summaryrefslogtreecommitdiffstats
path: root/crypto/openssl/apps
diff options
context:
space:
mode:
authormarkm <markm@FreeBSD.org>2003-01-28 21:43:22 +0000
committermarkm <markm@FreeBSD.org>2003-01-28 21:43:22 +0000
commitaad1d64cb5a8d9b503d9199642363dc1e92d2f9b (patch)
tree610a51c6e3965764fb0f1629c1376e2d23afffe8 /crypto/openssl/apps
parenteba366e36e93f5da8ae5c744eb337c3ef6872641 (diff)
downloadFreeBSD-src-aad1d64cb5a8d9b503d9199642363dc1e92d2f9b.zip
FreeBSD-src-aad1d64cb5a8d9b503d9199642363dc1e92d2f9b.tar.gz
Vendor import of OpenSSL release 0.9.7. This release includes
support for AES and OpenBSD's hardware crypto.
Diffstat (limited to 'crypto/openssl/apps')
-rwxr-xr-xcrypto/openssl/apps/CA.pl11
-rw-r--r--crypto/openssl/apps/CA.pl.in11
-rw-r--r--crypto/openssl/apps/Makefile.ssl1276
-rw-r--r--crypto/openssl/apps/app_rand.c21
-rw-r--r--crypto/openssl/apps/apps.c756
-rw-r--r--crypto/openssl/apps/apps.h150
-rw-r--r--crypto/openssl/apps/asn1pars.c8
-rw-r--r--crypto/openssl/apps/ca.c1691
-rw-r--r--crypto/openssl/apps/ciphers.c23
-rw-r--r--crypto/openssl/apps/crl.c31
-rw-r--r--crypto/openssl/apps/crl2p7.c8
-rw-r--r--crypto/openssl/apps/dgst.c117
-rw-r--r--crypto/openssl/apps/dh.c22
-rw-r--r--crypto/openssl/apps/dhparam.c37
-rw-r--r--crypto/openssl/apps/dsa.c31
-rw-r--r--crypto/openssl/apps/dsaparam.c21
-rw-r--r--crypto/openssl/apps/enc.c146
-rw-r--r--crypto/openssl/apps/engine.c520
-rw-r--r--crypto/openssl/apps/errstr.c5
-rw-r--r--crypto/openssl/apps/gendh.c26
-rw-r--r--crypto/openssl/apps/gendsa.c42
-rw-r--r--crypto/openssl/apps/genrsa.c54
-rw-r--r--crypto/openssl/apps/nseq.c8
-rw-r--r--crypto/openssl/apps/ocsp.c1228
-rw-r--r--crypto/openssl/apps/openssl.c221
-rw-r--r--crypto/openssl/apps/openssl.cnf13
-rw-r--r--crypto/openssl/apps/passwd.c93
-rw-r--r--crypto/openssl/apps/pkcs12.c113
-rw-r--r--crypto/openssl/apps/pkcs7.c18
-rw-r--r--crypto/openssl/apps/pkcs8.c46
-rw-r--r--crypto/openssl/apps/progs.h154
-rw-r--r--crypto/openssl/apps/progs.pl30
-rw-r--r--crypto/openssl/apps/rand.c79
-rw-r--r--crypto/openssl/apps/req.c600
-rw-r--r--crypto/openssl/apps/rsa.c120
-rw-r--r--crypto/openssl/apps/rsautl.c30
-rw-r--r--crypto/openssl/apps/s_apps.h67
-rw-r--r--crypto/openssl/apps/s_cb.c317
-rw-r--r--crypto/openssl/apps/s_client.c202
-rw-r--r--crypto/openssl/apps/s_server.c286
-rw-r--r--crypto/openssl/apps/s_socket.c71
-rw-r--r--crypto/openssl/apps/s_time.c76
-rw-r--r--crypto/openssl/apps/sess_id.c7
-rw-r--r--crypto/openssl/apps/smime.c125
-rw-r--r--crypto/openssl/apps/speed.c1125
-rw-r--r--crypto/openssl/apps/spkac.c47
-rw-r--r--crypto/openssl/apps/testdsa.h72
-rw-r--r--crypto/openssl/apps/verify.c77
-rw-r--r--crypto/openssl/apps/version.c90
-rw-r--r--crypto/openssl/apps/winrand.c1
-rw-r--r--crypto/openssl/apps/x509.c208
51 files changed, 8271 insertions, 2260 deletions
diff --git a/crypto/openssl/apps/CA.pl b/crypto/openssl/apps/CA.pl
index f1ac7e7..8b2ce7e 100755
--- a/crypto/openssl/apps/CA.pl
+++ b/crypto/openssl/apps/CA.pl
@@ -5,7 +5,7 @@
# things easier between now and when Eric is convinced to fix it :-)
#
# CA -newca ... will setup the right stuff
-# CA -newreq ... will generate a certificate request
+# CA -newreq[-nodes] ... will generate a certificate request
# CA -sign ... will sign the generated request and output
#
# At the end of that grab newreq.pem and newcert.pem (one has the key
@@ -54,7 +54,7 @@ $RET = 0;
foreach (@ARGV) {
if ( /^(-\?|-h|-help)$/ ) {
- print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
+ print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
exit 0;
} elsif (/^-newcert$/) {
# create a certificate
@@ -66,6 +66,11 @@ foreach (@ARGV) {
system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
$RET=$?;
print "Request (and private key) is in newreq.pem\n";
+ } elsif (/^-newreq-nodes$/) {
+ # create a certificate request
+ system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");
+ $RET=$?;
+ print "Request (and private key) is in newreq.pem\n";
} elsif (/^-newca$/) {
# if explicitly asked for or it doesn't exist then setup the
# directory structure that Eric likes to manage things
@@ -143,7 +148,7 @@ foreach (@ARGV) {
}
} else {
print STDERR "Unknown arg $_\n";
- print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
+ print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
exit 1;
}
}
diff --git a/crypto/openssl/apps/CA.pl.in b/crypto/openssl/apps/CA.pl.in
index f1ac7e7..8b2ce7e 100644
--- a/crypto/openssl/apps/CA.pl.in
+++ b/crypto/openssl/apps/CA.pl.in
@@ -5,7 +5,7 @@
# things easier between now and when Eric is convinced to fix it :-)
#
# CA -newca ... will setup the right stuff
-# CA -newreq ... will generate a certificate request
+# CA -newreq[-nodes] ... will generate a certificate request
# CA -sign ... will sign the generated request and output
#
# At the end of that grab newreq.pem and newcert.pem (one has the key
@@ -54,7 +54,7 @@ $RET = 0;
foreach (@ARGV) {
if ( /^(-\?|-h|-help)$/ ) {
- print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
+ print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
exit 0;
} elsif (/^-newcert$/) {
# create a certificate
@@ -66,6 +66,11 @@ foreach (@ARGV) {
system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
$RET=$?;
print "Request (and private key) is in newreq.pem\n";
+ } elsif (/^-newreq-nodes$/) {
+ # create a certificate request
+ system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");
+ $RET=$?;
+ print "Request (and private key) is in newreq.pem\n";
} elsif (/^-newca$/) {
# if explicitly asked for or it doesn't exist then setup the
# directory structure that Eric likes to manage things
@@ -143,7 +148,7 @@ foreach (@ARGV) {
}
} else {
print STDERR "Unknown arg $_\n";
- print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
+ print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
exit 1;
}
}
diff --git a/crypto/openssl/apps/Makefile.ssl b/crypto/openssl/apps/Makefile.ssl
index 0b3208f..c75d0d2 100644
--- a/crypto/openssl/apps/Makefile.ssl
+++ b/crypto/openssl/apps/Makefile.ssl
@@ -5,21 +5,26 @@
DIR= apps
TOP= ..
CC= cc
-INCLUDES= -I../include
+INCLUDES= -I$(TOP) -I../include $(KRB5_INCLUDES)
CFLAG= -g -static
INSTALL_PREFIX=
INSTALLTOP= /usr/local/ssl
OPENSSLDIR= /usr/local/ssl
MAKE= make -f Makefile.ssl
-MAKEDEPEND= $(TOP)/util/domd $(TOP)
+MAKEDEPPROG= makedepend
+MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
MAKEFILE= Makefile.ssl
PERL= perl
RM= rm -f
+# KRB5 stuff
+KRB5_INCLUDES=
PEX_LIBS=
EX_LIBS=
EXE_EXT=
+SHLIB_TARGET=
+
CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG)
GENERAL=Makefile makeapps.com install.com
@@ -39,7 +44,7 @@ E_EXE= verify asn1pars req dgst dh dhparam enc passwd gendh errstr \
ca crl rsa rsautl dsa dsaparam \
x509 genrsa gendsa s_server s_client speed \
s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \
- pkcs8 spkac smime rand
+ pkcs8 spkac smime rand engine ocsp
PROGS= $(PROGRAM).c
@@ -55,14 +60,14 @@ E_OBJ= verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o er
rsa.o rsautl.o dsa.o dsaparam.o \
x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \
- ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o
+ ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o ocsp.o
E_SRC= verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \
pkcs7.c crl2p7.c crl.c \
rsa.c rsautl.c dsa.c dsaparam.c \
x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \
- ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c
+ ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c engine.c ocsp.c
SRC=$(E_SRC)
@@ -93,17 +98,20 @@ install:
@for i in $(EXE); \
do \
(echo installing $$i; \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
- chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
+ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
done;
@for i in $(SCRIPTS); \
do \
(echo installing $$i; \
- cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i; \
- chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
+ cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
+ chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
+ mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
done
- @cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR); \
- chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf
+ @cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
+ chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
+ mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf
tags:
ctags $(SRC)
@@ -117,7 +125,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(SRC)
+ $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -128,15 +136,24 @@ clean:
rm -f req
$(DLIBSSL):
- (cd ../ssl; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}')
+ (cd ..; $(MAKE) DIRS=ssl all)
$(DLIBCRYPTO):
- (cd ../crypto; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}')
+ (cd ..; $(MAKE) DIRS=crypto all)
$(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
$(RM) $(PROGRAM)
- $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
- -(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; $(PERL) tools/c_rehash certs)
+ if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+ $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO) $(EX_LIBS) ; \
+ else \
+ $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
+ fi
+ -(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; \
+ LIBPATH="`pwd`"; LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; \
+ if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH"; \
+ elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+ export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+ $(PERL) tools/c_rehash certs)
progs.h: progs.pl
$(PERL) progs.pl $(E_EXE) >progs.h
@@ -144,567 +161,724 @@ progs.h: progs.pl
# DO NOT DELETE THIS LINE -- make depend depends on it.
-app_rand.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-app_rand.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-app_rand.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-app_rand.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-app_rand.o: ../include/openssl/des.h ../include/openssl/dh.h
-app_rand.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-app_rand.o: ../include/openssl/e_os2.h ../include/openssl/evp.h
-app_rand.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-app_rand.o: ../include/openssl/md2.h ../include/openssl/md4.h
-app_rand.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-app_rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+app_rand.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+app_rand.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+app_rand.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+app_rand.o: ../include/openssl/cast.h ../include/openssl/conf.h
+app_rand.o: ../include/openssl/crypto.h ../include/openssl/des.h
+app_rand.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+app_rand.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+app_rand.o: ../include/openssl/engine.h ../include/openssl/err.h
+app_rand.o: ../include/openssl/evp.h ../include/openssl/idea.h
+app_rand.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+app_rand.o: ../include/openssl/md4.h ../include/openssl/md5.h
+app_rand.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+app_rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+app_rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
app_rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
app_rand.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
app_rand.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
app_rand.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
app_rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
-app_rand.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-app_rand.o: ../include/openssl/x509_vfy.h apps.h
-apps.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-apps.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-apps.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-apps.o: ../include/openssl/des.h ../include/openssl/dh.h
-apps.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-apps.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+app_rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+app_rand.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+app_rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h app_rand.c
+app_rand.o: apps.h
+apps.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+apps.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+apps.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+apps.o: ../include/openssl/cast.h ../include/openssl/conf.h
+apps.o: ../include/openssl/crypto.h ../include/openssl/des.h
+apps.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+apps.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+apps.o: ../include/openssl/engine.h ../include/openssl/err.h
apps.o: ../include/openssl/evp.h ../include/openssl/idea.h
apps.o: ../include/openssl/lhash.h ../include/openssl/md2.h
apps.o: ../include/openssl/md4.h ../include/openssl/md5.h
apps.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
apps.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-apps.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
-apps.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+apps.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+apps.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+apps.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
+apps.o: ../include/openssl/rand.h ../include/openssl/rc2.h
apps.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
apps.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h
apps.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-asn1pars.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-asn1pars.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-asn1pars.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-asn1pars.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-asn1pars.o: ../include/openssl/des.h ../include/openssl/dh.h
-asn1pars.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-asn1pars.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+apps.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+apps.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+apps.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.c apps.h
+asn1pars.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+asn1pars.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+asn1pars.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+asn1pars.o: ../include/openssl/cast.h ../include/openssl/conf.h
+asn1pars.o: ../include/openssl/crypto.h ../include/openssl/des.h
+asn1pars.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+asn1pars.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+asn1pars.o: ../include/openssl/engine.h ../include/openssl/err.h
asn1pars.o: ../include/openssl/evp.h ../include/openssl/idea.h
asn1pars.o: ../include/openssl/lhash.h ../include/openssl/md2.h
asn1pars.o: ../include/openssl/md4.h ../include/openssl/md5.h
asn1pars.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
asn1pars.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+asn1pars.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+asn1pars.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
asn1pars.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
asn1pars.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
asn1pars.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
asn1pars.o: ../include/openssl/sha.h ../include/openssl/stack.h
-asn1pars.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-asn1pars.o: ../include/openssl/x509_vfy.h apps.h
-ca.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ca.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ca.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-ca.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
-ca.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-ca.o: ../include/openssl/err.h ../include/openssl/evp.h
-ca.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-ca.o: ../include/openssl/md2.h ../include/openssl/md4.h
-ca.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-ca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+asn1pars.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+asn1pars.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+asn1pars.o: asn1pars.c
+ca.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ca.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ca.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ca.o: ../include/openssl/cast.h ../include/openssl/conf.h
+ca.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ca.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ca.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ca.o: ../include/openssl/engine.h ../include/openssl/err.h
+ca.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ca.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ca.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ca.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ca.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ca.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ca.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ca.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ca.o: ../include/openssl/rand.h ../include/openssl/rc2.h
ca.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
ca.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
ca.o: ../include/openssl/safestack.h ../include/openssl/sha.h
ca.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ca.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-ca.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-ciphers.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ciphers.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ciphers.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ciphers.o: ../include/openssl/comp.h ../include/openssl/conf.h
-ciphers.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ca.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+ca.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ca.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ca.c
+ciphers.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ciphers.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ciphers.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ciphers.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ciphers.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ciphers.o: ../include/openssl/des.h ../include/openssl/des_old.h
ciphers.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-ciphers.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+ciphers.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h
-ciphers.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-ciphers.o: ../include/openssl/md2.h ../include/openssl/md4.h
-ciphers.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-ciphers.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ciphers.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+ciphers.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ciphers.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ciphers.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ciphers.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ciphers.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-ciphers.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-ciphers.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ciphers.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ciphers.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ciphers.o: ../include/openssl/x509_vfy.h apps.h
-crl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-crl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-crl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-crl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-crl.o: ../include/openssl/des.h ../include/openssl/dh.h
-crl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-crl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+ciphers.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ciphers.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ciphers.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ciphers.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ciphers.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ciphers.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ciphers.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ciphers.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+ciphers.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ciphers.o: ../include/openssl/x509_vfy.h apps.h ciphers.c
+crl.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+crl.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+crl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+crl.o: ../include/openssl/cast.h ../include/openssl/conf.h
+crl.o: ../include/openssl/crypto.h ../include/openssl/des.h
+crl.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+crl.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+crl.o: ../include/openssl/engine.h ../include/openssl/err.h
crl.o: ../include/openssl/evp.h ../include/openssl/idea.h
crl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
crl.o: ../include/openssl/md4.h ../include/openssl/md5.h
crl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
crl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-crl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+crl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+crl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+crl.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
crl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
crl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
crl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
crl.o: ../include/openssl/sha.h ../include/openssl/stack.h
-crl.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-crl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-crl2p7.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-crl2p7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-crl2p7.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-crl2p7.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-crl2p7.o: ../include/openssl/des.h ../include/openssl/dh.h
-crl2p7.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-crl2p7.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+crl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+crl.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+crl.o: ../include/openssl/x509v3.h apps.h crl.c
+crl2p7.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+crl2p7.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+crl2p7.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+crl2p7.o: ../include/openssl/cast.h ../include/openssl/conf.h
+crl2p7.o: ../include/openssl/crypto.h ../include/openssl/des.h
+crl2p7.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+crl2p7.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+crl2p7.o: ../include/openssl/engine.h ../include/openssl/err.h
crl2p7.o: ../include/openssl/evp.h ../include/openssl/idea.h
crl2p7.o: ../include/openssl/lhash.h ../include/openssl/md2.h
crl2p7.o: ../include/openssl/md4.h ../include/openssl/md5.h
crl2p7.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
crl2p7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+crl2p7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+crl2p7.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
crl2p7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
crl2p7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
crl2p7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
crl2p7.o: ../include/openssl/sha.h ../include/openssl/stack.h
-crl2p7.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-crl2p7.o: ../include/openssl/x509_vfy.h apps.h
-dgst.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-dgst.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-dgst.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-dgst.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-dgst.o: ../include/openssl/des.h ../include/openssl/dh.h
-dgst.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-dgst.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+crl2p7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+crl2p7.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+crl2p7.o: crl2p7.c
+dgst.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+dgst.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+dgst.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+dgst.o: ../include/openssl/cast.h ../include/openssl/conf.h
+dgst.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dgst.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+dgst.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+dgst.o: ../include/openssl/engine.h ../include/openssl/err.h
dgst.o: ../include/openssl/evp.h ../include/openssl/idea.h
dgst.o: ../include/openssl/lhash.h ../include/openssl/md2.h
dgst.o: ../include/openssl/md4.h ../include/openssl/md5.h
dgst.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
dgst.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-dgst.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dgst.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+dgst.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dgst.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
dgst.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
dgst.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
dgst.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h
-dgst.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-dgst.o: ../include/openssl/x509_vfy.h apps.h
-dh.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-dh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-dh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-dh.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
-dh.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-dh.o: ../include/openssl/err.h ../include/openssl/evp.h
-dh.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-dh.o: ../include/openssl/md2.h ../include/openssl/md4.h
-dh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-dh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-dh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dgst.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+dgst.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dgst.c
+dh.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+dh.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+dh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+dh.o: ../include/openssl/cast.h ../include/openssl/conf.h
+dh.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dh.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+dh.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+dh.o: ../include/openssl/engine.h ../include/openssl/err.h
+dh.o: ../include/openssl/evp.h ../include/openssl/idea.h
+dh.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+dh.o: ../include/openssl/md4.h ../include/openssl/md5.h
+dh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+dh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-dh.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-dh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-dh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-dh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-dh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-dsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-dsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-dsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-dsa.o: ../include/openssl/des.h ../include/openssl/dh.h
-dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-dsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+dh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+dh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+dh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+dh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+dh.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+dh.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dh.c
+dsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+dsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+dsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+dsa.o: ../include/openssl/cast.h ../include/openssl/conf.h
+dsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+dsa.o: ../include/openssl/engine.h ../include/openssl/err.h
dsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
dsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
dsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
dsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
dsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-dsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+dsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
dsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
dsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
dsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
dsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
-dsa.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-dsa.o: ../include/openssl/x509_vfy.h apps.h
-dsaparam.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-dsaparam.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-dsaparam.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-dsaparam.o: ../include/openssl/des.h ../include/openssl/dh.h
-dsaparam.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-dsaparam.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+dsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+dsa.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dsa.c
+dsaparam.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+dsaparam.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+dsaparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+dsaparam.o: ../include/openssl/cast.h ../include/openssl/conf.h
+dsaparam.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dsaparam.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+dsaparam.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h
dsaparam.o: ../include/openssl/evp.h ../include/openssl/idea.h
dsaparam.o: ../include/openssl/lhash.h ../include/openssl/md2.h
dsaparam.o: ../include/openssl/md4.h ../include/openssl/md5.h
dsaparam.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
dsaparam.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+dsaparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dsaparam.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
dsaparam.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
dsaparam.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
dsaparam.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
dsaparam.o: ../include/openssl/sha.h ../include/openssl/stack.h
-dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-dsaparam.o: ../include/openssl/x509_vfy.h apps.h
-enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-enc.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-enc.o: ../include/openssl/des.h ../include/openssl/dh.h
-enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+dsaparam.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+dsaparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+dsaparam.o: dsaparam.c
+enc.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+enc.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+enc.o: ../include/openssl/cast.h ../include/openssl/conf.h
+enc.o: ../include/openssl/crypto.h ../include/openssl/des.h
+enc.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+enc.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+enc.o: ../include/openssl/engine.h ../include/openssl/err.h
enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
enc.o: ../include/openssl/md4.h ../include/openssl/md5.h
enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-enc.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-errstr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-errstr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-errstr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-errstr.o: ../include/openssl/comp.h ../include/openssl/conf.h
-errstr.o: ../include/openssl/crypto.h ../include/openssl/des.h
+enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+enc.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+enc.o: ../include/openssl/sha.h ../include/openssl/stack.h
+enc.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+enc.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h enc.c
+engine.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+engine.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+engine.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+engine.o: ../include/openssl/cast.h ../include/openssl/comp.h
+engine.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+engine.o: ../include/openssl/des.h ../include/openssl/des_old.h
+engine.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+engine.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+engine.o: ../include/openssl/err.h ../include/openssl/evp.h
+engine.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+engine.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+engine.o: ../include/openssl/md4.h ../include/openssl/md5.h
+engine.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+engine.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+engine.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+engine.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+engine.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+engine.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+engine.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+engine.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+engine.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+engine.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+engine.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+engine.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+engine.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+engine.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+engine.o: ../include/openssl/x509_vfy.h apps.h engine.c
+errstr.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+errstr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+errstr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+errstr.o: ../include/openssl/cast.h ../include/openssl/comp.h
+errstr.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+errstr.o: ../include/openssl/des.h ../include/openssl/des_old.h
errstr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-errstr.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+errstr.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
errstr.o: ../include/openssl/err.h ../include/openssl/evp.h
-errstr.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-errstr.o: ../include/openssl/md2.h ../include/openssl/md4.h
-errstr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-errstr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+errstr.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+errstr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+errstr.o: ../include/openssl/md4.h ../include/openssl/md5.h
+errstr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+errstr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+errstr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-errstr.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-errstr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-errstr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-errstr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-errstr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-errstr.o: ../include/openssl/x509_vfy.h apps.h
-gendh.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-gendh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-gendh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-gendh.o: ../include/openssl/des.h ../include/openssl/dh.h
-gendh.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-gendh.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+errstr.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+errstr.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+errstr.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+errstr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+errstr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+errstr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+errstr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+errstr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+errstr.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+errstr.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+errstr.o: ../include/openssl/x509_vfy.h apps.h errstr.c
+gendh.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+gendh.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+gendh.o: ../include/openssl/cast.h ../include/openssl/conf.h
+gendh.o: ../include/openssl/crypto.h ../include/openssl/des.h
+gendh.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+gendh.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+gendh.o: ../include/openssl/engine.h ../include/openssl/err.h
gendh.o: ../include/openssl/evp.h ../include/openssl/idea.h
gendh.o: ../include/openssl/lhash.h ../include/openssl/md2.h
gendh.o: ../include/openssl/md4.h ../include/openssl/md5.h
gendh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
gendh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-gendh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-gendh.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-gendh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-gendh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-gendh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-gendsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-gendsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-gendsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-gendsa.o: ../include/openssl/des.h ../include/openssl/dh.h
-gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-gendsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+gendh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+gendh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+gendh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+gendh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+gendh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+gendh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+gendh.o: ../include/openssl/sha.h ../include/openssl/stack.h
+gendh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+gendh.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h gendh.c
+gendsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+gendsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+gendsa.o: ../include/openssl/cast.h ../include/openssl/conf.h
+gendsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+gendsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+gendsa.o: ../include/openssl/engine.h ../include/openssl/err.h
gendsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
gendsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
gendsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
gendsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
gendsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-gendsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+gendsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+gendsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+gendsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
gendsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
gendsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
gendsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
gendsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
-gendsa.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-gendsa.o: ../include/openssl/x509_vfy.h apps.h
-genrsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-genrsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-genrsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-genrsa.o: ../include/openssl/des.h ../include/openssl/dh.h
-genrsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-genrsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+gendsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+gendsa.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+gendsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+gendsa.o: gendsa.c
+genrsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+genrsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+genrsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+genrsa.o: ../include/openssl/cast.h ../include/openssl/conf.h
+genrsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+genrsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+genrsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h
genrsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
genrsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
genrsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
genrsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
genrsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-genrsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+genrsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+genrsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+genrsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
genrsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
genrsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
genrsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
genrsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
-genrsa.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-genrsa.o: ../include/openssl/x509_vfy.h apps.h
-nseq.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-nseq.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-nseq.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-nseq.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-nseq.o: ../include/openssl/des.h ../include/openssl/dh.h
-nseq.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-nseq.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+genrsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+genrsa.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+genrsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+genrsa.o: genrsa.c
+nseq.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+nseq.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+nseq.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+nseq.o: ../include/openssl/cast.h ../include/openssl/conf.h
+nseq.o: ../include/openssl/crypto.h ../include/openssl/des.h
+nseq.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+nseq.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+nseq.o: ../include/openssl/engine.h ../include/openssl/err.h
nseq.o: ../include/openssl/evp.h ../include/openssl/idea.h
nseq.o: ../include/openssl/lhash.h ../include/openssl/md2.h
nseq.o: ../include/openssl/md4.h ../include/openssl/md5.h
nseq.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
nseq.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-nseq.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+nseq.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+nseq.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+nseq.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
nseq.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
nseq.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
nseq.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
nseq.o: ../include/openssl/sha.h ../include/openssl/stack.h
-nseq.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-nseq.o: ../include/openssl/x509_vfy.h apps.h
-openssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-openssl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-openssl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-openssl.o: ../include/openssl/comp.h ../include/openssl/conf.h
-openssl.o: ../include/openssl/crypto.h ../include/openssl/des.h
+nseq.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+nseq.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h nseq.c
+ocsp.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ocsp.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ocsp.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ocsp.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ocsp.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ocsp.o: ../include/openssl/des.h ../include/openssl/des_old.h
+ocsp.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ocsp.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+ocsp.o: ../include/openssl/err.h ../include/openssl/evp.h
+ocsp.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+ocsp.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ocsp.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ocsp.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ocsp.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+ocsp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ocsp.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ocsp.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ocsp.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+ocsp.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ocsp.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ocsp.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ocsp.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ocsp.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ocsp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ocsp.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+ocsp.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+ocsp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ocsp.o: ../include/openssl/x509v3.h apps.h ocsp.c
+openssl.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+openssl.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+openssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+openssl.o: ../include/openssl/cast.h ../include/openssl/comp.h
+openssl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+openssl.o: ../include/openssl/des.h ../include/openssl/des_old.h
openssl.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-openssl.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+openssl.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
openssl.o: ../include/openssl/err.h ../include/openssl/evp.h
-openssl.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-openssl.o: ../include/openssl/md2.h ../include/openssl/md4.h
-openssl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-openssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+openssl.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+openssl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+openssl.o: ../include/openssl/md4.h ../include/openssl/md5.h
+openssl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+openssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+openssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
openssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-openssl.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-openssl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-openssl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-openssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-openssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-openssl.o: ../include/openssl/x509_vfy.h apps.h progs.h s_apps.h
-passwd.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-passwd.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-passwd.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-passwd.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-passwd.o: ../include/openssl/des.h ../include/openssl/dh.h
-passwd.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-passwd.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+openssl.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+openssl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+openssl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+openssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+openssl.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+openssl.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+openssl.o: ../include/openssl/x509_vfy.h apps.h openssl.c progs.h s_apps.h
+passwd.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+passwd.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+passwd.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+passwd.o: ../include/openssl/cast.h ../include/openssl/conf.h
+passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h
+passwd.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+passwd.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+passwd.o: ../include/openssl/engine.h ../include/openssl/err.h
passwd.o: ../include/openssl/evp.h ../include/openssl/idea.h
passwd.o: ../include/openssl/lhash.h ../include/openssl/md2.h
passwd.o: ../include/openssl/md4.h ../include/openssl/md5.h
passwd.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
passwd.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-passwd.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
-passwd.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-passwd.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-passwd.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-passwd.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-passwd.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+passwd.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+passwd.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+passwd.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+passwd.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+passwd.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h
+passwd.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+passwd.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
passwd.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-pkcs12.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-pkcs12.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-pkcs12.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-pkcs12.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-pkcs12.o: ../include/openssl/des.h ../include/openssl/dh.h
-pkcs12.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-pkcs12.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+passwd.o: passwd.c
+pkcs12.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+pkcs12.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+pkcs12.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+pkcs12.o: ../include/openssl/cast.h ../include/openssl/conf.h
+pkcs12.o: ../include/openssl/crypto.h ../include/openssl/des.h
+pkcs12.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+pkcs12.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+pkcs12.o: ../include/openssl/engine.h ../include/openssl/err.h
pkcs12.o: ../include/openssl/evp.h ../include/openssl/idea.h
pkcs12.o: ../include/openssl/lhash.h ../include/openssl/md2.h
pkcs12.o: ../include/openssl/md4.h ../include/openssl/md5.h
pkcs12.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
pkcs12.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
-pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+pkcs12.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+pkcs12.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
+pkcs12.o: ../include/openssl/rand.h ../include/openssl/rc2.h
pkcs12.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
pkcs12.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
pkcs12.o: ../include/openssl/safestack.h ../include/openssl/sha.h
pkcs12.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-pkcs12.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-pkcs7.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-pkcs7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-pkcs7.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-pkcs7.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-pkcs7.o: ../include/openssl/des.h ../include/openssl/dh.h
-pkcs7.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-pkcs7.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+pkcs12.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+pkcs12.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+pkcs12.o: ../include/openssl/x509_vfy.h apps.h pkcs12.c
+pkcs7.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+pkcs7.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+pkcs7.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+pkcs7.o: ../include/openssl/cast.h ../include/openssl/conf.h
+pkcs7.o: ../include/openssl/crypto.h ../include/openssl/des.h
+pkcs7.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+pkcs7.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+pkcs7.o: ../include/openssl/engine.h ../include/openssl/err.h
pkcs7.o: ../include/openssl/evp.h ../include/openssl/idea.h
pkcs7.o: ../include/openssl/lhash.h ../include/openssl/md2.h
pkcs7.o: ../include/openssl/md4.h ../include/openssl/md5.h
pkcs7.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
pkcs7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+pkcs7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+pkcs7.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
pkcs7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
pkcs7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
pkcs7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
pkcs7.o: ../include/openssl/sha.h ../include/openssl/stack.h
-pkcs7.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-pkcs7.o: ../include/openssl/x509_vfy.h apps.h
-pkcs8.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-pkcs8.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-pkcs8.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-pkcs8.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-pkcs8.o: ../include/openssl/des.h ../include/openssl/dh.h
-pkcs8.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-pkcs8.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+pkcs7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+pkcs7.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h pkcs7.c
+pkcs8.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+pkcs8.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+pkcs8.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+pkcs8.o: ../include/openssl/cast.h ../include/openssl/conf.h
+pkcs8.o: ../include/openssl/crypto.h ../include/openssl/des.h
+pkcs8.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+pkcs8.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+pkcs8.o: ../include/openssl/engine.h ../include/openssl/err.h
pkcs8.o: ../include/openssl/evp.h ../include/openssl/idea.h
pkcs8.o: ../include/openssl/lhash.h ../include/openssl/md2.h
pkcs8.o: ../include/openssl/md4.h ../include/openssl/md5.h
pkcs8.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
pkcs8.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
-pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+pkcs8.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+pkcs8.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
+pkcs8.o: ../include/openssl/rand.h ../include/openssl/rc2.h
pkcs8.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
pkcs8.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h
pkcs8.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-pkcs8.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-rand.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-rand.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-rand.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-rand.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-rand.o: ../include/openssl/des.h ../include/openssl/dh.h
-rand.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-rand.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+pkcs8.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+pkcs8.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+pkcs8.o: ../include/openssl/x509_vfy.h apps.h pkcs8.c
+rand.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+rand.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+rand.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+rand.o: ../include/openssl/cast.h ../include/openssl/conf.h
+rand.o: ../include/openssl/crypto.h ../include/openssl/des.h
+rand.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+rand.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+rand.o: ../include/openssl/engine.h ../include/openssl/err.h
rand.o: ../include/openssl/evp.h ../include/openssl/idea.h
rand.o: ../include/openssl/lhash.h ../include/openssl/md2.h
rand.o: ../include/openssl/md4.h ../include/openssl/md5.h
rand.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-rand.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
-rand.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-rand.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-rand.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+rand.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+rand.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+rand.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
+rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+rand.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h rand.c
+req.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
req.o: ../include/openssl/asn1.h ../include/openssl/bio.h
req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
req.o: ../include/openssl/buffer.h ../include/openssl/cast.h
req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-req.o: ../include/openssl/des.h ../include/openssl/dh.h
-req.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-req.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-req.o: ../include/openssl/evp.h ../include/openssl/idea.h
-req.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-req.o: ../include/openssl/md4.h ../include/openssl/md5.h
-req.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-req.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+req.o: ../include/openssl/des.h ../include/openssl/des_old.h
+req.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+req.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+req.o: ../include/openssl/err.h ../include/openssl/evp.h
+req.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+req.o: ../include/openssl/md2.h ../include/openssl/md4.h
+req.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+req.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-req.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-req.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-req.o: ../include/openssl/sha.h ../include/openssl/stack.h
-req.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-rsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-rsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-rsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-rsa.o: ../include/openssl/des.h ../include/openssl/dh.h
-rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-rsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+req.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+req.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+req.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+req.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+req.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+req.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+req.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c
+rsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+rsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+rsa.o: ../include/openssl/cast.h ../include/openssl/conf.h
+rsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+rsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+rsa.o: ../include/openssl/engine.h ../include/openssl/err.h
rsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
rsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
rsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
rsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-rsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+rsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+rsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
rsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
rsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
rsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
-rsa.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-rsa.o: ../include/openssl/x509_vfy.h apps.h
-rsautl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-rsautl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-rsautl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-rsautl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-rsautl.o: ../include/openssl/des.h ../include/openssl/dh.h
-rsautl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-rsautl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+rsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+rsa.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h rsa.c
+rsautl.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+rsautl.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+rsautl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+rsautl.o: ../include/openssl/cast.h ../include/openssl/conf.h
+rsautl.o: ../include/openssl/crypto.h ../include/openssl/des.h
+rsautl.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+rsautl.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+rsautl.o: ../include/openssl/engine.h ../include/openssl/err.h
rsautl.o: ../include/openssl/evp.h ../include/openssl/idea.h
rsautl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
rsautl.o: ../include/openssl/md4.h ../include/openssl/md5.h
rsautl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
rsautl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-rsautl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-rsautl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+rsautl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+rsautl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+rsautl.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
rsautl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
rsautl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
rsautl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
rsautl.o: ../include/openssl/sha.h ../include/openssl/stack.h
-rsautl.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-rsautl.o: ../include/openssl/x509_vfy.h apps.h
-s_cb.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s_cb.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s_cb.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s_cb.o: ../include/openssl/comp.h ../include/openssl/conf.h
-s_cb.o: ../include/openssl/crypto.h ../include/openssl/des.h
+rsautl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+rsautl.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+rsautl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+rsautl.o: rsautl.c
+s_cb.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s_cb.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s_cb.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s_cb.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s_cb.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+s_cb.o: ../include/openssl/des.h ../include/openssl/des_old.h
s_cb.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s_cb.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_cb.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h
-s_cb.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-s_cb.o: ../include/openssl/md2.h ../include/openssl/md4.h
-s_cb.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-s_cb.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_cb.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s_cb.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s_cb.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s_cb.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s_cb.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_cb.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-s_cb.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s_cb.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s_cb.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s_cb.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s_cb.o: ../include/openssl/x509_vfy.h apps.h s_apps.h
-s_client.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s_client.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s_client.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h
-s_client.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s_cb.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s_cb.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s_cb.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s_cb.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s_cb.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s_cb.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s_cb.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+s_cb.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s_cb.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_cb.c
+s_client.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s_client.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s_client.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s_client.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+s_client.o: ../include/openssl/des.h ../include/openssl/des_old.h
s_client.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s_client.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_client.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
s_client.o: ../include/openssl/err.h ../include/openssl/evp.h
-s_client.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-s_client.o: ../include/openssl/md2.h ../include/openssl/md4.h
-s_client.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-s_client.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_client.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s_client.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s_client.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s_client.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s_client.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_client.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h
s_client.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
s_client.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
@@ -714,21 +888,24 @@ s_client.o: ../include/openssl/sha.h ../include/openssl/ssl.h
s_client.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
s_client.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-s_client.o: s_apps.h
-s_server.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s_server.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s_server.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h
-s_server.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_client.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+s_client.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s_client.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_client.c
+s_server.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s_server.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s_server.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s_server.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+s_server.o: ../include/openssl/des.h ../include/openssl/des_old.h
s_server.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s_server.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_server.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
s_server.o: ../include/openssl/err.h ../include/openssl/evp.h
-s_server.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-s_server.o: ../include/openssl/md2.h ../include/openssl/md4.h
-s_server.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-s_server.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_server.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s_server.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s_server.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s_server.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s_server.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_server.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h
s_server.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
s_server.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
@@ -738,22 +915,26 @@ s_server.o: ../include/openssl/sha.h ../include/openssl/ssl.h
s_server.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
s_server.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-s_server.o: s_apps.h
-s_socket.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s_socket.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s_socket.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s_socket.o: ../include/openssl/comp.h ../include/openssl/conf.h
-s_socket.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_server.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+s_server.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s_server.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_server.c
+s_socket.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s_socket.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s_socket.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s_socket.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s_socket.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+s_socket.o: ../include/openssl/des.h ../include/openssl/des_old.h
s_socket.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s_socket.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-s_socket.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s_socket.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+s_socket.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_socket.o: ../include/openssl/idea.h ../include/openssl/kssl.h
s_socket.o: ../include/openssl/lhash.h ../include/openssl/md2.h
s_socket.o: ../include/openssl/md4.h ../include/openssl/md5.h
s_socket.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
s_socket.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s_socket.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_socket.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s_socket.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_socket.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
s_socket.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
s_socket.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
s_socket.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -761,169 +942,200 @@ s_socket.o: ../include/openssl/sha.h ../include/openssl/ssl.h
s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
s_socket.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-s_socket.o: s_apps.h
-s_time.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s_time.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s_time.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s_time.o: ../include/openssl/comp.h ../include/openssl/conf.h
-s_time.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_socket.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+s_socket.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s_socket.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_socket.c
+s_time.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s_time.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s_time.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s_time.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s_time.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+s_time.o: ../include/openssl/des.h ../include/openssl/des_old.h
s_time.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s_time.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_time.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
s_time.o: ../include/openssl/err.h ../include/openssl/evp.h
-s_time.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-s_time.o: ../include/openssl/md2.h ../include/openssl/md4.h
-s_time.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-s_time.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_time.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s_time.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s_time.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s_time.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s_time.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_time.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s_time.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-s_time.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s_time.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s_time.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s_time.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s_time.o: ../include/openssl/x509_vfy.h apps.h s_apps.h
-sess_id.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-sess_id.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-sess_id.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-sess_id.o: ../include/openssl/comp.h ../include/openssl/conf.h
-sess_id.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_time.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s_time.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s_time.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s_time.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s_time.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s_time.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s_time.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s_time.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s_time.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+s_time.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s_time.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_time.c
+sess_id.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+sess_id.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+sess_id.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+sess_id.o: ../include/openssl/cast.h ../include/openssl/comp.h
+sess_id.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+sess_id.o: ../include/openssl/des.h ../include/openssl/des_old.h
sess_id.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-sess_id.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+sess_id.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h
-sess_id.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-sess_id.o: ../include/openssl/md2.h ../include/openssl/md4.h
-sess_id.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-sess_id.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+sess_id.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+sess_id.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+sess_id.o: ../include/openssl/md4.h ../include/openssl/md5.h
+sess_id.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+sess_id.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+sess_id.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-sess_id.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-sess_id.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-sess_id.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-sess_id.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-sess_id.o: ../include/openssl/x509_vfy.h apps.h
-smime.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-smime.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-smime.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-smime.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-smime.o: ../include/openssl/des.h ../include/openssl/dh.h
-smime.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-smime.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+sess_id.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+sess_id.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+sess_id.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+sess_id.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+sess_id.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+sess_id.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+sess_id.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+sess_id.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+sess_id.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+sess_id.o: ../include/openssl/x509_vfy.h apps.h sess_id.c
+smime.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+smime.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+smime.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+smime.o: ../include/openssl/cast.h ../include/openssl/conf.h
+smime.o: ../include/openssl/crypto.h ../include/openssl/des.h
+smime.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+smime.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+smime.o: ../include/openssl/engine.h ../include/openssl/err.h
smime.o: ../include/openssl/evp.h ../include/openssl/idea.h
smime.o: ../include/openssl/lhash.h ../include/openssl/md2.h
smime.o: ../include/openssl/md4.h ../include/openssl/md5.h
smime.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
smime.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-smime.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+smime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+smime.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+smime.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
smime.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
smime.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
smime.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
smime.o: ../include/openssl/sha.h ../include/openssl/stack.h
-smime.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-smime.o: ../include/openssl/x509_vfy.h apps.h
-speed.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-speed.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-speed.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-speed.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-speed.o: ../include/openssl/des.h ../include/openssl/dh.h
-speed.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-speed.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+smime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+smime.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+smime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h smime.c
+speed.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+speed.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+speed.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+speed.o: ../include/openssl/cast.h ../include/openssl/conf.h
+speed.o: ../include/openssl/crypto.h ../include/openssl/des.h
+speed.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+speed.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+speed.o: ../include/openssl/engine.h ../include/openssl/err.h
speed.o: ../include/openssl/evp.h ../include/openssl/hmac.h
speed.o: ../include/openssl/idea.h ../include/openssl/lhash.h
speed.o: ../include/openssl/md2.h ../include/openssl/md4.h
speed.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-speed.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
-speed.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-speed.o: ../include/openssl/x509_vfy.h ./testdsa.h ./testrsa.h apps.h
-spkac.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-spkac.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-spkac.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-spkac.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-spkac.o: ../include/openssl/des.h ../include/openssl/dh.h
-spkac.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-spkac.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+speed.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+speed.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+speed.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+speed.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+speed.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+speed.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+speed.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+speed.o: ../include/openssl/x509_vfy.h apps.h speed.c testdsa.h testrsa.h
+spkac.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+spkac.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+spkac.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+spkac.o: ../include/openssl/cast.h ../include/openssl/conf.h
+spkac.o: ../include/openssl/crypto.h ../include/openssl/des.h
+spkac.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+spkac.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+spkac.o: ../include/openssl/engine.h ../include/openssl/err.h
spkac.o: ../include/openssl/evp.h ../include/openssl/idea.h
spkac.o: ../include/openssl/lhash.h ../include/openssl/md2.h
spkac.o: ../include/openssl/md4.h ../include/openssl/md5.h
spkac.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
spkac.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-spkac.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+spkac.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+spkac.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+spkac.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
spkac.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
spkac.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
spkac.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
spkac.o: ../include/openssl/sha.h ../include/openssl/stack.h
-spkac.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-spkac.o: ../include/openssl/x509_vfy.h apps.h
-verify.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-verify.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-verify.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-verify.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-verify.o: ../include/openssl/des.h ../include/openssl/dh.h
-verify.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-verify.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+spkac.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+spkac.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+spkac.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h spkac.c
+verify.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+verify.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+verify.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+verify.o: ../include/openssl/cast.h ../include/openssl/conf.h
+verify.o: ../include/openssl/crypto.h ../include/openssl/des.h
+verify.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+verify.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+verify.o: ../include/openssl/engine.h ../include/openssl/err.h
verify.o: ../include/openssl/evp.h ../include/openssl/idea.h
verify.o: ../include/openssl/lhash.h ../include/openssl/md2.h
verify.o: ../include/openssl/md4.h ../include/openssl/md5.h
verify.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
verify.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-verify.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+verify.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+verify.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+verify.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
verify.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
verify.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
verify.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
verify.o: ../include/openssl/sha.h ../include/openssl/stack.h
-verify.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-verify.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-version.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-version.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-version.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-version.o: ../include/openssl/des.h ../include/openssl/dh.h
-version.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-version.o: ../include/openssl/e_os2.h ../include/openssl/evp.h
-version.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-version.o: ../include/openssl/md2.h ../include/openssl/md4.h
-version.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-version.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-version.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-version.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-version.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-version.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-version.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+verify.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+verify.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+verify.o: ../include/openssl/x509v3.h apps.h verify.c
+version.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+version.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+version.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+version.o: ../include/openssl/cast.h ../include/openssl/conf.h
+version.o: ../include/openssl/crypto.h ../include/openssl/des.h
+version.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+version.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+version.o: ../include/openssl/engine.h ../include/openssl/err.h
+version.o: ../include/openssl/evp.h ../include/openssl/idea.h
+version.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+version.o: ../include/openssl/md4.h ../include/openssl/md5.h
+version.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+version.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+version.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+version.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+version.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+version.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+version.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+version.o: ../include/openssl/sha.h ../include/openssl/stack.h
+version.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+version.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
version.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-x509.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-x509.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-x509.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-x509.o: ../include/openssl/des.h ../include/openssl/dh.h
-x509.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-x509.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+version.o: version.c
+x509.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+x509.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+x509.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+x509.o: ../include/openssl/cast.h ../include/openssl/conf.h
+x509.o: ../include/openssl/crypto.h ../include/openssl/des.h
+x509.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+x509.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+x509.o: ../include/openssl/engine.h ../include/openssl/err.h
x509.o: ../include/openssl/evp.h ../include/openssl/idea.h
x509.o: ../include/openssl/lhash.h ../include/openssl/md2.h
x509.o: ../include/openssl/md4.h ../include/openssl/md5.h
x509.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
x509.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-x509.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+x509.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+x509.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+x509.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
x509.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
x509.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
x509.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
x509.o: ../include/openssl/sha.h ../include/openssl/stack.h
-x509.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-x509.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+x509.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+x509.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+x509.o: ../include/openssl/x509v3.h apps.h x509.c
diff --git a/crypto/openssl/apps/app_rand.c b/crypto/openssl/apps/app_rand.c
index 8a78e12..b7b6128 100644
--- a/crypto/openssl/apps/app_rand.c
+++ b/crypto/openssl/apps/app_rand.c
@@ -124,7 +124,7 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
int consider_randfile = (file == NULL);
char buffer[200];
-#ifdef WINDOWS
+#ifdef OPENSSL_SYS_WINDOWS
BIO_printf(bio_e,"Loading 'screen' into random state -");
BIO_flush(bio_e);
RAND_screen();
@@ -142,18 +142,21 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
}
if (file == NULL || !RAND_load_file(file, -1))
{
- if (RAND_status() == 0 && !dont_warn)
+ if (RAND_status() == 0)
{
- BIO_printf(bio_e,"unable to load 'random state'\n");
- BIO_printf(bio_e,"This means that the random number generator has not been seeded\n");
- BIO_printf(bio_e,"with much random data.\n");
- if (consider_randfile) /* explanation does not apply when a file is explicitly named */
+ if (!dont_warn)
{
- BIO_printf(bio_e,"Consider setting the RANDFILE environment variable to point at a file that\n");
- BIO_printf(bio_e,"'random' data can be kept in (the file will be overwritten).\n");
+ BIO_printf(bio_e,"unable to load 'random state'\n");
+ BIO_printf(bio_e,"This means that the random number generator has not been seeded\n");
+ BIO_printf(bio_e,"with much random data.\n");
+ if (consider_randfile) /* explanation does not apply when a file is explicitly named */
+ {
+ BIO_printf(bio_e,"Consider setting the RANDFILE environment variable to point at a file that\n");
+ BIO_printf(bio_e,"'random' data can be kept in (the file will be overwritten).\n");
+ }
}
+ return 0;
}
- return 0;
}
seeded = 1;
return 1;
diff --git a/crypto/openssl/apps/apps.c b/crypto/openssl/apps/apps.c
index 618e34c..4a8c926 100644
--- a/crypto/openssl/apps/apps.c
+++ b/crypto/openssl/apps/apps.c
@@ -55,25 +55,111 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
-#define NON_MAIN
-#include "apps.h"
-#undef NON_MAIN
+#include <ctype.h>
#include <openssl/err.h>
#include <openssl/x509.h>
+#include <openssl/x509v3.h>
#include <openssl/pem.h>
#include <openssl/pkcs12.h>
+#include <openssl/ui.h>
#include <openssl/safestack.h>
+#include <openssl/engine.h>
+
+#ifdef OPENSSL_SYS_WINDOWS
+#define strcasecmp _stricmp
+#else
+# ifdef NO_STRINGS_H
+ int strcasecmp();
+# else
+# include <strings.h>
+# endif /* NO_STRINGS_H */
+#endif
-#ifdef WINDOWS
+#define NON_MAIN
+#include "apps.h"
+#undef NON_MAIN
+
+#ifdef OPENSSL_SYS_WINDOWS
# include "bss_file.c"
#endif
+typedef struct {
+ char *name;
+ unsigned long flag;
+ unsigned long mask;
+} NAME_EX_TBL;
+
+static UI_METHOD *ui_method = NULL;
+
+static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
+static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
+
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
+/* Looks like this stuff is worth moving into separate function */
+static EVP_PKEY *
+load_netscape_key(BIO *err, BIO *key, const char *file,
+ const char *key_descrip, int format);
+#endif
+
int app_init(long mesgwin);
#ifdef undef /* never finished - probably never will be :-) */
int args_from_file(char *file, int *argc, char **argv[])
@@ -170,11 +256,13 @@ int str2fmt(char *s)
|| (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
|| (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
return(FORMAT_PKCS12);
+ else if ((*s == 'E') || (*s == 'e'))
+ return(FORMAT_ENGINE);
else
return(FORMAT_UNDEF);
}
-#if defined(MSDOS) || defined(WIN32) || defined(WIN16)
+#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
void program_name(char *in, char *out, int size)
{
int i,n;
@@ -212,7 +300,7 @@ void program_name(char *in, char *out, int size)
out[n]='\0';
}
#else
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
void program_name(char *in, char *out, int size)
{
char *p=in, *q;
@@ -249,28 +337,65 @@ void program_name(char *in, char *out, int size)
p++;
else
p=in;
- strncpy(out,p,size-1);
- out[size-1]='\0';
+ BUF_strlcpy(out,p,size);
}
#endif
#endif
-#ifdef WIN32
+#ifdef OPENSSL_SYS_WIN32
int WIN32_rename(char *from, char *to)
{
-#ifdef WINNT
- int ret;
-/* Note: MoveFileEx() doesn't work under Win95, Win98 */
-
- ret=MoveFileEx(from,to,MOVEFILE_REPLACE_EXISTING|MOVEFILE_COPY_ALLOWED);
- return(ret?0:-1);
+#ifndef OPENSSL_SYS_WINCE
+ /* Windows rename gives an error if 'to' exists, so delete it
+ * first and ignore file not found errror
+ */
+ if((remove(to) != 0) && (errno != ENOENT))
+ return -1;
+#undef rename
+ return rename(from, to);
#else
- unlink(to);
- return MoveFile(from, to);
+ /* convert strings to UNICODE */
+ {
+ BOOL result = FALSE;
+ WCHAR* wfrom;
+ WCHAR* wto;
+ int i;
+ wfrom = malloc((strlen(from)+1)*2);
+ wto = malloc((strlen(to)+1)*2);
+ if (wfrom != NULL && wto != NULL)
+ {
+ for (i=0; i<(int)strlen(from)+1; i++)
+ wfrom[i] = (short)from[i];
+ for (i=0; i<(int)strlen(to)+1; i++)
+ wto[i] = (short)to[i];
+ result = MoveFile(wfrom, wto);
+ }
+ if (wfrom != NULL)
+ free(wfrom);
+ if (wto != NULL)
+ free(wto);
+ return result;
+ }
#endif
}
#endif
+#ifdef OPENSSL_SYS_VMS
+int VMS_strcasecmp(const char *str1, const char *str2)
+ {
+ while (*str1 && *str2)
+ {
+ int res = toupper(*str1) - toupper(*str2);
+ if (res) return res < 0 ? -1 : 1;
+ }
+ if (*str1)
+ return 1;
+ if (*str2)
+ return -1;
+ return 0;
+ }
+#endif
+
int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
{
int num,len,i;
@@ -346,18 +471,175 @@ int app_init(long mesgwin)
int dump_cert_text (BIO *out, X509 *x)
{
- char buf[256];
- X509_NAME_oneline(X509_get_subject_name(x),buf,256);
+ char *p;
+
+ p=X509_NAME_oneline(X509_get_subject_name(x),NULL,0);
BIO_puts(out,"subject=");
- BIO_puts(out,buf);
+ BIO_puts(out,p);
+ OPENSSL_free(p);
- X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
- BIO_puts(out,"\nissuer= ");
- BIO_puts(out,buf);
+ p=X509_NAME_oneline(X509_get_issuer_name(x),NULL,0);
+ BIO_puts(out,"\nissuer=");
+ BIO_puts(out,p);
BIO_puts(out,"\n");
- return 0;
+ OPENSSL_free(p);
+
+ return 0;
}
+static int ui_open(UI *ui)
+ {
+ return UI_method_get_opener(UI_OpenSSL())(ui);
+ }
+static int ui_read(UI *ui, UI_STRING *uis)
+ {
+ if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
+ && UI_get0_user_data(ui))
+ {
+ switch(UI_get_string_type(uis))
+ {
+ case UIT_PROMPT:
+ case UIT_VERIFY:
+ {
+ const char *password =
+ ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
+ if (password[0] != '\0')
+ {
+ UI_set_result(ui, uis, password);
+ return 1;
+ }
+ }
+ default:
+ break;
+ }
+ }
+ return UI_method_get_reader(UI_OpenSSL())(ui, uis);
+ }
+static int ui_write(UI *ui, UI_STRING *uis)
+ {
+ if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
+ && UI_get0_user_data(ui))
+ {
+ switch(UI_get_string_type(uis))
+ {
+ case UIT_PROMPT:
+ case UIT_VERIFY:
+ {
+ const char *password =
+ ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
+ if (password[0] != '\0')
+ return 1;
+ }
+ default:
+ break;
+ }
+ }
+ return UI_method_get_writer(UI_OpenSSL())(ui, uis);
+ }
+static int ui_close(UI *ui)
+ {
+ return UI_method_get_closer(UI_OpenSSL())(ui);
+ }
+int setup_ui_method(void)
+ {
+ ui_method = UI_create_method("OpenSSL application user interface");
+ UI_method_set_opener(ui_method, ui_open);
+ UI_method_set_reader(ui_method, ui_read);
+ UI_method_set_writer(ui_method, ui_write);
+ UI_method_set_closer(ui_method, ui_close);
+ return 0;
+ }
+void destroy_ui_method(void)
+ {
+ if(ui_method)
+ {
+ UI_destroy_method(ui_method);
+ ui_method = NULL;
+ }
+ }
+int password_callback(char *buf, int bufsiz, int verify,
+ PW_CB_DATA *cb_tmp)
+ {
+ UI *ui = NULL;
+ int res = 0;
+ const char *prompt_info = NULL;
+ const char *password = NULL;
+ PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;
+
+ if (cb_data)
+ {
+ if (cb_data->password)
+ password = cb_data->password;
+ if (cb_data->prompt_info)
+ prompt_info = cb_data->prompt_info;
+ }
+
+ if (password)
+ {
+ res = strlen(password);
+ if (res > bufsiz)
+ res = bufsiz;
+ memcpy(buf, password, res);
+ return res;
+ }
+
+ ui = UI_new_method(ui_method);
+ if (ui)
+ {
+ int ok = 0;
+ char *buff = NULL;
+ int ui_flags = 0;
+ char *prompt = NULL;
+
+ prompt = UI_construct_prompt(ui, "pass phrase",
+ cb_data->prompt_info);
+
+ ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
+ UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
+
+ if (ok >= 0)
+ ok = UI_add_input_string(ui,prompt,ui_flags,buf,
+ PW_MIN_LENGTH,BUFSIZ-1);
+ if (ok >= 0 && verify)
+ {
+ buff = (char *)OPENSSL_malloc(bufsiz);
+ ok = UI_add_verify_string(ui,prompt,ui_flags,buff,
+ PW_MIN_LENGTH,BUFSIZ-1, buf);
+ }
+ if (ok >= 0)
+ do
+ {
+ ok = UI_process(ui);
+ }
+ while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
+
+ if (buff)
+ {
+ OPENSSL_cleanse(buff,(unsigned int)bufsiz);
+ OPENSSL_free(buff);
+ }
+
+ if (ok >= 0)
+ res = strlen(buf);
+ if (ok == -1)
+ {
+ BIO_printf(bio_err, "User interface error\n");
+ ERR_print_errors(bio_err);
+ OPENSSL_cleanse(buf,(unsigned int)bufsiz);
+ res = 0;
+ }
+ if (ok == -2)
+ {
+ BIO_printf(bio_err,"aborted!\n");
+ OPENSSL_cleanse(buf,(unsigned int)bufsiz);
+ res = 0;
+ }
+ UI_free(ui);
+ OPENSSL_free(prompt);
+ }
+ return res;
+ }
+
static char *app_get_pass(BIO *err, char *arg, int keepbio);
int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2)
@@ -433,14 +715,18 @@ static char *app_get_pass(BIO *err, char *arg, int keepbio)
return BUF_strdup(tpass);
}
-int add_oid_section(BIO *err, LHASH *conf)
+int add_oid_section(BIO *err, CONF *conf)
{
char *p;
STACK_OF(CONF_VALUE) *sktmp;
CONF_VALUE *cnf;
int i;
- if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1;
- if(!(sktmp = CONF_get_section(conf, p))) {
+ if(!(p=NCONF_get_string(conf,NULL,"oid_section")))
+ {
+ ERR_clear_error();
+ return 1;
+ }
+ if(!(sktmp = NCONF_get_section(conf, p))) {
BIO_printf(err, "problem loading oid section %s\n", p);
return 0;
}
@@ -455,7 +741,8 @@ int add_oid_section(BIO *err, LHASH *conf)
return 1;
}
-X509 *load_cert(BIO *err, char *file, int format)
+X509 *load_cert(BIO *err, const char *file, int format,
+ const char *pass, ENGINE *e, const char *cert_descrip)
{
ASN1_HEADER *ah=NULL;
BUF_MEM *buf=NULL;
@@ -469,12 +756,17 @@ X509 *load_cert(BIO *err, char *file, int format)
}
if (file == NULL)
+ {
+ setvbuf(stdin, NULL, _IONBF, 0);
BIO_set_fp(cert,stdin,BIO_NOCLOSE);
+ }
else
{
if (BIO_read_filename(cert,file) <= 0)
{
- perror(file);
+ BIO_printf(err, "Error opening %s %s\n",
+ cert_descrip, file);
+ ERR_print_errors(err);
goto end;
}
}
@@ -525,7 +817,8 @@ X509 *load_cert(BIO *err, char *file, int format)
ah->data=NULL;
}
else if (format == FORMAT_PEM)
- x=PEM_read_bio_X509_AUX(cert,NULL,NULL,NULL);
+ x=PEM_read_bio_X509_AUX(cert,NULL,
+ (pem_password_cb *)password_callback, NULL);
else if (format == FORMAT_PKCS12)
{
PKCS12 *p12 = d2i_PKCS12_bio(cert, NULL);
@@ -535,7 +828,8 @@ X509 *load_cert(BIO *err, char *file, int format)
p12 = NULL;
}
else {
- BIO_printf(err,"bad input format specified for input cert\n");
+ BIO_printf(err,"bad input format specified for %s\n",
+ cert_descrip);
goto end;
}
end:
@@ -550,35 +844,62 @@ end:
return(x);
}
-EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass)
+EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
+ const char *pass, ENGINE *e, const char *key_descrip)
{
BIO *key=NULL;
EVP_PKEY *pkey=NULL;
+ PW_CB_DATA cb_data;
- if (file == NULL)
+ cb_data.password = pass;
+ cb_data.prompt_info = file;
+
+ if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE))
{
BIO_printf(err,"no keyfile specified\n");
goto end;
}
+ if (format == FORMAT_ENGINE)
+ {
+ if (!e)
+ BIO_printf(bio_err,"no engine specified\n");
+ else
+ pkey = ENGINE_load_private_key(e, file,
+ ui_method, &cb_data);
+ goto end;
+ }
key=BIO_new(BIO_s_file());
if (key == NULL)
{
ERR_print_errors(err);
goto end;
}
- if (BIO_read_filename(key,file) <= 0)
+ if (file == NULL && maybe_stdin)
{
- perror(file);
- goto end;
+ setvbuf(stdin, NULL, _IONBF, 0);
+ BIO_set_fp(key,stdin,BIO_NOCLOSE);
}
+ else
+ if (BIO_read_filename(key,file) <= 0)
+ {
+ BIO_printf(err, "Error opening %s %s\n",
+ key_descrip, file);
+ ERR_print_errors(err);
+ goto end;
+ }
if (format == FORMAT_ASN1)
{
pkey=d2i_PrivateKey_bio(key, NULL);
}
else if (format == FORMAT_PEM)
{
- pkey=PEM_read_bio_PrivateKey(key,NULL,NULL,pass);
+ pkey=PEM_read_bio_PrivateKey(key,NULL,
+ (pem_password_cb *)password_callback, &cb_data);
}
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
+ else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
+ pkey = load_netscape_key(err, key, file, key_descrip, format);
+#endif
else if (format == FORMAT_PKCS12)
{
PKCS12 *p12 = d2i_PKCS12_bio(key, NULL);
@@ -589,36 +910,58 @@ EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass)
}
else
{
- BIO_printf(err,"bad input format specified for key\n");
+ BIO_printf(err,"bad input format specified for key file\n");
goto end;
}
end:
if (key != NULL) BIO_free(key);
if (pkey == NULL)
- BIO_printf(err,"unable to load Private Key\n");
+ BIO_printf(err,"unable to load %s\n", key_descrip);
return(pkey);
}
-EVP_PKEY *load_pubkey(BIO *err, char *file, int format)
+EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
+ const char *pass, ENGINE *e, const char *key_descrip)
{
BIO *key=NULL;
EVP_PKEY *pkey=NULL;
+ PW_CB_DATA cb_data;
- if (file == NULL)
+ cb_data.password = pass;
+ cb_data.prompt_info = file;
+
+ if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE))
{
BIO_printf(err,"no keyfile specified\n");
goto end;
}
+ if (format == FORMAT_ENGINE)
+ {
+ if (!e)
+ BIO_printf(bio_err,"no engine specified\n");
+ else
+ pkey = ENGINE_load_public_key(e, file,
+ ui_method, &cb_data);
+ goto end;
+ }
key=BIO_new(BIO_s_file());
if (key == NULL)
{
ERR_print_errors(err);
goto end;
}
- if (BIO_read_filename(key,file) <= 0)
+ if (file == NULL && maybe_stdin)
{
- perror(file);
- goto end;
+ setvbuf(stdin, NULL, _IONBF, 0);
+ BIO_set_fp(key,stdin,BIO_NOCLOSE);
+ }
+ else
+ if (BIO_read_filename(key,file) <= 0)
+ {
+ BIO_printf(err, "Error opening %s %s\n",
+ key_descrip, file);
+ ERR_print_errors(err);
+ goto end;
}
if (format == FORMAT_ASN1)
{
@@ -626,27 +969,83 @@ EVP_PKEY *load_pubkey(BIO *err, char *file, int format)
}
else if (format == FORMAT_PEM)
{
- pkey=PEM_read_bio_PUBKEY(key,NULL,NULL,NULL);
+ pkey=PEM_read_bio_PUBKEY(key,NULL,
+ (pem_password_cb *)password_callback, &cb_data);
}
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
+ else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
+ pkey = load_netscape_key(err, key, file, key_descrip, format);
+#endif
else
{
- BIO_printf(err,"bad input format specified for key\n");
+ BIO_printf(err,"bad input format specified for key file\n");
goto end;
}
end:
if (key != NULL) BIO_free(key);
if (pkey == NULL)
- BIO_printf(err,"unable to load Public Key\n");
+ BIO_printf(err,"unable to load %s\n", key_descrip);
return(pkey);
}
-STACK_OF(X509) *load_certs(BIO *err, char *file, int format)
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
+static EVP_PKEY *
+load_netscape_key(BIO *err, BIO *key, const char *file,
+ const char *key_descrip, int format)
+ {
+ EVP_PKEY *pkey;
+ BUF_MEM *buf;
+ RSA *rsa;
+ const unsigned char *p;
+ int size, i;
+
+ buf=BUF_MEM_new();
+ pkey = EVP_PKEY_new();
+ size = 0;
+ if (buf == NULL || pkey == NULL)
+ goto error;
+ for (;;)
+ {
+ if (!BUF_MEM_grow_clean(buf,size+1024*10))
+ goto error;
+ i = BIO_read(key, &(buf->data[size]), 1024*10);
+ size += i;
+ if (i == 0)
+ break;
+ if (i < 0)
+ {
+ BIO_printf(err, "Error reading %s %s",
+ key_descrip, file);
+ goto error;
+ }
+ }
+ p=(unsigned char *)buf->data;
+ rsa = d2i_RSA_NET(NULL,&p,(long)size,NULL,
+ (format == FORMAT_IISSGC ? 1 : 0));
+ if (rsa == NULL)
+ goto error;
+ BUF_MEM_free(buf);
+ EVP_PKEY_set1_RSA(pkey, rsa);
+ return pkey;
+error:
+ BUF_MEM_free(buf);
+ EVP_PKEY_free(pkey);
+ return NULL;
+ }
+#endif /* ndef OPENSSL_NO_RC4 */
+
+STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
+ const char *pass, ENGINE *e, const char *cert_descrip)
{
BIO *certs;
int i;
STACK_OF(X509) *othercerts = NULL;
STACK_OF(X509_INFO) *allcerts = NULL;
X509_INFO *xi;
+ PW_CB_DATA cb_data;
+
+ cb_data.password = pass;
+ cb_data.prompt_info = file;
if((certs = BIO_new(BIO_s_file())) == NULL)
{
@@ -660,7 +1059,9 @@ STACK_OF(X509) *load_certs(BIO *err, char *file, int format)
{
if (BIO_read_filename(certs,file) <= 0)
{
- perror(file);
+ BIO_printf(err, "Error opening %s %s\n",
+ cert_descrip, file);
+ ERR_print_errors(err);
goto end;
}
}
@@ -674,7 +1075,8 @@ STACK_OF(X509) *load_certs(BIO *err, char *file, int format)
othercerts = NULL;
goto end;
}
- allcerts = PEM_X509_INFO_read_bio(certs, NULL, NULL, NULL);
+ allcerts = PEM_X509_INFO_read_bio(certs, NULL,
+ (pem_password_cb *)password_callback, &cb_data);
for(i = 0; i < sk_X509_INFO_num(allcerts); i++)
{
xi = sk_X509_INFO_value (allcerts, i);
@@ -687,7 +1089,8 @@ STACK_OF(X509) *load_certs(BIO *err, char *file, int format)
goto end;
}
else {
- BIO_printf(err,"bad input format specified for input cert\n");
+ BIO_printf(err,"bad input format specified for %s\n",
+ cert_descrip);
goto end;
}
end:
@@ -701,16 +1104,49 @@ end:
return(othercerts);
}
-typedef struct {
- char *name;
- unsigned long flag;
- unsigned long mask;
-} NAME_EX_TBL;
+
+#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
+/* Return error for unknown extensions */
+#define X509V3_EXT_DEFAULT 0
+/* Print error for unknown extensions */
+#define X509V3_EXT_ERROR_UNKNOWN (1L << 16)
+/* ASN1 parse unknown extensions */
+#define X509V3_EXT_PARSE_UNKNOWN (2L << 16)
+/* BIO_dump unknown extensions */
+#define X509V3_EXT_DUMP_UNKNOWN (3L << 16)
+
+#define X509_FLAG_CA (X509_FLAG_NO_ISSUER | X509_FLAG_NO_PUBKEY | \
+ X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION)
+
+int set_cert_ex(unsigned long *flags, const char *arg)
+{
+ static const NAME_EX_TBL cert_tbl[] = {
+ { "compatible", X509_FLAG_COMPAT, 0xffffffffl},
+ { "ca_default", X509_FLAG_CA, 0xffffffffl},
+ { "no_header", X509_FLAG_NO_HEADER, 0},
+ { "no_version", X509_FLAG_NO_VERSION, 0},
+ { "no_serial", X509_FLAG_NO_SERIAL, 0},
+ { "no_signame", X509_FLAG_NO_SIGNAME, 0},
+ { "no_validity", X509_FLAG_NO_VALIDITY, 0},
+ { "no_subject", X509_FLAG_NO_SUBJECT, 0},
+ { "no_issuer", X509_FLAG_NO_ISSUER, 0},
+ { "no_pubkey", X509_FLAG_NO_PUBKEY, 0},
+ { "no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
+ { "no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
+ { "no_aux", X509_FLAG_NO_AUX, 0},
+ { "no_attributes", X509_FLAG_NO_ATTRIBUTES, 0},
+ { "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
+ { "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+ { "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+ { "ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+ { NULL, 0, 0}
+ };
+ return set_multi_opts(flags, arg, cert_tbl);
+}
int set_name_ex(unsigned long *flags, const char *arg)
{
- char c;
- const NAME_EX_TBL *ptbl, ex_tbl[] = {
+ static const NAME_EX_TBL ex_tbl[] = {
{ "esc_2253", ASN1_STRFLGS_ESC_2253, 0},
{ "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
{ "esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
@@ -730,15 +1166,95 @@ int set_name_ex(unsigned long *flags, const char *arg)
{ "nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
{ "sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
{ "lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
+ { "align", XN_FLAG_FN_ALIGN, 0},
{ "oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
{ "space_eq", XN_FLAG_SPC_EQ, 0},
{ "dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
{ "RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
{ "oneline", XN_FLAG_ONELINE, 0xffffffffL},
{ "multiline", XN_FLAG_MULTILINE, 0xffffffffL},
+ { "ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
{ NULL, 0, 0}
};
+ return set_multi_opts(flags, arg, ex_tbl);
+}
+
+int set_ext_copy(int *copy_type, const char *arg)
+{
+ if (!strcasecmp(arg, "none"))
+ *copy_type = EXT_COPY_NONE;
+ else if (!strcasecmp(arg, "copy"))
+ *copy_type = EXT_COPY_ADD;
+ else if (!strcasecmp(arg, "copyall"))
+ *copy_type = EXT_COPY_ALL;
+ else
+ return 0;
+ return 1;
+}
+
+int copy_extensions(X509 *x, X509_REQ *req, int copy_type)
+{
+ STACK_OF(X509_EXTENSION) *exts = NULL;
+ X509_EXTENSION *ext, *tmpext;
+ ASN1_OBJECT *obj;
+ int i, idx, ret = 0;
+ if (!x || !req || (copy_type == EXT_COPY_NONE))
+ return 1;
+ exts = X509_REQ_get_extensions(req);
+
+ for(i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
+ ext = sk_X509_EXTENSION_value(exts, i);
+ obj = X509_EXTENSION_get_object(ext);
+ idx = X509_get_ext_by_OBJ(x, obj, -1);
+ /* Does extension exist? */
+ if (idx != -1) {
+ /* If normal copy don't override existing extension */
+ if (copy_type == EXT_COPY_ADD)
+ continue;
+ /* Delete all extensions of same type */
+ do {
+ tmpext = X509_get_ext(x, idx);
+ X509_delete_ext(x, idx);
+ X509_EXTENSION_free(tmpext);
+ idx = X509_get_ext_by_OBJ(x, obj, -1);
+ } while (idx != -1);
+ }
+ if (!X509_add_ext(x, ext, -1))
+ goto end;
+ }
+
+ ret = 1;
+ end:
+
+ sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+
+ return ret;
+}
+
+
+
+
+static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
+{
+ STACK_OF(CONF_VALUE) *vals;
+ CONF_VALUE *val;
+ int i, ret = 1;
+ if(!arg) return 0;
+ vals = X509V3_parse_list(arg);
+ for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
+ val = sk_CONF_VALUE_value(vals, i);
+ if (!set_table_opts(flags, val->name, in_tbl))
+ ret = 0;
+ }
+ sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
+ return ret;
+}
+
+static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
+{
+ char c;
+ const NAME_EX_TBL *ptbl;
c = arg[0];
if(c == '-') {
@@ -749,8 +1265,8 @@ int set_name_ex(unsigned long *flags, const char *arg)
arg++;
} else c = 1;
- for(ptbl = ex_tbl; ptbl->name; ptbl++) {
- if(!strcmp(arg, ptbl->name)) {
+ for(ptbl = in_tbl; ptbl->name; ptbl++) {
+ if(!strcasecmp(arg, ptbl->name)) {
*flags &= ~ptbl->mask;
if(c) *flags |= ptbl->flag;
else *flags &= ~ptbl->flag;
@@ -765,6 +1281,7 @@ void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
char *buf;
char mline = 0;
int indent = 0;
+
if(title) BIO_puts(out, title);
if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
mline = 1;
@@ -782,3 +1299,122 @@ void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
}
}
+X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath)
+{
+ X509_STORE *store;
+ X509_LOOKUP *lookup;
+ if(!(store = X509_STORE_new())) goto end;
+ lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
+ if (lookup == NULL) goto end;
+ if (CAfile) {
+ if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) {
+ BIO_printf(bp, "Error loading file %s\n", CAfile);
+ goto end;
+ }
+ } else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
+
+ lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
+ if (lookup == NULL) goto end;
+ if (CApath) {
+ if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) {
+ BIO_printf(bp, "Error loading directory %s\n", CApath);
+ goto end;
+ }
+ } else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
+
+ ERR_clear_error();
+ return store;
+ end:
+ X509_STORE_free(store);
+ return NULL;
+}
+
+/* Try to load an engine in a shareable library */
+static ENGINE *try_load_engine(BIO *err, const char *engine, int debug)
+ {
+ ENGINE *e = ENGINE_by_id("dynamic");
+ if (e)
+ {
+ if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0)
+ || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
+ {
+ ENGINE_free(e);
+ e = NULL;
+ }
+ }
+ return e;
+ }
+
+ENGINE *setup_engine(BIO *err, const char *engine, int debug)
+ {
+ ENGINE *e = NULL;
+
+ if (engine)
+ {
+ if(strcmp(engine, "auto") == 0)
+ {
+ BIO_printf(err,"enabling auto ENGINE support\n");
+ ENGINE_register_all_complete();
+ return NULL;
+ }
+ if((e = ENGINE_by_id(engine)) == NULL
+ && (e = try_load_engine(err, engine, debug)) == NULL)
+ {
+ BIO_printf(err,"invalid engine \"%s\"\n", engine);
+ ERR_print_errors(err);
+ return NULL;
+ }
+ if (debug)
+ {
+ ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
+ 0, err, 0);
+ }
+ ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);
+ if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+ {
+ BIO_printf(err,"can't use that engine\n");
+ ERR_print_errors(err);
+ ENGINE_free(e);
+ return NULL;
+ }
+
+ BIO_printf(err,"engine \"%s\" set.\n", ENGINE_get_id(e));
+
+ /* Free our "structural" reference. */
+ ENGINE_free(e);
+ }
+ return e;
+ }
+
+int load_config(BIO *err, CONF *cnf)
+ {
+ if (!cnf)
+ cnf = config;
+ if (!cnf)
+ return 1;
+
+ OPENSSL_load_builtin_modules();
+
+ if (CONF_modules_load(cnf, NULL, 0) <= 0)
+ {
+ BIO_printf(err, "Error configuring OpenSSL\n");
+ ERR_print_errors(err);
+ return 0;
+ }
+ return 1;
+ }
+
+char *make_config_name()
+ {
+ const char *t=X509_get_default_cert_area();
+ char *p;
+
+ p=OPENSSL_malloc(strlen(t)+strlen(OPENSSL_CONF)+2);
+ strcpy(p,t);
+#ifndef OPENSSL_SYS_VMS
+ strcat(p,"/");
+#endif
+ strcat(p,OPENSSL_CONF);
+
+ return p;
+ }
diff --git a/crypto/openssl/apps/apps.h b/crypto/openssl/apps/apps.h
index 82587b9..7b1f8de 100644
--- a/crypto/openssl/apps/apps.h
+++ b/crypto/openssl/apps/apps.h
@@ -55,11 +55,64 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
#ifndef HEADER_APPS_H
#define HEADER_APPS_H
-#include "openssl/e_os.h"
+#include "e_os.h"
#include <openssl/buffer.h>
#include <openssl/bio.h>
@@ -67,6 +120,9 @@
#include <openssl/x509.h>
#include <openssl/lhash.h>
#include <openssl/conf.h>
+#include <openssl/txt_db.h>
+#include <openssl/engine.h>
+#include <openssl/ossl_typ.h>
int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
int app_RAND_write_file(const char *file, BIO *bio_e);
@@ -78,29 +134,33 @@ long app_RAND_load_files(char *file); /* `file' is a list of files to read,
* (see e_os.h). The string is
* destroyed! */
-#ifdef NO_STDIO
-BIO_METHOD *BIO_s_file();
-#endif
-
-#ifdef WIN32
+#ifdef OPENSSL_SYS_WIN32
#define rename(from,to) WIN32_rename((from),(to))
int WIN32_rename(char *oldname,char *newname);
#endif
+/* VMS below version 7.0 doesn't have strcasecmp() */
+#ifdef OPENSSL_SYS_VMS
+#define strcasecmp(str1,str2) VMS_strcasecmp((str1),(str2))
+int VMS_strcasecmp(const char *str1, const char *str2);
+#endif
+
#ifndef MONOLITH
#define MAIN(a,v) main(a,v)
#ifndef NON_MAIN
+CONF *config=NULL;
BIO *bio_err=NULL;
#else
+extern CONF *config;
extern BIO *bio_err;
#endif
#else
#define MAIN(a,v) PROG(a,v)
-extern LHASH *config;
+extern CONF *config;
extern char *default_config_file;
extern BIO *bio_err;
@@ -115,21 +175,34 @@ extern BIO *bio_err;
#endif
#if defined(MONOLITH) && !defined(OPENSSL_C)
-# define apps_startup() do_pipe_sig()
+# define apps_startup() \
+ do_pipe_sig()
+# define apps_shutdown()
#else
-# if defined(MSDOS) || defined(WIN16) || defined(WIN32)
+# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \
+ defined(OPENSSL_SYS_WIN32)
# ifdef _O_BINARY
# define apps_startup() \
- _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
- SSLeay_add_all_algorithms()
+ do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+ ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+ ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
# else
# define apps_startup() \
- _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
- SSLeay_add_all_algorithms()
+ do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+ ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+ ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
# endif
# else
-# define apps_startup() do_pipe_sig(); SSLeay_add_all_algorithms();
+# define apps_startup() \
+ do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \
+ ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \
+ setup_ui_method(); } while(0)
# endif
+# define apps_shutdown() \
+ do { CONF_modules_unload(1); destroy_ui_method(); \
+ EVP_cleanup(); ENGINE_cleanup(); \
+ CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
+ ERR_free_strings(); } while(0)
#endif
typedef struct args_st
@@ -138,6 +211,19 @@ typedef struct args_st
int count;
} ARGS;
+#define PW_MIN_LENGTH 4
+typedef struct pw_cb_data
+ {
+ const void *password;
+ const char *prompt_info;
+ } PW_CB_DATA;
+
+int password_callback(char *buf, int bufsiz, int verify,
+ PW_CB_DATA *cb_data);
+
+int setup_ui_method(void);
+void destroy_ui_method(void);
+
int should_retry(int i);
int args_from_file(char *file, int *argc, char **argv[]);
int str2fmt(char *s);
@@ -147,13 +233,32 @@ int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
int dump_cert_text(BIO *out, X509 *x);
void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags);
#endif
+int set_cert_ex(unsigned long *flags, const char *arg);
int set_name_ex(unsigned long *flags, const char *arg);
+int set_ext_copy(int *copy_type, const char *arg);
+int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
-int add_oid_section(BIO *err, LHASH *conf);
-X509 *load_cert(BIO *err, char *file, int format);
-EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass);
-EVP_PKEY *load_pubkey(BIO *err, char *file, int format);
-STACK_OF(X509) *load_certs(BIO *err, char *file, int format);
+int add_oid_section(BIO *err, CONF *conf);
+X509 *load_cert(BIO *err, const char *file, int format,
+ const char *pass, ENGINE *e, const char *cert_descrip);
+EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
+ const char *pass, ENGINE *e, const char *key_descrip);
+EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
+ const char *pass, ENGINE *e, const char *key_descrip);
+STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
+ const char *pass, ENGINE *e, const char *cert_descrip);
+X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
+ENGINE *setup_engine(BIO *err, const char *engine, int debug);
+
+int load_config(BIO *err, CONF *cnf);
+char *make_config_name(void);
+
+/* Functions defined in ca.c and also used in ocsp.c */
+int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
+ ASN1_GENERALIZEDTIME **pinvtm, char *str);
+int make_serial_index(TXT_DB *db);
+
+X509_NAME *do_subject(char *str, long chtype);
#define FORMAT_UNDEF 0
#define FORMAT_ASN1 1
@@ -162,6 +267,13 @@ STACK_OF(X509) *load_certs(BIO *err, char *file, int format);
#define FORMAT_NETSCAPE 4
#define FORMAT_PKCS12 5
#define FORMAT_SMIME 6
+#define FORMAT_ENGINE 7
+#define FORMAT_IISSGC 8 /* XXX this stupid macro helps us to avoid
+ * adding yet another param to load_*key() */
+
+#define EXT_COPY_NONE 0
+#define EXT_COPY_ADD 1
+#define EXT_COPY_ALL 2
#define NETSCAPE_CERT_HDR "certificate"
diff --git a/crypto/openssl/apps/asn1pars.c b/crypto/openssl/apps/asn1pars.c
index 5339166..8367415 100644
--- a/crypto/openssl/apps/asn1pars.c
+++ b/crypto/openssl/apps/asn1pars.c
@@ -103,6 +103,9 @@ int MAIN(int argc, char **argv)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ if (!load_config(bio_err, NULL))
+ goto end;
+
prog=argv[0];
argc--;
argv++;
@@ -205,7 +208,7 @@ bad:
goto end;
}
BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
@@ -328,6 +331,7 @@ end:
if (at != NULL) ASN1_TYPE_free(at);
if (osk != NULL) sk_free(osk);
OBJ_cleanup();
- EXIT(ret);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
}
diff --git a/crypto/openssl/apps/ca.c b/crypto/openssl/apps/ca.c
index 0618bb5..93e61f6 100644
--- a/crypto/openssl/apps/ca.c
+++ b/crypto/openssl/apps/ca.c
@@ -61,9 +61,9 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <ctype.h>
#include <sys/types.h>
#include <sys/stat.h>
-#include "apps.h"
#include <openssl/conf.h>
#include <openssl/bio.h>
#include <openssl/err.h>
@@ -73,20 +73,33 @@
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/objects.h>
+#include <openssl/ocsp.h>
#include <openssl/pem.h>
+#ifdef OPENSSL_SYS_WINDOWS
+#define strcasecmp _stricmp
+#else
+# ifdef NO_STRINGS_H
+ int strcasecmp();
+# else
+# include <strings.h>
+# endif /* NO_STRINGS_H */
+#endif
+
#ifndef W_OK
-# ifdef VMS
+# ifdef OPENSSL_SYS_VMS
# if defined(__DECC)
# include <unistd.h>
# else
# include <unixlib.h>
# endif
-# elif !defined(VXWORKS)
+# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS)
# include <sys/file.h>
# endif
#endif
+#include "apps.h"
+
#ifndef W_OK
# define F_OK 0
# define X_OK 1
@@ -118,11 +131,15 @@
#define ENV_DEFAULT_CRL_DAYS "default_crl_days"
#define ENV_DEFAULT_CRL_HOURS "default_crl_hours"
#define ENV_DEFAULT_MD "default_md"
+#define ENV_DEFAULT_EMAIL_DN "email_in_dn"
#define ENV_PRESERVE "preserve"
#define ENV_POLICY "policy"
#define ENV_EXTENSIONS "x509_extensions"
#define ENV_CRLEXT "crl_extensions"
#define ENV_MSIE_HACK "msie_hack"
+#define ENV_NAMEOPT "name_opt"
+#define ENV_CERTOPT "cert_opt"
+#define ENV_EXTCOPY "copy_extensions"
#define ENV_DATABASE "database"
@@ -138,6 +155,14 @@
#define DB_TYPE_EXP 'E'
#define DB_TYPE_VAL 'V'
+/* Additional revocation information types */
+
+#define REV_NONE 0 /* No addditional information */
+#define REV_CRL_REASON 1 /* Value is CRL reason code */
+#define REV_HOLD 2 /* Value is hold instruction */
+#define REV_KEY_COMPROMISE 3 /* Value is cert key compromise time */
+#define REV_CA_COMPROMISE 4 /* Value is CA key compromise time */
+
static char *ca_usage[]={
"usage: ca args\n",
"\n",
@@ -152,7 +177,8 @@ static char *ca_usage[]={
" -days arg - number of days to certify the certificate for\n",
" -md arg - md to use, one of md2, md5, sha or sha1\n",
" -policy arg - The CA 'policy' to support\n",
-" -keyfile arg - PEM private key file\n",
+" -keyfile arg - private key file\n",
+" -keyform arg - private key file format (PEM or ENGINE)\n",
" -key arg - key to decode the private key if it is encrypted\n",
" -cert file - The CA certificate\n",
" -in file - The input PEM encoded certificate request(s)\n",
@@ -162,11 +188,17 @@ static char *ca_usage[]={
" -spkac file - File contains DN and signed public key and challenge\n",
" -ss_cert file - File contains a self signed cert to sign\n",
" -preserveDN - Don't re-order the DN\n",
+" -noemailDN - Don't add the EMAIL field into certificate' subject\n",
" -batch - Don't ask questions\n",
" -msie_hack - msie modifications to handle all those universal strings\n",
" -revoke file - Revoke a certificate (given in file)\n",
+" -subj arg - Use arg instead of request's subject\n",
" -extensions .. - Extension section (override value in config file)\n",
+" -extfile file - Configuration file with X509v3 extentions to add\n",
" -crlexts .. - CRL extension section (override value in config file)\n",
+" -engine e - use engine e, possibly a hardware device.\n",
+" -status serial - Shows certificate status given the serial number\n",
+" -updatedb - Updates db for expired certificates\n",
NULL
};
@@ -177,54 +209,77 @@ extern int EF_ALIGNMENT;
#endif
static void lookup_fail(char *name,char *tag);
-static unsigned long index_serial_hash(char **a);
-static int index_serial_cmp(char **a, char **b);
-static unsigned long index_name_hash(char **a);
+static unsigned long index_serial_hash(const char **a);
+static int index_serial_cmp(const char **a, const char **b);
+static unsigned long index_name_hash(const char **a);
static int index_name_qual(char **a);
-static int index_name_cmp(char **a,char **b);
+static int index_name_cmp(const char **a,const char **b);
static BIGNUM *load_serial(char *serialfile);
static int save_serial(char *serialfile, BIGNUM *serial);
static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,TXT_DB *db,
- BIGNUM *serial, char *startdate,char *enddate, int days,
- int batch, char *ext_sect, LHASH *conf,int verbose);
+ BIGNUM *serial, char *subj, int email_dn, char *startdate,
+ char *enddate, long days, int batch, char *ext_sect, CONF *conf,
+ int verbose, unsigned long certopt, unsigned long nameopt,
+ int default_op, int ext_copy);
static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
- TXT_DB *db, BIGNUM *serial,char *startdate,
- char *enddate, int days, int batch, char *ext_sect,
- LHASH *conf,int verbose);
+ TXT_DB *db, BIGNUM *serial, char *subj, int email_dn,
+ char *startdate, char *enddate, long days, int batch,
+ char *ext_sect, CONF *conf,int verbose, unsigned long certopt,
+ unsigned long nameopt, int default_op, int ext_copy,
+ ENGINE *e);
static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
- TXT_DB *db, BIGNUM *serial,char *startdate,
- char *enddate, int days, char *ext_sect,LHASH *conf,
- int verbose);
+ TXT_DB *db, BIGNUM *serial,char *subj, int email_dn,
+ char *startdate, char *enddate, long days, char *ext_sect,
+ CONF *conf, int verbose, unsigned long certopt,
+ unsigned long nameopt, int default_op, int ext_copy);
static int fix_data(int nid, int *type);
static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
- STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,
- char *startdate, char *enddate, int days, int batch, int verbose,
- X509_REQ *req, char *ext_sect, LHASH *conf);
-static int do_revoke(X509 *x509, TXT_DB *db);
+ STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,char *subj,
+ int email_dn, char *startdate, char *enddate, long days, int batch,
+ int verbose, X509_REQ *req, char *ext_sect, CONF *conf,
+ unsigned long certopt, unsigned long nameopt, int default_op,
+ int ext_copy);
+static int do_revoke(X509 *x509, TXT_DB *db, int ext, char *extval);
+static int get_certificate_status(const char *ser_status, TXT_DB *db);
+static int do_updatedb(TXT_DB *db);
static int check_time_format(char *str);
-static LHASH *conf=NULL;
+char *make_revocation_str(int rev_type, char *rev_arg);
+int make_revoked(X509_REVOKED *rev, char *str);
+int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str);
+static CONF *conf=NULL;
+static CONF *extconf=NULL;
static char *section=NULL;
static int preserve=0;
static int msie_hack=0;
+static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
+static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
+static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **)
+static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **)
+
+
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
char *key=NULL,*passargin=NULL;
+ int free_key = 0;
int total=0;
int total_done=0;
int badops=0;
int ret=1;
+ int email_dn=1;
int req=0;
int verbose=0;
int gencrl=0;
int dorevoke=0;
+ int doupdatedb=0;
long crldays=0;
long crlhours=0;
long errorline= -1;
@@ -233,41 +288,53 @@ int MAIN(int argc, char **argv)
char *policy=NULL;
char *keyfile=NULL;
char *certfile=NULL;
+ int keyform=FORMAT_PEM;
char *infile=NULL;
char *spkac_file=NULL;
char *ss_cert_file=NULL;
+ char *ser_status=NULL;
EVP_PKEY *pkey=NULL;
int output_der = 0;
char *outfile=NULL;
char *outdir=NULL;
char *serialfile=NULL;
char *extensions=NULL;
+ char *extfile=NULL;
+ char *subj=NULL;
+ char *tmp_email_dn=NULL;
char *crl_ext=NULL;
+ int rev_type = REV_NONE;
+ char *rev_arg = NULL;
BIGNUM *serial=NULL;
char *startdate=NULL;
char *enddate=NULL;
- int days=0;
+ long days=0;
int batch=0;
int notext=0;
+ unsigned long nameopt = 0, certopt = 0;
+ int default_op = 1;
+ int ext_copy = EXT_COPY_NONE;
X509 *x509=NULL;
X509 *x=NULL;
BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL;
char *dbfile=NULL;
TXT_DB *db=NULL;
X509_CRL *crl=NULL;
- X509_CRL_INFO *ci=NULL;
X509_REVOKED *r=NULL;
+ ASN1_TIME *tmptm;
+ ASN1_INTEGER *tmpser;
char **pp,*p,*f;
int i,j;
long l;
const EVP_MD *dgst=NULL;
STACK_OF(CONF_VALUE) *attribs=NULL;
STACK_OF(X509) *cert_sk=NULL;
- BIO *hex=NULL;
#undef BSIZE
#define BSIZE 256
MS_STATIC char buf[3][BSIZE];
char *randfile=NULL;
+ char *engine = NULL;
+ char *tofree=NULL;
#ifdef EFENCE
EF_PROTECT_FREE=1;
@@ -303,6 +370,12 @@ EF_ALIGNMENT=0;
if (--argc < 1) goto bad;
section= *(++argv);
}
+ else if (strcmp(*argv,"-subj") == 0)
+ {
+ if (--argc < 1) goto bad;
+ subj= *(++argv);
+ /* preserve=1; */
+ }
else if (strcmp(*argv,"-startdate") == 0)
{
if (--argc < 1) goto bad;
@@ -333,6 +406,11 @@ EF_ALIGNMENT=0;
if (--argc < 1) goto bad;
keyfile= *(++argv);
}
+ else if (strcmp(*argv,"-keyform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ keyform=str2fmt(*(++argv));
+ }
else if (strcmp(*argv,"-passin") == 0)
{
if (--argc < 1) goto bad;
@@ -370,6 +448,8 @@ EF_ALIGNMENT=0;
batch=1;
else if (strcmp(*argv,"-preserveDN") == 0)
preserve=1;
+ else if (strcmp(*argv,"-noemailDN") == 0)
+ email_dn=0;
else if (strcmp(*argv,"-gencrl") == 0)
gencrl=1;
else if (strcmp(*argv,"-msie_hack") == 0)
@@ -414,11 +494,54 @@ EF_ALIGNMENT=0;
if (--argc < 1) goto bad;
extensions= *(++argv);
}
+ else if (strcmp(*argv,"-extfile") == 0)
+ {
+ if (--argc < 1) goto bad;
+ extfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-status") == 0)
+ {
+ if (--argc < 1) goto bad;
+ ser_status= *(++argv);
+ }
+ else if (strcmp(*argv,"-updatedb") == 0)
+ {
+ doupdatedb=1;
+ }
else if (strcmp(*argv,"-crlexts") == 0)
{
if (--argc < 1) goto bad;
crl_ext= *(++argv);
}
+ else if (strcmp(*argv,"-crl_reason") == 0)
+ {
+ if (--argc < 1) goto bad;
+ rev_arg = *(++argv);
+ rev_type = REV_CRL_REASON;
+ }
+ else if (strcmp(*argv,"-crl_hold") == 0)
+ {
+ if (--argc < 1) goto bad;
+ rev_arg = *(++argv);
+ rev_type = REV_HOLD;
+ }
+ else if (strcmp(*argv,"-crl_compromise") == 0)
+ {
+ if (--argc < 1) goto bad;
+ rev_arg = *(++argv);
+ rev_type = REV_KEY_COMPROMISE;
+ }
+ else if (strcmp(*argv,"-crl_CA_compromise") == 0)
+ {
+ if (--argc < 1) goto bad;
+ rev_arg = *(++argv);
+ rev_type = REV_CA_COMPROMISE;
+ }
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
else
{
bad:
@@ -433,32 +556,37 @@ bad:
if (badops)
{
for (pp=ca_usage; (*pp != NULL); pp++)
- BIO_printf(bio_err,*pp);
+ BIO_printf(bio_err,"%s",*pp);
goto err;
}
ERR_load_crypto_strings();
+ e = setup_engine(bio_err, engine, 0);
+
/*****************************************************************/
+ tofree=NULL;
if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
if (configfile == NULL)
{
- /* We will just use 'buf[0]' as a temporary buffer. */
-#ifdef VMS
- strncpy(buf[0],X509_get_default_cert_area(),
- sizeof(buf[0])-1-sizeof(CONFIG_FILE));
+ const char *s=X509_get_default_cert_area();
+
+#ifdef OPENSSL_SYS_VMS
+ tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE));
+ strcpy(tofree,s);
#else
- strncpy(buf[0],X509_get_default_cert_area(),
- sizeof(buf[0])-2-sizeof(CONFIG_FILE));
- strcat(buf[0],"/");
+ tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE)+1);
+ strcpy(tofree,s);
+ strcat(tofree,"/");
#endif
- strcat(buf[0],CONFIG_FILE);
- configfile=buf[0];
+ strcat(tofree,CONFIG_FILE);
+ configfile=tofree;
}
BIO_printf(bio_err,"Using configuration from %s\n",configfile);
- if ((conf=CONF_load(NULL,configfile,&errorline)) == NULL)
+ conf = NCONF_new(NULL);
+ if (NCONF_load(conf,configfile,&errorline) <= 0)
{
if (errorline <= 0)
BIO_printf(bio_err,"error loading the config file '%s'\n",
@@ -468,11 +596,16 @@ bad:
,errorline,configfile);
goto err;
}
+ if(tofree)
+ OPENSSL_free(tofree);
+
+ if (!load_config(bio_err, conf))
+ goto err;
/* Lets get the config section we are using */
if (section == NULL)
{
- section=CONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA);
+ section=NCONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA);
if (section == NULL)
{
lookup_fail(BASE_SECTION,ENV_DEFAULT_CA);
@@ -482,7 +615,9 @@ bad:
if (conf != NULL)
{
- p=CONF_get_string(conf,NULL,"oid_file");
+ p=NCONF_get_string(conf,NULL,"oid_file");
+ if (p == NULL)
+ ERR_clear_error();
if (p != NULL)
{
BIO *oid_bio;
@@ -502,14 +637,16 @@ bad:
BIO_free(oid_bio);
}
}
- if(!add_oid_section(bio_err,conf))
+ if (!add_oid_section(bio_err,conf))
{
ERR_print_errors(bio_err);
goto err;
}
}
- randfile = CONF_get_string(conf, BASE_SECTION, "RANDFILE");
+ randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
+ if (randfile == NULL)
+ ERR_clear_error();
app_RAND_load_file(randfile, bio_err, 0);
in=BIO_new(BIO_s_file());
@@ -523,53 +660,71 @@ bad:
}
/*****************************************************************/
- /* we definitely need an public key, so lets get it */
+ /* report status of cert with serial number given on command line */
+ if (ser_status)
+ {
+ if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
+ {
+ lookup_fail(section,ENV_DATABASE);
+ goto err;
+ }
+ if (BIO_read_filename(in,dbfile) <= 0)
+ {
+ perror(dbfile);
+ BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
+ goto err;
+ }
+ db=TXT_DB_read(in,DB_NUMBER);
+ if (db == NULL) goto err;
+
+ if (!make_serial_index(db))
+ goto err;
+
+ if (get_certificate_status(ser_status,db) != 1)
+ BIO_printf(bio_err,"Error verifying serial %s!\n",
+ ser_status);
+ goto err;
+ }
+
+ /*****************************************************************/
+ /* we definitely need a public key, so let's get it */
- if ((keyfile == NULL) && ((keyfile=CONF_get_string(conf,
+ if ((keyfile == NULL) && ((keyfile=NCONF_get_string(conf,
section,ENV_PRIVATE_KEY)) == NULL))
{
lookup_fail(section,ENV_PRIVATE_KEY);
goto err;
}
- if(!key && !app_passwd(bio_err, passargin, NULL, &key, NULL))
+ if (!key)
{
- BIO_printf(bio_err,"Error getting password\n");
- goto err;
- }
- if (BIO_read_filename(in,keyfile) <= 0)
- {
- perror(keyfile);
- BIO_printf(bio_err,"trying to load CA private key\n");
- goto err;
+ free_key = 1;
+ if (!app_passwd(bio_err, passargin, NULL, &key, NULL))
+ {
+ BIO_printf(bio_err,"Error getting password\n");
+ goto err;
+ }
}
- pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key);
- if(key) memset(key,0,strlen(key));
+ pkey = load_key(bio_err, keyfile, keyform, 0, key, e,
+ "CA private key");
+ if (key) OPENSSL_cleanse(key,strlen(key));
if (pkey == NULL)
{
- BIO_printf(bio_err,"unable to load CA private key\n");
+ /* load_key() has already printed an appropriate message */
goto err;
}
/*****************************************************************/
/* we need a certificate */
- if ((certfile == NULL) && ((certfile=CONF_get_string(conf,
+ if ((certfile == NULL) && ((certfile=NCONF_get_string(conf,
section,ENV_CERTIFICATE)) == NULL))
{
lookup_fail(section,ENV_CERTIFICATE);
goto err;
}
- if (BIO_read_filename(in,certfile) <= 0)
- {
- perror(certfile);
- BIO_printf(bio_err,"trying to load CA certificate\n");
- goto err;
- }
- x509=PEM_read_bio_X509(in,NULL,NULL,NULL);
+ x509=load_cert(bio_err, certfile, FORMAT_PEM, NULL, e,
+ "CA certificate");
if (x509 == NULL)
- {
- BIO_printf(bio_err,"unable to load CA certificate\n");
goto err;
- }
if (!X509_check_private_key(x509,pkey))
{
@@ -577,26 +732,72 @@ bad:
goto err;
}
- f=CONF_get_string(conf,BASE_SECTION,ENV_PRESERVE);
+ f=NCONF_get_string(conf,BASE_SECTION,ENV_PRESERVE);
+ if (f == NULL)
+ ERR_clear_error();
if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
preserve=1;
- f=CONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK);
+ f=NCONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK);
+ if (f == NULL)
+ ERR_clear_error();
if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
msie_hack=1;
+ f=NCONF_get_string(conf,section,ENV_NAMEOPT);
+
+ if (f)
+ {
+ if (!set_name_ex(&nameopt, f))
+ {
+ BIO_printf(bio_err, "Invalid name options: \"%s\"\n", f);
+ goto err;
+ }
+ default_op = 0;
+ }
+ else
+ ERR_clear_error();
+
+ f=NCONF_get_string(conf,section,ENV_CERTOPT);
+
+ if (f)
+ {
+ if (!set_cert_ex(&certopt, f))
+ {
+ BIO_printf(bio_err, "Invalid certificate options: \"%s\"\n", f);
+ goto err;
+ }
+ default_op = 0;
+ }
+ else
+ ERR_clear_error();
+
+ f=NCONF_get_string(conf,section,ENV_EXTCOPY);
+
+ if (f)
+ {
+ if (!set_ext_copy(&ext_copy, f))
+ {
+ BIO_printf(bio_err, "Invalid extension copy option: \"%s\"\n", f);
+ goto err;
+ }
+ }
+ else
+ ERR_clear_error();
+
/*****************************************************************/
/* lookup where to write new certificates */
if ((outdir == NULL) && (req))
{
struct stat sb;
- if ((outdir=CONF_get_string(conf,section,ENV_NEW_CERTS_DIR))
+ if ((outdir=NCONF_get_string(conf,section,ENV_NEW_CERTS_DIR))
== NULL)
{
BIO_printf(bio_err,"there needs to be defined a directory for new certificate to be placed in\n");
goto err;
}
-#ifndef VMS /* outdir is a directory spec, but access() for VMS demands a
+#ifndef OPENSSL_SYS_VMS
+ /* outdir is a directory spec, but access() for VMS demands a
filename. In any case, stat(), below, will catch the problem
if outdir is not a directory spec, and the fopen() or open()
will catch an error if there is no write access.
@@ -605,7 +806,7 @@ bad:
C routines to convert the directory syntax to Unixly, and give
that to access(). However, time's too short to do that just
now.
- */
+ */
if (access(outdir,R_OK|W_OK|X_OK) != 0)
{
BIO_printf(bio_err,"I am unable to access the %s directory\n",outdir);
@@ -632,7 +833,7 @@ bad:
/*****************************************************************/
/* we need to load the database file */
- if ((dbfile=CONF_get_string(conf,section,ENV_DATABASE)) == NULL)
+ if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
{
lookup_fail(section,ENV_DATABASE);
goto err;
@@ -657,10 +858,9 @@ bad:
goto err;
}
if ((pp[DB_type][0] == DB_TYPE_REV) &&
- !check_time_format(pp[DB_rev_date]))
+ !make_revoked(NULL, pp[DB_rev_date]))
{
- BIO_printf(bio_err,"entry %d: invalid revocation date\n",
- i+1);
+ BIO_printf(bio_err," in entry %d\n", i+1);
goto err;
}
if (!check_time_format(pp[DB_exp_date]))
@@ -670,6 +870,11 @@ bad:
}
p=pp[DB_serial];
j=strlen(p);
+ if (*p == '-')
+ {
+ p++;
+ j--;
+ }
if ((j&1) || (j < 2))
{
BIO_printf(bio_err,"entry %d: bad serial number length (%d)\n",i+1,j);
@@ -690,7 +895,7 @@ bad:
if (verbose)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail */
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
@@ -702,15 +907,12 @@ bad:
BIO_printf(bio_err,"generating index\n");
}
- if (!TXT_DB_create_index(db,DB_serial,NULL,index_serial_hash,
- index_serial_cmp))
- {
- BIO_printf(bio_err,"error creating serial number index:(%ld,%ld,%ld)\n",db->error,db->arg1,db->arg2);
+ if (!make_serial_index(db))
goto err;
- }
- if (!TXT_DB_create_index(db,DB_name,index_name_qual,index_name_hash,
- index_name_cmp))
+ if (!TXT_DB_create_index(db, DB_name, index_name_qual,
+ LHASH_HASH_FN(index_name_hash),
+ LHASH_COMP_FN(index_name_cmp)))
{
BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
db->error,db->arg1,db->arg2);
@@ -718,11 +920,119 @@ bad:
}
/*****************************************************************/
+ /* Update the db file for expired certificates */
+ if (doupdatedb)
+ {
+ if (verbose)
+ BIO_printf(bio_err, "Updating %s ...\n",
+ dbfile);
+
+ i = do_updatedb(db);
+ if (i == -1)
+ {
+ BIO_printf(bio_err,"Malloc failure\n");
+ goto err;
+ }
+ else if (i == 0)
+ {
+ if (verbose) BIO_printf(bio_err,
+ "No entries found to mark expired\n");
+ }
+ else
+ {
+ out = BIO_new(BIO_s_file());
+ if (out == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s.new", dbfile);
+#else
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s-new", dbfile);
+#endif
+ if (j < 0 || j >= sizeof buf[0])
+ {
+ BIO_printf(bio_err, "file name too long\n");
+ goto err;
+ }
+ if (BIO_write_filename(out,buf[0]) <= 0)
+ {
+ perror(dbfile);
+ BIO_printf(bio_err,"unable to open '%s'\n",
+ dbfile);
+ goto err;
+ }
+ j=TXT_DB_write(out,db);
+ if (j <= 0) goto err;
+
+ BIO_free(out);
+ out = NULL;
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[1], sizeof buf[1], "%s.old", dbfile);
+#else
+ j = BIO_snprintf(buf[1], sizeof buf[1], "%s-old", dbfile);
+#endif
+ if (j < 0 || j >= sizeof buf[1])
+ {
+ BIO_printf(bio_err, "file name too long\n");
+ goto err;
+ }
+ if (rename(dbfile,buf[1]) < 0)
+ {
+ BIO_printf(bio_err,
+ "unable to rename %s to %s\n",
+ dbfile, buf[1]);
+ perror("reason");
+ goto err;
+ }
+ if (rename(buf[0],dbfile) < 0)
+ {
+ BIO_printf(bio_err,
+ "unable to rename %s to %s\n",
+ buf[0],dbfile);
+ perror("reason");
+ rename(buf[1],dbfile);
+ goto err;
+ }
+
+ if (verbose) BIO_printf(bio_err,
+ "Done. %d entries marked as expired\n",i);
+ }
+ goto err;
+ }
+
+ /*****************************************************************/
+ /* Read extentions config file */
+ if (extfile)
+ {
+ extconf = NCONF_new(NULL);
+ if (NCONF_load(extconf,extfile,&errorline) <= 0)
+ {
+ if (errorline <= 0)
+ BIO_printf(bio_err, "ERROR: loading the config file '%s'\n",
+ extfile);
+ else
+ BIO_printf(bio_err, "ERROR: on line %ld of config file '%s'\n",
+ errorline,extfile);
+ ret = 1;
+ goto err;
+ }
+
+ if (verbose)
+ BIO_printf(bio_err, "Successfully loaded extensions file %s\n", extfile);
+
+ /* We can have sections in the ext file */
+ if (!extensions && !(extensions = NCONF_get_string(extconf, "default", "extensions")))
+ extensions = "default";
+ }
+
+ /*****************************************************************/
if (req || gencrl)
{
if (outfile != NULL)
{
-
if (BIO_write_filename(Sout,outfile) <= 0)
{
perror(outfile);
@@ -732,7 +1042,7 @@ bad:
else
{
BIO_set_fp(Sout,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
Sout = BIO_push(tmpbio, Sout);
@@ -743,12 +1053,18 @@ bad:
if (req)
{
- if ((md == NULL) && ((md=CONF_get_string(conf,
+ if ((md == NULL) && ((md=NCONF_get_string(conf,
section,ENV_DEFAULT_MD)) == NULL))
{
lookup_fail(section,ENV_DEFAULT_MD);
goto err;
}
+ if ((email_dn == 1) && ((tmp_email_dn=NCONF_get_string(conf,
+ section,ENV_DEFAULT_EMAIL_DN)) != NULL ))
+ {
+ if(strcmp(tmp_email_dn,"no") == 0)
+ email_dn=0;
+ }
if ((dgst=EVP_get_digestbyname(md)) == NULL)
{
BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
@@ -757,7 +1073,7 @@ bad:
if (verbose)
BIO_printf(bio_err,"message digest is %s\n",
OBJ_nid2ln(dgst->type));
- if ((policy == NULL) && ((policy=CONF_get_string(conf,
+ if ((policy == NULL) && ((policy=NCONF_get_string(conf,
section,ENV_POLICY)) == NULL))
{
lookup_fail(section,ENV_POLICY);
@@ -766,32 +1082,48 @@ bad:
if (verbose)
BIO_printf(bio_err,"policy is %s\n",policy);
- if ((serialfile=CONF_get_string(conf,section,ENV_SERIAL))
+ if ((serialfile=NCONF_get_string(conf,section,ENV_SERIAL))
== NULL)
{
lookup_fail(section,ENV_SERIAL);
goto err;
}
- if(!extensions)
- extensions=CONF_get_string(conf,section,ENV_EXTENSIONS);
- if(extensions) {
- /* Check syntax of file */
- X509V3_CTX ctx;
- X509V3_set_ctx_test(&ctx);
- X509V3_set_conf_lhash(&ctx, conf);
- if(!X509V3_EXT_add_conf(conf, &ctx, extensions, NULL)) {
- BIO_printf(bio_err,
- "Error Loading extension section %s\n",
+
+ if (!extconf)
+ {
+ /* no '-extfile' option, so we look for extensions
+ * in the main configuration file */
+ if (!extensions)
+ {
+ extensions=NCONF_get_string(conf,section,
+ ENV_EXTENSIONS);
+ if (!extensions)
+ ERR_clear_error();
+ }
+ if (extensions)
+ {
+ /* Check syntax of file */
+ X509V3_CTX ctx;
+ X509V3_set_ctx_test(&ctx);
+ X509V3_set_nconf(&ctx, conf);
+ if (!X509V3_EXT_add_nconf(conf, &ctx, extensions,
+ NULL))
+ {
+ BIO_printf(bio_err,
+ "Error Loading extension section %s\n",
extensions);
- ret = 1;
- goto err;
+ ret = 1;
+ goto err;
+ }
+ }
}
- }
if (startdate == NULL)
{
- startdate=CONF_get_string(conf,section,
+ startdate=NCONF_get_string(conf,section,
ENV_DEFAULT_STARTDATE);
+ if (startdate == NULL)
+ ERR_clear_error();
}
if (startdate && !ASN1_UTCTIME_set_string(NULL,startdate))
{
@@ -802,8 +1134,10 @@ bad:
if (enddate == NULL)
{
- enddate=CONF_get_string(conf,section,
+ enddate=NCONF_get_string(conf,section,
ENV_DEFAULT_ENDDATE);
+ if (enddate == NULL)
+ ERR_clear_error();
}
if (enddate && !ASN1_UTCTIME_set_string(NULL,enddate))
{
@@ -813,8 +1147,8 @@ bad:
if (days == 0)
{
- days=(int)CONF_get_number(conf,section,
- ENV_DEFAULT_DAYS);
+ if(!NCONF_get_number(conf,section, ENV_DEFAULT_DAYS, &days))
+ days = 0;
}
if (!enddate && (days == 0))
{
@@ -829,12 +1163,17 @@ bad:
}
if (verbose)
{
- if ((f=BN_bn2hex(serial)) == NULL) goto err;
- BIO_printf(bio_err,"next serial number is %s\n",f);
- OPENSSL_free(f);
+ if (BN_is_zero(serial))
+ BIO_printf(bio_err,"next serial number is 00\n");
+ else
+ {
+ if ((f=BN_bn2hex(serial)) == NULL) goto err;
+ BIO_printf(bio_err,"next serial number is %s\n",f);
+ OPENSSL_free(f);
+ }
}
- if ((attribs=CONF_get_section(conf,policy)) == NULL)
+ if ((attribs=NCONF_get_section(conf,policy)) == NULL)
{
BIO_printf(bio_err,"unable to find 'section' for %s\n",policy);
goto err;
@@ -849,8 +1188,8 @@ bad:
{
total++;
j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db,
- serial,startdate,enddate, days,extensions,conf,
- verbose);
+ serial,subj,email_dn,startdate,enddate,days,extensions,
+ conf,verbose,certopt,nameopt,default_op,ext_copy);
if (j < 0) goto err;
if (j > 0)
{
@@ -873,8 +1212,9 @@ bad:
{
total++;
j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,attribs,
- db,serial,startdate,enddate,days,batch,
- extensions,conf,verbose);
+ db,serial,subj,email_dn,startdate,enddate,days,batch,
+ extensions,conf,verbose, certopt, nameopt,
+ default_op, ext_copy, e);
if (j < 0) goto err;
if (j > 0)
{
@@ -892,8 +1232,9 @@ bad:
{
total++;
j=certify(&x,infile,pkey,x509,dgst,attribs,db,
- serial,startdate,enddate,days,batch,
- extensions,conf,verbose);
+ serial,subj,email_dn,startdate,enddate,days,batch,
+ extensions,conf,verbose, certopt, nameopt,
+ default_op, ext_copy);
if (j < 0) goto err;
if (j > 0)
{
@@ -911,8 +1252,9 @@ bad:
{
total++;
j=certify(&x,argv[i],pkey,x509,dgst,attribs,db,
- serial,startdate,enddate,days,batch,
- extensions,conf,verbose);
+ serial,subj,email_dn,startdate,enddate,days,batch,
+ extensions,conf,verbose, certopt, nameopt,
+ default_op, ext_copy);
if (j < 0) goto err;
if (j > 0)
{
@@ -948,9 +1290,15 @@ bad:
BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk));
- strncpy(buf[0],serialfile,BSIZE-4);
+ if(strlen(serialfile) > BSIZE-5 || strlen(dbfile) > BSIZE-5)
+ {
+ BIO_printf(bio_err,"file name too long\n");
+ goto err;
+ }
+
+ strcpy(buf[0],serialfile);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
strcat(buf[0],"-new");
#else
strcat(buf[0],".new");
@@ -958,9 +1306,9 @@ bad:
if (!save_serial(buf[0],serial)) goto err;
- strncpy(buf[1],dbfile,BSIZE-4);
+ strcpy(buf[1],dbfile);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
strcat(buf[1],"-new");
#else
strcat(buf[1],".new");
@@ -988,9 +1336,15 @@ bad:
j=x->cert_info->serialNumber->length;
p=(char *)x->cert_info->serialNumber->data;
- strncpy(buf[2],outdir,BSIZE-(j*2)-6);
+ if(strlen(outdir) >= (size_t)(j ? BSIZE-j*2-6 : BSIZE-8))
+ {
+ BIO_printf(bio_err,"certificate file name too long\n");
+ goto err;
+ }
+
+ strcpy(buf[2],outdir);
-#ifndef VMS
+#ifndef OPENSSL_SYS_VMS
strcat(buf[2],"/");
#endif
@@ -1026,8 +1380,9 @@ bad:
{
/* Rename the database and the serial file */
strncpy(buf[2],serialfile,BSIZE-4);
+ buf[2][BSIZE-4]='\0';
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
strcat(buf[2],"-old");
#else
strcat(buf[2],".old");
@@ -1054,8 +1409,9 @@ bad:
}
strncpy(buf[2],dbfile,BSIZE-4);
+ buf[2][BSIZE-4]='\0';
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
strcat(buf[2],"-old");
#else
strcat(buf[2],".old");
@@ -1083,28 +1439,37 @@ bad:
/*****************************************************************/
if (gencrl)
{
- if(!crl_ext) crl_ext=CONF_get_string(conf,section,ENV_CRLEXT);
- if(crl_ext) {
+ int crl_v2 = 0;
+ if (!crl_ext)
+ {
+ crl_ext=NCONF_get_string(conf,section,ENV_CRLEXT);
+ if (!crl_ext)
+ ERR_clear_error();
+ }
+ if (crl_ext)
+ {
/* Check syntax of file */
X509V3_CTX ctx;
X509V3_set_ctx_test(&ctx);
- X509V3_set_conf_lhash(&ctx, conf);
- if(!X509V3_EXT_add_conf(conf, &ctx, crl_ext, NULL)) {
+ X509V3_set_nconf(&ctx, conf);
+ if (!X509V3_EXT_add_nconf(conf, &ctx, crl_ext, NULL))
+ {
BIO_printf(bio_err,
"Error Loading CRL extension section %s\n",
crl_ext);
ret = 1;
goto err;
+ }
}
- }
- if ((hex=BIO_new(BIO_s_mem())) == NULL) goto err;
if (!crldays && !crlhours)
{
- crldays=CONF_get_number(conf,section,
- ENV_DEFAULT_CRL_DAYS);
- crlhours=CONF_get_number(conf,section,
- ENV_DEFAULT_CRL_HOURS);
+ if (!NCONF_get_number(conf,section,
+ ENV_DEFAULT_CRL_DAYS, &crldays))
+ crldays = 0;
+ if (!NCONF_get_number(conf,section,
+ ENV_DEFAULT_CRL_HOURS, &crlhours))
+ crlhours = 0;
}
if ((crldays == 0) && (crlhours == 0))
{
@@ -1114,15 +1479,16 @@ bad:
if (verbose) BIO_printf(bio_err,"making CRL\n");
if ((crl=X509_CRL_new()) == NULL) goto err;
- ci=crl->crl;
- X509_NAME_free(ci->issuer);
- ci->issuer=X509_NAME_dup(x509->cert_info->subject);
- if (ci->issuer == NULL) goto err;
+ if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509))) goto err;
+
+ tmptm = ASN1_TIME_new();
+ if (!tmptm) goto err;
+ X509_gmtime_adj(tmptm,0);
+ X509_CRL_set_lastUpdate(crl, tmptm);
+ X509_gmtime_adj(tmptm,(crldays*24+crlhours)*60*60);
+ X509_CRL_set_nextUpdate(crl, tmptm);
- X509_gmtime_adj(ci->lastUpdate,0);
- if (ci->nextUpdate == NULL)
- ci->nextUpdate=ASN1_UTCTIME_new();
- X509_gmtime_adj(ci->nextUpdate,(crldays*24+crlhours)*60*60);
+ ASN1_TIME_free(tmptm);
for (i=0; i<sk_num(db->data); i++)
{
@@ -1130,29 +1496,25 @@ bad:
if (pp[DB_type][0] == DB_TYPE_REV)
{
if ((r=X509_REVOKED_new()) == NULL) goto err;
- ASN1_STRING_set((ASN1_STRING *)
- r->revocationDate,
- (unsigned char *)pp[DB_rev_date],
- strlen(pp[DB_rev_date]));
- /* strcpy(r->revocationDate,pp[DB_rev_date]);*/
-
- (void)BIO_reset(hex);
- if (!BIO_puts(hex,pp[DB_serial]))
+ j = make_revoked(r, pp[DB_rev_date]);
+ if (!j) goto err;
+ if (j == 2) crl_v2 = 1;
+ if (!BN_hex2bn(&serial, pp[DB_serial]))
goto err;
- if (!a2i_ASN1_INTEGER(hex,r->serialNumber,
- buf[0],BSIZE)) goto err;
-
- sk_X509_REVOKED_push(ci->revoked,r);
+ tmpser = BN_to_ASN1_INTEGER(serial, NULL);
+ BN_free(serial);
+ serial = NULL;
+ if (!tmpser)
+ goto err;
+ X509_REVOKED_set_serialNumber(r, tmpser);
+ ASN1_INTEGER_free(tmpser);
+ X509_CRL_add0_revoked(crl,r);
}
}
+
/* sort the data so it will be written in serial
* number order */
- sk_X509_REVOKED_sort(ci->revoked);
- for (i=0; i<sk_X509_REVOKED_num(ci->revoked); i++)
- {
- r=sk_X509_REVOKED_value(ci->revoked,i);
- r->sequence=i;
- }
+ X509_CRL_sort(crl);
/* we now have a CRL */
if (verbose) BIO_printf(bio_err,"signing CRL\n");
@@ -1165,28 +1527,31 @@ bad:
}
}
else
- {
-#ifndef NO_DSA
- if (pkey->type == EVP_PKEY_DSA)
- dgst=EVP_dss1();
- else
+ {
+#ifndef OPENSSL_NO_DSA
+ if (pkey->type == EVP_PKEY_DSA)
+ dgst=EVP_dss1();
+ else
#endif
- dgst=EVP_md5();
- }
+ dgst=EVP_md5();
+ }
/* Add any extensions asked for */
- if(crl_ext) {
- X509V3_CTX crlctx;
- if (ci->version == NULL)
- if ((ci->version=ASN1_INTEGER_new()) == NULL) goto err;
- ASN1_INTEGER_set(ci->version,1); /* version 2 CRL */
- X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
- X509V3_set_conf_lhash(&crlctx, conf);
+ if (crl_ext)
+ {
+ X509V3_CTX crlctx;
+ X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
+ X509V3_set_nconf(&crlctx, conf);
- if(!X509V3_EXT_CRL_add_conf(conf, &crlctx,
- crl_ext, crl)) goto err;
- }
+ if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
+ crl_ext, crl)) goto err;
+ }
+ if (crl_ext || crl_v2)
+ {
+ if (!X509_CRL_set_version(crl, 1))
+ goto err; /* version 2 CRL */
+ }
if (!X509_CRL_sign(crl,pkey,dgst)) goto err;
@@ -1203,24 +1568,22 @@ bad:
else
{
X509 *revcert;
- if (BIO_read_filename(in,infile) <= 0)
- {
- perror(infile);
- BIO_printf(bio_err,"error trying to load '%s' certificate\n",infile);
- goto err;
- }
- revcert=PEM_read_bio_X509(in,NULL,NULL,NULL);
+ revcert=load_cert(bio_err, infile, FORMAT_PEM,
+ NULL, e, infile);
if (revcert == NULL)
- {
- BIO_printf(bio_err,"unable to load '%s' certificate\n",infile);
goto err;
- }
- j=do_revoke(revcert,db);
+ j=do_revoke(revcert,db, rev_type, rev_arg);
if (j <= 0) goto err;
X509_free(revcert);
- strncpy(buf[0],dbfile,BSIZE-4);
-#ifndef VMS
+ if(strlen(dbfile) > BSIZE-5)
+ {
+ BIO_printf(bio_err,"filename too long\n");
+ goto err;
+ }
+
+ strcpy(buf[0],dbfile);
+#ifndef OPENSSL_SYS_VMS
strcat(buf[0],".new");
#else
strcat(buf[0],"-new");
@@ -1233,8 +1596,13 @@ bad:
}
j=TXT_DB_write(out,db);
if (j <= 0) goto err;
+ BIO_free_all(out);
+ out = NULL;
+ BIO_free_all(in);
+ in = NULL;
strncpy(buf[1],dbfile,BSIZE-4);
-#ifndef VMS
+ buf[1][BSIZE-4]='\0';
+#ifndef OPENSSL_SYS_VMS
strcat(buf[1],".old");
#else
strcat(buf[1],"-old");
@@ -1258,24 +1626,28 @@ bad:
/*****************************************************************/
ret=0;
err:
- BIO_free(hex);
+ if(tofree)
+ OPENSSL_free(tofree);
BIO_free_all(Cout);
BIO_free_all(Sout);
BIO_free_all(out);
- BIO_free(in);
+ BIO_free_all(in);
sk_X509_pop_free(cert_sk,X509_free);
if (ret) ERR_print_errors(bio_err);
app_RAND_write_file(randfile, bio_err);
+ if (free_key)
+ OPENSSL_free(key);
BN_free(serial);
TXT_DB_free(db);
EVP_PKEY_free(pkey);
X509_free(x509);
X509_CRL_free(crl);
- CONF_free(conf);
+ NCONF_free(conf);
OBJ_cleanup();
- EXIT(ret);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
}
static void lookup_fail(char *name, char *tag)
@@ -1283,31 +1655,31 @@ static void lookup_fail(char *name, char *tag)
BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
}
-static unsigned long index_serial_hash(char **a)
+static unsigned long index_serial_hash(const char **a)
{
- char *n;
+ const char *n;
n=a[DB_serial];
while (*n == '0') n++;
return(lh_strhash(n));
}
-static int index_serial_cmp(char **a, char **b)
+static int index_serial_cmp(const char **a, const char **b)
{
- char *aa,*bb;
+ const char *aa,*bb;
for (aa=a[DB_serial]; *aa == '0'; aa++);
for (bb=b[DB_serial]; *bb == '0'; bb++);
return(strcmp(aa,bb));
}
-static unsigned long index_name_hash(char **a)
+static unsigned long index_name_hash(const char **a)
{ return(lh_strhash(a[DB_name])); }
static int index_name_qual(char **a)
{ return(a[0][0] == 'V'); }
-static int index_name_cmp(char **a, char **b)
+static int index_name_cmp(const char **a, const char **b)
{ return(strcmp(a[DB_name],
b[DB_name])); }
@@ -1340,7 +1712,7 @@ static BIGNUM *load_serial(char *serialfile)
ret=ASN1_INTEGER_to_BN(ai,NULL);
if (ret == NULL)
{
- BIO_printf(bio_err,"error converting number from bin to BIGNUM");
+ BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");
goto err;
}
err:
@@ -1383,8 +1755,10 @@ err:
static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
- BIGNUM *serial, char *startdate, char *enddate, int days,
- int batch, char *ext_sect, LHASH *lconf, int verbose)
+ BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
+ long days, int batch, char *ext_sect, CONF *lconf, int verbose,
+ unsigned long certopt, unsigned long nameopt, int default_op,
+ int ext_copy)
{
X509_REQ *req=NULL;
BIO *in=NULL;
@@ -1431,8 +1805,9 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
else
BIO_printf(bio_err,"Signature ok\n");
- ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate, enddate,
- days,batch,verbose,req,ext_sect,lconf);
+ ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj, email_dn,
+ startdate,enddate,days,batch,verbose,req,ext_sect,lconf,
+ certopt, nameopt, default_op, ext_copy);
err:
if (req != NULL) X509_REQ_free(req);
@@ -1442,27 +1817,18 @@ err:
static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
- BIGNUM *serial, char *startdate, char *enddate, int days,
- int batch, char *ext_sect, LHASH *lconf, int verbose)
+ BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
+ long days, int batch, char *ext_sect, CONF *lconf, int verbose,
+ unsigned long certopt, unsigned long nameopt, int default_op,
+ int ext_copy, ENGINE *e)
{
X509 *req=NULL;
X509_REQ *rreq=NULL;
- BIO *in=NULL;
EVP_PKEY *pktmp=NULL;
int ok= -1,i;
- in=BIO_new(BIO_s_file());
-
- if (BIO_read_filename(in,infile) <= 0)
- {
- perror(infile);
- goto err;
- }
- if ((req=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL)
- {
- BIO_printf(bio_err,"Error reading self signed certificate in %s\n",infile);
+ if ((req=load_cert(bio_err, infile, FORMAT_PEM, NULL, e, infile)) == NULL)
goto err;
- }
if (verbose)
X509_print(bio_err,req);
@@ -1493,22 +1859,24 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL)
goto err;
- ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,enddate,days,
- batch,verbose,rreq,ext_sect,lconf);
+ ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,email_dn,startdate,enddate,
+ days,batch,verbose,rreq,ext_sect,lconf, certopt, nameopt, default_op,
+ ext_copy);
err:
if (rreq != NULL) X509_REQ_free(rreq);
if (req != NULL) X509_free(req);
- if (in != NULL) BIO_free(in);
return(ok);
}
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
- STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,
- char *startdate, char *enddate, int days, int batch, int verbose,
- X509_REQ *req, char *ext_sect, LHASH *lconf)
+ STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial, char *subj,
+ int email_dn, char *startdate, char *enddate, long days, int batch,
+ int verbose, X509_REQ *req, char *ext_sect, CONF *lconf,
+ unsigned long certopt, unsigned long nameopt, int default_op,
+ int ext_copy)
{
- X509_NAME *name=NULL,*CAname=NULL,*subject=NULL;
+ X509_NAME *name=NULL,*CAname=NULL,*subject=NULL, *dn_subject=NULL;
ASN1_UTCTIME *tm,*tmptm;
ASN1_STRING *str,*str2;
ASN1_OBJECT *obj;
@@ -1521,7 +1889,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
char *p;
CONF_VALUE *cv;
char *row[DB_NUMBER],**rrow,**irow=NULL;
- char buf[25],*pbuf;
+ char buf[25];
tmptm=ASN1_UTCTIME_new();
if (tmptm == NULL)
@@ -1533,20 +1901,29 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
for (i=0; i<DB_NUMBER; i++)
row[i]=NULL;
- BIO_printf(bio_err,"The Subjects Distinguished Name is as follows\n");
+ if (subj)
+ {
+ X509_NAME *n = do_subject(subj, MBSTRING_ASC);
+
+ if (!n)
+ {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+ X509_REQ_set_subject_name(req,n);
+ req->req_info->enc.modified = 1;
+ X509_NAME_free(n);
+ }
+
+ if (default_op)
+ BIO_printf(bio_err,"The Subject's Distinguished Name is as follows\n");
+
name=X509_REQ_get_subject_name(req);
for (i=0; i<X509_NAME_entry_count(name); i++)
{
- ne=(X509_NAME_ENTRY *)X509_NAME_get_entry(name,i);
- obj=X509_NAME_ENTRY_get_object(ne);
- j=i2a_ASN1_OBJECT(bio_err,obj);
+ ne= X509_NAME_get_entry(name,i);
str=X509_NAME_ENTRY_get_data(ne);
- pbuf=buf;
- for (j=22-j; j>0; j--)
- *(pbuf++)=' ';
- *(pbuf++)=':';
- *(pbuf++)='\0';
- BIO_puts(bio_err,buf);
+ obj=X509_NAME_ENTRY_get_object(ne);
if (msie_hack)
{
@@ -1565,16 +1942,9 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
str->type=V_ASN1_IA5STRING;
}
- if (str->type == V_ASN1_PRINTABLESTRING)
- BIO_printf(bio_err,"PRINTABLE:'");
- else if (str->type == V_ASN1_T61STRING)
- BIO_printf(bio_err,"T61STRING:'");
- else if (str->type == V_ASN1_IA5STRING)
- BIO_printf(bio_err,"IA5STRING:'");
- else if (str->type == V_ASN1_UNIVERSALSTRING)
- BIO_printf(bio_err,"UNIVERSALSTRING:'");
- else
- BIO_printf(bio_err,"ASN.1 %2d:'",str->type);
+ /* If no EMAIL is wanted in the subject */
+ if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) && (!email_dn))
+ continue;
/* check some things */
if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) &&
@@ -1583,29 +1953,21 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
BIO_printf(bio_err,"\nemailAddress type needs to be of type IA5STRING\n");
goto err;
}
- j=ASN1_PRINTABLE_type(str->data,str->length);
- if ( ((j == V_ASN1_T61STRING) &&
- (str->type != V_ASN1_T61STRING)) ||
- ((j == V_ASN1_IA5STRING) &&
- (str->type == V_ASN1_PRINTABLESTRING)))
+ if ((str->type != V_ASN1_BMPSTRING) && (str->type != V_ASN1_UTF8STRING))
{
- BIO_printf(bio_err,"\nThe string contains characters that are illegal for the ASN.1 type\n");
- goto err;
- }
-
- p=(char *)str->data;
- for (j=str->length; j>0; j--)
- {
- if ((*p >= ' ') && (*p <= '~'))
- BIO_printf(bio_err,"%c",*p);
- else if (*p & 0x80)
- BIO_printf(bio_err,"\\0x%02X",*p);
- else if ((unsigned char)*p == 0xf7)
- BIO_printf(bio_err,"^?");
- else BIO_printf(bio_err,"^%c",*p+'@');
- p++;
+ j=ASN1_PRINTABLE_type(str->data,str->length);
+ if ( ((j == V_ASN1_T61STRING) &&
+ (str->type != V_ASN1_T61STRING)) ||
+ ((j == V_ASN1_IA5STRING) &&
+ (str->type == V_ASN1_PRINTABLESTRING)))
+ {
+ BIO_printf(bio_err,"\nThe string contains characters that are illegal for the ASN.1 type\n");
+ goto err;
+ }
}
- BIO_printf(bio_err,"'\n");
+
+ if (default_op)
+ old_entry_print(bio_err, obj, str);
}
/* Ok, now we check the 'policy' stuff. */
@@ -1720,16 +2082,44 @@ again2:
if (preserve)
{
X509_NAME_free(subject);
- subject=X509_NAME_dup(X509_REQ_get_subject_name(req));
+ /* subject=X509_NAME_dup(X509_REQ_get_subject_name(req)); */
+ subject=X509_NAME_dup(name);
if (subject == NULL) goto err;
}
if (verbose)
BIO_printf(bio_err,"The subject name appears to be ok, checking data base for clashes\n");
- row[DB_name]=X509_NAME_oneline(subject,NULL,0);
- row[DB_serial]=BN_bn2hex(serial);
- if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
+ /* Build the correct Subject if no e-mail is wanted in the subject */
+ /* and add it later on because of the method extensions are added (altName) */
+
+ if (email_dn)
+ dn_subject = subject;
+ else
+ {
+ X509_NAME_ENTRY *tmpne;
+ /* Its best to dup the subject DN and then delete any email
+ * addresses because this retains its structure.
+ */
+ if (!(dn_subject = X509_NAME_dup(subject)))
+ {
+ BIO_printf(bio_err,"Memory allocation failure\n");
+ goto err;
+ }
+ while((i = X509_NAME_get_index_by_NID(dn_subject,
+ NID_pkcs9_emailAddress, -1)) >= 0)
+ {
+ tmpne = X509_NAME_get_entry(dn_subject, i);
+ X509_NAME_delete_entry(dn_subject, i);
+ X509_NAME_ENTRY_free(tmpne);
+ }
+ }
+
+ if (BN_is_zero(serial))
+ row[DB_serial]=BUF_strdup("00");
+ else
+ row[DB_serial]=BN_bn2hex(serial);
+ if (row[DB_serial] == NULL)
{
BIO_printf(bio_err,"Memory allocation failure\n");
goto err;
@@ -1799,7 +2189,6 @@ again2:
if (!X509_set_issuer_name(ret,X509_get_subject_name(x509)))
goto err;
- BIO_printf(bio_err,"Certificate is to be certified until ");
if (strcmp(startdate,"today") == 0)
X509_gmtime_adj(X509_get_notBefore(ret),0);
else ASN1_UTCTIME_set_string(X509_get_notBefore(ret),startdate);
@@ -1808,10 +2197,6 @@ again2:
X509_gmtime_adj(X509_get_notAfter(ret),(long)60*60*24*days);
else ASN1_UTCTIME_set_string(X509_get_notAfter(ret),enddate);
- ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret));
- if(days) BIO_printf(bio_err," (%d days)",days);
- BIO_printf(bio_err, "\n");
-
if (!X509_set_subject_name(ret,subject)) goto err;
pktmp=X509_REQ_get_pubkey(req);
@@ -1836,16 +2221,80 @@ again2:
ci->extensions = NULL;
+ /* Initialize the context structure */
X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0);
- X509V3_set_conf_lhash(&ctx, lconf);
- if(!X509V3_EXT_add_conf(lconf, &ctx, ext_sect, ret)) goto err;
+ if (extconf)
+ {
+ if (verbose)
+ BIO_printf(bio_err, "Extra configuration file found\n");
+
+ /* Use the extconf configuration db LHASH */
+ X509V3_set_nconf(&ctx, extconf);
+
+ /* Test the structure (needed?) */
+ /* X509V3_set_ctx_test(&ctx); */
+
+ /* Adds exts contained in the configuration file */
+ if (!X509V3_EXT_add_nconf(extconf, &ctx, ext_sect,ret))
+ {
+ BIO_printf(bio_err,
+ "ERROR: adding extensions in section %s\n",
+ ext_sect);
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+ if (verbose)
+ BIO_printf(bio_err, "Successfully added extensions from file.\n");
+ }
+ else if (ext_sect)
+ {
+ /* We found extensions to be set from config file */
+ X509V3_set_nconf(&ctx, lconf);
+
+ if(!X509V3_EXT_add_nconf(lconf, &ctx, ext_sect, ret))
+ {
+ BIO_printf(bio_err, "ERROR: adding extensions in section %s\n", ext_sect);
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ if (verbose)
+ BIO_printf(bio_err, "Successfully added extensions from config\n");
+ }
+ }
+
+ /* Copy extensions from request (if any) */
+ if (!copy_extensions(ret, req, ext_copy))
+ {
+ BIO_printf(bio_err, "ERROR: adding extensions from request\n");
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ /* Set the right value for the noemailDN option */
+ if( email_dn == 0 )
+ {
+ if (!X509_set_subject_name(ret,dn_subject)) goto err;
+ }
+
+ if (!default_op)
+ {
+ BIO_printf(bio_err, "Certificate Details:\n");
+ /* Never print signature details because signature not present */
+ certopt |= X509_FLAG_NO_SIGDUMP | X509_FLAG_NO_SIGNAME;
+ X509_print_ex(bio_err, ret, nameopt, certopt);
}
+ BIO_printf(bio_err,"Certificate is to be certified until ");
+ ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret));
+ if (days) BIO_printf(bio_err," (%d days)",days);
+ BIO_printf(bio_err, "\n");
if (!batch)
{
+
BIO_printf(bio_err,"Sign the certificate? [y/n]:");
(void)BIO_flush(bio_err);
buf[0]='\0';
@@ -1859,7 +2308,7 @@ again2:
}
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
if (pkey->type == EVP_PKEY_DSA) dgst=EVP_dss1();
pktmp=X509_get_pubkey(ret);
if (EVP_PKEY_missing_parameters(pktmp) &&
@@ -1883,10 +2332,10 @@ again2:
/* row[DB_serial] done already */
row[DB_file]=(char *)OPENSSL_malloc(8);
- /* row[DB_name] done already */
+ row[DB_name]=X509_NAME_oneline(X509_get_subject_name(ret),NULL,0);
if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
- (row[DB_file] == NULL))
+ (row[DB_file] == NULL) || (row[DB_name] == NULL))
{
BIO_printf(bio_err,"Memory allocation failure\n");
goto err;
@@ -1923,6 +2372,8 @@ err:
X509_NAME_free(CAname);
if (subject != NULL)
X509_NAME_free(subject);
+ if ((dn_subject != NULL) && !email_dn)
+ X509_NAME_free(dn_subject);
if (tmptm != NULL)
ASN1_UTCTIME_free(tmptm);
if (ok <= 0)
@@ -1955,14 +2406,15 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
i2a_ASN1_INTEGER(bp,x->cert_info->serialNumber);
BIO_puts(bp,"\n\n");
#endif
- if(!notext)X509_print(bp,x);
+ if (!notext)X509_print(bp,x);
PEM_write_bio_X509(bp,x);
}
static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
- BIGNUM *serial, char *startdate, char *enddate, int days,
- char *ext_sect, LHASH *lconf, int verbose)
+ BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
+ long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt,
+ unsigned long nameopt, int default_op, int ext_copy)
{
STACK_OF(CONF_VALUE) *sk=NULL;
LHASH *parms=NULL;
@@ -2028,12 +2480,13 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
/* Skip past any leading X. X: X, etc to allow for
* multiple instances
*/
- for(buf = cv->name; *buf ; buf++)
- if ((*buf == ':') || (*buf == ',') || (*buf == '.')) {
- buf++;
- if(*buf) type = buf;
- break;
- }
+ for (buf = cv->name; *buf ; buf++)
+ if ((*buf == ':') || (*buf == ',') || (*buf == '.'))
+ {
+ buf++;
+ if (*buf) type = buf;
+ break;
+ }
buf=cv->value;
if ((nid=OBJ_txt2nid(type)) == NID_undef)
@@ -2051,6 +2504,11 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
continue;
}
+ /*
+ if ((nid == NID_pkcs9_emailAddress) && (email_dn == 0))
+ continue;
+ */
+
j=ASN1_PRINTABLE_type((unsigned char *)buf,-1);
if (fix_data(nid, &j) == 0)
{
@@ -2095,8 +2553,9 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
X509_REQ_set_pubkey(req,pktmp);
EVP_PKEY_free(pktmp);
- ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,enddate,
- days,1,verbose,req,ext_sect,lconf);
+ ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,email_dn,startdate,enddate,
+ days,1,verbose,req,ext_sect,lconf, certopt, nameopt, default_op,
+ ext_copy);
err:
if (req != NULL) X509_REQ_free(req);
if (parms != NULL) CONF_free(parms);
@@ -2131,10 +2590,11 @@ static int check_time_format(char *str)
return(ASN1_UTCTIME_check(&tm));
}
-static int do_revoke(X509 *x509, TXT_DB *db)
-{
- ASN1_UTCTIME *tm=NULL, *revtm=NULL;
+static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value)
+ {
+ ASN1_UTCTIME *tm=NULL;
char *row[DB_NUMBER],**rrow,**irow;
+ char *rev_str = NULL;
BIGNUM *bn = NULL;
int ok=-1,i;
@@ -2142,7 +2602,10 @@ static int do_revoke(X509 *x509, TXT_DB *db)
row[i]=NULL;
row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0);
bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL);
- row[DB_serial]=BN_bn2hex(bn);
+ if (BN_is_zero(bn))
+ row[DB_serial]=BUF_strdup("00");
+ else
+ row[DB_serial]=BN_bn2hex(bn);
BN_free(bn);
if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
{
@@ -2203,12 +2666,12 @@ static int do_revoke(X509 *x509, TXT_DB *db)
}
/* Revoke Certificate */
- ok = do_revoke(x509,db);
+ ok = do_revoke(x509,db, type, value);
goto err;
}
- else if (index_name_cmp(row,rrow))
+ else if (index_name_cmp((const char **)row,(const char **)rrow))
{
BIO_printf(bio_err,"ERROR:name does not match %s\n",
row[DB_name]);
@@ -2223,14 +2686,15 @@ static int do_revoke(X509 *x509, TXT_DB *db)
else
{
BIO_printf(bio_err,"Revoking Certificate %s.\n", rrow[DB_serial]);
- revtm = ASN1_UTCTIME_new();
- revtm=X509_gmtime_adj(revtm,0);
+ rev_str = make_revocation_str(type, value);
+ if (!rev_str)
+ {
+ BIO_printf(bio_err, "Error in revocation arguments\n");
+ goto err;
+ }
rrow[DB_type][0]='R';
rrow[DB_type][1]='\0';
- rrow[DB_rev_date]=(char *)OPENSSL_malloc(revtm->length+1);
- memcpy(rrow[DB_rev_date],revtm->data,revtm->length);
- rrow[DB_rev_date][revtm->length]='\0';
- ASN1_UTCTIME_free(revtm);
+ rrow[DB_rev_date] = rev_str;
}
ok=1;
err:
@@ -2240,5 +2704,622 @@ err:
OPENSSL_free(row[i]);
}
return(ok);
+ }
+
+static int get_certificate_status(const char *serial, TXT_DB *db)
+ {
+ char *row[DB_NUMBER],**rrow;
+ int ok=-1,i;
+
+ /* Free Resources */
+ for (i=0; i<DB_NUMBER; i++)
+ row[i]=NULL;
+
+ /* Malloc needed char spaces */
+ row[DB_serial] = OPENSSL_malloc(strlen(serial) + 2);
+ if (row[DB_serial] == NULL)
+ {
+ BIO_printf(bio_err,"Malloc failure\n");
+ goto err;
+ }
+
+ if (strlen(serial) % 2)
+ {
+ /* Set the first char to 0 */;
+ row[DB_serial][0]='0';
+
+ /* Copy String from serial to row[DB_serial] */
+ memcpy(row[DB_serial]+1, serial, strlen(serial));
+ row[DB_serial][strlen(serial)+1]='\0';
+ }
+ else
+ {
+ /* Copy String from serial to row[DB_serial] */
+ memcpy(row[DB_serial], serial, strlen(serial));
+ row[DB_serial][strlen(serial)]='\0';
+ }
+
+ /* Make it Upper Case */
+ for (i=0; row[DB_serial][i] != '\0'; i++)
+ row[DB_serial][i] = toupper(row[DB_serial][i]);
+
+
+ ok=1;
+
+ /* Search for the certificate */
+ rrow=TXT_DB_get_by_index(db,DB_serial,row);
+ if (rrow == NULL)
+ {
+ BIO_printf(bio_err,"Serial %s not present in db.\n",
+ row[DB_serial]);
+ ok=-1;
+ goto err;
+ }
+ else if (rrow[DB_type][0]=='V')
+ {
+ BIO_printf(bio_err,"%s=Valid (%c)\n",
+ row[DB_serial], rrow[DB_type][0]);
+ goto err;
+ }
+ else if (rrow[DB_type][0]=='R')
+ {
+ BIO_printf(bio_err,"%s=Revoked (%c)\n",
+ row[DB_serial], rrow[DB_type][0]);
+ goto err;
+ }
+ else if (rrow[DB_type][0]=='E')
+ {
+ BIO_printf(bio_err,"%s=Expired (%c)\n",
+ row[DB_serial], rrow[DB_type][0]);
+ goto err;
+ }
+ else if (rrow[DB_type][0]=='S')
+ {
+ BIO_printf(bio_err,"%s=Suspended (%c)\n",
+ row[DB_serial], rrow[DB_type][0]);
+ goto err;
+ }
+ else
+ {
+ BIO_printf(bio_err,"%s=Unknown (%c).\n",
+ row[DB_serial], rrow[DB_type][0]);
+ ok=-1;
+ }
+err:
+ for (i=0; i<DB_NUMBER; i++)
+ {
+ if (row[i] != NULL)
+ OPENSSL_free(row[i]);
+ }
+ return(ok);
+ }
+
+static int do_updatedb (TXT_DB *db)
+ {
+ ASN1_UTCTIME *a_tm = NULL;
+ int i, cnt = 0;
+ int db_y2k, a_y2k; /* flags = 1 if y >= 2000 */
+ char **rrow, *a_tm_s;
+
+ a_tm = ASN1_UTCTIME_new();
+
+ /* get actual time and make a string */
+ a_tm = X509_gmtime_adj(a_tm, 0);
+ a_tm_s = (char *) OPENSSL_malloc(a_tm->length+1);
+ if (a_tm_s == NULL)
+ {
+ cnt = -1;
+ goto err;
+ }
+
+ memcpy(a_tm_s, a_tm->data, a_tm->length);
+ a_tm_s[a_tm->length] = '\0';
+
+ if (strncmp(a_tm_s, "49", 2) <= 0)
+ a_y2k = 1;
+ else
+ a_y2k = 0;
+
+ for (i = 0; i < sk_num(db->data); i++)
+ {
+ rrow = (char **) sk_value(db->data, i);
+
+ if (rrow[DB_type][0] == 'V')
+ {
+ /* ignore entries that are not valid */
+ if (strncmp(rrow[DB_exp_date], "49", 2) <= 0)
+ db_y2k = 1;
+ else
+ db_y2k = 0;
+
+ if (db_y2k == a_y2k)
+ {
+ /* all on the same y2k side */
+ if (strcmp(rrow[DB_exp_date], a_tm_s) <= 0)
+ {
+ rrow[DB_type][0] = 'E';
+ rrow[DB_type][1] = '\0';
+ cnt++;
+
+ BIO_printf(bio_err, "%s=Expired\n",
+ rrow[DB_serial]);
+ }
+ }
+ else if (db_y2k < a_y2k)
+ {
+ rrow[DB_type][0] = 'E';
+ rrow[DB_type][1] = '\0';
+ cnt++;
+
+ BIO_printf(bio_err, "%s=Expired\n",
+ rrow[DB_serial]);
+ }
+
+ }
+ }
+
+err:
+
+ ASN1_UTCTIME_free(a_tm);
+ OPENSSL_free(a_tm_s);
+
+ return (cnt);
+ }
+
+static char *crl_reasons[] = {
+ /* CRL reason strings */
+ "unspecified",
+ "keyCompromise",
+ "CACompromise",
+ "affiliationChanged",
+ "superseded",
+ "cessationOfOperation",
+ "certificateHold",
+ "removeFromCRL",
+ /* Additional pseudo reasons */
+ "holdInstruction",
+ "keyTime",
+ "CAkeyTime"
+};
+
+#define NUM_REASONS (sizeof(crl_reasons) / sizeof(char *))
+
+/* Given revocation information convert to a DB string.
+ * The format of the string is:
+ * revtime[,reason,extra]. Where 'revtime' is the
+ * revocation time (the current time). 'reason' is the
+ * optional CRL reason and 'extra' is any additional
+ * argument
+ */
+
+char *make_revocation_str(int rev_type, char *rev_arg)
+ {
+ char *reason = NULL, *other = NULL, *str;
+ ASN1_OBJECT *otmp;
+ ASN1_UTCTIME *revtm = NULL;
+ int i;
+ switch (rev_type)
+ {
+ case REV_NONE:
+ break;
+
+ case REV_CRL_REASON:
+ for (i = 0; i < 8; i++)
+ {
+ if (!strcasecmp(rev_arg, crl_reasons[i]))
+ {
+ reason = crl_reasons[i];
+ break;
+ }
+ }
+ if (reason == NULL)
+ {
+ BIO_printf(bio_err, "Unknown CRL reason %s\n", rev_arg);
+ return NULL;
+ }
+ break;
+
+ case REV_HOLD:
+ /* Argument is an OID */
+
+ otmp = OBJ_txt2obj(rev_arg, 0);
+ ASN1_OBJECT_free(otmp);
+
+ if (otmp == NULL)
+ {
+ BIO_printf(bio_err, "Invalid object identifier %s\n", rev_arg);
+ return NULL;
+ }
+
+ reason = "holdInstruction";
+ other = rev_arg;
+ break;
+
+ case REV_KEY_COMPROMISE:
+ case REV_CA_COMPROMISE:
+
+ /* Argument is the key compromise time */
+ if (!ASN1_GENERALIZEDTIME_set_string(NULL, rev_arg))
+ {
+ BIO_printf(bio_err, "Invalid time format %s. Need YYYYMMDDHHMMSSZ\n", rev_arg);
+ return NULL;
+ }
+ other = rev_arg;
+ if (rev_type == REV_KEY_COMPROMISE)
+ reason = "keyTime";
+ else
+ reason = "CAkeyTime";
+
+ break;
+
+ }
+
+ revtm = X509_gmtime_adj(NULL, 0);
+
+ i = revtm->length + 1;
+
+ if (reason) i += strlen(reason) + 1;
+ if (other) i += strlen(other) + 1;
+
+ str = OPENSSL_malloc(i);
+
+ if (!str) return NULL;
+
+ strcpy(str, (char *)revtm->data);
+ if (reason)
+ {
+ strcat(str, ",");
+ strcat(str, reason);
+ }
+ if (other)
+ {
+ strcat(str, ",");
+ strcat(str, other);
+ }
+ ASN1_UTCTIME_free(revtm);
+ return str;
+ }
+
+/* Convert revocation field to X509_REVOKED entry
+ * return code:
+ * 0 error
+ * 1 OK
+ * 2 OK and some extensions added (i.e. V2 CRL)
+ */
+
+
+int make_revoked(X509_REVOKED *rev, char *str)
+ {
+ char *tmp = NULL;
+ int reason_code = -1;
+ int i, ret = 0;
+ ASN1_OBJECT *hold = NULL;
+ ASN1_GENERALIZEDTIME *comp_time = NULL;
+ ASN1_ENUMERATED *rtmp = NULL;
+
+ ASN1_TIME *revDate = NULL;
+
+ i = unpack_revinfo(&revDate, &reason_code, &hold, &comp_time, str);
+
+ if (i == 0)
+ goto err;
+
+ if (rev && !X509_REVOKED_set_revocationDate(rev, revDate))
+ goto err;
+
+ if (rev && (reason_code != OCSP_REVOKED_STATUS_NOSTATUS))
+ {
+ rtmp = ASN1_ENUMERATED_new();
+ if (!rtmp || !ASN1_ENUMERATED_set(rtmp, reason_code))
+ goto err;
+ if (!X509_REVOKED_add1_ext_i2d(rev, NID_crl_reason, rtmp, 0, 0))
+ goto err;
+ }
+
+ if (rev && comp_time)
+ {
+ if (!X509_REVOKED_add1_ext_i2d(rev, NID_invalidity_date, comp_time, 0, 0))
+ goto err;
+ }
+ if (rev && hold)
+ {
+ if (!X509_REVOKED_add1_ext_i2d(rev, NID_hold_instruction_code, hold, 0, 0))
+ goto err;
+ }
+
+ if (reason_code != OCSP_REVOKED_STATUS_NOSTATUS)
+ ret = 2;
+ else ret = 1;
+
+ err:
+
+ if (tmp) OPENSSL_free(tmp);
+ ASN1_OBJECT_free(hold);
+ ASN1_GENERALIZEDTIME_free(comp_time);
+ ASN1_ENUMERATED_free(rtmp);
+ ASN1_TIME_free(revDate);
+
+ return ret;
+ }
+
+/*
+ * subject is expected to be in the format /type0=value0/type1=value1/type2=...
+ * where characters may be escaped by \
+ */
+X509_NAME *do_subject(char *subject, long chtype)
+ {
+ size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */
+ char *buf = OPENSSL_malloc(buflen);
+ size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */
+ char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *));
+ char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *));
+
+ char *sp = subject, *bp = buf;
+ int i, ne_num = 0;
+
+ X509_NAME *n = NULL;
+ int nid;
+
+ if (!buf || !ne_types || !ne_values)
+ {
+ BIO_printf(bio_err, "malloc error\n");
+ goto error;
+ }
+
+ if (*subject != '/')
+ {
+ BIO_printf(bio_err, "Subject does not start with '/'.\n");
+ goto error;
+ }
+ sp++; /* skip leading / */
+
+ while (*sp)
+ {
+ /* collect type */
+ ne_types[ne_num] = bp;
+ while (*sp)
+ {
+ if (*sp == '\\') /* is there anything to escape in the type...? */
+ {
+ if (*++sp)
+ *bp++ = *sp++;
+ else
+ {
+ BIO_printf(bio_err, "escape character at end of string\n");
+ goto error;
+ }
+ }
+ else if (*sp == '=')
+ {
+ sp++;
+ *bp++ = '\0';
+ break;
+ }
+ else
+ *bp++ = *sp++;
+ }
+ if (!*sp)
+ {
+ BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num);
+ goto error;
+ }
+ ne_values[ne_num] = bp;
+ while (*sp)
+ {
+ if (*sp == '\\')
+ {
+ if (*++sp)
+ *bp++ = *sp++;
+ else
+ {
+ BIO_printf(bio_err, "escape character at end of string\n");
+ goto error;
+ }
+ }
+ else if (*sp == '/')
+ {
+ sp++;
+ break;
+ }
+ else
+ *bp++ = *sp++;
+ }
+ *bp++ = '\0';
+ ne_num++;
+ }
+
+ if (!(n = X509_NAME_new()))
+ goto error;
+
+ for (i = 0; i < ne_num; i++)
+ {
+ if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef)
+ {
+ BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]);
+ continue;
+ }
+
+ if (!*ne_values[i])
+ {
+ BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]);
+ continue;
+ }
+
+ if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,0))
+ goto error;
+ }
+
+ OPENSSL_free(ne_values);
+ OPENSSL_free(ne_types);
+ OPENSSL_free(buf);
+ return n;
+
+error:
+ X509_NAME_free(n);
+ if (ne_values)
+ OPENSSL_free(ne_values);
+ if (ne_types)
+ OPENSSL_free(ne_types);
+ if (buf)
+ OPENSSL_free(buf);
+ return NULL;
}
+int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str)
+ {
+ char buf[25],*pbuf, *p;
+ int j;
+ j=i2a_ASN1_OBJECT(bp,obj);
+ pbuf=buf;
+ for (j=22-j; j>0; j--)
+ *(pbuf++)=' ';
+ *(pbuf++)=':';
+ *(pbuf++)='\0';
+ BIO_puts(bp,buf);
+
+ if (str->type == V_ASN1_PRINTABLESTRING)
+ BIO_printf(bp,"PRINTABLE:'");
+ else if (str->type == V_ASN1_T61STRING)
+ BIO_printf(bp,"T61STRING:'");
+ else if (str->type == V_ASN1_IA5STRING)
+ BIO_printf(bp,"IA5STRING:'");
+ else if (str->type == V_ASN1_UNIVERSALSTRING)
+ BIO_printf(bp,"UNIVERSALSTRING:'");
+ else
+ BIO_printf(bp,"ASN.1 %2d:'",str->type);
+
+ p=(char *)str->data;
+ for (j=str->length; j>0; j--)
+ {
+ if ((*p >= ' ') && (*p <= '~'))
+ BIO_printf(bp,"%c",*p);
+ else if (*p & 0x80)
+ BIO_printf(bp,"\\0x%02X",*p);
+ else if ((unsigned char)*p == 0xf7)
+ BIO_printf(bp,"^?");
+ else BIO_printf(bp,"^%c",*p+'@');
+ p++;
+ }
+ BIO_printf(bp,"'\n");
+ return 1;
+ }
+
+int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME **pinvtm, char *str)
+ {
+ char *tmp = NULL;
+ char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p;
+ int reason_code = -1;
+ int i, ret = 0;
+ ASN1_OBJECT *hold = NULL;
+ ASN1_GENERALIZEDTIME *comp_time = NULL;
+ tmp = BUF_strdup(str);
+
+ p = strchr(tmp, ',');
+
+ rtime_str = tmp;
+
+ if (p)
+ {
+ *p = '\0';
+ p++;
+ reason_str = p;
+ p = strchr(p, ',');
+ if (p)
+ {
+ *p = '\0';
+ arg_str = p + 1;
+ }
+ }
+
+ if (prevtm)
+ {
+ *prevtm = ASN1_UTCTIME_new();
+ if (!ASN1_UTCTIME_set_string(*prevtm, rtime_str))
+ {
+ BIO_printf(bio_err, "invalid revocation date %s\n", rtime_str);
+ goto err;
+ }
+ }
+ if (reason_str)
+ {
+ for (i = 0; i < NUM_REASONS; i++)
+ {
+ if(!strcasecmp(reason_str, crl_reasons[i]))
+ {
+ reason_code = i;
+ break;
+ }
+ }
+ if (reason_code == OCSP_REVOKED_STATUS_NOSTATUS)
+ {
+ BIO_printf(bio_err, "invalid reason code %s\n", reason_str);
+ goto err;
+ }
+
+ if (reason_code == 7)
+ reason_code = OCSP_REVOKED_STATUS_REMOVEFROMCRL;
+ else if (reason_code == 8) /* Hold instruction */
+ {
+ if (!arg_str)
+ {
+ BIO_printf(bio_err, "missing hold instruction\n");
+ goto err;
+ }
+ reason_code = OCSP_REVOKED_STATUS_CERTIFICATEHOLD;
+ hold = OBJ_txt2obj(arg_str, 0);
+
+ if (!hold)
+ {
+ BIO_printf(bio_err, "invalid object identifier %s\n", arg_str);
+ goto err;
+ }
+ if (phold) *phold = hold;
+ }
+ else if ((reason_code == 9) || (reason_code == 10))
+ {
+ if (!arg_str)
+ {
+ BIO_printf(bio_err, "missing compromised time\n");
+ goto err;
+ }
+ comp_time = ASN1_GENERALIZEDTIME_new();
+ if (!ASN1_GENERALIZEDTIME_set_string(comp_time, arg_str))
+ {
+ BIO_printf(bio_err, "invalid compromised time %s\n", arg_str);
+ goto err;
+ }
+ if (reason_code == 9)
+ reason_code = OCSP_REVOKED_STATUS_KEYCOMPROMISE;
+ else
+ reason_code = OCSP_REVOKED_STATUS_CACOMPROMISE;
+ }
+ }
+
+ if (preason) *preason = reason_code;
+ if (pinvtm) *pinvtm = comp_time;
+ else ASN1_GENERALIZEDTIME_free(comp_time);
+
+ ret = 1;
+
+ err:
+
+ if (tmp) OPENSSL_free(tmp);
+ if (!phold) ASN1_OBJECT_free(hold);
+ if (!pinvtm) ASN1_GENERALIZEDTIME_free(comp_time);
+
+ return ret;
+ }
+
+int make_serial_index(TXT_DB *db)
+ {
+ if (!TXT_DB_create_index(db, DB_serial, NULL,
+ LHASH_HASH_FN(index_serial_hash),
+ LHASH_COMP_FN(index_serial_cmp)))
+ {
+ BIO_printf(bio_err,
+ "error creating serial number index:(%ld,%ld,%ld)\n",
+ db->error,db->arg1,db->arg2);
+ return 0;
+ }
+ return 1;
+ }
diff --git a/crypto/openssl/apps/ciphers.c b/crypto/openssl/apps/ciphers.c
index b6e2f96..7c62fc5 100644
--- a/crypto/openssl/apps/ciphers.c
+++ b/crypto/openssl/apps/ciphers.c
@@ -59,7 +59,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#ifdef NO_STDIO
+#ifdef OPENSSL_NO_STDIO
#define APPS_WIN16
#endif
#include "apps.h"
@@ -95,11 +95,11 @@ int MAIN(int argc, char **argv)
char buf[512];
BIO *STDout=NULL;
-#if !defined(NO_SSL2) && !defined(NO_SSL3)
+#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
meth=SSLv23_server_method();
-#elif !defined(NO_SSL3)
+#elif !defined(OPENSSL_NO_SSL3)
meth=SSLv3_server_method();
-#elif !defined(NO_SSL2)
+#elif !defined(OPENSSL_NO_SSL2)
meth=SSLv2_server_method();
#endif
@@ -108,7 +108,7 @@ int MAIN(int argc, char **argv)
if (bio_err == NULL)
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
STDout = BIO_push(tmpbio, STDout);
@@ -121,15 +121,15 @@ int MAIN(int argc, char **argv)
{
if (strcmp(*argv,"-v") == 0)
verbose=1;
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
else if (strcmp(*argv,"-ssl2") == 0)
meth=SSLv2_client_method();
#endif
-#ifndef NO_SSL3
+#ifndef OPENSSL_NO_SSL3
else if (strcmp(*argv,"-ssl3") == 0)
meth=SSLv3_client_method();
#endif
-#ifndef NO_TLS1
+#ifndef OPENSSL_NO_TLS1
else if (strcmp(*argv,"-tls1") == 0)
meth=TLSv1_client_method();
#endif
@@ -150,7 +150,7 @@ int MAIN(int argc, char **argv)
if (badops)
{
for (pp=ciphers_usage; (*pp != NULL); pp++)
- BIO_printf(bio_err,*pp);
+ BIO_printf(bio_err,"%s",*pp);
goto end;
}
@@ -187,7 +187,7 @@ int MAIN(int argc, char **argv)
{
BIO_puts(STDout,SSL_CIPHER_description(
sk_SSL_CIPHER_value(sk,i),
- buf,512));
+ buf,sizeof buf));
}
}
@@ -202,6 +202,7 @@ end:
if (ctx != NULL) SSL_CTX_free(ctx);
if (ssl != NULL) SSL_free(ssl);
if (STDout != NULL) BIO_free_all(STDout);
- EXIT(ret);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
}
diff --git a/crypto/openssl/apps/crl.c b/crypto/openssl/apps/crl.c
index 3b5725f..c6089ac 100644
--- a/crypto/openssl/apps/crl.c
+++ b/crypto/openssl/apps/crl.c
@@ -87,6 +87,7 @@ static char *crl_usage[]={
" -noout - no CRL output\n",
" -CAfile name - verify CRL using certificates in file \"name\"\n",
" -CApath dir - verify CRL using certificates in \"dir\"\n",
+" -nameopt arg - various certificate name options\n",
NULL
};
@@ -97,6 +98,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
+ unsigned long nmflag = 0;
X509_CRL *x=NULL;
char *CAfile = NULL, *CApath = NULL;
int ret=1,i,num,badops=0;
@@ -105,7 +107,7 @@ int MAIN(int argc, char **argv)
char *infile=NULL,*outfile=NULL;
int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
int fingerprint = 0;
- char **pp,buf[256];
+ char **pp;
X509_STORE *store = NULL;
X509_STORE_CTX ctx;
X509_LOOKUP *lookup = NULL;
@@ -120,11 +122,14 @@ int MAIN(int argc, char **argv)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ if (!load_config(bio_err, NULL))
+ goto end;
+
if (bio_out == NULL)
if ((bio_out=BIO_new(BIO_s_file())) != NULL)
{
BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
bio_out = BIO_push(tmpbio, bio_out);
@@ -185,6 +190,11 @@ int MAIN(int argc, char **argv)
text = 1;
else if (strcmp(*argv,"-hash") == 0)
hash= ++num;
+ else if (strcmp(*argv,"-nameopt") == 0)
+ {
+ if (--argc < 1) goto bad;
+ if (!set_name_ex(&nmflag, *(++argv))) goto bad;
+ }
else if (strcmp(*argv,"-issuer") == 0)
issuer= ++num;
else if (strcmp(*argv,"-lastupdate") == 0)
@@ -214,7 +224,7 @@ int MAIN(int argc, char **argv)
{
bad:
for (pp=crl_usage; (*pp != NULL); pp++)
- BIO_printf(bio_err,*pp);
+ BIO_printf(bio_err,"%s",*pp);
goto end;
}
@@ -235,7 +245,11 @@ bad:
X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
ERR_clear_error();
- X509_STORE_CTX_init(&ctx, store, NULL, NULL);
+ if(!X509_STORE_CTX_init(&ctx, store, NULL, NULL)) {
+ BIO_printf(bio_err,
+ "Error initialising X509 store\n");
+ goto end;
+ }
i = X509_STORE_get_by_subject(&ctx, X509_LU_X509,
X509_CRL_get_issuer(x), &xobj);
@@ -264,9 +278,7 @@ bad:
{
if (issuer == i)
{
- X509_NAME_oneline(X509_CRL_get_issuer(x),
- buf,256);
- BIO_printf(bio_out,"issuer= %s\n",buf);
+ print_name(bio_out, "issuer=", X509_CRL_get_issuer(x), nmflag);
}
if (hash == i)
@@ -324,7 +336,7 @@ bad:
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
@@ -364,7 +376,8 @@ end:
X509_STORE_CTX_cleanup(&ctx);
X509_STORE_free(store);
}
- EXIT(ret);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
}
static X509_CRL *load_crl(char *infile, int format)
diff --git a/crypto/openssl/apps/crl2p7.c b/crypto/openssl/apps/crl2p7.c
index 7f853b6..b2f2d12 100644
--- a/crypto/openssl/apps/crl2p7.c
+++ b/crypto/openssl/apps/crl2p7.c
@@ -166,7 +166,8 @@ bad:
BIO_printf(bio_err," -certfile arg certificates file of chain to a trusted CA\n");
BIO_printf(bio_err," (can be used more than once)\n");
BIO_printf(bio_err," -nocrl no crl to load, just certs from '-certfile'\n");
- EXIT(1);
+ ret = 1;
+ goto end;
}
ERR_load_crypto_strings();
@@ -241,7 +242,7 @@ bad:
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
@@ -278,7 +279,8 @@ end:
if (p7 != NULL) PKCS7_free(p7);
if (crl != NULL) X509_CRL_free(crl);
- EXIT(ret);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
}
/*
diff --git a/crypto/openssl/apps/dgst.c b/crypto/openssl/apps/dgst.c
index 482b023..280f79b 100644
--- a/crypto/openssl/apps/dgst.c
+++ b/crypto/openssl/apps/dgst.c
@@ -73,13 +73,15 @@
#undef PROG
#define PROG dgst_main
-void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
- EVP_PKEY *key, unsigned char *sigin, int siglen);
+int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+ EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
+ const char *file);
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
unsigned char *buf=NULL;
int i,err=0;
const EVP_MD *md=NULL,*m;
@@ -91,12 +93,14 @@ int MAIN(int argc, char **argv)
char pname[PROG_NAME_SIZE+1];
int separator=0;
int debug=0;
+ int keyform=FORMAT_PEM;
const char *outfile = NULL, *keyfile = NULL;
const char *sigfile = NULL, *randfile = NULL;
int out_bin = -1, want_pub = 0, do_verify = 0;
EVP_PKEY *sigkey = NULL;
unsigned char *sigbuf = NULL;
int siglen = 0;
+ char *engine=NULL;
apps_startup();
@@ -109,8 +113,11 @@ int MAIN(int argc, char **argv)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ if (!load_config(bio_err, NULL))
+ goto end;
+
/* first check the program name */
- program_name(argv[0],pname,PROG_NAME_SIZE);
+ program_name(argv[0],pname,sizeof pname);
md=EVP_get_digestbyname(pname);
@@ -154,6 +161,16 @@ int MAIN(int argc, char **argv)
if (--argc < 1) break;
sigfile=*(++argv);
}
+ else if (strcmp(*argv,"-keyform") == 0)
+ {
+ if (--argc < 1) break;
+ keyform=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) break;
+ engine= *(++argv);
+ }
else if (strcmp(*argv,"-hex") == 0)
out_bin = 0;
else if (strcmp(*argv,"-binary") == 0)
@@ -188,8 +205,10 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err,"-sign file sign digest using private key in file\n");
BIO_printf(bio_err,"-verify file verify a signature using public key in file\n");
BIO_printf(bio_err,"-prverify file verify a signature using private key in file\n");
+ BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGINE)\n");
BIO_printf(bio_err,"-signature file signature to verify\n");
BIO_printf(bio_err,"-binary output in binary form\n");
+ BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
LN_md5,LN_md5);
@@ -209,6 +228,8 @@ int MAIN(int argc, char **argv)
goto end;
}
+ e = setup_engine(bio_err, engine, 0);
+
in=BIO_new(BIO_s_file());
bmd=BIO_new(BIO_f_md());
if (debug)
@@ -238,7 +259,7 @@ int MAIN(int argc, char **argv)
else out = BIO_new_file(outfile, "w");
} else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
@@ -253,27 +274,21 @@ int MAIN(int argc, char **argv)
goto end;
}
- if(keyfile) {
- BIO *keybio;
- keybio = BIO_new_file(keyfile, "r");
- if(!keybio) {
- BIO_printf(bio_err, "Error opening key file %s\n",
- keyfile);
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if(want_pub)
- sigkey = PEM_read_bio_PUBKEY(keybio, NULL, NULL, NULL);
- else sigkey = PEM_read_bio_PrivateKey(keybio, NULL, NULL, NULL);
- BIO_free(keybio);
- if(!sigkey) {
- BIO_printf(bio_err, "Error reading key file %s\n",
- keyfile);
- ERR_print_errors(bio_err);
+ if(keyfile)
+ {
+ if (want_pub)
+ sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL,
+ e, "key file");
+ else
+ sigkey = load_key(bio_err, keyfile, keyform, 0, NULL,
+ e, "key file");
+ if (!sigkey)
+ {
+ /* load_[pub]key() has already printed an appropriate
+ message */
goto end;
+ }
}
- }
if(sigfile && sigkey) {
BIO *sigbio;
@@ -305,29 +320,43 @@ int MAIN(int argc, char **argv)
if (argc == 0)
{
BIO_set_fp(in,stdin,BIO_NOCLOSE);
- do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf, siglen);
+ err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf,
+ siglen,"","(stdin)");
}
else
{
name=OBJ_nid2sn(md->type);
for (i=0; i<argc; i++)
{
+ char *tmp,*tofree=NULL;
+ int r;
+
if (BIO_read_filename(in,argv[i]) <= 0)
{
perror(argv[i]);
err++;
continue;
}
- if(!out_bin) BIO_printf(out, "%s(%s)= ",name,argv[i]);
- do_fp(out, buf,inp,separator, out_bin, sigkey,
- sigbuf, siglen);
+ if(!out_bin)
+ {
+ tmp=tofree=OPENSSL_malloc(strlen(name)+strlen(argv[i])+5);
+ sprintf(tmp,"%s(%s)= ",name,argv[i]);
+ }
+ else
+ tmp="";
+ r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf,
+ siglen,tmp,argv[i]);
+ if(r)
+ err=r;
+ if(tofree)
+ OPENSSL_free(tofree);
(void)BIO_reset(bmd);
}
}
end:
if (buf != NULL)
{
- memset(buf,0,BUFSIZE);
+ OPENSSL_cleanse(buf,BUFSIZE);
OPENSSL_free(buf);
}
if (in != NULL) BIO_free(in);
@@ -335,11 +364,13 @@ end:
EVP_PKEY_free(sigkey);
if(sigbuf) OPENSSL_free(sigbuf);
if (bmd != NULL) BIO_free(bmd);
- EXIT(err);
+ apps_shutdown();
+ OPENSSL_EXIT(err);
}
-void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
- EVP_PKEY *key, unsigned char *sigin, int siglen)
+int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+ EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
+ const char *file)
{
int len;
int i;
@@ -347,21 +378,33 @@ void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
for (;;)
{
i=BIO_read(bp,(char *)buf,BUFSIZE);
- if (i <= 0) break;
+ if(i < 0)
+ {
+ BIO_printf(bio_err, "Read Error in %s\n",file);
+ ERR_print_errors(bio_err);
+ return 1;
+ }
+ if (i == 0) break;
}
if(sigin)
{
EVP_MD_CTX *ctx;
BIO_get_md_ctx(bp, &ctx);
i = EVP_VerifyFinal(ctx, sigin, (unsigned int)siglen, key);
- if(i > 0) BIO_printf(out, "Verified OK\n");
- else if(i == 0) BIO_printf(out, "Verification Failure\n");
+ if(i > 0)
+ BIO_printf(out, "Verified OK\n");
+ else if(i == 0)
+ {
+ BIO_printf(out, "Verification Failure\n");
+ return 1;
+ }
else
{
BIO_printf(bio_err, "Error Verifying Data\n");
ERR_print_errors(bio_err);
+ return 1;
}
- return;
+ return 0;
}
if(key)
{
@@ -371,7 +414,7 @@ void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
{
BIO_printf(bio_err, "Error Signing Data\n");
ERR_print_errors(bio_err);
- return;
+ return 1;
}
}
else
@@ -380,6 +423,7 @@ void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
if(binout) BIO_write(out, buf, len);
else
{
+ BIO_write(out,title,strlen(title));
for (i=0; i<len; i++)
{
if (sep && (i != 0))
@@ -388,5 +432,6 @@ void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
}
BIO_printf(out, "\n");
}
+ return 0;
}
diff --git a/crypto/openssl/apps/dh.c b/crypto/openssl/apps/dh.c
index 7465442..c10ea96 100644
--- a/crypto/openssl/apps/dh.c
+++ b/crypto/openssl/apps/dh.c
@@ -57,7 +57,7 @@
* [including the GNU Public Licence.]
*/
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
@@ -87,11 +87,12 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
DH *dh=NULL;
int i,badops=0,text=0;
BIO *in=NULL,*out=NULL;
int informat,outformat,check=0,noout=0,C=0,ret=1;
- char *infile,*outfile,*prog;
+ char *infile,*outfile,*prog,*engine;
apps_startup();
@@ -99,6 +100,10 @@ int MAIN(int argc, char **argv)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ engine=NULL;
infile=NULL;
outfile=NULL;
informat=FORMAT_PEM;
@@ -129,6 +134,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
outfile= *(++argv);
}
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
else if (strcmp(*argv,"-check") == 0)
check=1;
else if (strcmp(*argv,"-text") == 0)
@@ -160,11 +170,14 @@ bad:
BIO_printf(bio_err," -text print a text form of the DH parameters\n");
BIO_printf(bio_err," -C Output C code\n");
BIO_printf(bio_err," -noout no output\n");
+ BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
goto end;
}
ERR_load_crypto_strings();
+ e = setup_engine(bio_err, engine, 0);
+
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
@@ -186,7 +199,7 @@ bad:
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
@@ -319,6 +332,7 @@ end:
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
if (dh != NULL) DH_free(dh);
- EXIT(ret);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
}
#endif
diff --git a/crypto/openssl/apps/dhparam.c b/crypto/openssl/apps/dhparam.c
index 5f9b601..cbc65bc 100644
--- a/crypto/openssl/apps/dhparam.c
+++ b/crypto/openssl/apps/dhparam.c
@@ -109,7 +109,7 @@
*
*/
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
@@ -122,7 +122,7 @@
#include <openssl/x509.h>
#include <openssl/pem.h>
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
#endif
@@ -148,15 +148,16 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
DH *dh=NULL;
int i,badops=0,text=0;
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
int dsaparam=0;
#endif
BIO *in=NULL,*out=NULL;
int informat,outformat,check=0,noout=0,C=0,ret=1;
char *infile,*outfile,*prog;
- char *inrand=NULL;
+ char *inrand=NULL,*engine=NULL;
int num = 0, g = 0;
apps_startup();
@@ -165,6 +166,9 @@ int MAIN(int argc, char **argv)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ if (!load_config(bio_err, NULL))
+ goto end;
+
infile=NULL;
outfile=NULL;
informat=FORMAT_PEM;
@@ -195,11 +199,16 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
outfile= *(++argv);
}
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
else if (strcmp(*argv,"-check") == 0)
check=1;
else if (strcmp(*argv,"-text") == 0)
text=1;
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
else if (strcmp(*argv,"-dsaparam") == 0)
dsaparam=1;
#endif
@@ -231,7 +240,7 @@ bad:
BIO_printf(bio_err," -outform arg output format - one of DER PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -out arg output file\n");
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
BIO_printf(bio_err," -dsaparam read or generate DSA parameters, convert to DH\n");
#endif
BIO_printf(bio_err," -check check the DH parameters\n");
@@ -240,6 +249,7 @@ bad:
BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n");
BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n");
BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n");
+ BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
@@ -249,10 +259,12 @@ bad:
ERR_load_crypto_strings();
+ e = setup_engine(bio_err, engine, 0);
+
if (g && !num)
num = DEFBITS;
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
if (dsaparam)
{
if (g)
@@ -279,7 +291,7 @@ bad:
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
if (dsaparam)
{
DSA *dsa;
@@ -340,7 +352,7 @@ bad:
goto end;
}
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
if (dsaparam)
{
DSA *dsa;
@@ -393,7 +405,7 @@ bad:
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
@@ -478,7 +490,7 @@ bad:
printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
printf("\t\t{ DH_free(dh); return(NULL); }\n");
if (dh->length)
- printf("\tdh->length = %d;\n", dh->length);
+ printf("\tdh->length = %ld;\n", dh->length);
printf("\treturn(dh);\n\t}\n");
OPENSSL_free(data);
}
@@ -506,7 +518,8 @@ end:
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
if (dh != NULL) DH_free(dh);
- EXIT(ret);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
}
/* dh_cb is identical to dsa_cb in apps/dsaparam.c */
diff --git a/crypto/openssl/apps/dsa.c b/crypto/openssl/apps/dsa.c
index 7c4a46f..6598871 100644
--- a/crypto/openssl/apps/dsa.c
+++ b/crypto/openssl/apps/dsa.c
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -79,6 +79,9 @@
* -des - encrypt output if PEM format with DES in cbc mode
* -des3 - encrypt output if PEM format
* -idea - encrypt output if PEM format
+ * -aes128 - encrypt output if PEM format
+ * -aes192 - encrypt output if PEM format
+ * -aes256 - encrypt output if PEM format
* -text - print a text version
* -modulus - print the DSA public key
*/
@@ -87,6 +90,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
int ret=1;
DSA *dsa=NULL;
int i,badops=0;
@@ -94,7 +98,7 @@ int MAIN(int argc, char **argv)
BIO *in=NULL,*out=NULL;
int informat,outformat,text=0,noout=0;
int pubin = 0, pubout = 0;
- char *infile,*outfile,*prog;
+ char *infile,*outfile,*prog,*engine;
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
int modulus=0;
@@ -105,6 +109,10 @@ int MAIN(int argc, char **argv)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ engine=NULL;
infile=NULL;
outfile=NULL;
informat=FORMAT_PEM;
@@ -145,6 +153,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
passargout= *(++argv);
}
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
else if (strcmp(*argv,"-noout") == 0)
noout=1;
else if (strcmp(*argv,"-text") == 0)
@@ -176,11 +189,16 @@ bad:
BIO_printf(bio_err," -passin arg input file pass phrase source\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -passout arg output file pass phrase source\n");
+ BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n");
#endif
+#ifndef OPENSSL_NO_AES
+ BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
+ BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
+#endif
BIO_printf(bio_err," -text print the key in text\n");
BIO_printf(bio_err," -noout don't print key out\n");
BIO_printf(bio_err," -modulus print the DSA public value\n");
@@ -189,6 +207,8 @@ bad:
ERR_load_crypto_strings();
+ e = setup_engine(bio_err, engine, 0);
+
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
@@ -235,7 +255,7 @@ bad:
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
@@ -293,6 +313,7 @@ end:
if(dsa != NULL) DSA_free(dsa);
if(passin) OPENSSL_free(passin);
if(passout) OPENSSL_free(passout);
- EXIT(ret);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
}
#endif
diff --git a/crypto/openssl/apps/dsaparam.c b/crypto/openssl/apps/dsaparam.c
index 0c2529e..320d76f 100644
--- a/crypto/openssl/apps/dsaparam.c
+++ b/crypto/openssl/apps/dsaparam.c
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
@@ -90,6 +90,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
DSA *dsa=NULL;
int i,badops=0,text=0;
BIO *in=NULL,*out=NULL;
@@ -97,6 +98,7 @@ int MAIN(int argc, char **argv)
char *infile,*outfile,*prog,*inrand=NULL;
int numbits= -1,num,genkey=0;
int need_rand=0;
+ char *engine=NULL;
apps_startup();
@@ -104,6 +106,9 @@ int MAIN(int argc, char **argv)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ if (!load_config(bio_err, NULL))
+ goto end;
+
infile=NULL;
outfile=NULL;
informat=FORMAT_PEM;
@@ -134,6 +139,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
outfile= *(++argv);
}
+ else if(strcmp(*argv, "-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine = *(++argv);
+ }
else if (strcmp(*argv,"-text") == 0)
text=1;
else if (strcmp(*argv,"-C") == 0)
@@ -179,7 +189,9 @@ bad:
BIO_printf(bio_err," -text print as text\n");
BIO_printf(bio_err," -C Output C code\n");
BIO_printf(bio_err," -noout no output\n");
+ BIO_printf(bio_err," -genkey generate a DSA key\n");
BIO_printf(bio_err," -rand files to use for random number input\n");
+ BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err," number number of bits to use for generating private key\n");
goto end;
}
@@ -207,7 +219,7 @@ bad:
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
@@ -223,6 +235,8 @@ bad:
}
}
+ e = setup_engine(bio_err, engine, 0);
+
if (need_rand)
{
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
@@ -357,7 +371,8 @@ end:
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
if (dsa != NULL) DSA_free(dsa);
- EXIT(ret);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
}
static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
diff --git a/crypto/openssl/apps/enc.c b/crypto/openssl/apps/enc.c
index e375363..42ddfd2 100644
--- a/crypto/openssl/apps/enc.c
+++ b/crypto/openssl/apps/enc.c
@@ -66,10 +66,8 @@
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/rand.h>
-#ifndef NO_MD5
-#include <openssl/md5.h>
-#endif
#include <openssl/pem.h>
+#include <ctype.h>
int set_hex(char *in,unsigned char *out,int size);
#undef SIZE
@@ -80,17 +78,37 @@ int set_hex(char *in,unsigned char *out,int size);
#define BSIZE (8*1024)
#define PROG enc_main
+static void show_ciphers(const OBJ_NAME *name,void *bio_)
+ {
+ BIO *bio=bio_;
+ static int n;
+
+ if(!islower((unsigned char)*name->name))
+ return;
+
+ BIO_printf(bio,"-%-25s",name->name);
+ if(++n == 3)
+ {
+ BIO_printf(bio,"\n");
+ n=0;
+ }
+ else
+ BIO_printf(bio," ");
+ }
+
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
static const char magic[]="Salted__";
- char mbuf[8]; /* should be 1 smaller than magic */
+ char mbuf[sizeof magic-1];
char *strbuf=NULL;
unsigned char *buff=NULL,*bufsize=NULL;
int bsize=BSIZE,verbose=0;
int ret=1,inl;
- unsigned char key[24],iv[MD5_DIGEST_LENGTH];
+ int nopad = 0;
+ unsigned char key[EVP_MAX_KEY_LENGTH],iv[EVP_MAX_IV_LENGTH];
unsigned char salt[PKCS5_SALT_LEN];
char *str=NULL, *passarg = NULL, *pass = NULL;
char *hkey=NULL,*hiv=NULL,*hsalt = NULL;
@@ -101,6 +119,7 @@ int MAIN(int argc, char **argv)
BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
#define PROG_NAME_SIZE 39
char pname[PROG_NAME_SIZE+1];
+ char *engine = NULL;
apps_startup();
@@ -108,8 +127,11 @@ int MAIN(int argc, char **argv)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ if (!load_config(bio_err, NULL))
+ goto end;
+
/* first check the program name */
- program_name(argv[0],pname,PROG_NAME_SIZE);
+ program_name(argv[0],pname,sizeof pname);
if (strcmp(pname,"base64") == 0)
base64=1;
@@ -141,12 +163,19 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
passarg= *(++argv);
}
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
else if (strcmp(*argv,"-d") == 0)
enc=0;
else if (strcmp(*argv,"-p") == 0)
printkey=1;
else if (strcmp(*argv,"-v") == 0)
verbose=1;
+ else if (strcmp(*argv,"-nopad") == 0)
+ nopad=1;
else if (strcmp(*argv,"-salt") == 0)
nosalt=0;
else if (strcmp(*argv,"-nosalt") == 0)
@@ -187,7 +216,7 @@ int MAIN(int argc, char **argv)
goto bad;
}
buf[0]='\0';
- fgets(buf,128,infile);
+ fgets(buf,sizeof buf,infile);
fclose(infile);
i=strlen(buf);
if ((i > 0) &&
@@ -241,79 +270,22 @@ bad:
BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
+ BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
BIO_printf(bio_err,"Cipher Types\n");
- BIO_printf(bio_err,"des : 56 bit key DES encryption\n");
- BIO_printf(bio_err,"des_ede :112 bit key ede DES encryption\n");
- BIO_printf(bio_err,"des_ede3:168 bit key ede DES encryption\n");
-#ifndef NO_IDEA
- BIO_printf(bio_err,"idea :128 bit key IDEA encryption\n");
-#endif
-#ifndef NO_RC4
- BIO_printf(bio_err,"rc2 :128 bit key RC2 encryption\n");
-#endif
-#ifndef NO_BF
- BIO_printf(bio_err,"bf :128 bit key Blowfish encryption\n");
-#endif
-#ifndef NO_RC4
- BIO_printf(bio_err," -%-5s :128 bit key RC4 encryption\n",
- LN_rc4);
-#endif
+ OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
+ show_ciphers,
+ bio_err);
+ BIO_printf(bio_err,"\n");
- BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
- LN_des_ecb,LN_des_cbc,
- LN_des_cfb64,LN_des_ofb64);
- BIO_printf(bio_err," -%-4s (%s)\n",
- "des", LN_des_cbc);
-
- BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
- LN_des_ede,LN_des_ede_cbc,
- LN_des_ede_cfb64,LN_des_ede_ofb64);
- BIO_printf(bio_err," -desx -none\n");
-
-
- BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
- LN_des_ede3,LN_des_ede3_cbc,
- LN_des_ede3_cfb64,LN_des_ede3_ofb64);
- BIO_printf(bio_err," -%-4s (%s)\n",
- "des3", LN_des_ede3_cbc);
-
-#ifndef NO_IDEA
- BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
- LN_idea_ecb, LN_idea_cbc,
- LN_idea_cfb64, LN_idea_ofb64);
- BIO_printf(bio_err," -%-4s (%s)\n","idea",LN_idea_cbc);
-#endif
-#ifndef NO_RC2
- BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
- LN_rc2_ecb, LN_rc2_cbc,
- LN_rc2_cfb64, LN_rc2_ofb64);
- BIO_printf(bio_err," -%-4s (%s)\n","rc2", LN_rc2_cbc);
-#endif
-#ifndef NO_BF
- BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
- LN_bf_ecb, LN_bf_cbc,
- LN_bf_cfb64, LN_bf_ofb64);
- BIO_printf(bio_err," -%-4s (%s)\n","bf", LN_bf_cbc);
-#endif
-#ifndef NO_CAST
- BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
- LN_cast5_ecb, LN_cast5_cbc,
- LN_cast5_cfb64, LN_cast5_ofb64);
- BIO_printf(bio_err," -%-4s (%s)\n","cast", LN_cast5_cbc);
-#endif
-#ifndef NO_RC5
- BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
- LN_rc5_ecb, LN_rc5_cbc,
- LN_rc5_cfb64, LN_rc5_ofb64);
- BIO_printf(bio_err," -%-4s (%s)\n","rc5", LN_rc5_cbc);
-#endif
goto end;
}
argc--;
argv++;
}
+ e = setup_engine(bio_err, engine, 0);
+
if (bufsize != NULL)
{
unsigned long n;
@@ -418,7 +390,7 @@ bad:
if (outf == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
@@ -456,6 +428,9 @@ bad:
if (cipher != NULL)
{
+ /* Note that str is NULL if a key was passed on the command
+ * line, so we get no salt in that case. Is this a bug?
+ */
if (str != NULL)
{
/* Salt handling: if encrypting generate a salt and
@@ -467,12 +442,12 @@ bad:
else {
if(enc) {
if(hsalt) {
- if(!set_hex(hsalt,salt,PKCS5_SALT_LEN)) {
+ if(!set_hex(hsalt,salt,sizeof salt)) {
BIO_printf(bio_err,
"invalid hex salt value\n");
goto end;
}
- } else if (RAND_pseudo_bytes(salt, PKCS5_SALT_LEN) < 0)
+ } else if (RAND_pseudo_bytes(salt, sizeof salt) < 0)
goto end;
/* If -P option then don't bother writing */
if((printkey != 2)
@@ -480,14 +455,14 @@ bad:
sizeof magic-1) != sizeof magic-1
|| BIO_write(wbio,
(char *)salt,
- PKCS5_SALT_LEN) != PKCS5_SALT_LEN)) {
+ sizeof salt) != sizeof salt)) {
BIO_printf(bio_err,"error writing output file\n");
goto end;
}
} else if(BIO_read(rbio,mbuf,sizeof mbuf) != sizeof mbuf
|| BIO_read(rbio,
(unsigned char *)salt,
- PKCS5_SALT_LEN) != PKCS5_SALT_LEN) {
+ sizeof salt) != sizeof salt) {
BIO_printf(bio_err,"error reading input file\n");
goto end;
} else if(memcmp(mbuf,magic,sizeof magic-1)) {
@@ -506,11 +481,11 @@ bad:
* bug picked up by
* Larry J. Hughes Jr. <hughes@indiana.edu> */
if (str == strbuf)
- memset(str,0,SIZE);
+ OPENSSL_cleanse(str,SIZE);
else
- memset(str,0,strlen(str));
+ OPENSSL_cleanse(str,strlen(str));
}
- if ((hiv != NULL) && !set_hex(hiv,iv,8))
+ if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv))
{
BIO_printf(bio_err,"invalid hex iv value\n");
goto end;
@@ -523,7 +498,7 @@ bad:
BIO_printf(bio_err, "iv undefined\n");
goto end;
}
- if ((hkey != NULL) && !set_hex(hkey,key,24))
+ if ((hkey != NULL) && !set_hex(hkey,key,sizeof key))
{
BIO_printf(bio_err,"invalid hex key value\n");
goto end;
@@ -532,6 +507,12 @@ bad:
if ((benc=BIO_new(BIO_f_cipher())) == NULL)
goto end;
BIO_set_cipher(benc,cipher,key,iv,enc);
+ if (nopad)
+ {
+ EVP_CIPHER_CTX *ctx;
+ BIO_get_cipher_ctx(benc, &ctx);
+ EVP_CIPHER_CTX_set_padding(ctx, 0);
+ }
if (debug)
{
BIO_set_callback(benc,BIO_debug_callback);
@@ -543,7 +524,7 @@ bad:
if (!nosalt)
{
printf("salt=");
- for (i=0; i<PKCS5_SALT_LEN; i++)
+ for (i=0; i<sizeof salt; i++)
printf("%02X",salt[i]);
printf("\n");
}
@@ -604,7 +585,8 @@ end:
if (benc != NULL) BIO_free(benc);
if (b64 != NULL) BIO_free(b64);
if(pass) OPENSSL_free(pass);
- EXIT(ret);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
}
int set_hex(char *in, unsigned char *out, int size)
diff --git a/crypto/openssl/apps/engine.c b/crypto/openssl/apps/engine.c
new file mode 100644
index 0000000..b718ae1
--- /dev/null
+++ b/crypto/openssl/apps/engine.c
@@ -0,0 +1,520 @@
+/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef OPENSSL_NO_STDIO
+#define APPS_WIN16
+#endif
+#include "apps.h"
+#include <openssl/err.h>
+#include <openssl/engine.h>
+#include <openssl/ssl.h>
+
+#undef PROG
+#define PROG engine_main
+
+static char *engine_usage[]={
+"usage: engine opts [engine ...]\n",
+" -v[v[v[v]]] - verbose mode, for each engine, list its 'control commands'\n",
+" -vv will additionally display each command's description\n",
+" -vvv will also add the input flags for each command\n",
+" -vvvv will also show internal input flags\n",
+" -c - for each engine, also list the capabilities\n",
+" -t - for each engine, check that they are really available\n",
+" -pre <cmd> - runs command 'cmd' against the ENGINE before any attempts\n",
+" to load it (if -t is used)\n",
+" -post <cmd> - runs command 'cmd' against the ENGINE after loading it\n",
+" (only used if -t is also provided)\n",
+" NB: -pre and -post will be applied to all ENGINEs supplied on the command\n",
+" line, or all supported ENGINEs if none are specified.\n",
+" Eg. '-pre \"SO_PATH:/lib/libdriver.so\"' calls command \"SO_PATH\" with\n",
+" argument \"/lib/libdriver.so\".\n",
+NULL
+};
+
+static void identity(void *ptr)
+ {
+ return;
+ }
+
+static int append_buf(char **buf, const char *s, int *size, int step)
+ {
+ int l = strlen(s);
+
+ if (*buf == NULL)
+ {
+ *size = step;
+ *buf = OPENSSL_malloc(*size);
+ if (*buf == NULL)
+ return 0;
+ **buf = '\0';
+ }
+
+ if (**buf != '\0')
+ l += 2; /* ", " */
+
+ if (strlen(*buf) + strlen(s) >= (unsigned int)*size)
+ {
+ *size += step;
+ *buf = OPENSSL_realloc(*buf, *size);
+ }
+
+ if (*buf == NULL)
+ return 0;
+
+ if (**buf != '\0')
+ strcat(*buf, ", ");
+ strcat(*buf, s);
+
+ return 1;
+ }
+
+static int util_flags(BIO *bio_out, unsigned int flags, const char *indent)
+ {
+ int started = 0, err = 0;
+ /* Indent before displaying input flags */
+ BIO_printf(bio_out, "%s%s(input flags): ", indent, indent);
+ if(flags == 0)
+ {
+ BIO_printf(bio_out, "<no flags>\n");
+ return 1;
+ }
+ /* If the object is internal, mark it in a way that shows instead of
+ * having it part of all the other flags, even if it really is. */
+ if(flags & ENGINE_CMD_FLAG_INTERNAL)
+ {
+ BIO_printf(bio_out, "[Internal] ");
+ }
+
+ if(flags & ENGINE_CMD_FLAG_NUMERIC)
+ {
+ if(started)
+ {
+ BIO_printf(bio_out, "|");
+ err = 1;
+ }
+ BIO_printf(bio_out, "NUMERIC");
+ started = 1;
+ }
+ /* Now we check that no combinations of the mutually exclusive NUMERIC,
+ * STRING, and NO_INPUT flags have been used. Future flags that can be
+ * OR'd together with these would need to added after these to preserve
+ * the testing logic. */
+ if(flags & ENGINE_CMD_FLAG_STRING)
+ {
+ if(started)
+ {
+ BIO_printf(bio_out, "|");
+ err = 1;
+ }
+ BIO_printf(bio_out, "STRING");
+ started = 1;
+ }
+ if(flags & ENGINE_CMD_FLAG_NO_INPUT)
+ {
+ if(started)
+ {
+ BIO_printf(bio_out, "|");
+ err = 1;
+ }
+ BIO_printf(bio_out, "NO_INPUT");
+ started = 1;
+ }
+ /* Check for unknown flags */
+ flags = flags & ~ENGINE_CMD_FLAG_NUMERIC &
+ ~ENGINE_CMD_FLAG_STRING &
+ ~ENGINE_CMD_FLAG_NO_INPUT &
+ ~ENGINE_CMD_FLAG_INTERNAL;
+ if(flags)
+ {
+ if(started) BIO_printf(bio_out, "|");
+ BIO_printf(bio_out, "<0x%04X>", flags);
+ }
+ if(err)
+ BIO_printf(bio_out, " <illegal flags!>");
+ BIO_printf(bio_out, "\n");
+ return 1;
+ }
+
+static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent)
+ {
+ static const int line_wrap = 78;
+ int num;
+ int ret = 0;
+ char *name = NULL;
+ char *desc = NULL;
+ int flags;
+ int xpos = 0;
+ STACK *cmds = NULL;
+ if(!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||
+ ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,
+ 0, NULL, NULL)) <= 0))
+ {
+#if 0
+ BIO_printf(bio_out, "%s<no control commands>\n", indent);
+#endif
+ return 1;
+ }
+
+ cmds = sk_new_null();
+
+ if(!cmds)
+ goto err;
+ do {
+ int len;
+ /* Get the command input flags */
+ if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,
+ NULL, NULL)) < 0)
+ goto err;
+ if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4)
+ {
+ /* Get the command name */
+ if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num,
+ NULL, NULL)) <= 0)
+ goto err;
+ if((name = OPENSSL_malloc(len + 1)) == NULL)
+ goto err;
+ if(ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name,
+ NULL) <= 0)
+ goto err;
+ /* Get the command description */
+ if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num,
+ NULL, NULL)) < 0)
+ goto err;
+ if(len > 0)
+ {
+ if((desc = OPENSSL_malloc(len + 1)) == NULL)
+ goto err;
+ if(ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc,
+ NULL) <= 0)
+ goto err;
+ }
+ /* Now decide on the output */
+ if(xpos == 0)
+ /* Do an indent */
+ xpos = BIO_printf(bio_out, indent);
+ else
+ /* Otherwise prepend a ", " */
+ xpos += BIO_printf(bio_out, ", ");
+ if(verbose == 1)
+ {
+ /* We're just listing names, comma-delimited */
+ if((xpos > (int)strlen(indent)) &&
+ (xpos + (int)strlen(name) > line_wrap))
+ {
+ BIO_printf(bio_out, "\n");
+ xpos = BIO_printf(bio_out, indent);
+ }
+ xpos += BIO_printf(bio_out, "%s", name);
+ }
+ else
+ {
+ /* We're listing names plus descriptions */
+ BIO_printf(bio_out, "%s: %s\n", name,
+ (desc == NULL) ? "<no description>" : desc);
+ /* ... and sometimes input flags */
+ if((verbose >= 3) && !util_flags(bio_out, flags,
+ indent))
+ goto err;
+ xpos = 0;
+ }
+ }
+ OPENSSL_free(name); name = NULL;
+ if(desc) { OPENSSL_free(desc); desc = NULL; }
+ /* Move to the next command */
+ num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE,
+ num, NULL, NULL);
+ } while(num > 0);
+ if(xpos > 0)
+ BIO_printf(bio_out, "\n");
+ ret = 1;
+err:
+ if(cmds) sk_pop_free(cmds, identity);
+ if(name) OPENSSL_free(name);
+ if(desc) OPENSSL_free(desc);
+ return ret;
+ }
+
+static void util_do_cmds(ENGINE *e, STACK *cmds, BIO *bio_out, const char *indent)
+ {
+ int loop, res, num = sk_num(cmds);
+ if(num < 0)
+ {
+ BIO_printf(bio_out, "[Error]: internal stack error\n");
+ return;
+ }
+ for(loop = 0; loop < num; loop++)
+ {
+ char buf[256];
+ const char *cmd, *arg;
+ cmd = sk_value(cmds, loop);
+ res = 1; /* assume success */
+ /* Check if this command has no ":arg" */
+ if((arg = strstr(cmd, ":")) == NULL)
+ {
+ if(!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0))
+ res = 0;
+ }
+ else
+ {
+ if((int)(arg - cmd) > 254)
+ {
+ BIO_printf(bio_out,"[Error]: command name too long\n");
+ return;
+ }
+ memcpy(buf, cmd, (int)(arg - cmd));
+ buf[arg-cmd] = '\0';
+ arg++; /* Move past the ":" */
+ /* Call the command with the argument */
+ if(!ENGINE_ctrl_cmd_string(e, buf, arg, 0))
+ res = 0;
+ }
+ if(res)
+ BIO_printf(bio_out, "[Success]: %s\n", cmd);
+ else
+ {
+ BIO_printf(bio_out, "[Failure]: %s\n", cmd);
+ ERR_print_errors(bio_out);
+ }
+ }
+ }
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ int ret=1,i;
+ char **pp;
+ int verbose=0, list_cap=0, test_avail=0;
+ ENGINE *e;
+ STACK *engines = sk_new_null();
+ STACK *pre_cmds = sk_new_null();
+ STACK *post_cmds = sk_new_null();
+ int badops=1;
+ BIO *bio_out=NULL;
+ const char *indent = " ";
+
+ apps_startup();
+ SSL_load_error_strings();
+
+ if (bio_err == NULL)
+ bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+ bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ bio_out = BIO_push(tmpbio, bio_out);
+ }
+#endif
+
+ argc--;
+ argv++;
+ while (argc >= 1)
+ {
+ if (strncmp(*argv,"-v",2) == 0)
+ {
+ if(strspn(*argv + 1, "v") < strlen(*argv + 1))
+ goto skip_arg_loop;
+ if((verbose=strlen(*argv + 1)) > 4)
+ goto skip_arg_loop;
+ }
+ else if (strcmp(*argv,"-c") == 0)
+ list_cap=1;
+ else if (strcmp(*argv,"-t") == 0)
+ test_avail=1;
+ else if (strcmp(*argv,"-pre") == 0)
+ {
+ argc--; argv++;
+ sk_push(pre_cmds,*argv);
+ }
+ else if (strcmp(*argv,"-post") == 0)
+ {
+ argc--; argv++;
+ sk_push(post_cmds,*argv);
+ }
+ else if ((strncmp(*argv,"-h",2) == 0) ||
+ (strcmp(*argv,"-?") == 0))
+ goto skip_arg_loop;
+ else
+ sk_push(engines,*argv);
+ argc--;
+ argv++;
+ }
+ /* Looks like everything went OK */
+ badops = 0;
+skip_arg_loop:
+
+ if (badops)
+ {
+ for (pp=engine_usage; (*pp != NULL); pp++)
+ BIO_printf(bio_err,"%s",*pp);
+ goto end;
+ }
+
+ if (sk_num(engines) == 0)
+ {
+ for(e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e))
+ {
+ sk_push(engines,(char *)ENGINE_get_id(e));
+ }
+ }
+
+ for (i=0; i<sk_num(engines); i++)
+ {
+ const char *id = sk_value(engines,i);
+ if ((e = ENGINE_by_id(id)) != NULL)
+ {
+ const char *name = ENGINE_get_name(e);
+ /* Do "id" first, then "name". Easier to auto-parse. */
+ BIO_printf(bio_out, "(%s) %s\n", id, name);
+ util_do_cmds(e, pre_cmds, bio_out, indent);
+ if (strcmp(ENGINE_get_id(e), id) != 0)
+ {
+ BIO_printf(bio_out, "Loaded: (%s) %s\n",
+ ENGINE_get_id(e), ENGINE_get_name(e));
+ }
+ if (list_cap)
+ {
+ int cap_size = 256;
+ char *cap_buf = NULL;
+ int k,n;
+ const int *nids;
+ ENGINE_CIPHERS_PTR fn_c;
+ ENGINE_DIGESTS_PTR fn_d;
+
+ if (ENGINE_get_RSA(e) != NULL
+ && !append_buf(&cap_buf, "RSA",
+ &cap_size, 256))
+ goto end;
+ if (ENGINE_get_DSA(e) != NULL
+ && !append_buf(&cap_buf, "DSA",
+ &cap_size, 256))
+ goto end;
+ if (ENGINE_get_DH(e) != NULL
+ && !append_buf(&cap_buf, "DH",
+ &cap_size, 256))
+ goto end;
+ if (ENGINE_get_RAND(e) != NULL
+ && !append_buf(&cap_buf, "RAND",
+ &cap_size, 256))
+ goto end;
+
+ fn_c = ENGINE_get_ciphers(e);
+ if(!fn_c) goto skip_ciphers;
+ n = fn_c(e, NULL, &nids, 0);
+ for(k=0 ; k < n ; ++k)
+ if(!append_buf(&cap_buf,
+ OBJ_nid2sn(nids[k]),
+ &cap_size, 256))
+ goto end;
+
+skip_ciphers:
+ fn_d = ENGINE_get_digests(e);
+ if(!fn_d) goto skip_digests;
+ n = fn_d(e, NULL, &nids, 0);
+ for(k=0 ; k < n ; ++k)
+ if(!append_buf(&cap_buf,
+ OBJ_nid2sn(nids[k]),
+ &cap_size, 256))
+ goto end;
+
+skip_digests:
+ if (cap_buf && (*cap_buf != '\0'))
+ BIO_printf(bio_out, " [%s]\n", cap_buf);
+
+ OPENSSL_free(cap_buf);
+ }
+ if(test_avail)
+ {
+ BIO_printf(bio_out, "%s", indent);
+ if (ENGINE_init(e))
+ {
+ BIO_printf(bio_out, "[ available ]\n");
+ util_do_cmds(e, post_cmds, bio_out, indent);
+ ENGINE_finish(e);
+ }
+ else
+ {
+ BIO_printf(bio_out, "[ unavailable ]\n");
+ ERR_print_errors_fp(stdout);
+ ERR_clear_error();
+ }
+ }
+ if((verbose > 0) && !util_verbose(e, verbose, bio_out, indent))
+ goto end;
+ ENGINE_free(e);
+ }
+ else
+ ERR_print_errors(bio_err);
+ }
+
+ ret=0;
+end:
+ ERR_print_errors(bio_err);
+ sk_pop_free(engines, identity);
+ sk_pop_free(pre_cmds, identity);
+ sk_pop_free(post_cmds, identity);
+ if (bio_out != NULL) BIO_free_all(bio_out);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+ }
diff --git a/crypto/openssl/apps/errstr.c b/crypto/openssl/apps/errstr.c
index e392328..19489b0 100644
--- a/crypto/openssl/apps/errstr.c
+++ b/crypto/openssl/apps/errstr.c
@@ -91,7 +91,7 @@ int MAIN(int argc, char **argv)
out=BIO_new(BIO_s_file());
if ((out != NULL) && BIO_set_fp(out,stdout,BIO_NOCLOSE))
{
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
@@ -121,5 +121,6 @@ int MAIN(int argc, char **argv)
ret++;
}
}
- EXIT(ret);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
}
diff --git a/crypto/openssl/apps/gendh.c b/crypto/openssl/apps/gendh.c
index e0c7889..98ee413 100644
--- a/crypto/openssl/apps/gendh.c
+++ b/crypto/openssl/apps/gendh.c
@@ -57,7 +57,7 @@
* [including the GNU Public Licence.]
*/
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
@@ -81,11 +81,13 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
DH *dh=NULL;
int ret=1,num=DEFBITS;
int g=2;
char *outfile=NULL;
char *inrand=NULL;
+ char *engine=NULL;
BIO *out=NULL;
apps_startup();
@@ -94,6 +96,9 @@ int MAIN(int argc, char **argv)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ if (!load_config(bio_err, NULL))
+ goto end;
+
argv++;
argc--;
for (;;)
@@ -110,6 +115,11 @@ int MAIN(int argc, char **argv)
g=3; */
else if (strcmp(*argv,"-5") == 0)
g=5;
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
@@ -125,15 +135,18 @@ int MAIN(int argc, char **argv)
bad:
BIO_printf(bio_err,"usage: gendh [args] [numbits]\n");
BIO_printf(bio_err," -out file - output the key to 'file\n");
- BIO_printf(bio_err," -2 use 2 as the generator value\n");
- /* BIO_printf(bio_err," -3 use 3 as the generator value\n"); */
- BIO_printf(bio_err," -5 use 5 as the generator value\n");
+ BIO_printf(bio_err," -2 - use 2 as the generator value\n");
+ /* BIO_printf(bio_err," -3 - use 3 as the generator value\n"); */
+ BIO_printf(bio_err," -5 - use 5 as the generator value\n");
+ BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
goto end;
}
+ e = setup_engine(bio_err, engine, 0);
+
out=BIO_new(BIO_s_file());
if (out == NULL)
{
@@ -144,7 +157,7 @@ bad:
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
@@ -184,7 +197,8 @@ end:
ERR_print_errors(bio_err);
if (out != NULL) BIO_free_all(out);
if (dh != NULL) DH_free(dh);
- EXIT(ret);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
}
static void MS_CALLBACK dh_cb(int p, int n, void *arg)
diff --git a/crypto/openssl/apps/gendsa.c b/crypto/openssl/apps/gendsa.c
index 6022d8f..4600711 100644
--- a/crypto/openssl/apps/gendsa.c
+++ b/crypto/openssl/apps/gendsa.c
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
@@ -77,13 +77,15 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
DSA *dsa=NULL;
int ret=1;
char *outfile=NULL;
char *inrand=NULL,*dsaparams=NULL;
char *passargout = NULL, *passout = NULL;
BIO *out=NULL,*in=NULL;
- EVP_CIPHER *enc=NULL;
+ const EVP_CIPHER *enc=NULL;
+ char *engine=NULL;
apps_startup();
@@ -91,6 +93,9 @@ int MAIN(int argc, char **argv)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ if (!load_config(bio_err, NULL))
+ goto end;
+
argv++;
argc--;
for (;;)
@@ -106,6 +111,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
passargout= *(++argv);
}
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
@@ -113,16 +123,24 @@ int MAIN(int argc, char **argv)
}
else if (strcmp(*argv,"-") == 0)
goto bad;
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
else if (strcmp(*argv,"-des") == 0)
enc=EVP_des_cbc();
else if (strcmp(*argv,"-des3") == 0)
enc=EVP_des_ede3_cbc();
#endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
else if (strcmp(*argv,"-idea") == 0)
enc=EVP_idea_cbc();
#endif
+#ifndef OPENSSL_NO_AES
+ else if (strcmp(*argv,"-aes128") == 0)
+ enc=EVP_aes_128_cbc();
+ else if (strcmp(*argv,"-aes192") == 0)
+ enc=EVP_aes_192_cbc();
+ else if (strcmp(*argv,"-aes256") == 0)
+ enc=EVP_aes_256_cbc();
+#endif
else if (**argv != '-' && dsaparams == NULL)
{
dsaparams = *argv;
@@ -138,13 +156,18 @@ int MAIN(int argc, char **argv)
bad:
BIO_printf(bio_err,"usage: gendsa [args] dsaparam-file\n");
BIO_printf(bio_err," -out file - output the key to 'file'\n");
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
BIO_printf(bio_err," -des - encrypt the generated key with DES in cbc mode\n");
BIO_printf(bio_err," -des3 - encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
#endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
BIO_printf(bio_err," -idea - encrypt the generated key with IDEA in cbc mode\n");
#endif
+#ifndef OPENSSL_NO_AES
+ BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
+ BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
+#endif
+ BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
@@ -153,6 +176,8 @@ bad:
goto end;
}
+ e = setup_engine(bio_err, engine, 0);
+
if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
@@ -180,7 +205,7 @@ bad:
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
@@ -220,6 +245,7 @@ end:
if (out != NULL) BIO_free_all(out);
if (dsa != NULL) DSA_free(dsa);
if(passout) OPENSSL_free(passout);
- EXIT(ret);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
}
#endif
diff --git a/crypto/openssl/apps/genrsa.c b/crypto/openssl/apps/genrsa.c
index ac0b709..dbc23e4 100644
--- a/crypto/openssl/apps/genrsa.c
+++ b/crypto/openssl/apps/genrsa.c
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
@@ -69,6 +69,7 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
+#include <openssl/rand.h>
#define DEFBITS 512
#undef PROG
@@ -80,14 +81,16 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
int ret=1;
RSA *rsa=NULL;
int i,num=DEFBITS;
long l;
- EVP_CIPHER *enc=NULL;
+ const EVP_CIPHER *enc=NULL;
unsigned long f4=RSA_F4;
char *outfile=NULL;
char *passargout = NULL, *passout = NULL;
+ char *engine=NULL;
char *inrand=NULL;
BIO *out=NULL;
@@ -96,6 +99,9 @@ int MAIN(int argc, char **argv)
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto err;
if ((out=BIO_new(BIO_s_file())) == NULL)
{
BIO_printf(bio_err,"unable to create BIO for output\n");
@@ -116,21 +122,34 @@ int MAIN(int argc, char **argv)
f4=3;
else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
f4=RSA_F4;
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
inrand= *(++argv);
}
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
else if (strcmp(*argv,"-des") == 0)
enc=EVP_des_cbc();
else if (strcmp(*argv,"-des3") == 0)
enc=EVP_des_ede3_cbc();
#endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
else if (strcmp(*argv,"-idea") == 0)
enc=EVP_idea_cbc();
#endif
+#ifndef OPENSSL_NO_AES
+ else if (strcmp(*argv,"-aes128") == 0)
+ enc=EVP_aes_128_cbc();
+ else if (strcmp(*argv,"-aes192") == 0)
+ enc=EVP_aes_192_cbc();
+ else if (strcmp(*argv,"-aes256") == 0)
+ enc=EVP_aes_256_cbc();
+#endif
else if (strcmp(*argv,"-passout") == 0)
{
if (--argc < 1) goto bad;
@@ -147,13 +166,18 @@ bad:
BIO_printf(bio_err,"usage: genrsa [args] [numbits]\n");
BIO_printf(bio_err," -des encrypt the generated key with DES in cbc mode\n");
BIO_printf(bio_err," -des3 encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
BIO_printf(bio_err," -idea encrypt the generated key with IDEA in cbc mode\n");
#endif
+#ifndef OPENSSL_NO_AES
+ BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
+ BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
+#endif
BIO_printf(bio_err," -out file output the key to 'file\n");
BIO_printf(bio_err," -passout arg output file pass phrase source\n");
BIO_printf(bio_err," -f4 use F4 (0x10001) for the E value\n");
BIO_printf(bio_err," -3 use 3 for the E value\n");
+ BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
@@ -167,10 +191,12 @@ bad:
goto err;
}
+ e = setup_engine(bio_err, engine, 0);
+
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
@@ -186,7 +212,8 @@ bad:
}
}
- if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
+ if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
+ && !RAND_status())
{
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
}
@@ -214,8 +241,14 @@ bad:
l+=rsa->e->d[i];
}
BIO_printf(bio_err,"e is %ld (0x%lX)\n",l,l);
- if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL, passout))
+ {
+ PW_CB_DATA cb_data;
+ cb_data.password = passout;
+ cb_data.prompt_info = outfile;
+ if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,
+ (pem_password_cb *)password_callback,&cb_data))
goto err;
+ }
ret=0;
err:
@@ -224,7 +257,8 @@ err:
if(passout) OPENSSL_free(passout);
if (ret != 0)
ERR_print_errors(bio_err);
- EXIT(ret);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
}
static void MS_CALLBACK genrsa_cb(int p, int n, void *arg)
@@ -241,7 +275,7 @@ static void MS_CALLBACK genrsa_cb(int p, int n, void *arg)
p=n;
#endif
}
-#else /* !NO_RSA */
+#else /* !OPENSSL_NO_RSA */
# if PEDANTIC
static void *dummy=&dummy;
diff --git a/crypto/openssl/apps/nseq.c b/crypto/openssl/apps/nseq.c
index 1d73d1a..dc71d45 100644
--- a/crypto/openssl/apps/nseq.c
+++ b/crypto/openssl/apps/nseq.c
@@ -58,9 +58,9 @@
#include <stdio.h>
#include <string.h>
+#include "apps.h"
#include <openssl/pem.h>
#include <openssl/err.h>
-#include "apps.h"
#undef PROG
#define PROG nseq_main
@@ -102,7 +102,7 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-in file input file\n");
BIO_printf (bio_err, "-out file output file\n");
BIO_printf (bio_err, "-toseq output NS Sequence file\n");
- EXIT(1);
+ OPENSSL_EXIT(1);
}
if (infile) {
@@ -121,7 +121,7 @@ int MAIN(int argc, char **argv)
}
} else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
@@ -162,6 +162,6 @@ end:
BIO_free_all(out);
NETSCAPE_CERT_SEQUENCE_free(seq);
- EXIT(ret);
+ OPENSSL_EXIT(ret);
}
diff --git a/crypto/openssl/apps/ocsp.c b/crypto/openssl/apps/ocsp.c
new file mode 100644
index 0000000..92922bc
--- /dev/null
+++ b/crypto/openssl/apps/ocsp.c
@@ -0,0 +1,1228 @@
+/* ocsp.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/pem.h>
+#include <openssl/ocsp.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+/* Maximum leeway in validity period: default 5 minutes */
+#define MAX_VALIDITY_PERIOD (5 * 60)
+
+/* CA index.txt definitions */
+#define DB_type 0
+#define DB_exp_date 1
+#define DB_rev_date 2
+#define DB_serial 3 /* index - unique */
+#define DB_file 4
+#define DB_name 5 /* index - unique for active */
+#define DB_NUMBER 6
+
+#define DB_TYPE_REV 'R'
+#define DB_TYPE_EXP 'E'
+#define DB_TYPE_VAL 'V'
+
+static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer,
+ STACK_OF(OCSP_CERTID) *ids);
+static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer,
+ STACK_OF(OCSP_CERTID) *ids);
+static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
+ STACK *names, STACK_OF(OCSP_CERTID) *ids,
+ long nsec, long maxage);
+
+static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, TXT_DB *db,
+ X509 *ca, X509 *rcert, EVP_PKEY *rkey,
+ STACK_OF(X509) *rother, unsigned long flags,
+ int nmin, int ndays);
+
+static char **lookup_serial(TXT_DB *db, ASN1_INTEGER *ser);
+static BIO *init_responder(char *port);
+static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port);
+static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
+
+#undef PROG
+#define PROG ocsp_main
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ ENGINE *e = NULL;
+ char **args;
+ char *host = NULL, *port = NULL, *path = "/";
+ char *reqin = NULL, *respin = NULL;
+ char *reqout = NULL, *respout = NULL;
+ char *signfile = NULL, *keyfile = NULL;
+ char *rsignfile = NULL, *rkeyfile = NULL;
+ char *outfile = NULL;
+ int add_nonce = 1, noverify = 0, use_ssl = -1;
+ OCSP_REQUEST *req = NULL;
+ OCSP_RESPONSE *resp = NULL;
+ OCSP_BASICRESP *bs = NULL;
+ X509 *issuer = NULL, *cert = NULL;
+ X509 *signer = NULL, *rsigner = NULL;
+ EVP_PKEY *key = NULL, *rkey = NULL;
+ BIO *acbio = NULL, *cbio = NULL;
+ BIO *derbio = NULL;
+ BIO *out = NULL;
+ int req_text = 0, resp_text = 0;
+ long nsec = MAX_VALIDITY_PERIOD, maxage = -1;
+ char *CAfile = NULL, *CApath = NULL;
+ X509_STORE *store = NULL;
+ SSL_CTX *ctx = NULL;
+ STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL;
+ char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL;
+ unsigned long sign_flags = 0, verify_flags = 0, rflags = 0;
+ int ret = 1;
+ int accept_count = -1;
+ int badarg = 0;
+ int i;
+ STACK *reqnames = NULL;
+ STACK_OF(OCSP_CERTID) *ids = NULL;
+
+ X509 *rca_cert = NULL;
+ char *ridx_filename = NULL;
+ char *rca_filename = NULL;
+ TXT_DB *rdb = NULL;
+ int nmin = 0, ndays = -1;
+
+ if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+ SSL_load_error_strings();
+ args = argv + 1;
+ reqnames = sk_new_null();
+ ids = sk_OCSP_CERTID_new_null();
+ while (!badarg && *args && *args[0] == '-')
+ {
+ if (!strcmp(*args, "-out"))
+ {
+ if (args[1])
+ {
+ args++;
+ outfile = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-url"))
+ {
+ if (args[1])
+ {
+ args++;
+ if (!OCSP_parse_url(*args, &host, &port, &path, &use_ssl))
+ {
+ BIO_printf(bio_err, "Error parsing URL\n");
+ badarg = 1;
+ }
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-host"))
+ {
+ if (args[1])
+ {
+ args++;
+ host = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-port"))
+ {
+ if (args[1])
+ {
+ args++;
+ port = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-noverify"))
+ noverify = 1;
+ else if (!strcmp(*args, "-nonce"))
+ add_nonce = 2;
+ else if (!strcmp(*args, "-no_nonce"))
+ add_nonce = 0;
+ else if (!strcmp(*args, "-resp_no_certs"))
+ rflags |= OCSP_NOCERTS;
+ else if (!strcmp(*args, "-resp_key_id"))
+ rflags |= OCSP_RESPID_KEY;
+ else if (!strcmp(*args, "-no_certs"))
+ sign_flags |= OCSP_NOCERTS;
+ else if (!strcmp(*args, "-no_signature_verify"))
+ verify_flags |= OCSP_NOSIGS;
+ else if (!strcmp(*args, "-no_cert_verify"))
+ verify_flags |= OCSP_NOVERIFY;
+ else if (!strcmp(*args, "-no_chain"))
+ verify_flags |= OCSP_NOCHAIN;
+ else if (!strcmp(*args, "-no_cert_checks"))
+ verify_flags |= OCSP_NOCHECKS;
+ else if (!strcmp(*args, "-no_explicit"))
+ verify_flags |= OCSP_NOEXPLICIT;
+ else if (!strcmp(*args, "-trust_other"))
+ verify_flags |= OCSP_TRUSTOTHER;
+ else if (!strcmp(*args, "-no_intern"))
+ verify_flags |= OCSP_NOINTERN;
+ else if (!strcmp(*args, "-text"))
+ {
+ req_text = 1;
+ resp_text = 1;
+ }
+ else if (!strcmp(*args, "-req_text"))
+ req_text = 1;
+ else if (!strcmp(*args, "-resp_text"))
+ resp_text = 1;
+ else if (!strcmp(*args, "-reqin"))
+ {
+ if (args[1])
+ {
+ args++;
+ reqin = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-respin"))
+ {
+ if (args[1])
+ {
+ args++;
+ respin = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-signer"))
+ {
+ if (args[1])
+ {
+ args++;
+ signfile = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp (*args, "-VAfile"))
+ {
+ if (args[1])
+ {
+ args++;
+ verify_certfile = *args;
+ verify_flags |= OCSP_TRUSTOTHER;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-sign_other"))
+ {
+ if (args[1])
+ {
+ args++;
+ sign_certfile = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-verify_other"))
+ {
+ if (args[1])
+ {
+ args++;
+ verify_certfile = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp (*args, "-CAfile"))
+ {
+ if (args[1])
+ {
+ args++;
+ CAfile = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp (*args, "-CApath"))
+ {
+ if (args[1])
+ {
+ args++;
+ CApath = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp (*args, "-validity_period"))
+ {
+ if (args[1])
+ {
+ args++;
+ nsec = atol(*args);
+ if (nsec < 0)
+ {
+ BIO_printf(bio_err,
+ "Illegal validity period %s\n",
+ *args);
+ badarg = 1;
+ }
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp (*args, "-status_age"))
+ {
+ if (args[1])
+ {
+ args++;
+ maxage = atol(*args);
+ if (maxage < 0)
+ {
+ BIO_printf(bio_err,
+ "Illegal validity age %s\n",
+ *args);
+ badarg = 1;
+ }
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-signkey"))
+ {
+ if (args[1])
+ {
+ args++;
+ keyfile = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-reqout"))
+ {
+ if (args[1])
+ {
+ args++;
+ reqout = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-respout"))
+ {
+ if (args[1])
+ {
+ args++;
+ respout = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-path"))
+ {
+ if (args[1])
+ {
+ args++;
+ path = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-issuer"))
+ {
+ if (args[1])
+ {
+ args++;
+ X509_free(issuer);
+ issuer = load_cert(bio_err, *args, FORMAT_PEM,
+ NULL, e, "issuer certificate");
+ if(!issuer) goto end;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp (*args, "-cert"))
+ {
+ if (args[1])
+ {
+ args++;
+ X509_free(cert);
+ cert = load_cert(bio_err, *args, FORMAT_PEM,
+ NULL, e, "certificate");
+ if(!cert) goto end;
+ if(!add_ocsp_cert(&req, cert, issuer, ids))
+ goto end;
+ if(!sk_push(reqnames, *args))
+ goto end;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-serial"))
+ {
+ if (args[1])
+ {
+ args++;
+ if(!add_ocsp_serial(&req, *args, issuer, ids))
+ goto end;
+ if(!sk_push(reqnames, *args))
+ goto end;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-index"))
+ {
+ if (args[1])
+ {
+ args++;
+ ridx_filename = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-CA"))
+ {
+ if (args[1])
+ {
+ args++;
+ rca_filename = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp (*args, "-nmin"))
+ {
+ if (args[1])
+ {
+ args++;
+ nmin = atol(*args);
+ if (nmin < 0)
+ {
+ BIO_printf(bio_err,
+ "Illegal update period %s\n",
+ *args);
+ badarg = 1;
+ }
+ }
+ if (ndays == -1)
+ ndays = 0;
+ else badarg = 1;
+ }
+ else if (!strcmp (*args, "-nrequest"))
+ {
+ if (args[1])
+ {
+ args++;
+ accept_count = atol(*args);
+ if (accept_count < 0)
+ {
+ BIO_printf(bio_err,
+ "Illegal accept count %s\n",
+ *args);
+ badarg = 1;
+ }
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp (*args, "-ndays"))
+ {
+ if (args[1])
+ {
+ args++;
+ ndays = atol(*args);
+ if (ndays < 0)
+ {
+ BIO_printf(bio_err,
+ "Illegal update period %s\n",
+ *args);
+ badarg = 1;
+ }
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-rsigner"))
+ {
+ if (args[1])
+ {
+ args++;
+ rsignfile = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-rkey"))
+ {
+ if (args[1])
+ {
+ args++;
+ rkeyfile = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args, "-rother"))
+ {
+ if (args[1])
+ {
+ args++;
+ rcertfile = *args;
+ }
+ else badarg = 1;
+ }
+ else badarg = 1;
+ args++;
+ }
+
+ /* Have we anything to do? */
+ if (!req && !reqin && !respin && !(port && ridx_filename)) badarg = 1;
+
+ if (badarg)
+ {
+ BIO_printf (bio_err, "OCSP utility\n");
+ BIO_printf (bio_err, "Usage ocsp [options]\n");
+ BIO_printf (bio_err, "where options are\n");
+ BIO_printf (bio_err, "-out file output filename\n");
+ BIO_printf (bio_err, "-issuer file issuer certificate\n");
+ BIO_printf (bio_err, "-cert file certificate to check\n");
+ BIO_printf (bio_err, "-serial n serial number to check\n");
+ BIO_printf (bio_err, "-signer file certificate to sign OCSP request with\n");
+ BIO_printf (bio_err, "-signkey file private key to sign OCSP request with\n");
+ BIO_printf (bio_err, "-sign_certs file additional certificates to include in signed request\n");
+ BIO_printf (bio_err, "-no_certs don't include any certificates in signed request\n");
+ BIO_printf (bio_err, "-req_text print text form of request\n");
+ BIO_printf (bio_err, "-resp_text print text form of response\n");
+ BIO_printf (bio_err, "-text print text form of request and response\n");
+ BIO_printf (bio_err, "-reqout file write DER encoded OCSP request to \"file\"\n");
+ BIO_printf (bio_err, "-respout file write DER encoded OCSP reponse to \"file\"\n");
+ BIO_printf (bio_err, "-reqin file read DER encoded OCSP request from \"file\"\n");
+ BIO_printf (bio_err, "-respin file read DER encoded OCSP reponse from \"file\"\n");
+ BIO_printf (bio_err, "-nonce add OCSP nonce to request\n");
+ BIO_printf (bio_err, "-no_nonce don't add OCSP nonce to request\n");
+ BIO_printf (bio_err, "-url URL OCSP responder URL\n");
+ BIO_printf (bio_err, "-host host:n send OCSP request to host on port n\n");
+ BIO_printf (bio_err, "-path path to use in OCSP request\n");
+ BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
+ BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
+ BIO_printf (bio_err, "-VAfile file validator certificates file\n");
+ BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n");
+ BIO_printf (bio_err, "-status_age n maximum status age in seconds\n");
+ BIO_printf (bio_err, "-noverify don't verify response at all\n");
+ BIO_printf (bio_err, "-verify_certs file additional certificates to search for signer\n");
+ BIO_printf (bio_err, "-trust_other don't verify additional certificates\n");
+ BIO_printf (bio_err, "-no_intern don't search certificates contained in response for signer\n");
+ BIO_printf (bio_err, "-no_sig_verify don't check signature on response\n");
+ BIO_printf (bio_err, "-no_cert_verify don't check signing certificate\n");
+ BIO_printf (bio_err, "-no_chain don't chain verify response\n");
+ BIO_printf (bio_err, "-no_cert_checks don't do additional checks on signing certificate\n");
+ BIO_printf (bio_err, "-port num port to run responder on\n");
+ BIO_printf (bio_err, "-index file certificate status index file\n");
+ BIO_printf (bio_err, "-CA file CA certificate\n");
+ BIO_printf (bio_err, "-rsigner file responder certificate to sign responses with\n");
+ BIO_printf (bio_err, "-rkey file responder key to sign responses with\n");
+ BIO_printf (bio_err, "-rother file other certificates to include in response\n");
+ BIO_printf (bio_err, "-resp_no_certs don't include any certificates in response\n");
+ BIO_printf (bio_err, "-nmin n number of minutes before next update\n");
+ BIO_printf (bio_err, "-ndays n number of days before next update\n");
+ BIO_printf (bio_err, "-resp_key_id identify reponse by signing certificate key ID\n");
+ BIO_printf (bio_err, "-nrequest n number of requests to accept (default unlimited)\n");
+ goto end;
+ }
+
+ if(outfile) out = BIO_new_file(outfile, "w");
+ else out = BIO_new_fp(stdout, BIO_NOCLOSE);
+
+ if(!out)
+ {
+ BIO_printf(bio_err, "Error opening output file\n");
+ goto end;
+ }
+
+ if (!req && (add_nonce != 2)) add_nonce = 0;
+
+ if (!req && reqin)
+ {
+ derbio = BIO_new_file(reqin, "rb");
+ if (!derbio)
+ {
+ BIO_printf(bio_err, "Error Opening OCSP request file\n");
+ goto end;
+ }
+ req = d2i_OCSP_REQUEST_bio(derbio, NULL);
+ BIO_free(derbio);
+ if(!req)
+ {
+ BIO_printf(bio_err, "Error reading OCSP request\n");
+ goto end;
+ }
+ }
+
+ if (!req && port)
+ {
+ acbio = init_responder(port);
+ if (!acbio)
+ goto end;
+ }
+
+ if (rsignfile && !rdb)
+ {
+ if (!rkeyfile) rkeyfile = rsignfile;
+ rsigner = load_cert(bio_err, rsignfile, FORMAT_PEM,
+ NULL, e, "responder certificate");
+ if (!rsigner)
+ {
+ BIO_printf(bio_err, "Error loading responder certificate\n");
+ goto end;
+ }
+ rca_cert = load_cert(bio_err, rca_filename, FORMAT_PEM,
+ NULL, e, "CA certificate");
+ if (rcertfile)
+ {
+ rother = load_certs(bio_err, rcertfile, FORMAT_PEM,
+ NULL, e, "responder other certificates");
+ if (!rother) goto end;
+ }
+ rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, 0, NULL, NULL,
+ "responder private key");
+ if (!rkey)
+ goto end;
+ }
+ if(acbio)
+ BIO_printf(bio_err, "Waiting for OCSP client connections...\n");
+
+ redo_accept:
+
+ if (acbio)
+ {
+ if (!do_responder(&req, &cbio, acbio, port))
+ goto end;
+ if (!req)
+ {
+ resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL);
+ send_ocsp_response(cbio, resp);
+ goto done_resp;
+ }
+ }
+
+ if (!req && (signfile || reqout || host || add_nonce || ridx_filename))
+ {
+ BIO_printf(bio_err, "Need an OCSP request for this operation!\n");
+ goto end;
+ }
+
+ if (req && add_nonce) OCSP_request_add1_nonce(req, NULL, -1);
+
+ if (signfile)
+ {
+ if (!keyfile) keyfile = signfile;
+ signer = load_cert(bio_err, signfile, FORMAT_PEM,
+ NULL, e, "signer certificate");
+ if (!signer)
+ {
+ BIO_printf(bio_err, "Error loading signer certificate\n");
+ goto end;
+ }
+ if (sign_certfile)
+ {
+ sign_other = load_certs(bio_err, sign_certfile, FORMAT_PEM,
+ NULL, e, "signer certificates");
+ if (!sign_other) goto end;
+ }
+ key = load_key(bio_err, keyfile, FORMAT_PEM, 0, NULL, NULL,
+ "signer private key");
+ if (!key)
+ goto end;
+ if (!OCSP_request_sign(req, signer, key, EVP_sha1(), sign_other, sign_flags))
+ {
+ BIO_printf(bio_err, "Error signing OCSP request\n");
+ goto end;
+ }
+ }
+
+ if (req_text && req) OCSP_REQUEST_print(out, req, 0);
+
+ if (reqout)
+ {
+ derbio = BIO_new_file(reqout, "wb");
+ if(!derbio)
+ {
+ BIO_printf(bio_err, "Error opening file %s\n", reqout);
+ goto end;
+ }
+ i2d_OCSP_REQUEST_bio(derbio, req);
+ BIO_free(derbio);
+ }
+
+ if (ridx_filename && (!rkey || !rsigner || !rca_cert))
+ {
+ BIO_printf(bio_err, "Need a responder certificate, key and CA for this operation!\n");
+ goto end;
+ }
+
+ if (ridx_filename && !rdb)
+ {
+ BIO *db_bio = NULL;
+ db_bio = BIO_new_file(ridx_filename, "r");
+ if (!db_bio)
+ {
+ BIO_printf(bio_err, "Error opening index file %s\n", ridx_filename);
+ goto end;
+ }
+ rdb = TXT_DB_read(db_bio, DB_NUMBER);
+ BIO_free(db_bio);
+ if (!rdb)
+ {
+ BIO_printf(bio_err, "Error reading index file %s\n", ridx_filename);
+ goto end;
+ }
+ if (!make_serial_index(rdb))
+ goto end;
+ }
+
+ if (rdb)
+ {
+ i = make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey, rother, rflags, nmin, ndays);
+ if (cbio)
+ send_ocsp_response(cbio, resp);
+ }
+ else if (host)
+ {
+ cbio = BIO_new_connect(host);
+ if (!cbio)
+ {
+ BIO_printf(bio_err, "Error creating connect BIO\n");
+ goto end;
+ }
+ if (port) BIO_set_conn_port(cbio, port);
+ if (use_ssl == 1)
+ {
+ BIO *sbio;
+ ctx = SSL_CTX_new(SSLv23_client_method());
+ SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
+ sbio = BIO_new_ssl(ctx, 1);
+ cbio = BIO_push(sbio, cbio);
+ }
+ if (BIO_do_connect(cbio) <= 0)
+ {
+ BIO_printf(bio_err, "Error connecting BIO\n");
+ goto end;
+ }
+ resp = OCSP_sendreq_bio(cbio, path, req);
+ BIO_free_all(cbio);
+ cbio = NULL;
+ if (!resp)
+ {
+ BIO_printf(bio_err, "Error querying OCSP responsder\n");
+ goto end;
+ }
+ }
+ else if (respin)
+ {
+ derbio = BIO_new_file(respin, "rb");
+ if (!derbio)
+ {
+ BIO_printf(bio_err, "Error Opening OCSP response file\n");
+ goto end;
+ }
+ resp = d2i_OCSP_RESPONSE_bio(derbio, NULL);
+ BIO_free(derbio);
+ if(!resp)
+ {
+ BIO_printf(bio_err, "Error reading OCSP response\n");
+ goto end;
+ }
+
+ }
+ else
+ {
+ ret = 0;
+ goto end;
+ }
+
+ done_resp:
+
+ if (respout)
+ {
+ derbio = BIO_new_file(respout, "wb");
+ if(!derbio)
+ {
+ BIO_printf(bio_err, "Error opening file %s\n", respout);
+ goto end;
+ }
+ i2d_OCSP_RESPONSE_bio(derbio, resp);
+ BIO_free(derbio);
+ }
+
+ i = OCSP_response_status(resp);
+
+ if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL)
+ {
+ BIO_printf(out, "Responder Error: %s (%ld)\n",
+ OCSP_response_status_str(i), i);
+ ret = 0;
+ goto end;
+ }
+
+ if (resp_text) OCSP_RESPONSE_print(out, resp, 0);
+
+ /* If running as responder don't verify our own response */
+ if (cbio)
+ {
+ if (accept_count > 0)
+ accept_count--;
+ /* Redo if more connections needed */
+ if (accept_count)
+ {
+ BIO_free_all(cbio);
+ cbio = NULL;
+ OCSP_REQUEST_free(req);
+ req = NULL;
+ OCSP_RESPONSE_free(resp);
+ resp = NULL;
+ goto redo_accept;
+ }
+ goto end;
+ }
+
+ if (!store)
+ store = setup_verify(bio_err, CAfile, CApath);
+ if (!store)
+ goto end;
+ if (verify_certfile)
+ {
+ verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM,
+ NULL, e, "validator certificate");
+ if (!verify_other) goto end;
+ }
+
+ bs = OCSP_response_get1_basic(resp);
+
+ if (!bs)
+ {
+ BIO_printf(bio_err, "Error parsing response\n");
+ goto end;
+ }
+
+ if (!noverify)
+ {
+ if (req && ((i = OCSP_check_nonce(req, bs)) <= 0))
+ {
+ if (i == -1)
+ BIO_printf(bio_err, "WARNING: no nonce in response\n");
+ else
+ {
+ BIO_printf(bio_err, "Nonce Verify error\n");
+ goto end;
+ }
+ }
+
+ i = OCSP_basic_verify(bs, verify_other, store, verify_flags);
+ if (i < 0) i = OCSP_basic_verify(bs, NULL, store, 0);
+
+ if(i <= 0)
+ {
+ BIO_printf(bio_err, "Response Verify Failure\n", i);
+ ERR_print_errors(bio_err);
+ }
+ else
+ BIO_printf(bio_err, "Response verify OK\n");
+
+ }
+
+ if (!print_ocsp_summary(out, bs, req, reqnames, ids, nsec, maxage))
+ goto end;
+
+ ret = 0;
+
+end:
+ ERR_print_errors(bio_err);
+ X509_free(signer);
+ X509_STORE_free(store);
+ EVP_PKEY_free(key);
+ EVP_PKEY_free(rkey);
+ X509_free(issuer);
+ X509_free(cert);
+ X509_free(rsigner);
+ X509_free(rca_cert);
+ TXT_DB_free(rdb);
+ BIO_free_all(cbio);
+ BIO_free_all(acbio);
+ BIO_free(out);
+ OCSP_REQUEST_free(req);
+ OCSP_RESPONSE_free(resp);
+ OCSP_BASICRESP_free(bs);
+ sk_free(reqnames);
+ sk_OCSP_CERTID_free(ids);
+ sk_X509_pop_free(sign_other, X509_free);
+ sk_X509_pop_free(verify_other, X509_free);
+
+ if (use_ssl != -1)
+ {
+ OPENSSL_free(host);
+ OPENSSL_free(port);
+ OPENSSL_free(path);
+ SSL_CTX_free(ctx);
+ }
+
+ OPENSSL_EXIT(ret);
+}
+
+static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer,
+ STACK_OF(OCSP_CERTID) *ids)
+ {
+ OCSP_CERTID *id;
+ if(!issuer)
+ {
+ BIO_printf(bio_err, "No issuer certificate specified\n");
+ return 0;
+ }
+ if(!*req) *req = OCSP_REQUEST_new();
+ if(!*req) goto err;
+ id = OCSP_cert_to_id(NULL, cert, issuer);
+ if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err;
+ if(!OCSP_request_add0_id(*req, id)) goto err;
+ return 1;
+
+ err:
+ BIO_printf(bio_err, "Error Creating OCSP request\n");
+ return 0;
+ }
+
+static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer,
+ STACK_OF(OCSP_CERTID) *ids)
+ {
+ OCSP_CERTID *id;
+ X509_NAME *iname;
+ ASN1_BIT_STRING *ikey;
+ ASN1_INTEGER *sno;
+ if(!issuer)
+ {
+ BIO_printf(bio_err, "No issuer certificate specified\n");
+ return 0;
+ }
+ if(!*req) *req = OCSP_REQUEST_new();
+ if(!*req) goto err;
+ iname = X509_get_subject_name(issuer);
+ ikey = X509_get0_pubkey_bitstr(issuer);
+ sno = s2i_ASN1_INTEGER(NULL, serial);
+ if(!sno)
+ {
+ BIO_printf(bio_err, "Error converting serial number %s\n", serial);
+ return 0;
+ }
+ id = OCSP_cert_id_new(EVP_sha1(), iname, ikey, sno);
+ ASN1_INTEGER_free(sno);
+ if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err;
+ if(!OCSP_request_add0_id(*req, id)) goto err;
+ return 1;
+
+ err:
+ BIO_printf(bio_err, "Error Creating OCSP request\n");
+ return 0;
+ }
+
+static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
+ STACK *names, STACK_OF(OCSP_CERTID) *ids,
+ long nsec, long maxage)
+ {
+ OCSP_CERTID *id;
+ char *name;
+ int i;
+
+ int status, reason;
+
+ ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
+
+ if (!bs || !req || !sk_num(names) || !sk_OCSP_CERTID_num(ids))
+ return 1;
+
+ for (i = 0; i < sk_OCSP_CERTID_num(ids); i++)
+ {
+ id = sk_OCSP_CERTID_value(ids, i);
+ name = sk_value(names, i);
+ BIO_printf(out, "%s: ", name);
+
+ if(!OCSP_resp_find_status(bs, id, &status, &reason,
+ &rev, &thisupd, &nextupd))
+ {
+ BIO_puts(out, "ERROR: No Status found.\n");
+ continue;
+ }
+
+ /* Check validity: if invalid write to output BIO so we
+ * know which response this refers to.
+ */
+ if (!OCSP_check_validity(thisupd, nextupd, nsec, maxage))
+ {
+ BIO_puts(out, "WARNING: Status times invalid.\n");
+ ERR_print_errors(out);
+ }
+ BIO_printf(out, "%s\n", OCSP_cert_status_str(status));
+
+ BIO_puts(out, "\tThis Update: ");
+ ASN1_GENERALIZEDTIME_print(out, thisupd);
+ BIO_puts(out, "\n");
+
+ if(nextupd)
+ {
+ BIO_puts(out, "\tNext Update: ");
+ ASN1_GENERALIZEDTIME_print(out, nextupd);
+ BIO_puts(out, "\n");
+ }
+
+ if (status != V_OCSP_CERTSTATUS_REVOKED)
+ continue;
+
+ if (reason != -1)
+ BIO_printf(out, "\tReason: %s\n",
+ OCSP_crl_reason_str(reason));
+
+ BIO_puts(out, "\tRevocation Time: ");
+ ASN1_GENERALIZEDTIME_print(out, rev);
+ BIO_puts(out, "\n");
+ }
+
+ return 1;
+ }
+
+
+static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, TXT_DB *db,
+ X509 *ca, X509 *rcert, EVP_PKEY *rkey,
+ STACK_OF(X509) *rother, unsigned long flags,
+ int nmin, int ndays)
+ {
+ ASN1_TIME *thisupd = NULL, *nextupd = NULL;
+ OCSP_CERTID *cid, *ca_id = NULL;
+ OCSP_BASICRESP *bs = NULL;
+ int i, id_count, ret = 1;
+
+
+ id_count = OCSP_request_onereq_count(req);
+
+ if (id_count <= 0)
+ {
+ *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL);
+ goto end;
+ }
+
+ ca_id = OCSP_cert_to_id(EVP_sha1(), NULL, ca);
+
+ bs = OCSP_BASICRESP_new();
+ thisupd = X509_gmtime_adj(NULL, 0);
+ if (ndays != -1)
+ nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24 );
+
+ /* Examine each certificate id in the request */
+ for (i = 0; i < id_count; i++)
+ {
+ OCSP_ONEREQ *one;
+ ASN1_INTEGER *serial;
+ char **inf;
+ one = OCSP_request_onereq_get0(req, i);
+ cid = OCSP_onereq_get0_id(one);
+ /* Is this request about our CA? */
+ if (OCSP_id_issuer_cmp(ca_id, cid))
+ {
+ OCSP_basic_add1_status(bs, cid,
+ V_OCSP_CERTSTATUS_UNKNOWN,
+ 0, NULL,
+ thisupd, nextupd);
+ continue;
+ }
+ OCSP_id_get0_info(NULL, NULL, NULL, &serial, cid);
+ inf = lookup_serial(db, serial);
+ if (!inf)
+ OCSP_basic_add1_status(bs, cid,
+ V_OCSP_CERTSTATUS_UNKNOWN,
+ 0, NULL,
+ thisupd, nextupd);
+ else if (inf[DB_type][0] == DB_TYPE_VAL)
+ OCSP_basic_add1_status(bs, cid,
+ V_OCSP_CERTSTATUS_GOOD,
+ 0, NULL,
+ thisupd, nextupd);
+ else if (inf[DB_type][0] == DB_TYPE_REV)
+ {
+ ASN1_OBJECT *inst = NULL;
+ ASN1_TIME *revtm = NULL;
+ ASN1_GENERALIZEDTIME *invtm = NULL;
+ OCSP_SINGLERESP *single;
+ int reason = -1;
+ unpack_revinfo(&revtm, &reason, &inst, &invtm, inf[DB_rev_date]);
+ single = OCSP_basic_add1_status(bs, cid,
+ V_OCSP_CERTSTATUS_REVOKED,
+ reason, revtm,
+ thisupd, nextupd);
+ if (invtm)
+ OCSP_SINGLERESP_add1_ext_i2d(single, NID_invalidity_date, invtm, 0, 0);
+ else if (inst)
+ OCSP_SINGLERESP_add1_ext_i2d(single, NID_hold_instruction_code, inst, 0, 0);
+ ASN1_OBJECT_free(inst);
+ ASN1_TIME_free(revtm);
+ ASN1_GENERALIZEDTIME_free(invtm);
+ }
+ }
+
+ OCSP_copy_nonce(bs, req);
+
+ OCSP_basic_sign(bs, rcert, rkey, EVP_sha1(), rother, flags);
+
+ *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs);
+
+ end:
+ ASN1_TIME_free(thisupd);
+ ASN1_TIME_free(nextupd);
+ OCSP_CERTID_free(ca_id);
+ OCSP_BASICRESP_free(bs);
+ return ret;
+
+ }
+
+static char **lookup_serial(TXT_DB *db, ASN1_INTEGER *ser)
+ {
+ int i;
+ BIGNUM *bn = NULL;
+ char *itmp, *row[DB_NUMBER],**rrow;
+ for (i = 0; i < DB_NUMBER; i++) row[i] = NULL;
+ bn = ASN1_INTEGER_to_BN(ser,NULL);
+ if (BN_is_zero(bn))
+ itmp = BUF_strdup("00");
+ else
+ itmp = BN_bn2hex(bn);
+ row[DB_serial] = itmp;
+ BN_free(bn);
+ rrow=TXT_DB_get_by_index(db,DB_serial,row);
+ OPENSSL_free(itmp);
+ return rrow;
+ }
+
+/* Quick and dirty OCSP server: read in and parse input request */
+
+static BIO *init_responder(char *port)
+ {
+ BIO *acbio = NULL, *bufbio = NULL;
+ bufbio = BIO_new(BIO_f_buffer());
+ if (!bufbio)
+ goto err;
+ acbio = BIO_new_accept(port);
+ if (!acbio)
+ goto err;
+ BIO_set_accept_bios(acbio, bufbio);
+ bufbio = NULL;
+
+ if (BIO_do_accept(acbio) <= 0)
+ {
+ BIO_printf(bio_err, "Error setting up accept BIO\n");
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ return acbio;
+
+ err:
+ BIO_free_all(acbio);
+ BIO_free(bufbio);
+ return NULL;
+ }
+
+static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port)
+ {
+ int have_post = 0, len;
+ OCSP_REQUEST *req = NULL;
+ char inbuf[1024];
+ BIO *cbio = NULL;
+
+ if (BIO_do_accept(acbio) <= 0)
+ {
+ BIO_printf(bio_err, "Error accepting connection\n");
+ ERR_print_errors(bio_err);
+ return 0;
+ }
+
+ cbio = BIO_pop(acbio);
+ *pcbio = cbio;
+
+ for(;;)
+ {
+ len = BIO_gets(cbio, inbuf, sizeof inbuf);
+ if (len <= 0)
+ return 1;
+ /* Look for "POST" signalling start of query */
+ if (!have_post)
+ {
+ if(strncmp(inbuf, "POST", 4))
+ {
+ BIO_printf(bio_err, "Invalid request\n");
+ return 1;
+ }
+ have_post = 1;
+ }
+ /* Look for end of headers */
+ if ((inbuf[0] == '\r') || (inbuf[0] == '\n'))
+ break;
+ }
+
+ /* Try to read OCSP request */
+
+ req = d2i_OCSP_REQUEST_bio(cbio, NULL);
+
+ if (!req)
+ {
+ BIO_printf(bio_err, "Error parsing OCSP request\n");
+ ERR_print_errors(bio_err);
+ }
+
+ *preq = req;
+
+ return 1;
+
+ }
+
+static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
+ {
+ char http_resp[] =
+ "HTTP/1.0 200 OK\r\nContent-type: application/ocsp-response\r\n"
+ "Content-Length: %d\r\n\r\n";
+ if (!cbio)
+ return 0;
+ BIO_printf(cbio, http_resp, i2d_OCSP_RESPONSE(resp, NULL));
+ i2d_OCSP_RESPONSE_bio(cbio, resp);
+ BIO_flush(cbio);
+ return 1;
+ }
+
diff --git a/crypto/openssl/apps/openssl.c b/crypto/openssl/apps/openssl.c
index 24450dd..4789647 100644
--- a/crypto/openssl/apps/openssl.c
+++ b/crypto/openssl/apps/openssl.c
@@ -55,11 +55,66 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#define OPENSSL_C /* tells apps.h to use complete apps_startup() */
+#include "apps.h"
#include <openssl/bio.h>
#include <openssl/crypto.h>
#include <openssl/lhash.h>
@@ -67,31 +122,104 @@
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
+#include <openssl/engine.h>
#define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
-#include "apps.h"
#include "progs.h"
#include "s_apps.h"
#include <openssl/err.h>
-static unsigned long MS_CALLBACK hash(FUNCTION *a);
-static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
+/* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the
+ * base prototypes (we cast each variable inside the function to the required
+ * type of "FUNCTION*"). This removes the necessity for macro-generated wrapper
+ * functions. */
+
+/* static unsigned long MS_CALLBACK hash(FUNCTION *a); */
+static unsigned long MS_CALLBACK hash(const void *a_void);
+/* static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b); */
+static int MS_CALLBACK cmp(const void *a_void,const void *b_void);
static LHASH *prog_init(void );
static int do_cmd(LHASH *prog,int argc,char *argv[]);
-LHASH *config=NULL;
char *default_config_file=NULL;
/* Make sure there is only one when MONOLITH is defined */
#ifdef MONOLITH
+CONF *config=NULL;
BIO *bio_err=NULL;
#endif
+
+static void lock_dbg_cb(int mode, int type, const char *file, int line)
+ {
+ static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
+ const char *errstr = NULL;
+ int rw;
+
+ rw = mode & (CRYPTO_READ|CRYPTO_WRITE);
+ if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE)))
+ {
+ errstr = "invalid mode";
+ goto err;
+ }
+
+ if (type < 0 || type > CRYPTO_NUM_LOCKS)
+ {
+ errstr = "type out of bounds";
+ goto err;
+ }
+
+ if (mode & CRYPTO_LOCK)
+ {
+ if (modes[type])
+ {
+ errstr = "already locked";
+ /* must not happen in a single-threaded program
+ * (would deadlock) */
+ goto err;
+ }
+
+ modes[type] = rw;
+ }
+ else if (mode & CRYPTO_UNLOCK)
+ {
+ if (!modes[type])
+ {
+ errstr = "not locked";
+ goto err;
+ }
+
+ if (modes[type] != rw)
+ {
+ errstr = (rw == CRYPTO_READ) ?
+ "CRYPTO_r_unlock on write lock" :
+ "CRYPTO_w_unlock on read lock";
+ }
+
+ modes[type] = 0;
+ }
+ else
+ {
+ errstr = "invalid mode";
+ goto err;
+ }
+
+ err:
+ if (errstr)
+ {
+ /* we cannot use bio_err here */
+ fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
+ errstr, mode, type, file, line);
+ }
+ }
+
+
int main(int Argc, char *Argv[])
{
ARGS arg;
#define PROG_NAME_SIZE 39
char pname[PROG_NAME_SIZE+1];
FUNCTION f,*fp;
- MS_STATIC char *prompt,buf[1024],config_name[256];
+ MS_STATIC char *prompt,buf[1024];
+ char *to_free=NULL;
int n,i,ret=0;
int argc;
char **argv,*p;
@@ -101,41 +229,56 @@ int main(int Argc, char *Argv[])
arg.data=NULL;
arg.count=0;
- if (getenv("OPENSSL_DEBUG_MEMORY") != NULL)
- CRYPTO_malloc_debug_init();
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
- apps_startup();
-
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
- ERR_load_crypto_strings();
+ if (getenv("OPENSSL_DEBUG_MEMORY") != NULL) /* if not defined, use compiled-in library defaults */
+ {
+ if (!(0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))
+ {
+ CRYPTO_malloc_debug_init();
+ CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+ }
+ else
+ {
+ /* OPENSSL_DEBUG_MEMORY=off */
+ CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
+ }
+ }
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+#if 0
+ if (getenv("OPENSSL_DEBUG_LOCKING") != NULL)
+#endif
+ {
+ CRYPTO_set_locking_callback(lock_dbg_cb);
+ }
+
+ apps_startup();
/* Lets load up our environment a little */
p=getenv("OPENSSL_CONF");
if (p == NULL)
p=getenv("SSLEAY_CONF");
if (p == NULL)
- {
- strcpy(config_name,X509_get_default_cert_area());
-#ifndef VMS
- strcat(config_name,"/");
-#endif
- strcat(config_name,OPENSSL_CONF);
- p=config_name;
- }
+ p=to_free=make_config_name();
default_config_file=p;
- config=CONF_load(config,p,&errline);
- if (config == NULL) ERR_clear_error();
+ config=NCONF_new(NULL);
+ i=NCONF_load(config,p,&errline);
+ if (i == 0)
+ {
+ NCONF_free(config);
+ config = NULL;
+ ERR_clear_error();
+ }
prog=prog_init();
/* first check the program name */
- program_name(Argv[0],pname,PROG_NAME_SIZE);
+ program_name(Argv[0],pname,sizeof pname);
f.name=pname;
fp=(FUNCTION *)lh_retrieve(prog,&f);
@@ -163,7 +306,7 @@ int main(int Argc, char *Argv[])
{
ret=0;
p=buf;
- n=1024;
+ n=sizeof buf;
i=0;
for (;;)
{
@@ -197,25 +340,25 @@ int main(int Argc, char *Argv[])
BIO_printf(bio_err,"bad exit\n");
ret=1;
end:
+ if (to_free)
+ OPENSSL_free(to_free);
if (config != NULL)
{
- CONF_free(config);
+ NCONF_free(config);
config=NULL;
}
if (prog != NULL) lh_free(prog);
if (arg.data != NULL) OPENSSL_free(arg.data);
- ERR_remove_state(0);
- EVP_cleanup();
- ERR_free_strings();
-
+ apps_shutdown();
+
CRYPTO_mem_leaks(bio_err);
if (bio_err != NULL)
{
BIO_free(bio_err);
bio_err=NULL;
}
- EXIT(ret);
+ OPENSSL_EXIT(ret);
}
#define LIST_STANDARD_COMMANDS "list-standard-commands"
@@ -238,7 +381,7 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
else if ((strncmp(argv[0],"no-",3)) == 0)
{
BIO *bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
bio_stdout = BIO_push(tmpbio, bio_stdout);
@@ -275,7 +418,7 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */
list_type = FUNC_TYPE_CIPHER;
bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
bio_stdout = BIO_push(tmpbio, bio_stdout);
@@ -350,19 +493,23 @@ static LHASH *prog_init(void)
;
qsort(functions,i,sizeof *functions,SortFnByName);
- if ((ret=lh_new(hash,cmp)) == NULL) return(NULL);
+ if ((ret=lh_new(hash, cmp)) == NULL)
+ return(NULL);
for (f=functions; f->name != NULL; f++)
lh_insert(ret,f);
return(ret);
}
-static int MS_CALLBACK cmp(FUNCTION *a, FUNCTION *b)
+/* static int MS_CALLBACK cmp(FUNCTION *a, FUNCTION *b) */
+static int MS_CALLBACK cmp(const void *a_void, const void *b_void)
{
- return(strncmp(a->name,b->name,8));
+ return(strncmp(((FUNCTION *)a_void)->name,
+ ((FUNCTION *)b_void)->name,8));
}
-static unsigned long MS_CALLBACK hash(FUNCTION *a)
+/* static unsigned long MS_CALLBACK hash(FUNCTION *a) */
+static unsigned long MS_CALLBACK hash(const void *a_void)
{
- return(lh_strhash(a->name));
+ return(lh_strhash(((FUNCTION *)a_void)->name));
}
diff --git a/crypto/openssl/apps/openssl.cnf b/crypto/openssl/apps/openssl.cnf
index dbe8cbe..eca51c3 100644
--- a/crypto/openssl/apps/openssl.cnf
+++ b/crypto/openssl/apps/openssl.cnf
@@ -48,6 +48,14 @@ RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
@@ -132,7 +140,7 @@ commonName = Common Name (eg, YOUR name)
commonName_max = 64
emailAddress = Email Address
-emailAddress_max = 40
+emailAddress_max = 64
# SET-ex3 = SET extension number 3
@@ -180,6 +188,9 @@ authorityKeyIdentifier=keyid,issuer:always
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
# Copy subject details
# issuerAltName=issuer:copy
diff --git a/crypto/openssl/apps/passwd.c b/crypto/openssl/apps/passwd.c
index ea2b089..3ad91d8 100644
--- a/crypto/openssl/apps/passwd.c
+++ b/crypto/openssl/apps/passwd.c
@@ -1,10 +1,10 @@
/* apps/passwd.c */
-#if defined NO_MD5 || defined CHARSET_EBCDIC
+#if defined OPENSSL_NO_MD5 || defined CHARSET_EBCDIC
# define NO_MD5CRYPT_1
#endif
-#if !defined(NO_DES) || !defined(NO_MD5CRYPT_1)
+#if !defined(OPENSSL_NO_DES) || !defined(NO_MD5CRYPT_1)
#include <assert.h>
#include <string.h>
@@ -15,8 +15,7 @@
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
-
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
# include <openssl/des.h>
#endif
#ifndef NO_MD5CRYPT_1
@@ -50,6 +49,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
* -salt string - salt
* -in file - read passwords from file
* -stdin - read passwords from stdin
+ * -noverify - never verify when reading password from terminal
* -quiet - no warnings
* -table - format output as table
* -reverse - switch table columns
@@ -62,6 +62,7 @@ int MAIN(int argc, char **argv)
int ret = 1;
char *infile = NULL;
int in_stdin = 0;
+ int in_noverify = 0;
char *salt = NULL, *passwd = NULL, **passwds = NULL;
char *salt_malloc = NULL, *passwd_malloc = NULL;
size_t passwd_malloc_size = 0;
@@ -77,11 +78,14 @@ int MAIN(int argc, char **argv)
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto err;
out = BIO_new(BIO_s_file());
if (out == NULL)
goto err;
BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
@@ -128,6 +132,8 @@ int MAIN(int argc, char **argv)
else
badopt = 1;
}
+ else if (strcmp(argv[i], "-noverify") == 0)
+ in_noverify = 1;
else if (strcmp(argv[i], "-quiet") == 0)
quiet = 1;
else if (strcmp(argv[i], "-table") == 0)
@@ -153,7 +159,7 @@ int MAIN(int argc, char **argv)
badopt = 1;
/* reject unsupported algorithms */
-#ifdef NO_DES
+#ifdef OPENSSL_NO_DES
if (usecrypt) badopt = 1;
#endif
#ifdef NO_MD5CRYPT_1
@@ -164,7 +170,7 @@ int MAIN(int argc, char **argv)
{
BIO_printf(bio_err, "Usage: passwd [options] [passwords]\n");
BIO_printf(bio_err, "where options are\n");
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
BIO_printf(bio_err, "-crypt standard Unix password algorithm (default)\n");
#endif
#ifndef NO_MD5CRYPT_1
@@ -174,6 +180,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "-salt string use provided salt\n");
BIO_printf(bio_err, "-in file read passwords from file\n");
BIO_printf(bio_err, "-stdin read passwords from stdin\n");
+ BIO_printf(bio_err, "-noverify never verify when reading password from terminal\n");
BIO_printf(bio_err, "-quiet no warnings\n");
BIO_printf(bio_err, "-table format output as table\n");
BIO_printf(bio_err, "-reverse switch table columns\n");
@@ -222,7 +229,7 @@ int MAIN(int argc, char **argv)
passwds = passwds_static;
if (in == NULL)
- if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", 0) != 0)
+ if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", !(passed_salt || in_noverify)) != 0)
goto err;
passwds[0] = passwd_malloc;
}
@@ -284,7 +291,8 @@ err:
BIO_free(in);
if (out)
BIO_free_all(out);
- EXIT(ret);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
}
@@ -305,7 +313,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
unsigned char buf[MD5_DIGEST_LENGTH];
char *salt_out;
int n, i;
- MD5_CTX md;
+ EVP_MD_CTX md,md2;
size_t passwd_len, salt_len;
passwd_len = strlen(passwd);
@@ -320,49 +328,47 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
salt_len = strlen(salt_out);
assert(salt_len <= 8);
- MD5_Init(&md);
- MD5_Update(&md, passwd, passwd_len);
- MD5_Update(&md, "$", 1);
- MD5_Update(&md, magic, strlen(magic));
- MD5_Update(&md, "$", 1);
- MD5_Update(&md, salt_out, salt_len);
+ EVP_MD_CTX_init(&md);
+ EVP_DigestInit_ex(&md,EVP_md5(), NULL);
+ EVP_DigestUpdate(&md, passwd, passwd_len);
+ EVP_DigestUpdate(&md, "$", 1);
+ EVP_DigestUpdate(&md, magic, strlen(magic));
+ EVP_DigestUpdate(&md, "$", 1);
+ EVP_DigestUpdate(&md, salt_out, salt_len);
- {
- MD5_CTX md2;
+ EVP_MD_CTX_init(&md2);
+ EVP_DigestInit_ex(&md2,EVP_md5(), NULL);
+ EVP_DigestUpdate(&md2, passwd, passwd_len);
+ EVP_DigestUpdate(&md2, salt_out, salt_len);
+ EVP_DigestUpdate(&md2, passwd, passwd_len);
+ EVP_DigestFinal_ex(&md2, buf, NULL);
- MD5_Init(&md2);
- MD5_Update(&md2, passwd, passwd_len);
- MD5_Update(&md2, salt_out, salt_len);
- MD5_Update(&md2, passwd, passwd_len);
- MD5_Final(buf, &md2);
- }
for (i = passwd_len; i > sizeof buf; i -= sizeof buf)
- MD5_Update(&md, buf, sizeof buf);
- MD5_Update(&md, buf, i);
+ EVP_DigestUpdate(&md, buf, sizeof buf);
+ EVP_DigestUpdate(&md, buf, i);
n = passwd_len;
while (n)
{
- MD5_Update(&md, (n & 1) ? "\0" : passwd, 1);
+ EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1);
n >>= 1;
}
- MD5_Final(buf, &md);
+ EVP_DigestFinal_ex(&md, buf, NULL);
for (i = 0; i < 1000; i++)
{
- MD5_CTX md2;
-
- MD5_Init(&md2);
- MD5_Update(&md2, (i & 1) ? (unsigned char *) passwd : buf,
- (i & 1) ? passwd_len : sizeof buf);
+ EVP_DigestInit_ex(&md2,EVP_md5(), NULL);
+ EVP_DigestUpdate(&md2, (i & 1) ? (unsigned char *) passwd : buf,
+ (i & 1) ? passwd_len : sizeof buf);
if (i % 3)
- MD5_Update(&md2, salt_out, salt_len);
+ EVP_DigestUpdate(&md2, salt_out, salt_len);
if (i % 7)
- MD5_Update(&md2, passwd, passwd_len);
- MD5_Update(&md2, (i & 1) ? buf : (unsigned char *) passwd,
- (i & 1) ? sizeof buf : passwd_len);
- MD5_Final(buf, &md2);
+ EVP_DigestUpdate(&md2, passwd, passwd_len);
+ EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned char *) passwd,
+ (i & 1) ? sizeof buf : passwd_len);
+ EVP_DigestFinal_ex(&md2, buf, NULL);
}
+ EVP_MD_CTX_cleanup(&md2);
{
/* transform buf into output string */
@@ -400,6 +406,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
*output = 0;
assert(strlen(out_buf) < sizeof(out_buf));
}
+ EVP_MD_CTX_cleanup(&md);
return out_buf;
}
@@ -418,7 +425,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
/* first make sure we have a salt */
if (!passed_salt)
{
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
if (usecrypt)
{
if (*salt_malloc_p == NULL)
@@ -437,7 +444,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
* back to ASCII */
#endif
}
-#endif /* !NO_DES */
+#endif /* !OPENSSL_NO_DES */
#ifndef NO_MD5CRYPT_1
if (use1 || useapr1)
@@ -472,9 +479,9 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
assert(strlen(passwd) <= pw_maxlen);
/* now compute password hash */
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
if (usecrypt)
- hash = des_crypt(passwd, *salt_p);
+ hash = DES_crypt(passwd, *salt_p);
#endif
#ifndef NO_MD5CRYPT_1
if (use1 || useapr1)
@@ -498,6 +505,6 @@ err:
int MAIN(int argc, char **argv)
{
fputs("Program not available.\n", stderr)
- EXIT(1);
+ OPENSSL_EXIT(1);
}
#endif
diff --git a/crypto/openssl/apps/pkcs12.c b/crypto/openssl/apps/pkcs12.c
index aeba62e..8d1babe 100644
--- a/crypto/openssl/apps/pkcs12.c
+++ b/crypto/openssl/apps/pkcs12.c
@@ -1,5 +1,5 @@
/* pkcs12.c */
-#if !defined(NO_DES) && !defined(NO_SHA1)
+#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
* project 1999.
@@ -69,7 +69,7 @@
#define PROG pkcs12_main
-EVP_CIPHER *enc;
+const EVP_CIPHER *enc;
#define NOKEYS 0x1
@@ -92,11 +92,13 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
char *infile=NULL, *outfile=NULL, *keyname = NULL;
char *certfile=NULL;
- BIO *in=NULL, *out = NULL, *inkey = NULL, *certsin = NULL;
+ BIO *in=NULL, *out = NULL;
char **args;
char *name = NULL;
+ char *csp_name = NULL;
PKCS12 *p12 = NULL;
char pass[50], macpass[50];
int export_cert = 0;
@@ -118,12 +120,16 @@ int MAIN(int argc, char **argv)
char *passin = NULL, *passout = NULL;
char *inrand = NULL;
char *CApath = NULL, *CAfile = NULL;
+ char *engine=NULL;
apps_startup();
enc = EVP_des_ede3_cbc();
if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
+ if (!load_config(bio_err, NULL))
+ goto end;
+
args = argv + 1;
@@ -144,10 +150,15 @@ int MAIN(int argc, char **argv)
cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
else if (!strcmp (*args, "-export")) export_cert = 1;
else if (!strcmp (*args, "-des")) enc=EVP_des_cbc();
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc();
#endif
else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc();
+#ifndef OPENSSL_NO_AES
+ else if (!strcmp(*args,"-aes128")) enc=EVP_aes_128_cbc();
+ else if (!strcmp(*args,"-aes192")) enc=EVP_aes_192_cbc();
+ else if (!strcmp(*args,"-aes256")) enc=EVP_aes_256_cbc();
+#endif
else if (!strcmp (*args, "-noiter")) iter = 1;
else if (!strcmp (*args, "-maciter"))
maciter = PKCS12_DEFAULT_ITER;
@@ -194,6 +205,11 @@ int MAIN(int argc, char **argv)
args++;
name = *args;
} else badarg = 1;
+ } else if (!strcmp (*args, "-CSP")) {
+ if (args[1]) {
+ args++;
+ csp_name = *args;
+ } else badarg = 1;
} else if (!strcmp (*args, "-caname")) {
if (args[1]) {
args++;
@@ -236,6 +252,11 @@ int MAIN(int argc, char **argv)
args++;
CAfile = *args;
} else badarg = 1;
+ } else if (!strcmp(*args,"-engine")) {
+ if (args[1]) {
+ args++;
+ engine = *args;
+ } else badarg = 1;
} else badarg = 1;
} else badarg = 1;
@@ -264,9 +285,13 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-info give info about PKCS#12 structure.\n");
BIO_printf (bio_err, "-des encrypt private keys with DES\n");
BIO_printf (bio_err, "-des3 encrypt private keys with triple DES (default)\n");
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
BIO_printf (bio_err, "-idea encrypt private keys with idea\n");
#endif
+#ifndef OPENSSL_NO_AES
+ BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
+ BIO_printf (bio_err, " encrypt PEM output with cbc aes\n");
+#endif
BIO_printf (bio_err, "-nodes don't encrypt private keys\n");
BIO_printf (bio_err, "-noiter don't use encryption iteration\n");
BIO_printf (bio_err, "-maciter use MAC iteration\n");
@@ -279,12 +304,15 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-password p set import/export password source\n");
BIO_printf (bio_err, "-passin p input file pass phrase source\n");
BIO_printf (bio_err, "-passout p output file pass phrase source\n");
+ BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n");
goto end;
}
+ e = setup_engine(bio_err, engine, 0);
+
if(passarg) {
if(export_cert) passargout = passarg;
else passargin = passarg;
@@ -329,6 +357,7 @@ int MAIN(int argc, char **argv)
goto end;
}
+#if 0
if (certfile) {
if(!(certsin = BIO_new_file(certfile, "r"))) {
BIO_printf(bio_err, "Can't open certificate file %s\n", certfile);
@@ -344,6 +373,7 @@ int MAIN(int argc, char **argv)
goto end;
}
}
+#endif
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
@@ -352,7 +382,7 @@ int MAIN(int argc, char **argv)
if (!outfile) {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
@@ -369,7 +399,7 @@ int MAIN(int argc, char **argv)
#ifdef CRYPTO_MDEBUG
CRYPTO_push_info("read MAC password");
#endif
- if(EVP_read_pw_string (macpass, 50, "Enter MAC Password:", export_cert))
+ if(EVP_read_pw_string (macpass, sizeof macpass, "Enter MAC Password:", export_cert))
{
BIO_printf (bio_err, "Can't read Password\n");
goto end;
@@ -397,12 +427,9 @@ int MAIN(int argc, char **argv)
CRYPTO_push_info("process -export_cert");
CRYPTO_push_info("reading private key");
#endif
- key = PEM_read_bio_PrivateKey(inkey ? inkey : in, NULL, NULL, passin);
- if (!inkey) (void) BIO_reset(in);
- else BIO_free(inkey);
+ key = load_key(bio_err, keyname ? keyname : infile, FORMAT_PEM, 1,
+ passin, e, "private key");
if (!key) {
- BIO_printf (bio_err, "Error loading private key\n");
- ERR_print_errors(bio_err);
goto export_end;
}
@@ -411,12 +438,9 @@ int MAIN(int argc, char **argv)
CRYPTO_push_info("reading certs from input");
#endif
- certs = sk_X509_new_null();
-
/* Load in all certs in input file */
- if(!cert_load(in, certs)) {
- BIO_printf(bio_err, "Error loading certificates from input\n");
- ERR_print_errors(bio_err);
+ if(!(certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e,
+ "certificates"))) {
goto export_end;
}
@@ -446,13 +470,17 @@ int MAIN(int argc, char **argv)
bags = sk_PKCS12_SAFEBAG_new_null ();
/* Add any more certificates asked for */
- if (certsin) {
- if(!cert_load(certsin, certs)) {
- BIO_printf(bio_err, "Error loading certificates from certfile\n");
- ERR_print_errors(bio_err);
+ if (certfile) {
+ STACK_OF(X509) *morecerts=NULL;
+ if(!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM,
+ NULL, e,
+ "certificates from certfile"))) {
goto export_end;
}
- BIO_free(certsin);
+ while(sk_X509_num(morecerts) > 0) {
+ sk_X509_push(certs, sk_X509_shift(morecerts));
+ }
+ sk_X509_free(morecerts);
}
#ifdef CRYPTO_MDEBUG
@@ -480,9 +508,10 @@ int MAIN(int argc, char **argv)
/* Exclude verified certificate */
for (i = 1; i < sk_X509_num (chain2) ; i++)
sk_X509_push(certs, sk_X509_value (chain2, i));
- }
- sk_X509_free(chain2);
- if (vret) {
+ /* Free first certificate */
+ X509_free(sk_X509_value(chain2, 0));
+ sk_X509_free(chain2);
+ } else {
BIO_printf (bio_err, "Error %s getting chain.\n",
X509_verify_cert_error_string(vret));
goto export_end;
@@ -498,7 +527,7 @@ int MAIN(int argc, char **argv)
for(i = 0; i < sk_X509_num(certs); i++) {
X509 *cert = NULL;
cert = sk_X509_value(certs, i);
- bag = M_PKCS12_x5092certbag(cert);
+ bag = PKCS12_x5092certbag(cert);
/* If it matches private key set id */
if(cert == ucert) {
if(name) PKCS12_add_friendlyname(bag, name, -1);
@@ -509,8 +538,6 @@ int MAIN(int argc, char **argv)
}
sk_X509_pop_free(certs, X509_free);
certs = NULL;
- /* ucert is part of certs so it is already freed */
- ucert = NULL;
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
@@ -518,7 +545,7 @@ int MAIN(int argc, char **argv)
#endif
if(!noprompt &&
- EVP_read_pw_string(pass, 50, "Enter Export Password:", 1)) {
+ EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1)) {
BIO_printf (bio_err, "Can't read Password\n");
goto export_end;
}
@@ -549,6 +576,7 @@ int MAIN(int argc, char **argv)
PKCS8_PRIV_KEY_INFO_free(p8);
p8 = NULL;
if (name) PKCS12_add_friendlyname (bag, name, -1);
+ if(csp_name) PKCS12_add_CSPName_asc(bag, csp_name, -1);
PKCS12_add_localkeyid (bag, keyid, keyidlen);
bags = sk_PKCS12_SAFEBAG_new_null();
sk_PKCS12_SAFEBAG_push (bags, bag);
@@ -569,9 +597,9 @@ int MAIN(int argc, char **argv)
CRYPTO_push_info("building pkcs12");
#endif
- p12 = PKCS12_init (NID_pkcs7_data);
+ p12 = PKCS12_init(NID_pkcs7_data);
- M_PKCS12_pack_authsafes (p12, safes);
+ PKCS12_pack_authsafes(p12, safes);
sk_PKCS7_pop_free(safes, PKCS7_free);
safes = NULL;
@@ -598,7 +626,6 @@ int MAIN(int argc, char **argv)
if (certs) sk_X509_pop_free(certs, X509_free);
if (safes) sk_PKCS7_pop_free(safes, PKCS7_free);
if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
- if (ucert) X509_free(ucert);
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
@@ -615,7 +642,7 @@ int MAIN(int argc, char **argv)
#ifdef CRYPTO_MDEBUG
CRYPTO_push_info("read import password");
#endif
- if(!noprompt && EVP_read_pw_string(pass, 50, "Enter Import Password:", 0)) {
+ if(!noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", 0)) {
BIO_printf (bio_err, "Can't read Password\n");
goto end;
}
@@ -668,7 +695,8 @@ int MAIN(int argc, char **argv)
if (canames) sk_free(canames);
if(passin) OPENSSL_free(passin);
if(passout) OPENSSL_free(passout);
- EXIT(ret);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
}
int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
@@ -679,20 +707,20 @@ int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
int i, bagnid;
PKCS7 *p7;
- if (!( asafes = M_PKCS12_unpack_authsafes (p12))) return 0;
+ if (!( asafes = PKCS12_unpack_authsafes(p12))) return 0;
for (i = 0; i < sk_PKCS7_num (asafes); i++) {
p7 = sk_PKCS7_value (asafes, i);
bagnid = OBJ_obj2nid (p7->type);
if (bagnid == NID_pkcs7_data) {
- bags = M_PKCS12_unpack_p7data (p7);
+ bags = PKCS12_unpack_p7data(p7);
if (options & INFO) BIO_printf (bio_err, "PKCS7 Data\n");
} else if (bagnid == NID_pkcs7_encrypted) {
if (options & INFO) {
- BIO_printf (bio_err, "PKCS7 Encrypted data: ");
- alg_print (bio_err,
+ BIO_printf(bio_err, "PKCS7 Encrypted data: ");
+ alg_print(bio_err,
p7->d.encrypted->enc_data->algorithm);
}
- bags = M_PKCS12_unpack_p7encdata (p7, pass, passlen);
+ bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
} else continue;
if (!bags) return 0;
if (!dump_certs_pkeys_bags (out, bags, pass, passlen,
@@ -747,7 +775,7 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
}
if (options & NOKEYS) return 1;
print_attribs (out, bag->attrib, "Bag Attributes");
- if (!(p8 = M_PKCS12_decrypt_skey (bag, pass, passlen)))
+ if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
return 0;
if (!(pkey = EVP_PKCS82PKEY (p8))) {
PKCS8_PRIV_KEY_INFO_free(p8);
@@ -768,7 +796,7 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
print_attribs (out, bag->attrib, "Bag Attributes");
if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
return 1;
- if (!(x509 = M_PKCS12_certbag2x509(bag))) return 0;
+ if (!(x509 = PKCS12_certbag2x509(bag))) return 0;
dump_cert_text (out, x509);
PEM_write_bio_X509 (out, x509);
X509_free(x509);
@@ -800,6 +828,9 @@ int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
STACK_OF(X509) *chn;
int i;
+ /* FIXME: Should really check the return status of X509_STORE_CTX_init
+ * for an error, but how that fits into the return value of this
+ * function is less obvious. */
X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
if (X509_verify_cert(&store_ctx) <= 0) {
i = X509_STORE_CTX_get_error (&store_ctx);
diff --git a/crypto/openssl/apps/pkcs7.c b/crypto/openssl/apps/pkcs7.c
index a9fff11..738dd85 100644
--- a/crypto/openssl/apps/pkcs7.c
+++ b/crypto/openssl/apps/pkcs7.c
@@ -82,6 +82,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
PKCS7 *p7=NULL;
int i,badops=0;
BIO *in=NULL,*out=NULL;
@@ -89,6 +90,7 @@ int MAIN(int argc, char **argv)
char *infile,*outfile,*prog;
int print_certs=0,text=0,noout=0;
int ret=1;
+ char *engine=NULL;
apps_startup();
@@ -132,6 +134,11 @@ int MAIN(int argc, char **argv)
text=1;
else if (strcmp(*argv,"-print_certs") == 0)
print_certs=1;
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -154,11 +161,15 @@ bad:
BIO_printf(bio_err," -print_certs print any certs or crl in the input\n");
BIO_printf(bio_err," -text print full details of certificates\n");
BIO_printf(bio_err," -noout don't output encoded data\n");
- EXIT(1);
+ BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
+ ret = 1;
+ goto end;
}
ERR_load_crypto_strings();
+ e = setup_engine(bio_err, engine, 0);
+
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
@@ -198,7 +209,7 @@ bad:
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
@@ -289,5 +300,6 @@ end:
if (p7 != NULL) PKCS7_free(p7);
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
- EXIT(ret);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
}
diff --git a/crypto/openssl/apps/pkcs8.c b/crypto/openssl/apps/pkcs8.c
index 7b588e4..1debccb 100644
--- a/crypto/openssl/apps/pkcs8.c
+++ b/crypto/openssl/apps/pkcs8.c
@@ -63,13 +63,13 @@
#include <openssl/evp.h>
#include <openssl/pkcs12.h>
-#include "apps.h"
#define PROG pkcs8_main
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
char **args, *infile = NULL, *outfile = NULL;
char *passargin = NULL, *passargout = NULL;
BIO *in = NULL, *out = NULL;
@@ -82,12 +82,19 @@ int MAIN(int argc, char **argv)
int nocrypt = 0;
X509_SIG *p8;
PKCS8_PRIV_KEY_INFO *p8inf;
- EVP_PKEY *pkey;
+ EVP_PKEY *pkey=NULL;
char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
int badarg = 0;
+ char *engine=NULL;
+
if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
+
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
args = argv + 1;
@@ -138,6 +145,11 @@ int MAIN(int argc, char **argv)
if (!args[1]) goto bad;
passargout= *(++args);
}
+ else if (strcmp(*args,"-engine") == 0)
+ {
+ if (!args[1]) goto bad;
+ engine= *(++args);
+ }
else if (!strcmp (*args, "-in")) {
if (args[1]) {
args++;
@@ -170,9 +182,12 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "-nocrypt use or expect unencrypted private key\n");
BIO_printf(bio_err, "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n");
BIO_printf(bio_err, "-v1 obj use PKCS#5 v1.5 and cipher \"alg\"\n");
+ BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
return (1);
}
+ e = setup_engine(bio_err, engine, 0);
+
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
return (1);
@@ -196,28 +211,21 @@ int MAIN(int argc, char **argv)
}
} else {
out = BIO_new_fp (stdout, BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
- if (topk8) {
- if(informat == FORMAT_PEM)
- pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, passin);
- else if(informat == FORMAT_ASN1)
- pkey = d2i_PrivateKey_bio(in, NULL);
- else {
- BIO_printf(bio_err, "Bad format specified for key\n");
- return (1);
- }
+ if (topk8)
+ {
+ BIO_free(in); /* Not needed in this section */
+ pkey = load_key(bio_err, infile, informat, 1,
+ passin, e, "key");
if (!pkey) {
- BIO_printf(bio_err, "Error reading key\n", outfile);
- ERR_print_errors(bio_err);
return (1);
}
- BIO_free(in);
if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) {
BIO_printf(bio_err, "Error converting key\n", outfile);
ERR_print_errors(bio_err);
@@ -236,7 +244,8 @@ int MAIN(int argc, char **argv)
if(passout) p8pass = passout;
else {
p8pass = pass;
- EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1);
+ if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1))
+ return (1);
}
app_RAND_load_file(NULL, bio_err, 0);
if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
@@ -293,9 +302,9 @@ int MAIN(int argc, char **argv)
if(passin) p8pass = passin;
else {
p8pass = pass;
- EVP_read_pw_string(pass, 50, "Enter Password:", 0);
+ EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0);
}
- p8inf = M_PKCS8_decrypt(p8, p8pass, strlen(p8pass));
+ p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
X509_SIG_free(p8);
}
@@ -342,6 +351,7 @@ int MAIN(int argc, char **argv)
return (1);
}
+ end:
EVP_PKEY_free(pkey);
BIO_free_all(out);
BIO_free(in);
diff --git a/crypto/openssl/apps/progs.h b/crypto/openssl/apps/progs.h
index fbc65de..752385d 100644
--- a/crypto/openssl/apps/progs.h
+++ b/crypto/openssl/apps/progs.h
@@ -35,6 +35,8 @@ extern int pkcs8_main(int argc,char *argv[]);
extern int spkac_main(int argc,char *argv[]);
extern int smime_main(int argc,char *argv[]);
extern int rand_main(int argc,char *argv[]);
+extern int engine_main(int argc,char *argv[]);
+extern int ocsp_main(int argc,char *argv[]);
#define FUNC_TYPE_GENERAL 1
#define FUNC_TYPE_MD 2
@@ -51,205 +53,239 @@ FUNCTION functions[] = {
{FUNC_TYPE_GENERAL,"asn1parse",asn1parse_main},
{FUNC_TYPE_GENERAL,"req",req_main},
{FUNC_TYPE_GENERAL,"dgst",dgst_main},
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
{FUNC_TYPE_GENERAL,"dh",dh_main},
#endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
{FUNC_TYPE_GENERAL,"dhparam",dhparam_main},
#endif
{FUNC_TYPE_GENERAL,"enc",enc_main},
{FUNC_TYPE_GENERAL,"passwd",passwd_main},
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
{FUNC_TYPE_GENERAL,"gendh",gendh_main},
#endif
{FUNC_TYPE_GENERAL,"errstr",errstr_main},
{FUNC_TYPE_GENERAL,"ca",ca_main},
{FUNC_TYPE_GENERAL,"crl",crl_main},
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
{FUNC_TYPE_GENERAL,"rsa",rsa_main},
#endif
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
{FUNC_TYPE_GENERAL,"rsautl",rsautl_main},
#endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
{FUNC_TYPE_GENERAL,"dsa",dsa_main},
#endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
{FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main},
#endif
{FUNC_TYPE_GENERAL,"x509",x509_main},
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
{FUNC_TYPE_GENERAL,"genrsa",genrsa_main},
#endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
{FUNC_TYPE_GENERAL,"gendsa",gendsa_main},
#endif
-#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))
+#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
{FUNC_TYPE_GENERAL,"s_server",s_server_main},
#endif
-#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))
+#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
{FUNC_TYPE_GENERAL,"s_client",s_client_main},
#endif
{FUNC_TYPE_GENERAL,"speed",speed_main},
-#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))
+#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
{FUNC_TYPE_GENERAL,"s_time",s_time_main},
#endif
{FUNC_TYPE_GENERAL,"version",version_main},
{FUNC_TYPE_GENERAL,"pkcs7",pkcs7_main},
{FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main},
{FUNC_TYPE_GENERAL,"sess_id",sess_id_main},
-#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))
+#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
{FUNC_TYPE_GENERAL,"ciphers",ciphers_main},
#endif
{FUNC_TYPE_GENERAL,"nseq",nseq_main},
-#if !defined(NO_DES) && !defined(NO_SHA1)
+#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
{FUNC_TYPE_GENERAL,"pkcs12",pkcs12_main},
#endif
{FUNC_TYPE_GENERAL,"pkcs8",pkcs8_main},
{FUNC_TYPE_GENERAL,"spkac",spkac_main},
{FUNC_TYPE_GENERAL,"smime",smime_main},
{FUNC_TYPE_GENERAL,"rand",rand_main},
+ {FUNC_TYPE_GENERAL,"engine",engine_main},
+ {FUNC_TYPE_GENERAL,"ocsp",ocsp_main},
+#ifndef OPENSSL_NO_MD2
{FUNC_TYPE_MD,"md2",dgst_main},
+#endif
+#ifndef OPENSSL_NO_MD4
{FUNC_TYPE_MD,"md4",dgst_main},
+#endif
+#ifndef OPENSSL_NO_MD5
{FUNC_TYPE_MD,"md5",dgst_main},
+#endif
+#ifndef OPENSSL_NO_SHA
{FUNC_TYPE_MD,"sha",dgst_main},
+#endif
+#ifndef OPENSSL_NO_SHA1
{FUNC_TYPE_MD,"sha1",dgst_main},
+#endif
+#ifndef OPENSSL_NO_MDC2
{FUNC_TYPE_MD,"mdc2",dgst_main},
+#endif
+#ifndef OPENSSL_NO_RMD160
{FUNC_TYPE_MD,"rmd160",dgst_main},
+#endif
+#ifndef OPENSSL_NO_AES
+ {FUNC_TYPE_CIPHER,"aes-128-cbc",enc_main},
+#endif
+#ifndef OPENSSL_NO_AES
+ {FUNC_TYPE_CIPHER,"aes-128-ecb",enc_main},
+#endif
+#ifndef OPENSSL_NO_AES
+ {FUNC_TYPE_CIPHER,"aes-192-cbc",enc_main},
+#endif
+#ifndef OPENSSL_NO_AES
+ {FUNC_TYPE_CIPHER,"aes-192-ecb",enc_main},
+#endif
+#ifndef OPENSSL_NO_AES
+ {FUNC_TYPE_CIPHER,"aes-256-cbc",enc_main},
+#endif
+#ifndef OPENSSL_NO_AES
+ {FUNC_TYPE_CIPHER,"aes-256-ecb",enc_main},
+#endif
{FUNC_TYPE_CIPHER,"base64",enc_main},
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des",enc_main},
#endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des3",enc_main},
#endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"desx",enc_main},
#endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
{FUNC_TYPE_CIPHER,"idea",enc_main},
#endif
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
{FUNC_TYPE_CIPHER,"rc4",enc_main},
#endif
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
{FUNC_TYPE_CIPHER,"rc4-40",enc_main},
#endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
{FUNC_TYPE_CIPHER,"rc2",enc_main},
#endif
-#ifndef NO_BF
+#ifndef OPENSSL_NO_BF
{FUNC_TYPE_CIPHER,"bf",enc_main},
#endif
-#ifndef NO_CAST
+#ifndef OPENSSL_NO_CAST
{FUNC_TYPE_CIPHER,"cast",enc_main},
#endif
-#ifndef NO_RC5
+#ifndef OPENSSL_NO_RC5
{FUNC_TYPE_CIPHER,"rc5",enc_main},
#endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des-ecb",enc_main},
#endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des-ede",enc_main},
#endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des-ede3",enc_main},
#endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des-cbc",enc_main},
#endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des-ede-cbc",enc_main},
#endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des-ede3-cbc",enc_main},
#endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des-cfb",enc_main},
#endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des-ede-cfb",enc_main},
#endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des-ede3-cfb",enc_main},
#endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des-ofb",enc_main},
#endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des-ede-ofb",enc_main},
#endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des-ede3-ofb",enc_main},
#endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
{FUNC_TYPE_CIPHER,"idea-cbc",enc_main},
#endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
{FUNC_TYPE_CIPHER,"idea-ecb",enc_main},
#endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
{FUNC_TYPE_CIPHER,"idea-cfb",enc_main},
#endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
{FUNC_TYPE_CIPHER,"idea-ofb",enc_main},
#endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
{FUNC_TYPE_CIPHER,"rc2-cbc",enc_main},
#endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
{FUNC_TYPE_CIPHER,"rc2-ecb",enc_main},
#endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
{FUNC_TYPE_CIPHER,"rc2-cfb",enc_main},
#endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
{FUNC_TYPE_CIPHER,"rc2-ofb",enc_main},
#endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
{FUNC_TYPE_CIPHER,"rc2-64-cbc",enc_main},
#endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
{FUNC_TYPE_CIPHER,"rc2-40-cbc",enc_main},
#endif
-#ifndef NO_BF
+#ifndef OPENSSL_NO_BF
{FUNC_TYPE_CIPHER,"bf-cbc",enc_main},
#endif
-#ifndef NO_BF
+#ifndef OPENSSL_NO_BF
{FUNC_TYPE_CIPHER,"bf-ecb",enc_main},
#endif
-#ifndef NO_BF
+#ifndef OPENSSL_NO_BF
{FUNC_TYPE_CIPHER,"bf-cfb",enc_main},
#endif
-#ifndef NO_BF
+#ifndef OPENSSL_NO_BF
{FUNC_TYPE_CIPHER,"bf-ofb",enc_main},
#endif
-#ifndef NO_CAST
+#ifndef OPENSSL_NO_CAST
{FUNC_TYPE_CIPHER,"cast5-cbc",enc_main},
#endif
-#ifndef NO_CAST
+#ifndef OPENSSL_NO_CAST
{FUNC_TYPE_CIPHER,"cast5-ecb",enc_main},
#endif
-#ifndef NO_CAST
+#ifndef OPENSSL_NO_CAST
{FUNC_TYPE_CIPHER,"cast5-cfb",enc_main},
#endif
-#ifndef NO_CAST
+#ifndef OPENSSL_NO_CAST
{FUNC_TYPE_CIPHER,"cast5-ofb",enc_main},
#endif
-#ifndef NO_CAST
+#ifndef OPENSSL_NO_CAST
{FUNC_TYPE_CIPHER,"cast-cbc",enc_main},
#endif
-#ifndef NO_RC5
+#ifndef OPENSSL_NO_RC5
{FUNC_TYPE_CIPHER,"rc5-cbc",enc_main},
#endif
-#ifndef NO_RC5
+#ifndef OPENSSL_NO_RC5
{FUNC_TYPE_CIPHER,"rc5-ecb",enc_main},
#endif
-#ifndef NO_RC5
+#ifndef OPENSSL_NO_RC5
{FUNC_TYPE_CIPHER,"rc5-cfb",enc_main},
#endif
-#ifndef NO_RC5
+#ifndef OPENSSL_NO_RC5
{FUNC_TYPE_CIPHER,"rc5-ofb",enc_main},
#endif
{0,NULL,NULL}
diff --git a/crypto/openssl/apps/progs.pl b/crypto/openssl/apps/progs.pl
index 214025c..d6a40ed 100644
--- a/crypto/openssl/apps/progs.pl
+++ b/crypto/openssl/apps/progs.pl
@@ -28,15 +28,15 @@ foreach (@ARGV)
push(@files,$_);
$str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
- { print "#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))\n${str}#endif\n"; }
+ { print "#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))\n${str}#endif\n"; }
elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) || ($_ =~ /^rsautl$/))
- { print "#ifndef NO_RSA\n${str}#endif\n"; }
+ { print "#ifndef OPENSSL_NO_RSA\n${str}#endif\n"; }
elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/))
- { print "#ifndef NO_DSA\n${str}#endif\n"; }
+ { print "#ifndef OPENSSL_NO_DSA\n${str}#endif\n"; }
elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/) || ($_ =~ /^dhparam$/))
- { print "#ifndef NO_DH\n${str}#endif\n"; }
+ { print "#ifndef OPENSSL_NO_DH\n${str}#endif\n"; }
elsif ( ($_ =~ /^pkcs12$/))
- { print "#if !defined(NO_DES) && !defined(NO_SHA1)\n${str}#endif\n"; }
+ { print "#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)\n${str}#endif\n"; }
else
{ print $str; }
}
@@ -44,10 +44,13 @@ foreach (@ARGV)
foreach ("md2","md4","md5","sha","sha1","mdc2","rmd160")
{
push(@files,$_);
- printf "\t{FUNC_TYPE_MD,\"%s\",dgst_main},\n",$_;
+ printf "#ifndef OPENSSL_NO_".uc($_)."\n\t{FUNC_TYPE_MD,\"".$_."\",dgst_main},\n#endif\n";
}
foreach (
+ "aes-128-cbc", "aes-128-ecb",
+ "aes-192-cbc", "aes-192-ecb",
+ "aes-256-cbc", "aes-256-ecb",
"base64",
"des", "des3", "desx", "idea", "rc4", "rc4-40",
"rc2", "bf", "cast", "rc5",
@@ -64,13 +67,14 @@ foreach (
push(@files,$_);
$t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_);
- if ($_ =~ /des/) { $t="#ifndef NO_DES\n${t}#endif\n"; }
- elsif ($_ =~ /idea/) { $t="#ifndef NO_IDEA\n${t}#endif\n"; }
- elsif ($_ =~ /rc4/) { $t="#ifndef NO_RC4\n${t}#endif\n"; }
- elsif ($_ =~ /rc2/) { $t="#ifndef NO_RC2\n${t}#endif\n"; }
- elsif ($_ =~ /bf/) { $t="#ifndef NO_BF\n${t}#endif\n"; }
- elsif ($_ =~ /cast/) { $t="#ifndef NO_CAST\n${t}#endif\n"; }
- elsif ($_ =~ /rc5/) { $t="#ifndef NO_RC5\n${t}#endif\n"; }
+ if ($_ =~ /des/) { $t="#ifndef OPENSSL_NO_DES\n${t}#endif\n"; }
+ elsif ($_ =~ /aes/) { $t="#ifndef OPENSSL_NO_AES\n${t}#endif\n"; }
+ elsif ($_ =~ /idea/) { $t="#ifndef OPENSSL_NO_IDEA\n${t}#endif\n"; }
+ elsif ($_ =~ /rc4/) { $t="#ifndef OPENSSL_NO_RC4\n${t}#endif\n"; }
+ elsif ($_ =~ /rc2/) { $t="#ifndef OPENSSL_NO_RC2\n${t}#endif\n"; }
+ elsif ($_ =~ /bf/) { $t="#ifndef OPENSSL_NO_BF\n${t}#endif\n"; }
+ elsif ($_ =~ /cast/) { $t="#ifndef OPENSSL_NO_CAST\n${t}#endif\n"; }
+ elsif ($_ =~ /rc5/) { $t="#ifndef OPENSSL_NO_RC5\n${t}#endif\n"; }
print $t;
}
diff --git a/crypto/openssl/apps/rand.c b/crypto/openssl/apps/rand.c
index 04764d7..eaaa6e3 100644
--- a/crypto/openssl/apps/rand.c
+++ b/crypto/openssl/apps/rand.c
@@ -1,4 +1,57 @@
/* apps/rand.c */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
#include "apps.h"
@@ -23,6 +76,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
int i, r, ret = 1;
int badopt;
char *outfile = NULL;
@@ -30,6 +84,7 @@ int MAIN(int argc, char **argv)
int base64 = 0;
BIO *out = NULL;
int num = -1;
+ char *engine=NULL;
apps_startup();
@@ -37,6 +92,9 @@ int MAIN(int argc, char **argv)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
+ if (!load_config(bio_err, NULL))
+ goto err;
+
badopt = 0;
i = 0;
while (!badopt && argv[++i] != NULL)
@@ -48,6 +106,13 @@ int MAIN(int argc, char **argv)
else
badopt = 1;
}
+ else if (strcmp(argv[i], "-engine") == 0)
+ {
+ if ((argv[i+1] != NULL) && (engine == NULL))
+ engine = argv[++i];
+ else
+ badopt = 1;
+ }
else if (strcmp(argv[i], "-rand") == 0)
{
if ((argv[i+1] != NULL) && (inrand == NULL))
@@ -84,12 +149,15 @@ int MAIN(int argc, char **argv)
{
BIO_printf(bio_err, "Usage: rand [options] num\n");
BIO_printf(bio_err, "where options are\n");
- BIO_printf(bio_err, "-out file - write to file\n");
- BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
- BIO_printf(bio_err, "-base64 - encode output\n");
+ BIO_printf(bio_err, "-out file - write to file\n");
+ BIO_printf(bio_err, "-engine e - use engine e, possibly a hardware device.\n");
+ BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+ BIO_printf(bio_err, "-base64 - encode output\n");
goto err;
}
+ e = setup_engine(bio_err, engine, 0);
+
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
@@ -103,7 +171,7 @@ int MAIN(int argc, char **argv)
else
{
r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
@@ -144,5 +212,6 @@ err:
ERR_print_errors(bio_err);
if (out)
BIO_free_all(out);
- EXIT(ret);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
}
diff --git a/crypto/openssl/apps/req.c b/crypto/openssl/apps/req.c
index 11c4e5f..cffdcd1 100644
--- a/crypto/openssl/apps/req.c
+++ b/crypto/openssl/apps/req.c
@@ -60,7 +60,7 @@
#include <stdlib.h>
#include <time.h>
#include <string.h>
-#ifdef NO_STDIO
+#ifdef OPENSSL_NO_STDIO
#define APPS_WIN16
#endif
#include "apps.h"
@@ -73,6 +73,7 @@
#include <openssl/x509v3.h>
#include <openssl/objects.h>
#include <openssl/pem.h>
+#include "../crypto/cryptlib.h"
#define SECTION "req"
@@ -84,6 +85,7 @@
#define V3_EXTENSIONS "x509_extensions"
#define REQ_EXTENSIONS "req_extensions"
#define STRING_MASK "string_mask"
+#define UTF8_IN "utf8"
#define DEFAULT_KEY_LENGTH 512
#define MIN_KEY_LENGTH 384
@@ -101,36 +103,41 @@
* -nodes - no des encryption
* -config file - Load configuration file.
* -key file - make a request using key in file (or use it for verification).
- * -keyform - key file format.
+ * -keyform arg - key file format.
* -rand file(s) - load the file(s) into the PRNG.
* -newkey - make a key and a request.
* -modulus - print RSA modulus.
+ * -pubkey - output Public Key.
* -x509 - output a self signed X509 structure instead.
* -asn1-kludge - output new certificate request in a format that some CA's
* require. This format is wrong
*/
-static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,int attribs);
+static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,char *dn,int attribs,
+ unsigned long chtype);
+static int build_subject(X509_REQ *req, char *subj, unsigned long chtype);
static int prompt_info(X509_REQ *req,
STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
- STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs);
+ STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs,
+ unsigned long chtype);
static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk,
- STACK_OF(CONF_VALUE) *attr, int attribs);
+ STACK_OF(CONF_VALUE) *attr, int attribs,
+ unsigned long chtype);
static int add_attribute_object(X509_REQ *req, char *text,
- char *def, char *value, int nid, int min,
- int max);
+ char *def, char *value, int nid, int n_min,
+ int n_max, unsigned long chtype);
static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
- int nid,int min,int max);
-#ifndef NO_RSA
+ int nid,int n_min,int n_max, unsigned long chtype);
+#ifndef OPENSSL_NO_RSA
static void MS_CALLBACK req_cb(int p,int n,void *arg);
#endif
-static int req_check_len(int len,int min,int max);
+static int req_check_len(int len,int n_min,int n_max);
static int check_end(char *str, char *end);
#ifndef MONOLITH
static char *default_config_file=NULL;
-static LHASH *config=NULL;
#endif
-static LHASH *req_conf=NULL;
+static CONF *req_conf=NULL;
+static int batch=0;
#define TYPE_RSA 1
#define TYPE_DSA 2
@@ -140,33 +147,41 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
-#ifndef NO_DSA
+ ENGINE *e = NULL;
+#ifndef OPENSSL_NO_DSA
DSA *dsa_params=NULL;
#endif
+ unsigned long nmflag = 0, reqflag = 0;
int ex=1,x509=0,days=30;
X509 *x509ss=NULL;
X509_REQ *req=NULL;
EVP_PKEY *pkey=NULL;
- int i,badops=0,newreq=0,newkey= -1,pkey_type=0;
+ int i=0,badops=0,newreq=0,verbose=0,pkey_type=TYPE_RSA;
+ long newkey = -1;
BIO *in=NULL,*out=NULL;
int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
- int nodes=0,kludge=0,newhdr=0;
+ int nodes=0,kludge=0,newhdr=0,subject=0,pubkey=0;
char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
+ char *engine=NULL;
char *extensions = NULL;
char *req_exts = NULL;
- EVP_CIPHER *cipher=NULL;
+ const EVP_CIPHER *cipher=NULL;
+ ASN1_INTEGER *serial = NULL;
int modulus=0;
char *inrand=NULL;
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
char *p;
+ char *subj = NULL;
const EVP_MD *md_alg=NULL,*digest=EVP_md5();
+ unsigned long chtype = MBSTRING_ASC;
#ifndef MONOLITH
- MS_STATIC char config_name[256];
+ char *to_free;
+ long errline;
#endif
req_conf = NULL;
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
cipher=EVP_des_ede3_cbc();
#endif
apps_startup();
@@ -195,14 +210,22 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
else if (strcmp(*argv,"-key") == 0)
{
if (--argc < 1) goto bad;
keyfile= *(++argv);
}
+ else if (strcmp(*argv,"-pubkey") == 0)
+ {
+ pubkey=1;
+ }
else if (strcmp(*argv,"-new") == 0)
{
- pkey_type=TYPE_RSA;
newreq=1;
}
else if (strcmp(*argv,"-config") == 0)
@@ -260,7 +283,7 @@ int MAIN(int argc, char **argv)
newkey= atoi(p);
}
else
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
if (strncmp("dsa:",p,4) == 0)
{
X509 *xtmp=NULL;
@@ -300,7 +323,7 @@ int MAIN(int argc, char **argv)
}
else
#endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
if (strncmp("dh:",p,4) == 0)
{
pkey_type=TYPE_DH;
@@ -312,6 +335,8 @@ int MAIN(int argc, char **argv)
newreq=1;
}
+ else if (strcmp(*argv,"-batch") == 0)
+ batch=1;
else if (strcmp(*argv,"-newhdr") == 0)
newhdr=1;
else if (strcmp(*argv,"-modulus") == 0)
@@ -322,6 +347,22 @@ int MAIN(int argc, char **argv)
nodes=1;
else if (strcmp(*argv,"-noout") == 0)
noout=1;
+ else if (strcmp(*argv,"-verbose") == 0)
+ verbose=1;
+ else if (strcmp(*argv,"-utf8") == 0)
+ chtype = MBSTRING_UTF8;
+ else if (strcmp(*argv,"-nameopt") == 0)
+ {
+ if (--argc < 1) goto bad;
+ if (!set_name_ex(&nmflag, *(++argv))) goto bad;
+ }
+ else if (strcmp(*argv,"-reqopt") == 0)
+ {
+ if (--argc < 1) goto bad;
+ if (!set_cert_ex(&reqflag, *(++argv))) goto bad;
+ }
+ else if (strcmp(*argv,"-subject") == 0)
+ subject=1;
else if (strcmp(*argv,"-text") == 0)
text=1;
else if (strcmp(*argv,"-x509") == 0)
@@ -330,12 +371,23 @@ int MAIN(int argc, char **argv)
kludge=1;
else if (strcmp(*argv,"-no-asn1-kludge") == 0)
kludge=0;
+ else if (strcmp(*argv,"-subj") == 0)
+ {
+ if (--argc < 1) goto bad;
+ subj= *(++argv);
+ }
else if (strcmp(*argv,"-days") == 0)
{
if (--argc < 1) goto bad;
days= atoi(*(++argv));
if (days == 0) days=30;
}
+ else if (strcmp(*argv,"-set_serial") == 0)
+ {
+ if (--argc < 1) goto bad;
+ serial = s2i_ASN1_INTEGER(NULL, *(++argv));
+ if (!serial) goto bad;
+ }
else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
{
/* ok */
@@ -371,11 +423,15 @@ bad:
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -text text form of request\n");
+ BIO_printf(bio_err," -pubkey output public key\n");
BIO_printf(bio_err," -noout do not output REQ\n");
BIO_printf(bio_err," -verify verify signature on REQ\n");
BIO_printf(bio_err," -modulus RSA modulus\n");
BIO_printf(bio_err," -nodes don't encrypt the output key\n");
- BIO_printf(bio_err," -key file use the private key contained in file\n");
+ BIO_printf(bio_err," -engine e use engine e, possibly a hardware device\n");
+ BIO_printf(bio_err," -subject output the request's subject\n");
+ BIO_printf(bio_err," -passin private key password source\n");
+ BIO_printf(bio_err," -key file use the private key contained in file\n");
BIO_printf(bio_err," -keyform arg key file format\n");
BIO_printf(bio_err," -keyout arg file to send the key to\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
@@ -385,14 +441,20 @@ bad:
BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
BIO_printf(bio_err," -config file request template file.\n");
+ BIO_printf(bio_err," -subj arg set or modify request subject\n");
BIO_printf(bio_err," -new new request.\n");
+ BIO_printf(bio_err," -batch do not ask anything during request generation\n");
BIO_printf(bio_err," -x509 output a x509 structure instead of a cert. req.\n");
- BIO_printf(bio_err," -days number of days a x509 generated by -x509 is valid for.\n");
+ BIO_printf(bio_err," -days number of days a certificate generated by -x509 is valid for.\n");
+ BIO_printf(bio_err," -set_serial serial number to use for a certificate generated by -x509.\n");
BIO_printf(bio_err," -newhdr output \"NEW\" in the header lines\n");
BIO_printf(bio_err," -asn1-kludge Output the 'request' in a format that is wrong but some CA's\n");
BIO_printf(bio_err," have been reported as requiring\n");
BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n");
BIO_printf(bio_err," -reqexts .. specify request extension section (override value in config file)\n");
+ BIO_printf(bio_err," -utf8 input characters are UTF8 (default ASCII)\n");
+ BIO_printf(bio_err," -nameopt arg - various certificate name options\n");
+ BIO_printf(bio_err," -reqopt arg - various request text options\n\n");
goto end;
}
@@ -408,25 +470,21 @@ bad:
if (p == NULL)
p=getenv("SSLEAY_CONF");
if (p == NULL)
- {
- strcpy(config_name,X509_get_default_cert_area());
-#ifndef VMS
- strcat(config_name,"/");
-#endif
- strcat(config_name,OPENSSL_CONF);
- p=config_name;
- }
+ p=to_free=make_config_name();
default_config_file=p;
- config=CONF_load(config,p,NULL);
+ config=NCONF_new(NULL);
+ i=NCONF_load(config, p, &errline);
#endif
if (template != NULL)
{
- long errline;
+ long errline = -1;
- BIO_printf(bio_err,"Using configuration from %s\n",template);
- req_conf=CONF_load(NULL,template,&errline);
- if (req_conf == NULL)
+ if( verbose )
+ BIO_printf(bio_err,"Using configuration from %s\n",template);
+ req_conf=NCONF_new(NULL);
+ i=NCONF_load(req_conf,template,&errline);
+ if (i == 0)
{
BIO_printf(bio_err,"error on line %ld of %s\n",errline,template);
goto end;
@@ -435,7 +493,8 @@ bad:
else
{
req_conf=config;
- BIO_printf(bio_err,"Using configuration from %s\n",
+ if( verbose )
+ BIO_printf(bio_err,"Using configuration from %s\n",
default_config_file);
if (req_conf == NULL)
{
@@ -445,7 +504,11 @@ bad:
if (req_conf != NULL)
{
- p=CONF_get_string(req_conf,NULL,"oid_file");
+ if (!load_config(bio_err, req_conf))
+ goto end;
+ p=NCONF_get_string(req_conf,NULL,"oid_file");
+ if (p == NULL)
+ ERR_clear_error();
if (p != NULL)
{
BIO *oid_bio;
@@ -465,23 +528,32 @@ bad:
}
}
}
- if(!add_oid_section(bio_err, req_conf)) goto end;
+ if(!add_oid_section(bio_err, req_conf)) goto end;
- if ((md_alg == NULL) &&
- ((p=CONF_get_string(req_conf,SECTION,"default_md")) != NULL))
+ if (md_alg == NULL)
{
- if ((md_alg=EVP_get_digestbyname(p)) != NULL)
- digest=md_alg;
+ p=NCONF_get_string(req_conf,SECTION,"default_md");
+ if (p == NULL)
+ ERR_clear_error();
+ if (p != NULL)
+ {
+ if ((md_alg=EVP_get_digestbyname(p)) != NULL)
+ digest=md_alg;
+ }
}
- if(!extensions)
- extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
- if(extensions) {
+ if (!extensions)
+ {
+ extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
+ if (!extensions)
+ ERR_clear_error();
+ }
+ if (extensions) {
/* Check syntax of file */
X509V3_CTX ctx;
X509V3_set_ctx_test(&ctx);
- X509V3_set_conf_lhash(&ctx, req_conf);
- if(!X509V3_EXT_add_conf(req_conf, &ctx, extensions, NULL)) {
+ X509V3_set_nconf(&ctx, req_conf);
+ if(!X509V3_EXT_add_nconf(req_conf, &ctx, extensions, NULL)) {
BIO_printf(bio_err,
"Error Loading extension section %s\n", extensions);
goto end;
@@ -489,26 +561,50 @@ bad:
}
if(!passin)
- passin = CONF_get_string(req_conf, SECTION, "input_password");
-
+ {
+ passin = NCONF_get_string(req_conf, SECTION, "input_password");
+ if (!passin)
+ ERR_clear_error();
+ }
+
if(!passout)
- passout = CONF_get_string(req_conf, SECTION, "output_password");
+ {
+ passout = NCONF_get_string(req_conf, SECTION, "output_password");
+ if (!passout)
+ ERR_clear_error();
+ }
- p = CONF_get_string(req_conf, SECTION, STRING_MASK);
+ p = NCONF_get_string(req_conf, SECTION, STRING_MASK);
+ if (!p)
+ ERR_clear_error();
if(p && !ASN1_STRING_set_default_mask_asc(p)) {
BIO_printf(bio_err, "Invalid global string mask setting %s\n", p);
goto end;
}
+ if (chtype != MBSTRING_UTF8)
+ {
+ p = NCONF_get_string(req_conf, SECTION, UTF8_IN);
+ if (!p)
+ ERR_clear_error();
+ else if (!strcmp(p, "yes"))
+ chtype = MBSTRING_UTF8;
+ }
+
+
if(!req_exts)
- req_exts = CONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
+ {
+ req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
+ if (!req_exts)
+ ERR_clear_error();
+ }
if(req_exts) {
/* Check syntax of file */
X509V3_CTX ctx;
X509V3_set_ctx_test(&ctx);
- X509V3_set_conf_lhash(&ctx, req_conf);
- if(!X509V3_EXT_add_conf(req_conf, &ctx, req_exts, NULL)) {
+ X509V3_set_nconf(&ctx, req_conf);
+ if(!X509V3_EXT_add_nconf(req_conf, &ctx, req_exts, NULL)) {
BIO_printf(bio_err,
"Error Loading request extension section %s\n",
req_exts);
@@ -521,49 +617,39 @@ bad:
if ((in == NULL) || (out == NULL))
goto end;
+ e = setup_engine(bio_err, engine, 0);
+
if (keyfile != NULL)
{
- if (BIO_read_filename(in,keyfile) <= 0)
- {
- perror(keyfile);
- goto end;
- }
-
- if (keyform == FORMAT_ASN1)
- pkey=d2i_PrivateKey_bio(in,NULL);
- else if (keyform == FORMAT_PEM)
- {
- pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,passin);
- }
- else
+ pkey = load_key(bio_err, keyfile, keyform, 0, passin, e,
+ "Private Key");
+ if (!pkey)
{
- BIO_printf(bio_err,"bad input format specified for X509 request\n");
- goto end;
- }
-
- if (pkey == NULL)
- {
- BIO_printf(bio_err,"unable to load Private key\n");
+ /* load_key() has already printed an appropriate
+ message */
goto end;
}
- if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA)
+ if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA)
{
- char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
+ char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
+ if (randfile == NULL)
+ ERR_clear_error();
app_RAND_load_file(randfile, bio_err, 0);
- }
+ }
}
if (newreq && (pkey == NULL))
{
- char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
+ char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
+ if (randfile == NULL)
+ ERR_clear_error();
app_RAND_load_file(randfile, bio_err, 0);
if (inrand)
app_RAND_load_files(inrand);
if (newkey <= 0)
{
- newkey=(int)CONF_get_number(req_conf,SECTION,BITS);
- if (newkey <= 0)
+ if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
newkey=DEFAULT_KEY_LENGTH;
}
@@ -578,7 +664,7 @@ bad:
if ((pkey=EVP_PKEY_new()) == NULL) goto end;
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
if (pkey_type == TYPE_RSA)
{
if (!EVP_PKEY_assign_RSA(pkey,
@@ -588,7 +674,7 @@ bad:
}
else
#endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
if (pkey_type == TYPE_DSA)
{
if (!DSA_generate_key(dsa_params)) goto end;
@@ -602,13 +688,17 @@ bad:
if (pkey == NULL) goto end;
if (keyout == NULL)
- keyout=CONF_get_string(req_conf,SECTION,KEYFILE);
-
+ {
+ keyout=NCONF_get_string(req_conf,SECTION,KEYFILE);
+ if (keyout == NULL)
+ ERR_clear_error();
+ }
+
if (keyout == NULL)
{
BIO_printf(bio_err,"writing new private key to stdout\n");
BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
@@ -625,9 +715,14 @@ bad:
}
}
- p=CONF_get_string(req_conf,SECTION,"encrypt_rsa_key");
+ p=NCONF_get_string(req_conf,SECTION,"encrypt_rsa_key");
if (p == NULL)
- p=CONF_get_string(req_conf,SECTION,"encrypt_key");
+ {
+ ERR_clear_error();
+ p=NCONF_get_string(req_conf,SECTION,"encrypt_key");
+ if (p == NULL)
+ ERR_clear_error();
+ }
if ((p != NULL) && (strcmp(p,"no") == 0))
cipher=NULL;
if (nodes) cipher=NULL;
@@ -689,7 +784,7 @@ loop:
BIO_printf(bio_err,"you need to specify a private key\n");
goto end;
}
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
if (pkey->type == EVP_PKEY_DSA)
digest=EVP_dss1();
#endif
@@ -701,9 +796,13 @@ loop:
goto end;
}
- i=make_REQ(req,pkey,!x509);
- if (kludge >= 0)
- req->req_info->req_kludge=kludge;
+ i=make_REQ(req,pkey,subj,!x509, chtype);
+ subj=NULL; /* done processing '-subj' option */
+ if ((kludge > 0) && !sk_X509_ATTRIBUTE_num(req->req_info->attributes))
+ {
+ sk_X509_ATTRIBUTE_free(req->req_info->attributes);
+ req->req_info->attributes = NULL;
+ }
if (!i)
{
BIO_printf(bio_err,"problems making Certificate Request\n");
@@ -718,7 +817,14 @@ loop:
/* Set version to V3 */
if(!X509_set_version(x509ss, 2)) goto end;
- if (!ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L)) goto end;
+ if (serial)
+ {
+ if (!X509_set_serialNumber(x509ss, serial)) goto end;
+ }
+ else
+ {
+ if (!ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L)) goto end;
+ }
if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req))) goto end;
if (!X509_gmtime_adj(X509_get_notBefore(x509ss),0)) goto end;
@@ -731,18 +837,18 @@ loop:
/* Set up V3 context struct */
X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0);
- X509V3_set_conf_lhash(&ext_ctx, req_conf);
+ X509V3_set_nconf(&ext_ctx, req_conf);
/* Add extensions */
- if(extensions && !X509V3_EXT_add_conf(req_conf,
+ if(extensions && !X509V3_EXT_add_nconf(req_conf,
&ext_ctx, extensions, x509ss))
- {
- BIO_printf(bio_err,
- "Error Loading extension section %s\n",
- extensions);
- goto end;
- }
-
+ {
+ BIO_printf(bio_err,
+ "Error Loading extension section %s\n",
+ extensions);
+ goto end;
+ }
+
if (!(i=X509_sign(x509ss,pkey,digest)))
goto end;
}
@@ -753,22 +859,51 @@ loop:
/* Set up V3 context struct */
X509V3_set_ctx(&ext_ctx, NULL, NULL, req, NULL, 0);
- X509V3_set_conf_lhash(&ext_ctx, req_conf);
+ X509V3_set_nconf(&ext_ctx, req_conf);
/* Add extensions */
- if(req_exts && !X509V3_EXT_REQ_add_conf(req_conf,
+ if(req_exts && !X509V3_EXT_REQ_add_nconf(req_conf,
&ext_ctx, req_exts, req))
- {
- BIO_printf(bio_err,
- "Error Loading extension section %s\n",
- req_exts);
- goto end;
- }
+ {
+ BIO_printf(bio_err,
+ "Error Loading extension section %s\n",
+ req_exts);
+ goto end;
+ }
if (!(i=X509_REQ_sign(req,pkey,digest)))
goto end;
}
}
+ if (subj && x509)
+ {
+ BIO_printf(bio_err, "Cannot modifiy certificate subject\n");
+ goto end;
+ }
+
+ if (subj && !x509)
+ {
+ if (verbose)
+ {
+ BIO_printf(bio_err, "Modifying Request's Subject\n");
+ print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), nmflag);
+ }
+
+ if (build_subject(req, subj, chtype) == 0)
+ {
+ BIO_printf(bio_err, "ERROR: cannot modify subject\n");
+ ex=1;
+ goto end;
+ }
+
+ req->req_info->enc.modified = 1;
+
+ if (verbose)
+ {
+ print_name(bio_err, "new subject=", X509_REQ_get_subject_name(req), nmflag);
+ }
+ }
+
if (verify && !x509)
{
int tmp=0;
@@ -793,12 +928,13 @@ loop:
else if (i == 0)
{
BIO_printf(bio_err,"verify failure\n");
+ ERR_print_errors(bio_err);
}
else /* if (i > 0) */
BIO_printf(bio_err,"verify OK\n");
}
- if (noout && !text && !modulus)
+ if (noout && !text && !modulus && !subject && !pubkey)
{
ex=0;
goto end;
@@ -807,7 +943,7 @@ loop:
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
@@ -827,34 +963,57 @@ loop:
}
}
+ if (pubkey)
+ {
+ EVP_PKEY *tpubkey;
+ tpubkey=X509_REQ_get_pubkey(req);
+ if (tpubkey == NULL)
+ {
+ BIO_printf(bio_err,"Error getting public key\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ PEM_write_bio_PUBKEY(out, tpubkey);
+ EVP_PKEY_free(tpubkey);
+ }
+
if (text)
{
if (x509)
- X509_print(out,x509ss);
+ X509_print_ex(out, x509ss, nmflag, reqflag);
else
- X509_REQ_print(out,req);
+ X509_REQ_print_ex(out, req, nmflag, reqflag);
+ }
+
+ if(subject)
+ {
+ if(x509)
+ print_name(out, "subject=", X509_get_subject_name(x509ss), nmflag);
+ else
+ print_name(out, "subject=", X509_REQ_get_subject_name(req), nmflag);
}
if (modulus)
{
- EVP_PKEY *pubkey;
+ EVP_PKEY *tpubkey;
if (x509)
- pubkey=X509_get_pubkey(x509ss);
+ tpubkey=X509_get_pubkey(x509ss);
else
- pubkey=X509_REQ_get_pubkey(req);
- if (pubkey == NULL)
+ tpubkey=X509_REQ_get_pubkey(req);
+ if (tpubkey == NULL)
{
fprintf(stdout,"Modulus=unavailable\n");
goto end;
}
fprintf(stdout,"Modulus=");
-#ifndef NO_RSA
- if (pubkey->type == EVP_PKEY_RSA)
- BN_print(out,pubkey->pkey.rsa->n);
+#ifndef OPENSSL_NO_RSA
+ if (tpubkey->type == EVP_PKEY_RSA)
+ BN_print(out,tpubkey->pkey.rsa->n);
else
#endif
fprintf(stdout,"Wrong Algorithm type");
+ EVP_PKEY_free(tpubkey);
fprintf(stdout,"\n");
}
@@ -893,55 +1052,67 @@ loop:
}
ex=0;
end:
+#ifndef MONOLITH
+ if(to_free)
+ OPENSSL_free(to_free);
+#endif
if (ex)
{
ERR_print_errors(bio_err);
}
- if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf);
+ if ((req_conf != NULL) && (req_conf != config)) NCONF_free(req_conf);
BIO_free(in);
BIO_free_all(out);
EVP_PKEY_free(pkey);
X509_REQ_free(req);
X509_free(x509ss);
+ ASN1_INTEGER_free(serial);
if(passargin && passin) OPENSSL_free(passin);
if(passargout && passout) OPENSSL_free(passout);
OBJ_cleanup();
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
if (dsa_params != NULL) DSA_free(dsa_params);
#endif
- EXIT(ex);
+ apps_shutdown();
+ OPENSSL_EXIT(ex);
}
-static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
+static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs,
+ unsigned long chtype)
{
int ret=0,i;
char no_prompt = 0;
STACK_OF(CONF_VALUE) *dn_sk, *attr_sk = NULL;
char *tmp, *dn_sect,*attr_sect;
- tmp=CONF_get_string(req_conf,SECTION,PROMPT);
+ tmp=NCONF_get_string(req_conf,SECTION,PROMPT);
+ if (tmp == NULL)
+ ERR_clear_error();
if((tmp != NULL) && !strcmp(tmp, "no")) no_prompt = 1;
- dn_sect=CONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
+ dn_sect=NCONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
if (dn_sect == NULL)
{
BIO_printf(bio_err,"unable to find '%s' in config\n",
DISTINGUISHED_NAME);
goto err;
}
- dn_sk=CONF_get_section(req_conf,dn_sect);
+ dn_sk=NCONF_get_section(req_conf,dn_sect);
if (dn_sk == NULL)
{
BIO_printf(bio_err,"unable to get '%s' section\n",dn_sect);
goto err;
}
- attr_sect=CONF_get_string(req_conf,SECTION,ATTRIBUTES);
+ attr_sect=NCONF_get_string(req_conf,SECTION,ATTRIBUTES);
if (attr_sect == NULL)
+ {
+ ERR_clear_error();
attr_sk=NULL;
+ }
else
{
- attr_sk=CONF_get_section(req_conf,attr_sect);
+ attr_sk=NCONF_get_section(req_conf,attr_sect);
if (attr_sk == NULL)
{
BIO_printf(bio_err,"unable to get '%s' section\n",attr_sect);
@@ -952,8 +1123,15 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
/* setup version number */
if (!X509_REQ_set_version(req,0L)) goto err; /* version 1 */
- if(no_prompt) i = auto_info(req, dn_sk, attr_sk, attribs);
- else i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs);
+ if (no_prompt)
+ i = auto_info(req, dn_sk, attr_sk, attribs, chtype);
+ else
+ {
+ if (subj)
+ i = build_subject(req, subj, chtype);
+ else
+ i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs, chtype);
+ }
if(!i) goto err;
if (!X509_REQ_set_pubkey(req,pkey)) goto err;
@@ -963,26 +1141,52 @@ err:
return(ret);
}
+/*
+ * subject is expected to be in the format /type0=value0/type1=value1/type2=...
+ * where characters may be escaped by \
+ */
+static int build_subject(X509_REQ *req, char *subject, unsigned long chtype)
+ {
+ X509_NAME *n;
+
+ if (!(n = do_subject(subject, chtype)))
+ return 0;
+
+ if (!X509_REQ_set_subject_name(req, n))
+ {
+ X509_NAME_free(n);
+ return 0;
+ }
+ X509_NAME_free(n);
+ return 1;
+}
+
static int prompt_info(X509_REQ *req,
STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
- STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs)
+ STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs,
+ unsigned long chtype)
{
int i;
char *p,*q;
char buf[100];
- int nid,min,max;
+ int nid;
+ long n_min,n_max;
char *type,*def,*value;
CONF_VALUE *v;
X509_NAME *subj;
subj = X509_REQ_get_subject_name(req);
- BIO_printf(bio_err,"You are about to be asked to enter information that will be incorporated\n");
- BIO_printf(bio_err,"into your certificate request.\n");
- BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n");
- BIO_printf(bio_err,"There are quite a few fields but you can leave some blank\n");
- BIO_printf(bio_err,"For some fields there will be a default value,\n");
- BIO_printf(bio_err,"If you enter '.', the field will be left blank.\n");
- BIO_printf(bio_err,"-----\n");
+
+ if(!batch)
+ {
+ BIO_printf(bio_err,"You are about to be asked to enter information that will be incorporated\n");
+ BIO_printf(bio_err,"into your certificate request.\n");
+ BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n");
+ BIO_printf(bio_err,"There are quite a few fields but you can leave some blank\n");
+ BIO_printf(bio_err,"For some fields there will be a default value,\n");
+ BIO_printf(bio_err,"If you enter '.', the field will be left blank.\n");
+ BIO_printf(bio_err,"-----\n");
+ }
if (sk_CONF_VALUE_num(dn_sk))
@@ -1011,22 +1215,36 @@ start: for (;;)
}
/* If OBJ not recognised ignore it */
if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
+
+ if(strlen(v->name) > sizeof buf-9)
+ {
+ BIO_printf(bio_err,"Name '%s' too long\n",v->name);
+ return 0;
+ }
+
sprintf(buf,"%s_default",v->name);
- if ((def=CONF_get_string(req_conf,dn_sect,buf)) == NULL)
+ if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
+ {
+ ERR_clear_error();
def="";
-
+ }
sprintf(buf,"%s_value",v->name);
- if ((value=CONF_get_string(req_conf,dn_sect,buf)) == NULL)
+ if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
+ {
+ ERR_clear_error();
value=NULL;
+ }
sprintf(buf,"%s_min",v->name);
- min=(int)CONF_get_number(req_conf,dn_sect,buf);
+ if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min))
+ n_min = -1;
sprintf(buf,"%s_max",v->name);
- max=(int)CONF_get_number(req_conf,dn_sect,buf);
+ if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max))
+ n_max = -1;
if (!add_DN_object(subj,v->value,def,value,nid,
- min,max))
+ n_min,n_max, chtype))
return 0;
}
if (X509_NAME_entry_count(subj) == 0)
@@ -1037,7 +1255,7 @@ start: for (;;)
if (attribs)
{
- if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0))
+ if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0) && (!batch))
{
BIO_printf(bio_err,"\nPlease enter the following 'extra' attributes\n");
BIO_printf(bio_err,"to be sent with your certificate request\n");
@@ -1056,24 +1274,39 @@ start2: for (;;)
if ((nid=OBJ_txt2nid(type)) == NID_undef)
goto start2;
+ if(strlen(v->name) > sizeof buf-9)
+ {
+ BIO_printf(bio_err,"Name '%s' too long\n",v->name);
+ return 0;
+ }
+
sprintf(buf,"%s_default",type);
- if ((def=CONF_get_string(req_conf,attr_sect,buf))
+ if ((def=NCONF_get_string(req_conf,attr_sect,buf))
== NULL)
+ {
+ ERR_clear_error();
def="";
+ }
+
sprintf(buf,"%s_value",type);
- if ((value=CONF_get_string(req_conf,attr_sect,buf))
+ if ((value=NCONF_get_string(req_conf,attr_sect,buf))
== NULL)
+ {
+ ERR_clear_error();
value=NULL;
+ }
sprintf(buf,"%s_min",type);
- min=(int)CONF_get_number(req_conf,attr_sect,buf);
+ if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min))
+ n_min = -1;
sprintf(buf,"%s_max",type);
- max=(int)CONF_get_number(req_conf,attr_sect,buf);
+ if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max))
+ n_max = -1;
if (!add_attribute_object(req,
- v->value,def,value,nid,min,max))
+ v->value,def,value,nid,n_min,n_max, chtype))
return 0;
}
}
@@ -1089,7 +1322,7 @@ start2: for (;;)
}
static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
- STACK_OF(CONF_VALUE) *attr_sk, int attribs)
+ STACK_OF(CONF_VALUE) *attr_sk, int attribs, unsigned long chtype)
{
int i;
char *p,*q;
@@ -1117,7 +1350,7 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
if(*p) type = p;
break;
}
- if (!X509_NAME_add_entry_by_txt(subj,type, MBSTRING_ASC,
+ if (!X509_NAME_add_entry_by_txt(subj,type, chtype,
(unsigned char *) v->value,-1,-1,0)) return 0;
}
@@ -1132,7 +1365,7 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
for (i = 0; i < sk_CONF_VALUE_num(attr_sk); i++)
{
v=sk_CONF_VALUE_value(attr_sk,i);
- if(!X509_REQ_add1_attr_by_txt(req, v->name, MBSTRING_ASC,
+ if(!X509_REQ_add1_attr_by_txt(req, v->name, chtype,
(unsigned char *)v->value, -1)) return 0;
}
}
@@ -1141,15 +1374,16 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
- int nid, int min, int max)
+ int nid, int n_min, int n_max, unsigned long chtype)
{
int i,ret=0;
MS_STATIC char buf[1024];
start:
- BIO_printf(bio_err,"%s [%s]:",text,def);
+ if (!batch) BIO_printf(bio_err,"%s [%s]:",text,def);
(void)BIO_flush(bio_err);
- if (value != NULL)
+ if(value != NULL)
{
+ OPENSSL_assert(strlen(value) < sizeof buf-2);
strcpy(buf,value);
strcat(buf,"\n");
BIO_printf(bio_err,"%s\n",value);
@@ -1157,7 +1391,15 @@ start:
else
{
buf[0]='\0';
- fgets(buf,1024,stdin);
+ if (!batch)
+ {
+ fgets(buf,sizeof buf,stdin);
+ }
+ else
+ {
+ buf[0] = '\n';
+ buf[1] = '\0';
+ }
}
if (buf[0] == '\0') return(0);
@@ -1177,12 +1419,11 @@ start:
return(0);
}
buf[--i]='\0';
-
#ifdef CHARSET_EBCDIC
ebcdic2ascii(buf, buf, i);
#endif
- if(!req_check_len(i, min, max)) goto start;
- if (!X509_NAME_add_entry_by_NID(n,nid, MBSTRING_ASC,
+ if(!req_check_len(i, n_min, n_max)) goto start;
+ if (!X509_NAME_add_entry_by_NID(n,nid, chtype,
(unsigned char *) buf, -1,-1,0)) goto err;
ret=1;
err:
@@ -1190,17 +1431,18 @@ err:
}
static int add_attribute_object(X509_REQ *req, char *text,
- char *def, char *value, int nid, int min,
- int max)
+ char *def, char *value, int nid, int n_min,
+ int n_max, unsigned long chtype)
{
int i;
static char buf[1024];
start:
- BIO_printf(bio_err,"%s [%s]:",text,def);
+ if (!batch) BIO_printf(bio_err,"%s [%s]:",text,def);
(void)BIO_flush(bio_err);
if (value != NULL)
{
+ OPENSSL_assert(strlen(value) < sizeof buf-2);
strcpy(buf,value);
strcat(buf,"\n");
BIO_printf(bio_err,"%s\n",value);
@@ -1208,7 +1450,15 @@ start:
else
{
buf[0]='\0';
- fgets(buf,1024,stdin);
+ if (!batch)
+ {
+ fgets(buf,sizeof buf,stdin);
+ }
+ else
+ {
+ buf[0] = '\n';
+ buf[1] = '\0';
+ }
}
if (buf[0] == '\0') return(0);
@@ -1231,9 +1481,9 @@ start:
#ifdef CHARSET_EBCDIC
ebcdic2ascii(buf, buf, i);
#endif
- if(!req_check_len(i, min, max)) goto start;
+ if(!req_check_len(i, n_min, n_max)) goto start;
- if(!X509_REQ_add1_attr_by_NID(req, nid, MBSTRING_ASC,
+ if(!X509_REQ_add1_attr_by_NID(req, nid, chtype,
(unsigned char *)buf, -1)) {
BIO_printf(bio_err, "Error adding attribute\n");
ERR_print_errors(bio_err);
@@ -1245,7 +1495,7 @@ err:
return(0);
}
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
static void MS_CALLBACK req_cb(int p, int n, void *arg)
{
char c='*';
@@ -1262,16 +1512,16 @@ static void MS_CALLBACK req_cb(int p, int n, void *arg)
}
#endif
-static int req_check_len(int len, int min, int max)
+static int req_check_len(int len, int n_min, int n_max)
{
- if (len < min)
+ if ((n_min > 0) && (len < n_min))
{
- BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",min);
+ BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",n_min);
return(0);
}
- if ((max != 0) && (len > max))
+ if ((n_max >= 0) && (len > n_max))
{
- BIO_printf(bio_err,"string is too long, it needs to be less than %d bytes long\n",max);
+ BIO_printf(bio_err,"string is too long, it needs to be less than %d bytes long\n",n_max);
return(0);
}
return(1);
diff --git a/crypto/openssl/apps/rsa.c b/crypto/openssl/apps/rsa.c
index b4b0651..aebec74 100644
--- a/crypto/openssl/apps/rsa.c
+++ b/crypto/openssl/apps/rsa.c
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -79,6 +79,9 @@
* -des - encrypt output if PEM format with DES in cbc mode
* -des3 - encrypt output if PEM format
* -idea - encrypt output if PEM format
+ * -aes128 - encrypt output if PEM format
+ * -aes192 - encrypt output if PEM format
+ * -aes256 - encrypt output if PEM format
* -text - print a text version
* -modulus - print the RSA key modulus
* -check - verify key consistency
@@ -90,16 +93,18 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
int ret=1;
RSA *rsa=NULL;
int i,badops=0, sgckey=0;
const EVP_CIPHER *enc=NULL;
- BIO *in=NULL,*out=NULL;
+ BIO *out=NULL;
int informat,outformat,text=0,check=0,noout=0;
int pubin = 0, pubout = 0;
char *infile,*outfile,*prog;
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
+ char *engine=NULL;
int modulus=0;
apps_startup();
@@ -108,6 +113,9 @@ int MAIN(int argc, char **argv)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ if (!load_config(bio_err, NULL))
+ goto end;
+
infile=NULL;
outfile=NULL;
informat=FORMAT_PEM;
@@ -148,6 +156,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
passargout= *(++argv);
}
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
else if (strcmp(*argv,"-sgckey") == 0)
sgckey=1;
else if (strcmp(*argv,"-pubin") == 0)
@@ -186,20 +199,27 @@ bad:
BIO_printf(bio_err," -passout arg output file pass phrase source\n");
BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n");
#endif
+#ifndef OPENSSL_NO_AES
+ BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
+ BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
+#endif
BIO_printf(bio_err," -text print the key in text\n");
BIO_printf(bio_err," -noout don't print key out\n");
BIO_printf(bio_err," -modulus print the RSA key modulus\n");
BIO_printf(bio_err," -check verify key consistency\n");
BIO_printf(bio_err," -pubin expect a public key in input file\n");
BIO_printf(bio_err," -pubout output a public key\n");
+ BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
goto end;
}
ERR_load_crypto_strings();
+ e = setup_engine(bio_err, engine, 0);
+
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
@@ -210,69 +230,29 @@ bad:
goto end;
}
- in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
- if ((in == NULL) || (out == NULL))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- if (infile == NULL)
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(in,infile) <= 0)
- {
- perror(infile);
- goto end;
- }
- }
+ {
+ EVP_PKEY *pkey;
- BIO_printf(bio_err,"read RSA key\n");
- if (informat == FORMAT_ASN1) {
- if (pubin) rsa=d2i_RSA_PUBKEY_bio(in,NULL);
- else rsa=d2i_RSAPrivateKey_bio(in,NULL);
- }
-#ifndef NO_RC4
- else if (informat == FORMAT_NETSCAPE)
- {
- BUF_MEM *buf=NULL;
- unsigned char *p;
- int size=0;
+ if (pubin)
+ pkey = load_pubkey(bio_err, infile,
+ (informat == FORMAT_NETSCAPE && sgckey ?
+ FORMAT_IISSGC : informat), 1,
+ passin, e, "Public Key");
+ else
+ pkey = load_key(bio_err, infile,
+ (informat == FORMAT_NETSCAPE && sgckey ?
+ FORMAT_IISSGC : informat), 1,
+ passin, e, "Private Key");
- buf=BUF_MEM_new();
- for (;;)
- {
- if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10)))
- goto end;
- i=BIO_read(in,&(buf->data[size]),1024*10);
- size+=i;
- if (i == 0) break;
- if (i < 0)
- {
- perror("reading private key");
- BUF_MEM_free(buf);
- goto end;
- }
- }
- p=(unsigned char *)buf->data;
- rsa=d2i_RSA_NET(NULL,&p,(long)size,NULL, sgckey);
- BUF_MEM_free(buf);
- }
-#endif
- else if (informat == FORMAT_PEM) {
- if(pubin) rsa=PEM_read_bio_RSA_PUBKEY(in,NULL,NULL,NULL);
- else rsa=PEM_read_bio_RSAPrivateKey(in,NULL, NULL,passin);
+ if (pkey != NULL)
+ rsa = pkey == NULL ? NULL : EVP_PKEY_get1_RSA(pkey);
+ EVP_PKEY_free(pkey);
}
- else
- {
- BIO_printf(bio_err,"bad input format specified for key\n");
- goto end;
- }
+
if (rsa == NULL)
{
- BIO_printf(bio_err,"unable to load key\n");
ERR_print_errors(bio_err);
goto end;
}
@@ -280,7 +260,7 @@ bad:
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
@@ -319,14 +299,14 @@ bad:
BIO_printf(out,"RSA key ok\n");
else if (r == 0)
{
- long e;
+ long err;
- while ((e = ERR_peek_error()) != 0 &&
- ERR_GET_LIB(e) == ERR_LIB_RSA &&
- ERR_GET_FUNC(e) == RSA_F_RSA_CHECK_KEY &&
- ERR_GET_REASON(e) != ERR_R_MALLOC_FAILURE)
+ while ((err = ERR_peek_error()) != 0 &&
+ ERR_GET_LIB(err) == ERR_LIB_RSA &&
+ ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY &&
+ ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE)
{
- BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(e));
+ BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(err));
ERR_get_error(); /* remove e from error stack */
}
}
@@ -348,7 +328,7 @@ bad:
if(pubout || pubin) i=i2d_RSA_PUBKEY_bio(out,rsa);
else i=i2d_RSAPrivateKey_bio(out,rsa);
}
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
else if (outformat == FORMAT_NETSCAPE)
{
unsigned char *p,*pp;
@@ -384,14 +364,14 @@ bad:
else
ret=0;
end:
- if(in != NULL) BIO_free(in);
if(out != NULL) BIO_free_all(out);
if(rsa != NULL) RSA_free(rsa);
if(passin) OPENSSL_free(passin);
if(passout) OPENSSL_free(passout);
- EXIT(ret);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
}
-#else /* !NO_RSA */
+#else /* !OPENSSL_NO_RSA */
# if PEDANTIC
static void *dummy=&dummy;
diff --git a/crypto/openssl/apps/rsautl.c b/crypto/openssl/apps/rsautl.c
index de231b0..36957e5 100644
--- a/crypto/openssl/apps/rsautl.c
+++ b/crypto/openssl/apps/rsautl.c
@@ -56,7 +56,7 @@
*
*/
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
#include "apps.h"
#include <string.h>
@@ -82,8 +82,10 @@ int MAIN(int argc, char **);
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
BIO *in = NULL, *out = NULL;
char *infile = NULL, *outfile = NULL;
+ char *engine = NULL;
char *keyfile = NULL;
char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
int keyform = FORMAT_PEM;
@@ -102,6 +104,9 @@ int MAIN(int argc, char **argv)
argv++;
if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
pad = RSA_PKCS1_PADDING;
@@ -117,6 +122,12 @@ int MAIN(int argc, char **argv)
} else if(!strcmp(*argv, "-inkey")) {
if (--argc < 1) badarg = 1;
keyfile = *(++argv);
+ } else if (strcmp(*argv,"-keyform") == 0) {
+ if (--argc < 1) badarg = 1;
+ keyform=str2fmt(*(++argv));
+ } else if(!strcmp(*argv, "-engine")) {
+ if (--argc < 1) badarg = 1;
+ engine = *(++argv);
} else if(!strcmp(*argv, "-pubin")) {
key_type = KEY_PUBKEY;
} else if(!strcmp(*argv, "-certin")) {
@@ -151,20 +162,25 @@ int MAIN(int argc, char **argv)
goto end;
}
+ e = setup_engine(bio_err, engine, 0);
+
/* FIXME: seed PRNG only if needed */
app_RAND_load_file(NULL, bio_err, 0);
switch(key_type) {
case KEY_PRIVKEY:
- pkey = load_key(bio_err, keyfile, keyform, NULL);
+ pkey = load_key(bio_err, keyfile, keyform, 0,
+ NULL, e, "Private Key");
break;
case KEY_PUBKEY:
- pkey = load_pubkey(bio_err, keyfile, keyform);
+ pkey = load_pubkey(bio_err, keyfile, keyform, 0,
+ NULL, e, "Public Key");
break;
case KEY_CERT:
- x = load_cert(bio_err, keyfile, keyform);
+ x = load_cert(bio_err, keyfile, keyform,
+ NULL, e, "Certificate");
if(x) {
pkey = X509_get_pubkey(x);
X509_free(x);
@@ -173,7 +189,6 @@ int MAIN(int argc, char **argv)
}
if(!pkey) {
- BIO_printf(bio_err, "Error loading key\n");
return 1;
}
@@ -203,7 +218,7 @@ int MAIN(int argc, char **argv)
}
} else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
@@ -278,6 +293,7 @@ static void usage()
BIO_printf(bio_err, "-in file input file\n");
BIO_printf(bio_err, "-out file output file\n");
BIO_printf(bio_err, "-inkey file input key\n");
+ BIO_printf(bio_err, "-keyform arg private key format - default PEM\n");
BIO_printf(bio_err, "-pubin input is an RSA public\n");
BIO_printf(bio_err, "-certin input is a certificate carrying an RSA public key\n");
BIO_printf(bio_err, "-ssl use SSL v2 padding\n");
@@ -289,6 +305,8 @@ static void usage()
BIO_printf(bio_err, "-encrypt encrypt with public key\n");
BIO_printf(bio_err, "-decrypt decrypt with private key\n");
BIO_printf(bio_err, "-hexdump hex dump output\n");
+ BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
+
}
#endif
diff --git a/crypto/openssl/apps/s_apps.h b/crypto/openssl/apps/s_apps.h
index 57af7c0..ff18a72 100644
--- a/crypto/openssl/apps/s_apps.h
+++ b/crypto/openssl/apps/s_apps.h
@@ -55,9 +55,64 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
#include <sys/types.h>
-#if (defined(VMS) || defined(__VMS)) && !defined(FD_SET)
+#include <openssl/opensslconf.h>
+
+#if defined(OPENSSL_SYS_VMS) && !defined(FD_SET)
/* VAX C does not defined fd_set and friends, but it's actually quite simple */
/* These definitions are borrowed from SOCKETSHR. /Richard Levitte */
#define MAX_NOFILE 32
@@ -87,13 +142,9 @@ typedef fd_mask fd_set;
int do_server(int port, int *ret, int (*cb) (), char *context);
#ifdef HEADER_X509_H
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
-#else
-int MS_CALLBACK verify_callback(int ok, char *ctx);
#endif
#ifdef HEADER_SSL_H
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
-#else
-int set_cert_stuff(char *ctx, char *cert_file, char *key_file);
#endif
int init_client(int *sock, char *server, int port);
int should_retry(int i);
@@ -104,8 +155,6 @@ long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp,
int argi, long argl, long ret);
#ifdef HEADER_SSL_H
-void MS_CALLBACK apps_ssl_info_callback(SSL *s, int where, int ret);
-#else
-void MS_CALLBACK apps_ssl_info_callback(char *s, int where, int ret);
+void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret);
+void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
#endif
-
diff --git a/crypto/openssl/apps/s_cb.c b/crypto/openssl/apps/s_cb.c
index fd62259..675527d 100644
--- a/crypto/openssl/apps/s_cb.c
+++ b/crypto/openssl/apps/s_cb.c
@@ -55,6 +55,59 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
#include <stdio.h>
#include <stdlib.h>
@@ -81,7 +134,7 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
err= X509_STORE_CTX_get_error(ctx);
depth= X509_STORE_CTX_get_error_depth(ctx);
- X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
+ X509_NAME_oneline(X509_get_subject_name(err_cert),buf,sizeof buf);
BIO_printf(bio_err,"depth=%d %s\n",depth,buf);
if (!ok)
{
@@ -101,7 +154,7 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
switch (ctx->error)
{
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
- X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256);
+ X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,sizeof buf);
BIO_printf(bio_err,"issuer= %s\n",buf);
break;
case X509_V_ERR_CERT_NOT_YET_VALID:
@@ -200,7 +253,7 @@ long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi,
return(ret);
}
-void MS_CALLBACK apps_ssl_info_callback(SSL *s, int where, int ret)
+void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret)
{
char *str;
int w;
@@ -236,3 +289,261 @@ void MS_CALLBACK apps_ssl_info_callback(SSL *s, int where, int ret)
}
}
+
+void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
+ {
+ BIO *bio = arg;
+ const char *str_write_p, *str_version, *str_content_type = "", *str_details1 = "", *str_details2= "";
+
+ str_write_p = write_p ? ">>>" : "<<<";
+
+ switch (version)
+ {
+ case SSL2_VERSION:
+ str_version = "SSL 2.0";
+ break;
+ case SSL3_VERSION:
+ str_version = "SSL 3.0 ";
+ break;
+ case TLS1_VERSION:
+ str_version = "TLS 1.0 ";
+ break;
+ default:
+ str_version = "???";
+ }
+
+ if (version == SSL2_VERSION)
+ {
+ str_details1 = "???";
+
+ if (len > 0)
+ {
+ switch (((unsigned char*)buf)[0])
+ {
+ case 0:
+ str_details1 = ", ERROR:";
+ str_details2 = " ???";
+ if (len >= 3)
+ {
+ unsigned err = (((unsigned char*)buf)[1]<<8) + ((unsigned char*)buf)[2];
+
+ switch (err)
+ {
+ case 0x0001:
+ str_details2 = " NO-CIPHER-ERROR";
+ break;
+ case 0x0002:
+ str_details2 = " NO-CERTIFICATE-ERROR";
+ break;
+ case 0x0004:
+ str_details2 = " BAD-CERTIFICATE-ERROR";
+ break;
+ case 0x0006:
+ str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR";
+ break;
+ }
+ }
+
+ break;
+ case 1:
+ str_details1 = ", CLIENT-HELLO";
+ break;
+ case 2:
+ str_details1 = ", CLIENT-MASTER-KEY";
+ break;
+ case 3:
+ str_details1 = ", CLIENT-FINISHED";
+ break;
+ case 4:
+ str_details1 = ", SERVER-HELLO";
+ break;
+ case 5:
+ str_details1 = ", SERVER-VERIFY";
+ break;
+ case 6:
+ str_details1 = ", SERVER-FINISHED";
+ break;
+ case 7:
+ str_details1 = ", REQUEST-CERTIFICATE";
+ break;
+ case 8:
+ str_details1 = ", CLIENT-CERTIFICATE";
+ break;
+ }
+ }
+ }
+
+ if (version == SSL3_VERSION || version == TLS1_VERSION)
+ {
+ switch (content_type)
+ {
+ case 20:
+ str_content_type = "ChangeCipherSpec";
+ break;
+ case 21:
+ str_content_type = "Alert";
+ break;
+ case 22:
+ str_content_type = "Handshake";
+ break;
+ }
+
+ if (content_type == 21) /* Alert */
+ {
+ str_details1 = ", ???";
+
+ if (len == 2)
+ {
+ switch (((unsigned char*)buf)[0])
+ {
+ case 1:
+ str_details1 = ", warning";
+ break;
+ case 2:
+ str_details1 = ", fatal";
+ break;
+ }
+
+ str_details2 = " ???";
+ switch (((unsigned char*)buf)[1])
+ {
+ case 0:
+ str_details2 = " close_notify";
+ break;
+ case 10:
+ str_details2 = " unexpected_message";
+ break;
+ case 20:
+ str_details2 = " bad_record_mac";
+ break;
+ case 21:
+ str_details2 = " decryption_failed";
+ break;
+ case 22:
+ str_details2 = " record_overflow";
+ break;
+ case 30:
+ str_details2 = " decompression_failure";
+ break;
+ case 40:
+ str_details2 = " handshake_failure";
+ break;
+ case 42:
+ str_details2 = " bad_certificate";
+ break;
+ case 43:
+ str_details2 = " unsupported_certificate";
+ break;
+ case 44:
+ str_details2 = " certificate_revoked";
+ break;
+ case 45:
+ str_details2 = " certificate_expired";
+ break;
+ case 46:
+ str_details2 = " certificate_unknown";
+ break;
+ case 47:
+ str_details2 = " illegal_parameter";
+ break;
+ case 48:
+ str_details2 = " unknown_ca";
+ break;
+ case 49:
+ str_details2 = " access_denied";
+ break;
+ case 50:
+ str_details2 = " decode_error";
+ break;
+ case 51:
+ str_details2 = " decrypt_error";
+ break;
+ case 60:
+ str_details2 = " export_restriction";
+ break;
+ case 70:
+ str_details2 = " protocol_version";
+ break;
+ case 71:
+ str_details2 = " insufficient_security";
+ break;
+ case 80:
+ str_details2 = " internal_error";
+ break;
+ case 90:
+ str_details2 = " user_canceled";
+ break;
+ case 100:
+ str_details2 = " no_renegotiation";
+ break;
+ }
+ }
+ }
+
+ if (content_type == 22) /* Handshake */
+ {
+ str_details1 = "???";
+
+ if (len > 0)
+ {
+ switch (((unsigned char*)buf)[0])
+ {
+ case 0:
+ str_details1 = ", HelloRequest";
+ break;
+ case 1:
+ str_details1 = ", ClientHello";
+ break;
+ case 2:
+ str_details1 = ", ServerHello";
+ break;
+ case 11:
+ str_details1 = ", Certificate";
+ break;
+ case 12:
+ str_details1 = ", ServerKeyExchange";
+ break;
+ case 13:
+ str_details1 = ", CertificateRequest";
+ break;
+ case 14:
+ str_details1 = ", ServerHelloDone";
+ break;
+ case 15:
+ str_details1 = ", CertificateVerify";
+ break;
+ case 16:
+ str_details1 = ", ClientKeyExchange";
+ break;
+ case 20:
+ str_details1 = ", Finished";
+ break;
+ }
+ }
+ }
+ }
+
+ BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, str_content_type, (unsigned long)len, str_details1, str_details2);
+
+ if (len > 0)
+ {
+ size_t num, i;
+
+ BIO_printf(bio, " ");
+ num = len;
+#if 0
+ if (num > 16)
+ num = 16;
+#endif
+ for (i = 0; i < num; i++)
+ {
+ if (i % 16 == 0 && i > 0)
+ BIO_printf(bio, "\n ");
+ BIO_printf(bio, " %02x", ((unsigned char*)buf)[i]);
+ }
+ if (i < len)
+ BIO_printf(bio, " ...");
+ BIO_printf(bio, "\n");
+ }
+ BIO_flush(bio);
+ }
diff --git a/crypto/openssl/apps/s_client.c b/crypto/openssl/apps/s_client.c
index 9cfe2b1..738588c 100644
--- a/crypto/openssl/apps/s_client.c
+++ b/crypto/openssl/apps/s_client.c
@@ -55,12 +55,66 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#ifdef NO_STDIO
+#include <openssl/e_os2.h>
+#ifdef OPENSSL_NO_STDIO
#define APPS_WIN16
#endif
@@ -68,7 +122,7 @@
recursive header file inclusion, resulting in the compiler complaining
that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
is needed to have fileno() declared correctly... So let's define u_int */
-#if defined(VMS) && defined(__DECC) && !defined(__U_INT)
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
#define __U_INT
typedef unsigned int u_int;
#endif
@@ -82,12 +136,20 @@ typedef unsigned int u_int;
#include <openssl/rand.h>
#include "s_apps.h"
-#ifdef WINDOWS
+#ifdef OPENSSL_SYS_WINDOWS
#include <conio.h>
#endif
+#ifdef OPENSSL_SYS_WINCE
+/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
+#ifdef fileno
+#undef fileno
+#endif
+#define fileno(a) (int)_fileno(a)
+#endif
+
-#if (defined(VMS) && __VMS_VER < 70000000)
+#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
#undef FIONBIO
#endif
@@ -112,6 +174,7 @@ static int c_nbio=0;
#endif
static int c_Pause=0;
static int c_debug=0;
+static int c_msg=0;
static int c_showcerts=0;
static void sc_usage(void);
@@ -138,6 +201,7 @@ static void sc_usage(void)
BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n");
BIO_printf(bio_err," -showcerts - show all certificates in the chain\n");
BIO_printf(bio_err," -debug - extra output\n");
+ BIO_printf(bio_err," -msg - Show protocol messages\n");
BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n");
BIO_printf(bio_err," -state - print the 'ssl' states\n");
#ifdef FIONBIO
@@ -151,8 +215,14 @@ static void sc_usage(void)
BIO_printf(bio_err," -tls1 - just use TLSv1\n");
BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n");
+ BIO_printf(bio_err," -serverpref - Use server's cipher preferences (only SSLv2)\n");
BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n");
BIO_printf(bio_err," command to see what is available\n");
+ BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");
+ BIO_printf(bio_err," for those protocols that support it, where\n");
+ BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n");
+ BIO_printf(bio_err," only \"smtp\" is supported.\n");
+ BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
}
@@ -163,8 +233,9 @@ int MAIN(int argc, char **argv)
{
int off=0;
SSL *con=NULL,*con2=NULL;
+ X509_STORE *store = NULL;
int s,k,width,state=0;
- char *cbuf=NULL,*sbuf=NULL;
+ char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL;
int cbuf_len,cbuf_off;
int sbuf_len,sbuf_off;
fd_set readfds,writefds;
@@ -178,19 +249,22 @@ int MAIN(int argc, char **argv)
int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
SSL_CTX *ctx=NULL;
int ret=1,in_init=1,i,nbio_test=0;
- int prexit = 0;
+ int smtp_starttls = 0;
+ int prexit = 0, vflags = 0;
SSL_METHOD *meth=NULL;
BIO *sbio;
char *inrand=NULL;
-#ifdef WINDOWS
+ char *engine_id=NULL;
+ ENGINE *e=NULL;
+#ifdef OPENSSL_SYS_WINDOWS
struct timeval tv;
#endif
-#if !defined(NO_SSL2) && !defined(NO_SSL3)
+#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
meth=SSLv23_client_method();
-#elif !defined(NO_SSL3)
+#elif !defined(OPENSSL_NO_SSL3)
meth=SSLv3_client_method();
-#elif !defined(NO_SSL2)
+#elif !defined(OPENSSL_NO_SSL2)
meth=SSLv2_client_method();
#endif
@@ -199,13 +273,18 @@ int MAIN(int argc, char **argv)
c_quiet=0;
c_ign_eof=0;
c_debug=0;
+ c_msg=0;
c_showcerts=0;
if (bio_err == NULL)
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+ if (!load_config(bio_err, NULL))
+ goto end;
+
if ( ((cbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
- ((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL))
+ ((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
+ ((mbuf=OPENSSL_malloc(BUFSIZZ)) == NULL))
{
BIO_printf(bio_err,"out of memory\n");
goto end;
@@ -250,6 +329,10 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
cert_file= *(++argv);
}
+ else if (strcmp(*argv,"-crl_check") == 0)
+ vflags |= X509_V_FLAG_CRL_CHECK;
+ else if (strcmp(*argv,"-crl_check_all") == 0)
+ vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
else if (strcmp(*argv,"-prexit") == 0)
prexit=1;
else if (strcmp(*argv,"-crlf") == 0)
@@ -265,21 +348,23 @@ int MAIN(int argc, char **argv)
c_Pause=1;
else if (strcmp(*argv,"-debug") == 0)
c_debug=1;
+ else if (strcmp(*argv,"-msg") == 0)
+ c_msg=1;
else if (strcmp(*argv,"-showcerts") == 0)
c_showcerts=1;
else if (strcmp(*argv,"-nbio_test") == 0)
nbio_test=1;
else if (strcmp(*argv,"-state") == 0)
state=1;
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
else if (strcmp(*argv,"-ssl2") == 0)
meth=SSLv2_client_method();
#endif
-#ifndef NO_SSL3
+#ifndef OPENSSL_NO_SSL3
else if (strcmp(*argv,"-ssl3") == 0)
meth=SSLv3_client_method();
#endif
-#ifndef NO_TLS1
+#ifndef OPENSSL_NO_TLS1
else if (strcmp(*argv,"-tls1") == 0)
meth=TLSv1_client_method();
#endif
@@ -310,6 +395,8 @@ int MAIN(int argc, char **argv)
off|=SSL_OP_NO_SSLv3;
else if (strcmp(*argv,"-no_ssl2") == 0)
off|=SSL_OP_NO_SSLv2;
+ else if (strcmp(*argv,"-serverpref") == 0)
+ off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
else if (strcmp(*argv,"-cipher") == 0)
{
if (--argc < 1) goto bad;
@@ -319,6 +406,20 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv,"-nbio") == 0)
{ c_nbio=1; }
#endif
+ else if (strcmp(*argv,"-starttls") == 0)
+ {
+ if (--argc < 1) goto bad;
+ ++argv;
+ if (strcmp(*argv,"smtp") == 0)
+ smtp_starttls = 1;
+ else
+ goto bad;
+ }
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine_id = *(++argv);
+ }
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
@@ -340,6 +441,11 @@ bad:
goto end;
}
+ OpenSSL_add_ssl_algorithms();
+ SSL_load_error_strings();
+
+ e = setup_engine(bio_err, engine_id, 1);
+
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
&& !RAND_status())
{
@@ -351,7 +457,7 @@ bad:
if (bio_c_out == NULL)
{
- if (c_quiet)
+ if (c_quiet && !c_debug && !c_msg)
{
bio_c_out=BIO_new(BIO_s_null());
}
@@ -362,8 +468,6 @@ bad:
}
}
- OpenSSL_add_ssl_algorithms();
- SSL_load_error_strings();
ctx=SSL_CTX_new(meth);
if (ctx == NULL)
{
@@ -400,8 +504,16 @@ bad:
/* goto end; */
}
+ store = SSL_CTX_get_cert_store(ctx);
+ X509_STORE_set_flags(store, vflags);
con=SSL_new(ctx);
+#ifndef OPENSSL_NO_KRB5
+ if (con && (con->kssl_ctx = kssl_ctx_new()) != NULL)
+ {
+ kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVER, host);
+ }
+#endif /* OPENSSL_NO_KRB5 */
/* SSL_set_cipher_list(con,"RC4-MD5"); */
re_start:
@@ -443,6 +555,11 @@ re_start:
BIO_set_callback(sbio,bio_dump_cb);
BIO_set_callback_arg(sbio,bio_c_out);
}
+ if (c_msg)
+ {
+ SSL_set_msg_callback(con, msg_cb);
+ SSL_set_msg_callback_arg(con, bio_c_out);
+ }
SSL_set_bio(con,sbio,sbio);
SSL_set_connect_state(con);
@@ -461,6 +578,14 @@ re_start:
sbuf_len=0;
sbuf_off=0;
+ /* This is an ugly hack that does a lot of assumptions */
+ if (smtp_starttls)
+ {
+ BIO_read(sbio,mbuf,BUFSIZZ);
+ BIO_printf(sbio,"STARTTLS\r\n");
+ BIO_read(sbio,sbuf,BUFSIZZ);
+ }
+
for (;;)
{
FD_ZERO(&readfds);
@@ -480,6 +605,13 @@ re_start:
print_stuff(bio_c_out,con,full_log);
if (full_log > 0) full_log--;
+ if (smtp_starttls)
+ {
+ BIO_printf(bio_err,"%s",mbuf);
+ /* We don't need to know any more */
+ smtp_starttls = 0;
+ }
+
if (reconnect)
{
reconnect--;
@@ -496,7 +628,7 @@ re_start:
if (!ssl_pending)
{
-#ifndef WINDOWS
+#ifndef OPENSSL_SYS_WINDOWS
if (tty_on)
{
if (read_tty) FD_SET(fileno(stdin),&readfds);
@@ -523,7 +655,7 @@ re_start:
* will choke the compiler: if you do have a cast then
* you can either go for (int *) or (void *).
*/
-#ifdef WINDOWS
+#ifdef OPENSSL_SYS_WINDOWS
/* Under Windows we make the assumption that we can
* always write to the tty: therefore if we need to
* write to the tty we just fall through. Otherwise
@@ -538,7 +670,11 @@ re_start:
tv.tv_usec = 0;
i=select(width,(void *)&readfds,(void *)&writefds,
NULL,&tv);
+#ifdef OPENSSL_SYS_WINCE
+ if(!i && (!_kbhit() || !read_tty) ) continue;
+#else
if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue;
+#endif
} else i=select(width,(void *)&readfds,(void *)&writefds,
NULL,NULL);
}
@@ -622,8 +758,8 @@ re_start:
goto shut;
}
}
-#ifdef WINDOWS
- /* Assume Windows can always write */
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+ /* Assume Windows/DOS can always write */
else if (!ssl_pending && write_tty)
#else
else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds))
@@ -703,8 +839,12 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
}
}
-#ifdef WINDOWS
+#ifdef OPENSSL_SYS_WINDOWS
+#ifdef OPENSSL_SYS_WINCE
+ else if (_kbhit())
+#else
else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
+#endif
#else
else if (FD_ISSET(fileno(stdin),&readfds))
#endif
@@ -768,14 +908,16 @@ end:
if (con != NULL) SSL_free(con);
if (con2 != NULL) SSL_free(con2);
if (ctx != NULL) SSL_CTX_free(ctx);
- if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); OPENSSL_free(cbuf); }
- if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); OPENSSL_free(sbuf); }
+ if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
+ if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
+ if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }
if (bio_c_out != NULL)
{
BIO_free(bio_c_out);
bio_c_out=NULL;
}
- EXIT(ret);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
}
@@ -804,10 +946,10 @@ static void print_stuff(BIO *bio, SSL *s, int full)
for (i=0; i<sk_X509_num(sk); i++)
{
X509_NAME_oneline(X509_get_subject_name(
- sk_X509_value(sk,i)),buf,BUFSIZ);
+ sk_X509_value(sk,i)),buf,sizeof buf);
BIO_printf(bio,"%2d s:%s\n",i,buf);
X509_NAME_oneline(X509_get_issuer_name(
- sk_X509_value(sk,i)),buf,BUFSIZ);
+ sk_X509_value(sk,i)),buf,sizeof buf);
BIO_printf(bio," i:%s\n",buf);
if (c_showcerts)
PEM_write_bio_X509(bio,sk_X509_value(sk,i));
@@ -822,10 +964,10 @@ static void print_stuff(BIO *bio, SSL *s, int full)
if (!(c_showcerts && got_a_chain)) /* Redundant if we showed the whole chain */
PEM_write_bio_X509(bio,peer);
X509_NAME_oneline(X509_get_subject_name(peer),
- buf,BUFSIZ);
+ buf,sizeof buf);
BIO_printf(bio,"subject=%s\n",buf);
X509_NAME_oneline(X509_get_issuer_name(peer),
- buf,BUFSIZ);
+ buf,sizeof buf);
BIO_printf(bio,"issuer=%s\n",buf);
}
else
@@ -847,7 +989,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
{
BIO_printf(bio,"---\nNo client certificate CA names sent\n");
}
- p=SSL_get_shared_ciphers(s,buf,BUFSIZ);
+ p=SSL_get_shared_ciphers(s,buf,sizeof buf);
if (p != NULL)
{
/* This works only for SSL 2. In later protocol
diff --git a/crypto/openssl/apps/s_server.c b/crypto/openssl/apps/s_server.c
index 624dfb5..44886c5 100644
--- a/crypto/openssl/apps/s_server.c
+++ b/crypto/openssl/apps/s_server.c
@@ -55,6 +55,59 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
#include <assert.h>
#include <stdio.h>
@@ -62,7 +115,8 @@
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
-#ifdef NO_STDIO
+#include <openssl/e_os2.h>
+#ifdef OPENSSL_NO_STDIO
#define APPS_WIN16
#endif
@@ -70,7 +124,7 @@
recursive header file inclusion, resulting in the compiler complaining
that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
is needed to have fileno() declared correctly... So let's define u_int */
-#if defined(VMS) && defined(__DECC) && !defined(__U_INT)
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
#define __U_INT
typedef unsigned int u_int;
#endif
@@ -86,16 +140,24 @@ typedef unsigned int u_int;
#include <openssl/rand.h>
#include "s_apps.h"
-#ifdef WINDOWS
+#ifdef OPENSSL_SYS_WINDOWS
#include <conio.h>
#endif
-#if (defined(VMS) && __VMS_VER < 70000000)
+#ifdef OPENSSL_SYS_WINCE
+/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
+#ifdef fileno
+#undef fileno
+#endif
+#define fileno(a) (int)_fileno(a)
+#endif
+
+#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
#undef FIONBIO
#endif
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
#endif
static int sv_body(char *hostname, int s, unsigned char *context);
@@ -104,7 +166,9 @@ static void close_accept_socket(void );
static void sv_usage(void);
static int init_ssl_connection(SSL *s);
static void print_stats(BIO *bp,SSL_CTX *ctx);
-#ifndef NO_DH
+static int generate_session_id(const SSL *ssl, unsigned char *id,
+ unsigned int *id_len);
+#ifndef OPENSSL_NO_DH
static DH *load_dh_param(char *dhfile);
static DH *get_dh512(void);
#endif
@@ -120,7 +184,7 @@ static void s_server_init(void);
# endif
#endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
static unsigned char dh512_p[]={
0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
@@ -174,9 +238,12 @@ static int www=0;
static BIO *bio_s_out=NULL;
static int s_debug=0;
+static int s_msg=0;
static int s_quiet=0;
static int hack=0;
+static char *engine_id=NULL;
+static const char *session_id_prefix=NULL;
#ifdef MONOLITH
static void s_server_init(void)
@@ -197,8 +264,10 @@ static void s_server_init(void)
bio_s_out=NULL;
s_debug=0;
+ s_msg=0;
s_quiet=0;
hack=0;
+ engine_id=NULL;
}
#endif
@@ -224,11 +293,13 @@ static void sv_usage(void)
BIO_printf(bio_err," -nbio_test - test with the non-blocking test bio\n");
BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n");
BIO_printf(bio_err," -debug - Print more output\n");
+ BIO_printf(bio_err," -msg - Show protocol messages\n");
BIO_printf(bio_err," -state - Print the SSL states\n");
BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n");
BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n");
+ BIO_printf(bio_err," -serverpref - Use server's cipher preferences\n");
BIO_printf(bio_err," -quiet - No server output\n");
BIO_printf(bio_err," -no_tmp_rsa - Do not generate a tmp RSA key\n");
BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n");
@@ -237,12 +308,16 @@ static void sv_usage(void)
BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n");
BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n");
BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n");
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n");
#endif
BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n");
BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n");
BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
+ BIO_printf(bio_err," -HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
+ BIO_printf(bio_err," with the assumption it contains a complete HTTP response.\n");
+ BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
+ BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
}
@@ -253,10 +328,10 @@ static char **local_argv;
static int ebcdic_new(BIO *bi);
static int ebcdic_free(BIO *a);
static int ebcdic_read(BIO *b, char *out, int outl);
-static int ebcdic_write(BIO *b, char *in, int inl);
-static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr);
+static int ebcdic_write(BIO *b, const char *in, int inl);
+static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr);
static int ebcdic_gets(BIO *bp, char *buf, int size);
-static int ebcdic_puts(BIO *bp, char *str);
+static int ebcdic_puts(BIO *bp, const char *str);
#define BIO_TYPE_EBCDIC_FILTER (18|0x0200)
static BIO_METHOD methods_ebcdic=
@@ -321,7 +396,7 @@ static int ebcdic_read(BIO *b, char *out, int outl)
return(ret);
}
-static int ebcdic_write(BIO *b, char *in, int inl)
+static int ebcdic_write(BIO *b, const char *in, int inl)
{
EBCDIC_OUTBUFF *wbuf;
int ret=0;
@@ -354,7 +429,7 @@ static int ebcdic_write(BIO *b, char *in, int inl)
return(ret);
}
-static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr)
+static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)
{
long ret;
@@ -373,7 +448,7 @@ static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr)
static int ebcdic_gets(BIO *bp, char *buf, int size)
{
- int i, ret;
+ int i, ret=0;
if (bp->next_bio == NULL) return(0);
/* return(BIO_gets(bp->next_bio,buf,size));*/
for (i=0; i<size-1; ++i)
@@ -392,7 +467,7 @@ static int ebcdic_gets(BIO *bp, char *buf, int size)
return (ret < 0 && i == 0) ? ret : i;
}
-static int ebcdic_puts(BIO *bp, char *str)
+static int ebcdic_puts(BIO *bp, const char *str)
{
if (bp->next_bio == NULL) return(0);
return ebcdic_write(bp, str, strlen(str));
@@ -403,6 +478,8 @@ int MAIN(int, char **);
int MAIN(int argc, char *argv[])
{
+ X509_STORE *store = NULL;
+ int vflags = 0;
short port=PORT;
char *CApath=NULL,*CAfile=NULL;
char *context = NULL;
@@ -413,16 +490,14 @@ int MAIN(int argc, char *argv[])
int no_tmp_rsa=0,no_dhe=0,nocert=0;
int state=0;
SSL_METHOD *meth=NULL;
+ ENGINE *e=NULL;
char *inrand=NULL;
-#ifndef NO_DH
- DH *dh=NULL;
-#endif
-#if !defined(NO_SSL2) && !defined(NO_SSL3)
+#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
meth=SSLv23_server_method();
-#elif !defined(NO_SSL3)
+#elif !defined(OPENSSL_NO_SSL3)
meth=SSLv3_server_method();
-#elif !defined(NO_SSL2)
+#elif !defined(OPENSSL_NO_SSL2)
meth=SSLv2_server_method();
#endif
@@ -437,6 +512,9 @@ int MAIN(int argc, char *argv[])
if (bio_err == NULL)
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+ if (!load_config(bio_err, NULL))
+ goto end;
+
verify_depth=0;
#ifdef FIONBIO
s_nbio=0;
@@ -509,6 +587,16 @@ int MAIN(int argc, char *argv[])
if (--argc < 1) goto bad;
CApath= *(++argv);
}
+ else if (strcmp(*argv,"-crl_check") == 0)
+ {
+ vflags |= X509_V_FLAG_CRL_CHECK;
+ }
+ else if (strcmp(*argv,"-crl_check") == 0)
+ {
+ vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
+ }
+ else if (strcmp(*argv,"-serverpref") == 0)
+ { off|=SSL_OP_CIPHER_SERVER_PREFERENCE; }
else if (strcmp(*argv,"-cipher") == 0)
{
if (--argc < 1) goto bad;
@@ -532,6 +620,8 @@ int MAIN(int argc, char *argv[])
}
else if (strcmp(*argv,"-debug") == 0)
{ s_debug=1; }
+ else if (strcmp(*argv,"-msg") == 0)
+ { s_msg=1; }
else if (strcmp(*argv,"-hack") == 0)
{ hack=1; }
else if (strcmp(*argv,"-state") == 0)
@@ -550,24 +640,36 @@ int MAIN(int argc, char *argv[])
{ www=1; }
else if (strcmp(*argv,"-WWW") == 0)
{ www=2; }
+ else if (strcmp(*argv,"-HTTP") == 0)
+ { www=3; }
else if (strcmp(*argv,"-no_ssl2") == 0)
{ off|=SSL_OP_NO_SSLv2; }
else if (strcmp(*argv,"-no_ssl3") == 0)
{ off|=SSL_OP_NO_SSLv3; }
else if (strcmp(*argv,"-no_tls1") == 0)
{ off|=SSL_OP_NO_TLSv1; }
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
else if (strcmp(*argv,"-ssl2") == 0)
{ meth=SSLv2_server_method(); }
#endif
-#ifndef NO_SSL3
+#ifndef OPENSSL_NO_SSL3
else if (strcmp(*argv,"-ssl3") == 0)
{ meth=SSLv3_server_method(); }
#endif
-#ifndef NO_TLS1
+#ifndef OPENSSL_NO_TLS1
else if (strcmp(*argv,"-tls1") == 0)
{ meth=TLSv1_server_method(); }
#endif
+ else if (strcmp(*argv, "-id_prefix") == 0)
+ {
+ if (--argc < 1) goto bad;
+ session_id_prefix = *(++argv);
+ }
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine_id= *(++argv);
+ }
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
@@ -589,6 +691,11 @@ bad:
goto end;
}
+ SSL_load_error_strings();
+ OpenSSL_add_ssl_algorithms();
+
+ e = setup_engine(bio_err, engine_id, 1);
+
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
&& !RAND_status())
{
@@ -600,7 +707,7 @@ bad:
if (bio_s_out == NULL)
{
- if (s_quiet && !s_debug)
+ if (s_quiet && !s_debug && !s_msg)
{
bio_s_out=BIO_new(BIO_s_null());
}
@@ -611,7 +718,7 @@ bad:
}
}
-#if !defined(NO_RSA) || !defined(NO_DSA)
+#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA)
if (nocert)
#endif
{
@@ -621,21 +728,32 @@ bad:
s_dkey_file=NULL;
}
- SSL_load_error_strings();
- OpenSSL_add_ssl_algorithms();
-
ctx=SSL_CTX_new(meth);
if (ctx == NULL)
{
ERR_print_errors(bio_err);
goto end;
}
-
+ if (session_id_prefix)
+ {
+ if(strlen(session_id_prefix) >= 32)
+ BIO_printf(bio_err,
+"warning: id_prefix is too long, only one new session will be possible\n");
+ else if(strlen(session_id_prefix) >= 16)
+ BIO_printf(bio_err,
+"warning: id_prefix is too long if you use SSLv2\n");
+ if(!SSL_CTX_set_generate_session_id(ctx, generate_session_id))
+ {
+ BIO_printf(bio_err,"error setting 'id_prefix'\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ BIO_printf(bio_err,"id_prefix '%s' set.\n", session_id_prefix);
+ }
SSL_CTX_set_quiet_shutdown(ctx,1);
if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL);
if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
SSL_CTX_set_options(ctx,off);
- if (hack) SSL_CTX_set_options(ctx,SSL_OP_NON_EXPORT_FIRST);
if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
@@ -660,11 +778,19 @@ bad:
ERR_print_errors(bio_err);
/* goto end; */
}
+ store = SSL_CTX_get_cert_store(ctx);
+ X509_STORE_set_flags(store, vflags);
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
if (!no_dhe)
{
- dh=load_dh_param(dhfile ? dhfile : s_cert_file);
+ DH *dh=NULL;
+
+ if (dhfile)
+ dh = load_dh_param(dhfile);
+ else if (s_cert_file)
+ dh = load_dh_param(s_cert_file);
+
if (dh != NULL)
{
BIO_printf(bio_s_out,"Setting temp DH parameters\n");
@@ -689,7 +815,7 @@ bad:
goto end;
}
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
#if 1
if (!no_tmp_rsa)
SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
@@ -741,7 +867,8 @@ end:
BIO_free(bio_s_out);
bio_s_out=NULL;
}
- EXIT(ret);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
}
static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
@@ -778,7 +905,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
unsigned long l;
SSL *con=NULL;
BIO *sbio;
-#ifdef WINDOWS
+#ifdef OPENSSL_SYS_WINDOWS
struct timeval tv;
#endif
@@ -801,6 +928,15 @@ static int sv_body(char *hostname, int s, unsigned char *context)
if (con == NULL) {
con=SSL_new(ctx);
+#ifndef OPENSSL_NO_KRB5
+ if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
+ {
+ kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE,
+ KRB5SVC);
+ kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB,
+ KRB5KEYTAB);
+ }
+#endif /* OPENSSL_NO_KRB5 */
if(context)
SSL_set_session_id_context(con, context,
strlen((char *)context));
@@ -825,6 +961,11 @@ static int sv_body(char *hostname, int s, unsigned char *context)
BIO_set_callback(SSL_get_rbio(con),bio_dump_cb);
BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out);
}
+ if (s_msg)
+ {
+ SSL_set_msg_callback(con, msg_cb);
+ SSL_set_msg_callback_arg(con, bio_s_out);
+ }
width=s+1;
for (;;)
@@ -838,7 +979,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
if (!read_from_sslcon)
{
FD_ZERO(&readfds);
-#ifndef WINDOWS
+#ifndef OPENSSL_SYS_WINDOWS
FD_SET(fileno(stdin),&readfds);
#endif
FD_SET(s,&readfds);
@@ -848,7 +989,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
* the compiler: if you do have a cast then you can either
* go for (int *) or (void *).
*/
-#ifdef WINDOWS
+#ifdef OPENSSL_SYS_WINDOWS
/* Under Windows we can't select on stdin: only
* on sockets. As a workaround we timeout the select every
* second and check for any keypress. In a proper Windows
@@ -1043,7 +1184,7 @@ err:
BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
if (buf != NULL)
{
- memset(buf,0,bufsize);
+ OPENSSL_cleanse(buf,bufsize);
OPENSSL_free(buf);
}
if (ret >= 0)
@@ -1095,14 +1236,14 @@ static int init_ssl_connection(SSL *con)
{
BIO_printf(bio_s_out,"Client certificate\n");
PEM_write_bio_X509(bio_s_out,peer);
- X509_NAME_oneline(X509_get_subject_name(peer),buf,BUFSIZ);
+ X509_NAME_oneline(X509_get_subject_name(peer),buf,sizeof buf);
BIO_printf(bio_s_out,"subject=%s\n",buf);
- X509_NAME_oneline(X509_get_issuer_name(peer),buf,BUFSIZ);
+ X509_NAME_oneline(X509_get_issuer_name(peer),buf,sizeof buf);
BIO_printf(bio_s_out,"issuer=%s\n",buf);
X509_free(peer);
}
- if (SSL_get_shared_ciphers(con,buf,BUFSIZ) != NULL)
+ if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL)
BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
@@ -1114,7 +1255,7 @@ static int init_ssl_connection(SSL *con)
return(1);
}
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
static DH *load_dh_param(char *dhfile)
{
DH *ret=NULL;
@@ -1183,6 +1324,13 @@ static int www_body(char *hostname, int s, unsigned char *context)
if (!BIO_set_write_buffer_size(io,bufsize)) goto err;
if ((con=SSL_new(ctx)) == NULL) goto err;
+#ifndef OPENSSL_NO_KRB5
+ if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
+ {
+ kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC);
+ kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB);
+ }
+#endif /* OPENSSL_NO_KRB5 */
if(context) SSL_set_session_id_context(con, context,
strlen((char *)context));
@@ -1210,6 +1358,11 @@ static int www_body(char *hostname, int s, unsigned char *context)
BIO_set_callback(SSL_get_rbio(con),bio_dump_cb);
BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out);
}
+ if (s_msg)
+ {
+ SSL_set_msg_callback(con, msg_cb);
+ SSL_set_msg_callback_arg(con, bio_s_out);
+ }
blank=0;
for (;;)
@@ -1250,7 +1403,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
else
{
BIO_printf(bio_s_out,"read R BLOCK\n");
-#ifndef MSDOS
+#if !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
sleep(1);
#endif
continue;
@@ -1344,7 +1497,8 @@ static int www_body(char *hostname, int s, unsigned char *context)
BIO_puts(io,"</BODY></HTML>\r\n\r\n");
break;
}
- else if ((www == 2) && (strncmp("GET /",buf,5) == 0))
+ else if ((www == 2 || www == 3)
+ && (strncmp("GET /",buf,5) == 0))
{
BIO *file;
char *p,*e;
@@ -1434,13 +1588,16 @@ static int www_body(char *hostname, int s, unsigned char *context)
if (!s_quiet)
BIO_printf(bio_err,"FILE:%s\n",p);
- i=strlen(p);
- if ( ((i > 5) && (strcmp(&(p[i-5]),".html") == 0)) ||
- ((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) ||
- ((i > 4) && (strcmp(&(p[i-4]),".htm") == 0)))
- BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
- else
- BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
+ if (www == 2)
+ {
+ i=strlen(p);
+ if ( ((i > 5) && (strcmp(&(p[i-5]),".html") == 0)) ||
+ ((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) ||
+ ((i > 4) && (strcmp(&(p[i-4]),".htm") == 0)))
+ BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
+ else
+ BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
+ }
/* send the file */
total_bytes=0;
for (;;)
@@ -1518,7 +1675,7 @@ err:
return(ret);
}
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
{
static RSA *rsa_tmp=NULL;
@@ -1540,3 +1697,26 @@ static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
return(rsa_tmp);
}
#endif
+
+#define MAX_SESSION_ID_ATTEMPTS 10
+static int generate_session_id(const SSL *ssl, unsigned char *id,
+ unsigned int *id_len)
+ {
+ unsigned int count = 0;
+ do {
+ RAND_pseudo_bytes(id, *id_len);
+ /* Prefix the session_id with the required prefix. NB: If our
+ * prefix is too long, clip it - but there will be worse effects
+ * anyway, eg. the server could only possibly create 1 session
+ * ID (ie. the prefix!) so all future session negotiations will
+ * fail due to conflicts. */
+ memcpy(id, session_id_prefix,
+ (strlen(session_id_prefix) < *id_len) ?
+ strlen(session_id_prefix) : *id_len);
+ }
+ while(SSL_has_matching_session_id(ssl, id, *id_len) &&
+ (++count < MAX_SESSION_ID_ATTEMPTS));
+ if(count >= MAX_SESSION_ID_ATTEMPTS)
+ return 0;
+ return 1;
+ }
diff --git a/crypto/openssl/apps/s_socket.c b/crypto/openssl/apps/s_socket.c
index 9812e6d..a88de6c 100644
--- a/crypto/openssl/apps/s_socket.c
+++ b/crypto/openssl/apps/s_socket.c
@@ -62,11 +62,13 @@
#include <errno.h>
#include <signal.h>
+#include <openssl/e_os2.h>
+
/* With IPv6, it looks like Digital has mixed up the proper order of
recursive header file inclusion, resulting in the compiler complaining
that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
is needed to have fileno() declared correctly... So let's define u_int */
-#if defined(VMS) && defined(__DECC) && !defined(__U_INT)
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
#define __U_INT
typedef unsigned int u_int;
#endif
@@ -80,27 +82,27 @@ typedef unsigned int u_int;
#include <openssl/ssl.h>
static struct hostent *GetHostByName(char *name);
-#ifdef WINDOWS
-static void sock_cleanup(void);
+#ifdef OPENSSL_SYS_WINDOWS
+static void ssl_sock_cleanup(void);
#endif
-static int sock_init(void);
+static int ssl_sock_init(void);
static int init_client_ip(int *sock,unsigned char ip[4], int port);
static int init_server(int *sock, int port);
static int init_server_long(int *sock, int port,char *ip);
static int do_accept(int acc_sock, int *sock, char **host);
static int host_ip(char *str, unsigned char ip[4]);
-#ifdef WIN16
+#ifdef OPENSSL_SYS_WIN16
#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
#else
#define SOCKET_PROTOCOL IPPROTO_TCP
#endif
-#ifdef WINDOWS
+#ifdef OPENSSL_SYS_WINDOWS
static struct WSAData wsa_state;
static int wsa_init_done=0;
-#ifdef WIN16
+#ifdef OPENSSL_SYS_WIN16
static HWND topWnd=0;
static FARPROC lpTopWndProc=NULL;
static FARPROC lpTopHookProc=NULL;
@@ -116,7 +118,7 @@ static LONG FAR PASCAL topHookProc(HWND hwnd, UINT message, WPARAM wParam,
case WM_DESTROY:
case WM_CLOSE:
SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopWndProc);
- sock_cleanup();
+ ssl_sock_cleanup();
break;
}
}
@@ -129,30 +131,38 @@ static BOOL CALLBACK enumproc(HWND hwnd,LPARAM lParam)
return(FALSE);
}
-#endif /* WIN32 */
-#endif /* WINDOWS */
+#endif /* OPENSSL_SYS_WIN32 */
+#endif /* OPENSSL_SYS_WINDOWS */
-#ifdef WINDOWS
-static void sock_cleanup(void)
+#ifdef OPENSSL_SYS_WINDOWS
+static void ssl_sock_cleanup(void)
{
if (wsa_init_done)
{
wsa_init_done=0;
+#ifndef OPENSSL_SYS_WINCE
WSACancelBlockingCall();
+#endif
WSACleanup();
}
}
#endif
-static int sock_init(void)
+static int ssl_sock_init(void)
{
-#ifdef WINDOWS
+#ifdef WATT32
+ extern int _watt_do_exit;
+ _watt_do_exit = 0;
+ dbug_init();
+ if (sock_init())
+ return (0);
+#elif defined(OPENSSL_SYS_WINDOWS)
if (!wsa_init_done)
{
int err;
#ifdef SIGINT
- signal(SIGINT,(void (*)(int))sock_cleanup);
+ signal(SIGINT,(void (*)(int))ssl_sock_cleanup);
#endif
wsa_init_done=1;
memset(&wsa_state,0,sizeof(wsa_state));
@@ -163,15 +173,15 @@ static int sock_init(void)
return(0);
}
-#ifdef WIN16
+#ifdef OPENSSL_SYS_WIN16
EnumTaskWindows(GetCurrentTask(),enumproc,0L);
lpTopWndProc=(FARPROC)GetWindowLong(topWnd,GWL_WNDPROC);
lpTopHookProc=MakeProcInstance((FARPROC)topHookProc,_hInstance);
SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopHookProc);
-#endif /* WIN16 */
+#endif /* OPENSSL_SYS_WIN16 */
}
-#endif /* WINDOWS */
+#endif /* OPENSSL_SYS_WINDOWS */
return(1);
}
@@ -194,7 +204,7 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port)
struct sockaddr_in them;
int s,i;
- if (!sock_init()) return(0);
+ if (!ssl_sock_init()) return(0);
memset((char *)&them,0,sizeof(them));
them.sin_family=AF_INET;
@@ -209,7 +219,7 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port)
s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
if (s == INVALID_SOCKET) { perror("socket"); return(0); }
-#ifndef MPE
+#ifndef OPENSSL_SYS_MPE
i=0;
i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
if (i < 0) { perror("keepalive"); return(0); }
@@ -259,7 +269,7 @@ static int init_server_long(int *sock, int port, char *ip)
struct sockaddr_in server;
int s= -1,i;
- if (!sock_init()) return(0);
+ if (!ssl_sock_init()) return(0);
memset((char *)&server,0,sizeof(server));
server.sin_family=AF_INET;
@@ -285,7 +295,7 @@ static int init_server_long(int *sock, int port, char *ip)
#endif
if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
{
-#ifndef WINDOWS
+#ifndef OPENSSL_SYS_WINDOWS
perror("bind");
#endif
goto err;
@@ -316,9 +326,9 @@ static int do_accept(int acc_sock, int *sock, char **host)
int len;
/* struct linger ling; */
- if (!sock_init()) return(0);
+ if (!ssl_sock_init()) return(0);
-#ifndef WINDOWS
+#ifndef OPENSSL_SYS_WINDOWS
redoit:
#endif
@@ -332,7 +342,7 @@ redoit:
ret=accept(acc_sock,(struct sockaddr *)&from,(void *)&len);
if (ret == INVALID_SOCKET)
{
-#ifdef WINDOWS
+#ifdef OPENSSL_SYS_WINDOWS
i=WSAGetLastError();
BIO_printf(bio_err,"accept error %d\n",i);
#else
@@ -446,7 +456,7 @@ static int host_ip(char *str, unsigned char ip[4])
{ /* do a gethostbyname */
struct hostent *he;
- if (!sock_init()) return(0);
+ if (!ssl_sock_init()) return(0);
he=GetHostByName(str);
if (he == NULL)
@@ -527,9 +537,12 @@ static struct hostent *GetHostByName(char *name)
ret=gethostbyname(name);
if (ret == NULL) return(NULL);
/* else add to cache */
- strncpy(ghbn_cache[lowi].name,name,128);
- memcpy((char *)&(ghbn_cache[lowi].ent),ret,sizeof(struct hostent));
- ghbn_cache[lowi].order=ghbn_miss+ghbn_hits;
+ if(strlen(name) < sizeof ghbn_cache[0].name)
+ {
+ strcpy(ghbn_cache[lowi].name,name);
+ memcpy((char *)&(ghbn_cache[lowi].ent),ret,sizeof(struct hostent));
+ ghbn_cache[lowi].order=ghbn_miss+ghbn_hits;
+ }
return(ret);
}
else
diff --git a/crypto/openssl/apps/s_time.c b/crypto/openssl/apps/s_time.c
index 2d8e2b2..1ad16cd 100644
--- a/crypto/openssl/apps/s_time.c
+++ b/crypto/openssl/apps/s_time.c
@@ -67,22 +67,25 @@
#include <stdlib.h>
#include <string.h>
-#ifdef NO_STDIO
+#define USE_SOCKETS
+#include "apps.h"
+#ifdef OPENSSL_NO_STDIO
#define APPS_WIN16
#endif
-#define USE_SOCKETS
#include <openssl/x509.h>
#include <openssl/ssl.h>
#include <openssl/pem.h>
-#include "apps.h"
#include "s_apps.h"
#include <openssl/err.h>
#ifdef WIN32_STUFF
#include "winmain.h"
#include "wintext.h"
#endif
+#if !defined(OPENSSL_SYS_MSDOS)
+#include OPENSSL_UNISTD
+#endif
-#if !defined(MSDOS) && !defined(VXWORKS) && (!defined(VMS) || defined(__DECC)) || defined (_DARWIN)
+#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC))
#define TIMES
#endif
@@ -98,18 +101,14 @@
The __TMS macro will show if it was. If it wasn't defined, we should
undefine TIMES, since that tells the rest of the program how things
should be handled. -- Richard Levitte */
-#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
#undef TIMES
#endif
-#if !defined(TIMES) && !defined(VXWORKS)
+#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS)
#include <sys/timeb.h>
#endif
-#ifdef _AIX
-#include <sys/select.h>
-#endif
-
#if defined(sun) || defined(__ultrix)
#define _POSIX_SOURCE
#include <limits.h>
@@ -119,11 +118,19 @@
/* The following if from times(3) man page. It may need to be changed
*/
#ifndef HZ
-#ifndef CLK_TCK
-#define HZ 100.0
-#else /* CLK_TCK */
-#define HZ ((double)CLK_TCK)
-#endif
+# ifdef _SC_CLK_TCK
+# define HZ ((double)sysconf(_SC_CLK_TCK))
+# else
+# ifndef CLK_TCK
+# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
+# define HZ 100.0
+# else /* _BSD_CLK_TCK_ */
+# define HZ ((double)_BSD_CLK_TCK_)
+# endif
+# else /* CLK_TCK */
+# define HZ ((double)CLK_TCK)
+# endif
+# endif
#endif
#undef PROG
@@ -139,6 +146,8 @@
#undef BUFSIZZ
#define BUFSIZZ 1024*10
+#define MYBUFSIZ 1024*8
+
#undef min
#undef max
#define min(a,b) (((a) < (b)) ? (a) : (b))
@@ -176,7 +185,7 @@ static int perform=0;
#ifdef FIONBIO
static int t_nbio=0;
#endif
-#ifdef WIN32
+#ifdef OPENSSL_SYS_WIN32
static int exitNow = 0; /* Set when it's time to exit main */
#endif
@@ -200,7 +209,7 @@ static void s_time_init(void)
#ifdef FIONBIO
t_nbio=0;
#endif
-#ifdef WIN32
+#ifdef OPENSSL_SYS_WIN32
exitNow = 0; /* Set when it's time to exit main */
#endif
}
@@ -313,14 +322,19 @@ static int parseArgs(int argc, char **argv)
{
if (--argc < 1) goto bad;
s_www_path= *(++argv);
+ if(strlen(s_www_path) > MYBUFSIZ-100)
+ {
+ BIO_printf(bio_err,"-www option too long\n");
+ badop=1;
+ }
}
else if(strcmp(*argv,"-bugs") == 0)
st_bugs=1;
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
else if(strcmp(*argv,"-ssl2") == 0)
s_time_meth=SSLv2_client_method();
#endif
-#ifndef NO_SSL3
+#ifndef OPENSSL_NO_SSL3
else if(strcmp(*argv,"-ssl3") == 0)
s_time_meth=SSLv3_client_method();
#endif
@@ -370,7 +384,7 @@ static double tm_Time_F(int s)
ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
return((ret == 0.0)?1e-6:ret);
}
-#elif defined(VXWORKS)
+#elif defined(OPENSSL_SYS_VXWORKS)
{
static unsigned long tick_start, tick_end;
@@ -424,11 +438,11 @@ int MAIN(int argc, char **argv)
if (bio_err == NULL)
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-#if !defined(NO_SSL2) && !defined(NO_SSL3)
+#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
s_time_meth=SSLv23_client_method();
-#elif !defined(NO_SSL3)
+#elif !defined(OPENSSL_NO_SSL3)
s_time_meth=SSLv3_client_method();
-#elif !defined(NO_SSL2)
+#elif !defined(OPENSSL_NO_SSL2)
s_time_meth=SSLv2_client_method();
#endif
@@ -461,7 +475,6 @@ int MAIN(int argc, char **argv)
if (tm_cipher == NULL ) {
fprintf( stderr, "No CIPHER specified\n" );
-/* EXIT(1); */
}
if (!(perform & 1)) goto next;
@@ -474,7 +487,7 @@ int MAIN(int argc, char **argv)
tm_Time_F(START);
for (;;)
{
- if (finishtime < time(NULL)) break;
+ if (finishtime < (long)time(NULL)) break;
#ifdef WIN32_STUFF
if( flushWinMsgs(0) == -1 )
@@ -525,9 +538,9 @@ int MAIN(int argc, char **argv)
}
totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
- i=(int)(time(NULL)-finishtime+maxTime);
+ i=(int)((long)time(NULL)-finishtime+maxTime);
printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);
- printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,time(NULL)-finishtime+maxTime,bytes_read/nConn);
+ printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn);
/* Now loop and time connections using the same session id over and over */
@@ -559,7 +572,7 @@ next:
nConn = 0;
totalTime = 0.0;
- finishtime=time(NULL)+maxTime;
+ finishtime=(long)time(NULL)+maxTime;
printf( "starting\n" );
bytes_read=0;
@@ -567,7 +580,7 @@ next:
for (;;)
{
- if (finishtime < time(NULL)) break;
+ if (finishtime < (long)time(NULL)) break;
#ifdef WIN32_STUFF
if( flushWinMsgs(0) == -1 )
@@ -617,7 +630,7 @@ next:
printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);
- printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,time(NULL)-finishtime+maxTime,bytes_read/nConn);
+ printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn);
ret=0;
end:
@@ -628,7 +641,8 @@ end:
SSL_CTX_free(tm_ctx);
tm_ctx=NULL;
}
- EXIT(ret);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
}
/***********************************************************************
diff --git a/crypto/openssl/apps/sess_id.c b/crypto/openssl/apps/sess_id.c
index 60cc3f1..d91d84d 100644
--- a/crypto/openssl/apps/sess_id.c
+++ b/crypto/openssl/apps/sess_id.c
@@ -156,7 +156,7 @@ int MAIN(int argc, char **argv)
{
bad:
for (pp=sess_id_usage; (*pp != NULL); pp++)
- BIO_printf(bio_err,*pp);
+ BIO_printf(bio_err,"%s",*pp);
goto end;
}
@@ -208,7 +208,7 @@ bad:
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
@@ -272,7 +272,8 @@ bad:
end:
if (out != NULL) BIO_free_all(out);
if (x != NULL) SSL_SESSION_free(x);
- EXIT(ret);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
}
static SSL_SESSION *load_sess_id(char *infile, int format)
diff --git a/crypto/openssl/apps/smime.c b/crypto/openssl/apps/smime.c
index ebdac15..ef0e477 100644
--- a/crypto/openssl/apps/smime.c
+++ b/crypto/openssl/apps/smime.c
@@ -67,7 +67,6 @@
#undef PROG
#define PROG smime_main
-static X509_STORE *setup_verify(char *CAfile, char *CApath);
static int save_certs(char *signerfile, STACK_OF(X509) *signers);
#define SMIME_OP 0x10
@@ -81,6 +80,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
int operation = 0;
int ret = 0;
char **args;
@@ -88,7 +88,7 @@ int MAIN(int argc, char **argv)
char *infile = NULL, *outfile = NULL;
char *signerfile = NULL, *recipfile = NULL;
char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
- EVP_CIPHER *cipher = NULL;
+ const EVP_CIPHER *cipher = NULL;
PKCS7 *p7 = NULL;
X509_STORE *store = NULL;
X509 *cert = NULL, *recip = NULL, *signer = NULL;
@@ -96,30 +96,41 @@ int MAIN(int argc, char **argv)
STACK_OF(X509) *encerts = NULL, *other = NULL;
BIO *in = NULL, *out = NULL, *indata = NULL;
int badarg = 0;
- int flags = PKCS7_DETACHED;
+ int flags = PKCS7_DETACHED, store_flags = 0;
char *to = NULL, *from = NULL, *subject = NULL;
char *CAfile = NULL, *CApath = NULL;
char *passargin = NULL, *passin = NULL;
char *inrand = NULL;
int need_rand = 0;
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
- args = argv + 1;
+ int keyform = FORMAT_PEM;
+ char *engine=NULL;
+ args = argv + 1;
ret = 1;
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
while (!badarg && *args && *args[0] == '-') {
if (!strcmp (*args, "-encrypt")) operation = SMIME_ENCRYPT;
else if (!strcmp (*args, "-decrypt")) operation = SMIME_DECRYPT;
else if (!strcmp (*args, "-sign")) operation = SMIME_SIGN;
else if (!strcmp (*args, "-verify")) operation = SMIME_VERIFY;
else if (!strcmp (*args, "-pk7out")) operation = SMIME_PK7OUT;
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
else if (!strcmp (*args, "-des3"))
cipher = EVP_des_ede3_cbc();
else if (!strcmp (*args, "-des"))
cipher = EVP_des_cbc();
#endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
else if (!strcmp (*args, "-rc2-40"))
cipher = EVP_rc2_40_cbc();
else if (!strcmp (*args, "-rc2-128"))
@@ -127,6 +138,14 @@ int MAIN(int argc, char **argv)
else if (!strcmp (*args, "-rc2-64"))
cipher = EVP_rc2_64_cbc();
#endif
+#ifndef OPENSSL_NO_AES
+ else if (!strcmp(*args,"-aes128"))
+ cipher = EVP_aes_128_cbc();
+ else if (!strcmp(*args,"-aes192"))
+ cipher = EVP_aes_192_cbc();
+ else if (!strcmp(*args,"-aes256"))
+ cipher = EVP_aes_256_cbc();
+#endif
else if (!strcmp (*args, "-text"))
flags |= PKCS7_TEXT;
else if (!strcmp (*args, "-nointern"))
@@ -147,12 +166,21 @@ int MAIN(int argc, char **argv)
flags |= PKCS7_BINARY;
else if (!strcmp (*args, "-nosigs"))
flags |= PKCS7_NOSIGS;
+ else if (!strcmp (*args, "-crl_check"))
+ store_flags |= X509_V_FLAG_CRL_CHECK;
+ else if (!strcmp (*args, "-crl_check_all"))
+ store_flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
else if (!strcmp(*args,"-rand")) {
if (args[1]) {
args++;
inrand = *args;
} else badarg = 1;
need_rand = 1;
+ } else if (!strcmp(*args,"-engine")) {
+ if (args[1]) {
+ args++;
+ engine = *args;
+ } else badarg = 1;
} else if (!strcmp(*args,"-passin")) {
if (args[1]) {
args++;
@@ -188,6 +216,11 @@ int MAIN(int argc, char **argv)
args++;
keyfile = *args;
} else badarg = 1;
+ } else if (!strcmp (*args, "-keyform")) {
+ if (args[1]) {
+ args++;
+ keyform = str2fmt(*args);
+ } else badarg = 1;
} else if (!strcmp (*args, "-certfile")) {
if (args[1]) {
args++;
@@ -259,15 +292,19 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-sign sign message\n");
BIO_printf (bio_err, "-verify verify signed message\n");
BIO_printf (bio_err, "-pk7out output PKCS#7 structure\n");
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
BIO_printf (bio_err, "-des3 encrypt with triple DES\n");
BIO_printf (bio_err, "-des encrypt with DES\n");
#endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n");
BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n");
BIO_printf (bio_err, "-rc2-128 encrypt with RC2-128\n");
#endif
+#ifndef OPENSSL_NO_AES
+ BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
+ BIO_printf (bio_err, " encrypt PEM output with cbc aes\n");
+#endif
BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n");
BIO_printf (bio_err, "-nosigs don't verify message signature\n");
BIO_printf (bio_err, "-noverify don't verify signers certificate\n");
@@ -281,6 +318,7 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-in file input file\n");
BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n");
BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n");
+ BIO_printf (bio_err, "-keyform arg input private key format (PEM or ENGINE)\n");
BIO_printf (bio_err, "-out file output file\n");
BIO_printf (bio_err, "-outform arg output format SMIME (default), PEM or DER\n");
BIO_printf (bio_err, "-content file supply or override content for detached signature\n");
@@ -290,6 +328,9 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-text include or delete text MIME headers\n");
BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
+ BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
+ BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
+ BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
BIO_printf (bio_err, "-passin arg input file pass phrase source\n");
BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
@@ -298,6 +339,8 @@ int MAIN(int argc, char **argv)
goto end;
}
+ e = setup_engine(bio_err, engine, 0);
+
if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
@@ -324,7 +367,7 @@ int MAIN(int argc, char **argv)
if(operation == SMIME_ENCRYPT) {
if (!cipher) {
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
cipher = EVP_rc2_40_cbc();
#else
BIO_printf(bio_err, "No cipher selected\n");
@@ -333,8 +376,11 @@ int MAIN(int argc, char **argv)
}
encerts = sk_X509_new_null();
while (*args) {
- if(!(cert = load_cert(bio_err,*args,FORMAT_PEM))) {
+ if(!(cert = load_cert(bio_err,*args,FORMAT_PEM,
+ NULL, e, "recipient certificate file"))) {
+#if 0 /* An appropriate message is already printed */
BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args);
+#endif
goto end;
}
sk_X509_push(encerts, cert);
@@ -344,23 +390,32 @@ int MAIN(int argc, char **argv)
}
if(signerfile && (operation == SMIME_SIGN)) {
- if(!(signer = load_cert(bio_err,signerfile,FORMAT_PEM))) {
+ if(!(signer = load_cert(bio_err,signerfile,FORMAT_PEM, NULL,
+ e, "signer certificate"))) {
+#if 0 /* An appropri message has already been printed */
BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile);
+#endif
goto end;
}
}
if(certfile) {
- if(!(other = load_certs(bio_err,certfile,FORMAT_PEM))) {
+ if(!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL,
+ e, "certificate file"))) {
+#if 0 /* An appropriate message has already been printed */
BIO_printf(bio_err, "Can't read certificate file %s\n", certfile);
+#endif
ERR_print_errors(bio_err);
goto end;
}
}
if(recipfile && (operation == SMIME_DECRYPT)) {
- if(!(recip = load_cert(bio_err,recipfile,FORMAT_PEM))) {
+ if(!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL,
+ e, "recipient certificate file"))) {
+#if 0 /* An appropriate message has alrady been printed */
BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile);
+#endif
ERR_print_errors(bio_err);
goto end;
}
@@ -373,11 +428,11 @@ int MAIN(int argc, char **argv)
} else keyfile = NULL;
if(keyfile) {
- if(!(key = load_key(bio_err,keyfile, FORMAT_PEM, passin))) {
- BIO_printf(bio_err, "Can't read recipient certificate file %s\n", keyfile);
- ERR_print_errors(bio_err);
+ key = load_key(bio_err, keyfile, keyform, 0, passin, e,
+ "signing key file");
+ if (!key) {
goto end;
- }
+ }
}
if (infile) {
@@ -396,7 +451,7 @@ int MAIN(int argc, char **argv)
}
} else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
@@ -405,9 +460,11 @@ int MAIN(int argc, char **argv)
}
if(operation == SMIME_VERIFY) {
- if(!(store = setup_verify(CAfile, CApath))) goto end;
+ if(!(store = setup_verify(bio_err, CAfile, CApath))) goto end;
+ X509_STORE_set_flags(store, store_flags);
}
+
ret = 3;
if(operation == SMIME_ENCRYPT) {
@@ -507,36 +564,6 @@ end:
return (ret);
}
-static X509_STORE *setup_verify(char *CAfile, char *CApath)
-{
- X509_STORE *store;
- X509_LOOKUP *lookup;
- if(!(store = X509_STORE_new())) goto end;
- lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
- if (lookup == NULL) goto end;
- if (CAfile) {
- if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) {
- BIO_printf(bio_err, "Error loading file %s\n", CAfile);
- goto end;
- }
- } else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
-
- lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
- if (lookup == NULL) goto end;
- if (CApath) {
- if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) {
- BIO_printf(bio_err, "Error loading directory %s\n", CApath);
- goto end;
- }
- } else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
-
- ERR_clear_error();
- return store;
- end:
- X509_STORE_free(store);
- return NULL;
-}
-
static int save_certs(char *signerfile, STACK_OF(X509) *signers)
{
int i;
diff --git a/crypto/openssl/apps/speed.c b/crypto/openssl/apps/speed.c
index f73deba..7f42b52 100644
--- a/crypto/openssl/apps/speed.c
+++ b/crypto/openssl/apps/speed.c
@@ -1,4 +1,4 @@
-/* apps/speed.c */
+/* apps/speed.c -*- mode:C; c-file-style: "eay" -*- */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -75,19 +75,24 @@
#include <string.h>
#include <math.h>
#include "apps.h"
-#ifdef NO_STDIO
+#ifdef OPENSSL_NO_STDIO
#define APPS_WIN16
#endif
#include <openssl/crypto.h>
#include <openssl/rand.h>
#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#if !defined(OPENSSL_SYS_MSDOS)
+#include OPENSSL_UNISTD
+#endif
-#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(_DARWIN)
+#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(OPENSSL_SYS_MACOSX)
# define USE_TOD
-#elif !defined(MSDOS) && !defined(VXWORKS) && (!defined(VMS) || defined(__DECC))
+#elif !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC))
# define TIMES
#endif
-#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE) && !defined(__NetBSD__) && !defined(_DARWIN) && !defined(VXWORKS)
+#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(OPENSSL_SYS_MPE) && !defined(__NetBSD__) && !defined(OPENSSL_SYS_VXWORKS) /* FIXME */
# define TIMEB
#endif
@@ -107,7 +112,7 @@
The __TMS macro will show if it was. If it wasn't defined, we should
undefine TIMES, since that tells the rest of the program how things
should be handled. -- Richard Levitte */
-#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
#undef TIMES
#endif
@@ -115,7 +120,7 @@
#include <sys/timeb.h>
#endif
-#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(VXWORKS)
+#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(OPENSSL_SYS_VXWORKS)
#error "It seems neither struct tms nor struct timeb is supported in this platform!"
#endif
@@ -125,78 +130,113 @@
#include <sys/param.h>
#endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
#include <openssl/des.h>
#endif
-#ifndef NO_MD2
+#ifndef OPENSSL_NO_AES
+#include <openssl/aes.h>
+#endif
+#ifndef OPENSSL_NO_MD2
#include <openssl/md2.h>
#endif
-#ifndef NO_MDC2
+#ifndef OPENSSL_NO_MDC2
#include <openssl/mdc2.h>
#endif
-#ifndef NO_MD4
+#ifndef OPENSSL_NO_MD4
#include <openssl/md4.h>
#endif
-#ifndef NO_MD5
+#ifndef OPENSSL_NO_MD5
#include <openssl/md5.h>
#endif
-#ifndef NO_HMAC
+#ifndef OPENSSL_NO_HMAC
#include <openssl/hmac.h>
#endif
#include <openssl/evp.h>
-#ifndef NO_SHA
+#ifndef OPENSSL_NO_SHA
#include <openssl/sha.h>
#endif
-#ifndef NO_RIPEMD
+#ifndef OPENSSL_NO_RIPEMD
#include <openssl/ripemd.h>
#endif
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
#include <openssl/rc4.h>
#endif
-#ifndef NO_RC5
+#ifndef OPENSSL_NO_RC5
#include <openssl/rc5.h>
#endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
#include <openssl/rc2.h>
#endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
#include <openssl/idea.h>
#endif
-#ifndef NO_BF
+#ifndef OPENSSL_NO_BF
#include <openssl/blowfish.h>
#endif
-#ifndef NO_CAST
+#ifndef OPENSSL_NO_CAST
#include <openssl/cast.h>
#endif
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
#include "./testrsa.h"
#endif
#include <openssl/x509.h>
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
#include "./testdsa.h"
#endif
/* The following if from times(3) man page. It may need to be changed */
#ifndef HZ
-# ifndef CLK_TCK
-# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
-# define HZ 100.0
-# else /* _BSD_CLK_TCK_ */
-# define HZ ((double)_BSD_CLK_TCK_)
+# if defined(_SC_CLK_TCK) \
+ && (!defined(OPENSSL_SYS_VMS) || __CTRL_VER >= 70000000)
+# define HZ ((double)sysconf(_SC_CLK_TCK))
+# else
+# ifndef CLK_TCK
+# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
+# define HZ 100.0
+# else /* _BSD_CLK_TCK_ */
+# define HZ ((double)_BSD_CLK_TCK_)
+# endif
+# else /* CLK_TCK */
+# define HZ ((double)CLK_TCK)
# endif
-# else /* CLK_TCK */
-# define HZ ((double)CLK_TCK)
# endif
#endif
+#if !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_OS2)
+# define HAVE_FORK 1
+#endif
+
#undef BUFSIZE
#define BUFSIZE ((long)1024*8+1)
int run=0;
-static double Time_F(int s, int usertime);
-static void print_message(char *s,long num,int length);
+static char ftime_used = 0, times_used = 0, gettimeofday_used = 0, getrusage_used = 0;
+static int mr=0;
+static int usertime=1;
+
+static double Time_F(int s);
+static void print_message(const char *s,long num,int length);
static void pkey_print_message(char *str,char *str2,long num,int bits,int sec);
+static void print_result(int alg,int run_no,int count,double time_used);
+#ifdef HAVE_FORK
+static int do_multi(int multi);
+#endif
+
+#define ALGOR_NUM 19
+#define SIZE_NUM 5
+#define RSA_NUM 4
+#define DSA_NUM 3
+static const char *names[ALGOR_NUM]={
+ "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4",
+ "des cbc","des ede3","idea cbc",
+ "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc",
+ "aes-128 cbc","aes-192 cbc","aes-256 cbc"};
+static double results[ALGOR_NUM][SIZE_NUM];
+static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};
+static double rsa_results[RSA_NUM][2];
+static double dsa_results[DSA_NUM][2];
+
#ifdef SIGALRM
#if defined(__STDC__) || defined(sgi) || defined(_AIX)
#define SIGRETTYPE void
@@ -218,15 +258,16 @@ static SIGRETTYPE sig_done(int sig)
#define START 0
#define STOP 1
-static double Time_F(int s, int usertime)
+static double Time_F(int s)
{
double ret;
#ifdef USE_TOD
if(usertime)
- {
+ {
static struct rusage tstart,tend;
+ getrusage_used = 1;
if (s == START)
{
getrusage(RUSAGE_SELF,&tstart);
@@ -248,6 +289,7 @@ static double Time_F(int s, int usertime)
static struct timeval tstart,tend;
long i;
+ gettimeofday_used = 1;
if (s == START)
{
gettimeofday(&tstart,NULL);
@@ -268,6 +310,7 @@ static double Time_F(int s, int usertime)
{
static struct tms tstart,tend;
+ times_used = 1;
if (s == START)
{
times(&tstart);
@@ -284,8 +327,8 @@ static double Time_F(int s, int usertime)
# if defined(TIMES) && defined(TIMEB)
else
# endif
-# ifdef VXWORKS
- {
+# ifdef OPENSSL_SYS_VXWORKS
+ {
static unsigned long tick_start, tick_end;
if( s == START )
@@ -305,6 +348,7 @@ static double Time_F(int s, int usertime)
static struct timeb tstart,tend;
long i;
+ ftime_used = 1;
if (s == START)
{
ftime(&tstart);
@@ -319,7 +363,6 @@ static double Time_F(int s, int usertime)
}
}
# endif
-
#endif
}
@@ -327,64 +370,85 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
unsigned char *buf=NULL,*buf2=NULL;
int mret=1;
-#define ALGOR_NUM 15
-#define SIZE_NUM 5
-#define RSA_NUM 4
-#define DSA_NUM 3
- long count,rsa_count;
+ long count=0,save_count=0;
int i,j,k;
-#ifndef NO_RSA
+#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA)
+ long rsa_count;
+#endif
+#ifndef OPENSSL_NO_RSA
unsigned rsa_num;
#endif
-#ifndef NO_MD2
+ unsigned char md[EVP_MAX_MD_SIZE];
+#ifndef OPENSSL_NO_MD2
unsigned char md2[MD2_DIGEST_LENGTH];
#endif
-#ifndef NO_MDC2
+#ifndef OPENSSL_NO_MDC2
unsigned char mdc2[MDC2_DIGEST_LENGTH];
#endif
-#ifndef NO_MD4
+#ifndef OPENSSL_NO_MD4
unsigned char md4[MD4_DIGEST_LENGTH];
#endif
-#ifndef NO_MD5
+#ifndef OPENSSL_NO_MD5
unsigned char md5[MD5_DIGEST_LENGTH];
unsigned char hmac[MD5_DIGEST_LENGTH];
#endif
-#ifndef NO_SHA
+#ifndef OPENSSL_NO_SHA
unsigned char sha[SHA_DIGEST_LENGTH];
#endif
-#ifndef NO_RIPEMD
+#ifndef OPENSSL_NO_RIPEMD
unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
#endif
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
RC4_KEY rc4_ks;
#endif
-#ifndef NO_RC5
+#ifndef OPENSSL_NO_RC5
RC5_32_KEY rc5_ks;
#endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
RC2_KEY rc2_ks;
#endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
IDEA_KEY_SCHEDULE idea_ks;
#endif
-#ifndef NO_BF
+#ifndef OPENSSL_NO_BF
BF_KEY bf_ks;
#endif
-#ifndef NO_CAST
+#ifndef OPENSSL_NO_CAST
CAST_KEY cast_ks;
#endif
- static unsigned char key16[16]=
+ static const unsigned char key16[16]=
{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
- unsigned char iv[8];
-#ifndef NO_DES
- des_cblock *buf_as_des_cblock = NULL;
- static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
- static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
- static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
- des_key_schedule sch,sch2,sch3;
+ static const unsigned char key24[24]=
+ {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+ 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
+ 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
+ static const unsigned char key32[32]=
+ {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+ 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
+ 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,
+ 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56};
+#ifndef OPENSSL_NO_AES
+#define MAX_BLOCK_SIZE 128
+#else
+#define MAX_BLOCK_SIZE 64
+#endif
+ unsigned char DES_iv[8];
+ unsigned char iv[MAX_BLOCK_SIZE/8];
+#ifndef OPENSSL_NO_DES
+ DES_cblock *buf_as_des_cblock = NULL;
+ static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
+ static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
+ static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
+ DES_key_schedule sch;
+ DES_key_schedule sch2;
+ DES_key_schedule sch3;
+#endif
+#ifndef OPENSSL_NO_AES
+ AES_KEY aes_ks1, aes_ks2, aes_ks3;
#endif
#define D_MD2 0
#define D_MDC2 1
@@ -401,13 +465,12 @@ int MAIN(int argc, char **argv)
#define D_CBC_RC5 12
#define D_CBC_BF 13
#define D_CBC_CAST 14
- double d,results[ALGOR_NUM][SIZE_NUM];
- static int lengths[SIZE_NUM]={8,64,256,1024,8*1024};
+#define D_CBC_128_AES 15
+#define D_CBC_192_AES 16
+#define D_CBC_256_AES 17
+#define D_EVP 18
+ double d=0.0;
long c[ALGOR_NUM][SIZE_NUM];
- static char *names[ALGOR_NUM]={
- "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4",
- "des cbc","des ede3","idea cbc",
- "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc"};
#define R_DSA_512 0
#define R_DSA_1024 1
#define R_DSA_2048 2
@@ -415,10 +478,9 @@ int MAIN(int argc, char **argv)
#define R_RSA_1024 1
#define R_RSA_2048 2
#define R_RSA_4096 3
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
RSA *rsa_key[RSA_NUM];
long rsa_c[RSA_NUM][2];
- double rsa_results[RSA_NUM][2];
static unsigned int rsa_bits[RSA_NUM]={512,1024,2048,4096};
static unsigned char *rsa_data[RSA_NUM]=
{test512,test1024,test2048,test4096};
@@ -426,17 +488,21 @@ int MAIN(int argc, char **argv)
sizeof(test512),sizeof(test1024),
sizeof(test2048),sizeof(test4096)};
#endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
DSA *dsa_key[DSA_NUM];
long dsa_c[DSA_NUM][2];
- double dsa_results[DSA_NUM][2];
static unsigned int dsa_bits[DSA_NUM]={512,1024,2048};
#endif
int rsa_doit[RSA_NUM];
int dsa_doit[DSA_NUM];
int doit[ALGOR_NUM];
int pr_header=0;
- int usertime=1;
+ const EVP_CIPHER *evp_cipher=NULL;
+ const EVP_MD *evp_md=NULL;
+ int decrypt=0;
+#ifdef HAVE_FORK
+ int multi=0;
+#endif
#ifndef TIMES
usertime=-1;
@@ -444,7 +510,7 @@ int MAIN(int argc, char **argv)
apps_startup();
memset(results, 0, sizeof(results));
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
memset(dsa_key,0,sizeof(dsa_key));
#endif
@@ -452,7 +518,10 @@ int MAIN(int argc, char **argv)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-#ifndef NO_RSA
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+#ifndef OPENSSL_NO_RSA
memset(rsa_key,0,sizeof(rsa_key));
for (i=0; i<RSA_NUM; i++)
rsa_key[i]=NULL;
@@ -463,8 +532,8 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err,"out of memory\n");
goto end;
}
-#ifndef NO_DES
- buf_as_des_cblock = (des_cblock *)buf;
+#ifndef OPENSSL_NO_DES
+ buf_as_des_cblock = (DES_cblock *)buf;
#endif
if ((buf2=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL)
{
@@ -473,6 +542,7 @@ int MAIN(int argc, char **argv)
}
memset(c,0,sizeof(c));
+ memset(DES_iv,0,sizeof(DES_iv));
memset(iv,0,sizeof(iv));
for (i=0; i<ALGOR_NUM; i++)
@@ -488,34 +558,108 @@ int MAIN(int argc, char **argv)
while (argc)
{
if ((argc > 0) && (strcmp(*argv,"-elapsed") == 0))
+ {
usertime = 0;
-#ifndef NO_MD2
+ j--; /* Otherwise, -elapsed gets confused with
+ an algorithm. */
+ }
+ else if ((argc > 0) && (strcmp(*argv,"-evp") == 0))
+ {
+ argc--;
+ argv++;
+ if(argc == 0)
+ {
+ BIO_printf(bio_err,"no EVP given\n");
+ goto end;
+ }
+ evp_cipher=EVP_get_cipherbyname(*argv);
+ if(!evp_cipher)
+ {
+ evp_md=EVP_get_digestbyname(*argv);
+ }
+ if(!evp_cipher && !evp_md)
+ {
+ BIO_printf(bio_err,"%s is an unknown cipher or digest\n",*argv);
+ goto end;
+ }
+ doit[D_EVP]=1;
+ }
+ else if (argc > 0 && !strcmp(*argv,"-decrypt"))
+ {
+ decrypt=1;
+ j--; /* Otherwise, -elapsed gets confused with
+ an algorithm. */
+ }
+ else if ((argc > 0) && (strcmp(*argv,"-engine") == 0))
+ {
+ argc--;
+ argv++;
+ if(argc == 0)
+ {
+ BIO_printf(bio_err,"no engine given\n");
+ goto end;
+ }
+ e = setup_engine(bio_err, *argv, 0);
+ /* j will be increased again further down. We just
+ don't want speed to confuse an engine with an
+ algorithm, especially when none is given (which
+ means all of them should be run) */
+ j--;
+ }
+#ifdef HAVE_FORK
+ else if ((argc > 0) && (strcmp(*argv,"-multi") == 0))
+ {
+ argc--;
+ argv++;
+ if(argc == 0)
+ {
+ BIO_printf(bio_err,"no multi count given\n");
+ goto end;
+ }
+ multi=atoi(argv[0]);
+ if(multi <= 0)
+ {
+ BIO_printf(bio_err,"bad multi count\n");
+ goto end;
+ }
+ j--; /* Otherwise, -mr gets confused with
+ an algorithm. */
+ }
+#endif
+ else if (argc > 0 && !strcmp(*argv,"-mr"))
+ {
+ mr=1;
+ j--; /* Otherwise, -mr gets confused with
+ an algorithm. */
+ }
+ else
+#ifndef OPENSSL_NO_MD2
if (strcmp(*argv,"md2") == 0) doit[D_MD2]=1;
else
#endif
-#ifndef NO_MDC2
+#ifndef OPENSSL_NO_MDC2
if (strcmp(*argv,"mdc2") == 0) doit[D_MDC2]=1;
else
#endif
-#ifndef NO_MD4
+#ifndef OPENSSL_NO_MD4
if (strcmp(*argv,"md4") == 0) doit[D_MD4]=1;
else
#endif
-#ifndef NO_MD5
+#ifndef OPENSSL_NO_MD5
if (strcmp(*argv,"md5") == 0) doit[D_MD5]=1;
else
#endif
-#ifndef NO_MD5
+#ifndef OPENSSL_NO_MD5
if (strcmp(*argv,"hmac") == 0) doit[D_HMAC]=1;
else
#endif
-#ifndef NO_SHA
+#ifndef OPENSSL_NO_SHA
if (strcmp(*argv,"sha1") == 0) doit[D_SHA1]=1;
else
if (strcmp(*argv,"sha") == 0) doit[D_SHA1]=1;
else
#endif
-#ifndef NO_RIPEMD
+#ifndef OPENSSL_NO_RIPEMD
if (strcmp(*argv,"ripemd") == 0) doit[D_RMD160]=1;
else
if (strcmp(*argv,"rmd160") == 0) doit[D_RMD160]=1;
@@ -523,20 +667,26 @@ int MAIN(int argc, char **argv)
if (strcmp(*argv,"ripemd160") == 0) doit[D_RMD160]=1;
else
#endif
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
if (strcmp(*argv,"rc4") == 0) doit[D_RC4]=1;
else
#endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
if (strcmp(*argv,"des-cbc") == 0) doit[D_CBC_DES]=1;
else if (strcmp(*argv,"des-ede3") == 0) doit[D_EDE3_DES]=1;
else
#endif
-#ifndef NO_RSA
-#ifdef RSAref
+#ifndef OPENSSL_NO_AES
+ if (strcmp(*argv,"aes-128-cbc") == 0) doit[D_CBC_128_AES]=1;
+ else if (strcmp(*argv,"aes-192-cbc") == 0) doit[D_CBC_192_AES]=1;
+ else if (strcmp(*argv,"aes-256-cbc") == 0) doit[D_CBC_256_AES]=1;
+ else
+#endif
+#ifndef OPENSSL_NO_RSA
+#if 0 /* was: #ifdef RSAref */
if (strcmp(*argv,"rsaref") == 0)
{
- RSA_set_default_method(RSA_PKCS1_RSAref());
+ RSA_set_default_openssl_method(RSA_PKCS1_RSAref());
j--;
}
else
@@ -549,7 +699,7 @@ int MAIN(int argc, char **argv)
}
else
#endif
-#endif /* !NO_RSA */
+#endif /* !OPENSSL_NO_RSA */
if (strcmp(*argv,"dsa512") == 0) dsa_doit[R_DSA_512]=2;
else if (strcmp(*argv,"dsa1024") == 0) dsa_doit[R_DSA_1024]=2;
else if (strcmp(*argv,"dsa2048") == 0) dsa_doit[R_DSA_2048]=2;
@@ -558,34 +708,34 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv,"rsa2048") == 0) rsa_doit[R_RSA_2048]=2;
else if (strcmp(*argv,"rsa4096") == 0) rsa_doit[R_RSA_4096]=2;
else
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
if (strcmp(*argv,"rc2-cbc") == 0) doit[D_CBC_RC2]=1;
else if (strcmp(*argv,"rc2") == 0) doit[D_CBC_RC2]=1;
else
#endif
-#ifndef NO_RC5
+#ifndef OPENSSL_NO_RC5
if (strcmp(*argv,"rc5-cbc") == 0) doit[D_CBC_RC5]=1;
else if (strcmp(*argv,"rc5") == 0) doit[D_CBC_RC5]=1;
else
#endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
if (strcmp(*argv,"idea-cbc") == 0) doit[D_CBC_IDEA]=1;
else if (strcmp(*argv,"idea") == 0) doit[D_CBC_IDEA]=1;
else
#endif
-#ifndef NO_BF
+#ifndef OPENSSL_NO_BF
if (strcmp(*argv,"bf-cbc") == 0) doit[D_CBC_BF]=1;
else if (strcmp(*argv,"blowfish") == 0) doit[D_CBC_BF]=1;
else if (strcmp(*argv,"bf") == 0) doit[D_CBC_BF]=1;
else
#endif
-#ifndef NO_CAST
+#ifndef OPENSSL_NO_CAST
if (strcmp(*argv,"cast-cbc") == 0) doit[D_CBC_CAST]=1;
else if (strcmp(*argv,"cast") == 0) doit[D_CBC_CAST]=1;
else if (strcmp(*argv,"cast5") == 0) doit[D_CBC_CAST]=1;
else
#endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
if (strcmp(*argv,"des") == 0)
{
doit[D_CBC_DES]=1;
@@ -593,7 +743,16 @@ int MAIN(int argc, char **argv)
}
else
#endif
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_AES
+ if (strcmp(*argv,"aes") == 0)
+ {
+ doit[D_CBC_128_AES]=1;
+ doit[D_CBC_192_AES]=1;
+ doit[D_CBC_256_AES]=1;
+ }
+ else
+#endif
+#ifndef OPENSSL_NO_RSA
if (strcmp(*argv,"rsa") == 0)
{
rsa_doit[R_RSA_512]=1;
@@ -603,7 +762,7 @@ int MAIN(int argc, char **argv)
}
else
#endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
if (strcmp(*argv,"dsa") == 0)
{
dsa_doit[R_DSA_512]=1;
@@ -615,85 +774,104 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err,"Error: bad option or value\n");
BIO_printf(bio_err,"\n");
BIO_printf(bio_err,"Available values:\n");
-#ifndef NO_MD2
+#ifndef OPENSSL_NO_MD2
BIO_printf(bio_err,"md2 ");
#endif
-#ifndef NO_MDC2
+#ifndef OPENSSL_NO_MDC2
BIO_printf(bio_err,"mdc2 ");
#endif
-#ifndef NO_MD4
+#ifndef OPENSSL_NO_MD4
BIO_printf(bio_err,"md4 ");
#endif
-#ifndef NO_MD5
+#ifndef OPENSSL_NO_MD5
BIO_printf(bio_err,"md5 ");
-#ifndef NO_HMAC
+#ifndef OPENSSL_NO_HMAC
BIO_printf(bio_err,"hmac ");
#endif
#endif
-#ifndef NO_SHA1
+#ifndef OPENSSL_NO_SHA1
BIO_printf(bio_err,"sha1 ");
#endif
-#ifndef NO_RIPEMD160
+#ifndef OPENSSL_NO_RIPEMD160
BIO_printf(bio_err,"rmd160");
#endif
-#if !defined(NO_MD2) || !defined(NO_MDC2) || !defined(NO_MD4) || !defined(NO_MD5) || !defined(NO_SHA1) || !defined(NO_RIPEMD160)
+#if !defined(OPENSSL_NO_MD2) || !defined(OPENSSL_NO_MDC2) || \
+ !defined(OPENSSL_NO_MD4) || !defined(OPENSSL_NO_MD5) || \
+ !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RIPEMD160)
BIO_printf(bio_err,"\n");
#endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
BIO_printf(bio_err,"idea-cbc ");
#endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
BIO_printf(bio_err,"rc2-cbc ");
#endif
-#ifndef NO_RC5
+#ifndef OPENSSL_NO_RC5
BIO_printf(bio_err,"rc5-cbc ");
#endif
-#ifndef NO_BF
+#ifndef OPENSSL_NO_BF
BIO_printf(bio_err,"bf-cbc");
#endif
-#if !defined(NO_IDEA) || !defined(NO_RC2) || !defined(NO_BF) || !defined(NO_RC5)
+#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_RC2) || \
+ !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_RC5)
BIO_printf(bio_err,"\n");
#endif
-
+#ifndef OPENSSL_NO_DES
BIO_printf(bio_err,"des-cbc des-ede3 ");
-#ifndef NO_RC4
+#endif
+#ifndef OPENSSL_NO_AES
+ BIO_printf(bio_err,"aes-128-cbc aes-192-cbc aes-256-cbc ");
+#endif
+#ifndef OPENSSL_NO_RC4
BIO_printf(bio_err,"rc4");
#endif
BIO_printf(bio_err,"\n");
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
BIO_printf(bio_err,"rsa512 rsa1024 rsa2048 rsa4096\n");
#endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
BIO_printf(bio_err,"dsa512 dsa1024 dsa2048\n");
#endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
BIO_printf(bio_err,"idea ");
#endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
BIO_printf(bio_err,"rc2 ");
#endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
BIO_printf(bio_err,"des ");
#endif
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_AES
+ BIO_printf(bio_err,"aes ");
+#endif
+#ifndef OPENSSL_NO_RSA
BIO_printf(bio_err,"rsa ");
#endif
-#ifndef NO_BF
+#ifndef OPENSSL_NO_BF
BIO_printf(bio_err,"blowfish");
#endif
-#if !defined(NO_IDEA) || !defined(NO_RC2) || !defined(NO_DES) || !defined(NO_RSA) || !defined(NO_BF)
+#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_RC2) || \
+ !defined(OPENSSL_NO_DES) || !defined(OPENSSL_NO_RSA) || \
+ !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_AES)
BIO_printf(bio_err,"\n");
#endif
-#ifdef TIMES
BIO_printf(bio_err,"\n");
BIO_printf(bio_err,"Available options:\n");
+#if defined(TIMES) || defined(USE_TOD)
BIO_printf(bio_err,"-elapsed measure time in real time instead of CPU user time.\n");
#endif
+ BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n");
+ BIO_printf(bio_err,"-evp e use EVP e.\n");
+ BIO_printf(bio_err,"-decrypt time decryption instead of encryption (only EVP).\n");
+ BIO_printf(bio_err,"-mr produce machine readable output.\n");
+#ifdef HAVE_FORK
+ BIO_printf(bio_err,"-multi n run n benchmarks in parallel.\n");
+#endif
goto end;
}
argc--;
@@ -701,10 +879,18 @@ int MAIN(int argc, char **argv)
j++;
}
+#ifdef HAVE_FORK
+ if(multi && do_multi(multi))
+ goto show_res;
+#endif
+
if (j == 0)
{
for (i=0; i<ALGOR_NUM; i++)
- doit[i]=1;
+ {
+ if (i != D_EVP)
+ doit[i]=1;
+ }
for (i=0; i<RSA_NUM; i++)
rsa_doit[i]=1;
for (i=0; i<DSA_NUM; i++)
@@ -713,18 +899,18 @@ int MAIN(int argc, char **argv)
for (i=0; i<ALGOR_NUM; i++)
if (doit[i]) pr_header++;
- if (usertime == 0)
+ if (usertime == 0 && !mr)
BIO_printf(bio_err,"You have chosen to measure elapsed time instead of user CPU time.\n");
- if (usertime <= 0)
+ if (usertime <= 0 && !mr)
{
BIO_printf(bio_err,"To get the most accurate results, try to run this\n");
BIO_printf(bio_err,"program when this computer is idle.\n");
}
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
for (i=0; i<RSA_NUM; i++)
{
- unsigned char *p;
+ const unsigned char *p;
p=rsa_data[i];
rsa_key[i]=d2i_RSAPrivateKey(NULL,&p,rsa_data_length[i]);
@@ -736,7 +922,9 @@ int MAIN(int argc, char **argv)
#if 0
else
{
- BIO_printf(bio_err,"Loaded RSA key, %d bit modulus and e= 0x",BN_num_bits(rsa_key[i]->n));
+ BIO_printf(bio_err,mr ? "+RK:%d:"
+ : "Loaded RSA key, %d bit modulus and e= 0x",
+ BN_num_bits(rsa_key[i]->n));
BN_print(bio_err,rsa_key[i]->e);
BIO_printf(bio_err,"\n");
}
@@ -744,51 +932,57 @@ int MAIN(int argc, char **argv)
}
#endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
dsa_key[0]=get_dsa512();
dsa_key[1]=get_dsa1024();
dsa_key[2]=get_dsa2048();
#endif
-#ifndef NO_DES
- des_set_key_unchecked(&key,sch);
- des_set_key_unchecked(&key2,sch2);
- des_set_key_unchecked(&key3,sch3);
+#ifndef OPENSSL_NO_DES
+ DES_set_key_unchecked(&key,&sch);
+ DES_set_key_unchecked(&key2,&sch2);
+ DES_set_key_unchecked(&key3,&sch3);
+#endif
+#ifndef OPENSSL_NO_AES
+ AES_set_encrypt_key(key16,128,&aes_ks1);
+ AES_set_encrypt_key(key24,192,&aes_ks2);
+ AES_set_encrypt_key(key32,256,&aes_ks3);
#endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
idea_set_encrypt_key(key16,&idea_ks);
#endif
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
RC4_set_key(&rc4_ks,16,key16);
#endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
RC2_set_key(&rc2_ks,16,key16,128);
#endif
-#ifndef NO_RC5
+#ifndef OPENSSL_NO_RC5
RC5_32_set_key(&rc5_ks,16,key16,12);
#endif
-#ifndef NO_BF
+#ifndef OPENSSL_NO_BF
BF_set_key(&bf_ks,16,key16);
#endif
-#ifndef NO_CAST
+#ifndef OPENSSL_NO_CAST
CAST_set_key(&cast_ks,16,key16);
#endif
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
memset(rsa_c,0,sizeof(rsa_c));
#endif
#ifndef SIGALRM
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
BIO_printf(bio_err,"First we calculate the approximate speed ...\n");
count=10;
do {
long i;
count*=2;
- Time_F(START,usertime);
+ Time_F(START);
for (i=count; i; i--)
- des_ecb_encrypt(buf_as_des_cblock,buf_as_des_cblock,
- &(sch[0]),DES_ENCRYPT);
- d=Time_F(STOP,usertime);
+ DES_ecb_encrypt(buf_as_des_cblock,buf_as_des_cblock,
+ &sch,DES_ENCRYPT);
+ d=Time_F(STOP);
} while (d <3);
+ save_count=count;
c[D_MD2][0]=count/10;
c[D_MDC2][0]=count/10;
c[D_MD4][0]=count;
@@ -830,7 +1024,7 @@ int MAIN(int argc, char **argv)
c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1;
c[D_CBC_CAST][i]=c[D_CBC_CAST][i-1]*l0/l1;
}
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
rsa_c[R_RSA_512][0]=count/2000;
rsa_c[R_RSA_512][1]=count/400;
for (i=1; i<RSA_NUM; i++)
@@ -850,7 +1044,7 @@ int MAIN(int argc, char **argv)
}
#endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
dsa_c[R_DSA_512][0]=count/1000;
dsa_c[R_DSA_512][1]=count/1000/2;
for (i=1; i<DSA_NUM; i++)
@@ -875,167 +1069,152 @@ int MAIN(int argc, char **argv)
#else
/* not worth fixing */
# error "You cannot disable DES on systems without SIGALRM."
-#endif /* NO_DES */
+#endif /* OPENSSL_NO_DES */
#else
#define COND(c) (run)
#define COUNT(d) (count)
signal(SIGALRM,sig_done);
#endif /* SIGALRM */
-#ifndef NO_MD2
+#ifndef OPENSSL_NO_MD2
if (doit[D_MD2])
{
for (j=0; j<SIZE_NUM; j++)
{
print_message(names[D_MD2],c[D_MD2][j],lengths[j]);
- Time_F(START,usertime);
+ Time_F(START);
for (count=0,run=1; COND(c[D_MD2][j]); count++)
- MD2(buf,(unsigned long)lengths[j],&(md2[0]));
- d=Time_F(STOP,usertime);
- BIO_printf(bio_err,"%ld %s's in %.2fs\n",
- count,names[D_MD2],d);
- results[D_MD2][j]=((double)count)/d*lengths[j];
+ EVP_Digest(buf,(unsigned long)lengths[j],&(md2[0]),NULL,EVP_md2(),NULL);
+ d=Time_F(STOP);
+ print_result(D_MD2,j,count,d);
}
}
#endif
-#ifndef NO_MDC2
+#ifndef OPENSSL_NO_MDC2
if (doit[D_MDC2])
{
for (j=0; j<SIZE_NUM; j++)
{
print_message(names[D_MDC2],c[D_MDC2][j],lengths[j]);
- Time_F(START,usertime);
+ Time_F(START);
for (count=0,run=1; COND(c[D_MDC2][j]); count++)
- MDC2(buf,(unsigned long)lengths[j],&(mdc2[0]));
- d=Time_F(STOP,usertime);
- BIO_printf(bio_err,"%ld %s's in %.2fs\n",
- count,names[D_MDC2],d);
- results[D_MDC2][j]=((double)count)/d*lengths[j];
+ EVP_Digest(buf,(unsigned long)lengths[j],&(mdc2[0]),NULL,EVP_mdc2(),NULL);
+ d=Time_F(STOP);
+ print_result(D_MDC2,j,count,d);
}
}
#endif
-#ifndef NO_MD4
+#ifndef OPENSSL_NO_MD4
if (doit[D_MD4])
{
for (j=0; j<SIZE_NUM; j++)
{
print_message(names[D_MD4],c[D_MD4][j],lengths[j]);
- Time_F(START,usertime);
+ Time_F(START);
for (count=0,run=1; COND(c[D_MD4][j]); count++)
- MD4(&(buf[0]),(unsigned long)lengths[j],&(md4[0]));
- d=Time_F(STOP,usertime);
- BIO_printf(bio_err,"%ld %s's in %.2fs\n",
- count,names[D_MD4],d);
- results[D_MD4][j]=((double)count)/d*lengths[j];
+ EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md4[0]),NULL,EVP_md4(),NULL);
+ d=Time_F(STOP);
+ print_result(D_MD4,j,count,d);
}
}
#endif
-#ifndef NO_MD5
+#ifndef OPENSSL_NO_MD5
if (doit[D_MD5])
{
for (j=0; j<SIZE_NUM; j++)
{
print_message(names[D_MD5],c[D_MD5][j],lengths[j]);
- Time_F(START,usertime);
+ Time_F(START);
for (count=0,run=1; COND(c[D_MD5][j]); count++)
- MD5(&(buf[0]),(unsigned long)lengths[j],&(md5[0]));
- d=Time_F(STOP,usertime);
- BIO_printf(bio_err,"%ld %s's in %.2fs\n",
- count,names[D_MD5],d);
- results[D_MD5][j]=((double)count)/d*lengths[j];
+ EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md5[0]),NULL,EVP_get_digestbyname("md5"),NULL);
+ d=Time_F(STOP);
+ print_result(D_MD5,j,count,d);
}
}
#endif
-#if !defined(NO_MD5) && !defined(NO_HMAC)
+#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_HMAC)
if (doit[D_HMAC])
{
HMAC_CTX hctx;
- HMAC_Init(&hctx,(unsigned char *)"This is a key...",
- 16,EVP_md5());
+
+ HMAC_CTX_init(&hctx);
+ HMAC_Init_ex(&hctx,(unsigned char *)"This is a key...",
+ 16,EVP_md5(), NULL);
for (j=0; j<SIZE_NUM; j++)
{
print_message(names[D_HMAC],c[D_HMAC][j],lengths[j]);
- Time_F(START,usertime);
+ Time_F(START);
for (count=0,run=1; COND(c[D_HMAC][j]); count++)
{
- HMAC_Init(&hctx,NULL,0,NULL);
- HMAC_Update(&hctx,buf,lengths[j]);
- HMAC_Final(&hctx,&(hmac[0]),NULL);
+ HMAC_Init_ex(&hctx,NULL,0,NULL,NULL);
+ HMAC_Update(&hctx,buf,lengths[j]);
+ HMAC_Final(&hctx,&(hmac[0]),NULL);
}
- d=Time_F(STOP,usertime);
- BIO_printf(bio_err,"%ld %s's in %.2fs\n",
- count,names[D_HMAC],d);
- results[D_HMAC][j]=((double)count)/d*lengths[j];
+ d=Time_F(STOP);
+ print_result(D_HMAC,j,count,d);
}
+ HMAC_CTX_cleanup(&hctx);
}
#endif
-#ifndef NO_SHA
+#ifndef OPENSSL_NO_SHA
if (doit[D_SHA1])
{
for (j=0; j<SIZE_NUM; j++)
{
print_message(names[D_SHA1],c[D_SHA1][j],lengths[j]);
- Time_F(START,usertime);
+ Time_F(START);
for (count=0,run=1; COND(c[D_SHA1][j]); count++)
- SHA1(buf,(unsigned long)lengths[j],&(sha[0]));
- d=Time_F(STOP,usertime);
- BIO_printf(bio_err,"%ld %s's in %.2fs\n",
- count,names[D_SHA1],d);
- results[D_SHA1][j]=((double)count)/d*lengths[j];
+ EVP_Digest(buf,(unsigned long)lengths[j],&(sha[0]),NULL,EVP_sha1(),NULL);
+ d=Time_F(STOP);
+ print_result(D_SHA1,j,count,d);
}
}
#endif
-#ifndef NO_RIPEMD
+#ifndef OPENSSL_NO_RIPEMD
if (doit[D_RMD160])
{
for (j=0; j<SIZE_NUM; j++)
{
print_message(names[D_RMD160],c[D_RMD160][j],lengths[j]);
- Time_F(START,usertime);
+ Time_F(START);
for (count=0,run=1; COND(c[D_RMD160][j]); count++)
- RIPEMD160(buf,(unsigned long)lengths[j],&(rmd160[0]));
- d=Time_F(STOP,usertime);
- BIO_printf(bio_err,"%ld %s's in %.2fs\n",
- count,names[D_RMD160],d);
- results[D_RMD160][j]=((double)count)/d*lengths[j];
+ EVP_Digest(buf,(unsigned long)lengths[j],&(rmd160[0]),NULL,EVP_ripemd160(),NULL);
+ d=Time_F(STOP);
+ print_result(D_RMD160,j,count,d);
}
}
#endif
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
if (doit[D_RC4])
{
for (j=0; j<SIZE_NUM; j++)
{
print_message(names[D_RC4],c[D_RC4][j],lengths[j]);
- Time_F(START,usertime);
+ Time_F(START);
for (count=0,run=1; COND(c[D_RC4][j]); count++)
RC4(&rc4_ks,(unsigned int)lengths[j],
buf,buf);
- d=Time_F(STOP,usertime);
- BIO_printf(bio_err,"%ld %s's in %.2fs\n",
- count,names[D_RC4],d);
- results[D_RC4][j]=((double)count)/d*lengths[j];
+ d=Time_F(STOP);
+ print_result(D_RC4,j,count,d);
}
}
#endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
if (doit[D_CBC_DES])
{
for (j=0; j<SIZE_NUM; j++)
{
print_message(names[D_CBC_DES],c[D_CBC_DES][j],lengths[j]);
- Time_F(START,usertime);
+ Time_F(START);
for (count=0,run=1; COND(c[D_CBC_DES][j]); count++)
- des_ncbc_encrypt(buf,buf,lengths[j],sch,
- &iv,DES_ENCRYPT);
- d=Time_F(STOP,usertime);
- BIO_printf(bio_err,"%ld %s's in %.2fs\n",
- count,names[D_CBC_DES],d);
- results[D_CBC_DES][j]=((double)count)/d*lengths[j];
+ DES_ncbc_encrypt(buf,buf,lengths[j],&sch,
+ &DES_iv,DES_ENCRYPT);
+ d=Time_F(STOP);
+ print_result(D_CBC_DES,j,count,d);
}
}
@@ -1044,111 +1223,195 @@ int MAIN(int argc, char **argv)
for (j=0; j<SIZE_NUM; j++)
{
print_message(names[D_EDE3_DES],c[D_EDE3_DES][j],lengths[j]);
- Time_F(START,usertime);
+ Time_F(START);
for (count=0,run=1; COND(c[D_EDE3_DES][j]); count++)
- des_ede3_cbc_encrypt(buf,buf,lengths[j],
- sch,sch2,sch3,
- &iv,DES_ENCRYPT);
- d=Time_F(STOP,usertime);
- BIO_printf(bio_err,"%ld %s's in %.2fs\n",
- count,names[D_EDE3_DES],d);
- results[D_EDE3_DES][j]=((double)count)/d*lengths[j];
+ DES_ede3_cbc_encrypt(buf,buf,lengths[j],
+ &sch,&sch2,&sch3,
+ &DES_iv,DES_ENCRYPT);
+ d=Time_F(STOP);
+ print_result(D_EDE3_DES,j,count,d);
+ }
+ }
+#endif
+#ifndef OPENSSL_NO_AES
+ if (doit[D_CBC_128_AES])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_CBC_128_AES],c[D_CBC_128_AES][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_CBC_128_AES][j]); count++)
+ AES_cbc_encrypt(buf,buf,
+ (unsigned long)lengths[j],&aes_ks1,
+ iv,AES_ENCRYPT);
+ d=Time_F(STOP);
+ print_result(D_CBC_128_AES,j,count,d);
+ }
+ }
+ if (doit[D_CBC_192_AES])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_CBC_192_AES],c[D_CBC_192_AES][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_CBC_192_AES][j]); count++)
+ AES_cbc_encrypt(buf,buf,
+ (unsigned long)lengths[j],&aes_ks2,
+ iv,AES_ENCRYPT);
+ d=Time_F(STOP);
+ print_result(D_CBC_192_AES,j,count,d);
+ }
+ }
+ if (doit[D_CBC_256_AES])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_CBC_256_AES],c[D_CBC_256_AES][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_CBC_256_AES][j]); count++)
+ AES_cbc_encrypt(buf,buf,
+ (unsigned long)lengths[j],&aes_ks3,
+ iv,AES_ENCRYPT);
+ d=Time_F(STOP);
+ print_result(D_CBC_256_AES,j,count,d);
}
}
+
#endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
if (doit[D_CBC_IDEA])
{
for (j=0; j<SIZE_NUM; j++)
{
print_message(names[D_CBC_IDEA],c[D_CBC_IDEA][j],lengths[j]);
- Time_F(START,usertime);
+ Time_F(START);
for (count=0,run=1; COND(c[D_CBC_IDEA][j]); count++)
idea_cbc_encrypt(buf,buf,
(unsigned long)lengths[j],&idea_ks,
iv,IDEA_ENCRYPT);
- d=Time_F(STOP,usertime);
- BIO_printf(bio_err,"%ld %s's in %.2fs\n",
- count,names[D_CBC_IDEA],d);
- results[D_CBC_IDEA][j]=((double)count)/d*lengths[j];
+ d=Time_F(STOP);
+ print_result(D_CBC_IDEA,j,count,d);
}
}
#endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
if (doit[D_CBC_RC2])
{
for (j=0; j<SIZE_NUM; j++)
{
print_message(names[D_CBC_RC2],c[D_CBC_RC2][j],lengths[j]);
- Time_F(START,usertime);
+ Time_F(START);
for (count=0,run=1; COND(c[D_CBC_RC2][j]); count++)
RC2_cbc_encrypt(buf,buf,
(unsigned long)lengths[j],&rc2_ks,
iv,RC2_ENCRYPT);
- d=Time_F(STOP,usertime);
- BIO_printf(bio_err,"%ld %s's in %.2fs\n",
- count,names[D_CBC_RC2],d);
- results[D_CBC_RC2][j]=((double)count)/d*lengths[j];
+ d=Time_F(STOP);
+ print_result(D_CBC_RC2,j,count,d);
}
}
#endif
-#ifndef NO_RC5
+#ifndef OPENSSL_NO_RC5
if (doit[D_CBC_RC5])
{
for (j=0; j<SIZE_NUM; j++)
{
print_message(names[D_CBC_RC5],c[D_CBC_RC5][j],lengths[j]);
- Time_F(START,usertime);
+ Time_F(START);
for (count=0,run=1; COND(c[D_CBC_RC5][j]); count++)
RC5_32_cbc_encrypt(buf,buf,
(unsigned long)lengths[j],&rc5_ks,
iv,RC5_ENCRYPT);
- d=Time_F(STOP,usertime);
- BIO_printf(bio_err,"%ld %s's in %.2fs\n",
- count,names[D_CBC_RC5],d);
- results[D_CBC_RC5][j]=((double)count)/d*lengths[j];
+ d=Time_F(STOP);
+ print_result(D_CBC_RC5,j,count,d);
}
}
#endif
-#ifndef NO_BF
+#ifndef OPENSSL_NO_BF
if (doit[D_CBC_BF])
{
for (j=0; j<SIZE_NUM; j++)
{
print_message(names[D_CBC_BF],c[D_CBC_BF][j],lengths[j]);
- Time_F(START,usertime);
+ Time_F(START);
for (count=0,run=1; COND(c[D_CBC_BF][j]); count++)
BF_cbc_encrypt(buf,buf,
(unsigned long)lengths[j],&bf_ks,
iv,BF_ENCRYPT);
- d=Time_F(STOP,usertime);
- BIO_printf(bio_err,"%ld %s's in %.2fs\n",
- count,names[D_CBC_BF],d);
- results[D_CBC_BF][j]=((double)count)/d*lengths[j];
+ d=Time_F(STOP);
+ print_result(D_CBC_BF,j,count,d);
}
}
#endif
-#ifndef NO_CAST
+#ifndef OPENSSL_NO_CAST
if (doit[D_CBC_CAST])
{
for (j=0; j<SIZE_NUM; j++)
{
print_message(names[D_CBC_CAST],c[D_CBC_CAST][j],lengths[j]);
- Time_F(START,usertime);
+ Time_F(START);
for (count=0,run=1; COND(c[D_CBC_CAST][j]); count++)
CAST_cbc_encrypt(buf,buf,
(unsigned long)lengths[j],&cast_ks,
iv,CAST_ENCRYPT);
- d=Time_F(STOP,usertime);
- BIO_printf(bio_err,"%ld %s's in %.2fs\n",
- count,names[D_CBC_CAST],d);
- results[D_CBC_CAST][j]=((double)count)/d*lengths[j];
+ d=Time_F(STOP);
+ print_result(D_CBC_CAST,j,count,d);
}
}
#endif
+ if (doit[D_EVP])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ if (evp_cipher)
+ {
+ EVP_CIPHER_CTX ctx;
+ int outl;
+
+ names[D_EVP]=OBJ_nid2ln(evp_cipher->nid);
+ /* -O3 -fschedule-insns messes up an
+ * optimization here! names[D_EVP]
+ * somehow becomes NULL */
+ print_message(names[D_EVP],save_count,
+ lengths[j]);
+
+ EVP_CIPHER_CTX_init(&ctx);
+ if(decrypt)
+ EVP_DecryptInit_ex(&ctx,evp_cipher,NULL,key16,iv);
+ else
+ EVP_EncryptInit_ex(&ctx,evp_cipher,NULL,key16,iv);
+
+ Time_F(START);
+ if(decrypt)
+ for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)
+ EVP_DecryptUpdate(&ctx,buf,&outl,buf,lengths[j]);
+ else
+ for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)
+ EVP_EncryptUpdate(&ctx,buf,&outl,buf,lengths[j]);
+ if(decrypt)
+ EVP_DecryptFinal_ex(&ctx,buf,&outl);
+ else
+ EVP_EncryptFinal_ex(&ctx,buf,&outl);
+ d=Time_F(STOP);
+ }
+ if (evp_md)
+ {
+ names[D_EVP]=OBJ_nid2ln(evp_md->type);
+ print_message(names[D_EVP],save_count,
+ lengths[j]);
+
+ Time_F(START);
+ for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)
+ EVP_Digest(buf,lengths[j],&(md[0]),NULL,evp_md,NULL);
+
+ d=Time_F(STOP);
+ }
+ print_result(D_EVP,j,count,d);
+ }
+ }
+
RAND_pseudo_bytes(buf,36);
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
for (j=0; j<RSA_NUM; j++)
{
int ret;
@@ -1166,7 +1429,7 @@ int MAIN(int argc, char **argv)
rsa_c[j][0],rsa_bits[j],
RSA_SECONDS);
/* RSA_blinding_on(rsa_key[j],NULL); */
- Time_F(START,usertime);
+ Time_F(START);
for (count=0,run=1; COND(rsa_c[j][0]); count++)
{
ret=RSA_sign(NID_md5_sha1, buf,36, buf2,
@@ -1180,10 +1443,10 @@ int MAIN(int argc, char **argv)
break;
}
}
- d=Time_F(STOP,usertime);
- BIO_printf(bio_err,
- "%ld %d bit private RSA's in %.2fs\n",
- count,rsa_bits[j],d);
+ d=Time_F(STOP);
+ BIO_printf(bio_err,mr ? "+R1:%ld:%d:%.2f\n"
+ : "%ld %d bit private RSA's in %.2fs\n",
+ count,rsa_bits[j],d);
rsa_results[j][0]=d/(double)count;
rsa_count=count;
}
@@ -1201,7 +1464,7 @@ int MAIN(int argc, char **argv)
pkey_print_message("public","rsa",
rsa_c[j][1],rsa_bits[j],
RSA_SECONDS);
- Time_F(START,usertime);
+ Time_F(START);
for (count=0,run=1; COND(rsa_c[j][1]); count++)
{
ret=RSA_verify(NID_md5_sha1, buf,36, buf2,
@@ -1215,10 +1478,10 @@ int MAIN(int argc, char **argv)
break;
}
}
- d=Time_F(STOP,usertime);
- BIO_printf(bio_err,
- "%ld %d bit public RSA's in %.2fs\n",
- count,rsa_bits[j],d);
+ d=Time_F(STOP);
+ BIO_printf(bio_err,mr ? "+R2:%ld:%d:%.2f\n"
+ : "%ld %d bit public RSA's in %.2fs\n",
+ count,rsa_bits[j],d);
rsa_results[j][1]=d/(double)count;
}
#endif
@@ -1233,7 +1496,7 @@ int MAIN(int argc, char **argv)
#endif
RAND_pseudo_bytes(buf,20);
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
if (RAND_status() != 1)
{
RAND_seed(rnd_seed, sizeof rnd_seed);
@@ -1245,7 +1508,7 @@ int MAIN(int argc, char **argv)
int ret;
if (!dsa_doit[j]) continue;
- DSA_generate_key(dsa_key[j]);
+/* DSA_generate_key(dsa_key[j]); */
/* DSA_sign_setup(dsa_key[j],NULL); */
ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
&kk,dsa_key[j]);
@@ -1260,7 +1523,7 @@ int MAIN(int argc, char **argv)
pkey_print_message("sign","dsa",
dsa_c[j][0],dsa_bits[j],
DSA_SECONDS);
- Time_F(START,usertime);
+ Time_F(START);
for (count=0,run=1; COND(dsa_c[j][0]); count++)
{
ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
@@ -1274,9 +1537,10 @@ int MAIN(int argc, char **argv)
break;
}
}
- d=Time_F(STOP,usertime);
- BIO_printf(bio_err,"%ld %d bit DSA signs in %.2fs\n",
- count,dsa_bits[j],d);
+ d=Time_F(STOP);
+ BIO_printf(bio_err,mr ? "+R3:%ld:%d:%.2f\n"
+ : "%ld %d bit DSA signs in %.2fs\n",
+ count,dsa_bits[j],d);
dsa_results[j][0]=d/(double)count;
rsa_count=count;
}
@@ -1294,7 +1558,7 @@ int MAIN(int argc, char **argv)
pkey_print_message("verify","dsa",
dsa_c[j][1],dsa_bits[j],
DSA_SECONDS);
- Time_F(START,usertime);
+ Time_F(START);
for (count=0,run=1; COND(dsa_c[j][1]); count++)
{
ret=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
@@ -1308,9 +1572,10 @@ int MAIN(int argc, char **argv)
break;
}
}
- d=Time_F(STOP,usertime);
- BIO_printf(bio_err,"%ld %d bit DSA verify in %.2fs\n",
- count,dsa_bits[j],d);
+ d=Time_F(STOP);
+ BIO_printf(bio_err,mr ? "+R4:%ld:%d:%.2f\n"
+ : "%ld %d bit DSA verify in %.2fs\n",
+ count,dsa_bits[j],d);
dsa_results[j][1]=d/(double)count;
}
@@ -1323,106 +1588,160 @@ int MAIN(int argc, char **argv)
}
if (rnd_fake) RAND_cleanup();
#endif
-
- fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_VERSION));
+#ifdef HAVE_FORK
+show_res:
+#endif
+ if(!mr)
+ {
+ fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_VERSION));
fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_BUILT_ON));
- printf("options:");
- printf("%s ",BN_options());
-#ifndef NO_MD2
- printf("%s ",MD2_options());
+ printf("options:");
+ printf("%s ",BN_options());
+#ifndef OPENSSL_NO_MD2
+ printf("%s ",MD2_options());
#endif
-#ifndef NO_RC4
- printf("%s ",RC4_options());
+#ifndef OPENSSL_NO_RC4
+ printf("%s ",RC4_options());
#endif
-#ifndef NO_DES
- printf("%s ",des_options());
+#ifndef OPENSSL_NO_DES
+ printf("%s ",DES_options());
#endif
-#ifndef NO_IDEA
- printf("%s ",idea_options());
+#ifndef OPENSSL_NO_AES
+ printf("%s ",AES_options());
#endif
-#ifndef NO_BF
- printf("%s ",BF_options());
+#ifndef OPENSSL_NO_IDEA
+ printf("%s ",idea_options());
#endif
- fprintf(stdout,"\n%s\n",SSLeay_version(SSLEAY_CFLAGS));
+#ifndef OPENSSL_NO_BF
+ printf("%s ",BF_options());
+#endif
+ fprintf(stdout,"\n%s\n",SSLeay_version(SSLEAY_CFLAGS));
+ printf("available timing options: ");
+#ifdef TIMES
+ printf("TIMES ");
+#endif
+#ifdef TIMEB
+ printf("TIMEB ");
+#endif
+#ifdef USE_TOD
+ printf("USE_TOD ");
+#endif
+#ifdef HZ
+#define as_string(s) (#s)
+ printf("HZ=%g", (double)HZ);
+# ifdef _SC_CLK_TCK
+ printf(" [sysconf value]");
+# endif
+#endif
+ printf("\n");
+ printf("timing function used: %s%s%s%s%s%s%s\n",
+ (ftime_used ? "ftime" : ""),
+ (ftime_used + times_used > 1 ? "," : ""),
+ (times_used ? "times" : ""),
+ (ftime_used + times_used + gettimeofday_used > 1 ? "," : ""),
+ (gettimeofday_used ? "gettimeofday" : ""),
+ (ftime_used + times_used + gettimeofday_used + getrusage_used > 1 ? "," : ""),
+ (getrusage_used ? "getrusage" : ""));
+ }
if (pr_header)
{
- fprintf(stdout,"The 'numbers' are in 1000s of bytes per second processed.\n");
- fprintf(stdout,"type ");
+ if(mr)
+ fprintf(stdout,"+H");
+ else
+ {
+ fprintf(stdout,"The 'numbers' are in 1000s of bytes per second processed.\n");
+ fprintf(stdout,"type ");
+ }
for (j=0; j<SIZE_NUM; j++)
- fprintf(stdout,"%7d bytes",lengths[j]);
+ fprintf(stdout,mr ? ":%d" : "%7d bytes",lengths[j]);
fprintf(stdout,"\n");
}
for (k=0; k<ALGOR_NUM; k++)
{
if (!doit[k]) continue;
- fprintf(stdout,"%-13s",names[k]);
+ if(mr)
+ fprintf(stdout,"+F:%d:%s",k,names[k]);
+ else
+ fprintf(stdout,"%-13s",names[k]);
for (j=0; j<SIZE_NUM; j++)
{
- if (results[k][j] > 10000)
+ if (results[k][j] > 10000 && !mr)
fprintf(stdout," %11.2fk",results[k][j]/1e3);
else
- fprintf(stdout," %11.2f ",results[k][j]);
+ fprintf(stdout,mr ? ":%.2f" : " %11.2f ",results[k][j]);
}
fprintf(stdout,"\n");
}
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
j=1;
for (k=0; k<RSA_NUM; k++)
{
if (!rsa_doit[k]) continue;
- if (j)
+ if (j && !mr)
{
printf("%18ssign verify sign/s verify/s\n"," ");
j=0;
}
- fprintf(stdout,"rsa %4u bits %8.4fs %8.4fs %8.1f %8.1f",
- rsa_bits[k],rsa_results[k][0],rsa_results[k][1],
- 1.0/rsa_results[k][0],1.0/rsa_results[k][1]);
- fprintf(stdout,"\n");
+ if(mr)
+ fprintf(stdout,"+F2:%u:%u:%f:%f\n",
+ k,rsa_bits[k],rsa_results[k][0],
+ rsa_results[k][1]);
+ else
+ fprintf(stdout,"rsa %4u bits %8.4fs %8.4fs %8.1f %8.1f\n",
+ rsa_bits[k],rsa_results[k][0],rsa_results[k][1],
+ 1.0/rsa_results[k][0],1.0/rsa_results[k][1]);
}
#endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
j=1;
for (k=0; k<DSA_NUM; k++)
{
if (!dsa_doit[k]) continue;
- if (j) {
+ if (j && !mr)
+ {
printf("%18ssign verify sign/s verify/s\n"," ");
j=0;
}
- fprintf(stdout,"dsa %4u bits %8.4fs %8.4fs %8.1f %8.1f",
- dsa_bits[k],dsa_results[k][0],dsa_results[k][1],
- 1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
- fprintf(stdout,"\n");
+ if(mr)
+ fprintf(stdout,"+F3:%u:%u:%f:%f\n",
+ k,dsa_bits[k],dsa_results[k][0],dsa_results[k][1]);
+ else
+ fprintf(stdout,"dsa %4u bits %8.4fs %8.4fs %8.1f %8.1f\n",
+ dsa_bits[k],dsa_results[k][0],dsa_results[k][1],
+ 1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
}
#endif
mret=0;
end:
+ ERR_print_errors(bio_err);
if (buf != NULL) OPENSSL_free(buf);
if (buf2 != NULL) OPENSSL_free(buf2);
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
for (i=0; i<RSA_NUM; i++)
if (rsa_key[i] != NULL)
RSA_free(rsa_key[i]);
#endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
for (i=0; i<DSA_NUM; i++)
if (dsa_key[i] != NULL)
DSA_free(dsa_key[i]);
#endif
- EXIT(mret);
+ apps_shutdown();
+ OPENSSL_EXIT(mret);
}
-static void print_message(char *s, long num, int length)
+static void print_message(const char *s, long num, int length)
{
#ifdef SIGALRM
- BIO_printf(bio_err,"Doing %s for %ds on %d size blocks: ",s,SECONDS,length);
+ BIO_printf(bio_err,mr ? "+DT:%s:%d:%d\n"
+ : "Doing %s for %ds on %d size blocks: ",s,SECONDS,length);
(void)BIO_flush(bio_err);
alarm(SECONDS);
#else
- BIO_printf(bio_err,"Doing %s %ld times on %d size blocks: ",s,num,length);
+ BIO_printf(bio_err,mr ? "+DN:%s:%ld:%d\n"
+ : "Doing %s %ld times on %d size blocks: ",s,num,length);
(void)BIO_flush(bio_err);
#endif
#ifdef LINT
@@ -1434,11 +1753,13 @@ static void pkey_print_message(char *str, char *str2, long num, int bits,
int tm)
{
#ifdef SIGALRM
- BIO_printf(bio_err,"Doing %d bit %s %s's for %ds: ",bits,str,str2,tm);
+ BIO_printf(bio_err,mr ? "+DTP:%d:%s:%s:%d\n"
+ : "Doing %d bit %s %s's for %ds: ",bits,str,str2,tm);
(void)BIO_flush(bio_err);
alarm(RSA_SECONDS);
#else
- BIO_printf(bio_err,"Doing %ld %d bit %s %s's: ",num,bits,str,str2);
+ BIO_printf(bio_err,mr ? "+DNP:%ld:%d:%s:%s\n"
+ : "Doing %ld %d bit %s %s's: ",num,bits,str,str2);
(void)BIO_flush(bio_err);
#endif
#ifdef LINT
@@ -1446,3 +1767,175 @@ static void pkey_print_message(char *str, char *str2, long num, int bits,
#endif
}
+static void print_result(int alg,int run_no,int count,double time_used)
+ {
+ BIO_printf(bio_err,mr ? "+R:%ld:%s:%f\n"
+ : "%ld %s's in %.2fs\n",count,names[alg],time_used);
+ results[alg][run_no]=((double)count)/time_used*lengths[run_no];
+ }
+
+static char *sstrsep(char **string, const char *delim)
+ {
+ char isdelim[256];
+ char *token = *string;
+
+ if (**string == 0)
+ return NULL;
+
+ memset(isdelim, 0, sizeof isdelim);
+ isdelim[0] = 1;
+
+ while (*delim)
+ {
+ isdelim[(unsigned char)(*delim)] = 1;
+ delim++;
+ }
+
+ while (!isdelim[(unsigned char)(**string)])
+ {
+ (*string)++;
+ }
+
+ if (**string)
+ {
+ **string = 0;
+ (*string)++;
+ }
+
+ return token;
+ }
+
+#ifdef HAVE_FORK
+static int do_multi(int multi)
+ {
+ int n;
+ int fd[2];
+ int *fds;
+ static char sep[]=":";
+
+ fds=malloc(multi*sizeof *fds);
+ for(n=0 ; n < multi ; ++n)
+ {
+ pipe(fd);
+ if(fork())
+ {
+ close(fd[1]);
+ fds[n]=fd[0];
+ }
+ else
+ {
+ close(fd[0]);
+ close(1);
+ dup(fd[1]);
+ close(fd[1]);
+ mr=1;
+ usertime=0;
+ return 0;
+ }
+ printf("Forked child %d\n",n);
+ }
+
+ /* for now, assume the pipe is long enough to take all the output */
+ for(n=0 ; n < multi ; ++n)
+ {
+ FILE *f;
+ char buf[1024];
+ char *p;
+
+ f=fdopen(fds[n],"r");
+ while(fgets(buf,sizeof buf,f))
+ {
+ p=strchr(buf,'\n');
+ if(p)
+ *p='\0';
+ if(buf[0] != '+')
+ {
+ fprintf(stderr,"Don't understand line '%s' from child %d\n",
+ buf,n);
+ continue;
+ }
+ printf("Got: %s from %d\n",buf,n);
+ if(!strncmp(buf,"+F:",3))
+ {
+ int alg;
+ int j;
+
+ p=buf+3;
+ alg=atoi(sstrsep(&p,sep));
+ sstrsep(&p,sep);
+ for(j=0 ; j < SIZE_NUM ; ++j)
+ results[alg][j]+=atof(sstrsep(&p,sep));
+ }
+ else if(!strncmp(buf,"+F2:",4))
+ {
+ int k;
+ double d;
+
+ p=buf+4;
+ k=atoi(sstrsep(&p,sep));
+ sstrsep(&p,sep);
+
+ d=atof(sstrsep(&p,sep));
+ if(n)
+ rsa_results[k][0]=1/(1/rsa_results[k][0]+1/d);
+ else
+ rsa_results[k][0]=d;
+
+ d=atof(sstrsep(&p,sep));
+ if(n)
+ rsa_results[k][1]=1/(1/rsa_results[k][1]+1/d);
+ else
+ rsa_results[k][1]=d;
+ }
+ else if(!strncmp(buf,"+F2:",4))
+ {
+ int k;
+ double d;
+
+ p=buf+4;
+ k=atoi(sstrsep(&p,sep));
+ sstrsep(&p,sep);
+
+ d=atof(sstrsep(&p,sep));
+ if(n)
+ rsa_results[k][0]=1/(1/rsa_results[k][0]+1/d);
+ else
+ rsa_results[k][0]=d;
+
+ d=atof(sstrsep(&p,sep));
+ if(n)
+ rsa_results[k][1]=1/(1/rsa_results[k][1]+1/d);
+ else
+ rsa_results[k][1]=d;
+ }
+ else if(!strncmp(buf,"+F3:",4))
+ {
+ int k;
+ double d;
+
+ p=buf+4;
+ k=atoi(sstrsep(&p,sep));
+ sstrsep(&p,sep);
+
+ d=atof(sstrsep(&p,sep));
+ if(n)
+ dsa_results[k][0]=1/(1/dsa_results[k][0]+1/d);
+ else
+ dsa_results[k][0]=d;
+
+ d=atof(sstrsep(&p,sep));
+ if(n)
+ dsa_results[k][1]=1/(1/dsa_results[k][1]+1/d);
+ else
+ dsa_results[k][1]=d;
+ }
+ else if(!strncmp(buf,"+H:",3))
+ {
+ }
+ else
+ fprintf(stderr,"Unknown type '%s' from child %d\n",buf,n);
+ }
+ }
+ return 1;
+ }
+#endif
diff --git a/crypto/openssl/apps/spkac.c b/crypto/openssl/apps/spkac.c
index 459d730..ed370c5 100644
--- a/crypto/openssl/apps/spkac.c
+++ b/crypto/openssl/apps/spkac.c
@@ -81,21 +81,26 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
int i,badops=0, ret = 1;
- BIO *in = NULL,*out = NULL, *key = NULL;
+ BIO *in = NULL,*out = NULL;
int verify=0,noout=0,pubkey=0;
char *infile = NULL,*outfile = NULL,*prog;
char *passargin = NULL, *passin = NULL;
char *spkac = "SPKAC", *spksect = "default", *spkstr = NULL;
char *challenge = NULL, *keyfile = NULL;
- LHASH *conf = NULL;
+ CONF *conf = NULL;
NETSCAPE_SPKI *spki = NULL;
EVP_PKEY *pkey = NULL;
+ char *engine=NULL;
apps_startup();
if (!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+ if (!load_config(bio_err, NULL))
+ goto end;
+
prog=argv[0];
argc--;
argv++;
@@ -136,6 +141,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
spksect= *(++argv);
}
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
else if (strcmp(*argv,"-noout") == 0)
noout=1;
else if (strcmp(*argv,"-pubkey") == 0)
@@ -161,6 +171,7 @@ bad:
BIO_printf(bio_err," -noout don't print SPKAC\n");
BIO_printf(bio_err," -pubkey output public key\n");
BIO_printf(bio_err," -verify verify SPKAC signature\n");
+ BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
goto end;
}
@@ -170,18 +181,13 @@ bad:
goto end;
}
+ e = setup_engine(bio_err, engine, 0);
+
if(keyfile) {
- if(strcmp(keyfile, "-")) key = BIO_new_file(keyfile, "r");
- else key = BIO_new_fp(stdin, BIO_NOCLOSE);
- if(!key) {
- BIO_printf(bio_err, "Error opening key file\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, passin);
+ pkey = load_key(bio_err,
+ strcmp(keyfile, "-") ? keyfile : NULL,
+ FORMAT_PEM, 1, passin, e, "private key");
if(!pkey) {
- BIO_printf(bio_err, "Error reading private key\n");
- ERR_print_errors(bio_err);
goto end;
}
spki = NETSCAPE_SPKI_new();
@@ -194,7 +200,7 @@ bad:
if (outfile) out = BIO_new_file(outfile, "w");
else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
@@ -224,15 +230,16 @@ bad:
goto end;
}
- conf = CONF_load_bio(NULL, in, NULL);
+ conf = NCONF_new(NULL);
+ i = NCONF_load_bio(conf, in, NULL);
- if(!conf) {
+ if(!i) {
BIO_printf(bio_err, "Error parsing config file\n");
ERR_print_errors(bio_err);
goto end;
}
- spkstr = CONF_get_string(conf, spksect, spkac);
+ spkstr = NCONF_get_string(conf, spksect, spkac);
if(!spkstr) {
BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac);
@@ -251,7 +258,7 @@ bad:
if (outfile) out = BIO_new_file(outfile, "w");
else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
@@ -281,12 +288,12 @@ bad:
ret = 0;
end:
- CONF_free(conf);
+ NCONF_free(conf);
NETSCAPE_SPKI_free(spki);
BIO_free(in);
BIO_free_all(out);
- BIO_free(key);
EVP_PKEY_free(pkey);
if(passin) OPENSSL_free(passin);
- EXIT(ret);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
}
diff --git a/crypto/openssl/apps/testdsa.h b/crypto/openssl/apps/testdsa.h
index f0bfbb1..9e84e31 100644
--- a/crypto/openssl/apps/testdsa.h
+++ b/crypto/openssl/apps/testdsa.h
@@ -3,6 +3,18 @@
DSA *get_dsa512(void );
DSA *get_dsa1024(void );
DSA *get_dsa2048(void );
+static unsigned char dsa512_priv[] = {
+ 0x65,0xe5,0xc7,0x38,0x60,0x24,0xb5,0x89,0xd4,0x9c,0xeb,0x4c,
+ 0x9c,0x1d,0x7a,0x22,0xbd,0xd1,0xc2,0xd2,
+ };
+static unsigned char dsa512_pub[] = {
+ 0x00,0x95,0xa7,0x0d,0xec,0x93,0x68,0xba,0x5f,0xf7,0x5f,0x07,
+ 0xf2,0x3b,0xad,0x6b,0x01,0xdc,0xbe,0xec,0xde,0x04,0x7a,0x3a,
+ 0x27,0xb3,0xec,0x49,0xfd,0x08,0x43,0x3d,0x7e,0xa8,0x2c,0x5e,
+ 0x7b,0xbb,0xfc,0xf4,0x6e,0xeb,0x6c,0xb0,0x6e,0xf8,0x02,0x12,
+ 0x8c,0x38,0x5d,0x83,0x56,0x7d,0xee,0x53,0x05,0x3e,0x24,0x84,
+ 0xbe,0xba,0x0a,0x6b,0xc8,
+ };
static unsigned char dsa512_p[]={
0x9D,0x1B,0x69,0x8E,0x26,0xDB,0xF2,0x2B,0x11,0x70,0x19,0x86,
0xF6,0x19,0xC8,0xF8,0x19,0xF2,0x18,0x53,0x94,0x46,0x06,0xD0,
@@ -29,14 +41,34 @@ DSA *get_dsa512()
DSA *dsa;
if ((dsa=DSA_new()) == NULL) return(NULL);
+ dsa->priv_key=BN_bin2bn(dsa512_priv,sizeof(dsa512_priv),NULL);
+ dsa->pub_key=BN_bin2bn(dsa512_pub,sizeof(dsa512_pub),NULL);
dsa->p=BN_bin2bn(dsa512_p,sizeof(dsa512_p),NULL);
dsa->q=BN_bin2bn(dsa512_q,sizeof(dsa512_q),NULL);
dsa->g=BN_bin2bn(dsa512_g,sizeof(dsa512_g),NULL);
- if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
+ if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||
+ (dsa->q == NULL) || (dsa->g == NULL))
return(NULL);
return(dsa);
}
+static unsigned char dsa1024_priv[]={
+ 0x7d,0x21,0xda,0xbb,0x62,0x15,0x47,0x36,0x07,0x67,0x12,0xe8,
+ 0x8c,0xaa,0x1c,0xcd,0x38,0x12,0x61,0x18,
+ };
+static unsigned char dsa1024_pub[]={
+ 0x3c,0x4e,0x9c,0x2a,0x7f,0x16,0xc1,0x25,0xeb,0xac,0x78,0x63,
+ 0x90,0x14,0x8c,0x8b,0xf4,0x68,0x43,0x3c,0x2d,0xee,0x65,0x50,
+ 0x7d,0x9c,0x8f,0x8c,0x8a,0x51,0xd6,0x11,0x2b,0x99,0xaf,0x1e,
+ 0x90,0x97,0xb5,0xd3,0xa6,0x20,0x25,0xd6,0xfe,0x43,0x02,0xd5,
+ 0x91,0x7d,0xa7,0x8c,0xdb,0xc9,0x85,0xa3,0x36,0x48,0xf7,0x68,
+ 0xaa,0x60,0xb1,0xf7,0x05,0x68,0x3a,0xa3,0x3f,0xd3,0x19,0x82,
+ 0xd8,0x82,0x7a,0x77,0xfb,0xef,0xf4,0x15,0x0a,0xeb,0x06,0x04,
+ 0x7f,0x53,0x07,0x0c,0xbc,0xcb,0x2d,0x83,0xdb,0x3e,0xd1,0x28,
+ 0xa5,0xa1,0x31,0xe0,0x67,0xfa,0x50,0xde,0x9b,0x07,0x83,0x7e,
+ 0x2c,0x0b,0xc3,0x13,0x50,0x61,0xe5,0xad,0xbd,0x36,0xb8,0x97,
+ 0x4e,0x40,0x7d,0xe8,0x83,0x0d,0xbc,0x4b
+ };
static unsigned char dsa1024_p[]={
0xA7,0x3F,0x6E,0x85,0xBF,0x41,0x6A,0x29,0x7D,0xF0,0x9F,0x47,
0x19,0x30,0x90,0x9A,0x09,0x1D,0xDA,0x6A,0x33,0x1E,0xC5,0x3D,
@@ -73,14 +105,45 @@ DSA *get_dsa1024()
DSA *dsa;
if ((dsa=DSA_new()) == NULL) return(NULL);
+ dsa->priv_key=BN_bin2bn(dsa1024_priv,sizeof(dsa1024_priv),NULL);
+ dsa->pub_key=BN_bin2bn(dsa1024_pub,sizeof(dsa1024_pub),NULL);
dsa->p=BN_bin2bn(dsa1024_p,sizeof(dsa1024_p),NULL);
dsa->q=BN_bin2bn(dsa1024_q,sizeof(dsa1024_q),NULL);
dsa->g=BN_bin2bn(dsa1024_g,sizeof(dsa1024_g),NULL);
- if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
+ if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||
+ (dsa->q == NULL) || (dsa->g == NULL))
return(NULL);
return(dsa);
}
+static unsigned char dsa2048_priv[]={
+ 0x32,0x67,0x92,0xf6,0xc4,0xe2,0xe2,0xe8,0xa0,0x8b,0x6b,0x45,
+ 0x0c,0x8a,0x76,0xb0,0xee,0xcf,0x91,0xa7,
+ };
+static unsigned char dsa2048_pub[]={
+ 0x17,0x8f,0xa8,0x11,0x84,0x92,0xec,0x83,0x47,0xc7,0x6a,0xb0,
+ 0x92,0xaf,0x5a,0x20,0x37,0xa3,0x64,0x79,0xd2,0xd0,0x3d,0xcd,
+ 0xe0,0x61,0x88,0x88,0x21,0xcc,0x74,0x5d,0xce,0x4c,0x51,0x47,
+ 0xf0,0xc5,0x5c,0x4c,0x82,0x7a,0xaf,0x72,0xad,0xb9,0xe0,0x53,
+ 0xf2,0x78,0xb7,0xf0,0xb5,0x48,0x7f,0x8a,0x3a,0x18,0xd1,0x9f,
+ 0x8b,0x7d,0xa5,0x47,0xb7,0x95,0xab,0x98,0xf8,0x7b,0x74,0x50,
+ 0x56,0x8e,0x57,0xf0,0xee,0xf5,0xb7,0xba,0xab,0x85,0x86,0xf9,
+ 0x2b,0xef,0x41,0x56,0xa0,0xa4,0x9f,0xb7,0x38,0x00,0x46,0x0a,
+ 0xa6,0xf1,0xfc,0x1f,0xd8,0x4e,0x85,0x44,0x92,0x43,0x21,0x5d,
+ 0x6e,0xcc,0xc2,0xcb,0x26,0x31,0x0d,0x21,0xc4,0xbd,0x8d,0x24,
+ 0xbc,0xd9,0x18,0x19,0xd7,0xdc,0xf1,0xe7,0x93,0x50,0x48,0x03,
+ 0x2c,0xae,0x2e,0xe7,0x49,0x88,0x5f,0x93,0x57,0x27,0x99,0x36,
+ 0xb4,0x20,0xab,0xfc,0xa7,0x2b,0xf2,0xd9,0x98,0xd7,0xd4,0x34,
+ 0x9d,0x96,0x50,0x58,0x9a,0xea,0x54,0xf3,0xee,0xf5,0x63,0x14,
+ 0xee,0x85,0x83,0x74,0x76,0xe1,0x52,0x95,0xc3,0xf7,0xeb,0x04,
+ 0x04,0x7b,0xa7,0x28,0x1b,0xcc,0xea,0x4a,0x4e,0x84,0xda,0xd8,
+ 0x9c,0x79,0xd8,0x9b,0x66,0x89,0x2f,0xcf,0xac,0xd7,0x79,0xf9,
+ 0xa9,0xd8,0x45,0x13,0x78,0xb9,0x00,0x14,0xc9,0x7e,0x22,0x51,
+ 0x86,0x67,0xb0,0x9f,0x26,0x11,0x23,0xc8,0x38,0xd7,0x70,0x1d,
+ 0x15,0x8e,0x4d,0x4f,0x95,0x97,0x40,0xa1,0xc2,0x7e,0x01,0x18,
+ 0x72,0xf4,0x10,0xe6,0x8d,0x52,0x16,0x7f,0xf2,0xc9,0xf8,0x33,
+ 0x8b,0x33,0xb7,0xce,
+ };
static unsigned char dsa2048_p[]={
0xA0,0x25,0xFA,0xAD,0xF4,0x8E,0xB9,0xE5,0x99,0xF3,0x5D,0x6F,
0x4F,0x83,0x34,0xE2,0x7E,0xCF,0x6F,0xBF,0x30,0xAF,0x6F,0x81,
@@ -139,10 +202,13 @@ DSA *get_dsa2048()
DSA *dsa;
if ((dsa=DSA_new()) == NULL) return(NULL);
+ dsa->priv_key=BN_bin2bn(dsa2048_priv,sizeof(dsa2048_priv),NULL);
+ dsa->pub_key=BN_bin2bn(dsa2048_pub,sizeof(dsa2048_pub),NULL);
dsa->p=BN_bin2bn(dsa2048_p,sizeof(dsa2048_p),NULL);
dsa->q=BN_bin2bn(dsa2048_q,sizeof(dsa2048_q),NULL);
dsa->g=BN_bin2bn(dsa2048_g,sizeof(dsa2048_g),NULL);
- if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
+ if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||
+ (dsa->q == NULL) || (dsa->g == NULL))
return(NULL);
return(dsa);
}
diff --git a/crypto/openssl/apps/verify.c b/crypto/openssl/apps/verify.c
index 47e602d..9a18213 100644
--- a/crypto/openssl/apps/verify.c
+++ b/crypto/openssl/apps/verify.c
@@ -70,14 +70,15 @@
#define PROG verify_main
static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx);
-static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose);
+static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose, ENGINE *e);
static STACK_OF(X509) *load_untrusted(char *file);
-static int v_verbose=0, issuer_checks = 0;
+static int v_verbose=0, vflags = 0;
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
int i,ret=1;
int purpose = -1;
char *CApath=NULL,*CAfile=NULL;
@@ -85,6 +86,7 @@ int MAIN(int argc, char **argv)
STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
X509_STORE *cert_ctx=NULL;
X509_LOOKUP *lookup=NULL;
+ char *engine=NULL;
cert_ctx=X509_STORE_new();
if (cert_ctx == NULL) goto end;
@@ -98,6 +100,9 @@ int MAIN(int argc, char **argv)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ if (!load_config(bio_err, NULL))
+ goto end;
+
argc--;
argv++;
for (;;)
@@ -137,10 +142,21 @@ int MAIN(int argc, char **argv)
if (argc-- < 1) goto end;
trustfile= *(++argv);
}
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto end;
+ engine= *(++argv);
+ }
else if (strcmp(*argv,"-help") == 0)
goto end;
+ else if (strcmp(*argv,"-ignore_critical") == 0)
+ vflags |= X509_V_FLAG_IGNORE_CRITICAL;
else if (strcmp(*argv,"-issuer_checks") == 0)
- issuer_checks=1;
+ vflags |= X509_V_FLAG_CB_ISSUER_CHECK;
+ else if (strcmp(*argv,"-crl_check") == 0)
+ vflags |= X509_V_FLAG_CRL_CHECK;
+ else if (strcmp(*argv,"-crl_check_all") == 0)
+ vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
else if (strcmp(*argv,"-verbose") == 0)
v_verbose=1;
else if (argv[0][0] == '-')
@@ -154,6 +170,8 @@ int MAIN(int argc, char **argv)
break;
}
+ e = setup_engine(bio_err, engine, 0);
+
lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
if (lookup == NULL) abort();
if (CAfile) {
@@ -194,14 +212,14 @@ int MAIN(int argc, char **argv)
}
}
- if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, purpose);
+ if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, purpose, e);
else
for (i=0; i<argc; i++)
- check(cert_ctx,argv[i], untrusted, trusted, purpose);
+ check(cert_ctx,argv[i], untrusted, trusted, purpose, e);
ret=0;
end:
if (ret == 1) {
- BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] cert1 cert2 ...\n");
+ BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check] [-engine e] cert1 cert2 ...\n");
BIO_printf(bio_err,"recognized usages:\n");
for(i = 0; i < X509_PURPOSE_get_count(); i++) {
X509_PURPOSE *ptmp;
@@ -213,42 +231,19 @@ end:
if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
sk_X509_pop_free(untrusted, X509_free);
sk_X509_pop_free(trusted, X509_free);
- EXIT(ret);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
}
-static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose)
+static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose, ENGINE *e)
{
X509 *x=NULL;
- BIO *in=NULL;
int i=0,ret=0;
X509_STORE_CTX *csc;
- in=BIO_new(BIO_s_file());
- if (in == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (file == NULL)
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(in,file) <= 0)
- {
- perror(file);
- goto end;
- }
- }
-
- x=PEM_read_bio_X509(in,NULL,NULL,NULL);
+ x = load_cert(bio_err, file, FORMAT_PEM, NULL, e, "certificate file");
if (x == NULL)
- {
- fprintf(stdout,"%s: unable to load certificate file\n",
- (file == NULL)?"stdin":file);
- ERR_print_errors(bio_err);
goto end;
- }
fprintf(stdout,"%s: ",(file == NULL)?"stdin":file);
csc = X509_STORE_CTX_new();
@@ -257,11 +252,14 @@ static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X
ERR_print_errors(bio_err);
goto end;
}
- X509_STORE_CTX_init(csc,ctx,x,uchain);
+ X509_STORE_set_flags(ctx, vflags);
+ if(!X509_STORE_CTX_init(csc,ctx,x,uchain))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
if(tchain) X509_STORE_CTX_trusted_stack(csc, tchain);
if(purpose >= 0) X509_STORE_CTX_set_purpose(csc, purpose);
- if(issuer_checks)
- X509_STORE_CTX_set_flags(csc, X509_V_FLAG_CB_ISSUER_CHECK);
i=X509_verify_cert(csc);
X509_STORE_CTX_free(csc);
@@ -275,7 +273,6 @@ end:
else
ERR_print_errors(bio_err);
if (x != NULL) X509_free(x);
- if (in != NULL) BIO_free(in);
return(ret);
}
@@ -333,7 +330,8 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
if (!ok)
{
X509_NAME_oneline(
- X509_get_subject_name(ctx->current_cert),buf,256);
+ X509_get_subject_name(ctx->current_cert),buf,
+ sizeof buf);
printf("%s\n",buf);
printf("error %d at %d depth lookup:%s\n",ctx->error,
ctx->error_depth,
@@ -349,6 +347,9 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
if (ctx->error == X509_V_ERR_PATH_LENGTH_EXCEEDED) ok=1;
if (ctx->error == X509_V_ERR_INVALID_PURPOSE) ok=1;
if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1;
+ if (ctx->error == X509_V_ERR_CRL_HAS_EXPIRED) ok=1;
+ if (ctx->error == X509_V_ERR_CRL_NOT_YET_VALID) ok=1;
+ if (ctx->error == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) ok=1;
}
if (!v_verbose)
ERR_clear_error();
diff --git a/crypto/openssl/apps/version.c b/crypto/openssl/apps/version.c
index f5c9adc..0843b67 100644
--- a/crypto/openssl/apps/version.c
+++ b/crypto/openssl/apps/version.c
@@ -55,6 +55,59 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
#include <stdio.h>
#include <stdlib.h>
@@ -62,6 +115,21 @@
#include "apps.h"
#include <openssl/evp.h>
#include <openssl/crypto.h>
+#ifndef OPENSSL_NO_MD2
+# include <openssl/md2.h>
+#endif
+#ifndef OPENSSL_NO_RC4
+# include <openssl/rc4.h>
+#endif
+#ifndef OPENSSL_NO_DES
+# include <openssl/des.h>
+#endif
+#ifndef OPENSSL_NO_IDEA
+# include <openssl/idea.h>
+#endif
+#ifndef OPENSSL_NO_BF
+# include <openssl/blowfish.h>
+#endif
#undef PROG
#define PROG version_main
@@ -71,7 +139,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
int i,ret=0;
- int cflags=0,version=0,date=0,options=0,platform=0;
+ int cflags=0,version=0,date=0,options=0,platform=0,dir=0;
apps_startup();
@@ -92,8 +160,10 @@ int MAIN(int argc, char **argv)
options=1;
else if (strcmp(argv[i],"-p") == 0)
platform=1;
+ else if (strcmp(argv[i],"-d") == 0)
+ dir=1;
else if (strcmp(argv[i],"-a") == 0)
- date=version=cflags=options=platform=1;
+ date=version=cflags=options=platform=dir=1;
else
{
BIO_printf(bio_err,"usage:version -[avbofp]\n");
@@ -109,24 +179,26 @@ int MAIN(int argc, char **argv)
{
printf("options: ");
printf("%s ",BN_options());
-#ifndef NO_MD2
+#ifndef OPENSSL_NO_MD2
printf("%s ",MD2_options());
#endif
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
printf("%s ",RC4_options());
#endif
-#ifndef NO_DES
- printf("%s ",des_options());
+#ifndef OPENSSL_NO_DES
+ printf("%s ",DES_options());
#endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
printf("%s ",idea_options());
#endif
-#ifndef NO_BF
+#ifndef OPENSSL_NO_BF
printf("%s ",BF_options());
#endif
printf("\n");
}
if (cflags) printf("%s\n",SSLeay_version(SSLEAY_CFLAGS));
+ if (dir) printf("%s\n",SSLeay_version(SSLEAY_DIR));
end:
- EXIT(ret);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
}
diff --git a/crypto/openssl/apps/winrand.c b/crypto/openssl/apps/winrand.c
index d042258..59bede3 100644
--- a/crypto/openssl/apps/winrand.c
+++ b/crypto/openssl/apps/winrand.c
@@ -118,7 +118,6 @@ LRESULT CALLBACK WndProc(HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam)
HDC hdc;
PAINTSTRUCT ps;
RECT rect;
- char buffer[200];
static int seeded = 0;
switch (iMsg)
diff --git a/crypto/openssl/apps/x509.c b/crypto/openssl/apps/x509.c
index b9b1328..7915eca 100644
--- a/crypto/openssl/apps/x509.c
+++ b/crypto/openssl/apps/x509.c
@@ -60,7 +60,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#ifdef NO_STDIO
+#ifdef OPENSSL_NO_STDIO
#define APPS_WIN16
#endif
#include "apps.h"
@@ -105,6 +105,7 @@ static char *x509_usage[]={
" -fingerprint - print the certificate fingerprint\n",
" -alias - output certificate alias\n",
" -noout - no certificate output\n",
+" -ocspid - print OCSP hash values for the subject name and public key\n",
" -trustout - output a \"trusted\" certificate\n",
" -clrtrust - clear all trusted purposes\n",
" -clrreject - clear all rejected purposes\n",
@@ -121,7 +122,8 @@ static char *x509_usage[]={
" -CAkey arg - set the CA key, must be PEM format\n",
" missing, it is assumed to be in the CA file.\n",
" -CAcreateserial - create serial number file if it does not exist\n",
-" -CAserial - serial file\n",
+" -CAserial arg - serial file\n",
+" -set_serial - serial number to use\n",
" -text - print the certificate in text form\n",
" -C - print out C code forms\n",
" -md2/-md5/-sha1/-mdc2 - digest to use\n",
@@ -129,15 +131,18 @@ static char *x509_usage[]={
" -extensions - section from config file with X509V3 extensions to add\n",
" -clrext - delete extensions before signing and input certificate\n",
" -nameopt arg - various certificate name options\n",
+" -engine e - use engine e, possibly a hardware device.\n",
+" -certopt arg - various certificate text options\n",
NULL
};
static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
static int sign (X509 *x, EVP_PKEY *pkey,int days,int clrext, const EVP_MD *digest,
- LHASH *conf, char *section);
+ CONF *conf, char *section);
static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest,
X509 *x,X509 *xca,EVP_PKEY *pkey,char *serial,
- int create,int days, int clrext, LHASH *conf, char *section);
+ int create,int days, int clrext, CONF *conf, char *section,
+ ASN1_INTEGER *sno);
static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);
static int reqfile=0;
@@ -145,11 +150,13 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
int ret=1;
X509_REQ *req=NULL;
X509 *x=NULL,*xca=NULL;
ASN1_OBJECT *objtmp;
EVP_PKEY *Upkey=NULL,*CApkey=NULL;
+ ASN1_INTEGER *sno = NULL;
int i,num,badops=0;
BIO *out=NULL;
BIO *STDout=NULL;
@@ -159,6 +166,7 @@ int MAIN(int argc, char **argv)
char *CAkeyfile=NULL,*CAserial=NULL;
char *alias=NULL;
int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0;
+ int ocspid=0;
int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;
int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
int C=0;
@@ -170,11 +178,12 @@ int MAIN(int argc, char **argv)
int fingerprint=0;
char buf[256];
const EVP_MD *md_alg,*digest=EVP_md5();
- LHASH *extconf = NULL;
+ CONF *extconf = NULL;
char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
int need_rand = 0;
int checkend=0,checkoffset=0;
- unsigned long nmflag = 0;
+ unsigned long nmflag = 0, certflag = 0;
+ char *engine=NULL;
reqfile=0;
@@ -182,8 +191,11 @@ int MAIN(int argc, char **argv)
if (bio_err == NULL)
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
STDout = BIO_push(tmpbio, STDout);
@@ -294,6 +306,12 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
CAserial= *(++argv);
}
+ else if (strcmp(*argv,"-set_serial") == 0)
+ {
+ if (--argc < 1) goto bad;
+ if (!(sno = s2i_ASN1_INTEGER(NULL, *(++argv))))
+ goto bad;
+ }
else if (strcmp(*argv,"-addtrust") == 0)
{
if (--argc < 1) goto bad;
@@ -326,6 +344,11 @@ int MAIN(int argc, char **argv)
alias= *(++argv);
trustout = 1;
}
+ else if (strcmp(*argv,"-certopt") == 0)
+ {
+ if (--argc < 1) goto bad;
+ if (!set_cert_ex(&certflag, *(++argv))) goto bad;
+ }
else if (strcmp(*argv,"-nameopt") == 0)
{
if (--argc < 1) goto bad;
@@ -337,6 +360,11 @@ int MAIN(int argc, char **argv)
alias= *(++argv);
trustout = 1;
}
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
else if (strcmp(*argv,"-C") == 0)
C= ++num;
else if (strcmp(*argv,"-email") == 0)
@@ -397,6 +425,8 @@ int MAIN(int argc, char **argv)
clrext = 1;
}
#endif
+ else if (strcmp(*argv,"-ocspid") == 0)
+ ocspid= ++num;
else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
{
/* ok */
@@ -416,10 +446,12 @@ int MAIN(int argc, char **argv)
{
bad:
for (pp=x509_usage; (*pp != NULL); pp++)
- BIO_printf(bio_err,*pp);
+ BIO_printf(bio_err,"%s",*pp);
goto end;
}
+ e = setup_engine(bio_err, engine, 0);
+
if (need_rand)
app_RAND_load_file(NULL, bio_err, 0);
@@ -447,9 +479,10 @@ bad:
if (extfile)
{
- long errorline;
+ long errorline = -1;
X509V3_CTX ctx2;
- if (!(extconf=CONF_load(NULL,extfile,&errorline)))
+ extconf = NCONF_new(NULL);
+ if (!NCONF_load(extconf, extfile,&errorline))
{
if (errorline <= 0)
BIO_printf(bio_err,
@@ -461,11 +494,18 @@ bad:
,errorline,extfile);
goto end;
}
- if (!extsect && !(extsect = CONF_get_string(extconf, "default",
- "extensions"))) extsect = "default";
+ if (!extsect)
+ {
+ extsect = NCONF_get_string(extconf, "default", "extensions");
+ if (!extsect)
+ {
+ ERR_clear_error();
+ extsect = "default";
+ }
+ }
X509V3_set_ctx_test(&ctx2);
- X509V3_set_conf_lhash(&ctx2, extconf);
- if (!X509V3_EXT_add_conf(extconf, &ctx2, extsect, NULL))
+ X509V3_set_nconf(&ctx2, extconf);
+ if (!X509V3_EXT_add_nconf(extconf, &ctx2, extsect, NULL))
{
BIO_printf(bio_err,
"Error Loading extension section %s\n",
@@ -549,7 +589,12 @@ bad:
if ((x=X509_new()) == NULL) goto end;
ci=x->cert_info;
- if (!ASN1_INTEGER_set(X509_get_serialNumber(x),0)) goto end;
+ if (sno)
+ {
+ if (!X509_set_serialNumber(x, sno))
+ goto end;
+ }
+ else if (!ASN1_INTEGER_set(X509_get_serialNumber(x),0)) goto end;
if (!X509_set_issuer_name(x,req->req_info->subject)) goto end;
if (!X509_set_subject_name(x,req->req_info->subject)) goto end;
@@ -561,12 +606,12 @@ bad:
EVP_PKEY_free(pkey);
}
else
- x=load_cert(bio_err,infile,informat);
+ x=load_cert(bio_err,infile,informat,NULL,e,"Certificate");
if (x == NULL) goto end;
if (CA_flag)
{
- xca=load_cert(bio_err,CAfile,CAformat);
+ xca=load_cert(bio_err,CAfile,CAformat,NULL,e,"CA Certificate");
if (xca == NULL) goto end;
}
@@ -584,7 +629,7 @@ bad:
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
@@ -688,12 +733,12 @@ bad:
goto end;
}
BIO_printf(STDout,"Modulus=");
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
if (pkey->type == EVP_PKEY_RSA)
BN_print(STDout,pkey->pkey.rsa->n);
else
#endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
if (pkey->type == EVP_PKEY_DSA)
BN_print(STDout,pkey->pkey.dsa->pub_key);
else
@@ -725,10 +770,11 @@ bad:
int y,z;
X509_NAME_oneline(X509_get_subject_name(x),
- buf,256);
+ buf,sizeof buf);
BIO_printf(STDout,"/* subject:%s */\n",buf);
m=X509_NAME_oneline(
- X509_get_issuer_name(x),buf,256);
+ X509_get_issuer_name(x),buf,
+ sizeof buf);
BIO_printf(STDout,"/* issuer :%s */\n",buf);
z=i2d_X509(x,NULL);
@@ -774,7 +820,7 @@ bad:
}
else if (text == i)
{
- X509_print(out,x);
+ X509_print_ex(out,x,nmflag, certflag);
}
else if (startdate == i)
{
@@ -816,10 +862,11 @@ bad:
if (Upkey == NULL)
{
Upkey=load_key(bio_err,
- keyfile,keyformat, passin);
+ keyfile, keyformat, 0,
+ passin, e, "Private key");
if (Upkey == NULL) goto end;
}
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
if (Upkey->type == EVP_PKEY_DSA)
digest=EVP_dss1();
#endif
@@ -834,10 +881,12 @@ bad:
if (CAkeyfile != NULL)
{
CApkey=load_key(bio_err,
- CAkeyfile,CAkeyformat, passin);
+ CAkeyfile, CAkeyformat,
+ 0, passin, e,
+ "CA Private Key");
if (CApkey == NULL) goto end;
}
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
if (CApkey->type == EVP_PKEY_DSA)
digest=EVP_dss1();
#endif
@@ -845,7 +894,7 @@ bad:
assert(need_rand);
if (!x509_certify(ctx,CAfile,digest,x,xca,
CApkey, CAserial,CA_createserial,days, clrext,
- extconf, extsect))
+ extconf, extsect, sno))
goto end;
}
else if (x509req == i)
@@ -861,13 +910,14 @@ bad:
else
{
pk=load_key(bio_err,
- keyfile,FORMAT_PEM, passin);
+ keyfile, FORMAT_PEM, 0,
+ passin, e, "request key");
if (pk == NULL) goto end;
}
BIO_printf(bio_err,"Generating certificate request\n");
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
if (pk->type == EVP_PKEY_DSA)
digest=EVP_dss1();
#endif
@@ -886,6 +936,10 @@ bad:
}
noout=1;
}
+ else if (ocspid == i)
+ {
+ X509_ocspid_print(out, x);
+ }
}
}
@@ -948,7 +1002,7 @@ end:
if (need_rand)
app_RAND_write_file(NULL, bio_err);
OBJ_cleanup();
- CONF_free(extconf);
+ NCONF_free(extconf);
BIO_free_all(out);
BIO_free_all(STDout);
X509_STORE_free(ctx);
@@ -958,32 +1012,23 @@ end:
EVP_PKEY_free(Upkey);
EVP_PKEY_free(CApkey);
X509_REQ_free(rq);
+ ASN1_INTEGER_free(sno);
sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
if (passin) OPENSSL_free(passin);
- EXIT(ret);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
}
-static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
- X509 *x, X509 *xca, EVP_PKEY *pkey, char *serialfile, int create,
- int days, int clrext, LHASH *conf, char *section)
+static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create)
{
- int ret=0;
- BIO *io=NULL;
+ char *buf = NULL, *p;
MS_STATIC char buf2[1024];
- char *buf=NULL,*p;
- BIGNUM *serial=NULL;
- ASN1_INTEGER *bs=NULL,bs2;
- X509_STORE_CTX xsc;
- EVP_PKEY *upkey;
-
- upkey = X509_get_pubkey(xca);
- EVP_PKEY_copy_parameters(upkey,pkey);
- EVP_PKEY_free(upkey);
+ ASN1_INTEGER *bs = NULL, *bs2 = NULL;
+ BIO *io = NULL;
+ BIGNUM *serial = NULL;
- X509_STORE_CTX_init(&xsc,ctx,x,NULL);
- buf=OPENSSL_malloc(EVP_PKEY_size(pkey)*2+
- ((serialfile == NULL)
+ buf=OPENSSL_malloc( ((serialfile == NULL)
?(strlen(CAfile)+strlen(POSTFIX)+1)
:(strlen(serialfile)))+1);
if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; }
@@ -1030,7 +1075,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
}
else
{
- if (!a2i_ASN1_INTEGER(io,bs,buf2,1024))
+ if (!a2i_ASN1_INTEGER(io,bs,buf2,sizeof buf2))
{
BIO_printf(bio_err,"unable to load serial number from %s\n",buf);
ERR_print_errors(bio_err);
@@ -1049,20 +1094,55 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
if (!BN_add_word(serial,1))
{ BIO_printf(bio_err,"add_word failure\n"); goto end; }
- bs2.data=(unsigned char *)buf2;
- bs2.length=BN_bn2bin(serial,bs2.data);
-
+ if (!(bs2 = BN_to_ASN1_INTEGER(serial, NULL)))
+ { BIO_printf(bio_err,"error converting bn 2 asn1_integer\n"); goto end; }
if (BIO_write_filename(io,buf) <= 0)
{
BIO_printf(bio_err,"error attempting to write serial number file\n");
perror(buf);
goto end;
}
- i2a_ASN1_INTEGER(io,&bs2);
+ i2a_ASN1_INTEGER(io,bs2);
BIO_puts(io,"\n");
+
BIO_free(io);
+ if (buf) OPENSSL_free(buf);
+ ASN1_INTEGER_free(bs2);
+ BN_free(serial);
io=NULL;
-
+ return bs;
+
+ end:
+ if (buf) OPENSSL_free(buf);
+ BIO_free(io);
+ ASN1_INTEGER_free(bs);
+ BN_free(serial);
+ return NULL;
+
+ }
+
+static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
+ X509 *x, X509 *xca, EVP_PKEY *pkey, char *serialfile, int create,
+ int days, int clrext, CONF *conf, char *section, ASN1_INTEGER *sno)
+ {
+ int ret=0;
+ ASN1_INTEGER *bs=NULL;
+ X509_STORE_CTX xsc;
+ EVP_PKEY *upkey;
+
+ upkey = X509_get_pubkey(xca);
+ EVP_PKEY_copy_parameters(upkey,pkey);
+ EVP_PKEY_free(upkey);
+
+ if(!X509_STORE_CTX_init(&xsc,ctx,x,NULL))
+ {
+ BIO_printf(bio_err,"Error initialising X509 store\n");
+ goto end;
+ }
+ if (sno) bs = sno;
+ else if (!(bs = load_serial(CAfile, serialfile, create)))
+ goto end;
+
if (!X509_STORE_add_cert(ctx,x)) goto end;
/* NOTE: this certificate can/should be self signed, unless it was
@@ -1097,8 +1177,8 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
X509V3_CTX ctx2;
X509_set_version(x,2); /* version 3 certificate */
X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
- X509V3_set_conf_lhash(&ctx2, conf);
- if (!X509V3_EXT_add_conf(conf, &ctx2, section, x)) goto end;
+ X509V3_set_nconf(&ctx2, conf);
+ if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x)) goto end;
}
if (!X509_sign(x,pkey,digest)) goto end;
@@ -1107,10 +1187,7 @@ end:
X509_STORE_CTX_cleanup(&xsc);
if (!ret)
ERR_print_errors(bio_err);
- if (buf != NULL) OPENSSL_free(buf);
- if (bs != NULL) ASN1_INTEGER_free(bs);
- if (io != NULL) BIO_free(io);
- if (serial != NULL) BN_free(serial);
+ if (!sno) ASN1_INTEGER_free(bs);
return ret;
}
@@ -1147,7 +1224,7 @@ static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
/* self sign */
static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest,
- LHASH *conf, char *section)
+ CONF *conf, char *section)
{
EVP_PKEY *pktmp;
@@ -1177,8 +1254,8 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *dig
X509V3_CTX ctx;
X509_set_version(x,2); /* version 3 certificate */
X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
- X509V3_set_conf_lhash(&ctx, conf);
- if (!X509V3_EXT_add_conf(conf, &ctx, section, x)) goto err;
+ X509V3_set_nconf(&ctx, conf);
+ if (!X509V3_EXT_add_nconf(conf, &ctx, section, x)) goto err;
}
if (!X509_sign(x,pkey,digest)) goto err;
return 1;
@@ -1203,6 +1280,3 @@ static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)
}
return 1;
}
-
-
-
OpenPOWER on IntegriCloud