mirror of
https://github.com/ossrs/srs.git
synced 2025-03-09 15:49:59 +00:00
Upgrade openssl from 1.1.0e to 1.1.1b, with source code. 4.0.78
This commit is contained in:
parent
8f1c992379
commit
96dbd7bced
1476 changed files with 616554 additions and 4 deletions
214
trunk/3rdparty/openssl-1.1-fit/apps/CA.pl.in
vendored
Normal file
214
trunk/3rdparty/openssl-1.1-fit/apps/CA.pl.in
vendored
Normal file
|
@ -0,0 +1,214 @@
|
|||
#!{- $config{HASHBANGPERL} -}
|
||||
# Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
# in the file LICENSE in the source distribution or at
|
||||
# https://www.openssl.org/source/license.html
|
||||
|
||||
#
|
||||
# Wrapper around the ca to make it easier to use
|
||||
#
|
||||
# {- join("\n# ", @autowarntext) -}
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
|
||||
my $openssl = "openssl";
|
||||
if(defined $ENV{'OPENSSL'}) {
|
||||
$openssl = $ENV{'OPENSSL'};
|
||||
} else {
|
||||
$ENV{'OPENSSL'} = $openssl;
|
||||
}
|
||||
|
||||
my $verbose = 1;
|
||||
|
||||
my $OPENSSL_CONFIG = $ENV{"OPENSSL_CONFIG"} || "";
|
||||
my $DAYS = "-days 365";
|
||||
my $CADAYS = "-days 1095"; # 3 years
|
||||
my $REQ = "$openssl req $OPENSSL_CONFIG";
|
||||
my $CA = "$openssl ca $OPENSSL_CONFIG";
|
||||
my $VERIFY = "$openssl verify";
|
||||
my $X509 = "$openssl x509";
|
||||
my $PKCS12 = "$openssl pkcs12";
|
||||
|
||||
# default openssl.cnf file has setup as per the following
|
||||
my $CATOP = "./demoCA";
|
||||
my $CAKEY = "cakey.pem";
|
||||
my $CAREQ = "careq.pem";
|
||||
my $CACERT = "cacert.pem";
|
||||
my $CACRL = "crl.pem";
|
||||
my $DIRMODE = 0777;
|
||||
|
||||
my $NEWKEY = "newkey.pem";
|
||||
my $NEWREQ = "newreq.pem";
|
||||
my $NEWCERT = "newcert.pem";
|
||||
my $NEWP12 = "newcert.p12";
|
||||
my $RET = 0;
|
||||
my $WHAT = shift @ARGV || "";
|
||||
my @OPENSSL_CMDS = ("req", "ca", "pkcs12", "x509", "verify");
|
||||
my %EXTRA = extra_args(\@ARGV, "-extra-");
|
||||
my $FILE;
|
||||
|
||||
sub extra_args {
|
||||
my ($args_ref, $arg_prefix) = @_;
|
||||
my %eargs = map {
|
||||
if ($_ < $#$args_ref) {
|
||||
my ($arg, $value) = splice(@$args_ref, $_, 2);
|
||||
$arg =~ s/$arg_prefix//;
|
||||
($arg, $value);
|
||||
} else {
|
||||
();
|
||||
}
|
||||
} reverse grep($$args_ref[$_] =~ /$arg_prefix/, 0..$#$args_ref);
|
||||
my %empty = map { ($_, "") } @OPENSSL_CMDS;
|
||||
return (%empty, %eargs);
|
||||
}
|
||||
|
||||
# See if reason for a CRL entry is valid; exit if not.
|
||||
sub crl_reason_ok
|
||||
{
|
||||
my $r = shift;
|
||||
|
||||
if ($r eq 'unspecified' || $r eq 'keyCompromise'
|
||||
|| $r eq 'CACompromise' || $r eq 'affiliationChanged'
|
||||
|| $r eq 'superseded' || $r eq 'cessationOfOperation'
|
||||
|| $r eq 'certificateHold' || $r eq 'removeFromCRL') {
|
||||
return 1;
|
||||
}
|
||||
print STDERR "Invalid CRL reason; must be one of:\n";
|
||||
print STDERR " unspecified, keyCompromise, CACompromise,\n";
|
||||
print STDERR " affiliationChanged, superseded, cessationOfOperation\n";
|
||||
print STDERR " certificateHold, removeFromCRL";
|
||||
exit 1;
|
||||
}
|
||||
|
||||
# Copy a PEM-format file; return like exit status (zero means ok)
|
||||
sub copy_pemfile
|
||||
{
|
||||
my ($infile, $outfile, $bound) = @_;
|
||||
my $found = 0;
|
||||
|
||||
open IN, $infile || die "Cannot open $infile, $!";
|
||||
open OUT, ">$outfile" || die "Cannot write to $outfile, $!";
|
||||
while (<IN>) {
|
||||
$found = 1 if /^-----BEGIN.*$bound/;
|
||||
print OUT $_ if $found;
|
||||
$found = 2, last if /^-----END.*$bound/;
|
||||
}
|
||||
close IN;
|
||||
close OUT;
|
||||
return $found == 2 ? 0 : 1;
|
||||
}
|
||||
|
||||
# Wrapper around system; useful for debugging. Returns just the exit status
|
||||
sub run
|
||||
{
|
||||
my $cmd = shift;
|
||||
print "====\n$cmd\n" if $verbose;
|
||||
my $status = system($cmd);
|
||||
print "==> $status\n====\n" if $verbose;
|
||||
return $status >> 8;
|
||||
}
|
||||
|
||||
|
||||
if ( $WHAT =~ /^(-\?|-h|-help)$/ ) {
|
||||
print STDERR "usage: CA.pl -newcert | -newreq | -newreq-nodes | -xsign | -sign | -signCA | -signcert | -crl | -newca [-extra-cmd extra-params]\n";
|
||||
print STDERR " CA.pl -pkcs12 [-extra-pkcs12 extra-params] [certname]\n";
|
||||
print STDERR " CA.pl -verify [-extra-verify extra-params] certfile ...\n";
|
||||
print STDERR " CA.pl -revoke [-extra-ca extra-params] certfile [reason]\n";
|
||||
exit 0;
|
||||
}
|
||||
if ($WHAT eq '-newcert' ) {
|
||||
# create a certificate
|
||||
$RET = run("$REQ -new -x509 -keyout $NEWKEY -out $NEWCERT $DAYS $EXTRA{req}");
|
||||
print "Cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0;
|
||||
} elsif ($WHAT eq '-precert' ) {
|
||||
# create a pre-certificate
|
||||
$RET = run("$REQ -x509 -precert -keyout $NEWKEY -out $NEWCERT $DAYS");
|
||||
print "Pre-cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0;
|
||||
} elsif ($WHAT =~ /^\-newreq(\-nodes)?$/ ) {
|
||||
# create a certificate request
|
||||
$RET = run("$REQ -new $1 -keyout $NEWKEY -out $NEWREQ $DAYS $EXTRA{req}");
|
||||
print "Request is in $NEWREQ, private key is in $NEWKEY\n" if $RET == 0;
|
||||
} elsif ($WHAT eq '-newca' ) {
|
||||
# create the directory hierarchy
|
||||
mkdir ${CATOP}, $DIRMODE;
|
||||
mkdir "${CATOP}/certs", $DIRMODE;
|
||||
mkdir "${CATOP}/crl", $DIRMODE ;
|
||||
mkdir "${CATOP}/newcerts", $DIRMODE;
|
||||
mkdir "${CATOP}/private", $DIRMODE;
|
||||
open OUT, ">${CATOP}/index.txt";
|
||||
close OUT;
|
||||
open OUT, ">${CATOP}/crlnumber";
|
||||
print OUT "01\n";
|
||||
close OUT;
|
||||
# ask user for existing CA certificate
|
||||
print "CA certificate filename (or enter to create)\n";
|
||||
$FILE = "" unless defined($FILE = <STDIN>);
|
||||
$FILE =~ s{\R$}{};
|
||||
if ($FILE ne "") {
|
||||
copy_pemfile($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
|
||||
copy_pemfile($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
|
||||
} else {
|
||||
print "Making CA certificate ...\n";
|
||||
$RET = run("$REQ -new -keyout"
|
||||
. " ${CATOP}/private/$CAKEY"
|
||||
. " -out ${CATOP}/$CAREQ $EXTRA{req}");
|
||||
$RET = run("$CA -create_serial"
|
||||
. " -out ${CATOP}/$CACERT $CADAYS -batch"
|
||||
. " -keyfile ${CATOP}/private/$CAKEY -selfsign"
|
||||
. " -extensions v3_ca $EXTRA{ca}"
|
||||
. " -infiles ${CATOP}/$CAREQ") if $RET == 0;
|
||||
print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0;
|
||||
}
|
||||
} elsif ($WHAT eq '-pkcs12' ) {
|
||||
my $cname = $ARGV[0];
|
||||
$cname = "My Certificate" unless defined $cname;
|
||||
$RET = run("$PKCS12 -in $NEWCERT -inkey $NEWKEY"
|
||||
. " -certfile ${CATOP}/$CACERT"
|
||||
. " -out $NEWP12"
|
||||
. " -export -name \"$cname\" $EXTRA{pkcs12}");
|
||||
print "PKCS #12 file is in $NEWP12\n" if $RET == 0;
|
||||
} elsif ($WHAT eq '-xsign' ) {
|
||||
$RET = run("$CA -policy policy_anything $EXTRA{ca} -infiles $NEWREQ");
|
||||
} elsif ($WHAT eq '-sign' ) {
|
||||
$RET = run("$CA -policy policy_anything -out $NEWCERT $EXTRA{ca} -infiles $NEWREQ");
|
||||
print "Signed certificate is in $NEWCERT\n" if $RET == 0;
|
||||
} elsif ($WHAT eq '-signCA' ) {
|
||||
$RET = run("$CA -policy policy_anything -out $NEWCERT"
|
||||
. " -extensions v3_ca $EXTRA{ca} -infiles $NEWREQ");
|
||||
print "Signed CA certificate is in $NEWCERT\n" if $RET == 0;
|
||||
} elsif ($WHAT eq '-signcert' ) {
|
||||
$RET = run("$X509 -x509toreq -in $NEWREQ -signkey $NEWREQ"
|
||||
. " -out tmp.pem $EXTRA{x509}");
|
||||
$RET = run("$CA -policy policy_anything -out $NEWCERT"
|
||||
. "$EXTRA{ca} -infiles tmp.pem") if $RET == 0;
|
||||
print "Signed certificate is in $NEWCERT\n" if $RET == 0;
|
||||
} elsif ($WHAT eq '-verify' ) {
|
||||
my @files = @ARGV ? @ARGV : ( $NEWCERT );
|
||||
my $file;
|
||||
foreach $file (@files) {
|
||||
my $status = run("$VERIFY \"-CAfile\" ${CATOP}/$CACERT $file $EXTRA{verify}");
|
||||
$RET = $status if $status != 0;
|
||||
}
|
||||
} elsif ($WHAT eq '-crl' ) {
|
||||
$RET = run("$CA -gencrl -out ${CATOP}/crl/$CACRL $EXTRA{ca}");
|
||||
print "Generated CRL is in ${CATOP}/crl/$CACRL\n" if $RET == 0;
|
||||
} elsif ($WHAT eq '-revoke' ) {
|
||||
my $cname = $ARGV[0];
|
||||
if (!defined $cname) {
|
||||
print "Certificate filename is required; reason optional.\n";
|
||||
exit 1;
|
||||
}
|
||||
my $reason = $ARGV[1];
|
||||
$reason = " -crl_reason $reason"
|
||||
if defined $reason && crl_reason_ok($reason);
|
||||
$RET = run("$CA -revoke \"$cname\"" . $reason . $EXTRA{ca});
|
||||
} else {
|
||||
print STDERR "Unknown arg \"$WHAT\"\n";
|
||||
print STDERR "Use -help for help.\n";
|
||||
exit 1;
|
||||
}
|
||||
|
||||
exit $RET;
|
93
trunk/3rdparty/openssl-1.1-fit/apps/app_rand.c
vendored
Normal file
93
trunk/3rdparty/openssl-1.1-fit/apps/app_rand.c
vendored
Normal file
|
@ -0,0 +1,93 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include "apps.h"
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/rand.h>
|
||||
#include <openssl/conf.h>
|
||||
|
||||
static char *save_rand_file;
|
||||
|
||||
void app_RAND_load_conf(CONF *c, const char *section)
|
||||
{
|
||||
const char *randfile = NCONF_get_string(c, section, "RANDFILE");
|
||||
|
||||
if (randfile == NULL) {
|
||||
ERR_clear_error();
|
||||
return;
|
||||
}
|
||||
if (RAND_load_file(randfile, -1) < 0) {
|
||||
BIO_printf(bio_err, "Can't load %s into RNG\n", randfile);
|
||||
ERR_print_errors(bio_err);
|
||||
}
|
||||
if (save_rand_file == NULL)
|
||||
save_rand_file = OPENSSL_strdup(randfile);
|
||||
}
|
||||
|
||||
static int loadfiles(char *name)
|
||||
{
|
||||
char *p;
|
||||
int last, ret = 1;
|
||||
|
||||
for ( ; ; ) {
|
||||
last = 0;
|
||||
for (p = name; *p != '\0' && *p != LIST_SEPARATOR_CHAR; p++)
|
||||
continue;
|
||||
if (*p == '\0')
|
||||
last = 1;
|
||||
*p = '\0';
|
||||
if (RAND_load_file(name, -1) < 0) {
|
||||
BIO_printf(bio_err, "Can't load %s into RNG\n", name);
|
||||
ERR_print_errors(bio_err);
|
||||
ret = 0;
|
||||
}
|
||||
if (last)
|
||||
break;
|
||||
name = p + 1;
|
||||
if (*name == '\0')
|
||||
break;
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
void app_RAND_write(void)
|
||||
{
|
||||
if (save_rand_file == NULL)
|
||||
return;
|
||||
if (RAND_write_file(save_rand_file) == -1) {
|
||||
BIO_printf(bio_err, "Cannot write random bytes:\n");
|
||||
ERR_print_errors(bio_err);
|
||||
}
|
||||
OPENSSL_free(save_rand_file);
|
||||
save_rand_file = NULL;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* See comments in opt_verify for explanation of this.
|
||||
*/
|
||||
enum r_range { OPT_R_ENUM };
|
||||
|
||||
int opt_rand(int opt)
|
||||
{
|
||||
switch ((enum r_range)opt) {
|
||||
case OPT_R__FIRST:
|
||||
case OPT_R__LAST:
|
||||
break;
|
||||
case OPT_R_RAND:
|
||||
return loadfiles(opt_arg());
|
||||
break;
|
||||
case OPT_R_WRITERAND:
|
||||
OPENSSL_free(save_rand_file);
|
||||
save_rand_file = OPENSSL_strdup(opt_arg());
|
||||
break;
|
||||
}
|
||||
return 1;
|
||||
}
|
2752
trunk/3rdparty/openssl-1.1-fit/apps/apps.c
vendored
Normal file
2752
trunk/3rdparty/openssl-1.1-fit/apps/apps.c
vendored
Normal file
File diff suppressed because it is too large
Load diff
634
trunk/3rdparty/openssl-1.1-fit/apps/apps.h
vendored
Normal file
634
trunk/3rdparty/openssl-1.1-fit/apps/apps.h
vendored
Normal file
|
@ -0,0 +1,634 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#ifndef HEADER_APPS_H
|
||||
# define HEADER_APPS_H
|
||||
|
||||
# include "e_os.h" /* struct timeval for DTLS */
|
||||
# include "internal/nelem.h"
|
||||
# include <assert.h>
|
||||
|
||||
# include <sys/types.h>
|
||||
# ifndef OPENSSL_NO_POSIX_IO
|
||||
# include <sys/stat.h>
|
||||
# include <fcntl.h>
|
||||
# endif
|
||||
|
||||
# include <openssl/e_os2.h>
|
||||
# include <openssl/ossl_typ.h>
|
||||
# include <openssl/bio.h>
|
||||
# include <openssl/x509.h>
|
||||
# include <openssl/conf.h>
|
||||
# include <openssl/txt_db.h>
|
||||
# include <openssl/engine.h>
|
||||
# include <openssl/ocsp.h>
|
||||
# include <signal.h>
|
||||
|
||||
# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINCE)
|
||||
# define openssl_fdset(a,b) FD_SET((unsigned int)a, b)
|
||||
# else
|
||||
# define openssl_fdset(a,b) FD_SET(a, b)
|
||||
# endif
|
||||
|
||||
/*
|
||||
* quick macro when you need to pass an unsigned char instead of a char.
|
||||
* this is true for some implementations of the is*() functions, for
|
||||
* example.
|
||||
*/
|
||||
#define _UC(c) ((unsigned char)(c))
|
||||
|
||||
void app_RAND_load_conf(CONF *c, const char *section);
|
||||
void app_RAND_write(void);
|
||||
|
||||
extern char *default_config_file;
|
||||
extern BIO *bio_in;
|
||||
extern BIO *bio_out;
|
||||
extern BIO *bio_err;
|
||||
extern const unsigned char tls13_aes128gcmsha256_id[];
|
||||
extern const unsigned char tls13_aes256gcmsha384_id[];
|
||||
extern BIO_ADDR *ourpeer;
|
||||
|
||||
BIO_METHOD *apps_bf_prefix(void);
|
||||
/*
|
||||
* The control used to set the prefix with BIO_ctrl()
|
||||
* We make it high enough so the chance of ever clashing with the BIO library
|
||||
* remains unlikely for the foreseeable future and beyond.
|
||||
*/
|
||||
#define PREFIX_CTRL_SET_PREFIX (1 << 15)
|
||||
/*
|
||||
* apps_bf_prefix() returns a dynamically created BIO_METHOD, which we
|
||||
* need to destroy at some point. When created internally, it's stored
|
||||
* in an internal pointer which can be freed with the following function
|
||||
*/
|
||||
void destroy_prefix_method(void);
|
||||
|
||||
BIO *dup_bio_in(int format);
|
||||
BIO *dup_bio_out(int format);
|
||||
BIO *dup_bio_err(int format);
|
||||
BIO *bio_open_owner(const char *filename, int format, int private);
|
||||
BIO *bio_open_default(const char *filename, char mode, int format);
|
||||
BIO *bio_open_default_quiet(const char *filename, char mode, int format);
|
||||
CONF *app_load_config_bio(BIO *in, const char *filename);
|
||||
CONF *app_load_config(const char *filename);
|
||||
CONF *app_load_config_quiet(const char *filename);
|
||||
int app_load_modules(const CONF *config);
|
||||
void unbuffer(FILE *fp);
|
||||
void wait_for_async(SSL *s);
|
||||
# if defined(OPENSSL_SYS_MSDOS)
|
||||
int has_stdin_waiting(void);
|
||||
# endif
|
||||
|
||||
void corrupt_signature(const ASN1_STRING *signature);
|
||||
int set_cert_times(X509 *x, const char *startdate, const char *enddate,
|
||||
int days);
|
||||
|
||||
/*
|
||||
* Common verification options.
|
||||
*/
|
||||
# define OPT_V_ENUM \
|
||||
OPT_V__FIRST=2000, \
|
||||
OPT_V_POLICY, OPT_V_PURPOSE, OPT_V_VERIFY_NAME, OPT_V_VERIFY_DEPTH, \
|
||||
OPT_V_ATTIME, OPT_V_VERIFY_HOSTNAME, OPT_V_VERIFY_EMAIL, \
|
||||
OPT_V_VERIFY_IP, OPT_V_IGNORE_CRITICAL, OPT_V_ISSUER_CHECKS, \
|
||||
OPT_V_CRL_CHECK, OPT_V_CRL_CHECK_ALL, OPT_V_POLICY_CHECK, \
|
||||
OPT_V_EXPLICIT_POLICY, OPT_V_INHIBIT_ANY, OPT_V_INHIBIT_MAP, \
|
||||
OPT_V_X509_STRICT, OPT_V_EXTENDED_CRL, OPT_V_USE_DELTAS, \
|
||||
OPT_V_POLICY_PRINT, OPT_V_CHECK_SS_SIG, OPT_V_TRUSTED_FIRST, \
|
||||
OPT_V_SUITEB_128_ONLY, OPT_V_SUITEB_128, OPT_V_SUITEB_192, \
|
||||
OPT_V_PARTIAL_CHAIN, OPT_V_NO_ALT_CHAINS, OPT_V_NO_CHECK_TIME, \
|
||||
OPT_V_VERIFY_AUTH_LEVEL, OPT_V_ALLOW_PROXY_CERTS, \
|
||||
OPT_V__LAST
|
||||
|
||||
# define OPT_V_OPTIONS \
|
||||
{ "policy", OPT_V_POLICY, 's', "adds policy to the acceptable policy set"}, \
|
||||
{ "purpose", OPT_V_PURPOSE, 's', \
|
||||
"certificate chain purpose"}, \
|
||||
{ "verify_name", OPT_V_VERIFY_NAME, 's', "verification policy name"}, \
|
||||
{ "verify_depth", OPT_V_VERIFY_DEPTH, 'n', \
|
||||
"chain depth limit" }, \
|
||||
{ "auth_level", OPT_V_VERIFY_AUTH_LEVEL, 'n', \
|
||||
"chain authentication security level" }, \
|
||||
{ "attime", OPT_V_ATTIME, 'M', "verification epoch time" }, \
|
||||
{ "verify_hostname", OPT_V_VERIFY_HOSTNAME, 's', \
|
||||
"expected peer hostname" }, \
|
||||
{ "verify_email", OPT_V_VERIFY_EMAIL, 's', \
|
||||
"expected peer email" }, \
|
||||
{ "verify_ip", OPT_V_VERIFY_IP, 's', \
|
||||
"expected peer IP address" }, \
|
||||
{ "ignore_critical", OPT_V_IGNORE_CRITICAL, '-', \
|
||||
"permit unhandled critical extensions"}, \
|
||||
{ "issuer_checks", OPT_V_ISSUER_CHECKS, '-', "(deprecated)"}, \
|
||||
{ "crl_check", OPT_V_CRL_CHECK, '-', "check leaf certificate revocation" }, \
|
||||
{ "crl_check_all", OPT_V_CRL_CHECK_ALL, '-', "check full chain revocation" }, \
|
||||
{ "policy_check", OPT_V_POLICY_CHECK, '-', "perform rfc5280 policy checks"}, \
|
||||
{ "explicit_policy", OPT_V_EXPLICIT_POLICY, '-', \
|
||||
"set policy variable require-explicit-policy"}, \
|
||||
{ "inhibit_any", OPT_V_INHIBIT_ANY, '-', \
|
||||
"set policy variable inhibit-any-policy"}, \
|
||||
{ "inhibit_map", OPT_V_INHIBIT_MAP, '-', \
|
||||
"set policy variable inhibit-policy-mapping"}, \
|
||||
{ "x509_strict", OPT_V_X509_STRICT, '-', \
|
||||
"disable certificate compatibility work-arounds"}, \
|
||||
{ "extended_crl", OPT_V_EXTENDED_CRL, '-', \
|
||||
"enable extended CRL features"}, \
|
||||
{ "use_deltas", OPT_V_USE_DELTAS, '-', \
|
||||
"use delta CRLs"}, \
|
||||
{ "policy_print", OPT_V_POLICY_PRINT, '-', \
|
||||
"print policy processing diagnostics"}, \
|
||||
{ "check_ss_sig", OPT_V_CHECK_SS_SIG, '-', \
|
||||
"check root CA self-signatures"}, \
|
||||
{ "trusted_first", OPT_V_TRUSTED_FIRST, '-', \
|
||||
"search trust store first (default)" }, \
|
||||
{ "suiteB_128_only", OPT_V_SUITEB_128_ONLY, '-', "Suite B 128-bit-only mode"}, \
|
||||
{ "suiteB_128", OPT_V_SUITEB_128, '-', \
|
||||
"Suite B 128-bit mode allowing 192-bit algorithms"}, \
|
||||
{ "suiteB_192", OPT_V_SUITEB_192, '-', "Suite B 192-bit-only mode" }, \
|
||||
{ "partial_chain", OPT_V_PARTIAL_CHAIN, '-', \
|
||||
"accept chains anchored by intermediate trust-store CAs"}, \
|
||||
{ "no_alt_chains", OPT_V_NO_ALT_CHAINS, '-', "(deprecated)" }, \
|
||||
{ "no_check_time", OPT_V_NO_CHECK_TIME, '-', "ignore certificate validity time" }, \
|
||||
{ "allow_proxy_certs", OPT_V_ALLOW_PROXY_CERTS, '-', "allow the use of proxy certificates" }
|
||||
|
||||
# define OPT_V_CASES \
|
||||
OPT_V__FIRST: case OPT_V__LAST: break; \
|
||||
case OPT_V_POLICY: \
|
||||
case OPT_V_PURPOSE: \
|
||||
case OPT_V_VERIFY_NAME: \
|
||||
case OPT_V_VERIFY_DEPTH: \
|
||||
case OPT_V_VERIFY_AUTH_LEVEL: \
|
||||
case OPT_V_ATTIME: \
|
||||
case OPT_V_VERIFY_HOSTNAME: \
|
||||
case OPT_V_VERIFY_EMAIL: \
|
||||
case OPT_V_VERIFY_IP: \
|
||||
case OPT_V_IGNORE_CRITICAL: \
|
||||
case OPT_V_ISSUER_CHECKS: \
|
||||
case OPT_V_CRL_CHECK: \
|
||||
case OPT_V_CRL_CHECK_ALL: \
|
||||
case OPT_V_POLICY_CHECK: \
|
||||
case OPT_V_EXPLICIT_POLICY: \
|
||||
case OPT_V_INHIBIT_ANY: \
|
||||
case OPT_V_INHIBIT_MAP: \
|
||||
case OPT_V_X509_STRICT: \
|
||||
case OPT_V_EXTENDED_CRL: \
|
||||
case OPT_V_USE_DELTAS: \
|
||||
case OPT_V_POLICY_PRINT: \
|
||||
case OPT_V_CHECK_SS_SIG: \
|
||||
case OPT_V_TRUSTED_FIRST: \
|
||||
case OPT_V_SUITEB_128_ONLY: \
|
||||
case OPT_V_SUITEB_128: \
|
||||
case OPT_V_SUITEB_192: \
|
||||
case OPT_V_PARTIAL_CHAIN: \
|
||||
case OPT_V_NO_ALT_CHAINS: \
|
||||
case OPT_V_NO_CHECK_TIME: \
|
||||
case OPT_V_ALLOW_PROXY_CERTS
|
||||
|
||||
/*
|
||||
* Common "extended validation" options.
|
||||
*/
|
||||
# define OPT_X_ENUM \
|
||||
OPT_X__FIRST=1000, \
|
||||
OPT_X_KEY, OPT_X_CERT, OPT_X_CHAIN, OPT_X_CHAIN_BUILD, \
|
||||
OPT_X_CERTFORM, OPT_X_KEYFORM, \
|
||||
OPT_X__LAST
|
||||
|
||||
# define OPT_X_OPTIONS \
|
||||
{ "xkey", OPT_X_KEY, '<', "key for Extended certificates"}, \
|
||||
{ "xcert", OPT_X_CERT, '<', "cert for Extended certificates"}, \
|
||||
{ "xchain", OPT_X_CHAIN, '<', "chain for Extended certificates"}, \
|
||||
{ "xchain_build", OPT_X_CHAIN_BUILD, '-', \
|
||||
"build certificate chain for the extended certificates"}, \
|
||||
{ "xcertform", OPT_X_CERTFORM, 'F', \
|
||||
"format of Extended certificate (PEM or DER) PEM default " }, \
|
||||
{ "xkeyform", OPT_X_KEYFORM, 'F', \
|
||||
"format of Extended certificate's key (PEM or DER) PEM default"}
|
||||
|
||||
# define OPT_X_CASES \
|
||||
OPT_X__FIRST: case OPT_X__LAST: break; \
|
||||
case OPT_X_KEY: \
|
||||
case OPT_X_CERT: \
|
||||
case OPT_X_CHAIN: \
|
||||
case OPT_X_CHAIN_BUILD: \
|
||||
case OPT_X_CERTFORM: \
|
||||
case OPT_X_KEYFORM
|
||||
|
||||
/*
|
||||
* Common SSL options.
|
||||
* Any changes here must be coordinated with ../ssl/ssl_conf.c
|
||||
*/
|
||||
# define OPT_S_ENUM \
|
||||
OPT_S__FIRST=3000, \
|
||||
OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \
|
||||
OPT_S_NOTLS1_3, OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET, \
|
||||
OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \
|
||||
OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_ALLOW_NO_DHE_KEX, \
|
||||
OPT_S_PRIORITIZE_CHACHA, \
|
||||
OPT_S_STRICT, OPT_S_SIGALGS, OPT_S_CLIENTSIGALGS, OPT_S_GROUPS, \
|
||||
OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, OPT_S_CIPHERSUITES, \
|
||||
OPT_S_RECORD_PADDING, OPT_S_DEBUGBROKE, OPT_S_COMP, \
|
||||
OPT_S_MINPROTO, OPT_S_MAXPROTO, \
|
||||
OPT_S_NO_RENEGOTIATION, OPT_S_NO_MIDDLEBOX, OPT_S__LAST
|
||||
|
||||
# define OPT_S_OPTIONS \
|
||||
{"no_ssl3", OPT_S_NOSSL3, '-',"Just disable SSLv3" }, \
|
||||
{"no_tls1", OPT_S_NOTLS1, '-', "Just disable TLSv1"}, \
|
||||
{"no_tls1_1", OPT_S_NOTLS1_1, '-', "Just disable TLSv1.1" }, \
|
||||
{"no_tls1_2", OPT_S_NOTLS1_2, '-', "Just disable TLSv1.2"}, \
|
||||
{"no_tls1_3", OPT_S_NOTLS1_3, '-', "Just disable TLSv1.3"}, \
|
||||
{"bugs", OPT_S_BUGS, '-', "Turn on SSL bug compatibility"}, \
|
||||
{"no_comp", OPT_S_NO_COMP, '-', "Disable SSL/TLS compression (default)" }, \
|
||||
{"comp", OPT_S_COMP, '-', "Use SSL/TLS-level compression" }, \
|
||||
{"no_ticket", OPT_S_NOTICKET, '-', \
|
||||
"Disable use of TLS session tickets"}, \
|
||||
{"serverpref", OPT_S_SERVERPREF, '-', "Use server's cipher preferences"}, \
|
||||
{"legacy_renegotiation", OPT_S_LEGACYRENEG, '-', \
|
||||
"Enable use of legacy renegotiation (dangerous)"}, \
|
||||
{"no_renegotiation", OPT_S_NO_RENEGOTIATION, '-', \
|
||||
"Disable all renegotiation."}, \
|
||||
{"legacy_server_connect", OPT_S_LEGACYCONN, '-', \
|
||||
"Allow initial connection to servers that don't support RI"}, \
|
||||
{"no_resumption_on_reneg", OPT_S_ONRESUMP, '-', \
|
||||
"Disallow session resumption on renegotiation"}, \
|
||||
{"no_legacy_server_connect", OPT_S_NOLEGACYCONN, '-', \
|
||||
"Disallow initial connection to servers that don't support RI"}, \
|
||||
{"allow_no_dhe_kex", OPT_S_ALLOW_NO_DHE_KEX, '-', \
|
||||
"In TLSv1.3 allow non-(ec)dhe based key exchange on resumption"}, \
|
||||
{"prioritize_chacha", OPT_S_PRIORITIZE_CHACHA, '-', \
|
||||
"Prioritize ChaCha ciphers when preferred by clients"}, \
|
||||
{"strict", OPT_S_STRICT, '-', \
|
||||
"Enforce strict certificate checks as per TLS standard"}, \
|
||||
{"sigalgs", OPT_S_SIGALGS, 's', \
|
||||
"Signature algorithms to support (colon-separated list)" }, \
|
||||
{"client_sigalgs", OPT_S_CLIENTSIGALGS, 's', \
|
||||
"Signature algorithms to support for client certificate" \
|
||||
" authentication (colon-separated list)" }, \
|
||||
{"groups", OPT_S_GROUPS, 's', \
|
||||
"Groups to advertise (colon-separated list)" }, \
|
||||
{"curves", OPT_S_CURVES, 's', \
|
||||
"Groups to advertise (colon-separated list)" }, \
|
||||
{"named_curve", OPT_S_NAMEDCURVE, 's', \
|
||||
"Elliptic curve used for ECDHE (server-side only)" }, \
|
||||
{"cipher", OPT_S_CIPHER, 's', "Specify TLSv1.2 and below cipher list to be used"}, \
|
||||
{"ciphersuites", OPT_S_CIPHERSUITES, 's', "Specify TLSv1.3 ciphersuites to be used"}, \
|
||||
{"min_protocol", OPT_S_MINPROTO, 's', "Specify the minimum protocol version to be used"}, \
|
||||
{"max_protocol", OPT_S_MAXPROTO, 's', "Specify the maximum protocol version to be used"}, \
|
||||
{"record_padding", OPT_S_RECORD_PADDING, 's', \
|
||||
"Block size to pad TLS 1.3 records to."}, \
|
||||
{"debug_broken_protocol", OPT_S_DEBUGBROKE, '-', \
|
||||
"Perform all sorts of protocol violations for testing purposes"}, \
|
||||
{"no_middlebox", OPT_S_NO_MIDDLEBOX, '-', \
|
||||
"Disable TLSv1.3 middlebox compat mode" }
|
||||
|
||||
# define OPT_S_CASES \
|
||||
OPT_S__FIRST: case OPT_S__LAST: break; \
|
||||
case OPT_S_NOSSL3: \
|
||||
case OPT_S_NOTLS1: \
|
||||
case OPT_S_NOTLS1_1: \
|
||||
case OPT_S_NOTLS1_2: \
|
||||
case OPT_S_NOTLS1_3: \
|
||||
case OPT_S_BUGS: \
|
||||
case OPT_S_NO_COMP: \
|
||||
case OPT_S_COMP: \
|
||||
case OPT_S_NOTICKET: \
|
||||
case OPT_S_SERVERPREF: \
|
||||
case OPT_S_LEGACYRENEG: \
|
||||
case OPT_S_LEGACYCONN: \
|
||||
case OPT_S_ONRESUMP: \
|
||||
case OPT_S_NOLEGACYCONN: \
|
||||
case OPT_S_ALLOW_NO_DHE_KEX: \
|
||||
case OPT_S_PRIORITIZE_CHACHA: \
|
||||
case OPT_S_STRICT: \
|
||||
case OPT_S_SIGALGS: \
|
||||
case OPT_S_CLIENTSIGALGS: \
|
||||
case OPT_S_GROUPS: \
|
||||
case OPT_S_CURVES: \
|
||||
case OPT_S_NAMEDCURVE: \
|
||||
case OPT_S_CIPHER: \
|
||||
case OPT_S_CIPHERSUITES: \
|
||||
case OPT_S_RECORD_PADDING: \
|
||||
case OPT_S_NO_RENEGOTIATION: \
|
||||
case OPT_S_MINPROTO: \
|
||||
case OPT_S_MAXPROTO: \
|
||||
case OPT_S_DEBUGBROKE: \
|
||||
case OPT_S_NO_MIDDLEBOX
|
||||
|
||||
#define IS_NO_PROT_FLAG(o) \
|
||||
(o == OPT_S_NOSSL3 || o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \
|
||||
|| o == OPT_S_NOTLS1_2 || o == OPT_S_NOTLS1_3)
|
||||
|
||||
/*
|
||||
* Random state options.
|
||||
*/
|
||||
# define OPT_R_ENUM \
|
||||
OPT_R__FIRST=1500, OPT_R_RAND, OPT_R_WRITERAND, OPT_R__LAST
|
||||
|
||||
# define OPT_R_OPTIONS \
|
||||
{"rand", OPT_R_RAND, 's', "Load the file(s) into the random number generator"}, \
|
||||
{"writerand", OPT_R_WRITERAND, '>', "Write random data to the specified file"}
|
||||
|
||||
# define OPT_R_CASES \
|
||||
OPT_R__FIRST: case OPT_R__LAST: break; \
|
||||
case OPT_R_RAND: case OPT_R_WRITERAND
|
||||
|
||||
/*
|
||||
* Option parsing.
|
||||
*/
|
||||
extern const char OPT_HELP_STR[];
|
||||
extern const char OPT_MORE_STR[];
|
||||
typedef struct options_st {
|
||||
const char *name;
|
||||
int retval;
|
||||
/*
|
||||
* value type: - no value (also the value zero), n number, p positive
|
||||
* number, u unsigned, l long, s string, < input file, > output file,
|
||||
* f any format, F der/pem format, E der/pem/engine format identifier.
|
||||
* l, n and u include zero; p does not.
|
||||
*/
|
||||
int valtype;
|
||||
const char *helpstr;
|
||||
} OPTIONS;
|
||||
|
||||
/*
|
||||
* A string/int pairing; widely use for option value lookup, hence the
|
||||
* name OPT_PAIR. But that name is misleading in s_cb.c, so we also use
|
||||
* the "generic" name STRINT_PAIR.
|
||||
*/
|
||||
typedef struct string_int_pair_st {
|
||||
const char *name;
|
||||
int retval;
|
||||
} OPT_PAIR, STRINT_PAIR;
|
||||
|
||||
/* Flags to pass into opt_format; see FORMAT_xxx, below. */
|
||||
# define OPT_FMT_PEMDER (1L << 1)
|
||||
# define OPT_FMT_PKCS12 (1L << 2)
|
||||
# define OPT_FMT_SMIME (1L << 3)
|
||||
# define OPT_FMT_ENGINE (1L << 4)
|
||||
# define OPT_FMT_MSBLOB (1L << 5)
|
||||
/* (1L << 6) was OPT_FMT_NETSCAPE, but wasn't used */
|
||||
# define OPT_FMT_NSS (1L << 7)
|
||||
# define OPT_FMT_TEXT (1L << 8)
|
||||
# define OPT_FMT_HTTP (1L << 9)
|
||||
# define OPT_FMT_PVK (1L << 10)
|
||||
# define OPT_FMT_PDE (OPT_FMT_PEMDER | OPT_FMT_ENGINE)
|
||||
# define OPT_FMT_PDS (OPT_FMT_PEMDER | OPT_FMT_SMIME)
|
||||
# define OPT_FMT_ANY ( \
|
||||
OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \
|
||||
OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NSS | \
|
||||
OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK)
|
||||
|
||||
char *opt_progname(const char *argv0);
|
||||
char *opt_getprog(void);
|
||||
char *opt_init(int ac, char **av, const OPTIONS * o);
|
||||
int opt_next(void);
|
||||
int opt_format(const char *s, unsigned long flags, int *result);
|
||||
int opt_int(const char *arg, int *result);
|
||||
int opt_ulong(const char *arg, unsigned long *result);
|
||||
int opt_long(const char *arg, long *result);
|
||||
#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \
|
||||
defined(INTMAX_MAX) && defined(UINTMAX_MAX)
|
||||
int opt_imax(const char *arg, intmax_t *result);
|
||||
int opt_umax(const char *arg, uintmax_t *result);
|
||||
#else
|
||||
# define opt_imax opt_long
|
||||
# define opt_umax opt_ulong
|
||||
# define intmax_t long
|
||||
# define uintmax_t unsigned long
|
||||
#endif
|
||||
int opt_pair(const char *arg, const OPT_PAIR * pairs, int *result);
|
||||
int opt_cipher(const char *name, const EVP_CIPHER **cipherp);
|
||||
int opt_md(const char *name, const EVP_MD **mdp);
|
||||
char *opt_arg(void);
|
||||
char *opt_flag(void);
|
||||
char *opt_unknown(void);
|
||||
char **opt_rest(void);
|
||||
int opt_num_rest(void);
|
||||
int opt_verify(int i, X509_VERIFY_PARAM *vpm);
|
||||
int opt_rand(int i);
|
||||
void opt_help(const OPTIONS * list);
|
||||
int opt_format_error(const char *s, unsigned long flags);
|
||||
|
||||
typedef struct args_st {
|
||||
int size;
|
||||
int argc;
|
||||
char **argv;
|
||||
} ARGS;
|
||||
|
||||
/*
|
||||
* VMS C only for now, implemented in vms_decc_init.c
|
||||
* If other C compilers forget to terminate argv with NULL, this function
|
||||
* can be re-used.
|
||||
*/
|
||||
char **copy_argv(int *argc, char *argv[]);
|
||||
/*
|
||||
* Win32-specific argv initialization that splits OS-supplied UNICODE
|
||||
* command line string to array of UTF8-encoded strings.
|
||||
*/
|
||||
void win32_utf8argv(int *argc, char **argv[]);
|
||||
|
||||
|
||||
# define PW_MIN_LENGTH 4
|
||||
typedef struct pw_cb_data {
|
||||
const void *password;
|
||||
const char *prompt_info;
|
||||
} PW_CB_DATA;
|
||||
|
||||
int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data);
|
||||
|
||||
int setup_ui_method(void);
|
||||
void destroy_ui_method(void);
|
||||
const UI_METHOD *get_ui_method(void);
|
||||
|
||||
int chopup_args(ARGS *arg, char *buf);
|
||||
# ifdef HEADER_X509_H
|
||||
int dump_cert_text(BIO *out, X509 *x);
|
||||
void print_name(BIO *out, const char *title, X509_NAME *nm,
|
||||
unsigned long lflags);
|
||||
# endif
|
||||
void print_bignum_var(BIO *, const BIGNUM *, const char*,
|
||||
int, unsigned char *);
|
||||
void print_array(BIO *, const char *, int, const unsigned char *);
|
||||
int set_nameopt(const char *arg);
|
||||
unsigned long get_nameopt(void);
|
||||
int set_cert_ex(unsigned long *flags, const char *arg);
|
||||
int set_name_ex(unsigned long *flags, const char *arg);
|
||||
int set_ext_copy(int *copy_type, const char *arg);
|
||||
int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
|
||||
int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2);
|
||||
int add_oid_section(CONF *conf);
|
||||
X509 *load_cert(const char *file, int format, const char *cert_descrip);
|
||||
X509_CRL *load_crl(const char *infile, int format);
|
||||
EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
|
||||
const char *pass, ENGINE *e, const char *key_descrip);
|
||||
EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
|
||||
const char *pass, ENGINE *e, const char *key_descrip);
|
||||
int load_certs(const char *file, STACK_OF(X509) **certs, int format,
|
||||
const char *pass, const char *cert_descrip);
|
||||
int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format,
|
||||
const char *pass, const char *cert_descrip);
|
||||
X509_STORE *setup_verify(const char *CAfile, const char *CApath,
|
||||
int noCAfile, int noCApath);
|
||||
__owur int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile,
|
||||
const char *CApath, int noCAfile,
|
||||
int noCApath);
|
||||
|
||||
#ifndef OPENSSL_NO_CT
|
||||
|
||||
/*
|
||||
* Sets the file to load the Certificate Transparency log list from.
|
||||
* If path is NULL, loads from the default file path.
|
||||
* Returns 1 on success, 0 otherwise.
|
||||
*/
|
||||
__owur int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path);
|
||||
|
||||
#endif
|
||||
|
||||
ENGINE *setup_engine(const char *engine, int debug);
|
||||
void release_engine(ENGINE *e);
|
||||
|
||||
# ifndef OPENSSL_NO_OCSP
|
||||
OCSP_RESPONSE *process_responder(OCSP_REQUEST *req,
|
||||
const char *host, const char *path,
|
||||
const char *port, int use_ssl,
|
||||
STACK_OF(CONF_VALUE) *headers,
|
||||
int req_timeout);
|
||||
# endif
|
||||
|
||||
/* Functions defined in ca.c and also used in ocsp.c */
|
||||
int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
|
||||
ASN1_GENERALIZEDTIME **pinvtm, const char *str);
|
||||
|
||||
# define DB_type 0
|
||||
# define DB_exp_date 1
|
||||
# define DB_rev_date 2
|
||||
# define DB_serial 3 /* index - unique */
|
||||
# define DB_file 4
|
||||
# define DB_name 5 /* index - unique when active and not
|
||||
* disabled */
|
||||
# define DB_NUMBER 6
|
||||
|
||||
# define DB_TYPE_REV 'R' /* Revoked */
|
||||
# define DB_TYPE_EXP 'E' /* Expired */
|
||||
# define DB_TYPE_VAL 'V' /* Valid ; inserted with: ca ... -valid */
|
||||
# define DB_TYPE_SUSP 'S' /* Suspended */
|
||||
|
||||
typedef struct db_attr_st {
|
||||
int unique_subject;
|
||||
} DB_ATTR;
|
||||
typedef struct ca_db_st {
|
||||
DB_ATTR attributes;
|
||||
TXT_DB *db;
|
||||
char *dbfname;
|
||||
# ifndef OPENSSL_NO_POSIX_IO
|
||||
struct stat dbst;
|
||||
# endif
|
||||
} CA_DB;
|
||||
|
||||
void* app_malloc(int sz, const char *what);
|
||||
BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai);
|
||||
int save_serial(const char *serialfile, const char *suffix, const BIGNUM *serial,
|
||||
ASN1_INTEGER **retai);
|
||||
int rotate_serial(const char *serialfile, const char *new_suffix,
|
||||
const char *old_suffix);
|
||||
int rand_serial(BIGNUM *b, ASN1_INTEGER *ai);
|
||||
CA_DB *load_index(const char *dbfile, DB_ATTR *dbattr);
|
||||
int index_index(CA_DB *db);
|
||||
int save_index(const char *dbfile, const char *suffix, CA_DB *db);
|
||||
int rotate_index(const char *dbfile, const char *new_suffix,
|
||||
const char *old_suffix);
|
||||
void free_index(CA_DB *db);
|
||||
# define index_name_cmp_noconst(a, b) \
|
||||
index_name_cmp((const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, a), \
|
||||
(const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, b))
|
||||
int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b);
|
||||
int parse_yesno(const char *str, int def);
|
||||
|
||||
X509_NAME *parse_name(const char *str, long chtype, int multirdn);
|
||||
void policies_print(X509_STORE_CTX *ctx);
|
||||
int bio_to_mem(unsigned char **out, int maxlen, BIO *in);
|
||||
int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value);
|
||||
int init_gen_str(EVP_PKEY_CTX **pctx,
|
||||
const char *algname, ENGINE *e, int do_param);
|
||||
int do_X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md,
|
||||
STACK_OF(OPENSSL_STRING) *sigopts);
|
||||
int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md,
|
||||
STACK_OF(OPENSSL_STRING) *sigopts);
|
||||
int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
|
||||
STACK_OF(OPENSSL_STRING) *sigopts);
|
||||
|
||||
extern char *psk_key;
|
||||
|
||||
|
||||
unsigned char *next_protos_parse(size_t *outlen, const char *in);
|
||||
|
||||
void print_cert_checks(BIO *bio, X509 *x,
|
||||
const char *checkhost,
|
||||
const char *checkemail, const char *checkip);
|
||||
|
||||
void store_setup_crl_download(X509_STORE *st);
|
||||
|
||||
/* See OPT_FMT_xxx, above. */
|
||||
/* On some platforms, it's important to distinguish between text and binary
|
||||
* files. On some, there might even be specific file formats for different
|
||||
* contents. The FORMAT_xxx macros are meant to express an intent with the
|
||||
* file being read or created.
|
||||
*/
|
||||
# define B_FORMAT_TEXT 0x8000
|
||||
# define FORMAT_UNDEF 0
|
||||
# define FORMAT_TEXT (1 | B_FORMAT_TEXT) /* Generic text */
|
||||
# define FORMAT_BINARY 2 /* Generic binary */
|
||||
# define FORMAT_BASE64 (3 | B_FORMAT_TEXT) /* Base64 */
|
||||
# define FORMAT_ASN1 4 /* ASN.1/DER */
|
||||
# define FORMAT_PEM (5 | B_FORMAT_TEXT)
|
||||
# define FORMAT_PKCS12 6
|
||||
# define FORMAT_SMIME (7 | B_FORMAT_TEXT)
|
||||
# define FORMAT_ENGINE 8 /* Not really a file format */
|
||||
# define FORMAT_PEMRSA (9 | B_FORMAT_TEXT) /* PEM RSAPubicKey format */
|
||||
# define FORMAT_ASN1RSA 10 /* DER RSAPubicKey format */
|
||||
# define FORMAT_MSBLOB 11 /* MS Key blob format */
|
||||
# define FORMAT_PVK 12 /* MS PVK file format */
|
||||
# define FORMAT_HTTP 13 /* Download using HTTP */
|
||||
# define FORMAT_NSS 14 /* NSS keylog format */
|
||||
|
||||
# define EXT_COPY_NONE 0
|
||||
# define EXT_COPY_ADD 1
|
||||
# define EXT_COPY_ALL 2
|
||||
|
||||
# define NETSCAPE_CERT_HDR "certificate"
|
||||
|
||||
# define APP_PASS_LEN 1024
|
||||
|
||||
/*
|
||||
* IETF RFC 5280 says serial number must be <= 20 bytes. Use 159 bits
|
||||
* so that the first bit will never be one, so that the DER encoding
|
||||
* rules won't force a leading octet.
|
||||
*/
|
||||
# define SERIAL_RAND_BITS 159
|
||||
|
||||
int app_isdir(const char *);
|
||||
int app_access(const char *, int flag);
|
||||
int fileno_stdin(void);
|
||||
int fileno_stdout(void);
|
||||
int raw_read_stdin(void *, int);
|
||||
int raw_write_stdout(const void *, int);
|
||||
|
||||
# define TM_START 0
|
||||
# define TM_STOP 1
|
||||
double app_tminterval(int stop, int usertime);
|
||||
|
||||
void make_uppercase(char *string);
|
||||
|
||||
typedef struct verify_options_st {
|
||||
int depth;
|
||||
int quiet;
|
||||
int error;
|
||||
int return_error;
|
||||
} VERIFY_CB_ARGS;
|
||||
|
||||
extern VERIFY_CB_ARGS verify_args;
|
||||
|
||||
#endif
|
357
trunk/3rdparty/openssl-1.1-fit/apps/asn1pars.c
vendored
Normal file
357
trunk/3rdparty/openssl-1.1-fit/apps/asn1pars.c
vendored
Normal file
|
@ -0,0 +1,357 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/asn1t.h>
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
OPT_INFORM, OPT_IN, OPT_OUT, OPT_INDENT, OPT_NOOUT,
|
||||
OPT_OID, OPT_OFFSET, OPT_LENGTH, OPT_DUMP, OPT_DLIMIT,
|
||||
OPT_STRPARSE, OPT_GENSTR, OPT_GENCONF, OPT_STRICTPEM,
|
||||
OPT_ITEM
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS asn1parse_options[] = {
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{"inform", OPT_INFORM, 'F', "input format - one of DER PEM"},
|
||||
{"in", OPT_IN, '<', "input file"},
|
||||
{"out", OPT_OUT, '>', "output file (output format is always DER)"},
|
||||
{"i", OPT_INDENT, 0, "indents the output"},
|
||||
{"noout", OPT_NOOUT, 0, "do not produce any output"},
|
||||
{"offset", OPT_OFFSET, 'p', "offset into file"},
|
||||
{"length", OPT_LENGTH, 'p', "length of section in file"},
|
||||
{"oid", OPT_OID, '<', "file of extra oid definitions"},
|
||||
{"dump", OPT_DUMP, 0, "unknown data in hex form"},
|
||||
{"dlimit", OPT_DLIMIT, 'p',
|
||||
"dump the first arg bytes of unknown data in hex form"},
|
||||
{"strparse", OPT_STRPARSE, 'p',
|
||||
"offset; a series of these can be used to 'dig'"},
|
||||
{OPT_MORE_STR, 0, 0, "into multiple ASN1 blob wrappings"},
|
||||
{"genstr", OPT_GENSTR, 's', "string to generate ASN1 structure from"},
|
||||
{"genconf", OPT_GENCONF, 's', "file to generate ASN1 structure from"},
|
||||
{OPT_MORE_STR, 0, 0, "(-inform will be ignored)"},
|
||||
{"strictpem", OPT_STRICTPEM, 0,
|
||||
"do not attempt base64 decode outside PEM markers"},
|
||||
{"item", OPT_ITEM, 's', "item to parse and print"},
|
||||
{NULL}
|
||||
};
|
||||
|
||||
static int do_generate(char *genstr, const char *genconf, BUF_MEM *buf);
|
||||
|
||||
int asn1parse_main(int argc, char **argv)
|
||||
{
|
||||
ASN1_TYPE *at = NULL;
|
||||
BIO *in = NULL, *b64 = NULL, *derout = NULL;
|
||||
BUF_MEM *buf = NULL;
|
||||
STACK_OF(OPENSSL_STRING) *osk = NULL;
|
||||
char *genstr = NULL, *genconf = NULL;
|
||||
char *infile = NULL, *oidfile = NULL, *derfile = NULL;
|
||||
unsigned char *str = NULL;
|
||||
char *name = NULL, *header = NULL, *prog;
|
||||
const unsigned char *ctmpbuf;
|
||||
int indent = 0, noout = 0, dump = 0, strictpem = 0, informat = FORMAT_PEM;
|
||||
int offset = 0, ret = 1, i, j;
|
||||
long num, tmplen;
|
||||
unsigned char *tmpbuf;
|
||||
unsigned int length = 0;
|
||||
OPTION_CHOICE o;
|
||||
const ASN1_ITEM *it = NULL;
|
||||
|
||||
prog = opt_init(argc, argv, asn1parse_options);
|
||||
|
||||
if ((osk = sk_OPENSSL_STRING_new_null()) == NULL) {
|
||||
BIO_printf(bio_err, "%s: Memory allocation failure\n", prog);
|
||||
goto end;
|
||||
}
|
||||
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF:
|
||||
case OPT_ERR:
|
||||
opthelp:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
case OPT_HELP:
|
||||
opt_help(asn1parse_options);
|
||||
ret = 0;
|
||||
goto end;
|
||||
case OPT_INFORM:
|
||||
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_IN:
|
||||
infile = opt_arg();
|
||||
break;
|
||||
case OPT_OUT:
|
||||
derfile = opt_arg();
|
||||
break;
|
||||
case OPT_INDENT:
|
||||
indent = 1;
|
||||
break;
|
||||
case OPT_NOOUT:
|
||||
noout = 1;
|
||||
break;
|
||||
case OPT_OID:
|
||||
oidfile = opt_arg();
|
||||
break;
|
||||
case OPT_OFFSET:
|
||||
offset = strtol(opt_arg(), NULL, 0);
|
||||
break;
|
||||
case OPT_LENGTH:
|
||||
length = strtol(opt_arg(), NULL, 0);
|
||||
break;
|
||||
case OPT_DUMP:
|
||||
dump = -1;
|
||||
break;
|
||||
case OPT_DLIMIT:
|
||||
dump = strtol(opt_arg(), NULL, 0);
|
||||
break;
|
||||
case OPT_STRPARSE:
|
||||
sk_OPENSSL_STRING_push(osk, opt_arg());
|
||||
break;
|
||||
case OPT_GENSTR:
|
||||
genstr = opt_arg();
|
||||
break;
|
||||
case OPT_GENCONF:
|
||||
genconf = opt_arg();
|
||||
break;
|
||||
case OPT_STRICTPEM:
|
||||
strictpem = 1;
|
||||
informat = FORMAT_PEM;
|
||||
break;
|
||||
case OPT_ITEM:
|
||||
it = ASN1_ITEM_lookup(opt_arg());
|
||||
if (it == NULL) {
|
||||
size_t tmp;
|
||||
|
||||
BIO_printf(bio_err, "Unknown item name %s\n", opt_arg());
|
||||
BIO_puts(bio_err, "Supported types:\n");
|
||||
for (tmp = 0;; tmp++) {
|
||||
it = ASN1_ITEM_get(tmp);
|
||||
if (it == NULL)
|
||||
break;
|
||||
BIO_printf(bio_err, " %s\n", it->sname);
|
||||
}
|
||||
goto end;
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
argc = opt_num_rest();
|
||||
if (argc != 0)
|
||||
goto opthelp;
|
||||
|
||||
if (oidfile != NULL) {
|
||||
in = bio_open_default(oidfile, 'r', FORMAT_TEXT);
|
||||
if (in == NULL)
|
||||
goto end;
|
||||
OBJ_create_objects(in);
|
||||
BIO_free(in);
|
||||
}
|
||||
|
||||
if ((in = bio_open_default(infile, 'r', informat)) == NULL)
|
||||
goto end;
|
||||
|
||||
if (derfile && (derout = bio_open_default(derfile, 'w', FORMAT_ASN1)) == NULL)
|
||||
goto end;
|
||||
|
||||
if (strictpem) {
|
||||
if (PEM_read_bio(in, &name, &header, &str, &num) !=
|
||||
1) {
|
||||
BIO_printf(bio_err, "Error reading PEM file\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
} else {
|
||||
|
||||
if ((buf = BUF_MEM_new()) == NULL)
|
||||
goto end;
|
||||
if (!BUF_MEM_grow(buf, BUFSIZ * 8))
|
||||
goto end; /* Pre-allocate :-) */
|
||||
|
||||
if (genstr || genconf) {
|
||||
num = do_generate(genstr, genconf, buf);
|
||||
if (num < 0) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
} else {
|
||||
|
||||
if (informat == FORMAT_PEM) {
|
||||
BIO *tmp;
|
||||
|
||||
if ((b64 = BIO_new(BIO_f_base64())) == NULL)
|
||||
goto end;
|
||||
BIO_push(b64, in);
|
||||
tmp = in;
|
||||
in = b64;
|
||||
b64 = tmp;
|
||||
}
|
||||
|
||||
num = 0;
|
||||
for (;;) {
|
||||
if (!BUF_MEM_grow(buf, num + BUFSIZ))
|
||||
goto end;
|
||||
i = BIO_read(in, &(buf->data[num]), BUFSIZ);
|
||||
if (i <= 0)
|
||||
break;
|
||||
num += i;
|
||||
}
|
||||
}
|
||||
str = (unsigned char *)buf->data;
|
||||
|
||||
}
|
||||
|
||||
/* If any structs to parse go through in sequence */
|
||||
|
||||
if (sk_OPENSSL_STRING_num(osk)) {
|
||||
tmpbuf = str;
|
||||
tmplen = num;
|
||||
for (i = 0; i < sk_OPENSSL_STRING_num(osk); i++) {
|
||||
ASN1_TYPE *atmp;
|
||||
int typ;
|
||||
j = strtol(sk_OPENSSL_STRING_value(osk, i), NULL, 0);
|
||||
if (j <= 0 || j >= tmplen) {
|
||||
BIO_printf(bio_err, "'%s' is out of range\n",
|
||||
sk_OPENSSL_STRING_value(osk, i));
|
||||
continue;
|
||||
}
|
||||
tmpbuf += j;
|
||||
tmplen -= j;
|
||||
atmp = at;
|
||||
ctmpbuf = tmpbuf;
|
||||
at = d2i_ASN1_TYPE(NULL, &ctmpbuf, tmplen);
|
||||
ASN1_TYPE_free(atmp);
|
||||
if (!at) {
|
||||
BIO_printf(bio_err, "Error parsing structure\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
typ = ASN1_TYPE_get(at);
|
||||
if ((typ == V_ASN1_OBJECT)
|
||||
|| (typ == V_ASN1_BOOLEAN)
|
||||
|| (typ == V_ASN1_NULL)) {
|
||||
BIO_printf(bio_err, "Can't parse %s type\n", ASN1_tag2str(typ));
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
/* hmm... this is a little evil but it works */
|
||||
tmpbuf = at->value.asn1_string->data;
|
||||
tmplen = at->value.asn1_string->length;
|
||||
}
|
||||
str = tmpbuf;
|
||||
num = tmplen;
|
||||
}
|
||||
|
||||
if (offset < 0 || offset >= num) {
|
||||
BIO_printf(bio_err, "Error: offset out of range\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
num -= offset;
|
||||
|
||||
if (length == 0 || length > (unsigned int)num)
|
||||
length = (unsigned int)num;
|
||||
if (derout != NULL) {
|
||||
if (BIO_write(derout, str + offset, length) != (int)length) {
|
||||
BIO_printf(bio_err, "Error writing output\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
if (!noout) {
|
||||
const unsigned char *p = str + offset;
|
||||
|
||||
if (it != NULL) {
|
||||
ASN1_VALUE *value = ASN1_item_d2i(NULL, &p, length, it);
|
||||
if (value == NULL) {
|
||||
BIO_printf(bio_err, "Error parsing item %s\n", it->sname);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
ASN1_item_print(bio_out, value, 0, it, NULL);
|
||||
ASN1_item_free(value, it);
|
||||
} else {
|
||||
if (!ASN1_parse_dump(bio_out, p, length, indent, dump)) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
}
|
||||
ret = 0;
|
||||
end:
|
||||
BIO_free(derout);
|
||||
BIO_free(in);
|
||||
BIO_free(b64);
|
||||
if (ret != 0)
|
||||
ERR_print_errors(bio_err);
|
||||
BUF_MEM_free(buf);
|
||||
OPENSSL_free(name);
|
||||
OPENSSL_free(header);
|
||||
if (strictpem)
|
||||
OPENSSL_free(str);
|
||||
ASN1_TYPE_free(at);
|
||||
sk_OPENSSL_STRING_free(osk);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int do_generate(char *genstr, const char *genconf, BUF_MEM *buf)
|
||||
{
|
||||
CONF *cnf = NULL;
|
||||
int len;
|
||||
unsigned char *p;
|
||||
ASN1_TYPE *atyp = NULL;
|
||||
|
||||
if (genconf != NULL) {
|
||||
if ((cnf = app_load_config(genconf)) == NULL)
|
||||
goto err;
|
||||
if (genstr == NULL)
|
||||
genstr = NCONF_get_string(cnf, "default", "asn1");
|
||||
if (genstr == NULL) {
|
||||
BIO_printf(bio_err, "Can't find 'asn1' in '%s'\n", genconf);
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
|
||||
atyp = ASN1_generate_nconf(genstr, cnf);
|
||||
NCONF_free(cnf);
|
||||
cnf = NULL;
|
||||
|
||||
if (atyp == NULL)
|
||||
return -1;
|
||||
|
||||
len = i2d_ASN1_TYPE(atyp, NULL);
|
||||
|
||||
if (len <= 0)
|
||||
goto err;
|
||||
|
||||
if (!BUF_MEM_grow(buf, len))
|
||||
goto err;
|
||||
|
||||
p = (unsigned char *)buf->data;
|
||||
|
||||
i2d_ASN1_TYPE(atyp, &p);
|
||||
|
||||
ASN1_TYPE_free(atyp);
|
||||
return len;
|
||||
|
||||
err:
|
||||
NCONF_free(cnf);
|
||||
ASN1_TYPE_free(atyp);
|
||||
return -1;
|
||||
}
|
177
trunk/3rdparty/openssl-1.1-fit/apps/bf_prefix.c
vendored
Normal file
177
trunk/3rdparty/openssl-1.1-fit/apps/bf_prefix.c
vendored
Normal file
|
@ -0,0 +1,177 @@
|
|||
/*
|
||||
* Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <openssl/bio.h>
|
||||
#include "apps.h"
|
||||
|
||||
static int prefix_write(BIO *b, const char *out, size_t outl,
|
||||
size_t *numwritten);
|
||||
static int prefix_read(BIO *b, char *buf, size_t size, size_t *numread);
|
||||
static int prefix_puts(BIO *b, const char *str);
|
||||
static int prefix_gets(BIO *b, char *str, int size);
|
||||
static long prefix_ctrl(BIO *b, int cmd, long arg1, void *arg2);
|
||||
static int prefix_create(BIO *b);
|
||||
static int prefix_destroy(BIO *b);
|
||||
static long prefix_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp);
|
||||
|
||||
static BIO_METHOD *prefix_meth = NULL;
|
||||
|
||||
BIO_METHOD *apps_bf_prefix(void)
|
||||
{
|
||||
if (prefix_meth == NULL) {
|
||||
if ((prefix_meth =
|
||||
BIO_meth_new(BIO_TYPE_FILTER, "Prefix filter")) == NULL
|
||||
|| !BIO_meth_set_create(prefix_meth, prefix_create)
|
||||
|| !BIO_meth_set_destroy(prefix_meth, prefix_destroy)
|
||||
|| !BIO_meth_set_write_ex(prefix_meth, prefix_write)
|
||||
|| !BIO_meth_set_read_ex(prefix_meth, prefix_read)
|
||||
|| !BIO_meth_set_puts(prefix_meth, prefix_puts)
|
||||
|| !BIO_meth_set_gets(prefix_meth, prefix_gets)
|
||||
|| !BIO_meth_set_ctrl(prefix_meth, prefix_ctrl)
|
||||
|| !BIO_meth_set_callback_ctrl(prefix_meth, prefix_callback_ctrl)) {
|
||||
BIO_meth_free(prefix_meth);
|
||||
prefix_meth = NULL;
|
||||
}
|
||||
}
|
||||
return prefix_meth;
|
||||
}
|
||||
|
||||
typedef struct prefix_ctx_st {
|
||||
char *prefix;
|
||||
int linestart; /* flag to indicate we're at the line start */
|
||||
} PREFIX_CTX;
|
||||
|
||||
static int prefix_create(BIO *b)
|
||||
{
|
||||
PREFIX_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
|
||||
|
||||
if (ctx == NULL)
|
||||
return 0;
|
||||
|
||||
ctx->prefix = NULL;
|
||||
ctx->linestart = 1;
|
||||
BIO_set_data(b, ctx);
|
||||
BIO_set_init(b, 1);
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int prefix_destroy(BIO *b)
|
||||
{
|
||||
PREFIX_CTX *ctx = BIO_get_data(b);
|
||||
|
||||
OPENSSL_free(ctx->prefix);
|
||||
OPENSSL_free(ctx);
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int prefix_read(BIO *b, char *in, size_t size, size_t *numread)
|
||||
{
|
||||
return BIO_read_ex(BIO_next(b), in, size, numread);
|
||||
}
|
||||
|
||||
static int prefix_write(BIO *b, const char *out, size_t outl,
|
||||
size_t *numwritten)
|
||||
{
|
||||
PREFIX_CTX *ctx = BIO_get_data(b);
|
||||
|
||||
if (ctx == NULL)
|
||||
return 0;
|
||||
|
||||
/* If no prefix is set or if it's empty, we've got nothing to do here */
|
||||
if (ctx->prefix == NULL || *ctx->prefix == '\0') {
|
||||
/* We do note if what comes next will be a new line, though */
|
||||
if (outl > 0)
|
||||
ctx->linestart = (out[outl-1] == '\n');
|
||||
return BIO_write_ex(BIO_next(b), out, outl, numwritten);
|
||||
}
|
||||
|
||||
*numwritten = 0;
|
||||
|
||||
while (outl > 0) {
|
||||
size_t i;
|
||||
char c;
|
||||
|
||||
/* If we know that we're at the start of the line, output the prefix */
|
||||
if (ctx->linestart) {
|
||||
size_t dontcare;
|
||||
|
||||
if (!BIO_write_ex(BIO_next(b), ctx->prefix, strlen(ctx->prefix),
|
||||
&dontcare))
|
||||
return 0;
|
||||
ctx->linestart = 0;
|
||||
}
|
||||
|
||||
/* Now, go look for the next LF, or the end of the string */
|
||||
for (i = 0, c = '\0'; i < outl && (c = out[i]) != '\n'; i++)
|
||||
continue;
|
||||
if (c == '\n')
|
||||
i++;
|
||||
|
||||
/* Output what we found so far */
|
||||
while (i > 0) {
|
||||
size_t num = 0;
|
||||
|
||||
if (!BIO_write_ex(BIO_next(b), out, i, &num))
|
||||
return 0;
|
||||
out += num;
|
||||
outl -= num;
|
||||
*numwritten += num;
|
||||
i -= num;
|
||||
}
|
||||
|
||||
/* If we found a LF, what follows is a new line, so take note */
|
||||
if (c == '\n')
|
||||
ctx->linestart = 1;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static long prefix_ctrl(BIO *b, int cmd, long num, void *ptr)
|
||||
{
|
||||
long ret = 0;
|
||||
|
||||
switch (cmd) {
|
||||
case PREFIX_CTRL_SET_PREFIX:
|
||||
{
|
||||
PREFIX_CTX *ctx = BIO_get_data(b);
|
||||
|
||||
if (ctx == NULL)
|
||||
break;
|
||||
|
||||
OPENSSL_free(ctx->prefix);
|
||||
ctx->prefix = OPENSSL_strdup((const char *)ptr);
|
||||
ret = ctx->prefix != NULL;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
if (BIO_next(b) != NULL)
|
||||
ret = BIO_ctrl(BIO_next(b), cmd, num, ptr);
|
||||
break;
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
static long prefix_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
|
||||
{
|
||||
return BIO_callback_ctrl(BIO_next(b), cmd, fp);
|
||||
}
|
||||
|
||||
static int prefix_gets(BIO *b, char *buf, int size)
|
||||
{
|
||||
return BIO_gets(BIO_next(b), buf, size);
|
||||
}
|
||||
|
||||
static int prefix_puts(BIO *b, const char *str)
|
||||
{
|
||||
return BIO_write(b, str, strlen(str));
|
||||
}
|
38
trunk/3rdparty/openssl-1.1-fit/apps/build.info
vendored
Normal file
38
trunk/3rdparty/openssl-1.1-fit/apps/build.info
vendored
Normal file
|
@ -0,0 +1,38 @@
|
|||
{- our @apps_openssl_src =
|
||||
qw(openssl.c
|
||||
asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c dhparam.c
|
||||
dsa.c dsaparam.c ec.c ecparam.c enc.c engine.c errstr.c gendsa.c
|
||||
genpkey.c genrsa.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c pkcs8.c
|
||||
pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c
|
||||
s_client.c s_server.c s_time.c sess_id.c smime.c speed.c spkac.c
|
||||
srp.c ts.c verify.c version.c x509.c rehash.c storeutl.c);
|
||||
our @apps_lib_src =
|
||||
( qw(apps.c opt.c s_cb.c s_socket.c app_rand.c bf_prefix.c),
|
||||
split(/\s+/, $target{apps_aux_src}) );
|
||||
our @apps_init_src = split(/\s+/, $target{apps_init_src});
|
||||
"" -}
|
||||
IF[{- !$disabled{apps} -}]
|
||||
LIBS_NO_INST=libapps.a
|
||||
SOURCE[libapps.a]={- join(" ", @apps_lib_src) -}
|
||||
INCLUDE[libapps.a]=.. ../include
|
||||
|
||||
PROGRAMS=openssl
|
||||
SOURCE[openssl]={- join(" ", @apps_init_src) -}
|
||||
SOURCE[openssl]={- join(" ", @apps_openssl_src) -}
|
||||
INCLUDE[openssl]=.. ../include
|
||||
DEPEND[openssl]=libapps.a ../libssl
|
||||
|
||||
IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-)/ -}]
|
||||
GENERATE[openssl.rc]=../util/mkrc.pl openssl
|
||||
SOURCE[openssl]=openssl.rc
|
||||
ENDIF
|
||||
|
||||
{- join("\n ", map { (my $x = $_) =~ s|\.c$|.o|; "DEPEND[$x]=progs.h" }
|
||||
@apps_openssl_src) -}
|
||||
GENERATE[progs.h]=progs.pl $(APPS_OPENSSL)
|
||||
DEPEND[progs.h]=../configdata.pm
|
||||
|
||||
SCRIPTS=CA.pl tsget.pl
|
||||
SOURCE[CA.pl]=CA.pl.in
|
||||
SOURCE[tsget.pl]=tsget.in
|
||||
ENDIF
|
1
trunk/3rdparty/openssl-1.1-fit/apps/ca-cert.srl
vendored
Normal file
1
trunk/3rdparty/openssl-1.1-fit/apps/ca-cert.srl
vendored
Normal file
|
@ -0,0 +1 @@
|
|||
07
|
16
trunk/3rdparty/openssl-1.1-fit/apps/ca-key.pem
vendored
Normal file
16
trunk/3rdparty/openssl-1.1-fit/apps/ca-key.pem
vendored
Normal file
|
@ -0,0 +1,16 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAL4tQNyKy4U2zX6l
|
||||
IZvORB1edmwMwIgSB4cgoFECrG5pixzYxKauZkAwKG9/+L4DB8qXRjfXWcvafcOU
|
||||
DlYpRROykJ7wGkiqmqbZyrxY8DWjk5ZZQXiSuhYOAJB+Fyfb11JZV6+CvBQX/1g+
|
||||
vhJr39Gmp6oAesoYrj90ecozClmnAgMBAAECgYA3j6sSg+5f9hnldUMzbPjTh8Sb
|
||||
XsJlPrc6UFrmMBzGiUleXSpe9Dbla+x0XvQCN4pwMvAN4nnWp/f0Su5BV/9Y93nb
|
||||
im5ijGNrfN9i6QrnqGCr+MMute+4E8HR2pCScX0mBLDDf40SmDvMzCaxtd21keyr
|
||||
9DqHgInQZNEi6NKlkQJBAPCbUTFg6iQ6VTCQ8CsEf5q2xHhuTK23fJ999lvWVxN7
|
||||
QsvWb9RP9Ng34HVtvB7Pl6P7FyHLQYiDJhhvYR0L0+kCQQDKV/09Kt6Wjf5Omp1I
|
||||
wd3A+tFnipdqnPw+qNHGjevv0hYiEIWQOYbx00zXgaX+WN/pzV9eeNN2XAxlNJ++
|
||||
dxcPAkBrzeuPKFFAcjKBVC+H1rgl5gYZv7Hzk+buv02G0H6rZ+sB0c7BXiHiTwbv
|
||||
Fn/XfkP/YR14Ms3mEH0dLaphjU8hAkEAh3Ar/rRiN04mCcEuRFQXtaNtZSv8PA2G
|
||||
Pf7MI2Y9pdHupLCAZlBLRjTUO2/5hu1AO4QPMPIZQSFN3rRBtMCL+wJAMp/m2hvI
|
||||
TmtbMp/IrKGfma09e3yFiCmoNn7cHLJ7jLvXcacV2XNzpr9YHfBxiZo0g9FqZKvv
|
||||
PZoQ5B2XJ7bhTQ==
|
||||
-----END PRIVATE KEY-----
|
11
trunk/3rdparty/openssl-1.1-fit/apps/ca-req.pem
vendored
Normal file
11
trunk/3rdparty/openssl-1.1-fit/apps/ca-req.pem
vendored
Normal file
|
@ -0,0 +1,11 @@
|
|||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIIBmzCCAQQCAQAwWzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClF1ZWVuc2xhbmQx
|
||||
GjAYBgNVBAoMEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDDBJUZXN0IENBICgx
|
||||
MDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL4tQNyKy4U2zX6l
|
||||
IZvORB1edmwMwIgSB4cgoFECrG5pixzYxKauZkAwKG9/+L4DB8qXRjfXWcvafcOU
|
||||
DlYpRROykJ7wGkiqmqbZyrxY8DWjk5ZZQXiSuhYOAJB+Fyfb11JZV6+CvBQX/1g+
|
||||
vhJr39Gmp6oAesoYrj90ecozClmnAgMBAAGgADANBgkqhkiG9w0BAQsFAAOBgQCo
|
||||
2jE7J1SNV7kyRm9m8CoPw8xYsuVcVFxPheBymYp8BlO0/rSdYygRjobpYnLVRUPZ
|
||||
pV792wzT1Rp4sXfZWO10lkFY4yi0pH2cdK2RX7qedibV1Xu9vt/yYANFBKVpA4dy
|
||||
PRyTQwi3In1N8hdfddpYR8f5MIUYRe5poFMIJcf8JA==
|
||||
-----END CERTIFICATE REQUEST-----
|
2606
trunk/3rdparty/openssl-1.1-fit/apps/ca.c
vendored
Normal file
2606
trunk/3rdparty/openssl-1.1-fit/apps/ca.c
vendored
Normal file
File diff suppressed because it is too large
Load diff
11
trunk/3rdparty/openssl-1.1-fit/apps/cert.pem
vendored
Normal file
11
trunk/3rdparty/openssl-1.1-fit/apps/cert.pem
vendored
Normal file
|
@ -0,0 +1,11 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIBoDCCAUoCAQAwDQYJKoZIhvcNAQEEBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV
|
||||
BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD
|
||||
VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw05NzA5MDkwMzQxMjZa
|
||||
Fw05NzEwMDkwMzQxMjZaMF4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0
|
||||
YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxFzAVBgNVBAMT
|
||||
DkVyaWMgdGhlIFlvdW5nMFEwCQYFKw4DAgwFAANEAAJBALVEqPODnpI4rShlY8S7
|
||||
tB713JNvabvn6Gned7zylwLLiXQAo/PAT6mfdWPTyCX9RlId/Aroh1ou893BA32Q
|
||||
sggwDQYJKoZIhvcNAQEEBQADQQCU5SSgapJSdRXJoX+CpCvFy+JVh9HpSjCpSNKO
|
||||
19raHv98hKAUJuP9HyM+SUsffO6mAIgitUaqW8/wDMePhEC3
|
||||
-----END CERTIFICATE-----
|
266
trunk/3rdparty/openssl-1.1-fit/apps/ciphers.c
vendored
Normal file
266
trunk/3rdparty/openssl-1.1-fit/apps/ciphers.c
vendored
Normal file
|
@ -0,0 +1,266 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
OPT_STDNAME,
|
||||
OPT_CONVERT,
|
||||
OPT_SSL3,
|
||||
OPT_TLS1,
|
||||
OPT_TLS1_1,
|
||||
OPT_TLS1_2,
|
||||
OPT_TLS1_3,
|
||||
OPT_PSK,
|
||||
OPT_SRP,
|
||||
OPT_CIPHERSUITES,
|
||||
OPT_V, OPT_UPPER_V, OPT_S
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS ciphers_options[] = {
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"},
|
||||
{"V", OPT_UPPER_V, '-', "Even more verbose"},
|
||||
{"s", OPT_S, '-', "Only supported ciphers"},
|
||||
#ifndef OPENSSL_NO_SSL3
|
||||
{"ssl3", OPT_SSL3, '-', "SSL3 mode"},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_TLS1
|
||||
{"tls1", OPT_TLS1, '-', "TLS1 mode"},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_TLS1_1
|
||||
{"tls1_1", OPT_TLS1_1, '-', "TLS1.1 mode"},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_TLS1_2
|
||||
{"tls1_2", OPT_TLS1_2, '-', "TLS1.2 mode"},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_TLS1_3
|
||||
{"tls1_3", OPT_TLS1_3, '-', "TLS1.3 mode"},
|
||||
#endif
|
||||
{"stdname", OPT_STDNAME, '-', "Show standard cipher names"},
|
||||
#ifndef OPENSSL_NO_PSK
|
||||
{"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SRP
|
||||
{"srp", OPT_SRP, '-', "include ciphersuites requiring SRP"},
|
||||
#endif
|
||||
{"convert", OPT_CONVERT, 's', "Convert standard name into OpenSSL name"},
|
||||
{"ciphersuites", OPT_CIPHERSUITES, 's',
|
||||
"Configure the TLSv1.3 ciphersuites to use"},
|
||||
{NULL}
|
||||
};
|
||||
|
||||
#ifndef OPENSSL_NO_PSK
|
||||
static unsigned int dummy_psk(SSL *ssl, const char *hint, char *identity,
|
||||
unsigned int max_identity_len,
|
||||
unsigned char *psk,
|
||||
unsigned int max_psk_len)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SRP
|
||||
static char *dummy_srp(SSL *ssl, void *arg)
|
||||
{
|
||||
return "";
|
||||
}
|
||||
#endif
|
||||
|
||||
int ciphers_main(int argc, char **argv)
|
||||
{
|
||||
SSL_CTX *ctx = NULL;
|
||||
SSL *ssl = NULL;
|
||||
STACK_OF(SSL_CIPHER) *sk = NULL;
|
||||
const SSL_METHOD *meth = TLS_server_method();
|
||||
int ret = 1, i, verbose = 0, Verbose = 0, use_supported = 0;
|
||||
int stdname = 0;
|
||||
#ifndef OPENSSL_NO_PSK
|
||||
int psk = 0;
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SRP
|
||||
int srp = 0;
|
||||
#endif
|
||||
const char *p;
|
||||
char *ciphers = NULL, *prog, *convert = NULL, *ciphersuites = NULL;
|
||||
char buf[512];
|
||||
OPTION_CHOICE o;
|
||||
int min_version = 0, max_version = 0;
|
||||
|
||||
prog = opt_init(argc, argv, ciphers_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF:
|
||||
case OPT_ERR:
|
||||
opthelp:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
case OPT_HELP:
|
||||
opt_help(ciphers_options);
|
||||
ret = 0;
|
||||
goto end;
|
||||
case OPT_V:
|
||||
verbose = 1;
|
||||
break;
|
||||
case OPT_UPPER_V:
|
||||
verbose = Verbose = 1;
|
||||
break;
|
||||
case OPT_S:
|
||||
use_supported = 1;
|
||||
break;
|
||||
case OPT_STDNAME:
|
||||
stdname = verbose = 1;
|
||||
break;
|
||||
case OPT_CONVERT:
|
||||
convert = opt_arg();
|
||||
break;
|
||||
case OPT_SSL3:
|
||||
min_version = SSL3_VERSION;
|
||||
max_version = SSL3_VERSION;
|
||||
break;
|
||||
case OPT_TLS1:
|
||||
min_version = TLS1_VERSION;
|
||||
max_version = TLS1_VERSION;
|
||||
break;
|
||||
case OPT_TLS1_1:
|
||||
min_version = TLS1_1_VERSION;
|
||||
max_version = TLS1_1_VERSION;
|
||||
break;
|
||||
case OPT_TLS1_2:
|
||||
min_version = TLS1_2_VERSION;
|
||||
max_version = TLS1_2_VERSION;
|
||||
break;
|
||||
case OPT_TLS1_3:
|
||||
min_version = TLS1_3_VERSION;
|
||||
max_version = TLS1_3_VERSION;
|
||||
break;
|
||||
case OPT_PSK:
|
||||
#ifndef OPENSSL_NO_PSK
|
||||
psk = 1;
|
||||
#endif
|
||||
break;
|
||||
case OPT_SRP:
|
||||
#ifndef OPENSSL_NO_SRP
|
||||
srp = 1;
|
||||
#endif
|
||||
break;
|
||||
case OPT_CIPHERSUITES:
|
||||
ciphersuites = opt_arg();
|
||||
break;
|
||||
}
|
||||
}
|
||||
argv = opt_rest();
|
||||
argc = opt_num_rest();
|
||||
|
||||
if (argc == 1)
|
||||
ciphers = *argv;
|
||||
else if (argc != 0)
|
||||
goto opthelp;
|
||||
|
||||
if (convert != NULL) {
|
||||
BIO_printf(bio_out, "OpenSSL cipher name: %s\n",
|
||||
OPENSSL_cipher_name(convert));
|
||||
goto end;
|
||||
}
|
||||
|
||||
ctx = SSL_CTX_new(meth);
|
||||
if (ctx == NULL)
|
||||
goto err;
|
||||
if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
|
||||
goto err;
|
||||
if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
|
||||
goto err;
|
||||
|
||||
#ifndef OPENSSL_NO_PSK
|
||||
if (psk)
|
||||
SSL_CTX_set_psk_client_callback(ctx, dummy_psk);
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SRP
|
||||
if (srp)
|
||||
SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp);
|
||||
#endif
|
||||
|
||||
if (ciphersuites != NULL && !SSL_CTX_set_ciphersuites(ctx, ciphersuites)) {
|
||||
BIO_printf(bio_err, "Error setting TLSv1.3 ciphersuites\n");
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (ciphers != NULL) {
|
||||
if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
|
||||
BIO_printf(bio_err, "Error in cipher list\n");
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
ssl = SSL_new(ctx);
|
||||
if (ssl == NULL)
|
||||
goto err;
|
||||
|
||||
if (use_supported)
|
||||
sk = SSL_get1_supported_ciphers(ssl);
|
||||
else
|
||||
sk = SSL_get_ciphers(ssl);
|
||||
|
||||
if (!verbose) {
|
||||
for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
|
||||
const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
|
||||
p = SSL_CIPHER_get_name(c);
|
||||
if (p == NULL)
|
||||
break;
|
||||
if (i != 0)
|
||||
BIO_printf(bio_out, ":");
|
||||
BIO_printf(bio_out, "%s", p);
|
||||
}
|
||||
BIO_printf(bio_out, "\n");
|
||||
} else {
|
||||
|
||||
for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
|
||||
const SSL_CIPHER *c;
|
||||
|
||||
c = sk_SSL_CIPHER_value(sk, i);
|
||||
|
||||
if (Verbose) {
|
||||
unsigned long id = SSL_CIPHER_get_id(c);
|
||||
int id0 = (int)(id >> 24);
|
||||
int id1 = (int)((id >> 16) & 0xffL);
|
||||
int id2 = (int)((id >> 8) & 0xffL);
|
||||
int id3 = (int)(id & 0xffL);
|
||||
|
||||
if ((id & 0xff000000L) == 0x03000000L)
|
||||
BIO_printf(bio_out, " 0x%02X,0x%02X - ", id2, id3); /* SSL3
|
||||
* cipher */
|
||||
else
|
||||
BIO_printf(bio_out, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */
|
||||
}
|
||||
if (stdname) {
|
||||
const char *nm = SSL_CIPHER_standard_name(c);
|
||||
if (nm == NULL)
|
||||
nm = "UNKNOWN";
|
||||
BIO_printf(bio_out, "%s - ", nm);
|
||||
}
|
||||
BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof(buf)));
|
||||
}
|
||||
}
|
||||
|
||||
ret = 0;
|
||||
goto end;
|
||||
err:
|
||||
ERR_print_errors(bio_err);
|
||||
end:
|
||||
if (use_supported)
|
||||
sk_SSL_CIPHER_free(sk);
|
||||
SSL_CTX_free(ctx);
|
||||
SSL_free(ssl);
|
||||
return ret;
|
||||
}
|
52
trunk/3rdparty/openssl-1.1-fit/apps/client.pem
vendored
Normal file
52
trunk/3rdparty/openssl-1.1-fit/apps/client.pem
vendored
Normal file
|
@ -0,0 +1,52 @@
|
|||
subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Client Cert
|
||||
issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6yMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
|
||||
BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
|
||||
VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt
|
||||
ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZDELMAkG
|
||||
A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU
|
||||
RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgQ2xpZW50IENlcnQw
|
||||
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0ranbHRLcLVqN+0BzcZpY
|
||||
+yOLqxzDWT1LD9eW1stC4NzXX9/DCtSIVyN7YIHdGLrIPr64IDdXXaMRzgZ2rOKs
|
||||
lmHCAiFpO/ja99gGCJRxH0xwQatqAULfJVHeUhs7OEGOZc2nWifjqKvGfNTilP7D
|
||||
nwi69ipQFq9oS19FmhwVHk2wg7KZGHI1qDyG04UrfCZMRitvS9+UVhPpIPjuiBi2
|
||||
x3/FZIpL5gXJvvFK6xHY63oq2asyzBATntBgnP4qJFWWcvRx24wF1PnZabxuVoL2
|
||||
bPnQ/KvONDrw3IdqkKhYNTul7jEcu3OlcZIMw+7DiaKJLAzKb/bBF5gm/pwW6As9
|
||||
AgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJYIZI
|
||||
AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
|
||||
BBSZHKyLoTh7Mb409Zn/mK1ceSDAjDAfBgNVHSMEGDAWgBQ2w2yI55X+sL3szj49
|
||||
hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEAD0mL7PtPYgCEuDyOQSbLpeND5hVS
|
||||
curxQdGnrJ6Acrhodb7E9ccATokeb0PLx6HBLQUicxhTZIQ9FbO43YkQcOU6C3BB
|
||||
IlwskqmtN6+VmrQzNolHCDzvxNZs9lYL2VbGPGqVRyjZeHpoAlf9cQr8PgDb4d4b
|
||||
vUx2KAhHQvV2nkmYvKyXcgnRuHggumF87mkxidriGAEFwH4qfOqetUg64WyxP7P2
|
||||
QLipm04SyQa7ONtIApfVXgHcE42Py4/f4arzCzMjKe3VyhGkS7nsT55X/fWgTaRm
|
||||
CQPkO+H94P958WTvQDt77bQ+D3IvYaVvfil8n6HJMOJfFT0LJuSUbpSXJg==
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpQIBAAKCAQEAtK2p2x0S3C1ajftAc3GaWPsji6scw1k9Sw/XltbLQuDc11/f
|
||||
wwrUiFcje2CB3Ri6yD6+uCA3V12jEc4GdqzirJZhwgIhaTv42vfYBgiUcR9McEGr
|
||||
agFC3yVR3lIbOzhBjmXNp1on46irxnzU4pT+w58IuvYqUBavaEtfRZocFR5NsIOy
|
||||
mRhyNag8htOFK3wmTEYrb0vflFYT6SD47ogYtsd/xWSKS+YFyb7xSusR2Ot6Ktmr
|
||||
MswQE57QYJz+KiRVlnL0cduMBdT52Wm8blaC9mz50PyrzjQ68NyHapCoWDU7pe4x
|
||||
HLtzpXGSDMPuw4miiSwMym/2wReYJv6cFugLPQIDAQABAoIBAAZOyc9MhIwLSU4L
|
||||
p4RgQvM4UVVe8/Id+3XTZ8NsXExJbWxXfIhiqGjaIfL8u4vsgRjcl+v1s/jo2/iT
|
||||
KMab4o4D8gXD7UavQVDjtjb/ta79WL3SjRl2Uc9YjjMkyq6WmDNQeo2NKDdafCTB
|
||||
1uzSJtLNipB8Z53ELPuHJhxX9QMHrMnuha49riQgXZ7buP9iQrHJFhImBjSzbxJx
|
||||
L+TI6rkyLSf9Wi0Pd3L27Ob3QWNfNRYNSeTE+08eSRChkur5W0RuXAcuAICdQlCl
|
||||
LBvWO/LmmvbzCqiDcgy/TliSb6CGGwgiNG7LJZmlkYNj8laGwalNlYZs3UrVv6NO
|
||||
Br2loAECgYEA2kvCvPGj0Dg/6g7WhXDvAkEbcaL1tSeCxBbNH+6HS2UWMWvyTtCn
|
||||
/bbD519QIdkvayy1QjEf32GV/UjUVmlULMLBcDy0DGjtL3+XpIhLKWDNxN1v1/ai
|
||||
1oz23ZJCOgnk6K4qtFtlRS1XtynjA+rBetvYvLP9SKeFrnpzCgaA2r0CgYEA0+KX
|
||||
1ACXDTNH5ySX3kMjSS9xdINf+OOw4CvPHFwbtc9aqk2HePlEsBTz5I/W3rKwXva3
|
||||
NqZ/bRqVVeZB/hHKFywgdUQk2Uc5z/S7Lw70/w1HubNTXGU06Ngb6zOFAo/o/TwZ
|
||||
zTP1BMIKSOB6PAZPS3l+aLO4FRIRotfFhgRHOoECgYEAmiZbqt8cJaJDB/5YYDzC
|
||||
mp3tSk6gIb936Q6M5VqkMYp9pIKsxhk0N8aDCnTU+kIK6SzWBpr3/d9Ecmqmfyq7
|
||||
5SvWO3KyVf0WWK9KH0abhOm2BKm2HBQvI0DB5u8sUx2/hsvOnjPYDISbZ11t0MtK
|
||||
u35Zy89yMYcSsIYJjG/ROCUCgYEAgI2P9G5PNxEP5OtMwOsW84Y3Xat/hPAQFlI+
|
||||
HES+AzbFGWJkeT8zL2nm95tVkFP1sggZ7Kxjz3w7cpx7GX0NkbWSE9O+T51pNASV
|
||||
tN1sQ3p5M+/a+cnlqgfEGJVvc7iAcXQPa3LEi5h2yPR49QYXAgG6cifn3dDSpmwn
|
||||
SUI7PQECgYEApGCIIpSRPLAEHTGmP87RBL1smurhwmy2s/pghkvUkWehtxg0sGHh
|
||||
kuaqDWcskogv+QC0sVdytiLSz8G0DwcEcsHK1Fkyb8A+ayiw6jWJDo2m9+IF4Fww
|
||||
1Te6jFPYDESnbhq7+TLGgHGhtwcu5cnb4vSuYXGXKupZGzoLOBbv1Zw=
|
||||
-----END RSA PRIVATE KEY-----
|
1289
trunk/3rdparty/openssl-1.1-fit/apps/cms.c
vendored
Normal file
1289
trunk/3rdparty/openssl-1.1-fit/apps/cms.c
vendored
Normal file
File diff suppressed because it is too large
Load diff
342
trunk/3rdparty/openssl-1.1-fit/apps/crl.c
vendored
Normal file
342
trunk/3rdparty/openssl-1.1-fit/apps/crl.c
vendored
Normal file
|
@ -0,0 +1,342 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/x509v3.h>
|
||||
#include <openssl/pem.h>
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
OPT_INFORM, OPT_IN, OPT_OUTFORM, OPT_OUT, OPT_KEYFORM, OPT_KEY,
|
||||
OPT_ISSUER, OPT_LASTUPDATE, OPT_NEXTUPDATE, OPT_FINGERPRINT,
|
||||
OPT_CRLNUMBER, OPT_BADSIG, OPT_GENDELTA, OPT_CAPATH, OPT_CAFILE,
|
||||
OPT_NOCAPATH, OPT_NOCAFILE, OPT_VERIFY, OPT_TEXT, OPT_HASH, OPT_HASH_OLD,
|
||||
OPT_NOOUT, OPT_NAMEOPT, OPT_MD
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS crl_options[] = {
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{"inform", OPT_INFORM, 'F', "Input format; default PEM"},
|
||||
{"in", OPT_IN, '<', "Input file - default stdin"},
|
||||
{"outform", OPT_OUTFORM, 'F', "Output format - default PEM"},
|
||||
{"out", OPT_OUT, '>', "output file - default stdout"},
|
||||
{"keyform", OPT_KEYFORM, 'F', "Private key file format (PEM or ENGINE)"},
|
||||
{"key", OPT_KEY, '<', "CRL signing Private key to use"},
|
||||
{"issuer", OPT_ISSUER, '-', "Print issuer DN"},
|
||||
{"lastupdate", OPT_LASTUPDATE, '-', "Set lastUpdate field"},
|
||||
{"nextupdate", OPT_NEXTUPDATE, '-', "Set nextUpdate field"},
|
||||
{"noout", OPT_NOOUT, '-', "No CRL output"},
|
||||
{"fingerprint", OPT_FINGERPRINT, '-', "Print the crl fingerprint"},
|
||||
{"crlnumber", OPT_CRLNUMBER, '-', "Print CRL number"},
|
||||
{"badsig", OPT_BADSIG, '-', "Corrupt last byte of loaded CRL signature (for test)" },
|
||||
{"gendelta", OPT_GENDELTA, '<', "Other CRL to compare/diff to the Input one"},
|
||||
{"CApath", OPT_CAPATH, '/', "Verify CRL using certificates in dir"},
|
||||
{"CAfile", OPT_CAFILE, '<', "Verify CRL using certificates in file name"},
|
||||
{"no-CAfile", OPT_NOCAFILE, '-',
|
||||
"Do not load the default certificates file"},
|
||||
{"no-CApath", OPT_NOCAPATH, '-',
|
||||
"Do not load certificates from the default certificates directory"},
|
||||
{"verify", OPT_VERIFY, '-', "Verify CRL signature"},
|
||||
{"text", OPT_TEXT, '-', "Print out a text format version"},
|
||||
{"hash", OPT_HASH, '-', "Print hash value"},
|
||||
{"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
|
||||
{"", OPT_MD, '-', "Any supported digest"},
|
||||
#ifndef OPENSSL_NO_MD5
|
||||
{"hash_old", OPT_HASH_OLD, '-', "Print old-style (MD5) hash value"},
|
||||
#endif
|
||||
{NULL}
|
||||
};
|
||||
|
||||
int crl_main(int argc, char **argv)
|
||||
{
|
||||
X509_CRL *x = NULL;
|
||||
BIO *out = NULL;
|
||||
X509_STORE *store = NULL;
|
||||
X509_STORE_CTX *ctx = NULL;
|
||||
X509_LOOKUP *lookup = NULL;
|
||||
X509_OBJECT *xobj = NULL;
|
||||
EVP_PKEY *pkey;
|
||||
const EVP_MD *digest = EVP_sha1();
|
||||
char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL;
|
||||
const char *CAfile = NULL, *CApath = NULL, *prog;
|
||||
OPTION_CHOICE o;
|
||||
int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0;
|
||||
int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM;
|
||||
int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber = 0;
|
||||
int text = 0, do_ver = 0, noCAfile = 0, noCApath = 0;
|
||||
int i;
|
||||
#ifndef OPENSSL_NO_MD5
|
||||
int hash_old = 0;
|
||||
#endif
|
||||
|
||||
prog = opt_init(argc, argv, crl_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF:
|
||||
case OPT_ERR:
|
||||
opthelp:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
case OPT_HELP:
|
||||
opt_help(crl_options);
|
||||
ret = 0;
|
||||
goto end;
|
||||
case OPT_INFORM:
|
||||
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_IN:
|
||||
infile = opt_arg();
|
||||
break;
|
||||
case OPT_OUTFORM:
|
||||
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_OUT:
|
||||
outfile = opt_arg();
|
||||
break;
|
||||
case OPT_KEYFORM:
|
||||
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &keyformat))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_KEY:
|
||||
keyfile = opt_arg();
|
||||
break;
|
||||
case OPT_GENDELTA:
|
||||
crldiff = opt_arg();
|
||||
break;
|
||||
case OPT_CAPATH:
|
||||
CApath = opt_arg();
|
||||
do_ver = 1;
|
||||
break;
|
||||
case OPT_CAFILE:
|
||||
CAfile = opt_arg();
|
||||
do_ver = 1;
|
||||
break;
|
||||
case OPT_NOCAPATH:
|
||||
noCApath = 1;
|
||||
break;
|
||||
case OPT_NOCAFILE:
|
||||
noCAfile = 1;
|
||||
break;
|
||||
case OPT_HASH_OLD:
|
||||
#ifndef OPENSSL_NO_MD5
|
||||
hash_old = ++num;
|
||||
#endif
|
||||
break;
|
||||
case OPT_VERIFY:
|
||||
do_ver = 1;
|
||||
break;
|
||||
case OPT_TEXT:
|
||||
text = 1;
|
||||
break;
|
||||
case OPT_HASH:
|
||||
hash = ++num;
|
||||
break;
|
||||
case OPT_ISSUER:
|
||||
issuer = ++num;
|
||||
break;
|
||||
case OPT_LASTUPDATE:
|
||||
lastupdate = ++num;
|
||||
break;
|
||||
case OPT_NEXTUPDATE:
|
||||
nextupdate = ++num;
|
||||
break;
|
||||
case OPT_NOOUT:
|
||||
noout = ++num;
|
||||
break;
|
||||
case OPT_FINGERPRINT:
|
||||
fingerprint = ++num;
|
||||
break;
|
||||
case OPT_CRLNUMBER:
|
||||
crlnumber = ++num;
|
||||
break;
|
||||
case OPT_BADSIG:
|
||||
badsig = 1;
|
||||
break;
|
||||
case OPT_NAMEOPT:
|
||||
if (!set_nameopt(opt_arg()))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_MD:
|
||||
if (!opt_md(opt_unknown(), &digest))
|
||||
goto opthelp;
|
||||
}
|
||||
}
|
||||
argc = opt_num_rest();
|
||||
if (argc != 0)
|
||||
goto opthelp;
|
||||
|
||||
x = load_crl(infile, informat);
|
||||
if (x == NULL)
|
||||
goto end;
|
||||
|
||||
if (do_ver) {
|
||||
if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL)
|
||||
goto end;
|
||||
lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
|
||||
if (lookup == NULL)
|
||||
goto end;
|
||||
ctx = X509_STORE_CTX_new();
|
||||
if (ctx == NULL || !X509_STORE_CTX_init(ctx, store, NULL, NULL)) {
|
||||
BIO_printf(bio_err, "Error initialising X509 store\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
xobj = X509_STORE_CTX_get_obj_by_subject(ctx, X509_LU_X509,
|
||||
X509_CRL_get_issuer(x));
|
||||
if (xobj == NULL) {
|
||||
BIO_printf(bio_err, "Error getting CRL issuer certificate\n");
|
||||
goto end;
|
||||
}
|
||||
pkey = X509_get_pubkey(X509_OBJECT_get0_X509(xobj));
|
||||
X509_OBJECT_free(xobj);
|
||||
if (!pkey) {
|
||||
BIO_printf(bio_err, "Error getting CRL issuer public key\n");
|
||||
goto end;
|
||||
}
|
||||
i = X509_CRL_verify(x, pkey);
|
||||
EVP_PKEY_free(pkey);
|
||||
if (i < 0)
|
||||
goto end;
|
||||
if (i == 0)
|
||||
BIO_printf(bio_err, "verify failure\n");
|
||||
else
|
||||
BIO_printf(bio_err, "verify OK\n");
|
||||
}
|
||||
|
||||
if (crldiff) {
|
||||
X509_CRL *newcrl, *delta;
|
||||
if (!keyfile) {
|
||||
BIO_puts(bio_err, "Missing CRL signing key\n");
|
||||
goto end;
|
||||
}
|
||||
newcrl = load_crl(crldiff, informat);
|
||||
if (!newcrl)
|
||||
goto end;
|
||||
pkey = load_key(keyfile, keyformat, 0, NULL, NULL, "CRL signing key");
|
||||
if (!pkey) {
|
||||
X509_CRL_free(newcrl);
|
||||
goto end;
|
||||
}
|
||||
delta = X509_CRL_diff(x, newcrl, pkey, digest, 0);
|
||||
X509_CRL_free(newcrl);
|
||||
EVP_PKEY_free(pkey);
|
||||
if (delta) {
|
||||
X509_CRL_free(x);
|
||||
x = delta;
|
||||
} else {
|
||||
BIO_puts(bio_err, "Error creating delta CRL\n");
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if (badsig) {
|
||||
const ASN1_BIT_STRING *sig;
|
||||
|
||||
X509_CRL_get0_signature(x, &sig, NULL);
|
||||
corrupt_signature(sig);
|
||||
}
|
||||
|
||||
if (num) {
|
||||
for (i = 1; i <= num; i++) {
|
||||
if (issuer == i) {
|
||||
print_name(bio_out, "issuer=", X509_CRL_get_issuer(x),
|
||||
get_nameopt());
|
||||
}
|
||||
if (crlnumber == i) {
|
||||
ASN1_INTEGER *crlnum;
|
||||
crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number, NULL, NULL);
|
||||
BIO_printf(bio_out, "crlNumber=");
|
||||
if (crlnum) {
|
||||
i2a_ASN1_INTEGER(bio_out, crlnum);
|
||||
ASN1_INTEGER_free(crlnum);
|
||||
} else
|
||||
BIO_puts(bio_out, "<NONE>");
|
||||
BIO_printf(bio_out, "\n");
|
||||
}
|
||||
if (hash == i) {
|
||||
BIO_printf(bio_out, "%08lx\n",
|
||||
X509_NAME_hash(X509_CRL_get_issuer(x)));
|
||||
}
|
||||
#ifndef OPENSSL_NO_MD5
|
||||
if (hash_old == i) {
|
||||
BIO_printf(bio_out, "%08lx\n",
|
||||
X509_NAME_hash_old(X509_CRL_get_issuer(x)));
|
||||
}
|
||||
#endif
|
||||
if (lastupdate == i) {
|
||||
BIO_printf(bio_out, "lastUpdate=");
|
||||
ASN1_TIME_print(bio_out, X509_CRL_get0_lastUpdate(x));
|
||||
BIO_printf(bio_out, "\n");
|
||||
}
|
||||
if (nextupdate == i) {
|
||||
BIO_printf(bio_out, "nextUpdate=");
|
||||
if (X509_CRL_get0_nextUpdate(x))
|
||||
ASN1_TIME_print(bio_out, X509_CRL_get0_nextUpdate(x));
|
||||
else
|
||||
BIO_printf(bio_out, "NONE");
|
||||
BIO_printf(bio_out, "\n");
|
||||
}
|
||||
if (fingerprint == i) {
|
||||
int j;
|
||||
unsigned int n;
|
||||
unsigned char md[EVP_MAX_MD_SIZE];
|
||||
|
||||
if (!X509_CRL_digest(x, digest, md, &n)) {
|
||||
BIO_printf(bio_err, "out of memory\n");
|
||||
goto end;
|
||||
}
|
||||
BIO_printf(bio_out, "%s Fingerprint=",
|
||||
OBJ_nid2sn(EVP_MD_type(digest)));
|
||||
for (j = 0; j < (int)n; j++) {
|
||||
BIO_printf(bio_out, "%02X%c", md[j], (j + 1 == (int)n)
|
||||
? '\n' : ':');
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
out = bio_open_default(outfile, 'w', outformat);
|
||||
if (out == NULL)
|
||||
goto end;
|
||||
|
||||
if (text)
|
||||
X509_CRL_print_ex(out, x, get_nameopt());
|
||||
|
||||
if (noout) {
|
||||
ret = 0;
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (outformat == FORMAT_ASN1)
|
||||
i = (int)i2d_X509_CRL_bio(out, x);
|
||||
else
|
||||
i = PEM_write_bio_X509_CRL(out, x);
|
||||
if (!i) {
|
||||
BIO_printf(bio_err, "unable to write CRL\n");
|
||||
goto end;
|
||||
}
|
||||
ret = 0;
|
||||
|
||||
end:
|
||||
if (ret != 0)
|
||||
ERR_print_errors(bio_err);
|
||||
BIO_free_all(out);
|
||||
X509_CRL_free(x);
|
||||
X509_STORE_CTX_free(ctx);
|
||||
X509_STORE_free(store);
|
||||
return ret;
|
||||
}
|
217
trunk/3rdparty/openssl-1.1-fit/apps/crl2p7.c
vendored
Normal file
217
trunk/3rdparty/openssl-1.1-fit/apps/crl2p7.c
vendored
Normal file
|
@ -0,0 +1,217 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <sys/types.h>
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pkcs7.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/objects.h>
|
||||
|
||||
static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOCRL, OPT_CERTFILE
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS crl2pkcs7_options[] = {
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
|
||||
{"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
|
||||
{"in", OPT_IN, '<', "Input file"},
|
||||
{"out", OPT_OUT, '>', "Output file"},
|
||||
{"nocrl", OPT_NOCRL, '-', "No crl to load, just certs from '-certfile'"},
|
||||
{"certfile", OPT_CERTFILE, '<',
|
||||
"File of chain of certs to a trusted CA; can be repeated"},
|
||||
{NULL}
|
||||
};
|
||||
|
||||
int crl2pkcs7_main(int argc, char **argv)
|
||||
{
|
||||
BIO *in = NULL, *out = NULL;
|
||||
PKCS7 *p7 = NULL;
|
||||
PKCS7_SIGNED *p7s = NULL;
|
||||
STACK_OF(OPENSSL_STRING) *certflst = NULL;
|
||||
STACK_OF(X509) *cert_stack = NULL;
|
||||
STACK_OF(X509_CRL) *crl_stack = NULL;
|
||||
X509_CRL *crl = NULL;
|
||||
char *infile = NULL, *outfile = NULL, *prog, *certfile;
|
||||
int i = 0, informat = FORMAT_PEM, outformat = FORMAT_PEM, ret = 1, nocrl =
|
||||
0;
|
||||
OPTION_CHOICE o;
|
||||
|
||||
prog = opt_init(argc, argv, crl2pkcs7_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF:
|
||||
case OPT_ERR:
|
||||
opthelp:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
case OPT_HELP:
|
||||
opt_help(crl2pkcs7_options);
|
||||
ret = 0;
|
||||
goto end;
|
||||
case OPT_INFORM:
|
||||
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_OUTFORM:
|
||||
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_IN:
|
||||
infile = opt_arg();
|
||||
break;
|
||||
case OPT_OUT:
|
||||
outfile = opt_arg();
|
||||
break;
|
||||
case OPT_NOCRL:
|
||||
nocrl = 1;
|
||||
break;
|
||||
case OPT_CERTFILE:
|
||||
if ((certflst == NULL)
|
||||
&& (certflst = sk_OPENSSL_STRING_new_null()) == NULL)
|
||||
goto end;
|
||||
if (!sk_OPENSSL_STRING_push(certflst, opt_arg()))
|
||||
goto end;
|
||||
break;
|
||||
}
|
||||
}
|
||||
argc = opt_num_rest();
|
||||
if (argc != 0)
|
||||
goto opthelp;
|
||||
|
||||
if (!nocrl) {
|
||||
in = bio_open_default(infile, 'r', informat);
|
||||
if (in == NULL)
|
||||
goto end;
|
||||
|
||||
if (informat == FORMAT_ASN1)
|
||||
crl = d2i_X509_CRL_bio(in, NULL);
|
||||
else if (informat == FORMAT_PEM)
|
||||
crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
|
||||
if (crl == NULL) {
|
||||
BIO_printf(bio_err, "unable to load CRL\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if ((p7 = PKCS7_new()) == NULL)
|
||||
goto end;
|
||||
if ((p7s = PKCS7_SIGNED_new()) == NULL)
|
||||
goto end;
|
||||
p7->type = OBJ_nid2obj(NID_pkcs7_signed);
|
||||
p7->d.sign = p7s;
|
||||
p7s->contents->type = OBJ_nid2obj(NID_pkcs7_data);
|
||||
|
||||
if (!ASN1_INTEGER_set(p7s->version, 1))
|
||||
goto end;
|
||||
if ((crl_stack = sk_X509_CRL_new_null()) == NULL)
|
||||
goto end;
|
||||
p7s->crl = crl_stack;
|
||||
if (crl != NULL) {
|
||||
sk_X509_CRL_push(crl_stack, crl);
|
||||
crl = NULL; /* now part of p7 for OPENSSL_freeing */
|
||||
}
|
||||
|
||||
if ((cert_stack = sk_X509_new_null()) == NULL)
|
||||
goto end;
|
||||
p7s->cert = cert_stack;
|
||||
|
||||
if (certflst != NULL)
|
||||
for (i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) {
|
||||
certfile = sk_OPENSSL_STRING_value(certflst, i);
|
||||
if (add_certs_from_file(cert_stack, certfile) < 0) {
|
||||
BIO_printf(bio_err, "error loading certificates\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
out = bio_open_default(outfile, 'w', outformat);
|
||||
if (out == NULL)
|
||||
goto end;
|
||||
|
||||
if (outformat == FORMAT_ASN1)
|
||||
i = i2d_PKCS7_bio(out, p7);
|
||||
else if (outformat == FORMAT_PEM)
|
||||
i = PEM_write_bio_PKCS7(out, p7);
|
||||
if (!i) {
|
||||
BIO_printf(bio_err, "unable to write pkcs7 object\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
ret = 0;
|
||||
end:
|
||||
sk_OPENSSL_STRING_free(certflst);
|
||||
BIO_free(in);
|
||||
BIO_free_all(out);
|
||||
PKCS7_free(p7);
|
||||
X509_CRL_free(crl);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*-
|
||||
*----------------------------------------------------------------------
|
||||
* int add_certs_from_file
|
||||
*
|
||||
* Read a list of certificates to be checked from a file.
|
||||
*
|
||||
* Results:
|
||||
* number of certs added if successful, -1 if not.
|
||||
*----------------------------------------------------------------------
|
||||
*/
|
||||
static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
|
||||
{
|
||||
BIO *in = NULL;
|
||||
int count = 0;
|
||||
int ret = -1;
|
||||
STACK_OF(X509_INFO) *sk = NULL;
|
||||
X509_INFO *xi;
|
||||
|
||||
in = BIO_new_file(certfile, "r");
|
||||
if (in == NULL) {
|
||||
BIO_printf(bio_err, "error opening the file, %s\n", certfile);
|
||||
goto end;
|
||||
}
|
||||
|
||||
/* This loads from a file, a stack of x509/crl/pkey sets */
|
||||
sk = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
|
||||
if (sk == NULL) {
|
||||
BIO_printf(bio_err, "error reading the file, %s\n", certfile);
|
||||
goto end;
|
||||
}
|
||||
|
||||
/* scan over it and pull out the CRL's */
|
||||
while (sk_X509_INFO_num(sk)) {
|
||||
xi = sk_X509_INFO_shift(sk);
|
||||
if (xi->x509 != NULL) {
|
||||
sk_X509_push(stack, xi->x509);
|
||||
xi->x509 = NULL;
|
||||
count++;
|
||||
}
|
||||
X509_INFO_free(xi);
|
||||
}
|
||||
|
||||
ret = count;
|
||||
end:
|
||||
/* never need to OPENSSL_free x */
|
||||
BIO_free(in);
|
||||
sk_X509_INFO_free(sk);
|
||||
return ret;
|
||||
}
|
9
trunk/3rdparty/openssl-1.1-fit/apps/ct_log_list.cnf
vendored
Normal file
9
trunk/3rdparty/openssl-1.1-fit/apps/ct_log_list.cnf
vendored
Normal file
|
@ -0,0 +1,9 @@
|
|||
# This file specifies the Certificate Transparency logs
|
||||
# that are to be trusted.
|
||||
|
||||
# Google's list of logs can be found here:
|
||||
# www.certificate-transparency.org/known-logs
|
||||
# A Python program to convert the log list to OpenSSL's format can be
|
||||
# found here:
|
||||
# https://github.com/google/certificate-transparency/blob/master/python/utilities/log_list/print_log_list.py
|
||||
# Use the "--openssl_output" flag.
|
6
trunk/3rdparty/openssl-1.1-fit/apps/demoSRP/srp_verifier.txt
vendored
Normal file
6
trunk/3rdparty/openssl-1.1-fit/apps/demoSRP/srp_verifier.txt
vendored
Normal file
|
@ -0,0 +1,6 @@
|
|||
# This is a file that will be filled by the openssl srp routine.
|
||||
# You can initialize the file with additional groups, these are
|
||||
# records starting with a I followed by the g and N values and the id.
|
||||
# The exact values ... you have to dig this out from the source of srp.c
|
||||
# or srp_vfy.c
|
||||
# The last value of an I is used as the default group for new users.
|
1
trunk/3rdparty/openssl-1.1-fit/apps/demoSRP/srp_verifier.txt.attr
vendored
Normal file
1
trunk/3rdparty/openssl-1.1-fit/apps/demoSRP/srp_verifier.txt.attr
vendored
Normal file
|
@ -0,0 +1 @@
|
|||
unique_subject = yes
|
492
trunk/3rdparty/openssl-1.1-fit/apps/dgst.c
vendored
Normal file
492
trunk/3rdparty/openssl-1.1-fit/apps/dgst.c
vendored
Normal file
|
@ -0,0 +1,492 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/hmac.h>
|
||||
|
||||
#undef BUFSIZE
|
||||
#define BUFSIZE 1024*8
|
||||
|
||||
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
|
||||
EVP_PKEY *key, unsigned char *sigin, int siglen,
|
||||
const char *sig_name, const char *md_name,
|
||||
const char *file);
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
OPT_C, OPT_R, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY,
|
||||
OPT_PRVERIFY, OPT_SIGNATURE, OPT_KEYFORM, OPT_ENGINE, OPT_ENGINE_IMPL,
|
||||
OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT,
|
||||
OPT_HMAC, OPT_MAC, OPT_SIGOPT, OPT_MACOPT,
|
||||
OPT_DIGEST,
|
||||
OPT_R_ENUM
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS dgst_options[] = {
|
||||
{OPT_HELP_STR, 1, '-', "Usage: %s [options] [file...]\n"},
|
||||
{OPT_HELP_STR, 1, '-',
|
||||
" file... files to digest (default is stdin)\n"},
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{"c", OPT_C, '-', "Print the digest with separating colons"},
|
||||
{"r", OPT_R, '-', "Print the digest in coreutils format"},
|
||||
{"out", OPT_OUT, '>', "Output to filename rather than stdout"},
|
||||
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
|
||||
{"sign", OPT_SIGN, 's', "Sign digest using private key"},
|
||||
{"verify", OPT_VERIFY, 's',
|
||||
"Verify a signature using public key"},
|
||||
{"prverify", OPT_PRVERIFY, 's',
|
||||
"Verify a signature using private key"},
|
||||
{"signature", OPT_SIGNATURE, '<', "File with signature to verify"},
|
||||
{"keyform", OPT_KEYFORM, 'f', "Key file format (PEM or ENGINE)"},
|
||||
{"hex", OPT_HEX, '-', "Print as hex dump"},
|
||||
{"binary", OPT_BINARY, '-', "Print in binary form"},
|
||||
{"d", OPT_DEBUG, '-', "Print debug info"},
|
||||
{"debug", OPT_DEBUG, '-', "Print debug info"},
|
||||
{"fips-fingerprint", OPT_FIPS_FINGERPRINT, '-',
|
||||
"Compute HMAC with the key used in OpenSSL-FIPS fingerprint"},
|
||||
{"hmac", OPT_HMAC, 's', "Create hashed MAC with key"},
|
||||
{"mac", OPT_MAC, 's', "Create MAC (not necessarily HMAC)"},
|
||||
{"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
|
||||
{"macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key"},
|
||||
{"", OPT_DIGEST, '-', "Any supported digest"},
|
||||
OPT_R_OPTIONS,
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
|
||||
{"engine_impl", OPT_ENGINE_IMPL, '-',
|
||||
"Also use engine given by -engine for digest operations"},
|
||||
#endif
|
||||
{NULL}
|
||||
};
|
||||
|
||||
int dgst_main(int argc, char **argv)
|
||||
{
|
||||
BIO *in = NULL, *inp, *bmd = NULL, *out = NULL;
|
||||
ENGINE *e = NULL, *impl = NULL;
|
||||
EVP_PKEY *sigkey = NULL;
|
||||
STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL;
|
||||
char *hmac_key = NULL;
|
||||
char *mac_name = NULL;
|
||||
char *passinarg = NULL, *passin = NULL;
|
||||
const EVP_MD *md = NULL, *m;
|
||||
const char *outfile = NULL, *keyfile = NULL, *prog = NULL;
|
||||
const char *sigfile = NULL;
|
||||
OPTION_CHOICE o;
|
||||
int separator = 0, debug = 0, keyform = FORMAT_PEM, siglen = 0;
|
||||
int i, ret = 1, out_bin = -1, want_pub = 0, do_verify = 0;
|
||||
unsigned char *buf = NULL, *sigbuf = NULL;
|
||||
int engine_impl = 0;
|
||||
|
||||
prog = opt_progname(argv[0]);
|
||||
buf = app_malloc(BUFSIZE, "I/O buffer");
|
||||
md = EVP_get_digestbyname(prog);
|
||||
|
||||
prog = opt_init(argc, argv, dgst_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF:
|
||||
case OPT_ERR:
|
||||
opthelp:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
case OPT_HELP:
|
||||
opt_help(dgst_options);
|
||||
ret = 0;
|
||||
goto end;
|
||||
case OPT_C:
|
||||
separator = 1;
|
||||
break;
|
||||
case OPT_R:
|
||||
separator = 2;
|
||||
break;
|
||||
case OPT_R_CASES:
|
||||
if (!opt_rand(o))
|
||||
goto end;
|
||||
break;
|
||||
case OPT_OUT:
|
||||
outfile = opt_arg();
|
||||
break;
|
||||
case OPT_SIGN:
|
||||
keyfile = opt_arg();
|
||||
break;
|
||||
case OPT_PASSIN:
|
||||
passinarg = opt_arg();
|
||||
break;
|
||||
case OPT_VERIFY:
|
||||
keyfile = opt_arg();
|
||||
want_pub = do_verify = 1;
|
||||
break;
|
||||
case OPT_PRVERIFY:
|
||||
keyfile = opt_arg();
|
||||
do_verify = 1;
|
||||
break;
|
||||
case OPT_SIGNATURE:
|
||||
sigfile = opt_arg();
|
||||
break;
|
||||
case OPT_KEYFORM:
|
||||
if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_ENGINE:
|
||||
e = setup_engine(opt_arg(), 0);
|
||||
break;
|
||||
case OPT_ENGINE_IMPL:
|
||||
engine_impl = 1;
|
||||
break;
|
||||
case OPT_HEX:
|
||||
out_bin = 0;
|
||||
break;
|
||||
case OPT_BINARY:
|
||||
out_bin = 1;
|
||||
break;
|
||||
case OPT_DEBUG:
|
||||
debug = 1;
|
||||
break;
|
||||
case OPT_FIPS_FINGERPRINT:
|
||||
hmac_key = "etaonrishdlcupfm";
|
||||
break;
|
||||
case OPT_HMAC:
|
||||
hmac_key = opt_arg();
|
||||
break;
|
||||
case OPT_MAC:
|
||||
mac_name = opt_arg();
|
||||
break;
|
||||
case OPT_SIGOPT:
|
||||
if (!sigopts)
|
||||
sigopts = sk_OPENSSL_STRING_new_null();
|
||||
if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg()))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_MACOPT:
|
||||
if (!macopts)
|
||||
macopts = sk_OPENSSL_STRING_new_null();
|
||||
if (!macopts || !sk_OPENSSL_STRING_push(macopts, opt_arg()))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_DIGEST:
|
||||
if (!opt_md(opt_unknown(), &m))
|
||||
goto opthelp;
|
||||
md = m;
|
||||
break;
|
||||
}
|
||||
}
|
||||
argc = opt_num_rest();
|
||||
argv = opt_rest();
|
||||
if (keyfile != NULL && argc > 1) {
|
||||
BIO_printf(bio_err, "%s: Can only sign or verify one file.\n", prog);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (do_verify && sigfile == NULL) {
|
||||
BIO_printf(bio_err,
|
||||
"No signature to verify: use the -signature option\n");
|
||||
goto end;
|
||||
}
|
||||
if (engine_impl)
|
||||
impl = e;
|
||||
|
||||
in = BIO_new(BIO_s_file());
|
||||
bmd = BIO_new(BIO_f_md());
|
||||
if ((in == NULL) || (bmd == NULL)) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (debug) {
|
||||
BIO_set_callback(in, BIO_debug_callback);
|
||||
/* needed for windows 3.1 */
|
||||
BIO_set_callback_arg(in, (char *)bio_err);
|
||||
}
|
||||
|
||||
if (!app_passwd(passinarg, NULL, &passin, NULL)) {
|
||||
BIO_printf(bio_err, "Error getting password\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (out_bin == -1) {
|
||||
if (keyfile != NULL)
|
||||
out_bin = 1;
|
||||
else
|
||||
out_bin = 0;
|
||||
}
|
||||
|
||||
out = bio_open_default(outfile, 'w', out_bin ? FORMAT_BINARY : FORMAT_TEXT);
|
||||
if (out == NULL)
|
||||
goto end;
|
||||
|
||||
if ((!(mac_name == NULL) + !(keyfile == NULL) + !(hmac_key == NULL)) > 1) {
|
||||
BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (keyfile != NULL) {
|
||||
int type;
|
||||
|
||||
if (want_pub)
|
||||
sigkey = load_pubkey(keyfile, keyform, 0, NULL, e, "key file");
|
||||
else
|
||||
sigkey = load_key(keyfile, keyform, 0, passin, e, "key file");
|
||||
if (sigkey == NULL) {
|
||||
/*
|
||||
* load_[pub]key() has already printed an appropriate message
|
||||
*/
|
||||
goto end;
|
||||
}
|
||||
type = EVP_PKEY_id(sigkey);
|
||||
if (type == EVP_PKEY_ED25519 || type == EVP_PKEY_ED448) {
|
||||
/*
|
||||
* We implement PureEdDSA for these which doesn't have a separate
|
||||
* digest, and only supports one shot.
|
||||
*/
|
||||
BIO_printf(bio_err, "Key type not supported for this operation\n");
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if (mac_name != NULL) {
|
||||
EVP_PKEY_CTX *mac_ctx = NULL;
|
||||
int r = 0;
|
||||
if (!init_gen_str(&mac_ctx, mac_name, impl, 0))
|
||||
goto mac_end;
|
||||
if (macopts != NULL) {
|
||||
char *macopt;
|
||||
for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) {
|
||||
macopt = sk_OPENSSL_STRING_value(macopts, i);
|
||||
if (pkey_ctrl_string(mac_ctx, macopt) <= 0) {
|
||||
BIO_printf(bio_err,
|
||||
"MAC parameter error \"%s\"\n", macopt);
|
||||
ERR_print_errors(bio_err);
|
||||
goto mac_end;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (EVP_PKEY_keygen(mac_ctx, &sigkey) <= 0) {
|
||||
BIO_puts(bio_err, "Error generating key\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto mac_end;
|
||||
}
|
||||
r = 1;
|
||||
mac_end:
|
||||
EVP_PKEY_CTX_free(mac_ctx);
|
||||
if (r == 0)
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (hmac_key != NULL) {
|
||||
sigkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, impl,
|
||||
(unsigned char *)hmac_key, -1);
|
||||
if (sigkey == NULL)
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (sigkey != NULL) {
|
||||
EVP_MD_CTX *mctx = NULL;
|
||||
EVP_PKEY_CTX *pctx = NULL;
|
||||
int r;
|
||||
if (!BIO_get_md_ctx(bmd, &mctx)) {
|
||||
BIO_printf(bio_err, "Error getting context\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
if (do_verify)
|
||||
r = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey);
|
||||
else
|
||||
r = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey);
|
||||
if (!r) {
|
||||
BIO_printf(bio_err, "Error setting context\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
if (sigopts != NULL) {
|
||||
char *sigopt;
|
||||
for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {
|
||||
sigopt = sk_OPENSSL_STRING_value(sigopts, i);
|
||||
if (pkey_ctrl_string(pctx, sigopt) <= 0) {
|
||||
BIO_printf(bio_err, "parameter error \"%s\"\n", sigopt);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
/* we use md as a filter, reading from 'in' */
|
||||
else {
|
||||
EVP_MD_CTX *mctx = NULL;
|
||||
if (!BIO_get_md_ctx(bmd, &mctx)) {
|
||||
BIO_printf(bio_err, "Error getting context\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
if (md == NULL)
|
||||
md = EVP_sha256();
|
||||
if (!EVP_DigestInit_ex(mctx, md, impl)) {
|
||||
BIO_printf(bio_err, "Error setting digest\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if (sigfile != NULL && sigkey != NULL) {
|
||||
BIO *sigbio = BIO_new_file(sigfile, "rb");
|
||||
if (sigbio == NULL) {
|
||||
BIO_printf(bio_err, "Error opening signature file %s\n", sigfile);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
siglen = EVP_PKEY_size(sigkey);
|
||||
sigbuf = app_malloc(siglen, "signature buffer");
|
||||
siglen = BIO_read(sigbio, sigbuf, siglen);
|
||||
BIO_free(sigbio);
|
||||
if (siglen <= 0) {
|
||||
BIO_printf(bio_err, "Error reading signature file %s\n", sigfile);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
inp = BIO_push(bmd, in);
|
||||
|
||||
if (md == NULL) {
|
||||
EVP_MD_CTX *tctx;
|
||||
BIO_get_md_ctx(bmd, &tctx);
|
||||
md = EVP_MD_CTX_md(tctx);
|
||||
}
|
||||
|
||||
if (argc == 0) {
|
||||
BIO_set_fp(in, stdin, BIO_NOCLOSE);
|
||||
ret = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
|
||||
siglen, NULL, NULL, "stdin");
|
||||
} else {
|
||||
const char *md_name = NULL, *sig_name = NULL;
|
||||
if (!out_bin) {
|
||||
if (sigkey != NULL) {
|
||||
const EVP_PKEY_ASN1_METHOD *ameth;
|
||||
ameth = EVP_PKEY_get0_asn1(sigkey);
|
||||
if (ameth)
|
||||
EVP_PKEY_asn1_get0_info(NULL, NULL,
|
||||
NULL, NULL, &sig_name, ameth);
|
||||
}
|
||||
if (md != NULL)
|
||||
md_name = EVP_MD_name(md);
|
||||
}
|
||||
ret = 0;
|
||||
for (i = 0; i < argc; i++) {
|
||||
int r;
|
||||
if (BIO_read_filename(in, argv[i]) <= 0) {
|
||||
perror(argv[i]);
|
||||
ret++;
|
||||
continue;
|
||||
} else {
|
||||
r = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
|
||||
siglen, sig_name, md_name, argv[i]);
|
||||
}
|
||||
if (r)
|
||||
ret = r;
|
||||
(void)BIO_reset(bmd);
|
||||
}
|
||||
}
|
||||
end:
|
||||
OPENSSL_clear_free(buf, BUFSIZE);
|
||||
BIO_free(in);
|
||||
OPENSSL_free(passin);
|
||||
BIO_free_all(out);
|
||||
EVP_PKEY_free(sigkey);
|
||||
sk_OPENSSL_STRING_free(sigopts);
|
||||
sk_OPENSSL_STRING_free(macopts);
|
||||
OPENSSL_free(sigbuf);
|
||||
BIO_free(bmd);
|
||||
release_engine(e);
|
||||
return ret;
|
||||
}
|
||||
|
||||
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
|
||||
EVP_PKEY *key, unsigned char *sigin, int siglen,
|
||||
const char *sig_name, const char *md_name,
|
||||
const char *file)
|
||||
{
|
||||
size_t len;
|
||||
int i;
|
||||
|
||||
for (;;) {
|
||||
i = BIO_read(bp, (char *)buf, BUFSIZE);
|
||||
if (i < 0) {
|
||||
BIO_printf(bio_err, "Read Error in %s\n", file);
|
||||
ERR_print_errors(bio_err);
|
||||
return 1;
|
||||
}
|
||||
if (i == 0)
|
||||
break;
|
||||
}
|
||||
if (sigin != NULL) {
|
||||
EVP_MD_CTX *ctx;
|
||||
BIO_get_md_ctx(bp, &ctx);
|
||||
i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int)siglen);
|
||||
if (i > 0) {
|
||||
BIO_printf(out, "Verified OK\n");
|
||||
} else if (i == 0) {
|
||||
BIO_printf(out, "Verification Failure\n");
|
||||
return 1;
|
||||
} else {
|
||||
BIO_printf(bio_err, "Error Verifying Data\n");
|
||||
ERR_print_errors(bio_err);
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
if (key != NULL) {
|
||||
EVP_MD_CTX *ctx;
|
||||
BIO_get_md_ctx(bp, &ctx);
|
||||
len = BUFSIZE;
|
||||
if (!EVP_DigestSignFinal(ctx, buf, &len)) {
|
||||
BIO_printf(bio_err, "Error Signing Data\n");
|
||||
ERR_print_errors(bio_err);
|
||||
return 1;
|
||||
}
|
||||
} else {
|
||||
len = BIO_gets(bp, (char *)buf, BUFSIZE);
|
||||
if ((int)len < 0) {
|
||||
ERR_print_errors(bio_err);
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
if (binout) {
|
||||
BIO_write(out, buf, len);
|
||||
} else if (sep == 2) {
|
||||
for (i = 0; i < (int)len; i++)
|
||||
BIO_printf(out, "%02x", buf[i]);
|
||||
BIO_printf(out, " *%s\n", file);
|
||||
} else {
|
||||
if (sig_name != NULL) {
|
||||
BIO_puts(out, sig_name);
|
||||
if (md_name != NULL)
|
||||
BIO_printf(out, "-%s", md_name);
|
||||
BIO_printf(out, "(%s)= ", file);
|
||||
} else if (md_name != NULL) {
|
||||
BIO_printf(out, "%s(%s)= ", md_name, file);
|
||||
} else {
|
||||
BIO_printf(out, "(%s)= ", file);
|
||||
}
|
||||
for (i = 0; i < (int)len; i++) {
|
||||
if (sep && (i != 0))
|
||||
BIO_printf(out, ":");
|
||||
BIO_printf(out, "%02x", buf[i]);
|
||||
}
|
||||
BIO_printf(out, "\n");
|
||||
}
|
||||
return 0;
|
||||
}
|
10
trunk/3rdparty/openssl-1.1-fit/apps/dh1024.pem
vendored
Normal file
10
trunk/3rdparty/openssl-1.1-fit/apps/dh1024.pem
vendored
Normal file
|
@ -0,0 +1,10 @@
|
|||
-----BEGIN DH PARAMETERS-----
|
||||
MIGHAoGBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJR
|
||||
Sgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL
|
||||
/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgEC
|
||||
-----END DH PARAMETERS-----
|
||||
|
||||
These are the 1024-bit DH parameters from "Internet Key Exchange
|
||||
Protocol Version 2 (IKEv2)": https://tools.ietf.org/html/rfc5996
|
||||
|
||||
See https://tools.ietf.org/html/rfc2412 for how they were generated.
|
14
trunk/3rdparty/openssl-1.1-fit/apps/dh2048.pem
vendored
Normal file
14
trunk/3rdparty/openssl-1.1-fit/apps/dh2048.pem
vendored
Normal file
|
@ -0,0 +1,14 @@
|
|||
-----BEGIN DH PARAMETERS-----
|
||||
MIIBCAKCAQEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb
|
||||
IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft
|
||||
awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT
|
||||
mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh
|
||||
fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq
|
||||
5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAg==
|
||||
-----END DH PARAMETERS-----
|
||||
|
||||
These are the 2048-bit DH parameters from "More Modular Exponential
|
||||
(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)":
|
||||
https://tools.ietf.org/html/rfc3526
|
||||
|
||||
See https://tools.ietf.org/html/rfc2412 for how they were generated.
|
19
trunk/3rdparty/openssl-1.1-fit/apps/dh4096.pem
vendored
Normal file
19
trunk/3rdparty/openssl-1.1-fit/apps/dh4096.pem
vendored
Normal file
|
@ -0,0 +1,19 @@
|
|||
-----BEGIN DH PARAMETERS-----
|
||||
MIICCAKCAgEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb
|
||||
IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft
|
||||
awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT
|
||||
mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh
|
||||
fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq
|
||||
5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM
|
||||
fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq
|
||||
ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI
|
||||
ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O
|
||||
+S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI
|
||||
HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0BjGZ//////////8CAQI=
|
||||
-----END DH PARAMETERS-----
|
||||
|
||||
These are the 4096-bit DH parameters from "More Modular Exponential
|
||||
(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)":
|
||||
https://tools.ietf.org/html/rfc3526
|
||||
|
||||
See https://tools.ietf.org/html/rfc2412 for how they were generated.
|
379
trunk/3rdparty/openssl-1.1-fit/apps/dhparam.c
vendored
Normal file
379
trunk/3rdparty/openssl-1.1-fit/apps/dhparam.c
vendored
Normal file
|
@ -0,0 +1,379 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <openssl/opensslconf.h>
|
||||
#ifdef OPENSSL_NO_DH
|
||||
NON_EMPTY_TRANSLATION_UNIT
|
||||
#else
|
||||
|
||||
# include <stdio.h>
|
||||
# include <stdlib.h>
|
||||
# include <time.h>
|
||||
# include <string.h>
|
||||
# include "apps.h"
|
||||
# include "progs.h"
|
||||
# include <openssl/bio.h>
|
||||
# include <openssl/err.h>
|
||||
# include <openssl/bn.h>
|
||||
# include <openssl/dh.h>
|
||||
# include <openssl/x509.h>
|
||||
# include <openssl/pem.h>
|
||||
|
||||
# ifndef OPENSSL_NO_DSA
|
||||
# include <openssl/dsa.h>
|
||||
# endif
|
||||
|
||||
# define DEFBITS 2048
|
||||
|
||||
static int dh_cb(int p, int n, BN_GENCB *cb);
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT,
|
||||
OPT_ENGINE, OPT_CHECK, OPT_TEXT, OPT_NOOUT,
|
||||
OPT_DSAPARAM, OPT_C, OPT_2, OPT_5,
|
||||
OPT_R_ENUM
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS dhparam_options[] = {
|
||||
{OPT_HELP_STR, 1, '-', "Usage: %s [flags] [numbits]\n"},
|
||||
{OPT_HELP_STR, 1, '-', "Valid options are:\n"},
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{"in", OPT_IN, '<', "Input file"},
|
||||
{"inform", OPT_INFORM, 'F', "Input format, DER or PEM"},
|
||||
{"outform", OPT_OUTFORM, 'F', "Output format, DER or PEM"},
|
||||
{"out", OPT_OUT, '>', "Output file"},
|
||||
{"check", OPT_CHECK, '-', "Check the DH parameters"},
|
||||
{"text", OPT_TEXT, '-', "Print a text form of the DH parameters"},
|
||||
{"noout", OPT_NOOUT, '-', "Don't output any DH parameters"},
|
||||
OPT_R_OPTIONS,
|
||||
{"C", OPT_C, '-', "Print C code"},
|
||||
{"2", OPT_2, '-', "Generate parameters using 2 as the generator value"},
|
||||
{"5", OPT_5, '-', "Generate parameters using 5 as the generator value"},
|
||||
# ifndef OPENSSL_NO_DSA
|
||||
{"dsaparam", OPT_DSAPARAM, '-',
|
||||
"Read or generate DSA parameters, convert to DH"},
|
||||
# endif
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
|
||||
# endif
|
||||
{NULL}
|
||||
};
|
||||
|
||||
int dhparam_main(int argc, char **argv)
|
||||
{
|
||||
BIO *in = NULL, *out = NULL;
|
||||
DH *dh = NULL;
|
||||
char *infile = NULL, *outfile = NULL, *prog;
|
||||
ENGINE *e = NULL;
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
int dsaparam = 0;
|
||||
#endif
|
||||
int i, text = 0, C = 0, ret = 1, num = 0, g = 0;
|
||||
int informat = FORMAT_PEM, outformat = FORMAT_PEM, check = 0, noout = 0;
|
||||
OPTION_CHOICE o;
|
||||
|
||||
prog = opt_init(argc, argv, dhparam_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF:
|
||||
case OPT_ERR:
|
||||
opthelp:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
case OPT_HELP:
|
||||
opt_help(dhparam_options);
|
||||
ret = 0;
|
||||
goto end;
|
||||
case OPT_INFORM:
|
||||
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_OUTFORM:
|
||||
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_IN:
|
||||
infile = opt_arg();
|
||||
break;
|
||||
case OPT_OUT:
|
||||
outfile = opt_arg();
|
||||
break;
|
||||
case OPT_ENGINE:
|
||||
e = setup_engine(opt_arg(), 0);
|
||||
break;
|
||||
case OPT_CHECK:
|
||||
check = 1;
|
||||
break;
|
||||
case OPT_TEXT:
|
||||
text = 1;
|
||||
break;
|
||||
case OPT_DSAPARAM:
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
dsaparam = 1;
|
||||
#endif
|
||||
break;
|
||||
case OPT_C:
|
||||
C = 1;
|
||||
break;
|
||||
case OPT_2:
|
||||
g = 2;
|
||||
break;
|
||||
case OPT_5:
|
||||
g = 5;
|
||||
break;
|
||||
case OPT_NOOUT:
|
||||
noout = 1;
|
||||
break;
|
||||
case OPT_R_CASES:
|
||||
if (!opt_rand(o))
|
||||
goto end;
|
||||
break;
|
||||
}
|
||||
}
|
||||
argc = opt_num_rest();
|
||||
argv = opt_rest();
|
||||
|
||||
if (argv[0] != NULL && (!opt_int(argv[0], &num) || num <= 0))
|
||||
goto end;
|
||||
|
||||
if (g && !num)
|
||||
num = DEFBITS;
|
||||
|
||||
# ifndef OPENSSL_NO_DSA
|
||||
if (dsaparam && g) {
|
||||
BIO_printf(bio_err,
|
||||
"generator may not be chosen for DSA parameters\n");
|
||||
goto end;
|
||||
}
|
||||
# endif
|
||||
|
||||
out = bio_open_default(outfile, 'w', outformat);
|
||||
if (out == NULL)
|
||||
goto end;
|
||||
|
||||
/* DH parameters */
|
||||
if (num && !g)
|
||||
g = 2;
|
||||
|
||||
if (num) {
|
||||
|
||||
BN_GENCB *cb;
|
||||
cb = BN_GENCB_new();
|
||||
if (cb == NULL) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
BN_GENCB_set(cb, dh_cb, bio_err);
|
||||
|
||||
# ifndef OPENSSL_NO_DSA
|
||||
if (dsaparam) {
|
||||
DSA *dsa = DSA_new();
|
||||
|
||||
BIO_printf(bio_err,
|
||||
"Generating DSA parameters, %d bit long prime\n", num);
|
||||
if (dsa == NULL
|
||||
|| !DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL,
|
||||
cb)) {
|
||||
DSA_free(dsa);
|
||||
BN_GENCB_free(cb);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
dh = DSA_dup_DH(dsa);
|
||||
DSA_free(dsa);
|
||||
if (dh == NULL) {
|
||||
BN_GENCB_free(cb);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
} else
|
||||
# endif
|
||||
{
|
||||
dh = DH_new();
|
||||
BIO_printf(bio_err,
|
||||
"Generating DH parameters, %d bit long safe prime, generator %d\n",
|
||||
num, g);
|
||||
BIO_printf(bio_err, "This is going to take a long time\n");
|
||||
if (dh == NULL || !DH_generate_parameters_ex(dh, num, g, cb)) {
|
||||
BN_GENCB_free(cb);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
BN_GENCB_free(cb);
|
||||
} else {
|
||||
|
||||
in = bio_open_default(infile, 'r', informat);
|
||||
if (in == NULL)
|
||||
goto end;
|
||||
|
||||
# ifndef OPENSSL_NO_DSA
|
||||
if (dsaparam) {
|
||||
DSA *dsa;
|
||||
|
||||
if (informat == FORMAT_ASN1)
|
||||
dsa = d2i_DSAparams_bio(in, NULL);
|
||||
else /* informat == FORMAT_PEM */
|
||||
dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL);
|
||||
|
||||
if (dsa == NULL) {
|
||||
BIO_printf(bio_err, "unable to load DSA parameters\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
dh = DSA_dup_DH(dsa);
|
||||
DSA_free(dsa);
|
||||
if (dh == NULL) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
} else
|
||||
# endif
|
||||
{
|
||||
if (informat == FORMAT_ASN1) {
|
||||
/*
|
||||
* We have no PEM header to determine what type of DH params it
|
||||
* is. We'll just try both.
|
||||
*/
|
||||
dh = d2i_DHparams_bio(in, NULL);
|
||||
/* BIO_reset() returns 0 for success for file BIOs only!!! */
|
||||
if (dh == NULL && BIO_reset(in) == 0)
|
||||
dh = d2i_DHxparams_bio(in, NULL);
|
||||
} else {
|
||||
/* informat == FORMAT_PEM */
|
||||
dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
|
||||
}
|
||||
|
||||
if (dh == NULL) {
|
||||
BIO_printf(bio_err, "unable to load DH parameters\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
/* dh != NULL */
|
||||
}
|
||||
|
||||
if (text) {
|
||||
DHparams_print(out, dh);
|
||||
}
|
||||
|
||||
if (check) {
|
||||
if (!DH_check(dh, &i)) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
if (i & DH_CHECK_P_NOT_PRIME)
|
||||
BIO_printf(bio_err, "WARNING: p value is not prime\n");
|
||||
if (i & DH_CHECK_P_NOT_SAFE_PRIME)
|
||||
BIO_printf(bio_err, "WARNING: p value is not a safe prime\n");
|
||||
if (i & DH_CHECK_Q_NOT_PRIME)
|
||||
BIO_printf(bio_err, "WARNING: q value is not a prime\n");
|
||||
if (i & DH_CHECK_INVALID_Q_VALUE)
|
||||
BIO_printf(bio_err, "WARNING: q value is invalid\n");
|
||||
if (i & DH_CHECK_INVALID_J_VALUE)
|
||||
BIO_printf(bio_err, "WARNING: j value is invalid\n");
|
||||
if (i & DH_UNABLE_TO_CHECK_GENERATOR)
|
||||
BIO_printf(bio_err,
|
||||
"WARNING: unable to check the generator value\n");
|
||||
if (i & DH_NOT_SUITABLE_GENERATOR)
|
||||
BIO_printf(bio_err, "WARNING: the g value is not a generator\n");
|
||||
if (i == 0)
|
||||
BIO_printf(bio_err, "DH parameters appear to be ok.\n");
|
||||
if (num != 0 && i != 0) {
|
||||
/*
|
||||
* We have generated parameters but DH_check() indicates they are
|
||||
* invalid! This should never happen!
|
||||
*/
|
||||
BIO_printf(bio_err, "ERROR: Invalid parameters generated\n");
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
if (C) {
|
||||
unsigned char *data;
|
||||
int len, bits;
|
||||
const BIGNUM *pbn, *gbn;
|
||||
|
||||
len = DH_size(dh);
|
||||
bits = DH_bits(dh);
|
||||
DH_get0_pqg(dh, &pbn, NULL, &gbn);
|
||||
data = app_malloc(len, "print a BN");
|
||||
|
||||
BIO_printf(out, "static DH *get_dh%d(void)\n{\n", bits);
|
||||
print_bignum_var(out, pbn, "dhp", bits, data);
|
||||
print_bignum_var(out, gbn, "dhg", bits, data);
|
||||
BIO_printf(out, " DH *dh = DH_new();\n"
|
||||
" BIGNUM *p, *g;\n"
|
||||
"\n"
|
||||
" if (dh == NULL)\n"
|
||||
" return NULL;\n");
|
||||
BIO_printf(out, " p = BN_bin2bn(dhp_%d, sizeof(dhp_%d), NULL);\n",
|
||||
bits, bits);
|
||||
BIO_printf(out, " g = BN_bin2bn(dhg_%d, sizeof(dhg_%d), NULL);\n",
|
||||
bits, bits);
|
||||
BIO_printf(out, " if (p == NULL || g == NULL\n"
|
||||
" || !DH_set0_pqg(dh, p, NULL, g)) {\n"
|
||||
" DH_free(dh);\n"
|
||||
" BN_free(p);\n"
|
||||
" BN_free(g);\n"
|
||||
" return NULL;\n"
|
||||
" }\n");
|
||||
if (DH_get_length(dh) > 0)
|
||||
BIO_printf(out,
|
||||
" if (!DH_set_length(dh, %ld)) {\n"
|
||||
" DH_free(dh);\n"
|
||||
" return NULL;\n"
|
||||
" }\n", DH_get_length(dh));
|
||||
BIO_printf(out, " return dh;\n}\n");
|
||||
OPENSSL_free(data);
|
||||
}
|
||||
|
||||
if (!noout) {
|
||||
const BIGNUM *q;
|
||||
DH_get0_pqg(dh, NULL, &q, NULL);
|
||||
if (outformat == FORMAT_ASN1) {
|
||||
if (q != NULL)
|
||||
i = i2d_DHxparams_bio(out, dh);
|
||||
else
|
||||
i = i2d_DHparams_bio(out, dh);
|
||||
} else if (q != NULL) {
|
||||
i = PEM_write_bio_DHxparams(out, dh);
|
||||
} else {
|
||||
i = PEM_write_bio_DHparams(out, dh);
|
||||
}
|
||||
if (!i) {
|
||||
BIO_printf(bio_err, "unable to write DH parameters\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
ret = 0;
|
||||
end:
|
||||
BIO_free(in);
|
||||
BIO_free_all(out);
|
||||
DH_free(dh);
|
||||
release_engine(e);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int dh_cb(int p, int n, BN_GENCB *cb)
|
||||
{
|
||||
static const char symbols[] = ".+*\n";
|
||||
char c = (p >= 0 && (size_t)p < sizeof(symbols) - 1) ? symbols[p] : '?';
|
||||
|
||||
BIO_write(BN_GENCB_get_arg(cb), &c, 1);
|
||||
(void)BIO_flush(BN_GENCB_get_arg(cb));
|
||||
return 1;
|
||||
}
|
||||
#endif
|
47
trunk/3rdparty/openssl-1.1-fit/apps/dsa-ca.pem
vendored
Normal file
47
trunk/3rdparty/openssl-1.1-fit/apps/dsa-ca.pem
vendored
Normal file
|
@ -0,0 +1,47 @@
|
|||
-----BEGIN DSA PRIVATE KEY-----
|
||||
MIIBugIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
|
||||
PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
|
||||
u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
|
||||
Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
|
||||
hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
|
||||
SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
|
||||
Mu0OArgCgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuHvSLw9YUrJahcBHmbpvt4
|
||||
94lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUqAylOVFJJJXuirVJ+o+0T
|
||||
tOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u3enxhqnDGQIUB78dhW77
|
||||
J6zsFbSEHaQGUmfSeoM=
|
||||
-----END DSA PRIVATE KEY-----
|
||||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIICVjCCAhMCAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
|
||||
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAwwCQ0Ew
|
||||
ggG2MIIBKwYHKoZIzjgEATCCAR4CgYEApz9uhb9Bail98J9HGTCQmgkd2mozHsU9
|
||||
hpazFeBTLo/gWYJzkD51MZlHelL7heTZpns4m2iKhJuHxh61foZLU1tZz3FlGYhu
|
||||
zmaua4g2++wo3MLXpbvlLDkmS9qacBiVN5UQViP2Fe26BF7eOU/9t0MftaRlb82A
|
||||
EeRwlVtQzUkCFQD3BzHt+mwGA9WFihysnGXnUGZlbwKBgE3fTAOmkYr1GW9QRiWZ
|
||||
5WhvMONp4eWzXZi7KIZI/N6ZBD9fiAyccyQNIF25Kpo/GJYn5GKHwXt0YlP8YSeo
|
||||
epEJnbbxTZxUD1gG7kl0B85VfiPOFvbK3FphAX7JcbVN9tw0KYdo9l4gk7Pb9eQJ
|
||||
bEEXlZLrAbVzpWp+2DLtDgK4A4GEAAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfs
|
||||
i4e9IvD1hSslqFwEeZum+3j3iUXiALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj2
|
||||
5SoDKU5UUkkle6KtUn6j7RO04UMhMQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17
|
||||
ry7d6fGGqcMZoAAwCwYJYIZIAWUDBAMCAzAAMC0CFCp7rUwGJNtxK6Aqo6k6US+S
|
||||
KP8sAhUAyfSi8Zs3QAvkJoFG0IMRaq8M03I=
|
||||
-----END CERTIFICATE REQUEST-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDMDCCAuygAwIBAgIBAjALBglghkgBZQMEAwIwUzELMAkGA1UEBhMCQVUxEzAR
|
||||
BgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5
|
||||
IEx0ZDEMMAoGA1UEAwwDUENBMCAXDTE2MDExMzIxNDE0OVoYDzMwMTUwNTE2MjE0
|
||||
MTQ5WjBSMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UE
|
||||
CgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDDAJDQTCCAbYwggEr
|
||||
BgcqhkjOOAQBMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMu
|
||||
j+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb7
|
||||
7Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DN
|
||||
SQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh
|
||||
5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFN
|
||||
nFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusB
|
||||
tXOlan7YMu0OArgDgYQAAoGAGqZZeoqs/V62RZZNhglXAfioocVpx+yLh70i8PWF
|
||||
KyWoXAR5m6b7ePeJReIAucN1jzPr1yaH27rJOBqEBBLEDTA2moeJuPblKgMpTlRS
|
||||
SSV7oq1SfqPtE7ThQyExAJfmGWWq4lzg+7XTkjpfUSzDwuvnWhykvXuvLt3p8Yap
|
||||
wxmjUDBOMB0GA1UdDgQWBBTMZcORcBEVlqO/CD4pf4V6N1NM1zAfBgNVHSMEGDAW
|
||||
gBTGjwJ33uvjSa20RNrMKWoGptOLdDAMBgNVHRMEBTADAQH/MAsGCWCGSAFlAwQD
|
||||
AgMxADAuAhUA4V6MrHufG8R79E+AtVO02olPxK8CFQDkZyo/TWpavsUBRDJbCeD9
|
||||
jgjIkA==
|
||||
-----END CERTIFICATE-----
|
47
trunk/3rdparty/openssl-1.1-fit/apps/dsa-pca.pem
vendored
Normal file
47
trunk/3rdparty/openssl-1.1-fit/apps/dsa-pca.pem
vendored
Normal file
|
@ -0,0 +1,47 @@
|
|||
-----BEGIN DSA PRIVATE KEY-----
|
||||
MIIBvAIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
|
||||
PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
|
||||
u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
|
||||
Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
|
||||
hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
|
||||
SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
|
||||
Mu0OArgCgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
|
||||
umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
|
||||
29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUCFQDNvrBz
|
||||
6TicfImU7UFRn9h00j0lJQ==
|
||||
-----END DSA PRIVATE KEY-----
|
||||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIICWDCCAhUCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
|
||||
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAwwDUENB
|
||||
MIIBtzCCASsGByqGSM44BAEwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7F
|
||||
PYaWsxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmI
|
||||
bs5mrmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/N
|
||||
gBHkcJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYl
|
||||
meVobzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEn
|
||||
qHqRCZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/Xk
|
||||
CWxBF5WS6wG1c6Vqftgy7Q4CuAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYg
|
||||
rB7o1kQxeDf34dDVRM9OZ8tkumz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQ
|
||||
lNnKvbtlmMDULpqkZJD0bO7A29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgT
|
||||
mvTPT2j9TPjq7RWgADALBglghkgBZQMEAwIDMAAwLQIVAPA6/jxCT1D2HgzE4iZR
|
||||
AEup/C7YAhRPLTQvQnAiS5FRrA+8SwBLvDAsaw==
|
||||
-----END CERTIFICATE REQUEST-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDMDCCAu6gAwIBAgIBATALBglghkgBZQMEAwIwUzELMAkGA1UEBhMCQVUxEzAR
|
||||
BgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5
|
||||
IEx0ZDEMMAoGA1UEAwwDUENBMCAXDTE2MDExMzIxNDE0OVoYDzMwMTUwNTE2MjE0
|
||||
MTQ5WjBTMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UE
|
||||
CgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDDANQQ0EwggG3MIIB
|
||||
KwYHKoZIzjgEATCCAR4CgYEApz9uhb9Bail98J9HGTCQmgkd2mozHsU9hpazFeBT
|
||||
Lo/gWYJzkD51MZlHelL7heTZpns4m2iKhJuHxh61foZLU1tZz3FlGYhuzmaua4g2
|
||||
++wo3MLXpbvlLDkmS9qacBiVN5UQViP2Fe26BF7eOU/9t0MftaRlb82AEeRwlVtQ
|
||||
zUkCFQD3BzHt+mwGA9WFihysnGXnUGZlbwKBgE3fTAOmkYr1GW9QRiWZ5WhvMONp
|
||||
4eWzXZi7KIZI/N6ZBD9fiAyccyQNIF25Kpo/GJYn5GKHwXt0YlP8YSeoepEJnbbx
|
||||
TZxUD1gG7kl0B85VfiPOFvbK3FphAX7JcbVN9tw0KYdo9l4gk7Pb9eQJbEEXlZLr
|
||||
AbVzpWp+2DLtDgK4A4GFAAKBgQCm7bkeQHVviAowhXtosY1IiSczNiCsHujWRDF4
|
||||
N/fh0NVEz05ny2S6bPq2X6JRw17kSjF2xhXUhdJ12M6LTws4uxmrsBCU2cq9u2WY
|
||||
wNQumqRkkPRs7sDb2eKwl8rLVRGoAEvDkOB9w+HVkte2YN9SAm+aOBOa9M9PaP1M
|
||||
+OrtFaNQME4wHQYDVR0OBBYEFMaPAnfe6+NJrbRE2swpagam04t0MB8GA1UdIwQY
|
||||
MBaAFMaPAnfe6+NJrbRE2swpagam04t0MAwGA1UdEwQFMAMBAf8wCwYJYIZIAWUD
|
||||
BAMCAy8AMCwCFFhdz4fzQo9BBF20U1CHldYTi/D7AhQydDnDMj21y+U1UhDZJrvh
|
||||
lnt88g==
|
||||
-----END CERTIFICATE-----
|
265
trunk/3rdparty/openssl-1.1-fit/apps/dsa.c
vendored
Normal file
265
trunk/3rdparty/openssl-1.1-fit/apps/dsa.c
vendored
Normal file
|
@ -0,0 +1,265 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <openssl/opensslconf.h>
|
||||
#ifdef OPENSSL_NO_DSA
|
||||
NON_EMPTY_TRANSLATION_UNIT
|
||||
#else
|
||||
|
||||
# include <stdio.h>
|
||||
# include <stdlib.h>
|
||||
# include <string.h>
|
||||
# include <time.h>
|
||||
# include "apps.h"
|
||||
# include "progs.h"
|
||||
# include <openssl/bio.h>
|
||||
# include <openssl/err.h>
|
||||
# include <openssl/dsa.h>
|
||||
# include <openssl/evp.h>
|
||||
# include <openssl/x509.h>
|
||||
# include <openssl/pem.h>
|
||||
# include <openssl/bn.h>
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_ENGINE,
|
||||
/* Do not change the order here; see case statements below */
|
||||
OPT_PVK_NONE, OPT_PVK_WEAK, OPT_PVK_STRONG,
|
||||
OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_PUBIN,
|
||||
OPT_PUBOUT, OPT_CIPHER, OPT_PASSIN, OPT_PASSOUT
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS dsa_options[] = {
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{"inform", OPT_INFORM, 'f', "Input format, DER PEM PVK"},
|
||||
{"outform", OPT_OUTFORM, 'f', "Output format, DER PEM PVK"},
|
||||
{"in", OPT_IN, 's', "Input key"},
|
||||
{"out", OPT_OUT, '>', "Output file"},
|
||||
{"noout", OPT_NOOUT, '-', "Don't print key out"},
|
||||
{"text", OPT_TEXT, '-', "Print the key in text"},
|
||||
{"modulus", OPT_MODULUS, '-', "Print the DSA public value"},
|
||||
{"pubin", OPT_PUBIN, '-', "Expect a public key in input file"},
|
||||
{"pubout", OPT_PUBOUT, '-', "Output public key, not private"},
|
||||
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
|
||||
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
|
||||
{"", OPT_CIPHER, '-', "Any supported cipher"},
|
||||
# ifndef OPENSSL_NO_RC4
|
||||
{"pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)"},
|
||||
{"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"},
|
||||
{"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"},
|
||||
# endif
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
|
||||
# endif
|
||||
{NULL}
|
||||
};
|
||||
|
||||
int dsa_main(int argc, char **argv)
|
||||
{
|
||||
BIO *out = NULL;
|
||||
DSA *dsa = NULL;
|
||||
ENGINE *e = NULL;
|
||||
const EVP_CIPHER *enc = NULL;
|
||||
char *infile = NULL, *outfile = NULL, *prog;
|
||||
char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
|
||||
OPTION_CHOICE o;
|
||||
int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0;
|
||||
int i, modulus = 0, pubin = 0, pubout = 0, ret = 1;
|
||||
# ifndef OPENSSL_NO_RC4
|
||||
int pvk_encr = 2;
|
||||
# endif
|
||||
int private = 0;
|
||||
|
||||
prog = opt_init(argc, argv, dsa_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF:
|
||||
case OPT_ERR:
|
||||
opthelp:
|
||||
ret = 0;
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
case OPT_HELP:
|
||||
opt_help(dsa_options);
|
||||
ret = 0;
|
||||
goto end;
|
||||
case OPT_INFORM:
|
||||
if (!opt_format(opt_arg(), OPT_FMT_ANY, &informat))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_IN:
|
||||
infile = opt_arg();
|
||||
break;
|
||||
case OPT_OUTFORM:
|
||||
if (!opt_format(opt_arg(), OPT_FMT_ANY, &outformat))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_OUT:
|
||||
outfile = opt_arg();
|
||||
break;
|
||||
case OPT_ENGINE:
|
||||
e = setup_engine(opt_arg(), 0);
|
||||
break;
|
||||
case OPT_PASSIN:
|
||||
passinarg = opt_arg();
|
||||
break;
|
||||
case OPT_PASSOUT:
|
||||
passoutarg = opt_arg();
|
||||
break;
|
||||
case OPT_PVK_STRONG: /* pvk_encr:= 2 */
|
||||
case OPT_PVK_WEAK: /* pvk_encr:= 1 */
|
||||
case OPT_PVK_NONE: /* pvk_encr:= 0 */
|
||||
#ifndef OPENSSL_NO_RC4
|
||||
pvk_encr = (o - OPT_PVK_NONE);
|
||||
#endif
|
||||
break;
|
||||
case OPT_NOOUT:
|
||||
noout = 1;
|
||||
break;
|
||||
case OPT_TEXT:
|
||||
text = 1;
|
||||
break;
|
||||
case OPT_MODULUS:
|
||||
modulus = 1;
|
||||
break;
|
||||
case OPT_PUBIN:
|
||||
pubin = 1;
|
||||
break;
|
||||
case OPT_PUBOUT:
|
||||
pubout = 1;
|
||||
break;
|
||||
case OPT_CIPHER:
|
||||
if (!opt_cipher(opt_unknown(), &enc))
|
||||
goto end;
|
||||
break;
|
||||
}
|
||||
}
|
||||
argc = opt_num_rest();
|
||||
if (argc != 0)
|
||||
goto opthelp;
|
||||
|
||||
private = pubin || pubout ? 0 : 1;
|
||||
if (text && !pubin)
|
||||
private = 1;
|
||||
|
||||
if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
|
||||
BIO_printf(bio_err, "Error getting passwords\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
BIO_printf(bio_err, "read DSA key\n");
|
||||
{
|
||||
EVP_PKEY *pkey;
|
||||
|
||||
if (pubin)
|
||||
pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key");
|
||||
else
|
||||
pkey = load_key(infile, informat, 1, passin, e, "Private Key");
|
||||
|
||||
if (pkey != NULL) {
|
||||
dsa = EVP_PKEY_get1_DSA(pkey);
|
||||
EVP_PKEY_free(pkey);
|
||||
}
|
||||
}
|
||||
if (dsa == NULL) {
|
||||
BIO_printf(bio_err, "unable to load Key\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
out = bio_open_owner(outfile, outformat, private);
|
||||
if (out == NULL)
|
||||
goto end;
|
||||
|
||||
if (text) {
|
||||
assert(pubin || private);
|
||||
if (!DSA_print(out, dsa, 0)) {
|
||||
perror(outfile);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if (modulus) {
|
||||
const BIGNUM *pub_key = NULL;
|
||||
DSA_get0_key(dsa, &pub_key, NULL);
|
||||
BIO_printf(out, "Public Key=");
|
||||
BN_print(out, pub_key);
|
||||
BIO_printf(out, "\n");
|
||||
}
|
||||
|
||||
if (noout) {
|
||||
ret = 0;
|
||||
goto end;
|
||||
}
|
||||
BIO_printf(bio_err, "writing DSA key\n");
|
||||
if (outformat == FORMAT_ASN1) {
|
||||
if (pubin || pubout) {
|
||||
i = i2d_DSA_PUBKEY_bio(out, dsa);
|
||||
} else {
|
||||
assert(private);
|
||||
i = i2d_DSAPrivateKey_bio(out, dsa);
|
||||
}
|
||||
} else if (outformat == FORMAT_PEM) {
|
||||
if (pubin || pubout) {
|
||||
i = PEM_write_bio_DSA_PUBKEY(out, dsa);
|
||||
} else {
|
||||
assert(private);
|
||||
i = PEM_write_bio_DSAPrivateKey(out, dsa, enc,
|
||||
NULL, 0, NULL, passout);
|
||||
}
|
||||
# ifndef OPENSSL_NO_RSA
|
||||
} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
|
||||
EVP_PKEY *pk;
|
||||
pk = EVP_PKEY_new();
|
||||
if (pk == NULL)
|
||||
goto end;
|
||||
|
||||
EVP_PKEY_set1_DSA(pk, dsa);
|
||||
if (outformat == FORMAT_PVK) {
|
||||
if (pubin) {
|
||||
BIO_printf(bio_err, "PVK form impossible with public key input\n");
|
||||
EVP_PKEY_free(pk);
|
||||
goto end;
|
||||
}
|
||||
assert(private);
|
||||
# ifdef OPENSSL_NO_RC4
|
||||
BIO_printf(bio_err, "PVK format not supported\n");
|
||||
EVP_PKEY_free(pk);
|
||||
goto end;
|
||||
# else
|
||||
i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout);
|
||||
# endif
|
||||
} else if (pubin || pubout) {
|
||||
i = i2b_PublicKey_bio(out, pk);
|
||||
} else {
|
||||
assert(private);
|
||||
i = i2b_PrivateKey_bio(out, pk);
|
||||
}
|
||||
EVP_PKEY_free(pk);
|
||||
# endif
|
||||
} else {
|
||||
BIO_printf(bio_err, "bad output format specified for outfile\n");
|
||||
goto end;
|
||||
}
|
||||
if (i <= 0) {
|
||||
BIO_printf(bio_err, "unable to write private key\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
ret = 0;
|
||||
end:
|
||||
BIO_free_all(out);
|
||||
DSA_free(dsa);
|
||||
release_engine(e);
|
||||
OPENSSL_free(passin);
|
||||
OPENSSL_free(passout);
|
||||
return ret;
|
||||
}
|
||||
#endif
|
9
trunk/3rdparty/openssl-1.1-fit/apps/dsa1024.pem
vendored
Normal file
9
trunk/3rdparty/openssl-1.1-fit/apps/dsa1024.pem
vendored
Normal file
|
@ -0,0 +1,9 @@
|
|||
-----BEGIN DSA PARAMETERS-----
|
||||
MIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQPnUx
|
||||
mUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtelu+Us
|
||||
OSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcHMe36
|
||||
bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLsohkj8
|
||||
3pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbuSXQH
|
||||
zlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7YMu0O
|
||||
Arg=
|
||||
-----END DSA PARAMETERS-----
|
6
trunk/3rdparty/openssl-1.1-fit/apps/dsa512.pem
vendored
Normal file
6
trunk/3rdparty/openssl-1.1-fit/apps/dsa512.pem
vendored
Normal file
|
@ -0,0 +1,6 @@
|
|||
-----BEGIN DSA PARAMETERS-----
|
||||
MIGdAkEAnRtpjibb8isRcBmG9hnI+BnyGFOURgbQYlAzSwI8UjADizv5X9EkBk97
|
||||
TLqqQJv9luQ3M7stWtdaEUBmonZ9MQIVAPtT71C0QJIxVoZTeuiLIppJ+3GPAkEA
|
||||
gz6I5cWJc847bAFJv7PHnwrqRJHlMKrZvltftxDXibeOdPvPKR7rqCxUUbgQ3qDO
|
||||
L8wka5B33qJoplISogOdIA==
|
||||
-----END DSA PARAMETERS-----
|
6
trunk/3rdparty/openssl-1.1-fit/apps/dsap.pem
vendored
Normal file
6
trunk/3rdparty/openssl-1.1-fit/apps/dsap.pem
vendored
Normal file
|
@ -0,0 +1,6 @@
|
|||
-----BEGIN DSA PARAMETERS-----
|
||||
MIGcAkEA+ZiKEvZmc9MtnaFZh4NiZ3oZS4J1PHvPrm9MXj5ntVheDPkdmBDTncya
|
||||
GAJcMjwsyB/GvLDGd6yGCw/8eF+09wIVAK3VagOxGd/Q4Af5NbxR5FB7CXEjAkA2
|
||||
t/q7HgVLi0KeKvcDG8BRl3wuy7bCvpjgtWiJc/tpvcuzeuAayH89UofjAGueKjXD
|
||||
ADiRffvSdhrNw5dkqdql
|
||||
-----END DSA PARAMETERS-----
|
258
trunk/3rdparty/openssl-1.1-fit/apps/dsaparam.c
vendored
Normal file
258
trunk/3rdparty/openssl-1.1-fit/apps/dsaparam.c
vendored
Normal file
|
@ -0,0 +1,258 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <openssl/opensslconf.h>
|
||||
#ifdef OPENSSL_NO_DSA
|
||||
NON_EMPTY_TRANSLATION_UNIT
|
||||
#else
|
||||
|
||||
# include <stdio.h>
|
||||
# include <stdlib.h>
|
||||
# include <time.h>
|
||||
# include <string.h>
|
||||
# include "apps.h"
|
||||
# include "progs.h"
|
||||
# include <openssl/bio.h>
|
||||
# include <openssl/err.h>
|
||||
# include <openssl/bn.h>
|
||||
# include <openssl/dsa.h>
|
||||
# include <openssl/x509.h>
|
||||
# include <openssl/pem.h>
|
||||
|
||||
static int dsa_cb(int p, int n, BN_GENCB *cb);
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, OPT_C,
|
||||
OPT_NOOUT, OPT_GENKEY, OPT_ENGINE, OPT_R_ENUM
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS dsaparam_options[] = {
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
|
||||
{"in", OPT_IN, '<', "Input file"},
|
||||
{"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
|
||||
{"out", OPT_OUT, '>', "Output file"},
|
||||
{"text", OPT_TEXT, '-', "Print as text"},
|
||||
{"C", OPT_C, '-', "Output C code"},
|
||||
{"noout", OPT_NOOUT, '-', "No output"},
|
||||
{"genkey", OPT_GENKEY, '-', "Generate a DSA key"},
|
||||
OPT_R_OPTIONS,
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
|
||||
# endif
|
||||
{NULL}
|
||||
};
|
||||
|
||||
int dsaparam_main(int argc, char **argv)
|
||||
{
|
||||
ENGINE *e = NULL;
|
||||
DSA *dsa = NULL;
|
||||
BIO *in = NULL, *out = NULL;
|
||||
BN_GENCB *cb = NULL;
|
||||
int numbits = -1, num = 0, genkey = 0;
|
||||
int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0, C = 0;
|
||||
int ret = 1, i, text = 0, private = 0;
|
||||
char *infile = NULL, *outfile = NULL, *prog;
|
||||
OPTION_CHOICE o;
|
||||
|
||||
prog = opt_init(argc, argv, dsaparam_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF:
|
||||
case OPT_ERR:
|
||||
opthelp:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
case OPT_HELP:
|
||||
opt_help(dsaparam_options);
|
||||
ret = 0;
|
||||
goto end;
|
||||
case OPT_INFORM:
|
||||
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_IN:
|
||||
infile = opt_arg();
|
||||
break;
|
||||
case OPT_OUTFORM:
|
||||
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_OUT:
|
||||
outfile = opt_arg();
|
||||
break;
|
||||
case OPT_ENGINE:
|
||||
e = setup_engine(opt_arg(), 0);
|
||||
break;
|
||||
case OPT_TEXT:
|
||||
text = 1;
|
||||
break;
|
||||
case OPT_C:
|
||||
C = 1;
|
||||
break;
|
||||
case OPT_GENKEY:
|
||||
genkey = 1;
|
||||
break;
|
||||
case OPT_R_CASES:
|
||||
if (!opt_rand(o))
|
||||
goto end;
|
||||
break;
|
||||
case OPT_NOOUT:
|
||||
noout = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
argc = opt_num_rest();
|
||||
argv = opt_rest();
|
||||
|
||||
if (argc == 1) {
|
||||
if (!opt_int(argv[0], &num) || num < 0)
|
||||
goto end;
|
||||
/* generate a key */
|
||||
numbits = num;
|
||||
}
|
||||
private = genkey ? 1 : 0;
|
||||
|
||||
in = bio_open_default(infile, 'r', informat);
|
||||
if (in == NULL)
|
||||
goto end;
|
||||
out = bio_open_owner(outfile, outformat, private);
|
||||
if (out == NULL)
|
||||
goto end;
|
||||
|
||||
if (numbits > 0) {
|
||||
if (numbits > OPENSSL_DSA_MAX_MODULUS_BITS)
|
||||
BIO_printf(bio_err,
|
||||
"Warning: It is not recommended to use more than %d bit for DSA keys.\n"
|
||||
" Your key size is %d! Larger key size may behave not as expected.\n",
|
||||
OPENSSL_DSA_MAX_MODULUS_BITS, numbits);
|
||||
|
||||
cb = BN_GENCB_new();
|
||||
if (cb == NULL) {
|
||||
BIO_printf(bio_err, "Error allocating BN_GENCB object\n");
|
||||
goto end;
|
||||
}
|
||||
BN_GENCB_set(cb, dsa_cb, bio_err);
|
||||
dsa = DSA_new();
|
||||
if (dsa == NULL) {
|
||||
BIO_printf(bio_err, "Error allocating DSA object\n");
|
||||
goto end;
|
||||
}
|
||||
BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n",
|
||||
num);
|
||||
BIO_printf(bio_err, "This could take some time\n");
|
||||
if (!DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL, cb)) {
|
||||
ERR_print_errors(bio_err);
|
||||
BIO_printf(bio_err, "Error, DSA key generation failed\n");
|
||||
goto end;
|
||||
}
|
||||
} else if (informat == FORMAT_ASN1) {
|
||||
dsa = d2i_DSAparams_bio(in, NULL);
|
||||
} else {
|
||||
dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL);
|
||||
}
|
||||
if (dsa == NULL) {
|
||||
BIO_printf(bio_err, "unable to load DSA parameters\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (text) {
|
||||
DSAparams_print(out, dsa);
|
||||
}
|
||||
|
||||
if (C) {
|
||||
const BIGNUM *p = NULL, *q = NULL, *g = NULL;
|
||||
unsigned char *data;
|
||||
int len, bits_p;
|
||||
|
||||
DSA_get0_pqg(dsa, &p, &q, &g);
|
||||
len = BN_num_bytes(p);
|
||||
bits_p = BN_num_bits(p);
|
||||
|
||||
data = app_malloc(len + 20, "BN space");
|
||||
|
||||
BIO_printf(bio_out, "static DSA *get_dsa%d(void)\n{\n", bits_p);
|
||||
print_bignum_var(bio_out, p, "dsap", bits_p, data);
|
||||
print_bignum_var(bio_out, q, "dsaq", bits_p, data);
|
||||
print_bignum_var(bio_out, g, "dsag", bits_p, data);
|
||||
BIO_printf(bio_out, " DSA *dsa = DSA_new();\n"
|
||||
" BIGNUM *p, *q, *g;\n"
|
||||
"\n");
|
||||
BIO_printf(bio_out, " if (dsa == NULL)\n"
|
||||
" return NULL;\n");
|
||||
BIO_printf(bio_out, " if (!DSA_set0_pqg(dsa, p = BN_bin2bn(dsap_%d, sizeof(dsap_%d), NULL),\n",
|
||||
bits_p, bits_p);
|
||||
BIO_printf(bio_out, " q = BN_bin2bn(dsaq_%d, sizeof(dsaq_%d), NULL),\n",
|
||||
bits_p, bits_p);
|
||||
BIO_printf(bio_out, " g = BN_bin2bn(dsag_%d, sizeof(dsag_%d), NULL))) {\n",
|
||||
bits_p, bits_p);
|
||||
BIO_printf(bio_out, " DSA_free(dsa);\n"
|
||||
" BN_free(p);\n"
|
||||
" BN_free(q);\n"
|
||||
" BN_free(g);\n"
|
||||
" return NULL;\n"
|
||||
" }\n"
|
||||
" return dsa;\n}\n");
|
||||
OPENSSL_free(data);
|
||||
}
|
||||
|
||||
if (outformat == FORMAT_ASN1 && genkey)
|
||||
noout = 1;
|
||||
|
||||
if (!noout) {
|
||||
if (outformat == FORMAT_ASN1)
|
||||
i = i2d_DSAparams_bio(out, dsa);
|
||||
else
|
||||
i = PEM_write_bio_DSAparams(out, dsa);
|
||||
if (!i) {
|
||||
BIO_printf(bio_err, "unable to write DSA parameters\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
if (genkey) {
|
||||
DSA *dsakey;
|
||||
|
||||
if ((dsakey = DSAparams_dup(dsa)) == NULL)
|
||||
goto end;
|
||||
if (!DSA_generate_key(dsakey)) {
|
||||
ERR_print_errors(bio_err);
|
||||
DSA_free(dsakey);
|
||||
goto end;
|
||||
}
|
||||
assert(private);
|
||||
if (outformat == FORMAT_ASN1)
|
||||
i = i2d_DSAPrivateKey_bio(out, dsakey);
|
||||
else
|
||||
i = PEM_write_bio_DSAPrivateKey(out, dsakey, NULL, NULL, 0, NULL,
|
||||
NULL);
|
||||
DSA_free(dsakey);
|
||||
}
|
||||
ret = 0;
|
||||
end:
|
||||
BN_GENCB_free(cb);
|
||||
BIO_free(in);
|
||||
BIO_free_all(out);
|
||||
DSA_free(dsa);
|
||||
release_engine(e);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int dsa_cb(int p, int n, BN_GENCB *cb)
|
||||
{
|
||||
static const char symbols[] = ".+*\n";
|
||||
char c = (p >= 0 && (size_t)p < sizeof(symbols) - 1) ? symbols[p] : '?';
|
||||
|
||||
BIO_write(BN_GENCB_get_arg(cb), &c, 1);
|
||||
(void)BIO_flush(BN_GENCB_get_arg(cb));
|
||||
return 1;
|
||||
}
|
||||
#endif
|
283
trunk/3rdparty/openssl-1.1-fit/apps/ec.c
vendored
Normal file
283
trunk/3rdparty/openssl-1.1-fit/apps/ec.c
vendored
Normal file
|
@ -0,0 +1,283 @@
|
|||
/*
|
||||
* Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <openssl/opensslconf.h>
|
||||
#ifdef OPENSSL_NO_EC
|
||||
NON_EMPTY_TRANSLATION_UNIT
|
||||
#else
|
||||
|
||||
# include <stdio.h>
|
||||
# include <stdlib.h>
|
||||
# include <string.h>
|
||||
# include "apps.h"
|
||||
# include "progs.h"
|
||||
# include <openssl/bio.h>
|
||||
# include <openssl/err.h>
|
||||
# include <openssl/evp.h>
|
||||
# include <openssl/pem.h>
|
||||
|
||||
static OPT_PAIR conv_forms[] = {
|
||||
{"compressed", POINT_CONVERSION_COMPRESSED},
|
||||
{"uncompressed", POINT_CONVERSION_UNCOMPRESSED},
|
||||
{"hybrid", POINT_CONVERSION_HYBRID},
|
||||
{NULL}
|
||||
};
|
||||
|
||||
static OPT_PAIR param_enc[] = {
|
||||
{"named_curve", OPENSSL_EC_NAMED_CURVE},
|
||||
{"explicit", 0},
|
||||
{NULL}
|
||||
};
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
|
||||
OPT_NOOUT, OPT_TEXT, OPT_PARAM_OUT, OPT_PUBIN, OPT_PUBOUT,
|
||||
OPT_PASSIN, OPT_PASSOUT, OPT_PARAM_ENC, OPT_CONV_FORM, OPT_CIPHER,
|
||||
OPT_NO_PUBLIC, OPT_CHECK
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS ec_options[] = {
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{"in", OPT_IN, 's', "Input file"},
|
||||
{"inform", OPT_INFORM, 'f', "Input format - DER or PEM"},
|
||||
{"out", OPT_OUT, '>', "Output file"},
|
||||
{"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
|
||||
{"noout", OPT_NOOUT, '-', "Don't print key out"},
|
||||
{"text", OPT_TEXT, '-', "Print the key"},
|
||||
{"param_out", OPT_PARAM_OUT, '-', "Print the elliptic curve parameters"},
|
||||
{"pubin", OPT_PUBIN, '-', "Expect a public key in input file"},
|
||||
{"pubout", OPT_PUBOUT, '-', "Output public key, not private"},
|
||||
{"no_public", OPT_NO_PUBLIC, '-', "exclude public key from private key"},
|
||||
{"check", OPT_CHECK, '-', "check key consistency"},
|
||||
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
|
||||
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
|
||||
{"param_enc", OPT_PARAM_ENC, 's',
|
||||
"Specifies the way the ec parameters are encoded"},
|
||||
{"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "},
|
||||
{"", OPT_CIPHER, '-', "Any supported cipher"},
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
|
||||
# endif
|
||||
{NULL}
|
||||
};
|
||||
|
||||
int ec_main(int argc, char **argv)
|
||||
{
|
||||
BIO *in = NULL, *out = NULL;
|
||||
ENGINE *e = NULL;
|
||||
EC_KEY *eckey = NULL;
|
||||
const EC_GROUP *group;
|
||||
const EVP_CIPHER *enc = NULL;
|
||||
point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
|
||||
char *infile = NULL, *outfile = NULL, *prog;
|
||||
char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
|
||||
OPTION_CHOICE o;
|
||||
int asn1_flag = OPENSSL_EC_NAMED_CURVE, new_form = 0, new_asn1_flag = 0;
|
||||
int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0;
|
||||
int pubin = 0, pubout = 0, param_out = 0, i, ret = 1, private = 0;
|
||||
int no_public = 0, check = 0;
|
||||
|
||||
prog = opt_init(argc, argv, ec_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF:
|
||||
case OPT_ERR:
|
||||
opthelp:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
case OPT_HELP:
|
||||
opt_help(ec_options);
|
||||
ret = 0;
|
||||
goto end;
|
||||
case OPT_INFORM:
|
||||
if (!opt_format(opt_arg(), OPT_FMT_ANY, &informat))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_IN:
|
||||
infile = opt_arg();
|
||||
break;
|
||||
case OPT_OUTFORM:
|
||||
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_OUT:
|
||||
outfile = opt_arg();
|
||||
break;
|
||||
case OPT_NOOUT:
|
||||
noout = 1;
|
||||
break;
|
||||
case OPT_TEXT:
|
||||
text = 1;
|
||||
break;
|
||||
case OPT_PARAM_OUT:
|
||||
param_out = 1;
|
||||
break;
|
||||
case OPT_PUBIN:
|
||||
pubin = 1;
|
||||
break;
|
||||
case OPT_PUBOUT:
|
||||
pubout = 1;
|
||||
break;
|
||||
case OPT_PASSIN:
|
||||
passinarg = opt_arg();
|
||||
break;
|
||||
case OPT_PASSOUT:
|
||||
passoutarg = opt_arg();
|
||||
break;
|
||||
case OPT_ENGINE:
|
||||
e = setup_engine(opt_arg(), 0);
|
||||
break;
|
||||
case OPT_CIPHER:
|
||||
if (!opt_cipher(opt_unknown(), &enc))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_CONV_FORM:
|
||||
if (!opt_pair(opt_arg(), conv_forms, &i))
|
||||
goto opthelp;
|
||||
new_form = 1;
|
||||
form = i;
|
||||
break;
|
||||
case OPT_PARAM_ENC:
|
||||
if (!opt_pair(opt_arg(), param_enc, &i))
|
||||
goto opthelp;
|
||||
new_asn1_flag = 1;
|
||||
asn1_flag = i;
|
||||
break;
|
||||
case OPT_NO_PUBLIC:
|
||||
no_public = 1;
|
||||
break;
|
||||
case OPT_CHECK:
|
||||
check = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
argc = opt_num_rest();
|
||||
if (argc != 0)
|
||||
goto opthelp;
|
||||
|
||||
private = param_out || pubin || pubout ? 0 : 1;
|
||||
if (text && !pubin)
|
||||
private = 1;
|
||||
|
||||
if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
|
||||
BIO_printf(bio_err, "Error getting passwords\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (informat != FORMAT_ENGINE) {
|
||||
in = bio_open_default(infile, 'r', informat);
|
||||
if (in == NULL)
|
||||
goto end;
|
||||
}
|
||||
|
||||
BIO_printf(bio_err, "read EC key\n");
|
||||
if (informat == FORMAT_ASN1) {
|
||||
if (pubin)
|
||||
eckey = d2i_EC_PUBKEY_bio(in, NULL);
|
||||
else
|
||||
eckey = d2i_ECPrivateKey_bio(in, NULL);
|
||||
} else if (informat == FORMAT_ENGINE) {
|
||||
EVP_PKEY *pkey;
|
||||
if (pubin)
|
||||
pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key");
|
||||
else
|
||||
pkey = load_key(infile, informat, 1, passin, e, "Private Key");
|
||||
if (pkey != NULL) {
|
||||
eckey = EVP_PKEY_get1_EC_KEY(pkey);
|
||||
EVP_PKEY_free(pkey);
|
||||
}
|
||||
} else {
|
||||
if (pubin)
|
||||
eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, NULL);
|
||||
else
|
||||
eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL, passin);
|
||||
}
|
||||
if (eckey == NULL) {
|
||||
BIO_printf(bio_err, "unable to load Key\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
out = bio_open_owner(outfile, outformat, private);
|
||||
if (out == NULL)
|
||||
goto end;
|
||||
|
||||
group = EC_KEY_get0_group(eckey);
|
||||
|
||||
if (new_form)
|
||||
EC_KEY_set_conv_form(eckey, form);
|
||||
|
||||
if (new_asn1_flag)
|
||||
EC_KEY_set_asn1_flag(eckey, asn1_flag);
|
||||
|
||||
if (no_public)
|
||||
EC_KEY_set_enc_flags(eckey, EC_PKEY_NO_PUBKEY);
|
||||
|
||||
if (text) {
|
||||
assert(pubin || private);
|
||||
if (!EC_KEY_print(out, eckey, 0)) {
|
||||
perror(outfile);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if (check) {
|
||||
if (EC_KEY_check_key(eckey) == 1) {
|
||||
BIO_printf(bio_err, "EC Key valid.\n");
|
||||
} else {
|
||||
BIO_printf(bio_err, "EC Key Invalid!\n");
|
||||
ERR_print_errors(bio_err);
|
||||
}
|
||||
}
|
||||
|
||||
if (noout) {
|
||||
ret = 0;
|
||||
goto end;
|
||||
}
|
||||
|
||||
BIO_printf(bio_err, "writing EC key\n");
|
||||
if (outformat == FORMAT_ASN1) {
|
||||
if (param_out) {
|
||||
i = i2d_ECPKParameters_bio(out, group);
|
||||
} else if (pubin || pubout) {
|
||||
i = i2d_EC_PUBKEY_bio(out, eckey);
|
||||
} else {
|
||||
assert(private);
|
||||
i = i2d_ECPrivateKey_bio(out, eckey);
|
||||
}
|
||||
} else {
|
||||
if (param_out) {
|
||||
i = PEM_write_bio_ECPKParameters(out, group);
|
||||
} else if (pubin || pubout) {
|
||||
i = PEM_write_bio_EC_PUBKEY(out, eckey);
|
||||
} else {
|
||||
assert(private);
|
||||
i = PEM_write_bio_ECPrivateKey(out, eckey, enc,
|
||||
NULL, 0, NULL, passout);
|
||||
}
|
||||
}
|
||||
|
||||
if (!i) {
|
||||
BIO_printf(bio_err, "unable to write private key\n");
|
||||
ERR_print_errors(bio_err);
|
||||
} else {
|
||||
ret = 0;
|
||||
}
|
||||
end:
|
||||
BIO_free(in);
|
||||
BIO_free_all(out);
|
||||
EC_KEY_free(eckey);
|
||||
release_engine(e);
|
||||
OPENSSL_free(passin);
|
||||
OPENSSL_free(passout);
|
||||
return ret;
|
||||
}
|
||||
#endif
|
450
trunk/3rdparty/openssl-1.1-fit/apps/ecparam.c
vendored
Normal file
450
trunk/3rdparty/openssl-1.1-fit/apps/ecparam.c
vendored
Normal file
|
@ -0,0 +1,450 @@
|
|||
/*
|
||||
* Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <openssl/opensslconf.h>
|
||||
#ifdef OPENSSL_NO_EC
|
||||
NON_EMPTY_TRANSLATION_UNIT
|
||||
#else
|
||||
|
||||
# include <stdio.h>
|
||||
# include <stdlib.h>
|
||||
# include <time.h>
|
||||
# include <string.h>
|
||||
# include "apps.h"
|
||||
# include "progs.h"
|
||||
# include <openssl/bio.h>
|
||||
# include <openssl/err.h>
|
||||
# include <openssl/bn.h>
|
||||
# include <openssl/ec.h>
|
||||
# include <openssl/x509.h>
|
||||
# include <openssl/pem.h>
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, OPT_C,
|
||||
OPT_CHECK, OPT_LIST_CURVES, OPT_NO_SEED, OPT_NOOUT, OPT_NAME,
|
||||
OPT_CONV_FORM, OPT_PARAM_ENC, OPT_GENKEY, OPT_ENGINE,
|
||||
OPT_R_ENUM
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS ecparam_options[] = {
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{"inform", OPT_INFORM, 'F', "Input format - default PEM (DER or PEM)"},
|
||||
{"outform", OPT_OUTFORM, 'F', "Output format - default PEM"},
|
||||
{"in", OPT_IN, '<', "Input file - default stdin"},
|
||||
{"out", OPT_OUT, '>', "Output file - default stdout"},
|
||||
{"text", OPT_TEXT, '-', "Print the ec parameters in text form"},
|
||||
{"C", OPT_C, '-', "Print a 'C' function creating the parameters"},
|
||||
{"check", OPT_CHECK, '-', "Validate the ec parameters"},
|
||||
{"list_curves", OPT_LIST_CURVES, '-',
|
||||
"Prints a list of all curve 'short names'"},
|
||||
{"no_seed", OPT_NO_SEED, '-',
|
||||
"If 'explicit' parameters are chosen do not use the seed"},
|
||||
{"noout", OPT_NOOUT, '-', "Do not print the ec parameter"},
|
||||
{"name", OPT_NAME, 's',
|
||||
"Use the ec parameters with specified 'short name'"},
|
||||
{"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "},
|
||||
{"param_enc", OPT_PARAM_ENC, 's',
|
||||
"Specifies the way the ec parameters are encoded"},
|
||||
{"genkey", OPT_GENKEY, '-', "Generate ec key"},
|
||||
OPT_R_OPTIONS,
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
|
||||
# endif
|
||||
{NULL}
|
||||
};
|
||||
|
||||
static OPT_PAIR forms[] = {
|
||||
{"compressed", POINT_CONVERSION_COMPRESSED},
|
||||
{"uncompressed", POINT_CONVERSION_UNCOMPRESSED},
|
||||
{"hybrid", POINT_CONVERSION_HYBRID},
|
||||
{NULL}
|
||||
};
|
||||
|
||||
static OPT_PAIR encodings[] = {
|
||||
{"named_curve", OPENSSL_EC_NAMED_CURVE},
|
||||
{"explicit", 0},
|
||||
{NULL}
|
||||
};
|
||||
|
||||
int ecparam_main(int argc, char **argv)
|
||||
{
|
||||
ENGINE *e = NULL;
|
||||
BIGNUM *ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL;
|
||||
BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL;
|
||||
BIO *in = NULL, *out = NULL;
|
||||
EC_GROUP *group = NULL;
|
||||
point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
|
||||
char *curve_name = NULL;
|
||||
char *infile = NULL, *outfile = NULL, *prog;
|
||||
unsigned char *buffer = NULL;
|
||||
OPTION_CHOICE o;
|
||||
int asn1_flag = OPENSSL_EC_NAMED_CURVE, new_asn1_flag = 0;
|
||||
int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0, C = 0;
|
||||
int ret = 1, private = 0;
|
||||
int list_curves = 0, no_seed = 0, check = 0, new_form = 0;
|
||||
int text = 0, i, genkey = 0;
|
||||
|
||||
prog = opt_init(argc, argv, ecparam_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF:
|
||||
case OPT_ERR:
|
||||
opthelp:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
case OPT_HELP:
|
||||
opt_help(ecparam_options);
|
||||
ret = 0;
|
||||
goto end;
|
||||
case OPT_INFORM:
|
||||
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_IN:
|
||||
infile = opt_arg();
|
||||
break;
|
||||
case OPT_OUTFORM:
|
||||
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_OUT:
|
||||
outfile = opt_arg();
|
||||
break;
|
||||
case OPT_TEXT:
|
||||
text = 1;
|
||||
break;
|
||||
case OPT_C:
|
||||
C = 1;
|
||||
break;
|
||||
case OPT_CHECK:
|
||||
check = 1;
|
||||
break;
|
||||
case OPT_LIST_CURVES:
|
||||
list_curves = 1;
|
||||
break;
|
||||
case OPT_NO_SEED:
|
||||
no_seed = 1;
|
||||
break;
|
||||
case OPT_NOOUT:
|
||||
noout = 1;
|
||||
break;
|
||||
case OPT_NAME:
|
||||
curve_name = opt_arg();
|
||||
break;
|
||||
case OPT_CONV_FORM:
|
||||
if (!opt_pair(opt_arg(), forms, &new_form))
|
||||
goto opthelp;
|
||||
form = new_form;
|
||||
new_form = 1;
|
||||
break;
|
||||
case OPT_PARAM_ENC:
|
||||
if (!opt_pair(opt_arg(), encodings, &asn1_flag))
|
||||
goto opthelp;
|
||||
new_asn1_flag = 1;
|
||||
break;
|
||||
case OPT_GENKEY:
|
||||
genkey = 1;
|
||||
break;
|
||||
case OPT_R_CASES:
|
||||
if (!opt_rand(o))
|
||||
goto end;
|
||||
break;
|
||||
case OPT_ENGINE:
|
||||
e = setup_engine(opt_arg(), 0);
|
||||
break;
|
||||
}
|
||||
}
|
||||
argc = opt_num_rest();
|
||||
if (argc != 0)
|
||||
goto opthelp;
|
||||
|
||||
private = genkey ? 1 : 0;
|
||||
|
||||
in = bio_open_default(infile, 'r', informat);
|
||||
if (in == NULL)
|
||||
goto end;
|
||||
out = bio_open_owner(outfile, outformat, private);
|
||||
if (out == NULL)
|
||||
goto end;
|
||||
|
||||
if (list_curves) {
|
||||
EC_builtin_curve *curves = NULL;
|
||||
size_t crv_len = EC_get_builtin_curves(NULL, 0);
|
||||
size_t n;
|
||||
|
||||
curves = app_malloc((int)sizeof(*curves) * crv_len, "list curves");
|
||||
if (!EC_get_builtin_curves(curves, crv_len)) {
|
||||
OPENSSL_free(curves);
|
||||
goto end;
|
||||
}
|
||||
|
||||
for (n = 0; n < crv_len; n++) {
|
||||
const char *comment;
|
||||
const char *sname;
|
||||
comment = curves[n].comment;
|
||||
sname = OBJ_nid2sn(curves[n].nid);
|
||||
if (comment == NULL)
|
||||
comment = "CURVE DESCRIPTION NOT AVAILABLE";
|
||||
if (sname == NULL)
|
||||
sname = "";
|
||||
|
||||
BIO_printf(out, " %-10s: ", sname);
|
||||
BIO_printf(out, "%s\n", comment);
|
||||
}
|
||||
|
||||
OPENSSL_free(curves);
|
||||
ret = 0;
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (curve_name != NULL) {
|
||||
int nid;
|
||||
|
||||
/*
|
||||
* workaround for the SECG curve names secp192r1 and secp256r1 (which
|
||||
* are the same as the curves prime192v1 and prime256v1 defined in
|
||||
* X9.62)
|
||||
*/
|
||||
if (strcmp(curve_name, "secp192r1") == 0) {
|
||||
BIO_printf(bio_err, "using curve name prime192v1 "
|
||||
"instead of secp192r1\n");
|
||||
nid = NID_X9_62_prime192v1;
|
||||
} else if (strcmp(curve_name, "secp256r1") == 0) {
|
||||
BIO_printf(bio_err, "using curve name prime256v1 "
|
||||
"instead of secp256r1\n");
|
||||
nid = NID_X9_62_prime256v1;
|
||||
} else {
|
||||
nid = OBJ_sn2nid(curve_name);
|
||||
}
|
||||
|
||||
if (nid == 0)
|
||||
nid = EC_curve_nist2nid(curve_name);
|
||||
|
||||
if (nid == 0) {
|
||||
BIO_printf(bio_err, "unknown curve name (%s)\n", curve_name);
|
||||
goto end;
|
||||
}
|
||||
|
||||
group = EC_GROUP_new_by_curve_name(nid);
|
||||
if (group == NULL) {
|
||||
BIO_printf(bio_err, "unable to create curve (%s)\n", curve_name);
|
||||
goto end;
|
||||
}
|
||||
EC_GROUP_set_asn1_flag(group, asn1_flag);
|
||||
EC_GROUP_set_point_conversion_form(group, form);
|
||||
} else if (informat == FORMAT_ASN1) {
|
||||
group = d2i_ECPKParameters_bio(in, NULL);
|
||||
} else {
|
||||
group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL);
|
||||
}
|
||||
if (group == NULL) {
|
||||
BIO_printf(bio_err, "unable to load elliptic curve parameters\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (new_form)
|
||||
EC_GROUP_set_point_conversion_form(group, form);
|
||||
|
||||
if (new_asn1_flag)
|
||||
EC_GROUP_set_asn1_flag(group, asn1_flag);
|
||||
|
||||
if (no_seed) {
|
||||
EC_GROUP_set_seed(group, NULL, 0);
|
||||
}
|
||||
|
||||
if (text) {
|
||||
if (!ECPKParameters_print(out, group, 0))
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (check) {
|
||||
BIO_printf(bio_err, "checking elliptic curve parameters: ");
|
||||
if (!EC_GROUP_check(group, NULL)) {
|
||||
BIO_printf(bio_err, "failed\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
BIO_printf(bio_err, "ok\n");
|
||||
|
||||
}
|
||||
|
||||
if (C) {
|
||||
size_t buf_len = 0, tmp_len = 0;
|
||||
const EC_POINT *point;
|
||||
int is_prime, len = 0;
|
||||
const EC_METHOD *meth = EC_GROUP_method_of(group);
|
||||
|
||||
if ((ec_p = BN_new()) == NULL
|
||||
|| (ec_a = BN_new()) == NULL
|
||||
|| (ec_b = BN_new()) == NULL
|
||||
|| (ec_gen = BN_new()) == NULL
|
||||
|| (ec_order = BN_new()) == NULL
|
||||
|| (ec_cofactor = BN_new()) == NULL) {
|
||||
perror("Can't allocate BN");
|
||||
goto end;
|
||||
}
|
||||
|
||||
is_prime = (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field);
|
||||
if (!is_prime) {
|
||||
BIO_printf(bio_err, "Can only handle X9.62 prime fields\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!EC_GROUP_get_curve(group, ec_p, ec_a, ec_b, NULL))
|
||||
goto end;
|
||||
|
||||
if ((point = EC_GROUP_get0_generator(group)) == NULL)
|
||||
goto end;
|
||||
if (!EC_POINT_point2bn(group, point,
|
||||
EC_GROUP_get_point_conversion_form(group),
|
||||
ec_gen, NULL))
|
||||
goto end;
|
||||
if (!EC_GROUP_get_order(group, ec_order, NULL))
|
||||
goto end;
|
||||
if (!EC_GROUP_get_cofactor(group, ec_cofactor, NULL))
|
||||
goto end;
|
||||
|
||||
if (!ec_p || !ec_a || !ec_b || !ec_gen || !ec_order || !ec_cofactor)
|
||||
goto end;
|
||||
|
||||
len = BN_num_bits(ec_order);
|
||||
|
||||
if ((tmp_len = (size_t)BN_num_bytes(ec_p)) > buf_len)
|
||||
buf_len = tmp_len;
|
||||
if ((tmp_len = (size_t)BN_num_bytes(ec_a)) > buf_len)
|
||||
buf_len = tmp_len;
|
||||
if ((tmp_len = (size_t)BN_num_bytes(ec_b)) > buf_len)
|
||||
buf_len = tmp_len;
|
||||
if ((tmp_len = (size_t)BN_num_bytes(ec_gen)) > buf_len)
|
||||
buf_len = tmp_len;
|
||||
if ((tmp_len = (size_t)BN_num_bytes(ec_order)) > buf_len)
|
||||
buf_len = tmp_len;
|
||||
if ((tmp_len = (size_t)BN_num_bytes(ec_cofactor)) > buf_len)
|
||||
buf_len = tmp_len;
|
||||
|
||||
buffer = app_malloc(buf_len, "BN buffer");
|
||||
|
||||
BIO_printf(out, "EC_GROUP *get_ec_group_%d(void)\n{\n", len);
|
||||
print_bignum_var(out, ec_p, "ec_p", len, buffer);
|
||||
print_bignum_var(out, ec_a, "ec_a", len, buffer);
|
||||
print_bignum_var(out, ec_b, "ec_b", len, buffer);
|
||||
print_bignum_var(out, ec_gen, "ec_gen", len, buffer);
|
||||
print_bignum_var(out, ec_order, "ec_order", len, buffer);
|
||||
print_bignum_var(out, ec_cofactor, "ec_cofactor", len, buffer);
|
||||
BIO_printf(out, " int ok = 0;\n"
|
||||
" EC_GROUP *group = NULL;\n"
|
||||
" EC_POINT *point = NULL;\n"
|
||||
" BIGNUM *tmp_1 = NULL;\n"
|
||||
" BIGNUM *tmp_2 = NULL;\n"
|
||||
" BIGNUM *tmp_3 = NULL;\n"
|
||||
"\n");
|
||||
|
||||
BIO_printf(out, " if ((tmp_1 = BN_bin2bn(ec_p_%d, sizeof(ec_p_%d), NULL)) == NULL)\n"
|
||||
" goto err;\n", len, len);
|
||||
BIO_printf(out, " if ((tmp_2 = BN_bin2bn(ec_a_%d, sizeof(ec_a_%d), NULL)) == NULL)\n"
|
||||
" goto err;\n", len, len);
|
||||
BIO_printf(out, " if ((tmp_3 = BN_bin2bn(ec_b_%d, sizeof(ec_b_%d), NULL)) == NULL)\n"
|
||||
" goto err;\n", len, len);
|
||||
BIO_printf(out, " if ((group = EC_GROUP_new_curve_GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)\n"
|
||||
" goto err;\n"
|
||||
"\n");
|
||||
BIO_printf(out, " /* build generator */\n");
|
||||
BIO_printf(out, " if ((tmp_1 = BN_bin2bn(ec_gen_%d, sizeof(ec_gen_%d), tmp_1)) == NULL)\n"
|
||||
" goto err;\n", len, len);
|
||||
BIO_printf(out, " point = EC_POINT_bn2point(group, tmp_1, NULL, NULL);\n");
|
||||
BIO_printf(out, " if (point == NULL)\n"
|
||||
" goto err;\n");
|
||||
BIO_printf(out, " if ((tmp_2 = BN_bin2bn(ec_order_%d, sizeof(ec_order_%d), tmp_2)) == NULL)\n"
|
||||
" goto err;\n", len, len);
|
||||
BIO_printf(out, " if ((tmp_3 = BN_bin2bn(ec_cofactor_%d, sizeof(ec_cofactor_%d), tmp_3)) == NULL)\n"
|
||||
" goto err;\n", len, len);
|
||||
BIO_printf(out, " if (!EC_GROUP_set_generator(group, point, tmp_2, tmp_3))\n"
|
||||
" goto err;\n"
|
||||
"ok = 1;"
|
||||
"\n");
|
||||
BIO_printf(out, "err:\n"
|
||||
" BN_free(tmp_1);\n"
|
||||
" BN_free(tmp_2);\n"
|
||||
" BN_free(tmp_3);\n"
|
||||
" EC_POINT_free(point);\n"
|
||||
" if (!ok) {\n"
|
||||
" EC_GROUP_free(group);\n"
|
||||
" return NULL;\n"
|
||||
" }\n"
|
||||
" return (group);\n"
|
||||
"}\n");
|
||||
}
|
||||
|
||||
if (outformat == FORMAT_ASN1 && genkey)
|
||||
noout = 1;
|
||||
|
||||
if (!noout) {
|
||||
if (outformat == FORMAT_ASN1)
|
||||
i = i2d_ECPKParameters_bio(out, group);
|
||||
else
|
||||
i = PEM_write_bio_ECPKParameters(out, group);
|
||||
if (!i) {
|
||||
BIO_printf(bio_err, "unable to write elliptic "
|
||||
"curve parameters\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if (genkey) {
|
||||
EC_KEY *eckey = EC_KEY_new();
|
||||
|
||||
if (eckey == NULL)
|
||||
goto end;
|
||||
|
||||
if (EC_KEY_set_group(eckey, group) == 0) {
|
||||
BIO_printf(bio_err, "unable to set group when generating key\n");
|
||||
EC_KEY_free(eckey);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (new_form)
|
||||
EC_KEY_set_conv_form(eckey, form);
|
||||
|
||||
if (!EC_KEY_generate_key(eckey)) {
|
||||
BIO_printf(bio_err, "unable to generate key\n");
|
||||
EC_KEY_free(eckey);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
assert(private);
|
||||
if (outformat == FORMAT_ASN1)
|
||||
i = i2d_ECPrivateKey_bio(out, eckey);
|
||||
else
|
||||
i = PEM_write_bio_ECPrivateKey(out, eckey, NULL,
|
||||
NULL, 0, NULL, NULL);
|
||||
EC_KEY_free(eckey);
|
||||
}
|
||||
|
||||
ret = 0;
|
||||
end:
|
||||
BN_free(ec_p);
|
||||
BN_free(ec_a);
|
||||
BN_free(ec_b);
|
||||
BN_free(ec_gen);
|
||||
BN_free(ec_order);
|
||||
BN_free(ec_cofactor);
|
||||
OPENSSL_free(buffer);
|
||||
EC_GROUP_free(group);
|
||||
release_engine(e);
|
||||
BIO_free(in);
|
||||
BIO_free_all(out);
|
||||
return ret;
|
||||
}
|
||||
|
||||
#endif
|
675
trunk/3rdparty/openssl-1.1-fit/apps/enc.c
vendored
Normal file
675
trunk/3rdparty/openssl-1.1-fit/apps/enc.c
vendored
Normal file
|
@ -0,0 +1,675 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <limits.h>
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/rand.h>
|
||||
#include <openssl/pem.h>
|
||||
#ifndef OPENSSL_NO_COMP
|
||||
# include <openssl/comp.h>
|
||||
#endif
|
||||
#include <ctype.h>
|
||||
|
||||
#undef SIZE
|
||||
#undef BSIZE
|
||||
#define SIZE (512)
|
||||
#define BSIZE (8*1024)
|
||||
|
||||
static int set_hex(const char *in, unsigned char *out, int size);
|
||||
static void show_ciphers(const OBJ_NAME *name, void *bio_);
|
||||
|
||||
struct doall_enc_ciphers {
|
||||
BIO *bio;
|
||||
int n;
|
||||
};
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
OPT_LIST,
|
||||
OPT_E, OPT_IN, OPT_OUT, OPT_PASS, OPT_ENGINE, OPT_D, OPT_P, OPT_V,
|
||||
OPT_NOPAD, OPT_SALT, OPT_NOSALT, OPT_DEBUG, OPT_UPPER_P, OPT_UPPER_A,
|
||||
OPT_A, OPT_Z, OPT_BUFSIZE, OPT_K, OPT_KFILE, OPT_UPPER_K, OPT_NONE,
|
||||
OPT_UPPER_S, OPT_IV, OPT_MD, OPT_ITER, OPT_PBKDF2, OPT_CIPHER,
|
||||
OPT_R_ENUM
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS enc_options[] = {
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{"ciphers", OPT_LIST, '-', "List ciphers"},
|
||||
{"in", OPT_IN, '<', "Input file"},
|
||||
{"out", OPT_OUT, '>', "Output file"},
|
||||
{"pass", OPT_PASS, 's', "Passphrase source"},
|
||||
{"e", OPT_E, '-', "Encrypt"},
|
||||
{"d", OPT_D, '-', "Decrypt"},
|
||||
{"p", OPT_P, '-', "Print the iv/key"},
|
||||
{"P", OPT_UPPER_P, '-', "Print the iv/key and exit"},
|
||||
{"v", OPT_V, '-', "Verbose output"},
|
||||
{"nopad", OPT_NOPAD, '-', "Disable standard block padding"},
|
||||
{"salt", OPT_SALT, '-', "Use salt in the KDF (default)"},
|
||||
{"nosalt", OPT_NOSALT, '-', "Do not use salt in the KDF"},
|
||||
{"debug", OPT_DEBUG, '-', "Print debug info"},
|
||||
{"a", OPT_A, '-', "Base64 encode/decode, depending on encryption flag"},
|
||||
{"base64", OPT_A, '-', "Same as option -a"},
|
||||
{"A", OPT_UPPER_A, '-',
|
||||
"Used with -[base64|a] to specify base64 buffer as a single line"},
|
||||
{"bufsize", OPT_BUFSIZE, 's', "Buffer size"},
|
||||
{"k", OPT_K, 's', "Passphrase"},
|
||||
{"kfile", OPT_KFILE, '<', "Read passphrase from file"},
|
||||
{"K", OPT_UPPER_K, 's', "Raw key, in hex"},
|
||||
{"S", OPT_UPPER_S, 's', "Salt, in hex"},
|
||||
{"iv", OPT_IV, 's', "IV in hex"},
|
||||
{"md", OPT_MD, 's', "Use specified digest to create a key from the passphrase"},
|
||||
{"iter", OPT_ITER, 'p', "Specify the iteration count and force use of PBKDF2"},
|
||||
{"pbkdf2", OPT_PBKDF2, '-', "Use password-based key derivation function 2"},
|
||||
{"none", OPT_NONE, '-', "Don't encrypt"},
|
||||
{"", OPT_CIPHER, '-', "Any supported cipher"},
|
||||
OPT_R_OPTIONS,
|
||||
#ifdef ZLIB
|
||||
{"z", OPT_Z, '-', "Use zlib as the 'encryption'"},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
|
||||
#endif
|
||||
{NULL}
|
||||
};
|
||||
|
||||
int enc_main(int argc, char **argv)
|
||||
{
|
||||
static char buf[128];
|
||||
static const char magic[] = "Salted__";
|
||||
ENGINE *e = NULL;
|
||||
BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL, *rbio =
|
||||
NULL, *wbio = NULL;
|
||||
EVP_CIPHER_CTX *ctx = NULL;
|
||||
const EVP_CIPHER *cipher = NULL, *c;
|
||||
const EVP_MD *dgst = NULL;
|
||||
char *hkey = NULL, *hiv = NULL, *hsalt = NULL, *p;
|
||||
char *infile = NULL, *outfile = NULL, *prog;
|
||||
char *str = NULL, *passarg = NULL, *pass = NULL, *strbuf = NULL;
|
||||
char mbuf[sizeof(magic) - 1];
|
||||
OPTION_CHOICE o;
|
||||
int bsize = BSIZE, verbose = 0, debug = 0, olb64 = 0, nosalt = 0;
|
||||
int enc = 1, printkey = 0, i, k;
|
||||
int base64 = 0, informat = FORMAT_BINARY, outformat = FORMAT_BINARY;
|
||||
int ret = 1, inl, nopad = 0;
|
||||
unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
|
||||
unsigned char *buff = NULL, salt[PKCS5_SALT_LEN];
|
||||
int pbkdf2 = 0;
|
||||
int iter = 0;
|
||||
long n;
|
||||
struct doall_enc_ciphers dec;
|
||||
#ifdef ZLIB
|
||||
int do_zlib = 0;
|
||||
BIO *bzl = NULL;
|
||||
#endif
|
||||
|
||||
/* first check the program name */
|
||||
prog = opt_progname(argv[0]);
|
||||
if (strcmp(prog, "base64") == 0) {
|
||||
base64 = 1;
|
||||
#ifdef ZLIB
|
||||
} else if (strcmp(prog, "zlib") == 0) {
|
||||
do_zlib = 1;
|
||||
#endif
|
||||
} else {
|
||||
cipher = EVP_get_cipherbyname(prog);
|
||||
if (cipher == NULL && strcmp(prog, "enc") != 0) {
|
||||
BIO_printf(bio_err, "%s is not a known cipher\n", prog);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
prog = opt_init(argc, argv, enc_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF:
|
||||
case OPT_ERR:
|
||||
opthelp:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
case OPT_HELP:
|
||||
opt_help(enc_options);
|
||||
ret = 0;
|
||||
goto end;
|
||||
case OPT_LIST:
|
||||
BIO_printf(bio_out, "Supported ciphers:\n");
|
||||
dec.bio = bio_out;
|
||||
dec.n = 0;
|
||||
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
|
||||
show_ciphers, &dec);
|
||||
BIO_printf(bio_out, "\n");
|
||||
ret = 0;
|
||||
goto end;
|
||||
case OPT_E:
|
||||
enc = 1;
|
||||
break;
|
||||
case OPT_IN:
|
||||
infile = opt_arg();
|
||||
break;
|
||||
case OPT_OUT:
|
||||
outfile = opt_arg();
|
||||
break;
|
||||
case OPT_PASS:
|
||||
passarg = opt_arg();
|
||||
break;
|
||||
case OPT_ENGINE:
|
||||
e = setup_engine(opt_arg(), 0);
|
||||
break;
|
||||
case OPT_D:
|
||||
enc = 0;
|
||||
break;
|
||||
case OPT_P:
|
||||
printkey = 1;
|
||||
break;
|
||||
case OPT_V:
|
||||
verbose = 1;
|
||||
break;
|
||||
case OPT_NOPAD:
|
||||
nopad = 1;
|
||||
break;
|
||||
case OPT_SALT:
|
||||
nosalt = 0;
|
||||
break;
|
||||
case OPT_NOSALT:
|
||||
nosalt = 1;
|
||||
break;
|
||||
case OPT_DEBUG:
|
||||
debug = 1;
|
||||
break;
|
||||
case OPT_UPPER_P:
|
||||
printkey = 2;
|
||||
break;
|
||||
case OPT_UPPER_A:
|
||||
olb64 = 1;
|
||||
break;
|
||||
case OPT_A:
|
||||
base64 = 1;
|
||||
break;
|
||||
case OPT_Z:
|
||||
#ifdef ZLIB
|
||||
do_zlib = 1;
|
||||
#endif
|
||||
break;
|
||||
case OPT_BUFSIZE:
|
||||
p = opt_arg();
|
||||
i = (int)strlen(p) - 1;
|
||||
k = i >= 1 && p[i] == 'k';
|
||||
if (k)
|
||||
p[i] = '\0';
|
||||
if (!opt_long(opt_arg(), &n)
|
||||
|| n < 0 || (k && n >= LONG_MAX / 1024))
|
||||
goto opthelp;
|
||||
if (k)
|
||||
n *= 1024;
|
||||
bsize = (int)n;
|
||||
break;
|
||||
case OPT_K:
|
||||
str = opt_arg();
|
||||
break;
|
||||
case OPT_KFILE:
|
||||
in = bio_open_default(opt_arg(), 'r', FORMAT_TEXT);
|
||||
if (in == NULL)
|
||||
goto opthelp;
|
||||
i = BIO_gets(in, buf, sizeof(buf));
|
||||
BIO_free(in);
|
||||
in = NULL;
|
||||
if (i <= 0) {
|
||||
BIO_printf(bio_err,
|
||||
"%s Can't read key from %s\n", prog, opt_arg());
|
||||
goto opthelp;
|
||||
}
|
||||
while (--i > 0 && (buf[i] == '\r' || buf[i] == '\n'))
|
||||
buf[i] = '\0';
|
||||
if (i <= 0) {
|
||||
BIO_printf(bio_err, "%s: zero length password\n", prog);
|
||||
goto opthelp;
|
||||
}
|
||||
str = buf;
|
||||
break;
|
||||
case OPT_UPPER_K:
|
||||
hkey = opt_arg();
|
||||
break;
|
||||
case OPT_UPPER_S:
|
||||
hsalt = opt_arg();
|
||||
break;
|
||||
case OPT_IV:
|
||||
hiv = opt_arg();
|
||||
break;
|
||||
case OPT_MD:
|
||||
if (!opt_md(opt_arg(), &dgst))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_CIPHER:
|
||||
if (!opt_cipher(opt_unknown(), &c))
|
||||
goto opthelp;
|
||||
cipher = c;
|
||||
break;
|
||||
case OPT_ITER:
|
||||
if (!opt_int(opt_arg(), &iter))
|
||||
goto opthelp;
|
||||
pbkdf2 = 1;
|
||||
break;
|
||||
case OPT_PBKDF2:
|
||||
pbkdf2 = 1;
|
||||
if (iter == 0) /* do not overwrite a chosen value */
|
||||
iter = 10000;
|
||||
break;
|
||||
case OPT_NONE:
|
||||
cipher = NULL;
|
||||
break;
|
||||
case OPT_R_CASES:
|
||||
if (!opt_rand(o))
|
||||
goto end;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (opt_num_rest() != 0) {
|
||||
BIO_printf(bio_err, "Extra arguments given.\n");
|
||||
goto opthelp;
|
||||
}
|
||||
|
||||
if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
|
||||
BIO_printf(bio_err, "%s: AEAD ciphers not supported\n", prog);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (cipher && (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)) {
|
||||
BIO_printf(bio_err, "%s XTS ciphers not supported\n", prog);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (dgst == NULL)
|
||||
dgst = EVP_sha256();
|
||||
|
||||
if (iter == 0)
|
||||
iter = 1;
|
||||
|
||||
/* It must be large enough for a base64 encoded line */
|
||||
if (base64 && bsize < 80)
|
||||
bsize = 80;
|
||||
if (verbose)
|
||||
BIO_printf(bio_err, "bufsize=%d\n", bsize);
|
||||
|
||||
#ifdef ZLIB
|
||||
if (!do_zlib)
|
||||
#endif
|
||||
if (base64) {
|
||||
if (enc)
|
||||
outformat = FORMAT_BASE64;
|
||||
else
|
||||
informat = FORMAT_BASE64;
|
||||
}
|
||||
|
||||
strbuf = app_malloc(SIZE, "strbuf");
|
||||
buff = app_malloc(EVP_ENCODE_LENGTH(bsize), "evp buffer");
|
||||
|
||||
if (infile == NULL) {
|
||||
in = dup_bio_in(informat);
|
||||
} else {
|
||||
in = bio_open_default(infile, 'r', informat);
|
||||
}
|
||||
if (in == NULL)
|
||||
goto end;
|
||||
|
||||
if (str == NULL && passarg != NULL) {
|
||||
if (!app_passwd(passarg, NULL, &pass, NULL)) {
|
||||
BIO_printf(bio_err, "Error getting password\n");
|
||||
goto end;
|
||||
}
|
||||
str = pass;
|
||||
}
|
||||
|
||||
if ((str == NULL) && (cipher != NULL) && (hkey == NULL)) {
|
||||
if (1) {
|
||||
#ifndef OPENSSL_NO_UI_CONSOLE
|
||||
for (;;) {
|
||||
char prompt[200];
|
||||
|
||||
BIO_snprintf(prompt, sizeof(prompt), "enter %s %s password:",
|
||||
OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
|
||||
(enc) ? "encryption" : "decryption");
|
||||
strbuf[0] = '\0';
|
||||
i = EVP_read_pw_string((char *)strbuf, SIZE, prompt, enc);
|
||||
if (i == 0) {
|
||||
if (strbuf[0] == '\0') {
|
||||
ret = 1;
|
||||
goto end;
|
||||
}
|
||||
str = strbuf;
|
||||
break;
|
||||
}
|
||||
if (i < 0) {
|
||||
BIO_printf(bio_err, "bad password read\n");
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
#endif
|
||||
BIO_printf(bio_err, "password required\n");
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
out = bio_open_default(outfile, 'w', outformat);
|
||||
if (out == NULL)
|
||||
goto end;
|
||||
|
||||
if (debug) {
|
||||
BIO_set_callback(in, BIO_debug_callback);
|
||||
BIO_set_callback(out, BIO_debug_callback);
|
||||
BIO_set_callback_arg(in, (char *)bio_err);
|
||||
BIO_set_callback_arg(out, (char *)bio_err);
|
||||
}
|
||||
|
||||
rbio = in;
|
||||
wbio = out;
|
||||
|
||||
#ifdef ZLIB
|
||||
if (do_zlib) {
|
||||
if ((bzl = BIO_new(BIO_f_zlib())) == NULL)
|
||||
goto end;
|
||||
if (debug) {
|
||||
BIO_set_callback(bzl, BIO_debug_callback);
|
||||
BIO_set_callback_arg(bzl, (char *)bio_err);
|
||||
}
|
||||
if (enc)
|
||||
wbio = BIO_push(bzl, wbio);
|
||||
else
|
||||
rbio = BIO_push(bzl, rbio);
|
||||
}
|
||||
#endif
|
||||
|
||||
if (base64) {
|
||||
if ((b64 = BIO_new(BIO_f_base64())) == NULL)
|
||||
goto end;
|
||||
if (debug) {
|
||||
BIO_set_callback(b64, BIO_debug_callback);
|
||||
BIO_set_callback_arg(b64, (char *)bio_err);
|
||||
}
|
||||
if (olb64)
|
||||
BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
|
||||
if (enc)
|
||||
wbio = BIO_push(b64, wbio);
|
||||
else
|
||||
rbio = BIO_push(b64, rbio);
|
||||
}
|
||||
|
||||
if (cipher != NULL) {
|
||||
/*
|
||||
* Note that str is NULL if a key was passed on the command line, so
|
||||
* we get no salt in that case. Is this a bug?
|
||||
*/
|
||||
if (str != NULL) {
|
||||
/*
|
||||
* Salt handling: if encrypting generate a salt and write to
|
||||
* output BIO. If decrypting read salt from input BIO.
|
||||
*/
|
||||
unsigned char *sptr;
|
||||
size_t str_len = strlen(str);
|
||||
|
||||
if (nosalt) {
|
||||
sptr = NULL;
|
||||
} else {
|
||||
if (enc) {
|
||||
if (hsalt) {
|
||||
if (!set_hex(hsalt, salt, sizeof(salt))) {
|
||||
BIO_printf(bio_err, "invalid hex salt value\n");
|
||||
goto end;
|
||||
}
|
||||
} else if (RAND_bytes(salt, sizeof(salt)) <= 0) {
|
||||
goto end;
|
||||
}
|
||||
/*
|
||||
* If -P option then don't bother writing
|
||||
*/
|
||||
if ((printkey != 2)
|
||||
&& (BIO_write(wbio, magic,
|
||||
sizeof(magic) - 1) != sizeof(magic) - 1
|
||||
|| BIO_write(wbio,
|
||||
(char *)salt,
|
||||
sizeof(salt)) != sizeof(salt))) {
|
||||
BIO_printf(bio_err, "error writing output file\n");
|
||||
goto end;
|
||||
}
|
||||
} else if (BIO_read(rbio, mbuf, sizeof(mbuf)) != sizeof(mbuf)
|
||||
|| BIO_read(rbio,
|
||||
(unsigned char *)salt,
|
||||
sizeof(salt)) != sizeof(salt)) {
|
||||
BIO_printf(bio_err, "error reading input file\n");
|
||||
goto end;
|
||||
} else if (memcmp(mbuf, magic, sizeof(magic) - 1)) {
|
||||
BIO_printf(bio_err, "bad magic number\n");
|
||||
goto end;
|
||||
}
|
||||
sptr = salt;
|
||||
}
|
||||
|
||||
if (pbkdf2 == 1) {
|
||||
/*
|
||||
* derive key and default iv
|
||||
* concatenated into a temporary buffer
|
||||
*/
|
||||
unsigned char tmpkeyiv[EVP_MAX_KEY_LENGTH + EVP_MAX_IV_LENGTH];
|
||||
int iklen = EVP_CIPHER_key_length(cipher);
|
||||
int ivlen = EVP_CIPHER_iv_length(cipher);
|
||||
/* not needed if HASH_UPDATE() is fixed : */
|
||||
int islen = (sptr != NULL ? sizeof(salt) : 0);
|
||||
if (!PKCS5_PBKDF2_HMAC(str, str_len, sptr, islen,
|
||||
iter, dgst, iklen+ivlen, tmpkeyiv)) {
|
||||
BIO_printf(bio_err, "PKCS5_PBKDF2_HMAC failed\n");
|
||||
goto end;
|
||||
}
|
||||
/* split and move data back to global buffer */
|
||||
memcpy(key, tmpkeyiv, iklen);
|
||||
memcpy(iv, tmpkeyiv+iklen, ivlen);
|
||||
} else {
|
||||
BIO_printf(bio_err, "*** WARNING : "
|
||||
"deprecated key derivation used.\n"
|
||||
"Using -iter or -pbkdf2 would be better.\n");
|
||||
if (!EVP_BytesToKey(cipher, dgst, sptr,
|
||||
(unsigned char *)str, str_len,
|
||||
1, key, iv)) {
|
||||
BIO_printf(bio_err, "EVP_BytesToKey failed\n");
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
/*
|
||||
* zero the complete buffer or the string passed from the command
|
||||
* line.
|
||||
*/
|
||||
if (str == strbuf)
|
||||
OPENSSL_cleanse(str, SIZE);
|
||||
else
|
||||
OPENSSL_cleanse(str, str_len);
|
||||
}
|
||||
if (hiv != NULL) {
|
||||
int siz = EVP_CIPHER_iv_length(cipher);
|
||||
if (siz == 0) {
|
||||
BIO_printf(bio_err, "warning: iv not use by this cipher\n");
|
||||
} else if (!set_hex(hiv, iv, siz)) {
|
||||
BIO_printf(bio_err, "invalid hex iv value\n");
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
if ((hiv == NULL) && (str == NULL)
|
||||
&& EVP_CIPHER_iv_length(cipher) != 0) {
|
||||
/*
|
||||
* No IV was explicitly set and no IV was generated.
|
||||
* Hence the IV is undefined, making correct decryption impossible.
|
||||
*/
|
||||
BIO_printf(bio_err, "iv undefined\n");
|
||||
goto end;
|
||||
}
|
||||
if (hkey != NULL) {
|
||||
if (!set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {
|
||||
BIO_printf(bio_err, "invalid hex key value\n");
|
||||
goto end;
|
||||
}
|
||||
/* wiping secret data as we no longer need it */
|
||||
OPENSSL_cleanse(hkey, strlen(hkey));
|
||||
}
|
||||
|
||||
if ((benc = BIO_new(BIO_f_cipher())) == NULL)
|
||||
goto end;
|
||||
|
||||
/*
|
||||
* Since we may be changing parameters work on the encryption context
|
||||
* rather than calling BIO_set_cipher().
|
||||
*/
|
||||
|
||||
BIO_get_cipher_ctx(benc, &ctx);
|
||||
|
||||
if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) {
|
||||
BIO_printf(bio_err, "Error setting cipher %s\n",
|
||||
EVP_CIPHER_name(cipher));
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (nopad)
|
||||
EVP_CIPHER_CTX_set_padding(ctx, 0);
|
||||
|
||||
if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) {
|
||||
BIO_printf(bio_err, "Error setting cipher %s\n",
|
||||
EVP_CIPHER_name(cipher));
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (debug) {
|
||||
BIO_set_callback(benc, BIO_debug_callback);
|
||||
BIO_set_callback_arg(benc, (char *)bio_err);
|
||||
}
|
||||
|
||||
if (printkey) {
|
||||
if (!nosalt) {
|
||||
printf("salt=");
|
||||
for (i = 0; i < (int)sizeof(salt); i++)
|
||||
printf("%02X", salt[i]);
|
||||
printf("\n");
|
||||
}
|
||||
if (EVP_CIPHER_key_length(cipher) > 0) {
|
||||
printf("key=");
|
||||
for (i = 0; i < EVP_CIPHER_key_length(cipher); i++)
|
||||
printf("%02X", key[i]);
|
||||
printf("\n");
|
||||
}
|
||||
if (EVP_CIPHER_iv_length(cipher) > 0) {
|
||||
printf("iv =");
|
||||
for (i = 0; i < EVP_CIPHER_iv_length(cipher); i++)
|
||||
printf("%02X", iv[i]);
|
||||
printf("\n");
|
||||
}
|
||||
if (printkey == 2) {
|
||||
ret = 0;
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* Only encrypt/decrypt as we write the file */
|
||||
if (benc != NULL)
|
||||
wbio = BIO_push(benc, wbio);
|
||||
|
||||
for (;;) {
|
||||
inl = BIO_read(rbio, (char *)buff, bsize);
|
||||
if (inl <= 0)
|
||||
break;
|
||||
if (BIO_write(wbio, (char *)buff, inl) != inl) {
|
||||
BIO_printf(bio_err, "error writing output file\n");
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
if (!BIO_flush(wbio)) {
|
||||
BIO_printf(bio_err, "bad decrypt\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
ret = 0;
|
||||
if (verbose) {
|
||||
BIO_printf(bio_err, "bytes read : %8ju\n", BIO_number_read(in));
|
||||
BIO_printf(bio_err, "bytes written: %8ju\n", BIO_number_written(out));
|
||||
}
|
||||
end:
|
||||
ERR_print_errors(bio_err);
|
||||
OPENSSL_free(strbuf);
|
||||
OPENSSL_free(buff);
|
||||
BIO_free(in);
|
||||
BIO_free_all(out);
|
||||
BIO_free(benc);
|
||||
BIO_free(b64);
|
||||
#ifdef ZLIB
|
||||
BIO_free(bzl);
|
||||
#endif
|
||||
release_engine(e);
|
||||
OPENSSL_free(pass);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static void show_ciphers(const OBJ_NAME *name, void *arg)
|
||||
{
|
||||
struct doall_enc_ciphers *dec = (struct doall_enc_ciphers *)arg;
|
||||
const EVP_CIPHER *cipher;
|
||||
|
||||
if (!islower((unsigned char)*name->name))
|
||||
return;
|
||||
|
||||
/* Filter out ciphers that we cannot use */
|
||||
cipher = EVP_get_cipherbyname(name->name);
|
||||
if (cipher == NULL ||
|
||||
(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 ||
|
||||
EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)
|
||||
return;
|
||||
|
||||
BIO_printf(dec->bio, "-%-25s", name->name);
|
||||
if (++dec->n == 3) {
|
||||
BIO_printf(dec->bio, "\n");
|
||||
dec->n = 0;
|
||||
} else
|
||||
BIO_printf(dec->bio, " ");
|
||||
}
|
||||
|
||||
static int set_hex(const char *in, unsigned char *out, int size)
|
||||
{
|
||||
int i, n;
|
||||
unsigned char j;
|
||||
|
||||
i = size * 2;
|
||||
n = strlen(in);
|
||||
if (n > i) {
|
||||
BIO_printf(bio_err, "hex string is too long, ignoring excess\n");
|
||||
n = i; /* ignore exceeding part */
|
||||
} else if (n < i) {
|
||||
BIO_printf(bio_err, "hex string is too short, padding with zero bytes to length\n");
|
||||
}
|
||||
|
||||
memset(out, 0, size);
|
||||
for (i = 0; i < n; i++) {
|
||||
j = (unsigned char)*in++;
|
||||
if (!isxdigit(j)) {
|
||||
BIO_printf(bio_err, "non-hex digit\n");
|
||||
return 0;
|
||||
}
|
||||
j = (unsigned char)OPENSSL_hexchar2int(j);
|
||||
if (i & 1)
|
||||
out[i / 2] |= j;
|
||||
else
|
||||
out[i / 2] = (j << 4);
|
||||
}
|
||||
return 1;
|
||||
}
|
489
trunk/3rdparty/openssl-1.1-fit/apps/engine.c
vendored
Normal file
489
trunk/3rdparty/openssl-1.1-fit/apps/engine.c
vendored
Normal file
|
@ -0,0 +1,489 @@
|
|||
/*
|
||||
* Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <openssl/opensslconf.h>
|
||||
#ifdef OPENSSL_NO_ENGINE
|
||||
NON_EMPTY_TRANSLATION_UNIT
|
||||
#else
|
||||
|
||||
# include "apps.h"
|
||||
# include "progs.h"
|
||||
# include <stdio.h>
|
||||
# include <stdlib.h>
|
||||
# include <string.h>
|
||||
# include <openssl/err.h>
|
||||
# include <openssl/engine.h>
|
||||
# include <openssl/ssl.h>
|
||||
# include <openssl/store.h>
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
OPT_C, OPT_T, OPT_TT, OPT_PRE, OPT_POST,
|
||||
OPT_V = 100, OPT_VV, OPT_VVV, OPT_VVVV
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS engine_options[] = {
|
||||
{OPT_HELP_STR, 1, '-', "Usage: %s [options] engine...\n"},
|
||||
{OPT_HELP_STR, 1, '-',
|
||||
" engine... Engines to load\n"},
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{"v", OPT_V, '-', "List 'control commands' For each specified engine"},
|
||||
{"vv", OPT_VV, '-', "Also display each command's description"},
|
||||
{"vvv", OPT_VVV, '-', "Also add the input flags for each command"},
|
||||
{"vvvv", OPT_VVVV, '-', "Also show internal input flags"},
|
||||
{"c", OPT_C, '-', "List the capabilities of specified engine"},
|
||||
{"t", OPT_T, '-', "Check that specified engine is available"},
|
||||
{"tt", OPT_TT, '-', "Display error trace for unavailable engines"},
|
||||
{"pre", OPT_PRE, 's', "Run command against the ENGINE before loading it"},
|
||||
{"post", OPT_POST, 's', "Run command against the ENGINE after loading it"},
|
||||
{OPT_MORE_STR, OPT_EOF, 1,
|
||||
"Commands are like \"SO_PATH:/lib/libdriver.so\""},
|
||||
{NULL}
|
||||
};
|
||||
|
||||
static int append_buf(char **buf, int *size, const char *s)
|
||||
{
|
||||
const int expand = 256;
|
||||
int len = strlen(s) + 1;
|
||||
char *p = *buf;
|
||||
|
||||
if (p == NULL) {
|
||||
*size = ((len + expand - 1) / expand) * expand;
|
||||
p = *buf = app_malloc(*size, "engine buffer");
|
||||
} else {
|
||||
const int blen = strlen(p);
|
||||
|
||||
if (blen > 0)
|
||||
len += 2 + blen;
|
||||
|
||||
if (len > *size) {
|
||||
*size = ((len + expand - 1) / expand) * expand;
|
||||
p = OPENSSL_realloc(p, *size);
|
||||
if (p == NULL) {
|
||||
OPENSSL_free(*buf);
|
||||
*buf = NULL;
|
||||
return 0;
|
||||
}
|
||||
*buf = p;
|
||||
}
|
||||
|
||||
if (blen > 0) {
|
||||
p += blen;
|
||||
*p++ = ',';
|
||||
*p++ = ' ';
|
||||
}
|
||||
}
|
||||
|
||||
strcpy(p, s);
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int util_flags(BIO *out, unsigned int flags, const char *indent)
|
||||
{
|
||||
int started = 0, err = 0;
|
||||
/* Indent before displaying input flags */
|
||||
BIO_printf(out, "%s%s(input flags): ", indent, indent);
|
||||
if (flags == 0) {
|
||||
BIO_printf(out, "<no flags>\n");
|
||||
return 1;
|
||||
}
|
||||
/*
|
||||
* If the object is internal, mark it in a way that shows instead of
|
||||
* having it part of all the other flags, even if it really is.
|
||||
*/
|
||||
if (flags & ENGINE_CMD_FLAG_INTERNAL) {
|
||||
BIO_printf(out, "[Internal] ");
|
||||
}
|
||||
|
||||
if (flags & ENGINE_CMD_FLAG_NUMERIC) {
|
||||
BIO_printf(out, "NUMERIC");
|
||||
started = 1;
|
||||
}
|
||||
/*
|
||||
* Now we check that no combinations of the mutually exclusive NUMERIC,
|
||||
* STRING, and NO_INPUT flags have been used. Future flags that can be
|
||||
* OR'd together with these would need to added after these to preserve
|
||||
* the testing logic.
|
||||
*/
|
||||
if (flags & ENGINE_CMD_FLAG_STRING) {
|
||||
if (started) {
|
||||
BIO_printf(out, "|");
|
||||
err = 1;
|
||||
}
|
||||
BIO_printf(out, "STRING");
|
||||
started = 1;
|
||||
}
|
||||
if (flags & ENGINE_CMD_FLAG_NO_INPUT) {
|
||||
if (started) {
|
||||
BIO_printf(out, "|");
|
||||
err = 1;
|
||||
}
|
||||
BIO_printf(out, "NO_INPUT");
|
||||
started = 1;
|
||||
}
|
||||
/* Check for unknown flags */
|
||||
flags = flags & ~ENGINE_CMD_FLAG_NUMERIC &
|
||||
~ENGINE_CMD_FLAG_STRING &
|
||||
~ENGINE_CMD_FLAG_NO_INPUT & ~ENGINE_CMD_FLAG_INTERNAL;
|
||||
if (flags) {
|
||||
if (started)
|
||||
BIO_printf(out, "|");
|
||||
BIO_printf(out, "<0x%04X>", flags);
|
||||
}
|
||||
if (err)
|
||||
BIO_printf(out, " <illegal flags!>");
|
||||
BIO_printf(out, "\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int util_verbose(ENGINE *e, int verbose, BIO *out, const char *indent)
|
||||
{
|
||||
static const int line_wrap = 78;
|
||||
int num;
|
||||
int ret = 0;
|
||||
char *name = NULL;
|
||||
char *desc = NULL;
|
||||
int flags;
|
||||
int xpos = 0;
|
||||
STACK_OF(OPENSSL_STRING) *cmds = NULL;
|
||||
if (!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||
|
||||
((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,
|
||||
0, NULL, NULL)) <= 0)) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
cmds = sk_OPENSSL_STRING_new_null();
|
||||
if (cmds == NULL)
|
||||
goto err;
|
||||
|
||||
do {
|
||||
int len;
|
||||
/* Get the command input flags */
|
||||
if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,
|
||||
NULL, NULL)) < 0)
|
||||
goto err;
|
||||
if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4) {
|
||||
/* Get the command name */
|
||||
if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num,
|
||||
NULL, NULL)) <= 0)
|
||||
goto err;
|
||||
name = app_malloc(len + 1, "name buffer");
|
||||
if (ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name,
|
||||
NULL) <= 0)
|
||||
goto err;
|
||||
/* Get the command description */
|
||||
if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num,
|
||||
NULL, NULL)) < 0)
|
||||
goto err;
|
||||
if (len > 0) {
|
||||
desc = app_malloc(len + 1, "description buffer");
|
||||
if (ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc,
|
||||
NULL) <= 0)
|
||||
goto err;
|
||||
}
|
||||
/* Now decide on the output */
|
||||
if (xpos == 0)
|
||||
/* Do an indent */
|
||||
xpos = BIO_puts(out, indent);
|
||||
else
|
||||
/* Otherwise prepend a ", " */
|
||||
xpos += BIO_printf(out, ", ");
|
||||
if (verbose == 1) {
|
||||
/*
|
||||
* We're just listing names, comma-delimited
|
||||
*/
|
||||
if ((xpos > (int)strlen(indent)) &&
|
||||
(xpos + (int)strlen(name) > line_wrap)) {
|
||||
BIO_printf(out, "\n");
|
||||
xpos = BIO_puts(out, indent);
|
||||
}
|
||||
xpos += BIO_printf(out, "%s", name);
|
||||
} else {
|
||||
/* We're listing names plus descriptions */
|
||||
BIO_printf(out, "%s: %s\n", name,
|
||||
(desc == NULL) ? "<no description>" : desc);
|
||||
/* ... and sometimes input flags */
|
||||
if ((verbose >= 3) && !util_flags(out, flags, indent))
|
||||
goto err;
|
||||
xpos = 0;
|
||||
}
|
||||
}
|
||||
OPENSSL_free(name);
|
||||
name = NULL;
|
||||
OPENSSL_free(desc);
|
||||
desc = NULL;
|
||||
/* Move to the next command */
|
||||
num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE, num, NULL, NULL);
|
||||
} while (num > 0);
|
||||
if (xpos > 0)
|
||||
BIO_printf(out, "\n");
|
||||
ret = 1;
|
||||
err:
|
||||
sk_OPENSSL_STRING_free(cmds);
|
||||
OPENSSL_free(name);
|
||||
OPENSSL_free(desc);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds,
|
||||
BIO *out, const char *indent)
|
||||
{
|
||||
int loop, res, num = sk_OPENSSL_STRING_num(cmds);
|
||||
|
||||
if (num < 0) {
|
||||
BIO_printf(out, "[Error]: internal stack error\n");
|
||||
return;
|
||||
}
|
||||
for (loop = 0; loop < num; loop++) {
|
||||
char buf[256];
|
||||
const char *cmd, *arg;
|
||||
cmd = sk_OPENSSL_STRING_value(cmds, loop);
|
||||
res = 1; /* assume success */
|
||||
/* Check if this command has no ":arg" */
|
||||
if ((arg = strstr(cmd, ":")) == NULL) {
|
||||
if (!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0))
|
||||
res = 0;
|
||||
} else {
|
||||
if ((int)(arg - cmd) > 254) {
|
||||
BIO_printf(out, "[Error]: command name too long\n");
|
||||
return;
|
||||
}
|
||||
memcpy(buf, cmd, (int)(arg - cmd));
|
||||
buf[arg - cmd] = '\0';
|
||||
arg++; /* Move past the ":" */
|
||||
/* Call the command with the argument */
|
||||
if (!ENGINE_ctrl_cmd_string(e, buf, arg, 0))
|
||||
res = 0;
|
||||
}
|
||||
if (res) {
|
||||
BIO_printf(out, "[Success]: %s\n", cmd);
|
||||
} else {
|
||||
BIO_printf(out, "[Failure]: %s\n", cmd);
|
||||
ERR_print_errors(out);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
struct util_store_cap_data {
|
||||
ENGINE *engine;
|
||||
char **cap_buf;
|
||||
int *cap_size;
|
||||
int ok;
|
||||
};
|
||||
static void util_store_cap(const OSSL_STORE_LOADER *loader, void *arg)
|
||||
{
|
||||
struct util_store_cap_data *ctx = arg;
|
||||
|
||||
if (OSSL_STORE_LOADER_get0_engine(loader) == ctx->engine) {
|
||||
char buf[256];
|
||||
BIO_snprintf(buf, sizeof(buf), "STORE(%s)",
|
||||
OSSL_STORE_LOADER_get0_scheme(loader));
|
||||
if (!append_buf(ctx->cap_buf, ctx->cap_size, buf))
|
||||
ctx->ok = 0;
|
||||
}
|
||||
}
|
||||
|
||||
int engine_main(int argc, char **argv)
|
||||
{
|
||||
int ret = 1, i;
|
||||
int verbose = 0, list_cap = 0, test_avail = 0, test_avail_noise = 0;
|
||||
ENGINE *e;
|
||||
STACK_OF(OPENSSL_CSTRING) *engines = sk_OPENSSL_CSTRING_new_null();
|
||||
STACK_OF(OPENSSL_STRING) *pre_cmds = sk_OPENSSL_STRING_new_null();
|
||||
STACK_OF(OPENSSL_STRING) *post_cmds = sk_OPENSSL_STRING_new_null();
|
||||
BIO *out;
|
||||
const char *indent = " ";
|
||||
OPTION_CHOICE o;
|
||||
char *prog;
|
||||
char *argv1;
|
||||
|
||||
out = dup_bio_out(FORMAT_TEXT);
|
||||
if (engines == NULL || pre_cmds == NULL || post_cmds == NULL)
|
||||
goto end;
|
||||
|
||||
/* Remember the original command name, parse/skip any leading engine
|
||||
* names, and then setup to parse the rest of the line as flags. */
|
||||
prog = argv[0];
|
||||
while ((argv1 = argv[1]) != NULL && *argv1 != '-') {
|
||||
sk_OPENSSL_CSTRING_push(engines, argv1);
|
||||
argc--;
|
||||
argv++;
|
||||
}
|
||||
argv[0] = prog;
|
||||
opt_init(argc, argv, engine_options);
|
||||
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF:
|
||||
case OPT_ERR:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
case OPT_HELP:
|
||||
opt_help(engine_options);
|
||||
ret = 0;
|
||||
goto end;
|
||||
case OPT_VVVV:
|
||||
case OPT_VVV:
|
||||
case OPT_VV:
|
||||
case OPT_V:
|
||||
/* Convert to an integer from one to four. */
|
||||
i = (int)(o - OPT_V) + 1;
|
||||
if (verbose < i)
|
||||
verbose = i;
|
||||
break;
|
||||
case OPT_C:
|
||||
list_cap = 1;
|
||||
break;
|
||||
case OPT_TT:
|
||||
test_avail_noise++;
|
||||
/* fall thru */
|
||||
case OPT_T:
|
||||
test_avail++;
|
||||
break;
|
||||
case OPT_PRE:
|
||||
sk_OPENSSL_STRING_push(pre_cmds, opt_arg());
|
||||
break;
|
||||
case OPT_POST:
|
||||
sk_OPENSSL_STRING_push(post_cmds, opt_arg());
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
/* Allow any trailing parameters as engine names. */
|
||||
argc = opt_num_rest();
|
||||
argv = opt_rest();
|
||||
for ( ; *argv; argv++) {
|
||||
if (**argv == '-') {
|
||||
BIO_printf(bio_err, "%s: Cannot mix flags and engine names.\n",
|
||||
prog);
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
}
|
||||
sk_OPENSSL_CSTRING_push(engines, *argv);
|
||||
}
|
||||
|
||||
if (sk_OPENSSL_CSTRING_num(engines) == 0) {
|
||||
for (e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) {
|
||||
sk_OPENSSL_CSTRING_push(engines, ENGINE_get_id(e));
|
||||
}
|
||||
}
|
||||
|
||||
ret = 0;
|
||||
for (i = 0; i < sk_OPENSSL_CSTRING_num(engines); i++) {
|
||||
const char *id = sk_OPENSSL_CSTRING_value(engines, i);
|
||||
if ((e = ENGINE_by_id(id)) != NULL) {
|
||||
const char *name = ENGINE_get_name(e);
|
||||
/*
|
||||
* Do "id" first, then "name". Easier to auto-parse.
|
||||
*/
|
||||
BIO_printf(out, "(%s) %s\n", id, name);
|
||||
util_do_cmds(e, pre_cmds, out, indent);
|
||||
if (strcmp(ENGINE_get_id(e), id) != 0) {
|
||||
BIO_printf(out, "Loaded: (%s) %s\n",
|
||||
ENGINE_get_id(e), ENGINE_get_name(e));
|
||||
}
|
||||
if (list_cap) {
|
||||
int cap_size = 256;
|
||||
char *cap_buf = NULL;
|
||||
int k, n;
|
||||
const int *nids;
|
||||
ENGINE_CIPHERS_PTR fn_c;
|
||||
ENGINE_DIGESTS_PTR fn_d;
|
||||
ENGINE_PKEY_METHS_PTR fn_pk;
|
||||
|
||||
if (ENGINE_get_RSA(e) != NULL
|
||||
&& !append_buf(&cap_buf, &cap_size, "RSA"))
|
||||
goto end;
|
||||
if (ENGINE_get_DSA(e) != NULL
|
||||
&& !append_buf(&cap_buf, &cap_size, "DSA"))
|
||||
goto end;
|
||||
if (ENGINE_get_DH(e) != NULL
|
||||
&& !append_buf(&cap_buf, &cap_size, "DH"))
|
||||
goto end;
|
||||
if (ENGINE_get_RAND(e) != NULL
|
||||
&& !append_buf(&cap_buf, &cap_size, "RAND"))
|
||||
goto end;
|
||||
|
||||
fn_c = ENGINE_get_ciphers(e);
|
||||
if (fn_c == NULL)
|
||||
goto skip_ciphers;
|
||||
n = fn_c(e, NULL, &nids, 0);
|
||||
for (k = 0; k < n; ++k)
|
||||
if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k])))
|
||||
goto end;
|
||||
|
||||
skip_ciphers:
|
||||
fn_d = ENGINE_get_digests(e);
|
||||
if (fn_d == NULL)
|
||||
goto skip_digests;
|
||||
n = fn_d(e, NULL, &nids, 0);
|
||||
for (k = 0; k < n; ++k)
|
||||
if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k])))
|
||||
goto end;
|
||||
|
||||
skip_digests:
|
||||
fn_pk = ENGINE_get_pkey_meths(e);
|
||||
if (fn_pk == NULL)
|
||||
goto skip_pmeths;
|
||||
n = fn_pk(e, NULL, &nids, 0);
|
||||
for (k = 0; k < n; ++k)
|
||||
if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k])))
|
||||
goto end;
|
||||
skip_pmeths:
|
||||
{
|
||||
struct util_store_cap_data store_ctx;
|
||||
|
||||
store_ctx.engine = e;
|
||||
store_ctx.cap_buf = &cap_buf;
|
||||
store_ctx.cap_size = &cap_size;
|
||||
store_ctx.ok = 1;
|
||||
|
||||
OSSL_STORE_do_all_loaders(util_store_cap, &store_ctx);
|
||||
if (!store_ctx.ok)
|
||||
goto end;
|
||||
}
|
||||
if (cap_buf != NULL && (*cap_buf != '\0'))
|
||||
BIO_printf(out, " [%s]\n", cap_buf);
|
||||
|
||||
OPENSSL_free(cap_buf);
|
||||
}
|
||||
if (test_avail) {
|
||||
BIO_printf(out, "%s", indent);
|
||||
if (ENGINE_init(e)) {
|
||||
BIO_printf(out, "[ available ]\n");
|
||||
util_do_cmds(e, post_cmds, out, indent);
|
||||
ENGINE_finish(e);
|
||||
} else {
|
||||
BIO_printf(out, "[ unavailable ]\n");
|
||||
if (test_avail_noise)
|
||||
ERR_print_errors_fp(stdout);
|
||||
ERR_clear_error();
|
||||
}
|
||||
}
|
||||
if ((verbose > 0) && !util_verbose(e, verbose, out, indent))
|
||||
goto end;
|
||||
ENGINE_free(e);
|
||||
} else {
|
||||
ERR_print_errors(bio_err);
|
||||
/* because exit codes above 127 have special meaning on Unix */
|
||||
if (++ret > 127)
|
||||
ret = 127;
|
||||
}
|
||||
}
|
||||
|
||||
end:
|
||||
|
||||
ERR_print_errors(bio_err);
|
||||
sk_OPENSSL_CSTRING_free(engines);
|
||||
sk_OPENSSL_STRING_free(pre_cmds);
|
||||
sk_OPENSSL_STRING_free(post_cmds);
|
||||
BIO_free_all(out);
|
||||
return ret;
|
||||
}
|
||||
#endif
|
67
trunk/3rdparty/openssl-1.1-fit/apps/errstr.c
vendored
Normal file
67
trunk/3rdparty/openssl-1.1-fit/apps/errstr.c
vendored
Normal file
|
@ -0,0 +1,67 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS errstr_options[] = {
|
||||
{OPT_HELP_STR, 1, '-', "Usage: %s [options] errnum...\n"},
|
||||
{OPT_HELP_STR, 1, '-', " errnum Error number\n"},
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{NULL}
|
||||
};
|
||||
|
||||
int errstr_main(int argc, char **argv)
|
||||
{
|
||||
OPTION_CHOICE o;
|
||||
char buf[256], *prog;
|
||||
int ret = 1;
|
||||
unsigned long l;
|
||||
|
||||
prog = opt_init(argc, argv, errstr_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF:
|
||||
case OPT_ERR:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
case OPT_HELP:
|
||||
opt_help(errstr_options);
|
||||
ret = 0;
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
ret = 0;
|
||||
for (argv = opt_rest(); *argv; argv++) {
|
||||
if (sscanf(*argv, "%lx", &l) == 0) {
|
||||
ret++;
|
||||
} else {
|
||||
/* We're not really an SSL application so this won't auto-init, but
|
||||
* we're still interested in SSL error strings
|
||||
*/
|
||||
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS
|
||||
| OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
|
||||
ERR_error_string_n(l, buf, sizeof(buf));
|
||||
BIO_printf(bio_out, "%s\n", buf);
|
||||
}
|
||||
}
|
||||
end:
|
||||
return ret;
|
||||
}
|
146
trunk/3rdparty/openssl-1.1-fit/apps/gendsa.c
vendored
Normal file
146
trunk/3rdparty/openssl-1.1-fit/apps/gendsa.c
vendored
Normal file
|
@ -0,0 +1,146 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <openssl/opensslconf.h>
|
||||
#ifdef OPENSSL_NO_DSA
|
||||
NON_EMPTY_TRANSLATION_UNIT
|
||||
#else
|
||||
|
||||
# include <stdio.h>
|
||||
# include <string.h>
|
||||
# include <sys/types.h>
|
||||
# include <sys/stat.h>
|
||||
# include "apps.h"
|
||||
# include "progs.h"
|
||||
# include <openssl/bio.h>
|
||||
# include <openssl/err.h>
|
||||
# include <openssl/bn.h>
|
||||
# include <openssl/dsa.h>
|
||||
# include <openssl/x509.h>
|
||||
# include <openssl/pem.h>
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
OPT_OUT, OPT_PASSOUT, OPT_ENGINE, OPT_CIPHER,
|
||||
OPT_R_ENUM
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS gendsa_options[] = {
|
||||
{OPT_HELP_STR, 1, '-', "Usage: %s [args] dsaparam-file\n"},
|
||||
{OPT_HELP_STR, 1, '-', "Valid options are:\n"},
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{"out", OPT_OUT, '>', "Output the key to the specified file"},
|
||||
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
|
||||
OPT_R_OPTIONS,
|
||||
{"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
|
||||
# endif
|
||||
{NULL}
|
||||
};
|
||||
|
||||
int gendsa_main(int argc, char **argv)
|
||||
{
|
||||
ENGINE *e = NULL;
|
||||
BIO *out = NULL, *in = NULL;
|
||||
DSA *dsa = NULL;
|
||||
const EVP_CIPHER *enc = NULL;
|
||||
char *dsaparams = NULL;
|
||||
char *outfile = NULL, *passoutarg = NULL, *passout = NULL, *prog;
|
||||
OPTION_CHOICE o;
|
||||
int ret = 1, private = 0;
|
||||
const BIGNUM *p = NULL;
|
||||
|
||||
prog = opt_init(argc, argv, gendsa_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF:
|
||||
case OPT_ERR:
|
||||
opthelp:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
case OPT_HELP:
|
||||
ret = 0;
|
||||
opt_help(gendsa_options);
|
||||
goto end;
|
||||
case OPT_OUT:
|
||||
outfile = opt_arg();
|
||||
break;
|
||||
case OPT_PASSOUT:
|
||||
passoutarg = opt_arg();
|
||||
break;
|
||||
case OPT_ENGINE:
|
||||
e = setup_engine(opt_arg(), 0);
|
||||
break;
|
||||
case OPT_R_CASES:
|
||||
if (!opt_rand(o))
|
||||
goto end;
|
||||
break;
|
||||
case OPT_CIPHER:
|
||||
if (!opt_cipher(opt_unknown(), &enc))
|
||||
goto end;
|
||||
break;
|
||||
}
|
||||
}
|
||||
argc = opt_num_rest();
|
||||
argv = opt_rest();
|
||||
private = 1;
|
||||
|
||||
if (argc != 1)
|
||||
goto opthelp;
|
||||
dsaparams = *argv;
|
||||
|
||||
if (!app_passwd(NULL, passoutarg, NULL, &passout)) {
|
||||
BIO_printf(bio_err, "Error getting password\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
in = bio_open_default(dsaparams, 'r', FORMAT_PEM);
|
||||
if (in == NULL)
|
||||
goto end2;
|
||||
|
||||
if ((dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL)) == NULL) {
|
||||
BIO_printf(bio_err, "unable to load DSA parameter file\n");
|
||||
goto end;
|
||||
}
|
||||
BIO_free(in);
|
||||
in = NULL;
|
||||
|
||||
out = bio_open_owner(outfile, FORMAT_PEM, private);
|
||||
if (out == NULL)
|
||||
goto end2;
|
||||
|
||||
DSA_get0_pqg(dsa, &p, NULL, NULL);
|
||||
|
||||
if (BN_num_bits(p) > OPENSSL_DSA_MAX_MODULUS_BITS)
|
||||
BIO_printf(bio_err,
|
||||
"Warning: It is not recommended to use more than %d bit for DSA keys.\n"
|
||||
" Your key size is %d! Larger key size may behave not as expected.\n",
|
||||
OPENSSL_DSA_MAX_MODULUS_BITS, BN_num_bits(p));
|
||||
|
||||
BIO_printf(bio_err, "Generating DSA key, %d bits\n", BN_num_bits(p));
|
||||
if (!DSA_generate_key(dsa))
|
||||
goto end;
|
||||
|
||||
assert(private);
|
||||
if (!PEM_write_bio_DSAPrivateKey(out, dsa, enc, NULL, 0, NULL, passout))
|
||||
goto end;
|
||||
ret = 0;
|
||||
end:
|
||||
if (ret != 0)
|
||||
ERR_print_errors(bio_err);
|
||||
end2:
|
||||
BIO_free(in);
|
||||
BIO_free_all(out);
|
||||
DSA_free(dsa);
|
||||
release_engine(e);
|
||||
OPENSSL_free(passout);
|
||||
return ret;
|
||||
}
|
||||
#endif
|
322
trunk/3rdparty/openssl-1.1-fit/apps/genpkey.c
vendored
Normal file
322
trunk/3rdparty/openssl-1.1-fit/apps/genpkey.c
vendored
Normal file
|
@ -0,0 +1,322 @@
|
|||
/*
|
||||
* Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/evp.h>
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
# include <openssl/engine.h>
|
||||
#endif
|
||||
|
||||
static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e);
|
||||
static int genpkey_cb(EVP_PKEY_CTX *ctx);
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
OPT_ENGINE, OPT_OUTFORM, OPT_OUT, OPT_PASS, OPT_PARAMFILE,
|
||||
OPT_ALGORITHM, OPT_PKEYOPT, OPT_GENPARAM, OPT_TEXT, OPT_CIPHER
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS genpkey_options[] = {
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{"out", OPT_OUT, '>', "Output file"},
|
||||
{"outform", OPT_OUTFORM, 'F', "output format (DER or PEM)"},
|
||||
{"pass", OPT_PASS, 's', "Output file pass phrase source"},
|
||||
{"paramfile", OPT_PARAMFILE, '<', "Parameters file"},
|
||||
{"algorithm", OPT_ALGORITHM, 's', "The public key algorithm"},
|
||||
{"pkeyopt", OPT_PKEYOPT, 's',
|
||||
"Set the public key algorithm option as opt:value"},
|
||||
{"genparam", OPT_GENPARAM, '-', "Generate parameters, not key"},
|
||||
{"text", OPT_TEXT, '-', "Print the in text"},
|
||||
{"", OPT_CIPHER, '-', "Cipher to use to encrypt the key"},
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
|
||||
#endif
|
||||
/* This is deliberately last. */
|
||||
{OPT_HELP_STR, 1, 1,
|
||||
"Order of options may be important! See the documentation.\n"},
|
||||
{NULL}
|
||||
};
|
||||
|
||||
int genpkey_main(int argc, char **argv)
|
||||
{
|
||||
BIO *in = NULL, *out = NULL;
|
||||
ENGINE *e = NULL;
|
||||
EVP_PKEY *pkey = NULL;
|
||||
EVP_PKEY_CTX *ctx = NULL;
|
||||
char *outfile = NULL, *passarg = NULL, *pass = NULL, *prog;
|
||||
const EVP_CIPHER *cipher = NULL;
|
||||
OPTION_CHOICE o;
|
||||
int outformat = FORMAT_PEM, text = 0, ret = 1, rv, do_param = 0;
|
||||
int private = 0;
|
||||
|
||||
prog = opt_init(argc, argv, genpkey_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF:
|
||||
case OPT_ERR:
|
||||
opthelp:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
case OPT_HELP:
|
||||
ret = 0;
|
||||
opt_help(genpkey_options);
|
||||
goto end;
|
||||
case OPT_OUTFORM:
|
||||
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_OUT:
|
||||
outfile = opt_arg();
|
||||
break;
|
||||
case OPT_PASS:
|
||||
passarg = opt_arg();
|
||||
break;
|
||||
case OPT_ENGINE:
|
||||
e = setup_engine(opt_arg(), 0);
|
||||
break;
|
||||
case OPT_PARAMFILE:
|
||||
if (do_param == 1)
|
||||
goto opthelp;
|
||||
if (!init_keygen_file(&ctx, opt_arg(), e))
|
||||
goto end;
|
||||
break;
|
||||
case OPT_ALGORITHM:
|
||||
if (!init_gen_str(&ctx, opt_arg(), e, do_param))
|
||||
goto end;
|
||||
break;
|
||||
case OPT_PKEYOPT:
|
||||
if (ctx == NULL) {
|
||||
BIO_printf(bio_err, "%s: No keytype specified.\n", prog);
|
||||
goto opthelp;
|
||||
}
|
||||
if (pkey_ctrl_string(ctx, opt_arg()) <= 0) {
|
||||
BIO_printf(bio_err,
|
||||
"%s: Error setting %s parameter:\n",
|
||||
prog, opt_arg());
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
break;
|
||||
case OPT_GENPARAM:
|
||||
if (ctx != NULL)
|
||||
goto opthelp;
|
||||
do_param = 1;
|
||||
break;
|
||||
case OPT_TEXT:
|
||||
text = 1;
|
||||
break;
|
||||
case OPT_CIPHER:
|
||||
if (!opt_cipher(opt_unknown(), &cipher)
|
||||
|| do_param == 1)
|
||||
goto opthelp;
|
||||
if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE ||
|
||||
EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE ||
|
||||
EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE ||
|
||||
EVP_CIPHER_mode(cipher) == EVP_CIPH_OCB_MODE) {
|
||||
BIO_printf(bio_err, "%s: cipher mode not supported\n", prog);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
}
|
||||
argc = opt_num_rest();
|
||||
if (argc != 0)
|
||||
goto opthelp;
|
||||
|
||||
private = do_param ? 0 : 1;
|
||||
|
||||
if (ctx == NULL)
|
||||
goto opthelp;
|
||||
|
||||
if (!app_passwd(passarg, NULL, &pass, NULL)) {
|
||||
BIO_puts(bio_err, "Error getting password\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
out = bio_open_owner(outfile, outformat, private);
|
||||
if (out == NULL)
|
||||
goto end;
|
||||
|
||||
EVP_PKEY_CTX_set_cb(ctx, genpkey_cb);
|
||||
EVP_PKEY_CTX_set_app_data(ctx, bio_err);
|
||||
|
||||
if (do_param) {
|
||||
if (EVP_PKEY_paramgen(ctx, &pkey) <= 0) {
|
||||
BIO_puts(bio_err, "Error generating parameters\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
} else {
|
||||
if (EVP_PKEY_keygen(ctx, &pkey) <= 0) {
|
||||
BIO_puts(bio_err, "Error generating key\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if (do_param) {
|
||||
rv = PEM_write_bio_Parameters(out, pkey);
|
||||
} else if (outformat == FORMAT_PEM) {
|
||||
assert(private);
|
||||
rv = PEM_write_bio_PrivateKey(out, pkey, cipher, NULL, 0, NULL, pass);
|
||||
} else if (outformat == FORMAT_ASN1) {
|
||||
assert(private);
|
||||
rv = i2d_PrivateKey_bio(out, pkey);
|
||||
} else {
|
||||
BIO_printf(bio_err, "Bad format specified for key\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (rv <= 0) {
|
||||
BIO_puts(bio_err, "Error writing key\n");
|
||||
ERR_print_errors(bio_err);
|
||||
}
|
||||
|
||||
if (text) {
|
||||
if (do_param)
|
||||
rv = EVP_PKEY_print_params(out, pkey, 0, NULL);
|
||||
else
|
||||
rv = EVP_PKEY_print_private(out, pkey, 0, NULL);
|
||||
|
||||
if (rv <= 0) {
|
||||
BIO_puts(bio_err, "Error printing key\n");
|
||||
ERR_print_errors(bio_err);
|
||||
}
|
||||
}
|
||||
|
||||
ret = 0;
|
||||
|
||||
end:
|
||||
EVP_PKEY_free(pkey);
|
||||
EVP_PKEY_CTX_free(ctx);
|
||||
BIO_free_all(out);
|
||||
BIO_free(in);
|
||||
release_engine(e);
|
||||
OPENSSL_free(pass);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e)
|
||||
{
|
||||
BIO *pbio;
|
||||
EVP_PKEY *pkey = NULL;
|
||||
EVP_PKEY_CTX *ctx = NULL;
|
||||
if (*pctx) {
|
||||
BIO_puts(bio_err, "Parameters already set!\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
pbio = BIO_new_file(file, "r");
|
||||
if (!pbio) {
|
||||
BIO_printf(bio_err, "Can't open parameter file %s\n", file);
|
||||
return 0;
|
||||
}
|
||||
|
||||
pkey = PEM_read_bio_Parameters(pbio, NULL);
|
||||
BIO_free(pbio);
|
||||
|
||||
if (!pkey) {
|
||||
BIO_printf(bio_err, "Error reading parameter file %s\n", file);
|
||||
return 0;
|
||||
}
|
||||
|
||||
ctx = EVP_PKEY_CTX_new(pkey, e);
|
||||
if (ctx == NULL)
|
||||
goto err;
|
||||
if (EVP_PKEY_keygen_init(ctx) <= 0)
|
||||
goto err;
|
||||
EVP_PKEY_free(pkey);
|
||||
*pctx = ctx;
|
||||
return 1;
|
||||
|
||||
err:
|
||||
BIO_puts(bio_err, "Error initializing context\n");
|
||||
ERR_print_errors(bio_err);
|
||||
EVP_PKEY_CTX_free(ctx);
|
||||
EVP_PKEY_free(pkey);
|
||||
return 0;
|
||||
|
||||
}
|
||||
|
||||
int init_gen_str(EVP_PKEY_CTX **pctx,
|
||||
const char *algname, ENGINE *e, int do_param)
|
||||
{
|
||||
EVP_PKEY_CTX *ctx = NULL;
|
||||
const EVP_PKEY_ASN1_METHOD *ameth;
|
||||
ENGINE *tmpeng = NULL;
|
||||
int pkey_id;
|
||||
|
||||
if (*pctx) {
|
||||
BIO_puts(bio_err, "Algorithm already set!\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
ameth = EVP_PKEY_asn1_find_str(&tmpeng, algname, -1);
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
if (!ameth && e)
|
||||
ameth = ENGINE_get_pkey_asn1_meth_str(e, algname, -1);
|
||||
#endif
|
||||
|
||||
if (!ameth) {
|
||||
BIO_printf(bio_err, "Algorithm %s not found\n", algname);
|
||||
return 0;
|
||||
}
|
||||
|
||||
ERR_clear_error();
|
||||
|
||||
EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
ENGINE_finish(tmpeng);
|
||||
#endif
|
||||
ctx = EVP_PKEY_CTX_new_id(pkey_id, e);
|
||||
|
||||
if (!ctx)
|
||||
goto err;
|
||||
if (do_param) {
|
||||
if (EVP_PKEY_paramgen_init(ctx) <= 0)
|
||||
goto err;
|
||||
} else {
|
||||
if (EVP_PKEY_keygen_init(ctx) <= 0)
|
||||
goto err;
|
||||
}
|
||||
|
||||
*pctx = ctx;
|
||||
return 1;
|
||||
|
||||
err:
|
||||
BIO_printf(bio_err, "Error initializing %s context\n", algname);
|
||||
ERR_print_errors(bio_err);
|
||||
EVP_PKEY_CTX_free(ctx);
|
||||
return 0;
|
||||
|
||||
}
|
||||
|
||||
static int genpkey_cb(EVP_PKEY_CTX *ctx)
|
||||
{
|
||||
char c = '*';
|
||||
BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
|
||||
int p;
|
||||
p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
|
||||
if (p == 0)
|
||||
c = '.';
|
||||
if (p == 1)
|
||||
c = '+';
|
||||
if (p == 2)
|
||||
c = '*';
|
||||
if (p == 3)
|
||||
c = '\n';
|
||||
BIO_write(b, &c, 1);
|
||||
(void)BIO_flush(b);
|
||||
return 1;
|
||||
}
|
201
trunk/3rdparty/openssl-1.1-fit/apps/genrsa.c
vendored
Normal file
201
trunk/3rdparty/openssl-1.1-fit/apps/genrsa.c
vendored
Normal file
|
@ -0,0 +1,201 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <openssl/opensslconf.h>
|
||||
#ifdef OPENSSL_NO_RSA
|
||||
NON_EMPTY_TRANSLATION_UNIT
|
||||
#else
|
||||
|
||||
# include <stdio.h>
|
||||
# include <string.h>
|
||||
# include <sys/types.h>
|
||||
# include <sys/stat.h>
|
||||
# include "apps.h"
|
||||
# include "progs.h"
|
||||
# include <openssl/bio.h>
|
||||
# include <openssl/err.h>
|
||||
# include <openssl/bn.h>
|
||||
# include <openssl/rsa.h>
|
||||
# include <openssl/evp.h>
|
||||
# include <openssl/x509.h>
|
||||
# include <openssl/pem.h>
|
||||
# include <openssl/rand.h>
|
||||
|
||||
# define DEFBITS 2048
|
||||
# define DEFPRIMES 2
|
||||
|
||||
static int genrsa_cb(int p, int n, BN_GENCB *cb);
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
OPT_3, OPT_F4, OPT_ENGINE,
|
||||
OPT_OUT, OPT_PASSOUT, OPT_CIPHER, OPT_PRIMES,
|
||||
OPT_R_ENUM
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS genrsa_options[] = {
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{"3", OPT_3, '-', "Use 3 for the E value"},
|
||||
{"F4", OPT_F4, '-', "Use F4 (0x10001) for the E value"},
|
||||
{"f4", OPT_F4, '-', "Use F4 (0x10001) for the E value"},
|
||||
{"out", OPT_OUT, '>', "Output the key to specified file"},
|
||||
OPT_R_OPTIONS,
|
||||
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
|
||||
{"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
|
||||
# endif
|
||||
{"primes", OPT_PRIMES, 'p', "Specify number of primes"},
|
||||
{NULL}
|
||||
};
|
||||
|
||||
int genrsa_main(int argc, char **argv)
|
||||
{
|
||||
BN_GENCB *cb = BN_GENCB_new();
|
||||
PW_CB_DATA cb_data;
|
||||
ENGINE *eng = NULL;
|
||||
BIGNUM *bn = BN_new();
|
||||
BIO *out = NULL;
|
||||
const BIGNUM *e;
|
||||
RSA *rsa = NULL;
|
||||
const EVP_CIPHER *enc = NULL;
|
||||
int ret = 1, num = DEFBITS, private = 0, primes = DEFPRIMES;
|
||||
unsigned long f4 = RSA_F4;
|
||||
char *outfile = NULL, *passoutarg = NULL, *passout = NULL;
|
||||
char *prog, *hexe, *dece;
|
||||
OPTION_CHOICE o;
|
||||
|
||||
if (bn == NULL || cb == NULL)
|
||||
goto end;
|
||||
|
||||
BN_GENCB_set(cb, genrsa_cb, bio_err);
|
||||
|
||||
prog = opt_init(argc, argv, genrsa_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF:
|
||||
case OPT_ERR:
|
||||
opthelp:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
case OPT_HELP:
|
||||
ret = 0;
|
||||
opt_help(genrsa_options);
|
||||
goto end;
|
||||
case OPT_3:
|
||||
f4 = 3;
|
||||
break;
|
||||
case OPT_F4:
|
||||
f4 = RSA_F4;
|
||||
break;
|
||||
case OPT_OUT:
|
||||
outfile = opt_arg();
|
||||
break;
|
||||
case OPT_ENGINE:
|
||||
eng = setup_engine(opt_arg(), 0);
|
||||
break;
|
||||
case OPT_R_CASES:
|
||||
if (!opt_rand(o))
|
||||
goto end;
|
||||
break;
|
||||
case OPT_PASSOUT:
|
||||
passoutarg = opt_arg();
|
||||
break;
|
||||
case OPT_CIPHER:
|
||||
if (!opt_cipher(opt_unknown(), &enc))
|
||||
goto end;
|
||||
break;
|
||||
case OPT_PRIMES:
|
||||
if (!opt_int(opt_arg(), &primes))
|
||||
goto end;
|
||||
break;
|
||||
}
|
||||
}
|
||||
argc = opt_num_rest();
|
||||
argv = opt_rest();
|
||||
|
||||
if (argc == 1) {
|
||||
if (!opt_int(argv[0], &num) || num <= 0)
|
||||
goto end;
|
||||
if (num > OPENSSL_RSA_MAX_MODULUS_BITS)
|
||||
BIO_printf(bio_err,
|
||||
"Warning: It is not recommended to use more than %d bit for RSA keys.\n"
|
||||
" Your key size is %d! Larger key size may behave not as expected.\n",
|
||||
OPENSSL_RSA_MAX_MODULUS_BITS, num);
|
||||
} else if (argc > 0) {
|
||||
BIO_printf(bio_err, "Extra arguments given.\n");
|
||||
goto opthelp;
|
||||
}
|
||||
|
||||
private = 1;
|
||||
if (!app_passwd(NULL, passoutarg, NULL, &passout)) {
|
||||
BIO_printf(bio_err, "Error getting password\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
out = bio_open_owner(outfile, FORMAT_PEM, private);
|
||||
if (out == NULL)
|
||||
goto end;
|
||||
|
||||
BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus (%d primes)\n",
|
||||
num, primes);
|
||||
rsa = eng ? RSA_new_method(eng) : RSA_new();
|
||||
if (rsa == NULL)
|
||||
goto end;
|
||||
|
||||
if (!BN_set_word(bn, f4)
|
||||
|| !RSA_generate_multi_prime_key(rsa, num, primes, bn, cb))
|
||||
goto end;
|
||||
|
||||
RSA_get0_key(rsa, NULL, &e, NULL);
|
||||
hexe = BN_bn2hex(e);
|
||||
dece = BN_bn2dec(e);
|
||||
if (hexe && dece) {
|
||||
BIO_printf(bio_err, "e is %s (0x%s)\n", dece, hexe);
|
||||
}
|
||||
OPENSSL_free(hexe);
|
||||
OPENSSL_free(dece);
|
||||
cb_data.password = passout;
|
||||
cb_data.prompt_info = outfile;
|
||||
assert(private);
|
||||
if (!PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0,
|
||||
(pem_password_cb *)password_callback,
|
||||
&cb_data))
|
||||
goto end;
|
||||
|
||||
ret = 0;
|
||||
end:
|
||||
BN_free(bn);
|
||||
BN_GENCB_free(cb);
|
||||
RSA_free(rsa);
|
||||
BIO_free_all(out);
|
||||
release_engine(eng);
|
||||
OPENSSL_free(passout);
|
||||
if (ret != 0)
|
||||
ERR_print_errors(bio_err);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int genrsa_cb(int p, int n, BN_GENCB *cb)
|
||||
{
|
||||
char c = '*';
|
||||
|
||||
if (p == 0)
|
||||
c = '.';
|
||||
if (p == 1)
|
||||
c = '+';
|
||||
if (p == 2)
|
||||
c = '*';
|
||||
if (p == 3)
|
||||
c = '\n';
|
||||
BIO_write(BN_GENCB_get_arg(cb), &c, 1);
|
||||
(void)BIO_flush(BN_GENCB_get_arg(cb));
|
||||
return 1;
|
||||
}
|
||||
#endif
|
114
trunk/3rdparty/openssl-1.1-fit/apps/nseq.c
vendored
Normal file
114
trunk/3rdparty/openssl-1.1-fit/apps/nseq.c
vendored
Normal file
|
@ -0,0 +1,114 @@
|
|||
/*
|
||||
* Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/err.h>
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
OPT_TOSEQ, OPT_IN, OPT_OUT
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS nseq_options[] = {
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{"toseq", OPT_TOSEQ, '-', "Output NS Sequence file"},
|
||||
{"in", OPT_IN, '<', "Input file"},
|
||||
{"out", OPT_OUT, '>', "Output file"},
|
||||
{NULL}
|
||||
};
|
||||
|
||||
int nseq_main(int argc, char **argv)
|
||||
{
|
||||
BIO *in = NULL, *out = NULL;
|
||||
X509 *x509 = NULL;
|
||||
NETSCAPE_CERT_SEQUENCE *seq = NULL;
|
||||
OPTION_CHOICE o;
|
||||
int toseq = 0, ret = 1, i;
|
||||
char *infile = NULL, *outfile = NULL, *prog;
|
||||
|
||||
prog = opt_init(argc, argv, nseq_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF:
|
||||
case OPT_ERR:
|
||||
opthelp:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
case OPT_HELP:
|
||||
ret = 0;
|
||||
opt_help(nseq_options);
|
||||
goto end;
|
||||
case OPT_TOSEQ:
|
||||
toseq = 1;
|
||||
break;
|
||||
case OPT_IN:
|
||||
infile = opt_arg();
|
||||
break;
|
||||
case OPT_OUT:
|
||||
outfile = opt_arg();
|
||||
break;
|
||||
}
|
||||
}
|
||||
argc = opt_num_rest();
|
||||
if (argc != 0)
|
||||
goto opthelp;
|
||||
|
||||
in = bio_open_default(infile, 'r', FORMAT_PEM);
|
||||
if (in == NULL)
|
||||
goto end;
|
||||
out = bio_open_default(outfile, 'w', FORMAT_PEM);
|
||||
if (out == NULL)
|
||||
goto end;
|
||||
|
||||
if (toseq) {
|
||||
seq = NETSCAPE_CERT_SEQUENCE_new();
|
||||
if (seq == NULL)
|
||||
goto end;
|
||||
seq->certs = sk_X509_new_null();
|
||||
if (seq->certs == NULL)
|
||||
goto end;
|
||||
while ((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL)))
|
||||
sk_X509_push(seq->certs, x509);
|
||||
|
||||
if (!sk_X509_num(seq->certs)) {
|
||||
BIO_printf(bio_err, "%s: Error reading certs file %s\n",
|
||||
prog, infile);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
PEM_write_bio_NETSCAPE_CERT_SEQUENCE(out, seq);
|
||||
ret = 0;
|
||||
goto end;
|
||||
}
|
||||
|
||||
seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL);
|
||||
if (seq == NULL) {
|
||||
BIO_printf(bio_err, "%s: Error reading sequence file %s\n",
|
||||
prog, infile);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
for (i = 0; i < sk_X509_num(seq->certs); i++) {
|
||||
x509 = sk_X509_value(seq->certs, i);
|
||||
dump_cert_text(out, x509);
|
||||
PEM_write_bio_X509(out, x509);
|
||||
}
|
||||
ret = 0;
|
||||
end:
|
||||
BIO_free(in);
|
||||
BIO_free_all(out);
|
||||
NETSCAPE_CERT_SEQUENCE_free(seq);
|
||||
|
||||
return ret;
|
||||
}
|
1621
trunk/3rdparty/openssl-1.1-fit/apps/ocsp.c
vendored
Normal file
1621
trunk/3rdparty/openssl-1.1-fit/apps/ocsp.c
vendored
Normal file
File diff suppressed because it is too large
Load diff
350
trunk/3rdparty/openssl-1.1-fit/apps/openssl-vms.cnf
vendored
Normal file
350
trunk/3rdparty/openssl-1.1-fit/apps/openssl-vms.cnf
vendored
Normal file
|
@ -0,0 +1,350 @@
|
|||
#
|
||||
# OpenSSL example configuration file.
|
||||
# This is mostly being used for generation of certificate requests.
|
||||
#
|
||||
|
||||
# Note that you can include other files from the main configuration
|
||||
# file using the .include directive.
|
||||
#.include filename
|
||||
|
||||
# This definition stops the following lines choking if HOME isn't
|
||||
# defined.
|
||||
HOME = .
|
||||
|
||||
# Extra OBJECT IDENTIFIER info:
|
||||
#oid_file = $ENV::HOME/.oid
|
||||
oid_section = new_oids
|
||||
|
||||
# To use this configuration file with the "-extfile" option of the
|
||||
# "openssl x509" utility, name here the section containing the
|
||||
# X.509v3 extensions to use:
|
||||
# extensions =
|
||||
# (Alternatively, use a configuration file that has only
|
||||
# X.509v3 extensions in its main [= default] section.)
|
||||
|
||||
[ new_oids ]
|
||||
|
||||
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
|
||||
# Add a simple OID like this:
|
||||
# testoid1=1.2.3.4
|
||||
# Or use config file substitution like this:
|
||||
# testoid2=${testoid1}.5.6
|
||||
|
||||
# Policies used by the TSA examples.
|
||||
tsa_policy1 = 1.2.3.4.1
|
||||
tsa_policy2 = 1.2.3.4.5.6
|
||||
tsa_policy3 = 1.2.3.4.5.7
|
||||
|
||||
####################################################################
|
||||
[ ca ]
|
||||
default_ca = CA_default # The default ca section
|
||||
|
||||
####################################################################
|
||||
[ CA_default ]
|
||||
|
||||
dir = sys\$disk:[.demoCA # Where everything is kept
|
||||
certs = $dir.certs] # Where the issued certs are kept
|
||||
crl_dir = $dir.crl] # Where the issued crl are kept
|
||||
database = $dir]index.txt # database index file.
|
||||
#unique_subject = no # Set to 'no' to allow creation of
|
||||
# several certs with same subject.
|
||||
new_certs_dir = $dir.newcerts] # default place for new certs.
|
||||
|
||||
certificate = $dir]cacert.pem # The CA certificate
|
||||
serial = $dir]serial. # The current serial number
|
||||
crlnumber = $dir]crlnumber. # the current crl number
|
||||
# must be commented out to leave a V1 CRL
|
||||
crl = $dir]crl.pem # The current CRL
|
||||
private_key = $dir.private]cakey.pem# The private key
|
||||
|
||||
x509_extensions = usr_cert # The extensions to add to the cert
|
||||
|
||||
# Comment out the following two lines for the "traditional"
|
||||
# (and highly broken) format.
|
||||
name_opt = ca_default # Subject Name options
|
||||
cert_opt = ca_default # Certificate field options
|
||||
|
||||
# Extension copying option: use with caution.
|
||||
# copy_extensions = copy
|
||||
|
||||
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
|
||||
# so this is commented out by default to leave a V1 CRL.
|
||||
# crlnumber must also be commented out to leave a V1 CRL.
|
||||
# crl_extensions = crl_ext
|
||||
|
||||
default_days = 365 # how long to certify for
|
||||
default_crl_days= 30 # how long before next CRL
|
||||
default_md = default # use public key default MD
|
||||
preserve = no # keep passed DN ordering
|
||||
|
||||
# A few difference way of specifying how similar the request should look
|
||||
# For type CA, the listed attributes must be the same, and the optional
|
||||
# and supplied fields are just that :-)
|
||||
policy = policy_match
|
||||
|
||||
# For the CA policy
|
||||
[ policy_match ]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
# For the 'anything' policy
|
||||
# At this point in time, you must list all acceptable 'object'
|
||||
# types.
|
||||
[ policy_anything ]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
####################################################################
|
||||
[ req ]
|
||||
default_bits = 2048
|
||||
default_keyfile = privkey.pem
|
||||
distinguished_name = req_distinguished_name
|
||||
attributes = req_attributes
|
||||
x509_extensions = v3_ca # The extensions to add to the self signed cert
|
||||
|
||||
# Passwords for private keys if not present they will be prompted for
|
||||
# input_password = secret
|
||||
# output_password = secret
|
||||
|
||||
# This sets a mask for permitted string types. There are several options.
|
||||
# default: PrintableString, T61String, BMPString.
|
||||
# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
|
||||
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
|
||||
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
|
||||
# MASK:XXXX a literal mask value.
|
||||
# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
|
||||
string_mask = utf8only
|
||||
|
||||
# req_extensions = v3_req # The extensions to add to a certificate request
|
||||
|
||||
[ req_distinguished_name ]
|
||||
countryName = Country Name (2 letter code)
|
||||
countryName_default = AU
|
||||
countryName_min = 2
|
||||
countryName_max = 2
|
||||
|
||||
stateOrProvinceName = State or Province Name (full name)
|
||||
stateOrProvinceName_default = Some-State
|
||||
|
||||
localityName = Locality Name (eg, city)
|
||||
|
||||
0.organizationName = Organization Name (eg, company)
|
||||
0.organizationName_default = Internet Widgits Pty Ltd
|
||||
|
||||
# we can do this but it is not needed normally :-)
|
||||
#1.organizationName = Second Organization Name (eg, company)
|
||||
#1.organizationName_default = World Wide Web Pty Ltd
|
||||
|
||||
organizationalUnitName = Organizational Unit Name (eg, section)
|
||||
#organizationalUnitName_default =
|
||||
|
||||
commonName = Common Name (e.g. server FQDN or YOUR name)
|
||||
commonName_max = 64
|
||||
|
||||
emailAddress = Email Address
|
||||
emailAddress_max = 64
|
||||
|
||||
# SET-ex3 = SET extension number 3
|
||||
|
||||
[ req_attributes ]
|
||||
challengePassword = A challenge password
|
||||
challengePassword_min = 4
|
||||
challengePassword_max = 20
|
||||
|
||||
unstructuredName = An optional company name
|
||||
|
||||
[ usr_cert ]
|
||||
|
||||
# These extensions are added when 'ca' signs a request.
|
||||
|
||||
# This goes against PKIX guidelines but some CAs do it and some software
|
||||
# requires this to avoid interpreting an end user certificate as a CA.
|
||||
|
||||
basicConstraints=CA:FALSE
|
||||
|
||||
# Here are some examples of the usage of nsCertType. If it is omitted
|
||||
# the certificate can be used for anything *except* object signing.
|
||||
|
||||
# This is OK for an SSL server.
|
||||
# nsCertType = server
|
||||
|
||||
# For an object signing certificate this would be used.
|
||||
# nsCertType = objsign
|
||||
|
||||
# For normal client use this is typical
|
||||
# nsCertType = client, email
|
||||
|
||||
# and for everything including object signing:
|
||||
# nsCertType = client, email, objsign
|
||||
|
||||
# This is typical in keyUsage for a client certificate.
|
||||
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
||||
|
||||
# This will be displayed in Netscape's comment listbox.
|
||||
nsComment = "OpenSSL Generated Certificate"
|
||||
|
||||
# PKIX recommendations harmless if included in all certificates.
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid,issuer
|
||||
|
||||
# This stuff is for subjectAltName and issuerAltname.
|
||||
# Import the email address.
|
||||
# subjectAltName=email:copy
|
||||
# An alternative to produce certificates that aren't
|
||||
# deprecated according to PKIX.
|
||||
# subjectAltName=email:move
|
||||
|
||||
# Copy subject details
|
||||
# issuerAltName=issuer:copy
|
||||
|
||||
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
|
||||
#nsBaseUrl
|
||||
#nsRevocationUrl
|
||||
#nsRenewalUrl
|
||||
#nsCaPolicyUrl
|
||||
#nsSslServerName
|
||||
|
||||
# This is required for TSA certificates.
|
||||
# extendedKeyUsage = critical,timeStamping
|
||||
|
||||
[ v3_req ]
|
||||
|
||||
# Extensions to add to a certificate request
|
||||
|
||||
basicConstraints = CA:FALSE
|
||||
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
||||
|
||||
[ v3_ca ]
|
||||
|
||||
|
||||
# Extensions for a typical CA
|
||||
|
||||
|
||||
# PKIX recommendation.
|
||||
|
||||
subjectKeyIdentifier=hash
|
||||
|
||||
authorityKeyIdentifier=keyid:always,issuer
|
||||
|
||||
basicConstraints = critical,CA:true
|
||||
|
||||
# Key usage: this is typical for a CA certificate. However since it will
|
||||
# prevent it being used as an test self-signed certificate it is best
|
||||
# left out by default.
|
||||
# keyUsage = cRLSign, keyCertSign
|
||||
|
||||
# Some might want this also
|
||||
# nsCertType = sslCA, emailCA
|
||||
|
||||
# Include email address in subject alt name: another PKIX recommendation
|
||||
# subjectAltName=email:copy
|
||||
# Copy issuer details
|
||||
# issuerAltName=issuer:copy
|
||||
|
||||
# DER hex encoding of an extension: beware experts only!
|
||||
# obj=DER:02:03
|
||||
# Where 'obj' is a standard or added object
|
||||
# You can even override a supported extension:
|
||||
# basicConstraints= critical, DER:30:03:01:01:FF
|
||||
|
||||
[ crl_ext ]
|
||||
|
||||
# CRL extensions.
|
||||
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
|
||||
|
||||
# issuerAltName=issuer:copy
|
||||
authorityKeyIdentifier=keyid:always
|
||||
|
||||
[ proxy_cert_ext ]
|
||||
# These extensions should be added when creating a proxy certificate
|
||||
|
||||
# This goes against PKIX guidelines but some CAs do it and some software
|
||||
# requires this to avoid interpreting an end user certificate as a CA.
|
||||
|
||||
basicConstraints=CA:FALSE
|
||||
|
||||
# Here are some examples of the usage of nsCertType. If it is omitted
|
||||
# the certificate can be used for anything *except* object signing.
|
||||
|
||||
# This is OK for an SSL server.
|
||||
# nsCertType = server
|
||||
|
||||
# For an object signing certificate this would be used.
|
||||
# nsCertType = objsign
|
||||
|
||||
# For normal client use this is typical
|
||||
# nsCertType = client, email
|
||||
|
||||
# and for everything including object signing:
|
||||
# nsCertType = client, email, objsign
|
||||
|
||||
# This is typical in keyUsage for a client certificate.
|
||||
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
||||
|
||||
# This will be displayed in Netscape's comment listbox.
|
||||
nsComment = "OpenSSL Generated Certificate"
|
||||
|
||||
# PKIX recommendations harmless if included in all certificates.
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid,issuer
|
||||
|
||||
# This stuff is for subjectAltName and issuerAltname.
|
||||
# Import the email address.
|
||||
# subjectAltName=email:copy
|
||||
# An alternative to produce certificates that aren't
|
||||
# deprecated according to PKIX.
|
||||
# subjectAltName=email:move
|
||||
|
||||
# Copy subject details
|
||||
# issuerAltName=issuer:copy
|
||||
|
||||
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
|
||||
#nsBaseUrl
|
||||
#nsRevocationUrl
|
||||
#nsRenewalUrl
|
||||
#nsCaPolicyUrl
|
||||
#nsSslServerName
|
||||
|
||||
# This really needs to be in place for it to be a proxy certificate.
|
||||
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
|
||||
|
||||
####################################################################
|
||||
[ tsa ]
|
||||
|
||||
default_tsa = tsa_config1 # the default TSA section
|
||||
|
||||
[ tsa_config1 ]
|
||||
|
||||
# These are used by the TSA reply generation only.
|
||||
dir = sys\$disk:[.demoCA # TSA root directory
|
||||
serial = $dir]tsaserial. # The current serial number (mandatory)
|
||||
crypto_device = builtin # OpenSSL engine to use for signing
|
||||
signer_cert = $dir/tsacert.pem # The TSA signing certificate
|
||||
# (optional)
|
||||
certs = $dir.cacert.pem] # Certificate chain to include in reply
|
||||
# (optional)
|
||||
signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
|
||||
signer_digest = sha256 # Signing digest to use. (Optional)
|
||||
default_policy = tsa_policy1 # Policy if request did not specify it
|
||||
# (optional)
|
||||
other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
|
||||
digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory)
|
||||
accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
|
||||
clock_precision_digits = 0 # number of digits after dot. (optional)
|
||||
ordering = yes # Is ordering defined for timestamps?
|
||||
# (optional, default: no)
|
||||
tsa_name = yes # Must the TSA name be included in the reply?
|
||||
# (optional, default: no)
|
||||
ess_cert_id_chain = no # Must the ESS cert id chain be included?
|
||||
# (optional, default: no)
|
||||
ess_cert_id_alg = sha1 # algorithm to compute certificate
|
||||
# identifier (optional, default: sha1)
|
826
trunk/3rdparty/openssl-1.1-fit/apps/openssl.c
vendored
Normal file
826
trunk/3rdparty/openssl-1.1-fit/apps/openssl.c
vendored
Normal file
|
@ -0,0 +1,826 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <internal/cryptlib.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/lhash.h>
|
||||
#include <openssl/conf.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/ssl.h>
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
# include <openssl/engine.h>
|
||||
#endif
|
||||
#include <openssl/err.h>
|
||||
#include "s_apps.h"
|
||||
/* Needed to get the other O_xxx flags. */
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
# include <unixio.h>
|
||||
#endif
|
||||
#include "apps.h"
|
||||
#define INCLUDE_FUNCTION_TABLE
|
||||
#include "progs.h"
|
||||
|
||||
/* Structure to hold the number of columns to be displayed and the
|
||||
* field width used to display them.
|
||||
*/
|
||||
typedef struct {
|
||||
int columns;
|
||||
int width;
|
||||
} DISPLAY_COLUMNS;
|
||||
|
||||
/* Special sentinel to exit the program. */
|
||||
#define EXIT_THE_PROGRAM (-1)
|
||||
|
||||
/*
|
||||
* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with
|
||||
* the base prototypes (we cast each variable inside the function to the
|
||||
* required type of "FUNCTION*"). This removes the necessity for
|
||||
* macro-generated wrapper functions.
|
||||
*/
|
||||
static LHASH_OF(FUNCTION) *prog_init(void);
|
||||
static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[]);
|
||||
static void list_pkey(void);
|
||||
static void list_pkey_meth(void);
|
||||
static void list_type(FUNC_TYPE ft, int one);
|
||||
static void list_disabled(void);
|
||||
char *default_config_file = NULL;
|
||||
|
||||
BIO *bio_in = NULL;
|
||||
BIO *bio_out = NULL;
|
||||
BIO *bio_err = NULL;
|
||||
|
||||
static void calculate_columns(DISPLAY_COLUMNS *dc)
|
||||
{
|
||||
FUNCTION *f;
|
||||
int len, maxlen = 0;
|
||||
|
||||
for (f = functions; f->name != NULL; ++f)
|
||||
if (f->type == FT_general || f->type == FT_md || f->type == FT_cipher)
|
||||
if ((len = strlen(f->name)) > maxlen)
|
||||
maxlen = len;
|
||||
|
||||
dc->width = maxlen + 2;
|
||||
dc->columns = (80 - 1) / dc->width;
|
||||
}
|
||||
|
||||
static int apps_startup(void)
|
||||
{
|
||||
#ifdef SIGPIPE
|
||||
signal(SIGPIPE, SIG_IGN);
|
||||
#endif
|
||||
|
||||
/* Set non-default library initialisation settings */
|
||||
if (!OPENSSL_init_ssl(OPENSSL_INIT_ENGINE_ALL_BUILTIN
|
||||
| OPENSSL_INIT_LOAD_CONFIG, NULL))
|
||||
return 0;
|
||||
|
||||
setup_ui_method();
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static void apps_shutdown(void)
|
||||
{
|
||||
destroy_ui_method();
|
||||
destroy_prefix_method();
|
||||
}
|
||||
|
||||
static char *make_config_name(void)
|
||||
{
|
||||
const char *t;
|
||||
size_t len;
|
||||
char *p;
|
||||
|
||||
if ((t = getenv("OPENSSL_CONF")) != NULL)
|
||||
return OPENSSL_strdup(t);
|
||||
|
||||
t = X509_get_default_cert_area();
|
||||
len = strlen(t) + 1 + strlen(OPENSSL_CONF) + 1;
|
||||
p = app_malloc(len, "config filename buffer");
|
||||
strcpy(p, t);
|
||||
#ifndef OPENSSL_SYS_VMS
|
||||
strcat(p, "/");
|
||||
#endif
|
||||
strcat(p, OPENSSL_CONF);
|
||||
|
||||
return p;
|
||||
}
|
||||
|
||||
int main(int argc, char *argv[])
|
||||
{
|
||||
FUNCTION f, *fp;
|
||||
LHASH_OF(FUNCTION) *prog = NULL;
|
||||
char **copied_argv = NULL;
|
||||
char *p, *pname;
|
||||
char buf[1024];
|
||||
const char *prompt;
|
||||
ARGS arg;
|
||||
int first, n, i, ret = 0;
|
||||
|
||||
arg.argv = NULL;
|
||||
arg.size = 0;
|
||||
|
||||
/* Set up some of the environment. */
|
||||
default_config_file = make_config_name();
|
||||
bio_in = dup_bio_in(FORMAT_TEXT);
|
||||
bio_out = dup_bio_out(FORMAT_TEXT);
|
||||
bio_err = dup_bio_err(FORMAT_TEXT);
|
||||
|
||||
#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
|
||||
copied_argv = argv = copy_argv(&argc, argv);
|
||||
#elif defined(_WIN32)
|
||||
/*
|
||||
* Replace argv[] with UTF-8 encoded strings.
|
||||
*/
|
||||
win32_utf8argv(&argc, &argv);
|
||||
#endif
|
||||
|
||||
p = getenv("OPENSSL_DEBUG_MEMORY");
|
||||
if (p != NULL && strcmp(p, "on") == 0)
|
||||
CRYPTO_set_mem_debug(1);
|
||||
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
|
||||
|
||||
if (getenv("OPENSSL_FIPS")) {
|
||||
BIO_printf(bio_err, "FIPS mode not supported.\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (!apps_startup()) {
|
||||
BIO_printf(bio_err,
|
||||
"FATAL: Startup failure (dev note: apps_startup() failed)\n");
|
||||
ERR_print_errors(bio_err);
|
||||
ret = 1;
|
||||
goto end;
|
||||
}
|
||||
|
||||
prog = prog_init();
|
||||
pname = opt_progname(argv[0]);
|
||||
|
||||
/* first check the program name */
|
||||
f.name = pname;
|
||||
fp = lh_FUNCTION_retrieve(prog, &f);
|
||||
if (fp != NULL) {
|
||||
argv[0] = pname;
|
||||
ret = fp->func(argc, argv);
|
||||
goto end;
|
||||
}
|
||||
|
||||
/* If there is stuff on the command line, run with that. */
|
||||
if (argc != 1) {
|
||||
argc--;
|
||||
argv++;
|
||||
ret = do_cmd(prog, argc, argv);
|
||||
if (ret < 0)
|
||||
ret = 0;
|
||||
goto end;
|
||||
}
|
||||
|
||||
/* ok, lets enter interactive mode */
|
||||
for (;;) {
|
||||
ret = 0;
|
||||
/* Read a line, continue reading if line ends with \ */
|
||||
for (p = buf, n = sizeof(buf), i = 0, first = 1; n > 0; first = 0) {
|
||||
prompt = first ? "OpenSSL> " : "> ";
|
||||
p[0] = '\0';
|
||||
#ifndef READLINE
|
||||
fputs(prompt, stdout);
|
||||
fflush(stdout);
|
||||
if (!fgets(p, n, stdin))
|
||||
goto end;
|
||||
if (p[0] == '\0')
|
||||
goto end;
|
||||
i = strlen(p);
|
||||
if (i <= 1)
|
||||
break;
|
||||
if (p[i - 2] != '\\')
|
||||
break;
|
||||
i -= 2;
|
||||
p += i;
|
||||
n -= i;
|
||||
#else
|
||||
{
|
||||
extern char *readline(const char *);
|
||||
extern void add_history(const char *cp);
|
||||
char *text;
|
||||
|
||||
text = readline(prompt);
|
||||
if (text == NULL)
|
||||
goto end;
|
||||
i = strlen(text);
|
||||
if (i == 0 || i > n)
|
||||
break;
|
||||
if (text[i - 1] != '\\') {
|
||||
p += strlen(strcpy(p, text));
|
||||
free(text);
|
||||
add_history(buf);
|
||||
break;
|
||||
}
|
||||
|
||||
text[i - 1] = '\0';
|
||||
p += strlen(strcpy(p, text));
|
||||
free(text);
|
||||
n -= i;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
if (!chopup_args(&arg, buf)) {
|
||||
BIO_printf(bio_err, "Can't parse (no memory?)\n");
|
||||
break;
|
||||
}
|
||||
|
||||
ret = do_cmd(prog, arg.argc, arg.argv);
|
||||
if (ret == EXIT_THE_PROGRAM) {
|
||||
ret = 0;
|
||||
goto end;
|
||||
}
|
||||
if (ret != 0)
|
||||
BIO_printf(bio_err, "error in %s\n", arg.argv[0]);
|
||||
(void)BIO_flush(bio_out);
|
||||
(void)BIO_flush(bio_err);
|
||||
}
|
||||
ret = 1;
|
||||
end:
|
||||
OPENSSL_free(copied_argv);
|
||||
OPENSSL_free(default_config_file);
|
||||
lh_FUNCTION_free(prog);
|
||||
OPENSSL_free(arg.argv);
|
||||
app_RAND_write();
|
||||
|
||||
BIO_free(bio_in);
|
||||
BIO_free_all(bio_out);
|
||||
apps_shutdown();
|
||||
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
|
||||
if (CRYPTO_mem_leaks(bio_err) <= 0)
|
||||
ret = 1;
|
||||
#endif
|
||||
BIO_free(bio_err);
|
||||
EXIT(ret);
|
||||
}
|
||||
|
||||
static void list_cipher_fn(const EVP_CIPHER *c,
|
||||
const char *from, const char *to, void *arg)
|
||||
{
|
||||
if (c != NULL) {
|
||||
BIO_printf(arg, "%s\n", EVP_CIPHER_name(c));
|
||||
} else {
|
||||
if (from == NULL)
|
||||
from = "<undefined>";
|
||||
if (to == NULL)
|
||||
to = "<undefined>";
|
||||
BIO_printf(arg, "%s => %s\n", from, to);
|
||||
}
|
||||
}
|
||||
|
||||
static void list_md_fn(const EVP_MD *m,
|
||||
const char *from, const char *to, void *arg)
|
||||
{
|
||||
if (m != NULL) {
|
||||
BIO_printf(arg, "%s\n", EVP_MD_name(m));
|
||||
} else {
|
||||
if (from == NULL)
|
||||
from = "<undefined>";
|
||||
if (to == NULL)
|
||||
to = "<undefined>";
|
||||
BIO_printf((BIO *)arg, "%s => %s\n", from, to);
|
||||
}
|
||||
}
|
||||
|
||||
static void list_missing_help(void)
|
||||
{
|
||||
const FUNCTION *fp;
|
||||
const OPTIONS *o;
|
||||
|
||||
for (fp = functions; fp->name != NULL; fp++) {
|
||||
if ((o = fp->help) != NULL) {
|
||||
/* If there is help, list what flags are not documented. */
|
||||
for ( ; o->name != NULL; o++) {
|
||||
if (o->helpstr == NULL)
|
||||
BIO_printf(bio_out, "%s %s\n", fp->name, o->name);
|
||||
}
|
||||
} else if (fp->func != dgst_main) {
|
||||
/* If not aliased to the dgst command, */
|
||||
BIO_printf(bio_out, "%s *\n", fp->name);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static void list_options_for_command(const char *command)
|
||||
{
|
||||
const FUNCTION *fp;
|
||||
const OPTIONS *o;
|
||||
|
||||
for (fp = functions; fp->name != NULL; fp++)
|
||||
if (strcmp(fp->name, command) == 0)
|
||||
break;
|
||||
if (fp->name == NULL) {
|
||||
BIO_printf(bio_err, "Invalid command '%s'; type \"help\" for a list.\n",
|
||||
command);
|
||||
return;
|
||||
}
|
||||
|
||||
if ((o = fp->help) == NULL)
|
||||
return;
|
||||
|
||||
for ( ; o->name != NULL; o++) {
|
||||
if (o->name == OPT_HELP_STR
|
||||
|| o->name == OPT_MORE_STR
|
||||
|| o->name[0] == '\0')
|
||||
continue;
|
||||
BIO_printf(bio_out, "%s %c\n", o->name, o->valtype);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/* Unified enum for help and list commands. */
|
||||
typedef enum HELPLIST_CHOICE {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ONE,
|
||||
OPT_COMMANDS, OPT_DIGEST_COMMANDS, OPT_OPTIONS,
|
||||
OPT_DIGEST_ALGORITHMS, OPT_CIPHER_COMMANDS, OPT_CIPHER_ALGORITHMS,
|
||||
OPT_PK_ALGORITHMS, OPT_PK_METHOD, OPT_DISABLED, OPT_MISSING_HELP
|
||||
} HELPLIST_CHOICE;
|
||||
|
||||
const OPTIONS list_options[] = {
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{"1", OPT_ONE, '-', "List in one column"},
|
||||
{"commands", OPT_COMMANDS, '-', "List of standard commands"},
|
||||
{"digest-commands", OPT_DIGEST_COMMANDS, '-',
|
||||
"List of message digest commands"},
|
||||
{"digest-algorithms", OPT_DIGEST_ALGORITHMS, '-',
|
||||
"List of message digest algorithms"},
|
||||
{"cipher-commands", OPT_CIPHER_COMMANDS, '-', "List of cipher commands"},
|
||||
{"cipher-algorithms", OPT_CIPHER_ALGORITHMS, '-',
|
||||
"List of cipher algorithms"},
|
||||
{"public-key-algorithms", OPT_PK_ALGORITHMS, '-',
|
||||
"List of public key algorithms"},
|
||||
{"public-key-methods", OPT_PK_METHOD, '-',
|
||||
"List of public key methods"},
|
||||
{"disabled", OPT_DISABLED, '-',
|
||||
"List of disabled features"},
|
||||
{"missing-help", OPT_MISSING_HELP, '-',
|
||||
"List missing detailed help strings"},
|
||||
{"options", OPT_OPTIONS, 's',
|
||||
"List options for specified command"},
|
||||
{NULL}
|
||||
};
|
||||
|
||||
int list_main(int argc, char **argv)
|
||||
{
|
||||
char *prog;
|
||||
HELPLIST_CHOICE o;
|
||||
int one = 0, done = 0;
|
||||
|
||||
prog = opt_init(argc, argv, list_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF: /* Never hit, but suppresses warning */
|
||||
case OPT_ERR:
|
||||
opthelp:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
return 1;
|
||||
case OPT_HELP:
|
||||
opt_help(list_options);
|
||||
break;
|
||||
case OPT_ONE:
|
||||
one = 1;
|
||||
break;
|
||||
case OPT_COMMANDS:
|
||||
list_type(FT_general, one);
|
||||
break;
|
||||
case OPT_DIGEST_COMMANDS:
|
||||
list_type(FT_md, one);
|
||||
break;
|
||||
case OPT_DIGEST_ALGORITHMS:
|
||||
EVP_MD_do_all_sorted(list_md_fn, bio_out);
|
||||
break;
|
||||
case OPT_CIPHER_COMMANDS:
|
||||
list_type(FT_cipher, one);
|
||||
break;
|
||||
case OPT_CIPHER_ALGORITHMS:
|
||||
EVP_CIPHER_do_all_sorted(list_cipher_fn, bio_out);
|
||||
break;
|
||||
case OPT_PK_ALGORITHMS:
|
||||
list_pkey();
|
||||
break;
|
||||
case OPT_PK_METHOD:
|
||||
list_pkey_meth();
|
||||
break;
|
||||
case OPT_DISABLED:
|
||||
list_disabled();
|
||||
break;
|
||||
case OPT_MISSING_HELP:
|
||||
list_missing_help();
|
||||
break;
|
||||
case OPT_OPTIONS:
|
||||
list_options_for_command(opt_arg());
|
||||
break;
|
||||
}
|
||||
done = 1;
|
||||
}
|
||||
if (opt_num_rest() != 0) {
|
||||
BIO_printf(bio_err, "Extra arguments given.\n");
|
||||
goto opthelp;
|
||||
}
|
||||
|
||||
if (!done)
|
||||
goto opthelp;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
typedef enum HELP_CHOICE {
|
||||
OPT_hERR = -1, OPT_hEOF = 0, OPT_hHELP
|
||||
} HELP_CHOICE;
|
||||
|
||||
const OPTIONS help_options[] = {
|
||||
{OPT_HELP_STR, 1, '-', "Usage: help [options]\n"},
|
||||
{OPT_HELP_STR, 1, '-', " help [command]\n"},
|
||||
{"help", OPT_hHELP, '-', "Display this summary"},
|
||||
{NULL}
|
||||
};
|
||||
|
||||
|
||||
int help_main(int argc, char **argv)
|
||||
{
|
||||
FUNCTION *fp;
|
||||
int i, nl;
|
||||
FUNC_TYPE tp;
|
||||
char *prog;
|
||||
HELP_CHOICE o;
|
||||
DISPLAY_COLUMNS dc;
|
||||
|
||||
prog = opt_init(argc, argv, help_options);
|
||||
while ((o = opt_next()) != OPT_hEOF) {
|
||||
switch (o) {
|
||||
case OPT_hERR:
|
||||
case OPT_hEOF:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
return 1;
|
||||
case OPT_hHELP:
|
||||
opt_help(help_options);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
if (opt_num_rest() == 1) {
|
||||
char *new_argv[3];
|
||||
|
||||
new_argv[0] = opt_rest()[0];
|
||||
new_argv[1] = "--help";
|
||||
new_argv[2] = NULL;
|
||||
return do_cmd(prog_init(), 2, new_argv);
|
||||
}
|
||||
if (opt_num_rest() != 0) {
|
||||
BIO_printf(bio_err, "Usage: %s\n", prog);
|
||||
return 1;
|
||||
}
|
||||
|
||||
calculate_columns(&dc);
|
||||
BIO_printf(bio_err, "Standard commands");
|
||||
i = 0;
|
||||
tp = FT_none;
|
||||
for (fp = functions; fp->name != NULL; fp++) {
|
||||
nl = 0;
|
||||
if (i++ % dc.columns == 0) {
|
||||
BIO_printf(bio_err, "\n");
|
||||
nl = 1;
|
||||
}
|
||||
if (fp->type != tp) {
|
||||
tp = fp->type;
|
||||
if (!nl)
|
||||
BIO_printf(bio_err, "\n");
|
||||
if (tp == FT_md) {
|
||||
i = 1;
|
||||
BIO_printf(bio_err,
|
||||
"\nMessage Digest commands (see the `dgst' command for more details)\n");
|
||||
} else if (tp == FT_cipher) {
|
||||
i = 1;
|
||||
BIO_printf(bio_err,
|
||||
"\nCipher commands (see the `enc' command for more details)\n");
|
||||
}
|
||||
}
|
||||
BIO_printf(bio_err, "%-*s", dc.width, fp->name);
|
||||
}
|
||||
BIO_printf(bio_err, "\n\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void list_type(FUNC_TYPE ft, int one)
|
||||
{
|
||||
FUNCTION *fp;
|
||||
int i = 0;
|
||||
DISPLAY_COLUMNS dc = {0};
|
||||
|
||||
if (!one)
|
||||
calculate_columns(&dc);
|
||||
|
||||
for (fp = functions; fp->name != NULL; fp++) {
|
||||
if (fp->type != ft)
|
||||
continue;
|
||||
if (one) {
|
||||
BIO_printf(bio_out, "%s\n", fp->name);
|
||||
} else {
|
||||
if (i % dc.columns == 0 && i > 0)
|
||||
BIO_printf(bio_out, "\n");
|
||||
BIO_printf(bio_out, "%-*s", dc.width, fp->name);
|
||||
i++;
|
||||
}
|
||||
}
|
||||
if (!one)
|
||||
BIO_printf(bio_out, "\n\n");
|
||||
}
|
||||
|
||||
static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[])
|
||||
{
|
||||
FUNCTION f, *fp;
|
||||
|
||||
if (argc <= 0 || argv[0] == NULL)
|
||||
return 0;
|
||||
f.name = argv[0];
|
||||
fp = lh_FUNCTION_retrieve(prog, &f);
|
||||
if (fp == NULL) {
|
||||
if (EVP_get_digestbyname(argv[0])) {
|
||||
f.type = FT_md;
|
||||
f.func = dgst_main;
|
||||
fp = &f;
|
||||
} else if (EVP_get_cipherbyname(argv[0])) {
|
||||
f.type = FT_cipher;
|
||||
f.func = enc_main;
|
||||
fp = &f;
|
||||
}
|
||||
}
|
||||
if (fp != NULL) {
|
||||
return fp->func(argc, argv);
|
||||
}
|
||||
if ((strncmp(argv[0], "no-", 3)) == 0) {
|
||||
/*
|
||||
* User is asking if foo is unsupported, by trying to "run" the
|
||||
* no-foo command. Strange.
|
||||
*/
|
||||
f.name = argv[0] + 3;
|
||||
if (lh_FUNCTION_retrieve(prog, &f) == NULL) {
|
||||
BIO_printf(bio_out, "%s\n", argv[0]);
|
||||
return 0;
|
||||
}
|
||||
BIO_printf(bio_out, "%s\n", argv[0] + 3);
|
||||
return 1;
|
||||
}
|
||||
if (strcmp(argv[0], "quit") == 0 || strcmp(argv[0], "q") == 0 ||
|
||||
strcmp(argv[0], "exit") == 0 || strcmp(argv[0], "bye") == 0)
|
||||
/* Special value to mean "exit the program. */
|
||||
return EXIT_THE_PROGRAM;
|
||||
|
||||
BIO_printf(bio_err, "Invalid command '%s'; type \"help\" for a list.\n",
|
||||
argv[0]);
|
||||
return 1;
|
||||
}
|
||||
|
||||
static void list_pkey(void)
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
|
||||
const EVP_PKEY_ASN1_METHOD *ameth;
|
||||
int pkey_id, pkey_base_id, pkey_flags;
|
||||
const char *pinfo, *pem_str;
|
||||
ameth = EVP_PKEY_asn1_get0(i);
|
||||
EVP_PKEY_asn1_get0_info(&pkey_id, &pkey_base_id, &pkey_flags,
|
||||
&pinfo, &pem_str, ameth);
|
||||
if (pkey_flags & ASN1_PKEY_ALIAS) {
|
||||
BIO_printf(bio_out, "Name: %s\n", OBJ_nid2ln(pkey_id));
|
||||
BIO_printf(bio_out, "\tAlias for: %s\n",
|
||||
OBJ_nid2ln(pkey_base_id));
|
||||
} else {
|
||||
BIO_printf(bio_out, "Name: %s\n", pinfo);
|
||||
BIO_printf(bio_out, "\tType: %s Algorithm\n",
|
||||
pkey_flags & ASN1_PKEY_DYNAMIC ?
|
||||
"External" : "Builtin");
|
||||
BIO_printf(bio_out, "\tOID: %s\n", OBJ_nid2ln(pkey_id));
|
||||
if (pem_str == NULL)
|
||||
pem_str = "(none)";
|
||||
BIO_printf(bio_out, "\tPEM string: %s\n", pem_str);
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
static void list_pkey_meth(void)
|
||||
{
|
||||
size_t i;
|
||||
size_t meth_count = EVP_PKEY_meth_get_count();
|
||||
|
||||
for (i = 0; i < meth_count; i++) {
|
||||
const EVP_PKEY_METHOD *pmeth = EVP_PKEY_meth_get0(i);
|
||||
int pkey_id, pkey_flags;
|
||||
|
||||
EVP_PKEY_meth_get0_info(&pkey_id, &pkey_flags, pmeth);
|
||||
BIO_printf(bio_out, "%s\n", OBJ_nid2ln(pkey_id));
|
||||
BIO_printf(bio_out, "\tType: %s Algorithm\n",
|
||||
pkey_flags & ASN1_PKEY_DYNAMIC ? "External" : "Builtin");
|
||||
}
|
||||
}
|
||||
|
||||
static int function_cmp(const FUNCTION * a, const FUNCTION * b)
|
||||
{
|
||||
return strncmp(a->name, b->name, 8);
|
||||
}
|
||||
|
||||
static unsigned long function_hash(const FUNCTION * a)
|
||||
{
|
||||
return OPENSSL_LH_strhash(a->name);
|
||||
}
|
||||
|
||||
static int SortFnByName(const void *_f1, const void *_f2)
|
||||
{
|
||||
const FUNCTION *f1 = _f1;
|
||||
const FUNCTION *f2 = _f2;
|
||||
|
||||
if (f1->type != f2->type)
|
||||
return f1->type - f2->type;
|
||||
return strcmp(f1->name, f2->name);
|
||||
}
|
||||
|
||||
static void list_disabled(void)
|
||||
{
|
||||
BIO_puts(bio_out, "Disabled algorithms:\n");
|
||||
#ifdef OPENSSL_NO_ARIA
|
||||
BIO_puts(bio_out, "ARIA\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_BF
|
||||
BIO_puts(bio_out, "BF\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_BLAKE2
|
||||
BIO_puts(bio_out, "BLAKE2\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_CAMELLIA
|
||||
BIO_puts(bio_out, "CAMELLIA\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_CAST
|
||||
BIO_puts(bio_out, "CAST\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_CMAC
|
||||
BIO_puts(bio_out, "CMAC\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_CMS
|
||||
BIO_puts(bio_out, "CMS\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_COMP
|
||||
BIO_puts(bio_out, "COMP\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_DES
|
||||
BIO_puts(bio_out, "DES\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_DGRAM
|
||||
BIO_puts(bio_out, "DGRAM\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_DH
|
||||
BIO_puts(bio_out, "DH\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_DSA
|
||||
BIO_puts(bio_out, "DSA\n");
|
||||
#endif
|
||||
#if defined(OPENSSL_NO_DTLS)
|
||||
BIO_puts(bio_out, "DTLS\n");
|
||||
#endif
|
||||
#if defined(OPENSSL_NO_DTLS1)
|
||||
BIO_puts(bio_out, "DTLS1\n");
|
||||
#endif
|
||||
#if defined(OPENSSL_NO_DTLS1_2)
|
||||
BIO_puts(bio_out, "DTLS1_2\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_EC
|
||||
BIO_puts(bio_out, "EC\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_EC2M
|
||||
BIO_puts(bio_out, "EC2M\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_ENGINE
|
||||
BIO_puts(bio_out, "ENGINE\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_GOST
|
||||
BIO_puts(bio_out, "GOST\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_HEARTBEATS
|
||||
BIO_puts(bio_out, "HEARTBEATS\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_IDEA
|
||||
BIO_puts(bio_out, "IDEA\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_MD2
|
||||
BIO_puts(bio_out, "MD2\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_MD4
|
||||
BIO_puts(bio_out, "MD4\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_MD5
|
||||
BIO_puts(bio_out, "MD5\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_MDC2
|
||||
BIO_puts(bio_out, "MDC2\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_OCB
|
||||
BIO_puts(bio_out, "OCB\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_OCSP
|
||||
BIO_puts(bio_out, "OCSP\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_PSK
|
||||
BIO_puts(bio_out, "PSK\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_RC2
|
||||
BIO_puts(bio_out, "RC2\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_RC4
|
||||
BIO_puts(bio_out, "RC4\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_RC5
|
||||
BIO_puts(bio_out, "RC5\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_RMD160
|
||||
BIO_puts(bio_out, "RMD160\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_RSA
|
||||
BIO_puts(bio_out, "RSA\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_SCRYPT
|
||||
BIO_puts(bio_out, "SCRYPT\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_SCTP
|
||||
BIO_puts(bio_out, "SCTP\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_SEED
|
||||
BIO_puts(bio_out, "SEED\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_SM2
|
||||
BIO_puts(bio_out, "SM2\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_SM3
|
||||
BIO_puts(bio_out, "SM3\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_SM4
|
||||
BIO_puts(bio_out, "SM4\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_SOCK
|
||||
BIO_puts(bio_out, "SOCK\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_SRP
|
||||
BIO_puts(bio_out, "SRP\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_SRTP
|
||||
BIO_puts(bio_out, "SRTP\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_SSL3
|
||||
BIO_puts(bio_out, "SSL3\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_TLS1
|
||||
BIO_puts(bio_out, "TLS1\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_TLS1_1
|
||||
BIO_puts(bio_out, "TLS1_1\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_TLS1_2
|
||||
BIO_puts(bio_out, "TLS1_2\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_WHIRLPOOL
|
||||
BIO_puts(bio_out, "WHIRLPOOL\n");
|
||||
#endif
|
||||
#ifndef ZLIB
|
||||
BIO_puts(bio_out, "ZLIB\n");
|
||||
#endif
|
||||
}
|
||||
|
||||
static LHASH_OF(FUNCTION) *prog_init(void)
|
||||
{
|
||||
static LHASH_OF(FUNCTION) *ret = NULL;
|
||||
static int prog_inited = 0;
|
||||
FUNCTION *f;
|
||||
size_t i;
|
||||
|
||||
if (prog_inited)
|
||||
return ret;
|
||||
|
||||
prog_inited = 1;
|
||||
|
||||
/* Sort alphabetically within category. For nicer help displays. */
|
||||
for (i = 0, f = functions; f->name != NULL; ++f, ++i)
|
||||
;
|
||||
qsort(functions, i, sizeof(*functions), SortFnByName);
|
||||
|
||||
if ((ret = lh_FUNCTION_new(function_hash, function_cmp)) == NULL)
|
||||
return NULL;
|
||||
|
||||
for (f = functions; f->name != NULL; f++)
|
||||
(void)lh_FUNCTION_insert(ret, f);
|
||||
return ret;
|
||||
}
|
350
trunk/3rdparty/openssl-1.1-fit/apps/openssl.cnf
vendored
Normal file
350
trunk/3rdparty/openssl-1.1-fit/apps/openssl.cnf
vendored
Normal file
|
@ -0,0 +1,350 @@
|
|||
#
|
||||
# OpenSSL example configuration file.
|
||||
# This is mostly being used for generation of certificate requests.
|
||||
#
|
||||
|
||||
# Note that you can include other files from the main configuration
|
||||
# file using the .include directive.
|
||||
#.include filename
|
||||
|
||||
# This definition stops the following lines choking if HOME isn't
|
||||
# defined.
|
||||
HOME = .
|
||||
|
||||
# Extra OBJECT IDENTIFIER info:
|
||||
#oid_file = $ENV::HOME/.oid
|
||||
oid_section = new_oids
|
||||
|
||||
# To use this configuration file with the "-extfile" option of the
|
||||
# "openssl x509" utility, name here the section containing the
|
||||
# X.509v3 extensions to use:
|
||||
# extensions =
|
||||
# (Alternatively, use a configuration file that has only
|
||||
# X.509v3 extensions in its main [= default] section.)
|
||||
|
||||
[ new_oids ]
|
||||
|
||||
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
|
||||
# Add a simple OID like this:
|
||||
# testoid1=1.2.3.4
|
||||
# Or use config file substitution like this:
|
||||
# testoid2=${testoid1}.5.6
|
||||
|
||||
# Policies used by the TSA examples.
|
||||
tsa_policy1 = 1.2.3.4.1
|
||||
tsa_policy2 = 1.2.3.4.5.6
|
||||
tsa_policy3 = 1.2.3.4.5.7
|
||||
|
||||
####################################################################
|
||||
[ ca ]
|
||||
default_ca = CA_default # The default ca section
|
||||
|
||||
####################################################################
|
||||
[ CA_default ]
|
||||
|
||||
dir = ./demoCA # Where everything is kept
|
||||
certs = $dir/certs # Where the issued certs are kept
|
||||
crl_dir = $dir/crl # Where the issued crl are kept
|
||||
database = $dir/index.txt # database index file.
|
||||
#unique_subject = no # Set to 'no' to allow creation of
|
||||
# several certs with same subject.
|
||||
new_certs_dir = $dir/newcerts # default place for new certs.
|
||||
|
||||
certificate = $dir/cacert.pem # The CA certificate
|
||||
serial = $dir/serial # The current serial number
|
||||
crlnumber = $dir/crlnumber # the current crl number
|
||||
# must be commented out to leave a V1 CRL
|
||||
crl = $dir/crl.pem # The current CRL
|
||||
private_key = $dir/private/cakey.pem# The private key
|
||||
|
||||
x509_extensions = usr_cert # The extensions to add to the cert
|
||||
|
||||
# Comment out the following two lines for the "traditional"
|
||||
# (and highly broken) format.
|
||||
name_opt = ca_default # Subject Name options
|
||||
cert_opt = ca_default # Certificate field options
|
||||
|
||||
# Extension copying option: use with caution.
|
||||
# copy_extensions = copy
|
||||
|
||||
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
|
||||
# so this is commented out by default to leave a V1 CRL.
|
||||
# crlnumber must also be commented out to leave a V1 CRL.
|
||||
# crl_extensions = crl_ext
|
||||
|
||||
default_days = 365 # how long to certify for
|
||||
default_crl_days= 30 # how long before next CRL
|
||||
default_md = default # use public key default MD
|
||||
preserve = no # keep passed DN ordering
|
||||
|
||||
# A few difference way of specifying how similar the request should look
|
||||
# For type CA, the listed attributes must be the same, and the optional
|
||||
# and supplied fields are just that :-)
|
||||
policy = policy_match
|
||||
|
||||
# For the CA policy
|
||||
[ policy_match ]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
# For the 'anything' policy
|
||||
# At this point in time, you must list all acceptable 'object'
|
||||
# types.
|
||||
[ policy_anything ]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
####################################################################
|
||||
[ req ]
|
||||
default_bits = 2048
|
||||
default_keyfile = privkey.pem
|
||||
distinguished_name = req_distinguished_name
|
||||
attributes = req_attributes
|
||||
x509_extensions = v3_ca # The extensions to add to the self signed cert
|
||||
|
||||
# Passwords for private keys if not present they will be prompted for
|
||||
# input_password = secret
|
||||
# output_password = secret
|
||||
|
||||
# This sets a mask for permitted string types. There are several options.
|
||||
# default: PrintableString, T61String, BMPString.
|
||||
# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
|
||||
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
|
||||
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
|
||||
# MASK:XXXX a literal mask value.
|
||||
# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
|
||||
string_mask = utf8only
|
||||
|
||||
# req_extensions = v3_req # The extensions to add to a certificate request
|
||||
|
||||
[ req_distinguished_name ]
|
||||
countryName = Country Name (2 letter code)
|
||||
countryName_default = AU
|
||||
countryName_min = 2
|
||||
countryName_max = 2
|
||||
|
||||
stateOrProvinceName = State or Province Name (full name)
|
||||
stateOrProvinceName_default = Some-State
|
||||
|
||||
localityName = Locality Name (eg, city)
|
||||
|
||||
0.organizationName = Organization Name (eg, company)
|
||||
0.organizationName_default = Internet Widgits Pty Ltd
|
||||
|
||||
# we can do this but it is not needed normally :-)
|
||||
#1.organizationName = Second Organization Name (eg, company)
|
||||
#1.organizationName_default = World Wide Web Pty Ltd
|
||||
|
||||
organizationalUnitName = Organizational Unit Name (eg, section)
|
||||
#organizationalUnitName_default =
|
||||
|
||||
commonName = Common Name (e.g. server FQDN or YOUR name)
|
||||
commonName_max = 64
|
||||
|
||||
emailAddress = Email Address
|
||||
emailAddress_max = 64
|
||||
|
||||
# SET-ex3 = SET extension number 3
|
||||
|
||||
[ req_attributes ]
|
||||
challengePassword = A challenge password
|
||||
challengePassword_min = 4
|
||||
challengePassword_max = 20
|
||||
|
||||
unstructuredName = An optional company name
|
||||
|
||||
[ usr_cert ]
|
||||
|
||||
# These extensions are added when 'ca' signs a request.
|
||||
|
||||
# This goes against PKIX guidelines but some CAs do it and some software
|
||||
# requires this to avoid interpreting an end user certificate as a CA.
|
||||
|
||||
basicConstraints=CA:FALSE
|
||||
|
||||
# Here are some examples of the usage of nsCertType. If it is omitted
|
||||
# the certificate can be used for anything *except* object signing.
|
||||
|
||||
# This is OK for an SSL server.
|
||||
# nsCertType = server
|
||||
|
||||
# For an object signing certificate this would be used.
|
||||
# nsCertType = objsign
|
||||
|
||||
# For normal client use this is typical
|
||||
# nsCertType = client, email
|
||||
|
||||
# and for everything including object signing:
|
||||
# nsCertType = client, email, objsign
|
||||
|
||||
# This is typical in keyUsage for a client certificate.
|
||||
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
||||
|
||||
# This will be displayed in Netscape's comment listbox.
|
||||
nsComment = "OpenSSL Generated Certificate"
|
||||
|
||||
# PKIX recommendations harmless if included in all certificates.
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid,issuer
|
||||
|
||||
# This stuff is for subjectAltName and issuerAltname.
|
||||
# Import the email address.
|
||||
# subjectAltName=email:copy
|
||||
# An alternative to produce certificates that aren't
|
||||
# deprecated according to PKIX.
|
||||
# subjectAltName=email:move
|
||||
|
||||
# Copy subject details
|
||||
# issuerAltName=issuer:copy
|
||||
|
||||
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
|
||||
#nsBaseUrl
|
||||
#nsRevocationUrl
|
||||
#nsRenewalUrl
|
||||
#nsCaPolicyUrl
|
||||
#nsSslServerName
|
||||
|
||||
# This is required for TSA certificates.
|
||||
# extendedKeyUsage = critical,timeStamping
|
||||
|
||||
[ v3_req ]
|
||||
|
||||
# Extensions to add to a certificate request
|
||||
|
||||
basicConstraints = CA:FALSE
|
||||
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
||||
|
||||
[ v3_ca ]
|
||||
|
||||
|
||||
# Extensions for a typical CA
|
||||
|
||||
|
||||
# PKIX recommendation.
|
||||
|
||||
subjectKeyIdentifier=hash
|
||||
|
||||
authorityKeyIdentifier=keyid:always,issuer
|
||||
|
||||
basicConstraints = critical,CA:true
|
||||
|
||||
# Key usage: this is typical for a CA certificate. However since it will
|
||||
# prevent it being used as an test self-signed certificate it is best
|
||||
# left out by default.
|
||||
# keyUsage = cRLSign, keyCertSign
|
||||
|
||||
# Some might want this also
|
||||
# nsCertType = sslCA, emailCA
|
||||
|
||||
# Include email address in subject alt name: another PKIX recommendation
|
||||
# subjectAltName=email:copy
|
||||
# Copy issuer details
|
||||
# issuerAltName=issuer:copy
|
||||
|
||||
# DER hex encoding of an extension: beware experts only!
|
||||
# obj=DER:02:03
|
||||
# Where 'obj' is a standard or added object
|
||||
# You can even override a supported extension:
|
||||
# basicConstraints= critical, DER:30:03:01:01:FF
|
||||
|
||||
[ crl_ext ]
|
||||
|
||||
# CRL extensions.
|
||||
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
|
||||
|
||||
# issuerAltName=issuer:copy
|
||||
authorityKeyIdentifier=keyid:always
|
||||
|
||||
[ proxy_cert_ext ]
|
||||
# These extensions should be added when creating a proxy certificate
|
||||
|
||||
# This goes against PKIX guidelines but some CAs do it and some software
|
||||
# requires this to avoid interpreting an end user certificate as a CA.
|
||||
|
||||
basicConstraints=CA:FALSE
|
||||
|
||||
# Here are some examples of the usage of nsCertType. If it is omitted
|
||||
# the certificate can be used for anything *except* object signing.
|
||||
|
||||
# This is OK for an SSL server.
|
||||
# nsCertType = server
|
||||
|
||||
# For an object signing certificate this would be used.
|
||||
# nsCertType = objsign
|
||||
|
||||
# For normal client use this is typical
|
||||
# nsCertType = client, email
|
||||
|
||||
# and for everything including object signing:
|
||||
# nsCertType = client, email, objsign
|
||||
|
||||
# This is typical in keyUsage for a client certificate.
|
||||
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
||||
|
||||
# This will be displayed in Netscape's comment listbox.
|
||||
nsComment = "OpenSSL Generated Certificate"
|
||||
|
||||
# PKIX recommendations harmless if included in all certificates.
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid,issuer
|
||||
|
||||
# This stuff is for subjectAltName and issuerAltname.
|
||||
# Import the email address.
|
||||
# subjectAltName=email:copy
|
||||
# An alternative to produce certificates that aren't
|
||||
# deprecated according to PKIX.
|
||||
# subjectAltName=email:move
|
||||
|
||||
# Copy subject details
|
||||
# issuerAltName=issuer:copy
|
||||
|
||||
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
|
||||
#nsBaseUrl
|
||||
#nsRevocationUrl
|
||||
#nsRenewalUrl
|
||||
#nsCaPolicyUrl
|
||||
#nsSslServerName
|
||||
|
||||
# This really needs to be in place for it to be a proxy certificate.
|
||||
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
|
||||
|
||||
####################################################################
|
||||
[ tsa ]
|
||||
|
||||
default_tsa = tsa_config1 # the default TSA section
|
||||
|
||||
[ tsa_config1 ]
|
||||
|
||||
# These are used by the TSA reply generation only.
|
||||
dir = ./demoCA # TSA root directory
|
||||
serial = $dir/tsaserial # The current serial number (mandatory)
|
||||
crypto_device = builtin # OpenSSL engine to use for signing
|
||||
signer_cert = $dir/tsacert.pem # The TSA signing certificate
|
||||
# (optional)
|
||||
certs = $dir/cacert.pem # Certificate chain to include in reply
|
||||
# (optional)
|
||||
signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
|
||||
signer_digest = sha256 # Signing digest to use. (Optional)
|
||||
default_policy = tsa_policy1 # Policy if request did not specify it
|
||||
# (optional)
|
||||
other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
|
||||
digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory)
|
||||
accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
|
||||
clock_precision_digits = 0 # number of digits after dot. (optional)
|
||||
ordering = yes # Is ordering defined for timestamps?
|
||||
# (optional, default: no)
|
||||
tsa_name = yes # Must the TSA name be included in the reply?
|
||||
# (optional, default: no)
|
||||
ess_cert_id_chain = no # Must the ESS cert id chain be included?
|
||||
# (optional, default: no)
|
||||
ess_cert_id_alg = sha1 # algorithm to compute certificate
|
||||
# identifier (optional, default: sha1)
|
898
trunk/3rdparty/openssl-1.1-fit/apps/opt.c
vendored
Normal file
898
trunk/3rdparty/openssl-1.1-fit/apps/opt.c
vendored
Normal file
|
@ -0,0 +1,898 @@
|
|||
/*
|
||||
* Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
#include "apps.h"
|
||||
#include <string.h>
|
||||
#if !defined(OPENSSL_SYS_MSDOS)
|
||||
# include OPENSSL_UNISTD
|
||||
#endif
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
#include <ctype.h>
|
||||
#include <limits.h>
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/x509v3.h>
|
||||
|
||||
#define MAX_OPT_HELP_WIDTH 30
|
||||
const char OPT_HELP_STR[] = "--";
|
||||
const char OPT_MORE_STR[] = "---";
|
||||
|
||||
/* Our state */
|
||||
static char **argv;
|
||||
static int argc;
|
||||
static int opt_index;
|
||||
static char *arg;
|
||||
static char *flag;
|
||||
static char *dunno;
|
||||
static const OPTIONS *unknown;
|
||||
static const OPTIONS *opts;
|
||||
static char prog[40];
|
||||
|
||||
/*
|
||||
* Return the simple name of the program; removing various platform gunk.
|
||||
*/
|
||||
#if defined(OPENSSL_SYS_WIN32)
|
||||
char *opt_progname(const char *argv0)
|
||||
{
|
||||
size_t i, n;
|
||||
const char *p;
|
||||
char *q;
|
||||
|
||||
/* find the last '/', '\' or ':' */
|
||||
for (p = argv0 + strlen(argv0); --p > argv0;)
|
||||
if (*p == '/' || *p == '\\' || *p == ':') {
|
||||
p++;
|
||||
break;
|
||||
}
|
||||
|
||||
/* Strip off trailing nonsense. */
|
||||
n = strlen(p);
|
||||
if (n > 4 &&
|
||||
(strcmp(&p[n - 4], ".exe") == 0 || strcmp(&p[n - 4], ".EXE") == 0))
|
||||
n -= 4;
|
||||
|
||||
/* Copy over the name, in lowercase. */
|
||||
if (n > sizeof(prog) - 1)
|
||||
n = sizeof(prog) - 1;
|
||||
for (q = prog, i = 0; i < n; i++, p++)
|
||||
*q++ = tolower((unsigned char)*p);
|
||||
*q = '\0';
|
||||
return prog;
|
||||
}
|
||||
|
||||
#elif defined(OPENSSL_SYS_VMS)
|
||||
|
||||
char *opt_progname(const char *argv0)
|
||||
{
|
||||
const char *p, *q;
|
||||
|
||||
/* Find last special character sys:[foo.bar]openssl */
|
||||
for (p = argv0 + strlen(argv0); --p > argv0;)
|
||||
if (*p == ':' || *p == ']' || *p == '>') {
|
||||
p++;
|
||||
break;
|
||||
}
|
||||
|
||||
q = strrchr(p, '.');
|
||||
strncpy(prog, p, sizeof(prog) - 1);
|
||||
prog[sizeof(prog) - 1] = '\0';
|
||||
if (q != NULL && q - p < sizeof(prog))
|
||||
prog[q - p] = '\0';
|
||||
return prog;
|
||||
}
|
||||
|
||||
#else
|
||||
|
||||
char *opt_progname(const char *argv0)
|
||||
{
|
||||
const char *p;
|
||||
|
||||
/* Could use strchr, but this is like the ones above. */
|
||||
for (p = argv0 + strlen(argv0); --p > argv0;)
|
||||
if (*p == '/') {
|
||||
p++;
|
||||
break;
|
||||
}
|
||||
strncpy(prog, p, sizeof(prog) - 1);
|
||||
prog[sizeof(prog) - 1] = '\0';
|
||||
return prog;
|
||||
}
|
||||
#endif
|
||||
|
||||
char *opt_getprog(void)
|
||||
{
|
||||
return prog;
|
||||
}
|
||||
|
||||
/* Set up the arg parsing. */
|
||||
char *opt_init(int ac, char **av, const OPTIONS *o)
|
||||
{
|
||||
/* Store state. */
|
||||
argc = ac;
|
||||
argv = av;
|
||||
opt_index = 1;
|
||||
opts = o;
|
||||
opt_progname(av[0]);
|
||||
unknown = NULL;
|
||||
|
||||
for (; o->name; ++o) {
|
||||
#ifndef NDEBUG
|
||||
const OPTIONS *next;
|
||||
int duplicated, i;
|
||||
#endif
|
||||
|
||||
if (o->name == OPT_HELP_STR || o->name == OPT_MORE_STR)
|
||||
continue;
|
||||
#ifndef NDEBUG
|
||||
i = o->valtype;
|
||||
|
||||
/* Make sure options are legit. */
|
||||
assert(o->name[0] != '-');
|
||||
assert(o->retval > 0);
|
||||
switch (i) {
|
||||
case 0: case '-': case '/': case '<': case '>': case 'E': case 'F':
|
||||
case 'M': case 'U': case 'f': case 'l': case 'n': case 'p': case 's':
|
||||
case 'u': case 'c':
|
||||
break;
|
||||
default:
|
||||
assert(0);
|
||||
}
|
||||
|
||||
/* Make sure there are no duplicates. */
|
||||
for (next = o + 1; next->name; ++next) {
|
||||
/*
|
||||
* Some compilers inline strcmp and the assert string is too long.
|
||||
*/
|
||||
duplicated = strcmp(o->name, next->name) == 0;
|
||||
assert(!duplicated);
|
||||
}
|
||||
#endif
|
||||
if (o->name[0] == '\0') {
|
||||
assert(unknown == NULL);
|
||||
unknown = o;
|
||||
assert(unknown->valtype == 0 || unknown->valtype == '-');
|
||||
}
|
||||
}
|
||||
return prog;
|
||||
}
|
||||
|
||||
static OPT_PAIR formats[] = {
|
||||
{"PEM/DER", OPT_FMT_PEMDER},
|
||||
{"pkcs12", OPT_FMT_PKCS12},
|
||||
{"smime", OPT_FMT_SMIME},
|
||||
{"engine", OPT_FMT_ENGINE},
|
||||
{"msblob", OPT_FMT_MSBLOB},
|
||||
{"nss", OPT_FMT_NSS},
|
||||
{"text", OPT_FMT_TEXT},
|
||||
{"http", OPT_FMT_HTTP},
|
||||
{"pvk", OPT_FMT_PVK},
|
||||
{NULL}
|
||||
};
|
||||
|
||||
/* Print an error message about a failed format parse. */
|
||||
int opt_format_error(const char *s, unsigned long flags)
|
||||
{
|
||||
OPT_PAIR *ap;
|
||||
|
||||
if (flags == OPT_FMT_PEMDER) {
|
||||
BIO_printf(bio_err, "%s: Bad format \"%s\"; must be pem or der\n",
|
||||
prog, s);
|
||||
} else {
|
||||
BIO_printf(bio_err, "%s: Bad format \"%s\"; must be one of:\n",
|
||||
prog, s);
|
||||
for (ap = formats; ap->name; ap++)
|
||||
if (flags & ap->retval)
|
||||
BIO_printf(bio_err, " %s\n", ap->name);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Parse a format string, put it into *result; return 0 on failure, else 1. */
|
||||
int opt_format(const char *s, unsigned long flags, int *result)
|
||||
{
|
||||
switch (*s) {
|
||||
default:
|
||||
return 0;
|
||||
case 'D':
|
||||
case 'd':
|
||||
if ((flags & OPT_FMT_PEMDER) == 0)
|
||||
return opt_format_error(s, flags);
|
||||
*result = FORMAT_ASN1;
|
||||
break;
|
||||
case 'T':
|
||||
case 't':
|
||||
if ((flags & OPT_FMT_TEXT) == 0)
|
||||
return opt_format_error(s, flags);
|
||||
*result = FORMAT_TEXT;
|
||||
break;
|
||||
case 'N':
|
||||
case 'n':
|
||||
if ((flags & OPT_FMT_NSS) == 0)
|
||||
return opt_format_error(s, flags);
|
||||
if (strcmp(s, "NSS") != 0 && strcmp(s, "nss") != 0)
|
||||
return opt_format_error(s, flags);
|
||||
*result = FORMAT_NSS;
|
||||
break;
|
||||
case 'S':
|
||||
case 's':
|
||||
if ((flags & OPT_FMT_SMIME) == 0)
|
||||
return opt_format_error(s, flags);
|
||||
*result = FORMAT_SMIME;
|
||||
break;
|
||||
case 'M':
|
||||
case 'm':
|
||||
if ((flags & OPT_FMT_MSBLOB) == 0)
|
||||
return opt_format_error(s, flags);
|
||||
*result = FORMAT_MSBLOB;
|
||||
break;
|
||||
case 'E':
|
||||
case 'e':
|
||||
if ((flags & OPT_FMT_ENGINE) == 0)
|
||||
return opt_format_error(s, flags);
|
||||
*result = FORMAT_ENGINE;
|
||||
break;
|
||||
case 'H':
|
||||
case 'h':
|
||||
if ((flags & OPT_FMT_HTTP) == 0)
|
||||
return opt_format_error(s, flags);
|
||||
*result = FORMAT_HTTP;
|
||||
break;
|
||||
case '1':
|
||||
if ((flags & OPT_FMT_PKCS12) == 0)
|
||||
return opt_format_error(s, flags);
|
||||
*result = FORMAT_PKCS12;
|
||||
break;
|
||||
case 'P':
|
||||
case 'p':
|
||||
if (s[1] == '\0' || strcmp(s, "PEM") == 0 || strcmp(s, "pem") == 0) {
|
||||
if ((flags & OPT_FMT_PEMDER) == 0)
|
||||
return opt_format_error(s, flags);
|
||||
*result = FORMAT_PEM;
|
||||
} else if (strcmp(s, "PVK") == 0 || strcmp(s, "pvk") == 0) {
|
||||
if ((flags & OPT_FMT_PVK) == 0)
|
||||
return opt_format_error(s, flags);
|
||||
*result = FORMAT_PVK;
|
||||
} else if (strcmp(s, "P12") == 0 || strcmp(s, "p12") == 0
|
||||
|| strcmp(s, "PKCS12") == 0 || strcmp(s, "pkcs12") == 0) {
|
||||
if ((flags & OPT_FMT_PKCS12) == 0)
|
||||
return opt_format_error(s, flags);
|
||||
*result = FORMAT_PKCS12;
|
||||
} else {
|
||||
return 0;
|
||||
}
|
||||
break;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* Parse a cipher name, put it in *EVP_CIPHER; return 0 on failure, else 1. */
|
||||
int opt_cipher(const char *name, const EVP_CIPHER **cipherp)
|
||||
{
|
||||
*cipherp = EVP_get_cipherbyname(name);
|
||||
if (*cipherp != NULL)
|
||||
return 1;
|
||||
BIO_printf(bio_err, "%s: Unrecognized flag %s\n", prog, name);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Parse message digest name, put it in *EVP_MD; return 0 on failure, else 1.
|
||||
*/
|
||||
int opt_md(const char *name, const EVP_MD **mdp)
|
||||
{
|
||||
*mdp = EVP_get_digestbyname(name);
|
||||
if (*mdp != NULL)
|
||||
return 1;
|
||||
BIO_printf(bio_err, "%s: Unrecognized flag %s\n", prog, name);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Look through a list of name/value pairs. */
|
||||
int opt_pair(const char *name, const OPT_PAIR* pairs, int *result)
|
||||
{
|
||||
const OPT_PAIR *pp;
|
||||
|
||||
for (pp = pairs; pp->name; pp++)
|
||||
if (strcmp(pp->name, name) == 0) {
|
||||
*result = pp->retval;
|
||||
return 1;
|
||||
}
|
||||
BIO_printf(bio_err, "%s: Value must be one of:\n", prog);
|
||||
for (pp = pairs; pp->name; pp++)
|
||||
BIO_printf(bio_err, "\t%s\n", pp->name);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Parse an int, put it into *result; return 0 on failure, else 1. */
|
||||
int opt_int(const char *value, int *result)
|
||||
{
|
||||
long l;
|
||||
|
||||
if (!opt_long(value, &l))
|
||||
return 0;
|
||||
*result = (int)l;
|
||||
if (*result != l) {
|
||||
BIO_printf(bio_err, "%s: Value \"%s\" outside integer range\n",
|
||||
prog, value);
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
static void opt_number_error(const char *v)
|
||||
{
|
||||
size_t i = 0;
|
||||
struct strstr_pair_st {
|
||||
char *prefix;
|
||||
char *name;
|
||||
} b[] = {
|
||||
{"0x", "a hexadecimal"},
|
||||
{"0X", "a hexadecimal"},
|
||||
{"0", "an octal"}
|
||||
};
|
||||
|
||||
for (i = 0; i < OSSL_NELEM(b); i++) {
|
||||
if (strncmp(v, b[i].prefix, strlen(b[i].prefix)) == 0) {
|
||||
BIO_printf(bio_err,
|
||||
"%s: Can't parse \"%s\" as %s number\n",
|
||||
prog, v, b[i].name);
|
||||
return;
|
||||
}
|
||||
}
|
||||
BIO_printf(bio_err, "%s: Can't parse \"%s\" as a number\n", prog, v);
|
||||
return;
|
||||
}
|
||||
|
||||
/* Parse a long, put it into *result; return 0 on failure, else 1. */
|
||||
int opt_long(const char *value, long *result)
|
||||
{
|
||||
int oerrno = errno;
|
||||
long l;
|
||||
char *endp;
|
||||
|
||||
errno = 0;
|
||||
l = strtol(value, &endp, 0);
|
||||
if (*endp
|
||||
|| endp == value
|
||||
|| ((l == LONG_MAX || l == LONG_MIN) && errno == ERANGE)
|
||||
|| (l == 0 && errno != 0)) {
|
||||
opt_number_error(value);
|
||||
errno = oerrno;
|
||||
return 0;
|
||||
}
|
||||
*result = l;
|
||||
errno = oerrno;
|
||||
return 1;
|
||||
}
|
||||
|
||||
#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \
|
||||
defined(INTMAX_MAX) && defined(UINTMAX_MAX)
|
||||
|
||||
/* Parse an intmax_t, put it into *result; return 0 on failure, else 1. */
|
||||
int opt_imax(const char *value, intmax_t *result)
|
||||
{
|
||||
int oerrno = errno;
|
||||
intmax_t m;
|
||||
char *endp;
|
||||
|
||||
errno = 0;
|
||||
m = strtoimax(value, &endp, 0);
|
||||
if (*endp
|
||||
|| endp == value
|
||||
|| ((m == INTMAX_MAX || m == INTMAX_MIN) && errno == ERANGE)
|
||||
|| (m == 0 && errno != 0)) {
|
||||
opt_number_error(value);
|
||||
errno = oerrno;
|
||||
return 0;
|
||||
}
|
||||
*result = m;
|
||||
errno = oerrno;
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* Parse a uintmax_t, put it into *result; return 0 on failure, else 1. */
|
||||
int opt_umax(const char *value, uintmax_t *result)
|
||||
{
|
||||
int oerrno = errno;
|
||||
uintmax_t m;
|
||||
char *endp;
|
||||
|
||||
errno = 0;
|
||||
m = strtoumax(value, &endp, 0);
|
||||
if (*endp
|
||||
|| endp == value
|
||||
|| (m == UINTMAX_MAX && errno == ERANGE)
|
||||
|| (m == 0 && errno != 0)) {
|
||||
opt_number_error(value);
|
||||
errno = oerrno;
|
||||
return 0;
|
||||
}
|
||||
*result = m;
|
||||
errno = oerrno;
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Parse an unsigned long, put it into *result; return 0 on failure, else 1.
|
||||
*/
|
||||
int opt_ulong(const char *value, unsigned long *result)
|
||||
{
|
||||
int oerrno = errno;
|
||||
char *endptr;
|
||||
unsigned long l;
|
||||
|
||||
errno = 0;
|
||||
l = strtoul(value, &endptr, 0);
|
||||
if (*endptr
|
||||
|| endptr == value
|
||||
|| ((l == ULONG_MAX) && errno == ERANGE)
|
||||
|| (l == 0 && errno != 0)) {
|
||||
opt_number_error(value);
|
||||
errno = oerrno;
|
||||
return 0;
|
||||
}
|
||||
*result = l;
|
||||
errno = oerrno;
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* We pass opt as an int but cast it to "enum range" so that all the
|
||||
* items in the OPT_V_ENUM enumeration are caught; this makes -Wswitch
|
||||
* in gcc do the right thing.
|
||||
*/
|
||||
enum range { OPT_V_ENUM };
|
||||
|
||||
int opt_verify(int opt, X509_VERIFY_PARAM *vpm)
|
||||
{
|
||||
int i;
|
||||
ossl_intmax_t t = 0;
|
||||
ASN1_OBJECT *otmp;
|
||||
X509_PURPOSE *xptmp;
|
||||
const X509_VERIFY_PARAM *vtmp;
|
||||
|
||||
assert(vpm != NULL);
|
||||
assert(opt > OPT_V__FIRST);
|
||||
assert(opt < OPT_V__LAST);
|
||||
|
||||
switch ((enum range)opt) {
|
||||
case OPT_V__FIRST:
|
||||
case OPT_V__LAST:
|
||||
return 0;
|
||||
case OPT_V_POLICY:
|
||||
otmp = OBJ_txt2obj(opt_arg(), 0);
|
||||
if (otmp == NULL) {
|
||||
BIO_printf(bio_err, "%s: Invalid Policy %s\n", prog, opt_arg());
|
||||
return 0;
|
||||
}
|
||||
X509_VERIFY_PARAM_add0_policy(vpm, otmp);
|
||||
break;
|
||||
case OPT_V_PURPOSE:
|
||||
/* purpose name -> purpose index */
|
||||
i = X509_PURPOSE_get_by_sname(opt_arg());
|
||||
if (i < 0) {
|
||||
BIO_printf(bio_err, "%s: Invalid purpose %s\n", prog, opt_arg());
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* purpose index -> purpose object */
|
||||
xptmp = X509_PURPOSE_get0(i);
|
||||
|
||||
/* purpose object -> purpose value */
|
||||
i = X509_PURPOSE_get_id(xptmp);
|
||||
|
||||
if (!X509_VERIFY_PARAM_set_purpose(vpm, i)) {
|
||||
BIO_printf(bio_err,
|
||||
"%s: Internal error setting purpose %s\n",
|
||||
prog, opt_arg());
|
||||
return 0;
|
||||
}
|
||||
break;
|
||||
case OPT_V_VERIFY_NAME:
|
||||
vtmp = X509_VERIFY_PARAM_lookup(opt_arg());
|
||||
if (vtmp == NULL) {
|
||||
BIO_printf(bio_err, "%s: Invalid verify name %s\n",
|
||||
prog, opt_arg());
|
||||
return 0;
|
||||
}
|
||||
X509_VERIFY_PARAM_set1(vpm, vtmp);
|
||||
break;
|
||||
case OPT_V_VERIFY_DEPTH:
|
||||
i = atoi(opt_arg());
|
||||
if (i >= 0)
|
||||
X509_VERIFY_PARAM_set_depth(vpm, i);
|
||||
break;
|
||||
case OPT_V_VERIFY_AUTH_LEVEL:
|
||||
i = atoi(opt_arg());
|
||||
if (i >= 0)
|
||||
X509_VERIFY_PARAM_set_auth_level(vpm, i);
|
||||
break;
|
||||
case OPT_V_ATTIME:
|
||||
if (!opt_imax(opt_arg(), &t))
|
||||
return 0;
|
||||
if (t != (time_t)t) {
|
||||
BIO_printf(bio_err, "%s: epoch time out of range %s\n",
|
||||
prog, opt_arg());
|
||||
return 0;
|
||||
}
|
||||
X509_VERIFY_PARAM_set_time(vpm, (time_t)t);
|
||||
break;
|
||||
case OPT_V_VERIFY_HOSTNAME:
|
||||
if (!X509_VERIFY_PARAM_set1_host(vpm, opt_arg(), 0))
|
||||
return 0;
|
||||
break;
|
||||
case OPT_V_VERIFY_EMAIL:
|
||||
if (!X509_VERIFY_PARAM_set1_email(vpm, opt_arg(), 0))
|
||||
return 0;
|
||||
break;
|
||||
case OPT_V_VERIFY_IP:
|
||||
if (!X509_VERIFY_PARAM_set1_ip_asc(vpm, opt_arg()))
|
||||
return 0;
|
||||
break;
|
||||
case OPT_V_IGNORE_CRITICAL:
|
||||
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_IGNORE_CRITICAL);
|
||||
break;
|
||||
case OPT_V_ISSUER_CHECKS:
|
||||
/* NOP, deprecated */
|
||||
break;
|
||||
case OPT_V_CRL_CHECK:
|
||||
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_CRL_CHECK);
|
||||
break;
|
||||
case OPT_V_CRL_CHECK_ALL:
|
||||
X509_VERIFY_PARAM_set_flags(vpm,
|
||||
X509_V_FLAG_CRL_CHECK |
|
||||
X509_V_FLAG_CRL_CHECK_ALL);
|
||||
break;
|
||||
case OPT_V_POLICY_CHECK:
|
||||
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_POLICY_CHECK);
|
||||
break;
|
||||
case OPT_V_EXPLICIT_POLICY:
|
||||
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_EXPLICIT_POLICY);
|
||||
break;
|
||||
case OPT_V_INHIBIT_ANY:
|
||||
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_INHIBIT_ANY);
|
||||
break;
|
||||
case OPT_V_INHIBIT_MAP:
|
||||
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_INHIBIT_MAP);
|
||||
break;
|
||||
case OPT_V_X509_STRICT:
|
||||
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_X509_STRICT);
|
||||
break;
|
||||
case OPT_V_EXTENDED_CRL:
|
||||
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_EXTENDED_CRL_SUPPORT);
|
||||
break;
|
||||
case OPT_V_USE_DELTAS:
|
||||
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_USE_DELTAS);
|
||||
break;
|
||||
case OPT_V_POLICY_PRINT:
|
||||
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NOTIFY_POLICY);
|
||||
break;
|
||||
case OPT_V_CHECK_SS_SIG:
|
||||
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_CHECK_SS_SIGNATURE);
|
||||
break;
|
||||
case OPT_V_TRUSTED_FIRST:
|
||||
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_TRUSTED_FIRST);
|
||||
break;
|
||||
case OPT_V_SUITEB_128_ONLY:
|
||||
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_128_LOS_ONLY);
|
||||
break;
|
||||
case OPT_V_SUITEB_128:
|
||||
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_128_LOS);
|
||||
break;
|
||||
case OPT_V_SUITEB_192:
|
||||
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_192_LOS);
|
||||
break;
|
||||
case OPT_V_PARTIAL_CHAIN:
|
||||
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_PARTIAL_CHAIN);
|
||||
break;
|
||||
case OPT_V_NO_ALT_CHAINS:
|
||||
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NO_ALT_CHAINS);
|
||||
break;
|
||||
case OPT_V_NO_CHECK_TIME:
|
||||
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NO_CHECK_TIME);
|
||||
break;
|
||||
case OPT_V_ALLOW_PROXY_CERTS:
|
||||
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_ALLOW_PROXY_CERTS);
|
||||
break;
|
||||
}
|
||||
return 1;
|
||||
|
||||
}
|
||||
|
||||
/*
|
||||
* Parse the next flag (and value if specified), return 0 if done, -1 on
|
||||
* error, otherwise the flag's retval.
|
||||
*/
|
||||
int opt_next(void)
|
||||
{
|
||||
char *p;
|
||||
const OPTIONS *o;
|
||||
int ival;
|
||||
long lval;
|
||||
unsigned long ulval;
|
||||
ossl_intmax_t imval;
|
||||
ossl_uintmax_t umval;
|
||||
|
||||
/* Look at current arg; at end of the list? */
|
||||
arg = NULL;
|
||||
p = argv[opt_index];
|
||||
if (p == NULL)
|
||||
return 0;
|
||||
|
||||
/* If word doesn't start with a -, we're done. */
|
||||
if (*p != '-')
|
||||
return 0;
|
||||
|
||||
/* Hit "--" ? We're done. */
|
||||
opt_index++;
|
||||
if (strcmp(p, "--") == 0)
|
||||
return 0;
|
||||
|
||||
/* Allow -nnn and --nnn */
|
||||
if (*++p == '-')
|
||||
p++;
|
||||
flag = p - 1;
|
||||
|
||||
/* If we have --flag=foo, snip it off */
|
||||
if ((arg = strchr(p, '=')) != NULL)
|
||||
*arg++ = '\0';
|
||||
for (o = opts; o->name; ++o) {
|
||||
/* If not this option, move on to the next one. */
|
||||
if (strcmp(p, o->name) != 0)
|
||||
continue;
|
||||
|
||||
/* If it doesn't take a value, make sure none was given. */
|
||||
if (o->valtype == 0 || o->valtype == '-') {
|
||||
if (arg) {
|
||||
BIO_printf(bio_err,
|
||||
"%s: Option -%s does not take a value\n", prog, p);
|
||||
return -1;
|
||||
}
|
||||
return o->retval;
|
||||
}
|
||||
|
||||
/* Want a value; get the next param if =foo not used. */
|
||||
if (arg == NULL) {
|
||||
if (argv[opt_index] == NULL) {
|
||||
BIO_printf(bio_err,
|
||||
"%s: Option -%s needs a value\n", prog, o->name);
|
||||
return -1;
|
||||
}
|
||||
arg = argv[opt_index++];
|
||||
}
|
||||
|
||||
/* Syntax-check value. */
|
||||
switch (o->valtype) {
|
||||
default:
|
||||
case 's':
|
||||
/* Just a string. */
|
||||
break;
|
||||
case '/':
|
||||
if (app_isdir(arg) > 0)
|
||||
break;
|
||||
BIO_printf(bio_err, "%s: Not a directory: %s\n", prog, arg);
|
||||
return -1;
|
||||
case '<':
|
||||
/* Input file. */
|
||||
break;
|
||||
case '>':
|
||||
/* Output file. */
|
||||
break;
|
||||
case 'p':
|
||||
case 'n':
|
||||
if (!opt_int(arg, &ival)
|
||||
|| (o->valtype == 'p' && ival <= 0)) {
|
||||
BIO_printf(bio_err,
|
||||
"%s: Non-positive number \"%s\" for -%s\n",
|
||||
prog, arg, o->name);
|
||||
return -1;
|
||||
}
|
||||
break;
|
||||
case 'M':
|
||||
if (!opt_imax(arg, &imval)) {
|
||||
BIO_printf(bio_err,
|
||||
"%s: Invalid number \"%s\" for -%s\n",
|
||||
prog, arg, o->name);
|
||||
return -1;
|
||||
}
|
||||
break;
|
||||
case 'U':
|
||||
if (!opt_umax(arg, &umval)) {
|
||||
BIO_printf(bio_err,
|
||||
"%s: Invalid number \"%s\" for -%s\n",
|
||||
prog, arg, o->name);
|
||||
return -1;
|
||||
}
|
||||
break;
|
||||
case 'l':
|
||||
if (!opt_long(arg, &lval)) {
|
||||
BIO_printf(bio_err,
|
||||
"%s: Invalid number \"%s\" for -%s\n",
|
||||
prog, arg, o->name);
|
||||
return -1;
|
||||
}
|
||||
break;
|
||||
case 'u':
|
||||
if (!opt_ulong(arg, &ulval)) {
|
||||
BIO_printf(bio_err,
|
||||
"%s: Invalid number \"%s\" for -%s\n",
|
||||
prog, arg, o->name);
|
||||
return -1;
|
||||
}
|
||||
break;
|
||||
case 'c':
|
||||
case 'E':
|
||||
case 'F':
|
||||
case 'f':
|
||||
if (opt_format(arg,
|
||||
o->valtype == 'c' ? OPT_FMT_PDS :
|
||||
o->valtype == 'E' ? OPT_FMT_PDE :
|
||||
o->valtype == 'F' ? OPT_FMT_PEMDER
|
||||
: OPT_FMT_ANY, &ival))
|
||||
break;
|
||||
BIO_printf(bio_err,
|
||||
"%s: Invalid format \"%s\" for -%s\n",
|
||||
prog, arg, o->name);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Return the flag value. */
|
||||
return o->retval;
|
||||
}
|
||||
if (unknown != NULL) {
|
||||
dunno = p;
|
||||
return unknown->retval;
|
||||
}
|
||||
BIO_printf(bio_err, "%s: Option unknown option -%s\n", prog, p);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Return the most recent flag parameter. */
|
||||
char *opt_arg(void)
|
||||
{
|
||||
return arg;
|
||||
}
|
||||
|
||||
/* Return the most recent flag. */
|
||||
char *opt_flag(void)
|
||||
{
|
||||
return flag;
|
||||
}
|
||||
|
||||
/* Return the unknown option. */
|
||||
char *opt_unknown(void)
|
||||
{
|
||||
return dunno;
|
||||
}
|
||||
|
||||
/* Return the rest of the arguments after parsing flags. */
|
||||
char **opt_rest(void)
|
||||
{
|
||||
return &argv[opt_index];
|
||||
}
|
||||
|
||||
/* How many items in remaining args? */
|
||||
int opt_num_rest(void)
|
||||
{
|
||||
int i = 0;
|
||||
char **pp;
|
||||
|
||||
for (pp = opt_rest(); *pp; pp++, i++)
|
||||
continue;
|
||||
return i;
|
||||
}
|
||||
|
||||
/* Return a string describing the parameter type. */
|
||||
static const char *valtype2param(const OPTIONS *o)
|
||||
{
|
||||
switch (o->valtype) {
|
||||
case 0:
|
||||
case '-':
|
||||
return "";
|
||||
case 's':
|
||||
return "val";
|
||||
case '/':
|
||||
return "dir";
|
||||
case '<':
|
||||
return "infile";
|
||||
case '>':
|
||||
return "outfile";
|
||||
case 'p':
|
||||
return "+int";
|
||||
case 'n':
|
||||
return "int";
|
||||
case 'l':
|
||||
return "long";
|
||||
case 'u':
|
||||
return "ulong";
|
||||
case 'E':
|
||||
return "PEM|DER|ENGINE";
|
||||
case 'F':
|
||||
return "PEM|DER";
|
||||
case 'f':
|
||||
return "format";
|
||||
case 'M':
|
||||
return "intmax";
|
||||
case 'U':
|
||||
return "uintmax";
|
||||
}
|
||||
return "parm";
|
||||
}
|
||||
|
||||
void opt_help(const OPTIONS *list)
|
||||
{
|
||||
const OPTIONS *o;
|
||||
int i;
|
||||
int standard_prolog;
|
||||
int width = 5;
|
||||
char start[80 + 1];
|
||||
char *p;
|
||||
const char *help;
|
||||
|
||||
/* Starts with its own help message? */
|
||||
standard_prolog = list[0].name != OPT_HELP_STR;
|
||||
|
||||
/* Find the widest help. */
|
||||
for (o = list; o->name; o++) {
|
||||
if (o->name == OPT_MORE_STR)
|
||||
continue;
|
||||
i = 2 + (int)strlen(o->name);
|
||||
if (o->valtype != '-')
|
||||
i += 1 + strlen(valtype2param(o));
|
||||
if (i < MAX_OPT_HELP_WIDTH && i > width)
|
||||
width = i;
|
||||
assert(i < (int)sizeof(start));
|
||||
}
|
||||
|
||||
if (standard_prolog)
|
||||
BIO_printf(bio_err, "Usage: %s [options]\nValid options are:\n",
|
||||
prog);
|
||||
|
||||
/* Now let's print. */
|
||||
for (o = list; o->name; o++) {
|
||||
help = o->helpstr ? o->helpstr : "(No additional info)";
|
||||
if (o->name == OPT_HELP_STR) {
|
||||
BIO_printf(bio_err, help, prog);
|
||||
continue;
|
||||
}
|
||||
|
||||
/* Pad out prefix */
|
||||
memset(start, ' ', sizeof(start) - 1);
|
||||
start[sizeof(start) - 1] = '\0';
|
||||
|
||||
if (o->name == OPT_MORE_STR) {
|
||||
/* Continuation of previous line; pad and print. */
|
||||
start[width] = '\0';
|
||||
BIO_printf(bio_err, "%s %s\n", start, help);
|
||||
continue;
|
||||
}
|
||||
|
||||
/* Build up the "-flag [param]" part. */
|
||||
p = start;
|
||||
*p++ = ' ';
|
||||
*p++ = '-';
|
||||
if (o->name[0])
|
||||
p += strlen(strcpy(p, o->name));
|
||||
else
|
||||
*p++ = '*';
|
||||
if (o->valtype != '-') {
|
||||
*p++ = ' ';
|
||||
p += strlen(strcpy(p, valtype2param(o)));
|
||||
}
|
||||
*p = ' ';
|
||||
if ((int)(p - start) >= MAX_OPT_HELP_WIDTH) {
|
||||
*p = '\0';
|
||||
BIO_printf(bio_err, "%s\n", start);
|
||||
memset(start, ' ', sizeof(start));
|
||||
}
|
||||
start[width] = '\0';
|
||||
BIO_printf(bio_err, "%s %s\n", start, help);
|
||||
}
|
||||
}
|
853
trunk/3rdparty/openssl-1.1-fit/apps/passwd.c
vendored
Normal file
853
trunk/3rdparty/openssl-1.1-fit/apps/passwd.c
vendored
Normal file
|
@ -0,0 +1,853 @@
|
|||
/*
|
||||
* Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/rand.h>
|
||||
#ifndef OPENSSL_NO_DES
|
||||
# include <openssl/des.h>
|
||||
#endif
|
||||
#include <openssl/md5.h>
|
||||
#include <openssl/sha.h>
|
||||
|
||||
static unsigned const char cov_2char[64] = {
|
||||
/* from crypto/des/fcrypt.c */
|
||||
0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
|
||||
0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44,
|
||||
0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C,
|
||||
0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54,
|
||||
0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x61, 0x62,
|
||||
0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A,
|
||||
0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71, 0x72,
|
||||
0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A
|
||||
};
|
||||
|
||||
static const char ascii_dollar[] = { 0x24, 0x00 };
|
||||
|
||||
typedef enum {
|
||||
passwd_unset = 0,
|
||||
passwd_crypt,
|
||||
passwd_md5,
|
||||
passwd_apr1,
|
||||
passwd_sha256,
|
||||
passwd_sha512,
|
||||
passwd_aixmd5
|
||||
} passwd_modes;
|
||||
|
||||
static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
|
||||
char *passwd, BIO *out, int quiet, int table,
|
||||
int reverse, size_t pw_maxlen, passwd_modes mode);
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
OPT_IN,
|
||||
OPT_NOVERIFY, OPT_QUIET, OPT_TABLE, OPT_REVERSE, OPT_APR1,
|
||||
OPT_1, OPT_5, OPT_6, OPT_CRYPT, OPT_AIXMD5, OPT_SALT, OPT_STDIN,
|
||||
OPT_R_ENUM
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS passwd_options[] = {
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{"in", OPT_IN, '<', "Read passwords from file"},
|
||||
{"noverify", OPT_NOVERIFY, '-',
|
||||
"Never verify when reading password from terminal"},
|
||||
{"quiet", OPT_QUIET, '-', "No warnings"},
|
||||
{"table", OPT_TABLE, '-', "Format output as table"},
|
||||
{"reverse", OPT_REVERSE, '-', "Switch table columns"},
|
||||
{"salt", OPT_SALT, 's', "Use provided salt"},
|
||||
{"stdin", OPT_STDIN, '-', "Read passwords from stdin"},
|
||||
{"6", OPT_6, '-', "SHA512-based password algorithm"},
|
||||
{"5", OPT_5, '-', "SHA256-based password algorithm"},
|
||||
{"apr1", OPT_APR1, '-', "MD5-based password algorithm, Apache variant"},
|
||||
{"1", OPT_1, '-', "MD5-based password algorithm"},
|
||||
{"aixmd5", OPT_AIXMD5, '-', "AIX MD5-based password algorithm"},
|
||||
#ifndef OPENSSL_NO_DES
|
||||
{"crypt", OPT_CRYPT, '-', "Standard Unix password algorithm (default)"},
|
||||
#endif
|
||||
OPT_R_OPTIONS,
|
||||
{NULL}
|
||||
};
|
||||
|
||||
int passwd_main(int argc, char **argv)
|
||||
{
|
||||
BIO *in = NULL;
|
||||
char *infile = NULL, *salt = NULL, *passwd = NULL, **passwds = NULL;
|
||||
char *salt_malloc = NULL, *passwd_malloc = NULL, *prog;
|
||||
OPTION_CHOICE o;
|
||||
int in_stdin = 0, pw_source_defined = 0;
|
||||
#ifndef OPENSSL_NO_UI_CONSOLE
|
||||
int in_noverify = 0;
|
||||
#endif
|
||||
int passed_salt = 0, quiet = 0, table = 0, reverse = 0;
|
||||
int ret = 1;
|
||||
passwd_modes mode = passwd_unset;
|
||||
size_t passwd_malloc_size = 0;
|
||||
size_t pw_maxlen = 256; /* arbitrary limit, should be enough for most
|
||||
* passwords */
|
||||
|
||||
prog = opt_init(argc, argv, passwd_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF:
|
||||
case OPT_ERR:
|
||||
opthelp:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
case OPT_HELP:
|
||||
opt_help(passwd_options);
|
||||
ret = 0;
|
||||
goto end;
|
||||
case OPT_IN:
|
||||
if (pw_source_defined)
|
||||
goto opthelp;
|
||||
infile = opt_arg();
|
||||
pw_source_defined = 1;
|
||||
break;
|
||||
case OPT_NOVERIFY:
|
||||
#ifndef OPENSSL_NO_UI_CONSOLE
|
||||
in_noverify = 1;
|
||||
#endif
|
||||
break;
|
||||
case OPT_QUIET:
|
||||
quiet = 1;
|
||||
break;
|
||||
case OPT_TABLE:
|
||||
table = 1;
|
||||
break;
|
||||
case OPT_REVERSE:
|
||||
reverse = 1;
|
||||
break;
|
||||
case OPT_1:
|
||||
if (mode != passwd_unset)
|
||||
goto opthelp;
|
||||
mode = passwd_md5;
|
||||
break;
|
||||
case OPT_5:
|
||||
if (mode != passwd_unset)
|
||||
goto opthelp;
|
||||
mode = passwd_sha256;
|
||||
break;
|
||||
case OPT_6:
|
||||
if (mode != passwd_unset)
|
||||
goto opthelp;
|
||||
mode = passwd_sha512;
|
||||
break;
|
||||
case OPT_APR1:
|
||||
if (mode != passwd_unset)
|
||||
goto opthelp;
|
||||
mode = passwd_apr1;
|
||||
break;
|
||||
case OPT_AIXMD5:
|
||||
if (mode != passwd_unset)
|
||||
goto opthelp;
|
||||
mode = passwd_aixmd5;
|
||||
break;
|
||||
case OPT_CRYPT:
|
||||
#ifndef OPENSSL_NO_DES
|
||||
if (mode != passwd_unset)
|
||||
goto opthelp;
|
||||
mode = passwd_crypt;
|
||||
#endif
|
||||
break;
|
||||
case OPT_SALT:
|
||||
passed_salt = 1;
|
||||
salt = opt_arg();
|
||||
break;
|
||||
case OPT_STDIN:
|
||||
if (pw_source_defined)
|
||||
goto opthelp;
|
||||
in_stdin = 1;
|
||||
pw_source_defined = 1;
|
||||
break;
|
||||
case OPT_R_CASES:
|
||||
if (!opt_rand(o))
|
||||
goto end;
|
||||
break;
|
||||
}
|
||||
}
|
||||
argc = opt_num_rest();
|
||||
argv = opt_rest();
|
||||
|
||||
if (*argv != NULL) {
|
||||
if (pw_source_defined)
|
||||
goto opthelp;
|
||||
pw_source_defined = 1;
|
||||
passwds = argv;
|
||||
}
|
||||
|
||||
if (mode == passwd_unset) {
|
||||
/* use default */
|
||||
mode = passwd_crypt;
|
||||
}
|
||||
|
||||
#ifdef OPENSSL_NO_DES
|
||||
if (mode == passwd_crypt)
|
||||
goto opthelp;
|
||||
#endif
|
||||
|
||||
if (infile != NULL && in_stdin) {
|
||||
BIO_printf(bio_err, "%s: Can't combine -in and -stdin\n", prog);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (infile != NULL || in_stdin) {
|
||||
/*
|
||||
* If in_stdin is true, we know that infile is NULL, and that
|
||||
* bio_open_default() will give us back an alias for stdin.
|
||||
*/
|
||||
in = bio_open_default(infile, 'r', FORMAT_TEXT);
|
||||
if (in == NULL)
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (mode == passwd_crypt)
|
||||
pw_maxlen = 8;
|
||||
|
||||
if (passwds == NULL) {
|
||||
/* no passwords on the command line */
|
||||
|
||||
passwd_malloc_size = pw_maxlen + 2;
|
||||
/* longer than necessary so that we can warn about truncation */
|
||||
passwd = passwd_malloc =
|
||||
app_malloc(passwd_malloc_size, "password buffer");
|
||||
}
|
||||
|
||||
if ((in == NULL) && (passwds == NULL)) {
|
||||
/*
|
||||
* we use the following method to make sure what
|
||||
* in the 'else' section is always compiled, to
|
||||
* avoid rot of not-frequently-used code.
|
||||
*/
|
||||
if (1) {
|
||||
#ifndef OPENSSL_NO_UI_CONSOLE
|
||||
/* build a null-terminated list */
|
||||
static char *passwds_static[2] = { NULL, NULL };
|
||||
|
||||
passwds = passwds_static;
|
||||
if (in == NULL) {
|
||||
if (EVP_read_pw_string
|
||||
(passwd_malloc, passwd_malloc_size, "Password: ",
|
||||
!(passed_salt || in_noverify)) != 0)
|
||||
goto end;
|
||||
}
|
||||
passwds[0] = passwd_malloc;
|
||||
} else {
|
||||
#endif
|
||||
BIO_printf(bio_err, "password required\n");
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if (in == NULL) {
|
||||
assert(passwds != NULL);
|
||||
assert(*passwds != NULL);
|
||||
|
||||
do { /* loop over list of passwords */
|
||||
passwd = *passwds++;
|
||||
if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, bio_out,
|
||||
quiet, table, reverse, pw_maxlen, mode))
|
||||
goto end;
|
||||
} while (*passwds != NULL);
|
||||
} else {
|
||||
/* in != NULL */
|
||||
int done;
|
||||
|
||||
assert(passwd != NULL);
|
||||
do {
|
||||
int r = BIO_gets(in, passwd, pw_maxlen + 1);
|
||||
if (r > 0) {
|
||||
char *c = (strchr(passwd, '\n'));
|
||||
if (c != NULL) {
|
||||
*c = 0; /* truncate at newline */
|
||||
} else {
|
||||
/* ignore rest of line */
|
||||
char trash[BUFSIZ];
|
||||
do
|
||||
r = BIO_gets(in, trash, sizeof(trash));
|
||||
while ((r > 0) && (!strchr(trash, '\n')));
|
||||
}
|
||||
|
||||
if (!do_passwd
|
||||
(passed_salt, &salt, &salt_malloc, passwd, bio_out, quiet,
|
||||
table, reverse, pw_maxlen, mode))
|
||||
goto end;
|
||||
}
|
||||
done = (r <= 0);
|
||||
} while (!done);
|
||||
}
|
||||
ret = 0;
|
||||
|
||||
end:
|
||||
#if 0
|
||||
ERR_print_errors(bio_err);
|
||||
#endif
|
||||
OPENSSL_free(salt_malloc);
|
||||
OPENSSL_free(passwd_malloc);
|
||||
BIO_free(in);
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
* MD5-based password algorithm (should probably be available as a library
|
||||
* function; then the static buffer would not be acceptable). For magic
|
||||
* string "1", this should be compatible to the MD5-based BSD password
|
||||
* algorithm. For 'magic' string "apr1", this is compatible to the MD5-based
|
||||
* Apache password algorithm. (Apparently, the Apache password algorithm is
|
||||
* identical except that the 'magic' string was changed -- the laziest
|
||||
* application of the NIH principle I've ever encountered.)
|
||||
*/
|
||||
static char *md5crypt(const char *passwd, const char *magic, const char *salt)
|
||||
{
|
||||
/* "$apr1$..salt..$.......md5hash..........\0" */
|
||||
static char out_buf[6 + 9 + 24 + 2];
|
||||
unsigned char buf[MD5_DIGEST_LENGTH];
|
||||
char ascii_magic[5]; /* "apr1" plus '\0' */
|
||||
char ascii_salt[9]; /* Max 8 chars plus '\0' */
|
||||
char *ascii_passwd = NULL;
|
||||
char *salt_out;
|
||||
int n;
|
||||
unsigned int i;
|
||||
EVP_MD_CTX *md = NULL, *md2 = NULL;
|
||||
size_t passwd_len, salt_len, magic_len;
|
||||
|
||||
passwd_len = strlen(passwd);
|
||||
|
||||
out_buf[0] = 0;
|
||||
magic_len = strlen(magic);
|
||||
OPENSSL_strlcpy(ascii_magic, magic, sizeof(ascii_magic));
|
||||
#ifdef CHARSET_EBCDIC
|
||||
if ((magic[0] & 0x80) != 0) /* High bit is 1 in EBCDIC alnums */
|
||||
ebcdic2ascii(ascii_magic, ascii_magic, magic_len);
|
||||
#endif
|
||||
|
||||
/* The salt gets truncated to 8 chars */
|
||||
OPENSSL_strlcpy(ascii_salt, salt, sizeof(ascii_salt));
|
||||
salt_len = strlen(ascii_salt);
|
||||
#ifdef CHARSET_EBCDIC
|
||||
ebcdic2ascii(ascii_salt, ascii_salt, salt_len);
|
||||
#endif
|
||||
|
||||
#ifdef CHARSET_EBCDIC
|
||||
ascii_passwd = OPENSSL_strdup(passwd);
|
||||
if (ascii_passwd == NULL)
|
||||
return NULL;
|
||||
ebcdic2ascii(ascii_passwd, ascii_passwd, passwd_len);
|
||||
passwd = ascii_passwd;
|
||||
#endif
|
||||
|
||||
if (magic_len > 0) {
|
||||
OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf));
|
||||
|
||||
if (magic_len > 4) /* assert it's "1" or "apr1" */
|
||||
goto err;
|
||||
|
||||
OPENSSL_strlcat(out_buf, ascii_magic, sizeof(out_buf));
|
||||
OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf));
|
||||
}
|
||||
|
||||
OPENSSL_strlcat(out_buf, ascii_salt, sizeof(out_buf));
|
||||
|
||||
if (strlen(out_buf) > 6 + 8) /* assert "$apr1$..salt.." */
|
||||
goto err;
|
||||
|
||||
salt_out = out_buf;
|
||||
if (magic_len > 0)
|
||||
salt_out += 2 + magic_len;
|
||||
|
||||
if (salt_len > 8)
|
||||
goto err;
|
||||
|
||||
md = EVP_MD_CTX_new();
|
||||
if (md == NULL
|
||||
|| !EVP_DigestInit_ex(md, EVP_md5(), NULL)
|
||||
|| !EVP_DigestUpdate(md, passwd, passwd_len))
|
||||
goto err;
|
||||
|
||||
if (magic_len > 0)
|
||||
if (!EVP_DigestUpdate(md, ascii_dollar, 1)
|
||||
|| !EVP_DigestUpdate(md, ascii_magic, magic_len)
|
||||
|| !EVP_DigestUpdate(md, ascii_dollar, 1))
|
||||
goto err;
|
||||
|
||||
if (!EVP_DigestUpdate(md, ascii_salt, salt_len))
|
||||
goto err;
|
||||
|
||||
md2 = EVP_MD_CTX_new();
|
||||
if (md2 == NULL
|
||||
|| !EVP_DigestInit_ex(md2, EVP_md5(), NULL)
|
||||
|| !EVP_DigestUpdate(md2, passwd, passwd_len)
|
||||
|| !EVP_DigestUpdate(md2, ascii_salt, salt_len)
|
||||
|| !EVP_DigestUpdate(md2, passwd, passwd_len)
|
||||
|| !EVP_DigestFinal_ex(md2, buf, NULL))
|
||||
goto err;
|
||||
|
||||
for (i = passwd_len; i > sizeof(buf); i -= sizeof(buf)) {
|
||||
if (!EVP_DigestUpdate(md, buf, sizeof(buf)))
|
||||
goto err;
|
||||
}
|
||||
if (!EVP_DigestUpdate(md, buf, i))
|
||||
goto err;
|
||||
|
||||
n = passwd_len;
|
||||
while (n) {
|
||||
if (!EVP_DigestUpdate(md, (n & 1) ? "\0" : passwd, 1))
|
||||
goto err;
|
||||
n >>= 1;
|
||||
}
|
||||
if (!EVP_DigestFinal_ex(md, buf, NULL))
|
||||
return NULL;
|
||||
|
||||
for (i = 0; i < 1000; i++) {
|
||||
if (!EVP_DigestInit_ex(md2, EVP_md5(), NULL))
|
||||
goto err;
|
||||
if (!EVP_DigestUpdate(md2,
|
||||
(i & 1) ? (unsigned const char *)passwd : buf,
|
||||
(i & 1) ? passwd_len : sizeof(buf)))
|
||||
goto err;
|
||||
if (i % 3) {
|
||||
if (!EVP_DigestUpdate(md2, ascii_salt, salt_len))
|
||||
goto err;
|
||||
}
|
||||
if (i % 7) {
|
||||
if (!EVP_DigestUpdate(md2, passwd, passwd_len))
|
||||
goto err;
|
||||
}
|
||||
if (!EVP_DigestUpdate(md2,
|
||||
(i & 1) ? buf : (unsigned const char *)passwd,
|
||||
(i & 1) ? sizeof(buf) : passwd_len))
|
||||
goto err;
|
||||
if (!EVP_DigestFinal_ex(md2, buf, NULL))
|
||||
goto err;
|
||||
}
|
||||
EVP_MD_CTX_free(md2);
|
||||
EVP_MD_CTX_free(md);
|
||||
md2 = NULL;
|
||||
md = NULL;
|
||||
|
||||
{
|
||||
/* transform buf into output string */
|
||||
unsigned char buf_perm[sizeof(buf)];
|
||||
int dest, source;
|
||||
char *output;
|
||||
|
||||
/* silly output permutation */
|
||||
for (dest = 0, source = 0; dest < 14;
|
||||
dest++, source = (source + 6) % 17)
|
||||
buf_perm[dest] = buf[source];
|
||||
buf_perm[14] = buf[5];
|
||||
buf_perm[15] = buf[11];
|
||||
# ifndef PEDANTIC /* Unfortunately, this generates a "no
|
||||
* effect" warning */
|
||||
assert(16 == sizeof(buf_perm));
|
||||
# endif
|
||||
|
||||
output = salt_out + salt_len;
|
||||
assert(output == out_buf + strlen(out_buf));
|
||||
|
||||
*output++ = ascii_dollar[0];
|
||||
|
||||
for (i = 0; i < 15; i += 3) {
|
||||
*output++ = cov_2char[buf_perm[i + 2] & 0x3f];
|
||||
*output++ = cov_2char[((buf_perm[i + 1] & 0xf) << 2) |
|
||||
(buf_perm[i + 2] >> 6)];
|
||||
*output++ = cov_2char[((buf_perm[i] & 3) << 4) |
|
||||
(buf_perm[i + 1] >> 4)];
|
||||
*output++ = cov_2char[buf_perm[i] >> 2];
|
||||
}
|
||||
assert(i == 15);
|
||||
*output++ = cov_2char[buf_perm[i] & 0x3f];
|
||||
*output++ = cov_2char[buf_perm[i] >> 6];
|
||||
*output = 0;
|
||||
assert(strlen(out_buf) < sizeof(out_buf));
|
||||
#ifdef CHARSET_EBCDIC
|
||||
ascii2ebcdic(out_buf, out_buf, strlen(out_buf));
|
||||
#endif
|
||||
}
|
||||
|
||||
return out_buf;
|
||||
|
||||
err:
|
||||
OPENSSL_free(ascii_passwd);
|
||||
EVP_MD_CTX_free(md2);
|
||||
EVP_MD_CTX_free(md);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/*
|
||||
* SHA based password algorithm, describe by Ulrich Drepper here:
|
||||
* https://www.akkadia.org/drepper/SHA-crypt.txt
|
||||
* (note that it's in the public domain)
|
||||
*/
|
||||
static char *shacrypt(const char *passwd, const char *magic, const char *salt)
|
||||
{
|
||||
/* Prefix for optional rounds specification. */
|
||||
static const char rounds_prefix[] = "rounds=";
|
||||
/* Maximum salt string length. */
|
||||
# define SALT_LEN_MAX 16
|
||||
/* Default number of rounds if not explicitly specified. */
|
||||
# define ROUNDS_DEFAULT 5000
|
||||
/* Minimum number of rounds. */
|
||||
# define ROUNDS_MIN 1000
|
||||
/* Maximum number of rounds. */
|
||||
# define ROUNDS_MAX 999999999
|
||||
|
||||
/* "$6$rounds=<N>$......salt......$...shahash(up to 86 chars)...\0" */
|
||||
static char out_buf[3 + 17 + 17 + 86 + 1];
|
||||
unsigned char buf[SHA512_DIGEST_LENGTH];
|
||||
unsigned char temp_buf[SHA512_DIGEST_LENGTH];
|
||||
size_t buf_size = 0;
|
||||
char ascii_magic[2];
|
||||
char ascii_salt[17]; /* Max 16 chars plus '\0' */
|
||||
char *ascii_passwd = NULL;
|
||||
size_t n;
|
||||
EVP_MD_CTX *md = NULL, *md2 = NULL;
|
||||
const EVP_MD *sha = NULL;
|
||||
size_t passwd_len, salt_len, magic_len;
|
||||
unsigned int rounds = 5000; /* Default */
|
||||
char rounds_custom = 0;
|
||||
char *p_bytes = NULL;
|
||||
char *s_bytes = NULL;
|
||||
char *cp = NULL;
|
||||
|
||||
passwd_len = strlen(passwd);
|
||||
magic_len = strlen(magic);
|
||||
|
||||
/* assert it's "5" or "6" */
|
||||
if (magic_len != 1)
|
||||
return NULL;
|
||||
|
||||
switch (magic[0]) {
|
||||
case '5':
|
||||
sha = EVP_sha256();
|
||||
buf_size = 32;
|
||||
break;
|
||||
case '6':
|
||||
sha = EVP_sha512();
|
||||
buf_size = 64;
|
||||
break;
|
||||
default:
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (strncmp(salt, rounds_prefix, sizeof(rounds_prefix) - 1) == 0) {
|
||||
const char *num = salt + sizeof(rounds_prefix) - 1;
|
||||
char *endp;
|
||||
unsigned long int srounds = strtoul (num, &endp, 10);
|
||||
if (*endp == '$') {
|
||||
salt = endp + 1;
|
||||
if (srounds > ROUNDS_MAX)
|
||||
rounds = ROUNDS_MAX;
|
||||
else if (srounds < ROUNDS_MIN)
|
||||
rounds = ROUNDS_MIN;
|
||||
else
|
||||
rounds = (unsigned int)srounds;
|
||||
rounds_custom = 1;
|
||||
} else {
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
OPENSSL_strlcpy(ascii_magic, magic, sizeof(ascii_magic));
|
||||
#ifdef CHARSET_EBCDIC
|
||||
if ((magic[0] & 0x80) != 0) /* High bit is 1 in EBCDIC alnums */
|
||||
ebcdic2ascii(ascii_magic, ascii_magic, magic_len);
|
||||
#endif
|
||||
|
||||
/* The salt gets truncated to 16 chars */
|
||||
OPENSSL_strlcpy(ascii_salt, salt, sizeof(ascii_salt));
|
||||
salt_len = strlen(ascii_salt);
|
||||
#ifdef CHARSET_EBCDIC
|
||||
ebcdic2ascii(ascii_salt, ascii_salt, salt_len);
|
||||
#endif
|
||||
|
||||
#ifdef CHARSET_EBCDIC
|
||||
ascii_passwd = OPENSSL_strdup(passwd);
|
||||
if (ascii_passwd == NULL)
|
||||
return NULL;
|
||||
ebcdic2ascii(ascii_passwd, ascii_passwd, passwd_len);
|
||||
passwd = ascii_passwd;
|
||||
#endif
|
||||
|
||||
out_buf[0] = 0;
|
||||
OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf));
|
||||
OPENSSL_strlcat(out_buf, ascii_magic, sizeof(out_buf));
|
||||
OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf));
|
||||
if (rounds_custom) {
|
||||
char tmp_buf[80]; /* "rounds=999999999" */
|
||||
sprintf(tmp_buf, "rounds=%u", rounds);
|
||||
#ifdef CHARSET_EBCDIC
|
||||
/* In case we're really on a ASCII based platform and just pretend */
|
||||
if (tmp_buf[0] != 0x72) /* ASCII 'r' */
|
||||
ebcdic2ascii(tmp_buf, tmp_buf, strlen(tmp_buf));
|
||||
#endif
|
||||
OPENSSL_strlcat(out_buf, tmp_buf, sizeof(out_buf));
|
||||
OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf));
|
||||
}
|
||||
OPENSSL_strlcat(out_buf, ascii_salt, sizeof(out_buf));
|
||||
|
||||
/* assert "$5$rounds=999999999$......salt......" */
|
||||
if (strlen(out_buf) > 3 + 17 * rounds_custom + salt_len )
|
||||
goto err;
|
||||
|
||||
md = EVP_MD_CTX_new();
|
||||
if (md == NULL
|
||||
|| !EVP_DigestInit_ex(md, sha, NULL)
|
||||
|| !EVP_DigestUpdate(md, passwd, passwd_len)
|
||||
|| !EVP_DigestUpdate(md, ascii_salt, salt_len))
|
||||
goto err;
|
||||
|
||||
md2 = EVP_MD_CTX_new();
|
||||
if (md2 == NULL
|
||||
|| !EVP_DigestInit_ex(md2, sha, NULL)
|
||||
|| !EVP_DigestUpdate(md2, passwd, passwd_len)
|
||||
|| !EVP_DigestUpdate(md2, ascii_salt, salt_len)
|
||||
|| !EVP_DigestUpdate(md2, passwd, passwd_len)
|
||||
|| !EVP_DigestFinal_ex(md2, buf, NULL))
|
||||
goto err;
|
||||
|
||||
for (n = passwd_len; n > buf_size; n -= buf_size) {
|
||||
if (!EVP_DigestUpdate(md, buf, buf_size))
|
||||
goto err;
|
||||
}
|
||||
if (!EVP_DigestUpdate(md, buf, n))
|
||||
goto err;
|
||||
|
||||
n = passwd_len;
|
||||
while (n) {
|
||||
if (!EVP_DigestUpdate(md,
|
||||
(n & 1) ? buf : (unsigned const char *)passwd,
|
||||
(n & 1) ? buf_size : passwd_len))
|
||||
goto err;
|
||||
n >>= 1;
|
||||
}
|
||||
if (!EVP_DigestFinal_ex(md, buf, NULL))
|
||||
return NULL;
|
||||
|
||||
/* P sequence */
|
||||
if (!EVP_DigestInit_ex(md2, sha, NULL))
|
||||
goto err;
|
||||
|
||||
for (n = passwd_len; n > 0; n--)
|
||||
if (!EVP_DigestUpdate(md2, passwd, passwd_len))
|
||||
goto err;
|
||||
|
||||
if (!EVP_DigestFinal_ex(md2, temp_buf, NULL))
|
||||
return NULL;
|
||||
|
||||
if ((p_bytes = OPENSSL_zalloc(passwd_len)) == NULL)
|
||||
goto err;
|
||||
for (cp = p_bytes, n = passwd_len; n > buf_size; n -= buf_size, cp += buf_size)
|
||||
memcpy(cp, temp_buf, buf_size);
|
||||
memcpy(cp, temp_buf, n);
|
||||
|
||||
/* S sequence */
|
||||
if (!EVP_DigestInit_ex(md2, sha, NULL))
|
||||
goto err;
|
||||
|
||||
for (n = 16 + buf[0]; n > 0; n--)
|
||||
if (!EVP_DigestUpdate(md2, ascii_salt, salt_len))
|
||||
goto err;
|
||||
|
||||
if (!EVP_DigestFinal_ex(md2, temp_buf, NULL))
|
||||
return NULL;
|
||||
|
||||
if ((s_bytes = OPENSSL_zalloc(salt_len)) == NULL)
|
||||
goto err;
|
||||
for (cp = s_bytes, n = salt_len; n > buf_size; n -= buf_size, cp += buf_size)
|
||||
memcpy(cp, temp_buf, buf_size);
|
||||
memcpy(cp, temp_buf, n);
|
||||
|
||||
for (n = 0; n < rounds; n++) {
|
||||
if (!EVP_DigestInit_ex(md2, sha, NULL))
|
||||
goto err;
|
||||
if (!EVP_DigestUpdate(md2,
|
||||
(n & 1) ? (unsigned const char *)p_bytes : buf,
|
||||
(n & 1) ? passwd_len : buf_size))
|
||||
goto err;
|
||||
if (n % 3) {
|
||||
if (!EVP_DigestUpdate(md2, s_bytes, salt_len))
|
||||
goto err;
|
||||
}
|
||||
if (n % 7) {
|
||||
if (!EVP_DigestUpdate(md2, p_bytes, passwd_len))
|
||||
goto err;
|
||||
}
|
||||
if (!EVP_DigestUpdate(md2,
|
||||
(n & 1) ? buf : (unsigned const char *)p_bytes,
|
||||
(n & 1) ? buf_size : passwd_len))
|
||||
goto err;
|
||||
if (!EVP_DigestFinal_ex(md2, buf, NULL))
|
||||
goto err;
|
||||
}
|
||||
EVP_MD_CTX_free(md2);
|
||||
EVP_MD_CTX_free(md);
|
||||
md2 = NULL;
|
||||
md = NULL;
|
||||
OPENSSL_free(p_bytes);
|
||||
OPENSSL_free(s_bytes);
|
||||
p_bytes = NULL;
|
||||
s_bytes = NULL;
|
||||
|
||||
cp = out_buf + strlen(out_buf);
|
||||
*cp++ = ascii_dollar[0];
|
||||
|
||||
# define b64_from_24bit(B2, B1, B0, N) \
|
||||
do { \
|
||||
unsigned int w = ((B2) << 16) | ((B1) << 8) | (B0); \
|
||||
int i = (N); \
|
||||
while (i-- > 0) \
|
||||
{ \
|
||||
*cp++ = cov_2char[w & 0x3f]; \
|
||||
w >>= 6; \
|
||||
} \
|
||||
} while (0)
|
||||
|
||||
switch (magic[0]) {
|
||||
case '5':
|
||||
b64_from_24bit (buf[0], buf[10], buf[20], 4);
|
||||
b64_from_24bit (buf[21], buf[1], buf[11], 4);
|
||||
b64_from_24bit (buf[12], buf[22], buf[2], 4);
|
||||
b64_from_24bit (buf[3], buf[13], buf[23], 4);
|
||||
b64_from_24bit (buf[24], buf[4], buf[14], 4);
|
||||
b64_from_24bit (buf[15], buf[25], buf[5], 4);
|
||||
b64_from_24bit (buf[6], buf[16], buf[26], 4);
|
||||
b64_from_24bit (buf[27], buf[7], buf[17], 4);
|
||||
b64_from_24bit (buf[18], buf[28], buf[8], 4);
|
||||
b64_from_24bit (buf[9], buf[19], buf[29], 4);
|
||||
b64_from_24bit (0, buf[31], buf[30], 3);
|
||||
break;
|
||||
case '6':
|
||||
b64_from_24bit (buf[0], buf[21], buf[42], 4);
|
||||
b64_from_24bit (buf[22], buf[43], buf[1], 4);
|
||||
b64_from_24bit (buf[44], buf[2], buf[23], 4);
|
||||
b64_from_24bit (buf[3], buf[24], buf[45], 4);
|
||||
b64_from_24bit (buf[25], buf[46], buf[4], 4);
|
||||
b64_from_24bit (buf[47], buf[5], buf[26], 4);
|
||||
b64_from_24bit (buf[6], buf[27], buf[48], 4);
|
||||
b64_from_24bit (buf[28], buf[49], buf[7], 4);
|
||||
b64_from_24bit (buf[50], buf[8], buf[29], 4);
|
||||
b64_from_24bit (buf[9], buf[30], buf[51], 4);
|
||||
b64_from_24bit (buf[31], buf[52], buf[10], 4);
|
||||
b64_from_24bit (buf[53], buf[11], buf[32], 4);
|
||||
b64_from_24bit (buf[12], buf[33], buf[54], 4);
|
||||
b64_from_24bit (buf[34], buf[55], buf[13], 4);
|
||||
b64_from_24bit (buf[56], buf[14], buf[35], 4);
|
||||
b64_from_24bit (buf[15], buf[36], buf[57], 4);
|
||||
b64_from_24bit (buf[37], buf[58], buf[16], 4);
|
||||
b64_from_24bit (buf[59], buf[17], buf[38], 4);
|
||||
b64_from_24bit (buf[18], buf[39], buf[60], 4);
|
||||
b64_from_24bit (buf[40], buf[61], buf[19], 4);
|
||||
b64_from_24bit (buf[62], buf[20], buf[41], 4);
|
||||
b64_from_24bit (0, 0, buf[63], 2);
|
||||
break;
|
||||
default:
|
||||
goto err;
|
||||
}
|
||||
*cp = '\0';
|
||||
#ifdef CHARSET_EBCDIC
|
||||
ascii2ebcdic(out_buf, out_buf, strlen(out_buf));
|
||||
#endif
|
||||
|
||||
return out_buf;
|
||||
|
||||
err:
|
||||
EVP_MD_CTX_free(md2);
|
||||
EVP_MD_CTX_free(md);
|
||||
OPENSSL_free(p_bytes);
|
||||
OPENSSL_free(s_bytes);
|
||||
OPENSSL_free(ascii_passwd);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
|
||||
char *passwd, BIO *out, int quiet, int table,
|
||||
int reverse, size_t pw_maxlen, passwd_modes mode)
|
||||
{
|
||||
char *hash = NULL;
|
||||
|
||||
assert(salt_p != NULL);
|
||||
assert(salt_malloc_p != NULL);
|
||||
|
||||
/* first make sure we have a salt */
|
||||
if (!passed_salt) {
|
||||
size_t saltlen = 0;
|
||||
size_t i;
|
||||
|
||||
#ifndef OPENSSL_NO_DES
|
||||
if (mode == passwd_crypt)
|
||||
saltlen = 2;
|
||||
#endif /* !OPENSSL_NO_DES */
|
||||
|
||||
if (mode == passwd_md5 || mode == passwd_apr1 || mode == passwd_aixmd5)
|
||||
saltlen = 8;
|
||||
|
||||
if (mode == passwd_sha256 || mode == passwd_sha512)
|
||||
saltlen = 16;
|
||||
|
||||
assert(saltlen != 0);
|
||||
|
||||
if (*salt_malloc_p == NULL)
|
||||
*salt_p = *salt_malloc_p = app_malloc(saltlen + 1, "salt buffer");
|
||||
if (RAND_bytes((unsigned char *)*salt_p, saltlen) <= 0)
|
||||
goto end;
|
||||
|
||||
for (i = 0; i < saltlen; i++)
|
||||
(*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */
|
||||
(*salt_p)[i] = 0;
|
||||
# ifdef CHARSET_EBCDIC
|
||||
/* The password encryption funtion will convert back to ASCII */
|
||||
ascii2ebcdic(*salt_p, *salt_p, saltlen);
|
||||
# endif
|
||||
}
|
||||
|
||||
assert(*salt_p != NULL);
|
||||
|
||||
/* truncate password if necessary */
|
||||
if ((strlen(passwd) > pw_maxlen)) {
|
||||
if (!quiet)
|
||||
/*
|
||||
* XXX: really we should know how to print a size_t, not cast it
|
||||
*/
|
||||
BIO_printf(bio_err,
|
||||
"Warning: truncating password to %u characters\n",
|
||||
(unsigned)pw_maxlen);
|
||||
passwd[pw_maxlen] = 0;
|
||||
}
|
||||
assert(strlen(passwd) <= pw_maxlen);
|
||||
|
||||
/* now compute password hash */
|
||||
#ifndef OPENSSL_NO_DES
|
||||
if (mode == passwd_crypt)
|
||||
hash = DES_crypt(passwd, *salt_p);
|
||||
#endif
|
||||
if (mode == passwd_md5 || mode == passwd_apr1)
|
||||
hash = md5crypt(passwd, (mode == passwd_md5 ? "1" : "apr1"), *salt_p);
|
||||
if (mode == passwd_aixmd5)
|
||||
hash = md5crypt(passwd, "", *salt_p);
|
||||
if (mode == passwd_sha256 || mode == passwd_sha512)
|
||||
hash = shacrypt(passwd, (mode == passwd_sha256 ? "5" : "6"), *salt_p);
|
||||
assert(hash != NULL);
|
||||
|
||||
if (table && !reverse)
|
||||
BIO_printf(out, "%s\t%s\n", passwd, hash);
|
||||
else if (table && reverse)
|
||||
BIO_printf(out, "%s\t%s\n", hash, passwd);
|
||||
else
|
||||
BIO_printf(out, "%s\n", hash);
|
||||
return 1;
|
||||
|
||||
end:
|
||||
return 0;
|
||||
}
|
1
trunk/3rdparty/openssl-1.1-fit/apps/pca-cert.srl
vendored
Normal file
1
trunk/3rdparty/openssl-1.1-fit/apps/pca-cert.srl
vendored
Normal file
|
@ -0,0 +1 @@
|
|||
07
|
16
trunk/3rdparty/openssl-1.1-fit/apps/pca-key.pem
vendored
Normal file
16
trunk/3rdparty/openssl-1.1-fit/apps/pca-key.pem
vendored
Normal file
|
@ -0,0 +1,16 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALYYjjtpLs/lfkPF
|
||||
xAFZ4V3He5mZFbsEakK9bA2fQaryreRwyfhbXbDJHyBV+c4xI5fbmmVd2t/us4k4
|
||||
rMhGsBtL89SqCEHhPJpLFywiQVmJTAjANYrWkZK5uR/++YmZyzuLfPHLButuK6cF
|
||||
GKXw3NNToxjYooMf0mad2rPX3cKTAgMBAAECgYBvrJ+Nz/Pli9jjt2V9bqHH4Y7r
|
||||
o/avuwVv6Ltbn0+mhy4d6w3yQhYzVSTBr/iDe59YglUt1WFl8/4nKZrNOIzHJlav
|
||||
Sw4hd3fYBHxbT+DgZMQ9ikjHECWRdDffrnlTLsSJAcxnpMJBPe3dKCRDMUrqWUvB
|
||||
IIKaxyqmXJms5Y/wAQJBAPFL9NMKJcWBftMKXCasxsV0ZGjgqHGZODYjtGFN9jJO
|
||||
6AbZrxfCcapTWG4RCC2o/EDEMN8aArEhfdrYY3lhXGsCQQDBMRzFevkD7SYXTw5G
|
||||
NA/gJOAsFMYbt7tebcCRsHT7t3ymVfO2QwK7ZF0f/SYvi7cMAPraHvO7s3kFdGTB
|
||||
kDx5AkAHBICASsFCdzurA5gef9PgFjx9WFtNwnkCChPK6KuKVwUkfdw7wqnvnDDs
|
||||
Mo6cVVfQwmPxeR4u7JxuavCprQ01AkEAp5ZGAh1J9Jj9CQ1AMbAp8WOrvzGKJTM9
|
||||
641Dll4/LLif/d7j2kDJFuvaSMyeGnKVqGkVMq/U+QeYPR4Z5TuM6QJAWK05qFed
|
||||
wYgTZyVN0MY53ZOMAIWwjz0cr24TvDfmsZqIvguGL616GKQZKdKDZQyQHg+dCzqJ
|
||||
HgIoacuFDKz5CA==
|
||||
-----END PRIVATE KEY-----
|
11
trunk/3rdparty/openssl-1.1-fit/apps/pca-req.pem
vendored
Normal file
11
trunk/3rdparty/openssl-1.1-fit/apps/pca-req.pem
vendored
Normal file
|
@ -0,0 +1,11 @@
|
|||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIIBnDCCAQUCAQAwXDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClF1ZWVuc2xhbmQx
|
||||
GjAYBgNVBAoMEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDDBNUZXN0IFBDQSAo
|
||||
MTAyNCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2GI47aS7P5X5D
|
||||
xcQBWeFdx3uZmRW7BGpCvWwNn0Gq8q3kcMn4W12wyR8gVfnOMSOX25plXdrf7rOJ
|
||||
OKzIRrAbS/PUqghB4TyaSxcsIkFZiUwIwDWK1pGSubkf/vmJmcs7i3zxywbrbiun
|
||||
BRil8NzTU6MY2KKDH9Jmndqz193CkwIDAQABoAAwDQYJKoZIhvcNAQELBQADgYEA
|
||||
eJdCB0nHnFK0hek4biAxX0GuJXkknuUy46NKEhv3GBwt4gtO29bfkbQTGOsBBKNs
|
||||
KptlnkItscOXY+0lSva9K3XlwD9do7k2IZFtXJVayZVw1GcKybIY0l7B6kcSxG7T
|
||||
f3CsO+ifdrsJKtyoZNs96lBMrtXyGybt3mgQNdZauQU=
|
||||
-----END CERTIFICATE REQUEST-----
|
968
trunk/3rdparty/openssl-1.1-fit/apps/pkcs12.c
vendored
Normal file
968
trunk/3rdparty/openssl-1.1-fit/apps/pkcs12.c
vendored
Normal file
|
@ -0,0 +1,968 @@
|
|||
/*
|
||||
* Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <openssl/opensslconf.h>
|
||||
#if defined(OPENSSL_NO_DES)
|
||||
NON_EMPTY_TRANSLATION_UNIT
|
||||
#else
|
||||
|
||||
# include <stdio.h>
|
||||
# include <stdlib.h>
|
||||
# include <string.h>
|
||||
# include "apps.h"
|
||||
# include "progs.h"
|
||||
# include <openssl/crypto.h>
|
||||
# include <openssl/err.h>
|
||||
# include <openssl/pem.h>
|
||||
# include <openssl/pkcs12.h>
|
||||
|
||||
# define NOKEYS 0x1
|
||||
# define NOCERTS 0x2
|
||||
# define INFO 0x4
|
||||
# define CLCERTS 0x8
|
||||
# define CACERTS 0x10
|
||||
|
||||
#define PASSWD_BUF_SIZE 2048
|
||||
|
||||
static int get_cert_chain(X509 *cert, X509_STORE *store,
|
||||
STACK_OF(X509) **chain);
|
||||
int dump_certs_keys_p12(BIO *out, const PKCS12 *p12,
|
||||
const char *pass, int passlen, int options,
|
||||
char *pempass, const EVP_CIPHER *enc);
|
||||
int dump_certs_pkeys_bags(BIO *out, const STACK_OF(PKCS12_SAFEBAG) *bags,
|
||||
const char *pass, int passlen, int options,
|
||||
char *pempass, const EVP_CIPHER *enc);
|
||||
int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bags,
|
||||
const char *pass, int passlen,
|
||||
int options, char *pempass, const EVP_CIPHER *enc);
|
||||
int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
|
||||
const char *name);
|
||||
void hex_prin(BIO *out, unsigned char *buf, int len);
|
||||
static int alg_print(const X509_ALGOR *alg);
|
||||
int cert_load(BIO *in, STACK_OF(X509) *sk);
|
||||
static int set_pbe(int *ppbe, const char *str);
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
OPT_CIPHER, OPT_NOKEYS, OPT_KEYEX, OPT_KEYSIG, OPT_NOCERTS, OPT_CLCERTS,
|
||||
OPT_CACERTS, OPT_NOOUT, OPT_INFO, OPT_CHAIN, OPT_TWOPASS, OPT_NOMACVER,
|
||||
OPT_DESCERT, OPT_EXPORT, OPT_NOITER, OPT_MACITER, OPT_NOMACITER,
|
||||
OPT_NOMAC, OPT_LMK, OPT_NODES, OPT_MACALG, OPT_CERTPBE, OPT_KEYPBE,
|
||||
OPT_INKEY, OPT_CERTFILE, OPT_NAME, OPT_CSP, OPT_CANAME,
|
||||
OPT_IN, OPT_OUT, OPT_PASSIN, OPT_PASSOUT, OPT_PASSWORD, OPT_CAPATH,
|
||||
OPT_CAFILE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_ENGINE,
|
||||
OPT_R_ENUM
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS pkcs12_options[] = {
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{"nokeys", OPT_NOKEYS, '-', "Don't output private keys"},
|
||||
{"keyex", OPT_KEYEX, '-', "Set MS key exchange type"},
|
||||
{"keysig", OPT_KEYSIG, '-', "Set MS key signature type"},
|
||||
{"nocerts", OPT_NOCERTS, '-', "Don't output certificates"},
|
||||
{"clcerts", OPT_CLCERTS, '-', "Only output client certificates"},
|
||||
{"cacerts", OPT_CACERTS, '-', "Only output CA certificates"},
|
||||
{"noout", OPT_NOOUT, '-', "Don't output anything, just verify"},
|
||||
{"info", OPT_INFO, '-', "Print info about PKCS#12 structure"},
|
||||
{"chain", OPT_CHAIN, '-', "Add certificate chain"},
|
||||
{"twopass", OPT_TWOPASS, '-', "Separate MAC, encryption passwords"},
|
||||
{"nomacver", OPT_NOMACVER, '-', "Don't verify MAC"},
|
||||
# ifndef OPENSSL_NO_RC2
|
||||
{"descert", OPT_DESCERT, '-',
|
||||
"Encrypt output with 3DES (default RC2-40)"},
|
||||
{"certpbe", OPT_CERTPBE, 's',
|
||||
"Certificate PBE algorithm (default RC2-40)"},
|
||||
# else
|
||||
{"descert", OPT_DESCERT, '-', "Encrypt output with 3DES (the default)"},
|
||||
{"certpbe", OPT_CERTPBE, 's', "Certificate PBE algorithm (default 3DES)"},
|
||||
# endif
|
||||
{"export", OPT_EXPORT, '-', "Output PKCS12 file"},
|
||||
{"noiter", OPT_NOITER, '-', "Don't use encryption iteration"},
|
||||
{"maciter", OPT_MACITER, '-', "Use MAC iteration"},
|
||||
{"nomaciter", OPT_NOMACITER, '-', "Don't use MAC iteration"},
|
||||
{"nomac", OPT_NOMAC, '-', "Don't generate MAC"},
|
||||
{"LMK", OPT_LMK, '-',
|
||||
"Add local machine keyset attribute to private key"},
|
||||
{"nodes", OPT_NODES, '-', "Don't encrypt private keys"},
|
||||
{"macalg", OPT_MACALG, 's',
|
||||
"Digest algorithm used in MAC (default SHA1)"},
|
||||
{"keypbe", OPT_KEYPBE, 's', "Private key PBE algorithm (default 3DES)"},
|
||||
OPT_R_OPTIONS,
|
||||
{"inkey", OPT_INKEY, 's', "Private key if not infile"},
|
||||
{"certfile", OPT_CERTFILE, '<', "Load certs from file"},
|
||||
{"name", OPT_NAME, 's', "Use name as friendly name"},
|
||||
{"CSP", OPT_CSP, 's', "Microsoft CSP name"},
|
||||
{"caname", OPT_CANAME, 's',
|
||||
"Use name as CA friendly name (can be repeated)"},
|
||||
{"in", OPT_IN, '<', "Input filename"},
|
||||
{"out", OPT_OUT, '>', "Output filename"},
|
||||
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
|
||||
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
|
||||
{"password", OPT_PASSWORD, 's', "Set import/export password source"},
|
||||
{"CApath", OPT_CAPATH, '/', "PEM-format directory of CA's"},
|
||||
{"CAfile", OPT_CAFILE, '<', "PEM-format file of CA's"},
|
||||
{"no-CAfile", OPT_NOCAFILE, '-',
|
||||
"Do not load the default certificates file"},
|
||||
{"no-CApath", OPT_NOCAPATH, '-',
|
||||
"Do not load certificates from the default certificates directory"},
|
||||
{"", OPT_CIPHER, '-', "Any supported cipher"},
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
|
||||
# endif
|
||||
{NULL}
|
||||
};
|
||||
|
||||
int pkcs12_main(int argc, char **argv)
|
||||
{
|
||||
char *infile = NULL, *outfile = NULL, *keyname = NULL, *certfile = NULL;
|
||||
char *name = NULL, *csp_name = NULL;
|
||||
char pass[PASSWD_BUF_SIZE] = "", macpass[PASSWD_BUF_SIZE] = "";
|
||||
int export_cert = 0, options = 0, chain = 0, twopass = 0, keytype = 0;
|
||||
int iter = PKCS12_DEFAULT_ITER, maciter = PKCS12_DEFAULT_ITER;
|
||||
# ifndef OPENSSL_NO_RC2
|
||||
int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
|
||||
# else
|
||||
int cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
|
||||
# endif
|
||||
int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
|
||||
int ret = 1, macver = 1, add_lmk = 0, private = 0;
|
||||
int noprompt = 0;
|
||||
char *passinarg = NULL, *passoutarg = NULL, *passarg = NULL;
|
||||
char *passin = NULL, *passout = NULL, *macalg = NULL;
|
||||
char *cpass = NULL, *mpass = NULL, *badpass = NULL;
|
||||
const char *CApath = NULL, *CAfile = NULL, *prog;
|
||||
int noCApath = 0, noCAfile = 0;
|
||||
ENGINE *e = NULL;
|
||||
BIO *in = NULL, *out = NULL;
|
||||
PKCS12 *p12 = NULL;
|
||||
STACK_OF(OPENSSL_STRING) *canames = NULL;
|
||||
const EVP_CIPHER *enc = EVP_des_ede3_cbc();
|
||||
OPTION_CHOICE o;
|
||||
|
||||
prog = opt_init(argc, argv, pkcs12_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF:
|
||||
case OPT_ERR:
|
||||
opthelp:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
case OPT_HELP:
|
||||
opt_help(pkcs12_options);
|
||||
ret = 0;
|
||||
goto end;
|
||||
case OPT_NOKEYS:
|
||||
options |= NOKEYS;
|
||||
break;
|
||||
case OPT_KEYEX:
|
||||
keytype = KEY_EX;
|
||||
break;
|
||||
case OPT_KEYSIG:
|
||||
keytype = KEY_SIG;
|
||||
break;
|
||||
case OPT_NOCERTS:
|
||||
options |= NOCERTS;
|
||||
break;
|
||||
case OPT_CLCERTS:
|
||||
options |= CLCERTS;
|
||||
break;
|
||||
case OPT_CACERTS:
|
||||
options |= CACERTS;
|
||||
break;
|
||||
case OPT_NOOUT:
|
||||
options |= (NOKEYS | NOCERTS);
|
||||
break;
|
||||
case OPT_INFO:
|
||||
options |= INFO;
|
||||
break;
|
||||
case OPT_CHAIN:
|
||||
chain = 1;
|
||||
break;
|
||||
case OPT_TWOPASS:
|
||||
twopass = 1;
|
||||
break;
|
||||
case OPT_NOMACVER:
|
||||
macver = 0;
|
||||
break;
|
||||
case OPT_DESCERT:
|
||||
cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
|
||||
break;
|
||||
case OPT_EXPORT:
|
||||
export_cert = 1;
|
||||
break;
|
||||
case OPT_CIPHER:
|
||||
if (!opt_cipher(opt_unknown(), &enc))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_NOITER:
|
||||
iter = 1;
|
||||
break;
|
||||
case OPT_MACITER:
|
||||
maciter = PKCS12_DEFAULT_ITER;
|
||||
break;
|
||||
case OPT_NOMACITER:
|
||||
maciter = 1;
|
||||
break;
|
||||
case OPT_NOMAC:
|
||||
maciter = -1;
|
||||
break;
|
||||
case OPT_MACALG:
|
||||
macalg = opt_arg();
|
||||
break;
|
||||
case OPT_NODES:
|
||||
enc = NULL;
|
||||
break;
|
||||
case OPT_CERTPBE:
|
||||
if (!set_pbe(&cert_pbe, opt_arg()))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_KEYPBE:
|
||||
if (!set_pbe(&key_pbe, opt_arg()))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_R_CASES:
|
||||
if (!opt_rand(o))
|
||||
goto end;
|
||||
break;
|
||||
case OPT_INKEY:
|
||||
keyname = opt_arg();
|
||||
break;
|
||||
case OPT_CERTFILE:
|
||||
certfile = opt_arg();
|
||||
break;
|
||||
case OPT_NAME:
|
||||
name = opt_arg();
|
||||
break;
|
||||
case OPT_LMK:
|
||||
add_lmk = 1;
|
||||
break;
|
||||
case OPT_CSP:
|
||||
csp_name = opt_arg();
|
||||
break;
|
||||
case OPT_CANAME:
|
||||
if (canames == NULL
|
||||
&& (canames = sk_OPENSSL_STRING_new_null()) == NULL)
|
||||
goto end;
|
||||
sk_OPENSSL_STRING_push(canames, opt_arg());
|
||||
break;
|
||||
case OPT_IN:
|
||||
infile = opt_arg();
|
||||
break;
|
||||
case OPT_OUT:
|
||||
outfile = opt_arg();
|
||||
break;
|
||||
case OPT_PASSIN:
|
||||
passinarg = opt_arg();
|
||||
break;
|
||||
case OPT_PASSOUT:
|
||||
passoutarg = opt_arg();
|
||||
break;
|
||||
case OPT_PASSWORD:
|
||||
passarg = opt_arg();
|
||||
break;
|
||||
case OPT_CAPATH:
|
||||
CApath = opt_arg();
|
||||
break;
|
||||
case OPT_CAFILE:
|
||||
CAfile = opt_arg();
|
||||
break;
|
||||
case OPT_NOCAPATH:
|
||||
noCApath = 1;
|
||||
break;
|
||||
case OPT_NOCAFILE:
|
||||
noCAfile = 1;
|
||||
break;
|
||||
case OPT_ENGINE:
|
||||
e = setup_engine(opt_arg(), 0);
|
||||
break;
|
||||
}
|
||||
}
|
||||
argc = opt_num_rest();
|
||||
if (argc != 0)
|
||||
goto opthelp;
|
||||
|
||||
private = 1;
|
||||
|
||||
if (passarg != NULL) {
|
||||
if (export_cert)
|
||||
passoutarg = passarg;
|
||||
else
|
||||
passinarg = passarg;
|
||||
}
|
||||
|
||||
if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
|
||||
BIO_printf(bio_err, "Error getting passwords\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (cpass == NULL) {
|
||||
if (export_cert)
|
||||
cpass = passout;
|
||||
else
|
||||
cpass = passin;
|
||||
}
|
||||
|
||||
if (cpass != NULL) {
|
||||
mpass = cpass;
|
||||
noprompt = 1;
|
||||
if (twopass) {
|
||||
if (export_cert)
|
||||
BIO_printf(bio_err, "Option -twopass cannot be used with -passout or -password\n");
|
||||
else
|
||||
BIO_printf(bio_err, "Option -twopass cannot be used with -passin or -password\n");
|
||||
goto end;
|
||||
}
|
||||
} else {
|
||||
cpass = pass;
|
||||
mpass = macpass;
|
||||
}
|
||||
|
||||
if (twopass) {
|
||||
/* To avoid bit rot */
|
||||
if (1) {
|
||||
#ifndef OPENSSL_NO_UI_CONSOLE
|
||||
if (EVP_read_pw_string(
|
||||
macpass, sizeof(macpass), "Enter MAC Password:", export_cert)) {
|
||||
BIO_printf(bio_err, "Can't read Password\n");
|
||||
goto end;
|
||||
}
|
||||
} else {
|
||||
#endif
|
||||
BIO_printf(bio_err, "Unsupported option -twopass\n");
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if (export_cert) {
|
||||
EVP_PKEY *key = NULL;
|
||||
X509 *ucert = NULL, *x = NULL;
|
||||
STACK_OF(X509) *certs = NULL;
|
||||
const EVP_MD *macmd = NULL;
|
||||
unsigned char *catmp = NULL;
|
||||
int i;
|
||||
|
||||
if ((options & (NOCERTS | NOKEYS)) == (NOCERTS | NOKEYS)) {
|
||||
BIO_printf(bio_err, "Nothing to do!\n");
|
||||
goto export_end;
|
||||
}
|
||||
|
||||
if (options & NOCERTS)
|
||||
chain = 0;
|
||||
|
||||
if (!(options & NOKEYS)) {
|
||||
key = load_key(keyname ? keyname : infile,
|
||||
FORMAT_PEM, 1, passin, e, "private key");
|
||||
if (key == NULL)
|
||||
goto export_end;
|
||||
}
|
||||
|
||||
/* Load in all certs in input file */
|
||||
if (!(options & NOCERTS)) {
|
||||
if (!load_certs(infile, &certs, FORMAT_PEM, NULL,
|
||||
"certificates"))
|
||||
goto export_end;
|
||||
|
||||
if (key != NULL) {
|
||||
/* Look for matching private key */
|
||||
for (i = 0; i < sk_X509_num(certs); i++) {
|
||||
x = sk_X509_value(certs, i);
|
||||
if (X509_check_private_key(x, key)) {
|
||||
ucert = x;
|
||||
/* Zero keyid and alias */
|
||||
X509_keyid_set1(ucert, NULL, 0);
|
||||
X509_alias_set1(ucert, NULL, 0);
|
||||
/* Remove from list */
|
||||
(void)sk_X509_delete(certs, i);
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (ucert == NULL) {
|
||||
BIO_printf(bio_err,
|
||||
"No certificate matches private key\n");
|
||||
goto export_end;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/* Add any more certificates asked for */
|
||||
if (certfile != NULL) {
|
||||
if (!load_certs(certfile, &certs, FORMAT_PEM, NULL,
|
||||
"certificates from certfile"))
|
||||
goto export_end;
|
||||
}
|
||||
|
||||
/* If chaining get chain from user cert */
|
||||
if (chain) {
|
||||
int vret;
|
||||
STACK_OF(X509) *chain2;
|
||||
X509_STORE *store;
|
||||
if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath))
|
||||
== NULL)
|
||||
goto export_end;
|
||||
|
||||
vret = get_cert_chain(ucert, store, &chain2);
|
||||
X509_STORE_free(store);
|
||||
|
||||
if (vret == X509_V_OK) {
|
||||
/* Exclude verified certificate */
|
||||
for (i = 1; i < sk_X509_num(chain2); i++)
|
||||
sk_X509_push(certs, sk_X509_value(chain2, i));
|
||||
/* Free first certificate */
|
||||
X509_free(sk_X509_value(chain2, 0));
|
||||
sk_X509_free(chain2);
|
||||
} else {
|
||||
if (vret != X509_V_ERR_UNSPECIFIED)
|
||||
BIO_printf(bio_err, "Error %s getting chain.\n",
|
||||
X509_verify_cert_error_string(vret));
|
||||
else
|
||||
ERR_print_errors(bio_err);
|
||||
goto export_end;
|
||||
}
|
||||
}
|
||||
|
||||
/* Add any CA names */
|
||||
|
||||
for (i = 0; i < sk_OPENSSL_STRING_num(canames); i++) {
|
||||
catmp = (unsigned char *)sk_OPENSSL_STRING_value(canames, i);
|
||||
X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
|
||||
}
|
||||
|
||||
if (csp_name != NULL && key != NULL)
|
||||
EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
|
||||
MBSTRING_ASC, (unsigned char *)csp_name,
|
||||
-1);
|
||||
|
||||
if (add_lmk && key != NULL)
|
||||
EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1);
|
||||
|
||||
if (!noprompt) {
|
||||
/* To avoid bit rot */
|
||||
if (1) {
|
||||
#ifndef OPENSSL_NO_UI_CONSOLE
|
||||
if (EVP_read_pw_string(pass, sizeof(pass),
|
||||
"Enter Export Password:", 1)) {
|
||||
BIO_printf(bio_err, "Can't read Password\n");
|
||||
goto export_end;
|
||||
}
|
||||
} else {
|
||||
#endif
|
||||
BIO_printf(bio_err, "Password required\n");
|
||||
goto export_end;
|
||||
}
|
||||
}
|
||||
|
||||
if (!twopass)
|
||||
OPENSSL_strlcpy(macpass, pass, sizeof(macpass));
|
||||
|
||||
p12 = PKCS12_create(cpass, name, key, ucert, certs,
|
||||
key_pbe, cert_pbe, iter, -1, keytype);
|
||||
|
||||
if (!p12) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto export_end;
|
||||
}
|
||||
|
||||
if (macalg) {
|
||||
if (!opt_md(macalg, &macmd))
|
||||
goto opthelp;
|
||||
}
|
||||
|
||||
if (maciter != -1)
|
||||
PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, macmd);
|
||||
|
||||
assert(private);
|
||||
|
||||
out = bio_open_owner(outfile, FORMAT_PKCS12, private);
|
||||
if (out == NULL)
|
||||
goto end;
|
||||
|
||||
i2d_PKCS12_bio(out, p12);
|
||||
|
||||
ret = 0;
|
||||
|
||||
export_end:
|
||||
|
||||
EVP_PKEY_free(key);
|
||||
sk_X509_pop_free(certs, X509_free);
|
||||
X509_free(ucert);
|
||||
|
||||
goto end;
|
||||
|
||||
}
|
||||
|
||||
in = bio_open_default(infile, 'r', FORMAT_PKCS12);
|
||||
if (in == NULL)
|
||||
goto end;
|
||||
out = bio_open_owner(outfile, FORMAT_PEM, private);
|
||||
if (out == NULL)
|
||||
goto end;
|
||||
|
||||
if ((p12 = d2i_PKCS12_bio(in, NULL)) == NULL) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!noprompt) {
|
||||
if (1) {
|
||||
#ifndef OPENSSL_NO_UI_CONSOLE
|
||||
if (EVP_read_pw_string(pass, sizeof(pass), "Enter Import Password:",
|
||||
0)) {
|
||||
BIO_printf(bio_err, "Can't read Password\n");
|
||||
goto end;
|
||||
}
|
||||
} else {
|
||||
#endif
|
||||
BIO_printf(bio_err, "Password required\n");
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if (!twopass)
|
||||
OPENSSL_strlcpy(macpass, pass, sizeof(macpass));
|
||||
|
||||
if ((options & INFO) && PKCS12_mac_present(p12)) {
|
||||
const ASN1_INTEGER *tmaciter;
|
||||
const X509_ALGOR *macalgid;
|
||||
const ASN1_OBJECT *macobj;
|
||||
const ASN1_OCTET_STRING *tmac;
|
||||
const ASN1_OCTET_STRING *tsalt;
|
||||
|
||||
PKCS12_get0_mac(&tmac, &macalgid, &tsalt, &tmaciter, p12);
|
||||
/* current hash algorithms do not use parameters so extract just name,
|
||||
in future alg_print() may be needed */
|
||||
X509_ALGOR_get0(&macobj, NULL, NULL, macalgid);
|
||||
BIO_puts(bio_err, "MAC: ");
|
||||
i2a_ASN1_OBJECT(bio_err, macobj);
|
||||
BIO_printf(bio_err, ", Iteration %ld\n",
|
||||
tmaciter != NULL ? ASN1_INTEGER_get(tmaciter) : 1L);
|
||||
BIO_printf(bio_err, "MAC length: %ld, salt length: %ld\n",
|
||||
tmac != NULL ? ASN1_STRING_length(tmac) : 0L,
|
||||
tsalt != NULL ? ASN1_STRING_length(tsalt) : 0L);
|
||||
}
|
||||
if (macver) {
|
||||
/* If we enter empty password try no password first */
|
||||
if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
|
||||
/* If mac and crypto pass the same set it to NULL too */
|
||||
if (!twopass)
|
||||
cpass = NULL;
|
||||
} else if (!PKCS12_verify_mac(p12, mpass, -1)) {
|
||||
/*
|
||||
* May be UTF8 from previous version of OpenSSL:
|
||||
* convert to a UTF8 form which will translate
|
||||
* to the same Unicode password.
|
||||
*/
|
||||
unsigned char *utmp;
|
||||
int utmplen;
|
||||
utmp = OPENSSL_asc2uni(mpass, -1, NULL, &utmplen);
|
||||
if (utmp == NULL)
|
||||
goto end;
|
||||
badpass = OPENSSL_uni2utf8(utmp, utmplen);
|
||||
OPENSSL_free(utmp);
|
||||
if (!PKCS12_verify_mac(p12, badpass, -1)) {
|
||||
BIO_printf(bio_err, "Mac verify error: invalid password?\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
} else {
|
||||
BIO_printf(bio_err, "Warning: using broken algorithm\n");
|
||||
if (!twopass)
|
||||
cpass = badpass;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
assert(private);
|
||||
if (!dump_certs_keys_p12(out, p12, cpass, -1, options, passout, enc)) {
|
||||
BIO_printf(bio_err, "Error outputting keys and certificates\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
ret = 0;
|
||||
end:
|
||||
PKCS12_free(p12);
|
||||
release_engine(e);
|
||||
BIO_free(in);
|
||||
BIO_free_all(out);
|
||||
sk_OPENSSL_STRING_free(canames);
|
||||
OPENSSL_free(badpass);
|
||||
OPENSSL_free(passin);
|
||||
OPENSSL_free(passout);
|
||||
return ret;
|
||||
}
|
||||
|
||||
int dump_certs_keys_p12(BIO *out, const PKCS12 *p12, const char *pass,
|
||||
int passlen, int options, char *pempass,
|
||||
const EVP_CIPHER *enc)
|
||||
{
|
||||
STACK_OF(PKCS7) *asafes = NULL;
|
||||
STACK_OF(PKCS12_SAFEBAG) *bags;
|
||||
int i, bagnid;
|
||||
int ret = 0;
|
||||
PKCS7 *p7;
|
||||
|
||||
if ((asafes = PKCS12_unpack_authsafes(p12)) == NULL)
|
||||
return 0;
|
||||
for (i = 0; i < sk_PKCS7_num(asafes); i++) {
|
||||
p7 = sk_PKCS7_value(asafes, i);
|
||||
bagnid = OBJ_obj2nid(p7->type);
|
||||
if (bagnid == NID_pkcs7_data) {
|
||||
bags = PKCS12_unpack_p7data(p7);
|
||||
if (options & INFO)
|
||||
BIO_printf(bio_err, "PKCS7 Data\n");
|
||||
} else if (bagnid == NID_pkcs7_encrypted) {
|
||||
if (options & INFO) {
|
||||
BIO_printf(bio_err, "PKCS7 Encrypted data: ");
|
||||
alg_print(p7->d.encrypted->enc_data->algorithm);
|
||||
}
|
||||
bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
|
||||
} else {
|
||||
continue;
|
||||
}
|
||||
if (!bags)
|
||||
goto err;
|
||||
if (!dump_certs_pkeys_bags(out, bags, pass, passlen,
|
||||
options, pempass, enc)) {
|
||||
sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
|
||||
goto err;
|
||||
}
|
||||
sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
|
||||
bags = NULL;
|
||||
}
|
||||
ret = 1;
|
||||
|
||||
err:
|
||||
sk_PKCS7_pop_free(asafes, PKCS7_free);
|
||||
return ret;
|
||||
}
|
||||
|
||||
int dump_certs_pkeys_bags(BIO *out, const STACK_OF(PKCS12_SAFEBAG) *bags,
|
||||
const char *pass, int passlen, int options,
|
||||
char *pempass, const EVP_CIPHER *enc)
|
||||
{
|
||||
int i;
|
||||
for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
|
||||
if (!dump_certs_pkeys_bag(out,
|
||||
sk_PKCS12_SAFEBAG_value(bags, i),
|
||||
pass, passlen, options, pempass, enc))
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bag,
|
||||
const char *pass, int passlen, int options,
|
||||
char *pempass, const EVP_CIPHER *enc)
|
||||
{
|
||||
EVP_PKEY *pkey;
|
||||
PKCS8_PRIV_KEY_INFO *p8;
|
||||
const PKCS8_PRIV_KEY_INFO *p8c;
|
||||
X509 *x509;
|
||||
const STACK_OF(X509_ATTRIBUTE) *attrs;
|
||||
int ret = 0;
|
||||
|
||||
attrs = PKCS12_SAFEBAG_get0_attrs(bag);
|
||||
|
||||
switch (PKCS12_SAFEBAG_get_nid(bag)) {
|
||||
case NID_keyBag:
|
||||
if (options & INFO)
|
||||
BIO_printf(bio_err, "Key bag\n");
|
||||
if (options & NOKEYS)
|
||||
return 1;
|
||||
print_attribs(out, attrs, "Bag Attributes");
|
||||
p8c = PKCS12_SAFEBAG_get0_p8inf(bag);
|
||||
if ((pkey = EVP_PKCS82PKEY(p8c)) == NULL)
|
||||
return 0;
|
||||
print_attribs(out, PKCS8_pkey_get0_attrs(p8c), "Key Attributes");
|
||||
ret = PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass);
|
||||
EVP_PKEY_free(pkey);
|
||||
break;
|
||||
|
||||
case NID_pkcs8ShroudedKeyBag:
|
||||
if (options & INFO) {
|
||||
const X509_SIG *tp8;
|
||||
const X509_ALGOR *tp8alg;
|
||||
|
||||
BIO_printf(bio_err, "Shrouded Keybag: ");
|
||||
tp8 = PKCS12_SAFEBAG_get0_pkcs8(bag);
|
||||
X509_SIG_get0(tp8, &tp8alg, NULL);
|
||||
alg_print(tp8alg);
|
||||
}
|
||||
if (options & NOKEYS)
|
||||
return 1;
|
||||
print_attribs(out, attrs, "Bag Attributes");
|
||||
if ((p8 = PKCS12_decrypt_skey(bag, pass, passlen)) == NULL)
|
||||
return 0;
|
||||
if ((pkey = EVP_PKCS82PKEY(p8)) == NULL) {
|
||||
PKCS8_PRIV_KEY_INFO_free(p8);
|
||||
return 0;
|
||||
}
|
||||
print_attribs(out, PKCS8_pkey_get0_attrs(p8), "Key Attributes");
|
||||
PKCS8_PRIV_KEY_INFO_free(p8);
|
||||
ret = PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass);
|
||||
EVP_PKEY_free(pkey);
|
||||
break;
|
||||
|
||||
case NID_certBag:
|
||||
if (options & INFO)
|
||||
BIO_printf(bio_err, "Certificate bag\n");
|
||||
if (options & NOCERTS)
|
||||
return 1;
|
||||
if (PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID)) {
|
||||
if (options & CACERTS)
|
||||
return 1;
|
||||
} else if (options & CLCERTS)
|
||||
return 1;
|
||||
print_attribs(out, attrs, "Bag Attributes");
|
||||
if (PKCS12_SAFEBAG_get_bag_nid(bag) != NID_x509Certificate)
|
||||
return 1;
|
||||
if ((x509 = PKCS12_SAFEBAG_get1_cert(bag)) == NULL)
|
||||
return 0;
|
||||
dump_cert_text(out, x509);
|
||||
ret = PEM_write_bio_X509(out, x509);
|
||||
X509_free(x509);
|
||||
break;
|
||||
|
||||
case NID_safeContentsBag:
|
||||
if (options & INFO)
|
||||
BIO_printf(bio_err, "Safe Contents bag\n");
|
||||
print_attribs(out, attrs, "Bag Attributes");
|
||||
return dump_certs_pkeys_bags(out, PKCS12_SAFEBAG_get0_safes(bag),
|
||||
pass, passlen, options, pempass, enc);
|
||||
|
||||
default:
|
||||
BIO_printf(bio_err, "Warning unsupported bag type: ");
|
||||
i2a_ASN1_OBJECT(bio_err, PKCS12_SAFEBAG_get0_type(bag));
|
||||
BIO_printf(bio_err, "\n");
|
||||
return 1;
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* Given a single certificate return a verified chain or NULL if error */
|
||||
|
||||
static int get_cert_chain(X509 *cert, X509_STORE *store,
|
||||
STACK_OF(X509) **chain)
|
||||
{
|
||||
X509_STORE_CTX *store_ctx = NULL;
|
||||
STACK_OF(X509) *chn = NULL;
|
||||
int i = 0;
|
||||
|
||||
store_ctx = X509_STORE_CTX_new();
|
||||
if (store_ctx == NULL) {
|
||||
i = X509_V_ERR_UNSPECIFIED;
|
||||
goto end;
|
||||
}
|
||||
if (!X509_STORE_CTX_init(store_ctx, store, cert, NULL)) {
|
||||
i = X509_V_ERR_UNSPECIFIED;
|
||||
goto end;
|
||||
}
|
||||
|
||||
|
||||
if (X509_verify_cert(store_ctx) > 0)
|
||||
chn = X509_STORE_CTX_get1_chain(store_ctx);
|
||||
else if ((i = X509_STORE_CTX_get_error(store_ctx)) == 0)
|
||||
i = X509_V_ERR_UNSPECIFIED;
|
||||
|
||||
end:
|
||||
X509_STORE_CTX_free(store_ctx);
|
||||
*chain = chn;
|
||||
return i;
|
||||
}
|
||||
|
||||
static int alg_print(const X509_ALGOR *alg)
|
||||
{
|
||||
int pbenid, aparamtype;
|
||||
const ASN1_OBJECT *aoid;
|
||||
const void *aparam;
|
||||
PBEPARAM *pbe = NULL;
|
||||
|
||||
X509_ALGOR_get0(&aoid, &aparamtype, &aparam, alg);
|
||||
|
||||
pbenid = OBJ_obj2nid(aoid);
|
||||
|
||||
BIO_printf(bio_err, "%s", OBJ_nid2ln(pbenid));
|
||||
|
||||
/*
|
||||
* If PBE algorithm is PBES2 decode algorithm parameters
|
||||
* for additional details.
|
||||
*/
|
||||
if (pbenid == NID_pbes2) {
|
||||
PBE2PARAM *pbe2 = NULL;
|
||||
int encnid;
|
||||
if (aparamtype == V_ASN1_SEQUENCE)
|
||||
pbe2 = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBE2PARAM));
|
||||
if (pbe2 == NULL) {
|
||||
BIO_puts(bio_err, ", <unsupported parameters>");
|
||||
goto done;
|
||||
}
|
||||
X509_ALGOR_get0(&aoid, &aparamtype, &aparam, pbe2->keyfunc);
|
||||
pbenid = OBJ_obj2nid(aoid);
|
||||
X509_ALGOR_get0(&aoid, NULL, NULL, pbe2->encryption);
|
||||
encnid = OBJ_obj2nid(aoid);
|
||||
BIO_printf(bio_err, ", %s, %s", OBJ_nid2ln(pbenid),
|
||||
OBJ_nid2sn(encnid));
|
||||
/* If KDF is PBKDF2 decode parameters */
|
||||
if (pbenid == NID_id_pbkdf2) {
|
||||
PBKDF2PARAM *kdf = NULL;
|
||||
int prfnid;
|
||||
if (aparamtype == V_ASN1_SEQUENCE)
|
||||
kdf = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBKDF2PARAM));
|
||||
if (kdf == NULL) {
|
||||
BIO_puts(bio_err, ", <unsupported parameters>");
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (kdf->prf == NULL) {
|
||||
prfnid = NID_hmacWithSHA1;
|
||||
} else {
|
||||
X509_ALGOR_get0(&aoid, NULL, NULL, kdf->prf);
|
||||
prfnid = OBJ_obj2nid(aoid);
|
||||
}
|
||||
BIO_printf(bio_err, ", Iteration %ld, PRF %s",
|
||||
ASN1_INTEGER_get(kdf->iter), OBJ_nid2sn(prfnid));
|
||||
PBKDF2PARAM_free(kdf);
|
||||
#ifndef OPENSSL_NO_SCRYPT
|
||||
} else if (pbenid == NID_id_scrypt) {
|
||||
SCRYPT_PARAMS *kdf = NULL;
|
||||
|
||||
if (aparamtype == V_ASN1_SEQUENCE)
|
||||
kdf = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(SCRYPT_PARAMS));
|
||||
if (kdf == NULL) {
|
||||
BIO_puts(bio_err, ", <unsupported parameters>");
|
||||
goto done;
|
||||
}
|
||||
BIO_printf(bio_err, ", Salt length: %d, Cost(N): %ld, "
|
||||
"Block size(r): %ld, Paralelizm(p): %ld",
|
||||
ASN1_STRING_length(kdf->salt),
|
||||
ASN1_INTEGER_get(kdf->costParameter),
|
||||
ASN1_INTEGER_get(kdf->blockSize),
|
||||
ASN1_INTEGER_get(kdf->parallelizationParameter));
|
||||
SCRYPT_PARAMS_free(kdf);
|
||||
#endif
|
||||
}
|
||||
PBE2PARAM_free(pbe2);
|
||||
} else {
|
||||
if (aparamtype == V_ASN1_SEQUENCE)
|
||||
pbe = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBEPARAM));
|
||||
if (pbe == NULL) {
|
||||
BIO_puts(bio_err, ", <unsupported parameters>");
|
||||
goto done;
|
||||
}
|
||||
BIO_printf(bio_err, ", Iteration %ld", ASN1_INTEGER_get(pbe->iter));
|
||||
PBEPARAM_free(pbe);
|
||||
}
|
||||
done:
|
||||
BIO_puts(bio_err, "\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* Load all certificates from a given file */
|
||||
|
||||
int cert_load(BIO *in, STACK_OF(X509) *sk)
|
||||
{
|
||||
int ret;
|
||||
X509 *cert;
|
||||
ret = 0;
|
||||
while ((cert = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
|
||||
ret = 1;
|
||||
sk_X509_push(sk, cert);
|
||||
}
|
||||
if (ret)
|
||||
ERR_clear_error();
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* Generalised attribute print: handle PKCS#8 and bag attributes */
|
||||
|
||||
int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
|
||||
const char *name)
|
||||
{
|
||||
X509_ATTRIBUTE *attr;
|
||||
ASN1_TYPE *av;
|
||||
char *value;
|
||||
int i, attr_nid;
|
||||
if (!attrlst) {
|
||||
BIO_printf(out, "%s: <No Attributes>\n", name);
|
||||
return 1;
|
||||
}
|
||||
if (!sk_X509_ATTRIBUTE_num(attrlst)) {
|
||||
BIO_printf(out, "%s: <Empty Attributes>\n", name);
|
||||
return 1;
|
||||
}
|
||||
BIO_printf(out, "%s\n", name);
|
||||
for (i = 0; i < sk_X509_ATTRIBUTE_num(attrlst); i++) {
|
||||
ASN1_OBJECT *attr_obj;
|
||||
attr = sk_X509_ATTRIBUTE_value(attrlst, i);
|
||||
attr_obj = X509_ATTRIBUTE_get0_object(attr);
|
||||
attr_nid = OBJ_obj2nid(attr_obj);
|
||||
BIO_printf(out, " ");
|
||||
if (attr_nid == NID_undef) {
|
||||
i2a_ASN1_OBJECT(out, attr_obj);
|
||||
BIO_printf(out, ": ");
|
||||
} else {
|
||||
BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid));
|
||||
}
|
||||
|
||||
if (X509_ATTRIBUTE_count(attr)) {
|
||||
av = X509_ATTRIBUTE_get0_type(attr, 0);
|
||||
switch (av->type) {
|
||||
case V_ASN1_BMPSTRING:
|
||||
value = OPENSSL_uni2asc(av->value.bmpstring->data,
|
||||
av->value.bmpstring->length);
|
||||
BIO_printf(out, "%s\n", value);
|
||||
OPENSSL_free(value);
|
||||
break;
|
||||
|
||||
case V_ASN1_OCTET_STRING:
|
||||
hex_prin(out, av->value.octet_string->data,
|
||||
av->value.octet_string->length);
|
||||
BIO_printf(out, "\n");
|
||||
break;
|
||||
|
||||
case V_ASN1_BIT_STRING:
|
||||
hex_prin(out, av->value.bit_string->data,
|
||||
av->value.bit_string->length);
|
||||
BIO_printf(out, "\n");
|
||||
break;
|
||||
|
||||
default:
|
||||
BIO_printf(out, "<Unsupported tag %d>\n", av->type);
|
||||
break;
|
||||
}
|
||||
} else {
|
||||
BIO_printf(out, "<No Values>\n");
|
||||
}
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
void hex_prin(BIO *out, unsigned char *buf, int len)
|
||||
{
|
||||
int i;
|
||||
for (i = 0; i < len; i++)
|
||||
BIO_printf(out, "%02X ", buf[i]);
|
||||
}
|
||||
|
||||
static int set_pbe(int *ppbe, const char *str)
|
||||
{
|
||||
if (!str)
|
||||
return 0;
|
||||
if (strcmp(str, "NONE") == 0) {
|
||||
*ppbe = -1;
|
||||
return 1;
|
||||
}
|
||||
*ppbe = OBJ_txt2nid(str);
|
||||
if (*ppbe == NID_undef) {
|
||||
BIO_printf(bio_err, "Unknown PBE algorithm %s\n", str);
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
#endif
|
198
trunk/3rdparty/openssl-1.1-fit/apps/pkcs7.c
vendored
Normal file
198
trunk/3rdparty/openssl-1.1-fit/apps/pkcs7.c
vendored
Normal file
|
@ -0,0 +1,198 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <time.h>
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pkcs7.h>
|
||||
#include <openssl/pem.h>
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOOUT,
|
||||
OPT_TEXT, OPT_PRINT, OPT_PRINT_CERTS, OPT_ENGINE
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS pkcs7_options[] = {
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
|
||||
{"in", OPT_IN, '<', "Input file"},
|
||||
{"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
|
||||
{"out", OPT_OUT, '>', "Output file"},
|
||||
{"noout", OPT_NOOUT, '-', "Don't output encoded data"},
|
||||
{"text", OPT_TEXT, '-', "Print full details of certificates"},
|
||||
{"print", OPT_PRINT, '-', "Print out all fields of the PKCS7 structure"},
|
||||
{"print_certs", OPT_PRINT_CERTS, '-',
|
||||
"Print_certs print any certs or crl in the input"},
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
|
||||
#endif
|
||||
{NULL}
|
||||
};
|
||||
|
||||
int pkcs7_main(int argc, char **argv)
|
||||
{
|
||||
ENGINE *e = NULL;
|
||||
PKCS7 *p7 = NULL;
|
||||
BIO *in = NULL, *out = NULL;
|
||||
int informat = FORMAT_PEM, outformat = FORMAT_PEM;
|
||||
char *infile = NULL, *outfile = NULL, *prog;
|
||||
int i, print_certs = 0, text = 0, noout = 0, p7_print = 0, ret = 1;
|
||||
OPTION_CHOICE o;
|
||||
|
||||
prog = opt_init(argc, argv, pkcs7_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF:
|
||||
case OPT_ERR:
|
||||
opthelp:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
case OPT_HELP:
|
||||
opt_help(pkcs7_options);
|
||||
ret = 0;
|
||||
goto end;
|
||||
case OPT_INFORM:
|
||||
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_OUTFORM:
|
||||
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_IN:
|
||||
infile = opt_arg();
|
||||
break;
|
||||
case OPT_OUT:
|
||||
outfile = opt_arg();
|
||||
break;
|
||||
case OPT_NOOUT:
|
||||
noout = 1;
|
||||
break;
|
||||
case OPT_TEXT:
|
||||
text = 1;
|
||||
break;
|
||||
case OPT_PRINT:
|
||||
p7_print = 1;
|
||||
break;
|
||||
case OPT_PRINT_CERTS:
|
||||
print_certs = 1;
|
||||
break;
|
||||
case OPT_ENGINE:
|
||||
e = setup_engine(opt_arg(), 0);
|
||||
break;
|
||||
}
|
||||
}
|
||||
argc = opt_num_rest();
|
||||
if (argc != 0)
|
||||
goto opthelp;
|
||||
|
||||
in = bio_open_default(infile, 'r', informat);
|
||||
if (in == NULL)
|
||||
goto end;
|
||||
|
||||
if (informat == FORMAT_ASN1)
|
||||
p7 = d2i_PKCS7_bio(in, NULL);
|
||||
else
|
||||
p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
|
||||
if (p7 == NULL) {
|
||||
BIO_printf(bio_err, "unable to load PKCS7 object\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
out = bio_open_default(outfile, 'w', outformat);
|
||||
if (out == NULL)
|
||||
goto end;
|
||||
|
||||
if (p7_print)
|
||||
PKCS7_print_ctx(out, p7, 0, NULL);
|
||||
|
||||
if (print_certs) {
|
||||
STACK_OF(X509) *certs = NULL;
|
||||
STACK_OF(X509_CRL) *crls = NULL;
|
||||
|
||||
i = OBJ_obj2nid(p7->type);
|
||||
switch (i) {
|
||||
case NID_pkcs7_signed:
|
||||
if (p7->d.sign != NULL) {
|
||||
certs = p7->d.sign->cert;
|
||||
crls = p7->d.sign->crl;
|
||||
}
|
||||
break;
|
||||
case NID_pkcs7_signedAndEnveloped:
|
||||
if (p7->d.signed_and_enveloped != NULL) {
|
||||
certs = p7->d.signed_and_enveloped->cert;
|
||||
crls = p7->d.signed_and_enveloped->crl;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
if (certs != NULL) {
|
||||
X509 *x;
|
||||
|
||||
for (i = 0; i < sk_X509_num(certs); i++) {
|
||||
x = sk_X509_value(certs, i);
|
||||
if (text)
|
||||
X509_print(out, x);
|
||||
else
|
||||
dump_cert_text(out, x);
|
||||
|
||||
if (!noout)
|
||||
PEM_write_bio_X509(out, x);
|
||||
BIO_puts(out, "\n");
|
||||
}
|
||||
}
|
||||
if (crls != NULL) {
|
||||
X509_CRL *crl;
|
||||
|
||||
for (i = 0; i < sk_X509_CRL_num(crls); i++) {
|
||||
crl = sk_X509_CRL_value(crls, i);
|
||||
|
||||
X509_CRL_print_ex(out, crl, get_nameopt());
|
||||
|
||||
if (!noout)
|
||||
PEM_write_bio_X509_CRL(out, crl);
|
||||
BIO_puts(out, "\n");
|
||||
}
|
||||
}
|
||||
|
||||
ret = 0;
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!noout) {
|
||||
if (outformat == FORMAT_ASN1)
|
||||
i = i2d_PKCS7_bio(out, p7);
|
||||
else
|
||||
i = PEM_write_bio_PKCS7(out, p7);
|
||||
|
||||
if (!i) {
|
||||
BIO_printf(bio_err, "unable to write pkcs7 object\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
ret = 0;
|
||||
end:
|
||||
PKCS7_free(p7);
|
||||
release_engine(e);
|
||||
BIO_free(in);
|
||||
BIO_free_all(out);
|
||||
return ret;
|
||||
}
|
359
trunk/3rdparty/openssl-1.1-fit/apps/pkcs8.c
vendored
Normal file
359
trunk/3rdparty/openssl-1.1-fit/apps/pkcs8.c
vendored
Normal file
|
@ -0,0 +1,359 @@
|
|||
/*
|
||||
* Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/pkcs12.h>
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
|
||||
OPT_TOPK8, OPT_NOITER, OPT_NOCRYPT,
|
||||
#ifndef OPENSSL_NO_SCRYPT
|
||||
OPT_SCRYPT, OPT_SCRYPT_N, OPT_SCRYPT_R, OPT_SCRYPT_P,
|
||||
#endif
|
||||
OPT_V2, OPT_V1, OPT_V2PRF, OPT_ITER, OPT_PASSIN, OPT_PASSOUT,
|
||||
OPT_TRADITIONAL,
|
||||
OPT_R_ENUM
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS pkcs8_options[] = {
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{"inform", OPT_INFORM, 'F', "Input format (DER or PEM)"},
|
||||
{"outform", OPT_OUTFORM, 'F', "Output format (DER or PEM)"},
|
||||
{"in", OPT_IN, '<', "Input file"},
|
||||
{"out", OPT_OUT, '>', "Output file"},
|
||||
{"topk8", OPT_TOPK8, '-', "Output PKCS8 file"},
|
||||
{"noiter", OPT_NOITER, '-', "Use 1 as iteration count"},
|
||||
{"nocrypt", OPT_NOCRYPT, '-', "Use or expect unencrypted private key"},
|
||||
OPT_R_OPTIONS,
|
||||
{"v2", OPT_V2, 's', "Use PKCS#5 v2.0 and cipher"},
|
||||
{"v1", OPT_V1, 's', "Use PKCS#5 v1.5 and cipher"},
|
||||
{"v2prf", OPT_V2PRF, 's', "Set the PRF algorithm to use with PKCS#5 v2.0"},
|
||||
{"iter", OPT_ITER, 'p', "Specify the iteration count"},
|
||||
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
|
||||
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
|
||||
{"traditional", OPT_TRADITIONAL, '-', "use traditional format private key"},
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SCRYPT
|
||||
{"scrypt", OPT_SCRYPT, '-', "Use scrypt algorithm"},
|
||||
{"scrypt_N", OPT_SCRYPT_N, 's', "Set scrypt N parameter"},
|
||||
{"scrypt_r", OPT_SCRYPT_R, 's', "Set scrypt r parameter"},
|
||||
{"scrypt_p", OPT_SCRYPT_P, 's', "Set scrypt p parameter"},
|
||||
#endif
|
||||
{NULL}
|
||||
};
|
||||
|
||||
int pkcs8_main(int argc, char **argv)
|
||||
{
|
||||
BIO *in = NULL, *out = NULL;
|
||||
ENGINE *e = NULL;
|
||||
EVP_PKEY *pkey = NULL;
|
||||
PKCS8_PRIV_KEY_INFO *p8inf = NULL;
|
||||
X509_SIG *p8 = NULL;
|
||||
const EVP_CIPHER *cipher = NULL;
|
||||
char *infile = NULL, *outfile = NULL;
|
||||
char *passinarg = NULL, *passoutarg = NULL, *prog;
|
||||
#ifndef OPENSSL_NO_UI_CONSOLE
|
||||
char pass[APP_PASS_LEN];
|
||||
#endif
|
||||
char *passin = NULL, *passout = NULL, *p8pass = NULL;
|
||||
OPTION_CHOICE o;
|
||||
int nocrypt = 0, ret = 1, iter = PKCS12_DEFAULT_ITER;
|
||||
int informat = FORMAT_PEM, outformat = FORMAT_PEM, topk8 = 0, pbe_nid = -1;
|
||||
int private = 0, traditional = 0;
|
||||
#ifndef OPENSSL_NO_SCRYPT
|
||||
long scrypt_N = 0, scrypt_r = 0, scrypt_p = 0;
|
||||
#endif
|
||||
|
||||
prog = opt_init(argc, argv, pkcs8_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF:
|
||||
case OPT_ERR:
|
||||
opthelp:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
case OPT_HELP:
|
||||
opt_help(pkcs8_options);
|
||||
ret = 0;
|
||||
goto end;
|
||||
case OPT_INFORM:
|
||||
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_IN:
|
||||
infile = opt_arg();
|
||||
break;
|
||||
case OPT_OUTFORM:
|
||||
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_OUT:
|
||||
outfile = opt_arg();
|
||||
break;
|
||||
case OPT_TOPK8:
|
||||
topk8 = 1;
|
||||
break;
|
||||
case OPT_NOITER:
|
||||
iter = 1;
|
||||
break;
|
||||
case OPT_NOCRYPT:
|
||||
nocrypt = 1;
|
||||
break;
|
||||
case OPT_R_CASES:
|
||||
if (!opt_rand(o))
|
||||
goto end;
|
||||
break;
|
||||
case OPT_TRADITIONAL:
|
||||
traditional = 1;
|
||||
break;
|
||||
case OPT_V2:
|
||||
if (!opt_cipher(opt_arg(), &cipher))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_V1:
|
||||
pbe_nid = OBJ_txt2nid(opt_arg());
|
||||
if (pbe_nid == NID_undef) {
|
||||
BIO_printf(bio_err,
|
||||
"%s: Unknown PBE algorithm %s\n", prog, opt_arg());
|
||||
goto opthelp;
|
||||
}
|
||||
break;
|
||||
case OPT_V2PRF:
|
||||
pbe_nid = OBJ_txt2nid(opt_arg());
|
||||
if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0)) {
|
||||
BIO_printf(bio_err,
|
||||
"%s: Unknown PRF algorithm %s\n", prog, opt_arg());
|
||||
goto opthelp;
|
||||
}
|
||||
if (cipher == NULL)
|
||||
cipher = EVP_aes_256_cbc();
|
||||
break;
|
||||
case OPT_ITER:
|
||||
if (!opt_int(opt_arg(), &iter))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_PASSIN:
|
||||
passinarg = opt_arg();
|
||||
break;
|
||||
case OPT_PASSOUT:
|
||||
passoutarg = opt_arg();
|
||||
break;
|
||||
case OPT_ENGINE:
|
||||
e = setup_engine(opt_arg(), 0);
|
||||
break;
|
||||
#ifndef OPENSSL_NO_SCRYPT
|
||||
case OPT_SCRYPT:
|
||||
scrypt_N = 16384;
|
||||
scrypt_r = 8;
|
||||
scrypt_p = 1;
|
||||
if (cipher == NULL)
|
||||
cipher = EVP_aes_256_cbc();
|
||||
break;
|
||||
case OPT_SCRYPT_N:
|
||||
if (!opt_long(opt_arg(), &scrypt_N) || scrypt_N <= 0)
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_SCRYPT_R:
|
||||
if (!opt_long(opt_arg(), &scrypt_r) || scrypt_r <= 0)
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_SCRYPT_P:
|
||||
if (!opt_long(opt_arg(), &scrypt_p) || scrypt_p <= 0)
|
||||
goto opthelp;
|
||||
break;
|
||||
#endif
|
||||
}
|
||||
}
|
||||
argc = opt_num_rest();
|
||||
if (argc != 0)
|
||||
goto opthelp;
|
||||
|
||||
private = 1;
|
||||
|
||||
if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
|
||||
BIO_printf(bio_err, "Error getting passwords\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
if ((pbe_nid == -1) && cipher == NULL)
|
||||
cipher = EVP_aes_256_cbc();
|
||||
|
||||
in = bio_open_default(infile, 'r', informat);
|
||||
if (in == NULL)
|
||||
goto end;
|
||||
out = bio_open_owner(outfile, outformat, private);
|
||||
if (out == NULL)
|
||||
goto end;
|
||||
|
||||
if (topk8) {
|
||||
pkey = load_key(infile, informat, 1, passin, e, "key");
|
||||
if (pkey == NULL)
|
||||
goto end;
|
||||
if ((p8inf = EVP_PKEY2PKCS8(pkey)) == NULL) {
|
||||
BIO_printf(bio_err, "Error converting key\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
if (nocrypt) {
|
||||
assert(private);
|
||||
if (outformat == FORMAT_PEM) {
|
||||
PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);
|
||||
} else if (outformat == FORMAT_ASN1) {
|
||||
i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);
|
||||
} else {
|
||||
BIO_printf(bio_err, "Bad format specified for key\n");
|
||||
goto end;
|
||||
}
|
||||
} else {
|
||||
X509_ALGOR *pbe;
|
||||
if (cipher) {
|
||||
#ifndef OPENSSL_NO_SCRYPT
|
||||
if (scrypt_N && scrypt_r && scrypt_p)
|
||||
pbe = PKCS5_pbe2_set_scrypt(cipher, NULL, 0, NULL,
|
||||
scrypt_N, scrypt_r, scrypt_p);
|
||||
else
|
||||
#endif
|
||||
pbe = PKCS5_pbe2_set_iv(cipher, iter, NULL, 0, NULL,
|
||||
pbe_nid);
|
||||
} else {
|
||||
pbe = PKCS5_pbe_set(pbe_nid, iter, NULL, 0);
|
||||
}
|
||||
if (pbe == NULL) {
|
||||
BIO_printf(bio_err, "Error setting PBE algorithm\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
if (passout != NULL) {
|
||||
p8pass = passout;
|
||||
} else if (1) {
|
||||
/* To avoid bit rot */
|
||||
#ifndef OPENSSL_NO_UI_CONSOLE
|
||||
p8pass = pass;
|
||||
if (EVP_read_pw_string
|
||||
(pass, sizeof(pass), "Enter Encryption Password:", 1)) {
|
||||
X509_ALGOR_free(pbe);
|
||||
goto end;
|
||||
}
|
||||
} else {
|
||||
#endif
|
||||
BIO_printf(bio_err, "Password required\n");
|
||||
goto end;
|
||||
}
|
||||
p8 = PKCS8_set0_pbe(p8pass, strlen(p8pass), p8inf, pbe);
|
||||
if (p8 == NULL) {
|
||||
X509_ALGOR_free(pbe);
|
||||
BIO_printf(bio_err, "Error encrypting key\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
assert(private);
|
||||
if (outformat == FORMAT_PEM)
|
||||
PEM_write_bio_PKCS8(out, p8);
|
||||
else if (outformat == FORMAT_ASN1)
|
||||
i2d_PKCS8_bio(out, p8);
|
||||
else {
|
||||
BIO_printf(bio_err, "Bad format specified for key\n");
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
ret = 0;
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (nocrypt) {
|
||||
if (informat == FORMAT_PEM) {
|
||||
p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in, NULL, NULL, NULL);
|
||||
} else if (informat == FORMAT_ASN1) {
|
||||
p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);
|
||||
} else {
|
||||
BIO_printf(bio_err, "Bad format specified for key\n");
|
||||
goto end;
|
||||
}
|
||||
} else {
|
||||
if (informat == FORMAT_PEM) {
|
||||
p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);
|
||||
} else if (informat == FORMAT_ASN1) {
|
||||
p8 = d2i_PKCS8_bio(in, NULL);
|
||||
} else {
|
||||
BIO_printf(bio_err, "Bad format specified for key\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (p8 == NULL) {
|
||||
BIO_printf(bio_err, "Error reading key\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
if (passin != NULL) {
|
||||
p8pass = passin;
|
||||
} else if (1) {
|
||||
#ifndef OPENSSL_NO_UI_CONSOLE
|
||||
p8pass = pass;
|
||||
if (EVP_read_pw_string(pass, sizeof(pass), "Enter Password:", 0)) {
|
||||
BIO_printf(bio_err, "Can't read Password\n");
|
||||
goto end;
|
||||
}
|
||||
} else {
|
||||
#endif
|
||||
BIO_printf(bio_err, "Password required\n");
|
||||
goto end;
|
||||
}
|
||||
p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
|
||||
}
|
||||
|
||||
if (p8inf == NULL) {
|
||||
BIO_printf(bio_err, "Error decrypting key\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if ((pkey = EVP_PKCS82PKEY(p8inf)) == NULL) {
|
||||
BIO_printf(bio_err, "Error converting key\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
assert(private);
|
||||
if (outformat == FORMAT_PEM) {
|
||||
if (traditional)
|
||||
PEM_write_bio_PrivateKey_traditional(out, pkey, NULL, NULL, 0,
|
||||
NULL, passout);
|
||||
else
|
||||
PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
|
||||
} else if (outformat == FORMAT_ASN1) {
|
||||
i2d_PrivateKey_bio(out, pkey);
|
||||
} else {
|
||||
BIO_printf(bio_err, "Bad format specified for key\n");
|
||||
goto end;
|
||||
}
|
||||
ret = 0;
|
||||
|
||||
end:
|
||||
X509_SIG_free(p8);
|
||||
PKCS8_PRIV_KEY_INFO_free(p8inf);
|
||||
EVP_PKEY_free(pkey);
|
||||
release_engine(e);
|
||||
BIO_free_all(out);
|
||||
BIO_free(in);
|
||||
OPENSSL_free(passin);
|
||||
OPENSSL_free(passout);
|
||||
|
||||
return ret;
|
||||
}
|
243
trunk/3rdparty/openssl-1.1-fit/apps/pkey.c
vendored
Normal file
243
trunk/3rdparty/openssl-1.1-fit/apps/pkey.c
vendored
Normal file
|
@ -0,0 +1,243 @@
|
|||
/*
|
||||
* Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/evp.h>
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
OPT_INFORM, OPT_OUTFORM, OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE,
|
||||
OPT_IN, OPT_OUT, OPT_PUBIN, OPT_PUBOUT, OPT_TEXT_PUB,
|
||||
OPT_TEXT, OPT_NOOUT, OPT_MD, OPT_TRADITIONAL, OPT_CHECK, OPT_PUB_CHECK
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS pkey_options[] = {
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{"inform", OPT_INFORM, 'f', "Input format (DER or PEM)"},
|
||||
{"outform", OPT_OUTFORM, 'F', "Output format (DER or PEM)"},
|
||||
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
|
||||
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
|
||||
{"in", OPT_IN, 's', "Input key"},
|
||||
{"out", OPT_OUT, '>', "Output file"},
|
||||
{"pubin", OPT_PUBIN, '-',
|
||||
"Read public key from input (default is private key)"},
|
||||
{"pubout", OPT_PUBOUT, '-', "Output public key, not private"},
|
||||
{"text_pub", OPT_TEXT_PUB, '-', "Only output public key components"},
|
||||
{"text", OPT_TEXT, '-', "Output in plaintext as well"},
|
||||
{"noout", OPT_NOOUT, '-', "Don't output the key"},
|
||||
{"", OPT_MD, '-', "Any supported cipher"},
|
||||
{"traditional", OPT_TRADITIONAL, '-',
|
||||
"Use traditional format for private keys"},
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
|
||||
#endif
|
||||
{"check", OPT_CHECK, '-', "Check key consistency"},
|
||||
{"pubcheck", OPT_PUB_CHECK, '-', "Check public key consistency"},
|
||||
{NULL}
|
||||
};
|
||||
|
||||
int pkey_main(int argc, char **argv)
|
||||
{
|
||||
BIO *in = NULL, *out = NULL;
|
||||
ENGINE *e = NULL;
|
||||
EVP_PKEY *pkey = NULL;
|
||||
const EVP_CIPHER *cipher = NULL;
|
||||
char *infile = NULL, *outfile = NULL, *passin = NULL, *passout = NULL;
|
||||
char *passinarg = NULL, *passoutarg = NULL, *prog;
|
||||
OPTION_CHOICE o;
|
||||
int informat = FORMAT_PEM, outformat = FORMAT_PEM;
|
||||
int pubin = 0, pubout = 0, pubtext = 0, text = 0, noout = 0, ret = 1;
|
||||
int private = 0, traditional = 0, check = 0, pub_check = 0;
|
||||
|
||||
prog = opt_init(argc, argv, pkey_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF:
|
||||
case OPT_ERR:
|
||||
opthelp:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
case OPT_HELP:
|
||||
opt_help(pkey_options);
|
||||
ret = 0;
|
||||
goto end;
|
||||
case OPT_INFORM:
|
||||
if (!opt_format(opt_arg(), OPT_FMT_ANY, &informat))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_OUTFORM:
|
||||
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_PASSIN:
|
||||
passinarg = opt_arg();
|
||||
break;
|
||||
case OPT_PASSOUT:
|
||||
passoutarg = opt_arg();
|
||||
break;
|
||||
case OPT_ENGINE:
|
||||
e = setup_engine(opt_arg(), 0);
|
||||
break;
|
||||
case OPT_IN:
|
||||
infile = opt_arg();
|
||||
break;
|
||||
case OPT_OUT:
|
||||
outfile = opt_arg();
|
||||
break;
|
||||
case OPT_PUBIN:
|
||||
pubin = pubout = pubtext = 1;
|
||||
break;
|
||||
case OPT_PUBOUT:
|
||||
pubout = 1;
|
||||
break;
|
||||
case OPT_TEXT_PUB:
|
||||
pubtext = text = 1;
|
||||
break;
|
||||
case OPT_TEXT:
|
||||
text = 1;
|
||||
break;
|
||||
case OPT_NOOUT:
|
||||
noout = 1;
|
||||
break;
|
||||
case OPT_TRADITIONAL:
|
||||
traditional = 1;
|
||||
break;
|
||||
case OPT_CHECK:
|
||||
check = 1;
|
||||
break;
|
||||
case OPT_PUB_CHECK:
|
||||
pub_check = 1;
|
||||
break;
|
||||
case OPT_MD:
|
||||
if (!opt_cipher(opt_unknown(), &cipher))
|
||||
goto opthelp;
|
||||
}
|
||||
}
|
||||
argc = opt_num_rest();
|
||||
if (argc != 0)
|
||||
goto opthelp;
|
||||
|
||||
private = !noout && !pubout ? 1 : 0;
|
||||
if (text && !pubtext)
|
||||
private = 1;
|
||||
|
||||
if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
|
||||
BIO_printf(bio_err, "Error getting passwords\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
out = bio_open_owner(outfile, outformat, private);
|
||||
if (out == NULL)
|
||||
goto end;
|
||||
|
||||
if (pubin)
|
||||
pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key");
|
||||
else
|
||||
pkey = load_key(infile, informat, 1, passin, e, "key");
|
||||
if (pkey == NULL)
|
||||
goto end;
|
||||
|
||||
if (check || pub_check) {
|
||||
int r;
|
||||
EVP_PKEY_CTX *ctx;
|
||||
|
||||
ctx = EVP_PKEY_CTX_new(pkey, e);
|
||||
if (ctx == NULL) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (check)
|
||||
r = EVP_PKEY_check(ctx);
|
||||
else
|
||||
r = EVP_PKEY_public_check(ctx);
|
||||
|
||||
if (r == 1) {
|
||||
BIO_printf(out, "Key is valid\n");
|
||||
} else {
|
||||
/*
|
||||
* Note: at least for RSA keys if this function returns
|
||||
* -1, there will be no error reasons.
|
||||
*/
|
||||
unsigned long err;
|
||||
|
||||
BIO_printf(out, "Key is invalid\n");
|
||||
|
||||
while ((err = ERR_peek_error()) != 0) {
|
||||
BIO_printf(out, "Detailed error: %s\n",
|
||||
ERR_reason_error_string(err));
|
||||
ERR_get_error(); /* remove err from error stack */
|
||||
}
|
||||
}
|
||||
EVP_PKEY_CTX_free(ctx);
|
||||
}
|
||||
|
||||
if (!noout) {
|
||||
if (outformat == FORMAT_PEM) {
|
||||
if (pubout) {
|
||||
if (!PEM_write_bio_PUBKEY(out, pkey))
|
||||
goto end;
|
||||
} else {
|
||||
assert(private);
|
||||
if (traditional) {
|
||||
if (!PEM_write_bio_PrivateKey_traditional(out, pkey, cipher,
|
||||
NULL, 0, NULL,
|
||||
passout))
|
||||
goto end;
|
||||
} else {
|
||||
if (!PEM_write_bio_PrivateKey(out, pkey, cipher,
|
||||
NULL, 0, NULL, passout))
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
} else if (outformat == FORMAT_ASN1) {
|
||||
if (pubout) {
|
||||
if (!i2d_PUBKEY_bio(out, pkey))
|
||||
goto end;
|
||||
} else {
|
||||
assert(private);
|
||||
if (!i2d_PrivateKey_bio(out, pkey))
|
||||
goto end;
|
||||
}
|
||||
} else {
|
||||
BIO_printf(bio_err, "Bad format specified for key\n");
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if (text) {
|
||||
if (pubtext) {
|
||||
if (EVP_PKEY_print_public(out, pkey, 0, NULL) <= 0)
|
||||
goto end;
|
||||
} else {
|
||||
assert(private);
|
||||
if (EVP_PKEY_print_private(out, pkey, 0, NULL) <= 0)
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
ret = 0;
|
||||
|
||||
end:
|
||||
if (ret != 0)
|
||||
ERR_print_errors(bio_err);
|
||||
EVP_PKEY_free(pkey);
|
||||
release_engine(e);
|
||||
BIO_free_all(out);
|
||||
BIO_free(in);
|
||||
OPENSSL_free(passin);
|
||||
OPENSSL_free(passout);
|
||||
|
||||
return ret;
|
||||
}
|
142
trunk/3rdparty/openssl-1.1-fit/apps/pkeyparam.c
vendored
Normal file
142
trunk/3rdparty/openssl-1.1-fit/apps/pkeyparam.c
vendored
Normal file
|
@ -0,0 +1,142 @@
|
|||
/*
|
||||
* Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/evp.h>
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
OPT_IN, OPT_OUT, OPT_TEXT, OPT_NOOUT,
|
||||
OPT_ENGINE, OPT_CHECK
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS pkeyparam_options[] = {
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{"in", OPT_IN, '<', "Input file"},
|
||||
{"out", OPT_OUT, '>', "Output file"},
|
||||
{"text", OPT_TEXT, '-', "Print parameters as text"},
|
||||
{"noout", OPT_NOOUT, '-', "Don't output encoded parameters"},
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
|
||||
#endif
|
||||
{"check", OPT_CHECK, '-', "Check key param consistency"},
|
||||
{NULL}
|
||||
};
|
||||
|
||||
int pkeyparam_main(int argc, char **argv)
|
||||
{
|
||||
ENGINE *e = NULL;
|
||||
BIO *in = NULL, *out = NULL;
|
||||
EVP_PKEY *pkey = NULL;
|
||||
int text = 0, noout = 0, ret = 1, check = 0;
|
||||
OPTION_CHOICE o;
|
||||
char *infile = NULL, *outfile = NULL, *prog;
|
||||
|
||||
prog = opt_init(argc, argv, pkeyparam_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF:
|
||||
case OPT_ERR:
|
||||
opthelp:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
case OPT_HELP:
|
||||
opt_help(pkeyparam_options);
|
||||
ret = 0;
|
||||
goto end;
|
||||
case OPT_IN:
|
||||
infile = opt_arg();
|
||||
break;
|
||||
case OPT_OUT:
|
||||
outfile = opt_arg();
|
||||
break;
|
||||
case OPT_ENGINE:
|
||||
e = setup_engine(opt_arg(), 0);
|
||||
break;
|
||||
case OPT_TEXT:
|
||||
text = 1;
|
||||
break;
|
||||
case OPT_NOOUT:
|
||||
noout = 1;
|
||||
break;
|
||||
case OPT_CHECK:
|
||||
check = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
argc = opt_num_rest();
|
||||
if (argc != 0)
|
||||
goto opthelp;
|
||||
|
||||
in = bio_open_default(infile, 'r', FORMAT_PEM);
|
||||
if (in == NULL)
|
||||
goto end;
|
||||
out = bio_open_default(outfile, 'w', FORMAT_PEM);
|
||||
if (out == NULL)
|
||||
goto end;
|
||||
pkey = PEM_read_bio_Parameters(in, NULL);
|
||||
if (pkey == NULL) {
|
||||
BIO_printf(bio_err, "Error reading parameters\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (check) {
|
||||
int r;
|
||||
EVP_PKEY_CTX *ctx;
|
||||
|
||||
ctx = EVP_PKEY_CTX_new(pkey, e);
|
||||
if (ctx == NULL) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
r = EVP_PKEY_param_check(ctx);
|
||||
|
||||
if (r == 1) {
|
||||
BIO_printf(out, "Parameters are valid\n");
|
||||
} else {
|
||||
/*
|
||||
* Note: at least for RSA keys if this function returns
|
||||
* -1, there will be no error reasons.
|
||||
*/
|
||||
unsigned long err;
|
||||
|
||||
BIO_printf(out, "Parameters are invalid\n");
|
||||
|
||||
while ((err = ERR_peek_error()) != 0) {
|
||||
BIO_printf(out, "Detailed error: %s\n",
|
||||
ERR_reason_error_string(err));
|
||||
ERR_get_error(); /* remove err from error stack */
|
||||
}
|
||||
}
|
||||
EVP_PKEY_CTX_free(ctx);
|
||||
}
|
||||
|
||||
if (!noout)
|
||||
PEM_write_bio_Parameters(out, pkey);
|
||||
|
||||
if (text)
|
||||
EVP_PKEY_print_params(out, pkey, 0, NULL);
|
||||
|
||||
ret = 0;
|
||||
|
||||
end:
|
||||
EVP_PKEY_free(pkey);
|
||||
release_engine(e);
|
||||
BIO_free_all(out);
|
||||
BIO_free(in);
|
||||
|
||||
return ret;
|
||||
}
|
525
trunk/3rdparty/openssl-1.1-fit/apps/pkeyutl.c
vendored
Normal file
525
trunk/3rdparty/openssl-1.1-fit/apps/pkeyutl.c
vendored
Normal file
|
@ -0,0 +1,525 @@
|
|||
/*
|
||||
* Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
#include <string.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/evp.h>
|
||||
|
||||
#define KEY_NONE 0
|
||||
#define KEY_PRIVKEY 1
|
||||
#define KEY_PUBKEY 2
|
||||
#define KEY_CERT 3
|
||||
|
||||
static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
|
||||
const char *keyfile, int keyform, int key_type,
|
||||
char *passinarg, int pkey_op, ENGINE *e,
|
||||
const int impl);
|
||||
|
||||
static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file,
|
||||
ENGINE *e);
|
||||
|
||||
static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
|
||||
unsigned char *out, size_t *poutlen,
|
||||
const unsigned char *in, size_t inlen);
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
OPT_ENGINE, OPT_ENGINE_IMPL, OPT_IN, OPT_OUT,
|
||||
OPT_PUBIN, OPT_CERTIN, OPT_ASN1PARSE, OPT_HEXDUMP, OPT_SIGN,
|
||||
OPT_VERIFY, OPT_VERIFYRECOVER, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT,
|
||||
OPT_DERIVE, OPT_SIGFILE, OPT_INKEY, OPT_PEERKEY, OPT_PASSIN,
|
||||
OPT_PEERFORM, OPT_KEYFORM, OPT_PKEYOPT, OPT_KDF, OPT_KDFLEN,
|
||||
OPT_R_ENUM
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS pkeyutl_options[] = {
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{"in", OPT_IN, '<', "Input file - default stdin"},
|
||||
{"out", OPT_OUT, '>', "Output file - default stdout"},
|
||||
{"pubin", OPT_PUBIN, '-', "Input is a public key"},
|
||||
{"certin", OPT_CERTIN, '-', "Input is a cert with a public key"},
|
||||
{"asn1parse", OPT_ASN1PARSE, '-', "asn1parse the output data"},
|
||||
{"hexdump", OPT_HEXDUMP, '-', "Hex dump output"},
|
||||
{"sign", OPT_SIGN, '-', "Sign input data with private key"},
|
||||
{"verify", OPT_VERIFY, '-', "Verify with public key"},
|
||||
{"verifyrecover", OPT_VERIFYRECOVER, '-',
|
||||
"Verify with public key, recover original data"},
|
||||
{"rev", OPT_REV, '-', "Reverse the order of the input buffer"},
|
||||
{"encrypt", OPT_ENCRYPT, '-', "Encrypt input data with public key"},
|
||||
{"decrypt", OPT_DECRYPT, '-', "Decrypt input data with private key"},
|
||||
{"derive", OPT_DERIVE, '-', "Derive shared secret"},
|
||||
{"kdf", OPT_KDF, 's', "Use KDF algorithm"},
|
||||
{"kdflen", OPT_KDFLEN, 'p', "KDF algorithm output length"},
|
||||
{"sigfile", OPT_SIGFILE, '<', "Signature file (verify operation only)"},
|
||||
{"inkey", OPT_INKEY, 's', "Input private key file"},
|
||||
{"peerkey", OPT_PEERKEY, 's', "Peer key file used in key derivation"},
|
||||
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
|
||||
{"peerform", OPT_PEERFORM, 'E', "Peer key format - default PEM"},
|
||||
{"keyform", OPT_KEYFORM, 'E', "Private key format - default PEM"},
|
||||
{"pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value"},
|
||||
OPT_R_OPTIONS,
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
|
||||
{"engine_impl", OPT_ENGINE_IMPL, '-',
|
||||
"Also use engine given by -engine for crypto operations"},
|
||||
#endif
|
||||
{NULL}
|
||||
};
|
||||
|
||||
int pkeyutl_main(int argc, char **argv)
|
||||
{
|
||||
BIO *in = NULL, *out = NULL;
|
||||
ENGINE *e = NULL;
|
||||
EVP_PKEY_CTX *ctx = NULL;
|
||||
char *infile = NULL, *outfile = NULL, *sigfile = NULL, *passinarg = NULL;
|
||||
char hexdump = 0, asn1parse = 0, rev = 0, *prog;
|
||||
unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;
|
||||
OPTION_CHOICE o;
|
||||
int buf_inlen = 0, siglen = -1, keyform = FORMAT_PEM, peerform = FORMAT_PEM;
|
||||
int keysize = -1, pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY;
|
||||
int engine_impl = 0;
|
||||
int ret = 1, rv = -1;
|
||||
size_t buf_outlen;
|
||||
const char *inkey = NULL;
|
||||
const char *peerkey = NULL;
|
||||
const char *kdfalg = NULL;
|
||||
int kdflen = 0;
|
||||
STACK_OF(OPENSSL_STRING) *pkeyopts = NULL;
|
||||
|
||||
prog = opt_init(argc, argv, pkeyutl_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF:
|
||||
case OPT_ERR:
|
||||
opthelp:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
case OPT_HELP:
|
||||
opt_help(pkeyutl_options);
|
||||
ret = 0;
|
||||
goto end;
|
||||
case OPT_IN:
|
||||
infile = opt_arg();
|
||||
break;
|
||||
case OPT_OUT:
|
||||
outfile = opt_arg();
|
||||
break;
|
||||
case OPT_SIGFILE:
|
||||
sigfile = opt_arg();
|
||||
break;
|
||||
case OPT_ENGINE_IMPL:
|
||||
engine_impl = 1;
|
||||
break;
|
||||
case OPT_INKEY:
|
||||
inkey = opt_arg();
|
||||
break;
|
||||
case OPT_PEERKEY:
|
||||
peerkey = opt_arg();
|
||||
break;
|
||||
case OPT_PASSIN:
|
||||
passinarg = opt_arg();
|
||||
break;
|
||||
case OPT_PEERFORM:
|
||||
if (!opt_format(opt_arg(), OPT_FMT_PDE, &peerform))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_KEYFORM:
|
||||
if (!opt_format(opt_arg(), OPT_FMT_PDE, &keyform))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_R_CASES:
|
||||
if (!opt_rand(o))
|
||||
goto end;
|
||||
break;
|
||||
case OPT_ENGINE:
|
||||
e = setup_engine(opt_arg(), 0);
|
||||
break;
|
||||
case OPT_PUBIN:
|
||||
key_type = KEY_PUBKEY;
|
||||
break;
|
||||
case OPT_CERTIN:
|
||||
key_type = KEY_CERT;
|
||||
break;
|
||||
case OPT_ASN1PARSE:
|
||||
asn1parse = 1;
|
||||
break;
|
||||
case OPT_HEXDUMP:
|
||||
hexdump = 1;
|
||||
break;
|
||||
case OPT_SIGN:
|
||||
pkey_op = EVP_PKEY_OP_SIGN;
|
||||
break;
|
||||
case OPT_VERIFY:
|
||||
pkey_op = EVP_PKEY_OP_VERIFY;
|
||||
break;
|
||||
case OPT_VERIFYRECOVER:
|
||||
pkey_op = EVP_PKEY_OP_VERIFYRECOVER;
|
||||
break;
|
||||
case OPT_ENCRYPT:
|
||||
pkey_op = EVP_PKEY_OP_ENCRYPT;
|
||||
break;
|
||||
case OPT_DECRYPT:
|
||||
pkey_op = EVP_PKEY_OP_DECRYPT;
|
||||
break;
|
||||
case OPT_DERIVE:
|
||||
pkey_op = EVP_PKEY_OP_DERIVE;
|
||||
break;
|
||||
case OPT_KDF:
|
||||
pkey_op = EVP_PKEY_OP_DERIVE;
|
||||
key_type = KEY_NONE;
|
||||
kdfalg = opt_arg();
|
||||
break;
|
||||
case OPT_KDFLEN:
|
||||
kdflen = atoi(opt_arg());
|
||||
break;
|
||||
case OPT_REV:
|
||||
rev = 1;
|
||||
break;
|
||||
case OPT_PKEYOPT:
|
||||
if ((pkeyopts == NULL &&
|
||||
(pkeyopts = sk_OPENSSL_STRING_new_null()) == NULL) ||
|
||||
sk_OPENSSL_STRING_push(pkeyopts, opt_arg()) == 0) {
|
||||
BIO_puts(bio_err, "out of memory\n");
|
||||
goto end;
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
argc = opt_num_rest();
|
||||
if (argc != 0)
|
||||
goto opthelp;
|
||||
|
||||
if (kdfalg != NULL) {
|
||||
if (kdflen == 0) {
|
||||
BIO_printf(bio_err,
|
||||
"%s: no KDF length given (-kdflen parameter).\n", prog);
|
||||
goto opthelp;
|
||||
}
|
||||
} else if (inkey == NULL) {
|
||||
BIO_printf(bio_err,
|
||||
"%s: no private key given (-inkey parameter).\n", prog);
|
||||
goto opthelp;
|
||||
} else if (peerkey != NULL && pkey_op != EVP_PKEY_OP_DERIVE) {
|
||||
BIO_printf(bio_err,
|
||||
"%s: no peer key given (-peerkey parameter).\n", prog);
|
||||
goto opthelp;
|
||||
}
|
||||
ctx = init_ctx(kdfalg, &keysize, inkey, keyform, key_type,
|
||||
passinarg, pkey_op, e, engine_impl);
|
||||
if (ctx == NULL) {
|
||||
BIO_printf(bio_err, "%s: Error initializing context\n", prog);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
if (peerkey != NULL && !setup_peer(ctx, peerform, peerkey, e)) {
|
||||
BIO_printf(bio_err, "%s: Error setting up peer key\n", prog);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
if (pkeyopts != NULL) {
|
||||
int num = sk_OPENSSL_STRING_num(pkeyopts);
|
||||
int i;
|
||||
|
||||
for (i = 0; i < num; ++i) {
|
||||
const char *opt = sk_OPENSSL_STRING_value(pkeyopts, i);
|
||||
|
||||
if (pkey_ctrl_string(ctx, opt) <= 0) {
|
||||
BIO_printf(bio_err, "%s: Can't set parameter \"%s\":\n",
|
||||
prog, opt);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (sigfile != NULL && (pkey_op != EVP_PKEY_OP_VERIFY)) {
|
||||
BIO_printf(bio_err,
|
||||
"%s: Signature file specified for non verify\n", prog);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (sigfile == NULL && (pkey_op == EVP_PKEY_OP_VERIFY)) {
|
||||
BIO_printf(bio_err,
|
||||
"%s: No signature file specified for verify\n", prog);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (pkey_op != EVP_PKEY_OP_DERIVE) {
|
||||
in = bio_open_default(infile, 'r', FORMAT_BINARY);
|
||||
if (in == NULL)
|
||||
goto end;
|
||||
}
|
||||
out = bio_open_default(outfile, 'w', FORMAT_BINARY);
|
||||
if (out == NULL)
|
||||
goto end;
|
||||
|
||||
if (sigfile != NULL) {
|
||||
BIO *sigbio = BIO_new_file(sigfile, "rb");
|
||||
|
||||
if (sigbio == NULL) {
|
||||
BIO_printf(bio_err, "Can't open signature file %s\n", sigfile);
|
||||
goto end;
|
||||
}
|
||||
siglen = bio_to_mem(&sig, keysize * 10, sigbio);
|
||||
BIO_free(sigbio);
|
||||
if (siglen < 0) {
|
||||
BIO_printf(bio_err, "Error reading signature data\n");
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if (in != NULL) {
|
||||
/* Read the input data */
|
||||
buf_inlen = bio_to_mem(&buf_in, keysize * 10, in);
|
||||
if (buf_inlen < 0) {
|
||||
BIO_printf(bio_err, "Error reading input Data\n");
|
||||
goto end;
|
||||
}
|
||||
if (rev) {
|
||||
size_t i;
|
||||
unsigned char ctmp;
|
||||
size_t l = (size_t)buf_inlen;
|
||||
for (i = 0; i < l / 2; i++) {
|
||||
ctmp = buf_in[i];
|
||||
buf_in[i] = buf_in[l - 1 - i];
|
||||
buf_in[l - 1 - i] = ctmp;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* Sanity check the input */
|
||||
if (buf_inlen > EVP_MAX_MD_SIZE
|
||||
&& (pkey_op == EVP_PKEY_OP_SIGN
|
||||
|| pkey_op == EVP_PKEY_OP_VERIFY
|
||||
|| pkey_op == EVP_PKEY_OP_VERIFYRECOVER)) {
|
||||
BIO_printf(bio_err,
|
||||
"Error: The input data looks too long to be a hash\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (pkey_op == EVP_PKEY_OP_VERIFY) {
|
||||
rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen,
|
||||
buf_in, (size_t)buf_inlen);
|
||||
if (rv == 1) {
|
||||
BIO_puts(out, "Signature Verified Successfully\n");
|
||||
ret = 0;
|
||||
} else {
|
||||
BIO_puts(out, "Signature Verification Failure\n");
|
||||
}
|
||||
goto end;
|
||||
}
|
||||
if (kdflen != 0) {
|
||||
buf_outlen = kdflen;
|
||||
rv = 1;
|
||||
} else {
|
||||
rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen,
|
||||
buf_in, (size_t)buf_inlen);
|
||||
}
|
||||
if (rv > 0 && buf_outlen != 0) {
|
||||
buf_out = app_malloc(buf_outlen, "buffer output");
|
||||
rv = do_keyop(ctx, pkey_op,
|
||||
buf_out, (size_t *)&buf_outlen,
|
||||
buf_in, (size_t)buf_inlen);
|
||||
}
|
||||
if (rv <= 0) {
|
||||
if (pkey_op != EVP_PKEY_OP_DERIVE) {
|
||||
BIO_puts(bio_err, "Public Key operation error\n");
|
||||
} else {
|
||||
BIO_puts(bio_err, "Key derivation failed\n");
|
||||
}
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
ret = 0;
|
||||
|
||||
if (asn1parse) {
|
||||
if (!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1))
|
||||
ERR_print_errors(bio_err);
|
||||
} else if (hexdump) {
|
||||
BIO_dump(out, (char *)buf_out, buf_outlen);
|
||||
} else {
|
||||
BIO_write(out, buf_out, buf_outlen);
|
||||
}
|
||||
|
||||
end:
|
||||
EVP_PKEY_CTX_free(ctx);
|
||||
release_engine(e);
|
||||
BIO_free(in);
|
||||
BIO_free_all(out);
|
||||
OPENSSL_free(buf_in);
|
||||
OPENSSL_free(buf_out);
|
||||
OPENSSL_free(sig);
|
||||
sk_OPENSSL_STRING_free(pkeyopts);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
|
||||
const char *keyfile, int keyform, int key_type,
|
||||
char *passinarg, int pkey_op, ENGINE *e,
|
||||
const int engine_impl)
|
||||
{
|
||||
EVP_PKEY *pkey = NULL;
|
||||
EVP_PKEY_CTX *ctx = NULL;
|
||||
ENGINE *impl = NULL;
|
||||
char *passin = NULL;
|
||||
int rv = -1;
|
||||
X509 *x;
|
||||
if (((pkey_op == EVP_PKEY_OP_SIGN) || (pkey_op == EVP_PKEY_OP_DECRYPT)
|
||||
|| (pkey_op == EVP_PKEY_OP_DERIVE))
|
||||
&& (key_type != KEY_PRIVKEY && kdfalg == NULL)) {
|
||||
BIO_printf(bio_err, "A private key is needed for this operation\n");
|
||||
goto end;
|
||||
}
|
||||
if (!app_passwd(passinarg, NULL, &passin, NULL)) {
|
||||
BIO_printf(bio_err, "Error getting password\n");
|
||||
goto end;
|
||||
}
|
||||
switch (key_type) {
|
||||
case KEY_PRIVKEY:
|
||||
pkey = load_key(keyfile, keyform, 0, passin, e, "Private Key");
|
||||
break;
|
||||
|
||||
case KEY_PUBKEY:
|
||||
pkey = load_pubkey(keyfile, keyform, 0, NULL, e, "Public Key");
|
||||
break;
|
||||
|
||||
case KEY_CERT:
|
||||
x = load_cert(keyfile, keyform, "Certificate");
|
||||
if (x) {
|
||||
pkey = X509_get_pubkey(x);
|
||||
X509_free(x);
|
||||
}
|
||||
break;
|
||||
|
||||
case KEY_NONE:
|
||||
break;
|
||||
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
if (engine_impl)
|
||||
impl = e;
|
||||
#endif
|
||||
|
||||
if (kdfalg != NULL) {
|
||||
int kdfnid = OBJ_sn2nid(kdfalg);
|
||||
|
||||
if (kdfnid == NID_undef) {
|
||||
kdfnid = OBJ_ln2nid(kdfalg);
|
||||
if (kdfnid == NID_undef) {
|
||||
BIO_printf(bio_err, "The given KDF \"%s\" is unknown.\n",
|
||||
kdfalg);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
ctx = EVP_PKEY_CTX_new_id(kdfnid, impl);
|
||||
} else {
|
||||
if (pkey == NULL)
|
||||
goto end;
|
||||
*pkeysize = EVP_PKEY_size(pkey);
|
||||
ctx = EVP_PKEY_CTX_new(pkey, impl);
|
||||
EVP_PKEY_free(pkey);
|
||||
}
|
||||
|
||||
if (ctx == NULL)
|
||||
goto end;
|
||||
|
||||
switch (pkey_op) {
|
||||
case EVP_PKEY_OP_SIGN:
|
||||
rv = EVP_PKEY_sign_init(ctx);
|
||||
break;
|
||||
|
||||
case EVP_PKEY_OP_VERIFY:
|
||||
rv = EVP_PKEY_verify_init(ctx);
|
||||
break;
|
||||
|
||||
case EVP_PKEY_OP_VERIFYRECOVER:
|
||||
rv = EVP_PKEY_verify_recover_init(ctx);
|
||||
break;
|
||||
|
||||
case EVP_PKEY_OP_ENCRYPT:
|
||||
rv = EVP_PKEY_encrypt_init(ctx);
|
||||
break;
|
||||
|
||||
case EVP_PKEY_OP_DECRYPT:
|
||||
rv = EVP_PKEY_decrypt_init(ctx);
|
||||
break;
|
||||
|
||||
case EVP_PKEY_OP_DERIVE:
|
||||
rv = EVP_PKEY_derive_init(ctx);
|
||||
break;
|
||||
}
|
||||
|
||||
if (rv <= 0) {
|
||||
EVP_PKEY_CTX_free(ctx);
|
||||
ctx = NULL;
|
||||
}
|
||||
|
||||
end:
|
||||
OPENSSL_free(passin);
|
||||
return ctx;
|
||||
|
||||
}
|
||||
|
||||
static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file,
|
||||
ENGINE *e)
|
||||
{
|
||||
EVP_PKEY *peer = NULL;
|
||||
ENGINE *engine = NULL;
|
||||
int ret;
|
||||
|
||||
if (peerform == FORMAT_ENGINE)
|
||||
engine = e;
|
||||
peer = load_pubkey(file, peerform, 0, NULL, engine, "Peer Key");
|
||||
if (peer == NULL) {
|
||||
BIO_printf(bio_err, "Error reading peer key %s\n", file);
|
||||
ERR_print_errors(bio_err);
|
||||
return 0;
|
||||
}
|
||||
|
||||
ret = EVP_PKEY_derive_set_peer(ctx, peer);
|
||||
|
||||
EVP_PKEY_free(peer);
|
||||
if (ret <= 0)
|
||||
ERR_print_errors(bio_err);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
|
||||
unsigned char *out, size_t *poutlen,
|
||||
const unsigned char *in, size_t inlen)
|
||||
{
|
||||
int rv = 0;
|
||||
switch (pkey_op) {
|
||||
case EVP_PKEY_OP_VERIFYRECOVER:
|
||||
rv = EVP_PKEY_verify_recover(ctx, out, poutlen, in, inlen);
|
||||
break;
|
||||
|
||||
case EVP_PKEY_OP_SIGN:
|
||||
rv = EVP_PKEY_sign(ctx, out, poutlen, in, inlen);
|
||||
break;
|
||||
|
||||
case EVP_PKEY_OP_ENCRYPT:
|
||||
rv = EVP_PKEY_encrypt(ctx, out, poutlen, in, inlen);
|
||||
break;
|
||||
|
||||
case EVP_PKEY_OP_DECRYPT:
|
||||
rv = EVP_PKEY_decrypt(ctx, out, poutlen, in, inlen);
|
||||
break;
|
||||
|
||||
case EVP_PKEY_OP_DERIVE:
|
||||
rv = EVP_PKEY_derive(ctx, out, poutlen);
|
||||
break;
|
||||
|
||||
}
|
||||
return rv;
|
||||
}
|
133
trunk/3rdparty/openssl-1.1-fit/apps/prime.c
vendored
Normal file
133
trunk/3rdparty/openssl-1.1-fit/apps/prime.c
vendored
Normal file
|
@ -0,0 +1,133 @@
|
|||
/*
|
||||
* Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
#include <openssl/bn.h>
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
OPT_HEX, OPT_GENERATE, OPT_BITS, OPT_SAFE, OPT_CHECKS
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS prime_options[] = {
|
||||
{OPT_HELP_STR, 1, '-', "Usage: %s [options] [number...]\n"},
|
||||
{OPT_HELP_STR, 1, '-',
|
||||
" number Number to check for primality\n"},
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{"hex", OPT_HEX, '-', "Hex output"},
|
||||
{"generate", OPT_GENERATE, '-', "Generate a prime"},
|
||||
{"bits", OPT_BITS, 'p', "Size of number in bits"},
|
||||
{"safe", OPT_SAFE, '-',
|
||||
"When used with -generate, generate a safe prime"},
|
||||
{"checks", OPT_CHECKS, 'p', "Number of checks"},
|
||||
{NULL}
|
||||
};
|
||||
|
||||
int prime_main(int argc, char **argv)
|
||||
{
|
||||
BIGNUM *bn = NULL;
|
||||
int hex = 0, checks = 20, generate = 0, bits = 0, safe = 0, ret = 1;
|
||||
char *prog;
|
||||
OPTION_CHOICE o;
|
||||
|
||||
prog = opt_init(argc, argv, prime_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF:
|
||||
case OPT_ERR:
|
||||
opthelp:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
case OPT_HELP:
|
||||
opt_help(prime_options);
|
||||
ret = 0;
|
||||
goto end;
|
||||
case OPT_HEX:
|
||||
hex = 1;
|
||||
break;
|
||||
case OPT_GENERATE:
|
||||
generate = 1;
|
||||
break;
|
||||
case OPT_BITS:
|
||||
bits = atoi(opt_arg());
|
||||
break;
|
||||
case OPT_SAFE:
|
||||
safe = 1;
|
||||
break;
|
||||
case OPT_CHECKS:
|
||||
checks = atoi(opt_arg());
|
||||
break;
|
||||
}
|
||||
}
|
||||
argc = opt_num_rest();
|
||||
argv = opt_rest();
|
||||
|
||||
if (generate) {
|
||||
if (argc != 0) {
|
||||
BIO_printf(bio_err, "Extra arguments given.\n");
|
||||
goto opthelp;
|
||||
}
|
||||
} else if (argc == 0) {
|
||||
BIO_printf(bio_err, "%s: No prime specified\n", prog);
|
||||
goto opthelp;
|
||||
}
|
||||
|
||||
if (generate) {
|
||||
char *s;
|
||||
|
||||
if (!bits) {
|
||||
BIO_printf(bio_err, "Specify the number of bits.\n");
|
||||
goto end;
|
||||
}
|
||||
bn = BN_new();
|
||||
if (bn == NULL) {
|
||||
BIO_printf(bio_err, "Out of memory.\n");
|
||||
goto end;
|
||||
}
|
||||
if (!BN_generate_prime_ex(bn, bits, safe, NULL, NULL, NULL)) {
|
||||
BIO_printf(bio_err, "Failed to generate prime.\n");
|
||||
goto end;
|
||||
}
|
||||
s = hex ? BN_bn2hex(bn) : BN_bn2dec(bn);
|
||||
if (s == NULL) {
|
||||
BIO_printf(bio_err, "Out of memory.\n");
|
||||
goto end;
|
||||
}
|
||||
BIO_printf(bio_out, "%s\n", s);
|
||||
OPENSSL_free(s);
|
||||
} else {
|
||||
for ( ; *argv; argv++) {
|
||||
int r;
|
||||
|
||||
if (hex)
|
||||
r = BN_hex2bn(&bn, argv[0]);
|
||||
else
|
||||
r = BN_dec2bn(&bn, argv[0]);
|
||||
|
||||
if (!r) {
|
||||
BIO_printf(bio_err, "Failed to process value (%s)\n", argv[0]);
|
||||
goto end;
|
||||
}
|
||||
|
||||
BN_print(bio_out, bn);
|
||||
BIO_printf(bio_out, " (%s) %s prime\n",
|
||||
argv[0],
|
||||
BN_is_prime_ex(bn, checks, NULL, NULL)
|
||||
? "is" : "is not");
|
||||
}
|
||||
}
|
||||
|
||||
ret = 0;
|
||||
end:
|
||||
BN_free(bn);
|
||||
return ret;
|
||||
}
|
16
trunk/3rdparty/openssl-1.1-fit/apps/privkey.pem
vendored
Normal file
16
trunk/3rdparty/openssl-1.1-fit/apps/privkey.pem
vendored
Normal file
|
@ -0,0 +1,16 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMo7DFNMqywUA1O/
|
||||
qvWqCOm6rGrUAcR+dKsSXw6y2qiKO7APDDyotc0b4Mxwqjga98npex2RBIwUoCGJ
|
||||
iEmMXo/a8RbXVUZ+ZwcAX7PC+XeXVC5qoajaBBkd2MvYmib/2PqnNrgvhHsUL5dO
|
||||
xhC7cRqxLM/g45k3Yyw+nGa+WkTdAgMBAAECgYBMBT5w4dVG0I8foGFnz+9hzWab
|
||||
Ee9IKjE5TcKmB93ilXQyjrWO5+zPmbc7ou6aAKk9IaPCTY1kCyzW7pho7Xdt+RFq
|
||||
TgVXGZZfqtixO7f2/5oqZAkd00eOn9ZrhBpVMu4yXbbDvhDyFe4/oy0HGDjRUhxa
|
||||
Lf6ZlBuTherxm4eFkQJBAPBQwRs9UtqaMAQlagA9pV5UsQjV1WT4IxDURMPfXgCd
|
||||
ETNkB6pP0SmxQm5xhv9N2HY1UtoWpug9s0OU5IJB15sCQQDXbfbjiujNbuOxCFNw
|
||||
68JZaCFVdNovyOWORkpenQLNEjVkmTCS9OayK09ADEYtsdpUGKeF+2EYBNkFr5px
|
||||
CajnAkBMYI4PNz1HBuwt1SpMa0tMoMQnV7bbwVV7usskKbC5pzHZUHhzM6z5gEHp
|
||||
0iEisT4Ty7zKXZqsgzefSgoaMAzzAkEAoCIaUhtwXzwdPfvNYnOs3J6doJMimECB
|
||||
+lbfcyLM8TimvadtRt+KGEg/OYGmLNM2UiqdY+duzdbUpvhYGcwvYwJAQvaoi9z2
|
||||
CkiwSs/PFrLaNlfLJmXRsUBzmiWYoh6+IQJJorEXz7ewI72ee9RBO4s746cgUFwH
|
||||
Ri+qO+HhZFUBqQ==
|
||||
-----END PRIVATE KEY-----
|
181
trunk/3rdparty/openssl-1.1-fit/apps/progs.pl
vendored
Normal file
181
trunk/3rdparty/openssl-1.1-fit/apps/progs.pl
vendored
Normal file
|
@ -0,0 +1,181 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
# in the file LICENSE in the source distribution or at
|
||||
# https://www.openssl.org/source/license.html
|
||||
|
||||
# Generate progs.h file by looking for command mains in list of C files
|
||||
# passed on the command line.
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
use lib '.';
|
||||
use configdata qw/@disablables %unified_info/;
|
||||
|
||||
my %commands = ();
|
||||
my $cmdre = qr/^\s*int\s+([a-z_][a-z0-9_]*)_main\(\s*int\s+argc\s*,/;
|
||||
my $apps_openssl = shift @ARGV;
|
||||
my $YEAR = [localtime()]->[5] + 1900;
|
||||
|
||||
# because the program apps/openssl has object files as sources, and
|
||||
# they then have the corresponding C files as source, we need to chain
|
||||
# the lookups in %unified_info
|
||||
my @openssl_source =
|
||||
map { @{$unified_info{sources}->{$_}} }
|
||||
grep { /\.o$/ }
|
||||
@{$unified_info{sources}->{$apps_openssl}};
|
||||
|
||||
foreach my $filename (@openssl_source) {
|
||||
open F, $filename or die "Couldn't open $filename: $!\n";
|
||||
foreach ( grep /$cmdre/, <F> ) {
|
||||
my @foo = /$cmdre/;
|
||||
$commands{$1} = 1;
|
||||
}
|
||||
close F;
|
||||
}
|
||||
|
||||
@ARGV = sort keys %commands;
|
||||
|
||||
print <<"EOF";
|
||||
/*
|
||||
* WARNING: do not edit!
|
||||
* Generated by apps/progs.pl
|
||||
*
|
||||
* Copyright 1995-$YEAR The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
typedef enum FUNC_TYPE {
|
||||
FT_none, FT_general, FT_md, FT_cipher, FT_pkey,
|
||||
FT_md_alg, FT_cipher_alg
|
||||
} FUNC_TYPE;
|
||||
|
||||
typedef struct function_st {
|
||||
FUNC_TYPE type;
|
||||
const char *name;
|
||||
int (*func)(int argc, char *argv[]);
|
||||
const OPTIONS *help;
|
||||
} FUNCTION;
|
||||
|
||||
DEFINE_LHASH_OF(FUNCTION);
|
||||
|
||||
EOF
|
||||
|
||||
foreach (@ARGV) {
|
||||
printf "extern int %s_main(int argc, char *argv[]);\n", $_;
|
||||
}
|
||||
print "\n";
|
||||
|
||||
foreach (@ARGV) {
|
||||
printf "extern const OPTIONS %s_options[];\n", $_;
|
||||
}
|
||||
print "\n";
|
||||
|
||||
my %cmd_disabler = (
|
||||
ciphers => "sock",
|
||||
genrsa => "rsa",
|
||||
rsautl => "rsa",
|
||||
gendsa => "dsa",
|
||||
dsaparam => "dsa",
|
||||
gendh => "dh",
|
||||
dhparam => "dh",
|
||||
ecparam => "ec",
|
||||
pkcs12 => "des",
|
||||
);
|
||||
|
||||
print "#ifdef INCLUDE_FUNCTION_TABLE\n";
|
||||
print "static FUNCTION functions[] = {\n";
|
||||
foreach my $cmd ( @ARGV ) {
|
||||
my $str = " {FT_general, \"$cmd\", ${cmd}_main, ${cmd}_options},\n";
|
||||
if ($cmd =~ /^s_/) {
|
||||
print "#ifndef OPENSSL_NO_SOCK\n${str}#endif\n";
|
||||
} elsif (grep { $cmd eq $_ } @disablables) {
|
||||
print "#ifndef OPENSSL_NO_" . uc($cmd) . "\n${str}#endif\n";
|
||||
} elsif (my $disabler = $cmd_disabler{$cmd}) {
|
||||
print "#ifndef OPENSSL_NO_" . uc($disabler) . "\n${str}#endif\n";
|
||||
} else {
|
||||
print $str;
|
||||
}
|
||||
}
|
||||
|
||||
my %md_disabler = (
|
||||
blake2b512 => "blake2",
|
||||
blake2s256 => "blake2",
|
||||
);
|
||||
foreach my $cmd (
|
||||
"md2", "md4", "md5",
|
||||
"gost",
|
||||
"sha1", "sha224", "sha256", "sha384",
|
||||
"sha512", "sha512-224", "sha512-256",
|
||||
"sha3-224", "sha3-256", "sha3-384", "sha3-512",
|
||||
"shake128", "shake256",
|
||||
"mdc2", "rmd160", "blake2b512", "blake2s256",
|
||||
"sm3"
|
||||
) {
|
||||
my $str = " {FT_md, \"$cmd\", dgst_main},\n";
|
||||
if (grep { $cmd eq $_ } @disablables) {
|
||||
print "#ifndef OPENSSL_NO_" . uc($cmd) . "\n${str}#endif\n";
|
||||
} elsif (my $disabler = $md_disabler{$cmd}) {
|
||||
print "#ifndef OPENSSL_NO_" . uc($disabler) . "\n${str}#endif\n";
|
||||
} else {
|
||||
print $str;
|
||||
}
|
||||
}
|
||||
|
||||
my %cipher_disabler = (
|
||||
des3 => "des",
|
||||
desx => "des",
|
||||
cast5 => "cast",
|
||||
);
|
||||
foreach my $cmd (
|
||||
"aes-128-cbc", "aes-128-ecb",
|
||||
"aes-192-cbc", "aes-192-ecb",
|
||||
"aes-256-cbc", "aes-256-ecb",
|
||||
"aria-128-cbc", "aria-128-cfb",
|
||||
"aria-128-ctr", "aria-128-ecb", "aria-128-ofb",
|
||||
"aria-128-cfb1", "aria-128-cfb8",
|
||||
"aria-192-cbc", "aria-192-cfb",
|
||||
"aria-192-ctr", "aria-192-ecb", "aria-192-ofb",
|
||||
"aria-192-cfb1", "aria-192-cfb8",
|
||||
"aria-256-cbc", "aria-256-cfb",
|
||||
"aria-256-ctr", "aria-256-ecb", "aria-256-ofb",
|
||||
"aria-256-cfb1", "aria-256-cfb8",
|
||||
"camellia-128-cbc", "camellia-128-ecb",
|
||||
"camellia-192-cbc", "camellia-192-ecb",
|
||||
"camellia-256-cbc", "camellia-256-ecb",
|
||||
"base64", "zlib",
|
||||
"des", "des3", "desx", "idea", "seed", "rc4", "rc4-40",
|
||||
"rc2", "bf", "cast", "rc5",
|
||||
"des-ecb", "des-ede", "des-ede3",
|
||||
"des-cbc", "des-ede-cbc","des-ede3-cbc",
|
||||
"des-cfb", "des-ede-cfb","des-ede3-cfb",
|
||||
"des-ofb", "des-ede-ofb","des-ede3-ofb",
|
||||
"idea-cbc","idea-ecb", "idea-cfb", "idea-ofb",
|
||||
"seed-cbc","seed-ecb", "seed-cfb", "seed-ofb",
|
||||
"rc2-cbc", "rc2-ecb", "rc2-cfb","rc2-ofb", "rc2-64-cbc", "rc2-40-cbc",
|
||||
"bf-cbc", "bf-ecb", "bf-cfb", "bf-ofb",
|
||||
"cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb",
|
||||
"cast-cbc", "rc5-cbc", "rc5-ecb", "rc5-cfb", "rc5-ofb",
|
||||
"sm4-cbc", "sm4-ecb", "sm4-cfb", "sm4-ofb", "sm4-ctr"
|
||||
) {
|
||||
my $str = " {FT_cipher, \"$cmd\", enc_main, enc_options},\n";
|
||||
(my $algo = $cmd) =~ s/-.*//g;
|
||||
if ($cmd eq "zlib") {
|
||||
print "#ifdef ZLIB\n${str}#endif\n";
|
||||
} elsif (grep { $algo eq $_ } @disablables) {
|
||||
print "#ifndef OPENSSL_NO_" . uc($algo) . "\n${str}#endif\n";
|
||||
} elsif (my $disabler = $cipher_disabler{$algo}) {
|
||||
print "#ifndef OPENSSL_NO_" . uc($disabler) . "\n${str}#endif\n";
|
||||
} else {
|
||||
print $str;
|
||||
}
|
||||
}
|
||||
|
||||
print " {0, NULL, NULL}\n};\n";
|
||||
print "#endif\n";
|
133
trunk/3rdparty/openssl-1.1-fit/apps/rand.c
vendored
Normal file
133
trunk/3rdparty/openssl-1.1-fit/apps/rand.c
vendored
Normal file
|
@ -0,0 +1,133 @@
|
|||
/*
|
||||
* Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
|
||||
#include <ctype.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/rand.h>
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
OPT_OUT, OPT_ENGINE, OPT_BASE64, OPT_HEX,
|
||||
OPT_R_ENUM
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS rand_options[] = {
|
||||
{OPT_HELP_STR, 1, '-', "Usage: %s [flags] num\n"},
|
||||
{OPT_HELP_STR, 1, '-', "Valid options are:\n"},
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{"out", OPT_OUT, '>', "Output file"},
|
||||
OPT_R_OPTIONS,
|
||||
{"base64", OPT_BASE64, '-', "Base64 encode output"},
|
||||
{"hex", OPT_HEX, '-', "Hex encode output"},
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
|
||||
#endif
|
||||
{NULL}
|
||||
};
|
||||
|
||||
int rand_main(int argc, char **argv)
|
||||
{
|
||||
ENGINE *e = NULL;
|
||||
BIO *out = NULL;
|
||||
char *outfile = NULL, *prog;
|
||||
OPTION_CHOICE o;
|
||||
int format = FORMAT_BINARY, i, num = -1, r, ret = 1;
|
||||
|
||||
prog = opt_init(argc, argv, rand_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF:
|
||||
case OPT_ERR:
|
||||
opthelp:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
case OPT_HELP:
|
||||
opt_help(rand_options);
|
||||
ret = 0;
|
||||
goto end;
|
||||
case OPT_OUT:
|
||||
outfile = opt_arg();
|
||||
break;
|
||||
case OPT_ENGINE:
|
||||
e = setup_engine(opt_arg(), 0);
|
||||
break;
|
||||
case OPT_R_CASES:
|
||||
if (!opt_rand(o))
|
||||
goto end;
|
||||
break;
|
||||
case OPT_BASE64:
|
||||
format = FORMAT_BASE64;
|
||||
break;
|
||||
case OPT_HEX:
|
||||
format = FORMAT_TEXT;
|
||||
break;
|
||||
}
|
||||
}
|
||||
argc = opt_num_rest();
|
||||
argv = opt_rest();
|
||||
if (argc == 1) {
|
||||
if (!opt_int(argv[0], &num) || num <= 0)
|
||||
goto end;
|
||||
} else if (argc > 0) {
|
||||
BIO_printf(bio_err, "Extra arguments given.\n");
|
||||
goto opthelp;
|
||||
}
|
||||
|
||||
out = bio_open_default(outfile, 'w', format);
|
||||
if (out == NULL)
|
||||
goto end;
|
||||
|
||||
if (format == FORMAT_BASE64) {
|
||||
BIO *b64 = BIO_new(BIO_f_base64());
|
||||
if (b64 == NULL)
|
||||
goto end;
|
||||
out = BIO_push(b64, out);
|
||||
}
|
||||
|
||||
while (num > 0) {
|
||||
unsigned char buf[4096];
|
||||
int chunk;
|
||||
|
||||
chunk = num;
|
||||
if (chunk > (int)sizeof(buf))
|
||||
chunk = sizeof(buf);
|
||||
r = RAND_bytes(buf, chunk);
|
||||
if (r <= 0)
|
||||
goto end;
|
||||
if (format != FORMAT_TEXT) {
|
||||
if (BIO_write(out, buf, chunk) != chunk)
|
||||
goto end;
|
||||
} else {
|
||||
for (i = 0; i < chunk; i++)
|
||||
if (BIO_printf(out, "%02x", buf[i]) != 2)
|
||||
goto end;
|
||||
}
|
||||
num -= chunk;
|
||||
}
|
||||
if (format == FORMAT_TEXT)
|
||||
BIO_puts(out, "\n");
|
||||
if (BIO_flush(out) <= 0)
|
||||
goto end;
|
||||
|
||||
ret = 0;
|
||||
|
||||
end:
|
||||
if (ret != 0)
|
||||
ERR_print_errors(bio_err);
|
||||
release_engine(e);
|
||||
BIO_free_all(out);
|
||||
return ret;
|
||||
}
|
532
trunk/3rdparty/openssl-1.1-fit/apps/rehash.c
vendored
Normal file
532
trunk/3rdparty/openssl-1.1-fit/apps/rehash.c
vendored
Normal file
|
@ -0,0 +1,532 @@
|
|||
/*
|
||||
* Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2013-2014 Timo Teräs <timo.teras@gmail.com>
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
|
||||
#if defined(OPENSSL_SYS_UNIX) || defined(__APPLE__) || \
|
||||
(defined(__VMS) && defined(__DECC) && __CRTL_VER >= 80300000)
|
||||
# include <unistd.h>
|
||||
# include <stdio.h>
|
||||
# include <limits.h>
|
||||
# include <errno.h>
|
||||
# include <string.h>
|
||||
# include <ctype.h>
|
||||
# include <sys/stat.h>
|
||||
|
||||
/*
|
||||
* Make sure that the processing of symbol names is treated the same as when
|
||||
* libcrypto is built. This is done automatically for public headers (see
|
||||
* include/openssl/__DECC_INCLUDE_PROLOGUE.H and __DECC_INCLUDE_EPILOGUE.H),
|
||||
* but not for internal headers.
|
||||
*/
|
||||
# ifdef __VMS
|
||||
# pragma names save
|
||||
# pragma names as_is,shortened
|
||||
# endif
|
||||
|
||||
# include "internal/o_dir.h"
|
||||
|
||||
# ifdef __VMS
|
||||
# pragma names restore
|
||||
# endif
|
||||
|
||||
# include <openssl/evp.h>
|
||||
# include <openssl/pem.h>
|
||||
# include <openssl/x509.h>
|
||||
|
||||
|
||||
# ifndef PATH_MAX
|
||||
# define PATH_MAX 4096
|
||||
# endif
|
||||
# ifndef NAME_MAX
|
||||
# define NAME_MAX 255
|
||||
# endif
|
||||
# define MAX_COLLISIONS 256
|
||||
|
||||
# if defined(OPENSSL_SYS_VXWORKS)
|
||||
/*
|
||||
* VxWorks has no symbolic links
|
||||
*/
|
||||
|
||||
# define lstat(path, buf) stat(path, buf)
|
||||
|
||||
int symlink(const char *target, const char *linkpath)
|
||||
{
|
||||
errno = ENOSYS;
|
||||
return -1;
|
||||
}
|
||||
|
||||
ssize_t readlink(const char *pathname, char *buf, size_t bufsiz)
|
||||
{
|
||||
errno = ENOSYS;
|
||||
return -1;
|
||||
}
|
||||
# endif
|
||||
|
||||
typedef struct hentry_st {
|
||||
struct hentry_st *next;
|
||||
char *filename;
|
||||
unsigned short old_id;
|
||||
unsigned char need_symlink;
|
||||
unsigned char digest[EVP_MAX_MD_SIZE];
|
||||
} HENTRY;
|
||||
|
||||
typedef struct bucket_st {
|
||||
struct bucket_st *next;
|
||||
HENTRY *first_entry, *last_entry;
|
||||
unsigned int hash;
|
||||
unsigned short type;
|
||||
unsigned short num_needed;
|
||||
} BUCKET;
|
||||
|
||||
enum Type {
|
||||
/* Keep in sync with |suffixes|, below. */
|
||||
TYPE_CERT=0, TYPE_CRL=1
|
||||
};
|
||||
|
||||
enum Hash {
|
||||
HASH_OLD, HASH_NEW, HASH_BOTH
|
||||
};
|
||||
|
||||
|
||||
static int evpmdsize;
|
||||
static const EVP_MD *evpmd;
|
||||
static int remove_links = 1;
|
||||
static int verbose = 0;
|
||||
static BUCKET *hash_table[257];
|
||||
|
||||
static const char *suffixes[] = { "", "r" };
|
||||
static const char *extensions[] = { "pem", "crt", "cer", "crl" };
|
||||
|
||||
|
||||
static void bit_set(unsigned char *set, unsigned int bit)
|
||||
{
|
||||
set[bit >> 3] |= 1 << (bit & 0x7);
|
||||
}
|
||||
|
||||
static int bit_isset(unsigned char *set, unsigned int bit)
|
||||
{
|
||||
return set[bit >> 3] & (1 << (bit & 0x7));
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Process an entry; return number of errors.
|
||||
*/
|
||||
static int add_entry(enum Type type, unsigned int hash, const char *filename,
|
||||
const unsigned char *digest, int need_symlink,
|
||||
unsigned short old_id)
|
||||
{
|
||||
static BUCKET nilbucket;
|
||||
static HENTRY nilhentry;
|
||||
BUCKET *bp;
|
||||
HENTRY *ep, *found = NULL;
|
||||
unsigned int ndx = (type + hash) % OSSL_NELEM(hash_table);
|
||||
|
||||
for (bp = hash_table[ndx]; bp; bp = bp->next)
|
||||
if (bp->type == type && bp->hash == hash)
|
||||
break;
|
||||
if (bp == NULL) {
|
||||
bp = app_malloc(sizeof(*bp), "hash bucket");
|
||||
*bp = nilbucket;
|
||||
bp->next = hash_table[ndx];
|
||||
bp->type = type;
|
||||
bp->hash = hash;
|
||||
hash_table[ndx] = bp;
|
||||
}
|
||||
|
||||
for (ep = bp->first_entry; ep; ep = ep->next) {
|
||||
if (digest && memcmp(digest, ep->digest, evpmdsize) == 0) {
|
||||
BIO_printf(bio_err,
|
||||
"%s: warning: skipping duplicate %s in %s\n",
|
||||
opt_getprog(),
|
||||
type == TYPE_CERT ? "certificate" : "CRL", filename);
|
||||
return 0;
|
||||
}
|
||||
if (strcmp(filename, ep->filename) == 0) {
|
||||
found = ep;
|
||||
if (digest == NULL)
|
||||
break;
|
||||
}
|
||||
}
|
||||
ep = found;
|
||||
if (ep == NULL) {
|
||||
if (bp->num_needed >= MAX_COLLISIONS) {
|
||||
BIO_printf(bio_err,
|
||||
"%s: error: hash table overflow for %s\n",
|
||||
opt_getprog(), filename);
|
||||
return 1;
|
||||
}
|
||||
ep = app_malloc(sizeof(*ep), "collision bucket");
|
||||
*ep = nilhentry;
|
||||
ep->old_id = ~0;
|
||||
ep->filename = OPENSSL_strdup(filename);
|
||||
if (bp->last_entry)
|
||||
bp->last_entry->next = ep;
|
||||
if (bp->first_entry == NULL)
|
||||
bp->first_entry = ep;
|
||||
bp->last_entry = ep;
|
||||
}
|
||||
|
||||
if (old_id < ep->old_id)
|
||||
ep->old_id = old_id;
|
||||
if (need_symlink && !ep->need_symlink) {
|
||||
ep->need_symlink = 1;
|
||||
bp->num_needed++;
|
||||
memcpy(ep->digest, digest, evpmdsize);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Check if a symlink goes to the right spot; return 0 if okay.
|
||||
* This can be -1 if bad filename, or an error count.
|
||||
*/
|
||||
static int handle_symlink(const char *filename, const char *fullpath)
|
||||
{
|
||||
unsigned int hash = 0;
|
||||
int i, type, id;
|
||||
unsigned char ch;
|
||||
char linktarget[PATH_MAX], *endptr;
|
||||
ossl_ssize_t n;
|
||||
|
||||
for (i = 0; i < 8; i++) {
|
||||
ch = filename[i];
|
||||
if (!isxdigit(ch))
|
||||
return -1;
|
||||
hash <<= 4;
|
||||
hash += OPENSSL_hexchar2int(ch);
|
||||
}
|
||||
if (filename[i++] != '.')
|
||||
return -1;
|
||||
for (type = OSSL_NELEM(suffixes) - 1; type > 0; type--) {
|
||||
const char *suffix = suffixes[type];
|
||||
if (strncasecmp(suffix, &filename[i], strlen(suffix)) == 0)
|
||||
break;
|
||||
}
|
||||
i += strlen(suffixes[type]);
|
||||
|
||||
id = strtoul(&filename[i], &endptr, 10);
|
||||
if (*endptr != '\0')
|
||||
return -1;
|
||||
|
||||
n = readlink(fullpath, linktarget, sizeof(linktarget));
|
||||
if (n < 0 || n >= (int)sizeof(linktarget))
|
||||
return -1;
|
||||
linktarget[n] = 0;
|
||||
|
||||
return add_entry(type, hash, linktarget, NULL, 0, id);
|
||||
}
|
||||
|
||||
/*
|
||||
* process a file, return number of errors.
|
||||
*/
|
||||
static int do_file(const char *filename, const char *fullpath, enum Hash h)
|
||||
{
|
||||
STACK_OF (X509_INFO) *inf = NULL;
|
||||
X509_INFO *x;
|
||||
X509_NAME *name = NULL;
|
||||
BIO *b;
|
||||
const char *ext;
|
||||
unsigned char digest[EVP_MAX_MD_SIZE];
|
||||
int type, errs = 0;
|
||||
size_t i;
|
||||
|
||||
/* Does it end with a recognized extension? */
|
||||
if ((ext = strrchr(filename, '.')) == NULL)
|
||||
goto end;
|
||||
for (i = 0; i < OSSL_NELEM(extensions); i++) {
|
||||
if (strcasecmp(extensions[i], ext + 1) == 0)
|
||||
break;
|
||||
}
|
||||
if (i >= OSSL_NELEM(extensions))
|
||||
goto end;
|
||||
|
||||
/* Does it have X.509 data in it? */
|
||||
if ((b = BIO_new_file(fullpath, "r")) == NULL) {
|
||||
BIO_printf(bio_err, "%s: error: skipping %s, cannot open file\n",
|
||||
opt_getprog(), filename);
|
||||
errs++;
|
||||
goto end;
|
||||
}
|
||||
inf = PEM_X509_INFO_read_bio(b, NULL, NULL, NULL);
|
||||
BIO_free(b);
|
||||
if (inf == NULL)
|
||||
goto end;
|
||||
|
||||
if (sk_X509_INFO_num(inf) != 1) {
|
||||
BIO_printf(bio_err,
|
||||
"%s: warning: skipping %s,"
|
||||
"it does not contain exactly one certificate or CRL\n",
|
||||
opt_getprog(), filename);
|
||||
/* This is not an error. */
|
||||
goto end;
|
||||
}
|
||||
x = sk_X509_INFO_value(inf, 0);
|
||||
if (x->x509 != NULL) {
|
||||
type = TYPE_CERT;
|
||||
name = X509_get_subject_name(x->x509);
|
||||
X509_digest(x->x509, evpmd, digest, NULL);
|
||||
} else if (x->crl != NULL) {
|
||||
type = TYPE_CRL;
|
||||
name = X509_CRL_get_issuer(x->crl);
|
||||
X509_CRL_digest(x->crl, evpmd, digest, NULL);
|
||||
} else {
|
||||
++errs;
|
||||
goto end;
|
||||
}
|
||||
if (name != NULL) {
|
||||
if ((h == HASH_NEW) || (h == HASH_BOTH))
|
||||
errs += add_entry(type, X509_NAME_hash(name), filename, digest, 1, ~0);
|
||||
if ((h == HASH_OLD) || (h == HASH_BOTH))
|
||||
errs += add_entry(type, X509_NAME_hash_old(name), filename, digest, 1, ~0);
|
||||
}
|
||||
|
||||
end:
|
||||
sk_X509_INFO_pop_free(inf, X509_INFO_free);
|
||||
return errs;
|
||||
}
|
||||
|
||||
static void str_free(char *s)
|
||||
{
|
||||
OPENSSL_free(s);
|
||||
}
|
||||
|
||||
static int ends_with_dirsep(const char *path)
|
||||
{
|
||||
if (*path != '\0')
|
||||
path += strlen(path) - 1;
|
||||
# if defined __VMS
|
||||
if (*path == ']' || *path == '>' || *path == ':')
|
||||
return 1;
|
||||
# elif defined _WIN32
|
||||
if (*path == '\\')
|
||||
return 1;
|
||||
# endif
|
||||
return *path == '/';
|
||||
}
|
||||
|
||||
/*
|
||||
* Process a directory; return number of errors found.
|
||||
*/
|
||||
static int do_dir(const char *dirname, enum Hash h)
|
||||
{
|
||||
BUCKET *bp, *nextbp;
|
||||
HENTRY *ep, *nextep;
|
||||
OPENSSL_DIR_CTX *d = NULL;
|
||||
struct stat st;
|
||||
unsigned char idmask[MAX_COLLISIONS / 8];
|
||||
int n, numfiles, nextid, buflen, errs = 0;
|
||||
size_t i;
|
||||
const char *pathsep;
|
||||
const char *filename;
|
||||
char *buf, *copy = NULL;
|
||||
STACK_OF(OPENSSL_STRING) *files = NULL;
|
||||
|
||||
if (app_access(dirname, W_OK) < 0) {
|
||||
BIO_printf(bio_err, "Skipping %s, can't write\n", dirname);
|
||||
return 1;
|
||||
}
|
||||
buflen = strlen(dirname);
|
||||
pathsep = (buflen && !ends_with_dirsep(dirname)) ? "/": "";
|
||||
buflen += NAME_MAX + 1 + 1;
|
||||
buf = app_malloc(buflen, "filename buffer");
|
||||
|
||||
if (verbose)
|
||||
BIO_printf(bio_out, "Doing %s\n", dirname);
|
||||
|
||||
if ((files = sk_OPENSSL_STRING_new_null()) == NULL) {
|
||||
BIO_printf(bio_err, "Skipping %s, out of memory\n", dirname);
|
||||
errs = 1;
|
||||
goto err;
|
||||
}
|
||||
while ((filename = OPENSSL_DIR_read(&d, dirname)) != NULL) {
|
||||
if ((copy = OPENSSL_strdup(filename)) == NULL
|
||||
|| sk_OPENSSL_STRING_push(files, copy) == 0) {
|
||||
OPENSSL_free(copy);
|
||||
BIO_puts(bio_err, "out of memory\n");
|
||||
errs = 1;
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
OPENSSL_DIR_end(&d);
|
||||
sk_OPENSSL_STRING_sort(files);
|
||||
|
||||
numfiles = sk_OPENSSL_STRING_num(files);
|
||||
for (n = 0; n < numfiles; ++n) {
|
||||
filename = sk_OPENSSL_STRING_value(files, n);
|
||||
if (BIO_snprintf(buf, buflen, "%s%s%s",
|
||||
dirname, pathsep, filename) >= buflen)
|
||||
continue;
|
||||
if (lstat(buf, &st) < 0)
|
||||
continue;
|
||||
if (S_ISLNK(st.st_mode) && handle_symlink(filename, buf) == 0)
|
||||
continue;
|
||||
errs += do_file(filename, buf, h);
|
||||
}
|
||||
|
||||
for (i = 0; i < OSSL_NELEM(hash_table); i++) {
|
||||
for (bp = hash_table[i]; bp; bp = nextbp) {
|
||||
nextbp = bp->next;
|
||||
nextid = 0;
|
||||
memset(idmask, 0, (bp->num_needed + 7) / 8);
|
||||
for (ep = bp->first_entry; ep; ep = ep->next)
|
||||
if (ep->old_id < bp->num_needed)
|
||||
bit_set(idmask, ep->old_id);
|
||||
|
||||
for (ep = bp->first_entry; ep; ep = nextep) {
|
||||
nextep = ep->next;
|
||||
if (ep->old_id < bp->num_needed) {
|
||||
/* Link exists, and is used as-is */
|
||||
BIO_snprintf(buf, buflen, "%08x.%s%d", bp->hash,
|
||||
suffixes[bp->type], ep->old_id);
|
||||
if (verbose)
|
||||
BIO_printf(bio_out, "link %s -> %s\n",
|
||||
ep->filename, buf);
|
||||
} else if (ep->need_symlink) {
|
||||
/* New link needed (it may replace something) */
|
||||
while (bit_isset(idmask, nextid))
|
||||
nextid++;
|
||||
|
||||
BIO_snprintf(buf, buflen, "%s%s%n%08x.%s%d",
|
||||
dirname, pathsep, &n, bp->hash,
|
||||
suffixes[bp->type], nextid);
|
||||
if (verbose)
|
||||
BIO_printf(bio_out, "link %s -> %s\n",
|
||||
ep->filename, &buf[n]);
|
||||
if (unlink(buf) < 0 && errno != ENOENT) {
|
||||
BIO_printf(bio_err,
|
||||
"%s: Can't unlink %s, %s\n",
|
||||
opt_getprog(), buf, strerror(errno));
|
||||
errs++;
|
||||
}
|
||||
if (symlink(ep->filename, buf) < 0) {
|
||||
BIO_printf(bio_err,
|
||||
"%s: Can't symlink %s, %s\n",
|
||||
opt_getprog(), ep->filename,
|
||||
strerror(errno));
|
||||
errs++;
|
||||
}
|
||||
bit_set(idmask, nextid);
|
||||
} else if (remove_links) {
|
||||
/* Link to be deleted */
|
||||
BIO_snprintf(buf, buflen, "%s%s%n%08x.%s%d",
|
||||
dirname, pathsep, &n, bp->hash,
|
||||
suffixes[bp->type], ep->old_id);
|
||||
if (verbose)
|
||||
BIO_printf(bio_out, "unlink %s\n",
|
||||
&buf[n]);
|
||||
if (unlink(buf) < 0 && errno != ENOENT) {
|
||||
BIO_printf(bio_err,
|
||||
"%s: Can't unlink %s, %s\n",
|
||||
opt_getprog(), buf, strerror(errno));
|
||||
errs++;
|
||||
}
|
||||
}
|
||||
OPENSSL_free(ep->filename);
|
||||
OPENSSL_free(ep);
|
||||
}
|
||||
OPENSSL_free(bp);
|
||||
}
|
||||
hash_table[i] = NULL;
|
||||
}
|
||||
|
||||
err:
|
||||
sk_OPENSSL_STRING_pop_free(files, str_free);
|
||||
OPENSSL_free(buf);
|
||||
return errs;
|
||||
}
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
OPT_COMPAT, OPT_OLD, OPT_N, OPT_VERBOSE
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS rehash_options[] = {
|
||||
{OPT_HELP_STR, 1, '-', "Usage: %s [options] [cert-directory...]\n"},
|
||||
{OPT_HELP_STR, 1, '-', "Valid options are:\n"},
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{"h", OPT_HELP, '-', "Display this summary"},
|
||||
{"compat", OPT_COMPAT, '-', "Create both new- and old-style hash links"},
|
||||
{"old", OPT_OLD, '-', "Use old-style hash to generate links"},
|
||||
{"n", OPT_N, '-', "Do not remove existing links"},
|
||||
{"v", OPT_VERBOSE, '-', "Verbose output"},
|
||||
{NULL}
|
||||
};
|
||||
|
||||
|
||||
int rehash_main(int argc, char **argv)
|
||||
{
|
||||
const char *env, *prog;
|
||||
char *e, *m;
|
||||
int errs = 0;
|
||||
OPTION_CHOICE o;
|
||||
enum Hash h = HASH_NEW;
|
||||
|
||||
prog = opt_init(argc, argv, rehash_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF:
|
||||
case OPT_ERR:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
case OPT_HELP:
|
||||
opt_help(rehash_options);
|
||||
goto end;
|
||||
case OPT_COMPAT:
|
||||
h = HASH_BOTH;
|
||||
break;
|
||||
case OPT_OLD:
|
||||
h = HASH_OLD;
|
||||
break;
|
||||
case OPT_N:
|
||||
remove_links = 0;
|
||||
break;
|
||||
case OPT_VERBOSE:
|
||||
verbose = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
argc = opt_num_rest();
|
||||
argv = opt_rest();
|
||||
|
||||
evpmd = EVP_sha1();
|
||||
evpmdsize = EVP_MD_size(evpmd);
|
||||
|
||||
if (*argv != NULL) {
|
||||
while (*argv != NULL)
|
||||
errs += do_dir(*argv++, h);
|
||||
} else if ((env = getenv(X509_get_default_cert_dir_env())) != NULL) {
|
||||
char lsc[2] = { LIST_SEPARATOR_CHAR, '\0' };
|
||||
m = OPENSSL_strdup(env);
|
||||
for (e = strtok(m, lsc); e != NULL; e = strtok(NULL, lsc))
|
||||
errs += do_dir(e, h);
|
||||
OPENSSL_free(m);
|
||||
} else {
|
||||
errs += do_dir(X509_get_default_cert_dir(), h);
|
||||
}
|
||||
|
||||
end:
|
||||
return errs;
|
||||
}
|
||||
|
||||
#else
|
||||
const OPTIONS rehash_options[] = {
|
||||
{NULL}
|
||||
};
|
||||
|
||||
int rehash_main(int argc, char **argv)
|
||||
{
|
||||
BIO_printf(bio_err, "Not available; use c_rehash script\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
#endif /* defined(OPENSSL_SYS_UNIX) || defined(__APPLE__) */
|
1664
trunk/3rdparty/openssl-1.1-fit/apps/req.c
vendored
Normal file
1664
trunk/3rdparty/openssl-1.1-fit/apps/req.c
vendored
Normal file
File diff suppressed because it is too large
Load diff
11
trunk/3rdparty/openssl-1.1-fit/apps/req.pem
vendored
Normal file
11
trunk/3rdparty/openssl-1.1-fit/apps/req.pem
vendored
Normal file
|
@ -0,0 +1,11 @@
|
|||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIIBlzCCAVcCAQAwXjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
|
||||
ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAxMORXJp
|
||||
YyB0aGUgWW91bmcwge8wgaYGBSsOAwIMMIGcAkEA+ZiKEvZmc9MtnaFZh4NiZ3oZ
|
||||
S4J1PHvPrm9MXj5ntVheDPkdmBDTncyaGAJcMjwsyB/GvLDGd6yGCw/8eF+09wIV
|
||||
AK3VagOxGd/Q4Af5NbxR5FB7CXEjAkA2t/q7HgVLi0KeKvcDG8BRl3wuy7bCvpjg
|
||||
tWiJc/tpvcuzeuAayH89UofjAGueKjXDADiRffvSdhrNw5dkqdqlA0QAAkEAtUSo
|
||||
84OekjitKGVjxLu0HvXck29pu+foad53vPKXAsuJdACj88BPqZ91Y9PIJf1GUh38
|
||||
CuiHWi7z3cEDfZCyCKAAMAkGBSsOAwIbBQADLwAwLAIUTg8amKVBE9oqC5B75dDQ
|
||||
Chy3LdQCFHKodGEj3LjuTzdm/RTe2KZL9Uzf
|
||||
-----END CERTIFICATE REQUEST-----
|
316
trunk/3rdparty/openssl-1.1-fit/apps/rsa.c
vendored
Normal file
316
trunk/3rdparty/openssl-1.1-fit/apps/rsa.c
vendored
Normal file
|
@ -0,0 +1,316 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <openssl/opensslconf.h>
|
||||
#ifdef OPENSSL_NO_RSA
|
||||
NON_EMPTY_TRANSLATION_UNIT
|
||||
#else
|
||||
|
||||
# include <stdio.h>
|
||||
# include <stdlib.h>
|
||||
# include <string.h>
|
||||
# include <time.h>
|
||||
# include "apps.h"
|
||||
# include "progs.h"
|
||||
# include <openssl/bio.h>
|
||||
# include <openssl/err.h>
|
||||
# include <openssl/rsa.h>
|
||||
# include <openssl/evp.h>
|
||||
# include <openssl/x509.h>
|
||||
# include <openssl/pem.h>
|
||||
# include <openssl/bn.h>
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
|
||||
OPT_PUBIN, OPT_PUBOUT, OPT_PASSOUT, OPT_PASSIN,
|
||||
OPT_RSAPUBKEY_IN, OPT_RSAPUBKEY_OUT,
|
||||
/* Do not change the order here; see case statements below */
|
||||
OPT_PVK_NONE, OPT_PVK_WEAK, OPT_PVK_STRONG,
|
||||
OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_CHECK, OPT_CIPHER
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS rsa_options[] = {
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{"inform", OPT_INFORM, 'f', "Input format, one of DER PEM"},
|
||||
{"outform", OPT_OUTFORM, 'f', "Output format, one of DER PEM PVK"},
|
||||
{"in", OPT_IN, 's', "Input file"},
|
||||
{"out", OPT_OUT, '>', "Output file"},
|
||||
{"pubin", OPT_PUBIN, '-', "Expect a public key in input file"},
|
||||
{"pubout", OPT_PUBOUT, '-', "Output a public key"},
|
||||
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
|
||||
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
|
||||
{"RSAPublicKey_in", OPT_RSAPUBKEY_IN, '-', "Input is an RSAPublicKey"},
|
||||
{"RSAPublicKey_out", OPT_RSAPUBKEY_OUT, '-', "Output is an RSAPublicKey"},
|
||||
{"noout", OPT_NOOUT, '-', "Don't print key out"},
|
||||
{"text", OPT_TEXT, '-', "Print the key in text"},
|
||||
{"modulus", OPT_MODULUS, '-', "Print the RSA key modulus"},
|
||||
{"check", OPT_CHECK, '-', "Verify key consistency"},
|
||||
{"", OPT_CIPHER, '-', "Any supported cipher"},
|
||||
# if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
|
||||
{"pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)"},
|
||||
{"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"},
|
||||
{"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"},
|
||||
# endif
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
|
||||
# endif
|
||||
{NULL}
|
||||
};
|
||||
|
||||
int rsa_main(int argc, char **argv)
|
||||
{
|
||||
ENGINE *e = NULL;
|
||||
BIO *out = NULL;
|
||||
RSA *rsa = NULL;
|
||||
const EVP_CIPHER *enc = NULL;
|
||||
char *infile = NULL, *outfile = NULL, *prog;
|
||||
char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
|
||||
int i, private = 0;
|
||||
int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, check = 0;
|
||||
int noout = 0, modulus = 0, pubin = 0, pubout = 0, ret = 1;
|
||||
# if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
|
||||
int pvk_encr = 2;
|
||||
# endif
|
||||
OPTION_CHOICE o;
|
||||
|
||||
prog = opt_init(argc, argv, rsa_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF:
|
||||
case OPT_ERR:
|
||||
opthelp:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
case OPT_HELP:
|
||||
opt_help(rsa_options);
|
||||
ret = 0;
|
||||
goto end;
|
||||
case OPT_INFORM:
|
||||
if (!opt_format(opt_arg(), OPT_FMT_ANY, &informat))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_IN:
|
||||
infile = opt_arg();
|
||||
break;
|
||||
case OPT_OUTFORM:
|
||||
if (!opt_format(opt_arg(), OPT_FMT_ANY, &outformat))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_OUT:
|
||||
outfile = opt_arg();
|
||||
break;
|
||||
case OPT_PASSIN:
|
||||
passinarg = opt_arg();
|
||||
break;
|
||||
case OPT_PASSOUT:
|
||||
passoutarg = opt_arg();
|
||||
break;
|
||||
case OPT_ENGINE:
|
||||
e = setup_engine(opt_arg(), 0);
|
||||
break;
|
||||
case OPT_PUBIN:
|
||||
pubin = 1;
|
||||
break;
|
||||
case OPT_PUBOUT:
|
||||
pubout = 1;
|
||||
break;
|
||||
case OPT_RSAPUBKEY_IN:
|
||||
pubin = 2;
|
||||
break;
|
||||
case OPT_RSAPUBKEY_OUT:
|
||||
pubout = 2;
|
||||
break;
|
||||
case OPT_PVK_STRONG: /* pvk_encr:= 2 */
|
||||
case OPT_PVK_WEAK: /* pvk_encr:= 1 */
|
||||
case OPT_PVK_NONE: /* pvk_encr:= 0 */
|
||||
# if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
|
||||
pvk_encr = (o - OPT_PVK_NONE);
|
||||
# endif
|
||||
break;
|
||||
case OPT_NOOUT:
|
||||
noout = 1;
|
||||
break;
|
||||
case OPT_TEXT:
|
||||
text = 1;
|
||||
break;
|
||||
case OPT_MODULUS:
|
||||
modulus = 1;
|
||||
break;
|
||||
case OPT_CHECK:
|
||||
check = 1;
|
||||
break;
|
||||
case OPT_CIPHER:
|
||||
if (!opt_cipher(opt_unknown(), &enc))
|
||||
goto opthelp;
|
||||
break;
|
||||
}
|
||||
}
|
||||
argc = opt_num_rest();
|
||||
if (argc != 0)
|
||||
goto opthelp;
|
||||
|
||||
private = (text && !pubin) || (!pubout && !noout) ? 1 : 0;
|
||||
|
||||
if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
|
||||
BIO_printf(bio_err, "Error getting passwords\n");
|
||||
goto end;
|
||||
}
|
||||
if (check && pubin) {
|
||||
BIO_printf(bio_err, "Only private keys can be checked\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
{
|
||||
EVP_PKEY *pkey;
|
||||
|
||||
if (pubin) {
|
||||
int tmpformat = -1;
|
||||
if (pubin == 2) {
|
||||
if (informat == FORMAT_PEM)
|
||||
tmpformat = FORMAT_PEMRSA;
|
||||
else if (informat == FORMAT_ASN1)
|
||||
tmpformat = FORMAT_ASN1RSA;
|
||||
} else {
|
||||
tmpformat = informat;
|
||||
}
|
||||
|
||||
pkey = load_pubkey(infile, tmpformat, 1, passin, e, "Public Key");
|
||||
} else {
|
||||
pkey = load_key(infile, informat, 1, passin, e, "Private Key");
|
||||
}
|
||||
|
||||
if (pkey != NULL)
|
||||
rsa = EVP_PKEY_get1_RSA(pkey);
|
||||
EVP_PKEY_free(pkey);
|
||||
}
|
||||
|
||||
if (rsa == NULL) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
out = bio_open_owner(outfile, outformat, private);
|
||||
if (out == NULL)
|
||||
goto end;
|
||||
|
||||
if (text) {
|
||||
assert(pubin || private);
|
||||
if (!RSA_print(out, rsa, 0)) {
|
||||
perror(outfile);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if (modulus) {
|
||||
const BIGNUM *n;
|
||||
RSA_get0_key(rsa, &n, NULL, NULL);
|
||||
BIO_printf(out, "Modulus=");
|
||||
BN_print(out, n);
|
||||
BIO_printf(out, "\n");
|
||||
}
|
||||
|
||||
if (check) {
|
||||
int r = RSA_check_key_ex(rsa, NULL);
|
||||
|
||||
if (r == 1) {
|
||||
BIO_printf(out, "RSA key ok\n");
|
||||
} else if (r == 0) {
|
||||
unsigned long err;
|
||||
|
||||
while ((err = ERR_peek_error()) != 0 &&
|
||||
ERR_GET_LIB(err) == ERR_LIB_RSA &&
|
||||
ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY_EX &&
|
||||
ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE) {
|
||||
BIO_printf(out, "RSA key error: %s\n",
|
||||
ERR_reason_error_string(err));
|
||||
ERR_get_error(); /* remove err from error stack */
|
||||
}
|
||||
} else if (r == -1) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if (noout) {
|
||||
ret = 0;
|
||||
goto end;
|
||||
}
|
||||
BIO_printf(bio_err, "writing RSA key\n");
|
||||
if (outformat == FORMAT_ASN1) {
|
||||
if (pubout || pubin) {
|
||||
if (pubout == 2)
|
||||
i = i2d_RSAPublicKey_bio(out, rsa);
|
||||
else
|
||||
i = i2d_RSA_PUBKEY_bio(out, rsa);
|
||||
} else {
|
||||
assert(private);
|
||||
i = i2d_RSAPrivateKey_bio(out, rsa);
|
||||
}
|
||||
} else if (outformat == FORMAT_PEM) {
|
||||
if (pubout || pubin) {
|
||||
if (pubout == 2)
|
||||
i = PEM_write_bio_RSAPublicKey(out, rsa);
|
||||
else
|
||||
i = PEM_write_bio_RSA_PUBKEY(out, rsa);
|
||||
} else {
|
||||
assert(private);
|
||||
i = PEM_write_bio_RSAPrivateKey(out, rsa,
|
||||
enc, NULL, 0, NULL, passout);
|
||||
}
|
||||
# ifndef OPENSSL_NO_DSA
|
||||
} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
|
||||
EVP_PKEY *pk;
|
||||
pk = EVP_PKEY_new();
|
||||
if (pk == NULL)
|
||||
goto end;
|
||||
|
||||
EVP_PKEY_set1_RSA(pk, rsa);
|
||||
if (outformat == FORMAT_PVK) {
|
||||
if (pubin) {
|
||||
BIO_printf(bio_err, "PVK form impossible with public key input\n");
|
||||
EVP_PKEY_free(pk);
|
||||
goto end;
|
||||
}
|
||||
assert(private);
|
||||
# ifdef OPENSSL_NO_RC4
|
||||
BIO_printf(bio_err, "PVK format not supported\n");
|
||||
EVP_PKEY_free(pk);
|
||||
goto end;
|
||||
# else
|
||||
i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout);
|
||||
# endif
|
||||
} else if (pubin || pubout) {
|
||||
i = i2b_PublicKey_bio(out, pk);
|
||||
} else {
|
||||
assert(private);
|
||||
i = i2b_PrivateKey_bio(out, pk);
|
||||
}
|
||||
EVP_PKEY_free(pk);
|
||||
# endif
|
||||
} else {
|
||||
BIO_printf(bio_err, "bad output format specified for outfile\n");
|
||||
goto end;
|
||||
}
|
||||
if (i <= 0) {
|
||||
BIO_printf(bio_err, "unable to write key\n");
|
||||
ERR_print_errors(bio_err);
|
||||
} else {
|
||||
ret = 0;
|
||||
}
|
||||
end:
|
||||
release_engine(e);
|
||||
BIO_free_all(out);
|
||||
RSA_free(rsa);
|
||||
OPENSSL_free(passin);
|
||||
OPENSSL_free(passout);
|
||||
return ret;
|
||||
}
|
||||
#endif
|
101
trunk/3rdparty/openssl-1.1-fit/apps/rsa8192.pem
vendored
Normal file
101
trunk/3rdparty/openssl-1.1-fit/apps/rsa8192.pem
vendored
Normal file
|
@ -0,0 +1,101 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
|
||||
MIISKAIBAAKCBAEAiQ2f1X6Bte1DKD0OoCBKEikzPW+5w3oXk3WwnE97Wxzy6wJZ
|
||||
ebbZC3CZKKBnJeBMrysPf+lK+9+fP6Vm8bp1wvbcSIA59BDrX6irFSuM/bdnkbuF
|
||||
MFlDjt+uVrxwoyqfPi2IPot1HQg3l5mdyBqcTWvbOnU2L9HZxJfPUCjfzdTMPrMY
|
||||
55/A20XL7tlV2opEfwhy3uVlveQBM0DnZ3MUQfrk+lRRNWv7yE4ScbOfER9fjvOm
|
||||
yJc3ZbOa3e+AMGGU9OqJ/fyOl0SGYyP2k23omy/idBV4uOs8QWdnAvq8UOzDdua3
|
||||
tuf5Tn17XBurPJ8juwyPBNispkwwn8BjxAZVPhwUIcxFBg339IxJ9cW0WdVy4nNA
|
||||
LWo/8Ahlf+kZNnFNGCPFytU9gGMLMhab9w/rLrwa9qNe4L8Fmu1JxONn1WfhMOKE
|
||||
aFmycf2olJsYLgUIGYZrjnYu0p/7P3yhTOv8JIhmK+SzmA/I0xiQoF84rpaQzH2d
|
||||
PvxICOA9oQSowou0gLuBSZWm6LiXirg1DZCziU46v33ErQlWM1dSyNaUSzihcV59
|
||||
mVD0nmzboXH75lGiyiZlp8cLbozzoCwvk9rYqpUGSBzbAy0ECCpabGpzO2Ug+oDi
|
||||
71e5z4WMpeoR4IS8MaOG/GsJnwaXhiB/gNYfK+8pRADVk5StEAZDE2alSuCbDs0z
|
||||
d9zYr4/em5T9VZsLetxRE7pm/Es9yELuViz8/Tm0/8MVdmNYc/xZU1t6qYYFdyQ2
|
||||
wlGDTiNPsjR8yXCkmBjKwqnuleu1X6LaZu3VPhEkXGcyFAquQUkSiMv0Yu74qAe0
|
||||
bQ2v+jjZzP6AM9LUo89cW4Kd8SGD96BdNlAVPNMXoBcIOsZBwsOtETBd4KAyvkXE
|
||||
Ob17u+PLl4UPnSxm9ypKZunUNFRPxtKUyjySYnvlGL+kTjAXrIrZwKJqIn0uhnfa
|
||||
Ck3o7bU6yVMK22ODxy2/Vi3E0P6k5JLwnrF0VIOBqGhts66qo6mWDP8l6MZHARFd
|
||||
pU+nofssVmr8tLKmMmjYGMM5GmKIXRNBs0ksTwFnKRs9AmpE5owC8tTSVdTAkGuS
|
||||
os7QwLvyvNzq7BGJiVr0Iy3Dhsl1vzR35acNOrCsDl3DcCQONKJ2sVXV4pD3dBah
|
||||
mG3sR/jHgjasffJJ35uiGoAua9dbT7HG/+D0z1SHYaVqH8zO4VZSOnGJh/P9rtxx
|
||||
cckFDbiag/JMWig2lbnCjebTtp/BcUsK3TNaDOb7vb0LvbAeRJadd1EFu6PSlH3K
|
||||
LykSUPm4UedvUU3cWjqkSY5lITFJkVaIYOv/EljYtK7p7kFZFTaEwMAWxgsXU3pQ
|
||||
tTzVmq1gZ4vXPwcUq0zK50Frq0F7SQc21ZsunwIDAQABAoIEADuQAkDEpBausJsS
|
||||
PgL1RXuzECPJJJCBxTE+2qx0FoY4hJICCWTORHGmU8nGPE3Ht0wBiNDsULw6KXl9
|
||||
psmzYW6D3qRbpdQebky6fu/KZ5H0XTyGpJGomaXELH5hkwo2gdKB805LSXB+m7p0
|
||||
9o96kSdMkpBLVGtf5iZ8W4rY2LsZmlI9f7taQHSLVt/M8HTz1mTnBRU92QO3zZW6
|
||||
xVa+OrWaFl18u3ZeIaSh2X40tBK68cqstXVD0r2OWuXNKobcQeJW8/XABzBShZ0c
|
||||
ihL0lzyqiN4uXrLu+Nbr22b+FU2OODy6dGk3U6/69NvI4piMCPlHsfhHOnFjd1ZW
|
||||
RIVywyUlCtLNdcn11CchuRro+0J3c2Ba+i9Cl9r3qzT11xFEGF8/XLyUBBCB+uGf
|
||||
1dR/xJQhCA7cXWWLXyI/semxcvTaGpImP6kiIl1MAjHjXZTSdvyw4JmfXyYGhSjI
|
||||
P0mw3Xn7FXxJ/os9gOfNKz2nZHjr0q4sgWRYO+4vllkeL0GteZrg4oVaVpmZb7LH
|
||||
77afhodLylhijlEtV5skfkPujbBLQk6E5Ez3U/huEt2NLg6guADmwxMxfBRliZO4
|
||||
4Ex/td4cuggpEj3FGJV74qRvdvj/MF/uF7IxC/3WapPIsFBFH4zrJsUYt6u3L68I
|
||||
/KC/bfioDeUR/8ANw1DNh+UsnPV3GJIwDkIJKdppi2uXPahJyJQQ8Inps53nn8Gg
|
||||
GifS+HnOXNgMoKOJnZ9IDGjXpfjIs8dJNrGfDHF0mH30N2WARq2v/a3cNUC+f8Bq
|
||||
HSKQ9YrZopktMunsut8u7ZYbTmjIqJpXCaM0CCrSlzSMTDHFSj2tzLk6+qnxeGxB
|
||||
ZwIdShbdeK+0ETG91lE1e9RPQs/uXQP9+uCHJV0YpqQcA6pkCLYJfYpoSMu/Bafy
|
||||
AgfVZz6l5tyEnV0wCcbopsQShc1k9xtTbYNF1h9AQHknj6zeDW4iZMvmVeh3RovT
|
||||
52OA2R8oLyauF+QaG6x2wUjEx13SJlaBarJZ4seZIOJ+a8+oNzKsbgokXc2cyC9p
|
||||
5FAZz1OsOb68o93qD1Xvl7bY97fq2q55L7G1XHPPLtZE5lGiLGDtnAuwY8UPrdpr
|
||||
7Mv2yIxB7xVGurXyHb5PvusR88XED6HMPfLBG/55ENHTal7G5mRix+IWSBAIkxA5
|
||||
KZ0j8r5Ng4+wELZhqFQai39799bIAyiV6CEz4kyDXlo0kSSexp8o4iz5sPq5vp6h
|
||||
cCb7rdRw7uRnbXrHmXahxoB+ibXaurgV/6B2yurrU/UFoxEp2sHp8LXZGfF6ztY1
|
||||
dMhSQAACK2vGy5yNagbkTHLgVaHicG5zavJBqzCE+lbPlCqhOUQPdOIwvjHNjdS/
|
||||
DL3WV/ECggIBAMbW65wPk/i43nSyeZeYwcHtR1SUJqDXavYfBPC0VRhKz+7DVMFw
|
||||
Nwnocn6gITABc445W1yl7U3uww+LGuDlSlFnd8WuiXpVYud9/jeNu6Mu4wvNsnWr
|
||||
f4f4ua8CcS03GmqmcbROD2Z6by1AblCZ2UL1kv9cUX1FLVjPP1ESAGKoePt3BmZQ
|
||||
J1uJfK8HilNT8dcUlj/5CBi2uHxttDhoG0sxXE/SVsG9OD/Pjme0mj7gdzc6Ztd+
|
||||
TALuvpNQR4pRzfo5XWDZBcEYntcEE3PxYJB1+vnZ8509ew5/yLHTbLjFxIcx71zY
|
||||
fhH0gM36Sz7mz37r0+E/QkRkc5bVIDC4LDnWmjpAde6QUx0d218ShNx6sJo4kt5c
|
||||
Dd7tEVx8nuX8AIZYgwsOb382anLyFRkkmEdK3gRvwQ6SWR36Ez5L7/mHWODpLAX5
|
||||
mVBKSG4/ccFbc633/g0xHw0Nwajir/klckdakuYPlwF0yAxJSKDLhmNctDhRmxjC
|
||||
YP+fISkl5oTvFRzJH6HEyNu8M3ybRvmpPIjM5J5JpnB2IYbohYBR+T6/97C1DKrd
|
||||
mzL5PjlrWm0c1/d7LlDoP65fOShDMmj2zCiBAHHOM0Alokx+v5LmMd8NJumZIwGJ
|
||||
Rt5OpeMOhowz6j1AjYxYgV7PmJL6Ovpfb775od/aLaUbbwHz2uWIvfF7AoICAQCw
|
||||
c7NaO7oJVLJClhYw6OCvjT6oqtgNVWaennnDiJgzY9lv5HEgV0MAG0eYuB3hvj+w
|
||||
Y1P9DJxP1D+R+cshYrAFg8yU/3kaYVNI0Bl3ygX0eW1b/0HZTdocs+8kM/9PZQDR
|
||||
WrKQoU5lHvqRt99dXlD4NWGI2YQtzdZ8iet9QLqnjwRZabgE96mF01qKisMnFcsh
|
||||
KjT7ieheU4J15TZj/mdZRNK126d7e3q/rNj73e5EJ9tkYLcolSr4gpknUMJULSEi
|
||||
JH1/Qx7C/mTAMRsN5SkOthnGq0djCNWfPv/3JV0H67Uf5krFlnwLebrgfTYoPPdo
|
||||
yO7iBUNJzv6Qh22malLp4P8gzACkD7DGlSTnoB5cLwcjmDGg+i9WrUBbOiVTeQfZ
|
||||
kOj1o+Tz35ndpq/DDUVlqliB9krcxva+QHeJPH53EGI+YVg1nD+s/vUDZ3mQMGX9
|
||||
DQou2L8uU6RnWNv/BihGcL8QvS4Ty6QyPOUPpD3zc70JQAEcQk9BxQNaELgJX0IN
|
||||
22cYn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU
|
||||
ojF5U6cwextMja1ZIIZgh9eugIRUeIE7319nQNDzuXWjRCcoBLA25P7wnpHWDRpz
|
||||
D9ovXCIvdja74lL5psqobV6L5+fbLPkSgXoImKR0LQKCAgAIC9Jk8kxumCyIVGCP
|
||||
PeM5Uby9M3GMuKrfYsn0Y5e97+kSJF1dpojTodBgR2KQar6eVrvXt+8uZCcIjfx8
|
||||
dUrYmHNEUJfHl4T1ESgkX1vkcpVFeQFruZDjk7EP3+1sgvpSroGTZkVBRFsTXbQZ
|
||||
FuCv0Pgt1TKG+zGmklxhj3TsiRy8MEjWAxBUp++ftZJnZNI4feDGnfEx7tLwVhAg
|
||||
6DWSiWDO6hgQpvOLwX5lu+0x9itc1MQsnDO/OqIDnBAJDN5k7cVVkfKlqbVjxgpz
|
||||
eqUJs3yAd81f44kDQTCB4ahYocgeIGsrOqd/WoGL1EEPPo/O9wQP7VtlIRt8UwuG
|
||||
bS18+a4sBUfAa56xYu/pnPo7YcubsgZfcSIujzFQqMpVTClJRnOnEuJ4J1+PXzRz
|
||||
XAO9fs4VJ+CMEmgAyonUz4Xadxulnknlw//sO9VKgM69oFHCDHL/XamAAbqAdwvf
|
||||
7R/+uy+Ol7romC0wMhb6SsIZazrvvH2mNtduAKZ638nAP1x/WbQp+6iVG7yJok7w
|
||||
82Q7tO7baOePTXh12Rrt4mNPor0HLYxhra4GFgfqkumJ2Mz0esuZAozxJXFOq8ly
|
||||
beo9CVtXP5zbT6qNpeNismX6PLICaev8t+1iOZSE56WSLtefuuj/cOVrTMNDz1Rr
|
||||
pUkEVV2zjUSjlcScM538A9iL2QKCAgBLbBk0r6T0ihRsK9UucMxhnYEz/Vq+UEu9
|
||||
70Vi1AciqEJv9nh4d3Q3HnH7EHANZxG4Jqzm1DYYVUQa9GfkTFeq88xFv/GW2hUM
|
||||
YY8RSfRDrIeXNEOETCe37x2AHw25dRXlZtw+wARPau91y9+Y/FCl18NqCHfcUEin
|
||||
ERjsf/eI2bPlODAlR2tZvZ7M60VBdqpN8cmV3zvI3e88z43xLfQlDyr1+v7a5Evy
|
||||
lEJnXlSTI2o+vKxtl103vjMSwA1gh63K90gBVsJWXQDZueOzi8mB9UqNRfcMmOEe
|
||||
4YHttTXPxeu0x+4cCRfam9zKShsVFgI28vRQ/ijl6qmbQ5gV8wqf18GV1j1L4z0P
|
||||
lP6iVynDA4MMrug/w9DqPsHsfK0pwekeETfSj4y0xVXyjWZBfHG2ZBrS6mDTf+RG
|
||||
LC4sJgR0hjdILLnUqIX7PzuhieBHRrjBcopwvcryVWRHnI7kslAS0+yHjiWc5oW3
|
||||
x5mtlum4HzelNYuD9cAE/95P6CeSMfp9CyIE/KSX4VvsRm6gQVkoQRKMxnQIFQ3w
|
||||
O5gl1l88vhjoo2HxYScgCp70BsDwiUNTqIR3NM+ZBHYFweVf3Gwz5LzHZT2rEZtD
|
||||
6VXRP75Q/2wOLnqCO4bK4BUs6sqxcQZmOldruPkPynrY0oPfHHExjxZDvQu4/r80
|
||||
Ls3n0L8yvQKCAgEAnYWS6EikwaQNpJEfiUnOlglgFz4EE1eVkrDbBY4J3oPU+doz
|
||||
DrqmsvgpSZIAfd2MUbkN4pOMsMTjbeIYWDnZDa1RoctKs3FhwFPHwAjQpznab4mn
|
||||
Bp81FMHM40qyb0NaNuFRwghdXvoQvBBX1p8oEnFzDRvTiuS/vTPTA8KDY8IeRp8R
|
||||
oGzKHpfziNwq/URpqj7pwi9odNjGZvR2IwYw9jCLPIqaEbMoSOdI0mg4MoYyqP4q
|
||||
nm7d4wqSDwrYxiXZ6f3nYpkhEY1lb0Wbksp1ig8sKSF4nDZRGK1RSfE+6gjBp94H
|
||||
X/Wog6Zb6NC9ZpusTiDLvuIUXcyUJvmHiWjSNqiTv8jurlwEsgSwhziEQfqLrtdV
|
||||
QI3PRMolBkD1iCk+HFE53r05LMf1bp3r4MS+naaQrLbIrl1kgDNGwVdgS+SCM7Bg
|
||||
TwEgE67iOb2iIoUpon/NyP4LesMzvdpsu2JFlfz13PmmQ34mFI7tWvOb3NA5DP3c
|
||||
46C6SaWI0TD9B11nJbHGTYN3Si9n0EBgoDJEXUKeh3km9O47dgvkSug4WzhYsvrE
|
||||
rMlMLtKfp2w8HlMZpsUlToNCx6CI+tJrohzcs3BAVAbjFAXRKWGijB1rxwyDdHPv
|
||||
I+/wJTNaRNPQ1M0SwtEL/zJd21y3KSPn4eL+GP3efhlDSjtlDvZqkdAUsU8=
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
282
trunk/3rdparty/openssl-1.1-fit/apps/rsautl.c
vendored
Normal file
282
trunk/3rdparty/openssl-1.1-fit/apps/rsautl.c
vendored
Normal file
|
@ -0,0 +1,282 @@
|
|||
/*
|
||||
* Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <openssl/opensslconf.h>
|
||||
#ifdef OPENSSL_NO_RSA
|
||||
NON_EMPTY_TRANSLATION_UNIT
|
||||
#else
|
||||
|
||||
# include "apps.h"
|
||||
# include "progs.h"
|
||||
# include <string.h>
|
||||
# include <openssl/err.h>
|
||||
# include <openssl/pem.h>
|
||||
# include <openssl/rsa.h>
|
||||
|
||||
# define RSA_SIGN 1
|
||||
# define RSA_VERIFY 2
|
||||
# define RSA_ENCRYPT 3
|
||||
# define RSA_DECRYPT 4
|
||||
|
||||
# define KEY_PRIVKEY 1
|
||||
# define KEY_PUBKEY 2
|
||||
# define KEY_CERT 3
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
OPT_ENGINE, OPT_IN, OPT_OUT, OPT_ASN1PARSE, OPT_HEXDUMP,
|
||||
OPT_RAW, OPT_OAEP, OPT_SSL, OPT_PKCS, OPT_X931,
|
||||
OPT_SIGN, OPT_VERIFY, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT,
|
||||
OPT_PUBIN, OPT_CERTIN, OPT_INKEY, OPT_PASSIN, OPT_KEYFORM,
|
||||
OPT_R_ENUM
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS rsautl_options[] = {
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{"in", OPT_IN, '<', "Input file"},
|
||||
{"out", OPT_OUT, '>', "Output file"},
|
||||
{"inkey", OPT_INKEY, 's', "Input key"},
|
||||
{"keyform", OPT_KEYFORM, 'E', "Private key format - default PEM"},
|
||||
{"pubin", OPT_PUBIN, '-', "Input is an RSA public"},
|
||||
{"certin", OPT_CERTIN, '-', "Input is a cert carrying an RSA public key"},
|
||||
{"ssl", OPT_SSL, '-', "Use SSL v2 padding"},
|
||||
{"raw", OPT_RAW, '-', "Use no padding"},
|
||||
{"pkcs", OPT_PKCS, '-', "Use PKCS#1 v1.5 padding (default)"},
|
||||
{"oaep", OPT_OAEP, '-', "Use PKCS#1 OAEP"},
|
||||
{"sign", OPT_SIGN, '-', "Sign with private key"},
|
||||
{"verify", OPT_VERIFY, '-', "Verify with public key"},
|
||||
{"asn1parse", OPT_ASN1PARSE, '-',
|
||||
"Run output through asn1parse; useful with -verify"},
|
||||
{"hexdump", OPT_HEXDUMP, '-', "Hex dump output"},
|
||||
{"x931", OPT_X931, '-', "Use ANSI X9.31 padding"},
|
||||
{"rev", OPT_REV, '-', "Reverse the order of the input buffer"},
|
||||
{"encrypt", OPT_ENCRYPT, '-', "Encrypt with public key"},
|
||||
{"decrypt", OPT_DECRYPT, '-', "Decrypt with private key"},
|
||||
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
|
||||
OPT_R_OPTIONS,
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
|
||||
# endif
|
||||
{NULL}
|
||||
};
|
||||
|
||||
int rsautl_main(int argc, char **argv)
|
||||
{
|
||||
BIO *in = NULL, *out = NULL;
|
||||
ENGINE *e = NULL;
|
||||
EVP_PKEY *pkey = NULL;
|
||||
RSA *rsa = NULL;
|
||||
X509 *x;
|
||||
char *infile = NULL, *outfile = NULL, *keyfile = NULL;
|
||||
char *passinarg = NULL, *passin = NULL, *prog;
|
||||
char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
|
||||
unsigned char *rsa_in = NULL, *rsa_out = NULL, pad = RSA_PKCS1_PADDING;
|
||||
int rsa_inlen, keyformat = FORMAT_PEM, keysize, ret = 1;
|
||||
int rsa_outlen = 0, hexdump = 0, asn1parse = 0, need_priv = 0, rev = 0;
|
||||
OPTION_CHOICE o;
|
||||
|
||||
prog = opt_init(argc, argv, rsautl_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF:
|
||||
case OPT_ERR:
|
||||
opthelp:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
case OPT_HELP:
|
||||
opt_help(rsautl_options);
|
||||
ret = 0;
|
||||
goto end;
|
||||
case OPT_KEYFORM:
|
||||
if (!opt_format(opt_arg(), OPT_FMT_PDE, &keyformat))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_IN:
|
||||
infile = opt_arg();
|
||||
break;
|
||||
case OPT_OUT:
|
||||
outfile = opt_arg();
|
||||
break;
|
||||
case OPT_ENGINE:
|
||||
e = setup_engine(opt_arg(), 0);
|
||||
break;
|
||||
case OPT_ASN1PARSE:
|
||||
asn1parse = 1;
|
||||
break;
|
||||
case OPT_HEXDUMP:
|
||||
hexdump = 1;
|
||||
break;
|
||||
case OPT_RAW:
|
||||
pad = RSA_NO_PADDING;
|
||||
break;
|
||||
case OPT_OAEP:
|
||||
pad = RSA_PKCS1_OAEP_PADDING;
|
||||
break;
|
||||
case OPT_SSL:
|
||||
pad = RSA_SSLV23_PADDING;
|
||||
break;
|
||||
case OPT_PKCS:
|
||||
pad = RSA_PKCS1_PADDING;
|
||||
break;
|
||||
case OPT_X931:
|
||||
pad = RSA_X931_PADDING;
|
||||
break;
|
||||
case OPT_SIGN:
|
||||
rsa_mode = RSA_SIGN;
|
||||
need_priv = 1;
|
||||
break;
|
||||
case OPT_VERIFY:
|
||||
rsa_mode = RSA_VERIFY;
|
||||
break;
|
||||
case OPT_REV:
|
||||
rev = 1;
|
||||
break;
|
||||
case OPT_ENCRYPT:
|
||||
rsa_mode = RSA_ENCRYPT;
|
||||
break;
|
||||
case OPT_DECRYPT:
|
||||
rsa_mode = RSA_DECRYPT;
|
||||
need_priv = 1;
|
||||
break;
|
||||
case OPT_PUBIN:
|
||||
key_type = KEY_PUBKEY;
|
||||
break;
|
||||
case OPT_CERTIN:
|
||||
key_type = KEY_CERT;
|
||||
break;
|
||||
case OPT_INKEY:
|
||||
keyfile = opt_arg();
|
||||
break;
|
||||
case OPT_PASSIN:
|
||||
passinarg = opt_arg();
|
||||
break;
|
||||
case OPT_R_CASES:
|
||||
if (!opt_rand(o))
|
||||
goto end;
|
||||
break;
|
||||
}
|
||||
}
|
||||
argc = opt_num_rest();
|
||||
if (argc != 0)
|
||||
goto opthelp;
|
||||
|
||||
if (need_priv && (key_type != KEY_PRIVKEY)) {
|
||||
BIO_printf(bio_err, "A private key is needed for this operation\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!app_passwd(passinarg, NULL, &passin, NULL)) {
|
||||
BIO_printf(bio_err, "Error getting password\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
switch (key_type) {
|
||||
case KEY_PRIVKEY:
|
||||
pkey = load_key(keyfile, keyformat, 0, passin, e, "Private Key");
|
||||
break;
|
||||
|
||||
case KEY_PUBKEY:
|
||||
pkey = load_pubkey(keyfile, keyformat, 0, NULL, e, "Public Key");
|
||||
break;
|
||||
|
||||
case KEY_CERT:
|
||||
x = load_cert(keyfile, keyformat, "Certificate");
|
||||
if (x) {
|
||||
pkey = X509_get_pubkey(x);
|
||||
X509_free(x);
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
if (pkey == NULL)
|
||||
return 1;
|
||||
|
||||
rsa = EVP_PKEY_get1_RSA(pkey);
|
||||
EVP_PKEY_free(pkey);
|
||||
|
||||
if (rsa == NULL) {
|
||||
BIO_printf(bio_err, "Error getting RSA key\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
in = bio_open_default(infile, 'r', FORMAT_BINARY);
|
||||
if (in == NULL)
|
||||
goto end;
|
||||
out = bio_open_default(outfile, 'w', FORMAT_BINARY);
|
||||
if (out == NULL)
|
||||
goto end;
|
||||
|
||||
keysize = RSA_size(rsa);
|
||||
|
||||
rsa_in = app_malloc(keysize * 2, "hold rsa key");
|
||||
rsa_out = app_malloc(keysize, "output rsa key");
|
||||
|
||||
/* Read the input data */
|
||||
rsa_inlen = BIO_read(in, rsa_in, keysize * 2);
|
||||
if (rsa_inlen < 0) {
|
||||
BIO_printf(bio_err, "Error reading input Data\n");
|
||||
goto end;
|
||||
}
|
||||
if (rev) {
|
||||
int i;
|
||||
unsigned char ctmp;
|
||||
for (i = 0; i < rsa_inlen / 2; i++) {
|
||||
ctmp = rsa_in[i];
|
||||
rsa_in[i] = rsa_in[rsa_inlen - 1 - i];
|
||||
rsa_in[rsa_inlen - 1 - i] = ctmp;
|
||||
}
|
||||
}
|
||||
switch (rsa_mode) {
|
||||
|
||||
case RSA_VERIFY:
|
||||
rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
|
||||
break;
|
||||
|
||||
case RSA_SIGN:
|
||||
rsa_outlen =
|
||||
RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
|
||||
break;
|
||||
|
||||
case RSA_ENCRYPT:
|
||||
rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
|
||||
break;
|
||||
|
||||
case RSA_DECRYPT:
|
||||
rsa_outlen =
|
||||
RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
|
||||
break;
|
||||
}
|
||||
|
||||
if (rsa_outlen < 0) {
|
||||
BIO_printf(bio_err, "RSA operation error\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
ret = 0;
|
||||
if (asn1parse) {
|
||||
if (!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) {
|
||||
ERR_print_errors(bio_err);
|
||||
}
|
||||
} else if (hexdump) {
|
||||
BIO_dump(out, (char *)rsa_out, rsa_outlen);
|
||||
} else {
|
||||
BIO_write(out, rsa_out, rsa_outlen);
|
||||
}
|
||||
end:
|
||||
RSA_free(rsa);
|
||||
release_engine(e);
|
||||
BIO_free(in);
|
||||
BIO_free_all(out);
|
||||
OPENSSL_free(rsa_in);
|
||||
OPENSSL_free(rsa_out);
|
||||
OPENSSL_free(passin);
|
||||
return ret;
|
||||
}
|
||||
#endif
|
15
trunk/3rdparty/openssl-1.1-fit/apps/s1024key.pem
vendored
Normal file
15
trunk/3rdparty/openssl-1.1-fit/apps/s1024key.pem
vendored
Normal file
|
@ -0,0 +1,15 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIICXgIBAAKBgQCzEfU8E+ZGTGtHXV5XhvM2Lg32fXUIjydXb34BGVPX6oN7+aNV
|
||||
S9eWayvW/+9/vUb0aCqilJrpFesgItV2T8VhhjOE++XUz46uNpcMU7wHMEAXUufP
|
||||
pztpFm8ZEk2tFKvadkSSoN8lb11juvZVkSkPlB65pFhSe4QKSp6J4HrkYwIDAQAB
|
||||
AoGBAKy8jvb0Lzby8q11yNLf7+78wCVdYi7ugMHcYA1JVFK8+zb1WfSm44FLQo/0
|
||||
dSChAjgz36TTexeLODPYxleJndjVcOMVzsLJjSM8dLpXsTS4FCeMbhw2s2u+xqKY
|
||||
bbPWfk+HOTyJjfnkcC5Nbg44eOmruq0gSmBeUXVM5UntlTnxAkEA7TGCA3h7kx5E
|
||||
Bl4zl2pc3gPAGt+dyfk5Po9mGJUUXhF5p2zueGmYWW74TmOWB1kzt4QRdYMzFePq
|
||||
zfDNXEa1CwJBAMFErdY0xp0UJ13WwBbUTk8rujqQdHtjw0klhpbuKkjxu2hN0wwM
|
||||
6p0D9qxF7JHaghqVRI0fAW/EE0OzdHMR9QkCQQDNR26dMFXKsoPu+vItljj/UEGf
|
||||
QG7gERiQ4yxaFBPHgdpGo0kT31eh9x9hQGDkxTe0GNG/YSgCRvm8+C3TMcKXAkBD
|
||||
dhGn36wkUFCddMSAM4NSJ1VN8/Z0y5HzCmI8dM3VwGtGMUQlxKxwOl30LEQzdS5M
|
||||
0SWojNYXiT2gOBfBwtbhAkEAhafl5QEOIgUz+XazS/IlZ8goNKdDVfYgK3mHHjvv
|
||||
nY5G+AuGebdNkXJr4KSWxDcN+C2i47zuj4QXA16MAOandA==
|
||||
-----END RSA PRIVATE KEY-----
|
11
trunk/3rdparty/openssl-1.1-fit/apps/s1024req.pem
vendored
Normal file
11
trunk/3rdparty/openssl-1.1-fit/apps/s1024req.pem
vendored
Normal file
|
@ -0,0 +1,11 @@
|
|||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIIBojCCAQsCAQAwZDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx
|
||||
GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSQwIgYDVQQDExtTZXJ2ZXIgdGVz
|
||||
dCBjZXJ0ICgxMDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALMR
|
||||
9TwT5kZMa0ddXleG8zYuDfZ9dQiPJ1dvfgEZU9fqg3v5o1VL15ZrK9b/73+9RvRo
|
||||
KqKUmukV6yAi1XZPxWGGM4T75dTPjq42lwxTvAcwQBdS58+nO2kWbxkSTa0Uq9p2
|
||||
RJKg3yVvXWO69lWRKQ+UHrmkWFJ7hApKnongeuRjAgMBAAEwDQYJKoZIhvcNAQEE
|
||||
BQADgYEAStHlk4pBbwiNeQ2/PKTPPXzITYC8Gn0XMbrU94e/6JIKiO7aArq9Espq
|
||||
nrBSvC14dHcNl6NNvnkEKdQ7hAkcACfBbnOXA/oQvMBd4GD78cH3k0jVDoVUEjil
|
||||
frLfWlckW6WzpTktt0ZPDdAjJCmKVh0ABHimi7Bo9FC3wIGIe5M=
|
||||
-----END CERTIFICATE REQUEST-----
|
9
trunk/3rdparty/openssl-1.1-fit/apps/s512-key.pem
vendored
Normal file
9
trunk/3rdparty/openssl-1.1-fit/apps/s512-key.pem
vendored
Normal file
|
@ -0,0 +1,9 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD
|
||||
TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu
|
||||
OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj
|
||||
gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz
|
||||
rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b
|
||||
PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA
|
||||
vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU=
|
||||
-----END RSA PRIVATE KEY-----
|
8
trunk/3rdparty/openssl-1.1-fit/apps/s512-req.pem
vendored
Normal file
8
trunk/3rdparty/openssl-1.1-fit/apps/s512-req.pem
vendored
Normal file
|
@ -0,0 +1,8 @@
|
|||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIIBGzCBxgIBADBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEa
|
||||
MBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0
|
||||
IGNlcnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8S
|
||||
MVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8E
|
||||
y2//Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAANBAAB+uQi+qwn6qRSHB8EUTvsm
|
||||
5TNTHzYDeN39nyIbZNX2s0se3Srn2Bxft5YCwD3moFZ9QoyDHxE0h6qLX5yjD+8=
|
||||
-----END CERTIFICATE REQUEST-----
|
89
trunk/3rdparty/openssl-1.1-fit/apps/s_apps.h
vendored
Normal file
89
trunk/3rdparty/openssl-1.1-fit/apps/s_apps.h
vendored
Normal file
|
@ -0,0 +1,89 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <openssl/opensslconf.h>
|
||||
|
||||
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
|
||||
# include <conio.h>
|
||||
#endif
|
||||
|
||||
#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32)
|
||||
# define _kbhit kbhit
|
||||
#endif
|
||||
|
||||
#define PORT "4433"
|
||||
#define PROTOCOL "tcp"
|
||||
|
||||
typedef int (*do_server_cb)(int s, int stype, int prot, unsigned char *context);
|
||||
int do_server(int *accept_sock, const char *host, const char *port,
|
||||
int family, int type, int protocol, do_server_cb cb,
|
||||
unsigned char *context, int naccept, BIO *bio_s_out);
|
||||
#ifdef HEADER_X509_H
|
||||
int verify_callback(int ok, X509_STORE_CTX *ctx);
|
||||
#endif
|
||||
#ifdef HEADER_SSL_H
|
||||
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
|
||||
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
|
||||
STACK_OF(X509) *chain, int build_chain);
|
||||
int ssl_print_sigalgs(BIO *out, SSL *s);
|
||||
int ssl_print_point_formats(BIO *out, SSL *s);
|
||||
int ssl_print_groups(BIO *out, SSL *s, int noshared);
|
||||
#endif
|
||||
int ssl_print_tmp_key(BIO *out, SSL *s);
|
||||
int init_client(int *sock, const char *host, const char *port,
|
||||
const char *bindhost, const char *bindport,
|
||||
int family, int type, int protocol);
|
||||
int should_retry(int i);
|
||||
|
||||
long bio_dump_callback(BIO *bio, int cmd, const char *argp,
|
||||
int argi, long argl, long ret);
|
||||
|
||||
#ifdef HEADER_SSL_H
|
||||
void apps_ssl_info_callback(const SSL *s, int where, int ret);
|
||||
void msg_cb(int write_p, int version, int content_type, const void *buf,
|
||||
size_t len, SSL *ssl, void *arg);
|
||||
void tlsext_cb(SSL *s, int client_server, int type, const unsigned char *data,
|
||||
int len, void *arg);
|
||||
#endif
|
||||
|
||||
int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
|
||||
unsigned int *cookie_len);
|
||||
int verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
|
||||
unsigned int cookie_len);
|
||||
|
||||
#ifdef __VMS /* 31 char symbol name limit */
|
||||
# define generate_stateless_cookie_callback generate_stateless_cookie_cb
|
||||
# define verify_stateless_cookie_callback verify_stateless_cookie_cb
|
||||
#endif
|
||||
|
||||
int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie,
|
||||
size_t *cookie_len);
|
||||
int verify_stateless_cookie_callback(SSL *ssl, const unsigned char *cookie,
|
||||
size_t cookie_len);
|
||||
|
||||
typedef struct ssl_excert_st SSL_EXCERT;
|
||||
|
||||
void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc);
|
||||
void ssl_excert_free(SSL_EXCERT *exc);
|
||||
int args_excert(int option, SSL_EXCERT **pexc);
|
||||
int load_excert(SSL_EXCERT **pexc);
|
||||
void print_verify_detail(SSL *s, BIO *bio);
|
||||
void print_ssl_summary(SSL *s);
|
||||
#ifdef HEADER_SSL_H
|
||||
int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str, SSL_CTX *ctx);
|
||||
int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls,
|
||||
int crl_download);
|
||||
int ssl_load_stores(SSL_CTX *ctx, const char *vfyCApath,
|
||||
const char *vfyCAfile, const char *chCApath,
|
||||
const char *chCAfile, STACK_OF(X509_CRL) *crls,
|
||||
int crl_download);
|
||||
void ssl_ctx_security_debug(SSL_CTX *ctx, int verbose);
|
||||
int set_keylog_file(SSL_CTX *ctx, const char *keylog_file);
|
||||
void print_ca_names(BIO *bio, SSL *s);
|
||||
#endif
|
1481
trunk/3rdparty/openssl-1.1-fit/apps/s_cb.c
vendored
Normal file
1481
trunk/3rdparty/openssl-1.1-fit/apps/s_cb.c
vendored
Normal file
File diff suppressed because it is too large
Load diff
3544
trunk/3rdparty/openssl-1.1-fit/apps/s_client.c
vendored
Normal file
3544
trunk/3rdparty/openssl-1.1-fit/apps/s_client.c
vendored
Normal file
File diff suppressed because it is too large
Load diff
3632
trunk/3rdparty/openssl-1.1-fit/apps/s_server.c
vendored
Normal file
3632
trunk/3rdparty/openssl-1.1-fit/apps/s_server.c
vendored
Normal file
File diff suppressed because it is too large
Load diff
395
trunk/3rdparty/openssl-1.1-fit/apps/s_socket.c
vendored
Normal file
395
trunk/3rdparty/openssl-1.1-fit/apps/s_socket.c
vendored
Normal file
|
@ -0,0 +1,395 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
/* socket-related functions used by s_client and s_server */
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <signal.h>
|
||||
#include <openssl/opensslconf.h>
|
||||
|
||||
/*
|
||||
* With IPv6, it looks like Digital has mixed up the proper order of
|
||||
* recursive header file inclusion, resulting in the compiler complaining
|
||||
* that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is
|
||||
* needed to have fileno() declared correctly... So let's define u_int
|
||||
*/
|
||||
#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
|
||||
# define __U_INT
|
||||
typedef unsigned int u_int;
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_SOCK
|
||||
|
||||
# include "apps.h"
|
||||
# include "s_apps.h"
|
||||
# include "internal/sockets.h"
|
||||
|
||||
# include <openssl/bio.h>
|
||||
# include <openssl/err.h>
|
||||
|
||||
/* Keep track of our peer's address for the cookie callback */
|
||||
BIO_ADDR *ourpeer = NULL;
|
||||
|
||||
/*
|
||||
* init_client - helper routine to set up socket communication
|
||||
* @sock: pointer to storage of resulting socket.
|
||||
* @host: the host name or path (for AF_UNIX) to connect to.
|
||||
* @port: the port to connect to (ignored for AF_UNIX).
|
||||
* @bindhost: source host or path (for AF_UNIX).
|
||||
* @bindport: source port (ignored for AF_UNIX).
|
||||
* @family: desired socket family, may be AF_INET, AF_INET6, AF_UNIX or
|
||||
* AF_UNSPEC
|
||||
* @type: socket type, must be SOCK_STREAM or SOCK_DGRAM
|
||||
* @protocol: socket protocol, e.g. IPPROTO_TCP or IPPROTO_UDP (or 0 for any)
|
||||
*
|
||||
* This will create a socket and use it to connect to a host:port, or if
|
||||
* family == AF_UNIX, to the path found in host.
|
||||
*
|
||||
* If the host has more than one address, it will try them one by one until
|
||||
* a successful connection is established. The resulting socket will be
|
||||
* found in *sock on success, it will be given INVALID_SOCKET otherwise.
|
||||
*
|
||||
* Returns 1 on success, 0 on failure.
|
||||
*/
|
||||
int init_client(int *sock, const char *host, const char *port,
|
||||
const char *bindhost, const char *bindport,
|
||||
int family, int type, int protocol)
|
||||
{
|
||||
BIO_ADDRINFO *res = NULL;
|
||||
BIO_ADDRINFO *bindaddr = NULL;
|
||||
const BIO_ADDRINFO *ai = NULL;
|
||||
const BIO_ADDRINFO *bi = NULL;
|
||||
int found = 0;
|
||||
int ret;
|
||||
|
||||
if (BIO_sock_init() != 1)
|
||||
return 0;
|
||||
|
||||
ret = BIO_lookup_ex(host, port, BIO_LOOKUP_CLIENT, family, type, protocol,
|
||||
&res);
|
||||
if (ret == 0) {
|
||||
ERR_print_errors(bio_err);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (bindhost != NULL || bindport != NULL) {
|
||||
ret = BIO_lookup_ex(bindhost, bindport, BIO_LOOKUP_CLIENT,
|
||||
family, type, protocol, &bindaddr);
|
||||
if (ret == 0) {
|
||||
ERR_print_errors (bio_err);
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
|
||||
ret = 0;
|
||||
for (ai = res; ai != NULL; ai = BIO_ADDRINFO_next(ai)) {
|
||||
/* Admittedly, these checks are quite paranoid, we should not get
|
||||
* anything in the BIO_ADDRINFO chain that we haven't
|
||||
* asked for. */
|
||||
OPENSSL_assert((family == AF_UNSPEC
|
||||
|| family == BIO_ADDRINFO_family(ai))
|
||||
&& (type == 0 || type == BIO_ADDRINFO_socktype(ai))
|
||||
&& (protocol == 0
|
||||
|| protocol == BIO_ADDRINFO_protocol(ai)));
|
||||
|
||||
if (bindaddr != NULL) {
|
||||
for (bi = bindaddr; bi != NULL; bi = BIO_ADDRINFO_next(bi)) {
|
||||
if (BIO_ADDRINFO_family(bi) == BIO_ADDRINFO_family(ai))
|
||||
break;
|
||||
}
|
||||
if (bi == NULL)
|
||||
continue;
|
||||
++found;
|
||||
}
|
||||
|
||||
*sock = BIO_socket(BIO_ADDRINFO_family(ai), BIO_ADDRINFO_socktype(ai),
|
||||
BIO_ADDRINFO_protocol(ai), 0);
|
||||
if (*sock == INVALID_SOCKET) {
|
||||
/* Maybe the kernel doesn't support the socket family, even if
|
||||
* BIO_lookup() added it in the returned result...
|
||||
*/
|
||||
continue;
|
||||
}
|
||||
|
||||
if (bi != NULL) {
|
||||
if (!BIO_bind(*sock, BIO_ADDRINFO_address(bi),
|
||||
BIO_SOCK_REUSEADDR)) {
|
||||
BIO_closesocket(*sock);
|
||||
*sock = INVALID_SOCKET;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_SCTP
|
||||
if (protocol == IPPROTO_SCTP) {
|
||||
/*
|
||||
* For SCTP we have to set various options on the socket prior to
|
||||
* connecting. This is done automatically by BIO_new_dgram_sctp().
|
||||
* We don't actually need the created BIO though so we free it again
|
||||
* immediately.
|
||||
*/
|
||||
BIO *tmpbio = BIO_new_dgram_sctp(*sock, BIO_NOCLOSE);
|
||||
|
||||
if (tmpbio == NULL) {
|
||||
ERR_print_errors(bio_err);
|
||||
return 0;
|
||||
}
|
||||
BIO_free(tmpbio);
|
||||
}
|
||||
#endif
|
||||
|
||||
if (!BIO_connect(*sock, BIO_ADDRINFO_address(ai),
|
||||
protocol == IPPROTO_TCP ? BIO_SOCK_NODELAY : 0)) {
|
||||
BIO_closesocket(*sock);
|
||||
*sock = INVALID_SOCKET;
|
||||
continue;
|
||||
}
|
||||
|
||||
/* Success, don't try any more addresses */
|
||||
break;
|
||||
}
|
||||
|
||||
if (*sock == INVALID_SOCKET) {
|
||||
if (bindaddr != NULL && !found) {
|
||||
BIO_printf(bio_err, "Can't bind %saddress for %s%s%s\n",
|
||||
BIO_ADDRINFO_family(res) == AF_INET6 ? "IPv6 " :
|
||||
BIO_ADDRINFO_family(res) == AF_INET ? "IPv4 " :
|
||||
BIO_ADDRINFO_family(res) == AF_UNIX ? "unix " : "",
|
||||
bindhost != NULL ? bindhost : "",
|
||||
bindport != NULL ? ":" : "",
|
||||
bindport != NULL ? bindport : "");
|
||||
ERR_clear_error();
|
||||
ret = 0;
|
||||
}
|
||||
ERR_print_errors(bio_err);
|
||||
} else {
|
||||
/* Remove any stale errors from previous connection attempts */
|
||||
ERR_clear_error();
|
||||
ret = 1;
|
||||
}
|
||||
out:
|
||||
if (bindaddr != NULL) {
|
||||
BIO_ADDRINFO_free (bindaddr);
|
||||
}
|
||||
BIO_ADDRINFO_free(res);
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
* do_server - helper routine to perform a server operation
|
||||
* @accept_sock: pointer to storage of resulting socket.
|
||||
* @host: the host name or path (for AF_UNIX) to connect to.
|
||||
* @port: the port to connect to (ignored for AF_UNIX).
|
||||
* @family: desired socket family, may be AF_INET, AF_INET6, AF_UNIX or
|
||||
* AF_UNSPEC
|
||||
* @type: socket type, must be SOCK_STREAM or SOCK_DGRAM
|
||||
* @cb: pointer to a function that receives the accepted socket and
|
||||
* should perform the communication with the connecting client.
|
||||
* @context: pointer to memory that's passed verbatim to the cb function.
|
||||
* @naccept: number of times an incoming connect should be accepted. If -1,
|
||||
* unlimited number.
|
||||
*
|
||||
* This will create a socket and use it to listen to a host:port, or if
|
||||
* family == AF_UNIX, to the path found in host, then start accepting
|
||||
* incoming connections and run cb on the resulting socket.
|
||||
*
|
||||
* 0 on failure, something other on success.
|
||||
*/
|
||||
int do_server(int *accept_sock, const char *host, const char *port,
|
||||
int family, int type, int protocol, do_server_cb cb,
|
||||
unsigned char *context, int naccept, BIO *bio_s_out)
|
||||
{
|
||||
int asock = 0;
|
||||
int sock;
|
||||
int i;
|
||||
BIO_ADDRINFO *res = NULL;
|
||||
const BIO_ADDRINFO *next;
|
||||
int sock_family, sock_type, sock_protocol, sock_port;
|
||||
const BIO_ADDR *sock_address;
|
||||
int sock_options = BIO_SOCK_REUSEADDR;
|
||||
int ret = 0;
|
||||
|
||||
if (BIO_sock_init() != 1)
|
||||
return 0;
|
||||
|
||||
if (!BIO_lookup_ex(host, port, BIO_LOOKUP_SERVER, family, type, protocol,
|
||||
&res)) {
|
||||
ERR_print_errors(bio_err);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Admittedly, these checks are quite paranoid, we should not get
|
||||
* anything in the BIO_ADDRINFO chain that we haven't asked for */
|
||||
OPENSSL_assert((family == AF_UNSPEC || family == BIO_ADDRINFO_family(res))
|
||||
&& (type == 0 || type == BIO_ADDRINFO_socktype(res))
|
||||
&& (protocol == 0 || protocol == BIO_ADDRINFO_protocol(res)));
|
||||
|
||||
sock_family = BIO_ADDRINFO_family(res);
|
||||
sock_type = BIO_ADDRINFO_socktype(res);
|
||||
sock_protocol = BIO_ADDRINFO_protocol(res);
|
||||
sock_address = BIO_ADDRINFO_address(res);
|
||||
next = BIO_ADDRINFO_next(res);
|
||||
if (sock_family == AF_INET6)
|
||||
sock_options |= BIO_SOCK_V6_ONLY;
|
||||
if (next != NULL
|
||||
&& BIO_ADDRINFO_socktype(next) == sock_type
|
||||
&& BIO_ADDRINFO_protocol(next) == sock_protocol) {
|
||||
if (sock_family == AF_INET
|
||||
&& BIO_ADDRINFO_family(next) == AF_INET6) {
|
||||
sock_family = AF_INET6;
|
||||
sock_address = BIO_ADDRINFO_address(next);
|
||||
} else if (sock_family == AF_INET6
|
||||
&& BIO_ADDRINFO_family(next) == AF_INET) {
|
||||
sock_options &= ~BIO_SOCK_V6_ONLY;
|
||||
}
|
||||
}
|
||||
|
||||
asock = BIO_socket(sock_family, sock_type, sock_protocol, 0);
|
||||
if (asock == INVALID_SOCKET
|
||||
|| !BIO_listen(asock, sock_address, sock_options)) {
|
||||
BIO_ADDRINFO_free(res);
|
||||
ERR_print_errors(bio_err);
|
||||
if (asock != INVALID_SOCKET)
|
||||
BIO_closesocket(asock);
|
||||
goto end;
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_SCTP
|
||||
if (protocol == IPPROTO_SCTP) {
|
||||
/*
|
||||
* For SCTP we have to set various options on the socket prior to
|
||||
* accepting. This is done automatically by BIO_new_dgram_sctp().
|
||||
* We don't actually need the created BIO though so we free it again
|
||||
* immediately.
|
||||
*/
|
||||
BIO *tmpbio = BIO_new_dgram_sctp(asock, BIO_NOCLOSE);
|
||||
|
||||
if (tmpbio == NULL) {
|
||||
BIO_closesocket(asock);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
BIO_free(tmpbio);
|
||||
}
|
||||
#endif
|
||||
|
||||
sock_port = BIO_ADDR_rawport(sock_address);
|
||||
|
||||
BIO_ADDRINFO_free(res);
|
||||
res = NULL;
|
||||
|
||||
if (sock_port == 0) {
|
||||
/* dynamically allocated port, report which one */
|
||||
union BIO_sock_info_u info;
|
||||
char *hostname = NULL;
|
||||
char *service = NULL;
|
||||
int success = 0;
|
||||
|
||||
if ((info.addr = BIO_ADDR_new()) != NULL
|
||||
&& BIO_sock_info(asock, BIO_SOCK_INFO_ADDRESS, &info)
|
||||
&& (hostname = BIO_ADDR_hostname_string(info.addr, 1)) != NULL
|
||||
&& (service = BIO_ADDR_service_string(info.addr, 1)) != NULL
|
||||
&& BIO_printf(bio_s_out,
|
||||
strchr(hostname, ':') == NULL
|
||||
? /* IPv4 */ "ACCEPT %s:%s\n"
|
||||
: /* IPv6 */ "ACCEPT [%s]:%s\n",
|
||||
hostname, service) > 0)
|
||||
success = 1;
|
||||
|
||||
(void)BIO_flush(bio_s_out);
|
||||
OPENSSL_free(hostname);
|
||||
OPENSSL_free(service);
|
||||
BIO_ADDR_free(info.addr);
|
||||
if (!success) {
|
||||
BIO_closesocket(asock);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
} else {
|
||||
(void)BIO_printf(bio_s_out, "ACCEPT\n");
|
||||
(void)BIO_flush(bio_s_out);
|
||||
}
|
||||
|
||||
if (accept_sock != NULL)
|
||||
*accept_sock = asock;
|
||||
for (;;) {
|
||||
char sink[64];
|
||||
struct timeval timeout;
|
||||
fd_set readfds;
|
||||
|
||||
if (type == SOCK_STREAM) {
|
||||
BIO_ADDR_free(ourpeer);
|
||||
ourpeer = BIO_ADDR_new();
|
||||
if (ourpeer == NULL) {
|
||||
BIO_closesocket(asock);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
do {
|
||||
sock = BIO_accept_ex(asock, ourpeer, 0);
|
||||
} while (sock < 0 && BIO_sock_should_retry(sock));
|
||||
if (sock < 0) {
|
||||
ERR_print_errors(bio_err);
|
||||
BIO_closesocket(asock);
|
||||
break;
|
||||
}
|
||||
BIO_set_tcp_ndelay(sock, 1);
|
||||
i = (*cb)(sock, type, protocol, context);
|
||||
|
||||
/*
|
||||
* If we ended with an alert being sent, but still with data in the
|
||||
* network buffer to be read, then calling BIO_closesocket() will
|
||||
* result in a TCP-RST being sent. On some platforms (notably
|
||||
* Windows) then this will result in the peer immediately abandoning
|
||||
* the connection including any buffered alert data before it has
|
||||
* had a chance to be read. Shutting down the sending side first,
|
||||
* and then closing the socket sends TCP-FIN first followed by
|
||||
* TCP-RST. This seems to allow the peer to read the alert data.
|
||||
*/
|
||||
shutdown(sock, 1); /* SHUT_WR */
|
||||
/*
|
||||
* We just said we have nothing else to say, but it doesn't mean
|
||||
* that the other side has nothing. It's even recommended to
|
||||
* consume incoming data. [In testing context this ensures that
|
||||
* alerts are passed on...]
|
||||
*/
|
||||
timeout.tv_sec = 0;
|
||||
timeout.tv_usec = 500000; /* some extreme round-trip */
|
||||
do {
|
||||
FD_ZERO(&readfds);
|
||||
openssl_fdset(sock, &readfds);
|
||||
} while (select(sock + 1, &readfds, NULL, NULL, &timeout) > 0
|
||||
&& readsocket(sock, sink, sizeof(sink)) > 0);
|
||||
|
||||
BIO_closesocket(sock);
|
||||
} else {
|
||||
i = (*cb)(asock, type, protocol, context);
|
||||
}
|
||||
|
||||
if (naccept != -1)
|
||||
naccept--;
|
||||
if (i < 0 || naccept == 0) {
|
||||
BIO_closesocket(asock);
|
||||
ret = i;
|
||||
break;
|
||||
}
|
||||
}
|
||||
end:
|
||||
# ifdef AF_UNIX
|
||||
if (family == AF_UNIX)
|
||||
unlink(host);
|
||||
# endif
|
||||
BIO_ADDR_free(ourpeer);
|
||||
ourpeer = NULL;
|
||||
return ret;
|
||||
}
|
||||
|
||||
#endif /* OPENSSL_NO_SOCK */
|
405
trunk/3rdparty/openssl-1.1-fit/apps/s_time.c
vendored
Normal file
405
trunk/3rdparty/openssl-1.1-fit/apps/s_time.c
vendored
Normal file
|
@ -0,0 +1,405 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#include <openssl/opensslconf.h>
|
||||
|
||||
#ifndef OPENSSL_NO_SOCK
|
||||
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/pem.h>
|
||||
#include "s_apps.h"
|
||||
#include <openssl/err.h>
|
||||
#include <internal/sockets.h>
|
||||
#if !defined(OPENSSL_SYS_MSDOS)
|
||||
# include OPENSSL_UNISTD
|
||||
#endif
|
||||
|
||||
#define SSL_CONNECT_NAME "localhost:4433"
|
||||
|
||||
#define SECONDS 30
|
||||
#define SECONDSSTR "30"
|
||||
|
||||
static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx);
|
||||
|
||||
/*
|
||||
* Define a HTTP get command globally.
|
||||
* Also define the size of the command, this is two bytes less than
|
||||
* the size of the string because the %s is replaced by the URL.
|
||||
*/
|
||||
static const char fmt_http_get_cmd[] = "GET %s HTTP/1.0\r\n\r\n";
|
||||
static const size_t fmt_http_get_cmd_size = sizeof(fmt_http_get_cmd) - 2;
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
OPT_CONNECT, OPT_CIPHER, OPT_CIPHERSUITES, OPT_CERT, OPT_NAMEOPT, OPT_KEY,
|
||||
OPT_CAPATH, OPT_CAFILE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_NEW, OPT_REUSE,
|
||||
OPT_BUGS, OPT_VERIFY, OPT_TIME, OPT_SSL3,
|
||||
OPT_WWW
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS s_time_options[] = {
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{"connect", OPT_CONNECT, 's',
|
||||
"Where to connect as post:port (default is " SSL_CONNECT_NAME ")"},
|
||||
{"cipher", OPT_CIPHER, 's', "TLSv1.2 and below cipher list to be used"},
|
||||
{"ciphersuites", OPT_CIPHERSUITES, 's',
|
||||
"Specify TLSv1.3 ciphersuites to be used"},
|
||||
{"cert", OPT_CERT, '<', "Cert file to use, PEM format assumed"},
|
||||
{"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
|
||||
{"key", OPT_KEY, '<', "File with key, PEM; default is -cert file"},
|
||||
{"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"},
|
||||
{"cafile", OPT_CAFILE, '<', "PEM format file of CA's"},
|
||||
{"no-CAfile", OPT_NOCAFILE, '-',
|
||||
"Do not load the default certificates file"},
|
||||
{"no-CApath", OPT_NOCAPATH, '-',
|
||||
"Do not load certificates from the default certificates directory"},
|
||||
{"new", OPT_NEW, '-', "Just time new connections"},
|
||||
{"reuse", OPT_REUSE, '-', "Just time connection reuse"},
|
||||
{"bugs", OPT_BUGS, '-', "Turn on SSL bug compatibility"},
|
||||
{"verify", OPT_VERIFY, 'p',
|
||||
"Turn on peer certificate verification, set depth"},
|
||||
{"time", OPT_TIME, 'p', "Seconds to collect data, default " SECONDSSTR},
|
||||
{"www", OPT_WWW, 's', "Fetch specified page from the site"},
|
||||
#ifndef OPENSSL_NO_SSL3
|
||||
{"ssl3", OPT_SSL3, '-', "Just use SSLv3"},
|
||||
#endif
|
||||
{NULL}
|
||||
};
|
||||
|
||||
#define START 0
|
||||
#define STOP 1
|
||||
|
||||
static double tm_Time_F(int s)
|
||||
{
|
||||
return app_tminterval(s, 1);
|
||||
}
|
||||
|
||||
int s_time_main(int argc, char **argv)
|
||||
{
|
||||
char buf[1024 * 8];
|
||||
SSL *scon = NULL;
|
||||
SSL_CTX *ctx = NULL;
|
||||
const SSL_METHOD *meth = NULL;
|
||||
char *CApath = NULL, *CAfile = NULL, *cipher = NULL, *ciphersuites = NULL;
|
||||
char *www_path = NULL;
|
||||
char *host = SSL_CONNECT_NAME, *certfile = NULL, *keyfile = NULL, *prog;
|
||||
double totalTime = 0.0;
|
||||
int noCApath = 0, noCAfile = 0;
|
||||
int maxtime = SECONDS, nConn = 0, perform = 3, ret = 1, i, st_bugs = 0;
|
||||
long bytes_read = 0, finishtime = 0;
|
||||
OPTION_CHOICE o;
|
||||
int max_version = 0, ver, buf_len;
|
||||
size_t buf_size;
|
||||
|
||||
meth = TLS_client_method();
|
||||
|
||||
prog = opt_init(argc, argv, s_time_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF:
|
||||
case OPT_ERR:
|
||||
opthelp:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
case OPT_HELP:
|
||||
opt_help(s_time_options);
|
||||
ret = 0;
|
||||
goto end;
|
||||
case OPT_CONNECT:
|
||||
host = opt_arg();
|
||||
break;
|
||||
case OPT_REUSE:
|
||||
perform = 2;
|
||||
break;
|
||||
case OPT_NEW:
|
||||
perform = 1;
|
||||
break;
|
||||
case OPT_VERIFY:
|
||||
if (!opt_int(opt_arg(), &verify_args.depth))
|
||||
goto opthelp;
|
||||
BIO_printf(bio_err, "%s: verify depth is %d\n",
|
||||
prog, verify_args.depth);
|
||||
break;
|
||||
case OPT_CERT:
|
||||
certfile = opt_arg();
|
||||
break;
|
||||
case OPT_NAMEOPT:
|
||||
if (!set_nameopt(opt_arg()))
|
||||
goto end;
|
||||
break;
|
||||
case OPT_KEY:
|
||||
keyfile = opt_arg();
|
||||
break;
|
||||
case OPT_CAPATH:
|
||||
CApath = opt_arg();
|
||||
break;
|
||||
case OPT_CAFILE:
|
||||
CAfile = opt_arg();
|
||||
break;
|
||||
case OPT_NOCAPATH:
|
||||
noCApath = 1;
|
||||
break;
|
||||
case OPT_NOCAFILE:
|
||||
noCAfile = 1;
|
||||
break;
|
||||
case OPT_CIPHER:
|
||||
cipher = opt_arg();
|
||||
break;
|
||||
case OPT_CIPHERSUITES:
|
||||
ciphersuites = opt_arg();
|
||||
break;
|
||||
case OPT_BUGS:
|
||||
st_bugs = 1;
|
||||
break;
|
||||
case OPT_TIME:
|
||||
if (!opt_int(opt_arg(), &maxtime))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_WWW:
|
||||
www_path = opt_arg();
|
||||
buf_size = strlen(www_path) + fmt_http_get_cmd_size;
|
||||
if (buf_size > sizeof(buf)) {
|
||||
BIO_printf(bio_err, "%s: -www option is too long\n", prog);
|
||||
goto end;
|
||||
}
|
||||
break;
|
||||
case OPT_SSL3:
|
||||
max_version = SSL3_VERSION;
|
||||
break;
|
||||
}
|
||||
}
|
||||
argc = opt_num_rest();
|
||||
if (argc != 0)
|
||||
goto opthelp;
|
||||
|
||||
if (cipher == NULL)
|
||||
cipher = getenv("SSL_CIPHER");
|
||||
|
||||
if ((ctx = SSL_CTX_new(meth)) == NULL)
|
||||
goto end;
|
||||
|
||||
SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
|
||||
SSL_CTX_set_quiet_shutdown(ctx, 1);
|
||||
if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
|
||||
goto end;
|
||||
|
||||
if (st_bugs)
|
||||
SSL_CTX_set_options(ctx, SSL_OP_ALL);
|
||||
if (cipher != NULL && !SSL_CTX_set_cipher_list(ctx, cipher))
|
||||
goto end;
|
||||
if (ciphersuites != NULL && !SSL_CTX_set_ciphersuites(ctx, ciphersuites))
|
||||
goto end;
|
||||
if (!set_cert_stuff(ctx, certfile, keyfile))
|
||||
goto end;
|
||||
|
||||
if (!ctx_set_verify_locations(ctx, CAfile, CApath, noCAfile, noCApath)) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
if (!(perform & 1))
|
||||
goto next;
|
||||
printf("Collecting connection statistics for %d seconds\n", maxtime);
|
||||
|
||||
/* Loop and time how long it takes to make connections */
|
||||
|
||||
bytes_read = 0;
|
||||
finishtime = (long)time(NULL) + maxtime;
|
||||
tm_Time_F(START);
|
||||
for (;;) {
|
||||
if (finishtime < (long)time(NULL))
|
||||
break;
|
||||
|
||||
if ((scon = doConnection(NULL, host, ctx)) == NULL)
|
||||
goto end;
|
||||
|
||||
if (www_path != NULL) {
|
||||
buf_len = BIO_snprintf(buf, sizeof(buf), fmt_http_get_cmd,
|
||||
www_path);
|
||||
if (buf_len <= 0 || SSL_write(scon, buf, buf_len) <= 0)
|
||||
goto end;
|
||||
while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
|
||||
bytes_read += i;
|
||||
}
|
||||
SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
|
||||
BIO_closesocket(SSL_get_fd(scon));
|
||||
|
||||
nConn += 1;
|
||||
if (SSL_session_reused(scon)) {
|
||||
ver = 'r';
|
||||
} else {
|
||||
ver = SSL_version(scon);
|
||||
if (ver == TLS1_VERSION)
|
||||
ver = 't';
|
||||
else if (ver == SSL3_VERSION)
|
||||
ver = '3';
|
||||
else
|
||||
ver = '*';
|
||||
}
|
||||
fputc(ver, stdout);
|
||||
fflush(stdout);
|
||||
|
||||
SSL_free(scon);
|
||||
scon = NULL;
|
||||
}
|
||||
totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
|
||||
|
||||
i = (int)((long)time(NULL) - finishtime + maxtime);
|
||||
printf
|
||||
("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
|
||||
nConn, totalTime, ((double)nConn / totalTime), bytes_read);
|
||||
printf
|
||||
("%d connections in %ld real seconds, %ld bytes read per connection\n",
|
||||
nConn, (long)time(NULL) - finishtime + maxtime, bytes_read / nConn);
|
||||
|
||||
/*
|
||||
* Now loop and time connections using the same session id over and over
|
||||
*/
|
||||
|
||||
next:
|
||||
if (!(perform & 2))
|
||||
goto end;
|
||||
printf("\n\nNow timing with session id reuse.\n");
|
||||
|
||||
/* Get an SSL object so we can reuse the session id */
|
||||
if ((scon = doConnection(NULL, host, ctx)) == NULL) {
|
||||
BIO_printf(bio_err, "Unable to get connection\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (www_path != NULL) {
|
||||
buf_len = BIO_snprintf(buf, sizeof(buf), fmt_http_get_cmd, www_path);
|
||||
if (buf_len <= 0 || SSL_write(scon, buf, buf_len) <= 0)
|
||||
goto end;
|
||||
while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
|
||||
continue;
|
||||
}
|
||||
SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
|
||||
BIO_closesocket(SSL_get_fd(scon));
|
||||
|
||||
nConn = 0;
|
||||
totalTime = 0.0;
|
||||
|
||||
finishtime = (long)time(NULL) + maxtime;
|
||||
|
||||
printf("starting\n");
|
||||
bytes_read = 0;
|
||||
tm_Time_F(START);
|
||||
|
||||
for (;;) {
|
||||
if (finishtime < (long)time(NULL))
|
||||
break;
|
||||
|
||||
if ((doConnection(scon, host, ctx)) == NULL)
|
||||
goto end;
|
||||
|
||||
if (www_path != NULL) {
|
||||
buf_len = BIO_snprintf(buf, sizeof(buf), fmt_http_get_cmd,
|
||||
www_path);
|
||||
if (buf_len <= 0 || SSL_write(scon, buf, buf_len) <= 0)
|
||||
goto end;
|
||||
while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
|
||||
bytes_read += i;
|
||||
}
|
||||
SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
|
||||
BIO_closesocket(SSL_get_fd(scon));
|
||||
|
||||
nConn += 1;
|
||||
if (SSL_session_reused(scon)) {
|
||||
ver = 'r';
|
||||
} else {
|
||||
ver = SSL_version(scon);
|
||||
if (ver == TLS1_VERSION)
|
||||
ver = 't';
|
||||
else if (ver == SSL3_VERSION)
|
||||
ver = '3';
|
||||
else
|
||||
ver = '*';
|
||||
}
|
||||
fputc(ver, stdout);
|
||||
fflush(stdout);
|
||||
}
|
||||
totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
|
||||
|
||||
printf
|
||||
("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
|
||||
nConn, totalTime, ((double)nConn / totalTime), bytes_read);
|
||||
printf
|
||||
("%d connections in %ld real seconds, %ld bytes read per connection\n",
|
||||
nConn, (long)time(NULL) - finishtime + maxtime, bytes_read / nConn);
|
||||
|
||||
ret = 0;
|
||||
|
||||
end:
|
||||
SSL_free(scon);
|
||||
SSL_CTX_free(ctx);
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*-
|
||||
* doConnection - make a connection
|
||||
*/
|
||||
static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx)
|
||||
{
|
||||
BIO *conn;
|
||||
SSL *serverCon;
|
||||
int i;
|
||||
|
||||
if ((conn = BIO_new(BIO_s_connect())) == NULL)
|
||||
return NULL;
|
||||
|
||||
BIO_set_conn_hostname(conn, host);
|
||||
BIO_set_conn_mode(conn, BIO_SOCK_NODELAY);
|
||||
|
||||
if (scon == NULL)
|
||||
serverCon = SSL_new(ctx);
|
||||
else {
|
||||
serverCon = scon;
|
||||
SSL_set_connect_state(serverCon);
|
||||
}
|
||||
|
||||
SSL_set_bio(serverCon, conn, conn);
|
||||
|
||||
/* ok, lets connect */
|
||||
i = SSL_connect(serverCon);
|
||||
if (i <= 0) {
|
||||
BIO_printf(bio_err, "ERROR\n");
|
||||
if (verify_args.error != X509_V_OK)
|
||||
BIO_printf(bio_err, "verify error:%s\n",
|
||||
X509_verify_cert_error_string(verify_args.error));
|
||||
else
|
||||
ERR_print_errors(bio_err);
|
||||
if (scon == NULL)
|
||||
SSL_free(serverCon);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
#if defined(SOL_SOCKET) && defined(SO_LINGER)
|
||||
{
|
||||
struct linger no_linger;
|
||||
int fd;
|
||||
|
||||
no_linger.l_onoff = 1;
|
||||
no_linger.l_linger = 0;
|
||||
fd = SSL_get_fd(serverCon);
|
||||
if (fd >= 0)
|
||||
(void)setsockopt(fd, SOL_SOCKET, SO_LINGER, (char*)&no_linger,
|
||||
sizeof(no_linger));
|
||||
}
|
||||
#endif
|
||||
|
||||
return serverCon;
|
||||
}
|
||||
#endif /* OPENSSL_NO_SOCK */
|
52
trunk/3rdparty/openssl-1.1-fit/apps/server.pem
vendored
Normal file
52
trunk/3rdparty/openssl-1.1-fit/apps/server.pem
vendored
Normal file
|
@ -0,0 +1,52 @@
|
|||
subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Server Cert
|
||||
issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6zMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
|
||||
BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
|
||||
VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt
|
||||
ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZDELMAkG
|
||||
A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU
|
||||
RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgU2VydmVyIENlcnQw
|
||||
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzhPOSNtyyRspmeuUpxfNJ
|
||||
KCLTuf7g3uQ4zu4iHOmRO5TQci+HhVlLZrHF9XqFXcIP0y4pWDbMSGuiorUmzmfi
|
||||
R7bfSdI/+qIQt8KXRH6HNG1t8ou0VSvWId5TS5Dq/er5ODUr9OaaDva7EquHIcMv
|
||||
vPQGuI+OEAcnleVCy9HVEIySrO4P3CNIicnGkwwiAud05yUAq/gPXBC1hTtmlPD7
|
||||
TVcGVSEiJdvzqqlgv02qedGrkki6GY4S7GjZxrrf7Foc2EP+51LJzwLQx3/JfrCU
|
||||
41NEWAsu/Sl0tQabXESN+zJ1pDqoZ3uHMgpQjeGiE0olr+YcsSW/tJmiU9OiAr8R
|
||||
AgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJYIZI
|
||||
AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
|
||||
BBSCvM8AABPR9zklmifnr9LvIBturDAfBgNVHSMEGDAWgBQ2w2yI55X+sL3szj49
|
||||
hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEAqb1NV0B0/pbpK9Z4/bNjzPQLTRLK
|
||||
WnSNm/Jh5v0GEUOE/Beg7GNjNrmeNmqxAlpqWz9qoeoFZax+QBpIZYjROU3TS3fp
|
||||
yLsrnlr0CDQ5R7kCCDGa8dkXxemmpZZLbUCpW2Uoy8sAA4JjN9OtsZY7dvUXFgJ7
|
||||
vVNTRnI01ghknbtD+2SxSQd3CWF6QhcRMAzZJ1z1cbbwGDDzfvGFPzJ+Sq+zEPds
|
||||
xoVLLSetCiBc+40ZcDS5dV98h9XD7JMTQfxzA7mNGv73JoZJA6nFgj+ADSlJsY/t
|
||||
JBv+z1iQRueoh9Qeee+ZbRifPouCB8FDx+AltvHTANdAq0t/K3o+pplMVA==
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEA84TzkjbcskbKZnrlKcXzSSgi07n+4N7kOM7uIhzpkTuU0HIv
|
||||
h4VZS2axxfV6hV3CD9MuKVg2zEhroqK1Js5n4ke230nSP/qiELfCl0R+hzRtbfKL
|
||||
tFUr1iHeU0uQ6v3q+Tg1K/Tmmg72uxKrhyHDL7z0BriPjhAHJ5XlQsvR1RCMkqzu
|
||||
D9wjSInJxpMMIgLndOclAKv4D1wQtYU7ZpTw+01XBlUhIiXb86qpYL9NqnnRq5JI
|
||||
uhmOEuxo2ca63+xaHNhD/udSyc8C0Md/yX6wlONTRFgLLv0pdLUGm1xEjfsydaQ6
|
||||
qGd7hzIKUI3hohNKJa/mHLElv7SZolPTogK/EQIDAQABAoIBAADq9FwNtuE5IRQn
|
||||
zGtO4q7Y5uCzZ8GDNYr9RKp+P2cbuWDbvVAecYq2NV9QoIiWJOAYZKklOvekIju3
|
||||
r0UZLA0PRiIrTg6NrESx3JrjWDK8QNlUO7CPTZ39/K+FrmMkV9lem9yxjJjyC34D
|
||||
AQB+YRTx+l14HppjdxNwHjAVQpIx/uO2F5xAMuk32+3K+pq9CZUtrofe1q4Agj9R
|
||||
5s8mSy9pbRo9kW9wl5xdEotz1LivFOEiqPUJTUq5J5PeMKao3vdK726XI4Z455Nm
|
||||
W2/MA0YV0ug2FYinHcZdvKM6dimH8GLfa3X8xKRfzjGjTiMSwsdjgMa4awY3tEHH
|
||||
674jhAECgYEA/zqMrc0zsbNk83sjgaYIug5kzEpN4ic020rSZsmQxSCerJTgNhmg
|
||||
utKSCt0Re09Jt3LqG48msahX8ycqDsHNvlEGPQSbMu9IYeO3Wr3fAm75GEtFWePY
|
||||
BhM73I7gkRt4s8bUiUepMG/wY45c5tRF23xi8foReHFFe9MDzh8fJFECgYEA9EFX
|
||||
4qAik1pOJGNei9BMwmx0I0gfVEIgu0tzeVqT45vcxbxr7RkTEaDoAG6PlbWP6D9a
|
||||
WQNLp4gsgRM90ZXOJ4up5DsAWDluvaF4/omabMA+MJJ5kGZ0gCj5rbZbKqUws7x8
|
||||
bp+6iBfUPJUbcqNqFmi/08Yt7vrDnMnyMw2A/sECgYEAiiuRMxnuzVm34hQcsbhH
|
||||
6ymVqf7j0PW2qK0F4H1ocT9qhzWFd+RB3kHWrCjnqODQoI6GbGr/4JepHUpre1ex
|
||||
4UEN5oSS3G0ru0rC3U4C59dZ5KwDHFm7ffZ1pr52ljfQDUsrjjIMRtuiwNK2OoRa
|
||||
WSsqiaL+SDzSB+nBmpnAizECgYBdt/y6rerWUx4MhDwwtTnel7JwHyo2MDFS6/5g
|
||||
n8qC2Lj6/fMDRE22w+CA2esp7EJNQJGv+b27iFpbJEDh+/Lf5YzIT4MwVskQ5bYB
|
||||
JFcmRxUVmf4e09D7o705U/DjCgMH09iCsbLmqQ38ONIRSHZaJtMDtNTHD1yi+jF+
|
||||
OT43gQKBgQC/2OHZoko6iRlNOAQ/tMVFNq7fL81GivoQ9F1U0Qr+DH3ZfaH8eIkX
|
||||
xT0ToMPJUzWAn8pZv0snA0um6SIgvkCuxO84OkANCVbttzXImIsL7pFzfcwV/ERK
|
||||
UM6j0ZuSMFOCr/lGPAoOQU0fskidGEHi1/kW+suSr28TqsyYZpwBDQ==
|
||||
-----END RSA PRIVATE KEY-----
|
1
trunk/3rdparty/openssl-1.1-fit/apps/server.srl
vendored
Normal file
1
trunk/3rdparty/openssl-1.1-fit/apps/server.srl
vendored
Normal file
|
@ -0,0 +1 @@
|
|||
01
|
52
trunk/3rdparty/openssl-1.1-fit/apps/server2.pem
vendored
Normal file
52
trunk/3rdparty/openssl-1.1-fit/apps/server2.pem
vendored
Normal file
|
@ -0,0 +1,52 @@
|
|||
subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Server Cert #2
|
||||
issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIID6jCCAtKgAwIBAgIJALnu1NlVpZ60MA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
|
||||
BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
|
||||
VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt
|
||||
ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZzELMAkG
|
||||
A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU
|
||||
RVNUSU5HIFBVUlBPU0VTIE9OTFkxHDAaBgNVBAMME1Rlc3QgU2VydmVyIENlcnQg
|
||||
IzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrdi7j9yctG+L4EjBy
|
||||
gjPmEqZzOJEQba26MoQGzglU7e5Xf59Rb/hgVQuKAoiZe7/R8rK4zJ4W7iXdXw0L
|
||||
qBpyG8B5aGKeI32w+A9TcBApoXXL2CrYQEQjZwUIpLlYBIi2NkJj3nVkq5dgl1gO
|
||||
ALiQ+W8jg3kzg5Ec9rimp9r93N8wsSL3awsafurmYCvOf7leHaMP1WJ/zDRGUNHG
|
||||
/WtDjXc8ZUG1+6EXU9Jc2Fs+2Omf7fcN0l00AK/wPg8OaNS0rKyGq9JdIT9FRGV1
|
||||
bXe/rx58FaE5CItdwCSYhJvF/O95LWQoxJXye5bCFLmvDTEyVq9FMSCptfsmbXjE
|
||||
ZGsXAgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJ
|
||||
YIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud
|
||||
DgQWBBR52UaWWTKzZGDH/X4mWNcuqeQVazAfBgNVHSMEGDAWgBQ2w2yI55X+sL3s
|
||||
zj49hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEANBW+XYLlHBqVY/31ie+3gRlS
|
||||
LPfy4SIqn0t3RJjagT29MXprblBO2cbMO8VGjkQdKGpmMXjxbht2arOOUXRHX4n/
|
||||
XTyn/QHEf0bcwIITMReO3DZUPAEw8hSjn9xEOM0IRVOCP+mH5fi74QzzQaZVCyYg
|
||||
5VtLKdww/+sc0nCbKl2KWgDluriH0nfVx95qgW3mg9dhXRr0zmf1w2zkBHYpARYL
|
||||
Dew6Z8EE4tS3HJu8/qM6meWzNtrfonQ3eiiMxjZBxzV46jchBwa2z9XYhP6AmpPb
|
||||
oeTSzcQNbWsxaGYzWo46oLDUZmJOwSBawbS31bZNMCoPIY6ukoesCzFSsUKZww==
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEowIBAAKCAQEA63Yu4/cnLRvi+BIwcoIz5hKmcziREG2tujKEBs4JVO3uV3+f
|
||||
UW/4YFULigKImXu/0fKyuMyeFu4l3V8NC6gachvAeWhiniN9sPgPU3AQKaF1y9gq
|
||||
2EBEI2cFCKS5WASItjZCY951ZKuXYJdYDgC4kPlvI4N5M4ORHPa4pqfa/dzfMLEi
|
||||
92sLGn7q5mArzn+5Xh2jD9Vif8w0RlDRxv1rQ413PGVBtfuhF1PSXNhbPtjpn+33
|
||||
DdJdNACv8D4PDmjUtKyshqvSXSE/RURldW13v68efBWhOQiLXcAkmISbxfzveS1k
|
||||
KMSV8nuWwhS5rw0xMlavRTEgqbX7Jm14xGRrFwIDAQABAoIBAHLsTPihIfLnYIE5
|
||||
x4GsQQ5zXeBw5ITDM37ktwHnQDC+rIzyUl1aLD1AZRBoKinXd4lOTqLZ4/NHKx4A
|
||||
DYr58mZtWyUmqLOMmQVuHXTZBlp7XtYuXMMNovQwjQlp9LicBeoBU6gQ5PVMtubD
|
||||
F4xGF89Sn0cTHW3iMkqTtQ5KcR1j57OcJO0FEb1vPvk2MXI5ZyAatUYE7YacbEzd
|
||||
rg02uIwx3FqNSkuSI79uz4hMdV5TPtuhxx9nTwj9aLUhXFeZ0mn2PVgVzEnnMoJb
|
||||
+znlsZDgzDlJqdaD744YGWh8Z3OEssB35KfzFcdOeO6yH8lmv2Zfznk7pNPT7LTb
|
||||
Lae9VgkCgYEA92p1qnAB3NtJtNcaW53i0S5WJgS1hxWKvUDx3lTB9s8X9fHpqL1a
|
||||
E94fDfWzp/hax6FefUKIvBOukPLQ6bYjTMiFoOHzVirghAIuIUoMI5VtLhwD1hKs
|
||||
Lr7l/dptMgKb1nZHyXoKHRBthsy3K4+udsPi8TzMvYElgEqyQIe/Rk0CgYEA86GL
|
||||
8HC6zLszzKERDPBxrboRmoFvVUCTQDhsfj1M8aR3nQ8V5LkdIJc7Wqm/Ggfk9QRf
|
||||
rJ8M2WUMlU5CNnCn/KCrKzCNZIReze3fV+HnKdbcXGLvgbHPrhnz8yYehUFG+RGq
|
||||
bVyDWRU94T38izy2s5qMYrMJWZEYyXncSPbfcPMCgYAtaXfxcZ+V5xYPQFARMtiX
|
||||
5nZfggvDoJuXgx0h3tK/N2HBfcaSdzbaYLG4gTmZggc/jwnl2dl5E++9oSPhUdIG
|
||||
3ONSFUbxsOsGr9PBvnKd8WZZyUCXAVRjPBzAzF+whzQNWCZy/5htnz9LN7YDI9s0
|
||||
5113Q96cheDZPFydZY0hHQKBgQDVbEhNukM5xCiNcu+f2SaMnLp9EjQ4h5g3IvaP
|
||||
5B16daw/Dw8LzcohWboqIxeAsze0GD/D1ZUJAEd0qBjC3g+a9BjefervCjKOzXng
|
||||
38mEUm+6EwVjJSQcjSmycEs+Sr/kwr/8i5WYvU32+jk4tFgMoC+o6tQe/Uesf68k
|
||||
z/dPVwKBgGbF7Vv1/3SmhlOy+zYyvJ0CrWtKxH9QP6tLIEgEpd8x7YTSuCH94yok
|
||||
kToMXYA3sWNPt22GbRDZ+rcp4c7HkDx6I6vpdP9aQEwJTp0EPy0sgWr2XwYmreIQ
|
||||
NFmkk8Itn9EY2R9VBaP7GLv5kvwxDdLAnmwGmzVtbmaVdxCaBwUk
|
||||
-----END RSA PRIVATE KEY-----
|
191
trunk/3rdparty/openssl-1.1-fit/apps/sess_id.c
vendored
Normal file
191
trunk/3rdparty/openssl-1.1-fit/apps/sess_id.c
vendored
Normal file
|
@ -0,0 +1,191 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT,
|
||||
OPT_TEXT, OPT_CERT, OPT_NOOUT, OPT_CONTEXT
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS sess_id_options[] = {
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{"inform", OPT_INFORM, 'F', "Input format - default PEM (DER or PEM)"},
|
||||
{"outform", OPT_OUTFORM, 'f',
|
||||
"Output format - default PEM (PEM, DER or NSS)"},
|
||||
{"in", OPT_IN, 's', "Input file - default stdin"},
|
||||
{"out", OPT_OUT, '>', "Output file - default stdout"},
|
||||
{"text", OPT_TEXT, '-', "Print ssl session id details"},
|
||||
{"cert", OPT_CERT, '-', "Output certificate "},
|
||||
{"noout", OPT_NOOUT, '-', "Don't output the encoded session info"},
|
||||
{"context", OPT_CONTEXT, 's', "Set the session ID context"},
|
||||
{NULL}
|
||||
};
|
||||
|
||||
static SSL_SESSION *load_sess_id(char *file, int format);
|
||||
|
||||
int sess_id_main(int argc, char **argv)
|
||||
{
|
||||
SSL_SESSION *x = NULL;
|
||||
X509 *peer = NULL;
|
||||
BIO *out = NULL;
|
||||
char *infile = NULL, *outfile = NULL, *context = NULL, *prog;
|
||||
int informat = FORMAT_PEM, outformat = FORMAT_PEM;
|
||||
int cert = 0, noout = 0, text = 0, ret = 1, i, num = 0;
|
||||
OPTION_CHOICE o;
|
||||
|
||||
prog = opt_init(argc, argv, sess_id_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF:
|
||||
case OPT_ERR:
|
||||
opthelp:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
case OPT_HELP:
|
||||
opt_help(sess_id_options);
|
||||
ret = 0;
|
||||
goto end;
|
||||
case OPT_INFORM:
|
||||
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_OUTFORM:
|
||||
if (!opt_format(opt_arg(), OPT_FMT_PEMDER | OPT_FMT_NSS,
|
||||
&outformat))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_IN:
|
||||
infile = opt_arg();
|
||||
break;
|
||||
case OPT_OUT:
|
||||
outfile = opt_arg();
|
||||
break;
|
||||
case OPT_TEXT:
|
||||
text = ++num;
|
||||
break;
|
||||
case OPT_CERT:
|
||||
cert = ++num;
|
||||
break;
|
||||
case OPT_NOOUT:
|
||||
noout = ++num;
|
||||
break;
|
||||
case OPT_CONTEXT:
|
||||
context = opt_arg();
|
||||
break;
|
||||
}
|
||||
}
|
||||
argc = opt_num_rest();
|
||||
if (argc != 0)
|
||||
goto opthelp;
|
||||
|
||||
x = load_sess_id(infile, informat);
|
||||
if (x == NULL) {
|
||||
goto end;
|
||||
}
|
||||
peer = SSL_SESSION_get0_peer(x);
|
||||
|
||||
if (context != NULL) {
|
||||
size_t ctx_len = strlen(context);
|
||||
if (ctx_len > SSL_MAX_SID_CTX_LENGTH) {
|
||||
BIO_printf(bio_err, "Context too long\n");
|
||||
goto end;
|
||||
}
|
||||
if (!SSL_SESSION_set1_id_context(x, (unsigned char *)context,
|
||||
ctx_len)) {
|
||||
BIO_printf(bio_err, "Error setting id context\n");
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if (!noout || text) {
|
||||
out = bio_open_default(outfile, 'w', outformat);
|
||||
if (out == NULL)
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (text) {
|
||||
SSL_SESSION_print(out, x);
|
||||
|
||||
if (cert) {
|
||||
if (peer == NULL)
|
||||
BIO_puts(out, "No certificate present\n");
|
||||
else
|
||||
X509_print(out, peer);
|
||||
}
|
||||
}
|
||||
|
||||
if (!noout && !cert) {
|
||||
if (outformat == FORMAT_ASN1) {
|
||||
i = i2d_SSL_SESSION_bio(out, x);
|
||||
} else if (outformat == FORMAT_PEM) {
|
||||
i = PEM_write_bio_SSL_SESSION(out, x);
|
||||
} else if (outformat == FORMAT_NSS) {
|
||||
i = SSL_SESSION_print_keylog(out, x);
|
||||
} else {
|
||||
BIO_printf(bio_err, "bad output format specified for outfile\n");
|
||||
goto end;
|
||||
}
|
||||
if (!i) {
|
||||
BIO_printf(bio_err, "unable to write SSL_SESSION\n");
|
||||
goto end;
|
||||
}
|
||||
} else if (!noout && (peer != NULL)) { /* just print the certificate */
|
||||
if (outformat == FORMAT_ASN1) {
|
||||
i = (int)i2d_X509_bio(out, peer);
|
||||
} else if (outformat == FORMAT_PEM) {
|
||||
i = PEM_write_bio_X509(out, peer);
|
||||
} else {
|
||||
BIO_printf(bio_err, "bad output format specified for outfile\n");
|
||||
goto end;
|
||||
}
|
||||
if (!i) {
|
||||
BIO_printf(bio_err, "unable to write X509\n");
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
ret = 0;
|
||||
end:
|
||||
BIO_free_all(out);
|
||||
SSL_SESSION_free(x);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static SSL_SESSION *load_sess_id(char *infile, int format)
|
||||
{
|
||||
SSL_SESSION *x = NULL;
|
||||
BIO *in = NULL;
|
||||
|
||||
in = bio_open_default(infile, 'r', format);
|
||||
if (in == NULL)
|
||||
goto end;
|
||||
if (format == FORMAT_ASN1)
|
||||
x = d2i_SSL_SESSION_bio(in, NULL);
|
||||
else
|
||||
x = PEM_read_bio_SSL_SESSION(in, NULL, NULL, NULL);
|
||||
if (x == NULL) {
|
||||
BIO_printf(bio_err, "unable to load SSL_SESSION\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
end:
|
||||
BIO_free(in);
|
||||
return x;
|
||||
}
|
647
trunk/3rdparty/openssl-1.1-fit/apps/smime.c
vendored
Normal file
647
trunk/3rdparty/openssl-1.1-fit/apps/smime.c
vendored
Normal file
|
@ -0,0 +1,647 @@
|
|||
/*
|
||||
* Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
/* S/MIME utility function */
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/x509_vfy.h>
|
||||
#include <openssl/x509v3.h>
|
||||
|
||||
static int save_certs(char *signerfile, STACK_OF(X509) *signers);
|
||||
static int smime_cb(int ok, X509_STORE_CTX *ctx);
|
||||
|
||||
#define SMIME_OP 0x10
|
||||
#define SMIME_IP 0x20
|
||||
#define SMIME_SIGNERS 0x40
|
||||
#define SMIME_ENCRYPT (1 | SMIME_OP)
|
||||
#define SMIME_DECRYPT (2 | SMIME_IP)
|
||||
#define SMIME_SIGN (3 | SMIME_OP | SMIME_SIGNERS)
|
||||
#define SMIME_VERIFY (4 | SMIME_IP)
|
||||
#define SMIME_PK7OUT (5 | SMIME_IP | SMIME_OP)
|
||||
#define SMIME_RESIGN (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS)
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
OPT_ENCRYPT, OPT_DECRYPT, OPT_SIGN, OPT_RESIGN, OPT_VERIFY,
|
||||
OPT_PK7OUT, OPT_TEXT, OPT_NOINTERN, OPT_NOVERIFY, OPT_NOCHAIN,
|
||||
OPT_NOCERTS, OPT_NOATTR, OPT_NODETACH, OPT_NOSMIMECAP,
|
||||
OPT_BINARY, OPT_NOSIGS, OPT_STREAM, OPT_INDEF, OPT_NOINDEF,
|
||||
OPT_CRLFEOL, OPT_ENGINE, OPT_PASSIN,
|
||||
OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP, OPT_MD,
|
||||
OPT_CIPHER, OPT_INKEY, OPT_KEYFORM, OPT_CERTFILE, OPT_CAFILE,
|
||||
OPT_R_ENUM,
|
||||
OPT_V_ENUM,
|
||||
OPT_CAPATH, OPT_NOCAFILE, OPT_NOCAPATH, OPT_IN, OPT_INFORM, OPT_OUT,
|
||||
OPT_OUTFORM, OPT_CONTENT
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS smime_options[] = {
|
||||
{OPT_HELP_STR, 1, '-', "Usage: %s [options] cert.pem...\n"},
|
||||
{OPT_HELP_STR, 1, '-',
|
||||
" cert.pem... recipient certs for encryption\n"},
|
||||
{OPT_HELP_STR, 1, '-', "Valid options are:\n"},
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{"encrypt", OPT_ENCRYPT, '-', "Encrypt message"},
|
||||
{"decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message"},
|
||||
{"sign", OPT_SIGN, '-', "Sign message"},
|
||||
{"verify", OPT_VERIFY, '-', "Verify signed message"},
|
||||
{"pk7out", OPT_PK7OUT, '-', "Output PKCS#7 structure"},
|
||||
{"nointern", OPT_NOINTERN, '-',
|
||||
"Don't search certificates in message for signer"},
|
||||
{"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"},
|
||||
{"noverify", OPT_NOVERIFY, '-', "Don't verify signers certificate"},
|
||||
{"nocerts", OPT_NOCERTS, '-',
|
||||
"Don't include signers certificate when signing"},
|
||||
{"nodetach", OPT_NODETACH, '-', "Use opaque signing"},
|
||||
{"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"},
|
||||
{"binary", OPT_BINARY, '-', "Don't translate message to text"},
|
||||
{"certfile", OPT_CERTFILE, '<', "Other certificates file"},
|
||||
{"signer", OPT_SIGNER, 's', "Signer certificate file"},
|
||||
{"recip", OPT_RECIP, '<', "Recipient certificate file for decryption"},
|
||||
{"in", OPT_IN, '<', "Input file"},
|
||||
{"inform", OPT_INFORM, 'c', "Input format SMIME (default), PEM or DER"},
|
||||
{"inkey", OPT_INKEY, 's',
|
||||
"Input private key (if not signer or recipient)"},
|
||||
{"keyform", OPT_KEYFORM, 'f', "Input private key format (PEM or ENGINE)"},
|
||||
{"out", OPT_OUT, '>', "Output file"},
|
||||
{"outform", OPT_OUTFORM, 'c',
|
||||
"Output format SMIME (default), PEM or DER"},
|
||||
{"content", OPT_CONTENT, '<',
|
||||
"Supply or override content for detached signature"},
|
||||
{"to", OPT_TO, 's', "To address"},
|
||||
{"from", OPT_FROM, 's', "From address"},
|
||||
{"subject", OPT_SUBJECT, 's', "Subject"},
|
||||
{"text", OPT_TEXT, '-', "Include or delete text MIME headers"},
|
||||
{"CApath", OPT_CAPATH, '/', "Trusted certificates directory"},
|
||||
{"CAfile", OPT_CAFILE, '<', "Trusted certificates file"},
|
||||
{"no-CAfile", OPT_NOCAFILE, '-',
|
||||
"Do not load the default certificates file"},
|
||||
{"no-CApath", OPT_NOCAPATH, '-',
|
||||
"Do not load certificates from the default certificates directory"},
|
||||
{"resign", OPT_RESIGN, '-', "Resign a signed message"},
|
||||
{"nochain", OPT_NOCHAIN, '-',
|
||||
"set PKCS7_NOCHAIN so certificates contained in the message are not used as untrusted CAs" },
|
||||
{"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute"},
|
||||
{"stream", OPT_STREAM, '-', "Enable CMS streaming" },
|
||||
{"indef", OPT_INDEF, '-', "Same as -stream" },
|
||||
{"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"},
|
||||
{"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only"},
|
||||
OPT_R_OPTIONS,
|
||||
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
|
||||
{"md", OPT_MD, 's', "Digest algorithm to use when signing or resigning"},
|
||||
{"", OPT_CIPHER, '-', "Any supported cipher"},
|
||||
OPT_V_OPTIONS,
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
|
||||
#endif
|
||||
{NULL}
|
||||
};
|
||||
|
||||
int smime_main(int argc, char **argv)
|
||||
{
|
||||
BIO *in = NULL, *out = NULL, *indata = NULL;
|
||||
EVP_PKEY *key = NULL;
|
||||
PKCS7 *p7 = NULL;
|
||||
STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;
|
||||
STACK_OF(X509) *encerts = NULL, *other = NULL;
|
||||
X509 *cert = NULL, *recip = NULL, *signer = NULL;
|
||||
X509_STORE *store = NULL;
|
||||
X509_VERIFY_PARAM *vpm = NULL;
|
||||
const EVP_CIPHER *cipher = NULL;
|
||||
const EVP_MD *sign_md = NULL;
|
||||
const char *CAfile = NULL, *CApath = NULL, *prog = NULL;
|
||||
char *certfile = NULL, *keyfile = NULL, *contfile = NULL;
|
||||
char *infile = NULL, *outfile = NULL, *signerfile = NULL, *recipfile = NULL;
|
||||
char *passinarg = NULL, *passin = NULL, *to = NULL, *from = NULL, *subject = NULL;
|
||||
OPTION_CHOICE o;
|
||||
int noCApath = 0, noCAfile = 0;
|
||||
int flags = PKCS7_DETACHED, operation = 0, ret = 0, indef = 0;
|
||||
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME, keyform =
|
||||
FORMAT_PEM;
|
||||
int vpmtouched = 0, rv = 0;
|
||||
ENGINE *e = NULL;
|
||||
const char *mime_eol = "\n";
|
||||
|
||||
if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
|
||||
return 1;
|
||||
|
||||
prog = opt_init(argc, argv, smime_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF:
|
||||
case OPT_ERR:
|
||||
opthelp:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
case OPT_HELP:
|
||||
opt_help(smime_options);
|
||||
ret = 0;
|
||||
goto end;
|
||||
case OPT_INFORM:
|
||||
if (!opt_format(opt_arg(), OPT_FMT_PDS, &informat))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_IN:
|
||||
infile = opt_arg();
|
||||
break;
|
||||
case OPT_OUTFORM:
|
||||
if (!opt_format(opt_arg(), OPT_FMT_PDS, &outformat))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_OUT:
|
||||
outfile = opt_arg();
|
||||
break;
|
||||
case OPT_ENCRYPT:
|
||||
operation = SMIME_ENCRYPT;
|
||||
break;
|
||||
case OPT_DECRYPT:
|
||||
operation = SMIME_DECRYPT;
|
||||
break;
|
||||
case OPT_SIGN:
|
||||
operation = SMIME_SIGN;
|
||||
break;
|
||||
case OPT_RESIGN:
|
||||
operation = SMIME_RESIGN;
|
||||
break;
|
||||
case OPT_VERIFY:
|
||||
operation = SMIME_VERIFY;
|
||||
break;
|
||||
case OPT_PK7OUT:
|
||||
operation = SMIME_PK7OUT;
|
||||
break;
|
||||
case OPT_TEXT:
|
||||
flags |= PKCS7_TEXT;
|
||||
break;
|
||||
case OPT_NOINTERN:
|
||||
flags |= PKCS7_NOINTERN;
|
||||
break;
|
||||
case OPT_NOVERIFY:
|
||||
flags |= PKCS7_NOVERIFY;
|
||||
break;
|
||||
case OPT_NOCHAIN:
|
||||
flags |= PKCS7_NOCHAIN;
|
||||
break;
|
||||
case OPT_NOCERTS:
|
||||
flags |= PKCS7_NOCERTS;
|
||||
break;
|
||||
case OPT_NOATTR:
|
||||
flags |= PKCS7_NOATTR;
|
||||
break;
|
||||
case OPT_NODETACH:
|
||||
flags &= ~PKCS7_DETACHED;
|
||||
break;
|
||||
case OPT_NOSMIMECAP:
|
||||
flags |= PKCS7_NOSMIMECAP;
|
||||
break;
|
||||
case OPT_BINARY:
|
||||
flags |= PKCS7_BINARY;
|
||||
break;
|
||||
case OPT_NOSIGS:
|
||||
flags |= PKCS7_NOSIGS;
|
||||
break;
|
||||
case OPT_STREAM:
|
||||
case OPT_INDEF:
|
||||
indef = 1;
|
||||
break;
|
||||
case OPT_NOINDEF:
|
||||
indef = 0;
|
||||
break;
|
||||
case OPT_CRLFEOL:
|
||||
flags |= PKCS7_CRLFEOL;
|
||||
mime_eol = "\r\n";
|
||||
break;
|
||||
case OPT_R_CASES:
|
||||
if (!opt_rand(o))
|
||||
goto end;
|
||||
break;
|
||||
case OPT_ENGINE:
|
||||
e = setup_engine(opt_arg(), 0);
|
||||
break;
|
||||
case OPT_PASSIN:
|
||||
passinarg = opt_arg();
|
||||
break;
|
||||
case OPT_TO:
|
||||
to = opt_arg();
|
||||
break;
|
||||
case OPT_FROM:
|
||||
from = opt_arg();
|
||||
break;
|
||||
case OPT_SUBJECT:
|
||||
subject = opt_arg();
|
||||
break;
|
||||
case OPT_SIGNER:
|
||||
/* If previous -signer argument add signer to list */
|
||||
if (signerfile != NULL) {
|
||||
if (sksigners == NULL
|
||||
&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
|
||||
goto end;
|
||||
sk_OPENSSL_STRING_push(sksigners, signerfile);
|
||||
if (keyfile == NULL)
|
||||
keyfile = signerfile;
|
||||
if (skkeys == NULL
|
||||
&& (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
|
||||
goto end;
|
||||
sk_OPENSSL_STRING_push(skkeys, keyfile);
|
||||
keyfile = NULL;
|
||||
}
|
||||
signerfile = opt_arg();
|
||||
break;
|
||||
case OPT_RECIP:
|
||||
recipfile = opt_arg();
|
||||
break;
|
||||
case OPT_MD:
|
||||
if (!opt_md(opt_arg(), &sign_md))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_CIPHER:
|
||||
if (!opt_cipher(opt_unknown(), &cipher))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_INKEY:
|
||||
/* If previous -inkey argument add signer to list */
|
||||
if (keyfile != NULL) {
|
||||
if (signerfile == NULL) {
|
||||
BIO_printf(bio_err,
|
||||
"%s: Must have -signer before -inkey\n", prog);
|
||||
goto opthelp;
|
||||
}
|
||||
if (sksigners == NULL
|
||||
&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
|
||||
goto end;
|
||||
sk_OPENSSL_STRING_push(sksigners, signerfile);
|
||||
signerfile = NULL;
|
||||
if (skkeys == NULL
|
||||
&& (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
|
||||
goto end;
|
||||
sk_OPENSSL_STRING_push(skkeys, keyfile);
|
||||
}
|
||||
keyfile = opt_arg();
|
||||
break;
|
||||
case OPT_KEYFORM:
|
||||
if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_CERTFILE:
|
||||
certfile = opt_arg();
|
||||
break;
|
||||
case OPT_CAFILE:
|
||||
CAfile = opt_arg();
|
||||
break;
|
||||
case OPT_CAPATH:
|
||||
CApath = opt_arg();
|
||||
break;
|
||||
case OPT_NOCAFILE:
|
||||
noCAfile = 1;
|
||||
break;
|
||||
case OPT_NOCAPATH:
|
||||
noCApath = 1;
|
||||
break;
|
||||
case OPT_CONTENT:
|
||||
contfile = opt_arg();
|
||||
break;
|
||||
case OPT_V_CASES:
|
||||
if (!opt_verify(o, vpm))
|
||||
goto opthelp;
|
||||
vpmtouched++;
|
||||
break;
|
||||
}
|
||||
}
|
||||
argc = opt_num_rest();
|
||||
argv = opt_rest();
|
||||
|
||||
if (!(operation & SMIME_SIGNERS) && (skkeys != NULL || sksigners != NULL)) {
|
||||
BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
|
||||
goto opthelp;
|
||||
}
|
||||
|
||||
if (operation & SMIME_SIGNERS) {
|
||||
/* Check to see if any final signer needs to be appended */
|
||||
if (keyfile && !signerfile) {
|
||||
BIO_puts(bio_err, "Illegal -inkey without -signer\n");
|
||||
goto opthelp;
|
||||
}
|
||||
if (signerfile != NULL) {
|
||||
if (sksigners == NULL
|
||||
&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
|
||||
goto end;
|
||||
sk_OPENSSL_STRING_push(sksigners, signerfile);
|
||||
if (!skkeys && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
|
||||
goto end;
|
||||
if (!keyfile)
|
||||
keyfile = signerfile;
|
||||
sk_OPENSSL_STRING_push(skkeys, keyfile);
|
||||
}
|
||||
if (sksigners == NULL) {
|
||||
BIO_printf(bio_err, "No signer certificate specified\n");
|
||||
goto opthelp;
|
||||
}
|
||||
signerfile = NULL;
|
||||
keyfile = NULL;
|
||||
} else if (operation == SMIME_DECRYPT) {
|
||||
if (recipfile == NULL && keyfile == NULL) {
|
||||
BIO_printf(bio_err,
|
||||
"No recipient certificate or key specified\n");
|
||||
goto opthelp;
|
||||
}
|
||||
} else if (operation == SMIME_ENCRYPT) {
|
||||
if (argc == 0) {
|
||||
BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
|
||||
goto opthelp;
|
||||
}
|
||||
} else if (!operation) {
|
||||
goto opthelp;
|
||||
}
|
||||
|
||||
if (!app_passwd(passinarg, NULL, &passin, NULL)) {
|
||||
BIO_printf(bio_err, "Error getting password\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
ret = 2;
|
||||
|
||||
if (!(operation & SMIME_SIGNERS))
|
||||
flags &= ~PKCS7_DETACHED;
|
||||
|
||||
if (!(operation & SMIME_OP)) {
|
||||
if (flags & PKCS7_BINARY)
|
||||
outformat = FORMAT_BINARY;
|
||||
}
|
||||
|
||||
if (!(operation & SMIME_IP)) {
|
||||
if (flags & PKCS7_BINARY)
|
||||
informat = FORMAT_BINARY;
|
||||
}
|
||||
|
||||
if (operation == SMIME_ENCRYPT) {
|
||||
if (cipher == NULL) {
|
||||
#ifndef OPENSSL_NO_DES
|
||||
cipher = EVP_des_ede3_cbc();
|
||||
#else
|
||||
BIO_printf(bio_err, "No cipher selected\n");
|
||||
goto end;
|
||||
#endif
|
||||
}
|
||||
encerts = sk_X509_new_null();
|
||||
if (encerts == NULL)
|
||||
goto end;
|
||||
while (*argv != NULL) {
|
||||
cert = load_cert(*argv, FORMAT_PEM,
|
||||
"recipient certificate file");
|
||||
if (cert == NULL)
|
||||
goto end;
|
||||
sk_X509_push(encerts, cert);
|
||||
cert = NULL;
|
||||
argv++;
|
||||
}
|
||||
}
|
||||
|
||||
if (certfile != NULL) {
|
||||
if (!load_certs(certfile, &other, FORMAT_PEM, NULL,
|
||||
"certificate file")) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if (recipfile != NULL && (operation == SMIME_DECRYPT)) {
|
||||
if ((recip = load_cert(recipfile, FORMAT_PEM,
|
||||
"recipient certificate file")) == NULL) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if (operation == SMIME_DECRYPT) {
|
||||
if (keyfile == NULL)
|
||||
keyfile = recipfile;
|
||||
} else if (operation == SMIME_SIGN) {
|
||||
if (keyfile == NULL)
|
||||
keyfile = signerfile;
|
||||
} else {
|
||||
keyfile = NULL;
|
||||
}
|
||||
|
||||
if (keyfile != NULL) {
|
||||
key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
|
||||
if (key == NULL)
|
||||
goto end;
|
||||
}
|
||||
|
||||
in = bio_open_default(infile, 'r', informat);
|
||||
if (in == NULL)
|
||||
goto end;
|
||||
|
||||
if (operation & SMIME_IP) {
|
||||
if (informat == FORMAT_SMIME) {
|
||||
p7 = SMIME_read_PKCS7(in, &indata);
|
||||
} else if (informat == FORMAT_PEM) {
|
||||
p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
|
||||
} else if (informat == FORMAT_ASN1) {
|
||||
p7 = d2i_PKCS7_bio(in, NULL);
|
||||
} else {
|
||||
BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (p7 == NULL) {
|
||||
BIO_printf(bio_err, "Error reading S/MIME message\n");
|
||||
goto end;
|
||||
}
|
||||
if (contfile != NULL) {
|
||||
BIO_free(indata);
|
||||
if ((indata = BIO_new_file(contfile, "rb")) == NULL) {
|
||||
BIO_printf(bio_err, "Can't read content file %s\n", contfile);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
out = bio_open_default(outfile, 'w', outformat);
|
||||
if (out == NULL)
|
||||
goto end;
|
||||
|
||||
if (operation == SMIME_VERIFY) {
|
||||
if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL)
|
||||
goto end;
|
||||
X509_STORE_set_verify_cb(store, smime_cb);
|
||||
if (vpmtouched)
|
||||
X509_STORE_set1_param(store, vpm);
|
||||
}
|
||||
|
||||
ret = 3;
|
||||
|
||||
if (operation == SMIME_ENCRYPT) {
|
||||
if (indef)
|
||||
flags |= PKCS7_STREAM;
|
||||
p7 = PKCS7_encrypt(encerts, in, cipher, flags);
|
||||
} else if (operation & SMIME_SIGNERS) {
|
||||
int i;
|
||||
/*
|
||||
* If detached data content we only enable streaming if S/MIME output
|
||||
* format.
|
||||
*/
|
||||
if (operation == SMIME_SIGN) {
|
||||
if (flags & PKCS7_DETACHED) {
|
||||
if (outformat == FORMAT_SMIME)
|
||||
flags |= PKCS7_STREAM;
|
||||
} else if (indef) {
|
||||
flags |= PKCS7_STREAM;
|
||||
}
|
||||
flags |= PKCS7_PARTIAL;
|
||||
p7 = PKCS7_sign(NULL, NULL, other, in, flags);
|
||||
if (p7 == NULL)
|
||||
goto end;
|
||||
if (flags & PKCS7_NOCERTS) {
|
||||
for (i = 0; i < sk_X509_num(other); i++) {
|
||||
X509 *x = sk_X509_value(other, i);
|
||||
PKCS7_add_certificate(p7, x);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
flags |= PKCS7_REUSE_DIGEST;
|
||||
}
|
||||
for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {
|
||||
signerfile = sk_OPENSSL_STRING_value(sksigners, i);
|
||||
keyfile = sk_OPENSSL_STRING_value(skkeys, i);
|
||||
signer = load_cert(signerfile, FORMAT_PEM,
|
||||
"signer certificate");
|
||||
if (signer == NULL)
|
||||
goto end;
|
||||
key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
|
||||
if (key == NULL)
|
||||
goto end;
|
||||
if (!PKCS7_sign_add_signer(p7, signer, key, sign_md, flags))
|
||||
goto end;
|
||||
X509_free(signer);
|
||||
signer = NULL;
|
||||
EVP_PKEY_free(key);
|
||||
key = NULL;
|
||||
}
|
||||
/* If not streaming or resigning finalize structure */
|
||||
if ((operation == SMIME_SIGN) && !(flags & PKCS7_STREAM)) {
|
||||
if (!PKCS7_final(p7, in, flags))
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if (p7 == NULL) {
|
||||
BIO_printf(bio_err, "Error creating PKCS#7 structure\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
ret = 4;
|
||||
if (operation == SMIME_DECRYPT) {
|
||||
if (!PKCS7_decrypt(p7, key, recip, out, flags)) {
|
||||
BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n");
|
||||
goto end;
|
||||
}
|
||||
} else if (operation == SMIME_VERIFY) {
|
||||
STACK_OF(X509) *signers;
|
||||
if (PKCS7_verify(p7, other, store, indata, out, flags))
|
||||
BIO_printf(bio_err, "Verification successful\n");
|
||||
else {
|
||||
BIO_printf(bio_err, "Verification failure\n");
|
||||
goto end;
|
||||
}
|
||||
signers = PKCS7_get0_signers(p7, other, flags);
|
||||
if (!save_certs(signerfile, signers)) {
|
||||
BIO_printf(bio_err, "Error writing signers to %s\n", signerfile);
|
||||
ret = 5;
|
||||
goto end;
|
||||
}
|
||||
sk_X509_free(signers);
|
||||
} else if (operation == SMIME_PK7OUT) {
|
||||
PEM_write_bio_PKCS7(out, p7);
|
||||
} else {
|
||||
if (to)
|
||||
BIO_printf(out, "To: %s%s", to, mime_eol);
|
||||
if (from)
|
||||
BIO_printf(out, "From: %s%s", from, mime_eol);
|
||||
if (subject)
|
||||
BIO_printf(out, "Subject: %s%s", subject, mime_eol);
|
||||
if (outformat == FORMAT_SMIME) {
|
||||
if (operation == SMIME_RESIGN)
|
||||
rv = SMIME_write_PKCS7(out, p7, indata, flags);
|
||||
else
|
||||
rv = SMIME_write_PKCS7(out, p7, in, flags);
|
||||
} else if (outformat == FORMAT_PEM) {
|
||||
rv = PEM_write_bio_PKCS7_stream(out, p7, in, flags);
|
||||
} else if (outformat == FORMAT_ASN1) {
|
||||
rv = i2d_PKCS7_bio_stream(out, p7, in, flags);
|
||||
} else {
|
||||
BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");
|
||||
goto end;
|
||||
}
|
||||
if (rv == 0) {
|
||||
BIO_printf(bio_err, "Error writing output\n");
|
||||
ret = 3;
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
ret = 0;
|
||||
end:
|
||||
if (ret)
|
||||
ERR_print_errors(bio_err);
|
||||
sk_X509_pop_free(encerts, X509_free);
|
||||
sk_X509_pop_free(other, X509_free);
|
||||
X509_VERIFY_PARAM_free(vpm);
|
||||
sk_OPENSSL_STRING_free(sksigners);
|
||||
sk_OPENSSL_STRING_free(skkeys);
|
||||
X509_STORE_free(store);
|
||||
X509_free(cert);
|
||||
X509_free(recip);
|
||||
X509_free(signer);
|
||||
EVP_PKEY_free(key);
|
||||
PKCS7_free(p7);
|
||||
release_engine(e);
|
||||
BIO_free(in);
|
||||
BIO_free(indata);
|
||||
BIO_free_all(out);
|
||||
OPENSSL_free(passin);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int save_certs(char *signerfile, STACK_OF(X509) *signers)
|
||||
{
|
||||
int i;
|
||||
BIO *tmp;
|
||||
|
||||
if (signerfile == NULL)
|
||||
return 1;
|
||||
tmp = BIO_new_file(signerfile, "w");
|
||||
if (tmp == NULL)
|
||||
return 0;
|
||||
for (i = 0; i < sk_X509_num(signers); i++)
|
||||
PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
|
||||
BIO_free(tmp);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* Minimal callback just to output policy info (if any) */
|
||||
|
||||
static int smime_cb(int ok, X509_STORE_CTX *ctx)
|
||||
{
|
||||
int error;
|
||||
|
||||
error = X509_STORE_CTX_get_error(ctx);
|
||||
|
||||
if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)
|
||||
&& ((error != X509_V_OK) || (ok != 2)))
|
||||
return ok;
|
||||
|
||||
policies_print(ctx);
|
||||
|
||||
return ok;
|
||||
}
|
3691
trunk/3rdparty/openssl-1.1-fit/apps/speed.c
vendored
Normal file
3691
trunk/3rdparty/openssl-1.1-fit/apps/speed.c
vendored
Normal file
File diff suppressed because it is too large
Load diff
202
trunk/3rdparty/openssl-1.1-fit/apps/spkac.c
vendored
Normal file
202
trunk/3rdparty/openssl-1.1-fit/apps/spkac.c
vendored
Normal file
|
@ -0,0 +1,202 @@
|
|||
/*
|
||||
* Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <time.h>
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/conf.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pem.h>
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
OPT_NOOUT, OPT_PUBKEY, OPT_VERIFY, OPT_IN, OPT_OUT,
|
||||
OPT_ENGINE, OPT_KEY, OPT_CHALLENGE, OPT_PASSIN, OPT_SPKAC,
|
||||
OPT_SPKSECT, OPT_KEYFORM
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS spkac_options[] = {
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{"in", OPT_IN, '<', "Input file"},
|
||||
{"out", OPT_OUT, '>', "Output file"},
|
||||
{"key", OPT_KEY, '<', "Create SPKAC using private key"},
|
||||
{"keyform", OPT_KEYFORM, 'f', "Private key file format - default PEM (PEM, DER, or ENGINE)"},
|
||||
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
|
||||
{"challenge", OPT_CHALLENGE, 's', "Challenge string"},
|
||||
{"spkac", OPT_SPKAC, 's', "Alternative SPKAC name"},
|
||||
{"noout", OPT_NOOUT, '-', "Don't print SPKAC"},
|
||||
{"pubkey", OPT_PUBKEY, '-', "Output public key"},
|
||||
{"verify", OPT_VERIFY, '-', "Verify SPKAC signature"},
|
||||
{"spksect", OPT_SPKSECT, 's',
|
||||
"Specify the name of an SPKAC-dedicated section of configuration"},
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
|
||||
#endif
|
||||
{NULL}
|
||||
};
|
||||
|
||||
int spkac_main(int argc, char **argv)
|
||||
{
|
||||
BIO *out = NULL;
|
||||
CONF *conf = NULL;
|
||||
ENGINE *e = NULL;
|
||||
EVP_PKEY *pkey = NULL;
|
||||
NETSCAPE_SPKI *spki = NULL;
|
||||
char *challenge = NULL, *keyfile = NULL;
|
||||
char *infile = NULL, *outfile = NULL, *passinarg = NULL, *passin = NULL;
|
||||
char *spkstr = NULL, *prog;
|
||||
const char *spkac = "SPKAC", *spksect = "default";
|
||||
int i, ret = 1, verify = 0, noout = 0, pubkey = 0;
|
||||
int keyformat = FORMAT_PEM;
|
||||
OPTION_CHOICE o;
|
||||
|
||||
prog = opt_init(argc, argv, spkac_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF:
|
||||
case OPT_ERR:
|
||||
opthelp:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
case OPT_HELP:
|
||||
opt_help(spkac_options);
|
||||
ret = 0;
|
||||
goto end;
|
||||
case OPT_IN:
|
||||
infile = opt_arg();
|
||||
break;
|
||||
case OPT_OUT:
|
||||
outfile = opt_arg();
|
||||
break;
|
||||
case OPT_NOOUT:
|
||||
noout = 1;
|
||||
break;
|
||||
case OPT_PUBKEY:
|
||||
pubkey = 1;
|
||||
break;
|
||||
case OPT_VERIFY:
|
||||
verify = 1;
|
||||
break;
|
||||
case OPT_PASSIN:
|
||||
passinarg = opt_arg();
|
||||
break;
|
||||
case OPT_KEY:
|
||||
keyfile = opt_arg();
|
||||
break;
|
||||
case OPT_KEYFORM:
|
||||
if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyformat))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_CHALLENGE:
|
||||
challenge = opt_arg();
|
||||
break;
|
||||
case OPT_SPKAC:
|
||||
spkac = opt_arg();
|
||||
break;
|
||||
case OPT_SPKSECT:
|
||||
spksect = opt_arg();
|
||||
break;
|
||||
case OPT_ENGINE:
|
||||
e = setup_engine(opt_arg(), 0);
|
||||
break;
|
||||
}
|
||||
}
|
||||
argc = opt_num_rest();
|
||||
if (argc != 0)
|
||||
goto opthelp;
|
||||
|
||||
if (!app_passwd(passinarg, NULL, &passin, NULL)) {
|
||||
BIO_printf(bio_err, "Error getting password\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (keyfile != NULL) {
|
||||
pkey = load_key(strcmp(keyfile, "-") ? keyfile : NULL,
|
||||
keyformat, 1, passin, e, "private key");
|
||||
if (pkey == NULL)
|
||||
goto end;
|
||||
spki = NETSCAPE_SPKI_new();
|
||||
if (spki == NULL)
|
||||
goto end;
|
||||
if (challenge != NULL)
|
||||
ASN1_STRING_set(spki->spkac->challenge,
|
||||
challenge, (int)strlen(challenge));
|
||||
NETSCAPE_SPKI_set_pubkey(spki, pkey);
|
||||
NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
|
||||
spkstr = NETSCAPE_SPKI_b64_encode(spki);
|
||||
if (spkstr == NULL)
|
||||
goto end;
|
||||
|
||||
out = bio_open_default(outfile, 'w', FORMAT_TEXT);
|
||||
if (out == NULL) {
|
||||
OPENSSL_free(spkstr);
|
||||
goto end;
|
||||
}
|
||||
BIO_printf(out, "SPKAC=%s\n", spkstr);
|
||||
OPENSSL_free(spkstr);
|
||||
ret = 0;
|
||||
goto end;
|
||||
}
|
||||
|
||||
if ((conf = app_load_config(infile)) == NULL)
|
||||
goto end;
|
||||
|
||||
spkstr = NCONF_get_string(conf, spksect, spkac);
|
||||
|
||||
if (spkstr == NULL) {
|
||||
BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
|
||||
|
||||
if (spki == NULL) {
|
||||
BIO_printf(bio_err, "Error loading SPKAC\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
out = bio_open_default(outfile, 'w', FORMAT_TEXT);
|
||||
if (out == NULL)
|
||||
goto end;
|
||||
|
||||
if (!noout)
|
||||
NETSCAPE_SPKI_print(out, spki);
|
||||
pkey = NETSCAPE_SPKI_get_pubkey(spki);
|
||||
if (verify) {
|
||||
i = NETSCAPE_SPKI_verify(spki, pkey);
|
||||
if (i > 0) {
|
||||
BIO_printf(bio_err, "Signature OK\n");
|
||||
} else {
|
||||
BIO_printf(bio_err, "Signature Failure\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
if (pubkey)
|
||||
PEM_write_bio_PUBKEY(out, pkey);
|
||||
|
||||
ret = 0;
|
||||
|
||||
end:
|
||||
NCONF_free(conf);
|
||||
NETSCAPE_SPKI_free(spki);
|
||||
BIO_free_all(out);
|
||||
EVP_PKEY_free(pkey);
|
||||
release_engine(e);
|
||||
OPENSSL_free(passin);
|
||||
return ret;
|
||||
}
|
613
trunk/3rdparty/openssl-1.1-fit/apps/srp.c
vendored
Normal file
613
trunk/3rdparty/openssl-1.1-fit/apps/srp.c
vendored
Normal file
|
@ -0,0 +1,613 @@
|
|||
/*
|
||||
* Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2004, EdelKey Project. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*
|
||||
* Originally written by Christophe Renou and Peter Sylvester,
|
||||
* for the EdelKey project.
|
||||
*/
|
||||
|
||||
#include <openssl/opensslconf.h>
|
||||
#ifdef OPENSSL_NO_SRP
|
||||
NON_EMPTY_TRANSLATION_UNIT
|
||||
#else
|
||||
|
||||
# include <stdio.h>
|
||||
# include <stdlib.h>
|
||||
# include <string.h>
|
||||
# include <openssl/conf.h>
|
||||
# include <openssl/bio.h>
|
||||
# include <openssl/err.h>
|
||||
# include <openssl/txt_db.h>
|
||||
# include <openssl/buffer.h>
|
||||
# include <openssl/srp.h>
|
||||
# include "apps.h"
|
||||
# include "progs.h"
|
||||
|
||||
# define BASE_SECTION "srp"
|
||||
# define CONFIG_FILE "openssl.cnf"
|
||||
|
||||
|
||||
# define ENV_DATABASE "srpvfile"
|
||||
# define ENV_DEFAULT_SRP "default_srp"
|
||||
|
||||
static int get_index(CA_DB *db, char *id, char type)
|
||||
{
|
||||
char **pp;
|
||||
int i;
|
||||
if (id == NULL)
|
||||
return -1;
|
||||
if (type == DB_SRP_INDEX) {
|
||||
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
|
||||
pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
|
||||
if (pp[DB_srptype][0] == DB_SRP_INDEX
|
||||
&& strcmp(id, pp[DB_srpid]) == 0)
|
||||
return i;
|
||||
}
|
||||
} else {
|
||||
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
|
||||
pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
|
||||
|
||||
if (pp[DB_srptype][0] != DB_SRP_INDEX
|
||||
&& strcmp(id, pp[DB_srpid]) == 0)
|
||||
return i;
|
||||
}
|
||||
}
|
||||
|
||||
return -1;
|
||||
}
|
||||
|
||||
static void print_entry(CA_DB *db, int indx, int verbose, char *s)
|
||||
{
|
||||
if (indx >= 0 && verbose) {
|
||||
int j;
|
||||
char **pp = sk_OPENSSL_PSTRING_value(db->db->data, indx);
|
||||
BIO_printf(bio_err, "%s \"%s\"\n", s, pp[DB_srpid]);
|
||||
for (j = 0; j < DB_NUMBER; j++) {
|
||||
BIO_printf(bio_err, " %d = \"%s\"\n", j, pp[j]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static void print_index(CA_DB *db, int indexindex, int verbose)
|
||||
{
|
||||
print_entry(db, indexindex, verbose, "g N entry");
|
||||
}
|
||||
|
||||
static void print_user(CA_DB *db, int userindex, int verbose)
|
||||
{
|
||||
if (verbose > 0) {
|
||||
char **pp = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
|
||||
|
||||
if (pp[DB_srptype][0] != 'I') {
|
||||
print_entry(db, userindex, verbose, "User entry");
|
||||
print_entry(db, get_index(db, pp[DB_srpgN], 'I'), verbose,
|
||||
"g N entry");
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
static int update_index(CA_DB *db, char **row)
|
||||
{
|
||||
char **irow;
|
||||
int i;
|
||||
|
||||
irow = app_malloc(sizeof(*irow) * (DB_NUMBER + 1), "row pointers");
|
||||
for (i = 0; i < DB_NUMBER; i++)
|
||||
irow[i] = row[i];
|
||||
irow[DB_NUMBER] = NULL;
|
||||
|
||||
if (!TXT_DB_insert(db->db, irow)) {
|
||||
BIO_printf(bio_err, "failed to update srpvfile\n");
|
||||
BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error);
|
||||
OPENSSL_free(irow);
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
static char *lookup_conf(const CONF *conf, const char *section, const char *tag)
|
||||
{
|
||||
char *entry = NCONF_get_string(conf, section, tag);
|
||||
if (entry == NULL)
|
||||
BIO_printf(bio_err, "variable lookup failed for %s::%s\n", section, tag);
|
||||
return entry;
|
||||
}
|
||||
|
||||
static char *srp_verify_user(const char *user, const char *srp_verifier,
|
||||
char *srp_usersalt, const char *g, const char *N,
|
||||
const char *passin, int verbose)
|
||||
{
|
||||
char password[1025];
|
||||
PW_CB_DATA cb_tmp;
|
||||
char *verifier = NULL;
|
||||
char *gNid = NULL;
|
||||
int len;
|
||||
|
||||
cb_tmp.prompt_info = user;
|
||||
cb_tmp.password = passin;
|
||||
|
||||
len = password_callback(password, sizeof(password)-1, 0, &cb_tmp);
|
||||
if (len > 0) {
|
||||
password[len] = 0;
|
||||
if (verbose)
|
||||
BIO_printf(bio_err,
|
||||
"Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
|
||||
user, srp_verifier, srp_usersalt, g, N);
|
||||
if (verbose > 1)
|
||||
BIO_printf(bio_err, "Pass %s\n", password);
|
||||
|
||||
OPENSSL_assert(srp_usersalt != NULL);
|
||||
if ((gNid = SRP_create_verifier(user, password, &srp_usersalt,
|
||||
&verifier, N, g)) == NULL) {
|
||||
BIO_printf(bio_err, "Internal error validating SRP verifier\n");
|
||||
} else {
|
||||
if (strcmp(verifier, srp_verifier))
|
||||
gNid = NULL;
|
||||
OPENSSL_free(verifier);
|
||||
}
|
||||
OPENSSL_cleanse(password, len);
|
||||
}
|
||||
return gNid;
|
||||
}
|
||||
|
||||
static char *srp_create_user(char *user, char **srp_verifier,
|
||||
char **srp_usersalt, char *g, char *N,
|
||||
char *passout, int verbose)
|
||||
{
|
||||
char password[1025];
|
||||
PW_CB_DATA cb_tmp;
|
||||
char *gNid = NULL;
|
||||
char *salt = NULL;
|
||||
int len;
|
||||
cb_tmp.prompt_info = user;
|
||||
cb_tmp.password = passout;
|
||||
|
||||
len = password_callback(password, sizeof(password)-1, 1, &cb_tmp);
|
||||
if (len > 0) {
|
||||
password[len] = 0;
|
||||
if (verbose)
|
||||
BIO_printf(bio_err, "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
|
||||
user, g, N);
|
||||
if ((gNid = SRP_create_verifier(user, password, &salt,
|
||||
srp_verifier, N, g)) == NULL) {
|
||||
BIO_printf(bio_err, "Internal error creating SRP verifier\n");
|
||||
} else {
|
||||
*srp_usersalt = salt;
|
||||
}
|
||||
OPENSSL_cleanse(password, len);
|
||||
if (verbose > 1)
|
||||
BIO_printf(bio_err, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n",
|
||||
gNid, salt, *srp_verifier);
|
||||
|
||||
}
|
||||
return gNid;
|
||||
}
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
OPT_VERBOSE, OPT_CONFIG, OPT_NAME, OPT_SRPVFILE, OPT_ADD,
|
||||
OPT_DELETE, OPT_MODIFY, OPT_LIST, OPT_GN, OPT_USERINFO,
|
||||
OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE, OPT_R_ENUM
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS srp_options[] = {
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{"verbose", OPT_VERBOSE, '-', "Talk a lot while doing things"},
|
||||
{"config", OPT_CONFIG, '<', "A config file"},
|
||||
{"name", OPT_NAME, 's', "The particular srp definition to use"},
|
||||
{"srpvfile", OPT_SRPVFILE, '<', "The srp verifier file name"},
|
||||
{"add", OPT_ADD, '-', "Add a user and srp verifier"},
|
||||
{"modify", OPT_MODIFY, '-',
|
||||
"Modify the srp verifier of an existing user"},
|
||||
{"delete", OPT_DELETE, '-', "Delete user from verifier file"},
|
||||
{"list", OPT_LIST, '-', "List users"},
|
||||
{"gn", OPT_GN, 's', "Set g and N values to be used for new verifier"},
|
||||
{"userinfo", OPT_USERINFO, 's', "Additional info to be set for user"},
|
||||
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
|
||||
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
|
||||
OPT_R_OPTIONS,
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
|
||||
# endif
|
||||
{NULL}
|
||||
};
|
||||
|
||||
int srp_main(int argc, char **argv)
|
||||
{
|
||||
ENGINE *e = NULL;
|
||||
CA_DB *db = NULL;
|
||||
CONF *conf = NULL;
|
||||
int gNindex = -1, maxgN = -1, ret = 1, errors = 0, verbose = 0, i;
|
||||
int doupdatedb = 0, mode = OPT_ERR;
|
||||
char *user = NULL, *passinarg = NULL, *passoutarg = NULL;
|
||||
char *passin = NULL, *passout = NULL, *gN = NULL, *userinfo = NULL;
|
||||
char *section = NULL;
|
||||
char **gNrow = NULL, *configfile = NULL;
|
||||
char *srpvfile = NULL, **pp, *prog;
|
||||
OPTION_CHOICE o;
|
||||
|
||||
prog = opt_init(argc, argv, srp_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF:
|
||||
case OPT_ERR:
|
||||
opthelp:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
case OPT_HELP:
|
||||
opt_help(srp_options);
|
||||
ret = 0;
|
||||
goto end;
|
||||
case OPT_VERBOSE:
|
||||
verbose++;
|
||||
break;
|
||||
case OPT_CONFIG:
|
||||
configfile = opt_arg();
|
||||
break;
|
||||
case OPT_NAME:
|
||||
section = opt_arg();
|
||||
break;
|
||||
case OPT_SRPVFILE:
|
||||
srpvfile = opt_arg();
|
||||
break;
|
||||
case OPT_ADD:
|
||||
case OPT_DELETE:
|
||||
case OPT_MODIFY:
|
||||
case OPT_LIST:
|
||||
if (mode != OPT_ERR) {
|
||||
BIO_printf(bio_err,
|
||||
"%s: Only one of -add/-delete/-modify/-list\n",
|
||||
prog);
|
||||
goto opthelp;
|
||||
}
|
||||
mode = o;
|
||||
break;
|
||||
case OPT_GN:
|
||||
gN = opt_arg();
|
||||
break;
|
||||
case OPT_USERINFO:
|
||||
userinfo = opt_arg();
|
||||
break;
|
||||
case OPT_PASSIN:
|
||||
passinarg = opt_arg();
|
||||
break;
|
||||
case OPT_PASSOUT:
|
||||
passoutarg = opt_arg();
|
||||
break;
|
||||
case OPT_ENGINE:
|
||||
e = setup_engine(opt_arg(), 0);
|
||||
break;
|
||||
case OPT_R_CASES:
|
||||
if (!opt_rand(o))
|
||||
goto end;
|
||||
break;
|
||||
}
|
||||
}
|
||||
argc = opt_num_rest();
|
||||
argv = opt_rest();
|
||||
|
||||
if (srpvfile != NULL && configfile != NULL) {
|
||||
BIO_printf(bio_err,
|
||||
"-srpvfile and -configfile cannot be specified together.\n");
|
||||
goto end;
|
||||
}
|
||||
if (mode == OPT_ERR) {
|
||||
BIO_printf(bio_err,
|
||||
"Exactly one of the options -add, -delete, -modify -list must be specified.\n");
|
||||
goto opthelp;
|
||||
}
|
||||
if (mode == OPT_DELETE || mode == OPT_MODIFY || mode == OPT_ADD) {
|
||||
if (argc == 0) {
|
||||
BIO_printf(bio_err, "Need at least one user.\n");
|
||||
goto opthelp;
|
||||
}
|
||||
user = *argv++;
|
||||
}
|
||||
if ((passinarg != NULL || passoutarg != NULL) && argc != 1) {
|
||||
BIO_printf(bio_err,
|
||||
"-passin, -passout arguments only valid with one user.\n");
|
||||
goto opthelp;
|
||||
}
|
||||
|
||||
if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
|
||||
BIO_printf(bio_err, "Error getting passwords\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (srpvfile == NULL) {
|
||||
if (configfile == NULL)
|
||||
configfile = default_config_file;
|
||||
|
||||
if (verbose)
|
||||
BIO_printf(bio_err, "Using configuration from %s\n",
|
||||
configfile);
|
||||
conf = app_load_config(configfile);
|
||||
if (conf == NULL)
|
||||
goto end;
|
||||
if (configfile != default_config_file && !app_load_modules(conf))
|
||||
goto end;
|
||||
|
||||
/* Lets get the config section we are using */
|
||||
if (section == NULL) {
|
||||
if (verbose)
|
||||
BIO_printf(bio_err,
|
||||
"trying to read " ENV_DEFAULT_SRP
|
||||
" in " BASE_SECTION "\n");
|
||||
|
||||
section = lookup_conf(conf, BASE_SECTION, ENV_DEFAULT_SRP);
|
||||
if (section == NULL)
|
||||
goto end;
|
||||
}
|
||||
|
||||
app_RAND_load_conf(conf, BASE_SECTION);
|
||||
|
||||
if (verbose)
|
||||
BIO_printf(bio_err,
|
||||
"trying to read " ENV_DATABASE " in section \"%s\"\n",
|
||||
section);
|
||||
|
||||
srpvfile = lookup_conf(conf, section, ENV_DATABASE);
|
||||
if (srpvfile == NULL)
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (verbose)
|
||||
BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n",
|
||||
srpvfile);
|
||||
|
||||
db = load_index(srpvfile, NULL);
|
||||
if (db == NULL)
|
||||
goto end;
|
||||
|
||||
/* Lets check some fields */
|
||||
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
|
||||
pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
|
||||
|
||||
if (pp[DB_srptype][0] == DB_SRP_INDEX) {
|
||||
maxgN = i;
|
||||
if ((gNindex < 0) && (gN != NULL) && strcmp(gN, pp[DB_srpid]) == 0)
|
||||
gNindex = i;
|
||||
|
||||
print_index(db, i, verbose > 1);
|
||||
}
|
||||
}
|
||||
|
||||
if (verbose)
|
||||
BIO_printf(bio_err, "Database initialised\n");
|
||||
|
||||
if (gNindex >= 0) {
|
||||
gNrow = sk_OPENSSL_PSTRING_value(db->db->data, gNindex);
|
||||
print_entry(db, gNindex, verbose > 1, "Default g and N");
|
||||
} else if (maxgN > 0 && !SRP_get_default_gN(gN)) {
|
||||
BIO_printf(bio_err, "No g and N value for index \"%s\"\n", gN);
|
||||
goto end;
|
||||
} else {
|
||||
if (verbose)
|
||||
BIO_printf(bio_err, "Database has no g N information.\n");
|
||||
gNrow = NULL;
|
||||
}
|
||||
|
||||
if (verbose > 1)
|
||||
BIO_printf(bio_err, "Starting user processing\n");
|
||||
|
||||
while (mode == OPT_LIST || user != NULL) {
|
||||
int userindex = -1;
|
||||
|
||||
if (user != NULL && verbose > 1)
|
||||
BIO_printf(bio_err, "Processing user \"%s\"\n", user);
|
||||
if ((userindex = get_index(db, user, 'U')) >= 0)
|
||||
print_user(db, userindex, (verbose > 0) || mode == OPT_LIST);
|
||||
|
||||
if (mode == OPT_LIST) {
|
||||
if (user == NULL) {
|
||||
BIO_printf(bio_err, "List all users\n");
|
||||
|
||||
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
|
||||
print_user(db, i, 1);
|
||||
} else if (userindex < 0) {
|
||||
BIO_printf(bio_err,
|
||||
"user \"%s\" does not exist, ignored. t\n", user);
|
||||
errors++;
|
||||
}
|
||||
} else if (mode == OPT_ADD) {
|
||||
if (userindex >= 0) {
|
||||
/* reactivation of a new user */
|
||||
char **row =
|
||||
sk_OPENSSL_PSTRING_value(db->db->data, userindex);
|
||||
BIO_printf(bio_err, "user \"%s\" reactivated.\n", user);
|
||||
row[DB_srptype][0] = 'V';
|
||||
|
||||
doupdatedb = 1;
|
||||
} else {
|
||||
char *row[DB_NUMBER];
|
||||
char *gNid;
|
||||
row[DB_srpverifier] = NULL;
|
||||
row[DB_srpsalt] = NULL;
|
||||
row[DB_srpinfo] = NULL;
|
||||
if (!
|
||||
(gNid =
|
||||
srp_create_user(user, &(row[DB_srpverifier]),
|
||||
&(row[DB_srpsalt]),
|
||||
gNrow ? gNrow[DB_srpsalt] : gN,
|
||||
gNrow ? gNrow[DB_srpverifier] : NULL,
|
||||
passout, verbose))) {
|
||||
BIO_printf(bio_err,
|
||||
"Cannot create srp verifier for user \"%s\", operation abandoned .\n",
|
||||
user);
|
||||
errors++;
|
||||
goto end;
|
||||
}
|
||||
row[DB_srpid] = OPENSSL_strdup(user);
|
||||
row[DB_srptype] = OPENSSL_strdup("v");
|
||||
row[DB_srpgN] = OPENSSL_strdup(gNid);
|
||||
|
||||
if ((row[DB_srpid] == NULL)
|
||||
|| (row[DB_srpgN] == NULL)
|
||||
|| (row[DB_srptype] == NULL)
|
||||
|| (row[DB_srpverifier] == NULL)
|
||||
|| (row[DB_srpsalt] == NULL)
|
||||
|| (userinfo
|
||||
&& ((row[DB_srpinfo] = OPENSSL_strdup(userinfo)) == NULL))
|
||||
|| !update_index(db, row)) {
|
||||
OPENSSL_free(row[DB_srpid]);
|
||||
OPENSSL_free(row[DB_srpgN]);
|
||||
OPENSSL_free(row[DB_srpinfo]);
|
||||
OPENSSL_free(row[DB_srptype]);
|
||||
OPENSSL_free(row[DB_srpverifier]);
|
||||
OPENSSL_free(row[DB_srpsalt]);
|
||||
goto end;
|
||||
}
|
||||
doupdatedb = 1;
|
||||
}
|
||||
} else if (mode == OPT_MODIFY) {
|
||||
if (userindex < 0) {
|
||||
BIO_printf(bio_err,
|
||||
"user \"%s\" does not exist, operation ignored.\n",
|
||||
user);
|
||||
errors++;
|
||||
} else {
|
||||
|
||||
char **row =
|
||||
sk_OPENSSL_PSTRING_value(db->db->data, userindex);
|
||||
char type = row[DB_srptype][0];
|
||||
if (type == 'v') {
|
||||
BIO_printf(bio_err,
|
||||
"user \"%s\" already updated, operation ignored.\n",
|
||||
user);
|
||||
errors++;
|
||||
} else {
|
||||
char *gNid;
|
||||
|
||||
if (row[DB_srptype][0] == 'V') {
|
||||
int user_gN;
|
||||
char **irow = NULL;
|
||||
if (verbose)
|
||||
BIO_printf(bio_err,
|
||||
"Verifying password for user \"%s\"\n",
|
||||
user);
|
||||
if ((user_gN =
|
||||
get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0)
|
||||
irow =
|
||||
sk_OPENSSL_PSTRING_value(db->db->data,
|
||||
userindex);
|
||||
|
||||
if (!srp_verify_user
|
||||
(user, row[DB_srpverifier], row[DB_srpsalt],
|
||||
irow ? irow[DB_srpsalt] : row[DB_srpgN],
|
||||
irow ? irow[DB_srpverifier] : NULL, passin,
|
||||
verbose)) {
|
||||
BIO_printf(bio_err,
|
||||
"Invalid password for user \"%s\", operation abandoned.\n",
|
||||
user);
|
||||
errors++;
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
if (verbose)
|
||||
BIO_printf(bio_err, "Password for user \"%s\" ok.\n",
|
||||
user);
|
||||
|
||||
if (!
|
||||
(gNid =
|
||||
srp_create_user(user, &(row[DB_srpverifier]),
|
||||
&(row[DB_srpsalt]),
|
||||
gNrow ? gNrow[DB_srpsalt] : NULL,
|
||||
gNrow ? gNrow[DB_srpverifier] : NULL,
|
||||
passout, verbose))) {
|
||||
BIO_printf(bio_err,
|
||||
"Cannot create srp verifier for user \"%s\", operation abandoned.\n",
|
||||
user);
|
||||
errors++;
|
||||
goto end;
|
||||
}
|
||||
|
||||
row[DB_srptype][0] = 'v';
|
||||
row[DB_srpgN] = OPENSSL_strdup(gNid);
|
||||
|
||||
if (row[DB_srpid] == NULL
|
||||
|| row[DB_srpgN] == NULL
|
||||
|| row[DB_srptype] == NULL
|
||||
|| row[DB_srpverifier] == NULL
|
||||
|| row[DB_srpsalt] == NULL
|
||||
|| (userinfo
|
||||
&& ((row[DB_srpinfo] = OPENSSL_strdup(userinfo))
|
||||
== NULL)))
|
||||
goto end;
|
||||
|
||||
doupdatedb = 1;
|
||||
}
|
||||
}
|
||||
} else if (mode == OPT_DELETE) {
|
||||
if (userindex < 0) {
|
||||
BIO_printf(bio_err,
|
||||
"user \"%s\" does not exist, operation ignored. t\n",
|
||||
user);
|
||||
errors++;
|
||||
} else {
|
||||
char **xpp = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
|
||||
|
||||
BIO_printf(bio_err, "user \"%s\" revoked. t\n", user);
|
||||
xpp[DB_srptype][0] = 'R';
|
||||
doupdatedb = 1;
|
||||
}
|
||||
}
|
||||
user = *argv++;
|
||||
if (user == NULL) {
|
||||
/* no more processing in any mode if no users left */
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (verbose)
|
||||
BIO_printf(bio_err, "User procession done.\n");
|
||||
|
||||
if (doupdatedb) {
|
||||
/* Lets check some fields */
|
||||
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
|
||||
pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
|
||||
|
||||
if (pp[DB_srptype][0] == 'v') {
|
||||
pp[DB_srptype][0] = 'V';
|
||||
print_user(db, i, verbose);
|
||||
}
|
||||
}
|
||||
|
||||
if (verbose)
|
||||
BIO_printf(bio_err, "Trying to update srpvfile.\n");
|
||||
if (!save_index(srpvfile, "new", db))
|
||||
goto end;
|
||||
|
||||
if (verbose)
|
||||
BIO_printf(bio_err, "Temporary srpvfile created.\n");
|
||||
if (!rotate_index(srpvfile, "new", "old"))
|
||||
goto end;
|
||||
|
||||
if (verbose)
|
||||
BIO_printf(bio_err, "srpvfile updated.\n");
|
||||
}
|
||||
|
||||
ret = (errors != 0);
|
||||
end:
|
||||
if (errors != 0)
|
||||
if (verbose)
|
||||
BIO_printf(bio_err, "User errors %d.\n", errors);
|
||||
|
||||
if (verbose)
|
||||
BIO_printf(bio_err, "SRP terminating with code %d.\n", ret);
|
||||
|
||||
OPENSSL_free(passin);
|
||||
OPENSSL_free(passout);
|
||||
if (ret)
|
||||
ERR_print_errors(bio_err);
|
||||
NCONF_free(conf);
|
||||
free_index(db);
|
||||
release_engine(e);
|
||||
return ret;
|
||||
}
|
||||
#endif
|
473
trunk/3rdparty/openssl-1.1-fit/apps/storeutl.c
vendored
Normal file
473
trunk/3rdparty/openssl-1.1-fit/apps/storeutl.c
vendored
Normal file
|
@ -0,0 +1,473 @@
|
|||
/*
|
||||
* Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <openssl/opensslconf.h>
|
||||
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/store.h>
|
||||
#include <openssl/x509v3.h> /* s2i_ASN1_INTEGER */
|
||||
|
||||
static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata,
|
||||
int expected, int criterion, OSSL_STORE_SEARCH *search,
|
||||
int text, int noout, int recursive, int indent, BIO *out,
|
||||
const char *prog);
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ENGINE, OPT_OUT, OPT_PASSIN,
|
||||
OPT_NOOUT, OPT_TEXT, OPT_RECURSIVE,
|
||||
OPT_SEARCHFOR_CERTS, OPT_SEARCHFOR_KEYS, OPT_SEARCHFOR_CRLS,
|
||||
OPT_CRITERION_SUBJECT, OPT_CRITERION_ISSUER, OPT_CRITERION_SERIAL,
|
||||
OPT_CRITERION_FINGERPRINT, OPT_CRITERION_ALIAS,
|
||||
OPT_MD
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS storeutl_options[] = {
|
||||
{OPT_HELP_STR, 1, '-', "Usage: %s [options] uri\nValid options are:\n"},
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{"out", OPT_OUT, '>', "Output file - default stdout"},
|
||||
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
|
||||
{"text", OPT_TEXT, '-', "Print a text form of the objects"},
|
||||
{"noout", OPT_NOOUT, '-', "No PEM output, just status"},
|
||||
{"certs", OPT_SEARCHFOR_CERTS, '-', "Search for certificates only"},
|
||||
{"keys", OPT_SEARCHFOR_KEYS, '-', "Search for keys only"},
|
||||
{"crls", OPT_SEARCHFOR_CRLS, '-', "Search for CRLs only"},
|
||||
{"subject", OPT_CRITERION_SUBJECT, 's', "Search by subject"},
|
||||
{"issuer", OPT_CRITERION_ISSUER, 's', "Search by issuer and serial, issuer name"},
|
||||
{"serial", OPT_CRITERION_SERIAL, 's', "Search by issuer and serial, serial number"},
|
||||
{"fingerprint", OPT_CRITERION_FINGERPRINT, 's', "Search by public key fingerprint, given in hex"},
|
||||
{"alias", OPT_CRITERION_ALIAS, 's', "Search by alias"},
|
||||
{"", OPT_MD, '-', "Any supported digest"},
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
|
||||
#endif
|
||||
{"r", OPT_RECURSIVE, '-', "Recurse through names"},
|
||||
{NULL}
|
||||
};
|
||||
|
||||
int storeutl_main(int argc, char *argv[])
|
||||
{
|
||||
int ret = 1, noout = 0, text = 0, recursive = 0;
|
||||
char *outfile = NULL, *passin = NULL, *passinarg = NULL;
|
||||
BIO *out = NULL;
|
||||
ENGINE *e = NULL;
|
||||
OPTION_CHOICE o;
|
||||
char *prog = opt_init(argc, argv, storeutl_options);
|
||||
PW_CB_DATA pw_cb_data;
|
||||
int expected = 0;
|
||||
int criterion = 0;
|
||||
X509_NAME *subject = NULL, *issuer = NULL;
|
||||
ASN1_INTEGER *serial = NULL;
|
||||
unsigned char *fingerprint = NULL;
|
||||
size_t fingerprintlen = 0;
|
||||
char *alias = NULL;
|
||||
OSSL_STORE_SEARCH *search = NULL;
|
||||
const EVP_MD *digest = NULL;
|
||||
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF:
|
||||
case OPT_ERR:
|
||||
opthelp:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
case OPT_HELP:
|
||||
opt_help(storeutl_options);
|
||||
ret = 0;
|
||||
goto end;
|
||||
case OPT_OUT:
|
||||
outfile = opt_arg();
|
||||
break;
|
||||
case OPT_PASSIN:
|
||||
passinarg = opt_arg();
|
||||
break;
|
||||
case OPT_NOOUT:
|
||||
noout = 1;
|
||||
break;
|
||||
case OPT_TEXT:
|
||||
text = 1;
|
||||
break;
|
||||
case OPT_RECURSIVE:
|
||||
recursive = 1;
|
||||
break;
|
||||
case OPT_SEARCHFOR_CERTS:
|
||||
case OPT_SEARCHFOR_KEYS:
|
||||
case OPT_SEARCHFOR_CRLS:
|
||||
if (expected != 0) {
|
||||
BIO_printf(bio_err, "%s: only one search type can be given.\n",
|
||||
prog);
|
||||
goto end;
|
||||
}
|
||||
{
|
||||
static const struct {
|
||||
enum OPTION_choice choice;
|
||||
int type;
|
||||
} map[] = {
|
||||
{OPT_SEARCHFOR_CERTS, OSSL_STORE_INFO_CERT},
|
||||
{OPT_SEARCHFOR_KEYS, OSSL_STORE_INFO_PKEY},
|
||||
{OPT_SEARCHFOR_CRLS, OSSL_STORE_INFO_CRL},
|
||||
};
|
||||
size_t i;
|
||||
|
||||
for (i = 0; i < OSSL_NELEM(map); i++) {
|
||||
if (o == map[i].choice) {
|
||||
expected = map[i].type;
|
||||
break;
|
||||
}
|
||||
}
|
||||
/*
|
||||
* If expected wasn't set at this point, it means the map
|
||||
* isn't syncronised with the possible options leading here.
|
||||
*/
|
||||
OPENSSL_assert(expected != 0);
|
||||
}
|
||||
break;
|
||||
case OPT_CRITERION_SUBJECT:
|
||||
if (criterion != 0) {
|
||||
BIO_printf(bio_err, "%s: criterion already given.\n",
|
||||
prog);
|
||||
goto end;
|
||||
}
|
||||
criterion = OSSL_STORE_SEARCH_BY_NAME;
|
||||
if (subject != NULL) {
|
||||
BIO_printf(bio_err, "%s: subject already given.\n",
|
||||
prog);
|
||||
goto end;
|
||||
}
|
||||
if ((subject = parse_name(opt_arg(), MBSTRING_UTF8, 1)) == NULL) {
|
||||
BIO_printf(bio_err, "%s: can't parse subject argument.\n",
|
||||
prog);
|
||||
goto end;
|
||||
}
|
||||
break;
|
||||
case OPT_CRITERION_ISSUER:
|
||||
if (criterion != 0
|
||||
|| (criterion == OSSL_STORE_SEARCH_BY_ISSUER_SERIAL
|
||||
&& issuer != NULL)) {
|
||||
BIO_printf(bio_err, "%s: criterion already given.\n",
|
||||
prog);
|
||||
goto end;
|
||||
}
|
||||
criterion = OSSL_STORE_SEARCH_BY_ISSUER_SERIAL;
|
||||
if (issuer != NULL) {
|
||||
BIO_printf(bio_err, "%s: issuer already given.\n",
|
||||
prog);
|
||||
goto end;
|
||||
}
|
||||
if ((issuer = parse_name(opt_arg(), MBSTRING_UTF8, 1)) == NULL) {
|
||||
BIO_printf(bio_err, "%s: can't parse issuer argument.\n",
|
||||
prog);
|
||||
goto end;
|
||||
}
|
||||
break;
|
||||
case OPT_CRITERION_SERIAL:
|
||||
if (criterion != 0
|
||||
|| (criterion == OSSL_STORE_SEARCH_BY_ISSUER_SERIAL
|
||||
&& serial != NULL)) {
|
||||
BIO_printf(bio_err, "%s: criterion already given.\n",
|
||||
prog);
|
||||
goto end;
|
||||
}
|
||||
criterion = OSSL_STORE_SEARCH_BY_ISSUER_SERIAL;
|
||||
if (serial != NULL) {
|
||||
BIO_printf(bio_err, "%s: serial number already given.\n",
|
||||
prog);
|
||||
goto end;
|
||||
}
|
||||
if ((serial = s2i_ASN1_INTEGER(NULL, opt_arg())) == NULL) {
|
||||
BIO_printf(bio_err, "%s: can't parse serial number argument.\n",
|
||||
prog);
|
||||
goto end;
|
||||
}
|
||||
break;
|
||||
case OPT_CRITERION_FINGERPRINT:
|
||||
if (criterion != 0
|
||||
|| (criterion == OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT
|
||||
&& fingerprint != NULL)) {
|
||||
BIO_printf(bio_err, "%s: criterion already given.\n",
|
||||
prog);
|
||||
goto end;
|
||||
}
|
||||
criterion = OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT;
|
||||
if (fingerprint != NULL) {
|
||||
BIO_printf(bio_err, "%s: fingerprint already given.\n",
|
||||
prog);
|
||||
goto end;
|
||||
}
|
||||
{
|
||||
long tmplen = 0;
|
||||
|
||||
if ((fingerprint = OPENSSL_hexstr2buf(opt_arg(), &tmplen))
|
||||
== NULL) {
|
||||
BIO_printf(bio_err,
|
||||
"%s: can't parse fingerprint argument.\n",
|
||||
prog);
|
||||
goto end;
|
||||
}
|
||||
fingerprintlen = (size_t)tmplen;
|
||||
}
|
||||
break;
|
||||
case OPT_CRITERION_ALIAS:
|
||||
if (criterion != 0) {
|
||||
BIO_printf(bio_err, "%s: criterion already given.\n",
|
||||
prog);
|
||||
goto end;
|
||||
}
|
||||
criterion = OSSL_STORE_SEARCH_BY_ALIAS;
|
||||
if (alias != NULL) {
|
||||
BIO_printf(bio_err, "%s: alias already given.\n",
|
||||
prog);
|
||||
goto end;
|
||||
}
|
||||
if ((alias = OPENSSL_strdup(opt_arg())) == NULL) {
|
||||
BIO_printf(bio_err, "%s: can't parse alias argument.\n",
|
||||
prog);
|
||||
goto end;
|
||||
}
|
||||
break;
|
||||
case OPT_ENGINE:
|
||||
e = setup_engine(opt_arg(), 0);
|
||||
break;
|
||||
case OPT_MD:
|
||||
if (!opt_md(opt_unknown(), &digest))
|
||||
goto opthelp;
|
||||
}
|
||||
}
|
||||
argc = opt_num_rest();
|
||||
argv = opt_rest();
|
||||
|
||||
if (argc == 0) {
|
||||
BIO_printf(bio_err, "%s: No URI given, nothing to do...\n", prog);
|
||||
goto opthelp;
|
||||
}
|
||||
if (argc > 1) {
|
||||
BIO_printf(bio_err, "%s: Unknown extra parameters after URI\n", prog);
|
||||
goto opthelp;
|
||||
}
|
||||
|
||||
if (criterion != 0) {
|
||||
switch (criterion) {
|
||||
case OSSL_STORE_SEARCH_BY_NAME:
|
||||
if ((search = OSSL_STORE_SEARCH_by_name(subject)) == NULL) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
break;
|
||||
case OSSL_STORE_SEARCH_BY_ISSUER_SERIAL:
|
||||
if (issuer == NULL || serial == NULL) {
|
||||
BIO_printf(bio_err,
|
||||
"%s: both -issuer and -serial must be given.\n",
|
||||
prog);
|
||||
goto end;
|
||||
}
|
||||
if ((search = OSSL_STORE_SEARCH_by_issuer_serial(issuer, serial))
|
||||
== NULL) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
break;
|
||||
case OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT:
|
||||
if ((search = OSSL_STORE_SEARCH_by_key_fingerprint(digest,
|
||||
fingerprint,
|
||||
fingerprintlen))
|
||||
== NULL) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
break;
|
||||
case OSSL_STORE_SEARCH_BY_ALIAS:
|
||||
if ((search = OSSL_STORE_SEARCH_by_alias(alias)) == NULL) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (!app_passwd(passinarg, NULL, &passin, NULL)) {
|
||||
BIO_printf(bio_err, "Error getting passwords\n");
|
||||
goto end;
|
||||
}
|
||||
pw_cb_data.password = passin;
|
||||
pw_cb_data.prompt_info = argv[0];
|
||||
|
||||
out = bio_open_default(outfile, 'w', FORMAT_TEXT);
|
||||
if (out == NULL)
|
||||
goto end;
|
||||
|
||||
ret = process(argv[0], get_ui_method(), &pw_cb_data,
|
||||
expected, criterion, search,
|
||||
text, noout, recursive, 0, out, prog);
|
||||
|
||||
end:
|
||||
OPENSSL_free(fingerprint);
|
||||
OPENSSL_free(alias);
|
||||
ASN1_INTEGER_free(serial);
|
||||
X509_NAME_free(subject);
|
||||
X509_NAME_free(issuer);
|
||||
OSSL_STORE_SEARCH_free(search);
|
||||
BIO_free_all(out);
|
||||
OPENSSL_free(passin);
|
||||
release_engine(e);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int indent_printf(int indent, BIO *bio, const char *format, ...)
|
||||
{
|
||||
va_list args;
|
||||
int ret;
|
||||
|
||||
va_start(args, format);
|
||||
|
||||
ret = BIO_printf(bio, "%*s", indent, "") + BIO_vprintf(bio, format, args);
|
||||
|
||||
va_end(args);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata,
|
||||
int expected, int criterion, OSSL_STORE_SEARCH *search,
|
||||
int text, int noout, int recursive, int indent, BIO *out,
|
||||
const char *prog)
|
||||
{
|
||||
OSSL_STORE_CTX *store_ctx = NULL;
|
||||
int ret = 1, items = 0;
|
||||
|
||||
if ((store_ctx = OSSL_STORE_open(uri, uimeth, uidata, NULL, NULL))
|
||||
== NULL) {
|
||||
BIO_printf(bio_err, "Couldn't open file or uri %s\n", uri);
|
||||
ERR_print_errors(bio_err);
|
||||
return ret;
|
||||
}
|
||||
|
||||
if (expected != 0) {
|
||||
if (!OSSL_STORE_expect(store_ctx, expected)) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end2;
|
||||
}
|
||||
}
|
||||
|
||||
if (criterion != 0) {
|
||||
if (!OSSL_STORE_supports_search(store_ctx, criterion)) {
|
||||
BIO_printf(bio_err,
|
||||
"%s: the store scheme doesn't support the given search criteria.\n",
|
||||
prog);
|
||||
goto end2;
|
||||
}
|
||||
|
||||
if (!OSSL_STORE_find(store_ctx, search)) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end2;
|
||||
}
|
||||
}
|
||||
|
||||
/* From here on, we count errors, and we'll return the count at the end */
|
||||
ret = 0;
|
||||
|
||||
for (;;) {
|
||||
OSSL_STORE_INFO *info = OSSL_STORE_load(store_ctx);
|
||||
int type = info == NULL ? 0 : OSSL_STORE_INFO_get_type(info);
|
||||
const char *infostr =
|
||||
info == NULL ? NULL : OSSL_STORE_INFO_type_string(type);
|
||||
|
||||
if (info == NULL) {
|
||||
if (OSSL_STORE_eof(store_ctx))
|
||||
break;
|
||||
|
||||
if (OSSL_STORE_error(store_ctx)) {
|
||||
if (recursive)
|
||||
ERR_clear_error();
|
||||
else
|
||||
ERR_print_errors(bio_err);
|
||||
ret++;
|
||||
continue;
|
||||
}
|
||||
|
||||
BIO_printf(bio_err,
|
||||
"ERROR: OSSL_STORE_load() returned NULL without "
|
||||
"eof or error indications\n");
|
||||
BIO_printf(bio_err, " This is an error in the loader\n");
|
||||
ERR_print_errors(bio_err);
|
||||
ret++;
|
||||
break;
|
||||
}
|
||||
|
||||
if (type == OSSL_STORE_INFO_NAME) {
|
||||
const char *name = OSSL_STORE_INFO_get0_NAME(info);
|
||||
const char *desc = OSSL_STORE_INFO_get0_NAME_description(info);
|
||||
indent_printf(indent, bio_out, "%d: %s: %s\n", items, infostr,
|
||||
name);
|
||||
if (desc != NULL)
|
||||
indent_printf(indent, bio_out, "%s\n", desc);
|
||||
} else {
|
||||
indent_printf(indent, bio_out, "%d: %s\n", items, infostr);
|
||||
}
|
||||
|
||||
/*
|
||||
* Unfortunately, PEM_X509_INFO_write_bio() is sorely lacking in
|
||||
* functionality, so we must figure out how exactly to write things
|
||||
* ourselves...
|
||||
*/
|
||||
switch (type) {
|
||||
case OSSL_STORE_INFO_NAME:
|
||||
if (recursive) {
|
||||
const char *suburi = OSSL_STORE_INFO_get0_NAME(info);
|
||||
ret += process(suburi, uimeth, uidata,
|
||||
expected, criterion, search,
|
||||
text, noout, recursive, indent + 2, out, prog);
|
||||
}
|
||||
break;
|
||||
case OSSL_STORE_INFO_PARAMS:
|
||||
if (text)
|
||||
EVP_PKEY_print_params(out, OSSL_STORE_INFO_get0_PARAMS(info),
|
||||
0, NULL);
|
||||
if (!noout)
|
||||
PEM_write_bio_Parameters(out,
|
||||
OSSL_STORE_INFO_get0_PARAMS(info));
|
||||
break;
|
||||
case OSSL_STORE_INFO_PKEY:
|
||||
if (text)
|
||||
EVP_PKEY_print_private(out, OSSL_STORE_INFO_get0_PKEY(info),
|
||||
0, NULL);
|
||||
if (!noout)
|
||||
PEM_write_bio_PrivateKey(out, OSSL_STORE_INFO_get0_PKEY(info),
|
||||
NULL, NULL, 0, NULL, NULL);
|
||||
break;
|
||||
case OSSL_STORE_INFO_CERT:
|
||||
if (text)
|
||||
X509_print(out, OSSL_STORE_INFO_get0_CERT(info));
|
||||
if (!noout)
|
||||
PEM_write_bio_X509(out, OSSL_STORE_INFO_get0_CERT(info));
|
||||
break;
|
||||
case OSSL_STORE_INFO_CRL:
|
||||
if (text)
|
||||
X509_CRL_print(out, OSSL_STORE_INFO_get0_CRL(info));
|
||||
if (!noout)
|
||||
PEM_write_bio_X509_CRL(out, OSSL_STORE_INFO_get0_CRL(info));
|
||||
break;
|
||||
default:
|
||||
BIO_printf(bio_err, "!!! Unknown code\n");
|
||||
ret++;
|
||||
break;
|
||||
}
|
||||
items++;
|
||||
OSSL_STORE_INFO_free(info);
|
||||
}
|
||||
indent_printf(indent, out, "Total found: %d\n", items);
|
||||
|
||||
end2:
|
||||
if (!OSSL_STORE_close(store_ctx)) {
|
||||
ERR_print_errors(bio_err);
|
||||
ret++;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
8
trunk/3rdparty/openssl-1.1-fit/apps/testCA.pem
vendored
Normal file
8
trunk/3rdparty/openssl-1.1-fit/apps/testCA.pem
vendored
Normal file
|
@ -0,0 +1,8 @@
|
|||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIIBBzCBsgIBADBNMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEX
|
||||
MBUGA1UEChMOTWluY29tIFB0eSBMdGQxEDAOBgNVBAMTB1RFU1QgQ0EwXDANBgkq
|
||||
hkiG9w0BAQEFAANLADBIAkEAzW9brgA8efT2ODB+NrsflJZj3KKqKsm4OrXTRqfL
|
||||
VETj1ws/zCXl42XJAxdWQMCP0liKfc9Ut4xi1qCVI7N07wIDAQABoAAwDQYJKoZI
|
||||
hvcNAQEEBQADQQBjZZ42Det9Uw0AFwJy4ufUEy5Cv74pxBp5SZnljgHY+Az0Hs2S
|
||||
uNkIegr2ITX5azKi9nOkg9ZmsmGG13FIjiC/
|
||||
-----END CERTIFICATE REQUEST-----
|
260
trunk/3rdparty/openssl-1.1-fit/apps/testdsa.h
vendored
Normal file
260
trunk/3rdparty/openssl-1.1-fit/apps/testdsa.h
vendored
Normal file
|
@ -0,0 +1,260 @@
|
|||
/*
|
||||
* Copyright 1998-2017 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
/* used by speed.c */
|
||||
DSA *get_dsa(int);
|
||||
|
||||
static unsigned char dsa512_priv[] = {
|
||||
0x65, 0xe5, 0xc7, 0x38, 0x60, 0x24, 0xb5, 0x89, 0xd4, 0x9c, 0xeb, 0x4c,
|
||||
0x9c, 0x1d, 0x7a, 0x22, 0xbd, 0xd1, 0xc2, 0xd2,
|
||||
};
|
||||
|
||||
static unsigned char dsa512_pub[] = {
|
||||
0x00, 0x95, 0xa7, 0x0d, 0xec, 0x93, 0x68, 0xba, 0x5f, 0xf7, 0x5f, 0x07,
|
||||
0xf2, 0x3b, 0xad, 0x6b, 0x01, 0xdc, 0xbe, 0xec, 0xde, 0x04, 0x7a, 0x3a,
|
||||
0x27, 0xb3, 0xec, 0x49, 0xfd, 0x08, 0x43, 0x3d, 0x7e, 0xa8, 0x2c, 0x5e,
|
||||
0x7b, 0xbb, 0xfc, 0xf4, 0x6e, 0xeb, 0x6c, 0xb0, 0x6e, 0xf8, 0x02, 0x12,
|
||||
0x8c, 0x38, 0x5d, 0x83, 0x56, 0x7d, 0xee, 0x53, 0x05, 0x3e, 0x24, 0x84,
|
||||
0xbe, 0xba, 0x0a, 0x6b, 0xc8,
|
||||
};
|
||||
|
||||
static unsigned char dsa512_p[] = {
|
||||
0x9D, 0x1B, 0x69, 0x8E, 0x26, 0xDB, 0xF2, 0x2B, 0x11, 0x70, 0x19, 0x86,
|
||||
0xF6, 0x19, 0xC8, 0xF8, 0x19, 0xF2, 0x18, 0x53, 0x94, 0x46, 0x06, 0xD0,
|
||||
0x62, 0x50, 0x33, 0x4B, 0x02, 0x3C, 0x52, 0x30, 0x03, 0x8B, 0x3B, 0xF9,
|
||||
0x5F, 0xD1, 0x24, 0x06, 0x4F, 0x7B, 0x4C, 0xBA, 0xAA, 0x40, 0x9B, 0xFD,
|
||||
0x96, 0xE4, 0x37, 0x33, 0xBB, 0x2D, 0x5A, 0xD7, 0x5A, 0x11, 0x40, 0x66,
|
||||
0xA2, 0x76, 0x7D, 0x31,
|
||||
};
|
||||
|
||||
static unsigned char dsa512_q[] = {
|
||||
0xFB, 0x53, 0xEF, 0x50, 0xB4, 0x40, 0x92, 0x31, 0x56, 0x86, 0x53, 0x7A,
|
||||
0xE8, 0x8B, 0x22, 0x9A, 0x49, 0xFB, 0x71, 0x8F,
|
||||
};
|
||||
|
||||
static unsigned char dsa512_g[] = {
|
||||
0x83, 0x3E, 0x88, 0xE5, 0xC5, 0x89, 0x73, 0xCE, 0x3B, 0x6C, 0x01, 0x49,
|
||||
0xBF, 0xB3, 0xC7, 0x9F, 0x0A, 0xEA, 0x44, 0x91, 0xE5, 0x30, 0xAA, 0xD9,
|
||||
0xBE, 0x5B, 0x5F, 0xB7, 0x10, 0xD7, 0x89, 0xB7, 0x8E, 0x74, 0xFB, 0xCF,
|
||||
0x29, 0x1E, 0xEB, 0xA8, 0x2C, 0x54, 0x51, 0xB8, 0x10, 0xDE, 0xA0, 0xCE,
|
||||
0x2F, 0xCC, 0x24, 0x6B, 0x90, 0x77, 0xDE, 0xA2, 0x68, 0xA6, 0x52, 0x12,
|
||||
0xA2, 0x03, 0x9D, 0x20,
|
||||
};
|
||||
|
||||
static unsigned char dsa1024_priv[] = {
|
||||
0x7d, 0x21, 0xda, 0xbb, 0x62, 0x15, 0x47, 0x36, 0x07, 0x67, 0x12, 0xe8,
|
||||
0x8c, 0xaa, 0x1c, 0xcd, 0x38, 0x12, 0x61, 0x18,
|
||||
};
|
||||
|
||||
static unsigned char dsa1024_pub[] = {
|
||||
0x3c, 0x4e, 0x9c, 0x2a, 0x7f, 0x16, 0xc1, 0x25, 0xeb, 0xac, 0x78, 0x63,
|
||||
0x90, 0x14, 0x8c, 0x8b, 0xf4, 0x68, 0x43, 0x3c, 0x2d, 0xee, 0x65, 0x50,
|
||||
0x7d, 0x9c, 0x8f, 0x8c, 0x8a, 0x51, 0xd6, 0x11, 0x2b, 0x99, 0xaf, 0x1e,
|
||||
0x90, 0x97, 0xb5, 0xd3, 0xa6, 0x20, 0x25, 0xd6, 0xfe, 0x43, 0x02, 0xd5,
|
||||
0x91, 0x7d, 0xa7, 0x8c, 0xdb, 0xc9, 0x85, 0xa3, 0x36, 0x48, 0xf7, 0x68,
|
||||
0xaa, 0x60, 0xb1, 0xf7, 0x05, 0x68, 0x3a, 0xa3, 0x3f, 0xd3, 0x19, 0x82,
|
||||
0xd8, 0x82, 0x7a, 0x77, 0xfb, 0xef, 0xf4, 0x15, 0x0a, 0xeb, 0x06, 0x04,
|
||||
0x7f, 0x53, 0x07, 0x0c, 0xbc, 0xcb, 0x2d, 0x83, 0xdb, 0x3e, 0xd1, 0x28,
|
||||
0xa5, 0xa1, 0x31, 0xe0, 0x67, 0xfa, 0x50, 0xde, 0x9b, 0x07, 0x83, 0x7e,
|
||||
0x2c, 0x0b, 0xc3, 0x13, 0x50, 0x61, 0xe5, 0xad, 0xbd, 0x36, 0xb8, 0x97,
|
||||
0x4e, 0x40, 0x7d, 0xe8, 0x83, 0x0d, 0xbc, 0x4b
|
||||
};
|
||||
|
||||
static unsigned char dsa1024_p[] = {
|
||||
0xA7, 0x3F, 0x6E, 0x85, 0xBF, 0x41, 0x6A, 0x29, 0x7D, 0xF0, 0x9F, 0x47,
|
||||
0x19, 0x30, 0x90, 0x9A, 0x09, 0x1D, 0xDA, 0x6A, 0x33, 0x1E, 0xC5, 0x3D,
|
||||
0x86, 0x96, 0xB3, 0x15, 0xE0, 0x53, 0x2E, 0x8F, 0xE0, 0x59, 0x82, 0x73,
|
||||
0x90, 0x3E, 0x75, 0x31, 0x99, 0x47, 0x7A, 0x52, 0xFB, 0x85, 0xE4, 0xD9,
|
||||
0xA6, 0x7B, 0x38, 0x9B, 0x68, 0x8A, 0x84, 0x9B, 0x87, 0xC6, 0x1E, 0xB5,
|
||||
0x7E, 0x86, 0x4B, 0x53, 0x5B, 0x59, 0xCF, 0x71, 0x65, 0x19, 0x88, 0x6E,
|
||||
0xCE, 0x66, 0xAE, 0x6B, 0x88, 0x36, 0xFB, 0xEC, 0x28, 0xDC, 0xC2, 0xD7,
|
||||
0xA5, 0xBB, 0xE5, 0x2C, 0x39, 0x26, 0x4B, 0xDA, 0x9A, 0x70, 0x18, 0x95,
|
||||
0x37, 0x95, 0x10, 0x56, 0x23, 0xF6, 0x15, 0xED, 0xBA, 0x04, 0x5E, 0xDE,
|
||||
0x39, 0x4F, 0xFD, 0xB7, 0x43, 0x1F, 0xB5, 0xA4, 0x65, 0x6F, 0xCD, 0x80,
|
||||
0x11, 0xE4, 0x70, 0x95, 0x5B, 0x50, 0xCD, 0x49,
|
||||
};
|
||||
|
||||
static unsigned char dsa1024_q[] = {
|
||||
0xF7, 0x07, 0x31, 0xED, 0xFA, 0x6C, 0x06, 0x03, 0xD5, 0x85, 0x8A, 0x1C,
|
||||
0xAC, 0x9C, 0x65, 0xE7, 0x50, 0x66, 0x65, 0x6F,
|
||||
};
|
||||
|
||||
static unsigned char dsa1024_g[] = {
|
||||
0x4D, 0xDF, 0x4C, 0x03, 0xA6, 0x91, 0x8A, 0xF5, 0x19, 0x6F, 0x50, 0x46,
|
||||
0x25, 0x99, 0xE5, 0x68, 0x6F, 0x30, 0xE3, 0x69, 0xE1, 0xE5, 0xB3, 0x5D,
|
||||
0x98, 0xBB, 0x28, 0x86, 0x48, 0xFC, 0xDE, 0x99, 0x04, 0x3F, 0x5F, 0x88,
|
||||
0x0C, 0x9C, 0x73, 0x24, 0x0D, 0x20, 0x5D, 0xB9, 0x2A, 0x9A, 0x3F, 0x18,
|
||||
0x96, 0x27, 0xE4, 0x62, 0x87, 0xC1, 0x7B, 0x74, 0x62, 0x53, 0xFC, 0x61,
|
||||
0x27, 0xA8, 0x7A, 0x91, 0x09, 0x9D, 0xB6, 0xF1, 0x4D, 0x9C, 0x54, 0x0F,
|
||||
0x58, 0x06, 0xEE, 0x49, 0x74, 0x07, 0xCE, 0x55, 0x7E, 0x23, 0xCE, 0x16,
|
||||
0xF6, 0xCA, 0xDC, 0x5A, 0x61, 0x01, 0x7E, 0xC9, 0x71, 0xB5, 0x4D, 0xF6,
|
||||
0xDC, 0x34, 0x29, 0x87, 0x68, 0xF6, 0x5E, 0x20, 0x93, 0xB3, 0xDB, 0xF5,
|
||||
0xE4, 0x09, 0x6C, 0x41, 0x17, 0x95, 0x92, 0xEB, 0x01, 0xB5, 0x73, 0xA5,
|
||||
0x6A, 0x7E, 0xD8, 0x32, 0xED, 0x0E, 0x02, 0xB8,
|
||||
};
|
||||
|
||||
static unsigned char dsa2048_priv[] = {
|
||||
0x32, 0x67, 0x92, 0xf6, 0xc4, 0xe2, 0xe2, 0xe8, 0xa0, 0x8b, 0x6b, 0x45,
|
||||
0x0c, 0x8a, 0x76, 0xb0, 0xee, 0xcf, 0x91, 0xa7,
|
||||
};
|
||||
|
||||
static unsigned char dsa2048_pub[] = {
|
||||
0x17, 0x8f, 0xa8, 0x11, 0x84, 0x92, 0xec, 0x83, 0x47, 0xc7, 0x6a, 0xb0,
|
||||
0x92, 0xaf, 0x5a, 0x20, 0x37, 0xa3, 0x64, 0x79, 0xd2, 0xd0, 0x3d, 0xcd,
|
||||
0xe0, 0x61, 0x88, 0x88, 0x21, 0xcc, 0x74, 0x5d, 0xce, 0x4c, 0x51, 0x47,
|
||||
0xf0, 0xc5, 0x5c, 0x4c, 0x82, 0x7a, 0xaf, 0x72, 0xad, 0xb9, 0xe0, 0x53,
|
||||
0xf2, 0x78, 0xb7, 0xf0, 0xb5, 0x48, 0x7f, 0x8a, 0x3a, 0x18, 0xd1, 0x9f,
|
||||
0x8b, 0x7d, 0xa5, 0x47, 0xb7, 0x95, 0xab, 0x98, 0xf8, 0x7b, 0x74, 0x50,
|
||||
0x56, 0x8e, 0x57, 0xf0, 0xee, 0xf5, 0xb7, 0xba, 0xab, 0x85, 0x86, 0xf9,
|
||||
0x2b, 0xef, 0x41, 0x56, 0xa0, 0xa4, 0x9f, 0xb7, 0x38, 0x00, 0x46, 0x0a,
|
||||
0xa6, 0xf1, 0xfc, 0x1f, 0xd8, 0x4e, 0x85, 0x44, 0x92, 0x43, 0x21, 0x5d,
|
||||
0x6e, 0xcc, 0xc2, 0xcb, 0x26, 0x31, 0x0d, 0x21, 0xc4, 0xbd, 0x8d, 0x24,
|
||||
0xbc, 0xd9, 0x18, 0x19, 0xd7, 0xdc, 0xf1, 0xe7, 0x93, 0x50, 0x48, 0x03,
|
||||
0x2c, 0xae, 0x2e, 0xe7, 0x49, 0x88, 0x5f, 0x93, 0x57, 0x27, 0x99, 0x36,
|
||||
0xb4, 0x20, 0xab, 0xfc, 0xa7, 0x2b, 0xf2, 0xd9, 0x98, 0xd7, 0xd4, 0x34,
|
||||
0x9d, 0x96, 0x50, 0x58, 0x9a, 0xea, 0x54, 0xf3, 0xee, 0xf5, 0x63, 0x14,
|
||||
0xee, 0x85, 0x83, 0x74, 0x76, 0xe1, 0x52, 0x95, 0xc3, 0xf7, 0xeb, 0x04,
|
||||
0x04, 0x7b, 0xa7, 0x28, 0x1b, 0xcc, 0xea, 0x4a, 0x4e, 0x84, 0xda, 0xd8,
|
||||
0x9c, 0x79, 0xd8, 0x9b, 0x66, 0x89, 0x2f, 0xcf, 0xac, 0xd7, 0x79, 0xf9,
|
||||
0xa9, 0xd8, 0x45, 0x13, 0x78, 0xb9, 0x00, 0x14, 0xc9, 0x7e, 0x22, 0x51,
|
||||
0x86, 0x67, 0xb0, 0x9f, 0x26, 0x11, 0x23, 0xc8, 0x38, 0xd7, 0x70, 0x1d,
|
||||
0x15, 0x8e, 0x4d, 0x4f, 0x95, 0x97, 0x40, 0xa1, 0xc2, 0x7e, 0x01, 0x18,
|
||||
0x72, 0xf4, 0x10, 0xe6, 0x8d, 0x52, 0x16, 0x7f, 0xf2, 0xc9, 0xf8, 0x33,
|
||||
0x8b, 0x33, 0xb7, 0xce,
|
||||
};
|
||||
|
||||
static unsigned char dsa2048_p[] = {
|
||||
0xA0, 0x25, 0xFA, 0xAD, 0xF4, 0x8E, 0xB9, 0xE5, 0x99, 0xF3, 0x5D, 0x6F,
|
||||
0x4F, 0x83, 0x34, 0xE2, 0x7E, 0xCF, 0x6F, 0xBF, 0x30, 0xAF, 0x6F, 0x81,
|
||||
0xEB, 0xF8, 0xC4, 0x13, 0xD9, 0xA0, 0x5D, 0x8B, 0x5C, 0x8E, 0xDC, 0xC2,
|
||||
0x1D, 0x0B, 0x41, 0x32, 0xB0, 0x1F, 0xFE, 0xEF, 0x0C, 0xC2, 0xA2, 0x7E,
|
||||
0x68, 0x5C, 0x28, 0x21, 0xE9, 0xF5, 0xB1, 0x58, 0x12, 0x63, 0x4C, 0x19,
|
||||
0x4E, 0xFF, 0x02, 0x4B, 0x92, 0xED, 0xD2, 0x07, 0x11, 0x4D, 0x8C, 0x58,
|
||||
0x16, 0x5C, 0x55, 0x8E, 0xAD, 0xA3, 0x67, 0x7D, 0xB9, 0x86, 0x6E, 0x0B,
|
||||
0xE6, 0x54, 0x6F, 0x40, 0xAE, 0x0E, 0x67, 0x4C, 0xF9, 0x12, 0x5B, 0x3C,
|
||||
0x08, 0x7A, 0xF7, 0xFC, 0x67, 0x86, 0x69, 0xE7, 0x0A, 0x94, 0x40, 0xBF,
|
||||
0x8B, 0x76, 0xFE, 0x26, 0xD1, 0xF2, 0xA1, 0x1A, 0x84, 0xA1, 0x43, 0x56,
|
||||
0x28, 0xBC, 0x9A, 0x5F, 0xD7, 0x3B, 0x69, 0x89, 0x8A, 0x36, 0x2C, 0x51,
|
||||
0xDF, 0x12, 0x77, 0x2F, 0x57, 0x7B, 0xA0, 0xAA, 0xDD, 0x7F, 0xA1, 0x62,
|
||||
0x3B, 0x40, 0x7B, 0x68, 0x1A, 0x8F, 0x0D, 0x38, 0xBB, 0x21, 0x5D, 0x18,
|
||||
0xFC, 0x0F, 0x46, 0xF7, 0xA3, 0xB0, 0x1D, 0x23, 0xC3, 0xD2, 0xC7, 0x72,
|
||||
0x51, 0x18, 0xDF, 0x46, 0x95, 0x79, 0xD9, 0xBD, 0xB5, 0x19, 0x02, 0x2C,
|
||||
0x87, 0xDC, 0xE7, 0x57, 0x82, 0x7E, 0xF1, 0x8B, 0x06, 0x3D, 0x00, 0xA5,
|
||||
0x7B, 0x6B, 0x26, 0x27, 0x91, 0x0F, 0x6A, 0x77, 0xE4, 0xD5, 0x04, 0xE4,
|
||||
0x12, 0x2C, 0x42, 0xFF, 0xD2, 0x88, 0xBB, 0xD3, 0x92, 0xA0, 0xF9, 0xC8,
|
||||
0x51, 0x64, 0x14, 0x5C, 0xD8, 0xF9, 0x6C, 0x47, 0x82, 0xB4, 0x1C, 0x7F,
|
||||
0x09, 0xB8, 0xF0, 0x25, 0x83, 0x1D, 0x3F, 0x3F, 0x05, 0xB3, 0x21, 0x0A,
|
||||
0x5D, 0xA7, 0xD8, 0x54, 0xC3, 0x65, 0x7D, 0xC3, 0xB0, 0x1D, 0xBF, 0xAE,
|
||||
0xF8, 0x68, 0xCF, 0x9B,
|
||||
};
|
||||
|
||||
static unsigned char dsa2048_q[] = {
|
||||
0x97, 0xE7, 0x33, 0x4D, 0xD3, 0x94, 0x3E, 0x0B, 0xDB, 0x62, 0x74, 0xC6,
|
||||
0xA1, 0x08, 0xDD, 0x19, 0xA3, 0x75, 0x17, 0x1B,
|
||||
};
|
||||
|
||||
static unsigned char dsa2048_g[] = {
|
||||
0x2C, 0x78, 0x16, 0x59, 0x34, 0x63, 0xF4, 0xF3, 0x92, 0xFC, 0xB5, 0xA5,
|
||||
0x4F, 0x13, 0xDE, 0x2F, 0x1C, 0xA4, 0x3C, 0xAE, 0xAD, 0x38, 0x3F, 0x7E,
|
||||
0x90, 0xBF, 0x96, 0xA6, 0xAE, 0x25, 0x90, 0x72, 0xF5, 0x8E, 0x80, 0x0C,
|
||||
0x39, 0x1C, 0xD9, 0xEC, 0xBA, 0x90, 0x5B, 0x3A, 0xE8, 0x58, 0x6C, 0x9E,
|
||||
0x30, 0x42, 0x37, 0x02, 0x31, 0x82, 0xBC, 0x6A, 0xDF, 0x6A, 0x09, 0x29,
|
||||
0xE3, 0xC0, 0x46, 0xD1, 0xCB, 0x85, 0xEC, 0x0C, 0x30, 0x5E, 0xEA, 0xC8,
|
||||
0x39, 0x8E, 0x22, 0x9F, 0x22, 0x10, 0xD2, 0x34, 0x61, 0x68, 0x37, 0x3D,
|
||||
0x2E, 0x4A, 0x5B, 0x9A, 0xF5, 0xC1, 0x48, 0xC6, 0xF6, 0xDC, 0x63, 0x1A,
|
||||
0xD3, 0x96, 0x64, 0xBA, 0x34, 0xC9, 0xD1, 0xA0, 0xD1, 0xAE, 0x6C, 0x2F,
|
||||
0x48, 0x17, 0x93, 0x14, 0x43, 0xED, 0xF0, 0x21, 0x30, 0x19, 0xC3, 0x1B,
|
||||
0x5F, 0xDE, 0xA3, 0xF0, 0x70, 0x78, 0x18, 0xE1, 0xA8, 0xE4, 0xEE, 0x2E,
|
||||
0x00, 0xA5, 0xE4, 0xB3, 0x17, 0xC8, 0x0C, 0x7D, 0x6E, 0x42, 0xDC, 0xB7,
|
||||
0x46, 0x00, 0x36, 0x4D, 0xD4, 0x46, 0xAA, 0x3D, 0x3C, 0x46, 0x89, 0x40,
|
||||
0xBF, 0x1D, 0x84, 0x77, 0x0A, 0x75, 0xF3, 0x87, 0x1D, 0x08, 0x4C, 0xA6,
|
||||
0xD1, 0xA9, 0x1C, 0x1E, 0x12, 0x1E, 0xE1, 0xC7, 0x30, 0x28, 0x76, 0xA5,
|
||||
0x7F, 0x6C, 0x85, 0x96, 0x2B, 0x6F, 0xDB, 0x80, 0x66, 0x26, 0xAE, 0xF5,
|
||||
0x93, 0xC7, 0x8E, 0xAE, 0x9A, 0xED, 0xE4, 0xCA, 0x04, 0xEA, 0x3B, 0x72,
|
||||
0xEF, 0xDC, 0x87, 0xED, 0x0D, 0xA5, 0x4C, 0x4A, 0xDD, 0x71, 0x22, 0x64,
|
||||
0x59, 0x69, 0x4E, 0x8E, 0xBF, 0x43, 0xDC, 0xAB, 0x8E, 0x66, 0xBB, 0x01,
|
||||
0xB6, 0xF4, 0xE7, 0xFD, 0xD2, 0xAD, 0x9F, 0x36, 0xC1, 0xA0, 0x29, 0x99,
|
||||
0xD1, 0x96, 0x70, 0x59, 0x06, 0x78, 0x35, 0xBD, 0x65, 0x55, 0x52, 0x9E,
|
||||
0xF8, 0xB2, 0xE5, 0x38,
|
||||
};
|
||||
|
||||
typedef struct testdsa_st {
|
||||
unsigned char *priv;
|
||||
unsigned char *pub;
|
||||
unsigned char *p;
|
||||
unsigned char *g;
|
||||
unsigned char *q;
|
||||
int priv_l;
|
||||
int pub_l;
|
||||
int p_l;
|
||||
int g_l;
|
||||
int q_l;
|
||||
} testdsa;
|
||||
|
||||
#define set_dsa_ptr(st, bits) \
|
||||
do { \
|
||||
st.priv = dsa##bits##_priv; \
|
||||
st.pub = dsa##bits##_pub; \
|
||||
st.p = dsa##bits##_p; \
|
||||
st.g = dsa##bits##_g; \
|
||||
st.q = dsa##bits##_q; \
|
||||
st.priv_l = sizeof(dsa##bits##_priv); \
|
||||
st.pub_l = sizeof(dsa##bits##_pub); \
|
||||
st.p_l = sizeof(dsa##bits##_p); \
|
||||
st.g_l = sizeof(dsa##bits##_g); \
|
||||
st.q_l = sizeof(dsa##bits##_q); \
|
||||
} while (0)
|
||||
|
||||
DSA *get_dsa(int dsa_bits)
|
||||
{
|
||||
DSA *dsa;
|
||||
BIGNUM *priv_key, *pub_key, *p, *q, *g;
|
||||
testdsa dsa_t;
|
||||
|
||||
switch (dsa_bits) {
|
||||
case 512:
|
||||
set_dsa_ptr(dsa_t, 512);
|
||||
break;
|
||||
case 1024:
|
||||
set_dsa_ptr(dsa_t, 1024);
|
||||
break;
|
||||
case 2048:
|
||||
set_dsa_ptr(dsa_t, 2048);
|
||||
break;
|
||||
default:
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if ((dsa = DSA_new()) == NULL)
|
||||
return NULL;
|
||||
priv_key = BN_bin2bn(dsa_t.priv, dsa_t.priv_l, NULL);
|
||||
pub_key = BN_bin2bn(dsa_t.pub, dsa_t.pub_l, NULL);
|
||||
p = BN_bin2bn(dsa_t.p, dsa_t.p_l, NULL);
|
||||
q = BN_bin2bn(dsa_t.q, dsa_t.q_l, NULL);
|
||||
g = BN_bin2bn(dsa_t.g, dsa_t.g_l, NULL);
|
||||
if ((priv_key == NULL) || (pub_key == NULL) || (p == NULL) || (q == NULL)
|
||||
|| (g == NULL)) {
|
||||
goto err;
|
||||
}
|
||||
if (!DSA_set0_pqg(dsa, p, q, g))
|
||||
goto err;
|
||||
|
||||
if (!DSA_set0_key(dsa, pub_key, priv_key))
|
||||
goto err;
|
||||
|
||||
return dsa;
|
||||
err:
|
||||
DSA_free(dsa);
|
||||
BN_free(priv_key);
|
||||
BN_free(pub_key);
|
||||
BN_free(p);
|
||||
BN_free(q);
|
||||
BN_free(g);
|
||||
return NULL;
|
||||
}
|
1960
trunk/3rdparty/openssl-1.1-fit/apps/testrsa.h
vendored
Normal file
1960
trunk/3rdparty/openssl-1.1-fit/apps/testrsa.h
vendored
Normal file
File diff suppressed because it is too large
Load diff
17
trunk/3rdparty/openssl-1.1-fit/apps/timeouts.h
vendored
Normal file
17
trunk/3rdparty/openssl-1.1-fit/apps/timeouts.h
vendored
Normal file
|
@ -0,0 +1,17 @@
|
|||
/*
|
||||
* Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#ifndef INCLUDED_TIMEOUTS_H
|
||||
# define INCLUDED_TIMEOUTS_H
|
||||
|
||||
/* numbers in us */
|
||||
# define DGRAM_RCV_TIMEOUT 250000
|
||||
# define DGRAM_SND_TIMEOUT 250000
|
||||
|
||||
#endif /* ! INCLUDED_TIMEOUTS_H */
|
986
trunk/3rdparty/openssl-1.1-fit/apps/ts.c
vendored
Normal file
986
trunk/3rdparty/openssl-1.1-fit/apps/ts.c
vendored
Normal file
|
@ -0,0 +1,986 @@
|
|||
/*
|
||||
* Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <openssl/opensslconf.h>
|
||||
#ifdef OPENSSL_NO_TS
|
||||
NON_EMPTY_TRANSLATION_UNIT
|
||||
#else
|
||||
# include <stdio.h>
|
||||
# include <stdlib.h>
|
||||
# include <string.h>
|
||||
# include "apps.h"
|
||||
# include "progs.h"
|
||||
# include <openssl/bio.h>
|
||||
# include <openssl/err.h>
|
||||
# include <openssl/pem.h>
|
||||
# include <openssl/rand.h>
|
||||
# include <openssl/ts.h>
|
||||
# include <openssl/bn.h>
|
||||
|
||||
/* Request nonce length, in bits (must be a multiple of 8). */
|
||||
# define NONCE_LENGTH 64
|
||||
|
||||
/* Name of config entry that defines the OID file. */
|
||||
# define ENV_OID_FILE "oid_file"
|
||||
|
||||
/* Is |EXACTLY_ONE| of three pointers set? */
|
||||
# define EXACTLY_ONE(a, b, c) \
|
||||
(( a && !b && !c) || \
|
||||
( b && !a && !c) || \
|
||||
( c && !a && !b))
|
||||
|
||||
static ASN1_OBJECT *txt2obj(const char *oid);
|
||||
static CONF *load_config_file(const char *configfile);
|
||||
|
||||
/* Query related functions. */
|
||||
static int query_command(const char *data, const char *digest,
|
||||
const EVP_MD *md, const char *policy, int no_nonce,
|
||||
int cert, const char *in, const char *out, int text);
|
||||
static TS_REQ *create_query(BIO *data_bio, const char *digest, const EVP_MD *md,
|
||||
const char *policy, int no_nonce, int cert);
|
||||
static int create_digest(BIO *input, const char *digest,
|
||||
const EVP_MD *md, unsigned char **md_value);
|
||||
static ASN1_INTEGER *create_nonce(int bits);
|
||||
|
||||
/* Reply related functions. */
|
||||
static int reply_command(CONF *conf, const char *section, const char *engine,
|
||||
const char *queryfile, const char *passin, const char *inkey,
|
||||
const EVP_MD *md, const char *signer, const char *chain,
|
||||
const char *policy, const char *in, int token_in,
|
||||
const char *out, int token_out, int text);
|
||||
static TS_RESP *read_PKCS7(BIO *in_bio);
|
||||
static TS_RESP *create_response(CONF *conf, const char *section, const char *engine,
|
||||
const char *queryfile, const char *passin,
|
||||
const char *inkey, const EVP_MD *md, const char *signer,
|
||||
const char *chain, const char *policy);
|
||||
static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data);
|
||||
static ASN1_INTEGER *next_serial(const char *serialfile);
|
||||
static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial);
|
||||
|
||||
/* Verify related functions. */
|
||||
static int verify_command(const char *data, const char *digest, const char *queryfile,
|
||||
const char *in, int token_in,
|
||||
const char *CApath, const char *CAfile, const char *untrusted,
|
||||
X509_VERIFY_PARAM *vpm);
|
||||
static TS_VERIFY_CTX *create_verify_ctx(const char *data, const char *digest,
|
||||
const char *queryfile,
|
||||
const char *CApath, const char *CAfile,
|
||||
const char *untrusted,
|
||||
X509_VERIFY_PARAM *vpm);
|
||||
static X509_STORE *create_cert_store(const char *CApath, const char *CAfile,
|
||||
X509_VERIFY_PARAM *vpm);
|
||||
static int verify_cb(int ok, X509_STORE_CTX *ctx);
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
OPT_ENGINE, OPT_CONFIG, OPT_SECTION, OPT_QUERY, OPT_DATA,
|
||||
OPT_DIGEST, OPT_TSPOLICY, OPT_NO_NONCE, OPT_CERT,
|
||||
OPT_IN, OPT_TOKEN_IN, OPT_OUT, OPT_TOKEN_OUT, OPT_TEXT,
|
||||
OPT_REPLY, OPT_QUERYFILE, OPT_PASSIN, OPT_INKEY, OPT_SIGNER,
|
||||
OPT_CHAIN, OPT_VERIFY, OPT_CAPATH, OPT_CAFILE, OPT_UNTRUSTED,
|
||||
OPT_MD, OPT_V_ENUM, OPT_R_ENUM
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS ts_options[] = {
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{"config", OPT_CONFIG, '<', "Configuration file"},
|
||||
{"section", OPT_SECTION, 's', "Section to use within config file"},
|
||||
{"query", OPT_QUERY, '-', "Generate a TS query"},
|
||||
{"data", OPT_DATA, '<', "File to hash"},
|
||||
{"digest", OPT_DIGEST, 's', "Digest (as a hex string)"},
|
||||
OPT_R_OPTIONS,
|
||||
{"tspolicy", OPT_TSPOLICY, 's', "Policy OID to use"},
|
||||
{"no_nonce", OPT_NO_NONCE, '-', "Do not include a nonce"},
|
||||
{"cert", OPT_CERT, '-', "Put cert request into query"},
|
||||
{"in", OPT_IN, '<', "Input file"},
|
||||
{"token_in", OPT_TOKEN_IN, '-', "Input is a PKCS#7 file"},
|
||||
{"out", OPT_OUT, '>', "Output file"},
|
||||
{"token_out", OPT_TOKEN_OUT, '-', "Output is a PKCS#7 file"},
|
||||
{"text", OPT_TEXT, '-', "Output text (not DER)"},
|
||||
{"reply", OPT_REPLY, '-', "Generate a TS reply"},
|
||||
{"queryfile", OPT_QUERYFILE, '<', "File containing a TS query"},
|
||||
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
|
||||
{"inkey", OPT_INKEY, 's', "File with private key for reply"},
|
||||
{"signer", OPT_SIGNER, 's', "Signer certificate file"},
|
||||
{"chain", OPT_CHAIN, '<', "File with signer CA chain"},
|
||||
{"verify", OPT_VERIFY, '-', "Verify a TS response"},
|
||||
{"CApath", OPT_CAPATH, '/', "Path to trusted CA files"},
|
||||
{"CAfile", OPT_CAFILE, '<', "File with trusted CA certs"},
|
||||
{"untrusted", OPT_UNTRUSTED, '<', "File with untrusted certs"},
|
||||
{"", OPT_MD, '-', "Any supported digest"},
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
|
||||
# endif
|
||||
{OPT_HELP_STR, 1, '-', "\nOptions specific to 'ts -verify': \n"},
|
||||
OPT_V_OPTIONS,
|
||||
{OPT_HELP_STR, 1, '-', "\n"},
|
||||
{NULL}
|
||||
};
|
||||
|
||||
/*
|
||||
* This command is so complex, special help is needed.
|
||||
*/
|
||||
static char* opt_helplist[] = {
|
||||
"Typical uses:",
|
||||
"ts -query [-rand file...] [-config file] [-data file]",
|
||||
" [-digest hexstring] [-tspolicy oid] [-no_nonce] [-cert]",
|
||||
" [-in file] [-out file] [-text]",
|
||||
" or",
|
||||
"ts -reply [-config file] [-section tsa_section]",
|
||||
" [-queryfile file] [-passin password]",
|
||||
" [-signer tsa_cert.pem] [-inkey private_key.pem]",
|
||||
" [-chain certs_file.pem] [-tspolicy oid]",
|
||||
" [-in file] [-token_in] [-out file] [-token_out]",
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
" [-text] [-engine id]",
|
||||
# else
|
||||
" [-text]",
|
||||
# endif
|
||||
" or",
|
||||
"ts -verify -CApath dir -CAfile file.pem -untrusted file.pem",
|
||||
" [-data file] [-digest hexstring]",
|
||||
" [-queryfile file] -in file [-token_in]",
|
||||
" [[options specific to 'ts -verify']]",
|
||||
NULL,
|
||||
};
|
||||
|
||||
int ts_main(int argc, char **argv)
|
||||
{
|
||||
CONF *conf = NULL;
|
||||
const char *CAfile = NULL, *untrusted = NULL, *prog;
|
||||
const char *configfile = default_config_file, *engine = NULL;
|
||||
const char *section = NULL;
|
||||
char **helpp;
|
||||
char *password = NULL;
|
||||
char *data = NULL, *digest = NULL, *policy = NULL;
|
||||
char *in = NULL, *out = NULL, *queryfile = NULL, *passin = NULL;
|
||||
char *inkey = NULL, *signer = NULL, *chain = NULL, *CApath = NULL;
|
||||
const EVP_MD *md = NULL;
|
||||
OPTION_CHOICE o, mode = OPT_ERR;
|
||||
int ret = 1, no_nonce = 0, cert = 0, text = 0;
|
||||
int vpmtouched = 0;
|
||||
X509_VERIFY_PARAM *vpm = NULL;
|
||||
/* Input is ContentInfo instead of TimeStampResp. */
|
||||
int token_in = 0;
|
||||
/* Output is ContentInfo instead of TimeStampResp. */
|
||||
int token_out = 0;
|
||||
|
||||
if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
|
||||
goto end;
|
||||
|
||||
prog = opt_init(argc, argv, ts_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF:
|
||||
case OPT_ERR:
|
||||
opthelp:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
case OPT_HELP:
|
||||
opt_help(ts_options);
|
||||
for (helpp = opt_helplist; *helpp; ++helpp)
|
||||
BIO_printf(bio_err, "%s\n", *helpp);
|
||||
ret = 0;
|
||||
goto end;
|
||||
case OPT_CONFIG:
|
||||
configfile = opt_arg();
|
||||
break;
|
||||
case OPT_SECTION:
|
||||
section = opt_arg();
|
||||
break;
|
||||
case OPT_QUERY:
|
||||
case OPT_REPLY:
|
||||
case OPT_VERIFY:
|
||||
if (mode != OPT_ERR)
|
||||
goto opthelp;
|
||||
mode = o;
|
||||
break;
|
||||
case OPT_DATA:
|
||||
data = opt_arg();
|
||||
break;
|
||||
case OPT_DIGEST:
|
||||
digest = opt_arg();
|
||||
break;
|
||||
case OPT_R_CASES:
|
||||
if (!opt_rand(o))
|
||||
goto end;
|
||||
break;
|
||||
case OPT_TSPOLICY:
|
||||
policy = opt_arg();
|
||||
break;
|
||||
case OPT_NO_NONCE:
|
||||
no_nonce = 1;
|
||||
break;
|
||||
case OPT_CERT:
|
||||
cert = 1;
|
||||
break;
|
||||
case OPT_IN:
|
||||
in = opt_arg();
|
||||
break;
|
||||
case OPT_TOKEN_IN:
|
||||
token_in = 1;
|
||||
break;
|
||||
case OPT_OUT:
|
||||
out = opt_arg();
|
||||
break;
|
||||
case OPT_TOKEN_OUT:
|
||||
token_out = 1;
|
||||
break;
|
||||
case OPT_TEXT:
|
||||
text = 1;
|
||||
break;
|
||||
case OPT_QUERYFILE:
|
||||
queryfile = opt_arg();
|
||||
break;
|
||||
case OPT_PASSIN:
|
||||
passin = opt_arg();
|
||||
break;
|
||||
case OPT_INKEY:
|
||||
inkey = opt_arg();
|
||||
break;
|
||||
case OPT_SIGNER:
|
||||
signer = opt_arg();
|
||||
break;
|
||||
case OPT_CHAIN:
|
||||
chain = opt_arg();
|
||||
break;
|
||||
case OPT_CAPATH:
|
||||
CApath = opt_arg();
|
||||
break;
|
||||
case OPT_CAFILE:
|
||||
CAfile = opt_arg();
|
||||
break;
|
||||
case OPT_UNTRUSTED:
|
||||
untrusted = opt_arg();
|
||||
break;
|
||||
case OPT_ENGINE:
|
||||
engine = opt_arg();
|
||||
break;
|
||||
case OPT_MD:
|
||||
if (!opt_md(opt_unknown(), &md))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_V_CASES:
|
||||
if (!opt_verify(o, vpm))
|
||||
goto end;
|
||||
vpmtouched++;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (mode == OPT_ERR || opt_num_rest() != 0)
|
||||
goto opthelp;
|
||||
|
||||
if (mode == OPT_REPLY && passin &&
|
||||
!app_passwd(passin, NULL, &password, NULL)) {
|
||||
BIO_printf(bio_err, "Error getting password.\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
conf = load_config_file(configfile);
|
||||
if (configfile != default_config_file && !app_load_modules(conf))
|
||||
goto end;
|
||||
|
||||
/* Check parameter consistency and execute the appropriate function. */
|
||||
if (mode == OPT_QUERY) {
|
||||
if (vpmtouched)
|
||||
goto opthelp;
|
||||
if ((data != NULL) && (digest != NULL))
|
||||
goto opthelp;
|
||||
ret = !query_command(data, digest, md, policy, no_nonce, cert,
|
||||
in, out, text);
|
||||
} else if (mode == OPT_REPLY) {
|
||||
if (vpmtouched)
|
||||
goto opthelp;
|
||||
if ((in != NULL) && (queryfile != NULL))
|
||||
goto opthelp;
|
||||
if (in == NULL) {
|
||||
if ((conf == NULL) || (token_in != 0))
|
||||
goto opthelp;
|
||||
}
|
||||
ret = !reply_command(conf, section, engine, queryfile,
|
||||
password, inkey, md, signer, chain, policy,
|
||||
in, token_in, out, token_out, text);
|
||||
|
||||
} else if (mode == OPT_VERIFY) {
|
||||
if ((in == NULL) || !EXACTLY_ONE(queryfile, data, digest))
|
||||
goto opthelp;
|
||||
ret = !verify_command(data, digest, queryfile, in, token_in,
|
||||
CApath, CAfile, untrusted,
|
||||
vpmtouched ? vpm : NULL);
|
||||
} else {
|
||||
goto opthelp;
|
||||
}
|
||||
|
||||
end:
|
||||
X509_VERIFY_PARAM_free(vpm);
|
||||
NCONF_free(conf);
|
||||
OPENSSL_free(password);
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
* Configuration file-related function definitions.
|
||||
*/
|
||||
|
||||
static ASN1_OBJECT *txt2obj(const char *oid)
|
||||
{
|
||||
ASN1_OBJECT *oid_obj = NULL;
|
||||
|
||||
if ((oid_obj = OBJ_txt2obj(oid, 0)) == NULL)
|
||||
BIO_printf(bio_err, "cannot convert %s to OID\n", oid);
|
||||
|
||||
return oid_obj;
|
||||
}
|
||||
|
||||
static CONF *load_config_file(const char *configfile)
|
||||
{
|
||||
CONF *conf = app_load_config(configfile);
|
||||
|
||||
if (conf != NULL) {
|
||||
const char *p;
|
||||
|
||||
BIO_printf(bio_err, "Using configuration from %s\n", configfile);
|
||||
p = NCONF_get_string(conf, NULL, ENV_OID_FILE);
|
||||
if (p != NULL) {
|
||||
BIO *oid_bio = BIO_new_file(p, "r");
|
||||
if (!oid_bio)
|
||||
ERR_print_errors(bio_err);
|
||||
else {
|
||||
OBJ_create_objects(oid_bio);
|
||||
BIO_free_all(oid_bio);
|
||||
}
|
||||
} else
|
||||
ERR_clear_error();
|
||||
if (!add_oid_section(conf))
|
||||
ERR_print_errors(bio_err);
|
||||
}
|
||||
return conf;
|
||||
}
|
||||
|
||||
/*
|
||||
* Query-related method definitions.
|
||||
*/
|
||||
static int query_command(const char *data, const char *digest, const EVP_MD *md,
|
||||
const char *policy, int no_nonce,
|
||||
int cert, const char *in, const char *out, int text)
|
||||
{
|
||||
int ret = 0;
|
||||
TS_REQ *query = NULL;
|
||||
BIO *in_bio = NULL;
|
||||
BIO *data_bio = NULL;
|
||||
BIO *out_bio = NULL;
|
||||
|
||||
/* Build query object. */
|
||||
if (in != NULL) {
|
||||
if ((in_bio = bio_open_default(in, 'r', FORMAT_ASN1)) == NULL)
|
||||
goto end;
|
||||
query = d2i_TS_REQ_bio(in_bio, NULL);
|
||||
} else {
|
||||
if (digest == NULL
|
||||
&& (data_bio = bio_open_default(data, 'r', FORMAT_ASN1)) == NULL)
|
||||
goto end;
|
||||
query = create_query(data_bio, digest, md, policy, no_nonce, cert);
|
||||
}
|
||||
if (query == NULL)
|
||||
goto end;
|
||||
|
||||
if (text) {
|
||||
if ((out_bio = bio_open_default(out, 'w', FORMAT_TEXT)) == NULL)
|
||||
goto end;
|
||||
if (!TS_REQ_print_bio(out_bio, query))
|
||||
goto end;
|
||||
} else {
|
||||
if ((out_bio = bio_open_default(out, 'w', FORMAT_ASN1)) == NULL)
|
||||
goto end;
|
||||
if (!i2d_TS_REQ_bio(out_bio, query))
|
||||
goto end;
|
||||
}
|
||||
|
||||
ret = 1;
|
||||
|
||||
end:
|
||||
ERR_print_errors(bio_err);
|
||||
BIO_free_all(in_bio);
|
||||
BIO_free_all(data_bio);
|
||||
BIO_free_all(out_bio);
|
||||
TS_REQ_free(query);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static TS_REQ *create_query(BIO *data_bio, const char *digest, const EVP_MD *md,
|
||||
const char *policy, int no_nonce, int cert)
|
||||
{
|
||||
int ret = 0;
|
||||
TS_REQ *ts_req = NULL;
|
||||
int len;
|
||||
TS_MSG_IMPRINT *msg_imprint = NULL;
|
||||
X509_ALGOR *algo = NULL;
|
||||
unsigned char *data = NULL;
|
||||
ASN1_OBJECT *policy_obj = NULL;
|
||||
ASN1_INTEGER *nonce_asn1 = NULL;
|
||||
|
||||
if (md == NULL && (md = EVP_get_digestbyname("sha1")) == NULL)
|
||||
goto err;
|
||||
if ((ts_req = TS_REQ_new()) == NULL)
|
||||
goto err;
|
||||
if (!TS_REQ_set_version(ts_req, 1))
|
||||
goto err;
|
||||
if ((msg_imprint = TS_MSG_IMPRINT_new()) == NULL)
|
||||
goto err;
|
||||
if ((algo = X509_ALGOR_new()) == NULL)
|
||||
goto err;
|
||||
if ((algo->algorithm = OBJ_nid2obj(EVP_MD_type(md))) == NULL)
|
||||
goto err;
|
||||
if ((algo->parameter = ASN1_TYPE_new()) == NULL)
|
||||
goto err;
|
||||
algo->parameter->type = V_ASN1_NULL;
|
||||
if (!TS_MSG_IMPRINT_set_algo(msg_imprint, algo))
|
||||
goto err;
|
||||
if ((len = create_digest(data_bio, digest, md, &data)) == 0)
|
||||
goto err;
|
||||
if (!TS_MSG_IMPRINT_set_msg(msg_imprint, data, len))
|
||||
goto err;
|
||||
if (!TS_REQ_set_msg_imprint(ts_req, msg_imprint))
|
||||
goto err;
|
||||
if (policy && (policy_obj = txt2obj(policy)) == NULL)
|
||||
goto err;
|
||||
if (policy_obj && !TS_REQ_set_policy_id(ts_req, policy_obj))
|
||||
goto err;
|
||||
|
||||
/* Setting nonce if requested. */
|
||||
if (!no_nonce && (nonce_asn1 = create_nonce(NONCE_LENGTH)) == NULL)
|
||||
goto err;
|
||||
if (nonce_asn1 && !TS_REQ_set_nonce(ts_req, nonce_asn1))
|
||||
goto err;
|
||||
if (!TS_REQ_set_cert_req(ts_req, cert))
|
||||
goto err;
|
||||
|
||||
ret = 1;
|
||||
err:
|
||||
if (!ret) {
|
||||
TS_REQ_free(ts_req);
|
||||
ts_req = NULL;
|
||||
BIO_printf(bio_err, "could not create query\n");
|
||||
ERR_print_errors(bio_err);
|
||||
}
|
||||
TS_MSG_IMPRINT_free(msg_imprint);
|
||||
X509_ALGOR_free(algo);
|
||||
OPENSSL_free(data);
|
||||
ASN1_OBJECT_free(policy_obj);
|
||||
ASN1_INTEGER_free(nonce_asn1);
|
||||
return ts_req;
|
||||
}
|
||||
|
||||
static int create_digest(BIO *input, const char *digest, const EVP_MD *md,
|
||||
unsigned char **md_value)
|
||||
{
|
||||
int md_value_len;
|
||||
int rv = 0;
|
||||
EVP_MD_CTX *md_ctx = NULL;
|
||||
|
||||
md_value_len = EVP_MD_size(md);
|
||||
if (md_value_len < 0)
|
||||
return 0;
|
||||
|
||||
if (input != NULL) {
|
||||
unsigned char buffer[4096];
|
||||
int length;
|
||||
|
||||
md_ctx = EVP_MD_CTX_new();
|
||||
if (md_ctx == NULL)
|
||||
return 0;
|
||||
*md_value = app_malloc(md_value_len, "digest buffer");
|
||||
if (!EVP_DigestInit(md_ctx, md))
|
||||
goto err;
|
||||
while ((length = BIO_read(input, buffer, sizeof(buffer))) > 0) {
|
||||
if (!EVP_DigestUpdate(md_ctx, buffer, length))
|
||||
goto err;
|
||||
}
|
||||
if (!EVP_DigestFinal(md_ctx, *md_value, NULL))
|
||||
goto err;
|
||||
md_value_len = EVP_MD_size(md);
|
||||
} else {
|
||||
long digest_len;
|
||||
*md_value = OPENSSL_hexstr2buf(digest, &digest_len);
|
||||
if (!*md_value || md_value_len != digest_len) {
|
||||
OPENSSL_free(*md_value);
|
||||
*md_value = NULL;
|
||||
BIO_printf(bio_err, "bad digest, %d bytes "
|
||||
"must be specified\n", md_value_len);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
rv = md_value_len;
|
||||
err:
|
||||
EVP_MD_CTX_free(md_ctx);
|
||||
return rv;
|
||||
}
|
||||
|
||||
static ASN1_INTEGER *create_nonce(int bits)
|
||||
{
|
||||
unsigned char buf[20];
|
||||
ASN1_INTEGER *nonce = NULL;
|
||||
int len = (bits - 1) / 8 + 1;
|
||||
int i;
|
||||
|
||||
if (len > (int)sizeof(buf))
|
||||
goto err;
|
||||
if (RAND_bytes(buf, len) <= 0)
|
||||
goto err;
|
||||
|
||||
/* Find the first non-zero byte and creating ASN1_INTEGER object. */
|
||||
for (i = 0; i < len && !buf[i]; ++i)
|
||||
continue;
|
||||
if ((nonce = ASN1_INTEGER_new()) == NULL)
|
||||
goto err;
|
||||
OPENSSL_free(nonce->data);
|
||||
nonce->length = len - i;
|
||||
nonce->data = app_malloc(nonce->length + 1, "nonce buffer");
|
||||
memcpy(nonce->data, buf + i, nonce->length);
|
||||
return nonce;
|
||||
|
||||
err:
|
||||
BIO_printf(bio_err, "could not create nonce\n");
|
||||
ASN1_INTEGER_free(nonce);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/*
|
||||
* Reply-related method definitions.
|
||||
*/
|
||||
|
||||
static int reply_command(CONF *conf, const char *section, const char *engine,
|
||||
const char *queryfile, const char *passin, const char *inkey,
|
||||
const EVP_MD *md, const char *signer, const char *chain,
|
||||
const char *policy, const char *in, int token_in,
|
||||
const char *out, int token_out, int text)
|
||||
{
|
||||
int ret = 0;
|
||||
TS_RESP *response = NULL;
|
||||
BIO *in_bio = NULL;
|
||||
BIO *query_bio = NULL;
|
||||
BIO *inkey_bio = NULL;
|
||||
BIO *signer_bio = NULL;
|
||||
BIO *out_bio = NULL;
|
||||
|
||||
if (in != NULL) {
|
||||
if ((in_bio = BIO_new_file(in, "rb")) == NULL)
|
||||
goto end;
|
||||
if (token_in) {
|
||||
response = read_PKCS7(in_bio);
|
||||
} else {
|
||||
response = d2i_TS_RESP_bio(in_bio, NULL);
|
||||
}
|
||||
} else {
|
||||
response = create_response(conf, section, engine, queryfile,
|
||||
passin, inkey, md, signer, chain, policy);
|
||||
if (response != NULL)
|
||||
BIO_printf(bio_err, "Response has been generated.\n");
|
||||
else
|
||||
BIO_printf(bio_err, "Response is not generated.\n");
|
||||
}
|
||||
if (response == NULL)
|
||||
goto end;
|
||||
|
||||
/* Write response. */
|
||||
if (text) {
|
||||
if ((out_bio = bio_open_default(out, 'w', FORMAT_TEXT)) == NULL)
|
||||
goto end;
|
||||
if (token_out) {
|
||||
TS_TST_INFO *tst_info = TS_RESP_get_tst_info(response);
|
||||
if (!TS_TST_INFO_print_bio(out_bio, tst_info))
|
||||
goto end;
|
||||
} else {
|
||||
if (!TS_RESP_print_bio(out_bio, response))
|
||||
goto end;
|
||||
}
|
||||
} else {
|
||||
if ((out_bio = bio_open_default(out, 'w', FORMAT_ASN1)) == NULL)
|
||||
goto end;
|
||||
if (token_out) {
|
||||
PKCS7 *token = TS_RESP_get_token(response);
|
||||
if (!i2d_PKCS7_bio(out_bio, token))
|
||||
goto end;
|
||||
} else {
|
||||
if (!i2d_TS_RESP_bio(out_bio, response))
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
ret = 1;
|
||||
|
||||
end:
|
||||
ERR_print_errors(bio_err);
|
||||
BIO_free_all(in_bio);
|
||||
BIO_free_all(query_bio);
|
||||
BIO_free_all(inkey_bio);
|
||||
BIO_free_all(signer_bio);
|
||||
BIO_free_all(out_bio);
|
||||
TS_RESP_free(response);
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* Reads a PKCS7 token and adds default 'granted' status info to it. */
|
||||
static TS_RESP *read_PKCS7(BIO *in_bio)
|
||||
{
|
||||
int ret = 0;
|
||||
PKCS7 *token = NULL;
|
||||
TS_TST_INFO *tst_info = NULL;
|
||||
TS_RESP *resp = NULL;
|
||||
TS_STATUS_INFO *si = NULL;
|
||||
|
||||
if ((token = d2i_PKCS7_bio(in_bio, NULL)) == NULL)
|
||||
goto end;
|
||||
if ((tst_info = PKCS7_to_TS_TST_INFO(token)) == NULL)
|
||||
goto end;
|
||||
if ((resp = TS_RESP_new()) == NULL)
|
||||
goto end;
|
||||
if ((si = TS_STATUS_INFO_new()) == NULL)
|
||||
goto end;
|
||||
if (!TS_STATUS_INFO_set_status(si, TS_STATUS_GRANTED))
|
||||
goto end;
|
||||
if (!TS_RESP_set_status_info(resp, si))
|
||||
goto end;
|
||||
TS_RESP_set_tst_info(resp, token, tst_info);
|
||||
token = NULL; /* Ownership is lost. */
|
||||
tst_info = NULL; /* Ownership is lost. */
|
||||
ret = 1;
|
||||
|
||||
end:
|
||||
PKCS7_free(token);
|
||||
TS_TST_INFO_free(tst_info);
|
||||
if (!ret) {
|
||||
TS_RESP_free(resp);
|
||||
resp = NULL;
|
||||
}
|
||||
TS_STATUS_INFO_free(si);
|
||||
return resp;
|
||||
}
|
||||
|
||||
static TS_RESP *create_response(CONF *conf, const char *section, const char *engine,
|
||||
const char *queryfile, const char *passin,
|
||||
const char *inkey, const EVP_MD *md, const char *signer,
|
||||
const char *chain, const char *policy)
|
||||
{
|
||||
int ret = 0;
|
||||
TS_RESP *response = NULL;
|
||||
BIO *query_bio = NULL;
|
||||
TS_RESP_CTX *resp_ctx = NULL;
|
||||
|
||||
if ((query_bio = BIO_new_file(queryfile, "rb")) == NULL)
|
||||
goto end;
|
||||
if ((section = TS_CONF_get_tsa_section(conf, section)) == NULL)
|
||||
goto end;
|
||||
if ((resp_ctx = TS_RESP_CTX_new()) == NULL)
|
||||
goto end;
|
||||
if (!TS_CONF_set_serial(conf, section, serial_cb, resp_ctx))
|
||||
goto end;
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
if (!TS_CONF_set_crypto_device(conf, section, engine))
|
||||
goto end;
|
||||
# endif
|
||||
if (!TS_CONF_set_signer_cert(conf, section, signer, resp_ctx))
|
||||
goto end;
|
||||
if (!TS_CONF_set_certs(conf, section, chain, resp_ctx))
|
||||
goto end;
|
||||
if (!TS_CONF_set_signer_key(conf, section, inkey, passin, resp_ctx))
|
||||
goto end;
|
||||
|
||||
if (md) {
|
||||
if (!TS_RESP_CTX_set_signer_digest(resp_ctx, md))
|
||||
goto end;
|
||||
} else if (!TS_CONF_set_signer_digest(conf, section, NULL, resp_ctx)) {
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!TS_CONF_set_ess_cert_id_digest(conf, section, resp_ctx))
|
||||
goto end;
|
||||
if (!TS_CONF_set_def_policy(conf, section, policy, resp_ctx))
|
||||
goto end;
|
||||
if (!TS_CONF_set_policies(conf, section, resp_ctx))
|
||||
goto end;
|
||||
if (!TS_CONF_set_digests(conf, section, resp_ctx))
|
||||
goto end;
|
||||
if (!TS_CONF_set_accuracy(conf, section, resp_ctx))
|
||||
goto end;
|
||||
if (!TS_CONF_set_clock_precision_digits(conf, section, resp_ctx))
|
||||
goto end;
|
||||
if (!TS_CONF_set_ordering(conf, section, resp_ctx))
|
||||
goto end;
|
||||
if (!TS_CONF_set_tsa_name(conf, section, resp_ctx))
|
||||
goto end;
|
||||
if (!TS_CONF_set_ess_cert_id_chain(conf, section, resp_ctx))
|
||||
goto end;
|
||||
if ((response = TS_RESP_create_response(resp_ctx, query_bio)) == NULL)
|
||||
goto end;
|
||||
ret = 1;
|
||||
|
||||
end:
|
||||
if (!ret) {
|
||||
TS_RESP_free(response);
|
||||
response = NULL;
|
||||
}
|
||||
TS_RESP_CTX_free(resp_ctx);
|
||||
BIO_free_all(query_bio);
|
||||
return response;
|
||||
}
|
||||
|
||||
static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data)
|
||||
{
|
||||
const char *serial_file = (const char *)data;
|
||||
ASN1_INTEGER *serial = next_serial(serial_file);
|
||||
|
||||
if (serial == NULL) {
|
||||
TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
|
||||
"Error during serial number "
|
||||
"generation.");
|
||||
TS_RESP_CTX_add_failure_info(ctx, TS_INFO_ADD_INFO_NOT_AVAILABLE);
|
||||
} else {
|
||||
save_ts_serial(serial_file, serial);
|
||||
}
|
||||
|
||||
return serial;
|
||||
}
|
||||
|
||||
static ASN1_INTEGER *next_serial(const char *serialfile)
|
||||
{
|
||||
int ret = 0;
|
||||
BIO *in = NULL;
|
||||
ASN1_INTEGER *serial = NULL;
|
||||
BIGNUM *bn = NULL;
|
||||
|
||||
if ((serial = ASN1_INTEGER_new()) == NULL)
|
||||
goto err;
|
||||
|
||||
if ((in = BIO_new_file(serialfile, "r")) == NULL) {
|
||||
ERR_clear_error();
|
||||
BIO_printf(bio_err, "Warning: could not open file %s for "
|
||||
"reading, using serial number: 1\n", serialfile);
|
||||
if (!ASN1_INTEGER_set(serial, 1))
|
||||
goto err;
|
||||
} else {
|
||||
char buf[1024];
|
||||
if (!a2i_ASN1_INTEGER(in, serial, buf, sizeof(buf))) {
|
||||
BIO_printf(bio_err, "unable to load number from %s\n",
|
||||
serialfile);
|
||||
goto err;
|
||||
}
|
||||
if ((bn = ASN1_INTEGER_to_BN(serial, NULL)) == NULL)
|
||||
goto err;
|
||||
ASN1_INTEGER_free(serial);
|
||||
serial = NULL;
|
||||
if (!BN_add_word(bn, 1))
|
||||
goto err;
|
||||
if ((serial = BN_to_ASN1_INTEGER(bn, NULL)) == NULL)
|
||||
goto err;
|
||||
}
|
||||
ret = 1;
|
||||
|
||||
err:
|
||||
if (!ret) {
|
||||
ASN1_INTEGER_free(serial);
|
||||
serial = NULL;
|
||||
}
|
||||
BIO_free_all(in);
|
||||
BN_free(bn);
|
||||
return serial;
|
||||
}
|
||||
|
||||
static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial)
|
||||
{
|
||||
int ret = 0;
|
||||
BIO *out = NULL;
|
||||
|
||||
if ((out = BIO_new_file(serialfile, "w")) == NULL)
|
||||
goto err;
|
||||
if (i2a_ASN1_INTEGER(out, serial) <= 0)
|
||||
goto err;
|
||||
if (BIO_puts(out, "\n") <= 0)
|
||||
goto err;
|
||||
ret = 1;
|
||||
err:
|
||||
if (!ret)
|
||||
BIO_printf(bio_err, "could not save serial number to %s\n",
|
||||
serialfile);
|
||||
BIO_free_all(out);
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Verify-related method definitions.
|
||||
*/
|
||||
|
||||
static int verify_command(const char *data, const char *digest, const char *queryfile,
|
||||
const char *in, int token_in,
|
||||
const char *CApath, const char *CAfile, const char *untrusted,
|
||||
X509_VERIFY_PARAM *vpm)
|
||||
{
|
||||
BIO *in_bio = NULL;
|
||||
PKCS7 *token = NULL;
|
||||
TS_RESP *response = NULL;
|
||||
TS_VERIFY_CTX *verify_ctx = NULL;
|
||||
int ret = 0;
|
||||
|
||||
if ((in_bio = BIO_new_file(in, "rb")) == NULL)
|
||||
goto end;
|
||||
if (token_in) {
|
||||
if ((token = d2i_PKCS7_bio(in_bio, NULL)) == NULL)
|
||||
goto end;
|
||||
} else {
|
||||
if ((response = d2i_TS_RESP_bio(in_bio, NULL)) == NULL)
|
||||
goto end;
|
||||
}
|
||||
|
||||
if ((verify_ctx = create_verify_ctx(data, digest, queryfile,
|
||||
CApath, CAfile, untrusted,
|
||||
vpm)) == NULL)
|
||||
goto end;
|
||||
|
||||
ret = token_in
|
||||
? TS_RESP_verify_token(verify_ctx, token)
|
||||
: TS_RESP_verify_response(verify_ctx, response);
|
||||
|
||||
end:
|
||||
printf("Verification: ");
|
||||
if (ret)
|
||||
printf("OK\n");
|
||||
else {
|
||||
printf("FAILED\n");
|
||||
ERR_print_errors(bio_err);
|
||||
}
|
||||
|
||||
BIO_free_all(in_bio);
|
||||
PKCS7_free(token);
|
||||
TS_RESP_free(response);
|
||||
TS_VERIFY_CTX_free(verify_ctx);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static TS_VERIFY_CTX *create_verify_ctx(const char *data, const char *digest,
|
||||
const char *queryfile,
|
||||
const char *CApath, const char *CAfile,
|
||||
const char *untrusted,
|
||||
X509_VERIFY_PARAM *vpm)
|
||||
{
|
||||
TS_VERIFY_CTX *ctx = NULL;
|
||||
BIO *input = NULL;
|
||||
TS_REQ *request = NULL;
|
||||
int ret = 0;
|
||||
int f = 0;
|
||||
|
||||
if (data != NULL || digest != NULL) {
|
||||
if ((ctx = TS_VERIFY_CTX_new()) == NULL)
|
||||
goto err;
|
||||
f = TS_VFY_VERSION | TS_VFY_SIGNER;
|
||||
if (data != NULL) {
|
||||
BIO *out = NULL;
|
||||
|
||||
f |= TS_VFY_DATA;
|
||||
if ((out = BIO_new_file(data, "rb")) == NULL)
|
||||
goto err;
|
||||
if (TS_VERIFY_CTX_set_data(ctx, out) == NULL) {
|
||||
BIO_free_all(out);
|
||||
goto err;
|
||||
}
|
||||
} else if (digest != NULL) {
|
||||
long imprint_len;
|
||||
unsigned char *hexstr = OPENSSL_hexstr2buf(digest, &imprint_len);
|
||||
f |= TS_VFY_IMPRINT;
|
||||
if (TS_VERIFY_CTX_set_imprint(ctx, hexstr, imprint_len) == NULL) {
|
||||
BIO_printf(bio_err, "invalid digest string\n");
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
|
||||
} else if (queryfile != NULL) {
|
||||
if ((input = BIO_new_file(queryfile, "rb")) == NULL)
|
||||
goto err;
|
||||
if ((request = d2i_TS_REQ_bio(input, NULL)) == NULL)
|
||||
goto err;
|
||||
if ((ctx = TS_REQ_to_TS_VERIFY_CTX(request, NULL)) == NULL)
|
||||
goto err;
|
||||
} else {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/* Add the signature verification flag and arguments. */
|
||||
TS_VERIFY_CTX_add_flags(ctx, f | TS_VFY_SIGNATURE);
|
||||
|
||||
/* Initialising the X509_STORE object. */
|
||||
if (TS_VERIFY_CTX_set_store(ctx, create_cert_store(CApath, CAfile, vpm))
|
||||
== NULL)
|
||||
goto err;
|
||||
|
||||
/* Loading untrusted certificates. */
|
||||
if (untrusted
|
||||
&& TS_VERIFY_CTS_set_certs(ctx, TS_CONF_load_certs(untrusted)) == NULL)
|
||||
goto err;
|
||||
ret = 1;
|
||||
|
||||
err:
|
||||
if (!ret) {
|
||||
TS_VERIFY_CTX_free(ctx);
|
||||
ctx = NULL;
|
||||
}
|
||||
BIO_free_all(input);
|
||||
TS_REQ_free(request);
|
||||
return ctx;
|
||||
}
|
||||
|
||||
static X509_STORE *create_cert_store(const char *CApath, const char *CAfile,
|
||||
X509_VERIFY_PARAM *vpm)
|
||||
{
|
||||
X509_STORE *cert_ctx = NULL;
|
||||
X509_LOOKUP *lookup = NULL;
|
||||
int i;
|
||||
|
||||
cert_ctx = X509_STORE_new();
|
||||
X509_STORE_set_verify_cb(cert_ctx, verify_cb);
|
||||
if (CApath != NULL) {
|
||||
lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir());
|
||||
if (lookup == NULL) {
|
||||
BIO_printf(bio_err, "memory allocation failure\n");
|
||||
goto err;
|
||||
}
|
||||
i = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM);
|
||||
if (!i) {
|
||||
BIO_printf(bio_err, "Error loading directory %s\n", CApath);
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
|
||||
if (CAfile != NULL) {
|
||||
lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
|
||||
if (lookup == NULL) {
|
||||
BIO_printf(bio_err, "memory allocation failure\n");
|
||||
goto err;
|
||||
}
|
||||
i = X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM);
|
||||
if (!i) {
|
||||
BIO_printf(bio_err, "Error loading file %s\n", CAfile);
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
|
||||
if (vpm != NULL)
|
||||
X509_STORE_set1_param(cert_ctx, vpm);
|
||||
|
||||
return cert_ctx;
|
||||
|
||||
err:
|
||||
X509_STORE_free(cert_ctx);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static int verify_cb(int ok, X509_STORE_CTX *ctx)
|
||||
{
|
||||
return ok;
|
||||
}
|
||||
#endif /* ndef OPENSSL_NO_TS */
|
200
trunk/3rdparty/openssl-1.1-fit/apps/tsget.in
vendored
Normal file
200
trunk/3rdparty/openssl-1.1-fit/apps/tsget.in
vendored
Normal file
|
@ -0,0 +1,200 @@
|
|||
#!{- $config{HASHBANGPERL} -}
|
||||
# Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright (c) 2002 The OpenTSA Project. All rights reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
# in the file LICENSE in the source distribution or at
|
||||
# https://www.openssl.org/source/license.html
|
||||
|
||||
use strict;
|
||||
use IO::Handle;
|
||||
use Getopt::Std;
|
||||
use File::Basename;
|
||||
use WWW::Curl::Easy;
|
||||
|
||||
use vars qw(%options);
|
||||
|
||||
# Callback for reading the body.
|
||||
sub read_body {
|
||||
my ($maxlength, $state) = @_;
|
||||
my $return_data = "";
|
||||
my $data_len = length ${$state->{data}};
|
||||
if ($state->{bytes} < $data_len) {
|
||||
$data_len = $data_len - $state->{bytes};
|
||||
$data_len = $maxlength if $data_len > $maxlength;
|
||||
$return_data = substr ${$state->{data}}, $state->{bytes}, $data_len;
|
||||
$state->{bytes} += $data_len;
|
||||
}
|
||||
return $return_data;
|
||||
}
|
||||
|
||||
# Callback for writing the body into a variable.
|
||||
sub write_body {
|
||||
my ($data, $pointer) = @_;
|
||||
${$pointer} .= $data;
|
||||
return length($data);
|
||||
}
|
||||
|
||||
# Initialise a new Curl object.
|
||||
sub create_curl {
|
||||
my $url = shift;
|
||||
|
||||
# Create Curl object.
|
||||
my $curl = WWW::Curl::Easy::new();
|
||||
|
||||
# Error-handling related options.
|
||||
$curl->setopt(CURLOPT_VERBOSE, 1) if $options{d};
|
||||
$curl->setopt(CURLOPT_FAILONERROR, 1);
|
||||
$curl->setopt(CURLOPT_USERAGENT,
|
||||
"OpenTSA tsget.pl/openssl-{- $config{version} -}");
|
||||
|
||||
# Options for POST method.
|
||||
$curl->setopt(CURLOPT_UPLOAD, 1);
|
||||
$curl->setopt(CURLOPT_CUSTOMREQUEST, "POST");
|
||||
$curl->setopt(CURLOPT_HTTPHEADER,
|
||||
["Content-Type: application/timestamp-query",
|
||||
"Accept: application/timestamp-reply,application/timestamp-response"]);
|
||||
$curl->setopt(CURLOPT_READFUNCTION, \&read_body);
|
||||
$curl->setopt(CURLOPT_HEADERFUNCTION, sub { return length($_[0]); });
|
||||
|
||||
# Options for getting the result.
|
||||
$curl->setopt(CURLOPT_WRITEFUNCTION, \&write_body);
|
||||
|
||||
# SSL related options.
|
||||
$curl->setopt(CURLOPT_SSLKEYTYPE, "PEM");
|
||||
$curl->setopt(CURLOPT_SSL_VERIFYPEER, 1); # Verify server's certificate.
|
||||
$curl->setopt(CURLOPT_SSL_VERIFYHOST, 2); # Check server's CN.
|
||||
$curl->setopt(CURLOPT_SSLKEY, $options{k}) if defined($options{k});
|
||||
$curl->setopt(CURLOPT_SSLKEYPASSWD, $options{p}) if defined($options{p});
|
||||
$curl->setopt(CURLOPT_SSLCERT, $options{c}) if defined($options{c});
|
||||
$curl->setopt(CURLOPT_CAINFO, $options{C}) if defined($options{C});
|
||||
$curl->setopt(CURLOPT_CAPATH, $options{P}) if defined($options{P});
|
||||
$curl->setopt(CURLOPT_RANDOM_FILE, $options{r}) if defined($options{r});
|
||||
$curl->setopt(CURLOPT_EGDSOCKET, $options{g}) if defined($options{g});
|
||||
|
||||
# Setting destination.
|
||||
$curl->setopt(CURLOPT_URL, $url);
|
||||
|
||||
return $curl;
|
||||
}
|
||||
|
||||
# Send a request and returns the body back.
|
||||
sub get_timestamp {
|
||||
my $curl = shift;
|
||||
my $body = shift;
|
||||
my $ts_body;
|
||||
local $::error_buf;
|
||||
|
||||
# Error-handling related options.
|
||||
$curl->setopt(CURLOPT_ERRORBUFFER, "::error_buf");
|
||||
|
||||
# Options for POST method.
|
||||
$curl->setopt(CURLOPT_INFILE, {data => $body, bytes => 0});
|
||||
$curl->setopt(CURLOPT_INFILESIZE, length(${$body}));
|
||||
|
||||
# Options for getting the result.
|
||||
$curl->setopt(CURLOPT_FILE, \$ts_body);
|
||||
|
||||
# Send the request...
|
||||
my $error_code = $curl->perform();
|
||||
my $error_string;
|
||||
if ($error_code != 0) {
|
||||
my $http_code = $curl->getinfo(CURLINFO_HTTP_CODE);
|
||||
$error_string = "could not get timestamp";
|
||||
$error_string .= ", http code: $http_code" unless $http_code == 0;
|
||||
$error_string .= ", curl code: $error_code";
|
||||
$error_string .= " ($::error_buf)" if defined($::error_buf);
|
||||
} else {
|
||||
my $ct = $curl->getinfo(CURLINFO_CONTENT_TYPE);
|
||||
if (lc($ct) ne "application/timestamp-reply"
|
||||
&& lc($ct) ne "application/timestamp-response") {
|
||||
$error_string = "unexpected content type returned: $ct";
|
||||
}
|
||||
}
|
||||
return ($ts_body, $error_string);
|
||||
|
||||
}
|
||||
|
||||
# Print usage information and exists.
|
||||
sub usage {
|
||||
|
||||
print STDERR "usage: $0 -h <server_url> [-e <extension>] [-o <output>] ";
|
||||
print STDERR "[-v] [-d] [-k <private_key.pem>] [-p <key_password>] ";
|
||||
print STDERR "[-c <client_cert.pem>] [-C <CA_certs.pem>] [-P <CA_path>] ";
|
||||
print STDERR "[-r <file:file...>] [-g <EGD_socket>] [<request>]...\n";
|
||||
exit 1;
|
||||
}
|
||||
|
||||
# ----------------------------------------------------------------------
|
||||
# Main program
|
||||
# ----------------------------------------------------------------------
|
||||
|
||||
# Getting command-line options (default comes from TSGET environment variable).
|
||||
my $getopt_arg = "h:e:o:vdk:p:c:C:P:r:g:";
|
||||
if (exists $ENV{TSGET}) {
|
||||
my @old_argv = @ARGV;
|
||||
@ARGV = split /\s+/, $ENV{TSGET};
|
||||
getopts($getopt_arg, \%options) or usage;
|
||||
@ARGV = @old_argv;
|
||||
}
|
||||
getopts($getopt_arg, \%options) or usage;
|
||||
|
||||
# Checking argument consistency.
|
||||
if (!exists($options{h}) || (@ARGV == 0 && !exists($options{o}))
|
||||
|| (@ARGV > 1 && exists($options{o}))) {
|
||||
print STDERR "Inconsistent command line options.\n";
|
||||
usage;
|
||||
}
|
||||
# Setting defaults.
|
||||
@ARGV = ("-") unless @ARGV != 0;
|
||||
$options{e} = ".tsr" unless defined($options{e});
|
||||
|
||||
# Processing requests.
|
||||
my $curl = create_curl $options{h};
|
||||
undef $/; # For reading whole files.
|
||||
REQUEST: foreach (@ARGV) {
|
||||
my $input = $_;
|
||||
my ($base, $path) = fileparse($input, '\.[^.]*');
|
||||
my $output_base = $base . $options{e};
|
||||
my $output = defined($options{o}) ? $options{o} : $path . $output_base;
|
||||
|
||||
STDERR->printflush("$input: ") if $options{v};
|
||||
# Read request.
|
||||
my $body;
|
||||
if ($input eq "-") {
|
||||
# Read the request from STDIN;
|
||||
$body = <STDIN>;
|
||||
} else {
|
||||
# Read the request from file.
|
||||
open INPUT, "<" . $input
|
||||
or warn("$input: could not open input file: $!\n"), next REQUEST;
|
||||
$body = <INPUT>;
|
||||
close INPUT
|
||||
or warn("$input: could not close input file: $!\n"), next REQUEST;
|
||||
}
|
||||
|
||||
# Send request.
|
||||
STDERR->printflush("sending request") if $options{v};
|
||||
|
||||
my ($ts_body, $error) = get_timestamp $curl, \$body;
|
||||
if (defined($error)) {
|
||||
die "$input: fatal error: $error\n";
|
||||
}
|
||||
STDERR->printflush(", reply received") if $options{v};
|
||||
|
||||
# Write response.
|
||||
if ($output eq "-") {
|
||||
# Write to STDOUT.
|
||||
print $ts_body;
|
||||
} else {
|
||||
# Write to file.
|
||||
open OUTPUT, ">", $output
|
||||
or warn("$output: could not open output file: $!\n"), next REQUEST;
|
||||
print OUTPUT $ts_body;
|
||||
close OUTPUT
|
||||
or warn("$output: could not close output file: $!\n"), next REQUEST;
|
||||
}
|
||||
STDERR->printflush(", $output written.\n") if $options{v};
|
||||
}
|
||||
$curl->cleanup();
|
322
trunk/3rdparty/openssl-1.1-fit/apps/verify.c
vendored
Normal file
322
trunk/3rdparty/openssl-1.1-fit/apps/verify.c
vendored
Normal file
|
@ -0,0 +1,322 @@
|
|||
/*
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/x509v3.h>
|
||||
#include <openssl/pem.h>
|
||||
|
||||
static int cb(int ok, X509_STORE_CTX *ctx);
|
||||
static int check(X509_STORE *ctx, const char *file,
|
||||
STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
|
||||
STACK_OF(X509_CRL) *crls, int show_chain);
|
||||
static int v_verbose = 0, vflags = 0;
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
OPT_ENGINE, OPT_CAPATH, OPT_CAFILE, OPT_NOCAPATH, OPT_NOCAFILE,
|
||||
OPT_UNTRUSTED, OPT_TRUSTED, OPT_CRLFILE, OPT_CRL_DOWNLOAD, OPT_SHOW_CHAIN,
|
||||
OPT_V_ENUM, OPT_NAMEOPT,
|
||||
OPT_VERBOSE
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS verify_options[] = {
|
||||
{OPT_HELP_STR, 1, '-', "Usage: %s [options] cert.pem...\n"},
|
||||
{OPT_HELP_STR, 1, '-', "Valid options are:\n"},
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{"verbose", OPT_VERBOSE, '-',
|
||||
"Print extra information about the operations being performed."},
|
||||
{"CApath", OPT_CAPATH, '/', "A directory of trusted certificates"},
|
||||
{"CAfile", OPT_CAFILE, '<', "A file of trusted certificates"},
|
||||
{"no-CAfile", OPT_NOCAFILE, '-',
|
||||
"Do not load the default certificates file"},
|
||||
{"no-CApath", OPT_NOCAPATH, '-',
|
||||
"Do not load certificates from the default certificates directory"},
|
||||
{"untrusted", OPT_UNTRUSTED, '<', "A file of untrusted certificates"},
|
||||
{"trusted", OPT_TRUSTED, '<', "A file of trusted certificates"},
|
||||
{"CRLfile", OPT_CRLFILE, '<',
|
||||
"File containing one or more CRL's (in PEM format) to load"},
|
||||
{"crl_download", OPT_CRL_DOWNLOAD, '-',
|
||||
"Attempt to download CRL information for this certificate"},
|
||||
{"show_chain", OPT_SHOW_CHAIN, '-',
|
||||
"Display information about the certificate chain"},
|
||||
{"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
|
||||
OPT_V_OPTIONS,
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
|
||||
#endif
|
||||
{NULL}
|
||||
};
|
||||
|
||||
int verify_main(int argc, char **argv)
|
||||
{
|
||||
ENGINE *e = NULL;
|
||||
STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
|
||||
STACK_OF(X509_CRL) *crls = NULL;
|
||||
X509_STORE *store = NULL;
|
||||
X509_VERIFY_PARAM *vpm = NULL;
|
||||
const char *prog, *CApath = NULL, *CAfile = NULL;
|
||||
int noCApath = 0, noCAfile = 0;
|
||||
int vpmtouched = 0, crl_download = 0, show_chain = 0, i = 0, ret = 1;
|
||||
OPTION_CHOICE o;
|
||||
|
||||
if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
|
||||
goto end;
|
||||
|
||||
prog = opt_init(argc, argv, verify_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF:
|
||||
case OPT_ERR:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
case OPT_HELP:
|
||||
opt_help(verify_options);
|
||||
BIO_printf(bio_err, "Recognized usages:\n");
|
||||
for (i = 0; i < X509_PURPOSE_get_count(); i++) {
|
||||
X509_PURPOSE *ptmp;
|
||||
ptmp = X509_PURPOSE_get0(i);
|
||||
BIO_printf(bio_err, "\t%-10s\t%s\n",
|
||||
X509_PURPOSE_get0_sname(ptmp),
|
||||
X509_PURPOSE_get0_name(ptmp));
|
||||
}
|
||||
|
||||
BIO_printf(bio_err, "Recognized verify names:\n");
|
||||
for (i = 0; i < X509_VERIFY_PARAM_get_count(); i++) {
|
||||
const X509_VERIFY_PARAM *vptmp;
|
||||
vptmp = X509_VERIFY_PARAM_get0(i);
|
||||
BIO_printf(bio_err, "\t%-10s\n",
|
||||
X509_VERIFY_PARAM_get0_name(vptmp));
|
||||
}
|
||||
ret = 0;
|
||||
goto end;
|
||||
case OPT_V_CASES:
|
||||
if (!opt_verify(o, vpm))
|
||||
goto end;
|
||||
vpmtouched++;
|
||||
break;
|
||||
case OPT_CAPATH:
|
||||
CApath = opt_arg();
|
||||
break;
|
||||
case OPT_CAFILE:
|
||||
CAfile = opt_arg();
|
||||
break;
|
||||
case OPT_NOCAPATH:
|
||||
noCApath = 1;
|
||||
break;
|
||||
case OPT_NOCAFILE:
|
||||
noCAfile = 1;
|
||||
break;
|
||||
case OPT_UNTRUSTED:
|
||||
/* Zero or more times */
|
||||
if (!load_certs(opt_arg(), &untrusted, FORMAT_PEM, NULL,
|
||||
"untrusted certificates"))
|
||||
goto end;
|
||||
break;
|
||||
case OPT_TRUSTED:
|
||||
/* Zero or more times */
|
||||
noCAfile = 1;
|
||||
noCApath = 1;
|
||||
if (!load_certs(opt_arg(), &trusted, FORMAT_PEM, NULL,
|
||||
"trusted certificates"))
|
||||
goto end;
|
||||
break;
|
||||
case OPT_CRLFILE:
|
||||
/* Zero or more times */
|
||||
if (!load_crls(opt_arg(), &crls, FORMAT_PEM, NULL,
|
||||
"other CRLs"))
|
||||
goto end;
|
||||
break;
|
||||
case OPT_CRL_DOWNLOAD:
|
||||
crl_download = 1;
|
||||
break;
|
||||
case OPT_ENGINE:
|
||||
if ((e = setup_engine(opt_arg(), 0)) == NULL) {
|
||||
/* Failure message already displayed */
|
||||
goto end;
|
||||
}
|
||||
break;
|
||||
case OPT_SHOW_CHAIN:
|
||||
show_chain = 1;
|
||||
break;
|
||||
case OPT_NAMEOPT:
|
||||
if (!set_nameopt(opt_arg()))
|
||||
goto end;
|
||||
break;
|
||||
case OPT_VERBOSE:
|
||||
v_verbose = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
argc = opt_num_rest();
|
||||
argv = opt_rest();
|
||||
if (trusted != NULL && (CAfile || CApath)) {
|
||||
BIO_printf(bio_err,
|
||||
"%s: Cannot use -trusted with -CAfile or -CApath\n",
|
||||
prog);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL)
|
||||
goto end;
|
||||
X509_STORE_set_verify_cb(store, cb);
|
||||
|
||||
if (vpmtouched)
|
||||
X509_STORE_set1_param(store, vpm);
|
||||
|
||||
ERR_clear_error();
|
||||
|
||||
if (crl_download)
|
||||
store_setup_crl_download(store);
|
||||
|
||||
ret = 0;
|
||||
if (argc < 1) {
|
||||
if (check(store, NULL, untrusted, trusted, crls, show_chain) != 1)
|
||||
ret = -1;
|
||||
} else {
|
||||
for (i = 0; i < argc; i++)
|
||||
if (check(store, argv[i], untrusted, trusted, crls,
|
||||
show_chain) != 1)
|
||||
ret = -1;
|
||||
}
|
||||
|
||||
end:
|
||||
X509_VERIFY_PARAM_free(vpm);
|
||||
X509_STORE_free(store);
|
||||
sk_X509_pop_free(untrusted, X509_free);
|
||||
sk_X509_pop_free(trusted, X509_free);
|
||||
sk_X509_CRL_pop_free(crls, X509_CRL_free);
|
||||
release_engine(e);
|
||||
return (ret < 0 ? 2 : ret);
|
||||
}
|
||||
|
||||
static int check(X509_STORE *ctx, const char *file,
|
||||
STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
|
||||
STACK_OF(X509_CRL) *crls, int show_chain)
|
||||
{
|
||||
X509 *x = NULL;
|
||||
int i = 0, ret = 0;
|
||||
X509_STORE_CTX *csc;
|
||||
STACK_OF(X509) *chain = NULL;
|
||||
int num_untrusted;
|
||||
|
||||
x = load_cert(file, FORMAT_PEM, "certificate file");
|
||||
if (x == NULL)
|
||||
goto end;
|
||||
|
||||
csc = X509_STORE_CTX_new();
|
||||
if (csc == NULL) {
|
||||
printf("error %s: X.509 store context allocation failed\n",
|
||||
(file == NULL) ? "stdin" : file);
|
||||
goto end;
|
||||
}
|
||||
|
||||
X509_STORE_set_flags(ctx, vflags);
|
||||
if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) {
|
||||
X509_STORE_CTX_free(csc);
|
||||
printf("error %s: X.509 store context initialization failed\n",
|
||||
(file == NULL) ? "stdin" : file);
|
||||
goto end;
|
||||
}
|
||||
if (tchain != NULL)
|
||||
X509_STORE_CTX_set0_trusted_stack(csc, tchain);
|
||||
if (crls != NULL)
|
||||
X509_STORE_CTX_set0_crls(csc, crls);
|
||||
i = X509_verify_cert(csc);
|
||||
if (i > 0 && X509_STORE_CTX_get_error(csc) == X509_V_OK) {
|
||||
printf("%s: OK\n", (file == NULL) ? "stdin" : file);
|
||||
ret = 1;
|
||||
if (show_chain) {
|
||||
int j;
|
||||
|
||||
chain = X509_STORE_CTX_get1_chain(csc);
|
||||
num_untrusted = X509_STORE_CTX_get_num_untrusted(csc);
|
||||
printf("Chain:\n");
|
||||
for (j = 0; j < sk_X509_num(chain); j++) {
|
||||
X509 *cert = sk_X509_value(chain, j);
|
||||
printf("depth=%d: ", j);
|
||||
X509_NAME_print_ex_fp(stdout,
|
||||
X509_get_subject_name(cert),
|
||||
0, get_nameopt());
|
||||
if (j < num_untrusted)
|
||||
printf(" (untrusted)");
|
||||
printf("\n");
|
||||
}
|
||||
sk_X509_pop_free(chain, X509_free);
|
||||
}
|
||||
} else {
|
||||
printf("error %s: verification failed\n", (file == NULL) ? "stdin" : file);
|
||||
}
|
||||
X509_STORE_CTX_free(csc);
|
||||
|
||||
end:
|
||||
if (i <= 0)
|
||||
ERR_print_errors(bio_err);
|
||||
X509_free(x);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int cb(int ok, X509_STORE_CTX *ctx)
|
||||
{
|
||||
int cert_error = X509_STORE_CTX_get_error(ctx);
|
||||
X509 *current_cert = X509_STORE_CTX_get_current_cert(ctx);
|
||||
|
||||
if (!ok) {
|
||||
if (current_cert != NULL) {
|
||||
X509_NAME_print_ex(bio_err,
|
||||
X509_get_subject_name(current_cert),
|
||||
0, get_nameopt());
|
||||
BIO_printf(bio_err, "\n");
|
||||
}
|
||||
BIO_printf(bio_err, "%serror %d at %d depth lookup: %s\n",
|
||||
X509_STORE_CTX_get0_parent_ctx(ctx) ? "[CRL path] " : "",
|
||||
cert_error,
|
||||
X509_STORE_CTX_get_error_depth(ctx),
|
||||
X509_verify_cert_error_string(cert_error));
|
||||
|
||||
/*
|
||||
* Pretend that some errors are ok, so they don't stop further
|
||||
* processing of the certificate chain. Setting ok = 1 does this.
|
||||
* After X509_verify_cert() is done, we verify that there were
|
||||
* no actual errors, even if the returned value was positive.
|
||||
*/
|
||||
switch (cert_error) {
|
||||
case X509_V_ERR_NO_EXPLICIT_POLICY:
|
||||
policies_print(ctx);
|
||||
/* fall thru */
|
||||
case X509_V_ERR_CERT_HAS_EXPIRED:
|
||||
/* Continue even if the leaf is a self signed cert */
|
||||
case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
|
||||
/* Continue after extension errors too */
|
||||
case X509_V_ERR_INVALID_CA:
|
||||
case X509_V_ERR_INVALID_NON_CA:
|
||||
case X509_V_ERR_PATH_LENGTH_EXCEEDED:
|
||||
case X509_V_ERR_INVALID_PURPOSE:
|
||||
case X509_V_ERR_CRL_HAS_EXPIRED:
|
||||
case X509_V_ERR_CRL_NOT_YET_VALID:
|
||||
case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
|
||||
ok = 1;
|
||||
}
|
||||
|
||||
return ok;
|
||||
|
||||
}
|
||||
if (cert_error == X509_V_OK && ok == 2)
|
||||
policies_print(ctx);
|
||||
if (!v_verbose)
|
||||
ERR_clear_error();
|
||||
return ok;
|
||||
}
|
194
trunk/3rdparty/openssl-1.1-fit/apps/version.c
vendored
Normal file
194
trunk/3rdparty/openssl-1.1-fit/apps/version.c
vendored
Normal file
|
@ -0,0 +1,194 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/bn.h>
|
||||
#ifndef OPENSSL_NO_MD2
|
||||
# include <openssl/md2.h>
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_RC4
|
||||
# include <openssl/rc4.h>
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DES
|
||||
# include <openssl/des.h>
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_IDEA
|
||||
# include <openssl/idea.h>
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_BF
|
||||
# include <openssl/blowfish.h>
|
||||
#endif
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
OPT_B, OPT_D, OPT_E, OPT_F, OPT_O, OPT_P, OPT_V, OPT_A, OPT_R
|
||||
} OPTION_CHOICE;
|
||||
|
||||
const OPTIONS version_options[] = {
|
||||
{"help", OPT_HELP, '-', "Display this summary"},
|
||||
{"a", OPT_A, '-', "Show all data"},
|
||||
{"b", OPT_B, '-', "Show build date"},
|
||||
{"d", OPT_D, '-', "Show configuration directory"},
|
||||
{"e", OPT_E, '-', "Show engines directory"},
|
||||
{"f", OPT_F, '-', "Show compiler flags used"},
|
||||
{"o", OPT_O, '-', "Show some internal datatype options"},
|
||||
{"p", OPT_P, '-', "Show target build platform"},
|
||||
{"r", OPT_R, '-', "Show random seeding options"},
|
||||
{"v", OPT_V, '-', "Show library version"},
|
||||
{NULL}
|
||||
};
|
||||
|
||||
#if defined(OPENSSL_RAND_SEED_DEVRANDOM) || defined(OPENSSL_RAND_SEED_EGD)
|
||||
static void printlist(const char *prefix, const char **dev)
|
||||
{
|
||||
printf("%s (", prefix);
|
||||
for ( ; *dev != NULL; dev++)
|
||||
printf(" \"%s\"", *dev);
|
||||
printf(" )");
|
||||
}
|
||||
#endif
|
||||
|
||||
int version_main(int argc, char **argv)
|
||||
{
|
||||
int ret = 1, dirty = 0, seed = 0;
|
||||
int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0;
|
||||
int engdir = 0;
|
||||
char *prog;
|
||||
OPTION_CHOICE o;
|
||||
|
||||
prog = opt_init(argc, argv, version_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
switch (o) {
|
||||
case OPT_EOF:
|
||||
case OPT_ERR:
|
||||
opthelp:
|
||||
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
||||
goto end;
|
||||
case OPT_HELP:
|
||||
opt_help(version_options);
|
||||
ret = 0;
|
||||
goto end;
|
||||
case OPT_B:
|
||||
dirty = date = 1;
|
||||
break;
|
||||
case OPT_D:
|
||||
dirty = dir = 1;
|
||||
break;
|
||||
case OPT_E:
|
||||
dirty = engdir = 1;
|
||||
break;
|
||||
case OPT_F:
|
||||
dirty = cflags = 1;
|
||||
break;
|
||||
case OPT_O:
|
||||
dirty = options = 1;
|
||||
break;
|
||||
case OPT_P:
|
||||
dirty = platform = 1;
|
||||
break;
|
||||
case OPT_R:
|
||||
dirty = seed = 1;
|
||||
break;
|
||||
case OPT_V:
|
||||
dirty = version = 1;
|
||||
break;
|
||||
case OPT_A:
|
||||
seed = options = cflags = version = date = platform = dir = engdir
|
||||
= 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (opt_num_rest() != 0) {
|
||||
BIO_printf(bio_err, "Extra parameters given.\n");
|
||||
goto opthelp;
|
||||
}
|
||||
if (!dirty)
|
||||
version = 1;
|
||||
|
||||
if (version) {
|
||||
if (OpenSSL_version_num() == OPENSSL_VERSION_NUMBER)
|
||||
printf("%s\n", OpenSSL_version(OPENSSL_VERSION));
|
||||
else
|
||||
printf("%s (Library: %s)\n",
|
||||
OPENSSL_VERSION_TEXT, OpenSSL_version(OPENSSL_VERSION));
|
||||
}
|
||||
if (date)
|
||||
printf("%s\n", OpenSSL_version(OPENSSL_BUILT_ON));
|
||||
if (platform)
|
||||
printf("%s\n", OpenSSL_version(OPENSSL_PLATFORM));
|
||||
if (options) {
|
||||
printf("options: ");
|
||||
printf("%s ", BN_options());
|
||||
#ifndef OPENSSL_NO_MD2
|
||||
printf("%s ", MD2_options());
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_RC4
|
||||
printf("%s ", RC4_options());
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DES
|
||||
printf("%s ", DES_options());
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_IDEA
|
||||
printf("%s ", IDEA_options());
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_BF
|
||||
printf("%s ", BF_options());
|
||||
#endif
|
||||
printf("\n");
|
||||
}
|
||||
if (cflags)
|
||||
printf("%s\n", OpenSSL_version(OPENSSL_CFLAGS));
|
||||
if (dir)
|
||||
printf("%s\n", OpenSSL_version(OPENSSL_DIR));
|
||||
if (engdir)
|
||||
printf("%s\n", OpenSSL_version(OPENSSL_ENGINES_DIR));
|
||||
if (seed) {
|
||||
printf("Seeding source:");
|
||||
#ifdef OPENSSL_RAND_SEED_RTDSC
|
||||
printf(" rtdsc");
|
||||
#endif
|
||||
#ifdef OPENSSL_RAND_SEED_RDCPU
|
||||
printf(" rdrand ( rdseed rdrand )");
|
||||
#endif
|
||||
#ifdef OPENSSL_RAND_SEED_LIBRANDOM
|
||||
printf(" C-library-random");
|
||||
#endif
|
||||
#ifdef OPENSSL_RAND_SEED_GETRANDOM
|
||||
printf(" getrandom-syscall");
|
||||
#endif
|
||||
#ifdef OPENSSL_RAND_SEED_DEVRANDOM
|
||||
{
|
||||
static const char *dev[] = { DEVRANDOM, NULL };
|
||||
printlist(" random-device", dev);
|
||||
}
|
||||
#endif
|
||||
#ifdef OPENSSL_RAND_SEED_EGD
|
||||
{
|
||||
static const char *dev[] = { DEVRANDOM_EGD, NULL };
|
||||
printlist(" EGD", dev);
|
||||
}
|
||||
#endif
|
||||
#ifdef OPENSSL_RAND_SEED_NONE
|
||||
printf(" none");
|
||||
#endif
|
||||
#ifdef OPENSSL_RAND_SEED_OS
|
||||
printf(" os-specific");
|
||||
#endif
|
||||
printf("\n");
|
||||
}
|
||||
ret = 0;
|
||||
end:
|
||||
return ret;
|
||||
}
|
214
trunk/3rdparty/openssl-1.1-fit/apps/vms_decc_init.c
vendored
Normal file
214
trunk/3rdparty/openssl-1.1-fit/apps/vms_decc_init.c
vendored
Normal file
|
@ -0,0 +1,214 @@
|
|||
/*
|
||||
* Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#if defined( __VMS) && !defined( OPENSSL_NO_DECC_INIT) && \
|
||||
defined( __DECC) && !defined( __VAX) && (__CRTL_VER >= 70301000)
|
||||
# define USE_DECC_INIT 1
|
||||
#endif
|
||||
|
||||
#ifdef USE_DECC_INIT
|
||||
|
||||
/*
|
||||
* ----------------------------------------------------------------------
|
||||
* decc_init() On non-VAX systems, uses LIB$INITIALIZE to set a collection
|
||||
* of C RTL features without using the DECC$* logical name method.
|
||||
* ----------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
# include <stdio.h>
|
||||
# include <stdlib.h>
|
||||
# include <unixlib.h>
|
||||
|
||||
# include "apps.h"
|
||||
|
||||
/* Global storage. */
|
||||
|
||||
/* Flag to sense if decc_init() was called. */
|
||||
|
||||
int decc_init_done = -1;
|
||||
|
||||
/* Structure to hold a DECC$* feature name and its desired value. */
|
||||
|
||||
typedef struct {
|
||||
char *name;
|
||||
int value;
|
||||
} decc_feat_t;
|
||||
|
||||
/*
|
||||
* Array of DECC$* feature names and their desired values. Note:
|
||||
* DECC$ARGV_PARSE_STYLE is the urgent one.
|
||||
*/
|
||||
|
||||
decc_feat_t decc_feat_array[] = {
|
||||
/* Preserve command-line case with SET PROCESS/PARSE_STYLE=EXTENDED */
|
||||
{"DECC$ARGV_PARSE_STYLE", 1},
|
||||
|
||||
/* Preserve case for file names on ODS5 disks. */
|
||||
{"DECC$EFS_CASE_PRESERVE", 1},
|
||||
|
||||
/*
|
||||
* Enable multiple dots (and most characters) in ODS5 file names, while
|
||||
* preserving VMS-ness of ";version".
|
||||
*/
|
||||
{"DECC$EFS_CHARSET", 1},
|
||||
|
||||
/* List terminator. */
|
||||
{(char *)NULL, 0}
|
||||
};
|
||||
|
||||
|
||||
char **copy_argv(int *argc, char *argv[])
|
||||
{
|
||||
/*-
|
||||
* The note below is for historical purpose. On VMS now we always
|
||||
* copy argv "safely."
|
||||
*
|
||||
* 2011-03-22 SMS.
|
||||
* If we have 32-bit pointers everywhere, then we're safe, and
|
||||
* we bypass this mess, as on non-VMS systems.
|
||||
* Problem 1: Compaq/HP C before V7.3 always used 32-bit
|
||||
* pointers for argv[].
|
||||
* Fix 1: For a 32-bit argv[], when we're using 64-bit pointers
|
||||
* everywhere else, we always allocate and use a 64-bit
|
||||
* duplicate of argv[].
|
||||
* Problem 2: Compaq/HP C V7.3 (Alpha, IA64) before ECO1 failed
|
||||
* to NULL-terminate a 64-bit argv[]. (As this was written, the
|
||||
* compiler ECO was available only on IA64.)
|
||||
* Fix 2: Unless advised not to (VMS_TRUST_ARGV), we test a
|
||||
* 64-bit argv[argc] for NULL, and, if necessary, use a
|
||||
* (properly) NULL-terminated (64-bit) duplicate of argv[].
|
||||
* The same code is used in either case to duplicate argv[].
|
||||
* Some of these decisions could be handled in preprocessing,
|
||||
* but the code tends to get even uglier, and the penalty for
|
||||
* deciding at compile- or run-time is tiny.
|
||||
*/
|
||||
|
||||
int i, count = *argc;
|
||||
char **newargv = app_malloc(sizeof(*newargv) * (count + 1), "argv copy");
|
||||
|
||||
for (i = 0; i < count; i++)
|
||||
newargv[i] = argv[i];
|
||||
newargv[i] = NULL;
|
||||
*argc = i;
|
||||
return newargv;
|
||||
}
|
||||
|
||||
/* LIB$INITIALIZE initialization function. */
|
||||
|
||||
static void decc_init(void)
|
||||
{
|
||||
char *openssl_debug_decc_init;
|
||||
int verbose = 0;
|
||||
int feat_index;
|
||||
int feat_value;
|
||||
int feat_value_max;
|
||||
int feat_value_min;
|
||||
int i;
|
||||
int sts;
|
||||
|
||||
/* Get debug option. */
|
||||
openssl_debug_decc_init = getenv("OPENSSL_DEBUG_DECC_INIT");
|
||||
if (openssl_debug_decc_init != NULL) {
|
||||
verbose = strtol(openssl_debug_decc_init, NULL, 10);
|
||||
if (verbose <= 0) {
|
||||
verbose = 1;
|
||||
}
|
||||
}
|
||||
|
||||
/* Set the global flag to indicate that LIB$INITIALIZE worked. */
|
||||
decc_init_done = 1;
|
||||
|
||||
/* Loop through all items in the decc_feat_array[]. */
|
||||
|
||||
for (i = 0; decc_feat_array[i].name != NULL; i++) {
|
||||
/* Get the feature index. */
|
||||
feat_index = decc$feature_get_index(decc_feat_array[i].name);
|
||||
if (feat_index >= 0) {
|
||||
/* Valid item. Collect its properties. */
|
||||
feat_value = decc$feature_get_value(feat_index, 1);
|
||||
feat_value_min = decc$feature_get_value(feat_index, 2);
|
||||
feat_value_max = decc$feature_get_value(feat_index, 3);
|
||||
|
||||
/* Check the validity of our desired value. */
|
||||
if ((decc_feat_array[i].value >= feat_value_min) &&
|
||||
(decc_feat_array[i].value <= feat_value_max)) {
|
||||
/* Valid value. Set it if necessary. */
|
||||
if (feat_value != decc_feat_array[i].value) {
|
||||
sts = decc$feature_set_value(feat_index,
|
||||
1, decc_feat_array[i].value);
|
||||
|
||||
if (verbose > 1) {
|
||||
fprintf(stderr, " %s = %d, sts = %d.\n",
|
||||
decc_feat_array[i].name,
|
||||
decc_feat_array[i].value, sts);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
/* Invalid DECC feature value. */
|
||||
fprintf(stderr,
|
||||
" INVALID DECC$FEATURE VALUE, %d: %d <= %s <= %d.\n",
|
||||
feat_value,
|
||||
feat_value_min, decc_feat_array[i].name,
|
||||
feat_value_max);
|
||||
}
|
||||
} else {
|
||||
/* Invalid DECC feature name. */
|
||||
fprintf(stderr,
|
||||
" UNKNOWN DECC$FEATURE: %s.\n", decc_feat_array[i].name);
|
||||
}
|
||||
}
|
||||
|
||||
if (verbose > 0) {
|
||||
fprintf(stderr, " DECC_INIT complete.\n");
|
||||
}
|
||||
}
|
||||
|
||||
/* Get "decc_init()" into a valid, loaded LIB$INITIALIZE PSECT. */
|
||||
|
||||
# pragma nostandard
|
||||
|
||||
/*
|
||||
* Establish the LIB$INITIALIZE PSECTs, with proper alignment and other
|
||||
* attributes. Note that "nopic" is significant only on VAX.
|
||||
*/
|
||||
# pragma extern_model save
|
||||
|
||||
# if __INITIAL_POINTER_SIZE == 64
|
||||
# define PSECT_ALIGN 3
|
||||
# else
|
||||
# define PSECT_ALIGN 2
|
||||
# endif
|
||||
|
||||
# pragma extern_model strict_refdef "LIB$INITIALIZ" PSECT_ALIGN, nopic, nowrt
|
||||
const int spare[8] = { 0 };
|
||||
|
||||
# pragma extern_model strict_refdef "LIB$INITIALIZE" PSECT_ALIGN, nopic, nowrt
|
||||
void (*const x_decc_init) () = decc_init;
|
||||
|
||||
# pragma extern_model restore
|
||||
|
||||
/* Fake reference to ensure loading the LIB$INITIALIZE PSECT. */
|
||||
|
||||
# pragma extern_model save
|
||||
|
||||
int LIB$INITIALIZE(void);
|
||||
|
||||
# pragma extern_model strict_refdef
|
||||
int dmy_lib$initialize = (int)LIB$INITIALIZE;
|
||||
|
||||
# pragma extern_model restore
|
||||
|
||||
# pragma standard
|
||||
|
||||
#else /* def USE_DECC_INIT */
|
||||
|
||||
/* Dummy code to avoid a %CC-W-EMPTYFILE complaint. */
|
||||
int decc_init_dummy(void);
|
||||
|
||||
#endif /* def USE_DECC_INIT */
|
591
trunk/3rdparty/openssl-1.1-fit/apps/vms_term_sock.c
vendored
Normal file
591
trunk/3rdparty/openssl-1.1-fit/apps/vms_term_sock.c
vendored
Normal file
|
@ -0,0 +1,591 @@
|
|||
/*
|
||||
* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2016 VMS Software, Inc. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#ifdef __VMS
|
||||
# define OPENSSL_SYS_VMS
|
||||
# pragma message disable DOLLARID
|
||||
|
||||
|
||||
# include <openssl/opensslconf.h>
|
||||
|
||||
# if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
|
||||
/*
|
||||
* On VMS, you need to define this to get the declaration of fileno(). The
|
||||
* value 2 is to make sure no function defined in POSIX-2 is left undefined.
|
||||
*/
|
||||
# define _POSIX_C_SOURCE 2
|
||||
# endif
|
||||
|
||||
# include <stdio.h>
|
||||
|
||||
# undef _POSIX_C_SOURCE
|
||||
|
||||
# include <sys/types.h>
|
||||
# include <sys/socket.h>
|
||||
# include <netinet/in.h>
|
||||
# include <inet.h>
|
||||
# include <unistd.h>
|
||||
# include <string.h>
|
||||
# include <errno.h>
|
||||
# include <starlet.h>
|
||||
# include <iodef.h>
|
||||
# ifdef __alpha
|
||||
# include <iosbdef.h>
|
||||
# else
|
||||
typedef struct _iosb { /* Copied from IOSBDEF.H for Alpha */
|
||||
# pragma __nomember_alignment
|
||||
__union {
|
||||
__struct {
|
||||
unsigned short int iosb$w_status; /* Final I/O status */
|
||||
__union {
|
||||
__struct { /* 16-bit byte count variant */
|
||||
unsigned short int iosb$w_bcnt; /* 16-bit byte count */
|
||||
__union {
|
||||
unsigned int iosb$l_dev_depend; /* 32-bit device dependent info */
|
||||
unsigned int iosb$l_pid; /* 32-bit pid */
|
||||
} iosb$r_l;
|
||||
} iosb$r_bcnt_16;
|
||||
__struct { /* 32-bit byte count variant */
|
||||
unsigned int iosb$l_bcnt; /* 32-bit byte count (unaligned) */
|
||||
unsigned short int iosb$w_dev_depend_high; /* 16-bit device dependent info */
|
||||
} iosb$r_bcnt_32;
|
||||
} iosb$r_devdepend;
|
||||
} iosb$r_io_64;
|
||||
__struct {
|
||||
__union {
|
||||
unsigned int iosb$l_getxxi_status; /* Final GETxxI status */
|
||||
unsigned int iosb$l_reg_status; /* Final $Registry status */
|
||||
} iosb$r_l_status;
|
||||
unsigned int iosb$l_reserved; /* Reserved field */
|
||||
} iosb$r_get_64;
|
||||
} iosb$r_io_get;
|
||||
} IOSB;
|
||||
|
||||
# if !defined(__VAXC)
|
||||
# define iosb$w_status iosb$r_io_get.iosb$r_io_64.iosb$w_status
|
||||
# define iosb$w_bcnt iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_16.iosb$w_bcnt
|
||||
# define iosb$r_l iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_16.iosb$r_l
|
||||
# define iosb$l_dev_depend iosb$r_l.iosb$l_dev_depend
|
||||
# define iosb$l_pid iosb$r_l.iosb$l_pid
|
||||
# define iosb$l_bcnt iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_32.iosb$l_bcnt
|
||||
# define iosb$w_dev_depend_high iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_32.iosb$w_dev_depend_high
|
||||
# define iosb$l_getxxi_status iosb$r_io_get.iosb$r_get_64.iosb$r_l_status.iosb$l_getxxi_status
|
||||
# define iosb$l_reg_status iosb$r_io_get.iosb$r_get_64.iosb$r_l_status.iosb$l_reg_status
|
||||
# endif /* #if !defined(__VAXC) */
|
||||
|
||||
# endif /* End of IOSBDEF */
|
||||
|
||||
# include <efndef.h>
|
||||
# include <stdlib.h>
|
||||
# include <ssdef.h>
|
||||
# include <time.h>
|
||||
# include <stdarg.h>
|
||||
# include <descrip.h>
|
||||
|
||||
# include "vms_term_sock.h"
|
||||
|
||||
# ifdef __alpha
|
||||
static struct _iosb TerminalDeviceIosb;
|
||||
# else
|
||||
IOSB TerminalDeviceIosb;
|
||||
# endif
|
||||
|
||||
static char TerminalDeviceBuff[255 + 2];
|
||||
static int TerminalSocketPair[2] = {0, 0};
|
||||
static unsigned short TerminalDeviceChan = 0;
|
||||
|
||||
static int CreateSocketPair (int, int, int, int *);
|
||||
static void SocketPairTimeoutAst (int);
|
||||
static int TerminalDeviceAst (int);
|
||||
static void LogMessage (char *, ...);
|
||||
|
||||
/*
|
||||
** Socket Pair Timeout Value (must be 0-59 seconds)
|
||||
*/
|
||||
# define SOCKET_PAIR_TIMEOUT_VALUE 20
|
||||
|
||||
/*
|
||||
** Socket Pair Timeout Block which is passed to timeout AST
|
||||
*/
|
||||
typedef struct _SocketPairTimeoutBlock {
|
||||
unsigned short SockChan1;
|
||||
unsigned short SockChan2;
|
||||
} SPTB;
|
||||
|
||||
# ifdef TERM_SOCK_TEST
|
||||
|
||||
/*----------------------------------------------------------------------------*/
|
||||
/* */
|
||||
/*----------------------------------------------------------------------------*/
|
||||
int main (int argc, char *argv[], char *envp[])
|
||||
{
|
||||
char TermBuff[80];
|
||||
int TermSock,
|
||||
status,
|
||||
len;
|
||||
|
||||
LogMessage ("Enter 'q' or 'Q' to quit ...");
|
||||
while (strcasecmp (TermBuff, "Q")) {
|
||||
/*
|
||||
** Create the terminal socket
|
||||
*/
|
||||
status = TerminalSocket (TERM_SOCK_CREATE, &TermSock);
|
||||
if (status != TERM_SOCK_SUCCESS)
|
||||
exit (1);
|
||||
|
||||
/*
|
||||
** Process the terminal input
|
||||
*/
|
||||
LogMessage ("Waiting on terminal I/O ...\n");
|
||||
len = recv (TermSock, TermBuff, sizeof(TermBuff), 0) ;
|
||||
TermBuff[len] = '\0';
|
||||
LogMessage ("Received terminal I/O [%s]", TermBuff);
|
||||
|
||||
/*
|
||||
** Delete the terminal socket
|
||||
*/
|
||||
status = TerminalSocket (TERM_SOCK_DELETE, &TermSock);
|
||||
if (status != TERM_SOCK_SUCCESS)
|
||||
exit (1);
|
||||
}
|
||||
|
||||
return 1;
|
||||
|
||||
}
|
||||
# endif
|
||||
|
||||
/*----------------------------------------------------------------------------*/
|
||||
/* */
|
||||
/*----------------------------------------------------------------------------*/
|
||||
int TerminalSocket (int FunctionCode, int *ReturnSocket)
|
||||
{
|
||||
int status;
|
||||
$DESCRIPTOR (TerminalDeviceDesc, "SYS$COMMAND");
|
||||
|
||||
/*
|
||||
** Process the requested function code
|
||||
*/
|
||||
switch (FunctionCode) {
|
||||
case TERM_SOCK_CREATE:
|
||||
/*
|
||||
** Create a socket pair
|
||||
*/
|
||||
status = CreateSocketPair (AF_INET, SOCK_STREAM, 0, TerminalSocketPair);
|
||||
if (status == -1) {
|
||||
LogMessage ("TerminalSocket: CreateSocketPair () - %08X", status);
|
||||
if (TerminalSocketPair[0])
|
||||
close (TerminalSocketPair[0]);
|
||||
if (TerminalSocketPair[1])
|
||||
close (TerminalSocketPair[1]);
|
||||
return TERM_SOCK_FAILURE;
|
||||
}
|
||||
|
||||
/*
|
||||
** Assign a channel to the terminal device
|
||||
*/
|
||||
status = sys$assign (&TerminalDeviceDesc,
|
||||
&TerminalDeviceChan,
|
||||
0, 0, 0);
|
||||
if (! (status & 1)) {
|
||||
LogMessage ("TerminalSocket: SYS$ASSIGN () - %08X", status);
|
||||
close (TerminalSocketPair[0]);
|
||||
close (TerminalSocketPair[1]);
|
||||
return TERM_SOCK_FAILURE;
|
||||
}
|
||||
|
||||
/*
|
||||
** Queue an async IO to the terminal device
|
||||
*/
|
||||
status = sys$qio (EFN$C_ENF,
|
||||
TerminalDeviceChan,
|
||||
IO$_READVBLK,
|
||||
&TerminalDeviceIosb,
|
||||
TerminalDeviceAst,
|
||||
0,
|
||||
TerminalDeviceBuff,
|
||||
sizeof(TerminalDeviceBuff) - 2,
|
||||
0, 0, 0, 0);
|
||||
if (! (status & 1)) {
|
||||
LogMessage ("TerminalSocket: SYS$QIO () - %08X", status);
|
||||
close (TerminalSocketPair[0]);
|
||||
close (TerminalSocketPair[1]);
|
||||
return TERM_SOCK_FAILURE;
|
||||
}
|
||||
|
||||
/*
|
||||
** Return the input side of the socket pair
|
||||
*/
|
||||
*ReturnSocket = TerminalSocketPair[1];
|
||||
break;
|
||||
|
||||
case TERM_SOCK_DELETE:
|
||||
/*
|
||||
** Cancel any pending IO on the terminal channel
|
||||
*/
|
||||
status = sys$cancel (TerminalDeviceChan);
|
||||
if (! (status & 1)) {
|
||||
LogMessage ("TerminalSocket: SYS$CANCEL () - %08X", status);
|
||||
close (TerminalSocketPair[0]);
|
||||
close (TerminalSocketPair[1]);
|
||||
return TERM_SOCK_FAILURE;
|
||||
}
|
||||
|
||||
/*
|
||||
** Deassign the terminal channel
|
||||
*/
|
||||
status = sys$dassgn (TerminalDeviceChan);
|
||||
if (! (status & 1)) {
|
||||
LogMessage ("TerminalSocket: SYS$DASSGN () - %08X", status);
|
||||
close (TerminalSocketPair[0]);
|
||||
close (TerminalSocketPair[1]);
|
||||
return TERM_SOCK_FAILURE;
|
||||
}
|
||||
|
||||
/*
|
||||
** Close the terminal socket pair
|
||||
*/
|
||||
close (TerminalSocketPair[0]);
|
||||
close (TerminalSocketPair[1]);
|
||||
|
||||
/*
|
||||
** Return the initialized socket
|
||||
*/
|
||||
*ReturnSocket = 0;
|
||||
break;
|
||||
|
||||
default:
|
||||
/*
|
||||
** Invalid function code
|
||||
*/
|
||||
LogMessage ("TerminalSocket: Invalid Function Code - %d", FunctionCode);
|
||||
return TERM_SOCK_FAILURE;
|
||||
break;
|
||||
}
|
||||
|
||||
/*
|
||||
** Return success
|
||||
*/
|
||||
return TERM_SOCK_SUCCESS;
|
||||
|
||||
}
|
||||
|
||||
/*----------------------------------------------------------------------------*/
|
||||
/* */
|
||||
/*----------------------------------------------------------------------------*/
|
||||
static int CreateSocketPair (int SocketFamily,
|
||||
int SocketType,
|
||||
int SocketProtocol,
|
||||
int *SocketPair)
|
||||
{
|
||||
struct dsc$descriptor AscTimeDesc = {0, DSC$K_DTYPE_T, DSC$K_CLASS_S, NULL};
|
||||
static const char* LocalHostAddr = {"127.0.0.1"};
|
||||
unsigned short TcpAcceptChan = 0,
|
||||
TcpDeviceChan = 0;
|
||||
unsigned long BinTimeBuff[2];
|
||||
struct sockaddr_in sin;
|
||||
char AscTimeBuff[32];
|
||||
short LocalHostPort;
|
||||
int status;
|
||||
unsigned int slen;
|
||||
|
||||
# ifdef __alpha
|
||||
struct _iosb iosb;
|
||||
# else
|
||||
IOSB iosb;
|
||||
# endif
|
||||
|
||||
int SockDesc1 = 0,
|
||||
SockDesc2 = 0;
|
||||
SPTB sptb;
|
||||
$DESCRIPTOR (TcpDeviceDesc, "TCPIP$DEVICE");
|
||||
|
||||
/*
|
||||
** Create a socket
|
||||
*/
|
||||
SockDesc1 = socket (SocketFamily, SocketType, 0);
|
||||
if (SockDesc1 < 0) {
|
||||
LogMessage ("CreateSocketPair: socket () - %d", errno);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/*
|
||||
** Initialize the socket information
|
||||
*/
|
||||
slen = sizeof(sin);
|
||||
memset ((char *) &sin, 0, slen);
|
||||
sin.sin_family = SocketFamily;
|
||||
sin.sin_addr.s_addr = inet_addr (LocalHostAddr);
|
||||
sin.sin_port = 0;
|
||||
|
||||
/*
|
||||
** Bind the socket to the local IP
|
||||
*/
|
||||
status = bind (SockDesc1, (struct sockaddr *) &sin, slen);
|
||||
if (status < 0) {
|
||||
LogMessage ("CreateSocketPair: bind () - %d", errno);
|
||||
close (SockDesc1);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/*
|
||||
** Get the socket name so we can save the port number
|
||||
*/
|
||||
status = getsockname (SockDesc1, (struct sockaddr *) &sin, &slen);
|
||||
if (status < 0) {
|
||||
LogMessage ("CreateSocketPair: getsockname () - %d", errno);
|
||||
close (SockDesc1);
|
||||
return -1;
|
||||
} else
|
||||
LocalHostPort = sin.sin_port;
|
||||
|
||||
/*
|
||||
** Setup a listen for the socket
|
||||
*/
|
||||
listen (SockDesc1, 5);
|
||||
|
||||
/*
|
||||
** Get the binary (64-bit) time of the specified timeout value
|
||||
*/
|
||||
sprintf (AscTimeBuff, "0 0:0:%02d.00", SOCKET_PAIR_TIMEOUT_VALUE);
|
||||
AscTimeDesc.dsc$w_length = strlen (AscTimeBuff);
|
||||
AscTimeDesc.dsc$a_pointer = AscTimeBuff;
|
||||
status = sys$bintim (&AscTimeDesc, BinTimeBuff);
|
||||
if (! (status & 1)) {
|
||||
LogMessage ("CreateSocketPair: SYS$BINTIM () - %08X", status);
|
||||
close (SockDesc1);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/*
|
||||
** Assign another channel to the TCP/IP device for the accept.
|
||||
** This is the channel that ends up being connected to.
|
||||
*/
|
||||
status = sys$assign (&TcpDeviceDesc, &TcpDeviceChan, 0, 0, 0);
|
||||
if (! (status & 1)) {
|
||||
LogMessage ("CreateSocketPair: SYS$ASSIGN () - %08X", status);
|
||||
close (SockDesc1);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/*
|
||||
** Get the channel of the first socket for the accept
|
||||
*/
|
||||
TcpAcceptChan = decc$get_sdc (SockDesc1);
|
||||
|
||||
/*
|
||||
** Perform the accept using $QIO so we can do this asynchronously
|
||||
*/
|
||||
status = sys$qio (EFN$C_ENF,
|
||||
TcpAcceptChan,
|
||||
IO$_ACCESS | IO$M_ACCEPT,
|
||||
&iosb,
|
||||
0, 0, 0, 0, 0,
|
||||
&TcpDeviceChan,
|
||||
0, 0);
|
||||
if (! (status & 1)) {
|
||||
LogMessage ("CreateSocketPair: SYS$QIO () - %08X", status);
|
||||
close (SockDesc1);
|
||||
sys$dassgn (TcpDeviceChan);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/*
|
||||
** Create the second socket to do the connect
|
||||
*/
|
||||
SockDesc2 = socket (SocketFamily, SocketType, 0);
|
||||
if (SockDesc2 < 0) {
|
||||
LogMessage ("CreateSocketPair: socket () - %d", errno);
|
||||
sys$cancel (TcpAcceptChan);
|
||||
close (SockDesc1);
|
||||
sys$dassgn (TcpDeviceChan);
|
||||
return (-1) ;
|
||||
}
|
||||
|
||||
/*
|
||||
** Setup the Socket Pair Timeout Block
|
||||
*/
|
||||
sptb.SockChan1 = TcpAcceptChan;
|
||||
sptb.SockChan2 = decc$get_sdc (SockDesc2);
|
||||
|
||||
/*
|
||||
** Before we block on the connect, set a timer that can cancel I/O on our
|
||||
** two sockets if it never connects.
|
||||
*/
|
||||
status = sys$setimr (EFN$C_ENF,
|
||||
BinTimeBuff,
|
||||
SocketPairTimeoutAst,
|
||||
&sptb,
|
||||
0);
|
||||
if (! (status & 1)) {
|
||||
LogMessage ("CreateSocketPair: SYS$SETIMR () - %08X", status);
|
||||
sys$cancel (TcpAcceptChan);
|
||||
close (SockDesc1);
|
||||
close (SockDesc2);
|
||||
sys$dassgn (TcpDeviceChan);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/*
|
||||
** Now issue the connect
|
||||
*/
|
||||
memset ((char *) &sin, 0, sizeof(sin)) ;
|
||||
sin.sin_family = SocketFamily;
|
||||
sin.sin_addr.s_addr = inet_addr (LocalHostAddr) ;
|
||||
sin.sin_port = LocalHostPort ;
|
||||
|
||||
status = connect (SockDesc2, (struct sockaddr *) &sin, sizeof(sin));
|
||||
if (status < 0 ) {
|
||||
LogMessage ("CreateSocketPair: connect () - %d", errno);
|
||||
sys$cantim (&sptb, 0);
|
||||
sys$cancel (TcpAcceptChan);
|
||||
close (SockDesc1);
|
||||
close (SockDesc2);
|
||||
sys$dassgn (TcpDeviceChan);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/*
|
||||
** Wait for the asynch $QIO to finish. Note that if the I/O was aborted
|
||||
** (SS$_ABORT), then we probably canceled it from the AST routine - so log
|
||||
** a timeout.
|
||||
*/
|
||||
status = sys$synch (EFN$C_ENF, &iosb);
|
||||
if (! (iosb.iosb$w_status & 1)) {
|
||||
if (iosb.iosb$w_status == SS$_ABORT)
|
||||
LogMessage ("CreateSocketPair: SYS$QIO(iosb) timeout");
|
||||
else {
|
||||
LogMessage ("CreateSocketPair: SYS$QIO(iosb) - %d",
|
||||
iosb.iosb$w_status);
|
||||
sys$cantim (&sptb, 0);
|
||||
}
|
||||
close (SockDesc1);
|
||||
close (SockDesc2);
|
||||
sys$dassgn (TcpDeviceChan);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/*
|
||||
** Here we're successfully connected, so cancel the timer, convert the
|
||||
** I/O channel to a socket fd, close the listener socket and return the
|
||||
** connected pair.
|
||||
*/
|
||||
sys$cantim (&sptb, 0);
|
||||
|
||||
close (SockDesc1) ;
|
||||
SocketPair[0] = SockDesc2 ;
|
||||
SocketPair[1] = socket_fd (TcpDeviceChan);
|
||||
|
||||
return (0) ;
|
||||
|
||||
}
|
||||
|
||||
/*----------------------------------------------------------------------------*/
|
||||
/* */
|
||||
/*----------------------------------------------------------------------------*/
|
||||
static void SocketPairTimeoutAst (int astparm)
|
||||
{
|
||||
SPTB *sptb = (SPTB *) astparm;
|
||||
|
||||
sys$cancel (sptb->SockChan2); /* Cancel the connect() */
|
||||
sys$cancel (sptb->SockChan1); /* Cancel the accept() */
|
||||
|
||||
return;
|
||||
|
||||
}
|
||||
|
||||
/*----------------------------------------------------------------------------*/
|
||||
/* */
|
||||
/*----------------------------------------------------------------------------*/
|
||||
static int TerminalDeviceAst (int astparm)
|
||||
{
|
||||
int status;
|
||||
|
||||
/*
|
||||
** Terminate the terminal buffer
|
||||
*/
|
||||
TerminalDeviceBuff[TerminalDeviceIosb.iosb$w_bcnt] = '\0';
|
||||
strcat (TerminalDeviceBuff, "\n");
|
||||
|
||||
/*
|
||||
** Send the data read from the terminal device through the socket pair
|
||||
*/
|
||||
send (TerminalSocketPair[0], TerminalDeviceBuff,
|
||||
TerminalDeviceIosb.iosb$w_bcnt + 1, 0);
|
||||
|
||||
/*
|
||||
** Queue another async IO to the terminal device
|
||||
*/
|
||||
status = sys$qio (EFN$C_ENF,
|
||||
TerminalDeviceChan,
|
||||
IO$_READVBLK,
|
||||
&TerminalDeviceIosb,
|
||||
TerminalDeviceAst,
|
||||
0,
|
||||
TerminalDeviceBuff,
|
||||
sizeof(TerminalDeviceBuff) - 1,
|
||||
0, 0, 0, 0);
|
||||
|
||||
/*
|
||||
** Return status
|
||||
*/
|
||||
return status;
|
||||
|
||||
}
|
||||
|
||||
/*----------------------------------------------------------------------------*/
|
||||
/* */
|
||||
/*----------------------------------------------------------------------------*/
|
||||
static void LogMessage (char *msg, ...)
|
||||
{
|
||||
char *Month[] = {"Jan", "Feb", "Mar", "Apr", "May", "Jun",
|
||||
"Jul", "Aug", "Sep", "Oct", "Nov", "Dec"};
|
||||
static unsigned int pid = 0;
|
||||
va_list args;
|
||||
time_t CurTime;
|
||||
struct tm *LocTime;
|
||||
char MsgBuff[256];
|
||||
|
||||
/*
|
||||
** Get the process pid
|
||||
*/
|
||||
if (pid == 0)
|
||||
pid = getpid ();
|
||||
|
||||
/*
|
||||
** Convert the current time into local time
|
||||
*/
|
||||
CurTime = time (NULL);
|
||||
LocTime = localtime (&CurTime);
|
||||
|
||||
/*
|
||||
** Format the message buffer
|
||||
*/
|
||||
sprintf (MsgBuff, "%02d-%s-%04d %02d:%02d:%02d [%08X] %s\n",
|
||||
LocTime->tm_mday, Month[LocTime->tm_mon],
|
||||
(LocTime->tm_year + 1900), LocTime->tm_hour, LocTime->tm_min,
|
||||
LocTime->tm_sec, pid, msg);
|
||||
|
||||
/*
|
||||
** Get any variable arguments and add them to the print of the message
|
||||
** buffer
|
||||
*/
|
||||
va_start (args, msg);
|
||||
vfprintf (stderr, MsgBuff, args);
|
||||
va_end (args);
|
||||
|
||||
/*
|
||||
** Flush standard error output
|
||||
*/
|
||||
fsync (fileno (stderr));
|
||||
|
||||
return;
|
||||
|
||||
}
|
||||
#endif
|
31
trunk/3rdparty/openssl-1.1-fit/apps/vms_term_sock.h
vendored
Normal file
31
trunk/3rdparty/openssl-1.1-fit/apps/vms_term_sock.h
vendored
Normal file
|
@ -0,0 +1,31 @@
|
|||
/*
|
||||
* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2016 VMS Software, Inc. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#ifndef TERM_SOCK_H
|
||||
# define TERM_SOCK_H
|
||||
|
||||
/*
|
||||
** Terminal Socket Function Codes
|
||||
*/
|
||||
# define TERM_SOCK_CREATE 1
|
||||
# define TERM_SOCK_DELETE 2
|
||||
|
||||
/*
|
||||
** Terminal Socket Status Codes
|
||||
*/
|
||||
# define TERM_SOCK_FAILURE 0
|
||||
# define TERM_SOCK_SUCCESS 1
|
||||
|
||||
/*
|
||||
** Terminal Socket Prototype
|
||||
*/
|
||||
int TerminalSocket (int FunctionCode, int *ReturnSocket);
|
||||
|
||||
#endif
|
307
trunk/3rdparty/openssl-1.1-fit/apps/win32_init.c
vendored
Normal file
307
trunk/3rdparty/openssl-1.1-fit/apps/win32_init.c
vendored
Normal file
|
@ -0,0 +1,307 @@
|
|||
/*
|
||||
* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <windows.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <malloc.h>
|
||||
|
||||
#if defined(CP_UTF8)
|
||||
|
||||
static UINT saved_cp;
|
||||
static int newargc;
|
||||
static char **newargv;
|
||||
|
||||
static void cleanup(void)
|
||||
{
|
||||
int i;
|
||||
|
||||
SetConsoleOutputCP(saved_cp);
|
||||
|
||||
for (i = 0; i < newargc; i++)
|
||||
free(newargv[i]);
|
||||
|
||||
free(newargv);
|
||||
}
|
||||
|
||||
/*
|
||||
* Incrementally [re]allocate newargv and keep it NULL-terminated.
|
||||
*/
|
||||
static int validate_argv(int argc)
|
||||
{
|
||||
static int size = 0;
|
||||
|
||||
if (argc >= size) {
|
||||
char **ptr;
|
||||
|
||||
while (argc >= size)
|
||||
size += 64;
|
||||
|
||||
ptr = realloc(newargv, size * sizeof(newargv[0]));
|
||||
if (ptr == NULL)
|
||||
return 0;
|
||||
|
||||
(newargv = ptr)[argc] = NULL;
|
||||
} else {
|
||||
newargv[argc] = NULL;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int process_glob(WCHAR *wstr, int wlen)
|
||||
{
|
||||
int i, slash, udlen;
|
||||
WCHAR saved_char;
|
||||
WIN32_FIND_DATAW data;
|
||||
HANDLE h;
|
||||
|
||||
/*
|
||||
* Note that we support wildcard characters only in filename part
|
||||
* of the path, and not in directories. Windows users are used to
|
||||
* this, that's why recursive glob processing is not implemented.
|
||||
*/
|
||||
/*
|
||||
* Start by looking for last slash or backslash, ...
|
||||
*/
|
||||
for (slash = 0, i = 0; i < wlen; i++)
|
||||
if (wstr[i] == L'/' || wstr[i] == L'\\')
|
||||
slash = i + 1;
|
||||
/*
|
||||
* ... then look for asterisk or question mark in the file name.
|
||||
*/
|
||||
for (i = slash; i < wlen; i++)
|
||||
if (wstr[i] == L'*' || wstr[i] == L'?')
|
||||
break;
|
||||
|
||||
if (i == wlen)
|
||||
return 0; /* definitely not a glob */
|
||||
|
||||
saved_char = wstr[wlen];
|
||||
wstr[wlen] = L'\0';
|
||||
h = FindFirstFileW(wstr, &data);
|
||||
wstr[wlen] = saved_char;
|
||||
if (h == INVALID_HANDLE_VALUE)
|
||||
return 0; /* not a valid glob, just pass... */
|
||||
|
||||
if (slash)
|
||||
udlen = WideCharToMultiByte(CP_UTF8, 0, wstr, slash,
|
||||
NULL, 0, NULL, NULL);
|
||||
else
|
||||
udlen = 0;
|
||||
|
||||
do {
|
||||
int uflen;
|
||||
char *arg;
|
||||
|
||||
/*
|
||||
* skip over . and ..
|
||||
*/
|
||||
if (data.cFileName[0] == L'.') {
|
||||
if ((data.cFileName[1] == L'\0') ||
|
||||
(data.cFileName[1] == L'.' && data.cFileName[2] == L'\0'))
|
||||
continue;
|
||||
}
|
||||
|
||||
if (!validate_argv(newargc + 1))
|
||||
break;
|
||||
|
||||
/*
|
||||
* -1 below means "scan for trailing '\0' *and* count it",
|
||||
* so that |uflen| covers even trailing '\0'.
|
||||
*/
|
||||
uflen = WideCharToMultiByte(CP_UTF8, 0, data.cFileName, -1,
|
||||
NULL, 0, NULL, NULL);
|
||||
|
||||
arg = malloc(udlen + uflen);
|
||||
if (arg == NULL)
|
||||
break;
|
||||
|
||||
if (udlen)
|
||||
WideCharToMultiByte(CP_UTF8, 0, wstr, slash,
|
||||
arg, udlen, NULL, NULL);
|
||||
|
||||
WideCharToMultiByte(CP_UTF8, 0, data.cFileName, -1,
|
||||
arg + udlen, uflen, NULL, NULL);
|
||||
|
||||
newargv[newargc++] = arg;
|
||||
} while (FindNextFileW(h, &data));
|
||||
|
||||
CloseHandle(h);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
void win32_utf8argv(int *argc, char **argv[])
|
||||
{
|
||||
const WCHAR *wcmdline;
|
||||
WCHAR *warg, *wend, *p;
|
||||
int wlen, ulen, valid = 1;
|
||||
char *arg;
|
||||
|
||||
if (GetEnvironmentVariableW(L"OPENSSL_WIN32_UTF8", NULL, 0) == 0)
|
||||
return;
|
||||
|
||||
newargc = 0;
|
||||
newargv = NULL;
|
||||
if (!validate_argv(newargc))
|
||||
return;
|
||||
|
||||
wcmdline = GetCommandLineW();
|
||||
if (wcmdline == NULL) return;
|
||||
|
||||
/*
|
||||
* make a copy of the command line, since we might have to modify it...
|
||||
*/
|
||||
wlen = wcslen(wcmdline);
|
||||
p = _alloca((wlen + 1) * sizeof(WCHAR));
|
||||
wcscpy(p, wcmdline);
|
||||
|
||||
while (*p != L'\0') {
|
||||
int in_quote = 0;
|
||||
|
||||
if (*p == L' ' || *p == L'\t') {
|
||||
p++; /* skip over white spaces */
|
||||
continue;
|
||||
}
|
||||
|
||||
/*
|
||||
* Note: because we may need to fiddle with the number of backslashes,
|
||||
* the argument string is copied into itself. This is safe because
|
||||
* the number of characters will never expand.
|
||||
*/
|
||||
warg = wend = p;
|
||||
while (*p != L'\0'
|
||||
&& (in_quote || (*p != L' ' && *p != L'\t'))) {
|
||||
switch (*p) {
|
||||
case L'\\':
|
||||
/*
|
||||
* Microsoft documentation on how backslashes are treated
|
||||
* is:
|
||||
*
|
||||
* + Backslashes are interpreted literally, unless they
|
||||
* immediately precede a double quotation mark.
|
||||
* + If an even number of backslashes is followed by a double
|
||||
* quotation mark, one backslash is placed in the argv array
|
||||
* for every pair of backslashes, and the double quotation
|
||||
* mark is interpreted as a string delimiter.
|
||||
* + If an odd number of backslashes is followed by a double
|
||||
* quotation mark, one backslash is placed in the argv array
|
||||
* for every pair of backslashes, and the double quotation
|
||||
* mark is "escaped" by the remaining backslash, causing a
|
||||
* literal double quotation mark (") to be placed in argv.
|
||||
*
|
||||
* Ref: https://msdn.microsoft.com/en-us/library/17w5ykft.aspx
|
||||
*
|
||||
* Though referred page doesn't mention it, multiple qouble
|
||||
* quotes are also special. Pair of double quotes in quoted
|
||||
* string is counted as single double quote.
|
||||
*/
|
||||
{
|
||||
const WCHAR *q = p;
|
||||
int i;
|
||||
|
||||
while (*p == L'\\')
|
||||
p++;
|
||||
|
||||
if (*p == L'"') {
|
||||
int i;
|
||||
|
||||
for (i = (p - q) / 2; i > 0; i--)
|
||||
*wend++ = L'\\';
|
||||
|
||||
/*
|
||||
* if odd amount of backslashes before the quote,
|
||||
* said quote is part of the argument, not a delimiter
|
||||
*/
|
||||
if ((p - q) % 2 == 1)
|
||||
*wend++ = *p++;
|
||||
} else {
|
||||
for (i = p - q; i > 0; i--)
|
||||
*wend++ = L'\\';
|
||||
}
|
||||
}
|
||||
break;
|
||||
case L'"':
|
||||
/*
|
||||
* Without the preceding backslash (or when preceded with an
|
||||
* even number of backslashes), the double quote is a simple
|
||||
* string delimiter and just slightly change the parsing state
|
||||
*/
|
||||
if (in_quote && p[1] == L'"')
|
||||
*wend++ = *p++;
|
||||
else
|
||||
in_quote = !in_quote;
|
||||
p++;
|
||||
break;
|
||||
default:
|
||||
/*
|
||||
* Any other non-delimiter character is just taken verbatim
|
||||
*/
|
||||
*wend++ = *p++;
|
||||
}
|
||||
}
|
||||
|
||||
wlen = wend - warg;
|
||||
|
||||
if (wlen == 0 || !process_glob(warg, wlen)) {
|
||||
if (!validate_argv(newargc + 1)) {
|
||||
valid = 0;
|
||||
break;
|
||||
}
|
||||
|
||||
ulen = 0;
|
||||
if (wlen > 0) {
|
||||
ulen = WideCharToMultiByte(CP_UTF8, 0, warg, wlen,
|
||||
NULL, 0, NULL, NULL);
|
||||
if (ulen <= 0)
|
||||
continue;
|
||||
}
|
||||
|
||||
arg = malloc(ulen + 1);
|
||||
if (arg == NULL) {
|
||||
valid = 0;
|
||||
break;
|
||||
}
|
||||
|
||||
if (wlen > 0)
|
||||
WideCharToMultiByte(CP_UTF8, 0, warg, wlen,
|
||||
arg, ulen, NULL, NULL);
|
||||
arg[ulen] = '\0';
|
||||
|
||||
newargv[newargc++] = arg;
|
||||
}
|
||||
}
|
||||
|
||||
if (valid) {
|
||||
saved_cp = GetConsoleOutputCP();
|
||||
SetConsoleOutputCP(CP_UTF8);
|
||||
|
||||
*argc = newargc;
|
||||
*argv = newargv;
|
||||
|
||||
atexit(cleanup);
|
||||
} else if (newargv != NULL) {
|
||||
int i;
|
||||
|
||||
for (i = 0; i < newargc; i++)
|
||||
free(newargv[i]);
|
||||
|
||||
free(newargv);
|
||||
|
||||
newargc = 0;
|
||||
newargv = NULL;
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
#else
|
||||
void win32_utf8argv(int *argc, char **argv[])
|
||||
{ return; }
|
||||
#endif
|
1196
trunk/3rdparty/openssl-1.1-fit/apps/x509.c
vendored
Normal file
1196
trunk/3rdparty/openssl-1.1-fit/apps/x509.c
vendored
Normal file
File diff suppressed because it is too large
Load diff
Loading…
Add table
Add a link
Reference in a new issue