -#ifndef NO_RSA +#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) + long rsa_count; +#endif +#ifndef OPENSSL_NO_RSA unsigned rsa_num; #endif -#ifndef NO_MD2 + unsigned char md[EVP_MAX_MD_SIZE]; +#ifndef OPENSSL_NO_MD2 unsigned char md2[MD2_DIGEST_LENGTH]; #endif -#ifndef NO_MDC2 +#ifndef OPENSSL_NO_MDC2 unsigned char mdc2[MDC2_DIGEST_LENGTH]; #endif -#ifndef NO_MD4 +#ifndef OPENSSL_NO_MD4 unsigned char md4[MD4_DIGEST_LENGTH]; #endif -#ifndef NO_MD5 +#ifndef OPENSSL_NO_MD5 unsigned char md5[MD5_DIGEST_LENGTH]; unsigned char hmac[MD5_DIGEST_LENGTH]; #endif -#ifndef NO_SHA +#ifndef OPENSSL_NO_SHA unsigned char sha[SHA_DIGEST_LENGTH]; #endif -#ifndef NO_RIPEMD +#ifndef OPENSSL_NO_RIPEMD unsigned char rmd160[RIPEMD160_DIGEST_LENGTH]; #endif -#ifndef NO_RC4 +#ifndef OPENSSL_NO_RC4 RC4_KEY rc4_ks; #endif -#ifndef NO_RC5 +#ifndef OPENSSL_NO_RC5 RC5_32_KEY rc5_ks; #endif -#ifndef NO_RC2 +#ifndef OPENSSL_NO_RC2 RC2_KEY rc2_ks; #endif -#ifndef NO_IDEA +#ifndef OPENSSL_NO_IDEA IDEA_KEY_SCHEDULE idea_ks; #endif -#ifndef NO_BF +#ifndef OPENSSL_NO_BF BF_KEY bf_ks; #endif -#ifndef NO_CAST +#ifndef OPENSSL_NO_CAST CAST_KEY cast_ks; #endif - static unsigned char key16[16]= + static const unsigned char key16[16]= {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0, 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12}; - unsigned char iv[8]; -#ifndef NO_DES - des_cblock *buf_as_des_cblock = NULL; - static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0}; - static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12}; - static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34}; - des_key_schedule sch,sch2,sch3; + static const unsigned char key24[24]= + {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0, + 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12, + 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34}; + static const unsigned char key32[32]= + {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0, + 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12, + 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34, + 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56}; +#ifndef OPENSSL_NO_AES +#define MAX_BLOCK_SIZE 128 +#else +#define MAX_BLOCK_SIZE 64 +#endif + unsigned char DES_iv[8]; + unsigned char iv[MAX_BLOCK_SIZE/8]; +#ifndef OPENSSL_NO_DES + DES_cblock *buf_as_des_cblock = NULL; + static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0}; + static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12}; + static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34}; + DES_key_schedule sch; + DES_key_schedule sch2; + DES_key_schedule sch3; +#endif +#ifndef OPENSSL_NO_AES + AES_KEY aes_ks1, aes_ks2, aes_ks3; #endif #define D_MD2 0 #define D_MDC2 1 @@ -401,13 +465,12 @@ int MAIN(int argc, char **argv) #define D_CBC_RC5 12 #define D_CBC_BF 13 #define D_CBC_CAST 14 - double d,results[ALGOR_NUM][SIZE_NUM]; - static int lengths[SIZE_NUM]={8,64,256,1024,8*1024}; +#define D_CBC_128_AES 15 +#define D_CBC_192_AES 16 +#define D_CBC_256_AES 17 +#define D_EVP 18 + double d=0.0; long c[ALGOR_NUM][SIZE_NUM]; - static char *names[ALGOR_NUM]={ - "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4", - "des cbc","des ede3","idea cbc", - "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc"}; #define R_DSA_512 0 #define R_DSA_1024 1 #define R_DSA_2048 2 @@ -415,10 +478,9 @@ int MAIN(int argc, char **argv) #define R_RSA_1024 1 #define R_RSA_2048 2 #define R_RSA_4096 3 -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA RSA *rsa_key[RSA_NUM]; long rsa_c[RSA_NUM][2]; - double rsa_results[RSA_NUM][2]; static unsigned int rsa_bits[RSA_NUM]={512,1024,2048,4096}; static unsigned char *rsa_data[RSA_NUM]= {test512,test1024,test2048,test4096}; @@ -426,17 +488,21 @@ int MAIN(int argc, char **argv) sizeof(test512),sizeof(test1024), sizeof(test2048),sizeof(test4096)}; #endif -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA DSA *dsa_key[DSA_NUM]; long dsa_c[DSA_NUM][2]; - double dsa_results[DSA_NUM][2]; static unsigned int dsa_bits[DSA_NUM]={512,1024,2048}; #endif int rsa_doit[RSA_NUM]; int dsa_doit[DSA_NUM]; int doit[ALGOR_NUM]; int pr_header=0; - int usertime=1; + const EVP_CIPHER *evp_cipher=NULL; + const EVP_MD *evp_md=NULL; + int decrypt=0; +#ifdef HAVE_FORK + int multi=0; +#endif #ifndef TIMES usertime=-1; @@ -444,7 +510,7 @@ int MAIN(int argc, char **argv) apps_startup(); memset(results, 0, sizeof(results)); -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA memset(dsa_key,0,sizeof(dsa_key)); #endif @@ -452,7 +518,10 @@ int MAIN(int argc, char **argv) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); -#ifndef NO_RSA + if (!load_config(bio_err, NULL)) + goto end; + +#ifndef OPENSSL_NO_RSA memset(rsa_key,0,sizeof(rsa_key)); for (i=0; i<RSA_NUM; i++) rsa_key[i]=NULL; @@ -463,8 +532,8 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err,"out of memory\n"); goto end; } -#ifndef NO_DES - buf_as_des_cblock = (des_cblock *)buf; +#ifndef OPENSSL_NO_DES + buf_as_des_cblock = (DES_cblock *)buf; #endif if ((buf2=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL) { @@ -473,6 +542,7 @@ int MAIN(int argc, char **argv) } memset(c,0,sizeof(c)); + memset(DES_iv,0,sizeof(DES_iv)); memset(iv,0,sizeof(iv)); for (i=0; i<ALGOR_NUM; i++) @@ -488,34 +558,108 @@ int MAIN(int argc, char **argv) while (argc) { if ((argc > 0) && (strcmp(*argv,"-elapsed") == 0)) + { usertime = 0; -#ifndef NO_MD2 + j--; /* Otherwise, -elapsed gets confused with + an algorithm. */ + } + else if ((argc > 0) && (strcmp(*argv,"-evp") == 0)) + { + argc--; + argv++; + if(argc == 0) + { + BIO_printf(bio_err,"no EVP given\n"); + goto end; + } + evp_cipher=EVP_get_cipherbyname(*argv); + if(!evp_cipher) + { + evp_md=EVP_get_digestbyname(*argv); + } + if(!evp_cipher && !evp_md) + { + BIO_printf(bio_err,"%s is an unknown cipher or digest\n",*argv); + goto end; + } + doit[D_EVP]=1; + } + else if (argc > 0 && !strcmp(*argv,"-decrypt")) + { + decrypt=1; + j--; /* Otherwise, -elapsed gets confused with + an algorithm. */ + } + else if ((argc > 0) && (strcmp(*argv,"-engine") == 0)) + { + argc--; + argv++; + if(argc == 0) + { + BIO_printf(bio_err,"no engine given\n"); + goto end; + } + e = setup_engine(bio_err, *argv, 0); + /* j will be increased again further down. We just + don't want speed to confuse an engine with an + algorithm, especially when none is given (which + means all of them should be run) */ + j--; + } +#ifdef HAVE_FORK + else if ((argc > 0) && (strcmp(*argv,"-multi") == 0)) + { + argc--; + argv++; + if(argc == 0) + { + BIO_printf(bio_err,"no multi count given\n"); + goto end; + } + multi=atoi(argv[0]); + if(multi <= 0) + { + BIO_printf(bio_err,"bad multi count\n"); + goto end; + } + j--; /* Otherwise, -mr gets confused with + an algorithm. */ + } +#endif + else if (argc > 0 && !strcmp(*argv,"-mr")) + { + mr=1; + j--; /* Otherwise, -mr gets confused with + an algorithm. */ + } + else +#ifndef OPENSSL_NO_MD2 if (strcmp(*argv,"md2") == 0) doit[D_MD2]=1; else #endif -#ifndef NO_MDC2 +#ifndef OPENSSL_NO_MDC2 if (strcmp(*argv,"mdc2") == 0) doit[D_MDC2]=1; else #endif -#ifndef NO_MD4 +#ifndef OPENSSL_NO_MD4 if (strcmp(*argv,"md4") == 0) doit[D_MD4]=1; else #endif -#ifndef NO_MD5 +#ifndef OPENSSL_NO_MD5 if (strcmp(*argv,"md5") == 0) doit[D_MD5]=1; else #endif -#ifndef NO_MD5 +#ifndef OPENSSL_NO_MD5 if (strcmp(*argv,"hmac") == 0) doit[D_HMAC]=1; else #endif -#ifndef NO_SHA +#ifndef OPENSSL_NO_SHA if (strcmp(*argv,"sha1") == 0) doit[D_SHA1]=1; else if (strcmp(*argv,"sha") == 0) doit[D_SHA1]=1; else #endif -#ifndef NO_RIPEMD +#ifndef OPENSSL_NO_RIPEMD if (strcmp(*argv,"ripemd") == 0) doit[D_RMD160]=1; else if (strcmp(*argv,"rmd160") == 0) doit[D_RMD160]=1; @@ -523,20 +667,26 @@ int MAIN(int argc, char **argv) if (strcmp(*argv,"ripemd160") == 0) doit[D_RMD160]=1; else #endif -#ifndef NO_RC4 +#ifndef OPENSSL_NO_RC4 if (strcmp(*argv,"rc4") == 0) doit[D_RC4]=1; else #endif -#ifndef NO_DES +#ifndef OPENSSL_NO_DES if (strcmp(*argv,"des-cbc") == 0) doit[D_CBC_DES]=1; else if (strcmp(*argv,"des-ede3") == 0) doit[D_EDE3_DES]=1; else #endif -#ifndef NO_RSA -#ifdef RSAref +#ifndef OPENSSL_NO_AES + if (strcmp(*argv,"aes-128-cbc") == 0) doit[D_CBC_128_AES]=1; + else if (strcmp(*argv,"aes-192-cbc") == 0) doit[D_CBC_192_AES]=1; + else if (strcmp(*argv,"aes-256-cbc") == 0) doit[D_CBC_256_AES]=1; + else +#endif +#ifndef OPENSSL_NO_RSA +#if 0 /* was: #ifdef RSAref */ if (strcmp(*argv,"rsaref") == 0) { - RSA_set_default_method(RSA_PKCS1_RSAref()); + RSA_set_default_openssl_method(RSA_PKCS1_RSAref()); j--; } else @@ -549,7 +699,7 @@ int MAIN(int argc, char **argv) } else #endif -#endif /* !NO_RSA */ +#endif /* !OPENSSL_NO_RSA */ if (strcmp(*argv,"dsa512") == 0) dsa_doit[R_DSA_512]=2; else if (strcmp(*argv,"dsa1024") == 0) dsa_doit[R_DSA_1024]=2; else if (strcmp(*argv,"dsa2048") == 0) dsa_doit[R_DSA_2048]=2; @@ -558,34 +708,34 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv,"rsa2048") == 0) rsa_doit[R_RSA_2048]=2; else if (strcmp(*argv,"rsa4096") == 0) rsa_doit[R_RSA_4096]=2; else -#ifndef NO_RC2 +#ifndef OPENSSL_NO_RC2 if (strcmp(*argv,"rc2-cbc") == 0) doit[D_CBC_RC2]=1; else if (strcmp(*argv,"rc2") == 0) doit[D_CBC_RC2]=1; else #endif -#ifndef NO_RC5 +#ifndef OPENSSL_NO_RC5 if (strcmp(*argv,"rc5-cbc") == 0) doit[D_CBC_RC5]=1; else if (strcmp(*argv,"rc5") == 0) doit[D_CBC_RC5]=1; else #endif -#ifndef NO_IDEA +#ifndef OPENSSL_NO_IDEA if (strcmp(*argv,"idea-cbc") == 0) doit[D_CBC_IDEA]=1; else if (strcmp(*argv,"idea") == 0) doit[D_CBC_IDEA]=1; else #endif -#ifndef NO_BF +#ifndef OPENSSL_NO_BF if (strcmp(*argv,"bf-cbc") == 0) doit[D_CBC_BF]=1; else if (strcmp(*argv,"blowfish") == 0) doit[D_CBC_BF]=1; else if (strcmp(*argv,"bf") == 0) doit[D_CBC_BF]=1; else #endif -#ifndef NO_CAST +#ifndef OPENSSL_NO_CAST if (strcmp(*argv,"cast-cbc") == 0) doit[D_CBC_CAST]=1; else if (strcmp(*argv,"cast") == 0) doit[D_CBC_CAST]=1; else if (strcmp(*argv,"cast5") == 0) doit[D_CBC_CAST]=1; else #endif -#ifndef NO_DES +#ifndef OPENSSL_NO_DES if (strcmp(*argv,"des") == 0) { doit[D_CBC_DES]=1; @@ -593,7 +743,16 @@ int MAIN(int argc, char **argv) } else #endif -#ifndef NO_RSA +#ifndef OPENSSL_NO_AES + if (strcmp(*argv,"aes") == 0) + { + doit[D_CBC_128_AES]=1; + doit[D_CBC_192_AES]=1; + doit[D_CBC_256_AES]=1; + } + else +#endif +#ifndef OPENSSL_NO_RSA if (strcmp(*argv,"rsa") == 0) { rsa_doit[R_RSA_512]=1; @@ -603,7 +762,7 @@ int MAIN(int argc, char **argv) } else #endif -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA if (strcmp(*argv,"dsa") == 0) { dsa_doit[R_DSA_512]=1; @@ -615,85 +774,104 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err,"Error: bad option or value\n"); BIO_printf(bio_err,"\n"); BIO_printf(bio_err,"Available values:\n"); -#ifndef NO_MD2 +#ifndef OPENSSL_NO_MD2 BIO_printf(bio_err,"md2 "); #endif -#ifndef NO_MDC2 +#ifndef OPENSSL_NO_MDC2 BIO_printf(bio_err,"mdc2 "); #endif -#ifndef NO_MD4 +#ifndef OPENSSL_NO_MD4 BIO_printf(bio_err,"md4 "); #endif -#ifndef NO_MD5 +#ifndef OPENSSL_NO_MD5 BIO_printf(bio_err,"md5 "); -#ifndef NO_HMAC +#ifndef OPENSSL_NO_HMAC BIO_printf(bio_err,"hmac "); #endif #endif -#ifndef NO_SHA1 +#ifndef OPENSSL_NO_SHA1 BIO_printf(bio_err,"sha1 "); #endif -#ifndef NO_RIPEMD160 +#ifndef OPENSSL_NO_RIPEMD160 BIO_printf(bio_err,"rmd160"); #endif -#if !defined(NO_MD2) || !defined(NO_MDC2) || !defined(NO_MD4) || !defined(NO_MD5) || !defined(NO_SHA1) || !defined(NO_RIPEMD160) +#if !defined(OPENSSL_NO_MD2) || !defined(OPENSSL_NO_MDC2) || \ + !defined(OPENSSL_NO_MD4) || !defined(OPENSSL_NO_MD5) || \ + !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RIPEMD160) BIO_printf(bio_err,"\n"); #endif -#ifndef NO_IDEA +#ifndef OPENSSL_NO_IDEA BIO_printf(bio_err,"idea-cbc "); #endif -#ifndef NO_RC2 +#ifndef OPENSSL_NO_RC2 BIO_printf(bio_err,"rc2-cbc "); #endif -#ifndef NO_RC5 +#ifndef OPENSSL_NO_RC5 BIO_printf(bio_err,"rc5-cbc "); #endif -#ifndef NO_BF +#ifndef OPENSSL_NO_BF BIO_printf(bio_err,"bf-cbc"); #endif -#if !defined(NO_IDEA) || !defined(NO_RC2) || !defined(NO_BF) || !defined(NO_RC5) +#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_RC2) || \ + !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_RC5) BIO_printf(bio_err,"\n"); #endif - +#ifndef OPENSSL_NO_DES BIO_printf(bio_err,"des-cbc des-ede3 "); -#ifndef NO_RC4 +#endif +#ifndef OPENSSL_NO_AES + BIO_printf(bio_err,"aes-128-cbc aes-192-cbc aes-256-cbc "); +#endif +#ifndef OPENSSL_NO_RC4 BIO_printf(bio_err,"rc4"); #endif BIO_printf(bio_err,"\n"); -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA BIO_printf(bio_err,"rsa512 rsa1024 rsa2048 rsa4096\n"); #endif -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA BIO_printf(bio_err,"dsa512 dsa1024 dsa2048\n"); #endif -#ifndef NO_IDEA +#ifndef OPENSSL_NO_IDEA BIO_printf(bio_err,"idea "); #endif -#ifndef NO_RC2 +#ifndef OPENSSL_NO_RC2 BIO_printf(bio_err,"rc2 "); #endif -#ifndef NO_DES +#ifndef OPENSSL_NO_DES BIO_printf(bio_err,"des "); #endif -#ifndef NO_RSA +#ifndef OPENSSL_NO_AES + BIO_printf(bio_err,"aes "); +#endif +#ifndef OPENSSL_NO_RSA BIO_printf(bio_err,"rsa "); #endif -#ifndef NO_BF +#ifndef OPENSSL_NO_BF BIO_printf(bio_err,"blowfish"); #endif -#if !defined(NO_IDEA) || !defined(NO_RC2) || !defined(NO_DES) || !defined(NO_RSA) || !defined(NO_BF) +#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_RC2) || \ + !defined(OPENSSL_NO_DES) || !defined(OPENSSL_NO_RSA) || \ + !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_AES) BIO_printf(bio_err,"\n"); #endif -#ifdef TIMES BIO_printf(bio_err,"\n"); BIO_printf(bio_err,"Available options:\n"); +#if defined(TIMES) || defined(USE_TOD) BIO_printf(bio_err,"-elapsed measure time in real time instead of CPU user time.\n"); #endif + BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n"); + BIO_printf(bio_err,"-evp e use EVP e.\n"); + BIO_printf(bio_err,"-decrypt time decryption instead of encryption (only EVP).\n"); + BIO_printf(bio_err,"-mr produce machine readable output.\n"); +#ifdef HAVE_FORK + BIO_printf(bio_err,"-multi n run n benchmarks in parallel.\n"); +#endif goto end; } argc--; @@ -701,10 +879,18 @@ int MAIN(int argc, char **argv) j++; } +#ifdef HAVE_FORK + if(multi && do_multi(multi)) + goto show_res; +#endif + if (j == 0) { for (i=0; i<ALGOR_NUM; i++) - doit[i]=1; + { + if (i != D_EVP) + doit[i]=1; + } for (i=0; i<RSA_NUM; i++) rsa_doit[i]=1; for (i=0; i<DSA_NUM; i++) @@ -713,18 +899,18 @@ int MAIN(int argc, char **argv) for (i=0; i<ALGOR_NUM; i++) if (doit[i]) pr_header++; - if (usertime == 0) + if (usertime == 0 && !mr) BIO_printf(bio_err,"You have chosen to measure elapsed time instead of user CPU time.\n"); - if (usertime <= 0) + if (usertime <= 0 && !mr) { BIO_printf(bio_err,"To get the most accurate results, try to run this\n"); BIO_printf(bio_err,"program when this computer is idle.\n"); } -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA for (i=0; i<RSA_NUM; i++) { - unsigned char *p; + const unsigned char *p; p=rsa_data[i]; rsa_key[i]=d2i_RSAPrivateKey(NULL,&p,rsa_data_length[i]); @@ -736,7 +922,9 @@ int MAIN(int argc, char **argv) #if 0 else { - BIO_printf(bio_err,"Loaded RSA key, %d bit modulus and e= 0x",BN_num_bits(rsa_key[i]->n)); + BIO_printf(bio_err,mr ? "+RK:%d:" + : "Loaded RSA key, %d bit modulus and e= 0x", + BN_num_bits(rsa_key[i]->n)); BN_print(bio_err,rsa_key[i]->e); BIO_printf(bio_err,"\n"); } @@ -744,51 +932,57 @@ int MAIN(int argc, char **argv) } #endif -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA dsa_key[0]=get_dsa512(); dsa_key[1]=get_dsa1024(); dsa_key[2]=get_dsa2048(); #endif -#ifndef NO_DES - des_set_key_unchecked(&key,sch); - des_set_key_unchecked(&key2,sch2); - des_set_key_unchecked(&key3,sch3); +#ifndef OPENSSL_NO_DES + DES_set_key_unchecked(&key,&sch); + DES_set_key_unchecked(&key2,&sch2); + DES_set_key_unchecked(&key3,&sch3); +#endif +#ifndef OPENSSL_NO_AES + AES_set_encrypt_key(key16,128,&aes_ks1); + AES_set_encrypt_key(key24,192,&aes_ks2); + AES_set_encrypt_key(key32,256,&aes_ks3); #endif -#ifndef NO_IDEA +#ifndef OPENSSL_NO_IDEA idea_set_encrypt_key(key16,&idea_ks); #endif -#ifndef NO_RC4 +#ifndef OPENSSL_NO_RC4 RC4_set_key(&rc4_ks,16,key16); #endif -#ifndef NO_RC2 +#ifndef OPENSSL_NO_RC2 RC2_set_key(&rc2_ks,16,key16,128); #endif -#ifndef NO_RC5 +#ifndef OPENSSL_NO_RC5 RC5_32_set_key(&rc5_ks,16,key16,12); #endif -#ifndef NO_BF +#ifndef OPENSSL_NO_BF BF_set_key(&bf_ks,16,key16); #endif -#ifndef NO_CAST +#ifndef OPENSSL_NO_CAST CAST_set_key(&cast_ks,16,key16); #endif -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA memset(rsa_c,0,sizeof(rsa_c)); #endif #ifndef SIGALRM -#ifndef NO_DES +#ifndef OPENSSL_NO_DES BIO_printf(bio_err,"First we calculate the approximate speed ...\n"); count=10; do { long i; count*=2; - Time_F(START,usertime); + Time_F(START); for (i=count; i; i--) - des_ecb_encrypt(buf_as_des_cblock,buf_as_des_cblock, - &(sch[0]),DES_ENCRYPT); - d=Time_F(STOP,usertime); + DES_ecb_encrypt(buf_as_des_cblock,buf_as_des_cblock, + &sch,DES_ENCRYPT); + d=Time_F(STOP); } while (d <3); + save_count=count; c[D_MD2][0]=count/10; c[D_MDC2][0]=count/10; c[D_MD4][0]=count; @@ -830,7 +1024,7 @@ int MAIN(int argc, char **argv) c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1; c[D_CBC_CAST][i]=c[D_CBC_CAST][i-1]*l0/l1; } -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA rsa_c[R_RSA_512][0]=count/2000; rsa_c[R_RSA_512][1]=count/400; for (i=1; i<RSA_NUM; i++) @@ -850,7 +1044,7 @@ int MAIN(int argc, char **argv) } #endif -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA dsa_c[R_DSA_512][0]=count/1000; dsa_c[R_DSA_512][1]=count/1000/2; for (i=1; i<DSA_NUM; i++) @@ -875,167 +1069,152 @@ int MAIN(int argc, char **argv) #else /* not worth fixing */ # error "You cannot disable DES on systems without SIGALRM." -#endif /* NO_DES */ +#endif /* OPENSSL_NO_DES */ #else #define COND(c) (run) #define COUNT(d) (count) signal(SIGALRM,sig_done); #endif /* SIGALRM */ -#ifndef NO_MD2 +#ifndef OPENSSL_NO_MD2 if (doit[D_MD2]) { for (j=0; j<SIZE_NUM; j++) { print_message(names[D_MD2],c[D_MD2][j],lengths[j]); - Time_F(START,usertime); + Time_F(START); for (count=0,run=1; COND(c[D_MD2][j]); count++) - MD2(buf,(unsigned long)lengths[j],&(md2[0])); - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %s's in %.2fs\n", - count,names[D_MD2],d); - results[D_MD2][j]=((double)count)/d*lengths[j]; + EVP_Digest(buf,(unsigned long)lengths[j],&(md2[0]),NULL,EVP_md2(),NULL); + d=Time_F(STOP); + print_result(D_MD2,j,count,d); } } #endif -#ifndef NO_MDC2 +#ifndef OPENSSL_NO_MDC2 if (doit[D_MDC2]) { for (j=0; j<SIZE_NUM; j++) { print_message(names[D_MDC2],c[D_MDC2][j],lengths[j]); - Time_F(START,usertime); + Time_F(START); for (count=0,run=1; COND(c[D_MDC2][j]); count++) - MDC2(buf,(unsigned long)lengths[j],&(mdc2[0])); - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %s's in %.2fs\n", - count,names[D_MDC2],d); - results[D_MDC2][j]=((double)count)/d*lengths[j]; + EVP_Digest(buf,(unsigned long)lengths[j],&(mdc2[0]),NULL,EVP_mdc2(),NULL); + d=Time_F(STOP); + print_result(D_MDC2,j,count,d); } } #endif -#ifndef NO_MD4 +#ifndef OPENSSL_NO_MD4 if (doit[D_MD4]) { for (j=0; j<SIZE_NUM; j++) { print_message(names[D_MD4],c[D_MD4][j],lengths[j]); - Time_F(START,usertime); + Time_F(START); for (count=0,run=1; COND(c[D_MD4][j]); count++) - MD4(&(buf[0]),(unsigned long)lengths[j],&(md4[0])); - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %s's in %.2fs\n", - count,names[D_MD4],d); - results[D_MD4][j]=((double)count)/d*lengths[j]; + EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md4[0]),NULL,EVP_md4(),NULL); + d=Time_F(STOP); + print_result(D_MD4,j,count,d); } } #endif -#ifndef NO_MD5 +#ifndef OPENSSL_NO_MD5 if (doit[D_MD5]) { for (j=0; j<SIZE_NUM; j++) { print_message(names[D_MD5],c[D_MD5][j],lengths[j]); - Time_F(START,usertime); + Time_F(START); for (count=0,run=1; COND(c[D_MD5][j]); count++) - MD5(&(buf[0]),(unsigned long)lengths[j],&(md5[0])); - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %s's in %.2fs\n", - count,names[D_MD5],d); - results[D_MD5][j]=((double)count)/d*lengths[j]; + EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md5[0]),NULL,EVP_get_digestbyname("md5"),NULL); + d=Time_F(STOP); + print_result(D_MD5,j,count,d); } } #endif -#if !defined(NO_MD5) && !defined(NO_HMAC) +#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_HMAC) if (doit[D_HMAC]) { HMAC_CTX hctx; - HMAC_Init(&hctx,(unsigned char *)"This is a key...", - 16,EVP_md5()); + + HMAC_CTX_init(&hctx); + HMAC_Init_ex(&hctx,(unsigned char *)"This is a key...", + 16,EVP_md5(), NULL); for (j=0; j<SIZE_NUM; j++) { print_message(names[D_HMAC],c[D_HMAC][j],lengths[j]); - Time_F(START,usertime); + Time_F(START); for (count=0,run=1; COND(c[D_HMAC][j]); count++) { - HMAC_Init(&hctx,NULL,0,NULL); - HMAC_Update(&hctx,buf,lengths[j]); - HMAC_Final(&hctx,&(hmac[0]),NULL); + HMAC_Init_ex(&hctx,NULL,0,NULL,NULL); + HMAC_Update(&hctx,buf,lengths[j]); + HMAC_Final(&hctx,&(hmac[0]),NULL); } - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %s's in %.2fs\n", - count,names[D_HMAC],d); - results[D_HMAC][j]=((double)count)/d*lengths[j]; + d=Time_F(STOP); + print_result(D_HMAC,j,count,d); } + HMAC_CTX_cleanup(&hctx); } #endif -#ifndef NO_SHA +#ifndef OPENSSL_NO_SHA if (doit[D_SHA1]) { for (j=0; j<SIZE_NUM; j++) { print_message(names[D_SHA1],c[D_SHA1][j],lengths[j]); - Time_F(START,usertime); + Time_F(START); for (count=0,run=1; COND(c[D_SHA1][j]); count++) - SHA1(buf,(unsigned long)lengths[j],&(sha[0])); - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %s's in %.2fs\n", - count,names[D_SHA1],d); - results[D_SHA1][j]=((double)count)/d*lengths[j]; + EVP_Digest(buf,(unsigned long)lengths[j],&(sha[0]),NULL,EVP_sha1(),NULL); + d=Time_F(STOP); + print_result(D_SHA1,j,count,d); } } #endif -#ifndef NO_RIPEMD +#ifndef OPENSSL_NO_RIPEMD if (doit[D_RMD160]) { for (j=0; j<SIZE_NUM; j++) { print_message(names[D_RMD160],c[D_RMD160][j],lengths[j]); - Time_F(START,usertime); + Time_F(START); for (count=0,run=1; COND(c[D_RMD160][j]); count++) - RIPEMD160(buf,(unsigned long)lengths[j],&(rmd160[0])); - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %s's in %.2fs\n", - count,names[D_RMD160],d); - results[D_RMD160][j]=((double)count)/d*lengths[j]; + EVP_Digest(buf,(unsigned long)lengths[j],&(rmd160[0]),NULL,EVP_ripemd160(),NULL); + d=Time_F(STOP); + print_result(D_RMD160,j,count,d); } } #endif -#ifndef NO_RC4 +#ifndef OPENSSL_NO_RC4 if (doit[D_RC4]) { for (j=0; j<SIZE_NUM; j++) { print_message(names[D_RC4],c[D_RC4][j],lengths[j]); - Time_F(START,usertime); + Time_F(START); for (count=0,run=1; COND(c[D_RC4][j]); count++) RC4(&rc4_ks,(unsigned int)lengths[j], buf,buf); - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %s's in %.2fs\n", - count,names[D_RC4],d); - results[D_RC4][j]=((double)count)/d*lengths[j]; + d=Time_F(STOP); + print_result(D_RC4,j,count,d); } } #endif -#ifndef NO_DES +#ifndef OPENSSL_NO_DES if (doit[D_CBC_DES]) { for (j=0; j<SIZE_NUM; j++) { print_message(names[D_CBC_DES],c[D_CBC_DES][j],lengths[j]); - Time_F(START,usertime); + Time_F(START); for (count=0,run=1; COND(c[D_CBC_DES][j]); count++) - des_ncbc_encrypt(buf,buf,lengths[j],sch, - &iv,DES_ENCRYPT); - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %s's in %.2fs\n", - count,names[D_CBC_DES],d); - results[D_CBC_DES][j]=((double)count)/d*lengths[j]; + DES_ncbc_encrypt(buf,buf,lengths[j],&sch, + &DES_iv,DES_ENCRYPT); + d=Time_F(STOP); + print_result(D_CBC_DES,j,count,d); } } @@ -1044,111 +1223,195 @@ int MAIN(int argc, char **argv) for (j=0; j<SIZE_NUM; j++) { print_message(names[D_EDE3_DES],c[D_EDE3_DES][j],lengths[j]); - Time_F(START,usertime); + Time_F(START); for (count=0,run=1; COND(c[D_EDE3_DES][j]); count++) - des_ede3_cbc_encrypt(buf,buf,lengths[j], - sch,sch2,sch3, - &iv,DES_ENCRYPT); - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %s's in %.2fs\n", - count,names[D_EDE3_DES],d); - results[D_EDE3_DES][j]=((double)count)/d*lengths[j]; + DES_ede3_cbc_encrypt(buf,buf,lengths[j], + &sch,&sch2,&sch3, + &DES_iv,DES_ENCRYPT); + d=Time_F(STOP); + print_result(D_EDE3_DES,j,count,d); + } + } +#endif +#ifndef OPENSSL_NO_AES + if (doit[D_CBC_128_AES]) + { + for (j=0; j<SIZE_NUM; j++) + { + print_message(names[D_CBC_128_AES],c[D_CBC_128_AES][j],lengths[j]); + Time_F(START); + for (count=0,run=1; COND(c[D_CBC_128_AES][j]); count++) + AES_cbc_encrypt(buf,buf, + (unsigned long)lengths[j],&aes_ks1, + iv,AES_ENCRYPT); + d=Time_F(STOP); + print_result(D_CBC_128_AES,j,count,d); + } + } + if (doit[D_CBC_192_AES]) + { + for (j=0; j<SIZE_NUM; j++) + { + print_message(names[D_CBC_192_AES],c[D_CBC_192_AES][j],lengths[j]); + Time_F(START); + for (count=0,run=1; COND(c[D_CBC_192_AES][j]); count++) + AES_cbc_encrypt(buf,buf, + (unsigned long)lengths[j],&aes_ks2, + iv,AES_ENCRYPT); + d=Time_F(STOP); + print_result(D_CBC_192_AES,j,count,d); + } + } + if (doit[D_CBC_256_AES]) + { + for (j=0; j<SIZE_NUM; j++) + { + print_message(names[D_CBC_256_AES],c[D_CBC_256_AES][j],lengths[j]); + Time_F(START); + for (count=0,run=1; COND(c[D_CBC_256_AES][j]); count++) + AES_cbc_encrypt(buf,buf, + (unsigned long)lengths[j],&aes_ks3, + iv,AES_ENCRYPT); + d=Time_F(STOP); + print_result(D_CBC_256_AES,j,count,d); } } + #endif -#ifndef NO_IDEA +#ifndef OPENSSL_NO_IDEA if (doit[D_CBC_IDEA]) { for (j=0; j<SIZE_NUM; j++) { print_message(names[D_CBC_IDEA],c[D_CBC_IDEA][j],lengths[j]); - Time_F(START,usertime); + Time_F(START); for (count=0,run=1; COND(c[D_CBC_IDEA][j]); count++) idea_cbc_encrypt(buf,buf, (unsigned long)lengths[j],&idea_ks, iv,IDEA_ENCRYPT); - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %s's in %.2fs\n", - count,names[D_CBC_IDEA],d); - results[D_CBC_IDEA][j]=((double)count)/d*lengths[j]; + d=Time_F(STOP); + print_result(D_CBC_IDEA,j,count,d); } } #endif -#ifndef NO_RC2 +#ifndef OPENSSL_NO_RC2 if (doit[D_CBC_RC2]) { for (j=0; j<SIZE_NUM; j++) { print_message(names[D_CBC_RC2],c[D_CBC_RC2][j],lengths[j]); - Time_F(START,usertime); + Time_F(START); for (count=0,run=1; COND(c[D_CBC_RC2][j]); count++) RC2_cbc_encrypt(buf,buf, (unsigned long)lengths[j],&rc2_ks, iv,RC2_ENCRYPT); - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %s's in %.2fs\n", - count,names[D_CBC_RC2],d); - results[D_CBC_RC2][j]=((double)count)/d*lengths[j]; + d=Time_F(STOP); + print_result(D_CBC_RC2,j,count,d); } } #endif -#ifndef NO_RC5 +#ifndef OPENSSL_NO_RC5 if (doit[D_CBC_RC5]) { for (j=0; j<SIZE_NUM; j++) { print_message(names[D_CBC_RC5],c[D_CBC_RC5][j],lengths[j]); - Time_F(START,usertime); + Time_F(START); for (count=0,run=1; COND(c[D_CBC_RC5][j]); count++) RC5_32_cbc_encrypt(buf,buf, (unsigned long)lengths[j],&rc5_ks, iv,RC5_ENCRYPT); - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %s's in %.2fs\n", - count,names[D_CBC_RC5],d); - results[D_CBC_RC5][j]=((double)count)/d*lengths[j]; + d=Time_F(STOP); + print_result(D_CBC_RC5,j,count,d); } } #endif -#ifndef NO_BF +#ifndef OPENSSL_NO_BF if (doit[D_CBC_BF]) { for (j=0; j<SIZE_NUM; j++) { print_message(names[D_CBC_BF],c[D_CBC_BF][j],lengths[j]); - Time_F(START,usertime); + Time_F(START); for (count=0,run=1; COND(c[D_CBC_BF][j]); count++) BF_cbc_encrypt(buf,buf, (unsigned long)lengths[j],&bf_ks, iv,BF_ENCRYPT); - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %s's in %.2fs\n", - count,names[D_CBC_BF],d); - results[D_CBC_BF][j]=((double)count)/d*lengths[j]; + d=Time_F(STOP); + print_result(D_CBC_BF,j,count,d); } } #endif -#ifndef NO_CAST +#ifndef OPENSSL_NO_CAST if (doit[D_CBC_CAST]) { for (j=0; j<SIZE_NUM; j++) { print_message(names[D_CBC_CAST],c[D_CBC_CAST][j],lengths[j]); - Time_F(START,usertime); + Time_F(START); for (count=0,run=1; COND(c[D_CBC_CAST][j]); count++) CAST_cbc_encrypt(buf,buf, (unsigned long)lengths[j],&cast_ks, iv,CAST_ENCRYPT); - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %s's in %.2fs\n", - count,names[D_CBC_CAST],d); - results[D_CBC_CAST][j]=((double)count)/d*lengths[j]; + d=Time_F(STOP); + print_result(D_CBC_CAST,j,count,d); } } #endif + if (doit[D_EVP]) + { + for (j=0; j<SIZE_NUM; j++) + { + if (evp_cipher) + { + EVP_CIPHER_CTX ctx; + int outl; + + names[D_EVP]=OBJ_nid2ln(evp_cipher->nid); + /* -O3 -fschedule-insns messes up an + * optimization here! names[D_EVP] + * somehow becomes NULL */ + print_message(names[D_EVP],save_count, + lengths[j]); + + EVP_CIPHER_CTX_init(&ctx); + if(decrypt) + EVP_DecryptInit_ex(&ctx,evp_cipher,NULL,key16,iv); + else + EVP_EncryptInit_ex(&ctx,evp_cipher,NULL,key16,iv); + + Time_F(START); + if(decrypt) + for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++) + EVP_DecryptUpdate(&ctx,buf,&outl,buf,lengths[j]); + else + for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++) + EVP_EncryptUpdate(&ctx,buf,&outl,buf,lengths[j]); + if(decrypt) + EVP_DecryptFinal_ex(&ctx,buf,&outl); + else + EVP_EncryptFinal_ex(&ctx,buf,&outl); + d=Time_F(STOP); + } + if (evp_md) + { + names[D_EVP]=OBJ_nid2ln(evp_md->type); + print_message(names[D_EVP],save_count, + lengths[j]); + + Time_F(START); + for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++) + EVP_Digest(buf,lengths[j],&(md[0]),NULL,evp_md,NULL); + + d=Time_F(STOP); + } + print_result(D_EVP,j,count,d); + } + } + RAND_pseudo_bytes(buf,36); -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA for (j=0; j<RSA_NUM; j++) { int ret; @@ -1166,7 +1429,7 @@ int MAIN(int argc, char **argv) rsa_c[j][0],rsa_bits[j], RSA_SECONDS); /* RSA_blinding_on(rsa_key[j],NULL); */ - Time_F(START,usertime); + Time_F(START); for (count=0,run=1; COND(rsa_c[j][0]); count++) { ret=RSA_sign(NID_md5_sha1, buf,36, buf2, @@ -1180,10 +1443,10 @@ int MAIN(int argc, char **argv) break; } } - d=Time_F(STOP,usertime); - BIO_printf(bio_err, - "%ld %d bit private RSA's in %.2fs\n", - count,rsa_bits[j],d); + d=Time_F(STOP); + BIO_printf(bio_err,mr ? "+R1:%ld:%d:%.2f\n" + : "%ld %d bit private RSA's in %.2fs\n", + count,rsa_bits[j],d); rsa_results[j][0]=d/(double)count; rsa_count=count; } @@ -1201,7 +1464,7 @@ int MAIN(int argc, char **argv) pkey_print_message("public","rsa", rsa_c[j][1],rsa_bits[j], RSA_SECONDS); - Time_F(START,usertime); + Time_F(START); for (count=0,run=1; COND(rsa_c[j][1]); count++) { ret=RSA_verify(NID_md5_sha1, buf,36, buf2, @@ -1215,10 +1478,10 @@ int MAIN(int argc, char **argv) break; } } - d=Time_F(STOP,usertime); - BIO_printf(bio_err, - "%ld %d bit public RSA's in %.2fs\n", - count,rsa_bits[j],d); + d=Time_F(STOP); + BIO_printf(bio_err,mr ? "+R2:%ld:%d:%.2f\n" + : "%ld %d bit public RSA's in %.2fs\n", + count,rsa_bits[j],d); rsa_results[j][1]=d/(double)count; } #endif @@ -1233,7 +1496,7 @@ int MAIN(int argc, char **argv) #endif RAND_pseudo_bytes(buf,20); -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA if (RAND_status() != 1) { RAND_seed(rnd_seed, sizeof rnd_seed); @@ -1245,7 +1508,7 @@ int MAIN(int argc, char **argv) int ret; if (!dsa_doit[j]) continue; - DSA_generate_key(dsa_key[j]); +/* DSA_generate_key(dsa_key[j]); */ /* DSA_sign_setup(dsa_key[j],NULL); */ ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2, &kk,dsa_key[j]); @@ -1260,7 +1523,7 @@ int MAIN(int argc, char **argv) pkey_print_message("sign","dsa", dsa_c[j][0],dsa_bits[j], DSA_SECONDS); - Time_F(START,usertime); + Time_F(START); for (count=0,run=1; COND(dsa_c[j][0]); count++) { ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2, @@ -1274,9 +1537,10 @@ int MAIN(int argc, char **argv) break; } } - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %d bit DSA signs in %.2fs\n", - count,dsa_bits[j],d); + d=Time_F(STOP); + BIO_printf(bio_err,mr ? "+R3:%ld:%d:%.2f\n" + : "%ld %d bit DSA signs in %.2fs\n", + count,dsa_bits[j],d); dsa_results[j][0]=d/(double)count; rsa_count=count; } @@ -1294,7 +1558,7 @@ int MAIN(int argc, char **argv) pkey_print_message("verify","dsa", dsa_c[j][1],dsa_bits[j], DSA_SECONDS); - Time_F(START,usertime); + Time_F(START); for (count=0,run=1; COND(dsa_c[j][1]); count++) { ret=DSA_verify(EVP_PKEY_DSA,buf,20,buf2, @@ -1308,9 +1572,10 @@ int MAIN(int argc, char **argv) break; } } - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %d bit DSA verify in %.2fs\n", - count,dsa_bits[j],d); + d=Time_F(STOP); + BIO_printf(bio_err,mr ? "+R4:%ld:%d:%.2f\n" + : "%ld %d bit DSA verify in %.2fs\n", + count,dsa_bits[j],d); dsa_results[j][1]=d/(double)count; } @@ -1323,106 +1588,160 @@ int MAIN(int argc, char **argv) } if (rnd_fake) RAND_cleanup(); #endif - - fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_VERSION)); +#ifdef HAVE_FORK +show_res: +#endif + if(!mr) + { + fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_VERSION)); fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_BUILT_ON)); - printf("options:"); - printf("%s ",BN_options()); -#ifndef NO_MD2 - printf("%s ",MD2_options()); + printf("options:"); + printf("%s ",BN_options()); +#ifndef OPENSSL_NO_MD2 + printf("%s ",MD2_options()); #endif -#ifndef NO_RC4 - printf("%s ",RC4_options()); +#ifndef OPENSSL_NO_RC4 + printf("%s ",RC4_options()); #endif -#ifndef NO_DES - printf("%s ",des_options()); +#ifndef OPENSSL_NO_DES + printf("%s ",DES_options()); #endif -#ifndef NO_IDEA - printf("%s ",idea_options()); +#ifndef OPENSSL_NO_AES + printf("%s ",AES_options()); #endif -#ifndef NO_BF - printf("%s ",BF_options()); +#ifndef OPENSSL_NO_IDEA + printf("%s ",idea_options()); #endif - fprintf(stdout,"\n%s\n",SSLeay_version(SSLEAY_CFLAGS)); +#ifndef OPENSSL_NO_BF + printf("%s ",BF_options()); +#endif + fprintf(stdout,"\n%s\n",SSLeay_version(SSLEAY_CFLAGS)); + printf("available timing options: "); +#ifdef TIMES + printf("TIMES "); +#endif +#ifdef TIMEB + printf("TIMEB "); +#endif +#ifdef USE_TOD + printf("USE_TOD "); +#endif +#ifdef HZ +#define as_string(s) (#s) + printf("HZ=%g", (double)HZ); +# ifdef _SC_CLK_TCK + printf(" [sysconf value]"); +# endif +#endif + printf("\n"); + printf("timing function used: %s%s%s%s%s%s%s\n", + (ftime_used ? "ftime" : ""), + (ftime_used + times_used > 1 ? "," : ""), + (times_used ? "times" : ""), + (ftime_used + times_used + gettimeofday_used > 1 ? "," : ""), + (gettimeofday_used ? "gettimeofday" : ""), + (ftime_used + times_used + gettimeofday_used + getrusage_used > 1 ? "," : ""), + (getrusage_used ? "getrusage" : "")); + } if (pr_header) { - fprintf(stdout,"The 'numbers' are in 1000s of bytes per second processed.\n"); - fprintf(stdout,"type "); + if(mr) + fprintf(stdout,"+H"); + else + { + fprintf(stdout,"The 'numbers' are in 1000s of bytes per second processed.\n"); + fprintf(stdout,"type "); + } for (j=0; j<SIZE_NUM; j++) - fprintf(stdout,"%7d bytes",lengths[j]); + fprintf(stdout,mr ? ":%d" : "%7d bytes",lengths[j]); fprintf(stdout,"\n"); } for (k=0; k<ALGOR_NUM; k++) { if (!doit[k]) continue; - fprintf(stdout,"%-13s",names[k]); + if(mr) + fprintf(stdout,"+F:%d:%s",k,names[k]); + else + fprintf(stdout,"%-13s",names[k]); for (j=0; j<SIZE_NUM; j++) { - if (results[k][j] > 10000) + if (results[k][j] > 10000 && !mr) fprintf(stdout," %11.2fk",results[k][j]/1e3); else - fprintf(stdout," %11.2f ",results[k][j]); + fprintf(stdout,mr ? ":%.2f" : " %11.2f ",results[k][j]); } fprintf(stdout,"\n"); } -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA j=1; for (k=0; k<RSA_NUM; k++) { if (!rsa_doit[k]) continue; - if (j) + if (j && !mr) { printf("%18ssign verify sign/s verify/s\n"," "); j=0; } - fprintf(stdout,"rsa %4u bits %8.4fs %8.4fs %8.1f %8.1f", - rsa_bits[k],rsa_results[k][0],rsa_results[k][1], - 1.0/rsa_results[k][0],1.0/rsa_results[k][1]); - fprintf(stdout,"\n"); + if(mr) + fprintf(stdout,"+F2:%u:%u:%f:%f\n", + k,rsa_bits[k],rsa_results[k][0], + rsa_results[k][1]); + else + fprintf(stdout,"rsa %4u bits %8.4fs %8.4fs %8.1f %8.1f\n", + rsa_bits[k],rsa_results[k][0],rsa_results[k][1], + 1.0/rsa_results[k][0],1.0/rsa_results[k][1]); } #endif -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA j=1; for (k=0; k<DSA_NUM; k++) { if (!dsa_doit[k]) continue; - if (j) { + if (j && !mr) + { printf("%18ssign verify sign/s verify/s\n"," "); j=0; } - fprintf(stdout,"dsa %4u bits %8.4fs %8.4fs %8.1f %8.1f", - dsa_bits[k],dsa_results[k][0],dsa_results[k][1], - 1.0/dsa_results[k][0],1.0/dsa_results[k][1]); - fprintf(stdout,"\n"); + if(mr) + fprintf(stdout,"+F3:%u:%u:%f:%f\n", + k,dsa_bits[k],dsa_results[k][0],dsa_results[k][1]); + else + fprintf(stdout,"dsa %4u bits %8.4fs %8.4fs %8.1f %8.1f\n", + dsa_bits[k],dsa_results[k][0],dsa_results[k][1], + 1.0/dsa_results[k][0],1.0/dsa_results[k][1]); } #endif mret=0; end: + ERR_print_errors(bio_err); if (buf != NULL) OPENSSL_free(buf); if (buf2 != NULL) OPENSSL_free(buf2); -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA for (i=0; i<RSA_NUM; i++) if (rsa_key[i] != NULL) RSA_free(rsa_key[i]); #endif -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA for (i=0; i<DSA_NUM; i++) if (dsa_key[i] != NULL) DSA_free(dsa_key[i]); #endif - EXIT(mret); + apps_shutdown(); + OPENSSL_EXIT(mret); } -static void print_message(char *s, long num, int length) +static void print_message(const char *s, long num, int length) { #ifdef SIGALRM - BIO_printf(bio_err,"Doing %s for %ds on %d size blocks: ",s,SECONDS,length); + BIO_printf(bio_err,mr ? "+DT:%s:%d:%d\n" + : "Doing %s for %ds on %d size blocks: ",s,SECONDS,length); (void)BIO_flush(bio_err); alarm(SECONDS); #else - BIO_printf(bio_err,"Doing %s %ld times on %d size blocks: ",s,num,length); + BIO_printf(bio_err,mr ? "+DN:%s:%ld:%d\n" + : "Doing %s %ld times on %d size blocks: ",s,num,length); (void)BIO_flush(bio_err); #endif #ifdef LINT @@ -1434,11 +1753,13 @@ static void pkey_print_message(char *str, char *str2, long num, int bits, int tm) { #ifdef SIGALRM - BIO_printf(bio_err,"Doing %d bit %s %s's for %ds: ",bits,str,str2,tm); + BIO_printf(bio_err,mr ? "+DTP:%d:%s:%s:%d\n" + : "Doing %d bit %s %s's for %ds: ",bits,str,str2,tm); (void)BIO_flush(bio_err); alarm(RSA_SECONDS); #else - BIO_printf(bio_err,"Doing %ld %d bit %s %s's: ",num,bits,str,str2); + BIO_printf(bio_err,mr ? "+DNP:%ld:%d:%s:%s\n" + : "Doing %ld %d bit %s %s's: ",num,bits,str,str2); (void)BIO_flush(bio_err); #endif #ifdef LINT @@ -1446,3 +1767,175 @@ static void pkey_print_message(char *str, char *str2, long num, int bits, #endif } +static void print_result(int alg,int run_no,int count,double time_used) + { + BIO_printf(bio_err,mr ? "+R:%ld:%s:%f\n" + : "%ld %s's in %.2fs\n",count,names[alg],time_used); + results[alg][run_no]=((double)count)/time_used*lengths[run_no]; + } + +static char *sstrsep(char **string, const char *delim) + { + char isdelim[256]; + char *token = *string; + + if (**string == 0) + return NULL; + + memset(isdelim, 0, sizeof isdelim); + isdelim[0] = 1; + + while (*delim) + { + isdelim[(unsigned char)(*delim)] = 1; + delim++; + } + + while (!isdelim[(unsigned char)(**string)]) + { + (*string)++; + } + + if (**string) + { + **string = 0; + (*string)++; + } + + return token; + } + +#ifdef HAVE_FORK +static int do_multi(int multi) + { + int n; + int fd[2]; + int *fds; + static char sep[]=":"; + + fds=malloc(multi*sizeof *fds); + for(n=0 ; n < multi ; ++n) + { + pipe(fd); + if(fork()) + { + close(fd[1]); + fds[n]=fd[0]; + } + else + { + close(fd[0]); + close(1); + dup(fd[1]); + close(fd[1]); + mr=1; + usertime=0; + return 0; + } + printf("Forked child %d\n",n); + } + + /* for now, assume the pipe is long enough to take all the output */ + for(n=0 ; n < multi ; ++n) + { + FILE *f; + char buf[1024]; + char *p; + + f=fdopen(fds[n],"r"); + while(fgets(buf,sizeof buf,f)) + { + p=strchr(buf,'\n'); + if(p) + *p='\0'; + if(buf[0] != '+') + { + fprintf(stderr,"Don't understand line '%s' from child %d\n", + buf,n); + continue; + } + printf("Got: %s from %d\n",buf,n); + if(!strncmp(buf,"+F:",3)) + { + int alg; + int j; + + p=buf+3; + alg=atoi(sstrsep(&p,sep)); + sstrsep(&p,sep); + for(j=0 ; j < SIZE_NUM ; ++j) + results[alg][j]+=atof(sstrsep(&p,sep)); + } + else if(!strncmp(buf,"+F2:",4)) + { + int k; + double d; + + p=buf+4; + k=atoi(sstrsep(&p,sep)); + sstrsep(&p,sep); + + d=atof(sstrsep(&p,sep)); + if(n) + rsa_results[k][0]=1/(1/rsa_results[k][0]+1/d); + else + rsa_results[k][0]=d; + + d=atof(sstrsep(&p,sep)); + if(n) + rsa_results[k][1]=1/(1/rsa_results[k][1]+1/d); + else + rsa_results[k][1]=d; + } + else if(!strncmp(buf,"+F2:",4)) + { + int k; + double d; + + p=buf+4; + k=atoi(sstrsep(&p,sep)); + sstrsep(&p,sep); + + d=atof(sstrsep(&p,sep)); + if(n) + rsa_results[k][0]=1/(1/rsa_results[k][0]+1/d); + else + rsa_results[k][0]=d; + + d=atof(sstrsep(&p,sep)); + if(n) + rsa_results[k][1]=1/(1/rsa_results[k][1]+1/d); + else + rsa_results[k][1]=d; + } + else if(!strncmp(buf,"+F3:",4)) + { + int k; + double d; + + p=buf+4; + k=atoi(sstrsep(&p,sep)); + sstrsep(&p,sep); + + d=atof(sstrsep(&p,sep)); + if(n) + dsa_results[k][0]=1/(1/dsa_results[k][0]+1/d); + else + dsa_results[k][0]=d; + + d=atof(sstrsep(&p,sep)); + if(n) + dsa_results[k][1]=1/(1/dsa_results[k][1]+1/d); + else + dsa_results[k][1]=d; + } + else if(!strncmp(buf,"+H:",3)) + { + } + else + fprintf(stderr,"Unknown type '%s' from child %d\n",buf,n); + } + } + return 1; + } +#endif diff --git a/crypto/openssl/apps/spkac.c b/crypto/openssl/apps/spkac.c index 459d730..ed370c5 100644 --- a/crypto/openssl/apps/spkac.c +++ b/crypto/openssl/apps/spkac.c @@ -81,21 +81,26 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; int i,badops=0, ret = 1; - BIO *in = NULL,*out = NULL, *key = NULL; + BIO *in = NULL,*out = NULL; int verify=0,noout=0,pubkey=0; char *infile = NULL,*outfile = NULL,*prog; char *passargin = NULL, *passin = NULL; char *spkac = "SPKAC", *spksect = "default", *spkstr = NULL; char *challenge = NULL, *keyfile = NULL; - LHASH *conf = NULL; + CONF *conf = NULL; NETSCAPE_SPKI *spki = NULL; EVP_PKEY *pkey = NULL; + char *engine=NULL; apps_startup(); if (!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); + if (!load_config(bio_err, NULL)) + goto end; + prog=argv[0]; argc--; argv++; @@ -136,6 +141,11 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; spksect= *(++argv); } + else if (strcmp(*argv,"-engine") == 0) + { + if (--argc < 1) goto bad; + engine= *(++argv); + } else if (strcmp(*argv,"-noout") == 0) noout=1; else if (strcmp(*argv,"-pubkey") == 0) @@ -161,6 +171,7 @@ bad: BIO_printf(bio_err," -noout don't print SPKAC\n"); BIO_printf(bio_err," -pubkey output public key\n"); BIO_printf(bio_err," -verify verify SPKAC signature\n"); + BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); goto end; } @@ -170,18 +181,13 @@ bad: goto end; } + e = setup_engine(bio_err, engine, 0); + if(keyfile) { - if(strcmp(keyfile, "-")) key = BIO_new_file(keyfile, "r"); - else key = BIO_new_fp(stdin, BIO_NOCLOSE); - if(!key) { - BIO_printf(bio_err, "Error opening key file\n"); - ERR_print_errors(bio_err); - goto end; - } - pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, passin); + pkey = load_key(bio_err, + strcmp(keyfile, "-") ? keyfile : NULL, + FORMAT_PEM, 1, passin, e, "private key"); if(!pkey) { - BIO_printf(bio_err, "Error reading private key\n"); - ERR_print_errors(bio_err); goto end; } spki = NETSCAPE_SPKI_new(); @@ -194,7 +200,7 @@ bad: if (outfile) out = BIO_new_file(outfile, "w"); else { out = BIO_new_fp(stdout, BIO_NOCLOSE); -#ifdef VMS +#ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); @@ -224,15 +230,16 @@ bad: goto end; } - conf = CONF_load_bio(NULL, in, NULL); + conf = NCONF_new(NULL); + i = NCONF_load_bio(conf, in, NULL); - if(!conf) { + if(!i) { BIO_printf(bio_err, "Error parsing config file\n"); ERR_print_errors(bio_err); goto end; } - spkstr = CONF_get_string(conf, spksect, spkac); + spkstr = NCONF_get_string(conf, spksect, spkac); if(!spkstr) { BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac); @@ -251,7 +258,7 @@ bad: if (outfile) out = BIO_new_file(outfile, "w"); else { out = BIO_new_fp(stdout, BIO_NOCLOSE); -#ifdef VMS +#ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); @@ -281,12 +288,12 @@ bad: ret = 0; end: - CONF_free(conf); + NCONF_free(conf); NETSCAPE_SPKI_free(spki); BIO_free(in); BIO_free_all(out); - BIO_free(key); EVP_PKEY_free(pkey); if(passin) OPENSSL_free(passin); - EXIT(ret); + apps_shutdown(); + OPENSSL_EXIT(ret); } diff --git a/crypto/openssl/apps/testdsa.h b/crypto/openssl/apps/testdsa.h index f0bfbb1..9e84e31 100644 --- a/crypto/openssl/apps/testdsa.h +++ b/crypto/openssl/apps/testdsa.h @@ -3,6 +3,18 @@ DSA *get_dsa512(void ); DSA *get_dsa1024(void ); DSA *get_dsa2048(void ); +static unsigned char dsa512_priv[] = { + 0x65,0xe5,0xc7,0x38,0x60,0x24,0xb5,0x89,0xd4,0x9c,0xeb,0x4c, + 0x9c,0x1d,0x7a,0x22,0xbd,0xd1,0xc2,0xd2, + }; +static unsigned char dsa512_pub[] = { + 0x00,0x95,0xa7,0x0d,0xec,0x93,0x68,0xba,0x5f,0xf7,0x5f,0x07, + 0xf2,0x3b,0xad,0x6b,0x01,0xdc,0xbe,0xec,0xde,0x04,0x7a,0x3a, + 0x27,0xb3,0xec,0x49,0xfd,0x08,0x43,0x3d,0x7e,0xa8,0x2c,0x5e, + 0x7b,0xbb,0xfc,0xf4,0x6e,0xeb,0x6c,0xb0,0x6e,0xf8,0x02,0x12, + 0x8c,0x38,0x5d,0x83,0x56,0x7d,0xee,0x53,0x05,0x3e,0x24,0x84, + 0xbe,0xba,0x0a,0x6b,0xc8, + }; static unsigned char dsa512_p[]={ 0x9D,0x1B,0x69,0x8E,0x26,0xDB,0xF2,0x2B,0x11,0x70,0x19,0x86, 0xF6,0x19,0xC8,0xF8,0x19,0xF2,0x18,0x53,0x94,0x46,0x06,0xD0, @@ -29,14 +41,34 @@ DSA *get_dsa512() DSA *dsa; if ((dsa=DSA_new()) == NULL) return(NULL); + dsa->priv_key=BN_bin2bn(dsa512_priv,sizeof(dsa512_priv),NULL); + dsa->pub_key=BN_bin2bn(dsa512_pub,sizeof(dsa512_pub),NULL); dsa->p=BN_bin2bn(dsa512_p,sizeof(dsa512_p),NULL); dsa->q=BN_bin2bn(dsa512_q,sizeof(dsa512_q),NULL); dsa->g=BN_bin2bn(dsa512_g,sizeof(dsa512_g),NULL); - if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL)) + if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) || + (dsa->q == NULL) || (dsa->g == NULL)) return(NULL); return(dsa); } +static unsigned char dsa1024_priv[]={ + 0x7d,0x21,0xda,0xbb,0x62,0x15,0x47,0x36,0x07,0x67,0x12,0xe8, + 0x8c,0xaa,0x1c,0xcd,0x38,0x12,0x61,0x18, + }; +static unsigned char dsa1024_pub[]={ + 0x3c,0x4e,0x9c,0x2a,0x7f,0x16,0xc1,0x25,0xeb,0xac,0x78,0x63, + 0x90,0x14,0x8c,0x8b,0xf4,0x68,0x43,0x3c,0x2d,0xee,0x65,0x50, + 0x7d,0x9c,0x8f,0x8c,0x8a,0x51,0xd6,0x11,0x2b,0x99,0xaf,0x1e, + 0x90,0x97,0xb5,0xd3,0xa6,0x20,0x25,0xd6,0xfe,0x43,0x02,0xd5, + 0x91,0x7d,0xa7,0x8c,0xdb,0xc9,0x85,0xa3,0x36,0x48,0xf7,0x68, + 0xaa,0x60,0xb1,0xf7,0x05,0x68,0x3a,0xa3,0x3f,0xd3,0x19,0x82, + 0xd8,0x82,0x7a,0x77,0xfb,0xef,0xf4,0x15,0x0a,0xeb,0x06,0x04, + 0x7f,0x53,0x07,0x0c,0xbc,0xcb,0x2d,0x83,0xdb,0x3e,0xd1,0x28, + 0xa5,0xa1,0x31,0xe0,0x67,0xfa,0x50,0xde,0x9b,0x07,0x83,0x7e, + 0x2c,0x0b,0xc3,0x13,0x50,0x61,0xe5,0xad,0xbd,0x36,0xb8,0x97, + 0x4e,0x40,0x7d,0xe8,0x83,0x0d,0xbc,0x4b + }; static unsigned char dsa1024_p[]={ 0xA7,0x3F,0x6E,0x85,0xBF,0x41,0x6A,0x29,0x7D,0xF0,0x9F,0x47, 0x19,0x30,0x90,0x9A,0x09,0x1D,0xDA,0x6A,0x33,0x1E,0xC5,0x3D, @@ -73,14 +105,45 @@ DSA *get_dsa1024() DSA *dsa; if ((dsa=DSA_new()) == NULL) return(NULL); + dsa->priv_key=BN_bin2bn(dsa1024_priv,sizeof(dsa1024_priv),NULL); + dsa->pub_key=BN_bin2bn(dsa1024_pub,sizeof(dsa1024_pub),NULL); dsa->p=BN_bin2bn(dsa1024_p,sizeof(dsa1024_p),NULL); dsa->q=BN_bin2bn(dsa1024_q,sizeof(dsa1024_q),NULL); dsa->g=BN_bin2bn(dsa1024_g,sizeof(dsa1024_g),NULL); - if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL)) + if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) || + (dsa->q == NULL) || (dsa->g == NULL)) return(NULL); return(dsa); } +static unsigned char dsa2048_priv[]={ + 0x32,0x67,0x92,0xf6,0xc4,0xe2,0xe2,0xe8,0xa0,0x8b,0x6b,0x45, + 0x0c,0x8a,0x76,0xb0,0xee,0xcf,0x91,0xa7, + }; +static unsigned char dsa2048_pub[]={ + 0x17,0x8f,0xa8,0x11,0x84,0x92,0xec,0x83,0x47,0xc7,0x6a,0xb0, + 0x92,0xaf,0x5a,0x20,0x37,0xa3,0x64,0x79,0xd2,0xd0,0x3d,0xcd, + 0xe0,0x61,0x88,0x88,0x21,0xcc,0x74,0x5d,0xce,0x4c,0x51,0x47, + 0xf0,0xc5,0x5c,0x4c,0x82,0x7a,0xaf,0x72,0xad,0xb9,0xe0,0x53, + 0xf2,0x78,0xb7,0xf0,0xb5,0x48,0x7f,0x8a,0x3a,0x18,0xd1,0x9f, + 0x8b,0x7d,0xa5,0x47,0xb7,0x95,0xab,0x98,0xf8,0x7b,0x74,0x50, + 0x56,0x8e,0x57,0xf0,0xee,0xf5,0xb7,0xba,0xab,0x85,0x86,0xf9, + 0x2b,0xef,0x41,0x56,0xa0,0xa4,0x9f,0xb7,0x38,0x00,0x46,0x0a, + 0xa6,0xf1,0xfc,0x1f,0xd8,0x4e,0x85,0x44,0x92,0x43,0x21,0x5d, + 0x6e,0xcc,0xc2,0xcb,0x26,0x31,0x0d,0x21,0xc4,0xbd,0x8d,0x24, + 0xbc,0xd9,0x18,0x19,0xd7,0xdc,0xf1,0xe7,0x93,0x50,0x48,0x03, + 0x2c,0xae,0x2e,0xe7,0x49,0x88,0x5f,0x93,0x57,0x27,0x99,0x36, + 0xb4,0x20,0xab,0xfc,0xa7,0x2b,0xf2,0xd9,0x98,0xd7,0xd4,0x34, + 0x9d,0x96,0x50,0x58,0x9a,0xea,0x54,0xf3,0xee,0xf5,0x63,0x14, + 0xee,0x85,0x83,0x74,0x76,0xe1,0x52,0x95,0xc3,0xf7,0xeb,0x04, + 0x04,0x7b,0xa7,0x28,0x1b,0xcc,0xea,0x4a,0x4e,0x84,0xda,0xd8, + 0x9c,0x79,0xd8,0x9b,0x66,0x89,0x2f,0xcf,0xac,0xd7,0x79,0xf9, + 0xa9,0xd8,0x45,0x13,0x78,0xb9,0x00,0x14,0xc9,0x7e,0x22,0x51, + 0x86,0x67,0xb0,0x9f,0x26,0x11,0x23,0xc8,0x38,0xd7,0x70,0x1d, + 0x15,0x8e,0x4d,0x4f,0x95,0x97,0x40,0xa1,0xc2,0x7e,0x01,0x18, + 0x72,0xf4,0x10,0xe6,0x8d,0x52,0x16,0x7f,0xf2,0xc9,0xf8,0x33, + 0x8b,0x33,0xb7,0xce, + }; static unsigned char dsa2048_p[]={ 0xA0,0x25,0xFA,0xAD,0xF4,0x8E,0xB9,0xE5,0x99,0xF3,0x5D,0x6F, 0x4F,0x83,0x34,0xE2,0x7E,0xCF,0x6F,0xBF,0x30,0xAF,0x6F,0x81, @@ -139,10 +202,13 @@ DSA *get_dsa2048() DSA *dsa; if ((dsa=DSA_new()) == NULL) return(NULL); + dsa->priv_key=BN_bin2bn(dsa2048_priv,sizeof(dsa2048_priv),NULL); + dsa->pub_key=BN_bin2bn(dsa2048_pub,sizeof(dsa2048_pub),NULL); dsa->p=BN_bin2bn(dsa2048_p,sizeof(dsa2048_p),NULL); dsa->q=BN_bin2bn(dsa2048_q,sizeof(dsa2048_q),NULL); dsa->g=BN_bin2bn(dsa2048_g,sizeof(dsa2048_g),NULL); - if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL)) + if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) || + (dsa->q == NULL) || (dsa->g == NULL)) return(NULL); return(dsa); } diff --git a/crypto/openssl/apps/verify.c b/crypto/openssl/apps/verify.c index 47e602d..9a18213 100644 --- a/crypto/openssl/apps/verify.c +++ b/crypto/openssl/apps/verify.c @@ -70,14 +70,15 @@ #define PROG verify_main static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx); -static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose); +static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose, ENGINE *e); static STACK_OF(X509) *load_untrusted(char *file); -static int v_verbose=0, issuer_checks = 0; +static int v_verbose=0, vflags = 0; int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; int i,ret=1; int purpose = -1; char *CApath=NULL,*CAfile=NULL; @@ -85,6 +86,7 @@ int MAIN(int argc, char **argv) STACK_OF(X509) *untrusted = NULL, *trusted = NULL; X509_STORE *cert_ctx=NULL; X509_LOOKUP *lookup=NULL; + char *engine=NULL; cert_ctx=X509_STORE_new(); if (cert_ctx == NULL) goto end; @@ -98,6 +100,9 @@ int MAIN(int argc, char **argv) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if (!load_config(bio_err, NULL)) + goto end; + argc--; argv++; for (;;) @@ -137,10 +142,21 @@ int MAIN(int argc, char **argv) if (argc-- < 1) goto end; trustfile= *(++argv); } + else if (strcmp(*argv,"-engine") == 0) + { + if (--argc < 1) goto end; + engine= *(++argv); + } else if (strcmp(*argv,"-help") == 0) goto end; + else if (strcmp(*argv,"-ignore_critical") == 0) + vflags |= X509_V_FLAG_IGNORE_CRITICAL; else if (strcmp(*argv,"-issuer_checks") == 0) - issuer_checks=1; + vflags |= X509_V_FLAG_CB_ISSUER_CHECK; + else if (strcmp(*argv,"-crl_check") == 0) + vflags |= X509_V_FLAG_CRL_CHECK; + else if (strcmp(*argv,"-crl_check_all") == 0) + vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL; else if (strcmp(*argv,"-verbose") == 0) v_verbose=1; else if (argv[0][0] == '-') @@ -154,6 +170,8 @@ int MAIN(int argc, char **argv) break; } + e = setup_engine(bio_err, engine, 0); + lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file()); if (lookup == NULL) abort(); if (CAfile) { @@ -194,14 +212,14 @@ int MAIN(int argc, char **argv) } } - if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, purpose); + if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, purpose, e); else for (i=0; i<argc; i++) - check(cert_ctx,argv[i], untrusted, trusted, purpose); + check(cert_ctx,argv[i], untrusted, trusted, purpose, e); ret=0; end: if (ret == 1) { - BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] cert1 cert2 ...\n"); + BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check] [-engine e] cert1 cert2 ...\n"); BIO_printf(bio_err,"recognized usages:\n"); for(i = 0; i < X509_PURPOSE_get_count(); i++) { X509_PURPOSE *ptmp; @@ -213,42 +231,19 @@ end: if (cert_ctx != NULL) X509_STORE_free(cert_ctx); sk_X509_pop_free(untrusted, X509_free); sk_X509_pop_free(trusted, X509_free); - EXIT(ret); + apps_shutdown(); + OPENSSL_EXIT(ret); } -static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose) +static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose, ENGINE *e) { X509 *x=NULL; - BIO *in=NULL; int i=0,ret=0; X509_STORE_CTX *csc; - in=BIO_new(BIO_s_file()); - if (in == NULL) - { - ERR_print_errors(bio_err); - goto end; - } - - if (file == NULL) - BIO_set_fp(in,stdin,BIO_NOCLOSE); - else - { - if (BIO_read_filename(in,file) <= 0) - { - perror(file); - goto end; - } - } - - x=PEM_read_bio_X509(in,NULL,NULL,NULL); + x = load_cert(bio_err, file, FORMAT_PEM, NULL, e, "certificate file"); if (x == NULL) - { - fprintf(stdout,"%s: unable to load certificate file\n", - (file == NULL)?"stdin":file); - ERR_print_errors(bio_err); goto end; - } fprintf(stdout,"%s: ",(file == NULL)?"stdin":file); csc = X509_STORE_CTX_new(); @@ -257,11 +252,14 @@ static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X ERR_print_errors(bio_err); goto end; } - X509_STORE_CTX_init(csc,ctx,x,uchain); + X509_STORE_set_flags(ctx, vflags); + if(!X509_STORE_CTX_init(csc,ctx,x,uchain)) + { + ERR_print_errors(bio_err); + goto end; + } if(tchain) X509_STORE_CTX_trusted_stack(csc, tchain); if(purpose >= 0) X509_STORE_CTX_set_purpose(csc, purpose); - if(issuer_checks) - X509_STORE_CTX_set_flags(csc, X509_V_FLAG_CB_ISSUER_CHECK); i=X509_verify_cert(csc); X509_STORE_CTX_free(csc); @@ -275,7 +273,6 @@ end: else ERR_print_errors(bio_err); if (x != NULL) X509_free(x); - if (in != NULL) BIO_free(in); return(ret); } @@ -333,7 +330,8 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx) if (!ok) { X509_NAME_oneline( - X509_get_subject_name(ctx->current_cert),buf,256); + X509_get_subject_name(ctx->current_cert),buf, + sizeof buf); printf("%s\n",buf); printf("error %d at %d depth lookup:%s\n",ctx->error, ctx->error_depth, @@ -349,6 +347,9 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx) if (ctx->error == X509_V_ERR_PATH_LENGTH_EXCEEDED) ok=1; if (ctx->error == X509_V_ERR_INVALID_PURPOSE) ok=1; if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1; + if (ctx->error == X509_V_ERR_CRL_HAS_EXPIRED) ok=1; + if (ctx->error == X509_V_ERR_CRL_NOT_YET_VALID) ok=1; + if (ctx->error == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) ok=1; } if (!v_verbose) ERR_clear_error(); diff --git a/crypto/openssl/apps/version.c b/crypto/openssl/apps/version.c index f5c9adc..0843b67 100644 --- a/crypto/openssl/apps/version.c +++ b/crypto/openssl/apps/version.c @@ -55,6 +55,59 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #include <stdio.h> #include <stdlib.h> @@ -62,6 +115,21 @@ #include "apps.h" #include <openssl/evp.h> #include <openssl/crypto.h> +#ifndef OPENSSL_NO_MD2 +# include <openssl/md2.h> +#endif +#ifndef OPENSSL_NO_RC4 +# include <openssl/rc4.h> +#endif +#ifndef OPENSSL_NO_DES +# include <openssl/des.h> +#endif +#ifndef OPENSSL_NO_IDEA +# include <openssl/idea.h> +#endif +#ifndef OPENSSL_NO_BF +# include <openssl/blowfish.h> +#endif #undef PROG #define PROG version_main @@ -71,7 +139,7 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { int i,ret=0; - int cflags=0,version=0,date=0,options=0,platform=0; + int cflags=0,version=0,date=0,options=0,platform=0,dir=0; apps_startup(); @@ -92,8 +160,10 @@ int MAIN(int argc, char **argv) options=1; else if (strcmp(argv[i],"-p") == 0) platform=1; + else if (strcmp(argv[i],"-d") == 0) + dir=1; else if (strcmp(argv[i],"-a") == 0) - date=version=cflags=options=platform=1; + date=version=cflags=options=platform=dir=1; else { BIO_printf(bio_err,"usage:version -[avbofp]\n"); @@ -109,24 +179,26 @@ int MAIN(int argc, char **argv) { printf("options: "); printf("%s ",BN_options()); -#ifndef NO_MD2 +#ifndef OPENSSL_NO_MD2 printf("%s ",MD2_options()); #endif -#ifndef NO_RC4 +#ifndef OPENSSL_NO_RC4 printf("%s ",RC4_options()); #endif -#ifndef NO_DES - printf("%s ",des_options()); +#ifndef OPENSSL_NO_DES + printf("%s ",DES_options()); #endif -#ifndef NO_IDEA +#ifndef OPENSSL_NO_IDEA printf("%s ",idea_options()); #endif -#ifndef NO_BF +#ifndef OPENSSL_NO_BF printf("%s ",BF_options()); #endif printf("\n"); } if (cflags) printf("%s\n",SSLeay_version(SSLEAY_CFLAGS)); + if (dir) printf("%s\n",SSLeay_version(SSLEAY_DIR)); end: - EXIT(ret); + apps_shutdown(); + OPENSSL_EXIT(ret); } diff --git a/crypto/openssl/apps/winrand.c b/crypto/openssl/apps/winrand.c index d042258..59bede3 100644 --- a/crypto/openssl/apps/winrand.c +++ b/crypto/openssl/apps/winrand.c @@ -118,7 +118,6 @@ LRESULT CALLBACK WndProc(HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam) HDC hdc; PAINTSTRUCT ps; RECT rect; - char buffer[200]; static int seeded = 0; switch (iMsg) diff --git a/crypto/openssl/apps/x509.c b/crypto/openssl/apps/x509.c index b9b1328..7915eca 100644 --- a/crypto/openssl/apps/x509.c +++ b/crypto/openssl/apps/x509.c @@ -60,7 +60,7 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> -#ifdef NO_STDIO +#ifdef OPENSSL_NO_STDIO #define APPS_WIN16 #endif #include "apps.h" @@ -105,6 +105,7 @@ static char *x509_usage[]={ " -fingerprint - print the certificate fingerprint\n", " -alias - output certificate alias\n", " -noout - no certificate output\n", +" -ocspid - print OCSP hash values for the subject name and public key\n", " -trustout - output a \"trusted\" certificate\n", " -clrtrust - clear all trusted purposes\n", " -clrreject - clear all rejected purposes\n", @@ -121,7 +122,8 @@ static char *x509_usage[]={ " -CAkey arg - set the CA key, must be PEM format\n", " missing, it is assumed to be in the CA file.\n", " -CAcreateserial - create serial number file if it does not exist\n", -" -CAserial - serial file\n", +" -CAserial arg - serial file\n", +" -set_serial - serial number to use\n", " -text - print the certificate in text form\n", " -C - print out C code forms\n", " -md2/-md5/-sha1/-mdc2 - digest to use\n", @@ -129,15 +131,18 @@ static char *x509_usage[]={ " -extensions - section from config file with X509V3 extensions to add\n", " -clrext - delete extensions before signing and input certificate\n", " -nameopt arg - various certificate name options\n", +" -engine e - use engine e, possibly a hardware device.\n", +" -certopt arg - various certificate text options\n", NULL }; static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx); static int sign (X509 *x, EVP_PKEY *pkey,int days,int clrext, const EVP_MD *digest, - LHASH *conf, char *section); + CONF *conf, char *section); static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest, X509 *x,X509 *xca,EVP_PKEY *pkey,char *serial, - int create,int days, int clrext, LHASH *conf, char *section); + int create,int days, int clrext, CONF *conf, char *section, + ASN1_INTEGER *sno); static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt); static int reqfile=0; @@ -145,11 +150,13 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; int ret=1; X509_REQ *req=NULL; X509 *x=NULL,*xca=NULL; ASN1_OBJECT *objtmp; EVP_PKEY *Upkey=NULL,*CApkey=NULL; + ASN1_INTEGER *sno = NULL; int i,num,badops=0; BIO *out=NULL; BIO *STDout=NULL; @@ -159,6 +166,7 @@ int MAIN(int argc, char **argv) char *CAkeyfile=NULL,*CAserial=NULL; char *alias=NULL; int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0; + int ocspid=0; int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0; int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0; int C=0; @@ -170,11 +178,12 @@ int MAIN(int argc, char **argv) int fingerprint=0; char buf[256]; const EVP_MD *md_alg,*digest=EVP_md5(); - LHASH *extconf = NULL; + CONF *extconf = NULL; char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL; int need_rand = 0; int checkend=0,checkoffset=0; - unsigned long nmflag = 0; + unsigned long nmflag = 0, certflag = 0; + char *engine=NULL; reqfile=0; @@ -182,8 +191,11 @@ int MAIN(int argc, char **argv) if (bio_err == NULL) bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); + + if (!load_config(bio_err, NULL)) + goto end; STDout=BIO_new_fp(stdout,BIO_NOCLOSE); -#ifdef VMS +#ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); STDout = BIO_push(tmpbio, STDout); @@ -294,6 +306,12 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; CAserial= *(++argv); } + else if (strcmp(*argv,"-set_serial") == 0) + { + if (--argc < 1) goto bad; + if (!(sno = s2i_ASN1_INTEGER(NULL, *(++argv)))) + goto bad; + } else if (strcmp(*argv,"-addtrust") == 0) { if (--argc < 1) goto bad; @@ -326,6 +344,11 @@ int MAIN(int argc, char **argv) alias= *(++argv); trustout = 1; } + else if (strcmp(*argv,"-certopt") == 0) + { + if (--argc < 1) goto bad; + if (!set_cert_ex(&certflag, *(++argv))) goto bad; + } else if (strcmp(*argv,"-nameopt") == 0) { if (--argc < 1) goto bad; @@ -337,6 +360,11 @@ int MAIN(int argc, char **argv) alias= *(++argv); trustout = 1; } + else if (strcmp(*argv,"-engine") == 0) + { + if (--argc < 1) goto bad; + engine= *(++argv); + } else if (strcmp(*argv,"-C") == 0) C= ++num; else if (strcmp(*argv,"-email") == 0) @@ -397,6 +425,8 @@ int MAIN(int argc, char **argv) clrext = 1; } #endif + else if (strcmp(*argv,"-ocspid") == 0) + ocspid= ++num; else if ((md_alg=EVP_get_digestbyname(*argv + 1))) { /* ok */ @@ -416,10 +446,12 @@ int MAIN(int argc, char **argv) { bad: for (pp=x509_usage; (*pp != NULL); pp++) - BIO_printf(bio_err,*pp); + BIO_printf(bio_err,"%s",*pp); goto end; } + e = setup_engine(bio_err, engine, 0); + if (need_rand) app_RAND_load_file(NULL, bio_err, 0); @@ -447,9 +479,10 @@ bad: if (extfile) { - long errorline; + long errorline = -1; X509V3_CTX ctx2; - if (!(extconf=CONF_load(NULL,extfile,&errorline))) + extconf = NCONF_new(NULL); + if (!NCONF_load(extconf, extfile,&errorline)) { if (errorline <= 0) BIO_printf(bio_err, @@ -461,11 +494,18 @@ bad: ,errorline,extfile); goto end; } - if (!extsect && !(extsect = CONF_get_string(extconf, "default", - "extensions"))) extsect = "default"; + if (!extsect) + { + extsect = NCONF_get_string(extconf, "default", "extensions"); + if (!extsect) + { + ERR_clear_error(); + extsect = "default"; + } + } X509V3_set_ctx_test(&ctx2); - X509V3_set_conf_lhash(&ctx2, extconf); - if (!X509V3_EXT_add_conf(extconf, &ctx2, extsect, NULL)) + X509V3_set_nconf(&ctx2, extconf); + if (!X509V3_EXT_add_nconf(extconf, &ctx2, extsect, NULL)) { BIO_printf(bio_err, "Error Loading extension section %s\n", @@ -549,7 +589,12 @@ bad: if ((x=X509_new()) == NULL) goto end; ci=x->cert_info; - if (!ASN1_INTEGER_set(X509_get_serialNumber(x),0)) goto end; + if (sno) + { + if (!X509_set_serialNumber(x, sno)) + goto end; + } + else if (!ASN1_INTEGER_set(X509_get_serialNumber(x),0)) goto end; if (!X509_set_issuer_name(x,req->req_info->subject)) goto end; if (!X509_set_subject_name(x,req->req_info->subject)) goto end; @@ -561,12 +606,12 @@ bad: EVP_PKEY_free(pkey); } else - x=load_cert(bio_err,infile,informat); + x=load_cert(bio_err,infile,informat,NULL,e,"Certificate"); if (x == NULL) goto end; if (CA_flag) { - xca=load_cert(bio_err,CAfile,CAformat); + xca=load_cert(bio_err,CAfile,CAformat,NULL,e,"CA Certificate"); if (xca == NULL) goto end; } @@ -584,7 +629,7 @@ bad: if (outfile == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); -#ifdef VMS +#ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); @@ -688,12 +733,12 @@ bad: goto end; } BIO_printf(STDout,"Modulus="); -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA if (pkey->type == EVP_PKEY_RSA) BN_print(STDout,pkey->pkey.rsa->n); else #endif -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA if (pkey->type == EVP_PKEY_DSA) BN_print(STDout,pkey->pkey.dsa->pub_key); else @@ -725,10 +770,11 @@ bad: int y,z; X509_NAME_oneline(X509_get_subject_name(x), - buf,256); + buf,sizeof buf); BIO_printf(STDout,"/* subject:%s */\n",buf); m=X509_NAME_oneline( - X509_get_issuer_name(x),buf,256); + X509_get_issuer_name(x),buf, + sizeof buf); BIO_printf(STDout,"/* issuer :%s */\n",buf); z=i2d_X509(x,NULL); @@ -774,7 +820,7 @@ bad: } else if (text == i) { - X509_print(out,x); + X509_print_ex(out,x,nmflag, certflag); } else if (startdate == i) { @@ -816,10 +862,11 @@ bad: if (Upkey == NULL) { Upkey=load_key(bio_err, - keyfile,keyformat, passin); + keyfile, keyformat, 0, + passin, e, "Private key"); if (Upkey == NULL) goto end; } -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA if (Upkey->type == EVP_PKEY_DSA) digest=EVP_dss1(); #endif @@ -834,10 +881,12 @@ bad: if (CAkeyfile != NULL) { CApkey=load_key(bio_err, - CAkeyfile,CAkeyformat, passin); + CAkeyfile, CAkeyformat, + 0, passin, e, + "CA Private Key"); if (CApkey == NULL) goto end; } -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA if (CApkey->type == EVP_PKEY_DSA) digest=EVP_dss1(); #endif @@ -845,7 +894,7 @@ bad: assert(need_rand); if (!x509_certify(ctx,CAfile,digest,x,xca, CApkey, CAserial,CA_createserial,days, clrext, - extconf, extsect)) + extconf, extsect, sno)) goto end; } else if (x509req == i) @@ -861,13 +910,14 @@ bad: else { pk=load_key(bio_err, - keyfile,FORMAT_PEM, passin); + keyfile, FORMAT_PEM, 0, + passin, e, "request key"); if (pk == NULL) goto end; } BIO_printf(bio_err,"Generating certificate request\n"); -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA if (pk->type == EVP_PKEY_DSA) digest=EVP_dss1(); #endif @@ -886,6 +936,10 @@ bad: } noout=1; } + else if (ocspid == i) + { + X509_ocspid_print(out, x); + } } } @@ -948,7 +1002,7 @@ end: if (need_rand) app_RAND_write_file(NULL, bio_err); OBJ_cleanup(); - CONF_free(extconf); + NCONF_free(extconf); BIO_free_all(out); BIO_free_all(STDout); X509_STORE_free(ctx); @@ -958,32 +1012,23 @@ end: EVP_PKEY_free(Upkey); EVP_PKEY_free(CApkey); X509_REQ_free(rq); + ASN1_INTEGER_free(sno); sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free); sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free); if (passin) OPENSSL_free(passin); - EXIT(ret); + apps_shutdown(); + OPENSSL_EXIT(ret); } -static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, - X509 *x, X509 *xca, EVP_PKEY *pkey, char *serialfile, int create, - int days, int clrext, LHASH *conf, char *section) +static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create) { - int ret=0; - BIO *io=NULL; + char *buf = NULL, *p; MS_STATIC char buf2[1024]; - char *buf=NULL,*p; - BIGNUM *serial=NULL; - ASN1_INTEGER *bs=NULL,bs2; - X509_STORE_CTX xsc; - EVP_PKEY *upkey; - - upkey = X509_get_pubkey(xca); - EVP_PKEY_copy_parameters(upkey,pkey); - EVP_PKEY_free(upkey); + ASN1_INTEGER *bs = NULL, *bs2 = NULL; + BIO *io = NULL; + BIGNUM *serial = NULL; - X509_STORE_CTX_init(&xsc,ctx,x,NULL); - buf=OPENSSL_malloc(EVP_PKEY_size(pkey)*2+ - ((serialfile == NULL) + buf=OPENSSL_malloc( ((serialfile == NULL) ?(strlen(CAfile)+strlen(POSTFIX)+1) :(strlen(serialfile)))+1); if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; } @@ -1030,7 +1075,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, } else { - if (!a2i_ASN1_INTEGER(io,bs,buf2,1024)) + if (!a2i_ASN1_INTEGER(io,bs,buf2,sizeof buf2)) { BIO_printf(bio_err,"unable to load serial number from %s\n",buf); ERR_print_errors(bio_err); @@ -1049,20 +1094,55 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, if (!BN_add_word(serial,1)) { BIO_printf(bio_err,"add_word failure\n"); goto end; } - bs2.data=(unsigned char *)buf2; - bs2.length=BN_bn2bin(serial,bs2.data); - + if (!(bs2 = BN_to_ASN1_INTEGER(serial, NULL))) + { BIO_printf(bio_err,"error converting bn 2 asn1_integer\n"); goto end; } if (BIO_write_filename(io,buf) <= 0) { BIO_printf(bio_err,"error attempting to write serial number file\n"); perror(buf); goto end; } - i2a_ASN1_INTEGER(io,&bs2); + i2a_ASN1_INTEGER(io,bs2); BIO_puts(io,"\n"); + BIO_free(io); + if (buf) OPENSSL_free(buf); + ASN1_INTEGER_free(bs2); + BN_free(serial); io=NULL; - + return bs; + + end: + if (buf) OPENSSL_free(buf); + BIO_free(io); + ASN1_INTEGER_free(bs); + BN_free(serial); + return NULL; + + } + +static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, + X509 *x, X509 *xca, EVP_PKEY *pkey, char *serialfile, int create, + int days, int clrext, CONF *conf, char *section, ASN1_INTEGER *sno) + { + int ret=0; + ASN1_INTEGER *bs=NULL; + X509_STORE_CTX xsc; + EVP_PKEY *upkey; + + upkey = X509_get_pubkey(xca); + EVP_PKEY_copy_parameters(upkey,pkey); + EVP_PKEY_free(upkey); + + if(!X509_STORE_CTX_init(&xsc,ctx,x,NULL)) + { + BIO_printf(bio_err,"Error initialising X509 store\n"); + goto end; + } + if (sno) bs = sno; + else if (!(bs = load_serial(CAfile, serialfile, create))) + goto end; + if (!X509_STORE_add_cert(ctx,x)) goto end; /* NOTE: this certificate can/should be self signed, unless it was @@ -1097,8 +1177,8 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, X509V3_CTX ctx2; X509_set_version(x,2); /* version 3 certificate */ X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0); - X509V3_set_conf_lhash(&ctx2, conf); - if (!X509V3_EXT_add_conf(conf, &ctx2, section, x)) goto end; + X509V3_set_nconf(&ctx2, conf); + if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x)) goto end; } if (!X509_sign(x,pkey,digest)) goto end; @@ -1107,10 +1187,7 @@ end: X509_STORE_CTX_cleanup(&xsc); if (!ret) ERR_print_errors(bio_err); - if (buf != NULL) OPENSSL_free(buf); - if (bs != NULL) ASN1_INTEGER_free(bs); - if (io != NULL) BIO_free(io); - if (serial != NULL) BN_free(serial); + if (!sno) ASN1_INTEGER_free(bs); return ret; } @@ -1147,7 +1224,7 @@ static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx) /* self sign */ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest, - LHASH *conf, char *section) + CONF *conf, char *section) { EVP_PKEY *pktmp; @@ -1177,8 +1254,8 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *dig X509V3_CTX ctx; X509_set_version(x,2); /* version 3 certificate */ X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0); - X509V3_set_conf_lhash(&ctx, conf); - if (!X509V3_EXT_add_conf(conf, &ctx, section, x)) goto err; + X509V3_set_nconf(&ctx, conf); + if (!X509V3_EXT_add_nconf(conf, &ctx, section, x)) goto err; } if (!X509_sign(x,pkey,digest)) goto err; return 1; @@ -1203,6 +1280,3 @@ static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt) } return 1; } - - - |